gce_net – create/destroy GCE networks and firewall rules

From Get docs
Ansible/docs/2.7/modules/gce net module


gce_net – create/destroy GCE networks and firewall rules

New in version 1.5.


Synopsis

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 2.6
  • apache-libcloud >= 0.13.3, >= 0.17.0 if using JSON credentials

Parameters

Parameter Choices/Defaults Comments

allowed

-

the protocol:ports to allow (tcp:80 or tcp:80,443 or tcp:80-800;udp:1-25) this parameter is mandatory when creating or updating a firewall rule

credentials_file

-

added in 2.1.0

path to the JSON file associated with the service account email

fwname

-

name of the firewall rule


aliases: fwrule

ipv4_range

-

the IPv4 address range in CIDR notation for the network this parameter is not mandatory when you specified existing network in name parameter, but when you create new network, this parameter is mandatory


aliases: cidr

mode

-

added in 2.2

  • legacy

  • auto
  • custom

network mode for Google Cloud legacy indicates a network with an IP address range; auto automatically generates subnetworks in different regions; custom uses networks to group subnets of user specified IP address ranges https://cloud.google.com/compute/docs/networking#network_types

name

-

name of the network

pem_file

-

added in 1.6

path to the pem file associated with the service account email This option is deprecated. Use credentials_file.

project_id

-

added in 1.6

your GCE project ID

service_account_email

-

added in 1.6

service account email

src_range

-

Default:

[]

the source IPv4 address range in CIDR notation


aliases: src_cidr

src_tags

-

Default:

[]

the source instance tags for creating a firewall rule

state

-

  • active
  • present

  • absent
  • deleted

desired state of the network or firewall

subnet_desc

-

added in 2.2

description of subnet to create

subnet_name

-

added in 2.2

name of subnet to create

subnet_region

-

added in 2.2

region of subnet to create

target_tags

-

added in 1.9

Default:

[]

the target instance tags for creating a firewall rule



Examples

# Create a 'legacy' Network
- name: Create Legacy Network
  gce_net:
    name: legacynet
    ipv4_range: '10.24.17.0/24'
    mode: legacy
    state: present

# Create an 'auto' Network
- name: Create Auto Network
  gce_net:
    name: autonet
    mode: auto
    state: present

# Create a 'custom' Network
- name: Create Custom Network
  gce_net:
    name: customnet
    mode: custom
    subnet_name: "customsubnet"
    subnet_region: us-east1
    ipv4_range: '10.240.16.0/24'
    state: "present"

# Create Firewall Rule with Source Tags
- name: Create Firewall Rule w/Source Tags
  gce_net:
    name: default
    fwname: "my-firewall-rule"
    allowed: tcp:80
    state: "present"
    src_tags: "foo,bar"

# Create Firewall Rule with Source Range
- name: Create Firewall Rule w/Source Range
  gce_net:
    name: default
    fwname: "my-firewall-rule"
    allowed: tcp:80
    state: "present"
    src_range: ['10.1.1.1/32']

# Create Custom Subnetwork
- name: Create Custom Subnetwork
  gce_net:
    name: privatenet
    mode: custom
    subnet_name: subnet_example
    subnet_region: us-central1
    ipv4_range: '10.0.0.0/16'

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

allowed

string

When specified

Rules (ports and protocols) specified by this firewall rule.


Sample:

tcp:80;icmp

fwname

string

When specified

Name of the firewall rule.


Sample:

my-fwname

ipv4_range

string

when specified or when a subnetwork is created

IPv4 range of the specified network or subnetwork.


Sample:

10.0.0.0/16

name

string

always

Name of the network.


Sample:

my-network

src_range

list

when specified

IP address blocks a firewall rule applies to.


Sample:

['10.1.1.12/8']

src_tags

list

when specified while creating a firewall rule

Instance Tags firewall rule applies to.


Sample:

['foo', 'bar']

state

string

always

State of the item operated on.


Sample:

present

subnet_name

string

when specified or when a subnetwork is created

Name of the subnetwork.


Sample:

my-subnetwork

subnet_region

string

when specified or when a subnetwork is created

Region of the specified subnet.


Sample:

us-east1

target_tags

list

when specified while creating a firewall rule

Instance Tags with these tags receive traffic allowed by firewall rule.


Sample:

['foo', 'bar']




Status

Authors

Hint

If you notice any issues in this documentation you can edit this document to improve it.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.7/modules/gce_net_module.html