Skip to content

System Requirements for Docker in GCP#


Virtual Machine Instance with minimum of 8 Cores, 32GB RAM & 100GB SSD (e2-standard-8 Machine).


The following packages would be required on your instance as per your operating system:

  • yum and rpm (RHEL/CentOS/Oracle)
  • zypper and php_curl (SLES)
  • apt (Debian/Ubuntu)
  • ssh, curl, tar, wget and gcc*
  • OpenSSL (v1.01, build 16 or later)
  • Python (with python-devel*)
  • Docker and Docker Compose
  • User account with sudo permissions


  • Selinux, firewall/iptables should be disabled to allow communication.
  • List of ports that can be configured for inbound and outbound connections. To know more about the service ports, see Ports of Privacera Services.

IAM Policy and Permissions#

When creating a service account, assign the following permissions to a predefined or custom role to grant access to Privacera services. For more information, refer to the Google documentation on understanding roles and how to add role permissions to a service account.

Permissions for Pubsubrole
  • pubsub.subscriptions.consume
  • pubsub.subscriptions.get
  • pubsub.topics.publish
  • pubsub.subscriptions.create
  • pubsub.subscriptions.list
  • pubsub.subscriptions.update
  • pubsub.topics.attachSubscription
  • pubsub.topics.detachSubscription
  • pubsub.topics.get
  • pubsub.topics.list
  • pubsub.topics.update
  • pubsub.topics.updateTag
  • resourcemanager.projects.get
Permissions for Bigtable
  • bigtable.tables.list
  • bigtable.tables.mutateRows
  • bigtable.tables.readRows
  • monitoring.metricDescriptors.list
  • bigtable.clusters.get
  • bigtable.clusters.list
  • bigtable.clusters.update
  • bigtable.instances.get
  • bigtable.instances.getIamPolicy
  • bigtable.instances.list
  • bigtable.instances.setIamPolicy
  • bigtable.tables.checkConsistency
  • bigtable.tables.create
  • bigtable.tables.delete
  • bigtable.tables.generateConsistencyToken
  • bigtable.tables.get
  • bigtable.tables.getIamPolicy
  • bigtable.tables.sampleRowKeys
  • bigtable.tables.setIamPolicy
  • bigtable.tables.update
  • monitoring.metricDescriptors.get
  • monitoring.timeSeries.list
  • resourcemanager.projects.get
Permissions for BigQuery
  • bigquery.datasets.get
  • bigquery.datasets.getIamPolicy
  • bigquery.models.getData
  • bigquery.models.getMetadata
  • bigquery.models.list
  • bigquery.routines.get
  • bigquery.routines.list
  • bigquery.tables.export
  • bigquery.tables.get
  • bigquery.tables.getData
  • bigquery.tables.getIamPolicy
  • bigquery.tables.list
  • resourcemanager.projects.get
Permissions for CloudSQLClient
  • cloudsql.instances.connect
  • cloudsql.instances.get
Permissions for Private Logs Viewer
  • logging.logEntries.list
  • logging.privateLogEntries.list
  • logging.buckets.get
  • logging.buckets.list
  • logging.exclusions.get
  • logging.exclusions.list
  • logging.locations.get
  • logging.locations.list
  • logging.logMetrics.get
  • logging.logMetrics.list
  • logging.logs.list
  • logging.logServiceIndexes.list
  • logging.logServices.list
  • logging.queries.create
  • logging.queries.delete
  • logging.queries.get
  • logging.queries.list
  • logging.queries.listShared
  • logging.queries.update
  • logging.sinks.get
  • logging.sinks.list
  • logging.usage.get
  • logging.views.access
  • logging.views.get
  • logging.views.list
  • resourcemanager.projects.get
Permissions for GCS_Custom_Conf
  • storage.buckets.get
  • storage.buckets.list
  • storage.objects.create
  • storage.objects.delete
  • storage.objects.get
  • storage.objects.list
  • firebase.projects.get
  • resourcemanager.projects.get
  • storage.objects.update

Install Docker and Docker Compose#

  1. Log on to your Privacera host as gcp-user or a user with 'sudo' privileges.

  2. Install Docker on the VM.

    Run the following command.

    sudo yum install -y wget
    sudo yum install -y docker
    sudo vi /etc/sysconfig/docker

    Update the OPTIONS variable with the following:

    OPTIONS="--default-ulimit nofile=1024000:1024000"

    Run the following command.

    sudo service docker start
    sudo usermod -a -G docker $VM_USER


    Do the following, if you see any of the following issues:

    Error message: "usermod: group ‘docker’ does not exist"
    1. Run the following command to check if “docker” is added to groups.

    2. If you find ‘dockerroot’, instead of ‘docker’, edit or create /etc/docker/daemon.json.

          "group": "dockerroot"
    3. Run the following.

      sudo usermod -aG dockerroot ${USER_NAME}
      sudo service docker restart
    Repository is unavailable or subscription manager is not found in the CentOS base
    1. Open the config file.

      sudo vi /etc/yum/pluginconf.d/subscription-manager.conf
    2. Disable the subscription manager.

    SELinux Enabled
    1. Verify the status of SELinux. If it is enforcing, you need to disable it.

    2. Run the following.

      sudo vi /etc/selinux/config
    3. To disable SELinux, set the following line.

    4. Reboot the system.

      sudo reboot
  3. Install Docker Compose

    If Docker Compose is not configured in Ansible, then run the following commands:

    sudo  curl -L${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
    sudo chmod +x /usr/local/bin/docker-compose