Namespace attributes

Here you’ll find the full list of attributes you may use within your networks.yml file in order to define your Namespaces:

Namespace Block

Used to configure a namespace

attribute key description optional notes
type Used to define the namespace type. no

See Namespaces for further information

Permitted values are ‘collection’, ‘inventory’, ‘inventory-subselect’ and ‘inventory-merge’.

description A description of your namespace. no Your description will be used as a label within your installation’s UI.
network A hash of attributes defining a Cloud Provider configuration. yes

If left blank, any Inventories inheriting this configuration will not be populated with servers unless a Statically defined manifest has been configured

Restricted to namespaces of type ‘collection’ and ‘inventory’ only.

See Network attributes.

ssh_settings A hash of attributes used to define an SSH architecture. yes

Leave this blank and Bcome will default to initiating direct SSH connection attempts only (i.e. no proxies) and will fallback to using your terminal user as your SSH username.

Restricted to namespaces of type ‘collection’ and ‘inventory’ only.

See SSH Settings Attributes.

sub_filter A hash of attributes used to further filter a list of machines from an inventory. yes

Restricted to namespaces of type ‘inventory-subselect’ only.

If you’re sub-filtering a ‘gcp’ inventory, your filters are a Hash of GCP tags and their values.

If you’re sub-filtering an ‘aws’ inventory, your filters are a Hash of EC2 and their values.

override_identifier A regular expression used to rewrite the names of servers within an inventory yes

Restricted to namespaces of type ‘inventory’, ‘inventory-subselect’ and ‘inventory-merge’.

A regular expression with a single selector is expected, for example given a server named “Foo_Bar” and a regular expression of “[a-z]*_([a-z]*)” the server will be renamed “Bar”.

hidden A toggle to hide a namespace from view. yes

set to ‘true’ or ‘false’

Hidden namespaces may still be interacted with, but will not appear in the user interface.

Note

Note that ssh_settings and network configuration may be inherited and overidden in child namespaces.

See Inheritance & overrides

Network attributes

A Hash of attributes used to populate the top-level network attribute.

Used to configure a Cloud-provider.

See the full list of configurable attributes here:

attribute key description optional notes
type The cloud provider type yes Set to “gcp” for Google Cloud Platform. Set to “ec2” for Amazon Web Services.

Google Cloud platform specific network attributes

attribute key description optional notes
project GCP project id Required for ‘gcp’ provider type Be careful to set this to the project id, and not the project name.
zone GCP zone Required for ‘gcp’ provider type For a full list of zones see: Zones & Clusters.
authentication_scheme GCP authentication scheme Required for ‘gcp’ provider type Supported schemes are ‘oauth’ or ‘service_account’. For OAuth 2.0 setup see Adding GCP authorisation
service_scopes An array of GCP auth scopes passed to GCP during authorisation. Optional for ‘gcp’ provider type A minimum scope of compute.readonly is required in order to list resources. For OAuth 2.0 cloud-platform is required.
filters (‘gcp’ provider) A filter string to filter instances returned by GCP. Optional for ‘gcp’ provider type As an example, to return running instances, set filter to “status:running” For further information on topic filtering, see GCP Topic Filtering.
service_account_credentials The name of the service account credentials json file, to be found within the .gauth directory. Optional for ‘gcp’ provider type Required for the service_account authentication scheme only. See Adding GCP authorisation.
secrets_filename The name of your OAuth 2.0 clients secrets filename to be found within the .gauth directory. Optional for ‘gcp’ provider type Required for the oauth authentication scheme only. See Adding GCP authorisation.

Note

Google Cloud Platform require a minimum permission of compute.instances.list for OAuth 2.0 authorisations. Ensure that any users attempting to authorize by OAuth 2.0 have been configured with a role containing this permission.

AWS specific network attributes

attribute key description optional notes
credentials_keys The reference to an AWS credentials key from your .aws/keys file Required for ‘ec2’ provider type For setup see Adding AWS authorization.
provisioning_region An EC2 provisioning region Required for ‘ec2’ provider type e.g. eu-west-1
filters (‘ec2’ provider) A hash of ec2 filters sent during the lookup request to ec2. Optional for ‘ec2’ provider type For a full list of available filters, see EC2 Filter List.

SSH Settings Attributes

A hash of attributes used to populate the top-level ssh_settings attribute.

Note

Namespaces without an SSH Settings element will default to initiating direct connection attempts against your servers using your local terminal username as the SSH username. Proxied ssh connections will not be possible.

See the full list of configurable attributes here:

attribute key description optional notes
user The SSH username to use for SSH connections. Yes Most implementations will leave this blank, causing Bcome to fallback to using the local terminal user’s username as the SSH user. Setting a username within will override this.
proxy An array of proxies Yes

If proxies are configured, Bcome will craft an SSH connection jumping through each proxy in the order in which they are declared in the proxy array, position 0 being first hop.

If a proxy is a Bcome node, its public_ip_address will be used to route the connection if present. If there is no public_ip_address available, Bcome will default to using the node’s internal_ip_address to route the connection.

Using this pattern you may proxy via multiple hops into your networks.

See Proxy Attributes.

Proxy Attributes

Used to define an SSH Proxy.

See the full list of configurable attributes here:

attribute key description optional notes
host_lookup The type of host lookup to perform. No

Permitted values are: ‘by_bcome_namespace’, ‘by_host_or_ip’ or ‘by_inventory_node’.

Note that ‘by_host_or_ip’ must be used to reference proxies without public interfaces. A future release will enable such lookups using by_bcome_namespace.

namespace A bcome namespace in breadcrumb format, e.g. namespace_key:namespace_key Yes Required for host_lookup type ‘by_bcome_namespace’. Allows for referencing proxy machines that can be defined anwywhere within the Bcome installation.
host_id

A hostname or ip address, or reference to a host from your ssh config or hosts file.

In other words, anything that your underlying OS can resolve as an SSH target

Yes Required for host_lookup type ‘by_host_or_ip’.
node_identifier The name of the node within the same Inventory that you wish to declare as your SSH proxy machine. Yes Required for host_lookup type ‘by_inventory_node’.
bastion_host_user The ssh username to be used for bypassing the proxy. Yes Default to the Bcome installation’s local SSH username.