Google Cloud Platform

The Google Cloud Platform (gcloud) provider manages one resource, gcloud_gce.

gcloud_gce

Google Compute Engine (gce) instances are provisioned using this resource.

• :docs1.5:`Topology Example <workspaces/topologies/gce-new.yml>`

• Ansible module

gcloud_gce_eip

Google Compute enginer external IP (gce_eip) are provisioned using this resource.

• :docs1.5:`Topology Example <workspaces/topologies/gce-eip.yml>`

• Ansible module <http://docs.ansible.com/ansible/latest/gce_eip_module.html>

gcloud_gce_net

Google compute engine network (gce_net) are provisioned using this resource.

• :docs1.5:`Topology Example <workspaces/topologies/gce-net.yml>`

• Ansible module <http://docs.ansible.com/ansible/latest/gce_net_module.html>

gcloud_gcdns_zone

Google DNS zone (gcdns_zone) are provisioned using this resource.

• :docs1.5:`Topology Example <workspaces/topologies/gcdns-zone.yml>`

• Ansible module <https://docs.ansible.com/ansible/latest/modules/gcdns_zone_module.html>

gcloud_gcdns_record

Google DNS zone records (gcdns_record) are provisioned using this resource.

• :docs1.5:`Topology Example <workspaces/topologies/gcdns-record.yml>`

• Ansible module <https://docs.ansible.com/ansible/latest/modules/gcdns_record_module.html>

gcloud_gcp_compute_network

Google cloud compute networks are provisioned using this resource.

• :docs1.5:`Topology Example <workspaces/topologies/gcp-compute-network.yml>`

• Ansible module <https://docs.ansible.com/ansible/latest/modules/gcp_compute_network_module.html>

gcloud_gcp_compute_router

Google cloud compute routers are provisioned using this resource.

• :docs1.5:`Topology Example <workspace/topologies/gcp-compute-router.yml>`

• Ansible module <https://docs.ansible.com/ansible/latest/modules/gcp_compute_router_module.html>

Additional Dependencies

No additional dependencies are required for the Google Cloud (gcloud) Provider.

Credentials Management

Google Compute Engine provides several ways to provide credentials. LinchPin supports some of these methods for passing credentials for use with openstack resources.

Google Cloud Key File

GCloud allows for the creation of keyfiles for authentication. A keyfile will look something like this:

{
  "type": "service_account",
  "project_id": "[PROJECT-ID]",
  "private_key_id": "[KEY-ID]",
  "private_key": "-----BEGIN PRIVATE KEY-----\n[PRIVATE-KEY]\n-----END PRIVATE KEY-----\n",
  "client_email": "[SERVICE-ACCOUNT-EMAIL]",
  "client_id": "[CLIENT-ID]",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://accounts.google.com/o/oauth2/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/[SERVICE-ACCOUNT-EMAIL]"
}

To learn how to generate key files, see the google cloud documentation <https://cloud.google.com/iam/docs/creating-managing-service-account-keys>.

This mechanism requires that credentials data be passed into LinchPin. A GCloud topology can have a credentials section for each resource_group, which requires the filename and the profile name. By default, LinchPin searches for the filename in {{ workspace }}/credentials but can be made to search other places by setting the evars.default_credentials_path variable in your linchpin.conf. The credentials path can also be overridden by using the --creds-path flag.

---
topology_name: mytopo
resource_groups:
  - resource_group_name: gce
  - resource_group_type: gcloud
    resource_definitions:

      .. snip ..

    credentials:
      filename: gcloud.key

Environment Variables

LinchPin honors the gcloud environment variables.

Configuration Files

Google Cloud Platform provides tooling for authentication. See https://cloud.google.com/appengine/docs/standard/python/oauth/ for options.