Refactor portainer.yml and check_stack_nextcloud.yml: restore ansible_password, enhance sudo settings, and improve command formatting for clarity.

2025-10-03 15:30:32 +02:00
parent 52fcb80ec4
commit 004b560004
2 changed files with 23 additions and 6 deletions
--- a/host_vars/portainer.yml
+++ b/host_vars/portainer.yml
@@ -1,6 +1,14 @@
 ansible_user: howard
-ansible_password: "x"
-
+ansible_password: "Papadopolus0"     # TIP: Put this in Ansible Vault.
 ansible_connection: ssh
 ansible_port: 22
-ansible_ssh_common_args: "-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -J root@192.168.69.2"
+ansible_ssh_common_args: >-
+  -o StrictHostKeyChecking=no
+  -o UserKnownHostsFile=/dev/null
+  -J root@192.168.69.2
+
+# If howard is NOT in the 'docker' group, we need sudo:
+ansible_become: true
+ansible_become_method: sudo
+# If sudo asks for a password, also set:
+# ansible_become_password: "*******"   # ideally via Vault
--- a/nextcloud/check_stack_nextcloud.yml
+++ b/nextcloud/check_stack_nextcloud.yml
@@ -2,8 +2,13 @@
 - name: Nextcloud maintenance (cron, app updates, repair, status, health check)
  hosts: nextcloud_host
  gather_facts: false
+  become: true
+  become_user: root
+  become_method: sudo
+
  vars:
    nextcloud_container: nextcloud
+
  tasks:
    - name: Ensure docker CLI is available
      ansible.builtin.command:
@@ -15,10 +20,14 @@

    - name: Verify Nextcloud container is running
      ansible.builtin.command:
-        argv: ["docker", "ps", "--format", "{{.Names}}"]
+        argv:
+          - docker
+          - ps
+          - --format
+          - "{{ '{{' }}.Names{{ '}}' }}"
      changed_when: false
      register: docker_ps
-      # English: List running containers by name.
+      # English: We must escape Go template braces so Ansible doesn't render them.

    - name: Fail if '{{ nextcloud_container }}' is not running
      ansible.builtin.fail:
@@ -100,4 +109,4 @@
              - "repair stdout: {{ repair_run.stdout | default('') }}"
              - "repair stderr: {{ repair_run.stderr | default('') }}"
              - "occ status:\n{{ occ_status.stdout | default('') }}"
-              - "health stdout:\n{{ health.stdout | default('') }}"
+              - "health stdout:\n{{ health.stdout | default('') }}"