SSH-Infrastructure
/
inventory
/
hosts-local.yaml
Newer
■
■
■
■
■
■
■
■
■
■
Older
216 lines
|
5.657kb
| 1 |
# Local Organization SSH Inventory |
|
| 2 |
# |
|
| 3 |
# This file extends or replaces the nextgen inventory for local development, |
|
| 4 |
# testing, and lab environments. |
|
| 5 |
# |
|
| 6 |
# Template structure follows nextgen/hosts.yaml for consistency. |
|
| 7 | ||
| 8 |
version: 1 |
|
| 9 | ||
| 10 |
facts: |
|
| 11 |
environment: local |
|
| 12 |
organization: xdev |
|
| 13 |
jump_default_port: 22 |
|
| 14 |
jump_default_user: bogdan |
|
| 15 |
notes: |
|
| 16 |
- Local lab and development infrastructure |
|
| 17 |
- Uses SSH key-based auth on all machines |
|
| 18 |
- is-jumper is the local entry point |
|
| 19 | ||
| 20 |
ssh_options: |
|
| 21 |
local_defaults: |
|
| 22 |
description: Local SSH compatibility options (no legacy algorithms needed) |
|
| 23 |
options: |
|
| 24 |
ForwardAgent: yes |
|
| 25 |
ForwardX11: no |
|
| 26 |
PasswordAuthentication: no |
|
| 27 |
HostbasedAuthentication: no |
|
| 28 |
CheckHostIP: yes |
|
| 29 |
StrictHostKeyChecking: accept-new |
|
| 30 |
Tunnel: no |
|
| 31 |
HashKnownHosts: yes |
|
| 32 | ||
| 33 |
defaults: |
|
| 34 |
jump: |
|
| 35 |
user: bogdan |
|
| 36 |
port: 22 |
|
| 37 |
final_host: |
|
| 38 |
user: bogdan |
|
| 39 |
port: 22 |
|
| 40 |
connect_timeout: 5 |
|
| 41 |
connection_attempts: 1 |
|
| 42 | ||
| 43 |
entrypoints: |
|
| 44 |
is_jumper: |
|
| 45 |
aliases: [is-jumper, 192.168.2.100] |
|
| 46 |
hostname: 192.168.2.100 |
|
| 47 |
user: root |
|
| 48 |
identity_file: ~/.ssh/keys/is-jumper_ed25519 |
|
| 49 |
identities_only: true |
|
| 50 | ||
| 51 |
jumps: |
|
| 52 |
j1: |
|
| 53 |
aliases: [j1, j1-local] |
|
| 54 |
hostname: 10.253.51.50 |
|
| 55 |
port: 25904 |
|
| 56 |
role: primary |
|
| 57 |
proxy_jump: is-jumper |
|
| 58 |
j2: |
|
| 59 |
aliases: [j2, j2-local] |
|
| 60 |
hostname: 10.253.51.52 |
|
| 61 |
port: 25904 |
|
| 62 |
role: failover |
|
| 63 | ||
| 64 |
groups: |
|
| 65 |
local_lab: |
|
| 66 |
description: Local lab and testing machines |
|
| 67 |
hosts: |
|
| 68 |
lab_vm1: |
|
| 69 |
aliases: [lab-vm1, lab1, 192.168.2.110] |
|
| 70 |
hostname: 192.168.2.110 |
|
| 71 |
user: bogdan |
|
| 72 |
lab_vm2: |
|
| 73 |
aliases: [lab-vm2, lab2, 192.168.2.111] |
|
| 74 |
hostname: 192.168.2.111 |
|
| 75 |
user: bogdan |
|
| 76 |
lab_vm3: |
|
| 77 |
aliases: [lab-vm3, lab3, 192.168.2.112] |
|
| 78 |
hostname: 192.168.2.112 |
|
| 79 |
user: bogdan |
|
| 80 |
lab_router: |
|
| 81 |
aliases: [lab-router, router, 192.168.2.1] |
|
| 82 |
hostname: 192.168.2.1 |
|
| 83 |
user: admin |
|
| 84 |
lab_switch: |
|
| 85 |
aliases: [lab-switch, switch, 192.168.2.2] |
|
| 86 |
hostname: 192.168.2.2 |
|
| 87 |
user: admin |
|
| 88 | ||
| 89 |
local_servers: |
|
| 90 |
description: Local production/staging servers |
|
| 91 |
hosts: |
|
| 92 |
local_nexgen: |
|
| 93 |
aliases: [local-nextgen, nextgen-local, 192.168.2.103] |
|
| 94 |
hostname: 192.168.2.103 |
|
| 95 |
user: bogdan |
|
| 96 |
local_backup: |
|
| 97 |
aliases: [local-backup, backup, 192.168.2.105] |
|
| 98 |
hostname: 192.168.2.105 |
|
| 99 |
user: bogdan |
|
| 100 |
local_mgmt: |
|
| 101 |
aliases: [local-mgmt, mgmt, management, 192.168.2.104] |
|
| 102 |
hostname: 192.168.2.104 |
|
| 103 |
user: bogdan |
|
| 104 |
local_mon: |
|
| 105 |
aliases: [local-mon, monitoring, zabbix, 192.168.2.106] |
|
| 106 |
hostname: 192.168.2.106 |
|
| 107 |
user: bogdan |
|
| 108 | ||
| 109 |
development: |
|
| 110 |
description: Development and build machines |
|
| 111 |
hosts: |
|
| 112 |
dev_build: |
|
| 113 |
aliases: [dev-build, builder, 192.168.2.120] |
|
| 114 |
hostname: 192.168.2.120 |
|
| 115 |
user: bogdan |
|
| 116 |
dev_test: |
|
| 117 |
aliases: [dev-test, tester, 192.168.2.121] |
|
| 118 |
hostname: 192.168.2.121 |
|
| 119 |
user: bogdan |
|
| 120 |
dev_docs: |
|
| 121 |
aliases: [dev-docs, documentation, 192.168.2.122] |
|
| 122 |
hostname: 192.168.2.122 |
|
| 123 |
user: bogdan |
|
| 124 | ||
| 125 |
reference_infrastructure: |
|
| 126 |
description: Reference to company infrastructure (for testing routing) |
|
| 127 |
default_jump: j1 |
|
| 128 |
hosts: |
|
| 129 |
ref_pbx_bo: |
|
| 130 |
aliases: [ref-pbx-bo, pbx-bo, 10.253.51.135] |
|
| 131 |
hostname: 10.253.51.135 |
|
| 132 |
user: bogdan |
|
| 133 |
ref_porta_db: |
|
| 134 |
aliases: [ref-porta-db, porta-db, 193.16.148.11] |
|
| 135 |
hostname: 193.16.148.11 |
|
| 136 |
user: bogdan |
|
| 137 |
ref_sbc0: |
|
| 138 |
aliases: [ref-sbc0, sbc0, 10.253.51.130] |
|
| 139 |
hostname: 10.253.51.130 |
|
| 140 |
user: bogdan |
|
| 141 |
ref_sbc1: |
|
| 142 |
aliases: [ref-sbc1, sbc1, 10.253.51.131] |
|
| 143 |
hostname: 10.253.51.131 |
|
| 144 |
user: bogdan |
|
| 145 | ||
| 146 |
legacy_infrastructure: |
|
| 147 |
description: Legacy xdev.ro and mondo-byte.ro historical servers (local direct access) |
|
| 148 |
defaults: |
|
| 149 |
route: local |
|
| 150 |
hosts: |
|
| 151 |
# xdev.ro hosts - entry point |
|
| 152 |
is_jumper: |
|
| 153 |
aliases: [is-jumper, is-vpn-gw] |
|
| 154 |
hostname: 192.168.2.100 |
|
| 155 |
user: root |
|
| 156 |
proxy_jump: none |
|
| 157 |
identity_file: ~/.ssh/keys/is-jumper_ed25519 |
|
| 158 |
identities_only: true |
|
| 159 |
# xdev.ro local network hosts (accessed via is-jumper) |
|
| 160 |
is_mazeri: |
|
| 161 |
aliases: [is-mazeri] |
|
| 162 |
hostname: 192.168.2.102 |
|
| 163 |
user: root |
|
| 164 |
is_toltec: |
|
| 165 |
aliases: [is-toltec] |
|
| 166 |
hostname: 192.168.2.103 |
|
| 167 |
user: root |
|
| 168 |
is_baobab: |
|
| 169 |
aliases: [is-baobab] |
|
| 170 |
hostname: 192.168.2.91 |
|
| 171 |
user: root |
|
| 172 |
is_ebony: |
|
| 173 |
aliases: [is-ebony] |
|
| 174 |
hostname: 192.168.2.92 |
|
| 175 |
user: root |
|
| 176 |
is_tapia: |
|
| 177 |
aliases: [is-tapia] |
|
| 178 |
hostname: 192.168.2.93 |
|
| 179 |
user: root |
|
| 180 |
is_anjohibe: |
|
| 181 |
aliases: [is-anjohibe] |
|
| 182 |
hostname: 192.168.2.95 |
|
| 183 |
user: root |
|
| 184 |
is_andrafiabe: |
|
| 185 |
aliases: [is-andrafiabe] |
|
| 186 |
hostname: 192.168.2.96 |
|
| 187 |
user: root |
|
| 188 |
is_mat: |
|
| 189 |
aliases: [is-mat] |
|
| 190 |
hostname: 192.168.2.133 |
|
| 191 |
user: root |
|
| 192 |
is_nasturel: |
|
| 193 |
aliases: [is-nasturel] |
|
| 194 |
hostname: 192.168.2.144 |
|
| 195 |
user: sshd |
|
| 196 |
# mondo-byte.ro hosts (accessed via is-jumper) |
|
| 197 |
mt_rabit: |
|
| 198 |
aliases: [mt-rabit] |
|
| 199 |
hostname: 89.32.216.4 |
|
| 200 |
user: root |
|
| 201 |
mt_xpider: |
|
| 202 |
aliases: [mt-xpider] |
|
| 203 |
hostname: 89.32.216.5 |
|
| 204 |
user: root |
|
| 205 | ||
| 206 |
access_policies: |
|
| 207 |
rules: |
|
| 208 |
- description: All local hosts use direct SSH (no jump) |
|
| 209 |
scope: group:local_lab,local_servers,development,legacy_infrastructure |
|
| 210 |
access: direct |
|
| 211 | ||
| 212 |
- description: Reference hosts route through J1 jump |
|
| 213 |
scope: group:reference_infrastructure |
|
| 214 |
access: via_jump |
|
| 215 |
jump_host: j1 |
|
| 216 |
auth_method: key |