main.yml.txt

Template main.yml that will be copied into the new repository to be run as the pipeline runs after an update in the repository.
This main.yml will configure the changes made into the new repository into the designated rhaap environment, after being triggered from the pipeline.

---
- name: Configure rhaap platform controller for MGT
  hosts: "{{ instance | default('localhost') }}"
  connection: local
  gather_facts: false

  tasks:

    - name: Run Config As Code
      block:

        - name: Get secrets
          community.hashi_vault.vault_kv2_get:
            url: "{{ vault_url }}"
            token: "{{ vault_token }}"
            namespace: "{{ branch_name }}/{{ org_name }}"
            engine_mount_point: kv
            path: "rhaap_admin"
          register: secrets
          no_log: true

        - name: Set rhaap facts
          ansible.builtin.set_fact:
            aap_hostname: "{{ secrets['secret']['hostname'] }}"
            aap_username: "{{ secrets['secret']['username'] }}"
            aap_password: "{{ secrets['secret']['password'] }}"
            aap_validate_certs: "{{ secrets['secret']['validate_certs'] }}"
          no_log: true

        - name: Generate OAuth2 token
          ansible.platform.token:
            aap_hostname: "{{ aap_hostname }}"
            aap_username: "{{ aap_username }}"
            aap_password: "{{ aap_password }}"
            description: "{{ org_name }}_config_as_code_token"
            scope: "write"
            state: present
            validate_certs: false
          register: token_output
          no_log: true

        - name: Set the token var
          ansible.builtin.set_fact:
            aap_token: "{{ token_output.ansible_facts.aap_token.token }}"
            aap_token_id: "{{ token_output.ansible_facts.aap_token.id }}"
            aap_configuration_secure_logging: false
          no_log: true

        - name: Find var files for controller and eda
          ansible.builtin.find:
            paths: "group_vars/{{ branch_name }}"
            patterns:
              - 'controller_*.yml'
              - 'eda_*.yml'
          register: _ctlr_files

        - name: Create the vaiables for configuration as code
          ansible.builtin.set_fact:
            "{{ (filectlr.path | basename | splitext | first) }}": |
              {{ lookup('vars', *[filectlr.path | basename | splitext | first + '_all', filectlr.path | basename | splitext | first + '_' + branch_name]) | flatten }}
          loop: "{{ _ctlr_files.files }}"
          loop_control:
            loop_var: filectlr
            label: "{{ filectlr.path }}"

        - name: If there are running rulebooks(EDA) stop them
          ansible.builtin.include_tasks: stop_running_rulebooks.yml

        - name: Run the collection dispatch
          ansible.builtin.include_role:
            name: infra.aap_configuration.dispatch

      always:

        - name: Remove OAuth2 token for this organization
          ansible.platform.token:
            aap_hostname: "{{ aap_hostname }}"
            aap_username: "{{ aap_username }}"
            aap_password: "{{ aap_password }}"
            existing_token_id: "{{ aap_token_id }}"
            state: absent
            validate_certs: false
          no_log: true

Back