gce_net - create/destroy GCE networks and firewall rules

New in version 1.5.

Synopsis

Requirements (on host that executes module)

  • python >= 2.6
  • apache-libcloud >= 0.13.3, >= 0.17.0 if using JSON credentials

Options

parameter required default choices comments
allowed
no
the protocol:ports to allow ('tcp:80' or 'tcp:80,443' or 'tcp:80-800;udp:1-25') this parameter is mandatory when creating or updating a firewall rule
credentials_file
(added in 2.1.0)
no
path to the JSON file associated with the service account email
fwname
no
name of the firewall rule
aliases: fwrule
ipv4_range
no
the IPv4 address range in CIDR notation for the network this parameter is not mandatory when you specified existing network in name parameter, but when you create new network, this parameter is mandatory
aliases: cidr
mode
(added in 2.2)
no legacy
  • legacy
  • auto
  • custom
network mode for Google Cloud "legacy" indicates a network with an IP address range "auto" automatically generates subnetworks in different regions "custom" uses networks to group subnets of user specified IP address ranges https://cloud.google.com/compute/docs/networking#network_types
name
no
name of the network
pem_file
(added in 1.6)
no
path to the pem file associated with the service account email This option is deprecated. Use 'credentials_file'.
project_id
(added in 1.6)
no
your GCE project ID
service_account_email
(added in 1.6)
no
service account email
src_range
no
the source IPv4 address range in CIDR notation
aliases: src_cidr
src_tags
no
the source instance tags for creating a firewall rule
state
no present
  • active
  • present
  • absent
  • deleted
desired state of the network or firewall
subnet_desc
(added in 2.2)
no
description of subnet to create
subnet_name
(added in 2.2)
no
name of subnet to create
subnet_region
(added in 2.2)
no
region of subnet to create
target_tags
(added in 1.9)
no
the target instance tags for creating a firewall rule

Examples

# Create a 'legacy' Network
- name: Create Legacy Network
  gce_net:
    name: legacynet
    ipv4_range: '10.24.17.0/24'
    mode: legacy
    state: present

# Create an 'auto' Network
- name: Create Auto Network
  gce_net:
    name: autonet
    mode: auto
    state: present

# Create a 'custom' Network
- name: Create Custom Network
  gce_net:
    name: customnet
    mode: custom
    subnet_name: "customsubnet"
    subnet_region: us-east1
    ipv4_range: '10.240.16.0/24'
    state: "present"

# Create Firewall Rule with Source Tags
- name: Create Firewall Rule w/Source Tags
  gce_net:
    name: default
    fwname: "my-firewall-rule"
    allowed: tcp:80
    state: "present"
    src_tags: "foo,bar"

# Create Firewall Rule with Source Range
- name: Create Firewall Rule w/Source Range
  gce_net:
    name: default
    fwname: "my-firewall-rule"
    allowed: tcp:80
    state: "present"
    src_range: ['10.1.1.1/32']

# Create Custom Subnetwork
- name: Create Custom Subnetwork
  gce_net:
    name: privatenet
    mode: custom
    subnet_name: subnet_example
    subnet_region: us-central1
    ipv4_range: '10.0.0.0/16'

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name description returned type sample
allowed
Rules (ports and protocols) specified by this firewall rule.
When specified string tcp:80;icmp
fwname
Name of the firewall rule.
When specified string my-fwname
ipv4_range
IPv4 range of the specified network or subnetwork.
when specified or when a subnetwork is created string 10.0.0.0/16
name
Name of the network.
always string my-network
src_range
IP address blocks a firewall rule applies to.
when specified list ['10.1.1.12/8']
src_tags
Instance Tags firewall rule applies to.
when specified while creating a firewall rule list ['foo', 'bar']
state
State of the item operated on.
always string present
subnet_name
Name of the subnetwork.
when specified or when a subnetwork is created string my-subnetwork
subnet_region
Region of the specified subnet.
when specified or when a subnetwork is created string us-east1
target_tags
Instance Tags with these tags receive traffic allowed by firewall rule.
when specified while creating a firewall rule list ['foo', 'bar']

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/gce_net_module.html