Eon Mode on GCP Prerequisites

Before deploying an Eon Mode database on GCP, you must take several steps:

  • Review the default service account's permissions for your GCP project.
  • Create an HMAC key to use when creating your cluster.
  • Create a communal storage location.

Service Account Permissions

Service accounts allow automated processes to authenticate with GCP. The Eon Mode database deployment process uses the project's service account for your GCP project to deploy instances. When you create a new project, GCP automatically creates a default service account (identified by project_number-compute@developer.gserviceaccount.com) for the project and grants it the IAM role Editor. See the Google Cloud documentation's Understanding roles for details about this and other IAM roles.

The Editor role lets the service account create resources from the Marketplace. When you create an instance of the Management Console (MC), the MC uses the account to deploy further resources, such as provisioning instances for an database.

For details, see the Google Cloud documentation's Understanding service accounts page.

Permissions and Roles

To deploy Vertica on GCP, your user account must have the:

  • Editor role.
  • runtimeconfig.waiters.getIamPolicy permission.

Creating an HMAC Key

Vertica uses a hash-based message authentication code (HMAC) key to authenticate requests to access the communal storage location. This key has two parts: an access ID and a secret. When you create an Eon Mode database in GCP, you provide both parts of an HMAC key for the nodes to use to access communal storage.

To create an HMAC key:

  1. Log in to your Google Cloud account.
  2. If the name of the project you will use to create your database does not appear in the top banner, click the dropdown and select the correct project.
  3. In the navigation menu in the upper-left corner, under the Storage heading, click Storage and select Settings.
  4. In the Settings page, click Interoperability.
  5. Scroll to the bottom of the page and find the User account HMAC heading.

  6. Unless you have already set a default project, you will see the message stating you haven’t set a default project for your user account yet. Click the Set project-id as default project button to choose the current project as your default for interoperability.

    The project ID appears in the button label, not the project name.

  7. Under Access keys for your user account, click Create a key.
  8. Your new access key and secret appear in the HMAC key list. You will need them when you create your Eon Mode database. You can copy them to a handy location (such as a text editor) or leave a browser tab open to this page while you use another tab or window to create your database. These keys remain available on this page, so you do not need to worry about saving them elsewhere.

It is vital that you protect the security of your HMAC key. It can grant others access to your Eon Mode database's communal storage location. This means they could access all of the data in your database. Do not write the HMAC key anyplace where it may be exposed, such as email, shared folders, or similar insecure locations.

Creating a Communal Storage Location

Your Eon Mode database needs a storage location for its communal storage. Eon Mode databases running on GCP use Google Cloud Storage (GCS) for their communal storage location. When you create your new Eon Mode database, you will supply the MC's wizard with a GCS URL for the storage location.

This location needs to meet the following criteria:

  • The URL must include at least a bucket name. You can use one or more levels of folders, as well. For example, the following GCS URLs are valid:

    • gs://verticabucket/mydatabase
    • gs://verticabucket/databases/mydatabase
    • gs://verticabucket

    Multiple databases can share the same bucket, as long as each has its own folder.

  • If provided, the lowest-level folder in the URL must not already exist. For example, in the GCS URL gs://verticabucket/databases/mydatabase, the bucket named verticabucket and the directory named databases must exist. The subdirectory named mydatabase must not exist. The Vertica install process expects to create the final folder itself. If the folder already exists, the installation process fails.

    If you have a communal storage location that already contains data from a previous Eon Mode database that you want to access, use the revive process, rather than installing a new database. See Stopping, Starting, Terminating, and Reviving Eon Mode Database Clusters for details.

  • The permissions on the bucket must be set to allow the service account read, write, and delete privileges on the bucket. The best role to assign to the user to gain these permissions is Storage Object Admin.
  • To prevent performance issues, the bucket must be in the same region as all of the nodes running the Eon Mode database.
  • If you create the database through the admintools UI, you must set gcsauth as a bootstrap parameter in admintools.conf. For more information on this and other GCP parameters, see Google Cloud Storage Parameters.
    [BootstrapParameters]
gcsauth = ID:secret