version: 1 facts: jump_default_port: 24 jump_default_user: bogdan.timofte common_distribution_user: bogdan notes: - Most distributions do not like dots in local usernames, so most final-host installs use bogdan. - In bogdan/root import conflicts, bogdan wins. ssh_options: legacy_compatibility: description: Company-managed jump global ssh_config compatibility options options: KexAlgorithms: +diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 Ciphers: +aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc HostKeyAlgorithms: +ssh-rsa PubkeyAcceptedAlgorithms: +ssh-rsa ForwardAgent: yes ForwardX11: no PasswordAuthentication: yes HostbasedAuthentication: no CheckHostIP: yes StrictHostKeyChecking: ask Tunnel: no SendEnv: LANG LC_* GIT_* ANSIBLE_* HashKnownHosts: yes company_managed: jump_hosts: inherit_globals_on_targets: [j1, j2] match_defaults: - patterns: ["*.dr0?", "*.ar0?", "*.cr01", "*.br01", "*.as??", "*.cs0?", "*.tv01", "*.ds0?", "bucuresti.ines.dcm01", "bucuresti.nxdata.voip", "bucuresti.dolce.tv01", "*dasan*"] user: bogdan.timofte port: 22 - patterns: ["*.olt"] user: bogdan.timofte@next-gen.ro port: 22 - patterns: ["*.dhcp", "*.shaper*", "*.sentinel", "*.scan", "redmine", "speedtest", "webdevel", "scripting", "zabbix", "itpve-*", "cacti", "mx", "bucuresti.radius-pppoe", "flood-detector", "tacacs2", "tacacs1", "ns2", "ns1", "backup1", "gitlab", "nlg", "nexus", "dhcp-cmts", "*.radius-db", "jump1", "aggregator-buc", "mappix", "docker.*", "cpanel", "jump2", "nocpve-*", "ocvpn"] user: bogdan.timofte port: 24 defaults: jump: user: bogdan.timofte port: 24 final_host: user: bogdan port: 22 connect_timeout: 10 connection_attempts: 1 entrypoints: is_jumper: aliases: [is-jumper] hostname: 192.168.2.100 user: root identity_file: ~/.ssh/keys/is-jumper_ed25519 identities_only: true jumps: j1: aliases: [j1] hostname: 10.253.51.50 port: 25904 role: primary_vpn j2: aliases: [j2] hostname: 10.253.51.52 port: 25904 role: failover_vpn j1_public: aliases: [j1] hostname: j1.next-gen.ro port: 25904 role: emergency_public j2_public: aliases: [j2] hostname: j2.next-gen.ro port: 25904 role: emergency_public groups: voip_applications: description: PBX systems default_jump: j1 hosts: vo52: aliases: [vo52, vo522, vo52-new, 10.253.51.140] hostname: 10.253.51.140 user: root vo52_old: aliases: [vo52-old] hostname: 193.16.148.152 user: root vo53: aliases: [vo53, 193.16.148.153] hostname: 193.16.148.153 port: 60011 elastix: aliases: [elastix, 10.253.50.62, 188.173.1.15] hostname: 10.253.50.62 user: root ss7: aliases: [ss7] hostname: 10.253.51.138 user: root voip_pbx_dispecerat: aliases: [voip-pbx-dispeceri, pbx-dispeceri, 10.253.51.134] hostname: 10.253.51.134 user: bogdan voip_pbx_bo: aliases: [voip-pbx-bo, pbx-bo, 10.253.51.135] hostname: 10.253.51.135 user: bogdan voip_network: description: VoIP network infrastructure default_jump: j1 hosts: sbc0: aliases: [sbc0, 10.253.51.130, 10.20.30.10, 193.16.148.197] hostname: 10.253.51.130 sbc1: aliases: [sbc1, 10.253.51.131, 10.20.30.10, 193.16.148.194, 193.16.148.195, 193.16.148.196, 193.16.148.198, 193.16.148.199] hostname: 10.253.51.131 sbc2: aliases: [sbc2, 10.253.51.132, 10.20.30.11] hostname: 10.253.51.132 voip_prov: aliases: [voip-prov, 10.253.51.139] hostname: 10.253.51.139 portabilitate: aliases: [portabilitate, bdc, 10.253.51.133, 89.165.199.20, 89.165.232.232] hostname: 10.253.51.133 porta: description: PortaOne MR30 legacy default_jump: j1 hosts: porta_sip: aliases: [porta-sip, p12-sip, p12, p12.voip.ro, 193.16.148.4] hostname: 193.16.148.4 porta_web: aliases: [porta-web, porta-api, porta-slave, porta7, telefonie.next-gen.ro, 193.16.148.7] hostname: 193.16.148.7 porta_db: aliases: [porta-db, porta-master, porta1, 193.16.148.11] hostname: 193.16.148.11 porta_config: aliases: [porta-config, porta-configurator, 193.16.148.13] hostname: 193.16.148.13 pppoe: description: RADIUS and PPPOE systems default_jump: j1 defaults: user: bogdan.timofte port: 24 patterns: "*.radius-db": connect_timeout: 10 connection_attempts: 1 "*.radius-pppoe": connect_timeout: 10 connection_attempts: 1 hosts: radauti_radius_db: aliases: [radauti.radius-db, 94.53.112.30, 10.132.96.121] hostname: radauti.radius-db pascani_radius_db: aliases: [pascani.radius-db, 46.214.144.7, 10.132.0.121] hostname: pascani.radius-db falticeni_radius_db: aliases: [falticeni.radius-db, 46.214.136.7, 10.132.64.121] hostname: falticeni.radius-db tg_frumos_radius_db: aliases: [tg_frumos.radius-db, 94.53.170.7, 10.132.32.121] hostname: tg_frumos.radius-db buhusi_radius_db: aliases: [buhusi.radius-db, 46.214.240.7, 10.132.128.121] hostname: buhusi.radius-db bucuresti_radius_pppoe: aliases: [bucuresti.radius-pppoe, 188.173.1.29] hostname: bucuresti.radius-pppoe legacy_public: description: Legacy public VoIP jump default_jump: j1 hosts: voce_pub: aliases: [voce-pub, voce-pub2, 188.173.0.230] hostname: 188.173.0.230 user: bogdan port: 22 imported_jump_hosts: description: Hosts imported from J1/J2 user SSH configs default_jump: j1 defaults: user: bogdan.timofte port: 24 hosts: host_10_132_128_121: aliases: [10.132.128.121] hostname: 10.132.128.121 host_188_173_0_163: aliases: [188.173.0.163] hostname: 188.173.0.163 user: bogdan host_188_173_0_141: aliases: [188.173.0.141] hostname: 188.173.0.141 user: bogdan noc: description: NOC hosts grouped by function default_jump: j1 defaults: user: bogdan.timofte port: 24 pve: description: Proxmox hosts default_jump: j1 hosts: nocpve_nxdata1: aliases: [nocpve-nxdata1, 188.173.1.112, 10.253.51.24] hostname: 10.253.51.24 user: root nocpve_nxdata2: aliases: [nocpve-nxdata2, 188.173.1.116, 10.253.51.25] hostname: 10.253.51.25 user: root nocpve_ines1: aliases: [nocpve-ines1, 188.173.1.117, 10.253.51.27] hostname: 10.253.51.27 user: root nocpve_ines2: aliases: [nocpve-ines2, 188.173.1.118, 10.253.51.28] hostname: 10.253.51.28 user: root itpve_ines1: aliases: [itpve-ines1, 188.173.0.211, 10.253.51.211] hostname: 10.253.51.211 user: root itpve_ines2: aliases: [itpve-ines2, 188.173.0.212, 10.253.51.212] hostname: 10.253.51.212 user: root itpve_ines3: aliases: [itpve-ines3, 188.173.0.213, 10.253.51.213] hostname: 10.253.51.213 user: root itpve_ines4: aliases: [itpve-ines4, 188.173.0.222, 10.253.51.222] hostname: 10.253.51.222 user: root itpve_bns1: aliases: [itpve-bns1, 188.173.0.201, 10.253.51.201] hostname: 10.253.51.201 user: root itpve_bns2: aliases: [itpve-bns2, 188.173.0.202, 10.253.51.202] hostname: 10.253.51.202 user: root itpve_bns3: aliases: [itpve-bns3, 188.173.0.203, 10.253.51.203] hostname: 10.253.51.203 user: root itpve_bns4: aliases: [itpve-bns4, 188.173.0.220, 10.253.51.204] hostname: 10.253.51.204 user: root backup: description: Backup hosts default_jump: j1 hosts: backup_bns_01: aliases: [backup-bns-01, 188.173.1.83] hostname: 188.173.1.83 user: root huawei_olts: description: Huawei OLT access equipment with interactive password auth default_jump: j1 defaults: user: bogdan.timofte@next-gen.ro port: 22 auth: password_interactive hosts: pascani_olt: aliases: [pascani.olt] hostname: pascani.olt radauti_olt: aliases: [radauti.olt, 10.132.96.50] hostname: radauti.olt cisco_routers: description: Cisco and similar managed devices with interactive password auth default_jump: j1 defaults: user: bogdan.timofte port: 22 auth: password_interactive hosts: pascani_headend_cr01: aliases: [pascani.headend.cr01, 10.132.0.97] hostname: pascani.headend.cr01 buhusi_headend_as01: aliases: [buhusi.headend.as01, 10.132.128.11] hostname: buhusi.headend.as01 buhusi_headend_as02: aliases: [buhusi.headend.as02, 10.132.128.12] hostname: buhusi.headend.as02 buhusi_headend_as03: aliases: [buhusi.headend.as03, 10.132.128.13] hostname: buhusi.headend.as03 buhusi_headend_as04: aliases: [buhusi.headend.as04, 10.132.128.14] hostname: buhusi.headend.as04 buhusi_headend_as05: aliases: [buhusi.headend.as05, 10.132.128.15] hostname: buhusi.headend.as05 buhusi_headend_dr01: aliases: [buhusi.headend.dr01, 10.132.128.1] hostname: buhusi.headend.dr01 buhusi_headend_ds02: aliases: [buhusi.headend.ds02, 10.132.128.5] hostname: buhusi.headend.ds02 falticeni_headend_dr01: aliases: [falticeni.headend.dr01, 10.132.64.1] hostname: falticeni.headend.dr01 falticeni_headend_ds02: aliases: [falticeni.headend.ds02, 10.132.64.5] hostname: falticeni.headend.ds02 falticeni_headend_ds04: aliases: [falticeni.headend.ds04, 10.132.64.7] hostname: falticeni.headend.ds04 pascani_headend_as01: aliases: [pascani.headend.as01, 10.132.0.5] hostname: pascani.headend.as01 pascani_headend_dr01: aliases: [pascani.headend.dr01, 10.132.0.1] hostname: pascani.headend.dr01 pascani_headend_dr02: aliases: [pascani.headend.dr02, 10.132.0.100] hostname: pascani.headend.dr02 pascani_headend_dr03: aliases: [pascani.headend.dr03, 10.132.0.99] hostname: pascani.headend.dr03 pascani_headend_ds01: aliases: [pascani.headend.ds01, 10.132.0.3] hostname: pascani.headend.ds01 pascani_headend_tv01: aliases: [pascani.headend.tv01, 10.132.0.101] hostname: pascani.headend.tv01 radauti_headend_as01: aliases: [radauti.headend.as01, 10.132.96.11] hostname: radauti.headend.as01 radauti_headend_dr01: aliases: [radauti.headend.dr01, 172.30.255.101] hostname: radauti.headend.dr01 tg_frumos_headend_as01: aliases: [tg_frumos.headend.as01, 10.132.32.11] hostname: tg_frumos.headend.as01 tg_frumos_headend_dr01: aliases: [tg_frumos.headend.dr01, 10.132.32.1] hostname: tg_frumos.headend.dr01 tg_frumos_headend_ds01: aliases: [tg_frumos.headend.ds01, 10.132.32.3] hostname: tg_frumos.headend.ds01 network_switches: description: DCN switches with interactive password auth default_jump: j1 defaults: user: bogdan.timofte port: 22 auth: password_interactive hosts: buhusi_psw_010: aliases: [buhusi-psw-010, 10.132.128.20] hostname: buhusi-psw-010 buhusi_psw_011: aliases: [buhusi-psw-011, 10.132.128.21] hostname: buhusi-psw-011 buhusi_psw_012: aliases: [buhusi-psw-012, 10.132.128.22] hostname: buhusi-psw-012 buhusi_psw_013: aliases: [buhusi-psw-013, 10.132.128.23] hostname: buhusi-psw-013 buhusi_psw_014: aliases: [buhusi-psw-014, 10.132.128.24] hostname: buhusi-psw-014 buhusi_silistea_psw_001: aliases: [buhusi.silistea.psw-001, 10.132.128.50] hostname: buhusi.silistea.psw-001 falticeni_psw_110: aliases: [falticeni-psw-110, 10.132.64.20] hostname: falticeni-psw-110 radauti_headend_ag001: aliases: [radauti.headend.ag001, 10.132.96.12] hostname: radauti.headend.ag001 mikrotik_routers: description: MikroTik CRS/CCR equipment with interactive password auth default_jump: j1 defaults: user: admin port: 24 auth: password_interactive hosts: buhusi_mikrotik_dr01: aliases: [buhusi.mikrotik.dr01, 10.132.128.110] hostname: buhusi.mikrotik.dr01 buhusi_mikrotik_ds01: aliases: [buhusi.mikrotik.ds01, 10.132.128.100] hostname: buhusi.mikrotik.ds01 buhusi_mikrotik_pppoe01: aliases: [buhusi.mikrotik.pppoe01, 10.132.128.111] hostname: buhusi.mikrotik.pppoe01 buhusi_mikrotik_pppoe02: aliases: [buhusi.mikrotik.pppoe02, 10.132.128.112] hostname: buhusi.mikrotik.pppoe02 falticeni_mikrotik_dr01: aliases: [falticeni.mikrotik.dr01, 10.132.64.110] hostname: falticeni.mikrotik.dr01 falticeni_mikrotik_ds01: aliases: [falticeni.mikrotik.ds01, 10.132.64.100] hostname: falticeni.mikrotik.ds01 falticeni_mikrotik_pppoe1: aliases: [falticeni.mikrotik.pppoe1, 10.132.64.111] hostname: falticeni.mikrotik.pppoe1 falticeni_mikrotik_pppoe2: aliases: [falticeni.mikrotik.pppoe2, 10.132.64.112] hostname: falticeni.mikrotik.pppoe2 pascani_mikrotik_pppoe1: aliases: [pascani.mikrotik.pppoe1, 10.132.0.111] hostname: pascani.mikrotik.pppoe1 pascani_mikrotik_pppoe2: aliases: [pascani.mikrotik.pppoe2, 10.132.0.112] hostname: pascani.mikrotik.pppoe2 radauti_mikrotik_pppoe1: aliases: [radauti.mikrotik.pppoe1, 10.132.96.111] hostname: radauti.mikrotik.pppoe1 radauti_mikrotik_pppoe2: aliases: [radauti.mikrotik.pppoe2, 10.132.96.112] hostname: radauti.mikrotik.pppoe2 tg_frumos_mikrotik_dr01: aliases: [tg_frumos.mikrotik.dr01, 94.53.170.1] hostname: tg_frumos.mikrotik.dr01 tg_frumos_mikrotik_pppoe1: aliases: [tg_frumos.mikrotik.pppoe1, 10.132.32.111] hostname: tg_frumos.mikrotik.pppoe1