Gitiles
Code Review Sign In
gerrit.opencord.org / automation-tools / 6c6db95890dbc93f33e1afe814e110e74f228ba2^! / . / aether-playbook / inventory / sample
commit6c6db95890dbc93f33e1afe814e110e74f228ba2[log] [tgz]
authorHyunsun Moon <hyunsun@opennetworking.org>Wed Mar 04 20:50:51 2020 -0800
committerHyunsun Moon <hyunsun.moon@gmail.com>Fri Mar 27 00:48:13 2020 +0000
tree56a9fe16b1c1acd43f94b9f95c65454c044568b1
parentde7fc2d790f26215772cbc6de300c95bf3dc189a [diff]
[EDGEPOD-226] Add installing strongswan to router role

Also fixed ansible-lint failures

Change-Id: I78fbab0a9e2f45ea4f5989c255f09b47ef01bdcc

diff --git a/aether-playbook/inventory/sample/group_vars/all.yml b/aether-playbook/inventory/sample/group_vars/all.yml
index c625f7f..97ccb41 100644
--- a/aether-playbook/inventory/sample/group_vars/all.yml
+++ b/aether-playbook/inventory/sample/group_vars/all.yml

@@ -34,7 +34,7 @@
 docker_version: 18.06.3~ce~3-0~ubuntu
 
 upf_sriov_enabled: true
-upf_sriov_pf: enp94s0f0
+upf_sriov_pf: ens802f0
 
 # SGI and S1U addresses for spgwu
 spgwu_sgi_ip: 192.168.250.4/24
@@ -43,15 +43,28 @@
 # UE pool (DO NOT CHANGE)
 ue_pool: 10.250.0.0/16
 
-# Enable to configure router to handle UE traffic to the Internet
-# Applicable only when using Ubuntu machine as a router now (VyOS is coming soon)
-router_setup_enabled: true
+# Configure VPN router
+# Only linux machine is supported as a router now (VyOS is coming soon)
 router_type: linux
+
+# Enable to configure SGI and S1U network gateway and routings/SNAT for UE traffic
+router_enabled: true
 sgi_gateway_ip: 192.168.250.254/24
 s1u_gateway_ip: 192.168.251.254/24
-sgi_s1u_gateway_iface: enp94s0f0
+sgi_s1u_gateway_iface: ens802f0
 netplan_config_file: /etc/netplan/sgi-s1u-gateway.yaml
 
+# Enable to configure IPSec tunnel to Aether Central
+vpn_enabled: true
+vpn_local_addr: 128.105.144.246
+vpn_local_id: 128.105.144.246
+# Provide management network and K8S pod/service ranges
+vpn_local_subnets: 10.212.73.0/24,10.56.0.0/16
+vpn_remote_addr: 34.94.146.56
+# Remote subnet (DO NOT CHANGE)
+vpn_remote_subnets: 10.168.0.0/20,10.45.0.0/16,10.52.0.0/16
+vpn_psk: T075X36ejt6qzaDHVG6Eunr6yynatdFI
+
 rancher_cluster_token: #HIDDEN
 rancher_ca_checksum: #HIDDEN
 

diff --git a/aether-playbook/inventory/sample/inventory.ini b/aether-playbook/inventory/sample/inventory.ini
index 1a8b175..e04694d 100644
--- a/aether-playbook/inventory/sample/inventory.ini
+++ b/aether-playbook/inventory/sample/inventory.ini

@@ -13,7 +13,7 @@
 # limitations under the License.
 
 # List of all nodes
-menlo-edge ansible_host=10.212.73.3
+menlo-edge ansible_host=10.92.1.32
 
 # Specify a node to run k8s control plane and etcd
 # Note that the number of the nodes must be odd