Switch to using setup instead of hostvars

hostvars can potentially leak secrets. setup doesn't, and records what we're interested in, which is the information ansible knows about the remote host. Change-Id: Ice585cb3beddf4e3ecc1e692ecf4e7da8c5754b8
2017-07-13 17:07:30 -05:00 · 2017-07-13 17:07:30 -05:00 · c00eca3f15
commit c00eca3f15
parent 2dfb08a49e
4 changed files with 8 additions and 6 deletions
--- a/roles/validate-host/README.rst
+++ b/roles/validate-host/README.rst
@ -1,3 +1 @@
-Output all of the Ansible variables for the host
+Log information about the remote build host
 This is unsafe to run in Trusted jobs as it will write any secrets to the log.
--- a/roles/validate-host/tasks/main.yaml
+++ b/roles/validate-host/tasks/main.yaml
@ -8,11 +8,15 @@
    path: "{{ zuul_info_dir }}"
    state: directory
 - name: Collect information about the host
  setup:
  register: setupinfo
 - name: Write out all ansible variables/facts known for each host
  delegate_to: localhost
  template:
-    dest: "{{ zuul_info_dir }}/ansible-hostvars.{{ inventory_hostname }}.yaml"
+    dest: "{{ zuul_info_dir }}/host-info.{{ inventory_hostname }}.yaml"
-    src: templates/ansible-hostvars.j2
+    src: templates/host-info.j2
 - name: Collect information about zuul worker
  zuul_debug_info:
--- a/roles/validate-host/templates/ansible-hostvars.j2
+++ b/roles/validate-host/templates/ansible-hostvars.j2
@ -1 +0,0 @@
 {{ hostvars[inventory_hostname] | to_nice_yaml(indent=2) }}
--- a/roles/validate-host/templates/host-info.j2
+++ b/roles/validate-host/templates/host-info.j2
@ -0,0 +1 @@
 {{ setupinfo | to_nice_yaml(indent=2) }}
`@ -1,3 +1 @@`
	`Output all of the Ansible variables for the host`	`Log information about the remote build host`

	`This is unsafe to run in Trusted jobs as it will write any secrets to the log.`
		`@ -1 +0,0 @@`
			`{{ hostvars[inventory_hostname] \| to_nice_yaml(indent=2) }}`