From 04285fa90237db42056db4a4534ebcce7efb836c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20Pablo=20S=C3=A1nchez=20Magari=C3=B1os?= Date: Fri, 29 May 2026 01:16:13 -0300 Subject: [PATCH 01/10] chore: bump mikroways.workstation a 2.5.0 --- ansible/requirements/roles.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/requirements/roles.yml b/ansible/requirements/roles.yml index 96465e7..a841e0a 100644 --- a/ansible/requirements/roles.yml +++ b/ansible/requirements/roles.yml @@ -1,2 +1,2 @@ - name: mikroways.workstation - version: 2.4.2 + version: 2.5.0 From fa4d6f0cd703ab6c6f3a6fcfa11f51cd2423c62f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20Pablo=20S=C3=A1nchez=20Magari=C3=B1os?= Date: Fri, 29 May 2026 01:34:37 -0300 Subject: [PATCH 02/10] =?UTF-8?q?docs:=20corregir=20niveles=20de=20encabez?= =?UTF-8?q?ados=20y=20lenguaje=20de=20bloques=20de=20c=C3=B3digo?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 32126d6..4e5d573 100644 --- a/README.md +++ b/README.md @@ -8,13 +8,13 @@ trabajar inmediatamente luego de correrlo. Al momento, depende de dos roles: * **mikroways.tools:** role privado con un set de herramientas que usamos a diario y fueron exclusivamente desarrolladas por Mikroways. Es opcional. -# Herramientas requeridas +## Herramientas requeridas * [direnv](https://direnv.net/) * [python3](https://www.python.org/downloads/) * [pyenv](https://github.com/pyenv/pyenv#installation) -# Instalar roles y requerimientos +## Instalar roles y requerimientos Primero se deben correr los siguientes comandos para instalar Ansible: @@ -55,7 +55,7 @@ ansible-galaxy role install -r ansible/requirements/roles.yml --force-with-deps ansible-galaxy role install -r ansible/requirements/roles-mw.yml --force-with-deps ``` -# Ejecutar playbook en local +## Ejecutar playbook en local Antes de continuar, es recomendable realizar resguardos de toda configuración del usuario donde se ejecute el playbook o realizarlo en un usuario nuevo. @@ -73,7 +73,7 @@ Si perteneces a Mikroways, entonces deberías además correr el siguiente playbo ansible-playbook ansible/playbooks/vm-setup-mw.yml -i ansible/inventory/localhost.yml -K ``` -# Consideraciones +## Consideraciones * Si se está utilizando Pop!\_Os se debe agregar además `-e ansible_distribution=Ubuntu` @@ -83,7 +83,7 @@ ansible-playbook ansible/playbooks/vm-setup-mw.yml -i ansible/inventory/localhos * Si ya utilizabas dotfiles, considerá subir tus cambios porque podrías perder alguna de tus personalizaciones. -# Funcionamiento +## Funcionamiento El playbook sigue la siguiente serie de pasos: @@ -98,12 +98,12 @@ El playbook sigue la siguiente serie de pasos: 1. (opcional) Si se indico la instalación de las herramientas de Mikroways, entonces estas se instalaran en la carpeta `~/.mikroways/tools`. -# Recomendaciones +## Recomendaciones Una vez instalado tu desktop con este playbook, te recomendamos que agregues en `$HOME/.envrc` la siguiente configuración: -``` +```bash use asdf ``` @@ -115,12 +115,12 @@ autocomplete, entonces proveemos el alias **`mw-fix-kube-completion`** que debería actualizar el autocomplete que se suele romper entre diferentes versiones de kubectl que se manejan con asdf. -# Usar este playbook en un bastion +## Usar este playbook en un bastion Si querés usar directamente este playbook en una vm determinada, proponemos usar el siguiente comando: -``` +```bash ansible-playbook ansible/playbooks/vm-setup.yml [-K] \ -i SOME_USER@10.10.10.10, \ -e ansible_user=SOME_USER @@ -130,7 +130,7 @@ ansible-playbook ansible/playbooks/vm-setup.yml [-K] \ > especificado tanto en la opción `-i` como en `ansible_user`. Además, para usar > un inventario inline es **fundamental el uso de la coma al final de la IP**. -# ¿Como probar el entorno en Vagrant? +## ¿Como probar el entorno en Vagrant? Simplemente correr: From ff3d635dc547bf77cd0313c09f14104472033033 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20Pablo=20S=C3=A1nchez=20Magari=C3=B1os?= Date: Fri, 29 May 2026 02:09:48 -0300 Subject: [PATCH 03/10] =?UTF-8?q?chore:=20eliminar=20variable=20mw=5Ftools?= =?UTF-8?q?=5Fenabled=20sin=20uso=20y=20usar=20ansible=5Fplaybook=5Fpython?= =?UTF-8?q?=20como=20int=C3=A9rprete=20en=20localhost?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Vagrantfile | 34 +++++++++++++++++-------- ansible/inventory/bastion-inventory.yml | 3 +-- ansible/inventory/localhost.yml | 4 +-- 3 files changed, 26 insertions(+), 15 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index b940714..8011165 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -5,16 +5,28 @@ Vagrant.configure("2") do |config| config.vm.box = "ubuntu/jammy64" config.vm.provider "virtualbox" do |vb| - vb.memory = "4096" + vb.memory = "4096" + end + + config.vm.provision :ansible do |ansible| + ansible.galaxy_role_file = "ansible/requirements/roles.yml" + ansible.playbook = "ansible/playbooks/vm-setup.yml" + ansible.raw_ssh_args = ["-o ForwardAgent=yes"] + ansible.extra_vars = { + ansible_user: "vagrant", + ansible_python_interpreter: "/usr/bin/python3", + } + end + + # Para probar vm-setup-mw.yml (herramientas privadas de Mikroways): + # vagrant provision --provision-with mw + config.vm.provision :ansible, run: "never", name: "mw" do |ansible| + ansible.galaxy_role_file = "ansible/requirements/roles-mw.yml" + ansible.playbook = "ansible/playbooks/vm-setup-mw.yml" + ansible.raw_ssh_args = ["-o ForwardAgent=yes"] + ansible.extra_vars = { + ansible_user: "vagrant", + ansible_python_interpreter: "/usr/bin/python3" + } end - config.vm.provision :ansible do |ansible| - ansible.galaxy_role_file = "ansible/requirements/roles.yml" - ansible.playbook = "ansible/playbooks/vm-setup.yml" - ansible.raw_ssh_args = ["-o ForwardAgent=yes"] - ansible.extra_vars = { - ansible_user: "vagrant", - ansible_python_interpreter: "/usr/bin/python3", - mw_tools_enabled: false - } - end end diff --git a/ansible/inventory/bastion-inventory.yml b/ansible/inventory/bastion-inventory.yml index e464371..e68370a 100644 --- a/ansible/inventory/bastion-inventory.yml +++ b/ansible/inventory/bastion-inventory.yml @@ -1,7 +1,7 @@ --- all: vars: - ansible_user: "{{ lookup('env','USER')}}" + ansible_user: "{{ lookup('env','USER')}}" # ajustar si el usuario remoto difiere del local hosts: bastion: ansible_host: bastion-example.mikroways.net @@ -14,6 +14,5 @@ all: mw_user_environment_install_dotfiles: true mw_podman_enabled: false mw_docker_enabled: false - mw_tools_enabled: false mw_workstation_local_packages_only: - kubectl diff --git a/ansible/inventory/localhost.yml b/ansible/inventory/localhost.yml index e9ea287..f983dc6 100644 --- a/ansible/inventory/localhost.yml +++ b/ansible/inventory/localhost.yml @@ -1,9 +1,9 @@ --- all: vars: - ansible_python_interpreter: /usr/bin/python3 + ansible_python_interpreter: "{{ ansible_playbook_python }}" ansible_connection: local ansible_user: "{{ lookup('env','USER')}}" - mw_tools_enabled: false + hosts: localhost: From ff57f1a54e9d57e4eac9e7686207938fc7d94cfd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20Pablo=20S=C3=A1nchez=20Magari=C3=B1os?= Date: Fri, 29 May 2026 02:10:00 -0300 Subject: [PATCH 04/10] fix: corregir nombre de los playbooks --- ansible/playbooks/vm-setup-mw.yml | 2 +- ansible/playbooks/vm-setup.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/playbooks/vm-setup-mw.yml b/ansible/playbooks/vm-setup-mw.yml index 18296a7..49f14f6 100644 --- a/ansible/playbooks/vm-setup-mw.yml +++ b/ansible/playbooks/vm-setup-mw.yml @@ -1,5 +1,5 @@ --- -- name: Install a Mikroways desktop bastion +- name: Install Mikroways private tools hosts: all gather_facts: true tasks: diff --git a/ansible/playbooks/vm-setup.yml b/ansible/playbooks/vm-setup.yml index 0c21a15..c1893ca 100644 --- a/ansible/playbooks/vm-setup.yml +++ b/ansible/playbooks/vm-setup.yml @@ -1,5 +1,5 @@ --- -- name: Install a Mikroways desktop bastion +- name: Install a Mikroways workstation hosts: all gather_facts: true tasks: From 9aad05f72e9f29e7c74bcc3efe109e8ab4260c75 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20Pablo=20S=C3=A1nchez=20Magari=C3=B1os?= Date: Fri, 29 May 2026 02:10:06 -0300 Subject: [PATCH 05/10] docs: mejoras generales al README --- README.md | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 4e5d573..3ca506c 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,13 @@ ansible-galaxy role install -r ansible/requirements/roles.yml ansible-galaxy role install -r ansible/requirements/roles-mw.yml ``` +> **Nota:** Ansible ignora el `ansible.cfg` del repositorio si el directorio tiene +> permisos de escritura para todos (world-writable). Para evitar el warning y que +> se cargue la configuración correctamente, correr una vez: +> ```bash +> chmod o-w . +> ``` + Para actualizar los requerimientos: ```bash @@ -49,10 +56,10 @@ Para actualizar los requerimientos: git pull ## Si no pertenece a Mikroways actualizamos roles con el siguiente comando: -ansible-galaxy role install -r ansible/requirements/roles.yml --force-with-deps +ansible-galaxy role install -r ansible/requirements/roles.yml --force-with-deps --force ## Si pertenece a Mikroways actualizamos roles con el siguiente comando: -ansible-galaxy role install -r ansible/requirements/roles-mw.yml --force-with-deps +ansible-galaxy role install -r ansible/requirements/roles-mw.yml --force-with-deps --force ``` ## Ejecutar playbook en local @@ -67,7 +74,7 @@ actualización debemos ejecutar el siguiente comando: ansible-playbook ansible/playbooks/vm-setup.yml -i ansible/inventory/localhost.yml -K ``` -Si perteneces a Mikroways, entonces deberías además correr el siguiente playbook +Si perteneces a Mikroways, entonces deberías además correr el siguiente playbook: ```bash ansible-playbook ansible/playbooks/vm-setup-mw.yml -i ansible/inventory/localhost.yml -K @@ -141,3 +148,10 @@ vagrant up ## Para ingresar y verificar el entorno vagrant ssh ``` + +Para probar también las herramientas privadas de Mikroways (`vm-setup-mw.yml`), una vez +que la VM esté levantada: + +```bash +vagrant provision --provision-with mw +``` From e965cce98a3fc8ec0a9d791fc9d95606777bbc76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20Pablo=20S=C3=A1nchez=20Magari=C3=B1os?= Date: Fri, 29 May 2026 03:11:30 -0300 Subject: [PATCH 06/10] =?UTF-8?q?fix:=20actualizar=20bastion-inventory=20c?= =?UTF-8?q?on=20variables=20correctas=20del=20rol=20y=20documentaci=C3=B3n?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ansible/inventory/bastion-inventory.yml | 99 ++++++++++++++++++++++--- 1 file changed, 87 insertions(+), 12 deletions(-) diff --git a/ansible/inventory/bastion-inventory.yml b/ansible/inventory/bastion-inventory.yml index e68370a..50ae127 100644 --- a/ansible/inventory/bastion-inventory.yml +++ b/ansible/inventory/bastion-inventory.yml @@ -1,18 +1,93 @@ --- +# Inventario de ejemplo para bastiones remotos. Ajustar según las necesidades +# del equipo que va a usar la máquina. +# +# Variables disponibles y valores por defecto: +# https://github.com/Mikroways/ansible-workstation/tree/master/defaults/main all: vars: - ansible_user: "{{ lookup('env','USER')}}" # ajustar si el usuario remoto difiere del local + # Ajustar si el usuario remoto difiere del local + ansible_user: "{{ lookup('env','USER')}}" hosts: bastion: ansible_host: bastion-example.mikroways.net - mw_user_environment_tools_enabled: false - mw_user_environment_dotfiles_git_write_local_config: false - mw_user_environment_language_managers_enabled: false - mw_user_environment_krew_plugins_enabled: false - mw_user_environment_tf_plugins_enabled: false - mw_user_environment_helm_plugins_enabled: false - mw_user_environment_install_dotfiles: true - mw_podman_enabled: false - mw_docker_enabled: false - mw_workstation_local_packages_only: - - kubectl + + # Docker no suele necesitarse en un bastion + workstation_docker_enabled: false + + # Los dotfiles configuran zsh, aliases y el entorno de shell. + # En un bastion se suelen desactivar para evitar problemas de + # compatibilidad o configuración no deseada. + workstation_dotfiles_enabled: false + + # Herramientas binarias a instalar (navi, govc, amtool, promtool, certinfo, + # gitlab-runner, fzf, sonobuoy). Por defecto instala todas. + # Ver https://github.com/Mikroways/ansible-workstation/blob/main/defaults/main/tools.yml + # Para limitar a las necesarias: + # workstation_tools_only: + # - navi + # - fzf + # OJO: workstation_tools_only: [] instala TODAS (lista vacía = sin filtro). + # Para no instalar ninguna hay que vaciar la lista superior + workstation_tools: [] + + # Herramientas de asdf a instalar. + # Por defecto instala todo el stack completo + # Ver https://github.com/Mikroways/ansible-workstation/blob/main/defaults/main/asdf.yml + # + # NOTA: se usa "latest" como ejemplo pero en entornos de producción se + # recomienda pinear versiones específicas para evitar cambios inesperados, + # por ejemplo: version: ["1.31.0"] + workstation_asdf_tools: + kubectl: + version: [latest] + helm: + version: [latest] + krew: + version: [latest] + terraform: + version: [latest] + terragrunt: + version: [latest] + tflint: + version: [latest] + sops: + version: [latest] + age: + version: [latest] + jq: + version: [latest] + yq: + version: [latest] + direnv: + version: [latest] + awscli: + version: [latest] + sshuttle: + version: [latest] + teleport-ent: + version: [latest] + + # Plugins de krew (kubectl) + # Ver https://github.com/Mikroways/ansible-workstation/blob/main/defaults/main/krew-plugins.yml + workstation_krew_plugins: + - ctx + - ns + - oidc-login + - view-secret + - access-matrix + + # Plugins de Helm + # Ver https://github.com/Mikroways/ansible-workstation/blob/main/defaults/main/helm-plugins.yml + workstation_helm_plugins: + - name: diff + repo: https://github.com/databus23/helm-diff + - name: secrets + repo: https://github.com/jkroepke/helm-secrets + + # Proxy (si el bastion está detrás de un proxy corporativo) + # Ver https://github.com/Mikroways/ansible-workstation/blob/main/defaults/main/proxy.yml + # workstation_proxy_enabled: true + # workstation_proxy_http: http://proxy.example.com:3128 + # workstation_proxy_https: http://proxy.example.com:3128 + # workstation_proxy_no_proxy: localhost,127.0.0.1,.example.com From 6e29bfe5f7c6204a914f1cfb7f09ef73e29390b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20Pablo=20S=C3=A1nchez=20Magari=C3=B1os?= Date: Fri, 29 May 2026 07:09:30 -0300 Subject: [PATCH 07/10] chore: bump mikroways.workstation a 2.6.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix systemd-resolved en Debian, mejoras de CI y actualización de dependencias (geerlingguy.docker 8.0.0, molecule-plugins 25.8.12). --- README.md | 3 ++- ansible/requirements/roles.yml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3ca506c..fc8a24c 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,7 @@ ansible-galaxy role install -r ansible/requirements/roles-mw.yml > **Nota:** Ansible ignora el `ansible.cfg` del repositorio si el directorio tiene > permisos de escritura para todos (world-writable). Para evitar el warning y que > se cargue la configuración correctamente, correr una vez: +> > ```bash > chmod o-w . > ``` @@ -100,7 +101,7 @@ El playbook sigue la siguiente serie de pasos: wrapper para descargar binarios. 1. Configura [asdf](https://asdf-vm.com/) y prepara una serie de plugins y versiones de productos. -1. Crea las configuraciones propias del entorno dejandolas a disposicion en el +1. Crea las configuraciones propias del entorno dejándolas a disposición en el directorio `~/.mikroways/dotfiles`. 1. (opcional) Si se indico la instalación de las herramientas de Mikroways, entonces estas se instalaran en la carpeta `~/.mikroways/tools`. diff --git a/ansible/requirements/roles.yml b/ansible/requirements/roles.yml index a841e0a..8c614d1 100644 --- a/ansible/requirements/roles.yml +++ b/ansible/requirements/roles.yml @@ -1,2 +1,2 @@ - name: mikroways.workstation - version: 2.5.0 + version: 2.6.0 From 41eeb710f182e609b833866ed43c74ff080f8b49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20Pablo=20S=C3=A1nchez=20Magari=C3=B1os?= Date: Fri, 29 May 2026 09:29:40 -0300 Subject: [PATCH 08/10] fix: corregir sintaxis de provision en Vagrantfile --- Vagrantfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Vagrantfile b/Vagrantfile index 8011165..0480f31 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -20,7 +20,7 @@ Vagrant.configure("2") do |config| # Para probar vm-setup-mw.yml (herramientas privadas de Mikroways): # vagrant provision --provision-with mw - config.vm.provision :ansible, run: "never", name: "mw" do |ansible| + config.vm.provision "mw", type: :ansible, run: "never" do |ansible| ansible.galaxy_role_file = "ansible/requirements/roles-mw.yml" ansible.playbook = "ansible/playbooks/vm-setup-mw.yml" ansible.raw_ssh_args = ["-o ForwardAgent=yes"] From e173ab6a5cf9b2925bce2037e628231c8d7b7796 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20Pablo=20S=C3=A1nchez=20Magari=C3=B1os?= Date: Fri, 29 May 2026 09:49:51 -0300 Subject: [PATCH 09/10] =?UTF-8?q?fix:=20usar=20python=20del=20sistema=20en?= =?UTF-8?q?=20lugar=20del=20venv=20para=20m=C3=B3dulos=20ansible=20en=20lo?= =?UTF-8?q?calhost?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Revierte el comportamiento introducido en ff3d635 que usaba ansible_playbook_python como intérprete. Eso rompía módulos que dependen de librerías del sistema (ej. python3-debian requerido por apt_repository de geerlingguy.docker) ya que el venv no las tiene disponibles. --- ansible/inventory/localhost.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/inventory/localhost.yml b/ansible/inventory/localhost.yml index f983dc6..c598a5e 100644 --- a/ansible/inventory/localhost.yml +++ b/ansible/inventory/localhost.yml @@ -1,7 +1,7 @@ --- all: vars: - ansible_python_interpreter: "{{ ansible_playbook_python }}" + ansible_python_interpreter: /usr/bin/python3 ansible_connection: local ansible_user: "{{ lookup('env','USER')}}" From 01bc79c9418ae491caa13806048cc1513f34b21e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20Pablo=20S=C3=A1nchez=20Magari=C3=B1os?= Date: Fri, 29 May 2026 10:50:41 -0300 Subject: [PATCH 10/10] feat: habilitar SSH agent forwarding en vagrant ssh --- Vagrantfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Vagrantfile b/Vagrantfile index 0480f31..15426da 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -4,6 +4,8 @@ Vagrant.configure("2") do |config| config.vm.box = "ubuntu/jammy64" + config.ssh.forward_agent = true + config.vm.provider "virtualbox" do |vb| vb.memory = "4096" end