diff --git a/_skeleton_role_/defaults/main.yml.j2 b/_skeleton_role_/defaults/main.yml.j2 index ba02cc7f0..3675ac07b 100644 --- a/_skeleton_role_/defaults/main.yml.j2 +++ b/_skeleton_role_/defaults/main.yml.j2 @@ -18,4 +18,5 @@ # All variables intended for modification should be placed in this file. # All variables within this role should have a prefix of "tripleo_{{ role_name | replace('tripleo-', '') | replace('-', '_') }}" -tripleo_{{ role_name | replace('tripleo-', '') | replace('-', '_') }}_debug: false +tripleo_{{ role_name | replace('tripleo-', '') | replace('-', '_') }}_debug: {% raw %}"{{ (ansible_verbosity | int) >= 2 | bool }}"{% endraw %} +tripleo_{{ role_name | replace('tripleo-', '') | replace('-', '_') }}_hide_sensitive_logs: true diff --git a/tripleo_ansible/playbooks/cli-create-deployment-plan.yaml b/tripleo_ansible/playbooks/cli-create-deployment-plan.yaml index 6435dc896..6b677d6b9 100644 --- a/tripleo_ansible/playbooks/cli-create-deployment-plan.yaml +++ b/tripleo_ansible/playbooks/cli-create-deployment-plan.yaml @@ -28,6 +28,7 @@ default_templates_dir: '/usr/share/openstack-tripleo-heat-templates/' use_default_templates: false validate_stack: true + hide_sensitive_logs: true handlers: - name: Cleanup temp directory @@ -45,7 +46,7 @@ os_password: "{{ lookup('env', 'OS_PASSWORD') }}" os_project_name: "{{ lookup('env', 'OS_PROJECT_NAME') }}" run_once: true - no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}" + no_log: "{{ hide_sensitive_logs | bool }}" tasks: - name: crate container and upload templates @@ -58,7 +59,7 @@ --os-project-name "{{ os_project_name }}" --auth-version "{{ auth_version }}" post "{{ container }}" --header 'x-container-meta-usage-tripleo:plan' - no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}" + no_log: "{{ hide_sensitive_logs | bool }}" - name: Create temp directory tempfile: @@ -100,7 +101,7 @@ tripleo_passwords_rotate: container: "{{ container }}" when: generate_passwords|bool - no_log: true + no_log: "{{ hide_sensitive_logs | bool }}" - name: Prepare Container images and update plan tripleo_image_params_prepare: diff --git a/tripleo_ansible/playbooks/cli-undercloud-backup.yaml b/tripleo_ansible/playbooks/cli-undercloud-backup.yaml index 7130be226..56f289125 100644 --- a/tripleo_ansible/playbooks/cli-undercloud-backup.yaml +++ b/tripleo_ansible/playbooks/cli-undercloud-backup.yaml @@ -21,6 +21,7 @@ any_errors_fatal: true vars: sources_path: "{{ lookup('env', 'HOME') }}" + hide_sensitive_logs: true handlers: # Perform some cleanup - name: cleanup the backup @@ -80,17 +81,17 @@ slurp: src: "{{ ansible_home }}/tripleo-undercloud-passwords.yaml" register: tripleo_undercloud_passwords - no_log: true + no_log: "{{ hide_sensitive_logs | bool }}" - name: Set mysql root password set_fact: MysqlRootPassword: "{{ (tripleo_undercloud_passwords['content'] | b64decode | from_yaml)['parameter_defaults']['MysqlRootPassword'] }}" - no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}" + no_log: "{{ hide_sensitive_logs | bool }}" rescue: - name: Set mysql root password (fallback) set_fact: MysqlRootPassword: "{{ lookup('ini', 'undercloud_mysql_root_password section=auth file=' ~ ansible_home ~ '/undercloud-passwords.conf') }}" - no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}" + no_log: "{{ hide_sensitive_logs | bool }}" - name: Create the names for the temporary backup files set_fact: @@ -109,7 +110,7 @@ -p{{ MysqlRootPassword }} \ --opt \ --all-databases | gzip > {{ db_path }} - no_log: true + no_log: "{{ hide_sensitive_logs | bool }}" - name: Backup the filesystem become: true diff --git a/tripleo_ansible/playbooks/cli-update-deployment-plan.yaml b/tripleo_ansible/playbooks/cli-update-deployment-plan.yaml index 3601a5b2c..85104ccf7 100644 --- a/tripleo_ansible/playbooks/cli-update-deployment-plan.yaml +++ b/tripleo_ansible/playbooks/cli-update-deployment-plan.yaml @@ -26,6 +26,7 @@ generate_passwords: true reset_passwords: false validate_stack: true + hide_sensitive_logs: true handlers: - name: Cleanup temp directory @@ -64,8 +65,9 @@ tripleo_passwords_rotate: container: "{{ container }}" rotate_passwords: "{{ reset_passwords }}" - when: generate_passwords|bool or reset_passwords|bool - no_log: true + when: + - (generate_passwords | bool) or (reset_passwords | bool) + no_log: "{{ hide_sensitive_logs | bool }}" - name: Prepare Container images and update plan tripleo_image_params_prepare: diff --git a/tripleo_ansible/playbooks/rotate-fernet-keys.yaml b/tripleo_ansible/playbooks/rotate-fernet-keys.yaml index c4e313e00..0cc004569 100644 --- a/tripleo_ansible/playbooks/rotate-fernet-keys.yaml +++ b/tripleo_ansible/playbooks/rotate-fernet-keys.yaml @@ -22,13 +22,14 @@ any_errors_fatal: true vars: container: overcloud + hide_sensitive_logs: true tasks: - name: Rotate keys and update plan tripleo_fernet_keys_rotate: container: "{{ container }}" register: fernet_keys - no_log: true + no_log: "{{ hide_sensitive_logs | bool }}" - name: Rotate fernet keys on controller nodes import_playbook: rotate-keys.yaml fernet_keys="{{ hostvars['undercloud']['fernet_keys']['fernet_keys'] }}" diff --git a/tripleo_ansible/playbooks/rotate-keys.yaml b/tripleo_ansible/playbooks/rotate-keys.yaml index 8c13cf161..9f9808098 100644 --- a/tripleo_ansible/playbooks/rotate-keys.yaml +++ b/tripleo_ansible/playbooks/rotate-keys.yaml @@ -1,75 +1,92 @@ --- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + - hosts: keystone + vars: + hide_sensitive_logs: true tasks: - - name: Check for containerized keystone fernet repository - stat: - path: /var/lib/config-data/puppet-generated/keystone/etc/keystone/fernet-keys/ - register: containerized_keystone_dir + - name: Check for containerized keystone fernet repository + stat: + path: /var/lib/config-data/puppet-generated/keystone/etc/keystone/fernet-keys/ + register: containerized_keystone_dir - - name: populate service facts - service_facts: + - name: populate service facts + service_facts: - - name: Set container facts - set_fact: - is_container: "{{ containerized_keystone_dir.stat.isdir is defined and containerized_keystone_dir.stat.isdir }}" - podman_enabled: "{{ 'tripleo_keystone.service' in ansible_facts.services }}" + - name: Set container facts + set_fact: + is_container: "{{ containerized_keystone_dir.stat.isdir is defined and containerized_keystone_dir.stat.isdir }}" + podman_enabled: "{{ 'tripleo_keystone.service' in ansible_facts.services }}" - - name: Rotate fernet keys for keystone container - block: - - name: Set keystone facts - set_fact: - keystone_base: /var/lib/config-data/puppet-generated/keystone + - name: Rotate fernet keys for keystone container + block: + - name: Set keystone facts + set_fact: + keystone_base: /var/lib/config-data/puppet-generated/keystone - - name: Remove previous fernet keys - shell: rm -rf /var/lib/config-data/puppet-generated/keystone/etc/keystone/fernet-keys/* - args: - warn: false + - name: Remove previous fernet keys + shell: rm -rf /var/lib/config-data/puppet-generated/keystone/etc/keystone/fernet-keys/* + args: + warn: false - - name: Persist fernet keys to repository - copy: - dest: "{{ keystone_base }}{{ item.key }}" - content: "{{ item.value.content }}" - mode: 0600 - with_dict: "{{ fernet_keys }}" - no_log: true + - name: Persist fernet keys to repository + copy: + dest: "{{ keystone_base }}{{ item.key }}" + content: "{{ item.value.content }}" + mode: 0600 + with_dict: "{{ fernet_keys }}" + no_log: "{{ hide_sensitive_logs | bool }}" - - name: Set permissions to match container's user - shell: chown --reference={{ keystone_base }}/etc/keystone/fernet-keys {{ keystone_base }}{{ item.key }} - with_dict: "{{ fernet_keys }}" - no_log: true + - name: Set permissions to match container's user + shell: chown --reference={{ keystone_base }}/etc/keystone/fernet-keys {{ keystone_base }}{{ item.key }} + with_dict: "{{ fernet_keys }}" + no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}" - - name: Restart keystone container with docker - shell: docker restart keystone - when: not podman_enabled + - name: Restart keystone container with docker + shell: docker restart keystone + when: not podman_enabled - - name: Restart keystone container - service: - name: tripleo_keystone - state: restarted - when: podman_enabled - when: - - is_container | bool + - name: Restart keystone container + service: + name: tripleo_keystone + state: restarted + when: podman_enabled + when: + - is_container | bool - - name: Rotate fernet keys for keystone (no container) - block: - - name: Remove previous fernet keys - shell: rm -rf /etc/keystone/fernet-keys/* - args: - warn: false + - name: Rotate fernet keys for keystone (no container) + block: + - name: Remove previous fernet keys + shell: rm -rf /etc/keystone/fernet-keys/* + args: + warn: false - - name: Persist fernet keys to repository - copy: - dest: "{{ item.key }}" - content: "{{ item.value.content }}" - mode: 0600 - owner: keystone - group: keystone - with_dict: "{{ fernet_keys }}" - no_log: true + - name: Persist fernet keys to repository + copy: + dest: "{{ item.key }}" + content: "{{ item.value.content }}" + mode: 0600 + owner: keystone + group: keystone + with_dict: "{{ fernet_keys }}" + no_log: "{{ hide_sensitive_logs | bool }}" - - name: Reload apache - service: - name: httpd - state: reloaded - when: - - not (is_container | bool) + - name: Reload apache + service: + name: httpd + state: reloaded + when: + - not (is_container | bool) diff --git a/tripleo_ansible/playbooks/rotate-passwords.yaml b/tripleo_ansible/playbooks/rotate-passwords.yaml index bbb68978c..dca917a4f 100644 --- a/tripleo_ansible/playbooks/rotate-passwords.yaml +++ b/tripleo_ansible/playbooks/rotate-passwords.yaml @@ -23,13 +23,13 @@ vars: container: overcloud password_list: [] - + hide_sensitive_logs: true tasks: - name: Rotate passwords in plan tripleo_passwords_rotate: container: "{{ container }}" password_list: "{{ password_list }}" - no_log: true + no_log: "{{ hide_sensitive_logs | bool }}" tags: - rotate-passwords diff --git a/tripleo_ansible/roles/aide/defaults/main.yml b/tripleo_ansible/roles/aide/defaults/main.yml index ab23e28a6..689c95b96 100644 --- a/tripleo_ansible/roles/aide/defaults/main.yml +++ b/tripleo_ansible/roles/aide/defaults/main.yml @@ -19,6 +19,7 @@ # Packages installed on the local system. Allows user to define this list # otherwise it will inherit from the OS specific variable file(s). +aide_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}" aide_system_packages: "{{ _aide_system_packages | default([]) }}" # A hash of Aide rules diff --git a/tripleo_ansible/roles/aide/tasks/aide_config.yml b/tripleo_ansible/roles/aide/tasks/aide_config.yml index dbb0dfaa3..358e346fe 100644 --- a/tripleo_ansible/roles/aide/tasks/aide_config.yml +++ b/tripleo_ansible/roles/aide/tasks/aide_config.yml @@ -39,7 +39,7 @@ command: >- /usr/sbin/aide --init --config {{ aide_conf_path }} changed_when: false - no_log: true + no_log: "{{ not (aide_debug | bool) }}" args: creates: "{{ aide_db_path }}" diff --git a/tripleo_ansible/roles/aide/tasks/aide_upgrade.yml b/tripleo_ansible/roles/aide/tasks/aide_upgrade.yml index 9ff0384a8..839b904ee 100644 --- a/tripleo_ansible/roles/aide/tasks/aide_upgrade.yml +++ b/tripleo_ansible/roles/aide/tasks/aide_upgrade.yml @@ -24,7 +24,7 @@ command: >- /usr/sbin/aide --init --config {{ aide_conf_path }} changed_when: false - no_log: true + no_log: "{{ not (aide_debug | bool) }}" - name: Check for tmp aide db stat: diff --git a/tripleo_ansible/roles/backup_and_restore/defaults/main.yml b/tripleo_ansible/roles/backup_and_restore/defaults/main.yml index 33cbf451d..e5f12e047 100644 --- a/tripleo_ansible/roles/backup_and_restore/defaults/main.yml +++ b/tripleo_ansible/roles/backup_and_restore/defaults/main.yml @@ -16,6 +16,8 @@ # All variables intended for modification should be placed in this file. +tripleo_backup_and_restore_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}" +tripleo_backup_and_restore_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}" # Set the container command line entry-point tripleo_container_cli: "{{ container_cli | default('podman') }}" @@ -26,7 +28,6 @@ tripleo_backup_and_restore_service_manager: true tripleo_backup_and_restore_mysql_container: mysql # All variables within this role should have a prefix of "tripleo_backup_and_restore" -tripleo_backup_and_restore_debug: false # By default this should be the Undercloud node tripleo_backup_and_restore_nfs_server: 192.168.24.1 tripleo_backup_and_restore_nfs_storage_folder: /ctl_plane_backups diff --git a/tripleo_ansible/roles/backup_and_restore/tasks/db_backup.yml b/tripleo_ansible/roles/backup_and_restore/tasks/db_backup.yml index a20b9d970..d156631ab 100644 --- a/tripleo_ansible/roles/backup_and_restore/tasks/db_backup.yml +++ b/tripleo_ansible/roles/backup_and_restore/tasks/db_backup.yml @@ -20,7 +20,7 @@ hiera -c '{{ tripleo_backup_and_restore_hiera_config_file }}' 'mysql::server::root_password' when: mysql_password is undefined register: mysql_password - no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}" + no_log: "{{ tripleo_backup_and_restore_hide_sensitive_logs | bool }}" become: true tags: - bar_create_recover_image @@ -76,7 +76,7 @@ when: mysql_password.stderr is defined tags: - bar_create_recover_image - no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}" + no_log: "{{ tripleo_backup_and_restore_hide_sensitive_logs | bool }}" - name: MySQL BBDDs backup shell: | @@ -89,7 +89,7 @@ when: mysql_password.stderr is defined tags: - bar_create_recover_image - no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}" + no_log: "{{ tripleo_backup_and_restore_hide_sensitive_logs | bool }}" - name: Pause mysql. command: "{{ tripleo_container_cli }} pause {{ tripleo_backup_and_restore_mysql_container }}" diff --git a/tripleo_ansible/roles/login_defs/defaults/main.yml b/tripleo_ansible/roles/login_defs/defaults/main.yml index a7b97bb18..7e493adab 100644 --- a/tripleo_ansible/roles/login_defs/defaults/main.yml +++ b/tripleo_ansible/roles/login_defs/defaults/main.yml @@ -14,7 +14,7 @@ # License for the specific language governing permissions and limitations # under the License. -tripleo_login_defs_debug: false +tripleo_login_defs_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" # The maximum number of days a password may be used tripleo_login_defs_password_max_days: 60 diff --git a/tripleo_ansible/roles/tripleo_cellv2/defaults/main.yml b/tripleo_ansible/roles/tripleo_cellv2/defaults/main.yml index 77ac7c4aa..613dc4b05 100644 --- a/tripleo_ansible/roles/tripleo_cellv2/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_cellv2/defaults/main.yml @@ -17,7 +17,7 @@ # All variables intended for modification should be placed in this file. -tripleo_cellv2_debug: false +tripleo_cellv2_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" tripleo_cellv2_cell_name: "" # containercli can be tropped when we fully switched to podman tripleo_cellv2_containercli: "docker" diff --git a/tripleo_ansible/roles/tripleo_ceph_run_ansible/defaults/main.yml b/tripleo_ansible/roles/tripleo_ceph_run_ansible/defaults/main.yml new file mode 100644 index 000000000..fd6f0b15a --- /dev/null +++ b/tripleo_ansible/roles/tripleo_ceph_run_ansible/defaults/main.yml @@ -0,0 +1,20 @@ +--- +# Copyright 2020 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +# All variables intended for modification should be placed in this file. +tripleo_ceph_run_ansible_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}" +tripleo_ceph_run_ansible_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}" diff --git a/tripleo_ansible/roles/tripleo_ceph_run_ansible/tasks/main.yml b/tripleo_ansible/roles/tripleo_ceph_run_ansible/tasks/main.yml index 7c57db3c4..f476a08d0 100644 --- a/tripleo_ansible/roles/tripleo_ceph_run_ansible/tasks/main.yml +++ b/tripleo_ansible/roles/tripleo_ceph_run_ansible/tasks/main.yml @@ -119,7 +119,7 @@ shell: "{{ item }}" # We want the output chunked into bits to prevent # overflowing Zaqar message size - no_log: true + no_log: "{{ not (tripleo_ceph_run_ansible_debug | bool) }}" failed_when: false register: outputs tags: run_ceph_ansible @@ -129,7 +129,7 @@ - name: search output of ceph-ansible run(s) non-zero return codes set_fact: ceph_ansible_std_out_err: "{{ item.stdout_lines | default([]) | union(item.stderr_lines | default([])) }}" - no_log: true + no_log: "{{ tripleo_ceph_run_ansible_hide_sensitive_logs | bool }}" when: - item.rc is defined - item.rc != 0 diff --git a/tripleo_ansible/roles/tripleo_container_image_prepare/defaults/main.yml b/tripleo_ansible/roles/tripleo_container_image_prepare/defaults/main.yml index ba19733bd..1621fe6f4 100644 --- a/tripleo_ansible/roles/tripleo_container_image_prepare/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_container_image_prepare/defaults/main.yml @@ -18,7 +18,7 @@ # All variables intended for modification should be placed in this file. # All variables within this role should have a prefix of "tripleo_container_image_prepare" -tripleo_container_image_prepare_debug: false +tripleo_container_image_prepare_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" tripleo_container_image_prepare_content: {} tripleo_container_image_prepare_roles: [] tripleo_container_image_prepare_log_file: /var/log/tripleo-container-image-prepare.log diff --git a/tripleo_ansible/roles/tripleo_container_image_prepare/tasks/main.yml b/tripleo_ansible/roles/tripleo_container_image_prepare/tasks/main.yml index db90516da..5ed9cfa4a 100644 --- a/tripleo_ansible/roles/tripleo_container_image_prepare/tasks/main.yml +++ b/tripleo_ansible/roles/tripleo_container_image_prepare/tasks/main.yml @@ -57,7 +57,7 @@ {% if (tripleo_container_image_prepare_debug | bool) %} --debug {% endif %} - no_log: "{{ not (tripleo_container_image_prepare_debug | bool) }}" + no_log: "{{ not tripleo_container_image_prepare_debug | bool }}" when: - (tripleo_container_image_prepare_content | dict2items | length) > 0 - (tripleo_container_image_prepare_roles | length) > 0 diff --git a/tripleo_ansible/roles/tripleo_container_manage/defaults/main.yml b/tripleo_ansible/roles/tripleo_container_manage/defaults/main.yml index 8c1e2b281..7abe0a8f7 100644 --- a/tripleo_ansible/roles/tripleo_container_manage/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_container_manage/defaults/main.yml @@ -16,6 +16,8 @@ # All variables intended for modification should place placed in this file. +tripleo_container_manage_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}" +tripleo_container_manage_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}" # All variables within this role should have a prefix of "tripleo_container_manage" tripleo_container_manage_check_puppet_config: false @@ -25,7 +27,6 @@ tripleo_container_manage_config: "/var/lib/tripleo-config/" tripleo_container_manage_config_id: tripleo tripleo_container_manage_config_overrides: {} tripleo_container_manage_config_patterns: '*.json' -tripleo_container_manage_debug: false # Some containers where Puppet is run, can take up to 10 minutes to finish # in slow environments. tripleo_container_manage_create_retries: 120 diff --git a/tripleo_ansible/roles/tripleo_container_manage/tasks/delete_orphan.yml b/tripleo_ansible/roles/tripleo_container_manage/tasks/delete_orphan.yml index 0014dc48e..d630ab21c 100644 --- a/tripleo_ansible/roles/tripleo_container_manage/tasks/delete_orphan.yml +++ b/tripleo_ansible/roles/tripleo_container_manage/tasks/delete_orphan.yml @@ -17,7 +17,7 @@ - name: Gather podman infos podman_container_info: {} register: podman_containers - no_log: "{{ not tripleo_container_manage_debug }}" + no_log: "{{ not (tripleo_container_manage_debug | bool) }}" when: - tripleo_container_manage_cli == 'podman' diff --git a/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/create.yml b/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/create.yml index 65e88686a..13612d5e9 100644 --- a/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/create.yml +++ b/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/create.yml @@ -27,7 +27,7 @@ config_id=tripleo_container_manage_config_id, clean_orphans=False) }} - name: "Async container create/run" - no_log: "{{ not tripleo_container_manage_debug }}" + no_log: "{{ tripleo_container_manage_hide_sensitive_logs | bool }}" async: "{{ (not ansible_check_mode | bool) | ternary('600', omit) }}" poll: "{{ (not ansible_check_mode | bool) | ternary('0', omit) }}" register: create_async_results @@ -84,7 +84,7 @@ volumes_from: "{{ lookup('dict', container_data).value.volumes_from | default([]) }}" - name: "Check podman create status" - no_log: "{{ not tripleo_container_manage_debug }}" + no_log: "{{ not (tripleo_container_manage_debug | bool) }}" async_status: jid: "{{ create_async_result_item.ansible_job_id }}" loop: "{{ create_async_results.results }}" diff --git a/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/exec.yml b/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/exec.yml index b8f91a55e..28c4c8ea0 100644 --- a/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/exec.yml +++ b/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/exec.yml @@ -22,7 +22,7 @@ when: not ansible_check_mode|bool - name: "Async container exec" - no_log: "{{ not tripleo_container_manage_debug }}" + no_log: "{{ not (tripleo_container_manage_debug | bool) }}" command: argv: "{{ lookup('dict', container_exec_data).value | container_exec_cmd(cli=tripleo_container_manage_cli) }}" async: "{{ (not ansible_check_mode | bool) | ternary('60', omit) }}" @@ -34,7 +34,7 @@ when: not ansible_check_mode|bool - name: "Check podman exec status" - no_log: "{{ not tripleo_container_manage_debug }}" + no_log: "{{ not (tripleo_container_manage_debug | bool) }}" async_status: jid: "{{ exec_async_result_item.ansible_job_id }}" loop: "{{ exec_async_results.results }}" diff --git a/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/get_commands_exec.yml b/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/get_commands_exec.yml index 7c7f0e1a5..dd4137b52 100644 --- a/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/get_commands_exec.yml +++ b/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/get_commands_exec.yml @@ -15,7 +15,7 @@ # under the License. - name: "Create a list of podman exec commands that are run" - no_log: "{{ not tripleo_container_manage_debug }}" + no_log: "{{ not (tripleo_container_manage_debug | bool) }}" set_fact: containers_commands: >- {{ (containers_commands | default([])) + ([lookup('dict', container_exec_data).value | diff --git a/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/start_order.yml b/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/start_order.yml index 956e81d7d..337f43727 100644 --- a/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/start_order.yml +++ b/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/start_order.yml @@ -17,7 +17,7 @@ - name: Gather podman infos podman_container_info: {} register: podman_containers - no_log: "{{ not tripleo_container_manage_debug }}" + no_log: "{{ tripleo_container_manage_hide_sensitive_logs | bool }}" when: - tripleo_container_manage_cli == 'podman' diff --git a/tripleo_ansible/roles/tripleo_hosts_entries/defaults/main.yml b/tripleo_ansible/roles/tripleo_hosts_entries/defaults/main.yml index 8b496db6b..26134181d 100644 --- a/tripleo_ansible/roles/tripleo_hosts_entries/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_hosts_entries/defaults/main.yml @@ -18,7 +18,7 @@ # All variables intended for modification should be placed in this file. # All variables within this role should have a prefix of "tripleo_hosts_entries" -tripleo_hosts_entries_debug: false +tripleo_hosts_entries_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" tripleo_hosts_entries_hosts_path: /etc/hosts tripleo_hosts_entries_undercloud_hosts_entries: "" tripleo_hosts_entries_extra_hosts_entries: "" diff --git a/tripleo_ansible/roles/tripleo_nova_image_cache/defaults/main.yml b/tripleo_ansible/roles/tripleo_nova_image_cache/defaults/main.yml index 1eccddb8c..8b0b33a0a 100644 --- a/tripleo_ansible/roles/tripleo_nova_image_cache/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_nova_image_cache/defaults/main.yml @@ -18,7 +18,7 @@ # All variables intended for modification should place placed in this file. # All variables within this role should have a prefix of "tripleo_nova_image_cache" -tripleo_nova_image_cache_debug: false +tripleo_nova_image_cache_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" tripleo_nova_image_cache_images: [] tripleo_nova_image_cache_use_proxy: false tripleo_nova_image_cache_proxy_hostname: "{{ ansible_play_batch[0] }}" diff --git a/tripleo_ansible/roles/tripleo_nvdimm/defaults/main.yml b/tripleo_ansible/roles/tripleo_nvdimm/defaults/main.yml index 8a62375eb..044ed8174 100644 --- a/tripleo_ansible/roles/tripleo_nvdimm/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_nvdimm/defaults/main.yml @@ -18,4 +18,4 @@ # All variables intended for modification should be placed in this file. # All variables within this role should have a prefix of "tripleo_tripleo_nvdimm" -tripleo_tripleo_nvdimm_debug: false +tripleo_tripleo_nvdimm_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" diff --git a/tripleo_ansible/roles/tripleo_ovs_dpdk/defaults/main.yml b/tripleo_ansible/roles/tripleo_ovs_dpdk/defaults/main.yml index e8d2727c2..10089b5e9 100644 --- a/tripleo_ansible/roles/tripleo_ovs_dpdk/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_ovs_dpdk/defaults/main.yml @@ -18,7 +18,7 @@ # All variables intended for modification should place placed in this file. # All variables within this role should have a prefix of "tripleo_ovs_dpdk" -tripleo_ovs_dpdk_debug: false +tripleo_ovs_dpdk_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" tripleo_ovs_dpdk_pmd_core_list: "" tripleo_ovs_dpdk_lcore_list: "" tripleo_ovs_dpdk_memory_channels: 4 diff --git a/tripleo_ansible/roles/tripleo_packages/defaults/main.yml b/tripleo_ansible/roles/tripleo_packages/defaults/main.yml index 30623e95d..5464468ad 100644 --- a/tripleo_ansible/roles/tripleo_packages/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_packages/defaults/main.yml @@ -60,7 +60,7 @@ tripleo_packages_fast_forward_custom_repo_script_content: | tripleo_packages_upgrade_leapp_enabled: true # Print debugging output when running Leapp -tripleo_packages_upgrade_leapp_debug: true +tripleo_packages_upgrade_leapp_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" # Skip RHSM when running Leapp in development/testing. tripleo_packages_upgrade_leapp_devel_skip_rhsm: false diff --git a/tripleo_ansible/roles/tripleo_podman/defaults/main.yml b/tripleo_ansible/roles/tripleo_podman/defaults/main.yml index 096984f3b..d49858115 100644 --- a/tripleo_ansible/roles/tripleo_podman/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_podman/defaults/main.yml @@ -16,6 +16,8 @@ # All variables intended for modification should be placed in this file. +tripleo_podman_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}" +tripleo_podman_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}" tripleo_container_registry_insecure_registries: [] tripleo_container_registry_login: false @@ -23,7 +25,6 @@ tripleo_container_registry_logins: {} tripleo_podman_packages: "{{ _tripleo_podman_packages | default([]) }}" tripleo_podman_purge_packages: "{{ _tripleo_podman_purge_packages | default([]) }}" tripleo_podman_tls_verify: true -tripleo_podman_debug: false tripleo_podman_unqualified_search_registries: - registry.redhat.io - registry.access.redhat.com diff --git a/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_login.yml b/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_login.yml index 719658650..8b149a59f 100644 --- a/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_login.yml +++ b/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_login.yml @@ -26,6 +26,6 @@ REGISTRY_USERNAME: "{{ lookup('dict', item.value).key }}" REGISTRY_PASSWORD: "{{ lookup('dict', item.value).value }}" REGISTRY: "{{ item.key }}" - no_log: "{{ not tripleo_podman_debug|bool }}" + no_log: "{{ tripleo_podman_hide_sensitive_logs | bool }}" loop: "{{ query('dict', tripleo_container_registry_logins) }}" register: registry_login_podman diff --git a/tripleo_ansible/roles/tripleo_puppet_cache/defaults/main.yml b/tripleo_ansible/roles/tripleo_puppet_cache/defaults/main.yml index bbdf4ae44..1babc7c3a 100644 --- a/tripleo_ansible/roles/tripleo_puppet_cache/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_puppet_cache/defaults/main.yml @@ -16,8 +16,11 @@ # All variables intended for modification should be placed in this file. +tripleo_puppet_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}" +tripleo_puppet_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}" # All variables within this role should have a prefix of "tripleo_puppet_cache" +tripleo_puppet_cache_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}" tripleo_puppet_cache_base_dir: /var/lib/container-puppet/puppetlabs tripleo_puppet_cache_config: | facts : { diff --git a/tripleo_ansible/roles/tripleo_puppet_cache/tasks/main.yml b/tripleo_ansible/roles/tripleo_puppet_cache/tasks/main.yml index ebf086dd1..8134b91f9 100644 --- a/tripleo_ansible/roles/tripleo_puppet_cache/tasks/main.yml +++ b/tripleo_ansible/roles/tripleo_puppet_cache/tasks/main.yml @@ -82,7 +82,7 @@ shell: facter --config "{{ tripleo_puppet_cache_base_dir }}/facter.conf" retries: 5 delay: 5 - no_log: true + no_log: "{{ tripleo_puppet_hide_sensitive_logs | bool }}" failed_when: false register: _facter_cache_run diff --git a/tripleo_ansible/roles/tripleo_redhat_enforce/defaults/main.yml b/tripleo_ansible/roles/tripleo_redhat_enforce/defaults/main.yml index 5dd1f8e48..7ef0e4c02 100644 --- a/tripleo_ansible/roles/tripleo_redhat_enforce/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_redhat_enforce/defaults/main.yml @@ -18,7 +18,7 @@ # All variables intended for modification should be placed in this file. # All variables within this role should have a prefix of "tripleo_redhat_enforce" -tripleo_redhat_enforce_debug: false +tripleo_redhat_enforce_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" tripleo_redhat_enforce: false tripleo_redhat_enforce_osp: '' tripleo_redhat_enforce_os: '' diff --git a/tripleo_ansible/roles/tripleo_systemd_wrapper/defaults/main.yml b/tripleo_ansible/roles/tripleo_systemd_wrapper/defaults/main.yml index d7050d6e4..1aa4d73fb 100644 --- a/tripleo_ansible/roles/tripleo_systemd_wrapper/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_systemd_wrapper/defaults/main.yml @@ -18,5 +18,5 @@ # All variables intended for modification should be placed in this file. # All variables within this role should have a prefix of "tripleo_systemd_wrapper" -tripleo_systemd_wrapper_debug: false +tripleo_systemd_wrapper_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" tripleo_systemd_wrapper_container_cli: podman diff --git a/tripleo_ansible/roles/tripleo_transfer/defaults/main.yml b/tripleo_ansible/roles/tripleo_transfer/defaults/main.yml index 70c204ea5..48bde8918 100644 --- a/tripleo_ansible/roles/tripleo_transfer/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_transfer/defaults/main.yml @@ -23,7 +23,7 @@ # * `tripleo_transfer_src_dir` -- directory on the source host to transfer from # * `tripleo_transfer_dest_host` -- the inventory name of the destination host # * `tripleo_transfer_dest_dir` -- directory on the destination host to transfer to - +tripleo_transfer_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}" tripleo_transfer_storage_root_dir: /var/lib/mistral/tripleo-transfer tripleo_transfer_storage_root_become: false tripleo_transfer_src_become: true diff --git a/tripleo_ansible/roles/tripleo_transfer/tasks/main.yml b/tripleo_ansible/roles/tripleo_transfer/tasks/main.yml index 672023c57..7a2248577 100644 --- a/tripleo_ansible/roles/tripleo_transfer/tasks/main.yml +++ b/tripleo_ansible/roles/tripleo_transfer/tasks/main.yml @@ -44,7 +44,7 @@ # Using the "archive" module lists lists all tarred files in module # output, if there's too many files, it can crash ansible even with -# "no_log: true". +# "no_log: "{{ not tripleo_transfer_debug | bool }}"". - name: create the archive shell: |- set -euo pipefail