gcp_compute_vpn_tunnel – Creates a GCP VpnTunnel
New in version 2.7.
Synopsis
- VPN tunnel resource.
Requirements
The below requirements are needed on the host that executes this module.
- python >= 2.6
- requests >= 2.18.4
- google-auth >= 1.3.0
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| auth_kind
string / required
|
|
The type of credential used.
|
| description
-
|
An optional description of this resource.
|
|
| ike_version
-
|
Default:
"2"
|
IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway.
Acceptable IKE versions are 1 or 2. Default version is 2.
|
| local_traffic_selector
-
|
Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint.
Only IPv4 is supported.
|
|
| name
- / required
|
Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
|
|
| peer_ip
- / required
|
IP address of the peer VPN gateway. Only IPv4 is supported.
|
|
| project
string
|
The Google Cloud Platform project to use.
|
|
| region
- / required
|
The region where the tunnel is located.
|
|
| remote_traffic_selector
-
|
Remote traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint.
Only IPv4 is supported.
|
|
| router
-
|
URL of router resource to be used for dynamic routing.
This field represents a link to a Router resource in GCP. It can be specified in two ways. First, you can place a dictionary with key 'selfLink' and value of your resource's selfLink Alternatively, you can add `register: name-of-resource` to a gcp_compute_router task and then set this router field to "{{ name-of-resource }}"
|
|
| scopes
list
|
Array of scopes to be used.
|
|
| service_account_contents
string
|
A string representing the contents of a Service Account JSON file.
This should not be passed in as a dictionary, but a string that has the exact contents of a service account json file (valid JSON)
|
|
| service_account_email
string
|
An optional service account email address if machineaccount is selected and the user does not wish to use the default email.
|
|
| service_account_file
path
|
The path of a Service Account JSON file if serviceaccount is selected as type.
|
|
| shared_secret
- / required
|
Shared secret used to set the secure session between the Cloud VPN gateway and the peer VPN gateway.
|
|
| state
-
|
|
Whether the given object should exist in GCP
|
| target_vpn_gateway
- / required
|
URL of the Target VPN gateway with which this VPN tunnel is associated.
This field represents a link to a TargetVpnGateway resource in GCP. It can be specified in two ways. First, you can place a dictionary with key 'selfLink' and value of your resource's selfLink Alternatively, you can add `register: name-of-resource` to a gcp_compute_target_vpn_gateway task and then set this target_vpn_gateway field to "{{ name-of-resource }}"
|
Notes
Note
- API Reference: https://cloud.google.com/compute/docs/reference/rest/v1/vpnTunnels
- Cloud VPN Overview: https://cloud.google.com/vpn/docs/concepts/overview
- Networks and Tunnel Routing: https://cloud.google.com/vpn/docs/concepts/choosing-networks-routing
- For authentication, you can set service_account_file using the
GCP_SERVICE_ACCOUNT_FILEenv variable. - For authentication, you can set service_account_email using the
GCP_SERVICE_ACCOUNT_EMAILenv variable. - For authentication, you can set service_account_contents using the
GCP_SERVICE_ACCOUNT_CONTENTSenv variable. - For authentication, you can set auth_kind using the
GCP_AUTH_KINDenv variable. - For authentication, you can set scopes using the
GCP_SCOPESenv variable. - Environment variables values will only be used if the playbook values are not set.
- The service_account_email and service_account_file options are mutually exclusive.
Examples
- name: create a network
gcp_compute_network:
name: network-vpn-tunnel
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: network
- name: create a router
gcp_compute_router:
name: router-vpn-tunnel
network: "{{ network }}"
bgp:
asn: 64514
advertise_mode: CUSTOM
advertised_groups:
- ALL_SUBNETS
advertised_ip_ranges:
- range: 1.2.3.4
- range: 6.7.0.0/16
region: us-central1
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: router
- name: create a target vpn gateway
gcp_compute_target_vpn_gateway:
name: gateway-vpn-tunnel
region: us-west1
network: "{{ network }}"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: gateway
- name: create a vpn tunnel
gcp_compute_vpn_tunnel:
name: test_object
region: us-west1
target_vpn_gateway: "{{ gateway }}"
router: "{{ router }}"
shared_secret: super secret
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| creationTimestamp
string
|
success |
Creation timestamp in RFC3339 text format.
|
| description
string
|
success |
An optional description of this resource.
|
| ikeVersion
integer
|
success |
IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway.
Acceptable IKE versions are 1 or 2. Default version is 2.
|
| localTrafficSelector
list
|
success |
Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint.
Only IPv4 is supported.
|
| name
string
|
success |
Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
|
| peerIp
string
|
success |
IP address of the peer VPN gateway. Only IPv4 is supported.
|
| region
string
|
success |
The region where the tunnel is located.
|
| remoteTrafficSelector
list
|
success |
Remote traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint.
Only IPv4 is supported.
|
| router
dictionary
|
success |
URL of router resource to be used for dynamic routing.
|
| sharedSecret
string
|
success |
Shared secret used to set the secure session between the Cloud VPN gateway and the peer VPN gateway.
|
| sharedSecretHash
string
|
success |
Hash of the shared secret.
|
| targetVpnGateway
dictionary
|
success |
URL of the Target VPN gateway with which this VPN tunnel is associated.
|
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Google Inc. (@googlecloudplatform)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/gcp_compute_vpn_tunnel_module.html