Disabling auto assign to ferm__ansible_controllers

[kaktus42]

I was wondering if it is possible to disable the automatic addition of my current IP to ferm__ansible_controllers. I have a dynamic IP and want to not have my current IP (which is not mine tomorrow) unblocked access to the server.
Has there been a discussion about this somewhere already?

[drybjed]

Just a reminder, the project development has been consoldated in the debops/debops repository, so you should switch to that one.

The definition of Ansible Controller IP addresses is done in the debops.core role. I haven't checked yet, but I think that if you define core__fact_ansible_controllers variable in the inventory to an empty list ([]), it should disable the gathering of the current Ansible Controller IP address.

It's probably a common enough use case that would warrant a mention in the documentation. I'll add a way to disable this functionality if the above does not work. Still, in this case use of a bastion host would probably be recommended, otherwise you will get yourself banned on the firewall level pretty fast with default configuration.

[kaktus42]

I tried it, but the current IP is still written into the facts file under ansible_controllers.

However, digging deeper, I found setting core__active_controller: "" solves it.

We have a quite small infrastructure with only 2 servers. I don't see that a bastion host for that makes sense economically. Or do you have a different idea for that case?
I am controlling the access via sshd__whitelist on some ISP IP ranges.