Skip to content

System Requirements for Docker in GCP#

Hardware#

Virtual Machine Instance with minimum of 8 Cores, 32GB RAM & 100GB SSD (e2-standard-8 Machine).

Software#

The following packages would be required on your instance as per your operating system:

  • yum and rpm (RHEL/CentOS/Oracle)
  • zypper and php_curl (SLES)
  • apt (Debian/Ubuntu)
  • ssh, curl, tar, wget and gcc*
  • OpenSSL (v1.01, build 16 or later)
  • Python (with python-devel*)
  • Docker and Docker Compose
  • User account with sudo permissions

Network#

  • Selinux, firewall/iptables should be disabled to allow communication.
  • List of ports that can be configured for inbound & outbound connections. To know more about the service ports, click here.

IAM Policy and Permissions#

When creating a service account, assign the following permissions to a predefined or custom role to grant access to Privacera services. For more information, refer to the Google documentation on understanding roles and how to add role permissions to a service account.

Permissions for Pubsubrole
  • pubsub.subscriptions.consume
  • pubsub.subscriptions.get
  • pubsub.topics.publish
  • pubsub.subscriptions.create
  • pubsub.subscriptions.list
  • pubsub.subscriptions.update
  • pubsub.topics.attachSubscription
  • pubsub.topics.detachSubscription
  • pubsub.topics.get
  • pubsub.topics.list
  • pubsub.topics.update
  • pubsub.topics.updateTag
  • resourcemanager.projects.get
  • serviceusage.services.get
Permissions for Bigtable
  • bigtable.tables.list
  • bigtable.tables.mutateRows
  • bigtable.tables.readRows
  • monitoring.metricDescriptors.list
  • bigtable.clusters.get
  • bigtable.clusters.list
  • bigtable.clusters.update
  • bigtable.instances.get
  • bigtable.instances.getIamPolicy
  • bigtable.instances.list
  • bigtable.instances.setIamPolicy
  • bigtable.tables.checkConsistency
  • bigtable.tables.create
  • bigtable.tables.delete
  • bigtable.tables.generateConsistencyToken
  • bigtable.tables.get
  • bigtable.tables.getIamPolicy
  • bigtable.tables.sampleRowKeys
  • bigtable.tables.setIamPolicy
  • bigtable.tables.update
  • monitoring.metricDescriptors.get
  • monitoring.timeSeries.list
  • resourcemanager.projects.get
Permissions for BigQuery
  • bigquery.datasets.get
  • bigquery.datasets.getIamPolicy
  • bigquery.jobs.create
  • bigquery.models.getData
  • bigquery.models.getMetadata
  • bigquery.models.list
  • bigquery.routines.get
  • bigquery.routines.list
  • bigquery.tables.export
  • bigquery.tables.get
  • bigquery.tables.getData
  • bigquery.tables.getIamPolicy
  • bigquery.tables.list
  • resourcemanager.projects.get
Permissions for CloudSQLClient
  • cloudsql.instances.connect
  • cloudsql.instances.get
Permissions for Private Logs Viewer
  • logging.logEntries.list
  • logging.privateLogEntries.list
  • logging.buckets.get
  • logging.buckets.list
  • logging.exclusions.get
  • logging.exclusions.list
  • logging.locations.get
  • logging.locations.list
  • logging.logMetrics.get
  • logging.logMetrics.list
  • logging.logs.list
  • logging.logServiceIndexes.list
  • logging.logServices.list
  • logging.queries.create
  • logging.queries.delete
  • logging.queries.get
  • logging.queries.list
  • logging.queries.listShared
  • logging.queries.update
  • logging.sinks.get
  • logging.sinks.list
  • logging.usage.get
  • logging.views.access
  • logging.views.get
  • logging.views.list
  • resourcemanager.projects.get
Permissions for GCS_Custom_Conf
  • serviceusage.services.use
  • storage.buckets.get
  • storage.buckets.list
  • storage.objects.create
  • storage.objects.delete
  • storage.objects.get
  • storage.objects.list
  • firebase.projects.get
  • resourcemanager.projects.get
  • storage.objects.update

Install Docker and Docker Compose#

  1. Log on to your Privacera host as gcp-user or a user with 'sudo' privileges.

  2. Install Docker on the VM.

    Run the following command.

    sudo yum install -y wget
    sudo yum install -y docker
    sudo vi /etc/sysconfig/docker
    

    Update the OPTIONS variable with the following:

    OPTIONS="--default-ulimit nofile=1024000:1024000"
    

    Run the following command.

    sudo service docker start
    sudo usermod -a -G docker $VM_USER
    

    Note

    Do the following, if you see any of the following issues:

    Error message: "usermod: group ‘docker’ does not exist"
    1. Run the following command to check if “docker” is added to groups.

      id
      
    2. If you find ‘dockerroot’, instead of ‘docker’, edit or create /etc/docker/daemon.json.

      { 
          "group": "dockerroot"
      }
      
    3. Run the following.

      sudo usermod -aG dockerroot ${USER_NAME}
      sudo service docker restart
      
    Repository is unavailable or subscription manager is not found in the CentOS base
    1. Open the config file.

      sudo vi /etc/yum/pluginconf.d/subscription-manager.conf
      
    2. Disable the subscription manager.

      [main]
      enabled=0
      
    SELinux Enabled
    1. Verify the status of SELinux. If it is enforcing, you need to disable it.

      getenforce
      
    2. Run the following.

      sudo vi /etc/selinux/config
      
    3. To disable SELinux, set the following line.

      SELINUX=disabled
      
    4. Reboot the system.

      sudo reboot
      
  3. Install Docker Compose

    If Docker Compose is not configured in Ansible, then run the following commands:

    DOCKER_COMPOSE_VERSION="1.23.2"
    sudo  curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
    sudo chmod +x /usr/local/bin/docker-compose
    

Last update: October 4, 2021