You can try to add "serial: 1" to your play in your playbook so if it fails to ssh to first host, it won't try to connect to the 2nd host. By default, it tries to connect 5 hosts at a time and usually that is enough to trigger the account to be locked.
Regards, Tony Chia On Monday, October 22, 2018 at 12:57:43 AM UTC-7, Libor Burda wrote: > > Hello everyone. > > Is there any way how to store credentials in one Vault file, so that these > credentials are applied for each host? > > For example, when I create group_vars/all.yml and store creds here and > then execute playbook with --limit=single_host, these credentials are not > applied. I probably would have to create vault file for each host, but > that's crazy when you have thousands of servers. > > The goal is to stop Ansible execution once you put wrong ssh password. > Right now, Ansible tries to connect with wrong password, it fails, and our > SIEM detects this as attack and locks the account instantly. > > Or is there any alternative way how to prevent this from happening? > > Thanks in advance. > > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/77eaba12-60cc-46b6-b7b2-2ec6cb9973e0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
