Actualiser ping-portainer.yml

2026-01-19 11:10:58 +01:00 · 2026-01-19 11:10:58 +01:00 · 7d902bc6a1
parent 776b8e3b51
commit 7d902bc6a1
1 changed files with 30 additions and 19 deletions
--- a/ping-portainer.yml
+++ b/ping-portainer.yml
@ -12,44 +12,55 @@
    portainer_internal_ip: 10.30.0.151
    portainer_port: 9443

-    local_port: 29443   # tu peux aussi le randomiser si besoin
+    # Port local aléatoire pour éviter les collisions entre jobs Semaphore
+    local_port: "{{ 20000 + (9999 | random) }}"
+
+    # Socket ControlMaster (pour fermer proprement le tunnel)
+    ssh_control_socket: "/tmp/ansible-ssh-tunnel-{{ local_port }}.sock"

  tasks:
-
-    - name: Ouvrir le tunnel SSH vers Portainer
+    - name: Ouvrir le tunnel SSH (fork en background)
      shell: >
        ssh
+        -p {{ ssh_port }}
        -o ExitOnForwardFailure=yes
        -o StrictHostKeyChecking=no
-        -N
-        -p {{ ssh_port }}
+        -o UserKnownHostsFile=/dev/null
+        -o ServerAliveInterval=10
+        -o ServerAliveCountMax=3
+        -M -S {{ ssh_control_socket }}
+        -f -N
        -L 127.0.0.1:{{ local_port }}:{{ portainer_internal_ip }}:{{ portainer_port }}
        {{ ssh_user }}@{{ ssh_host }}
-      async: 60
-      poll: 0
-      register: ssh_tunnel
+      register: tunnel_open
+      changed_when: true
+      failed_when: tunnel_open.rc != 0

-    - name: Attendre que le tunnel soit prêt
+    - name: Attendre que le port local du tunnel soit en écoute
      wait_for:
        host: 127.0.0.1
        port: "{{ local_port }}"
-        delay: 2
-        timeout: 10
+        delay: 1
+        timeout: 20

    - name: Ping HTTPS Portainer via le tunnel
      uri:
-        url: "https://127.0.0.1:{{ local_port }}"
+        url: "https://127.0.0.1:{{ local_port }}/"
        method: GET
        validate_certs: false
-        status_code:
-          - 200
-          - 302
+        return_content: false
+        status_code: [200, 301, 302, 403]
      register: portainer_response

-    - name: Afficher le statut Portainer
+    - name: OK
      debug:
-        msg: "✅ Portainer joignable (status {{ portainer_response.status }})"
+        msg: "✅ Portainer joignable via tunnel (status {{ portainer_response.status }})"

-    - name: Fermer le tunnel SSH
-      shell: "kill {{ ssh_tunnel.ansible_job_id }}"
+  always:
+    - name: Fermer le tunnel SSH (si ouvert)
+      shell: >
+        ssh -p {{ ssh_port }}
+        -S {{ ssh_control_socket }}
+        -O exit
+        {{ ssh_user }}@{{ ssh_host }}
      ignore_errors: true