Blaming SSH-Infrastructure/inventory/hosts-local.yaml at b78e78dc2590e6255fc46fcdf91ddc5931d54d2c · bogdan/SSH-Infrastructure

SSH-Infrastructure / inventory / hosts-local.yaml

Newer ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ Older

bogdan Fix SSH config by removing invalid 'default' algorithm values

209 lines | 5.377kb

Add legacy infrastructure in... Bogdan Timofte authored 2 weeks ago	1	# Local Organization SSH Inventory
	2	#
	3	# This file extends or replaces the nextgen inventory for local development,
	4	# testing, and lab environments.
	5	#
	6	# Template structure follows nextgen/hosts.yaml for consistency.
	7
	8	version: 1
	9
	10	facts:
	11	environment: local
	12	organization: xdev
	13	jump_default_port: 22
	14	jump_default_user: bogdan
	15	notes:
	16	- Local lab and development infrastructure
	17	- Uses SSH key-based auth on all machines
	18	- is-jumper is the local entry point
	19
	20	ssh_options:
	21	local_defaults:
Fix SSH config by removing i... Bogdan Timofte authored 2 weeks ago	22	description: Local SSH compatibility options (no legacy algorithms needed)
Add legacy infrastructure in... Bogdan Timofte authored 2 weeks ago	23	options:
	24	ForwardAgent: yes
	25	ForwardX11: no
	26	PasswordAuthentication: no
	27	HostbasedAuthentication: no
	28	CheckHostIP: yes
	29	StrictHostKeyChecking: accept-new
	30	Tunnel: no
	31	HashKnownHosts: yes
	32
	33	defaults:
	34	jump:
	35	user: bogdan
	36	port: 22
	37	final_host:
	38	user: bogdan
	39	port: 22
	40	connect_timeout: 5
	41	connection_attempts: 1
	42
	43	entrypoints:
	44	is_jumper:
	45	aliases: [is-jumper, 192.168.2.100]
	46	hostname: 192.168.2.100
	47	user: root
	48	identity_file: ~/.ssh/keys/is-jumper_ed25519
	49	identities_only: true
	50
	51	jumps:
	52	j1:
	53	aliases: [j1, j1-local]
	54	hostname: 10.253.51.50
	55	port: 25904
	56	role: primary
	57	j2:
	58	aliases: [j2, j2-local]
	59	hostname: 10.253.51.52
	60	port: 25904
	61	role: failover
	62
	63	groups:
	64	local_lab:
	65	description: Local lab and testing machines
	66	hosts:
	67	lab_vm1:
	68	aliases: [lab-vm1, lab1, 192.168.2.110]
	69	hostname: 192.168.2.110
	70	user: bogdan
	71	lab_vm2:
	72	aliases: [lab-vm2, lab2, 192.168.2.111]
	73	hostname: 192.168.2.111
	74	user: bogdan
	75	lab_vm3:
	76	aliases: [lab-vm3, lab3, 192.168.2.112]
	77	hostname: 192.168.2.112
	78	user: bogdan
	79	lab_router:
	80	aliases: [lab-router, router, 192.168.2.1]
	81	hostname: 192.168.2.1
	82	user: admin
	83	lab_switch:
	84	aliases: [lab-switch, switch, 192.168.2.2]
	85	hostname: 192.168.2.2
	86	user: admin
	87
	88	local_servers:
	89	description: Local production/staging servers
	90	hosts:
	91	local_nexgen:
	92	aliases: [local-nextgen, nextgen-local, 192.168.2.103]
	93	hostname: 192.168.2.103
	94	user: bogdan
	95	local_backup:
	96	aliases: [local-backup, backup, 192.168.2.105]
	97	hostname: 192.168.2.105
	98	user: bogdan
	99	local_mgmt:
	100	aliases: [local-mgmt, mgmt, management, 192.168.2.104]
	101	hostname: 192.168.2.104
	102	user: bogdan
	103	local_mon:
	104	aliases: [local-mon, monitoring, zabbix, 192.168.2.106]
	105	hostname: 192.168.2.106
	106	user: bogdan
	107
	108	development:
	109	description: Development and build machines
	110	hosts:
	111	dev_build:
	112	aliases: [dev-build, builder, 192.168.2.120]
	113	hostname: 192.168.2.120
	114	user: bogdan
	115	dev_test:
	116	aliases: [dev-test, tester, 192.168.2.121]
	117	hostname: 192.168.2.121
	118	user: bogdan
	119	dev_docs:
	120	aliases: [dev-docs, documentation, 192.168.2.122]
	121	hostname: 192.168.2.122
	122	user: bogdan
	123
	124	reference_infrastructure:
	125	description: Reference to company infrastructure (for testing routing)
	126	default_jump: j1
	127	hosts:
	128	ref_pbx_bo:
	129	aliases: [ref-pbx-bo, pbx-bo, 10.253.51.135]
	130	hostname: 10.253.51.135
	131	user: bogdan
	132	ref_porta_db:
	133	aliases: [ref-porta-db, porta-db, 193.16.148.11]
	134	hostname: 193.16.148.11
	135	user: bogdan
	136	ref_sbc0:
	137	aliases: [ref-sbc0, sbc0, 10.253.51.130]
	138	hostname: 10.253.51.130
	139	user: bogdan
	140	ref_sbc1:
	141	aliases: [ref-sbc1, sbc1, 10.253.51.131]
	142	hostname: 10.253.51.131
	143	user: bogdan
	144
	145	legacy_infrastructure:
	146	description: Legacy xdev.ro and mondo-byte.ro historical servers (active)
	147	hosts:
	148	# xdev.ro hosts
	149	is_jumper:
	150	aliases: [is-jumper, is-vpn-gw]
	151	hostname: 192.168.2.100
	152	user: root
	153	is_mazeri:
	154	aliases: [is-mazeri]
	155	hostname: 192.168.2.102
	156	user: root
	157	is_toltec:
	158	aliases: [is-toltec]
	159	hostname: 192.168.2.103
	160	user: root
	161	is_baobab:
	162	aliases: [is-baobab]
	163	hostname: 192.168.2.91
	164	user: root
	165	is_ebony:
	166	aliases: [is-ebony]
	167	hostname: 192.168.2.92
	168	user: root
	169	is_tapia:
	170	aliases: [is-tapia]
	171	hostname: 192.168.2.93
	172	user: root
	173	is_anjohibe:
	174	aliases: [is-anjohibe]
	175	hostname: 192.168.2.95
	176	user: root
	177	is_andrafiabe:
	178	aliases: [is-andrafiabe]
	179	hostname: 192.168.2.96
	180	user: root
	181	is_mat:
	182	aliases: [is-mat]
	183	hostname: 192.168.2.133
	184	user: root
	185	is_nasturel:
	186	aliases: [is-nasturel]
	187	hostname: 192.168.2.144
	188	user: sshd
	189	# mondo-byte.ro hosts
	190	mt_rabit:
	191	aliases: [mt-rabit]
	192	hostname: 89.32.216.4
	193	user: root
	194	mt_xpider:
	195	aliases: [mt-xpider]
	196	hostname: 89.32.216.5
	197	user: root
	198
	199	access_policies:
	200	rules:
	201	- description: All local hosts use direct SSH (no jump)
	202	scope: group:local_lab,local_servers,development,legacy_infrastructure
	203	access: direct
	204
	205	- description: Reference hosts route through J1 jump
	206	scope: group:reference_infrastructure
	207	access: via_jump
	208	jump_host: j1
	209	auth_method: key