GCE: Static external ip (optional) (#1125)

2025-04-19 15:47:11 +02:00 · 2018-09-27 11:18:00 +03:00 · 2018-09-27 11:18:00 +03:00 · 6c0753e3b8
commit 6c0753e3b8
parent 810358f1cc
2 changed files with 22 additions and 4 deletions
--- a/config.cfg
+++ b/config.cfg
@ -83,7 +83,7 @@ congrats:
  p12_pass: |
    "#        The p12 and SSH keys password for new users is {{ p12_export_password }}       #"
  ca_key_pass: |
-    "#        The CA key password is {{ CA_password }}       #"    
+    "#        The CA key password is {{ CA_password }}       #"
  ssh_access: |
    "#      Shell access: ssh -i {{ ansible_ssh_private_key_file|default(omit) }} {{ ansible_ssh_user|default(omit) }}@{{ ansible_ssh_host|default(omit) }}        #"

@ -101,9 +101,9 @@ cloud_providers:
    image: "ubuntu-18-04-x64"
  # Change the encrypted flag to "true" to enable AWS volume encryption, for encryption of data at rest.
  # Warning: the Algo script will take approximately 6 minutes longer to complete.
-  # Also note that the documented AWS minimum permissions aren't sufficient. 
-  # You will have to edit the AWS user policy documented at 
-  # https://github.com/trailofbits/algo/blob/master/docs/cloud-amazon-ec2.md to also allow "ec2:CopyImage". 
+  # Also note that the documented AWS minimum permissions aren't sufficient.
+  # You will have to edit the AWS user policy documented at
+  # https://github.com/trailofbits/algo/blob/master/docs/cloud-amazon-ec2.md to also allow "ec2:CopyImage".
  # See https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-edit.html
  ec2:
    encrypted: false
@ -114,6 +114,7 @@ cloud_providers:
  gce:
    size: f1-micro
    image: ubuntu-1804
+    external_static_ip: false
  lightsail:
    size: nano_1_0
    image: ubuntu_16_04
--- a/roles/cloud-gce/tasks/main.yml
+++ b/roles/cloud-gce/tasks/main.yml
@ -14,10 +14,27 @@
        credentials_file: "{{ credentials_file_path  }}"
        project_id: "{{ project_id }}"

+    - block:
+      - name: External IP allocated
+        gce_eip:
+          service_account_email: "{{ service_account_email }}"
+          credentials_file: "{{ credentials_file_path }}"
+          project_id: "{{ project_id }}"
+          name: "{{ algo_server_name }}"
+          region: "{{ algo_region.split('-')[0:2] | join('-') }}"
+          state: present
+        register: gce_eip
+
+      - name: Set External IP as a fact
+        set_fact:
+          external_ip: "{{ gce_eip.address }}"
+      when: cloud_providers.gce.external_static_ip
+
    - name: "Creating a new instance..."
      gce:
        instance_names: "{{ algo_server_name }}"
        zone: "{{ algo_region }}"
+        external_ip: "{{ external_ip | default('ephemeral') }}"
        machine_type: "{{ cloud_providers.gce.size }}"
        image: "{{ cloud_providers.gce.image }}"
        service_account_email: "{{ service_account_email }}"