version: 1 facts: jump_default_port: 24 jump_default_user: bogdan.timofte common_distribution_user: bogdan notes: - Most distributions do not like dots in local usernames, so most final-host installs use bogdan. - In bogdan/root import conflicts, bogdan wins. ssh_options: legacy_compatibility: description: Company-managed jump global ssh_config compatibility options options: KexAlgorithms: +diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 Ciphers: +aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc HostKeyAlgorithms: +ssh-rsa PubkeyAcceptedAlgorithms: +ssh-rsa ForwardAgent: true ForwardX11: false PasswordAuthentication: true HostbasedAuthentication: false CheckHostIP: true StrictHostKeyChecking: ask Tunnel: false SendEnv: LANG LC_* GIT_* ANSIBLE_* HashKnownHosts: true company_managed: jump_hosts: inherit_globals_on_targets: - j1 - j2 match_defaults: - patterns: - '*.dr0?' - '*.ar0?' - '*.cr01' - '*.br01' - '*.as??' - '*.cs0?' - '*.tv01' - '*.ds0?' - bucuresti.ines.dcm01 - bucuresti.nxdata.voip - bucuresti.dolce.tv01 - '*dasan*' user: bogdan.timofte port: 22 - patterns: - '*.olt' user: bogdan.timofte@next-gen.ro port: 22 - patterns: - '*.dhcp' - '*.shaper*' - '*.sentinel' - '*.scan' - redmine - speedtest - webdevel - scripting - zabbix - itpve-* - cacti - mx - bucuresti.radius-pppoe - flood-detector - tacacs2 - tacacs1 - ns2 - ns1 - backup1 - gitlab - nlg - nexus - dhcp-cmts - '*.radius-db' - jump1 - aggregator-buc - mappix - docker.* - cpanel - jump2 - nocpve-* - ocvpn user: bogdan.timofte port: 24 defaults: jump: user: bogdan.timofte port: 24 final_host: user: bogdan port: 22 connect_timeout: 10 connection_attempts: 1 entrypoints: is_jumper: aliases: - is-jumper hostname: 192.168.2.100 user: root identity_file: ~/.ssh/keys/is-jumper_ed25519 identities_only: true jumps: j1: aliases: - j1 hostname: 10.253.51.50 port: 25904 role: primary_vpn j2: aliases: - j2 hostname: 10.253.51.52 port: 25904 role: failover_vpn j1_public: aliases: - j1 hostname: j1.next-gen.ro port: 25904 role: emergency_public j2_public: aliases: - j2 hostname: j2.next-gen.ro port: 25904 role: emergency_public groups: voip_applications: description: PBX systems default_jump: j1 hosts: vo52: aliases: - vo52 - vo522 - vo52-new - 10.253.51.140 hostname: 10.253.51.140 user: root vo52_old: aliases: - vo52-old hostname: 193.16.148.152 user: root vo53: aliases: - vo53 - 193.16.148.153 hostname: 193.16.148.153 port: 60011 elastix: aliases: - elastix - 10.253.50.62 - 188.173.1.15 hostname: 10.253.50.62 user: root ss7: aliases: - ss7 hostname: 10.253.51.138 user: root voip_pbx_dispecerat: aliases: - voip-pbx-dispeceri - pbx-dispeceri - 10.253.51.134 hostname: 10.253.51.134 user: bogdan voip_pbx_bo: aliases: - voip-pbx-bo - pbx-bo - 10.253.51.135 hostname: 10.253.51.135 user: bogdan voip_network: description: VoIP network infrastructure default_jump: j1 hosts: sbc0: aliases: - sbc0 - 10.253.51.130 - 10.20.30.10 - 193.16.148.197 hostname: 10.253.51.130 sbc1: aliases: - sbc1 - 10.253.51.131 - 10.20.30.10 - 193.16.148.194 - 193.16.148.195 - 193.16.148.196 - 193.16.148.198 - 193.16.148.199 hostname: 10.253.51.131 sbc2: aliases: - sbc2 - 10.253.51.132 - 10.20.30.11 hostname: 10.253.51.132 voip_prov: aliases: - voip-prov - 10.253.51.139 hostname: 10.253.51.139 portabilitate: aliases: - portabilitate - bdc - 10.253.51.133 - 89.165.199.20 - 89.165.232.232 hostname: 10.253.51.133 porta: description: PortaOne MR30 legacy default_jump: j1 hosts: porta_sip: aliases: - porta-sip - p12-sip - p12 - p12.voip.ro - 193.16.148.4 hostname: 193.16.148.4 porta_web: aliases: - porta-web - porta-api - porta-slave - porta7 - telefonie.next-gen.ro - 193.16.148.7 hostname: 193.16.148.7 porta_db: aliases: - porta-db - porta-master - porta1 - 193.16.148.11 hostname: 193.16.148.11 porta_config: aliases: - porta-config - porta-configurator - 193.16.148.13 hostname: 193.16.148.13 pppoe: description: RADIUS and PPPOE systems default_jump: j1 defaults: user: bogdan.timofte port: 24 patterns: '*.radius-db': connect_timeout: 10 connection_attempts: 1 '*.radius-pppoe': connect_timeout: 10 connection_attempts: 1 hosts: radauti_radius_db: aliases: - radauti.radius-db - 94.53.112.30 - 10.132.96.121 hostname: radauti.radius-db pascani_radius_db: aliases: - pascani.radius-db - 46.214.144.7 - 10.132.0.121 hostname: pascani.radius-db falticeni_radius_db: aliases: - falticeni.radius-db - 46.214.136.7 - 10.132.64.121 hostname: falticeni.radius-db tg_frumos_radius_db: aliases: - tg_frumos.radius-db - 94.53.170.7 - 10.132.32.121 hostname: tg_frumos.radius-db buhusi_radius_db: aliases: - buhusi.radius-db - 46.214.240.7 - 10.132.128.121 hostname: buhusi.radius-db bucuresti_radius_pppoe: aliases: - bucuresti.radius-pppoe - 188.173.1.29 hostname: bucuresti.radius-pppoe legacy_public: description: Legacy public VoIP jump default_jump: j1 hosts: voce_pub: aliases: - voce-pub - voce-pub2 - 188.173.0.230 hostname: 188.173.0.230 user: bogdan port: 22 imported_jump_hosts: description: Hosts imported from J1/J2 user SSH configs default_jump: j1 defaults: user: bogdan.timofte port: 24 hosts: host_10_132_128_121: aliases: - 10.132.128.121 hostname: 10.132.128.121 host_188_173_0_163: aliases: - 188.173.0.163 hostname: 188.173.0.163 user: bogdan host_188_173_0_141: aliases: - 188.173.0.141 hostname: 188.173.0.141 user: bogdan noc: description: NOC hosts grouped by function default_jump: j1 defaults: user: bogdan.timofte port: 24 pve: description: Proxmox hosts default_jump: j1 hosts: nocpve_nxdata1: aliases: - nocpve-nxdata1 - 188.173.1.112 - 10.253.51.24 hostname: 10.253.51.24 user: root nocpve_nxdata2: aliases: - nocpve-nxdata2 - 188.173.1.116 - 10.253.51.25 hostname: 10.253.51.25 user: root nocpve_ines1: aliases: - nocpve-ines1 - 188.173.1.117 - 10.253.51.27 hostname: 10.253.51.27 user: root nocpve_ines2: aliases: - nocpve-ines2 - 188.173.1.118 - 10.253.51.28 hostname: 10.253.51.28 user: root itpve_ines1: aliases: - itpve-ines1 - 188.173.0.211 - 10.253.51.211 hostname: 10.253.51.211 user: root itpve_ines2: aliases: - itpve-ines2 - 188.173.0.212 - 10.253.51.212 hostname: 10.253.51.212 user: root itpve_ines3: aliases: - itpve-ines3 - 188.173.0.213 - 10.253.51.213 hostname: 10.253.51.213 user: root itpve_ines4: aliases: - itpve-ines4 - 188.173.0.222 - 10.253.51.222 hostname: 10.253.51.222 user: root itpve_bns1: aliases: - itpve-bns1 - 188.173.0.201 - 10.253.51.201 hostname: 10.253.51.201 user: root itpve_bns2: aliases: - itpve-bns2 - 188.173.0.202 - 10.253.51.202 hostname: 10.253.51.202 user: root itpve_bns3: aliases: - itpve-bns3 - 188.173.0.203 - 10.253.51.203 hostname: 10.253.51.203 user: root itpve_bns4: aliases: - itpve-bns4 - 188.173.0.220 - 10.253.51.204 hostname: 10.253.51.204 user: root backup: description: Backup hosts default_jump: j1 hosts: backup_bns_01: aliases: - backup-bns-01 - 188.173.1.83 hostname: 188.173.1.83 user: root huawei_olts: description: Huawei OLT access equipment with interactive password auth default_jump: j1 defaults: user: bogdan.timofte@next-gen.ro port: 22 auth: password_interactive hosts: pascani_olt: aliases: - pascani.olt hostname: pascani.olt radauti_olt: aliases: - radauti.olt - 10.132.96.50 hostname: radauti.olt cisco_routers: description: Cisco and similar managed devices with interactive password auth default_jump: j1 defaults: user: bogdan.timofte port: 22 auth: password_interactive hosts: pascani_headend_cr01: aliases: - pascani.headend.cr01 - 10.132.0.97 hostname: pascani.headend.cr01 buhusi_headend_as01: aliases: - buhusi.headend.as01 - 10.132.128.11 hostname: buhusi.headend.as01 buhusi_headend_as02: aliases: - buhusi.headend.as02 - 10.132.128.12 hostname: buhusi.headend.as02 buhusi_headend_as03: aliases: - buhusi.headend.as03 - 10.132.128.13 hostname: buhusi.headend.as03 buhusi_headend_as04: aliases: - buhusi.headend.as04 - 10.132.128.14 hostname: buhusi.headend.as04 buhusi_headend_as05: aliases: - buhusi.headend.as05 - 10.132.128.15 hostname: buhusi.headend.as05 buhusi_headend_dr01: aliases: - buhusi.headend.dr01 - 10.132.128.1 hostname: buhusi.headend.dr01 buhusi_headend_ds02: aliases: - buhusi.headend.ds02 - 10.132.128.5 hostname: buhusi.headend.ds02 falticeni_headend_dr01: aliases: - falticeni.headend.dr01 - 10.132.64.1 hostname: falticeni.headend.dr01 falticeni_headend_ds02: aliases: - falticeni.headend.ds02 - 10.132.64.5 hostname: falticeni.headend.ds02 falticeni_headend_ds04: aliases: - falticeni.headend.ds04 - 10.132.64.7 hostname: falticeni.headend.ds04 pascani_headend_as01: aliases: - pascani.headend.as01 - 10.132.0.5 hostname: pascani.headend.as01 pascani_headend_dr01: aliases: - pascani.headend.dr01 - 10.132.0.1 hostname: pascani.headend.dr01 pascani_headend_dr02: aliases: - pascani.headend.dr02 - 10.132.0.100 hostname: pascani.headend.dr02 pascani_headend_dr03: aliases: - pascani.headend.dr03 - 10.132.0.99 hostname: pascani.headend.dr03 pascani_headend_ds01: aliases: - pascani.headend.ds01 - 10.132.0.3 hostname: pascani.headend.ds01 pascani_headend_tv01: aliases: - pascani.headend.tv01 - 10.132.0.101 hostname: pascani.headend.tv01 radauti_headend_as01: aliases: - radauti.headend.as01 - 10.132.96.11 hostname: radauti.headend.as01 radauti_headend_dr01: aliases: - radauti.headend.dr01 - 172.30.255.101 hostname: radauti.headend.dr01 tg_frumos_headend_as01: aliases: - tg_frumos.headend.as01 - 10.132.32.11 hostname: tg_frumos.headend.as01 tg_frumos_headend_dr01: aliases: - tg_frumos.headend.dr01 - 10.132.32.1 hostname: tg_frumos.headend.dr01 tg_frumos_headend_ds01: aliases: - tg_frumos.headend.ds01 - 10.132.32.3 hostname: tg_frumos.headend.ds01 network_switches: description: DCN switches with interactive password auth default_jump: j1 defaults: user: bogdan.timofte port: 22 auth: password_interactive hosts: buhusi_psw_010: aliases: - buhusi-psw-010 - 10.132.128.20 hostname: buhusi-psw-010 buhusi_psw_011: aliases: - buhusi-psw-011 - 10.132.128.21 hostname: buhusi-psw-011 buhusi_psw_012: aliases: - buhusi-psw-012 - 10.132.128.22 hostname: buhusi-psw-012 buhusi_psw_013: aliases: - buhusi-psw-013 - 10.132.128.23 hostname: buhusi-psw-013 buhusi_psw_014: aliases: - buhusi-psw-014 - 10.132.128.24 hostname: buhusi-psw-014 buhusi_silistea_psw_001: aliases: - buhusi.silistea.psw-001 - 10.132.128.50 hostname: buhusi.silistea.psw-001 falticeni_psw_110: aliases: - falticeni-psw-110 - 10.132.64.20 hostname: falticeni-psw-110 radauti_headend_ag001: aliases: - radauti.headend.ag001 - 10.132.96.12 hostname: radauti.headend.ag001 mikrotik_routers: description: MikroTik CRS/CCR equipment with interactive password auth default_jump: j1 defaults: user: admin port: 24 auth: password_interactive hosts: buhusi_mikrotik_dr01: aliases: - buhusi.mikrotik.dr01 - 10.132.128.110 hostname: buhusi.mikrotik.dr01 buhusi_mikrotik_ds01: aliases: - buhusi.mikrotik.ds01 - 10.132.128.100 hostname: buhusi.mikrotik.ds01 buhusi_mikrotik_pppoe01: aliases: - buhusi.mikrotik.pppoe01 - 10.132.128.111 hostname: buhusi.mikrotik.pppoe01 buhusi_mikrotik_pppoe02: aliases: - buhusi.mikrotik.pppoe02 - 10.132.128.112 hostname: buhusi.mikrotik.pppoe02 falticeni_mikrotik_dr01: aliases: - falticeni.mikrotik.dr01 - 10.132.64.110 hostname: falticeni.mikrotik.dr01 falticeni_mikrotik_ds01: aliases: - falticeni.mikrotik.ds01 - 10.132.64.100 hostname: falticeni.mikrotik.ds01 falticeni_mikrotik_pppoe1: aliases: - falticeni.mikrotik.pppoe1 - 10.132.64.111 hostname: falticeni.mikrotik.pppoe1 falticeni_mikrotik_pppoe2: aliases: - falticeni.mikrotik.pppoe2 - 10.132.64.112 hostname: falticeni.mikrotik.pppoe2 pascani_mikrotik_pppoe1: aliases: - pascani.mikrotik.pppoe1 - 10.132.0.111 hostname: pascani.mikrotik.pppoe1 pascani_mikrotik_pppoe2: aliases: - pascani.mikrotik.pppoe2 - 10.132.0.112 hostname: pascani.mikrotik.pppoe2 radauti_mikrotik_pppoe1: aliases: - radauti.mikrotik.pppoe1 - 10.132.96.111 hostname: radauti.mikrotik.pppoe1 radauti_mikrotik_pppoe2: aliases: - radauti.mikrotik.pppoe2 - 10.132.96.112 hostname: radauti.mikrotik.pppoe2 tg_frumos_mikrotik_dr01: aliases: - tg_frumos.mikrotik.dr01 - 94.53.170.1 hostname: tg_frumos.mikrotik.dr01 tg_frumos_mikrotik_pppoe1: aliases: - tg_frumos.mikrotik.pppoe1 - 10.132.32.111 hostname: tg_frumos.mikrotik.pppoe1