ansible.builtin.gce_net (v2.5.6) — module

Install Ansible via pip

Install with pip install ansible==2.5.6

Description

This module can create and destroy Google Compute Engine networks and firewall rules U(https://cloud.google.com/compute/docs/networking). The I(name) parameter is reserved for referencing a network while the I(fwname) parameter is used to reference firewall rules. IPv4 Address ranges must be specified using the CIDR U(http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) format. Full install/configuration instructions for the gce* modules can be found in the comments of ansible/test/gce_tests.py.

Requirements

• python >= 2.6
• apache-libcloud >= 0.13.3, >= 0.17.0 if using JSON credentials

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Create a 'legacy' Network
- name: Create Legacy Network
  gce_net:
    name: legacynet
    ipv4_range: '10.24.17.0/24'
    mode: legacy
    state: present

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Create an 'auto' Network
- name: Create Auto Network
  gce_net:
    name: autonet
    mode: auto
    state: present

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Create a 'custom' Network
- name: Create Custom Network
  gce_net:
    name: customnet
    mode: custom
    subnet_name: "customsubnet"
    subnet_region: us-east1
    ipv4_range: '10.240.16.0/24'
    state: "present"

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Create Firewall Rule with Source Tags
- name: Create Firewall Rule w/Source Tags
  gce_net:
    name: default
    fwname: "my-firewall-rule"
    allowed: tcp:80
    state: "present"
    src_tags: "foo,bar"

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Create Firewall Rule with Source Range
- name: Create Firewall Rule w/Source Range
  gce_net:
    name: default
    fwname: "my-firewall-rule"
    allowed: tcp:80
    state: "present"
    src_range: ['10.1.1.1/32']

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Create Custom Subnetwork
- name: Create Custom Subnetwork
  gce_net:
    name: privatenet
    mode: custom
    subnet_name: subnet_example
    subnet_region: us-central1
    ipv4_range: '10.0.0.0/16'

Inputs

    
mode:
    aliases: []
    choices:
    - legacy
    - auto
    - custom
    default: legacy
    description:
    - network mode for Google Cloud "legacy" indicates a network with an IP address range
      "auto" automatically generates subnetworks in different regions "custom" uses networks
      to group subnets of user specified IP address ranges https://cloud.google.com/compute/docs/networking#network_types
    required: false
    version_added: '2.2'
    version_added_collection: ansible.builtin

name:
    aliases: []
    default: null
    description:
    - name of the network
    required: false

state:
    aliases: []
    choices:
    - active
    - present
    - absent
    - deleted
    default: present
    description:
    - desired state of the network or firewall
    required: false

fwname:
    aliases:
    - fwrule
    default: null
    description:
    - name of the firewall rule
    required: false

allowed:
    aliases: []
    default: null
    description:
    - the protocol:ports to allow ('tcp:80' or 'tcp:80,443' or 'tcp:80-800;udp:1-25')
      this parameter is mandatory when creating or updating a firewall rule
    required: false

pem_file:
    aliases: []
    default: null
    description:
    - path to the pem file associated with the service account email This option is deprecated.
      Use 'credentials_file'.
    required: false
    version_added: '1.6'
    version_added_collection: ansible.builtin

src_tags:
    aliases: []
    default: []
    description:
    - the source instance tags for creating a firewall rule
    required: false

src_range:
    aliases:
    - src_cidr
    default: []
    description:
    - the source IPv4 address range in CIDR notation
    required: false

ipv4_range:
    aliases:
    - cidr
    description:
    - the IPv4 address range in CIDR notation for the network this parameter is not mandatory
      when you specified existing network in name parameter, but when you create new network,
      this parameter is mandatory
    required: false

project_id:
    aliases: []
    default: null
    description:
    - your GCE project ID
    required: false
    version_added: '1.6'
    version_added_collection: ansible.builtin

subnet_desc:
    aliases: []
    default: null
    description:
    - description of subnet to create
    required: false
    version_added: '2.2'
    version_added_collection: ansible.builtin

subnet_name:
    aliases: []
    default: null
    description:
    - name of subnet to create
    required: false
    version_added: '2.2'
    version_added_collection: ansible.builtin

target_tags:
    aliases: []
    default: []
    description:
    - the target instance tags for creating a firewall rule
    required: false
    version_added: '1.9'
    version_added_collection: ansible.builtin

subnet_region:
    aliases: []
    default: null
    description:
    - region of subnet to create
    required: false
    version_added: '2.2'
    version_added_collection: ansible.builtin

credentials_file:
    aliases: []
    default: null
    description:
    - path to the JSON file associated with the service account email
    required: false
    version_added: 2.1.0
    version_added_collection: ansible.builtin

service_account_email:
    aliases: []
    default: null
    description:
    - service account email
    required: false
    version_added: '1.6'
    version_added_collection: ansible.builtin

Outputs

allowed:
  description: Rules (ports and protocols) specified by this firewall rule.
  returned: When specified
  sample: tcp:80;icmp
  type: string
fwname:
  description: Name of the firewall rule.
  returned: When specified
  sample: my-fwname
  type: string
ipv4_range:
  description: IPv4 range of the specified network or subnetwork.
  returned: when specified or when a subnetwork is created
  sample: 10.0.0.0/16
  type: string
name:
  description: Name of the network.
  returned: always
  sample: my-network
  type: string
src_range:
  description: IP address blocks a firewall rule applies to.
  returned: when specified
  sample:
  - 10.1.1.12/8
  type: list
src_tags:
  description: Instance Tags firewall rule applies to.
  returned: when specified while creating a firewall rule
  sample:
  - foo
  - bar
  type: list
state:
  description: State of the item operated on.
  returned: always
  sample: present
  type: string
subnet_name:
  description: Name of the subnetwork.
  returned: when specified or when a subnetwork is created
  sample: my-subnetwork
  type: string
subnet_region:
  description: Region of the specified subnet.
  returned: when specified or when a subnetwork is created
  sample: us-east1
  type: string
target_tags:
  description: Instance Tags with these tags receive traffic allowed by firewall rule.
  returned: when specified while creating a firewall rule
  sample:
  - foo
  - bar
  type: list