google.cloud.gcp_compute_backend_service 设置安全策略
google.cloud.gcp_compute_backend_service setting securityPolicy
我尝试创建一个 gcp 后端服务。下面的 ansible 模块被用于:
google.cloud.gcp_compute_backend_service
正在创建后端服务,但未分配 securitypolicy
。
- name: create a global backend service
google.cloud.gcp_compute_backend_service:
name: test
protocol: **
load_balancing_scheme: EXTERNAL
backends: **
security_policy: armor_ssl_policy_1
enable_cdn: no
state: present
project: test
auth_kind: "serviceaccount"
service_account_file: ouauthfile
.
.
.
不确定哪里做错了,有人可以指正吗?
我也尝试过传递字符串和自链接,但没有成功。
我试过create a GCP backend service with Ansible just as you did and I was successfull - however - the same thing happened - it was created without the security policy赋值。
我已经预先创建了一个实例组和健康检查,所以我只关注一个服务;我的 playbook
看起来像这样:
- name: Create Backend Service
hosts: localhost
vars:
service_account_file: /home/wb/key.json
project: xxxx
auth_kind: serviceaccount
scopes:
- https://www.googleapis.com/auth/compute
tasks:
- name: create a backend service
gcp_compute_backend_service:
name: ansible-service
security_policy: test-pol
backends:
- group: "https://www.googleapis.com/compute/v1/projects/xxxx/zones/europe-central2-a/instan$
health_checks:
- "https://www.googleapis.com/compute/v1/projects/xxxx/global/healthChecks/ssh-hc"
enable_cdn: 'false'
project: "{{ project }}"
auth_kind: "{{ auth_kind }}"
service_account_file: "{{ service_account_file }}"
scopes: "{{ scopes }}"
state: present
服务已创建,但尚未分配安全策略。
根据 Ansible 文档,securityPolicy
参数是 string
类型。我尝试使用 ' 和 " - 即使是完整的 GCP selfLink(用于策略)也绝对没有成功,也没有错误消息。
我发现补救的唯一方法(使用 CLI)是 运行 gcloud compute backend-services update ansible-service --security-policy=test-pol
或尝试直接调用 API(尚未尝试)。
在我看来,此时调用 GCP 的 ansible 模块存在问题 API。
我建议您向 Google 的 IssueTracker if some features doesn't work as you expected. You can also try reporting this to Ansible 团队提交问题,并在 IssueTracker 上引用该问题(如果您决定报告),这样他们甚至可以在此过程中进行交流。
我尝试创建一个 gcp 后端服务。下面的 ansible 模块被用于:
google.cloud.gcp_compute_backend_service
正在创建后端服务,但未分配 securitypolicy
。
- name: create a global backend service
google.cloud.gcp_compute_backend_service:
name: test
protocol: **
load_balancing_scheme: EXTERNAL
backends: **
security_policy: armor_ssl_policy_1
enable_cdn: no
state: present
project: test
auth_kind: "serviceaccount"
service_account_file: ouauthfile
.
.
.
不确定哪里做错了,有人可以指正吗?
我也尝试过传递字符串和自链接,但没有成功。
我试过create a GCP backend service with Ansible just as you did and I was successfull - however - the same thing happened - it was created without the security policy赋值。
我已经预先创建了一个实例组和健康检查,所以我只关注一个服务;我的 playbook
看起来像这样:
- name: Create Backend Service
hosts: localhost
vars:
service_account_file: /home/wb/key.json
project: xxxx
auth_kind: serviceaccount
scopes:
- https://www.googleapis.com/auth/compute
tasks:
- name: create a backend service
gcp_compute_backend_service:
name: ansible-service
security_policy: test-pol
backends:
- group: "https://www.googleapis.com/compute/v1/projects/xxxx/zones/europe-central2-a/instan$
health_checks:
- "https://www.googleapis.com/compute/v1/projects/xxxx/global/healthChecks/ssh-hc"
enable_cdn: 'false'
project: "{{ project }}"
auth_kind: "{{ auth_kind }}"
service_account_file: "{{ service_account_file }}"
scopes: "{{ scopes }}"
state: present
服务已创建,但尚未分配安全策略。
根据 Ansible 文档,securityPolicy
参数是 string
类型。我尝试使用 ' 和 " - 即使是完整的 GCP selfLink(用于策略)也绝对没有成功,也没有错误消息。
我发现补救的唯一方法(使用 CLI)是 运行 gcloud compute backend-services update ansible-service --security-policy=test-pol
或尝试直接调用 API(尚未尝试)。
在我看来,此时调用 GCP 的 ansible 模块存在问题 API。
我建议您向 Google 的 IssueTracker if some features doesn't work as you expected. You can also try reporting this to Ansible 团队提交问题,并在 IssueTracker 上引用该问题(如果您决定报告),这样他们甚至可以在此过程中进行交流。