sam/ansible-automation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix become passwords, stale children groups, and localhost sudo

Browse Source 
- Add ansible_become_pass to all hosts (sudo uses same password as SSH)
- Remove truenas-scale and vyos from children groups (no connection info)
- Add ansible.cfg: host_key_checking=False, become=False as default
- Add become: false to wait_for_connection to avoid sudo during SSH test

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
sam 2026-03-01 00:47:27 -07:00
parent 00c3288452
commit af320f2341
3 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ansible.cfg Normal file
View File

@ -0,0 +1,7 @@
[defaults]
# Do not prompt or fail on unknown host keys (Semaphore runner has no ~/.ssh/known_hosts)
host_key_checking = False
# Disable become by default — playbooks/tasks set become: true explicitly where needed.
# This overrides any system-wide become=True in /etc/ansible/ansible.cfg on the runner.
become = False

13
inventory/hosts.yml
View File

@ -1,6 +1,5 @@
# Targeted inventory — first Docker discovery run # Targeted inventory — first Docker discovery run
# 6 hosts manually selected for initial credential testing # 5 hosts manually selected for initial credential testing
# Replace CHANGEME with real credentials, then push to Gitea
all: all:
hosts: hosts:
@ -11,24 +10,28 @@ all:
ansible_user: sam ansible_user: sam
ansible_ssh_pass: Lewiss4224@@@ ansible_ssh_pass: Lewiss4224@@@
ansible_become: true ansible_become: true
ansible_become_pass: Lewiss4224@@@
ubuntu-server-02: ubuntu-server-02:
ansible_host: 10.40.40.3 ansible_host: 10.40.40.3
ansible_user: sam ansible_user: sam
ansible_ssh_pass: Lewiss4224@@@ ansible_ssh_pass: Lewiss4224@@@
ansible_become: true ansible_become: true
ansible_become_pass: Lewiss4224@@@
sp-ie-containerlab: sp-ie-containerlab:
ansible_host: 10.40.40.156 ansible_host: 10.40.40.156
ansible_user: user ansible_user: user
ansible_ssh_pass: user ansible_ssh_pass: user
ansible_become: true ansible_become: true
ansible_become_pass: user
vRouter-Host: vRouter-Host:
ansible_host: 10.40.40.184 ansible_host: 10.40.40.184
ansible_user: user ansible_user: user
ansible_ssh_pass: user ansible_ssh_pass: user
ansible_become: true ansible_become: true
ansible_become_pass: user
# ── 192.168.1.0/24 ───────────────────────────────────────────────────── # ── 192.168.1.0/24 ─────────────────────────────────────────────────────
wazuh-graylog-server: wazuh-graylog-server:
@ -36,6 +39,7 @@ all:
ansible_user: user ansible_user: user
ansible_ssh_pass: user ansible_ssh_pass: user
ansible_become: true ansible_become: true
ansible_become_pass: user
children: children:
subnet_vlan40_10_40_40: subnet_vlan40_10_40_40:
@ -43,9 +47,8 @@ all:
ubuntu-server-01: {} ubuntu-server-01: {}
ubuntu-server-02: {} ubuntu-server-02: {}
sp-ie-containerlab: {} sp-ie-containerlab: {}
vRouter-Host: {}
subnet_vlan1_192_168_1: subnet_vlan1_192_168_1:
hosts: hosts:
wazuh-graylog-server: {} wazuh-graylog-server: {}
truenas-scale: {}
vyos: {}

1
playbooks/find_docker_enroll_portainer.yml
View File

@ -27,6 +27,7 @@
ansible.builtin.wait_for_connection: ansible.builtin.wait_for_connection:
timeout: 10 timeout: 10
register: ssh_check register: ssh_check
become: false
ignore_errors: true ignore_errors: true
- name: Gather minimal facts for reachable hosts - name: Gather minimal facts for reachable hosts