Example YAML configurations

Following are example yml files for different network configurations.

Warning: These are fully populated templates. Do not attempt to use them on your system without modification. Using them without modification will disrupt all connections to the system and prevent any access.

Single switch, permissive VLAN

Link speed 10000
all:
  children:
    control_nodes:
      hosts:
        node1:
          custom_hostname: hqa4.gdl.mex.ibm.com
          management_network:
            network1:
              ip: 169.254.206.41
        node2:
          custom_hostname: hqa5.gdl.mex.ibm.com
          management_network:
            network1:
              ip: 169.254.206.42
        node3:
          custom_hostname: hqa6.gdl.mex.ibm.com
          management_network:
            network1:
              ip: 169.254.206.43
    switches:
      hosts:
        FabSw1a:
          # Run on the control rather than remotely
          ansible_host: localhost

          # Is there an external link here at all?
          external_connection_enabled: True
          # If the above is True the follow section is filled in
          external_connection_config:
            # First link config
            external_link1:
              # Ports to put in this link, a list of 'number', 'number'
              switch_ports: ['47', '48']

              # same config for all the values in switch_ports
              port_config:
                mtu: 9000
                link_speed: 10000

              # Which VLANs arriving on this port (and crossing the bridge)
              vlans: ['4080']

              # True means we only accept tagged packets from external source
              # False means we only accept untagged packets from external source
              strict_vlan: False

              # Name of this link
              name: h0

              # True indicates there is multiple links in this connection
              lacp_link: True

              # LACP Refresh rate. (Fast or Slow)
              lacp_rate: Fast

              # CLAG Id for this link, 0 for no clag
              clag_id: 0

              # This switch should have matching cfg (and the same clag_id)
              # Use False for links only on a single switch
              partner_switch: 'False'

  vars:
    app_fqdn: hqa3.gdl.mex.ibm.com
    #(pick from timedatectl list-timezones), default is EDT
    timezone: "America/New_York"
    #must begin with server or pool
    time_servers: ["<OPTIONAL>"]
    dns_servers: ["169.254.128.50", "169.254.130.50"]
    dns_search_strings: ["<OPTIONAL>"]
    smtp_servers: ["<OPTIONAL>"]
    management_network:
      network1:
        subnet: 169.254.206.0/24
        # just number, no slash
        prefix: 24
        gateway: 169.254.206.1
        floating_ip: 169.254.206.45
        mtu: <OPTIONAL>
        custom_routes: <OPTIONAL>
    application_network_enabled: True
    application_network:
      network1:
        default_gateway: true
        vlan: 4080
        # just number, no slash
        prefix: 24
        gateway: 169.254.203.1
        floating_ip: 169.254.203.15
        mtu: <OPTIONAL>
        custom_routes: <OPTIONAL>
Link speed 25000
all:
  children:
    control_nodes:
      hosts:
        node1:
          custom_hostname: hqa4.gdl.mex.ibm.com
          management_network:
            network1:
              ip: 169.254.206.41
        node2:
          custom_hostname: hqa5.gdl.mex.ibm.com
          management_network:
            network1:
              ip: 169.254.206.42
        node3:
          custom_hostname: hqa6.gdl.mex.ibm.com
          management_network:
            network1:
              ip: 169.254.206.43
    switches:
      hosts:
        FabSw1a:
          # Run on the control rather than remotely
          ansible_host: localhost

          # Is there an external link here at all?
          external_connection_enabled: True
          # If the above is True the follow section is filled in
          external_connection_config:
            # First link config
            external_link1:
              # Ports to put in this link, a list of 'number', 'number'
              switch_ports: ['47', '48']

              # same config for all the values in switch_ports
              port_config:
                mtu: 9000
                link_speed: 25000
                fec_mode: baser

              # Which VLANs arriving on this port (and crossing the bridge)
              vlans: ['4080']

              # True means we only accept tagged packets from external source
              # False means we only accept untagged packets from external source
              strict_vlan: False

              # Name of this link
              name: h0

              # True indicates there is multiple links in this connection
              lacp_link: True

              # LACP Refresh rate. (Fast or Slow)
              lacp_rate: Fast

              # CLAG Id for this link, 0 for no clag
              clag_id: 0

              # This switch should have matching cfg (and the same clag_id)
              # Use False for links only on a single switch
              partner_switch: 'False'

  vars:
    app_fqdn: hqa3.gdl.mex.ibm.com
    #(pick from timedatectl list-timezones), default is EDT
    timezone: "America/New_York"
    #must begin with server or pool
    time_servers: ["<OPTIONAL>"]
    dns_servers: ["169.254.128.50", "169.254.130.50"]
    dns_search_strings: ["<OPTIONAL>"]
    smtp_servers: ["<OPTIONAL>"]
    management_network:
      network1:
        subnet: 169.254.206.0/24
        # just number, no slash
        prefix: 24
        gateway: 169.254.206.1
        floating_ip: 169.254.206.45
        mtu: <OPTIONAL>
        custom_routes: <OPTIONAL>
    application_network_enabled: True
    application_network:
      network1:
        default_gateway: true
        vlan: 4080
        # just number, no slash
        prefix: 24
        gateway: 169.254.203.1
        floating_ip: 169.254.203.15
        mtu: <OPTIONAL>
        custom_routes: <OPTIONAL>

Single switch, strict VLAN

all:
  children:
    control_nodes:
      hosts:
        node1:
          custom_hostname: hqa4.gdl.mex.ibm.com
          management_network:
            network1:
              ip: 169.254.206.41
        node2:
          custom_hostname: hqa5.gdl.mex.ibm.com
          management_network:
            network1:
              ip: 169.254.206.42
        node3:
          custom_hostname: hqa6.gdl.mex.ibm.com
          management_network:
            network1:
              ip: 169.254.206.43
    switches:
      hosts:
        FabSw1a:
          # Run on the control rather than remotely
          ansible_host: localhost

          # Is there an external link here at all?
          external_connection_enabled: True
          # If the above is True the follow section is filled in
          external_connection_config:
            # First link config
            external_link1:
              # Ports to put in this link, a list of 'number', 'number'
              switch_ports: ['47', '48']

              # same config for all the values in switch_ports
              port_config:
                mtu: 9000
                link_speed: 10000

              # Which VLANs arriving on this port (and crossing the bridge)
              vlans: ['4080']

              # True means we only accept tagged packets from external source
              # False means we only accept untagged packets from external source
              strict_vlan: True

              # Name of this link
              name: h0

              # True indicates there is multiple links in this connection
              lacp_link: True

              # LACP Refresh rate. (Fast or Slow)
              lacp_rate: Fast

              # CLAG Id for this link, 0 for no clag
              clag_id: 0

              # This switch should have matching cfg (and the same clag_id)
              # Use False for links only on a single switch
              partner_switch: 'False'

  vars:
    app_fqdn: hqa3.gdl.mex.ibm.com
    #(pick from timedatectl list-timezones), default is EDT
    timezone: "America/New_York"
    #must begin with server or pool
    time_servers: ["<OPTIONAL>"]
    dns_servers: ["169.254.128.50", "169.254.130.50"]
    dns_search_strings: ["<OPTIONAL>"]
    smtp_servers: ["<OPTIONAL>"]
    management_network:
      network1:
        subnet: 169.254.206.0/24
        # just number, no slash
        prefix: 24
        gateway: 169.254.206.1
        floating_ip: 169.254.206.45
        mtu: <OPTIONAL>
        custom_routes: <OPTIONAL>
    application_network_enabled: True
    application_network:
      network1:
        default_gateway: true
        vlan: 4080
        # just number, no slash
        prefix: 24
        gateway: 169.254.203.1
        floating_ip: 169.254.203.15
        mtu: <OPTIONAL>
        custom_routes: <OPTIONAL>

Single switch, multi network

all:
  children:
    control_nodes:
      hosts:
        node1:
          custom_hostname: hqa4.gdl.mex.ibm.com
          management_network:
            network1:
              ip: 169.254.206.41
        node2:
          custom_hostname: hqa5.gdl.mex.ibm.com
          management_network:
            network1:
              ip: 169.254.206.42
        node3:
          custom_hostname: hqa6.gdl.mex.ibm.com
          management_network:
            network1:
              ip: 169.254.206.43
    switches:
      hosts:
        FabSw1a:
          # Run on the control rather than remotely
          ansible_host: localhost

          # Is there an external link here at all?
          external_connection_enabled: True
          # If the above is True the follow section is filled in
          external_connection_config:
            # First link config
            external_link1:
              # Ports to put in this link, a list of 'number', 'number'
              switch_ports: ['47', '48']

              # same config for all the values in switch_ports
              port_config:
                mtu: 9000
                link_speed: 10000

              # Which VLANs arriving on this port (and crossing the bridge)
              vlans: ['4080']

              # True means we only accept tagged packets from external source
              # False means we only accept untagged packets from external source
              strict_vlan: False

              # Name of this link
              name: h0

              # True indicates there is multiple links in this connection
              lacp_link: True

              # LACP Refresh rate. (Fast or Slow)
              lacp_rate: Fast

              # CLAG Id for this link, 0 for no clag
              clag_id: 0

              # This switch should have matching cfg (and the same clag_id)
              # Use False for links only on a single switch
              partner_switch: 'False'

            # Second link config
            external_link2:
              # Ports to put in this link, a list of 'number', 'number'
              switch_ports: ['45', '46']

              # same config for all the values in switch_ports
              port_config:
                mtu: 9000
                link_speed: 10000

              # Which VLANs arriving on this port (and crossing the bridge)
              vlans: ['4081']

              # True means we only accept tagged packets from external source
              # False means we only accept untagged packets from external source
              strict_vlan: False

              # Name of this link
              name: h1

              # True indicates there is multiple links in this connection
              lacp_link: True

              # LACP Refresh rate. (Fast or Slow)
              lacp_rate: Fast

              # CLAG Id for this link, 0 for no clag
              clag_id: 0

              # This switch should have matching cfg (and the same clag_id)
              # Use False for links only on a single switch
              partner_switch: 'False'

  vars:
    app_fqdn: hqa3.gdl.mex.ibm.com
    #(pick from timedatectl list-timezones), default is EDT
    timezone: "America/New_York"
    #must begin with server or pool
    time_servers: ["<OPTIONAL>"]
    dns_servers: ["169.254.128.50", "169.254.130.50"]
    dns_search_strings: ["<OPTIONAL>"]
    smtp_servers: ["<OPTIONAL>"]
    management_network:
      network1:
        subnet: 169.254.206.0/24
        # just number, no slash
        prefix: 24
        gateway: 169.254.206.1
        floating_ip: 169.254.206.45
        mtu: <OPTIONAL>
        custom_routes: <OPTIONAL>
    application_network_enabled: True
    application_network:
      network1:
        default_gateway: true
        vlan: 4080
        # just number, no slash
        prefix: 24
        gateway: 169.254.203.1
        floating_ip: 169.254.203.15
        mtu: <OPTIONAL>
        custom_routes: <OPTIONAL>

Single switch, single cable, multi VLAN

all:
  children:
    control_nodes:
      hosts:
        node1:
          custom_hostname: hqa4.gdl.mex.ibm.com
          management_network:
            network1:
              ip: 169.254.206.41
        node2:
          custom_hostname: hqa5.gdl.mex.ibm.com
          management_network:
            network1:
              ip: 169.254.206.42
        node3:
          custom_hostname: hqa6.gdl.mex.ibm.com
          management_network:
            network1:
              ip: 169.254.206.43
    switches:
      hosts:
        FabSw1a:
          # Run on the control rather than remotely
          ansible_host: localhost

          # Is there an external link here at all?
          external_connection_enabled: True
          # If the above is True the follow section is filled in
          external_connection_config:
            # First link config
            external_link1:
              # Ports to put in this link, a list of 'number', 'number'
              switch_ports: ['48']

              # same config for all the values in switch_ports
              port_config:
                mtu: 9000
                link_speed: 10000

              # Which VLANs arriving on this port (and crossing the bridge)
              vlans: ['4080', '4081']

              # True means we only accept tagged packets from external source
              # False means we only accept untagged packets from external source
              strict_vlan: False

              # Name of this link
              name: h0

              # True indicates there is multiple links in this connection
              lacp_link: False

              # LACP Refresh rate. (Fast or Slow)
              lacp_rate: Fast

              # CLAG Id for this link, 0 for no clag
              clag_id: 0

              # This switch should have matching cfg (and the same clag_id)
              # Use False for links only on a single switch
              partner_switch: 'False'

  vars:
    app_fqdn: hqa3.gdl.mex.ibm.com
    #(pick from timedatectl list-timezones), default is EDT
    timezone: "America/New_York"
    #must begin with server or pool
    time_servers: ["<OPTIONAL>"]
    dns_servers: ["169.254.128.50", "169.254.130.50"]
    dns_search_strings: ["<OPTIONAL>"]
    smtp_servers: ["<OPTIONAL>"]
    management_network:
      network1:
        subnet: 169.254.206.0/24
        # just number, no slash
        prefix: 24
        gateway: 169.254.206.1
        floating_ip: 169.254.206.45
        mtu: <OPTIONAL>
        custom_routes: <OPTIONAL>
    application_network_enabled: True
    application_network:
      network1:
        default_gateway: true
        vlan: 4080
        # just number, no slash
        prefix: 24
        gateway: 169.254.203.1
        floating_ip: 169.254.203.15
        mtu: <OPTIONAL>
        custom_routes: <OPTIONAL>

HA switch, permissive VLAN

all:
  children:
    control_nodes:
      hosts:
        node1:
          custom_hostname: hqa4.gdl.mex.ibm.com
          management_network:
            network1:
              ip: 169.254.206.41
        node2:
          custom_hostname: hqa5.gdl.mex.ibm.com
          management_network:
            network1:
              ip: 169.254.206.42
        node3:
          custom_hostname: hqa6.gdl.mex.ibm.com
          management_network:
            network1:
              ip: 169.254.206.43
    switches:
      hosts:
        FabSw1a:
          # Run on the control rather than remotely
          ansible_host: localhost

          # Is there an external link here at all?
          external_connection_enabled: True
          # If the above is True the follow section is filled in
          external_connection_config:
            # First link config
            external_link1:
              # Ports to put in this link, a list of 'number', 'number'
              switch_ports: ['47', '48']

              # same config for all the values in switch_ports
              port_config:
                mtu: 9000
                link_speed: 10000

              # Which VLANs arriving on this port (and crossing the bridge)
              vlans: ['4080']

              # True means we only accept tagged packets from external source
              # False means we only accept untagged packets from external source
              strict_vlan: False

              # Name of this link
              name: h0

              # True indicates there is multiple links in this connection
              lacp_link: True

              # LACP Refresh rate. (Fast or Slow)
              lacp_rate: Fast

              # CLAG Id for this link, 0 for no clag
              clag_id: 100

              # This switch should have matching cfg (and the same clag_id)
              # Use False for links only on a single switch
              partner_switch: 'FabSw1b'

  vars:
    app_fqdn: hqa3.gdl.mex.ibm.com
    #(pick from timedatectl list-timezones), default is EDT
    timezone: "America/New_York"
    #must begin with server or pool
    time_servers: ["<OPTIONAL>"]
    dns_servers: ["169.254.128.50", "169.254.130.50"]
    dns_search_strings: ["<OPTIONAL>"]
    smtp_servers: ["<OPTIONAL>"]
    management_network:
      network1:
        subnet: 169.254.206.0/24
        # just number, no slash
        prefix: 24
        gateway: 169.254.206.1
        floating_ip: 169.254.206.45
        mtu: <OPTIONAL>
        custom_routes: <OPTIONAL>
    application_network_enabled: True
    application_network:
      network1:
        default_gateway: true
        vlan: 4080
        # just number, no slash
        prefix: 24
        gateway: 169.254.203.1
        floating_ip: 169.254.203.15
        mtu: <OPTIONAL>
        custom_routes: <OPTIONAL>

HA switch, strict VLAN

all:
  children:
    control_nodes:
      hosts:
        node1:
          custom_hostname: hqa4.gdl.mex.ibm.com
          management_network:
            network1:
              ip: 169.254.206.41
        node2:
          custom_hostname: hqa5.gdl.mex.ibm.com
          management_network:
            network1:
              ip: 169.254.206.42
        node3:
          custom_hostname: hqa6.gdl.mex.ibm.com
          management_network:
            network1:
              ip: 169.254.206.43
    switches:
      hosts:
        FabSw1a:
          # Run on the control rather than remotely
          ansible_host: localhost

          # Is there an external link here at all?
          external_connection_enabled: True
          # If the above is True the follow section is filled in
          external_connection_config:
            # First link config
            external_link1:
              # Ports to put in this link, a list of 'number', 'number'
              switch_ports: ['47', '48']

              # same config for all the values in switch_ports
              port_config:
                mtu: 9000
                link_speed: 10000

              # Which VLANs arriving on this port (and crossing the bridge)
              vlans: ['4080']

              # True means we only accept tagged packets from external source
              # False means we only accept untagged packets from external source
              strict_vlan: True

              # Name of this link
              name: h0

              # True indicates there is multiple links in this connection
              lacp_link: True

              # LACP Refresh rate. (Fast or Slow)
              lacp_rate: Fast

              # CLAG Id for this link, 0 for no clag
              clag_id: 100

              # This switch should have matching cfg (and the same clag_id)
              # Use False for links only on a single switch
              partner_switch: 'FabSw1b'

  vars:
    app_fqdn: hqa3.gdl.mex.ibm.com
    #(pick from timedatectl list-timezones), default is EDT
    timezone: "America/New_York"
    #must begin with server or pool
    time_servers: ["<OPTIONAL>"]
    dns_servers: ["169.254.128.50", "169.254.130.50"]
    dns_search_strings: ["<OPTIONAL>"]
    smtp_servers: ["<OPTIONAL>"]
    management_network:
      network1:
        subnet: 169.254.206.0/24
        # just number, no slash
        prefix: 24
        gateway: 169.254.206.1
        floating_ip: 169.254.206.45
        mtu: <OPTIONAL>
        custom_routes: <OPTIONAL>
    application_network_enabled: True
    application_network:
      network1:
        default_gateway: true
        vlan: 4080
        # just number, no slash
        prefix: 24
        gateway: 169.254.203.1
        floating_ip: 169.254.203.15
        mtu: <OPTIONAL>
        custom_routes: <OPTIONAL>

HA switch, multi network

all:
  children:
    control_nodes:
      hosts:
        node1:
          custom_hostname: hqa4.gdl.mex.ibm.com
          management_network:
            network1:
              ip: 169.254.206.41
        node2:
          custom_hostname: hqa5.gdl.mex.ibm.com
          management_network:
            network1:
              ip: 169.254.206.42
        node3:
          custom_hostname: hqa6.gdl.mex.ibm.com
          management_network:
            network1:
              ip: 169.254.206.43
    switches:
      hosts:
        FabSw1a:
          # Run on the control rather than remotely
          ansible_host: localhost

          # Is there an external link here at all?
          external_connection_enabled: True
          # If the above is True the follow section is filled in
          external_connection_config:
            # First link config
            external_link1:
              # Ports to put in this link, a list of 'number', 'number'
              switch_ports: ['47', '48']

              # same config for all the values in switch_ports
              port_config:
                mtu: 9000
                link_speed: 10000

              # Which VLANs arriving on this port (and crossing the bridge)
              vlans: ['4080']

              # True means we only accept tagged packets from external source
              # False means we only accept untagged packets from external source
              strict_vlan: False

              # Name of this link
              name: h0

              # True indicates there is multiple links in this connection
              lacp_link: True

              # LACP Refresh rate. (Fast or Slow)
              lacp_rate: Fast

              # CLAG Id for this link, 0 for no clag
              clag_id: 100

              # This switch should have matching cfg (and the same clag_id)
              # Use False for links only on a single switch
              partner_switch: 'FabSw1b'

            # Second link config
            external_link2:
              # Ports to put in this link, a list of 'number', 'number'
              switch_ports: ['45', '46']

              # same config for all the values in switch_ports
              port_config:
                mtu: 9000
                link_speed: 10000

              # Which VLANs arriving on this port (and crossing the bridge)
              vlans: ['4081']

              # True means we only accept tagged packets from external source
              # False means we only accept untagged packets from external source
              strict_vlan: False

              # Name of this link
              name: h1

              # True indicates there is multiple links in this connection
              lacp_link: True

              # LACP Refresh rate. (Fast or Slow)
              lacp_rate: Fast

              # CLAG Id for this link, 0 for no clag
              clag_id: 101

              # This switch should have matching cfg (and the same clag_id)
              # Use False for links only on a single switch
              partner_switch: 'FabSw1b'

  vars:
    app_fqdn: hqa3.gdl.mex.ibm.com
    #(pick from timedatectl list-timezones), default is EDT
    timezone: "America/New_York"
    #must begin with server or pool
    time_servers: ["<OPTIONAL>"]
    dns_servers: ["169.254.128.50", "169.254.130.50"]
    dns_search_strings: ["<OPTIONAL>"]
    smtp_servers: ["<OPTIONAL>"]
    management_network:
      network1:
        subnet: 169.254.206.0/24
        # just number, no slash
        prefix: 24
        gateway: 169.254.206.1
        floating_ip: 169.254.206.45
        mtu: <OPTIONAL>
        custom_routes: <OPTIONAL>
    application_network_enabled: True
    application_network:
      network1:
        default_gateway: true
        vlan: 4080
        # just number, no slash
        prefix: 24
        gateway: 169.254.203.1
        floating_ip: 169.254.203.15
        mtu: <OPTIONAL>
        custom_routes: <OPTIONAL>

HA switch, single cable, multi VLAN

all:
  children:
    control_nodes:
      hosts:
        node1:
          custom_hostname: hqa4.gdl.mex.ibm.com
          management_network:
            network1:
              ip: 169.254.206.41
        node2:
          custom_hostname: hqa5.gdl.mex.ibm.com
          management_network:
            network1:
              ip: 169.254.206.42
        node3:
          custom_hostname: hqa6.gdl.mex.ibm.com
          management_network:
            network1:
              ip: 169.254.206.43
    switches:
      hosts:
        FabSw1a:
          # Run on the control rather than remotely
          ansible_host: localhost

          # Is there an external link here at all?
          external_connection_enabled: True
          # If the above is True the follow section is filled in
          external_connection_config:
            # First link config
            external_link1:
              # Ports to put in this link, a list of 'number', 'number'
              switch_ports: ['48']

              # same config for all the values in switch_ports
              port_config:
                mtu: 9000
                link_speed: 10000

              # Which VLANs arriving on this port (and crossing the bridge)
              vlans: ['4080', '4081']

              # True means we only accept tagged packets from external source
              # False means we only accept untagged packets from external source
              strict_vlan: False

              # Name of this link
              name: h0

              # True indicates there is multiple links in this connection
              lacp_link: False

              # LACP Refresh rate. (Fast or Slow)
              lacp_rate: Fast

              # CLAG Id for this link, 0 for no clag
              clag_id: 100

              # This switch should have matching cfg (and the same clag_id)
              # Use False for links only on a single switch
              partner_switch: 'FabSw1b'

  vars:
    app_fqdn: hqa3.gdl.mex.ibm.com
    #(pick from timedatectl list-timezones), default is EDT
    timezone: "America/New_York"
    #must begin with server or pool
    time_servers: ["<OPTIONAL>"]
    dns_servers: ["169.254.128.50", "169.254.130.50"]
    dns_search_strings: ["<OPTIONAL>"]
    smtp_servers: ["<OPTIONAL>"]
    management_network:
      network1:
        subnet: 169.254.206.0/24
        # just number, no slash
        prefix: 24
        gateway: 169.254.206.1
        floating_ip: 169.254.206.45
        mtu: <OPTIONAL>
        custom_routes: <OPTIONAL>
    application_network_enabled: True
    application_network:
      network1:
        default_gateway: true
        vlan: 4080
        # just number, no slash
        prefix: 24
        gateway: 169.254.203.1
        floating_ip: 169.254.203.15
        mtu: <OPTIONAL>
        custom_routes: <OPTIONAL>