gateway_settings

group_vars/all/gateway_settings.yml

Some settings we use are enforced by the enterprise policy, so we configure those here to be sure that even local users use the password policy. 

---
gateway_settings_all:
  gateway_token_name: X-DAB-JW-TOKEN
  gateway_access_token_expiration: 600
  gateway_basic_auth_enabled: true
  gateway_proxy_url_ignore_cert: false
  password_min_length: 6
  password_min_digits: 1
  password_min_upper: 1
  password_min_special: 1
...

But you can already see that the variable name used here has the "_all" extension, so the variable will not be overridden as this is not quite a inventory.
Why we do this, will become clear in a moment.

group_vars/dev/gateway_settings.yml

Here we configure an extra setting for the development environment, this setting is only applied in development, as you can see the value in production is different. 

---
gateway_settings_dev:
  gateway_proxy_url: https://rhaap25.homelab:9080
  allow_admins_to_set_insecure: true
...

Here the variable has the "_dev" extension, so the variable will not be overridden.

group_vars/prod/gateway_settings.yml

Ensure the insecure setting in dev is not applied here. 

---
gateway_settings_prod:
  gateway_proxy_url: https://rhaap-prod.homelab:9080
  allow_admins_to_set_insecure: false
...

Here the variable has the "_prod" extension, so the variable will not be overridden.

When we run a pipeline for a certain environment, the inventory structure will provide us with 2 variables: - gateway_settings_all
- gateway_settings_

We will merge these 2 variables into 1: gateway_settings and feed this to the infra.aap_configuration.gateway_settings role.
In main.yml the merge of the variables is done by this piece of code:

    - name: Set the gateway vars
      ansible.builtin.set_fact:
        gateway_settings: >
          {{ gateway_settings_all |
          community.general.lists_mergeby(vars['gateway_settings_' + branch_name],
          'name', recursive=true, list_merge='append') }}

This results in the gateway_settings variable the collection needs.

As you review this page, it may become clear to you that there is almost no data doubling in this configuration.
Everything a, if possible, only configured once, so that maintenance is less error prone.

Back