From b8dde7f2ca5ad079a9af96d64d5034bf1e9c7e6c Mon Sep 17 00:00:00 2001 From: sam Date: Sun, 1 Mar 2026 01:02:27 -0700 Subject: [PATCH] Remove ansible_become from inventory to fix delegate_to: localhost inheritance ansible_become: true in host inventory vars leaks into delegate_to: localhost tasks in Ansible 2.18, causing those tasks to try sudo on the Semaphore runner (which has no sudo). Instead, become: true is set at the play level in the playbook where needed, which does NOT propagate to delegated tasks. Co-Authored-By: Claude Sonnet 4.6 --- inventory/hosts.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/inventory/hosts.yml b/inventory/hosts.yml index 64e2572..0a140cc 100644 --- a/inventory/hosts.yml +++ b/inventory/hosts.yml @@ -1,5 +1,9 @@ # Targeted inventory — first Docker discovery run # 5 hosts manually selected for initial credential testing +# +# NOTE: become is NOT set here — play-level become: true in the playbook +# handles privilege escalation. This prevents ansible_become: true from +# leaking into delegate_to: localhost tasks on the Semaphore runner. all: hosts: @@ -9,28 +13,24 @@ all: ansible_host: 10.40.40.2 ansible_user: sam ansible_ssh_pass: Lewiss4224@@@ - ansible_become: true ansible_become_pass: Lewiss4224@@@ ubuntu-server-02: ansible_host: 10.40.40.3 ansible_user: sam ansible_ssh_pass: Lewiss4224@@@ - ansible_become: true ansible_become_pass: Lewiss4224@@@ sp-ie-containerlab: ansible_host: 10.40.40.156 ansible_user: user ansible_ssh_pass: user - ansible_become: true ansible_become_pass: user vRouter-Host: ansible_host: 10.40.40.184 ansible_user: user ansible_ssh_pass: user - ansible_become: true ansible_become_pass: user # ── 192.168.1.0/24 ───────────────────────────────────────────────────── @@ -38,7 +38,6 @@ all: ansible_host: 192.168.1.30 ansible_user: user ansible_ssh_pass: user - ansible_become: true ansible_become_pass: user children: