As a cloud administrator, you can leverage the Google Cloud Platform (GCP) plug-in to provision plug-in based instance resources as you build out your infrastructure. You can also use allocation helpers to provide allocation logic for your Instances.
You can easily configure your instances to support your infrastructure needs using the latest GCP properties. For example, if you'd like to avoid disruptions to your Instances during an update, you can use the most_disruptive_allowed_action
property in your cloud template during provisioning.
After you deploy your instance, you can run Day 2 actions to manage the resource, such as attaching additional disks to the resource.
To learn more about plug-ins and allocation in VMware Aria Automation, see Plug-in based designs and deployments in Automation Assembler
Instance properties
The following properties are required for plug-in based instance resources.
See the Google Cloud REST documentation for a full list of instance properties. Resource properties in the GCP documentation are written in camelCase, where as resource properties in Automation Assembler are written in snake case.
name |
The name for the instance. See Naming convention in the Google Cloud documentation for naming requirements. |
zone |
The zone where the instance will be deployed. See Regions and zones in the Google Cloud documentation for more information. |
account |
The GCP cloud account for account regions to which your team deploys cloud templates. See Create a Google Cloud Platform cloud account in VMware Aria Automation for more information. |
The following section contains an example cloud template for provisioning plug-in based Instances in Automation Assembler.
Provisioning a shielded instance with a separate Disk resource
The following template shows how you might provision a shielded instance using allocation helpers. In this example, you create a disk and attach it to the shielded instance resource.
- Create your GCP cloud account in Automation Assembler, create a project, and add your cloud zones.
In this example, the cloud zone is europe-central2.
- Set up your image mapping for the project.
The chosen image must support shielded instance features.
- Set up your flavor mapping for the project.
In this example, the flavor
n1
maps to the n1-standard-1 GCP machine type. - Set up your network profile with the tag
default
in the same cloud zone to map to the default GCP network. - If you are using an encryption key, you must create the key ring and key before you deploy the blueprint. This example template uses a global key ring. The key ID is passed as an input to the template. See the GCP Cloud Key Management Service documentation for more information.
formatVersion: 1 inputs: name: type: string title: VM name kms_key_name: type: string title: Full key name description: 'Example format for a global key ring: projects/<project>/locations/global/keyRings/<ring>/cryptoKeys/<key>' resources: Allocations_Compute_1: type: Allocations.Compute metadata: layoutPosition: - 0 - 0 properties: {} Allocations_Network_1: type: Allocations.Network metadata: layoutPosition: - 0 - 1 properties: networkType: existing constraints: - tag: default Allocations_Flavor_1: type: Allocations.Flavor metadata: layoutPosition: - 0 - 2 properties: flavor: n1 Allocations_Image_1: type: Allocations.Image metadata: layoutPosition: - 0 - 3 properties: image: centos-7-shielded BOOT_DISK: type: Idem.GCP.COMPUTE.DISK metadata: layoutPosition: - 1 - 1 properties: name: idem-disk-${input.name}-boot account: ${resource.Allocations_Compute_1.selectedCloudAccount.name} zone: ${resource.Allocations_Compute_1.selectedPlacementCompute.id} type_: ${'projects/' + resource.Allocations_Compute_1.selectedCloudAccount.additionalProperties.gcp.project + '/zones/' + resource.Allocations_Compute_1.selectedPlacementCompute.id + '/diskTypes/pd-balanced'} size_gb: 20 source_image: ${resource.Allocations_Image_1.selectedImageId} disk_encryption_key: kms_key_name: ${input.kms_key_name} Idem_GCP_COMPUTE_INSTANCE_1: type: Idem.GCP.COMPUTE.INSTANCE metadata: layoutPosition: - 2 - 2 properties: name: ${input.name} zone: ${resource.Allocations_Compute_1.selectedPlacementCompute.id} account: ${resource.Allocations_Compute_1.selectedCloudAccount.name} can_ip_forward: false machine_type: ${'projects/' + resource.Allocations_Compute_1.selectedCloudAccount.additionalProperties.gcp.project + '/zones/' + resource.Allocations_Compute_1.selectedPlacementCompute.id + '/machineTypes/' + resource.Allocations_Flavor_1.selectedInstanceTypeName } shielded_instance_config: enable_integrity_monitoring: true enable_secure_boot: true enable_vtpm: true network_interfaces: - access_configs: - kind: compute#accessConfig name: External NAT network_tier: PREMIUM set_public_ptr: false type_: ONE_TO_ONE_NAT kind: compute#networkInterface name: nic0 stack_type: IPV4_ONLY subnetwork: ${'projects/' + resource.Allocations_Compute_1.selectedCloudAccount.additionalProperties.gcp.project + '/regions/' + resource.Allocations_Compute_1.selectedRegion.id + '/subnetworks/' + resource.Allocations_Network_1.selectedSubnet.name } disks: - auto_delete: false boot: true device_name: ${resource.BOOT_DISK.name} source: ${resource.BOOT_DISK.resource_id} mode: READ_WRITE type_: PERSISTENT - auto_delete: false boot: false device_name: idem-disk-${input.name}-additional initialize_params: disk_size_gb: 15 disk_type: ${'projects/' + resource.Allocations_Compute_1.selectedCloudAccount.additionalProperties.gcp.project + '/zones/' + resource.Allocations_Compute_1.selectedPlacementCompute.id + '/diskTypes/pd-balanced'} disk_encryption_key: kms_key_name: ${input.kms_key_name} mode: READ_WRITE type_: PERSISTENT scheduling: automatic_restart: true on_host_maintenance: MIGRATE preemptible: false provisioning_model: STANDARD deletion_protection: false