Preparing the configuration file

Specify the Kaspersky SD-WAN deployment settings in the YAML configuration file on the administrator device. The path to the configuration file must be specified when deploying the solution. You can use example configuration files for typical deployment scenarios in the inventory/external/pnf and inventory/external/vnf directories of the installation archive.

The configuration file consists of two main sections:

The nodes section specifies virtual machines or physical servers for deploying Kaspersky SD-WAN components. When deploying the solution to virtual machines or physical servers, iptables rules for interaction between solution components are automatically generated.
The external section specifies Kaspersky SD-WAN deployment settings.

We do not recommend changing the default settings.

The nodes section has the following structure:

Section/setting			Description

`node_<number of virtual machine or physical server>`			Deployment settings of virtual machine or physical server.
	`ip`		IP address of the virtual machine or physical server. Enter a value in the `XXX.XXX.XXX.XXX` format, for example: `192.168.110.126`
	`vip`		Virtual IP address of the virtual machine or physical server. Enter a value in the `XXX.XXX.XXX.XXX` format, for example: `192.168.110.126` This setting must be specified for all virtual machines or physical servers on which you plan to use virtual IP addresses.
	`knaas_aio_int`		Settings for connecting Docker containers of Kaspersky SD-WAN components to the local virtual network of the virtual machine or physical server.
		`base`	The first three octets of the local virtual network IP address. Default value: `10.11.11`. Enter a value in the `XXX.XXX.XXX` format, for example: `192.168.110` You can change the first three octets of the default IP address if they overlap with your address space.
		`mode`	Operating mode of the local virtual network. Possible values: `bridge` means a Linux bridge is created on the virtual machine or physical server. Docker containers connect to the Linux bridge over an L3 network using NAT and iptables. `vlan` means Docker containers connect to the interface of the virtual machine or physical server over an L2 network using the macvlan driver. We recommend choosing this option only when using a trusted L2 network, because in this case no firewall is used on the virtual machine or physical server.
		`iface`	Name of the virtual machine or physical server interface for connecting Docker containers over the L2 network, for example: `enp6s0` This parameter must be specified if for `mode`, you chose `vlan`.
		`vlan`	VLAN tag of the L2 network. Enter a value in the range of 1 to 4095. If you do not want to use a VLAN tag, enter `0`. This parameter must be specified if for `mode`, you chose `vlan`.
	`knaas_os_man`		Settings for connecting Docker containers of Kaspersky SD-WAN components to the management virtual network or physical server of the virtual machine.
		`base`	The first three octets of the management virtual network IP address. Default value: `10.11.11`. Enter a value in the `XXX.XXX.XXX` format, for example: `192.168.110` You can change the first three octets of the default IP address if they overlap with your address space.
		`mode`	Operating mode of the management virtual network. Possible values: `bridge` means a Linux bridge is created on the virtual machine or physical server. Docker containers connect to the Linux bridge over an L3 network using NAT and iptables. `vlan` means Docker containers connect to the interface of the virtual machine or physical server over an L2 network using the macvlan driver. We recommend choosing this option only when using a trusted L2 network, because in this case no firewall is used on the virtual machine or physical server.
		`iface`	Name of the virtual machine or physical server interface for connecting Docker containers over the L2 network, for example: `enp6s0` This parameter must be specified if for `mode`, you chose `vlan`.
		`vlan`	VLAN tag of the L2 network. Enter a value in the range of 1 to 4095. If you do not want to use a VLAN tag, enter `0`. This parameter must be specified if for `mode`, you chose `vlan`.

The external section has the following structure:


Section/setting				Description
`vault_passwords_dirname`				Path to the /passwords directory on the administrator device with manually generated passwords. If you do not generate passwords manually, they are automatically generated during solution deployment and placed in the /passwords directory of the extracted installation archive on the administrator device.
`ansible_user`				Name of the user account on the administrator device and on virtual machines or physical servers for running playbooks during solution deployment.
`ssl`				Settings of SSL certificates of Kaspersky SD-WAN components.
	`san_list`			Information that is added to SSL certificates.
		`ip`		IP addresses that are added to SSL certificates. Specify a list of values in the `XXX.XXX.XXX.XXX` format, for example: `ip` `- 192.168.2.0` `- 192.168.2.1`
		`dns`		Domain names that are added to SSL certificates. Specify a list of values, for example: `dns:` `- sdwan.kaspersky.com` `- kaspersky.sdwan.com`
	`path_local`			Path to the directory on the administrator device that contains manually generated SSL certificates. If you do not generate SSL certificates manually, they are automatically generated during solution deployment and placed in the /ssl directory of the extracted installation archive on the administrator device.
	`path_remote`			Path to the directory on the virtual machines or physical servers that contains manually generated SSL certificates. If you do not generate SSL certificates manually, they are automatically generated during solution deployment and placed in the /ssl directory on virtual machines or physical servers.
`syslog`				Syslog server settings.
	`docker_memory_limit`			Amount of RAM in megabytes for Docker containers of the Syslog server.
	`max_log_size`			Amount of RAM in gigabytes for the Syslog server logs.
	`state`			Deploying a Syslog server on virtual machines or physical servers. Possible values: `enabled` `disabled`
`zabbix`				Settings of the Zabbix monitoring system. For details, please refer to the official documentation of the Zabbix solution.
	`syslog_server_address`			Web address of the Syslog server to which Docker containers of the Zabbix monitoring system send logs. Enter a value in the `<protocol>://<IP address>:<port number>` format, for example: `udp://192.168.2.15:1514` You can specify Syslog server settings in the `syslog` section.
	`db_docker_memory_limit`			Amount of RAM in megabytes for Docker containers of the Zabbix monitoring system database.
	`srv_docker_memory_limit`			Amount of RAM in megabytes for Docker containers of the Zabbix server.
	`www_docker_memory_limit`			Amount of RAM in megabytes for Docker containers of the Zabbix monitoring system front end.
	`proxy_docker_memory_limit`			Amount of RAM in megabytes for Docker containers of the Zabbix proxy server.
	`cachesize`			Amount of RAM in gigabytes for the Zabbix monitoring system cache. Enter a value in the `<gigabytes>G` format, for example: `8G`
	`zabbix_<1‑3>`			Deployment settings of Zabbix monitoring system nodes. You can deploy one Zabbix monitoring system node without high availability or three nodes with high availability.
		`ansible_host`		IP address of the virtual machine or physical server from the `nodes` section for deploying the Zabbix monitoring system. Possible values: Value in the `XXX.XXX.XXX.XXX` format, for example: `192.168.110.126` Ansible variable, for example: `{{ nodes.node_1.ip }}`
		`db`		Deployment settings of the Zabbix monitoring system database.
			`inventory_hostname`	Host name of the Zabbix monitoring system database. Default value: `zabbix-db-<1‑3>`.
			`state`	Deployment of the database of the Zabbix monitoring system on a virtual machine or physical server. Possible values: `enabled` `disabled`.
		`srv`		Deployment settings of the Zabbix server. When deploying three nodes of the Zabbix monitoring system, you only need to specify these settings for two of the nodes.
			`inventory_hostname`	Host name of the Zabbix server. Default value: `zabbix-srv-<1‑3>`.
			`state`	Deploying the Zabbix server on a virtual machine or physical server. Possible values: `enabled` `disabled`.
		`www`		Deployment settings of the frontend part of the Zabbix monitoring system. When deploying three nodes of the Zabbix monitoring system, you only need to specify these settings for two of the nodes.
			`inventory_hostname`	Host name of the frontend part of the Zabbix monitoring system. Default value: `zabbix-www-<1‑3>`.
			`state`	Deployment of the frontend part of the Zabbix monitoring system on a virtual machine or physical server. Possible values: `enabled` `disabled`.
		`proxy`		Deployment settings of the Zabbix proxy server. When deploying three nodes of the Zabbix monitoring system, you only need to specify these settings for two of the nodes.
			`inventory_hostname`	Host name of the Zabbix proxy server. Default value: `zabbix-proxy-<1–3>`.
			`state`	Deploying the Zabbix proxy server on a virtual machine or physical server. Possible values: `enabled` `disabled`.
`mongo`				MongoDB database settings. For details, please refer to the official documentation of the MongoDB database.
	`syslog_server_address`			Web address of the Syslog server to which Docker containers of the MongoDB database send logs. Enter a value in the `<protocol>://<IP address>:<port number>` format, for example: `udp://192.168.2.15:1514` You can specify Syslog server settings in the `syslog` section.
	`docker_memory_limit`			Amount of RAM in megabytes for Docker containers of the MongoDB database.
	`mongo_<1‑3>`			Deployment settings of MongoDB database nodes. You can deploy one MongoDB database node without high availability or three nodes with high availability. If you deploy three MongoDB database nodes, the last node becomes the arbiter node.
		`inventory_hostname`		Host name of the MongoDB database. Default value: `mongo-<1‑3>`
		`state`		Deploying the MongoDB database on a virtual machine or physical server. Possible values: `enabled` `disabled`.
		`ansible_host`		IP address of the virtual machine or physical server from the `nodes` section for deploying the MongoDB database. Possible values: Value in the `XXX.XXX.XXX.XXX` format, for example: `192.168.110.126` Ansible variable, for example: `{{ nodes.node_1.ip }}`
`redis`				Redis database settings. For details, please refer to the official documentation of the Redis database.
	`syslog_server_address`			Web address of the Syslog server to which Docker containers of the Redis database send logs. Enter a value in the `<protocol>://<IP address>:<port number>` format, for example: `udp://192.168.2.15:1514` You can specify Syslog server settings in the `syslog` section.
	`docker_memory_limit`			Amount of RAM in megabytes for Docker containers of the Redis database.
	`redis_<1–3>m`			Deployment settings for nodes of the Redis replica server. You can deploy one Redis replica server node without high availability or three nodes with high availability.
		`inventory_hostname`		Host name of the Redis replica server. Default value: `redis-<1–3>m`.
		`state`		Deploying the Redis replica server on a virtual machine or physical server. Possible values: `enabled` `disabled`.
		`ansible_host`		IP address of the virtual machine or physical server from the `nodes` section for deploying the Redis replica server. Possible values: Value in the `XXX.XXX.XXX.XXX` format, for example: `192.168.110.126` Ansible variable, for example: `{{ nodes.node_1.ip }}`
	`redis_<1–3>s`			Deployment settings of Redis Sentinel system nodes. If you are deploying three Redis replica server nodes with high availability, you also need to deploy three nodes of the Redis Sentinel system.
		`inventory_hostname`		Host name of the Redis Sentinel system. Default value: `redis-<1–3>s`.
		`state`		Deploying the Redis Sentinel system on a virtual machine or physical server. Possible values: `enabled` `disabled`.
		`ansible_host`		IP address of the virtual machine or physical server from the `nodes` section for deploying the Redis Sentinel system. Possible values: Value in the `XXX.XXX.XXX.XXX` format, for example: `192.168.110.126` Ansible variable, for example: `{{ nodes.node_1.ip }}`
`ctl`				Deployment settings of the controller. To deploy an SD-WAN instance for a tenant, you need to deploy the controller as a physical network function.
	`tenants`			Settings for tenants for which you are deploying SD-WAN instances.
	`- name`			Name of the tenant.
		`state`		Creating a tenant and deploying the controller on a virtual machine or physical server. Possible values: `enabled` `disabled`.
		`ctl_base`		The first three octets of the IP address of the controller's virtual network. Enter a value in the `XXX.XXX.XXX` format, for example: `192.168.110` When deploying a Kaspersky SD-WAN testbed in accordance with the all-in-one deployment scenario, the value of this setting may be the same as the value of the `base` setting in the `nodes` section.
		`mock_base`		The first three octets of the IP address of the controller's management virtual network. Enter a value in the `XXX.XXX.XXX` format, for example: `192.168.110`
		`hosts`		Deployment settings of the controller. You can deploy one controller node without high availability, or alternatively, three or five nodes with high availability. If you deploy three or five controller nodes, the last node becomes the arbiter node.
		`- inventory_hostname`		Host name of the controller node. Default value: `ctl-<1–5>`.
			`ansible_host`	IP address of the virtual machine or physical server from the `nodes` section for deploying the controller node. Possible values: Value in the `XXX.XXX.XXX.XXX` format, for example: `192.168.110.126` Ansible variable, for example: `{{ nodes.node_1.ip }}`
		`docker_memory_limit`		Amount of RAM in megabytes for Docker containers of the controller.
		`JAVA_OPTS`		RAM settings of the Java virtual machine.
			`Xms`	The minimum amount of heap memory that the Java VM can allocate to the controller. Enter a value in one of the following formats: `<amount of RAM>m` is the amount of RAM in megabytes, for example: `512m` `<amount of RAM>g` is the amount of RAM in gigabytes, for example: `2g` We recommend specifying a value half as large as the `Xmx` setting.
			`Xmx`	The maximum amount of heap memory that the Java VM can allocate to the controller. Enter a value in one of the following formats: `<amount of RAM>m` is the amount of RAM in megabytes, for example: `512m` `<amount of RAM>g` is the amount of RAM in gigabytes, for example: `4g` We recommend specifying a value half as large as the `docker_memory_limit` setting.
			`MaxDirectMemorySize`	The maximum amount of direct memory that the Java VM can allocate to the controller. Enter a value in one of the following formats: `<amount of RAM>m` is the amount of RAM in megabytes, for example: `512m` `<amount of RAM>g` is the amount of RAM in gigabytes, for example: `4g` We recommend specifying a value half as large as the `docker_memory_limit` setting.
	`syslog_server_address`			Web address of the Syslog server to which Docker containers of the controller send logs. Enter a value in the `<protocol>://<IP address>:<port number>` format, for example: `udp://192.168.2.15:1514` You can specify Syslog server settings in the `syslog` section.
`www`				Settings of the frontend part of the solution.
	`syslog_server_address`			Web address of the Syslog server to which Docker containers of the frontend part of the solution send logs. Enter a value in the `<protocol>://<IP address>:<port number>` format, for example: `udp://192.168.2.15:1514` You can specify Syslog server settings in the `syslog` section.
	`docker_memory_limit`			Amount of RAM in megabytes for Docker containers of the frontend part of the solution.
	`oem`			Display settings of the graphics of the orchestrator web interface This section lets you change the graphics of the orchestrator web interface.
		`state`		Replacing the default graphics of the orchestrator web interface Possible values: `enabled` `disabled`.
		`path_local`		Path to the directory on the administrator device with the graphics of the orchestrator web interface. You can find the default graphics of the orchestrator web interface in the /oem directory of the extracted installation archive on the administrator device.
		`path_remote`		Path to the directory on virtual machines or physical servers with the graphics of the orchestrator web interface.
		`title`		The title that is displayed in the background when logging into the orchestrator web interface. Default value: `Kaspersky SD-WAN`. Recommended length: no more than 128 characters.
		`support`		The web address that is displayed at the lower part of the orchestrator web interface. Default value: `support.kaspersky.com`. Recommended length: no more than 128 characters.
		`assets`		The default graphics for the orchestrator web interface are replaced with the ones that you placed in this directory on the administrator device. Possible values: `enabled` `disabled` In the `path_local` parameter, specify the directory on the administrator device that contains the orchestrator web interface graphics.
	`www_<1‑2>`			Deployment settings of nodes of the frontend part of the solution. You can deploy one node of the frontend part of the solution without high availability or two nodes with high availability.
		`inventory_hostname`		Host name of the frontend part of the solution. Default value: `www-<1‑2>`.
		`state`		Deployment of the frontend part of the solution on a virtual machine or physical server. Possible values: `enabled` `disabled`.
		`ansible_host`		IP address of the virtual machine or physical server from the `nodes` section for deploying the frontend part of the solution. Possible values: Value in the `XXX.XXX.XXX.XXX` format, for example: `192.168.110.126` Ansible variable, for example: `{{ nodes.node_1.ip }}`
`orc`				Orchestrator settings.
	`syslog_server_address`			Web address of the Syslog server to which Docker containers of the orchestrator send logs. Enter a value in the `<protocol>://<IP address>:<port number>` format, for example: `udp://192.168.2.15:1514` You can specify Syslog server settings in the `syslog` section.
	`docker_memory_limit`			Amount of RAM in megabytes for Docker containers of the orchestrator.
	`JAVA_OPTS`			RAM settings of the Java virtual machine.
		`Xms`		The minimum amount of heap memory that the Java VM can allocate to the orchestrator. Enter a value in one of the following formats: `<amount of RAM>m` is the amount of RAM in megabytes, for example: `512m` `<amount of RAM>g` is the amount of RAM in gigabytes, for example: `4g` We recommend specifying a value half as large as the `Xmx` setting.
		`Xmx`		The maximum amount of heap memory that the Java VM can allocate to the orchestrator. Enter a value in one of the following formats: `<amount of RAM>m` is the amount of RAM in megabytes, for example: `512m` `<amount of RAM>g` is the amount of RAM in gigabytes, for example: `4g` We recommend specifying a value half as large as the `docker_memory_limit` setting.
	`orc_<1–2>`			Deployment settings of orchestrator nodes. You can deploy one node of the orchestrator without high availability or two nodes with high availability.
		`inventory_hostname`		Host name of the orchestrator. Default value: `orc-<1–2>`.
		`state`		Deploying the orchestrator on a virtual machine or physical server. Possible values: `enabled` `disabled`.
		`ansible_host`		IP address of the virtual machine or physical server from the `nodes` section for deploying the orchestrator. Possible values: Value in the `XXX.XXX.XXX.XXX` format, for example: `192.168.110.126` Ansible variable, for example: `{{ nodes.node_1.ip }}`
`vnfm`				Settings of the Virtual Network Function Manager.
	`syslog_server_address`			Web address of the Syslog server to which Docker containers of the Virtual Network Function Manager send logs. Enter a value in the `<protocol>://<IP address>:<port number>` format, for example: `udp://192.168.2.15:1514` You can specify Syslog server settings in the `syslog` section.
	`docker_memory_limit`			Amount of RAM in megabytes for Docker containers of the orchestrator.
	`JAVA_OPTS`			RAM settings of the Java virtual machine.
		`Xms`		The minimum amount of heap memory that the Java VM can allocate to the Virtual Network Function Manager. Enter a value in one of the following formats: `<amount of RAM>m` is the amount of RAM in megabytes, for example: `512m` `<amount of RAM>g` is the amount of RAM in gigabytes, for example: `4g` We recommend specifying a value half as large as the `Xmx` setting.
		`Xmx`		The maximum amount of heap memory that the Java VM can allocate to the Virtual Network Function Manager. Enter a value in one of the following formats: `<amount of RAM>m` is the amount of RAM in megabytes, for example: `512m` `<amount of RAM>g` is the amount of RAM in gigabytes, for example: `4g` We recommend specifying a value half as large as the `docker_memory_limit` setting.
	`vnfm_<1–2>`			Deployment settings of Virtual Network Function Manager nodes. You can deploy one Virtual Network Function Manager node without high availability or two nodes with high availability.
		`inventory_hostname`		Host name of the Virtual Network Function Manager. Default value: `vnfm-<1–2>`.
		`state`		Deploying the Virtual Network Function Manager on a virtual machine or physical server. Possible values: `enabled` `disabled`.
		`ansible_host`		IP address of the virtual machine or physical server from the `nodes` section for deploying the Virtual Network Function Manager. Possible values: Value in the `XXX.XXX.XXX.XXX` format, for example: `192.168.110.126` Ansible variable, for example: `{{ nodes.node_1.ip }}`
`vnfm_proxy`				Settings of the Proxy Virtual Network Function Manager.
	`syslog_server_address`			Web address of the Syslog server to which Docker containers of the Proxy Virtual Network Function Manager send logs. Enter a value in the `<protocol>://<IP address>:<port number>` format, for example: `udp://192.168.2.15:1514` You can specify Syslog server settings in the `syslog` section.
	`docker_memory_limit`			Amount of RAM in megabytes for Docker containers of the Proxy Virtual Network Function Manager.
	`vnfm_proxy_<1‑2>`			Deployment settings of Proxy Virtual Network Function Manager nodes. You can deploy one Proxy Virtual Network Function Manager node without high availability or two nodes with high availability.
		`inventory_hostname`		Host name of the Proxy Virtual Network Function Manager. Default value: `vnfm-proxy-<1–2>`.
		`state`		Deploying the proxy Virtual Network Function Manager on a virtual machine or physical server. Possible values: `enabled` `disabled`.
		`ansible_host`		IP address of the virtual machine or physical server from the `nodes` section for deploying the proxy Virtual Network Function Manager. Possible values: Value in the `XXX.XXX.XXX.XXX` format, for example: `192.168.110.126` Ansible variable, for example: `{{ nodes.node_1.ip }}`

Example of configuration file