GCP - lballesterosm/turbo_notes GitHub Wiki

Working Progress....

Requirements

To add GCP as target, you need to complete the following requisites:

  • Administrator rights on the GCP portal/Organization.
  • Administrator access on Turbonomic platform.
  • Communication through 80, 443 TCP port bidirectional from Turbonomic server to Internet or specific GCP URLs:
  • cloudresourcemanager.googleapis.com
  • cloudbilling.googleapis.com
  • compute.googleapis.com
  • monitoring.googleapis.com
  • bigquery.googleapis.com

Configuration on GCP

Semi-automated way

You can use this script to configure GCP at Project level: TurboConfig

To use the script:

  1. Download your script to your local machine.
  2. On the GCP homepage, select the GCP project that you want to use.

image

  1. In the right side click con Cloud Shell button.
  2. In the upright side of the Cloud Shell, click to select upload.

image

  1. Choose turboconfig.sh file and then upload
  2. In the Cloud shell console, run:

chmod +x turboconfig.sh

./turboconfig.sh -s turbonomicsc -r TurboRole

  1. At the end, download the turbokf.json file and to Turbonomic GCP target configuration.

Manual Way

API Enablement

  1. Login on the GCP portal with administrator rights.
  2. Select a project in the combo box.
  3. In the left side, click on APIs and services and then on Library.
  4. On the search box type Cloud Resource Management API
  5. Click on the Enable button
  6. Repeat the process for:
  • Cloud Resource Manager API
  • Cloud Billing API
  • BigQuery API
  • Compute Engine API

Service Account

  1. Login on the GCP portal with administrator rights.
  2. Select a project in the combo box.
  3. In the left side, click on IAM & Admin and then click on Service Accounts.
  4. In the top-center of the page, clic on +Create Service Account.
  5. In the Service account name type turbonomicsc
  6. At bottom of service account ID box, click on copy button of the email address, and then click in Done.

Important

Copy the email address of the service account, as we will need that in a later step.

  1. Click on the Service Account email address, click the KEYS tab, Add Key, select Create Key, select JSON and then click CREATE

Important:

This will automatically download a JSON file to your system. We will need this in a later step for targeting

Create Custom Role at project level

  1. Login on the GCP portal with administrator rights.
  2. Select your Project in the combo box.
  3. In the left side, click on IAM & Admin and then click on Roles.
  4. Click on +Create Role.
  5. In Create Role enter:

Title: Turbonomic Custom Role Project Access ID: TurboRole Role Launch State: Alpha

  1. Click on Add Permissions
  2. Search and mark the following permissions:
  • compute.commitments.list
  • compute.disks.get
  • compute.disks.list
  • compute.diskTypes.list
  • compute.instances.get
  • compute.instances.list
  • compute.instanceGroupManagers.get
  • compute.instanceGroupManagers.list
  • compute.instanceGroup.get
  • compute.instanceGroup.list
  • compute.machineTypes.get
  • compute.machineTypes.list
  • compute.regions.list
  • compute.zones.list
  • container.clusters.get
  • logging.logEntries.list
  • logging.views.list
  • logging.views.get
  • monitoring.services.get
  • monitoring.services.list
  • monitoring.timeSeries.list
  • resourcemanager.projects.get
  • serviceusage.services.get

Assing Service Account and Role at project level

  1. Login on the GCP portal with administrator rights.
  2. Select your Project in the combo box.
  3. In the left side, click on IAM & Admin and then click on IAM.
  4. Click on Grant Access.
  5. On Add principals click, type the service account email address.
  6. On Assign Roles, select Turbonomic Custom Role Project Access
  7. Click on Save.
  8. Go to the Turbonomic GCP target configuration

Custom Role at organization level

  1. Login on the GCP portal with administrator rights.
  2. Select your Organisation in the combo box.
  3. In the left side, click on IAM & Admin and then click on Roles.
  4. In Create Role enter:

Title: Turbonomic Custom Role Org Access ID: TurboRoleOrg Role Launch State: General Availability

  1. Click on Add Permissions
  2. Search and mark the following permissions:
  • billing.account.list
  • billing.resourceAssociations.list
  • compute.disks.get
  • compute.disks.list
  • compute.diskTypes.list
  • compute.instances.get
  • compute.instances.list
  • compute.instanceGroupManagers.get
  • compute.instanceGroupManagers.list
  • compute.instanceGroup.get
  • compute.instanceGroup.list
  • compute.machineTypes.get
  • compute.machineTypes.list
  • compute.regions.list
  • compute.zones.list
  • container.clusters.get
  • logging.logEntries.list
  • logging.views.list
  • logging.views.get
  • monitoring.services.get
  • monitoring.services.list
  • monitoring.timeSeries.list
  • resourcemanager.folders.get
  • resourcemanager.folders.list
  • resourcemanager.organizations.get
  • resourcemanager.projects.get
  • resourcemanager.projects.list
  • serviceusage.services.get

Role Assignement

  1. Login on the GCP portal with administrator rights.
  2. Select your Organisation in the combo box.
  3. In the left side, click on IAM & Admin and then click on IAM
  4. Click on the Add button and type:

New principals: "service account e-mail" Role: Billing Account Viewer

  1. Click on the Save button.

Setup Billing

  1. Login on the GCP portal with administrator rights.
  2. Select your Organisation in the combo box.
  3. In the left side, click on Billing -> Billing export
  4. Under each section click on EDIT SETTINGS, make sure you have the Project you created selected, then create a new Data set if there isn’t one to use and select it for use.

Note:

Data set needs to be created in the US region. Wait at least one hour before to configure the GCP target on Turbonomic.

Turbonomic GCP target configuration

To add GCP as target on Turbonomic portal:

  1. Login to the Turbonomic portal, using admin credentials.
  2. In the left side, click on Settings

  1. In the Turbonomic Settings Windows, clic on Target Configuration

  1. At top-right, click on New Target button
  2. In the Choose Target Category, click on Public Cloud

  1. In the Choose Target Type windows, click on GCP
  2. Enter the Display Name and JSON content of the service account.
  3. At top-right, click on New Target button
  4. In the Choose Target Category, click on Public Cloud

  1. In the Choose Target Type windows, click on GCP Billing
  2. Enter the Display Name and JSON content of the service account.
  3. Wait until the validation process ends (green bar in the left) or check for errors (clicking in the arrow at the right). In case you need to edit/change this target, you can click on the name of the target and you will see the target configuration again.

Troubleshooting

If the validation process fail, you can see this link: Troubleshooting