Skip to content

System Requirements for Docker in GCP

Hardware

Virtual Machine Instance with minimum of 8 Cores, 32GB RAM & 100GB SSD (e2-standard-8 Machine).

Software

The following packages would be required on your instance as per your operating system:

  • yum and rpm (RHEL/CentOS/Oracle)
  • zypper and php_curl (SLES)
  • apt (Debian/Ubuntu)
  • ssh, curl, tar, wget and gcc*
  • OpenSSL (v1.01, build 16 or later)
  • Python (with python-devel*)
  • Docker and Docker Compose
  • User account with sudo permissions

Network

  • Selinux, firewall/iptables should be disabled to allow communication.
  • List of ports that can be configured for inbound and outbound connections. To know more about the service ports, see Ports of Privacera Services.

IAM Policy and Permissions

When creating a service account, assign the following permissions to a predefined or custom role to grant access to Privacera services. For more information, refer to the Google documentation on understanding roles and how to add role permissions to a service account.

Permissions for Pubsubrole
  • pubsub.subscriptions.consume
  • pubsub.subscriptions.get
  • pubsub.topics.publish
  • pubsub.subscriptions.create
  • pubsub.subscriptions.list
  • pubsub.subscriptions.update
  • pubsub.topics.attachSubscription
  • pubsub.topics.detachSubscription
  • pubsub.topics.get
  • pubsub.topics.list
  • pubsub.topics.update
  • pubsub.topics.updateTag
  • resourcemanager.projects.get
  • serviceusage.services.get
Permissions for Bigtable
  • bigtable.tables.list
  • bigtable.tables.mutateRows
  • bigtable.tables.readRows
  • monitoring.metricDescriptors.list
  • bigtable.clusters.get
  • bigtable.clusters.list
  • bigtable.clusters.update
  • bigtable.instances.get
  • bigtable.instances.getIamPolicy
  • bigtable.instances.list
  • bigtable.instances.setIamPolicy
  • bigtable.tables.checkConsistency
  • bigtable.tables.create
  • bigtable.tables.delete
  • bigtable.tables.generateConsistencyToken
  • bigtable.tables.get
  • bigtable.tables.getIamPolicy
  • bigtable.tables.sampleRowKeys
  • bigtable.tables.setIamPolicy
  • bigtable.tables.update
  • monitoring.metricDescriptors.get
  • monitoring.timeSeries.list
  • resourcemanager.projects.get
Permissions for BigQuery
  • bigquery.datasets.get
  • bigquery.datasets.getIamPolicy
  • bigquery.jobs.create
  • bigquery.models.getData
  • bigquery.models.getMetadata
  • bigquery.models.list
  • bigquery.routines.get
  • bigquery.routines.list
  • bigquery.tables.export
  • bigquery.tables.get
  • bigquery.tables.getData
  • bigquery.tables.getIamPolicy
  • bigquery.tables.list
  • resourcemanager.projects.get
Permissions for CloudSQLClient
  • cloudsql.instances.connect
  • cloudsql.instances.get
Permissions for Private Logs Viewer
  • logging.logEntries.list
  • logging.privateLogEntries.list
  • logging.buckets.get
  • logging.buckets.list
  • logging.exclusions.get
  • logging.exclusions.list
  • logging.locations.get
  • logging.locations.list
  • logging.logMetrics.get
  • logging.logMetrics.list
  • logging.logs.list
  • logging.logServiceIndexes.list
  • logging.logServices.list
  • logging.queries.create
  • logging.queries.delete
  • logging.queries.get
  • logging.queries.list
  • logging.queries.listShared
  • logging.queries.update
  • logging.sinks.get
  • logging.sinks.list
  • logging.usage.get
  • logging.views.access
  • logging.views.get
  • logging.views.list
  • resourcemanager.projects.get
Permissions for GCS_Custom_Conf
  • serviceusage.services.use
  • storage.buckets.get
  • storage.buckets.list
  • storage.objects.create
  • storage.objects.delete
  • storage.objects.get
  • storage.objects.list
  • firebase.projects.get
  • resourcemanager.projects.get
  • storage.objects.update

Install Docker and Docker Compose

  1. Log on to your Privacera host as gcp-user or a user with 'sudo' privileges.

  2. Install Docker on the VM.

    Run the following command.

    sudo yum install -y wget
sudo yum install -y docker
sudo vi /etc/sysconfig/docker

    Update the OPTIONS variable with the following:

    OPTIONS="--default-ulimit nofile=1024000:1024000"

    Run the following command.

    sudo service docker start
sudo usermod -a -G docker $VM_USER

    Errors

    If you are seeing any errors during install, see possible error messages and actions.

  3. Install Docker Compose

    If Docker Compose is not configured in Ansible, then run the following commands:

    DOCKER_COMPOSE_VERSION="1.23.2"
sudo  curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose