Ansible 'no_log' 用于调试输出中的特定值，而不是整个模块 [英] Ansible 'no_log' for specific values in debug output, not entire module

问题描述

我正在为 Ansible 自动化 (EX407) 的 RedHat 认证专家学习，我正在尝试使用 no_log 模块参数.我有一个这样结构的示例剧本；

I am studying for the RedHat Certified Specialist in Ansible Automation (EX407) and I'm playing around with the no_log module parameter. I have a sample playbook structured as so;

---
- hosts: webservers
  tasks:
  - name: Query vCenter
    vmware_guest:
      hostname: "{{ vcenter['host'] }}"
      username: "{{ vcenter['username'] }}"
      password: "{{ vcenter['password'] }}"
      name: "{{ inventory_hostname }}"
      validate_certs: no
    delegate_to: localhost
    no_log: yes
...

当 no_log 被禁用时，我会得到很多关于我的 VM 的有用的调试信息，但是当 no_log 被禁用时，我显然无法保护我的剧本存储数据(在这种情况下，是 vcenter['username'] 和 vcenter['password'] 值).启用 no_log 会削弱我的剧本调试输出；

When no_log is disabled, I get a lot of helpful debug information about my VM, but when no_log is disabled I obviously can't protect my playbooks vaulted data (in this case that is the vcenter['username'] and vcenter['password'] values). Enabling no_log cripples my playbooks debug output to just;

"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result",

我想知道如何仅审查部分调试输出.我知道这是可能的，因为 vcenter['password'] 在它的输出中受到保护，而不管我的 no_log 状态如何.当 no_log 被禁用时，我在详细输出中看到了这一点；

I would like to know how it is possible to censor only some of the debug output. I know this is possible because vcenter['password'] is protected in it's output regardless of my no_log state. I see this in the verbose output when no_log is disabled;

"invocation": {
        "module_args": {
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "username": "administrator@vsphere.local"
        }
}

你有什么想法?

推荐答案

所以我深入研究了 VMWare 模块源代码和 这是我发现的.

So I went digging through the VMWare module source code and this is what I found.

password=dict(type='str',
              aliases=['pass', 'pwd'],
              required=False,
              no_log=True,
              fallback=(env_fallback, ['VMWARE_PASSWORD'])),

看起来 Playbooks 并未公开此功能.VMWare 模块本身在 Python 中的特定属性上启用 no_log.就我而言，这只是 Playbooks 隐藏的另一个功能.我真的希望抑制特定属性是标准的，而不是整个模块，但这就是 Ansible 2.10 的位置.

Looks like Playbooks just aren't exposing this feature. The VMWare modules themselves are enabling no_log on specific attributes in Python. For my part, this is just another functionality Playbooks are hiding. I really wish it was standard to suppress specific attributes, rather than a whole module, but this is where it stands as of Ansible 2.10.

这篇关于Ansible 'no_log' 用于调试输出中的特定值，而不是整个模块的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！