System Requirements for Docker in GCP#
Hardware#
Virtual Machine Instance with minimum of 8 Cores, 32GB RAM & 100GB SSD (e2-standard-8 Machine).
Software#
The following packages would be required on your instance as per your operating system:
- yum and rpm (RHEL/CentOS/Oracle)
- zypper and php_curl (SLES)
- apt (Debian/Ubuntu)
- ssh, curl, tar, wget and gcc*
- OpenSSL (v1.01, build 16 or later)
- Python (with python-devel*)
- Docker and Docker Compose
- User account with sudo permissions
Network#
- Selinux, firewall/iptables should be disabled to allow communication.
- List of ports that can be configured for inbound and outbound connections. To know more about the service ports, see Ports of Privacera Services.
IAM Policy and Permissions#
When creating a service account, assign the following permissions to a predefined or custom role to grant access to Privacera services. For more information, refer to the Google documentation on understanding roles and how to add role permissions to a service account.
Permissions for Pubsubrole
- pubsub.subscriptions.consume
- pubsub.subscriptions.get
- pubsub.topics.publish
- pubsub.subscriptions.create
- pubsub.subscriptions.list
- pubsub.subscriptions.update
- pubsub.topics.attachSubscription
- pubsub.topics.detachSubscription
- pubsub.topics.get
- pubsub.topics.list
- pubsub.topics.update
- pubsub.topics.updateTag
- resourcemanager.projects.get
- serviceusage.services.get
Permissions for Bigtable
- bigtable.tables.list
- bigtable.tables.mutateRows
- bigtable.tables.readRows
- monitoring.metricDescriptors.list
- bigtable.clusters.get
- bigtable.clusters.list
- bigtable.clusters.update
- bigtable.instances.get
- bigtable.instances.getIamPolicy
- bigtable.instances.list
- bigtable.instances.setIamPolicy
- bigtable.tables.checkConsistency
- bigtable.tables.create
- bigtable.tables.delete
- bigtable.tables.generateConsistencyToken
- bigtable.tables.get
- bigtable.tables.getIamPolicy
- bigtable.tables.sampleRowKeys
- bigtable.tables.setIamPolicy
- bigtable.tables.update
- monitoring.metricDescriptors.get
- monitoring.timeSeries.list
- resourcemanager.projects.get
Permissions for BigQuery
- bigquery.datasets.get
- bigquery.datasets.getIamPolicy
- bigquery.jobs.create
- bigquery.models.getData
- bigquery.models.getMetadata
- bigquery.models.list
- bigquery.routines.get
- bigquery.routines.list
- bigquery.tables.export
- bigquery.tables.get
- bigquery.tables.getData
- bigquery.tables.getIamPolicy
- bigquery.tables.list
- resourcemanager.projects.get
Permissions for CloudSQLClient
- cloudsql.instances.connect
- cloudsql.instances.get
Permissions for Private Logs Viewer
- logging.logEntries.list
- logging.privateLogEntries.list
- logging.buckets.get
- logging.buckets.list
- logging.exclusions.get
- logging.exclusions.list
- logging.locations.get
- logging.locations.list
- logging.logMetrics.get
- logging.logMetrics.list
- logging.logs.list
- logging.logServiceIndexes.list
- logging.logServices.list
- logging.queries.create
- logging.queries.delete
- logging.queries.get
- logging.queries.list
- logging.queries.listShared
- logging.queries.update
- logging.sinks.get
- logging.sinks.list
- logging.usage.get
- logging.views.access
- logging.views.get
- logging.views.list
- resourcemanager.projects.get
Permissions for GCS_Custom_Conf
- serviceusage.services.use
- storage.buckets.get
- storage.buckets.list
- storage.objects.create
- storage.objects.delete
- storage.objects.get
- storage.objects.list
- firebase.projects.get
- resourcemanager.projects.get
- storage.objects.update
Install Docker and Docker Compose#
-
Log on to your Privacera host as gcp-user or a user with 'sudo' privileges.
-
Install Docker on the VM.
Run the following command.
sudo yum install -y wget sudo yum install -y docker sudo vi /etc/sysconfig/docker
Update the OPTIONS variable with the following:
OPTIONS="--default-ulimit nofile=1024000:1024000"
Run the following command.
sudo service docker start sudo usermod -a -G docker $VM_USER
Errors
If you are seeing any errors during install, see possible error messages and actions.
-
Install Docker Compose
If Docker Compose is not configured in Ansible, then run the following commands:
DOCKER_COMPOSE_VERSION="1.23.2" sudo curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose