From 7d902bc6a1d583311919eb2a003cd824521679e9 Mon Sep 17 00:00:00 2001
From: "l.covela" <l.covela@charente-maritime.cci.fr>
Date: Mon, 19 Jan 2026 11:10:58 +0100
Subject: [PATCH] Actualiser ping-portainer.yml

---
 ping-portainer.yml | 49 ++++++++++++++++++++++++++++------------------
 1 file changed, 30 insertions(+), 19 deletions(-)

diff --git a/ping-portainer.yml b/ping-portainer.yml
index 0e96bf9..6b9f84f 100644
--- a/ping-portainer.yml
+++ b/ping-portainer.yml
@@ -12,44 +12,55 @@
     portainer_internal_ip: 10.30.0.151
     portainer_port: 9443
 
-    local_port: 29443   # tu peux aussi le randomiser si besoin
+    # Port local aléatoire pour éviter les collisions entre jobs Semaphore
+    local_port: "{{ 20000 + (9999 | random) }}"
+
+    # Socket ControlMaster (pour fermer proprement le tunnel)
+    ssh_control_socket: "/tmp/ansible-ssh-tunnel-{{ local_port }}.sock"
 
   tasks:
-
-    - name: Ouvrir le tunnel SSH vers Portainer
+    - name: Ouvrir le tunnel SSH (fork en background)
       shell: >
         ssh
+        -p {{ ssh_port }}
         -o ExitOnForwardFailure=yes
         -o StrictHostKeyChecking=no
-        -N
-        -p {{ ssh_port }}
+        -o UserKnownHostsFile=/dev/null
+        -o ServerAliveInterval=10
+        -o ServerAliveCountMax=3
+        -M -S {{ ssh_control_socket }}
+        -f -N
         -L 127.0.0.1:{{ local_port }}:{{ portainer_internal_ip }}:{{ portainer_port }}
         {{ ssh_user }}@{{ ssh_host }}
-      async: 60
-      poll: 0
-      register: ssh_tunnel
+      register: tunnel_open
+      changed_when: true
+      failed_when: tunnel_open.rc != 0
 
-    - name: Attendre que le tunnel soit prêt
+    - name: Attendre que le port local du tunnel soit en écoute
       wait_for:
         host: 127.0.0.1
         port: "{{ local_port }}"
-        delay: 2
-        timeout: 10
+        delay: 1
+        timeout: 20
 
     - name: Ping HTTPS Portainer via le tunnel
       uri:
-        url: "https://127.0.0.1:{{ local_port }}"
+        url: "https://127.0.0.1:{{ local_port }}/"
         method: GET
         validate_certs: false
-        status_code:
-          - 200
-          - 302
+        return_content: false
+        status_code: [200, 301, 302, 403]
       register: portainer_response
 
-    - name: Afficher le statut Portainer
+    - name: OK
       debug:
-        msg: "✅ Portainer joignable (status {{ portainer_response.status }})"
+        msg: "✅ Portainer joignable via tunnel (status {{ portainer_response.status }})"
 
-    - name: Fermer le tunnel SSH
-      shell: "kill {{ ssh_tunnel.ansible_job_id }}"
+  always:
+    - name: Fermer le tunnel SSH (si ouvert)
+      shell: >
+        ssh -p {{ ssh_port }}
+        -S {{ ssh_control_socket }}
+        -O exit
+        {{ ssh_user }}@{{ ssh_host }}
       ignore_errors: true