From 97d9851321c58751042202750c1a3aed69c5d30d Mon Sep 17 00:00:00 2001 From: Bas Date: Tue, 10 Dec 2024 22:52:11 +0100 Subject: [PATCH] Dev env with proxy (#55) * dev with proxy * faster facts & tags * vmware_desktop * Smoother dev env * dev config * make all * configure proxy * proxy-update * proxy tag * updates * dev --- Makefile | 10 ++++---- Vagrantfile | 6 ++--- ansible.cfg | 2 +- inventory/dev/dev.json | 17 +++++++++++++- inventory/dev/group_vars/all/vars.yml | 8 +++++-- inventory/dev/hosts | 9 ++++++++ preparation.yml | 33 +++++++++++++++++++-------- roles/requirements.yml | 2 +- 8 files changed, 65 insertions(+), 22 deletions(-) diff --git a/Makefile b/Makefile index 55b49c4..b601fb0 100644 --- a/Makefile +++ b/Makefile @@ -8,14 +8,14 @@ up: secureboot: pwsh 'Set-VMFirmware -VMName "k8s-node" -EnableSecureBoot On -SecureBootTemplate "MicrosoftUEFICertificateAuthority"' -.PHONY: provision -provision: - ./provision.yml -b -l k8s_cluster +.PHONY: cluster +cluster: + ./cluster.yml -b .PHONY: clean clean: vagrant destroy -f - rm -rf galaxy_roles/* + ./galaxy.sh .PHONY: all -all: up provision +all: clean up cluster diff --git a/Vagrantfile b/Vagrantfile index b90c933..e64a8bb 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -38,9 +38,9 @@ Vagrant.configure(2) do |config| srv.vm.box = guest['box'] srv.vm.hostname = guest['name'] # Hyper-V needs an _external_ network adapter, bound to a connected interface. - srv.vm.network "public_network", type: "dhcp", bridge: "Wi-Fi" - # Other Hypervisors allow setting the IP - #srv.vm.network 'private_network', ip: guest['ip_addr'] + # srv.vm.network "public_network", type: "dhcp", bridge: "Wi-Fi" + # Better Hypervisors allow setting the IP + srv.vm.network 'private_network', ip: guest['ip_addr'] # set no_share to false to enable file sharing srv.vm.synced_folder ".", "/vagrant", id: "vagrant-root", disabled: guest['no_share'] diff --git a/ansible.cfg b/ansible.cfg index 346476f..131a72f 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -20,7 +20,7 @@ roles_path = roles ; dev and test are available for Vagrant by setting the STAGE environment variable. ; set inventory here, or on the command-line when running Ansible. -inventory = inventory/mini/hosts +inventory = inventory/dev/hosts # Disabled json fact caching for Semaphore # https://github.com/ansible/ansible/issues/68425 diff --git a/inventory/dev/dev.json b/inventory/dev/dev.json index c6c7028..59fedb0 100644 --- a/inventory/dev/dev.json +++ b/inventory/dev/dev.json @@ -1,4 +1,19 @@ [ + { + "name": "controller", + "autostart": true, + "cpus": 4, + "distro": "almalinux", + "family": "RedHat", + "gui": false, + "box": "almalinux/8", + "ip_addr": "10.0.0.206", + "memory": "8192", + "no_share": true, + "primary": true, + "app_port": "3128", + "forwarded_port": "3128" + }, { "name": "k8s-master01", "autostart": true, @@ -10,7 +25,7 @@ "ip_addr": "10.0.0.231", "memory": "2048", "no_share": true, - "primary": true, + "primary": false, "app_port": "6443", "forwarded_port": "6443" }, diff --git a/inventory/dev/group_vars/all/vars.yml b/inventory/dev/group_vars/all/vars.yml index dfabfb8..cea6be9 100644 --- a/inventory/dev/group_vars/all/vars.yml +++ b/inventory/dev/group_vars/all/vars.yml @@ -1,12 +1,14 @@ --- -argocd_enabled: true +argocd_enabled: false artifacts_dir: "{{ playbook_dir }}/files" bin_dir: /usr/bin -cluster_name: test +cluster_name: dev container_manager: containerd # default containerd_bin_dir: /usr/bin containerd_version: "1.6.32" dns_mode: coredns +download_localhost: false # on ansible controller +download_run_once: false # rsync did not work for me enable_dual_stack_networks: false helm_enabled: true upstream_dns_servers: @@ -14,6 +16,8 @@ upstream_dns_servers: docker_version: "docker-ce-26.1.0" etcd_version: "v3.5.12" etcd_deployment_type: kubeadm +http_proxy: "http://10.0.0.206:3128" +https_proxy: "http://10.0.0.206:3128" krew_enabled: false kube_config_dir: /etc/kubernetes kube_script_dir: "{{ bin_dir }}/kubernetes-scripts" diff --git a/inventory/dev/hosts b/inventory/dev/hosts index 5d18b80..b24340e 100644 --- a/inventory/dev/hosts +++ b/inventory/dev/hosts @@ -1,6 +1,7 @@ [all] k8s-master01 ansible_host=10.0.0.231 ip=10.0.0.231 etcd_member_name=etcd1 k8s-node01 ansible_host=10.0.0.209 ip=10.0.0.209 +controller ansible_host=10.0.0.206 [k8s_cluster:children] kube_control_plane @@ -24,3 +25,11 @@ ansible_private_key_file = ~/.vagrant.d/insecure_private_key [k8s_cluster:vars] etcd_deployment_type=kubeadm + +[proxy] +controller + +[bastion] +# https://blog.scottlowe.org/2015/12/24/running-ansible-through-ssh-bastion-host/ +# Comment out when running from the bastion +controller diff --git a/preparation.yml b/preparation.yml index 3388149..5d7be75 100755 --- a/preparation.yml +++ b/preparation.yml @@ -1,30 +1,45 @@ #!/usr/bin/env ansible-playbook --- -- name: Common +- name: Disable firewall + hosts: k8s_cluster:proxy + become: true + gather_facts: false + pre_tasks: + - name: Disable firewalld + ansible.builtin.systemd: + name: firewalld + state: stopped + enabled: false + + +- name: Install squid on proxy host hosts: proxy become: true + gather_facts: false + tasks: + - name: Gathering facts + ansible.builtin.setup: + gather_subset: platform + - name: Install docker-ce ansible.builtin.import_role: name: geerlingguy.docker + tags: [docker] - name: Install Squid proxy ansible.builtin.import_role: name: proxy + tags: [proxy] -- name: Disable firewall +- name: Enable proxy hosts: k8s_cluster become: true gather_facts: false - pre_tasks: - - name: Disable firewalld - ansible.builtin.systemd: - name: firewalld - state: stopped - enabled: false - + tags: [proxy] + tasks: - name: Fix dnf ansible.builtin.lineinfile: path: /etc/dnf/dnf.conf diff --git a/roles/requirements.yml b/roles/requirements.yml index f8f5256..c83495f 100644 --- a/roles/requirements.yml +++ b/roles/requirements.yml @@ -3,4 +3,4 @@ roles: - src: geerlingguy.docker - src: bbaassssiiee.proxy name: proxy - version: 1.0.2 + version: 1.0.3