---
- name: Ping Portainer via tunnel SSH
  hosts: localhost
  connection: local
  gather_facts: false

  vars:
    ssh_user: root
    ssh_host: bdc.cci17.fr
    ssh_port: 17100

    portainer_internal_ip: 10.30.0.151
    portainer_port: 9443

    local_port: 29443   # tu peux aussi le randomiser si besoin

  tasks:

    - name: Ouvrir le tunnel SSH vers Portainer
      shell: >
        ssh
        -o ExitOnForwardFailure=yes
        -o StrictHostKeyChecking=no
        -N
        -p {{ ssh_port }}
        -L 127.0.0.1:{{ local_port }}:{{ portainer_internal_ip }}:{{ portainer_port }}
        {{ ssh_user }}@{{ ssh_host }}
      async: 60
      poll: 0
      register: ssh_tunnel

    - name: Attendre que le tunnel soit prêt
      wait_for:
        host: 127.0.0.1
        port: "{{ local_port }}"
        delay: 2
        timeout: 10

    - name: Ping HTTPS Portainer via le tunnel
      uri:
        url: "https://127.0.0.1:{{ local_port }}"
        method: GET
        validate_certs: false
        status_code:
          - 200
          - 302
      register: portainer_response

    - name: Afficher le statut Portainer
      debug:
        msg: "✅ Portainer joignable (status {{ portainer_response.status }})"

    - name: Fermer le tunnel SSH
      shell: "kill {{ ssh_tunnel.ansible_job_id }}"
      ignore_errors: true