我创建了一个包含 2 个选项的作业,供用户写入其登录名/密码。此凭据稍后将在剧本中用作额外变量。
但是所有这些凭据都可以在日志中读取!!
如何解决这个问题?
您可以在内联剧本或剧本步骤中使用"屏蔽密码"日志过滤器(对于任何 Rundeck 步骤(,您可以在此处查看文档。我做了一个有效的作业定义示例:
<joblist>
<job>
<context>
<options preserveOrder='true'>
<option name='opt1' secure='true' value='12345' valueExposed='true' />
</options>
</context>
<defaultTab>nodes</defaultTab>
<description></description>
<dispatch>
<excludePrecedence>true</excludePrecedence>
<keepgoing>false</keepgoing>
<rankOrder>ascending</rankOrder>
<successOnEmptyNodeFilter>false</successOnEmptyNodeFilter>
<threadcount>1</threadcount>
</dispatch>
<executionEnabled>true</executionEnabled>
<id>2c9b3903-a545-4dbd-aeac-578889dbb611</id>
<loglevel>INFO</loglevel>
<name>HelloWorld</name>
<nodeFilterEditable>false</nodeFilterEditable>
<nodefilters>
<filter>name: 192.168.33.20</filter>
</nodefilters>
<nodesSelectedByDefault>true</nodesSelectedByDefault>
<scheduleEnabled>true</scheduleEnabled>
<sequence keepgoing='false' strategy='node-first'>
<command>
<node-step-plugin type='com.batix.rundeck.plugins.AnsiblePlaybookInlineWorkflowNodeStep'>
<configuration>
<entry key='ansible-base-dir-path' value='/home/user/' />
<entry key='ansible-become' value='false' />
<entry key='ansible-playbook-inline' value='--- # This playbook prints a simple debug message - name: Echo hosts: all connection: local tasks: - name: Print debug message debug: msg: ${option.opt1}' />
<entry key='ansible-ssh-passphrase-option' value='option.password' />
<entry key='ansible-ssh-use-agent' value='false' />
</configuration>
</node-step-plugin>
<plugins>
<LogFilter type='LogFilter:mask-passwords'>
<config>
<color>red</color>
<replacement>[SECURE]</replacement>
</config>
</LogFilter>
</plugins>
</command>
</sequence>
<uuid>2c9b3903-a545-4dbd-aeac-578889dbb611</uuid>
</job>
</joblist>