Google Cloud Platform¶
Integration with GCP can be set up using an OAuth 2.0 Client ID of type ‘Web application’. You can generate one with the following steps:
- Navigate to the Credentials page in the GCE console
- The active Project at this point must have the Cloud Resource Manager API enabled
- Click “Create Credentials”, then “OAuth Client ID”
- On the next screen, make sure the Application type is ‘Web application’
- Add an Authorized redirect URI for this OAuth Client ID. This is required to import GCP Projects into the CloudBolt instance. If your CloudBolt instance is running at https://example.com, then the value for this should be set to https://example.com/google-oauth2/
- After it’s been created, download the JSON for your new OAuth Client ID.
- In the CloudBolt UI, add a new Google Cloud Platform resource handler and upload the JSON file in the form.
After uploading your credentials and creating the Handler, you can choose which Projects you’d like CloudBolt to manage by clicking the Fetch Projects button from the Projects tab of the resource handler.
For a GCP Project to be manageable from CloudBolt, it must:
- Have Billing enabled
- Have the Compute Engine API enabled
- Have the Identity and Access Management (IAM) API enabled
When building new servers, GCP marks them as ready before they may be fully booted, and services like ssh may not yet be running. If you are attempting to run remote scripts on servers at the end of the provisioning process and you receive a connection refused error, go to the parameters tab on the environment in CloudBolt and add the “Post Provisioning Delay” parameter with a single option of 30 (to add a 30s delay before attempting to run scripts).
Importing and Viewing GCP Billing Data¶
In CloudBolt, you can import your GCP billing data and view monthly billed costs for individual GCP projects.
Set Up a Single GCP Project¶
- Enable the export of your GCP billing data to BigQuery. Refer to these instructions for Setting Up the GCP Billing Data export to BigQuery.
- After creating your billing export dataset in BigQuery, take note of the name of the table in your dataset.
- In the GCP console, go to the Service accounts page and select the project where your BigQuery dataset is stored.
- Create a new Service account to access your billing dataset. When the account is created, a JSON file containing a credentials key is generated and downloaded to your computer. Keep track of this key file.
- Go to the IAM page in the GCP console and edit the permissions for the Service account you just created. Make sure to give it the BigQuery Admin Role.
- In CloudBolt, go to the details page for a GCP Project for which you want to track billing. Click the Edit. Upload the Key file you downloaded for the Service account created in step 4, and add the Billing table name you noted in step 2. Click Save.
Set up Multiple GCP Projects¶
The following steps are required for each additional GCP project for which you want to track billing:
- In the GCP console, copy the email address of the Service account you created to access the billing dataset.
- Go to the IAM page for the project you want to add. Click Add. In the New members textbox, add the email address from the previous step. Select the BigQuery Admin Role and click Save.
- In CloudBolt, go to the details page for the GCP project you want to add. In the Edit dialog, add the same Key file and Billing table name you used for the original project. Click Save.
You can view billing summaries from GCP projects’ and resource handlers’ Billing tabs. Project Billing tabs will display graphs with data aggregated per-project. Resource Handler Billing tabs will display graphs with data aggregated across multiple projects.