Add documentation on how to setup GCE accounts (#1164)

* Add documentation on how to setup GCE accounts This commit adds the steps needed to create a credential with the needed access on Google Cloud Platform to be able to successfully create a new algo VPN. Related to: - https://github.com/trailofbits/algo/issues/682 - https://github.com/trailofbits/algo/issues/658 * Adds links on main README to GCP * Adds link to Ansible documentation * Update cloud-gce.md
2025-04-16 22:27:20 +02:00 · 2018-10-28 03:35:43 -03:00 · 2018-10-28 03:35:43 -03:00 · 54a91447bf
commit 54a91447bf
parent 3468d27e61
2 changed files with 42 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -195,6 +195,7 @@ After this process completes, the Algo VPN server will contains only the users l
  - Configure [Amazon EC2](docs/cloud-amazon-ec2.md)
  - Configure [Azure](docs/cloud-azure.md)
  - Configure [DigitalOcean](docs/cloud-do.md)
+  - Configure [Google Cloud Platform](docs/cloud-gce.md)
 * Advanced Deployment
  - Deploy to your own [FreeBSD](docs/deploy-to-freebsd.md) server
  - Deploy to your own [Ubuntu 18.04](docs/deploy-to-ubuntu.md) server
--- a/docs/cloud-gce.md
+++ b/docs/cloud-gce.md
@ -0,0 +1,41 @@
+# Google Cloud Platform setup
+
+Follow the [installation instructions](https://cloud.google.com/sdk/) to have the CLI commands to interact with Google.
+
+After creating an account and installing, login in on your account using `gcloud init`
+
+### Creating a project
+
+The recommendation on GCP is to group resources on **Projets**, so we will create one project to put our VPN server and service account restricted to it.
+
+```bash
+## Create the project to group the resources
+### You might need to change it to have a global unique project id
+PROJECT_ID=${USER}-algo-vpn
+BILLING_ID="$(gcloud beta billing accounts list --format="value(ACCOUNT_ID)")"
+
+gcloud projects create ${PROJECT_ID} --name algo-vpn --set-as-default
+gcloud beta billing projects link ${PROJECT_ID} --billing-account ${BILLING_ID}
+
+## Create an account that have access to the VPN
+gcloud iam service-accounts create algo-vpn --display-name "Algo VPN"
+gcloud iam service-accounts keys create configs/gce.json \
+  --iam-account algo-vpn@${PROJECT_ID}.iam.gserviceaccount.com
+gcloud projects add-iam-policy-binding ${PROJECT_ID} \
+  --member serviceAccount:algo-vpn@${PROJECT_ID}.iam.gserviceaccount.com \
+  --role roles/compute.admin
+gcloud projects add-iam-policy-binding ${PROJECT_ID} \
+  --member serviceAccount:algo-vpn@${PROJECT_ID}.iam.gserviceaccount.com \
+  --role roles/iam.serviceAccountUser
+
+## Enable the services
+gcloud services enable compute.googleapis.com
+
+./algo -e "provider=gce" -e "gce_credentials_file=$(pwd)/configs/gce.json"
+
+```
+
+**Attention:** take care of the `configs/gce.json` file, which contains the credentials to manage your Google Cloud account, including create and delete servers on this project.
+
+
+There are more advanced arguments available for deploynment [using ansible](deploy-from-ansible.md)