zware/JFrog-Cloud-Installers
1
0
Fork 0
mirror of https://github.com/ZwareBear/JFrog-Cloud-Installers.git synced 2026-01-21 12:06:56 -06:00
Code Issues Packages Projects Releases Wiki Activity

Structured files into more logical form

Browse Source
This commit is contained in:
Arturo Aparicio
2019-11-26 15:44:29 -08:00
parent d00fa3f2f7
commit 1e13be4f22
42 changed files with 46 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

399
JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/templates/jfrog-jcr6-ecs-ec2.template.yaml Executable file
View File

@@ -0,0 +1,399 @@
AWSTemplateFormatVersion: "2010-09-09"
Description: "Deploys the EC2 Autoscaling, LaunchConfig, ECS Cluster, and calls nested Stack for the ECS Service"
Parameters:
PrivateSubnet1ID:
Type: 'AWS::EC2::Subnet::Id'
PrivateSubnet2ID:
Type: 'AWS::EC2::Subnet::Id'
MinScalingNodes:
Type: Number
MaxScalingNodes:
Type: Number
InstanceType:
Type: String
VolumeSize:
Type: Number
ClusterName:
Description: Desired name for your cluster.
Default: JFrog
Type: String
CreateNewECSCluster:
Description: Whether to create the ECS Cluster with given name or not.
Default: Enabled
Type: String
DeploymentTag:
Type: String
NumberOfSecondary:
Type: Number
ArtifactoryLicense1:
Type: String
ArtifactoryLicense2:
Type: String
ArtifactoryLicense3:
Type: String
ArtifactoryLicense4:
Type: String
ArtifactoryServerName:
Type: String
CertificateDomain:
Type: String
ArtifactoryIAMAcessKey:
Type: String
NoEcho: 'true'
SecretAccessKey:
Type: String
NoEcho: 'true'
ArtifactoryS3Bucket:
Type: String
CertificateKey:
Type: String
NoEcho: 'true'
Certificate:
Type: String
DBType:
Type: String
DBPluginUrl:
Default: https://bintray.com/artifact/download/bintray/jcenter/mysql/mysql-connector-java/5.1.38/mysql-connector-java-5.1.38.jar
Type: String
DBPlugin:
Default: mysql-connector-java-5.1.38.jar
Type: String
ArtifactoryDBEndpointAddress:
Type: String
DatabaseName:
Type: String
DatabaseUser:
Type: String
DatabasePassword:
NoEcho: 'true'
Type: String
MasterKey:
Type: String
NoEcho: 'true'
ExtraJavaOptions:
Type: String
ArtifactoryVersion:
Type: String
KeyPairName:
Type: AWS::EC2::KeyPair::KeyName
ArtifactoryTargetGroupArn:
Type: String
SecurityGroups:
Type: String
AnsibleVaultPass:
Description: Ansiblevault Password to secure the artifactory.yml
NoEcho: 'true'
Type: String
QSS3BucketName:
Type: String
QSS3KeyPrefix:
Type: String
Mappings:
AWSAMIRegionMap:
#AMI:
# AMZECSOTP: amzn-ami-2018.03.a-amazon-ecs-optimized
us-east-2:
AMI: ami-0307f7ccf6ea35750
us-east-1:
AMI: ami-045f1b3f87ed83659
us-west-2:
AMI: ami-01b70aea4161476b7
us-west-1:
AMI: ami-0285183bbef6224bd
eu-west-3:
AMI: ami-0f4738fbeb53e6c3a
eu-west-2:
AMI: ami-01bee3897bba49d78
eu-west-1:
AMI: ami-0627e141ce928067c
eu-central-1:
AMI: ami-0eaa3baf6969912ba
eu-north-1:
AMI: ami-03494b0c9e1c22492
ap-northeast-2:
AMI: ami-00294948a592fc052
ap-northeast-1:
AMI: ami-05b296a384694dfa4
ap-southeast-2:
AMI: ami-02c73ee1100ce3e7a
ap-southeast-1:
AMI: ami-050865a806e0dae53
ca-central-1:
AMI: ami-0f552e0a86f08b660
ap-south-1:
AMI: ami-01ef9f6a829ae3956
sa-east-1:
AMI: ami-084b1eee100c102ee
Conditions:
CreateECSCluster: !Equals [!Ref 'CreateNewECSCluster', 'Enabled']
GovCloudCondition: !Equals
- !Ref 'AWS::Region'
- us-gov-west-1
Resources:
ECSRole:
Type: AWS::IAM::Role
Properties:
Path: /
RoleName: !Sub
${ClusterName}-ECSRole-${AWS::Region}
AssumeRolePolicyDocument:
Statement:
- Action:
- sts:AssumeRole
Principal:
Service:
- ecs-tasks.amazonaws.com
- ec2.amazonaws.com
- ecs.amazonaws.com
Effect: Allow
Version: 2012-10-17
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM'
- arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
- arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role
Policies:
- PolicyName: ecs-service
PolicyDocument:
Statement:
- Effect: Allow
Action:
- ecs:ListClusters
- ecs:ListServices
- ecs:DescribeServices
- ecr:ListImages
- ecs:RegisterTaskDefinition
- ecs:CreateService
- ecs:ListTasks
- ecs:DescribeTasks
- ecs:CreateService
- ecs:DeleteService
- ecs:UpdateService
- ecs:DescribeContainerInstances
- ecs:DescribeTaskDefinition
- application-autoscaling:DescribeScalableTargets
- iam:ListRoles
Resource: "*"
ECSInstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: /
Roles:
- !Ref ECSRole
ECSCluster:
Condition: CreateECSCluster
Type: AWS::ECS::Cluster
Properties:
ClusterName: !Ref ClusterName
ArtifactoryScalingGroup:
Type: 'AWS::AutoScaling::AutoScalingGroup'
Properties:
AutoScalingGroupName: ArtifactoryECSEC2ScaleGroup
LaunchConfigurationName: !Ref ArtifactoryLaunchConfiguration
VPCZoneIdentifier:
- !Ref PrivateSubnet1ID
- !Ref PrivateSubnet2ID
MinSize: !Ref MinScalingNodes
MaxSize: !Ref MaxScalingNodes
Cooldown: '300'
DesiredCapacity: !Ref MinScalingNodes
HealthCheckType: EC2
HealthCheckGracePeriod: 600
Tags:
- Key: Name
Value: !Ref DeploymentTag
PropagateAtLaunch: true
CreationPolicy:
ResourceSignal:
Count: 1
Timeout: PT30M
ArtifactoryLaunchConfiguration:
Type: 'AWS::AutoScaling::LaunchConfiguration'
Metadata:
'AWS::CloudFormation::Authentication':
S3AccessCreds:
type: S3
roleName:
- !Ref ECSRole
buckets:
- !Ref QSS3BucketName
'AWS::CloudFormation::Init':
configSets:
artifactory_install:
- "config-artifactory-master"
- "secure-artifactory"
config-artifactory-master:
files:
/root/.artifactory_ansible/artifactory.yml:
content: !Sub
- |
# Base install for Artifactory
- import_playbook: site-artifactory.yml
vars:
ecs_deployment: true
artifactory_hostname: artifactory
ssl_dir: /data/jfrog/nginx/ssl/
key_dir: /data/jfrog/nginx/ssl/
artifactory_license1: ${ArtifactoryLicense1}
artifactory_license2: ${ArtifactoryLicense2}
artifactory_license3: ${ArtifactoryLicense3}
artifactory_license4: ${ArtifactoryLicense4}
s3_endpoint: s3.${AWS::Region}.amazonaws.com
s3_access_key: ${ArtifactoryIAMAcessKey}
s3_access_secret_key: ${SecretAccessKey}
s3_bucket: ${ArtifactoryS3Bucket}
artifactory_server_name: ${ArtifactoryServerName}
certificate_domain: ${CertificateDomain}
certificate: ${cert}
certificate_key: ${cert_key}
java_mysql_driver:
url: ${DBPluginUrl}
dest: /data/jfrog/artifactory/plugins/${DBPlugin}
owner: root
group: root
rds_cert:
url: https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem
dest: /data/jfrog/artifactory/java_certs/rds-combined-ca-bundle.pem
owner: root
group: root
- cert: !Base64
"Fn::Sub": "${Certificate}"
cert_key: !Base64
"Fn::Sub": "${CertificateKey}"
mode: "0400"
/root/.vault_pass.txt:
content: !Sub |
${AnsibleVaultPass}
mode: "0400"
/root/.secureit.sh:
content: /usr/local/bin/ansible-vault encrypt /root/.artifactory_ansible/artifactory.yml --vault-id /root/.vault_pass.txt
mode: "0770"
secure-artifactory:
commands:
'secure ansible playbook':
command: '/root/.secureit.sh'
ignoreErrors: 'false'
Properties:
AssociatePublicIpAddress: false
KeyName: !Ref KeyPairName
IamInstanceProfile: !Ref ECSInstanceProfile
ImageId: !FindInMap
- AWSAMIRegionMap
- !Ref 'AWS::Region'
- AMI
SecurityGroups:
- !Ref SecurityGroups
InstanceType: !Ref InstanceType
LaunchConfigurationName: ArtifactoryECSEC2LaunchConfig
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
VolumeSize: !Ref VolumeSize
VolumeType: gp2
DeleteOnTermination: true
UserData: !Base64
'Fn::Sub':
- >
#!/bin/bash -x
#CFN Functions
function cfn_fail
{
cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region}
--resource ArtifactoryScalingGroup
exit 1
}
function cfn_success
{
cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region}
--resource ArtifactoryScalingGroup
exit 0
}
echo ECS_CLUSTER=${ClusterName} >> /etc/ecs/ecs.config
S3URI=https://${QSS3BucketName}.${S3Region}.amazonaws.com/${QSS3KeyPrefix}
yum install -y git
echo $PATH
PATH=/usr/local/bin/:/opt/aws/bin:$PATH
echo $PATH
echo \'[Cloning: Load QuickStart Common Utils]\'
git clone
https://github.com/aws-quickstart/quickstart-linux-utilities.git
source /quickstart-linux-utilities/quickstart-cfn-tools.source
echo \'[Loaded: Load QuickStart Common Utils]\'
echo \'[Update Operating System]\'
qs_update-os || qs_err
qs_bootstrap_pip || qs_err
qs_aws-cfn-bootstrap || qs_err
pip install awscli &> /var/log/userdata.awscli_install.log || qs_err " awscli install failed "
pip install ansible &> /var/log/userdata.ansible_install.log || qs_err " ansible install failed "
mkdir ~/.artifactory_ansible
aws s3 sync s3://${QSS3BucketName}/${QSS3KeyPrefix}scripts/ ~/.artifactory_ansible/
cfn-init -v --stack ${AWS::StackName} --resource
ArtifactoryLaunchConfiguration --configsets artifactory_install
--region ${AWS::Region} || cfn_fail
export ANSIBLE_VAULT_PASSWORD_FILE="/root/.vault_pass.txt"
/usr/local/bin/ansible-playbook /root/.artifactory_ansible/artifactory.yml
rm -rf /root/.secureit.sh
[ $(qs_status) == 0 ] && cfn_success || cfn_fail
- S3Region: !If
- GovCloudCondition
- s3-us-gov-west-1
- s3
ECSLogGroup:
Type: AWS::Logs::LogGroup
Properties:
RetentionInDays: 7
PrimaryStack:
DependsOn: ArtifactoryScalingGroup
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Sub 'https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/jfrog-jcr6-ecs.template.yaml'
Parameters:
ECSCluster: !Ref ClusterName # In case we do not build the cluster we still require the Name of the cluster built.
ServiceName: ArtifactoryPrimary
ArtifactoryTargetGroupArn: !Ref ArtifactoryTargetGroupArn
ArtifactoryVersion: !Ref ArtifactoryVersion
DBPlugin: !Ref DBPlugin
MasterKey: !Ref MasterKey
ExtraJavaOptions: !Ref ExtraJavaOptions
NumberNodes: "1"
ArtifactoryPrimary: "true"
DBType: !Ref DBType
DatabaseUser: !Ref DatabaseUser
DatabaseName: !Ref DatabaseName
DatabasePassword: !Ref DatabasePassword
ArtifactoryDBEndpointAddress: !Ref ArtifactoryDBEndpointAddress
ECSLogGroup: !Ref ECSLogGroup
ECSRoleArn:
Fn::GetAtt: ECSRole.Arn

704
JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/templates/jfrog-jcr6-ecs-existing-vpc.template.yaml Executable file
View File

@@ -0,0 +1,704 @@
AWSTemplateFormatVersion: '2010-09-09'
Description: 'JFrog Artifactory Quick Start Deployment into an Existing VPC (qs-1q037eflr)'
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: Security configuration
Parameters:
- KeyPairName
- AccessCIDR
- RemoteAccessCIDR
- Label:
default: Network Configuration
Parameters:
- VPCID
- VPCCIDR
- PublicSubnet1ID
- PublicSubnet2ID
- PrivateSubnet1ID
- PrivateSubnet2ID
- PrivateSubnet1CIDR
- PrivateSubnet2CIDR
- ELBScheme
- Label:
default: Bastion Configuration
Parameters:
- ProvisionBastionHost
- BastionInstanceType
- BastionOS
- BastionRootVolumeSize
- BastionEnableTCPForwarding
- NumBastionHosts
- BastionEnableX11Forwarding
- Label:
default: ECS Configuration
Parameters:
- ClusterName
- CreateNewECSCluster
- InstanceType
- VolumeSize
- Label:
default: JFrog Artifactory Configuration
Parameters:
- ArtifactoryVersion
- NumberOfSecondary
- NumberOfEC2Nodes
- SMLicensesName
- Certificate
- CertificateKey
- CertificateDomain
- ArtifactoryServerName
- MasterKey
- ExtraJavaOptions
- AnsibleVaultPass
- Label:
default: Amazon RDS Configuration
Parameters:
- DatabaseName
- DatabaseEngine
- DatabaseVersion
- DatabaseUser
- DatabasePassword
- DatabaseInstance
- DBAllocatedStorage
- MultiAZDatabase
- Label:
default: AWS Quick Start Configuration
Parameters:
- QSS3BucketName
- QSS3KeyPrefix
ParameterLabels:
KeyPairName:
default: SSH key name
AccessCIDR:
default: Permitted IP range
RemoteAccessCIDR:
default: Remote access CIDR
VPCID:
default: VPC ID
VPCCIDR:
default: VPC CIDR
PublicSubnet1ID:
default: Public subnet 1 ID
PublicSubnet2ID:
default: Public subnet 2 ID
PrivateSubnet1ID:
default: Private subnet 1 ID
PrivateSubnet2ID:
default: Private subnet 2 ID
PrivateSubnet1CIDR:
default: Private subnet 1 CIDR
PrivateSubnet2CIDR:
default: Private subnet 2 CIDR
ELBScheme:
default: Elastic Load Balancer scheme
ProvisionBastionHost:
default: Bastion instance
BastionInstanceType:
default: Bastion instance type
BastionRootVolumeSize:
default: Bastion root volume size
BastionEnableTCPForwarding:
default: Bastion enable TCP forwarding
BastionEnableX11Forwarding:
default: Bastion enable X11 forwarding
BastionOS:
default: Bastion operating system
NumBastionHosts:
default: Number of bastion instances
ClusterName:
default: ECS cluster name
CreateNewECSCluster:
default: Create new ECS cluster
InstanceType:
default: EC2 instance type
VolumeSize:
default: EBS root volume size
ArtifactoryVersion:
default: Artifactory version
NumberOfSecondary:
default: Number of secondary instances
NumberOfEC2Nodes:
default: Number of EC2 nodes
SMLicensesName:
default: Artifactory licenses secret name
Certificate:
default: Certificate
CertificateKey:
default: Certificate key
CertificateDomain:
default: Certificate domain
ArtifactoryServerName:
default: Artifactory server name
MasterKey:
default: Master server key
ExtraJavaOptions:
default: Extra Java options
AnsibleVaultPass:
default: Ansible Vault password
DatabaseName:
default: Database name
DatabaseEngine:
default: Database engine
DatabaseVersion:
default: Database version
DatabaseUser:
default: Database user
DatabasePassword:
default: Database password
DatabaseInstance:
default: Database instance type
DBAllocatedStorage:
default: Database allocated storage
MultiAZDatabase:
default: High available database
QSS3BucketName:
default: Quick Start S3 bucket name
QSS3KeyPrefix:
default: Quick Start S3 key prefix
Parameters:
KeyPairName:
Description: The name of an existing public/private key pair, which allows you
to securely connect to your instance after it launches.
Type: AWS::EC2::KeyPair::KeyName
AccessCIDR:
Description: The CIDR IP range that is permitted to access Artifactory.
We recommend that you set this value to a trusted IP range.
For example, you might want to grant only your corporate network access to the software.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
Type: String
RemoteAccessCIDR:
Description: The remote CIDR range for allowing SSH into the Bastion instance.
We recommend that you set this value to a trusted IP range.
For example, you might want to grant specific ranges inside your corporate network SSH access.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
Type: String
VPCID:
Description: The ID of your existing VPC (e.g., vpc-0343606e).
Type: "AWS::EC2::VPC::Id"
VPCCIDR:
Description: The CIDR block for the VPC.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/16
Type: String
PublicSubnet1ID:
Description: The ID of the public subnet in Availability Zone 1 in your existing VPC (e.g., subnet-z0376dab).
Type: "AWS::EC2::Subnet::Id"
PublicSubnet2ID:
Description: The ID of the public subnet in Availability Zone 2 in your existing VPC (e.g., subnet-a29c3d84).
Type: "AWS::EC2::Subnet::Id"
PrivateSubnet1ID:
Description: The ID of the private subnet in Availability Zone 1 in your existing VPC (e.g., subnet-a0246dcd).
Type: "AWS::EC2::Subnet::Id"
PrivateSubnet2ID:
Description: The ID of the private subnet in Availability Zone 2 in your existing VPC (e.g., subnet-b58c3d67).
Type: "AWS::EC2::Subnet::Id"
PrivateSubnet1CIDR:
Description: The CIDR of the private subnet in Availability Zone 1 in your existing VPC (e.g., 10.0.0.0/19).
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/19
Type: String
PrivateSubnet2CIDR:
Description: The CIDR of the private subnet in Availability Zone 2 in your existing VPC (e.g., 10.0.32.0/19).
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.32.0/19
Type: String
ProvisionBastionHost:
Description: Choose Disabled to skip creating a bastion instance. Due to the Artifactory nodes being
created in private subnets, the default setting of Enabled this is highly recommended.
AllowedValues:
- "Enabled"
- "Disabled"
Default: "Enabled"
Type: String
BastionInstanceType:
Description: The size of the bastion instances.
AllowedValues:
- t2.nano
- t2.micro
- t2.small
- t2.medium
- t2.large
- m3.large
- m3.xlarge
- m3.2xlarge
- m4.large
- m4.xlarge
- m4.2xlarge
- m4.4xlarge
Default: "t2.micro"
Type: String
BastionRootVolumeSize:
Description: The size of the root volume on the bastion instances.
Default: 10
Type: Number
BastionEnableTCPForwarding:
Description: Choose whether to enable TCPForwarding via the bootstrapping of the bastion instance
or not.
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
BastionEnableX11Forwarding:
Description: Choose true to enable X11 via the bootstrapping of the bastion host.
Setting this value to true will enable X Windows over SSH.
X11 forwarding can be very useful but it is also a security risk, so we recommend
that you keep the default (false) setting unless required.
AllowedValues:
- "true"
- "false"
Default: "false"
Type: String
BastionOS:
Description: The Linux distribution for the Amazon Machine Image (AMI) to be used for the bastion instances.
AllowedValues:
- "Amazon-Linux-HVM"
- "CentOS-7-HVM"
- "Ubuntu-Server-14.04-LTS-HVM"
- "Ubuntu-Server-16.04-LTS-HVM"
- "SUSE-SLES-15-HVM"
Default: "Amazon-Linux-HVM"
Type: String
NumBastionHosts:
Description: The number of bastion instances to create.
AllowedValues:
- '1'
- '2'
- '3'
- '4'
Default: '1'
Type: String
ClusterName:
Description: The name for your ECS cluster.
Default: JFrog
Type: String
CreateNewECSCluster:
Description: Choose whether to create a new ECS cluster with the name specified in the 'ClusterName' parameter.
If you choose Disabled, an ECS cluster with the name specified in the 'CluserName' parameter must already exist.
AllowedValues:
- "Enabled"
- "Disabled"
Default: "Enabled"
Type: String
InstanceType:
Description: The EC2 instance type for the Artifactory Docker hosts.
AllowedValues:
- m4.xlarge
- m4.2xlarge
- m4.4xlarge
- m4.10xlarge
ConstraintDescription: Must contain valid instance type.
Default: m4.xlarge
Type: String
VolumeSize:
Description: The size in GB of the available storage; the Quick Start will create an
Amazon Elastic Block Store (Amazon EBS) volumes of this size.
Default: 200
Type: Number
NumberOfEC2Nodes:
Description: The number of EC2 nodes to create for the ECS cluster. There must be
enough nodes to run the number of secondaries plus the primary task.
AllowedValues:
- 3
- 4
- 5
- 6
- 7
- 8
Default: 3
Type: Number
NumberOfSecondary:
Description: The number of secondary Artifactory servers to complete your
HA deployment. To fit the Artifactory best practices, the minimum number
is two; the maximum is seven. Do not select more than instances than you
have licenses for.
AllowedValues:
- 2
- 3
- 4
- 5
- 6
- 7
Default: 2
Type: Number
ArtifactoryVersion:
Description: The version of Artifactory that you want to deploy into the Quick Start.
Please see the release notes to select the version you want to deploy.
https://www.jfrog.com/confluence/display/RTF/Release+Notes
#AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$
#ConstraintDescription: A version that matches X.X.X per Artifactory releases.
Default: 6.15.0
Type: String
SMLicensesName:
Description: The secret name created in AWS Secrets Manager which contains the Artifactory licenses.
Type: String
Certificate:
Description: The certificate file to be used to terminate SSL.
AllowedPattern: ^(-----BEGIN CERTIFICATE-----)\n(.*?\n)+(-----END CERTIFICATE-----)$
ConstraintDescription: A Certificate that begins with "-----BEGIN CERTIFICATE----- " and ends with "-----END CERTIFICATE----- "
Type: String
CertificateKey:
Description: The private key for the certificate.
AllowedPattern: ^(-----BEGIN [A-Za-z ]+ KEY-----)\n(.*?\n)+(-----END [A-Za-z ]+ KEY-----)$
ConstraintDescription: A Private key that begins with "-----BEGIN PRIVATE KEY-----" and ends with "-----END PRIVATE KEY-----"
NoEcho: 'true'
Type: String
CertificateDomain:
Description: The domain matching that of the certificate. Ensure that it matches your certificate.
AllowedPattern: ^[A-Za-z0-9]+[.A-Za-z0-9]+[A-Za-z0-9]$
ConstraintDescription: The domain must not start or end with a '.'
Type: String
ArtifactoryServerName:
Description: The name of your Artifactory server. Ensure that this matches your certificate.
Type: String
MasterKey:
Description: The master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'.
AllowedPattern: ^[a-zA-Z0-9]+$
MinLength: '1'
MaxLength: '64'
ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters.
NoEcho: 'true'
Type: String
ExtraJavaOptions:
Description: Setting Java memory parameters for Artifactory. For more information, see the Artifactory
system requirements.
https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware.
Default: -Xmx4g
Type: String
AnsibleVaultPass:
Description: The Ansible Vault password to protect the Artifactory YAML configuration file
generated during the Artifactory deployment. This YAML file is stored on the EC2 nodes
and secured with this password.
NoEcho: 'true'
Type: String
DatabaseName:
Description: The name for your DB instance. The name must be unique across all DB instances
owned by your AWS account in the current AWS Region. The DB instance identifier is case-insensitive,
but is stored as all lowercase (as in "mydbinstance").
AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$
MinLength: '1'
MaxLength: '60'
ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter.
Default: artdb
Type: String
DatabaseEngine:
Description: The database engine that you want to run, currently locked to MySQL.
AllowedValues:
- MySQL
Default: MySQL
Type: String
DatabaseVersion:
Description: The major version of the MySQL database engine you want to run. This is currently locked to MySQL versions
supported by Artifactory and RDS.
AllowedValues:
- 5.5
- 5.6
- 5.7
Default: 5.7
Type: String
DatabaseUser:
Description: The login ID for the master user of your DB instance.
MinLength: '1'
MaxLength: '16'
AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$
ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter
Default: artifactory
Type: String
DatabasePassword:
Description: The password for the Artifactory database user.
AllowedPattern: ^[^ \\']+$
MinLength: '8'
MaxLength: '12'
ConstraintDescription: Must be at least 8 and no more than
12 characters containing letters and (minimum 1 capital letter), numbers and
symbols.
NoEcho: 'true'
Type: String
DatabaseInstance:
Description: The size of the database to be deployed as part of the Quick Start.
AllowedValues:
- db.m3.medium
- db.m3.large
- db.m3.xlarge
- db.m3.2xlarge
- db.m4.large
- db.m4.xlarge
- db.m4.2xlarge
- db.m4.10xlarge
- db.m4.16xlarge
- db.m5.large
- db.m5.xlarge
- db.m5.2xlarge
- db.m5.4xlarge
- db.m5.12xlarge
- db.m5.24xlarge
ConstraintDescription: Must be a valid database Instance Type.
Default: db.m4.large
Type: String
DBAllocatedStorage:
Description: The size in GB of the available storage for the database instance.
MinValue: 5
MaxValue: 1024
Default: 10
Type: Number
MultiAZDatabase:
Description: Choose false to create an Amazon RDS instance in a single Availability Zone.
ConstraintDescription: True or False
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
ELBScheme:
Description: Choose whether this will be internet facing or internal.
AllowedValues:
- internal
- internet-facing
Default: internet-facing
Type: String
QSS3BucketName:
Description: S3 bucket name for the Quick Start assets. This string can include
numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start
or end with a hyphen (-).
AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$
ConstraintDescription: Quick Start bucket name can include numbers, lowercase
letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen
(-).
Default: aws-quickstart
Type: String
QSS3KeyPrefix:
Description: S3 key prefix for the Quick Start assets. Quick Start key prefix
can include numbers, lowercase letters, uppercase letters, hyphens (-), and
forward slash (/).
AllowedPattern: ^[0-9a-zA-Z-/]*$
ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters,
uppercase letters, hyphens (-), and forward slash (/).
Default: quickstart-jfrog-artifactory/
Type: String
Conditions:
EnableBastion: !Equals [!Ref 'ProvisionBastionHost', 'Enabled']
Resources:
BastionStack:
Condition: EnableBastion
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Sub 'https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-linux-bastion/templates/linux-bastion.template'
Parameters:
VPCID: !Ref VPCID
PublicSubnet1ID: !Ref PublicSubnet1ID
PublicSubnet2ID: !Ref PublicSubnet2ID
KeyPairName: !Ref KeyPairName
QSS3BucketName: !Ref QSS3BucketName
QSS3KeyPrefix: !Sub '${QSS3KeyPrefix}submodules/quickstart-linux-bastion/'
RemoteAccessCIDR: !Ref RemoteAccessCIDR
BastionInstanceType: !Ref BastionInstanceType
RootVolumeSize: !Ref BastionRootVolumeSize
BastionAMIOS: !Ref BastionOS
EnableTCPForwarding: !Ref BastionEnableTCPForwarding
EnableX11Forwarding: !Ref BastionEnableX11Forwarding
NumBastionHosts: !Ref NumBastionHosts
ArtifactoryCoreInfraStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Sub "https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/jfrog-artifactory-core-infrastructure.template.yaml"
Parameters:
VPCID: !Ref VPCID
VPCCIDR: !Ref VPCCIDR
PrivateSubnet1CIDR: !Ref PrivateSubnet1CIDR
PrivateSubnet2CIDR: !Ref PrivateSubnet2CIDR
PrivateSubnet3CIDR: !Ref PrivateSubnet2CIDR # This should end up in no new rule but required for EKS
SubnetIds: !Join [ ",", [ !Ref PrivateSubnet1ID, !Ref PrivateSubnet2ID ]]
DBAllocatedStorage: !Ref DBAllocatedStorage
MultiAZDatabase: !Ref MultiAZDatabase
DatabaseEngine: !Ref DatabaseEngine
DatabaseVersion: !Ref DatabaseVersion
DatabaseUser: !Ref DatabaseUser
DatabasePassword: !Ref DatabasePassword
DatabaseInstance: !Ref DatabaseInstance
DatabaseName: !Ref DatabaseName
ArtifactoryELB:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
IpAddressType: ipv4
Name: ArtifactoryELB
Scheme: !Ref ELBScheme
Subnets:
- !Ref PublicSubnet1ID
- !Ref PublicSubnet2ID
Tags:
- Key: Name
Value: artifactory-ELB
Type: network
ArtifactoryTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
HealthCheckEnabled: True
HealthCheckIntervalSeconds: 30
HealthCheckProtocol: TCP
HealthCheckTimeoutSeconds: 10
HealthyThresholdCount: 3
Name: Artifactory
Port: 443
Protocol: TCP
#Tags:
# - !Ref DeploymentTag
TargetType: instance
UnhealthyThresholdCount: 3
VpcId: !Ref VPCID
ArtifactoryELBListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- TargetGroupArn: !Ref ArtifactoryTargetGroup
Type: forward
LoadBalancerArn: !Ref ArtifactoryELB
Port: 443
Protocol: TCP
ArtifactoryELBSG:
Type: AWS::EC2::SecurityGroup
Properties:
Tags:
- Key: Name
Value: artifactory-ELB-sg
GroupDescription: SG for ELB Ingress from outside and egress to instances
VpcId: !Ref VPCID
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: !Ref AccessCIDR
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: !Ref AccessCIDR
- IpProtocol: tcp
FromPort: 8081
ToPort: 8081
CidrIp: !Ref AccessCIDR
SecurityGroupEgress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 8081
ToPort: 8081
CidrIp: 0.0.0.0/0
ArtifactoryEC2SG:
Type: AWS::EC2::SecurityGroup
Properties:
Tags:
- Key: Name
Value: artifactory-ec2-instances-sg
GroupDescription: SG for EC2 instances (also permits SSH access from the bastion host)
VpcId: !Ref VPCID
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: !Ref VPCCIDR
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: !Ref VPCCIDR
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 8081
ToPort: 8081
CidrIp: !Ref PrivateSubnet1CIDR
- IpProtocol: tcp
FromPort: 8081
ToPort: 8081
CidrIp: !Ref PrivateSubnet2CIDR
SecurityGroupEgress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 3306
ToPort: 3306
CidrIp: !Ref PrivateSubnet1CIDR
- IpProtocol: tcp
FromPort: 3306
ToPort: 3306
CidrIp: !Ref PrivateSubnet2CIDR
- IpProtocol: tcp
FromPort: 8081
ToPort: 8081
CidrIp: !Ref PrivateSubnet1CIDR
- IpProtocol: tcp
FromPort: 8081
ToPort: 8081
CidrIp: !Ref PrivateSubnet2CIDR
ArtifactoryECSBuild:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Sub 'https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/jfrog-jcr6-ecs-ec2.template.yaml'
Parameters:
PrivateSubnet1ID: !Ref PrivateSubnet1ID
PrivateSubnet2ID: !Ref PrivateSubnet2ID
ClusterName: !Ref ClusterName
CreateNewECSCluster: !Ref CreateNewECSCluster
MinScalingNodes: !Ref NumberOfEC2Nodes
MaxScalingNodes: !Ref NumberOfEC2Nodes
KeyPairName: !Ref KeyPairName
InstanceType: !Ref InstanceType
VolumeSize: !Ref VolumeSize
DeploymentTag: Artifactory
NumberOfSecondary: !Ref NumberOfSecondary
ArtifactoryLicense1: !Sub '{{resolve:secretsmanager:${SMLicensesName}:SecretString:ArtifactoryLicense1}}'
ArtifactoryLicense2: !Sub '{{resolve:secretsmanager:${SMLicensesName}:SecretString:ArtifactoryLicense2}}'
ArtifactoryLicense3: !Sub '{{resolve:secretsmanager:${SMLicensesName}:SecretString:ArtifactoryLicense3}}'
ArtifactoryLicense4: !Sub '{{resolve:secretsmanager:${SMLicensesName}:SecretString:ArtifactoryLicense4}}'
CertificateDomain: !Ref CertificateDomain
ArtifactoryServerName: !Ref ArtifactoryServerName
ArtifactoryIAMAcessKey: !GetAtt ArtifactoryCoreInfraStack.Outputs.IAMAcessKey
SecretAccessKey: !GetAtt ArtifactoryCoreInfraStack.Outputs.SecretAccessKey
ArtifactoryS3Bucket: !GetAtt ArtifactoryCoreInfraStack.Outputs.S3Bucket
ArtifactoryDBEndpointAddress: !GetAtt ArtifactoryCoreInfraStack.Outputs.ArtifactoryDBEndpointAddress
CertificateKey: !Ref CertificateKey
Certificate: !Ref Certificate
DBType: mysql
DatabaseName: !Ref DatabaseName
DatabaseUser: !Ref DatabaseUser
DatabasePassword: !Ref DatabasePassword
MasterKey: !Ref MasterKey
ExtraJavaOptions: !Ref ExtraJavaOptions
ArtifactoryVersion: !Ref ArtifactoryVersion
SecurityGroups: !Ref ArtifactoryEC2SG
ArtifactoryTargetGroupArn: !Ref ArtifactoryTargetGroup
AnsibleVaultPass: !Ref AnsibleVaultPass
QSS3BucketName: !Ref QSS3BucketName
QSS3KeyPrefix: !Ref QSS3KeyPrefix
Outputs:
ArtifactoryUrl:
Description: URL of the ELB to access Artifactory
Value: !Sub "https://${ArtifactoryELB.DNSName}"
BastionIP:
Value: !If
- EnableBastion
- !GetAtt BastionStack.Outputs.EIP1
- ""

541
JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/templates/jfrog-jcr6-ecs-master.template.yaml Executable file
View File

@@ -0,0 +1,541 @@
AWSTemplateFormatVersion: '2010-09-09'
Description: 'JFrog Artifactory Quick Start Deployment'
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: Security configuration
Parameters:
- KeyPairName
- AccessCIDR
- RemoteAccessCIDR
- Label:
default: Network configuration
Parameters:
- AvailabilityZones
- VPCCIDR
- PrivateSubnet1CIDR
- PrivateSubnet2CIDR
- PublicSubnet1CIDR
- PublicSubnet2CIDR
- Label:
default: Bastion configuration
Parameters:
- ProvisionBastionHost
- BastionInstanceType
- BastionOS
- BastionRootVolumeSize
- BastionEnableTCPForwarding
- NumBastionHosts
- BastionEnableX11Forwarding
- Label:
default: ECS configuration
Parameters:
- ClusterName
- InstanceType
- VolumeSize
- Label:
default: JFrog Artifactory configuration
Parameters:
- ArtifactoryVersion
- NumberOfSecondary
- NumberOfEC2Nodes
- SMLicensesName
- Certificate
- CertificateKey
- CertificateDomain
- ArtifactoryServerName
- MasterKey
- ExtraJavaOptions
- AnsibleVaultPass
- Label:
default: Amazon RDS Configuration
Parameters:
- DatabaseName
- DatabaseEngine
- DatabaseVersion
- DatabaseUser
- DatabasePassword
- DatabaseInstance
- DBAllocatedStorage
- MultiAZDatabase
- Label:
default: AWS Quick Start Configuration
Parameters:
- QSS3BucketName
- QSS3KeyPrefix
ParameterLabels:
KeyPairName:
default: SSH key name
AccessCIDR:
default: Permitted IP range
RemoteAccessCIDR:
default: Remote access CIDR
AvailabilityZones:
default: Availability Zones
VPCCIDR:
default: VPC CIDR
PrivateSubnet1CIDR:
default: Private subnet 1 CIDR
PrivateSubnet2CIDR:
default: Private subnet 2 CIDR
PublicSubnet1CIDR:
default: Public subnet 1 CIDR
PublicSubnet2CIDR:
default: Public subnet 2 CIDR
ProvisionBastionHost:
default: Bastion instance
BastionInstanceType:
default: Bastion instance type
BastionRootVolumeSize:
default: Bastion root volume size
BastionEnableTCPForwarding:
default: Bastion enable TCP forwarding
BastionEnableX11Forwarding:
default: Bastion enable X11 forwarding
BastionOS:
default: Bastion operating system
NumBastionHosts:
default: Number of bastion instances
ArtifactoryVersion:
default: Artifactory version
NumberOfSecondary:
default: Number of secondary instances
NumberOfEC2Nodes:
default: Number of EC2 nodes
ClusterName:
default: ECS cluster name
InstanceType:
default: EC2 instance type
VolumeSize:
default: EBS Root volume size
SMLicensesName:
default: Artifactory licenses secret name
Certificate:
default: Certificate
CertificateKey:
default: Certificate key
CertificateDomain:
default: Certificate domain
ArtifactoryServerName:
default: Artifactory server name
MasterKey:
default: Master server key
ExtraJavaOptions:
default: Extra Java options
AnsibleVaultPass:
Description: Ansiblevault Password to secure the artifactory.yml
Type: String
NoEcho: 'true'
DatabaseName:
default: Database name
DatabaseEngine:
default: Database negine
DatabaseVersion:
default: Database version
DatabaseUser:
default: Database user
DatabasePassword:
default: Database password
DatabaseInstance:
default: Database instance type
DBAllocatedStorage:
default: Database allocated storage
MultiAZDatabase:
default: High available database
QSS3BucketName:
default: Quick Start S3 bucket name
QSS3KeyPrefix:
default: Quick Start S3 key prefix
Parameters:
KeyPairName:
Description: The name of an existing public/private key pair, which allows you
to securely connect to your instance after it launches.
Type: AWS::EC2::KeyPair::KeyName
AccessCIDR:
Description: The CIDR IP range that is permitted to access Artifactory.
We recommend that you set this value to a trusted IP range.
For example, you might want to grant only your corporate network access to the software.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
Type: String
RemoteAccessCIDR:
Description: The remote CIDR range for allowing SSH into the Bastion instance.
We recommend that you set this value to a trusted IP range.
For example, you might want to grant specific ranges inside your corporate network SSH access.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
Type: String
AvailabilityZones:
Description: The list of Availability Zones to use for the subnets in the VPC. Two
Availability Zones are used for this deployment, and the logical order of your
selections is preserved.
Default: us-west-2a, us-west-1b
Type: List<AWS::EC2::AvailabilityZone::Name>
VPCCIDR:
Description: The CIDR block for the VPC.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/16
Type: String
PrivateSubnet1CIDR:
Description: The CIDR block for private subnet 1 located in Availability Zone 1.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/19
Type: String
PrivateSubnet2CIDR:
Description: The CIDR block for private subnet 2 located in Availability Zone 2.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.32.0/19
Type: String
PublicSubnet1CIDR:
Description: The CIDR block for the public (DMZ) subnet 1 located in Availability
Zone 1.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.128.0/20
Type: String
PublicSubnet2CIDR:
Description: The CIDR block for the public (DMZ) subnet 2 located in Availability
Zone 2.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.144.0/20
Type: String
ProvisionBastionHost:
Description: Choose Disabled to skip creating a bastion instance. Due to the Artifactory nodes being
created in private subnets, the default setting of Enabled this is highly recommended.
AllowedValues:
- "Enabled"
- "Disabled"
Default: "Enabled"
Type: String
BastionInstanceType:
Description: The size of the bastion instances.
AllowedValues:
- t2.nano
- t2.micro
- t2.small
- t2.medium
- t2.large
- m3.large
- m3.xlarge
- m3.2xlarge
- m4.large
- m4.xlarge
- m4.2xlarge
- m4.4xlarge
Default: "t2.micro"
Type: String
BastionRootVolumeSize:
Description: The size of the root volume on the bastion instances.
Default: 10
Type: Number
BastionEnableTCPForwarding:
Description: Choose whether to enable TCPForwarding via the bootstrapping of the bastion instance
or not.
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
BastionEnableX11Forwarding:
Description: Choose true to enable X11 via the bootstrapping of the bastion host.
Setting this value to true will enable X Windows over SSH.
X11 forwarding can be very useful but it is also a security risk, so we recommend
that you keep the default (false) setting unless required.
AllowedValues:
- "true"
- "false"
Default: "false"
Type: String
BastionOS:
Description: The Linux distribution for the Amazon Machine Image (AMI) to be used for the bastion instances.
AllowedValues:
- "Amazon-Linux-HVM"
- "CentOS-7-HVM"
- "Ubuntu-Server-14.04-LTS-HVM"
- "Ubuntu-Server-16.04-LTS-HVM"
- "SUSE-SLES-15-HVM"
Default: "Amazon-Linux-HVM"
Type: String
NumBastionHosts:
Description: The number of bastion instances to create.
AllowedValues:
- '1'
- '2'
- '3'
- '4'
Default: '1'
Type: String
ClusterName:
Description: The desired name for your ECS cluster.
Default: JFrog
Type: String
InstanceType:
Description: The EC2 instance type for the Artifactory Docker hosts.
AllowedValues:
- m4.xlarge
- m4.2xlarge
- m4.4xlarge
- m4.10xlarge
ConstraintDescription: Must contain valid instance type
Default: m4.xlarge
Type: String
VolumeSize:
Description: The size in GB of the available storage; the Quick Start will create an
Amazon Elastic Block Store (Amazon EBS) volumes of this size.
Default: 200
Type: Number
NumberOfEC2Nodes:
Description: The number of EC2 nodes to create for the ECS cluster. There must be
enough nodes to run the number of secondaries plus the primary task.
AllowedValues:
- 3
- 4
- 5
- 6
- 7
- 8
Default: 3
Type: Number
NumberOfSecondary:
Description: The number of secondary Artifactory servers to complete your
HA deployment. To fit the Artifactory best practices, the minimum number
is two; the maximum is seven. Do not select more than instances than you
have licenses for.
AllowedValues:
- 2
- 3
- 4
- 5
- 6
- 7
Default: 2
Type: Number
ArtifactoryVersion:
Description: The version of Artifactory that you want to deploy into the Quick Start.
Please see the release notes to select the version you want to deploy.
https://www.jfrog.com/confluence/display/RTF/Release+Notes
#AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$
#ConstraintDescription: A version that matches X.X.X per Artifactory releases.
Default: 6.15.0
Type: String
SMLicensesName:
Description: The secret name created in AWS Secrets Manager which contains the Artifactory licenses.
Type: String
Certificate:
Description: The certificate file to be used to terminate SSL.
AllowedPattern: ^(-----BEGIN CERTIFICATE-----)\n(.*?\n)+(-----END CERTIFICATE-----)$
ConstraintDescription: A Certificate that begins with "-----BEGIN CERTIFICATE----- " and ends with "-----END CERTIFICATE----- "
Type: String
CertificateKey:
Description: The private key for the certificate.
AllowedPattern: ^(-----BEGIN [A-Za-z ]+ KEY-----)\n(.*?\n)+(-----END [A-Za-z ]+ KEY-----)$
ConstraintDescription: A Private key that begins with "-----BEGIN PRIVATE KEY-----" and ends with "-----END PRIVATE KEY-----"
NoEcho: 'true'
Type: String
CertificateDomain:
Description: The domain matching that of the certificate. Ensure that it matches your certificate.
AllowedPattern: ^[A-Za-z0-9]+[.A-Za-z0-9]+[A-Za-z0-9]$
ConstraintDescription: The domain must not start or end with a '.'
Type: String
ArtifactoryServerName:
Description: The name of your Artifactory server. Ensure that this matches your certificate.
Type: String
MasterKey:
Description: The master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'.
AllowedPattern: ^[a-zA-Z0-9]+$
MinLength: '1'
MaxLength: '64'
ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters.
NoEcho: 'true'
Type: String
ExtraJavaOptions:
Description: Setting Java memory parameters for Artifactory. For more information, see the Artifactory
system requirements.
https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware.
Default: -Xmx4g
Type: String
AnsibleVaultPass:
Description: The Ansible Vault password to protect the Artifactory YAML configuration file
generated during the Artifactory deployment. This YAML file is stored on the EC2 nodes
and secured with this password.
NoEcho: 'true'
Type: String
DatabaseName:
Description: The name for your DB instance. The name must be unique across all DB instances
owned by your AWS account in the current AWS Region. The DB instance identifier is case-insensitive,
but is stored as all lowercase (as in "mydbinstance").
AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$
MinLength: '1'
MaxLength: '60'
ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter.
Default: artdb
Type: String
DatabaseEngine:
Description: The database engine that you want to run, currently locked to MySQL.
AllowedValues:
- MySQL
Default: MySQL
Type: String
DatabaseVersion:
Description: The major version of the MySQL database engine you want to run. This is currently locked to MySQL versions
supported by Artifactory and RDS.
AllowedValues:
- 5.5
- 5.6
- 5.7
Default: 5.7
Type: String
DatabaseUser:
Description: The login ID for the master user of your DB instance.
MinLength: '1'
MaxLength: '16'
AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$
ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter
Default: artifactory
Type: String
DatabasePassword:
Description: The password for the Artifactory database user.
AllowedPattern: ^[^ \\']+$
MinLength: '8'
MaxLength: '12'
ConstraintDescription: Must be at least 8 and no more than
12 characters containing letters and (minimum 1 capital letter), numbers and
symbols.
NoEcho: 'true'
Type: String
DatabaseInstance:
Description: The size of the database to be deployed as part of the Quick Start.
AllowedValues:
- db.m3.medium
- db.m3.large
- db.m3.xlarge
- db.m3.2xlarge
- db.m4.large
- db.m4.xlarge
- db.m4.2xlarge
- db.m4.10xlarge
- db.m4.16xlarge
- db.m5.large
- db.m5.xlarge
- db.m5.2xlarge
- db.m5.4xlarge
- db.m5.12xlarge
- db.m5.24xlarge
ConstraintDescription: Must be a valid database Instance Type.
Default: db.m4.large
Type: String
DBAllocatedStorage:
Description: The size in GB of the available storage for the database instance.
MinValue: 5
MaxValue: 1024
Default: 10
Type: Number
MultiAZDatabase:
Description: Choose false to create an Amazon RDS instance in a single Availability Zone.
ConstraintDescription: True or False
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
QSS3BucketName:
Description: S3 bucket name for the Quick Start assets. This string can include
numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start
or end with a hyphen (-).
AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$
ConstraintDescription: Quick Start bucket name can include numbers, lowercase
letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen
(-).
Default: aws-quickstart
Type: String
QSS3KeyPrefix:
Description: S3 key prefix for the Quick Start assets. Quick Start key prefix
can include numbers, lowercase letters, uppercase letters, hyphens (-), and
forward slash (/).
AllowedPattern: ^[0-9a-zA-Z-/]*$
ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters,
uppercase letters, hyphens (-), and forward slash (/).
Default: quickstart-jfrog-artifactory/
Type: String
Resources:
VPCStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL:
Fn::Sub: https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template
Parameters:
AvailabilityZones:
Fn::Join:
- ','
- Ref: AvailabilityZones
KeyPairName:
Ref: KeyPairName
NumberOfAZs: '2'
PrivateSubnet1ACIDR:
Ref: PrivateSubnet1CIDR
PrivateSubnet2ACIDR:
Ref: PrivateSubnet2CIDR
PublicSubnet1CIDR:
Ref: PublicSubnet1CIDR
PublicSubnet2CIDR:
Ref: PublicSubnet2CIDR
VPCCIDR:
Ref: VPCCIDR
ArtifactoryExistingVPCStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Sub 'https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/jfrog-jcr6-ecs-existing-vpc.template.yaml'
Parameters:
KeyPairName: !Ref KeyPairName
VPCID: !GetAtt VPCStack.Outputs.VPCID
VPCCIDR: !Ref VPCCIDR
PublicSubnet1ID: !GetAtt VPCStack.Outputs.PublicSubnet1ID
PublicSubnet2ID: !GetAtt VPCStack.Outputs.PublicSubnet2ID
PrivateSubnet1ID: !GetAtt VPCStack.Outputs.PrivateSubnet1AID
PrivateSubnet2ID: !GetAtt VPCStack.Outputs.PrivateSubnet2AID
PrivateSubnet1CIDR: !Ref PrivateSubnet1CIDR
PrivateSubnet2CIDR: !Ref PrivateSubnet2CIDR
AccessCIDR: !Ref AccessCIDR
RemoteAccessCIDR: !Ref RemoteAccessCIDR
ProvisionBastionHost: !Ref ProvisionBastionHost
BastionInstanceType: !Ref BastionInstanceType
BastionRootVolumeSize: !Ref BastionRootVolumeSize
BastionEnableTCPForwarding: !Ref BastionEnableTCPForwarding
BastionEnableX11Forwarding: !Ref BastionEnableX11Forwarding
BastionOS: !Ref BastionOS
NumBastionHosts: !Ref NumBastionHosts
ClusterName: !Ref ClusterName
InstanceType: !Ref InstanceType
VolumeSize: !Ref VolumeSize
NumberOfSecondary: !Ref NumberOfSecondary
NumberOfEC2Nodes: !Ref NumberOfEC2Nodes
ArtifactoryVersion: !Ref ArtifactoryVersion
SMLicensesName: !Ref SMLicensesName
Certificate: !Ref Certificate
CertificateKey: !Ref CertificateKey
CertificateDomain: !Ref CertificateDomain
ArtifactoryServerName: !Ref ArtifactoryServerName
MasterKey: !Ref MasterKey
ExtraJavaOptions: !Ref ExtraJavaOptions
AnsibleVaultPass: !Ref AnsibleVaultPass
DatabaseName: !Ref DatabaseName
DatabaseEngine: !Ref DatabaseEngine
DatabaseVersion: !Ref DatabaseVersion
DatabaseUser: !Ref DatabaseUser
DatabasePassword: !Ref DatabasePassword
DatabaseInstance: !Ref DatabaseInstance
DBAllocatedStorage: !Ref DBAllocatedStorage
MultiAZDatabase: !Ref MultiAZDatabase
QSS3BucketName: !Ref QSS3BucketName
QSS3KeyPrefix: !Ref QSS3KeyPrefix
Outputs:
ArtifactoryUrl:
Description: URL of the ELB to access Artifactory
Value: !Sub ${ArtifactoryExistingVPCStack.Outputs.ArtifactoryUrl}
BastionIP:
Value: !Sub ${ArtifactoryExistingVPCStack.Outputs.BastionIP}
Description: Bastion host IP, for admin access via SSH

183
JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/templates/jfrog-jcr6-ecs.template.yaml Normal file
View File

@@ -0,0 +1,183 @@
AWSTemplateFormatVersion: "2010-09-09"
Description: "Deploys the ECS Artifactory Service and Task"
Parameters:
ECSCluster:
Type: String
ServiceName:
Type: String
ArtifactoryTargetGroupArn:
Type: String
ArtifactoryVersion:
Type: String
DBPlugin:
Type: String
MasterKey:
Type: String
NoEcho: 'true'
ExtraJavaOptions:
Type: String
ArtifactoryPrimary:
Type: String
NumberNodes:
Type: Number
DBType:
Type: String
DatabaseUser:
Type: String
DatabaseName:
Type: String
DatabasePassword:
Type: String
NoEcho: 'true'
ArtifactoryDBEndpointAddress:
Type: String
ECSRoleArn:
Type: String
ECSLogGroup:
Type: String
Resources:
ECSService:
Type: AWS::ECS::Service
Properties:
Cluster: !Ref ECSCluster
ServiceName: !Ref ServiceName
LaunchType: EC2
DesiredCount: !Ref NumberNodes
LoadBalancers:
- ContainerName: nginx
ContainerPort: 443
TargetGroupArn: !Ref ArtifactoryTargetGroupArn
TaskDefinition:
Ref: ArtifactoryTaskDefinition
HealthCheckGracePeriodSeconds: 300
ArtifactoryTaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
Cpu: "2048"
Family: !Sub ${ServiceName}-Task
Memory: "4096"
NetworkMode: bridge
RequiresCompatibilities:
- EC2
ExecutionRoleArn: !Ref ECSRoleArn
Volumes:
- Name: etc
Host:
SourcePath: /data/jfrog/artifactory/etc/
- Name: temp-plugins
Host:
SourcePath: /data/jfrog/artifactory/tmp/plugins
- Name: java-certs
Host:
SourcePath: /data/jfrog/artifactory/java_certs
- Name: plugins
Host:
SourcePath: !Sub
/data/jfrog/artifactory/plugins/${DBPlugin}
- Name: nginx
Host:
SourcePath: /data/jfrog/nginx
ContainerDefinitions:
- Name: artifactory
EntryPoint:
- /bin/bash
- "-c"
Command:
- "echo export HA_HOST_IP=`wget -q -O - http://169.254.169.254/latest/meta-data/local-ipv4` > /tmp/source; echo /entrypoint-artifactory.sh >> /tmp/source; chmod +x /tmp/source; /tmp/source"
Image: !Sub
docker.bintray.io/jfrog/artifactory-pro:${ArtifactoryVersion}
PortMappings:
- ContainerPort: 8081
HostPort: 8081
Protocol: tcp
MountPoints:
- ContainerPath: /artifactory_extra_conf
ReadOnly: False
SourceVolume: etc
- ContainerPath: /tmp/plugins
ReadOnly: False
SourceVolume: temp-plugins
- ContainerPath: /artifactory_extra_certs
ReadOnly: False
SourceVolume: java-certs
- ContainerPath: !Sub
/opt/jfrog/artifactory/tomcat/lib/${DBPlugin}
ReadOnly: False
SourceVolume: plugins
Ulimits:
- Name: nproc
SoftLimit: 65535
HardLimit: 65535
- Name: nofile
SoftLimit: 32000
HardLimit: 40000
HealthCheck:
Command:
- CMD-SHELL
- (printf 'GET / HTTP/1.0\r\n\r\n'; sleep 1) | nc 127.0.0.1 8081 | grep OK || exit 1
Interval: 5
Retries: 3
StartPeriod: 60
Timeout: 10
Environment:
- Name: EXTRA_JAVA_OPTIONS
Value: !Ref ExtraJavaOptions
- Name: ARTIFACTORY_MASTER_KEY
Value: !Ref MasterKey
- Name: HA_IS_PRIMARY
Value: !Ref ArtifactoryPrimary
- Name: DB_URL
Value: !Sub
jdbc:mysql://${ArtifactoryDBEndpointAddress}:3306/${DatabaseName}?characterEncoding=UTF-8&elideSetAutoCommits=true&verifyServerCertificate=true&useSSL=false&requireSSL=false
- Name: DB_TYPE
Value: !Ref DBType
- Name: DB_USER
Value: !Ref DatabaseUser
- Name: DB_PASSWORD
Value: !Ref DatabasePassword
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-group: !Ref ECSLogGroup
awslogs-region: !Ref AWS::Region
awslogs-stream-prefix: artifactory
- Name: nginx
Image: !Sub
docker.bintray.io/jfrog/nginx-artifactory-pro:6.14.1
PortMappings:
- ContainerPort: 80
HostPort: 80
Protocol: tcp
- ContainerPort: 443
HostPort: 443
Protocol: tcp
Essential: false
DependsOn:
- Condition: HEALTHY
ContainerName: artifactory
Links:
- artifactory:artifactory
MountPoints:
- ContainerPath: /var/opt/jfrog/nginx
ReadOnly: False
SourceVolume: nginx
Ulimits:
- Name: nproc
SoftLimit: 65535
HardLimit: 65535
- Name: nofile
SoftLimit: 32000
HardLimit: 40000
Environment:
- Name: ART_BASE_URL
Value: http://artifactory:8081/artifactory
- Name: SSL
Value: "true"
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-group:
Ref: ECSLogGroup
awslogs-region:
Ref: AWS::Region
awslogs-stream-prefix: nginx