community.google.gce_net – create/destroy GCE networks and firewall rules

Note

This plugin is part of the community.google collection (version 1.0.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.google.

To use it in a playbook, specify: community.google.gce_net.

Synopsis

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 2.6
  • apache-libcloud >= 0.13.3, >= 0.17.0 if using JSON credentials

Parameters

Parameter Choices/Defaults Comments
allowed
string
the protocol:ports to allow (tcp:80 or tcp:80,443 or tcp:80-800;udp:1-25) this parameter is mandatory when creating or updating a firewall rule
credentials_file
path
path to the JSON file associated with the service account email
fwname
string
name of the firewall rule
ipv4_range
string
the IPv4 address range in CIDR notation for the network this parameter is not mandatory when you specified existing network in name parameter, but when you create new network, this parameter is mandatory
mode
string
    Choices:
  • legacy
  • auto
  • custom
network mode for Google Cloud legacy indicates a network with an IP address range; auto automatically generates subnetworks in different regions; custom uses networks to group subnets of user specified IP address ranges https://cloud.google.com/compute/docs/networking#network_types
name
string
name of the network
pem_file
path
path to the pem file associated with the service account email This option is deprecated. Use credentials_file.
project_id
string
your GCE project ID
service_account_email
string
service account email
src_range
list / elements=string
Default:
[]
the source IPv4 address range in CIDR notation
src_tags
list / elements=string
Default:
[]
the source instance tags for creating a firewall rule
state
string
Default:
"present"
desired state of the network or firewall
Available choices are: active, present, absent, deleted.
subnet_desc
string
description of subnet to create
subnet_name
string
name of subnet to create
subnet_region
string
region of subnet to create
target_tags
list / elements=string
Default:
[]
the target instance tags for creating a firewall rule

Examples

# Create a 'legacy' Network
- name: Create Legacy Network
  community.google.gce_net:
    name: legacynet
    ipv4_range: '10.24.17.0/24'
    mode: legacy
    state: present

# Create an 'auto' Network
- name: Create Auto Network
  community.google.gce_net:
    name: autonet
    mode: auto
    state: present

# Create a 'custom' Network
- name: Create Custom Network
  community.google.gce_net:
    name: customnet
    mode: custom
    subnet_name: "customsubnet"
    subnet_region: us-east1
    ipv4_range: '10.240.16.0/24'
    state: "present"

# Create Firewall Rule with Source Tags
- name: Create Firewall Rule w/Source Tags
  community.google.gce_net:
    name: default
    fwname: "my-firewall-rule"
    allowed: tcp:80
    state: "present"
    src_tags: "foo,bar"

# Create Firewall Rule with Source Range
- name: Create Firewall Rule w/Source Range
  community.google.gce_net:
    name: default
    fwname: "my-firewall-rule"
    allowed: tcp:80
    state: "present"
    src_range: ['10.1.1.1/32']

# Create Custom Subnetwork
- name: Create Custom Subnetwork
  community.google.gce_net:
    name: privatenet
    mode: custom
    subnet_name: subnet_example
    subnet_region: us-central1
    ipv4_range: '10.0.0.0/16'

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
allowed
string
When specified
Rules (ports and protocols) specified by this firewall rule.

Sample:
tcp:80;icmp
fwname
string
When specified
Name of the firewall rule.

Sample:
my-fwname
ipv4_range
string
when specified or when a subnetwork is created
IPv4 range of the specified network or subnetwork.

Sample:
10.0.0.0/16
name
string
always
Name of the network.

Sample:
my-network
src_range
list / elements=string
when specified
IP address blocks a firewall rule applies to.

Sample:
['10.1.1.12/8']
src_tags
list / elements=string
when specified while creating a firewall rule
Instance Tags firewall rule applies to.

Sample:
['foo', 'bar']
state
string
always
State of the item operated on.

Sample:
present
subnet_name
string
when specified or when a subnetwork is created
Name of the subnetwork.

Sample:
my-subnetwork
subnet_region
string
when specified or when a subnetwork is created
Region of the specified subnet.

Sample:
us-east1
target_tags
list / elements=string
when specified while creating a firewall rule
Instance Tags with these tags receive traffic allowed by firewall rule.

Sample:
['foo', 'bar']


Authors

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/google/gce_net_module.html