gcompute

A Puppet module to manage Google Compute Engine resources

Module Stats

12,360 downloads

6,679 latest version

4.6 quality score

Support the Puppet Community by contributing to this module

You are welcome to contribute to this module by suggesting new features, currency updates, or fixes. Every contribution is valuable to help ensure that the module remains compatible with the latest Puppet versions and continues to meet community needs. Complete the following steps:

Review the module’s contribution guidelines and any licenses. Ensure that your planned contribution aligns with the author’s standards and any legal requirements.
Fork the repository on GitHub, make changes on a branch of your fork, and submit a pull request. The pull request must clearly document your proposed change.

For questions about updating the module, contact the module’s author.

Version information

released Oct 4th 2018

This version is compatible with:

, , , , , ,

Tasks:

instance

reset

snapshot

Start using this module

Installation method

Add this module to your Puppetfile:

mod 'google-gcompute', '0.3.0'

Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add google-gcompute

Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install google-gcompute --version 0.3.0

Tags: cloud, compute, google, gce, engine

Documentation

google/gcompute — version 0.3.0 Oct 4th 2018

Google Compute Engine Puppet Module

Module Description - What the module does and why it is useful
Setup - The basics of getting started with Google Compute Engine
Usage - Configuration options and additional functionality
Reference - An under-the-hood peek at what the module is doing and how
Limitations - OS compatibility, etc.
Development - Guide for contributing to the module

Module Description

This Puppet module manages the resource of Google Compute Engine. You can manage its resources using standard Puppet DSL and the module will, under the hood, ensure the state described will be reflected in the Google Cloud Platform resources.

Setup

To install this module on your Puppet Master (or Puppet Client/Agent), use the Puppet module installer:

puppet module install google-gcompute

Optionally you can install support to all Google Cloud Platform products at once by installing our "bundle" [google-cloud][bundle-forge] module:

puppet module install google-cloud

Since this module depends on the googleauth and google-api-client gems, you will also need to install those, with

/opt/puppetlabs/puppet/bin/gem install googleauth google-api-client

If you prefer, you could also add the following to your puppet manifest:

    package { [
            'googleauth',
            'google-api-client',
        ]:
            ensure   => present,
            provider => puppet_gem,
    }

Usage

Credentials

All Google Cloud Platform modules use an unified authentication mechanism, provided by the [google-gauth][] module. Don't worry, it is automatically installed when you install this module.

gauth_credential { 'mycred':
  path     => $cred_path, # e.g. '/home/nelsonjr/my_account.json'
  provider => serviceaccount,
  scopes   => [
    'https://www.googleapis.com/auth/compute',
  ],
}

Please refer to the [google-gauth][] module for further requirements, i.e. required gems.

Examples

`gcompute_address`

gcompute_region { 'some-region':
  name       => 'us-west1',
  project    => $project, # e.g. 'my-test-project'
  credential => 'mycred',
}

gcompute_address { 'test1':
  ensure     => present,
  region     => 'some-region',
  project    => $project, # e.g. 'my-test-project'
  credential => 'mycred',
}

`gcompute_backend_bucket`

gcompute_backend_bucket { 'be-bucket-connection':
  ensure      => present,
  bucket_name => 'backend-bucket-test',
  description => 'A BackendBucket to connect LNB w/ Storage Bucket',
  enable_cdn  => true,
  project     => $project, # e.g. 'my-test-project'
  credential  => 'mycred',
}

`gcompute_backend_service`

# Backend Service requires various other services to be setup beforehand. Please
# make sure they are defined as well:
#   - gcompute_instance_group { ... }
#   - Health check
gcompute_backend_service { 'my-app-backend':
  ensure        => present,
  backends      => [
    { group => 'my-puppet-masters' },
  ],
  enable_cdn    => true,
  health_checks => [
    gcompute_health_check_ref('another-hc', 'google.com:graphite-playground'),
  ],
  project       => $project, # e.g. 'my-test-project'
  credential    => 'mycred',
}

`gcompute_disk_type`

gcompute_disk_type { 'pd-standard':
  default_disk_size_gb => 500,
  deprecated_deleted   => undef, # undef = not deprecated
  zone                 => 'us-central1-a',
  project              => $project, # e.g. 'my-test-project'
  credential           => 'mycred',
}

`gcompute_disk`

gcompute_disk { 'data-disk-1':
  ensure              => present,
  size_gb             => 50,
  disk_encryption_key => {
    raw_key => 'SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=',
  },
  zone                => 'us-central1-a',
  project             => $project, # e.g. 'my-test-project'
  credential          => 'mycred',
}

`gcompute_firewall`

gcompute_firewall { 'test-fw-allow-ssh':
  ensure      => present,
  allowed     => [
    {
      ip_protocol => 'tcp',
      ports       => [
        '22',
      ],
    },
  ],
  target_tags => [
    'test-ssh-server',
    'staging-ssh-server',
  ],
  source_tags => [
    'test-ssh-clients',
  ],
  project     => $project, # e.g. 'my-test-project'
  credential  => 'mycred',
}

`gcompute_forwarding_rule`

gcompute_forwarding_rule { 'test1':
  ensure      => present,
  ip_address  => gcompute_address_ref(
    'some-address',
    'us-west1', 'google.com:graphite-playground'
  ),
  ip_protocol => 'TCP',
  port_range  => '80',
  target      => 'target-pool',
  region      => 'some-region',
  project     => $project, # e.g. 'my-test-project'
  credential  => 'mycred',
}

`gcompute_global_address`

gcompute_global_address { 'my-app-lb-address':
  ensure     => present,
  project    => $project, # e.g. 'my-test-project'
  credential => 'mycred',
}

`gcompute_global_forwarding_rule`

gcompute_global_forwarding_rule { 'test1':
  ensure      => present,
  ip_address  => gcompute_global_address_ref(
    'my-app-lb-address',
    'google.com:graphite-playground'
  ),
  ip_protocol => 'TCP',
  port_range  => '80',
  target      => gcompute_target_http_proxy_ref(
    'my-http-proxy',
    'google.com:graphite-playground'
  ),
  project     => $project, # e.g. 'my-test-project'
  credential  => 'mycred',
}

`gcompute_http_health_check`

gcompute_http_health_check { 'my-app-http-hc':
  ensure              => present,
  healthy_threshold   => 10,
  port                => 8080,
  timeout_sec         => 2,
  unhealthy_threshold => 5,
  project             => $project, # e.g. 'my-test-project'
  credential          => 'mycred',
}

`gcompute_https_health_check`

gcompute_https_health_check { 'my-app-https-hc':
  ensure              => present,
  healthy_threshold   => 10,
  port                => 8080,
  timeout_sec         => 2,
  unhealthy_threshold => 5,
  project             => $project, # e.g. 'my-test-project'
  credential          => 'mycred',
}

`gcompute_health_check`

gcompute_health_check { 'my-app-tcp-hc':
  ensure              => present,
  type                => 'TCP',
  tcp_health_check    => {
    port_name => 'service-health',
    request   => 'ping',
    response  => 'pong',
  },
  healthy_threshold   => 10,
  timeout_sec         => 2,
  unhealthy_threshold => 5,
  project             => $project, # e.g. 'my-test-project'
  credential          => 'mycred',
}

`gcompute_instance_template`

# Power Tips:
#   1) Remember to define the resources needed to allocate the VM:
#      a) gcompute_disk_type (to be used in 'diskType' property)
#      b) gcompute_machine_type (to be used in 'machine_type' property)
#      c) gcompute_network (to be used in 'network_interfaces' property)
#      d) gcompute_subnetwork (to be used in the 'subnetwork' property)
#      e) gcompute_disk (to be used in the 'sourceDisk' property)
#   2) Don't forget to define a source_image for the OS of the boot disk
#      a) You can use the provided gcompute_image_family function to specify the
#         latest version of an operating system of a given family
#         e.g. Ubuntu 16.04
gcompute_instance_template { 'instance-template':
  ensure     => present,
  properties => {
    machine_type       => 'n1-standard-1',
    disks              => [
      {
        # Tip: Auto delete will prevent disks from being left behind on
        # deletion.
        auto_delete       => true,
        boot              => true,
        initialize_params => {
          source_image =>
            gcompute_image_family('ubuntu-1604-lts', 'ubuntu-os-cloud'),
        }
      }
    ],
    metadata           => {
      'startup-script-url'   => 'gs://graphite-playground/bootstrap.sh',
      'cost-center'          => '12345',
    },
    network_interfaces => [
      {
        access_configs => {
          name => 'test-config',
          type => 'ONE_TO_ONE_NAT',
        },
        network        => 'mynetwork-test',
      }
    ]
  },
  project    => $project, # e.g. 'my-test-project'
  credential => 'mycred',
}

`gcompute_license`

gcompute_license { 'test-license':
  project    => $project, # e.g. 'my-test-project'
  credential => 'mycred',
}

`gcompute_image`

# Tip: Be sure to include a valid gcompute_disk object
gcompute_image { 'test-image':
  ensure      => present,
  source_disk => 'data-disk-1',
  project     => $project, # e.g. 'my-test-project'
  credential  => 'mycred'
}

`gcompute_instance`

# Power Tips:
#   1) Remember to define the resources needed to allocate the VM:
#      a) gcompute_disk_type (to be used in 'diskType' property)
#      b) gcompute_machine_type (to be used in 'machine_type' property)
#      c) gcompute_network (to be used in 'network_interfaces' property)
#      d) gcompute_subnetwork (to be used in the 'subnetwork' property)
#      e) gcompute_disk (to be used in the 'sourceDisk' property)
#      f) gcompute_address (to be used in 'access_configs', if your machine
#         needs external ingress access)
#   2) Don't forget to define a source_image for the OS of the boot disk
#      a) You can use the provided gcompute_image_family function to specify the
#         latest version of an operating system of a given family
#         e.g. Ubuntu 16.04
gcompute_instance { 'instance-test':
  ensure             => present,
  machine_type       => 'n1-standard-1',
  disks              => [
    {
      auto_delete => true,
      boot        => true,
      source      => 'instance-test-os-1'
    }
  ],
  metadata           => {
    startup-script-url   => 'gs://graphite-playground/bootstrap.sh',
    cost-center          => '12345',
  },
  network_interfaces => [
    {
      network        => 'default',
      access_configs => [
        {
          name   => 'External NAT',
          nat_ip => 'instance-test-ip',
          type   => 'ONE_TO_ONE_NAT',
        },
      ],
    }
  ],
  zone               => 'us-central1-a',
  project            => $project, # e.g. 'my-test-project'
  credential         => 'mycred',
}

`gcompute_instance_group`

# Instance group requires a network, so define them in your manifest:
#   - gcompute_network { 'my-network': ensure => present }
gcompute_instance_group { 'my-puppet-masters':
  ensure      => present,
  named_ports => [
    {
      name => 'puppet',
      port => 8140,
    },
  ],
  network     => 'my-network',
  zone        => 'us-central1-a',
  project     => $project, # e.g. 'my-test-project'
  credential  => 'mycred',
}

`gcompute_instance_group_manager`

gcompute_instance_group_manager { 'test1':
  ensure             => present,
  base_instance_name => 'test1-child',
  instance_template  => 'instance-template',
  target_size        => 3,
  zone               => 'us-west1-a',
  project            => $project, # e.g. 'my-test-project'
  credential         => 'mycred',
}

`gcompute_machine_type`

gcompute_machine_type { 'n1-standard-1':
  zone       => 'us-central1-a',
  project    => $project, # e.g. 'my-test-project'
  credential => 'mycred',
}

`gcompute_network`

# Automatically allocated network
gcompute_network { "mynetwork-${network_id}":
  auto_create_subnetworks => true,
  project                 => $project, # e.g. 'my-test-project'
  credential              => 'mycred',
}

# Manually allocated network
gcompute_network { "mynetwork-${network_id}":
  auto_create_subnetworks => false,
  project                 => $project, # e.g. 'my-test-project'
  credential              => 'mycred',
}

# Legacy network
gcompute_network { "mynetwork-${network_id}":
  # On a legacy network you cannot specify the auto_create_subnetworks
  # parameter.
  # | auto_create_subnetworks => false,
  ipv4_range   => '192.168.0.0/16',
  gateway_ipv4 => '192.168.0.1',
  project      => $project, # e.g. 'my-test-project'
  credential   => 'mycred',
}

# Converting automatic to custom network
gcompute_network { "mynetwork-${network_id}":
  auto_create_subnetworks => false,
  project                 => $project, # e.g. 'my-test-project'
  credential              => 'mycred',
}

`gcompute_region`

gcompute_region { 'us-west1':
  project    => $project, # e.g. 'my-test-project'
  credential => 'mycred',
}

`gcompute_route`

# Route requires a network, so define them in your manifest:
#   - gcompute_network { 'my-network': ensure => presnet }
gcompute_route { 'corp-route':
  ensure           => present,
  dest_range       => '192.168.6.0/24',
  next_hop_gateway => 'global/gateways/default-internet-gateway',
  network          => 'my-network',
  tags             => ['backends', 'databases'],
  project          => $project, # e.g. 'my-test-project'
  credential       => 'mycred',
}

`gcompute_router`

# Router requires a network and a region, so define them in your manifest:
#   - gcompute_network { 'my-network': ensure => present }
#   - gcompute_region { 'some-region': ... }
gcompute_router { 'my-router':
  ensure     => present,
  network    => 'my-network',
  bgp        => {
    asn                  => 64514,
    advertise_mode       => 'CUSTOM',
    advertised_groups    => ['ALL_SUBNETS'],
    advertised_ip_ranges => [
      {
        range => '1.2.3.4',
      },
      {
        range => '6.7.0.0/16',
      }
    ]
  },
  region     => 'some-region',
  project    => $project, # e.g. 'my-test-project'
  credential => 'mycred',
}

`gcompute_snapshot`

gcompute_snapshot { 'data-disk-snapshot-1':
  ensure                     => present,
  snapshot_encryption_key    => {
    raw_key => 'VGhpcyBpcyBhbiBlbmNyeXB0ZWQgc25hcHNob3QhISE=',
  },
  source_disk_encryption_key => {
    raw_key => 'SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=',
  },
  source                     => 'data-disk-1',
  zone                       => 'us-central1-a',
  project                    => $project, # e.g. 'my-test-project'
  credential                 => 'mycred',
}

`gcompute_ssl_certificate`

# *******
# WARNING: This manifest is for example purposes only. It is *not* advisable to
# have the key embedded like this because if you check this file into source
# control you are publishing the private key to whomever can access the source
# code. Instead you should protect the key, and for example, use the file()
# function to read it from disk without writing it verbatim to the manifest:
#
# gcompute_ssl_certificate { ...
#   ...
#   private_key => file('/path/to/my/private/key.pem'),
#   ...
# }
# *******

gcompute_ssl_certificate { 'sample-certificate':
  ensure      => present,
  description => 'A certificate for test purposes only.',
  project     => $project, # e.g. 'my-test-project'
  credential  => 'mycred',
  certificate => '-----BEGIN CERTIFICATE-----
MIICqjCCAk+gAwIBAgIJAIuJ+0352Kq4MAoGCCqGSM49BAMCMIGwMQswCQYDVQQG
EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjERMA8GA1UEBwwIS2lya2xhbmQxFTAT
BgNVBAoMDEdvb2dsZSwgSW5jLjEeMBwGA1UECwwVR29vZ2xlIENsb3VkIFBsYXRm
b3JtMR8wHQYDVQQDDBZ3d3cubXktc2VjdXJlLXNpdGUuY29tMSEwHwYJKoZIhvcN
AQkBFhJuZWxzb25hQGdvb2dsZS5jb20wHhcNMTcwNjI4MDQ1NjI2WhcNMjcwNjI2
MDQ1NjI2WjCBsDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xETAP
BgNVBAcMCEtpcmtsYW5kMRUwEwYDVQQKDAxHb29nbGUsIEluYy4xHjAcBgNVBAsM
FUdvb2dsZSBDbG91ZCBQbGF0Zm9ybTEfMB0GA1UEAwwWd3d3Lm15LXNlY3VyZS1z
aXRlLmNvbTEhMB8GCSqGSIb3DQEJARYSbmVsc29uYUBnb29nbGUuY29tMFkwEwYH
KoZIzj0CAQYIKoZIzj0DAQcDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ
4mzkzTv0dXyB750fOGN02HtkpBOZzzvUARTR10JQoSe2/5PIwaNQME4wHQYDVR0O
BBYEFKIQC3A2SDpxcdfn0YLKineDNq/BMB8GA1UdIwQYMBaAFKIQC3A2SDpxcdfn
0YLKineDNq/BMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhALs4vy+O
M3jcqgA4fSW/oKw6UJxp+M6a+nGMX+UJR3YgAiEAvvl39QRVAiv84hdoCuyON0lJ
zqGNhIPGq2ULqXKK8BY=
-----END CERTIFICATE-----',
  private_key => '-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIObtRo8tkUqoMjeHhsOh2ouPpXCgBcP+EDxZCB/tws15oAoGCCqGSM49
AwEHoUQDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ4mzkzTv0dXyB750f
OGN02HtkpBOZzzvUARTR10JQoSe2/5PIwQ==
-----END EC PRIVATE KEY-----',
}

`gcompute_subnetwork`

# Subnetwork requires a network and a region, so define them in your manifest:
#   - gcompute_network { 'my-network': ensure => present, ... }
#   - gcompute_region { 'some-region': ... }
gcompute_subnetwork { 'servers':
  ensure        => present,
  ip_cidr_range => '172.16.0.0/16',
  network       => 'mynetwork-subnetwork',
  region        => 'some-region',
  project       => $project, # e.g. 'my-test-project'
  credential    => 'mycred',
}

`gcompute_target_http_proxy`

gcompute_target_http_proxy { 'my-http-proxy':
  ensure     => present,
  url_map    => 'my-url-map',
  project    => $project, # e.g. 'my-test-project'
  credential => 'mycred',
}

`gcompute_target_https_proxy`

gcompute_target_https_proxy { 'my-https-proxy':
  ensure           => present,
  ssl_certificates => [
    'sample-certificate',
  ],
  url_map          => 'my-url-map',
  project          => $project, # e.g. 'my-test-project'
  credential       => 'mycred',
}

`gcompute_target_pool`

gcompute_region { 'some-region':
  name       => 'us-west1',
  project    => $project, # e.g. 'my-test-project'
  credential => 'mycred',
}

gcompute_target_pool { 'test1':
  ensure     => present,
  region     => 'some-region',
  project    => $project, # e.g. 'my-test-project'
  credential => 'mycred',
}

`gcompute_target_ssl_proxy`

gcompute_target_ssl_proxy { 'my-ssl-proxy':
  ensure           => present,
  proxy_header     => 'PROXY_V1',
  service          => 'my-ssl-backend',
  ssl_certificates => [
    'sample-certificate',
  ],
  project          => $project, # e.g. 'my-test-project'
  credential       => 'mycred',
}

`gcompute_target_tcp_proxy`

gcompute_target_tcp_proxy { 'my-tcp-proxy':
  ensure       => present,
  proxy_header => 'PROXY_V1',
  service      => 'my-tcp-backend',
  project      => $project, # e.g. 'my-test-project'
  credential   => 'mycred',
}

`gcompute_target_vpn_gateway`


gcompute_region { 'some-region':
  name       => 'us-west1',
  project    => $project, # e.g. 'my-test-project'
  credential => 'mycred',
}

gcompute_network { "mynetwork-${network_id}":
  auto_create_subnetworks => false,
  project                 => $project, # e.g. 'my-test-project'
  credential              => 'mycred',
}

gcompute_target_vpn_gateway { "my-gateway-${gateway_id}":
  project     => $project,
  credential  => 'mycred',
  network     => "mynetwork-${network_id}"}

`gcompute_url_map`

gcompute_url_map { 'my-url-map':
  ensure          => present,
  default_service => 'my-app-backend',
  project         => $project, # e.g. 'my-test-project'
  credential      => 'mycred',
}

`gcompute_vpn_tunnel`


gcompute_region { 'some-region':
  name       => 'us-west1',
  project    => $project, # e.g. 'my-test-project'
  credential => 'mycred',
}

gcompute_network { "mynetwork-${network_id}":
  auto_create_subnetworks => false,
  project                 => $project, # e.g. 'my-test-project'
  credential              => 'mycred',
}

gcompute_target_vpn_gateway { "my-gateway-${gateway_id}":
  project     => $project,
  credential  => 'mycred',
  network     => "mynetwork-${network_id}"}

gcompute_vpn_tunnel { "my-tunnel-${gateway_id}":
  project     => $project,
  credential  => 'mycred',
  target_vpn_gateway => "my-gateway-${network_id}"}

`gcompute_zone`

gcompute_zone { 'us-central1-a':
  project    => $project, # e.g. 'my-test-project'
  credential => 'mycred',
}

Classes

Public classes

[gcompute_address][]: Represents an Address resource. Each virtual machine instance has an ephemeral internal IP address and, optionally, an external IP address. To communicate between instances on the same network, you can use an instance's internal IP address. To communicate with the Internet and instances outside of the same network, you must specify the instance's external IP address. Internal IP addresses are ephemeral and only belong to an instance for the lifetime of the instance; if the instance is deleted and recreated, the instance is assigned a new internal IP address, either by Compute Engine or by you. External IP addresses can be either ephemeral or static.
[gcompute_backend_bucket][]: Backend buckets allow you to use Google Cloud Storage buckets with HTTP(S) load balancing. An HTTP(S) load balancer can direct traffic to specified URLs to a backend bucket rather than a backend service. It can send requests for static content to a Cloud Storage bucket and requests for dynamic content a virtual machine instance.
[gcompute_backend_service][]: Creates a BackendService resource in the specified project using the data included in the request.
[gcompute_disk_type][]: Represents a DiskType resource. A DiskType resource represents the type of disk to use, such as a pd-ssd or pd-standard. To reference a disk type, use the disk type's full or partial URL.
[gcompute_disk][]: Persistent disks are durable storage devices that function similarly to the physical disks in a desktop or a server. Compute Engine manages the hardware behind these devices to ensure data redundancy and optimize performance for you. Persistent disks are available as either standard hard disk drives (HDD) or solid-state drives (SSD). Persistent disks are located independently from your virtual machine instances, so you can detach or move persistent disks to keep your data even after you delete your instances. Persistent disk performance scales automatically with size, so you can resize your existing persistent disks or add more persistent disks to an instance to meet your performance and storage space requirements. Add a persistent disk to your instance when you need reliable and affordable storage with consistent performance characteristics.
[gcompute_firewall][]: Each network has its own firewall controlling access to and from the instances. All traffic to instances, even from other instances, is blocked by the firewall unless firewall rules are created to allow it. The default network has automatically created firewall rules that are shown in default firewall rules. No manually created network has automatically created firewall rules except for a default "allow" rule for outgoing traffic and a default "deny" for incoming traffic. For all networks except the default network, you must create any firewall rules you need.
[gcompute_forwarding_rule][]: A ForwardingRule resource. A ForwardingRule resource specifies which pool of target virtual machines to forward a packet to if it matches the given [IPAddress, IPProtocol, portRange] tuple.
[gcompute_global_address][]: Represents a Global Address resource. Global addresses are used for HTTP(S) load balancing.
[gcompute_global_forwarding_rule][]: Represents a GlobalForwardingRule resource. Global forwarding rules are used to forward traffic to the correct load balancer for HTTP load balancing. Global forwarding rules can only be used for HTTP load balancing. For more information, see https://cloud.google.com/compute/docs/load-balancing/http/
[gcompute_http_health_check][]: An HttpHealthCheck resource. This resource defines a template for how individual VMs should be checked for health, via HTTP.
[gcompute_https_health_check][]: An HttpsHealthCheck resource. This resource defines a template for how individual VMs should be checked for health, via HTTPS.
[gcompute_health_check][]: Health Checks determine whether instances are responsive and able to do work. They are an important part of a comprehensive load balancing configuration, as they enable monitoring instances behind load balancers. Health Checks poll instances at a specified interval. Instances that do not respond successfully to some number of probes in a row are marked as unhealthy. No new connections are sent to unhealthy instances, though existing connections will continue. The health check will continue to poll unhealthy instances. If an instance later responds successfully to some number of consecutive probes, it is marked healthy again and can receive new connections.
[gcompute_instance_template][]: Defines an Instance Template resource that provides configuration settings for your virtual machine instances. Instance templates are not tied to the lifetime of an instance and can be used and reused as to deploy virtual machines. You can also use different templates to create different virtual machine configurations. Instance templates are required when you create a managed instance group. Tip: Disks should be set to autoDelete=true so that leftover disks are not left behind on machine deletion.
[gcompute_license][]: A License resource represents a software license. Licenses are used to track software usage in images, persistent disks, snapshots, and virtual machine instances.
[gcompute_image][]: Represents an Image resource. Google Compute Engine uses operating system images to create the root persistent disks for your instances. You specify an image when you create an instance. Images contain a boot loader, an operating system, and a root file system. Linux operating system images are also capable of running containers on Compute Engine. Images can be either public or custom. Public images are provided and maintained by Google, open-source communities, and third-party vendors. By default, all projects have access to these images and can use them to create instances. Custom images are available only to your project. You can create a custom image from root persistent disks and other images. Then, use the custom image to create an instance.
[gcompute_instance][]: An instance is a virtual machine (VM) hosted on Google's infrastructure.
[gcompute_instance_group][]: Represents an Instance Group resource. Instance groups are self-managed and can contain identical or different instances. Instance groups do not use an instance template. Unlike managed instance groups, you must create and add instances to an instance group manually.
[gcompute_instance_group_manager][]: Creates a managed instance group using the information that you specify in the request. After the group is created, it schedules an action to create instances in the group using the specified instance template. This operation is marked as DONE when the group is created even if the instances in the group have not yet been created. You must separately verify the status of the individual instances. A managed instance group can have up to 1000 VM instances per group.
[gcompute_machine_type][]: Represents a MachineType resource. Machine types determine the virtualized hardware specifications of your virtual machine instances, such as the amount of memory or number of virtual CPUs.
[gcompute_network][]: Represents a Network resource. Your Cloud Platform Console project can contain multiple networks, and each network can have multiple instances attached to it. A network allows you to define a gateway IP and the network range for the instances attached to that network. Every project is provided with a default network with preset configurations and firewall rules. You can choose to customize the default network by adding or removing rules, or you can create new networks in that project. Generally, most users only need one network, although you can have up to five networks per project by default. A network belongs to only one project, and each instance can only belong to one network. All Compute Engine networks use the IPv4 protocol. Compute Engine currently does not support IPv6. However, Google is a major advocate of IPv6 and it is an important future direction.
[gcompute_region][]: Represents a Region resource. A region is a specific geographical location where you can run your resources. Each region has one or more zones
[gcompute_route][]: Represents a Route resource. A route is a rule that specifies how certain packets should be handled by the virtual network. Routes are associated with virtual machines by tag, and the set of routes for a particular virtual machine is called its routing table. For each packet leaving a virtual machine, the system searches that virtual machine's routing table for a single best matching route. Routes match packets by destination IP address, preferring smaller or more specific ranges over larger ones. If there is a tie, the system selects the route with the smallest priority value. If there is still a tie, it uses the layer three and four packet headers to select just one of the remaining matching routes. The packet is then forwarded as specified by the next_hop field of the winning route -- either to another virtual machine destination, a virtual machine gateway or a Compute Engine-operated gateway. Packets that do not match any route in the sending virtual machine's routing table will be dropped. A Route resource must have exactly one specification of either nextHopGateway, nextHopInstance, nextHopIp, or nextHopVpnTunnel.
[gcompute_router][]: Represents a Router resource.
[gcompute_snapshot][]: Represents a Persistent Disk Snapshot resource. Use snapshots to back up data from your persistent disks. Snapshots are different from public images and custom images, which are used primarily to create instances or configure instance templates. Snapshots are useful for periodic backup of the data on your persistent disks. You can create snapshots from persistent disks even while they are attached to running instances. Snapshots are incremental, so you can create regular snapshots on a persistent disk faster and at a much lower cost than if you regularly created a full image of the disk.
[gcompute_ssl_certificate][]: An SslCertificate resource, used for HTTPS load balancing. This resource provides a mechanism to upload an SSL key and certificate to the load balancer to serve secure connections from the user.
[gcompute_subnetwork][]: A VPC network is a virtual version of the traditional physical networks that exist within and between physical data centers. A VPC network provides connectivity for your Compute Engine virtual machine (VM) instances, Container Engine containers, App Engine Flex services, and other network-related resources. Each GCP project contains one or more VPC networks. Each VPC network is a global entity spanning all GCP regions. This global VPC network allows VM instances and other resources to communicate with each other via internal, private IP addresses. Each VPC network is subdivided into subnets, and each subnet is contained within a single region. You can have more than one subnet in a region for a given VPC network. Each subnet has a contiguous private RFC1918 IP space. You create instances, containers, and the like in these subnets. When you create an instance, you must create it in a subnet, and the instance draws its internal IP address from that subnet. Virtual machine (VM) instances in a VPC network can communicate with instances in all other subnets of the same VPC network, regardless of region, using their RFC1918 private IP addresses. You can isolate portions of the network, even entire subnets, using firewall rules.
[gcompute_target_http_proxy][]: Represents a TargetHttpProxy resource, which is used by one or more global forwarding rule to route incoming HTTP requests to a URL map.
[gcompute_target_https_proxy][]: Represents a TargetHttpsProxy resource, which is used by one or more global forwarding rule to route incoming HTTPS requests to a URL map.
[gcompute_target_pool][]: Represents a TargetPool resource, used for Load Balancing.
[gcompute_target_ssl_proxy][]: Represents a TargetSslProxy resource, which is used by one or more global forwarding rule to route incoming SSL requests to a backend service.
[gcompute_target_tcp_proxy][]: Represents a TargetTcpProxy resource, which is used by one or more global forwarding rule to route incoming TCP requests to a Backend service.
[gcompute_target_vpn_gateway][]: Represents a VPN gateway running in GCP. This virtual device is managed by Google, but used only by you.
[gcompute_url_map][]: UrlMaps are used to route requests to a backend service based on rules that you define for the host and path of an incoming URL.
[gcompute_vpn_tunnel][]: VPN tunnel resource.
[gcompute_zone][]: Represents a Zone resource.

About output only properties

Some fields are output-only. It means you cannot set them because they are provided by the Google Cloud Platform. Yet they are still useful to ensure the value the API is assigning (or has assigned in the past) is still the value you expect.

For example in a DNS the name servers are assigned by the Google Cloud DNS service. Checking these values once created is useful to make sure your upstream and/or root DNS masters are in sync. Or if you decide to use the object ID, e.g. the VM unique ID, for billing purposes. If the VM gets deleted and recreated it will have a different ID, despite the name being the same. If that detail is important to you you can verify that the ID of the object did not change by asserting it in the manifest.

Parameters

`gcompute_address`

Represents an Address resource.

Each virtual machine instance has an ephemeral internal IP address and, optionally, an external IP address. To communicate between instances on the same network, you can use an instance's internal IP address. To communicate with the Internet and instances outside of the same network, you must specify the instance's external IP address.

Internal IP addresses are ephemeral and only belong to an instance for the lifetime of the instance; if the instance is deleted and recreated, the instance is assigned a new internal IP address, either by Compute Engine or by you. External IP addresses can be either ephemeral or static.

Reference Guides

Example

gcompute_region { 'some-region':
  name       => 'us-west1',
  project    => $project, # e.g. 'my-test-project'
  credential => 'mycred',
}

gcompute_address { 'test1':
  ensure     => present,
  region     => 'some-region',
  project    => $project, # e.g. 'my-test-project'
  credential => 'mycred',
}

Reference

gcompute_address { 'id-of-resource':
  address            => string,
  address_type       => 'INTERNAL' or 'EXTERNAL',
  creation_timestamp => time,
  description        => string,
  id                 => integer,
  name               => string,
  region             => reference to gcompute_region,
  subnetwork         => reference to gcompute_subnetwork,
  users              => [
    string,
    ...
  ],
  project            => string,
  credential         => reference to gauth_credential,
}

`address`

The static external IP address represented by this resource. Only IPv4 is supported. An address may only be specified for INTERNAL address types. The IP address must be inside the specified subnetwork, if any.

`address_type`

The type of address to reserve, either INTERNAL or EXTERNAL. If unspecified, defaults to EXTERNAL.

`description`

An optional description of this resource.

`name`

Required. Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

`subnetwork`

The URL of the subnetwork in which to reserve the address. If an IP address is specified, it must be within the subnetwork's IP range. This field can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER purposes.

`region`

Required. URL of the region where the regional address resides. This field is not applicable to global addresses.

Output-only properties

creation_timestamp: Output only. Creation timestamp in RFC3339 text format.
id: Output only. The unique identifier for the resource.
users: Output only. The URLs of the resources that are using this address.

`gcompute_backend_bucket`

Backend buckets allow you to use Google Cloud Storage buckets with HTTP(S) load balancing.

An HTTP(S) load balancer can direct traffic to specified URLs to a backend bucket rather than a backend service. It can send requests for static content to a Cloud Storage bucket and requests for dynamic content a virtual machine instance.

Reference Guides

Example

gcompute_backend_bucket { 'be-bucket-connection':
  ensure      => present,
  bucket_name => 'backend-bucket-test',
  description => 'A BackendBucket to connect LNB w/ Storage Bucket',
  enable_cdn  => true,
  project     => $project, # e.g. 'my-test-project'
  credential  => 'mycred',
}

Reference

gcompute_backend_bucket { 'id-of-resource':
  bucket_name        => string,
  creation_timestamp => time,
  description        => string,
  enable_cdn         => boolean,
  id                 => integer,
  name               => string,
  project            => string,
  credential         => reference to gauth_credential,
}

`bucket_name`

Required. Cloud Storage bucket name.

`description`

An optional textual description of the resource; provided by the client when the resource is created.

`enable_cdn`

If true, enable Cloud CDN for this BackendBucket.

`name`

Required. Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

Output-only properties

creation_timestamp: Output only. Creation timestamp in RFC3339 text format.
id: Output only. Unique identifier for the resource.

`gcompute_backend_service`

Creates a BackendService resource in the specified project using the data included in the request.

Example

# Backend Service requires various other services to be setup beforehand. Please
# make sure they are defined as well:
#   - gcompute_instance_group { ... }
#   - Health check
gcompute_backend_service { 'my-app-backend':
  ensure        => present,
  backends      => [
    { group => 'my-puppet-masters' },
  ],
  enable_cdn    => true,
  health_checks => [
    gcompute_health_check_ref('another-hc', 'google.com:graphite-playground'),
  ],
  project       => $project, # e.g. 'my-test-project'
  credential    => 'mycred',
}

Reference

gcompute_backend_service { 'id-of-resource':
  affinity_cookie_ttl_sec => integer,
  backends                => [
    {
      balancing_mode               => 'UTILIZATION', 'RATE' or 'CONNECTION',
      capacity_scaler              => double,
      description                  => string,
      group                        => reference to gcompute_instance_group,
      max_connections              => integer,
      max_connections_per_instance => integer,
      max_rate                     => integer,
      max_rate_per_instance        => double,
      max_utilization              => double,
    },
    ...
  ],
  cdn_policy              => {
    cache_key_policy => {
      include_host           => boolean,
      include_protocol       => boolean,
      include_query_string   => boolean,
      query_string_blacklist => [
        string,
        ...
      ],
      query_string_whitelist => [
        string,
        ...
      ],
    },
  },
  connection_draining     => {
    draining_timeout_sec => integer,
  },
  creation_timestamp      => time,
  description             => string,
  enable_cdn              => boolean,
  health_checks           => [
    string,
    ...
  ],
  iap                     => {
    enabled                     => boolean,
    oauth2_client_id            => string,
    oauth2_client_secret        => string,
    oauth2_client_secret_sha256 => string,
  },
  id                      => integer,
  load_balancing_scheme   => 'INTERNAL' or 'EXTERNAL',
  name                    => string,
  port_name               => string,
  protocol                => 'HTTP', 'HTTPS', 'TCP' or 'SSL',
  region                  => reference to gcompute_region,
  session_affinity        => 'NONE', 'CLIENT_IP', 'GENERATED_COOKIE', 'CLIENT_IP_PROTO' or 'CLIENT_IP_PORT_PROTO',
  timeout_sec             => integer,
  project                 => string,
  credential              => reference to gauth_credential,
}

`affinity_cookie_ttl_sec`

Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.

`backends`

The list of backends that serve this BackendService.

backends[]/balancing_mode

Specifies the balancing mode for this backend. For global HTTP(S) or TCP/SSL load balancing, the default is UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) and CONNECTION (for TCP/SSL). This cannot be used for internal load balancing.

backends[]/capacity_scaler

A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0]. This cannot be used for internal load balancing.

backends[]/description

An optional description of this resource. Provide this property when you create the resource.

backends[]/group

This instance group defines the list of instances that serve traffic. Member virtual machine instances from each instance group must live in the same zone as the instance group itself. No two backends in a backend service are allowed to use same Instance Group resource. When the BackendService has load balancing scheme INTERNAL, the instance group must be in a zone within the same region as the BackendService.

backends[]/max_connections

The max number of simultaneous connections for the group. Can be used with either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerInstance must be set. This cannot be used for internal load balancing.

backends[]/max_connections_per_instance

The max number of simultaneous connections that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerInstance must be set. This cannot be used for internal load balancing.

backends[]/max_rate

The max requests per second (RPS) of the group. Can be used with either RATE or UTILIZATION balancing modes, but required if RATE mode. For RATE mode, either maxRate or maxRatePerInstance must be set. This cannot be used for internal load balancing.

backends[]/max_rate_per_instance

The max requests per second (RPS) that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerInstance must be set. This cannot be used for internal load balancing.

backends[]/max_utilization

Used when balancingMode is UTILIZATION. This ratio defines the CPU utilization target for the group. The default is 0.8. Valid range is [0.0, 1.0]. This cannot be used for internal load balancing.

`cdn_policy`

Cloud CDN configuration for this BackendService.

cdn_policy/cache_key_policy

The CacheKeyPolicy for this CdnPolicy.

cdn_policy/cache_key_policy/include_host

If true requests to different hosts will be cached separately.

cdn_policy/cache_key_policy/include_protocol

If true, http and https requests will be cached separately.

cdn_policy/cache_key_policy/include_query_string

If true, include query string parameters in the cache key according to query_string_whitelist and query_string_blacklist. If neither is set, the entire query string will be included. If false, the query string will be excluded from the cache key entirely.

cdn_policy/cache_key_policy/query_string_blacklist

Names of query string parameters to exclude in cache keys. All other parameters will be included. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.

cdn_policy/cache_key_policy/query_string_whitelist

Names of query string parameters to include in cache keys. All other parameters will be excluded. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.

`connection_draining`

Settings for connection draining

connection_draining/draining_timeout_sec

Time for which instance will be drained (not accept new connections, but still work to finish started).

`description`

An optional description of this resource.

`enable_cdn`

If true, enable Cloud CDN for this BackendService. When the load balancing scheme is INTERNAL, this field is not used.

`health_checks`

The list of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified, and a health check is required. For internal load balancing, a URL to a HealthCheck resource must be specified instead.

`iap`

Settings for enabling Cloud Identity Aware Proxy

iap/enabled

Enables IAP.

iap/oauth2_client_id

OAuth2 Client ID for IAP

iap/oauth2_client_secret

OAuth2 Client Secret for IAP

iap/oauth2_client_secret_sha256

Output only. OAuth2 Client Secret SHA-256 for IAP

`load_balancing_scheme`

Indicates whether the backend service will be used with internal or external load balancing. A backend service created for one type of load balancing cannot be used with the other.

`name`

Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

`port_name`

Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL. When the load balancing scheme is INTERNAL, this field is not used.

`protocol`

The protocol this BackendService uses to communicate with backends. Possible values are HTTP, HTTPS, TCP, and SSL. The default is HTTP. For internal load balancing, the possible values are TCP and UDP, and the default is TCP.

`region`

The region where the regional backend service resides. This field is not applicable to global backend services.

`session_affinity`

Type of session affinity to use. The default is NONE. When the load balancing scheme is EXTERNAL, can be NONE, CLIENT_IP, or GENERATED_COOKIE. When the load balancing scheme is INTERNAL, can be NONE, CLIENT_IP, CLIENT_IP_PROTO, or CLIENT_IP_PORT_PROTO. When the protocol is UDP, this field is not used.

`timeout_sec`

How many seconds to wait for the backend before considering it a failed request. Default is 30 seconds. Valid range is [1, 86400].

Output-only properties

creation_timestamp: Output only. Creation timestamp in RFC3339 text format.
id: Output only. The unique identifier for the resource.

`gcompute_disk_type`

Represents a DiskType resource. A DiskType resource represents the type of disk to use, such as a pd-ssd or pd-standard. To reference a disk type, use the disk type's full or partial URL.

Example

gcompute_disk_type { 'pd-standard':
  default_disk_size_gb => 500,
  deprecated_deleted   => undef, # undef = not deprecated
  zone                 => 'us-central1-a',
  project              => $project, # e.g. 'my-test-project'
  credential           => 'mycred',
}

Reference

gcompute_disk_type { 'id-of-resource':
  creation_timestamp   => time,
  default_disk_size_gb => integer,
  deprecated           => {
    deleted     => time,
    deprecated  => time,
    obsolete    => time,
    replacement => string,
    state       => 'DEPRECATED', 'OBSOLETE' or 'DELETED',
  },
  description          => string,
  id                   => integer,
  name                 => string,
  valid_disk_size      => string,
  zone                 => reference to gcompute_zone,
  project              => string,
  credential           => reference to gauth_credential,
}

`name`

Name of the resource.

`zone`

Required. A reference to the zone where the disk type resides.

Output-only properties

creation_timestamp: Output only. Creation timestamp in RFC3339 text format.
default_disk_size_gb: Output only. Server-defined default disk size in GB.
deprecated: Output only. The deprecation status associated with this disk type.

deprecated/deleted

Output only. An optional RFC3339 timestamp on or after which the deprecation state of this resource will be changed to DELETED.

deprecated/deprecated

Output only. An optional RFC3339 timestamp on or after which the deprecation state of this resource will be changed to DEPRECATED.

deprecated/obsolete

Output only. An optional RFC3339 timestamp on or after which the deprecation state of this resource will be changed to OBSOLETE.

deprecated/replacement

Output only. The URL of the suggested replacement for a deprecated resource. The suggested replacement resource must be the same kind of resource as the deprecated resource.

deprecated/state

Output only. The deprecation state of this resource. This can be DEPRECATED, OBSOLETE, or DELETED. Operations which create a new resource using a DEPRECATED resource will return successfully, but with a warning indicating the deprecated resource and recommending its replacement. Operations which use OBSOLETE or DELETED resources will be rejected and result in an error.

description: Output only. An optional description of this resource.
id: Output only. The unique identifier for the resource.
valid_disk_size: Output only. An optional textual description of the valid disk size, such as "10GB-10TB".

`gcompute_disk`

Persistent disks are durable storage devices that function similarly to the physical disks in a desktop or a server. Compute Engine manages the hardware behind these devices to ensure data redundancy and optimize performance for you. Persistent disks are available as either standard hard disk drives (HDD) or solid-state drives (SSD).

Persistent disks are located independently from your virtual machine instances, so you can detach or move persistent disks to keep your data even after you delete your instances. Persistent disk performance scales automatically with size, so you can resize your existing persistent disks or add more persistent disks to an instance to meet your performance and storage space requirements.

Add a persistent disk to your instance when you need reliable and affordable storage with consistent performance characteristics.

Reference Guides

Example

gcompute_disk { 'data-disk-1':
  ensure              => present,
  size_gb             => 50,
  disk_encryption_key => {
    raw_key => 'SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=',
  },
  zone                => 'us-central1-a',
  project             => $project, # e.g. 'my-test-project'
  credential          => 'mycred',
}

Reference

gcompute_disk { 'id-of-resource':
  creation_timestamp             => time,
  description                    => string,
  disk_encryption_key            => {
    raw_key => string,
    sha256  => string,
  },
  id                             => integer,
  label_fingerprint              => fingerprint,
  labels                         => namevalues,
  last_attach_timestamp          => time,
  last_detach_timestamp          => time,
  licenses                       => [
    string,
    ...
  ],
  name                           => string,
  size_gb                        => integer,
  source_image                   => string,
  source_image_encryption_key    => {
    raw_key => string,
    sha256  => string,
  },
  source_image_id                => string,
  source_snapshot                => reference to gcompute_snapshot,
  source_snapshot_encryption_key => {
    raw_key => string,
    sha256  => string,
  },
  source_snapshot_id             => string,
  type                           => reference to gcompute_disk_type,
  users                          => [
    reference to a gcompute_instance,
    ...
  ],
  zone                           => reference to gcompute_zone,
  project                        => string,
  credential                     => reference to gauth_credential,
}

`description`

An optional description of this resource. Provide this property when you create the resource.

`labels`

Labels to apply to this disk. A list of key->value pairs.

`licenses`

Any applicable publicly visible licenses.

`name`

`size_gb`

Size of the persistent disk, specified in GB. You can specify this field when creating a persistent disk using the sourceImage or sourceSnapshot parameter, or specify it alone to create an empty persistent disk. If you specify this field along with sourceImage or sourceSnapshot, the value of sizeGb must not be less than the size of the sourceImage or the size of the snapshot.

`type`

URL of the disk type resource describing which disk type to use to create the disk. Provide this when creating the disk.

`source_image`

The source image used to create this disk. If the source image is deleted, this field will not be set. To create a disk with one of the public operating system images, specify the image by its family name. For example, specify family/debian-8 to use the latest Debian 8 image: projects/debian-cloud/global/images/family/debian-8 Alternatively, use a specific version of a public operating system image: projects/debian-cloud/global/images/debian-8-jessie-vYYYYMMDD To create a disk with a private image that you created, specify the image name in the following format: global/images/my-private-image You can also specify a private image by its image family, which returns the latest version of the image in that family. Replace the image name with family/family-name: global/images/family/my-private-family

`zone`

Required. A reference to the zone where the disk resides.

`source_image_encryption_key`

The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key.

source_image_encryption_key/raw_key

Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource.

source_image_encryption_key/sha256

Output only. The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.

`disk_encryption_key`

Encrypts the disk using a customer-supplied encryption key. After you encrypt a disk with a customer-supplied key, you must provide the same key if you use the disk later (e.g. to create a disk snapshot or an image, or to attach the disk to a virtual machine). Customer-supplied encryption keys do not protect access to metadata of the disk. If you do not provide an encryption key when creating the disk, then the disk will be encrypted using an automatically generated key and you do not need to provide a key to use the disk later.

disk_encryption_key/raw_key

Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource.

disk_encryption_key/sha256

Output only. The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.

`source_snapshot`

The source snapshot used to create this disk. You can provide this as a partial or full URL to the resource. For example, the following are valid values:

https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot
projects/project/global/snapshots/snapshot
global/snapshots/snapshot

`source_snapshot_encryption_key`

The customer-supplied encryption key of the source snapshot. Required if the source snapshot is protected by a customer-supplied encryption key.

source_snapshot_encryption_key/raw_key

Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource.

source_snapshot_encryption_key/sha256

Output only. The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.

Output-only properties

label_fingerprint: Output only. The fingerprint used for optimistic locking of this resource. Used internally during updates.
creation_timestamp: Output only. Creation timestamp in RFC3339 text format.
id: Output only. The unique identifier for the resource.
last_attach_timestamp: Output only. Last attach timestamp in RFC3339 text format.
last_detach_timestamp: Output only. Last dettach timestamp in RFC3339 text format.
users: Output only. Links to the users of the disk (attached instances) in form: project/zones/zone/instances/instance
source_image_id: Output only. The ID value of the image used to create this disk. This value identifies the exact image that was used to create this persistent disk. For example, if you created the persistent disk from an image that was later deleted and recreated under the same name, the source image ID would identify the exact version of the image that was used.
source_snapshot_id: Output only. The unique ID of the snapshot used to create this disk. This value identifies the exact snapshot that was used to create this persistent disk. For example, if you created the persistent disk from a snapshot that was later deleted and recreated under the same name, the source snapshot ID would identify the exact version of the snapshot that was used.

`gcompute_firewall`

Each network has its own firewall controlling access to and from the instances.

All traffic to instances, even from other instances, is blocked by the firewall unless firewall rules are created to allow it.

The default network has automatically created firewall rules that are shown in default firewall rules. No manually created network has automatically created firewall rules except for a default "allow" rule for outgoing traffic and a default "deny" for incoming traffic. For all networks except the default network, you must create any firewall rules you need.

Reference Guides

Example

gcompute_firewall { 'test-fw-allow-ssh':
  ensure      => present,
  allowed     => [
    {
      ip_protocol => 'tcp',
      ports       => [
        '22',
      ],
    },
  ],
  target_tags => [
    'test-ssh-server',
    'staging-ssh-server',
  ],
  source_tags => [
    'test-ssh-clients',
  ],
  project     => $project, # e.g. 'my-test-project'
  credential  => 'mycred',
}

Reference

gcompute_firewall { 'id-of-resource':
  allowed                 => [
    {
      ip_protocol => string,
      ports       => [
        string,
        ...
      ],
    },
    ...
  ],
  creation_timestamp      => time,
  denied                  => [
    {
      ip_protocol => string,
      ports       => [
        string,
        ...
      ],
    },
    ...
  ],
  description             => string,
  destination_ranges      => [
    string,
    ...
  ],
  direction               => 'INGRESS' or 'EGRESS',
  id                      => integer,
  name                    => string,
  network                 => reference to gcompute_network,
  priority                => integer,
  source_ranges           => [
    string,
    ...
  ],
  source_service_accounts => [
    string,
    ...
  ],
  source_tags             => [
    string,
    ...
  ],
  target_service_accounts => [
    string,
    ...
  ],
  target_tags             => [
    string,
    ...
  ],
  project                 => string,
  credential              => reference to gauth_credential,
}

`allowed`

The list of ALLOW rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.

allowed[]/ip_protocol

Required. The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, sctp), or the IP protocol number.

allowed[]/ports

An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

`denied`

The list of DENY rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a denied connection.

denied[]/ip_protocol

denied[]/ports

`description`

An optional description of this resource. Provide this property when you create the resource.

`destination_ranges`

If destination ranges are specified, the firewall will apply only to traffic that has destination IP address in these ranges. These ranges must be expressed in CIDR format. Only IPv4 is supported.

`direction`

Direction of traffic to which this firewall applies; default is INGRESS. Note: For INGRESS traffic, it is NOT supported to specify destinationRanges; For EGRESS traffic, it is NOT supported to specify sourceRanges OR sourceTags.

`name`

`network`

Required. URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this property, you can specify the network as a full or partial URL. For example, the following are all valid URLs: https://www.googleapis.com/compute/v1/projects/myproject/global/ networks/my-network projects/myproject/global/networks/my-network global/networks/default

`priority`

Priority for this rule. This is an integer between 0 and 65535, both inclusive. When not specified, the value assumed is 1000. Relative priorities determine precedence of conflicting rules. Lower value of priority implies higher precedence (eg, a rule with priority 0 has higher precedence than a rule with priority 1). DENY rules take precedence over ALLOW rules having equal priority.

`source_ranges`

If source ranges are specified, the firewall will apply only to traffic that has source IP address in these ranges. These ranges must be expressed in CIDR format. One or both of sourceRanges and sourceTags may be set. If both properties are set, the firewall will apply to traffic that has source IP address within sourceRanges OR the source IP that belongs to a tag listed in the sourceTags property. The connection does not need to match both properties for the firewall to apply. Only IPv4 is supported.

`source_service_accounts`

If source service accounts are specified, the firewall will apply only to traffic originating from an instance with a service account in this list. Source service accounts cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not an IP address. sourceRanges can be set at the same time as sourceServiceAccounts. If both are set, the firewall will apply to traffic that has source IP address within sourceRanges OR the source IP belongs to an instance with service account listed in sourceServiceAccount. The connection does not need to match both properties for the firewall to apply. sourceServiceAccounts cannot be used at the same time as sourceTags or targetTags.

`source_tags`

If source tags are specified, the firewall will apply only to traffic with source IP that belongs to a tag listed in source tags. Source tags cannot be used to control traffic to an instance's external IP address. Because tags are associated with an instance, not an IP address. One or both of sourceRanges and sourceTags may be set. If both properties are set, the firewall will apply to traffic that has source IP address within sourceRanges OR the source IP that belongs to a tag listed in the sourceTags property. The connection does not need to match both properties for the firewall to apply.

`target_service_accounts`

A list of service accounts indicating sets of instances located in the network that may make network connections as specified in allowed[]. targetServiceAccounts cannot be used at the same time as targetTags or sourceTags. If neither targetServiceAccounts nor targetTags are specified, the firewall rule applies to all instances on the specified network.

`target_tags`

A list of instance tags indicating sets of instances located in the network that may make network connections as specified in allowed[]. If no targetTags are specified, the firewall rule applies to all instances on the specified network.

Output-only properties

creation_timestamp: Output only. Creation timestamp in RFC3339 text format.
id: Output only. The unique identifier for the resource.

`gcompute_forwarding_rule`

A ForwardingRule resource. A ForwardingRule resource specifies which pool of target virtual machines to forward a packet to if it matches the given [IPAddress, IPProtocol, portRange] tuple.

Reference Guides

Example

gcompute_forwarding_rule { 'test1':
  ensure      => present,
  ip_address  => gcompute_address_ref(
    'some-address',
    'us-west1', 'google.com:graphite-playground'
  ),
  ip_protocol => 'TCP',
  port_range  => '80',
  target      => 'target-pool',
  region      => 'some-region',
  project     => $project, # e.g. 'my-test-project'
  credential  => 'mycred',
}

Reference

gcompute_forwarding_rule { 'id-of-resource':
  backend_service       => reference to gcompute_backend_service,
  creation_timestamp    => time,
  description           => string,
  id                    => integer,
  ip_address            => string,
  ip_protocol           => 'TCP', 'UDP', 'ESP', 'AH', 'SCTP' or 'ICMP',
  ip_version            => 'IPV4' or 'IPV6',
  label_fingerprint     => fingerprint,
  load_balancing_scheme => 'INTERNAL' or 'EXTERNAL',
  name                  => string,
  network               => reference to gcompute_network,
  port_range            => string,
  ports                 => [
    string,
    ...
  ],
  region                => reference to gcompute_region,
  subnetwork            => reference to gcompute_subnetwork,
  target                => reference to gcompute_target_pool,
  project               => string,
  credential            => reference to gauth_credential,
}

`description`

An optional description of this resource. Provide this property when you create the resource.

`ip_address`

The IP address that this forwarding rule is serving on behalf of. Addresses are restricted based on the forwarding rule's load balancing scheme (EXTERNAL or INTERNAL) and scope (global or regional). When the load balancing scheme is EXTERNAL, for global forwarding rules, the address must be a global IP, and for regional forwarding rules, the address must live in the same region as the forwarding rule. If this field is empty, an ephemeral IPv4 address from the same scope (global or regional) will be assigned. A regional forwarding rule supports IPv4 only. A global forwarding rule supports either IPv4 or IPv6. When the load balancing scheme is INTERNAL, this can only be an RFC 1918 IP address belonging to the network/subnet configured for the forwarding rule. By default, if this field is empty, an ephemeral internal IP address will be automatically allocated from the IP range of the subnet or network configured for this forwarding rule. An address can be specified either by a literal IP address or a URL reference to an existing Address resource. The following examples are all valid:

100.1.2.3
https://www.googleapis.com/compute/v1/projects/project/regions/ region/addresses/address
projects/project/regions/region/addresses/address
regions/region/addresses/address
global/addresses/address
address

`ip_protocol`

The IP protocol to which this rule applies. Valid options are TCP, UDP, ESP, AH, SCTP or ICMP. When the load balancing scheme is INTERNAL, only TCP and UDP are valid.

`backend_service`

A reference to a BackendService to receive the matched traffic. This is used for internal load balancing. (not used for external load balancing)

`ip_version`

The IP Version that will be used by this forwarding rule. Valid options are IPV4 or IPV6. This can only be specified for a global forwarding rule.

`load_balancing_scheme`

This signifies what the ForwardingRule will be used for and can only take the following values: INTERNAL, EXTERNAL The value of INTERNAL means that this will be used for Internal Network Load Balancing (TCP, UDP). The value of EXTERNAL means that this will be used for External Load Balancing (HTTP(S) LB, External TCP/UDP LB, SSL Proxy)

`name`

Required. Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

`network`

For internal load balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If this field is not specified, the default network will be used. This field is not used for external load balancing.

`port_range`

This field is used along with the target field for TargetHttpProxy, TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance. Applicable only when IPProtocol is TCP, UDP, or SCTP, only packets addressed to ports in the specified range will be forwarded to target. Forwarding rules with the same [IPAddress, IPProtocol] pair must have disjoint port ranges. Some types of forwarding target have constraints on the acceptable ports:

TargetHttpProxy: 80, 8080
TargetHttpsProxy: 443
TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222
TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222
TargetVpnGateway: 500, 4500

`ports`

This field is used along with the backend_service field for internal load balancing. When the load balancing scheme is INTERNAL, a single port or a comma separated list of ports can be configured. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. You may specify a maximum of up to 5 ports.

`subnetwork`

A reference to a subnetwork. For internal load balancing, this field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule. If the network specified is in auto subnet mode, this field is optional. However, if the network is in custom subnet mode, a subnetwork must be specified. This field is not used for external load balancing.

`target`

A reference to a TargetPool resource to receive the matched traffic. For regional forwarding rules, this target must live in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object. This field is not used for internal load balancing.

`region`

Required. A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.

Output-only properties

creation_timestamp: Output only. Creation timestamp in RFC3339 text format.
id: Output only. The unique identifier for the resource.
label_fingerprint: Output only. The fingerprint used for optimistic locking of this resource. Used internally during updates.

`gcompute_global_address`

Represents a Global Address resource. Global addresses are used for HTTP(S) load balancing.

Reference Guides

Example

gcompute_global_address { 'my-app-lb-address':
  ensure     => present,
  project    => $project, # e.g. 'my-test-project'
  credential => 'mycred',
}

Reference

gcompute_global_address { 'id-of-resource':
  address            => string,
  creation_timestamp => time,
  description        => string,
  id                 => integer,
  ip_version         => 'IPV4' or 'IPV6',
  label_fingerprint  => fingerprint,
  name               => string,
  region             => reference to gcompute_region,
  project            => string,
  credential         => reference to gauth_credential,
}

`description`

An optional description of this resource. Provide this property when you create the resource.

`name`

`ip_version`

The IP Version that will be used by this address. Valid options are IPV4 or IPV6. The default value is IPV4.

Output-only properties

address: Output only. The static external IP address represented by this resource.
creation_timestamp: Output only. Creation timestamp in RFC3339 text format.
id: Output only. The unique identifier for the resource. This identifier is defined by the server.
label_fingerprint: Output only. The fingerprint used for optimistic locking of this resource. Used internally during updates.
region: Output only. A reference to the region where the regional address resides.

`gcompute_global_forwarding_rule`

Represents a GlobalForwardingRule resource. Global forwarding rules are used to forward traffic to the correct load balancer for HTTP load balancing. Global forwarding rules can only be used for HTTP load balancing.

For more information, see https://cloud.google.com/compute/docs/load-balancing/http/

Example

gcompute_global_forwarding_rule { 'test1':
  ensure      => present,
  ip_address  => gcompute_global_address_ref(
    'my-app-lb-address',
    'google.com:graphite-playground'
  ),
  ip_protocol => 'TCP',
  port_range  => '80',
  target      => gcompute_target_http_proxy_ref(
    'my-http-proxy',
    'google.com:graphite-playground'
  ),
  project     => $project, # e.g. 'my-test-project'
  credential  => 'mycred',
}

Reference

gcompute_global_forwarding_rule { 'id-of-resource':
  backend_service       => reference to gcompute_backend_service,
  creation_timestamp    => time,
  description           => string,
  id                    => integer,
  ip_address            => string,
  ip_protocol           => 'TCP', 'UDP', 'ESP', 'AH', 'SCTP' or 'ICMP',
  ip_version            => 'IPV4' or 'IPV6',
  load_balancing_scheme => 'INTERNAL' or 'EXTERNAL',
  name                  => string,
  network               => reference to gcompute_network,
  port_range            => string,
  ports                 => [
    string,
    ...
  ],
  region                => reference to gcompute_region,
  subnetwork            => reference to gcompute_subnetwork,
  target                => string,
  project               => string,
  credential            => reference to gauth_credential,
}

`description`

An optional description of this resource. Provide this property when you create the resource.

`ip_address`

100.1.2.3
https://www.googleapis.com/compute/v1/projects/project/regions/ region/addresses/address
projects/project/regions/region/addresses/address
regions/region/addresses/address
global/addresses/address
address

`ip_protocol`

The IP protocol to which this rule applies. Valid options are TCP, UDP, ESP, AH, SCTP or ICMP. When the load balancing scheme is INTERNAL, only TCP and UDP are valid.

`backend_service`

A reference to a BackendService to receive the matched traffic. This is used for internal load balancing. (not used for external load balancing)

`ip_version`

The IP Version that will be used by this forwarding rule. Valid options are IPV4 or IPV6. This can only be specified for a global forwarding rule.

`load_balancing_scheme`

`name`

`network`

`port_range`

TargetHttpProxy: 80, 8080
TargetHttpsProxy: 443
TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222
TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222
TargetVpnGateway: 500, 4500

`ports`

`subnetwork`

`target`

This target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object. Valid types: HTTP_PROXY, HTTPS_PROXY, SSL_PROXY, TCP_PROXY

Output-only properties

creation_timestamp: Output only. Creation timestamp in RFC3339 text format.
id: Output only. The unique identifier for the resource.
region: Output only. A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.

`gcompute_http_health_check`

An HttpHealthCheck resource. This resource defines a template for how individual VMs should be checked for health, via HTTP.

Reference Guides

Example

gcompute_http_health_check { 'my-app-http-hc':
  ensure              => present,
  healthy_threshold   => 10,
  port                => 8080,
  timeout_sec         => 2,
  unhealthy_threshold => 5,
  project             => $project, # e.g. 'my-test-project'
  credential          => 'mycred',
}

Reference

gcompute_http_health_check { 'id-of-resource':
  check_interval_sec  => integer,
  creation_timestamp  => time,
  description         => string,
  healthy_threshold   => integer,
  host                => string,
  id                  => integer,
  name                => string,
  port                => integer,
  request_path        => string,
  timeout_sec         => integer,
  unhealthy_threshold => integer,
  project             => string,
  credential          => reference to gauth_credential,
}

`check_interval_sec`

How often (in seconds) to send a health check. The default value is 5 seconds.

`description`

An optional description of this resource. Provide this property when you create the resource.

`healthy_threshold`

A so-far unhealthy instance will be marked healthy after this many consecutive successes. The default value is 2.

`host`

The value of the host header in the HTTP health check request. If left empty (default value), the public IP on behalf of which this health check is performed will be used.

`name`

`port`

The TCP port number for the HTTP health check request. The default value is 80.

`request_path`

The request path of the HTTP health check request. The default value is /.

`timeout_sec`

How long (in seconds) to wait before claiming failure. The default value is 5 seconds. It is invalid for timeoutSec to have greater value than checkIntervalSec.

`unhealthy_threshold`

A so-far healthy instance will be marked unhealthy after this many consecutive failures. The default value is 2.

Output-only properties

creation_timestamp: Output only. Creation timestamp in RFC3339 text format.
id: Output only. The unique identifier for the resource. This identifier is defined by the server.

`gcompute_https_health_check`

An HttpsHealthCheck resource. This resource defines a template for how individual VMs should be checked for health, via HTTPS.

Reference Guides

Example

gcompute_https_health_check { 'my-app-https-hc':
  ensure              => present,
  healthy_threshold   => 10,
  port                => 8080,
  timeout_sec         => 2,
  unhealthy_threshold => 5,
  project             => $project, # e.g. 'my-test-project'
  credential          => 'mycred',
}

Reference

gcompute_https_health_check { 'id-of-resource':
  check_interval_sec  => integer,
  creation_timestamp  => time,
  description         => string,
  healthy_threshold   => integer,
  host                => string,
  id                  => integer,
  name                => string,
  port                => integer,
  request_path        => string,
  timeout_sec         => integer,
  unhealthy_threshold => integer,
  project             => string,
  credential          => reference to gauth_credential,
}

`check_interval_sec`

How often (in seconds) to send a health check. The default value is 5 seconds.

`description`

An optional description of this resource. Provide this property when you create the resource.

`healthy_threshold`

A so-far unhealthy instance will be marked healthy after this many consecutive successes. The default value is 2.

`host`

The value of the host header in the HTTPS health check request. If left empty (default value), the public IP on behalf of which this health check is performed will be used.

`name`

`port`

The TCP port number for the HTTPS health check request. The default value is 80.

`request_path`

The request path of the HTTPS health check request. The default value is /.

`timeout_sec`

How long (in seconds) to wait before claiming failure. The default value is 5 seconds. It is invalid for timeoutSec to have greater value than checkIntervalSec.

`unhealthy_threshold`

A so-far healthy instance will be marked unhealthy after this many consecutive failures. The default value is 2.

Output-only properties

creation_timestamp: Output only. Creation timestamp in RFC3339 text format.
id: Output only. The unique identifier for the resource. This identifier is defined by the server.

`gcompute_health_check`

Health Checks determine whether instances are responsive and able to do work. They are an important part of a comprehensive load balancing configuration, as they enable monitoring instances behind load balancers.

Health Checks poll instances at a specified interval. Instances that do not respond successfully to some number of probes in a row are marked as unhealthy. No new connections are sent to unhealthy instances, though existing connections will continue. The health check will continue to poll unhealthy instances. If an instance later responds successfully to some number of consecutive probes, it is marked healthy again and can receive new connections.

Reference Guides

Example

gcompute_health_check { 'my-app-tcp-hc':
  ensure              => present,
  type                => 'TCP',
  tcp_health_check    => {
    port_name => 'service-health',
    request   => 'ping',
    response  => 'pong',
  },
  healthy_threshold   => 10,
  timeout_sec         => 2,
  unhealthy_threshold => 5,
  project             => $project, # e.g. 'my-test-project'
  credential          => 'mycred',
}

Reference

gcompute_health_check { 'id-of-resource':
  check_interval_sec  => integer,
  creation_timestamp  => time,
  description         => string,
  healthy_threshold   => integer,
  http_health_check   => {
    host         => string,
    port         => integer,
    port_name    => string,
    proxy_header => 'NONE' or 'PROXY_V1',
    request_path => string,
  },
  https_health_check  => {
    host         => string,
    port         => integer,
    port_name    => string,
    proxy_header => 'NONE' or 'PROXY_V1',
    request_path => string,
  },
  id                  => integer,
  name                => string,
  ssl_health_check    => {
    port         => integer,
    port_name    => string,
    proxy_header => 'NONE' or 'PROXY_V1',
    request      => string,
    response     => string,
  },
  tcp_health_check    => {
    port         => integer,
    port_name    => string,
    proxy_header => 'NONE' or 'PROXY_V1',
    request      => string,
    response     => string,
  },
  timeout_sec         => integer,
  type                => 'TCP', 'SSL', 'HTTP' or 'HTTPS',
  unhealthy_threshold => integer,
  project             => string,
  credential          => reference to gauth_credential,
}

`check_interval_sec`

How often (in seconds) to send a health check. The default value is 5 seconds.

`description`

An optional description of this resource. Provide this property when you create the resource.

`healthy_threshold`

A so-far unhealthy instance will be marked healthy after this many consecutive successes. The default value is 2.

`name`

`timeout_sec`

How long (in seconds) to wait before claiming failure. The default value is 5 seconds. It is invalid for timeoutSec to have greater value than checkIntervalSec.

`unhealthy_threshold`

A so-far healthy instance will be marked unhealthy after this many consecutive failures. The default value is 2.

`type`

Specifies the type of the healthCheck, either TCP, SSL, HTTP or HTTPS. If not specified, the default is TCP. Exactly one of the protocol-specific health check field must be specified, which must match type field.

`http_health_check`

A nested object resource

http_health_check/host

The value of the host header in the HTTP health check request. If left empty (default value), the public IP on behalf of which this health check is performed will be used.

http_health_check/request_path

The request path of the HTTP health check request. The default value is /.

http_health_check/port

The TCP port number for the HTTP health check request. The default value is 80.

http_health_check/port_name

Port name as defined in InstanceGroup#NamedPort#name. If both port and port_name are defined, port takes precedence.

http_health_check/proxy_header

Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. The default is NONE.

`https_health_check`

A nested object resource

https_health_check/host

The value of the host header in the HTTPS health check request. If left empty (default value), the public IP on behalf of which this health check is performed will be used.

https_health_check/request_path

The request path of the HTTPS health check request. The default value is /.

https_health_check/port

The TCP port number for the HTTPS health check request. The default value is 443.

https_health_check/port_name

Port name as defined in InstanceGroup#NamedPort#name. If both port and port_name are defined, port takes precedence.

https_health_check/proxy_header

Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. The default is NONE.

`tcp_health_check`

A nested object resource

tcp_health_check/request

The application data to send once the TCP connection has been established (default value is empty). If both request and response are empty, the connection establishment alone will indicate health. The request data can only be ASCII.

tcp_health_check/response

The bytes to match against the beginning of the response data. If left empty (the default value), any response will indicate health. The response data can only be ASCII.

tcp_health_check/port

The TCP port number for the TCP health check request. The default value is 443.

tcp_health_check/port_name

Port name as defined in InstanceGroup#NamedPort#name. If both port and port_name are defined, port takes precedence.

What are tasks?

Modules can contain tasks that take action outside of a desired state managed by Puppet. It’s perfect for troubleshooting or deploying one-off changes, distributing scripts to run across your infrastructure, or automating changes that need to happen in a particular order as part of an application deployment.

Tasks in this module release

instance

Because sometimes you just want a quick way to get (or destroy) an instance

Parameters
allocate_static_ip	If true it will allocate a static IP for the machine (default: false) `Optional[Boolean]`
credential	Path to a service account credentials file `String[1]`
ensure	If you'd wish to quickly delete an instance instead of creating one (default: present) `Optional[Enum['present', 'absent']]`
image_family	An indication of which image family to launch the instance from (format: <familyname>:<organization>) (default: centos-7:centos-cloud) `Optional[String[1]]`
machine_type	The type of the machine to create (default: n1-standard-1) `Optional[String[1]]`
name	Name of the machine to create (or delete) (default: bolt-<random>) `Optional[String[1]]`
network_name	The network to connect the VM to (default: default) `Optional[String[1]]`
project	The project you have credentials for and will houses your instance `String[1]`
size_gb	The size of the VM disk (in GB) (default: 50) `Optional[Integer]`
zone	The zone where your instance resides (default: us-west1-c) `Optional[String[1]]`

Input method

stdin

reset

Resets a Google Compute Engine VM instance

Parameters
credential	Path to a service account credentials file `String[1]`
name	The name of the instance to reset `String[1]`
project	The project that hosts the VM instance `String[1]`
zone	The zone where your instance resides `String[1]`

Input method

stdin

snapshot

Create a snapshot of a Google Compute Engine Disk

Parameters
credential	Path to a service account credentials file `String[1]`
name	The name of the disk to create snapshot `String[1]`
project	The project that hosts the disk `String[1]`
target	The name of the disk snapshot (default: <name>-<timestamp>) `Optional[String[1]]`
zone	The zone where your disk resides `String[1]`

Input method

stdin

Changelog

0.2.2 (2017-10-25)

New features

Added support for gcompute_snapshot resources.

0.2.1 (2017-10-11)

Fixes

#0001: Boolean[1] might be invalid

0.2.0 (2017-10-10)

New features

Improvements to gcompute_instance resource:
- Added support for alias IP ranges in network_configs { alias_ip_ranges => [ ... ] }
- Added support for metadata
- Added support for interface in disks [ { interface } ]
- Added support for mode in disks [ { mode } ]
- Added support for source_image_encryption_key in initializeParams { source_image_encryption_key }
Added support for gcompute_forwarding_rule resources.
Added support for gcompute_global_forwarding_rule resources.
Added support for gcompute_instance_group_manager resources.
Added support for gcompute_instance_template resources.
Added support for gcompute_target_pool resources.
Added support for gcompute_target_http_proxy resources.
Added support for gcompute_target_https_proxy resources.
Added support for gcompute_target_ssl_proxy resources.
Added support for gcompute_target_tcp_proxy resources.
Added support for gcompute_url_map resources.
Added Bolt task instance to (quickly) create new a VM instance.
Added Bolt task reset to reset a VM instance.
Added Bolt task snapshot to create a Disk snapshot.
Added gcompute_address_ip client function.
Added gcompute_address_ref client function.
Added gcompute_global_address_ref client function.
Added gcompute_health_check_ref client function.
Added gcompute_target_http_proxy_ref client function.

Fixes

gcompute_instance { network_interfaces { subnetwork } } now accepts a reference to a gcompute_subnetwork resource instead of the GCP URL of a subnetwork
Improved validation of required parameter references

0.1.0 (2017-08-22)

Initial release


                              Apache License
                        Version 2.0, January 2004
                     http://www.apache.org/licenses/

TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

1. Definitions.

   "License" shall mean the terms and conditions for use, reproduction,
   and distribution as defined by Sections 1 through 9 of this document.

   "Licensor" shall mean the copyright owner or entity authorized by
   the copyright owner that is granting the License.

   "Legal Entity" shall mean the union of the acting entity and all
   other entities that control, are controlled by, or are under common
   control with that entity. For the purposes of this definition,
   "control" means (i) the power, direct or indirect, to cause the
   direction or management of such entity, whether by contract or
   otherwise, or (ii) ownership of fifty percent (50%) or more of the
   outstanding shares, or (iii) beneficial ownership of such entity.

   "You" (or "Your") shall mean an individual or Legal Entity
   exercising permissions granted by this License.

   "Source" form shall mean the preferred form for making modifications,
   including but not limited to software source code, documentation
   source, and configuration files.

   "Object" form shall mean any form resulting from mechanical
   transformation or translation of a Source form, including but
   not limited to compiled object code, generated documentation,
   and conversions to other media types.

   "Work" shall mean the work of authorship, whether in Source or
   Object form, made available under the License, as indicated by a
   copyright notice that is included in or attached to the work
   (an example is provided in the Appendix below).

   "Derivative Works" shall mean any work, whether in Source or Object
   form, that is based on (or derived from) the Work and for which the
   editorial revisions, annotations, elaborations, or other modifications
   represent, as a whole, an original work of authorship. For the purposes
   of this License, Derivative Works shall not include works that remain
   separable from, or merely link (or bind by name) to the interfaces of,
   the Work and Derivative Works thereof.

   "Contribution" shall mean any work of authorship, including
   the original version of the Work and any modifications or additions
   to that Work or Derivative Works thereof, that is intentionally
   submitted to Licensor for inclusion in the Work by the copyright owner
   or by an individual or Legal Entity authorized to submit on behalf of
   the copyright owner. For the purposes of this definition, "submitted"
   means any form of electronic, verbal, or written communication sent
   to the Licensor or its representatives, including but not limited to
   communication on electronic mailing lists, source code control systems,
   and issue tracking systems that are managed by, or on behalf of, the
   Licensor for the purpose of discussing and improving the Work, but
   excluding communication that is conspicuously marked or otherwise
   designated in writing by the copyright owner as "Not a Contribution."

   "Contributor" shall mean Licensor and any individual or Legal Entity
   on behalf of whom a Contribution has been received by Licensor and
   subsequently incorporated within the Work.

2. Grant of Copyright License. Subject to the terms and conditions of
   this License, each Contributor hereby grants to You a perpetual,
   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
   copyright license to reproduce, prepare Derivative Works of,
   publicly display, publicly perform, sublicense, and distribute the
   Work and such Derivative Works in Source or Object form.

3. Grant of Patent License. Subject to the terms and conditions of
   this License, each Contributor hereby grants to You a perpetual,
   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
   (except as stated in this section) patent license to make, have made,
   use, offer to sell, sell, import, and otherwise transfer the Work,
   where such license applies only to those patent claims licensable
   by such Contributor that are necessarily infringed by their
   Contribution(s) alone or by combination of their Contribution(s)
   with the Work to which such Contribution(s) was submitted. If You
   institute patent litigation against any entity (including a
   cross-claim or counterclaim in a lawsuit) alleging that the Work
   or a Contribution incorporated within the Work constitutes direct
   or contributory patent infringement, then any patent licenses
   granted to You under this License for that Work shall terminate
   as of the date such litigation is filed.

4. Redistribution. You may reproduce and distribute copies of the
   Work or Derivative Works thereof in any medium, with or without
   modifications, and in Source or Object form, provided that You
   meet the following conditions:

   (a) You must give any other recipients of the Work or
       Derivative Works a copy of this License; and

   (b) You must cause any modified files to carry prominent notices
       stating that You changed the files; and

   (c) You must retain, in the Source form of any Derivative Works
       that You distribute, all copyright, patent, trademark, and
       attribution notices from the Source form of the Work,
       excluding those notices that do not pertain to any part of
       the Derivative Works; and

   (d) If the Work includes a "NOTICE" text file as part of its
       distribution, then any Derivative Works that You distribute must
       include a readable copy of the attribution notices contained
       within such NOTICE file, excluding those notices that do not
       pertain to any part of the Derivative Works, in at least one
       of the following places: within a NOTICE text file distributed
       as part of the Derivative Works; within the Source form or
       documentation, if provided along with the Derivative Works; or,
       within a display generated by the Derivative Works, if and
       wherever such third-party notices normally appear. The contents
       of the NOTICE file are for informational purposes only and
       do not modify the License. You may add Your own attribution
       notices within Derivative Works that You distribute, alongside
       or as an addendum to the NOTICE text from the Work, provided
       that such additional attribution notices cannot be construed
       as modifying the License.

   You may add Your own copyright statement to Your modifications and
   may provide additional or different license terms and conditions
   for use, reproduction, or distribution of Your modifications, or
   for any such Derivative Works as a whole, provided Your use,
   reproduction, and distribution of the Work otherwise complies with
   the conditions stated in this License.

5. Submission of Contributions. Unless You explicitly state otherwise,
   any Contribution intentionally submitted for inclusion in the Work
   by You to the Licensor shall be under the terms and conditions of
   this License, without any additional terms or conditions.
   Notwithstanding the above, nothing herein shall supersede or modify
   the terms of any separate license agreement you may have executed
   with Licensor regarding such Contributions.

6. Trademarks. This License does not grant permission to use the trade
   names, trademarks, service marks, or product names of the Licensor,
   except as required for reasonable and customary use in describing the
   origin of the Work and reproducing the content of the NOTICE file.

7. Disclaimer of Warranty. Unless required by applicable law or
   agreed to in writing, Licensor provides the Work (and each
   Contributor provides its Contributions) on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
   implied, including, without limitation, any warranties or conditions
   of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
   PARTICULAR PURPOSE. You are solely responsible for determining the
   appropriateness of using or redistributing the Work and assume any
   risks associated with Your exercise of permissions under this License.

8. Limitation of Liability. In no event and under no legal theory,
   whether in tort (including negligence), contract, or otherwise,
   unless required by applicable law (such as deliberate and grossly
   negligent acts) or agreed to in writing, shall any Contributor be
   liable to You for damages, including any direct, indirect, special,
   incidental, or consequential damages of any character arising as a
   result of this License or out of the use or inability to use the
   Work (including but not limited to damages for loss of goodwill,
   work stoppage, computer failure or malfunction, or any and all
   other commercial damages or losses), even if such Contributor
   has been advised of the possibility of such damages.

9. Accepting Warranty or Additional Liability. While redistributing
   the Work or Derivative Works thereof, You may choose to offer,
   and charge a fee for, acceptance of support, warranty, indemnity,
   or other liability obligations and/or rights consistent with this
   License. However, in accepting such obligations, You may act only
   on Your own behalf and on Your sole responsibility, not on behalf
   of any other Contributor, and only if You agree to indemnify,
   defend, and hold each Contributor harmless for any liability
   incurred by, or claims asserted against, such Contributor by reason
   of your accepting any such warranty or additional liability.

END OF TERMS AND CONDITIONS

APPENDIX: How to apply the Apache License to your work.

   To apply the Apache License to your work, attach the following
   boilerplate notice, with the fields enclosed by brackets "[]"
   replaced with your own identifying information. (Don't include
   the brackets!)  The text should be enclosed in the appropriate
   comment syntax for the file format. We also recommend that a
   file or class name and description of purpose be included on the
   same "printed page" as the copyright notice for easier
   identification within third-party archives.

Copyright [yyyy] [name of copyright owner]

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Modules

Discover

Contribute

Puppet

Premium features

Downloads

Resources

About Forge

Getting Started

gcompute

Support the Puppet Community by contributing to this module

Version information

This version is compatible with:

Tasks:

Start using this module

Documentation

Google Compute Engine Puppet Module

Table of Contents

Module Description

Setup

Usage

Credentials

Examples

gcompute_address

gcompute_backend_bucket

gcompute_backend_service

gcompute_disk_type

gcompute_disk

gcompute_firewall

gcompute_forwarding_rule

gcompute_global_address

gcompute_global_forwarding_rule

gcompute_http_health_check

gcompute_https_health_check

gcompute_health_check

gcompute_instance_template

gcompute_license

gcompute_image

gcompute_instance

gcompute_instance_group

gcompute_instance_group_manager

gcompute_machine_type

gcompute_network

gcompute_region

gcompute_route

gcompute_router

gcompute_snapshot

gcompute_ssl_certificate

gcompute_subnetwork

gcompute_target_http_proxy

gcompute_target_https_proxy

gcompute_target_pool

gcompute_target_ssl_proxy

gcompute_target_tcp_proxy

gcompute_target_vpn_gateway

gcompute_url_map

gcompute_vpn_tunnel

gcompute_zone

Classes

Public classes

About output only properties

Parameters

gcompute_address

Reference Guides

Example

Reference

address

address_type

description

name

subnetwork

region

Output-only properties

gcompute_backend_bucket

Reference Guides

Example

Reference

bucket_name

description

enable_cdn

`gcompute_address`

`gcompute_backend_bucket`

`gcompute_backend_service`

`gcompute_disk_type`

`gcompute_disk`

`gcompute_firewall`

`gcompute_forwarding_rule`

`gcompute_global_address`

`gcompute_global_forwarding_rule`

`gcompute_http_health_check`

`gcompute_https_health_check`

`gcompute_health_check`

`gcompute_instance_template`

`gcompute_license`

`gcompute_image`

`gcompute_instance`

`gcompute_instance_group`

`gcompute_instance_group_manager`

`gcompute_machine_type`

`gcompute_network`

`gcompute_region`

`gcompute_route`

`gcompute_router`

`gcompute_snapshot`

`gcompute_ssl_certificate`

`gcompute_subnetwork`

`gcompute_target_http_proxy`

`gcompute_target_https_proxy`

`gcompute_target_pool`

`gcompute_target_ssl_proxy`

`gcompute_target_tcp_proxy`

`gcompute_target_vpn_gateway`

`gcompute_url_map`

`gcompute_vpn_tunnel`

`gcompute_zone`

`gcompute_address`

`address`

`address_type`

`description`

`name`

`subnetwork`

`region`

`gcompute_backend_bucket`

`bucket_name`

`description`

`enable_cdn`

`name`

`gcompute_backend_service`

`affinity_cookie_ttl_sec`

`backends`

`cdn_policy`

`connection_draining`

`description`

`enable_cdn`

`health_checks`

`iap`

`load_balancing_scheme`

`name`

`port_name`

`protocol`

`region`

`session_affinity`

`timeout_sec`

`gcompute_disk_type`

`name`

`zone`

`gcompute_disk`

`description`

`labels`

`licenses`

`name`

`size_gb`

`type`

`source_image`

`zone`

`source_image_encryption_key`