From bbaaf655fac2e7601526a23e68ec9288433c4dbe Mon Sep 17 00:00:00 2001 From: Hermes Agent service account Date: Fri, 29 May 2026 22:57:00 -0500 Subject: [PATCH] fix(semaphore): become_key=None (wed has passwordless sudo) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Semaphore rejected the previous become_key=wed-ssh with 'access key type not supported for ansible become user' — that field is for a sudo PASSWORD (login_password type), not a reused SSH key. wed has passwordless sudo on every host (set up by the VM template), so the correct value is the built-in 'None' key. --- ansible/group_vars/all/semaphore.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ansible/group_vars/all/semaphore.yml b/ansible/group_vars/all/semaphore.yml index 13210ea..02e64bd 100644 --- a/ansible/group_vars/all/semaphore.yml +++ b/ansible/group_vars/all/semaphore.yml @@ -90,7 +90,10 @@ semaphore_config: # wed is the universal automation account pre-baked in every VM # template. Semaphore uses it for fleet-wide jobs. ssh_key: wed-ssh - become_key: wed-ssh + # become_key is Semaphore's sudo PASSWORD slot, not a second SSH + # key. wed has passwordless sudo on every host, so reference the + # built-in "None" key. (Semaphore rejects an SSH-type key here.) + become_key: None environments: - name: default