Source: ansible Version: 2.7.7+dfsg-1 Severity: normal Tags: upstream Dear Maintainer,
like probably every other module, data processed by ansible's "debconf"
module to manipulate the debconf database is logged to syslog unless
explicitly told otherwise (no_log). This becomes a problem when setting
a value of vtype "passwort" like in
ansible -i root@<host>, root@<host> \
-m debconf -a 'name=foo question=foo/bar value=topsecret vtype=password'
Then the target host's syslog contains a like
| ansible-debconf: Invoked with unseen=None vtype=password question=foo/bar
name=foo value=topsecret
^^^^^^^^^
For a fix: Probably there is a way to mark value as "no_log" only if
vtype has the "password" value. I failed to get this done, I did not
try very hard, though.
Christoph
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.35-rc1 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
signature.asc
Description: PGP signature
