is there any mechanism that checks if the SSH/SUDO password is correct? When deploying a playbook across the whole environment, after putting in the wrong password, ansible runs on all hosts with the wrong password, it fails and my LDAP/AD account is locked out.
Since, as it turns out, Ansible does not seem to have this functionality, I decided to create a workaround myself: in site.yml, I added a role that only runs on one server and has 1 or optionally 2 tasks in it. The first one checks if login itself works, the second one checks if sudo works.
- name: Check ssh password first
command: echo "ssh password correct"
changed_when: false
- name: Check sudo password first
command: echo "sudo password correct"
become: yes
changed_when: false