gcp_compute_global_forwarding_rule – Creates a GCP GlobalForwardingRule¶
New in version 2.6.
Synopsis¶
- Represents a GlobalForwardingRule resource. Global forwarding rules are used to forward traffic to the correct load balancer for HTTP load balancing. Global forwarding rules can only be used for HTTP load balancing.
- For more information, see https://cloud.google.com/compute/docs/load-balancing/http/ .
Requirements¶
The below requirements are needed on the host that executes this module.
- python >= 2.6
- requests >= 2.18.4
- google-auth >= 1.3.0
Parameters¶
| Parameter | Choices/Defaults | Comments |
|---|---|---|
|
auth_kind
string
/ required
|
|
The type of credential used.
|
|
description
string
|
An optional description of this resource. Provide this property when you create the resource.
|
|
|
env_type
string
|
Specifies which Ansible environment you're running this module within.
This should not be set unless you know what you're doing.
This only alters the User Agent string for any API requests.
|
|
|
ip_address
string
|
The IP address that this forwarding rule is serving on behalf of.
Addresses are restricted based on the forwarding rule's load balancing scheme (EXTERNAL or INTERNAL) and scope (global or regional).
When the load balancing scheme is EXTERNAL, for global forwarding rules, the address must be a global IP, and for regional forwarding rules, the address must live in the same region as the forwarding rule. If this field is empty, an ephemeral IPv4 address from the same scope (global or regional) will be assigned. A regional forwarding rule supports IPv4 only. A global forwarding rule supports either IPv4 or IPv6.
When the load balancing scheme is INTERNAL, this can only be an RFC 1918 IP address belonging to the network/subnet configured for the forwarding rule. By default, if this field is empty, an ephemeral internal IP address will be automatically allocated from the IP range of the subnet or network configured for this forwarding rule.
An address can be specified either by a literal IP address or a URL reference to an existing Address resource. The following examples are all valid: * 100.1.2.3 * https://www.googleapis.com/compute/v1/projects/project/regions/region/addresses/address * projects/project/regions/region/addresses/address * regions/region/addresses/address * global/addresses/address * address .
|
|
|
ip_protocol
string
|
The IP protocol to which this rule applies. Valid options are TCP, UDP, ESP, AH, SCTP or ICMP. When the load balancing scheme is INTERNAL_SELF_MANAGED, only TCP is valid.
Some valid choices include: "TCP", "UDP", "ESP", "AH", "SCTP", "ICMP"
|
|
|
ip_version
string
|
The IP Version that will be used by this global forwarding rule.
Valid options are IPV4 or IPV6.
Some valid choices include: "IPV4", "IPV6"
|
|
|
load_balancing_scheme
string
|
Default: "EXTERNAL"
|
This signifies what the GlobalForwardingRule will be used for.
The value of INTERNAL_SELF_MANAGED means that this will be used for Internal Global HTTP(S) LB. The value of EXTERNAL means that this will be used for External Global Load Balancing (HTTP(S) LB, External TCP/UDP LB, SSL Proxy) NOTE: Currently global forwarding rules cannot be used for INTERNAL load balancing.
Some valid choices include: "INTERNAL_SELF_MANAGED", "EXTERNAL"
|
|
name
string
/ required
|
Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
|
|
|
network
dictionary
|
This field is not used for external load balancing.
For INTERNAL_SELF_MANAGED load balancing, this field identifies the network that the load balanced IP should belong to for this global forwarding rule. If this field is not specified, the default network will be used.
This field represents a link to a Network resource in GCP. It can be specified in two ways. First, you can place a dictionary with key 'selfLink' and value of your resource's selfLink Alternatively, you can add `register: name-of-resource` to a gcp_compute_network task and then set this network field to "{{ name-of-resource }}"
|
|
|
port_range
string
|
This field is used along with the target field for TargetHttpProxy, TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance.
Applicable only when IPProtocol is TCP, UDP, or SCTP, only packets addressed to ports in the specified range will be forwarded to target.
Forwarding rules with the same [IPAddress, IPProtocol] pair must have disjoint port ranges.
Some types of forwarding target have constraints on the acceptable ports: * TargetHttpProxy: 80, 8080 * TargetHttpsProxy: 443 * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222 * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222 * TargetVpnGateway: 500, 4500 .
|
|
|
project
string
|
The Google Cloud Platform project to use.
|
|
|
scopes
list
|
Array of scopes to be used.
|
|
|
service_account_contents
jsonarg
|
The contents of a Service Account JSON file, either in a dictionary or as a JSON string that represents it.
|
|
|
service_account_email
string
|
An optional service account email address if machineaccount is selected and the user does not wish to use the default email.
|
|
|
service_account_file
path
|
The path of a Service Account JSON file if serviceaccount is selected as type.
|
|
|
state
string
|
|
Whether the given object should exist in GCP
|
|
target
string
/ required
|
The URL of the target resource to receive the matched traffic.
The forwarded traffic must be of a type appropriate to the target object.
|
Notes¶
Note
- for authentication, you can set service_account_file using the c(gcp_service_account_file) env variable.
- for authentication, you can set service_account_contents using the c(GCP_SERVICE_ACCOUNT_CONTENTS) env variable.
- For authentication, you can set service_account_email using the
GCP_SERVICE_ACCOUNT_EMAILenv variable. - For authentication, you can set auth_kind using the
GCP_AUTH_KINDenv variable. - For authentication, you can set scopes using the
GCP_SCOPESenv variable. - Environment variables values will only be used if the playbook values are not set.
- The service_account_email and service_account_file options are mutually exclusive.
Examples¶
- name: create a global address
gcp_compute_global_address:
name: globaladdress-globalforwardingrule
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: globaladdress
- name: create a instance group
gcp_compute_instance_group:
name: instancegroup-globalforwardingrule
zone: us-central1-a
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: instancegroup
- name: create a HTTP health check
gcp_compute_http_health_check:
name: httphealthcheck-globalforwardingrule
healthy_threshold: 10
port: 8080
timeout_sec: 2
unhealthy_threshold: 5
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: healthcheck
- name: create a backend service
gcp_compute_backend_service:
name: backendservice-globalforwardingrule
backends:
- group: "{{ instancegroup.selfLink }}"
health_checks:
- "{{ healthcheck.selfLink }}"
enable_cdn: 'true'
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: backendservice
- name: create a URL map
gcp_compute_url_map:
name: urlmap-globalforwardingrule
default_service: "{{ backendservice }}"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: urlmap
- name: create a target HTTP proxy
gcp_compute_target_http_proxy:
name: targethttpproxy-globalforwardingrule
url_map: "{{ urlmap }}"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: httpproxy
- name: create a global forwarding rule
gcp_compute_global_forwarding_rule:
name: test_object
ip_address: "{{ globaladdress.address }}"
ip_protocol: TCP
port_range: 80-80
target: "{{ httpproxy.selfLink }}"
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
|
creationTimestamp
string
|
success |
Creation timestamp in RFC3339 text format.
|
|
description
string
|
success |
An optional description of this resource. Provide this property when you create the resource.
|
|
id
integer
|
success |
The unique identifier for the resource.
|
|
IPAddress
string
|
success |
The IP address that this forwarding rule is serving on behalf of.
Addresses are restricted based on the forwarding rule's load balancing scheme (EXTERNAL or INTERNAL) and scope (global or regional).
When the load balancing scheme is EXTERNAL, for global forwarding rules, the address must be a global IP, and for regional forwarding rules, the address must live in the same region as the forwarding rule. If this field is empty, an ephemeral IPv4 address from the same scope (global or regional) will be assigned. A regional forwarding rule supports IPv4 only. A global forwarding rule supports either IPv4 or IPv6.
When the load balancing scheme is INTERNAL, this can only be an RFC 1918 IP address belonging to the network/subnet configured for the forwarding rule. By default, if this field is empty, an ephemeral internal IP address will be automatically allocated from the IP range of the subnet or network configured for this forwarding rule.
An address can be specified either by a literal IP address or a URL reference to an existing Address resource. The following examples are all valid: * 100.1.2.3 * https://www.googleapis.com/compute/v1/projects/project/regions/region/addresses/address * projects/project/regions/region/addresses/address * regions/region/addresses/address * global/addresses/address * address .
|
|
IPProtocol
string
|
success |
The IP protocol to which this rule applies. Valid options are TCP, UDP, ESP, AH, SCTP or ICMP. When the load balancing scheme is INTERNAL_SELF_MANAGED, only TCP is valid.
|
|
ipVersion
string
|
success |
The IP Version that will be used by this global forwarding rule.
Valid options are IPV4 or IPV6.
|
|
loadBalancingScheme
string
|
success |
This signifies what the GlobalForwardingRule will be used for.
The value of INTERNAL_SELF_MANAGED means that this will be used for Internal Global HTTP(S) LB. The value of EXTERNAL means that this will be used for External Global Load Balancing (HTTP(S) LB, External TCP/UDP LB, SSL Proxy) NOTE: Currently global forwarding rules cannot be used for INTERNAL load balancing.
|
|
name
string
|
success |
Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
|
|
network
dictionary
|
success |
This field is not used for external load balancing.
For INTERNAL_SELF_MANAGED load balancing, this field identifies the network that the load balanced IP should belong to for this global forwarding rule. If this field is not specified, the default network will be used.
|
|
portRange
string
|
success |
This field is used along with the target field for TargetHttpProxy, TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance.
Applicable only when IPProtocol is TCP, UDP, or SCTP, only packets addressed to ports in the specified range will be forwarded to target.
Forwarding rules with the same [IPAddress, IPProtocol] pair must have disjoint port ranges.
Some types of forwarding target have constraints on the acceptable ports: * TargetHttpProxy: 80, 8080 * TargetHttpsProxy: 443 * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222 * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222 * TargetVpnGateway: 500, 4500 .
|
|
target
string
|
success |
The URL of the target resource to receive the matched traffic.
The forwarded traffic must be of a type appropriate to the target object.
|
Status¶
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors¶
- Google Inc. (@googlecloudplatform)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.