Prepare the Google Cloud Platform (GCP) environment

Create a project (optional)

A project forms the basis for creating, enabling and using all GCP services, managing APIs, enabling billing, adding and removing collaborators, and managing permissions.

For instructions on how to create a project using GCP cloud resource manager, see Create and managing projects in the GCP documentation.

You should include yugabyte as part of the project name (for example, yugabyte-gcp) and note the project ID.

Create a service account

YugabyteDB Anywhere requires a service account with the appropriate permissions to provision and manage compute instances.

To create a service account, perform the following:

  • Open your project in GCP and use the left-side menu to navigate to IAM & Admin > Service Accounts.

  • Click Create Service Account.

  • Complete the Service account details fields and click Create and Continue.

  • In the Grant this service account access to project section, select the Owner role.

  • In the Grant users access to this service account section, enter the email associated with this service account. To retrieve the email information, navigate to IAM & Admin > Service Accounts and copy the Email value.

  • Navigate back to IAM & Admin > Service Accounts, click the email address of the service account, and then select the KEYS tab.

  • Click ADD KEY and select Create new key.

  • In the Create private key dialog, select JSON as the key type, and then click Create to download a service account key file. Note that after you download the key, you need to store this file, as you cannot download it again and this key is required for configuring the YugabyteDB Anywhere UI.

    For additional information, see Creating and managing service account keys in the GCP documentation.

  • Navigate to IAM & Admin > IAM, click ADD, and then provide principals and roles.

For more information, see Creating and managing service accounts in the GCP documentation.

Create a firewall rule

In order to access YugabyteDB Anywhere from outside the GCP environment, you have to enable firewall rules. At a minimum, you need to be able to do the following:

  • Access the YugabyteDB Anywhere instance over SSH (port tcp:22).
  • Check, manage, and upgrade YugabyteDB Anywhere (port tcp:8800).
  • View the YugabyteDB Anywhere UI (port tcp:80).

If you are using your own Virtual Private Cloud (VPC) as a self-managed configuration, the following additional TCP ports must be accessible: 7000, 7100, 9000, 9100, 11000, 12000, 13000, 9300, 9042, 5433, 6379, 54422. For more information, see Default ports.

Next, you need to create a firewall entry, as follows:

  • From your project's main page, navigate to VPC network > Firewall.
  • Create firewall rules by following instructions provided in Using firewall rules in the GCP documentation. When creating the rules:
    • Add a tag yugabyte-server to the Target tags field.
    • Add the appropriate IP addresses to the Source IP ranges field.
    • Enter a comma-delimited list of TCP ports 22, 8800, 80 to the Protocol and ports field. If required, also add TCP ports for a self-managed configuration.

Provision instance for YugabyteDB Anywhere

You need to create an instance to run YugabyteDB Anywhere. To do this, from your project's main page, navigate to Compute Engine > VM instances, click Create, and then follow instructions provided in Virtual machine instances in the GCP documentation. When creating instances:

  • Select a region as, for example, us-west1.
  • Select a zone as, for example, us-west1-b.
  • Select 4 vCPUs (n1-standard-4) as the machine type.
  • Change the boot disk image to Ubuntu 18.04 TLS and increase the boot disk size to 100.
  • Specify whether to use the default or your own service account.
  • Specify whether to use the default or your own VPC.
  • Use the Networking tab to add yugabyte-server as the network tag (or the custom name you chose when setting up the firewall rules).

Once the instance has been created, use the SSH Keys tab to add a custom public key and a login user to this instance. To do so, you start by creating a key-pair, as follows:

$ ssh-keygen -t rsa -f ~/.ssh/yugabyte-1-gcp -C centos


You can set the appropriate credentials for the SSH key as follows:

$ chmod 400 ~/.ssh/yugabyte-1-gcp


Enter the contents of yugabyte-1-gcp.pub as the value for this field.

For more information, see the following GCP documentation:

Connect to the YugabyteDB Anywhere server

Use the GCP Cloud Console to find the public IP address of the instance you launched.

To connect to this server, execute the following command:

$ ssh -i ~/.ssh/yugabyte-1-gcp [email protected]

Replace NN.NN.NN.NN with the IP address and yugabyte-1-gcp with the appropriate SSH key.