Skip to main content

Privacera Platform master publication

GCP
:
System requirements for Docker in GCP
Hardware

Virtual Machine Instance with minimum of 8 Cores, 32GB RAM & 100GB SSD (e2-standard-8 Machine).

Software

The following packages would be required on your instance as per your operating system:

  • yum and rpm (RHEL/CentOS/Oracle)

  • zypper and php_curl (SLES)

  • apt (Debian/Ubuntu)

  • ssh, curl, tar, wget and gcc*

  • OpenSSL (v1.01, build 16 or later)

  • Python (with python-devel*)

  • Docker and Docker Compose

  • User account with sudo permissions

Network
  • Selinux, firewall/iptables should be disabled to allow communication.

  • List of ports that can be configured for inbound and outbound connections. To know more about the service ports, see Ports of Privacera Services.

IAM policy and permissions

When creating a service account, assign the following permissions to a predefined or custom role to grant access to Privacera services. For more information, refer to the Google documentation on understanding roles and how to add role permissions to a service account.

Permissions for Pubsubrole
  • pubsub.subscriptions.consume

  • pubsub.subscriptions.get

  • pubsub.topics.publish

  • pubsub.subscriptions.create

  • pubsub.subscriptions.list

  • pubsub.subscriptions.update

  • pubsub.topics.attachSubscription

  • pubsub.topics.detachSubscription

  • pubsub.topics.get

  • pubsub.topics.list

  • pubsub.topics.update

  • pubsub.topics.updateTag

  • resourcemanager.projects.get

  • serviceusage.services.get

Permissions for Bigtable
  • bigtable.tables.list

  • bigtable.tables.mutateRows

  • bigtable.tables.readRows

  • monitoring.metricDescriptors.list

  • bigtable.clusters.get

  • bigtable.clusters.list

  • bigtable.clusters.update

  • bigtable.instances.get

  • bigtable.instances.getIamPolicy

  • bigtable.instances.list

  • bigtable.instances.setIamPolicy

  • bigtable.tables.checkConsistency

  • bigtable.tables.create

  • bigtable.tables.delete

  • bigtable.tables.generateConsistencyToken

  • bigtable.tables.get

  • bigtable.tables.getIamPolicy

  • bigtable.tables.sampleRowKeys

  • bigtable.tables.setIamPolicy

  • bigtable.tables.update

  • monitoring.metricDescriptors.get

  • monitoring.timeSeries.list

  • resourcemanager.projects.get

Permissions for BigQuery
  • bigquery.datasets.get

  • bigquery.datasets.getIamPolicy

  • bigquery.jobs.create

  • bigquery.models.getData

  • bigquery.models.getMetadata

  • bigquery.models.list

  • bigquery.routines.get

  • bigquery.routines.list

  • bigquery.tables.export

  • bigquery.tables.get

  • bigquery.tables.getData

  • bigquery.tables.getIamPolicy

  • bigquery.tables.list

  • resourcemanager.projects.get

Permissions for CloudSQLClient
  • cloudsql.instances.connect

  • cloudsql.instances.get

Permissions for Private Logs Viewer
  • logging.logEntries.list

  • logging.privateLogEntries.list

  • logging.buckets.get

  • logging.buckets.list

  • logging.exclusions.get

  • logging.exclusions.list

  • logging.locations.get

  • logging.locations.list

  • logging.logMetrics.get

  • logging.logMetrics.list

  • logging.logs.list

  • logging.logServiceIndexes.list

  • logging.logServices.list

  • logging.queries.create

  • logging.queries.delete

  • logging.queries.get

  • logging.queries.list

  • logging.queries.listShared

  • logging.queries.update

  • logging.sinks.get

  • logging.sinks.list

  • logging.usage.get

  • logging.views.access

  • logging.views.get

  • logging.views.list

  • resourcemanager.projects.get

Permissions for GCS_Custom_Conf
  • serviceusage.services.use

  • storage.buckets.get

  • storage.buckets.list

  • storage.objects.create

  • storage.objects.delete

  • storage.objects.get

  • storage.objects.list

  • firebase.projects.get

  • resourcemanager.projects.get

  • storage.objects.update

Install Docker and Docker compose
  1. Log on to your Privacera host as gcp-user or a user with 'sudo' privileges.

  2. Install Docker on the VM.

    sudo yum install -y wget 
    sudo yum install -y docker sudo vi /etc/sysconfig/docker

    Update the OPTIONS variable with the following:

    OPTIONS="--default-ulimit nofile=1024000:1024000"

    Run the following command.

    sudo service docker start 
    sudo usermod -a -G docker $VM_USER
  3. Install Docker Compose

    If Docker Compose is not configured in Ansible, then run the following commands:

    DOCKER_COMPOSE_VERSION="1.23.2"
    sudo  curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
    sudo chmod +x /usr/local/bin/docker-composeDOCKER_COMPOSE_VERSION="1.23.2" sudo curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose