1
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 1 year has passed since last update.

AnsibleAdvent Calendar 2022

Day 21

MoleculeでAWSモジュール操作する時に気を付けるセキュリティーのポイント

Last updated at Posted at 2022-12-20

こちらの記事は Ansible Advent Calendar2022 21日目の記事になります。

今回はMoleculeでAWSモジュールを操作する時に気を付けるポイントをあげます。ずばり秘匿情報は必ず環境変数で渡すです。

Moleculeのログ出力はAnsibleの出力と違うらしい

AnsibleでAWSモジュールを扱う場合、verboseモードでログを出力しても秘匿情報が露出する事はありません。

以下のようなPlaybookを実行します。処理としてはS3バケットに登録されているオブジェクトをすべて取得して出力します。

site.yml
---
- hosts: all
  become: true

  tasks:
    - name: Install Epel
      ansible.builtin.include_role:
        name: geerlingguy.repo-epel 

    - name: Install pip and boto3
      ansible.builtin.include_role:
        name: geerlingguy.pip
      vars:
        pip_install_packages:
          - name: pip
          - name: boto3
        pip_executable: pip3
        pip_package: python3-pip

    - name: List keys simple
      amazon.aws.s3_object:
        access_key: "{{ aws_access_key_id }}"
        bucket: mamono210 
        mode: list 
        secret_key: "{{ aws_secret_access_key }}"
      register: s3_keys

    - name: Var dump
      ansible.builtin.debug:
        var: s3_keys
group_vars/all
aws_access_key_id: xxxxxxxxxxxxxxxx 
aws_secret_access_key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

verboseモードで実行してみます。

実行ログ
circleci@d2899a5851b3:~/aws-s3$ ansible-playbook -i '54.168.201.218,' -u centos site.yml -vvv
ansible-playbook [core 2.14.1]
  config file = None
  configured module search path = ['/home/circleci/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/circleci/.local/lib/python3.11/site-packages/ansible
  ansible collection location = /home/circleci/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/circleci/.local/bin/ansible-playbook
  python version = 3.11.1 (main, Dec  8 2022, 00:19:30) [GCC 10.2.1 20210110] (/usr/local/bin/python)
  jinja version = 3.1.2
  libyaml = True
No config file found; using defaults
Parsed 54.168.201.218, inventory source with host_list plugin
redirecting (type: action) amazon.aws.aws_s3 to amazon.aws.s3_object
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: site.yml ****************************************************************************************************
1 plays in site.yml

PLAY [all] ************************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************
task path: /home/circleci/aws-s3/site.yml:2
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'echo ~centos && sleep 0'"'"''
<54.168.201.218> (0, b'/home/centos\n', b'')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/centos/.ansible/tmp `"&& mkdir "` echo /home/centos/.ansible/tmp/ansible-tmp-1671550336.2974818-2097-35651603367732 `" && echo ansible-tmp-1671550336.2974818-2097-35651603367732="` echo /home/centos/.ansible/tmp/ansible-tmp-1671550336.2974818-2097-35651603367732 `" ) && sleep 0'"'"''
<54.168.201.218> (0, b'ansible-tmp-1671550336.2974818-2097-35651603367732=/home/centos/.ansible/tmp/ansible-tmp-1671550336.2974818-2097-35651603367732\n', b'')
<54.168.201.218> Attempting python interpreter discovery
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'echo PLATFORM; uname; echo FOUND; command -v '"'"'"'"'"'"'"'"'python3.11'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.10'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.9'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.8'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.7'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.6'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.5'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/bin/python3'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/libexec/platform-python'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python2.7'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/bin/python'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python'"'"'"'"'"'"'"'"'; echo ENDFOUND && sleep 0'"'"''
<54.168.201.218> (0, b'PLATFORM\nLinux\nFOUND\n/usr/bin/python3.6\n/usr/bin/python3\n/usr/libexec/platform-python\nENDFOUND\n', b'')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'/usr/bin/python3.6 && sleep 0'"'"''
<54.168.201.218> (0, b'{"platform_dist_result": ["centos", "8", ""], "osrelease_content": "NAME=\\"CentOS Stream\\"\\nVERSION=\\"8\\"\\nID=\\"centos\\"\\nID_LIKE=\\"rhel fedora\\"\\nVERSION_ID=\\"8\\"\\nPLATFORM_ID=\\"platform:el8\\"\\nPRETTY_NAME=\\"CentOS Stream 8\\"\\nANSI_COLOR=\\"0;31\\"\\nCPE_NAME=\\"cpe:/o:centos:centos:8\\"\\nHOME_URL=\\"https://centos.org/\\"\\nBUG_REPORT_URL=\\"https://bugzilla.redhat.com/\\"\\nREDHAT_SUPPORT_PRODUCT=\\"Red Hat Enterprise Linux 8\\"\\nREDHAT_SUPPORT_PRODUCT_VERSION=\\"CentOS Stream\\"\\n"}\n', b'')
Using module file /home/circleci/.local/lib/python3.11/site-packages/ansible/modules/setup.py
<54.168.201.218> PUT /home/circleci/.ansible/tmp/ansible-local-20936h3r2059/tmpbezpxcua TO /home/centos/.ansible/tmp/ansible-tmp-1671550336.2974818-2097-35651603367732/AnsiballZ_setup.py
<54.168.201.218> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' '[54.168.201.218]'
<54.168.201.218> (0, b'sftp> put /home/circleci/.ansible/tmp/ansible-local-20936h3r2059/tmpbezpxcua /home/centos/.ansible/tmp/ansible-tmp-1671550336.2974818-2097-35651603367732/AnsiballZ_setup.py\n', b'')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'chmod u+x /home/centos/.ansible/tmp/ansible-tmp-1671550336.2974818-2097-35651603367732/ /home/centos/.ansible/tmp/ansible-tmp-1671550336.2974818-2097-35651603367732/AnsiballZ_setup.py && sleep 0'"'"''
<54.168.201.218> (0, b'', b'')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' -tt 54.168.201.218 '/bin/sh -c '"'"'sudo -H -S -n  -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-tgodtlnevegajezotiycqmphacsolzcw ; /usr/libexec/platform-python /home/centos/.ansible/tmp/ansible-tmp-1671550336.2974818-2097-35651603367732/AnsiballZ_setup.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
Escalation succeeded
<54.168.201.218> (0, b'\r\n{"ansible_facts": {"ansible_local": {}, "ansible_cmdline": {"BOOT_IMAGE": "(hd0,msdos1)/boot/vmlinuz-4.18.0-408.el8.x86_64", "root": "UUID=0c4b5cd3-45a0-4785-819d-b5469bc29b3d", "ro": true, "console": "ttyS0,115200n8", "no_timer_check": true, "net.ifnames": "0", "nvme_core.io_timeout": "4294967295", "nvme_core.max_retries": "10", "crashkernel": "auto"}, "ansible_proc_cmdline": {"BOOT_IMAGE": "(hd0,msdos1)/boot/vmlinuz-4.18.0-408.el8.x86_64", "root": "UUID=0c4b5cd3-45a0-4785-819d-b5469bc29b3d", "ro": true, "console": "ttyS0,115200n8", "no_timer_check": true, "net.ifnames": "0", "nvme_core.io_timeout": "4294967295", "nvme_core.max_retries": "10", "crashkernel": "auto"}, "ansible_user_id": "root", "ansible_user_uid": 0, "ansible_user_gid": 0, "ansible_user_gecos": "root", "ansible_user_dir": "/root", "ansible_user_shell": "/bin/bash", "ansible_real_user_id": 0, "ansible_effective_user_id": 0, "ansible_real_group_id": 0, "ansible_effective_group_id": 0, "ansible_ssh_host_key_rsa_public": "AAAAB3NzaC1yc2EAAAADAQABAAABgQDIxIkAPgFjoqtgjlD/RQ2DT6F9o59FGpBSdLgTX4CI65YT8HLpnYxOGHXZM6OM5rhUZEWbeRimyHCZ30rzrVqvKeElErWeYgxWcdWy8Jn6awRmCrIDnYwA5/m+y5I4mh9qv6ONMOCJpP7WRB3Fe5YLA3NIlYF1/90QZaEtWqvOjp99IBgQGyTKqYYpZjgByPQ/1NNKOwhXglBh//ypBM+u41PfQsC5iIvkpppl4GHmONaMjph2lngEnNhw82FJwau5Tf1itMr/soXQrYMD+SNCuTY6DX6rRQGSjJXJa8mzMMwLYzAokpUIs4qmyVZUZjtTkr8FY9FRKqkb9t2Yf7o7oaJCkic64+hyWVkWVRYcmnZPUIM64ryYANFnUeLX2iG/2HeD0q3X+R9Tw50qPsNGA51xsQauCOBLecs9FoSyFht1NmImYHNAT+Ivy5eE3C7/aHtb0nYM85+BNsKGB3bvkj9GQ2qi5SHs0zqCGa+1LhTIjYCAJrg3ku2DonELEO8=", "ansible_ssh_host_key_rsa_public_keytype": "ssh-rsa", "ansible_ssh_host_key_ecdsa_public": "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBtOCgd6rCf4rA1VMqfQoh6eZ7iznrjTgbC00WH43Kgdjz7PdIBfiAHfDfOKPSKV1xsFBntqGDE3rmzY7CPdNos=", "ansible_ssh_host_key_ecdsa_public_keytype": "ecdsa-sha2-nistp256", "ansible_ssh_host_key_ed25519_public": "AAAAC3NzaC1lZDI1NTE5AAAAIG8UtDir4aoRYNlAMLTy0FxtaOrCMKl81yi2HA1fGKbQ", "ansible_ssh_host_key_ed25519_public_keytype": "ssh-ed25519", "ansible_distribution": "CentOS", "ansible_distribution_release": "Stream", "ansible_distribution_version": "8", "ansible_distribution_major_version": "8", "ansible_distribution_file_path": "/etc/centos-release", "ansible_distribution_file_variety": "CentOS", "ansible_distribution_file_parsed": true, "ansible_os_family": "RedHat", "ansible_system_capabilities_enforced": "False", "ansible_system_capabilities": [], "ansible_system": "Linux", "ansible_kernel": "4.18.0-408.el8.x86_64", "ansible_kernel_version": "#1 SMP Mon Jul 18 17:42:52 UTC 2022", "ansible_machine": "x86_64", "ansible_python_version": "3.6.8", "ansible_fqdn": "ip-172-31-43-163.ap-northeast-1.compute.internal", "ansible_hostname": "ip-172-31-43-163", "ansible_nodename": "ip-172-31-43-163.ap-northeast-1.compute.internal", "ansible_domain": "ap-northeast-1.compute.internal", "ansible_userspace_bits": "64", "ansible_architecture": "x86_64", "ansible_userspace_architecture": "x86_64", "ansible_machine_id": "5741c3f9b5d74648b108cb5df59a57c4", "ansible_virtualization_type": "xen", "ansible_virtualization_role": "guest", "ansible_virtualization_tech_guest": ["xen"], "ansible_virtualization_tech_host": [], "ansible_date_time": {"year": "2022", "month": "12", "weekday": "Tuesday", "weekday_number": "2", "weeknumber": "51", "day": "20", "hour": "15", "minute": "32", "second": "20", "epoch": "1671550340", "epoch_int": "1671550340", "date": "2022-12-20", "time": "15:32:20", "iso8601_micro": "2022-12-20T15:32:20.837185Z", "iso8601": "2022-12-20T15:32:20Z", "iso8601_basic": "20221220T153220837185", "iso8601_basic_short": "20221220T153220", "tz": "UTC", "tz_dst": "UTC", "tz_offset": "+0000"}, "ansible_python": {"version": {"major": 3, "minor": 6, "micro": 8, "releaselevel": "final", "serial": 0}, "version_info": [3, 6, 8, "final", 0], "executable": "/usr/libexec/platform-python", "has_sslcontext": true, "type": "cpython"}, "ansible_dns": {"search": ["ap-northeast-1.compute.internal"], "nameservers": ["172.31.0.2"]}, "ansible_hostnqn": "", "ansible_selinux_python_present": true, "ansible_selinux": {"status": "enabled", "policyvers": 33, "config_mode": "enforcing", "mode": "enforcing", "type": "targeted"}, "ansible_env": {"LS_COLORS": "rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.m4a=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.oga=01;36:*.opus=01;36:*.spx=01;36:*.xspf=01;36:", "LANG": "C.UTF-8", "SUDO_GID": "1000", "SUDO_COMMAND": "/bin/sh -c echo BECOME-SUCCESS-tgodtlnevegajezotiycqmphacsolzcw ; /usr/libexec/platform-python /home/centos/.ansible/tmp/ansible-tmp-1671550336.2974818-2097-35651603367732/AnsiballZ_setup.py", "USER": "root", "PWD": "/home/centos", "HOME": "/root", "SUDO_USER": "centos", "SUDO_UID": "1000", "MAIL": "/var/mail/root", "SHELL": "/bin/bash", "TERM": "xterm", "SHLVL": "1", "LOGNAME": "root", "PATH": "/sbin:/bin:/usr/sbin:/usr/bin", "_": "/usr/libexec/platform-python"}, "ansible_iscsi_iqn": "", "ansible_is_chroot": false, "ansible_fips": false, "ansible_processor": ["0", "GenuineIntel", "Intel(R) Xeon(R) CPU E5-2676 v3 @ 2.40GHz"], "ansible_processor_count": 1, "ansible_processor_cores": 1, "ansible_processor_threads_per_core": 1, "ansible_processor_vcpus": 1, "ansible_processor_nproc": 1, "ansible_memtotal_mb": 801, "ansible_memfree_mb": 161, "ansible_swaptotal_mb": 0, "ansible_swapfree_mb": 0, "ansible_memory_mb": {"real": {"total": 801, "used": 640, "free": 161}, "nocache": {"free": 615, "used": 186}, "swap": {"total": 0, "free": 0, "used": 0, "cached": 0}}, "ansible_bios_date": "08/24/2006", "ansible_bios_vendor": "Xen", "ansible_bios_version": "4.11.amazon", "ansible_board_asset_tag": "NA", "ansible_board_name": "NA", "ansible_board_serial": "NA", "ansible_board_vendor": "NA", "ansible_board_version": "NA", "ansible_chassis_asset_tag": "NA", "ansible_chassis_serial": "NA", "ansible_chassis_vendor": "Xen", "ansible_chassis_version": "NA", "ansible_form_factor": "Other", "ansible_product_name": "HVM domU", "ansible_product_serial": "ec212e65-c770-7e0d-92cb-c97bee379591", "ansible_product_uuid": "ec212e65-c770-7e0d-92cb-c97bee379591", "ansible_product_version": "4.11.amazon", "ansible_system_vendor": "Xen", "ansible_devices": {"xvda": {"virtual": 1, "links": {"ids": [], "uuids": [], "labels": [], "masters": []}, "vendor": null, "model": null, "sas_address": null, "sas_device_handle": null, "removable": "0", "support_discard": "0", "partitions": {"xvda1": {"links": {"ids": [], "uuids": ["0c4b5cd3-45a0-4785-819d-b5469bc29b3d"], "labels": [], "masters": []}, "start": "2048", "sectors": "20969439", "sectorsize": 512, "size": "10.00 GB", "uuid": "0c4b5cd3-45a0-4785-819d-b5469bc29b3d", "holders": []}}, "rotational": "0", "scheduler_mode": "mq-deadline", "sectors": "20971520", "sectorsize": "512", "size": "10.00 GB", "host": "", "holders": []}}, "ansible_device_links": {"ids": {}, "uuids": {"xvda1": ["0c4b5cd3-45a0-4785-819d-b5469bc29b3d"]}, "labels": {}, "masters": {}}, "ansible_uptime_seconds": 5209, "ansible_lvm": "N/A", "ansible_mounts": [{"mount": "/", "device": "/dev/xvda1", "fstype": "xfs", "options": "rw,seclabel,relatime,attr2,inode64,logbufs=8,logbsize=32k,noquota", "size_total": 10725863424, "size_available": 8007462912, "block_size": 4096, "block_total": 2618619, "block_available": 1954947, "block_used": 663672, "inode_total": 5242304, "inode_available": 5197614, "inode_used": 44690, "uuid": "0c4b5cd3-45a0-4785-819d-b5469bc29b3d"}], "ansible_apparmor": {"status": "disabled"}, "ansible_loadavg": {"1m": 0.01, "5m": 0.07, "15m": 0.04}, "ansible_service_mgr": "systemd", "ansible_fibre_channel_wwn": [], "ansible_lsb": {}, "ansible_pkg_mgr": "dnf", "ansible_interfaces": ["eth0", "lo"], "ansible_eth0": {"device": "eth0", "macaddress": "06:81:c7:c3:4c:17", "mtu": 9001, "active": true, "module": "xen_netfront", "type": "ether", "pciid": "vif-0", "promisc": false, "ipv4": {"address": "172.31.43.163", "broadcast": "172.31.47.255", "netmask": "255.255.240.0", "network": "172.31.32.0", "prefix": "20"}, "ipv6": [{"address": "fe80::481:c7ff:fec3:4c17", "prefix": "64", "scope": "link"}], "features": {"rx_checksumming": "on [fixed]", "tx_checksumming": "on", "tx_checksum_ipv4": "on [fixed]", "tx_checksum_ip_generic": "off [fixed]", "tx_checksum_ipv6": "on", "tx_checksum_fcoe_crc": "off [fixed]", "tx_checksum_sctp": "off [fixed]", "scatter_gather": "on", "tx_scatter_gather": "on", "tx_scatter_gather_fraglist": "off [fixed]", "tcp_segmentation_offload": "on", "tx_tcp_segmentation": "on", "tx_tcp_ecn_segmentation": "off [fixed]", "tx_tcp_mangleid_segmentation": "off", "tx_tcp6_segmentation": "on", "generic_segmentation_offload": "on", "generic_receive_offload": "on", "large_receive_offload": "off [fixed]", "rx_vlan_offload": "off [fixed]", "tx_vlan_offload": "off [fixed]", "ntuple_filters": "off [fixed]", "receive_hashing": "off [fixed]", "highdma": "off [fixed]", "rx_vlan_filter": "off [fixed]", "vlan_challenged": "off [fixed]", "tx_lockless": "off [fixed]", "netns_local": "off [fixed]", "tx_gso_robust": "on [fixed]", "tx_fcoe_segmentation": "off [fixed]", "tx_gre_segmentation": "off [fixed]", "tx_gre_csum_segmentation": "off [fixed]", "tx_ipxip4_segmentation": "off [fixed]", "tx_ipxip6_segmentation": "off [fixed]", "tx_udp_tnl_segmentation": "off [fixed]", "tx_udp_tnl_csum_segmentation": "off [fixed]", "tx_gso_partial": "off [fixed]", "tx_tunnel_remcsum_segmentation": "off [fixed]", "tx_sctp_segmentation": "off [fixed]", "tx_esp_segmentation": "off [fixed]", "tx_udp_segmentation": "off [fixed]", "tx_gso_list": "off [fixed]", "rx_udp_gro_forwarding": "off", "rx_gro_list": "off", "tls_hw_rx_offload": "off [fixed]", "fcoe_mtu": "off [fixed]", "tx_nocache_copy": "off", "loopback": "off [fixed]", "rx_fcs": "off [fixed]", "rx_all": "off [fixed]", "tx_vlan_stag_hw_insert": "off [fixed]", "rx_vlan_stag_hw_parse": "off [fixed]", "rx_vlan_stag_filter": "off [fixed]", "l2_fwd_offload": "off [fixed]", "hw_tc_offload": "off [fixed]", "esp_hw_offload": "off [fixed]", "esp_tx_csum_hw_offload": "off [fixed]", "rx_udp_tunnel_port_offload": "off [fixed]", "tls_hw_tx_offload": "off [fixed]", "rx_gro_hw": "off [fixed]", "tls_hw_record": "off [fixed]"}, "timestamping": [], "hw_timestamp_filters": []}, "ansible_lo": {"device": "lo", "mtu": 65536, "active": true, "type": "loopback", "promisc": false, "ipv4": {"address": "127.0.0.1", "broadcast": "", "netmask": "255.0.0.0", "network": "127.0.0.0", "prefix": "8"}, "ipv6": [{"address": "::1", "prefix": "128", "scope": "host"}], "features": {"rx_checksumming": "on [fixed]", "tx_checksumming": "on", "tx_checksum_ipv4": "off [fixed]", "tx_checksum_ip_generic": "on [fixed]", "tx_checksum_ipv6": "off [fixed]", "tx_checksum_fcoe_crc": "off [fixed]", "tx_checksum_sctp": "on [fixed]", "scatter_gather": "on", "tx_scatter_gather": "on [fixed]", "tx_scatter_gather_fraglist": "on [fixed]", "tcp_segmentation_offload": "on", "tx_tcp_segmentation": "on", "tx_tcp_ecn_segmentation": "on", "tx_tcp_mangleid_segmentation": "on", "tx_tcp6_segmentation": "on", "generic_segmentation_offload": "on", "generic_receive_offload": "on", "large_receive_offload": "off [fixed]", "rx_vlan_offload": "off [fixed]", "tx_vlan_offload": "off [fixed]", "ntuple_filters": "off [fixed]", "receive_hashing": "off [fixed]", "highdma": "on [fixed]", "rx_vlan_filter": "off [fixed]", "vlan_challenged": "on [fixed]", "tx_lockless": "on [fixed]", "netns_local": "on [fixed]", "tx_gso_robust": "off [fixed]", "tx_fcoe_segmentation": "off [fixed]", "tx_gre_segmentation": "off [fixed]", "tx_gre_csum_segmentation": "off [fixed]", "tx_ipxip4_segmentation": "off [fixed]", "tx_ipxip6_segmentation": "off [fixed]", "tx_udp_tnl_segmentation": "off [fixed]", "tx_udp_tnl_csum_segmentation": "off [fixed]", "tx_gso_partial": "off [fixed]", "tx_tunnel_remcsum_segmentation": "off [fixed]", "tx_sctp_segmentation": "on", "tx_esp_segmentation": "off [fixed]", "tx_udp_segmentation": "on", "tx_gso_list": "on", "rx_udp_gro_forwarding": "off", "rx_gro_list": "off", "tls_hw_rx_offload": "off [fixed]", "fcoe_mtu": "off [fixed]", "tx_nocache_copy": "off [fixed]", "loopback": "on [fixed]", "rx_fcs": "off [fixed]", "rx_all": "off [fixed]", "tx_vlan_stag_hw_insert": "off [fixed]", "rx_vlan_stag_hw_parse": "off [fixed]", "rx_vlan_stag_filter": "off [fixed]", "l2_fwd_offload": "off [fixed]", "hw_tc_offload": "off [fixed]", "esp_hw_offload": "off [fixed]", "esp_tx_csum_hw_offload": "off [fixed]", "rx_udp_tunnel_port_offload": "off [fixed]", "tls_hw_tx_offload": "off [fixed]", "rx_gro_hw": "off [fixed]", "tls_hw_record": "off [fixed]"}, "timestamping": [], "hw_timestamp_filters": []}, "ansible_default_ipv4": {"gateway": "172.31.32.1", "interface": "eth0", "address": "172.31.43.163", "broadcast": "172.31.47.255", "netmask": "255.255.240.0", "network": "172.31.32.0", "prefix": "20", "macaddress": "06:81:c7:c3:4c:17", "mtu": 9001, "type": "ether", "alias": "eth0"}, "ansible_default_ipv6": {}, "ansible_all_ipv4_addresses": ["172.31.43.163"], "ansible_all_ipv6_addresses": ["fe80::481:c7ff:fec3:4c17"], "gather_subset": ["all"], "module_setup": true}, "invocation": {"module_args": {"gather_subset": ["all"], "gather_timeout": 10, "filter": [], "fact_path": "/etc/ansible/facts.d"}}}\r\n', b'Shared connection to 54.168.201.218 closed.\r\n')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'rm -f -r /home/centos/.ansible/tmp/ansible-tmp-1671550336.2974818-2097-35651603367732/ > /dev/null 2>&1 && sleep 0'"'"''
<54.168.201.218> (0, b'', b'')
ok: [54.168.201.218]

TASK [Install Epel] ***************************************************************************************************
task path: /home/circleci/aws-s3/site.yml:6
redirecting (type: modules) ansible.builtin.ini_file to community.general.ini_file

TASK [geerlingguy.repo-epel : Check if EPEL repo is already configured.] **********************************************
task path: /home/circleci/.ansible/roles/geerlingguy.repo-epel/tasks/main.yml:2
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'echo ~centos && sleep 0'"'"''
<54.168.201.218> (0, b'/home/centos\n', b'')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/centos/.ansible/tmp `"&& mkdir "` echo /home/centos/.ansible/tmp/ansible-tmp-1671550342.1105423-2113-107211054681305 `" && echo ansible-tmp-1671550342.1105423-2113-107211054681305="` echo /home/centos/.ansible/tmp/ansible-tmp-1671550342.1105423-2113-107211054681305 `" ) && sleep 0'"'"''
<54.168.201.218> (0, b'ansible-tmp-1671550342.1105423-2113-107211054681305=/home/centos/.ansible/tmp/ansible-tmp-1671550342.1105423-2113-107211054681305\n', b'')
Using module file /home/circleci/.local/lib/python3.11/site-packages/ansible/modules/stat.py
<54.168.201.218> PUT /home/circleci/.ansible/tmp/ansible-local-20936h3r2059/tmp4_hkgtuw TO /home/centos/.ansible/tmp/ansible-tmp-1671550342.1105423-2113-107211054681305/AnsiballZ_stat.py
<54.168.201.218> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' '[54.168.201.218]'
<54.168.201.218> (0, b'sftp> put /home/circleci/.ansible/tmp/ansible-local-20936h3r2059/tmp4_hkgtuw /home/centos/.ansible/tmp/ansible-tmp-1671550342.1105423-2113-107211054681305/AnsiballZ_stat.py\n', b'')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'chmod u+x /home/centos/.ansible/tmp/ansible-tmp-1671550342.1105423-2113-107211054681305/ /home/centos/.ansible/tmp/ansible-tmp-1671550342.1105423-2113-107211054681305/AnsiballZ_stat.py && sleep 0'"'"''
<54.168.201.218> (0, b'', b'')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' -tt 54.168.201.218 '/bin/sh -c '"'"'sudo -H -S -n  -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-ebswwebgugwyxzuhtwtuvlwejemcfqgw ; /usr/libexec/platform-python /home/centos/.ansible/tmp/ansible-tmp-1671550342.1105423-2113-107211054681305/AnsiballZ_stat.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
Escalation succeeded
<54.168.201.218> (0, b'\r\n{"changed": false, "stat": {"exists": true, "path": "/etc/yum.repos.d/epel.repo", "mode": "0644", "isdir": false, "ischr": false, "isblk": false, "isreg": true, "isfifo": false, "islnk": false, "issock": false, "uid": 0, "gid": 0, "size": 1332, "inode": 5414529, "dev": 51713, "nlink": 1, "atime": 1671546147.1421397, "mtime": 1664839569.0, "ctime": 1671546142.1712744, "wusr": true, "rusr": true, "xusr": false, "wgrp": false, "rgrp": true, "xgrp": false, "woth": false, "roth": true, "xoth": false, "isuid": false, "isgid": false, "blocks": 8, "block_size": 4096, "device_type": 0, "readable": true, "writeable": true, "executable": false, "pw_name": "root", "gr_name": "root", "checksum": "702e97034206f0fccd503d88b39f4c4d38a3cac5", "mimetype": "text/plain", "charset": "us-ascii", "version": "2585457032", "attributes": [], "attr_flags": ""}, "invocation": {"module_args": {"path": "/etc/yum.repos.d/epel.repo", "follow": false, "get_md5": false, "get_checksum": true, "get_mime": true, "get_attributes": true, "checksum_algorithm": "sha1"}}}\r\n', b'Shared connection to 54.168.201.218 closed.\r\n')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'rm -f -r /home/centos/.ansible/tmp/ansible-tmp-1671550342.1105423-2113-107211054681305/ > /dev/null 2>&1 && sleep 0'"'"''
<54.168.201.218> (0, b'', b'')
ok: [54.168.201.218] => {
    "changed": false,
    "invocation": {
        "module_args": {
            "checksum_algorithm": "sha1",
            "follow": false,
            "get_attributes": true,
            "get_checksum": true,
            "get_md5": false,
            "get_mime": true,
            "path": "/etc/yum.repos.d/epel.repo"
        }
    },
    "stat": {
        "atime": 1671546147.1421397,
        "attr_flags": "",
        "attributes": [],
        "block_size": 4096,
        "blocks": 8,
        "charset": "us-ascii",
        "checksum": "702e97034206f0fccd503d88b39f4c4d38a3cac5",
        "ctime": 1671546142.1712744,
        "dev": 51713,
        "device_type": 0,
        "executable": false,
        "exists": true,
        "gid": 0,
        "gr_name": "root",
        "inode": 5414529,
        "isblk": false,
        "ischr": false,
        "isdir": false,
        "isfifo": false,
        "isgid": false,
        "islnk": false,
        "isreg": true,
        "issock": false,
        "isuid": false,
        "mimetype": "text/plain",
        "mode": "0644",
        "mtime": 1664839569.0,
        "nlink": 1,
        "path": "/etc/yum.repos.d/epel.repo",
        "pw_name": "root",
        "readable": true,
        "rgrp": true,
        "roth": true,
        "rusr": true,
        "size": 1332,
        "uid": 0,
        "version": "2585457032",
        "wgrp": false,
        "woth": false,
        "writeable": true,
        "wusr": true,
        "xgrp": false,
        "xoth": false,
        "xusr": false
    }
}

TASK [geerlingguy.repo-epel : Import EPEL GPG key.] *******************************************************************
task path: /home/circleci/.ansible/roles/geerlingguy.repo-epel/tasks/main.yml:7
skipping: [54.168.201.218] => {
    "changed": false,
    "skip_reason": "Conditional result was False"
}

TASK [geerlingguy.repo-epel : Install EPEL repo.] *********************************************************************
task path: /home/circleci/.ansible/roles/geerlingguy.repo-epel/tasks/main.yml:18
skipping: [54.168.201.218] => {
    "changed": false,
    "skip_reason": "Conditional result was False"
}

TASK [geerlingguy.repo-epel : Disable Main EPEL repo.] ****************************************************************
task path: /home/circleci/.ansible/roles/geerlingguy.repo-epel/tasks/main.yml:28
redirecting (type: modules) ansible.builtin.ini_file to community.general.ini_file
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'echo ~centos && sleep 0'"'"''
<54.168.201.218> (0, b'/home/centos\n', b'')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/centos/.ansible/tmp `"&& mkdir "` echo /home/centos/.ansible/tmp/ansible-tmp-1671550345.9658-2126-195646003797307 `" && echo ansible-tmp-1671550345.9658-2126-195646003797307="` echo /home/centos/.ansible/tmp/ansible-tmp-1671550345.9658-2126-195646003797307 `" ) && sleep 0'"'"''
<54.168.201.218> (0, b'ansible-tmp-1671550345.9658-2126-195646003797307=/home/centos/.ansible/tmp/ansible-tmp-1671550345.9658-2126-195646003797307\n', b'')
redirecting (type: modules) ansible.builtin.ini_file to community.general.ini_file
Using module file /home/circleci/.local/lib/python3.11/site-packages/ansible_collections/community/general/plugins/modules/ini_file.py
<54.168.201.218> PUT /home/circleci/.ansible/tmp/ansible-local-20936h3r2059/tmpk2p_cwgv TO /home/centos/.ansible/tmp/ansible-tmp-1671550345.9658-2126-195646003797307/AnsiballZ_ini_file.py
<54.168.201.218> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' '[54.168.201.218]'
<54.168.201.218> (0, b'sftp> put /home/circleci/.ansible/tmp/ansible-local-20936h3r2059/tmpk2p_cwgv /home/centos/.ansible/tmp/ansible-tmp-1671550345.9658-2126-195646003797307/AnsiballZ_ini_file.py\n', b'')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'chmod u+x /home/centos/.ansible/tmp/ansible-tmp-1671550345.9658-2126-195646003797307/ /home/centos/.ansible/tmp/ansible-tmp-1671550345.9658-2126-195646003797307/AnsiballZ_ini_file.py && sleep 0'"'"''
<54.168.201.218> (0, b'', b'')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' -tt 54.168.201.218 '/bin/sh -c '"'"'sudo -H -S -n  -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-juxryksygjtyphceknqbrewxlqgujljo ; /usr/libexec/platform-python /home/centos/.ansible/tmp/ansible-tmp-1671550345.9658-2126-195646003797307/AnsiballZ_ini_file.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
Escalation succeeded
<54.168.201.218> (0, b'\r\n{"changed": false, "diff": {"before": "", "after": "", "before_header": "/etc/yum.repos.d/epel.repo (content)", "after_header": "/etc/yum.repos.d/epel.repo (content)"}, "msg": "OK", "path": "/etc/yum.repos.d/epel.repo", "uid": 0, "gid": 0, "owner": "root", "group": "root", "mode": "0644", "state": "file", "secontext": "system_u:object_r:system_conf_t:s0", "size": 1332, "invocation": {"module_args": {"path": "/etc/yum.repos.d/epel.repo", "section": "epel", "option": "enabled", "value": "1", "no_extra_spaces": true, "mode": 420, "backup": false, "state": "present", "exclusive": true, "allow_no_value": false, "create": true, "unsafe_writes": false, "values": null, "owner": null, "group": null, "seuser": null, "serole": null, "selevel": null, "setype": null, "attributes": null}}}\r\n', b'Shared connection to 54.168.201.218 closed.\r\n')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'rm -f -r /home/centos/.ansible/tmp/ansible-tmp-1671550345.9658-2126-195646003797307/ > /dev/null 2>&1 && sleep 0'"'"''
<54.168.201.218> (0, b'', b'')
ok: [54.168.201.218] => {
    "changed": false,
    "diff": {
        "after": "",
        "after_header": "/etc/yum.repos.d/epel.repo (content)",
        "before": "",
        "before_header": "/etc/yum.repos.d/epel.repo (content)"
    },
    "gid": 0,
    "group": "root",
    "invocation": {
        "module_args": {
            "allow_no_value": false,
            "attributes": null,
            "backup": false,
            "create": true,
            "exclusive": true,
            "group": null,
            "mode": 420,
            "no_extra_spaces": true,
            "option": "enabled",
            "owner": null,
            "path": "/etc/yum.repos.d/epel.repo",
            "section": "epel",
            "selevel": null,
            "serole": null,
            "setype": null,
            "seuser": null,
            "state": "present",
            "unsafe_writes": false,
            "value": "1",
            "values": null
        }
    },
    "mode": "0644",
    "msg": "OK",
    "owner": "root",
    "path": "/etc/yum.repos.d/epel.repo",
    "secontext": "system_u:object_r:system_conf_t:s0",
    "size": 1332,
    "state": "file",
    "uid": 0
}

TASK [Install pip and boto3 (CentOS Stream 8)] ************************************************************************
task path: /home/circleci/aws-s3/site.yml:10

TASK [geerlingguy.pip : Ensure Pip is installed.] *********************************************************************
task path: /home/circleci/.ansible/roles/geerlingguy.pip/tasks/main.yml:2
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'echo ~centos && sleep 0'"'"''
<54.168.201.218> (0, b'/home/centos\n', b'')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/centos/.ansible/tmp `"&& mkdir "` echo /home/centos/.ansible/tmp/ansible-tmp-1671550349.7847316-2137-118389724472251 `" && echo ansible-tmp-1671550349.7847316-2137-118389724472251="` echo /home/centos/.ansible/tmp/ansible-tmp-1671550349.7847316-2137-118389724472251 `" ) && sleep 0'"'"''
<54.168.201.218> (0, b'ansible-tmp-1671550349.7847316-2137-118389724472251=/home/centos/.ansible/tmp/ansible-tmp-1671550349.7847316-2137-118389724472251\n', b'')
Using module file /home/circleci/.local/lib/python3.11/site-packages/ansible/modules/dnf.py
<54.168.201.218> PUT /home/circleci/.ansible/tmp/ansible-local-20936h3r2059/tmp9zrjvmi3 TO /home/centos/.ansible/tmp/ansible-tmp-1671550349.7847316-2137-118389724472251/AnsiballZ_dnf.py
<54.168.201.218> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' '[54.168.201.218]'
<54.168.201.218> (0, b'sftp> put /home/circleci/.ansible/tmp/ansible-local-20936h3r2059/tmp9zrjvmi3 /home/centos/.ansible/tmp/ansible-tmp-1671550349.7847316-2137-118389724472251/AnsiballZ_dnf.py\n', b'')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'chmod u+x /home/centos/.ansible/tmp/ansible-tmp-1671550349.7847316-2137-118389724472251/ /home/centos/.ansible/tmp/ansible-tmp-1671550349.7847316-2137-118389724472251/AnsiballZ_dnf.py && sleep 0'"'"''
<54.168.201.218> (0, b'', b'')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' -tt 54.168.201.218 '/bin/sh -c '"'"'sudo -H -S -n  -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-btlvtwycwueznmhhcenivubgzairxhlh ; /usr/libexec/platform-python /home/centos/.ansible/tmp/ansible-tmp-1671550349.7847316-2137-118389724472251/AnsiballZ_dnf.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
Escalation succeeded
<54.168.201.218> (0, b'\r\n{"msg": "Nothing to do", "changed": false, "results": [], "rc": 0, "invocation": {"module_args": {"name": ["python3-pip"], "state": "present", "allow_downgrade": false, "autoremove": false, "bugfix": false, "cacheonly": false, "disable_gpg_check": false, "disable_plugin": [], "disablerepo": [], "download_only": false, "enable_plugin": [], "enablerepo": [], "exclude": [], "installroot": "/", "install_repoquery": true, "install_weak_deps": true, "security": false, "skip_broken": false, "update_cache": false, "update_only": false, "validate_certs": true, "sslverify": true, "lock_timeout": 30, "allowerasing": false, "nobest": false, "conf_file": null, "disable_excludes": null, "download_dir": null, "list": null, "releasever": null}}}\r\n', b'Shared connection to 54.168.201.218 closed.\r\n')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'rm -f -r /home/centos/.ansible/tmp/ansible-tmp-1671550349.7847316-2137-118389724472251/ > /dev/null 2>&1 && sleep 0'"'"''
<54.168.201.218> (0, b'', b'')
ok: [54.168.201.218] => {
    "changed": false,
    "invocation": {
        "module_args": {
            "allow_downgrade": false,
            "allowerasing": false,
            "autoremove": false,
            "bugfix": false,
            "cacheonly": false,
            "conf_file": null,
            "disable_excludes": null,
            "disable_gpg_check": false,
            "disable_plugin": [],
            "disablerepo": [],
            "download_dir": null,
            "download_only": false,
            "enable_plugin": [],
            "enablerepo": [],
            "exclude": [],
            "install_repoquery": true,
            "install_weak_deps": true,
            "installroot": "/",
            "list": null,
            "lock_timeout": 30,
            "name": [
                "python3-pip"
            ],
            "nobest": false,
            "releasever": null,
            "security": false,
            "skip_broken": false,
            "sslverify": true,
            "state": "present",
            "update_cache": false,
            "update_only": false,
            "validate_certs": true
        }
    },
    "msg": "Nothing to do",
    "rc": 0,
    "results": []
}

TASK [geerlingguy.pip : Ensure pip_install_packages are installed.] ***************************************************
task path: /home/circleci/.ansible/roles/geerlingguy.pip/tasks/main.yml:7
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'echo ~centos && sleep 0'"'"''
<54.168.201.218> (0, b'/home/centos\n', b'')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/centos/.ansible/tmp `"&& mkdir "` echo /home/centos/.ansible/tmp/ansible-tmp-1671550355.8131042-2146-47040411704868 `" && echo ansible-tmp-1671550355.8131042-2146-47040411704868="` echo /home/centos/.ansible/tmp/ansible-tmp-1671550355.8131042-2146-47040411704868 `" ) && sleep 0'"'"''
<54.168.201.218> (0, b'ansible-tmp-1671550355.8131042-2146-47040411704868=/home/centos/.ansible/tmp/ansible-tmp-1671550355.8131042-2146-47040411704868\n', b'')
Using module file /home/circleci/.local/lib/python3.11/site-packages/ansible/modules/pip.py
<54.168.201.218> PUT /home/circleci/.ansible/tmp/ansible-local-20936h3r2059/tmphgzeu7ss TO /home/centos/.ansible/tmp/ansible-tmp-1671550355.8131042-2146-47040411704868/AnsiballZ_pip.py
<54.168.201.218> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' '[54.168.201.218]'
<54.168.201.218> (0, b'sftp> put /home/circleci/.ansible/tmp/ansible-local-20936h3r2059/tmphgzeu7ss /home/centos/.ansible/tmp/ansible-tmp-1671550355.8131042-2146-47040411704868/AnsiballZ_pip.py\n', b'')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'chmod u+x /home/centos/.ansible/tmp/ansible-tmp-1671550355.8131042-2146-47040411704868/ /home/centos/.ansible/tmp/ansible-tmp-1671550355.8131042-2146-47040411704868/AnsiballZ_pip.py && sleep 0'"'"''
<54.168.201.218> (0, b'', b'')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' -tt 54.168.201.218 '/bin/sh -c '"'"'sudo -H -S -n  -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-aedjdottsvvehisqespejbjbdvftdjvx ; /usr/libexec/platform-python /home/centos/.ansible/tmp/ansible-tmp-1671550355.8131042-2146-47040411704868/AnsiballZ_pip.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
Escalation succeeded
<54.168.201.218> (0, b'\r\n{"changed": false, "cmd": ["/bin/pip3", "install", "pip"], "name": ["pip"], "version": null, "state": "present", "requirements": null, "virtualenv": null, "stdout": "Requirement already satisfied: pip in /usr/lib/python3.6/site-packages\\n", "stderr": "WARNING: Running pip install with root privileges is generally not a good idea. Try `pip3 install --user` instead.\\n", "invocation": {"module_args": {"name": ["pip"], "executable": "pip3", "state": "present", "virtualenv_site_packages": false, "virtualenv_command": "virtualenv", "editable": false, "version": null, "requirements": null, "virtualenv": null, "virtualenv_python": null, "extra_args": null, "chdir": null, "umask": null}}}\r\n', b'Shared connection to 54.168.201.218 closed.\r\n')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'rm -f -r /home/centos/.ansible/tmp/ansible-tmp-1671550355.8131042-2146-47040411704868/ > /dev/null 2>&1 && sleep 0'"'"''
<54.168.201.218> (0, b'', b'')
ok: [54.168.201.218] => (item={'name': 'pip'}) => {
    "ansible_loop_var": "item",
    "changed": false,
    "cmd": [
        "/bin/pip3",
        "install",
        "pip"
    ],
    "invocation": {
        "module_args": {
            "chdir": null,
            "editable": false,
            "executable": "pip3",
            "extra_args": null,
            "name": [
                "pip"
            ],
            "requirements": null,
            "state": "present",
            "umask": null,
            "version": null,
            "virtualenv": null,
            "virtualenv_command": "virtualenv",
            "virtualenv_python": null,
            "virtualenv_site_packages": false
        }
    },
    "item": {
        "name": "pip"
    },
    "name": [
        "pip"
    ],
    "requirements": null,
    "state": "present",
    "stderr": "WARNING: Running pip install with root privileges is generally not a good idea. Try `pip3 install --user` instead.\n",
    "stderr_lines": [
        "WARNING: Running pip install with root privileges is generally not a good idea. Try `pip3 install --user` instead."
    ],
    "stdout": "Requirement already satisfied: pip in /usr/lib/python3.6/site-packages\n",
    "stdout_lines": [
        "Requirement already satisfied: pip in /usr/lib/python3.6/site-packages"
    ],
    "version": null,
    "virtualenv": null
}
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'echo ~centos && sleep 0'"'"''
<54.168.201.218> (0, b'/home/centos\n', b'')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/centos/.ansible/tmp `"&& mkdir "` echo /home/centos/.ansible/tmp/ansible-tmp-1671550360.3751574-2146-428318687417 `" && echo ansible-tmp-1671550360.3751574-2146-428318687417="` echo /home/centos/.ansible/tmp/ansible-tmp-1671550360.3751574-2146-428318687417 `" ) && sleep 0'"'"''
<54.168.201.218> (0, b'ansible-tmp-1671550360.3751574-2146-428318687417=/home/centos/.ansible/tmp/ansible-tmp-1671550360.3751574-2146-428318687417\n', b'')
Using module file /home/circleci/.local/lib/python3.11/site-packages/ansible/modules/pip.py
<54.168.201.218> PUT /home/circleci/.ansible/tmp/ansible-local-20936h3r2059/tmpu78y9ym9 TO /home/centos/.ansible/tmp/ansible-tmp-1671550360.3751574-2146-428318687417/AnsiballZ_pip.py
<54.168.201.218> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' '[54.168.201.218]'
<54.168.201.218> (0, b'sftp> put /home/circleci/.ansible/tmp/ansible-local-20936h3r2059/tmpu78y9ym9 /home/centos/.ansible/tmp/ansible-tmp-1671550360.3751574-2146-428318687417/AnsiballZ_pip.py\n', b'')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'chmod u+x /home/centos/.ansible/tmp/ansible-tmp-1671550360.3751574-2146-428318687417/ /home/centos/.ansible/tmp/ansible-tmp-1671550360.3751574-2146-428318687417/AnsiballZ_pip.py && sleep 0'"'"''
<54.168.201.218> (0, b'', b'')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' -tt 54.168.201.218 '/bin/sh -c '"'"'sudo -H -S -n  -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-szvqyibileulllcdchzornagjyriqgra ; /usr/libexec/platform-python /home/centos/.ansible/tmp/ansible-tmp-1671550360.3751574-2146-428318687417/AnsiballZ_pip.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
Escalation succeeded
<54.168.201.218> (0, b'\r\n{"changed": false, "cmd": ["/bin/pip3", "install", "boto3"], "name": ["boto3"], "version": null, "state": "present", "requirements": null, "virtualenv": null, "stdout": "Requirement already satisfied: boto3 in /usr/local/lib/python3.6/site-packages\\nRequirement already satisfied: s3transfer<0.6.0,>=0.5.0 in /usr/local/lib/python3.6/site-packages (from boto3)\\nRequirement already satisfied: jmespath<2.0.0,>=0.7.1 in /usr/local/lib/python3.6/site-packages (from boto3)\\nRequirement already satisfied: botocore<1.27.0,>=1.26.10 in /usr/local/lib/python3.6/site-packages (from boto3)\\nRequirement already satisfied: urllib3<1.27,>=1.25.4 in /usr/local/lib/python3.6/site-packages (from botocore<1.27.0,>=1.26.10->boto3)\\nRequirement already satisfied: python-dateutil<3.0.0,>=2.1 in /usr/lib/python3.6/site-packages (from botocore<1.27.0,>=1.26.10->boto3)\\nRequirement already satisfied: six>=1.5 in /usr/lib/python3.6/site-packages (from python-dateutil<3.0.0,>=2.1->botocore<1.27.0,>=1.26.10->boto3)\\n", "stderr": "WARNING: Running pip install with root privileges is generally not a good idea. Try `pip3 install --user` instead.\\n", "invocation": {"module_args": {"name": ["boto3"], "executable": "pip3", "state": "present", "virtualenv_site_packages": false, "virtualenv_command": "virtualenv", "editable": false, "version": null, "requirements": null, "virtualenv": null, "virtualenv_python": null, "extra_args": null, "chdir": null, "umask": null}}}\r\n', b'Shared connection to 54.168.201.218 closed.\r\n')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'rm -f -r /home/centos/.ansible/tmp/ansible-tmp-1671550360.3751574-2146-428318687417/ > /dev/null 2>&1 && sleep 0'"'"''
<54.168.201.218> (0, b'', b'')
ok: [54.168.201.218] => (item={'name': 'boto3'}) => {
    "ansible_loop_var": "item",
    "changed": false,
    "cmd": [
        "/bin/pip3",
        "install",
        "boto3"
    ],
    "invocation": {
        "module_args": {
            "chdir": null,
            "editable": false,
            "executable": "pip3",
            "extra_args": null,
            "name": [
                "boto3"
            ],
            "requirements": null,
            "state": "present",
            "umask": null,
            "version": null,
            "virtualenv": null,
            "virtualenv_command": "virtualenv",
            "virtualenv_python": null,
            "virtualenv_site_packages": false
        }
    },
    "item": {
        "name": "boto3"
    },
    "name": [
        "boto3"
    ],
    "requirements": null,
    "state": "present",
    "stderr": "WARNING: Running pip install with root privileges is generally not a good idea. Try `pip3 install --user` instead.\n",
    "stderr_lines": [
        "WARNING: Running pip install with root privileges is generally not a good idea. Try `pip3 install --user` instead."
    ],
    "stdout": "Requirement already satisfied: boto3 in /usr/local/lib/python3.6/site-packages\nRequirement already satisfied: s3transfer<0.6.0,>=0.5.0 in /usr/local/lib/python3.6/site-packages (from boto3)\nRequirement already satisfied: jmespath<2.0.0,>=0.7.1 in /usr/local/lib/python3.6/site-packages (from boto3)\nRequirement already satisfied: botocore<1.27.0,>=1.26.10 in /usr/local/lib/python3.6/site-packages (from boto3)\nRequirement already satisfied: urllib3<1.27,>=1.25.4 in /usr/local/lib/python3.6/site-packages (from botocore<1.27.0,>=1.26.10->boto3)\nRequirement already satisfied: python-dateutil<3.0.0,>=2.1 in /usr/lib/python3.6/site-packages (from botocore<1.27.0,>=1.26.10->boto3)\nRequirement already satisfied: six>=1.5 in /usr/lib/python3.6/site-packages (from python-dateutil<3.0.0,>=2.1->botocore<1.27.0,>=1.26.10->boto3)\n",
    "stdout_lines": [
        "Requirement already satisfied: boto3 in /usr/local/lib/python3.6/site-packages",
        "Requirement already satisfied: s3transfer<0.6.0,>=0.5.0 in /usr/local/lib/python3.6/site-packages (from boto3)",
        "Requirement already satisfied: jmespath<2.0.0,>=0.7.1 in /usr/local/lib/python3.6/site-packages (from boto3)",
        "Requirement already satisfied: botocore<1.27.0,>=1.26.10 in /usr/local/lib/python3.6/site-packages (from boto3)",
        "Requirement already satisfied: urllib3<1.27,>=1.25.4 in /usr/local/lib/python3.6/site-packages (from botocore<1.27.0,>=1.26.10->boto3)",
        "Requirement already satisfied: python-dateutil<3.0.0,>=2.1 in /usr/lib/python3.6/site-packages (from botocore<1.27.0,>=1.26.10->boto3)",
        "Requirement already satisfied: six>=1.5 in /usr/lib/python3.6/site-packages (from python-dateutil<3.0.0,>=2.1->botocore<1.27.0,>=1.26.10->boto3)"
    ],
    "version": null,
    "virtualenv": null
}
redirecting (type: action) amazon.aws.aws_s3 to amazon.aws.s3_object

TASK [List keys simple] ***********************************************************************************************
task path: /home/circleci/aws-s3/site.yml:20
redirecting (type: modules) amazon.aws.aws_s3 to amazon.aws.s3_object
redirecting (type: action) amazon.aws.aws_s3 to amazon.aws.s3_object
redirecting (type: action) amazon.aws.aws_s3 to amazon.aws.s3_object
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'echo ~centos && sleep 0'"'"''
<54.168.201.218> (0, b'/home/centos\n', b'')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /home/centos/.ansible/tmp `"&& mkdir "` echo /home/centos/.ansible/tmp/ansible-tmp-1671550364.6755538-2162-46077499209532 `" && echo ansible-tmp-1671550364.6755538-2162-46077499209532="` echo /home/centos/.ansible/tmp/ansible-tmp-1671550364.6755538-2162-46077499209532 `" ) && sleep 0'"'"''
<54.168.201.218> (0, b'ansible-tmp-1671550364.6755538-2162-46077499209532=/home/centos/.ansible/tmp/ansible-tmp-1671550364.6755538-2162-46077499209532\n', b'')
redirecting (type: modules) amazon.aws.aws_s3 to amazon.aws.s3_object
Using module file /home/circleci/.local/lib/python3.11/site-packages/ansible_collections/amazon/aws/plugins/modules/s3_object.py
<54.168.201.218> PUT /home/circleci/.ansible/tmp/ansible-local-20936h3r2059/tmpg3jtu16d TO /home/centos/.ansible/tmp/ansible-tmp-1671550364.6755538-2162-46077499209532/AnsiballZ_s3_object.py
<54.168.201.218> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' '[54.168.201.218]'
<54.168.201.218> (0, b'sftp> put /home/circleci/.ansible/tmp/ansible-local-20936h3r2059/tmpg3jtu16d /home/centos/.ansible/tmp/ansible-tmp-1671550364.6755538-2162-46077499209532/AnsiballZ_s3_object.py\n', b'')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'chmod u+x /home/centos/.ansible/tmp/ansible-tmp-1671550364.6755538-2162-46077499209532/ /home/centos/.ansible/tmp/ansible-tmp-1671550364.6755538-2162-46077499209532/AnsiballZ_s3_object.py && sleep 0'"'"''
<54.168.201.218> (0, b'', b'')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' -tt 54.168.201.218 '/bin/sh -c '"'"'sudo -H -S -n  -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-fvfavkxprgncycldppoiwictubshdefw ; /usr/libexec/platform-python /home/centos/.ansible/tmp/ansible-tmp-1671550364.6755538-2162-46077499209532/AnsiballZ_s3_object.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
Escalation succeeded
<54.168.201.218> (0, b'\r\n{"msg": "LIST operation complete", "s3_keys": ["\\u8b70\\u4e8b\\u9332.doc"], "invocation": {"module_args": {"access_key": "AKIA3YSKL4F65NAY677H", "bucket": "mamono210-s3-test", "mode": "list", "secret_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "validate_certs": true, "debug_botocore_endpoint_logs": false, "encrypt": true, "encryption_mode": "AES256", "expiry": 600, "marker": "", "max_keys": 1000, "sig_v4": true, "permission": ["private"], "overwrite": "different", "prefix": "", "retries": 0, "dualstack": false, "ceph": false, "ignore_nonexistent_bucket": false, "purge_tags": true, "validate_bucket_name": true, "session_token": null, "profile": null, "endpoint_url": null, "aws_ca_bundle": null, "aws_config": null, "region": null, "dest": null, "headers": null, "metadata": null, "object": null, "version": null, "src": null, "content": null, "content_base64": null, "encryption_kms_key_id": null, "tags": null, "copy_src": null}}}\r\n', b'Shared connection to 54.168.201.218 closed.\r\n')
<54.168.201.218> ESTABLISH SSH CONNECTION FOR USER: centos
<54.168.201.218> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="centos"' -o ConnectTimeout=10 -o 'ControlPath="/home/circleci/.ansible/cp/ff33dd629c"' 54.168.201.218 '/bin/sh -c '"'"'rm -f -r /home/centos/.ansible/tmp/ansible-tmp-1671550364.6755538-2162-46077499209532/ > /dev/null 2>&1 && sleep 0'"'"''
<54.168.201.218> (0, b'', b'')
ok: [54.168.201.218] => {
    "changed": false,
    "invocation": {
        "module_args": {
            "access_key": "AKIA3YSKL4F65NAY677H",
            "aws_ca_bundle": null,
            "aws_config": null,
            "bucket": "mamono210-s3-test",
            "ceph": false,
            "content": null,
            "content_base64": null,
            "copy_src": null,
            "debug_botocore_endpoint_logs": false,
            "dest": null,
            "dualstack": false,
            "encrypt": true,
            "encryption_kms_key_id": null,
            "encryption_mode": "AES256",
            "endpoint_url": null,
            "expiry": 600,
            "headers": null,
            "ignore_nonexistent_bucket": false,
            "marker": "",
            "max_keys": 1000,
            "metadata": null,
            "mode": "list",
            "object": null,
            "overwrite": "different",
            "permission": [
                "private"
            ],
            "prefix": "",
            "profile": null,
            "purge_tags": true,
            "region": null,
            "retries": 0,
            "secret_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "session_token": null,
            "sig_v4": true,
            "src": null,
            "tags": null,
            "validate_bucket_name": true,
            "validate_certs": true,
            "version": null
        }
    },
    "msg": "LIST operation complete",
    "s3_keys": [
        "議事録.doc"
    ]
}

TASK [Var dump] *******************************************************************************************************
task path: /home/circleci/aws-s3/site.yml:28
ok: [54.168.201.218] => {
    "s3_keys": {
        "changed": false,
        "failed": false,
        "msg": "LIST operation complete",
        "s3_keys": [
            "議事録.doc"
        ]
    }
}

PLAY RECAP ************************************************************************************************************
54.168.201.218             : ok=7    changed=0    unreachable=0    failed=0    skipped=2    rescued=0    ignored=0   

タスクList keys simpleの処理のログを見てみます。アクセスキーは露出していますがシークレットアクセスキーはマスクされています。

ok: [54.168.201.218] => {
    "changed": false,
    "invocation": {
        "module_args": {
            "access_key": "AKIA3YSKL4F65NAY677H",
            "aws_ca_bundle": null,
            "aws_config": null,
            "bucket": "mamono210-s3-test",
            "ceph": false,
            "content": null,
            "content_base64": null,
            "copy_src": null,
            "debug_botocore_endpoint_logs": false,
            "dest": null,
            "dualstack": false,
            "encrypt": true,
            "encryption_kms_key_id": null,
            "encryption_mode": "AES256",
            "endpoint_url": null,
            "expiry": 600,
            "headers": null,
            "ignore_nonexistent_bucket": false,
            "marker": "",
            "max_keys": 1000,
            "metadata": null,
            "mode": "list",
            "object": null,
            "overwrite": "different",
            "permission": [
                "private"
            ],
            "prefix": "",
            "profile": null,
            "purge_tags": true,
            "region": null,
            "retries": 0,
            "secret_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", # <- マスクされている
            "session_token": null,
            "sig_v4": true,
            "src": null,
            "tags": null,
            "validate_bucket_name": true,
            "validate_certs": true,
            "version": null
        }
    },
    "msg": "LIST operation complete",
    "s3_keys": [
        "議事録.doc"
    ]
}

Moleculeの場合

サンプルリポジトリ です。このリポジトリのコードで変数と環境変数の両方で秘匿情報を渡す処理を実行してみます。

変数で秘匿情報を渡す

実行ログ
INFO     variable_test scenario test matrix: dependency, syntax, create, prepare, converge, verify
INFO     Performing prerun with role_name_check=0...
INFO     Set ANSIBLE_LIBRARY=/home/circleci/.cache/ansible-compat/8d920d/modules:/home/circleci/.ansible/plugins/modules:/usr/share/ansible/plugins/modules
INFO     Set ANSIBLE_COLLECTIONS_PATH=/home/circleci/.cache/ansible-compat/8d920d/collections:/home/circleci/.ansible/collections:/usr/share/ansible/collections
INFO     Set ANSIBLE_ROLES_PATH=/home/circleci/.cache/ansible-compat/8d920d/roles:/home/circleci/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles
INFO     Using /home/circleci/.cache/ansible-compat/8d920d/roles/*********.aws_s3_get symlink to current repository in order to enable Ansible to find the role using its expected full name.
INFO     Running variable_test > dependency
INFO     Running from /tmp/aws_s3_get : ansible-galaxy collection install -vvv community.docker:>=3.0.2
INFO     Running from /tmp/aws_s3_get : ansible-galaxy collection install -vvv ansible.posix:>=1.4.0
[WARNING]: - dependency geerlingguy.pip () from role *********.aws_s3_bootstrap
differs from already installed version (2.2.0), skipping
Starting galaxy role install process
- downloading role 'pip', owned by geerlingguy
- downloading role from https://github.com/geerlingguy/ansible-role-pip/archive/2.2.0.tar.gz
- extracting geerlingguy.pip to /home/circleci/.cache/molecule/aws_s3_get/variable_test/roles/geerlingguy.pip
- geerlingguy.pip (2.2.0) was installed successfully
- extracting *********.aws_s3_bootstrap to /home/circleci/.cache/molecule/aws_s3_get/variable_test/roles/*********.aws_s3_bootstrap
- *********.aws_s3_bootstrap was installed successfully
- dependency *********.epel already pending installation.
- extracting *********.epel to /home/circleci/.cache/molecule/aws_s3_get/variable_test/roles/*********.epel
- *********.epel was installed successfully
INFO     Dependency completed successfully.
WARNING  Skipping, missing the requirements file.
INFO     Running variable_test > syntax
INFO     Sanity checks: 'docker'

playbook: /tmp/aws_s3_get/molecule/variable_test/converge.yml
INFO     Running variable_test > create

PLAY [Create] ******************************************************************

TASK [Set async_dir for HOME env] **********************************************
Sunday 18 December 2022  19:05:09 +0900 (0:00:00.020)       0:00:00.020 *******
ok: [localhost]

TASK [Log into a Docker registry] **********************************************
Sunday 18 December 2022  19:05:09 +0900 (0:00:00.067)       0:00:00.087 *******
skipping: [localhost] => (item=None) 
skipping: [localhost]

TASK [Check presence of custom Dockerfiles] ************************************
Sunday 18 December 2022  19:05:09 +0900 (0:00:00.045)       0:00:00.133 *******
ok: [localhost] => (item=None)
ok: [localhost]

TASK [Create Dockerfiles from image names] *************************************
Sunday 18 December 2022  19:05:10 +0900 (0:00:00.501)       0:00:00.634 *******
skipping: [localhost] => (item=None) 
skipping: [localhost]

TASK [Synchronization the context] *********************************************
Sunday 18 December 2022  19:05:10 +0900 (0:00:00.082)       0:00:00.717 *******
skipping: [localhost] => (item=None) 
skipping: [localhost]

TASK [Discover local Docker images] ********************************************
Sunday 18 December 2022  19:05:10 +0900 (0:00:00.052)       0:00:00.770 *******
ok: [localhost] => (item=None)
ok: [localhost]

TASK [Build an Ansible compatible image (new)] *********************************
Sunday 18 December 2022  19:05:11 +0900 (0:00:00.848)       0:00:01.618 *******
skipping: [localhost] => (item=molecule_local/ghcr.io/docker-images-*********/ansible-test/centos-stream8:latest)
skipping: [localhost]

TASK [Create docker network(s)] ************************************************
Sunday 18 December 2022  19:05:11 +0900 (0:00:00.075)       0:00:01.694 *******
skipping: [localhost]

TASK [Determine the CMD directives] ********************************************
Sunday 18 December 2022  19:05:11 +0900 (0:00:00.021)       0:00:01.715 *******
ok: [localhost] => (item=None)
ok: [localhost]

TASK [Create molecule instance(s)] *********************************************
Sunday 18 December 2022  19:05:11 +0900 (0:00:00.080)       0:00:01.796 *******
changed: [localhost] => (item=instance)

TASK [Wait for instance(s) creation to complete] *******************************
Sunday 18 December 2022  19:05:12 +0900 (0:00:00.963)       0:00:02.760 *******
FAILED - RETRYING: [localhost]: Wait for instance(s) creation to complete (300 retries left).
FAILED - RETRYING: [localhost]: Wait for instance(s) creation to complete (299 retries left).
changed: [localhost] => (item=None)
changed: [localhost]

PLAY RECAP *********************************************************************
localhost                  : ok=6    changed=2    unreachable=0    failed=0    skipped=5    rescued=0    ignored=0

Sunday 18 December 2022  19:05:24 +0900 (0:00:11.578)       0:00:14.338 *******
===============================================================================
Set async_dir for HOME env ---------------------------------------------- 0.07s
Log into a Docker registry ---------------------------------------------- 0.05s
Check presence of custom Dockerfiles ------------------------------------ 0.50s
Create Dockerfiles from image names ------------------------------------- 0.08s
Synchronization the context --------------------------------------------- 0.05s
Discover local Docker images -------------------------------------------- 0.85s
Build an Ansible compatible image (new) --------------------------------- 0.08s
Create docker network(s) ------------------------------------------------ 0.02s
Determine the CMD directives -------------------------------------------- 0.08s
Create molecule instance(s) --------------------------------------------- 0.96s
Wait for instance(s) creation to complete ------------------------------ 11.58s
INFO     Running variable_test > prepare
[DEPRECATION WARNING]: community.general.files.ini_file has been deprecated. 
You are using an internal name to access the community.general.ini_file 
modules. This has never been supported or documented, and will stop working in 
community.general 9.0.0. This feature will be removed from community.general in
 version 9.0.0. Deprecation warnings can be disabled by setting 
deprecation_warnings=False in ansible.cfg.

PLAY [Prepare] *****************************************************************

TASK [Gathering Facts] *********************************************************
Sunday 18 December 2022  19:05:24 +0900 (0:00:00.016)       0:00:00.016 *******
ok: [instance]

TASK [geerlingguy.pip : Ensure Pip is installed.] ******************************
Sunday 18 December 2022  19:05:26 +0900 (0:00:01.466)       0:00:01.482 *******
changed: [instance]

TASK [geerlingguy.pip : Ensure pip_install_packages are installed.] ************
Sunday 18 December 2022  19:05:29 +0900 (0:00:02.781)       0:00:04.264 *******
skipping: [instance]

TASK [*********.epel : Install EPEL repo] **************************************
Sunday 18 December 2022  19:05:29 +0900 (0:00:00.022)       0:00:04.286 *******
changed: [instance]

TASK [*********.epel : Disable EPEL repo] **************************************
Sunday 18 December 2022  19:05:31 +0900 (0:00:02.368)       0:00:06.655 *******
changed: [instance]

TASK [Install epel repo] *******************************************************
Sunday 18 December 2022  19:05:32 +0900 (0:00:00.829)       0:00:07.484 *******

TASK [*********.epel : Install EPEL repo] **************************************
Sunday 18 December 2022  19:05:32 +0900 (0:00:00.030)       0:00:07.515 *******
ok: [instance]

TASK [*********.epel : Disable EPEL repo] **************************************
Sunday 18 December 2022  19:05:39 +0900 (0:00:07.196)       0:00:14.711 *******
ok: [instance]

TASK [Install pip and boto3 (CentOS Stream 8)] *********************************
Sunday 18 December 2022  19:05:40 +0900 (0:00:00.750)       0:00:15.462 *******

TASK [geerlingguy.pip : Ensure Pip is installed.] ******************************
Sunday 18 December 2022  19:05:40 +0900 (0:00:00.037)       0:00:15.499 *******
ok: [instance]

TASK [geerlingguy.pip : Ensure pip_install_packages are installed.] ************
Sunday 18 December 2022  19:05:42 +0900 (0:00:02.075)       0:00:17.575 *******
ok: [instance] => (item={'name': 'pip'})
changed: [instance] => (item={'name': 'boto3'})

TASK [Install pip and boto3 (CentOS 7)] ****************************************
Sunday 18 December 2022  19:05:48 +0900 (0:00:05.822)       0:00:23.398 *******
skipping: [instance]

TASK [Create directory for creating test text file] ****************************
Sunday 18 December 2022  19:05:48 +0900 (0:00:00.028)       0:00:23.426 *******
changed: [instance -> localhost]

TASK [Create test text file] ***************************************************
Sunday 18 December 2022  19:05:48 +0900 (0:00:00.510)       0:00:23.937 *******
changed: [instance -> localhost] => (item={'aws_access_key_id': 'ASIA3YSKL4F6YIWHCXWP', 'aws_region': None, 'aws_secret_access_key': 'knT+lbwhN8gDIF016LFpo4eZV0juZVeeqoRwgJ8n', 'aws_security_token': 'IQoJb3JpZ2luX2VjEAoaDmFwLW5vcnRoZWFzdC0xIkcwRQIgPRJdqR+xAdALYjZs898a8jMQq1fH0bVe6QAasy7Vk/UCIQDcUDsb2GSv6VdodoKFxycmlMdAvgz786kXR7Sex6rQ7CqgBQhDEAAaDDgwODY4MzU2MTM0MSIMpaSU3uXa87lZFKtIKv0EvdGKEu4C83VppaAIVYfuLHhyNPG7vegm5qUx3LtZvxX/1GAnzICiTgm68yNTTB13kgCRO20H4FphrCRZjqKCyJjUp7Ogp/h/GUKPbbyBBxHJIp/vMuQ45XiBist/K8KjGSu0MVHYM/tRqtRzcU6mVgYv1tzueWWB0EujskR6tsNNfo41jSszErCRXXS5ND6HkpawyNQIXV2rDcKB39PlA/6OXeVLZQkbzG+kqA4PhMgDCa/WI3nmd1XAX+Xk2BZTNgsF/mAa1uvoH0pQLfdB+lzbbWa17Dd6bPQ4bRJMCD1fDQ5EJyg3ih+a/GHIBcUom7s1sQzrBoUdyc1AcroeePQHbT8Xp0ODVeZCCHVA46cdGIAAYNbvfZtFhBbJzlXy0QcI/Nzb4unJmSKTg8rltC0P8AaMS1Vr/dMg2f3QM3HUYhfqYcy9yvUOqwzg2UQt8rU+sbHZ4wPrEbmespI3SLmaxPp9lnsCWKRAu2yLktcheziFqgPsN7X/szSOefUbjeYP1U7sJm3635HHrXjcJBavcqiiCjjryOWZpP3QNfCXK0Tf6KQg1errgu8uEgGz3K7jKsUQdXbYxVPC8wIoDgrG4Vx6VzYM8dUUekGk0wrRhcCU0DTLH+HIauLQCOGoIarPLVc2Z2hvRS5dw4J7aDWbc0wikcYTs2J9p1mfiaTFosle+qXZA918oVMLQPfyKnVotgXjHWIdQIJ/eqLKzifwhmHQNh91QJvEAlAR1JsLng7LQh/35uxdYt4AgJZrAU5fkYBREzIZw0n07ASZEwWPcYA0mo4nmcA6J1UiYn+WCglAly8U6BSUohMmQbrQfjv6vWGScXy3iI8wSDC5y/ucBjqVAUeGWDO49o66j4jWVNaNeMpxdsviP0M9O27+u6CVGa7cJSoeANQgGe2rNq2Ms7cCyEb1eZFuLGJ+rHcUBQa+JSsoHIcv4botYBI1fMs/7DGsjk+j+nqGT1HbrC7ax2iHWbhn64yssz191a3SfpoAnv5bWpXQjQWefEMzT7m8/jDO9QmJFQHkmFOW6WMEt6NWf4LhKyHj', 'image': 'ghcr.io/docker-images-*********/ansible-test/centos-stream8:latest', 'local_file_name': '20221218_190444.txt', 'name': 'instance', 'pre_build_image': True, 's3_bucket': '*********', 's3_object_name': '/ansible-roles-*********/aws_s3_get/20221218_190444', 'test_string': 20221218190444, 'working_dir': '/tmp/s3'})

TASK [Simple PUT operation. AWS credentials are passed from environment variables.] ***
Sunday 18 December 2022  19:05:49 +0900 (0:00:00.932)       0:00:24.869 *******
[DEPRECATION WARNING]: Alias 'security_token' is deprecated. See the module 
docs for more information. This feature will be removed from amazon.aws in a 
release after 2024-12-01. Deprecation warnings can be disabled by setting 
deprecation_warnings=False in ansible.cfg.
ok: [instance -> localhost] => (item={'aws_access_key_id': 'ASIA3YSKL4F6YIWHCXWP', 'aws_region': None, 'aws_secret_access_key': 'knT+lbwhN8gDIF016LFpo4eZV0juZVeeqoRwgJ8n', 'aws_security_token': 'IQoJb3JpZ2luX2VjEAoaDmFwLW5vcnRoZWFzdC0xIkcwRQIgPRJdqR+xAdALYjZs898a8jMQq1fH0bVe6QAasy7Vk/UCIQDcUDsb2GSv6VdodoKFxycmlMdAvgz786kXR7Sex6rQ7CqgBQhDEAAaDDgwODY4MzU2MTM0MSIMpaSU3uXa87lZFKtIKv0EvdGKEu4C83VppaAIVYfuLHhyNPG7vegm5qUx3LtZvxX/1GAnzICiTgm68yNTTB13kgCRO20H4FphrCRZjqKCyJjUp7Ogp/h/GUKPbbyBBxHJIp/vMuQ45XiBist/K8KjGSu0MVHYM/tRqtRzcU6mVgYv1tzueWWB0EujskR6tsNNfo41jSszErCRXXS5ND6HkpawyNQIXV2rDcKB39PlA/6OXeVLZQkbzG+kqA4PhMgDCa/WI3nmd1XAX+Xk2BZTNgsF/mAa1uvoH0pQLfdB+lzbbWa17Dd6bPQ4bRJMCD1fDQ5EJyg3ih+a/GHIBcUom7s1sQzrBoUdyc1AcroeePQHbT8Xp0ODVeZCCHVA46cdGIAAYNbvfZtFhBbJzlXy0QcI/Nzb4unJmSKTg8rltC0P8AaMS1Vr/dMg2f3QM3HUYhfqYcy9yvUOqwzg2UQt8rU+sbHZ4wPrEbmespI3SLmaxPp9lnsCWKRAu2yLktcheziFqgPsN7X/szSOefUbjeYP1U7sJm3635HHrXjcJBavcqiiCjjryOWZpP3QNfCXK0Tf6KQg1errgu8uEgGz3K7jKsUQdXbYxVPC8wIoDgrG4Vx6VzYM8dUUekGk0wrRhcCU0DTLH+HIauLQCOGoIarPLVc2Z2hvRS5dw4J7aDWbc0wikcYTs2J9p1mfiaTFosle+qXZA918oVMLQPfyKnVotgXjHWIdQIJ/eqLKzifwhmHQNh91QJvEAlAR1JsLng7LQh/35uxdYt4AgJZrAU5fkYBREzIZw0n07ASZEwWPcYA0mo4nmcA6J1UiYn+WCglAly8U6BSUohMmQbrQfjv6vWGScXy3iI8wSDC5y/ucBjqVAUeGWDO49o66j4jWVNaNeMpxdsviP0M9O27+u6CVGa7cJSoeANQgGe2rNq2Ms7cCyEb1eZFuLGJ+rHcUBQa+JSsoHIcv4botYBI1fMs/7DGsjk+j+nqGT1HbrC7ax2iHWbhn64yssz191a3SfpoAnv5bWpXQjQWefEMzT7m8/jDO9QmJFQHkmFOW6WMEt6NWf4LhKyHj', 'image': 'ghcr.io/docker-images-*********/ansible-test/centos-stream8:latest', 'local_file_name': '20221218_190444.txt', 'name': 'instance', 'pre_build_image': True, 's3_bucket': '*********', 's3_object_name': '/ansible-roles-*********/aws_s3_get/20221218_190444', 'test_string': 20221218190444, 'working_dir': '/tmp/s3'})

PLAY RECAP *********************************************************************
instance                   : ok=11   changed=6    unreachable=0    failed=0    skipped=2    rescued=0    ignored=0

Sunday 18 December 2022  19:05:52 +0900 (0:00:02.929)       0:00:27.799 *******
===============================================================================
Gathering Facts --------------------------------------------------------- 1.47s
geerlingguy.pip : Ensure Pip is installed. ------------------------------ 2.78s
geerlingguy.pip : Ensure pip_install_packages are installed. ------------ 0.02s
*********.epel : Install EPEL repo -------------------------------------- 2.37s
*********.epel : Disable EPEL repo -------------------------------------- 0.83s
Install epel repo ------------------------------------------------------- 0.03s
*********.epel : Install EPEL repo -------------------------------------- 7.20s
*********.epel : Disable EPEL repo -------------------------------------- 0.75s
Install pip and boto3 (CentOS Stream 8) --------------------------------- 0.04s
geerlingguy.pip : Ensure Pip is installed. ------------------------------ 2.08s
geerlingguy.pip : Ensure pip_install_packages are installed. ------------ 5.82s
Install pip and boto3 (CentOS 7) ---------------------------------------- 0.03s
Create directory for creating test text file ---------------------------- 0.51s
Create test text file --------------------------------------------------- 0.93s
Simple PUT operation. AWS credentials are passed from environment variables. --- 2.93s
INFO     Running variable_test > converge

PLAY [Converge] ****************************************************************

TASK [Gathering Facts] *********************************************************
Sunday 18 December 2022  19:05:53 +0900 (0:00:00.015)       0:00:00.015 *******
ok: [instance]

TASK [aws_s3_get : Validating arguments against arg spec 'main' - Copy a file in the remote system to AWS S3.] ***
Sunday 18 December 2022  19:05:55 +0900 (0:00:01.535)       0:00:01.551 *******
ok: [instance]

TASK [aws_s3_get : Set AWS credentials to variables] ***************************
Sunday 18 December 2022  19:05:55 +0900 (0:00:00.026)       0:00:01.578 *******
ok: [instance]

TASK [aws_s3_get : Create the directory to retrieve the S3 object] *************
Sunday 18 December 2022  19:05:55 +0900 (0:00:00.029)       0:00:01.607 *******
changed: [instance]

TASK [aws_s3_get : Simple GET operation with AWS credentials passed by environment variables] ***
Sunday 18 December 2022  19:05:56 +0900 (0:00:00.893)       0:00:02.501 *******
skipping: [instance]

TASK [aws_s3_get : Simple GET operation] ***************************************
Sunday 18 December 2022  19:05:56 +0900 (0:00:00.042)       0:00:02.544 *******
[DEPRECATION WARNING]: Alias 'security_token' is deprecated. See the module 
docs for more information. This feature will be removed from amazon.aws in a 
release after 2024-12-01. Deprecation warnings can be disabled by setting 
deprecation_warnings=False in ansible.cfg.
changed: [instance]

PLAY RECAP *********************************************************************
instance                   : ok=5    changed=2    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0

Sunday 18 December 2022  19:05:59 +0900 (0:00:03.817)       0:00:06.361 *******
===============================================================================
Gathering Facts --------------------------------------------------------- 1.54s
aws_s3_get : Validating arguments against arg spec 'main' - Copy a file in the remote system to AWS S3. --- 0.03s
aws_s3_get : Set AWS credentials to variables --------------------------- 0.03s
aws_s3_get : Create the directory to retrieve the S3 object ------------- 0.89s
aws_s3_get : Simple GET operation with AWS credentials passed by environment variables --- 0.04s
aws_s3_get : Simple GET operation --------------------------------------- 3.82s
INFO     Running variable_test > verify
INFO     Running Ansible Verifier

PLAY [Verify] ******************************************************************

TASK [Gathering Facts] *********************************************************
Sunday 18 December 2022  19:06:00 +0900 (0:00:00.015)       0:00:00.015 *******
ok: [instance]

TASK [Create working directory] ************************************************
Sunday 18 December 2022  19:06:02 +0900 (0:00:01.451)       0:00:01.466 *******
changed: [instance] => (item={'aws_access_key_id': 'ASIA3YSKL4F6YIWHCXWP', 'aws_region': None, 'aws_secret_access_key': 'knT+lbwhN8gDIF016LFpo4eZV0juZVeeqoRwgJ8n', 'aws_security_token': 'IQoJb3JpZ2luX2VjEAoaDmFwLW5vcnRoZWFzdC0xIkcwRQIgPRJdqR+xAdALYjZs898a8jMQq1fH0bVe6QAasy7Vk/UCIQDcUDsb2GSv6VdodoKFxycmlMdAvgz786kXR7Sex6rQ7CqgBQhDEAAaDDgwODY4MzU2MTM0MSIMpaSU3uXa87lZFKtIKv0EvdGKEu4C83VppaAIVYfuLHhyNPG7vegm5qUx3LtZvxX/1GAnzICiTgm68yNTTB13kgCRO20H4FphrCRZjqKCyJjUp7Ogp/h/GUKPbbyBBxHJIp/vMuQ45XiBist/K8KjGSu0MVHYM/tRqtRzcU6mVgYv1tzueWWB0EujskR6tsNNfo41jSszErCRXXS5ND6HkpawyNQIXV2rDcKB39PlA/6OXeVLZQkbzG+kqA4PhMgDCa/WI3nmd1XAX+Xk2BZTNgsF/mAa1uvoH0pQLfdB+lzbbWa17Dd6bPQ4bRJMCD1fDQ5EJyg3ih+a/GHIBcUom7s1sQzrBoUdyc1AcroeePQHbT8Xp0ODVeZCCHVA46cdGIAAYNbvfZtFhBbJzlXy0QcI/Nzb4unJmSKTg8rltC0P8AaMS1Vr/dMg2f3QM3HUYhfqYcy9yvUOqwzg2UQt8rU+sbHZ4wPrEbmespI3SLmaxPp9lnsCWKRAu2yLktcheziFqgPsN7X/szSOefUbjeYP1U7sJm3635HHrXjcJBavcqiiCjjryOWZpP3QNfCXK0Tf6KQg1errgu8uEgGz3K7jKsUQdXbYxVPC8wIoDgrG4Vx6VzYM8dUUekGk0wrRhcCU0DTLH+HIauLQCOGoIarPLVc2Z2hvRS5dw4J7aDWbc0wikcYTs2J9p1mfiaTFosle+qXZA918oVMLQPfyKnVotgXjHWIdQIJ/eqLKzifwhmHQNh91QJvEAlAR1JsLng7LQh/35uxdYt4AgJZrAU5fkYBREzIZw0n07ASZEwWPcYA0mo4nmcA6J1UiYn+WCglAly8U6BSUohMmQbrQfjv6vWGScXy3iI8wSDC5y/ucBjqVAUeGWDO49o66j4jWVNaNeMpxdsviP0M9O27+u6CVGa7cJSoeANQgGe2rNq2Ms7cCyEb1eZFuLGJ+rHcUBQa+JSsoHIcv4botYBI1fMs/7DGsjk+j+nqGT1HbrC7ax2iHWbhn64yssz191a3SfpoAnv5bWpXQjQWefEMzT7m8/jDO9QmJFQHkmFOW6WMEt6NWf4LhKyHj', 'image': 'ghcr.io/docker-images-*********/ansible-test/centos-stream8:latest', 'local_file_name': '20221218_190444.txt', 'name': 'instance', 'pre_build_image': True, 's3_bucket': '*********', 's3_object_name': '/ansible-roles-*********/aws_s3_get/20221218_190444', 'test_string': 20221218190444, 'working_dir': '/tmp/s3'})

TASK [Retrieve test text file from AWS S3] *************************************
Sunday 18 December 2022  19:06:03 +0900 (0:00:00.841)       0:00:02.308 *******
[DEPRECATION WARNING]: Alias 'security_token' is deprecated. See the module 
docs for more information. This feature will be removed from amazon.aws in a 
release after 2024-12-01. Deprecation warnings can be disabled by setting 
deprecation_warnings=False in ansible.cfg.
ok: [instance] => (item={'aws_access_key_id': 'ASIA3YSKL4F6YIWHCXWP', 'aws_region': None, 'aws_secret_access_key': 'knT+lbwhN8gDIF016LFpo4eZV0juZVeeqoRwgJ8n', 'aws_security_token': 'IQoJb3JpZ2luX2VjEAoaDmFwLW5vcnRoZWFzdC0xIkcwRQIgPRJdqR+xAdALYjZs898a8jMQq1fH0bVe6QAasy7Vk/UCIQDcUDsb2GSv6VdodoKFxycmlMdAvgz786kXR7Sex6rQ7CqgBQhDEAAaDDgwODY4MzU2MTM0MSIMpaSU3uXa87lZFKtIKv0EvdGKEu4C83VppaAIVYfuLHhyNPG7vegm5qUx3LtZvxX/1GAnzICiTgm68yNTTB13kgCRO20H4FphrCRZjqKCyJjUp7Ogp/h/GUKPbbyBBxHJIp/vMuQ45XiBist/K8KjGSu0MVHYM/tRqtRzcU6mVgYv1tzueWWB0EujskR6tsNNfo41jSszErCRXXS5ND6HkpawyNQIXV2rDcKB39PlA/6OXeVLZQkbzG+kqA4PhMgDCa/WI3nmd1XAX+Xk2BZTNgsF/mAa1uvoH0pQLfdB+lzbbWa17Dd6bPQ4bRJMCD1fDQ5EJyg3ih+a/GHIBcUom7s1sQzrBoUdyc1AcroeePQHbT8Xp0ODVeZCCHVA46cdGIAAYNbvfZtFhBbJzlXy0QcI/Nzb4unJmSKTg8rltC0P8AaMS1Vr/dMg2f3QM3HUYhfqYcy9yvUOqwzg2UQt8rU+sbHZ4wPrEbmespI3SLmaxPp9lnsCWKRAu2yLktcheziFqgPsN7X/szSOefUbjeYP1U7sJm3635HHrXjcJBavcqiiCjjryOWZpP3QNfCXK0Tf6KQg1errgu8uEgGz3K7jKsUQdXbYxVPC8wIoDgrG4Vx6VzYM8dUUekGk0wrRhcCU0DTLH+HIauLQCOGoIarPLVc2Z2hvRS5dw4J7aDWbc0wikcYTs2J9p1mfiaTFosle+qXZA918oVMLQPfyKnVotgXjHWIdQIJ/eqLKzifwhmHQNh91QJvEAlAR1JsLng7LQh/35uxdYt4AgJZrAU5fkYBREzIZw0n07ASZEwWPcYA0mo4nmcA6J1UiYn+WCglAly8U6BSUohMmQbrQfjv6vWGScXy3iI8wSDC5y/ucBjqVAUeGWDO49o66j4jWVNaNeMpxdsviP0M9O27+u6CVGa7cJSoeANQgGe2rNq2Ms7cCyEb1eZFuLGJ+rHcUBQa+JSsoHIcv4botYBI1fMs/7DGsjk+j+nqGT1HbrC7ax2iHWbhn64yssz191a3SfpoAnv5bWpXQjQWefEMzT7m8/jDO9QmJFQHkmFOW6WMEt6NWf4LhKyHj', 'image': 'ghcr.io/docker-images-*********/ansible-test/centos-stream8:latest', 'local_file_name': '20221218_190444.txt', 'name': 'instance', 'pre_build_image': True, 's3_bucket': '*********', 's3_object_name': '/ansible-roles-*********/aws_s3_get/20221218_190444', 'test_string': 20221218190444, 'working_dir': '/tmp/s3'})

TASK [Register test strings] ***************************************************
Sunday 18 December 2022  19:06:06 +0900 (0:00:02.958)       0:00:05.266 *******
ok: [instance] => (item={'aws_access_key_id': 'ASIA3YSKL4F6YIWHCXWP', 'aws_region': None, 'aws_secret_access_key': 'knT+lbwhN8gDIF016LFpo4eZV0juZVeeqoRwgJ8n', 'aws_security_token': 'IQoJb3JpZ2luX2VjEAoaDmFwLW5vcnRoZWFzdC0xIkcwRQIgPRJdqR+xAdALYjZs898a8jMQq1fH0bVe6QAasy7Vk/UCIQDcUDsb2GSv6VdodoKFxycmlMdAvgz786kXR7Sex6rQ7CqgBQhDEAAaDDgwODY4MzU2MTM0MSIMpaSU3uXa87lZFKtIKv0EvdGKEu4C83VppaAIVYfuLHhyNPG7vegm5qUx3LtZvxX/1GAnzICiTgm68yNTTB13kgCRO20H4FphrCRZjqKCyJjUp7Ogp/h/GUKPbbyBBxHJIp/vMuQ45XiBist/K8KjGSu0MVHYM/tRqtRzcU6mVgYv1tzueWWB0EujskR6tsNNfo41jSszErCRXXS5ND6HkpawyNQIXV2rDcKB39PlA/6OXeVLZQkbzG+kqA4PhMgDCa/WI3nmd1XAX+Xk2BZTNgsF/mAa1uvoH0pQLfdB+lzbbWa17Dd6bPQ4bRJMCD1fDQ5EJyg3ih+a/GHIBcUom7s1sQzrBoUdyc1AcroeePQHbT8Xp0ODVeZCCHVA46cdGIAAYNbvfZtFhBbJzlXy0QcI/Nzb4unJmSKTg8rltC0P8AaMS1Vr/dMg2f3QM3HUYhfqYcy9yvUOqwzg2UQt8rU+sbHZ4wPrEbmespI3SLmaxPp9lnsCWKRAu2yLktcheziFqgPsN7X/szSOefUbjeYP1U7sJm3635HHrXjcJBavcqiiCjjryOWZpP3QNfCXK0Tf6KQg1errgu8uEgGz3K7jKsUQdXbYxVPC8wIoDgrG4Vx6VzYM8dUUekGk0wrRhcCU0DTLH+HIauLQCOGoIarPLVc2Z2hvRS5dw4J7aDWbc0wikcYTs2J9p1mfiaTFosle+qXZA918oVMLQPfyKnVotgXjHWIdQIJ/eqLKzifwhmHQNh91QJvEAlAR1JsLng7LQh/35uxdYt4AgJZrAU5fkYBREzIZw0n07ASZEwWPcYA0mo4nmcA6J1UiYn+WCglAly8U6BSUohMmQbrQfjv6vWGScXy3iI8wSDC5y/ucBjqVAUeGWDO49o66j4jWVNaNeMpxdsviP0M9O27+u6CVGa7cJSoeANQgGe2rNq2Ms7cCyEb1eZFuLGJ+rHcUBQa+JSsoHIcv4botYBI1fMs/7DGsjk+j+nqGT1HbrC7ax2iHWbhn64yssz191a3SfpoAnv5bWpXQjQWefEMzT7m8/jDO9QmJFQHkmFOW6WMEt6NWf4LhKyHj', 'image': 'ghcr.io/docker-images-*********/ansible-test/centos-stream8:latest', 'local_file_name': '20221218_190444.txt', 'name': 'instance', 'pre_build_image': True, 's3_bucket': '*********', 's3_object_name': '/ansible-roles-*********/aws_s3_get/20221218_190444', 'test_string': 20221218190444, 'working_dir': '/tmp/s3'})

TASK [Regsiter assertion strings] **********************************************
Sunday 18 December 2022  19:06:06 +0900 (0:00:00.819)       0:00:06.085 *******
ok: [instance] => (item={'aws_access_key_id': 'ASIA3YSKL4F6YIWHCXWP', 'aws_region': None, 'aws_secret_access_key': 'knT+lbwhN8gDIF016LFpo4eZV0juZVeeqoRwgJ8n', 'aws_security_token': 'IQoJb3JpZ2luX2VjEAoaDmFwLW5vcnRoZWFzdC0xIkcwRQIgPRJdqR+xAdALYjZs898a8jMQq1fH0bVe6QAasy7Vk/UCIQDcUDsb2GSv6VdodoKFxycmlMdAvgz786kXR7Sex6rQ7CqgBQhDEAAaDDgwODY4MzU2MTM0MSIMpaSU3uXa87lZFKtIKv0EvdGKEu4C83VppaAIVYfuLHhyNPG7vegm5qUx3LtZvxX/1GAnzICiTgm68yNTTB13kgCRO20H4FphrCRZjqKCyJjUp7Ogp/h/GUKPbbyBBxHJIp/vMuQ45XiBist/K8KjGSu0MVHYM/tRqtRzcU6mVgYv1tzueWWB0EujskR6tsNNfo41jSszErCRXXS5ND6HkpawyNQIXV2rDcKB39PlA/6OXeVLZQkbzG+kqA4PhMgDCa/WI3nmd1XAX+Xk2BZTNgsF/mAa1uvoH0pQLfdB+lzbbWa17Dd6bPQ4bRJMCD1fDQ5EJyg3ih+a/GHIBcUom7s1sQzrBoUdyc1AcroeePQHbT8Xp0ODVeZCCHVA46cdGIAAYNbvfZtFhBbJzlXy0QcI/Nzb4unJmSKTg8rltC0P8AaMS1Vr/dMg2f3QM3HUYhfqYcy9yvUOqwzg2UQt8rU+sbHZ4wPrEbmespI3SLmaxPp9lnsCWKRAu2yLktcheziFqgPsN7X/szSOefUbjeYP1U7sJm3635HHrXjcJBavcqiiCjjryOWZpP3QNfCXK0Tf6KQg1errgu8uEgGz3K7jKsUQdXbYxVPC8wIoDgrG4Vx6VzYM8dUUekGk0wrRhcCU0DTLH+HIauLQCOGoIarPLVc2Z2hvRS5dw4J7aDWbc0wikcYTs2J9p1mfiaTFosle+qXZA918oVMLQPfyKnVotgXjHWIdQIJ/eqLKzifwhmHQNh91QJvEAlAR1JsLng7LQh/35uxdYt4AgJZrAU5fkYBREzIZw0n07ASZEwWPcYA0mo4nmcA6J1UiYn+WCglAly8U6BSUohMmQbrQfjv6vWGScXy3iI8wSDC5y/ucBjqVAUeGWDO49o66j4jWVNaNeMpxdsviP0M9O27+u6CVGa7cJSoeANQgGe2rNq2Ms7cCyEb1eZFuLGJ+rHcUBQa+JSsoHIcv4botYBI1fMs/7DGsjk+j+nqGT1HbrC7ax2iHWbhn64yssz191a3SfpoAnv5bWpXQjQWefEMzT7m8/jDO9QmJFQHkmFOW6WMEt6NWf4LhKyHj', 'image': 'ghcr.io/docker-images-*********/ansible-test/centos-stream8:latest', 'local_file_name': '20221218_190444.txt', 'name': 'instance', 'pre_build_image': True, 's3_bucket': '*********', 's3_object_name': '/ansible-roles-*********/aws_s3_get/20221218_190444', 'test_string': 20221218190444, 'working_dir': '/tmp/s3'})

TASK [Assert] ******************************************************************
Sunday 18 December 2022  19:06:07 +0900 (0:00:00.730)       0:00:06.816 *******
ok: [instance] => {
    "changed": false,
    "msg": "All assertions passed"
}

PLAY RECAP *********************************************************************
instance                   : ok=6    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Sunday 18 December 2022  19:06:07 +0900 (0:00:00.038)       0:00:06.855 *******
===============================================================================
Gathering Facts --------------------------------------------------------- 1.45s
Create working directory ------------------------------------------------ 0.84s
Retrieve test text file from AWS S3 ------------------------------------- 2.96s
Register test strings --------------------------------------------------- 0.82s
Regsiter assertion strings ---------------------------------------------- 0.73s
Assert ------------------------------------------------------------------ 0.04s
INFO     Verifier completed successfully.
CircleCI received exit code 0

変数で渡したアクセスキーやセッショントークンが露出しています。

抜粋

TASK [Regsiter assertion strings] **********************************************
Sunday 18 December 2022  19:06:06 +0900 (0:00:00.819)       0:00:06.085 *******
ok: [instance] => (item={'aws_access_key_id': 'ASIA3YSKL4F6YIWHCXWP', 'aws_region': None, 'aws_secret_access_key': 'knT+lbwhN8gDIF016LFpo4eZV0juZVeeqoRwgJ8n', 'aws_security_token': 'IQoJb3JpZ2luX2VjEAoaDmFwLW5vcnRoZWFzdC0xIkcwRQIgPRJdqR+xAdALYjZs898a8jMQq1fH0bVe6QAasy7Vk/UCIQDcUDsb2GSv6VdodoKFxycmlMdAvgz786kXR7Sex6rQ7CqgBQhDEAAaDDgwODY4MzU2MTM0MSIMpaSU3uXa87lZFKtIKv0EvdGKEu4C83VppaAIVYfuLHhyNPG7vegm5qUx3LtZvxX/1GAnzICiTgm68yNTTB13kgCRO20H4FphrCRZjqKCyJjUp7Ogp/h/GUKPbbyBBxHJIp/vMuQ45XiBist/K8KjGSu0MVHYM/tRqtRzcU6mVgYv1tzueWWB0EujskR6tsNNfo41jSszErCRXXS5ND6HkpawyNQIXV2rDcKB39PlA/6OXeVLZQkbzG+kqA4PhMgDCa/WI3nmd1XAX+Xk2BZTNgsF/mAa1uvoH0pQLfdB+lzbbWa17Dd6bPQ4bRJMCD1fDQ5EJyg3ih+a/GHIBcUom7s1sQzrBoUdyc1AcroeePQHbT8Xp0ODVeZCCHVA46cdGIAAYNbvfZtFhBbJzlXy0QcI/Nzb4unJmSKTg8rltC0P8AaMS1Vr/dMg2f3QM3HUYhfqYcy9yvUOqwzg2UQt8rU+sbHZ4wPrEbmespI3SLmaxPp9lnsCWKRAu2yLktcheziFqgPsN7X/szSOefUbjeYP1U7sJm3635HHrXjcJBavcqiiCjjryOWZpP3QNfCXK0Tf6KQg1errgu8uEgGz3K7jKsUQdXbYxVPC8wIoDgrG4Vx6VzYM8dUUekGk0wrRhcCU0DTLH+HIauLQCOGoIarPLVc2Z2hvRS5dw4J7aDWbc0wikcYTs2J9p1mfiaTFosle+qXZA918oVMLQPfyKnVotgXjHWIdQIJ/eqLKzifwhmHQNh91QJvEAlAR1JsLng7LQh/35uxdYt4AgJZrAU5fkYBREzIZw0n07ASZEwWPcYA0mo4nmcA6J1UiYn+WCglAly8U6BSUohMmQbrQfjv6vWGScXy3iI8wSDC5y/ucBjqVAUeGWDO49o66j4jWVNaNeMpxdsviP0M9O27+u6CVGa7cJSoeANQgGe2rNq2Ms7cCyEb1eZFuLGJ+rHcUBQa+JSsoHIcv4botYBI1fMs/7DGsjk+j+nqGT1HbrC7ax2iHWbhn64yssz191a3SfpoAnv5bWpXQjQWefEMzT7m8/jDO9QmJFQHkmFOW6WMEt6NWf4LhKyHj', 'image': 'ghcr.io/docker-images-*********/ansible-test/centos-stream8:latest', 'local_file_name': '20221218_190444.txt', 'name': 'instance', 'pre_build_image': True, 's3_bucket': '*********', 's3_object_name': '/ansible-roles-*********/aws_s3_get/20221218_190444', 'test_string': 20221218190444, 'working_dir': '/tmp/s3'})

環境変数で秘匿情報を渡す

MoleculeでAWSの秘匿情報を利用する時は必ず環境変数にします。

実行ログ
INFO     env_test scenario test matrix: dependency, syntax, create, prepare, converge, verify
INFO     Performing prerun with role_name_check=0...
INFO     Set ANSIBLE_LIBRARY=/home/circleci/.cache/ansible-compat/8d920d/modules:/home/circleci/.ansible/plugins/modules:/usr/share/ansible/plugins/modules
INFO     Set ANSIBLE_COLLECTIONS_PATH=/home/circleci/.cache/ansible-compat/8d920d/collections:/home/circleci/.ansible/collections:/usr/share/ansible/collections
INFO     Set ANSIBLE_ROLES_PATH=/home/circleci/.cache/ansible-compat/8d920d/roles:/home/circleci/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles
INFO     Using /home/circleci/.cache/ansible-compat/8d920d/roles/*********.aws_s3_get symlink to current repository in order to enable Ansible to find the role using its expected full name.
INFO     Running env_test > dependency
INFO     Running from /tmp/aws_s3_get : ansible-galaxy collection install -vvv community.docker:>=3.0.2
INFO     Running from /tmp/aws_s3_get : ansible-galaxy collection install -vvv ansible.posix:>=1.4.0
[WARNING]: - dependency geerlingguy.pip () from role *********.aws_s3_bootstrap
differs from already installed version (2.2.0), skipping
Starting galaxy role install process
- downloading role 'pip', owned by geerlingguy
- downloading role from https://github.com/geerlingguy/ansible-role-pip/archive/2.2.0.tar.gz
- extracting geerlingguy.pip to /home/circleci/.cache/molecule/aws_s3_get/env_test/roles/geerlingguy.pip
- geerlingguy.pip (2.2.0) was installed successfully
- extracting *********.aws_s3_bootstrap to /home/circleci/.cache/molecule/aws_s3_get/env_test/roles/*********.aws_s3_bootstrap
- *********.aws_s3_bootstrap was installed successfully
- dependency *********.epel already pending installation.
- extracting *********.epel to /home/circleci/.cache/molecule/aws_s3_get/env_test/roles/*********.epel
- *********.epel was installed successfully
INFO     Dependency completed successfully.
WARNING  Skipping, missing the requirements file.
INFO     Running env_test > syntax
INFO     Sanity checks: 'docker'

playbook: /tmp/aws_s3_get/molecule/env_test/converge.yml
INFO     Running env_test > create

PLAY [Create] ******************************************************************

TASK [Set async_dir for HOME env] **********************************************
Sunday 18 December 2022  19:05:08 +0900 (0:00:00.018)       0:00:00.018 *******
ok: [localhost]

TASK [Log into a Docker registry] **********************************************
Sunday 18 December 2022  19:05:08 +0900 (0:00:00.063)       0:00:00.082 *******
skipping: [localhost] => (item=None) 
skipping: [localhost]

TASK [Check presence of custom Dockerfiles] ************************************
Sunday 18 December 2022  19:05:08 +0900 (0:00:00.041)       0:00:00.124 *******
ok: [localhost] => (item=None)
ok: [localhost]

TASK [Create Dockerfiles from image names] *************************************
Sunday 18 December 2022  19:05:09 +0900 (0:00:00.469)       0:00:00.593 *******
skipping: [localhost] => (item=None) 
skipping: [localhost]

TASK [Synchronization the context] *********************************************
Sunday 18 December 2022  19:05:09 +0900 (0:00:00.077)       0:00:00.671 *******
skipping: [localhost] => (item=None) 
skipping: [localhost]

TASK [Discover local Docker images] ********************************************
Sunday 18 December 2022  19:05:09 +0900 (0:00:00.047)       0:00:00.718 *******
ok: [localhost] => (item=None)
ok: [localhost]

TASK [Build an Ansible compatible image (new)] *********************************
Sunday 18 December 2022  19:05:10 +0900 (0:00:00.787)       0:00:01.506 *******
skipping: [localhost] => (item=molecule_local/ghcr.io/docker-images-*********/ansible-test/centos-stream8:latest)
skipping: [localhost]

TASK [Create docker network(s)] ************************************************
Sunday 18 December 2022  19:05:10 +0900 (0:00:00.073)       0:00:01.579 *******
skipping: [localhost]

TASK [Determine the CMD directives] ********************************************
Sunday 18 December 2022  19:05:10 +0900 (0:00:00.019)       0:00:01.599 *******
ok: [localhost] => (item=None)
ok: [localhost]

TASK [Create molecule instance(s)] *********************************************
Sunday 18 December 2022  19:05:10 +0900 (0:00:00.071)       0:00:01.671 *******
changed: [localhost] => (item=instance)

TASK [Wait for instance(s) creation to complete] *******************************
Sunday 18 December 2022  19:05:11 +0900 (0:00:00.877)       0:00:02.548 *******
FAILED - RETRYING: [localhost]: Wait for instance(s) creation to complete (300 retries left).
FAILED - RETRYING: [localhost]: Wait for instance(s) creation to complete (299 retries left).
changed: [localhost] => (item=None)
changed: [localhost]

PLAY RECAP *********************************************************************
localhost                  : ok=6    changed=2    unreachable=0    failed=0    skipped=5    rescued=0    ignored=0

Sunday 18 December 2022  19:05:22 +0900 (0:00:11.508)       0:00:14.057 *******
===============================================================================
Set async_dir for HOME env ---------------------------------------------- 0.06s
Log into a Docker registry ---------------------------------------------- 0.04s
Check presence of custom Dockerfiles ------------------------------------ 0.47s
Create Dockerfiles from image names ------------------------------------- 0.08s
Synchronization the context --------------------------------------------- 0.05s
Discover local Docker images -------------------------------------------- 0.79s
Build an Ansible compatible image (new) --------------------------------- 0.07s
Create docker network(s) ------------------------------------------------ 0.02s
Determine the CMD directives -------------------------------------------- 0.07s
Create molecule instance(s) --------------------------------------------- 0.88s
Wait for instance(s) creation to complete ------------------------------ 11.51s
INFO     Running env_test > prepare
[DEPRECATION WARNING]: community.general.files.ini_file has been deprecated. 
You are using an internal name to access the community.general.ini_file 
modules. This has never been supported or documented, and will stop working in 
community.general 9.0.0. This feature will be removed from community.general in
 version 9.0.0. Deprecation warnings can be disabled by setting 
deprecation_warnings=False in ansible.cfg.

PLAY [Prepare] *****************************************************************

TASK [Gathering Facts] *********************************************************
Sunday 18 December 2022  19:05:23 +0900 (0:00:00.015)       0:00:00.015 *******
ok: [instance]

TASK [geerlingguy.pip : Ensure Pip is installed.] ******************************
Sunday 18 December 2022  19:05:24 +0900 (0:00:01.412)       0:00:01.427 *******
changed: [instance]

TASK [geerlingguy.pip : Ensure pip_install_packages are installed.] ************
Sunday 18 December 2022  19:05:27 +0900 (0:00:02.989)       0:00:04.417 *******
skipping: [instance]

TASK [*********.epel : Install EPEL repo] **************************************
Sunday 18 December 2022  19:05:28 +0900 (0:00:00.020)       0:00:04.438 *******
changed: [instance]

TASK [*********.epel : Disable EPEL repo] **************************************
Sunday 18 December 2022  19:05:30 +0900 (0:00:02.113)       0:00:06.552 *******
changed: [instance]

TASK [Install epel repo] *******************************************************
Sunday 18 December 2022  19:05:30 +0900 (0:00:00.848)       0:00:07.401 *******

TASK [*********.epel : Install EPEL repo] **************************************
Sunday 18 December 2022  19:05:30 +0900 (0:00:00.027)       0:00:07.428 *******
ok: [instance]

TASK [*********.epel : Disable EPEL repo] **************************************
Sunday 18 December 2022  19:05:39 +0900 (0:00:08.527)       0:00:15.956 *******
ok: [instance]

TASK [Install pip and boto3 (CentOS Stream 8)] *********************************
Sunday 18 December 2022  19:05:40 +0900 (0:00:00.676)       0:00:16.633 *******

TASK [geerlingguy.pip : Ensure Pip is installed.] ******************************
Sunday 18 December 2022  19:05:40 +0900 (0:00:00.033)       0:00:16.666 *******
ok: [instance]

TASK [geerlingguy.pip : Ensure pip_install_packages are installed.] ************
Sunday 18 December 2022  19:05:42 +0900 (0:00:01.975)       0:00:18.641 *******
ok: [instance] => (item={'name': 'pip'})
changed: [instance] => (item={'name': 'boto3'})

TASK [Install pip and boto3 (CentOS 7)] ****************************************
Sunday 18 December 2022  19:05:47 +0900 (0:00:05.662)       0:00:24.304 *******
skipping: [instance]

TASK [Create directory for creating test text file] ****************************
Sunday 18 December 2022  19:05:47 +0900 (0:00:00.026)       0:00:24.331 *******
changed: [instance -> localhost]

TASK [Create test text file] ***************************************************
Sunday 18 December 2022  19:05:48 +0900 (0:00:00.485)       0:00:24.816 *******
changed: [instance -> localhost] => (item={'image': 'ghcr.io/docker-images-*********/ansible-test/centos-stream8:latest', 'local_file_name': '20221218_190444.txt', 'name': 'instance', 'pre_build_image': True, 's3_bucket': '*********', 's3_object_name': '/ansible-roles-*********/aws_s3_get/20221218_190444', 'test_string': 20221218190444, 'working_dir': '/tmp/s3'})

TASK [Simple PUT operation. AWS credentials are passed from environment variables.] ***
Sunday 18 December 2022  19:05:49 +0900 (0:00:00.887)       0:00:25.703 *******
changed: [instance -> localhost] => (item={'image': 'ghcr.io/docker-images-*********/ansible-test/centos-stream8:latest', 'local_file_name': '20221218_190444.txt', 'name': 'instance', 'pre_build_image': True, 's3_bucket': '*********', 's3_object_name': '/ansible-roles-*********/aws_s3_get/20221218_190444', 'test_string': 20221218190444, 'working_dir': '/tmp/s3'})

PLAY RECAP *********************************************************************
instance                   : ok=11   changed=7    unreachable=0    failed=0    skipped=2    rescued=0    ignored=0

Sunday 18 December 2022  19:05:52 +0900 (0:00:03.265)       0:00:28.969 *******
===============================================================================
Gathering Facts --------------------------------------------------------- 1.41s
geerlingguy.pip : Ensure Pip is installed. ------------------------------ 2.99s
geerlingguy.pip : Ensure pip_install_packages are installed. ------------ 0.02s
*********.epel : Install EPEL repo -------------------------------------- 2.11s
*********.epel : Disable EPEL repo -------------------------------------- 0.85s
Install epel repo ------------------------------------------------------- 0.03s
*********.epel : Install EPEL repo -------------------------------------- 8.53s
*********.epel : Disable EPEL repo -------------------------------------- 0.68s
Install pip and boto3 (CentOS Stream 8) --------------------------------- 0.03s
geerlingguy.pip : Ensure Pip is installed. ------------------------------ 1.98s
geerlingguy.pip : Ensure pip_install_packages are installed. ------------ 5.66s
Install pip and boto3 (CentOS 7) ---------------------------------------- 0.03s
Create directory for creating test text file ---------------------------- 0.49s
Create test text file --------------------------------------------------- 0.89s
Simple PUT operation. AWS credentials are passed from environment variables. --- 3.27s
INFO     Running env_test > converge

PLAY [Converge] ****************************************************************

TASK [Gathering Facts] *********************************************************
Sunday 18 December 2022  19:05:53 +0900 (0:00:00.015)       0:00:00.015 *******
ok: [instance]

TASK [aws_s3_get : Validating arguments against arg spec 'main' - Copy a file in the remote system to AWS S3.] ***
Sunday 18 December 2022  19:05:54 +0900 (0:00:01.465)       0:00:01.480 *******
ok: [instance]

TASK [aws_s3_get : Set AWS credentials to variables] ***************************
Sunday 18 December 2022  19:05:54 +0900 (0:00:00.024)       0:00:01.505 *******
ok: [instance]

TASK [aws_s3_get : Create the directory to retrieve the S3 object] *************
Sunday 18 December 2022  19:05:54 +0900 (0:00:00.026)       0:00:01.531 *******
changed: [instance]

TASK [aws_s3_get : Simple GET operation with AWS credentials passed by environment variables] ***
Sunday 18 December 2022  19:05:55 +0900 (0:00:00.852)       0:00:02.384 *******
changed: [instance]

TASK [aws_s3_get : Simple GET operation] ***************************************
Sunday 18 December 2022  19:05:59 +0900 (0:00:03.767)       0:00:06.152 *******
skipping: [instance]

PLAY RECAP *********************************************************************
instance                   : ok=5    changed=2    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0

Sunday 18 December 2022  19:05:59 +0900 (0:00:00.048)       0:00:06.201 *******
===============================================================================
Gathering Facts --------------------------------------------------------- 1.47s
aws_s3_get : Validating arguments against arg spec 'main' - Copy a file in the remote system to AWS S3. --- 0.02s
aws_s3_get : Set AWS credentials to variables --------------------------- 0.03s
aws_s3_get : Create the directory to retrieve the S3 object ------------- 0.85s
aws_s3_get : Simple GET operation with AWS credentials passed by environment variables --- 3.77s
aws_s3_get : Simple GET operation --------------------------------------- 0.05s
INFO     Running env_test > verify
INFO     Running Ansible Verifier

PLAY [Verify] ******************************************************************

TASK [Gathering Facts] *********************************************************
Sunday 18 December 2022  19:06:00 +0900 (0:00:00.013)       0:00:00.013 *******
ok: [instance]

TASK [Create working directory] ************************************************
Sunday 18 December 2022  19:06:01 +0900 (0:00:01.421)       0:00:01.434 *******
changed: [instance] => (item={'image': 'ghcr.io/docker-images-*********/ansible-test/centos-stream8:latest', 'local_file_name': '20221218_190444.txt', 'name': 'instance', 'pre_build_image': True, 's3_bucket': '*********', 's3_object_name': '/ansible-roles-*********/aws_s3_get/20221218_190444', 'test_string': 20221218190444, 'working_dir': '/tmp/s3'})

TASK [Retrieve test text file from AWS S3] *************************************
Sunday 18 December 2022  19:06:02 +0900 (0:00:00.795)       0:00:02.230 *******
ok: [instance] => (item={'image': 'ghcr.io/docker-images-*********/ansible-test/centos-stream8:latest', 'local_file_name': '20221218_190444.txt', 'name': 'instance', 'pre_build_image': True, 's3_bucket': '*********', 's3_object_name': '/ansible-roles-*********/aws_s3_get/20221218_190444', 'test_string': 20221218190444, 'working_dir': '/tmp/s3'})

TASK [Register test strings] ***************************************************
Sunday 18 December 2022  19:06:05 +0900 (0:00:02.933)       0:00:05.164 *******
ok: [instance] => (item={'image': 'ghcr.io/docker-images-*********/ansible-test/centos-stream8:latest', 'local_file_name': '20221218_190444.txt', 'name': 'instance', 'pre_build_image': True, 's3_bucket': '*********', 's3_object_name': '/ansible-roles-*********/aws_s3_get/20221218_190444', 'test_string': 20221218190444, 'working_dir': '/tmp/s3'})

TASK [Regsiter assertion strings] **********************************************
Sunday 18 December 2022  19:06:06 +0900 (0:00:00.763)       0:00:05.927 *******
ok: [instance] => (item={'image': 'ghcr.io/docker-images-*********/ansible-test/centos-stream8:latest', 'local_file_name': '20221218_190444.txt', 'name': 'instance', 'pre_build_image': True, 's3_bucket': '*********', 's3_object_name': '/ansible-roles-*********/aws_s3_get/20221218_190444', 'test_string': 20221218190444, 'working_dir': '/tmp/s3'})

TASK [Assert] ******************************************************************
Sunday 18 December 2022  19:06:06 +0900 (0:00:00.677)       0:00:06.604 *******
ok: [instance] => {
    "changed": false,
    "msg": "All assertions passed"
}

PLAY RECAP *********************************************************************
instance                   : ok=6    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Sunday 18 December 2022  19:06:06 +0900 (0:00:00.037)       0:00:06.642 *******
===============================================================================
Gathering Facts --------------------------------------------------------- 1.42s
Create working directory ------------------------------------------------ 0.80s
Retrieve test text file from AWS S3 ------------------------------------- 2.93s
Register test strings --------------------------------------------------- 0.76s
Regsiter assertion strings ---------------------------------------------- 0.68s
Assert ------------------------------------------------------------------ 0.04s
INFO     Verifier completed successfully.
CircleCI received exit code 0
抜粋
TASK [Regsiter assertion strings] **********************************************
Sunday 18 December 2022  19:06:06 +0900 (0:00:00.763)       0:00:05.927 *******
ok: [instance] => (item={'image': 'ghcr.io/docker-images-*********/ansible-test/centos-stream8:latest', 'local_file_name': '20221218_190444.txt', 'name': 'instance', 'pre_build_image': True, 's3_bucket': '*********', 's3_object_name': '/ansible-roles-*********/aws_s3_get/20221218_190444', 'test_string': 20221218190444, 'working_dir': '/tmp/s3'})

まとめ

テストフレームワークに採用したいMoleculeですがAnsibleとログの出力が違うので大きな注意を払う必要があります。

以下は今回の動作確認環境は以下です。

  • Ansible 7.1.0
  • Python 3.11.1
  • Molecule 4.0.4
1
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
1
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?