From 9fa819a10d1e5fb39fcffc007f80ab4ed9a13f4b Mon Sep 17 00:00:00 2001
From: sam <info@apodacalab.com>
Date: Sun, 1 Mar 2026 01:26:33 -0700
Subject: [PATCH] Remove AGENT_HOST: bind to 0.0.0.0, not the host IP

Setting AGENT_HOST to the host's real IP (e.g. 10.40.40.3) causes the agent
to try binding to that specific address inside the container, which fails with
'cannot assign requested address' because the container only has a Docker
bridge interface.

Without AGENT_HOST the agent binds to 0.0.0.0:9001 and Docker's port mapping
(-p 9001:9001) forwards traffic correctly. The TLSSkipVerify on the Portainer
registration already handles the bridge-IP cert mismatch.

Fixes: portainer_agent restart loop on snap-based Docker hosts.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 playbooks/find_docker_enroll_portainer.yml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/playbooks/find_docker_enroll_portainer.yml b/playbooks/find_docker_enroll_portainer.yml
index 8668cac..4d699c0 100644
--- a/playbooks/find_docker_enroll_portainer.yml
+++ b/playbooks/find_docker_enroll_portainer.yml
@@ -126,9 +126,6 @@
           - /var/run/docker.sock:/var/run/docker.sock
         env:
           AGENT_PORT: "9001"
-          # Ensures the agent's self-signed TLS cert covers the host's real IP,
-          # not just the Docker bridge (172.17.0.x) IP.
-          AGENT_HOST: "{{ ansible_host }}"
       when: "'Up' not in (agent_status.stdout | default(''))"
       register: agent_deployed
       ignore_errors: true