Register a GCP environment from CDP UI
Once you’ve met the Google Cloud cloud provider requirements, register your GCP environment.
Before you begin
This assumes that you have already fulfilled the environment prerequisites described in GCP requirements.
Required role: EnvironmentCreator
Navigate to the Management Console > Environments > Register environment.
On the On the Register Environment page, provide the following information:page, provide the following information:
Parameter Description General Information Environment Name Enter a name for your environment. The name:
- Must be between 5 and 28 characters long.
- Can only include lowercase letters, numbers, and hyphens.
- Must start with a lowercase letter.
Description (Optional) Enter a description for your environment. Select Cloud Provider Select Google Cloud. Google Cloud Platform Credential Select Credential Select an existing credential or select Create new credential.
For instructions on how to create a credential for Google Cloud, refer to Create a provisioning credential for GCP.
- Click Next.
- On the Data Access and Data Lake Scaling page, provide the following
Parameter Description Data Lake Settings Data Lake Cluster Name Enter a name for the Data Lake cluster that will be created for this environment. The name:
- Must be between 5 and 100 characters long
- Must contain lowercase letters
- Cannot contain uppercase letters
- Must start with a letter
- Can only include the following accepted characters are: a-z, 0-9, -.
Data Lake Version Select Cloudera Runtime version that should be deployed for your Data Lake. The latest stable version is used by default.
All Data Hub clusters provisioned within this Data Lake will be using the same Runtime version.
Note: Google Cloud environments can only be provisioned in CDP with Runtime version 7.2.8 or newer.
Data Access and Audit Assumer Service Account Select the IDBroker service account created in Minimum setup for cloud storage. Storage Location Base Select the Google Storage location created for data in Minimum setup for cloud storage. Data Access Service Account Select the Data Lake Admin service account created in Minimum setup for cloud storage. Ranger Audit Service Account Enter the full ID of the Ranger Audit service account created in Minimum setup for cloud storage. IDBroker Mappings We recommend that you leave this out and set it up after registering your environment as part of Onboarding CDP users and groups for cloud storage. Scale Scale Select Data Lake scale. By default, “Light Duty” is used. For more information on Data Lake scale, refer to Data Lake scale.
- Click Next.
- On the Region, Networking and Security page, provide the following information:
Parameter Description Region Select Region Select the region where your VPC network is located.. Network Use shared VPC This option is disabled by default. Enable this if you would like to use your existing shared VPC. Next enter:
- Host project ID
- Network name
- Subnet name(s). If providing multiple, provide a comma separated list.
Select Network Select the existing VPC network that you created as a prerequisite in the VPC network and subnets step. All CDP resources will be provisioned into this network. Select Subnets Select at least one existing subnet. Enable Cluster Connectivity Manager This option is enabled by default. You can disable it if you do not want to use CCM. You can use Cluster Connectivity Manager (CCM) for communication with Data Lake and Data Hub workload clusters that are on private subnets. For more information about the required setup, refer to Cluster Connectivity Manager documentation. Create Public IPs This option is disabled by default when CCM is enabled and enabled by default when CCM is disabled. Enable FreeIPA HA This is currently not supported for Google Cloud. Proxies Select a proxy configuration if previously registered. For more information refer to Setting up a proxy server. Security Access Settings Select Security Access Type You have two options:
- Do not create firewall rule: If you are using a shared VPC you can set the firewall rules directly on the VPC. If you did so, you can select this option.
- Provide existing firewall rules: If not all of your firewall rules are set directly on the VPC, provide the previously created firewall rules for SSH an UI access. You should select two existing firewall rules, one for Knox gateway-installed nodes and another for all other nodes. You may select the same firewall rule in both places if needed.
For information on required ports, see Firewall rules.
SSH Settings New SSH public key Upload a public key directly from your computer.
Note: CDP does not use this SSH key. The matching private key can be used by your CDP administrator for root-level access to the instances provisioned for the Data Lake and Data Hub.
Add tags You can optionally add tags to be created for your resources on GCP. Refer to Defining custom tags.
- Click Next.
- On the Storage page, provide the following information:
Parameter Description Logs Logger Service Account Select the Logger service account created in Minimum setup for cloud storage. Logs Location Base Select the Google Storage location created for logs in Minimum setup for cloud storage. Backup Location Base (Optional) Select the Google Storage location created for FreeIPA backups in Minimum setup for cloud storage. If not provided, the default Backup Location Base uses the Logs Location Base. Telemetry Enable Workload Analytics Enables Workload Manager support for workload clusters created within this environment. When this setting is enabled, diagnostic information about job and query execution is sent to the Workload Manager. Enable Cluster Logs Collection When this option is enabled. the logs generated during deployments will be automatically sent to Cloudera.
- Click Register Environment to trigger environment registration.
- The environment creation takes about 60 minutes. The creation of the FreeIPA server and Data Lake cluster is triggered. You can monitor the progress from the web UI. Once the environment creation has been completed, its status will change to “Running”.
After you finish
- You must assign roles to specific users and groups for the environment so that selected users or user groups can access the environment. Next, you need to perform user sync. For steps, refer to Enabling admin and user access to environments.
- You must onboard your users and/or groups for cloud storage. For steps, refer to Onboarding CDP users and groups for cloud storage.
- You must create Ranger policies for your users. For instructions on how to access your Data Lake, refer to Accessing Data Lake services. Once you've accessed Ranger, create Ranger policies to determine which users have access to which databases and tables.