I’m currently working on some roles and I’m not sure is it better to set role defaults so that they are development friendly, or production friendly.
Let me give you an example, so that you can understand what I mean. A postgres role needs to configure pg_hba.conf file which would in production (without setting any additional variables) look something like this:
local all all peer map=users host all all 127.0.0.1/32 md5 host all all ::1/128 md5
while in development it would like something like this:
local all all trust host all all 127.0.0.1/32 trust host all all ::1/128 trust
Pros and cons for each of these are the same. If defaults are set for production, it is harder to setup dev environment, and the other way around. If you set them for dev, you need to be more careful when provisioning production servers, since you need to set more variables. How do you set defaults for your roles?
I’d suggest setting them for neither and letting them be required.
Role defaults are for if you don’t pass any variables into the role.
If there is something about them that comes from inventory, inventory will override those defaults.
As such, you should set values for those inventory variables in both environments.
But why not make it easier to install postgres for at least one environment? Why require a variable to be set, if postgres can be installed and configured without passing any variable as in this case?
When I talk about development environment I’m mostly talking about devs using virtual machines on their workstations and using Ansible to configure those VMs. We don’t have predefined variables for those virtual machines, they are not on the repository, so they would need to set those variables every time.
You can still define variables in a group_vars/development and group_vars/production and so on so developers won’t need to define them.
I’m suggesting not defining them at two different levels of depth,which makes things inconsistent.
So your main concern is that there is a variable defined in roles defaults as well as in group_vars. We always write our roles so that they have a reasonable default set (if possible) and we consider most of those defaults as variables which need to be overwritten in group/host_vars if needed. I don’t see a problem with those defaults being overwritten, but I might have understood them wrong 
When I think about it, if I set these variables in both production and development main groups to different values, it won’t matter that much what are defaults anyway.
Thanks for your help!