Documentation

gcp_compute_vpn_tunnel – Creates a GCP VpnTunnel

New in version 2.7.

Synopsis

  • VPN tunnel resource.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 2.6
  • requests >= 2.18.4
  • google-auth >= 1.3.0

Parameters

Parameter Choices/Defaults Comments
auth_kind
- / required
    Choices:
  • machineaccount
  • serviceaccount
  • application
The type of credential used.
description
-
An optional description of this resource.
ike_version
-
Default:
2
IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway.
Acceptable IKE versions are 1 or 2. Default version is 2.
labels
-
Labels to apply to this VpnTunnel.
local_traffic_selector
-
Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint.
Only IPv4 is supported.
name
- / required
Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
peer_ip
- / required
IP address of the peer VPN gateway. Only IPv4 is supported.
project
-
Default:
None
The Google Cloud Platform project to use.
region
- / required
The region where the tunnel is located.
remote_traffic_selector
-
Remote traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint.
Only IPv4 is supported.
router
-
URL of router resource to be used for dynamic routing.
scopes
-
Array of scopes to be used.
service_account_email
-
An optional service account email address if machineaccount is selected and the user does not wish to use the default email.
service_account_file
-
The path of a Service Account JSON file if serviceaccount is selected as type.
shared_secret
- / required
Shared secret used to set the secure session between the Cloud VPN gateway and the peer VPN gateway.
state
-
    Choices:
  • present ←
  • absent
Whether the given object should exist in GCP
target_vpn_gateway
- / required
URL of the Target VPN gateway with which this VPN tunnel is associated.

Notes

Note

Examples

- name: create a network
  gcp_compute_network:
      name: "network-vpn_tunnel"
      project: "{{ gcp_project }}"
      auth_kind: "{{ gcp_cred_kind }}"
      service_account_file: "{{ gcp_cred_file }}"
      state: present
  register: network

- name: create a router
  gcp_compute_router:
      name: "router-vpn_tunnel"
      network: "{{ network }}"
      bgp:
        asn: 64514
        advertise_mode: CUSTOM
        advertised_groups:
        - ALL_SUBNETS
        advertised_ip_ranges:
        - range: 1.2.3.4
        - range: 6.7.0.0/16
      region: us-central1
      project: "{{ gcp_project }}"
      auth_kind: "{{ gcp_cred_kind }}"
      service_account_file: "{{ gcp_cred_file }}"
      state: present
  register: router

- name: create a target vpn gateway
  gcp_compute_target_vpn_gateway:
      name: "gateway-vpn_tunnel"
      region: us-west1
      network: "{{ network }}"
      project: "{{ gcp_project }}"
      auth_kind: "{{ gcp_cred_kind }}"
      service_account_file: "{{ gcp_cred_file }}"
      state: present
  register: gateway

- name: create a vpn tunnel
  gcp_compute_vpn_tunnel:
      name: "test_object"
      region: us-west1
      target_vpn_gateway: "{{ gateway }}"
      router: "{{ router }}"
      shared_secret: super secret
      project: "test_project"
      auth_kind: "service_account"
      service_account_file: "/tmp/auth.pem"
      state: present

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
creation_timestamp
string
success
Creation timestamp in RFC3339 text format.

description
string
success
An optional description of this resource.

ike_version
integer
success
IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway.
Acceptable IKE versions are 1 or 2. Default version is 2.

labels
dictionary
success
Labels to apply to this VpnTunnel.

local_traffic_selector
list
success
Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint.
Only IPv4 is supported.

name
string
success
Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

peer_ip
string
success
IP address of the peer VPN gateway. Only IPv4 is supported.

region
string
success
The region where the tunnel is located.

remote_traffic_selector
list
success
Remote traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint.
Only IPv4 is supported.

router
string
success
URL of router resource to be used for dynamic routing.

shared_secret
string
success
Shared secret used to set the secure session between the Cloud VPN gateway and the peer VPN gateway.

shared_secret_hash
string
success
Hash of the shared secret.

target_vpn_gateway
dictionary
success
URL of the Target VPN gateway with which this VPN tunnel is associated.



Status

Authors

  • Google Inc. (@googlecloudplatform)

Hint

If you notice any issues in this documentation you can edit this document to improve it.