SSH-Infrastructure
/
inventory
/
hosts.yaml
1 contributor
version: 1
facts:
jump_default_port: 24
jump_default_user: bogdan.timofte
common_distribution_user: bogdan
notes:
- Most distributions do not like dots in local usernames, so most final-host installs use bogdan.
- In bogdan/root import conflicts, bogdan wins.
ssh_options:
legacy_compatibility:
description: Company-managed jump global ssh_config compatibility options
options:
KexAlgorithms: +diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
Ciphers: +aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
HostKeyAlgorithms: +ssh-rsa
PubkeyAcceptedAlgorithms: +ssh-rsa
ForwardAgent: yes
ForwardX11: no
PasswordAuthentication: yes
HostbasedAuthentication: no
CheckHostIP: yes
StrictHostKeyChecking: ask
Tunnel: no
SendEnv: LANG LC_* GIT_* ANSIBLE_*
HashKnownHosts: yes
company_managed:
jump_hosts:
inherit_globals_on_targets: [j1, j2]
match_defaults:
- patterns: ["*.dr0?", "*.ar0?", "*.cr01", "*.br01", "*.as??", "*.cs0?", "*.tv01", "*.ds0?", "bucuresti.ines.dcm01", "bucuresti.nxdata.voip", "bucuresti.dolce.tv01", "*dasan*"]
user: bogdan.timofte
port: 22
- patterns: ["*.olt"]
user: bogdan.timofte@next-gen.ro
port: 22
- patterns: ["*.dhcp", "*.shaper*", "*.sentinel", "*.scan", "redmine", "speedtest", "webdevel", "scripting", "zabbix", "itpve-*", "cacti", "mx", "bucuresti.radius-pppoe", "flood-detector", "tacacs2", "tacacs1", "ns2", "ns1", "backup1", "gitlab", "nlg", "nexus", "dhcp-cmts", "*.radius-db", "jump1", "aggregator-buc", "mappix", "docker.*", "cpanel", "jump2", "nocpve-*", "ocvpn"]
user: bogdan.timofte
port: 24
defaults:
jump:
user: bogdan.timofte
port: 24
final_host:
user: bogdan
port: 22
connect_timeout: 10
connection_attempts: 1
entrypoints:
is_jumper:
aliases: [is-jumper]
hostname: 192.168.2.100
user: root
identity_file: ~/.ssh/keys/is-jumper_ed25519
identities_only: true
jumps:
j1:
aliases: [j1]
hostname: 10.253.51.50
port: 25904
role: primary_vpn
j2:
aliases: [j2]
hostname: 10.253.51.52
port: 25904
role: failover_vpn
j1_public:
aliases: [j1]
hostname: j1.next-gen.ro
port: 25904
role: emergency_public
j2_public:
aliases: [j2]
hostname: j2.next-gen.ro
port: 25904
role: emergency_public
groups:
voip_applications:
description: PBX systems
default_jump: j1
hosts:
vo52:
aliases: [vo52, vo522, vo52-new, 10.253.51.140]
hostname: 10.253.51.140
user: root
vo52_old:
aliases: [vo52-old]
hostname: 193.16.148.152
user: root
vo53:
aliases: [vo53, 193.16.148.153]
hostname: 193.16.148.153
port: 60011
elastix:
aliases: [elastix, 10.253.50.62, 188.173.1.15]
hostname: 10.253.50.62
user: root
ss7:
aliases: [ss7]
hostname: 10.253.51.138
user: root
voip_pbx_dispecerat:
aliases: [voip-pbx-dispeceri, pbx-dispeceri, 10.253.51.134]
hostname: 10.253.51.134
user: bogdan
voip_pbx_bo:
aliases: [voip-pbx-bo, pbx-bo, 10.253.51.135]
hostname: 10.253.51.135
user: bogdan
voip_network:
description: VoIP network infrastructure
default_jump: j1
hosts:
sbc0:
aliases: [sbc0, 10.253.51.130, 10.20.30.10, 193.16.148.197]
hostname: 10.253.51.130
sbc1:
aliases: [sbc1, 10.253.51.131, 10.20.30.10, 193.16.148.194, 193.16.148.195, 193.16.148.196, 193.16.148.198, 193.16.148.199]
hostname: 10.253.51.131
sbc2:
aliases: [sbc2, 10.253.51.132, 10.20.30.11]
hostname: 10.253.51.132
voip_prov:
aliases: [voip-prov, 10.253.51.139]
hostname: 10.253.51.139
portabilitate:
aliases: [portabilitate, bdc, 10.253.51.133, 89.165.199.20, 89.165.232.232]
hostname: 10.253.51.133
porta:
description: PortaOne MR30 legacy
default_jump: j1
hosts:
porta_sip:
aliases: [porta-sip, p12-sip, p12, p12.voip.ro, 193.16.148.4]
hostname: 193.16.148.4
porta_web:
aliases: [porta-web, porta-api, porta-slave, porta7, telefonie.next-gen.ro, 193.16.148.7]
hostname: 193.16.148.7
porta_db:
aliases: [porta-db, porta-master, porta1, 193.16.148.11]
hostname: 193.16.148.11
porta_config:
aliases: [porta-config, porta-configurator, 193.16.148.13]
hostname: 193.16.148.13
pppoe:
description: RADIUS and PPPOE systems
default_jump: j1
defaults:
user: bogdan.timofte
port: 24
patterns:
"*.radius-db":
connect_timeout: 10
connection_attempts: 1
"*.radius-pppoe":
connect_timeout: 10
connection_attempts: 1
hosts:
radauti_radius_db:
aliases: [radauti.radius-db, 94.53.112.30, 10.132.96.121]
hostname: radauti.radius-db
pascani_radius_db:
aliases: [pascani.radius-db, 46.214.144.7, 10.132.0.121]
hostname: pascani.radius-db
falticeni_radius_db:
aliases: [falticeni.radius-db, 46.214.136.7, 10.132.64.121]
hostname: falticeni.radius-db
tg_frumos_radius_db:
aliases: [tg_frumos.radius-db, 94.53.170.7, 10.132.32.121]
hostname: tg_frumos.radius-db
buhusi_radius_db:
aliases: [buhusi.radius-db, 46.214.240.7, 10.132.128.121]
hostname: buhusi.radius-db
bucuresti_radius_pppoe:
aliases: [bucuresti.radius-pppoe, 188.173.1.29]
hostname: bucuresti.radius-pppoe
legacy_public:
description: Legacy public VoIP jump
default_jump: j1
hosts:
voce_pub:
aliases: [voce-pub, voce-pub2, 188.173.0.230]
hostname: 188.173.0.230
user: bogdan
port: 22
imported_jump_hosts:
description: Hosts imported from J1/J2 user SSH configs
default_jump: j1
defaults:
user: bogdan.timofte
port: 24
hosts:
host_10_132_128_121:
aliases: [10.132.128.121]
hostname: 10.132.128.121
host_188_173_0_163:
aliases: [188.173.0.163]
hostname: 188.173.0.163
user: bogdan
host_188_173_0_141:
aliases: [188.173.0.141]
hostname: 188.173.0.141
user: bogdan
noc:
description: NOC hosts grouped by function
default_jump: j1
defaults:
user: bogdan.timofte
port: 24
pve:
description: Proxmox hosts
default_jump: j1
hosts:
nocpve_nxdata1:
aliases: [nocpve-nxdata1, 188.173.1.112, 10.253.51.24]
hostname: 10.253.51.24
user: root
nocpve_nxdata2:
aliases: [nocpve-nxdata2, 188.173.1.116, 10.253.51.25]
hostname: 10.253.51.25
user: root
nocpve_ines1:
aliases: [nocpve-ines1, 188.173.1.117, 10.253.51.27]
hostname: 10.253.51.27
user: root
nocpve_ines2:
aliases: [nocpve-ines2, 188.173.1.118, 10.253.51.28]
hostname: 10.253.51.28
user: root
itpve_ines1:
aliases: [itpve-ines1, 188.173.0.211, 10.253.51.211]
hostname: 10.253.51.211
user: root
itpve_ines2:
aliases: [itpve-ines2, 188.173.0.212, 10.253.51.212]
hostname: 10.253.51.212
user: root
itpve_ines3:
aliases: [itpve-ines3, 188.173.0.213, 10.253.51.213]
hostname: 10.253.51.213
user: root
itpve_ines4:
aliases: [itpve-ines4, 188.173.0.222, 10.253.51.222]
hostname: 10.253.51.222
user: root
itpve_bns1:
aliases: [itpve-bns1, 188.173.0.201, 10.253.51.201]
hostname: 10.253.51.201
user: root
itpve_bns2:
aliases: [itpve-bns2, 188.173.0.202, 10.253.51.202]
hostname: 10.253.51.202
user: root
itpve_bns3:
aliases: [itpve-bns3, 188.173.0.203, 10.253.51.203]
hostname: 10.253.51.203
user: root
itpve_bns4:
aliases: [itpve-bns4, 188.173.0.220, 10.253.51.204]
hostname: 10.253.51.204
user: root
backup:
description: Backup hosts
default_jump: j1
hosts:
backup_bns_01:
aliases: [backup-bns-01, 188.173.1.83]
hostname: 188.173.1.83
user: root
huawei_olts:
description: Huawei OLT access equipment with interactive password auth
default_jump: j1
defaults:
user: bogdan.timofte@next-gen.ro
port: 22
auth: password_interactive
hosts:
pascani_olt:
aliases: [pascani.olt]
hostname: pascani.olt
radauti_olt:
aliases: [radauti.olt, 10.132.96.50]
hostname: radauti.olt
cisco_routers:
description: Cisco and similar managed devices with interactive password auth
default_jump: j1
defaults:
user: bogdan.timofte
port: 22
auth: password_interactive
hosts:
pascani_headend_cr01:
aliases: [pascani.headend.cr01, 10.132.0.97]
hostname: pascani.headend.cr01
buhusi_headend_as01:
aliases: [buhusi.headend.as01, 10.132.128.11]
hostname: buhusi.headend.as01
buhusi_headend_as02:
aliases: [buhusi.headend.as02, 10.132.128.12]
hostname: buhusi.headend.as02
buhusi_headend_as03:
aliases: [buhusi.headend.as03, 10.132.128.13]
hostname: buhusi.headend.as03
buhusi_headend_as04:
aliases: [buhusi.headend.as04, 10.132.128.14]
hostname: buhusi.headend.as04
buhusi_headend_as05:
aliases: [buhusi.headend.as05, 10.132.128.15]
hostname: buhusi.headend.as05
buhusi_headend_dr01:
aliases: [buhusi.headend.dr01, 10.132.128.1]
hostname: buhusi.headend.dr01
buhusi_headend_ds02:
aliases: [buhusi.headend.ds02, 10.132.128.5]
hostname: buhusi.headend.ds02
falticeni_headend_dr01:
aliases: [falticeni.headend.dr01, 10.132.64.1]
hostname: falticeni.headend.dr01
falticeni_headend_ds02:
aliases: [falticeni.headend.ds02, 10.132.64.5]
hostname: falticeni.headend.ds02
falticeni_headend_ds04:
aliases: [falticeni.headend.ds04, 10.132.64.7]
hostname: falticeni.headend.ds04
pascani_headend_as01:
aliases: [pascani.headend.as01, 10.132.0.5]
hostname: pascani.headend.as01
pascani_headend_dr01:
aliases: [pascani.headend.dr01, 10.132.0.1]
hostname: pascani.headend.dr01
pascani_headend_dr02:
aliases: [pascani.headend.dr02, 10.132.0.100]
hostname: pascani.headend.dr02
pascani_headend_dr03:
aliases: [pascani.headend.dr03, 10.132.0.99]
hostname: pascani.headend.dr03
pascani_headend_ds01:
aliases: [pascani.headend.ds01, 10.132.0.3]
hostname: pascani.headend.ds01
pascani_headend_tv01:
aliases: [pascani.headend.tv01, 10.132.0.101]
hostname: pascani.headend.tv01
radauti_headend_as01:
aliases: [radauti.headend.as01, 10.132.96.11]
hostname: radauti.headend.as01
radauti_headend_dr01:
aliases: [radauti.headend.dr01, 172.30.255.101]
hostname: radauti.headend.dr01
tg_frumos_headend_as01:
aliases: [tg_frumos.headend.as01, 10.132.32.11]
hostname: tg_frumos.headend.as01
tg_frumos_headend_dr01:
aliases: [tg_frumos.headend.dr01, 10.132.32.1]
hostname: tg_frumos.headend.dr01
tg_frumos_headend_ds01:
aliases: [tg_frumos.headend.ds01, 10.132.32.3]
hostname: tg_frumos.headend.ds01
network_switches:
description: DCN switches with interactive password auth
default_jump: j1
defaults:
user: bogdan.timofte
port: 22
auth: password_interactive
hosts:
buhusi_psw_010:
aliases: [buhusi-psw-010, 10.132.128.20]
hostname: buhusi-psw-010
buhusi_psw_011:
aliases: [buhusi-psw-011, 10.132.128.21]
hostname: buhusi-psw-011
buhusi_psw_012:
aliases: [buhusi-psw-012, 10.132.128.22]
hostname: buhusi-psw-012
buhusi_psw_013:
aliases: [buhusi-psw-013, 10.132.128.23]
hostname: buhusi-psw-013
buhusi_psw_014:
aliases: [buhusi-psw-014, 10.132.128.24]
hostname: buhusi-psw-014
buhusi_silistea_psw_001:
aliases: [buhusi.silistea.psw-001, 10.132.128.50]
hostname: buhusi.silistea.psw-001
falticeni_psw_110:
aliases: [falticeni-psw-110, 10.132.64.20]
hostname: falticeni-psw-110
radauti_headend_ag001:
aliases: [radauti.headend.ag001, 10.132.96.12]
hostname: radauti.headend.ag001
mikrotik_routers:
description: MikroTik CRS/CCR equipment with interactive password auth
default_jump: j1
defaults:
user: admin
port: 24
auth: password_interactive
hosts:
buhusi_mikrotik_dr01:
aliases: [buhusi.mikrotik.dr01, 10.132.128.110]
hostname: buhusi.mikrotik.dr01
buhusi_mikrotik_ds01:
aliases: [buhusi.mikrotik.ds01, 10.132.128.100]
hostname: buhusi.mikrotik.ds01
buhusi_mikrotik_pppoe01:
aliases: [buhusi.mikrotik.pppoe01, 10.132.128.111]
hostname: buhusi.mikrotik.pppoe01
buhusi_mikrotik_pppoe02:
aliases: [buhusi.mikrotik.pppoe02, 10.132.128.112]
hostname: buhusi.mikrotik.pppoe02
falticeni_mikrotik_dr01:
aliases: [falticeni.mikrotik.dr01, 10.132.64.110]
hostname: falticeni.mikrotik.dr01
falticeni_mikrotik_ds01:
aliases: [falticeni.mikrotik.ds01, 10.132.64.100]
hostname: falticeni.mikrotik.ds01
falticeni_mikrotik_pppoe1:
aliases: [falticeni.mikrotik.pppoe1, 10.132.64.111]
hostname: falticeni.mikrotik.pppoe1
falticeni_mikrotik_pppoe2:
aliases: [falticeni.mikrotik.pppoe2, 10.132.64.112]
hostname: falticeni.mikrotik.pppoe2
pascani_mikrotik_pppoe1:
aliases: [pascani.mikrotik.pppoe1, 10.132.0.111]
hostname: pascani.mikrotik.pppoe1
pascani_mikrotik_pppoe2:
aliases: [pascani.mikrotik.pppoe2, 10.132.0.112]
hostname: pascani.mikrotik.pppoe2
radauti_mikrotik_pppoe1:
aliases: [radauti.mikrotik.pppoe1, 10.132.96.111]
hostname: radauti.mikrotik.pppoe1
radauti_mikrotik_pppoe2:
aliases: [radauti.mikrotik.pppoe2, 10.132.96.112]
hostname: radauti.mikrotik.pppoe2
tg_frumos_mikrotik_dr01:
aliases: [tg_frumos.mikrotik.dr01, 94.53.170.1]
hostname: tg_frumos.mikrotik.dr01
tg_frumos_mikrotik_pppoe1:
aliases: [tg_frumos.mikrotik.pppoe1, 10.132.32.111]
hostname: tg_frumos.mikrotik.pppoe1