aiwg/agentic/code/extensions/it/templates/provisioning-playbook.yaml

Deployment tool and support utility for AI context. Copies agents, skills, commands, rules, and behaviors into the paths each AI platform reads (Claude Code, Codex, Copilot, Cursor, Warp, OpenClaw, and 6 more) so one source of truth works across 10 platfo

apiVersion: ops.aiwg.io/v1
kind: OpsPlaybook
metadata:
  name: provision-host
  labels:
    type: provisioning
spec:
  description: "Provision a new host or VM with DNS registration, base configuration, identity enrollment, monitoring, and verification."
  inventory: fleet-inventory
  targets:
    hosts:
      - "{hostname}"
  vars:
    role: "{role}"
    ip: "{ip-address}"
    domain: "{domain}"
    site: "{site-name}"
    admin_user: "{admin-username}"
    ssh_key_ref: "{ssh-key-reference}"
  steps:
    - id: dns-register
      name: "Register DNS records"
      capability: dns-register
      inputs:
        hostname: "{{ hostname }}"
        ip: "{{ ip }}"
        domain: "{{ domain }}"
        record_type: A
        reverse: true
      on_failure: abort

    - id: base-setup
      name: "Base OS configuration"
      capability: host-standup
      depends_on:
        - dns-register
      inputs:
        hostname: "{{ hostname }}"
        role: "{{ role }}"
        admin_user: "{{ admin_user }}"
        ssh_key_ref: "{{ ssh_key_ref }}"
        packages:
          - curl
          - jq
          - htop
          - unattended-upgrades
      on_failure: abort

    - id: identity-enroll
      name: "Enroll in identity provider"
      capability: identity-enroll
      depends_on:
        - base-setup
      inputs:
        hostname: "{{ hostname }}"
        realm: "{idp-realm}"
        role: "{{ role }}"
        groups:
          - "{default-group}"
      on_failure: abort

    - id: monitoring-register
      name: "Register with monitoring stack"
      capability: monitoring-register
      depends_on:
        - base-setup
      inputs:
        hostname: "{{ hostname }}"
        ip: "{{ ip }}"
        exporters:
          - node-exporter
          - "{role-specific-exporter}"
        dashboard_template: "{dashboard-template}"
        alert_group: "{alert-group}"
      on_failure: warn

    - id: backup-configure
      name: "Configure backup schedule"
      capability: backup-configure
      depends_on:
        - base-setup
      inputs:
        hostname: "{{ hostname }}"
        method: "{restic|borgbackup}"
        schedule: "{cron-expression}"
        retention: "{days}"
        paths:
          - /etc
          - "{data-paths}"
      on_failure: warn

    - id: asset-register
      name: "Register in CMDB"
      capability: host-inventory
      depends_on:
        - dns-register
        - base-setup
      inputs:
        hostname: "{{ hostname }}"
        ip: "{{ ip }}"
        role: "{{ role }}"
        site: "{{ site }}"
        owner: "{owner}"
        sla_tier: "{gold|silver|bronze}"
      on_failure: warn

    - id: verify
      name: "End-to-end verification"
      capability: host-verify
      depends_on:
        - dns-register
        - base-setup
        - identity-enroll
        - monitoring-register
        - asset-register
      inputs:
        hostname: "{{ hostname }}"
        checks:
          - dns_resolves
          - ssh_reachable
          - identity_enrolled
          - monitoring_reporting
          - cmdb_registered
      on_failure: abort