gcp_compute_vpn_tunnel – Creates a GCP VpnTunnel

New in version 2.7.

Synopsis

• VPN tunnel resource.

Requirements

The below requirements are needed on the host that executes this module.

• python >= 2.6

• requests >= 2.18.4

• google-auth >= 1.3.0

Parameters

Parameter	Choices/Defaults	Comments
auth_kind string / required	Choices: application machineaccount serviceaccount	The type of credential used.
description -		An optional description of this resource.
ike_version -	Default: "2"	IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway. Acceptable IKE versions are 1 or 2. Default version is 2.
local_traffic_selector -		Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint. Only IPv4 is supported.
name - / required		Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
peer_ip - / required		IP address of the peer VPN gateway. Only IPv4 is supported.
project string		The Google Cloud Platform project to use.
region - / required		The region where the tunnel is located.
remote_traffic_selector -		Remote traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint. Only IPv4 is supported.
router -		URL of router resource to be used for dynamic routing. This field represents a link to a Router resource in GCP. It can be specified in two ways. First, you can place a dictionary with key 'selfLink' and value of your resource's selfLink Alternatively, you can add `register: name-of-resource` to a gcp_compute_router task and then set this router field to "{{ name-of-resource }}"
scopes list		Array of scopes to be used.
service_account_contents string		A string representing the contents of a Service Account JSON file. This should not be passed in as a dictionary, but a string that has the exact contents of a service account json file (valid JSON)
service_account_email string		An optional service account email address if machineaccount is selected and the user does not wish to use the default email.
service_account_file path		The path of a Service Account JSON file if serviceaccount is selected as type.
shared_secret - / required		Shared secret used to set the secure session between the Cloud VPN gateway and the peer VPN gateway.
state -	Choices: present ← absent	Whether the given object should exist in GCP
target_vpn_gateway - / required		URL of the Target VPN gateway with which this VPN tunnel is associated. This field represents a link to a TargetVpnGateway resource in GCP. It can be specified in two ways. First, you can place a dictionary with key 'selfLink' and value of your resource's selfLink Alternatively, you can add `register: name-of-resource` to a gcp_compute_target_vpn_gateway task and then set this target_vpn_gateway field to "{{ name-of-resource }}"

Notes

Note

• API Reference: https://cloud.google.com/compute/docs/reference/rest/v1/vpnTunnels

• Cloud VPN Overview: https://cloud.google.com/vpn/docs/concepts/overview

• Networks and Tunnel Routing: https://cloud.google.com/vpn/docs/concepts/choosing-networks-routing

• For authentication, you can set service_account_file using the GCP_SERVICE_ACCOUNT_FILE env variable.

• For authentication, you can set service_account_email using the GCP_SERVICE_ACCOUNT_EMAIL env variable.

• For authentication, you can set service_account_contents using the GCP_SERVICE_ACCOUNT_CONTENTS env variable.

• For authentication, you can set auth_kind using the GCP_AUTH_KIND env variable.

• For authentication, you can set scopes using the GCP_SCOPES env variable.

• Environment variables values will only be used if the playbook values are not set.

• The service_account_email and service_account_file options are mutually exclusive.

Examples

- name: create a network
  gcp_compute_network:
    name: network-vpn-tunnel
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
    service_account_file: "{{ gcp_cred_file }}"
    state: present
  register: network

- name: create a router
  gcp_compute_router:
    name: router-vpn-tunnel
    network: "{{ network }}"
    bgp:
      asn: 64514
      advertise_mode: CUSTOM
      advertised_groups:
      - ALL_SUBNETS
      advertised_ip_ranges:
      - range: 1.2.3.4
      - range: 6.7.0.0/16
    region: us-central1
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
    service_account_file: "{{ gcp_cred_file }}"
    state: present
  register: router

- name: create a target vpn gateway
  gcp_compute_target_vpn_gateway:
    name: gateway-vpn-tunnel
    region: us-west1
    network: "{{ network }}"
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
    service_account_file: "{{ gcp_cred_file }}"
    state: present
  register: gateway

- name: create a vpn tunnel
  gcp_compute_vpn_tunnel:
    name: test_object
    region: us-west1
    target_vpn_gateway: "{{ gateway }}"
    router: "{{ router }}"
    shared_secret: super secret
    project: test_project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: present

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
creationTimestamp string	success	Creation timestamp in RFC3339 text format.
description string	success	An optional description of this resource.
ikeVersion integer	success	IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway. Acceptable IKE versions are 1 or 2. Default version is 2.
localTrafficSelector list	success	Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint. Only IPv4 is supported.
name string	success	Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
peerIp string	success	IP address of the peer VPN gateway. Only IPv4 is supported.
region string	success	The region where the tunnel is located.
remoteTrafficSelector list	success	Remote traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint. Only IPv4 is supported.
router dictionary	success	URL of router resource to be used for dynamic routing.
sharedSecret string	success	Shared secret used to set the secure session between the Cloud VPN gateway and the peer VPN gateway.
sharedSecretHash string	success	Hash of the shared secret.
targetVpnGateway dictionary	success	URL of the Target VPN gateway with which this VPN tunnel is associated.

Status

• This module is not guaranteed to have a backwards compatible interface. [preview]

• This module is maintained by the Ansible Community. [community]

Authors

• Google Inc. (@googlecloudplatform)

Hint

If you notice any issues in this documentation you can edit this document to improve it.