From 375500df372befe7194989eb9982e88327a62479 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Tue, 19 Sep 2017 18:08:24 +0200
Subject: [PATCH] roles/ipaclient/tasks/install.yml: Set no_log:yes for OTP
 generation and usage

---
 roles/ipaclient/tasks/install.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml
index 53e69784..ed3900c6 100644
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -46,6 +46,7 @@
 # if ipaclient_use_otp is set.
 - block:
   - name: Install - Get a One-Time Password for client enrollment
+    no_log: yes
     ipahost:
       state: present
       principal: "{{ ipaadmin_principal | default('admin') }}"
@@ -61,6 +62,7 @@
     delegate_to: "{{ ipadiscovery.servers[0] }}"
 
   - name: Install - Store the previously obtained OTP
+    no_log: yes
     set_fact:
       ipaadmin_password: "{{ ipahost_output.host.randompassword if ipahost_output.host is defined }}"
 
-- 
GitLab