From 8f36e21c9736a090d4e141d07e465dad3fde6032 Mon Sep 17 00:00:00 2001 From: Klaas Demter Date: Fri, 15 Feb 2019 16:15:33 +0100 Subject: [PATCH] Avoid pg password ending up in syslog/shell output Currently if an error occurs the pgpassword would be exposed to syslog / shell during playbook backup.yml --- installer/roles/kubernetes/tasks/backup.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/installer/roles/kubernetes/tasks/backup.yml b/installer/roles/kubernetes/tasks/backup.yml index dd392d8212..fb33f62b3a 100644 --- a/installer/roles/kubernetes/tasks/backup.yml +++ b/installer/roles/kubernetes/tasks/backup.yml @@ -55,6 +55,7 @@ --port={{ pg_port | default('5432') }} \ --username='{{ pg_username }}' \ --dbname='{{ pg_database }}'" > {{ playbook_dir }}/tower-openshift-backup-{{ now }}/tower.db + no_log: yes - name: Copy inventory into backup directory copy: