Google Cloud Platform¶
The Google Cloud Platform (gcloud) provider manages one resource, gcloud_gce
.
gcloud_gce¶
Google Compute Engine (gce) instances are provisioned using this resource.
gcloud_gce_eip¶
Google Compute enginer external IP (gce_eip) are provisioned using this resource.
:docs1.5:`Topology Example <workspaces/topologies/gce-eip.yml>`
Ansible module <http://docs.ansible.com/ansible/latest/gce_eip_module.html>
gcloud_gce_net¶
Google compute engine network (gce_net) are provisioned using this resource.
:docs1.5:`Topology Example <workspaces/topologies/gce-net.yml>`
Ansible module <http://docs.ansible.com/ansible/latest/gce_net_module.html>
gcloud_gcdns_zone¶
Google DNS zone (gcdns_zone) are provisioned using this resource.
:docs1.5:`Topology Example <workspaces/topologies/gcdns-zone.yml>`
Ansible module <https://docs.ansible.com/ansible/latest/modules/gcdns_zone_module.html>
gcloud_gcdns_record¶
Google DNS zone records (gcdns_record) are provisioned using this resource.
:docs1.5:`Topology Example <workspaces/topologies/gcdns-record.yml>`
Ansible module <https://docs.ansible.com/ansible/latest/modules/gcdns_record_module.html>
gcloud_gcp_compute_network¶
Google cloud compute networks are provisioned using this resource.
:docs1.5:`Topology Example <workspaces/topologies/gcp-compute-network.yml>`
Ansible module <https://docs.ansible.com/ansible/latest/modules/gcp_compute_network_module.html>
gcloud_gcp_compute_router¶
Google cloud compute routers are provisioned using this resource.
:docs1.5:`Topology Example <workspace/topologies/gcp-compute-router.yml>`
Ansible module <https://docs.ansible.com/ansible/latest/modules/gcp_compute_router_module.html>
Additional Dependencies¶
No additional dependencies are required for the Google Cloud (gcloud) Provider.
Credentials Management¶
Google Compute Engine provides several ways to provide credentials. LinchPin supports some of these methods for passing credentials for use with openstack resources.
Google Cloud Key File¶
GCloud allows for the creation of keyfiles for authentication. A keyfile will look something like this:
{
"type": "service_account",
"project_id": "[PROJECT-ID]",
"private_key_id": "[KEY-ID]",
"private_key": "-----BEGIN PRIVATE KEY-----\n[PRIVATE-KEY]\n-----END PRIVATE KEY-----\n",
"client_email": "[SERVICE-ACCOUNT-EMAIL]",
"client_id": "[CLIENT-ID]",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/[SERVICE-ACCOUNT-EMAIL]"
}
To learn how to generate key files, see the google cloud documentation <https://cloud.google.com/iam/docs/creating-managing-service-account-keys>.
This mechanism requires that credentials data be passed into LinchPin. A GCloud topology can have a credentials
section for each resource_group, which requires the filename and the profile name. By default, LinchPin searches for the filename in {{ workspace }}/credentials but can be made to search other places by setting the evars.default_credentials_path
variable in your linchpin.conf. The credentials path can also be overridden by using the --creds-path
flag.
---
topology_name: mytopo
resource_groups:
- resource_group_name: gce
- resource_group_type: gcloud
resource_definitions:
.. snip ..
credentials:
filename: gcloud.key
Environment Variables¶
LinchPin honors the gcloud environment variables.
Configuration Files¶
Google Cloud Platform provides tooling for authentication. See https://cloud.google.com/appengine/docs/standard/python/oauth/ for options.