Configure the Google Cloud's Operations Suite Logging service to auto-update the CMDB

Release version: Washingtondc

Updated February 1, 2024

2 minutes to read

You can activate the Google Cloud's Operations Suite Logging service to auto-update CMDB CI data whenever Google Cloud Connector or your Google account makes a life-cycle state or configuration change to a Google Cloud Platform resource. As a result, the CI data in the CMDB is updated without having to wait for Discovery to run.

Before you begin

Activate Discovery and Service-mapping patterns. For more information, see Google Cloud Platform Discovery.
Discovery has successfully discovered logical datacenters of the Google project. For more information, see Set up a cloud account and service account for Google Cloud Platform.
Note:
Ensure that you select the Should pull events check box in the Google Service Account page before you execute datacenter discovery.

Role required:

discovery_admin for Cloud Discovery and sn_cmp.cloud_event_integration if authentication to cloud event endpoint is required. This role is required to set up an Alert Rule in the instance.
Google Cloud Platform administrator for configuration steps in the GCP console.
Logging Role for the Google Cloud Platform (GCP) integration user that would allow OAuth scopes for the following
- https://www.googleapis.com/auth/logging.admin
- https://www.googleapis.com/auth/cloud-platform.read-only
- https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/logging.read

About this task

Discovery supports Google Cloud's Operations Suite Monitoring API alerts from a given project in the Google Cloud Platform. When an alert/event has been generated to the resources in a project, Discovery captures the alert data.

Create and manage alerting policies with the Google Cloud's Operations Suite Monitoring console, the Google Cloud's Operations Suite Monitoring API, and Cloud SDK. Each policy specifies the following:

Conditions that identify that a resource or a group of resources are in an unhealthy state.
Notifications sent through email, SMS, or other channels to inform that a resource state is unhealthy.
Documentation or information that can be included in some types of notifications to help your support team resolve the issue.

When events trigger conditions in one of your alerting policies, Google Cloud's Operations Suite Monitoring creates and displays an incident in the Google Cloud's Operations Suite Monitoring console.

Note:

If you are on a domain separated instance, only those events that are updated to the CMDB and belong to your domain are visible. Events create configuration items (CI) in the same domain as the cloud service account they are mapped to. Events that are not associated to a service account are visible to all domains.

Procedure

Log in to your Google Cloud Platform account.
For your project, navigate to APIs & Services > Library.
Enable both the Stackdriver API and Cloud Logging API.
1. In the library, search for Stackdriver.
2. Click the Stackdriver API card.
3. On the Stackdriver API page, click Enable.
Repeat the previous step for the Cloud Logging API.
By default, a scheduled job on your instance (GCP-Events-job) polls the Google Cloud's Operations Suite Logging service for updates every 5 minutes.
To modify the schedule, navigate to System Scheduler > Scheduled Jobs and then click GCP-Events-job and then update the Repeat setting as needed.
Click Update.

Result

Once the Google Cloud Platform generates an event and Discovery receives the event information, the 'GCP-Events-job' scheduled jobs execute in the background.
The scheduled job passes the event payload to the Identification and Reconciliation Engine (IRE). The IRE then takes the necessary actions to modify the state of the resources based on the event.