Integrating GCP services with Cloud Foundry on SAP Cloud Platform

These instructions show you how to integrate Google Cloud Platform (GCP) services into a Cloud Foundry environment on SAP Cloud Platform by using the Open Service Broker for Google Cloud Platform (GCP Service Broker).

The GCP Service Broker simplifies the delivery of GCP services to applications that run in a Cloud Foundry environment on SAP Cloud Platform. By creating GCP resources and managing their corresponding permissions, the GCP Service Broker makes it easy to consume GCP services from within an SAP Cloud Platform application environment.

The following diagram is a high-level view of the setup steps with some example GCP services.

Accessing GCP services from Cloud Foundry on SAP Cloud Platform

Core solution components

The following components are required for the set up of the GCP Service Broker on SAP Cloud Platform for Cloud Foundry.

Service Use case
Open Service Broker for Google Cloud Platform Integration of GCP services into a SAP Cloud Platform Cloud Foundry environment
Cloud SQL for MySQL A database for back-end storage for GCP Service Broker
SAP Cloud Platform Account Provide the SAP Cloud Platform Cloud Foundry environment in the selected GCP region
GCP Project Provide the GCP services
Cloud Foundry CLI Command-line interface for configuring Cloud Foundry

Costs

Cloud SQL, which is recommended for use with GCP Service Broker, is a billable GCP component.

The use of GCP services through their respective APIs might also be billable.

Use the Pricing Calculator to generate a cost estimate based on your projected usage.

Prerequisites

Before you can set up the Cloud Foundry environment on SAP Cloud Platform you must first set up both your local development environment and create a project on GCP.

Set up your development environment

  1. Install the Cloud Foundry Command-Line Interface (CLI) on your development workstation as per SAP Portal documentation.

Set up a GCP project

If you do not already have a GCP project with billing enabled, you must create one.

  1. Sign in to your Google Account.

    If you don't already have one, sign up for a new account.

  2. Select or create a GCP project.

    Go to the Project selector page

  3. Make sure that billing is enabled for your Google Cloud Platform project.

    Learn how to enable billing

Set up the GCP environment

You need certain GCP APIs enabled, a GCP service account, and a database for the GCP Service Broker.

Enable the required GCP APIs

Enable the following APIs in API Manager > Library.

  1. Enable the Resource Manager API.
  2. Enable the Cloud Identity and Access Management API.
  3. Enable the Cloud SQL Admin API.
  4. Enable the API for any other supported GCP service that you need.

Create a root service account

  1. In the GCP Console, open the Service accounts page.

    OPEN Service accounts page

  2. Select your GCP project.

  3. Click Create Service Account.

  4. Enter a name in the Service account name field.

  5. Click Create.

  6. In the Select a role list, click Project > Owner, which provides the permissions that are necessary for the GCP Service Broker to work with GCP services.

  7. Click Continue.

  8. In the Create key (optional) section, click Create Key. Make sure the JSON key type is specified.

  9. Click Create. The JSON key file is automatically downloaded to your workstation.

  10. Click Done.

  11. Move the JSON key file to a secure location.

Set up a backing database

The GCP Service Broker requires a MySQL database to store the state of provisioned resources. A Second Generation instance of Cloud SQL for MySQL, which provides a fully managed MySQL Community Edition database with automatic backups, high availability, and automatic maintenance, is recommended. However, you can use any database compatible with the MySQL protocol.

The following steps create a database by using a Second Generation Cloud SQL instance on GCP, but should be applicable to any database compatible with the MySQL protocol.

Create a Cloud SQL for MySQL instance

Before you can create a database, you need to create a Cloud SQL for MySQL instance on GCP.

  1. In the GCP Console, go to the Cloud SQL Instances page.

    OPEN Cloud SQL Instances page

  2. Click Create instance.

    1. Select MySQL and click Next.
    2. Click Choose Second Generation.
    3. Define an Instance ID.
    4. Define a Root password.
    5. In the Region field, select the region in which your Cloud Foundry environment will be located.
    6. Click Create.

Create a database

  1. After the Cloud SQL instance boots, open Cloud Shell.

    OPEN Cloud Shell

  2. Connect to the Cloud SQL instance.

    gcloud sql connect your-cloud-sql-instance --user=root
    

    Where your-cloud-sql-instance is the name of the Cloud SQL instance you created on GCP.

  3. Create a database called servicebroker.

    CREATE DATABASE servicebroker;
    
  4. Define a username and password for the GCP Service Broker.

    CREATE USER 'SB_DB_UserName'@'%' IDENTIFIED BY 'SB_DB_Password';
    

    Where:

    • SB_DB_UserName is the username that represents GCP Service Broker as a user of the database.
    • SB_DB_Password is the password that identifies the GCP Service Broker to the database.
  5. Set access privileges for the GCP Service Broker.

    GRANT ALL PRIVILEGES ON servicebroker.* TO 'SB_DB_UserName'@'%' WITH GRANT OPTION;
    
  6. Set up SSL and get the SSL certificates.

    1. In the GCP Console, open the Cloud SQL Instances page.

      OPEN Cloud SQL Instances page

    2. Click the name of your Cloud SQL instance.

    3. On the Instance details page, click the Connections tab.

    4. In the SSL section under SSL connections, click Allow only SSL Connections. The update might take a few seconds.

    5. In the SSL section, under Configure SSL client certificates, click Create a client certificate.

    6. Enter a name and click Create.

    7. Download the three certificate files and save them to a secure location.

  7. In the Connectivity section of the Connections tab on the Instance details page:

    1. Confirm that the Public IP box is selected.
    2. Under Authorized networks, click Add network.
    3. In the Network field, enter 0.0.0.0/0.
    4. Click Done.
  8. Click Save to save authorization changes.

Get an SAP Cloud Platform trial account for Cloud Foundry on GCP infrastructure

  1. Register for an SAP Cloud Platform trial account. You need an active SAP account to get an SAP Cloud Platform trial account.
  2. Log in to the SAP Cloud Platform Cockpit.
  3. In the SAP Cloud Platform Cockpit, choose Home at the top of the screen.
  4. In the navigation pane on the left side of the screen, click Regions.
  5. Under Cloud Foundry Environment, select a region that uses GCP infrastructure, such as US-Central (IA). This creates an organization and space within the SAP Cloud Platform Cloud Foundry environment.

Install and configure GCP Service Broker for Cloud Foundry

Deploy GCP Service Broker for Cloud Foundry

In a terminal on your development workstation:

  1. Install the latest version of GCP Service Broker for Cloud Foundry from GitHub.

    curl -s https://api.github.com/repos/GoogleCloudPlatform/gcp-service-broker/releases/latest \
    |grep 'tag_name' \
    |cut -d\" -f4 \
    |xargs -I {} curl -sOL "https://github.com/GoogleCloudPlatform/gcp-service-broker/archive/"{}'.tar.gz'
    
  2. Extract the GCP Service Broker files.

    tar zxvf *.tar.gz
    
  3. Switch directories.

    cd gcp-service-broker*
    
  4. Log in to the SAP Cloud Platform Cloud Foundry environment.

    cf login
    
  5. Enter the API endpoint.

    https://api.techkey.hana.ondemand.com
    

    Where techkey is an SAP-defined technical key that identifies the region of the API endpoint. For example, the technical key for the US Central region that includes the GCP infrastructure is cf.us30. For a list of all of the regions for the SAP Cloud Platform Cloud Foundry environment, see SAP Help Portal.

  6. Enter your username and password for your SAP Cloud Platform account.

  7. Deploy the GCP Service Broker app to the Cloud Foundry environment.

    cf push APP_NAME --no-start
    

    Where APP_NAME is a unique name that you choose for the GCP Service Broker application. For example, gcp-service-broker-001 or mycompany-gcp-svc-broker-app.

    You see information similar to the following example after Cloud Foundry deploys the GCP Service Broker app:

    name:              gcp-service-broker-example-app
    requested state:   stopped
    routes:            gcp-service-broker-example-app.cfapps.us30.hana.ondemand.com
    last uploaded:
    stack:
    buildpacks:
    type:           web
    instances:      0/1
    memory usage:   1024M
         state   since                  cpu    memory   disk     details
    #0   down    2018-12-19T23:49:13Z   0.0%   0 of 0   0 of 0
    

Configure the GCP Service Broker app for Cloud Foundry

  1. Log in to SAP Cloud Platform Cockpit.
  2. In the SAP Cloud Platform Cockpit, go to Trial Home > Regions > Your GCP region > Your global account > Your subaccount > Spaces > Your space.
  3. Click the name of the GCP Service Broker app that you deployed in the preceding section.
  4. In the menu on the left hand side, click User-provided variables.
  5. Use the Add variable button to define the following GCP Service Broker variables as key-value pairs:

    Key Value
    CA_CERT
    The contents of the server certificate file, server-ca.pem, that you downloaded when you set up SSL in Set up a backing database.
    CLIENT_CERT
    The contents of the client certificate file, client-cert.pem, that you downloaded when you set up SSL in Set up a backing database.
    CLIENT_KEY
    The contents of the client key file, client-key.pem, that you downloaded when you set up SSL in Set up a backing database.
    DB_HOST
    The public IP address of your Cloud SQL instance, as shown in the Connect to this instance section of the Instance details page for your Cloud SQL instance in the GCP Console.
    DB_PASSWORD
    The password that you defined for GCP Service Broker to access the database that you configured in Set up a backing database.
    DB_USERNAME
    The username that you defined for the GCP Service Broker when you created the database. For a Cloud SQL database, you can see the username under MySQL user accounts on the Users tab of the Instance details page for your Cloud SQL instance in the GCP Console.
    ROOT_SERVICE_ACCOUNT_JSON
    The contents of the JSON key file that you downloaded when you created the root service account.
    SECURITY_USER_NAME
    A username that you define for the service broker to use when authenticating broker requests. You specify this same username later in the cf create-service-broker command when you create the broker service.
    SECURITY_USER_PASSWORD
    A password that you define for the service broker to use when authenticating broker requests. You specify this same password later in the cf create-service-broker command when you create the broker service.
    Optional environment variables For a list of optional variables that you can use to customize the GCP Service Broker, see Installation Customization.

Start the GCP Service Broker app for Cloud Foundry

  1. Click Overview in the menu on the left hand side.
  2. To start the broker application, click Start. When the application is up and running, green Started and Running indicators appear on the Overview page, as shown in the following images.

    A green "Started" indicator shows that the GCP Service Broker is started

    A green "RUNNING" indicator shows that the GCP Service Broker is running

  3. If the GCP Service Broker app won't start or shows Error or Crashed, check the application logs from your development workstation and adjust the variables or configuration accordingly.

    cf logs APP_NAME --recent
    

Register GCP Service Broker for Cloud Foundry

On your development workstation:

  1. Connect to SAP Cloud Platform Cloud Foundry environment.

    cf login
    
  2. List the deployed applications.

    cf apps
    

    You see output similar to the following example:

    name              requested state   instances   memory   disk   urls
    broker-test-app   started           1/1         1G       1G     broker-test-app.cfapps.us30.hana.ondemand.com
    
  3. Register the broker service.

    cf create-service-broker BROKER_SERVICE_NAME SECURITY_USER_NAME
    SECURITY_USER_PASSWORD https://BROKER_APPLICATION_ROUTE --space-scoped
    

    Where:

  4. Verify the registration of the broker service.

    cf service-brokers
    

    You should see output similar to the following example:

    name                  url
    broker-service-name   https://broker-service-name.cfapps.us30.hana.ondemand.com
    
  5. Verify that GCP services are now available in the SAP Cloud Platform Service Marketplace.

    cf marketplace
    

    The following example, which was edited for readability and to fit the page, shows two services from a listing of GCP services in the marketplace.

    service          plans                      description
    ...
    google-bigquery  default                    A fast, economical and fully managed data warehouse for large-scale data analytics.
    google-bigtable  three-node-production-hdd  A high performance NoSQL database service for large analytical and operational workloads.
    

    For a list of the available GCP services, see Open Service Broker for Google Cloud Platform.

What's next

Create GCP service instances and bind them to your SAP Cloud Platform applications.

For more information about creating and binding GCP services, see:

Was this page helpful? Let us know how we did:

Send feedback about...