Gitiles
Code Review Sign In
gerrit.opencord.org / automation-tools / 6c6db95890dbc93f33e1afe814e110e74f228ba2^! / . / aether-playbook / inventory / template / group_vars / all.yml
commit6c6db95890dbc93f33e1afe814e110e74f228ba2[log] [tgz]
authorHyunsun Moon <hyunsun@opennetworking.org>Wed Mar 04 20:50:51 2020 -0800
committerHyunsun Moon <hyunsun.moon@gmail.com>Fri Mar 27 00:48:13 2020 +0000
tree56a9fe16b1c1acd43f94b9f95c65454c044568b1
parentde7fc2d790f26215772cbc6de300c95bf3dc189a [diff] [blame]
[EDGEPOD-226] Add installing strongswan to router role

Also fixed ansible-lint failures

Change-Id: I78fbab0a9e2f45ea4f5989c255f09b47ef01bdcc

diff --git a/aether-playbook/inventory/template/group_vars/all.yml b/aether-playbook/inventory/template/group_vars/all.yml
index fe33ebd..d513188 100644
--- a/aether-playbook/inventory/template/group_vars/all.yml
+++ b/aether-playbook/inventory/template/group_vars/all.yml

@@ -30,7 +30,6 @@
 docker_daemon_options:
   insecure-registries:
     - registry.central.aetherproject.net
-  iptables: false
 
 upf_sriov_enabled: true
 upf_sriov_pf: #SET_VALUE
@@ -42,15 +41,31 @@
 # UE pool (DO NOT CHANGE)
 ue_pool: 10.250.0.0/16
 
-# Enable to configure router to handle UE traffic to the Internet
-# Applicable only when using Ubuntu machine as a router now (VyOS is coming soon)
-router_setup_enabled: #SET_VALUE (true or false)
+# Configure VPN router
+# Only linux machine is supported as a router now (VyOS is coming soon)
 router_type: linux
-sgi_gateway_ip: #SET_VALUE
-s1u_gateway_ip: #SET_VALUE
-sgi_s1u_gateway_iface: #SET_VALUE
+
+# Enable to configure SGI and S1U network gateway and routings/SNAT for UE traffic
+router_enabled: #SET_VALUE (true or false)
+sgi_gateway_ip: #SET_VALUE (only required when router_enabled)
+s1u_gateway_ip: #SET_VALUE (only required when router_enabled)
+sgi_s1u_gateway_iface: #SET_VALUE (only required when router_enabled)
 netplan_config_file: /etc/netplan/sgi-s1u-gateway.yaml
 
+# Enable to configure IPSec tunnel to Aether Central
+vpn_enabled: #SET_VALUE (true or false)
+# Provide IP address of the VPN server
+# Provide private address of the VPN server if it is behind NAT
+vpn_local_addr: #SET_VALUE (only required when vpn_enabled)
+# Provide public address of the VPN server
+vpn_local_id: #SET_VALUE (only required when vpn_enabled)
+# Provide management network and K8S pod/service ranges
+vpn_local_subnets: #SET_VALUE (only required when vpn_enabled)
+vpn_remote_addr: #SET_VALUE (only required when vpn_enabled)
+# Remote subnet (DO NOT CHANGE)
+vpn_remote_subnets: 10.168.0.0/20,10.45.0.0/16,10.52.0.0/16
+vpn_psk: #GET_VALUE_FROM_AETHER_TEAM
+
 # Rancher cluster token and checksum (DO NOT CHANGE)
 rancher_cluster_token: #GET_VALUE_FROM_AETHER_TEAM
 rancher_ca_checksum: "7f7858afaa621e304d0d17fa22fd2005aa2f1acd0637f4026cab7bcc2fa43cd9"