Node side network configuration

All customer network settings are stored in a configuration YAML file. This allows for automation and consistent results when values are changed. The following sections describe how to configure or change network settings using the YAML file.

Before you begin

The YAML file with network configuration details is stored in /opt/ibm/appliance/platform/apos-comms/customer_network_config/ansible. Each system is provided with a template to be filled in. There must be only one .yml file apart from the template in the /opt/ibm/appliance/platform/apos-comms/customer_network_config/ansible directory, otherwise you might face issues when configuring the network.

In the following sections, the YAML file is referred to as System_Name.yml.

The basic procedure to follow whenever you need to change any network settings is:
  1. Edit the YAML file.
  2. Run the Ansible playbooks.
However, some extra steps might be required as described in the following sections.

The following sections provide detailed information on each section in the YAML file. They also provide instructions for common tasks, and some examples of filled-in files.

The system will be up and ready while the YAML file is updated. You may encounter some time of inaccessibility while IPs, VLANs, etc are updated. You may also encounter some outages if you have not entered the information correctly in the YAML file. You can expect a 2 hour period of downtime on the system.

Note:
  1. If your system has Netezza Performance Server installed, you must run nzstop on the NPS containers before running the Ansible playbook in all of the cases.

    Run nzstart after you have validated the changes have been successfully updated.

    Do not run nzstart if you are changing custom_hostname for a Kerberos setup on Netezza Performance Server. There is a downtime during docker restart to reflect the newly changed custom_hostname inside the container.

  2. Before updating your YAML file, save a copy as <customer_config>.yml.backup for safe-keeping.
  3. When editing your System_Name.yml file, you must use spaces. Do not use Tab.
  4. It is not recommended to have Cisco MACsec enabled on ports facing Cloud Pak for Data System. It might interfere with the system configuration and block communication.

Required information

All of the address information in this section is required to complete Cloud Pak for Data System installation. These values are available in the site survey for IBM installation team. If this is incomplete, the installation will not result in a running, customer-ready system.

After the installation is complete, a customer is given a Welcome xls sheet that contains all the IP addresses, users and passwords. Refer to that document to find out the details of your system setup.

Values in the example code that should be replaced by customer values are in bold.

To determine the network prefix from a network mask, count the number of bits that are set in the network mask. For example, a network mask of 255.255.0.0 has 16 bits set, and 255.255.255.0 has 24 bits set.

  1. Collect node management IP addresses.
    • Collect the IP address and prefix for each node. The node addresses must be on the same network. The examples in this document use 169.255.10.11, 169.255.10.12, and 169.255.10.13. The network that is used in these examples is 169.255.10.0, and the prefix is 24.
    • Collect the IP address and prefix (or network mask) for the bare metal floating address that is used by the platform manager. This is a single address per system. The floating address must be on the same network as the node-specific addresses. The examples in this document use 169.255.10.14 as the floating address.
  2. Collect the upstream DNS IP addresses.

    The examples in this document use 169.255.128.11 as the IP address of the DNS. The DNS network that is used in these examples is 169.255.20.0, and the prefix is 17.

  3. Optional: Collect the names of the upstream Time servers.
    Note: Adding an upstream time source is optional and discouraged. Loss of connectivity with upstream time source will cause full system failure. The system is capable of keeping time in sync without the need for an upstream time source.

    These names are used in the time configuration, but the addresses are necessary for management routing configuration. Determine the IP addresses of the upstream Time servers. The Time server address, network, and prefix that are used in these examples are 169.255.21.10, 169.255.21.0, and 24, respectively.

  4. Collect the default gateway for the management network.

    The IP address of the default gateway that is used in these examples is 169.255.10.1.