diff --git a/ping-portainer.yml b/ping-portainer.yml
index 6b9f84f..56087a2 100644
--- a/ping-portainer.yml
+++ b/ping-portainer.yml
@@ -12,55 +12,53 @@
     portainer_internal_ip: 10.30.0.151
     portainer_port: 9443
 
-    # Port local aléatoire pour éviter les collisions entre jobs Semaphore
     local_port: "{{ 20000 + (9999 | random) }}"
-
-    # Socket ControlMaster (pour fermer proprement le tunnel)
     ssh_control_socket: "/tmp/ansible-ssh-tunnel-{{ local_port }}.sock"
 
   tasks:
-    - name: Ouvrir le tunnel SSH (fork en background)
-      shell: >
-        ssh
-        -p {{ ssh_port }}
-        -o ExitOnForwardFailure=yes
-        -o StrictHostKeyChecking=no
-        -o UserKnownHostsFile=/dev/null
-        -o ServerAliveInterval=10
-        -o ServerAliveCountMax=3
-        -M -S {{ ssh_control_socket }}
-        -f -N
-        -L 127.0.0.1:{{ local_port }}:{{ portainer_internal_ip }}:{{ portainer_port }}
-        {{ ssh_user }}@{{ ssh_host }}
-      register: tunnel_open
-      changed_when: true
-      failed_when: tunnel_open.rc != 0
+    - block:
 
-    - name: Attendre que le port local du tunnel soit en écoute
-      wait_for:
-        host: 127.0.0.1
-        port: "{{ local_port }}"
-        delay: 1
-        timeout: 20
+        - name: Ouvrir le tunnel SSH (fork en background)
+          shell: >
+            ssh
+            -p {{ ssh_port }}
+            -o ExitOnForwardFailure=yes
+            -o StrictHostKeyChecking=no
+            -o UserKnownHostsFile=/dev/null
+            -o ServerAliveInterval=10
+            -o ServerAliveCountMax=3
+            -M -S {{ ssh_control_socket }}
+            -f -N
+            -L 127.0.0.1:{{ local_port }}:{{ portainer_internal_ip }}:{{ portainer_port }}
+            {{ ssh_user }}@{{ ssh_host }}
+          register: tunnel_open
+          changed_when: true
 
-    - name: Ping HTTPS Portainer via le tunnel
-      uri:
-        url: "https://127.0.0.1:{{ local_port }}/"
-        method: GET
-        validate_certs: false
-        return_content: false
-        status_code: [200, 301, 302, 403]
-      register: portainer_response
+        - name: Attendre que le port local du tunnel soit en écoute
+          wait_for:
+            host: 127.0.0.1
+            port: "{{ local_port }}"
+            delay: 1
+            timeout: 20
 
-    - name: OK
-      debug:
-        msg: "✅ Portainer joignable via tunnel (status {{ portainer_response.status }})"
+        - name: Ping HTTPS Portainer via le tunnel
+          uri:
+            url: "https://127.0.0.1:{{ local_port }}/"
+            method: GET
+            validate_certs: false
+            return_content: false
+            status_code: [200, 301, 302, 403]
+          register: portainer_response
 
-  always:
-    - name: Fermer le tunnel SSH (si ouvert)
-      shell: >
-        ssh -p {{ ssh_port }}
-        -S {{ ssh_control_socket }}
-        -O exit
-        {{ ssh_user }}@{{ ssh_host }}
-      ignore_errors: true
+        - name: OK
+          debug:
+            msg: "✅ Portainer joignable via tunnel (status {{ portainer_response.status }})"
+
+      always:
+        - name: Fermer le tunnel SSH (si ouvert)
+          shell: >
+            ssh -p {{ ssh_port }}
+            -S {{ ssh_control_socket }}
+            -O exit
+            {{ ssh_user }}@{{ ssh_host }}
+          ignore_errors: true