[ansible] JFrog Platform 7.18.6

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/README.md

@@ -0,0 +1,26 @@
+# Missioncontrol
+The missioncontrol role will install missioncontrol software onto the host. An Artifactory server and Postgress database is required.
+
+### Role Variables
+* _mc_upgrade_only_: Perform an software upgrade only. Default is false.
+
+Additional variables can be found in [defaults/main.yml](./defaults/main.yml).
+## Example Playbook
+```
+---
+- hosts: missioncontrol_servers
+  roles:
+    - missioncontrol
+```
+
+## Upgrades
+The missioncontrol role supports software upgrades. To use a role to perform a software upgrade only, use the _xray_upgrade_only_ variables and specify the version. See the following example.
+
+```
+- hosts: missioncontrol_servers
+  vars:
+    missioncontrol_version: "{{ lookup('env', 'missioncontrol_version_upgrade') }}"
+    mc_upgrade_only: true
+  roles:
+    - missioncontrol
+```

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/defaults/main.yml

@@ -0,0 +1,96 @@
+---
+# defaults file for mc
+# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone)
+ansible_marketplace: standalone
+
+# whether to enable HA
+mc_ha_enabled: false
+
+mc_ha_node_type : master
+
+# The location where mc should install.
+jfrog_home_directory: /opt/jfrog
+
+# The remote mc download file
+mc_tar: https://releases.jfrog.io/artifactory/jfrog-mc/linux/{{ missionControl_version }}/jfrog-mc-{{ missionControl_version }}-linux.tar.gz
+
+
+#The mc install directory
+mc_untar_home: "{{ jfrog_home_directory }}/jfrog-mc-{{ missionControl_version }}-linux"
+mc_home: "{{ jfrog_home_directory }}/mc"
+
+mc_install_script_path: "{{ mc_home }}/app/bin"
+mc_thirdparty_path: "{{ mc_home }}/app/third-party"
+mc_archive_service_cmd: "{{ mc_install_script_path }}/installService.sh"
+
+#mc users and groups
+mc_user: jfmc
+mc_group: jfmc
+
+mc_uid: 1050
+mc_gid: 1050
+
+mc_daemon: mc
+
+# MissionContol ElasticSearch Details
+es_uid: 1060
+es_gid: 1060
+
+mc_es_conf_base: "/etc/elasticsearch"
+mc_es_user: admin
+mc_es_password: admin
+mc_es_url: "http://localhost:8082"
+mc_es_base_url: "http://localhost:8082/elasticsearch"
+mc_es_transport_port: 9300
+
+mc_es_home: "/usr/share/elasticsearch"
+mc_es_data_dir: "/var/lib/elasticsearch"
+mc_es_log_dir: "/var/log/elasticsearch"
+mc_es_java_home: "/usr/share/elasticsearch/jdk"
+mc_es_script_path: "/usr/share/elasticsearch/bin"
+mc_es_searchgaurd_home: "/usr/share/elasticsearch/plugins/search-guard-7"
+
+flow_type: archive
+
+# if this is an upgrade
+mc_upgrade_only: false
+
+mc_system_yaml_template: system.yaml.j2
+
+# Provide systemyaml content below with 2-space indentation
+mc_systemyaml: |-
+  configVersion: 1
+  shared:
+    jfrogUrl: {{ jfrog_url }}
+    node:
+      ip: {{ ansible_host }}
+      id: {{ ansible_hostname }}
+    database:
+      type: "{{ mc_db_type }}"
+      driver: "{{ mc_db_driver }}"
+      url: "{{ mc_db_url }}"
+    elasticsearch:
+      unicastFile: {{ mc_es_conf_base }}/config/unicast_hosts.txt
+      password: {{ mc_es_password }}
+      url: {{ mc_es_url }}
+      username: {{ mc_es_user }}
+    security:
+      joinKey: {{ join_key }}
+  mc:
+    database:
+      username: "{{ mc_db_user }}"
+      password: "{{ mc_db_password }}"
+      schema: "jfmc_server"
+  insight-scheduler:
+    database:
+      username: "{{ mc_db_user }}"
+      password: "{{ mc_db_password }}"
+      schema: "insight_scheduler"
+  insight-server:
+    database:
+      username: "{{ mc_db_user }}"
+      password: "{{ mc_db_password }}"
+      schema: "insight_server"
+  router:
+    entrypoints:
+      internalPort: 8046

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/files/searchguard/localhost.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDY1nDD1cW5ykZV
+rTXrAMJeLuZknW9tg+4s8R+XYrzRMTNr9tAXEYNEa+T92HtqrKaVZtdGiQ6NmS95
+EYezEgVmyGQEuuVlY8ChcX8XgpBsJPBV4+XIRju+RSyEW+ZNkT3EWTRKab+KSgN2
+aZ2OT16UqfJd3JjATZw//xXHRWhCQhchX3nNyzkIgENPtdtSweSLG4NjOHY08U7g
+Zee21MCqa/58NVECJXlqK/Tfw/3SPgCmSHLLCyybWfClLmXXIjBuSTtSOLDPj4pw
+VrZeR0aePs7ZNJnX/tUICNSZeNzs7+n9QUoAiKYSNKSdDw270Lbo5GQdWuM7nkrc
+2txeH8wvAgMBAAECggEAGzbuzZAVp40nlAvlPyrH5PeQmwLXarCq7Uu7Yfir0hA8
+Gp9429cALqThXKrAR/yF+9eodTCGebxxejR6X5MyHQWm5/Znts307fjyBoqwgveF
+N9fJOIBNce1PT7K+Y5szBrhbbmt59Wqh/J6iKQD1J0YdJoKlTp1vBZPdBoxDhZfN
+TgayY4e71ox7Vew+QrxDXzMA3J+EbbBXFL2yOmpNI/FPpEtbCE9arjSa7oZXJAvd
+Aenc6GYctkdbtjpX7zHXz5kHzaAEdmorR+q3w6k8cDHBvc+UoRYgLz3fBaVhhQca
+rP4PYp04ztIn3qcOpVoisUkpsQcev2cJrWeFW0WgAQKBgQD7ZFsGH8cE84zFzOKk
+ee53zjlmIvXqjQWzSkmxy9UmDnYxEOZbn6epK2I5dtCbU9ZZ3f4KM8TTAM5GCOB+
+j4cN/rqM7MdhkgGL/Dgw+yxGVlwkSsQMil16vqdCIRhEhqjChc7KaixuaBNtIBV0
++9ZRfoS5fEjrctX4/lULwS6EAQKBgQDcz/C6PV3mXk8u7B48kGAJaKbafh8S3BnF
+V0zA7qI/aQHuxmLGIQ7hNfihdZwFgYG4h5bXvBKGsxwu0JGvYDNL44R9zXuztsVX
+PEixV572Bx87+mrVEt3bwj3lhbohzorjSF2nnJuFA+FZ0r4sQwudyZ2c8yCqRVhI
+mfj36FWQLwKBgHNw1zfNuee1K6zddCpRb8eGZOdZIJJv5fE6KPNDhgLu2ymW+CGV
+BDn0GSwIOq1JZ4JnJbRrp3O5x/9zLhwQLtWnZuU2CiztDlbJIMilXuSB3dgwmSyl
+EV4/VLFSX0GAkNia96YN8Y9Vra4L8K6Cwx0zOyGuSBIO7uFjcYxvTrwBAoGAWeYn
+AgweAL6Ayn/DR7EYCHydAfO7PvhxXZDPZPVDBUIBUW9fo36uCi7pDQNPBEbXw4Mg
+fLDLch/V55Fu3tHx0IHO3VEdfet5qKyYg+tCgrQfmVG40QsfXGtWu+2X/E+U6Df8
+OVNfVeZghytv1aFuR01gaBfsQqZ87QITBQuIWm0CgYAKdzhETd+jBBLYyOCaS8mh
+zQr/ljIkrZIwPUlBkj6TAsmTJTbh7O6lf50CQMEHyE0MNFOHrvkKn89BObXcmwtV
+92parLTR7RAeaPMRxCZs4Xd/oABYVGFjMa7TVNA2S6HReDqqTpJrCCkyVuYkr1f2
+OflnwX2RlaWl45n0qkwkTw==
+-----END PRIVATE KEY-----

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/files/searchguard/localhost.pem

@@ -0,0 +1,51 @@
+-----BEGIN CERTIFICATE-----
+MIIEcjCCA1qgAwIBAgIGAXY81RkkMA0GCSqGSIb3DQEBCwUAMG4xEzARBgoJkiaJ
+k/IsZAEZFgNjb20xFTATBgoJkiaJk/IsZAEZFgVqZnJvZzEUMBIGA1UECgwLamZy
+b2csIEluYy4xCzAJBgNVBAsMAkNBMR0wGwYDVQQDDBRzaWduaW5nLmNhLmpmcm9n
+LmNvbTAeFw0yMDEyMDcxMDUyNDhaFw0zMDEyMDUxMDUyNDhaMGwxEzARBgoJkiaJ
+k/IsZAEZFgNjb20xGTAXBgoJkiaJk/IsZAEZFglsb2NhbGhvc3QxGDAWBgNVBAoM
+D2xvY2FsaG9zdCwgSW5jLjEMMAoGA1UECwwDT3BzMRIwEAYDVQQDDAlsb2NhbGhv
+c3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY1nDD1cW5ykZVrTXr
+AMJeLuZknW9tg+4s8R+XYrzRMTNr9tAXEYNEa+T92HtqrKaVZtdGiQ6NmS95EYez
+EgVmyGQEuuVlY8ChcX8XgpBsJPBV4+XIRju+RSyEW+ZNkT3EWTRKab+KSgN2aZ2O
+T16UqfJd3JjATZw//xXHRWhCQhchX3nNyzkIgENPtdtSweSLG4NjOHY08U7gZee2
+1MCqa/58NVECJXlqK/Tfw/3SPgCmSHLLCyybWfClLmXXIjBuSTtSOLDPj4pwVrZe
+R0aePs7ZNJnX/tUICNSZeNzs7+n9QUoAiKYSNKSdDw270Lbo5GQdWuM7nkrc2txe
+H8wvAgMBAAGjggEWMIIBEjCBmgYDVR0jBIGSMIGPgBSh7peJvc4Im3WkR6/FaUD/
+aYDa8qF0pHIwcDETMBEGCgmSJomT8ixkARkWA2NvbTEaMBgGCgmSJomT8ixkARkW
+Cmpmcm9namZyb2cxFDASBgNVBAoMC0pGcm9nLCBJbmMuMQswCQYDVQQLDAJDQTEa
+MBgGA1UEAwwRcm9vdC5jYS5qZnJvZy5jb22CAQIwHQYDVR0OBBYEFIuWN8D/hFhl
+w0bdSyG+PmymjpVUMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
+JQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAUBgNVHREEDTALgglsb2NhbGhv
+c3QwDQYJKoZIhvcNAQELBQADggEBAJQJljyNH/bpvmiYO0+d8El+BdaU7FI2Q2Sq
+1xBz/qBQSVmUB0iIeblTdQ58nYW6A/pvh8EnTWE7tRPXw3WQR4it8ldGSDQe2zHt
+9U0hcC7DSzYGxlHLm0UI/LNwzdRy0kY8LArE/zGDSQ+6hp2Op21IHtzGfJnILG5G
+OZdDWOB/e4cQw2/AcnsrapJU4MJCx28l0N9aSx4wr7SNosHuYOO8CimAdsqQukVt
+rcrJZyHNvG5eQUVuQnZRywXDX6tLj8HQHfYLRaMqD57GMU0dg/kvYTYrYR/krbcG
+Qf1D/9GCsn081fYblSfSSRRxrbhdYcoI/6xNHIC2y7bO8ZJD9zw=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEPTCCAyWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBwMRMwEQYKCZImiZPyLGQB
+GRYDY29tMRowGAYKCZImiZPyLGQBGRYKamZyb2dqZnJvZzEUMBIGA1UECgwLSkZy
+b2csIEluYy4xCzAJBgNVBAsMAkNBMRowGAYDVQQDDBFyb290LmNhLmpmcm9nLmNv
+bTAeFw0yMDEyMDcxMDUyNDhaFw0zMDEyMDUxMDUyNDhaMG4xEzARBgoJkiaJk/Is
+ZAEZFgNjb20xFTATBgoJkiaJk/IsZAEZFgVqZnJvZzEUMBIGA1UECgwLamZyb2cs
+IEluYy4xCzAJBgNVBAsMAkNBMR0wGwYDVQQDDBRzaWduaW5nLmNhLmpmcm9nLmNv
+bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALCe74VmqSryFPESO/oq
+bgspiOSwGheG/AbUf/2XXPLZNbZJ/hhuI6T+iSW5FYy3jETwwODDlF8GBN6R33+U
+gNCjXIMBDUOWkETe1fD2zj1HMTC6angykKJy2Xkw+sWniELbYfTu+SLHsBMPQnVI
+jFwDLcbSMbs7ieU/IuQTEnEZxPiKcokOaF7vPntfPwdvRoGwMR0VuX7h+20Af1Il
+3ntOuoasoV66K6KuiBRkSBcsV2ercCRQlpXCvIsTJVWASpSTNrpKy8zejjePw/xs
+ieMGSo6WIxnIJnOLTJWnrw8sZt0tiNrLbB8npSvP67uUMDGhrZ3Tnro9JtujquOE
+zMUCAwEAAaOB4zCB4DASBgNVHRMBAf8ECDAGAQH/AgEAMIGaBgNVHSMEgZIwgY+A
+FBX3TQRxJRItQ/hi81MA3eZggFs7oXSkcjBwMRMwEQYKCZImiZPyLGQBGRYDY29t
+MRowGAYKCZImiZPyLGQBGRYKamZyb2dqZnJvZzEUMBIGA1UECgwLSkZyb2csIElu
+Yy4xCzAJBgNVBAsMAkNBMRowGAYDVQQDDBFyb290LmNhLmpmcm9nLmNvbYIBATAd
+BgNVHQ4EFgQUoe6Xib3OCJt1pEevxWlA/2mA2vIwDgYDVR0PAQH/BAQDAgGGMA0G
+CSqGSIb3DQEBCwUAA4IBAQAzkcvT1tTjnjguRH4jGPxP1fidiM0DWiWZQlRT9Evt
+BkltRwkqOZIdrBLy/KJbOxRSCRaKpxyIYd5bWrCDCWvXArBFDY9j3jGGk8kqXb0/
+VajEKDjHXzJM7HXAzyJO2hKVK4/OoPlzhKqR1ZbZF1F8Omzo7+oNwPqf5Y5hnn2M
+qrUWxE216mWE8v7gvbfu39w9XKTFH1/RPgAAJet2dunyLbz3W5NgyBbCWGj/qJCz
+TUDD9I8az/XX73HLpkXbcEY5/qrPV6EQWzf+ec4EcgrEi0f8gTKzl7OQaqYDxObk
+yixmONVlwYD2FpWqJYAfg04u/CRQMXPPCdUQh/eKrHUg
+-----END CERTIFICATE-----

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/files/searchguard/root-ca.pem

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDvjCCAqagAwIBAgIBATANBgkqhkiG9w0BAQsFADBwMRMwEQYKCZImiZPyLGQB
+GRYDY29tMRowGAYKCZImiZPyLGQBGRYKamZyb2dqZnJvZzEUMBIGA1UECgwLSkZy
+b2csIEluYy4xCzAJBgNVBAsMAkNBMRowGAYDVQQDDBFyb290LmNhLmpmcm9nLmNv
+bTAeFw0yMDEyMDcxMDUyNDdaFw0zMDEyMDUxMDUyNDdaMHAxEzARBgoJkiaJk/Is
+ZAEZFgNjb20xGjAYBgoJkiaJk/IsZAEZFgpqZnJvZ2pmcm9nMRQwEgYDVQQKDAtK
+RnJvZywgSW5jLjELMAkGA1UECwwCQ0ExGjAYBgNVBAMMEXJvb3QuY2EuamZyb2cu
+Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyTSYCbGefbdAHgW
+zxXhCh7gvOUzyThaC6bcvY7yMqVu3YPxMAV1LEz+J0VMeGvu5HzONyGq89TaIKtr
+AyZKxM957Q/TK0NPi0HUIT1wZKPuH89DeH79gfBjyv8XMUhFzKxAaosEa4rhkAMe
+B4ukk9twfGotKU1y4j6m1V1gckeDZDRIW4tNzQbEBsL+ZcxDnCeSAAHW3Djb5yzQ
+Yj3LPIRN0yu0fL8oN4yVn5tysAfXTum7HIuyKp3gfxhQgSXGVIDHd7Z1HcLrUe2o
+2Z7dlsrFCUgHPccOxyFzxGI8bCPFYU75QqbxP699L1chma0It/2D0YxcrXhRkzzg
+wzrBFwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFBX3TQRx
+JRItQ/hi81MA3eZggFs7MB0GA1UdDgQWBBQV900EcSUSLUP4YvNTAN3mYIBbOzAO
+BgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggEBAH5XYiOBvHdd3bRfyHeo
+Y2i7+u59VU3HDdOm/FVI0JqkzFAp6DLk6Ow5w/2MXbasga03lJ9SpHvKVne+VOaH
+Df7xEqCIZeQVofNyOfsl4NOu6NgPSlQx0FZ6lPToZDBGp7D6ftnJcUujGk0W9y7k
+GwxojLnP1f/KyjYTCCK6sDXwSn3fZGF5WmnHlzZEyKlLQoLNoEZ1uTjg2CRsa/RU
+QxobwNzHGbrLZw5pfeoiF7G27RGoUA/S6mfVFQJVDP5Y3/xJRii56tMaJPwPh0sN
+QPLbNvNgeU1dET1msMBnZvzNUko2fmBc2+pU7PyrL9V2pgfHq981Db1ShkNYtMhD
+bMw=
+-----END CERTIFICATE-----

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/files/searchguard/sg_roles.yml

@@ -0,0 +1,7 @@
+_sg_meta:
+  type: "roles"
+  config_version: 2
+
+sg_anonymous:
+  cluster_permissions:
+    - cluster:monitor/health

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/files/searchguard/sg_roles_mapping.yml

@@ -0,0 +1,48 @@
+# In this file users, backendroles and hosts can be mapped to Search Guard roles.
+# Permissions for Search Guard roles are configured in sg_roles.yml
+_sg_meta:
+  type: "rolesmapping"
+  config_version: 2
+
+## Demo roles mapping
+SGS_ALL_ACCESS:
+  description: "Maps admin to SGS_ALL_ACCESS"
+  reserved: true
+  backend_roles:
+    - "admin"
+
+SGS_OWN_INDEX:
+  description: "Allow full access to an index named like the username"
+  reserved: false
+  users:
+    - "*"
+
+SGS_LOGSTASH:
+  reserved: false
+  backend_roles:
+    - "logstash"
+
+SGS_KIBANA_USER:
+  description: "Maps kibanauser to SGS_KIBANA_USER"
+  reserved: false
+  backend_roles:
+    - "kibanauser"
+
+SGS_READALL:
+  reserved: true
+  backend_roles:
+    - "readall"
+
+SGS_MANAGE_SNAPSHOTS:
+  reserved: true
+  backend_roles:
+    - "snapshotrestore"
+
+SGS_KIBANA_SERVER:
+  reserved: true
+  users:
+    - "kibanaserver"
+
+sg_anonymous:
+  backend_roles:
+    - sg_anonymous_backendrole

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/files/searchguard/sgadmin.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCa3GuNbI30EdRs
+S2Dmq87i/4Y7QeOldogzmNYH3m7GMjPFJcJg11Yc2HsAbBYs86fW6gGvO+68bFmY
+X5kYvPN+L8KRUCSvmvjHCGf7ULmxiG2Wh7RPzQaAdvqqkMGW1QDwwxA25tP9KfZv
+nP/08CPmboP8rcCEhX6HCVh0Im+WT3BBxkikjhVaVru2cLPtKtgtBX7a3HY7XMfp
+DRYhXZNf+ZxfWewLQhNNndHwjtuJooLHdtX4WEXUhsrXS7/I+M7BdL/fB0ptwfvg
+x1WvC2JnvNnvgdMBoUevlHjugWBVGo4AhOpFqAmQ8MxXZUhPGinDxjFvwrHYwYm0
+w7tVAnTbAgMBAAECggEAAr7esZKzD5ilnWx7RkKMikAvFyKUkJXvnq6RXXFZoZKm
+/5tPtABEOKbYekoU3SPgeWkLseK568YBbqXM9ySsLerpSIvVIq1T660pHsowP32/
+8MoRkmYOPRj6WgcX/UetEan7r66ktfT9AJpM6gDgzFm5Zgz0knvFawJ7w8Yzqmks
+8JqjA1E433xEUtc00Qm4z7You1I5eyrz1zKxBPZATVM6ScbDq2WXqwgIGUbnAHG2
+6PADvOPP+8Kl0/JNC+SkE8J+KvfCYnJIDZaWTCjdd4cjkFAAHXi16BvF6PY3veel
+/LT2nr1/YmcADCt4wuWGn+1HRF+mJgjqTVcfQSJrbQKBgQDJG45Hmku7fnNAn/A9
+FPHmo7CpymxXpg12yf7BuKr4irpJpa6WmXB6EsxCy91rffQTDEh8TnpJG6yj5vyJ
+b0dEt3u8RtBfx49UhKG/pDYi9mnUuazH0u6BHu+w4fRi3Cju7sY4qM4aj8rnAlU0
+2DnXWEKIfhd+1cXDwyI8DyuvfwKBgQDFIV7ZgI1weZv7EnNiIKs65y4NWG4uG7jB
+Z+Wx8xx9n5OKVxw21NPt2pZzzW3Y3+pRXypcjH13XPrZxfaUt1Y8ylC3/DHFgsid
+iXyfjmit4TWiW9busC09Q8YwFZZbMWj/Wd1PRav3/zDICf3B1QRXEqqpYfUtAbXf
+SaanZNGopQKBgQDFwO77weHOkN1MIvndVoc4QKYrj/1Rgtuif6afX7Pfiqr8WIuB
+U4iiwXFSDZ3BYa1sPZvZgGIHGct9sFmL23y9OZ/W19t3E4kBlxpmlFcXsi8HGz2n
+kOcu2Pjheo8R12P475rDhFqHC/Z9inG28RiPhR6HkVYRRqydf3hejpxqiQKBgEJw
+ZM9ZjFIEKpYMOecwq4VGtTa6Pyg7H6HPqpK3JTsRtWBCy7ePM35O1bZh3kvh689R
+C631i7PXGpSbK+gjgmUqqtnXnc67rXGrDN2Z2Z4A8VqvKVl490ZWuU0reWly1bh6
+SSSWjsceswo4k9XoPXY7TFmaMk/g67M913VDfYYhAoGAXp6HYCZga72N6RdB38TY
+i08c/O/xksfkNVo0SuVqr99uQ5TN+d2+o+t5H9Fekl1y9jUSK6q6q6+Vp8zSiyzV
+GwAWk9u8dBGoNiWs4cOtQAdyeLbGDIHbIv4jeRqqSl87H6R6wJY4+fWdfm9/KEG7
+N957kwur+XYzE0RfG5wgS3o=
+-----END PRIVATE KEY-----

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/files/searchguard/sgadmin.pem

@@ -0,0 +1,50 @@
+-----BEGIN CERTIFICATE-----
+MIIESjCCAzKgAwIBAgIGAXY81RknMA0GCSqGSIb3DQEBCwUAMG4xEzARBgoJkiaJ
+k/IsZAEZFgNjb20xFTATBgoJkiaJk/IsZAEZFgVqZnJvZzEUMBIGA1UECgwLamZy
+b2csIEluYy4xCzAJBgNVBAsMAkNBMR0wGwYDVQQDDBRzaWduaW5nLmNhLmpmcm9n
+LmNvbTAeFw0yMDEyMDcxMDUyNDlaFw0zMDEyMDUxMDUyNDlaMGYxEzARBgoJkiaJ
+k/IsZAEZFgNjb20xFzAVBgoJkiaJk/IsZAEZFgdzZ2FkbWluMRYwFAYDVQQKDA1z
+Z2FkbWluLCBJbmMuMQwwCgYDVQQLDANPcHMxEDAOBgNVBAMMB3NnYWRtaW4wggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCa3GuNbI30EdRsS2Dmq87i/4Y7
+QeOldogzmNYH3m7GMjPFJcJg11Yc2HsAbBYs86fW6gGvO+68bFmYX5kYvPN+L8KR
+UCSvmvjHCGf7ULmxiG2Wh7RPzQaAdvqqkMGW1QDwwxA25tP9KfZvnP/08CPmboP8
+rcCEhX6HCVh0Im+WT3BBxkikjhVaVru2cLPtKtgtBX7a3HY7XMfpDRYhXZNf+Zxf
+WewLQhNNndHwjtuJooLHdtX4WEXUhsrXS7/I+M7BdL/fB0ptwfvgx1WvC2JnvNnv
+gdMBoUevlHjugWBVGo4AhOpFqAmQ8MxXZUhPGinDxjFvwrHYwYm0w7tVAnTbAgMB
+AAGjgfUwgfIwgZoGA1UdIwSBkjCBj4AUoe6Xib3OCJt1pEevxWlA/2mA2vKhdKRy
+MHAxEzARBgoJkiaJk/IsZAEZFgNjb20xGjAYBgoJkiaJk/IsZAEZFgpqZnJvZ2pm
+cm9nMRQwEgYDVQQKDAtKRnJvZywgSW5jLjELMAkGA1UECwwCQ0ExGjAYBgNVBAMM
+EXJvb3QuY2EuamZyb2cuY29tggECMB0GA1UdDgQWBBSSIpvK2db0wJf7bw1mhYt8
+A0JUQTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAWBgNVHSUBAf8EDDAK
+BggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAn3cM0PDh8vTJS8zZ7HylMpZl
+SaZwd3sxshhBKx4JEc85WQPp60nVADqVhnkVa1rfQQURaMP87hqmzf9eOcesnjn6
+17eSVpDpZ0B1qV46hJd15yYKqFLavqtFpy0ePpk4EoanwJUikphT3yuIB6v3gqfY
+h20t7/XmkjEwfGkmgmXOZNb9uOpKjkotWRR/IslSMxoozsdWYQLaqA0De/7Tqpmi
+mortmVTOtZCX/ZChuN2XzqUnWZT+xIJomAj4ZCOlw03Yd9eUhrDZBmrYHiUmS4VO
+wWFDER3zhwncjg0X2rOqL6N5P8TIfqpVgf1VuDhTAj/GY1ZKrXol28WwQQCA9w==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEPTCCAyWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBwMRMwEQYKCZImiZPyLGQB
+GRYDY29tMRowGAYKCZImiZPyLGQBGRYKamZyb2dqZnJvZzEUMBIGA1UECgwLSkZy
+b2csIEluYy4xCzAJBgNVBAsMAkNBMRowGAYDVQQDDBFyb290LmNhLmpmcm9nLmNv
+bTAeFw0yMDEyMDcxMDUyNDhaFw0zMDEyMDUxMDUyNDhaMG4xEzARBgoJkiaJk/Is
+ZAEZFgNjb20xFTATBgoJkiaJk/IsZAEZFgVqZnJvZzEUMBIGA1UECgwLamZyb2cs
+IEluYy4xCzAJBgNVBAsMAkNBMR0wGwYDVQQDDBRzaWduaW5nLmNhLmpmcm9nLmNv
+bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALCe74VmqSryFPESO/oq
+bgspiOSwGheG/AbUf/2XXPLZNbZJ/hhuI6T+iSW5FYy3jETwwODDlF8GBN6R33+U
+gNCjXIMBDUOWkETe1fD2zj1HMTC6angykKJy2Xkw+sWniELbYfTu+SLHsBMPQnVI
+jFwDLcbSMbs7ieU/IuQTEnEZxPiKcokOaF7vPntfPwdvRoGwMR0VuX7h+20Af1Il
+3ntOuoasoV66K6KuiBRkSBcsV2ercCRQlpXCvIsTJVWASpSTNrpKy8zejjePw/xs
+ieMGSo6WIxnIJnOLTJWnrw8sZt0tiNrLbB8npSvP67uUMDGhrZ3Tnro9JtujquOE
+zMUCAwEAAaOB4zCB4DASBgNVHRMBAf8ECDAGAQH/AgEAMIGaBgNVHSMEgZIwgY+A
+FBX3TQRxJRItQ/hi81MA3eZggFs7oXSkcjBwMRMwEQYKCZImiZPyLGQBGRYDY29t
+MRowGAYKCZImiZPyLGQBGRYKamZyb2dqZnJvZzEUMBIGA1UECgwLSkZyb2csIElu
+Yy4xCzAJBgNVBAsMAkNBMRowGAYDVQQDDBFyb290LmNhLmpmcm9nLmNvbYIBATAd
+BgNVHQ4EFgQUoe6Xib3OCJt1pEevxWlA/2mA2vIwDgYDVR0PAQH/BAQDAgGGMA0G
+CSqGSIb3DQEBCwUAA4IBAQAzkcvT1tTjnjguRH4jGPxP1fidiM0DWiWZQlRT9Evt
+BkltRwkqOZIdrBLy/KJbOxRSCRaKpxyIYd5bWrCDCWvXArBFDY9j3jGGk8kqXb0/
+VajEKDjHXzJM7HXAzyJO2hKVK4/OoPlzhKqR1ZbZF1F8Omzo7+oNwPqf5Y5hnn2M
+qrUWxE216mWE8v7gvbfu39w9XKTFH1/RPgAAJet2dunyLbz3W5NgyBbCWGj/qJCz
+TUDD9I8az/XX73HLpkXbcEY5/qrPV6EQWzf+ec4EcgrEi0f8gTKzl7OQaqYDxObk
+yixmONVlwYD2FpWqJYAfg04u/CRQMXPPCdUQh/eKrHUg
+-----END CERTIFICATE-----

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+# handlers file for missioncontrol
+- name: restart missioncontrol
+  become: yes
+  systemd:
+    name: "{{ mc_daemon }}"
+    state: restarted

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/meta/main.yml

@@ -0,0 +1,16 @@
+galaxy_info:
+  author: "JFrog Maintainers Team <installers@jfrog.com>"
+  description: "The missionControl role will install missionControl software onto the host. An Artifactory server and Postgress database is required."
+  company: JFrog
+
+  issue_tracker_url: "https://github.com/jfrog/JFrog-Cloud-Installers/issues"
+
+  license: license (Apache-2.0)
+
+  min_ansible_version: 2.9
+
+  galaxy_tags:
+    - missionControl
+    - jfrog
+
+dependencies: []

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/expect.yml

@@ -0,0 +1,44 @@
+- name: Prepare expect scenario script
+  set_fact:
+    expect_scenario: |
+        set timeout 300
+        spawn {{ exp_executable_cmd }}
+        expect_before timeout { exit 1 }
+        set CYCLE_END 0
+        set count 0
+
+        while { $CYCLE_END == 0 } {
+            expect {
+                {% for each_request in exp_scenarios %}
+                    -nocase -re {{ '{' }}{{ each_request.expecting }}.*} {
+                        send "{{ each_request.sending }}\n"
+                    }
+                {% endfor %}
+                eof {
+                    set CYCLE_END 1
+                }
+            }
+            set count "[expr $count + 1]"
+            if { $count > 16} {
+                exit 128
+            }
+        }
+
+        expect eof
+        lassign [wait] pid spawnid os_error_flag value
+
+        if {$os_error_flag == 0} {
+            puts "INSTALLER_EXIT_STATUS-$value"
+        } else {
+            puts "INSTALLER_EXIT_STATUS-$value"
+        }
+
+- name: Interactive with expect
+  become: yes
+  ignore_errors: yes
+  shell: |
+    {{ expect_scenario }}
+  args:
+    executable: /usr/bin/expect
+    chdir: "{{ exp_dir }}"
+  register: exp_result

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/install.yml

@@ -0,0 +1,150 @@
+---
+- debug:
+    msg: "Performing installation of missionControl version - {{ missioncontrol_version }}"
+
+- name: Install expect dependency
+  become: yes
+  yum:
+    name: expect
+    state: present
+  when: ansible_os_family == 'Redhat'
+
+- name: Install expect dependency 
+  become: yes
+  apt:
+    name: expect
+    state: present
+    update_cache: yes
+  when: ansible_os_family == 'Debian'
+
+- name: Ensure group jfmc exist
+  become: yes
+  group:
+    name: "{{ mc_group }}"
+    gid: "{{ mc_gid }}"
+    state: present
+
+- name: Ensure user jfmc exist
+  become: yes
+  user:
+    uid: "{{ mc_uid }}"
+    name: "{{ mc_user }}"
+    group: "{{ mc_group }}"
+    create_home: yes
+    home: "{{ mc_home }}"
+    shell: /bin/bash
+    state: present
+
+- name: Download mc
+  become: yes
+  unarchive:
+    src: "{{ mc_tar }}"
+    dest: "{{ jfrog_home_directory }}"
+    remote_src: yes
+    owner: "{{ mc_user }}"
+    group: "{{ mc_group }}"
+    creates: "{{ mc_untar_home }}"
+  register: downloadmc
+  until: downloadmc is succeeded
+  retries: 3
+
+- name: Check if app directory exists
+  become: yes
+  stat:
+    path: "{{ mc_home }}/app"
+  register: app_dir_check
+
+- name: Copy untar directory to mc home
+  become: yes
+  command: "cp -r {{ mc_untar_home }}/. {{ mc_home }}"
+  when: not app_dir_check.stat.exists
+
+- name: Create required directories 
+  become: yes
+  file:
+    path: "{{ item }}"
+    state: directory
+    recurse: yes
+    owner: "{{ mc_user }}"
+    group: "{{ mc_group }}"
+  loop:
+    - "{{ mc_home }}/var/etc"
+    - "{{ mc_home }}/var/etc/security/"
+    - "{{ mc_home }}/var/etc/info/"
+
+- name: Configure master key
+  become: yes
+  copy:
+    dest: "{{ mc_home }}/var/etc/security/master.key"
+    content: |
+      {{ master_key }}
+    owner: "{{ mc_user }}"
+    group: "{{ mc_group }}"
+    mode: 0640
+
+- name: Setup elasticsearch
+  import_tasks: setup-elasticsearch.yml
+
+- name: Check if install.sh wrapper script exist
+  become: yes
+  stat:
+    path: "{{ mc_install_script_path }}/install.sh"
+  register: install_wrapper_script
+
+- name: Include interactive installer scripts
+  include_vars: script/archive.yml
+
+- name: Install JFMC
+  include_tasks: expect.yml
+  vars:
+    exp_executable_cmd: "./install.sh -u {{ mc_user }} -g {{ mc_group }}"
+    exp_dir: "{{ mc_install_script_path }}"
+    exp_scenarios: "{{ mc_installer_scenario['main'] }}"
+  args: 
+    apply:
+      environment: 
+        YQ_PATH: "{{ mc_thirdparty_path }}/yq" 
+  when: install_wrapper_script.stat.exists
+
+- name: Configure installer info
+  become: yes
+  template:
+    src: installer-info.json.j2
+    dest: "{{ mc_home }}/var/etc/info/installer-info.json"
+  notify: restart missioncontrol
+
+- name: Configure systemyaml
+  become: yes
+  template:
+    src: "{{ mc_system_yaml_template }}"
+    dest: "{{ mc_home }}/var/etc/system.yaml"
+  notify: restart missioncontrol
+
+- name: Update correct permissions
+  become: yes
+  file:
+    path: "{{ mc_home }}"
+    state: directory
+    recurse: yes
+    owner: "{{ mc_user }}"
+    group: "{{ mc_group }}"
+    mode: '0755'
+
+- name: Install mc as a service
+  become: yes
+  shell: |
+    {{ mc_archive_service_cmd }}
+  args:
+    chdir: "{{ mc_install_script_path }}"
+  register: check_service_status_result
+  ignore_errors: yes
+
+- name: Restart missioncontrol
+  meta: flush_handlers
+
+- name : Wait for missionControl to be fully deployed  
+  uri: url=http://127.0.0.1:8082/router/api/v1/system/health timeout=130
+  register: result
+  until: result.status == 200
+  retries: 25
+  delay: 5

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/main.yml

@@ -0,0 +1,6 @@
+- name: perform installation
+  include_tasks: "install.yml"
+  when: not mc_upgrade_only
+- name: perform upgrade
+  include_tasks: "upgrade.yml"
+  when: mc_upgrade_only

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/setup-elasticsearch.yml

@@ -0,0 +1,179 @@
+- name: Ensure group elasticsearch exists
+  become: yes
+  group:
+    name: elasticsearch
+    gid: "{{ es_gid }}"
+    state: present
+
+- name: Ensure user elasticsearch exists
+  become: yes
+  user:
+    name: elasticsearch
+    uid: "{{ es_uid }}"
+    group: elasticsearch
+    create_home: yes
+    home: "{{ mc_es_home }}"
+    shell: /bin/bash
+    state: present
+
+- name: Create required directories 
+  become: yes
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0755
+    recurse: yes
+    owner: elasticsearch
+    group: elasticsearch
+  loop:
+    - "{{ mc_es_conf_base }}"
+    - "{{ mc_es_data_dir }}"
+    - "{{ mc_es_log_dir }}"
+    - "{{ mc_es_home }}"
+
+- name: Set max file descriptors limit
+  become: yes
+  pam_limits:
+    domain: 'elasticsearch'
+    limit_type: '-'
+    limit_item: nofile
+    value: '65536'
+
+- name: Update nproc limit
+  become: yes
+  pam_limits:
+    domain: 'elasticsearch'
+    limit_type: '-'
+    limit_item: nproc
+    value: '4096'
+
+- name: Setting sysctl values
+  become: yes
+  sysctl: name={{ item.name }} value={{ item.value }} sysctl_set=yes
+  loop:
+    - { name: "vm.max_map_count", value: 262144}
+  ignore_errors: yes
+
+- name: Find elasticsearch package
+  become: yes
+  find:
+    paths: "{{ mc_home }}/app/third-party/elasticsearch"
+    patterns: "^elasticsearch-oss-.+\\.tar.gz$"
+    use_regex: yes
+    file_type: file
+  register: check_elasticsearch_package_result
+
+- name: Set elasticsearch package file name
+  set_fact:
+    mc_elasticsearch_package: "{{ check_elasticsearch_package_result.files[0].path }}"
+  when: check_elasticsearch_package_result.matched > 0
+
+- name: Ensure /usr/share/elasticsearch  exists
+  file:
+    path: "{{ mc_es_home }}"
+    state: directory
+    owner: elasticsearch
+    group: elasticsearch
+  become: yes
+
+- name: Extract elasticsearch package
+  become: yes
+  become_user: elasticsearch
+  ignore_errors: yes
+  unarchive:
+    src: "{{ mc_elasticsearch_package }}"
+    dest: "{{ mc_es_home }}"
+    remote_src: yes
+    extra_opts:
+      - --strip-components=1
+    owner: elasticsearch
+    group: elasticsearch
+  register: unarchive_result
+  when: check_elasticsearch_package_result.matched > 0
+
+- name: Copy elasticsearch config files to ES_PATH_CONF dir
+  become: yes
+  command: "cp -r {{ mc_es_home }}/config/. {{ mc_es_conf_base }}/"
+
+- name: Remove elasticsearch config dir
+  become: yes
+  file:
+    path: "{{ mc_es_home }}/config"
+    state: absent
+
+- name: Generate HA elasticsearch.yml template file
+  become: yes
+  ignore_errors: yes
+  template:
+    src: templates/ha/{{ mc_ha_node_type }}.elasticsearch.yml.j2
+    dest: "{{ mc_es_conf_base }}/elasticsearch.yml"
+    owner: elasticsearch
+    group: elasticsearch
+  when:
+    - unarchive_result.extract_results.rc | default(128) == 0
+    - flow_type in ["ha-cluster", "ha-upgrade"]
+
+- name: Generate elasticsearch.yml template file
+  become: yes
+  template:
+    src: templates/elasticsearch.yml.j2
+    dest: "{{ mc_es_conf_base }}/elasticsearch.yml"
+    owner: elasticsearch
+    group: elasticsearch
+  when:
+    - unarchive_result.extract_results.rc | default(128) == 0
+    - flow_type in ["archive", "upgrade"]
+
+- name: Create empty unicast_hosts.txt file
+  become: yes
+  file:
+    path: "{{ mc_es_conf_base }}/unicast_hosts.txt"
+    state: touch
+    mode: 0664
+    owner: elasticsearch
+    group: elasticsearch
+
+- name: Setup searchguard plugin
+  import_tasks: setup-searchguard.yml
+
+- name: Update directories permissions
+  become: yes
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0755
+    recurse: yes
+    owner: elasticsearch
+    group: elasticsearch
+  loop:
+    - "{{ mc_es_conf_base }}"
+    - "{{ mc_es_data_dir }}"
+    - "{{ mc_es_log_dir }}"
+    - "{{ mc_es_home }}"
+    
+- name: Start elasticsearch
+  become: yes
+  become_user: elasticsearch
+  shell: "{{ mc_es_script_path }}/elasticsearch -d"
+  environment:
+    JAVA_HOME: "{{ mc_es_java_home }}"
+    ES_PATH_CONF: "{{ mc_es_conf_base }}/"
+  register: start_elasticsearch_result
+  when: unarchive_result.extract_results.rc | default(128) == 0
+
+- name: Wait for elasticsearch to start
+  pause:
+    seconds: 15
+
+- name: Init searchguard plugin
+  become: yes
+  become_user: elasticsearch
+  shell: |
+    ./sgadmin.sh -p {{ mc_es_transport_port }} -cacert root-ca.pem \
+    -cert sgadmin.pem -key sgadmin.key -cd {{ mc_es_searchgaurd_home }}/sgconfig/ -nhnv -icl
+  args:
+    chdir: "{{ mc_es_searchgaurd_home }}/tools/"
+  environment:
+    JAVA_HOME: "{{ mc_es_java_home }}"
+  register: install_searchguard_result
+  when: check_searchguard_bundle_result.matched == 1

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/setup-searchguard.yml

@@ -0,0 +1,100 @@
+- name: Copy elasticsearch certificate
+  become: yes
+  copy:
+    mode: 0600
+    src: files/searchguard/localhost.pem
+    dest: "{{ mc_es_conf_base }}/localhost.pem"
+    owner: elasticsearch
+    group: elasticsearch
+
+- name: Copy elasticsearch private key
+  become: yes
+  copy:
+    mode: 0600
+    src: files/searchguard/localhost.key
+    dest: "{{ mc_es_conf_base }}/localhost.key"
+    owner: elasticsearch
+    group: elasticsearch
+
+- name: Copy searchguard root ca
+  become: yes
+  copy:
+    mode: 0600
+    src: files/searchguard/root-ca.pem
+    dest: "{{ mc_es_conf_base }}/root-ca.pem"
+    owner: elasticsearch
+    group: elasticsearch
+
+- name: Find searchguard bundle
+  find:
+    paths: "{{ mc_home }}/app/third-party/elasticsearch/"
+    patterns: "^search-guard-.+\\.zip$"
+    use_regex: yes
+    file_type: file
+  register: check_searchguard_bundle_result
+
+- name: Install searchguard plugin
+  become: yes
+  become_user: elasticsearch
+  ignore_errors: yes
+  shell: |
+    {{ mc_es_script_path }}/elasticsearch-plugin install \
+    -b file://{{ check_searchguard_bundle_result.files[0].path }}
+  environment:
+    JAVA_HOME: "{{ mc_es_java_home }}"
+    ES_PATH_CONF: "{{ mc_es_conf_base }}/"
+  register: install_searchguard_result
+  when: check_searchguard_bundle_result.matched == 1
+
+- name: Copy searchguard admin certificate
+  become: yes
+  copy:
+    mode: 0600
+    src: files/searchguard/sgadmin.pem
+    dest: "{{ mc_es_searchgaurd_home }}/tools/sgadmin.pem"
+    owner: elasticsearch
+    group: elasticsearch
+
+- name: Copy searchguard admin private key
+  become: yes
+  copy:
+    mode: 0600
+    src: files/searchguard/sgadmin.key
+    dest: "{{ mc_es_searchgaurd_home }}/tools/sgadmin.key"
+    owner: elasticsearch
+    group: elasticsearch
+
+- name: Copy searchguard root ca
+  become: yes
+  copy:
+    mode: 0600
+    src: files/searchguard/root-ca.pem
+    dest: "{{ mc_es_searchgaurd_home }}/tools/root-ca.pem"
+    owner: elasticsearch
+    group: elasticsearch
+
+- name: Copy roles template
+  become: yes
+  copy:
+    mode: 0600
+    src: files/searchguard/sg_roles.yml
+    dest: "{{ mc_es_searchgaurd_home }}/sgconfig/sg_roles.yml"
+    owner: elasticsearch
+    group: elasticsearch
+
+- name: Copy roles template
+  become: yes
+  copy:
+    mode: 0600
+    src: files/searchguard/sg_roles_mapping.yml
+    dest: "{{ mc_es_searchgaurd_home }}/sgconfig/sg_roles_mapping.yml"
+    owner: elasticsearch
+    group: elasticsearch
+
+- name: Check execution bit
+  become: yes
+  file:
+    path: "{{ mc_es_searchgaurd_home }}/tools/sgadmin.sh"
+    owner: elasticsearch
+    group: elasticsearch
+    mode: 0700

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/upgrade-elasticsearch.yml

@@ -0,0 +1,113 @@
+- name: Get elasticsearch pid
+  shell: "ps -ef | grep -v grep | grep -w elasticsearch | awk '{print $2}'"
+  register: elasticsearch_pid
+
+- name: Stop elasticsearch before upgrade
+  become: yes
+  shell: kill -9 {{ elasticsearch_pid.stdout }}
+  when: elasticsearch_pid.stdout | length > 0
+
+- name: Waiting until all running processes are killed
+  wait_for:
+    path: "/proc/{{ elasticsearch_pid.stdout }}/status"
+    state: absent
+  when: elasticsearch_pid.stdout | length > 0
+
+- name: Find searchguard bundle for removal
+  become: yes
+  find:
+    paths: "{{ mc_home }}/app/third-party/elasticsearch/"
+    patterns: "^search-guard-.+\\.zip$"
+    use_regex: yes
+    file_type: file
+  register: check_searchguard_bundle_result
+
+- name: Remove searchguard plugin
+  become: yes
+  become_user: elasticsearch
+  ignore_errors: yes
+  shell: |
+    {{ mc_es_script_path }}/elasticsearch-plugin remove {{ check_searchguard_bundle_result.files[0].path }}
+  environment:
+    JAVA_HOME: "{{ mc_es_java_home }}"
+    ES_PATH_CONF: "{{ mc_es_conf_base }}/config"
+  register: remove_searchguard_result
+  when: check_searchguard_bundle_result.matched == 1
+
+- name: Delete elasticsearch home dir
+  become: yes
+  file:
+    path: "{{ mc_es_home }}"
+    state: absent
+
+- name: Create elasticsearch home dir
+  become: yes
+  file:
+    path: "{{ mc_es_home }}"
+    state: directory
+    mode: 0755
+    owner: elasticsearch
+    group: elasticsearch
+
+- name: Find elasticsearch package
+  become: yes
+  find:
+    paths: "{{ mc_home }}/app/third-party/elasticsearch"
+    patterns: "^elasticsearch-oss-.+\\.tar.gz$"
+    use_regex: yes
+    file_type: file
+  register: check_elasticsearch_package_result
+
+- name: Set elasticsearch package file name
+  set_fact:
+    mc_elasticsearch_package: "{{ check_elasticsearch_package_result.files[0].path }}"
+  when: check_elasticsearch_package_result.matched > 0
+
+- name: Extract elasticsearch package
+  become: yes
+  become_user: elasticsearch
+  ignore_errors: yes
+  unarchive:
+    src: "{{ mc_elasticsearch_package }}"
+    dest: "{{ mc_es_home }}"
+    remote_src: yes
+    extra_opts:
+      - --strip-components=1
+      - --exclude=config
+    owner: elasticsearch
+    group: elasticsearch
+  register: unarchive_result
+  when: check_elasticsearch_package_result.matched > 0
+
+- name: Generate HA elasticsearch.yml template file
+  become: yes
+  ignore_errors: yes
+  template:
+    src: templates/ha/{{ mc_ha_node_type }}.elasticsearch.yml.j2
+    dest: "{{ mc_es_conf_base }}/elasticsearch.yml"
+    owner: elasticsearch
+    group: elasticsearch
+  when: unarchive_result.extract_results.rc | default(128) == 0
+
+- name: Create empty unicast_hosts.txt file
+  become: yes
+  file:
+    path: "{{ mc_es_conf_base }}/unicast_hosts.txt"
+    state: touch
+    mode: 0644
+    owner: elasticsearch
+    group: elasticsearch
+
+- name: Upgrade searchguard plugin
+  import_tasks: upgrade-searchguard.yml
+
+- name: Start elasticsearch
+  become: yes
+  become_user: elasticsearch
+  ignore_errors: yes
+  shell: "{{ mc_es_script_path }}/elasticsearch -d"
+  environment:
+    JAVA_HOME: "{{ mc_es_java_home }}"
+    ES_PATH_CONF: "{{ mc_es_conf_base }}/"
+  when: unarchive_result.extract_results.rc | default(128) == 0
+  register: start_elastcsearch_upgraded

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/upgrade-searchguard.yml

@@ -0,0 +1,100 @@
+- name: Create elasticsearch config path folder
+  become: yes
+  file:
+    path: "{{ mc_es_conf_base }}/searchguard"
+    state: directory
+    mode: 0755
+    owner: elasticsearch
+    group: elasticsearch
+
+- name: Copy elasticsearch certificate
+  become: yes
+  copy:
+    mode: 0600
+    src: files/searchguard/localhost.pem
+    dest: "{{ mc_es_conf_base }}/localhost.pem"
+    owner: elasticsearch
+    group: elasticsearch
+
+- name: Copy elasticsearch private key
+  become: yes
+  copy:
+    mode: 0600
+    src: files/searchguard/localhost.key
+    dest: "{{ mc_es_conf_base }}/localhost.key"
+    owner: elasticsearch
+    group: elasticsearch
+
+- name: Copy searchguard admin certificate
+  become: yes
+  copy:
+    mode: 0600
+    src: files/searchguard/sgadmin.pem
+    dest: "{{ mc_es_conf_base }}/searchguard/sgadmin.pem"
+    owner: elasticsearch
+    group: elasticsearch
+
+- name: Copy searchguard admin private key
+  become: yes
+  copy:
+    mode: 0600
+    src: files/searchguard/sgadmin.key
+    dest: "{{ mc_es_conf_base }}/searchguard/sgadmin.key"
+    owner: elasticsearch
+    group: elasticsearch
+
+- name: Copy searchguard root ca
+  become: yes
+  copy:
+    mode: 0600
+    src: files/searchguard/root-ca.pem
+    dest: "{{ mc_es_conf_base }}/root-ca.pem"
+    owner: elasticsearch
+    group: elasticsearch
+
+- name: Find searchguard bundle
+  find:
+    paths: "{{ mc_home }}/app/third-party/elasticsearch/"
+    patterns: "^search-guard-.+\\.zip$"
+    use_regex: yes
+    file_type: file
+  register: check_searchguard_bundle_result
+
+- name: Install searchguard plugin
+  become: yes
+  become_user: elasticsearch
+  ignore_errors: yes
+  shell: |
+    {{ mc_es_script_path }}/elasticsearch-plugin install \
+        -b file://{{ check_searchguard_bundle_result.files[0].path }}
+  environment:
+    JAVA_HOME: "{{ mc_es_java_home }}"
+    ES_PATH_CONF: "{{ mc_es_conf_base }}/"
+  register: install_searchguard_result
+  when: check_searchguard_bundle_result.matched == 1
+
+- name: Copy roles template
+  become: yes
+  copy:
+    mode: 0600
+    src: files/searchguard/sg_roles.yml
+    dest: "{{ mc_es_home }}/plugins/search-guard-7/sgconfig/sg_roles.yml"
+    owner: elasticsearch
+    group: elasticsearch
+
+- name: Copy roles template
+  become: yes
+  copy:
+    mode: 0600
+    src: files/searchguard/sg_roles_mapping.yml
+    dest: "{{ mc_es_home }}/plugins/search-guard-7/sgconfig/sg_roles_mapping.yml"
+    owner: elasticsearch
+    group: elasticsearch
+
+- name: Check execution bit
+  become: yes
+  file:
+    path: "{{ mc_es_home }}/plugins/search-guard-7/tools/sgadmin.sh"
+    owner: elasticsearch
+    group: elasticsearch
+    mode: 0700

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/upgrade.yml

@@ -0,0 +1,96 @@
+---
+- debug:
+    msg: "Performing Upgrade of missionControl version - {{ missioncontrol_version }}"
+
+- name: Stop mc service
+  become: yes
+  systemd:
+    name: "{{ mc_daemon }}"
+    state: stopped
+
+- name: Download mc for upgrade
+  unarchive:
+    src: "{{ mc_tar }}"
+    dest: "{{ jfrog_home_directory }}"
+    remote_src: yes
+    owner: "{{ mc_user }}"
+    group: "{{ mc_group }}"
+    creates: "{{ mc_untar_home }}"
+  become: yes
+  register: downloadmc
+  until: downloadmc is succeeded
+  retries: 3
+
+- name: Delete current app folder
+  become: yes
+  file:
+    path: "{{ mc_home }}/app"
+    state: absent
+
+- name: Copy new app to mc app
+  command: "cp -r {{ mc_untar_home }}/app/. {{ mc_home }}/app"
+  become: yes
+
+- name: Delete untar directory
+  file:
+    path: "{{ mc_untar_home }}"
+    state: absent
+  become: yes
+
+- name: Upgrade elasticsearch
+  import_tasks: upgrade-elasticsearch.yml
+
+- name: Check if install.sh wrapper script exist
+  become: yes
+  stat:
+    path: "{{ mc_install_script_path }}/install.sh"
+  register: upgrade_wrapper_script
+
+- name: Include interactive installer scripts
+  include_vars: script/archive.yml
+
+- name: Upgrade JFMC
+  include_tasks: expect.yml
+  vars:
+    exp_executable_cmd: "./install.sh -u {{ mc_user }} -g {{ mc_group }}"
+    exp_dir: "{{ mc_install_script_path }}"
+    exp_scenarios: "{{ mc_installer_scenario['main'] }}"
+  args: 
+    apply:
+      environment: 
+        YQ_PATH: "{{ mc_thirdparty_path }}/yq" 
+  when: upgrade_wrapper_script.stat.exists
+
+- name: Configure installer info
+  become: yes
+  template:
+    src: installer-info.json.j2
+    dest: "{{ mc_home }}/var/etc/info/installer-info.json"
+  notify: restart missioncontrol
+
+- name: Configure systemyaml
+  template:
+    src: "{{ mc_system_yaml_template }}"
+    dest: "{{ mc_home }}/var/etc/system.yaml"
+  become: yes
+  notify: restart missioncontrol
+
+- name: Update correct permissions
+  become: yes
+  file:
+    path: "{{ mc_home }}"
+    state: directory
+    recurse: yes
+    owner: "{{ mc_user }}"
+    group: "{{ mc_group }}"
+    mode: '0755'
+
+- name: Restart missioncontrol
+  meta: flush_handlers
+
+- name : Wait for missionControl to be fully deployed  
+  uri: url=http://127.0.0.1:8082/router/api/v1/system/health timeout=130
+  register: result
+  until: result.status == 200
+  retries: 25
+  delay: 5

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/templates/elasticsearch.yml.j2

@@ -0,0 +1,21 @@
+discovery.seed_providers: file
+transport.port: {{ mc_es_transport_port }}
+transport.host: 0.0.0.0
+transport.publish_host: {{ ansible_host }}
+network.host: 0.0.0.0
+node.name: {{ ansible_host }}
+cluster.initial_master_nodes: {{ ansible_host }}
+bootstrap.memory_lock: false
+path.data: {{ mc_es_data_dir }}
+path.logs: {{ mc_es_log_dir }}
+
+searchguard.ssl.transport.pemcert_filepath: localhost.pem
+searchguard.ssl.transport.pemkey_filepath: localhost.key
+searchguard.ssl.transport.pemtrustedcas_filepath: root-ca.pem
+searchguard.ssl.transport.enforce_hostname_verification: false
+searchguard.ssl.transport.resolve_hostname: false
+searchguard.nodes_dn:
+- CN=localhost,OU=Ops,O=localhost\, Inc.,DC=localhost,DC=com
+searchguard.authcz.admin_dn:
+- CN=sgadmin,OU=Ops,O=sgadmin\, Inc.,DC=sgadmin,DC=com
+searchguard.enterprise_modules_enabled: false

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/templates/ha/master.elasticsearch.yml.j2

@@ -0,0 +1,14 @@
+discovery.seed_providers: file
+
+{% if mc_elasticsearch_package | regex_search(".*oss-7.*") %}
+cluster.initial_master_nodes: {{ ansible_host }}
+{% endif %}
+
+path.data: {{ mc_es_home }}/data
+path.logs: {{ mc_es_home }}/logs
+
+network.host: 0.0.0.0
+node.name: {{ ansible_host }}
+transport.host: 0.0.0.0
+transport.port: 9300
+transport.publish_host: {{ ansible_host }}

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/templates/ha/master.system.yaml.j2

@@ -0,0 +1,21 @@
+configVersion: 1
+shared:
+  jfrogUrl: {{ jfrog_url }}
+  node:
+    ip: {{ ansible_host }}
+  database:
+    type: "{{ mc_db_type }}"
+    driver: "{{ mc_db_driver }}"
+    url: "{{ mc_db_url }}"
+    username: "{{ mc_db_user }}"
+    password: "{{ mc_db_password }}"
+  elasticsearch:
+    unicastFile: {{ mc_es_conf_base }}/unicast_hosts.txt
+    password: {{ mc_es_password }}
+    url: {{ mc_es_url }}
+    username: {{ mc_es_user }}
+  security:
+    joinKey: {{ join_key }}
+router:
+  entrypoints:
+    internalPort: 8046

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/templates/ha/slave.elasticsearch.yml.j2

@@ -0,0 +1,11 @@
+#bootstrap.memory_lock: true
+discovery.seed_providers: file
+
+path.data: {{ mc_es_home }}/data
+path.logs: {{ mc_es_home }}/logs
+
+network.host: 0.0.0.0
+node.name: {{ ansible_host }}
+transport.host: 0.0.0.0
+transport.port: 9300
+transport.publish_host: {{ ansible_host }}

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/templates/ha/slave.system.yaml.j2

@@ -0,0 +1,22 @@
+configVersion: 1
+shared:
+  jfrogUrl: {{ jfrog_url }}
+  node:
+    ip: {{ ansible_host }}
+  database:
+    type: "{{ mc_db_type }}"
+    driver: "{{ mc_db_driver }}"
+    url: "{{ mc_db_url }}"
+    username: "{{ mc_db_user }}"
+    password: "{{ mc_db_password }}"
+  elasticsearch:
+    unicastFile: {{ mc_es_conf_base }}/unicast_hosts.txt
+    clusterSetup: YES
+    password: {{ mc_es_password }}
+    url: {{ mc_es_url }}
+    username: {{ mc_es_user }}
+  security:
+    joinKey: {{ join_key }}
+router:
+  entrypoints:
+    internalPort: 8046

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/templates/installer-info.json.j2

@@ -0,0 +1,9 @@
+{{ ansible_managed | comment }}
+{
+  "productId": "Ansible_MissionControl/{{ platform_collection_version }}-{{ missionControl_version }}",
+  "features": [
+    {
+      "featureId": "Channel/{{ ansible_marketplace }}"
+    }
+  ]
+}

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/templates/system.yaml.j2

@@ -0,0 +1,3 @@
+{% if (mc_systemyaml) and (mc_systemyaml|length > 0) %}
+{{ mc_systemyaml }}
+{% endif %}

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/vars/main.yml

@@ -0,0 +1 @@
+---

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/vars/script/archive.yml

@@ -0,0 +1,58 @@
+mc_installer_scenario:
+  main:
+    - {
+        "expecting": "(data|installation) directory \\(",
+        "sending": "{{ mc_home }}"
+      }
+    - {
+        "expecting": "jfrog url( \\(.+\\))?:(?!.*Skipping prompt)",
+        "sending": "{{ jfrog_url }}"
+      }
+    - {
+        "expecting": "join key:(?!.*Skipping prompt)",
+        "sending": "{{ join_key }}"
+      }
+    - {
+        "expecting": "please specify the ip address of this machine(?!.*Skipping prompt)",
+        "sending": "{% if mc_ha_node_type is defined and mc_ha_node_type == 'master' %}{{ ansible_host }}{% else %}{{ ansible_host }}{% endif %}"
+      }
+    - {
+        "expecting": "are you adding an additional node",
+        "sending": "{% if mc_ha_node_type is defined and mc_ha_node_type == 'master' %}n{% else %}y{% endif %}"
+      }
+    - {
+        "expecting": "do you want to install postgresql",
+        "sending": "n"
+      }
+    - {
+        "expecting": "do you want to install elasticsearch",
+        "sending": "n"
+      }
+    - {
+        "expecting": "(postgresql|database) url.+\\[jdbc:postgresql.+\\]:",
+        "sending": "{{ mc_db_url }}"
+      }
+    - {
+        "expecting": "(postgresql|database) password",
+        "sending": "{{ mc_db_password }}"
+      }
+    - {
+        "expecting": "(postgresql|database) username",
+        "sending": "{{ mc_db_user }}"
+      }
+    - {
+        "expecting": "confirm database password",
+        "sending": "{{ mc_db_password }}"
+      }
+    - {
+        "expecting": "elasticsearch url:(?!.*Skipping prompt)",
+        "sending": "{{ mc_es_url }}"
+      }
+    - {
+        "expecting": "elasticsearch username:",
+        "sending": "{{ mc_es_user }}"
+      }
+    - {
+        "expecting": "elasticsearch password:",
+        "sending": "{{ mc_es_password }}"
+      }