-
Notifications
You must be signed in to change notification settings - Fork 19
/
config.yml
187 lines (172 loc) · 5.78 KB
/
config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
#
# This file is part of Cisco Modeling Labs
# Copyright (c) 2019-2024, Cisco Systems, Inc.
# All rights reserved.
#
# at this time, "aws" and "azure" are defined targets
# make sure that you ran the prepare.sh / prepare.bat script!
target: aws
aws:
region: us-east-1
availability_zone: us-east-1a
bucket: bucket-name-goes-here
# flavor: c5.2xlarge
flavor: m5zn.metal
flavor_compute: m5zn.metal
profile: permission-profile-goes-here
# when specifying a VPC ID below then this prefix must exist on that VPC!
public_vpc_ipv4_cidr: 10.0.0.0/16
enable_ebs_encryption: false
allowed_ipv4_subnets: ["0.0.0.0/0"]
# leave empty to create a custom VPC / Internet gateway, or provide the IDs
# of the VPC / gateway to use, they must exist and properly associated.
# also: an IPv6 CIDR prefix must be associated with the specified VPC
vpc_id: ""
gw_id: ""
spot_instances:
use_spot_for_controller: false
use_spot_for_computes: false
azure:
resource_group: resource-group-name
size: Standard_D4d_v4
size_compute: unused_at_the_moment
storage_account: storage-account-name
container_name: container-name
allowed_ipv4_subnets: ["*"]
common:
disk_size: 64
controller_hostname: cml-controller
key_name: ssh-key-name
enable_patty: true
cluster:
enable_cluster: false
# No longer used, see the secret manager section below
#secret: your-secret-password
allow_vms_on_controller: true
number_of_compute_nodes: 0
compute_hostname_prefix: cml-compute
compute_disk_size: 32
secret:
# At this time, 'vault', 'conjur' and 'dummy' are supported secrets managers.
# Make sure that you also run the prepare.sh / prepare.bat script, otherwise
# a 'raw_secret' will be used. If 'raw_secret' is not defined, a random
# password will be used.
# https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password
#manager: vault
#manager: conjur
manager: dummy
conjur:
vault:
# Only the v2 version of the key value secret engine is supported
# https://developer.hashicorp.com/vault/docs/secrets/kv/kv-v2
kv_secret_v2_mount: secret
# Set this to true to prevent the creation of ephemeral child token used by this provider.
skip_child_token: true
# These are the secrets that will be used by the CML instances. This key
# gets mapped to the main configuration under 'secrets'. The values are
# filled in by the secrets manager and are accessible using the 'secret'. For
# example, the 'app' password is accessed using 'secrets.app.secret'. The
# SmartLicense token is accessed using 'secrets.smartlicense_token.secret'.
secrets:
app:
username: admin
# Used with dummy secret manager. If unspecified, a random password will
# be generated. You need to escape special chars:
#raw_secret: '\"!@$%'
#raw_secret: your-secret-password
# Path to secret, used with both Vault and Conjur:
#path: example-org/example-project/admin_password
# Used with Vault only:
#field: secret
sys:
username: sysadmin
# Used with dummy secret manager. If unspecified, a random password will
# be generated.
#raw_secret: your-secret-password
# Path to secret, used with both Vault and Conjur:
#path: example-org/example-project/sysadmin_password
# Used with Vault only:
#field: secret
smartlicense_token:
# Only used with dummy secret manager
raw_secret: your-smart-licensing-token
# Path to secret, used with both Vault and Conjur:
#path: example-org/example-project/smartlicense_token
# Used with Vault only:
#field: token
cluster:
# Used with dummy secret manager. If unspecified, a random password will
# be generated.
#raw_secret: your-secret-password
# Path to secret, used with both Vault and Conjur:
#path: example-org/example-project/cluster_secret
# Used with Vault only:
#field: secret
app:
# **No longer used, see the secret manager section above**
#user: admin
#pass: your-secret-password
software: cml2-software-package-name.pkg
# The list must have at least ONE element, this is what the dummy is for in
# case 00- and 01- are commented out!
customize:
# - 00-patch_vmx.sh
- 99-dummy.sh
license:
flavor: CML_Enterprise
# **No longer used, see the secret manager section above**
#token: your-smart-licensing-token
# Unless you have additional node licenses available, leave this at zero
nodes: 0
# Select the reference platforms needed by un-/commenting them. The selected
# reference platforms will be copied from the specified cloud storage and must
# be available prior to starting an instance. Ensure that each definition has
# also a corresponding image! A smaller selection: less copying, faster bring-up
# time!
refplat:
definitions:
- alpine
# - alpine-trex
# - alpine-wanem
# - asav
# - cat8000v
# - cat9000v-q200
# - cat9000v-uadp
# - cat-sdwan-edge
# - cat-sdwan-controller
# - cat-sdwan-manager
# - cat-sdwan-validator
# - cat-sdwan-vedge
# - csr1000v
# - desktop
- iol-xe
- ioll2-xe
- iosv
- iosvl2
# - iosxrv9000
# - nxosv9000
- server
- ubuntu
images:
- alpine-3-19-1-base
# - alpine-3-19-1-trex
# - alpine-3-19-1-wanem
# - asav-9-20-2
# - cat8000v-17-13-01a
# - cat9000v-q200-17-12-01prd9
# - cat9000v-uadp-17-12-01prd9
# - cat-sdwan-edge-17-13-01a
# - cat-sdwan-controller-20-13-1
# - cat-sdwan-manager-20-13-1
# - cat-sdwan-validator-20-13-1
# - cat-sdwan-vedge-20-13-1
# - csr1000v-17-03-068a
# - desktop-3-19-1-xfce
- iol-xe-17-12-01
- ioll2-xe-17-12-01
- iosv-159-3-m8
- iosvl2-2020
# - iosxrv9000-7-11-1
# - nxosv9300-10-4-2-f
- server-tcl-14-1
- ubuntu-22-04-20240126