GCP account management

The Python application gsutil lets you access Cloud Storage from the command line. It is part of the Google Cloud SDK which installation is platform dependent.

Please, browse to this location:

• https://cloud.google.com/sdk/docs/

Choose your platform and follow the google-cloud-sdk installation steps:

Debian/Ubuntu. Follow the installation steps up to apt-get install google-cloud-sdk. Optional steps are not required.

RedHat/Centos. Follow the installation steps up to yum install google-cloud-sdk. Optional steps are not required.

Initialize Cloud Platform access

In order to authorize the bacula user to access Google Cloud Platform through gsutil, run the setup_google_cloud_cli script located in /opt/bacula/scripts as root to guide you through this steps.

You will be asked for your account information and to select or create a project. These project and credentials will later be used by the  Plugin.

Alternatively, you can launch the following command as root:

sudo -u bacula HOME=/opt/bacula/etc/google gcloud init

If you plan to use a service account to authenticate, use the following command using the JSON file that contains your service account key:

sudo -u bacula HOME=/opt/bacula/etc/google gcloud auth activate-service-account --project=<project_id> --key-file=/path-to-json-file/service-account-xxxxxxxxx.json

The Google credentials will be stored inside /opt/bacula/etc/google and will belong to the unix user “bacula”. To use another location, it will be required to adapt the Cloud resource definition.

Create a Bucket in Google Cloud

There are at least 2 ways you can use to create a Bucket in your selected project. We recommend to use the web console since it’s giving you usefull information on fields and pricing.

Use the web console

Log into the web console:

• https://console.cloud.google.com/

From the top right menu, select Storage, then click Create Bucket. Specify the name, class and location of the bucket with the help of context menus. Click Create.

Use the command line mb (make bucket) gsutil command

From a terminal, type:

gsutil mb [-c class] [-l location] gs://<some-bucket>

• class. Optional. The storage class you choose for this bucket (see https://cloud.google.com/storage/docs/storage-classes for details).

• location. Optional. The storage region location you choose for this bucket (see https://cloud.google.com/storage/docs/bucket-locations for details).

• <some-bucket> is your bucket name.

The storage class influences the storage price. Depending on your backup strategy, nearline or even coldline might be the most appropriated classes.

Configure objects to be retention locked

This configuration is optional

Retention locking of objects can provide additional security against premature loss of backup data.

See https://cloud.google.com/storage/docs/bucket-lock for details.

For an existing bucket, use

gsutil retention set <seconds>s gs://<some-bucket>/

• <seconds> is the number of seconds an object is going to be locked.

• <some-bucket> is the name of an existing bucket used to store backups in, probably one just created.

To verify retention lock time, use a command such as

gsutil retention get gs://<some-bucket>/