Google Cloud Platform
The Google Cloud Platform (gcloud) provider manages one resource, gcloud_gce
.
gcloud_gce
Google Compute Engine (gce) instances are provisioned using this resource.
gcloud_gce_eip
Google Compute enginer external IP (gce_eip) are provisioned using this resource.
:docs1.5:`Topology Example <workspaces/topologies/gce-eip.yml>`
Ansible module <http://docs.ansible.com/ansible/latest/gce_eip_module.html>
gcloud_gce_net
Google compute engine network (gce_net) are provisioned using this resource.
:docs1.5:`Topology Example <workspaces/topologies/gce-net.yml>`
Ansible module <http://docs.ansible.com/ansible/latest/gce_net_module.html>
gcloud_gcdns_zone
Google DNS zone (gcdns_zone) are provisioned using this resource.
:docs1.5:`Topology Example <workspaces/topologies/gcdns-zone.yml>`
Ansible module <https://docs.ansible.com/ansible/latest/modules/gcdns_zone_module.html>
gcloud_gcdns_record
Google DNS zone records (gcdns_record) are provisioned using this resource.
:docs1.5:`Topology Example <workspaces/topologies/gcdns-record.yml>`
Ansible module <https://docs.ansible.com/ansible/latest/modules/gcdns_record_module.html>
gcloud_gcp_compute_network
Google cloud compute networks are provisioned using this resource.
:docs1.5:`Topology Example <workspaces/topologies/gcp-compute-network.yml>`
Ansible module <https://docs.ansible.com/ansible/latest/modules/gcp_compute_network_module.html>
gcloud_gcp_compute_router
Google cloud compute routers are provisioned using this resource.
:docs1.5:`Topology Example <workspace/topologies/gcp-compute-router.yml>`
Ansible module <https://docs.ansible.com/ansible/latest/modules/gcp_compute_router_module.html>
Additional Dependencies
No additional dependencies are required for the Google Cloud (gcloud) Provider.
Credentials Management
Google Compute Engine provides several ways to provide credentials. LinchPin supports some of these methods for passing credentials for use with openstack resources.
Google Cloud Key File
GCloud allows for the creation of keyfiles for authentication. A keyfile will look something like this:
{
"type": "service_account",
"project_id": "[PROJECT-ID]",
"private_key_id": "[KEY-ID]",
"private_key": "-----BEGIN PRIVATE KEY-----\n[PRIVATE-KEY]\n-----END PRIVATE KEY-----\n",
"client_email": "[SERVICE-ACCOUNT-EMAIL]",
"client_id": "[CLIENT-ID]",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/[SERVICE-ACCOUNT-EMAIL]"
}
To learn how to generate key files, see the google cloud documentation <https://cloud.google.com/iam/docs/creating-managing-service-account-keys>.
This mechanism requires that credentials data be passed into LinchPin. A GCloud topology can have a credentials
section for each resource_group, which requires the filename and the profile name. By default, LinchPin searches for the filename in {{ workspace }}/credentials but can be made to search other places by setting the evars.default_credentials_path
variable in your linchpin.conf. The credentials path can also be overridden by using the --creds-path
flag.
---
topology_name: mytopo
resource_groups:
- resource_group_name: gce
- resource_group_type: gcloud
resource_definitions:
.. snip ..
credentials:
filename: gcloud.key
Environment Variables
LinchPin honors the gcloud environment variables.
Configuration Files
Google Cloud Platform provides tooling for authentication. See https://cloud.google.com/appengine/docs/standard/python/oauth/ for options.