From 29ef02fddbacd17a521a2ecff7ee6bded45d8add Mon Sep 17 00:00:00 2001 From: Ram Mohan Rao Chukka <1331672+chukka@users.noreply.github.com> Date: Wed, 8 Dec 2021 08:14:27 +0530 Subject: [PATCH] [ansible] JFrog Platform 10.1.0 release (#185) --- .../jfrog/platform/CHANGELOG.md | 5 ++++ .../jfrog/platform/galaxy.yml | 2 +- .../roles/artifactory/defaults/main.yml | 4 +-- .../roles/artifactory/tasks/RedHat.yml | 2 +- .../roles/artifactory/tasks/install.yml | 1 + .../platform/roles/artifactory/vars/main.yml | 2 +- .../roles/artifactory_nginx/tasks/Debian.yml | 18 ++++++++++++ .../roles/artifactory_nginx/tasks/RedHat.yml | 28 +++++++++++++------ .../roles/artifactory_nginx/tasks/main.yml | 2 +- .../artifactory_nginx_ssl/tasks/Debian.yml | 18 ++++++++++++ .../artifactory_nginx_ssl/tasks/RedHat.yml | 28 +++++++++++++------ .../artifactory_nginx_ssl/tasks/main.yml | 4 +-- .../roles/distribution/defaults/main.yml | 2 +- .../platform/roles/distribution/vars/main.yml | 2 +- .../platform/roles/insight/vars/main.yml | 2 +- .../platform/roles/postgres/tasks/RedHat.yml | 17 ----------- .../platform/roles/postgres/tasks/install.yml | 6 ++++ .../platform/roles/postgres/tasks/main.yml | 2 +- .../postgres/templates/postgresql.conf.j2 | 5 ++++ .../jfrog/platform/roles/xray/vars/main.yml | 2 +- 20 files changed, 106 insertions(+), 46 deletions(-) diff --git a/Ansible/ansible_collections/jfrog/platform/CHANGELOG.md b/Ansible/ansible_collections/jfrog/platform/CHANGELOG.md index 8d3e22d..a604dc4 100644 --- a/Ansible/ansible_collections/jfrog/platform/CHANGELOG.md +++ b/Ansible/ansible_collections/jfrog/platform/CHANGELOG.md @@ -1,6 +1,11 @@ # JFrog Platform Ansible Collection Changelog All changes to this collection will be documented in this file. +## [10.1.0] - Dec 7, 2021 +* Updated artifactory postgresql driver to `42.3.1` +* Update nginx installation on RHEL8/CentOS8 [GH-175](https://github.com/jfrog/JFrog-Cloud-Installers/pull/175) +* Fixed idempotency issue when FIPS is enabled on the target [GH-176](https://github.com/jfrog/JFrog-Cloud-Installers/pull/176) + ## [10.0.4] - Nov 30, 2021 * Product fixes diff --git a/Ansible/ansible_collections/jfrog/platform/galaxy.yml b/Ansible/ansible_collections/jfrog/platform/galaxy.yml index 5ffa7fe..faf735b 100644 --- a/Ansible/ansible_collections/jfrog/platform/galaxy.yml +++ b/Ansible/ansible_collections/jfrog/platform/galaxy.yml @@ -9,7 +9,7 @@ namespace: "jfrog" name: "platform" # The version of the collection. Must be compatible with semantic versioning -version: "10.0.4" +version: "10.1.0" # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: "README.md" diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/defaults/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/defaults/main.yml index 9848b43..fd5d239 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/defaults/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/defaults/main.yml @@ -1,7 +1,7 @@ # defaults file for artifactory # The version of artifactory to install -artifactory_version: 7.27.10 +artifactory_version: 7.29.7 # Set this to true when SSL is enabled (to use artifactory_nginx_ssl role), default to false (implies artifactory uses artifactory_nginx role ) artifactory_nginx_ssl_enabled: false @@ -43,7 +43,7 @@ artifactory_untar_home: "{{ jfrog_home_directory }}/artifactory-{{ artifactory_f # Timeout in seconds for URL request artifactory_download_timeout: 10 -postgres_driver_version: 42.2.24 +postgres_driver_version: 42.3.1 postgres_driver_download_url: https://repo1.maven.org/maven2/org/postgresql/postgresql/{{ postgres_driver_version }}/postgresql-{{ postgres_driver_version }}.jar artifactory_user: artifactory diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/RedHat.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/RedHat.yml index cf52fa4..e7422cf 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/RedHat.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/RedHat.yml @@ -4,7 +4,7 @@ name: ['net-tools', '{{ selinux_policy_package }}'] state: present -- name: Configure SELinux context +- name: Configure SELinux context become: yes sefcontext: target: "{{ jfrog_home_directory }}/artifactory/app/bin(/.*)?" diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/install.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/install.yml index dc0c089..694458d 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/install.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/install.yml @@ -181,6 +181,7 @@ shell: | restorecon -R -v "{{ jfrog_home_directory }}/artifactory/app/bin" when: ansible_distribution == 'RedHat' + changed_when: false - name: Create artifactory service become: yes diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/main.yml index 5deef48..1c70f2b 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/main.yml @@ -1,5 +1,5 @@ # platform collection version -platform_collection_version: 10.0.4 +platform_collection_version: 10.1.0 # indicates where this collection was downloaded from (galaxy, automation_hub, standalone) ansible_marketplace: galaxy diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/tasks/Debian.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/tasks/Debian.yml index d0fc476..e804f5e 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/tasks/Debian.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/tasks/Debian.yml @@ -1,3 +1,21 @@ +- name: Import nginx signing key + become: yes + apt_key: + url: https://nginx.org/keys/nginx_signing.key + state: present + +- name: Add nginx stable repo + become: yes + copy: + dest: /etc/apt/sources.list.d/nginx.list + owner: root + group: root + mode: '0644' + content: deb https://nginx.org/packages/{{ distro_family }} {{ distro_codename }} nginx + vars: + distro_family: "{{ ansible_distribution | lower }}" + distro_codename: "{{ ansible_distribution_release }}" + - name: Update apt cache become: yes apt: diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/tasks/RedHat.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/tasks/RedHat.yml index d4c8175..a01469b 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/tasks/RedHat.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/tasks/RedHat.yml @@ -1,15 +1,27 @@ -- name: Import EPEL GPG public key +- name: Import nginx signing key become: yes rpm_key: - key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ version }} + key: https://nginx.org/keys/nginx_signing.key state: present - vars: - version: "{{ ansible_distribution_major_version }}" -- name: Install EPEL repository +- name: Add nginx stable repo + become: yes + copy: + dest: /etc/yum.repos.d/nginx-stable.repo + owner: root + group: root + mode: '0644' + content: | + [nginx-stable] + name=nginx stable repo + baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ + gpgcheck=1 + enabled=1 + gpgkey=https://nginx.org/keys/nginx_signing.key + module_hotfixes=true + +- name: Update yum cache become: yes yum: - name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ version }}.noarch.rpm state: present - vars: - version: "{{ ansible_distribution_major_version }}" + update_cache: yes diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/tasks/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/tasks/main.yml index 10f855e..0908757 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/tasks/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/tasks/main.yml @@ -1,7 +1,7 @@ - name: Install prerequisite packages include_tasks: "{{ ansible_os_family }}.yml" -- name: Install nginx after dependency installation +- name: Install nginx become: yes package: name: nginx diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/tasks/Debian.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/tasks/Debian.yml index d0fc476..e804f5e 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/tasks/Debian.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/tasks/Debian.yml @@ -1,3 +1,21 @@ +- name: Import nginx signing key + become: yes + apt_key: + url: https://nginx.org/keys/nginx_signing.key + state: present + +- name: Add nginx stable repo + become: yes + copy: + dest: /etc/apt/sources.list.d/nginx.list + owner: root + group: root + mode: '0644' + content: deb https://nginx.org/packages/{{ distro_family }} {{ distro_codename }} nginx + vars: + distro_family: "{{ ansible_distribution | lower }}" + distro_codename: "{{ ansible_distribution_release }}" + - name: Update apt cache become: yes apt: diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/tasks/RedHat.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/tasks/RedHat.yml index d4c8175..a01469b 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/tasks/RedHat.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/tasks/RedHat.yml @@ -1,15 +1,27 @@ -- name: Import EPEL GPG public key +- name: Import nginx signing key become: yes rpm_key: - key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ version }} + key: https://nginx.org/keys/nginx_signing.key state: present - vars: - version: "{{ ansible_distribution_major_version }}" -- name: Install EPEL repository +- name: Add nginx stable repo + become: yes + copy: + dest: /etc/yum.repos.d/nginx-stable.repo + owner: root + group: root + mode: '0644' + content: | + [nginx-stable] + name=nginx stable repo + baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ + gpgcheck=1 + enabled=1 + gpgkey=https://nginx.org/keys/nginx_signing.key + module_hotfixes=true + +- name: Update yum cache become: yes yum: - name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ version }}.noarch.rpm state: present - vars: - version: "{{ ansible_distribution_major_version }}" + update_cache: yes diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/tasks/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/tasks/main.yml index aa64e75..4335c5e 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/tasks/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/tasks/main.yml @@ -1,4 +1,4 @@ -- name: "Check required variables" +- name: Check required variables fail: msg="Variable '{{ item }}' is not defined" when: item not in vars loop: @@ -9,7 +9,7 @@ - name: Install prerequisite packages include_tasks: "{{ ansible_os_family }}.yml" -- name: Install nginx after dependency installation +- name: Install nginx become: yes package: name: nginx diff --git a/Ansible/ansible_collections/jfrog/platform/roles/distribution/defaults/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/distribution/defaults/main.yml index bd7b3d6..3f2d2c0 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/distribution/defaults/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/distribution/defaults/main.yml @@ -1,7 +1,7 @@ # defaults file for distribution # The version of distribution to install -distribution_version: 2.10.3 +distribution_version: 2.10.5 # whether to enable HA distribution_ha_enabled: false diff --git a/Ansible/ansible_collections/jfrog/platform/roles/distribution/vars/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/distribution/vars/main.yml index d0ba54d..75ed311 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/distribution/vars/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/distribution/vars/main.yml @@ -1,5 +1,5 @@ # platform collection version -platform_collection_version: 10.0.4 +platform_collection_version: 10.1.0 # indicates were this collection was downlaoded from (galaxy, automation_hub, standalone) ansible_marketplace: galaxy diff --git a/Ansible/ansible_collections/jfrog/platform/roles/insight/vars/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/insight/vars/main.yml index d0ba54d..75ed311 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/insight/vars/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/insight/vars/main.yml @@ -1,5 +1,5 @@ # platform collection version -platform_collection_version: 10.0.4 +platform_collection_version: 10.1.0 # indicates were this collection was downlaoded from (galaxy, automation_hub, standalone) ansible_marketplace: galaxy diff --git a/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/RedHat.yml b/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/RedHat.yml index 46e1463..ac61e9c 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/RedHat.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/RedHat.yml @@ -1,20 +1,3 @@ -- name: Import EPEL GPG public key - become: yes - rpm_key: - key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ version }} - state: present - vars: - version: "{{ ansible_distribution_major_version }}" - -- name: Install EPEL repository - become: yes - yum: - name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ version }}.noarch.rpm - state: present - vars: - version: "{{ ansible_distribution_major_version }}" - when: ansible_distribution in ['CentOS', 'RedHat'] - - name: Install prerequisite packages become: yes yum: diff --git a/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/install.yml b/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/install.yml index 028bf69..1bc5f79 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/install.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/install.yml @@ -31,6 +31,12 @@ environment: LC_ALL: "{{ postgres_locale }}" +- name: Check FIPS status + command: cat /proc/sys/crypto/fips_enabled + register: _fips_enabled + ignore_errors: true + changed_when: false + - name: Setup postgres configuration files become: yes become_user: postgres diff --git a/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/main.yml index e4fc070..2628389 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/main.yml @@ -1,3 +1,3 @@ - name: Install postgres include_tasks: "install.yml" - when: postgres_enabled + when: postgres_enabled | bool diff --git a/Ansible/ansible_collections/jfrog/platform/roles/postgres/templates/postgresql.conf.j2 b/Ansible/ansible_collections/jfrog/platform/roles/postgres/templates/postgresql.conf.j2 index 3fd1cda..e34093e 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/postgres/templates/postgresql.conf.j2 +++ b/Ansible/ansible_collections/jfrog/platform/roles/postgres/templates/postgresql.conf.j2 @@ -97,7 +97,12 @@ max_connections = {{ postgres_server_max_connections }} # (change requires res #ssl_key_file = 'server.key' # (change requires restart) #ssl_ca_file = '' # (change requires restart) #ssl_crl_file = '' # (change requires restart) + +{% if _fips_enabled.stdout | default('unknown', true) == '1' %} +password_encryption = scram-sha-256 +{% else %} #password_encryption = on +{% endif %} #db_user_namespace = off #row_security = on diff --git a/Ansible/ansible_collections/jfrog/platform/roles/xray/vars/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/xray/vars/main.yml index 17bc9c0..75ed311 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/xray/vars/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/xray/vars/main.yml @@ -1,5 +1,5 @@ # platform collection version -platform_collection_version: 10.0.3 +platform_collection_version: 10.1.0 # indicates were this collection was downlaoded from (galaxy, automation_hub, standalone) ansible_marketplace: galaxy