blame | history | raw
Vince Power
2020-03-13 db6af5c6a60e5f02e0a831aac21e73901f8dbba3 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

{% set network = project_tag + "-network" %}


{% set subnet0 = project_tag + "-subnet0" %}


 


resources:


 


{# NETWORK #}


 


- name: {{ network }}


  type: compute.v1.network


  properties:


    autoCreateSubnetworks: false


 


- name: {{ subnet0 }}


  type: compute.v1.subnetwork


  properties:


    ipCidrRange: 10.254.0.0/24


    network: $(ref.{{ network }}.selfLink)


    region: {{ gcp_region }}


 


{# NETWORK #}


 


{# FIREWALL #}


 


- name: {{ project_tag + 'fw' }}


  type: compute.v1.firewall


  properties:


    network: $(ref.{{ network }}.selfLink)


    sourceRanges: [ "0.0.0.0/0" ]


    allowed:


    - IPProtocol: TCP


      ports: [ "0-65535" ]


    - IPProtocol: UDP


      ports: [ "0-65535" ]


    - IPProtocol: ICMP


 


{# FIREWALL #}


 


{# INSTANCES #}


 


- name: {{ project_tag + '-vm' }}


  type: compute.v1.instance


  properties:


    zone: {{ gcp_zone }}


    machineType: zones/{{ gcp_zone }}/machineTypes/n1-standard-2


    metadata:


      items:


        - key: ssh-keys


          value: "{{ remote_user }}:{{ ssh_key_data }} {% for adminkey in opentlc_admin_pub_keys %}\n{{ remote_user }}:{{ adminkey }} {% endfor %}"


    disks:


    - deviceName: boot


      type: PERSISTENT


      boot: true


      autoDelete: true


      initializeParams:


        diskName: {{ project_tag + '-vm-disk' }}


        sourceImage: https://www.googleapis.com/compute/v1/projects/{{ gcp_rhel_image_project }}/global/images/family/{{ gcp_rhel_image_family }}


    networkInterfaces:


    - network: $(ref.{{ network }}.selfLink)


      subnetwork: $(ref.{{ subnet0 }}.selfLink)


      networkIP: 10.254.0.123


      accessConfigs:


      - name: External NAT


        type: ONE_TO_ONE_NAT


    labels:


      project: {{ project_tag }}


      ansiblegroup: bastions


      ostype: linux


    serviceAccounts:


    - email: default


      scopes:


        - 'https://www.googleapis.com/auth/compute'


        - 'https://www.googleapis.com/auth/devstorage.read_only'


        - 'https://www.googleapis.com/auth/logging.write'


        - 'https://www.googleapis.com/auth/monitoring.write'


        - 'https://www.googleapis.com/auth/servicecontrol'


        - 'https://www.googleapis.com/auth/service.management'


        - 'https://www.googleapis.com/auth/trace.append'


        - 'https://www.googleapis.com/auth/userinfo.email'


 


{# INSTANCES #}


 


outputs: