ansible_become: true in host inventory vars leaks into delegate_to: localhost
tasks in Ansible 2.18, causing those tasks to try sudo on the Semaphore
runner (which has no sudo). Instead, become: true is set at the play level
in the playbook where needed, which does NOT propagate to delegated tasks.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add ansible_become_pass to all hosts (sudo uses same password as SSH)
- Remove truenas-scale and vyos from children groups (no connection info)
- Add ansible.cfg: host_key_checking=False, become=False as default
- Add become: false to wait_for_connection to avoid sudo during SSH test
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- host_credentials.yml.example: template for per-device SSH creds,
matched by IP, subnet CIDR, or global default (actual file is gitignored)
- inventory/hosts.yml: refreshed with 162 hosts (31 NetBox + 135 UniFi)
- .gitignore: exclude host_credentials.yml and run reports
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- find_docker_enroll_portainer.yml: discover Docker hosts across all VLANs,
deploy Portainer Agent, register in Portainer, write discovery report
- inventory/hosts.yml: auto-generated from NetBox (31 hosts) + UniFi clients
(135 unmanaged hosts not in NetBox) across vlan1/vlan40/vlan20
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
