mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Merge pull request #14557 from ansible/display-play-args
Add a configuration setting that allows the user to specify printing …
This commit is contained in:
commit
4c58066153
4 changed files with 53 additions and 3 deletions
|
@ -304,8 +304,6 @@ How do I keep secret data in my playbook?
|
||||||
|
|
||||||
If you would like to keep secret data in your Ansible content and still share it publicly or keep things in source control, see :doc:`playbooks_vault`.
|
If you would like to keep secret data in your Ansible content and still share it publicly or keep things in source control, see :doc:`playbooks_vault`.
|
||||||
|
|
||||||
.. _i_dont_see_my_question:
|
|
||||||
|
|
||||||
In Ansible 1.8 and later, if you have a task that you don't want to show the results or command given to it when using -v (verbose) mode, the following task or playbook attribute can be useful::
|
In Ansible 1.8 and later, if you have a task that you don't want to show the results or command given to it when using -v (verbose) mode, the following task or playbook attribute can be useful::
|
||||||
|
|
||||||
- name: secret task
|
- name: secret task
|
||||||
|
@ -323,6 +321,8 @@ Though this will make the play somewhat difficult to debug. It's recommended th
|
||||||
be applied to single tasks only, once a playbook is completed.
|
be applied to single tasks only, once a playbook is completed.
|
||||||
|
|
||||||
|
|
||||||
|
.. _i_dont_see_my_question:
|
||||||
|
|
||||||
I don't see my question here
|
I don't see my question here
|
||||||
++++++++++++++++++++++++++++
|
++++++++++++++++++++++++++++
|
||||||
|
|
||||||
|
|
|
@ -228,6 +228,34 @@ Allows disabling of deprecating warnings in ansible-playbook output::
|
||||||
|
|
||||||
Deprecation warnings indicate usage of legacy features that are slated for removal in a future release of Ansible.
|
Deprecation warnings indicate usage of legacy features that are slated for removal in a future release of Ansible.
|
||||||
|
|
||||||
|
.. _display_args_to_stdout
|
||||||
|
|
||||||
|
display_args_to_stdout
|
||||||
|
======================
|
||||||
|
|
||||||
|
.. versionadded:: 2.1.0
|
||||||
|
|
||||||
|
By default, ansible-playbook will print a header for each task that is run to
|
||||||
|
stdout. These headers will contain the ``name:`` field from the task if you
|
||||||
|
specified one. If you didn't then ansible-playbook uses the task's action to
|
||||||
|
help you tell which task is presently running. Sometimes you run many of the
|
||||||
|
same action and so you want more information about the task to differentiate
|
||||||
|
it from others of the same action. If you set this variable to ``True`` in
|
||||||
|
the config then ansible-playbook will also include the task's arguments in the
|
||||||
|
header.
|
||||||
|
|
||||||
|
This setting defaults to ``False`` because there is a chance that you have
|
||||||
|
sensitive values in your parameters and do not want those to be printed to
|
||||||
|
stdout::
|
||||||
|
|
||||||
|
display_args_to_stdout=False
|
||||||
|
|
||||||
|
If you set this to ``True`` you should be sure that you have secured your
|
||||||
|
environment's stdout (no one can shoulder surf your screen and you aren't
|
||||||
|
saving stdout to an insecure file) or made sure that all of your playbooks
|
||||||
|
explicitly added the ``no_log: True`` parameter to tasks which have sensistive
|
||||||
|
values See :ref:`keep_secret_data` for more information.
|
||||||
|
|
||||||
.. _display_skipped_hosts:
|
.. _display_skipped_hosts:
|
||||||
|
|
||||||
display_skipped_hosts
|
display_skipped_hosts
|
||||||
|
|
|
@ -98,6 +98,16 @@
|
||||||
# task is skipped.
|
# task is skipped.
|
||||||
#display_skipped_hosts = True
|
#display_skipped_hosts = True
|
||||||
|
|
||||||
|
# by default, if a task in a playbook does not include a name: field then
|
||||||
|
# ansible-playbook will construct a header that includes the task's action but
|
||||||
|
# not the task's args. This is a security feature because ansible cannot know
|
||||||
|
# if the *module* considers an argument to be no_log at the time that the
|
||||||
|
# header is printed. If your environment doesn't have a problem securing
|
||||||
|
# stdout from ansible-playbook (or you have manually specified no_log in your
|
||||||
|
# playbook on all of the tasks where you have secret information) then you can
|
||||||
|
# safely set this to True to get more informative messages.
|
||||||
|
#display_args_to_stdout = False
|
||||||
|
|
||||||
# by default (as of 1.3), Ansible will raise errors when attempting to dereference
|
# by default (as of 1.3), Ansible will raise errors when attempting to dereference
|
||||||
# Jinja2 variables that are not set in templates or action lines. Uncomment this line
|
# Jinja2 variables that are not set in templates or action lines. Uncomment this line
|
||||||
# to revert the behavior to pre-1.3.
|
# to revert the behavior to pre-1.3.
|
||||||
|
|
|
@ -113,7 +113,19 @@ class CallbackModule(CallbackBase):
|
||||||
self._display.banner("NO MORE HOSTS LEFT")
|
self._display.banner("NO MORE HOSTS LEFT")
|
||||||
|
|
||||||
def v2_playbook_on_task_start(self, task, is_conditional):
|
def v2_playbook_on_task_start(self, task, is_conditional):
|
||||||
self._display.banner("TASK [%s]" % task.get_name().strip())
|
args = ''
|
||||||
|
# args can be specified as no_log in several places: in the task or in
|
||||||
|
# the argument spec. We can check whether the task is no_log but the
|
||||||
|
# argument spec can't be because that is only run on the target
|
||||||
|
# machine and we haven't run it thereyet at this time.
|
||||||
|
#
|
||||||
|
# So we give people a config option to affect display of the args so
|
||||||
|
# that they can secure this if they feel that their stdout is insecure
|
||||||
|
# (shoulder surfing, logging stdout straight to a file, etc).
|
||||||
|
if not task.no_log and C.DISPLAY_ARGS_TO_STDOUT:
|
||||||
|
args = ', '.join(('%s=%s' % a for a in task.args.items()))
|
||||||
|
args = ' %s' % args
|
||||||
|
self._display.banner("TASK [%s%s]" % (task.get_name().strip(), args))
|
||||||
if self._display.verbosity > 2:
|
if self._display.verbosity > 2:
|
||||||
path = task.get_path()
|
path = task.get_path()
|
||||||
if path:
|
if path:
|
||||||
|
|
Loading…
Reference in a new issue