Dev env with proxy (playingfield#55)

* dev with proxy

* faster facts & tags

* vmware_desktop

* Smoother dev env

* dev config

* make all

* configure proxy

* proxy-update

* proxy tag

* updates

* dev

Makefile

@@ -8,14 +8,14 @@ up:
 secureboot:
 	pwsh 'Set-VMFirmware -VMName "k8s-node" -EnableSecureBoot On -SecureBootTemplate "MicrosoftUEFICertificateAuthority"'
 
-.PHONY: provision
-provision:
-	./provision.yml -b -l k8s_cluster
+.PHONY: cluster
+cluster:
+	./cluster.yml -b
 
 .PHONY: clean
 clean:
 	vagrant destroy -f
-	rm -rf galaxy_roles/*
+	./galaxy.sh
 
 .PHONY: all
-all: up provision
+all: clean up cluster

Vagrantfile

@@ -38,9 +38,9 @@ Vagrant.configure(2) do |config|
       srv.vm.box = guest['box']
       srv.vm.hostname = guest['name']
       # Hyper-V needs an _external_ network adapter, bound to a connected interface.
-      srv.vm.network "public_network", type: "dhcp", bridge: "Wi-Fi"
-      # Other Hypervisors allow setting the IP
-      #srv.vm.network 'private_network', ip: guest['ip_addr']
+      # srv.vm.network "public_network", type: "dhcp", bridge: "Wi-Fi"
+      # Better Hypervisors allow setting the IP
+      srv.vm.network 'private_network', ip: guest['ip_addr']
 
       # set no_share to false to enable file sharing
       srv.vm.synced_folder ".", "/vagrant", id: "vagrant-root", disabled: guest['no_share']

ansible.cfg

@@ -20,7 +20,7 @@ roles_path = roles
 
 ; dev and test are available for Vagrant by setting the STAGE environment variable.
 ; set inventory here, or on the command-line when running Ansible.
-inventory = inventory/mini/hosts
+inventory = inventory/dev/hosts
 
 # Disabled json fact caching for Semaphore
 # https://github.com/ansible/ansible/issues/68425

inventory/dev/dev.json

@@ -1,4 +1,19 @@
 [
+      {
+        "name": "controller",
+        "autostart": true,
+        "cpus": 4,
+        "distro": "almalinux",
+        "family": "RedHat",
+        "gui": false,
+        "box": "almalinux/8",
+        "ip_addr": "10.0.0.206",
+        "memory": "8192",
+        "no_share": true,
+        "primary": true,
+        "app_port": "3128",
+        "forwarded_port": "3128"
+    },
     {
         "name": "k8s-master01",
         "autostart": true,
@@ -10,7 +25,7 @@
         "ip_addr": "10.0.0.231",
         "memory": "2048",
         "no_share": true,
-        "primary": true,
+        "primary": false,
         "app_port": "6443",
         "forwarded_port": "6443"
     },

inventory/dev/group_vars/all/vars.yml

@@ -1,19 +1,23 @@
 ---
-argocd_enabled: true
+argocd_enabled: false
 artifacts_dir: "{{ playbook_dir }}/files"
 bin_dir: /usr/bin
-cluster_name: test
+cluster_name: dev
 container_manager: containerd  # default
 containerd_bin_dir: /usr/bin
 containerd_version: "1.6.32"
 dns_mode: coredns
+download_localhost: false # on ansible controller
+download_run_once: false # rsync did not work for me
 enable_dual_stack_networks: false
 helm_enabled: true
 upstream_dns_servers:
   - 9.9.9.9
 docker_version: "docker-ce-26.1.0"
 etcd_version: "v3.5.12"
 etcd_deployment_type: kubeadm
+http_proxy: "http://10.0.0.206:3128"
+https_proxy: "http://10.0.0.206:3128"
 krew_enabled: false
 kube_config_dir: /etc/kubernetes
 kube_script_dir: "{{ bin_dir }}/kubernetes-scripts"

inventory/dev/hosts

@@ -1,6 +1,7 @@
 [all]
 k8s-master01 ansible_host=10.0.0.231 ip=10.0.0.231 etcd_member_name=etcd1
 k8s-node01 ansible_host=10.0.0.209 ip=10.0.0.209
+controller ansible_host=10.0.0.206
 
 [k8s_cluster:children]
 kube_control_plane
@@ -24,3 +25,11 @@ ansible_private_key_file = ~/.vagrant.d/insecure_private_key
 
 [k8s_cluster:vars]
 etcd_deployment_type=kubeadm
+
+[proxy]
+controller
+
+[bastion]
+# https://blog.scottlowe.org/2015/12/24/running-ansible-through-ssh-bastion-host/
+# Comment out when running from the bastion
+controller

preparation.yml

@@ -1,30 +1,45 @@
 #!/usr/bin/env ansible-playbook
 ---
 
-- name: Common
+- name: Disable firewall
+  hosts: k8s_cluster:proxy
+  become: true
+  gather_facts: false
+  pre_tasks:
+    - name: Disable firewalld
+      ansible.builtin.systemd:
+        name: firewalld
+        state: stopped
+        enabled: false
+
+
+- name: Install squid on proxy host
   hosts: proxy
   become: true
+  gather_facts: false
+
   tasks:
 
+    - name: Gathering facts
+      ansible.builtin.setup:
+        gather_subset: platform
+
     - name: Install docker-ce
       ansible.builtin.import_role:
         name: geerlingguy.docker
+      tags: [docker]
 
     - name: Install Squid proxy
       ansible.builtin.import_role:
         name: proxy
+      tags: [proxy]
 
-- name: Disable firewall
+- name: Enable proxy
   hosts: k8s_cluster
   become: true
   gather_facts: false
-  pre_tasks:
-    - name: Disable firewalld
-      ansible.builtin.systemd:
-        name: firewalld
-        state: stopped
-        enabled: false
-
+  tags: [proxy]
+  tasks:
     - name: Fix dnf
       ansible.builtin.lineinfile:
         path: /etc/dnf/dnf.conf

roles/requirements.yml

@@ -3,4 +3,4 @@ roles:
   - src: geerlingguy.docker
   - src: bbaassssiiee.proxy
     name: proxy
-    version: 1.0.2
+    version: 1.0.3