Organization repository
As the organization and the admin user for this new organization are created, we can proceed with creating a new gitlab repository.
So we create a new repository for this team in the configascode group in gitlab, and assign the CICD pipeline from common_code/cac/pipeline.yml, so the pipeline will be uniform.
Also ad a new ORG_NAME variable to this new repository and we are almost good to go, apart from the files in the repository.
The files needed to configure the controller for a new organization rhaap 2.6 are listed below:
controller_credential_input_sources.yml
controller_credentials.yml
controller_hosts.yml
controller_inventory.yml
controller_inventory_sources.yml
controller_labels.yml
controller_notification_templates.yml
controller_organizations.yml
controller_projects.yml
controller_roles.yml
controller_schedules.yml
controller_templates.yml
controller_workflows.yml
All files starting with controller, hold variables for the controller_configuration roles in the aap_configuration collection.
The values and ranges are wel documented in the collection documentation on github.
We will explain the contents of the complete repository step-by-step as we did for the base configuration for gateway and automation hub. It is essentially the same structure, but with fewer files.
First we wil look back on the directory structure we have shown you before, but only the part we need at the moment:
.
├── group_vars
│ ├── all
│ │ └── yml-files
│ ├── dev
│ │ └── yml-files
│ └── prod
│ └── yml-files
The files we see above are placed in each of the group_vars directories, so each directory will hold the same filenames (content is different!).
All files need to be present, or else the code will not work.
As you see, the group_vars looks like an inventory, and it basically is, but the thing with inventories is, they tend to overwrite variables.
This is not what we want, so the content of the files is slightly different, so the vaiables aren't overidden. I hear you asking why and I will tell you.
We don't want to define things twice, ever.
So if we define things in "ALL" we want to be present in all of our environments, but if this where an inventory, as soon as we define somenthing in the same file in dev, we must copy all contents from the "ALL" file to dev AND prod. So that doubles our maintenance for that file.
If we slightly differ the variable names in the files and let the code merge the variables, then the all is still all and merges with the correct environment.
Less copying, less maintenance and easy management.
This is the essence of the configurationas code as I built it.
Adding files
Just like the base_gateway_and_hub configuration, we define the variables in the files exactly like we did there, this means we can reuse the same code and therefore make it all easier to understand. This way we don't take a strange turn, it all looks and feels the same and this makes it easier to manage.
So if You have read the configuration part for the gateway, You know what to do. Else go back and read that part so You'll understand whats coming.
The files
Below, You'll find the links to the individual files and their content:
controller_credential_input_sources.yml
controller_credentials.yml
controller_hosts.yml
controller_inventory.yml
controller_inventory_sources.yml
controller_labels.yml
controller_organizations.yml
controller_notification_templates.yml
controller_projects.yml
controller_roles.yml
controller_schedules.yml
controller_templates.yml
controller_workflows.yml
The code in the repository
As we created the directory structure to hold the configuration files we dicussed above this, we need to add the host_vars directories.
It may be obvious what goes in there, but anyway..
We expand the structure above with the following structure and start filling in the files to make things functional.
── host_vars
│ ├── aap_dev
│ │ └── aap_dev.yml
│ └── aap_prod
│ └── aap_prod.yml
├── inventory.yaml
└── main.yml
host_vars/aap_dev/aap_dev.yml
Some vars for the collections to make things run smooth.
---
hostname: localhost
aap_configuration_async_retries: 50
aap_configuration_async_delay: 5
aap_request_timeout: 60
...
The production branch of the host_vars holds the same files, with other values, suitable for the production environment.
inventory.yml
This file is important, but so simple.. just copy this:
---
dev:
hosts: aap_dev
prod:
hosts: aap_prod
the real code main.yml
The file main.yml is almost the same in every repository for configuration as code. Just the variables vary.
---
- name: Configure rhaap platform controller base
hosts: "{{ instance | default('localhost') }}"
connection: local
gather_facts: false
pre_tasks:
# START VAULT CHANGE
# When using a vault use this code to read the secrets from the vault
- name: Get secrets
community.hashi_vault.vault_kv2_get:
url: <vault_url>
token: "{{ vault_token }}"
namespace: "{{ branch_name }}/{{ org_name }}"
engine_mount_point: kv
path: "rhaap_admin"
register: secrets
no_log: true
- name: Set rhaap facts
ansible.builtin.set_fact:
aap_hostname: "{{ secrets['secret']['hostname'] }}"
aap_username: "{{ secrets['secret']['username'] }}"
aap_password: "{{ secrets['secret']['password'] }}"
aap_validate_certs: "{{ secrets['secret']['validate_certs'] }}"
no_log: true
# END VAULT CHANGE
- name: Set the gateway vars
ansible.builtin.set_fact:
aap_configuration_secure_logging: false
controller_credential_input_sorces: >
{{ controller_credential_input_sources_all |
community.general.lists_mergeby(vars['controller_credential_input_sources_' + branch_name],
'target_credential', recursive=true, list_merge='append') }}
controller_credentials: >
{{ controller_credentials_all |
community.general.lists_mergeby(vars['controller_credentials_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_hosts: >
{{ controller_hosts_all |
community.general.lists_mergeby(vars['controller_hosts_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_inventory_sources: >
{{ controller_inventory_sources_all |
community.general.lists_mergeby(vars['controller_inventory_sources_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_inventories: >
{{ controller_inventories_all |
community.general.lists_mergeby(vars['controller_inventories_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_labels: >
{{ controller_labels_all |
community.general.lists_mergeby(vars['controller_labels_' + branch_name],
'name', recursive=true, list_merge='append') }}
aap_organizations: >
{{ aap_organizations_all |
community.general.lists_mergeby(vars['aap_organizations_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_notifications: >
{{ controller_notifications_all |
community.general.lists_mergeby(vars['controller_notifications_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_projects: >
{{ controller_projects_all |
community.general.lists_mergeby(vars['controller_projects_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_schedules: >
{{ controller_schedules_all |
community.general.lists_mergeby(vars['controller_schedules_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_templates: >
{{ controller_templates_all |
community.general.lists_mergeby(vars['controller_templates_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_roles: >
{{ controller_roles_all |
community.general.lists_mergeby(vars['controller_roles_' + branch_name],
'name', recursive=true, list_merge='append') }}
controller_workflows: >
{{ controller_workflows_all |
community.general.lists_mergeby(vars['controller_workflows_' + branch_name],
'name', recursive=true, list_merge='append') }}
roles:
- infra.aap_configuration.dispatch