From 65e6e5b03549a56f54894f4d44aac0b8713a4582 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Wed, 25 Mar 2020 12:02:01 -0500 Subject: [PATCH] Ensure that the playbooks and roles can display debug data when enabled This change will enable or disable no_log and debug options whenever the verbosity is set to an integer greater than 2. This will ensure operators and deployers are best equipped to troubleshoot issues by dynamically providing additional data in an expected way. To ensure we're able to differentiate between output masking and security masking, two options were used to enable or disable no_log across our roles and playbooks. > All debug options, without security implications, will now react to the `ansible_verbosity` built in by default. Changes have been made to our skeleton role to ensure this is enforced on all new roles created going forward. > An additional prefixed role option, `*_hide_sensitive_logs`, has been added to allow operators to easily toggle sensitive output when required. The role prefixed variables will respond to the global option `hide_sensitive_logs` as defined in THT which will ensure a consistent user experience. Depends-On: I84f3982811ade59bac5ebaf3a124f9bfa6fa22a4 Change-Id: Ia6658110326899107a0e277f0d2574c79a8a820b Signed-off-by: Kevin Carter --- _skeleton_role_/defaults/main.yml.j2 | 3 +- .../playbooks/cli-create-deployment-plan.yaml | 7 +- .../playbooks/cli-undercloud-backup.yaml | 9 +- .../playbooks/cli-update-deployment-plan.yaml | 6 +- .../playbooks/rotate-fernet-keys.yaml | 3 +- tripleo_ansible/playbooks/rotate-keys.yaml | 139 ++++++++++-------- .../playbooks/rotate-passwords.yaml | 4 +- tripleo_ansible/roles/aide/defaults/main.yml | 1 + .../roles/aide/tasks/aide_config.yml | 2 +- .../roles/aide/tasks/aide_upgrade.yml | 2 +- .../backup_and_restore/defaults/main.yml | 3 +- .../backup_and_restore/tasks/db_backup.yml | 6 +- .../roles/login_defs/defaults/main.yml | 2 +- .../roles/tripleo_cellv2/defaults/main.yml | 2 +- .../defaults/main.yml | 20 +++ .../tripleo_ceph_run_ansible/tasks/main.yml | 4 +- .../defaults/main.yml | 2 +- .../tasks/main.yml | 2 +- .../defaults/main.yml | 3 +- .../tasks/delete_orphan.yml | 2 +- .../tasks/podman/create.yml | 4 +- .../tasks/podman/exec.yml | 4 +- .../tasks/podman/get_commands_exec.yml | 2 +- .../tasks/podman/start_order.yml | 2 +- .../tripleo_hosts_entries/defaults/main.yml | 2 +- .../defaults/main.yml | 2 +- .../roles/tripleo_nvdimm/defaults/main.yml | 2 +- .../roles/tripleo_ovs_dpdk/defaults/main.yml | 2 +- .../roles/tripleo_packages/defaults/main.yml | 2 +- .../roles/tripleo_podman/defaults/main.yml | 3 +- .../tasks/tripleo_podman_login.yml | 2 +- .../tripleo_puppet_cache/defaults/main.yml | 3 + .../roles/tripleo_puppet_cache/tasks/main.yml | 2 +- .../tripleo_redhat_enforce/defaults/main.yml | 2 +- .../tripleo_systemd_wrapper/defaults/main.yml | 2 +- .../roles/tripleo_transfer/defaults/main.yml | 2 +- .../roles/tripleo_transfer/tasks/main.yml | 2 +- 37 files changed, 156 insertions(+), 106 deletions(-) create mode 100644 tripleo_ansible/roles/tripleo_ceph_run_ansible/defaults/main.yml diff --git a/_skeleton_role_/defaults/main.yml.j2 b/_skeleton_role_/defaults/main.yml.j2 index ba02cc7f0..3675ac07b 100644 --- a/_skeleton_role_/defaults/main.yml.j2 +++ b/_skeleton_role_/defaults/main.yml.j2 @@ -18,4 +18,5 @@ # All variables intended for modification should be placed in this file. # All variables within this role should have a prefix of "tripleo_{{ role_name | replace('tripleo-', '') | replace('-', '_') }}" -tripleo_{{ role_name | replace('tripleo-', '') | replace('-', '_') }}_debug: false +tripleo_{{ role_name | replace('tripleo-', '') | replace('-', '_') }}_debug: {% raw %}"{{ (ansible_verbosity | int) >= 2 | bool }}"{% endraw %} +tripleo_{{ role_name | replace('tripleo-', '') | replace('-', '_') }}_hide_sensitive_logs: true diff --git a/tripleo_ansible/playbooks/cli-create-deployment-plan.yaml b/tripleo_ansible/playbooks/cli-create-deployment-plan.yaml index 6435dc896..6b677d6b9 100644 --- a/tripleo_ansible/playbooks/cli-create-deployment-plan.yaml +++ b/tripleo_ansible/playbooks/cli-create-deployment-plan.yaml @@ -28,6 +28,7 @@ default_templates_dir: '/usr/share/openstack-tripleo-heat-templates/' use_default_templates: false validate_stack: true + hide_sensitive_logs: true handlers: - name: Cleanup temp directory @@ -45,7 +46,7 @@ os_password: "{{ lookup('env', 'OS_PASSWORD') }}" os_project_name: "{{ lookup('env', 'OS_PROJECT_NAME') }}" run_once: true - no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}" + no_log: "{{ hide_sensitive_logs | bool }}" tasks: - name: crate container and upload templates @@ -58,7 +59,7 @@ --os-project-name "{{ os_project_name }}" --auth-version "{{ auth_version }}" post "{{ container }}" --header 'x-container-meta-usage-tripleo:plan' - no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}" + no_log: "{{ hide_sensitive_logs | bool }}" - name: Create temp directory tempfile: @@ -100,7 +101,7 @@ tripleo_passwords_rotate: container: "{{ container }}" when: generate_passwords|bool - no_log: true + no_log: "{{ hide_sensitive_logs | bool }}" - name: Prepare Container images and update plan tripleo_image_params_prepare: diff --git a/tripleo_ansible/playbooks/cli-undercloud-backup.yaml b/tripleo_ansible/playbooks/cli-undercloud-backup.yaml index 7130be226..56f289125 100644 --- a/tripleo_ansible/playbooks/cli-undercloud-backup.yaml +++ b/tripleo_ansible/playbooks/cli-undercloud-backup.yaml @@ -21,6 +21,7 @@ any_errors_fatal: true vars: sources_path: "{{ lookup('env', 'HOME') }}" + hide_sensitive_logs: true handlers: # Perform some cleanup - name: cleanup the backup @@ -80,17 +81,17 @@ slurp: src: "{{ ansible_home }}/tripleo-undercloud-passwords.yaml" register: tripleo_undercloud_passwords - no_log: true + no_log: "{{ hide_sensitive_logs | bool }}" - name: Set mysql root password set_fact: MysqlRootPassword: "{{ (tripleo_undercloud_passwords['content'] | b64decode | from_yaml)['parameter_defaults']['MysqlRootPassword'] }}" - no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}" + no_log: "{{ hide_sensitive_logs | bool }}" rescue: - name: Set mysql root password (fallback) set_fact: MysqlRootPassword: "{{ lookup('ini', 'undercloud_mysql_root_password section=auth file=' ~ ansible_home ~ '/undercloud-passwords.conf') }}" - no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}" + no_log: "{{ hide_sensitive_logs | bool }}" - name: Create the names for the temporary backup files set_fact: @@ -109,7 +110,7 @@ -p{{ MysqlRootPassword }} \ --opt \ --all-databases | gzip > {{ db_path }} - no_log: true + no_log: "{{ hide_sensitive_logs | bool }}" - name: Backup the filesystem become: true diff --git a/tripleo_ansible/playbooks/cli-update-deployment-plan.yaml b/tripleo_ansible/playbooks/cli-update-deployment-plan.yaml index 3601a5b2c..85104ccf7 100644 --- a/tripleo_ansible/playbooks/cli-update-deployment-plan.yaml +++ b/tripleo_ansible/playbooks/cli-update-deployment-plan.yaml @@ -26,6 +26,7 @@ generate_passwords: true reset_passwords: false validate_stack: true + hide_sensitive_logs: true handlers: - name: Cleanup temp directory @@ -64,8 +65,9 @@ tripleo_passwords_rotate: container: "{{ container }}" rotate_passwords: "{{ reset_passwords }}" - when: generate_passwords|bool or reset_passwords|bool - no_log: true + when: + - (generate_passwords | bool) or (reset_passwords | bool) + no_log: "{{ hide_sensitive_logs | bool }}" - name: Prepare Container images and update plan tripleo_image_params_prepare: diff --git a/tripleo_ansible/playbooks/rotate-fernet-keys.yaml b/tripleo_ansible/playbooks/rotate-fernet-keys.yaml index c4e313e00..0cc004569 100644 --- a/tripleo_ansible/playbooks/rotate-fernet-keys.yaml +++ b/tripleo_ansible/playbooks/rotate-fernet-keys.yaml @@ -22,13 +22,14 @@ any_errors_fatal: true vars: container: overcloud + hide_sensitive_logs: true tasks: - name: Rotate keys and update plan tripleo_fernet_keys_rotate: container: "{{ container }}" register: fernet_keys - no_log: true + no_log: "{{ hide_sensitive_logs | bool }}" - name: Rotate fernet keys on controller nodes import_playbook: rotate-keys.yaml fernet_keys="{{ hostvars['undercloud']['fernet_keys']['fernet_keys'] }}" diff --git a/tripleo_ansible/playbooks/rotate-keys.yaml b/tripleo_ansible/playbooks/rotate-keys.yaml index 8c13cf161..9f9808098 100644 --- a/tripleo_ansible/playbooks/rotate-keys.yaml +++ b/tripleo_ansible/playbooks/rotate-keys.yaml @@ -1,75 +1,92 @@ --- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + - hosts: keystone + vars: + hide_sensitive_logs: true tasks: - - name: Check for containerized keystone fernet repository - stat: - path: /var/lib/config-data/puppet-generated/keystone/etc/keystone/fernet-keys/ - register: containerized_keystone_dir + - name: Check for containerized keystone fernet repository + stat: + path: /var/lib/config-data/puppet-generated/keystone/etc/keystone/fernet-keys/ + register: containerized_keystone_dir - - name: populate service facts - service_facts: + - name: populate service facts + service_facts: - - name: Set container facts - set_fact: - is_container: "{{ containerized_keystone_dir.stat.isdir is defined and containerized_keystone_dir.stat.isdir }}" - podman_enabled: "{{ 'tripleo_keystone.service' in ansible_facts.services }}" + - name: Set container facts + set_fact: + is_container: "{{ containerized_keystone_dir.stat.isdir is defined and containerized_keystone_dir.stat.isdir }}" + podman_enabled: "{{ 'tripleo_keystone.service' in ansible_facts.services }}" - - name: Rotate fernet keys for keystone container - block: - - name: Set keystone facts - set_fact: - keystone_base: /var/lib/config-data/puppet-generated/keystone + - name: Rotate fernet keys for keystone container + block: + - name: Set keystone facts + set_fact: + keystone_base: /var/lib/config-data/puppet-generated/keystone - - name: Remove previous fernet keys - shell: rm -rf /var/lib/config-data/puppet-generated/keystone/etc/keystone/fernet-keys/* - args: - warn: false + - name: Remove previous fernet keys + shell: rm -rf /var/lib/config-data/puppet-generated/keystone/etc/keystone/fernet-keys/* + args: + warn: false - - name: Persist fernet keys to repository - copy: - dest: "{{ keystone_base }}{{ item.key }}" - content: "{{ item.value.content }}" - mode: 0600 - with_dict: "{{ fernet_keys }}" - no_log: true + - name: Persist fernet keys to repository + copy: + dest: "{{ keystone_base }}{{ item.key }}" + content: "{{ item.value.content }}" + mode: 0600 + with_dict: "{{ fernet_keys }}" + no_log: "{{ hide_sensitive_logs | bool }}" - - name: Set permissions to match container's user - shell: chown --reference={{ keystone_base }}/etc/keystone/fernet-keys {{ keystone_base }}{{ item.key }} - with_dict: "{{ fernet_keys }}" - no_log: true + - name: Set permissions to match container's user + shell: chown --reference={{ keystone_base }}/etc/keystone/fernet-keys {{ keystone_base }}{{ item.key }} + with_dict: "{{ fernet_keys }}" + no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}" - - name: Restart keystone container with docker - shell: docker restart keystone - when: not podman_enabled + - name: Restart keystone container with docker + shell: docker restart keystone + when: not podman_enabled - - name: Restart keystone container - service: - name: tripleo_keystone - state: restarted - when: podman_enabled - when: - - is_container | bool + - name: Restart keystone container + service: + name: tripleo_keystone + state: restarted + when: podman_enabled + when: + - is_container | bool - - name: Rotate fernet keys for keystone (no container) - block: - - name: Remove previous fernet keys - shell: rm -rf /etc/keystone/fernet-keys/* - args: - warn: false + - name: Rotate fernet keys for keystone (no container) + block: + - name: Remove previous fernet keys + shell: rm -rf /etc/keystone/fernet-keys/* + args: + warn: false - - name: Persist fernet keys to repository - copy: - dest: "{{ item.key }}" - content: "{{ item.value.content }}" - mode: 0600 - owner: keystone - group: keystone - with_dict: "{{ fernet_keys }}" - no_log: true + - name: Persist fernet keys to repository + copy: + dest: "{{ item.key }}" + content: "{{ item.value.content }}" + mode: 0600 + owner: keystone + group: keystone + with_dict: "{{ fernet_keys }}" + no_log: "{{ hide_sensitive_logs | bool }}" - - name: Reload apache - service: - name: httpd - state: reloaded - when: - - not (is_container | bool) + - name: Reload apache + service: + name: httpd + state: reloaded + when: + - not (is_container | bool) diff --git a/tripleo_ansible/playbooks/rotate-passwords.yaml b/tripleo_ansible/playbooks/rotate-passwords.yaml index bbb68978c..dca917a4f 100644 --- a/tripleo_ansible/playbooks/rotate-passwords.yaml +++ b/tripleo_ansible/playbooks/rotate-passwords.yaml @@ -23,13 +23,13 @@ vars: container: overcloud password_list: [] - + hide_sensitive_logs: true tasks: - name: Rotate passwords in plan tripleo_passwords_rotate: container: "{{ container }}" password_list: "{{ password_list }}" - no_log: true + no_log: "{{ hide_sensitive_logs | bool }}" tags: - rotate-passwords diff --git a/tripleo_ansible/roles/aide/defaults/main.yml b/tripleo_ansible/roles/aide/defaults/main.yml index ab23e28a6..689c95b96 100644 --- a/tripleo_ansible/roles/aide/defaults/main.yml +++ b/tripleo_ansible/roles/aide/defaults/main.yml @@ -19,6 +19,7 @@ # Packages installed on the local system. Allows user to define this list # otherwise it will inherit from the OS specific variable file(s). +aide_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}" aide_system_packages: "{{ _aide_system_packages | default([]) }}" # A hash of Aide rules diff --git a/tripleo_ansible/roles/aide/tasks/aide_config.yml b/tripleo_ansible/roles/aide/tasks/aide_config.yml index dbb0dfaa3..358e346fe 100644 --- a/tripleo_ansible/roles/aide/tasks/aide_config.yml +++ b/tripleo_ansible/roles/aide/tasks/aide_config.yml @@ -39,7 +39,7 @@ command: >- /usr/sbin/aide --init --config {{ aide_conf_path }} changed_when: false - no_log: true + no_log: "{{ not (aide_debug | bool) }}" args: creates: "{{ aide_db_path }}" diff --git a/tripleo_ansible/roles/aide/tasks/aide_upgrade.yml b/tripleo_ansible/roles/aide/tasks/aide_upgrade.yml index 9ff0384a8..839b904ee 100644 --- a/tripleo_ansible/roles/aide/tasks/aide_upgrade.yml +++ b/tripleo_ansible/roles/aide/tasks/aide_upgrade.yml @@ -24,7 +24,7 @@ command: >- /usr/sbin/aide --init --config {{ aide_conf_path }} changed_when: false - no_log: true + no_log: "{{ not (aide_debug | bool) }}" - name: Check for tmp aide db stat: diff --git a/tripleo_ansible/roles/backup_and_restore/defaults/main.yml b/tripleo_ansible/roles/backup_and_restore/defaults/main.yml index 33cbf451d..e5f12e047 100644 --- a/tripleo_ansible/roles/backup_and_restore/defaults/main.yml +++ b/tripleo_ansible/roles/backup_and_restore/defaults/main.yml @@ -16,6 +16,8 @@ # All variables intended for modification should be placed in this file. +tripleo_backup_and_restore_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}" +tripleo_backup_and_restore_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}" # Set the container command line entry-point tripleo_container_cli: "{{ container_cli | default('podman') }}" @@ -26,7 +28,6 @@ tripleo_backup_and_restore_service_manager: true tripleo_backup_and_restore_mysql_container: mysql # All variables within this role should have a prefix of "tripleo_backup_and_restore" -tripleo_backup_and_restore_debug: false # By default this should be the Undercloud node tripleo_backup_and_restore_nfs_server: 192.168.24.1 tripleo_backup_and_restore_nfs_storage_folder: /ctl_plane_backups diff --git a/tripleo_ansible/roles/backup_and_restore/tasks/db_backup.yml b/tripleo_ansible/roles/backup_and_restore/tasks/db_backup.yml index a20b9d970..d156631ab 100644 --- a/tripleo_ansible/roles/backup_and_restore/tasks/db_backup.yml +++ b/tripleo_ansible/roles/backup_and_restore/tasks/db_backup.yml @@ -20,7 +20,7 @@ hiera -c '{{ tripleo_backup_and_restore_hiera_config_file }}' 'mysql::server::root_password' when: mysql_password is undefined register: mysql_password - no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}" + no_log: "{{ tripleo_backup_and_restore_hide_sensitive_logs | bool }}" become: true tags: - bar_create_recover_image @@ -76,7 +76,7 @@ when: mysql_password.stderr is defined tags: - bar_create_recover_image - no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}" + no_log: "{{ tripleo_backup_and_restore_hide_sensitive_logs | bool }}" - name: MySQL BBDDs backup shell: | @@ -89,7 +89,7 @@ when: mysql_password.stderr is defined tags: - bar_create_recover_image - no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}" + no_log: "{{ tripleo_backup_and_restore_hide_sensitive_logs | bool }}" - name: Pause mysql. command: "{{ tripleo_container_cli }} pause {{ tripleo_backup_and_restore_mysql_container }}" diff --git a/tripleo_ansible/roles/login_defs/defaults/main.yml b/tripleo_ansible/roles/login_defs/defaults/main.yml index a7b97bb18..7e493adab 100644 --- a/tripleo_ansible/roles/login_defs/defaults/main.yml +++ b/tripleo_ansible/roles/login_defs/defaults/main.yml @@ -14,7 +14,7 @@ # License for the specific language governing permissions and limitations # under the License. -tripleo_login_defs_debug: false +tripleo_login_defs_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" # The maximum number of days a password may be used tripleo_login_defs_password_max_days: 60 diff --git a/tripleo_ansible/roles/tripleo_cellv2/defaults/main.yml b/tripleo_ansible/roles/tripleo_cellv2/defaults/main.yml index 77ac7c4aa..613dc4b05 100644 --- a/tripleo_ansible/roles/tripleo_cellv2/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_cellv2/defaults/main.yml @@ -17,7 +17,7 @@ # All variables intended for modification should be placed in this file. -tripleo_cellv2_debug: false +tripleo_cellv2_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" tripleo_cellv2_cell_name: "" # containercli can be tropped when we fully switched to podman tripleo_cellv2_containercli: "docker" diff --git a/tripleo_ansible/roles/tripleo_ceph_run_ansible/defaults/main.yml b/tripleo_ansible/roles/tripleo_ceph_run_ansible/defaults/main.yml new file mode 100644 index 000000000..fd6f0b15a --- /dev/null +++ b/tripleo_ansible/roles/tripleo_ceph_run_ansible/defaults/main.yml @@ -0,0 +1,20 @@ +--- +# Copyright 2020 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +# All variables intended for modification should be placed in this file. +tripleo_ceph_run_ansible_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}" +tripleo_ceph_run_ansible_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}" diff --git a/tripleo_ansible/roles/tripleo_ceph_run_ansible/tasks/main.yml b/tripleo_ansible/roles/tripleo_ceph_run_ansible/tasks/main.yml index 7c57db3c4..f476a08d0 100644 --- a/tripleo_ansible/roles/tripleo_ceph_run_ansible/tasks/main.yml +++ b/tripleo_ansible/roles/tripleo_ceph_run_ansible/tasks/main.yml @@ -119,7 +119,7 @@ shell: "{{ item }}" # We want the output chunked into bits to prevent # overflowing Zaqar message size - no_log: true + no_log: "{{ not (tripleo_ceph_run_ansible_debug | bool) }}" failed_when: false register: outputs tags: run_ceph_ansible @@ -129,7 +129,7 @@ - name: search output of ceph-ansible run(s) non-zero return codes set_fact: ceph_ansible_std_out_err: "{{ item.stdout_lines | default([]) | union(item.stderr_lines | default([])) }}" - no_log: true + no_log: "{{ tripleo_ceph_run_ansible_hide_sensitive_logs | bool }}" when: - item.rc is defined - item.rc != 0 diff --git a/tripleo_ansible/roles/tripleo_container_image_prepare/defaults/main.yml b/tripleo_ansible/roles/tripleo_container_image_prepare/defaults/main.yml index ba19733bd..1621fe6f4 100644 --- a/tripleo_ansible/roles/tripleo_container_image_prepare/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_container_image_prepare/defaults/main.yml @@ -18,7 +18,7 @@ # All variables intended for modification should be placed in this file. # All variables within this role should have a prefix of "tripleo_container_image_prepare" -tripleo_container_image_prepare_debug: false +tripleo_container_image_prepare_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" tripleo_container_image_prepare_content: {} tripleo_container_image_prepare_roles: [] tripleo_container_image_prepare_log_file: /var/log/tripleo-container-image-prepare.log diff --git a/tripleo_ansible/roles/tripleo_container_image_prepare/tasks/main.yml b/tripleo_ansible/roles/tripleo_container_image_prepare/tasks/main.yml index db90516da..5ed9cfa4a 100644 --- a/tripleo_ansible/roles/tripleo_container_image_prepare/tasks/main.yml +++ b/tripleo_ansible/roles/tripleo_container_image_prepare/tasks/main.yml @@ -57,7 +57,7 @@ {% if (tripleo_container_image_prepare_debug | bool) %} --debug {% endif %} - no_log: "{{ not (tripleo_container_image_prepare_debug | bool) }}" + no_log: "{{ not tripleo_container_image_prepare_debug | bool }}" when: - (tripleo_container_image_prepare_content | dict2items | length) > 0 - (tripleo_container_image_prepare_roles | length) > 0 diff --git a/tripleo_ansible/roles/tripleo_container_manage/defaults/main.yml b/tripleo_ansible/roles/tripleo_container_manage/defaults/main.yml index 8c1e2b281..7abe0a8f7 100644 --- a/tripleo_ansible/roles/tripleo_container_manage/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_container_manage/defaults/main.yml @@ -16,6 +16,8 @@ # All variables intended for modification should place placed in this file. +tripleo_container_manage_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}" +tripleo_container_manage_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}" # All variables within this role should have a prefix of "tripleo_container_manage" tripleo_container_manage_check_puppet_config: false @@ -25,7 +27,6 @@ tripleo_container_manage_config: "/var/lib/tripleo-config/" tripleo_container_manage_config_id: tripleo tripleo_container_manage_config_overrides: {} tripleo_container_manage_config_patterns: '*.json' -tripleo_container_manage_debug: false # Some containers where Puppet is run, can take up to 10 minutes to finish # in slow environments. tripleo_container_manage_create_retries: 120 diff --git a/tripleo_ansible/roles/tripleo_container_manage/tasks/delete_orphan.yml b/tripleo_ansible/roles/tripleo_container_manage/tasks/delete_orphan.yml index 0014dc48e..d630ab21c 100644 --- a/tripleo_ansible/roles/tripleo_container_manage/tasks/delete_orphan.yml +++ b/tripleo_ansible/roles/tripleo_container_manage/tasks/delete_orphan.yml @@ -17,7 +17,7 @@ - name: Gather podman infos podman_container_info: {} register: podman_containers - no_log: "{{ not tripleo_container_manage_debug }}" + no_log: "{{ not (tripleo_container_manage_debug | bool) }}" when: - tripleo_container_manage_cli == 'podman' diff --git a/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/create.yml b/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/create.yml index 65e88686a..13612d5e9 100644 --- a/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/create.yml +++ b/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/create.yml @@ -27,7 +27,7 @@ config_id=tripleo_container_manage_config_id, clean_orphans=False) }} - name: "Async container create/run" - no_log: "{{ not tripleo_container_manage_debug }}" + no_log: "{{ tripleo_container_manage_hide_sensitive_logs | bool }}" async: "{{ (not ansible_check_mode | bool) | ternary('600', omit) }}" poll: "{{ (not ansible_check_mode | bool) | ternary('0', omit) }}" register: create_async_results @@ -84,7 +84,7 @@ volumes_from: "{{ lookup('dict', container_data).value.volumes_from | default([]) }}" - name: "Check podman create status" - no_log: "{{ not tripleo_container_manage_debug }}" + no_log: "{{ not (tripleo_container_manage_debug | bool) }}" async_status: jid: "{{ create_async_result_item.ansible_job_id }}" loop: "{{ create_async_results.results }}" diff --git a/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/exec.yml b/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/exec.yml index b8f91a55e..28c4c8ea0 100644 --- a/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/exec.yml +++ b/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/exec.yml @@ -22,7 +22,7 @@ when: not ansible_check_mode|bool - name: "Async container exec" - no_log: "{{ not tripleo_container_manage_debug }}" + no_log: "{{ not (tripleo_container_manage_debug | bool) }}" command: argv: "{{ lookup('dict', container_exec_data).value | container_exec_cmd(cli=tripleo_container_manage_cli) }}" async: "{{ (not ansible_check_mode | bool) | ternary('60', omit) }}" @@ -34,7 +34,7 @@ when: not ansible_check_mode|bool - name: "Check podman exec status" - no_log: "{{ not tripleo_container_manage_debug }}" + no_log: "{{ not (tripleo_container_manage_debug | bool) }}" async_status: jid: "{{ exec_async_result_item.ansible_job_id }}" loop: "{{ exec_async_results.results }}" diff --git a/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/get_commands_exec.yml b/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/get_commands_exec.yml index 7c7f0e1a5..dd4137b52 100644 --- a/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/get_commands_exec.yml +++ b/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/get_commands_exec.yml @@ -15,7 +15,7 @@ # under the License. - name: "Create a list of podman exec commands that are run" - no_log: "{{ not tripleo_container_manage_debug }}" + no_log: "{{ not (tripleo_container_manage_debug | bool) }}" set_fact: containers_commands: >- {{ (containers_commands | default([])) + ([lookup('dict', container_exec_data).value | diff --git a/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/start_order.yml b/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/start_order.yml index 956e81d7d..337f43727 100644 --- a/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/start_order.yml +++ b/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/start_order.yml @@ -17,7 +17,7 @@ - name: Gather podman infos podman_container_info: {} register: podman_containers - no_log: "{{ not tripleo_container_manage_debug }}" + no_log: "{{ tripleo_container_manage_hide_sensitive_logs | bool }}" when: - tripleo_container_manage_cli == 'podman' diff --git a/tripleo_ansible/roles/tripleo_hosts_entries/defaults/main.yml b/tripleo_ansible/roles/tripleo_hosts_entries/defaults/main.yml index 8b496db6b..26134181d 100644 --- a/tripleo_ansible/roles/tripleo_hosts_entries/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_hosts_entries/defaults/main.yml @@ -18,7 +18,7 @@ # All variables intended for modification should be placed in this file. # All variables within this role should have a prefix of "tripleo_hosts_entries" -tripleo_hosts_entries_debug: false +tripleo_hosts_entries_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" tripleo_hosts_entries_hosts_path: /etc/hosts tripleo_hosts_entries_undercloud_hosts_entries: "" tripleo_hosts_entries_extra_hosts_entries: "" diff --git a/tripleo_ansible/roles/tripleo_nova_image_cache/defaults/main.yml b/tripleo_ansible/roles/tripleo_nova_image_cache/defaults/main.yml index 1eccddb8c..8b0b33a0a 100644 --- a/tripleo_ansible/roles/tripleo_nova_image_cache/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_nova_image_cache/defaults/main.yml @@ -18,7 +18,7 @@ # All variables intended for modification should place placed in this file. # All variables within this role should have a prefix of "tripleo_nova_image_cache" -tripleo_nova_image_cache_debug: false +tripleo_nova_image_cache_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" tripleo_nova_image_cache_images: [] tripleo_nova_image_cache_use_proxy: false tripleo_nova_image_cache_proxy_hostname: "{{ ansible_play_batch[0] }}" diff --git a/tripleo_ansible/roles/tripleo_nvdimm/defaults/main.yml b/tripleo_ansible/roles/tripleo_nvdimm/defaults/main.yml index 8a62375eb..044ed8174 100644 --- a/tripleo_ansible/roles/tripleo_nvdimm/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_nvdimm/defaults/main.yml @@ -18,4 +18,4 @@ # All variables intended for modification should be placed in this file. # All variables within this role should have a prefix of "tripleo_tripleo_nvdimm" -tripleo_tripleo_nvdimm_debug: false +tripleo_tripleo_nvdimm_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" diff --git a/tripleo_ansible/roles/tripleo_ovs_dpdk/defaults/main.yml b/tripleo_ansible/roles/tripleo_ovs_dpdk/defaults/main.yml index e8d2727c2..10089b5e9 100644 --- a/tripleo_ansible/roles/tripleo_ovs_dpdk/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_ovs_dpdk/defaults/main.yml @@ -18,7 +18,7 @@ # All variables intended for modification should place placed in this file. # All variables within this role should have a prefix of "tripleo_ovs_dpdk" -tripleo_ovs_dpdk_debug: false +tripleo_ovs_dpdk_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" tripleo_ovs_dpdk_pmd_core_list: "" tripleo_ovs_dpdk_lcore_list: "" tripleo_ovs_dpdk_memory_channels: 4 diff --git a/tripleo_ansible/roles/tripleo_packages/defaults/main.yml b/tripleo_ansible/roles/tripleo_packages/defaults/main.yml index 30623e95d..5464468ad 100644 --- a/tripleo_ansible/roles/tripleo_packages/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_packages/defaults/main.yml @@ -60,7 +60,7 @@ tripleo_packages_fast_forward_custom_repo_script_content: | tripleo_packages_upgrade_leapp_enabled: true # Print debugging output when running Leapp -tripleo_packages_upgrade_leapp_debug: true +tripleo_packages_upgrade_leapp_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" # Skip RHSM when running Leapp in development/testing. tripleo_packages_upgrade_leapp_devel_skip_rhsm: false diff --git a/tripleo_ansible/roles/tripleo_podman/defaults/main.yml b/tripleo_ansible/roles/tripleo_podman/defaults/main.yml index 096984f3b..d49858115 100644 --- a/tripleo_ansible/roles/tripleo_podman/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_podman/defaults/main.yml @@ -16,6 +16,8 @@ # All variables intended for modification should be placed in this file. +tripleo_podman_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}" +tripleo_podman_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}" tripleo_container_registry_insecure_registries: [] tripleo_container_registry_login: false @@ -23,7 +25,6 @@ tripleo_container_registry_logins: {} tripleo_podman_packages: "{{ _tripleo_podman_packages | default([]) }}" tripleo_podman_purge_packages: "{{ _tripleo_podman_purge_packages | default([]) }}" tripleo_podman_tls_verify: true -tripleo_podman_debug: false tripleo_podman_unqualified_search_registries: - registry.redhat.io - registry.access.redhat.com diff --git a/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_login.yml b/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_login.yml index 719658650..8b149a59f 100644 --- a/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_login.yml +++ b/tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_login.yml @@ -26,6 +26,6 @@ REGISTRY_USERNAME: "{{ lookup('dict', item.value).key }}" REGISTRY_PASSWORD: "{{ lookup('dict', item.value).value }}" REGISTRY: "{{ item.key }}" - no_log: "{{ not tripleo_podman_debug|bool }}" + no_log: "{{ tripleo_podman_hide_sensitive_logs | bool }}" loop: "{{ query('dict', tripleo_container_registry_logins) }}" register: registry_login_podman diff --git a/tripleo_ansible/roles/tripleo_puppet_cache/defaults/main.yml b/tripleo_ansible/roles/tripleo_puppet_cache/defaults/main.yml index bbdf4ae44..1babc7c3a 100644 --- a/tripleo_ansible/roles/tripleo_puppet_cache/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_puppet_cache/defaults/main.yml @@ -16,8 +16,11 @@ # All variables intended for modification should be placed in this file. +tripleo_puppet_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}" +tripleo_puppet_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}" # All variables within this role should have a prefix of "tripleo_puppet_cache" +tripleo_puppet_cache_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}" tripleo_puppet_cache_base_dir: /var/lib/container-puppet/puppetlabs tripleo_puppet_cache_config: | facts : { diff --git a/tripleo_ansible/roles/tripleo_puppet_cache/tasks/main.yml b/tripleo_ansible/roles/tripleo_puppet_cache/tasks/main.yml index ebf086dd1..8134b91f9 100644 --- a/tripleo_ansible/roles/tripleo_puppet_cache/tasks/main.yml +++ b/tripleo_ansible/roles/tripleo_puppet_cache/tasks/main.yml @@ -82,7 +82,7 @@ shell: facter --config "{{ tripleo_puppet_cache_base_dir }}/facter.conf" retries: 5 delay: 5 - no_log: true + no_log: "{{ tripleo_puppet_hide_sensitive_logs | bool }}" failed_when: false register: _facter_cache_run diff --git a/tripleo_ansible/roles/tripleo_redhat_enforce/defaults/main.yml b/tripleo_ansible/roles/tripleo_redhat_enforce/defaults/main.yml index 5dd1f8e48..7ef0e4c02 100644 --- a/tripleo_ansible/roles/tripleo_redhat_enforce/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_redhat_enforce/defaults/main.yml @@ -18,7 +18,7 @@ # All variables intended for modification should be placed in this file. # All variables within this role should have a prefix of "tripleo_redhat_enforce" -tripleo_redhat_enforce_debug: false +tripleo_redhat_enforce_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" tripleo_redhat_enforce: false tripleo_redhat_enforce_osp: '' tripleo_redhat_enforce_os: '' diff --git a/tripleo_ansible/roles/tripleo_systemd_wrapper/defaults/main.yml b/tripleo_ansible/roles/tripleo_systemd_wrapper/defaults/main.yml index d7050d6e4..1aa4d73fb 100644 --- a/tripleo_ansible/roles/tripleo_systemd_wrapper/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_systemd_wrapper/defaults/main.yml @@ -18,5 +18,5 @@ # All variables intended for modification should be placed in this file. # All variables within this role should have a prefix of "tripleo_systemd_wrapper" -tripleo_systemd_wrapper_debug: false +tripleo_systemd_wrapper_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" tripleo_systemd_wrapper_container_cli: podman diff --git a/tripleo_ansible/roles/tripleo_transfer/defaults/main.yml b/tripleo_ansible/roles/tripleo_transfer/defaults/main.yml index 70c204ea5..48bde8918 100644 --- a/tripleo_ansible/roles/tripleo_transfer/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_transfer/defaults/main.yml @@ -23,7 +23,7 @@ # * `tripleo_transfer_src_dir` -- directory on the source host to transfer from # * `tripleo_transfer_dest_host` -- the inventory name of the destination host # * `tripleo_transfer_dest_dir` -- directory on the destination host to transfer to - +tripleo_transfer_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}" tripleo_transfer_storage_root_dir: /var/lib/mistral/tripleo-transfer tripleo_transfer_storage_root_become: false tripleo_transfer_src_become: true diff --git a/tripleo_ansible/roles/tripleo_transfer/tasks/main.yml b/tripleo_ansible/roles/tripleo_transfer/tasks/main.yml index 672023c57..7a2248577 100644 --- a/tripleo_ansible/roles/tripleo_transfer/tasks/main.yml +++ b/tripleo_ansible/roles/tripleo_transfer/tasks/main.yml @@ -44,7 +44,7 @@ # Using the "archive" module lists lists all tarred files in module # output, if there's too many files, it can crash ansible even with -# "no_log: true". +# "no_log: "{{ not tripleo_transfer_debug | bool }}"". - name: create the archive shell: |- set -euo pipefail