Ansible Role infra.aap_configuration.settings
An Ansible role to alter Settings on Ansible Automation Gateway.
Variables
| Variable Name | Default Value | Required | Description | Example |
platform_state | “present” | no | The state all objects will take unless overridden by object default | ‘absent’ |
aap_hostname | ”” | yes | URL to the Ansible Automation Platform Server. | 127.0.0.1 |
aap_validate_certs | true | no | Whether or not to validate the Ansible Automation Platform Server’s SSL certificate. | |
aap_username | ”” | no | Admin User on the Ansible Automation Platform Server. Either username / password or oauthtoken need to be specified. | |
aap_password | ”” | no | Platform Admin User’s password on the Server. This should be stored in an Ansible Vault at vars/platform-secrets.yml or elsewhere and called from a parent playbook. | |
aap_token | ”” | no | Controller Admin User’s token on the Ansible Automation Platform Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. | |
aap_request_timeout | 10 | no | Specify the timeout in seconds Ansible should use in requests to the Ansible Automation Platform host. | |
gateway_settings | see below | yes | Data structure describing your gateway_services Described below. |
Secure Logging Variables
The following Variables compliment each other. If Both variables are not set, secure logging defaults to false. The role defaults to false as normally the add ee_registry task does not include sensitive information. gateway_services_secure_logging defaults to the value of aap_configuration_secure_logging if it is not explicitly called. This allows for secure logging to be toggled for the entire suite of automation hub configuration roles with a single variable, or for the user to selectively use it.
| Variable Name | Default Value | Required | Description |
gateway_services_secure_logging | false | no | Whether or not to include the sensitive Registry role tasks in the log. Set this value to true if you will be providing your sensitive values from elsewhere. |
aap_configuration_secure_logging | false | no | This variable enables secure logging as well, but is shared across multiple roles, see above. |
Data Structure
Settings arguments
Provide settings as a single dict under settings_list.
Usage
Json Example
{
"gateway_settings": {
"gateway_token_name": "X-DAB-JW-TOKEN",
"gateway_access_token_expiration": 600,
"gateway_basic_auth_enabled": true,
"gateway_proxy_url": "https://localhost:9080",
"gateway_proxy_url_ignore_cert": false,
"password_min_length": 0,
"password_min_digits": 0,
"password_min_upper": 0,
"password_min_special": 0,
"allow_admins_to_set_insecure": false
}
}
Yaml Example
File name: data/gateway_settings.yml
gateway_settings:
gateway_token_name: X-DAB-JW-TOKEN
gateway_access_token_expiration: 600
gateway_basic_auth_enabled: true
gateway_proxy_url: https://localhost:9080
gateway_proxy_url_ignore_cert: false
password_min_length: 0
password_min_digits: 0
password_min_upper: 0
password_min_special: 0
allow_admins_to_set_insecure: false