By popular request, make the no_log attribute also censor tasks from callbacks.

This commit is contained in:
Michael DeHaan 2014-08-12 13:35:38 -04:00
commit 99c39b1ff3
6 changed files with 61 additions and 3 deletions

View file

@ -250,6 +250,22 @@ If you would like to keep secret data in your Ansible content and still share it
.. _i_dont_see_my_question:
In Ansible 1.8 and later, if you have a task that you don't want to show the results or command given to it when using -v (verbose) mode, the following task or playbook attribute can be useful::
- name: secret task
shell: /usr/bin/do_something --value={{ secret_value }}
no_log: True
This can be used to keep verbose output but hide sensitive information from others who would otherwise like to be able to see the output.
The no_log attribute can also apply to an entire play::
- hosts: all
no_log: True
Though this will make the play somewhat difficult to debug. It's recommended that this
be applied to single tasks only, once a playbook is completed.
I don't see my question here
++++++++++++++++++++++++++++

View file

@ -126,8 +126,9 @@ Also note that host key checking in paramiko mode is reasonably slow, therefore
.. _a_note_about_logging:
Ansible will log some information about module arguments on the remote system in the remote syslog. To enable basic
logging on the control machine see :doc:`intro_configuration` document and set the 'log_path' configuration file setting. Enterprise users may also be interested in :doc:`tower`. Tower provides a very robust database logging feature where it is possible to drill down and see history based on hosts, projects, and particular inventories over time -- explorable both graphically and through a REST API.
Ansible will log some information about module arguments on the remote system in the remote syslog, unless a task or play is marked with a "no_log: True" attribute, explained later.
To enable basic logging on the control machine see :doc:`intro_configuration` document and set the 'log_path' configuration file setting. Enterprise users may also be interested in :doc:`tower`. Tower provides a very robust database logging feature where it is possible to drill down and see history based on hosts, projects, and particular inventories over time -- explorable both graphically and through a REST API.
.. seealso::