From 071033fd442f1ead3dfd17ae716d0d9916290aca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rados=C5=82aw=20Piliszek?= <radoslaw.piliszek@gmail.com>
Date: Tue, 3 Mar 2020 09:18:39 +0100
Subject: [PATCH] service-rabbitmq: do not log password (use no_log)

Change-Id: I68a40bebc174e8ebdaea36a0689b34cadb9009d2
Closes-bug: #1865840
(cherry picked from commit b1a4d8848af581388e0620d967c0ca36b000bf10)
---
 ansible/roles/service-rabbitmq/tasks/main.yml        | 1 +
 releasenotes/notes/bug-1865840-0eaf86121988a0d8.yaml | 5 +++++
 2 files changed, 6 insertions(+)
 create mode 100644 releasenotes/notes/bug-1865840-0eaf86121988a0d8.yaml

diff --git a/ansible/roles/service-rabbitmq/tasks/main.yml b/ansible/roles/service-rabbitmq/tasks/main.yml
index d429537e4e..45f8f021e5 100644
--- a/ansible/roles/service-rabbitmq/tasks/main.yml
+++ b/ansible/roles/service-rabbitmq/tasks/main.yml
@@ -33,6 +33,7 @@
       until: service_rabbitmq_result is success
       retries: "{{ service_rabbitmq_retries }}"
       delay: "{{ service_rabbitmq_delay }}"
+      no_log: True
 
   become: true
   when: service_rabbitmq_when | bool
diff --git a/releasenotes/notes/bug-1865840-0eaf86121988a0d8.yaml b/releasenotes/notes/bug-1865840-0eaf86121988a0d8.yaml
new file mode 100644
index 0000000000..727dcf2380
--- /dev/null
+++ b/releasenotes/notes/bug-1865840-0eaf86121988a0d8.yaml
@@ -0,0 +1,5 @@
+---
+security:
+  - |
+    Fixes leak of RabbitMQ password into Ansible logs.
+    `LP#1865840 <https://bugs.launchpad.net/kolla-ansible/+bug/1865840>`__