New in version 1.5.
The below requirements are needed on the host that executes this module.
Parameter |
Choices/Defaults |
Comments |
---|---|---|
allowed
|
|
the protocol:ports to allow ('tcp:80' or 'tcp:80,443' or 'tcp:80-800;udp:1-25') this parameter is mandatory when creating or updating a firewall rule
|
credentials_file
(added in 2.1.0) |
|
path to the JSON file associated with the service account email
|
fwname
|
|
name of the firewall rule
aliases: fwrule |
ipv4_range
|
|
the IPv4 address range in CIDR notation for the network this parameter is not mandatory when you specified existing network in name parameter, but when you create new network, this parameter is mandatory
aliases: cidr |
mode
(added in 2.2) |
|
network mode for Google Cloud "legacy" indicates a network with an IP address range "auto" automatically generates subnetworks in different regions "custom" uses networks to group subnets of user specified IP address ranges https://cloud.google.com/compute/docs/networking#network_types
|
name
|
|
name of the network
|
pem_file
(added in 1.6) |
|
path to the pem file associated with the service account email This option is deprecated. Use 'credentials_file'.
|
project_id
(added in 1.6) |
|
your GCE project ID
|
service_account_email
(added in 1.6) |
|
service account email
|
src_range
|
Default:
[]
|
the source IPv4 address range in CIDR notation
aliases: src_cidr |
src_tags
|
Default:
[]
|
the source instance tags for creating a firewall rule
|
state
|
|
desired state of the network or firewall
|
subnet_desc
(added in 2.2) |
|
description of subnet to create
|
subnet_name
(added in 2.2) |
|
name of subnet to create
|
subnet_region
(added in 2.2) |
|
region of subnet to create
|
target_tags
(added in 1.9) |
Default:
[]
|
the target instance tags for creating a firewall rule
|
# Create a 'legacy' Network
- name: Create Legacy Network
gce_net:
name: legacynet
ipv4_range: '10.24.17.0/24'
mode: legacy
state: present
# Create an 'auto' Network
- name: Create Auto Network
gce_net:
name: autonet
mode: auto
state: present
# Create a 'custom' Network
- name: Create Custom Network
gce_net:
name: customnet
mode: custom
subnet_name: "customsubnet"
subnet_region: us-east1
ipv4_range: '10.240.16.0/24'
state: "present"
# Create Firewall Rule with Source Tags
- name: Create Firewall Rule w/Source Tags
gce_net:
name: default
fwname: "my-firewall-rule"
allowed: tcp:80
state: "present"
src_tags: "foo,bar"
# Create Firewall Rule with Source Range
- name: Create Firewall Rule w/Source Range
gce_net:
name: default
fwname: "my-firewall-rule"
allowed: tcp:80
state: "present"
src_range: ['10.1.1.1/32']
# Create Custom Subnetwork
- name: Create Custom Subnetwork
gce_net:
name: privatenet
mode: custom
subnet_name: subnet_example
subnet_region: us-central1
ipv4_range: '10.0.0.0/16'
Common return values are documented here, the following are the fields unique to this module:
Key |
Returned |
Description |
---|---|---|
allowed
string
|
When specified |
Rules (ports and protocols) specified by this firewall rule.
Sample:
tcp:80;icmp
|
fwname
string
|
When specified |
Name of the firewall rule.
Sample:
my-fwname
|
ipv4_range
string
|
when specified or when a subnetwork is created |
IPv4 range of the specified network or subnetwork.
Sample:
10.0.0.0/16
|
name
string
|
always |
Name of the network.
Sample:
my-network
|
src_range
list
|
when specified |
IP address blocks a firewall rule applies to.
Sample:
['10.1.1.12/8']
|
src_tags
list
|
when specified while creating a firewall rule |
Instance Tags firewall rule applies to.
Sample:
['foo', 'bar']
|
state
string
|
always |
State of the item operated on.
Sample:
present
|
subnet_name
string
|
when specified or when a subnetwork is created |
Name of the subnetwork.
Sample:
my-subnetwork
|
subnet_region
string
|
when specified or when a subnetwork is created |
Region of the specified subnet.
Sample:
us-east1
|
target_tags
list
|
when specified while creating a firewall rule |
Instance Tags with these tags receive traffic allowed by firewall rule.
Sample:
['foo', 'bar']
|
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
Hint
If you notice any issues in this documentation you can edit this document to improve it.