From ea0f31b8a427b90fc1724d232d811750398b6a09 Mon Sep 17 00:00:00 2001
From: Will Foster <wfoster@redhat.com>
Date: Fri, 17 Jun 2016 19:59:23 +0100
Subject: [PATCH] Suppress unneeded verbosity with no_log: true

Set no_log: true for firewall discovery verbosity that occurs
when checks are run to determine firewall mechanism, status and
ports.

patchset #2: bump with commit message, no changes
patchset #3: bump with commit message again, no changes.

Change-Id: I7779076efaff0e8173713eb5a2f9c594fb180741
---
 ansible/install/roles/fluentd/tasks/main.yml | 8 ++++++++
 ansible/install/roles/kibana/tasks/main.yml  | 1 +
 ansible/install/roles/nginx/tasks/main.yml   | 8 ++++++++
 3 files changed, 17 insertions(+)

diff --git a/ansible/install/roles/fluentd/tasks/main.yml b/ansible/install/roles/fluentd/tasks/main.yml
index 4fbdd510e..a85365f16 100644
--- a/ansible/install/roles/fluentd/tasks/main.yml
+++ b/ansible/install/roles/fluentd/tasks/main.yml
@@ -43,16 +43,19 @@
   shell: systemctl is-enabled firewalld.service | egrep -qv 'masked|disabled'
   ignore_errors: true
   register: firewalld_in_use
+  no_log: true
 
 - name: Determine if firewalld is active
   shell: systemctl is-active firewalld.service | grep -vq inactive
   ignore_errors: true
   register: firewalld_is_active
+  no_log: true
 
 - name: Determine if TCP/{{fluentd_syslog_port}} is already active
   shell: firewall-cmd --list-ports | egrep -q "^{{fluentd_syslog_port}}/tcp"
   ignore_errors: true
   register: firewalld_tcp42185_exists
+  no_log: true
 
 # add firewall rule via firewall-cmd
 - name: Add firewall rule for TCP/{{fluentd_syslog_port}} (firewalld)
@@ -70,6 +73,7 @@
   ignore_errors: true
   register: iptables_tcp42185_exists
   failed_when: iptables_tcp42185_exists == 127
+  no_log: true
 
 - name: Add firewall rule for TCP/{{fluentd_syslog_port}} (iptables-services)
   lineinfile:
@@ -91,16 +95,19 @@
   shell: systemctl is-enabled firewalld.service | egrep -qv 'masked|disabled'
   ignore_errors: true
   register: firewalld_in_use
+  no_log: true
 
 - name: Determine if firewalld is active
   shell: systemctl is-active firewalld.service | grep -vq inactive
   ignore_errors: true
   register: firewalld_is_active
+  no_log: true
 
 - name: Determine if TCP/{{fluentd_http_port}} is already active
   shell: firewall-cmd --list-ports | egrep -q "^{{fluentd_http_port}}/tcp"
   ignore_errors: true
   register: firewalld_tcp9919_exists
+  no_log: true
 
 # add firewall rule via firewall-cmd
 - name: Add firewall rule for TCP/{{fluentd_http_port}} (firewalld)
@@ -118,6 +125,7 @@
   ignore_errors: true
   register: iptables_tcp9919_exists
   failed_when: iptables_tcp9919_exists == 127
+  no_log: true
 
 - name: Add firewall rule for TCP/{{fluentd_http_port}} (iptables-services)
   lineinfile:
diff --git a/ansible/install/roles/kibana/tasks/main.yml b/ansible/install/roles/kibana/tasks/main.yml
index 63176f17a..939fe14e8 100644
--- a/ansible/install/roles/kibana/tasks/main.yml
+++ b/ansible/install/roles/kibana/tasks/main.yml
@@ -25,6 +25,7 @@
   shell: cat /var/log/messages | /opt/logstash/bin/logstash -f /etc/logstash/conf.d/10-syslog.conf
   when: "'logstash-' not in elasticsearch_index.content"
   ignore_errors: true
+  no_log: true
 
 - name: Install local rsyslogd for fluentd
   yum: name={{ item }} state=present
diff --git a/ansible/install/roles/nginx/tasks/main.yml b/ansible/install/roles/nginx/tasks/main.yml
index aa70437cf..bec42e52c 100644
--- a/ansible/install/roles/nginx/tasks/main.yml
+++ b/ansible/install/roles/nginx/tasks/main.yml
@@ -65,16 +65,19 @@
   shell: systemctl is-enabled firewalld.service | egrep -qv 'masked|disabled'
   ignore_errors: true
   register: firewalld_in_use
+  no_log: true
 
 - name: Determine if firewalld is active
   shell: systemctl is-active firewalld.service | grep -vq inactive
   ignore_errors: true
   register: firewalld_is_active
+  no_log: true
 
 - name: Determine if TCP/{{nginx_kibana_port}} is already active
   shell: firewall-cmd --list-ports | egrep -q "^{{nginx_kibana_port}}/tcp"
   ignore_errors: true
   register: firewalld_tcp80_exists
+  no_log: true
 
 # add firewall rule via firewall-cmd
 - name: Add firewall rule for TCP/{{nginx_kibana_port}} (firewalld)
@@ -92,6 +95,7 @@
   ignore_errors: true
   register: iptables_tcp80_exists
   failed_when: iptables_tcp80_exists == 127
+  no_log: true
 
 - name: Add firewall rule for TCP/{{nginx_kibana_port}} (iptables-services)
   lineinfile:
@@ -113,16 +117,19 @@
   shell: systemctl is-enabled firewalld.service | egrep -qv 'masked|disabled'
   ignore_errors: true
   register: firewalld_in_use
+  no_log: true
 
 - name: Determine if firewalld is active
   shell: systemctl is-active firewalld.service | grep -vq inactive
   ignore_errors: true
   register: firewalld_is_active
+  no_log: true
 
 - name: Determine if TCP/{{elk_server_ssl_cert_port}} is already active
   shell: firewall-cmd --list-ports | egrep -q "^{{elk_server_ssl_cert_port}}/tcp"
   ignore_errors: true
   register: firewalld_tcp8080_exists
+  no_log: true
 
 # add firewall rule via firewall-cmd
 - name: Add firewall rule for TCP/{{elk_server_ssl_cert_port}} (firewalld)
@@ -140,6 +147,7 @@
   ignore_errors: true
   register: iptables_tcp8080_exists
   failed_when: iptables_tcp8080_exists == 127
+  no_log: true
 
 - name: Add firewall rule for TCP/{{elk_server_ssl_cert_port}} (iptables-services)
   lineinfile: