hub_collection_remotes

The infra.aap_configuration collection expects the vaules in the variable: hub_collection_remotes. As we intend to configure everything just once, we spit the set of vars into the environments and join the lists in the main.yml, before calling the collection. If there are no collection_remotes defined, do not add this file. If you do, ensure the file is present in all branches, with the correct content, described below.

group_vars/all/hub_collection_remotes.yml

As the organization we create has chosen that every collection to be used in production has to be checked, we have no "ALL" configuration.
The configuration is fully in "dev"and "prod".
As you can see the cloud token is not in this configuration file, this is defined elsewhere.

---
hub_collection_remotes_all: []
  # No extra config exists
...

But you can already see that the variable name used here has the "_all" extension, so the variable will not be overridden as this is not quite a inventory.
Why we do this, will become clear in a moment.
Even when its empty, the variable must exist.

group_vars/dev/hub_collection_remotes.yml

Here we configure the remotes per environment to have some control over which collection is availlable in which environment. This can be a demand from security, so why not be ahead of this and separate the environments this way.

---
hub_collection_remotes_dev:
  - name: rh-certified
    token: "{{ cloud_token }}"
    url: 'https://console.redhat.com/api/automation-hub/content/published/'
    auth_url: 'https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token'
    requirements:
      - ansible.posix
      - ansible.controller
      - ansible.eda
      - ansible.hub
      - ansible.platform
      - ansible.windows
      - redhat.insights
      - redhat.satellite
      - redhat.satellite_operations
      - redhat.rhel_system_roles
    wait: false

  - name: validated
    token: "{{ cloud_token }}"
    url: 'https://console.redhat.com/api/automation-hub/content/validated/'
    auth_url: 'https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token'
    wait: false

  - name: community
    token: "{{ cloud_token }}"
    url: 'https://galaxy.ansible.com/api/'
    auth_url: 'https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token'
    requirements:
      - community.general
      - community.vmware
      - community.windows
      - community.postgresql
      - community.docker
      - community.dns
      - community.libvirt
      - awx.awx
      - infra.aap_configuration
      - infra.controller_configuration
      - infra.ah_configuration
      - infra.aap_utilities
      - infra.ee_utilities
    wait: false
...

Here the variable has the "_dev" extension, so the variable will not be overridden.

group_vars/prod/hub_collection_remotes.yml

We have a lot less collection availlable in production.
By adding a collection into the list, it will be added to the hub in the environment.

---
hub_collection_remotes_prod: []
  - name: rh-certified
    token: "{{ cloud_token }}"
    url: 'https://console.redhat.com/api/automation-hub/content/published/'
    auth_url: 'https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token'
    requirements:
      - ansible.posix
      - ansible.controller
      - ansible.eda
      - ansible.hub
      - ansible.platform
      - ansible.windows
      - redhat.insights
      - redhat.satellite
      - redhat.satellite_operations
      - redhat.rhel_system_roles
    wait: false

  - name: validated
    token: "{{ cloud_token }}"
    url: 'https://console.redhat.com/api/automation-hub/content/validated/'
    auth_url: 'https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token'
    wait: false

  - name: community
    token: "{{ cloud_token }}"
    url: 'https://galaxy.ansible.com/api/'
    auth_url: 'https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token'
    requirements:
      - community.general
      - community.vmware
      - infra.aap_configuration
      - infra.controller_configuration
      - infra.ah_configuration
      - infra.aap_utilities
      - infra.ee_utilities
    wait: false
...

Here the variable has the "_prod" extension, so the variable will not be overridden.

When we run a pipeline for a certain environment, the inventory structure will provide us with 2 variables: - hub_collection_remotes_all
- hub_collection_remotes_

We will merge these 2 variables into 1: hub_collection_remotes and feed this to the infra.aap_configuration.hub_collection_remotes role.
In main.yml the merge of the variables is done by this piece of code:

    - name: Set the gateway vars
      ansible.builtin.set_fact:
        hub_collection_remotes: >
          {{ hub_collection_remotes_all |
          community.general.lists_mergeby(vars['hub_collection_remotes_' + branch_name],
          'name', recursive=true, list_merge='append') }}

This results in the hub_collection_remotes variable the collection needs.

Back