Try Spottercreate/destroy GCE networks and firewall rules
| "added in version" 1.5 of ansible.builtin"
Authors: Eric Johnson (@erjohnso) <erjohnso@google.com>, Tom Melendez (@supertom) <supertom@google.com>
preview | supported by community
pipInstall with pip install ansible==2.9.27
This module can create and destroy Google Compute Engine networks and firewall rules U(https://cloud.google.com/compute/docs/networking). The I(name) parameter is reserved for referencing a network while the I(fwname) parameter is used to reference firewall rules. IPv4 Address ranges must be specified using the CIDR U(http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) format. Full install/configuration instructions for the gce* modules can be found in the comments of ansible/test/gce_tests.py.
# Create a 'legacy' Network
- name: Create Legacy Network
gce_net:
name: legacynet
ipv4_range: '10.24.17.0/24'
mode: legacy
state: present
# Create an 'auto' Network
- name: Create Auto Network
gce_net:
name: autonet
mode: auto
state: present
# Create a 'custom' Network
- name: Create Custom Network
gce_net:
name: customnet
mode: custom
subnet_name: "customsubnet"
subnet_region: us-east1
ipv4_range: '10.240.16.0/24'
state: "present"
# Create Firewall Rule with Source Tags
- name: Create Firewall Rule w/Source Tags
gce_net:
name: default
fwname: "my-firewall-rule"
allowed: tcp:80
state: "present"
src_tags: "foo,bar"
# Create Firewall Rule with Source Range
- name: Create Firewall Rule w/Source Range
gce_net:
name: default
fwname: "my-firewall-rule"
allowed: tcp:80
state: "present"
src_range: ['10.1.1.1/32']
# Create Custom Subnetwork
- name: Create Custom Subnetwork
gce_net:
name: privatenet
mode: custom
subnet_name: subnet_example
subnet_region: us-central1
ipv4_range: '10.0.0.0/16'
mode:
choices:
- legacy
- auto
- custom
default: legacy
description:
- network mode for Google Cloud C(legacy) indicates a network with an IP address range;
C(auto) automatically generates subnetworks in different regions; C(custom) uses
networks to group subnets of user specified IP address ranges https://cloud.google.com/compute/docs/networking#network_types
version_added: '2.2'
version_added_collection: ansible.builtin
name:
description:
- name of the network
state:
choices:
- active
- present
- absent
- deleted
default: present
description:
- desired state of the network or firewall
fwname:
aliases:
- fwrule
description:
- name of the firewall rule
allowed:
description:
- the protocol:ports to allow (I(tcp:80) or I(tcp:80,443) or I(tcp:80-800;udp:1-25))
this parameter is mandatory when creating or updating a firewall rule
pem_file:
description:
- path to the pem file associated with the service account email This option is deprecated.
Use C(credentials_file).
version_added: '1.6'
version_added_collection: ansible.builtin
src_tags:
default: []
description:
- the source instance tags for creating a firewall rule
src_range:
aliases:
- src_cidr
default: []
description:
- the source IPv4 address range in CIDR notation
ipv4_range:
aliases:
- cidr
description:
- the IPv4 address range in CIDR notation for the network this parameter is not mandatory
when you specified existing network in name parameter, but when you create new network,
this parameter is mandatory
project_id:
description:
- your GCE project ID
version_added: '1.6'
version_added_collection: ansible.builtin
subnet_desc:
description:
- description of subnet to create
version_added: '2.2'
version_added_collection: ansible.builtin
subnet_name:
description:
- name of subnet to create
version_added: '2.2'
version_added_collection: ansible.builtin
target_tags:
default: []
description:
- the target instance tags for creating a firewall rule
version_added: '1.9'
version_added_collection: ansible.builtin
subnet_region:
description:
- region of subnet to create
version_added: '2.2'
version_added_collection: ansible.builtin
credentials_file:
description:
- path to the JSON file associated with the service account email
version_added: 2.1.0
version_added_collection: ansible.builtin
service_account_email:
description:
- service account email
version_added: '1.6'
version_added_collection: ansible.builtin
allowed: description: Rules (ports and protocols) specified by this firewall rule. returned: When specified sample: tcp:80;icmp type: str fwname: description: Name of the firewall rule. returned: When specified sample: my-fwname type: str ipv4_range: description: IPv4 range of the specified network or subnetwork. returned: when specified or when a subnetwork is created sample: 10.0.0.0/16 type: str name: description: Name of the network. returned: always sample: my-network type: str src_range: description: IP address blocks a firewall rule applies to. returned: when specified sample: - 10.1.1.12/8 type: list src_tags: description: Instance Tags firewall rule applies to. returned: when specified while creating a firewall rule sample: - foo - bar type: list state: description: State of the item operated on. returned: always sample: present type: str subnet_name: description: Name of the subnetwork. returned: when specified or when a subnetwork is created sample: my-subnetwork type: str subnet_region: description: Region of the specified subnet. returned: when specified or when a subnetwork is created sample: us-east1 type: str target_tags: description: Instance Tags with these tags receive traffic allowed by firewall rule. returned: when specified while creating a firewall rule sample: - foo - bar type: list