gateway_settings
group_vars/all/gateway_settings.yml
Some settings we use are enforced by the enterprise policy, so we configure those here to be sure that even local users use the password policy.
---
gateway_settings_all:
- name: gateway_token_name
value: X-DAB-JW-TOKEN
- name: gateway_access_token_expiration
value: 600
- name: gateway_basic_auth_enabled
value: true
- name: gateway_proxy_url_ignore_cert
value: false
- name: password_min_length
value: 6
- name: password_min_digits
value: 1
- name: password_min_upper
value: 1
- name: password_min_special
value: 1
...
But you can already see that the variable name used here has the "_all" extension, so the variable will not be overridden as this is not quite a inventory.
Why we do this, will become clear in a moment.
group_vars/dev/gateway_settings.yml
Here we configure an extra setting for the development environment, this setting is only applied in development, as you can see the value in production is different.
---
gateway_settings_dev:
- name: gateway_proxy_url
value: https://rhaap25.homelab:9080
- name: allow_admins_to_set_insecure
value: true
...
Here the variable has the "_dev" extension, so the variable will not be overridden.
group_vars/prod/gateway_settings.yml
Ensure the insecure setting in dev is not applied here.
---
gateway_settings_prod: []
- name: gateway_proxy_url
value: https://rhaap-prod.homelab:9080
- name: allow_admins_to_set_insecure
value: false
...
Here the variable has the "_prod" extension, so the variable will not be overridden.
As you review this page, it may become clear to you that there is almost no data doubling in this configuration.
Everything a, if possible, only configured once, so that maintenance is less error prone.