As a cloud administrator, you can leverage the Google Cloud Platform (GCP) plug-in to provision plug-in based instance resources as you build out your infrastructure. You can also use allocation helpers to provide allocation logic for your Instances.

You can easily configure your instances to support your infrastructure needs using the latest GCP properties. For example, if you'd like to avoid disruptions to your Instances during an update, you can use the most_disruptive_allowed_action property in your cloud template during provisioning.

After you deploy your instance, you can run Day 2 actions to manage the resource, such as attaching additional disks to the resource.

To learn more about plug-ins and allocation in VMware Aria Automation, see Plug-in based designs and deployments in Automation Assembler.

Instance properties

The following properties are required for plug-in based instance resources.

See the Google Cloud REST documentation for a full list of instance properties. Resource properties in the GCP documentation are written in camelCase, where as resource properties in Automation Assembler are written in snake case.

name The name for the instance.

See Naming convention in the Google Cloud documentation for naming requirements.

zone The zone where the instance will be deployed.

See Regions and zones in the Google Cloud documentation for more information.

account The GCP cloud account for account regions to which your team deploys cloud templates.

See Create a Google Cloud Platform cloud account in VMware Aria Automation for more information.

The following section contains an example cloud template for provisioning plug-in based Instances in Automation Assembler.

Provisioning a shielded instance with a separate Disk resource

The following template shows how you might provision a shielded instance using allocation helpers. In this example, you create a disk and attach it to the shielded instance resource.

Before you deploy this template, complete the following steps:
  1. Create your GCP cloud account in Automation Assembler, create a project, and add your cloud zones.

    In this example, the cloud zone is europe-central2.

  2. Set up your image mapping for the project.

    The chosen image must support shielded instance features.

  3. Set up your flavor mapping for the project.

    In this example, the flavor n1 maps to the n1-standard-1 GCP machine type.

  4. Set up your network profile with the tag default in the same cloud zone to map to the default GCP network.
  5. If you are using an encryption key, you must create the key ring and key before you deploy the blueprint. This example template uses a global key ring. The key ID is passed as an input to the template. See the GCP Cloud Key Management Service documentation for more information.
formatVersion: 1
inputs:
  name:
    type: string
    title: VM name
  kms_key_name:
    type: string
    title: Full key name
    description: 'Example format for a global key ring: projects/<project>/locations/global/keyRings/<ring>/cryptoKeys/<key>'
resources:
  Allocations_Compute_1:
    type: Allocations.Compute
    properties: {}
  Allocations_Network_1:
    type: Allocations.Network
    properties:
      networkType: existing
      constraints:
        - tag: default
  Allocations_Flavor_1:
    type: Allocations.Flavor
    properties:
      flavor: n1
  Allocations_Image_1:
    type: Allocations.Image
    properties:
      image: centos-7-shielded
  BOOT_DISK:
    type: Idem.GCP.COMPUTE.DISK
    properties:
      name: idem-disk-${input.name}-boot
      account: ${resource.Allocations_Compute_1.selectedCloudAccount.name}
      zone: ${resource.Allocations_Compute_1.selectedPlacementCompute.id}
      type_: ${'projects/' + resource.Allocations_Compute_1.selectedCloudAccount.additionalProperties.gcp.project + '/zones/' + resource.Allocations_Compute_1.selectedPlacementCompute.id + '/diskTypes/pd-balanced'}
      size_gb: 20
      source_image: ${resource.Allocations_Image_1.selectedImageId}
      disk_encryption_key:
        kms_key_name: ${input.kms_key_name}
  Idem_GCP_COMPUTE_INSTANCE_1:
    type: Idem.GCP.COMPUTE.INSTANCE
    properties:
      name: ${input.name}
      zone: ${resource.Allocations_Compute_1.selectedPlacementCompute.id}
      account: ${resource.Allocations_Compute_1.selectedCloudAccount.name}
      can_ip_forward: false
      machine_type: ${'projects/' + resource.Allocations_Compute_1.selectedCloudAccount.additionalProperties.gcp.project + '/zones/' + resource.Allocations_Compute_1.selectedPlacementCompute.id + '/machineTypes/' + resource.Allocations_Flavor_1.selectedInstanceTypeName }
      shielded_instance_config:
        enable_integrity_monitoring: true
        enable_secure_boot: true
        enable_vtpm: true
      network_interfaces:
        - access_configs:
            - kind: compute#accessConfig
              name: External NAT
              network_tier: PREMIUM
              set_public_ptr: false
              type_: ONE_TO_ONE_NAT
          kind: compute#networkInterface
          name: nic0
          stack_type: IPV4_ONLY
          subnetwork: ${'projects/' + resource.Allocations_Compute_1.selectedCloudAccount.additionalProperties.gcp.project + '/regions/' + resource.Allocations_Compute_1.selectedRegion.id + '/subnetworks/' + resource.Allocations_Network_1.selectedSubnet.name }
      disks:
        - auto_delete: false
          boot: true
          device_name: ${resource.BOOT_DISK.name}
          source: ${resource.BOOT_DISK.resource_id}
          mode: READ_WRITE
          type_: PERSISTENT
        - auto_delete: false
          boot: false
          device_name: idem-disk-${input.name}-additional
          initialize_params:
            disk_size_gb: 15
            disk_type: ${'projects/' + resource.Allocations_Compute_1.selectedCloudAccount.additionalProperties.gcp.project + '/zones/' + resource.Allocations_Compute_1.selectedPlacementCompute.id + '/diskTypes/pd-balanced'}
          disk_encryption_key:
            kms_key_name: ${input.kms_key_name}
          mode: READ_WRITE
          type_: PERSISTENT
      scheduling:
        automatic_restart: true
        on_host_maintenance: MIGRATE
        preemptible: false
        provisioning_model: STANDARD
      deletion_protection: false