gcp_compute_vpn_tunnel – Creates a GCP VpnTunnel

New in version 2.7.

Synopsis

  • VPN tunnel resource.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 2.6
  • requests >= 2.18.4
  • google-auth >= 1.3.0

Parameters

Parameter Choices/Defaults Comments
auth_kind
string / required
    Choices:
  • application
  • machineaccount
  • serviceaccount
The type of credential used.
description
-
An optional description of this resource.
ike_version
-
Default:
"2"
IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway.
Acceptable IKE versions are 1 or 2. Default version is 2.
local_traffic_selector
-
Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint.
Only IPv4 is supported.
name
- / required
Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
peer_ip
- / required
IP address of the peer VPN gateway. Only IPv4 is supported.
project
string
The Google Cloud Platform project to use.
region
- / required
The region where the tunnel is located.
remote_traffic_selector
-
Remote traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint.
Only IPv4 is supported.
router
-
URL of router resource to be used for dynamic routing.
This field represents a link to a Router resource in GCP. It can be specified in two ways. First, you can place a dictionary with key 'selfLink' and value of your resource's selfLink Alternatively, you can add `register: name-of-resource` to a gcp_compute_router task and then set this router field to "{{ name-of-resource }}"
scopes
list
Array of scopes to be used.
service_account_contents
string
A string representing the contents of a Service Account JSON file.
This should not be passed in as a dictionary, but a string that has the exact contents of a service account json file (valid JSON)
service_account_email
string
An optional service account email address if machineaccount is selected and the user does not wish to use the default email.
service_account_file
path
The path of a Service Account JSON file if serviceaccount is selected as type.
shared_secret
- / required
Shared secret used to set the secure session between the Cloud VPN gateway and the peer VPN gateway.
state
-
    Choices:
  • present ←
  • absent
Whether the given object should exist in GCP
target_vpn_gateway
- / required
URL of the Target VPN gateway with which this VPN tunnel is associated.
This field represents a link to a TargetVpnGateway resource in GCP. It can be specified in two ways. First, you can place a dictionary with key 'selfLink' and value of your resource's selfLink Alternatively, you can add `register: name-of-resource` to a gcp_compute_target_vpn_gateway task and then set this target_vpn_gateway field to "{{ name-of-resource }}"

Notes

Note

Examples

- name: create a network
  gcp_compute_network:
    name: network-vpn-tunnel
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
    service_account_file: "{{ gcp_cred_file }}"
    state: present
  register: network

- name: create a router
  gcp_compute_router:
    name: router-vpn-tunnel
    network: "{{ network }}"
    bgp:
      asn: 64514
      advertise_mode: CUSTOM
      advertised_groups:
      - ALL_SUBNETS
      advertised_ip_ranges:
      - range: 1.2.3.4
      - range: 6.7.0.0/16
    region: us-central1
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
    service_account_file: "{{ gcp_cred_file }}"
    state: present
  register: router

- name: create a target vpn gateway
  gcp_compute_target_vpn_gateway:
    name: gateway-vpn-tunnel
    region: us-west1
    network: "{{ network }}"
    project: "{{ gcp_project }}"
    auth_kind: "{{ gcp_cred_kind }}"
    service_account_file: "{{ gcp_cred_file }}"
    state: present
  register: gateway

- name: create a vpn tunnel
  gcp_compute_vpn_tunnel:
    name: test_object
    region: us-west1
    target_vpn_gateway: "{{ gateway }}"
    router: "{{ router }}"
    shared_secret: super secret
    project: test_project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: present

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
creationTimestamp
string
success
Creation timestamp in RFC3339 text format.

description
string
success
An optional description of this resource.

ikeVersion
integer
success
IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway.
Acceptable IKE versions are 1 or 2. Default version is 2.

localTrafficSelector
list
success
Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint.
Only IPv4 is supported.

name
string
success
Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

peerIp
string
success
IP address of the peer VPN gateway. Only IPv4 is supported.

region
string
success
The region where the tunnel is located.

remoteTrafficSelector
list
success
Remote traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint.
Only IPv4 is supported.

router
dictionary
success
URL of router resource to be used for dynamic routing.

sharedSecret
string
success
Shared secret used to set the secure session between the Cloud VPN gateway and the peer VPN gateway.

sharedSecretHash
string
success
Hash of the shared secret.

targetVpnGateway
dictionary
success
URL of the Target VPN gateway with which this VPN tunnel is associated.



Status

Authors

  • Google Inc. (@googlecloudplatform)

Hint

If you notice any issues in this documentation you can edit this document to improve it.