{% set network = project_tag + "-network" %}
|
{% set subnet0 = project_tag + "-subnet0" %}
|
|
resources:
|
|
{# NETWORK #}
|
|
- name: {{ network }}
|
type: compute.v1.network
|
properties:
|
autoCreateSubnetworks: false
|
|
- name: {{ subnet0 }}
|
type: compute.v1.subnetwork
|
properties:
|
ipCidrRange: 10.254.0.0/24
|
network: $(ref.{{ network }}.selfLink)
|
region: {{ gcp_region }}
|
|
{# NETWORK #}
|
|
{# FIREWALL #}
|
|
- name: {{ project_tag + 'fw' }}
|
type: compute.v1.firewall
|
properties:
|
network: $(ref.{{ network }}.selfLink)
|
sourceRanges: [ "0.0.0.0/0" ]
|
allowed:
|
- IPProtocol: TCP
|
ports: [ "0-65535" ]
|
- IPProtocol: UDP
|
ports: [ "0-65535" ]
|
- IPProtocol: ICMP
|
|
{# FIREWALL #}
|
|
{# INSTANCES #}
|
|
- name: {{ project_tag + '-vm' }}
|
type: compute.v1.instance
|
properties:
|
zone: {{ gcp_zone }}
|
machineType: zones/{{ gcp_zone }}/machineTypes/n1-standard-2
|
metadata:
|
items:
|
- key: ssh-keys
|
value: "{{ remote_user }}:{{ ssh_key_data }} {% for adminkey in opentlc_admin_pub_keys %}\n{{ remote_user }}:{{ adminkey }} {% endfor %}"
|
disks:
|
- deviceName: boot
|
type: PERSISTENT
|
boot: true
|
autoDelete: true
|
initializeParams:
|
diskName: {{ project_tag + '-vm-disk' }}
|
sourceImage: https://www.googleapis.com/compute/v1/projects/{{ gcp_rhel_image_project }}/global/images/family/{{ gcp_rhel_image_family }}
|
networkInterfaces:
|
- network: $(ref.{{ network }}.selfLink)
|
subnetwork: $(ref.{{ subnet0 }}.selfLink)
|
networkIP: 10.254.0.123
|
accessConfigs:
|
- name: External NAT
|
type: ONE_TO_ONE_NAT
|
labels:
|
project: {{ project_tag }}
|
ansiblegroup: bastions
|
ostype: linux
|
serviceAccounts:
|
- email: default
|
scopes:
|
- 'https://www.googleapis.com/auth/compute'
|
- 'https://www.googleapis.com/auth/devstorage.read_only'
|
- 'https://www.googleapis.com/auth/logging.write'
|
- 'https://www.googleapis.com/auth/monitoring.write'
|
- 'https://www.googleapis.com/auth/servicecontrol'
|
- 'https://www.googleapis.com/auth/service.management'
|
- 'https://www.googleapis.com/auth/trace.append'
|
- 'https://www.googleapis.com/auth/userinfo.email'
|
|
{# INSTANCES #}
|
|
outputs:
|