Introduction to Google GCE credentials
These instructions are a guide only. Always check your cloud provider documentation for up to date information.
Note that when you are first configuring your account, you may need to wait a little while for information to propagate throughout the Google Cloud Platform.
To use GCE with Abiquo, you will need credentials to access your GCE account.
These credentials are as follows:
- Access key ID: Developer email address (for example, for the Service account of your Project)
- Secret access key: Private key (in pem format) derived from the P12 key of the Service account
Only use ONE set of GCE keys for each enterprise in each datacenter
GCE will allow you to generate more than one set of active keys for each Google user. However, in Abiquo, you can only add one set per enterprise. If you try to add another set, for example, using the API, you will get an error message.
Generate credentials in Google
To obtain credentials go to the Google Developers console for Google Cloud Platform.
Create a project and enable billing.
Under API manager > Dashboard, check that GCE is enabled.
Then you will need a service account with a P12 key.
One way to obtain this is to do the following steps:
- Go to API Manager > Credentials > Service accounts > Create credentials.
- Select Service account key. Either use the default Compute service account or create a new one
- If creating a new one, enter the name and give the service account an appropriate Roles, for example, all Google Compute Engine roles
- Select P12 key and save the key for the service account to a secure location.
- Note the keystore's password, for example, "notasecret" and click Okay.
Obtain Access key ID
The Developer email address is the EMAIL ADDRESS that is the Service Account ID, which will have a format something like:
Enter this email address as the Access key ID in Abiquo.
Generate Secret access key
On your local filesystem, locate the file you saved earlier, which is a keystore p12 file.
Convert it into pem format. When it asks for the password, give the one you noted in the earlier step.
openssl pkcs12 -in <my_keystore>.p12 -out <my_keystore>.pem -nodes
$ openssl pkcs12 -in API\ Project-973f15669399.p12 -out API\ Project-973f15669399.pem -node
Enter Import Password:
MAC verified OK
Extract the private key and remove the passphrase
openssl rsa -in <my_keystore>.pem -out <my_key>.pem
openssl rsa -in API\ Project-973f15669399.pem -out APIPROJ973.pem
writing RSA key
The pem file my_key contains the Private key to enter in Abiquo as the Secret access key. Open the file using a suitable program and cut and paste the private key text.
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----