Skip to main content

Privacera Documentation

Privacera Platform system requirements for Docker in GCP

There are various requirements for Docker in GCP:

Hardware requirements

Virtual Machine Instance with minimum of 8 Cores, 32GB RAM & 100GB SSD (e2-standard-8 Machine).

Software requirements

The following packages would be required on your instance as per your operating system:

  • yum and rpm (RHEL/CentOS/Oracle)

  • zypper and php_curl (SLES)

  • apt (Debian/Ubuntu)

  • ssh, curl, tar, wget and gcc*

  • OpenSSL (v1.01, build 16 or later)

  • Python (with python-devel*)

  • Docker and Docker Compose

  • User account with sudo permissions

Network requirements

  • Selinux, firewall/iptables should be disabled to allow communication.

  • List of ports that can be configured for inbound and outbound connections. To know more about the service ports, see Default Privacera Platform port numbers.

AWS IAM policy and permissions

When creating a service account, assign the following permissions to a predefined or custom role to grant access to Privacera services. For more information, refer to the Google documentation on understanding roles and how to add role permissions to a service account.

Permissions for Pubsubrole
  • pubsub.subscriptions.consume

  • pubsub.subscriptions.get

  • pubsub.topics.publish

  • pubsub.subscriptions.create

  • pubsub.subscriptions.list

  • pubsub.subscriptions.update

  • pubsub.topics.attachSubscription

  • pubsub.topics.detachSubscription

  • pubsub.topics.get

  • pubsub.topics.list

  • pubsub.topics.update

  • pubsub.topics.updateTag

  • resourcemanager.projects.get

  • serviceusage.services.get

Permissions for Bigtable
  • bigtable.tables.list

  • bigtable.tables.mutateRows

  • bigtable.tables.readRows

  • monitoring.metricDescriptors.list

  • bigtable.clusters.get

  • bigtable.clusters.list

  • bigtable.clusters.update

  • bigtable.instances.get

  • bigtable.instances.getIamPolicy

  • bigtable.instances.list

  • bigtable.instances.setIamPolicy

  • bigtable.tables.checkConsistency

  • bigtable.tables.create

  • bigtable.tables.delete

  • bigtable.tables.generateConsistencyToken

  • bigtable.tables.get

  • bigtable.tables.getIamPolicy

  • bigtable.tables.sampleRowKeys

  • bigtable.tables.setIamPolicy

  • bigtable.tables.update

  • monitoring.metricDescriptors.get

  • monitoring.timeSeries.list

  • resourcemanager.projects.get

Permissions for BigQuery
  • bigquery.datasets.get

  • bigquery.datasets.getIamPolicy

  • bigquery.jobs.create

  • bigquery.models.getData

  • bigquery.models.getMetadata

  • bigquery.models.list

  • bigquery.routines.get

  • bigquery.routines.list

  • bigquery.tables.export

  • bigquery.tables.get

  • bigquery.tables.getData

  • bigquery.tables.getIamPolicy

  • bigquery.tables.list

  • resourcemanager.projects.get

Permissions for CloudSQLClient
  • cloudsql.instances.connect

  • cloudsql.instances.get

Permissions for Private Logs Viewer
  • logging.logEntries.list

  • logging.privateLogEntries.list

  • logging.buckets.get

  • logging.buckets.list

  • logging.exclusions.get

  • logging.exclusions.list

  • logging.locations.get

  • logging.locations.list

  • logging.logMetrics.get

  • logging.logMetrics.list

  • logging.logs.list

  • logging.logServiceIndexes.list

  • logging.logServices.list

  • logging.queries.create

  • logging.queries.delete

  • logging.queries.get

  • logging.queries.list

  • logging.queries.listShared

  • logging.queries.update

  • logging.sinks.get

  • logging.sinks.list

  • logging.usage.get

  • logging.views.access

  • logging.views.get

  • logging.views.list

  • resourcemanager.projects.get

Permissions for GCS_Custom_Conf
  • serviceusage.services.use

  • storage.buckets.get

  • storage.buckets.list

  • storage.objects.create

  • storage.objects.delete

  • storage.objects.get

  • storage.objects.list

  • firebase.projects.get

  • resourcemanager.projects.get

  • storage.objects.update

Install Docker and Docker compose

  1. Log on to your Privacera host as gcp-user or a user with 'sudo' privileges.

  2. Install Docker on the VM.

    sudo yum install -y wget 
    sudo yum install -y docker sudo vi /etc/sysconfig/docker
  3. Update the OPTIONS variable with the following:

    OPTIONS="--default-ulimit nofile=1024000:1024000"
  4. Run the following command:

    sudo service docker start 
    sudo usermod -a -G docker $VM_USER
  5. Install Docker Compose

    If Docker Compose is not configured in Ansible, then run the following commands:

    DOCKER_COMPOSE_VERSION="1.23.2"
    sudo  curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
    sudo chmod +x /usr/local/bin/docker-composeDOCKER_COMPOSE_VERSION="1.23.2" sudo curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose