google.cloud.gcp_compute_backend_service 设置安全策略

google.cloud.gcp_compute_backend_service setting securityPolicy

我尝试创建一个 gcp 后端服务。下面的 ansible 模块被用于:

google.cloud.gcp_compute_backend_service

正在创建后端服务,但未分配 securitypolicy

- name: create a global backend service
  google.cloud.gcp_compute_backend_service:
    name: test
    protocol: **
    load_balancing_scheme: EXTERNAL
    backends: **
    security_policy: armor_ssl_policy_1
    enable_cdn: no
    state: present
    project: test
    auth_kind: "serviceaccount"
    service_account_file: ouauthfile
    .
    .
    .

不确定哪里做错了,有人可以指正吗?

我也尝试过传递字符串和自链接,但没有成功。

我试过create a GCP backend service with Ansible just as you did and I was successfull - however - the same thing happened - it was created without the security policy赋值。

我已经预先创建了一个实例组和健康检查,所以我只关注一个服务;我的 playbook 看起来像这样:

- name: Create Backend Service
  hosts: localhost

  vars:
    service_account_file: /home/wb/key.json
    project: xxxx
    auth_kind: serviceaccount
    scopes:
      - https://www.googleapis.com/auth/compute

  tasks:

   - name: create a backend service
     gcp_compute_backend_service:
         name: ansible-service
         security_policy: test-pol
         backends:
         - group: "https://www.googleapis.com/compute/v1/projects/xxxx/zones/europe-central2-a/instan$
         health_checks:
         - "https://www.googleapis.com/compute/v1/projects/xxxx/global/healthChecks/ssh-hc"
         enable_cdn: 'false'
         project: "{{ project }}"
         auth_kind: "{{ auth_kind }}"
         service_account_file: "{{ service_account_file }}"
         scopes: "{{ scopes }}"
         state: present

服务已创建,但尚未分配安全策略。

根据 Ansible 文档,

securityPolicy 参数是 string 类型。我尝试使用 ' 和 " - 即使是完整的 GCP selfLink(用于策略)也绝对没有成功,也没有错误消息。

我发现补救的唯一方法(使用 CLI)是 运行 gcloud compute backend-services update ansible-service --security-policy=test-pol 或尝试直接调用 API(尚未尝试)。

在我看来,此时调用 GCP 的 ansible 模块存在问题 API。

我建议您向 Google 的 IssueTracker if some features doesn't work as you expected. You can also try reporting this to Ansible 团队提交问题,并在 IssueTracker 上引用该问题(如果您决定报告),这样他们甚至可以在此过程中进行交流。