Google Deployment Manager - Deploying a VPN (Forwarding Rule Problems)

[Charles Moore]

Hello,

Help here would be much appreciated, this is something I have been struggling with for awhile. I am trying to deploy a VPN using the Google Deployment Manager. From what I understand I need the following:

• VpnTargetGateway
• ForwardingRules
• VpnTunnels
• ReservedIP

I am having trouble with the ForwardingRules. This is where I specific my already created reserved IP address and assign it to my target gateway. Here is my code:

resources:

  - name: vmx-forwarding-rules

    type: compute.v1.forwardingRule

    properties:

      region: us-central1

      IPAddress: https://www.googleapis.com/compute/v1/projects/{{ env["project"] }/regions/us-central1/addresses/vmx-ip

      IPProtocol: "ESP"

      target: https://www.googleapis.com/compute/v1/projects/{{ env["project"] }/regions/us-central1/targetVpnGateways/vmx-vpn-gateway

Here is the error I receive:

 message: u"Unexpected response from resource of type compute.v1.forwardingRule: 400 {statusMessage=Bad Request, errors=[{message=Invalid value for field 'resource': ''.  A reserved IP should be specified for forwarding rule with target type TARGET_VPN_GATEWAY, domain=global, reason=invalid}]}">]>

Does anyone have any experience with this or know a better location to find help for Deployment Manager?

Thanks,

Charles

[Kamran (Google Cloud Support)]

Hello Charles,

In order to create ForwardingRules, for IPAddress property specify the value as the following format:

IPAddress: 1.2.3.4

Where 1.2.3.4 is your static IP address.

Sincerely,

[Charles Moore]

Hey Kamran,

The problem is that when I deploy a reserved IP address with Google Deployment Manager I will not know what the ip is unless I go into the developer console.

[Kamran (Google Cloud Support)]

Hey Charles,

Let me know if this resolves your deployment issue?

resources:

- name: vmx-ip

  type: compute.v1.address

  properties:

    region: us-central1

- name: vmx-forwarding-rules

  type: compute.v1.forwardingRule

  properties:

    region: us-central1

    IPAddress: $(ref.vmx-ip.address)

    IPProtocol: "ESP"

    target: https://www.googleapis.com/compute/v1/projects/{{ env["project"] }}/regions/us-central1/targetVpnGateways/vmx-vpn-gateway

Sincerely,

[Charles Moore]

Hey Kamran,

That did not work either, here is the error I receive now.

ERROR: (gcloud.deployment-manager.deployments.update) Error in Operation operation-1452290719752-528d9c8761f40-f707e0f5-553591ea: <ErrorValue

 errors: [<ErrorsValueListEntry

 code: u'CONDITION_NOT_MET'

 message: u'Referenced resource vmx-ip could not be found. At resource vmx-forwarding-esp.'>]>

Thanks for the help.

Charles

[Kamran (Google Cloud Support)]

Charles,

You will need to define your static IP resources (vmx-ip) in the same YAML file which forwarding rule resources are specified, otherwise it won't find the reference to the IP resource (see the example in my last post).

You can also open a feature request on Compute Engine public issue tracker, if in future you prefer to define IPAddress parameters in the following format: 

IPAddress : https://www.googleapis.com/compute/v1/projects/{{ env["project"] }}/regions/us-central1/addresses/vmx-ip

Sincerely,

[Charles Moore]

Thanks for the help Kamran, missed that you put the two in the same file there. I have it working now.