Giters

splunk / splunk-ansible

Ansible playbooks for configuring and managing Splunk Enterprise and Universal Forwarder deployments

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

"Set general pass4SymmKey" should respect hide_password

jacobappleton-orbis opened this issue · comments

commented

Currently no_log isn't set in this task:

splunk-ansible/roles/splunk_common/tasks/set_general_symmkey_password.yml

Lines 1 to 9 in 0f11fdd

- name: Set general pass4SymmKey
ini_file:
dest: "{{ splunk.home }}/etc/system/local/server.conf"
section: "general"
option: "pass4SymmKey"
value: "{{ splunk.pass4SymmKey }}"
owner: "{{ splunk.user }}"
group: "{{ splunk.group }}"
register: set_symmkey

It should probably use no_log: "{{ hide_password }}" like we do in the Index Cluster configuration:

splunk-ansible/roles/splunk_indexer/tasks/indexer_clustering.yml

Lines 6 to 18 in 0f11fdd

- name: Set current node as indexer cluster peer
command: "{{ splunk.exec }} edit cluster-config -mode slave -master_uri '{{ cert_prefix }}://{{ splunk.cluster_master_url }}:{{ splunk.svc_port }}' -replication_port {{ splunk.idxc.replication_port }} -secret '{{ splunk.idxc.pass4SymmKey }}' -auth '{{ splunk.admin_user }}:{{ splunk.password }}'"
become: yes
become_user: "{{ splunk.user }}"
register: task_result
changed_when: task_result.rc == 0
until: task_result.rc == 0
retries: "{{ retry_num }}"
delay: "{{ retry_delay }}"
ignore_errors: yes
notify:
- Restart the splunkd service
no_log: "{{ hide_password }}"