forked from jakub/ansible
Refactor portainer.yml and miniplay.yml: improve task naming consistency and enhance comments for clarity.
This commit is contained in:
fencl
@@ -1,19 +1,25 @@
|
|||||||
ansible_user: howard
|
ansible_user: howard
|
||||||
ansible_password: "Papadopolus0" # English: SSH password for howard@portainer
|
ansible_password: "Papadopolus0" # English: SSH password for howard@portainer
|
||||||
ansible_connection: ssh
|
ansible_connection: ssh
|
||||||
ansible_port: 22
|
ansible_port: 22
|
||||||
|
|
||||||
|
# English: Force password/keyboard-interactive auth and disable pubkey for the target hop.
|
||||||
|
# This avoids cases where OpenSSH sticks to pubkey and never falls back to password in CI.
|
||||||
ansible_ssh_common_args: >-
|
ansible_ssh_common_args: >-
|
||||||
-o StrictHostKeyChecking=no
|
-o StrictHostKeyChecking=no
|
||||||
-o UserKnownHostsFile=/dev/null
|
-o UserKnownHostsFile=/dev/null
|
||||||
|
-o PreferredAuthentications=keyboard-interactive,password
|
||||||
|
-o PubkeyAuthentication=no
|
||||||
|
-o KbdInteractiveAuthentication=yes
|
||||||
-J root@192.168.69.2
|
-J root@192.168.69.2
|
||||||
|
|
||||||
# English: We escalate to root via sudo.
|
# English: Make sure Ansible passes the password to SSH (older setups still read these).
|
||||||
|
ansible_ssh_pass: "Papadopolus0"
|
||||||
|
|
||||||
|
# English: If you need sudo later, keep become and provide sudo password.
|
||||||
ansible_become: true
|
ansible_become: true
|
||||||
ansible_become_method: sudo
|
ansible_become_method: sudo
|
||||||
|
|
||||||
# English: SUDO password for howard (often same as SSH password; change if different).
|
|
||||||
ansible_become_password: "Papadopolus0"
|
ansible_become_password: "Papadopolus0"
|
||||||
|
|
||||||
# (Optional, for older installs—harmless to keep both)
|
# English: Pipelining reduces SSH roundtrips and avoids TTY prompts in some sudo configs.
|
||||||
ansible_ssh_pass: "Papadopolus0"
|
ansible_ssh_pipelining: true
|
||||||
ansible_sudo_pass: "Papadopolus0"
|
|
||||||
@@ -1,24 +1,25 @@
|
|||||||
---
|
---
|
||||||
- name: pure SSH and then sudo
|
- name: "pure SSH and then sudo"
|
||||||
hosts: nextcloud_host
|
hosts: nextcloud_host
|
||||||
gather_facts: false
|
gather_facts: false
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Who am I as SSH user? (no sudo)
|
- name: "Who am I as SSH user? (no sudo)"
|
||||||
become: false
|
become: false
|
||||||
ansible.builtin.command: whoami
|
ansible.builtin.command: whoami
|
||||||
changed_when: false
|
changed_when: false
|
||||||
register: who
|
register: who
|
||||||
|
|
||||||
- ansible.builtin.debug:
|
- name: "Show SSH user"
|
||||||
|
ansible.builtin.debug:
|
||||||
msg: "SSH user is: {{ who.stdout }}"
|
msg: "SSH user is: {{ who.stdout }}"
|
||||||
|
|
||||||
- name: Who am I with sudo? (explicit become)
|
- name: "Who am I with sudo? (explicit become)"
|
||||||
become: true
|
become: true
|
||||||
become_method: sudo
|
become_method: sudo
|
||||||
ansible.builtin.command: whoami
|
ansible.builtin.command: whoami
|
||||||
changed_when: false
|
changed_when: false
|
||||||
register: who_root
|
register: who_root
|
||||||
|
|
||||||
- ansible.builtin.debug:
|
- name: "Show become user"
|
||||||
|
ansible.builtin.debug:
|
||||||
msg: "Become user is: {{ who_root.stdout }}"
|
msg: "Become user is: {{ who_root.stdout }}"
|
||||||
Reference in New Issue
Block a user