community.google.gce_net – create/destroy GCE networks and firewall rules
Note
This plugin is part of the community.google collection (version 1.0.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.google
.
To use it in a playbook, specify: community.google.gce_net
.
Synopsis
This module can create and destroy Google Compute Engine networks and firewall rules https://cloud.google.com/compute/docs/networking. The name parameter is reserved for referencing a network while the fwname parameter is used to reference firewall rules. IPv4 Address ranges must be specified using the CIDR http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing format. Full install/configuration instructions for the gce* modules can be found in the comments of ansible/test/gce_tests.py.
Requirements
The below requirements are needed on the host that executes this module.
python >= 2.6
apache-libcloud >= 0.13.3, >= 0.17.0 if using JSON credentials
Parameters
Parameter |
Comments |
---|---|
the protocol:ports to allow (tcp:80 or tcp:80,443 or tcp:80-800;udp:1-25) this parameter is mandatory when creating or updating a firewall rule |
|
path to the JSON file associated with the service account email |
|
name of the firewall rule |
|
the IPv4 address range in CIDR notation for the network this parameter is not mandatory when you specified existing network in name parameter, but when you create new network, this parameter is mandatory |
|
network mode for Google Cloud Choices:
|
|
name of the network |
|
path to the pem file associated with the service account email This option is deprecated. Use |
|
your GCE project ID |
|
service account email |
|
the source IPv4 address range in CIDR notation Default: [] |
|
the source instance tags for creating a firewall rule Default: [] |
|
desired state of the network or firewall Available choices are: Default: “present” |
|
description of subnet to create |
|
name of subnet to create |
|
region of subnet to create |
|
the target instance tags for creating a firewall rule Default: [] |
Examples
# Create a 'legacy' Network
- name: Create Legacy Network
community.google.gce_net:
name: legacynet
ipv4_range: '10.24.17.0/24'
mode: legacy
state: present
# Create an 'auto' Network
- name: Create Auto Network
community.google.gce_net:
name: autonet
mode: auto
state: present
# Create a 'custom' Network
- name: Create Custom Network
community.google.gce_net:
name: customnet
mode: custom
subnet_name: "customsubnet"
subnet_region: us-east1
ipv4_range: '10.240.16.0/24'
state: "present"
# Create Firewall Rule with Source Tags
- name: Create Firewall Rule w/Source Tags
community.google.gce_net:
name: default
fwname: "my-firewall-rule"
allowed: tcp:80
state: "present"
src_tags: "foo,bar"
# Create Firewall Rule with Source Range
- name: Create Firewall Rule w/Source Range
community.google.gce_net:
name: default
fwname: "my-firewall-rule"
allowed: tcp:80
state: "present"
src_range: ['10.1.1.1/32']
# Create Custom Subnetwork
- name: Create Custom Subnetwork
community.google.gce_net:
name: privatenet
mode: custom
subnet_name: subnet_example
subnet_region: us-central1
ipv4_range: '10.0.0.0/16'
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Rules (ports and protocols) specified by this firewall rule. Returned: When specified Sample: “tcp:80;icmp” |
|
Name of the firewall rule. Returned: When specified Sample: “my-fwname” |
|
IPv4 range of the specified network or subnetwork. Returned: when specified or when a subnetwork is created Sample: “10.0.0.0/16” |
|
Name of the network. Returned: always Sample: “my-network” |
|
IP address blocks a firewall rule applies to. Returned: when specified Sample: [“10.1.1.12/8”] |
|
Instance Tags firewall rule applies to. Returned: when specified while creating a firewall rule Sample: [“foo”, “bar”] |
|
State of the item operated on. Returned: always Sample: “present” |
|
Name of the subnetwork. Returned: when specified or when a subnetwork is created Sample: “my-subnetwork” |
|
Region of the specified subnet. Returned: when specified or when a subnetwork is created Sample: “us-east1” |
|
Instance Tags with these tags receive traffic allowed by firewall rule. Returned: when specified while creating a firewall rule Sample: [“foo”, “bar”] |
Authors
Eric Johnson (@erjohnso) <erjohnso@google.com>, Tom Melendez (@supertom) <supertom@google.com>