Skip to content

Latest commit

 

History

History
224 lines (159 loc) · 17.8 KB

gcp.md

File metadata and controls

224 lines (159 loc) · 17.8 KB
Raw
copyright lastupdated keywords subcollection
years
2020, 2023
2023-07-21
satellite, hybrid, multicloud, gcp, google cloud platform
satellite

{{site.data.keyword.attribute-definition-list}}

Google Cloud Platform (GCP)

{: #gcp}

Learn how you can set up an {{site.data.keyword.satellitelong_notm}} location with virtual instances that you created in Google Cloud Platform (GCP). {: shortdesc}

If your hosts are running Red Hat CoreOS (RHCOS), you must manually attach them to your location. {: note}

Automating your GCP location setup with a {{site.data.keyword.bpshort}} template

{: #gcp-template}

Automate your GCP setup with templates that use {{site.data.keyword.bplong}} to create a {{site.data.keyword.satelliteshort}} location, provision hosts in your GCP account, and set up the {{site.data.keyword.satelliteshort}} location control plane for you. {: shortdesc}

You can clone and modify these Terraform templates from the Satellite Terraform GitHub repository{: external}. Or, you can manually attach GCP hosts to a {{site.data.keyword.satelliteshort}} location. {: tip}

Before you begin, make sure that you have the correct {{site.data.keyword.cloud_notm}} permissions to create locations, including to {{site.data.keyword.satelliteshort}} and {{site.data.keyword.bpshort}}. To create the template and manage its resources, {{site.data.keyword.satelliteshort}} automatically creates an {{site.data.keyword.cloud_notm}} IAM API key. You can optionally provide the value of an existing API key that has the correct permissions in the same account.

Do not reuse the same name for multiple locations, even after the other location is deleted. If you use the same name 5 times or more within 7 days, you might reach the Let's Encrypt Duplicate Certificate rate limit. {: note}

  1. In your GCP cloud provider, set up your account credentials.
  2. From the {{site.data.keyword.satelliteshort}} console{: external}, click Create location.
  3. In the Get started section, click GCP Quick Start.
  4. Upload your GCP credentials file.
  5. Review the GCP environment details that are automatically populated. By default, enough VMs are created to provide hosts for 1 small location that can run about 2 demo clusters. To change the subscription, region, instance type, or number of VMs for the hosts, click the Edit pencil icon.
  6. Review the Satellite location details. If you edited the GCP environment details, you might want to click the Edit pencil icon to change details such as the description, API key, or {{site.data.keyword.cloud_notm}} multizone region that the location is managed from.
  7. In the Summary pane, review the cost estimate.
  8. Click Create location. Your location might take about 30 minutes to finish provisioning.
  9. Optional: To review the provisioning progress, review the logs in the {{site.data.keyword.bpshort}} workspace that is automatically created for you.
    1. Click Manage in Schematics. If you see an error, navigate to the {{site.data.keyword.bpshort}} workspaces console{: external} and click the name of your workspace, such as us.east.cartOrder....
    2. From the Activity tab, find the current activity row and click View log to review the log details.
    3. Wait for the {{site.data.keyword.bpshort}} action to finish and the workspace to enter an Active state.
  10. Optional: If you need to setup SSH access to your hosts in GCP, see Choose your access method{: external} in the Google documentation. GCP recommends using the OS Login technology. You can also use the gcloud CLI or the built-in SSH client in the web UI to access your VMs.

The GCP VPC created by the Quick Start template does not have port 22 open externally for SSH and so you might need to add a firewall rule before you can use SSH. If you add a firewall rule to open port 22 externally, you must remove this firewall rule before you specify the Destroy resources option in {{site.data.keyword.bpshort}} to clean up your location. {: note}

Well done, your {{site.data.keyword.satelliteshort}} location is creating! You can review the {{site.data.keyword.satelliteshort}} console{: external} to see when your location is in a Normal state and ready to use.

The following resources are created by the template in the resource group of your GCP cloud subscription.

  • 1 virtual network that spans the region.
  • 1 network security group to meet the host networking requirements for {{site.data.keyword.satelliteshort}}.
  • 1 virtual machine running RHEL 8 for each host that you specified, spread evenly across the region. By default, 6 virtual machines are created.
  • 1 network interface for each virtual machine.
  • 1 disk for each virtual machine.

The following resources are created by the template in your {{site.data.keyword.cloud_notm}} account.

  • 1 {{site.data.keyword.satelliteshort}} location.
  • 3 {{site.data.keyword.satelliteshort}} hosts that represent the virtual machines in GCP, attached to the location and assigned to the {{site.data.keyword.satelliteshort}} location control plane.
  • 3 {{site.data.keyword.satelliteshort}} hosts that represent the virtual machines in GCP, attached to the location, unassigned, and available to use for services, such as a {{site.data.keyword.redhat_openshift_notm}} cluster. If you added more than 6 hosts, the additional hosts are unassigned and available for use in the control plane or by services.

If you are using this template for demonstration purposes, do not assign all your hosts to your control plane. Hosts that are assigned to the control plane cannot be used for other purposes, such as worker nodes for your cluster. For more information, see Understanding {{site.data.keyword.satelliteshort}} locations. {: note}

What's next?

The {{site.data.keyword.bpshort}} template helped with the initial creation, but you are in control for subsequent location management actions, such as attaching more hosts, creating {{site.data.keyword.satelliteshort}} clusters, or scaling the {{site.data.keyword.satelliteshort}} location control plane. If you remove your {{site.data.keyword.satelliteshort}} location, make sure to remove your workspace in {{site.data.keyword.bpshort}}, too.

Manually adding hosts to {{site.data.keyword.satelliteshort}} in the GCP console

{: #gcp-host-attach}

You can create your {{site.data.keyword.satelliteshort}} location by using hosts that you added from Google Cloud Platform (GCP). {: shortdesc}

If you want to use Red Hat CoreOS (RHCOS) hosts in your location, provide your RHCOS image file to your Google account. For more information, see Creating custom images{: external}. To find RHCOS images, see the list of available images. Note that you must use at least version 4.9. {: important}

All hosts that you want to add must meet the general host requirements, such as the RHEL 7 or 8 packages and networking setup. For more information, see Host requirements. {: note}

Before you begin, create a {{site.data.keyword.satelliteshort}} location.

  1. From the {{site.data.keyword.satelliteshort}} console{: external}, select the location where you want to add GCP hosts.

  2. Retrieve the host registration script that you must run on your hosts to make them visible to your {{site.data.keyword.satellitelong_notm}} location.

    1. From the Hosts tab, click Attach host.
    2. Optional: Enter any host labels that are used later to automatically assign hosts to {{site.data.keyword.satelliteshort}}-enabled {{site.data.keyword.cloud_notm}} services in the location. Labels must be provided as key-value pairs, and must match the request from the service. For example, you might have host labels such as env=prod or service=database. By default, your hosts get a cpu label, but you might want to add more to control the auto assignment, such as env=prod or service=database.
    3. Enter a file name for your script or use the name that is generated for you.
    4. Click Download script to generate the host script and download the script to your local machine. Note that the token in the script is an API key, which should be treated and protected as sensitive information.

  3. RHEL hosts only Open the registration script. After the API_URL line, add a section to pull the required RHEL packages with the subscription manager.

    # Enable GCP RHEL package updates
yum update --disablerepo=* --enablerepo="*" -y
yum repolist all
yum install container-selinux -y
yum install subscription-manager -y

    {: codeblock}

  4. From the GCP main menu{: external}, navigate to the Compute Engine dashboard and select Instance templates.

  5. Click Create instance template.

  6. Enter the details for your instance template as follows.

    For an overview of available options when creating an instance template, see the GCP documentation{: external}. {: tip}

    1. Enter a name for your instance template.
    2. In the Machine configuration section, select the Series and Machine type that you want to use. You can select any series that you want, but make sure that the machine type meets the minimum host requirements for CPU and memory.
    3. In the Boot disk section, click Change to change the default operating system and boot disk size. Make sure to select Red Hat Enterprise Linux 7 or 8 as your operating system for Red Hat Enterprise Linux or the Red Hat CoreOS image that you provided earlier and to change your boot disk size to a minimum of 100 GB.
    4. Optional: If you want your machines to allow HTTP and HTTPS traffic, select Allow HTTP traffic and Allow HTTPS traffic from the Firewall section of your instance template.
    5. Click Management, security, disks, networking, sole tenancy to view additional networking and security settings.
    6. In the Management tab, locate the Startup script field and enter the registration script that you modified earlier.
    7. In the Networking tab, choose the network that you want your instances to be connected to. This network must allow access to {{site.data.keyword.satellitelong_notm}} as described in Firewall settings. You can check and change the firewall settings for your network in the next step.
    8. Click Create to save your instance template.

  7. Optional: Update the firewall settings for the network that you assigned to your instance template. 9. From the GCP main menu{: external}, navigate to the VPC Network dashboard and select Firewall. 10. Verify that your network allows access as describe in the Network firewall settings. Make changes as necessary.

  8. From the GCP Compute Engine dashboard, select Instance templates and find the instance template that you created.

  9. From the actions menu, click Create VM to create an instance from your template. You can alternatively click Create Instance Group to create an instance group to add multiple instances at the same time. Make sure that you spread your instances across multiple zones for higher availability.

  10. Wait for the instance to create. During the creation of your instance, the registration script runs automatically. This process takes a few minutes to complete. You can monitor the progress of the script by reviewing the logs for your instance. Check that your hosts are shown in the Hosts tab of your {{site.data.keyword.satelliteshort}} console{: external}. All hosts show a Health status of Ready when a connection to the machine can be established, and a Status of Unassigned as the hosts are not yet assigned to your {{site.data.keyword.satelliteshort}} location control plane or a {{site.data.keyword.openshiftlong_notm}} cluster.

  11. Assign your GCP hosts to the {{site.data.keyword.satelliteshort}} location control plane or a {{site.data.keyword.openshiftlong_notm}} cluster.

Manually ordering hosts with the gcloud CLI

{: #gcp-manual-cli}

When you order your instances, pass the --metadata-from-file user-data option and include your attach script. For more information, see the gcloud compute instances create command reference{: external}.

Example command to order and attach GCP VMs to your {{site.data.keyword.satelliteshort}} location.

gcloud compute instances create INSTANCE-1 INSTANCE-2 INSTANCE-3 --machine-type=n2-standard-8 --source-instance-template INSTANCE-TEMPLATE --metadata-from-file user-data=ATTACH-SCRIPT-LOCATION --zone ZONE --image-family=IMAGE-FAMILY --image-project=IMAGE-PROJECT

{: pre}

Network firewall settings

{: #gcp-reqs-firewall}

As described in the host networking requirements, your GCP hosts must have access to connect to {{site.data.keyword.satellitelong_notm}}. You might find that you need to update your firewall settings in GCP, similar to the following example. {: shortdesc}

Network default

Priority 1000

Direction Ingress

Action on match Allow

Targets
Target tags
satellite

Source filters
IP ranges
0.0.0.0/0

Protocols and ports
tcp:80
tcp:443
tcp:30000-32767
udp:30000-32767

{: screen}

For more information, see VPC firewall rules overview{: external} in the Google Cloud Platform documentation.

Google Cloud Platform credentials

{: #infra-creds-gcp}

Retrieve the Google Cloud Platform (GCP) credentials that {{site.data.keyword.satelliteshort}} can use to create {{site.data.keyword.satelliteshort}} resources in your GCP cloud on your behalf. {: shortdesc}

  1. Create a service account and service account key{: external} with at least the required GCP permissions. As part of creating the service account, a JSON key file is downloaded to your local machine.
  2. Open the JSON key file on your local machine, and verify that the format matches the following example. You can provide this JSON key file as your GCP credentials for actions such as creating a {{site.data.keyword.satelliteshort}} location. 
    {
    "type":"string",
    "project_id":"string",
    "private_key_id": "string",
    "private_key": "string",
    "client_email": "string",
    "client_id": "string",
    "auth_uri": "string",
    "token_uri": "string",
    "auth_provider_x509_cert_url": "string",
    "client_x509_cert_url": "string"
}
    {: screen}

I created a {{site.data.keyword.satelliteshort}} location, what's next?

{: #gcp-whats-next}

Now that your {{site.data.keyword.satelliteshort}} location is set up, you are ready to start using {{site.data.keyword.cloud_notm}} services. {: shortdesc}

  1. Add compute capacity to your location by attaching more hosts to the location so that you can run {{site.data.keyword.satelliteshort}}-enabled {{site.data.keyword.cloud_notm}} service.
  2. Create a {{site.data.keyword.satelliteshort}}-enabled {{site.data.keyword.cloud_notm}} service, such as a {{site.data.keyword.redhat_openshift_notm}} cluster. You assign the additional hosts that you previously attached as worker nodes to provide the compute power for the cluster. You can even register existing {{site.data.keyword.redhat_openshift_notm}} clusters to your location to use as deployment targets.
  3. Manage your applications with {{site.data.keyword.satelliteshort}} Config.
  4. Create {{site.data.keyword.satelliteshort}} cluster storage templates.
  5. Learn more about the {{site.data.keyword.satelliteshort}} Link component and how you can use endpoints to manage the network traffic between your location and {{site.data.keyword.cloud_notm}}.

Need help? Check out Getting support where you can find information about cloud status, issues, and logging; contacting support; and setting your email notification preferences for {{site.data.keyword.cloud_notm}} platform-related items.