- Play 3: Run Portainer API calls from remote hosts directly (no
delegate_to: localhost). Add validate_certs: false for self-signed cert.
- Play 4: Replace localhost file report with debug output using run_once.
No filesystem writes = no privilege escalation needed on the runner.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add ansible_become_pass to all hosts (sudo uses same password as SSH)
- Remove truenas-scale and vyos from children groups (no connection info)
- Add ansible.cfg: host_key_checking=False, become=False as default
- Add become: false to wait_for_connection to avoid sudo during SSH test
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add become: false to Play 4 (report) to prevent sudo on Semaphore host
- Add become: false to all delegate_to: localhost tasks in Plays 2 & 3
- Update usage comment to reflect correct inventory path (inventory/hosts.yml)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- find_docker_enroll_portainer.yml: discover Docker hosts across all VLANs,
deploy Portainer Agent, register in Portainer, write discovery report
- inventory/hosts.yml: auto-generated from NetBox (31 hosts) + UniFi clients
(135 unmanaged hosts not in NetBox) across vlan1/vlan40/vlan20
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
