gce_net - create/destroy GCE networks and firewall rules
New in version 1.5.
Synopsis
- This module can create and destroy Google Compute Engine networks and firewall rules https://cloud.google.com/compute/docs/networking. The name parameter is reserved for referencing a network while the fwname parameter is used to reference firewall rules. IPv4 Address ranges must be specified using the CIDR http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing format. Full install/configuration instructions for the gce* modules can be found in the comments of ansible/test/gce_tests.py.
Requirements (on host that executes module)
- python >= 2.6
- apache-libcloud >= 0.13.3, >= 0.17.0 if using JSON credentials
Options
| parameter | required | default | choices | comments |
|---|---|---|---|---|
| allowed | no | the protocol:ports to allow ('tcp:80' or 'tcp:80,443' or 'tcp:80-800;udp:1-25') this parameter is mandatory when creating or updating a firewall rule | ||
| credentials_file (added in 2.1.0)
| no | path to the JSON file associated with the service account email | ||
| fwname | no | name of the firewall rule aliases: fwrule | ||
| ipv4_range | no | the IPv4 address range in CIDR notation for the network this parameter is not mandatory when you specified existing network in name parameter, but when you create new network, this parameter is mandatory aliases: cidr | ||
| mode (added in 2.2)
| no | legacy |
| network mode for Google Cloud "legacy" indicates a network with an IP address range "auto" automatically generates subnetworks in different regions "custom" uses networks to group subnets of user specified IP address ranges https://cloud.google.com/compute/docs/networking#network_types |
| name | no | name of the network | ||
| pem_file (added in 1.6)
| no | path to the pem file associated with the service account email This option is deprecated. Use 'credentials_file'. | ||
| project_id (added in 1.6)
| no | your GCE project ID | ||
| service_account_email (added in 1.6)
| no | service account email | ||
| src_range | no | the source IPv4 address range in CIDR notation aliases: src_cidr | ||
| src_tags | no | the source instance tags for creating a firewall rule | ||
| state | no | present |
| desired state of the network or firewall |
| subnet_desc (added in 2.2)
| no | description of subnet to create | ||
| subnet_name (added in 2.2)
| no | name of subnet to create | ||
| subnet_region (added in 2.2)
| no | region of subnet to create | ||
| target_tags (added in 1.9)
| no | the target instance tags for creating a firewall rule |
Examples
# Create a 'legacy' Network
- name: Create Legacy Network
gce_net:
name: legacynet
ipv4_range: '10.24.17.0/24'
mode: legacy
state: present
# Create an 'auto' Network
- name: Create Auto Network
gce_net:
name: autonet
mode: auto
state: present
# Create a 'custom' Network
- name: Create Custom Network
gce_net:
name: customnet
mode: custom
subnet_name: "customsubnet"
subnet_region: us-east1
ipv4_range: '10.240.16.0/24'
state: "present"
# Create Firewall Rule with Source Tags
- name: Create Firewall Rule w/Source Tags
gce_net:
name: default
fwname: "my-firewall-rule"
allowed: tcp:80
state: "present"
src_tags: "foo,bar"
# Create Firewall Rule with Source Range
- name: Create Firewall Rule w/Source Range
gce_net:
name: default
fwname: "my-firewall-rule"
allowed: tcp:80
state: "present"
src_range: ['10.1.1.1/32']
# Create Custom Subnetwork
- name: Create Custom Subnetwork
gce_net:
name: privatenet
mode: custom
subnet_name: subnet_example
subnet_region: us-central1
ipv4_range: '10.0.0.0/16'
Return Values
Common return values are documented here Return Values, the following are the fields unique to this module:
| name | description | returned | type | sample |
|---|---|---|---|---|
| allowed | Rules (ports and protocols) specified by this firewall rule. | When specified | string | tcp:80;icmp |
| fwname | Name of the firewall rule. | When specified | string | my-fwname |
| ipv4_range | IPv4 range of the specified network or subnetwork. | when specified or when a subnetwork is created | string | 10.0.0.0/16 |
| name | Name of the network. | always | string | my-network |
| src_range | IP address blocks a firewall rule applies to. | when specified | list | ['10.1.1.12/8'] |
| src_tags | Instance Tags firewall rule applies to. | when specified while creating a firewall rule | list | ['foo', 'bar'] |
| state | State of the item operated on. | always | string | present |
| subnet_name | Name of the subnetwork. | when specified or when a subnetwork is created | string | my-subnetwork |
| subnet_region | Region of the specified subnet. | when specified or when a subnetwork is created | string | us-east1 |
| target_tags | Instance Tags with these tags receive traffic allowed by firewall rule. | when specified while creating a firewall rule | list | ['foo', 'bar'] |
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/gce_net_module.html