SSH-Infrastructure
/
inventory
/
hosts.yaml
1 contributor
version: 1
facts:
jump_default_port: 24
jump_default_user: bogdan.timofte
common_distribution_user: bogdan
notes:
- Most distributions do not like dots in local usernames, so most final-host installs
use bogdan.
- In bogdan/root import conflicts, bogdan wins.
ssh_options:
legacy_compatibility:
description: Company-managed jump global ssh_config compatibility options
options:
KexAlgorithms: +diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
Ciphers: +aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
HostKeyAlgorithms: +ssh-rsa
PubkeyAcceptedAlgorithms: +ssh-rsa
ForwardAgent: true
ForwardX11: false
PasswordAuthentication: true
HostbasedAuthentication: false
CheckHostIP: true
StrictHostKeyChecking: ask
Tunnel: false
SendEnv: LANG LC_* GIT_* ANSIBLE_*
HashKnownHosts: true
company_managed:
jump_hosts:
inherit_globals_on_targets:
- j1
- j2
match_defaults:
- patterns:
- '*.dr0?'
- '*.ar0?'
- '*.cr01'
- '*.br01'
- '*.as??'
- '*.cs0?'
- '*.tv01'
- '*.ds0?'
- bucuresti.ines.dcm01
- bucuresti.nxdata.voip
- bucuresti.dolce.tv01
- '*dasan*'
user: bogdan.timofte
port: 22
- patterns:
- '*.olt'
user: bogdan.timofte@next-gen.ro
port: 22
- patterns:
- '*.dhcp'
- '*.shaper*'
- '*.sentinel'
- '*.scan'
- redmine
- speedtest
- webdevel
- scripting
- zabbix
- itpve-*
- cacti
- mx
- bucuresti.radius-pppoe
- flood-detector
- tacacs2
- tacacs1
- ns2
- ns1
- backup1
- gitlab
- nlg
- nexus
- dhcp-cmts
- '*.radius-db'
- jump1
- aggregator-buc
- mappix
- docker.*
- cpanel
- jump2
- nocpve-*
- ocvpn
user: bogdan.timofte
port: 24
defaults:
jump:
user: bogdan.timofte
port: 24
final_host:
user: bogdan
port: 22
connect_timeout: 10
connection_attempts: 1
entrypoints:
is_jumper:
aliases:
- is-jumper
hostname: 192.168.2.100
user: root
identity_file: ~/.ssh/keys/is-jumper_ed25519
identities_only: true
jumps:
j1:
aliases:
- j1
hostname: 10.253.51.50
port: 25904
role: primary_vpn
j2:
aliases:
- j2
hostname: 10.253.51.52
port: 25904
role: failover_vpn
j1_public:
aliases:
- j1
hostname: j1.next-gen.ro
port: 25904
role: emergency_public
j2_public:
aliases:
- j2
hostname: j2.next-gen.ro
port: 25904
role: emergency_public
groups:
voip_applications:
description: PBX systems
default_jump: j1
hosts:
vo52:
aliases:
- vo52
- vo522
- vo52-new
- 10.253.51.140
hostname: 10.253.51.140
user: root
vo52_old:
aliases:
- vo52-old
hostname: 193.16.148.152
user: root
vo53:
aliases:
- vo53
- 193.16.148.153
hostname: 193.16.148.153
port: 60011
elastix:
aliases:
- elastix
- 10.253.50.62
- 188.173.1.15
hostname: 10.253.50.62
user: root
ss7:
aliases:
- ss7
hostname: 10.253.51.138
user: root
voip_pbx_dispecerat:
aliases:
- voip-pbx-dispeceri
- pbx-dispeceri
- 10.253.51.134
hostname: 10.253.51.134
user: bogdan
voip_pbx_bo:
aliases:
- voip-pbx-bo
- pbx-bo
- 10.253.51.135
hostname: 10.253.51.135
user: bogdan
voip_network:
description: VoIP network infrastructure
default_jump: j1
hosts:
sbc0:
aliases:
- sbc0
- 10.253.51.130
- 10.20.30.10
- 193.16.148.197
hostname: 10.253.51.130
sbc1:
aliases:
- sbc1
- 10.253.51.131
- 10.20.30.10
- 193.16.148.194
- 193.16.148.195
- 193.16.148.196
- 193.16.148.198
- 193.16.148.199
hostname: 10.253.51.131
sbc2:
aliases:
- sbc2
- 10.253.51.132
- 10.20.30.11
hostname: 10.253.51.132
voip_prov:
aliases:
- voip-prov
- 10.253.51.139
hostname: 10.253.51.139
portabilitate:
aliases:
- portabilitate
- bdc
- 10.253.51.133
- 89.165.199.20
- 89.165.232.232
hostname: 10.253.51.133
porta:
description: PortaOne MR30 legacy
default_jump: j1
hosts:
porta_sip:
aliases:
- porta-sip
- p12-sip
- p12
- p12.voip.ro
- 193.16.148.4
hostname: 193.16.148.4
porta_web:
aliases:
- porta-web
- porta-api
- porta-slave
- porta7
- telefonie.next-gen.ro
- 193.16.148.7
hostname: 193.16.148.7
porta_db:
aliases:
- porta-db
- porta-master
- porta1
- 193.16.148.11
hostname: 193.16.148.11
porta_config:
aliases:
- porta-config
- porta-configurator
- 193.16.148.13
hostname: 193.16.148.13
pppoe:
description: RADIUS and PPPOE systems
default_jump: j1
defaults:
user: bogdan.timofte
port: 24
patterns:
'*.radius-db':
connect_timeout: 10
connection_attempts: 1
'*.radius-pppoe':
connect_timeout: 10
connection_attempts: 1
hosts:
radauti_radius_db:
aliases:
- radauti.radius-db
- 94.53.112.30
- 10.132.96.121
hostname: radauti.radius-db
pascani_radius_db:
aliases:
- pascani.radius-db
- 46.214.144.7
- 10.132.0.121
hostname: pascani.radius-db
falticeni_radius_db:
aliases:
- falticeni.radius-db
- 46.214.136.7
- 10.132.64.121
hostname: falticeni.radius-db
tg_frumos_radius_db:
aliases:
- tg_frumos.radius-db
- 94.53.170.7
- 10.132.32.121
hostname: tg_frumos.radius-db
buhusi_radius_db:
aliases:
- buhusi.radius-db
- 46.214.240.7
- 10.132.128.121
hostname: buhusi.radius-db
bucuresti_radius_pppoe:
aliases:
- bucuresti.radius-pppoe
- 188.173.1.29
hostname: bucuresti.radius-pppoe
legacy_public:
description: Legacy public VoIP jump
default_jump: j1
hosts:
voce_pub:
aliases:
- voce-pub
- voce-pub2
- 188.173.0.230
hostname: 188.173.0.230
user: bogdan
port: 22
imported_jump_hosts:
description: Hosts imported from J1/J2 user SSH configs
default_jump: j1
defaults:
user: bogdan.timofte
port: 24
hosts:
host_10_132_128_121:
aliases:
- 10.132.128.121
hostname: 10.132.128.121
host_188_173_0_163:
aliases:
- 188.173.0.163
hostname: 188.173.0.163
user: bogdan
host_188_173_0_141:
aliases:
- 188.173.0.141
hostname: 188.173.0.141
user: bogdan
noc:
description: NOC hosts grouped by function
default_jump: j1
defaults:
user: bogdan.timofte
port: 24
pve:
description: Proxmox hosts
default_jump: j1
hosts:
nocpve_nxdata1:
aliases:
- nocpve-nxdata1
- 188.173.1.112
- 10.253.51.24
hostname: 10.253.51.24
user: root
nocpve_nxdata2:
aliases:
- nocpve-nxdata2
- 188.173.1.116
- 10.253.51.25
hostname: 10.253.51.25
user: root
nocpve_ines1:
aliases:
- nocpve-ines1
- 188.173.1.117
- 10.253.51.27
hostname: 10.253.51.27
user: root
nocpve_ines2:
aliases:
- nocpve-ines2
- 188.173.1.118
- 10.253.51.28
hostname: 10.253.51.28
user: root
itpve_ines1:
aliases:
- itpve-ines1
- 188.173.0.211
- 10.253.51.211
hostname: 10.253.51.211
user: root
itpve_ines2:
aliases:
- itpve-ines2
- 188.173.0.212
- 10.253.51.212
hostname: 10.253.51.212
user: root
itpve_ines3:
aliases:
- itpve-ines3
- 188.173.0.213
- 10.253.51.213
hostname: 10.253.51.213
user: root
itpve_ines4:
aliases:
- itpve-ines4
- 188.173.0.222
- 10.253.51.222
hostname: 10.253.51.222
user: root
itpve_bns1:
aliases:
- itpve-bns1
- 188.173.0.201
- 10.253.51.201
hostname: 10.253.51.201
user: root
itpve_bns2:
aliases:
- itpve-bns2
- 188.173.0.202
- 10.253.51.202
hostname: 10.253.51.202
user: root
itpve_bns3:
aliases:
- itpve-bns3
- 188.173.0.203
- 10.253.51.203
hostname: 10.253.51.203
user: root
itpve_bns4:
aliases:
- itpve-bns4
- 188.173.0.220
- 10.253.51.204
hostname: 10.253.51.204
user: root
backup:
description: Backup hosts
default_jump: j1
hosts:
backup_bns_01:
aliases:
- backup-bns-01
- 188.173.1.83
hostname: 188.173.1.83
user: root
huawei_olts:
description: Huawei OLT access equipment with interactive password auth
default_jump: j1
defaults:
user: bogdan.timofte@next-gen.ro
port: 22
auth: password_interactive
hosts:
pascani_olt:
aliases:
- pascani.olt
hostname: pascani.olt
radauti_olt:
aliases:
- radauti.olt
- 10.132.96.50
hostname: radauti.olt
cisco_routers:
description: Cisco and similar managed devices with interactive password auth
default_jump: j1
defaults:
user: bogdan.timofte
port: 22
auth: password_interactive
hosts:
pascani_headend_cr01:
aliases:
- pascani.headend.cr01
- 10.132.0.97
hostname: pascani.headend.cr01
buhusi_headend_as01:
aliases:
- buhusi.headend.as01
- 10.132.128.11
hostname: buhusi.headend.as01
buhusi_headend_as02:
aliases:
- buhusi.headend.as02
- 10.132.128.12
hostname: buhusi.headend.as02
buhusi_headend_as03:
aliases:
- buhusi.headend.as03
- 10.132.128.13
hostname: buhusi.headend.as03
buhusi_headend_as04:
aliases:
- buhusi.headend.as04
- 10.132.128.14
hostname: buhusi.headend.as04
buhusi_headend_as05:
aliases:
- buhusi.headend.as05
- 10.132.128.15
hostname: buhusi.headend.as05
buhusi_headend_dr01:
aliases:
- buhusi.headend.dr01
- 10.132.128.1
hostname: buhusi.headend.dr01
buhusi_headend_ds02:
aliases:
- buhusi.headend.ds02
- 10.132.128.5
hostname: buhusi.headend.ds02
falticeni_headend_dr01:
aliases:
- falticeni.headend.dr01
- 10.132.64.1
hostname: falticeni.headend.dr01
falticeni_headend_ds02:
aliases:
- falticeni.headend.ds02
- 10.132.64.5
hostname: falticeni.headend.ds02
falticeni_headend_ds04:
aliases:
- falticeni.headend.ds04
- 10.132.64.7
hostname: falticeni.headend.ds04
pascani_headend_as01:
aliases:
- pascani.headend.as01
- 10.132.0.5
hostname: pascani.headend.as01
pascani_headend_dr01:
aliases:
- pascani.headend.dr01
- 10.132.0.1
hostname: pascani.headend.dr01
pascani_headend_dr02:
aliases:
- pascani.headend.dr02
- 10.132.0.100
hostname: pascani.headend.dr02
pascani_headend_dr03:
aliases:
- pascani.headend.dr03
- 10.132.0.99
hostname: pascani.headend.dr03
pascani_headend_ds01:
aliases:
- pascani.headend.ds01
- 10.132.0.3
hostname: pascani.headend.ds01
pascani_headend_tv01:
aliases:
- pascani.headend.tv01
- 10.132.0.101
hostname: pascani.headend.tv01
radauti_headend_as01:
aliases:
- radauti.headend.as01
- 10.132.96.11
hostname: radauti.headend.as01
radauti_headend_dr01:
aliases:
- radauti.headend.dr01
- 172.30.255.101
hostname: radauti.headend.dr01
tg_frumos_headend_as01:
aliases:
- tg_frumos.headend.as01
- 10.132.32.11
hostname: tg_frumos.headend.as01
tg_frumos_headend_dr01:
aliases:
- tg_frumos.headend.dr01
- 10.132.32.1
hostname: tg_frumos.headend.dr01
tg_frumos_headend_ds01:
aliases:
- tg_frumos.headend.ds01
- 10.132.32.3
hostname: tg_frumos.headend.ds01
network_switches:
description: DCN switches with interactive password auth
default_jump: j1
defaults:
user: bogdan.timofte
port: 22
auth: password_interactive
hosts:
buhusi_psw_010:
aliases:
- buhusi-psw-010
- 10.132.128.20
hostname: buhusi-psw-010
buhusi_psw_011:
aliases:
- buhusi-psw-011
- 10.132.128.21
hostname: buhusi-psw-011
buhusi_psw_012:
aliases:
- buhusi-psw-012
- 10.132.128.22
hostname: buhusi-psw-012
buhusi_psw_013:
aliases:
- buhusi-psw-013
- 10.132.128.23
hostname: buhusi-psw-013
buhusi_psw_014:
aliases:
- buhusi-psw-014
- 10.132.128.24
hostname: buhusi-psw-014
buhusi_silistea_psw_001:
aliases:
- buhusi.silistea.psw-001
- 10.132.128.50
hostname: buhusi.silistea.psw-001
falticeni_psw_110:
aliases:
- falticeni-psw-110
- 10.132.64.20
hostname: falticeni-psw-110
radauti_headend_ag001:
aliases:
- radauti.headend.ag001
- 10.132.96.12
hostname: radauti.headend.ag001
mikrotik_routers:
description: MikroTik CRS/CCR equipment with interactive password auth
default_jump: j1
defaults:
user: admin
port: 24
auth: password_interactive
hosts:
buhusi_mikrotik_dr01:
aliases:
- buhusi.mikrotik.dr01
- 10.132.128.110
hostname: buhusi.mikrotik.dr01
buhusi_mikrotik_ds01:
aliases:
- buhusi.mikrotik.ds01
- 10.132.128.100
hostname: buhusi.mikrotik.ds01
buhusi_mikrotik_pppoe01:
aliases:
- buhusi.mikrotik.pppoe01
- 10.132.128.111
hostname: buhusi.mikrotik.pppoe01
buhusi_mikrotik_pppoe02:
aliases:
- buhusi.mikrotik.pppoe02
- 10.132.128.112
hostname: buhusi.mikrotik.pppoe02
falticeni_mikrotik_dr01:
aliases:
- falticeni.mikrotik.dr01
- 10.132.64.110
hostname: falticeni.mikrotik.dr01
falticeni_mikrotik_ds01:
aliases:
- falticeni.mikrotik.ds01
- 10.132.64.100
hostname: falticeni.mikrotik.ds01
falticeni_mikrotik_pppoe1:
aliases:
- falticeni.mikrotik.pppoe1
- 10.132.64.111
hostname: falticeni.mikrotik.pppoe1
falticeni_mikrotik_pppoe2:
aliases:
- falticeni.mikrotik.pppoe2
- 10.132.64.112
hostname: falticeni.mikrotik.pppoe2
pascani_mikrotik_pppoe1:
aliases:
- pascani.mikrotik.pppoe1
- 10.132.0.111
hostname: pascani.mikrotik.pppoe1
pascani_mikrotik_pppoe2:
aliases:
- pascani.mikrotik.pppoe2
- 10.132.0.112
hostname: pascani.mikrotik.pppoe2
radauti_mikrotik_pppoe1:
aliases:
- radauti.mikrotik.pppoe1
- 10.132.96.111
hostname: radauti.mikrotik.pppoe1
radauti_mikrotik_pppoe2:
aliases:
- radauti.mikrotik.pppoe2
- 10.132.96.112
hostname: radauti.mikrotik.pppoe2
tg_frumos_mikrotik_dr01:
aliases:
- tg_frumos.mikrotik.dr01
- 94.53.170.1
hostname: tg_frumos.mikrotik.dr01
tg_frumos_mikrotik_pppoe1:
aliases:
- tg_frumos.mikrotik.pppoe1
- 10.132.32.111
hostname: tg_frumos.mikrotik.pppoe1