From 6c0753e3b89991e7ce0832bb297fd8d0eaf70c81 Mon Sep 17 00:00:00 2001
From: Jack Ivanov <17044561+jackivanov@users.noreply.github.com>
Date: Thu, 27 Sep 2018 11:18:00 +0300
Subject: [PATCH] GCE: Static external ip (optional) (#1125)

---
 config.cfg                     |  9 +++++----
 roles/cloud-gce/tasks/main.yml | 17 +++++++++++++++++
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/config.cfg b/config.cfg
index 0967d26..fe6bbfd 100644
--- a/config.cfg
+++ b/config.cfg
@@ -83,7 +83,7 @@ congrats:
   p12_pass: |
     "#        The p12 and SSH keys password for new users is {{ p12_export_password }}       #"
   ca_key_pass: |
-    "#        The CA key password is {{ CA_password }}       #"    
+    "#        The CA key password is {{ CA_password }}       #"
   ssh_access: |
     "#      Shell access: ssh -i {{ ansible_ssh_private_key_file|default(omit) }} {{ ansible_ssh_user|default(omit) }}@{{ ansible_ssh_host|default(omit) }}        #"
 
@@ -101,9 +101,9 @@ cloud_providers:
     image: "ubuntu-18-04-x64"
   # Change the encrypted flag to "true" to enable AWS volume encryption, for encryption of data at rest.
   # Warning: the Algo script will take approximately 6 minutes longer to complete.
-  # Also note that the documented AWS minimum permissions aren't sufficient. 
-  # You will have to edit the AWS user policy documented at 
-  # https://github.com/trailofbits/algo/blob/master/docs/cloud-amazon-ec2.md to also allow "ec2:CopyImage". 
+  # Also note that the documented AWS minimum permissions aren't sufficient.
+  # You will have to edit the AWS user policy documented at
+  # https://github.com/trailofbits/algo/blob/master/docs/cloud-amazon-ec2.md to also allow "ec2:CopyImage".
   # See https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-edit.html
   ec2:
     encrypted: false
@@ -114,6 +114,7 @@ cloud_providers:
   gce:
     size: f1-micro
     image: ubuntu-1804
+    external_static_ip: false
   lightsail:
     size: nano_1_0
     image: ubuntu_16_04
diff --git a/roles/cloud-gce/tasks/main.yml b/roles/cloud-gce/tasks/main.yml
index 8dad0a0..8af6ff8 100644
--- a/roles/cloud-gce/tasks/main.yml
+++ b/roles/cloud-gce/tasks/main.yml
@@ -14,10 +14,27 @@
         credentials_file: "{{ credentials_file_path  }}"
         project_id: "{{ project_id }}"
 
+    - block:
+      - name: External IP allocated
+        gce_eip:
+          service_account_email: "{{ service_account_email }}"
+          credentials_file: "{{ credentials_file_path }}"
+          project_id: "{{ project_id }}"
+          name: "{{ algo_server_name }}"
+          region: "{{ algo_region.split('-')[0:2] | join('-') }}"
+          state: present
+        register: gce_eip
+
+      - name: Set External IP as a fact
+        set_fact:
+          external_ip: "{{ gce_eip.address }}"
+      when: cloud_providers.gce.external_static_ip
+
     - name: "Creating a new instance..."
       gce:
         instance_names: "{{ algo_server_name }}"
         zone: "{{ algo_region }}"
+        external_ip: "{{ external_ip | default('ephemeral') }}"
         machine_type: "{{ cloud_providers.gce.size }}"
         image: "{{ cloud_providers.gce.image }}"
         service_account_email: "{{ service_account_email }}"