SSH-Infrastructure
/
inventory
/
hosts-local.yaml
1 contributor
# Local Organization SSH Inventory
#
# This file extends or replaces the nextgen inventory for local development,
# testing, and lab environments.
#
# Template structure follows nextgen/hosts.yaml for consistency.
version: 1
facts:
environment: local
organization: xdev
jump_default_port: 22
jump_default_user: bogdan
notes:
- Local lab and development infrastructure
- Uses SSH key-based auth on all machines
- is-jumper is the local entry point
ssh_options:
local_defaults:
description: Local SSH compatibility options (no legacy algorithms needed)
options:
ForwardAgent: yes
ForwardX11: no
PasswordAuthentication: no
HostbasedAuthentication: no
CheckHostIP: yes
StrictHostKeyChecking: accept-new
Tunnel: no
HashKnownHosts: yes
defaults:
jump:
user: bogdan
port: 22
final_host:
user: bogdan
port: 22
connect_timeout: 5
connection_attempts: 1
entrypoints:
is_jumper:
aliases: [is-jumper, 192.168.2.100]
hostname: 192.168.2.100
user: root
identity_file: ~/.ssh/keys/is-jumper_ed25519
identities_only: true
jumps:
j1:
aliases: [j1, j1-local]
hostname: 10.253.51.50
user: bogdan.timofte
port: 25904
role: primary
proxy_jump: is-jumper
j2:
aliases: [j2, j2-local]
hostname: 10.253.51.52
user: bogdan.timofte
port: 25904
role: failover
groups:
local_lab:
description: Local lab and testing machines
hosts:
lab_vm1:
aliases: [lab-vm1, lab1, 192.168.2.110]
hostname: 192.168.2.110
user: bogdan
lab_vm2:
aliases: [lab-vm2, lab2, 192.168.2.111]
hostname: 192.168.2.111
user: bogdan
lab_vm3:
aliases: [lab-vm3, lab3, 192.168.2.112]
hostname: 192.168.2.112
user: bogdan
lab_router:
aliases: [lab-router, router, 192.168.2.1]
hostname: 192.168.2.1
user: admin
lab_switch:
aliases: [lab-switch, switch, 192.168.2.2]
hostname: 192.168.2.2
user: admin
local_servers:
description: Local production/staging servers
hosts:
local_nexgen:
aliases: [local-nextgen, nextgen-local, 192.168.2.103]
hostname: 192.168.2.103
user: bogdan
local_backup:
aliases: [local-backup, backup, 192.168.2.105]
hostname: 192.168.2.105
user: bogdan
local_mgmt:
aliases: [local-mgmt, mgmt, management, 192.168.2.104]
hostname: 192.168.2.104
user: bogdan
local_mon:
aliases: [local-mon, monitoring, zabbix, 192.168.2.106]
hostname: 192.168.2.106
user: bogdan
development:
description: Development and build machines
hosts:
dev_build:
aliases: [dev-build, builder, 192.168.2.120]
hostname: 192.168.2.120
user: bogdan
dev_test:
aliases: [dev-test, tester, 192.168.2.121]
hostname: 192.168.2.121
user: bogdan
dev_docs:
aliases: [dev-docs, documentation, 192.168.2.122]
hostname: 192.168.2.122
user: bogdan
reference_infrastructure:
description: Reference to company infrastructure (for testing routing)
default_jump: j1
hosts:
ref_pbx_bo:
aliases: [ref-pbx-bo, pbx-bo, 10.253.51.135]
hostname: 10.253.51.135
user: bogdan
ref_porta_db:
aliases: [ref-porta-db, porta-db, 193.16.148.11]
hostname: 193.16.148.11
user: bogdan
ref_sbc0:
aliases: [ref-sbc0, sbc0, 10.253.51.130]
hostname: 10.253.51.130
user: bogdan
ref_sbc1:
aliases: [ref-sbc1, sbc1, 10.253.51.131]
hostname: 10.253.51.131
user: bogdan
legacy_infrastructure:
description: Legacy xdev.ro and mondo-byte.ro historical servers (local direct access)
defaults:
route: local
hosts:
# xdev.ro hosts - entry point
is_jumper:
aliases: [is-jumper, is-vpn-gw]
hostname: 192.168.2.100
user: root
proxy_jump: none
identity_file: ~/.ssh/keys/is-jumper_ed25519
identities_only: true
# xdev.ro local network hosts (accessed via is-jumper)
is_mazeri:
aliases: [is-mazeri]
hostname: 192.168.2.102
user: root
is_toltec:
aliases: [is-toltec]
hostname: 192.168.2.103
user: root
is_baobab:
aliases: [is-baobab]
hostname: 192.168.2.91
user: root
is_ebony:
aliases: [is-ebony]
hostname: 192.168.2.92
user: root
is_tapia:
aliases: [is-tapia]
hostname: 192.168.2.93
user: root
is_anjohibe:
aliases: [is-anjohibe]
hostname: 192.168.2.95
user: root
is_andrafiabe:
aliases: [is-andrafiabe]
hostname: 192.168.2.96
user: root
is_mat:
aliases: [is-mat]
hostname: 192.168.2.133
user: root
is_nasturel:
aliases: [is-nasturel]
hostname: 192.168.2.144
user: sshd
# mondo-byte.ro hosts (accessed via is-jumper)
mt_rabit:
aliases: [mt-rabit]
hostname: 89.32.216.4
user: root
mt_xpider:
aliases: [mt-xpider]
hostname: 89.32.216.5
user: root
access_policies:
rules:
- description: All local hosts use direct SSH (no jump)
scope: group:local_lab,local_servers,development,legacy_infrastructure
access: direct
- description: Reference hosts route through J1 jump
scope: group:reference_infrastructure
access: via_jump
jump_host: j1
auth_method: key