[Ansible] JFrog Platform 7.24.3 (#153)

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/defaults/main.yml

@@ -1,4 +1,3 @@
----
 # defaults file for mc
 
 # The version of missioncontrol to install
@@ -7,9 +6,9 @@ missioncontrol_version: 4.7.10
 # whether to enable HA
 mc_ha_enabled: false
 
-mc_ha_node_type : master
+mc_ha_node_type: master
 
-# The location where mc should install.
+# The location where mc should install
 jfrog_home_directory: /opt/jfrog
 
 # The remote mc download file
@@ -26,7 +25,7 @@ mc_home: "{{ jfrog_home_directory }}/mc"
 mc_install_script_path: "{{ mc_home }}/app/bin"
 mc_thirdparty_path: "{{ mc_home }}/app/third-party"
 mc_archive_service_cmd: "{{ mc_install_script_path }}/installService.sh"
-mc_service_file : /lib/systemd/system/mc.service
+mc_service_file: /lib/systemd/system/mc.service
 
 #mc users and groups
 mc_user: jfmc
@@ -51,12 +50,10 @@ mc_es_transport_port: 9300
 mc_es_home: "/usr/share/elasticsearch"
 mc_es_data_dir: "/var/lib/elasticsearch"
 mc_es_log_dir: "/var/log/elasticsearch"
-mc_es_java_home: "{{ mc_thirdparty_path }}/java"
+mc_es_java_home: "/usr/share/elasticsearch/jdk"
 mc_es_script_path: "/usr/share/elasticsearch/bin"
 mc_es_searchgaurd_home: "/usr/share/elasticsearch/plugins/search-guard-7"
 
-flow_type: archive
-
 # if this is an upgrade
 mc_upgrade_only: false
 

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/Debian.yml

@@ -0,0 +1,13 @@
+- name: Install prerequisite packages
+  become: yes
+  apt:
+    name: ["expect", "locales"]
+    state: present
+    update_cache: yes
+    cache_valid_time: 3600
+
+- name: Ensure UTF-8 locale exists
+  become: yes
+  locale_gen:
+    name: en_US.UTF-8
+    state: present

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/RedHat.yml

@@ -0,0 +1,5 @@
+- name: Install prerequisite packages
+  become: yes
+  yum:
+    name: expect
+    state: present

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/install.yml

@@ -1,33 +1,18 @@
----
 - debug:
     msg: "Performing installation of missionControl version - {{ missioncontrol_version }}"
 
-- name: Install expect dependency
-  become: yes
-  yum:
-    name: expect
-    state: present
-  when: ansible_os_family == 'RedHat'
-
-- name: Install expect dependency
-  become: yes
-  apt:
-    name: expect
-    state: present
-    update_cache: yes
-  when: ansible_os_family == 'Debian'
+- name: Install prerequisite packages
+  include_tasks: "{{ ansible_os_family }}.yml"
 
 - name: Ensure group jfmc exist
   become: yes
   group:
     name: "{{ mc_group }}"
-    gid: "{{ mc_gid }}"
     state: present
 
 - name: Ensure user jfmc exist
   become: yes
   user:
-    uid: "{{ mc_uid }}"
     name: "{{ mc_user }}"
     group: "{{ mc_group }}"
     create_home: yes
@@ -138,10 +123,10 @@
   template:
     src: "{{ mc_system_yaml_template }}"
     dest: "{{ mc_home }}/var/etc/system.yaml"
-  when: 
-    - mc_systemyaml is defined  
+  when:
+    - mc_systemyaml is defined
     - mc_systemyaml|length > 0
-    - mc_systemyaml_override or (not systemyaml.stat.exists) 
+    - mc_systemyaml_override or (not systemyaml.stat.exists)
   notify: restart missioncontrol
 
 - name: Update correct permissions
@@ -155,8 +140,7 @@
 
 - name: Install mc as a service
   become: yes
-  shell: |
-    {{ mc_archive_service_cmd }}
+  shell: "{{ mc_archive_service_cmd }}"
   args:
     chdir: "{{ mc_install_script_path }}"
     creates: "{{ mc_service_file }}"
@@ -165,10 +149,13 @@
 - name: Restart missioncontrol
   meta: flush_handlers
 
-- name : Wait for missionControl to be fully deployed
-  uri: url=http://127.0.0.1:8082/router/api/v1/system/health timeout=130
+- name: Make sure missionControl is up and running
+  uri:
+    url: http://127.0.0.1:8082/router/api/v1/system/health
+    timeout: 130
+    status_code: 200
   register: result
-  until: result.status == 200
+  until: result is succeeded
   retries: 25
   delay: 5
   when: not ansible_check_mode

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/main.yml

@@ -1,10 +1,11 @@
-- name: perform installation
+- name: Perform installation
   include_tasks: "install.yml"
-  when: 
+  when:
     - mc_enabled
     - not mc_upgrade_only
-- name: perform upgrade
+
+- name: Perform upgrade
   include_tasks: "upgrade.yml"
   when:
     - mc_enabled
-    - mc_upgrade_only
+    - mc_upgrade_only

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/setup-elasticsearch.yml

@@ -2,14 +2,12 @@
   become: yes
   group:
     name: elasticsearch
-    gid: "{{ es_gid }}"
     state: present
 
 - name: Ensure user elasticsearch exists
   become: yes
   user:
     name: elasticsearch
-    uid: "{{ es_uid }}"
     group: elasticsearch
     create_home: yes
     home: "{{ mc_es_home }}"
@@ -47,12 +45,13 @@
     limit_item: nproc
     value: '4096'
 
-- name: Setting sysctl values
+- name: Set vm.max_map_count in /etc/sysctl.conf
   become: yes
-  sysctl: name={{ item.name }} value={{ item.value }} sysctl_set=yes
-  loop:
-    - { name: "vm.max_map_count", value: 262144}
   ignore_errors: yes
+  sysctl:
+    name: vm.max_map_count
+    value: '262144'
+    sysctl_set: yes
 
 - name: Find elasticsearch package
   become: yes
@@ -87,7 +86,7 @@
       - --strip-components=1
     owner: elasticsearch
     group: elasticsearch
-    creates: "{{ mc_es_script_path }}"
+    creates: "{{ mc_es_java_home }}"
   register: unarchive_result
   when: check_elasticsearch_package_result.matched > 0
 
@@ -111,9 +110,7 @@
     dest: "{{ mc_es_conf_base }}/elasticsearch.yml"
     owner: elasticsearch
     group: elasticsearch
-  when:
-    - unarchive_result.extract_results.rc | default(128) == 0
-    - flow_type in ["ha-cluster", "ha-upgrade"]
+  when: unarchive_result.extract_results.rc | default(128) == 0
 
 - name: Generate elasticsearch.yml template file
   become: yes
@@ -122,9 +119,7 @@
     dest: "{{ mc_es_conf_base }}/elasticsearch.yml"
     owner: elasticsearch
     group: elasticsearch
-  when:
-    - unarchive_result.extract_results.rc | default(128) == 0
-    - flow_type in ["archive", "upgrade"]
+  when: unarchive_result.extract_results.rc | default(128) == 0
 
 - name: Create empty unicast_hosts.txt file
   become: yes
@@ -168,7 +163,7 @@
   when: start_elasticsearch.changed
 
 - name: Check if elasticsearch is running
-  wait_for: 
+  wait_for:
     host: localhost
     port: "{{ mc_es_transport_port }}"
     delay: 5
@@ -176,7 +171,6 @@
 
 - name: Init searchguard plugin
   become: yes
-  become_user: elasticsearch
   shell: |
     ./sgadmin.sh -p {{ mc_es_transport_port }} -cacert root-ca.pem \
     -cert sgadmin.pem -key sgadmin.key -cd {{ mc_es_searchgaurd_home }}/sgconfig/ -nhnv -icl
@@ -185,4 +179,4 @@
   environment:
     JAVA_HOME: "{{ mc_es_java_home }}"
   register: install_searchguard_result
-  when: check_searchguard_bundle_result.matched == 1
+  when: check_searchguard_bundle_result.matched == 1

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/setup-searchguard.yml

@@ -64,4 +64,4 @@
     path: "{{ mc_es_searchgaurd_home }}/tools/sgadmin.sh"
     owner: elasticsearch
     group: elasticsearch
-    mode: 0700
+    mode: 0700

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/upgrade-elasticsearch.yml

@@ -1,17 +1,13 @@
-- name: Get elasticsearch pid
-  shell: "ps -ef | grep -v grep | grep -w elasticsearch | awk '{print $2}'"
-  register: elasticsearch_pid
-
-- name: Stop elasticsearch before upgrade
+- name: Kill elasticsearch process
   become: yes
-  shell: kill -9 {{ elasticsearch_pid.stdout }}
-  when: elasticsearch_pid.stdout | length > 0
-
-- name: Waiting until all running processes are killed
-  wait_for:
-    path: "/proc/{{ elasticsearch_pid.stdout }}/status"
-    state: absent
-  when: elasticsearch_pid.stdout | length > 0
+  ignore_errors: yes
+  shell: |
+    ps -ef | grep -v grep | grep -w elasticsearch | awk '{print $2}' | while read curr_ps_id
+    do
+        echo "process ${curr_ps_id} still running"
+        echo "$(ps -ef | grep -v grep | grep ${curr_ps_id})"
+        kill -9 ${curr_ps_id}
+    done
 
 - name: Find searchguard bundle for removal
   become: yes
@@ -75,7 +71,7 @@
       - --exclude=config
     owner: elasticsearch
     group: elasticsearch
-    creates: "{{ mc_es_script_path }}"
+    creates: "{{ mc_es_java_home }}"
   register: unarchive_result
   when: check_elasticsearch_package_result.matched > 0
 
@@ -107,8 +103,8 @@
   environment:
     ES_JAVA_HOME: "{{ mc_es_java_home }}"
     ES_PATH_CONF: "{{ mc_es_conf_base }}/"
-  when: unarchive_result.extract_results.rc | default(128) == 0
   register: start_elastcsearch
+  when: unarchive_result.extract_results.rc | default(128) == 0
 
 - name: Wait for elasticsearch to start
   pause:
@@ -116,8 +112,21 @@
   when: start_elasticsearch.changed
 
 - name: Check if elasticsearch is running
-  wait_for: 
+  wait_for:
     host: localhost
     port: "{{ mc_es_transport_port }}"
     delay: 5
     connect_timeout: 1
+
+- name: Init searchguard plugin
+  become: yes
+  become_user: elasticsearch
+  shell: |
+    ./sgadmin.sh -p {{ mc_es_transport_port }} -cacert root-ca.pem \
+    -cert sgadmin.pem -key sgadmin.key -cd {{ mc_es_searchgaurd_home }}/sgconfig/ -nhnv -icl
+  args:
+    chdir: "{{ mc_es_searchgaurd_home }}/tools/"
+  environment:
+    JAVA_HOME: "{{ mc_es_java_home }}"
+  register: install_searchguard_result
+  when: check_searchguard_bundle_result.matched == 1

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/upgrade-searchguard.yml

@@ -65,6 +65,7 @@
   loop:
     - "sg_roles.yml"
     - "sg_roles_mapping.yml"
+    - "sg_config.yml"
 
 - name: Check execution bit
   become: yes

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/upgrade.yml

@@ -1,4 +1,3 @@
----
 - debug:
     msg: "Performing Upgrade of missionControl version - {{ missioncontrol_version }}"
 
@@ -71,10 +70,10 @@
   template:
     src: "{{ mc_system_yaml_template }}"
     dest: "{{ mc_home }}/var/etc/system.yaml"
-  when: 
-    - mc_systemyaml is defined  
+  when:
+    - mc_systemyaml is defined
     - mc_systemyaml|length > 0
-    - mc_systemyaml_override or (not systemyaml.stat.exists) 
+    - mc_systemyaml_override or (not systemyaml.stat.exists)
   notify: restart missioncontrol
 
 - name: Check if install.sh wrapper script exist
@@ -97,7 +96,7 @@
     apply:
       environment:
         YQ_PATH: "{{ mc_thirdparty_path }}/yq"
-  when: 
+  when:
     - upgrade_wrapper_script.stat.exists
     - download_mc.changed
 
@@ -120,10 +119,13 @@
 - name: Restart missioncontrol
   meta: flush_handlers
 
-- name : Wait for missionControl to be fully deployed
-  uri: url=http://127.0.0.1:8082/router/api/v1/system/health timeout=130
+- name: Make sure missionControl is up and running
+  uri:
+    url: http://127.0.0.1:8082/router/api/v1/system/health
+    timeout: 130
+    status_code: 200
   register: result
-  until: result.status == 200
+  until: result is succeeded
   retries: 25
   delay: 5
   when: not ansible_check_mode

Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/vars/main.yml

@@ -1,6 +1,5 @@
----
 # platform collection version
-platform_collection_version: 7.23.3
+platform_collection_version: 7.24.3
 
 # indicates were this collection was downlaoded from (galaxy, automation_hub, standalone)
-ansible_marketplace: galaxy
+ansible_marketplace: galaxy