From c00eca3f155d9c418f1e80054357080e20ca9c99 Mon Sep 17 00:00:00 2001
From: Monty Taylor <mordred@inaugust.com>
Date: Thu, 13 Jul 2017 17:07:30 -0500
Subject: [PATCH] Switch to using setup instead of hostvars

hostvars can potentially leak secrets. setup doesn't, and records what
we're interested in, which is the information ansible knows about the
remote host.

Change-Id: Ice585cb3beddf4e3ecc1e692ecf4e7da8c5754b8
---
 roles/validate-host/README.rst                    | 4 +---
 roles/validate-host/tasks/main.yaml               | 8 ++++++--
 roles/validate-host/templates/ansible-hostvars.j2 | 1 -
 roles/validate-host/templates/host-info.j2        | 1 +
 4 files changed, 8 insertions(+), 6 deletions(-)
 delete mode 100644 roles/validate-host/templates/ansible-hostvars.j2
 create mode 100644 roles/validate-host/templates/host-info.j2

diff --git a/roles/validate-host/README.rst b/roles/validate-host/README.rst
index 6d550faa9..d74f1e662 100644
--- a/roles/validate-host/README.rst
+++ b/roles/validate-host/README.rst
@@ -1,3 +1 @@
-Output all of the Ansible variables for the host
-
-This is unsafe to run in Trusted jobs as it will write any secrets to the log.
+Log information about the remote build host
diff --git a/roles/validate-host/tasks/main.yaml b/roles/validate-host/tasks/main.yaml
index a889be97e..d1b3fceb6 100644
--- a/roles/validate-host/tasks/main.yaml
+++ b/roles/validate-host/tasks/main.yaml
@@ -8,11 +8,15 @@
     path: "{{ zuul_info_dir }}"
     state: directory
 
+- name: Collect information about the host
+  setup:
+  register: setupinfo
+
 - name: Write out all ansible variables/facts known for each host
   delegate_to: localhost
   template:
-    dest: "{{ zuul_info_dir }}/ansible-hostvars.{{ inventory_hostname }}.yaml"
-    src: templates/ansible-hostvars.j2
+    dest: "{{ zuul_info_dir }}/host-info.{{ inventory_hostname }}.yaml"
+    src: templates/host-info.j2
 
 - name: Collect information about zuul worker
   zuul_debug_info:
diff --git a/roles/validate-host/templates/ansible-hostvars.j2 b/roles/validate-host/templates/ansible-hostvars.j2
deleted file mode 100644
index a14416a88..000000000
--- a/roles/validate-host/templates/ansible-hostvars.j2
+++ /dev/null
@@ -1 +0,0 @@
-{{ hostvars[inventory_hostname] | to_nice_yaml(indent=2) }}
diff --git a/roles/validate-host/templates/host-info.j2 b/roles/validate-host/templates/host-info.j2
new file mode 100644
index 000000000..85463ee47
--- /dev/null
+++ b/roles/validate-host/templates/host-info.j2
@@ -0,0 +1 @@
+{{ setupinfo | to_nice_yaml(indent=2) }}