Hi All,
I’m running a loop for deploy multiple passwords into one config file:
- name: setup virtual router passwords
replace: dest=/etc/keepalived/keepalived.conf
regexp=‘{{ item.pattern }}’
replace=‘{{ item.password }}’
with_items: - { pattern: ‘virtual_router_id_51_password’, password: ‘{{ virtual_router_id_51_password }}’ }
- { pattern: ‘virtual_router_id_52_password’, password: ‘{{ virtual_router_id_52_password }}’ }
- { pattern: ‘virtual_router_id_53_password’, password: ‘{{ virtual_router_id_53_password }}’ }
- { pattern: ‘virtual_router_id_54_password’, password: ‘{{ virtual_router_id_54_password }}’ }
- { pattern: ‘virtual_router_id_55_password’, password: ‘{{ virtual_router_id_55_password }}’ }
My problem is that when I’m running the playbook it shows in the console output (and in the log) the passwords, which I definitely would like to avoid:
TASK: [setup virtual router passwords] ****************************************
changed: [lb1] => (item={‘pattern’: ‘virtual_router_id_51_password’, ‘password’: u’thisisthepassword’})
If I’m degrading this replace to a single replace (so deleting the with_items completely) then it’s fine:
TASK: [setup virtual router passwords] ****************************************
changed: [lb1]
Is somebody have any idea why the passwords are showing up in the loop?
Thanks.
Gabor