gcp_compute_vpn_tunnel – Creates a GCP VpnTunnel
gcp_compute_vpn_tunnel – Creates a GCP VpnTunnel
New in version 2.7.
Synopsis
- VPN tunnel resource.
Requirements
The below requirements are needed on the host that executes this module.
- python >= 2.6
- requests >= 2.18.4
- google-auth >= 1.3.0
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
auth_kind - / required |
|
The type of credential used. |
description - |
An optional description of this resource. | |
ike_version - |
Default: 2 |
IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway. Acceptable IKE versions are 1 or 2. Default version is 2. |
labels - |
Labels to apply to this VpnTunnel. | |
local_traffic_selector - |
Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint. Only IPv4 is supported. | |
name - / required |
Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. | |
peer_ip - / required |
IP address of the peer VPN gateway. Only IPv4 is supported. | |
project - |
Default: null |
The Google Cloud Platform project to use. |
region - / required |
The region where the tunnel is located. | |
remote_traffic_selector - |
Remote traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint. Only IPv4 is supported. | |
router - |
URL of router resource to be used for dynamic routing. | |
scopes - |
Array of scopes to be used. | |
service_account_email - |
An optional service account email address if machineaccount is selected and the user does not wish to use the default email. | |
service_account_file - |
The path of a Service Account JSON file if serviceaccount is selected as type. | |
shared_secret - / required |
Shared secret used to set the secure session between the Cloud VPN gateway and the peer VPN gateway. | |
state - |
|
Whether the given object should exist in GCP |
target_vpn_gateway - / required |
URL of the Target VPN gateway with which this VPN tunnel is associated. |
Notes
Note
- API Reference: https://cloud.google.com/compute/docs/reference/rest/v1/vpnTunnels
- Cloud VPN Overview: https://cloud.google.com/vpn/docs/concepts/overview
- Networks and Tunnel Routing: https://cloud.google.com/vpn/docs/concepts/choosing-networks-routing
- For authentication, you can set service_account_file using the
GCP_SERVICE_ACCOUNT_FILE
env variable. - For authentication, you can set service_account_email using the
GCP_SERVICE_ACCOUNT_EMAIL
env variable. - For authentication, you can set auth_kind using the
GCP_AUTH_KIND
env variable. - For authentication, you can set scopes using the
GCP_SCOPES
env variable. - Environment variables values will only be used if the playbook values are not set.
- The service_account_email and service_account_file options are mutually exclusive.
Examples
- name: create a network
gcp_compute_network:
name: "network-vpn_tunnel"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: network
- name: create a router
gcp_compute_router:
name: "router-vpn_tunnel"
network: "{{ network }}"
bgp:
asn: 64514
advertise_mode: CUSTOM
advertised_groups:
- ALL_SUBNETS
advertised_ip_ranges:
- range: 1.2.3.4
- range: 6.7.0.0/16
region: us-central1
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: router
- name: create a target vpn gateway
gcp_compute_target_vpn_gateway:
name: "gateway-vpn_tunnel"
region: us-west1
network: "{{ network }}"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: gateway
- name: create a vpn tunnel
gcp_compute_vpn_tunnel:
name: "test_object"
region: us-west1
target_vpn_gateway: "{{ gateway }}"
router: "{{ router }}"
shared_secret: super secret
project: "test_project"
auth_kind: "service_account"
service_account_file: "/tmp/auth.pem"
state: present
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
creation_timestamp string |
success |
Creation timestamp in RFC3339 text format.
|
description string |
success |
An optional description of this resource.
|
ike_version integer |
success |
IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway. Acceptable IKE versions are 1 or 2. Default version is 2.
|
labels dictionary |
success |
Labels to apply to this VpnTunnel.
|
local_traffic_selector list |
success |
Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint. Only IPv4 is supported.
|
name string |
success |
Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
|
peer_ip string |
success |
IP address of the peer VPN gateway. Only IPv4 is supported.
|
region string |
success |
The region where the tunnel is located.
|
remote_traffic_selector list |
success |
Remote traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint. Only IPv4 is supported.
|
router string |
success |
URL of router resource to be used for dynamic routing.
|
shared_secret string |
success |
Shared secret used to set the secure session between the Cloud VPN gateway and the peer VPN gateway.
|
shared_secret_hash string |
success |
Hash of the shared secret.
|
target_vpn_gateway dictionary |
success |
URL of the Target VPN gateway with which this VPN tunnel is associated.
|
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Google Inc. (@googlecloudplatform)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.7/modules/gcp_compute_vpn_tunnel_module.html