sample_parameters/PAS_only/nsx_pipeline_config.yml

### Configs marked OPTIONAL below can be removed from the param file
### if they are N/A or not desired.

### General settings
enable_ansible_debug: false # set value to true for verbose output from Ansible
# format: "http://<jumphost_ip>:40001"
nsx_image_webserver: "http://192.168.110.11:40001"

### NSX general network settings
mgmt_portgroup: 'ESXi-RegionA01-vDS-COMP'
dns_server: 192.168.110.10
dns_domain: corp.local.io
ntp_servers: time.vmware.com
default_gateway: 192.168.110.1
netmask: 255.255.255.0

### NSX manager cluster configs
# Three node cluster is recommended. 1 is minimum, 3 is max
nsx_manager_ips: 192.168.110.33,192.168.110.34,192.168.110.35 # Manager IPs.
nsx_manager_username: admin
nsx_manager_password: Admin!23Admin
nsx_manager_hostname_prefix: "nsxt-mgr"   # Min 12 chars, upper, lower, number, special digit
nsx_manager_virtual_ip: 192.168.110.36    # [OPTIONAL] Virtual IP as the access IP for the manager cluster
# FQDN is required if virtual IP is configured
nsx_manager_cluster_fqdn: corp.local.io   # [OPTIONAL] FQDN for the manager, will be used to generate cert for VIP
nsx_license_key: 11111-22222-33333-44444-55555
nsx_manager_root_pwd: Admin!23Admin       # [OPTIONAL] Defaults to nsx_manager_password if not set
nsx_manager_cli_pwd: Admin!23Admin        # [OPTIONAL] Defaults to nsx_manager_password if not set
nsx_manager_deployment_size: small        # Recommended for real bare-bones demo, smallest setup
nsx_manager_deployment_ip_prefix_length: 23
nsx_manager_ssh_enabled: true
vcenter_ip: 192.168.110.22
vcenter_username: administrator@corp.local
vcenter_password: "VMware1!"
vcenter_datacenter: RegionA01
vcenter_cluster: RegionA01-MGMT
vcenter_datastore: iscsi
resource_reservation_off: true

# Compute manager credentials should be the same as above vCenter's if
# controllers and edges are to be on the same vCenter
compute_manager_username: "Administrator@vsphere.local"  # [OPTIONAL] Defaults to vcenter_username if not set
compute_manager_password: "VMware1!"                     # [OPTIONAL] Defaults to vcenter_password if not set
# compute manager for the compute cluster (2nd vCenter)
compute_manager_2_vcenter_ip: "null"     # [OPTIONAL]
compute_manager_2_username: "null"       # [OPTIONAL]
compute_manager_2_password: "null"       # [OPTIONAL]

edge_uplink_profile_vlan: 0 # For outbound uplink connection used by Edge, usually keep as 0
esxi_uplink_profile_vlan: 0 # For internal overlay connection used by ESXi hosts, usually transport VLAN ID

# Virtual Tunnel Endpoint network ip pool
vtep_ip_pool_cidr: 192.168.213.0/24
vtep_ip_pool_gateway: 192.168.213.1
vtep_ip_pool_start: 192.168.213.10
vtep_ip_pool_end: 192.168.213.200

# Tier 0 router
tier0_router_name: DefaultT0Router
tier0_uplink_port_ip: 192.168.100.4
tier0_uplink_port_subnet: 24
tier0_uplink_next_hop_ip: 192.168.100.1
tier0_uplink_port_ip_2: 192.168.100.5
tier0_ha_vip: 192.168.100.3

### Edge nodes
edge_ips: 192.168.110.37,192.168.110.38    # Comma separated based in number of required edges
edge_default_gateway: 192.168.110.1
edge_ip_prefix_length: 24
edge_hostname_prefix: nsx-t-edge
edge_transport_node_prefix: edge-transp-node
edge_cli_password: "VMware1!"
edge_root_password: "VMware1!"
edge_deployment_size: "large"     # Large recommended for PKS deployments
vc_datacenter_for_edge: RegionA01
vc_cluster_for_edge: RegionA01-MGMT
vc_datastore_for_edge: iscsi
vc_uplink_network_for_edge: "ESXi-RegionA01-vDS-COMP"
vc_overlay_network_for_edge: "VM-RegionA01-vDS-COMP"
vc_management_network_for_edge: "ESXi-RegionA01-vDS-COMP"

### ESX hosts
# Install NSX on vSphere clusters automatically
clusters_to_install_nsx: RegionA01-MGMT,RegionA01-K8s    # Comma separated
per_cluster_vlans: 0,0  # Comma separated, order of VLANs applied same as order of clusters

esx_ips: ""                      # [OPTIONAL] additional esx hosts, if any, to be individually installed
esx_os_version: "6.5.0"          # [OPTIONAL]
esx_root_password: "ca$hc0w"     # [OPTIONAL]
esx_hostname_prefix: "esx-host"  # [OPTIONAL]

esx_available_vmnic: "vmnic1" # comma separated physical NICs, applies to both cluster installation or ESXi installation

### [OPTIONAL] For all the configs below
nsx_t_t1router_logical_switches_spec: |
  t1_routers:
  # Add additional T1 Routers or collapse switches into same T1 Router as needed
  # Remove unneeded T1 routers
- name: T1-Router-PAS-Infra
    switches:
    - name: PAS-Infra
      logical_switch_gw: 192.168.10.1 # Last octet should be 1 rather than 0
      subnet_mask: 24

  - name: T1-Router-PAS-ERT
    switches:
    - name: PAS-ERT
      logical_switch_gw: 192.168.20.1 # Last octet should be 1 rather than 0
      subnet_mask: 24
    edge_cluster: true

  - name: T1-Router-PAS-Services
    switches:
    - name: PAS-Services
      logical_switch_gw: 192.168.30.1 # Last octet should be 1 rather than 0
      subnet_mask: 24


nsx_t_ha_switching_profile_spec: |
  ha_switching_profiles:
  - name: HASwitchingProfile


nsx_t_container_ip_block_spec: |
  container_ip_blocks:
  - name: PAS-container-ip-block
    cidr: 10.4.0.0/16


nsx_t_external_ip_pool_spec: |
  external_ip_pools:
  - name: snat-vip-pool-for-pas
    cidr: 10.208.40.0/24
    start: 10.208.40.10 # Should not include gateway
    end: 10.208.40.200  # Should not include gateway

  - name: tep-ip-pool2
    cidr: 192.168.220.0/24
    start: 192.168.220.10
    end: 192.168.220.200


# Specify NAT rules
nsx_t_nat_rules_spec: |
  nat_rules:
  # Sample entry for allowing inbound to PAS Ops manager
  - t0_router: DefaultT0Router
    nat_type: dnat
    destination_network: 10.208.40.2   # External IP address for PAS opsmanager
    translated_network: 192.168.10.2     # Internal IP of PAS Ops manager
    rule_priority: 1024                  # Higher priority

  # Sample entry for allowing outbound from PAS Ops Mgr to external
  - t0_router: DefaultT0Router
    nat_type: snat
    source_network: 192.168.10.2         # Internal IP of PAS opsmanager
    translated_network: 10.208.40.2      # External IP address for PAS opsmanager
    rule_priority: 1024                  # Higher priority

  # Sample entry for PAS Infra network SNAT
  - t0_router: DefaultT0Router
    nat_type: snat
    source_network: 192.168.10.0/24      # PAS Infra network cidr
    translated_network: 10.208.40.3      # SNAT External Address for PAS networks
    rule_priority: 8000                  # Lower priority

  # Sample entry for PAS ERT network SNAT
  - t0_router: DefaultT0Router
    nat_type: snat
    source_network: 192.168.20.0/24      # PAS ERT network cidr
    translated_network: 10.208.40.3      # SNAT External Address for PAS networks
    rule_priority: 8000                  # Lower priority

  # Sample entry for PAS Services network SNAT
  - t0_router: DefaultT0Router
    nat_type: snat
    source_network: 192.168.30.0/24      # PAS Services network cidr
    translated_network: 10.208.40.3      # SNAT External Address for PAS networks
    rule_priority: 8001                  # Lower priority


nsx_t_csr_request_spec: |
  csr_request:
    #common_name not required - would use nsx_t_manager_host_name
    org_name: Company            # EDIT
    org_unit: net-integ          # EDIT
    country: US                  # EDIT
    state: CA                    # EDIT
    city: SF                     # EDIT
    key_size: 2048               # Valid values: 2048 or 3072
    algorithm: RSA               # Valid values: RSA or DSA


nsx_t_lbr_spec: |
  loadbalancers:
  # Sample entry for creating LBR for PAS ERT
  - name: PAS-ERT-LBR
    t1_router: T1-Router-PAS-ERT # Should match a previously declared T1 Router
    size: small                  # Allowed sizes: small, medium, large
    virtual_servers:
    - name: goRouter443         # Name that signifies function being exposed
      vip: 10.208.40.4         # Exposed VIP for LBR to listen on
      port: 443
      members:
      - ip: 192.168.20.11       # Internal ip of GoRouter instance 1
        port: 80
      - ip: 192.168.20.12        # Internal ip of GoRouter instance 1
        port: 443
    - name: goRouter80
      vip: 10.208.40.4
      port: 80
      members:
      - ip: 192.168.20.11       # Internal ip of GoRouter instance 1
        port: 80
      - ip: 192.168.20.12       # Internal ip of GoRouter instance 2
        port: 80
    - name: sshProxy            # SSH Proxy exposed to outside
      vip: 10.208.40.5
      port: 2222                # Port 2222 for ssh proxy
      members:
      - ip: 192.168.20.41       # Internal ip of Diego Brain where ssh proxy runs
        port: 2222