Grant Access Control to your Google Cloud Storage Bucket

If your application runs inside a Google Cloud environment we recommend using automatic Service Account authentication.

Automatic Service Account Authorization

Procedure

  1. Collect list of service accounts used by each of the nodes.

  2. Make sure that each of service account has read/write access scope to Cloud Storage.

  3. For each service account from the list, add Storage Object Admin role in bucket permissions settings.

Add your Service Account Credentials the Scylla Manager Agent Configuration File

This allows Scylla Manager to access the bucket. This procedure is done manually on each Scylla Node instance. Alternatively you can configure service account credentials manually. Use this instruction to get the service account file.

Procedure #. Open the Scylla Manager Agent Configuration File for editing. It is located in /etc/scylla-manager-agent/scylla-manager-agent.yaml.

As this is a Yaml file, remember to indent two spaces for each line you uncomment. Refer to Scylla Agent Configuration for details.

  1. Uncomment the gcs: line.

  2. Uncomment and set service_account_file with the path to the service account credentials file.

  3. For each service account used by the nodes, add Storage Object Admin role in the bucket permissions settings.

  4. Validate that the manager has access to the backup location. If there is no response, the bucket is accessible. If not, you will see an error.

    $ scylla-manager-agent check-location --location gcs:<your GCS bucket name>
    

Troubleshoot Node to Bucket Connectivity

To troubleshoot Node to bucket connectivity issues you can run:

scylla-manager-agent check-location --debug --location gcs:<your GCS bucket name>