Hi
Running Ansible 1.8.2 and I am trying to prevent sensitive information for
a task from reaching the log at ANSIBLE_LOG_PATH or the console where
ansible-playbook is running.
My task:
- name: Dump database
command: pg_dump -with -some -params
environment:
PGPASSWORD: mysecret
no_log: True
When running with ANSIBLE_LOG_PATH=notsosecret.log ansible-playbook
mybook.yml -vvv this is my console output:
TASK: [Dump database] **********************************************
<ec2-x-x-x-x.us-west-2.compute.amazonaws.com> ESTABLISH CONNECTION FOR
USER: ubuntu
<ec2-x-x-x-x.us-west-2.compute.amazonaws.com> REMOTE_MODULE command
pg_dump -with -some -params NO_LOG=True
<ec2-x-x-x-x.us-west-2.compute.amazonaws.com> EXEC ssh -C -q -o
ControlMaster=auto -o ControlPersist=4h -o
ControlPath="/home/ubuntu/.ansible/cp/ansible-ssh-%h-%p-%r" -o
StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no
-o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o ConnectTimeout=10
ec2-x-x-x-x.us-west-2.compute.amazonaws.com /bin/sh -c 'LANG=C
PGPASSWORD=mysecret LC_CTYPE=C /usr/bin/python'
And my log file:
2015-01-14 02:40:45,102 p=3055 u=ubuntu | TASK: [Dump database]
**********************************************
2015-01-14 02:40:45,108 p=3055 u=ubuntu |
<ec2-x-x-x-x.us-west-2.compute.amazonaws.com> ESTABLISH CONNECTION FOR
USER: ubuntu
2015-01-14 02:40:45,110 p=3055 u=ubuntu |
<ec2-x-x-x-x.us-west-2.compute.amazonaws.com> REMOTE_MODULE command
pg_dump -with -some -params NO_LOG=True
2015-01-14 02:40:45,121 p=3055 u=ubuntu |
<ec2-x-x-x-x.us-west-2.compute.amazonaws.com> EXEC ssh -C -q -o
ControlMaster=auto -o ControlPersist=4h -o
ControlPath="/home/ubuntu/.ansible/cp/ansible-ssh-%h-%p-%r" -o
StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no
-o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o ConnectTimeout=10
ec2-x-x-x-x.us-west-2.compute.amazonaws.com /bin/sh -c 'LANG=C
PGPASSWORD=mysecret LC_CTYPE=C /usr/bin/python'
Is this a bug/regression? I read
https://github.com/ansible/ansible/issues/8647 which seems related and
should be included in 1.8.2 if I’m not mistaken.
Regards
Tom
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAAnNz0PufY-50A2ao3ThUa9evDfmr%2B32v9ZKJaCQ0YWE5aJ_kg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
