controller_organization.yml

In these files we configure the mapping of hub credentials to organizations.
we will probably do this on each environment separately, as the hostnames differ.

If you have read the gateway section, you'll find that this variable has been used in the gateway configuration, here we add some credentials to the organization that were not defined at the time of creation of the organization.

variables

Wen you search in the api of controller, you will find that you can do more with the collection that the api of the organization specifies, therefore we copied the documentation table here.

Variable Name	Default Value	Required	Type	Description
`name`	N/A	yes	str	The name of the resource
`new_name`	N/A	no	str	Setting this option will change the existing name (looked up via the name field)
`description`	N/A	no	str	Description of the organization
`custom_virtualenv`	N/A	no	str	Local absolute file path containing a custom Python virtualenv to use.
`max_hosts`	N/A	no	int	The max hosts allowed in this organization.
`instance_groups`	N/A	no	list	list of Instance Groups for this Organization to run on.
`galaxy_credentials`	N/A	no	list	The credentials to use with private automation hub.
`default_environment`	N/A	no	str	Default Execution Environment to use for jobs owned by the Organization.
`notification_templates_started`	N/A	no	list	The notifications on started to use for this organization in a list.
`notification_templates_success`	N/A	no	list	The notifications on success to use for this organization in a list.
`notification_templates_error`	N/A	no	list	The notifications on error to use for this organization in a list.
`notification_templates_approvals`	N/A	no	list	The notifications for approval to use for this organization in a list.
`state`	`present`	no	str	Desired state of the resource.

Examples below:

group_vars/all/controller_organization.yml

If the credentialnames and organization names are configured identical in all environments, this can be done in the all section.
Each organization gets the same hub credentials mapped for collection download, this way we have only one token for hub and less administration.

---
aap_organizations_all:
  - name: ORG_LNX
    galaxy_credentials:
      - Default_automation_hub_token_community
      - Default_automation_hub_token_rh_certified
      - Default_automation_hub_token_published
      - Default_automation_hub_token_validated
      - automation_hub_image_pull_secret
  - name: ORG_INFRA
    galaxy_credentials:
      - Default_automation_hub_token_community
      - Default_automation_hub_token_rh_certified
      - Default_automation_hub_token_published
      - Default_automation_hub_token_validated
      - automation_hub_image_pull_secret
  - name: ORG_WEB
    galaxy_credentials:
      - Default_automation_hub_token_community
      - Default_automation_hub_token_rh_certified
      - Default_automation_hub_token_published
      - Default_automation_hub_token_validated
      - automation_hub_image_pull_secret
...

But you can already see that the variable name used here has the "_all" extension, so the variable will not be overridden as this is not quite a inventory.
Why we do this, will become clear in a moment.

group_vars/dev/controller_organization.yml

As we already mapped the hub credentials in the _all, we don't need more mappings here.

---
aap_organizations_dev: []
...

Here the variable has the "_dev" extension, so the variable will not be overridden.

group_vars/prod/controller_organization.yml

We configure some extra projects in production, but these are inventory projects with base variables for constructed inventories we use.

---
aap_organizations_prod: []

...

Here the variable has the "_prod" extension, so the variable will not be overridden.

When we run a pipeline for a certain environment, the inventory structure will provide us with 2 variables: - aap_organizations_all
- aap_organizations_

We will merge these 2 variables into 1: aap_organizations and feed this to the infra.aap_configuration.gateway_organizations role.
In main.yml the merge of the variables is done by this piece of code:

    - name: Set the controller vars
      ansible.builtin.set_fact:
        aap_organizations: >
          {{ aap_organizations_all |
          community.general.lists_mergeby(vars['aap_organizations_' + branch_name],
          'name', recursive=true, list_merge='append') }}

This results in the aap_organizations variable the collection needs.

Back