update ansible example

Author: ranbel

src/content/docs/cloudflare-one/connections/connect-networks/deployment-guides/ansible.mdx

@@ -16,7 +16,7 @@ Ansible works alongside Terraform to streamline the Cloudflare Tunnel setup proc
 To complete the steps in this guide, you will need:
 
 - [A Google Cloud Project](https://cloud.google.com/resource-manager/docs/creating-managing-projects#creating_a_project) and [GCP CLI installed and authenticated](https://cloud.google.com/sdk/docs/install).
-- [Basic knowledge of Terraform](/cloudflare-one/connections/connect-networks/deployment-guides/terraform/) and[Terraform installed](https://developer.hashicorp.com/terraform/tutorials/certification-associate-tutorials/install-cli).
+- [Basic knowledge of Terraform](/cloudflare-one/connections/connect-networks/deployment-guides/terraform/) and [Terraform installed](https://developer.hashicorp.com/terraform/tutorials/certification-associate-tutorials/install-cli).
 - [A zone on Cloudflare](/fundamentals/setup/manage-domains/add-site/).
 - [A Cloudflare API token](/fundamentals/api/get-started/create-token/) with `Cloudflare Tunnel` and `DNS` permissions.
 
@@ -134,47 +134,6 @@ The following configuration will modify settings in your Cloudflare account.
 				]
 			}
 		}
-
-		# (Optional) Routes internal IP of GCP instance through the tunnel for private network access using WARP.
-		resource "cloudflare_zero_trust_tunnel_cloudflared_route" "example_tunnel_route" {
-		account_id         = var.cloudflare_account_id
-		tunnel_id          = cloudflare_zero_trust_tunnel_cloudflared.gcp_tunnel.id
-		network            = google_compute_instance.http_server.network_interface.0.network_ip
-		comment            = "Example tunnel route"
-		}
-
-		# Creates a reusable Access policy.
-		resource "cloudflare_zero_trust_access_policy" "allow_emails" {
-			account_id   = var.cloudflare_account_id
-			name         = "Allow email addresses"
-			decision     = "allow"
-			include      = [
-				{
-					email = {
-						email = var.cloudflare_email
-					}
-				},
-				{
-					email_domain = {
-						domain = "@example.com"
-					}
-				}
-			]
-		}
-
-		# Creates an Access application to control who can connect to the public hostname.
-		resource "cloudflare_zero_trust_access_application" "http_app" {
-			account_id       = var.cloudflare_account_id
-			type             = "self_hosted"
-			name             = "Access application for http_app.${var.cloudflare_zone}"
-			domain           = "http_app.${var.cloudflare_zone}"
-			policies = [
-				{
-					id = cloudflare_zero_trust_access_policy.allow_emails.id
-					precedence = 1
-				}
-			]
-		}
 		```
 
 ### Configure GCP resources
@@ -197,7 +156,7 @@ The following configuration defines the specifications for the GCP virtual machi
    }
 
    # Sets up a GCP VM instance.
-   resource "google_compute_instance" "origin" {
+   resource "google_compute_instance" "http_server" {
    name         = "ansible-inst"
    machine_type = var.machine_type
    zone         = var.zone
@@ -248,7 +207,7 @@ The following configuration defines the specifications for the GCP virtual machi
 
 ### Export variables to Ansible
 
-The following Terraform resource exports the tunnel ID and other variables to `tf_ansible_vars_file.yml`. Ansible will use this data to configure and run `cloudflared` on the server.
+The following Terraform resource exports the [tunnel token](/cloudflare-one/connections/connect-networks/configure-tunnels/remote-tunnel-permissions/) and other variables to `tf_ansible_vars_file.yml`. Ansible will use the tunnel token to configure and run `cloudflared` on the server.
 
 1. In your configuration directory, create a new `tf` file:
 
@@ -263,10 +222,8 @@ The following Terraform resource exports the tunnel ID and other variables to `t
 			content = <<-DOC
 				# Ansible vars_file containing variable values from Terraform.
 				tunnel_id: ${cloudflare_zero_trust_tunnel_cloudflared.gcp_tunnel.id}
-				account: ${var.cloudflare_account_id}
 				tunnel_name: ${cloudflare_zero_trust_tunnel_cloudflared.gcp_tunnel.name}
 				tunnel_token: ${data.cloudflare_zero_trust_tunnel_cloudflared_token.gcp_tunnel_token.token}
-				zone: ${var.cloudflare_zone}
 				DOC
 
 			filename = "./tf_ansible_vars_file.yml"
@@ -298,38 +255,27 @@ Ansible playbooks are YAML files that declare the configuration Ansible will dep
       shell: wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
     - name: Depackage cloudflared.
       shell: sudo dpkg -i cloudflared-linux-amd64.deb
-    - name: Create a cloudflared service directory.
-      shell: mkdir -p /etc/cloudflared/
-    - name: Create the config file for cloudflared and define the ingress rules for the tunnel.
-      copy:
-        dest: "/etc/cloudflared/config.yml"
-        content: |
-          tunnel: "{{ tunnel_id }}"
-          credentials-file: /etc/cloudflared/cert.json
-          logfile: /var/log/cloudflared.log
-          loglevel: info
-          ingress:
-            - hostname: "ssh_app.{{ zone }}"
-              service: ssh://localhost:22
-            - service: http_status:404
-    - name: Create the tunnel credentials file for cloudflared.
-      copy:
-        dest: "/etc/cloudflared/cert.json"
-        content: |
-          {
-            "AccountTag"   : "{{ account | quote }}",
-            "TunnelID"     : "{{ tunnel_id | quote }}",
-            "TunnelName"   : "{{ tunnel_name | quote }}",
-            "TunnelSecret" : "{{ secret | quote }}"
-          }
     - name: Install the tunnel as a systemd service.
-      shell: cloudflared service install
+      shell: "cloudflared service install {{ tunnel_token }}"
     - name: Start the tunnel.
       systemd:
         name: cloudflared
         state: started
         enabled: true
         masked: no
+    - name: Deploy an example Apache web server on port 80.
+      shell: apt update && apt -y install apache2
+    - name: Edit the default Apache index file.
+      copy:
+        dest: /var/www/html/index.html
+        content: |
+          <!DOCTYPE html>
+          <html>
+          <body>
+            <h1>Hello Cloudflare!</h1>
+            <p>This page was created for a Cloudflare demo.</p>
+          </body>
+          </html>
 ```
 
 [Keywords](https://docs.ansible.com/ansible/latest/reference_appendices/playbooks_keywords.html#play) define how Ansible will execute the configuration. In the example above, the `vars_files` keyword specifies where variable definitions are stored, and the `tasks` keyword specifies the actions Ansible will perform.
@@ -362,4 +308,4 @@ It may take several minutes for the GCP instance and tunnel to come online. You
 
 ## 7. Test the connection
 
-You can now SSH to the GCP server through the new `ssh_app.<zone>` hostname. For instructions on how to connect, refer to our [SSH guide](/cloudflare-one/connections/connect-networks/use-cases/ssh/).
+To test, open a browser and go to `http://http_app.<CLOUDFLARE_ZONE>.com` (for example, `http_app.example.com`). You should see the **Hello Cloudflare!** test page.