hide variable in loop execution

[gabor.de...@privax.com]

Hi All,

I'm running a loop for deploy multiple passwords into one config file:

 

- name: setup virtual router passwords

      replace: dest=/etc/keepalived/keepalived.conf

               regexp='{{ item.pattern }}'

               replace='{{ item.password }}'

      with_items:

        - { pattern: 'virtual_router_id_51_password', password: '{{ virtual_router_id_51_password }}' }

        - { pattern: 'virtual_router_id_52_password', password: '{{ virtual_router_id_52_password }}' }

        - { pattern: 'virtual_router_id_53_password', password: '{{ virtual_router_id_53_password }}' }

        - { pattern: 'virtual_router_id_54_password', password: '{{ virtual_router_id_54_password }}' }

        - { pattern: 'virtual_router_id_55_password', password: '{{ virtual_router_id_55_password }}' }

My problem is that when I'm running the playbook it shows in the console output (and in the log) the passwords, which I definitely would like to avoid:

TASK: [setup virtual router passwords] ****************************************

changed: [lb1] => (item={'pattern': 'virtual_router_id_51_password', 'password': u'thisisthepassword'})

If I'm degrading this replace to a single replace (so deleting the with_items completely) then it's fine:

TASK: [setup virtual router passwords] ****************************************

changed: [lb1]

Is somebody have any idea why the passwords are showing up in the loop?

Thanks.

Gabor

[Brian Coca]

you can set no_log: true on the task to prevent the output and logging.



--
Brian Coca

[gabor.de...@privax.com]

That did the trick, thanks a lot!