From cb912cfed637a7738a84e11a1b9c2b8b73ab2bf9 Mon Sep 17 00:00:00 2001 From: Paul Harkink Date: Sat, 28 Feb 2026 20:04:01 +0100 Subject: [PATCH] Split host/vm scripts and fix Argo tunnel workflow --- README.md | 10 ++++---- Vagrantfile | 2 +- docs/01-argocd-bootstrap.md | 2 +- docs/04-tekton-pipeline.md | 4 +-- docs/presentation/final-talk.md | 2 +- scripts/argocd-ui-tunnel.ps1 | 18 ------------- scripts/argocd-ui-tunnel.sh | 24 ----------------- scripts/host/argocd-ui-tunnel.ps1 | 24 +++++++++++++++++ scripts/host/argocd-ui-tunnel.sh | 30 ++++++++++++++++++++++ scripts/{ => host}/bootstrap-from-host.ps1 | 21 ++++++--------- scripts/{ => host}/bootstrap-from-host.sh | 18 +++++-------- scripts/vm/argocd-port-forward.sh | 5 ++++ scripts/{ => vm}/bootstrap.sh | 8 +++--- scripts/{ => vm}/set-git-credentials.sh | 2 +- scripts/vm/start-argocd-port-forward.sh | 26 +++++++++++++++++++ 15 files changed, 115 insertions(+), 81 deletions(-) delete mode 100644 scripts/argocd-ui-tunnel.ps1 delete mode 100755 scripts/argocd-ui-tunnel.sh create mode 100644 scripts/host/argocd-ui-tunnel.ps1 create mode 100755 scripts/host/argocd-ui-tunnel.sh rename scripts/{ => host}/bootstrap-from-host.ps1 (58%) rename scripts/{ => host}/bootstrap-from-host.sh (72%) create mode 100755 scripts/vm/argocd-port-forward.sh rename scripts/{ => vm}/bootstrap.sh (96%) rename scripts/{ => vm}/set-git-credentials.sh (93%) create mode 100755 scripts/vm/start-argocd-port-forward.sh diff --git a/README.md b/README.md index 5fa4fc0..ea8367f 100644 --- a/README.md +++ b/README.md @@ -40,21 +40,21 @@ vagrant up ``` 3. Run bootstrap vanaf je host (script voert bootstrap in de VM uit). ```bash -./scripts/bootstrap-from-host.sh +./scripts/host/bootstrap-from-host.sh ``` ```powershell -./scripts/bootstrap-from-host.ps1 +./scripts/host/bootstrap-from-host.ps1 ``` 4. Open ArgoCD UI via tunnel. ```bash -./scripts/argocd-ui-tunnel.sh +./scripts/host/argocd-ui-tunnel.sh ``` ```powershell -./scripts/argocd-ui-tunnel.ps1 +./scripts/host/argocd-ui-tunnel.ps1 ``` 5. Open in je browser: ```text -https://localhost:8080 +http://localhost:8080 ``` Volg daarna de oefeningen in volgorde. Zie [docs/vm-setup.md](docs/vm-setup.md) als er iets misgaat bij de VM. diff --git a/Vagrantfile b/Vagrantfile index 2ebc466..2a48e28 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -110,7 +110,7 @@ $provision = <<-SHELL echo " VM provisioned successfully!" echo " SSH: vagrant ssh" echo " Next step: follow docs/vm-setup.md to verify, then" - echo " run scripts/bootstrap.sh to install ArgoCD" + echo " run ./scripts/host/bootstrap-from-host.sh to install ArgoCD" echo "════════════════════════════════════════════════════════" SHELL diff --git a/docs/01-argocd-bootstrap.md b/docs/01-argocd-bootstrap.md index 0f29035..8e03442 100644 --- a/docs/01-argocd-bootstrap.md +++ b/docs/01-argocd-bootstrap.md @@ -32,7 +32,7 @@ kubectl get nodes ### 1. Bootstrap-script uitvoeren ```bash -./scripts/bootstrap.sh +./scripts/vm/bootstrap.sh ``` Het script doet het volgende: diff --git a/docs/04-tekton-pipeline.md b/docs/04-tekton-pipeline.md index 81ed657..58d0eef 100644 --- a/docs/04-tekton-pipeline.md +++ b/docs/04-tekton-pipeline.md @@ -185,7 +185,7 @@ git push De pipeline moet kunnen pushen naar jouw fork. Maak een GitHub PAT aan met `repo`-scope en voer dan uit: ```bash -./scripts/set-git-credentials.sh +./scripts/vm/set-git-credentials.sh ``` Dit maakt een Kubernetes Secret aan in de cluster — **het PAT komt niet in Git**. @@ -261,7 +261,7 @@ kubectl apply -f manifests/ci/pipeline/pipelinerun.yaml | Symptoom | Oplossing | |----------|-----------| | PipelineRun blijft "Running" | `kubectl describe pipelinerun -n tekton-pipelines bump-podinfo-to-670` | -| Secret `git-credentials` niet gevonden | Voer `./scripts/set-git-credentials.sh` uit | +| Secret `git-credentials` niet gevonden | Voer `./scripts/vm/set-git-credentials.sh` uit | | Push mislukt: 403 Forbidden | PAT heeft onvoldoende rechten — `repo`-scope vereist | | ArgoCD synchroniseert niet | Klik **Refresh** in de UI | diff --git a/docs/presentation/final-talk.md b/docs/presentation/final-talk.md index 1a3c762..ce6014e 100644 --- a/docs/presentation/final-talk.md +++ b/docs/presentation/final-talk.md @@ -89,7 +89,7 @@ PR: "bump API naar v2.3.1-hotfix" **Drift detection**: Als iemand direct `kubectl apply` doet, ziet ArgoCD drift en kan het automatisch terugdraaien. De cluster convergeert altijd terug naar wat in Git staat. -**Disaster recovery**: Cluster weg? `vagrant up` + `./scripts/bootstrap.sh` + `kubectl apply -f apps/root.yaml` en ArgoCD bouwt alles opnieuw op. Git is je backup. +**Disaster recovery**: Cluster weg? `vagrant up` + `./scripts/vm/bootstrap.sh` + `kubectl apply -f apps/root.yaml` en ArgoCD bouwt alles opnieuw op. Git is je backup. **Samenwerking tussen teams**: Developers openen PR's voor deploys. Ops reviewt manifest-wijzigingen. Geen SSH-sleutels op productie nodig. diff --git a/scripts/argocd-ui-tunnel.ps1 b/scripts/argocd-ui-tunnel.ps1 deleted file mode 100644 index 6827de7..0000000 --- a/scripts/argocd-ui-tunnel.ps1 +++ /dev/null @@ -1,18 +0,0 @@ -Set-StrictMode -Version Latest -$ErrorActionPreference = 'Stop' - -$RepoRoot = Split-Path -Parent $PSScriptRoot -Set-Location $RepoRoot - -$status = vagrant status --machine-readable | Out-String -if ($status -notmatch ',state,running') { - Write-Host '[ops-demo] VM is not running; starting with vagrant up...' - vagrant up -} - -Write-Host '[ops-demo] Ensuring VM-side port-forward is running...' -vagrant ssh -c "export KUBECONFIG=/home/vagrant/.kube/config; pgrep -f 'kubectl -n argocd port-forward svc/argocd-server 8080:443' >/dev/null || nohup kubectl -n argocd port-forward svc/argocd-server 8080:443 >/tmp/argocd-port-forward.log 2>&1 &" | Out-Null - -Write-Host '[ops-demo] Opening SSH tunnel localhost:8080 -> VM:8080' -Write-Host '[ops-demo] Keep this terminal open while using https://localhost:8080' -vagrant ssh -- -L 8080:127.0.0.1:8080 diff --git a/scripts/argocd-ui-tunnel.sh b/scripts/argocd-ui-tunnel.sh deleted file mode 100755 index e8ed3e1..0000000 --- a/scripts/argocd-ui-tunnel.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -REPO_ROOT="$(cd "${SCRIPT_DIR}/.." && pwd)" -cd "${REPO_ROOT}" - -command -v vagrant >/dev/null 2>&1 || { - echo "ERROR: required command not found: vagrant" >&2 - exit 1 -} - -echo "[ops-demo] Checking VM status..." -if ! vagrant status --machine-readable | rg -q ',state,running'; then - echo "[ops-demo] VM is not running; starting with vagrant up..." - vagrant up -fi - -echo "[ops-demo] Ensuring VM-side port-forward is running..." -vagrant ssh -c "export KUBECONFIG=/home/vagrant/.kube/config; pgrep -f 'kubectl -n argocd port-forward svc/argocd-server 8080:443' >/dev/null || nohup kubectl -n argocd port-forward svc/argocd-server 8080:443 >/tmp/argocd-port-forward.log 2>&1 &" >/dev/null - -echo "[ops-demo] Opening SSH tunnel localhost:8080 -> VM:8080" -echo "[ops-demo] Keep this terminal open while using https://localhost:8080" -vagrant ssh -- -L 8080:127.0.0.1:8080 diff --git a/scripts/host/argocd-ui-tunnel.ps1 b/scripts/host/argocd-ui-tunnel.ps1 new file mode 100644 index 0000000..c35cc4f --- /dev/null +++ b/scripts/host/argocd-ui-tunnel.ps1 @@ -0,0 +1,24 @@ +Set-StrictMode -Version Latest +$ErrorActionPreference = 'Stop' + +$RepoRoot = Split-Path -Parent (Split-Path -Parent $PSScriptRoot) +Set-Location $RepoRoot + +$status = vagrant status --machine-readable | Out-String +if ($status -notmatch ',state,running') { + Write-Host '[ops-demo] VM is not running; starting with vagrant up...' + vagrant up +} + +$check = netstat -ano | Select-String ':8080' +if ($check) { + throw 'localhost:8080 is already in use. Stop that process first.' +} + +Write-Host '[ops-demo] Starting VM-side ArgoCD port-forward...' +vagrant ssh -c "cd /vagrant && ./scripts/vm/start-argocd-port-forward.sh" | Out-Null + +Write-Host '[ops-demo] Starting SSH tunnel localhost:8080 -> VM:8080' +Write-Host '[ops-demo] Tunnel actief. Open: http://localhost:8080' +Write-Host '[ops-demo] Stoppen met Ctrl+C.' +vagrant ssh -- -N -o ExitOnForwardFailure=yes -o ServerAliveInterval=30 -L 8080:127.0.0.1:8080 diff --git a/scripts/host/argocd-ui-tunnel.sh b/scripts/host/argocd-ui-tunnel.sh new file mode 100755 index 0000000..72aa4ee --- /dev/null +++ b/scripts/host/argocd-ui-tunnel.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +REPO_ROOT="$(cd "${SCRIPT_DIR}/../.." && pwd)" +cd "${REPO_ROOT}" + +command -v vagrant >/dev/null 2>&1 || { + echo "ERROR: required command not found: vagrant" >&2 + exit 1 +} + +echo "[ops-demo] Checking VM status..." +if ! vagrant status --machine-readable | rg -q ',state,running'; then + echo "[ops-demo] VM is not running; starting with vagrant up..." + vagrant up +fi + +if command -v lsof >/dev/null 2>&1 && lsof -nP -iTCP:8080 -sTCP:LISTEN >/dev/null 2>&1; then + echo "ERROR: localhost:8080 is already in use. Stop that process first." + exit 1 +fi + +echo "[ops-demo] Starting VM-side ArgoCD port-forward..." +vagrant ssh -c "cd /vagrant && ./scripts/vm/start-argocd-port-forward.sh" + +echo "[ops-demo] Starting SSH tunnel localhost:8080 -> VM:8080" +echo "[ops-demo] Tunnel actief. Open: http://localhost:8080" +echo "[ops-demo] Stoppen met Ctrl+C." +exec vagrant ssh -- -N -o ExitOnForwardFailure=yes -o ServerAliveInterval=30 -L 8080:127.0.0.1:8080 diff --git a/scripts/bootstrap-from-host.ps1 b/scripts/host/bootstrap-from-host.ps1 similarity index 58% rename from scripts/bootstrap-from-host.ps1 rename to scripts/host/bootstrap-from-host.ps1 index d9ff089..31b0b8e 100644 --- a/scripts/bootstrap-from-host.ps1 +++ b/scripts/host/bootstrap-from-host.ps1 @@ -1,22 +1,17 @@ Set-StrictMode -Version Latest $ErrorActionPreference = 'Stop' -$RepoRoot = Split-Path -Parent $PSScriptRoot +$RepoRoot = Split-Path -Parent (Split-Path -Parent $PSScriptRoot) Set-Location $RepoRoot -function Ensure-VagrantRunning { - $status = vagrant status --machine-readable | Out-String - if ($status -notmatch ',state,running') { - Write-Host '[ops-demo] VM is not running; starting with vagrant up...' - vagrant up - } +$status = vagrant status --machine-readable | Out-String +if ($status -notmatch ',state,running') { + Write-Host '[ops-demo] VM is not running; starting with vagrant up...' + vagrant up } -Write-Host '[ops-demo] Checking VM status...' -Ensure-VagrantRunning - Write-Host '[ops-demo] Running bootstrap in VM...' -$output = vagrant ssh -c "export KUBECONFIG=/home/vagrant/.kube/config; cd /vagrant && ./scripts/bootstrap.sh" | Out-String +$output = vagrant ssh -c "cd /vagrant && ./scripts/vm/bootstrap.sh" | Out-String Write-Host $output $password = $null @@ -39,5 +34,5 @@ if ($password) { Write-Host '' Write-Host 'Next step to open ArgoCD UI from host:' -Write-Host ' ./scripts/argocd-ui-tunnel.ps1' -Write-Host 'Then browse: https://localhost:8080' +Write-Host ' ./scripts/host/argocd-ui-tunnel.ps1' +Write-Host 'Then browse: http://localhost:8080' diff --git a/scripts/bootstrap-from-host.sh b/scripts/host/bootstrap-from-host.sh similarity index 72% rename from scripts/bootstrap-from-host.sh rename to scripts/host/bootstrap-from-host.sh index e73c721..d3d7484 100755 --- a/scripts/bootstrap-from-host.sh +++ b/scripts/host/bootstrap-from-host.sh @@ -2,18 +2,14 @@ set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -REPO_ROOT="$(cd "${SCRIPT_DIR}/.." && pwd)" +REPO_ROOT="$(cd "${SCRIPT_DIR}/../.." && pwd)" cd "${REPO_ROOT}" -require_cmd() { - command -v "$1" >/dev/null 2>&1 || { - echo "ERROR: required command not found: $1" >&2 - exit 1 - } +command -v vagrant >/dev/null 2>&1 || { + echo "ERROR: required command not found: vagrant" >&2 + exit 1 } -require_cmd vagrant - echo "[ops-demo] Checking VM status..." if ! vagrant status --machine-readable | rg -q ',state,running'; then echo "[ops-demo] VM is not running; starting with vagrant up..." @@ -24,7 +20,7 @@ log_file="$(mktemp)" trap 'rm -f "${log_file}"' EXIT echo "[ops-demo] Running bootstrap in VM..." -vagrant ssh -c "export KUBECONFIG=/home/vagrant/.kube/config; cd /vagrant && ./scripts/bootstrap.sh" | tee "${log_file}" +vagrant ssh -c "cd /vagrant && ./scripts/vm/bootstrap.sh" | tee "${log_file}" password="$(sed -n 's/.*ArgoCD admin-wachtwoord: //p' "${log_file}" | tail -n 1 | tr -d '\r')" if [[ -z "${password}" ]]; then @@ -41,5 +37,5 @@ fi echo "" echo "Next step to open ArgoCD UI from host:" -echo " ./scripts/argocd-ui-tunnel.sh" -echo "Then browse: https://localhost:8080" +echo " ./scripts/host/argocd-ui-tunnel.sh" +echo "Then browse: http://localhost:8080" diff --git a/scripts/vm/argocd-port-forward.sh b/scripts/vm/argocd-port-forward.sh new file mode 100755 index 0000000..559abf8 --- /dev/null +++ b/scripts/vm/argocd-port-forward.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash +set -euo pipefail + +export KUBECONFIG=/home/vagrant/.kube/config +exec kubectl -n argocd port-forward svc/argocd-server 8080:443 --address 127.0.0.1 diff --git a/scripts/bootstrap.sh b/scripts/vm/bootstrap.sh similarity index 96% rename from scripts/bootstrap.sh rename to scripts/vm/bootstrap.sh index 81f4d47..232d90a 100755 --- a/scripts/bootstrap.sh +++ b/scripts/vm/bootstrap.sh @@ -4,7 +4,7 @@ # # Gebruik: # cd /vagrant -# ./scripts/bootstrap.sh +# ./scripts/vm/bootstrap.sh # # Wat het doet: # 1. Detecteert de URL van jouw fork op basis van de git remote @@ -19,7 +19,7 @@ set -euo pipefail ARGOCD_NAMESPACE="argocd" ARGOCD_CHART_VERSION="7.7.11" -REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" +REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)" EXPECTED_NODE_NAME="ops-demo" EXPECTED_HOST_ONLY_IP="$(awk -F'"' '/^HOST_ONLY_IP = "/ {print $2; exit}' "${REPO_ROOT}/Vagrantfile" 2>/dev/null || true)" EXPECTED_HOST_ONLY_IP="${EXPECTED_HOST_ONLY_IP:-192.168.56.10}" @@ -153,11 +153,11 @@ if [[ -n "${SSH_CONNECTION:-}" ]]; then echo " Je draait via SSH (headless VM). Gebruik deze flow:" echo " 1) Op je laptop: vagrant ssh -- -L 8080:127.0.0.1:8080" echo " 2) In die VM-shell: kubectl port-forward svc/argocd-server -n argocd 8080:443" - echo " 3) Open op je laptop: https://localhost:8080 (login: admin / ${ARGOCD_PASSWORD})" + echo " 3) Open op je laptop: http://localhost:8080 (login: admin / ${ARGOCD_PASSWORD})" else echo " Open de ArgoCD UI — voer dit uit in een nieuw terminal:" echo " kubectl port-forward svc/argocd-server -n argocd 8080:443" - echo " Dan: https://localhost:8080 (login: admin / ${ARGOCD_PASSWORD})" + echo " Dan: http://localhost:8080 (login: admin / ${ARGOCD_PASSWORD})" fi echo "" echo " apps/root.yaml is aangemaakt met jouw fork-URL." diff --git a/scripts/set-git-credentials.sh b/scripts/vm/set-git-credentials.sh similarity index 93% rename from scripts/set-git-credentials.sh rename to scripts/vm/set-git-credentials.sh index 9c6a786..847e53c 100755 --- a/scripts/set-git-credentials.sh +++ b/scripts/vm/set-git-credentials.sh @@ -2,7 +2,7 @@ # set-git-credentials.sh — Create the git-credentials Secret for the Tekton pipeline. # # Usage: -# ./scripts/set-git-credentials.sh +# ./scripts/vm/set-git-credentials.sh # # The PAT needs: repo (read + write) scope. # The Secret is NOT stored in git — it lives only in the cluster. diff --git a/scripts/vm/start-argocd-port-forward.sh b/scripts/vm/start-argocd-port-forward.sh new file mode 100755 index 0000000..f77101c --- /dev/null +++ b/scripts/vm/start-argocd-port-forward.sh @@ -0,0 +1,26 @@ +#!/usr/bin/env bash +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +LOG_FILE="/tmp/argocd-port-forward.log" +PID_FILE="/tmp/argocd-port-forward.pid" + +# Kill any process currently listening on VM localhost:8080. +# We intentionally target the listener port, not a command pattern. +if command -v lsof >/dev/null 2>&1; then + pids="$(lsof -t -iTCP:8080 -sTCP:LISTEN 2>/dev/null || true)" + if [[ -n "${pids}" ]]; then + kill ${pids} >/dev/null 2>&1 || true + sleep 1 + fi +fi + +nohup "${SCRIPT_DIR}/argocd-port-forward.sh" >"${LOG_FILE}" 2>&1 "${PID_FILE}" + +sleep 1 +if ! kill -0 "$(cat "${PID_FILE}")" >/dev/null 2>&1; then + echo "ERROR: failed to start VM-side ArgoCD port-forward." >&2 + tail -n 40 "${LOG_FILE}" >&2 || true + exit 1 +fi