You can try to add "serial: 1" to your play in your playbook so if it fails to ssh to first host, it won't try to connect to the 2nd host. By default, it tries to connect 5 hosts at a time and usually that is enough to trigger the account to be locked.
Regards, Tony Chia On Monday, October 22, 2018 at 12:57:43 AM UTC-7, Libor Burda wrote: > > Hello everyone. > > Is there any way how to store credentials in one Vault file, so that these > credentials are applied for each host? > > For example, when I create group_vars/all.yml and store creds here and > then execute playbook with --limit=single_host, these credentials are not > applied. I probably would have to create vault file for each host, but > that's crazy when you have thousands of servers. > > The goal is to stop Ansible execution once you put wrong ssh password. > Right now, Ansible tries to connect with wrong password, it fails, and our > SIEM detects this as attack and locks the account instantly. > > Or is there any alternative way how to prevent this from happening? > > Thanks in advance. > > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/77eaba12-60cc-46b6-b7b2-2ec6cb9973e0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
