Google Cloud Platform Guide
Ansible contains modules for managing Google Cloud Platform resources,including creating instances, controlling network access, working withpersistent disks, managing load balancers, and a lot more.
These new modules can be found under a new consistent name scheme “gcp*”(Note: gcp_target_proxy and gcp_url_map are legacy modules, despite the “gcp*”name. Please use gcp_compute_target_proxy and gcp_compute_url_map instead).
Additionally, the gcp_compute inventory plugin can discover all GCE instancesand make them automatically available in your Ansible inventory.
You may see a collection of other GCP modules that do not conform to thisnaming convention. These are the original modules primarily developed by theAnsible community. You will find some overlapping functionality such as withthe “gce” module and the new “gcp_compute_instance” module. Either can beused, but you may experience issues trying to use them together.
While the community GCP modules are not going away, Google is investing effortinto the new “gcp_*” modules. Google is committed to ensuring the Ansiblecommunity has a great experience with GCP and therefore recommends that beginadopting these new modules if possible.
The Google Cloud Platform (GCP) modules require both the and thegoogle-auth
libraries to be installed.
- Service Accounts (Recommended): Use JSON service accounts with specific permissions.
- Machine Accounts: Use the permissions associated with the GCP Instance you’re using Ansible on.
For the following examples, we’ll be using service account credentials.
To work with the GCP modules, you’ll first need to get some credentials in theJSON format:
- Download JSON credentialsOnce you have your credentials, there are two different ways to provide them to Ansible:
- by specifying them directly as module parameters
- by setting environment variables
For the GCE modules you can specify the credentials as arguments:
auth_kind
: type of authentication being used (choices: machineaccount, serviceaccount, application)- : email associated with the project
service_account_file
: path to the JSON credentials fileproject
: id of the project- : The specific scopes that you want the actions to use.
For example, to create a new IP address using the gcp_compute_address module,you can use the following configuration:
- - name: Create IP address
- hosts: localhost
- connection: local
- gather_facts: no
- vars:
- service_account_file: /home/my_account.json
- project: my-project
- auth_kind: serviceaccount
- scopes:
- - www.googleapis.com/auth/compute
- tasks:
- - name: Allocate an IP Address
- gcp_compute_address:
- state: present
- name: 'test-address1'
- region: 'us-west1'
- project: "{{ project }}"
- auth_kind: "{{ auth_kind }}"
- service_account_file: "{{ service_account_file }}"
- scopes: "{{ scopes }}"
Set the following environment variables before running Ansible in order to configure your credentials:
The best way to interact with your hosts is to use the gcp_compute inventory plugin, which dynamically queries GCE and tells Ansible what nodes can be managed.
- enable_plugins = gcp_compute
Then, create a file that ends in .gcp.yml
in your root directory.
The gcp_compute inventory script takes in the same authentication information as any module.
Here’s an example of a valid inventory file:
Executing will create a list of GCP instances that are ready to be configured using Ansible.
The full range of GCP modules provide the ability to create a wide variety ofGCP resources with the full support of the entire GCP API.
The following playbook creates a GCE Instance. This instance relies on a GCPnetwork and a Disk. By creating the Disk and Network separately, we can give asmuch detail as necessary about how we want the disk and network formatted. Byregistering a Disk/Network to a variable, we can simply insert the variableinto the instance task. The gcp_compute_instance module will figure out therest.
- - name: Create an instance
- hosts: localhost
- gather_facts: no
- connection: local
- vars:
- project: my-project
- auth_kind: serviceaccount
- service_account_file: /home/my_account.json
- zone: "us-central1-a"
- region: "us-central1"
- tasks:
- - name: create a disk
- gcp_compute_disk:
- name: 'disk-instance'
- size_gb: 50
- source_image: 'projects/ubuntu-os-cloud/global/images/family/ubuntu-1604-lts'
- zone: "{{ zone }}"
- project: "{{ gcp_project }}"
- auth_kind: "{{ gcp_cred_kind }}"
- service_account_file: "{{ gcp_cred_file }}"
- scopes:
- - https://www.googleapis.com/auth/compute
- state: present
- register: disk
- - name: create a network
- gcp_compute_network:
- name: 'network-instance'
- project: "{{ gcp_project }}"
- auth_kind: "{{ gcp_cred_kind }}"
- service_account_file: "{{ gcp_cred_file }}"
- scopes:
- - https://www.googleapis.com/auth/compute
- state: present
- register: network
- - name: create a address
- gcp_compute_address:
- name: 'address-instance'
- region: "{{ region }}"
- project: "{{ gcp_project }}"
- service_account_file: "{{ gcp_cred_file }}"
- scopes:
- - https://www.googleapis.com/auth/compute
- state: present
- register: address
- - name: create a instance
- gcp_compute_instance:
- state: present
- name: test-vm
- machine_type: n1-standard-1
- disks:
- - auto_delete: true
- boot: true
- source: "{{ disk }}"
- network_interfaces:
- - network: "{{ network }}"
- access_configs:
- - name: 'External NAT'
- nat_ip: "{{ address }}"
- type: 'ONE_TO_ONE_NAT'
- zone: "{{ zone }}"
- project: "{{ gcp_project }}"
- auth_kind: "{{ gcp_cred_kind }}"
- service_account_file: "{{ gcp_cred_file }}"
- scopes:
- - https://www.googleapis.com/auth/compute
- register: instance
- - name: Wait for SSH to come up
- wait_for: host={{ instance.address }} port=22 delay=10 timeout=60
- - name: Add host to groupname
- add_host: hostname={{ instance.address }} groupname=new_instances
- - name: Manage new instances
- hosts: new_instances
- connection: ssh
- sudo: True
- roles:
- - base_configuration
For more information about Google Cloud, please visit the .