From 3c4443cbf38cb2193112663cfc45b66c849df0e2 Mon Sep 17 00:00:00 2001 From: Vinay Aggarwal Date: Sat, 8 May 2021 14:10:45 -0700 Subject: [PATCH] updated containers, self published and MP to 7.18.6 --- .../roles/xray-ami/tasks/RedHat.yml | 2 +- .../roles/xray/tasks/RedHat.yml | 2 +- ...artifactory-ec2-existing-vpc.template.yaml | 7 +- ...rog-artifactory-ec2-instance.template.yaml | 45 +- ...jfrog-artifactory-ec2-master.template.yaml | 7 +- ...-pro-ec2-existing-vpc-master.template.yaml | 6 +- ...ctory-pro-ec2-new-vpc-master.template.yaml | 6 +- .../jfrog-xray-ec2-instance.template.yaml | 2 +- .../cloudInstallerScripts/artifactory-ami.yml | 5 + .../roles/artifactory-ami/.travis.yml | 29 + .../roles/artifactory-ami/defaults/main.yml | 60 + .../roles/artifactory-ami/handlers/main.yml | 10 + .../roles/artifactory-ami/meta/exception.yml | 6 + .../roles/artifactory-ami/meta/main.yml | 35 + .../artifactory-ami/meta/preferences.yml | 2 + .../roles/artifactory-ami/meta/version.yml | 6 + .../roles/artifactory-ami/tasks/main.yml | 82 ++ .../templates/artifactory.cluster.license.j2 | 37 + .../templates/binarystore.xml.j2 | 4 + .../templates/installer-info.json.j2 | 12 + .../artifactory-ami/templates/join.key.j2 | 1 + .../artifactory-ami/templates/master.key.j2 | 1 + .../artifactory-ami/templates/system.yaml.j2 | 38 + .../roles/artifactory-ami/vars/main.yml | 2 + .../roles/artifactory-nginx-ami/.travis.yml | 29 + .../artifactory-nginx-ami/defaults/main.yml | 2 + .../artifactory-nginx-ami/files/nginx.conf | 37 + .../artifactory-nginx-ami/handlers/main.yml | 2 + .../roles/artifactory-nginx-ami/meta/main.yml | 53 + .../artifactory-nginx-ami/tasks/main.yml | 30 + .../templates/artifactory.conf.j2 | 43 + .../artifactory-nginx-ami/tests/inventory | 2 + .../artifactory-nginx-ami/tests/test.yml | 5 + .../roles/artifactory-nginx-ami/vars/main.yml | 2 + .../roles/artifactory-nginx-ssl/.travis.yml | 29 + .../artifactory-nginx-ssl/defaults/main.yml | 2 + .../artifactory-nginx-ssl/handlers/main.yml | 2 + .../roles/artifactory-nginx-ssl/meta/main.yml | 53 + .../artifactory-nginx-ssl/tasks/main.yml | 54 + .../templates/artifactory.conf.j2 | 49 + .../templates/certificate.key.j2 | 1 + .../templates/certificate.pem.j2 | 1 + .../artifactory-nginx-ssl/tests/inventory | 2 + .../artifactory-nginx-ssl/tests/test.yml | 5 + .../roles/artifactory-nginx-ssl/vars/main.yml | 2 + .../roles/artifactory-nginx/.travis.yml | 29 + .../roles/artifactory-nginx/defaults/main.yml | 2 + .../roles/artifactory-nginx/files/nginx.conf | 37 + .../roles/artifactory-nginx/handlers/main.yml | 2 + .../roles/artifactory-nginx/meta/main.yml | 53 + .../roles/artifactory-nginx/tasks/main.yml | 34 + .../templates/artifactory.conf.j2 | 43 + .../roles/artifactory-nginx/tests/inventory | 2 + .../roles/artifactory-nginx/tests/test.yml | 5 + .../roles/artifactory-nginx/vars/main.yml | 2 + .../roles/artifactory/.travis.yml | 29 + .../roles/artifactory/defaults/main.yml | 52 + .../roles/artifactory/handlers/main.yml | 10 + .../roles/artifactory/meta/exception.yml | 6 + .../roles/artifactory/meta/main.yml | 35 + .../roles/artifactory/meta/preferences.yml | 2 + .../roles/artifactory/meta/version.yml | 6 + .../artifactory/tasks/configure-licenses.yml | 43 + .../tasks/custom-data-directory.yml | 44 + .../roles/artifactory/tasks/main.yml | 132 ++ .../templates/artifactory.cluster.license.j2 | 6 + .../templates/artifactory.pro.license.j2 | 8 + .../artifactory/templates/binarystore.xml.j2 | 14 + .../templates/installer-info.json.j2 | 11 + .../roles/artifactory/templates/join.key.j2 | 1 + .../roles/artifactory/templates/master.key.j2 | 1 + .../artifactory/templates/system.yaml.j2 | 40 + .../roles/artifactory/vars/main.yml | 2 + .../roles/xray-ami/.travis.yml | 29 + .../roles/xray-ami/defaults/main.yml | 26 + .../roles/xray-ami/handlers/main.yml | 2 + .../roles/xray-ami/meta/main.yml | 53 + .../roles/xray-ami/tasks/Debian.yml | 37 + .../roles/xray-ami/tasks/RedHat.yml | 21 + .../roles/xray-ami/tasks/main.yml | 60 + .../xray-ami/templates/installer-info.json.j2 | 11 + .../roles/xray-ami/templates/join.key.j2 | 1 + .../roles/xray-ami/templates/master.key.j2 | 1 + .../roles/xray-ami/templates/system.yaml.j2 | 36 + .../roles/xray-ami/tests/inventory | 2 + .../roles/xray-ami/tests/test.yml | 5 + .../roles/xray-ami/vars/main.yml | 2 + .../roles/xray/.travis.yml | 29 + .../roles/xray/defaults/main.yml | 29 + .../roles/xray/handlers/main.yml | 2 + .../roles/xray/meta/main.yml | 53 + .../roles/xray/tasks/Debian.yml | 37 + .../roles/xray/tasks/RedHat.yml | 21 + .../xray/tasks/custom-data-directory.yml | 44 + .../roles/xray/tasks/initialize-pg-db.yml | 52 + .../roles/xray/tasks/main.yml | 80 ++ .../xray/templates/installer-info.json.j2 | 11 + .../roles/xray/templates/join.key.j2 | 1 + .../roles/xray/templates/master.key.j2 | 1 + .../roles/xray/templates/system.yaml.j2 | 39 + .../roles/xray/tests/inventory | 2 + .../roles/xray/tests/test.yml | 5 + .../roles/xray/vars/main.yml | 2 + .../site-artifactory.yml | 12 + .../v7186/cloudInstallerScripts/site-xray.yml | 5 + .../v7186/cloudInstallerScripts/xray-ami.yml | 5 + ...ifactory-core-infrastructure.template.yaml | 425 +++++++ ...artifactory-ec2-existing-vpc.template.yaml | 1110 +++++++++++++++++ ...rog-artifactory-ec2-instance.template.yaml | 454 +++++++ ...jfrog-artifactory-ec2-master.template.yaml | 613 +++++++++ ...-pro-ec2-existing-vpc-master.template.yaml | 353 ++++++ ...ctory-pro-ec2-new-vpc-master.template.yaml | 298 +++++ .../jfrog-xray-ec2-instance.template.yaml | 326 +++++ Amazon/containers/Dockerfile | 2 +- Amazon/containers/buildAwsContainers.sh | 34 +- ...ifactory-core-infrastructure.template.yaml | 360 ++++++ ...artifactory-ec2-existing-vpc.template.yaml | 802 ++++++++++++ ...rog-artifactory-ec2-instance.template.yaml | 367 ++++++ .../jfrog-xray-ec2-instance.template.yaml | 255 ++++ 119 files changed, 7524 insertions(+), 54 deletions(-) create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/artifactory-ami.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/.travis.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/defaults/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/handlers/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/meta/exception.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/meta/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/meta/preferences.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/meta/version.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/tasks/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/artifactory.cluster.license.j2 create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/binarystore.xml.j2 create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/installer-info.json.j2 create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/join.key.j2 create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/master.key.j2 create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/system.yaml.j2 create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/vars/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/.travis.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/defaults/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/files/nginx.conf create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/handlers/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/meta/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/tasks/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/templates/artifactory.conf.j2 create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/tests/inventory create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/tests/test.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/vars/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/.travis.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/defaults/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/handlers/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/meta/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/tasks/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/templates/artifactory.conf.j2 create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/templates/certificate.key.j2 create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/templates/certificate.pem.j2 create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/tests/inventory create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/tests/test.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/vars/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/.travis.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/defaults/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/files/nginx.conf create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/handlers/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/meta/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/tasks/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/templates/artifactory.conf.j2 create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/tests/inventory create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/tests/test.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/vars/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/.travis.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/defaults/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/handlers/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/meta/exception.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/meta/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/meta/preferences.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/meta/version.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/tasks/configure-licenses.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/tasks/custom-data-directory.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/tasks/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/artifactory.cluster.license.j2 create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/artifactory.pro.license.j2 create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/binarystore.xml.j2 create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/installer-info.json.j2 create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/join.key.j2 create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/master.key.j2 create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/system.yaml.j2 create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/vars/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/.travis.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/defaults/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/handlers/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/meta/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/tasks/Debian.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/tasks/RedHat.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/tasks/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/templates/installer-info.json.j2 create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/templates/join.key.j2 create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/templates/master.key.j2 create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/templates/system.yaml.j2 create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/tests/inventory create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/tests/test.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/vars/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/.travis.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/defaults/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/handlers/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/meta/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tasks/Debian.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tasks/RedHat.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tasks/custom-data-directory.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tasks/initialize-pg-db.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tasks/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/templates/installer-info.json.j2 create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/templates/join.key.j2 create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/templates/master.key.j2 create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/templates/system.yaml.j2 create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tests/inventory create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tests/test.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/vars/main.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/site-artifactory.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/site-xray.yml create mode 100644 Amazon/artifactory7/v7186/cloudInstallerScripts/xray-ami.yml create mode 100644 Amazon/artifactory7/v7186/templates/jfrog-artifactory-core-infrastructure.template.yaml create mode 100644 Amazon/artifactory7/v7186/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml create mode 100644 Amazon/artifactory7/v7186/templates/jfrog-artifactory-ec2-instance.template.yaml create mode 100644 Amazon/artifactory7/v7186/templates/jfrog-artifactory-ec2-master.template.yaml create mode 100644 Amazon/artifactory7/v7186/templates/jfrog-artifactory-pro-ec2-existing-vpc-master.template.yaml create mode 100644 Amazon/artifactory7/v7186/templates/jfrog-artifactory-pro-ec2-new-vpc-master.template.yaml create mode 100644 Amazon/artifactory7/v7186/templates/jfrog-xray-ec2-instance.template.yaml create mode 100644 Amazon/marketplace-jfrog-artifactory/v7186/templates/jfrog-artifactory-core-infrastructure.template.yaml create mode 100644 Amazon/marketplace-jfrog-artifactory/v7186/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml create mode 100644 Amazon/marketplace-jfrog-artifactory/v7186/templates/jfrog-artifactory-ec2-instance.template.yaml create mode 100644 Amazon/marketplace-jfrog-artifactory/v7186/templates/jfrog-xray-ec2-instance.template.yaml diff --git a/Amazon/artifactory7/latest/cloudInstallerScripts/roles/xray-ami/tasks/RedHat.yml b/Amazon/artifactory7/latest/cloudInstallerScripts/roles/xray-ami/tasks/RedHat.yml index efdc081..8435a82 100644 --- a/Amazon/artifactory7/latest/cloudInstallerScripts/roles/xray-ami/tasks/RedHat.yml +++ b/Amazon/artifactory7/latest/cloudInstallerScripts/roles/xray-ami/tasks/RedHat.yml @@ -15,7 +15,7 @@ - name: Install erlang yum: - name: "{{ xray_home }}/app/third-party/rabbitmq/erlang-22.3.4-1.el7.x86_64.rpm" + name: "{{ xray_home }}/app/third-party/rabbitmq/erlang-23.2.7-1.el7.x86_64.rpm" state: present vars: ansible_python_interpreter: /bin/python2 diff --git a/Amazon/artifactory7/latest/cloudInstallerScripts/roles/xray/tasks/RedHat.yml b/Amazon/artifactory7/latest/cloudInstallerScripts/roles/xray/tasks/RedHat.yml index efdc081..8435a82 100644 --- a/Amazon/artifactory7/latest/cloudInstallerScripts/roles/xray/tasks/RedHat.yml +++ b/Amazon/artifactory7/latest/cloudInstallerScripts/roles/xray/tasks/RedHat.yml @@ -15,7 +15,7 @@ - name: Install erlang yum: - name: "{{ xray_home }}/app/third-party/rabbitmq/erlang-22.3.4-1.el7.x86_64.rpm" + name: "{{ xray_home }}/app/third-party/rabbitmq/erlang-23.2.7-1.el7.x86_64.rpm" state: present vars: ansible_python_interpreter: /bin/python2 diff --git a/Amazon/artifactory7/latest/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml b/Amazon/artifactory7/latest/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml index 4abb756..5b629f0 100644 --- a/Amazon/artifactory7/latest/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml +++ b/Amazon/artifactory7/latest/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml @@ -2,7 +2,8 @@ AWSTemplateFormatVersion: '2010-09-09' Description: 'JFrog Artifactory Quick Start Deployment into an Existing VPC (qs-1q037efj0)' Metadata: QuickStartDocumentation: - EntrypointName: "Launch into an existing VPC" + EntrypointName: "Parameters for launching into an existing VPC" + Order: "2" AWS::CloudFormation::Interface: ParameterGroups: - Label: @@ -365,7 +366,7 @@ Parameters: https://www.jfrog.com/confluence/display/RTF/Release+Notes. AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ ConstraintDescription: A version that matches X.X.X per Artifactory releases - Default: 7.17.5 + Default: 7.18.6 Type: String SmLicenseName: Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses. @@ -504,7 +505,7 @@ Parameters: Description: The version of Xray that you want to deploy into the Quick Start. AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ ConstraintDescription: A version that matches X.X.X per Xray releases. - Default: 3.22.1 + Default: 3.24.2 Type: String XrayNumberOfInstances: Description: The number of Xray instances servers to complete your diff --git a/Amazon/artifactory7/latest/templates/jfrog-artifactory-ec2-instance.template.yaml b/Amazon/artifactory7/latest/templates/jfrog-artifactory-ec2-instance.template.yaml index 1c7e1ee..54adb68 100644 --- a/Amazon/artifactory7/latest/templates/jfrog-artifactory-ec2-instance.template.yaml +++ b/Amazon/artifactory7/latest/templates/jfrog-artifactory-ec2-instance.template.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: "2010-09-09" -Description: "Deploys the EC2 Autoscaling, LaunchConfig and Instance for Artifactory (qs-1qpmmjh5o)" +Description: "Artifactory: Deploys the EC2 Autoscaling, LaunchConfig and instances (qs-1qpmmjh5o)" Parameters: PrivateSubnetIds: Type: List @@ -87,28 +87,40 @@ Parameters: Type: String Default: '/artifactory-user-data' -# To populate additional mappings use the following with the desired --region -# aws --region us-west-2 ec2 describe-images --owners amazon --filters 'Name=name,Values=amzn-ami-hvm-2018.03.0.20181129-x86_64-gp2' 'Name=state,Values=available' --output json | jq -r '.Images | sort_by(.CreationDate) | last(.[]).ImageId' +# To populate additional mappings use following link +# https://raw.githubusercontent.com/aws-quickstart/quickstart-linux-bastion/master/templates/linux-bastion.template Mappings: AWSAMIRegionMap: ap-northeast-1: - CentOS7HVM: "ami-00a5245b4816c38e6" + CentOS7HVM: "ami-06a46da680048c8ae" ap-northeast-2: - CentOS7HVM: "ami-00dc207f8ba6dc919" + CentOS7HVM: "ami-06e83aceba2cb0907" ap-south-1: - CentOS7HVM: "ami-0ad42f4f66f6c1cc9" + CentOS7HVM: "ami-026f33d38b6410e30" ap-southeast-1: - CentOS7HVM: "ami-05b3bcf7f311194b3" + CentOS7HVM: "ami-07f65177cb990d65b" ap-southeast-2: - CentOS7HVM: "ami-02fd0b06f06d93dfc" + CentOS7HVM: "ami-0b2045146eb00b617" ca-central-1: - CentOS7HVM: "ami-07423fb63ea0a0930" + CentOS7HVM: "ami-04a25c39dc7a8aebb" eu-central-1: - CentOS7HVM: "ami-0cfbf4f6db41068ac" + CentOS7HVM: "ami-0e8286b71b81c3cc1" + me-south-1: + CentOS7HVM: "ami-011c71a894b10f35b" + ap-east-1: + CentOS7HVM: "ami-0e5c29e6c87a9644f" + eu-north-1: + CentOS7HVM: "ami-05788af9005ef9a93" + eu-south-1: + CentOS7HVM: "ami-0a84267606bcea16b" eu-west-1: - CentOS7HVM: "ami-08935252a36e25f85" + CentOS7HVM: "ami-0b850cf02cc00fdc8" + eu-west-2: + CentOS7HVM: "ami-09e5afc68eed60ef4" + eu-west-3: + CentOS7HVM: "ami-0cb72d2e599cffbf9" sa-east-1: - CentOS7HVM: "ami-05145e0b28ad8e0b2" + CentOS7HVM: "ami-0b30f38d939dd4b54" us-east-1: CentOS7HVM: "ami-0affd4508a5d2481b" us-east-2: @@ -117,6 +129,15 @@ Mappings: CentOS7HVM: "ami-098f55b4287a885ba" us-west-2: CentOS7HVM: "ami-0bc06212a56393ee1" + cn-north-1: + CentOS7HVM: "ami-0e02aaefeb74c3373" + cn-northwest-1: + CentOS7HVM: "ami-07183a7702633260b" + us-gov-east-1: + CentOS7HVM: "ami-00e30c71" + us-gov-west-1: + CentOS7HVM: "ami-bbba86da" + ArtifactoryProductMap: JFrog-Container-Registry: "7153": "Jcr7153" diff --git a/Amazon/artifactory7/latest/templates/jfrog-artifactory-ec2-master.template.yaml b/Amazon/artifactory7/latest/templates/jfrog-artifactory-ec2-master.template.yaml index 2a8a0fb..933220c 100644 --- a/Amazon/artifactory7/latest/templates/jfrog-artifactory-ec2-master.template.yaml +++ b/Amazon/artifactory7/latest/templates/jfrog-artifactory-ec2-master.template.yaml @@ -2,7 +2,8 @@ AWSTemplateFormatVersion: '2010-09-09' Description: 'JFrog Artifactory Quick Start Deployment (qs-1qpmmjh2f)' Metadata: QuickStartDocumentation: - EntrypointName: "Launch into a new VPC" + EntrypointName: "Parameters for launching into a new VPC" + Order: "1" AWS::CloudFormation::Interface: ParameterGroups: - Label: @@ -343,7 +344,7 @@ Parameters: Description: Version of Artifactory that you want to deploy into the Quick Start. To select the correct version, see the release notes at https://www.jfrog.com/confluence/display/RTF/Release+Notes. - Default: 7.17.5 + Default: 7.18.6 Type: String SmLicenseName: Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses. @@ -480,7 +481,7 @@ Parameters: Type: String XrayVersion: Description: The version of Xray that you want to deploy into the Quick Start. - Default: 3.22.1 + Default: 3.24.2 Type: String XrayNumberOfInstances: Description: The number of Xray instances servers to complete your diff --git a/Amazon/artifactory7/latest/templates/jfrog-artifactory-pro-ec2-existing-vpc-master.template.yaml b/Amazon/artifactory7/latest/templates/jfrog-artifactory-pro-ec2-existing-vpc-master.template.yaml index 178f9c6..e628d06 100644 --- a/Amazon/artifactory7/latest/templates/jfrog-artifactory-pro-ec2-existing-vpc-master.template.yaml +++ b/Amazon/artifactory7/latest/templates/jfrog-artifactory-pro-ec2-existing-vpc-master.template.yaml @@ -1,8 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Description: 'JFrog Artifactory Quick Start Deployment into an Existing VPC (qs-1q037efj0)' Metadata: - QuickStartDocumentation: - EntrypointName: "Launch into an existing VPC" AWS::CloudFormation::Interface: ParameterGroups: - Label: @@ -222,7 +220,7 @@ Parameters: https://www.jfrog.com/confluence/display/RTF/Release+Notes. AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ ConstraintDescription: A version that matches X.X.X per Artifactory releases. - Default: 7.17.5 + Default: 7.18.6 Type: String SmLicenseName: Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses. @@ -294,7 +292,7 @@ Parameters: Description: The version of Xray that you want to deploy into the Quick Start. AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ ConstraintDescription: A version that matches X.X.X per Xray releases. - Default: 3.22.1 + Default: 3.24.2 Type: String XrayInstanceType: Description: The EC2 instance type for the Xray instances. diff --git a/Amazon/artifactory7/latest/templates/jfrog-artifactory-pro-ec2-new-vpc-master.template.yaml b/Amazon/artifactory7/latest/templates/jfrog-artifactory-pro-ec2-new-vpc-master.template.yaml index 145e764..26ecf01 100644 --- a/Amazon/artifactory7/latest/templates/jfrog-artifactory-pro-ec2-new-vpc-master.template.yaml +++ b/Amazon/artifactory7/latest/templates/jfrog-artifactory-pro-ec2-new-vpc-master.template.yaml @@ -1,8 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Description: 'JFrog Artifactory Quick Start Deployment into an Existing VPC (qs-1q037efj0)' Metadata: - QuickStartDocumentation: - EntrypointName: "Launch into an existing VPC" AWS::CloudFormation::Interface: ParameterGroups: - Label: @@ -176,7 +174,7 @@ Parameters: Description: Version of Artifactory that you want to deploy into the Quick Start. To select the correct version, see the release notes at https://www.jfrog.com/confluence/display/RTF/Release+Notes. - Default: 7.17.5 + Default: 7.18.6 Type: String SmLicenseName: Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses. @@ -242,7 +240,7 @@ Parameters: Type: String XrayVersion: Description: The version of Xray that you want to deploy into the Quick Start. - Default: 3.22.1 + Default: 3.24.2 Type: String XrayInstanceType: Description: The EC2 instance type for the Xray instances. diff --git a/Amazon/artifactory7/latest/templates/jfrog-xray-ec2-instance.template.yaml b/Amazon/artifactory7/latest/templates/jfrog-xray-ec2-instance.template.yaml index 0f57609..11c93e6 100644 --- a/Amazon/artifactory7/latest/templates/jfrog-xray-ec2-instance.template.yaml +++ b/Amazon/artifactory7/latest/templates/jfrog-xray-ec2-instance.template.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: "2010-09-09" -Description: "Deploys the EC2 Autoscaling, LaunchConfig and Instance for Xray" +Description: "Xray: Deploys the EC2 Autoscaling, LaunchConfig and instances" Parameters: PrivateSubnet1Id: Type: 'AWS::EC2::Subnet::Id' diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/artifactory-ami.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/artifactory-ami.yml new file mode 100644 index 0000000..1e115c9 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/artifactory-ami.yml @@ -0,0 +1,5 @@ +- hosts: localhost + gather_facts: true + become: true + roles: + - name: artifactory-ami diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/.travis.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/defaults/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/defaults/main.yml new file mode 100644 index 0000000..6d2c6f9 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/defaults/main.yml @@ -0,0 +1,60 @@ +--- +# defaults file for artifactory +# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone) +ansible_marketplace: standalone + +# whether we are creating a AMI for Marketplace or just for configuring EC2 instance +ami_creation: false + +# The version of Artifactory to install +artifactory_version: 7.15.3 + +# licenses file - specify a licenses file or specify up to 5 licenses +artifactory_license1: +artifactory_license2: +artifactory_license3: +artifactory_license4: +artifactory_license5: +artifactory_license6: + +# whether to enable HA +artifactory_ha_enabled: true + +# value for whether a host is primary. this should be set in host vars +artifactory_is_primary: true + +# The location where Artifactory should install. +artifactory_download_directory: /opt/jfrog + +# The location where Artifactory should store data. +artifactory_file_store_dir: /data + +extra_java_opts: -server -Xms2g -Xmx14g -Xss256k -XX:+UseG1GC + + + +# Pick the Artifactory flavour to install, can be also cpp-ce, jcr, pro. +# for Artifactory, use following values +artifactory_flavour: pro +artifactory_tar: https://releases.jfrog.io/artifactory/artifactory-pro/org/artifactory/{{ artifactory_flavour }}/jfrog-artifactory-{{ artifactory_flavour }}/{{ artifactory_version }}/jfrog-artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}-linux.tar.gz + +# for JCR, use following values +# artifactory_flavour: jcr +# artifactory_tar: https://dl.bintray.com/jfrog/artifactory/org/artifactory/{{ artifactory_flavour }}/jfrog-artifactory-{{ artifactory_flavour }}/{{ artifactory_version }}/jfrog-artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}-linux.tar.gz + +artifactory_home: "{{ artifactory_download_directory }}/artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}" +db_download_url: "https://jdbc.postgresql.org/download/postgresql-42.2.12.jar" + +artifactory_user: artifactory +artifactory_group: artifactory + +# Set the parameters required for the service. +service_list: + - name: artifactory + description: Start script for Artifactory + start_command: "{{ artifactory_home }}/bin/artifactory.sh start" + stop_command: "{{ artifactory_home }}/bin/artifactory.sh stop" + type: forking + status_pattern: artifactory + user_name: "{{ artifactory_user }}" + group_name: "{{ artifactory_group }}" diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/handlers/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/handlers/main.yml new file mode 100644 index 0000000..6f8fcda --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/handlers/main.yml @@ -0,0 +1,10 @@ +--- +# handlers file for artifactory +- name: systemctl daemon-reload + systemd: + daemon_reload: yes + +- name: restart artifactory + service: + name: artifactory + state: restarted diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/meta/exception.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/meta/exception.yml new file mode 100644 index 0000000..7de46df --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/meta/exception.yml @@ -0,0 +1,6 @@ +--- +exceptions: + - variation: Alpine + reason: Artifactory start/stop scripts don't properly work. + - variation: amazonlinux:1 + reason: "Shutting down artifactory: /usr/bin/java\nfinding\nUsing the default catalina management port (8015) to test shutdown\nArtifactory Tomcat already stopped" diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/meta/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/meta/main.yml new file mode 100644 index 0000000..0dc573a --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/meta/main.yml @@ -0,0 +1,35 @@ +--- +galaxy_info: + author: Robert de Bock + role_name: artifactory + description: Install and configure artifactory on your system. + license: Apache-2.0 + company: none + min_ansible_version: 2.8 + + platforms: + - name: Debian + versions: + - all + - name: EL + versions: + - 7 + - 8 + - name: Fedora + versions: + - all + - name: OpenSUSE + versions: + - all + - name: Ubuntu + versions: + - bionic + + galaxy_tags: + - artifactory + - centos + - redhat + - server + - system + +dependencies: [] diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/meta/preferences.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/meta/preferences.yml new file mode 100644 index 0000000..e7fdebf --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/meta/preferences.yml @@ -0,0 +1,2 @@ +--- +tox_parallel: yes diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/meta/version.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/meta/version.yml new file mode 100644 index 0000000..024188d --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/meta/version.yml @@ -0,0 +1,6 @@ +--- +project_name: JFrog +reference: "https://github.com/robertdebock/ansible-role-artifactory/blob/master/defaults/main.yml" +versions: + - name: Artifactory + url: "https://releases.jfrog.io/artifactory/" diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/tasks/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/tasks/main.yml new file mode 100644 index 0000000..68dc835 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/tasks/main.yml @@ -0,0 +1,82 @@ +--- +# tasks file for artifactory +- name: install nginx + include_role: + name: artifactory-nginx-ami + +- name: create group for artifactory + group: + name: "{{ artifactory_group }}" + state: present + become: yes + +- name: create user for artifactory + user: + name: "{{ artifactory_user }}" + group: "{{ artifactory_group }}" + system: yes + become: yes + +- name: ensure artifactory_download_directory exists + file: + path: "{{ artifactory_download_directory }}" + state: directory + become: yes + +- name: download artifactory + unarchive: + src: "{{ artifactory_tar }}" + dest: "{{ artifactory_download_directory }}" + remote_src: yes + owner: "{{ artifactory_user }}" + group: "{{ artifactory_group }}" + creates: "{{ artifactory_home }}" + become: yes + register: downloadartifactory + until: downloadartifactory is succeeded + retries: 3 + +- name: ensure artifactory_file_store_dir exists + file: + path: "{{ artifactory_file_store_dir }}" + state: directory + owner: "{{ artifactory_user }}" + group: "{{ artifactory_group }}" + become: yes + +- name: ensure data subdirectories exist + file: + path: "{{ artifactory_home }}/var/{{ item }}" + state: directory + owner: "{{ artifactory_user }}" + group: "{{ artifactory_group }}" + loop: + - "bootstrap" + - "etc" + become: yes + +- name: download database driver + get_url: + url: "{{ db_download_url }}" + dest: "{{ artifactory_home }}/var/bootstrap/artifactory/tomcat/lib" + owner: "{{ artifactory_user }}" + group: "{{ artifactory_group }}" + become: yes + +- name: clean up after creating ami + block: + - name: Remove SSH keys + file: + path: "{{ ssh_keys.dir }}" + state: absent + loop: + - dir: "/home/.jfrog_ami/.ssh/authorized_keys" + - dir: "/root/.ssh/authorized_keys" + - dir: "/home/centos/.ssh/authorized_keys" + loop_control: + loop_var: ssh_keys + + - name: shutdown VM + command: /sbin/shutdown -h now + ignore_errors: 'yes' + when: ami_creation diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/artifactory.cluster.license.j2 b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/artifactory.cluster.license.j2 new file mode 100644 index 0000000..ec2993b --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/artifactory.cluster.license.j2 @@ -0,0 +1,37 @@ +{% if artifactory_license1 %} +{% if artifactory_license1|length %} +{{ artifactory_license1 }} +{% endif %} +{% endif %} +{% if artifactory_license2 %} + + +{% if artifactory_license2|length %} +{{ artifactory_license2 }} +{% endif %} +{% endif %} +{% if artifactory_license3 %} + + +{% if artifactory_license3|length %} +{{ artifactory_license3 }} +{% endif %} +{% endif %} +{% if artifactory_license4 %} + +{% if artifactory_license4|length %} +{{ artifactory_license4 }} +{% endif %} +{% endif %} +{% if artifactory_license5 %} + +{% if artifactory_license5|length %} +{{ artifactory_license5 }} +{% endif %} +{% endif %} +{% if artifactory_license6 %} + +{% if artifactory_license6|length %} +{{ artifactory_license6 }} +{% endif %} +{% endif %} diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/binarystore.xml.j2 b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/binarystore.xml.j2 new file mode 100644 index 0000000..f85f16f --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/binarystore.xml.j2 @@ -0,0 +1,4 @@ + + + + diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/installer-info.json.j2 b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/installer-info.json.j2 new file mode 100644 index 0000000..f475256 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/installer-info.json.j2 @@ -0,0 +1,12 @@ +{ + "productId": "Ansible_artifactory/1.0.0", + "features": [ + { + "featureId": "Partner/ACC-006973" + }, + { + "featureId": "Channel/{{ ansible_marketplace }}" + } + ] +} + diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/join.key.j2 b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/join.key.j2 new file mode 100644 index 0000000..17d05d2 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/join.key.j2 @@ -0,0 +1 @@ +{{ join_key }} \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/master.key.j2 b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/master.key.j2 new file mode 100644 index 0000000..0462a64 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/master.key.j2 @@ -0,0 +1 @@ +{{ master_key }} \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/system.yaml.j2 b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/system.yaml.j2 new file mode 100644 index 0000000..419a0c3 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/system.yaml.j2 @@ -0,0 +1,38 @@ +## @formatter:off +## JFROG ARTIFACTORY SYSTEM CONFIGURATION FILE +## HOW TO USE: comment-out any field and keep the correct yaml indentation by deleting only the leading '#' character. +configVersion: 1 + +## NOTE: JFROG_HOME is a place holder for the JFrog root directory containing the deployed product, the home directory for all JFrog products. +## Replace JFROG_HOME with the real path! For example, in RPM install, JFROG_HOME=/opt/jfrog + +## NOTE: Sensitive information such as passwords and join key are encrypted on first read. +## NOTE: The provided commented key and value is the default. + +## SHARED CONFIGURATIONS +## A shared section for keys across all services in this config +shared: + + ## Node Settings + node: + ## A unique id to identify this node. + ## Default: auto generated at startup. + id: {{ ansible_machine_id }} + + ## Sets this node as primary in HA installation + primary: {{ artifactory_is_primary }} + + ## Sets this node as part of HA installation + haEnabled: {{ artifactory_ha_enabled }} + + ## Database Configuration + database: + ## One of: mysql, oracle, mssql, postgresql, mariadb + ## Default: Embedded derby + + ## Example for mysql/postgresql + type: "{{ db_type }}" + driver: "{{ db_driver }}" + url: "{{ db_url }}" + username: "{{ db_user }}" + password: "{{ db_password }}" \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/vars/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/vars/main.yml new file mode 100644 index 0000000..cd21505 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/vars/main.yml @@ -0,0 +1,2 @@ +--- + diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/.travis.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/defaults/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/defaults/main.yml new file mode 100644 index 0000000..6b28347 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for artifactory-nginx \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/files/nginx.conf b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/files/nginx.conf new file mode 100644 index 0000000..19f9422 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/files/nginx.conf @@ -0,0 +1,37 @@ +#user nobody; +worker_processes 1; +error_log /var/log/nginx/error.log info; +#pid logs/nginx.pid; +events { + worker_connections 1024; +} +http { + include mime.types; + variables_hash_max_size 1024; + variables_hash_bucket_size 64; + server_names_hash_max_size 4096; + server_names_hash_bucket_size 128; + types_hash_max_size 2048; + types_hash_bucket_size 64; + proxy_read_timeout 2400s; + client_header_timeout 2400s; + client_body_timeout 2400s; + proxy_connect_timeout 75s; + proxy_send_timeout 2400s; + proxy_buffer_size 32k; + proxy_buffers 40 32k; + proxy_busy_buffers_size 64k; + proxy_temp_file_write_size 250m; + proxy_http_version 1.1; + client_body_buffer_size 128k; + include /etc/nginx/conf.d/*.conf; + default_type application/octet-stream; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' +'$status $body_bytes_sent "$http_referer" ' +'"$http_user_agent" "$http_x_forwarded_for"'; + access_log /var/log/nginx/access.log main; + sendfile on; + #tcp_nopush on; + #keepalive_timeout 0; + keepalive_timeout 65; +} \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/handlers/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/handlers/main.yml new file mode 100644 index 0000000..d212386 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for artifactory-nginx \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/meta/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/meta/main.yml new file mode 100644 index 0000000..227ad9c --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/meta/main.yml @@ -0,0 +1,53 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.9 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. + \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/tasks/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/tasks/main.yml new file mode 100644 index 0000000..abac794 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/tasks/main.yml @@ -0,0 +1,30 @@ +--- +- name: Add epel-release repo + yum: + name: epel-release + state: present + vars: + ansible_python_interpreter: /bin/python2 + +- name: Install nginx + yum: + name: nginx + state: present + vars: + ansible_python_interpreter: /bin/python2 + +- name: configure main nginx conf file. + copy: + src: nginx.conf + dest: /etc/nginx/nginx.conf + owner: root + group: root + mode: '0755' + become: yes + +- name: restart nginx + service: + name: nginx + state: restarted + enabled: yes + become: yes diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/templates/artifactory.conf.j2 b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/templates/artifactory.conf.j2 new file mode 100644 index 0000000..b36af22 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/templates/artifactory.conf.j2 @@ -0,0 +1,43 @@ +########################################################### +## this configuration was generated by JFrog Artifactory ## + ########################################################### + + ## add HA entries when ha is configure + upstream artifactory { + server 127.0.0.1:8082; +} + upstream artifactory-direct { + server 127.0.0.1:8081; +} + ## server configuration + server { + listen 80 ; + server_name _; + if ($http_x_forwarded_proto = '') { + set $http_x_forwarded_proto $scheme; + } + ## Application specific logs + access_log /var/log/nginx/artifactory-access.log; + error_log /var/log/nginx/artifactory-error.log; + rewrite ^/$ /ui/ redirect; + rewrite ^/ui$ /ui/ redirect; + chunked_transfer_encoding on; + client_max_body_size 0; + location / { + proxy_read_timeout 2400s; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + proxy_pass "http://artifactory"; + proxy_next_upstream error timeout non_idempotent; + proxy_next_upstream_tries 1; + proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + location ~ ^/artifactory/ { + proxy_pass http://artifactory-direct; + } + } +} \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/tests/inventory b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/tests/test.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/tests/test.yml new file mode 100644 index 0000000..7560bbb --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - artifactory-nginx \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/vars/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/vars/main.yml new file mode 100644 index 0000000..7465197 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for artifactory-nginx \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/.travis.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/defaults/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/defaults/main.yml new file mode 100644 index 0000000..6b28347 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for artifactory-nginx \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/handlers/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/handlers/main.yml new file mode 100644 index 0000000..d212386 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for artifactory-nginx \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/meta/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/meta/main.yml new file mode 100644 index 0000000..227ad9c --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/meta/main.yml @@ -0,0 +1,53 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.9 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. + \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/tasks/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/tasks/main.yml new file mode 100644 index 0000000..670c42d --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/tasks/main.yml @@ -0,0 +1,54 @@ +--- +# tasks file for artifactory-nginx +- name: configure the artifactory nginx conf + template: + src: artifactory.conf.j2 + dest: /etc/nginx/conf.d/artifactory.conf + owner: root + group: root + mode: '0755' + become: yes + +- name: ensure nginx dir exists + file: + path: "/var/opt/jfrog/nginx/ssl" + state: directory + become: yes + +- name: configure certificate + template: + src: certificate.pem.j2 + dest: "/var/opt/jfrog/nginx/ssl/cert.pem" + become: yes + +- name: ensure pki exists + file: + path: "/etc/pki/tls" + state: directory + become: yes + +- name: configure key + template: + src: certificate.key.j2 + dest: "/etc/pki/tls/cert.key" + become: yes + +- name: Allow apache to modify files in /srv/git_repos + sefcontext: + target: '/var/opt/jfrog/nginx/ssl/cert.pem' + setype: httpd_sys_content_t + state: present + vars: + ansible_python_interpreter: /bin/python2 + become: yes + +- name: Apply new SELinux file context to filesystem + command: restorecon -v /var/opt/jfrog/nginx/ssl/cert.pem + become: yes + +- name: restart nginx + service: + name: nginx + state: restarted + enabled: yes + become: yes diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/templates/artifactory.conf.j2 b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/templates/artifactory.conf.j2 new file mode 100644 index 0000000..13a2ac7 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/templates/artifactory.conf.j2 @@ -0,0 +1,49 @@ +########################################################### +## this configuration was generated by JFrog Artifactory ## + ########################################################### + + ## add HA entries when ha is configure + upstream artifactory { + server 127.0.0.1:8082; +} + upstream artifactory-direct { + server 127.0.0.1:8081; +} + ssl_protocols TLSv1.1 TLSv1.2; + ssl_certificate /var/opt/jfrog/nginx/ssl/cert.pem; + ssl_certificate_key /etc/pki/tls/cert.key; + ssl_session_cache shared:SSL:1m; + ssl_prefer_server_ciphers on; + ## server configuration + server { + listen 80; + listen 443 ssl http2; + server_name _; + if ($http_x_forwarded_proto = '') { + set $http_x_forwarded_proto $scheme; + } + ## Application specific logs + access_log /var/log/nginx/artifactory-access.log; + error_log /var/log/nginx/artifactory-error.log; + rewrite ^/$ /ui/ redirect; + rewrite ^/ui$ /ui/ redirect; + chunked_transfer_encoding on; + client_max_body_size 0; + location / { + proxy_read_timeout 2400s; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + proxy_pass "http://artifactory"; + proxy_next_upstream error timeout non_idempotent; + proxy_next_upstream_tries 1; + proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + location ~ ^/artifactory/ { + proxy_pass http://artifactory-direct; + } + } +} \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/templates/certificate.key.j2 b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/templates/certificate.key.j2 new file mode 100644 index 0000000..30f1d88 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/templates/certificate.key.j2 @@ -0,0 +1 @@ +{{ certificate_key | regex_replace('(-+(BEGIN|END) [A-Z ]*-+ ?|[A-Za-z0-9\+=/]* )', '\\1\n') }} diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/templates/certificate.pem.j2 b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/templates/certificate.pem.j2 new file mode 100644 index 0000000..d9dbd21 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/templates/certificate.pem.j2 @@ -0,0 +1 @@ +{{ certificate | regex_replace('(-+(BEGIN|END) [A-Z ]*-+ ?|[A-Za-z0-9\+=/]* )', '\\1\n') }} \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/tests/inventory b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/tests/test.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/tests/test.yml new file mode 100644 index 0000000..7560bbb --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - artifactory-nginx \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/vars/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/vars/main.yml new file mode 100644 index 0000000..7465197 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for artifactory-nginx \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/.travis.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/defaults/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/defaults/main.yml new file mode 100644 index 0000000..6b28347 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for artifactory-nginx \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/files/nginx.conf b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/files/nginx.conf new file mode 100644 index 0000000..19f9422 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/files/nginx.conf @@ -0,0 +1,37 @@ +#user nobody; +worker_processes 1; +error_log /var/log/nginx/error.log info; +#pid logs/nginx.pid; +events { + worker_connections 1024; +} +http { + include mime.types; + variables_hash_max_size 1024; + variables_hash_bucket_size 64; + server_names_hash_max_size 4096; + server_names_hash_bucket_size 128; + types_hash_max_size 2048; + types_hash_bucket_size 64; + proxy_read_timeout 2400s; + client_header_timeout 2400s; + client_body_timeout 2400s; + proxy_connect_timeout 75s; + proxy_send_timeout 2400s; + proxy_buffer_size 32k; + proxy_buffers 40 32k; + proxy_busy_buffers_size 64k; + proxy_temp_file_write_size 250m; + proxy_http_version 1.1; + client_body_buffer_size 128k; + include /etc/nginx/conf.d/*.conf; + default_type application/octet-stream; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' +'$status $body_bytes_sent "$http_referer" ' +'"$http_user_agent" "$http_x_forwarded_for"'; + access_log /var/log/nginx/access.log main; + sendfile on; + #tcp_nopush on; + #keepalive_timeout 0; + keepalive_timeout 65; +} \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/handlers/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/handlers/main.yml new file mode 100644 index 0000000..d212386 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for artifactory-nginx \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/meta/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/meta/main.yml new file mode 100644 index 0000000..227ad9c --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/meta/main.yml @@ -0,0 +1,53 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.9 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. + \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/tasks/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/tasks/main.yml new file mode 100644 index 0000000..146ea79 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/tasks/main.yml @@ -0,0 +1,34 @@ +--- +- name: configure main nginx conf file. + copy: + src: nginx.conf + dest: /etc/nginx/nginx.conf + owner: root + group: root + mode: '0755' + become: yes + +- name: configure main nginx conf file. + copy: + src: nginx.conf + dest: /etc/nginx/nginx.conf + owner: root + group: root + mode: '0755' + become: yes + +- name: configure the artifactory nginx conf + template: + src: artifactory.conf.j2 + dest: /etc/nginx/conf.d/artifactory.conf + owner: root + group: root + mode: '0755' + become: yes + +- name: restart nginx + service: + name: nginx + state: restarted + enabled: yes + become: yes diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/templates/artifactory.conf.j2 b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/templates/artifactory.conf.j2 new file mode 100644 index 0000000..b36af22 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/templates/artifactory.conf.j2 @@ -0,0 +1,43 @@ +########################################################### +## this configuration was generated by JFrog Artifactory ## + ########################################################### + + ## add HA entries when ha is configure + upstream artifactory { + server 127.0.0.1:8082; +} + upstream artifactory-direct { + server 127.0.0.1:8081; +} + ## server configuration + server { + listen 80 ; + server_name _; + if ($http_x_forwarded_proto = '') { + set $http_x_forwarded_proto $scheme; + } + ## Application specific logs + access_log /var/log/nginx/artifactory-access.log; + error_log /var/log/nginx/artifactory-error.log; + rewrite ^/$ /ui/ redirect; + rewrite ^/ui$ /ui/ redirect; + chunked_transfer_encoding on; + client_max_body_size 0; + location / { + proxy_read_timeout 2400s; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + proxy_pass "http://artifactory"; + proxy_next_upstream error timeout non_idempotent; + proxy_next_upstream_tries 1; + proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + location ~ ^/artifactory/ { + proxy_pass http://artifactory-direct; + } + } +} \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/tests/inventory b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/tests/test.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/tests/test.yml new file mode 100644 index 0000000..7560bbb --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - artifactory-nginx \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/vars/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/vars/main.yml new file mode 100644 index 0000000..7465197 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for artifactory-nginx \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/.travis.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/defaults/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/defaults/main.yml new file mode 100644 index 0000000..bbcfe91 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/defaults/main.yml @@ -0,0 +1,52 @@ +--- +# defaults file for artifactory +# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone) +ansible_marketplace: standalone + +# The version of Artifactory to install +artifactory_version: 7.15.3 + +# licenses - cluster license content in json +artifactory_licenses: + +# whether to enable HA +artifactory_ha_enabled: true + +# value for whether a host is primary. this should be set in host vars +artifactory_is_primary: true + +# The location where Artifactory should install. +artifactory_download_directory: /opt/jfrog + +# The location where Artifactory should store data. +artifactory_file_store_dir: /data + +# whether to customer data directory +use_custom_data_directory: false + +# location for customer directory. Will be symlink to as artifactory/var +custom_data_directory: /artifactory-user-data + +# Pick the Artifactory flavour to install, can be also cpp-ce, jcr, pro. +artifactory_flavour: pro + +extra_java_opts: -server -Xms2g -Xmx14g -Xss256k -XX:+UseG1GC + +artifactory_tar: https://releases.jfrog.io/artifactory/artifactory-pro/org/artifactory/{{ artifactory_flavour }}/jfrog-artifactory-{{ artifactory_flavour }}/{{ artifactory_version }}/jfrog-artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}-linux.tar.gz +artifactory_home: "{{ artifactory_download_directory }}/artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}" + +artifactory_user: artifactory +artifactory_group: artifactory + +# Set the parameters required for the service. +service_list: + - name: artifactory + description: Start script for Artifactory + start_command: "{{ artifactory_home }}/bin/artifactory.sh start" + stop_command: "{{ artifactory_home }}/bin/artifactory.sh stop" + type: forking + status_pattern: artifactory + user_name: "{{ artifactory_user }}" + group_name: "{{ artifactory_group }}" + +product_id: CloudFormation_QS_EC2/1.0.0 diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/handlers/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/handlers/main.yml new file mode 100644 index 0000000..6f8fcda --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/handlers/main.yml @@ -0,0 +1,10 @@ +--- +# handlers file for artifactory +- name: systemctl daemon-reload + systemd: + daemon_reload: yes + +- name: restart artifactory + service: + name: artifactory + state: restarted diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/meta/exception.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/meta/exception.yml new file mode 100644 index 0000000..7de46df --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/meta/exception.yml @@ -0,0 +1,6 @@ +--- +exceptions: + - variation: Alpine + reason: Artifactory start/stop scripts don't properly work. + - variation: amazonlinux:1 + reason: "Shutting down artifactory: /usr/bin/java\nfinding\nUsing the default catalina management port (8015) to test shutdown\nArtifactory Tomcat already stopped" diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/meta/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/meta/main.yml new file mode 100644 index 0000000..0dc573a --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/meta/main.yml @@ -0,0 +1,35 @@ +--- +galaxy_info: + author: Robert de Bock + role_name: artifactory + description: Install and configure artifactory on your system. + license: Apache-2.0 + company: none + min_ansible_version: 2.8 + + platforms: + - name: Debian + versions: + - all + - name: EL + versions: + - 7 + - 8 + - name: Fedora + versions: + - all + - name: OpenSUSE + versions: + - all + - name: Ubuntu + versions: + - bionic + + galaxy_tags: + - artifactory + - centos + - redhat + - server + - system + +dependencies: [] diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/meta/preferences.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/meta/preferences.yml new file mode 100644 index 0000000..e7fdebf --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/meta/preferences.yml @@ -0,0 +1,2 @@ +--- +tox_parallel: yes diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/meta/version.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/meta/version.yml new file mode 100644 index 0000000..024188d --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/meta/version.yml @@ -0,0 +1,6 @@ +--- +project_name: JFrog +reference: "https://github.com/robertdebock/ansible-role-artifactory/blob/master/defaults/main.yml" +versions: + - name: Artifactory + url: "https://releases.jfrog.io/artifactory/" diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/tasks/configure-licenses.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/tasks/configure-licenses.yml new file mode 100644 index 0000000..996f68e --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/tasks/configure-licenses.yml @@ -0,0 +1,43 @@ +- name: set license for Enterprise + block: + - name: use license file + copy: + src: "{{ artifactory_license_file }}" + dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.cluster.license" + force: no # only copy if file doesn't exist + become: yes + when: artifactory_license_file is defined and artifactory_is_primary == true + + - name: use license strings + vars: + artifactory_licenses_dict: "{{ artifactory_licenses | default('{}') }}" + + template: + src: artifactory.cluster.license.j2 + dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.cluster.license" + force: no # only create if file doesn't exist + become: yes + when: artifactory_license_file is not defined and artifactory_is_primary == true + when: artifactory_ha_enabled + +- name: set license for Pro + block: + - name: use license file + copy: + src: "{{ artifactory_license_file }}" + dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.lic" + force: no # only create if file doesn't exist + become: yes + when: artifactory_license_file is defined + + - name: use license strings + vars: + artifactory_licenses_dict: "{{ artifactory_licenses | default('{}') }}" + + template: + src: artifactory.pro.license.j2 + dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.lic" + force: no # only create if file doesn't exist + become: yes + when: artifactory_license_file is not defined + when: not artifactory_ha_enabled diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/tasks/custom-data-directory.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/tasks/custom-data-directory.yml new file mode 100644 index 0000000..4799a8b --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/tasks/custom-data-directory.yml @@ -0,0 +1,44 @@ +- name: setup directory symlink for using custom data directory/volume + block: + - name: Create a xfs filesystem on /dev/nvme1n1 + # First non-root device is always mapped to /dev/nvme1n1 + # See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html + community.general.filesystem: + dev: /dev/nvme1n1 + fstype: xfs + + - name: ensure external data directory exists + file: + path: "{{ custom_data_directory }}" + state: directory + + - name: Mount the EBS volume + ansible.posix.mount: + path: "{{ custom_data_directory }}" + src: /dev/nvme1n1 + state: mounted + fstype: xfs + + - name: set custom data directory permission + file: + path: "{{ custom_data_directory }}" + state: directory + recurse: yes + owner: "{{ artifactory_user }}" + group: "{{ artifactory_group }}" + mode: "u=rwX,g=rwX,o=rwX" + + - name: remove var directory if exists + file: + path: "{{ artifactory_home }}/var" + state: absent + + - name: symlink custom data directory to var + file: + src: "{{ custom_data_directory }}" + path: "{{ artifactory_home }}/var" + state: link + owner: "{{ artifactory_user }}" + group: "{{ artifactory_group }}" + become: yes + when: use_custom_data_directory and custom_data_directory is defined diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/tasks/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/tasks/main.yml new file mode 100644 index 0000000..25b1143 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/tasks/main.yml @@ -0,0 +1,132 @@ +--- +# tasks file for artifactory +- name: Set artifactory major version + set_fact: + artifactory_major_verion: "{{ artifactory_version.split('.')[0] }}" + +- name: create group for artifactory + group: + name: "{{ artifactory_group }}" + state: present + become: yes + +- name: create user for artifactory + user: + name: "{{ artifactory_user }}" + group: "{{ artifactory_group }}" + system: yes + become: yes + +- name: ensure artifactory_download_directory exists + file: + path: "{{ artifactory_download_directory }}" + state: directory + become: yes + +- name: ensure artifactory_file_store_dir exists + file: + path: "{{ artifactory_file_store_dir }}" + state: directory + owner: "{{ artifactory_user }}" + group: "{{ artifactory_group }}" + become: yes + +- name: setup directory symlink for using custom data directory/volume + include_tasks: custom-data-directory.yml + when: use_custom_data_directory and custom_data_directory is defined + +- name: ensure data subdirectories exist and have correct ownership + file: + path: "{{ artifactory_home }}/var/{{ item }}" + state: directory + owner: "{{ artifactory_user }}" + group: "{{ artifactory_group }}" + loop: + - "bootstrap" + - "etc" + - "data" + - "etc/info" + - "etc/security" + - "etc/artifactory" + become: yes + +- name: check if system yaml file exits + stat: + path: "{{ artifactory_home }}/var/etc/system.yaml" + register: system_yaml + +- name: use specified system yaml + copy: + src: "{{ system_file }}" + dest: "{{ artifactory_home }}/var/etc/system.yaml" + become: yes + when: system_file is defined and not system_yaml.stat.exists + +- name: configure system yaml + template: + src: system.yaml.j2 + dest: "{{ artifactory_home }}/var/etc/system.yaml" + become: yes + when: system_file is not defined and not system_yaml.stat.exists + +- name: configure master key + template: + src: master.key.j2 + dest: "{{ artifactory_home }}/var/etc/security/master.key" + force: no # only create if file doesn't exist + become: yes + +- name: configure join key + template: + src: join.key.j2 + dest: "{{ artifactory_home }}/var/etc/security/join.key" + force: no # only create if file doesn't exist + become: yes + +- name: configure installer info + template: + src: installer-info.json.j2 + dest: "{{ artifactory_home }}/var/etc/info/installer-info.json" + become: yes + +- name: use specified binary store file + copy: + src: "{{ binary_store_file }}" + dest: "{{ artifactory_home }}/var/etc/artifactory/binarystore.xml" + force: no # only copy if file doesn't exist + become: yes + when: binary_store_file is defined + +- name: set default binary store + template: + src: binarystore.xml.j2 + dest: "{{ artifactory_home }}/var/etc/artifactory/binarystore.xml" + force: no # only create if file doesn't exist + become: yes + when: binary_store_file is not defined + +- name: configure licenses + include_tasks: configure-licenses.yml + +- name: create artifactory service + shell: "{{ artifactory_home }}/app/bin/installService.sh" + become: yes + +- name: start and enable the primary node + service: + name: artifactory + state: restarted + become: yes + when: artifactory_is_primary == true + +- name: random wait before restarting to prevent secondary nodes from hitting DB first + pause: + seconds: "{{ 120 | random + 10}}" + when: artifactory_is_primary == false + +- name: start and enable the secondary nodes + service: + name: artifactory + state: restarted + become: yes + when: artifactory_is_primary == false diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/artifactory.cluster.license.j2 b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/artifactory.cluster.license.j2 new file mode 100644 index 0000000..aa30261 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/artifactory.cluster.license.j2 @@ -0,0 +1,6 @@ +{% if artifactory_licenses_dict %} +{% for key in (artifactory_licenses_dict.keys() | select('match', '^ArtifactoryLicense\d$')) %} +{{ artifactory_licenses_dict[key] }} + +{% endfor %} +{% endif %} diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/artifactory.pro.license.j2 b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/artifactory.pro.license.j2 new file mode 100644 index 0000000..f6881c9 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/artifactory.pro.license.j2 @@ -0,0 +1,8 @@ +{% if artifactory_licenses_dict %} +{% for key in (artifactory_licenses_dict.keys() | select('match', '^ArtifactoryLicense\d$')) %} +{% if loop.first %} + {{ artifactory_licenses_dict[key] }} +{% endif %} + +{% endfor %} +{% endif %} diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/binarystore.xml.j2 b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/binarystore.xml.j2 new file mode 100644 index 0000000..f12dba1 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/binarystore.xml.j2 @@ -0,0 +1,14 @@ + + + + + + + + s3.{{ s3_region }}.amazonaws.com + {{ s3_bucket }} + artifactory/filestore + {{ s3_region }} + true + + diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/installer-info.json.j2 b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/installer-info.json.j2 new file mode 100644 index 0000000..9e78f0e --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/installer-info.json.j2 @@ -0,0 +1,11 @@ +{ + "productId": "{{ product_id }}", + "features": [ + { + "featureId": "Partner/ACC-006973" + }, + { + "featureId": "Channel/{{ ansible_marketplace }}" + } + ] +} diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/join.key.j2 b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/join.key.j2 new file mode 100644 index 0000000..17d05d2 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/join.key.j2 @@ -0,0 +1 @@ +{{ join_key }} \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/master.key.j2 b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/master.key.j2 new file mode 100644 index 0000000..0462a64 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/master.key.j2 @@ -0,0 +1 @@ +{{ master_key }} \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/system.yaml.j2 b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/system.yaml.j2 new file mode 100644 index 0000000..dc58c2c --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/system.yaml.j2 @@ -0,0 +1,40 @@ +## @formatter:off +## JFROG ARTIFACTORY SYSTEM CONFIGURATION FILE +## HOW TO USE: comment-out any field and keep the correct yaml indentation by deleting only the leading '#' character. +configVersion: 1 + +## NOTE: JFROG_HOME is a place holder for the JFrog root directory containing the deployed product, the home directory for all JFrog products. +## Replace JFROG_HOME with the real path! For example, in RPM install, JFROG_HOME=/opt/jfrog + +## NOTE: Sensitive information such as passwords and join key are encrypted on first read. +## NOTE: The provided commented key and value is the default. + +## SHARED CONFIGURATIONS +## A shared section for keys across all services in this config +shared: + ## Java options + extraJavaOpts: "{{ extra_java_opts }}" + + ## Node Settings + node: + ## A unique id to identify this node. + ## Default: auto generated at startup. + id: {{ ansible_machine_id }} + + ## Sets this node as primary in HA installation + primary: {{ artifactory_is_primary }} + + ## Sets this node as part of HA installation + haEnabled: {{ artifactory_ha_enabled }} + + ## Database Configuration + database: + ## One of: mysql, oracle, mssql, postgresql, mariadb + ## Default: Embedded derby + + ## Example for mysql/postgresql + type: "{{ db_type }}" + driver: "{{ db_driver }}" + url: "{{ db_url }}" + username: "{{ db_user }}" + password: "{{ db_password }}" diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/vars/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/vars/main.yml new file mode 100644 index 0000000..cd21505 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/vars/main.yml @@ -0,0 +1,2 @@ +--- + diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/.travis.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/defaults/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/defaults/main.yml new file mode 100644 index 0000000..f547a88 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/defaults/main.yml @@ -0,0 +1,26 @@ +--- +# defaults file for xray +# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone) +ansible_marketplace: standalone + +# whether we are creating a AMI for Marketplace or just for configuring EC2 instance +ami_creation: false + +# The version of xray to install +xray_version: 3.17.4 + +# whether to enable HA +xray_ha_enabled: true + +# The location where xray should install. +xray_download_directory: /opt/jfrog + +# The remote xray download file +xray_tar: https://releases.jfrog.io/artifactory/jfrog-xray/xray-linux/{{ xray_version }}/jfrog-xray-{{ xray_version }}-linux.tar.gz + +#The xray install directory +xray_home: "{{ xray_download_directory }}/jfrog-xray-{{ xray_version }}-linux" + +#xray users and groups +xray_user: xray +xray_group: xray diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/handlers/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/handlers/main.yml new file mode 100644 index 0000000..f236fe3 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for xray \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/meta/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/meta/main.yml new file mode 100644 index 0000000..227ad9c --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/meta/main.yml @@ -0,0 +1,53 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.9 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. + \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/tasks/Debian.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/tasks/Debian.yml new file mode 100644 index 0000000..420c2d0 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/tasks/Debian.yml @@ -0,0 +1,37 @@ +--- +- name: Install db5.3-util + apt: + deb: "{{ xray_home }}/app/third-party/misc/db5.3-util_5.3.28-3ubuntu3_amd64.deb" + ignore_errors: yes + become: yes + +- name: Install db-util + apt: + deb: "{{ xray_home }}/app/third-party/misc/db-util_1_3a5.3.21exp1ubuntu1_all.deb" + ignore_errors: yes + become: yes + +- name: Install libssl + apt: + deb: "{{ xray_home }}/app/third-party/rabbitmq/libssl1.1_1.1.0j-1_deb9u1_amd64.deb" + ignore_errors: yes + become: yes + +- name: Install socat + apt: + deb: "{{ xray_home }}/app/third-party/rabbitmq/socat_1.7.3.1-2+deb9u1_amd64.deb" + become: yes + +- name: Install libwxbase3.0-0v5 + apt: + name: libwxbase3.0-0v5 + update_cache: yes + state: present + ignore_errors: yes + become: yes + +- name: Install erlang + apt: + deb: "{{ xray_home }}/app/third-party/rabbitmq/esl-erlang_21.2.1-1~ubuntu~xenial_amd64.deb" + become: yes + diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/tasks/RedHat.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/tasks/RedHat.yml new file mode 100644 index 0000000..8435a82 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/tasks/RedHat.yml @@ -0,0 +1,21 @@ +--- +- name: Install db-utl + yum: + name: "{{ xray_home }}/app/third-party/misc/libdb-utils-5.3.21-19.el7.x86_64.rpm" + state: present + vars: + ansible_python_interpreter: /bin/python2 + +- name: Install socat + yum: + name: "{{ xray_home }}/app/third-party/rabbitmq/socat-1.7.3.2-2.el7.x86_64.rpm" + state: present + vars: + ansible_python_interpreter: /bin/python2 + +- name: Install erlang + yum: + name: "{{ xray_home }}/app/third-party/rabbitmq/erlang-23.2.7-1.el7.x86_64.rpm" + state: present + vars: + ansible_python_interpreter: /bin/python2 diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/tasks/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/tasks/main.yml new file mode 100644 index 0000000..6bf93a5 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/tasks/main.yml @@ -0,0 +1,60 @@ +--- +- name: create group for xray + group: + name: "{{ xray_group }}" + state: present + become: yes + +- name: create user for xray + user: + name: "{{ xray_user }}" + group: "{{ xray_group }}" + system: yes + become: yes + +- name: ensure xray_download_directory exists + file: + path: "{{ xray_download_directory }}" + state: directory + become: yes + +- name: download xray + unarchive: + src: "{{ xray_tar }}" + dest: "{{ xray_download_directory }}" + remote_src: yes + owner: "{{ xray_user }}" + group: "{{ xray_group }}" + creates: "{{ xray_home }}" + become: yes + register: downloadxray + until: downloadxray is succeeded + retries: 3 + +- name: perform prerequisite installation + include_tasks: "{{ ansible_os_family }}.yml" + +- name: ensure etc exists + file: + path: "{{ xray_home }}/var/etc" + state: directory + owner: "{{ xray_user }}" + group: "{{ xray_group }}" + become: yes + +- name: Remove SSH keys + file: + path: "{{ ssh_keys.dir }}" + state: absent + loop: + - dir: "/home/.xray_ami/.ssh/authorized_keys" + - dir: "/root/.ssh/authorized_keys" + - dir: "/home/centos/.ssh/authorized_keys" + loop_control: + loop_var: ssh_keys + when: ami_creation + +- name: shutdown VM + command: /sbin/shutdown -h now + ignore_errors: 'yes' + when: ami_creation diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/templates/installer-info.json.j2 b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/templates/installer-info.json.j2 new file mode 100644 index 0000000..a76c88c --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/templates/installer-info.json.j2 @@ -0,0 +1,11 @@ +{ + "productId": "Ansible_artifactory/1.0.0", + "features": [ + { + "featureId": "Partner/ACC-006973" + }, + { + "featureId": "Channel/{{ ansible_marketplace }}" + } + ] +} \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/templates/join.key.j2 b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/templates/join.key.j2 new file mode 100644 index 0000000..17d05d2 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/templates/join.key.j2 @@ -0,0 +1 @@ +{{ join_key }} \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/templates/master.key.j2 b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/templates/master.key.j2 new file mode 100644 index 0000000..0462a64 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/templates/master.key.j2 @@ -0,0 +1 @@ +{{ master_key }} \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/templates/system.yaml.j2 b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/templates/system.yaml.j2 new file mode 100644 index 0000000..206eb77 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/templates/system.yaml.j2 @@ -0,0 +1,36 @@ +## @formatter:off +## JFROG ARTIFACTORY SYSTEM CONFIGURATION FILE +## HOW TO USE: comment-out any field and keep the correct yaml indentation by deleting only the leading '#' character. +configVersion: 1 + +## NOTE: JFROG_HOME is a place holder for the JFrog root directory containing the deployed product, the home directory for all JFrog products. +## Replace JFROG_HOME with the real path! For example, in RPM install, JFROG_HOME=/opt/jfrog + +## NOTE: Sensitive information such as passwords and join key are encrypted on first read. +## NOTE: The provided commented key and value is the default. + +## SHARED CONFIGURATIONS +## A shared section for keys across all services in this config +shared: + ## Base URL of the JFrog Platform Deployment (JPD) + ## This is the URL to the machine where JFrog Artifactory is deployed, or the load balancer pointing to it. It is recommended to use DNS names rather than direct IPs. + ## Examples: "http://jfrog.acme.com" or "http://10.20.30.40:8082" + jfrogUrl: {{ jfrog_url }} + + ## Node Settings + node: + ## A unique id to identify this node. + ## Default: auto generated at startup. + id: {{ ansible_machine_id }} + + ## Database Configuration + database: + ## One of: mysql, oracle, mssql, postgresql, mariadb + ## Default: Embedded derby + + ## Example for mysql/postgresql + type: "{{ db_type }}" + driver: "{{ db_driver }}" + url: "{{ db_url }}" + username: "{{ db_user }}" + password: "{{ db_password }}" \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/tests/inventory b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/tests/test.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/tests/test.yml new file mode 100644 index 0000000..f296da6 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - xray \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/vars/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/vars/main.yml new file mode 100644 index 0000000..55363e6 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for xray \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/.travis.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/defaults/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/defaults/main.yml new file mode 100644 index 0000000..77a3f0c --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/defaults/main.yml @@ -0,0 +1,29 @@ +--- +# defaults file for xray +# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone) +ansible_marketplace: standalone + +# The version of xray to install +xray_version: 3.17.4 + +# whether to enable HA +xray_ha_enabled: true + +# The location where xray should install. +xray_download_directory: /opt/jfrog + +# whether to customer data directory +use_custom_data_directory: false + +# location for customer directory. Will be symlink to as artifactory/var +custom_data_directory: /xray-user-data + +# The remote xray download file +xray_tar: https://releases.jfrog.io/artifactory/jfrog-xray/xray-linux/{{ xray_version }}/jfrog-xray-{{ xray_version }}-linux.tar.gz + +#The xray install directory +xray_home: "{{ xray_download_directory }}/jfrog-xray-{{ xray_version }}-linux" + +#xray users and groups +xray_user: xray +xray_group: xray diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/handlers/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/handlers/main.yml new file mode 100644 index 0000000..f236fe3 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for xray \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/meta/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/meta/main.yml new file mode 100644 index 0000000..227ad9c --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/meta/main.yml @@ -0,0 +1,53 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.9 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. + \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tasks/Debian.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tasks/Debian.yml new file mode 100644 index 0000000..420c2d0 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tasks/Debian.yml @@ -0,0 +1,37 @@ +--- +- name: Install db5.3-util + apt: + deb: "{{ xray_home }}/app/third-party/misc/db5.3-util_5.3.28-3ubuntu3_amd64.deb" + ignore_errors: yes + become: yes + +- name: Install db-util + apt: + deb: "{{ xray_home }}/app/third-party/misc/db-util_1_3a5.3.21exp1ubuntu1_all.deb" + ignore_errors: yes + become: yes + +- name: Install libssl + apt: + deb: "{{ xray_home }}/app/third-party/rabbitmq/libssl1.1_1.1.0j-1_deb9u1_amd64.deb" + ignore_errors: yes + become: yes + +- name: Install socat + apt: + deb: "{{ xray_home }}/app/third-party/rabbitmq/socat_1.7.3.1-2+deb9u1_amd64.deb" + become: yes + +- name: Install libwxbase3.0-0v5 + apt: + name: libwxbase3.0-0v5 + update_cache: yes + state: present + ignore_errors: yes + become: yes + +- name: Install erlang + apt: + deb: "{{ xray_home }}/app/third-party/rabbitmq/esl-erlang_21.2.1-1~ubuntu~xenial_amd64.deb" + become: yes + diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tasks/RedHat.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tasks/RedHat.yml new file mode 100644 index 0000000..8435a82 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tasks/RedHat.yml @@ -0,0 +1,21 @@ +--- +- name: Install db-utl + yum: + name: "{{ xray_home }}/app/third-party/misc/libdb-utils-5.3.21-19.el7.x86_64.rpm" + state: present + vars: + ansible_python_interpreter: /bin/python2 + +- name: Install socat + yum: + name: "{{ xray_home }}/app/third-party/rabbitmq/socat-1.7.3.2-2.el7.x86_64.rpm" + state: present + vars: + ansible_python_interpreter: /bin/python2 + +- name: Install erlang + yum: + name: "{{ xray_home }}/app/third-party/rabbitmq/erlang-23.2.7-1.el7.x86_64.rpm" + state: present + vars: + ansible_python_interpreter: /bin/python2 diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tasks/custom-data-directory.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tasks/custom-data-directory.yml new file mode 100644 index 0000000..8f359ca --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tasks/custom-data-directory.yml @@ -0,0 +1,44 @@ +- name: setup directory symlink for using custom data directory/volume + block: + - name: Create a xfs filesystem on /dev/nvme1n1 + # First non-root device is always mapped to /dev/nvme1n1 + # See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html + community.general.filesystem: + dev: /dev/nvme1n1 + fstype: xfs + + - name: ensure external data directory exists + file: + path: "{{ custom_data_directory }}" + state: directory + + - name: Mount the EBS volume + ansible.posix.mount: + path: "{{ custom_data_directory }}" + src: /dev/nvme1n1 + state: mounted + fstype: xfs + + - name: set custom data directory permission + file: + path: "{{ custom_data_directory }}" + state: directory + recurse: yes + owner: "{{ xray_user }}" + group: "{{ xray_group }}" + mode: "u=rwX,g=rwX,o=rwX" + + - name: remove var directory if exists + file: + path: "{{ xray_home }}/var" + state: absent + + - name: symlink custom data directory to var + file: + src: "{{ custom_data_directory }}" + path: "{{ xray_home }}/var" + state: link + owner: "{{ xray_user }}" + group: "{{ xray_group }}" + become: yes + when: use_custom_data_directory and custom_data_directory is defined diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tasks/initialize-pg-db.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tasks/initialize-pg-db.yml new file mode 100644 index 0000000..87334b7 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tasks/initialize-pg-db.yml @@ -0,0 +1,52 @@ +- name: initialize Postgres DB + block: + - name: check if user/role exists + command: psql -A -t {{db_master_url}} -c "SELECT 1 FROM pg_roles WHERE rolname='{{db_user}}'" + register: user_exists + + - debug: + var: user_exists.stdout_lines + + - name: create user/role + command: psql {{db_master_url}} -c "CREATE USER {{db_user}} WITH PASSWORD '{{db_password}}'" + register: shell_output + when: user_exists.stdout != "1" + + - debug: + var: shell_output.stdout_lines + when: user_exists.stdout != "1" + + - name: grant membership role + command: psql {{db_master_url}} -c "GRANT {{db_user}} TO {{db_master_user}}" + register: shell_output + when: user_exists.stdout != "1" + + - debug: + var: shell_output.stdout_lines + when: user_exists.stdout != "1" + + - name: check if xraydb exists + command: psql -A -t {{db_master_url}} -c "SELECT 1 FROM pg_database WHERE datname='xraydb'" + register: db_exists + + - debug: + var: db_exists.stdout_lines + + - name: create xraydb database + command: psql {{db_master_url}} -c "CREATE DATABASE xraydb WITH OWNER={{db_user}} ENCODING='UTF8'" + register: shell_output + when: db_exists.stdout != "1" + + - debug: + var: shell_output.stdout_lines + when: db_exists.stdout != "1" + + - name: grant xraydb privileges to role + command: psql {{db_master_url}} -c "GRANT ALL PRIVILEGES ON DATABASE xraydb TO {{db_user}}" + register: shell_output + when: db_exists.stdout != "1" + + - debug: + var: shell_output.stdout_lines + when: db_exists.stdout != "1" + become: yes diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tasks/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tasks/main.yml new file mode 100644 index 0000000..4ae86d6 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tasks/main.yml @@ -0,0 +1,80 @@ +--- +- name: initialize postgres database + include_tasks: initialize-pg-db.yml + +- name: create group for xray + group: + name: "{{ xray_group }}" + state: present + become: yes + +- name: create user for xray + user: + name: "{{ xray_user }}" + group: "{{ xray_group }}" + system: yes + become: yes + +- name: ensure xray_download_directory exists + file: + path: "{{ xray_download_directory }}" + state: directory + become: yes + +- name: perform prerequisite installation + include_tasks: "{{ ansible_os_family }}.yml" + +- name: setup directory symlink for using custom data directory/volume + include_tasks: custom-data-directory.yml + when: use_custom_data_directory and custom_data_directory is defined + +- name: ensure data subdirectories exist and have correct ownership + file: + path: "{{ xray_home }}/var/{{ item }}" + state: directory + owner: "{{ xray_user }}" + group: "{{ xray_group }}" + loop: + - "etc" + - "data" + - "etc/info" + - "etc/security" + become: yes + +- name: configure system yaml + template: + src: system.yaml.j2 + dest: "{{ xray_home }}/var/etc/system.yaml" + force: no # only create if file doesn't exist + become: yes + +- name: configure master key + template: + src: master.key.j2 + dest: "{{ xray_home }}/var/etc/security/master.key" + force: no # only create if file doesn't exist + become: yes + +- name: configure join key + template: + src: join.key.j2 + dest: "{{ xray_home }}/var/etc/security/join.key" + force: no # only create if file doesn't exist + become: yes + +- name: configure installer info + template: + src: installer-info.json.j2 + dest: "{{ xray_home }}/var/etc/info/installer-info.json" + force: no # only create if file doesn't exist + become: yes + +- name: create xray service + shell: "{{ xray_home }}/app/bin/installService.sh" + become: yes + +- name: start and enable xray + service: + name: xray + state: restarted + become: yes diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/templates/installer-info.json.j2 b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/templates/installer-info.json.j2 new file mode 100644 index 0000000..a76c88c --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/templates/installer-info.json.j2 @@ -0,0 +1,11 @@ +{ + "productId": "Ansible_artifactory/1.0.0", + "features": [ + { + "featureId": "Partner/ACC-006973" + }, + { + "featureId": "Channel/{{ ansible_marketplace }}" + } + ] +} \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/templates/join.key.j2 b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/templates/join.key.j2 new file mode 100644 index 0000000..17d05d2 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/templates/join.key.j2 @@ -0,0 +1 @@ +{{ join_key }} \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/templates/master.key.j2 b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/templates/master.key.j2 new file mode 100644 index 0000000..0462a64 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/templates/master.key.j2 @@ -0,0 +1 @@ +{{ master_key }} \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/templates/system.yaml.j2 b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/templates/system.yaml.j2 new file mode 100644 index 0000000..c6aca8d --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/templates/system.yaml.j2 @@ -0,0 +1,39 @@ +## @formatter:off +## JFROG ARTIFACTORY SYSTEM CONFIGURATION FILE +## HOW TO USE: comment-out any field and keep the correct yaml indentation by deleting only the leading '#' character. +configVersion: 1 + +## NOTE: JFROG_HOME is a place holder for the JFrog root directory containing the deployed product, the home directory for all JFrog products. +## Replace JFROG_HOME with the real path! For example, in RPM install, JFROG_HOME=/opt/jfrog + +## NOTE: Sensitive information such as passwords and join key are encrypted on first read. +## NOTE: The provided commented key and value is the default. + +## SHARED CONFIGURATIONS +## A shared section for keys across all services in this config +shared: + ## Base URL of the JFrog Platform Deployment (JPD) + ## This is the URL to the machine where JFrog Artifactory is deployed, or the load balancer pointing to it. It is recommended to use DNS names rather than direct IPs. + ## Examples: "http://jfrog.acme.com" or "http://10.20.30.40:8082" + jfrogUrl: {{ jfrog_url }} + + ## Java options + extraJavaOpts: "{{ extra_java_opts }}" + + ## Node Settings + node: + ## A unique id to identify this node. + ## Default: auto generated at startup. + id: {{ ansible_machine_id }} + + ## Database Configuration + database: + ## One of: mysql, oracle, mssql, postgresql, mariadb + ## Default: Embedded derby + + ## Example for mysql/postgresql + type: "{{ db_type }}" + driver: "{{ db_driver }}" + url: "{{ db_url }}" + username: "{{ db_user }}" + password: "{{ db_password }}" diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tests/inventory b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tests/test.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tests/test.yml new file mode 100644 index 0000000..f296da6 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - xray \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/vars/main.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/vars/main.yml new file mode 100644 index 0000000..55363e6 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for xray \ No newline at end of file diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/site-artifactory.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/site-artifactory.yml new file mode 100644 index 0000000..f6b92cf --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/site-artifactory.yml @@ -0,0 +1,12 @@ +- hosts: localhost + gather_facts: true + become: true + tasks: + - include_role: + name: artifactory + - include_role: + name: artifactory-nginx + when: "enable_ssl != true" + - include_role: + name: artifactory-nginx-ssl + when: "enable_ssl == true" diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/site-xray.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/site-xray.yml new file mode 100644 index 0000000..fd761b9 --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/site-xray.yml @@ -0,0 +1,5 @@ +- hosts: localhost + gather_facts: true + become: true + roles: + - name: xray diff --git a/Amazon/artifactory7/v7186/cloudInstallerScripts/xray-ami.yml b/Amazon/artifactory7/v7186/cloudInstallerScripts/xray-ami.yml new file mode 100644 index 0000000..2921a0d --- /dev/null +++ b/Amazon/artifactory7/v7186/cloudInstallerScripts/xray-ami.yml @@ -0,0 +1,5 @@ +- hosts: localhost + gather_facts: true + become: true + roles: + - name: xray-ami diff --git a/Amazon/artifactory7/v7186/templates/jfrog-artifactory-core-infrastructure.template.yaml b/Amazon/artifactory7/v7186/templates/jfrog-artifactory-core-infrastructure.template.yaml new file mode 100644 index 0000000..da6c649 --- /dev/null +++ b/Amazon/artifactory7/v7186/templates/jfrog-artifactory-core-infrastructure.template.yaml @@ -0,0 +1,425 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: 'JFrog Artifactory Quick Start Deployment (qs-1qpmmjh61)' +Parameters: + AvailabilityZones: + Description: List of Availability Zones to use for the subnets in the VPC. Two + Availability Zones are used for this deployment. + Type: List + VpcId: + Type: AWS::EC2::VPC::Id + VpcCidr: + Description: CIDR block for the VPC + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/16 + Type: String + PrivateSubnet1Cidr: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/19 + Type: String + PrivateSubnet2Cidr: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.32.0/19 + Type: String + PrivateSubnet3Cidr: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.64.0/19 + Type: String + SubnetIds: + Type: List + DatabaseAllocatedStorage: + Type: Number + DatabasePreferredAz: + Type: String + MultiAzDatabase: + Description: Choose false to create an Amazon RDS instance in a single Availability Zone. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Type: String + DatabaseEngine: + Type: String + DatabaseUser: + Type: String + DatabasePassword: + NoEcho: 'true' + Type: String + DatabaseInstance: + Type: String + DatabaseName: + Type: String + ArtifactoryProduct: + Default: JFrog-Artifactory-Pro + Type: String + ReleaseStage: + Default: GA + Type: String + InstanceType: + Default: m5.xlarge + Type: String + ArtifactoryHostRole: + Type: String + VolumeSize: + Type: Number + +Mappings: + DatabaseMap: + Postgres: + Name: postgresql + DatabaseVersion: 11.5 + Driver: "org.postgresql.Driver" + Plugin: postgresql-42.2.9.jar + PluginURL: https://jdbc.postgresql.org/download/ + port: "5432" + extraDatabaseOps: "" + ReleaseStageMap: + BETA: + ProDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/artifactory-pro" + JcrDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/artifactory-jcr" + NginxDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/nginx-artifactory-pro" + GA: + ProDockerRepo: "docker.bintray.io/jfrog/artifactory-pro" + JcrDockerRepo: "docker.bintray.io/jfrog/artifactory-jcr" + NginxDockerRepo: "docker.bintray.io/jfrog/nginx-artifactory-pro" + ProductMap: + JFrog-Container-Registry: + RepoName: JcrDockerRepo + JFrog-Artifactory-Pro: + RepoName: ProDockerRepo + JavaOptionstoInstance: + c5.2xlarge: + Min: 8 + Max: 12 + DeploymentSize: Small + c5.4xlarge: + Min: 16 + Max: 24 + DeploymentSize: Large + m5.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5.8xlarge: + Min: 64 + Max: 96 + DeploymentSize: Large + m5.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5.16xlarge: + Min: 128 + Max: 192 + DeploymentSize: xxLarge + m5.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5.metal: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5d.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5d.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5d.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5d.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5d.8xlarge: + Min: 64 + Max: 96 + DeploymentSize: Large + m5d.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5d.16xlarge: + Min: 128 + Max: 192 + DeploymentSize: xxLarge + m5d.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5d.metal: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5a.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5a.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5a.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5a.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5a.8xlarge: + Min: 64 + Max: 96 + DeploymentSize: Large + m5a.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5a.16xlarge: + Min: 128 + Max: 192 + DeploymentSize: xxLarge + m5a.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5ad.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5ad.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5ad.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5ad.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5ad.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5ad.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + +Conditions: + IsMultiAzDatabase: !Equals [!Ref MultiAzDatabase, 'true'] + +Resources: + ArtifactoryDatabaseSubnetGroup: + Type: AWS::RDS::DBSubnetGroup + Properties: + DBSubnetGroupDescription: Private Subnets available to the RDS Instance(s) + SubnetIds: !Ref SubnetIds + ArtifactoryDatabase: + Type: AWS::RDS::DBInstance + Properties: + AllocatedStorage: !Ref DatabaseAllocatedStorage + AvailabilityZone: !If [IsMultiAzDatabase, !Ref AWS::NoValue, !Ref DatabasePreferredAz] + BackupRetentionPeriod: 30 + DBInstanceClass: !Ref DatabaseInstance + DBName: !Ref DatabaseName + DBSubnetGroupName: !Ref ArtifactoryDatabaseSubnetGroup + Engine: !Ref DatabaseEngine + EngineVersion: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - DatabaseVersion + MasterUsername: !Ref DatabaseUser + MasterUserPassword: !Ref DatabasePassword + MultiAZ: !Ref MultiAzDatabase + StorageEncrypted: true + VPCSecurityGroups: + - !Ref ArtifactoryDatabaseSG + ArtifactoryDatabaseSG: + Type: AWS::EC2::SecurityGroup + Properties: + Tags: + - Key: Name + Value: artifactory-rds-sg + GroupDescription: SG for RDS Instance to allow communication from the Bastion and Artifactory servers. + VpcId: !Ref VpcId + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + ToPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + CidrIp: !Ref PrivateSubnet1Cidr + - IpProtocol: tcp + FromPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + ToPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + CidrIp: !Ref PrivateSubnet2Cidr + - IpProtocol: tcp + FromPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + ToPort: !FindInMap + - DatabaseMap + - !Ref DatabaseEngine + - port + CidrIp: !Ref PrivateSubnet3Cidr + SecurityGroupEgress: + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 80 + ToPort: 80 + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 443 + ToPort: 443 + CidrIp: 0.0.0.0/0 + ArtifactoryS3Bucket: + Type: AWS::S3::Bucket + Properties: + AccessControl: Private + BucketEncryption: + ServerSideEncryptionConfiguration: + - ServerSideEncryptionByDefault: + SSEAlgorithm: AES256 + ArtifactoryS3IAMPolicy: + Type: AWS::IAM::Policy + Properties: + PolicyName: S3BucketPermissions + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: S3BucketPermissions + Effect: Allow + Action: + - s3:* + Resource: + - Fn::Join: + - '' + - - !Sub "arn:${AWS::Partition}:s3:::" + - !Ref ArtifactoryS3Bucket + - Fn::Join: + - '' + - - !Sub "arn:${AWS::Partition}:s3:::" + - !Ref ArtifactoryS3Bucket + - "/*" + Roles: + - !Ref ArtifactoryHostRole + ArtifactoryEbsVolume: + Type: AWS::EC2::Volume + Properties: + AvailabilityZone: + !If + - IsMultiAzDatabase + - !Select + - '0' + - !Ref AvailabilityZones + - !Ref DatabasePreferredAz + Encrypted: false + Size: !Ref VolumeSize + Tags: + - Key: Name + Value: !Sub "Artifactory-${AWS::StackName}" + VolumeType: gp2 + DeletionPolicy: Snapshot + UpdateReplacePolicy: Snapshot +Outputs: + S3Bucket: + Value: !Ref ArtifactoryS3Bucket + Description: Actual S3 bucket created for Artifactory + DatabaseDriver: + Value: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Driver] + DatabasePlugin: + Value: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Plugin] + DatabasePluginUrl: + Value: !Sub + - "${MainURL}${PluginVersion}" + - { + MainURL: !FindInMap [DatabaseMap, !Ref DatabaseEngine, PluginURL], + PluginVersion: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Plugin] + } + DatabaseType: + Value: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Name] + DatabaseUrl: + Value: !Sub + - "jdbc:${DatabaseType}://${ArtifactoryDatabaseEndpointAddress}:${port}/${DatabaseName}${extraDatabaseOps}" + - { + DatabaseType: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Name], + ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address, + port: !FindInMap [DatabaseMap, !Ref DatabaseEngine, port], + extraDatabaseOps: !FindInMap [DatabaseMap, !Ref DatabaseEngine, extraDatabaseOps], + } + XrayMasterDatabaseUrl: + Value: !Sub + - "${ArtifactoryDatabaseEndpointAddress}:${port}/${DatabaseName}?sslmode=disable" + - { + ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address, + port: !FindInMap [DatabaseMap, !Ref DatabaseEngine, port], + } + XrayDatabaseUrl: + Value: !Sub + - "${ArtifactoryDatabaseEndpointAddress}:${port}/xraydb?sslmode=disable" + - { + ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address, + port: !FindInMap [DatabaseMap, !Ref DatabaseEngine, port], + } + ProDockerRepo: + Value: !FindInMap + - ReleaseStageMap + - !Ref ReleaseStage + - !FindInMap + - ProductMap + - !Ref ArtifactoryProduct + - RepoName + NginxDockerRepo: + Value: !FindInMap [ReleaseStageMap, !Ref ReleaseStage, NginxDockerRepo] + JavaOpts: + Value: !Sub + - "-Xms${min}g -Xmx${max}g" + - { + min: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, Min], + max: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, Max] + } + DeploymentSize: + Value: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, DeploymentSize] + ArtifactoryEbsVolume: + Value: !Ref ArtifactoryEbsVolume diff --git a/Amazon/artifactory7/v7186/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml b/Amazon/artifactory7/v7186/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml new file mode 100644 index 0000000..5b629f0 --- /dev/null +++ b/Amazon/artifactory7/v7186/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml @@ -0,0 +1,1110 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: 'JFrog Artifactory Quick Start Deployment into an Existing VPC (qs-1q037efj0)' +Metadata: + QuickStartDocumentation: + EntrypointName: "Parameters for launching into an existing VPC" + Order: "2" + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: Security configuration + Parameters: + - KeyPairName + - AccessCidr + - RemoteAccessCidr + - Label: + default: Network configuration + Parameters: + - AvailabilityZones + - VpcId + - VpcCidr + - PublicSubnet1Id + - PublicSubnet2Id + - PrivateSubnet1Id + - PrivateSubnet2Id + - PrivateSubnet1Cidr + - PrivateSubnet2Cidr + - ELBScheme + - Label: + default: Bastion configuration + Parameters: + - ProvisionBastionHost + - BastionInstanceType + - BastionOs + - BastionRootVolumeSize + - BastionEnableTcpForwarding + - NumBastionHosts + - BastionEnableX11Forwarding + - Label: + default: Amazon EC2 configuration + Parameters: + - VolumeSize + - InstanceType + - Label: + default: JFrog Artifactory configuration + Parameters: + - ArtifactoryProduct + - ArtifactoryVersion + - NumberOfSecondary + - SmLicenseName + - SmCertName + - ArtifactoryServerName + - MasterKey + - ExtraJavaOptions + - DefaultJavaMemSettings + - Label: + default: Amazon RDS configuration + Parameters: + - DatabaseName + - DatabaseEngine + - DatabaseUser + - DatabasePassword + - DatabaseInstance + - DatabaseAllocatedStorage + - DatabasePreferredAz + - MultiAzDatabase + - Label: + default: AWS Quick Start configuration + Parameters: + - QsS3BucketName + - QsS3KeyPrefix + - QsS3BucketRegion + - Label: + default: JFrog Xray Configuration + Parameters: + - InstallXray + - XrayVersion + - XrayNumberOfInstances + - XrayInstanceType + - XrayDatabaseUser + - XrayDatabasePassword + ParameterLabels: + AvailabilityZones: + default: Availability Zones + KeyPairName: + default: SSH key name + VpcId: + default: VPC ID + VpcCidr: + default: VPC CIDR + PublicSubnet1Id: + default: Public subnet 1 ID + PublicSubnet2Id: + default: Public subnet 2 ID + PrivateSubnet1Id: + default: Private subnet 1 ID + PrivateSubnet2Id: + default: Private subnet 2 ID + PrivateSubnet1Cidr: + default: Private subnet 1 CIDR + PrivateSubnet2Cidr: + default: Private subnet 2 CIDR + AccessCidr: + default: Permitted IP range + RemoteAccessCidr: + default: Remote access CIDR + ELBScheme: + default: Elastic Load Balancing scheme + ProvisionBastionHost: + default: Bastion instance + BastionInstanceType: + default: Bastion instance type + BastionRootVolumeSize: + default: Bastion root volume size + BastionEnableTcpForwarding: + default: Bastion enable TCP forwarding + BastionEnableX11Forwarding: + default: Bastion enable X11 forwarding + BastionOs: + default: Bastion operating system + NumBastionHosts: + default: Number of bastion instances + VolumeSize: + default: EBS root volume size + InstanceType: + default: EC2 instance type + NumberOfSecondary: + default: Secondary instances + ArtifactoryProduct: + default: Artifactory product to install + ArtifactoryVersion: + default: Artifactory version + SmLicenseName: + default: Artifactory licenses secret name + SmCertName: + default: Artifactory certificate secret name + ArtifactoryServerName: + default: Artifactory server name + MasterKey: + default: Master server key + ExtraJavaOptions: + default: Extra Java options + DefaultJavaMemSettings: + default: Default Java memory settings + DatabaseName: + default: Database name + DatabaseEngine: + default: Database engine + DatabaseUser: + default: Database user + DatabasePassword: + default: Database password + DatabaseInstance: + default: Database instance type + DatabaseAllocatedStorage: + default: Database allocated storage + DatabasePreferredAz: + default: Database preferred Availability Zone + MultiAzDatabase: + default: High-availability database + QsS3BucketName: + default: Quick Start S3 bucket name + QsS3KeyPrefix: + default: Quick Start S3 key prefix + QsS3BucketRegion: + default: Quick Start S3 bucket region + InstallXray: + default: Install JFrog Xray + XrayVersion: + default: Version of Xray to install + XrayNumberOfInstances: + default: Number of JFrog Xray instances + XrayInstanceType: + default: Xray instance type + XrayDatabaseUser: + default: Xray Database user + XrayDatabasePassword: + default: Xray Database password +Parameters: + AvailabilityZones: + Description: List of Availability Zones to use for the subnets in the VPC. Two + Availability Zones are used for this deployment. + Type: List + KeyPairName: + Description: Name of an existing key pair, + which allows you to connect securely to your instance after it launches. + This is the key pair you created in your preferred Region. + Type: AWS::EC2::KeyPair::KeyName + VpcId: + Description: ID of your existing VPC (e.g., vpc-0343606e). + Type: "AWS::EC2::VPC::Id" + VpcCidr: + Description: CIDR block for the VPC. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/16 + Type: String + PublicSubnet1Id: + Description: ID of the public subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab). + Type: "AWS::EC2::Subnet::Id" + PublicSubnet2Id: + Description: ID of the public subnet in Availability Zone 2 of your existing VPC (e.g., subnet-a29c3d84). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet1Id: + Description: ID of the private subnet in Availability Zone 1 of your existing VPC (e.g., subnet-a0246dcd). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet2Id: + Description: ID of the private subnet in Availability Zone 2 of your existing VPC (e.g., subnet-b58c3d67). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet1Cidr: + Description: CIDR of the private subnet in Availability Zone 1 of your existing VPC (e.g., 10.0.0.0/19). + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/19 + Type: String + PrivateSubnet2Cidr: + Description: CIDR of the private subnet in Availability Zone 2 of your existing VPC (e.g., 10.0.32.0/19). + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.32.0/19 + Type: String + AccessCidr: + Description: CIDR IP range that is permitted to access Artifactory. + We recommend that you set this value to a trusted IP range. + For example, you might want to grant only your corporate network access to the software. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Type: String + RemoteAccessCidr: + Description: Remote CIDR range that allows you to connect to the bastion instance by using SSH. + We recommend that you set this value to a trusted IP range. + For example, you might want to grant specific ranges inside your corporate network SSH access. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Type: String + ELBScheme: + Description: Choose whether this is internet facing or internal. + AllowedValues: + - internal + - internet-facing + Default: internet-facing + Type: String + ProvisionBastionHost: + Description: Choose Disabled to skip creating a bastion instance. Due to the JFrog Container Registry nodes being + created in private subnets, the default setting of Enabled this is highly recommended. + AllowedValues: + - "Enabled" + - "Disabled" + Default: "Enabled" + Type: String + BastionInstanceType: + Description: Size of the bastion instances. + AllowedValues: + - t3.nano + - t3.micro + - t3.small + - t3.medium + - t3.large + - m5.large + - m5.xlarge + - m5.2xlarge + - m5.4xlarge + Default: "t3.micro" + Type: String + BastionRootVolumeSize: + Description: Size of the root volume on the bastion instances. + Default: 10 + Type: Number + BastionEnableTcpForwarding: + Description: Choose whether to enable TCPForwarding via the bootstrapping of the bastion instance + or not. + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + BastionEnableX11Forwarding: + Description: Choose true to enable X11 via the bootstrapping of the bastion host. + Setting this value to true will enable X Windows over SSH. + X11 forwarding can be useful, but it is also a security risk, so it's recommended + that you keep the default (false) setting. + AllowedValues: + - "true" + - "false" + Default: "false" + Type: String + BastionOs: + Description: Linux distribution for the Amazon Machine Image (AMI) to be used for the bastion instances. + AllowedValues: + - "Amazon-Linux2-HVM" + - "CentOS-7-HVM" + - "Ubuntu-Server-20.04-LTS-HVM" + - "SUSE-SLES-15-HVM" + Default: "Amazon-Linux2-HVM" + Type: String + NumBastionHosts: + Description: Number of bastion instances to create. + AllowedValues: + - '1' + - '2' + - '3' + - '4' + Default: '1' + Type: String + VolumeSize: + Description: Size in gigabytes of the available storage (min 10GB); the Quick Start will create an + Amazon Elastic Block Store (Amazon EBS) volumes of this size. + Default: 200 + Type: Number + InstanceType: + Description: EC2 type for the Artifactory instances. + AllowedValues: + - m5.large + - m5.xlarge + - m5.2xlarge + - m5.4xlarge + - m5.8xlarge + - m5.12xlarge + - m5.16xlarge + - m5.24xlarge + - m5.metal + - m5d.large + - m5d.xlarge + - m5d.2xlarge + - m5d.4xlarge + - m5d.8xlarge + - m5d.12xlarge + - m5d.16xlarge + - m5d.24xlarge + - m5d.metal + - m5a.large + - m5a.xlarge + - m5a.2xlarge + - m5a.4xlarge + - m5a.8xlarge + - m5a.12xlarge + - m5a.16xlarge + - m5a.24xlarge + ConstraintDescription: Must contain valid instance type. + Default: m5.xlarge + Type: String + NumberOfSecondary: + Description: Number of secondary Artifactory servers to complete your + HA deployment. To align with Artifactory best practices, the minimum number + is two and the maximum is seven. Do not select more instances than you + have licenses for. + AllowedValues: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + Default: 2 + Type: Number + ArtifactoryProduct: + Description: JFrog Artifactory product you want to install into an AMI. + AllowedValues: + - JFrog-Artifactory-Pro + - JFrog-Artifactory-Enterprise + - JFrog-Container-Registry + Default: JFrog-Artifactory-Enterprise + Type: String + ArtifactoryVersion: + Description: Version of Artifactory that you want to deploy into the Quick Start. + See the release notes to select the version you want to deploy at + https://www.jfrog.com/confluence/display/RTF/Release+Notes. + AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ + ConstraintDescription: A version that matches X.X.X per Artifactory releases + Default: 7.18.6 + Type: String + SmLicenseName: + Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses. + Default: '' + Type: String + SmCertName: + Description: Secret name created in AWS Secrets Manager, which contains the SSL certificate and certificate key. + Default: '' + Type: String + ArtifactoryServerName: + Description: Name of your Artifactory server. Ensure that this matches your certificate. + Type: String + MasterKey: + Description: Master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'. + AllowedPattern: ^[a-zA-Z0-9]+$ + MinLength: '1' + MaxLength: '64' + ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters. + NoEcho: 'true' + Type: String + ExtraJavaOptions: + Description: Set Java options to pass to the JVM for Artifactory. For more information, see the Artifactory + system requirements at https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware. + Do not add Xms or Xmx settings without disabling DefaultJavaMemSettings. + Default: -Xss256k -XX:+UseG1GC + Type: String + DefaultJavaMemSettings: + Description: Choose false to overwrite the standard memory-calculation options to pass to the Artifactory JVM. + If you plan to overwrite them, ensure they are added to the ExtraJavaOptions to prevent the stack provision from failing. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + DatabaseName: + Description: Name of your database instance. The name must be unique across all instances + owned by your AWS account in the current Region. The database instance identifier is case-insensitive, + but it's stored in lowercase (as in "mydbinstance"). + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + MinLength: '1' + MaxLength: '60' + ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter. + Default: artdb + Type: String + DatabaseEngine: + Description: Database engine that you want to run, which is currently locked to MySQL. + AllowedValues: + - Postgres + Default: Postgres + Type: String + DatabaseUser: + Description: Login ID for the master user of your database instance. + MinLength: '1' + MaxLength: '16' + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter. + Default: artifactory + Type: String + DatabasePassword: + Description: Password for the Artifactory database user. + AllowedPattern: ^[^ \\']+$ + MinLength: '8' + MaxLength: '12' + ConstraintDescription: Must be at least 8 and no more than + 12 characters containing letters and (minimum 1 capital letter), numbers and + symbols. + NoEcho: 'true' + Type: String + DatabaseInstance: + Description: Size of the database to be deployed as part of the Quick Start. + AllowedValues: + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.10xlarge + - db.m5.16xlarge + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.4xlarge + - db.m5.12xlarge + - db.m5.24xlarge + ConstraintDescription: Must be a valid database Instance Type. + Default: db.m5.large + Type: String + DatabaseAllocatedStorage: + Description: Size in gigabytes of the available storage for the database instance. + MinValue: 5 + MaxValue: 1024 + Default: 10 + Type: Number + DatabasePreferredAz: + Description: Preferred availability zone for Amazon RDS primary instance + Type: String + Default: '' + MultiAzDatabase: + Description: Choose false to create an Amazon RDS instance in a single Availability Zone. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + QsS3BucketName: + Description: S3 bucket name for the Quick Start assets. This string can include + numbers, lowercase letters, and hyphens (-). It cannot start + or end with a hyphen (-). + AllowedPattern: ^[0-9a-z]+([0-9a-z-]*[0-9a-z])*$ + ConstraintDescription: Quick Start bucket name can include numbers, lowercase + letters, and hyphens (-). It cannot start or end with a hyphen (-). + Default: jfrog-aws + Type: String + QsS3KeyPrefix: + Description: S3 key prefix for the Quick Start assets. Quick Start key prefix + can include numbers, lowercase letters, uppercase letters, hyphens (-), and + forward slash (/). + AllowedPattern: ^[0-9a-zA-Z-/]*$ + ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, + uppercase letters, hyphens (-), and forward slash (/). + Default: artifactory7/latest/ + Type: String + QsS3BucketRegion: + Default: 'us-east-1' + Description: AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. If you use your own bucket, you must specify your own value. + Type: String + InstallXray: + Description: Choose true to install JFrog Xray instance(s). + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + XrayVersion: + Description: The version of Xray that you want to deploy into the Quick Start. + AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ + ConstraintDescription: A version that matches X.X.X per Xray releases. + Default: 3.24.2 + Type: String + XrayNumberOfInstances: + Description: The number of Xray instances servers to complete your + HA deployment. The minimum number is one; the maximum is seven. + Do not select more than instances than you have licenses for. + MinValue: 1 + MaxValue: 7 + Default: 1 + Type: Number + XrayInstanceType: + Description: The EC2 instance type for the Xray instances. + AllowedValues: + - c5.2xlarge + - c5.4xlarge + ConstraintDescription: Must contain valid instance type. + Default: c5.2xlarge + Type: String + XrayDatabaseUser: + Description: The login ID for the Xray database user. + MinLength: '1' + MaxLength: '16' + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter. + Default: xray + Type: String + XrayDatabasePassword: + Description: The password for the Xray database user. + AllowedPattern: ^[^ \\']+$ + MinLength: '8' + MaxLength: '12' + ConstraintDescription: Must be at least 8 and no more than + 12 characters containing letters and (minimum 1 capital letter), numbers and + symbols. + NoEcho: 'true' + Type: String + +Conditions: + EnableBastion: !Equals [!Ref 'ProvisionBastionHost', 'Enabled'] + IsArtifactory: !Not [!Equals [!Ref ArtifactoryProduct, 'JFrog-Container-Registry']] + HasSecondaryNodes: !Not [!Equals [!Ref NumberOfSecondary, '0']] + DefaultJava: !Equals [!Ref DefaultJavaMemSettings, "true"] + UsingDefaultBucket: !Equals [!Ref QsS3BucketName, 'aws-quickstart'] + EnableXray: !Equals [!Ref InstallXray, 'true'] + SmCertNameNotExists: !Equals [!Ref 'SmCertName', ''] + SmCertNameExists: !Not [!Equals [!Ref 'SmCertName', '']] + +Resources: + BastionRole: + Condition: EnableBastion + Type: "AWS::IAM::Role" + Properties: + AssumeRolePolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Principal: + Service: ec2.amazonaws.com + Action: sts:AssumeRole + Policies: + - PolicyName: QSBucketAccess + PolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Action: s3:GetObject + Resource: !Sub "arn:${AWS::Partition}:s3:::${QsS3BucketName}/*" + - Effect: Allow + Action: + - logs:CreateLogStream + - logs:GetLogEvents + - logs:PutLogEvents + - logs:DescribeLogGroups + - logs:DescribeLogStreams + - logs:PutRetentionPolicy + - logs:PutMetricFilter + - logs:CreateLogGroup + Resource: !Sub "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:*:*" + - Effect: Allow + Action: + - ec2:AssociateAddress + - ec2:DescribeAddresses + Resource: "*" + BastionStack: + Condition: EnableBastion + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix}submodules/quickstart-linux-bastion/templates/linux-bastion.template + - S3Bucket: !If [UsingDefaultBucket, !Sub '${QsS3BucketName}-${AWS::Region}', !Ref 'QsS3BucketName'] + S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref 'QsS3BucketRegion'] + Parameters: + VPCID: !Ref VpcId + PublicSubnet1ID: !Ref PublicSubnet1Id + PublicSubnet2ID: !Ref PublicSubnet2Id + KeyPairName: !Ref KeyPairName + QSS3BucketName: !Ref QsS3BucketName + QSS3KeyPrefix: !Sub '${QsS3KeyPrefix}submodules/quickstart-linux-bastion/' + QSS3BucketRegion: !Ref QsS3BucketRegion + RemoteAccessCIDR: !Ref RemoteAccessCidr + BastionInstanceType: !Ref BastionInstanceType + RootVolumeSize: !Ref BastionRootVolumeSize + BastionAMIOS: !Ref BastionOs + EnableTCPForwarding: !Ref BastionEnableTcpForwarding + EnableX11Forwarding: !Ref BastionEnableX11Forwarding + AlternativeIAMRole: !Ref BastionRole + NumBastionHosts: !Ref NumBastionHosts + + ArtifactoryCoreInfraStack: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-core-infrastructure.template.yaml + - S3Bucket: !If [UsingDefaultBucket, !Sub '${QsS3BucketName}-${AWS::Region}', !Ref 'QsS3BucketName'] + S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref 'QsS3BucketRegion'] + Parameters: + AvailabilityZones: + Fn::Join: + - ',' + - Ref: AvailabilityZones + VpcId: !Ref VpcId + VpcCidr: !Ref VpcCidr + PrivateSubnet1Cidr: !Ref PrivateSubnet1Cidr + PrivateSubnet2Cidr: !Ref PrivateSubnet2Cidr + PrivateSubnet3Cidr: !Ref PrivateSubnet2Cidr # This should end up in no new rule but required for EKS + SubnetIds: !Join [",", [!Ref PrivateSubnet1Id, !Ref PrivateSubnet2Id]] + DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage + DatabasePreferredAz: !Ref DatabasePreferredAz + MultiAzDatabase: !Ref MultiAzDatabase + DatabaseEngine: !Ref DatabaseEngine + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + DatabaseInstance: !Ref DatabaseInstance + DatabaseName: !Ref DatabaseName + InstanceType: !Ref InstanceType + ArtifactoryHostRole: !Ref ArtifactoryHostRole + VolumeSize: !Ref VolumeSize + ArtifactoryElb: + Type: AWS::ElasticLoadBalancingV2::LoadBalancer + Properties: + IpAddressType: ipv4 + Scheme: !Ref ELBScheme + Subnets: + - !Ref PublicSubnet1Id + - !Ref PublicSubnet2Id + Type: network + # Type: application + ArtifactorySslTargetGroup: + Type: AWS::ElasticLoadBalancingV2::TargetGroup + Properties: + HealthCheckEnabled: True + HealthCheckIntervalSeconds: 30 + HealthCheckProtocol: TCP + HealthCheckTimeoutSeconds: 10 + HealthyThresholdCount: 3 + HealthCheckPort: "8082" + Port: 443 + Protocol: TCP + TargetType: instance + UnhealthyThresholdCount: 3 + VpcId: !Ref VpcId + ArtifactoryTargetGroup: + Type: AWS::ElasticLoadBalancingV2::TargetGroup + Properties: + HealthCheckEnabled: True + HealthCheckIntervalSeconds: 30 + HealthCheckProtocol: TCP + HealthCheckTimeoutSeconds: 10 + HealthyThresholdCount: 3 + HealthCheckPort: "8082" + Port: 80 + Protocol: TCP + TargetType: instance + UnhealthyThresholdCount: 3 + VpcId: !Ref VpcId + ArtifactorySslElbListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Properties: + DefaultActions: + - TargetGroupArn: !Ref ArtifactorySslTargetGroup + Type: forward + LoadBalancerArn: !Ref ArtifactoryElb + Port: 443 + Protocol: TCP + ArtifactoryElbListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Condition: SmCertNameNotExists + Properties: + DefaultActions: + - TargetGroupArn: !Ref ArtifactoryTargetGroup + Type: forward + LoadBalancerArn: !Ref ArtifactoryElb + Port: 80 + Protocol: TCP + ArtifactoryInternalElb: + Type: AWS::ElasticLoadBalancingV2::LoadBalancer + Properties: + IpAddressType: ipv4 + # Name: ArtifactoryInternal-ELB + Scheme: internal + Subnets: + - !Ref PrivateSubnet1Id + - !Ref PrivateSubnet2Id + Type: network + ArtifactoryInternalTargetGroup: + Type: AWS::ElasticLoadBalancingV2::TargetGroup + Properties: + HealthCheckEnabled: True + HealthCheckIntervalSeconds: 30 + HealthCheckProtocol: TCP + HealthCheckTimeoutSeconds: 10 + HealthyThresholdCount: 3 + HealthCheckPort: "8082" + # Name: artifactory-internal-http + Port: 80 + Protocol: TCP + TargetType: instance + UnhealthyThresholdCount: 3 + VpcId: !Ref VpcId + ArtifactoryInternalElbListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Properties: + DefaultActions: + - TargetGroupArn: !Ref ArtifactoryInternalTargetGroup + Type: forward + LoadBalancerArn: !Ref ArtifactoryInternalElb + Port: 80 + Protocol: TCP + ArtifactoryEc2Sg: + Type: AWS::EC2::SecurityGroup + Properties: + Tags: + - Key: Name + Value: !Sub ${ArtifactoryProduct}-ec2-instances-sg + GroupDescription: SG for EC2 instances (also permits access using SSH from the bastion host) + VpcId: !Ref VpcId + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 80 + ToPort: 80 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 80 + ToPort: 80 + CidrIp: !Ref AccessCidr + - IpProtocol: tcp + FromPort: 443 + ToPort: 443 + CidrIp: !Ref AccessCidr + - IpProtocol: tcp + FromPort: 443 + ToPort: 443 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 8081 + ToPort: 8082 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 8046 + ToPort: 8046 + CidrIp: !Ref VpcCidr + SecurityGroupEgress: + - IpProtocol: "-1" + CidrIp: 0.0.0.0/0 + ArtifactoryHostRole: + Type: AWS::IAM::Role + Properties: + Path: / + AssumeRolePolicyDocument: + Statement: + - Action: + - 'sts:AssumeRole' + Principal: + Service: + - ec2.amazonaws.com + Effect: Allow + Version: 2012-10-17 + ManagedPolicyArns: + - !Sub 'arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonEC2RoleforSSM' + Policies: + - PolicyName: "JFrogAMI-policy" + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: "Allow" + Action: "ec2:Describe*" + Resource: "*" + - Effect: "Allow" + Action: "ec2:AttachVolume" + Resource: "*" + - Effect: "Allow" + Action: "ec2:DetachVolume" + Resource: "*" + - Effect: "Allow" + Action: + - "s3:GetObject" + - "s3:ListObject" + - "s3:ListBucket" + Resource: "*" + - PolicyName: 'CloudWatch-policy' + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: "Allow" + Action: + - "logs:CreateLogGroup" + - "logs:CreateLogStream" + - "logs:PutLogEvents" + - "logs:DescribeLogStreams" + Resource: "arn:aws:logs:*:*:*" + - Effect: "Allow" + Action: + - "s3:GetObject" + Resource: "*" + - PolicyName: 'SecretsMaanger-policy' + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: "Allow" + Action: + - "secretsmanager:GetSecretValue" + Resource: "arn:aws:secretsmanager:*:*:secret:*" + ArtifactoryHostProfile: + Type: AWS::IAM::InstanceProfile + Properties: + InstanceProfileName: !Ref ArtifactoryHostRole + Roles: + - !Ref ArtifactoryHostRole + Path: / + ArtifactoryPrimary: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-ec2-instance.template.yaml + - S3Bucket: !If [UsingDefaultBucket, !Sub '${QsS3BucketName}-${AWS::Region}', !Ref 'QsS3BucketName'] + S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref 'QsS3BucketRegion'] + Parameters: + PrivateSubnetIds: !Join [',', [!Ref PrivateSubnet1Id]] + MinScalingNodes: '1' # Always have 1 PrimaryNode + MaxScalingNodes: '1' # Always have 1 PrimaryNode + DeploymentTag: !If [IsArtifactory, "ArtifactoryPrimary", "JcrPrimary"] + HostRole: !Ref ArtifactoryHostRole + QsS3BucketName: !Ref QsS3BucketName + QsS3KeyPrefix: !Ref QsS3KeyPrefix + QsS3Uri: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix} + - S3Bucket: !If + - UsingDefaultBucket + - !Sub 'aws-quickstart-${AWS::Region}' + - !Ref 'QsS3BucketName' + S3Region: !If + - UsingDefaultBucket + - !Ref 'AWS::Region' + - !Ref 'QsS3BucketRegion' + ArtifactoryProduct: !Ref ArtifactoryProduct + ArtifactoryLicensesSecretName: !Ref SmLicenseName + ArtifactoryServerName: !Ref ArtifactoryServerName + EnableSSL: !If [SmCertNameExists, true, false] + Certificate: !If [SmCertNameExists, !Sub '{{resolve:secretsmanager:${SmCertName}:SecretString:Certificate}}', ''] + CertificateKey: !If [SmCertNameExists, !Sub '{{resolve:secretsmanager:${SmCertName}:SecretString:CertificateKey}}', ''] + CertificateDomain: !If [SmCertNameExists, !Sub '{{resolve:secretsmanager:${SmCertName}:SecretString:CertificateDomain}}', ''] + ArtifactoryS3Bucket: !GetAtt ArtifactoryCoreInfraStack.Outputs.S3Bucket + DatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl + DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + DatabasePlugin: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePlugin + DatabasePluginUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePluginUrl + DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + ArtifactoryPrimary: true + MasterKey: !Ref MasterKey + ExtraJavaOptions: !If [DefaultJava, !Sub "${ArtifactoryCoreInfraStack.Outputs.JavaOpts} ${ExtraJavaOptions}", !Ref ExtraJavaOptions] + ArtifactoryVersion: !Ref ArtifactoryVersion + KeyPairName: !Ref KeyPairName + HostProfile: !Ref ArtifactoryHostProfile + SecurityGroups: !Ref ArtifactoryEc2Sg + InstanceType: !Ref InstanceType + PrimaryVolume: !GetAtt ArtifactoryCoreInfraStack.Outputs.ArtifactoryEbsVolume + VolumeSize: !Ref VolumeSize + TargetGroupARN: !Ref ArtifactoryTargetGroup + SSLTargetGroupARN: !Ref ArtifactorySslTargetGroup + InternalTargetGroupARN: !Ref ArtifactoryInternalTargetGroup + + ArtifactorySecondary: + Condition: HasSecondaryNodes + DependsOn: ArtifactoryPrimary + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-ec2-instance.template.yaml + - S3Bucket: !If [UsingDefaultBucket, !Sub '${QsS3BucketName}-${AWS::Region}', !Ref 'QsS3BucketName'] + S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref 'QsS3BucketRegion'] + Parameters: + PrivateSubnetIds: !Join [',', [!Ref PrivateSubnet1Id, !Ref PrivateSubnet2Id]] + MinScalingNodes: !Ref NumberOfSecondary + MaxScalingNodes: !Ref NumberOfSecondary + DeploymentTag: ArtifactorySecondary + HostRole: !Ref ArtifactoryHostRole + ArtifactoryProduct: !Ref ArtifactoryProduct + ArtifactoryLicensesSecretName: !Ref SmLicenseName + ArtifactoryServerName: !Ref ArtifactoryServerName + EnableSSL: !If [SmCertNameExists, true, false] + Certificate: !If [SmCertNameExists, !Sub '{{resolve:secretsmanager:${SmCertName}:SecretString:Certificate}}', ''] + CertificateKey: !If [SmCertNameExists, !Sub '{{resolve:secretsmanager:${SmCertName}:SecretString:CertificateKey}}', ''] + CertificateDomain: !If [SmCertNameExists, !Sub '{{resolve:secretsmanager:${SmCertName}:SecretString:CertificateDomain}}', ''] + ArtifactoryS3Bucket: !GetAtt ArtifactoryCoreInfraStack.Outputs.S3Bucket + DatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl + DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + DatabasePlugin: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePlugin + DatabasePluginUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePluginUrl + DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + ArtifactoryPrimary: false + MasterKey: !Ref MasterKey + ExtraJavaOptions: !If [DefaultJava, !Sub "${ArtifactoryCoreInfraStack.Outputs.JavaOpts} ${ExtraJavaOptions}", !Ref ExtraJavaOptions] + ArtifactoryVersion: !Ref ArtifactoryVersion + KeyPairName: !Ref KeyPairName + HostProfile: !Ref ArtifactoryHostProfile + SecurityGroups: !Ref ArtifactoryEc2Sg + InstanceType: !Ref InstanceType + PrimaryVolume: !GetAtt ArtifactoryCoreInfraStack.Outputs.ArtifactoryEbsVolume + VolumeSize: !Ref VolumeSize + TargetGroupARN: !Ref ArtifactoryTargetGroup + SSLTargetGroupARN: !Ref ArtifactorySslTargetGroup + InternalTargetGroupARN: !Ref ArtifactoryInternalTargetGroup + QsS3BucketName: !Ref QsS3BucketName + QsS3KeyPrefix: !Ref QsS3KeyPrefix + QsS3Uri: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix} + - S3Bucket: !If + - UsingDefaultBucket + - !Sub 'aws-quickstart-${AWS::Region}' + - !Ref 'QsS3BucketName' + S3Region: !If + - UsingDefaultBucket + - !Ref 'AWS::Region' + - !Ref 'QsS3BucketRegion' + XrayHostRole: + Condition: EnableXray + Type: AWS::IAM::Role + Properties: + Path: / + AssumeRolePolicyDocument: + Statement: + - Action: + - 'sts:AssumeRole' + Principal: + Service: + - ec2.amazonaws.com + Effect: Allow + Version: 2012-10-17 + ManagedPolicyArns: + - !Sub 'arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonEC2RoleforSSM' + Policies: + - PolicyName: "JFrogAMI-policy" + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: "Allow" + Action: "ec2:Describe*" + Resource: "*" + - Effect: "Allow" + Action: "ec2:AttachVolume" + Resource: "*" + - Effect: "Allow" + Action: "ec2:DetachVolume" + Resource: "*" + - Effect: "Allow" + Action: + - "s3:GetObject" + - "s3:ListObject" + - "s3:ListBucket" + Resource: "*" + - PolicyName: 'CloudWatch-policy' + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: "Allow" + Action: + - "logs:CreateLogGroup" + - "logs:CreateLogStream" + - "logs:PutLogEvents" + - "logs:DescribeLogStreams" + Resource: "arn:aws:logs:*:*:*" + - Effect: "Allow" + Action: + - "s3:GetObject" + Resource: "*" + XrayHostProfile: + Condition: EnableXray + Type: AWS::IAM::InstanceProfile + Properties: + InstanceProfileName: !Ref XrayHostRole + Roles: + - !Ref XrayHostRole + Path: / + XrayExistingVpcStack: + Condition: EnableXray + DependsOn: ArtifactoryPrimary + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-xray-ec2-instance.template.yaml + - S3Bucket: !If [UsingDefaultBucket, !Sub '${QsS3BucketName}-${AWS::Region}', !Ref 'QsS3BucketName'] + S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref 'QsS3BucketRegion'] + Parameters: + PrivateSubnet1Id: !Ref PrivateSubnet1Id + PrivateSubnet2Id: !Ref PrivateSubnet2Id + KeyPairName: !Ref KeyPairName + MinScalingNodes: !Ref XrayNumberOfInstances + MaxScalingNodes: !Ref XrayNumberOfInstances + DeploymentTag: 'xray' + ArtifactoryProduct: !Ref ArtifactoryProduct + QsS3BucketName: !Ref QsS3BucketName + QsS3KeyPrefix: !Ref QsS3KeyPrefix + QsS3Uri: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix} + - S3Bucket: !If + - UsingDefaultBucket + - !Sub 'aws-quickstart-${AWS::Region}' + - !Ref 'QsS3BucketName' + S3Region: !If + - UsingDefaultBucket + - !Ref 'AWS::Region' + - !Ref 'QsS3BucketRegion' + DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + MasterKey: !Ref MasterKey + SecurityGroups: !Ref ArtifactoryEc2Sg + VolumeSize: !Ref VolumeSize + ExtraJavaOptions: !GetAtt ArtifactoryCoreInfraStack.Outputs.JavaOpts + XrayInstanceType: !Ref XrayInstanceType + JfrogInternalUrl: !Sub "http://${ArtifactoryInternalElb.DNSName}" + XrayDatabaseUser: !Ref XrayDatabaseUser + XrayDatabasePassword: !Ref XrayDatabasePassword + XrayMasterDatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayMasterDatabaseUrl + XrayDatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayDatabaseUrl + XrayVersion: !Ref XrayVersion + XrayHostRole: !Ref XrayHostRole + XrayHostProfile: !Ref XrayHostProfile +Outputs: + ArtifactoryUrl: + Description: URL of the ELB to access Artifactory + Value: !If [SmCertNameExists, !Sub "https://${ArtifactoryElb.DNSName}", !Sub "http://${ArtifactoryElb.DNSName}"] + Export: + Name: !Sub '${AWS::StackName}-ArtifactoryUrl' + ArtifactoryInternalUrl: + Description: URL of the internal ELB to access Artifactory + Value: !Sub "http://${ArtifactoryInternalElb.DNSName}" + Export: + Name: !Sub '${AWS::StackName}-ArtifactoryInternalUrl' + DatabaseType: + Description: Type of database + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + Export: + Name: !Sub '${AWS::StackName}-DatabaseType' + DatabaseDriver: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + Export: + Name: !Sub '${AWS::StackName}-DatabaseDriver' + DatabaseUrl: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl + Export: + Name: !Sub '${AWS::StackName}-DatabaseUrl' + ArtifactoryTargetGroup: + Description: Artifactory target group + Value: !Ref ArtifactoryTargetGroup + Export: + Name: !Sub '${AWS::StackName}-ArtifactoryTargetGroup' + ArtifactorySslTargetGroup: + Description: Artifactory SSL target group + Value: !Ref ArtifactorySslTargetGroup + Export: + Name: !Sub '${AWS::StackName}-ArtifactorySslTargetGroup' + ArtifactoryEc2Sg: + Description: Artifactory EC2 sercurity group + Value: !Ref ArtifactoryEc2Sg + Export: + Name: !Sub '${AWS::StackName}-ArtifactoryEc2Sg' + BastionIp: + Value: !If + - EnableBastion + - !GetAtt BastionStack.Outputs.EIP1 + - "" + XrayMasterDatabaseUrl: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayMasterDatabaseUrl + Export: + Name: !Sub '${AWS::StackName}-XrayMasterDatabaseUrl' + XrayDatabaseUrl: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayDatabaseUrl + Export: + Name: !Sub '${AWS::StackName}-XrayDatabaseUrl' diff --git a/Amazon/artifactory7/v7186/templates/jfrog-artifactory-ec2-instance.template.yaml b/Amazon/artifactory7/v7186/templates/jfrog-artifactory-ec2-instance.template.yaml new file mode 100644 index 0000000..54adb68 --- /dev/null +++ b/Amazon/artifactory7/v7186/templates/jfrog-artifactory-ec2-instance.template.yaml @@ -0,0 +1,454 @@ +AWSTemplateFormatVersion: "2010-09-09" +Description: "Artifactory: Deploys the EC2 Autoscaling, LaunchConfig and instances (qs-1qpmmjh5o)" +Parameters: + PrivateSubnetIds: + Type: List + MinScalingNodes: + Type: Number + MaxScalingNodes: + Type: Number + DeploymentTag: + Type: String + HostRole: + Type: String + ArtifactoryProduct: + Description: JFrog Artifactory product you want to install into an AMI. + AllowedValues: + - JFrog-Artifactory-Pro + - JFrog-Artifactory-Enterprise + - JFrog-Container-Registry + Default: JFrog-Artifactory-Enterprise + Type: String + QsS3BucketName: + Type: String + QsS3KeyPrefix: + Type: String + QsS3Uri: + Type: String + ArtifactoryLicensesSecretName: + Type: String + ArtifactoryServerName: + Type: String + Certificate: + Type: String + CertificateKey: + Type: String + NoEcho: 'true' + CertificateDomain: + Type: String + EnableSSL: + Type: String + ArtifactoryS3Bucket: + Type: String + DatabaseUrl: + Type: String + DatabaseDriver: + Type: String + DatabasePluginUrl: + Type: String + DatabasePlugin: + Type: String + DatabaseType: + Type: String + DatabaseUser: + Type: String + DatabasePassword: + Type: String + NoEcho: 'true' + ArtifactoryPrimary: + Type: String + MasterKey: + Type: String + NoEcho: 'true' + ExtraJavaOptions: + Type: String + ArtifactoryVersion: + Type: String + KeyPairName: + Type: AWS::EC2::KeyPair::KeyName + TargetGroupARN: + Type: String + SSLTargetGroupARN: + Type: String + InternalTargetGroupARN: + Type: String + HostProfile: + Type: String + SecurityGroups: + Type: String + InstanceType: + Type: String + PrimaryVolume: + Type: String + VolumeSize: + Type: Number + UserDataDirectory: + Description: Directory to store Artifactory data. Can be used to store data (via symlink) in detachable volume + Type: String + Default: '/artifactory-user-data' + +# To populate additional mappings use following link +# https://raw.githubusercontent.com/aws-quickstart/quickstart-linux-bastion/master/templates/linux-bastion.template +Mappings: + AWSAMIRegionMap: + ap-northeast-1: + CentOS7HVM: "ami-06a46da680048c8ae" + ap-northeast-2: + CentOS7HVM: "ami-06e83aceba2cb0907" + ap-south-1: + CentOS7HVM: "ami-026f33d38b6410e30" + ap-southeast-1: + CentOS7HVM: "ami-07f65177cb990d65b" + ap-southeast-2: + CentOS7HVM: "ami-0b2045146eb00b617" + ca-central-1: + CentOS7HVM: "ami-04a25c39dc7a8aebb" + eu-central-1: + CentOS7HVM: "ami-0e8286b71b81c3cc1" + me-south-1: + CentOS7HVM: "ami-011c71a894b10f35b" + ap-east-1: + CentOS7HVM: "ami-0e5c29e6c87a9644f" + eu-north-1: + CentOS7HVM: "ami-05788af9005ef9a93" + eu-south-1: + CentOS7HVM: "ami-0a84267606bcea16b" + eu-west-1: + CentOS7HVM: "ami-0b850cf02cc00fdc8" + eu-west-2: + CentOS7HVM: "ami-09e5afc68eed60ef4" + eu-west-3: + CentOS7HVM: "ami-0cb72d2e599cffbf9" + sa-east-1: + CentOS7HVM: "ami-0b30f38d939dd4b54" + us-east-1: + CentOS7HVM: "ami-0affd4508a5d2481b" + us-east-2: + CentOS7HVM: "ami-01e36b7901e884a10" + us-west-1: + CentOS7HVM: "ami-098f55b4287a885ba" + us-west-2: + CentOS7HVM: "ami-0bc06212a56393ee1" + cn-north-1: + CentOS7HVM: "ami-0e02aaefeb74c3373" + cn-northwest-1: + CentOS7HVM: "ami-07183a7702633260b" + us-gov-east-1: + CentOS7HVM: "ami-00e30c71" + us-gov-west-1: + CentOS7HVM: "ami-bbba86da" + + ArtifactoryProductMap: + JFrog-Container-Registry: + "7153": "Jcr7153" + flavor: "jcr" + haEabled: false + product: "jcr" + JFrog-Artifactory-Enterprise: + "7153": "Artifactory7153" + flavor: "pro" + haEabled: true + product: "artifactory" + JFrog-Artifactory-Pro: + "7153": "Artifactory7153" + flavor: "pro" + haEabled: false + product: "artifactory" + +Conditions: + IsSecondary: !Equals [!Ref ArtifactoryPrimary, 'false'] + +Resources: + ArtifactoryScalingGroup: + Type: AWS::AutoScaling::AutoScalingGroup + Properties: + LaunchConfigurationName: !Ref ArtifactoryLaunchConfiguration + VPCZoneIdentifier: !Ref PrivateSubnetIds + MinSize: !Ref MinScalingNodes + MaxSize: !Ref MaxScalingNodes + Cooldown: '300' + DesiredCapacity: !Ref MinScalingNodes + TargetGroupARNs: + - !Ref TargetGroupARN + - !Ref SSLTargetGroupARN + - !Ref InternalTargetGroupARN + HealthCheckType: ELB + HealthCheckGracePeriod: 1800 + Tags: + - Key: Name + Value: !Ref DeploymentTag + PropagateAtLaunch: true + - Key: ArtifactoryVersion + Value: !Ref ArtifactoryVersion + PropagateAtLaunch: true + TerminationPolicies: + - OldestInstance + - Default + CreationPolicy: + ResourceSignal: + Count: !Ref MinScalingNodes + Timeout: PT60M + + ArtifactoryLaunchConfiguration: + Type: AWS::AutoScaling::LaunchConfiguration + Metadata: + AWS::CloudFormation::Authentication: + S3AccessCreds: + type: S3 + roleName: + - !Ref HostRole # !Ref ArtifactoryHostRole + buckets: + - !Ref QsS3BucketName + AWS::CloudFormation::Init: + configSets: + jfrog_ami_setup: + - "config-cloudwatch" + - "config-ansible-art-ami" + - "config-artifactory-primary" + - "secure-artifactory" + artifactory_install: + - "config-cloudwatch" + - "config-artifactory-primary" + - "secure-artifactory" + config-cloudwatch: + files: + /root/cloudwatch.conf: + content: | + [general] + state_file = /var/awslogs/state/agent-state + + [/var/log/messages] + file = /var/log/messages + log_group_name = /artifactory/instances/{instance_id} + log_stream_name = /var/log/messages/ + datetime_format = %b %d %H:%M:%S + + [/var/log/jfrog-ami-setup.log] + file = /var/log/messages + log_group_name = /artifactory/instances/{instance_id} + log_stream_name = /var/log/jfrog-ami-setup.log + datetime_format = %b %d %H:%M:%S + + [/var/log/jfrog-ami-artifactory.log] + file = /var/log/messages + log_group_name = /artifactory/instances/{instance_id} + log_stream_name = /var/log/jfrog-ami-artifactory.log + datetime_format = %b %d %H:%M:%S + mode: "0400" + config-ansible-art-ami: + files: + /root/.jfrog_ami/jfrog-ami-setup.yml: + content: !Sub | + # Base install for JFrogAMIInstance + - import_playbook: artifactory-ami.yml + vars: + ami_creation: false + artifactory_flavour: "pro" + artifactory_ha_enabled: false + artifactory_tar: "https://releases.jfrog.io/artifactory/artifactory-pro/org/artifactory/pro/jfrog-artifactory-pro/${ArtifactoryVersion}/jfrog-artifactory-pro-${ArtifactoryVersion}-linux.tar.gz" + artifactory_version: ${ArtifactoryVersion} + db_download_url: "https://jdbc.postgresql.org/download/postgresql-42.2.12.jar" + db_type: "postgresql" + db_driver: "org.postgresql.Driver" + mode: "0400" + config-artifactory-primary: + files: + /root/attach_volume.sh: + content: !Sub | + #!/usr/bin/env bash + IS_PRIMARY="${ArtifactoryPrimary}" + + if [[ $IS_PRIMARY != "true" ]]; then + echo 'Not primary node. Skipping EBS volume attachment.' + lsblk # debug + exit 0 + fi + + echo "Using primary volume ID ${PrimaryVolume}" + VOLUME_ID="${PrimaryVolume}" + echo "VOLUME_ID: $VOLUME_ID" + if [[ -z "$VOLUME_ID" ]]; then + echo 'Invalid $VOLUME_ID' + exit 1 + fi + + # Get instance id from AWS + INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id) + + # Attach the volume created by another CFT + # the device name should become /dev/nvme1n1 + # See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html + echo "Attaching volume $VOLUME_ID to instance $INSTANCE_ID" + /var/awslogs/bin/aws ec2 attach-volume --volume-id $VOLUME_ID --instance-id $INSTANCE_ID --device /dev/xvdf --region ${AWS::Region} + + echo "Wait for volume $VOLUME_ID to attach" + sleep 30 # Give volume time to attach + lsblk # debug + mode: "0770" + /root/.jfrog_ami/artifactory.yml: + content: !Sub + - | + # Base install for Artifactory + - import_playbook: site-artifactory.yml + vars: + artifactory_product: ${product} + artifactory_flavour: ${flavor} + artifactory_ha_enabled: ${ha_enabled} + artifactory_is_primary: ${ArtifactoryPrimary} + artifactory_server_name: ${ArtifactoryServerName} + server_name: ${ArtifactoryServerName}.${CertificateDomain} + use_custom_data_directory: true + custom_data_directory: "${UserDataDirectory}" + s3_region: ${AWS::Region} + s3_bucket: ${ArtifactoryS3Bucket} + certificate: ${Certificate} + certificate_key: ${CertificateKey} + certificate_domain: ${CertificateDomain} + enable_ssl: ${EnableSSL} + ssl_dir: /etc/pki/tls/certs + db_type: ${DatabaseType} + db_driver: ${DatabaseDriver} + db_url: ${DatabaseUrl} + db_user: ${DatabaseUser} + db_password: ${DatabasePassword} + master_key: ${MasterKey} + join_key: ${MasterKey} + extra_java_opts: ${ExtraJavaOptions} + artifactory_version: ${ArtifactoryVersion} + artifactory_keystore: + path: /opt/jfrog/artifactory/app/third-party/java/lib/security/cacerts + default_password: changeit + new_keystore_pass: ${DatabasePassword} + artifactory_java_db_drivers: + - name: ${DatabasePlugin} + url: ${DatabasePluginUrl} + owner: artifactory + group: artifactory + product_id: 'CloudFormation_SP_EC2/1.0.0' + - flavor: !FindInMap [ArtifactoryProductMap, !Ref ArtifactoryProduct, flavor] + ha_enabled: !FindInMap [ArtifactoryProductMap, !Ref ArtifactoryProduct, haEabled] + product: !FindInMap [ArtifactoryProductMap, !Ref ArtifactoryProduct, product] + mode: "0400" + /root/.vault_pass.txt: + content: !Sub | + ${DatabasePassword} + mode: "0400" + /root/.secureit.sh: + content: + ansible-vault encrypt /root/.jfrog_ami/artifactory.yml --vault-id /root/.vault_pass.txt + mode: "0770" + secure-artifactory: + commands: + 'secure ansible playbook': + command: '/root/.secureit.sh' + ignoreErrors: 'false' + Properties: + KeyName: !Ref KeyPairName + IamInstanceProfile: !Ref HostProfile + ImageId: !FindInMap + - AWSAMIRegionMap + - !Ref AWS::Region + - 'CentOS7HVM' + SecurityGroups: + - !Ref SecurityGroups + BlockDeviceMappings: + !If + - IsSecondary + - - DeviceName: /dev/xvda + Ebs: + VolumeSize: !Ref VolumeSize + VolumeType: gp2 + DeleteOnTermination: true + Encrypted: true + - !Ref AWS::NoValue + InstanceType: !Ref InstanceType + UserData: + Fn::Base64: + !Sub | + #!/bin/bash -x + + #CFN Functions + + function cfn_fail + + { + + cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource ArtifactoryScalingGroup + + exit 1 + + } + + function cfn_success + + { + + cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource ArtifactoryScalingGroup + + exit 0 + + } + + S3URI=${QsS3Uri} + + # Update OS + yum update -y + + # Install git + yum install -y epel-release git policycoreutils-python + + yum update --security -y 2>&1 | tee /var/log/userdata.yum_security_update.log + + yum install -y jq python3 libselinux-python3 + + echo $PATH + + PATH=/opt/aws/bin:$PATH + + echo $PATH + + # Create virtual env and activate + python3 -m venv ~/venv --system-site-packages + source ~/venv/bin/activate + + pip install --upgrade pip + pip install wheel + + # Install Cloudformation helper scripts + pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz 2>&1 | tee /var/log/userdata.aws_cfn_bootstrap_install.log + + pip install awscli 2>&1 | tee /var/log/userdata.awscli_install.log + + pip install ansible 2>&1 | tee /var/log/userdata.ansible_install.log + + mkdir ~/.jfrog_ami + + aws s3 --region ${AWS::Region} sync s3://${QsS3BucketName}/${QsS3KeyPrefix}cloudInstallerScripts/ ~/.jfrog_ami/ || cfn_fail + + setsebool httpd_can_network_connect 1 -P + + # CentOS cloned virtual machines do not create a new machine id + # https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/ + rm -f /etc/machine-id + systemd-machine-id-setup + + cfn-init -v --stack ${AWS::StackName} --resource ArtifactoryLaunchConfiguration --configsets jfrog_ami_setup --region ${AWS::Region} || cfn_fail + + # Setup CloudWatch Agent + curl https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py -O + chmod +x ./awslogs-agent-setup.py + ./awslogs-agent-setup.py -n -r ${AWS::Region} -c /root/cloudwatch.conf 2>&1 | tee /var/log/userdata.cloudwatch_agent_install.log + + /root/attach_volume.sh || cfn_fail + + ansible-galaxy collection install community.general ansible.posix + + aws secretsmanager get-secret-value --secret-id ${ArtifactoryLicensesSecretName} --region ${AWS::Region} | jq -r '{"artifactory_licenses":(.SecretString | fromjson )}' > ~/.jfrog_ami/licenses.json || cfn_fail + + ansible-playbook /root/.jfrog_ami/jfrog-ami-setup.yml --vault-id /root/.vault_pass.txt 2>&1 | tee /var/log/jfrog-ami-setup.log || cfn_fail + ansible-playbook /root/.jfrog_ami/artifactory.yml -e "@~/.jfrog_ami/licenses.json" --vault-id /root/.vault_pass.txt 2>&1 | tee /var/log/jfrog-ami-artifactory.log || cfn_fail + + rm -rf /root/.secureit.sh + + cfn_success &> /var/log/cfn_success.log + cfn_success || cfn_fail diff --git a/Amazon/artifactory7/v7186/templates/jfrog-artifactory-ec2-master.template.yaml b/Amazon/artifactory7/v7186/templates/jfrog-artifactory-ec2-master.template.yaml new file mode 100644 index 0000000..933220c --- /dev/null +++ b/Amazon/artifactory7/v7186/templates/jfrog-artifactory-ec2-master.template.yaml @@ -0,0 +1,613 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: 'JFrog Artifactory Quick Start Deployment (qs-1qpmmjh2f)' +Metadata: + QuickStartDocumentation: + EntrypointName: "Parameters for launching into a new VPC" + Order: "1" + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: Security configuration + Parameters: + - KeyPairName + - AccessCidr + - RemoteAccessCidr + - Label: + default: Network configuration + Parameters: + - AvailabilityZones + - VpcCidr + - PrivateSubnet1Cidr + - PrivateSubnet2Cidr + - PublicSubnet1Cidr + - PublicSubnet2Cidr + - Label: + default: Bastion configuration + Parameters: + - ProvisionBastionHost + - BastionInstanceType + - BastionOs + - BastionRootVolumeSize + - BastionEnableTcpForwarding + - NumBastionHosts + - BastionEnableX11Forwarding + - Label: + default: Amazon EC2 configuration + Parameters: + - VolumeSize + - InstanceType + - Label: + default: JFrog Artifactory configuration + Parameters: + - ArtifactoryProduct + - ArtifactoryVersion + - NumberOfSecondary + - SmLicenseName + - SmCertName + - ArtifactoryServerName + - MasterKey + - ExtraJavaOptions + - DefaultJavaMemSettings + - Label: + default: Amazon RDS configuration + Parameters: + - DatabaseName + - DatabaseEngine + - DatabaseUser + - DatabasePassword + - DatabaseInstance + - DatabaseAllocatedStorage + - DatabasePreferredAz + - MultiAzDatabase + - Label: + default: AWS Quick Start configuration + Parameters: + - QsS3BucketName + - QsS3KeyPrefix + - QsS3BucketRegion + - Label: + default: JFrog Xray Configuration + Parameters: + - InstallXray + - XrayVersion + - XrayNumberOfInstances + - XrayInstanceType + - XrayDatabaseUser + - XrayDatabasePassword + ParameterLabels: + AvailabilityZones: + default: Availability Zones + KeyPairName: + default: SSH key name + PrivateSubnet1Cidr: + default: Private subnet 1 CIDR + PrivateSubnet2Cidr: + default: Private subnet 2 CIDR + PublicSubnet1Cidr: + default: Public subnet 1 CIDR + PublicSubnet2Cidr: + default: Public subnet 2 CIDR + AccessCidr: + default: Permitted IP range + RemoteAccessCidr: + default: Remote access CIDR + VpcCidr: + default: VPC CIDR + ProvisionBastionHost: + default: Bastion instance + BastionInstanceType: + default: Bastion instance type + BastionRootVolumeSize: + default: Bastion root volume size + BastionEnableTcpForwarding: + default: Bastion enable TCP forwarding + BastionEnableX11Forwarding: + default: Bastion enable X11 forwarding + BastionOs: + default: Bastion operating system + NumBastionHosts: + default: Number of bastion instances + VolumeSize: + default: EBS root volume size + InstanceType: + default: EC2 instance type + NumberOfSecondary: + default: Secondary instances + ArtifactoryProduct: + default: Artifactory product to install + ArtifactoryVersion: + default: Artifactory version + SmLicenseName: + default: Artifactory licenses secret name + SmCertName: + default: Artifactory certificate secret name + ArtifactoryServerName: + default: Artifactory server name + MasterKey: + default: Master server key + ExtraJavaOptions: + default: Extra Java options + DefaultJavaMemSettings: + default: Default Java memory settings + DatabaseName: + default: Database name + DatabaseEngine: + default: Database engine + DatabaseUser: + default: Database user + DatabasePassword: + default: Database password + DatabaseInstance: + default: Database instance type + DatabaseAllocatedStorage: + default: Database allocated storage + DatabasePreferredAz: + default: Database preferred Availability Zone + MultiAzDatabase: + default: High-availability database + QsS3BucketName: + default: Quick Start S3 bucket name + QsS3KeyPrefix: + default: Quick Start S3 key prefix + QsS3BucketRegion: + default: Quick Start S3 bucket region + InstallXray: + default: Install JFrog Xray + XrayVersion: + default: Version of Xray to install + XrayNumberOfInstances: + default: Number of JFrog XrayNumberOfInstances + XrayInstanceType: + default: Xray instance type + XrayDatabaseUser: + default: Xray Database user + XrayDatabasePassword: + default: Xray Database password +Parameters: + VpcCidr: + Description: CIDR block for the VPC. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/16 + Type: String + AvailabilityZones: + Description: List of Availability Zones to use for the subnets in the VPC. Two + Availability Zones are used for this deployment. + Type: List + KeyPairName: + Description: Name of an existing key pair, + which allows you to connect securely to your instance after it launches. + This is the key pair you created in your preferred Region. + Type: AWS::EC2::KeyPair::KeyName + PrivateSubnet1Cidr: + Description: CIDR block for private subnet 1 located in Availability Zone 1. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/19 + Type: String + PrivateSubnet2Cidr: + Description: CIDR block for private subnet 2 located in Availability Zone 2. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.32.0/19 + Type: String + PublicSubnet1Cidr: + Description: CIDR block for the public (DMZ) subnet 1 located in Availability + Zone 1. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.128.0/20 + Type: String + PublicSubnet2Cidr: + Description: CIDR block for the public (DMZ) subnet 2 located in Availability + Zone 2. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.144.0/20 + Type: String + AccessCidr: + Description: CIDR IP range permitted to access Artifactory. + It is recommended that you set this value to a trusted IP range. + For example, you may want to limit software access to your corporate network. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Type: String + RemoteAccessCidr: + Description: Remote CIDR range that allows you to connect to the bastion instance by using SSH. + It is recommended that you set this value to a trusted IP range. + For example, you may want to grant specific ranges from within your corporate network that use the SSH protocol. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Type: String + ProvisionBastionHost: + Description: To skip creating a bastion instance, choose Disabled. Because Artifactory nodes are + created in private subnets, it's highly recommended to set this value to Enabled. + AllowedValues: + - "Enabled" + - "Disabled" + Default: "Enabled" + Type: String + BastionInstanceType: + Description: Size of the bastion instances. + AllowedValues: + - t3.nano + - t3.micro + - t3.small + - t3.medium + - t3.large + - m5.large + - m5.xlarge + - m5.2xlarge + - m5.4xlarge + Default: "t3.micro" + Type: String + BastionRootVolumeSize: + Description: Size of the root volume in the bastion instances. + Default: 10 + Type: Number + BastionEnableTcpForwarding: + Description: Choose whether to enable TCP forwarding via bootstrapping of the bastion + instance. + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + BastionEnableX11Forwarding: + Description: Choose true to enable X11 via bootstrapping of the bastion host. + Setting this value to true enables X Windows over SSH. + X11 forwarding can be useful, but it is also a security risk, so it's recommended + that you keep the default (false) setting. + AllowedValues: + - "true" + - "false" + Default: "false" + Type: String + BastionOs: + Description: Linux distribution for the Amazon Machine Image (AMI) to be used for the bastion instances. + AllowedValues: + - "Amazon-Linux2-HVM" + - "CentOS-7-HVM" + - "Ubuntu-Server-20.04-LTS-HVM" + - "SUSE-SLES-15-HVM" + Default: "Amazon-Linux2-HVM" + Type: String + NumBastionHosts: + Description: Number of bastion instances to create. + AllowedValues: + - '1' + - '2' + - '3' + - '4' + Default: '1' + Type: String + VolumeSize: + Description: Size in gigabytes of available storage (min 10GB). The Quick Start creates an + Amazon Elastic Block Store (Amazon EBS) volumes of this size. + Default: 200 + Type: Number + InstanceType: + Description: EC2 instance type for the Artifactory instances. + AllowedValues: + - m5.large + - m5.xlarge + - m5.2xlarge + - m5.4xlarge + - m5.8xlarge + - m5.12xlarge + - m5.16xlarge + - m5.24xlarge + - m5.metal + - m5d.large + - m5d.xlarge + - m5d.2xlarge + - m5d.4xlarge + - m5d.8xlarge + - m5d.12xlarge + - m5d.16xlarge + - m5d.24xlarge + - m5d.metal + - m5a.large + - m5a.xlarge + - m5a.2xlarge + - m5a.4xlarge + - m5a.8xlarge + - m5a.12xlarge + - m5a.16xlarge + - m5a.24xlarge + ConstraintDescription: Must contain valid instance type. + Default: m5.xlarge + Type: String + NumberOfSecondary: + Description: Number of secondary Artifactory servers to complete your + HA deployment. To align with Artifactory best practices, the minimum number + is two, and the maximum is seven. Do not select more instances than you + have licenses for. + AllowedValues: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + Default: 2 + Type: Number + ArtifactoryProduct: + Description: JFrog Artifactory product you want to install into an AMI. + AllowedValues: + - JFrog-Artifactory-Pro + - JFrog-Artifactory-Enterprise + - JFrog-Container-Registry + Default: JFrog-Artifactory-Enterprise + Type: String + ArtifactoryVersion: + Description: Version of Artifactory that you want to deploy into the Quick Start. + To select the correct version, see the release notes at + https://www.jfrog.com/confluence/display/RTF/Release+Notes. + Default: 7.18.6 + Type: String + SmLicenseName: + Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses. + Default: '' + Type: String + SmCertName: + Description: Secret name created in AWS Secrets Manager, which contains the SSL certificate and certificate key. + Default: '' + Type: String + ArtifactoryServerName: + Description: Name of your Artifactory server. Ensure that this matches your certificate. + Type: String + MasterKey: + Description: Master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'. + AllowedPattern: ^[a-zA-Z0-9]+$ + MinLength: '1' + MaxLength: '64' + ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters. + NoEcho: 'true' + Type: String + ExtraJavaOptions: + Description: Set Java options to pass to the JVM for Artifactory. For more information, see the Artifactory + system requirements at https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware. + Do not add Xms or Xmx settings without disabling DefaultJavaMemSettings. + Default: -Xss256k -XX:+UseG1GC + Type: String + DefaultJavaMemSettings: + Description: Choose false to overwrite the standard memory-calculation options to pass to the Artifactory JVM. + If you plan to overwrite them, ensure they are added to the ExtraJavaOptions to prevent the stack provision from failing. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + DatabaseName: + Description: Name of your database instance. The name must be unique across all instances + owned by your AWS account in the current Region. The database instance identifier is case-insensitive, + but it's stored in lowercase (as in "mydbinstance"). + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + MinLength: '1' + MaxLength: '60' + ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter. + Default: artdb + Type: String + DatabaseEngine: + Description: Database engine that you want to run. + AllowedValues: + - Postgres + Default: Postgres + Type: String + DatabaseUser: + Description: Login ID for the master user of your database instance. + MinLength: '1' + MaxLength: '16' + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + ConstraintDescription: 1 to 16 alphanumeric characters. The first character must be a letter. + Default: artifactory + Type: String + DatabasePassword: + Description: Password for the Artifactory database user. + AllowedPattern: ^[^ \\']+$ + MinLength: '8' + MaxLength: '12' + ConstraintDescription: Must be at least 8 and no more than + 12 characters containing letters and (minimum 1 capital letter), numbers and + symbols. + NoEcho: 'true' + Type: String + DatabaseInstance: + Description: Size of the database to be deployed as part of the Quick Start. + AllowedValues: + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.10xlarge + - db.m5.16xlarge + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.4xlarge + - db.m5.12xlarge + - db.m5.24xlarge + ConstraintDescription: Must be a valid database Instance Type. + Default: db.m5.large + Type: String + DatabaseAllocatedStorage: + Description: Size in gigabytes of available storage for the database instance. + MinValue: 5 + MaxValue: 1024 + Default: 10 + Type: Number + DatabasePreferredAz: + Description: Preferred availability zone for Amazon RDS primary instance + Type: String + Default: '' + MultiAzDatabase: + Description: Choose false to create an Amazon RDS instance in a single Availability Zone. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + QsS3BucketName: + Description: S3 bucket name for the Quick Start assets. This string can include + numbers, lowercase letters, and hyphens (-). It cannot start + or end with a hyphen (-). + AllowedPattern: ^[0-9a-z]+([0-9a-z-]*[0-9a-z])*$ + ConstraintDescription: Quick Start bucket name can include numbers, lowercase + letters, and hyphens (-). It cannot start or end with a hyphen (-). + Default: jfrog-aws + Type: String + QsS3KeyPrefix: + Description: S3 key prefix for the Quick Start assets. Quick Start key prefix + can include numbers, lowercase letters, uppercase letters, hyphens (-), and + forward slash (/). + AllowedPattern: ^[0-9a-zA-Z-/]*$ + ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, + uppercase letters, hyphens (-), and forward slash (/). + Default: artifactory7/latest/ + Type: String + QsS3BucketRegion: + Default: 'us-east-1' + Description: AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. If you use your own bucket, you must specify your own value. + Type: String + InstallXray: + Description: Choose true to install JFrog Xray instance(s). + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + XrayVersion: + Description: The version of Xray that you want to deploy into the Quick Start. + Default: 3.24.2 + Type: String + XrayNumberOfInstances: + Description: The number of Xray instances servers to complete your + HA deployment. The minimum number is one; the maximum is seven. + Do not select more than instances than you have licenses for. + MinValue: 1 + MaxValue: 7 + Default: 1 + Type: Number + XrayInstanceType: + Description: The EC2 instance type for the Xray instances. + AllowedValues: + - c5.2xlarge + - c5.4xlarge + ConstraintDescription: Must contain valid instance type. + Default: c5.2xlarge + Type: String + XrayDatabaseUser: + Description: The login ID for the Xray database user. + MinLength: '1' + MaxLength: '16' + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter. + Default: xray + Type: String + XrayDatabasePassword: + Description: The password for the Xray database user. + AllowedPattern: ^[^ \\']+$ + MinLength: '8' + MaxLength: '12' + ConstraintDescription: Must be at least 8 and no more than + 12 characters containing letters and (minimum 1 capital letter), numbers and + symbols. + NoEcho: 'true' + Type: String +Conditions: + UsingDefaultBucket: !Equals [!Ref QsS3BucketName, 'aws-quickstart'] + +Resources: + ArtifactoryVpcStack: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template + - S3Bucket: !If [UsingDefaultBucket, !Sub '${QsS3BucketName}-${AWS::Region}', !Ref 'QsS3BucketName'] + S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref 'QsS3BucketRegion'] + Parameters: + AvailabilityZones: + Fn::Join: + - ',' + - Ref: AvailabilityZones + KeyPairName: + Ref: KeyPairName + NumberOfAZs: '2' + PrivateSubnet1ACIDR: + Ref: PrivateSubnet1Cidr + PrivateSubnet2ACIDR: + Ref: PrivateSubnet2Cidr + PublicSubnet1CIDR: + Ref: PublicSubnet1Cidr + PublicSubnet2CIDR: + Ref: PublicSubnet2Cidr + VPCCIDR: + Ref: VpcCidr + ArtifactoryExistingVpcStack: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-ec2-existing-vpc.template.yaml + - S3Bucket: !If [UsingDefaultBucket, !Sub '${QsS3BucketName}-${AWS::Region}', !Ref 'QsS3BucketName'] + S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref 'QsS3BucketRegion'] + Parameters: + AvailabilityZones: + Fn::Join: + - ',' + - Ref: AvailabilityZones + KeyPairName: !Ref KeyPairName + VpcId: !GetAtt ArtifactoryVpcStack.Outputs.VPCID + VpcCidr: !Ref VpcCidr + PublicSubnet1Id: !GetAtt ArtifactoryVpcStack.Outputs.PublicSubnet1ID + PublicSubnet2Id: !GetAtt ArtifactoryVpcStack.Outputs.PublicSubnet2ID + PrivateSubnet1Id: !GetAtt ArtifactoryVpcStack.Outputs.PrivateSubnet1AID + PrivateSubnet2Id: !GetAtt ArtifactoryVpcStack.Outputs.PrivateSubnet2AID + PrivateSubnet1Cidr: !Ref PrivateSubnet1Cidr + PrivateSubnet2Cidr: !Ref PrivateSubnet2Cidr + AccessCidr: !Ref AccessCidr + RemoteAccessCidr: !Ref RemoteAccessCidr + ProvisionBastionHost: !Ref ProvisionBastionHost + BastionInstanceType: !Ref BastionInstanceType + BastionRootVolumeSize: !Ref BastionRootVolumeSize + BastionEnableTcpForwarding: !Ref BastionEnableTcpForwarding + BastionEnableX11Forwarding: !Ref BastionEnableX11Forwarding + BastionOs: !Ref BastionOs + NumBastionHosts: !Ref NumBastionHosts + VolumeSize: !Ref VolumeSize + InstanceType: !Ref InstanceType + NumberOfSecondary: !Ref NumberOfSecondary + ArtifactoryProduct: !Ref ArtifactoryProduct + ArtifactoryVersion: !Ref ArtifactoryVersion + SmLicenseName: !Ref SmLicenseName + SmCertName: !Ref SmCertName + ArtifactoryServerName: !Ref ArtifactoryServerName + MasterKey: !Ref MasterKey + ExtraJavaOptions: !Ref ExtraJavaOptions + DefaultJavaMemSettings: !Ref DefaultJavaMemSettings + DatabaseName: !Ref DatabaseName + DatabaseEngine: !Ref DatabaseEngine + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + DatabaseInstance: !Ref DatabaseInstance + DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage + DatabasePreferredAz: !Ref DatabasePreferredAz + MultiAzDatabase: !Ref MultiAzDatabase + QsS3BucketName: !Ref QsS3BucketName + QsS3KeyPrefix: !Ref QsS3KeyPrefix + QsS3BucketRegion: !Ref QsS3BucketRegion + InstallXray: !Ref InstallXray + XrayVersion: !Ref XrayVersion + XrayNumberOfInstances: !Ref XrayNumberOfInstances + XrayInstanceType: !Ref XrayInstanceType + XrayDatabaseUser: !Ref XrayDatabaseUser + XrayDatabasePassword: !Ref XrayDatabasePassword +Outputs: + ArtifactoryUrl: + Description: URL of the ELB to access Artifactory + Value: !Sub ${ArtifactoryExistingVpcStack.Outputs.ArtifactoryUrl} + BastionIp: + Value: !Sub ${ArtifactoryExistingVpcStack.Outputs.BastionIp} + Description: Bastion host IP, for admin access via SSH diff --git a/Amazon/artifactory7/v7186/templates/jfrog-artifactory-pro-ec2-existing-vpc-master.template.yaml b/Amazon/artifactory7/v7186/templates/jfrog-artifactory-pro-ec2-existing-vpc-master.template.yaml new file mode 100644 index 0000000..e628d06 --- /dev/null +++ b/Amazon/artifactory7/v7186/templates/jfrog-artifactory-pro-ec2-existing-vpc-master.template.yaml @@ -0,0 +1,353 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: 'JFrog Artifactory Quick Start Deployment into an Existing VPC (qs-1q037efj0)' +Metadata: + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: AWS Quick Start configuration + Parameters: + - QsS3BucketName + - QsS3KeyPrefix + - QsS3BucketRegion + - Label: + default: Essential configuration + Parameters: + - KeyPairName + - DatabasePassword + - Label: + default: Network configuration + Parameters: + - VpcId + - PublicSubnet1Id + - PublicSubnet2Id + - PrivateSubnet1Id + - PrivateSubnet2Id + - PrivateSubnet1Cidr + - PrivateSubnet2Cidr + - Label: + default: Security configuration + Parameters: + - AccessCidr + - RemoteAccessCidr + - Label: + default: Amazon EC2 configuration + Parameters: + - VolumeSize + - InstanceType + - Label: + default: JFrog Artifactory configuration + Parameters: + - ArtifactoryVersion + - SmLicenseName + - SmCertName + - ArtifactoryServerName + - MasterKey + - Label: + default: Amazon RDS configuration + Parameters: + - DatabaseInstance + - DatabaseAllocatedStorage + - DatabasePreferredAz + - Label: + default: JFrog Xray Configuration + Parameters: + - InstallXray + - XrayVersion + - XrayInstanceType + ParameterLabels: + QsS3BucketName: + default: Quick Start S3 bucket name + QsS3KeyPrefix: + default: Quick Start S3 key prefix + QsS3BucketRegion: + default: Quick Start S3 bucket region + KeyPairName: + default: SSH key name + VpcId: + default: VPC ID + PublicSubnet1Id: + default: Public subnet 1 ID + PublicSubnet2Id: + default: Public subnet 2 ID + PrivateSubnet1Id: + default: Private subnet 1 ID + PrivateSubnet2Id: + default: Private subnet 2 ID + PrivateSubnet1Cidr: + default: Private subnet 1 CIDR + PrivateSubnet2Cidr: + default: Private subnet 2 CIDR + AccessCidr: + default: Permitted IP range + RemoteAccessCidr: + default: Remote access CIDR + VolumeSize: + default: EBS root volume size + InstanceType: + default: EC2 instance type + ArtifactoryVersion: + default: Artifactory version + SmLicenseName: + default: Artifactory licenses secret name + SmCertName: + default: Artifactory certificate secret name + ArtifactoryServerName: + default: Artifactory server name + MasterKey: + default: Master server key + DatabasePassword: + default: Database password + DatabaseInstance: + default: Database instance type + DatabaseAllocatedStorage: + default: Database allocated storage + DatabasePreferredAz: + default: Database preferred Availability Zone + InstallXray: + default: Install JFrog Xray + XrayVersion: + default: Version of Xray to install + XrayInstanceType: + default: Xray instance type +Parameters: + QsS3BucketName: + Description: S3 bucket name for the Quick Start assets. This string can include + numbers, lowercase letters, and hyphens (-). It cannot start + or end with a hyphen (-). + AllowedPattern: ^[0-9a-z]+([0-9a-z-]*[0-9a-z])*$ + ConstraintDescription: Quick Start bucket name can include numbers, lowercase + letters, and hyphens (-). It cannot start or end with a hyphen (-). + Default: jfrog-aws + Type: String + QsS3KeyPrefix: + Description: S3 key prefix for the Quick Start assets. Quick Start key prefix + can include numbers, lowercase letters, uppercase letters, hyphens (-), and + forward slash (/). + AllowedPattern: ^[0-9a-zA-Z-/]*$ + ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, + uppercase letters, hyphens (-), and forward slash (/). + Default: artifactory7/latest/ + Type: String + QsS3BucketRegion: + Default: 'us-east-1' + Description: AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. If you use your own bucket, you must specify your own value. + Type: String + KeyPairName: + Description: Name of an existing key pair, + which allows you to connect securely to your instance after it launches. + This is the key pair you created in your preferred Region. + Type: AWS::EC2::KeyPair::KeyName + VpcId: + Description: ID of your existing VPC (e.g., vpc-0343606e). + Type: "AWS::EC2::VPC::Id" + PublicSubnet1Id: + Description: ID of the public subnet 1 in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab). + Type: "AWS::EC2::Subnet::Id" + PublicSubnet2Id: + Description: ID of the public subnet 2 in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet1Id: + Description: ID of the private subnet 1 in Availability Zone 1 of your existing VPC (e.g., subnet-a29c3d84). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet2Id: + Description: ID of the private subnet 2 in Availability Zone 1 of your existing VPC (e.g., subnet-a29c3d84). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet1Cidr: + Description: CIDR of the private subnet 1 in Availability Zone 1 of your existing VPC (e.g., 10.0.0.0/19). + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.128.0/20 + Type: String + PrivateSubnet2Cidr: + Description: CIDR of the private subnet 2 in Availability Zone 1 of your existing VPC (e.g., 10.0.0.0/19). + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.144.0/20 + Type: String + AccessCidr: + Description: CIDR IP range that is permitted to access Artifactory. + We recommend that you set this value to a trusted IP range. + For example, you might want to grant only your corporate network access to the software. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Default: 0.0.0.0/0 + Type: String + RemoteAccessCidr: + Description: Remote CIDR range that allows you to connect to the bastion instance by using SSH. + It is recommended that you set this value to a trusted IP range. + For example, you may want to grant specific ranges from within your corporate network that use the SSH protocol. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Type: String + VolumeSize: + Description: Size in gigabytes of the available storage (min 10GB); the Quick Start will create an + Amazon Elastic Block Store (Amazon EBS) volumes of this size. + Default: 100 + Type: Number + InstanceType: + Description: EC2 type for the Artifactory instances. + AllowedValues: + - m5.large + - m5.xlarge + - m5.2xlarge + - m5.4xlarge + - m5.8xlarge + - m5.12xlarge + - m5.16xlarge + - m5.24xlarge + - m5.metal + - m5d.large + - m5d.xlarge + - m5d.2xlarge + - m5d.4xlarge + - m5d.8xlarge + - m5d.12xlarge + - m5d.16xlarge + - m5d.24xlarge + - m5d.metal + - m5a.large + - m5a.xlarge + - m5a.2xlarge + - m5a.4xlarge + - m5a.8xlarge + - m5a.12xlarge + - m5a.16xlarge + - m5a.24xlarge + ConstraintDescription: Must contain valid instance type. + Default: m5.xlarge + Type: String + ArtifactoryVersion: + Description: Version of Artifactory that you want to deploy into the Quick Start. + To select the correct version, see the release notes at + https://www.jfrog.com/confluence/display/RTF/Release+Notes. + AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ + ConstraintDescription: A version that matches X.X.X per Artifactory releases. + Default: 7.18.6 + Type: String + SmLicenseName: + Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses. + Default: '' + Type: String + SmCertName: + Description: Secret name created in AWS Secrets Manager, which contains the SSL certificate and certificate key. + Default: '' + Type: String + ArtifactoryServerName: + Description: Name of your Artifactory server. Ensure that this matches your certificate. + Default: 'artifactory' + Type: String + MasterKey: + Description: Master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'. + AllowedPattern: ^[a-zA-Z0-9]+$ + MinLength: '1' + MaxLength: '64' + ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters. + NoEcho: 'true' + Default: 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF' + Type: String + DatabasePassword: + Description: Password for the Artifactory database user. + AllowedPattern: ^[^ \\']+$ + MinLength: '8' + MaxLength: '12' + ConstraintDescription: Must be at least 8 and no more than + 12 characters containing letters and (minimum 1 capital letter), numbers and + symbols. + NoEcho: 'true' + Type: String + DatabaseInstance: + Description: Size of the database to be deployed as part of the Quick Start. + AllowedValues: + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.10xlarge + - db.m5.16xlarge + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.4xlarge + - db.m5.12xlarge + - db.m5.24xlarge + ConstraintDescription: Must be a valid database Instance Type. + Default: db.m5.large + Type: String + DatabaseAllocatedStorage: + Description: Size in gigabytes of the available storage for the database instance. + MinValue: 5 + MaxValue: 1024 + Default: 10 + Type: Number + DatabasePreferredAz: + Description: Preferred availability zone for Amazon RDS primary instance + Default: us-west-2a + Type: AWS::EC2::AvailabilityZone::Name + InstallXray: + Description: Choose true to install JFrog Xray instance(s). + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "false" + Type: String + XrayVersion: + Description: The version of Xray that you want to deploy into the Quick Start. + AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ + ConstraintDescription: A version that matches X.X.X per Xray releases. + Default: 3.24.2 + Type: String + XrayInstanceType: + Description: The EC2 instance type for the Xray instances. + AllowedValues: + - c5.2xlarge + - c5.4xlarge + ConstraintDescription: Must contain valid instance type. + Default: c5.2xlarge + Type: String +Conditions: + UsingDefaultBucket: !Equals [!Ref QsS3BucketName, 'aws-quickstart'] +Resources: + ArtifactoryExistingVpcStack: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-ec2-existing-vpc.template.yaml + - S3Bucket: !If [UsingDefaultBucket, !Sub '${QsS3BucketName}-${AWS::Region}', !Ref 'QsS3BucketName'] + S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref 'QsS3BucketRegion'] + Parameters: + AvailabilityZones: !Join [',', [!Ref DatabasePreferredAz]] + KeyPairName: !Ref KeyPairName + ProvisionBastionHost: "Enabled" + AccessCidr: !Ref AccessCidr + RemoteAccessCidr: !Ref RemoteAccessCidr + ArtifactoryProduct: 'JFrog-Artifactory-Pro' + ArtifactoryVersion: !Ref ArtifactoryVersion + VolumeSize: !Ref VolumeSize + InstanceType: !Ref InstanceType + NumberOfSecondary: 0 + SmLicenseName: !Ref SmLicenseName + SmCertName: !Ref SmCertName + ArtifactoryServerName: !Ref ArtifactoryServerName + MasterKey: !Ref MasterKey + DatabasePassword: !Ref DatabasePassword + DatabaseInstance: !Ref DatabaseInstance + DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage + DatabasePreferredAz: !Ref DatabasePreferredAz + MultiAzDatabase: false + QsS3BucketName: !Ref QsS3BucketName + QsS3KeyPrefix: !Ref QsS3KeyPrefix + QsS3BucketRegion: !Ref QsS3BucketRegion + InstallXray: !Ref InstallXray + XrayVersion: !Ref XrayVersion + XrayInstanceType: !Ref XrayInstanceType + XrayDatabasePassword: !Ref DatabasePassword + VpcId: !Ref VpcId + PublicSubnet1Id: !Ref PublicSubnet1Id + PublicSubnet2Id: !Ref PublicSubnet2Id + PrivateSubnet1Id: !Ref PrivateSubnet1Id + PrivateSubnet2Id: !Ref PrivateSubnet2Id + PrivateSubnet1Cidr: !Ref PrivateSubnet1Cidr + PrivateSubnet2Cidr: !Ref PrivateSubnet2Cidr + +Outputs: + ArtifactoryUrl: + Description: URL of the ELB to access Artifactory + Value: !Sub ${ArtifactoryExistingVpcStack.Outputs.ArtifactoryUrl} diff --git a/Amazon/artifactory7/v7186/templates/jfrog-artifactory-pro-ec2-new-vpc-master.template.yaml b/Amazon/artifactory7/v7186/templates/jfrog-artifactory-pro-ec2-new-vpc-master.template.yaml new file mode 100644 index 0000000..26ecf01 --- /dev/null +++ b/Amazon/artifactory7/v7186/templates/jfrog-artifactory-pro-ec2-new-vpc-master.template.yaml @@ -0,0 +1,298 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: 'JFrog Artifactory Quick Start Deployment into an Existing VPC (qs-1q037efj0)' +Metadata: + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: AWS Quick Start configuration + Parameters: + - QsS3BucketName + - QsS3KeyPrefix + - QsS3BucketRegion + - Label: + default: Essential configuration + Parameters: + - KeyPairName + - DatabasePassword + - Label: + default: Network configuration + Parameters: + - AvailabilityZones + - Label: + default: Security configuration + Parameters: + - AccessCidr + - RemoteAccessCidr + - Label: + default: Amazon EC2 configuration + Parameters: + - VolumeSize + - InstanceType + - Label: + default: JFrog Artifactory configuration + Parameters: + - ArtifactoryVersion + - SmLicenseName + - SmCertName + - ArtifactoryServerName + - MasterKey + - Label: + default: Amazon RDS configuration + Parameters: + - DatabaseInstance + - DatabaseAllocatedStorage + - Label: + default: JFrog Xray Configuration + Parameters: + - InstallXray + - XrayVersion + - XrayInstanceType + ParameterLabels: + QsS3BucketName: + default: Quick Start S3 bucket name + QsS3KeyPrefix: + default: Quick Start S3 key prefix + QsS3BucketRegion: + default: Quick Start S3 bucket region + KeyPairName: + default: SSH key name + AccessCidr: + default: Permitted IP range + RemoteAccessCidr: + default: Remote access CIDR + AvailabilityZones: + default: Availability Zones + VolumeSize: + default: EBS root volume size + InstanceType: + default: EC2 instance type + ArtifactoryVersion: + default: Artifactory version + SmLicenseName: + default: Artifactory licenses secret name + SmCertName: + default: Artifactory certificate secret name + ArtifactoryServerName: + default: Artifactory server name + MasterKey: + default: Master server key + DatabasePassword: + default: Database password + DatabaseInstance: + default: Database instance type + DatabaseAllocatedStorage: + default: Database allocated storage + InstallXray: + default: Install JFrog Xray + XrayVersion: + default: Version of Xray to install + XrayInstanceType: + default: Xray instance type +Parameters: + QsS3BucketName: + Description: S3 bucket name for the Quick Start assets. This string can include + numbers, lowercase letters, and hyphens (-). It cannot start + or end with a hyphen (-). + AllowedPattern: ^[0-9a-z]+([0-9a-z-]*[0-9a-z])*$ + ConstraintDescription: Quick Start bucket name can include numbers, lowercase + letters, and hyphens (-). It cannot start or end with a hyphen (-). + Default: jfrog-aws + Type: String + QsS3KeyPrefix: + Description: S3 key prefix for the Quick Start assets. Quick Start key prefix + can include numbers, lowercase letters, uppercase letters, hyphens (-), and + forward slash (/). + AllowedPattern: ^[0-9a-zA-Z-/]*$ + ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, + uppercase letters, hyphens (-), and forward slash (/). + Default: artifactory7/latest/ + Type: String + QsS3BucketRegion: + Default: 'us-east-1' + Description: AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. If you use your own bucket, you must specify your own value. + Type: String + KeyPairName: + Description: Name of an existing key pair, + which allows you to connect securely to your instance after it launches. + This is the key pair you created in your preferred Region. + Type: AWS::EC2::KeyPair::KeyName + AccessCidr: + Description: CIDR IP range that is permitted to access Artifactory. + We recommend that you set this value to a trusted IP range. + For example, you might want to grant only your corporate network access to the software. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Default: 0.0.0.0/0 + Type: String + RemoteAccessCidr: + Description: Remote CIDR range that allows you to connect to the bastion instance by using SSH. + It is recommended that you set this value to a trusted IP range. + For example, you may want to grant specific ranges from within your corporate network that use the SSH protocol. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Type: String + AvailabilityZones: + Description: List of Availability Zones to use for the subnets in the VPC. Two + Availability Zones are used for this deployment. + Type: List + VolumeSize: + Description: Size in gigabytes of the available storage (min 10GB); the Quick Start will create an + Amazon Elastic Block Store (Amazon EBS) volumes of this size. + Default: 100 + Type: Number + InstanceType: + Description: EC2 type for the Artifactory instances. + AllowedValues: + - m5.large + - m5.xlarge + - m5.2xlarge + - m5.4xlarge + - m5.8xlarge + - m5.12xlarge + - m5.16xlarge + - m5.24xlarge + - m5.metal + - m5d.large + - m5d.xlarge + - m5d.2xlarge + - m5d.4xlarge + - m5d.8xlarge + - m5d.12xlarge + - m5d.16xlarge + - m5d.24xlarge + - m5d.metal + - m5a.large + - m5a.xlarge + - m5a.2xlarge + - m5a.4xlarge + - m5a.8xlarge + - m5a.12xlarge + - m5a.16xlarge + - m5a.24xlarge + ConstraintDescription: Must contain valid instance type. + Default: m5.xlarge + Type: String + ArtifactoryVersion: + Description: Version of Artifactory that you want to deploy into the Quick Start. + To select the correct version, see the release notes at + https://www.jfrog.com/confluence/display/RTF/Release+Notes. + Default: 7.18.6 + Type: String + SmLicenseName: + Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses. + Default: '' + Type: String + SmCertName: + Description: Secret name created in AWS Secrets Manager, which contains the SSL certificate and certificate key. + Default: '' + Type: String + ArtifactoryServerName: + Description: Name of your Artifactory server. Ensure that this matches your certificate. + Default: 'artifactory' + Type: String + MasterKey: + Description: Master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'. + AllowedPattern: ^[a-zA-Z0-9]+$ + MinLength: '1' + MaxLength: '64' + ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters. + NoEcho: 'true' + Default: 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF' + Type: String + DatabasePassword: + Description: Password for the Artifactory database user. + AllowedPattern: ^[^ \\']+$ + MinLength: '8' + MaxLength: '12' + ConstraintDescription: Must be at least 8 and no more than + 12 characters containing letters and (minimum 1 capital letter), numbers and + symbols. + NoEcho: 'true' + Type: String + DatabaseInstance: + Description: Size of the database to be deployed as part of the Quick Start. + AllowedValues: + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.10xlarge + - db.m5.16xlarge + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.4xlarge + - db.m5.12xlarge + - db.m5.24xlarge + ConstraintDescription: Must be a valid database Instance Type. + Default: db.m5.large + Type: String + DatabaseAllocatedStorage: + Description: Size in gigabytes of the available storage for the database instance. + MinValue: 5 + MaxValue: 1024 + Default: 10 + Type: Number + InstallXray: + Description: Choose true to install JFrog Xray instance(s). + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "false" + Type: String + XrayVersion: + Description: The version of Xray that you want to deploy into the Quick Start. + Default: 3.24.2 + Type: String + XrayInstanceType: + Description: The EC2 instance type for the Xray instances. + AllowedValues: + - c5.2xlarge + - c5.4xlarge + ConstraintDescription: Must contain valid instance type. + Default: c5.2xlarge + Type: String +Conditions: + UsingDefaultBucket: !Equals [!Ref QsS3BucketName, 'aws-quickstart'] +Resources: + ArtifactoryNewVpcStack: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub + - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-ec2-master.template.yaml + - S3Bucket: !If [UsingDefaultBucket, !Sub '${QsS3BucketName}-${AWS::Region}', !Ref 'QsS3BucketName'] + S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref 'QsS3BucketRegion'] + Parameters: + KeyPairName: !Ref KeyPairName + ProvisionBastionHost: "Enabled" + AccessCidr: !Ref AccessCidr + RemoteAccessCidr: !Ref RemoteAccessCidr + ArtifactoryProduct: 'JFrog-Artifactory-Pro' + ArtifactoryVersion: !Ref ArtifactoryVersion + VolumeSize: !Ref VolumeSize + InstanceType: !Ref InstanceType + NumberOfSecondary: 0 + SmLicenseName: !Ref SmLicenseName + SmCertName: !Ref SmCertName + ArtifactoryServerName: !Ref ArtifactoryServerName + MasterKey: !Ref MasterKey + DatabasePassword: !Ref DatabasePassword + DatabaseInstance: !Ref DatabaseInstance + DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage + DatabasePreferredAz: !Select + - '0' + - !Ref 'AvailabilityZones' + MultiAzDatabase: false + QsS3BucketName: !Ref QsS3BucketName + QsS3KeyPrefix: !Ref QsS3KeyPrefix + QsS3BucketRegion: !Ref QsS3BucketRegion + InstallXray: !Ref InstallXray + XrayVersion: !Ref XrayVersion + XrayInstanceType: !Ref XrayInstanceType + XrayDatabasePassword: !Ref DatabasePassword + AvailabilityZones: + Fn::Join: + - ',' + - Ref: AvailabilityZones +Outputs: + ArtifactoryUrl: + Description: URL of the ELB to access Artifactory + Value: !Sub ${ArtifactoryNewVpcStack.Outputs.ArtifactoryUrl} diff --git a/Amazon/artifactory7/v7186/templates/jfrog-xray-ec2-instance.template.yaml b/Amazon/artifactory7/v7186/templates/jfrog-xray-ec2-instance.template.yaml new file mode 100644 index 0000000..11c93e6 --- /dev/null +++ b/Amazon/artifactory7/v7186/templates/jfrog-xray-ec2-instance.template.yaml @@ -0,0 +1,326 @@ +AWSTemplateFormatVersion: "2010-09-09" +Description: "Xray: Deploys the EC2 Autoscaling, LaunchConfig and instances" +Parameters: + PrivateSubnet1Id: + Type: 'AWS::EC2::Subnet::Id' + PrivateSubnet2Id: + Type: 'AWS::EC2::Subnet::Id' + KeyPairName: + Type: AWS::EC2::KeyPair::KeyName + MinScalingNodes: + Type: Number + MaxScalingNodes: + Type: Number + DeploymentTag: + Type: String + ArtifactoryProduct: + Description: JFrog Artifactory product you want to install into an AMI. + AllowedValues: + - JFrog-Artifactory-Pro + - JFrog-Artifactory-Enterprise + - JFrog-Container-Registry + Default: JFrog-Artifactory-Enterprise + Type: String + QsS3BucketName: + Type: String + QsS3KeyPrefix: + Type: String + QsS3Uri: + Type: String + DatabaseDriver: + Type: String + DatabaseType: + Type: String + DatabaseUser: + Type: String + DatabasePassword: + Type: String + NoEcho: 'true' + MasterKey: + Type: String + NoEcho: 'true' + ExtraJavaOptions: + Type: String + SecurityGroups: + Type: String + XrayHostProfile: + Type: String + XrayHostRole: + Type: String + XrayInstanceType: + Type: String + JfrogInternalUrl: + Type: String + VolumeSize: + Type: Number + XrayDatabaseUser: + Type: String + XrayDatabasePassword: + Type: String + NoEcho: 'true' + XrayMasterDatabaseUrl: + Type: String + XrayDatabaseUrl: + Type: String + XrayVersion: + Type: String + UserDataDirectory: + Description: Directory to store Artifactory data. Can be used to store data (via symlink) in detachable volume + Type: String + Default: '/xray-user-data' + +# To populate additional mappings use the following with the desired --region +# aws --region us-west-2 ec2 describe-images --owners amazon --filters 'Name=name,Values=amzn-ami-hvm-2018.03.0.20181129-x86_64-gp2' 'Name=state,Values=available' --output json | jq -r '.Images | sort_by(.CreationDate) | last(.[]).ImageId' +Mappings: + AWSAMIRegionMap: + ap-northeast-1: + CentOS7HVM: "ami-00a5245b4816c38e6" + ap-northeast-2: + CentOS7HVM: "ami-00dc207f8ba6dc919" + ap-south-1: + CentOS7HVM: "ami-0ad42f4f66f6c1cc9" + ap-southeast-1: + CentOS7HVM: "ami-05b3bcf7f311194b3" + ap-southeast-2: + CentOS7HVM: "ami-02fd0b06f06d93dfc" + ca-central-1: + CentOS7HVM: "ami-07423fb63ea0a0930" + eu-central-1: + CentOS7HVM: "ami-0cfbf4f6db41068ac" + eu-west-1: + CentOS7HVM: "ami-08935252a36e25f85" + sa-east-1: + CentOS7HVM: "ami-05145e0b28ad8e0b2" + us-east-1: + CentOS7HVM: "ami-0affd4508a5d2481b" + us-east-2: + CentOS7HVM: "ami-01e36b7901e884a10" + us-west-1: + CentOS7HVM: "ami-098f55b4287a885ba" + us-west-2: + CentOS7HVM: "ami-0bc06212a56393ee1" + +Conditions: + IsArtifactoryPro: !Equals [!Ref ArtifactoryProduct, 'JFrog-Artifactory-Pro'] + +Resources: + XrayScalingGroup: + Type: AWS::AutoScaling::AutoScalingGroup + Properties: + LaunchConfigurationName: !Ref XrayLaunchConfiguration + VPCZoneIdentifier: + !If [IsArtifactoryPro, [!Ref PrivateSubnet1Id], [!Ref PrivateSubnet1Id, !Ref PrivateSubnet2Id]] + MinSize: !Ref MinScalingNodes + MaxSize: !Ref MaxScalingNodes + Cooldown: '300' + DesiredCapacity: !Ref MinScalingNodes + HealthCheckType: EC2 + HealthCheckGracePeriod: 1800 + Tags: + - Key: Name + Value: !Ref DeploymentTag + PropagateAtLaunch: true + - Key: XrayVersion + Value: !Ref XrayVersion + PropagateAtLaunch: true + TerminationPolicies: + - OldestInstance + - Default + CreationPolicy: + ResourceSignal: + Count: !Ref MinScalingNodes + Timeout: PT60M + XrayLaunchConfiguration: + Type: AWS::AutoScaling::LaunchConfiguration + Metadata: + AWS::CloudFormation::Authentication: + S3AccessCreds: + type: S3 + roleName: + - !Ref XrayHostRole + buckets: + - !Ref QsS3BucketName + AWS::CloudFormation::Init: + configSets: + xray_ami_setup: + - "config-cloudwatch" + - "config-ansible-xray-ami" + xray_install: + - "config-cloudwatch" + - "config-ansible-xray-ami" + - "config-xray" + - "secure-xray" + config-cloudwatch: + files: + /root/cloudwatch.conf: + content: | + [general] + state_file = /var/awslogs/state/agent-state + + [/var/log/messages] + file = /var/log/messages + log_group_name = /xray/instances/{instance_id} + log_stream_name = /var/log/messages/ + datetime_format = %b %d %H:%M:%S + + [/var/log/xray-ami-setup.log] + file = /var/log/messages + log_group_name = /xray/instances/{instance_id} + log_stream_name = /var/log/xray-ami-setup.log + datetime_format = %b %d %H:%M:%S + + [/var/log/xray.log] + file = /var/log/messages + log_group_name = /xray/instances/{instance_id} + log_stream_name = /var/log/xray.log + datetime_format = %b %d %H:%M:%S + mode: "0400" + config-ansible-xray-ami: + files: + /root/.xray_ami/xray-ami-setup.yml: + content: !Sub | + # Base install for Xray + - import_playbook: xray-ami.yml + vars: + ami_creation: false + db_type: postgresql + db_driver: org.postgresql.Driver + xray_version: ${XrayVersion} + xray_ha_enabled: false + mode: "0400" + config-xray: + files: + /root/.xray_ami/xray.yml: + content: !Sub | + # Base install for Xray + - import_playbook: site-xray.yml + vars: + jfrog_url: ${JfrogInternalUrl} + use_custom_data_directory: true + custom_data_directory: "${UserDataDirectory}" + master_key: ${MasterKey} + join_key: ${MasterKey} + extra_java_opts: ${ExtraJavaOptions} + db_type: ${DatabaseType} + db_driver: ${DatabaseDriver} + db_master_url: postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} + db_url: postgres://${XrayDatabaseUrl} + db_master_user: ${DatabaseUser} + db_user: ${XrayDatabaseUser} + db_password: ${XrayDatabasePassword} + xray_version: ${XrayVersion} + mode: "0400" + /root/.vault_pass.txt: + content: !Sub | + ${DatabasePassword} + mode: "0400" + /root/.secureit.sh: + content: + ansible-vault encrypt /root/.xray_ami/xray.yml --vault-id /root/.vault_pass.txt + mode: "0770" + secure-xray: + commands: + 'secure ansible playbook': + command: '/root/.secureit.sh' + ignoreErrors: 'false' + Properties: + KeyName: !Ref KeyPairName + IamInstanceProfile: !Ref XrayHostProfile + ImageId: !FindInMap + - AWSAMIRegionMap + - !Ref AWS::Region + - 'CentOS7HVM' + SecurityGroups: + - !Ref SecurityGroups + InstanceType: !Ref XrayInstanceType + BlockDeviceMappings: + - DeviceName: /dev/xvda + Ebs: + VolumeSize: !Ref VolumeSize + VolumeType: gp2 + DeleteOnTermination: true + Encrypted: true + UserData: + Fn::Base64: + !Sub | + #!/bin/bash -x + exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 + + #CFN Functions + + function cfn_fail + + { + + cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource XrayScalingGroup + + exit 1 + + } + + function cfn_success + + { + + cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource XrayScalingGroup + + exit 0 + + } + + S3URI=${QsS3Uri} + + yum update --security -y &> /var/log/userdata.yum_security_update.log + + yum install -y git python3 libselinux-python3 + yum install -y postgresql-server postgresql-devel + + echo $PATH + + PATH=/opt/aws/bin:$PATH + + echo $PATH + + # Create virtual env and activate + python3 -m venv ~/venv --system-site-packages + source ~/venv/bin/activate + + pip install --upgrade pip + pip install wheel + + # Install Cloudformation helper scripts + pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz 2>&1 | tee /var/log/userdata.aws_cfn_bootstrap_install.log + + pip install awscli &> /var/log/userdata.awscli_install.log + + pip install ansible &> /var/log/userdata.ansible_install.log + + mkdir ~/.xray_ami + + aws s3 --region ${AWS::Region} sync s3://${QsS3BucketName}/${QsS3KeyPrefix}cloudInstallerScripts/ ~/.xray_ami/ + + setsebool httpd_can_network_connect 1 -P + + # CentOS cloned virtual machines do not create a new machine id + # https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/ + rm -f /etc/machine-id + systemd-machine-id-setup + + cfn-init -v --stack ${AWS::StackName} --resource XrayLaunchConfiguration --configsets xray_install --region ${AWS::Region} || cfn_fail + + # Setup CloudWatch Agent + curl https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py -O + chmod +x ./awslogs-agent-setup.py + ./awslogs-agent-setup.py -n -r ${AWS::Region} -c /root/cloudwatch.conf + + lsblk # debug + + ansible-galaxy collection install community.general ansible.posix + + ansible-playbook /root/.xray_ami/xray-ami-setup.yml --vault-id /root/.vault_pass.txt 2>&1 | tee /var/log/xray-ami.log || cfn_fail + ansible-playbook /root/.xray_ami/xray.yml --vault-id /root/.vault_pass.txt 2>&1 | tee /var/log/xray.log || cfn_fail + + rm -rf /root/.secureit.sh + + cfn_success &> /var/log/cfn_success.log + cfn_success || cfn_fail diff --git a/Amazon/containers/Dockerfile b/Amazon/containers/Dockerfile index 0f05d7a..7d36b90 100755 --- a/Amazon/containers/Dockerfile +++ b/Amazon/containers/Dockerfile @@ -1,4 +1,4 @@ -ARG UPSTREAM_IMAGE=docker.bintray.io/jfrog/artifactory-jcr +ARG UPSTREAM_IMAGE=docker.bintray.io/jfrog/artifactory-pro ARG UPSTREAM_TAG FROM ${UPSTREAM_IMAGE}:${UPSTREAM_TAG} USER root diff --git a/Amazon/containers/buildAwsContainers.sh b/Amazon/containers/buildAwsContainers.sh index f2e0b3c..2248223 100755 --- a/Amazon/containers/buildAwsContainers.sh +++ b/Amazon/containers/buildAwsContainers.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash VERSION=$1 -EDITIONS=( artifactory-pro artifactory-jcr ) +EDITIONS=( artifactory-pro) #for loop start: editoins for EDITION in "${EDITIONS[@]}" @@ -26,30 +26,16 @@ do perl -pe 's/^addExtraJavaArgs$/`cat extra_conf`/ge' original-entrypoint.sh > entrypoint-artifactory.sh #Create installer-info file - if [ "$EDITION" == "artifactory-pro" ] - then - cat < installer-info.json - { - "productId": "container_artifactory-ha/$VERSION", - "features": [ - { - "featureId": "Partner/ACC-006973" - } - ] - } + cat < installer-info.json + { + "productId": "container_artifactory-ha/$VERSION", + "features": [ + { + "featureId": "Partner/ACC-006973" + } + ] + } EOF - else - cat < installer-info.json - { - "productId": "container_artifactory-jcr/$VERSION", - "features": [ - { - "featureId": "Partner/ACC-006973" - } - ] - } -EOF - fi cat installer-info.json # Create the new docker image diff --git a/Amazon/marketplace-jfrog-artifactory/v7186/templates/jfrog-artifactory-core-infrastructure.template.yaml b/Amazon/marketplace-jfrog-artifactory/v7186/templates/jfrog-artifactory-core-infrastructure.template.yaml new file mode 100644 index 0000000..90f0ea8 --- /dev/null +++ b/Amazon/marketplace-jfrog-artifactory/v7186/templates/jfrog-artifactory-core-infrastructure.template.yaml @@ -0,0 +1,360 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: 'JFrog Artifactory Quick Start Deployment (qs-1qpmmjh61)' +Parameters: + AvailabilityZones: + Description: List of Availability Zones to use for the subnets in the VPC. Two + Availability Zones are used for this deployment. + Type: List + VpcId: + Type: AWS::EC2::VPC::Id + VpcCidr: + Description: CIDR block for the VPC + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/16 + Type: String + PrivateSubnet1Cidr: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/19 + Type: String + PrivateSubnet2Cidr: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.32.0/19 + Type: String + PrivateSubnet3Cidr: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.64.0/19 + Type: String + SubnetIds: + Type: List + DatabaseAllocatedStorage: + Type: Number + MultiAzDatabase: + Description: Choose false to create an Amazon RDS instance in a single Availability Zone. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Type: String + DatabaseUser: + Type: String + DatabasePassword: + NoEcho: 'true' + Type: String + DatabaseInstance: + Type: String + DatabaseName: + Type: String + ArtifactoryProduct: + Default: JFrog-Artifactory-Pro + Type: String + ReleaseStage: + Default: GA + Type: String + InstanceType: + Default: m5.xlarge + Type: String + ArtifactoryHostRole: + Type: String + VolumeSize: + Type: Number + +Mappings: + ReleaseStageMap: + BETA: + ProDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/artifactory-pro" + JcrDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/artifactory-jcr" + NginxDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/nginx-artifactory-pro" + GA: + ProDockerRepo: "docker.bintray.io/jfrog/artifactory-pro" + JcrDockerRepo: "docker.bintray.io/jfrog/artifactory-jcr" + NginxDockerRepo: "docker.bintray.io/jfrog/nginx-artifactory-pro" + ProductMap: + JFrog-Container-Registry: + RepoName: JcrDockerRepo + JFrog-Artifactory-Pro: + RepoName: ProDockerRepo + JavaOptionstoInstance: + m5.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5.8xlarge: + Min: 64 + Max: 96 + DeploymentSize: Large + m5.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5.16xlarge: + Min: 128 + Max: 192 + DeploymentSize: xxLarge + m5.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5.metal: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5d.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5d.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5d.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5d.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5d.8xlarge: + Min: 64 + Max: 96 + DeploymentSize: Large + m5d.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5d.16xlarge: + Min: 128 + Max: 192 + DeploymentSize: xxLarge + m5d.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5d.metal: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5a.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5a.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5a.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5a.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5a.8xlarge: + Min: 64 + Max: 96 + DeploymentSize: Large + m5a.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5a.16xlarge: + Min: 128 + Max: 192 + DeploymentSize: xxLarge + m5a.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + m5ad.large: + Min: 4 + Max: 4 + DeploymentSize: xxSmall + m5ad.xlarge: + Min: 8 + Max: 12 + DeploymentSize: xSmall + m5ad.2xlarge: + Min: 16 + Max: 24 + DeploymentSize: Small + m5ad.4xlarge: + Min: 32 + Max: 48 + DeploymentSize: Medium + m5ad.12xlarge: + Min: 96 + Max: 144 + DeploymentSize: xLarge + m5ad.24xlarge: + Min: 192 + Max: 288 + DeploymentSize: xxxLarge + +Resources: + ArtifactoryDatabaseSubnetGroup: + Type: AWS::RDS::DBSubnetGroup + Properties: + DBSubnetGroupDescription: Private Subnets available to the RDS Instance(s) + SubnetIds: !Ref SubnetIds + ArtifactoryDatabase: + Type: AWS::RDS::DBInstance + Properties: + AllocatedStorage: !Ref DatabaseAllocatedStorage + MultiAZ: !Ref MultiAzDatabase + Engine: Postgres + EngineVersion: "11.5" + MasterUsername: !Ref DatabaseUser + MasterUserPassword: !Ref DatabasePassword + DBInstanceClass: !Ref DatabaseInstance + DBName: !Ref DatabaseName + DBSubnetGroupName: !Ref ArtifactoryDatabaseSubnetGroup + StorageEncrypted: true + VPCSecurityGroups: + - !Ref ArtifactoryDatabaseSG + ArtifactoryDatabaseSG: + Type: AWS::EC2::SecurityGroup + Properties: + Tags: + - Key: Name + Value: artifactory-rds-sg + GroupDescription: SG for RDS Instance to allow communication from the Bastion and Artifactory servers. + VpcId: !Ref VpcId + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 5432 + ToPort: 5432 + CidrIp: !Ref PrivateSubnet1Cidr + - IpProtocol: tcp + FromPort: 5432 + ToPort: 5432 + CidrIp: !Ref PrivateSubnet2Cidr + - IpProtocol: tcp + FromPort: 5432 + ToPort: 5432 + CidrIp: !Ref PrivateSubnet3Cidr + SecurityGroupEgress: + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 80 + ToPort: 80 + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 443 + ToPort: 443 + CidrIp: 0.0.0.0/0 + ArtifactoryS3Bucket: + Type: AWS::S3::Bucket + Properties: + AccessControl: Private + BucketEncryption: + ServerSideEncryptionConfiguration: + - ServerSideEncryptionByDefault: + SSEAlgorithm: AES256 + ArtifactoryS3IAMPolicy: + Type: AWS::IAM::Policy + Properties: + PolicyName: S3BucketPermissions + PolicyDocument: + Version: 2012-10-17 + Statement: + - Sid: S3BucketPermissions + Effect: Allow + Action: + - s3:* + Resource: + - Fn::Join: + - '' + - - !Sub "arn:${AWS::Partition}:s3:::" + - !Ref ArtifactoryS3Bucket + - Fn::Join: + - '' + - - !Sub "arn:${AWS::Partition}:s3:::" + - !Ref ArtifactoryS3Bucket + - "/*" + Roles: + - !Ref ArtifactoryHostRole + ArtifactoryEbsVolume: + Type: AWS::EC2::Volume + Properties: + AvailabilityZone: + !Select + - '0' + - !Ref AvailabilityZones + Encrypted: false + Size: !Ref VolumeSize + Tags: + - Key: Name + Value: !Sub "Artifactory-${AWS::StackName}" + VolumeType: gp2 + DeletionPolicy: Snapshot + UpdateReplacePolicy: Snapshot + +Outputs: + S3Bucket: + Value: !Ref ArtifactoryS3Bucket + Description: Actual S3 bucket created for Artifactory + DatabaseDriver: + Value: "org.postgresql.Driver" + DatabasePlugin: + Value: postgresql-42.2.9.jar + DatabasePluginUrl: + Value: https://jdbc.postgresql.org/download/postgresql-42.2.9.jar" + DatabaseType: + Value: postgresql + DatabaseUrl: + Value: !Sub + - "jdbc:postgresql://${ArtifactoryDatabaseEndpointAddress}:5432/${DatabaseName}" + - ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address + XrayMasterDatabaseUrl: + Value: !Sub + - "${ArtifactoryDatabaseEndpointAddress}:5432/${DatabaseName}?sslmode=disable" + - ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address + XrayDatabaseUrl: + Value: !Sub + - "${ArtifactoryDatabaseEndpointAddress}:5432/xraydb?sslmode=disable" + - ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address + ProDockerRepo: + Value: !FindInMap + - ReleaseStageMap + - !Ref ReleaseStage + - !FindInMap + - ProductMap + - !Ref ArtifactoryProduct + - RepoName + NginxDockerRepo: + Value: !FindInMap [ReleaseStageMap, !Ref ReleaseStage, NginxDockerRepo] + JavaOpts: + Value: !Sub + - "-Xms${min}g -Xmx${max}g" + - { + min: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, Min], + max: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, Max] + } + DeploymentSize: + Value: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, DeploymentSize] + ArtifactoryEbsVolume: + Value: !Ref ArtifactoryEbsVolume diff --git a/Amazon/marketplace-jfrog-artifactory/v7186/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml b/Amazon/marketplace-jfrog-artifactory/v7186/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml new file mode 100644 index 0000000..6e80ab7 --- /dev/null +++ b/Amazon/marketplace-jfrog-artifactory/v7186/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml @@ -0,0 +1,802 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: 'JFrog Artifactory Quick Start Deployment into an Existing VPC (qs-1q037efj0)' +Metadata: + QuickStartDocumentation: + EntrypointName: "Launch into an existing VPC" + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: Security configuration + Parameters: + - KeyPairName + - AccessCidr + - Label: + default: Network configuration + Parameters: + - AvailabilityZones + - VpcId + - VpcCidr + - PublicSubnet1Id + - PublicSubnet2Id + - PrivateSubnet1Id + - PrivateSubnet2Id + - PrivateSubnet1Cidr + - PrivateSubnet2Cidr + - ELBScheme + - Label: + default: Amazon EC2 configuration + Parameters: + - VolumeSize + - InstanceType + - Label: + default: JFrog Artifactory configuration + Parameters: + - NumberOfSecondary + - SmLicenseName + - SmCertName + - ArtifactoryServerName + - MasterKey + - ExtraJavaOptions + - DefaultJavaMemSettings + - Label: + default: Amazon RDS configuration + Parameters: + - DatabaseName + - DatabaseUser + - DatabasePassword + - DatabaseInstance + - DatabaseAllocatedStorage + - MultiAzDatabase + - Label: + default: JFrog Xray Configuration + Parameters: + - InstallXray + - XrayNumberOfInstances + - XrayInstanceType + - XrayDatabaseUser + - XrayDatabasePassword + ParameterLabels: + AvailabilityZones: + default: Availability Zones + KeyPairName: + default: SSH key name + VpcId: + default: VPC ID + VpcCidr: + default: VPC CIDR + PublicSubnet1Id: + default: Public subnet 1 ID + PublicSubnet2Id: + default: Public subnet 2 ID + PrivateSubnet1Id: + default: Private subnet 1 ID + PrivateSubnet2Id: + default: Private subnet 2 ID + PrivateSubnet1Cidr: + default: Private subnet 1 CIDR + PrivateSubnet2Cidr: + default: Private subnet 2 CIDR + AccessCidr: + default: Permitted IP range + ELBScheme: + default: Elastic Load Balancing scheme + VolumeSize: + default: EBS root volume size + InstanceType: + default: EC2 instance type + NumberOfSecondary: + default: Secondary instances + SmLicenseName: + default: Artifactory licenses secret name + SmCertName: + default: Artifactory certificate secret name + ArtifactoryServerName: + default: Artifactory server name + MasterKey: + default: Master server key + ExtraJavaOptions: + default: Extra Java options + DefaultJavaMemSettings: + default: Default Java memory settings + DatabaseName: + default: Database name + DatabaseUser: + default: Database user + DatabasePassword: + default: Database password + DatabaseInstance: + default: Database instance type + DatabaseAllocatedStorage: + default: Database allocated storage + MultiAzDatabase: + default: High-availability database + InstallXray: + default: Install JFrog Xray + XrayNumberOfInstances: + default: Number of JFrog Xray instances + XrayInstanceType: + default: Xray instance type + XrayDatabaseUser: + default: Xray Database user + XrayDatabasePassword: + default: Xray Database password +Parameters: + AvailabilityZones: + Description: List of Availability Zones to use for the subnets in the VPC. Two + Availability Zones are used for this deployment. + Type: List + KeyPairName: + Description: Name of an existing key pair, + which allows you to connect securely to your instance after it launches. + This is the key pair you created in your preferred Region. + Type: AWS::EC2::KeyPair::KeyName + VpcId: + Description: ID of your existing VPC (e.g., vpc-0343606e). + Type: "AWS::EC2::VPC::Id" + VpcCidr: + Description: CIDR block for the VPC. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/16 + Type: String + PublicSubnet1Id: + Description: ID of the public subnet in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab). + Type: "AWS::EC2::Subnet::Id" + PublicSubnet2Id: + Description: ID of the public subnet in Availability Zone 2 of your existing VPC (e.g., subnet-a29c3d84). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet1Id: + Description: ID of the private subnet in Availability Zone 1 of your existing VPC (e.g., subnet-a0246dcd). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet2Id: + Description: ID of the private subnet in Availability Zone 2 of your existing VPC (e.g., subnet-b58c3d67). + Type: "AWS::EC2::Subnet::Id" + PrivateSubnet1Cidr: + Description: CIDR of the private subnet in Availability Zone 1 of your existing VPC (e.g., 10.0.0.0/19). + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.0.0/19 + Type: String + PrivateSubnet2Cidr: + Description: CIDR of the private subnet in Availability Zone 2 of your existing VPC (e.g., 10.0.32.0/19). + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 + Default: 10.0.32.0/19 + Type: String + AccessCidr: + Description: CIDR IP range that is permitted to access Artifactory. + We recommend that you set this value to a trusted IP range. + For example, you might want to grant only your corporate network access to the software. + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ + Type: String + ELBScheme: + Description: Choose whether this is internet facing or internal. + AllowedValues: + - internal + - internet-facing + Default: internet-facing + Type: String + VolumeSize: + Description: Size in gigabytes of the available storage (min 10GB); the Quick Start will create an + Amazon Elastic Block Store (Amazon EBS) volumes of this size. + Default: 200 + Type: Number + InstanceType: + Description: EC2 type for the Artifactory instances. + AllowedValues: + - m5.large + - m5.xlarge + - m5.2xlarge + - m5.4xlarge + - m5.8xlarge + - m5.12xlarge + - m5.16xlarge + - m5.24xlarge + - m5.metal + - m5d.large + - m5d.xlarge + - m5d.2xlarge + - m5d.4xlarge + - m5d.8xlarge + - m5d.12xlarge + - m5d.16xlarge + - m5d.24xlarge + - m5d.metal + - m5a.large + - m5a.xlarge + - m5a.2xlarge + - m5a.4xlarge + - m5a.8xlarge + - m5a.12xlarge + - m5a.16xlarge + - m5a.24xlarge + ConstraintDescription: Must contain valid instance type. + Default: m5.xlarge + Type: String + NumberOfSecondary: + Description: Number of secondary Artifactory servers to complete your + HA deployment. To align with Artifactory best practices, the minimum number + is two and the maximum is seven. Do not select more instances than you + have licenses for. + AllowedValues: + - 0 + - 1 + - 2 + - 3 + - 4 + - 5 + - 6 + - 7 + Default: 2 + Type: Number + SmLicenseName: + Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses. + Default: '' + Type: String + SmCertName: + Description: Secret name created in AWS Secrets Manager, which contains the SSL certificate and certificate key. + Default: '' + Type: String + ArtifactoryServerName: + Description: Name of your Artifactory server. Ensure that this matches your certificate. + Type: String + MasterKey: + Description: Master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'. + AllowedPattern: ^[a-zA-Z0-9]+$ + MinLength: '1' + MaxLength: '64' + ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters. + NoEcho: 'true' + Type: String + ExtraJavaOptions: + Description: Set Java options to pass to the JVM for Artifactory. For more information, see the Artifactory + system requirements at https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware. + Do not add Xms or Xmx settings without disabling DefaultJavaMemSettings. + Default: -Xss256k -XX:+UseG1GC + Type: String + DefaultJavaMemSettings: + Description: Choose false to overwrite the standard memory-calculation options to pass to the Artifactory JVM. + If you plan to overwrite them, ensure they are added to the ExtraJavaOptions to prevent the stack provision from failing. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + DatabaseName: + Description: Name of your database instance. The name must be unique across all instances + owned by your AWS account in the current Region. The database instance identifier is case-insensitive, + but it's stored in lowercase (as in "mydbinstance"). + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + MinLength: '1' + MaxLength: '60' + ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter. + Default: artdb + Type: String + DatabaseUser: + Description: Login ID for the master user of your database instance. + MinLength: '1' + MaxLength: '16' + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter. + Default: artifactory + Type: String + DatabasePassword: + Description: Password for the Artifactory database user. + AllowedPattern: ^[^ \\']+$ + MinLength: '8' + MaxLength: '12' + ConstraintDescription: Must be at least 8 and no more than + 12 characters containing letters and (minimum 1 capital letter), numbers and + symbols. + NoEcho: 'true' + Type: String + DatabaseInstance: + Description: Size of the database to be deployed as part of the Quick Start. + AllowedValues: + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.10xlarge + - db.m5.16xlarge + - db.m5.large + - db.m5.xlarge + - db.m5.2xlarge + - db.m5.4xlarge + - db.m5.12xlarge + - db.m5.24xlarge + ConstraintDescription: Must be a valid database Instance Type. + Default: db.m5.large + Type: String + DatabaseAllocatedStorage: + Description: Size in gigabytes of the available storage for the database instance. + MinValue: 5 + MaxValue: 1024 + Default: 10 + Type: Number + MultiAzDatabase: + Description: Choose false to create an Amazon RDS instance in a single Availability Zone. + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + InstallXray: + Description: Choose true to install JFrog Xray instance(s). + ConstraintDescription: True or False + AllowedValues: + - "true" + - "false" + Default: "true" + Type: String + XrayNumberOfInstances: + Description: The number of Xray instances servers to complete your + HA deployment. The minimum number is one; the maximum is seven. + Do not select more than instances than you have licenses for. + MinValue: 1 + MaxValue: 7 + Default: 1 + Type: Number + XrayInstanceType: + Description: The EC2 instance type for the Xray instances. + AllowedValues: + - c5.2xlarge + - c5.4xlarge + ConstraintDescription: Must contain valid instance type. + Default: c5.2xlarge + Type: String + XrayDatabaseUser: + Description: The login ID for the Xray database user. + MinLength: '1' + MaxLength: '16' + AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ + ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter. + Default: xray + Type: String + XrayDatabasePassword: + Description: The password for the Xray database user. + AllowedPattern: ^[^ \\']+$ + MinLength: '8' + MaxLength: '12' + ConstraintDescription: Must be at least 8 and no more than + 12 characters containing letters and (minimum 1 capital letter), numbers and + symbols. + NoEcho: 'true' + Type: String + +Conditions: + HasSecondaryNodes: !Not [!Equals [!Ref NumberOfSecondary, '0']] + DefaultJava: !Equals [!Ref DefaultJavaMemSettings, "true"] + EnableXray: !Equals [!Ref InstallXray, 'true'] + SmCertNameExists: !Not [!Equals [!Ref 'SmCertName', '']] + +Resources: + ArtifactoryCoreInfraStack: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: https://jfrog-marketplace-test-us-east-1.s3.amazonaws.com/marketplace-jfrog-artifactory/v7186/templates/jfrog-artifactory-core-infrastructure.template.yaml + Parameters: + AvailabilityZones: + Fn::Join: + - ',' + - Ref: AvailabilityZones + VpcId: !Ref VpcId + VpcCidr: !Ref VpcCidr + PrivateSubnet1Cidr: !Ref PrivateSubnet1Cidr + PrivateSubnet2Cidr: !Ref PrivateSubnet2Cidr + PrivateSubnet3Cidr: !Ref PrivateSubnet2Cidr # This should end up in no new rule but required for EKS + SubnetIds: !Join [",", [!Ref PrivateSubnet1Id, !Ref PrivateSubnet2Id]] + DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage + MultiAzDatabase: !Ref MultiAzDatabase + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + DatabaseInstance: !Ref DatabaseInstance + DatabaseName: !Ref DatabaseName + InstanceType: !Ref InstanceType + ArtifactoryHostRole: !Ref ArtifactoryHostRole + VolumeSize: !Ref VolumeSize + ArtifactoryElb: + Type: AWS::ElasticLoadBalancingV2::LoadBalancer + Properties: + IpAddressType: ipv4 + Scheme: !Ref ELBScheme + Subnets: + - !Ref PublicSubnet1Id + - !Ref PublicSubnet2Id + Type: network + ArtifactorySslTargetGroup: + Type: AWS::ElasticLoadBalancingV2::TargetGroup + Properties: + HealthCheckEnabled: True + HealthCheckIntervalSeconds: 30 + HealthCheckProtocol: TCP + HealthCheckTimeoutSeconds: 10 + HealthyThresholdCount: 3 + HealthCheckPort: "8082" + Port: 443 + Protocol: TCP + TargetType: instance + UnhealthyThresholdCount: 3 + VpcId: !Ref VpcId + ArtifactoryTargetGroup: + Type: AWS::ElasticLoadBalancingV2::TargetGroup + Properties: + HealthCheckEnabled: True + HealthCheckIntervalSeconds: 30 + HealthCheckProtocol: TCP + HealthCheckTimeoutSeconds: 10 + HealthyThresholdCount: 3 + HealthCheckPort: "8082" + Port: 80 + Protocol: TCP + TargetType: instance + UnhealthyThresholdCount: 3 + VpcId: !Ref VpcId + ArtifactorySslElbListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Properties: + DefaultActions: + - TargetGroupArn: !Ref ArtifactorySslTargetGroup + Type: forward + LoadBalancerArn: !Ref ArtifactoryElb + Port: 443 + Protocol: TCP + ArtifactoryElbListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Properties: + DefaultActions: + - TargetGroupArn: !Ref ArtifactoryTargetGroup + Type: forward + LoadBalancerArn: !Ref ArtifactoryElb + Port: 80 + Protocol: TCP + ArtifactoryInternalElb: + Type: AWS::ElasticLoadBalancingV2::LoadBalancer + Properties: + IpAddressType: ipv4 + Scheme: internal + Subnets: + - !Ref PrivateSubnet1Id + - !Ref PrivateSubnet2Id + Type: network + ArtifactoryInternalTargetGroup: + Type: AWS::ElasticLoadBalancingV2::TargetGroup + Properties: + HealthCheckEnabled: True + HealthCheckIntervalSeconds: 30 + HealthCheckProtocol: TCP + HealthCheckTimeoutSeconds: 10 + HealthyThresholdCount: 3 + HealthCheckPort: "8082" + Port: 80 + Protocol: TCP + TargetType: instance + UnhealthyThresholdCount: 3 + VpcId: !Ref VpcId + ArtifactoryInternalElbListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Properties: + DefaultActions: + - TargetGroupArn: !Ref ArtifactoryInternalTargetGroup + Type: forward + LoadBalancerArn: !Ref ArtifactoryInternalElb + Port: 80 + Protocol: TCP + ArtifactoryEc2Sg: + Type: AWS::EC2::SecurityGroup + Properties: + Tags: + - Key: Name + Value: "JFrog-Artifactory-Pro-ec2-instances-sg" + GroupDescription: SG for EC2 instances + VpcId: !Ref VpcId + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 80 + ToPort: 80 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 80 + ToPort: 80 + CidrIp: !Ref AccessCidr + - IpProtocol: tcp + FromPort: 443 + ToPort: 443 + CidrIp: !Ref AccessCidr + - IpProtocol: tcp + FromPort: 443 + ToPort: 443 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 8081 + ToPort: 8082 + CidrIp: !Ref VpcCidr + - IpProtocol: tcp + FromPort: 8046 + ToPort: 8046 + CidrIp: !Ref VpcCidr + SecurityGroupEgress: + - IpProtocol: "-1" + CidrIp: 0.0.0.0/0 + ArtifactoryHostRole: + Type: 'AWS::IAM::Role' + Properties: + Path: / + AssumeRolePolicyDocument: + Statement: + - Action: + - 'sts:AssumeRole' + Principal: + Service: + - ec2.amazonaws.com + Effect: Allow + Version: 2012-10-17 + ManagedPolicyArns: + - !Sub 'arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonEC2RoleforSSM' + Policies: + - PolicyName: "JFrogAMI-policy" + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: "Allow" + Action: "ec2:Describe*" + Resource: "*" + - Effect: "Allow" + Action: "ec2:AttachVolume" + Resource: "*" + - Effect: "Allow" + Action: "ec2:DetachVolume" + Resource: "*" + - Effect: "Allow" + Action: + - "s3:GetObject" + - "s3:ListObject" + - "s3:ListBucket" + Resource: "*" + - PolicyName: 'CloudWatch-policy' + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: "Allow" + Action: + - "logs:CreateLogGroup" + - "logs:CreateLogStream" + - "logs:PutLogEvents" + - "logs:DescribeLogStreams" + Resource: !Sub "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:*:*" + - PolicyName: 'SecretsManager-policy' + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: "Allow" + Action: + - "secretsmanager:GetSecretValue" + Resource: !Sub "arn:${AWS::Partition}:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:*" + ArtifactoryHostProfile: + Type: AWS::IAM::InstanceProfile + Properties: + Roles: + - !Ref ArtifactoryHostRole + Path: / + ArtifactoryPrimary: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: https://jfrog-marketplace-test-us-east-1.s3.amazonaws.com/marketplace-jfrog-artifactory/v7186/templates/jfrog-artifactory-ec2-instance.template.yaml + Parameters: + PrivateSubnetIds: !Join [',', [!Ref PrivateSubnet1Id]] + MinScalingNodes: '1' # Always have 1 Primary Node + MaxScalingNodes: '1' # Always have 1 Primary Node + DeploymentTag: "ArtifactoryPrimary" + HostRole: !Ref ArtifactoryHostRole + ArtifactoryProduct: "JFrog-Artifactory-Pro" + ArtifactoryLicensesSecretName: !Ref SmLicenseName + ArtifactoryServerName: !Ref ArtifactoryServerName + EnableSSL: !If [SmCertNameExists, true, false] + Certificate: !If [SmCertNameExists, !Sub '{{resolve:secretsmanager:${SmCertName}:SecretString:Certificate}}', ''] + CertificateKey: !If [SmCertNameExists, !Sub '{{resolve:secretsmanager:${SmCertName}:SecretString:CertificateKey}}', ''] + CertificateDomain: !If [SmCertNameExists, !Sub '{{resolve:secretsmanager:${SmCertName}:SecretString:CertificateDomain}}', ''] + ArtifactoryS3Bucket: !GetAtt ArtifactoryCoreInfraStack.Outputs.S3Bucket + DatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl + DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + DatabasePlugin: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePlugin + DatabasePluginUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePluginUrl + DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + ArtifactoryPrimary: true + MasterKey: !Ref MasterKey + ExtraJavaOptions: !If [DefaultJava, !Sub "${ArtifactoryCoreInfraStack.Outputs.JavaOpts} ${ExtraJavaOptions}", !Ref ExtraJavaOptions] + AmiId: "7186" + ArtifactoryVersion: "7.18.6" + KeyPairName: !Ref KeyPairName + HostProfile: !Ref ArtifactoryHostProfile + SecurityGroups: !Ref ArtifactoryEc2Sg + InstanceType: !Ref InstanceType + PrimaryVolume: !GetAtt ArtifactoryCoreInfraStack.Outputs.ArtifactoryEbsVolume + VolumeSize: !Ref VolumeSize + TargetGroupARN: !Ref ArtifactoryTargetGroup + SSLTargetGroupARN: !Ref ArtifactorySslTargetGroup + InternalTargetGroupARN: !Ref ArtifactoryInternalTargetGroup + + ArtifactorySecondary: + Condition: HasSecondaryNodes + DependsOn: ArtifactoryPrimary + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: https://jfrog-marketplace-test-us-east-1.s3.amazonaws.com/marketplace-jfrog-artifactory/v7186/templates/jfrog-artifactory-ec2-instance.template.yaml + Parameters: + PrivateSubnetIds: !Join [',', [!Ref PrivateSubnet1Id, !Ref PrivateSubnet2Id]] + MinScalingNodes: !Ref NumberOfSecondary + MaxScalingNodes: !Ref NumberOfSecondary + DeploymentTag: ArtifactorySecondary + HostRole: !Ref ArtifactoryHostRole + ArtifactoryProduct: "JFrog-Artifactory-Pro" + ArtifactoryLicensesSecretName: !Ref SmLicenseName + ArtifactoryServerName: !Ref ArtifactoryServerName + EnableSSL: !If [SmCertNameExists, true, false] + Certificate: !If [SmCertNameExists, !Sub '{{resolve:secretsmanager:${SmCertName}:SecretString:Certificate}}', ''] + CertificateKey: !If [SmCertNameExists, !Sub '{{resolve:secretsmanager:${SmCertName}:SecretString:CertificateKey}}', ''] + CertificateDomain: !If [SmCertNameExists, !Sub '{{resolve:secretsmanager:${SmCertName}:SecretString:CertificateDomain}}', ''] + ArtifactoryS3Bucket: !GetAtt ArtifactoryCoreInfraStack.Outputs.S3Bucket + DatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl + DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + DatabasePlugin: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePlugin + DatabasePluginUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabasePluginUrl + DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + ArtifactoryPrimary: false + MasterKey: !Ref MasterKey + ExtraJavaOptions: !If [DefaultJava, !Sub "${ArtifactoryCoreInfraStack.Outputs.JavaOpts} ${ExtraJavaOptions}", !Ref ExtraJavaOptions] + AmiId: "7186" + ArtifactoryVersion: "7.18.6" + KeyPairName: !Ref KeyPairName + HostProfile: !Ref ArtifactoryHostProfile + SecurityGroups: !Ref ArtifactoryEc2Sg + InstanceType: !Ref InstanceType + PrimaryVolume: !GetAtt ArtifactoryCoreInfraStack.Outputs.ArtifactoryEbsVolume + VolumeSize: !Ref VolumeSize + TargetGroupARN: !Ref ArtifactoryTargetGroup + SSLTargetGroupARN: !Ref ArtifactorySslTargetGroup + InternalTargetGroupARN: !Ref ArtifactoryInternalTargetGroup + XrayHostRole: + Condition: EnableXray + Type: AWS::IAM::Role + Properties: + Path: / + AssumeRolePolicyDocument: + Statement: + - Action: + - 'sts:AssumeRole' + Principal: + Service: + - ec2.amazonaws.com + Effect: Allow + Version: 2012-10-17 + ManagedPolicyArns: + - !Sub 'arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonEC2RoleforSSM' + Policies: + - PolicyName: "JFrogAMI-policy" + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: "Allow" + Action: "ec2:Describe*" + Resource: "*" + - Effect: "Allow" + Action: "ec2:AttachVolume" + Resource: "*" + - Effect: "Allow" + Action: "ec2:DetachVolume" + Resource: "*" + - Effect: "Allow" + Action: + - "s3:GetObject" + - "s3:ListObject" + - "s3:ListBucket" + Resource: "*" + - PolicyName: 'CloudWatch-policy' + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: "Allow" + Action: + - "logs:CreateLogGroup" + - "logs:CreateLogStream" + - "logs:PutLogEvents" + - "logs:DescribeLogStreams" + Resource: !Sub "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:*:*" + XrayHostProfile: + Condition: EnableXray + Type: 'AWS::IAM::InstanceProfile' + Properties: + Roles: + - !Ref XrayHostRole + Path: / + XrayExistingVpcStack: + Condition: EnableXray + DependsOn: ArtifactoryPrimary + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: https://jfrog-marketplace-test-us-east-1.s3.amazonaws.com/marketplace-jfrog-artifactory/v7186/templates/jfrog-xray-ec2-instance.template.yaml + Parameters: + PrivateSubnet1Id: !Ref PrivateSubnet1Id + PrivateSubnet2Id: !Ref PrivateSubnet2Id + KeyPairName: !Ref KeyPairName + MinScalingNodes: !Ref XrayNumberOfInstances + MaxScalingNodes: !Ref XrayNumberOfInstances + DeploymentTag: 'xray' + DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + DatabaseUser: !Ref DatabaseUser + DatabasePassword: !Ref DatabasePassword + MasterKey: !Ref MasterKey + SecurityGroups: !Ref ArtifactoryEc2Sg + VolumeSize: !Ref VolumeSize + ExtraJavaOptions: !GetAtt ArtifactoryCoreInfraStack.Outputs.JavaOpts + XrayInstanceType: !Ref XrayInstanceType + JfrogInternalUrl: !Sub "http://${ArtifactoryInternalElb.DNSName}" + XrayDatabaseUser: !Ref XrayDatabaseUser + XrayDatabasePassword: !Ref XrayDatabasePassword + XrayMasterDatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayMasterDatabaseUrl + XrayDatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayDatabaseUrl + XrayVersion: "3.24.2" + XrayAmiId: "3242" + XrayHostRole: !Ref XrayHostRole + XrayHostProfile: !Ref XrayHostProfile +Outputs: + ArtifactoryUrl: + Description: URL of the ELB to access Artifactory + Value: !If [SmCertNameExists, !Sub "https://${ArtifactoryElb.DNSName}", !Sub "http://${ArtifactoryElb.DNSName}"] + Export: + Name: !Sub '${AWS::StackName}-ArtifactoryUrl' + ArtifactoryInternalUrl: + Description: URL of the internal ELB to access Artifactory + Value: !Sub "http://${ArtifactoryInternalElb.DNSName}" + Export: + Name: !Sub '${AWS::StackName}-ArtifactoryInternalUrl' + DatabaseType: + Description: Type of database + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType + Export: + Name: !Sub '${AWS::StackName}-DatabaseType' + DatabaseDriver: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver + Export: + Name: !Sub '${AWS::StackName}-DatabaseDriver' + DatabaseUrl: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl + Export: + Name: !Sub '${AWS::StackName}-DatabaseUrl' + ArtifactoryTargetGroup: + Description: Artifactory target group + Value: !Ref ArtifactoryTargetGroup + Export: + Name: !Sub '${AWS::StackName}-ArtifactoryTargetGroup' + ArtifactorySslTargetGroup: + Description: Artifactory SSL target group + Value: !Ref ArtifactorySslTargetGroup + Export: + Name: !Sub '${AWS::StackName}-ArtifactorySslTargetGroup' + ArtifactoryEc2Sg: + Description: Artifactory EC2 sercurity group + Value: !Ref ArtifactoryEc2Sg + Export: + Name: !Sub '${AWS::StackName}-ArtifactoryEc2Sg' + XrayMasterDatabaseUrl: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayMasterDatabaseUrl + Export: + Name: !Sub '${AWS::StackName}-XrayMasterDatabaseUrl' + XrayDatabaseUrl: + Description: Database driver + Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayDatabaseUrl + Export: + Name: !Sub '${AWS::StackName}-XrayDatabaseUrl' diff --git a/Amazon/marketplace-jfrog-artifactory/v7186/templates/jfrog-artifactory-ec2-instance.template.yaml b/Amazon/marketplace-jfrog-artifactory/v7186/templates/jfrog-artifactory-ec2-instance.template.yaml new file mode 100644 index 0000000..ce29cb6 --- /dev/null +++ b/Amazon/marketplace-jfrog-artifactory/v7186/templates/jfrog-artifactory-ec2-instance.template.yaml @@ -0,0 +1,367 @@ +AWSTemplateFormatVersion: "2010-09-09" +Description: "Deploys the EC2 Autoscaling, LaunchConfig and Instance for Artifactory (qs-1qpmmjh5o)" +Parameters: + PrivateSubnetIds: + Type: List + MinScalingNodes: + Type: Number + MaxScalingNodes: + Type: Number + DeploymentTag: + Type: String + HostRole: + Type: String + AmiId: + Type: String + ArtifactoryProduct: + Type: String + ArtifactoryLicensesSecretName: + Type: String + ArtifactoryServerName: + Type: String + Certificate: + Type: String + CertificateKey: + Type: String + NoEcho: 'true' + CertificateDomain: + Type: String + EnableSSL: + Type: String + ArtifactoryS3Bucket: + Type: String + DatabaseUrl: + Type: String + DatabaseDriver: + Type: String + DatabasePluginUrl: + Type: String + DatabasePlugin: + Type: String + DatabaseType: + Type: String + DatabaseUser: + Type: String + DatabasePassword: + Type: String + NoEcho: 'true' + ArtifactoryPrimary: + Type: String + MasterKey: + Type: String + NoEcho: 'true' + ExtraJavaOptions: + Type: String + ArtifactoryVersion: + Type: String + KeyPairName: + Type: AWS::EC2::KeyPair::KeyName + TargetGroupARN: + Type: String + SSLTargetGroupARN: + Type: String + InternalTargetGroupARN: + Type: String + HostProfile: + Type: String + SecurityGroups: + Type: String + InstanceType: + Type: String + PrimaryVolume: + Type: String + VolumeSize: + Type: Number + UserDataDirectory: + Description: Directory to store Artifactory data. Can be used to store data (via symlink) in detachable volume + Type: String + Default: '/artifactory-user-data' + +Mappings: + AWSAMIRegionMap: + us-east-1: + "Artifactory7186": ami-085f7218e38914838 + us-east-2: + "Artifactory7186": xxxxxxx + us-west-1: + "Artifactory7186": xxxxxxx + us-west-2: + "Artifactory7186": xxxxxxx + ca-central-1: + "Artifactory7186": xxxxxxx + eu-central-1: + "Artifactory7186": xxxxxxx + eu-west-1: + "Artifactory7186": xxxxxxx + eu-west-2: + "Artifactory7186": xxxxxxx + eu-west-3: + "Artifactory7186": xxxxxxx + ap-southeast-1: + "Artifactory7186": xxxxxxx + ap-southeast-2: + "Artifactory7186": xxxxxxx + ap-south-1: + "Artifactory7186": xxxxxxx + ap-northeast-1: + "Artifactory7186": xxxxxxx + ap-northeast-2: + "Artifactory7186": xxxxxxx + sa-east-1: + "Artifactory7186": xxxxxxx + us-gov-east-1: + "Artifactory7186": ami-0188dfd8fca02f66a + us-gov-west-1: + "Artifactory7186": xxxxxxx + ArtifactoryProductMap: + JFrog-Artifactory-Pro: + "7186": "Artifactory7186" + product: "artifactory" + +Conditions: + IsSecondary: !Equals [!Ref ArtifactoryPrimary, 'false'] + +Resources: + ArtifactoryScalingGroup: + Type: AWS::AutoScaling::AutoScalingGroup + Properties: + LaunchConfigurationName: !Ref ArtifactoryLaunchConfiguration + VPCZoneIdentifier: !Ref PrivateSubnetIds + MinSize: !Ref MinScalingNodes + MaxSize: !Ref MaxScalingNodes + Cooldown: '300' + DesiredCapacity: !Ref MinScalingNodes + TargetGroupARNs: + - !Ref TargetGroupARN + - !Ref SSLTargetGroupARN + - !Ref InternalTargetGroupARN + HealthCheckType: ELB + HealthCheckGracePeriod: 1800 + Tags: + - Key: Name + Value: !Ref DeploymentTag + PropagateAtLaunch: true + - Key: ArtifactoryVersion + Value: !Ref ArtifactoryVersion + PropagateAtLaunch: true + TerminationPolicies: + - OldestInstance + - Default + CreationPolicy: + ResourceSignal: + Count: !Ref MinScalingNodes + Timeout: PT60M + + ArtifactoryLaunchConfiguration: + Type: 'AWS::AutoScaling::LaunchConfiguration' + Metadata: + AWS::CloudFormation::Init: + configSets: + artifactory_install: + - "config-cloudwatch" + - "config-artifactory-primary" + - "secure-artifactory" + config-cloudwatch: + files: + /root/cloudwatch.conf: + content: | + [general] + state_file = /var/awslogs/state/agent-state + + [/var/log/messages] + file = /var/log/messages + log_group_name = /artifactory/instances/{instance_id} + log_stream_name = /var/log/messages/ + datetime_format = %b %d %H:%M:%S + + [/var/log/jfrog-ami-setup.log] + file = /var/log/messages + log_group_name = /artifactory/instances/{instance_id} + log_stream_name = /var/log/jfrog-ami-setup.log + datetime_format = %b %d %H:%M:%S + + [/var/log/jfrog-ami-artifactory.log] + file = /var/log/messages + log_group_name = /artifactory/instances/{instance_id} + log_stream_name = /var/log/jfrog-ami-artifactory.log + datetime_format = %b %d %H:%M:%S + mode: "0400" + config-artifactory-primary: + files: + /root/attach_volume.sh: + content: !Sub | + #!/usr/bin/env bash + IS_PRIMARY="${ArtifactoryPrimary}" + + if [[ $IS_PRIMARY != "true" ]]; then + echo 'Not primary node. Skipping EBS volume attachment.' + lsblk # debug + exit 0 + fi + + echo "Using primary volume ID ${PrimaryVolume}" + VOLUME_ID="${PrimaryVolume}" + echo "VOLUME_ID: $VOLUME_ID" + if [[ -z "$VOLUME_ID" ]]; then + echo 'Invalid $VOLUME_ID' + exit 1 + fi + + # Get instance id from AWS + INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id) + + # Attach the volume created by another CFT + # the device name should become /dev/nvme1n1 + # See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html + echo "Attaching volume $VOLUME_ID to instance $INSTANCE_ID" + /var/awslogs/bin/aws ec2 attach-volume --volume-id $VOLUME_ID --instance-id $INSTANCE_ID --device /dev/xvdf --region ${AWS::Region} + + echo "Wait for volume $VOLUME_ID to attach" + sleep 30 # Give volume time to attach + lsblk # debug + mode: "0770" + /root/.jfrog_ami/artifactory.yml: + content: !Sub + - | + # Base install for Artifactory + - import_playbook: site-artifactory.yml + vars: + artifactory_product: ${product} + artifactory_flavour: "{{ 'pro' if '${product}' == 'artifactory' else 'jcr' if '${product}' == 'jcr' }}" + artifactory_ha_enabled: true + artifactory_is_primary: ${ArtifactoryPrimary} + artifactory_server_name: ${ArtifactoryServerName} + server_name: ${ArtifactoryServerName}.${CertificateDomain} + use_custom_data_directory: true + custom_data_directory: "${UserDataDirectory}" + s3_region: ${AWS::Region} + s3_bucket: ${ArtifactoryS3Bucket} + certificate: ${Certificate} + certificate_key: ${CertificateKey} + certificate_domain: ${CertificateDomain} + enable_ssl: ${EnableSSL} + ssl_dir: /etc/pki/tls/certs + db_type: ${DatabaseType} + db_driver: ${DatabaseDriver} + db_url: ${DatabaseUrl} + db_user: ${DatabaseUser} + db_password: ${DatabasePassword} + # db_download_url: https://jdbc.postgresql.org/download/postgresql-42.2.12.jar + art_primary: ${ArtifactoryPrimary} + master_key: ${MasterKey} + join_key: ${MasterKey} + extra_java_opts: ${ExtraJavaOptions} + artifactory_version: ${ArtifactoryVersion} + artifactory_keystore: + path: /opt/jfrog/artifactory/app/third-party/java/lib/security/cacerts + default_password: changeit + new_keystore_pass: ${DatabasePassword} + artifactory_java_db_drivers: + - name: ${DatabasePlugin} + url: ${DatabasePluginUrl} + owner: artifactory + group: artifactory + - product: !FindInMap [ArtifactoryProductMap, !Ref ArtifactoryProduct, product] + mode: "0400" + /root/.vault_pass.txt: + content: !Sub | + ${DatabasePassword} + mode: "0400" + /root/.secureit.sh: + content: + ansible-vault encrypt /root/.jfrog_ami/artifactory.yml --vault-id /root/.vault_pass.txt + mode: "0770" + secure-artifactory: + commands: + 'secure ansible playbook': + command: '/root/.secureit.sh' + ignoreErrors: 'false' + Properties: + KeyName: !Ref KeyPairName + IamInstanceProfile: !Ref HostProfile + ImageId: !FindInMap + - AWSAMIRegionMap + - !Ref 'AWS::Region' + - !FindInMap + - ArtifactoryProductMap + - !Ref ArtifactoryProduct + - !Ref AmiId + SecurityGroups: + - !Ref SecurityGroups + InstanceType: !Ref InstanceType + BlockDeviceMappings: + !If + - IsSecondary + - - DeviceName: /dev/xvda + Ebs: + VolumeSize: !Ref VolumeSize + VolumeType: gp2 + DeleteOnTermination: true + Encrypted: true + - !Ref AWS::NoValue + UserData: + Fn::Base64: + !Sub | + #!/bin/bash -x + + #CFN Functions + + function cfn_fail + + { + + cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource ArtifactoryScalingGroup + + exit 1 + + } + + function cfn_success + + { + + cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource ArtifactoryScalingGroup + + exit 0 + + } + + # Install jq + yum install -y epel-release + yum install -y jq + + echo $PATH + + PATH=/opt/aws/bin:$PATH + + echo $PATH + + # Activate virtual env + source ~/venv/bin/activate + + setsebool httpd_can_network_connect 1 -P + + # CentOS cloned virtual machines do not create a new machine id + # https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/ + rm -f /etc/machine-id + systemd-machine-id-setup + + cfn-init -v --stack ${AWS::StackName} --resource ArtifactoryLaunchConfiguration --configsets artifactory_install --region ${AWS::Region} || cfn_fail + + # Setup CloudWatch Agent + curl https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py -O + chmod +x ./awslogs-agent-setup.py + ./awslogs-agent-setup.py -n -r ${AWS::Region} -c /root/cloudwatch.conf 2>&1 | tee /var/log/userdata.cloudwatch_agent_install.log + + /root/attach_volume.sh || cfn_fail + + setsebool httpd_can_network_connect 1 -P + + aws secretsmanager get-secret-value --secret-id ${ArtifactoryLicensesSecretName} --region ${AWS::Region} | jq -r '{"artifactory_licenses":(.SecretString | fromjson )}' > ~/.jfrog_ami/licenses.json || cfn_fail + + ansible-playbook /root/.jfrog_ami/artifactory.yml -e "@~/.jfrog_ami/licenses.json" --vault-id /root/.vault_pass.txt 2>&1 | tee /var/log/jfrog-ami-artifactory.log || cfn_fail + + rm -rf /root/.secureit.sh + + cfn_success &> /var/log/cfn_success.log + cfn_success || cfn_fail diff --git a/Amazon/marketplace-jfrog-artifactory/v7186/templates/jfrog-xray-ec2-instance.template.yaml b/Amazon/marketplace-jfrog-artifactory/v7186/templates/jfrog-xray-ec2-instance.template.yaml new file mode 100644 index 0000000..440689d --- /dev/null +++ b/Amazon/marketplace-jfrog-artifactory/v7186/templates/jfrog-xray-ec2-instance.template.yaml @@ -0,0 +1,255 @@ +AWSTemplateFormatVersion: "2010-09-09" +Description: "Deploys the EC2 Autoscaling, LaunchConfig and Instance for Xray" +Parameters: + PrivateSubnet1Id: + Type: AWS::EC2::Subnet::Id + PrivateSubnet2Id: + Type: AWS::EC2::Subnet::Id + KeyPairName: + Type: AWS::EC2::KeyPair::KeyName + MinScalingNodes: + Type: Number + MaxScalingNodes: + Type: Number + DeploymentTag: + Type: String + DatabaseDriver: + Type: String + DatabaseType: + Type: String + DatabaseUser: + Type: String + DatabasePassword: + Type: String + NoEcho: 'true' + MasterKey: + Type: String + NoEcho: 'true' + ExtraJavaOptions: + Type: String + SecurityGroups: + Type: String + VolumeSize: + Type: Number + XrayHostProfile: + Type: String + XrayHostRole: + Type: String + XrayInstanceType: + Type: String + JfrogInternalUrl: + Type: String + XrayDatabaseUser: + Type: String + XrayDatabasePassword: + Type: String + NoEcho: 'true' + XrayMasterDatabaseUrl: + Type: String + XrayDatabaseUrl: + Type: String + XrayVersion: + Type: String + XrayAmiId: + Type: String + +# To populate additional mappings use the following with the desired --region +# aws --region us-west-2 ec2 describe-images --owners amazon --filters 'Name=name,Values=amzn-ami-hvm-2018.03.0.20181129-x86_64-gp2' 'Name=state,Values=available' --output json | jq -r '.Images | sort_by(.CreationDate) | last(.[]).ImageId' +Mappings: + AWSAMIRegionMap: + us-east-1: + "3242": ami-0d5ab4e1fc1a9a4f3 + us-east-2: + "3242": xxxxxxxxxx + us-west-1: + "3242": xxxxxxxxxx + us-west-2: + "3242": xxxxxxxxxx + ca-central-1: + "3242": xxxxxxxxxx + eu-central-1: + "3242": xxxxxxxxxx + eu-west-1: + "3242": xxxxxxxxxx + eu-west-2: + "3242": xxxxxxxxxx + eu-west-3: + "3242": xxxxxxxxxx + ap-southeast-1: + "3242": xxxxxxxxxx + ap-southeast-2: + "3242": xxxxxxxxxx + ap-south-1: + "3242": xxxxxxxxxx + ap-northeast-1: + "3242": xxxxxxxxxx + ap-northeast-2: + "3242": xxxxxxxxxx + sa-east-1: + "3242": xxxxxxxxxx + us-gov-east-1: + "3242": ami-0f41f2b4118af19fc + us-gov-west-1: + "3242": xxxxxxxxxx + +Resources: + XrayScalingGroup: + Type: AWS::AutoScaling::AutoScalingGroup + Properties: + LaunchConfigurationName: !Ref XrayLaunchConfiguration + VPCZoneIdentifier: + - !Ref PrivateSubnet1Id + - !Ref PrivateSubnet2Id + MinSize: !Ref MinScalingNodes + MaxSize: !Ref MaxScalingNodes + Cooldown: '300' + DesiredCapacity: !Ref MinScalingNodes + HealthCheckType: EC2 + HealthCheckGracePeriod: 1800 + Tags: + - Key: Name + Value: !Ref DeploymentTag + PropagateAtLaunch: true + - Key: XrayVersion + Value: !Ref XrayVersion + PropagateAtLaunch: true + TerminationPolicies: + - OldestInstance + - Default + CreationPolicy: + ResourceSignal: + Count: !Ref MinScalingNodes + Timeout: PT60M + XrayLaunchConfiguration: + Type: AWS::AutoScaling::LaunchConfiguration + Metadata: + AWS::CloudFormation::Init: + configSets: + xray_install: + - "config-cloudwatch" + - "config-xray" + config-cloudwatch: + files: + /root/cloudwatch.conf: + content: | + [general] + state_file = /var/awslogs/state/agent-state + + [/var/log/messages] + file = /var/log/messages + log_group_name = /xray/instances/{instance_id} + log_stream_name = /var/log/messages/ + datetime_format = %b %d %H:%M:%S + + [/var/log/xray-ami-setup.log] + file = /var/log/messages + log_group_name = /xray/instances/{instance_id} + log_stream_name = /var/log/xray-ami-setup.log + datetime_format = %b %d %H:%M:%S + + [/var/log/xray.log] + file = /var/log/messages + log_group_name = /xray/instances/{instance_id} + log_stream_name = /var/log/xray.log + datetime_format = %b %d %H:%M:%S + mode: "0400" + config-xray: + files: + /root/.xray_ami/xray.yml: + content: !Sub | + # Base install for Xray + - import_playbook: site-xray.yml + vars: + jfrog_url: ${JfrogInternalUrl} + master_key: ${MasterKey} + join_key: ${MasterKey} + extra_java_opts: ${ExtraJavaOptions} + db_type: ${DatabaseType} + db_driver: ${DatabaseDriver} + db_master_url: postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} + db_url: postgres://${XrayDatabaseUrl} + db_master_user: ${DatabaseUser} + db_user: ${XrayDatabaseUser} + db_password: ${XrayDatabasePassword} + xray_version: ${XrayVersion} + mode: "0400" + /root/.vault_pass.txt: + content: !Sub | + ${DatabasePassword} + mode: "0400" + Properties: + KeyName: !Ref KeyPairName + IamInstanceProfile: !Ref XrayHostProfile + ImageId: !FindInMap + - AWSAMIRegionMap + - !Ref AWS::Region + - !Ref XrayAmiId + SecurityGroups: + - !Ref SecurityGroups + InstanceType: !Ref XrayInstanceType + BlockDeviceMappings: + - DeviceName: /dev/xvda + Ebs: + VolumeSize: !Ref VolumeSize + VolumeType: gp2 + DeleteOnTermination: true + Encrypted: true + UserData: + Fn::Base64: + !Sub | + #!/bin/bash -x + exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 + + #CFN Functions + + function cfn_fail + + { + + cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource XrayScalingGroup + + exit 1 + + } + + function cfn_success + + { + + cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource XrayScalingGroup + + exit 0 + + } + + echo $PATH + + PATH=/opt/aws/bin:$PATH + + echo $PATH + + # Activate virtual env + source ~/venv/bin/activate + + setsebool httpd_can_network_connect 1 -P + + # CentOS cloned virtual machines do not create a new machine id + # https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/ + rm -f /etc/machine-id + systemd-machine-id-setup + + cfn-init -v --stack ${AWS::StackName} --resource XrayLaunchConfiguration --configsets xray_install --region ${AWS::Region} || cfn_fail + + # Setup CloudWatch Agent + curl https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py -O + chmod +x ./awslogs-agent-setup.py + ./awslogs-agent-setup.py -n -r ${AWS::Region} -c /root/cloudwatch.conf + + lsblk # debug + + ansible-playbook /root/.xray_ami/xray.yml --vault-id /root/.vault_pass.txt 2>&1 | tee /var/log/xray.log || cfn_fail + + rm -rf /root/.secureit.sh + + cfn_success &> /var/log/cfn_success.log + cfn_success || cfn_fail