Allow additional and custom network configuration for vSphere

install-pcf/vsphere/params.yml

@@ -66,7 +66,7 @@ default_quota_memory_limit_mb: 10240
 
 # Deployment
 deployment_excluded_range: CHANGEME    # Deployment network exclusion range
-deployment_network_name: "DEPLOYMENT"
+deployment_network_name: "DEPLOYMENT"  # Leave empty to exclude from network config
 deployment_nw_azs: CHANGEME            # Comma separated list of AZ’s to be associated with this network
 deployment_nw_cidr: CHANGEME           # Deployment network CIDR, ex: 10.0.0.0/22
 deployment_nw_dns: CHANGEME            # Deployment network DNS
@@ -84,13 +84,13 @@ disable_http_proxy: false
 disable_insecure_cookies: false
 
 # Dynamic Services Network
-dynamic_services_excluded_range: CHANGEME      # Dynamic Services network exclusion range
-dynamic_services_network_name: "DYNAMIC-SERVICES"
-dynamic_services_nw_azs: CHANGEME              # Comma separated list of AZ’s to be associated with this network
-dynamic_services_nw_cidr: CHANGEME             # Dynamic Services network CIDR, ex: 10.0.0.0/22
-dynamic_services_nw_dns: CHANGEME              # Dynamic Services network DNS
-dynamic_services_nw_gateway: CHANGEME          # Dynamic Services network Gateway
-dynamic_services_vsphere_network: CHANGEME     # vCenter Dynamic Services network name
+dynamic_services_excluded_range: CHANGEME         # Dynamic Services network exclusion range
+dynamic_services_network_name: "DYNAMIC-SERVICES" # Leave empty to exclude from network config
+dynamic_services_nw_azs: CHANGEME                 # Comma separated list of AZ’s to be associated with this network
+dynamic_services_nw_cidr: CHANGEME                # Dynamic Services network CIDR, ex: 10.0.0.0/22
+dynamic_services_nw_dns: CHANGEME                 # Dynamic Services network DNS
+dynamic_services_nw_gateway: CHANGEME             # Dynamic Services network Gateway
+dynamic_services_vsphere_network: CHANGEME        # vCenter Dynamic Services network name
 
 # Whether to enable BOSH VM resurrector
 enable_vm_resurrector: true
@@ -114,6 +114,9 @@ ert_errands_to_disable:       # Comma-separated list of errand names to disable
 # PCF Elastic Runtime minor version to track
 ert_major_minor_version: 2\.[0-9\]+\.[0-9]+$
 
+# Network to use for elastic runtime
+ert_network_name: "DEPLOYMENT"
+
 # AZ to use for deployment of ERT Singleton jobs
 ert_singleton_job_az: CHANGEME
 
@@ -140,7 +143,7 @@ ignore_ssl_cert_verification: false
 
 # Infrastructure Configuration
 infra_excluded_range: CHANGEME         # Infrastructure network exclusion range
-infra_network_name: "INFRASTRUCTURE"
+infra_network_name: "INFRASTRUCTURE"   # Leave empty to exclude from network config
 infra_nw_azs: CHANGEME                 # Comma separated list of AZ’s to be associated with this network
 infra_nw_cidr: CHANGEME                # Infrastructure network CIDR, ex: 10.0.0.0/22
 infra_nw_dns: CHANGEME                 # Infrastructure network DNS
@@ -346,13 +349,35 @@ security_acknowledgement: CHANGEME
 
 # Services network
 services_excluded_range: CHANGEME      # Services network exclusion range
-services_network_name: "SERVICES"
+services_network_name: "SERVICES"      # Leave empty to exclude from network config
 services_nw_azs: CHANGEME              # Comma separated list of AZ’s to be associated with this network
 services_nw_cidr: CHANGEME             # Services network CIDR, ex: 10.0.0.0/22
 services_nw_dns: CHANGEME              # Services network DNS
 services_nw_gateway: CHANGEME          # Services network Gateway
 services_vsphere_network: CHANGEME     # vCenter Services network name
 
+director_network: INFRASTRUCTURE       # Network to deploy the director singleton instance
+director_availability_zone: CHANGEME   # Network AZ to deploy the director singleton instance
+
+# Additional network to configure as a json array, example:
+# [
+#   {
+#     "name": "custom_network",
+#     "service_network": false,
+#     "subnets": [
+#       {
+#         "iaas_identifier": "custom_vcenter_network_name",
+#         "cidr": "10.9.9.0/24",
+#         "reserved_ip_ranges": "10.9.9.0-10.9.9.100,10.9.9.200-10.9.9.255",
+#         "dns": "8.8.8.8,8.8.4.4",
+#         "gateway": "10.9.9.1",
+#         "availability_zones": [ "az1","az2" ]
+#       }
+#     ]
+#   }
+# ]
+custom_network_json:
+
 # If true, disable SSL certificate verification for this environment.
 skip_cert_verify: false
 

install-pcf/vsphere/pipeline.yml

@@ -127,6 +127,9 @@ jobs:
       DYNAMIC_SERVICES_NW_DNS: {{dynamic_services_nw_dns}}
       DYNAMIC_SERVICES_NW_GATEWAY: {{dynamic_services_nw_gateway}}
       DYNAMIC_SERVICES_NW_AZS: {{dynamic_services_nw_azs}}
+      DIRECTOR_NETWORK: {{director_network}}
+      DIRECTOR_AVAILABILITY_ZONE: {{director_availability_zone}}
+      CUSTOM_NETWORK_JSON: {{custom_network_json}}
       AZ_1: {{az_1_name}}
       AZ_1_CLUSTER_NAME: {{az_1_cluster_name}}
       AZ_1_RP_NAME: {{az_1_rp_name}}
@@ -235,7 +238,7 @@ jobs:
       OPS_MGR_PWD: {{opsman_admin_password}}
       ERT_SINGLETON_JOB_AZ: {{ert_singleton_job_az}}
       DEPLOYMENT_NW_AZS: {{deployment_nw_azs}}
-      NETWORK_NAME: {{deployment_network_name}}
+      NETWORK_NAME: {{ert_network_name}}
       ENABLE_SECURITY_EVENT_LOGGING: {{enable_security_event_logging}}
       SYSLOG_HOST: {{syslog_host}}
       SYSLOG_PORT: {{syslog_port}}

install-pcf/vsphere/tasks/config-opsdir/task.sh

@@ -67,38 +67,25 @@ EOF
 network_configuration=$(
   jq -n \
     --argjson icmp_checks_enabled $ICMP_CHECKS_ENABLED \
-    --arg infra_network_name "$INFRA_NETWORK_NAME" \
-    --arg infra_vcenter_network "$INFRA_VCENTER_NETWORK" \
-    --arg infra_network_cidr "$INFRA_NW_CIDR" \
-    --arg infra_reserved_ip_ranges "$INFRA_EXCLUDED_RANGE" \
-    --arg infra_dns "$INFRA_NW_DNS" \
-    --arg infra_gateway "$INFRA_NW_GATEWAY" \
-    --arg infra_availability_zones "$INFRA_NW_AZS" \
-    --arg deployment_network_name "$DEPLOYMENT_NETWORK_NAME" \
-    --arg deployment_vcenter_network "$DEPLOYMENT_VCENTER_NETWORK" \
-    --arg deployment_network_cidr "$DEPLOYMENT_NW_CIDR" \
-    --arg deployment_reserved_ip_ranges "$DEPLOYMENT_EXCLUDED_RANGE" \
-    --arg deployment_dns "$DEPLOYMENT_NW_DNS" \
-    --arg deployment_gateway "$DEPLOYMENT_NW_GATEWAY" \
-    --arg deployment_availability_zones "$DEPLOYMENT_NW_AZS" \
-    --arg services_network_name "$SERVICES_NETWORK_NAME" \
-    --arg services_vcenter_network "$SERVICES_VCENTER_NETWORK" \
-    --arg services_network_cidr "$SERVICES_NW_CIDR" \
-    --arg services_reserved_ip_ranges "$SERVICES_EXCLUDED_RANGE" \
-    --arg services_dns "$SERVICES_NW_DNS" \
-    --arg services_gateway "$SERVICES_NW_GATEWAY" \
-    --arg services_availability_zones "$SERVICES_NW_AZS" \
-    --arg dynamic_services_network_name "$DYNAMIC_SERVICES_NETWORK_NAME" \
-    --arg dynamic_services_vcenter_network "$DYNAMIC_SERVICES_VCENTER_NETWORK" \
-    --arg dynamic_services_network_cidr "$DYNAMIC_SERVICES_NW_CIDR" \
-    --arg dynamic_services_reserved_ip_ranges "$DYNAMIC_SERVICES_EXCLUDED_RANGE" \
-    --arg dynamic_services_dns "$DYNAMIC_SERVICES_NW_DNS" \
-    --arg dynamic_services_gateway "$DYNAMIC_SERVICES_NW_GATEWAY" \
-    --arg dynamic_services_availability_zones "$DYNAMIC_SERVICES_NW_AZS" \
     '
     {
       "icmp_checks_enabled": $icmp_checks_enabled,
-      "networks": [
+      "networks": []
+    }'
+)
+
+if [[ ! -z "$INFRA_NETWORK_NAME" ]]; then
+  network_configuration=$(
+    echo "$network_configuration" | jq \
+      --arg infra_network_name "$INFRA_NETWORK_NAME" \
+      --arg infra_vcenter_network "$INFRA_VCENTER_NETWORK" \
+      --arg infra_network_cidr "$INFRA_NW_CIDR" \
+      --arg infra_reserved_ip_ranges "$INFRA_EXCLUDED_RANGE" \
+      --arg infra_dns "$INFRA_NW_DNS" \
+      --arg infra_gateway "$INFRA_NW_GATEWAY" \
+      --arg infra_availability_zones "$INFRA_NW_AZS" \
+      '.networks +=
+      [
         {
           "name": $infra_network_name,
           "service_network": false,
@@ -112,7 +99,23 @@ network_configuration=$(
               "availability_zones": ($infra_availability_zones | split(","))
             }
           ]
-        },
+        }
+      ]'
+  )
+fi
+
+if [[ ! -z "$DEPLOYMENT_NETWORK_NAME" ]]; then
+  network_configuration=$(
+    echo "$network_configuration" | jq \
+      --arg deployment_network_name "$DEPLOYMENT_NETWORK_NAME" \
+      --arg deployment_vcenter_network "$DEPLOYMENT_VCENTER_NETWORK" \
+      --arg deployment_network_cidr "$DEPLOYMENT_NW_CIDR" \
+      --arg deployment_reserved_ip_ranges "$DEPLOYMENT_EXCLUDED_RANGE" \
+      --arg deployment_dns "$DEPLOYMENT_NW_DNS" \
+      --arg deployment_gateway "$DEPLOYMENT_NW_GATEWAY" \
+      --arg deployment_availability_zones "$DEPLOYMENT_NW_AZS" \
+      '.networks +=
+      [
         {
           "name": $deployment_network_name,
           "service_network": false,
@@ -126,7 +129,23 @@ network_configuration=$(
               "availability_zones": ($deployment_availability_zones | split(","))
             }
           ]
-        },
+        }
+      ]'
+  )
+fi
+
+if [[ ! -z "$SERVICES_NETWORK_NAME" ]]; then
+  network_configuration=$(
+    echo "$network_configuration" | jq \
+      --arg services_network_name "$SERVICES_NETWORK_NAME" \
+      --arg services_vcenter_network "$SERVICES_VCENTER_NETWORK" \
+      --arg services_network_cidr "$SERVICES_NW_CIDR" \
+      --arg services_reserved_ip_ranges "$SERVICES_EXCLUDED_RANGE" \
+      --arg services_dns "$SERVICES_NW_DNS" \
+      --arg services_gateway "$SERVICES_NW_GATEWAY" \
+      --arg services_availability_zones "$SERVICES_NW_AZS" \
+      '.networks +=
+      [
         {
           "name": $services_network_name,
           "service_network": false,
@@ -140,7 +159,23 @@ network_configuration=$(
               "availability_zones": ($services_availability_zones | split(","))
             }
           ]
-        },
+        }
+      ]'
+  )
+fi
+
+if [[ ! -z "$DYNAMIC_SERVICES_NETWORK_NAME" ]]; then
+  network_configuration=$(
+    echo "$network_configuration" | jq \
+      --arg dynamic_services_network_name "$DYNAMIC_SERVICES_NETWORK_NAME" \
+      --arg dynamic_services_vcenter_network "$DYNAMIC_SERVICES_VCENTER_NETWORK" \
+      --arg dynamic_services_network_cidr "$DYNAMIC_SERVICES_NW_CIDR" \
+      --arg dynamic_services_reserved_ip_ranges "$DYNAMIC_SERVICES_EXCLUDED_RANGE" \
+      --arg dynamic_services_dns "$DYNAMIC_SERVICES_NW_DNS" \
+      --arg dynamic_services_gateway "$DYNAMIC_SERVICES_NW_GATEWAY" \
+      --arg dynamic_services_availability_zones "$DYNAMIC_SERVICES_NW_AZS" \
+      '.networks +=
+      [
         {
           "name": $dynamic_services_network_name,
           "service_network": true,
@@ -155,9 +190,17 @@ network_configuration=$(
             }
           ]
         }
-      ]
-    }'
-)
+      ]'
+  )
+fi
+
+if [[ ! -z "$CUSTOM_NETWORK_JSON" ]]; then
+  network_configuration=$(
+    echo "$network_configuration" | jq -rc \
+      --argjson custom_network_json "$CUSTOM_NETWORK_JSON" \
+      '.networks += $custom_network_json'
+  )
+fi
 
 director_config=$(cat <<-EOF
 {
@@ -183,11 +226,11 @@ security_configuration=$(
 
 network_assignment=$(
 jq -n \
-  --arg infra_availability_zones "$INFRA_NW_AZS" \
-  --arg network "$INFRA_NETWORK_NAME" \
+  --arg singleton_availability_zone "$DIRECTOR_AVAILABILITY_ZONE" \
+  --arg network "$DIRECTOR_NETWORK" \
   '
   {
-    "singleton_availability_zone": ($infra_availability_zones | split(",") | .[0]),
+    "singleton_availability_zone": $singleton_availability_zone,
     "network": $network
   }'
 )

install-pcf/vsphere/tasks/config-opsdir/task.yml

@@ -49,6 +49,9 @@ params:
   DYNAMIC_SERVICES_NW_DNS:
   DYNAMIC_SERVICES_NW_GATEWAY:
   DYNAMIC_SERVICES_NW_AZS:
+  DIRECTOR_NETWORK:
+  DIRECTOR_AVAILABILITY_ZONE:
+  CUSTOM_NETWORK_JSON:
   AZ_1:
   AZ_1_CLUSTER_NAME:
   AZ_1_RP_NAME: