CloudCenter 4.8 has reached End of Life (EOL) as of November 14, 2018. See End of Support Notices for additional context.

Configure Google Cloud

Be aware that these screen captures may change based on the Google Cloud platform changes. They are provided in this section as a point of reference.

Prerequisites

Before mapping a Google cloud on the CloudCenter platform, verify the following Google requirements:

  • A valid Google Cloud Platform account with Project Owner permissions

  • If using the XPN network feature, you also required XPN Admin permissions (see https://cloud.google.com/compute/docs/xpn/provisioning-xpn for additional context).

  • The CloudCenter platform appends the network name with an unique ID to form the firewall rule name, the network name can be a maximum of 24 (network name) + 39 (unique ID) = 63 total characters. For example: abcdefghijklmnopqrstuvwx-c3f-462828f37a06acd3ee194716bfe10de0

  • Enable the following APIs for each Google cloud account where you will be adding to CloudCenter platform:

    • Google Compute Engine API

    • Google Cloud Resource Manager API

    The following image depicts the Google portal to enabled APIs:

  • Launch the CCO in the same cloud region as the Google cloud and create an Instance in the Google cloud on the Google Cloud Platform console:

    • Select CentOS7 as the OS image in the Boot Disk field and increase the Size of the disk as required (see Phase 1: Prepare InfrastructureHardware Requirements for additional context).

    • Access the newly-created instance and edit it to add Custom metadata.

      Google Instances are identified by their instanceName, projectId, and zone in a CloudCenter configuration.

      • The nodeId is used for the instanceName

      • The instance metadata contains the projectId, zone, and vmId.

      The vmId is a unique identifier but it is not used for any VM operation, just for the metadata purposes. See VM Management  for additional context.

       Custom Metadata Details

      Add the sourceImageKey and provide any name.

    • Navigate to the following screen on the Google Cloud Platform:

      • Name: Provide any name as required.

      • Network: Default (CloudCenter does not support Custom networks in this field).

      • Source IP ranges: 0.0.0.0/0 (this is an example, be sure to provide secure IP ranges as required by your environment).

      • Allowed protocols and ports: tcp:80;tcp:443 (this is an example, be sure to provide the ports and protocols for your environment).

      • Target Tags: This field is REQUIRED for CloudCenter configurations. If you are launching the CCO instance, add cco as the tag.

      • Create the newly created firewall rule and ensure that it is added to the list:

    • In the Compute Engine Dashboard, access the VM instance that you launched and apply the firewall rule tag (in this example cco) to this VM Instance.

       

    • GCP Project ID: This is the project ID associated with the account used to log into GCP.

      Effective CloudCenter 4.8.1

      The Project ID for Google Cloud account setting is optional.

      The Project ID selected in the cloud settings section of the Deploy form is where the VM is deployed.


      Effective CloudCenter 4.7.3, the CloudCenter platform additionally supports Google's beta Cross-Project Network (XPN) feature where you can share multiple projects across the same network. The typical use case for the XPN support is multiple departments having their own projects across the same network. In this use case, one department creates the XPN Host Project and network and then shares the network with the other departments (XPN Service Projects).

      • The CloudCenter platform requires the following settings in GCP for the XPN host project:

        • Setup one of the GCP projects as an XPN project:

        • The XPN project must be within your organization (as displayed by the image on the right).

            

        • The project must be enabled as the XPN host and shared subnetworks must be assigned.

             

        • The service projects must display the shared subnetworks:

    • GCP Service Account Email Address: The email address for the Service account associated with this project.

       Retrieve Email Address

      To retrieve this email address, follow this procedure:

      • Navigate to the Google Cloud Platform's Manage project settings screen.

      • In the IAM & Admin section locate the required Service Account name.

      • If you do not have an existing Service account, create it now (when you select a role for this account, select Owner, to ensure that you have full access to all resources):

      • Identify the Service account ID as highlighted in the following image. This Service account ID is required for the GCP Service Account Email Address field in the CCM UI.

    • GCP Service Account PK Filename: Create a new key at this point and copy it as this key is never displayed again. This new name for the P12 file is required for the GCP Service Account PK Filename field in the CCM UI.

       GCP Service Account PK Filename Reference
      • From the IAM & Admin page, locate the Service account that you configured above:

      • Retrieve the key if it is already created. If it is not created, click the icon corresponding to this Service account ID and select the Create Key option:

      • Change the file format for this key to P12 and create the file for this private key.

      • Note the name that was automatically assigned for this file. If you do not note it down, you may need to create a new key.

      • Change the name of this file in your download location to ensure easy reference:

    • Based on the above prerequisites, note the following details and have them handy to enter into the CCM UI as specified during the Configuration Process identified below–these details will differ based on the project being a single project or a XPN project:

      • The GCP Email Address (the email used to log into GCP)

      • The GCP Service Account Email Address (the Service account ID for this project)

        If you use shared networks from the XPN host project, be sure to add the following Google-specific roles to the service account on the XPN host project: Compute Security Admin role and Compute Network User role. Both roles are mandatory.

      • The GCP Project ID for this account (the Project ID for this account)

      • The GCP Service Account PK Filename (the downloaded key file name)

Configuration Process

To configure the logical mapping for a Google cloud, follow this procedure.

  1. Access the CCM UI > Admin > Clouds > Add Cloud in the CCM UI main menu.
     
  2. Select the Google Cloud Platform option, provide a Name and Description for this cloud, and click Save.
  3. Locate the newly-added cloud and click the Add Cloud Account link. The Add Cloud Account pop-up displays:

    1. Assign a new cloud name.

      Tip

      The name should not contain any space, dash, or special characters.

    2. Add the following Cloud Credentials associated with your Google account and click Save.

      These details will differ based on the project being a single project or a shared XPN project.

      The location of these details in GCP are identified in Prerequisites section above

      FieldDescription (CloudCenter 4.7.2x and earlier)XPN Project Nuances (CloudCenter 4.7.3)
      GCP Email AddressThe email address that you used to log into the GCP account.
      GCP Service Account Email AddressThe Google API Key.The Google API Key associated with the XPN project.
      GCP Service Account PK File NameThe name of the P12 key file.The P12 key associated with the XPN project.
      GCP Project IDThe ID associated with the account used to log into GCP.The ID associated with the XPN project.
      User NetworkThis optional field allows you to identify the Google user network details and does not influence the cloud configuration in any way.Not used.
  4. Click the Regions tab.

  5. Before you add a new region, you need to add the Google Cloud Platform key in the CCO instance as well.

    This step is important – each time you add an account to the Google Cloud Platform cloud, you must ensure to create a new key for that account in Google Cloud Platform and then add the P12 key to the CCO instance at this point, before configuring the region.


    1. Navigate to the /usr/local/osmosix/ folder.

    2. Create a folder called /gce

    3. In the /usr/local/osmosix/gce folder, create a folder calls keys.

    4. Download the .p12 file to the /usr/local/osmosix/gce/keys folder.

    5. Insert the Google Cloud Platform P12 key file name at the end of the path: /usr/local/osmosix/gce/keys/addKeyFileNamehere

    6. After you download the key, ensure that the owner and group permissions for the folders and the p12 files are cliqruser and cliqruser.

      chown –R cliqruser:cliqruser /usr/local/osmosix/gce
  6. Click the Regions tab to add a cloud region.
    1. Click Add Cloud Regions.
    2. Select the required regions for this cloud.
    1. Add the Region Name and an optional Display Name for this cloud region.
    2. Click Save.

      The Instance Types, the Storage Types, and the Image Maps sections are automatically populated with as soon as you add the region.

  7. Click Edit Cloud Settings to update the Google cloud settings for each region.

    Caution

    If you Edit Cloud Settings, you must save the changes to the CCO to ensure that these changes are also propagated to CCOs inside a firewall configuration.

    If your CCO is already configured, you must re-register the CCO for these Cloud Settings to take effect.

    1. Assign the Cloud Credentials for each project as each project has its own credentials and these settings may differ between projects. These fields are already explained in Step 3 above.

    2. Click Save.

  8. To complete the cloud configuration, you must register the CCO with the CCM.

     Register the CCO with the CCM

    Register the CCO with the CCM


    Cloud Region Nuances

    Once you register a CCO with the CCM, the CCO only works for the registered cloud region.

    CloudCenter

    Once you register a CCO with the CCM, the CloudCenter platform considers this cloud region to be active and you can only delete the cloud region from the CloudCenter platform under specific conditions. See Cloud Region Configuration > Delete Cloud Region for additional details.

    While the example provided references the AWS cloud, be aware that the screen captures may differ for each cloud.

    Non-HA Mode

    To register the CCO with the CCM, follow this procedure:

    1. In the Configure Orchestrator popup, provide the CCO's IP address that is accessible by CCM and select the cloud account that is used to host the CCO:
    2. If you are not already at this page, verify that you are in the Admin > Clouds > Configure Regions for the required cloud)
      1. Click Configure Orchestrator in the Regions tab.
      2. Orchestrator IP or DNS: Provide the IP or DNS address for the CCO server.
      3. Remote Desktop Gateway DNS or IP: The IP address of the Guacamole server (enables browser-based access to the VMs). If the Guacamole component resides in the AMQP server, provide the IP address of the AMQP server.

      4. Cloud Account: Select the cloud account that you want to use with this CCO.

        Amazon Cloud Nuance

        This setting is important if you have configured an IAM Role. Be sure to select the cloud account that contains this role.

    3. Click Save. The CCM and CCO have now established a mutual trust relationship. The CloudCenter platform now manages the cloud region with the deployed CCO.

    4. Repeat Step 2 and Step 3 to establish a mutual trust between the CCM and other CCOs.

    You have registered the CCO VM and completed your configuration. You have two options at this point:

    HA Mode

    To register the CCO with the CCM, follow this procedure:

    1. Ensure that the Tomcat service is running on the Primary CCO.
    2. Login to the Secondary CCO and Tertiary CCO servers and stop the Tomcat service on both servers.

      /etc/init.d/tomcat stop
    3. Access the CCM UI and register the CCO using the CCO LB IP address.
      1. If you are not already at this page, verify that you are in the Admin > Clouds > Configure Regions for the required cloud)
      2. Click Configure Orchestrator in the Regions tab.
      3. Provide the CCO's IP address that is accessible by CCM and select the cloud account that is used to host the CCO:

        1. Orchestrator IP or DNS: Provide the IP or DNS address for the CCO server.
        2. Remote Desktop Gateway DNS or IP: The IP address of the Guacamole server (enables browser-based access to the VMs). If the Guacamole component resides in the AMQP server, provide the IP address of the AMQP server.

        3. Cloud Account: Select the cloud account that you want to use with this CCO. Be sure to select the cloud account that contains this role.

        4. Click Save. The CCM and CCO have now established a mutual trust relationship. The CloudCenter platform now manages the cloud region with the deployed CCO.
    4. After a successful registration, log into the Primary CCO server.
    5. Copy the gateway_config.properties file from the Primary CCO's /usr/local/osmosix/etc/ folder to the same location on both the Secondary CCO and the Tertiary CCO servers.
    6. Verify that the ownership and permissions for the copied file in all servers is as follows:
      • Owner = cliqruser
      • Group Permission = read and write
    7. Run the following commands to change settings – if required:

      chown 
      cliqruser:cliqruser /usr/local/osmosix/etc/gateway_config.properties
      chmod 644 /usr/local/osmosix/etc/gateway_config.properties
    8. Start the Tomcat on the Secondary CCO and the Tertiary CCO servers by issuing the following command on each server:

       /etc/init.d/tomcat start
    9. Repeat this procedure for other CCOs in HA mode to establish a mutual trust between the CCM and other CCOs.

    You have registered the CCO VM and completed your configuration. You have two options at this point:

Return to: Configure Cloud(s)

© 2017-2019 Cisco Systems, Inc. All rights reserved