controller_credentials.yml
In these files we configure the credentials for automation controller.
we will probably do this on the global configuration (ALL).
group_vars/all/controller_credentials.yml
Here we see an example of the configuration for a credential to access gitlab. Encrypt all sensitive data like users and passwords with the vault password provided (CICD variable).
As the team may have some devices/apps that require additional users/passwords, they can be configured here for the organization, these are not shareable to other teams.
---
controller_credentials_all:
- name: ORG_NEW_gitlab
description:
credential_type: Source Control
organization: ORG_NEW
inputs:
ssh_key_data: |
-----BEGIN OPENSSH PRIVATE KEY-----
-----END OPENSSH PRIVATE KEY-----
username: ORG_NEW_gitlab_acc
But you can already see that the variable name used here has the "_all" extension, so the variable will not be overridden as this is not quite a inventory.
Why we do this, will become clear in a moment.
group_vars/dev/controller_credentials.yml
As we do not configure extra credentials in development, this file is an empty set.
---
controller_credentials_dev: []
# No extra config exists
...
Here the variable has the "_dev" extension, so the variable will not be overridden.
group_vars/prod/controller_credentials.yml
As we do not configure extra credentials in prod, this file is an empty set.
---
controller_credentials_prod: []
# No extra config exists
...
Here the variable has the "_prod" extension, so the variable will not be overridden.
When we run a pipeline for a certain environment, the inventory structure will provide us with 2 variables:
- controller_credentials_all
- controller_credentials_
We will merge these 2 variables into 1: controller_credentials and feed this to the infra.aap_configuration.controller_credentials role.