community / community.general / 1.3.11 / module / gce_net create/destroy GCE networks and firewall rules Authors: Eric Johnson (@erjohnso) <erjohnso@google.com>, Tom Melendez (@supertom) <supertom@google.com>community.general.gce_net (1.3.11) — module
Install with ansible-galaxy collection install community.general:==1.3.11
collections: - name: community.general version: 1.3.11
This module can create and destroy Google Compute Engine networks and firewall rules U(https://cloud.google.com/compute/docs/networking). The I(name) parameter is reserved for referencing a network while the I(fwname) parameter is used to reference firewall rules. IPv4 Address ranges must be specified using the CIDR U(http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) format. Full install/configuration instructions for the gce* modules can be found in the comments of ansible/test/gce_tests.py.
# Create a 'legacy' Network - name: Create Legacy Network community.general.gce_net: name: legacynet ipv4_range: '10.24.17.0/24' mode: legacy state: present
# Create an 'auto' Network - name: Create Auto Network community.general.gce_net: name: autonet mode: auto state: present
# Create a 'custom' Network - name: Create Custom Network community.general.gce_net: name: customnet mode: custom subnet_name: "customsubnet" subnet_region: us-east1 ipv4_range: '10.240.16.0/24' state: "present"
# Create Firewall Rule with Source Tags - name: Create Firewall Rule w/Source Tags community.general.gce_net: name: default fwname: "my-firewall-rule" allowed: tcp:80 state: "present" src_tags: "foo,bar"
# Create Firewall Rule with Source Range - name: Create Firewall Rule w/Source Range community.general.gce_net: name: default fwname: "my-firewall-rule" allowed: tcp:80 state: "present" src_range: ['10.1.1.1/32']
# Create Custom Subnetwork - name: Create Custom Subnetwork community.general.gce_net: name: privatenet mode: custom subnet_name: subnet_example subnet_region: us-central1 ipv4_range: '10.0.0.0/16'
mode: choices: - legacy - auto - custom default: legacy description: - network mode for Google Cloud C(legacy) indicates a network with an IP address range; C(auto) automatically generates subnetworks in different regions; C(custom) uses networks to group subnets of user specified IP address ranges https://cloud.google.com/compute/docs/networking#network_types type: str name: description: - name of the network type: str state: default: present description: - desired state of the network or firewall - 'Available choices are: C(active), C(present), C(absent), C(deleted).' type: str fwname: description: - name of the firewall rule type: str allowed: description: - the protocol:ports to allow (I(tcp:80) or I(tcp:80,443) or I(tcp:80-800;udp:1-25)) this parameter is mandatory when creating or updating a firewall rule type: str pem_file: description: - path to the pem file associated with the service account email This option is deprecated. Use C(credentials_file). type: path src_tags: default: [] description: - the source instance tags for creating a firewall rule type: list src_range: default: [] description: - the source IPv4 address range in CIDR notation type: list ipv4_range: description: - the IPv4 address range in CIDR notation for the network this parameter is not mandatory when you specified existing network in name parameter, but when you create new network, this parameter is mandatory type: str project_id: description: - your GCE project ID type: str subnet_desc: description: - description of subnet to create type: str subnet_name: description: - name of subnet to create type: str target_tags: default: [] description: - the target instance tags for creating a firewall rule type: list subnet_region: description: - region of subnet to create type: str credentials_file: description: - path to the JSON file associated with the service account email type: path service_account_email: description: - service account email type: str
allowed: description: Rules (ports and protocols) specified by this firewall rule. returned: When specified sample: tcp:80;icmp type: str fwname: description: Name of the firewall rule. returned: When specified sample: my-fwname type: str ipv4_range: description: IPv4 range of the specified network or subnetwork. returned: when specified or when a subnetwork is created sample: 10.0.0.0/16 type: str name: description: Name of the network. returned: always sample: my-network type: str src_range: description: IP address blocks a firewall rule applies to. returned: when specified sample: - 10.1.1.12/8 type: list src_tags: description: Instance Tags firewall rule applies to. returned: when specified while creating a firewall rule sample: - foo - bar type: list state: description: State of the item operated on. returned: always sample: present type: str subnet_name: description: Name of the subnetwork. returned: when specified or when a subnetwork is created sample: my-subnetwork type: str subnet_region: description: Region of the specified subnet. returned: when specified or when a subnetwork is created sample: us-east1 type: str target_tags: description: Instance Tags with these tags receive traffic allowed by firewall rule. returned: when specified while creating a firewall rule sample: - foo - bar type: list