Abiquo 5.1
Introduction to Google GCE credentials
These instructions are a guide only. Always check your cloud provider documentation for up to date information.
Note that when you are first configuring your account, you may need to wait a little while for information to propagate throughout the Google Cloud Platform.
To use GCE with Abiquo, you will need credentials to access your GCE account.
These credentials are as follows:
- Access key ID: Developer email address (for example, for the Service account of your Project)
- Secret access key: Private key (in pem format) derived from the P12 key of the Service account
Only use ONE set of GCE keys for each enterprise in each datacenter
GCE will allow you to generate more than one set of active keys for each Google user. However, in Abiquo, you can only add one set per enterprise. If you try to add another set, for example, using the API, you will get an error message.
Generate credentials in Google
To obtain credentials go to the Google Developers console for Google Cloud Platform.
Create a project and enable billing.
Under API manager > Dashboard, check that GCE is enabled.
Then you will need a service account with a P12 key.
One way to obtain this is to do the following steps:
- Go to API Manager > Credentials > Service accounts > Create credentials.
- Select Service account key. Either use the default Compute service account or create a new one
- If creating a new one, enter the name and give the service account an appropriate Roles, for example, all Google Compute Engine roles
- Select P12 key and save the key for the service account to a secure location.
- Note the keystore's password, for example, "notasecret" and click Okay.
Obtain Access key ID
The Developer email address is the EMAIL ADDRESS that is the Service Account ID, which will have a format something like:
project_id@developer.gserviceaccount.com project_id-extended_uid@developer.gserviceaccount.com
For example:
123269589999-bs5i5bktqsln799rngl3klsfd775qrm4@developer.gserviceaccount.com
Enter this email address as the Access key ID in Abiquo.
Generate Secret access key
On your local filesystem, locate the file you saved earlier, which is a keystore p12 file.
Convert it into pem format. When it asks for the password, give the one you noted in the earlier step.
openssl pkcs12 -in <my_keystore>.p12 -out <my_keystore>.pem -nodes
For example:
$ openssl pkcs12 -in API\ Project-973f15669399.p12 -out API\ Project-973f15669399.pem -node Enter Import Password: MAC verified OK
Extract the private key and remove the passphrase
openssl rsa -in <my_keystore>.pem -out <my_key>.pem
For example:
openssl rsa -in API\ Project-973f15669399.pem -out APIPROJ973.pem writing RSA key
The pem file my_key contains the Private key to enter in Abiquo as the Secret access key. Open the file using a suitable program and cut and paste the private key text.
-----BEGIN RSA PRIVATE KEY----- ASDFJASDKLJSADFÑLKSJADF+/PZYLPK4UQo3iL+JJ/z4n/XDLHwXZjorMN2PZKuY sAU8XRhBu9wH5KZhKPYmSqetl6S4by8htPgiCasdfjklassdfkljasdflkLjasjL L4Bx9ft2zPCFZVSkXE8K1iVQGorsiDv1n6gSGGtp9/Ouq2iHTs1jr1saRwIDAQAB 9999999999999999999/A7vfsbbqPkg9+UJj4HKUdzji4flFg0inUbpZUDxv3ZwG y+ogKbuKd7sQSyp6pXcZcGq9nNbbq1MRv6EHDZsta6lHo0/WzAIKBvcFuwuP9zI1 rae36JkyIh2GMKjC00z7QPUMIg0qgYlHtCrSAPywhvtvDoECQQD1ANDjCDnA0wLG qt4UtB249t9cH4ByS1MrKz9duduK4eR5EZYsuPjHnqlJCRw47a41a+hs+YcjLEdw pvlVLdDvAkEA4KooJ3CasdlNfkiouiojskldjgskladfjsklafjaslkdfjsklasd hd7Pfrls4nSbJeyDg/qNmFLGHPWdlX2cKQJAPfbB3dmTubfkaNiIKFZRehk97m+t AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//bVptIJIpUtUEl6n9dhkwJBAJyG cItp/lY63vVCx2ej7CKioisKOHWOyLvwySmD+ByUS/478Cjqvk+OuMn1rmLoEuAN NGPTQKuLn/O1PCFW7mECQHRQvdtnp6ENvkEkcPcDxp3pM1ZY+0ScPaww5YLw+4QM 0cMEfeSXxjBE3hb4kTkSYV8WBS+/quNfBBbhXdytUnw= -----END RSA PRIVATE KEY-----
Reference: https://github.com/jclouds/jclouds/blob/master/providers/google-compute-engine/README.md
Overview
Content Tools
