Documentation

gcp_compute_vpn_tunnel - Creates a GCP VpnTunnel

New in version 2.7.

Synopsis

  • VPN tunnel resource.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 2.6
  • requests >= 2.18.4
  • google-auth >= 1.3.0

Parameters

Parameter Choices/Defaults Comments
auth_kind
required
    Choices:
  • machineaccount
  • serviceaccount
  • application
The type of credential used.
description
An optional description of this resource.
ike_version Default:
2
IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway.
Acceptable IKE versions are 1 or 2. Default version is 2.
labels
Labels to apply to this VpnTunnel.
local_traffic_selector
Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint.
Only IPv4 is supported.
name
required
Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
peer_ip
required
IP address of the peer VPN gateway. Only IPv4 is supported.
project Default:
None
The Google Cloud Platform project to use.
region
required
The region where the tunnel is located.
remote_traffic_selector
Remote traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint.
Only IPv4 is supported.
router
URL of router resource to be used for dynamic routing.
scopes
Array of scopes to be used.
service_account_email
An optional service account email address if machineaccount is selected and the user does not wish to use the default email.
service_account_file
The path of a Service Account JSON file if serviceaccount is selected as type.
shared_secret
required
Shared secret used to set the secure session between the Cloud VPN gateway and the peer VPN gateway.
state
    Choices:
  • present ←
  • absent
Whether the given object should exist in GCP
target_vpn_gateway
required
URL of the Target VPN gateway with which this VPN tunnel is associated.

Notes

Note

Examples

- name: create a network
  gcp_compute_network:
      name: "network-vpn_tunnel"
      project: "{{ gcp_project }}"
      auth_kind: "{{ gcp_cred_kind }}"
      service_account_file: "{{ gcp_cred_file }}"
      state: present
  register: network

- name: create a router
  gcp_compute_router:
      name: "router-vpn_tunnel"
      network: "{{ network }}"
      bgp:
        asn: 64514
        advertise_mode: CUSTOM
        advertised_groups:
        - ALL_SUBNETS
        advertised_ip_ranges:
        - range: 1.2.3.4
        - range: 6.7.0.0/16
      region: us-central1
      project: "{{ gcp_project }}"
      auth_kind: "{{ gcp_cred_kind }}"
      service_account_file: "{{ gcp_cred_file }}"
      state: present
  register: router

- name: create a target vpn gateway
  gcp_compute_target_vpn_gateway:
      name: "gateway-vpn_tunnel"
      region: us-west1
      network: "{{ network }}"
      project: "{{ gcp_project }}"
      auth_kind: "{{ gcp_cred_kind }}"
      service_account_file: "{{ gcp_cred_file }}"
      state: present
  register: gateway

- name: create a vpn tunnel
  gcp_compute_vpn_tunnel:
      name: "test_object"
      region: us-west1
      target_vpn_gateway: "{{ gateway }}"
      router: "{{ router }}"
      shared_secret: super secret
      project: "test_project"
      auth_kind: "service_account"
      service_account_file: "/tmp/auth.pem"
      state: present

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
creation_timestamp
str
success
Creation timestamp in RFC3339 text format.

description
str
success
An optional description of this resource.

ike_version
int
success
IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway.
Acceptable IKE versions are 1 or 2. Default version is 2.

labels
dict
success
Labels to apply to this VpnTunnel.

local_traffic_selector
list
success
Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint.
Only IPv4 is supported.

name
str
success
Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

peer_ip
str
success
IP address of the peer VPN gateway. Only IPv4 is supported.

region
str
success
The region where the tunnel is located.

remote_traffic_selector
list
success
Remote traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint.
Only IPv4 is supported.

router
str
success
URL of router resource to be used for dynamic routing.

shared_secret
str
success
Shared secret used to set the secure session between the Cloud VPN gateway and the peer VPN gateway.

shared_secret_hash
str
success
Hash of the shared secret.

target_vpn_gateway
dict
success
URL of the Target VPN gateway with which this VPN tunnel is associated.



Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Maintenance

This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.

For a list of other modules that are also maintained by the Ansible Community, see here.

Author

  • Google Inc. (@googlecloudplatform)

Hint

If you notice any issues in this documentation you can edit this document to improve it.