As a cloud administrator, you can leverage the Google Cloud Platform (GCP) plug-in to provision plug-in based instance resources as you build out your infrastructure. You can also use allocation helpers to provide allocation logic for your Instances.
You can easily configure your instances to support your infrastructure needs using the latest GCP properties. For example, if you'd like to avoid disruptions to your Instances during an update, you can use the most_disruptive_allowed_action property in your cloud template during provisioning.
After you deploy your instance, you can run Day 2 actions to manage the resource, such as attaching additional disks to the resource.
To learn more about plug-ins and allocation in VMware Aria Automation, see Plug-in based designs and deployments in Automation Assembler.
Instance properties
The following properties are required for plug-in based instance resources.
See the Google Cloud REST documentation for a full list of instance properties. Resource properties in the GCP documentation are written in camelCase, where as resource properties in Automation Assembler are written in snake case.
name |
The name for the instance. See Naming convention in the Google Cloud documentation for naming requirements. |
zone |
The zone where the instance will be deployed. See Regions and zones in the Google Cloud documentation for more information. |
account |
The GCP cloud account for account regions to which your team deploys cloud templates. See Create a Google Cloud Platform cloud account in VMware Aria Automation for more information. |
The following section contains an example cloud template for provisioning plug-in based Instances in Automation Assembler.
Provisioning a shielded instance with a separate Disk resource
The following template shows how you might provision a shielded instance using allocation helpers. In this example, you create a disk and attach it to the shielded instance resource.
- Create your GCP cloud account in Automation Assembler, create a project, and add your cloud zones.
In this example, the cloud zone is europe-central2.
- Set up your image mapping for the project.
The chosen image must support shielded instance features.
- Set up your flavor mapping for the project.
In this example, the flavor
n1maps to the n1-standard-1 GCP machine type. - Set up your network profile with the tag
defaultin the same cloud zone to map to the default GCP network. - If you are using an encryption key, you must create the key ring and key before you deploy the blueprint. This example template uses a global key ring. The key ID is passed as an input to the template. See the GCP Cloud Key Management Service documentation for more information.
formatVersion: 1
inputs:
name:
type: string
title: VM name
kms_key_name:
type: string
title: Full key name
description: 'Example format for a global key ring: projects/<project>/locations/global/keyRings/<ring>/cryptoKeys/<key>'
resources:
Allocations_Compute_1:
type: Allocations.Compute
properties: {}
Allocations_Network_1:
type: Allocations.Network
properties:
networkType: existing
constraints:
- tag: default
Allocations_Flavor_1:
type: Allocations.Flavor
properties:
flavor: n1
Allocations_Image_1:
type: Allocations.Image
properties:
image: centos-7-shielded
BOOT_DISK:
type: Idem.GCP.COMPUTE.DISK
properties:
name: idem-disk-${input.name}-boot
account: ${resource.Allocations_Compute_1.selectedCloudAccount.name}
zone: ${resource.Allocations_Compute_1.selectedPlacementCompute.id}
type_: ${'projects/' + resource.Allocations_Compute_1.selectedCloudAccount.additionalProperties.gcp.project + '/zones/' + resource.Allocations_Compute_1.selectedPlacementCompute.id + '/diskTypes/pd-balanced'}
size_gb: 20
source_image: ${resource.Allocations_Image_1.selectedImageId}
disk_encryption_key:
kms_key_name: ${input.kms_key_name}
Idem_GCP_COMPUTE_INSTANCE_1:
type: Idem.GCP.COMPUTE.INSTANCE
properties:
name: ${input.name}
zone: ${resource.Allocations_Compute_1.selectedPlacementCompute.id}
account: ${resource.Allocations_Compute_1.selectedCloudAccount.name}
can_ip_forward: false
machine_type: ${'projects/' + resource.Allocations_Compute_1.selectedCloudAccount.additionalProperties.gcp.project + '/zones/' + resource.Allocations_Compute_1.selectedPlacementCompute.id + '/machineTypes/' + resource.Allocations_Flavor_1.selectedInstanceTypeName }
shielded_instance_config:
enable_integrity_monitoring: true
enable_secure_boot: true
enable_vtpm: true
network_interfaces:
- access_configs:
- kind: compute#accessConfig
name: External NAT
network_tier: PREMIUM
set_public_ptr: false
type_: ONE_TO_ONE_NAT
kind: compute#networkInterface
name: nic0
stack_type: IPV4_ONLY
subnetwork: ${'projects/' + resource.Allocations_Compute_1.selectedCloudAccount.additionalProperties.gcp.project + '/regions/' + resource.Allocations_Compute_1.selectedRegion.id + '/subnetworks/' + resource.Allocations_Network_1.selectedSubnet.name }
disks:
- auto_delete: false
boot: true
device_name: ${resource.BOOT_DISK.name}
source: ${resource.BOOT_DISK.resource_id}
mode: READ_WRITE
type_: PERSISTENT
- auto_delete: false
boot: false
device_name: idem-disk-${input.name}-additional
initialize_params:
disk_size_gb: 15
disk_type: ${'projects/' + resource.Allocations_Compute_1.selectedCloudAccount.additionalProperties.gcp.project + '/zones/' + resource.Allocations_Compute_1.selectedPlacementCompute.id + '/diskTypes/pd-balanced'}
disk_encryption_key:
kms_key_name: ${input.kms_key_name}
mode: READ_WRITE
type_: PERSISTENT
scheduling:
automatic_restart: true
on_host_maintenance: MIGRATE
preemptible: false
provisioning_model: STANDARD
deletion_protection: false
