Chapter 3. Create and Download the GCS Credentials File

The Block Storage service needs your Google credentials in order to access and use Google Cloud for backups. You can provide these credentials to Block Storage by creating a service account key:

  1. Log in to the Google developer console (http://console.developers.google.com) using your Google account.
  2. Click the Credentials tab. From there, select Service account key from the Create credentials dropdown.

    creds create

  3. In the next screen (Create service account key), select the service account that the Block Storage service should use from the Service account dropdown:

    creds json compengine

  4. In the same screen, select JSON from the Key type section and click Create.

    The browser will then download the key to its default download location:

    creds key

  5. Open the file, and note the value of the project_id parameter:

    {
      "type": "service_account",
      "project_id": "cloud-backup-1370",
    ...

    The /etc/cinder/Cloud-Backup.json key will be used later in Chapter 4, Create the Environment File (in particular, the value of project_id and the absolute path to the file).

  6. Copy the key file to /etc/cinder/ on any Controller node. From there, change the user, group, and permissions of the key file to match that of /etc/cinder/cinder.conf. This will ensure that the Block Storage service can use it:

    # cp Cloud-Backup.json /etc/cinder/
    # chown cinder:cinder /etc/cinder/Cloud-Backup.json
    # chmod 0600 /etc/cinder/Cloud-Backup.json
  7. Copy the key file to the same location on each Controller node (namely, to /etc/cinder/Cloud-Backup.json). Use rsync -a to ensure that the permissions and ownership settings are preserved:

    # rsync -a /etc/cinder/Cloud-Backup.json root@CONTROLLERHOST:/etc/cinder/

    Replace CONTROLLERHOST with the hostname of a target Controller.