Organization repository
As the organization and the admin user for this new organization are created, we can proceed with creating a new gitlab repository.
So we create a new repository for this team in the configascode group in gitlab, and assign the CICD pipeline from common_code/cac/pipeline.yml, so the pipeline will be uniform.
Also ad a new VAULT_PASSWORD variable to this new repository and we are almost good to go, apart from the files in the repository.
The files needed to configure the controller for a new organization rhaap 2.5 are listed below:
controller_credentials.yml
controller_hosts.yml
controller_inventory.yml
controller_inventory_sources.yml
controller_labels.yml
controller_organizations.yml
controller_notification_templates.yml
controller_projects.yml
controller_roles.yml
controller_schedules.yml
controller_templates.yml
controller_workflows.yml
All files starting with controller, hold variables for the controller_configuration roles in the aap_configuration collection.
The values and ranges are wel documented in the collection documentation on github.
We will explain the contents of the complete repository step-by-step as we did for the base configuration for gateway and automation hub. It is essentially the same structure, but with fewer files.
First we wil look back on the directory structure we have shown you before, but only the part we need at the moment:
.
├── group_vars
│ ├── all
│ │ └── yml-files
│ ├── dev
│ │ └── yml-files
│ └── prod
│ └── yml-files
The files we see above are placed in each of the group_vars directories, so each directory will hold the same filenames (content is different!).
All files need to be present, or else the code will not work.
As you see, the group_vars looks like an inventory, and it basically is, but the thing with inventories is, they tend to overwrite variables.
This is not what we want, so the content of the files is slightly different, so the vaiables aren't overidden. I hear you asking why and I will tell you.
We don't want to define things twice, ever.
So if we define things in "ALL" we want to be present in all of our environments, but if this where an inventory, as soon as we define somenthing in the same file in dev, we must copy all contents from the "ALL" file to dev AND prod. So that doubles our maintenance for that file.
If we slightly differ the variable names in the files and let the code merge the variables, then the all is still all and merges with the correct environment.
Less copying, less maintenance and easy management.
This is the essence of the configurationas code as I built it.
Adding files
Just like the base_gateway_and_hub configuration, we define the variables in the files exactly like we did there, this means we can reuse the same code and therefore make it all easier to understand. This way we don't take a strange turn, it all looks and feels the same and this makes it easier to manage.
So if You have read the configuration part for the gateway, You know what to do. Else go back and read that part so You'll understand whats coming.
The files
Below, You'll find the links to the individual files and their content:
controller_credentials.yml
controller_hosts.yml
controller_inventory.yml
controller_inventory_sources.yml
controller_labels.yml
controller_organizations.yml
controller_notification_templates.yml
controller_projects.yml
controller_roles.yml
controller_schedules.yml
controller_templates.yml
controller_workflows.yml
The code in the repository
As we created the directory structure to hold the configuration files we dicussed above this, we need to add the host_vars directories.
It may be obvious what goes in there, but anyway..
We expand the structure above with the following structure and start filling in the files to make things functional.
── host_vars
│ ├── aap_dev
│ │ ├── aap_auth.yml
│ │ └── aap_dev.yml
│ └── aap_prod
│ ├── aap_auth.yml
│ └── aap_prod.yml
├── inventory.yaml
└── main.yml
host_vars/aap_dev/aap_auth.yml
In this file we place the authentication variables to be able to configure the organization (so the created organization admin account).
---
aap_hostname: 'https://<rhaap_fqdn>'
aap_validate_certs: false
aap_username: CaC_admin_NEW # plaese vault this
aap_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
62376235356630323466653639303235366562393632613031303630643564656535306264633634
3133616538333963663961656631326164343534366538630a623665663764373838383838333335
64386531356335303439643132663561383166656166613232323537336565323562633765363435
3063343531383132650a613834653466623166656264393731366262616661353562336330373437
3963
host_vars/aap_dev/aap_dev.yml
Some vars for the collections to make things run smooth.
---
hostname: localhost
aap_configuration_async_retries: 50
aap_configuration_async_delay: 5
aap_request_timeout: 60
...
The production branch of the host_vars holds the same files, with other values, suitable for the production environment.
inventory.yml
This file is important, but so simple.. just copy this:
---
dev:
hosts: aap_dev
prod:
hosts: aap_prod
the real code main.yml
The file main.yml is almost the same in every repository for configuration as code. Just the variables vary.
---
- name: Configure rhaap platform controller base
hosts: "{{ instance | default('localhost') }}"
connection: local
gather_facts: false
pre_tasks:
- name: Set the gateway vars
ansible.builtin.set_fact:
aap_configuration_secure_logging: false
controller_credentials: >
{{ controller_credentials_all |
community.general.lists_mergeby(vars['controller_credentials_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_hosts: >
{{ controller_hosts_all |
community.general.lists_mergeby(vars['controller_hosts_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_inventory_sources: >
{{ controller_inventory_sources_all |
community.general.lists_mergeby(vars['controller_inventory_sources_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_inventories: >
{{ controller_inventories_all |
community.general.lists_mergeby(vars['controller_inventories_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_labels: >
{{ controller_labels_all |
community.general.lists_mergeby(vars['controller_labels_' + branch_name],
'name', recursive=true, list_merge='append') }}
aap_organizations: >
{{ aap_organizations_all |
community.general.lists_mergeby(vars['aap_organizations_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_notifications: >
{{ controller_notifications_all |
community.general.lists_mergeby(vars['controller_notifications_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_projects: >
{{ controller_projects_all |
community.general.lists_mergeby(vars['controller_projects_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_schedules: >
{{ controller_schedules_all |
community.general.lists_mergeby(vars['controller_schedules_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_templates: >
{{ controller_templates_all |
community.general.lists_mergeby(vars['controller_templates_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_roles: >
{{ controller_roles_all |
community.general.lists_mergeby(vars['controller_roles_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_workflows: >
{{ controller_workflows_all |
community.general.lists_mergeby(vars['controller_workflows_' + branch_name],
'name', recursive=true, list_merge='append') }}
roles:
- infra.aap_configuration.dispatch