Google Cloud Platform (GCP)

Integration Features

  • Provisioning Virtual Machines

  • Network tagging

  • Private and Local Images

  • Google VM Snapshots

  • Brownfield Inventory

  • Costing

  • Right-sizing

  • Shared Network Support

Requirements for Integration with Morpheus

To integrate Morpheus with Google Cloud Platform, you will need the following. APIs are enabled in “APIs & Services” and must be enabled for all projects or the selected project (depending on your GCP Cloud integration settings). The next section contains more detailed steps for enabling API in the GCP web console.

  • The Compute Engine API enabled

  • The Cloud Resource Manager API enabled

  • The Cloud Billing API

  • The Identity and Access Management (IAM) API enabled

  • The BigQuery API enabled

  • The BigQuery Data Transfer API enabled

  • The Kubernetes Engine API enabled (required to provision GKE clusters)

  • Credentials for an IAM service account with Owner or Compute Admin role permissions

  • The private key and client email for the service account

This integration guide goes through the process of configuring your account and obtaining the information necessary to integrate with Morpheus. Continue to the next section for a detailed look at enabling the APIs mentioned above.

Enabling the Required APIs

In order to take full advantage of the Morpheus integration with Google Cloud, a number of APIs must be enabled within the GCP web console. It’s recommended that you enable all of the APIs listed in the preceding section regardless of the Morpheus feature set you intend to use. This will ensure you do not run into problems down the road stemming from a lack of access which may take time to diagnose.

Log into the Google Cloud web console and navigate to the APIs and Services page. You may find this in the Quick access area of the welcome page or you can search for it as shown in the screenshot below.

../../../_images/apis.png

From the APIs and Services page, a list of enabled APIs and some details about your usage are shown. To enable new APIs, click + ENABLE APIS & SERVICES near the top of the window. Now on the API library page, search for the API you wish to enable. Here I’ve searched for the Kubernetes Engine API.

../../../_images/apisearch.png

From the search results, click on the API you wish to enable to view its detail page. Click ENABLE. Once successfully enabled, the button will change to a MANAGE button. It may take a few moments for the API to be fully enabled. You may also be prompted to enable the Cloud Billing API or create an association with a Billing Account when enabling APIs. Go ahead and do so if prompted.

../../../_images/apienable.png

Repeat this process until all required APIs (listed in the previous section) are enabled.

Creating a Service Account

  1. From anywhere in the GCP web console, search for “service accounts” in the global search bar at the top of the window

  2. Click on the Service Accounts page (within the IAM & Admin stack)

  3. A list of existing service accounts within the selected Project is shown (if any)

  4. To create a new one, click + CREATE SERVICE ACCOUNT

../../../_images/3create_service_acct.png
  1. Enter at least a name for your new service and click CREATE AND CONTINUE

../../../_images/4config_service_acct.png
  1. After creating the service account, you’ll be prompted to set a role for the account. In order to fully integrate with Morpheus, you must use an account in the Owner role or the Compute Admin role

  2. Click CONTINUE

../../../_images/5service_acct_role.png
  1. Following creation of the service account, you’ll be taken back to the list of existing service accounts

Generating Keys and Integrating with Morpheus

  1. From the list of service accounts, click the ellipsis button (…) to the right of a selected account

  2. Click “Manage Keys”

../../../_images/6create_key.png
  1. On the Keys page, click “Add Key” and then “Create New Key”

  2. Select JSON format and click CREATE

  3. A JSON-formatted document will be downloaded, this document contains the Project ID, private key, and client email values needed to complete the integration process in the next step

Add a GCP Cloud

Note

The JSON-formatted document downloaded when creating a key for your service account contains all of the required values for completing the integration. Consult the above section on generating keys if needed.

  1. Navigate to Infrastructure > Clouds

  2. Select + CREATE CLOUD, select Google Cloud, and then click NEXT.

  3. Enter the following into the Create Cloud modal:

    Cloud Configuration

    NAME

    Name of the Cloud in Morpheus

    CODE

    Unique code used for api/cli, automation and policies.

    LOCATION

    Description field for adding notes on the cloud, such as location.

    VISIBILITY

    For setting cloud permissions in a multi-tenant environment. Not applicable in single tenant environments.

    TENANT

    If Visibility is set to Private, select the Tenant the Cloud resources will assigned to.

    ENABLED

    When disabled, automatic Cloud sync is paused and the Cloud will not be selectable for provisioning.

    AUTOMATICALLY POWER ON VMS

    When enabled, Morpheus will maintain the expected power state of managed VMs. Morpheus will power on any managed VMs in the Cloud that have been shut down for unknown reasons (not powered off by Morpheus) to ensure availability of services.

    Note

    When “AUTOMATICALLY POWER ON VMS” is enabled, the power state of managed VMs should be maintained in Morpheus. This setting is not applicable to discovered/unmanaged resources.

    Details

    PRIVATE KEY

    The service account private key. Paste in the entire value between (but not including) the quotation marks in your downloaded JSON document, formatted like the following example: -----BEGIN PRIVATE KEY-----(your_key)-----END PRIVATE KEY-----

    CLIENT EMAIL

    The service account client email, ex: morpheus@morpheus.iam.gserviceaccount.com

    PROJECT ID

    Projects will auto-populate upon successful entry of the private key and client email. You can opt to scope the GCP integration to a single Project or select “All” to instead select the Project from the Resource Pool dropdown at provision time

    REGION

    Regions will auto-populate upon successful entry of the private key and client email. Select the appropriate region for this Cloud, if applicable. You can also opt to scope the GCP integration to all regions to allow users to select from any region at provision time

    INVENTORY EXISTING INSTANCES

    If checked, existing GCP resources will be inventoried and appear as unmanaged virtual machines in Morpheus.

    If advanced options are not needed, click NEXT to advance to the Group selection page. Otherwise, continue on with this guide and review advanced or provisioning options.

    Advanced Options

    DOMAIN

    Specify a default domain for instances provisioned to this Cloud.

    SCALE PRIORITY

    Only affects Docker Provisioning. Specifies the priority with which an instance will scale into the cloud. A lower priority number means this cloud integration will take scale precedence over other cloud integrations in the group.

    APPLIANCE URL

    Alternate Appliance url for scenarios when the default Appliance URL (configured in admin > settings) is not reachable or resolvable for Instances provisioned in this cloud. The Appliance URL is used for Agent install and reporting.

    TIME ZONE

    Configures the time zone on provisioned VM’s if necessary.

    DATACENTER ID

    Used for differentiating pricing among multiple datacenters. Leave blank unless prices are properly configured.

    NETWORK MODE

    Unmanaged or select a Network Integration (NSX, ACI etc)

    LOCAL FIREWALL

    On or Off. Enable to managed Host and VM firewall/IP Table rules (linux only)

    SECURITY SERVER

    Security Server setting is for Security Service Integrations such as ACI

    TRUST PROVIDER

    Select Internal (Morpheus) or an existing Trust Provider Integration

    STORAGE MODE

    Single Disk, LVM or Clustered

    BACKUP PROVIDER

    Select a backup provider. Depending on the Cloud type and any currently-configured backup plugins you may select Internal Backups (Morpheus) or another configured backup solution

    REPLICATION PROVIDER

    Sets the default Replication Provider for the Cloud. Select an existing Replication Provider Integration

    GUIDANCE

    Enable Guidance recommendations on cloud resources.

    COSTING

    Enable for Morpheus to sync Costing data from the Cloud provider, when available. For on-prem Clouds, enabling costing activates a costing service designed to mirror the live costing experience of public clouds, including invoicing with line items and real-time cost data (Operations > Costing > Invoices). If your organization utilizes reserved instances and you want to pull in related pricing data, select Costing and Reservations. If this is not relevant, select Costing to save money on additional calls to the AWS Cost Explorer API or similar service for other clouds.

    DNS INTEGRATION

    Records for instances provisioned in this cloud will be added to selected DNS integration.

    SERVICE REGISTRY

    Services for instances provisioned in this cloud will be added to selected Service Registry integration.

    CONFIG MANAGEMENT

    Select a Chef, Salt, Ansible or Puppet integration to be used with this Cloud.

    CMDB

    Select CMDB Integration to automatically update selected CMDB.

    CMDB DISCOVERY

    When checked, any automatically discovered (unmanaged) servers onboarded into Morpheus from this Cloud will also have CMDB records created for them.

    CHANGE MANAGEMENT

    Select an existing Change Management Integration to set on the Cloud. ex: Cherwell

    AGENT INSTALL MODE
    • SSH / WINRM: Morpheus will use SSH or WINRM for Agent install.

    • Cloud Init / Unattend (when available): (DEFAULT) Morpheus will utilize Cloud-Init or Cloudbase-Init for agent install when provisioning images with Cloud-Init/Cloudbase-Init installed. Morpheus will fall back on SSH or WINRM if cloud-init is not installed on the provisioned image. Morpheus will also add Agent installation to Windows unattend.xml data when performing Guest Customizations or utilizing syspreped images.

    API PROXY

    Set a proxy for outbound communication from the Morpheus Appliance to the Cloud endpoints. Proxies can be added in the Infrastructure > Networks > Proxies tab.

    INSTALL AGENT

    Enable to have Agent Installation on by default for all provisioning into this Cloud. Disable for Agent Installation to be off by default for all provisioning into this Cloud.

    Provisioning Options

    PROXY

    Set a proxy for inbound communication from Instances to the Morpheus Appliance. Proxies can be added in the Infrastructure > Networks > Proxies tab.

    Bypass Proxy for Appliance URL

    Enable to bypass proxy settings (if added) for Morpheus Agent communication to the Appliance URL.

    NO PROXY

    Include a list of IP addresses or name servers to exclude from proxy traversal

    USER DATA (LINUX)

    Add cloud-init user data. Morpheus 4.1.0 and earlier assumes bash syntax. Morpheus 4.1.1 and later supports all User Data formats. Refer to https://cloudinit.readthedocs.io/en/latest/topics/format.html for more information.

  4. After reviewing all options, click NEXT to advance to the Group selection page. Following Group selection, click COMPLETE to finish the integration process. If you’ve opted to inventory existing Instances, they will be viewable in Morpheus shortly. At this point, you are ready to provision new resources in Google Cloud Platform as needed!

Important

If you experience difficulties adding a GCP Cloud, review the above guide and ensure you’ve met all requirements for completing the integration. For example, if the Compute Engine API is not enabled, Morpheus will not accept credentials entered on the Create Cloud modal. If you repeatedly run into problems completing the integration process, review the above guide in its entirely and double check that each step is completed and your account meets all configuration requirements.

Create a GCP Project

On initial integration, Morpheus will sync Projects and allow you to scope the integration to a specific Project or to scope the integration to all Projects. As time goes on, additional Projects are continually synced and can be managed from within the Resources tab on the Cloud detail page (Infrastructure > Clouds > Selected GCP Cloud). Within the Resources tab, users can edit some Project settings as well as delete Projects if needed.

To create a new GCP Project:

  1. Click + ADD RESOURCE POOL

  2. Enter a name value for the new Project

  3. Mark the “DEFAULT” box if you’d prefer newly provisioned Instances default to the new Project

  4. Enter a Project ID and ensure it meets the listed validation requirements

  5. Set a Parent value if the new Project should exist underneath a parent organization

  6. Finally, select a billing account

  7. Click SAVE CHANGES

After a few minutes, the new Project will be ready on the GCP side and Morpheus will be ready to provision new resources into it.

Enabling Live Costing for GCP

GCP costing is done at the Billing Account level. Each Billing Account can be linked to one or more GCP Projects. All projects which are linked to the Billing Account will have their costing data available to Morpheus but if the GCP Cloud has been scoped to only one Project, Morpheus will ingest costing data only for that Project. Users can view the Billing Account linked to a particular project by clicking on the hamburger menu (main menu button in the far upper-left of the console window) and selecting billing. A pop-up window will give users the option to navigate to the Billing Account which is linked to the currently-selected Project.

../../../_images/costing1.png

Within the Billing Account, Standard Usage Cost must be enabled for Morpheus to access costing data. From the page for the appropriate Billing Account, click on Billing Export and then click “Edit Settings” under the “Standard usage cost heading”. Specify a project and create a dataset or specify an existing one. In doing this, you’re specifying a location for the dataset which will be for the entire billing account and not just for the Project the dataset resides in.

../../../_images/costing2.png

With configuration in the GCP console completed, we can now enable cost onboarding from the Morpheus side. Add or edit an existing GCP Cloud (Infrastructure > Clouds). Within the Advanced Options section, note the COSTING PROJECT and COSTING DATASET fields. When selecting a Project, associated datasets (if any) will automatically be loaded into the dropdown in the next field for selection. Additionally, the COSTING field should be set to “Sync Costing” rather than “Off”. Recall from the previous paragraph that this is merely pointing to the Project that houses the appropriate dataset. If your GCP Cloud in Morpheus is configured for all Projects, all costing data will be consumed for the Projects linked to the associated Billing Account (assuming those Projects have billing enabled). If the GCP Cloud in Morpheus is scoped to just one Project, only billing data for that Project will be onboarded. For this reason, the selected Costing Project can be (but is not necessarily) the Project to which the Morpheus Cloud is scoped.

../../../_images/costing3.png

Windows Images

Morpheus can add custom metatdata that will be injected into the unattend conf by GCP during provisioning. This is required for customizations including setting the Windows Administrator password during provisioning. GCP Windows Images must be syspreped using the GCESysprep command prior to image creation, and must have platform/os set on the Virtul Image record in Morpheus after image sync for successful customization and Agent Installation.

GCP Windows Requirements

  • GCP Windows Images must be syspreped using the GCESysprep command prior to Image creation in GCP. Refer to Googles “creating-windows-os-image” doc.

  • Once the Image is synced into Morpheus, the Platform (Windows, Windows 2016 etc) must be set on the Morpheus Virtual Image record, otherwise linux is assumed and the metadata will not be generated correctly.

  • The Global Windows “Administrator” password must be set in Morpheus under /admin/provisioning/settings > Windows Settings > Administrator Password, or Administrator and password defined on the Morpheus Virtual Image record.

  • Be aware the unattend configuration during startup after sysprep delays causes a reboot and a prolonged finalization process during provisioning, and console/rdp may not be available during this time as windows is configuring.

Note

Some Google provided Windows Images have slow startups that cause the Morpheus Agent service to not start within the default 30 second service startup timeframe, including after initial reboot after sysprep/unattend configuration. This can be adjusted by running New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\" -Name "ServicesPipeTimeout" -PropertyType DWORD -Value 180000 in powershell on the Windows Image.

Important

Failure to use a GCP Windows Image that has not been sysprepped using GCESysprep will cause Agent Installation, Automation, and Console issues as Morpheus will not be able to set user credentials and authenticate.