Namespace attributes¶
Here you’ll find the full list of attributes you may use within your networks.yml file in order to define your Namespaces:
Namespace Block¶
Used to configure a namespace
attribute key | description | optional | notes |
---|---|---|---|
type | Used to define the namespace type. | no | See Namespaces for further information Permitted values are ‘collection’, ‘inventory’, ‘inventory-subselect’ and ‘inventory-merge’. |
description | A description of your namespace. | no | Your description will be used as a label within your installation’s UI. |
network | A hash of attributes defining a Cloud Provider configuration. | yes | If left blank, any Inventories inheriting this configuration will not be populated with servers unless a Statically defined manifest has been configured Restricted to namespaces of type ‘collection’ and ‘inventory’ only. See Network attributes. |
ssh_settings | A hash of attributes used to define an SSH architecture. | yes | Leave this blank and Bcome will default to initiating direct SSH connection attempts only (i.e. no proxies) and will fallback to using your terminal user as your SSH username. Restricted to namespaces of type ‘collection’ and ‘inventory’ only. |
sub_filter | A hash of attributes used to further filter a list of machines from an inventory. | yes | Restricted to namespaces of type ‘inventory-subselect’ only. If you’re sub-filtering a ‘gcp’ inventory, your filters are a Hash of GCP tags and their values. If you’re sub-filtering an ‘aws’ inventory, your filters are a Hash of EC2 and their values. |
override_identifier | A regular expression used to rewrite the names of servers within an inventory | yes | Restricted to namespaces of type ‘inventory’, ‘inventory-subselect’ and ‘inventory-merge’. A regular expression with a single selector is expected, for example given a server named “Foo_Bar” and a regular expression of “[a-z]*_([a-z]*)” the server will be renamed “Bar”. |
hidden | A toggle to hide a namespace from view. | yes | set to ‘true’ or ‘false’ Hidden namespaces may still be interacted with, but will not appear in the user interface. |
Note
Note that ssh_settings
and network
configuration may be inherited and overidden in child namespaces.
Network attributes¶
A Hash of attributes used to populate the top-level network
attribute.
Used to configure a Cloud-provider.
See the full list of configurable attributes here:
attribute key | description | optional | notes |
---|---|---|---|
type | The cloud provider type | yes | Set to “gcp” for Google Cloud Platform. Set to “ec2” for Amazon Web Services. |
Google Cloud platform specific network attributes¶
attribute key | description | optional | notes |
---|---|---|---|
project | GCP project id | Required for ‘gcp’ provider type | Be careful to set this to the project id, and not the project name. |
zone | GCP zone | Required for ‘gcp’ provider type | For a full list of zones see: Zones & Clusters. |
authentication_scheme | GCP authentication scheme | Required for ‘gcp’ provider type | Supported schemes are ‘oauth’ or ‘service_account’. For OAuth 2.0 setup see Adding GCP authorisation |
service_scopes | An array of GCP auth scopes passed to GCP during authorisation. | Optional for ‘gcp’ provider type | A minimum scope of compute.readonly is required in order to list resources. For OAuth 2.0 cloud-platform is required. |
filters (‘gcp’ provider) | A filter string to filter instances returned by GCP. | Optional for ‘gcp’ provider type | As an example, to return running instances, set filter to “status:running” For further information on topic filtering, see GCP Topic Filtering. |
service_account_credentials | The name of the service account credentials json file, to be found within the .gauth directory. | Optional for ‘gcp’ provider type | Required for the service_account authentication scheme only. See Adding GCP authorisation. |
secrets_filename | The name of your OAuth 2.0 clients secrets filename to be found within the .gauth directory. | Optional for ‘gcp’ provider type | Required for the oauth authentication scheme only. See Adding GCP authorisation. |
Note
Google Cloud Platform require a minimum permission of compute.instances.list
for OAuth 2.0 authorisations. Ensure that any users attempting to authorize by OAuth 2.0 have been
configured with a role containing this permission.
AWS specific network attributes¶
attribute key | description | optional | notes |
---|---|---|---|
credentials_keys | The reference to an AWS credentials key from your .aws/keys file | Required for ‘ec2’ provider type | For setup see Adding AWS authorization. |
provisioning_region | An EC2 provisioning region | Required for ‘ec2’ provider type | e.g. eu-west-1 |
filters (‘ec2’ provider) | A hash of ec2 filters sent during the lookup request to ec2. | Optional for ‘ec2’ provider type | For a full list of available filters, see EC2 Filter List. |
SSH Settings Attributes¶
A hash of attributes used to populate the top-level ssh_settings
attribute.
Note
Namespaces without an SSH Settings element will default to initiating direct connection attempts against your servers using your local terminal username as the SSH username. Proxied ssh connections will not be possible.
See the full list of configurable attributes here:
attribute key | description | optional | notes |
---|---|---|---|
user | The SSH username to use for SSH connections. | Yes | Most implementations will leave this blank, causing Bcome to fallback to using the local terminal user’s username as the SSH user. Setting a username within will override this. |
proxy | An array of proxies | Yes | If proxies are configured, Bcome will craft an SSH connection jumping through each proxy in the order in which they are declared in the proxy array, position 0 being first hop. If a proxy is a Bcome node, its public_ip_address will be used to route the connection if present. If there is no public_ip_address available, Bcome will default to using the node’s internal_ip_address to route the connection. Using this pattern you may proxy via multiple hops into your networks. See Proxy Attributes. |
Proxy Attributes¶
Used to define an SSH Proxy.
See the full list of configurable attributes here:
attribute key | description | optional | notes |
---|---|---|---|
host_lookup | The type of host lookup to perform. | No | Permitted values are: ‘by_bcome_namespace’, ‘by_host_or_ip’ or ‘by_inventory_node’. Note that ‘by_host_or_ip’ must be used to reference proxies without public interfaces. A future release will enable such lookups using by_bcome_namespace. |
namespace | A bcome namespace in breadcrumb format, e.g. namespace_key:namespace_key | Yes | Required for host_lookup type ‘by_bcome_namespace’. Allows for referencing proxy machines that can be defined anwywhere within the Bcome installation. |
host_id | A hostname or ip address, or reference to a host from your ssh config or hosts file. In other words, anything that your underlying OS can resolve as an SSH target |
Yes | Required for host_lookup type ‘by_host_or_ip’. |
node_identifier | The name of the node within the same Inventory that you wish to declare as your SSH proxy machine. | Yes | Required for host_lookup type ‘by_inventory_node’. |
bastion_host_user | The ssh username to be used for bypassing the proxy. | Yes | Default to the Bcome installation’s local SSH username. |