From 435e984f9eeb2be7fb7c332fdff76bfe6fea6618 Mon Sep 17 00:00:00 2001
From: jack <e601809@gmail.com>
Date: Sun, 14 Aug 2016 16:51:24 +0300
Subject: [PATCH] Firewall | Google Cloud Engine #27

---
 roles/google_cloud/tasks/main.yml | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/roles/google_cloud/tasks/main.yml b/roles/google_cloud/tasks/main.yml
index 34ec7135..dbe5c6c6 100644
--- a/roles/google_cloud/tasks/main.yml
+++ b/roles/google_cloud/tasks/main.yml
@@ -10,7 +10,7 @@
     image: ubuntu-1604
     service_account_email: "{{ credentials_file_lookup.client_email  }}"
     credentials_file: "{{ credentials_file  }}"
-    project_id: "{{ credentials_file_lookup.project_id  }}" 
+    project_id: "{{ credentials_file_lookup.project_id  }}"
     metadata: '{"sshKeys":"root:{{ ssh_public_key_lookup }}"}'
   register: google_vm
   
@@ -22,8 +22,22 @@
     ansible_python_interpreter: "/usr/bin/python2.7"
     dns_enabled: "{{ dns_enabled }}"
     auditd_enabled: " {{ auditd_enabled }}"
+    
+- name: Firewall configured
+  local_action:
+    module: gce_net
+    name: "{{ google_vm.instance_data[0].network }}"
+    fwname: "algo-ikev2"
+    allowed: "udp:500,4500;tcp:22"
+    state: "present"
+    src_range: 0.0.0.0/0
+    service_account_email: "{{ credentials_file_lookup.client_email  }}"
+    credentials_file: "{{ credentials_file  }}"
+    project_id: "{{ credentials_file_lookup.project_id  }}"
 
 - name: Wait for SSH to become available
   local_action: "wait_for port=22 host={{ google_vm.instance_data[0].public_ip }} timeout=320"
+  
+