I have (again ;->) a quite unusual situation.
I have a bunch of hosts to which I connect with ansible to perform some tasks. The problem is that they are not mine alone and the authentication is done with password and is based on some central directory service. So I have a shared account for some servers and since the password gets aged-out, there may be a situation that my password stored in keepass is no longer valid.
If I try to run a playbook against an inventory file consiting of some of the servers for which the password is no longer valid I end up locking myself out of the account. So is there a way to make ansible give up on a host (or even better - on a whole bunch of hosts sharing the same credentials) if I get even a single login failure?
I know. I use key-based authentication widely but unfortunately, in this case, it’s not available for me. There are organization-wide password policies and so on so I’m stuck with rotating passwords.
so just do a simple command like echo a message with become before anything else in your play and if that fails register it as a failure and stop the play?
Seems a good path. Will probably have to dig a bit deeper not to fail tasks for other servers for which I have another authentication scheme but at first glance seems a good idea.
Thanks!