Ansible - no_log parameter (mask suppress output)
by
Jeremy Canfield |
Updated: November 24 2021
| Ansible articles
Let's say you have a playbook that has a task that you want to ensure does not produce any output and is not logged. For example, let's say you are using the set_fact module to define the "secret" variable.
---
- hosts: localhost
tasks:
- set_fact:
secret: "itsasecret"
...
By default, the value "itsasecret" will not be included in the output.
~]# ansible-playbook example.yml
PLAY [localhost]
TASK [Gathering Facts]
ok: [localhost]
TASK [set_fact]
ok: [localhost]
PLAY RECAP
localhost : ok=2 changed=0 unreachable=0 failed=0 skipped=0 resuced=0 ignored=0
However, let's say the ansible-playbook command is run with the -v (verbose) flag. In this scenario, the output will include "itsasecret".
~]# ansible-playbook example.yml -v
TASK [set_fact]
ok: [localhost] => {"ansible_facts": {"secret": "itsasecret"}, "changed": false}
The no_log:true parameter can be used to supress the output.
---
- hosts: localhost
tasks:
- set_fact:
secret: "itsasecret"
no_log: true
...
Now when the playbook is run, even with the -v (verbose) flag, "itsasecret" will not be included in the output.
~]# ansible-playbook example.yml -v
TASK [set_fact]
ok: [localhost] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}
Did you find this article helpful?
If so, consider buying me a coffee over at