Installing GCP Service Account Key
Overview
To support integration with GCP Pub/Sub Service, first create a service account in the API Console and then import a created key into ATSD keystore.
Create Service Account
Create a service account with 'Pub/Sub Publisher' role as described in this document.
- Open the Service accounts page. If prompted, select a project.
- Click Create service account.
- In the Create service account window, enter a name for the service account, select a Pub/Sub Publisher role and select Furnish a new private key with
P12key type. Then click Create.
For example, create a service account with name publisher:
When a service account is created, the account private key is saved on your computer.
Import Private Key
Import the saved private key into the ATSD keystore.
keytool -v -importkeystore -srckeystore {P12_FILE_NAME} -srcstoretype PKCS12 -alias privatekey -srcstorepass notasecret -destkeystore /opt/atsd/atsd/conf/server.keystore -deststoretype JKS -destalias {GCP_KEY_ALIAS} -destkeypass {KEY_PASSWORD}
Replace {P12_FILE_NAME} with saved file name.
Replace {GCP_KEY_ALIAS} with your alias. The alias must begin with gcp.
Replace {KEY_PASSWORD} with your key manager password (The property https.keyManagerPassword in the /opt/atsd/atsd/conf/server.properties file. Before using the value of property, deobfuscate it).
Check the contents of the keystore:
keytool -list -keystore /opt/atsd/atsd/conf/server.keystore
The output must contain at least two certificate entries for the atsd and gcp aliases.
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
atsd, Dec 5, 2014, PrivateKeyEntry,
Certificate fingerprint (SHA1): ...
gcp_publisher, Dec 28, 2017, PrivateKeyEntry,
Certificate fingerprint (SHA1): ...
Restart ATSD
/opt/atsd/atsd/bin/stop-atsd.sh
/opt/atsd/atsd/bin/start-atsd.sh