Blaming SSH-Infrastructure/inventory/hosts-local.yaml at 43102662f65b5f03e1f9d65aacbcc0054d541a9e · bogdan/SSH-Infrastructure

SSH-Infrastructure / inventory / hosts-local.yaml

Newer ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ Older

bogdan Add legacy infrastructure inventory and normalize hosts.yaml formatting

212 lines | 5.432kb

Add legacy infrastructure in... Bogdan Timofte authored 2 weeks ago	1	# Local Organization SSH Inventory
	2	#
	3	# This file extends or replaces the nextgen inventory for local development,
	4	# testing, and lab environments.
	5	#
	6	# Template structure follows nextgen/hosts.yaml for consistency.
	7
	8	version: 1
	9
	10	facts:
	11	environment: local
	12	organization: xdev
	13	jump_default_port: 22
	14	jump_default_user: bogdan
	15	notes:
	16	- Local lab and development infrastructure
	17	- Uses SSH key-based auth on all machines
	18	- is-jumper is the local entry point
	19
	20	ssh_options:
	21	local_defaults:
	22	description: Local SSH compatibility options
	23	options:
	24	KexAlgorithms: default
	25	Ciphers: default
	26	HostKeyAlgorithms: default
	27	ForwardAgent: yes
	28	ForwardX11: no
	29	PasswordAuthentication: no
	30	HostbasedAuthentication: no
	31	CheckHostIP: yes
	32	StrictHostKeyChecking: accept-new
	33	Tunnel: no
	34	HashKnownHosts: yes
	35
	36	defaults:
	37	jump:
	38	user: bogdan
	39	port: 22
	40	final_host:
	41	user: bogdan
	42	port: 22
	43	connect_timeout: 5
	44	connection_attempts: 1
	45
	46	entrypoints:
	47	is_jumper:
	48	aliases: [is-jumper, 192.168.2.100]
	49	hostname: 192.168.2.100
	50	user: root
	51	identity_file: ~/.ssh/keys/is-jumper_ed25519
	52	identities_only: true
	53
	54	jumps:
	55	j1:
	56	aliases: [j1, j1-local]
	57	hostname: 10.253.51.50
	58	port: 25904
	59	role: primary
	60	j2:
	61	aliases: [j2, j2-local]
	62	hostname: 10.253.51.52
	63	port: 25904
	64	role: failover
	65
	66	groups:
	67	local_lab:
	68	description: Local lab and testing machines
	69	hosts:
	70	lab_vm1:
	71	aliases: [lab-vm1, lab1, 192.168.2.110]
	72	hostname: 192.168.2.110
	73	user: bogdan
	74	lab_vm2:
	75	aliases: [lab-vm2, lab2, 192.168.2.111]
	76	hostname: 192.168.2.111
	77	user: bogdan
	78	lab_vm3:
	79	aliases: [lab-vm3, lab3, 192.168.2.112]
	80	hostname: 192.168.2.112
	81	user: bogdan
	82	lab_router:
	83	aliases: [lab-router, router, 192.168.2.1]
	84	hostname: 192.168.2.1
	85	user: admin
	86	lab_switch:
	87	aliases: [lab-switch, switch, 192.168.2.2]
	88	hostname: 192.168.2.2
	89	user: admin
	90
	91	local_servers:
	92	description: Local production/staging servers
	93	hosts:
	94	local_nexgen:
	95	aliases: [local-nextgen, nextgen-local, 192.168.2.103]
	96	hostname: 192.168.2.103
	97	user: bogdan
	98	local_backup:
	99	aliases: [local-backup, backup, 192.168.2.105]
	100	hostname: 192.168.2.105
	101	user: bogdan
	102	local_mgmt:
	103	aliases: [local-mgmt, mgmt, management, 192.168.2.104]
	104	hostname: 192.168.2.104
	105	user: bogdan
	106	local_mon:
	107	aliases: [local-mon, monitoring, zabbix, 192.168.2.106]
	108	hostname: 192.168.2.106
	109	user: bogdan
	110
	111	development:
	112	description: Development and build machines
	113	hosts:
	114	dev_build:
	115	aliases: [dev-build, builder, 192.168.2.120]
	116	hostname: 192.168.2.120
	117	user: bogdan
	118	dev_test:
	119	aliases: [dev-test, tester, 192.168.2.121]
	120	hostname: 192.168.2.121
	121	user: bogdan
	122	dev_docs:
	123	aliases: [dev-docs, documentation, 192.168.2.122]
	124	hostname: 192.168.2.122
	125	user: bogdan
	126
	127	reference_infrastructure:
	128	description: Reference to company infrastructure (for testing routing)
	129	default_jump: j1
	130	hosts:
	131	ref_pbx_bo:
	132	aliases: [ref-pbx-bo, pbx-bo, 10.253.51.135]
	133	hostname: 10.253.51.135
	134	user: bogdan
	135	ref_porta_db:
	136	aliases: [ref-porta-db, porta-db, 193.16.148.11]
	137	hostname: 193.16.148.11
	138	user: bogdan
	139	ref_sbc0:
	140	aliases: [ref-sbc0, sbc0, 10.253.51.130]
	141	hostname: 10.253.51.130
	142	user: bogdan
	143	ref_sbc1:
	144	aliases: [ref-sbc1, sbc1, 10.253.51.131]
	145	hostname: 10.253.51.131
	146	user: bogdan
	147
	148	legacy_infrastructure:
	149	description: Legacy xdev.ro and mondo-byte.ro historical servers (active)
	150	hosts:
	151	# xdev.ro hosts
	152	is_jumper:
	153	aliases: [is-jumper, is-vpn-gw]
	154	hostname: 192.168.2.100
	155	user: root
	156	is_mazeri:
	157	aliases: [is-mazeri]
	158	hostname: 192.168.2.102
	159	user: root
	160	is_toltec:
	161	aliases: [is-toltec]
	162	hostname: 192.168.2.103
	163	user: root
	164	is_baobab:
	165	aliases: [is-baobab]
	166	hostname: 192.168.2.91
	167	user: root
	168	is_ebony:
	169	aliases: [is-ebony]
	170	hostname: 192.168.2.92
	171	user: root
	172	is_tapia:
	173	aliases: [is-tapia]
	174	hostname: 192.168.2.93
	175	user: root
	176	is_anjohibe:
	177	aliases: [is-anjohibe]
	178	hostname: 192.168.2.95
	179	user: root
	180	is_andrafiabe:
	181	aliases: [is-andrafiabe]
	182	hostname: 192.168.2.96
	183	user: root
	184	is_mat:
	185	aliases: [is-mat]
	186	hostname: 192.168.2.133
	187	user: root
	188	is_nasturel:
	189	aliases: [is-nasturel]
	190	hostname: 192.168.2.144
	191	user: sshd
	192	# mondo-byte.ro hosts
	193	mt_rabit:
	194	aliases: [mt-rabit]
	195	hostname: 89.32.216.4
	196	user: root
	197	mt_xpider:
	198	aliases: [mt-xpider]
	199	hostname: 89.32.216.5
	200	user: root
	201
	202	access_policies:
	203	rules:
	204	- description: All local hosts use direct SSH (no jump)
	205	scope: group:local_lab,local_servers,development,legacy_infrastructure
	206	access: direct
	207
	208	- description: Reference hosts route through J1 jump
	209	scope: group:reference_infrastructure
	210	access: via_jump
	211	jump_host: j1
	212	auth_method: key