We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ansible.posix.mount logs CIFS credentials in job output and /var/log/messages
mount
bash-4.4# ansible --version ansible [core 2.15.4] config file = /etc/ansible/ansible.cfg configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/bin/ansible python version = 3.9.16 (main, May 31 2023, 12:21:58) [GCC 8.5.0 20210514 (Red Hat 8.5.0-18)] (/usr/bin/python3.9) jinja version = 3.1.2 libyaml = True
bash-4.4# ansible-galaxy collection list ansible.posix # /usr/share/ansible/collections/ansible_collections Collection Version ------------- ------- ansible.posix 1.5.4
bash-4.4# ansible-config dump --only-changed CONFIG_FILE() = /etc/ansible/ansible.cfg bash-4.4#
Red Hat Enterprise Linux release 8.8 (Ootpa)
--- - name: Mount a cifs share hosts: winserv01.localdomain.local gather_facts: false tasks: - name: Mount an SMB share vars: __user: "{{ (credentials | selectattr('host', 'match', inventory_hostname))[0].user }}" __pass: "{{ (credentials | selectattr('host', 'match', inventory_hostname))[0].pass }}" ansible.posix.mount: path: /mnt src: '//{{ inventory_hostname }}/MyShare' fstype: cifs opts: "rw,vers=3,file_mode=0600,dir_mode=0700,username={{ __user }},password={{ __pass }}" state: ephemeral delegate_to: sattower06.localdomain.local # no_log: true ...
Credentials not to be logged.
From /var/log/messages: Sep 25 05:29:12 sattower06 platform-python[4371]: ansible-ansible.posix.mount Invoked with path=/mnt src=//winserv01.localdomain.local/MyShare fstype=cifs opts=rw,vers=3,file_mode=0600,dir_mode=0700,username=Administrator,password=redhat1! state=ephemeral boot=True dump=0 passno=0 backup=False fstab=None From job output: "opts": "rw,vers=3,file_mode=0600,dir_mode=0700,username=Administrator,password=redhat1!",
The text was updated successfully, but these errors were encountered:
As a workaround use no_log: true on the task (i see that you do already, it's commented out, but still mentioning here for others).
no_log: true
Sorry, something went wrong.
No branches or pull requests
SUMMARY
ansible.posix.mount logs CIFS credentials in job output and /var/log/messages
ISSUE TYPE
COMPONENT NAME
mount
ANSIBLE VERSION
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
Red Hat Enterprise Linux release 8.8 (Ootpa)
STEPS TO REPRODUCE
EXPECTED RESULTS
Credentials not to be logged.
ACTUAL RESULTS
The text was updated successfully, but these errors were encountered: