Salt: output_loglevel: quiet in cmd.run not working ?

@Reiner030, the output_loglevel controls the logging level at which commands sent through cmd.run* are logged. This log information appears in the log file and on the terminal if you run the minion in the foreground. To suppress command output, use the quiet outputter: salt --output=quiet minion state.apply elb_throttle. Also see salt --help | grep -E -A5 -- '--output='.

Sorry, overseen last days the update of this issue.
The problem is here that I want my states (changed/unchanged) commonly shown. So --output=quiet is not the right choice...

If the output_loglevel only drops the log output only (checked... yes works nice) it would be then nice/feature request to have same state parameter like output_level = quiet, too?
Didn't know how often this special case could be commonly of interest but normal
{% salt['cmd.run']('sleep 1') %} e.g. would only be executed when parsing the files.

There are also other cases where I miss "runtime" state dependencies especially from cmd.* states. Perhaps the - stateful parameter is for this case but nowhere helpful documented yet.

Because of some other debugging:
Here is only the stupid solution missing that the task should finish with "Clean" instead of "Changed"..

This would be nice to documentate how saltstack checks which state an external command has e.g.
like Nagios services:
exit status 0 => OK
exit status 1 => WARNING
exit status 2 => CRITICAL
exit status 3 => UNKNOWN

@Reiner030 Do the state_output options help you here? https://docs.saltstack.com/en/latest/ref/output/all/salt.output.highstate.html

'output_loglevel: quiet' still shows full cmd.run output in version 2016.11.5
Also tried 'quiet: True' with the same result: full cmd.run output shown.

Also seem to be having this issue

netdatainstall:
  require:
    - git: netdatarepo
    - pkg: netdatarequisites
  cmd.run:
    - cwd: /root/netdatagit
    - name: ./netdata-installer.sh
    - output_loglevel: quiet <----- this seems ok right?

This doesn't work for me either. I think it is a critical bug, because often sensitive information like passwords will be stored in pillars and used in cmd.run states. You don't want to output those passwords to the screen or to logfiles when the minion runs.

For reference I am also running into this in version 2016.3.8 on Ubuntu 16.04.

I agree with @realulim. If setting a password via cmd.run on the salt minion, setting "output_loglevel: quiet" does still output the entire command in cleartext. I'd consider this a critical bug due to the security implications.

In case someone is interested in a workaround, I am filtering Salt output like this:

salt-call -l info state.highstate |& egrep -v $EXCL_STR
Where $EXCL_STR contains all my sensitive data that I never want to see in logs or screen output.

Not ideal by any means, but I wouldn't be able to even use Salt otherwise.

output_loglevel: quiet in cmd.run does not work even in the latest stable 2018.3.3 version - all the output is still shown. When will this bug be fixed? It is a critical one, sensitive information is shown in the output and there is no way to hide it

I'm still seeing this in 2018.3.4 - the command itself is still logged despite output_loglevel: quiet. Please tell me it's going to be fixed in 2018.3.5 / 2019.2.1

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue.

bump

Thank you for updating this issue. It is no longer marked as stale.

For those trying to silence output from cmd.run, it looks like hide_output is what you want, not output_loglevel:

• https://github.com/saltstack/salt/pull/44840
• https://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html

The hide_output option does not appear to work for file, so writing secrets to files as templates will still print sensitive info.