common: do not log keyring secret

let's not display any keyring secret by default in ansible log.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1980744

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>

group_vars/all.yml.sample

@@ -789,7 +789,7 @@ dummy:
 
 #client_connections: {}
 
-
+#no_log_on_ceph_key_tasks: True
 
 ###############
 # DEPRECATION #

group_vars/rhcs.yml.sample

@@ -789,7 +789,7 @@ alertmanager_container_image: registry.redhat.io/openshift4/ose-prometheus-alert
 
 #client_connections: {}
 
-
+#no_log_on_ceph_key_tasks: True
 
 ###############
 # DEPRECATION #

roles/ceph-client/tasks/create_users_keys.yml

@@ -28,7 +28,7 @@
     - cephx | bool
     - keys | length > 0
     - inventory_hostname == groups.get('_filtered_clients') | first
-  no_log: true
+  no_log: "{{ no_log_on_ceph_key_tasks }}"
 
 - name: slurp client cephx key(s)
   slurp:
@@ -40,7 +40,7 @@
     - cephx | bool
     - keys | length > 0
     - inventory_hostname == groups.get('_filtered_clients') | first
-  no_log: true
+  no_log: "{{ no_log_on_ceph_key_tasks }}"
 
 - name: pool related tasks
   when:
@@ -81,5 +81,5 @@
     group: "{{ ceph_uid }}"
   with_items: "{{ hostvars[groups['_filtered_clients'][0]]['slurp_client_keys']['results'] }}"
   when: not item.get('skipped', False)
-  no_log: true
+  no_log: "{{ no_log_on_ceph_key_tasks }}"
 

roles/ceph-client/tasks/pre_requisite.yml

@@ -13,6 +13,7 @@
       register: _admin_key
       delegate_to: "{{ groups.get(mon_group_name)[0] }}"
       run_once: true
+      no_log: "{{ no_log_on_ceph_key_tasks }}"
 
     - name: copy ceph key(s) if needed
       copy:
@@ -21,7 +22,7 @@
         owner: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
         group: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
         mode: "{{ ceph_keyring_permissions }}"
-      no_log: true
+      no_log: "{{ no_log_on_ceph_key_tasks }}"
   when:
     - cephx | bool
     - copy_admin_key | bool

roles/ceph-crash/tasks/main.yml

@@ -19,6 +19,7 @@
         CEPH_CONTAINER_BINARY: "{{ container_binary }}"
       delegate_to: "{{ groups.get(mon_group_name, [])[0] }}"
       run_once: True
+      no_log: "{{ no_log_on_ceph_key_tasks }}"
 
     - name: get keys from monitors
       ceph_key:
@@ -32,6 +33,7 @@
       register: _crash_keys
       delegate_to: "{{ groups.get(mon_group_name)[0] }}"
       run_once: true
+      no_log: "{{ no_log_on_ceph_key_tasks }}"
 
     - name: copy ceph key(s) if needed
       copy:
@@ -40,7 +42,7 @@
         owner: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
         group: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
         mode: "{{ ceph_keyring_permissions }}"
-      no_log: true
+      no_log: "{{ no_log_on_ceph_key_tasks }}"
 
 - name: start ceph-crash daemon
   when: containerized_deployment | bool

roles/ceph-defaults/defaults/main.yml

@@ -781,7 +781,7 @@ rbd_devices: {}
 
 client_connections: {}
 
-
+no_log_on_ceph_key_tasks: True
 
 ###############
 # DEPRECATION #

roles/ceph-iscsi-gw/tasks/common.yml

@@ -14,6 +14,7 @@
   when:
     - cephx | bool
     - copy_admin_key | bool
+  no_log: "{{ no_log_on_ceph_key_tasks }}"
 
 - name: copy ceph key(s) if needed
   copy:
@@ -25,7 +26,7 @@
   when:
     - cephx | bool
     - copy_admin_key | bool
-  no_log: true
+  no_log: "{{ no_log_on_ceph_key_tasks }}"
 
 - name: add mgr ip address to trusted list with dashboard - ipv4
   set_fact:

roles/ceph-mds/tasks/common.yml

@@ -28,6 +28,7 @@
   when:
     - cephx | bool
     - item.copy_key | bool
+  no_log: "{{ no_log_on_ceph_key_tasks }}"
 
 - name: copy ceph key(s) if needed
   copy:
@@ -40,5 +41,5 @@
   when:
     - cephx | bool
     - item.item.copy_key | bool
-  no_log: true
+  no_log: "{{ no_log_on_ceph_key_tasks }}"
 

roles/ceph-mds/tasks/non_containerized.yml

@@ -35,6 +35,7 @@
     owner: ceph
     group: ceph
     mode: "{{ ceph_keyring_permissions }}"
+  no_log: "{{ no_log_on_ceph_key_tasks }}"
   when: cephx | bool
 
 - name: ensure systemd service override directory exists

roles/ceph-mgr/tasks/common.yml

@@ -24,6 +24,7 @@
     CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}"
     CEPH_CONTAINER_BINARY: "{{ container_binary }}"
   when: groups.get(mgr_group_name, []) | length == 0 # the key is present already since one of the mons created it in "create ceph mgr keyring(s)"
+  no_log: "{{ no_log_on_ceph_key_tasks }}"
 
 - name: create and copy keyrings
   when: groups.get(mgr_group_name, []) | length > 0
@@ -46,6 +47,7 @@
       with_items: "{{ groups.get(mgr_group_name, []) }}"
       run_once: True
       delegate_to: "{{ groups[mon_group_name][0] }}"
+      no_log: "{{ no_log_on_ceph_key_tasks }}"
 
     - name: set_fact _mgr_keys
       set_fact:
@@ -68,6 +70,7 @@
       when:
         - cephx | bool
         - item.copy_key | bool
+      no_log: "{{ no_log_on_ceph_key_tasks }}"
 
     - name: copy ceph key(s) if needed
       copy:
@@ -81,7 +84,7 @@
         - cephx | bool
         - item is not skipped
         - item.item.copy_key | bool
-      no_log: true
+      no_log: "{{ no_log_on_ceph_key_tasks }}"
 
 - name: set mgr key permissions
   file:

roles/ceph-mon/tasks/ceph_keys.yml

@@ -27,5 +27,6 @@
     CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}"
     CEPH_CONTAINER_BINARY: "{{ container_binary }}"
     CEPH_ROLLING_UPDATE: "{{ rolling_update }}"
+  no_log: "{{ no_log_on_ceph_key_tasks }}"
   when:
     - cephx | bool

roles/ceph-mon/tasks/deploy_monitors.yml

@@ -17,6 +17,7 @@
       run_once: True
       delegate_to: "{{ running_mon }}"
       failed_when: initial_mon_key.rc not in [0, 2]
+      no_log: "{{ no_log_on_ceph_key_tasks }}"
       when: running_mon is defined
 
     - name: generate monitor initial keyring
@@ -26,6 +27,7 @@
       delegate_to: localhost
       become: false
       run_once: true
+      no_log: "{{ no_log_on_ceph_key_tasks }}"
       when:
         - initial_mon_key is skipped
           or
@@ -52,6 +54,7 @@
         owner: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
         group: "{{ ceph_uid if containerized_deployment | bool else 'ceph' }}"
         mode: "0400"
+      no_log: "{{ no_log_on_ceph_key_tasks }}"
       environment:
         CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}"
         CEPH_CONTAINER_BINARY: "{{ container_binary }}"
@@ -98,6 +101,7 @@
     CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment | bool else None }}"
     CEPH_CONTAINER_BINARY: "{{ container_binary }}"
   register: create_custom_admin_secret
+  no_log: "{{ no_log_on_ceph_key_tasks }}"
   when:
     - cephx | bool
     - admin_secret != 'admin_secret'

roles/ceph-nfs/tasks/main.yml

@@ -75,7 +75,7 @@
       when:
         - not item.0.get('skipped', False)
         - item.0.item.name == 'client.' + ceph_nfs_ceph_user or item.0.item.name == rgw_client_name
-      no_log: true
+      no_log: "{{ no_log_on_ceph_key_tasks }}"
 
 - name: include start_nfs.yml
   import_tasks: start_nfs.yml

roles/ceph-nfs/tasks/pre_requisite_container.yml

@@ -27,6 +27,7 @@
       when:
         - cephx | bool
         - item.copy_key | bool
+      no_log: "{{ no_log_on_ceph_key_tasks }}"
 
     - name: copy ceph key(s) if needed
       copy:
@@ -39,7 +40,7 @@
       when:
         - cephx | bool
         - item.item.copy_key | bool
-      no_log: true
+      no_log: "{{ no_log_on_ceph_key_tasks }}"
   when: groups.get(mon_group_name, []) | length > 0
 
 - name: dbus related tasks

roles/ceph-nfs/tasks/pre_requisite_non_container.yml

@@ -62,6 +62,7 @@
       when:
         - cephx | bool
         - item.copy_key | bool
+      no_log: "{{ no_log_on_ceph_key_tasks }}"
 
     - name: copy ceph key(s) if needed
       copy:
@@ -74,7 +75,7 @@
       when:
         - cephx | bool
         - item.item.copy_key | bool
-      no_log: true
+      no_log: "{{ no_log_on_ceph_key_tasks }}"
 
     - name: nfs object gateway related tasks
       when: nfs_obj_gw | bool
@@ -93,3 +94,4 @@
             owner: ceph
             group: ceph
             mode: "{{ ceph_keyring_permissions }}"
+          no_log: "{{ no_log_on_ceph_key_tasks }}"

roles/ceph-osd/tasks/common.yml

@@ -26,6 +26,7 @@
     - { name: "client.admin", path: "/etc/ceph/{{ cluster }}.client.admin.keyring", copy_key: "{{ copy_admin_key }}" }
   delegate_to: "{{ groups.get(mon_group_name)[0] }}"
   run_once: true
+  no_log: "{{ no_log_on_ceph_key_tasks }}"
   when:
     - cephx | bool
     - item.copy_key | bool
@@ -42,5 +43,5 @@
     - cephx | bool
     - item is not skipped
     - item.item.copy_key | bool
-  no_log: true
+  no_log: "{{ no_log_on_ceph_key_tasks }}"
 

roles/ceph-osd/tasks/openstack_config.yml

@@ -35,6 +35,7 @@
         CEPH_CONTAINER_BINARY: "{{ container_binary }}"
       with_items: "{{ openstack_keys }}"
       delegate_to: "{{ groups[mon_group_name][0] }}"
+      no_log: "{{ no_log_on_ceph_key_tasks }}"
 
     - name: get keys from monitors
       ceph_key:
@@ -48,6 +49,7 @@
       register: _osp_keys
       with_items: "{{ openstack_keys }}"
       delegate_to: "{{ groups.get(mon_group_name)[0] }}"
+      no_log: "{{ no_log_on_ceph_key_tasks }}"
 
     - name: copy ceph key(s) if needed
       copy:
@@ -60,7 +62,7 @@
         - "{{ _osp_keys.results }}"
         - "{{ groups[mon_group_name] }}"
       delegate_to: "{{ item.1 }}"
-      no_log: true
+      no_log: "{{ no_log_on_ceph_key_tasks }}"
   when:
     - cephx | bool
     - openstack_config | bool

roles/ceph-rbd-mirror/tasks/common.yml

@@ -17,6 +17,7 @@
   when:
     - cephx | bool
     - item.copy_key | bool
+  no_log: "{{ no_log_on_ceph_key_tasks }}"
 
 - name: copy ceph key(s) if needed
   copy:
@@ -29,7 +30,7 @@
   when:
     - cephx | bool
     - item.item.copy_key | bool
-  no_log: true
+  no_log: "{{ no_log_on_ceph_key_tasks }}"
 
 - name: create rbd-mirror keyring
   ceph_key:
@@ -45,4 +46,5 @@
     owner: ceph
     group: ceph
     mode: "{{ ceph_keyring_permissions }}"
+  no_log: "{{ no_log_on_ceph_key_tasks }}"
   when: not containerized_deployment | bool

roles/ceph-rgw/tasks/common.yml

@@ -26,6 +26,7 @@
   when:
     - cephx | bool
     - item.copy_key | bool
+  no_log: "{{ no_log_on_ceph_key_tasks }}"
 
 - name: copy ceph key(s) if needed
   copy:
@@ -39,7 +40,7 @@
     - cephx | bool
     - item is not skipped
     - item.item.copy_key | bool
-  no_log: true
+  no_log: "{{ no_log_on_ceph_key_tasks }}"
 
 - name: copy SSL certificate & key data to certificate path
   copy:

roles/ceph-rgw/tasks/pre_requisite.yml

@@ -13,6 +13,7 @@
     owner: "ceph"
     group: "ceph"
     mode: "0600"
+  no_log: "{{ no_log_on_ceph_key_tasks }}"
   environment:
     CEPH_CONTAINER_IMAGE: "{{ ceph_docker_registry + '/' + ceph_docker_image + ':' + ceph_docker_image_tag if containerized_deployment else None }}"
     CEPH_CONTAINER_BINARY: "{{ container_binary }}"