GCP Preparation & Marketplace Launch

The following instructions outline the various aspects of launching, configuring and running jobs in CloudyCluster on Google Cloud Platform.

Overview

To use CloudyCluster you must first have a project with the necessary resources on Google Cloud Platform.

Create a GCP Project for CloudyCluster
Create a GCP Project
Select your project and Create a Cloud Datastore
Create a GCP Datastore
Enable IAM, Cloud Resource Manager APIs

Enable APIs
IAM API
Cloud Resource Manager API

Create a project wide SSH Key

CloudyCluster uses project wide SSH keys to authenticate the initial launch of the control instance. To configure those please refer to the Managing SSH Keys in Metadata page.

Create a Service Account for CloudyCluster
Copy, edit and run the following script:

# Replace with the Project Id where you will be launching CloudyCluster
PROJECT=”

# Replace with the name you want to use for the service account.
# Must be alphanumeric, between 6-30 characters long, and contain no capitol letters or spaces.
NAME=”

#############DO NOT CHANGE ANYTHING BELOW THIS COMMENT SERVICE_ACCOUNT=$NAME@$PROJECT.iam.gserviceaccount.com

# Create the service account
gcloud iam service-accounts create $NAME –project=$PROJECT –display-name “CloudyCluster service account”

# Add the Datastore Permissions
gcloud projects add-iam-policy-binding $PROJECT –member serviceAccount:$NAME@$PROJECT.iam.gserviceaccount.com –role roles/datastore.user

# Add the Network Admin Permissions
gcloud projects add-iam-policy-binding $PROJECT –member serviceAccount:$NAME@$PROJECT.iam.gserviceaccount.com –role roles/compute.networkAdmin

# Add the Security Admin Permissions
gcloud projects add-iam-policy-binding $PROJECT –member serviceAccount:$NAME@$PROJECT.iam.gserviceaccount.com –role roles/compute.securityAdmin

# Add the Project IAM Admin Permissions
gcloud projects add-iam-policy-binding $PROJECT –member serviceAccount:$NAME@$PROJECT.iam.gserviceaccount.com –role roles/resourcemanager.projectIamAdmin

# Add the Service Account Admin Permissions
gcloud projects add-iam-policy-binding $PROJECT –member serviceAccount:$NAME@$PROJECT.iam.gserviceaccount.com –role roles/iam.serviceAccountAdmin

# Add the Service Account User Permissions
gcloud projects add-iam-policy-binding $PROJECT –member serviceAccount:$NAME@$PROJECT.iam.gserviceaccount.com –role roles/iam.serviceAccountUser

# Add the Compute Instance Admin Permissions
gcloud projects add-iam-policy-binding $PROJECT –member serviceAccount:$NAME@$PROJECT.iam.gserviceaccount.com –role roles/compute.instanceAdmin.v1


Now you can launch the Control Instance from the Marketplace
Locate the CloudCluster offering in the GCP Marketplace and select Launch on Compute Engine
Initial GCP Marketplace Screen
Review and select the desired options
Enter the Service Account (SA) that was created when you ran the script in the “previously created SA” line.
Make sure you also select “Allow read write access to Google Compute Engine APIs on the VM” or CloudyCluster won’t have the required perissions to operate.
Select Deploy
GCP Marketplace launch screen

Complete configuration of your control node