[EDGEPOD-226] Add installing strongswan to router role Also fixed ansible-lint failures Change-Id: I78fbab0a9e2f45ea4f5989c255f09b47ef01bdcc

commit: 6c6db95890dbc93f33e1afe814e110e74f228ba2 [log] [tgz]
author: Hyunsun Moon <hyunsun@opennetworking.org> Wed Mar 04 20:50:51 2020 -0800
committer: Hyunsun Moon <hyunsun.moon@gmail.com> Fri Mar 27 00:48:13 2020 +0000
tree: 56a9fe16b1c1acd43f94b9f95c65454c044568b1
parent: de7fc2d790f26215772cbc6de300c95bf3dc189a [diff]
diff --git a/aether-playbook/inventory/sample/group_vars/all.yml b/aether-playbook/inventory/sample/group_vars/all.yml
index c625f7f..97ccb41 100644
--- a/aether-playbook/inventory/sample/group_vars/all.yml
+++ b/aether-playbook/inventory/sample/group_vars/all.yml

@@ -34,7 +34,7 @@
 docker_version: 18.06.3~ce~3-0~ubuntu
 
 upf_sriov_enabled: true
-upf_sriov_pf: enp94s0f0
+upf_sriov_pf: ens802f0
 
 # SGI and S1U addresses for spgwu
 spgwu_sgi_ip: 192.168.250.4/24
@@ -43,15 +43,28 @@
 # UE pool (DO NOT CHANGE)
 ue_pool: 10.250.0.0/16
 
-# Enable to configure router to handle UE traffic to the Internet
-# Applicable only when using Ubuntu machine as a router now (VyOS is coming soon)
-router_setup_enabled: true
+# Configure VPN router
+# Only linux machine is supported as a router now (VyOS is coming soon)
 router_type: linux
+
+# Enable to configure SGI and S1U network gateway and routings/SNAT for UE traffic
+router_enabled: true
 sgi_gateway_ip: 192.168.250.254/24
 s1u_gateway_ip: 192.168.251.254/24
-sgi_s1u_gateway_iface: enp94s0f0
+sgi_s1u_gateway_iface: ens802f0
 netplan_config_file: /etc/netplan/sgi-s1u-gateway.yaml
 
+# Enable to configure IPSec tunnel to Aether Central
+vpn_enabled: true
+vpn_local_addr: 128.105.144.246
+vpn_local_id: 128.105.144.246
+# Provide management network and K8S pod/service ranges
+vpn_local_subnets: 10.212.73.0/24,10.56.0.0/16
+vpn_remote_addr: 34.94.146.56
+# Remote subnet (DO NOT CHANGE)
+vpn_remote_subnets: 10.168.0.0/20,10.45.0.0/16,10.52.0.0/16
+vpn_psk: T075X36ejt6qzaDHVG6Eunr6yynatdFI
+
 rancher_cluster_token: #HIDDEN
 rancher_ca_checksum: #HIDDEN
 

diff --git a/aether-playbook/inventory/sample/inventory.ini b/aether-playbook/inventory/sample/inventory.ini
index 1a8b175..e04694d 100644
--- a/aether-playbook/inventory/sample/inventory.ini
+++ b/aether-playbook/inventory/sample/inventory.ini

@@ -13,7 +13,7 @@
 # limitations under the License.
 
 # List of all nodes
-menlo-edge ansible_host=10.212.73.3
+menlo-edge ansible_host=10.92.1.32
 
 # Specify a node to run k8s control plane and etcd
 # Note that the number of the nodes must be odd

diff --git a/aether-playbook/inventory/template/group_vars/all.yml b/aether-playbook/inventory/template/group_vars/all.yml
index fe33ebd..d513188 100644
--- a/aether-playbook/inventory/template/group_vars/all.yml
+++ b/aether-playbook/inventory/template/group_vars/all.yml

@@ -30,7 +30,6 @@
 docker_daemon_options:
   insecure-registries:
     - registry.central.aetherproject.net
-  iptables: false
 
 upf_sriov_enabled: true
 upf_sriov_pf: #SET_VALUE
@@ -42,15 +41,31 @@
 # UE pool (DO NOT CHANGE)
 ue_pool: 10.250.0.0/16
 
-# Enable to configure router to handle UE traffic to the Internet
-# Applicable only when using Ubuntu machine as a router now (VyOS is coming soon)
-router_setup_enabled: #SET_VALUE (true or false)
+# Configure VPN router
+# Only linux machine is supported as a router now (VyOS is coming soon)
 router_type: linux
-sgi_gateway_ip: #SET_VALUE
-s1u_gateway_ip: #SET_VALUE
-sgi_s1u_gateway_iface: #SET_VALUE
+
+# Enable to configure SGI and S1U network gateway and routings/SNAT for UE traffic
+router_enabled: #SET_VALUE (true or false)
+sgi_gateway_ip: #SET_VALUE (only required when router_enabled)
+s1u_gateway_ip: #SET_VALUE (only required when router_enabled)
+sgi_s1u_gateway_iface: #SET_VALUE (only required when router_enabled)
 netplan_config_file: /etc/netplan/sgi-s1u-gateway.yaml
 
+# Enable to configure IPSec tunnel to Aether Central
+vpn_enabled: #SET_VALUE (true or false)
+# Provide IP address of the VPN server
+# Provide private address of the VPN server if it is behind NAT
+vpn_local_addr: #SET_VALUE (only required when vpn_enabled)
+# Provide public address of the VPN server
+vpn_local_id: #SET_VALUE (only required when vpn_enabled)
+# Provide management network and K8S pod/service ranges
+vpn_local_subnets: #SET_VALUE (only required when vpn_enabled)
+vpn_remote_addr: #SET_VALUE (only required when vpn_enabled)
+# Remote subnet (DO NOT CHANGE)
+vpn_remote_subnets: 10.168.0.0/20,10.45.0.0/16,10.52.0.0/16
+vpn_psk: #GET_VALUE_FROM_AETHER_TEAM
+
 # Rancher cluster token and checksum (DO NOT CHANGE)
 rancher_cluster_token: #GET_VALUE_FROM_AETHER_TEAM
 rancher_ca_checksum: "7f7858afaa621e304d0d17fa22fd2005aa2f1acd0637f4026cab7bcc2fa43cd9"
commit	6c6db95890dbc93f33e1afe814e110e74f228ba2	[log] [tgz]
author	Hyunsun Moon <hyunsun@opennetworking.org>	Wed Mar 04 20:50:51 2020 -0800
committer	Hyunsun Moon <hyunsun.moon@gmail.com>	Fri Mar 27 00:48:13 2020 +0000
tree	56a9fe16b1c1acd43f94b9f95c65454c044568b1
parent	de7fc2d790f26215772cbc6de300c95bf3dc189a [diff]