From 66bda643624d7a15eb91dc4b5b0bdb345579da20 Mon Sep 17 00:00:00 2001 From: John Peterson Date: Wed, 4 Nov 2020 12:17:18 -0800 Subject: [PATCH 1/9] Slack notification on issue or pull requests --- .github/workflows/slack-notify-issues.yml | 20 ++++++++++++++++++++ .github/workflows/slack-notify-pr.yml | 20 ++++++++++++++++++++ 2 files changed, 40 insertions(+) create mode 100644 .github/workflows/slack-notify-issues.yml create mode 100644 .github/workflows/slack-notify-pr.yml diff --git a/.github/workflows/slack-notify-issues.yml b/.github/workflows/slack-notify-issues.yml new file mode 100644 index 0000000..7a874da --- /dev/null +++ b/.github/workflows/slack-notify-issues.yml @@ -0,0 +1,20 @@ +on: + issues: + types: [opened, reopened, deleted, closed] +name: Slack Issue Notification +jobs: + slackNotification: + name: Slack Notification Issue + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Slack Notification Issue + uses: rtCamp/action-slack-notify@master + env: + SLACK_CHANNEL: partnereng-issues + SLACK_COLOR: '#00A86B' + SLACK_ICON: https://pbs.twimg.com/profile_images/978188446178082817/86ulJdF0.jpg + SLACK_TITLE: "[${{ github.event.issue.state}}] ${{ github.event.issue.title }} on ${{ github.repository }} :rocket:" + SLACK_MESSAGE: 'Link: ${{ github.event.issue.url }}' + SLACK_USERNAME: PartnerEngineers + SLACK_WEBHOOK: ${{ secrets.SLACK_ISSUE_WEBHOOK }} diff --git a/.github/workflows/slack-notify-pr.yml b/.github/workflows/slack-notify-pr.yml new file mode 100644 index 0000000..7a874da --- /dev/null +++ b/.github/workflows/slack-notify-pr.yml @@ -0,0 +1,20 @@ +on: + issues: + types: [opened, reopened, deleted, closed] +name: Slack Issue Notification +jobs: + slackNotification: + name: Slack Notification Issue + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Slack Notification Issue + uses: rtCamp/action-slack-notify@master + env: + SLACK_CHANNEL: partnereng-issues + SLACK_COLOR: '#00A86B' + SLACK_ICON: https://pbs.twimg.com/profile_images/978188446178082817/86ulJdF0.jpg + SLACK_TITLE: "[${{ github.event.issue.state}}] ${{ github.event.issue.title }} on ${{ github.repository }} :rocket:" + SLACK_MESSAGE: 'Link: ${{ github.event.issue.url }}' + SLACK_USERNAME: PartnerEngineers + SLACK_WEBHOOK: ${{ secrets.SLACK_ISSUE_WEBHOOK }} From dbe3e821f1669e2d22ce623d7d216b417c3f19b7 Mon Sep 17 00:00:00 2001 From: John Peterson Date: Wed, 4 Nov 2020 12:19:00 -0800 Subject: [PATCH 2/9] Slack notification on issue or pull requests --- .github/workflows/slack-notify-pr.yml | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/.github/workflows/slack-notify-pr.yml b/.github/workflows/slack-notify-pr.yml index 7a874da..d1eee3b 100644 --- a/.github/workflows/slack-notify-pr.yml +++ b/.github/workflows/slack-notify-pr.yml @@ -1,20 +1,22 @@ on: - issues: - types: [opened, reopened, deleted, closed] -name: Slack Issue Notification + pull_request: + branches: + - master + types: [opened, reopened, closed] +name: Slack Pull Request Notification jobs: slackNotification: - name: Slack Notification Issue + name: Slack Notification PR runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - name: Slack Notification Issue + - name: Slack Notification PR uses: rtCamp/action-slack-notify@master env: - SLACK_CHANNEL: partnereng-issues + SLACK_CHANNEL: partnereng-pullrequest SLACK_COLOR: '#00A86B' SLACK_ICON: https://pbs.twimg.com/profile_images/978188446178082817/86ulJdF0.jpg - SLACK_TITLE: "[${{ github.event.issue.state}}] ${{ github.event.issue.title }} on ${{ github.repository }} :rocket:" - SLACK_MESSAGE: 'Link: ${{ github.event.issue.url }}' + SLACK_TITLE: "[${{ github.event.pull_request.state}}] ${{ github.event.pull_request.title }} on ${{ github.repository }} :rocket:" + SLACK_MESSAGE: 'Merging from ${{ github.head_ref }} to ${{ github.base_ref }} by ${{ github.actor }}. Link: ${{ github.event.pull_request._links.html.href }}' SLACK_USERNAME: PartnerEngineers - SLACK_WEBHOOK: ${{ secrets.SLACK_ISSUE_WEBHOOK }} + SLACK_WEBHOOK: ${{ secrets.SLACK_PR_WEBHOOK }} \ No newline at end of file From a657205dfa3fe985f48a7ad29b9b2437983443af Mon Sep 17 00:00:00 2001 From: Vinay Aggarwal Date: Mon, 16 Nov 2020 14:17:21 -0800 Subject: [PATCH 3/9] Added templates for Amazon Marketplace --- Amazon/Marketplace/v7.10.2/.taskcat.yml | 242 ++++ ...ifactory-core-infrastructure.template.yaml | 378 ++++++ ...artifactory-ec2-existing-vpc.template.yaml | 1024 +++++++++++++++++ ...rog-artifactory-ec2-instance.template.yaml | 403 +++++++ ...ctory-ec2-marketplace-master.template.yaml | 457 ++++++++ .../jfrog-xray-ec2-instance.template.yaml | 274 +++++ 6 files changed, 2778 insertions(+) create mode 100644 Amazon/Marketplace/v7.10.2/.taskcat.yml create mode 100644 Amazon/Marketplace/v7.10.2/templates/jfrog-artifactory-core-infrastructure.template.yaml create mode 100644 Amazon/Marketplace/v7.10.2/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml create mode 100644 Amazon/Marketplace/v7.10.2/templates/jfrog-artifactory-ec2-instance.template.yaml create mode 100644 Amazon/Marketplace/v7.10.2/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml create mode 100644 Amazon/Marketplace/v7.10.2/templates/jfrog-xray-ec2-instance.template.yaml diff --git a/Amazon/Marketplace/v7.10.2/.taskcat.yml b/Amazon/Marketplace/v7.10.2/.taskcat.yml new file mode 100644 index 0000000..b8c4066 --- /dev/null +++ b/Amazon/Marketplace/v7.10.2/.taskcat.yml @@ -0,0 +1,242 @@ +project: + name: quickstart-jfrog-artifactory + owner: quickstart-eng@amazon.com + #lambda_source_path: functions/source + #lambda_zip_path: functions/packages + s3_object_acl: public-read + s3_regional_buckets: True + s3_bucket: tcat-422383ecc658557f9a377abae675aac0 # commercial or gov accounts + # s3_bucket: tcat-a3e80b6745b2547da1c745b16adf2a66 # aws-seller accounts + regions: + - us-east-1 + #- us-gov-east-1 + #- us-gov-west-1 +tests: + + # jcr-ami-7102: + # auth: + # us-east-1: seller + # us-gov-west-1: gov + # us-gov-east-1: gov + # parameters: + # AvailabilityZone: "$[taskcat_genaz_1]" + # KeyPairName: "vinaykey1" + # ArtifactVersion: 7.10.2 + # RemoteAccessCidr: "0.0.0.0/0" + # QsS3BucketName: "$[taskcat_autobucket]" + # QsS3KeyPrefix: "quickstart-jfrog-artifactory/" + # QsS3BucketRegion: "$[taskcat_current_region]" + # JFrogProduct: "jfrog-artifactory-jcr" + # template: templates/jfrog-ami-master.template.yaml + # regions: + # - us-east-1 + # - us-west-2 + + + # rt-ami-7102: + # auth: + # us-east-1: seller + # us-gov-west-1: gov + # us-gov-east-1: gov + # parameters: + # AvailabilityZone: "$[taskcat_genaz_1]" + # KeyPairName: "vinaykey1" + # ArtifactVersion: 7.10.2 + # RemoteAccessCidr: "0.0.0.0/0" + # QsS3BucketName: "$[taskcat_autobucket]" + # QsS3KeyPrefix: "quickstart-jfrog-artifactory/" + # QsS3BucketRegion: "$[taskcat_current_region]" + # JFrogProduct: "jfrog-artifactory-pro" + # template: templates/jfrog-ami-master.template.yaml + # regions: + # - us-east-1 + # - us-west-2 + # - us-gov-east-1 + + # xray-ami-3103: + # auth: + # us-east-1: seller + # us-gov-west-1: gov + # us-gov-east-1: gov + # parameters: + # AvailabilityZone: "$[taskcat_genaz_1]" + # KeyPairName: "vinaykey1" + # # XrayVersion: 3.8.6 + # XrayVersion: 3.10.3 + # RemoteAccessCidr: "0.0.0.0/0" + # QsS3BucketName: "$[taskcat_autobucket]" + # QsS3KeyPrefix: "quickstart-jfrog-artifactory/" + # QsS3BucketRegion: "$[taskcat_current_region]" + # template: templates/ami-rt-xray-master.template.yaml + # regions: + # - us-east-1 + # - us-west-2 + # - us-gov-east-1 + + + rt-xray-ec2-postgres: + auth: + us-east-1: default + us-gov-west-1: gov + us-gov-east-1: gov + parameters: + KeyPairName: "vinaykey1" + ArtifactoryVersion: 7.10.2 + RemoteAccessCidr: "0.0.0.0/0" + DatabaseEngine: Postgres + AccessCidr: "0.0.0.0/0" + DatabasePassword: "$[taskcat_genpass_8A]" + QsS3BucketName: "$[taskcat_autobucket]" + QsS3KeyPrefix: "quickstart-jfrog-artifactory/" + QsS3BucketRegion: "$[taskcat_current_region]" + DatabaseInstance: "db.m5.large" + NumberOfSecondary: "2" + KeystorePassword: "$[taskcat_genpass_8A]" + AnsibleVaultPass: "$[taskcat_genpass_8A]" + ArtifactoryServerName: "artifactory" + MasterKey: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + SmLicenseCertName: "jfrog-artifactory" + MultiAzDatabase: "false" + # InstallXray: "false" + XrayVersion: 3.10.3 + XrayDatabasePassword: "$[taskcat_genpass_8A]" + # XrayNumberOfInstances: 2 + + # AvailabilityZones: "$[taskcat_genaz_2]" + # template: templates/jfrog-artifactory-ec2-master.template.yaml + + # # # after creating a VPC, comment line above and uncomment lines below for faster iteration + # # # commercial account + AvailabilityZones: "us-east-1a, us-east-1b" + VpcId : "vpc-06fcc5cee261e2b5e" + PublicSubnet1Id : "subnet-0d3b79b392dd1c24b" + PrivateSubnet1Id: "subnet-052de6286d774f2d2" + PublicSubnet2Id : "subnet-0c0405f3f9bff01ec" + PrivateSubnet2Id: "subnet-0ea49aaf81e25fd33" + # template: templates/jfrog-artifactory-ec2-existing-vpc.template.yaml + template: templates/jfrog-artifactory-ec2-marketplace-master.template.yaml + regions: + - us-east-1 + + # rt-xray-ec2-marketplace: + # parameters: + # KeyPairName: "vinaykey1" + # ArtifactoryVersion: 7.10.2 + # RemoteAccessCidr: "0.0.0.0/0" + # DatabaseEngine: Postgres + # AccessCidr: "0.0.0.0/0" + # DatabasePassword: "$[taskcat_genpass_8A]" + # QsS3BucketName: "$[taskcat_autobucket]" + # QsS3KeyPrefix: "quickstart-jfrog-artifactory/" + # QsS3BucketRegion: "$[taskcat_current_region]" + # DatabaseInstance: "db.m5.large" + # NumberOfSecondary: "2" + # KeystorePassword: "$[taskcat_genpass_8A]" + # AnsibleVaultPass: "$[taskcat_genpass_8A]" + # ArtifactoryServerName: "artifactory" + # MasterKey: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + # SmLicenseCertName: "jfrog-artifactory" + # MultiAzDatabase: "true" + # # InstallXray: "false" + # XrayVersion: 3.10.3 + # XrayDatabasePassword: "$[taskcat_genpass_8A]" + # # XrayNumberOfInstances: 2 + # AvailabilityZones: "us-east-1a, us-east-1b" + + # #commercial account + # VpcId : "vpc-06d7f8e7fd74c254c" + # PublicSubnet1Id : "subnet-004f207945f5a30e7" + # PrivateSubnet1Id: "subnet-0b3599d1838916726" + # PublicSubnet2Id : "subnet-0f4b1c9fdf1ae77e2" + # PrivateSubnet2Id: "subnet-0fbe8d14f1082cf2d" + + # template: templates/jfrog-artifactory-ec2-marketplace-master.template.yaml + # regions: + # - us-east-1 + + # rt-simple: + # parameters: + # KeyPairName: "vinaykey1" + # AvailabilityZones: "$[taskcat_genaz_2]" + # DatabasePassword: "$[taskcat_genpass_8A]" + # QsS3BucketName: "$[taskcat_autobucket]" + # QsS3KeyPrefix: "quickstart-jfrog-artifactory/" + # QsS3BucketRegion: "$[taskcat_current_region]" + # template: templates/jfrog-artifactory-ec2-simple-master.template.yaml + # regions: + # - us-east-2 + + # rt-ecs-postgres: + # parameters: + # KeyPairName: "vinaykey1" + # RemoteAccessCidr: "0.0.0.0/0" + # AccessCidr: "0.0.0.0/0" + # DatabasePassword: "$[taskcat_genpass_8A]" + # QsS3BucketName: "$[taskcat_autobucket]" + # QsS3KeyPrefix: "quickstart-jfrog-artifactory/" + # QsS3BucketRegion: "$[taskcat_current_region]" + # # DatabaseInstance: "db.m5.large" + # # DatabaseEngine: MySQL + # ArtifactoryVersion: "7.10.2" + # # ReleaseStage: "GA" + # NumberOfSecondary: "2" + # AnsibleVaultPass: "$[taskcat_genpass_8A]" + # ArtifactoryServerName: "artifactory" + # MasterKey: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + # SmLicenseCertName: "jfrog-artifactory" + # MultiAzDatabase: "false" + + # # AvailabilityZones: "$[taskcat_genaz_2]" + # # template: templates/jfrog-artifactory-ecs-master.template.yaml + + # # after creating a VPC, comment line above and uncomment lines below for faster iteration + # # commercial account + # AvailabilityZones: "us-east-2a, us-east-2b" + # VpcId : "vpc-0f1ba9d9e6125f50e" + # PublicSubnet1Id : "subnet-0428a0b682504e234" + # PrivateSubnet1Id: "subnet-08b2941d6a9a85579" + # PublicSubnet2Id : "subnet-0dd6c76f09924a8c1" + # PrivateSubnet2Id: "subnet-05a004086f004dfa1" + # template: templates/jfrog-artifactory-ecs-existing-vpc.template.yaml + + # regions: + # - us-east-2 + + # rt-eks: + # auth: + # default: temp + # parameters: + # KeyPairName: "vinaykey1" + # RemoteAccessCidr: "0.0.0.0/0" + # AccessCidr: "0.0.0.0/0" + # AvailabilityZones: "$[taskcat_genaz_3]" + # DatabasePassword: "$[taskcat_genpass_8A]" + # QsS3BucketName: "$[taskcat_autobucket]" + # QsS3KeyPrefix: "quickstart-jfrog-artifactory/" + # QsS3BucketRegion: "$[taskcat_current_region]" + # DatabaseInstance: "db.m5.large" + # ArtifactoryVersion: "7.10.2" + # NumberOfSecondary: "2" + # ArtifactoryServerName: "artifactory" + # MasterKey: "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + # SmLicenseCertName: "jfrog-artifactory" + # MultiAzDatabase: "false" + # InstallXray: "true" + # XrayHelmChartVersion: 3.10.3 + # XrayDatabasePassword: "$[taskcat_genpass_8A]" + # XrayNumberOfSecondary: 1 + # RabbitMQPassword: "$[taskcat_genpass_8A]" + # template: templates/jfrog-artifactory-eks-master.template.yaml + # regions: + # - us-west-2 + + # rt-eks-core: + # parameters: + # ArtifactoryDeploymentSize: Medium + # ArtifactoryVersion: 7.2.1 + # DatabaseEngine: Postgres + # DatabaseName: artdb + # DatabaseUser: artifactory + # KubeConfigKmsContext: JFrogArtifactory + # NumberOfSecondary: 2 + # template: templates/jfrog-artifactory-eks-core-workload.template.yaml diff --git a/Amazon/Marketplace/v7.10.2/templates/jfrog-artifactory-core-infrastructure.template.yaml b/Amazon/Marketplace/v7.10.2/templates/jfrog-artifactory-core-infrastructure.template.yaml new file mode 100644 index 0000000..2362bba --- /dev/null +++ b/Amazon/Marketplace/v7.10.2/templates/jfrog-artifactory-core-infrastructure.template.yaml @@ -0,0 +1,378 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: 'JFrog Artifactory Quick Start Deployment (qs-1qpmmjh61)' +Parameters: + VpcId: + Type: AWS::EC2::VPC::Id + VpcCidr: + Description: CIDR block for the VPC + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/16 + Type: String + PrivateSubnet1Cidr: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/19 + Type: String + PrivateSubnet2Cidr: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.32.0/19 + Type: String + PrivateSubnet3Cidr: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.64.0/19 + Type: String + SubnetIds: + Type: List + DatabaseAllocatedStorage: + Type: Number + MultiAzDatabase: + Type: String + DatabaseEngine: + Type: String + DatabaseUser: + Type: String + DatabasePassword: + NoEcho: 'true' + Type: String + DatabaseInstance: + Type: String + DatabaseName: + Type: String + ArtifactoryS3IAMUser: + NoEcho: 'true' + Type: String + ArtifactoryProduct: + Default: JFrog-Artifactory-Pro + Type: String + ReleaseStage: + Default: GA + Type: String + InstanceType: + Default: m5.xlarge + Type: String + +Mappings: + DatabaseMap: + Postgres: + Name: postgresql + DatabaseVersion: 11.5 + Driver: "org.postgresql.Driver" + Plugin: postgresql-42.2.9.jar + PluginURL: https://jdbc.postgresql.org/download/ + port: "5432" + extraDatabaseOps: "" + ReleaseStageMap: + BETA: + ProDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/artifactory-pro" + JcrDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/artifactory-jcr" + NginxDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/nginx-artifactory-pro" + GA: + ProDockerRepo: "docker.bintray.io/jfrog/artifactory-pro" + JcrDockerRepo: "docker.bintray.io/jfrog/artifactory-jcr" + NginxDockerRepo: "docker.bintray.io/jfrog/nginx-artifactory-pro" + ProductMap: + JFrog-Container-Registry: + RepoName: JcrDockerRepo + JFrog-Artifactory-Pro: + RepoName: ProDockerRepo + JavaOptionstoInstance: + m5.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5.8xlarge: + Min: 64 + Max: 96 + DeploymentSize: Large + m5.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5.16xlarge: + Min: 128 + Max: 192 + DeploymentSize: xxLarge + m5.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5.metal: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5d.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5d.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5d.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5d.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5d.8xlarge: + Min: 64 + Max: 96 + DeploymentSize: Large + m5d.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5d.16xlarge: + Min: 128 + Max: 192 + DeploymentSize: xxLarge + m5d.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5d.metal: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5a.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5a.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5a.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5a.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5a.8xlarge: + Min: 64 + Max: 96 + DeploymentSize: Large + m5a.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5a.16xlarge: + Min: 128 + Max: 192 + DeploymentSize: xxLarge + m5a.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5ad.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5ad.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5ad.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5ad.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5ad.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5ad.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge +Resources: + ArtifactoryDatabaseSubnetGroup: + Type: AWS::RDS::DBSubnetGroup + Properties: + DBSubnetGroupDescription: Private Subnets available to the RDS Instance(s) + SubnetIds: !Ref SubnetIds + ArtifactoryDatabase: + Type: AWS::RDS::DBInstance + Properties: + AllocatedStorage: !Ref DatabaseAllocatedStorage + MultiAZ: !Ref MultiAzDatabase + Engine: !Ref DatabaseEngine + EngineVersion: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - DatabaseVersion + MasterUsername: !Ref DatabaseUser + MasterUserPassword: !Ref DatabasePassword + DBInstanceClass: !Ref DatabaseInstance + DBName: !Ref DatabaseName + DBSubnetGroupName: !Ref ArtifactoryDatabaseSubnetGroup + VPCSecurityGroups: + - !Ref ArtifactoryDatabaseSG + ArtifactoryDatabaseSG: + Type: AWS::EC2::SecurityGroup + Properties: + Tags: + - Key: Name + Value: artifactory-rds-sg + GroupDescription: SG for RDS Instance to allow communication from the Bastion and Artifactory servers. + VpcId: !Ref VpcId + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + ToPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + CidrIp: !Ref PrivateSubnet1Cidr + - IpProtocol: tcp + FromPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + ToPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + CidrIp: !Ref PrivateSubnet2Cidr + - IpProtocol: tcp + FromPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + ToPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + CidrIp: !Ref PrivateSubnet3Cidr + SecurityGroupEgress: + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 80 + ToPort: 80 + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 443 + ToPort: 443 + CidrIp: 0.0.0.0/0 + ArtifactoryS3Bucket: + Type: AWS::S3::Bucket + Properties: + AccessControl: Private + BucketEncryption: + ServerSideEncryptionConfiguration: + - ServerSideEncryptionByDefault: + SSEAlgorithm: AES256 + ArtifactoryS3IAMPolicy: + Type: AWS::IAM::Policy + Properties: + PolicyName: S3BucketPermissions + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: S3BucketPermissions + Effect: Allow + Action: + - s3:* + Resource: + - Fn::Join: + - '' + - - !Sub "arn:${AWS::Partition}:s3:::" + - !Ref ArtifactoryS3Bucket + - Fn::Join: + - '' + - - !Sub "arn:${AWS::Partition}:s3:::" + - !Ref ArtifactoryS3Bucket + - "/*" + Users: + - !Ref ArtifactoryS3IAMUser +Outputs: + S3Bucket: + Value: !Ref ArtifactoryS3Bucket + Description: Actual S3 bucket created for Artifactory + DatabaseDriver: + Value: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Driver] + DatabasePlugin: + Value: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Plugin] + DatabasePluginUrl: + Value: !Sub + - "${MainURL}${PluginVersion}" + - { + MainURL: !FindInMap [DatabaseMap, !Ref DatabaseEngine, PluginURL], + PluginVersion: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Plugin] + } + DatabaseType: + Value: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Name] + DatabaseUrl: + Value: !Sub + - "jdbc:${DatabaseType}://${ArtifactoryDatabaseEndpointAddress}:${port}/${DatabaseName}${extraDatabaseOps}" + - { + DatabaseType: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Name], + ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address, + port: !FindInMap [DatabaseMap, !Ref DatabaseEngine, port], + extraDatabaseOps: !FindInMap [DatabaseMap, !Ref DatabaseEngine, extraDatabaseOps], + } + XrayMasterDatabaseUrl: + Value: !Sub + - "${ArtifactoryDatabaseEndpointAddress}:${port}/${DatabaseName}?sslmode=disable" + - { + ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address, + port: !FindInMap [DatabaseMap, !Ref DatabaseEngine, port], + } + XrayDatabaseUrl: + Value: !Sub + - "${ArtifactoryDatabaseEndpointAddress}:${port}/xraydb?sslmode=disable" + - { + ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address, + port: !FindInMap [DatabaseMap, !Ref DatabaseEngine, port], + } + ProDockerRepo: + Value: !FindInMap + - ReleaseStageMap + - !Ref ReleaseStage + - !FindInMap + - ProductMap + - !Ref ArtifactoryProduct + - RepoName + NginxDockerRepo: + Value: !FindInMap [ReleaseStageMap, !Ref ReleaseStage, NginxDockerRepo] + JavaOpts: + Value: !Sub + - "-Xms${min}g -Xmx${max}g" + - { + min: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, Min], + max: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, Max] + } + DeploymentSize: + Value: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, DeploymentSize] diff --git a/Amazon/Marketplace/v7.10.2/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml b/Amazon/Marketplace/v7.10.2/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml new file mode 100644 index 0000000..b7d0d5b --- /dev/null +++ b/Amazon/Marketplace/v7.10.2/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml @@ -0,0 +1,1024 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: 'JFrog Artifactory Quick Start Deployment into an Existing VPC (qs-1q037efj0)' +Metadata: + QuickStartDocumentation: + EntrypointName: "Launch into an existing VPC" + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: Security configuration + Parameters: + - KeyPairName + - AccessCidr + - RemoteAccessCidr + - Label: + default: Network configuration + Parameters: + - VpcId + - VpcCidr + - PublicSubnet1Id + - PublicSubnet2Id + - PrivateSubnet1Id + - PrivateSubnet2Id + - PrivateSubnet1Cidr + - PrivateSubnet2Cidr + - ELBScheme + - Label: + default: Bastion configuration + Parameters: + - ProvisionBastionHost + - BastionInstanceType + - BastionOs + - BastionRootVolumeSize + - BastionEnableTcpForwarding + - NumBastionHosts + - BastionEnableX11Forwarding + - Label: + default: Amazon EC2 configuration + Parameters: + - VolumeSize + - InstanceType + - Label: + default: JFrog Artifactory configuration + Parameters: + - ArtifactoryProduct + - ArtifactoryVersion + - NumberOfSecondary + - SmLicenseCertName + - ArtifactoryServerName + - MasterKey + - ExtraJavaOptions + - DefaultJavaMemSettings + - KeystorePassword + - AnsibleVaultPass + - Label: + default: Amazon RDS configuration + Parameters: + - DatabaseName + - DatabaseEngine + - DatabaseUser + - DatabasePassword + - DatabaseInstance + - DatabaseAllocatedStorage + - MultiAzDatabase + - Label: + default: AWS Quick Start configuration + Parameters: + - QsS3BucketName + - QsS3KeyPrefix + - QsS3BucketRegion + - Label: + default: JFrog Xray Configuration + Parameters: + - InstallXray + - XrayVersion + - XrayNumberOfInstances + - XrayInstanceType + - XrayDatabaseUser + - XrayDatabasePassword + ParameterLabels: + KeyPairName: + default: SSH key name + VpcId: + default: VPC ID + VpcCidr: + default: VPC CIDR + PublicSubnet1Id: + default: Public subnet 1 ID + PublicSubnet2Id: + default: Public subnet 2 ID + PrivateSubnet1Id: + default: Private subnet 1 ID + PrivateSubnet2Id: + default: Private subnet 2 ID + PrivateSubnet1Cidr: + default: Private subnet 1 CIDR + PrivateSubnet2Cidr: + default: Private subnet 2 CIDR + AccessCidr: + default: Permitted IP range + RemoteAccessCidr: + default: Remote access CIDR + ELBScheme: + default: Elastic Load Balancing scheme + ProvisionBastionHost: + default: Bastion instance + BastionInstanceType: + default: Bastion instance type + BastionRootVolumeSize: + default: Bastion root volume size + BastionEnableTcpForwarding: + default: Bastion enable TCP forwarding + BastionEnableX11Forwarding: + default: Bastion enable X11 forwarding + BastionOs: + default: Bastion operating system + NumBastionHosts: + default: Number of bastion instances + VolumeSize: + default: EBS root volume size + InstanceType: + default: EC2 instance type + NumberOfSecondary: + default: Secondary instances + ArtifactoryProduct: + default: Artifactory product to install + ArtifactoryVersion: + default: Artifactory version + SmLicenseCertName: + default: Artifactory licenses and certificate secret name + ArtifactoryServerName: + default: Artifactory server name + MasterKey: + default: Master server key + ExtraJavaOptions: + default: Extra Java options + DefaultJavaMemSettings: + default: Default Java memory settings + KeystorePassword: + default: Java keystore password + AnsibleVaultPass: + default: Ansible Vault password + DatabaseName: + default: Database name + DatabaseEngine: + default: Database engine + DatabaseUser: + default: Database user + DatabasePassword: + default: Database password + DatabaseInstance: + default: Database instance type + DatabaseAllocatedStorage: + default: Database allocated storage + MultiAzDatabase: + default: High-availability database + QsS3BucketName: + default: Quick Start S3 bucket name + QsS3KeyPrefix: + default: Quick Start S3 key prefix + QsS3BucketRegion: + default: Quick Start S3 bucket region + InstallXray: + default: Install JFrog Xray + XrayVersion: + default: Version of Xray to install + XrayNumberOfInstances: + default: Number of JFrog Xray instances + XrayInstanceType: + default: Xray instance type + XrayDatabaseUser: + default: Xray Database user + XrayDatabasePassword: + default: Xray Database password +Parameters: + KeyPairName: + Description: Name of an existing key pair, + which allows you to connect securely to your instance after it launches. + This is the key pair you created in your preferred Region. + Type: AWS::EC2::KeyPair::KeyName + VpcId: + Description: ID of your existing VPC (e.g., vpc-0343606e). + Type: "AWS::EC2::VPC::Id" + VpcCidr: + Description: CIDR block for the VPC. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/16 + Type: String + PublicSubnet1Id: + Description: ID of the public subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab). + Type: "AWS::EC2::Subnet::Id" + PublicSubnet2Id: + Description: ID of the public subnet in Availability Zone 2 of your existing VPC (e.g., subnet-a29c3d84). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet1Id: + Description: ID of the private subnet in Availability Zone 1 of your existing VPC (e.g., subnet-a0246dcd). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet2Id: + Description: ID of the private subnet in Availability Zone 2 of your existing VPC (e.g., subnet-b58c3d67). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet1Cidr: + Description: CIDR of the private subnet in Availability Zone 1 of your existing VPC (e.g., 10.0.0.0/19). + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/19 + Type: String + PrivateSubnet2Cidr: + Description: CIDR of the private subnet in Availability Zone 2 of your existing VPC (e.g., 10.0.32.0/19). + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.32.0/19 + Type: String + AccessCidr: + Description: CIDR IP range that is permitted to access Artifactory. + We recommend that you set this value to a trusted IP range. + For example, you might want to grant only your corporate network access to the software. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Type: String + RemoteAccessCidr: + Description: Remote CIDR range that allows you to connect to the bastion instance by using SSH. + We recommend that you set this value to a trusted IP range. + For example, you might want to grant specific ranges inside your corporate network SSH access. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Type: String + ELBScheme: + Description: Choose whether this is internet facing or internal. + AllowedValues: + - internal + - internet-facing + Default: internet-facing + Type: String + ProvisionBastionHost: + Description: Choose Disabled to skip creating a bastion instance. Due to the JFrog Container Registry nodes being + created in private subnets, the default setting of Enabled this is highly recommended. + AllowedValues: + - "Enabled" + - "Disabled" + Default: "Enabled" + Type: String + BastionInstanceType: + Description: Size of the bastion instances. + AllowedValues: + - t3.nano + - t3.micro + - t3.small + - t3.medium + - t3.large + - m5.large + - m5.xlarge + - m5.2xlarge + - m5.4xlarge + Default: "t3.micro" + Type: String + BastionRootVolumeSize: + Description: Size of the root volume on the bastion instances. + Default: 10 + Type: Number + BastionEnableTcpForwarding: + Description: Choose whether to enable TCPForwarding via the bootstrapping of the bastion instance + or not. + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + BastionEnableX11Forwarding: + Description: Choose true to enable X11 via the bootstrapping of the bastion host. + Setting this value to true will enable X Windows over SSH. + X11 forwarding can be useful, but it is also a security risk, so it's recommended + that you keep the default (false) setting. + AllowedValues: + - "true" + - "false" + Default: "false" + Type: String + BastionOs: + Description: Linux distribution for the Amazon Machine Image (AMI) to be used for the bastion instances. + AllowedValues: + - "Amazon-Linux2-HVM" + - "CentOS-7-HVM" + - "Ubuntu-Server-20.04-LTS-HVM" + - "SUSE-SLES-15-HVM" + Default: "Amazon-Linux2-HVM" + Type: String + NumBastionHosts: + Description: Number of bastion instances to create. + AllowedValues: + - '1' + - '2' + - '3' + - '4' + Default: '1' + Type: String + VolumeSize: + Description: Size in gigabytes of the available storage (min 10GB); the Quick Start will create an + Amazon Elastic Block Store (Amazon EBS) volumes of this size. + Default: 200 + Type: Number + InstanceType: + Description: EC2 type for the Artifactory instances. + AllowedValues: + - m5.large + - m5.xlarge + - m5.2xlarge + - m5.4xlarge + - m5.8xlarge + - m5.12xlarge + - m5.16xlarge + - m5.24xlarge + - m5.metal + - m5d.large + - m5d.xlarge + - m5d.2xlarge + - m5d.4xlarge + - m5d.8xlarge + - m5d.12xlarge + - m5d.16xlarge + - m5d.24xlarge + - m5d.metal + - m5a.large + - m5a.xlarge + - m5a.2xlarge + - m5a.4xlarge + - m5a.8xlarge + - m5a.12xlarge + - m5a.16xlarge + - m5a.24xlarge + ConstraintDescription: Must contain valid instance type. + Default: m5.xlarge + Type: String + NumberOfSecondary: + Description: Number of secondary Artifactory servers to complete your + HA deployment. To align with Artifactory best practices, the minimum number + is two and the maximum is seven. Do not select more instances than you + have licenses for. + AllowedValues: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + Default: 2 + Type: Number + ArtifactoryProduct: + Description: JFrog Artifactory product you want to install into an AMI. + AllowedValues: + - JFrog-Artifactory-Pro + - JFrog-Container-Registry + Default: JFrog-Artifactory-Pro + Type: String + ArtifactoryVersion: + Description: Version of Artifactory that you want to deploy into the Quick Start. + See the release notes to select the version you want to deploy at + https://www.jfrog.com/confluence/display/RTF/Release+Notes. + AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ + ConstraintDescription: A version that matches X.X.X per Artifactory releases + Default: 7.10.2 + Type: String + SmLicenseCertName: + Description: Secret name created in AWS Secrets Manager, which contains the SSL certificate, certificate key, and Artifactory licenses. + Default: '' + Type: String + ArtifactoryServerName: + Description: Name of your Artifactory server. Ensure that this matches your certificate. + Type: String + MasterKey: + Description: Master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'. + AllowedPattern: ^[a-zA-Z0-9]+$ + MinLength: '1' + MaxLength: '64' + ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters. + NoEcho: 'true' + Type: String + ExtraJavaOptions: + Description: Set Java options to pass to the JVM for Artifactory. For more information, see the Artifactory + system requirements at https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware. + Do not add Xms or Xmx settings without disabling DefaultJavaMemSettings. + Default: -Xss256k -XX:+UseG1GC + Type: String + DefaultJavaMemSettings: + Description: Choose false to overwrite the standard memory-calculation options to pass to the Artifactory JVM. + If you plan to overwrite them, ensure they are added to the ExtraJavaOptions to prevent the stack provision from failing. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + KeystorePassword: + Description: Java keystore password. For better security, the password that you specify will + replace the default Java key store password. + NoEcho: 'true' + Type: String + AnsibleVaultPass: + Description: Ansible Vault password to protect the Artifactory YAML configuration file + generated during the Artifactory deployment. This YAML file is stored on the EC2 nodes + and secured with this password. + NoEcho: 'true' + Type: String + DatabaseName: + Description: Name of your database instance. The name must be unique across all instances + owned by your AWS account in the current Region. The database instance identifier is case-insensitive, + but it's stored in lowercase (as in "mydbinstance"). + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + MinLength: '1' + MaxLength: '60' + ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter. + Default: artdb + Type: String + DatabaseEngine: + Description: Database engine that you want to run, which is currently locked to MySQL. + AllowedValues: + - Postgres + Default: Postgres + Type: String + DatabaseUser: + Description: Login ID for the master user of your database instance. + MinLength: '1' + MaxLength: '16' + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter. + Default: artifactory + Type: String + DatabasePassword: + Description: Password for the Artifactory database user. + AllowedPattern: ^[^ \\']+$ + MinLength: '8' + MaxLength: '12' + ConstraintDescription: Must be at least 8 and no more than + 12 characters containing letters and (minimum 1 capital letter), numbers and + symbols. + NoEcho: 'true' + Type: String + DatabaseInstance: + Description: Size of the database to be deployed as part of the Quick Start. + AllowedValues: + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.10xlarge + - db.m5.16xlarge + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.4xlarge + - db.m5.12xlarge + - db.m5.24xlarge + ConstraintDescription: Must be a valid database Instance Type. + Default: db.m5.large + Type: String + DatabaseAllocatedStorage: + Description: Size in gigabytes of the available storage for the database instance. + MinValue: 5 + MaxValue: 1024 + Default: 10 + Type: Number + MultiAzDatabase: + Description: Choose false to create an Amazon RDS instance in a single Availability Zone. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + QsS3BucketName: + Description: S3 bucket name for the Quick Start assets. This string can include + numbers, lowercase letters, and hyphens (-). It cannot start + or end with a hyphen (-). + AllowedPattern: ^[0-9a-z]+([0-9a-z-]*[0-9a-z])*$ + ConstraintDescription: Quick Start bucket name can include numbers, lowercase + letters, and hyphens (-). It cannot start or end with a hyphen (-). + Default: aws-quickstart + Type: String + QsS3KeyPrefix: + Description: S3 key prefix for the Quick Start assets. Quick Start key prefix + can include numbers, lowercase letters, uppercase letters, hyphens (-), and + forward slash (/). + AllowedPattern: ^[0-9a-zA-Z-/]*$ + ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, + uppercase letters, hyphens (-), and forward slash (/). + Default: quickstart-jfrog-artifactory/ + Type: String + QsS3BucketRegion: + Default: 'us-east-1' + Description: AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. If you use your own bucket, you must specify your own value. + Type: String + InstallXray: + Description: Choose true to install JFrog Xray instance(s). + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + XrayVersion: + Description: The version of Xray that you want to deploy into the Quick Start. + AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ + ConstraintDescription: A version that matches X.X.X per Xray releases. + Default: 3.10.3 + Type: String + XrayNumberOfInstances: + Description: The number of Xray instances servers to complete your + HA deployment. The minimum number is one; the maximum is seven. + Do not select more than instances than you have licenses for. + MinValue: 1 + MaxValue: 7 + Default: 1 + Type: Number + XrayInstanceType: + Description: The EC2 instance type for the Xray instances. + AllowedValues: + - c5.2xlarge + - c5.4xlarge + ConstraintDescription: Must contain valid instance type. + Default: c5.2xlarge + Type: String + XrayDatabaseUser: + Description: The login ID for the Xray database user. + MinLength: '1' + MaxLength: '16' + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter. + Default: xray + Type: String + XrayDatabasePassword: + Description: The password for the Xray database user. + AllowedPattern: ^[^ \\']+$ + MinLength: '8' + MaxLength: '12' + ConstraintDescription: Must be at least 8 and no more than + 12 characters containing letters and (minimum 1 capital letter), numbers and + symbols. + NoEcho: 'true' + Type: String +Conditions: + EnableBastion: !Equals [!Ref 'ProvisionBastionHost', 'Enabled'] + IsArtifactory: !Not [!Equals [!Ref ArtifactoryProduct, 'JFrog-Container-Registry']] + HasSecondaryNodes: !Not [!Equals [!Ref NumberOfSecondary, '0']] + DefaultJava: !Equals [!Ref DefaultJavaMemSettings, "true"] + UsingDefaultBucket: !Equals [!Ref QsS3BucketName, 'aws-quickstart'] + EnableXray: !Equals [!Ref InstallXray, 'true'] + SmLicenseCertNameExists: !Not [!Equals [!Ref 'SmLicenseCertName', '']] +Resources: + BastionRole: + Condition: EnableBastion + Type: "AWS::IAM::Role" + Properties: + AssumeRolePolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Principal: + Service: ec2.amazonaws.com + Action: sts:AssumeRole + Policies: + - PolicyName: QSBucketAccess + PolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Action: s3:GetObject + Resource: !Sub "arn:${AWS::Partition}:s3:::${QsS3BucketName}/*" + - Effect: Allow + Action: + - logs:CreateLogStream + - logs:GetLogEvents + - logs:PutLogEvents + - logs:DescribeLogGroups + - logs:DescribeLogStreams + - logs:PutRetentionPolicy + - logs:PutMetricFilter + - logs:CreateLogGroup + Resource: !Sub "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:*:*" + - Effect: Allow + Action: + - ec2:AssociateAddress + - ec2:DescribeAddresses + Resource: "*" + BastionStack: + Condition: EnableBastion + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}submodules/quickstart-linux-bastion/templates/linux-bastion.template + Parameters: + VPCID: !Ref VpcId + PublicSubnet1ID: !Ref PublicSubnet1Id + PublicSubnet2ID: !Ref PublicSubnet2Id + KeyPairName: !Ref KeyPairName + QSS3BucketName: !Ref QsS3BucketName + QSS3KeyPrefix: !Sub '${QsS3KeyPrefix}submodules/quickstart-linux-bastion/' + QSS3BucketRegion: !Ref QsS3BucketRegion + RemoteAccessCIDR: !Ref RemoteAccessCidr + BastionInstanceType: !Ref BastionInstanceType + RootVolumeSize: !Ref BastionRootVolumeSize + BastionAMIOS: !Ref BastionOs + EnableTCPForwarding: !Ref BastionEnableTcpForwarding + EnableX11Forwarding: !Ref BastionEnableX11Forwarding + AlternativeIAMRole: !Ref BastionRole + NumBastionHosts: !Ref NumBastionHosts + ArtifactoryS3IAMUser: + Type: AWS::IAM::User + ArtifactoryIamAcessKey: + Type: AWS::IAM::AccessKey + Properties: + UserName: !Ref ArtifactoryS3IAMUser + ArtifactoryCoreInfraStack: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-core-infrastructure.template.yaml + Parameters: + VpcId: !Ref VpcId + VpcCidr: !Ref VpcCidr + PrivateSubnet1Cidr: !Ref PrivateSubnet1Cidr + PrivateSubnet2Cidr: !Ref PrivateSubnet2Cidr + PrivateSubnet3Cidr: !Ref PrivateSubnet2Cidr # This should end up in no new rule but required for EKS + SubnetIds: !Join [",", [!Ref PrivateSubnet1Id, !Ref PrivateSubnet2Id]] + DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage + MultiAzDatabase: !Ref MultiAzDatabase + DatabaseEngine: !Ref DatabaseEngine + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + DatabaseInstance: !Ref DatabaseInstance + DatabaseName: !Ref DatabaseName + ArtifactoryS3IAMUser: !Ref ArtifactoryS3IAMUser + InstanceType: !Ref InstanceType + ArtifactoryElb: + Type: AWS::ElasticLoadBalancingV2::LoadBalancer + Properties: + IpAddressType: ipv4 + Name: !Sub ${ArtifactoryProduct}-EC2-ELB + Scheme: !Ref ELBScheme + Subnets: + - !Ref PublicSubnet1Id + - !Ref PublicSubnet2Id + Type: network + ArtifactorySslTargetGroup: + Type: AWS::ElasticLoadBalancingV2::TargetGroup + Properties: + HealthCheckEnabled: True + HealthCheckIntervalSeconds: 30 + HealthCheckProtocol: TCP + HealthCheckTimeoutSeconds: 10 + HealthyThresholdCount: 3 + HealthCheckPort: "8082" + Port: 443 + Protocol: TCP + TargetType: instance + UnhealthyThresholdCount: 3 + VpcId: !Ref VpcId + ArtifactoryTargetGroup: + Type: AWS::ElasticLoadBalancingV2::TargetGroup + Properties: + HealthCheckEnabled: True + HealthCheckIntervalSeconds: 30 + HealthCheckProtocol: TCP + HealthCheckTimeoutSeconds: 10 + HealthyThresholdCount: 3 + HealthCheckPort: "8082" + Port: 80 + Protocol: TCP + TargetType: instance + UnhealthyThresholdCount: 3 + VpcId: !Ref VpcId + ArtifactorySslElbListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Properties: + DefaultActions: + - TargetGroupArn: !Ref ArtifactorySslTargetGroup + Type: forward + LoadBalancerArn: !Ref ArtifactoryElb + Port: 443 + Protocol: TCP + ArtifactoryElbListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Properties: + DefaultActions: + - TargetGroupArn: !Ref ArtifactoryTargetGroup + Type: forward + LoadBalancerArn: !Ref ArtifactoryElb + Port: 80 + Protocol: TCP + ArtifactoryInternalElb: + Type: AWS::ElasticLoadBalancingV2::LoadBalancer + Properties: + IpAddressType: ipv4 + Name: ArtifactoryInternal-ELB + Scheme: internal + Subnets: + - !Ref PrivateSubnet1Id + - !Ref PrivateSubnet2Id + Type: network + ArtifactoryInternalTargetGroup: + Type: AWS::ElasticLoadBalancingV2::TargetGroup + Properties: + HealthCheckEnabled: True + HealthCheckIntervalSeconds: 30 + HealthCheckProtocol: TCP + HealthCheckTimeoutSeconds: 10 + HealthyThresholdCount: 3 + HealthCheckPort: "8082" + Name: artifactory-internal-http + Port: 80 + Protocol: TCP + TargetType: instance + UnhealthyThresholdCount: 3 + VpcId: !Ref VpcId + ArtifactoryInternalElbListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Properties: + DefaultActions: + - TargetGroupArn: !Ref ArtifactoryInternalTargetGroup + Type: forward + LoadBalancerArn: !Ref ArtifactoryInternalElb + Port: 80 + Protocol: TCP + ArtifactoryEc2Sg: + Type: AWS::EC2::SecurityGroup + Properties: + Tags: + - Key: Name + Value: !Sub ${ArtifactoryProduct}-ec2-instances-sg + GroupDescription: SG for EC2 instances (also permits access using SSH from the bastion host) + VpcId: !Ref VpcId + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 80 + ToPort: 80 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 80 + ToPort: 80 + CidrIp: !Ref AccessCidr + - IpProtocol: tcp + FromPort: 443 + ToPort: 443 + CidrIp: !Ref AccessCidr + - IpProtocol: tcp + FromPort: 443 + ToPort: 443 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 8081 + ToPort: 8082 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 8046 + ToPort: 8046 + CidrIp: !Ref VpcCidr + SecurityGroupEgress: + - IpProtocol: "-1" + CidrIp: 0.0.0.0/0 + ArtifactoryHostRole: + Type: 'AWS::IAM::Role' + Properties: + Path: / + AssumeRolePolicyDocument: + Statement: + - Action: + - 'sts:AssumeRole' + Principal: + Service: + - ec2.amazonaws.com + Effect: Allow + Version: 2012-10-17 + ManagedPolicyArns: + - !Sub 'arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonEC2RoleforSSM' + ArtifactoryHostProfile: + Type: 'AWS::IAM::InstanceProfile' + Properties: + Roles: + - !Ref ArtifactoryHostRole + Path: / + ArtifactoryMaster: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-ec2-instance.template.yaml + Parameters: + PrivateSubnet1Id: !Ref PrivateSubnet1Id + PrivateSubnet2Id: !Ref PrivateSubnet2Id + MinScalingNodes: '1' # Always have 1 MasterNode + MaxScalingNodes: '1' # Always have 1 MasterNode + DeploymentTag: !If [IsArtifactory, "ArtifactoryMaster", "JcrMaster"] + HostRole: !Ref ArtifactoryHostRole + QsS3BucketName: !Ref QsS3BucketName + QsS3KeyPrefix: !Ref QsS3KeyPrefix + QsS3Uri: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix} + - S3Bucket: !If + - UsingDefaultBucket + - !Sub 'aws-quickstart-${AWS::Region}' + - !Ref 'QsS3BucketName' + S3Region: !If + - UsingDefaultBucket + - !Ref 'AWS::Region' + - !Ref 'QsS3BucketRegion' + AmiId: !Join ['', !Split [".", !Ref ArtifactoryVersion]] + ArtifactoryProduct: !Ref ArtifactoryProduct + ArtifactoryLicense1: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense1}}', ''] + ArtifactoryLicense2: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense2}}', ''] + ArtifactoryLicense3: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense3}}', ''] + ArtifactoryLicense4: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense4}}', ''] + ArtifactoryLicense5: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense5}}', ''] + ArtifactoryLicense6: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense6}}', ''] + ArtifactoryServerName: !Ref ArtifactoryServerName + EnableSSL: !If [SmLicenseCertNameExists, 'true' , 'false'] + Certificate: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:Certificate}}', ''] + CertificateKey: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:CertificateKey}}', ''] + CertificateDomain: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:CertificateDomain}}', ''] + ArtifactoryIamAcessKey: !Ref ArtifactoryIamAcessKey + SecretAccessKey: !GetAtt ArtifactoryIamAcessKey.SecretAccessKey + ArtifactoryS3Bucket: !GetAtt ArtifactoryCoreInfraStack.Outputs.S3Bucket + DatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl + DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + DatabasePlugin: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePlugin + DatabasePluginUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePluginUrl + DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + ArtifactoryPrimary: 'true' + MasterKey: !Ref MasterKey + ExtraJavaOptions: !If [DefaultJava, !Sub "${ArtifactoryCoreInfraStack.Outputs.JavaOpts} ${ExtraJavaOptions}", !Ref ExtraJavaOptions] + KeystorePassword: !Ref KeystorePassword + ArtifactoryVersion: !Ref ArtifactoryVersion + KeyPairName: !Ref KeyPairName + HostProfile: !Ref ArtifactoryHostProfile + SecurityGroups: !Ref ArtifactoryEc2Sg + InstanceType: !Ref InstanceType + VolumeSize: !Ref VolumeSize + TargetGroupARN: !Ref ArtifactoryTargetGroup + SSLTargetGroupARN: !Ref ArtifactorySslTargetGroup + InternalTargetGroupARN: !Ref ArtifactoryInternalTargetGroup + AnsibleVaultPass: !Ref AnsibleVaultPass + ArtifactorySecondary: + Condition: HasSecondaryNodes + DependsOn: ArtifactoryMaster + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-ec2-instance.template.yaml + Parameters: + PrivateSubnet1Id: !Ref PrivateSubnet1Id + PrivateSubnet2Id: !Ref PrivateSubnet2Id + MinScalingNodes: !Ref NumberOfSecondary + MaxScalingNodes: !Ref NumberOfSecondary + DeploymentTag: ArtifactorySecondary + HostRole: !Ref ArtifactoryHostRole + AmiId: !Join ['', !Split [".", !Ref ArtifactoryVersion]] + ArtifactoryProduct: !Ref ArtifactoryProduct + ArtifactoryLicense1: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense1}}', ''] + ArtifactoryLicense2: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense2}}', ''] + ArtifactoryLicense3: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense3}}', ''] + ArtifactoryLicense4: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense4}}', ''] + ArtifactoryLicense5: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense5}}', ''] + ArtifactoryLicense6: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense6}}', ''] + ArtifactoryServerName: !Ref ArtifactoryServerName + EnableSSL: !If [SmLicenseCertNameExists, 'true' , 'false'] + Certificate: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:Certificate}}', ''] + CertificateKey: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:CertificateKey}}', ''] + CertificateDomain: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:CertificateDomain}}', ''] + ArtifactoryIamAcessKey: !Ref ArtifactoryIamAcessKey + SecretAccessKey: !GetAtt ArtifactoryIamAcessKey.SecretAccessKey + ArtifactoryS3Bucket: !GetAtt ArtifactoryCoreInfraStack.Outputs.S3Bucket + DatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl + DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + DatabasePlugin: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePlugin + DatabasePluginUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePluginUrl + DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + ArtifactoryPrimary: 'false' + MasterKey: !Ref MasterKey + ExtraJavaOptions: !If [DefaultJava, !Sub "${ArtifactoryCoreInfraStack.Outputs.JavaOpts} ${ExtraJavaOptions}", !Ref ExtraJavaOptions] + KeystorePassword: !Ref KeystorePassword + ArtifactoryVersion: !Ref ArtifactoryVersion + KeyPairName: !Ref KeyPairName + HostProfile: !Ref ArtifactoryHostProfile + SecurityGroups: !Ref ArtifactoryEc2Sg + InstanceType: !Ref InstanceType + VolumeSize: !Ref VolumeSize + TargetGroupARN: !Ref ArtifactoryTargetGroup + SSLTargetGroupARN: !Ref ArtifactorySslTargetGroup + InternalTargetGroupARN: !Ref ArtifactoryInternalTargetGroup + AnsibleVaultPass: !Ref AnsibleVaultPass + QsS3BucketName: !Ref QsS3BucketName + QsS3KeyPrefix: !Ref QsS3KeyPrefix + QsS3Uri: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix} + - S3Bucket: !If + - UsingDefaultBucket + - !Sub 'aws-quickstart-${AWS::Region}' + - !Ref 'QsS3BucketName' + S3Region: !If + - UsingDefaultBucket + - !Ref 'AWS::Region' + - !Ref 'QsS3BucketRegion' + XrayHostRole: + Condition: EnableXray + Type: 'AWS::IAM::Role' + Properties: + Path: / + AssumeRolePolicyDocument: + Statement: + - Action: + - 'sts:AssumeRole' + Principal: + Service: + - ec2.amazonaws.com + Effect: Allow + Version: 2012-10-17 + ManagedPolicyArns: + - !Sub 'arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonEC2RoleforSSM' + XrayHostProfile: + Condition: EnableXray + Type: 'AWS::IAM::InstanceProfile' + Properties: + Roles: + - !Ref XrayHostRole + Path: / + XrayExistingVpcStack: + Condition: EnableXray + DependsOn: ArtifactorySecondary + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-xray-ec2-instance.template.yaml + Parameters: + PrivateSubnet1Id: !Ref PrivateSubnet1Id + PrivateSubnet2Id: !Ref PrivateSubnet2Id + KeyPairName: !Ref KeyPairName + MinScalingNodes: !Ref XrayNumberOfInstances + MaxScalingNodes: !Ref XrayNumberOfInstances + DeploymentTag: 'xray' + QsS3BucketName: !Ref QsS3BucketName + QsS3KeyPrefix: !Ref QsS3KeyPrefix + QsS3Uri: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix} + - S3Bucket: !If + - UsingDefaultBucket + - !Sub 'aws-quickstart-${AWS::Region}' + - !Ref 'QsS3BucketName' + S3Region: !If + - UsingDefaultBucket + - !Ref 'AWS::Region' + - !Ref 'QsS3BucketRegion' + DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + MasterKey: !Ref MasterKey + SecurityGroups: !Ref ArtifactoryEc2Sg + VolumeSize: !Ref VolumeSize + XrayInstanceType: !Ref XrayInstanceType + JfrogInternalUrl: !Sub "http://${ArtifactoryInternalElb.DNSName}" + AnsibleVaultPass: !Ref AnsibleVaultPass + XrayDatabaseUser: !Ref XrayDatabaseUser + XrayDatabasePassword: !Ref XrayDatabasePassword + XrayMasterDatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayMasterDatabaseUrl + XrayDatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayDatabaseUrl + XrayFirstNode: 'true' + XrayVersion: !Ref XrayVersion + XrayAmiId: !Join ['', !Split [".", !Ref XrayVersion]] + XrayHostRole: !Ref XrayHostRole + XrayHostProfile: !Ref XrayHostProfile +Outputs: + ArtifactoryUrl: + Description: URL of the ELB to access Artifactory + Value: !If [SmLicenseCertNameExists, !Sub "https://${ArtifactoryElb.DNSName}", !Sub "http://${ArtifactoryElb.DNSName}"] + Export: + Name: !Sub '${AWS::StackName}-ArtifactoryUrl' + ArtifactoryInternalUrl: + Description: URL of the internal ELB to access Artifactory + Value: !Sub "http://${ArtifactoryInternalElb.DNSName}" + Export: + Name: !Sub '${AWS::StackName}-ArtifactoryInternalUrl' + DatabaseType: + Description: Type of database + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + Export: + Name: !Sub '${AWS::StackName}-DatabaseType' + DatabaseDriver: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + Export: + Name: !Sub '${AWS::StackName}-DatabaseDriver' + DatabaseUrl: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl + Export: + Name: !Sub '${AWS::StackName}-DatabaseUrl' + ArtifactoryTargetGroup: + Description: Artifactory target group + Value: !Ref ArtifactoryTargetGroup + Export: + Name: !Sub '${AWS::StackName}-ArtifactoryTargetGroup' + ArtifactorySslTargetGroup: + Description: Artifactory SSL target group + Value: !Ref ArtifactorySslTargetGroup + Export: + Name: !Sub '${AWS::StackName}-ArtifactorySslTargetGroup' + ArtifactoryEc2Sg: + Description: Artifactory EC2 sercurity group + Value: !Ref ArtifactoryEc2Sg + Export: + Name: !Sub '${AWS::StackName}-ArtifactoryEc2Sg' + BastionIp: + Value: !If + - EnableBastion + - !GetAtt BastionStack.Outputs.EIP1 + - "" + XrayMasterDatabaseUrl: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayMasterDatabaseUrl + Export: + Name: !Sub '${AWS::StackName}-XrayMasterDatabaseUrl' + XrayDatabaseUrl: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayDatabaseUrl + Export: + Name: !Sub '${AWS::StackName}-XrayDatabaseUrl' \ No newline at end of file diff --git a/Amazon/Marketplace/v7.10.2/templates/jfrog-artifactory-ec2-instance.template.yaml b/Amazon/Marketplace/v7.10.2/templates/jfrog-artifactory-ec2-instance.template.yaml new file mode 100644 index 0000000..b8690da --- /dev/null +++ b/Amazon/Marketplace/v7.10.2/templates/jfrog-artifactory-ec2-instance.template.yaml @@ -0,0 +1,403 @@ +AWSTemplateFormatVersion: "2010-09-09" +Description: "Deploys the EC2 Autoscaling, LaunchConfig and Instance for Artifactory (qs-1qpmmjh5o)" +Parameters: + PrivateSubnet1Id: + Type: 'AWS::EC2::Subnet::Id' + PrivateSubnet2Id: + Type: 'AWS::EC2::Subnet::Id' + MinScalingNodes: + Type: Number + MaxScalingNodes: + Type: Number + DeploymentTag: + Type: String + HostRole: + Type: String + AmiId: + Type: String + ArtifactoryProduct: + Type: String + QsS3BucketName: + Type: String + QsS3KeyPrefix: + Type: String + QsS3Uri: + Type: String + ArtifactoryLicense1: + Type: String + ArtifactoryLicense2: + Type: String + ArtifactoryLicense3: + Type: String + ArtifactoryLicense4: + Type: String + ArtifactoryLicense5: + Type: String + ArtifactoryLicense6: + Type: String + ArtifactoryServerName: + Type: String + Certificate: + Type: String + CertificateKey: + Type: String + NoEcho: 'true' + CertificateDomain: + Type: String + EnableSSL: + Type: String + ArtifactoryIamAcessKey: + Type: String + NoEcho: 'true' + SecretAccessKey: + Type: String + NoEcho: 'true' + ArtifactoryS3Bucket: + Type: String + DatabaseUrl: + Type: String + DatabaseDriver: + Type: String + DatabasePluginUrl: + Type: String + DatabasePlugin: + Type: String + DatabaseType: + Type: String + DatabaseUser: + Type: String + DatabasePassword: + Type: String + NoEcho: 'true' + ArtifactoryPrimary: + Type: String + MasterKey: + Type: String + NoEcho: 'true' + ExtraJavaOptions: + Type: String + ArtifactoryVersion: + Type: String + KeyPairName: + Type: AWS::EC2::KeyPair::KeyName + TargetGroupARN: + Type: String + SSLTargetGroupARN: + Type: String + InternalTargetGroupARN: + Type: String + HostProfile: + Type: String + SecurityGroups: + Type: String + InstanceType: + Type: String + VolumeSize: + Type: Number + KeystorePassword: + Description: Default Keystore from Java in which we upgrade. + Type: String + NoEcho: 'true' + AnsibleVaultPass: + Description: Ansiblevault Password to secure the artifactory.yml + Type: String + NoEcho: 'true' +# To populate additional mappings use the following with the desired --region +# aws --region us-west-2 ec2 describe-images --owners amazon --filters 'Name=name,Values=amzn-ami-hvm-2018.03.0.20181129-x86_64-gp2' 'Name=state,Values=available' --output json | jq -r '.Images | sort_by(.CreationDate) | last(.[]).ImageId' +Mappings: + AWSAMIRegionMap: + ap-northeast-1: + AMZNLINUXHVM: ami-079e6fb1e856e80c1 + "Artifactory721": ami-09dfb20a591375d09 + "Artifactory755": ami-09dfb20a591375d09 # TODO: Get correct ami + "Jcr721": ami-0d87bf5404e186c90 + ap-northeast-2: + AMZNLINUXHVM: ami-0e4a253fb5f082688 + "Artifactory721": ami-0eb86b82de93a34fb + "Artifactory755": ami-0eb86b82de93a34fb # TODO: Get correct ami + "Jcr721": ami-047275320dc0101df + ap-south-1: + AMZNLINUXHVM: ami-01e074f40dfb9999d + "Artifactory721": ami-01b828aa6cc99a322 + "Artifactory755": ami-01b828aa6cc99a322 # TODO: Get correct ami + "Jcr721": ami-003e20ccb4b8b1efc + ap-southeast-1: + AMZNLINUXHVM: ami-0d9233e8ce73df7b2 + "Artifactory721": ami-04a94cc4dc0d08c98 + "Artifactory755": ami-04a94cc4dc0d08c98 # TODO: Get correct ami + "Jcr721": ami-016d81f9a055d84f7 + ap-southeast-2: + AMZNLINUXHVM: ami-0c91f97cadcc8499e + "Artifactory721": ami-030871aa8d1f0689e + "Artifactory755": ami-030871aa8d1f0689e # TODO: Get correct ami + "Jcr721": ami-0a257f38f4e17b489 + ca-central-1: + AMZNLINUXHVM: ami-003a0ba7ea76b2785 + "Artifactory721": ami-0148cebea7bea4aaf + "Artifactory755": ami-0148cebea7bea4aaf # TODO: Get correct ami + "Jcr721": ami-0366fde97d0c9c63c + eu-central-1: + AMZNLINUXHVM: ami-0ab838eeee7f316eb + "Artifactory721": ami-07961f7c210143a42 + "Artifactory755": ami-07961f7c210143a42 # TODO: Get correct ami + "Jcr721": ami-025ce18f43dbbee65 + eu-west-1: + AMZNLINUXHVM: ami-071f4ce599deff521 + "Artifactory721": ami-0171b8d46941b4ca1 + "Artifactory755": ami-0171b8d46941b4ca1 # TODO: Get correct ami + "Jcr721": ami-0a0c02357d264c397 + sa-east-1: + AMZNLINUXHVM: ami-04b202bf877b5027b + "Artifactory721": ami-0596f196b273bb8a6 + "Artifactory755": ami-0596f196b273bb8a6 # TODO: Get correct ami + "Jcr721": ami-0f5f29385fc7cf6a9 + us-east-1: + AMZNLINUXHVM: ami-09d069a04349dc3cb + "Artifactory700": ami-06baee01fb2ef01d2 + "Artifactory702": ami-085b1acc8e8b5b039 + "Artifactory721": ami-0d4d4252cdc2b6f11 + "Artifactory755": ami-07c0a3d7663fcafb9 # TODO: Get correct ami + "Artifactory773": ami-0e1639df4df532641 # partnership account + seller account + "Artifactory7102": ami-0d3aaf4303a264d04 # seller account (shared with partnership account) + "Jcr720": ami-05aa02eddf5f692b7 + "Jcr721": ami-04fed5fc210272dfe + "Jcr7102": ami-0508370f82ef2e50d + us-east-2: + AMZNLINUXHVM: ami-0d542ef84ec55d71c + "Artifactory721": ami-0a913af05ccdaa522 + "Artifactory755": ami-05071c07a672ddf54 # TODO: Get correct ami - using ami generated by myself + "Jcr721": ami-0d50790b8fb747584 + us-west-1: + AMZNLINUXHVM: ami-04bc3da8f14823e88 + "Artifactory721": ami-068cd684b4d3a3a86 + "Artifactory755": ami-068cd684b4d3a3a86 # TODO: Get correct ami + "Jcr721": ami-0e1cef33ea2778bd5 + us-west-2: + AMZNLINUXHVM: ami-01460aa81365561fe + "700": ami-000937e944ea194bf + "Artifactory721": ami-0c132dd3640519a35 + "Artifactory755": ami-0007155f7b7de9386 # TODO: Get correct ami + "Artifactory773": ami-0a1b8c5bd6ea279b0 # partnership account + seller account + "Jcr721": ami-083542bb4f8afa3db + us-gov-east-1: + AMZNLINUX2: ami-7c2bc80d + "Artifactory755": ami-0732b9134b39caf5c + "Artifactory7102": ami-0f5ce3b2c087a8098 + us-gov-west-1: + AMZNLINUX2: ami-a03768c1 + "Artifactory755": ami-0b9d3e9ee5ffdc491 + ArtifactoryProductMap: + JFrog-Container-Registry: + "720": "Jcr720" + "721": "Jcr721" + "743": "Jcr743" + "7102": "Jcr7102" + product: "jcr" + JFrog-Artifactory-Pro: + "700": "Artifactory700" + "702": "Artifactory702" + "721": "Artifactory721" + "755": "Artifactory755" + "773": "Artifactory773" + "7102": "Artifactory7102" + product: "artifactory" +Resources: + ArtifactoryScalingGroup: + Type: 'AWS::AutoScaling::AutoScalingGroup' + Properties: + LaunchConfigurationName: !Ref ArtifactoryLaunchConfiguration + VPCZoneIdentifier: + - !Ref PrivateSubnet1Id + - !Ref PrivateSubnet2Id + MinSize: !Ref MinScalingNodes + MaxSize: !Ref MaxScalingNodes + Cooldown: '300' + DesiredCapacity: !Ref MinScalingNodes + TargetGroupARNs: + - !Ref TargetGroupARN + - !Ref SSLTargetGroupARN + - !Ref InternalTargetGroupARN + HealthCheckType: ELB + HealthCheckGracePeriod: 900 + Tags: + - Key: Name + Value: !Ref DeploymentTag + PropagateAtLaunch: true + CreationPolicy: + ResourceSignal: + Count: 1 + Timeout: PT30M + + ArtifactoryLaunchConfiguration: + Type: 'AWS::AutoScaling::LaunchConfiguration' + Metadata: + 'AWS::CloudFormation::Authentication': + S3AccessCreds: + type: S3 + roleName: + - !Ref HostRole # !Ref ArtifactoryHostRole + buckets: + - !Ref QsS3BucketName + 'AWS::CloudFormation::Init': + configSets: + artifactory_install: + - "config-artifactory-master" + - "secure-artifactory" + config-artifactory-master: + files: + /root/.jfrog_ami/artifactory.yml: + content: !Sub + - | + # Base install for Artifactory + - import_playbook: site-artifactory.yml + vars: + artifactory_license1: ${ArtifactoryLicense1} + artifactory_license2: ${ArtifactoryLicense2} + artifactory_license3: ${ArtifactoryLicense3} + artifactory_license4: ${ArtifactoryLicense4} + artifactory_license5: ${ArtifactoryLicense5} + artifactory_license6: ${ArtifactoryLicense6} + artifactory_product: ${product} + artifactory_flavour: "{{ 'pro' if '${product}' == 'artifactory' else 'jcr' if '${product}' == 'jcr' }}" + artifactory_server_name: ${ArtifactoryServerName} + server_name: ${ArtifactoryServerName}.${CertificateDomain} + s3_region: ${AWS::Region} + s3_access_key: ${ArtifactoryIamAcessKey} + s3_access_secret_key: ${SecretAccessKey} + s3_bucket: ${ArtifactoryS3Bucket} + certificate: ${Certificate} + certificate_key: ${CertificateKey} + certificate_domain: ${CertificateDomain} + enable_ssl: ${EnableSSL} + ssl_dir: /etc/pki/tls/certs + db_type: ${DatabaseType} + db_driver: ${DatabaseDriver} + db_url: ${DatabaseUrl} + db_user: ${DatabaseUser} + db_password: ${DatabasePassword} + # db_download_url: https://jdbc.postgresql.org/download/postgresql-42.2.12.jar + art_primary: ${ArtifactoryPrimary} + master_key: ${MasterKey} + join_key: ${MasterKey} + extra_java_opts: ${ExtraJavaOptions} + artifactory_version: ${ArtifactoryVersion} + artifactory_keystore: + path: /opt/jfrog/artifactory/app/third-party/java/lib/security/cacerts + default_password: changeit + new_keystore_pass: ${KeystorePassword} + artifactory_java_db_drivers: + - name: ${DatabasePlugin} + url: ${DatabasePluginUrl} + owner: artifactory + group: artifactory + - { + product: !FindInMap [ArtifactoryProductMap, !Ref ArtifactoryProduct, product] + } + mode: "0400" + /root/.vault_pass.txt: + content: !Sub | + ${AnsibleVaultPass} + mode: "0400" + /root/.secureit.sh: + content: + ansible-vault encrypt /root/.jfrog_ami/artifactory.yml --vault-id /root/.vault_pass.txt + mode: "0770" + secure-artifactory: + commands: + 'secure ansible playbook': + command: '/root/.secureit.sh' + ignoreErrors: 'false' + Properties: + AssociatePublicIpAddress: false + KeyName: !Ref KeyPairName + IamInstanceProfile: !Ref HostProfile + ImageId: !FindInMap + - AWSAMIRegionMap + - !Ref 'AWS::Region' + - !FindInMap + - ArtifactoryProductMap + - !Ref ArtifactoryProduct + - !Ref AmiId + SecurityGroups: + - !Ref SecurityGroups + InstanceType: !Ref InstanceType + BlockDeviceMappings: + - DeviceName: /dev/xvda + Ebs: + VolumeSize: !Ref VolumeSize + VolumeType: gp2 + DeleteOnTermination: true + UserData: + 'Fn::Base64': + !Sub | + #!/bin/bash -x + + #CFN Functions + + function cfn_fail + + { + + cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource ArtifactoryScalingGroup + + exit 1 + + } + + function cfn_success + + { + + cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource ArtifactoryScalingGroup + + exit 0 + + } + + S3URI=${QsS3Uri} + + # yum install -y git + + echo $PATH + + PATH=/opt/aws/bin:$PATH + + echo $PATH + echo \'[Cloning: Load QuickStart Common Utils]\' + + # git clone https://github.com/aws-quickstart/quickstart-linux-utilities.git + + source /quickstart-linux-utilities/quickstart-cfn-tools.source + + echo \'[Loaded: Load QuickStart Common Utils]\' + + echo \'[Update Operating System]\' + + qs_update-os || qs_err + + qs_bootstrap_pip || qs_err + + qs_aws-cfn-bootstrap || qs_err + + source ~/venv/bin/activate &> /var/log/userdata.activate_venv.log || qs_err " activate venv failed " + + # CentOS cloned virtual machines do not create a new machine id + # https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/ + rm -f /etc/machine-id + systemd-machine-id-setup + + # mkdir ~/.artifactory_ansible + + # aws s3 --region ${AWS::Region} sync s3://${QsS3BucketName}/${QsS3KeyPrefix}cloudInstallerScripts/ ~/.artifactory_ansible/ + + cfn-init -v --stack ${AWS::StackName} --resource ArtifactoryLaunchConfiguration --configsets artifactory_install --region ${AWS::Region} || cfn_fail + + export ANSIBLE_VAULT_PASSWORD_FILE="/root/.vault_pass.txt" + + setsebool httpd_can_network_connect 1 -P + + ansible-playbook /root/.jfrog_ami/artifactory.yml || qs_err " ansible execution failed " + + rm -rf /root/.secureit.sh + + [ $(qs_status) == 0 ] && cfn_success || cfn_fail \ No newline at end of file diff --git a/Amazon/Marketplace/v7.10.2/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml b/Amazon/Marketplace/v7.10.2/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml new file mode 100644 index 0000000..4fb766b --- /dev/null +++ b/Amazon/Marketplace/v7.10.2/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml @@ -0,0 +1,457 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: 'JFrog Artifactory Quick Start Deployment (qs-1qpmmjh2f)' +Metadata: + QuickStartDocumentation: + EntrypointName: "Launch into a new VPC" + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: Security configuration + Parameters: + - KeyPairName + - AccessCidr + - RemoteAccessCidr + - Label: + default: Network configuration + Parameters: + - PrivateSubnet1Cidr + - PrivateSubnet2Cidr + - VpcId + - VpcCidr + - PublicSubnet1Id + - PublicSubnet2Id + - PrivateSubnet1Id + - PrivateSubnet2Id + - Label: + default: Amazon EC2 configuration + Parameters: + - VolumeSize + - InstanceType + - Label: + default: JFrog Artifactory configuration + Parameters: + - ArtifactoryVersion + - NumberOfSecondary + - SmLicenseCertName + - ArtifactoryServerName + - MasterKey + - ExtraJavaOptions + - DefaultJavaMemSettings + - KeystorePassword + - AnsibleVaultPass + - Label: + default: Amazon RDS configuration + Parameters: + - DatabaseName + - DatabaseEngine + - DatabaseUser + - DatabasePassword + - DatabaseInstance + - DatabaseAllocatedStorage + - MultiAzDatabase + - Label: + default: JFrog Xray Configuration + Parameters: + - InstallXray + - XrayVersion + - XrayNumberOfInstances + - XrayInstanceType + - XrayDatabaseUser + - XrayDatabasePassword + ParameterLabels: + KeyPairName: + default: SSH key name + PrivateSubnet1Cidr: + default: Private subnet 1 CIDR + PrivateSubnet2Cidr: + default: Private subnet 2 CIDR + AccessCidr: + default: Permitted IP range + RemoteAccessCidr: + default: Remote access CIDR + VpcId: + default: VPC ID + VpcCidr: + default: VPC CIDR + PublicSubnet1Id: + default: Public subnet 1 ID + PublicSubnet2Id: + default: Public subnet 2 ID + PrivateSubnet1Id: + default: Private subnet 1 ID + PrivateSubnet2Id: + default: Private subnet 2 ID + VolumeSize: + default: EBS root volume size + InstanceType: + default: EC2 instance type + NumberOfSecondary: + default: Secondary instances + ArtifactoryVersion: + default: Artifactory version + SmLicenseCertName: + default: Artifactory licenses and certificate secret name + ArtifactoryServerName: + default: Artifactory server name + MasterKey: + default: Master server key + ExtraJavaOptions: + default: Extra Java options + DefaultJavaMemSettings: + default: Default Java memory settings + KeystorePassword: + default: Java key store password + AnsibleVaultPass: + default: Ansible Vault password + DatabaseName: + default: Database name + DatabaseEngine: + default: Database engine + DatabaseUser: + default: Database user + DatabasePassword: + default: Database password + DatabaseInstance: + default: Database instance type + DatabaseAllocatedStorage: + default: Database allocated storage + MultiAzDatabase: + default: High-availability database + InstallXray: + default: Install JFrog Xray + XrayVersion: + default: Version of Xray to install + XrayNumberOfInstances: + default: Number of JFrog XrayNumberOfInstances + XrayInstanceType: + default: Xray instance type + XrayDatabaseUser: + default: Xray Database user + XrayDatabasePassword: + default: Xray Database password +Parameters: + VpcId: + Description: ID of your existing VPC (e.g., vpc-0343606e). + Type: "AWS::EC2::VPC::Id" + VpcCidr: + Description: CIDR block for the VPC. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/16 + Type: String + PublicSubnet1Id: + Description: ID of the public subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab). + Type: "AWS::EC2::Subnet::Id" + PublicSubnet2Id: + Description: ID of the public subnet in Availability Zone 2 of your existing VPC (e.g., subnet-a29c3d84). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet1Id: + Description: ID of the private subnet in Availability Zone 1 of your existing VPC (e.g., subnet-a0246dcd). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet2Id: + Description: ID of the private subnet in Availability Zone 2 of your existing VPC (e.g., subnet-b58c3d67). + Type: "AWS::EC2::Subnet::Id" + KeyPairName: + Description: Name of an existing key pair, + which allows you to connect securely to your instance after it launches. + This is the key pair you created in your preferred Region. + Type: AWS::EC2::KeyPair::KeyName + PrivateSubnet1Cidr: + Description: CIDR block for private subnet 1, located in Availability Zone 1. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/19 + Type: String + PrivateSubnet2Cidr: + Description: CIDR block for private subnet 2, located in Availability Zone 2. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.32.0/19 + Type: String + AccessCidr: + Description: CIDR IP range permitted to access Artifactory. + It is recommended that you set this value to a trusted IP range. + For example, you may want to limit software access to your corporate network. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Type: String + RemoteAccessCidr: + Description: Remote CIDR range that allows you to connect to the bastion instance by using SSH. + It is recommended that you set this value to a trusted IP range. + For example, you may want to grant specific ranges from within your corporate network that use the SSH protocol. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Type: String + VolumeSize: + Description: Size in gigabytes of available storage (min 10GB). The Quick Start creates an + Amazon Elastic Block Store (Amazon EBS) volumes of this size. + Default: 200 + Type: Number + InstanceType: + Description: EC2 type for the Artifactory instances. + AllowedValues: + - m5.large + - m5.xlarge + - m5.2xlarge + - m5.4xlarge + - m5.8xlarge + - m5.12xlarge + - m5.16xlarge + - m5.24xlarge + - m5.metal + - m5d.large + - m5d.xlarge + - m5d.2xlarge + - m5d.4xlarge + - m5d.8xlarge + - m5d.12xlarge + - m5d.16xlarge + - m5d.24xlarge + - m5d.metal + - m5a.large + - m5a.xlarge + - m5a.2xlarge + - m5a.4xlarge + - m5a.8xlarge + - m5a.12xlarge + - m5a.16xlarge + - m5a.24xlarge + ConstraintDescription: Must contain valid instance type. + Default: m5.xlarge + Type: String + NumberOfSecondary: + Description: Number of secondary Artifactory servers to complete your + HA deployment. To align with Artifactory best practices, the minimum number + is two, and the maximum is seven. Do not select more instances than you + have licenses for. + AllowedValues: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + Default: 2 + Type: Number + ArtifactoryVersion: + Description: Version of Artifactory that you want to deploy into the Quick Start. + To select the correct version, see the release notes at + https://www.jfrog.com/confluence/display/RTF/Release+Notes. + AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ + ConstraintDescription: A version that matches X.X.X per Artifactory releases. + Default: 7.10.2 + Type: String + SmLicenseCertName: + Description: Secret name created in AWS Secrets Manager that contains the SSL certificate, certificate key, and Artifactory licenses. + Default: '' + Type: String + ArtifactoryServerName: + Description: Name of your Artifactory server. Ensure that this matches your certificate. + Type: String + MasterKey: + Description: Master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'. + AllowedPattern: ^[a-zA-Z0-9]+$ + MinLength: '1' + MaxLength: '64' + ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters. + NoEcho: 'true' + Type: String + ExtraJavaOptions: + Description: Set Java options to pass to the JVM for Artifactory. For more information, see the Artifactory + system requirements at https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware. + Do not add Xms or Xmx settings without disabling DefaultJavaMemSettings. + Default: -Xss256k -XX:+UseG1GC + Type: String + DefaultJavaMemSettings: + Description: Choose false to overwrite the standard memory-calculation options to pass to the Artifactory JVM. + If you plan to overwrite them, ensure they are added to the ExtraJavaOptions to prevent the stack provision from failing. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + KeystorePassword: + Description: Java key store password. For better security, the password that you specify will + replace the default Java key store password. + NoEcho: 'true' + Type: String + AnsibleVaultPass: + Description: Ansible Vault password to protect the Artifactory YAML configuration file + generated during the Artifactory deployment. This YAML file is stored on the EC2 nodes + and secured with this password. + NoEcho: 'true' + Type: String + DatabaseName: + Description: Name of your database instance. The name must be unique across all instances + owned by your AWS account in the current Region. The database instance identifier is case-insensitive, + but it's stored in lowercase (as in "mydbinstance"). + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + MinLength: '1' + MaxLength: '60' + ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter. + Default: artdb + Type: String + DatabaseEngine: + Description: Database engine that you want to run. + AllowedValues: + - Postgres + Default: Postgres + Type: String + DatabaseUser: + Description: Login ID for the master user of your database instance. + MinLength: '1' + MaxLength: '16' + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + ConstraintDescription: 1 to 16 alphanumeric characters. The first character must be a letter. + Default: artifactory + Type: String + DatabasePassword: + Description: Password for the Artifactory database user. + AllowedPattern: ^[^ \\']+$ + MinLength: '8' + MaxLength: '12' + ConstraintDescription: Must be at least 8 and no more than + 12 characters containing letters and (minimum 1 capital letter), numbers and + symbols. + NoEcho: 'true' + Type: String + DatabaseInstance: + Description: Size of the database to be deployed as part of the Quick Start. + AllowedValues: + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.10xlarge + - db.m5.16xlarge + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.4xlarge + - db.m5.12xlarge + - db.m5.24xlarge + ConstraintDescription: Must be a valid database Instance Type. + Default: db.m5.large + Type: String + DatabaseAllocatedStorage: + Description: Size in gigabytes of available storage for the database instance. + MinValue: 5 + MaxValue: 1024 + Default: 10 + Type: Number + MultiAzDatabase: + Description: Choose false to create an Amazon RDS instance in a single Availability Zone. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + InstallXray: + Description: Choose true to install JFrog Xray instance(s). + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + XrayVersion: + Description: The version of Xray that you want to deploy into the Quick Start. + AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ + ConstraintDescription: A version that matches X.X.X per Xray releases. + Default: 3.10.3 + Type: String + XrayNumberOfInstances: + Description: The number of Xray instances servers to complete your + HA deployment. The minimum number is one; the maximum is seven. + Do not select more than instances than you have licenses for. + MinValue: 1 + MaxValue: 7 + Default: 1 + Type: Number + XrayInstanceType: + Description: The EC2 instance type for the Xray instances. + AllowedValues: + - c5.2xlarge + - c5.4xlarge + ConstraintDescription: Must contain valid instance type. + Default: c5.2xlarge + Type: String + XrayDatabaseUser: + Description: The login ID for the Xray database user. + MinLength: '1' + MaxLength: '16' + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter. + Default: xray + Type: String + XrayDatabasePassword: + Description: The password for the Xray database user. + AllowedPattern: ^[^ \\']+$ + MinLength: '8' + MaxLength: '12' + ConstraintDescription: Must be at least 8 and no more than + 12 characters containing letters and (minimum 1 capital letter), numbers and + symbols. + NoEcho: 'true' + Type: String +Resources: + ArtifactoryExistingVpcStack: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub https://jfrog-aws-test.s3.us-east-1.${AWS::URLSuffix}/artifactory7/v9/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml + # TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-ec2-existing-vpc.template.yaml + Parameters: + KeyPairName: !Ref KeyPairName + VpcId: !Ref VpcId + VpcCidr: !Ref VpcCidr + PublicSubnet1Id: !Ref PublicSubnet1Id + PublicSubnet2Id: !Ref PublicSubnet2Id + PrivateSubnet1Id: !Ref PrivateSubnet1Id + PrivateSubnet2Id: !Ref PrivateSubnet2Id + PrivateSubnet1Cidr: !Ref PrivateSubnet1Cidr + PrivateSubnet2Cidr: !Ref PrivateSubnet2Cidr + AccessCidr: !Ref AccessCidr + RemoteAccessCidr: !Ref RemoteAccessCidr + ProvisionBastionHost: "Disabled" + BastionInstanceType: "t3.micro" + BastionRootVolumeSize: 10 + BastionEnableTcpForwarding: "true" + BastionEnableX11Forwarding: "false" + BastionOs: "Amazon-Linux2-HVM" + NumBastionHosts: "1" + VolumeSize: !Ref VolumeSize + InstanceType: !Ref InstanceType + NumberOfSecondary: !Ref NumberOfSecondary + ArtifactoryProduct: "JFrog-Artifactory-Pro" + ArtifactoryVersion: !Ref ArtifactoryVersion + SmLicenseCertName: !Ref SmLicenseCertName + ArtifactoryServerName: !Ref ArtifactoryServerName + MasterKey: !Ref MasterKey + ExtraJavaOptions: !Ref ExtraJavaOptions + DefaultJavaMemSettings: !Ref DefaultJavaMemSettings + KeystorePassword: !Ref KeystorePassword + AnsibleVaultPass: !Ref AnsibleVaultPass + DatabaseName: !Ref DatabaseName + DatabaseEngine: !Ref DatabaseEngine + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + DatabaseInstance: !Ref DatabaseInstance + DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage + MultiAzDatabase: !Ref MultiAzDatabase + QsS3BucketName: "jfrog-aws-test" + QsS3KeyPrefix: "artifactory7/v9/" + QsS3BucketRegion: "us-east-1" + InstallXray: !Ref InstallXray + XrayVersion: !Ref XrayVersion + XrayNumberOfInstances: !Ref XrayNumberOfInstances + XrayInstanceType: !Ref XrayInstanceType + XrayDatabaseUser: !Ref XrayDatabaseUser + XrayDatabasePassword: !Ref XrayDatabasePassword +Outputs: + ArtifactoryUrl: + Description: URL of the ELB to access Artifactory + Value: !Sub ${ArtifactoryExistingVpcStack.Outputs.ArtifactoryUrl} + BastionIp: + Value: !Sub ${ArtifactoryExistingVpcStack.Outputs.BastionIp} + Description: Bastion host IP, for admin access via SSH diff --git a/Amazon/Marketplace/v7.10.2/templates/jfrog-xray-ec2-instance.template.yaml b/Amazon/Marketplace/v7.10.2/templates/jfrog-xray-ec2-instance.template.yaml new file mode 100644 index 0000000..c6752c3 --- /dev/null +++ b/Amazon/Marketplace/v7.10.2/templates/jfrog-xray-ec2-instance.template.yaml @@ -0,0 +1,274 @@ +AWSTemplateFormatVersion: "2010-09-09" +Description: "Deploys the EC2 Autoscaling, LaunchConfig and Instance for Xray" +Parameters: + PrivateSubnet1Id: + Type: 'AWS::EC2::Subnet::Id' + PrivateSubnet2Id: + Type: 'AWS::EC2::Subnet::Id' + KeyPairName: + Type: AWS::EC2::KeyPair::KeyName + MinScalingNodes: + Type: Number + MaxScalingNodes: + Type: Number + DeploymentTag: + Type: String + QsS3BucketName: + Type: String + QsS3KeyPrefix: + Type: String + QsS3Uri: + Type: String + DatabaseDriver: + Type: String + DatabaseType: + Type: String + DatabaseUser: + Type: String + DatabasePassword: + Type: String + NoEcho: 'true' + MasterKey: + Type: String + NoEcho: 'true' + SecurityGroups: + Type: String + VolumeSize: + Type: Number + XrayHostProfile: + Type: String + XrayHostRole: + Type: String + XrayInstanceType: + Type: String + JfrogInternalUrl: + Type: String + AnsibleVaultPass: + Description: Ansiblevault Password to secure the artifactory.yml + Type: String + NoEcho: 'true' + XrayDatabaseUser: + Type: String + XrayDatabasePassword: + Type: String + NoEcho: 'true' + XrayMasterDatabaseUrl: + Type: String + XrayDatabaseUrl: + Type: String + XrayFirstNode: + Description: Runs database scripts if this is the first node + Type: String + XrayVersion: + Type: String + XrayAmiId: + Type: String +# To populate additional mappings use the following with the desired --region +# aws --region us-west-2 ec2 describe-images --owners amazon --filters 'Name=name,Values=amzn-ami-hvm-2018.03.0.20181129-x86_64-gp2' 'Name=state,Values=available' --output json | jq -r '.Images | sort_by(.CreationDate) | last(.[]).ImageId' +Mappings: + AWSAMIRegionMap: + ap-northeast-1: + "330": ami-09dfb20a591375d09 # TODO: Get correct ami - provided by market place tem + "361": ami-09dfb20a591375d09 # TODO: Get correct ami - provided by market place tem + ap-northeast-2: + "330": ami-0eb86b82de93a34fb # TODO: Get correct ami - provided by market place tem + "361": ami-0eb86b82de93a34fb # TODO: Get correct ami - provided by market place tem + ap-south-1: + "330": ami-01b828aa6cc99a322 # TODO: Get correct ami - provided by market place tem + "361": ami-01b828aa6cc99a322 # TODO: Get correct ami - provided by market place tem + ap-southeast-1: + "330": ami-04a94cc4dc0d08c98 # TODO: Get correct ami - provided by market place tem + "361": ami-04a94cc4dc0d08c98 # TODO: Get correct ami - provided by market place tem + ap-southeast-2: + "330": ami-030871aa8d1f0689e # TODO: Get correct ami - provided by market place tem + "361": ami-030871aa8d1f0689e # TODO: Get correct ami - provided by market place tem + ca-central-1: + "330": ami-0148cebea7bea4aaf # TODO: Get correct ami - provided by market place tem + "361": ami-0148cebea7bea4aaf # TODO: Get correct ami - provided by market place tem + eu-central-1: + "330": ami-07961f7c210143a42 # TODO: Get correct ami - provided by market place tem + "361": ami-07961f7c210143a42 # TODO: Get correct ami - provided by market place tem + eu-west-1: + "330": ami-0171b8d46941b4ca1 # TODO: Get correct ami - provided by market place tem + "361": ami-0171b8d46941b4ca1 # TODO: Get correct ami - provided by market place tem + sa-east-1: + "330": ami-0596f196b273bb8a6 # TODO: Get correct ami - provided by market place tem + "361": ami-0596f196b273bb8a6 # TODO: Get correct ami - provided by market place tem + us-east-1: + "330": ami-0d4d4252cdc2b6f11 # TODO: Get correct ami - provided by market place tem + "361": ami-086fcbf4aa2bd203f # TODO: Get correct ami - provided by market place tem + "386": ami-0becff949aa530956 # partnership account + seller account + "3103": ami-0e19b1335bc3654c3 # seller account (shared with partnership account) + us-east-2: + "330": ami-00a5fcde44618d39b # TODO: Get correct ami - using ami generated by myself - provided by market place tem + "361": ami-005b2ceceac6999ff # TODO: Get correct ami - using ami generated by myself - provided by market place tem + us-west-1: + "330": ami-068cd684b4d3a3a86 # TODO: Get correct ami - provided by market place tem + "361": ami-068cd684b4d3a3a86 # TODO: Get correct ami - provided by market place tem + us-west-2: + "330": ami-03d60da4c8a146a55 # TODO: Get correct ami - provided by market place tem + "361": ami-03d60da4c8a146a55 # TODO: Get correct ami - provided by market place tem + "386": ami-07af1682f09ef4a20 # partnership account + seller account + us-gov-east-1: + "361": ami-001d5cec1e7399f65 # TODO: Get correct ami - provided by market place tem + "3103": ami-08d1d573a758ba6b2 + us-gov-west-1: + "361": ami-0eb4eecce8d5bcb80 # TODO: Get correct ami - provided by market place tem + +Resources: + XrayScalingGroup: + Type: 'AWS::AutoScaling::AutoScalingGroup' + Properties: + LaunchConfigurationName: !Ref XrayLaunchConfiguration + VPCZoneIdentifier: + - !Ref PrivateSubnet1Id + - !Ref PrivateSubnet2Id + MinSize: !Ref MinScalingNodes + MaxSize: !Ref MaxScalingNodes + Cooldown: '300' + DesiredCapacity: !Ref MinScalingNodes + HealthCheckType: EC2 + HealthCheckGracePeriod: 900 + Tags: + - Key: Name + Value: !Ref DeploymentTag + PropagateAtLaunch: true + CreationPolicy: + ResourceSignal: + Count: 1 + Timeout: PT60M + XrayLaunchConfiguration: + Type: 'AWS::AutoScaling::LaunchConfiguration' + Metadata: + 'AWS::CloudFormation::Authentication': + S3AccessCreds: + type: S3 + roleName: + - !Ref XrayHostRole + buckets: + - !Ref QsS3BucketName + 'AWS::CloudFormation::Init': + configSets: + xray_install: + - "config-xray" + config-xray: + files: + /root/.xray_ami/xray.yml: + content: !Sub + - | + # Base install for Xray + - import_playbook: site-xray.yml + vars: + jfrog_url: ${JfrogInternalUrl} + master_key: ${MasterKey} + join_key: ${MasterKey} + db_type: ${DatabaseType} + db_driver: ${DatabaseDriver} + db_url: postgres://${XrayDatabaseUrl} + db_user: ${XrayDatabaseUser} + db_password: ${XrayDatabasePassword} + xray_version: ${XrayVersion} + - { + product: Xray + } + mode: "0400" + /root/.vault_pass.txt: + content: !Sub | + ${AnsibleVaultPass} + mode: "0400" + Properties: + AssociatePublicIpAddress: false + KeyName: !Ref KeyPairName + IamInstanceProfile: !Ref XrayHostProfile + ImageId: !FindInMap + - AWSAMIRegionMap + - !Ref 'AWS::Region' + - !Ref XrayAmiId + SecurityGroups: + - !Ref SecurityGroups + InstanceType: !Ref XrayInstanceType + BlockDeviceMappings: + - DeviceName: /dev/xvda + Ebs: + VolumeSize: !Ref VolumeSize + VolumeType: gp2 + DeleteOnTermination: true + UserData: + 'Fn::Base64': + !Sub | + #!/bin/bash -x + exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 + + #CFN Functions + + function cfn_fail + + { + + cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource XrayScalingGroup + + exit 1 + + } + + function cfn_success + + { + + cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource XrayScalingGroup + + exit 0 + + } + + S3URI=${QsS3Uri} + + # yum install -y git + + echo $PATH + + PATH=/opt/aws/bin:$PATH + + echo $PATH + echo \'[Cloning: Load QuickStart Common Utils]\' + + # git clone https://github.com/aws-quickstart/quickstart-linux-utilities.git + + source /quickstart-linux-utilities/quickstart-cfn-tools.source + + echo \'[Loaded: Load QuickStart Common Utils]\' + + echo \'[Update Operating System]\' + + qs_update-os || qs_err + + qs_bootstrap_pip || qs_err + + qs_aws-cfn-bootstrap || qs_err + + source ~/venv/bin/activate &> /var/log/userdata.activate_venv.log || qs_err " activate venv failed " + + # mkdir ~/.xray_ansible + + # aws s3 --region ${AWS::Region} sync s3://${QsS3BucketName}/${QsS3KeyPrefix}cloudInstallerScripts/ ~/.xray_ansible/ + + cfn-init -v --stack ${AWS::StackName} --resource XrayLaunchConfiguration --configsets xray_install --region ${AWS::Region} || cfn_fail + + # CentOS cloned virtual machines do not create a new machine id + # https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/ + rm -f /etc/machine-id + systemd-machine-id-setup + + if "true" == "${XrayFirstNode}" + then + psql postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} -c "CREATE USER ${XrayDatabaseUser} WITH PASSWORD '${XrayDatabasePassword}'" &>> /var/log/userdata.xray_database.log; + psql postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} -c "grant ${XrayDatabaseUser} to ${DatabaseUser}" &>> /var/log/userdata.xray_database.log; + psql postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} -c "CREATE DATABASE xraydb WITH OWNER=${XrayDatabaseUser} ENCODING='UTF8'" &>> /var/log/userdata.xray_database.log; + psql postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} -c "GRANT ALL PRIVILEGES ON DATABASE xraydb TO ${XrayDatabaseUser}" &>> /var/log/userdata.xray_database.log; + fi + + ansible-playbook /root/.xray_ami/xray.yml || qs_err " ansible execution failed " + + $(qs_status) &> /var/log/qs_status.log + cfn_success &> /var/log/cfn_success.log + [ $(qs_status) == 0 ] && cfn_success || cfn_fail \ No newline at end of file From 36762c78489ded7299fa802702d00425184ebe2b Mon Sep 17 00:00:00 2001 From: Ram <1331672+chukka@users.noreply.github.com> Date: Tue, 17 Nov 2020 12:27:41 +0530 Subject: [PATCH 4/9] OS support and templates for PR/Issues (#63) * OS support * Create ISSUE_TEMPLATE.md * Create PULL_REQUEST_TEMPLATE.md --- .github/ISSUE_TEMPLATE.md | 41 ++++++++++++++++++++++++++++++++ .github/PULL_REQUEST_TEMPLATE.md | 31 ++++++++++++++++++++++++ Ansible/README.md | 5 ++++ 3 files changed, 77 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE.md create mode 100644 .github/PULL_REQUEST_TEMPLATE.md diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md new file mode 100644 index 0000000..d1a62a9 --- /dev/null +++ b/.github/ISSUE_TEMPLATE.md @@ -0,0 +1,41 @@ + + +**Is this a request for help?**: + +--- + +**Is this a BUG REPORT or FEATURE REQUEST?** (choose one): + + + + +**Which installer**: + + +**Which product and version**: + + +**What happened**: + + +**What you expected to happen**: + + +**How to reproduce it** (as minimally and precisely as possible): + + +**Anything else we need to know**: diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..29c9522 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,31 @@ +#### PR Checklist +[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.] +- [ ] Title of the PR starts with installer/product name (e.g. `[ansible/artifactory]`) +- [ ] CHANGELOG.md updated +- [ ] Variables and other changes are documented in the README.md + + + +**What this PR does / why we need it**: + + +**Which issue this PR fixes** *(optional, in `fixes #(, fixes #, ...)` format, will close that issue when PR gets merged)*: fixes # + + +**Special notes for your reviewer**: + diff --git a/Ansible/README.md b/Ansible/README.md index aaaf08d..d60a876 100644 --- a/Ansible/README.md +++ b/Ansible/README.md @@ -10,6 +10,7 @@ This Ansible directory consists of the following directories that support the JF ## Tested Artifactory and Xray Versions The following versions of Artifactory and Xray have been validated with this collection. Other versions and combinations may also work. + | collection_version | artifactory_version | xray_version | |--------------------|---------------------|--------------| | 1.1.2 | 7.10.2 | 3.10.3 | @@ -117,3 +118,7 @@ The Artifactory and Xray roles support software updates. To use a role to perfor ``` ansible-galaxy collection build ``` + +## OS support +* Current ansible collection only supports ubuntu and its flavours +* Centos/RHEL and SELinux support is coming soon, stay tuned :) From ddaa30af90527a31361bc681eeb050b81f0febd8 Mon Sep 17 00:00:00 2001 From: Jeff Fry Date: Thu, 19 Nov 2020 08:10:42 -0800 Subject: [PATCH 5/9] [ansible] Example hosts file to be explicit about pulling passwords,keys from env vars (#65) * Updated example hosts file to be explicit about pulling passwords,keys from env vars. * Updated changelog. * Update CHANGELOG.md Co-authored-by: Ram <1331672+chukka@users.noreply.github.com> --- Ansible/examples/host_vars/rt-ha/hosts.yml | 6 +++--- Ansible/examples/host_vars/rt-xray-ha/hosts.yml | 10 +++++----- Ansible/examples/host_vars/rt-xray/hosts.yml | 10 +++++----- Ansible/examples/host_vars/ssl/hosts.yml | 6 +++--- Ansible/examples/host_vars/xray/hosts.yml | 2 +- 5 files changed, 17 insertions(+), 17 deletions(-) diff --git a/Ansible/examples/host_vars/rt-ha/hosts.yml b/Ansible/examples/host_vars/rt-ha/hosts.yml index 66a6be5..5a702ac 100644 --- a/Ansible/examples/host_vars/rt-ha/hosts.yml +++ b/Ansible/examples/host_vars/rt-ha/hosts.yml @@ -2,14 +2,14 @@ all: vars: ansible_user: "ubuntu" - ansible_ssh_private_key_file: "/Users/jefff/.ssh/ansible-priv.pem" + ansible_ssh_private_key_file: "{{ lookup('env', 'ansible_key') }}" children: database: hosts: #artifactory database 52.86.32.79: db_users: - - { db_user: "artifactory", db_password: "Art1fAct0ry" } + - { db_user: "artifactory", db_password: "{{ lookup('env', 'artifactory_password') }}" } dbs: - { db_name: "artifactory", db_owner: "artifactory" } artifactory: @@ -23,7 +23,7 @@ all: db_driver: "org.postgresql.Driver" db_url: "jdbc:postgresql://10.0.0.160:5432/artifactory" db_user: "artifactory" - db_password: "Art1fAct0ry" + db_password: "{{ lookup('env', 'artifactory_password') }}" server_name: "ec2-100-25-104-198.compute-1.amazonaws.com" certificate: | -----BEGIN CERTIFICATE----- diff --git a/Ansible/examples/host_vars/rt-xray-ha/hosts.yml b/Ansible/examples/host_vars/rt-xray-ha/hosts.yml index 796305c..cbb3ef7 100644 --- a/Ansible/examples/host_vars/rt-xray-ha/hosts.yml +++ b/Ansible/examples/host_vars/rt-xray-ha/hosts.yml @@ -2,7 +2,7 @@ all: vars: ansible_user: "ubuntu" - ansible_ssh_private_key_file: "/Users/jefff/.ssh/ansible-priv.pem" + ansible_ssh_private_key_file: "{{ lookup('env', 'ansible_key') }}" children: database: hosts: @@ -11,13 +11,13 @@ all: dbs: - { db_name: "artifactory", db_owner: "artifactory" } db_users: - - { db_user: "artifactory", db_password: "Art1fAct0ry" } + - { db_user: "artifactory", db_password: "{{ lookup('env', 'artifactory_password') }}" } #xray database 100.25.152.93: dbs: - { db_name: "xraydb", db_owner: "xray" } db_users: - - { db_user: "xray", db_password: "xray" } + - { db_user: "xray", db_password: "{{ lookup('env', 'xray_password') }}" } artifactory: vars: artifactory_version: 7.4.1 @@ -29,7 +29,7 @@ all: db_driver: "org.postgresql.Driver" db_url: "jdbc:postgresql://10.0.0.51:5432/artifactory" db_user: "artifactory" - db_password: "Art1fAct0ry" + db_password: "{{ lookup('env', 'artifactory_password') }}" server_name: "ec2-18-210-33-94.compute-1.amazonaws.com" children: primary: @@ -51,7 +51,7 @@ all: db_driver: "org.postgresql.Driver" db_url: "postgres://10.0.0.5:5432/xraydb?sslmode=disable" db_user: "xray" - db_password: "xray" + db_password: "{{ lookup('env', 'xray_password') }}" hosts: # 34.229.56.166: 54.237.68.180 diff --git a/Ansible/examples/host_vars/rt-xray/hosts.yml b/Ansible/examples/host_vars/rt-xray/hosts.yml index 3fac82c..8a844a5 100644 --- a/Ansible/examples/host_vars/rt-xray/hosts.yml +++ b/Ansible/examples/host_vars/rt-xray/hosts.yml @@ -2,7 +2,7 @@ all: vars: ansible_user: "ubuntu" - ansible_ssh_private_key_file: "/Users/jefff/.ssh/ansible-priv.pem" + ansible_ssh_private_key_file: "{{ lookup('env', 'ansible_key') }}" children: database: hosts: @@ -11,8 +11,8 @@ all: - { db_name: "artifactory", db_owner: "artifactory" } - { db_name: "xraydb", db_owner: "xray" } db_users: - - { db_user: "artifactory", db_password: "Art1fAct0ry" } - - { db_user: "xray", db_password: "xray" } + - { db_user: "artifactory", db_password: "{{ lookup('env', 'artifactory_password') }}" } + - { db_user: "xray", db_password: "{{ lookup('env', 'xray_password') }}" } artifactory: hosts: 54.237.207.135: @@ -29,7 +29,7 @@ all: db_driver: "org.postgresql.Driver" db_url: "jdbc:postgresql://10.0.0.59:5432/artifactory" db_user: "artifactory" - db_password: "Art1fAct0ry" + db_password: "{{ lookup('env', 'artifactory_password') }}" server_name: "ec2-54-237-207-135.compute-1.amazonaws.com" xray: hosts: @@ -42,4 +42,4 @@ all: db_driver: "org.postgresql.Driver" db_url: "postgres://10.0.0.59:5432/xraydb?sslmode=disable" db_user: "xray" - db_password: "xray" + db_password: "{{ lookup('env', 'xray_password') }}" diff --git a/Ansible/examples/host_vars/ssl/hosts.yml b/Ansible/examples/host_vars/ssl/hosts.yml index c51aa1b..eaf20e1 100644 --- a/Ansible/examples/host_vars/ssl/hosts.yml +++ b/Ansible/examples/host_vars/ssl/hosts.yml @@ -2,13 +2,13 @@ all: vars: ansible_user: "ubuntu" - ansible_ssh_private_key_file: "/Users/jefff/.ssh/ansible-priv.pem" + ansible_ssh_private_key_file: "{{ lookup('env', 'ansible_key') }}" children: database: hosts: 52.86.32.79: db_users: - - { db_user: "artifactory", db_password: "Art1fAct0ry" } + - { db_user: "artifactory", db_password: "{{ lookup('env', 'artifactory_password') }}" } dbs: - { db_name: "artifactory", db_owner: "artifactory" } primary: @@ -28,7 +28,7 @@ all: db_driver: "org.postgresql.Driver" db_url: "jdbc:postgresql://10.0.0.160:5432/artifactory" db_user: "artifactory" - db_password: "Art1fAct0ry" + db_password: "{{ lookup('env', 'artifactory_password') }}" server_name: "ec2-100-25-104-198.compute-1.amazonaws.com" certificate: | -----BEGIN CERTIFICATE----- diff --git a/Ansible/examples/host_vars/xray/hosts.yml b/Ansible/examples/host_vars/xray/hosts.yml index a4acffc..e48a9fd 100644 --- a/Ansible/examples/host_vars/xray/hosts.yml +++ b/Ansible/examples/host_vars/xray/hosts.yml @@ -13,6 +13,6 @@ all: db_driver: "org.postgresql.Driver" db_url: "postgres://10.0.0.5:5432/xraydb?sslmode=disable" db_user: "xray" - db_password: "xray" + db_password: "{{ lookup('env', 'xray_password') }}" hosts: 3.17.132.222 From 04514127727fd5f6843ea0ce428da6169e8bfa96 Mon Sep 17 00:00:00 2001 From: Vinay Aggarwal Date: Fri, 20 Nov 2020 15:04:58 -0800 Subject: [PATCH 6/9] Checking in code for rt 7.10.6 version --- ...ifactory-core-infrastructure.template.yaml | 378 ++++++ ...artifactory-ec2-existing-vpc.template.yaml | 1024 +++++++++++++++++ ...rog-artifactory-ec2-instance.template.yaml | 417 +++++++ ...ctory-ec2-marketplace-master.template.yaml | 457 ++++++++ .../jfrog-xray-ec2-instance.template.yaml | 283 +++++ 5 files changed, 2559 insertions(+) create mode 100644 Amazon/Marketplace/v7106/templates/jfrog-artifactory-core-infrastructure.template.yaml create mode 100644 Amazon/Marketplace/v7106/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml create mode 100644 Amazon/Marketplace/v7106/templates/jfrog-artifactory-ec2-instance.template.yaml create mode 100644 Amazon/Marketplace/v7106/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml create mode 100644 Amazon/Marketplace/v7106/templates/jfrog-xray-ec2-instance.template.yaml diff --git a/Amazon/Marketplace/v7106/templates/jfrog-artifactory-core-infrastructure.template.yaml b/Amazon/Marketplace/v7106/templates/jfrog-artifactory-core-infrastructure.template.yaml new file mode 100644 index 0000000..2362bba --- /dev/null +++ b/Amazon/Marketplace/v7106/templates/jfrog-artifactory-core-infrastructure.template.yaml @@ -0,0 +1,378 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: 'JFrog Artifactory Quick Start Deployment (qs-1qpmmjh61)' +Parameters: + VpcId: + Type: AWS::EC2::VPC::Id + VpcCidr: + Description: CIDR block for the VPC + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/16 + Type: String + PrivateSubnet1Cidr: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/19 + Type: String + PrivateSubnet2Cidr: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.32.0/19 + Type: String + PrivateSubnet3Cidr: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.64.0/19 + Type: String + SubnetIds: + Type: List + DatabaseAllocatedStorage: + Type: Number + MultiAzDatabase: + Type: String + DatabaseEngine: + Type: String + DatabaseUser: + Type: String + DatabasePassword: + NoEcho: 'true' + Type: String + DatabaseInstance: + Type: String + DatabaseName: + Type: String + ArtifactoryS3IAMUser: + NoEcho: 'true' + Type: String + ArtifactoryProduct: + Default: JFrog-Artifactory-Pro + Type: String + ReleaseStage: + Default: GA + Type: String + InstanceType: + Default: m5.xlarge + Type: String + +Mappings: + DatabaseMap: + Postgres: + Name: postgresql + DatabaseVersion: 11.5 + Driver: "org.postgresql.Driver" + Plugin: postgresql-42.2.9.jar + PluginURL: https://jdbc.postgresql.org/download/ + port: "5432" + extraDatabaseOps: "" + ReleaseStageMap: + BETA: + ProDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/artifactory-pro" + JcrDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/artifactory-jcr" + NginxDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/nginx-artifactory-pro" + GA: + ProDockerRepo: "docker.bintray.io/jfrog/artifactory-pro" + JcrDockerRepo: "docker.bintray.io/jfrog/artifactory-jcr" + NginxDockerRepo: "docker.bintray.io/jfrog/nginx-artifactory-pro" + ProductMap: + JFrog-Container-Registry: + RepoName: JcrDockerRepo + JFrog-Artifactory-Pro: + RepoName: ProDockerRepo + JavaOptionstoInstance: + m5.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5.8xlarge: + Min: 64 + Max: 96 + DeploymentSize: Large + m5.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5.16xlarge: + Min: 128 + Max: 192 + DeploymentSize: xxLarge + m5.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5.metal: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5d.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5d.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5d.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5d.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5d.8xlarge: + Min: 64 + Max: 96 + DeploymentSize: Large + m5d.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5d.16xlarge: + Min: 128 + Max: 192 + DeploymentSize: xxLarge + m5d.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5d.metal: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5a.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5a.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5a.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5a.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5a.8xlarge: + Min: 64 + Max: 96 + DeploymentSize: Large + m5a.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5a.16xlarge: + Min: 128 + Max: 192 + DeploymentSize: xxLarge + m5a.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5ad.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5ad.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5ad.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5ad.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5ad.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5ad.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge +Resources: + ArtifactoryDatabaseSubnetGroup: + Type: AWS::RDS::DBSubnetGroup + Properties: + DBSubnetGroupDescription: Private Subnets available to the RDS Instance(s) + SubnetIds: !Ref SubnetIds + ArtifactoryDatabase: + Type: AWS::RDS::DBInstance + Properties: + AllocatedStorage: !Ref DatabaseAllocatedStorage + MultiAZ: !Ref MultiAzDatabase + Engine: !Ref DatabaseEngine + EngineVersion: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - DatabaseVersion + MasterUsername: !Ref DatabaseUser + MasterUserPassword: !Ref DatabasePassword + DBInstanceClass: !Ref DatabaseInstance + DBName: !Ref DatabaseName + DBSubnetGroupName: !Ref ArtifactoryDatabaseSubnetGroup + VPCSecurityGroups: + - !Ref ArtifactoryDatabaseSG + ArtifactoryDatabaseSG: + Type: AWS::EC2::SecurityGroup + Properties: + Tags: + - Key: Name + Value: artifactory-rds-sg + GroupDescription: SG for RDS Instance to allow communication from the Bastion and Artifactory servers. + VpcId: !Ref VpcId + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + ToPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + CidrIp: !Ref PrivateSubnet1Cidr + - IpProtocol: tcp + FromPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + ToPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + CidrIp: !Ref PrivateSubnet2Cidr + - IpProtocol: tcp + FromPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + ToPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + CidrIp: !Ref PrivateSubnet3Cidr + SecurityGroupEgress: + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 80 + ToPort: 80 + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 443 + ToPort: 443 + CidrIp: 0.0.0.0/0 + ArtifactoryS3Bucket: + Type: AWS::S3::Bucket + Properties: + AccessControl: Private + BucketEncryption: + ServerSideEncryptionConfiguration: + - ServerSideEncryptionByDefault: + SSEAlgorithm: AES256 + ArtifactoryS3IAMPolicy: + Type: AWS::IAM::Policy + Properties: + PolicyName: S3BucketPermissions + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: S3BucketPermissions + Effect: Allow + Action: + - s3:* + Resource: + - Fn::Join: + - '' + - - !Sub "arn:${AWS::Partition}:s3:::" + - !Ref ArtifactoryS3Bucket + - Fn::Join: + - '' + - - !Sub "arn:${AWS::Partition}:s3:::" + - !Ref ArtifactoryS3Bucket + - "/*" + Users: + - !Ref ArtifactoryS3IAMUser +Outputs: + S3Bucket: + Value: !Ref ArtifactoryS3Bucket + Description: Actual S3 bucket created for Artifactory + DatabaseDriver: + Value: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Driver] + DatabasePlugin: + Value: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Plugin] + DatabasePluginUrl: + Value: !Sub + - "${MainURL}${PluginVersion}" + - { + MainURL: !FindInMap [DatabaseMap, !Ref DatabaseEngine, PluginURL], + PluginVersion: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Plugin] + } + DatabaseType: + Value: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Name] + DatabaseUrl: + Value: !Sub + - "jdbc:${DatabaseType}://${ArtifactoryDatabaseEndpointAddress}:${port}/${DatabaseName}${extraDatabaseOps}" + - { + DatabaseType: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Name], + ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address, + port: !FindInMap [DatabaseMap, !Ref DatabaseEngine, port], + extraDatabaseOps: !FindInMap [DatabaseMap, !Ref DatabaseEngine, extraDatabaseOps], + } + XrayMasterDatabaseUrl: + Value: !Sub + - "${ArtifactoryDatabaseEndpointAddress}:${port}/${DatabaseName}?sslmode=disable" + - { + ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address, + port: !FindInMap [DatabaseMap, !Ref DatabaseEngine, port], + } + XrayDatabaseUrl: + Value: !Sub + - "${ArtifactoryDatabaseEndpointAddress}:${port}/xraydb?sslmode=disable" + - { + ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address, + port: !FindInMap [DatabaseMap, !Ref DatabaseEngine, port], + } + ProDockerRepo: + Value: !FindInMap + - ReleaseStageMap + - !Ref ReleaseStage + - !FindInMap + - ProductMap + - !Ref ArtifactoryProduct + - RepoName + NginxDockerRepo: + Value: !FindInMap [ReleaseStageMap, !Ref ReleaseStage, NginxDockerRepo] + JavaOpts: + Value: !Sub + - "-Xms${min}g -Xmx${max}g" + - { + min: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, Min], + max: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, Max] + } + DeploymentSize: + Value: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, DeploymentSize] diff --git a/Amazon/Marketplace/v7106/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml b/Amazon/Marketplace/v7106/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml new file mode 100644 index 0000000..f0cbd43 --- /dev/null +++ b/Amazon/Marketplace/v7106/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml @@ -0,0 +1,1024 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: 'JFrog Artifactory Quick Start Deployment into an Existing VPC (qs-1q037efj0)' +Metadata: + QuickStartDocumentation: + EntrypointName: "Launch into an existing VPC" + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: Security configuration + Parameters: + - KeyPairName + - AccessCidr + - RemoteAccessCidr + - Label: + default: Network configuration + Parameters: + - VpcId + - VpcCidr + - PublicSubnet1Id + - PublicSubnet2Id + - PrivateSubnet1Id + - PrivateSubnet2Id + - PrivateSubnet1Cidr + - PrivateSubnet2Cidr + - ELBScheme + - Label: + default: Bastion configuration + Parameters: + - ProvisionBastionHost + - BastionInstanceType + - BastionOs + - BastionRootVolumeSize + - BastionEnableTcpForwarding + - NumBastionHosts + - BastionEnableX11Forwarding + - Label: + default: Amazon EC2 configuration + Parameters: + - VolumeSize + - InstanceType + - Label: + default: JFrog Artifactory configuration + Parameters: + - ArtifactoryProduct + - ArtifactoryVersion + - NumberOfSecondary + - SmLicenseCertName + - ArtifactoryServerName + - MasterKey + - ExtraJavaOptions + - DefaultJavaMemSettings + - KeystorePassword + - AnsibleVaultPass + - Label: + default: Amazon RDS configuration + Parameters: + - DatabaseName + - DatabaseEngine + - DatabaseUser + - DatabasePassword + - DatabaseInstance + - DatabaseAllocatedStorage + - MultiAzDatabase + - Label: + default: AWS Quick Start configuration + Parameters: + - QsS3BucketName + - QsS3KeyPrefix + - QsS3BucketRegion + - Label: + default: JFrog Xray Configuration + Parameters: + - InstallXray + - XrayVersion + - XrayNumberOfInstances + - XrayInstanceType + - XrayDatabaseUser + - XrayDatabasePassword + ParameterLabels: + KeyPairName: + default: SSH key name + VpcId: + default: VPC ID + VpcCidr: + default: VPC CIDR + PublicSubnet1Id: + default: Public subnet 1 ID + PublicSubnet2Id: + default: Public subnet 2 ID + PrivateSubnet1Id: + default: Private subnet 1 ID + PrivateSubnet2Id: + default: Private subnet 2 ID + PrivateSubnet1Cidr: + default: Private subnet 1 CIDR + PrivateSubnet2Cidr: + default: Private subnet 2 CIDR + AccessCidr: + default: Permitted IP range + RemoteAccessCidr: + default: Remote access CIDR + ELBScheme: + default: Elastic Load Balancing scheme + ProvisionBastionHost: + default: Bastion instance + BastionInstanceType: + default: Bastion instance type + BastionRootVolumeSize: + default: Bastion root volume size + BastionEnableTcpForwarding: + default: Bastion enable TCP forwarding + BastionEnableX11Forwarding: + default: Bastion enable X11 forwarding + BastionOs: + default: Bastion operating system + NumBastionHosts: + default: Number of bastion instances + VolumeSize: + default: EBS root volume size + InstanceType: + default: EC2 instance type + NumberOfSecondary: + default: Secondary instances + ArtifactoryProduct: + default: Artifactory product to install + ArtifactoryVersion: + default: Artifactory version + SmLicenseCertName: + default: Artifactory licenses and certificate secret name + ArtifactoryServerName: + default: Artifactory server name + MasterKey: + default: Master server key + ExtraJavaOptions: + default: Extra Java options + DefaultJavaMemSettings: + default: Default Java memory settings + KeystorePassword: + default: Java keystore password + AnsibleVaultPass: + default: Ansible Vault password + DatabaseName: + default: Database name + DatabaseEngine: + default: Database engine + DatabaseUser: + default: Database user + DatabasePassword: + default: Database password + DatabaseInstance: + default: Database instance type + DatabaseAllocatedStorage: + default: Database allocated storage + MultiAzDatabase: + default: High-availability database + QsS3BucketName: + default: Quick Start S3 bucket name + QsS3KeyPrefix: + default: Quick Start S3 key prefix + QsS3BucketRegion: + default: Quick Start S3 bucket region + InstallXray: + default: Install JFrog Xray + XrayVersion: + default: Version of Xray to install + XrayNumberOfInstances: + default: Number of JFrog Xray instances + XrayInstanceType: + default: Xray instance type + XrayDatabaseUser: + default: Xray Database user + XrayDatabasePassword: + default: Xray Database password +Parameters: + KeyPairName: + Description: Name of an existing key pair, + which allows you to connect securely to your instance after it launches. + This is the key pair you created in your preferred Region. + Type: AWS::EC2::KeyPair::KeyName + VpcId: + Description: ID of your existing VPC (e.g., vpc-0343606e). + Type: "AWS::EC2::VPC::Id" + VpcCidr: + Description: CIDR block for the VPC. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/16 + Type: String + PublicSubnet1Id: + Description: ID of the public subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab). + Type: "AWS::EC2::Subnet::Id" + PublicSubnet2Id: + Description: ID of the public subnet in Availability Zone 2 of your existing VPC (e.g., subnet-a29c3d84). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet1Id: + Description: ID of the private subnet in Availability Zone 1 of your existing VPC (e.g., subnet-a0246dcd). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet2Id: + Description: ID of the private subnet in Availability Zone 2 of your existing VPC (e.g., subnet-b58c3d67). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet1Cidr: + Description: CIDR of the private subnet in Availability Zone 1 of your existing VPC (e.g., 10.0.0.0/19). + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/19 + Type: String + PrivateSubnet2Cidr: + Description: CIDR of the private subnet in Availability Zone 2 of your existing VPC (e.g., 10.0.32.0/19). + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.32.0/19 + Type: String + AccessCidr: + Description: CIDR IP range that is permitted to access Artifactory. + We recommend that you set this value to a trusted IP range. + For example, you might want to grant only your corporate network access to the software. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Type: String + RemoteAccessCidr: + Description: Remote CIDR range that allows you to connect to the bastion instance by using SSH. + We recommend that you set this value to a trusted IP range. + For example, you might want to grant specific ranges inside your corporate network SSH access. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Type: String + ELBScheme: + Description: Choose whether this is internet facing or internal. + AllowedValues: + - internal + - internet-facing + Default: internet-facing + Type: String + ProvisionBastionHost: + Description: Choose Disabled to skip creating a bastion instance. Due to the JFrog Container Registry nodes being + created in private subnets, the default setting of Enabled this is highly recommended. + AllowedValues: + - "Enabled" + - "Disabled" + Default: "Enabled" + Type: String + BastionInstanceType: + Description: Size of the bastion instances. + AllowedValues: + - t3.nano + - t3.micro + - t3.small + - t3.medium + - t3.large + - m5.large + - m5.xlarge + - m5.2xlarge + - m5.4xlarge + Default: "t3.micro" + Type: String + BastionRootVolumeSize: + Description: Size of the root volume on the bastion instances. + Default: 10 + Type: Number + BastionEnableTcpForwarding: + Description: Choose whether to enable TCPForwarding via the bootstrapping of the bastion instance + or not. + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + BastionEnableX11Forwarding: + Description: Choose true to enable X11 via the bootstrapping of the bastion host. + Setting this value to true will enable X Windows over SSH. + X11 forwarding can be useful, but it is also a security risk, so it's recommended + that you keep the default (false) setting. + AllowedValues: + - "true" + - "false" + Default: "false" + Type: String + BastionOs: + Description: Linux distribution for the Amazon Machine Image (AMI) to be used for the bastion instances. + AllowedValues: + - "Amazon-Linux2-HVM" + - "CentOS-7-HVM" + - "Ubuntu-Server-20.04-LTS-HVM" + - "SUSE-SLES-15-HVM" + Default: "Amazon-Linux2-HVM" + Type: String + NumBastionHosts: + Description: Number of bastion instances to create. + AllowedValues: + - '1' + - '2' + - '3' + - '4' + Default: '1' + Type: String + VolumeSize: + Description: Size in gigabytes of the available storage (min 10GB); the Quick Start will create an + Amazon Elastic Block Store (Amazon EBS) volumes of this size. + Default: 200 + Type: Number + InstanceType: + Description: EC2 type for the Artifactory instances. + AllowedValues: + - m5.large + - m5.xlarge + - m5.2xlarge + - m5.4xlarge + - m5.8xlarge + - m5.12xlarge + - m5.16xlarge + - m5.24xlarge + - m5.metal + - m5d.large + - m5d.xlarge + - m5d.2xlarge + - m5d.4xlarge + - m5d.8xlarge + - m5d.12xlarge + - m5d.16xlarge + - m5d.24xlarge + - m5d.metal + - m5a.large + - m5a.xlarge + - m5a.2xlarge + - m5a.4xlarge + - m5a.8xlarge + - m5a.12xlarge + - m5a.16xlarge + - m5a.24xlarge + ConstraintDescription: Must contain valid instance type. + Default: m5.xlarge + Type: String + NumberOfSecondary: + Description: Number of secondary Artifactory servers to complete your + HA deployment. To align with Artifactory best practices, the minimum number + is two and the maximum is seven. Do not select more instances than you + have licenses for. + AllowedValues: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + Default: 2 + Type: Number + ArtifactoryProduct: + Description: JFrog Artifactory product you want to install into an AMI. + AllowedValues: + - JFrog-Artifactory-Pro + - JFrog-Container-Registry + Default: JFrog-Artifactory-Pro + Type: String + ArtifactoryVersion: + Description: Version of Artifactory that you want to deploy into the Quick Start. + See the release notes to select the version you want to deploy at + https://www.jfrog.com/confluence/display/RTF/Release+Notes. + AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ + ConstraintDescription: A version that matches X.X.X per Artifactory releases + Default: 7.10.5 + Type: String + SmLicenseCertName: + Description: Secret name created in AWS Secrets Manager, which contains the SSL certificate, certificate key, and Artifactory licenses. + Default: '' + Type: String + ArtifactoryServerName: + Description: Name of your Artifactory server. Ensure that this matches your certificate. + Type: String + MasterKey: + Description: Master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'. + AllowedPattern: ^[a-zA-Z0-9]+$ + MinLength: '1' + MaxLength: '64' + ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters. + NoEcho: 'true' + Type: String + ExtraJavaOptions: + Description: Set Java options to pass to the JVM for Artifactory. For more information, see the Artifactory + system requirements at https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware. + Do not add Xms or Xmx settings without disabling DefaultJavaMemSettings. + Default: -Xss256k -XX:+UseG1GC + Type: String + DefaultJavaMemSettings: + Description: Choose false to overwrite the standard memory-calculation options to pass to the Artifactory JVM. + If you plan to overwrite them, ensure they are added to the ExtraJavaOptions to prevent the stack provision from failing. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + KeystorePassword: + Description: Java keystore password. For better security, the password that you specify will + replace the default Java key store password. + NoEcho: 'true' + Type: String + AnsibleVaultPass: + Description: Ansible Vault password to protect the Artifactory YAML configuration file + generated during the Artifactory deployment. This YAML file is stored on the EC2 nodes + and secured with this password. + NoEcho: 'true' + Type: String + DatabaseName: + Description: Name of your database instance. The name must be unique across all instances + owned by your AWS account in the current Region. The database instance identifier is case-insensitive, + but it's stored in lowercase (as in "mydbinstance"). + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + MinLength: '1' + MaxLength: '60' + ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter. + Default: artdb + Type: String + DatabaseEngine: + Description: Database engine that you want to run, which is currently locked to MySQL. + AllowedValues: + - Postgres + Default: Postgres + Type: String + DatabaseUser: + Description: Login ID for the master user of your database instance. + MinLength: '1' + MaxLength: '16' + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter. + Default: artifactory + Type: String + DatabasePassword: + Description: Password for the Artifactory database user. + AllowedPattern: ^[^ \\']+$ + MinLength: '8' + MaxLength: '12' + ConstraintDescription: Must be at least 8 and no more than + 12 characters containing letters and (minimum 1 capital letter), numbers and + symbols. + NoEcho: 'true' + Type: String + DatabaseInstance: + Description: Size of the database to be deployed as part of the Quick Start. + AllowedValues: + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.10xlarge + - db.m5.16xlarge + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.4xlarge + - db.m5.12xlarge + - db.m5.24xlarge + ConstraintDescription: Must be a valid database Instance Type. + Default: db.m5.large + Type: String + DatabaseAllocatedStorage: + Description: Size in gigabytes of the available storage for the database instance. + MinValue: 5 + MaxValue: 1024 + Default: 10 + Type: Number + MultiAzDatabase: + Description: Choose false to create an Amazon RDS instance in a single Availability Zone. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + QsS3BucketName: + Description: S3 bucket name for the Quick Start assets. This string can include + numbers, lowercase letters, and hyphens (-). It cannot start + or end with a hyphen (-). + AllowedPattern: ^[0-9a-z]+([0-9a-z-]*[0-9a-z])*$ + ConstraintDescription: Quick Start bucket name can include numbers, lowercase + letters, and hyphens (-). It cannot start or end with a hyphen (-). + Default: aws-quickstart + Type: String + QsS3KeyPrefix: + Description: S3 key prefix for the Quick Start assets. Quick Start key prefix + can include numbers, lowercase letters, uppercase letters, hyphens (-), and + forward slash (/). + AllowedPattern: ^[0-9a-zA-Z-/]*$ + ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, + uppercase letters, hyphens (-), and forward slash (/). + Default: quickstart-jfrog-artifactory/ + Type: String + QsS3BucketRegion: + Default: 'us-east-1' + Description: AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. If you use your own bucket, you must specify your own value. + Type: String + InstallXray: + Description: Choose true to install JFrog Xray instance(s). + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + XrayVersion: + Description: The version of Xray that you want to deploy into the Quick Start. + AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ + ConstraintDescription: A version that matches X.X.X per Xray releases. + Default: 3.10.3 + Type: String + XrayNumberOfInstances: + Description: The number of Xray instances servers to complete your + HA deployment. The minimum number is one; the maximum is seven. + Do not select more than instances than you have licenses for. + MinValue: 1 + MaxValue: 7 + Default: 1 + Type: Number + XrayInstanceType: + Description: The EC2 instance type for the Xray instances. + AllowedValues: + - c5.2xlarge + - c5.4xlarge + ConstraintDescription: Must contain valid instance type. + Default: c5.2xlarge + Type: String + XrayDatabaseUser: + Description: The login ID for the Xray database user. + MinLength: '1' + MaxLength: '16' + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter. + Default: xray + Type: String + XrayDatabasePassword: + Description: The password for the Xray database user. + AllowedPattern: ^[^ \\']+$ + MinLength: '8' + MaxLength: '12' + ConstraintDescription: Must be at least 8 and no more than + 12 characters containing letters and (minimum 1 capital letter), numbers and + symbols. + NoEcho: 'true' + Type: String +Conditions: + EnableBastion: !Equals [!Ref 'ProvisionBastionHost', 'Enabled'] + IsArtifactory: !Not [!Equals [!Ref ArtifactoryProduct, 'JFrog-Container-Registry']] + HasSecondaryNodes: !Not [!Equals [!Ref NumberOfSecondary, '0']] + DefaultJava: !Equals [!Ref DefaultJavaMemSettings, "true"] + UsingDefaultBucket: !Equals [!Ref QsS3BucketName, 'aws-quickstart'] + EnableXray: !Equals [!Ref InstallXray, 'true'] + SmLicenseCertNameExists: !Not [!Equals [!Ref 'SmLicenseCertName', '']] +Resources: + BastionRole: + Condition: EnableBastion + Type: "AWS::IAM::Role" + Properties: + AssumeRolePolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Principal: + Service: ec2.amazonaws.com + Action: sts:AssumeRole + Policies: + - PolicyName: QSBucketAccess + PolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Action: s3:GetObject + Resource: !Sub "arn:${AWS::Partition}:s3:::${QsS3BucketName}/*" + - Effect: Allow + Action: + - logs:CreateLogStream + - logs:GetLogEvents + - logs:PutLogEvents + - logs:DescribeLogGroups + - logs:DescribeLogStreams + - logs:PutRetentionPolicy + - logs:PutMetricFilter + - logs:CreateLogGroup + Resource: !Sub "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:*:*" + - Effect: Allow + Action: + - ec2:AssociateAddress + - ec2:DescribeAddresses + Resource: "*" + BastionStack: + Condition: EnableBastion + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}submodules/quickstart-linux-bastion/templates/linux-bastion.template + Parameters: + VPCID: !Ref VpcId + PublicSubnet1ID: !Ref PublicSubnet1Id + PublicSubnet2ID: !Ref PublicSubnet2Id + KeyPairName: !Ref KeyPairName + QSS3BucketName: !Ref QsS3BucketName + QSS3KeyPrefix: !Sub '${QsS3KeyPrefix}submodules/quickstart-linux-bastion/' + QSS3BucketRegion: !Ref QsS3BucketRegion + RemoteAccessCIDR: !Ref RemoteAccessCidr + BastionInstanceType: !Ref BastionInstanceType + RootVolumeSize: !Ref BastionRootVolumeSize + BastionAMIOS: !Ref BastionOs + EnableTCPForwarding: !Ref BastionEnableTcpForwarding + EnableX11Forwarding: !Ref BastionEnableX11Forwarding + AlternativeIAMRole: !Ref BastionRole + NumBastionHosts: !Ref NumBastionHosts + ArtifactoryS3IAMUser: + Type: AWS::IAM::User + ArtifactoryIamAcessKey: + Type: AWS::IAM::AccessKey + Properties: + UserName: !Ref ArtifactoryS3IAMUser + ArtifactoryCoreInfraStack: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-core-infrastructure.template.yaml + Parameters: + VpcId: !Ref VpcId + VpcCidr: !Ref VpcCidr + PrivateSubnet1Cidr: !Ref PrivateSubnet1Cidr + PrivateSubnet2Cidr: !Ref PrivateSubnet2Cidr + PrivateSubnet3Cidr: !Ref PrivateSubnet2Cidr # This should end up in no new rule but required for EKS + SubnetIds: !Join [",", [!Ref PrivateSubnet1Id, !Ref PrivateSubnet2Id]] + DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage + MultiAzDatabase: !Ref MultiAzDatabase + DatabaseEngine: !Ref DatabaseEngine + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + DatabaseInstance: !Ref DatabaseInstance + DatabaseName: !Ref DatabaseName + ArtifactoryS3IAMUser: !Ref ArtifactoryS3IAMUser + InstanceType: !Ref InstanceType + ArtifactoryElb: + Type: AWS::ElasticLoadBalancingV2::LoadBalancer + Properties: + IpAddressType: ipv4 + Name: !Sub ${ArtifactoryProduct}-EC2-ELB + Scheme: !Ref ELBScheme + Subnets: + - !Ref PublicSubnet1Id + - !Ref PublicSubnet2Id + Type: network + ArtifactorySslTargetGroup: + Type: AWS::ElasticLoadBalancingV2::TargetGroup + Properties: + HealthCheckEnabled: True + HealthCheckIntervalSeconds: 30 + HealthCheckProtocol: TCP + HealthCheckTimeoutSeconds: 10 + HealthyThresholdCount: 3 + HealthCheckPort: "8082" + Port: 443 + Protocol: TCP + TargetType: instance + UnhealthyThresholdCount: 3 + VpcId: !Ref VpcId + ArtifactoryTargetGroup: + Type: AWS::ElasticLoadBalancingV2::TargetGroup + Properties: + HealthCheckEnabled: True + HealthCheckIntervalSeconds: 30 + HealthCheckProtocol: TCP + HealthCheckTimeoutSeconds: 10 + HealthyThresholdCount: 3 + HealthCheckPort: "8082" + Port: 80 + Protocol: TCP + TargetType: instance + UnhealthyThresholdCount: 3 + VpcId: !Ref VpcId + ArtifactorySslElbListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Properties: + DefaultActions: + - TargetGroupArn: !Ref ArtifactorySslTargetGroup + Type: forward + LoadBalancerArn: !Ref ArtifactoryElb + Port: 443 + Protocol: TCP + ArtifactoryElbListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Properties: + DefaultActions: + - TargetGroupArn: !Ref ArtifactoryTargetGroup + Type: forward + LoadBalancerArn: !Ref ArtifactoryElb + Port: 80 + Protocol: TCP + ArtifactoryInternalElb: + Type: AWS::ElasticLoadBalancingV2::LoadBalancer + Properties: + IpAddressType: ipv4 + Name: ArtifactoryInternal-ELB + Scheme: internal + Subnets: + - !Ref PrivateSubnet1Id + - !Ref PrivateSubnet2Id + Type: network + ArtifactoryInternalTargetGroup: + Type: AWS::ElasticLoadBalancingV2::TargetGroup + Properties: + HealthCheckEnabled: True + HealthCheckIntervalSeconds: 30 + HealthCheckProtocol: TCP + HealthCheckTimeoutSeconds: 10 + HealthyThresholdCount: 3 + HealthCheckPort: "8082" + Name: artifactory-internal-http + Port: 80 + Protocol: TCP + TargetType: instance + UnhealthyThresholdCount: 3 + VpcId: !Ref VpcId + ArtifactoryInternalElbListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Properties: + DefaultActions: + - TargetGroupArn: !Ref ArtifactoryInternalTargetGroup + Type: forward + LoadBalancerArn: !Ref ArtifactoryInternalElb + Port: 80 + Protocol: TCP + ArtifactoryEc2Sg: + Type: AWS::EC2::SecurityGroup + Properties: + Tags: + - Key: Name + Value: !Sub ${ArtifactoryProduct}-ec2-instances-sg + GroupDescription: SG for EC2 instances (also permits access using SSH from the bastion host) + VpcId: !Ref VpcId + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 80 + ToPort: 80 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 80 + ToPort: 80 + CidrIp: !Ref AccessCidr + - IpProtocol: tcp + FromPort: 443 + ToPort: 443 + CidrIp: !Ref AccessCidr + - IpProtocol: tcp + FromPort: 443 + ToPort: 443 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 8081 + ToPort: 8082 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 8046 + ToPort: 8046 + CidrIp: !Ref VpcCidr + SecurityGroupEgress: + - IpProtocol: "-1" + CidrIp: 0.0.0.0/0 + ArtifactoryHostRole: + Type: 'AWS::IAM::Role' + Properties: + Path: / + AssumeRolePolicyDocument: + Statement: + - Action: + - 'sts:AssumeRole' + Principal: + Service: + - ec2.amazonaws.com + Effect: Allow + Version: 2012-10-17 + ManagedPolicyArns: + - !Sub 'arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonEC2RoleforSSM' + ArtifactoryHostProfile: + Type: 'AWS::IAM::InstanceProfile' + Properties: + Roles: + - !Ref ArtifactoryHostRole + Path: / + ArtifactoryMaster: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-ec2-instance.template.yaml + Parameters: + PrivateSubnet1Id: !Ref PrivateSubnet1Id + PrivateSubnet2Id: !Ref PrivateSubnet2Id + MinScalingNodes: '1' # Always have 1 MasterNode + MaxScalingNodes: '1' # Always have 1 MasterNode + DeploymentTag: !If [IsArtifactory, "ArtifactoryMaster", "JcrMaster"] + HostRole: !Ref ArtifactoryHostRole + QsS3BucketName: !Ref QsS3BucketName + QsS3KeyPrefix: !Ref QsS3KeyPrefix + QsS3Uri: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix} + - S3Bucket: !If + - UsingDefaultBucket + - !Sub 'aws-quickstart-${AWS::Region}' + - !Ref 'QsS3BucketName' + S3Region: !If + - UsingDefaultBucket + - !Ref 'AWS::Region' + - !Ref 'QsS3BucketRegion' + AmiId: !Join ['', !Split [".", !Ref ArtifactoryVersion]] + ArtifactoryProduct: !Ref ArtifactoryProduct + ArtifactoryLicense1: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense1}}', ''] + ArtifactoryLicense2: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense2}}', ''] + ArtifactoryLicense3: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense3}}', ''] + ArtifactoryLicense4: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense4}}', ''] + ArtifactoryLicense5: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense5}}', ''] + ArtifactoryLicense6: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense6}}', ''] + ArtifactoryServerName: !Ref ArtifactoryServerName + EnableSSL: !If [SmLicenseCertNameExists, 'true' , 'false'] + Certificate: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:Certificate}}', ''] + CertificateKey: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:CertificateKey}}', ''] + CertificateDomain: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:CertificateDomain}}', ''] + ArtifactoryIamAcessKey: !Ref ArtifactoryIamAcessKey + SecretAccessKey: !GetAtt ArtifactoryIamAcessKey.SecretAccessKey + ArtifactoryS3Bucket: !GetAtt ArtifactoryCoreInfraStack.Outputs.S3Bucket + DatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl + DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + DatabasePlugin: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePlugin + DatabasePluginUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePluginUrl + DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + ArtifactoryPrimary: 'true' + MasterKey: !Ref MasterKey + ExtraJavaOptions: !If [DefaultJava, !Sub "${ArtifactoryCoreInfraStack.Outputs.JavaOpts} ${ExtraJavaOptions}", !Ref ExtraJavaOptions] + KeystorePassword: !Ref KeystorePassword + ArtifactoryVersion: !Ref ArtifactoryVersion + KeyPairName: !Ref KeyPairName + HostProfile: !Ref ArtifactoryHostProfile + SecurityGroups: !Ref ArtifactoryEc2Sg + InstanceType: !Ref InstanceType + VolumeSize: !Ref VolumeSize + TargetGroupARN: !Ref ArtifactoryTargetGroup + SSLTargetGroupARN: !Ref ArtifactorySslTargetGroup + InternalTargetGroupARN: !Ref ArtifactoryInternalTargetGroup + AnsibleVaultPass: !Ref AnsibleVaultPass + ArtifactorySecondary: + Condition: HasSecondaryNodes + DependsOn: ArtifactoryMaster + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-ec2-instance.template.yaml + Parameters: + PrivateSubnet1Id: !Ref PrivateSubnet1Id + PrivateSubnet2Id: !Ref PrivateSubnet2Id + MinScalingNodes: !Ref NumberOfSecondary + MaxScalingNodes: !Ref NumberOfSecondary + DeploymentTag: ArtifactorySecondary + HostRole: !Ref ArtifactoryHostRole + AmiId: !Join ['', !Split [".", !Ref ArtifactoryVersion]] + ArtifactoryProduct: !Ref ArtifactoryProduct + ArtifactoryLicense1: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense1}}', ''] + ArtifactoryLicense2: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense2}}', ''] + ArtifactoryLicense3: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense3}}', ''] + ArtifactoryLicense4: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense4}}', ''] + ArtifactoryLicense5: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense5}}', ''] + ArtifactoryLicense6: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense6}}', ''] + ArtifactoryServerName: !Ref ArtifactoryServerName + EnableSSL: !If [SmLicenseCertNameExists, 'true' , 'false'] + Certificate: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:Certificate}}', ''] + CertificateKey: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:CertificateKey}}', ''] + CertificateDomain: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:CertificateDomain}}', ''] + ArtifactoryIamAcessKey: !Ref ArtifactoryIamAcessKey + SecretAccessKey: !GetAtt ArtifactoryIamAcessKey.SecretAccessKey + ArtifactoryS3Bucket: !GetAtt ArtifactoryCoreInfraStack.Outputs.S3Bucket + DatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl + DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + DatabasePlugin: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePlugin + DatabasePluginUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePluginUrl + DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + ArtifactoryPrimary: 'false' + MasterKey: !Ref MasterKey + ExtraJavaOptions: !If [DefaultJava, !Sub "${ArtifactoryCoreInfraStack.Outputs.JavaOpts} ${ExtraJavaOptions}", !Ref ExtraJavaOptions] + KeystorePassword: !Ref KeystorePassword + ArtifactoryVersion: !Ref ArtifactoryVersion + KeyPairName: !Ref KeyPairName + HostProfile: !Ref ArtifactoryHostProfile + SecurityGroups: !Ref ArtifactoryEc2Sg + InstanceType: !Ref InstanceType + VolumeSize: !Ref VolumeSize + TargetGroupARN: !Ref ArtifactoryTargetGroup + SSLTargetGroupARN: !Ref ArtifactorySslTargetGroup + InternalTargetGroupARN: !Ref ArtifactoryInternalTargetGroup + AnsibleVaultPass: !Ref AnsibleVaultPass + QsS3BucketName: !Ref QsS3BucketName + QsS3KeyPrefix: !Ref QsS3KeyPrefix + QsS3Uri: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix} + - S3Bucket: !If + - UsingDefaultBucket + - !Sub 'aws-quickstart-${AWS::Region}' + - !Ref 'QsS3BucketName' + S3Region: !If + - UsingDefaultBucket + - !Ref 'AWS::Region' + - !Ref 'QsS3BucketRegion' + XrayHostRole: + Condition: EnableXray + Type: 'AWS::IAM::Role' + Properties: + Path: / + AssumeRolePolicyDocument: + Statement: + - Action: + - 'sts:AssumeRole' + Principal: + Service: + - ec2.amazonaws.com + Effect: Allow + Version: 2012-10-17 + ManagedPolicyArns: + - !Sub 'arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonEC2RoleforSSM' + XrayHostProfile: + Condition: EnableXray + Type: 'AWS::IAM::InstanceProfile' + Properties: + Roles: + - !Ref XrayHostRole + Path: / + XrayExistingVpcStack: + Condition: EnableXray + DependsOn: ArtifactorySecondary + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-xray-ec2-instance.template.yaml + Parameters: + PrivateSubnet1Id: !Ref PrivateSubnet1Id + PrivateSubnet2Id: !Ref PrivateSubnet2Id + KeyPairName: !Ref KeyPairName + MinScalingNodes: !Ref XrayNumberOfInstances + MaxScalingNodes: !Ref XrayNumberOfInstances + DeploymentTag: 'xray' + QsS3BucketName: !Ref QsS3BucketName + QsS3KeyPrefix: !Ref QsS3KeyPrefix + QsS3Uri: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix} + - S3Bucket: !If + - UsingDefaultBucket + - !Sub 'aws-quickstart-${AWS::Region}' + - !Ref 'QsS3BucketName' + S3Region: !If + - UsingDefaultBucket + - !Ref 'AWS::Region' + - !Ref 'QsS3BucketRegion' + DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + MasterKey: !Ref MasterKey + SecurityGroups: !Ref ArtifactoryEc2Sg + VolumeSize: !Ref VolumeSize + XrayInstanceType: !Ref XrayInstanceType + JfrogInternalUrl: !Sub "http://${ArtifactoryInternalElb.DNSName}" + AnsibleVaultPass: !Ref AnsibleVaultPass + XrayDatabaseUser: !Ref XrayDatabaseUser + XrayDatabasePassword: !Ref XrayDatabasePassword + XrayMasterDatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayMasterDatabaseUrl + XrayDatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayDatabaseUrl + XrayFirstNode: 'true' + XrayVersion: !Ref XrayVersion + XrayAmiId: !Join ['', !Split [".", !Ref XrayVersion]] + XrayHostRole: !Ref XrayHostRole + XrayHostProfile: !Ref XrayHostProfile +Outputs: + ArtifactoryUrl: + Description: URL of the ELB to access Artifactory + Value: !If [SmLicenseCertNameExists, !Sub "https://${ArtifactoryElb.DNSName}", !Sub "http://${ArtifactoryElb.DNSName}"] + Export: + Name: !Sub '${AWS::StackName}-ArtifactoryUrl' + ArtifactoryInternalUrl: + Description: URL of the internal ELB to access Artifactory + Value: !Sub "http://${ArtifactoryInternalElb.DNSName}" + Export: + Name: !Sub '${AWS::StackName}-ArtifactoryInternalUrl' + DatabaseType: + Description: Type of database + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + Export: + Name: !Sub '${AWS::StackName}-DatabaseType' + DatabaseDriver: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + Export: + Name: !Sub '${AWS::StackName}-DatabaseDriver' + DatabaseUrl: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl + Export: + Name: !Sub '${AWS::StackName}-DatabaseUrl' + ArtifactoryTargetGroup: + Description: Artifactory target group + Value: !Ref ArtifactoryTargetGroup + Export: + Name: !Sub '${AWS::StackName}-ArtifactoryTargetGroup' + ArtifactorySslTargetGroup: + Description: Artifactory SSL target group + Value: !Ref ArtifactorySslTargetGroup + Export: + Name: !Sub '${AWS::StackName}-ArtifactorySslTargetGroup' + ArtifactoryEc2Sg: + Description: Artifactory EC2 sercurity group + Value: !Ref ArtifactoryEc2Sg + Export: + Name: !Sub '${AWS::StackName}-ArtifactoryEc2Sg' + BastionIp: + Value: !If + - EnableBastion + - !GetAtt BastionStack.Outputs.EIP1 + - "" + XrayMasterDatabaseUrl: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayMasterDatabaseUrl + Export: + Name: !Sub '${AWS::StackName}-XrayMasterDatabaseUrl' + XrayDatabaseUrl: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayDatabaseUrl + Export: + Name: !Sub '${AWS::StackName}-XrayDatabaseUrl' \ No newline at end of file diff --git a/Amazon/Marketplace/v7106/templates/jfrog-artifactory-ec2-instance.template.yaml b/Amazon/Marketplace/v7106/templates/jfrog-artifactory-ec2-instance.template.yaml new file mode 100644 index 0000000..94194da --- /dev/null +++ b/Amazon/Marketplace/v7106/templates/jfrog-artifactory-ec2-instance.template.yaml @@ -0,0 +1,417 @@ +AWSTemplateFormatVersion: "2010-09-09" +Description: "Deploys the EC2 Autoscaling, LaunchConfig and Instance for Artifactory (qs-1qpmmjh5o)" +Parameters: + PrivateSubnet1Id: + Type: 'AWS::EC2::Subnet::Id' + PrivateSubnet2Id: + Type: 'AWS::EC2::Subnet::Id' + MinScalingNodes: + Type: Number + MaxScalingNodes: + Type: Number + DeploymentTag: + Type: String + HostRole: + Type: String + AmiId: + Type: String + ArtifactoryProduct: + Type: String + QsS3BucketName: + Type: String + QsS3KeyPrefix: + Type: String + QsS3Uri: + Type: String + ArtifactoryLicense1: + Type: String + ArtifactoryLicense2: + Type: String + ArtifactoryLicense3: + Type: String + ArtifactoryLicense4: + Type: String + ArtifactoryLicense5: + Type: String + ArtifactoryLicense6: + Type: String + ArtifactoryServerName: + Type: String + Certificate: + Type: String + CertificateKey: + Type: String + NoEcho: 'true' + CertificateDomain: + Type: String + EnableSSL: + Type: String + ArtifactoryIamAcessKey: + Type: String + NoEcho: 'true' + SecretAccessKey: + Type: String + NoEcho: 'true' + ArtifactoryS3Bucket: + Type: String + DatabaseUrl: + Type: String + DatabaseDriver: + Type: String + DatabasePluginUrl: + Type: String + DatabasePlugin: + Type: String + DatabaseType: + Type: String + DatabaseUser: + Type: String + DatabasePassword: + Type: String + NoEcho: 'true' + ArtifactoryPrimary: + Type: String + MasterKey: + Type: String + NoEcho: 'true' + ExtraJavaOptions: + Type: String + ArtifactoryVersion: + Type: String + KeyPairName: + Type: AWS::EC2::KeyPair::KeyName + TargetGroupARN: + Type: String + SSLTargetGroupARN: + Type: String + InternalTargetGroupARN: + Type: String + HostProfile: + Type: String + SecurityGroups: + Type: String + InstanceType: + Type: String + VolumeSize: + Type: Number + KeystorePassword: + Description: Default Keystore from Java in which we upgrade. + Type: String + NoEcho: 'true' + AnsibleVaultPass: + Description: Ansiblevault Password to secure the artifactory.yml + Type: String + NoEcho: 'true' +# To populate additional mappings use the following with the desired --region +# aws --region us-west-2 ec2 describe-images --owners amazon --filters 'Name=name,Values=amzn-ami-hvm-2018.03.0.20181129-x86_64-gp2' 'Name=state,Values=available' --output json | jq -r '.Images | sort_by(.CreationDate) | last(.[]).ImageId' +Mappings: + AWSAMIRegionMap: + ap-northeast-1: + AMZNLINUXHVM: ami-079e6fb1e856e80c1 + "Artifactory721": ami-09dfb20a591375d09 + "Artifactory755": ami-09dfb20a591375d09 # TODO: Get correct ami + "Jcr721": ami-0d87bf5404e186c90 + ap-northeast-2: + AMZNLINUXHVM: ami-0e4a253fb5f082688 + "Artifactory721": ami-0eb86b82de93a34fb + "Artifactory755": ami-0eb86b82de93a34fb # TODO: Get correct ami + "Jcr721": ami-047275320dc0101df + ap-south-1: + AMZNLINUXHVM: ami-01e074f40dfb9999d + "Artifactory721": ami-01b828aa6cc99a322 + "Artifactory755": ami-01b828aa6cc99a322 # TODO: Get correct ami + "Jcr721": ami-003e20ccb4b8b1efc + ap-southeast-1: + AMZNLINUXHVM: ami-0d9233e8ce73df7b2 + "Artifactory721": ami-04a94cc4dc0d08c98 + "Artifactory755": ami-04a94cc4dc0d08c98 # TODO: Get correct ami + "Jcr721": ami-016d81f9a055d84f7 + ap-southeast-2: + AMZNLINUXHVM: ami-0c91f97cadcc8499e + "Artifactory721": ami-030871aa8d1f0689e + "Artifactory755": ami-030871aa8d1f0689e # TODO: Get correct ami + "Jcr721": ami-0a257f38f4e17b489 + ca-central-1: + AMZNLINUXHVM: ami-003a0ba7ea76b2785 + "Artifactory721": ami-0148cebea7bea4aaf + "Artifactory755": ami-0148cebea7bea4aaf # TODO: Get correct ami + "Jcr721": ami-0366fde97d0c9c63c + eu-central-1: + AMZNLINUXHVM: ami-0ab838eeee7f316eb + "Artifactory721": ami-07961f7c210143a42 + "Artifactory755": ami-07961f7c210143a42 # TODO: Get correct ami + "Jcr721": ami-025ce18f43dbbee65 + eu-west-1: + AMZNLINUXHVM: ami-071f4ce599deff521 + "Artifactory721": ami-0171b8d46941b4ca1 + "Artifactory755": ami-0171b8d46941b4ca1 # TODO: Get correct ami + "Jcr721": ami-0a0c02357d264c397 + sa-east-1: + AMZNLINUXHVM: ami-04b202bf877b5027b + "Artifactory721": ami-0596f196b273bb8a6 + "Artifactory755": ami-0596f196b273bb8a6 # TODO: Get correct ami + "Jcr721": ami-0f5f29385fc7cf6a9 + us-east-1: + AMZNLINUXHVM : ami-09d069a04349dc3cb + "Artifactory700" : ami-06baee01fb2ef01d2 + "Artifactory702" : ami-085b1acc8e8b5b039 + "Artifactory721" : ami-0d4d4252cdc2b6f11 + "Artifactory755" : ami-07c0a3d7663fcafb9 # TODO: Get correct ami + "Artifactory773" : ami-0e1639df4df532641 # partnership account + seller account + "Artifactory7102": ami-0d3aaf4303a264d04 # seller account (shared with partnership account) + "Jcr720" : ami-05aa02eddf5f692b7 + "Jcr721" : ami-04fed5fc210272dfe + "Jcr7102" : ami-0508370f82ef2e50d + "Artifactory7105": ami-0ebadbf3bfd796159 # partnership account + "Jcr7105" : ami-044f911cbd1abfa35 # partnership account + "Artifactory7106": ami-031178f02b6163ccc # seller account (shared with partnership account) + us-east-2: + AMZNLINUXHVM : ami-0d542ef84ec55d71c + "Artifactory721" : ami-0a913af05ccdaa522 + "Artifactory755" : ami-05071c07a672ddf54 # TODO: Get correct ami - using ami generated by myself + "Jcr721" : ami-0d50790b8fb747584 + "Artifactory7105": ami-0b6cf479cb95fdc0f # partnership account + "Jcr7105" : ami-0b36c6bc47680e08b # partnership account + us-west-1: + AMZNLINUXHVM : ami-04bc3da8f14823e88 + "Artifactory721" : ami-068cd684b4d3a3a86 + "Artifactory755" : ami-068cd684b4d3a3a86 # TODO: Get correct ami + "Jcr721" : ami-0e1cef33ea2778bd5 + "Artifactory7105": ami-08bffb00bf4bcf9e5 # partnership account + "Jcr7105" : ami-0c2c7f6ebd9c5f93a # partnership account + us-west-2: + AMZNLINUXHVM : ami-01460aa81365561fe + "700" : ami-000937e944ea194bf + "Artifactory721" : ami-0c132dd3640519a35 + "Artifactory755" : ami-0007155f7b7de9386 # TODO: Get correct ami + "Artifactory773" : ami-0a1b8c5bd6ea279b0 # partnership account + seller account + "Jcr721" : ami-083542bb4f8afa3db + "Artifactory7105": ami-00e814a57b5142b4f # partnership account + "Jcr7105" : ami-0d310395b75af75bd # partnership account + us-gov-east-1: + AMZNLINUX2 : ami-7c2bc80d + "Artifactory755" : ami-0732b9134b39caf5c + "Artifactory7102": ami-0f5ce3b2c087a8098 + "Artifactory7105": ami-011a5a1aa6a1e6cf2 + us-gov-west-1: + AMZNLINUX2 : ami-a03768c1 + "Artifactory755" : ami-0b9d3e9ee5ffdc491 + "Artifactory7105": ami-0c42aaa5df6428bd7 + ArtifactoryProductMap: + JFrog-Container-Registry: + "720": "Jcr720" + "721": "Jcr721" + "743": "Jcr743" + "7102": "Jcr7102" + "7105": "Jcr7105" + product: "jcr" + JFrog-Artifactory-Pro: + "700": "Artifactory700" + "702": "Artifactory702" + "721": "Artifactory721" + "755": "Artifactory755" + "773": "Artifactory773" + "7102": "Artifactory7102" + "7105": "Artifactory7105" + "7106": "Artifactory7106" + product: "artifactory" +Resources: + ArtifactoryScalingGroup: + Type: 'AWS::AutoScaling::AutoScalingGroup' + Properties: + LaunchConfigurationName: !Ref ArtifactoryLaunchConfiguration + VPCZoneIdentifier: + - !Ref PrivateSubnet1Id + - !Ref PrivateSubnet2Id + MinSize: !Ref MinScalingNodes + MaxSize: !Ref MaxScalingNodes + Cooldown: '300' + DesiredCapacity: !Ref MinScalingNodes + TargetGroupARNs: + - !Ref TargetGroupARN + - !Ref SSLTargetGroupARN + - !Ref InternalTargetGroupARN + HealthCheckType: ELB + HealthCheckGracePeriod: 900 + Tags: + - Key: Name + Value: !Ref DeploymentTag + PropagateAtLaunch: true + CreationPolicy: + ResourceSignal: + Count: 1 + Timeout: PT30M + + ArtifactoryLaunchConfiguration: + Type: 'AWS::AutoScaling::LaunchConfiguration' + Metadata: + 'AWS::CloudFormation::Authentication': + S3AccessCreds: + type: S3 + roleName: + - !Ref HostRole # !Ref ArtifactoryHostRole + buckets: + - !Ref QsS3BucketName + 'AWS::CloudFormation::Init': + configSets: + artifactory_install: + - "config-artifactory-master" + - "secure-artifactory" + config-artifactory-master: + files: + /root/.jfrog_ami/artifactory.yml: + content: !Sub + - | + # Base install for Artifactory + - import_playbook: site-artifactory.yml + vars: + artifactory_license1: ${ArtifactoryLicense1} + artifactory_license2: ${ArtifactoryLicense2} + artifactory_license3: ${ArtifactoryLicense3} + artifactory_license4: ${ArtifactoryLicense4} + artifactory_license5: ${ArtifactoryLicense5} + artifactory_license6: ${ArtifactoryLicense6} + artifactory_product: ${product} + artifactory_flavour: "{{ 'pro' if '${product}' == 'artifactory' else 'jcr' if '${product}' == 'jcr' }}" + artifactory_server_name: ${ArtifactoryServerName} + server_name: ${ArtifactoryServerName}.${CertificateDomain} + s3_region: ${AWS::Region} + s3_access_key: ${ArtifactoryIamAcessKey} + s3_access_secret_key: ${SecretAccessKey} + s3_bucket: ${ArtifactoryS3Bucket} + certificate: ${Certificate} + certificate_key: ${CertificateKey} + certificate_domain: ${CertificateDomain} + enable_ssl: ${EnableSSL} + ssl_dir: /etc/pki/tls/certs + db_type: ${DatabaseType} + db_driver: ${DatabaseDriver} + db_url: ${DatabaseUrl} + db_user: ${DatabaseUser} + db_password: ${DatabasePassword} + # db_download_url: https://jdbc.postgresql.org/download/postgresql-42.2.12.jar + art_primary: ${ArtifactoryPrimary} + master_key: ${MasterKey} + join_key: ${MasterKey} + extra_java_opts: ${ExtraJavaOptions} + artifactory_version: ${ArtifactoryVersion} + artifactory_keystore: + path: /opt/jfrog/artifactory/app/third-party/java/lib/security/cacerts + default_password: changeit + new_keystore_pass: ${KeystorePassword} + artifactory_java_db_drivers: + - name: ${DatabasePlugin} + url: ${DatabasePluginUrl} + owner: artifactory + group: artifactory + - { + product: !FindInMap [ArtifactoryProductMap, !Ref ArtifactoryProduct, product] + } + mode: "0400" + /root/.vault_pass.txt: + content: !Sub | + ${AnsibleVaultPass} + mode: "0400" + /root/.secureit.sh: + content: + ansible-vault encrypt /root/.jfrog_ami/artifactory.yml --vault-id /root/.vault_pass.txt + mode: "0770" + secure-artifactory: + commands: + 'secure ansible playbook': + command: '/root/.secureit.sh' + ignoreErrors: 'false' + Properties: + AssociatePublicIpAddress: false + KeyName: !Ref KeyPairName + IamInstanceProfile: !Ref HostProfile + ImageId: !FindInMap + - AWSAMIRegionMap + - !Ref 'AWS::Region' + - !FindInMap + - ArtifactoryProductMap + - !Ref ArtifactoryProduct + - !Ref AmiId + SecurityGroups: + - !Ref SecurityGroups + InstanceType: !Ref InstanceType + BlockDeviceMappings: + - DeviceName: /dev/xvda + Ebs: + VolumeSize: !Ref VolumeSize + VolumeType: gp2 + DeleteOnTermination: true + UserData: + 'Fn::Base64': + !Sub | + #!/bin/bash -x + + #CFN Functions + + function cfn_fail + + { + + cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource ArtifactoryScalingGroup + + exit 1 + + } + + function cfn_success + + { + + cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource ArtifactoryScalingGroup + + exit 0 + + } + + S3URI=${QsS3Uri} + + # yum install -y git + + echo $PATH + + PATH=/opt/aws/bin:$PATH + + echo $PATH + echo \'[Cloning: Load QuickStart Common Utils]\' + + # git clone https://github.com/aws-quickstart/quickstart-linux-utilities.git + + source /quickstart-linux-utilities/quickstart-cfn-tools.source + + echo \'[Loaded: Load QuickStart Common Utils]\' + + echo \'[Update Operating System]\' + + qs_update-os || qs_err + + qs_bootstrap_pip || qs_err + + qs_aws-cfn-bootstrap || qs_err + + source ~/venv/bin/activate &> /var/log/userdata.activate_venv.log || qs_err " activate venv failed " + + # CentOS cloned virtual machines do not create a new machine id + # https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/ + rm -f /etc/machine-id + systemd-machine-id-setup + + # mkdir ~/.artifactory_ansible + + # aws s3 --region ${AWS::Region} sync s3://${QsS3BucketName}/${QsS3KeyPrefix}cloudInstallerScripts/ ~/.artifactory_ansible/ + + cfn-init -v --stack ${AWS::StackName} --resource ArtifactoryLaunchConfiguration --configsets artifactory_install --region ${AWS::Region} || cfn_fail + + export ANSIBLE_VAULT_PASSWORD_FILE="/root/.vault_pass.txt" + + setsebool httpd_can_network_connect 1 -P + + ansible-playbook /root/.jfrog_ami/artifactory.yml || qs_err " ansible execution failed " + + rm -rf /root/.secureit.sh + + [ $(qs_status) == 0 ] && cfn_success || cfn_fail \ No newline at end of file diff --git a/Amazon/Marketplace/v7106/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml b/Amazon/Marketplace/v7106/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml new file mode 100644 index 0000000..d79cb82 --- /dev/null +++ b/Amazon/Marketplace/v7106/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml @@ -0,0 +1,457 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: 'JFrog Artifactory Quick Start Deployment (qs-1qpmmjh2f)' +Metadata: + QuickStartDocumentation: + EntrypointName: "Launch into a new VPC" + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: Security configuration + Parameters: + - KeyPairName + - AccessCidr + - RemoteAccessCidr + - Label: + default: Network configuration + Parameters: + - PrivateSubnet1Cidr + - PrivateSubnet2Cidr + - VpcId + - VpcCidr + - PublicSubnet1Id + - PublicSubnet2Id + - PrivateSubnet1Id + - PrivateSubnet2Id + - Label: + default: Amazon EC2 configuration + Parameters: + - VolumeSize + - InstanceType + - Label: + default: JFrog Artifactory configuration + Parameters: + - ArtifactoryVersion + - NumberOfSecondary + - SmLicenseCertName + - ArtifactoryServerName + - MasterKey + - ExtraJavaOptions + - DefaultJavaMemSettings + - KeystorePassword + - AnsibleVaultPass + - Label: + default: Amazon RDS configuration + Parameters: + - DatabaseName + - DatabaseEngine + - DatabaseUser + - DatabasePassword + - DatabaseInstance + - DatabaseAllocatedStorage + - MultiAzDatabase + - Label: + default: JFrog Xray Configuration + Parameters: + - InstallXray + - XrayVersion + - XrayNumberOfInstances + - XrayInstanceType + - XrayDatabaseUser + - XrayDatabasePassword + ParameterLabels: + KeyPairName: + default: SSH key name + PrivateSubnet1Cidr: + default: Private subnet 1 CIDR + PrivateSubnet2Cidr: + default: Private subnet 2 CIDR + AccessCidr: + default: Permitted IP range + RemoteAccessCidr: + default: Remote access CIDR + VpcId: + default: VPC ID + VpcCidr: + default: VPC CIDR + PublicSubnet1Id: + default: Public subnet 1 ID + PublicSubnet2Id: + default: Public subnet 2 ID + PrivateSubnet1Id: + default: Private subnet 1 ID + PrivateSubnet2Id: + default: Private subnet 2 ID + VolumeSize: + default: EBS root volume size + InstanceType: + default: EC2 instance type + NumberOfSecondary: + default: Secondary instances + ArtifactoryVersion: + default: Artifactory version + SmLicenseCertName: + default: Artifactory licenses and certificate secret name + ArtifactoryServerName: + default: Artifactory server name + MasterKey: + default: Master server key + ExtraJavaOptions: + default: Extra Java options + DefaultJavaMemSettings: + default: Default Java memory settings + KeystorePassword: + default: Java key store password + AnsibleVaultPass: + default: Ansible Vault password + DatabaseName: + default: Database name + DatabaseEngine: + default: Database engine + DatabaseUser: + default: Database user + DatabasePassword: + default: Database password + DatabaseInstance: + default: Database instance type + DatabaseAllocatedStorage: + default: Database allocated storage + MultiAzDatabase: + default: High-availability database + InstallXray: + default: Install JFrog Xray + XrayVersion: + default: Version of Xray to install + XrayNumberOfInstances: + default: Number of JFrog XrayNumberOfInstances + XrayInstanceType: + default: Xray instance type + XrayDatabaseUser: + default: Xray Database user + XrayDatabasePassword: + default: Xray Database password +Parameters: + VpcId: + Description: ID of your existing VPC (e.g., vpc-0343606e). + Type: "AWS::EC2::VPC::Id" + VpcCidr: + Description: CIDR block for the VPC. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/16 + Type: String + PublicSubnet1Id: + Description: ID of the public subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab). + Type: "AWS::EC2::Subnet::Id" + PublicSubnet2Id: + Description: ID of the public subnet in Availability Zone 2 of your existing VPC (e.g., subnet-a29c3d84). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet1Id: + Description: ID of the private subnet in Availability Zone 1 of your existing VPC (e.g., subnet-a0246dcd). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet2Id: + Description: ID of the private subnet in Availability Zone 2 of your existing VPC (e.g., subnet-b58c3d67). + Type: "AWS::EC2::Subnet::Id" + KeyPairName: + Description: Name of an existing key pair, + which allows you to connect securely to your instance after it launches. + This is the key pair you created in your preferred Region. + Type: AWS::EC2::KeyPair::KeyName + PrivateSubnet1Cidr: + Description: CIDR block for private subnet 1, located in Availability Zone 1. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/19 + Type: String + PrivateSubnet2Cidr: + Description: CIDR block for private subnet 2, located in Availability Zone 2. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.32.0/19 + Type: String + AccessCidr: + Description: CIDR IP range permitted to access Artifactory. + It is recommended that you set this value to a trusted IP range. + For example, you may want to limit software access to your corporate network. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Type: String + RemoteAccessCidr: + Description: Remote CIDR range that allows you to connect to the bastion instance by using SSH. + It is recommended that you set this value to a trusted IP range. + For example, you may want to grant specific ranges from within your corporate network that use the SSH protocol. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Type: String + VolumeSize: + Description: Size in gigabytes of available storage (min 10GB). The Quick Start creates an + Amazon Elastic Block Store (Amazon EBS) volumes of this size. + Default: 200 + Type: Number + InstanceType: + Description: EC2 type for the Artifactory instances. + AllowedValues: + - m5.large + - m5.xlarge + - m5.2xlarge + - m5.4xlarge + - m5.8xlarge + - m5.12xlarge + - m5.16xlarge + - m5.24xlarge + - m5.metal + - m5d.large + - m5d.xlarge + - m5d.2xlarge + - m5d.4xlarge + - m5d.8xlarge + - m5d.12xlarge + - m5d.16xlarge + - m5d.24xlarge + - m5d.metal + - m5a.large + - m5a.xlarge + - m5a.2xlarge + - m5a.4xlarge + - m5a.8xlarge + - m5a.12xlarge + - m5a.16xlarge + - m5a.24xlarge + ConstraintDescription: Must contain valid instance type. + Default: m5.xlarge + Type: String + NumberOfSecondary: + Description: Number of secondary Artifactory servers to complete your + HA deployment. To align with Artifactory best practices, the minimum number + is two, and the maximum is seven. Do not select more instances than you + have licenses for. + AllowedValues: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + Default: 2 + Type: Number + ArtifactoryVersion: + Description: Version of Artifactory that you want to deploy into the Quick Start. + To select the correct version, see the release notes at + https://www.jfrog.com/confluence/display/RTF/Release+Notes. + AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ + ConstraintDescription: A version that matches X.X.X per Artifactory releases. + Default: 7.10.6 + Type: String + SmLicenseCertName: + Description: Secret name created in AWS Secrets Manager that contains the SSL certificate, certificate key, and Artifactory licenses. + Default: '' + Type: String + ArtifactoryServerName: + Description: Name of your Artifactory server. Ensure that this matches your certificate. + Type: String + MasterKey: + Description: Master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'. + AllowedPattern: ^[a-zA-Z0-9]+$ + MinLength: '1' + MaxLength: '64' + ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters. + NoEcho: 'true' + Type: String + ExtraJavaOptions: + Description: Set Java options to pass to the JVM for Artifactory. For more information, see the Artifactory + system requirements at https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware. + Do not add Xms or Xmx settings without disabling DefaultJavaMemSettings. + Default: -Xss256k -XX:+UseG1GC + Type: String + DefaultJavaMemSettings: + Description: Choose false to overwrite the standard memory-calculation options to pass to the Artifactory JVM. + If you plan to overwrite them, ensure they are added to the ExtraJavaOptions to prevent the stack provision from failing. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + KeystorePassword: + Description: Java key store password. For better security, the password that you specify will + replace the default Java key store password. + NoEcho: 'true' + Type: String + AnsibleVaultPass: + Description: Ansible Vault password to protect the Artifactory YAML configuration file + generated during the Artifactory deployment. This YAML file is stored on the EC2 nodes + and secured with this password. + NoEcho: 'true' + Type: String + DatabaseName: + Description: Name of your database instance. The name must be unique across all instances + owned by your AWS account in the current Region. The database instance identifier is case-insensitive, + but it's stored in lowercase (as in "mydbinstance"). + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + MinLength: '1' + MaxLength: '60' + ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter. + Default: artdb + Type: String + DatabaseEngine: + Description: Database engine that you want to run. + AllowedValues: + - Postgres + Default: Postgres + Type: String + DatabaseUser: + Description: Login ID for the master user of your database instance. + MinLength: '1' + MaxLength: '16' + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + ConstraintDescription: 1 to 16 alphanumeric characters. The first character must be a letter. + Default: artifactory + Type: String + DatabasePassword: + Description: Password for the Artifactory database user. + AllowedPattern: ^[^ \\']+$ + MinLength: '8' + MaxLength: '12' + ConstraintDescription: Must be at least 8 and no more than + 12 characters containing letters and (minimum 1 capital letter), numbers and + symbols. + NoEcho: 'true' + Type: String + DatabaseInstance: + Description: Size of the database to be deployed as part of the Quick Start. + AllowedValues: + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.10xlarge + - db.m5.16xlarge + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.4xlarge + - db.m5.12xlarge + - db.m5.24xlarge + ConstraintDescription: Must be a valid database Instance Type. + Default: db.m5.large + Type: String + DatabaseAllocatedStorage: + Description: Size in gigabytes of available storage for the database instance. + MinValue: 5 + MaxValue: 1024 + Default: 10 + Type: Number + MultiAzDatabase: + Description: Choose false to create an Amazon RDS instance in a single Availability Zone. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + InstallXray: + Description: Choose true to install JFrog Xray instance(s). + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + XrayVersion: + Description: The version of Xray that you want to deploy into the Quick Start. + AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ + ConstraintDescription: A version that matches X.X.X per Xray releases. + Default: 3.11.2 + Type: String + XrayNumberOfInstances: + Description: The number of Xray instances servers to complete your + HA deployment. The minimum number is one; the maximum is seven. + Do not select more than instances than you have licenses for. + MinValue: 1 + MaxValue: 7 + Default: 1 + Type: Number + XrayInstanceType: + Description: The EC2 instance type for the Xray instances. + AllowedValues: + - c5.2xlarge + - c5.4xlarge + ConstraintDescription: Must contain valid instance type. + Default: c5.2xlarge + Type: String + XrayDatabaseUser: + Description: The login ID for the Xray database user. + MinLength: '1' + MaxLength: '16' + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter. + Default: xray + Type: String + XrayDatabasePassword: + Description: The password for the Xray database user. + AllowedPattern: ^[^ \\']+$ + MinLength: '8' + MaxLength: '12' + ConstraintDescription: Must be at least 8 and no more than + 12 characters containing letters and (minimum 1 capital letter), numbers and + symbols. + NoEcho: 'true' + Type: String +Resources: + ArtifactoryExistingVpcStack: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub https://jfrog-aws-test.s3.us-east-1.${AWS::URLSuffix}/artifactory7/v7106/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml + # TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-ec2-existing-vpc.template.yaml + Parameters: + KeyPairName: !Ref KeyPairName + VpcId: !Ref VpcId + VpcCidr: !Ref VpcCidr + PublicSubnet1Id: !Ref PublicSubnet1Id + PublicSubnet2Id: !Ref PublicSubnet2Id + PrivateSubnet1Id: !Ref PrivateSubnet1Id + PrivateSubnet2Id: !Ref PrivateSubnet2Id + PrivateSubnet1Cidr: !Ref PrivateSubnet1Cidr + PrivateSubnet2Cidr: !Ref PrivateSubnet2Cidr + AccessCidr: !Ref AccessCidr + RemoteAccessCidr: !Ref RemoteAccessCidr + ProvisionBastionHost: "Disabled" + BastionInstanceType: "t3.micro" + BastionRootVolumeSize: 10 + BastionEnableTcpForwarding: "true" + BastionEnableX11Forwarding: "false" + BastionOs: "Amazon-Linux2-HVM" + NumBastionHosts: "1" + VolumeSize: !Ref VolumeSize + InstanceType: !Ref InstanceType + NumberOfSecondary: !Ref NumberOfSecondary + ArtifactoryProduct: "JFrog-Artifactory-Pro" + ArtifactoryVersion: !Ref ArtifactoryVersion + SmLicenseCertName: !Ref SmLicenseCertName + ArtifactoryServerName: !Ref ArtifactoryServerName + MasterKey: !Ref MasterKey + ExtraJavaOptions: !Ref ExtraJavaOptions + DefaultJavaMemSettings: !Ref DefaultJavaMemSettings + KeystorePassword: !Ref KeystorePassword + AnsibleVaultPass: !Ref AnsibleVaultPass + DatabaseName: !Ref DatabaseName + DatabaseEngine: !Ref DatabaseEngine + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + DatabaseInstance: !Ref DatabaseInstance + DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage + MultiAzDatabase: !Ref MultiAzDatabase + QsS3BucketName: "jfrog-aws-test" + QsS3KeyPrefix: "artifactory7/v7106/" + QsS3BucketRegion: "us-east-1" + InstallXray: !Ref InstallXray + XrayVersion: !Ref XrayVersion + XrayNumberOfInstances: !Ref XrayNumberOfInstances + XrayInstanceType: !Ref XrayInstanceType + XrayDatabaseUser: !Ref XrayDatabaseUser + XrayDatabasePassword: !Ref XrayDatabasePassword +Outputs: + ArtifactoryUrl: + Description: URL of the ELB to access Artifactory + Value: !Sub ${ArtifactoryExistingVpcStack.Outputs.ArtifactoryUrl} + BastionIp: + Value: !Sub ${ArtifactoryExistingVpcStack.Outputs.BastionIp} + Description: Bastion host IP, for admin access via SSH diff --git a/Amazon/Marketplace/v7106/templates/jfrog-xray-ec2-instance.template.yaml b/Amazon/Marketplace/v7106/templates/jfrog-xray-ec2-instance.template.yaml new file mode 100644 index 0000000..764a32c --- /dev/null +++ b/Amazon/Marketplace/v7106/templates/jfrog-xray-ec2-instance.template.yaml @@ -0,0 +1,283 @@ +AWSTemplateFormatVersion: "2010-09-09" +Description: "Deploys the EC2 Autoscaling, LaunchConfig and Instance for Xray" +Parameters: + PrivateSubnet1Id: + Type: 'AWS::EC2::Subnet::Id' + PrivateSubnet2Id: + Type: 'AWS::EC2::Subnet::Id' + KeyPairName: + Type: AWS::EC2::KeyPair::KeyName + MinScalingNodes: + Type: Number + MaxScalingNodes: + Type: Number + DeploymentTag: + Type: String + QsS3BucketName: + Type: String + QsS3KeyPrefix: + Type: String + QsS3Uri: + Type: String + DatabaseDriver: + Type: String + DatabaseType: + Type: String + DatabaseUser: + Type: String + DatabasePassword: + Type: String + NoEcho: 'true' + MasterKey: + Type: String + NoEcho: 'true' + SecurityGroups: + Type: String + VolumeSize: + Type: Number + XrayHostProfile: + Type: String + XrayHostRole: + Type: String + XrayInstanceType: + Type: String + JfrogInternalUrl: + Type: String + AnsibleVaultPass: + Description: Ansiblevault Password to secure the artifactory.yml + Type: String + NoEcho: 'true' + XrayDatabaseUser: + Type: String + XrayDatabasePassword: + Type: String + NoEcho: 'true' + XrayMasterDatabaseUrl: + Type: String + XrayDatabaseUrl: + Type: String + XrayFirstNode: + Description: Runs database scripts if this is the first node + Type: String + XrayVersion: + Type: String + XrayAmiId: + Type: String +# To populate additional mappings use the following with the desired --region +# aws --region us-west-2 ec2 describe-images --owners amazon --filters 'Name=name,Values=amzn-ami-hvm-2018.03.0.20181129-x86_64-gp2' 'Name=state,Values=available' --output json | jq -r '.Images | sort_by(.CreationDate) | last(.[]).ImageId' +Mappings: + AWSAMIRegionMap: + ap-northeast-1: + "330": ami-09dfb20a591375d09 # TODO: Get correct ami - provided by market place tem + "361": ami-09dfb20a591375d09 # TODO: Get correct ami - provided by market place tem + ap-northeast-2: + "330": ami-0eb86b82de93a34fb # TODO: Get correct ami - provided by market place tem + "361": ami-0eb86b82de93a34fb # TODO: Get correct ami - provided by market place tem + ap-south-1: + "330": ami-01b828aa6cc99a322 # TODO: Get correct ami - provided by market place tem + "361": ami-01b828aa6cc99a322 # TODO: Get correct ami - provided by market place tem + ap-southeast-1: + "330": ami-04a94cc4dc0d08c98 # TODO: Get correct ami - provided by market place tem + "361": ami-04a94cc4dc0d08c98 # TODO: Get correct ami - provided by market place tem + ap-southeast-2: + "330": ami-030871aa8d1f0689e # TODO: Get correct ami - provided by market place tem + "361": ami-030871aa8d1f0689e # TODO: Get correct ami - provided by market place tem + ca-central-1: + "330": ami-0148cebea7bea4aaf # TODO: Get correct ami - provided by market place tem + "361": ami-0148cebea7bea4aaf # TODO: Get correct ami - provided by market place tem + eu-central-1: + "330": ami-07961f7c210143a42 # TODO: Get correct ami - provided by market place tem + "361": ami-07961f7c210143a42 # TODO: Get correct ami - provided by market place tem + eu-west-1: + "330": ami-0171b8d46941b4ca1 # TODO: Get correct ami - provided by market place tem + "361": ami-0171b8d46941b4ca1 # TODO: Get correct ami - provided by market place tem + sa-east-1: + "330": ami-0596f196b273bb8a6 # TODO: Get correct ami - provided by market place tem + "361": ami-0596f196b273bb8a6 # TODO: Get correct ami - provided by market place tem + us-east-1: + "330" : ami-0d4d4252cdc2b6f11 # TODO: Get correct ami - provided by market place tem + "361" : ami-086fcbf4aa2bd203f # TODO: Get correct ami - provided by market place tem + "386" : ami-0becff949aa530956 # partnership account + seller account + "3103": ami-07414bc0b35a8a896 # partnership account (shared with partnership account) + "3112": ami-0819678d7216af530 # seller account (shared with partnership account) + us-east-2: + "330" : ami-00a5fcde44618d39b # TODO: Get correct ami - using ami generated by myself - provided by market place tem + "361" : ami-005b2ceceac6999ff # TODO: Get correct ami - using ami generated by myself - provided by market place tem + "3103": ami-0568749cd3090ebd4 # partnership account (shared with partnership account) + "3112": ami-0819678d7216af530 # to be updated by Marketplace team + us-west-1: + "330" : ami-068cd684b4d3a3a86 # TODO: Get correct ami - provided by market place tem + "361" : ami-068cd684b4d3a3a86 # TODO: Get correct ami - provided by market place tem + "3103": ami-063b22c527b48e209 # partnership account (shared with partnership account) + us-west-2: + "330" : ami-03d60da4c8a146a55 # TODO: Get correct ami - provided by market place tem + "361" : ami-03d60da4c8a146a55 # TODO: Get correct ami - provided by market place tem + "386" : ami-07af1682f09ef4a20 # partnership account + seller account + "3103": ami-081aabd2bb46b1ffc # partnership account (shared with partnership account) + "3112": ami-0819678d7216af530 # to be updated by Marketplace team + us-gov-east-1: + "361" : ami-001d5cec1e7399f65 # TODO: Get correct ami - provided by market place tem + "3103": ami-08ac98f47eb27e2a0 # partnership account + "3112": ami-0819678d7216af530 # to be updated by Marketplace team + us-gov-west-1: + "361" : ami-0eb4eecce8d5bcb80 # TODO: Get correct ami - provided by market place tem + "3103": ami-0cb5c0773d037b57b # partnership account + "3112": ami-0819678d7216af530 # to be updated by Marketplace team + +Resources: + XrayScalingGroup: + Type: 'AWS::AutoScaling::AutoScalingGroup' + Properties: + LaunchConfigurationName: !Ref XrayLaunchConfiguration + VPCZoneIdentifier: + - !Ref PrivateSubnet1Id + - !Ref PrivateSubnet2Id + MinSize: !Ref MinScalingNodes + MaxSize: !Ref MaxScalingNodes + Cooldown: '300' + DesiredCapacity: !Ref MinScalingNodes + HealthCheckType: EC2 + HealthCheckGracePeriod: 900 + Tags: + - Key: Name + Value: !Ref DeploymentTag + PropagateAtLaunch: true + CreationPolicy: + ResourceSignal: + Count: 1 + Timeout: PT60M + XrayLaunchConfiguration: + Type: 'AWS::AutoScaling::LaunchConfiguration' + Metadata: + 'AWS::CloudFormation::Authentication': + S3AccessCreds: + type: S3 + roleName: + - !Ref XrayHostRole + buckets: + - !Ref QsS3BucketName + 'AWS::CloudFormation::Init': + configSets: + xray_install: + - "config-xray" + config-xray: + files: + /root/.xray_ami/xray.yml: + content: !Sub + - | + # Base install for Xray + - import_playbook: site-xray.yml + vars: + jfrog_url: ${JfrogInternalUrl} + master_key: ${MasterKey} + join_key: ${MasterKey} + db_type: ${DatabaseType} + db_driver: ${DatabaseDriver} + db_url: postgres://${XrayDatabaseUrl} + db_user: ${XrayDatabaseUser} + db_password: ${XrayDatabasePassword} + xray_version: ${XrayVersion} + - { + product: Xray + } + mode: "0400" + /root/.vault_pass.txt: + content: !Sub | + ${AnsibleVaultPass} + mode: "0400" + Properties: + AssociatePublicIpAddress: false + KeyName: !Ref KeyPairName + IamInstanceProfile: !Ref XrayHostProfile + ImageId: !FindInMap + - AWSAMIRegionMap + - !Ref 'AWS::Region' + - !Ref XrayAmiId + SecurityGroups: + - !Ref SecurityGroups + InstanceType: !Ref XrayInstanceType + BlockDeviceMappings: + - DeviceName: /dev/xvda + Ebs: + VolumeSize: !Ref VolumeSize + VolumeType: gp2 + DeleteOnTermination: true + UserData: + 'Fn::Base64': + !Sub | + #!/bin/bash -x + exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 + + #CFN Functions + + function cfn_fail + + { + + cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource XrayScalingGroup + + exit 1 + + } + + function cfn_success + + { + + cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource XrayScalingGroup + + exit 0 + + } + + S3URI=${QsS3Uri} + + # yum install -y git + + echo $PATH + + PATH=/opt/aws/bin:$PATH + + echo $PATH + echo \'[Cloning: Load QuickStart Common Utils]\' + + # git clone https://github.com/aws-quickstart/quickstart-linux-utilities.git + + source /quickstart-linux-utilities/quickstart-cfn-tools.source + + echo \'[Loaded: Load QuickStart Common Utils]\' + + echo \'[Update Operating System]\' + + qs_update-os || qs_err + + qs_bootstrap_pip || qs_err + + qs_aws-cfn-bootstrap || qs_err + + source ~/venv/bin/activate &> /var/log/userdata.activate_venv.log || qs_err " activate venv failed " + + # mkdir ~/.xray_ansible + + # aws s3 --region ${AWS::Region} sync s3://${QsS3BucketName}/${QsS3KeyPrefix}cloudInstallerScripts/ ~/.xray_ansible/ + + cfn-init -v --stack ${AWS::StackName} --resource XrayLaunchConfiguration --configsets xray_install --region ${AWS::Region} || cfn_fail + + # CentOS cloned virtual machines do not create a new machine id + # https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/ + rm -f /etc/machine-id + systemd-machine-id-setup + + if "true" == "${XrayFirstNode}" + then + psql postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} -c "CREATE USER ${XrayDatabaseUser} WITH PASSWORD '${XrayDatabasePassword}'" &>> /var/log/userdata.xray_database.log; + psql postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} -c "grant ${XrayDatabaseUser} to ${DatabaseUser}" &>> /var/log/userdata.xray_database.log; + psql postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} -c "CREATE DATABASE xraydb WITH OWNER=${XrayDatabaseUser} ENCODING='UTF8'" &>> /var/log/userdata.xray_database.log; + psql postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} -c "GRANT ALL PRIVILEGES ON DATABASE xraydb TO ${XrayDatabaseUser}" &>> /var/log/userdata.xray_database.log; + fi + + ansible-playbook /root/.xray_ami/xray.yml || qs_err " ansible execution failed " + + $(qs_status) &> /var/log/qs_status.log + cfn_success &> /var/log/cfn_success.log + [ $(qs_status) == 0 ] && cfn_success || cfn_fail \ No newline at end of file From c912106e67d6ea2b7bdef5a43b2b274a475087b8 Mon Sep 17 00:00:00 2001 From: Vinay Aggarwal Date: Sun, 22 Nov 2020 12:37:41 -0800 Subject: [PATCH 7/9] changes for artifactory 7.11.2 --- ...ifactory-core-infrastructure.template.yaml | 378 ++++++ ...artifactory-ec2-existing-vpc.template.yaml | 1024 +++++++++++++++++ ...rog-artifactory-ec2-instance.template.yaml | 414 +++++++ ...ctory-ec2-marketplace-master.template.yaml | 457 ++++++++ .../jfrog-xray-ec2-instance.template.yaml | 279 +++++ 5 files changed, 2552 insertions(+) create mode 100644 Amazon/Marketplace/v7112/templates/jfrog-artifactory-core-infrastructure.template.yaml create mode 100644 Amazon/Marketplace/v7112/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml create mode 100644 Amazon/Marketplace/v7112/templates/jfrog-artifactory-ec2-instance.template.yaml create mode 100644 Amazon/Marketplace/v7112/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml create mode 100644 Amazon/Marketplace/v7112/templates/jfrog-xray-ec2-instance.template.yaml diff --git a/Amazon/Marketplace/v7112/templates/jfrog-artifactory-core-infrastructure.template.yaml b/Amazon/Marketplace/v7112/templates/jfrog-artifactory-core-infrastructure.template.yaml new file mode 100644 index 0000000..2362bba --- /dev/null +++ b/Amazon/Marketplace/v7112/templates/jfrog-artifactory-core-infrastructure.template.yaml @@ -0,0 +1,378 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: 'JFrog Artifactory Quick Start Deployment (qs-1qpmmjh61)' +Parameters: + VpcId: + Type: AWS::EC2::VPC::Id + VpcCidr: + Description: CIDR block for the VPC + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/16 + Type: String + PrivateSubnet1Cidr: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/19 + Type: String + PrivateSubnet2Cidr: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.32.0/19 + Type: String + PrivateSubnet3Cidr: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.64.0/19 + Type: String + SubnetIds: + Type: List + DatabaseAllocatedStorage: + Type: Number + MultiAzDatabase: + Type: String + DatabaseEngine: + Type: String + DatabaseUser: + Type: String + DatabasePassword: + NoEcho: 'true' + Type: String + DatabaseInstance: + Type: String + DatabaseName: + Type: String + ArtifactoryS3IAMUser: + NoEcho: 'true' + Type: String + ArtifactoryProduct: + Default: JFrog-Artifactory-Pro + Type: String + ReleaseStage: + Default: GA + Type: String + InstanceType: + Default: m5.xlarge + Type: String + +Mappings: + DatabaseMap: + Postgres: + Name: postgresql + DatabaseVersion: 11.5 + Driver: "org.postgresql.Driver" + Plugin: postgresql-42.2.9.jar + PluginURL: https://jdbc.postgresql.org/download/ + port: "5432" + extraDatabaseOps: "" + ReleaseStageMap: + BETA: + ProDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/artifactory-pro" + JcrDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/artifactory-jcr" + NginxDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/nginx-artifactory-pro" + GA: + ProDockerRepo: "docker.bintray.io/jfrog/artifactory-pro" + JcrDockerRepo: "docker.bintray.io/jfrog/artifactory-jcr" + NginxDockerRepo: "docker.bintray.io/jfrog/nginx-artifactory-pro" + ProductMap: + JFrog-Container-Registry: + RepoName: JcrDockerRepo + JFrog-Artifactory-Pro: + RepoName: ProDockerRepo + JavaOptionstoInstance: + m5.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5.8xlarge: + Min: 64 + Max: 96 + DeploymentSize: Large + m5.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5.16xlarge: + Min: 128 + Max: 192 + DeploymentSize: xxLarge + m5.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5.metal: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5d.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5d.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5d.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5d.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5d.8xlarge: + Min: 64 + Max: 96 + DeploymentSize: Large + m5d.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5d.16xlarge: + Min: 128 + Max: 192 + DeploymentSize: xxLarge + m5d.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5d.metal: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5a.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5a.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5a.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5a.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5a.8xlarge: + Min: 64 + Max: 96 + DeploymentSize: Large + m5a.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5a.16xlarge: + Min: 128 + Max: 192 + DeploymentSize: xxLarge + m5a.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5ad.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5ad.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5ad.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5ad.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5ad.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5ad.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge +Resources: + ArtifactoryDatabaseSubnetGroup: + Type: AWS::RDS::DBSubnetGroup + Properties: + DBSubnetGroupDescription: Private Subnets available to the RDS Instance(s) + SubnetIds: !Ref SubnetIds + ArtifactoryDatabase: + Type: AWS::RDS::DBInstance + Properties: + AllocatedStorage: !Ref DatabaseAllocatedStorage + MultiAZ: !Ref MultiAzDatabase + Engine: !Ref DatabaseEngine + EngineVersion: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - DatabaseVersion + MasterUsername: !Ref DatabaseUser + MasterUserPassword: !Ref DatabasePassword + DBInstanceClass: !Ref DatabaseInstance + DBName: !Ref DatabaseName + DBSubnetGroupName: !Ref ArtifactoryDatabaseSubnetGroup + VPCSecurityGroups: + - !Ref ArtifactoryDatabaseSG + ArtifactoryDatabaseSG: + Type: AWS::EC2::SecurityGroup + Properties: + Tags: + - Key: Name + Value: artifactory-rds-sg + GroupDescription: SG for RDS Instance to allow communication from the Bastion and Artifactory servers. + VpcId: !Ref VpcId + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + ToPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + CidrIp: !Ref PrivateSubnet1Cidr + - IpProtocol: tcp + FromPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + ToPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + CidrIp: !Ref PrivateSubnet2Cidr + - IpProtocol: tcp + FromPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + ToPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + CidrIp: !Ref PrivateSubnet3Cidr + SecurityGroupEgress: + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 80 + ToPort: 80 + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 443 + ToPort: 443 + CidrIp: 0.0.0.0/0 + ArtifactoryS3Bucket: + Type: AWS::S3::Bucket + Properties: + AccessControl: Private + BucketEncryption: + ServerSideEncryptionConfiguration: + - ServerSideEncryptionByDefault: + SSEAlgorithm: AES256 + ArtifactoryS3IAMPolicy: + Type: AWS::IAM::Policy + Properties: + PolicyName: S3BucketPermissions + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: S3BucketPermissions + Effect: Allow + Action: + - s3:* + Resource: + - Fn::Join: + - '' + - - !Sub "arn:${AWS::Partition}:s3:::" + - !Ref ArtifactoryS3Bucket + - Fn::Join: + - '' + - - !Sub "arn:${AWS::Partition}:s3:::" + - !Ref ArtifactoryS3Bucket + - "/*" + Users: + - !Ref ArtifactoryS3IAMUser +Outputs: + S3Bucket: + Value: !Ref ArtifactoryS3Bucket + Description: Actual S3 bucket created for Artifactory + DatabaseDriver: + Value: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Driver] + DatabasePlugin: + Value: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Plugin] + DatabasePluginUrl: + Value: !Sub + - "${MainURL}${PluginVersion}" + - { + MainURL: !FindInMap [DatabaseMap, !Ref DatabaseEngine, PluginURL], + PluginVersion: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Plugin] + } + DatabaseType: + Value: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Name] + DatabaseUrl: + Value: !Sub + - "jdbc:${DatabaseType}://${ArtifactoryDatabaseEndpointAddress}:${port}/${DatabaseName}${extraDatabaseOps}" + - { + DatabaseType: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Name], + ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address, + port: !FindInMap [DatabaseMap, !Ref DatabaseEngine, port], + extraDatabaseOps: !FindInMap [DatabaseMap, !Ref DatabaseEngine, extraDatabaseOps], + } + XrayMasterDatabaseUrl: + Value: !Sub + - "${ArtifactoryDatabaseEndpointAddress}:${port}/${DatabaseName}?sslmode=disable" + - { + ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address, + port: !FindInMap [DatabaseMap, !Ref DatabaseEngine, port], + } + XrayDatabaseUrl: + Value: !Sub + - "${ArtifactoryDatabaseEndpointAddress}:${port}/xraydb?sslmode=disable" + - { + ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address, + port: !FindInMap [DatabaseMap, !Ref DatabaseEngine, port], + } + ProDockerRepo: + Value: !FindInMap + - ReleaseStageMap + - !Ref ReleaseStage + - !FindInMap + - ProductMap + - !Ref ArtifactoryProduct + - RepoName + NginxDockerRepo: + Value: !FindInMap [ReleaseStageMap, !Ref ReleaseStage, NginxDockerRepo] + JavaOpts: + Value: !Sub + - "-Xms${min}g -Xmx${max}g" + - { + min: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, Min], + max: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, Max] + } + DeploymentSize: + Value: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, DeploymentSize] diff --git a/Amazon/Marketplace/v7112/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml b/Amazon/Marketplace/v7112/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml new file mode 100644 index 0000000..b7d0d5b --- /dev/null +++ b/Amazon/Marketplace/v7112/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml @@ -0,0 +1,1024 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: 'JFrog Artifactory Quick Start Deployment into an Existing VPC (qs-1q037efj0)' +Metadata: + QuickStartDocumentation: + EntrypointName: "Launch into an existing VPC" + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: Security configuration + Parameters: + - KeyPairName + - AccessCidr + - RemoteAccessCidr + - Label: + default: Network configuration + Parameters: + - VpcId + - VpcCidr + - PublicSubnet1Id + - PublicSubnet2Id + - PrivateSubnet1Id + - PrivateSubnet2Id + - PrivateSubnet1Cidr + - PrivateSubnet2Cidr + - ELBScheme + - Label: + default: Bastion configuration + Parameters: + - ProvisionBastionHost + - BastionInstanceType + - BastionOs + - BastionRootVolumeSize + - BastionEnableTcpForwarding + - NumBastionHosts + - BastionEnableX11Forwarding + - Label: + default: Amazon EC2 configuration + Parameters: + - VolumeSize + - InstanceType + - Label: + default: JFrog Artifactory configuration + Parameters: + - ArtifactoryProduct + - ArtifactoryVersion + - NumberOfSecondary + - SmLicenseCertName + - ArtifactoryServerName + - MasterKey + - ExtraJavaOptions + - DefaultJavaMemSettings + - KeystorePassword + - AnsibleVaultPass + - Label: + default: Amazon RDS configuration + Parameters: + - DatabaseName + - DatabaseEngine + - DatabaseUser + - DatabasePassword + - DatabaseInstance + - DatabaseAllocatedStorage + - MultiAzDatabase + - Label: + default: AWS Quick Start configuration + Parameters: + - QsS3BucketName + - QsS3KeyPrefix + - QsS3BucketRegion + - Label: + default: JFrog Xray Configuration + Parameters: + - InstallXray + - XrayVersion + - XrayNumberOfInstances + - XrayInstanceType + - XrayDatabaseUser + - XrayDatabasePassword + ParameterLabels: + KeyPairName: + default: SSH key name + VpcId: + default: VPC ID + VpcCidr: + default: VPC CIDR + PublicSubnet1Id: + default: Public subnet 1 ID + PublicSubnet2Id: + default: Public subnet 2 ID + PrivateSubnet1Id: + default: Private subnet 1 ID + PrivateSubnet2Id: + default: Private subnet 2 ID + PrivateSubnet1Cidr: + default: Private subnet 1 CIDR + PrivateSubnet2Cidr: + default: Private subnet 2 CIDR + AccessCidr: + default: Permitted IP range + RemoteAccessCidr: + default: Remote access CIDR + ELBScheme: + default: Elastic Load Balancing scheme + ProvisionBastionHost: + default: Bastion instance + BastionInstanceType: + default: Bastion instance type + BastionRootVolumeSize: + default: Bastion root volume size + BastionEnableTcpForwarding: + default: Bastion enable TCP forwarding + BastionEnableX11Forwarding: + default: Bastion enable X11 forwarding + BastionOs: + default: Bastion operating system + NumBastionHosts: + default: Number of bastion instances + VolumeSize: + default: EBS root volume size + InstanceType: + default: EC2 instance type + NumberOfSecondary: + default: Secondary instances + ArtifactoryProduct: + default: Artifactory product to install + ArtifactoryVersion: + default: Artifactory version + SmLicenseCertName: + default: Artifactory licenses and certificate secret name + ArtifactoryServerName: + default: Artifactory server name + MasterKey: + default: Master server key + ExtraJavaOptions: + default: Extra Java options + DefaultJavaMemSettings: + default: Default Java memory settings + KeystorePassword: + default: Java keystore password + AnsibleVaultPass: + default: Ansible Vault password + DatabaseName: + default: Database name + DatabaseEngine: + default: Database engine + DatabaseUser: + default: Database user + DatabasePassword: + default: Database password + DatabaseInstance: + default: Database instance type + DatabaseAllocatedStorage: + default: Database allocated storage + MultiAzDatabase: + default: High-availability database + QsS3BucketName: + default: Quick Start S3 bucket name + QsS3KeyPrefix: + default: Quick Start S3 key prefix + QsS3BucketRegion: + default: Quick Start S3 bucket region + InstallXray: + default: Install JFrog Xray + XrayVersion: + default: Version of Xray to install + XrayNumberOfInstances: + default: Number of JFrog Xray instances + XrayInstanceType: + default: Xray instance type + XrayDatabaseUser: + default: Xray Database user + XrayDatabasePassword: + default: Xray Database password +Parameters: + KeyPairName: + Description: Name of an existing key pair, + which allows you to connect securely to your instance after it launches. + This is the key pair you created in your preferred Region. + Type: AWS::EC2::KeyPair::KeyName + VpcId: + Description: ID of your existing VPC (e.g., vpc-0343606e). + Type: "AWS::EC2::VPC::Id" + VpcCidr: + Description: CIDR block for the VPC. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/16 + Type: String + PublicSubnet1Id: + Description: ID of the public subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab). + Type: "AWS::EC2::Subnet::Id" + PublicSubnet2Id: + Description: ID of the public subnet in Availability Zone 2 of your existing VPC (e.g., subnet-a29c3d84). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet1Id: + Description: ID of the private subnet in Availability Zone 1 of your existing VPC (e.g., subnet-a0246dcd). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet2Id: + Description: ID of the private subnet in Availability Zone 2 of your existing VPC (e.g., subnet-b58c3d67). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet1Cidr: + Description: CIDR of the private subnet in Availability Zone 1 of your existing VPC (e.g., 10.0.0.0/19). + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/19 + Type: String + PrivateSubnet2Cidr: + Description: CIDR of the private subnet in Availability Zone 2 of your existing VPC (e.g., 10.0.32.0/19). + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.32.0/19 + Type: String + AccessCidr: + Description: CIDR IP range that is permitted to access Artifactory. + We recommend that you set this value to a trusted IP range. + For example, you might want to grant only your corporate network access to the software. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Type: String + RemoteAccessCidr: + Description: Remote CIDR range that allows you to connect to the bastion instance by using SSH. + We recommend that you set this value to a trusted IP range. + For example, you might want to grant specific ranges inside your corporate network SSH access. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Type: String + ELBScheme: + Description: Choose whether this is internet facing or internal. + AllowedValues: + - internal + - internet-facing + Default: internet-facing + Type: String + ProvisionBastionHost: + Description: Choose Disabled to skip creating a bastion instance. Due to the JFrog Container Registry nodes being + created in private subnets, the default setting of Enabled this is highly recommended. + AllowedValues: + - "Enabled" + - "Disabled" + Default: "Enabled" + Type: String + BastionInstanceType: + Description: Size of the bastion instances. + AllowedValues: + - t3.nano + - t3.micro + - t3.small + - t3.medium + - t3.large + - m5.large + - m5.xlarge + - m5.2xlarge + - m5.4xlarge + Default: "t3.micro" + Type: String + BastionRootVolumeSize: + Description: Size of the root volume on the bastion instances. + Default: 10 + Type: Number + BastionEnableTcpForwarding: + Description: Choose whether to enable TCPForwarding via the bootstrapping of the bastion instance + or not. + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + BastionEnableX11Forwarding: + Description: Choose true to enable X11 via the bootstrapping of the bastion host. + Setting this value to true will enable X Windows over SSH. + X11 forwarding can be useful, but it is also a security risk, so it's recommended + that you keep the default (false) setting. + AllowedValues: + - "true" + - "false" + Default: "false" + Type: String + BastionOs: + Description: Linux distribution for the Amazon Machine Image (AMI) to be used for the bastion instances. + AllowedValues: + - "Amazon-Linux2-HVM" + - "CentOS-7-HVM" + - "Ubuntu-Server-20.04-LTS-HVM" + - "SUSE-SLES-15-HVM" + Default: "Amazon-Linux2-HVM" + Type: String + NumBastionHosts: + Description: Number of bastion instances to create. + AllowedValues: + - '1' + - '2' + - '3' + - '4' + Default: '1' + Type: String + VolumeSize: + Description: Size in gigabytes of the available storage (min 10GB); the Quick Start will create an + Amazon Elastic Block Store (Amazon EBS) volumes of this size. + Default: 200 + Type: Number + InstanceType: + Description: EC2 type for the Artifactory instances. + AllowedValues: + - m5.large + - m5.xlarge + - m5.2xlarge + - m5.4xlarge + - m5.8xlarge + - m5.12xlarge + - m5.16xlarge + - m5.24xlarge + - m5.metal + - m5d.large + - m5d.xlarge + - m5d.2xlarge + - m5d.4xlarge + - m5d.8xlarge + - m5d.12xlarge + - m5d.16xlarge + - m5d.24xlarge + - m5d.metal + - m5a.large + - m5a.xlarge + - m5a.2xlarge + - m5a.4xlarge + - m5a.8xlarge + - m5a.12xlarge + - m5a.16xlarge + - m5a.24xlarge + ConstraintDescription: Must contain valid instance type. + Default: m5.xlarge + Type: String + NumberOfSecondary: + Description: Number of secondary Artifactory servers to complete your + HA deployment. To align with Artifactory best practices, the minimum number + is two and the maximum is seven. Do not select more instances than you + have licenses for. + AllowedValues: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + Default: 2 + Type: Number + ArtifactoryProduct: + Description: JFrog Artifactory product you want to install into an AMI. + AllowedValues: + - JFrog-Artifactory-Pro + - JFrog-Container-Registry + Default: JFrog-Artifactory-Pro + Type: String + ArtifactoryVersion: + Description: Version of Artifactory that you want to deploy into the Quick Start. + See the release notes to select the version you want to deploy at + https://www.jfrog.com/confluence/display/RTF/Release+Notes. + AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ + ConstraintDescription: A version that matches X.X.X per Artifactory releases + Default: 7.10.2 + Type: String + SmLicenseCertName: + Description: Secret name created in AWS Secrets Manager, which contains the SSL certificate, certificate key, and Artifactory licenses. + Default: '' + Type: String + ArtifactoryServerName: + Description: Name of your Artifactory server. Ensure that this matches your certificate. + Type: String + MasterKey: + Description: Master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'. + AllowedPattern: ^[a-zA-Z0-9]+$ + MinLength: '1' + MaxLength: '64' + ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters. + NoEcho: 'true' + Type: String + ExtraJavaOptions: + Description: Set Java options to pass to the JVM for Artifactory. For more information, see the Artifactory + system requirements at https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware. + Do not add Xms or Xmx settings without disabling DefaultJavaMemSettings. + Default: -Xss256k -XX:+UseG1GC + Type: String + DefaultJavaMemSettings: + Description: Choose false to overwrite the standard memory-calculation options to pass to the Artifactory JVM. + If you plan to overwrite them, ensure they are added to the ExtraJavaOptions to prevent the stack provision from failing. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + KeystorePassword: + Description: Java keystore password. For better security, the password that you specify will + replace the default Java key store password. + NoEcho: 'true' + Type: String + AnsibleVaultPass: + Description: Ansible Vault password to protect the Artifactory YAML configuration file + generated during the Artifactory deployment. This YAML file is stored on the EC2 nodes + and secured with this password. + NoEcho: 'true' + Type: String + DatabaseName: + Description: Name of your database instance. The name must be unique across all instances + owned by your AWS account in the current Region. The database instance identifier is case-insensitive, + but it's stored in lowercase (as in "mydbinstance"). + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + MinLength: '1' + MaxLength: '60' + ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter. + Default: artdb + Type: String + DatabaseEngine: + Description: Database engine that you want to run, which is currently locked to MySQL. + AllowedValues: + - Postgres + Default: Postgres + Type: String + DatabaseUser: + Description: Login ID for the master user of your database instance. + MinLength: '1' + MaxLength: '16' + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter. + Default: artifactory + Type: String + DatabasePassword: + Description: Password for the Artifactory database user. + AllowedPattern: ^[^ \\']+$ + MinLength: '8' + MaxLength: '12' + ConstraintDescription: Must be at least 8 and no more than + 12 characters containing letters and (minimum 1 capital letter), numbers and + symbols. + NoEcho: 'true' + Type: String + DatabaseInstance: + Description: Size of the database to be deployed as part of the Quick Start. + AllowedValues: + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.10xlarge + - db.m5.16xlarge + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.4xlarge + - db.m5.12xlarge + - db.m5.24xlarge + ConstraintDescription: Must be a valid database Instance Type. + Default: db.m5.large + Type: String + DatabaseAllocatedStorage: + Description: Size in gigabytes of the available storage for the database instance. + MinValue: 5 + MaxValue: 1024 + Default: 10 + Type: Number + MultiAzDatabase: + Description: Choose false to create an Amazon RDS instance in a single Availability Zone. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + QsS3BucketName: + Description: S3 bucket name for the Quick Start assets. This string can include + numbers, lowercase letters, and hyphens (-). It cannot start + or end with a hyphen (-). + AllowedPattern: ^[0-9a-z]+([0-9a-z-]*[0-9a-z])*$ + ConstraintDescription: Quick Start bucket name can include numbers, lowercase + letters, and hyphens (-). It cannot start or end with a hyphen (-). + Default: aws-quickstart + Type: String + QsS3KeyPrefix: + Description: S3 key prefix for the Quick Start assets. Quick Start key prefix + can include numbers, lowercase letters, uppercase letters, hyphens (-), and + forward slash (/). + AllowedPattern: ^[0-9a-zA-Z-/]*$ + ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, + uppercase letters, hyphens (-), and forward slash (/). + Default: quickstart-jfrog-artifactory/ + Type: String + QsS3BucketRegion: + Default: 'us-east-1' + Description: AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. If you use your own bucket, you must specify your own value. + Type: String + InstallXray: + Description: Choose true to install JFrog Xray instance(s). + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + XrayVersion: + Description: The version of Xray that you want to deploy into the Quick Start. + AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ + ConstraintDescription: A version that matches X.X.X per Xray releases. + Default: 3.10.3 + Type: String + XrayNumberOfInstances: + Description: The number of Xray instances servers to complete your + HA deployment. The minimum number is one; the maximum is seven. + Do not select more than instances than you have licenses for. + MinValue: 1 + MaxValue: 7 + Default: 1 + Type: Number + XrayInstanceType: + Description: The EC2 instance type for the Xray instances. + AllowedValues: + - c5.2xlarge + - c5.4xlarge + ConstraintDescription: Must contain valid instance type. + Default: c5.2xlarge + Type: String + XrayDatabaseUser: + Description: The login ID for the Xray database user. + MinLength: '1' + MaxLength: '16' + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter. + Default: xray + Type: String + XrayDatabasePassword: + Description: The password for the Xray database user. + AllowedPattern: ^[^ \\']+$ + MinLength: '8' + MaxLength: '12' + ConstraintDescription: Must be at least 8 and no more than + 12 characters containing letters and (minimum 1 capital letter), numbers and + symbols. + NoEcho: 'true' + Type: String +Conditions: + EnableBastion: !Equals [!Ref 'ProvisionBastionHost', 'Enabled'] + IsArtifactory: !Not [!Equals [!Ref ArtifactoryProduct, 'JFrog-Container-Registry']] + HasSecondaryNodes: !Not [!Equals [!Ref NumberOfSecondary, '0']] + DefaultJava: !Equals [!Ref DefaultJavaMemSettings, "true"] + UsingDefaultBucket: !Equals [!Ref QsS3BucketName, 'aws-quickstart'] + EnableXray: !Equals [!Ref InstallXray, 'true'] + SmLicenseCertNameExists: !Not [!Equals [!Ref 'SmLicenseCertName', '']] +Resources: + BastionRole: + Condition: EnableBastion + Type: "AWS::IAM::Role" + Properties: + AssumeRolePolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Principal: + Service: ec2.amazonaws.com + Action: sts:AssumeRole + Policies: + - PolicyName: QSBucketAccess + PolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Action: s3:GetObject + Resource: !Sub "arn:${AWS::Partition}:s3:::${QsS3BucketName}/*" + - Effect: Allow + Action: + - logs:CreateLogStream + - logs:GetLogEvents + - logs:PutLogEvents + - logs:DescribeLogGroups + - logs:DescribeLogStreams + - logs:PutRetentionPolicy + - logs:PutMetricFilter + - logs:CreateLogGroup + Resource: !Sub "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:*:*" + - Effect: Allow + Action: + - ec2:AssociateAddress + - ec2:DescribeAddresses + Resource: "*" + BastionStack: + Condition: EnableBastion + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}submodules/quickstart-linux-bastion/templates/linux-bastion.template + Parameters: + VPCID: !Ref VpcId + PublicSubnet1ID: !Ref PublicSubnet1Id + PublicSubnet2ID: !Ref PublicSubnet2Id + KeyPairName: !Ref KeyPairName + QSS3BucketName: !Ref QsS3BucketName + QSS3KeyPrefix: !Sub '${QsS3KeyPrefix}submodules/quickstart-linux-bastion/' + QSS3BucketRegion: !Ref QsS3BucketRegion + RemoteAccessCIDR: !Ref RemoteAccessCidr + BastionInstanceType: !Ref BastionInstanceType + RootVolumeSize: !Ref BastionRootVolumeSize + BastionAMIOS: !Ref BastionOs + EnableTCPForwarding: !Ref BastionEnableTcpForwarding + EnableX11Forwarding: !Ref BastionEnableX11Forwarding + AlternativeIAMRole: !Ref BastionRole + NumBastionHosts: !Ref NumBastionHosts + ArtifactoryS3IAMUser: + Type: AWS::IAM::User + ArtifactoryIamAcessKey: + Type: AWS::IAM::AccessKey + Properties: + UserName: !Ref ArtifactoryS3IAMUser + ArtifactoryCoreInfraStack: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-core-infrastructure.template.yaml + Parameters: + VpcId: !Ref VpcId + VpcCidr: !Ref VpcCidr + PrivateSubnet1Cidr: !Ref PrivateSubnet1Cidr + PrivateSubnet2Cidr: !Ref PrivateSubnet2Cidr + PrivateSubnet3Cidr: !Ref PrivateSubnet2Cidr # This should end up in no new rule but required for EKS + SubnetIds: !Join [",", [!Ref PrivateSubnet1Id, !Ref PrivateSubnet2Id]] + DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage + MultiAzDatabase: !Ref MultiAzDatabase + DatabaseEngine: !Ref DatabaseEngine + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + DatabaseInstance: !Ref DatabaseInstance + DatabaseName: !Ref DatabaseName + ArtifactoryS3IAMUser: !Ref ArtifactoryS3IAMUser + InstanceType: !Ref InstanceType + ArtifactoryElb: + Type: AWS::ElasticLoadBalancingV2::LoadBalancer + Properties: + IpAddressType: ipv4 + Name: !Sub ${ArtifactoryProduct}-EC2-ELB + Scheme: !Ref ELBScheme + Subnets: + - !Ref PublicSubnet1Id + - !Ref PublicSubnet2Id + Type: network + ArtifactorySslTargetGroup: + Type: AWS::ElasticLoadBalancingV2::TargetGroup + Properties: + HealthCheckEnabled: True + HealthCheckIntervalSeconds: 30 + HealthCheckProtocol: TCP + HealthCheckTimeoutSeconds: 10 + HealthyThresholdCount: 3 + HealthCheckPort: "8082" + Port: 443 + Protocol: TCP + TargetType: instance + UnhealthyThresholdCount: 3 + VpcId: !Ref VpcId + ArtifactoryTargetGroup: + Type: AWS::ElasticLoadBalancingV2::TargetGroup + Properties: + HealthCheckEnabled: True + HealthCheckIntervalSeconds: 30 + HealthCheckProtocol: TCP + HealthCheckTimeoutSeconds: 10 + HealthyThresholdCount: 3 + HealthCheckPort: "8082" + Port: 80 + Protocol: TCP + TargetType: instance + UnhealthyThresholdCount: 3 + VpcId: !Ref VpcId + ArtifactorySslElbListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Properties: + DefaultActions: + - TargetGroupArn: !Ref ArtifactorySslTargetGroup + Type: forward + LoadBalancerArn: !Ref ArtifactoryElb + Port: 443 + Protocol: TCP + ArtifactoryElbListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Properties: + DefaultActions: + - TargetGroupArn: !Ref ArtifactoryTargetGroup + Type: forward + LoadBalancerArn: !Ref ArtifactoryElb + Port: 80 + Protocol: TCP + ArtifactoryInternalElb: + Type: AWS::ElasticLoadBalancingV2::LoadBalancer + Properties: + IpAddressType: ipv4 + Name: ArtifactoryInternal-ELB + Scheme: internal + Subnets: + - !Ref PrivateSubnet1Id + - !Ref PrivateSubnet2Id + Type: network + ArtifactoryInternalTargetGroup: + Type: AWS::ElasticLoadBalancingV2::TargetGroup + Properties: + HealthCheckEnabled: True + HealthCheckIntervalSeconds: 30 + HealthCheckProtocol: TCP + HealthCheckTimeoutSeconds: 10 + HealthyThresholdCount: 3 + HealthCheckPort: "8082" + Name: artifactory-internal-http + Port: 80 + Protocol: TCP + TargetType: instance + UnhealthyThresholdCount: 3 + VpcId: !Ref VpcId + ArtifactoryInternalElbListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Properties: + DefaultActions: + - TargetGroupArn: !Ref ArtifactoryInternalTargetGroup + Type: forward + LoadBalancerArn: !Ref ArtifactoryInternalElb + Port: 80 + Protocol: TCP + ArtifactoryEc2Sg: + Type: AWS::EC2::SecurityGroup + Properties: + Tags: + - Key: Name + Value: !Sub ${ArtifactoryProduct}-ec2-instances-sg + GroupDescription: SG for EC2 instances (also permits access using SSH from the bastion host) + VpcId: !Ref VpcId + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 80 + ToPort: 80 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 80 + ToPort: 80 + CidrIp: !Ref AccessCidr + - IpProtocol: tcp + FromPort: 443 + ToPort: 443 + CidrIp: !Ref AccessCidr + - IpProtocol: tcp + FromPort: 443 + ToPort: 443 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 8081 + ToPort: 8082 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 8046 + ToPort: 8046 + CidrIp: !Ref VpcCidr + SecurityGroupEgress: + - IpProtocol: "-1" + CidrIp: 0.0.0.0/0 + ArtifactoryHostRole: + Type: 'AWS::IAM::Role' + Properties: + Path: / + AssumeRolePolicyDocument: + Statement: + - Action: + - 'sts:AssumeRole' + Principal: + Service: + - ec2.amazonaws.com + Effect: Allow + Version: 2012-10-17 + ManagedPolicyArns: + - !Sub 'arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonEC2RoleforSSM' + ArtifactoryHostProfile: + Type: 'AWS::IAM::InstanceProfile' + Properties: + Roles: + - !Ref ArtifactoryHostRole + Path: / + ArtifactoryMaster: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-ec2-instance.template.yaml + Parameters: + PrivateSubnet1Id: !Ref PrivateSubnet1Id + PrivateSubnet2Id: !Ref PrivateSubnet2Id + MinScalingNodes: '1' # Always have 1 MasterNode + MaxScalingNodes: '1' # Always have 1 MasterNode + DeploymentTag: !If [IsArtifactory, "ArtifactoryMaster", "JcrMaster"] + HostRole: !Ref ArtifactoryHostRole + QsS3BucketName: !Ref QsS3BucketName + QsS3KeyPrefix: !Ref QsS3KeyPrefix + QsS3Uri: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix} + - S3Bucket: !If + - UsingDefaultBucket + - !Sub 'aws-quickstart-${AWS::Region}' + - !Ref 'QsS3BucketName' + S3Region: !If + - UsingDefaultBucket + - !Ref 'AWS::Region' + - !Ref 'QsS3BucketRegion' + AmiId: !Join ['', !Split [".", !Ref ArtifactoryVersion]] + ArtifactoryProduct: !Ref ArtifactoryProduct + ArtifactoryLicense1: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense1}}', ''] + ArtifactoryLicense2: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense2}}', ''] + ArtifactoryLicense3: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense3}}', ''] + ArtifactoryLicense4: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense4}}', ''] + ArtifactoryLicense5: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense5}}', ''] + ArtifactoryLicense6: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense6}}', ''] + ArtifactoryServerName: !Ref ArtifactoryServerName + EnableSSL: !If [SmLicenseCertNameExists, 'true' , 'false'] + Certificate: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:Certificate}}', ''] + CertificateKey: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:CertificateKey}}', ''] + CertificateDomain: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:CertificateDomain}}', ''] + ArtifactoryIamAcessKey: !Ref ArtifactoryIamAcessKey + SecretAccessKey: !GetAtt ArtifactoryIamAcessKey.SecretAccessKey + ArtifactoryS3Bucket: !GetAtt ArtifactoryCoreInfraStack.Outputs.S3Bucket + DatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl + DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + DatabasePlugin: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePlugin + DatabasePluginUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePluginUrl + DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + ArtifactoryPrimary: 'true' + MasterKey: !Ref MasterKey + ExtraJavaOptions: !If [DefaultJava, !Sub "${ArtifactoryCoreInfraStack.Outputs.JavaOpts} ${ExtraJavaOptions}", !Ref ExtraJavaOptions] + KeystorePassword: !Ref KeystorePassword + ArtifactoryVersion: !Ref ArtifactoryVersion + KeyPairName: !Ref KeyPairName + HostProfile: !Ref ArtifactoryHostProfile + SecurityGroups: !Ref ArtifactoryEc2Sg + InstanceType: !Ref InstanceType + VolumeSize: !Ref VolumeSize + TargetGroupARN: !Ref ArtifactoryTargetGroup + SSLTargetGroupARN: !Ref ArtifactorySslTargetGroup + InternalTargetGroupARN: !Ref ArtifactoryInternalTargetGroup + AnsibleVaultPass: !Ref AnsibleVaultPass + ArtifactorySecondary: + Condition: HasSecondaryNodes + DependsOn: ArtifactoryMaster + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-ec2-instance.template.yaml + Parameters: + PrivateSubnet1Id: !Ref PrivateSubnet1Id + PrivateSubnet2Id: !Ref PrivateSubnet2Id + MinScalingNodes: !Ref NumberOfSecondary + MaxScalingNodes: !Ref NumberOfSecondary + DeploymentTag: ArtifactorySecondary + HostRole: !Ref ArtifactoryHostRole + AmiId: !Join ['', !Split [".", !Ref ArtifactoryVersion]] + ArtifactoryProduct: !Ref ArtifactoryProduct + ArtifactoryLicense1: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense1}}', ''] + ArtifactoryLicense2: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense2}}', ''] + ArtifactoryLicense3: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense3}}', ''] + ArtifactoryLicense4: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense4}}', ''] + ArtifactoryLicense5: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense5}}', ''] + ArtifactoryLicense6: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense6}}', ''] + ArtifactoryServerName: !Ref ArtifactoryServerName + EnableSSL: !If [SmLicenseCertNameExists, 'true' , 'false'] + Certificate: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:Certificate}}', ''] + CertificateKey: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:CertificateKey}}', ''] + CertificateDomain: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:CertificateDomain}}', ''] + ArtifactoryIamAcessKey: !Ref ArtifactoryIamAcessKey + SecretAccessKey: !GetAtt ArtifactoryIamAcessKey.SecretAccessKey + ArtifactoryS3Bucket: !GetAtt ArtifactoryCoreInfraStack.Outputs.S3Bucket + DatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl + DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + DatabasePlugin: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePlugin + DatabasePluginUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePluginUrl + DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + ArtifactoryPrimary: 'false' + MasterKey: !Ref MasterKey + ExtraJavaOptions: !If [DefaultJava, !Sub "${ArtifactoryCoreInfraStack.Outputs.JavaOpts} ${ExtraJavaOptions}", !Ref ExtraJavaOptions] + KeystorePassword: !Ref KeystorePassword + ArtifactoryVersion: !Ref ArtifactoryVersion + KeyPairName: !Ref KeyPairName + HostProfile: !Ref ArtifactoryHostProfile + SecurityGroups: !Ref ArtifactoryEc2Sg + InstanceType: !Ref InstanceType + VolumeSize: !Ref VolumeSize + TargetGroupARN: !Ref ArtifactoryTargetGroup + SSLTargetGroupARN: !Ref ArtifactorySslTargetGroup + InternalTargetGroupARN: !Ref ArtifactoryInternalTargetGroup + AnsibleVaultPass: !Ref AnsibleVaultPass + QsS3BucketName: !Ref QsS3BucketName + QsS3KeyPrefix: !Ref QsS3KeyPrefix + QsS3Uri: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix} + - S3Bucket: !If + - UsingDefaultBucket + - !Sub 'aws-quickstart-${AWS::Region}' + - !Ref 'QsS3BucketName' + S3Region: !If + - UsingDefaultBucket + - !Ref 'AWS::Region' + - !Ref 'QsS3BucketRegion' + XrayHostRole: + Condition: EnableXray + Type: 'AWS::IAM::Role' + Properties: + Path: / + AssumeRolePolicyDocument: + Statement: + - Action: + - 'sts:AssumeRole' + Principal: + Service: + - ec2.amazonaws.com + Effect: Allow + Version: 2012-10-17 + ManagedPolicyArns: + - !Sub 'arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonEC2RoleforSSM' + XrayHostProfile: + Condition: EnableXray + Type: 'AWS::IAM::InstanceProfile' + Properties: + Roles: + - !Ref XrayHostRole + Path: / + XrayExistingVpcStack: + Condition: EnableXray + DependsOn: ArtifactorySecondary + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-xray-ec2-instance.template.yaml + Parameters: + PrivateSubnet1Id: !Ref PrivateSubnet1Id + PrivateSubnet2Id: !Ref PrivateSubnet2Id + KeyPairName: !Ref KeyPairName + MinScalingNodes: !Ref XrayNumberOfInstances + MaxScalingNodes: !Ref XrayNumberOfInstances + DeploymentTag: 'xray' + QsS3BucketName: !Ref QsS3BucketName + QsS3KeyPrefix: !Ref QsS3KeyPrefix + QsS3Uri: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix} + - S3Bucket: !If + - UsingDefaultBucket + - !Sub 'aws-quickstart-${AWS::Region}' + - !Ref 'QsS3BucketName' + S3Region: !If + - UsingDefaultBucket + - !Ref 'AWS::Region' + - !Ref 'QsS3BucketRegion' + DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + MasterKey: !Ref MasterKey + SecurityGroups: !Ref ArtifactoryEc2Sg + VolumeSize: !Ref VolumeSize + XrayInstanceType: !Ref XrayInstanceType + JfrogInternalUrl: !Sub "http://${ArtifactoryInternalElb.DNSName}" + AnsibleVaultPass: !Ref AnsibleVaultPass + XrayDatabaseUser: !Ref XrayDatabaseUser + XrayDatabasePassword: !Ref XrayDatabasePassword + XrayMasterDatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayMasterDatabaseUrl + XrayDatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayDatabaseUrl + XrayFirstNode: 'true' + XrayVersion: !Ref XrayVersion + XrayAmiId: !Join ['', !Split [".", !Ref XrayVersion]] + XrayHostRole: !Ref XrayHostRole + XrayHostProfile: !Ref XrayHostProfile +Outputs: + ArtifactoryUrl: + Description: URL of the ELB to access Artifactory + Value: !If [SmLicenseCertNameExists, !Sub "https://${ArtifactoryElb.DNSName}", !Sub "http://${ArtifactoryElb.DNSName}"] + Export: + Name: !Sub '${AWS::StackName}-ArtifactoryUrl' + ArtifactoryInternalUrl: + Description: URL of the internal ELB to access Artifactory + Value: !Sub "http://${ArtifactoryInternalElb.DNSName}" + Export: + Name: !Sub '${AWS::StackName}-ArtifactoryInternalUrl' + DatabaseType: + Description: Type of database + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + Export: + Name: !Sub '${AWS::StackName}-DatabaseType' + DatabaseDriver: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + Export: + Name: !Sub '${AWS::StackName}-DatabaseDriver' + DatabaseUrl: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl + Export: + Name: !Sub '${AWS::StackName}-DatabaseUrl' + ArtifactoryTargetGroup: + Description: Artifactory target group + Value: !Ref ArtifactoryTargetGroup + Export: + Name: !Sub '${AWS::StackName}-ArtifactoryTargetGroup' + ArtifactorySslTargetGroup: + Description: Artifactory SSL target group + Value: !Ref ArtifactorySslTargetGroup + Export: + Name: !Sub '${AWS::StackName}-ArtifactorySslTargetGroup' + ArtifactoryEc2Sg: + Description: Artifactory EC2 sercurity group + Value: !Ref ArtifactoryEc2Sg + Export: + Name: !Sub '${AWS::StackName}-ArtifactoryEc2Sg' + BastionIp: + Value: !If + - EnableBastion + - !GetAtt BastionStack.Outputs.EIP1 + - "" + XrayMasterDatabaseUrl: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayMasterDatabaseUrl + Export: + Name: !Sub '${AWS::StackName}-XrayMasterDatabaseUrl' + XrayDatabaseUrl: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayDatabaseUrl + Export: + Name: !Sub '${AWS::StackName}-XrayDatabaseUrl' \ No newline at end of file diff --git a/Amazon/Marketplace/v7112/templates/jfrog-artifactory-ec2-instance.template.yaml b/Amazon/Marketplace/v7112/templates/jfrog-artifactory-ec2-instance.template.yaml new file mode 100644 index 0000000..870323e --- /dev/null +++ b/Amazon/Marketplace/v7112/templates/jfrog-artifactory-ec2-instance.template.yaml @@ -0,0 +1,414 @@ +AWSTemplateFormatVersion: "2010-09-09" +Description: "Deploys the EC2 Autoscaling, LaunchConfig and Instance for Artifactory (qs-1qpmmjh5o)" +Parameters: + PrivateSubnet1Id: + Type: 'AWS::EC2::Subnet::Id' + PrivateSubnet2Id: + Type: 'AWS::EC2::Subnet::Id' + MinScalingNodes: + Type: Number + MaxScalingNodes: + Type: Number + DeploymentTag: + Type: String + HostRole: + Type: String + AmiId: + Type: String + ArtifactoryProduct: + Type: String + QsS3BucketName: + Type: String + QsS3KeyPrefix: + Type: String + QsS3Uri: + Type: String + ArtifactoryLicense1: + Type: String + ArtifactoryLicense2: + Type: String + ArtifactoryLicense3: + Type: String + ArtifactoryLicense4: + Type: String + ArtifactoryLicense5: + Type: String + ArtifactoryLicense6: + Type: String + ArtifactoryServerName: + Type: String + Certificate: + Type: String + CertificateKey: + Type: String + NoEcho: 'true' + CertificateDomain: + Type: String + EnableSSL: + Type: String + ArtifactoryIamAcessKey: + Type: String + NoEcho: 'true' + SecretAccessKey: + Type: String + NoEcho: 'true' + ArtifactoryS3Bucket: + Type: String + DatabaseUrl: + Type: String + DatabaseDriver: + Type: String + DatabasePluginUrl: + Type: String + DatabasePlugin: + Type: String + DatabaseType: + Type: String + DatabaseUser: + Type: String + DatabasePassword: + Type: String + NoEcho: 'true' + ArtifactoryPrimary: + Type: String + MasterKey: + Type: String + NoEcho: 'true' + ExtraJavaOptions: + Type: String + ArtifactoryVersion: + Type: String + KeyPairName: + Type: AWS::EC2::KeyPair::KeyName + TargetGroupARN: + Type: String + SSLTargetGroupARN: + Type: String + InternalTargetGroupARN: + Type: String + HostProfile: + Type: String + SecurityGroups: + Type: String + InstanceType: + Type: String + VolumeSize: + Type: Number + KeystorePassword: + Description: Default Keystore from Java in which we upgrade. + Type: String + NoEcho: 'true' + AnsibleVaultPass: + Description: Ansiblevault Password to secure the artifactory.yml + Type: String + NoEcho: 'true' +# To populate additional mappings use the following with the desired --region +# aws --region us-west-2 ec2 describe-images --owners amazon --filters 'Name=name,Values=amzn-ami-hvm-2018.03.0.20181129-x86_64-gp2' 'Name=state,Values=available' --output json | jq -r '.Images | sort_by(.CreationDate) | last(.[]).ImageId' +Mappings: + AWSAMIRegionMap: + ap-northeast-1: + AMZNLINUXHVM: ami-079e6fb1e856e80c1 + "Artifactory721": ami-09dfb20a591375d09 + "Artifactory755": ami-09dfb20a591375d09 # TODO: Get correct ami + "Jcr721": ami-0d87bf5404e186c90 + ap-northeast-2: + AMZNLINUXHVM: ami-0e4a253fb5f082688 + "Artifactory721": ami-0eb86b82de93a34fb + "Artifactory755": ami-0eb86b82de93a34fb # TODO: Get correct ami + "Jcr721": ami-047275320dc0101df + ap-south-1: + AMZNLINUXHVM: ami-01e074f40dfb9999d + "Artifactory721": ami-01b828aa6cc99a322 + "Artifactory755": ami-01b828aa6cc99a322 # TODO: Get correct ami + "Jcr721": ami-003e20ccb4b8b1efc + ap-southeast-1: + AMZNLINUXHVM: ami-0d9233e8ce73df7b2 + "Artifactory721": ami-04a94cc4dc0d08c98 + "Artifactory755": ami-04a94cc4dc0d08c98 # TODO: Get correct ami + "Jcr721": ami-016d81f9a055d84f7 + ap-southeast-2: + AMZNLINUXHVM: ami-0c91f97cadcc8499e + "Artifactory721": ami-030871aa8d1f0689e + "Artifactory755": ami-030871aa8d1f0689e # TODO: Get correct ami + "Jcr721": ami-0a257f38f4e17b489 + ca-central-1: + AMZNLINUXHVM: ami-003a0ba7ea76b2785 + "Artifactory721": ami-0148cebea7bea4aaf + "Artifactory755": ami-0148cebea7bea4aaf # TODO: Get correct ami + "Jcr721": ami-0366fde97d0c9c63c + eu-central-1: + AMZNLINUXHVM: ami-0ab838eeee7f316eb + "Artifactory721": ami-07961f7c210143a42 + "Artifactory755": ami-07961f7c210143a42 # TODO: Get correct ami + "Jcr721": ami-025ce18f43dbbee65 + eu-west-1: + AMZNLINUXHVM: ami-071f4ce599deff521 + "Artifactory721": ami-0171b8d46941b4ca1 + "Artifactory755": ami-0171b8d46941b4ca1 # TODO: Get correct ami + "Jcr721": ami-0a0c02357d264c397 + sa-east-1: + AMZNLINUXHVM: ami-04b202bf877b5027b + "Artifactory721": ami-0596f196b273bb8a6 + "Artifactory755": ami-0596f196b273bb8a6 # TODO: Get correct ami + "Jcr721": ami-0f5f29385fc7cf6a9 + us-east-1: + AMZNLINUXHVM: ami-09d069a04349dc3cb + "Artifactory700": ami-06baee01fb2ef01d2 + "Artifactory702": ami-085b1acc8e8b5b039 + "Artifactory721": ami-0d4d4252cdc2b6f11 + "Artifactory755": ami-07c0a3d7663fcafb9 # TODO: Get correct ami + "Artifactory773": ami-0e1639df4df532641 # partnership account + seller account + "Artifactory7102": ami-0d3aaf4303a264d04 # seller account (shared with partnership account) + "Jcr720": ami-05aa02eddf5f692b7 + "Jcr721": ami-04fed5fc210272dfe + "Jcr7102": ami-0508370f82ef2e50d + "Artifactory7112": ami-06347e9dbfce687da # seller account (shared with partnership account) + "Jcr7112": ami-0a3b81d0aa82189e2 # seller account (shared with partnership account) + us-east-2: + AMZNLINUXHVM: ami-0d542ef84ec55d71c + "Artifactory721": ami-0a913af05ccdaa522 + "Artifactory755": ami-05071c07a672ddf54 # TODO: Get correct ami - using ami generated by myself + "Jcr721": ami-0d50790b8fb747584 + "Artifactory7112": ami-0f3dcf9fd88a904bc # seller account (shared with partnership account) + "Jcr7112": ami-0336bdc0bc6e84abd # seller account (shared with partnership account) + us-west-1: + AMZNLINUXHVM: ami-04bc3da8f14823e88 + "Artifactory721": ami-068cd684b4d3a3a86 + "Artifactory755": ami-068cd684b4d3a3a86 # TODO: Get correct ami + "Jcr721": ami-0e1cef33ea2778bd5 + "Artifactory7112": ami-0882ea734a2fa8b73 # seller account (shared with partnership account) + "Jcr7112": ami-0210d128df9b0bc6a # seller account (shared with partnership account) + us-west-2: + AMZNLINUXHVM: ami-01460aa81365561fe + "700": ami-000937e944ea194bf + "Artifactory721": ami-0c132dd3640519a35 + "Artifactory755": ami-0007155f7b7de9386 # TODO: Get correct ami + "Artifactory773": ami-0a1b8c5bd6ea279b0 # partnership account + seller account + "Jcr721": ami-083542bb4f8afa3db + "Artifactory7112": ami-0474ab36192013bbd # seller account (shared with partnership account) + "Jcr7112": ami-0f6670c5db60d15b0 # seller account (shared with partnership account) + us-gov-east-1: + AMZNLINUX2: ami-7c2bc80d + "Artifactory755": ami-0732b9134b39caf5c + "Artifactory7102": ami-0f5ce3b2c087a8098 + "Artifactory7112": ami-0bd6c2a94850b75f0 + us-gov-west-1: + AMZNLINUX2: ami-a03768c1 + "Artifactory755": ami-0b9d3e9ee5ffdc491 + ArtifactoryProductMap: + JFrog-Container-Registry: + "720": "Jcr720" + "721": "Jcr721" + "743": "Jcr743" + "7102": "Jcr7102" + "7112": "Jcr7112" + product: "jcr" + JFrog-Artifactory-Pro: + "700": "Artifactory700" + "702": "Artifactory702" + "721": "Artifactory721" + "755": "Artifactory755" + "773": "Artifactory773" + "7102": "Artifactory7102" + "7112": "Artifactory7112" + product: "artifactory" +Resources: + ArtifactoryScalingGroup: + Type: 'AWS::AutoScaling::AutoScalingGroup' + Properties: + LaunchConfigurationName: !Ref ArtifactoryLaunchConfiguration + VPCZoneIdentifier: + - !Ref PrivateSubnet1Id + - !Ref PrivateSubnet2Id + MinSize: !Ref MinScalingNodes + MaxSize: !Ref MaxScalingNodes + Cooldown: '300' + DesiredCapacity: !Ref MinScalingNodes + TargetGroupARNs: + - !Ref TargetGroupARN + - !Ref SSLTargetGroupARN + - !Ref InternalTargetGroupARN + HealthCheckType: ELB + HealthCheckGracePeriod: 900 + Tags: + - Key: Name + Value: !Ref DeploymentTag + PropagateAtLaunch: true + CreationPolicy: + ResourceSignal: + Count: 1 + Timeout: PT30M + + ArtifactoryLaunchConfiguration: + Type: 'AWS::AutoScaling::LaunchConfiguration' + Metadata: + 'AWS::CloudFormation::Authentication': + S3AccessCreds: + type: S3 + roleName: + - !Ref HostRole # !Ref ArtifactoryHostRole + buckets: + - !Ref QsS3BucketName + 'AWS::CloudFormation::Init': + configSets: + artifactory_install: + - "config-artifactory-master" + - "secure-artifactory" + config-artifactory-master: + files: + /root/.jfrog_ami/artifactory.yml: + content: !Sub + - | + # Base install for Artifactory + - import_playbook: site-artifactory.yml + vars: + artifactory_license1: ${ArtifactoryLicense1} + artifactory_license2: ${ArtifactoryLicense2} + artifactory_license3: ${ArtifactoryLicense3} + artifactory_license4: ${ArtifactoryLicense4} + artifactory_license5: ${ArtifactoryLicense5} + artifactory_license6: ${ArtifactoryLicense6} + artifactory_product: ${product} + artifactory_flavour: "{{ 'pro' if '${product}' == 'artifactory' else 'jcr' if '${product}' == 'jcr' }}" + artifactory_server_name: ${ArtifactoryServerName} + server_name: ${ArtifactoryServerName}.${CertificateDomain} + s3_region: ${AWS::Region} + s3_access_key: ${ArtifactoryIamAcessKey} + s3_access_secret_key: ${SecretAccessKey} + s3_bucket: ${ArtifactoryS3Bucket} + certificate: ${Certificate} + certificate_key: ${CertificateKey} + certificate_domain: ${CertificateDomain} + enable_ssl: ${EnableSSL} + ssl_dir: /etc/pki/tls/certs + db_type: ${DatabaseType} + db_driver: ${DatabaseDriver} + db_url: ${DatabaseUrl} + db_user: ${DatabaseUser} + db_password: ${DatabasePassword} + # db_download_url: https://jdbc.postgresql.org/download/postgresql-42.2.12.jar + art_primary: ${ArtifactoryPrimary} + master_key: ${MasterKey} + join_key: ${MasterKey} + extra_java_opts: ${ExtraJavaOptions} + artifactory_version: ${ArtifactoryVersion} + artifactory_keystore: + path: /opt/jfrog/artifactory/app/third-party/java/lib/security/cacerts + default_password: changeit + new_keystore_pass: ${KeystorePassword} + artifactory_java_db_drivers: + - name: ${DatabasePlugin} + url: ${DatabasePluginUrl} + owner: artifactory + group: artifactory + - { + product: !FindInMap [ArtifactoryProductMap, !Ref ArtifactoryProduct, product] + } + mode: "0400" + /root/.vault_pass.txt: + content: !Sub | + ${AnsibleVaultPass} + mode: "0400" + /root/.secureit.sh: + content: + ansible-vault encrypt /root/.jfrog_ami/artifactory.yml --vault-id /root/.vault_pass.txt + mode: "0770" + secure-artifactory: + commands: + 'secure ansible playbook': + command: '/root/.secureit.sh' + ignoreErrors: 'false' + Properties: + AssociatePublicIpAddress: false + KeyName: !Ref KeyPairName + IamInstanceProfile: !Ref HostProfile + ImageId: !FindInMap + - AWSAMIRegionMap + - !Ref 'AWS::Region' + - !FindInMap + - ArtifactoryProductMap + - !Ref ArtifactoryProduct + - !Ref AmiId + SecurityGroups: + - !Ref SecurityGroups + InstanceType: !Ref InstanceType + BlockDeviceMappings: + - DeviceName: /dev/xvda + Ebs: + VolumeSize: !Ref VolumeSize + VolumeType: gp2 + DeleteOnTermination: true + UserData: + 'Fn::Base64': + !Sub | + #!/bin/bash -x + + #CFN Functions + + function cfn_fail + + { + + cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource ArtifactoryScalingGroup + + exit 1 + + } + + function cfn_success + + { + + cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource ArtifactoryScalingGroup + + exit 0 + + } + + S3URI=${QsS3Uri} + + # yum install -y git + + echo $PATH + + PATH=/opt/aws/bin:$PATH + + echo $PATH + echo \'[Cloning: Load QuickStart Common Utils]\' + + # git clone https://github.com/aws-quickstart/quickstart-linux-utilities.git + + source /quickstart-linux-utilities/quickstart-cfn-tools.source + + echo \'[Loaded: Load QuickStart Common Utils]\' + + echo \'[Update Operating System]\' + + qs_update-os || qs_err + + qs_bootstrap_pip || qs_err + + qs_aws-cfn-bootstrap || qs_err + + source ~/venv/bin/activate &> /var/log/userdata.activate_venv.log || qs_err " activate venv failed " + + # CentOS cloned virtual machines do not create a new machine id + # https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/ + rm -f /etc/machine-id + systemd-machine-id-setup + + # mkdir ~/.artifactory_ansible + + # aws s3 --region ${AWS::Region} sync s3://${QsS3BucketName}/${QsS3KeyPrefix}cloudInstallerScripts/ ~/.artifactory_ansible/ + + cfn-init -v --stack ${AWS::StackName} --resource ArtifactoryLaunchConfiguration --configsets artifactory_install --region ${AWS::Region} || cfn_fail + + export ANSIBLE_VAULT_PASSWORD_FILE="/root/.vault_pass.txt" + + setsebool httpd_can_network_connect 1 -P + + ansible-playbook /root/.jfrog_ami/artifactory.yml || qs_err " ansible execution failed " + + rm -rf /root/.secureit.sh + + [ $(qs_status) == 0 ] && cfn_success || cfn_fail \ No newline at end of file diff --git a/Amazon/Marketplace/v7112/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml b/Amazon/Marketplace/v7112/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml new file mode 100644 index 0000000..7344d67 --- /dev/null +++ b/Amazon/Marketplace/v7112/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml @@ -0,0 +1,457 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: 'JFrog Artifactory Quick Start Deployment (qs-1qpmmjh2f)' +Metadata: + QuickStartDocumentation: + EntrypointName: "Launch into a new VPC" + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: Security configuration + Parameters: + - KeyPairName + - AccessCidr + - RemoteAccessCidr + - Label: + default: Network configuration + Parameters: + - PrivateSubnet1Cidr + - PrivateSubnet2Cidr + - VpcId + - VpcCidr + - PublicSubnet1Id + - PublicSubnet2Id + - PrivateSubnet1Id + - PrivateSubnet2Id + - Label: + default: Amazon EC2 configuration + Parameters: + - VolumeSize + - InstanceType + - Label: + default: JFrog Artifactory configuration + Parameters: + - ArtifactoryVersion + - NumberOfSecondary + - SmLicenseCertName + - ArtifactoryServerName + - MasterKey + - ExtraJavaOptions + - DefaultJavaMemSettings + - KeystorePassword + - AnsibleVaultPass + - Label: + default: Amazon RDS configuration + Parameters: + - DatabaseName + - DatabaseEngine + - DatabaseUser + - DatabasePassword + - DatabaseInstance + - DatabaseAllocatedStorage + - MultiAzDatabase + - Label: + default: JFrog Xray Configuration + Parameters: + - InstallXray + - XrayVersion + - XrayNumberOfInstances + - XrayInstanceType + - XrayDatabaseUser + - XrayDatabasePassword + ParameterLabels: + KeyPairName: + default: SSH key name + PrivateSubnet1Cidr: + default: Private subnet 1 CIDR + PrivateSubnet2Cidr: + default: Private subnet 2 CIDR + AccessCidr: + default: Permitted IP range + RemoteAccessCidr: + default: Remote access CIDR + VpcId: + default: VPC ID + VpcCidr: + default: VPC CIDR + PublicSubnet1Id: + default: Public subnet 1 ID + PublicSubnet2Id: + default: Public subnet 2 ID + PrivateSubnet1Id: + default: Private subnet 1 ID + PrivateSubnet2Id: + default: Private subnet 2 ID + VolumeSize: + default: EBS root volume size + InstanceType: + default: EC2 instance type + NumberOfSecondary: + default: Secondary instances + ArtifactoryVersion: + default: Artifactory version + SmLicenseCertName: + default: Artifactory licenses and certificate secret name + ArtifactoryServerName: + default: Artifactory server name + MasterKey: + default: Master server key + ExtraJavaOptions: + default: Extra Java options + DefaultJavaMemSettings: + default: Default Java memory settings + KeystorePassword: + default: Java key store password + AnsibleVaultPass: + default: Ansible Vault password + DatabaseName: + default: Database name + DatabaseEngine: + default: Database engine + DatabaseUser: + default: Database user + DatabasePassword: + default: Database password + DatabaseInstance: + default: Database instance type + DatabaseAllocatedStorage: + default: Database allocated storage + MultiAzDatabase: + default: High-availability database + InstallXray: + default: Install JFrog Xray + XrayVersion: + default: Version of Xray to install + XrayNumberOfInstances: + default: Number of JFrog XrayNumberOfInstances + XrayInstanceType: + default: Xray instance type + XrayDatabaseUser: + default: Xray Database user + XrayDatabasePassword: + default: Xray Database password +Parameters: + VpcId: + Description: ID of your existing VPC (e.g., vpc-0343606e). + Type: "AWS::EC2::VPC::Id" + VpcCidr: + Description: CIDR block for the VPC. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/16 + Type: String + PublicSubnet1Id: + Description: ID of the public subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab). + Type: "AWS::EC2::Subnet::Id" + PublicSubnet2Id: + Description: ID of the public subnet in Availability Zone 2 of your existing VPC (e.g., subnet-a29c3d84). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet1Id: + Description: ID of the private subnet in Availability Zone 1 of your existing VPC (e.g., subnet-a0246dcd). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet2Id: + Description: ID of the private subnet in Availability Zone 2 of your existing VPC (e.g., subnet-b58c3d67). + Type: "AWS::EC2::Subnet::Id" + KeyPairName: + Description: Name of an existing key pair, + which allows you to connect securely to your instance after it launches. + This is the key pair you created in your preferred Region. + Type: AWS::EC2::KeyPair::KeyName + PrivateSubnet1Cidr: + Description: CIDR block for private subnet 1, located in Availability Zone 1. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/19 + Type: String + PrivateSubnet2Cidr: + Description: CIDR block for private subnet 2, located in Availability Zone 2. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.32.0/19 + Type: String + AccessCidr: + Description: CIDR IP range permitted to access Artifactory. + It is recommended that you set this value to a trusted IP range. + For example, you may want to limit software access to your corporate network. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Type: String + RemoteAccessCidr: + Description: Remote CIDR range that allows you to connect to the bastion instance by using SSH. + It is recommended that you set this value to a trusted IP range. + For example, you may want to grant specific ranges from within your corporate network that use the SSH protocol. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Type: String + VolumeSize: + Description: Size in gigabytes of available storage (min 10GB). The Quick Start creates an + Amazon Elastic Block Store (Amazon EBS) volumes of this size. + Default: 200 + Type: Number + InstanceType: + Description: EC2 type for the Artifactory instances. + AllowedValues: + - m5.large + - m5.xlarge + - m5.2xlarge + - m5.4xlarge + - m5.8xlarge + - m5.12xlarge + - m5.16xlarge + - m5.24xlarge + - m5.metal + - m5d.large + - m5d.xlarge + - m5d.2xlarge + - m5d.4xlarge + - m5d.8xlarge + - m5d.12xlarge + - m5d.16xlarge + - m5d.24xlarge + - m5d.metal + - m5a.large + - m5a.xlarge + - m5a.2xlarge + - m5a.4xlarge + - m5a.8xlarge + - m5a.12xlarge + - m5a.16xlarge + - m5a.24xlarge + ConstraintDescription: Must contain valid instance type. + Default: m5.xlarge + Type: String + NumberOfSecondary: + Description: Number of secondary Artifactory servers to complete your + HA deployment. To align with Artifactory best practices, the minimum number + is two, and the maximum is seven. Do not select more instances than you + have licenses for. + AllowedValues: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + Default: 2 + Type: Number + ArtifactoryVersion: + Description: Version of Artifactory that you want to deploy into the Quick Start. + To select the correct version, see the release notes at + https://www.jfrog.com/confluence/display/RTF/Release+Notes. + AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ + ConstraintDescription: A version that matches X.X.X per Artifactory releases. + Default: 7.11.2 + Type: String + SmLicenseCertName: + Description: Secret name created in AWS Secrets Manager that contains the SSL certificate, certificate key, and Artifactory licenses. + Default: '' + Type: String + ArtifactoryServerName: + Description: Name of your Artifactory server. Ensure that this matches your certificate. + Type: String + MasterKey: + Description: Master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'. + AllowedPattern: ^[a-zA-Z0-9]+$ + MinLength: '1' + MaxLength: '64' + ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters. + NoEcho: 'true' + Type: String + ExtraJavaOptions: + Description: Set Java options to pass to the JVM for Artifactory. For more information, see the Artifactory + system requirements at https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware. + Do not add Xms or Xmx settings without disabling DefaultJavaMemSettings. + Default: -Xss256k -XX:+UseG1GC + Type: String + DefaultJavaMemSettings: + Description: Choose false to overwrite the standard memory-calculation options to pass to the Artifactory JVM. + If you plan to overwrite them, ensure they are added to the ExtraJavaOptions to prevent the stack provision from failing. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + KeystorePassword: + Description: Java key store password. For better security, the password that you specify will + replace the default Java key store password. + NoEcho: 'true' + Type: String + AnsibleVaultPass: + Description: Ansible Vault password to protect the Artifactory YAML configuration file + generated during the Artifactory deployment. This YAML file is stored on the EC2 nodes + and secured with this password. + NoEcho: 'true' + Type: String + DatabaseName: + Description: Name of your database instance. The name must be unique across all instances + owned by your AWS account in the current Region. The database instance identifier is case-insensitive, + but it's stored in lowercase (as in "mydbinstance"). + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + MinLength: '1' + MaxLength: '60' + ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter. + Default: artdb + Type: String + DatabaseEngine: + Description: Database engine that you want to run. + AllowedValues: + - Postgres + Default: Postgres + Type: String + DatabaseUser: + Description: Login ID for the master user of your database instance. + MinLength: '1' + MaxLength: '16' + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + ConstraintDescription: 1 to 16 alphanumeric characters. The first character must be a letter. + Default: artifactory + Type: String + DatabasePassword: + Description: Password for the Artifactory database user. + AllowedPattern: ^[^ \\']+$ + MinLength: '8' + MaxLength: '12' + ConstraintDescription: Must be at least 8 and no more than + 12 characters containing letters and (minimum 1 capital letter), numbers and + symbols. + NoEcho: 'true' + Type: String + DatabaseInstance: + Description: Size of the database to be deployed as part of the Quick Start. + AllowedValues: + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.10xlarge + - db.m5.16xlarge + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.4xlarge + - db.m5.12xlarge + - db.m5.24xlarge + ConstraintDescription: Must be a valid database Instance Type. + Default: db.m5.large + Type: String + DatabaseAllocatedStorage: + Description: Size in gigabytes of available storage for the database instance. + MinValue: 5 + MaxValue: 1024 + Default: 10 + Type: Number + MultiAzDatabase: + Description: Choose false to create an Amazon RDS instance in a single Availability Zone. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + InstallXray: + Description: Choose true to install JFrog Xray instance(s). + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + XrayVersion: + Description: The version of Xray that you want to deploy into the Quick Start. + AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ + ConstraintDescription: A version that matches X.X.X per Xray releases. + Default: 3.11.2 + Type: String + XrayNumberOfInstances: + Description: The number of Xray instances servers to complete your + HA deployment. The minimum number is one; the maximum is seven. + Do not select more than instances than you have licenses for. + MinValue: 1 + MaxValue: 7 + Default: 1 + Type: Number + XrayInstanceType: + Description: The EC2 instance type for the Xray instances. + AllowedValues: + - c5.2xlarge + - c5.4xlarge + ConstraintDescription: Must contain valid instance type. + Default: c5.2xlarge + Type: String + XrayDatabaseUser: + Description: The login ID for the Xray database user. + MinLength: '1' + MaxLength: '16' + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter. + Default: xray + Type: String + XrayDatabasePassword: + Description: The password for the Xray database user. + AllowedPattern: ^[^ \\']+$ + MinLength: '8' + MaxLength: '12' + ConstraintDescription: Must be at least 8 and no more than + 12 characters containing letters and (minimum 1 capital letter), numbers and + symbols. + NoEcho: 'true' + Type: String +Resources: + ArtifactoryExistingVpcStack: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub https://jfrog-aws-test.s3.us-east-1.${AWS::URLSuffix}/artifactory7/v7112/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml + # TemplateURL: !Sub https://jfrog-aws-test.s3.us-east-1.${AWS::URLSuffix}/artifactory7/v7112/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml + Parameters: + KeyPairName: !Ref KeyPairName + VpcId: !Ref VpcId + VpcCidr: !Ref VpcCidr + PublicSubnet1Id: !Ref PublicSubnet1Id + PublicSubnet2Id: !Ref PublicSubnet2Id + PrivateSubnet1Id: !Ref PrivateSubnet1Id + PrivateSubnet2Id: !Ref PrivateSubnet2Id + PrivateSubnet1Cidr: !Ref PrivateSubnet1Cidr + PrivateSubnet2Cidr: !Ref PrivateSubnet2Cidr + AccessCidr: !Ref AccessCidr + RemoteAccessCidr: !Ref RemoteAccessCidr + ProvisionBastionHost: "Disabled" + BastionInstanceType: "t3.micro" + BastionRootVolumeSize: 10 + BastionEnableTcpForwarding: "true" + BastionEnableX11Forwarding: "false" + BastionOs: "Amazon-Linux2-HVM" + NumBastionHosts: "1" + VolumeSize: !Ref VolumeSize + InstanceType: !Ref InstanceType + NumberOfSecondary: !Ref NumberOfSecondary + ArtifactoryProduct: "JFrog-Artifactory-Pro" + ArtifactoryVersion: !Ref ArtifactoryVersion + SmLicenseCertName: !Ref SmLicenseCertName + ArtifactoryServerName: !Ref ArtifactoryServerName + MasterKey: !Ref MasterKey + ExtraJavaOptions: !Ref ExtraJavaOptions + DefaultJavaMemSettings: !Ref DefaultJavaMemSettings + KeystorePassword: !Ref KeystorePassword + AnsibleVaultPass: !Ref AnsibleVaultPass + DatabaseName: !Ref DatabaseName + DatabaseEngine: !Ref DatabaseEngine + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + DatabaseInstance: !Ref DatabaseInstance + DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage + MultiAzDatabase: !Ref MultiAzDatabase + QsS3BucketName: "jfrog-aws-test" + QsS3KeyPrefix: "artifactory7/v7112/" + QsS3BucketRegion: "us-east-1" + InstallXray: !Ref InstallXray + XrayVersion: !Ref XrayVersion + XrayNumberOfInstances: !Ref XrayNumberOfInstances + XrayInstanceType: !Ref XrayInstanceType + XrayDatabaseUser: !Ref XrayDatabaseUser + XrayDatabasePassword: !Ref XrayDatabasePassword +Outputs: + ArtifactoryUrl: + Description: URL of the ELB to access Artifactory + Value: !Sub ${ArtifactoryExistingVpcStack.Outputs.ArtifactoryUrl} + BastionIp: + Value: !Sub ${ArtifactoryExistingVpcStack.Outputs.BastionIp} + Description: Bastion host IP, for admin access via SSH diff --git a/Amazon/Marketplace/v7112/templates/jfrog-xray-ec2-instance.template.yaml b/Amazon/Marketplace/v7112/templates/jfrog-xray-ec2-instance.template.yaml new file mode 100644 index 0000000..5b6080c --- /dev/null +++ b/Amazon/Marketplace/v7112/templates/jfrog-xray-ec2-instance.template.yaml @@ -0,0 +1,279 @@ +AWSTemplateFormatVersion: "2010-09-09" +Description: "Deploys the EC2 Autoscaling, LaunchConfig and Instance for Xray" +Parameters: + PrivateSubnet1Id: + Type: 'AWS::EC2::Subnet::Id' + PrivateSubnet2Id: + Type: 'AWS::EC2::Subnet::Id' + KeyPairName: + Type: AWS::EC2::KeyPair::KeyName + MinScalingNodes: + Type: Number + MaxScalingNodes: + Type: Number + DeploymentTag: + Type: String + QsS3BucketName: + Type: String + QsS3KeyPrefix: + Type: String + QsS3Uri: + Type: String + DatabaseDriver: + Type: String + DatabaseType: + Type: String + DatabaseUser: + Type: String + DatabasePassword: + Type: String + NoEcho: 'true' + MasterKey: + Type: String + NoEcho: 'true' + SecurityGroups: + Type: String + VolumeSize: + Type: Number + XrayHostProfile: + Type: String + XrayHostRole: + Type: String + XrayInstanceType: + Type: String + JfrogInternalUrl: + Type: String + AnsibleVaultPass: + Description: Ansiblevault Password to secure the artifactory.yml + Type: String + NoEcho: 'true' + XrayDatabaseUser: + Type: String + XrayDatabasePassword: + Type: String + NoEcho: 'true' + XrayMasterDatabaseUrl: + Type: String + XrayDatabaseUrl: + Type: String + XrayFirstNode: + Description: Runs database scripts if this is the first node + Type: String + XrayVersion: + Type: String + XrayAmiId: + Type: String +# To populate additional mappings use the following with the desired --region +# aws --region us-west-2 ec2 describe-images --owners amazon --filters 'Name=name,Values=amzn-ami-hvm-2018.03.0.20181129-x86_64-gp2' 'Name=state,Values=available' --output json | jq -r '.Images | sort_by(.CreationDate) | last(.[]).ImageId' +Mappings: + AWSAMIRegionMap: + ap-northeast-1: + "330": ami-09dfb20a591375d09 # TODO: Get correct ami - provided by market place tem + "361": ami-09dfb20a591375d09 # TODO: Get correct ami - provided by market place tem + ap-northeast-2: + "330": ami-0eb86b82de93a34fb # TODO: Get correct ami - provided by market place tem + "361": ami-0eb86b82de93a34fb # TODO: Get correct ami - provided by market place tem + ap-south-1: + "330": ami-01b828aa6cc99a322 # TODO: Get correct ami - provided by market place tem + "361": ami-01b828aa6cc99a322 # TODO: Get correct ami - provided by market place tem + ap-southeast-1: + "330": ami-04a94cc4dc0d08c98 # TODO: Get correct ami - provided by market place tem + "361": ami-04a94cc4dc0d08c98 # TODO: Get correct ami - provided by market place tem + ap-southeast-2: + "330": ami-030871aa8d1f0689e # TODO: Get correct ami - provided by market place tem + "361": ami-030871aa8d1f0689e # TODO: Get correct ami - provided by market place tem + ca-central-1: + "330": ami-0148cebea7bea4aaf # TODO: Get correct ami - provided by market place tem + "361": ami-0148cebea7bea4aaf # TODO: Get correct ami - provided by market place tem + eu-central-1: + "330": ami-07961f7c210143a42 # TODO: Get correct ami - provided by market place tem + "361": ami-07961f7c210143a42 # TODO: Get correct ami - provided by market place tem + eu-west-1: + "330": ami-0171b8d46941b4ca1 # TODO: Get correct ami - provided by market place tem + "361": ami-0171b8d46941b4ca1 # TODO: Get correct ami - provided by market place tem + sa-east-1: + "330": ami-0596f196b273bb8a6 # TODO: Get correct ami - provided by market place tem + "361": ami-0596f196b273bb8a6 # TODO: Get correct ami - provided by market place tem + us-east-1: + "330": ami-0d4d4252cdc2b6f11 # TODO: Get correct ami - provided by market place tem + "361": ami-086fcbf4aa2bd203f # TODO: Get correct ami - provided by market place tem + "386": ami-0becff949aa530956 # partnership account + seller account + "3103": ami-0e19b1335bc3654c3 # seller account (shared with partnership account) + "3112": ami-0819678d7216af530 # seller account (shared with partnership account) + us-east-2: + "330": ami-00a5fcde44618d39b # TODO: Get correct ami - using ami generated by myself - provided by market place tem + "361": ami-005b2ceceac6999ff # TODO: Get correct ami - using ami generated by myself - provided by market place tem + "3112": ami-0bd793595d742f794 # seller account (shared with partnership account) + us-west-1: + "330": ami-068cd684b4d3a3a86 # TODO: Get correct ami - provided by market place tem + "361": ami-068cd684b4d3a3a86 # TODO: Get correct ami - provided by market place tem + "3112": ami-012cc5d182bd3bd2b # seller account (shared with partnership account) + us-west-2: + "330": ami-03d60da4c8a146a55 # TODO: Get correct ami - provided by market place tem + "361": ami-03d60da4c8a146a55 # TODO: Get correct ami - provided by market place tem + "386": ami-07af1682f09ef4a20 # partnership account + seller account + "3112": ami-0b2006b832e129368 # seller account (shared with partnership account) + us-gov-east-1: + "361": ami-001d5cec1e7399f65 # TODO: Get correct ami - provided by market place tem + "3103": ami-08d1d573a758ba6b2 + "3112": ami-06e7ce8983a50fd9c + us-gov-west-1: + "361": ami-0eb4eecce8d5bcb80 # TODO: Get correct ami - provided by market place tem + +Resources: + XrayScalingGroup: + Type: 'AWS::AutoScaling::AutoScalingGroup' + Properties: + LaunchConfigurationName: !Ref XrayLaunchConfiguration + VPCZoneIdentifier: + - !Ref PrivateSubnet1Id + - !Ref PrivateSubnet2Id + MinSize: !Ref MinScalingNodes + MaxSize: !Ref MaxScalingNodes + Cooldown: '300' + DesiredCapacity: !Ref MinScalingNodes + HealthCheckType: EC2 + HealthCheckGracePeriod: 900 + Tags: + - Key: Name + Value: !Ref DeploymentTag + PropagateAtLaunch: true + CreationPolicy: + ResourceSignal: + Count: 1 + Timeout: PT60M + XrayLaunchConfiguration: + Type: 'AWS::AutoScaling::LaunchConfiguration' + Metadata: + 'AWS::CloudFormation::Authentication': + S3AccessCreds: + type: S3 + roleName: + - !Ref XrayHostRole + buckets: + - !Ref QsS3BucketName + 'AWS::CloudFormation::Init': + configSets: + xray_install: + - "config-xray" + config-xray: + files: + /root/.xray_ami/xray.yml: + content: !Sub + - | + # Base install for Xray + - import_playbook: site-xray.yml + vars: + jfrog_url: ${JfrogInternalUrl} + master_key: ${MasterKey} + join_key: ${MasterKey} + db_type: ${DatabaseType} + db_driver: ${DatabaseDriver} + db_url: postgres://${XrayDatabaseUrl} + db_user: ${XrayDatabaseUser} + db_password: ${XrayDatabasePassword} + xray_version: ${XrayVersion} + - { + product: Xray + } + mode: "0400" + /root/.vault_pass.txt: + content: !Sub | + ${AnsibleVaultPass} + mode: "0400" + Properties: + AssociatePublicIpAddress: false + KeyName: !Ref KeyPairName + IamInstanceProfile: !Ref XrayHostProfile + ImageId: !FindInMap + - AWSAMIRegionMap + - !Ref 'AWS::Region' + - !Ref XrayAmiId + SecurityGroups: + - !Ref SecurityGroups + InstanceType: !Ref XrayInstanceType + BlockDeviceMappings: + - DeviceName: /dev/xvda + Ebs: + VolumeSize: !Ref VolumeSize + VolumeType: gp2 + DeleteOnTermination: true + UserData: + 'Fn::Base64': + !Sub | + #!/bin/bash -x + exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 + + #CFN Functions + + function cfn_fail + + { + + cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource XrayScalingGroup + + exit 1 + + } + + function cfn_success + + { + + cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource XrayScalingGroup + + exit 0 + + } + + S3URI=${QsS3Uri} + + # yum install -y git + + echo $PATH + + PATH=/opt/aws/bin:$PATH + + echo $PATH + echo \'[Cloning: Load QuickStart Common Utils]\' + + # git clone https://github.com/aws-quickstart/quickstart-linux-utilities.git + + source /quickstart-linux-utilities/quickstart-cfn-tools.source + + echo \'[Loaded: Load QuickStart Common Utils]\' + + echo \'[Update Operating System]\' + + qs_update-os || qs_err + + qs_bootstrap_pip || qs_err + + qs_aws-cfn-bootstrap || qs_err + + source ~/venv/bin/activate &> /var/log/userdata.activate_venv.log || qs_err " activate venv failed " + + # mkdir ~/.xray_ansible + + # aws s3 --region ${AWS::Region} sync s3://${QsS3BucketName}/${QsS3KeyPrefix}cloudInstallerScripts/ ~/.xray_ansible/ + + cfn-init -v --stack ${AWS::StackName} --resource XrayLaunchConfiguration --configsets xray_install --region ${AWS::Region} || cfn_fail + + # CentOS cloned virtual machines do not create a new machine id + # https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/ + rm -f /etc/machine-id + systemd-machine-id-setup + + if "true" == "${XrayFirstNode}" + then + psql postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} -c "CREATE USER ${XrayDatabaseUser} WITH PASSWORD '${XrayDatabasePassword}'" &>> /var/log/userdata.xray_database.log; + psql postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} -c "grant ${XrayDatabaseUser} to ${DatabaseUser}" &>> /var/log/userdata.xray_database.log; + psql postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} -c "CREATE DATABASE xraydb WITH OWNER=${XrayDatabaseUser} ENCODING='UTF8'" &>> /var/log/userdata.xray_database.log; + psql postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} -c "GRANT ALL PRIVILEGES ON DATABASE xraydb TO ${XrayDatabaseUser}" &>> /var/log/userdata.xray_database.log; + fi + + ansible-playbook /root/.xray_ami/xray.yml || qs_err " ansible execution failed " + + $(qs_status) &> /var/log/qs_status.log + cfn_success &> /var/log/cfn_success.log + [ $(qs_status) == 0 ] && cfn_success || cfn_fail \ No newline at end of file From ccfb8c03831b72e4c81338072793757bdecbadc8 Mon Sep 17 00:00:00 2001 From: Anup Singh <64248163+anupteal@users.noreply.github.com> Date: Wed, 2 Dec 2020 23:28:06 +0530 Subject: [PATCH 8/9] Arm 7.11.2 (#68) * ARM templates - Postgresql JDBC driver is updated (for 7.10.2 compatibility) * ARM templates - RT and JCR 7.10.2, Xray 3.9.1 * VM image publish template - RT 7.10.5 * ARM template for 7.10.5 * ARM template for Xray 3.10.3 * Updated artifactoryVersion and location * Updated 7.10.5 version for JCR Azure application * updated version on azuredeploy_ms_ps.json * updated azuredeploy_ms_ps.json * updated azuredeploy_ms_ps.json * updated 7.10.6 verion in azuredeploy_ms_ps.json, MP_submission/createUiDefinition.json, MP_submission/mainTemplate.json * Updated the Version for JCR * updated new xray version 3.11.2 in template files * updated new x-ray version in createUiDefinition.json mainTemplate.json * updated createUiDefinition.json mainTemplate.json * updated 7.11.2 changes for xray, rt and jcr * ARM template, fixing formatting Co-authored-by: danielmkn Co-authored-by: Aayush-sood94 --- .../MP_submission/createUiDefinition.json | 17 ++++++++--- .../MP_submission/mainTemplate.json | 13 +++++---- .../scripts/install_artifactory7.sh | 3 -- .../Artifactory/azuredeploy_ms_ps.json | 13 +++++---- .../azuredeploy_ms_ps.parameters.json | 14 +++++----- .../scripts/install_artifactory7.sh | 3 -- .../vm_install/install_pro7_to_vm.sh | 2 +- .../Artifactory/vm_install/vm_deploy.json | 4 +-- .../Artifactory/vm_install/vm_parameters.json | 4 +-- .../MP_submission_7/createUiDefinition.json | 17 +++++++++-- .../JCR/MP_submission_7/mainTemplate.json | 11 +++++--- AzureResourceManager/JCR/azuredeploy.json | 11 +++++--- .../JCR/vm_install/vm_parameters.json | 4 +-- .../MP_submission/createUiDefinition.json | 12 ++++++-- .../Xray/MP_submission/mainTemplate.json | 12 ++++---- .../nested/Postgresql_deploy.json | 2 +- .../Xray/azuredeploy_xray.parameters.json | 28 +++++++++---------- .../Xray/azuredeploy_xray_vmss.json | 12 ++++---- .../Xray/nested/Postgresql_deploy.json | 2 +- .../Xray/vm_install/vm_parameters.json | 4 +-- 20 files changed, 113 insertions(+), 75 deletions(-) diff --git a/AzureResourceManager/Artifactory/MP_submission/createUiDefinition.json b/AzureResourceManager/Artifactory/MP_submission/createUiDefinition.json index 76ebfdd..6d850e3 100644 --- a/AzureResourceManager/Artifactory/MP_submission/createUiDefinition.json +++ b/AzureResourceManager/Artifactory/MP_submission/createUiDefinition.json @@ -132,7 +132,7 @@ "name": "artifactoryVersion", "type": "Microsoft.Common.DropDown", "label": "Artifactory-vm image version to deploy.", - "defaultValue": "7.10.2", + "defaultValue": "7.11.2", "toolTip": "Version of Artifactory to deploy", "constraints": { "allowedValues": [ @@ -170,8 +170,17 @@ }, { "label": "7.10.2", - "value": "0.0.3" - } + "value": "0.0.31" + }, + { + "label": "7.10.5", + "value": "0.0.4" + }, + { + "label": "7.10.6", + "value": "0.0.52" + }, + { "label": "7.11.2", "value": "0.0.6" } ], "required": true }, @@ -533,4 +542,4 @@ "storageAccountType": "[steps('storageConfig').storageAccountsType]" } } -} \ No newline at end of file +} diff --git a/AzureResourceManager/Artifactory/MP_submission/mainTemplate.json b/AzureResourceManager/Artifactory/MP_submission/mainTemplate.json index cb86554..aed2a82 100644 --- a/AzureResourceManager/Artifactory/MP_submission/mainTemplate.json +++ b/AzureResourceManager/Artifactory/MP_submission/mainTemplate.json @@ -79,7 +79,7 @@ }, "artifactoryVersion": { "type": "string", - "defaultValue": "0.0.3", + "defaultValue": "0.0.6", "allowedValues": [ "6.6.0", "6.6.1", @@ -96,7 +96,10 @@ "7.4.30", "0.0.1", "0.0.2", - "0.0.3" + "0.0.31", + "0.0.4", + "0.0.52", + "0.0.6" ], "metadata": { "description": "Artifactory-vm image version to deploy." @@ -778,7 +781,7 @@ "type": "Microsoft.Compute/virtualMachineScaleSets", "name": "[variables('scaleSetPrimaryName')]", "location": "[parameters('location')]", - "apiVersion": "2018-10-01", + "apiVersion": "2020-06-01", "dependsOn": [ "[resourceId('Microsoft.Network/loadBalancers/', variables('lbName'))]", "[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]", @@ -876,7 +879,7 @@ "type": "Microsoft.Compute/virtualMachineScaleSets", "name": "[variables('scaleSetMemberName')]", "location": "[parameters('location')]", - "apiVersion": "2018-10-01", + "apiVersion": "2020-06-01", "dependsOn": [ "[resourceId('Microsoft.Network/loadBalancers/', variables('lbName'))]", "[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]", @@ -978,4 +981,4 @@ "type": "string" } } -} \ No newline at end of file +} diff --git a/AzureResourceManager/Artifactory/MP_submission/scripts/install_artifactory7.sh b/AzureResourceManager/Artifactory/MP_submission/scripts/install_artifactory7.sh index 115fccf..8ecc72e 100644 --- a/AzureResourceManager/Artifactory/MP_submission/scripts/install_artifactory7.sh +++ b/AzureResourceManager/Artifactory/MP_submission/scripts/install_artifactory7.sh @@ -25,9 +25,6 @@ export DEBIAN_FRONTEND=noninteractive mkdir -p /etc/pki/tls/private/ /etc/pki/tls/certs/ openssl req -nodes -x509 -newkey rsa:4096 -keyout /etc/pki/tls/private/example.key -out /etc/pki/tls/certs/example.pem -days 356 -subj "/C=US/ST=California/L=SantaClara/O=IT/CN=*.localhost" -# Install Postgresql driver -curl --retry 5 -L -o /opt/jfrog/artifactory/app/artifactory/tomcat/lib/postgresql-9.4.1212.jar https://jdbc.postgresql.org/download/postgresql-9.4.1212.jar >> /tmp/install-databse-driver.log 2>&1 - CERTIFICATE_DOMAIN=$(cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE_DOMAIN=" | sed "s/CERTIFICATE_DOMAIN=//") [ -z "$CERTIFICATE_DOMAIN" ] && CERTIFICATE_DOMAIN=artifactory diff --git a/AzureResourceManager/Artifactory/azuredeploy_ms_ps.json b/AzureResourceManager/Artifactory/azuredeploy_ms_ps.json index 9b2399a..9b707c5 100644 --- a/AzureResourceManager/Artifactory/azuredeploy_ms_ps.json +++ b/AzureResourceManager/Artifactory/azuredeploy_ms_ps.json @@ -79,7 +79,7 @@ }, "artifactoryVersion": { "type": "string", - "defaultValue": "0.0.3", + "defaultValue": "0.0.6", "allowedValues": [ "6.11.3", "6.15.0", @@ -93,7 +93,10 @@ "7.5.7", "0.0.1", "0.0.2", - "0.0.3" + "0.0.31", + "0.0.4", + "0.0.52", + "0.0.6" ], "metadata": { "description": "Artifactory-vm image version to deploy." @@ -775,7 +778,7 @@ "type": "Microsoft.Compute/virtualMachineScaleSets", "name": "[variables('scaleSetPrimaryName')]", "location": "[parameters('location')]", - "apiVersion": "2018-10-01", + "apiVersion": "2020-06-01", "dependsOn": [ "[resourceId('Microsoft.Network/loadBalancers/', variables('lbName'))]", "[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]", @@ -873,7 +876,7 @@ "type": "Microsoft.Compute/virtualMachineScaleSets", "name": "[variables('scaleSetMemberName')]", "location": "[parameters('location')]", - "apiVersion": "2018-10-01", + "apiVersion": "2020-06-01", "dependsOn": [ "[resourceId('Microsoft.Network/loadBalancers/', variables('lbName'))]", "[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]", @@ -975,4 +978,4 @@ "type": "string" } } -} \ No newline at end of file +} diff --git a/AzureResourceManager/Artifactory/azuredeploy_ms_ps.parameters.json b/AzureResourceManager/Artifactory/azuredeploy_ms_ps.parameters.json index 8e4317e..7c09c75 100644 --- a/AzureResourceManager/Artifactory/azuredeploy_ms_ps.parameters.json +++ b/AzureResourceManager/Artifactory/azuredeploy_ms_ps.parameters.json @@ -9,7 +9,7 @@ "value": "vmuser" }, "adminPassword": { - "value": "password" + "value": "OWERWRITE_THE_PASSWORD" }, "db_type": { "value": "Postgresql_deploy.json" @@ -18,7 +18,7 @@ "value": "artifactory" }, "db_password": { - "value": "password" + "value": "OWERWRITE_THE_PASSWORD" }, "db_name": { "value": "artdb" @@ -50,19 +50,19 @@ "value": "GENERATE_JOIN_KEY" }, "certificate": { - "value": "-----BEGIN CERTIFICATE----- -----END CERTIFICATE-----" + "value": "-----BEGIN CERTIFICATE----- -----END CERTIFICATE-----" }, "certificateKey": { - "value": "-----BEGIN PRIVATE KEY----- -----END PRIVATE KEY-----" + "value": "-----BEGIN PRIVATE KEY----- -----END PRIVATE KEY-----" }, "artifactoryLicense1": { - "value": "" + "value": "" }, "artifactoryLicense2": { - "value": "" + "value": "" }, "artifactoryLicense3": { - "value": "" + "value": "" } } } \ No newline at end of file diff --git a/AzureResourceManager/Artifactory/scripts/install_artifactory7.sh b/AzureResourceManager/Artifactory/scripts/install_artifactory7.sh index 115fccf..8ecc72e 100644 --- a/AzureResourceManager/Artifactory/scripts/install_artifactory7.sh +++ b/AzureResourceManager/Artifactory/scripts/install_artifactory7.sh @@ -25,9 +25,6 @@ export DEBIAN_FRONTEND=noninteractive mkdir -p /etc/pki/tls/private/ /etc/pki/tls/certs/ openssl req -nodes -x509 -newkey rsa:4096 -keyout /etc/pki/tls/private/example.key -out /etc/pki/tls/certs/example.pem -days 356 -subj "/C=US/ST=California/L=SantaClara/O=IT/CN=*.localhost" -# Install Postgresql driver -curl --retry 5 -L -o /opt/jfrog/artifactory/app/artifactory/tomcat/lib/postgresql-9.4.1212.jar https://jdbc.postgresql.org/download/postgresql-9.4.1212.jar >> /tmp/install-databse-driver.log 2>&1 - CERTIFICATE_DOMAIN=$(cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE_DOMAIN=" | sed "s/CERTIFICATE_DOMAIN=//") [ -z "$CERTIFICATE_DOMAIN" ] && CERTIFICATE_DOMAIN=artifactory diff --git a/AzureResourceManager/Artifactory/vm_install/install_pro7_to_vm.sh b/AzureResourceManager/Artifactory/vm_install/install_pro7_to_vm.sh index b5ebd3c..4d3728d 100644 --- a/AzureResourceManager/Artifactory/vm_install/install_pro7_to_vm.sh +++ b/AzureResourceManager/Artifactory/vm_install/install_pro7_to_vm.sh @@ -37,7 +37,7 @@ EOF #Install database drivers (for Java 11, path is different for RT6 and RT7) curl --retry 5 -L -o /opt/jfrog/artifactory/app/artifactory/tomcat/lib/mysql-connector-java-5.1.38.jar https://bintray.com/artifact/download/bintray/jcenter/mysql/mysql-connector-java/5.1.38/mysql-connector-java-5.1.38.jar >> /tmp/install-databse-driver.log 2>&1 curl --retry 5 -L -o /opt/jfrog/artifactory/app/artifactory/tomcat/lib/mssql-jdbc-7.4.1.jre11.jar https://bintray.com/artifact/download/bintray/jcenter/com/microsoft/sqlserver/mssql-jdbc/7.4.1.jre11/mssql-jdbc-7.4.1.jre11.jar >> /tmp/install-databse-driver.log 2>&1 -curl --retry 5 -L -o /opt/jfrog/artifactory/app/artifactory/tomcat/lib/postgresql-9.4.1212.jar https://jdbc.postgresql.org/download/postgresql-9.4.1212.jar >> /tmp/install-databse-driver.log 2>&1 +curl --retry 5 -L -o /opt/jfrog/artifactory/app/artifactory/tomcat/lib/postgresql-42.2.18.jar https://jdbc.postgresql.org/download/postgresql-42.2.18.jar >> /tmp/install-databse-driver.log 2>&1 #Configuring nginx rm /etc/nginx/sites-enabled/default diff --git a/AzureResourceManager/Artifactory/vm_install/vm_deploy.json b/AzureResourceManager/Artifactory/vm_install/vm_deploy.json index 2d8053b..0503514 100644 --- a/AzureResourceManager/Artifactory/vm_install/vm_deploy.json +++ b/AzureResourceManager/Artifactory/vm_install/vm_deploy.json @@ -70,7 +70,7 @@ "metadata": { "description": "The base URI where artifacts required by this template are located. When the template is deployed using the accompanying scripts, a private location in the subscription will be used and this value will be automatically generated." }, - "defaultValue": "https://raw.githubusercontent.com/jfrog/JFrog-Cloud-Installers/vm-image-templates/AzureResourceManager/Artifactory/" + "defaultValue": "https://raw.githubusercontent.com/jfrog/JFrog-Cloud-Installers/master/AzureResourceManager/Artifactory/" }, "_artifactsLocationSasToken": { "type": "securestring", @@ -259,4 +259,4 @@ "value": "[variables('commandToExecute')]" } } -} \ No newline at end of file +} diff --git a/AzureResourceManager/Artifactory/vm_install/vm_parameters.json b/AzureResourceManager/Artifactory/vm_install/vm_parameters.json index 8241d9c..d8c4b27 100644 --- a/AzureResourceManager/Artifactory/vm_install/vm_parameters.json +++ b/AzureResourceManager/Artifactory/vm_install/vm_parameters.json @@ -90,10 +90,10 @@ "value": "OWERWRITE_THE_PASSWORD" }, "artifactoryVersion": { - "value": "7.10.2" + "value": "7.11.2" }, "scriptName": { "value": "install_pro7_to_vm.sh" } } -} \ No newline at end of file +} diff --git a/AzureResourceManager/JCR/MP_submission_7/createUiDefinition.json b/AzureResourceManager/JCR/MP_submission_7/createUiDefinition.json index 0918f67..d7c9d94 100644 --- a/AzureResourceManager/JCR/MP_submission_7/createUiDefinition.json +++ b/AzureResourceManager/JCR/MP_submission_7/createUiDefinition.json @@ -101,7 +101,7 @@ "name": "artifactoryVersion", "type": "Microsoft.Common.DropDown", "label": "JFrog Container Registry-vm image version to deploy.", - "defaultValue": "7.10.2", + "defaultValue": "7.11.2", "toolTip": "Version of JFrog Container Registry to deploy", "constraints": { "allowedValues": [ @@ -124,6 +124,18 @@ { "label": "7.10.2", "value": "0.0.3" + }, + { + "label": "7.10.5", + "value": "0.0.4" + }, + { + "label": "7.10.6", + "value": "0.0.5" + }, + { + "label": "7.11.2", + "value": "0.0.61" } ], "required": true @@ -178,6 +190,7 @@ "validationMessage": "Provide SSL Certificate Key." }, "options": { + "hideConfirmation": true } }, @@ -345,4 +358,4 @@ "storageAccountType": "[steps('storageConfig').storageAccountsType]" } } -} \ No newline at end of file +} diff --git a/AzureResourceManager/JCR/MP_submission_7/mainTemplate.json b/AzureResourceManager/JCR/MP_submission_7/mainTemplate.json index 6277267..d5a1a06 100644 --- a/AzureResourceManager/JCR/MP_submission_7/mainTemplate.json +++ b/AzureResourceManager/JCR/MP_submission_7/mainTemplate.json @@ -25,13 +25,16 @@ }, "artifactoryVersion": { "type": "string", - "defaultValue": "0.0.3", + "defaultValue": "0.0.61", "allowedValues": [ "7.2.1", "7.3.2", "7.4.3", "0.0.2", - "0.0.3" + "0.0.3", + "0.0.4", + "0.0.5", + "0.0.61" ], "metadata": { "description": "JFrog Container Registry-vm image version to deploy." @@ -519,7 +522,7 @@ "type": "Microsoft.Compute/virtualMachineScaleSets", "name": "[variables('scaleSetPrimaryName')]", "location": "[parameters('location')]", - "apiVersion": "2018-10-01", + "apiVersion": "2020-06-01", "dependsOn": [ "[resourceId('Microsoft.Network/loadBalancers/', variables('lbName'))]", "[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]", @@ -618,4 +621,4 @@ "type": "string" } } -} \ No newline at end of file +} diff --git a/AzureResourceManager/JCR/azuredeploy.json b/AzureResourceManager/JCR/azuredeploy.json index b1ec59b..aa4a791 100644 --- a/AzureResourceManager/JCR/azuredeploy.json +++ b/AzureResourceManager/JCR/azuredeploy.json @@ -25,13 +25,16 @@ }, "artifactoryVersion": { "type": "string", - "defaultValue": "0.0.3", + "defaultValue": "0.0.61", "allowedValues": [ "7.2.1", "7.3.2", "7.4.3", "0.0.2", - "0.0.3" + "0.0.3", + "0.0.4", + "0.0.5", + "0.0.61" ], "metadata": { "description": "JFrog Container Registry-vm image version to deploy." @@ -519,7 +522,7 @@ "type": "Microsoft.Compute/virtualMachineScaleSets", "name": "[variables('scaleSetPrimaryName')]", "location": "[parameters('location')]", - "apiVersion": "2018-10-01", + "apiVersion": "2020-06-01", "dependsOn": [ "[resourceId('Microsoft.Network/loadBalancers/', variables('lbName'))]", "[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]", @@ -618,4 +621,4 @@ "type": "string" } } -} \ No newline at end of file +} diff --git a/AzureResourceManager/JCR/vm_install/vm_parameters.json b/AzureResourceManager/JCR/vm_install/vm_parameters.json index 58c512d..0d4b2b0 100644 --- a/AzureResourceManager/JCR/vm_install/vm_parameters.json +++ b/AzureResourceManager/JCR/vm_install/vm_parameters.json @@ -81,10 +81,10 @@ "value": "OWERWRITE_THE_PASSWORD" }, "artifactoryVersion": { - "value": "7.10.2" + "value": "7.11.2" }, "scriptName": { "value": "install_jcr7_to_vm.sh" } } -} \ No newline at end of file +} diff --git a/AzureResourceManager/Xray/MP_submission/createUiDefinition.json b/AzureResourceManager/Xray/MP_submission/createUiDefinition.json index 88e3488..17931e9 100644 --- a/AzureResourceManager/Xray/MP_submission/createUiDefinition.json +++ b/AzureResourceManager/Xray/MP_submission/createUiDefinition.json @@ -123,7 +123,7 @@ "name": "xrayVersion", "type": "Microsoft.Common.DropDown", "label": "Xray-vm image version to deploy.", - "defaultValue": "3.9.1", + "defaultValue": "3.11.2", "toolTip": "Version of Xray to deploy", "constraints": { "allowedValues": [ @@ -142,7 +142,13 @@ { "label": "3.9.1", "value": "0.0.6" - } + }, + { + "label": "3.10.3", + "value": "0.0.7" + }, + { "label": "3.11.2", "value": "0.0.8" + } ], "required": true }, @@ -324,4 +330,4 @@ "db_password": "[steps('databaseConfig').db_password]" } } -} \ No newline at end of file +} diff --git a/AzureResourceManager/Xray/MP_submission/mainTemplate.json b/AzureResourceManager/Xray/MP_submission/mainTemplate.json index 15bf701..92d7a81 100644 --- a/AzureResourceManager/Xray/MP_submission/mainTemplate.json +++ b/AzureResourceManager/Xray/MP_submission/mainTemplate.json @@ -19,12 +19,14 @@ }, "xrayVersion": { "type": "string", - "defaultValue": "0.0.6", + "defaultValue": "0.0.8", "allowedValues": [ "0.0.3", "0.0.4", "0.0.5", - "0.0.6" + "0.0.6", + "0.0.7", + "0.0.8" ], "metadata": { "description": "Xray-vm image version to deploy." @@ -275,7 +277,7 @@ }, { "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2018-11-01", + "apiVersion": "2019-06-01", "name": "[variables('storageAccountName')]", "location": "[parameters('location')]", "sku": { @@ -320,7 +322,7 @@ "type": "Microsoft.Compute/virtualMachineScaleSets", "name": "[concat(variables('namingInfix'), 'xrayScaleset')]", "location": "[parameters('location')]", - "apiVersion": "2018-10-01", + "apiVersion": "2020-06-01", "dependsOn": [ "[resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]", "[resourceId('Microsoft.Network/networkInterfaces/', variables('nicName'))]" @@ -401,4 +403,4 @@ } } ] -} \ No newline at end of file +} diff --git a/AzureResourceManager/Xray/MP_submission/nested/Postgresql_deploy.json b/AzureResourceManager/Xray/MP_submission/nested/Postgresql_deploy.json index 4f6d8ce..cdc3a2b 100644 --- a/AzureResourceManager/Xray/MP_submission/nested/Postgresql_deploy.json +++ b/AzureResourceManager/Xray/MP_submission/nested/Postgresql_deploy.json @@ -32,7 +32,7 @@ }, "skuSizeMB": { "type": "int", - "defaultValue": 5120 + "defaultValue": 204800 }, "skuTier": { "type": "string", diff --git a/AzureResourceManager/Xray/azuredeploy_xray.parameters.json b/AzureResourceManager/Xray/azuredeploy_xray.parameters.json index 2f18bb9..30c98e8 100644 --- a/AzureResourceManager/Xray/azuredeploy_xray.parameters.json +++ b/AzureResourceManager/Xray/azuredeploy_xray.parameters.json @@ -3,19 +3,19 @@ "contentVersion": "1.0.0.0", "parameters": { "clusterName": { - "value": "GEN-UNIQUE" + "value": "GENERATE-CLUSTER-NAME" }, "adminUsername": { - "value": "GEN-UNIQUE" + "value": "ADMIN-USERNAME" }, "adminPassword": { - "value": "GEN-UNIQUE" + "value": "ADMIN-PASSWORD" }, "virtualNetworkName": { - "value": "existing-vm-network-name" + "value": "EXISTING-VM-NETWORK-NAME" }, "subnetName": { - "value": "existing-subnet-name" + "value": "EXISTING-SUBNET-NAME" }, "virtualNetworkNewOrExisting": { "value": "existing" @@ -24,7 +24,7 @@ "value": "10.0.0.0/16" }, "virtualNetworkResourceGroup": { - "value": "resource-group-name" + "value": "RESOURCE-GROUP-NAME" }, "virtualMachineSize": { "value": "Standard_D4s_v3" @@ -33,25 +33,25 @@ "value": "10.0.1.0/24" }, "xrayVersion": { - "value": "0.0.6" + "value": "0.0.8" }, "artifactoryURL": { - "value": "http://artifactory-url.cloudapp.azure.com" + "value": "http://ARTIFACTORY-URL.cloudapp.azure.com" }, "masterKey": { - "value": "GEN-UNIQUE" + "value": "GENERATE-MASTER-KEY" }, "joinKey": { - "value": "GEN-UNIQUE" + "value": "GET-JOIN-KEY-IN-ARTIFACTORY-UI" }, "db_type": { - "value": "Postgresql_existing.json" + "value": "Postgresql_deploy.json" }, "db_user": { - "value": "GEN-UNIQUE" + "value": "DB-USERNAME" }, "db_password": { - "value": "GEN-UNIQUE" + "value": "DB-PASSWORD" }, "manual_db_url": { "value": "jdbc:postgresql://postgressrvr.postgres.database.azure.com:5432" @@ -60,4 +60,4 @@ "value": "postgressrvr" } } -} \ No newline at end of file +} diff --git a/AzureResourceManager/Xray/azuredeploy_xray_vmss.json b/AzureResourceManager/Xray/azuredeploy_xray_vmss.json index a16eb18..0b72892 100644 --- a/AzureResourceManager/Xray/azuredeploy_xray_vmss.json +++ b/AzureResourceManager/Xray/azuredeploy_xray_vmss.json @@ -19,12 +19,14 @@ }, "xrayVersion": { "type": "string", - "defaultValue": "0.0.6", + "defaultValue": "0.0.8", "allowedValues": [ "0.0.3", "0.0.4", "0.0.5", - "0.0.6" + "0.0.6", + "0.0.7", + "0.0.8" ], "metadata": { "description": "Xray-vm image version to deploy." @@ -275,7 +277,7 @@ }, { "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2018-11-01", + "apiVersion": "2019-06-01", "name": "[variables('storageAccountName')]", "location": "[parameters('location')]", "sku": { @@ -320,7 +322,7 @@ "type": "Microsoft.Compute/virtualMachineScaleSets", "name": "[concat(variables('namingInfix'), 'xrayScaleset')]", "location": "[parameters('location')]", - "apiVersion": "2018-10-01", + "apiVersion": "2020-06-01", "dependsOn": [ "[resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]", "[resourceId('Microsoft.Network/networkInterfaces/', variables('nicName'))]" @@ -401,4 +403,4 @@ } } ] -} \ No newline at end of file +} diff --git a/AzureResourceManager/Xray/nested/Postgresql_deploy.json b/AzureResourceManager/Xray/nested/Postgresql_deploy.json index 4f6d8ce..cdc3a2b 100644 --- a/AzureResourceManager/Xray/nested/Postgresql_deploy.json +++ b/AzureResourceManager/Xray/nested/Postgresql_deploy.json @@ -32,7 +32,7 @@ }, "skuSizeMB": { "type": "int", - "defaultValue": 5120 + "defaultValue": 204800 }, "skuTier": { "type": "string", diff --git a/AzureResourceManager/Xray/vm_install/vm_parameters.json b/AzureResourceManager/Xray/vm_install/vm_parameters.json index 6296ec4..1527241 100644 --- a/AzureResourceManager/Xray/vm_install/vm_parameters.json +++ b/AzureResourceManager/Xray/vm_install/vm_parameters.json @@ -90,10 +90,10 @@ "value": "OWERWRITE_THE_PASSWORD" }, "xrayVersion": { - "value": "3.9.1" + "value": "3.11.2" }, "scriptName": { "value": "install_xray_to_vm.sh" } } -} \ No newline at end of file +} From 0ebf6e8ad8d06da2e0befa56dec768a8012ec478 Mon Sep 17 00:00:00 2001 From: Anup Singh <64248163+anupteal@users.noreply.github.com> Date: Mon, 7 Dec 2020 23:38:00 +0530 Subject: [PATCH 9/9] Arm 7.11.5 (#71) * Updated artifactory & Jcr version 7.11.5 and xray version 3.12.0 in configurations files * Update azuredeploy_xray_vmss.json * Update azuredeploy_ms_ps.json * Update azuredeploy.json --- AzureResourceManager/Artifactory/azuredeploy_ms_ps.json | 7 ++++--- .../Artifactory/vm_install/vm_parameters.json | 2 +- AzureResourceManager/JCR/azuredeploy.json | 7 ++++--- AzureResourceManager/JCR/vm_install/vm_parameters.json | 2 +- AzureResourceManager/Xray/azuredeploy_xray_vmss.json | 5 +++-- AzureResourceManager/Xray/vm_install/vm_parameters.json | 2 +- 6 files changed, 14 insertions(+), 11 deletions(-) diff --git a/AzureResourceManager/Artifactory/azuredeploy_ms_ps.json b/AzureResourceManager/Artifactory/azuredeploy_ms_ps.json index 9b707c5..fb619e3 100644 --- a/AzureResourceManager/Artifactory/azuredeploy_ms_ps.json +++ b/AzureResourceManager/Artifactory/azuredeploy_ms_ps.json @@ -79,7 +79,7 @@ }, "artifactoryVersion": { "type": "string", - "defaultValue": "0.0.6", + "defaultValue": "0.0.7", "allowedValues": [ "6.11.3", "6.15.0", @@ -95,8 +95,9 @@ "0.0.2", "0.0.31", "0.0.4", - "0.0.52", - "0.0.6" + "0.0.52", + "0.0.6", + "0.0.7" ], "metadata": { "description": "Artifactory-vm image version to deploy." diff --git a/AzureResourceManager/Artifactory/vm_install/vm_parameters.json b/AzureResourceManager/Artifactory/vm_install/vm_parameters.json index d8c4b27..3699c89 100644 --- a/AzureResourceManager/Artifactory/vm_install/vm_parameters.json +++ b/AzureResourceManager/Artifactory/vm_install/vm_parameters.json @@ -90,7 +90,7 @@ "value": "OWERWRITE_THE_PASSWORD" }, "artifactoryVersion": { - "value": "7.11.2" + "value": "7.11.5" }, "scriptName": { "value": "install_pro7_to_vm.sh" diff --git a/AzureResourceManager/JCR/azuredeploy.json b/AzureResourceManager/JCR/azuredeploy.json index aa4a791..bab9aee 100644 --- a/AzureResourceManager/JCR/azuredeploy.json +++ b/AzureResourceManager/JCR/azuredeploy.json @@ -25,7 +25,7 @@ }, "artifactoryVersion": { "type": "string", - "defaultValue": "0.0.61", + "defaultValue": "0.0.7", "allowedValues": [ "7.2.1", "7.3.2", @@ -33,8 +33,9 @@ "0.0.2", "0.0.3", "0.0.4", - "0.0.5", - "0.0.61" + "0.0.5", + "0.0.61", + "0.0.7" ], "metadata": { "description": "JFrog Container Registry-vm image version to deploy." diff --git a/AzureResourceManager/JCR/vm_install/vm_parameters.json b/AzureResourceManager/JCR/vm_install/vm_parameters.json index 0d4b2b0..a94297b 100644 --- a/AzureResourceManager/JCR/vm_install/vm_parameters.json +++ b/AzureResourceManager/JCR/vm_install/vm_parameters.json @@ -81,7 +81,7 @@ "value": "OWERWRITE_THE_PASSWORD" }, "artifactoryVersion": { - "value": "7.11.2" + "value": "7.11.5" }, "scriptName": { "value": "install_jcr7_to_vm.sh" diff --git a/AzureResourceManager/Xray/azuredeploy_xray_vmss.json b/AzureResourceManager/Xray/azuredeploy_xray_vmss.json index 0b72892..1874143 100644 --- a/AzureResourceManager/Xray/azuredeploy_xray_vmss.json +++ b/AzureResourceManager/Xray/azuredeploy_xray_vmss.json @@ -19,14 +19,15 @@ }, "xrayVersion": { "type": "string", - "defaultValue": "0.0.8", + "defaultValue": "0.0.9", "allowedValues": [ "0.0.3", "0.0.4", "0.0.5", "0.0.6", "0.0.7", - "0.0.8" + "0.0.8", + "0.0.9" ], "metadata": { "description": "Xray-vm image version to deploy." diff --git a/AzureResourceManager/Xray/vm_install/vm_parameters.json b/AzureResourceManager/Xray/vm_install/vm_parameters.json index 1527241..cb3b111 100644 --- a/AzureResourceManager/Xray/vm_install/vm_parameters.json +++ b/AzureResourceManager/Xray/vm_install/vm_parameters.json @@ -90,7 +90,7 @@ "value": "OWERWRITE_THE_PASSWORD" }, "xrayVersion": { - "value": "3.11.2" + "value": "3.12.0" }, "scriptName": { "value": "install_xray_to_vm.sh"