gcp_compute_vpn_tunnel – Creates a GCP VpnTunnel
New in version 2.7.
Synopsis
- VPN tunnel resource.
Requirements
The below requirements are needed on the host that executes this module.
- python >= 2.6
- requests >= 2.18.4
- google-auth >= 1.3.0
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| auth_kind - / required |
| The type of credential used. |
| description - | An optional description of this resource. | |
| ike_version - | Default: 2 | IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway. Acceptable IKE versions are 1 or 2. Default version is 2. |
| labels - | Labels to apply to this VpnTunnel. | |
| local_traffic_selector - | Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint. Only IPv4 is supported. | |
| name - / required | Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. | |
| peer_ip - / required | IP address of the peer VPN gateway. Only IPv4 is supported. | |
| project - | Default: null | The Google Cloud Platform project to use. |
| region - / required | The region where the tunnel is located. | |
| remote_traffic_selector - | Remote traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint. Only IPv4 is supported. | |
| router - | URL of router resource to be used for dynamic routing. | |
| scopes - | Array of scopes to be used. | |
| service_account_email - | An optional service account email address if machineaccount is selected and the user does not wish to use the default email. | |
| service_account_file - | The path of a Service Account JSON file if serviceaccount is selected as type. | |
| shared_secret - / required | Shared secret used to set the secure session between the Cloud VPN gateway and the peer VPN gateway. | |
| state - |
| Whether the given object should exist in GCP |
| target_vpn_gateway - / required | URL of the Target VPN gateway with which this VPN tunnel is associated. |
Notes
Note
- API Reference: https://cloud.google.com/compute/docs/reference/rest/v1/vpnTunnels
- Cloud VPN Overview: https://cloud.google.com/vpn/docs/concepts/overview
- Networks and Tunnel Routing: https://cloud.google.com/vpn/docs/concepts/choosing-networks-routing
- For authentication, you can set service_account_file using the
GCP_SERVICE_ACCOUNT_FILEenv variable. - For authentication, you can set service_account_email using the
GCP_SERVICE_ACCOUNT_EMAILenv variable. - For authentication, you can set auth_kind using the
GCP_AUTH_KINDenv variable. - For authentication, you can set scopes using the
GCP_SCOPESenv variable. - Environment variables values will only be used if the playbook values are not set.
- The service_account_email and service_account_file options are mutually exclusive.
Examples
- name: create a network
gcp_compute_network:
name: "network-vpn_tunnel"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: network
- name: create a router
gcp_compute_router:
name: "router-vpn_tunnel"
network: "{{ network }}"
bgp:
asn: 64514
advertise_mode: CUSTOM
advertised_groups:
- ALL_SUBNETS
advertised_ip_ranges:
- range: 1.2.3.4
- range: 6.7.0.0/16
region: us-central1
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: router
- name: create a target vpn gateway
gcp_compute_target_vpn_gateway:
name: "gateway-vpn_tunnel"
region: us-west1
network: "{{ network }}"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: gateway
- name: create a vpn tunnel
gcp_compute_vpn_tunnel:
name: "test_object"
region: us-west1
target_vpn_gateway: "{{ gateway }}"
router: "{{ router }}"
shared_secret: super secret
project: "test_project"
auth_kind: "service_account"
service_account_file: "/tmp/auth.pem"
state: present
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| creation_timestamp string | success | Creation timestamp in RFC3339 text format. |
| description string | success | An optional description of this resource. |
| ike_version integer | success | IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway. Acceptable IKE versions are 1 or 2. Default version is 2. |
| labels dictionary | success | Labels to apply to this VpnTunnel. |
| local_traffic_selector list | success | Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint. Only IPv4 is supported. |
| name string | success | Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. |
| peer_ip string | success | IP address of the peer VPN gateway. Only IPv4 is supported. |
| region string | success | The region where the tunnel is located. |
| remote_traffic_selector list | success | Remote traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint. Only IPv4 is supported. |
| router string | success | URL of router resource to be used for dynamic routing. |
| shared_secret string | success | Shared secret used to set the secure session between the Cloud VPN gateway and the peer VPN gateway. |
| shared_secret_hash string | success | Hash of the shared secret. |
| target_vpn_gateway dictionary | success | URL of the Target VPN gateway with which this VPN tunnel is associated. |
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Google Inc. (@googlecloudplatform)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.7/modules/gcp_compute_vpn_tunnel_module.html