[ansible] JFrog Platform 10.1.0 release (#185)

Ansible/ansible_collections/jfrog/platform/CHANGELOG.md

@@ -1,6 +1,11 @@
 # JFrog Platform Ansible Collection Changelog
 All changes to this collection will be documented in this file.
 
+## [10.1.0] - Dec 7, 2021
+* Updated artifactory postgresql driver to `42.3.1`
+* Update nginx installation on RHEL8/CentOS8 [GH-175](https://github.com/jfrog/JFrog-Cloud-Installers/pull/175)
+* Fixed idempotency issue when FIPS is enabled on the target [GH-176](https://github.com/jfrog/JFrog-Cloud-Installers/pull/176)
+
 ## [10.0.4] - Nov 30, 2021
 * Product fixes
 

Ansible/ansible_collections/jfrog/platform/galaxy.yml

@@ -9,7 +9,7 @@ namespace: "jfrog"
 name: "platform"
 
 # The version of the collection. Must be compatible with semantic versioning
-version: "10.0.4"
+version: "10.1.0"
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: "README.md"

Ansible/ansible_collections/jfrog/platform/roles/artifactory/defaults/main.yml

@@ -1,7 +1,7 @@
 # defaults file for artifactory
 
 # The version of artifactory to install
-artifactory_version: 7.27.10
+artifactory_version: 7.29.7
 
 # Set this to true when SSL is enabled (to use artifactory_nginx_ssl role), default to false (implies artifactory uses artifactory_nginx role )
 artifactory_nginx_ssl_enabled: false
@@ -43,7 +43,7 @@ artifactory_untar_home: "{{ jfrog_home_directory }}/artifactory-{{ artifactory_f
 # Timeout in seconds for URL request
 artifactory_download_timeout: 10
 
-postgres_driver_version: 42.2.24
+postgres_driver_version: 42.3.1
 postgres_driver_download_url: https://repo1.maven.org/maven2/org/postgresql/postgresql/{{ postgres_driver_version }}/postgresql-{{ postgres_driver_version }}.jar
 
 artifactory_user: artifactory

Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/install.yml

@@ -181,6 +181,7 @@
   shell: |
     restorecon -R -v "{{ jfrog_home_directory }}/artifactory/app/bin"
   when: ansible_distribution == 'RedHat'
+  changed_when: false
 
 - name: Create artifactory service
   become: yes

Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/main.yml

@@ -1,5 +1,5 @@
 # platform collection version
-platform_collection_version: 10.0.4
+platform_collection_version: 10.1.0
 
 # indicates where this collection was downloaded from (galaxy, automation_hub, standalone)
 ansible_marketplace: galaxy

Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/tasks/Debian.yml

@@ -1,3 +1,21 @@
+- name: Import nginx signing key
+  become: yes
+  apt_key:
+    url: https://nginx.org/keys/nginx_signing.key
+    state: present
+
+- name: Add nginx stable repo
+  become: yes
+  copy:
+    dest: /etc/apt/sources.list.d/nginx.list
+    owner: root
+    group: root
+    mode: '0644'
+    content: deb https://nginx.org/packages/{{ distro_family }} {{ distro_codename }} nginx
+  vars:
+    distro_family: "{{ ansible_distribution | lower }}"
+    distro_codename: "{{ ansible_distribution_release }}"
+
 - name: Update apt cache
   become: yes
   apt:

Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/tasks/RedHat.yml

@@ -1,15 +1,27 @@
-- name: Import EPEL GPG public key
+- name: Import nginx signing key
   become: yes
   rpm_key:
-    key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ version }}
+    key: https://nginx.org/keys/nginx_signing.key
     state: present
-  vars:
-    version: "{{ ansible_distribution_major_version }}"
 
-- name: Install EPEL repository
+- name: Add nginx stable repo
+  become: yes
+  copy:
+    dest: /etc/yum.repos.d/nginx-stable.repo
+    owner: root
+    group: root
+    mode: '0644'
+    content: |
+        [nginx-stable]
+        name=nginx stable repo
+        baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
+        gpgcheck=1
+        enabled=1
+        gpgkey=https://nginx.org/keys/nginx_signing.key
+        module_hotfixes=true
+
+- name: Update yum cache
   become: yes
   yum:
-    name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ version }}.noarch.rpm
     state: present
-  vars:
-    version: "{{ ansible_distribution_major_version }}"
+    update_cache: yes

Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/tasks/main.yml

@@ -1,7 +1,7 @@
 - name: Install prerequisite packages
   include_tasks: "{{ ansible_os_family }}.yml"
 
-- name: Install nginx after dependency installation
+- name: Install nginx
   become: yes
   package:
     name: nginx

Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/tasks/Debian.yml

@@ -1,3 +1,21 @@
+- name: Import nginx signing key
+  become: yes
+  apt_key:
+    url: https://nginx.org/keys/nginx_signing.key
+    state: present
+
+- name: Add nginx stable repo
+  become: yes
+  copy:
+    dest: /etc/apt/sources.list.d/nginx.list
+    owner: root
+    group: root
+    mode: '0644'
+    content: deb https://nginx.org/packages/{{ distro_family }} {{ distro_codename }} nginx
+  vars:
+    distro_family: "{{ ansible_distribution | lower }}"
+    distro_codename: "{{ ansible_distribution_release }}"
+
 - name: Update apt cache
   become: yes
   apt:

Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/tasks/RedHat.yml

@@ -1,15 +1,27 @@
-- name: Import EPEL GPG public key
+- name: Import nginx signing key
   become: yes
   rpm_key:
-    key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ version }}
+    key: https://nginx.org/keys/nginx_signing.key
     state: present
-  vars:
-    version: "{{ ansible_distribution_major_version }}"
 
-- name: Install EPEL repository
+- name: Add nginx stable repo
+  become: yes
+  copy:
+    dest: /etc/yum.repos.d/nginx-stable.repo
+    owner: root
+    group: root
+    mode: '0644'
+    content: |
+        [nginx-stable]
+        name=nginx stable repo
+        baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
+        gpgcheck=1
+        enabled=1
+        gpgkey=https://nginx.org/keys/nginx_signing.key
+        module_hotfixes=true
+
+- name: Update yum cache
   become: yes
   yum:
-    name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ version }}.noarch.rpm
     state: present
-  vars:
-    version: "{{ ansible_distribution_major_version }}"
+    update_cache: yes

Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/tasks/main.yml

@@ -1,4 +1,4 @@
-- name: "Check required variables"
+- name: Check required variables
   fail: msg="Variable '{{ item }}' is not defined"
   when: item not in vars
   loop:
@@ -9,7 +9,7 @@
 - name: Install prerequisite packages
   include_tasks: "{{ ansible_os_family }}.yml"
 
-- name: Install nginx after dependency installation
+- name: Install nginx
   become: yes
   package:
     name: nginx

Ansible/ansible_collections/jfrog/platform/roles/distribution/defaults/main.yml

@@ -1,7 +1,7 @@
 # defaults file for distribution
 
 # The version of distribution to install
-distribution_version: 2.10.3
+distribution_version: 2.10.5
 
 # whether to enable HA
 distribution_ha_enabled: false

Ansible/ansible_collections/jfrog/platform/roles/distribution/vars/main.yml

@@ -1,5 +1,5 @@
 # platform collection version
-platform_collection_version: 10.0.4
+platform_collection_version: 10.1.0
 
 # indicates were this collection was downlaoded from (galaxy, automation_hub, standalone)
 ansible_marketplace: galaxy

Ansible/ansible_collections/jfrog/platform/roles/insight/vars/main.yml

@@ -1,5 +1,5 @@
 # platform collection version
-platform_collection_version: 10.0.4
+platform_collection_version: 10.1.0
 
 # indicates were this collection was downlaoded from (galaxy, automation_hub, standalone)
 ansible_marketplace: galaxy

Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/RedHat.yml

@@ -1,20 +1,3 @@
-- name: Import EPEL GPG public key
-  become: yes
-  rpm_key:
-    key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ version }}
-    state: present
-  vars:
-    version: "{{ ansible_distribution_major_version }}"
-
-- name: Install EPEL repository
-  become: yes
-  yum:
-    name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ version }}.noarch.rpm
-    state: present
-  vars:
-    version: "{{ ansible_distribution_major_version }}"
-  when: ansible_distribution in ['CentOS', 'RedHat']
-
 - name: Install prerequisite packages
   become: yes
   yum:

Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/install.yml

@@ -31,6 +31,12 @@
   environment:
     LC_ALL: "{{ postgres_locale }}"
 
+- name: Check FIPS status
+  command: cat /proc/sys/crypto/fips_enabled
+  register: _fips_enabled
+  ignore_errors: true
+  changed_when: false
+
 - name: Setup postgres configuration files
   become: yes
   become_user: postgres

Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/main.yml

@@ -1,3 +1,3 @@
 - name: Install postgres
   include_tasks: "install.yml"
-  when: postgres_enabled
+  when: postgres_enabled | bool

Ansible/ansible_collections/jfrog/platform/roles/postgres/templates/postgresql.conf.j2

@@ -97,7 +97,12 @@ max_connections = {{ postgres_server_max_connections }}			# (change requires res
 #ssl_key_file = 'server.key'		# (change requires restart)
 #ssl_ca_file = ''			# (change requires restart)
 #ssl_crl_file = ''			# (change requires restart)
+
+{% if _fips_enabled.stdout | default('unknown', true) == '1' %}
+password_encryption = scram-sha-256
+{% else %}
 #password_encryption = on
+{% endif %}
 #db_user_namespace = off
 #row_security = on
 

Ansible/ansible_collections/jfrog/platform/roles/xray/vars/main.yml

@@ -1,5 +1,5 @@
 # platform collection version
-platform_collection_version: 10.0.3
+platform_collection_version: 10.1.0
 
 # indicates were this collection was downlaoded from (galaxy, automation_hub, standalone)
 ansible_marketplace: galaxy