ansible/inventory/fleet.ini.example

# Example fleet inventory for mutual-TLS cert distribution.
# Copy to fleet.ini and adjust hostnames/IPs.
# Refs #806

[fleet_agents]
timmy    ansible_host=192.168.1.10
allegro  ansible_host=192.168.1.11
ezra     ansible_host=192.168.1.12

[fleet_agents:vars]
ansible_user=hermes
ansible_python_interpreter=/usr/bin/python3
feat: A2A auth — mutual TLS between fleet agents Implements mutual TLS for secure agent-to-agent communication (#806). - scripts/gen_fleet_ca.sh: generate fleet CA (4096-bit RSA, 10-year) - scripts/gen_agent_cert.sh: per-agent cert signed by fleet CA (timmy, allegro, ezra) - agent/a2a_mtls.py: A2AServer requiring client cert verification (CERT_REQUIRED), build_server_ssl_context / build_client_ssl_context helpers, server_from_env() - ansible/roles/fleet_mtls_certs/: distribute CA + per-agent certs to fleet nodes, write /etc/hermes/a2a.env, notify hermes-a2a service on change - ansible/fleet_mtls.yml + ansible/inventory/fleet.ini.example: playbook + example inventory - tests/agent/test_a2a_mtls.py: 11 tests — authorized agent accepted (200/202), self-signed cert rejected, no-cert rejected, lifecycle, env-var wiring Fixes #806 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-21 13:28:28 -04:00			`# Example fleet inventory for mutual-TLS cert distribution.`
			`# Copy to fleet.ini and adjust hostnames/IPs.`
			`# Refs #806`

			`[fleet_agents]`
			`timmy ansible_host=192.168.1.10`
			`allegro ansible_host=192.168.1.11`
			`ezra ansible_host=192.168.1.12`

			`[fleet_agents:vars]`
			`ansible_user=hermes`
			`ansible_python_interpreter=/usr/bin/python3`