draft: add hide_password to default vals; allow ansible inventory to read hi…

inventory/environ.py

@@ -133,7 +133,6 @@ def getDefaultVars():
     if os.environ.get("SPLUNK_HOME_OWNERSHIP_ENFORCEMENT", "").lower() == "false":
         defaultVars["splunk_home_ownership_enforcement"] = False
     # Determine password visibility
-    defaultVars["hide_password"] = False
     if os.environ.get("HIDE_PASSWORD", "").lower() == "true":
         defaultVars["hide_password"] = True
     # Determine SHC preferred captaincy

inventory/splunk_defaults_linux.yml

@@ -4,6 +4,7 @@ ansible_post_tasks:
 ansible_environment: {}
 retry_delay: 6
 retry_num: 60
+hide_password: false
 wait_for_splunk_retry_num: 60
 shc_sync_retry_num: 60
 

inventory/splunk_defaults_windows.yml

@@ -4,6 +4,7 @@ ansible_post_tasks:
 ansible_environment: {}
 retry_delay: 10
 retry_num: 60
+hide_password: false
 wait_for_splunk_retry_num: 150
 shc_sync_retry_num: 300
 

inventory/splunkforwarder_defaults_linux.yml

@@ -4,6 +4,7 @@ ansible_post_tasks:
 ansible_environment: {}
 retry_delay: 6
 retry_num: 60
+hide_password: false
 wait_for_splunk_retry_num: 60
 shc_sync_retry_num: 60
 

inventory/splunkforwarder_defaults_windows.yml

@@ -4,6 +4,7 @@ ansible_post_tasks:
 ansible_environment: {}
 retry_delay: 10
 retry_num: 60
+hide_password: false
 wait_for_splunk_retry_num: 150
 shc_sync_retry_num: 300
 

roles/splunk_common/tasks/apply_licenses.yml

@@ -9,10 +9,12 @@
   vars:
     licenses: "{{ license }}"
   when: '"*" in license'
+  no_log: "{{ hide_password }}"
 
 - include_tasks: licenses/add_license.yml
   vars:
     lic: "{{ license }}"
   when:
     - license | lower != "free"
     - '"*" not in license'
+  no_log: "{{ hide_password }}"

roles/splunk_common/tasks/java_tasks/install_openjdk9_jdk_windows.yml

@@ -20,9 +20,11 @@
     path: /home/splunk/.bash_profile
     line: "JAVA_HOME=/home/splunk/java-se-9-ri/jdk-9/"
     create: yes
+  no_log: "{{ hide_password }}"
 
 - name: Write path into .bash_profile
   lineinfile:
     path: /home/splunk/.bash_profile
     line: "PATH=$PATH:$JAVA_HOME/bin"
     create: yes
+  no_log: "{{ hide_password }}"

roles/splunk_common/tasks/main.yml

@@ -107,6 +107,7 @@
     conf_stanzas: "{{ item.value.content | default({}) }}"
   with_items: "{% if splunk.conf is mapping %}{{ splunk.conf | dict2items }}{% else %}{{ splunk.conf }}{% endif %}"
   when: "'conf' in splunk and splunk.conf"
+  no_log: "{{ hide_password }}"
 
 # Generate outputs.conf before splunk starts to prevent data being indexed locally
 - include_tasks: enable_forwarding.yml

roles/splunk_common/tasks/set_as_license_slave.yml

@@ -5,6 +5,7 @@
     scheme: "{{ splunk.license_master_url | urlsplit('scheme') }}"
     splunk_instance_address: "{{ splunk.license_master_url | urlsplit('hostname') }}"
     port: "{{ splunk.license_master_url | urlsplit('port') }}"
+  no_log: "{{ hide_password }}"
 
 - name: Set node as license slave
   command: "{{ splunk.exec }} edit licenser-localslave -master_uri {{ splunk.license_master_url }} -auth '{{ splunk.admin_user }}:{{ splunk.password }}'"

roles/splunk_common/tasks/set_config_file.yml

@@ -14,3 +14,4 @@
   with_dict: "{{ conf_stanzas }}"
   loop_control:
     loop_var: stanza
+  no_log: "{{ hide_password }}"