Source: ansible Version: 2.7.7+dfsg-1 Severity: normal Tags: upstream Dear Maintainer,
like probably every other module, data processed by ansible's "debconf" module to manipulate the debconf database is logged to syslog unless explicitly told otherwise (no_log). This becomes a problem when setting a value of vtype "passwort" like in ansible -i root@<host>, root@<host> \ -m debconf -a 'name=foo question=foo/bar value=topsecret vtype=password' Then the target host's syslog contains a like | ansible-debconf: Invoked with unseen=None vtype=password question=foo/bar name=foo value=topsecret ^^^^^^^^^ For a fix: Probably there is a way to mark value as "no_log" only if vtype has the "password" value. I failed to get this done, I did not try very hard, though. Christoph -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.35-rc1 (SMP w/4 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init)
signature.asc
Description: PGP signature