ansible / ansible.builtin / v2.3.0.0-1 / module / gce_net create/destroy GCE networks and firewall rules | "added in version" 1.5 of ansible.builtin" Authors: Eric Johnson (@erjohnso) <erjohnso@google.com>, Tom Melendez (@supertom) <supertom@google.com> preview | supported by communityansible.builtin.gce_net (v2.3.0.0-1) — module
pip
Install with pip install ansible==2.3.0.0.post1
This module can create and destroy Google Compute Engine networks and firewall rules U(https://cloud.google.com/compute/docs/networking). The I(name) parameter is reserved for referencing a network while the I(fwname) parameter is used to reference firewall rules. IPv4 Address ranges must be specified using the CIDR U(http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) format. Full install/configuration instructions for the gce* modules can be found in the comments of ansible/test/gce_tests.py.
# Create a 'legacy' Network - name: Create Legacy Network gce_net: name: legacynet ipv4_range: '10.24.17.0/24' mode: legacy state: present
# Create an 'auto' Network - name: Create Auto Network gce_net: name: autonet mode: auto state: present
# Create a 'custom' Network - name: Create Custom Network gce_net: name: customnet mode: custom subnet_name: "customsubnet" subnet_region: us-east1 ipv4_range: '10.240.16.0/24' state: "present"
# Create Firewall Rule with Source Tags - name: Create Firewall Rule w/Source Tags gce_net: name: default fwname: "my-firewall-rule" allowed: tcp:80 state: "present" src_tags: "foo,bar"
# Create Firewall Rule with Source Range - name: Create Firewall Rule w/Source Range gce_net: name: default fwname: "my-firewall-rule" allowed: tcp:80 state: "present" src_range: ['10.1.1.1/32']
# Create Custom Subnetwork - name: Create Custom Subnetwork gce_net: name: privatenet mode: custom subnet_name: subnet_example subnet_region: us-central1 ipv4_range: '10.0.0.0/16'
mode: aliases: [] choices: - legacy - auto - custom default: legacy description: - network mode for Google Cloud "legacy" indicates a network with an IP address range "auto" automatically generates subnetworks in different regions "custom" uses networks to group subnets of user specified IP address ranges https://cloud.google.com/compute/docs/networking#network_types required: false version_added: '2.2' version_added_collection: ansible.builtin name: aliases: [] default: null description: - name of the network required: false state: aliases: [] choices: - active - present - absent - deleted default: present description: - desired state of the network or firewall required: false fwname: aliases: - fwrule default: null description: - name of the firewall rule required: false allowed: aliases: [] default: null description: - the protocol:ports to allow ('tcp:80' or 'tcp:80,443' or 'tcp:80-800;udp:1-25') this parameter is mandatory when creating or updating a firewall rule required: false pem_file: aliases: [] default: null description: - path to the pem file associated with the service account email This option is deprecated. Use 'credentials_file'. required: false version_added: '1.6' version_added_collection: ansible.builtin src_tags: aliases: [] default: null description: - the source instance tags for creating a firewall rule required: false src_range: aliases: - src_cidr default: null description: - the source IPv4 address range in CIDR notation required: false ipv4_range: aliases: - cidr description: - the IPv4 address range in CIDR notation for the network this parameter is not mandatory when you specified existing network in name parameter, but when you create new network, this parameter is mandatory required: false project_id: aliases: [] default: null description: - your GCE project ID required: false version_added: '1.6' version_added_collection: ansible.builtin subnet_desc: aliases: [] default: null description: - description of subnet to create required: false version_added: '2.2' version_added_collection: ansible.builtin subnet_name: aliases: [] default: null description: - name of subnet to create required: false version_added: '2.2' version_added_collection: ansible.builtin target_tags: aliases: [] default: null description: - the target instance tags for creating a firewall rule required: false version_added: '1.9' version_added_collection: ansible.builtin subnet_region: aliases: [] default: null description: - region of subnet to create required: false version_added: '2.2' version_added_collection: ansible.builtin credentials_file: aliases: [] default: null description: - path to the JSON file associated with the service account email required: false version_added: 2.1.0 version_added_collection: ansible.builtin service_account_email: aliases: [] default: null description: - service account email required: false version_added: '1.6' version_added_collection: ansible.builtin
allowed: description: Rules (ports and protocols) specified by this firewall rule. returned: When specified sample: tcp:80;icmp type: string fwname: description: Name of the firewall rule. returned: When specified sample: my-fwname type: string ipv4_range: description: IPv4 range of the specified network or subnetwork. returned: when specified or when a subnetwork is created sample: 10.0.0.0/16 type: string name: description: Name of the network. returned: always sample: my-network type: string src_range: description: IP address blocks a firewall rule applies to. returned: when specified sample: - 10.1.1.12/8 type: list src_tags: description: Instance Tags firewall rule applies to. returned: when specified while creating a firewall rule sample: - foo - bar type: list state: description: State of the item operated on. returned: always sample: present type: string subnet_name: description: Name of the subnetwork. returned: when specified or when a subnetwork is created sample: my-subnetwork type: string subnet_region: description: Region of the specified subnet. returned: when specified or when a subnetwork is created sample: us-east1 type: string target_tags: description: Instance Tags with these tags receive traffic allowed by firewall rule. returned: when specified while creating a firewall rule sample: - foo - bar type: list