main.yml
To facillitate the change in code we need to be able to map the organization using its name, we have split the play into the following parts:
- pre_tasks
- roles
- tasks
We will explain why:
pre_tasks
In the pre_tasks, we merge all variables we need to run the first part of the configuration, so that the organizations are defined and have their id.
We include the vars from the workaround.yml, so we can influence the infra.aap_configuration collection.
We set the aap_configuration_dispatcher_roles variable to the first part of our own creation.
roles
For simplicity, we just call the infra.aap_configuration.dispatch role
and with the variable modified, it runs just a few roles and stops where we need it to.
tasks
Here we first merge and prepare the rest of the variables for the configuration.
Then we run 3 tasks that will prepare the role_user_assignments variable dynamicly:
- Get info from gateway on org_id's
- Set new var with results only
- Create the gateway_role_user_assignments variable
These 3 tasks hold the magical part, read the id's from rhaap and build the correct variable for the config as code,
dynamicly from the actual configuration, so if there were any gaps, no problem anymore they have been remapped.
The last task is running the dispatch role and letting it finish
---
- name: Configure rhaap platform base
hosts: "{{ instance | default('localhost') }}"
connection: local
gather_facts: false
pre_tasks:
- name: Include temporary workaround vars
ansible.builtin.include_vars:
file: workarounds.yml
- name: Set the gateway vars
ansible.builtin.set_fact:
aap_configuration_secure_logging: false
aap_applications: >
{{ aap_applications_all |
community.general.lists_mergeby(vars['aap_applications_' + branch_name],
'name', recursive=true, list_merge='append') }}
gateway_authenticator_maps: >
{{ gateway_authenticator_maps_all |
community.general.lists_mergeby(vars['gateway_authenticator_maps_' + branch_name],
'source_credential', recursive=true, list_merge='append') }}
gateway_authenticators: >
{{ gateway_authenticators_all |
community.general.lists_mergeby(vars['gateway_authenticators_' + branch_name],
'name', recursive=true, list_merge='append') }}
gateway_http_ports: >
{{ gateway_http_ports_all |
community.general.lists_mergeby(vars['gateway_http_ports_' + branch_name],
'name', recursive=true, list_merge='append') }}
aap_organizations: >
{{ aap_organizations_all |
community.general.lists_mergeby(vars['aap_organizations_' + branch_name],
'name', recursive=true, list_merge='append') }}
gateway_routes: >
{{ gateway_routes_all |
community.general.lists_mergeby(vars['gateway_routes_' + branch_name],
'name', recursive=true, list_merge='append') }}
gateway_service_clusters: >
{{ gateway_service_clusters_all |
community.general.lists_mergeby(vars['gateway_service_clusters_' + branch_name],
'name', recursive=true, list_merge='append') }}
gateway_service_keys: >
{{ gateway_service_keys_all |
community.general.lists_mergeby(vars['gateway_service_keys_' + branch_name],
'name', recursive=true, list_merge='append') }}
gateway_service_nodes: >
{{ gateway_service_nodes_all |
community.general.lists_mergeby(vars['gateway_service_nodes_' + branch_name],
'name', recursive=true, list_merge='append') }}
gateway_services: >
{{ gateway_services_all |
community.general.lists_mergeby(vars['gateway_services_' + branch_name],
'name', recursive=true, list_merge='append') }}
gateway_settings: "{{ vars['gateway_settings_' + branch_name] }}"
aap_teams: >
{{ aap_teams_all |
community.general.lists_mergeby(vars['aap_teams_' + branch_name],
'name', recursive=true, list_merge='append') }}
aap_user_accounts: >
{{ aap_user_accounts_all |
community.general.lists_mergeby(vars['aap_user_accounts_' + branch_name],
'username', recursive=true, list_merge='append') }}
gateway_role_user_list: >
{{ gateway_role_user_assignments_all |
community.general.lists_mergeby(vars['gateway_role_user_assignments_' + branch_name],
'name', recursive=true, list_merge='append') }}
aap_configuration_dispatcher_roles: "{{ aap_configuration_dispatcher_roles_1 }}"
roles:
- infra.aap_configuration.dispatch
tasks:
- name: Set the automation hub vars
ansible.builtin.set_fact:
ee_image_push: true
ee_validate_certs: false
ee_create_ansible_config: false
hub_group_roles: >
{{ hub_group_roles_all |
community.general.lists_mergeby( vars['hub_group_roles_' + branch_name],
'name', recursive=true, list_merge='append' ) }}
hub_collection_repositories: >
{{ hub_collection_repositories_all |
community.general.lists_mergeby( vars['hub_collection_repositories_' + branch_name],
'name', recursive=true, list_merge='append' ) }}
hub_collection_remotes: >
{{ hub_collection_remotes_all |
community.general.lists_mergeby( vars['hub_collection_remotes_' + branch_name],
'name', recursive=true, list_merge='append' ) }}
hub_namespaces: >
{{ hub_namespaces_all |
community.general.lists_mergeby( vars['hub_namespaces_' + branch_name],
'name', recursive=true, list_merge='append' ) }}
hub_collections: >
{{ hub_collections_all |
community.general.lists_mergeby( vars['hub_collections_' + branch_name],
'collection_name', recursive=true, list_merge='append' ) }}
hub_ee_images: >
{{ hub_ee_images_all |
community.general.lists_mergeby( vars['hub_ee_images_' + branch_name],
'name', recursive=true, list_merge='append' ) }}
hub_ee_registries: >
{{ hub_ee_registries_all |
community.general.lists_mergeby( vars['hub_ee_registries_' + branch_name],
'name', recursive=true, list_merge='append' ) }}
hub_ee_repositories: >
{{ hub_ee_repositories_all |
community.general.lists_mergeby( vars['hub_ee_repositories_' + branch_name],
'name', recursive=true, list_merge='append' ) }}
- name: Get info from gateway on org_id's
ansible.builtin.uri:
url: "{{ ah_hostname }}/api/gateway/v1/organizations/"
user: "{{ ah_username }}"
password: "{{ ah_password }}"
method: GET
body_format: json
force_basic_auth: true
validate_certs: false
register: _org_data
- name: Get info from gateway on team_id's
ansible.builtin.uri:
url: "{{ ah_hostname }}/api/gateway/v1/teams/"
user: "{{ ah_username }}"
password: "{{ ah_password }}"
method: GET
body_format: json
force_basic_auth: true
validate_certs: false
register: _team_data
- name: Set vars info only
ansible.builtin.set_fact:
orgs_list: "{{ _org_data.json.results }}"
team_list: "{{ _team_data.json.results }}"
- name: Create the gateway_role_user_assignments variable
ansible.builtin.set_fact: # noqa: jinja[spacing]
gateway_role_user_assignments: >-
[
{%- for item in gateway_role_user_list -%}
{%- if 'Organization' in item.role_definition -%}
{
"role_definition": "{{ item.role_definition }}",
"user": "{{ item.user }}",
"object_id": "{{ (orgs_list|selectattr('name', '==', item.org_name)|first).id }}"
}
{%- endif -%}
{%- if 'Team' in item.role_definition -%}
{
"role_definition": "{{ item.role_definition }}",
"user": "{{ item.user }}",
"object_id": "{{ (team_list|selectattr('summary_fields.organization.name', 'in', item.org_name)|selectattr('name', '==', item.team_name)|first).id }}"
}
{%- endif -%}
{%- if not loop.last -%},
{%- endif -%}
{%- endfor -%}
]
aap_configuration_dispatcher_roles: "{{ aap_configuration_dispatcher_roles_2 }}"
# The following task will create the token for the galaxy credential and
# store it in a variable, this is used in the credential config
- name: Create a new token using username/password
ansible.hub.ah_token:
state: present
ah_host: "{{ aap_hostname }}"
ah_username: <username_in_hub_for_collections>
ah_password: <vaulted_password_of_this_user>
validate_certs: false
no_log: true
# Create the set of variables to configure the controller
- name: Set the controller vars
ansible.builtin.set_fact:
aap_configuration_secure_logging: false
controller_credential_input_sources: >
{{ controller_credential_input_sources_all |
community.general.lists_mergeby(vars['controller_credential_input_sources_' + branch_name],
'source_credential', recursive=true, list_merge='append') }}
controller_credential_types: >
{{ controller_credential_types_all |
community.general.lists_mergeby(vars['controller_credential_types_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_execution_environments: >
{{ controller_execution_environments_all |
community.general.lists_mergeby(vars['controller_execution_environments_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_hosts: >
{{ controller_hosts_all |
community.general.lists_mergeby(vars['controller_hosts_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_instance_groups: >
{{ controller_instance_groups_all |
community.general.lists_mergeby(vars['controller_instance_groups_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_inventory_sources: >
{{ controller_inventory_sources_all |
community.general.lists_mergeby(vars['controller_inventory_sources_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_inventories: >
{{ controller_inventories_all |
community.general.lists_mergeby(vars['controller_inventories_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_labels: >
{{ controller_labels_all |
community.general.lists_mergeby(vars['controller_labels_' + branch_name],
'name', recursive=true, list_merge='append') }}
aap_organizations: >
{{ aap_organizations_all |
community.general.lists_mergeby(vars['aap_organizations_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_notifications: >
{{ controller_notifications_all |
community.general.lists_mergeby(vars['controller_notifications_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_projects: >
{{ controller_projects_all |
community.general.lists_mergeby(vars['controller_projects_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_settings: >
{{ controller_settings_all |
community.general.lists_mergeby(vars['controller_settings_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_schedules: >
{{ controller_schedules_all |
community.general.lists_mergeby(vars['controller_schedules_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_templates: >
{{ controller_templates_all |
community.general.lists_mergeby(vars['controller_templates_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_roles: >
{{ controller_roles_all |
community.general.lists_mergeby(vars['controller_roles_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_workflows: >
{{ controller_workflows_all |
community.general.lists_mergeby(vars['controller_workflows_' + branch_name],
'name', recursive=true, list_merge='append') }}
# To translate the token variable in the configuration file, we must generate
# these somewhat different.
- name: Set credentials_var for dev
ansible.builtin.set_fact:
controller_credentials: "{{ controller_credentials_all + controller_credentials_dev }}"
when: branch_name == 'dev'
- name: Set credentials_var for prod
ansible.builtin.set_fact:
controller_credentials: "{{ controller_credentials_all + controller_credentials_prod }}"
when: branch_name == 'prod'
- name: Run second part of the base config
ansible.builtin.include_role:
name: infra.aap_configuration.dispatch