Moved configs to clients directory, updated onboarding script to reflect changes.

2026-04-24 09:21:04 -07:00
parent a2438ed748
commit 50616c52cc
11 changed files with 2 additions and 2 deletions
--- a/inventories/clients/dfa_tech/group_vars/all.yml
+++ b/inventories/clients/dfa_tech/group_vars/all.yml
@@ -0,0 +1,5 @@
+---
+# Client: DFA Tech Colo (DFA-001)
+# Onboarded: 2026-03-10
+# VPN: IPSec
+# Hypervisor: Proxmox
--- a/inventories/clients/dfa_tech/hosts.yml
+++ b/inventories/clients/dfa_tech/hosts.yml
@@ -0,0 +1,64 @@
+---
+all:
+  vars:
+    client_id: "DFA-001"
+    client_name: "DFA Tech Colo"
+    billing_model: "hybrid"
+    change_freeze: false
+    hypervisor_type: "proxmox"
+    auto_reboot: false
+
+  children:
+    linux_hosts:
+      hosts:
+        alpine-caddy:
+          ansible_host: 10.86.13.202
+          ansible_user: root
+          os_family: "alpine"
+          human_estimate_seconds: 2700
+          proxmox_vmid: 110
+          max_load_multiplier: 5  # override — known memory pressure issue
+        urbackupserver:
+          ansible_host: 10.86.15.208
+          ansible_user: root
+          os_family: "debian"
+          human_estimate_seconds: 2700
+          proxmox_vmid: 100
+        unifi-os-server:
+          ansible_host: 10.86.11.212
+          ansible_user: root
+          os_family: "debian"
+          human_estimate_seconds: 2700
+          proxmox_vmid: 103
+        datacenter-manager:
+          ansible_host: 10.86.13.110
+          ansible_user: root
+          os_family: "debian"
+          human_estimate_seconds: 2700
+          proxmox_vmid: 101
+        dfa-docker-01:
+          ansible_host: 10.86.13.114
+          ansible_user: root
+          os_family: "debian"
+          human_estimate_seconds: 2700
+          proxmox_vmid: 102
+        xoa.dfatech.ca:
+          ansible_host: 10.86.13.112
+          ansible_user: root
+          os_family: "debian"
+          human_estimate_seconds: 2700
+          proxmox_vmid: 104
+        caddy-alpine:
+          ansible_host: 10.86.13.21
+          ansible_user: root
+          os_family: "alpine"
+          human_estimate_seconds: 2700
+          proxmox_vmid: 106
+        # pbx.dfateach.ca:
+        #   ansible_host: 10.86.13.113
+        #   ansible_user: root
+        #   os_family: "debian"
+        #   human_estimate_seconds: 2700
+        #   proxmox_vmid: 109
+    windows_hosts:
+      hosts: {}
--- a/inventories/clients/local_eng/group_vars/all.yml
+++ b/inventories/clients/local_eng/group_vars/all.yml
@@ -0,0 +1,8 @@
+---
+# Client: Local Eng (LE-001)
+# Onboarded: 2026-03-13
+# VPN: ipsec
+# Hypervisor: proxmox
+# Billing: hybrid
+
+# Add client-specific overrides below
--- a/inventories/clients/local_eng/hosts.yml
+++ b/inventories/clients/local_eng/hosts.yml
@@ -0,0 +1,72 @@
+---
+all:
+  vars:
+    client_id: "LE-001"
+    client_name: "Local Eng"
+    billing_model: "hybrid"
+    maintenance_window_start: "02:00"
+    maintenance_window_end: "05:00"
+    maintenance_window_tz: "UTC"
+    change_freeze: false
+    hypervisor_type: "proxmox"
+    vpn_type: "ipsec"
+    auto_reboot: false
+    human_estimate_seconds: 2700
+
+  children:
+    linux_hosts:
+      hosts:
+        docker-host:
+          ansible_host: 192.168.22.196
+          proxmox_vmid: 100
+          proxmox_node: pm-node-01
+        pbs-backup:
+          ansible_host: 192.168.22.167
+          proxmox_vmid: 101
+          proxmox_node: pm-node-01
+        pritunl:
+          ansible_host: 192.168.22.11
+          proxmox_vmid: 103
+          proxmox_node: pm-node-02
+      vars:
+        ansible_user: ansible-msp-agent
+        ansible_become: true
+        ansible_become_method: sudo
+
+    windows_hosts:
+      hosts:
+        AD.LocalEng:
+          ansible_host: 192.168.22.15
+          proxmox_vmid: 102
+          proxmox_node: pm-node-02
+        Win11Compress1:
+          ansible_host: 192.168.22.40
+          proxmox_vmid: 105
+          proxmox_node: pm-node-01
+        Win11Compress2:
+          ansible_host: 192.168.22.41
+          proxmox_vmid: 106
+          proxmox_node: pm-node-02
+        Win11CeasraII:
+          ansible_host: 192.168.22.42
+          proxmox_vmid: 107
+          proxmox_node: pm-node-01
+        Win11DataGateway:
+          ansible_host: 192.168.22.44
+          proxmox_vmid: 108
+          proxmox_node: pm-node-02
+        Win11Scene-Lic:
+          ansible_host: 192.168.22.45
+          proxmox_vmid: 110
+          proxmox_node: pm-node-01
+        Win11Solidworks:
+          ansible_host: 192.168.22.43
+          proxmox_vmid: 109
+          proxmox_node: pm-node-02
+      vars:
+        ansible_user: Administrator
+        ansible_connection: winrm
+        ansible_winrm_transport: ntlm
+        ansible_winrm_server_cert_validation: validate
+        ansible_port: 5986
+
--- a/inventories/clients/local_eng/hypervisor_hosts.yml
+++ b/inventories/clients/local_eng/hypervisor_hosts.yml
@@ -0,0 +1,48 @@
+---
+# =============================================================================
+# hypervisor_hosts.yml — Local Eng Physical Hypervisor Nodes
+# =============================================================================
+
+all:
+  vars:
+    client_id: "LE-001"
+    client_name: "Local Eng"
+    billing_model: "hybrid"
+    ansible_user: root
+    ansible_private_key_file: ~/.ssh/client_local_eng
+
+  children:
+    proxmox_cluster:
+      vars:
+        hypervisor_type: proxmox
+        api_host: 192.168.22.65
+        api_port: 8006
+        api_user: "ansible@pve"
+        api_token_id: "ansible-token"
+        api_token_secret: "19d33790-7648-4550-a052-f89b1b5e70eb"
+        cluster_mode: cluster
+        ceph_enabled: false
+        shared_storage: true
+        live_migrate_fallback: shutdown
+        upgrade_order:
+          - pm-node-01
+          - pm-node-02
+          - pm-node-03
+        migrate_exclude_tags:
+          - nomigrate
+          - pinned
+        ansible_user: root
+        ansible_become: false
+        pve_config_backup_destinations:
+          - type: local
+            path: /var/backups/pve-config
+            keep: 10
+
+      hosts:
+        pm-node-01:
+          ansible_host: 192.168.22.65
+        pm-node-02:
+          ansible_host: 192.168.22.66
+        pm-node-03:
+          ansible_host: 192.168.22.67
+          
--- a/inventories/clients/royal_pizza/group_vars/all.yml
+++ b/inventories/clients/royal_pizza/group_vars/all.yml
@@ -0,0 +1,8 @@
+---
+# Client: Royal Pizza (RP-001)
+# Onboarded: 2026-04-23
+# Type: firewall
+# VPN: none
+# Billing: hybrid
+
+# Add client-specific overrides below
--- a/inventories/clients/royal_pizza/group_vars/firewalls.yml
+++ b/inventories/clients/royal_pizza/group_vars/firewalls.yml
--- a/inventories/clients/royal_pizza/hosts.yml
+++ b/inventories/clients/royal_pizza/hosts.yml
@@ -0,0 +1,43 @@
+---
+all:
+  vars:
+    client_id: "RP-001"
+    client_name: "Royal Pizza"
+    billing_model: "hybrid"
+    maintenance_window_start: "02:00"
+    maintenance_window_end: "05:00"
+    maintenance_window_tz: "UTC"
+    change_freeze: false
+    hypervisor_type: "none"
+    vpn_type: "none"
+    auto_reboot: false
+    human_estimate_seconds: 2700
+    ansible_ssh_extra_args: "-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
+
+  
+  children:
+    firewalls:
+      children:
+        opnsense:
+          hosts:
+            client-fw-01:
+              ansible_host: "{{ FW_HOST }}"
+              ansible_port: "22222"
+              ansible_user: root
+              ansible_ssh_private_key_file: ~/.ssh/client_royal_pizza
+              firewall_api_port: 8889
+    
+    linux_hosts:
+      hosts: {}
+      vars:
+        ansible_user: root
+        os_family: "debian"
+
+    windows_hosts:
+      hosts: {}
+      vars:
+        ansible_user: Administrator
+        ansible_connection: winrm
+        ansible_winrm_transport: ntlm
+        ansible_winrm_server_cert_validation: validate
+        ansible_port: 5986
--- a/inventories/clients/sanrufo_homes/group_vars/all.yml
+++ b/inventories/clients/sanrufo_homes/group_vars/all.yml
@@ -0,0 +1,7 @@
+---
+# Client: Sanrufo Homes (SRH-001)
+# Onboarded: 2026-03-12
+
+# Client-specific variable overrides go here.
+# Global vars (XO_URL, XO_TOKEN, N8N_WEBHOOK_URL) come from Semaphore variable group.
+# Override here only if this client uses a different XO instance or webhook.
--- a/inventories/clients/sanrufo_homes/hosts.yml
+++ b/inventories/clients/sanrufo_homes/hosts.yml
@@ -0,0 +1,99 @@
+---
+# Client: Sanrufo Homes (SRH-001)
+# Onboarded: 2026-03-12
+# Hypervisor: xcpng
+# Billing: hybrid
+#
+# ansible_user: ansible-msp-agent (deployed by scripts/deploy_agent.sh)
+# Do NOT use root as ansible_user for day-to-day operations.
+#
+# XO tag convention for unmanaged VMs: msp:ignore
+#   VMs tagged msp:ignore are excluded from all automation — no snapshot, no patch.
+#   Examples: decommissioned VMs, appliances, third-party managed systems.
+#   Currently tagged msp:ignore in XO: mail.sanrufohomes.com (decommissioned)
+
+all:
+  vars:
+    client_id: "SRH-001"
+    client_name: "Sanrufo Homes"
+    billing_model: "hybrid"
+    maintenance_window_start: "02:00"
+    maintenance_window_end: "05:00"
+    maintenance_window_tz: "UTC"
+    change_freeze: false
+    hypervisor_type: "xcpng"
+    auto_reboot: false
+    human_estimate_seconds: 2700
+
+  children:
+    linux_hosts:
+      hosts:
+        docker-vm:
+          ansible_host: 192.168.32.14
+          xcpng_vm_uuid: "412dcc69-859f-5260-bbd3-9273e23daab5"
+
+        vpn.sanrufohomes.com:
+          ansible_host: 192.168.32.22
+          xcpng_vm_uuid: "aa0595b0-34b1-8e88-8567-97d0c5699c13"
+
+        mssql:
+          ansible_host: 192.168.32.8
+          xcpng_vm_uuid: "58a75662-914d-6d3b-ab77-2eefc32ff1d5"
+
+      vars:
+        ansible_user: ansible-msp-agent
+        ansible_become: true
+        ansible_become_method: sudo
+
+    windows_hosts:
+      hosts:
+        SRH-DoorSystem:
+          ansible_host: 192.168.32.39
+          xcpng_vm_uuid: "1e927e7a-bd44-5bad-7a50-13d05812c69b"
+
+        WinSVR-2025-3:
+          ansible_host: 192.168.32.16
+          xcpng_vm_uuid: "a359ce10-38ee-f5c7-f8a9-ac8a9b554944"
+
+        DataConnector:
+          ansible_host: 192.168.32.56
+          xcpng_vm_uuid: "6ae577d4-601b-e807-9e08-c0f923951475"
+
+        WinSVR-2022-Sage:
+          ansible_host: 192.168.32.18
+          xcpng_vm_uuid: "e47c7806-1047-4cbb-dcb5-9baf62085bf3"
+
+        MatVM:
+          ansible_host: 192.168.32.35
+          xcpng_vm_uuid: "b836f4fd-bc98-8fad-9a5c-534c60d69d44"
+
+        NicoleSageVM:
+          ansible_host: 192.168.32.30
+          xcpng_vm_uuid: "a8ca3c0e-58dc-470e-a25c-a3a13765ab80"
+
+        SanRufoSVR22:
+          ansible_host: 192.168.32.15
+          xcpng_vm_uuid: "0fd09bcf-7cf4-43e8-4315-f4fa7fff6de0"
+
+      vars:
+        ansible_user: Administrator
+        ansible_connection: winrm
+        ansible_winrm_transport: ntlm
+        ansible_winrm_server_cert_validation: validate
+        ansible_port: 5986
+        # Windows patching not yet implemented — hosts listed for inventory completeness
+
+    # XCP-NG pool entries — one entry per pool (not per hypervisor host)
+    # Each entry triggers xcpng_pool_update.yml against that pool via XO REST API
+    # XO_URL and XO_TOKEN come from Semaphore variable group
+    xcpng_hosts:
+      hosts:
+        SRH-VM2:
+          xo_pool_uuid: "74264da3-bb88-3192-b0f0-046385608c3c"
+
+        SRH-VM:
+          xo_pool_uuid: "469a7b5b-de02-c313-f8cc-f3063628e68f"
+
+      vars:
+        ansible_connection: local
+