Templates/infrastructure-config-help.json
|
{ "moduleVersion": "1.0.3", "entries": [ { "Key": "common.vCenterName", "Required": "Yes", "Notes": "vCenter FQDN, 9.0 or later. Script needs HTTPS access." }, { "Key": "common.vCenterUser", "Required": "Yes", "Notes": "vCenter login (e.g. administrator@vsphere.local); SSO supported." }, { "Key": "common.datacenterName", "Required": "Yes", "Notes": "Existing vSphere datacenter; clusters are created under it." }, { "Key": "common.contextName", "Required": "Yes", "Notes": "VCF context name used by VCF CLI for ArgoCD." }, { "Key": "common.nicList", "Required": "Conditional", "Notes": "Array of NICs for the VDS (e.g. [{\"name\":\"vmnic1\"},{\"name\":\"vmnic2\"}]). Number of uplinks = length of nicList. Required at common or per cluster (clusters[].nicList); cluster overrides common. Must have 2 or 4 NICs." }, { "Key": "common.vSanWitnessVmName", "Required": "No", "Notes": "vSAN witness VM name or FQDN; used by vSAN-OSA/ESA. Overridable per cluster." }, { "Key": "common.haPolicy", "Required": "No", "Notes": "vSAN-OSA/ESA multi-host only: reservationBased (default when key omitted; percentage admission), slotBased (host failures tolerated = 1), or disabled (HA on, admission off). When the key exists, value must be exactly one of those three strings. Overridable per cluster." }, { "Key": "common.esxUser", "Required": "No", "Notes": "ESX login. Omit to use default root." }, { "Key": "common.esxUniquePasswordPerHost", "Required": "No", "Notes": "Boolean. Default false when not defined (one password for all hosts). true = prompt per host." }, { "Key": "common.nonInteractivePassword", "Required": "No", "Notes": "Boolean. When true, uses VCENTER_COMMON_PASSWORD / ESX_COMMON_PASSWORD env vars." }, { "Key": "common.labenvironment", "Required": "No", "Notes": "Boolean lab mode (property name is case-insensitive in JSON; templates use labenvironment). When true: silences vSAN HCL / hardware-compatibility health checks (controlleronhcl, controllerdiskmode, controllerfirmware, controllerdriver, hclhostbadstate) and transient advcfgsync; permits -Force to bypass cleanup confirmation; allows Harbor self-signed TLS when tlsCrt and tlsKey are both omitted (certificate generated via .NET, works cross-platform). Silencing only masks the vCenter alarm signal — WCP still enforces HCL conformance downstream. Default false. Keep false for production-equivalent deployments." }, { "Key": "common.preserveAutoGeneratedKeyCertPair", "Required": "No", "Notes": "Boolean. Only meaningful when common.labenvironment is true and Harbor TLS is auto-generated (tlsCrt and tlsKey both omitted). When true, saves the generated private key as <edgeSite>.key and certificate as <edgeSite>.crt to HarborKeyCerts/<edgeSite>/ under $env:VcfEdgeAtScaleRootDirectory after a successful deployment. On non-Windows, the private key is restricted to owner-read-only (chmod 0600). Ignored if labenvironment is false or if tlsCrt and tlsKey are supplied. Default false when absent." }, { "Key": "common.clusterNamePrefix", "Required": "No", "Notes": "Prefix for cluster names. Omit for default cluster; format {prefix}-{edgeSite}." }, { "Key": "common.datastoreNamePrefix", "Required": "No", "Notes": "Prefix for datastore names. Omit for default datastore; format {prefix}-{edgeSite}." }, { "Key": "common.supervisorNamePrefix", "Required": "No", "Notes": "Prefix for supervisor names. Omit for default supervisor; format {prefix}-{edgeSite}." }, { "Key": "common.vdsNamePrefix", "Required": "No", "Notes": "Prefix for VDS names. Omit for default VDS; format {prefix}-{edgeSite}." }, { "Key": "common.supervisorContentLibraryDatastore", "Required": "No", "Notes": "When the key is present, datastore for supervisor content library (must already exist); script runs Initialize-SupervisorContentLibrary. When the key is omitted (removed) entirely, the content library workflow is skipped." }, { "Key": "common.supervisorContentLibrarySubscriptionUrl", "Required": "No", "Notes": "When supervisorContentLibraryDatastore key is present, subscription URL for the content library. If omitted, default is https://wp-content.vmware.com/supervisor/v1/latest/lib.json." }, { "Key": "common.vLcmImageName", "Required": "No", "Notes": "vLCM image name in vCenter Image Catalog; omit to choose at run time." }, { "Key": "common.vSanvMotionVmKernelMtuValue", "Required": "No", "Notes": "Optional. When defined, overrides the default MTU (9000) for the VDS and for vMotion/vSAN VMkernel adapters only. Mgmt (vmk0) and vSAN Witness (vmk3) are always 1500. Must be 1500-9190 (numbers only; validated at JSON load). Use 1500 when the physical path does not support jumbo frames." }, { "Key": "common.vmkernelMtu", "Required": "No", "Notes": "Optional. Legacy. MTU (1500-9190) for VDS and vMotion/vSAN VMkernels when common.vSanvMotionVmKernelMtuValue is not set. Mgmt and vSAN Witness are always 1500." }, { "Key": "common.supervisorServices.parentDirectory", "Required": "Conditional", "Notes": "Directory containing Argo CD and Harbor YAML files when using *YamlFileName keys (escape backslashes on Windows). Not required if every Argo- or Harbor-enabled cluster resolves YAML via legacy *YamlPath properties at common or cluster level. When set with a file name, paths are Join-Path(parentDirectory, *YamlFileName)." }, { "Key": "common.supervisorServices.argoCdOperatorYamlFileName", "Required": "Conditional", "Notes": "File name only (e.g. 1.1.0-25100889.yml) under parentDirectory for the Argo CD operator package. Use with parentDirectory, or use common.supervisorServices.argoCdOperatorYamlPath instead. Ignored when disableArgoCD is true." }, { "Key": "common.supervisorServices.argoCdDeploymentYamlFileName", "Required": "Conditional", "Notes": "File name only under parentDirectory for the Argo CD instance YAML; namespace in file must match nameSpacePrefix. Use with parentDirectory, or use common.supervisorServices.argoCdDeploymentYamlPath instead. Ignored when disableArgoCD is true." }, { "Key": "common.supervisorServices.disableArgoCD", "Required": "No", "Notes": "Boolean. When true, skips ArgoCD deployment (service, namespace, operator, instance) for all clusters. Cluster-level override wins. Default: false." }, { "Key": "common.supervisorServices.disableHarbor", "Required": "No", "Notes": "Boolean. When true, skips Harbor deployment (service registration, data values generation, installation) for all clusters. Cluster-level override wins. Default: false." }, { "Key": "common.supervisorServices.harborDataTemplateYamlFileName", "Required": "Conditional", "Notes": "File name only (e.g. harbor-data-values-v2.14.2.yml) under parentDirectory for the Harbor data values template. The script creates a per-site copy at runtime; the original is never modified. Use with parentDirectory, or use common.supervisorServices.harborDataTemplateYamlPath instead. Not required when disableHarbor is true for all clusters." }, { "Key": "common.supervisorServices.harborServiceYamlFileName", "Required": "Conditional", "Notes": "File name only for the Harbor Supervisor Service Carvel package YAML (e.g. legacy-harbor-svs-v2.14.2+vmware.2-vks.1-25220498.yml) under parentDirectory. Use with parentDirectory, or use common.supervisorServices.harborServiceYamlPath instead. Not required when disableHarbor is true for all clusters." }, { "Key": "common.supervisorServices.argoCdOperatorYamlPath", "Required": "Conditional", "Notes": "Legacy full or infrastructure-relative path to the Argo CD operator package YAML. Used when parentDirectory and argoCdOperatorYamlFileName do not both resolve (cluster overrides common). Ignored when disableArgoCD is true." }, { "Key": "common.supervisorServices.argoCdDeploymentYamlPath", "Required": "Conditional", "Notes": "Legacy full or infrastructure-relative path to the Argo CD instance YAML. Used when parentDirectory and argoCdDeploymentYamlFileName do not both resolve (cluster overrides common). Ignored when disableArgoCD is true." }, { "Key": "common.supervisorServices.harborDataTemplateYamlPath", "Required": "Conditional", "Notes": "Legacy full or infrastructure-relative path to the Harbor data values template YAML. Used when parentDirectory and harborDataTemplateYamlFileName do not both resolve (cluster overrides common). Not required when disableHarbor is true for all clusters." }, { "Key": "common.supervisorServices.harborServiceYamlPath", "Required": "Conditional", "Notes": "Legacy full or infrastructure-relative path to the Harbor Supervisor Service Carvel package YAML. Used when parentDirectory and harborServiceYamlFileName do not both resolve (cluster overrides common). Not required when disableHarbor is true for all clusters." }, { "Key": "clusters", "Required": "Yes", "Notes": "Array of cluster configurations. Each cluster is identified by edgeSite and contains ESX hosts, supervisor services, storage policy, and networking." }, { "Key": "clusters[].edgeSite", "Required": "Yes", "Notes": "Unique site ID; must match one siteSpec[].edgeSite in supervisor.json." }, { "Key": "clusters[].esxHosts", "Required": "Yes", "Notes": "Array of ESX FQDNs or IPs; script needs HTTPS access to each host." }, { "Key": "clusters[].networking", "Required": "Yes", "Notes": "Container for networkSegments and (for vSAN) networkingVmKernelInterfaces. Required by shallow validation." }, { "Key": "clusters[].storagePolicy", "Required": "Yes", "Notes": "Container for storage type and tag catalog. Required by shallow validation." }, { "Key": "clusters[].nicList", "Required": "Conditional", "Notes": "Optional override for this cluster. When present (2 or 4 NICs), overrides common.nicList. At least one of common.nicList or clusters[].nicList must be defined per cluster." }, { "Key": "clusters[].vSanWitnessVmName", "Required": "Conditional", "Notes": "vSAN witness VM name or FQDN for this cluster. Overrides common.vSanWitnessVmName. Required (at cluster or common level) for vSAN-OSA and vSAN-ESA; not used for VMFS." }, { "Key": "clusters[].haPolicy", "Required": "No", "Notes": "Overrides common.haPolicy for this cluster. Same allowed values and vSAN-only scope as common.haPolicy. When the key exists, value must be reservationBased, slotBased, or disabled." }, { "Key": "clusters[].supervisorServices.parentDirectory", "Required": "No", "Notes": "Override directory for this cluster's supervisorServices YAML files. When set, used instead of common.supervisorServices.parentDirectory for Join-Path with *YamlFileName keys. Omit to use common parentDirectory or legacy *YamlPath resolution." }, { "Key": "clusters[].supervisorServices.argoCdOperatorYamlFileName", "Required": "Conditional", "Notes": "Overrides common.supervisorServices.argoCdOperatorYamlFileName for this cluster when defined. Use with parentDirectory, or use clusters[].supervisorServices.argoCdOperatorYamlPath instead. Ignored when disableArgoCD is true." }, { "Key": "clusters[].supervisorServices.argoCdDeploymentYamlFileName", "Required": "Conditional", "Notes": "Overrides common.supervisorServices.argoCdDeploymentYamlFileName for this cluster when defined. Use with parentDirectory, or use clusters[].supervisorServices.argoCdDeploymentYamlPath instead. Ignored when disableArgoCD is true." }, { "Key": "clusters[].supervisorServices.harborDataTemplateYamlFileName", "Required": "Conditional", "Notes": "Overrides common.supervisorServices.harborDataTemplateYamlFileName for this cluster when defined. Use with parentDirectory, or use clusters[].supervisorServices.harborDataTemplateYamlPath instead. Ignored when disableHarbor is true." }, { "Key": "clusters[].supervisorServices.harborServiceYamlFileName", "Required": "Conditional", "Notes": "Overrides common.supervisorServices.harborServiceYamlFileName for this cluster when defined. Use with parentDirectory, or use clusters[].supervisorServices.harborServiceYamlPath instead. Ignored when disableHarbor is true." }, { "Key": "clusters[].supervisorServices.argoCdOperatorYamlPath", "Required": "Conditional", "Notes": "Per-cluster legacy path to the Argo CD operator YAML; overrides common when set. Used when parentDirectory and argoCdOperatorYamlFileName do not both resolve. Ignored when disableArgoCD is true." }, { "Key": "clusters[].supervisorServices.argoCdDeploymentYamlPath", "Required": "Conditional", "Notes": "Per-cluster legacy path to the Argo CD instance YAML; overrides common when set. Ignored when disableArgoCD is true." }, { "Key": "clusters[].supervisorServices.harborDataTemplateYamlPath", "Required": "Conditional", "Notes": "Per-cluster legacy path to the Harbor data values template YAML; overrides common when set. Ignored when disableHarbor is true." }, { "Key": "clusters[].supervisorServices.harborServiceYamlPath", "Required": "Conditional", "Notes": "Per-cluster legacy path to the Harbor Carvel package YAML; overrides common when set. Ignored when disableHarbor is true." }, { "Key": "clusters[].supervisorServices.disableArgoCD", "Required": "No", "Notes": "Boolean. Overrides common.supervisorServices.disableArgoCD for this cluster only. When true, skips ArgoCD deployment for this cluster. Default: false." }, { "Key": "clusters[].supervisorServices.disableHarbor", "Required": "No", "Notes": "Boolean. Overrides common.supervisorServices.disableHarbor for this cluster only. When true, skips Harbor deployment for this cluster. Default: false." }, { "Key": "clusters[].supervisorServices.nameSpacePrefix", "Required": "No", "Notes": "ArgoCD namespace prefix. Omit for default argocd; script appends cluster MoRef for uniqueness." }, { "Key": "clusters[].supervisorServices.vmClass", "Required": "No", "Notes": "Array of VM class names for ArgoCD namespace. Omit to assign all VM classes from vCenter." }, { "Key": "clusters[].harborConfiguration.hostname", "Required": "Conditional", "Notes": "Required unless disableHarbor is true. DNS-compatible FQDN or IP for the Harbor registry (e.g. harbor.site1.example.com). Sets the hostname key in the Harbor data values YAML." }, { "Key": "clusters[].harborConfiguration.harborAdminPassword", "Required": "No", "Notes": "Override for the Harbor admin password. Prefix with $env: to resolve from an environment variable at runtime. If the variable is unset, the script prompts interactively (masked input) during pre-flight." }, { "Key": "clusters[].harborConfiguration.secretKey", "Required": "No", "Notes": "AES-128 encryption key; must be exactly 16 characters. Plain-text values of the wrong length are rejected at pre-flight. Supports $env: resolution with interactive fallback prompt when unset." }, { "Key": "clusters[].harborConfiguration.databasePassword", "Required": "No", "Notes": "Override for the internal PostgreSQL password. Supports $env: resolution with interactive fallback prompt when unset." }, { "Key": "clusters[].harborConfiguration.coreSecret", "Required": "No", "Notes": "Override for the core inter-service secret. Supports $env: resolution with interactive fallback prompt when unset." }, { "Key": "clusters[].harborConfiguration.jobserviceSecret", "Required": "No", "Notes": "Override for the jobservice inter-service secret. Supports $env: resolution with interactive fallback prompt when unset." }, { "Key": "clusters[].harborConfiguration.registrySecret", "Required": "No", "Notes": "Override for the registry upload-state secret. Supports $env: resolution with interactive fallback prompt when unset." }, { "Key": "clusters[].harborConfiguration.parentDirectory", "Required": "Conditional", "Notes": "When tlsCrt, tlsKey, or caCrt are set: optional directory containing those PEM files as file names (or relative fragments under this directory). When omitted, tlsCrt, tlsKey, and caCrt are full or infrastructure-relative paths (legacy)." }, { "Key": "clusters[].harborConfiguration.tlsCrt", "Required": "Conditional", "Notes": "With parentDirectory: TLS certificate file name (e.g. tls.crt.pem). Without parentDirectory: full or infrastructure-relative path to the PEM file. Required when tlsKey is set; both must be defined together. Contents injected as tls.crt under tlsCertificate in the YAML." }, { "Key": "clusters[].harborConfiguration.tlsKey", "Required": "Conditional", "Notes": "With parentDirectory: TLS private key file name (e.g. tls.key.pem). Without parentDirectory: full or infrastructure-relative path. Required when tlsCrt is set; both must be defined together. Contents injected as tls.key under tlsCertificate in the YAML." }, { "Key": "clusters[].harborConfiguration.caCrt", "Required": "No", "Notes": "With parentDirectory: CA certificate file name. Without parentDirectory: full or infrastructure-relative path. Only valid when both tlsCrt and tlsKey are defined. Contents injected as ca.crt under tlsCertificate in the YAML. Also used when registering Harbor as a Supervisor container image registry." }, { "Key": "clusters[].harborConfiguration.registryVolumeSize", "Required": "No", "Notes": "Override for persistence.persistentVolumeClaim.registry.size. Format: positive integer followed by Gi (e.g. 10Gi). Omit to use the template default." }, { "Key": "clusters[].harborConfiguration.jobserviceVolumeSize", "Required": "No", "Notes": "Override for persistence.persistentVolumeClaim.jobservice.jobLog.size. Format: <N>Gi. Omit to use the template default." }, { "Key": "clusters[].harborConfiguration.databaseVolumeSize", "Required": "No", "Notes": "Override for persistence.persistentVolumeClaim.database.size. Format: <N>Gi. Omit to use the template default." }, { "Key": "clusters[].harborConfiguration.redisVolumeSize", "Required": "No", "Notes": "Override for persistence.persistentVolumeClaim.redis.size. Format: <N>Gi. Omit to use the template default." }, { "Key": "clusters[].harborConfiguration.trivyVolumeSize", "Required": "No", "Notes": "Override for persistence.persistentVolumeClaim.trivy.size. Format: <N>Gi. Omit to use the template default." }, { "Key": "clusters[].storagePolicy.storagePolicyTagCatalog", "Required": "No", "Notes": "Tag catalog for storage policy. Omit for default {storageType}-Storage-TagCatalog." }, { "Key": "clusters[].storagePolicy.storageType", "Required": "Yes", "Notes": "Storage type: VMFS, vSAN-ESA, or vSAN-OSA." }, { "Key": "clusters[].storagePolicy.storagePolicyRule", "Required": "No", "Notes": "The only valid value is Fully initialized. Do not change otherwise the script will error." }, { "Key": "clusters[].networking.networkSegments", "Required": "Yes", "Notes": "Array of segments; names must match supervisor.json network references." }, { "Key": "clusters[].networking.networkSegments[].name", "Required": "Yes", "Notes": "Segment name; lower-case, RFC1123; must match supervisor.json." }, { "Key": "clusters[].networking.networkSegments[].vlanId", "Required": "Yes", "Notes": "VLAN ID (0-4095); unique within this cluster." }, { "Key": "clusters[].networking.networkSegments[].gateway", "Required": "Yes", "Notes": "Gateway in CIDR (e.g. 10.30.10.1/24); mapped into supervisor by segment name." }, { "Key": "clusters[].networking.networkingVmKernelInterfaces", "Required": "Conditional", "Notes": "Required for vSAN-ESA and vSAN-OSA only (not VMFS). At least two entries: vMotion, vSAN (required). Optional third: vSAN Witness. Shallow / deeper checks validate the child keys below." }, { "Key": "clusters[].networking.networkingVmKernelInterfaces[].service", "Required": "Conditional", "Notes": "One of: vMotion, vSAN, vSAN Witness (exact strings). vMotion and vSAN are required across the array; vSAN Witness is optional." }, { "Key": "clusters[].networking.networkingVmKernelInterfaces[].vlanId", "Required": "Conditional", "Notes": "VLAN ID 0-4095; must match a segment used for that traffic class." }, { "Key": "clusters[].networking.networkingVmKernelInterfaces[].netmask", "Required": "Conditional", "Notes": "IPv4 netmask for the VMkernel (e.g. 255.255.255.0)." }, { "Key": "clusters[].networking.networkingVmKernelInterfaces[].ipList", "Required": "Conditional", "Notes": "Array of exactly two unique IPv4 addresses (order aligns with esxHosts order)." }, { "Key": "clusters[].networking.networkingVmKernelInterfaces[].gateway", "Required": "Conditional", "Notes": "Optional. Used on the vSAN Witness entry only: IPv4 gateway applied via esxcli after the VMkernel exists." } ] } |