controller_instance_group_roles.yml

In these files we configure the roles for automation controller.
we will probably do this on each environment separately, as the hostnames differ.

variables

The api is not clear on the structure to use, the role documentation is, so we give you the link to the role documentation:

controller_roles

group_vars/all/controller_instance_group_roles.yml

Here we map nothing. 

---
controller_instance_groups_roles_all: []
...

But you can already see that the variable name used here has the "_all" extension, so the variable will not be overridden as this is not quite a inventory.
Why we do this, will become clear in a moment.

group_vars/dev/controller_instance_group_roles.yml

As we configure instance_group_roles in development, this file is not an empty set. 

---
controller_instance_grooup_roles_dev:
  # we match the instance_group to the organization
  - teams:
      - LDAP_MGT_Admins
      - LDAP_MGT_Developers
      - LDAP_MGT_Operators
    instance_groups:
      - ig_mgt
    role: use
    state: present
...

Here the variable has the "_dev" extension, so the variable will not be overridden.

group_vars/prod/controller_instance_group_roles.yml

As we do not configure extra roles in prod, this file is an empty set. 

---
controller_instance_group_roles_prod: []
  # No extra config exists
...

Here the variable has the "_prod" extension, so the variable will not be overridden.

When we run a pipeline for a certain environment, the inventory structure will provide us with 2 variables: - controller_roles_all
- controller_roles_

We will merge these 2 variables into 1: controller_instance_group_roles and feed this to the ansible.controller.role role in a loop, itterating over the items in the list.
In main.yml the merge of the variables is done by this piece of code:

    - name: Set the controller vars
      ansible.builtin.set_fact:
        controller_instance_group_roles: >
          {{ controller_instance_group_roles_all |
          community.general.lists_mergeby(vars['controller_instance_group_roles_' + branch_name],
          'teams', recursive=true, list_merge='append') }}

This results in the controller_instance_group_roles variable the collection needs.

Back