This article reviews how to add and configure a Google Cloud Platform (GCP) connection using GroundWork Cloud Hub. The GCP connector requires a unique set of parameters (e.g., project ID, service account key or file). Google organizes the cloud platform by Project. You will need to have access to the project you want to monitor to generate the service account keys. If you are connecting to a remote GroundWork server to send results, you will need your remote GroundWork server RESTACCESSAPI token.
Adding a new connection
To access Cloud Hub configuration, log in to GroundWork Monitor as a member of the Admin role (e.g., user admin), and select Configuration > Cloud Hub. To add a new GCP connection click the +Add button next to the Google connector icon. You will need to create a new connection in this way for each GCP project to be monitored.
The data the GroundWork server receives comes from the remote virtualization server. The information is pulled from the API on a periodic basis based on the check interval that is set. In the configuration page you will need to enter both the GroundWork Server and Google Cloud Platform connector parameters, also Discover and select which resources to monitor. The fas fa-info-circle link located at the top right side provides information and versioning for the selected Cloud Hub connector.
- The GroundWork Server can simply be the same as the one you are running the Cloud Hub connector on, or it can be a remote server.
- If it's the same as the one you are running on, leave the directive Use Local Connection checked.
- Otherwise, uncheck this box and fill in the hostname of the remote GroundWork server in the Hostname field, leave RESTAPIACCESS in the Username field, and paste in the the encrypted Token. The token can be obtained on the remote GroundWork server, for users within the Admin role, by going to Administration > Security under Webservices API Account: RESTAPIACCESS, Encrypted Token. Just copy the key from the remote server into the Token field on the Cloud Hub server.
Once you have the GroundWork Server side of the form filled out, click Test. If you have the credentials correct and you have access to the API, you will see a Success message. Otherwise an error will give you a hint as to what is wrong and let you try again.
Using a remote server will populate the remote server with the GCP monitoring data, and this will not show in the local GroundWork Server.
Table: GroundWork server values
Version Indicates the minimum GroundWork Monitor version needed. In other words, a version below the indicated value is incompatible. Hostname The host name or IP address where a GroundWork server is running. A port number should not be entered here. If GroundWork is running on the same server, you can enter localhost. Username The provisioned Username granted API access on the GroundWork server. Token The corresponding API Token for the given Username on the GroundWork server, see Administration > Security under Webservices API Account: RESTAPI Encrypted Token. SSL Check this box if the GroundWork server is provisioned with a secure HTTPS transport. Merge Hosts If checked, this option combines all metrics of same named hosts under one host. For example, if there is a Nagios configured host named demo1 and a Cloud Hub discovered host named demo1, the services for both configured and discovered hosts will be combined under the hostname demo1 (case-sensitive). Monitor If checked, enables connection to be monitored. Use Local Connection This directive refers to where the Cloud Hub results are sent. If this field is checked, results will be posted to the same server as where Cloud Hub is running. Or, with this field unchecked, you can forward results to any accessible GroundWork server you define with the name and API key. Ownership Ownership is the owner of a connectors hosts and the ownership can be switched.
When a Cloud Hub connector is instantiated the following options are available for ownership:
Always take ownership: The connector will assume ownership of all hosts it instantiates, even merged hosts. This will remain true even if another app merges the host.
Leave ownership if already owned: The connector host will remain with the existing owner until or unless the owner deletes the host.
Always defer ownership (default): This option leaves ownership unchanged on merged hosts, and allows other apps to take ownership.
Note that multiple apps can report on a single service, but only one can own the host.
See Ownership options.
Connection Status Click Test to verify a connection using the GroundWork server entries.
Google Cloud Platform server
Next you will need to fill in the Google Cloud Platform connector parameters and connect to a project in GCP. See Appendix A: Google Authentication for reference in obtaining the Project ID and a GCP or app engine service account key for the project.
- Enter a Display Name (we suggest the project name so you can track which connection monitors which project).
- For the Configuration File, upload the Service Account Key (JSON file you downloaded).
- Enter the Project ID.
- Optionally set the Interval, Timeout, and Retry directives.
- Validate the connection by clicking Test. A dialog will be displayed with either a Success message or, if the project cannot be contacted, an error message will be displayed with a hint as to why the connection failed. When a successful connection is made, the Connection Status buttons will change to green.
- Click Save in the upper right corner to save your correct connection parameters.
- Next, you need to discover and select which resources to monitor. There are several GCP resource types you will use in your projects, and you need to discover them initially with the Discover option. The initial discovery will select them all by default.
- De-select any resource you do not want to monitor.
Click Save when finished.If you add resources to the project, you will need to re-discover them from this screen by modifying the running connector and clicking Discover.
After the credentials have been validated and the resources discovered, select the Metrics link (top navigation) to start customizing metrics for the connection. Please refer to the article How to determine Cloud Hub metrics to be monitored.
Table: Google server values
Display Name This is the configuration’s name displayed in the list of Cloud Hub connectors on the Cloud Hub home page. Enable Secure Access If checked enables secure access by environment variable or security context role set in service accounts. Note: not used at present. Configuration File This is the required Google authentication file. Refer to Appendix A: Google Authentication on this page for a detailed description of this requirement. Project ID This is the project ID, often a set of two nonsense words and a string, separated by dashes, e.g. "elegant-operand-177419", and the initial part of the json configuration filename by default. Interval (min) This is the metric gathering interval for collecting monitoring data from Google and sending it to the GroundWork server. The default is 5, the value is in minutes. Timeout (ms) The connection timeout in milliseconds. Normally the default value 5000 is sufficient. When you have a slow network connection, you may want to increase the default value. Infinite Retries Check this box if you want Cloud Hub to infinitely retry connection to Google when the connection fails. When this box is checked, the Retry Limit field is disabled. When this box is unchecked, the Retry Limit field is enabled. Retry Limit This entry is the number of retries for the connection and sets a limit on how many attempts are made after a failure. The number set indicates how many connections are attempted before the connection is left in an inactive state. At this point, the connection is suspended and you will need to manually restart it. When a retry limit is exhausted, all hosts managed by this connection are set to the monitor status Unreachable and all services for the matched hosts are set to the status of Unknown. Connection Status Click Test to verify a connection using the Docker connector entries.
Appendix A: Google authentication
To connect to the GCP and monitor the resources in your project, you need to create a Service Account Key. To do so, you need owner-level access to the project.
- Log in to Google Cloud https://cloud.google.com.
- Go to IAM & admin > Service accounts (or type service account in the search bar).
- Select your project from the list, you can monitor any project in GCP.
- Click Edit, then Create Key. You should choose to generate a .json file, which your browser will download. It will have a cryptic name based on the Project ID, e.g., foolish-badger-943298-7f65a2eb.json. Keep this file safe!
- Click on the project name in the title bar to display the project info page, similar to this one, and find your Project ID:
Note: You do not need the Project name.
Cloud Hub (Documentation)
How to determine Cloud Hub metrics to be monitored (Knowledge Base)
Cloud Hub troubleshooting (Knowledge Base)
Ownership options (Documentation)
Transit Connection Generator (TCG) (Documentation)