Remove AGENT_HOST: bind to 0.0.0.0, not the host IP

Setting AGENT_HOST to the host's real IP (e.g. 10.40.40.3) causes the agent to try binding to that specific address inside the container, which fails with 'cannot assign requested address' because the container only has a Docker bridge interface. Without AGENT_HOST the agent binds to 0.0.0.0:9001 and Docker's port mapping (-p 9001:9001) forwards traffic correctly. The TLSSkipVerify on the Portainer registration already handles the bridge-IP cert mismatch. Fixes: portainer_agent restart loop on snap-based Docker hosts. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-01 01:26:33 -07:00 · 2026-03-01 01:26:33 -07:00 · 9fa819a10d
commit 9fa819a10d
parent 30c28fd200
1 changed files with 0 additions and 3 deletions
--- a/playbooks/find_docker_enroll_portainer.yml
+++ b/playbooks/find_docker_enroll_portainer.yml
@ -126,9 +126,6 @@
          - /var/run/docker.sock:/var/run/docker.sock
        env:
          AGENT_PORT: "9001"
-          # Ensures the agent's self-signed TLS cert covers the host's real IP,
-          # not just the Docker bridge (172.17.0.x) IP.
-          AGENT_HOST: "{{ ansible_host }}"
      when: "'Up' not in (agent_status.stdout | default(''))"
      register: agent_deployed
      ignore_errors: true