Skip to content

System Requirements for Docker in GCP#

Hardware#

Virtual Machine Instance with minimum of 8 Cores, 32GB RAM & 100GB SSD (e2-standard-8 Machine).

Software#

The following packages would be required on your instance as per your operating system:

  • yum and rpm (RHEL/CentOS/Oracle)
  • zypper and php_curl (SLES)
  • apt (Debian/Ubuntu)
  • ssh, curl, tar, wget and gcc*
  • OpenSSL (v1.01, build 16 or later)
  • Python (with python-devel*)
  • Docker and Docker Compose
  • User account with sudo permissions

Network#

  • Selinux, firewall/iptables should be disabled to allow communication.
  • List of ports that can be configured for inbound and outbound connections. To know more about the service ports, see Ports of Privacera Services.

IAM Policy and Permissions#

When creating a service account, assign the following permissions to a predefined or custom role to grant access to Privacera services. For more information, refer to the Google documentation on understanding roles and how to add role permissions to a service account.

Permissions for Pubsubrole
  • pubsub.subscriptions.consume
  • pubsub.subscriptions.get
  • pubsub.topics.publish
  • pubsub.subscriptions.create
  • pubsub.subscriptions.list
  • pubsub.subscriptions.update
  • pubsub.topics.attachSubscription
  • pubsub.topics.detachSubscription
  • pubsub.topics.get
  • pubsub.topics.list
  • pubsub.topics.update
  • pubsub.topics.updateTag
  • resourcemanager.projects.get
  • serviceusage.services.get
Permissions for Bigtable
  • bigtable.tables.list
  • bigtable.tables.mutateRows
  • bigtable.tables.readRows
  • monitoring.metricDescriptors.list
  • bigtable.clusters.get
  • bigtable.clusters.list
  • bigtable.clusters.update
  • bigtable.instances.get
  • bigtable.instances.getIamPolicy
  • bigtable.instances.list
  • bigtable.instances.setIamPolicy
  • bigtable.tables.checkConsistency
  • bigtable.tables.create
  • bigtable.tables.delete
  • bigtable.tables.generateConsistencyToken
  • bigtable.tables.get
  • bigtable.tables.getIamPolicy
  • bigtable.tables.sampleRowKeys
  • bigtable.tables.setIamPolicy
  • bigtable.tables.update
  • monitoring.metricDescriptors.get
  • monitoring.timeSeries.list
  • resourcemanager.projects.get
Permissions for BigQuery
  • bigquery.datasets.get
  • bigquery.datasets.getIamPolicy
  • bigquery.jobs.create
  • bigquery.models.getData
  • bigquery.models.getMetadata
  • bigquery.models.list
  • bigquery.routines.get
  • bigquery.routines.list
  • bigquery.tables.export
  • bigquery.tables.get
  • bigquery.tables.getData
  • bigquery.tables.getIamPolicy
  • bigquery.tables.list
  • resourcemanager.projects.get
Permissions for CloudSQLClient
  • cloudsql.instances.connect
  • cloudsql.instances.get
Permissions for Private Logs Viewer
  • logging.logEntries.list
  • logging.privateLogEntries.list
  • logging.buckets.get
  • logging.buckets.list
  • logging.exclusions.get
  • logging.exclusions.list
  • logging.locations.get
  • logging.locations.list
  • logging.logMetrics.get
  • logging.logMetrics.list
  • logging.logs.list
  • logging.logServiceIndexes.list
  • logging.logServices.list
  • logging.queries.create
  • logging.queries.delete
  • logging.queries.get
  • logging.queries.list
  • logging.queries.listShared
  • logging.queries.update
  • logging.sinks.get
  • logging.sinks.list
  • logging.usage.get
  • logging.views.access
  • logging.views.get
  • logging.views.list
  • resourcemanager.projects.get
Permissions for GCS_Custom_Conf
  • serviceusage.services.use
  • storage.buckets.get
  • storage.buckets.list
  • storage.objects.create
  • storage.objects.delete
  • storage.objects.get
  • storage.objects.list
  • firebase.projects.get
  • resourcemanager.projects.get
  • storage.objects.update

Install Docker and Docker Compose#

  1. Log on to your Privacera host as gcp-user or a user with 'sudo' privileges.

  2. Install Docker on the VM.

    Run the following command.

    sudo yum install -y wget
    sudo yum install -y docker
    sudo vi /etc/sysconfig/docker
    

    Update the OPTIONS variable with the following:

    OPTIONS="--default-ulimit nofile=1024000:1024000"
    

    Run the following command.

    sudo service docker start
    sudo usermod -a -G docker $VM_USER
    

    Errors

    If you are seeing any errors during install, see possible error messages and actions.

  3. Install Docker Compose

    If Docker Compose is not configured in Ansible, then run the following commands:

    DOCKER_COMPOSE_VERSION="1.23.2"
    sudo  curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
    sudo chmod +x /usr/local/bin/docker-compose