Testing infrastructure setup

opencrvs · Feb 13, 2024 · 9e7ce0b · 9e7ce0b
1 parent f3be2b3
commit 9e7ce0b
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 37 deletions.
diff --git a/infrastructure/known-hosts b/infrastructure/known-hosts
@@ -0,0 +1,24 @@
+countryconfig-qa.opencrvs.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDLo7yuZHVSqxskhSsUIh6ChKXS66xP56p255gpx9Aspw4/ZkACUILJsqn2jHZm6RBGMWyQpUVQEsU7WPofmlh5e/zHCv9fgrE4AE4sefAvbx0TfiFiBa7aYsSeBSS8258B2QCiJ94dHEcPFNEeIsr2XgZCYZnPLDMGaLjf+epDsq//WFib615zlptkzYU8CAe/XYK0jn/BjMWxa1gvUCrLhCZpLkk69R5xuypqqm8jhPpjPF580o3XNiMaPPJOAkuxI9jHivn+QAC+2+SjE+DANpDn7Trsx1omxvmqaIVrq9L0gL6srndnCYL46Y824yialtoJzK1gDB0eo51HPHQ2tAgmSnm7EaHFzRNlafi7sfWKcyGqdD5luHRk4fcex1aoDIJkN8L1E/G0VxQHSGq9GS8FtBm0t5SLaEzKONBJgJgohellff4fzMn4y9gqOiFrczHxVGy+5NGgz8qDaScvbbIWB3gQ78NmSUWfPwahcU8qpUfbM1MaC0daBeO9JWE=
+countryconfig-qa.opencrvs.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIZHrywPqTLM4XLpISxLnBmZaw6imnbEua8lORFWkM5KKgHmcRRX+f6a+FLKDf8RSPdSKM8nEyyEwFvbkVSe0Zw=
+countryconfig-qa.opencrvs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAQUrrywTdiheGzeCqPXa3wFVX62tAbIPEE2Z9mIkt9N
+167.99.195.231 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDLo7yuZHVSqxskhSsUIh6ChKXS66xP56p255gpx9Aspw4/ZkACUILJsqn2jHZm6RBGMWyQpUVQEsU7WPofmlh5e/zHCv9fgrE4AE4sefAvbx0TfiFiBa7aYsSeBSS8258B2QCiJ94dHEcPFNEeIsr2XgZCYZnPLDMGaLjf+epDsq//WFib615zlptkzYU8CAe/XYK0jn/BjMWxa1gvUCrLhCZpLkk69R5xuypqqm8jhPpjPF580o3XNiMaPPJOAkuxI9jHivn+QAC+2+SjE+DANpDn7Trsx1omxvmqaIVrq9L0gL6srndnCYL46Y824yialtoJzK1gDB0eo51HPHQ2tAgmSnm7EaHFzRNlafi7sfWKcyGqdD5luHRk4fcex1aoDIJkN8L1E/G0VxQHSGq9GS8FtBm0t5SLaEzKONBJgJgohellff4fzMn4y9gqOiFrczHxVGy+5NGgz8qDaScvbbIWB3gQ78NmSUWfPwahcU8qpUfbM1MaC0daBeO9JWE=
+167.99.195.231 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIZHrywPqTLM4XLpISxLnBmZaw6imnbEua8lORFWkM5KKgHmcRRX+f6a+FLKDf8RSPdSKM8nEyyEwFvbkVSe0Zw=
+167.99.195.231 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAQUrrywTdiheGzeCqPXa3wFVX62tAbIPEE2Z9mIkt9N
+countryconfig-dev.opencrvs.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7LI8EaR3X+FkOhWk/XKbMPLcJptU2bMbreG1IdaBCXR41AuT3hHHFaQA1uGhLFLWXzEtyJYMkSzA6m+f3b6CxVjPHJYZg0RPiZ3I4oIgr38oDFmI5O/atwhDHHun+iWwItgHWDRoY2kdk2N4z40QbAui54VEC2QHvqcy4voojbUjeengvANuvLxTfi+OmtoJSvyuqw+H44Jwx13x+u+w3VwxaJZgfm2tSnxk0dX/JNfEytbZ/ETVmyQ4Jj/DOWmdHfxjf2FMZqM/GpIpS/d+znOFhV80MTKueAy0m60DZqHH6dU0hog0itABoy9sC08n5+SA8oksbJKQDWHd0nqOC6fVIzVMB0TZfYZIng6wxz7ib4hVGBXnR8UbZQOXgI5lNnx5+uExOgbjMWlMSpbVgbaqSbJ9MNwM9ow94NysEbq0WLVR4y3fq/V6R2JehTRJUBhdOLSSDdc8gKd7aO4yoM3obNsiwEYVMdh+3qvpmuSrETJ1mr0xjaD5PWqvmOxU=
+countryconfig-dev.opencrvs.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHlwBqj3/5hG0ojbulQhzyuLgLPw3/pCKYC163loS9j+FxFc3uxn6d82YUfwyjXpjmt8yFJ20XOJk7M6UNNjj0U=
+countryconfig-dev.opencrvs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGth3TLOxuVWXh0UUKY3fJMj4MCSxlQHThfhN0nI/ORB
+157.245.36.178 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7LI8EaR3X+FkOhWk/XKbMPLcJptU2bMbreG1IdaBCXR41AuT3hHHFaQA1uGhLFLWXzEtyJYMkSzA6m+f3b6CxVjPHJYZg0RPiZ3I4oIgr38oDFmI5O/atwhDHHun+iWwItgHWDRoY2kdk2N4z40QbAui54VEC2QHvqcy4voojbUjeengvANuvLxTfi+OmtoJSvyuqw+H44Jwx13x+u+w3VwxaJZgfm2tSnxk0dX/JNfEytbZ/ETVmyQ4Jj/DOWmdHfxjf2FMZqM/GpIpS/d+znOFhV80MTKueAy0m60DZqHH6dU0hog0itABoy9sC08n5+SA8oksbJKQDWHd0nqOC6fVIzVMB0TZfYZIng6wxz7ib4hVGBXnR8UbZQOXgI5lNnx5+uExOgbjMWlMSpbVgbaqSbJ9MNwM9ow94NysEbq0WLVR4y3fq/V6R2JehTRJUBhdOLSSDdc8gKd7aO4yoM3obNsiwEYVMdh+3qvpmuSrETJ1mr0xjaD5PWqvmOxU=
+157.245.36.178 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHlwBqj3/5hG0ojbulQhzyuLgLPw3/pCKYC163loS9j+FxFc3uxn6d82YUfwyjXpjmt8yFJ20XOJk7M6UNNjj0U=
+157.245.36.178 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGth3TLOxuVWXh0UUKY3fJMj4MCSxlQHThfhN0nI/ORB
+countryconfig-staging.opencrvs.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDLgdqbx1Rzps3iv5m9upZCw6+Bralsd3ziKQnSRcexiuSIGuTmjuVoNMqTyENWwvE8lh//1vOZfWu7OufDHDaymWVPMf4XANx0kLeITYfwFAkP6RkXkoiv/IW0VGCy/NxkO3971Qr2jLWhdhS5jBsq6qk/a8dnbZcklNqSxXSX+JQbfibvenYrtSnr1yBRQ4sxr0hzncqCoykTb4imV7imxEa2PvgDuiy1VRtndx3x2h4Y2VkWeFUXngmqx4fq/EpmSSoLq2MHefzKlrPxTpAVHEwXv6hFoUV0g5p9X/W0lvWU1RKAwlkVpybrt+lELd7U+W2Py4IeeDeiBEbmydYCeJWVAZS+eSGXCtPeexEIOSbKaN1FUNLHSVbvEjx8DSnN/81+yhQ+Yy3GActIgwr8yuEnKNncwvxIv8HgVzo/ElgT389lRj9ge87CZ+VoaU7GK05EUvOlXLhBKQw8CuwqmlFjLNmHRdt0bIEk40El5Pl/WeI3MVPBRL9Ce+DzYVU=
+countryconfig-staging.opencrvs.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNNFRRBk6hRw1EA1dAlEWJV+YhXRRjjMO3VWOD5rktxjD5L1EMhnh089Dk0j+XEi4ahUdTe4Qq1Hd8MBCcp374A=
+countryconfig-staging.opencrvs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcT3GvEt+mwoDEB1ny7qTklw5AbejZ9hMMnXTeBLPgI
+178.128.172.42 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDLgdqbx1Rzps3iv5m9upZCw6+Bralsd3ziKQnSRcexiuSIGuTmjuVoNMqTyENWwvE8lh//1vOZfWu7OufDHDaymWVPMf4XANx0kLeITYfwFAkP6RkXkoiv/IW0VGCy/NxkO3971Qr2jLWhdhS5jBsq6qk/a8dnbZcklNqSxXSX+JQbfibvenYrtSnr1yBRQ4sxr0hzncqCoykTb4imV7imxEa2PvgDuiy1VRtndx3x2h4Y2VkWeFUXngmqx4fq/EpmSSoLq2MHefzKlrPxTpAVHEwXv6hFoUV0g5p9X/W0lvWU1RKAwlkVpybrt+lELd7U+W2Py4IeeDeiBEbmydYCeJWVAZS+eSGXCtPeexEIOSbKaN1FUNLHSVbvEjx8DSnN/81+yhQ+Yy3GActIgwr8yuEnKNncwvxIv8HgVzo/ElgT389lRj9ge87CZ+VoaU7GK05EUvOlXLhBKQw8CuwqmlFjLNmHRdt0bIEk40El5Pl/WeI3MVPBRL9Ce+DzYVU=
+178.128.172.42 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNNFRRBk6hRw1EA1dAlEWJV+YhXRRjjMO3VWOD5rktxjD5L1EMhnh089Dk0j+XEi4ahUdTe4Qq1Hd8MBCcp374A=
+178.128.172.42 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAcT3GvEt+mwoDEB1ny7qTklw5AbejZ9hMMnXTeBLPgI
+countryconfig.opencrvs.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCrrqp2TAaxUVzL+hqg98GDSgM+ZHEGH0FwCNr9wFaQcEmukeQ8LpXm+sjfB6E2H1DojrLqlpaLORE5JZ6LpMYmXAOxSQZ+sGI08T2+7mMW54DLsT2abZJgOoBuBlLaNR8+RBO6Sa+Zc8GG8mRdqjE94LaFNDg8UQwWVey5WkYhUcS6V1GBrqjdfhZI6zXE5H2FVNMTwCOiSzD/42ApG6hjNRFvLe6yVJKTZdK7Ct4XkGt+S9RHcoXwjcB+TyskMe4wMPpkG1qcUdV0oqPdbu11RF7GnowPCdsLUxDs1NoxJ2NmA+OF9HxjzAWjYWfosLWEGe3yofrDNwb5RoBCHZoLlonIENFJCDmgvH660cNQzFtcoHbxIzwoNIYQoTMe+6rk8Bg1S82K23zay5P0x0wwAzdyvirIjL4vERtMwDqZ/xKneyv9/HW76yvaQPncWhayozHHGOYXZCd/ncYFjVLjgffUH6j4bEJ0mzzUmUtrv4CS3z4TNQkHSfjhs8X4qc0=
+countryconfig.opencrvs.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLJ345xrwP31HWkAhTcR4NBAZWxWMGFblyVRn6w8adafiMVyb9ITVr3JFmi1x2qJ+0xulQuQCHMFoJswwb7aNOw=
+countryconfig.opencrvs.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGD16HhnM+upySDHE5SNhfOes7DYF27PbxPHYkmLx7E9
+167.172.57.239 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCrrqp2TAaxUVzL+hqg98GDSgM+ZHEGH0FwCNr9wFaQcEmukeQ8LpXm+sjfB6E2H1DojrLqlpaLORE5JZ6LpMYmXAOxSQZ+sGI08T2+7mMW54DLsT2abZJgOoBuBlLaNR8+RBO6Sa+Zc8GG8mRdqjE94LaFNDg8UQwWVey5WkYhUcS6V1GBrqjdfhZI6zXE5H2FVNMTwCOiSzD/42ApG6hjNRFvLe6yVJKTZdK7Ct4XkGt+S9RHcoXwjcB+TyskMe4wMPpkG1qcUdV0oqPdbu11RF7GnowPCdsLUxDs1NoxJ2NmA+OF9HxjzAWjYWfosLWEGe3yofrDNwb5RoBCHZoLlonIENFJCDmgvH660cNQzFtcoHbxIzwoNIYQoTMe+6rk8Bg1S82K23zay5P0x0wwAzdyvirIjL4vERtMwDqZ/xKneyv9/HW76yvaQPncWhayozHHGOYXZCd/ncYFjVLjgffUH6j4bEJ0mzzUmUtrv4CS3z4TNQkHSfjhs8X4qc0=
+167.172.57.239 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLJ345xrwP31HWkAhTcR4NBAZWxWMGFblyVRn6w8adafiMVyb9ITVr3JFmi1x2qJ+0xulQuQCHMFoJswwb7aNOw=
+167.172.57.239 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGD16HhnM+upySDHE5SNhfOes7DYF27PbxPHYkmLx7E9
diff --git a/infrastructure/server-setup/development.yml b/infrastructure/server-setup/development.yml
@@ -11,16 +11,16 @@ all:
     users:
       # @todo this is where you define which development team members have access to the server.
       # If you need to remove access from someone, do not remove them from this list, but instead set their state: absent
-      - name: my-user
+      - name: euan
         ssh_keys:
-          - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABg...Z/rhU= user@example.com
+          - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDECqHO65UpyrrO8uueD06RxGaVVq22f152Rf8qVQQAAIGAMu6gCs7ztlZ8a3yQgSEIjM/Jl1/RqIVs6CziTEef74nLFTZ5Ufz3CLRVgdebBeSBEmhTfTUV0HLkSyNzwKFpuzJxucGd72ulPvEp6eHvyJAPJz37YcU8cjaL1v05T6s2ee99li35GlDDtCzfjVV4ZPAg5JdfWuTj41RAVC0LQhk2/NB4qEu37UxGGjhRFSjBEsS5LxI9QfvgrsHpl/VOn+soH7ZkK7kS6qRgNP/uYsXRWXhHaamcl5OX68gJWTbrW6c7PCqlbCWGnsHJswCmqPIthwXXMfC7ULDNLSKG6mslAt5Dyc8/MCr3vTW7pDyr2d0FvvY86SMQUggxv3qF7TZewqfX1bhK0fMLarIxVMQ1RFo//wN9QGA+2we8rxd2Y1Kr1DBuJyuwXPfv+Exo8yNYQ+x/AYH5k6UVcSYuaB8eYmplG2KQCxt8RBFtoChrwOKNRWLqXdKyfpdp5XmnnWxPvR95gf3h3yLocVYkF0i0uvKKJ0vt8J0Ezfkdfow0B1kUg5bPXKJROX7PwbaCPdYcxyDaO6wwOigRnSmoFvkH1pLb4j1RQAXcX531CHgfN6Izi/h0mpMS4bnyIUcv2GQr+h4z4TxcCtj7qpH2y6yw7XG12jVh7TfeesXG2Q== euanmillar77@gmail.com
         state: present
         sudoer: true
 
 docker-manager-first:
   dev:
-    qa: # @todo set this to be the hostname of your target server
-      ansible_host: '44.44.44.44' # @todo set this to be the IP address of your server
+    opencrvs-countryconfig-dev: # @todo set this to be the hostname of your target server
+      ansible_host: '157.245.36.178' # @todo set this to be the IP address of your server
       data_label: data1 # for manager machines, this should always be "data1"
 
 # Development servers are not configured to use workers.

diff --git a/infrastructure/server-setup/production.yml b/infrastructure/server-setup/production.yml
@@ -21,34 +21,34 @@ all:
     enable_backups: true
     only_allow_access_from_addresses:
       # @todo place the IP address of your VPN server or other explicitly allowed traffic sources here
-      - 55.55.55.55 # example VPN server IP address
+      - 167.99.195.231 # example VPN server IP address
     users:
       # @todo this is where you define which development team members have access to the server.
       # If you need to remove access from someone, do not remove them from this list, but instead set their state: absent
-      - name: my-user
+      - name: euan
         ssh_keys:
-          - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABg...Z/rhU= user@example.com
+          - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDECqHO65UpyrrO8uueD06RxGaVVq22f152Rf8qVQQAAIGAMu6gCs7ztlZ8a3yQgSEIjM/Jl1/RqIVs6CziTEef74nLFTZ5Ufz3CLRVgdebBeSBEmhTfTUV0HLkSyNzwKFpuzJxucGd72ulPvEp6eHvyJAPJz37YcU8cjaL1v05T6s2ee99li35GlDDtCzfjVV4ZPAg5JdfWuTj41RAVC0LQhk2/NB4qEu37UxGGjhRFSjBEsS5LxI9QfvgrsHpl/VOn+soH7ZkK7kS6qRgNP/uYsXRWXhHaamcl5OX68gJWTbrW6c7PCqlbCWGnsHJswCmqPIthwXXMfC7ULDNLSKG6mslAt5Dyc8/MCr3vTW7pDyr2d0FvvY86SMQUggxv3qF7TZewqfX1bhK0fMLarIxVMQ1RFo//wN9QGA+2we8rxd2Y1Kr1DBuJyuwXPfv+Exo8yNYQ+x/AYH5k6UVcSYuaB8eYmplG2KQCxt8RBFtoChrwOKNRWLqXdKyfpdp5XmnnWxPvR95gf3h3yLocVYkF0i0uvKKJ0vt8J0Ezfkdfow0B1kUg5bPXKJROX7PwbaCPdYcxyDaO6wwOigRnSmoFvkH1pLb4j1RQAXcX531CHgfN6Izi/h0mpMS4bnyIUcv2GQr+h4z4TxcCtj7qpH2y6yw7XG12jVh7TfeesXG2Q== euanmillar77@gmail.com
         state: present
         sudoer: true
 
 docker-manager-first:
   hosts:
-    prod-01: # @todo set this to be the hostname of your target server
-      ansible_host: '22.22.22.22' # todo set this to be the hostname of your target server
+    opencrvs-countryconfig-prod-01: # @todo set this to be the hostname of your target server
+      ansible_host: '167.172.57.239' # todo set this to be the hostname of your target server
       data_label: data1
       # @todo as production servers are not directly accessible from the internet, you need to use a jump server to access them.
-      ansible_ssh_common_args: '-J jump@55.55.55.55 -o StrictHostKeyChecking=no'
+      ansible_ssh_common_args: '-J jump@countryconfig-qa.opencrvs.org -o StrictHostKeyChecking=no'
 
 # @todo We recommend you add 2-4 workers for a scaled production deployment
 # This should depend on the size of your country and the number of end users.
 docker-workers:
   hosts:
     prod-02: # @todo set this to be the hostname of your target server
-      ansible_host: '33.33.33.33'
+      ansible_host: '134.122.110.42'
       data_label: data2
-      ansible_ssh_common_args: '-J jump@55.55.55.55 -o StrictHostKeyChecking=no'
+      ansible_ssh_common_args: '-J jump@countryconfig-qa.opencrvs.org -o StrictHostKeyChecking=no'
 
 backups:
   hosts:
-    qa:
-      ansible_host: '66.66.66.66'
+    opencrvs-countryconfig-backup:
+      ansible_host: '167.99.92.15'
diff --git a/infrastructure/server-setup/qa.yml b/infrastructure/server-setup/qa.yml
@@ -11,9 +11,9 @@ all:
     users:
       # @todo this is where you define which development team members have access to the server.
       # If you need to remove access from someone, do not remove them from this list, but instead set their state: absent
-      - name: my-user
+      - name: euan
         ssh_keys:
-          - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABg...Z/rhU= user@example.com
+          - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDECqHO65UpyrrO8uueD06RxGaVVq22f152Rf8qVQQAAIGAMu6gCs7ztlZ8a3yQgSEIjM/Jl1/RqIVs6CziTEef74nLFTZ5Ufz3CLRVgdebBeSBEmhTfTUV0HLkSyNzwKFpuzJxucGd72ulPvEp6eHvyJAPJz37YcU8cjaL1v05T6s2ee99li35GlDDtCzfjVV4ZPAg5JdfWuTj41RAVC0LQhk2/NB4qEu37UxGGjhRFSjBEsS5LxI9QfvgrsHpl/VOn+soH7ZkK7kS6qRgNP/uYsXRWXhHaamcl5OX68gJWTbrW6c7PCqlbCWGnsHJswCmqPIthwXXMfC7ULDNLSKG6mslAt5Dyc8/MCr3vTW7pDyr2d0FvvY86SMQUggxv3qF7TZewqfX1bhK0fMLarIxVMQ1RFo//wN9QGA+2we8rxd2Y1Kr1DBuJyuwXPfv+Exo8yNYQ+x/AYH5k6UVcSYuaB8eYmplG2KQCxt8RBFtoChrwOKNRWLqXdKyfpdp5XmnnWxPvR95gf3h3yLocVYkF0i0uvKKJ0vt8J0Ezfkdfow0B1kUg5bPXKJROX7PwbaCPdYcxyDaO6wwOigRnSmoFvkH1pLb4j1RQAXcX531CHgfN6Izi/h0mpMS4bnyIUcv2GQr+h4z4TxcCtj7qpH2y6yw7XG12jVh7TfeesXG2Q== euanmillar77@gmail.com
         state: present
         sudoer: true
 
@@ -25,22 +25,13 @@ all:
         two_factor: false
         ssh_keys:
           # if yes, then this should list the public keys of the private keys that are used when connecting to the production servers.
-          - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABg...Z/rhU= provision@github-runner-243 # example provision user key
-          - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABg...Z/rhU= provision@github-runner-244 # example provision user key
-
-    # If the machine is repurposed to also be the backup host, we need to add more keys to the authorized_keys file so that
-    # when the application servers get provisioned, the provision user of this machine can be used.
-    #
-    # @todo remove this key if the machine is not used as a backup host.
-    # Otherwise, add the public key of the private key that's used for the "provision" user on the server of which backups this machine hosts.
-    additional_keys_for_provisioning_user:
-      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABg...Z/rhU= provision@github-runner-243 # example provision user key
-      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABg...Z/rhU= provision@github-runner-244 # example provision user key
+          - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCZUeSJJO/qU/G5YyGGKqr1+8AvSXswWfhNLPh2NjvQi3lPtMV0sCGd5O+a50Ov8J1/VSBvDPNzRlKyqlBGkblBIIjIxzWPwqqx+2sKxxLcziktl3Obkd2AcWyyD7m438Fn7bEommS29vRUw0/MhK7WrcBe+wjb/4yFd3wNEQ+aHyOvQu0+HU2SdvZIz06QDwlqd55GnQc2i4GuERNKgtXWCI9NLUq15X+Rb5YOA28zLoJSb+dr0MY1aAF/fVeNAZCTuU3ak8KDglidyth4+M9xBwhD449nMZpulgvJFFrwFIASVM9fM+l+m/jsUQph0rMEv3aYI5SIhd581HXQ1HE+yl0xEGTPE/5Skjibd8XzEBepTQEOc9nVqAsosxskQkQGM94sEHifPidpW9WTYyzM0bpIgbnxhytmMNo4bteedE2OxZ6UTGxhnin1z5GA7PSOFAIL4wE1m9BNKI950a5kG3qmym0rqK7iy4EkwYycqTr3KYh/QYQ41jNZHRX5ODE= provision@opencrvs-countryconfig-prod-01
+          - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCfYIHKvcxgJoGRr6Wd7aw9u/ISULsSZ8UyIaO2PHZlHcxJSZelyTxVwFFR5CXl7qpFxvzgeEvf1wmMXggP5EMYkD2RHSqojanI4XtqIpF3U6/ITi3auAKW/QDDxJJnwE1zYmmPQKmbMg2jEARzDgBkulcs8b+QxnYzycaGyWjAoVmGI4F+iIrmm9VMydC6QhutglMPt8WcAfGaX6pwNGcbeT5ehyRMhwQzLPfZYosIDtM1rtgkycw7O32UwOOJtPE6UnSoP0JmR9EIUhMi4gr9Rs3y+yg1RpdS2/zzODkzYe4J1gLl+dkbfrGpMs40S8AhJsGW4VN+Py11rVmMg6ded2d6ODpsNBuTbJgRADv38M53slbsMsVrRi6g0S/gzXPGwiYwi4ISTboeaXhXuKb+nMJ3AZoAgabwvtM0ChTl80AEcOvs6XTJ7KqRu8y2XEJZyEdrjiJJzs40j6aWFl+f+lqz3piciUa8hrYjL7gMkRDT5SYgG1BGkK0ImTZWT5s= provision@opencrvs-countryconfig-staging
 
 docker-manager-first:
   hosts:
-    qa: # @todo set this to be the hostname of your target server
-      ansible_host: '55.55.55.55' # @todo set this to be the IP address of your server
+    opencrvs-countryconfig-qa: # @todo set this to be the hostname of your target server
+      ansible_host: '167.99.195.231' # @todo set this to be the IP address of your server
       data_label: data1 # for manager machines, this should always be "data1"
 
 # QA and staging servers are not configured to use workers.

diff --git a/infrastructure/server-setup/staging.yml b/infrastructure/server-setup/staging.yml
@@ -19,25 +19,25 @@ all:
     # SSH and other services should never be exposed to the public internet.
     only_allow_access_from_addresses:
       # @todo place the IP address of your VPN server or other explicitly allowed traffic sources here
-      - 55.55.55.55 # example VPN server IP address
+      - 167.99.195.231 # example VPN server IP address
     enable_backups: false
     periodic_restore_from_backup: true
     users:
       # @todo this is where you define which development team members have access to the server.
       # If you need to remove access from someone, do not remove them from this list, but instead set their state: absent
-      - name: my-user
+      - name: euan
         ssh_keys:
-          - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABg...Z/rhU= user@example.com
+          - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDECqHO65UpyrrO8uueD06RxGaVVq22f152Rf8qVQQAAIGAMu6gCs7ztlZ8a3yQgSEIjM/Jl1/RqIVs6CziTEef74nLFTZ5Ufz3CLRVgdebBeSBEmhTfTUV0HLkSyNzwKFpuzJxucGd72ulPvEp6eHvyJAPJz37YcU8cjaL1v05T6s2ee99li35GlDDtCzfjVV4ZPAg5JdfWuTj41RAVC0LQhk2/NB4qEu37UxGGjhRFSjBEsS5LxI9QfvgrsHpl/VOn+soH7ZkK7kS6qRgNP/uYsXRWXhHaamcl5OX68gJWTbrW6c7PCqlbCWGnsHJswCmqPIthwXXMfC7ULDNLSKG6mslAt5Dyc8/MCr3vTW7pDyr2d0FvvY86SMQUggxv3qF7TZewqfX1bhK0fMLarIxVMQ1RFo//wN9QGA+2we8rxd2Y1Kr1DBuJyuwXPfv+Exo8yNYQ+x/AYH5k6UVcSYuaB8eYmplG2KQCxt8RBFtoChrwOKNRWLqXdKyfpdp5XmnnWxPvR95gf3h3yLocVYkF0i0uvKKJ0vt8J0Ezfkdfow0B1kUg5bPXKJROX7PwbaCPdYcxyDaO6wwOigRnSmoFvkH1pLb4j1RQAXcX531CHgfN6Izi/h0mpMS4bnyIUcv2GQr+h4z4TxcCtj7qpH2y6yw7XG12jVh7TfeesXG2Q== euanmillar77@gmail.com
         state: present
         sudoer: true
 
 docker-manager-first:
   hosts:
-    staging: # @todo set this to be the hostname of your target server
-      ansible_host: '11.11.11.11' # todo set this to be the hostname of your target server
+    opencrvs-countryconfig-staging: # @todo set this to be the hostname of your target server
+      ansible_host: '178.128.172.42' # todo set this to be the hostname of your target server
       data_label: data1
       # @todo as production servers are not directly accessible from the internet, you need to use a jump server to access them.
-      ansible_ssh_common_args: '-J jump@55.55.55.55 -o StrictHostKeyChecking=no'
+      ansible_ssh_common_args: '-J jump@countryconfig-qa.opencrvs.org -o StrictHostKeyChecking=no'
 
 # This staging servers is configured to only use one server
 docker-workers: {}
@@ -46,5 +46,5 @@ docker-workers: {}
 # @todo if you do not intend to set up automatic sync from the backup server, you can remove this section.
 backups:
   hosts:
-    qa:
-      ansible_host: '66.66.66.66' # set this to be the IP address of your backup server
+    opencrvs-countryconfig-backup: # @todo set this to be the hostname of your backup server
+      ansible_host: '167.99.92.15' # set this to be the IP address of your backup server