zware/JFrog-Cloud-Installers
1
0
Fork 0
mirror of https://github.com/ZwareBear/JFrog-Cloud-Installers.git synced 2026-01-21 01:06:55 -06:00
Code Issues Packages Projects Releases Wiki Activity

updated containers, self published and MP to 7.18.6

Browse Source
This commit is contained in:
Vinay Aggarwal
2021-05-08 14:10:45 -07:00
parent 12d4e96727
commit 3c4443cbf3
119 changed files with 7524 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
Amazon/artifactory7/v7186/cloudInstallerScripts/artifactory-ami.yml Normal file
View File

@@ -0,0 +1,5 @@
- hosts: localhost
gather_facts: true
become: true
roles:
- name: artifactory-ami

29
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/.travis.yml Normal file
View File

@@ -0,0 +1,29 @@
---
language: python
python: "2.7"
# Use the new container infrastructure
sudo: false
# Install ansible
addons:
apt:
packages:
- python-pip
install:
# Install ansible
- pip install ansible
# Check ansible version
- ansible --version
# Create ansible.cfg with correct roles_path
- printf '[defaults]\nroles_path=../' >ansible.cfg
script:
# Basic role syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

60
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/defaults/main.yml Normal file
View File

@@ -0,0 +1,60 @@
---
# defaults file for artifactory
# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone)
ansible_marketplace: standalone
# whether we are creating a AMI for Marketplace or just for configuring EC2 instance
ami_creation: false
# The version of Artifactory to install
artifactory_version: 7.15.3
# licenses file - specify a licenses file or specify up to 5 licenses
artifactory_license1:
artifactory_license2:
artifactory_license3:
artifactory_license4:
artifactory_license5:
artifactory_license6:
# whether to enable HA
artifactory_ha_enabled: true
# value for whether a host is primary. this should be set in host vars
artifactory_is_primary: true
# The location where Artifactory should install.
artifactory_download_directory: /opt/jfrog
# The location where Artifactory should store data.
artifactory_file_store_dir: /data
extra_java_opts: -server -Xms2g -Xmx14g -Xss256k -XX:+UseG1GC
# Pick the Artifactory flavour to install, can be also cpp-ce, jcr, pro.
# for Artifactory, use following values
artifactory_flavour: pro
artifactory_tar: https://releases.jfrog.io/artifactory/artifactory-pro/org/artifactory/{{ artifactory_flavour }}/jfrog-artifactory-{{ artifactory_flavour }}/{{ artifactory_version }}/jfrog-artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}-linux.tar.gz
# for JCR, use following values
# artifactory_flavour: jcr
# artifactory_tar: https://dl.bintray.com/jfrog/artifactory/org/artifactory/{{ artifactory_flavour }}/jfrog-artifactory-{{ artifactory_flavour }}/{{ artifactory_version }}/jfrog-artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}-linux.tar.gz
artifactory_home: "{{ artifactory_download_directory }}/artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}"
db_download_url: "https://jdbc.postgresql.org/download/postgresql-42.2.12.jar"
artifactory_user: artifactory
artifactory_group: artifactory
# Set the parameters required for the service.
service_list:
- name: artifactory
description: Start script for Artifactory
start_command: "{{ artifactory_home }}/bin/artifactory.sh start"
stop_command: "{{ artifactory_home }}/bin/artifactory.sh stop"
type: forking
status_pattern: artifactory
user_name: "{{ artifactory_user }}"
group_name: "{{ artifactory_group }}"

10
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/handlers/main.yml Normal file
View File

@@ -0,0 +1,10 @@
---
# handlers file for artifactory
- name: systemctl daemon-reload
systemd:
daemon_reload: yes
- name: restart artifactory
service:
name: artifactory
state: restarted

6
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/meta/exception.yml Normal file
View File

@@ -0,0 +1,6 @@
---
exceptions:
- variation: Alpine
reason: Artifactory start/stop scripts don't properly work.
- variation: amazonlinux:1
reason: "Shutting down artifactory: /usr/bin/java\nfinding\nUsing the default catalina management port (8015) to test shutdown\nArtifactory Tomcat already stopped"

35
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/meta/main.yml Normal file
View File

@@ -0,0 +1,35 @@
---
galaxy_info:
author: Robert de Bock
role_name: artifactory
description: Install and configure artifactory on your system.
license: Apache-2.0
company: none
min_ansible_version: 2.8
platforms:
- name: Debian
versions:
- all
- name: EL
versions:
- 7
- 8
- name: Fedora
versions:
- all
- name: OpenSUSE
versions:
- all
- name: Ubuntu
versions:
- bionic
galaxy_tags:
- artifactory
- centos
- redhat
- server
- system
dependencies: []

2
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/meta/preferences.yml Normal file
View File

@@ -0,0 +1,2 @@
---
tox_parallel: yes

6
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/meta/version.yml Normal file
View File

@@ -0,0 +1,6 @@
---
project_name: JFrog
reference: "https://github.com/robertdebock/ansible-role-artifactory/blob/master/defaults/main.yml"
versions:
- name: Artifactory
url: "https://releases.jfrog.io/artifactory/"

82
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/tasks/main.yml Normal file
View File

@@ -0,0 +1,82 @@
---
# tasks file for artifactory
- name: install nginx
include_role:
name: artifactory-nginx-ami
- name: create group for artifactory
group:
name: "{{ artifactory_group }}"
state: present
become: yes
- name: create user for artifactory
user:
name: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
system: yes
become: yes
- name: ensure artifactory_download_directory exists
file:
path: "{{ artifactory_download_directory }}"
state: directory
become: yes
- name: download artifactory
unarchive:
src: "{{ artifactory_tar }}"
dest: "{{ artifactory_download_directory }}"
remote_src: yes
owner: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
creates: "{{ artifactory_home }}"
become: yes
register: downloadartifactory
until: downloadartifactory is succeeded
retries: 3
- name: ensure artifactory_file_store_dir exists
file:
path: "{{ artifactory_file_store_dir }}"
state: directory
owner: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
become: yes
- name: ensure data subdirectories exist
file:
path: "{{ artifactory_home }}/var/{{ item }}"
state: directory
owner: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
loop:
- "bootstrap"
- "etc"
become: yes
- name: download database driver
get_url:
url: "{{ db_download_url }}"
dest: "{{ artifactory_home }}/var/bootstrap/artifactory/tomcat/lib"
owner: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
become: yes
- name: clean up after creating ami
block:
- name: Remove SSH keys
file:
path: "{{ ssh_keys.dir }}"
state: absent
loop:
- dir: "/home/.jfrog_ami/.ssh/authorized_keys"
- dir: "/root/.ssh/authorized_keys"
- dir: "/home/centos/.ssh/authorized_keys"
loop_control:
loop_var: ssh_keys
- name: shutdown VM
command: /sbin/shutdown -h now
ignore_errors: 'yes'
when: ami_creation

37
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/artifactory.cluster.license.j2 Normal file
View File

@@ -0,0 +1,37 @@
{% if artifactory_license1 %}
{% if artifactory_license1|length %}
{{ artifactory_license1 }}
{% endif %}
{% endif %}
{% if artifactory_license2 %}
{% if artifactory_license2|length %}
{{ artifactory_license2 }}
{% endif %}
{% endif %}
{% if artifactory_license3 %}
{% if artifactory_license3|length %}
{{ artifactory_license3 }}
{% endif %}
{% endif %}
{% if artifactory_license4 %}
{% if artifactory_license4|length %}
{{ artifactory_license4 }}
{% endif %}
{% endif %}
{% if artifactory_license5 %}
{% if artifactory_license5|length %}
{{ artifactory_license5 }}
{% endif %}
{% endif %}
{% if artifactory_license6 %}
{% if artifactory_license6|length %}
{{ artifactory_license6 }}
{% endif %}
{% endif %}

4
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/binarystore.xml.j2 Normal file
View File

@@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
<config version="2">
<chain template="cluster-file-system"/>
</config>

12
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/installer-info.json.j2 Normal file
View File

@@ -0,0 +1,12 @@
{
"productId": "Ansible_artifactory/1.0.0",
"features": [
{
"featureId": "Partner/ACC-006973"
},
{
"featureId": "Channel/{{ ansible_marketplace }}"
}
]
}

1
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/join.key.j2 Normal file
View File

@@ -0,0 +1 @@
{{ join_key }}

1
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/master.key.j2 Normal file
View File

@@ -0,0 +1 @@
{{ master_key }}

38
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/templates/system.yaml.j2 Normal file
View File

@@ -0,0 +1,38 @@
## @formatter:off
## JFROG ARTIFACTORY SYSTEM CONFIGURATION FILE
## HOW TO USE: comment-out any field and keep the correct yaml indentation by deleting only the leading '#' character.
configVersion: 1
## NOTE: JFROG_HOME is a place holder for the JFrog root directory containing the deployed product, the home directory for all JFrog products.
## Replace JFROG_HOME with the real path! For example, in RPM install, JFROG_HOME=/opt/jfrog
## NOTE: Sensitive information such as passwords and join key are encrypted on first read.
## NOTE: The provided commented key and value is the default.
## SHARED CONFIGURATIONS
## A shared section for keys across all services in this config
shared:
## Node Settings
node:
## A unique id to identify this node.
## Default: auto generated at startup.
id: {{ ansible_machine_id }}
## Sets this node as primary in HA installation
primary: {{ artifactory_is_primary }}
## Sets this node as part of HA installation
haEnabled: {{ artifactory_ha_enabled }}
## Database Configuration
database:
## One of: mysql, oracle, mssql, postgresql, mariadb
## Default: Embedded derby
## Example for mysql/postgresql
type: "{{ db_type }}"
driver: "{{ db_driver }}"
url: "{{ db_url }}"
username: "{{ db_user }}"
password: "{{ db_password }}"

2
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-ami/vars/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---

29
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/.travis.yml Normal file
View File

@@ -0,0 +1,29 @@
---
language: python
python: "2.7"
# Use the new container infrastructure
sudo: false
# Install ansible
addons:
apt:
packages:
- python-pip
install:
# Install ansible
- pip install ansible
# Check ansible version
- ansible --version
# Create ansible.cfg with correct roles_path
- printf '[defaults]\nroles_path=../' >ansible.cfg
script:
# Basic role syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

2
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/defaults/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# defaults file for artifactory-nginx

37
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/files/nginx.conf Normal file
View File

@@ -0,0 +1,37 @@
#user nobody;
worker_processes 1;
error_log /var/log/nginx/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
variables_hash_max_size 1024;
variables_hash_bucket_size 64;
server_names_hash_max_size 4096;
server_names_hash_bucket_size 128;
types_hash_max_size 2048;
types_hash_bucket_size 64;
proxy_read_timeout 2400s;
client_header_timeout 2400s;
client_body_timeout 2400s;
proxy_connect_timeout 75s;
proxy_send_timeout 2400s;
proxy_buffer_size 32k;
proxy_buffers 40 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 250m;
proxy_http_version 1.1;
client_body_buffer_size 128k;
include /etc/nginx/conf.d/*.conf;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
}

2
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/handlers/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# handlers file for artifactory-nginx

53
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/meta/main.yml Normal file
View File

@@ -0,0 +1,53 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.9
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

30
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/tasks/main.yml Normal file
View File

@@ -0,0 +1,30 @@
---
- name: Add epel-release repo
yum:
name: epel-release
state: present
vars:
ansible_python_interpreter: /bin/python2
- name: Install nginx
yum:
name: nginx
state: present
vars:
ansible_python_interpreter: /bin/python2
- name: configure main nginx conf file.
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0755'
become: yes
- name: restart nginx
service:
name: nginx
state: restarted
enabled: yes
become: yes

43
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/templates/artifactory.conf.j2 Normal file
View File

@@ -0,0 +1,43 @@
###########################################################
## this configuration was generated by JFrog Artifactory ##
###########################################################
## add HA entries when ha is configure
upstream artifactory {
server 127.0.0.1:8082;
}
upstream artifactory-direct {
server 127.0.0.1:8081;
}
## server configuration
server {
listen 80 ;
server_name _;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
## Application specific logs
access_log /var/log/nginx/artifactory-access.log;
error_log /var/log/nginx/artifactory-error.log;
rewrite ^/$ /ui/ redirect;
rewrite ^/ui$ /ui/ redirect;
chunked_transfer_encoding on;
client_max_body_size 0;
location / {
proxy_read_timeout 2400s;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
proxy_pass "http://artifactory";
proxy_next_upstream error timeout non_idempotent;
proxy_next_upstream_tries 1;
proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location ~ ^/artifactory/ {
proxy_pass http://artifactory-direct;
}
}
}

2
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/tests/inventory Normal file
View File

@@ -0,0 +1,2 @@
localhost

5
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/tests/test.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- artifactory-nginx

2
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ami/vars/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# vars file for artifactory-nginx

29
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/.travis.yml Normal file
View File

@@ -0,0 +1,29 @@
---
language: python
python: "2.7"
# Use the new container infrastructure
sudo: false
# Install ansible
addons:
apt:
packages:
- python-pip
install:
# Install ansible
- pip install ansible
# Check ansible version
- ansible --version
# Create ansible.cfg with correct roles_path
- printf '[defaults]\nroles_path=../' >ansible.cfg
script:
# Basic role syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

2
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/defaults/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# defaults file for artifactory-nginx

2
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/handlers/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# handlers file for artifactory-nginx

53
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/meta/main.yml Normal file
View File

@@ -0,0 +1,53 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.9
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

54
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/tasks/main.yml Normal file
View File

@@ -0,0 +1,54 @@
---
# tasks file for artifactory-nginx
- name: configure the artifactory nginx conf
template:
src: artifactory.conf.j2
dest: /etc/nginx/conf.d/artifactory.conf
owner: root
group: root
mode: '0755'
become: yes
- name: ensure nginx dir exists
file:
path: "/var/opt/jfrog/nginx/ssl"
state: directory
become: yes
- name: configure certificate
template:
src: certificate.pem.j2
dest: "/var/opt/jfrog/nginx/ssl/cert.pem"
become: yes
- name: ensure pki exists
file:
path: "/etc/pki/tls"
state: directory
become: yes
- name: configure key
template:
src: certificate.key.j2
dest: "/etc/pki/tls/cert.key"
become: yes
- name: Allow apache to modify files in /srv/git_repos
sefcontext:
target: '/var/opt/jfrog/nginx/ssl/cert.pem'
setype: httpd_sys_content_t
state: present
vars:
ansible_python_interpreter: /bin/python2
become: yes
- name: Apply new SELinux file context to filesystem
command: restorecon -v /var/opt/jfrog/nginx/ssl/cert.pem
become: yes
- name: restart nginx
service:
name: nginx
state: restarted
enabled: yes
become: yes

49
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/templates/artifactory.conf.j2 Normal file
View File

@@ -0,0 +1,49 @@
###########################################################
## this configuration was generated by JFrog Artifactory ##
###########################################################
## add HA entries when ha is configure
upstream artifactory {
server 127.0.0.1:8082;
}
upstream artifactory-direct {
server 127.0.0.1:8081;
}
ssl_protocols TLSv1.1 TLSv1.2;
ssl_certificate /var/opt/jfrog/nginx/ssl/cert.pem;
ssl_certificate_key /etc/pki/tls/cert.key;
ssl_session_cache shared:SSL:1m;
ssl_prefer_server_ciphers on;
## server configuration
server {
listen 80;
listen 443 ssl http2;
server_name _;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
## Application specific logs
access_log /var/log/nginx/artifactory-access.log;
error_log /var/log/nginx/artifactory-error.log;
rewrite ^/$ /ui/ redirect;
rewrite ^/ui$ /ui/ redirect;
chunked_transfer_encoding on;
client_max_body_size 0;
location / {
proxy_read_timeout 2400s;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
proxy_pass "http://artifactory";
proxy_next_upstream error timeout non_idempotent;
proxy_next_upstream_tries 1;
proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location ~ ^/artifactory/ {
proxy_pass http://artifactory-direct;
}
}
}

1
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/templates/certificate.key.j2 Normal file
View File

@@ -0,0 +1 @@
{{ certificate_key | regex_replace('(-+(BEGIN|END) [A-Z ]*-+ ?|[A-Za-z0-9\+=/]* )', '\\1\n') }}

1
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/templates/certificate.pem.j2 Normal file
View File

@@ -0,0 +1 @@
{{ certificate | regex_replace('(-+(BEGIN|END) [A-Z ]*-+ ?|[A-Za-z0-9\+=/]* )', '\\1\n') }}

2
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/tests/inventory Normal file
View File

@@ -0,0 +1,2 @@
localhost

5
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/tests/test.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- artifactory-nginx

2
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx-ssl/vars/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# vars file for artifactory-nginx

29
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/.travis.yml Normal file
View File

@@ -0,0 +1,29 @@
---
language: python
python: "2.7"
# Use the new container infrastructure
sudo: false
# Install ansible
addons:
apt:
packages:
- python-pip
install:
# Install ansible
- pip install ansible
# Check ansible version
- ansible --version
# Create ansible.cfg with correct roles_path
- printf '[defaults]\nroles_path=../' >ansible.cfg
script:
# Basic role syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

2
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/defaults/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# defaults file for artifactory-nginx

37
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/files/nginx.conf Normal file
View File

@@ -0,0 +1,37 @@
#user nobody;
worker_processes 1;
error_log /var/log/nginx/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
variables_hash_max_size 1024;
variables_hash_bucket_size 64;
server_names_hash_max_size 4096;
server_names_hash_bucket_size 128;
types_hash_max_size 2048;
types_hash_bucket_size 64;
proxy_read_timeout 2400s;
client_header_timeout 2400s;
client_body_timeout 2400s;
proxy_connect_timeout 75s;
proxy_send_timeout 2400s;
proxy_buffer_size 32k;
proxy_buffers 40 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 250m;
proxy_http_version 1.1;
client_body_buffer_size 128k;
include /etc/nginx/conf.d/*.conf;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
}

2
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/handlers/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# handlers file for artifactory-nginx

53
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/meta/main.yml Normal file
View File

@@ -0,0 +1,53 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.9
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

34
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/tasks/main.yml Normal file
View File

@@ -0,0 +1,34 @@
---
- name: configure main nginx conf file.
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0755'
become: yes
- name: configure main nginx conf file.
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0755'
become: yes
- name: configure the artifactory nginx conf
template:
src: artifactory.conf.j2
dest: /etc/nginx/conf.d/artifactory.conf
owner: root
group: root
mode: '0755'
become: yes
- name: restart nginx
service:
name: nginx
state: restarted
enabled: yes
become: yes

43
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/templates/artifactory.conf.j2 Normal file
View File

@@ -0,0 +1,43 @@
###########################################################
## this configuration was generated by JFrog Artifactory ##
###########################################################
## add HA entries when ha is configure
upstream artifactory {
server 127.0.0.1:8082;
}
upstream artifactory-direct {
server 127.0.0.1:8081;
}
## server configuration
server {
listen 80 ;
server_name _;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
## Application specific logs
access_log /var/log/nginx/artifactory-access.log;
error_log /var/log/nginx/artifactory-error.log;
rewrite ^/$ /ui/ redirect;
rewrite ^/ui$ /ui/ redirect;
chunked_transfer_encoding on;
client_max_body_size 0;
location / {
proxy_read_timeout 2400s;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
proxy_pass "http://artifactory";
proxy_next_upstream error timeout non_idempotent;
proxy_next_upstream_tries 1;
proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location ~ ^/artifactory/ {
proxy_pass http://artifactory-direct;
}
}
}

2
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/tests/inventory Normal file
View File

@@ -0,0 +1,2 @@
localhost

5
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/tests/test.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- artifactory-nginx

2
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory-nginx/vars/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# vars file for artifactory-nginx

29
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/.travis.yml Normal file
View File

@@ -0,0 +1,29 @@
---
language: python
python: "2.7"
# Use the new container infrastructure
sudo: false
# Install ansible
addons:
apt:
packages:
- python-pip
install:
# Install ansible
- pip install ansible
# Check ansible version
- ansible --version
# Create ansible.cfg with correct roles_path
- printf '[defaults]\nroles_path=../' >ansible.cfg
script:
# Basic role syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

52
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/defaults/main.yml Normal file
View File

@@ -0,0 +1,52 @@
---
# defaults file for artifactory
# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone)
ansible_marketplace: standalone
# The version of Artifactory to install
artifactory_version: 7.15.3
# licenses - cluster license content in json
artifactory_licenses:
# whether to enable HA
artifactory_ha_enabled: true
# value for whether a host is primary. this should be set in host vars
artifactory_is_primary: true
# The location where Artifactory should install.
artifactory_download_directory: /opt/jfrog
# The location where Artifactory should store data.
artifactory_file_store_dir: /data
# whether to customer data directory
use_custom_data_directory: false
# location for customer directory. Will be symlink to as artifactory/var
custom_data_directory: /artifactory-user-data
# Pick the Artifactory flavour to install, can be also cpp-ce, jcr, pro.
artifactory_flavour: pro
extra_java_opts: -server -Xms2g -Xmx14g -Xss256k -XX:+UseG1GC
artifactory_tar: https://releases.jfrog.io/artifactory/artifactory-pro/org/artifactory/{{ artifactory_flavour }}/jfrog-artifactory-{{ artifactory_flavour }}/{{ artifactory_version }}/jfrog-artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}-linux.tar.gz
artifactory_home: "{{ artifactory_download_directory }}/artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}"
artifactory_user: artifactory
artifactory_group: artifactory
# Set the parameters required for the service.
service_list:
- name: artifactory
description: Start script for Artifactory
start_command: "{{ artifactory_home }}/bin/artifactory.sh start"
stop_command: "{{ artifactory_home }}/bin/artifactory.sh stop"
type: forking
status_pattern: artifactory
user_name: "{{ artifactory_user }}"
group_name: "{{ artifactory_group }}"
product_id: CloudFormation_QS_EC2/1.0.0

10
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/handlers/main.yml Normal file
View File

@@ -0,0 +1,10 @@
---
# handlers file for artifactory
- name: systemctl daemon-reload
systemd:
daemon_reload: yes
- name: restart artifactory
service:
name: artifactory
state: restarted

6
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/meta/exception.yml Normal file
View File

@@ -0,0 +1,6 @@
---
exceptions:
- variation: Alpine
reason: Artifactory start/stop scripts don't properly work.
- variation: amazonlinux:1
reason: "Shutting down artifactory: /usr/bin/java\nfinding\nUsing the default catalina management port (8015) to test shutdown\nArtifactory Tomcat already stopped"

35
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/meta/main.yml Normal file
View File

@@ -0,0 +1,35 @@
---
galaxy_info:
author: Robert de Bock
role_name: artifactory
description: Install and configure artifactory on your system.
license: Apache-2.0
company: none
min_ansible_version: 2.8
platforms:
- name: Debian
versions:
- all
- name: EL
versions:
- 7
- 8
- name: Fedora
versions:
- all
- name: OpenSUSE
versions:
- all
- name: Ubuntu
versions:
- bionic
galaxy_tags:
- artifactory
- centos
- redhat
- server
- system
dependencies: []

2
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/meta/preferences.yml Normal file
View File

@@ -0,0 +1,2 @@
---
tox_parallel: yes

6
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/meta/version.yml Normal file
View File

@@ -0,0 +1,6 @@
---
project_name: JFrog
reference: "https://github.com/robertdebock/ansible-role-artifactory/blob/master/defaults/main.yml"
versions:
- name: Artifactory
url: "https://releases.jfrog.io/artifactory/"

43
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/tasks/configure-licenses.yml Normal file
View File

@@ -0,0 +1,43 @@
- name: set license for Enterprise
block:
- name: use license file
copy:
src: "{{ artifactory_license_file }}"
dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.cluster.license"
force: no # only copy if file doesn't exist
become: yes
when: artifactory_license_file is defined and artifactory_is_primary == true
- name: use license strings
vars:
artifactory_licenses_dict: "{{ artifactory_licenses | default('{}') }}"
template:
src: artifactory.cluster.license.j2
dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.cluster.license"
force: no # only create if file doesn't exist
become: yes
when: artifactory_license_file is not defined and artifactory_is_primary == true
when: artifactory_ha_enabled
- name: set license for Pro
block:
- name: use license file
copy:
src: "{{ artifactory_license_file }}"
dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.lic"
force: no # only create if file doesn't exist
become: yes
when: artifactory_license_file is defined
- name: use license strings
vars:
artifactory_licenses_dict: "{{ artifactory_licenses | default('{}') }}"
template:
src: artifactory.pro.license.j2
dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.lic"
force: no # only create if file doesn't exist
become: yes
when: artifactory_license_file is not defined
when: not artifactory_ha_enabled

44
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/tasks/custom-data-directory.yml Normal file
View File

@@ -0,0 +1,44 @@
- name: setup directory symlink for using custom data directory/volume
block:
- name: Create a xfs filesystem on /dev/nvme1n1
# First non-root device is always mapped to /dev/nvme1n1
# See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html
community.general.filesystem:
dev: /dev/nvme1n1
fstype: xfs
- name: ensure external data directory exists
file:
path: "{{ custom_data_directory }}"
state: directory
- name: Mount the EBS volume
ansible.posix.mount:
path: "{{ custom_data_directory }}"
src: /dev/nvme1n1
state: mounted
fstype: xfs
- name: set custom data directory permission
file:
path: "{{ custom_data_directory }}"
state: directory
recurse: yes
owner: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
mode: "u=rwX,g=rwX,o=rwX"
- name: remove var directory if exists
file:
path: "{{ artifactory_home }}/var"
state: absent
- name: symlink custom data directory to var
file:
src: "{{ custom_data_directory }}"
path: "{{ artifactory_home }}/var"
state: link
owner: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
become: yes
when: use_custom_data_directory and custom_data_directory is defined

132
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/tasks/main.yml Normal file
View File

@@ -0,0 +1,132 @@
---
# tasks file for artifactory
- name: Set artifactory major version
set_fact:
artifactory_major_verion: "{{ artifactory_version.split('.')[0] }}"
- name: create group for artifactory
group:
name: "{{ artifactory_group }}"
state: present
become: yes
- name: create user for artifactory
user:
name: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
system: yes
become: yes
- name: ensure artifactory_download_directory exists
file:
path: "{{ artifactory_download_directory }}"
state: directory
become: yes
- name: ensure artifactory_file_store_dir exists
file:
path: "{{ artifactory_file_store_dir }}"
state: directory
owner: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
become: yes
- name: setup directory symlink for using custom data directory/volume
include_tasks: custom-data-directory.yml
when: use_custom_data_directory and custom_data_directory is defined
- name: ensure data subdirectories exist and have correct ownership
file:
path: "{{ artifactory_home }}/var/{{ item }}"
state: directory
owner: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
loop:
- "bootstrap"
- "etc"
- "data"
- "etc/info"
- "etc/security"
- "etc/artifactory"
become: yes
- name: check if system yaml file exits
stat:
path: "{{ artifactory_home }}/var/etc/system.yaml"
register: system_yaml
- name: use specified system yaml
copy:
src: "{{ system_file }}"
dest: "{{ artifactory_home }}/var/etc/system.yaml"
become: yes
when: system_file is defined and not system_yaml.stat.exists
- name: configure system yaml
template:
src: system.yaml.j2
dest: "{{ artifactory_home }}/var/etc/system.yaml"
become: yes
when: system_file is not defined and not system_yaml.stat.exists
- name: configure master key
template:
src: master.key.j2
dest: "{{ artifactory_home }}/var/etc/security/master.key"
force: no # only create if file doesn't exist
become: yes
- name: configure join key
template:
src: join.key.j2
dest: "{{ artifactory_home }}/var/etc/security/join.key"
force: no # only create if file doesn't exist
become: yes
- name: configure installer info
template:
src: installer-info.json.j2
dest: "{{ artifactory_home }}/var/etc/info/installer-info.json"
become: yes
- name: use specified binary store file
copy:
src: "{{ binary_store_file }}"
dest: "{{ artifactory_home }}/var/etc/artifactory/binarystore.xml"
force: no # only copy if file doesn't exist
become: yes
when: binary_store_file is defined
- name: set default binary store
template:
src: binarystore.xml.j2
dest: "{{ artifactory_home }}/var/etc/artifactory/binarystore.xml"
force: no # only create if file doesn't exist
become: yes
when: binary_store_file is not defined
- name: configure licenses
include_tasks: configure-licenses.yml
- name: create artifactory service
shell: "{{ artifactory_home }}/app/bin/installService.sh"
become: yes
- name: start and enable the primary node
service:
name: artifactory
state: restarted
become: yes
when: artifactory_is_primary == true
- name: random wait before restarting to prevent secondary nodes from hitting DB first
pause:
seconds: "{{ 120 | random + 10}}"
when: artifactory_is_primary == false
- name: start and enable the secondary nodes
service:
name: artifactory
state: restarted
become: yes
when: artifactory_is_primary == false

6
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/artifactory.cluster.license.j2 Normal file
View File

@@ -0,0 +1,6 @@
{% if artifactory_licenses_dict %}
{% for key in (artifactory_licenses_dict.keys() | select('match', '^ArtifactoryLicense\d$')) %}
{{ artifactory_licenses_dict[key] }}
{% endfor %}
{% endif %}

8
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/artifactory.pro.license.j2 Normal file
View File

@@ -0,0 +1,8 @@
{% if artifactory_licenses_dict %}
{% for key in (artifactory_licenses_dict.keys() | select('match', '^ArtifactoryLicense\d$')) %}
{% if loop.first %}
{{ artifactory_licenses_dict[key] }}
{% endif %}
{% endfor %}
{% endif %}

14
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/binarystore.xml.j2 Normal file
View File

@@ -0,0 +1,14 @@
<config version="2">
<chain>
<provider id="cache-fs" type="cache-fs">
<provider id="s3-storage-v3" type="s3-storage-v3"/>
</provider>
</chain>
<provider id="s3-storage-v3" type="s3-storage-v3">
<endpoint>s3.{{ s3_region }}.amazonaws.com</endpoint>
<bucketName>{{ s3_bucket }}</bucketName>
<path>artifactory/filestore</path>
<region>{{ s3_region }}</region>
<useInstanceCredentials>true</useInstanceCredentials>
</provider>
</config>

11
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/installer-info.json.j2 Normal file
View File

@@ -0,0 +1,11 @@
{
"productId": "{{ product_id }}",
"features": [
{
"featureId": "Partner/ACC-006973"
},
{
"featureId": "Channel/{{ ansible_marketplace }}"
}
]
}

1
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/join.key.j2 Normal file
View File

@@ -0,0 +1 @@
{{ join_key }}

1
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/master.key.j2 Normal file
View File

@@ -0,0 +1 @@
{{ master_key }}

40
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/templates/system.yaml.j2 Normal file
View File

@@ -0,0 +1,40 @@
## @formatter:off
## JFROG ARTIFACTORY SYSTEM CONFIGURATION FILE
## HOW TO USE: comment-out any field and keep the correct yaml indentation by deleting only the leading '#' character.
configVersion: 1
## NOTE: JFROG_HOME is a place holder for the JFrog root directory containing the deployed product, the home directory for all JFrog products.
## Replace JFROG_HOME with the real path! For example, in RPM install, JFROG_HOME=/opt/jfrog
## NOTE: Sensitive information such as passwords and join key are encrypted on first read.
## NOTE: The provided commented key and value is the default.
## SHARED CONFIGURATIONS
## A shared section for keys across all services in this config
shared:
## Java options
extraJavaOpts: "{{ extra_java_opts }}"
## Node Settings
node:
## A unique id to identify this node.
## Default: auto generated at startup.
id: {{ ansible_machine_id }}
## Sets this node as primary in HA installation
primary: {{ artifactory_is_primary }}
## Sets this node as part of HA installation
haEnabled: {{ artifactory_ha_enabled }}
## Database Configuration
database:
## One of: mysql, oracle, mssql, postgresql, mariadb
## Default: Embedded derby
## Example for mysql/postgresql
type: "{{ db_type }}"
driver: "{{ db_driver }}"
url: "{{ db_url }}"
username: "{{ db_user }}"
password: "{{ db_password }}"

2
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/artifactory/vars/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---

29
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/.travis.yml Normal file
View File

@@ -0,0 +1,29 @@
---
language: python
python: "2.7"
# Use the new container infrastructure
sudo: false
# Install ansible
addons:
apt:
packages:
- python-pip
install:
# Install ansible
- pip install ansible
# Check ansible version
- ansible --version
# Create ansible.cfg with correct roles_path
- printf '[defaults]\nroles_path=../' >ansible.cfg
script:
# Basic role syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

26
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/defaults/main.yml Normal file
View File

@@ -0,0 +1,26 @@
---
# defaults file for xray
# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone)
ansible_marketplace: standalone
# whether we are creating a AMI for Marketplace or just for configuring EC2 instance
ami_creation: false
# The version of xray to install
xray_version: 3.17.4
# whether to enable HA
xray_ha_enabled: true
# The location where xray should install.
xray_download_directory: /opt/jfrog
# The remote xray download file
xray_tar: https://releases.jfrog.io/artifactory/jfrog-xray/xray-linux/{{ xray_version }}/jfrog-xray-{{ xray_version }}-linux.tar.gz
#The xray install directory
xray_home: "{{ xray_download_directory }}/jfrog-xray-{{ xray_version }}-linux"
#xray users and groups
xray_user: xray
xray_group: xray

2
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/handlers/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# handlers file for xray

53
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/meta/main.yml Normal file
View File

@@ -0,0 +1,53 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.9
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

37
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/tasks/Debian.yml Normal file
View File

@@ -0,0 +1,37 @@
---
- name: Install db5.3-util
apt:
deb: "{{ xray_home }}/app/third-party/misc/db5.3-util_5.3.28-3ubuntu3_amd64.deb"
ignore_errors: yes
become: yes
- name: Install db-util
apt:
deb: "{{ xray_home }}/app/third-party/misc/db-util_1_3a5.3.21exp1ubuntu1_all.deb"
ignore_errors: yes
become: yes
- name: Install libssl
apt:
deb: "{{ xray_home }}/app/third-party/rabbitmq/libssl1.1_1.1.0j-1_deb9u1_amd64.deb"
ignore_errors: yes
become: yes
- name: Install socat
apt:
deb: "{{ xray_home }}/app/third-party/rabbitmq/socat_1.7.3.1-2+deb9u1_amd64.deb"
become: yes
- name: Install libwxbase3.0-0v5
apt:
name: libwxbase3.0-0v5
update_cache: yes
state: present
ignore_errors: yes
become: yes
- name: Install erlang
apt:
deb: "{{ xray_home }}/app/third-party/rabbitmq/esl-erlang_21.2.1-1~ubuntu~xenial_amd64.deb"
become: yes

21
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/tasks/RedHat.yml Normal file
View File

@@ -0,0 +1,21 @@
---
- name: Install db-utl
yum:
name: "{{ xray_home }}/app/third-party/misc/libdb-utils-5.3.21-19.el7.x86_64.rpm"
state: present
vars:
ansible_python_interpreter: /bin/python2
- name: Install socat
yum:
name: "{{ xray_home }}/app/third-party/rabbitmq/socat-1.7.3.2-2.el7.x86_64.rpm"
state: present
vars:
ansible_python_interpreter: /bin/python2
- name: Install erlang
yum:
name: "{{ xray_home }}/app/third-party/rabbitmq/erlang-23.2.7-1.el7.x86_64.rpm"
state: present
vars:
ansible_python_interpreter: /bin/python2

60
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/tasks/main.yml Normal file
View File

@@ -0,0 +1,60 @@
---
- name: create group for xray
group:
name: "{{ xray_group }}"
state: present
become: yes
- name: create user for xray
user:
name: "{{ xray_user }}"
group: "{{ xray_group }}"
system: yes
become: yes
- name: ensure xray_download_directory exists
file:
path: "{{ xray_download_directory }}"
state: directory
become: yes
- name: download xray
unarchive:
src: "{{ xray_tar }}"
dest: "{{ xray_download_directory }}"
remote_src: yes
owner: "{{ xray_user }}"
group: "{{ xray_group }}"
creates: "{{ xray_home }}"
become: yes
register: downloadxray
until: downloadxray is succeeded
retries: 3
- name: perform prerequisite installation
include_tasks: "{{ ansible_os_family }}.yml"
- name: ensure etc exists
file:
path: "{{ xray_home }}/var/etc"
state: directory
owner: "{{ xray_user }}"
group: "{{ xray_group }}"
become: yes
- name: Remove SSH keys
file:
path: "{{ ssh_keys.dir }}"
state: absent
loop:
- dir: "/home/.xray_ami/.ssh/authorized_keys"
- dir: "/root/.ssh/authorized_keys"
- dir: "/home/centos/.ssh/authorized_keys"
loop_control:
loop_var: ssh_keys
when: ami_creation
- name: shutdown VM
command: /sbin/shutdown -h now
ignore_errors: 'yes'
when: ami_creation

11
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/templates/installer-info.json.j2 Normal file
View File

@@ -0,0 +1,11 @@
{
"productId": "Ansible_artifactory/1.0.0",
"features": [
{
"featureId": "Partner/ACC-006973"
},
{
"featureId": "Channel/{{ ansible_marketplace }}"
}
]
}

1
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/templates/join.key.j2 Normal file
View File

@@ -0,0 +1 @@
{{ join_key }}

1
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/templates/master.key.j2 Normal file
View File

@@ -0,0 +1 @@
{{ master_key }}

36
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/templates/system.yaml.j2 Normal file
View File

@@ -0,0 +1,36 @@
## @formatter:off
## JFROG ARTIFACTORY SYSTEM CONFIGURATION FILE
## HOW TO USE: comment-out any field and keep the correct yaml indentation by deleting only the leading '#' character.
configVersion: 1
## NOTE: JFROG_HOME is a place holder for the JFrog root directory containing the deployed product, the home directory for all JFrog products.
## Replace JFROG_HOME with the real path! For example, in RPM install, JFROG_HOME=/opt/jfrog
## NOTE: Sensitive information such as passwords and join key are encrypted on first read.
## NOTE: The provided commented key and value is the default.
## SHARED CONFIGURATIONS
## A shared section for keys across all services in this config
shared:
## Base URL of the JFrog Platform Deployment (JPD)
## This is the URL to the machine where JFrog Artifactory is deployed, or the load balancer pointing to it. It is recommended to use DNS names rather than direct IPs.
## Examples: "http://jfrog.acme.com" or "http://10.20.30.40:8082"
jfrogUrl: {{ jfrog_url }}
## Node Settings
node:
## A unique id to identify this node.
## Default: auto generated at startup.
id: {{ ansible_machine_id }}
## Database Configuration
database:
## One of: mysql, oracle, mssql, postgresql, mariadb
## Default: Embedded derby
## Example for mysql/postgresql
type: "{{ db_type }}"
driver: "{{ db_driver }}"
url: "{{ db_url }}"
username: "{{ db_user }}"
password: "{{ db_password }}"

2
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/tests/inventory Normal file
View File

@@ -0,0 +1,2 @@
localhost

5
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/tests/test.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- xray

2
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray-ami/vars/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# vars file for xray

29
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/.travis.yml Normal file
View File

@@ -0,0 +1,29 @@
---
language: python
python: "2.7"
# Use the new container infrastructure
sudo: false
# Install ansible
addons:
apt:
packages:
- python-pip
install:
# Install ansible
- pip install ansible
# Check ansible version
- ansible --version
# Create ansible.cfg with correct roles_path
- printf '[defaults]\nroles_path=../' >ansible.cfg
script:
# Basic role syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

29
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/defaults/main.yml Normal file
View File

@@ -0,0 +1,29 @@
---
# defaults file for xray
# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone)
ansible_marketplace: standalone
# The version of xray to install
xray_version: 3.17.4
# whether to enable HA
xray_ha_enabled: true
# The location where xray should install.
xray_download_directory: /opt/jfrog
# whether to customer data directory
use_custom_data_directory: false
# location for customer directory. Will be symlink to as artifactory/var
custom_data_directory: /xray-user-data
# The remote xray download file
xray_tar: https://releases.jfrog.io/artifactory/jfrog-xray/xray-linux/{{ xray_version }}/jfrog-xray-{{ xray_version }}-linux.tar.gz
#The xray install directory
xray_home: "{{ xray_download_directory }}/jfrog-xray-{{ xray_version }}-linux"
#xray users and groups
xray_user: xray
xray_group: xray

2
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/handlers/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# handlers file for xray

53
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/meta/main.yml Normal file
View File

@@ -0,0 +1,53 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.9
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

37
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tasks/Debian.yml Normal file
View File

@@ -0,0 +1,37 @@
---
- name: Install db5.3-util
apt:
deb: "{{ xray_home }}/app/third-party/misc/db5.3-util_5.3.28-3ubuntu3_amd64.deb"
ignore_errors: yes
become: yes
- name: Install db-util
apt:
deb: "{{ xray_home }}/app/third-party/misc/db-util_1_3a5.3.21exp1ubuntu1_all.deb"
ignore_errors: yes
become: yes
- name: Install libssl
apt:
deb: "{{ xray_home }}/app/third-party/rabbitmq/libssl1.1_1.1.0j-1_deb9u1_amd64.deb"
ignore_errors: yes
become: yes
- name: Install socat
apt:
deb: "{{ xray_home }}/app/third-party/rabbitmq/socat_1.7.3.1-2+deb9u1_amd64.deb"
become: yes
- name: Install libwxbase3.0-0v5
apt:
name: libwxbase3.0-0v5
update_cache: yes
state: present
ignore_errors: yes
become: yes
- name: Install erlang
apt:
deb: "{{ xray_home }}/app/third-party/rabbitmq/esl-erlang_21.2.1-1~ubuntu~xenial_amd64.deb"
become: yes

21
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tasks/RedHat.yml Normal file
View File

@@ -0,0 +1,21 @@
---
- name: Install db-utl
yum:
name: "{{ xray_home }}/app/third-party/misc/libdb-utils-5.3.21-19.el7.x86_64.rpm"
state: present
vars:
ansible_python_interpreter: /bin/python2
- name: Install socat
yum:
name: "{{ xray_home }}/app/third-party/rabbitmq/socat-1.7.3.2-2.el7.x86_64.rpm"
state: present
vars:
ansible_python_interpreter: /bin/python2
- name: Install erlang
yum:
name: "{{ xray_home }}/app/third-party/rabbitmq/erlang-23.2.7-1.el7.x86_64.rpm"
state: present
vars:
ansible_python_interpreter: /bin/python2

44
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tasks/custom-data-directory.yml Normal file
View File

@@ -0,0 +1,44 @@
- name: setup directory symlink for using custom data directory/volume
block:
- name: Create a xfs filesystem on /dev/nvme1n1
# First non-root device is always mapped to /dev/nvme1n1
# See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html
community.general.filesystem:
dev: /dev/nvme1n1
fstype: xfs
- name: ensure external data directory exists
file:
path: "{{ custom_data_directory }}"
state: directory
- name: Mount the EBS volume
ansible.posix.mount:
path: "{{ custom_data_directory }}"
src: /dev/nvme1n1
state: mounted
fstype: xfs
- name: set custom data directory permission
file:
path: "{{ custom_data_directory }}"
state: directory
recurse: yes
owner: "{{ xray_user }}"
group: "{{ xray_group }}"
mode: "u=rwX,g=rwX,o=rwX"
- name: remove var directory if exists
file:
path: "{{ xray_home }}/var"
state: absent
- name: symlink custom data directory to var
file:
src: "{{ custom_data_directory }}"
path: "{{ xray_home }}/var"
state: link
owner: "{{ xray_user }}"
group: "{{ xray_group }}"
become: yes
when: use_custom_data_directory and custom_data_directory is defined

52
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tasks/initialize-pg-db.yml Normal file
View File

@@ -0,0 +1,52 @@
- name: initialize Postgres DB
block:
- name: check if user/role exists
command: psql -A -t {{db_master_url}} -c "SELECT 1 FROM pg_roles WHERE rolname='{{db_user}}'"
register: user_exists
- debug:
var: user_exists.stdout_lines
- name: create user/role
command: psql {{db_master_url}} -c "CREATE USER {{db_user}} WITH PASSWORD '{{db_password}}'"
register: shell_output
when: user_exists.stdout != "1"
- debug:
var: shell_output.stdout_lines
when: user_exists.stdout != "1"
- name: grant membership role
command: psql {{db_master_url}} -c "GRANT {{db_user}} TO {{db_master_user}}"
register: shell_output
when: user_exists.stdout != "1"
- debug:
var: shell_output.stdout_lines
when: user_exists.stdout != "1"
- name: check if xraydb exists
command: psql -A -t {{db_master_url}} -c "SELECT 1 FROM pg_database WHERE datname='xraydb'"
register: db_exists
- debug:
var: db_exists.stdout_lines
- name: create xraydb database
command: psql {{db_master_url}} -c "CREATE DATABASE xraydb WITH OWNER={{db_user}} ENCODING='UTF8'"
register: shell_output
when: db_exists.stdout != "1"
- debug:
var: shell_output.stdout_lines
when: db_exists.stdout != "1"
- name: grant xraydb privileges to role
command: psql {{db_master_url}} -c "GRANT ALL PRIVILEGES ON DATABASE xraydb TO {{db_user}}"
register: shell_output
when: db_exists.stdout != "1"
- debug:
var: shell_output.stdout_lines
when: db_exists.stdout != "1"
become: yes

80
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tasks/main.yml Normal file
View File

@@ -0,0 +1,80 @@
---
- name: initialize postgres database
include_tasks: initialize-pg-db.yml
- name: create group for xray
group:
name: "{{ xray_group }}"
state: present
become: yes
- name: create user for xray
user:
name: "{{ xray_user }}"
group: "{{ xray_group }}"
system: yes
become: yes
- name: ensure xray_download_directory exists
file:
path: "{{ xray_download_directory }}"
state: directory
become: yes
- name: perform prerequisite installation
include_tasks: "{{ ansible_os_family }}.yml"
- name: setup directory symlink for using custom data directory/volume
include_tasks: custom-data-directory.yml
when: use_custom_data_directory and custom_data_directory is defined
- name: ensure data subdirectories exist and have correct ownership
file:
path: "{{ xray_home }}/var/{{ item }}"
state: directory
owner: "{{ xray_user }}"
group: "{{ xray_group }}"
loop:
- "etc"
- "data"
- "etc/info"
- "etc/security"
become: yes
- name: configure system yaml
template:
src: system.yaml.j2
dest: "{{ xray_home }}/var/etc/system.yaml"
force: no # only create if file doesn't exist
become: yes
- name: configure master key
template:
src: master.key.j2
dest: "{{ xray_home }}/var/etc/security/master.key"
force: no # only create if file doesn't exist
become: yes
- name: configure join key
template:
src: join.key.j2
dest: "{{ xray_home }}/var/etc/security/join.key"
force: no # only create if file doesn't exist
become: yes
- name: configure installer info
template:
src: installer-info.json.j2
dest: "{{ xray_home }}/var/etc/info/installer-info.json"
force: no # only create if file doesn't exist
become: yes
- name: create xray service
shell: "{{ xray_home }}/app/bin/installService.sh"
become: yes
- name: start and enable xray
service:
name: xray
state: restarted
become: yes

11
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/templates/installer-info.json.j2 Normal file
View File

@@ -0,0 +1,11 @@
{
"productId": "Ansible_artifactory/1.0.0",
"features": [
{
"featureId": "Partner/ACC-006973"
},
{
"featureId": "Channel/{{ ansible_marketplace }}"
}
]
}

1
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/templates/join.key.j2 Normal file
View File

@@ -0,0 +1 @@
{{ join_key }}

1
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/templates/master.key.j2 Normal file
View File

@@ -0,0 +1 @@
{{ master_key }}

39
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/templates/system.yaml.j2 Normal file
View File

@@ -0,0 +1,39 @@
## @formatter:off
## JFROG ARTIFACTORY SYSTEM CONFIGURATION FILE
## HOW TO USE: comment-out any field and keep the correct yaml indentation by deleting only the leading '#' character.
configVersion: 1
## NOTE: JFROG_HOME is a place holder for the JFrog root directory containing the deployed product, the home directory for all JFrog products.
## Replace JFROG_HOME with the real path! For example, in RPM install, JFROG_HOME=/opt/jfrog
## NOTE: Sensitive information such as passwords and join key are encrypted on first read.
## NOTE: The provided commented key and value is the default.
## SHARED CONFIGURATIONS
## A shared section for keys across all services in this config
shared:
## Base URL of the JFrog Platform Deployment (JPD)
## This is the URL to the machine where JFrog Artifactory is deployed, or the load balancer pointing to it. It is recommended to use DNS names rather than direct IPs.
## Examples: "http://jfrog.acme.com" or "http://10.20.30.40:8082"
jfrogUrl: {{ jfrog_url }}
## Java options
extraJavaOpts: "{{ extra_java_opts }}"
## Node Settings
node:
## A unique id to identify this node.
## Default: auto generated at startup.
id: {{ ansible_machine_id }}
## Database Configuration
database:
## One of: mysql, oracle, mssql, postgresql, mariadb
## Default: Embedded derby
## Example for mysql/postgresql
type: "{{ db_type }}"
driver: "{{ db_driver }}"
url: "{{ db_url }}"
username: "{{ db_user }}"
password: "{{ db_password }}"

2
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tests/inventory Normal file
View File

@@ -0,0 +1,2 @@
localhost

5
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/tests/test.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- xray

2
Amazon/artifactory7/v7186/cloudInstallerScripts/roles/xray/vars/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# vars file for xray

12
Amazon/artifactory7/v7186/cloudInstallerScripts/site-artifactory.yml Normal file
View File

@@ -0,0 +1,12 @@
- hosts: localhost
gather_facts: true
become: true
tasks:
- include_role:
name: artifactory
- include_role:
name: artifactory-nginx
when: "enable_ssl != true"
- include_role:
name: artifactory-nginx-ssl
when: "enable_ssl == true"

5
Amazon/artifactory7/v7186/cloudInstallerScripts/site-xray.yml Normal file
View File

@@ -0,0 +1,5 @@
- hosts: localhost
gather_facts: true
become: true
roles:
- name: xray

5
Amazon/artifactory7/v7186/cloudInstallerScripts/xray-ami.yml Normal file
View File

@@ -0,0 +1,5 @@
- hosts: localhost
gather_facts: true
become: true
roles:
- name: xray-ami

425
Amazon/artifactory7/v7186/templates/jfrog-artifactory-core-infrastructure.template.yaml Normal file
View File

@@ -0,0 +1,425 @@
AWSTemplateFormatVersion: '2010-09-09'
Description: 'JFrog Artifactory Quick Start Deployment (qs-1qpmmjh61)'
Parameters:
AvailabilityZones:
Description: List of Availability Zones to use for the subnets in the VPC. Two
Availability Zones are used for this deployment.
Type: List<AWS::EC2::AvailabilityZone::Name>
VpcId:
Type: AWS::EC2::VPC::Id
VpcCidr:
Description: CIDR block for the VPC
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/16
Type: String
PrivateSubnet1Cidr:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/19
Type: String
PrivateSubnet2Cidr:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.32.0/19
Type: String
PrivateSubnet3Cidr:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.64.0/19
Type: String
SubnetIds:
Type: List<AWS::EC2::Subnet::Id>
DatabaseAllocatedStorage:
Type: Number
DatabasePreferredAz:
Type: String
MultiAzDatabase:
Description: Choose false to create an Amazon RDS instance in a single Availability Zone.
ConstraintDescription: True or False
AllowedValues:
- "true"
- "false"
Type: String
DatabaseEngine:
Type: String
DatabaseUser:
Type: String
DatabasePassword:
NoEcho: 'true'
Type: String
DatabaseInstance:
Type: String
DatabaseName:
Type: String
ArtifactoryProduct:
Default: JFrog-Artifactory-Pro
Type: String
ReleaseStage:
Default: GA
Type: String
InstanceType:
Default: m5.xlarge
Type: String
ArtifactoryHostRole:
Type: String
VolumeSize:
Type: Number
Mappings:
DatabaseMap:
Postgres:
Name: postgresql
DatabaseVersion: 11.5
Driver: "org.postgresql.Driver"
Plugin: postgresql-42.2.9.jar
PluginURL: https://jdbc.postgresql.org/download/
port: "5432"
extraDatabaseOps: ""
ReleaseStageMap:
BETA:
ProDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/artifactory-pro"
JcrDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/artifactory-jcr"
NginxDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/nginx-artifactory-pro"
GA:
ProDockerRepo: "docker.bintray.io/jfrog/artifactory-pro"
JcrDockerRepo: "docker.bintray.io/jfrog/artifactory-jcr"
NginxDockerRepo: "docker.bintray.io/jfrog/nginx-artifactory-pro"
ProductMap:
JFrog-Container-Registry:
RepoName: JcrDockerRepo
JFrog-Artifactory-Pro:
RepoName: ProDockerRepo
JavaOptionstoInstance:
c5.2xlarge:
Min: 8
Max: 12
DeploymentSize: Small
c5.4xlarge:
Min: 16
Max: 24
DeploymentSize: Large
m5.large:
Min: 4
Max: 4
DeploymentSize: xxSmall
m5.xlarge:
Min: 8
Max: 12
DeploymentSize: xSmall
m5.2xlarge:
Min: 16
Max: 24
DeploymentSize: Small
m5.4xlarge:
Min: 32
Max: 48
DeploymentSize: Medium
m5.8xlarge:
Min: 64
Max: 96
DeploymentSize: Large
m5.12xlarge:
Min: 96
Max: 144
DeploymentSize: xLarge
m5.16xlarge:
Min: 128
Max: 192
DeploymentSize: xxLarge
m5.24xlarge:
Min: 192
Max: 288
DeploymentSize: xxxLarge
m5.metal:
Min: 192
Max: 288
DeploymentSize: xxxLarge
m5d.large:
Min: 4
Max: 4
DeploymentSize: xxSmall
m5d.xlarge:
Min: 8
Max: 12
DeploymentSize: xSmall
m5d.2xlarge:
Min: 16
Max: 24
DeploymentSize: Small
m5d.4xlarge:
Min: 32
Max: 48
DeploymentSize: Medium
m5d.8xlarge:
Min: 64
Max: 96
DeploymentSize: Large
m5d.12xlarge:
Min: 96
Max: 144
DeploymentSize: xLarge
m5d.16xlarge:
Min: 128
Max: 192
DeploymentSize: xxLarge
m5d.24xlarge:
Min: 192
Max: 288
DeploymentSize: xxxLarge
m5d.metal:
Min: 192
Max: 288
DeploymentSize: xxxLarge
m5a.large:
Min: 4
Max: 4
DeploymentSize: xxSmall
m5a.xlarge:
Min: 8
Max: 12
DeploymentSize: xSmall
m5a.2xlarge:
Min: 16
Max: 24
DeploymentSize: Small
m5a.4xlarge:
Min: 32
Max: 48
DeploymentSize: Medium
m5a.8xlarge:
Min: 64
Max: 96
DeploymentSize: Large
m5a.12xlarge:
Min: 96
Max: 144
DeploymentSize: xLarge
m5a.16xlarge:
Min: 128
Max: 192
DeploymentSize: xxLarge
m5a.24xlarge:
Min: 192
Max: 288
DeploymentSize: xxxLarge
m5ad.large:
Min: 4
Max: 4
DeploymentSize: xxSmall
m5ad.xlarge:
Min: 8
Max: 12
DeploymentSize: xSmall
m5ad.2xlarge:
Min: 16
Max: 24
DeploymentSize: Small
m5ad.4xlarge:
Min: 32
Max: 48
DeploymentSize: Medium
m5ad.12xlarge:
Min: 96
Max: 144
DeploymentSize: xLarge
m5ad.24xlarge:
Min: 192
Max: 288
DeploymentSize: xxxLarge
Conditions:
IsMultiAzDatabase: !Equals [!Ref MultiAzDatabase, 'true']
Resources:
ArtifactoryDatabaseSubnetGroup:
Type: AWS::RDS::DBSubnetGroup
Properties:
DBSubnetGroupDescription: Private Subnets available to the RDS Instance(s)
SubnetIds: !Ref SubnetIds
ArtifactoryDatabase:
Type: AWS::RDS::DBInstance
Properties:
AllocatedStorage: !Ref DatabaseAllocatedStorage
AvailabilityZone: !If [IsMultiAzDatabase, !Ref AWS::NoValue, !Ref DatabasePreferredAz]
BackupRetentionPeriod: 30
DBInstanceClass: !Ref DatabaseInstance
DBName: !Ref DatabaseName
DBSubnetGroupName: !Ref ArtifactoryDatabaseSubnetGroup
Engine: !Ref DatabaseEngine
EngineVersion: !FindInMap
- DatabaseMap
- !Ref DatabaseEngine
- DatabaseVersion
MasterUsername: !Ref DatabaseUser
MasterUserPassword: !Ref DatabasePassword
MultiAZ: !Ref MultiAzDatabase
StorageEncrypted: true
VPCSecurityGroups:
- !Ref ArtifactoryDatabaseSG
ArtifactoryDatabaseSG:
Type: AWS::EC2::SecurityGroup
Properties:
Tags:
- Key: Name
Value: artifactory-rds-sg
GroupDescription: SG for RDS Instance to allow communication from the Bastion and Artifactory servers.
VpcId: !Ref VpcId
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: !Ref VpcCidr
- IpProtocol: tcp
FromPort: !FindInMap
- DatabaseMap
- !Ref DatabaseEngine
- port
ToPort: !FindInMap
- DatabaseMap
- !Ref DatabaseEngine
- port
CidrIp: !Ref PrivateSubnet1Cidr
- IpProtocol: tcp
FromPort: !FindInMap
- DatabaseMap
- !Ref DatabaseEngine
- port
ToPort: !FindInMap
- DatabaseMap
- !Ref DatabaseEngine
- port
CidrIp: !Ref PrivateSubnet2Cidr
- IpProtocol: tcp
FromPort: !FindInMap
- DatabaseMap
- !Ref DatabaseEngine
- port
ToPort: !FindInMap
- DatabaseMap
- !Ref DatabaseEngine
- port
CidrIp: !Ref PrivateSubnet3Cidr
SecurityGroupEgress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
ArtifactoryS3Bucket:
Type: AWS::S3::Bucket
Properties:
AccessControl: Private
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
ArtifactoryS3IAMPolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: S3BucketPermissions
PolicyDocument:
Version: 2012-10-17
Statement:
- Sid: S3BucketPermissions
Effect: Allow
Action:
- s3:*
Resource:
- Fn::Join:
- ''
- - !Sub "arn:${AWS::Partition}:s3:::"
- !Ref ArtifactoryS3Bucket
- Fn::Join:
- ''
- - !Sub "arn:${AWS::Partition}:s3:::"
- !Ref ArtifactoryS3Bucket
- "/*"
Roles:
- !Ref ArtifactoryHostRole
ArtifactoryEbsVolume:
Type: AWS::EC2::Volume
Properties:
AvailabilityZone:
!If
- IsMultiAzDatabase
- !Select
- '0'
- !Ref AvailabilityZones
- !Ref DatabasePreferredAz
Encrypted: false
Size: !Ref VolumeSize
Tags:
- Key: Name
Value: !Sub "Artifactory-${AWS::StackName}"
VolumeType: gp2
DeletionPolicy: Snapshot
UpdateReplacePolicy: Snapshot
Outputs:
S3Bucket:
Value: !Ref ArtifactoryS3Bucket
Description: Actual S3 bucket created for Artifactory
DatabaseDriver:
Value: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Driver]
DatabasePlugin:
Value: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Plugin]
DatabasePluginUrl:
Value: !Sub
- "${MainURL}${PluginVersion}"
- {
MainURL: !FindInMap [DatabaseMap, !Ref DatabaseEngine, PluginURL],
PluginVersion: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Plugin]
}
DatabaseType:
Value: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Name]
DatabaseUrl:
Value: !Sub
- "jdbc:${DatabaseType}://${ArtifactoryDatabaseEndpointAddress}:${port}/${DatabaseName}${extraDatabaseOps}"
- {
DatabaseType: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Name],
ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address,
port: !FindInMap [DatabaseMap, !Ref DatabaseEngine, port],
extraDatabaseOps: !FindInMap [DatabaseMap, !Ref DatabaseEngine, extraDatabaseOps],
}
XrayMasterDatabaseUrl:
Value: !Sub
- "${ArtifactoryDatabaseEndpointAddress}:${port}/${DatabaseName}?sslmode=disable"
- {
ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address,
port: !FindInMap [DatabaseMap, !Ref DatabaseEngine, port],
}
XrayDatabaseUrl:
Value: !Sub
- "${ArtifactoryDatabaseEndpointAddress}:${port}/xraydb?sslmode=disable"
- {
ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address,
port: !FindInMap [DatabaseMap, !Ref DatabaseEngine, port],
}
ProDockerRepo:
Value: !FindInMap
- ReleaseStageMap
- !Ref ReleaseStage
- !FindInMap
- ProductMap
- !Ref ArtifactoryProduct
- RepoName
NginxDockerRepo:
Value: !FindInMap [ReleaseStageMap, !Ref ReleaseStage, NginxDockerRepo]
JavaOpts:
Value: !Sub
- "-Xms${min}g -Xmx${max}g"
- {
min: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, Min],
max: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, Max]
}
DeploymentSize:
Value: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, DeploymentSize]
ArtifactoryEbsVolume:
Value: !Ref ArtifactoryEbsVolume

1110
Amazon/artifactory7/v7186/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

Some files were not shown because too many files have changed in this diff Show More