zware/JFrog-Cloud-Installers
1
0
Fork 0
mirror of https://github.com/ZwareBear/JFrog-Cloud-Installers.git synced 2026-01-21 02:06:56 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #86 from jfrog/aws-7.15.3

Browse Source 
Updates for AWS CFT for 7.15.3
This commit is contained in:
Alex Hung
2021-02-25 09:01:31 -08:00
committed by GitHub
parent 8ddf11d7f8 6215731cb7
commit 57ad95403a
4 changed files with 50 additions and 411 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
Amazon/Marketplace/v7153/templates/jfrog-artifactory-core-infrastructure.template.yaml
View File

@@ -39,8 +39,6 @@ Parameters:
- "true" - "true"
- "false" - "false"
Type: String Type: String
DatabaseEngine:
Type: String
DatabaseUser: DatabaseUser:
Type: String Type: String
DatabasePassword: DatabasePassword:
@@ -65,15 +63,6 @@ Parameters:
Type: Number Type: Number
Mappings: Mappings:
DatabaseMap:
Postgres:
Name: postgresql
DatabaseVersion: 11.5
Driver: "org.postgresql.Driver"
Plugin: postgresql-42.2.9.jar
PluginURL: https://jdbc.postgresql.org/download/
port: "5432"
extraDatabaseOps: ""
ReleaseStageMap: ReleaseStageMap:
BETA: BETA:
ProDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/artifactory-pro" ProDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/artifactory-pro"
@@ -229,11 +218,8 @@ Resources:
Properties: Properties:
AllocatedStorage: !Ref DatabaseAllocatedStorage AllocatedStorage: !Ref DatabaseAllocatedStorage
MultiAZ: !Ref MultiAzDatabase MultiAZ: !Ref MultiAzDatabase
Engine: !Ref DatabaseEngine Engine: Postgres
EngineVersion: !FindInMap EngineVersion: "11.5"
- DatabaseMap
- !Ref DatabaseEngine
- DatabaseVersion
MasterUsername: !Ref DatabaseUser MasterUsername: !Ref DatabaseUser
MasterUserPassword: !Ref DatabasePassword MasterUserPassword: !Ref DatabasePassword
DBInstanceClass: !Ref DatabaseInstance DBInstanceClass: !Ref DatabaseInstance
@@ -256,34 +242,16 @@ Resources:
ToPort: 22 ToPort: 22
CidrIp: !Ref VpcCidr CidrIp: !Ref VpcCidr
- IpProtocol: tcp - IpProtocol: tcp
FromPort: !FindInMap FromPort: 5432
- DatabaseMap ToPort: 5432
- !Ref DatabaseEngine
- port
ToPort: !FindInMap
- DatabaseMap
- !Ref DatabaseEngine
- port
CidrIp: !Ref PrivateSubnet1Cidr CidrIp: !Ref PrivateSubnet1Cidr
- IpProtocol: tcp - IpProtocol: tcp
FromPort: !FindInMap FromPort: 5432
- DatabaseMap ToPort: 5432
- !Ref DatabaseEngine
- port
ToPort: !FindInMap
- DatabaseMap
- !Ref DatabaseEngine
- port
CidrIp: !Ref PrivateSubnet2Cidr CidrIp: !Ref PrivateSubnet2Cidr
- IpProtocol: tcp - IpProtocol: tcp
FromPort: !FindInMap FromPort: 5432
- DatabaseMap ToPort: 5432
- !Ref DatabaseEngine
- port
ToPort: !FindInMap
- DatabaseMap
- !Ref DatabaseEngine
- port
CidrIp: !Ref PrivateSubnet3Cidr CidrIp: !Ref PrivateSubnet3Cidr
SecurityGroupEgress: SecurityGroupEgress:
- IpProtocol: tcp - IpProtocol: tcp
@@ -350,41 +318,25 @@ Outputs:
Value: !Ref ArtifactoryS3Bucket Value: !Ref ArtifactoryS3Bucket
Description: Actual S3 bucket created for Artifactory Description: Actual S3 bucket created for Artifactory
DatabaseDriver: DatabaseDriver:
Value: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Driver] Value: "org.postgresql.Driver"
DatabasePlugin: DatabasePlugin:
Value: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Plugin] Value: postgresql-42.2.9.jar
DatabasePluginUrl: DatabasePluginUrl:
Value: !Sub Value: https://jdbc.postgresql.org/download/postgresql-42.2.9.jar"
- "${MainURL}${PluginVersion}"
- {
MainURL: !FindInMap [DatabaseMap, !Ref DatabaseEngine, PluginURL],
PluginVersion: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Plugin]
}
DatabaseType: DatabaseType:
Value: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Name] Value: postgresql
DatabaseUrl: DatabaseUrl:
Value: !Sub Value: !Sub
- "jdbc:${DatabaseType}://${ArtifactoryDatabaseEndpointAddress}:${port}/${DatabaseName}${extraDatabaseOps}" - "jdbc:postgresql://${ArtifactoryDatabaseEndpointAddress}:5432/${DatabaseName}"
- { - ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address
DatabaseType: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Name],
ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address,
port: !FindInMap [DatabaseMap, !Ref DatabaseEngine, port],
extraDatabaseOps: !FindInMap [DatabaseMap, !Ref DatabaseEngine, extraDatabaseOps],
}
XrayMasterDatabaseUrl: XrayMasterDatabaseUrl:
Value: !Sub Value: !Sub
- "${ArtifactoryDatabaseEndpointAddress}:${port}/${DatabaseName}?sslmode=disable" - "${ArtifactoryDatabaseEndpointAddress}:5432/${DatabaseName}?sslmode=disable"
- { - ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address
ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address,
port: !FindInMap [DatabaseMap, !Ref DatabaseEngine, port],
}
XrayDatabaseUrl: XrayDatabaseUrl:
Value: !Sub Value: !Sub
- "${ArtifactoryDatabaseEndpointAddress}:${port}/xraydb?sslmode=disable" - "${ArtifactoryDatabaseEndpointAddress}:5432/xraydb?sslmode=disable"
- { - ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address
ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address,
port: !FindInMap [DatabaseMap, !Ref DatabaseEngine, port],
}
ProDockerRepo: ProDockerRepo:
Value: !FindInMap Value: !FindInMap
- ReleaseStageMap - ReleaseStageMap

274
Amazon/Marketplace/v7153/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml
View File

@@ -10,7 +10,6 @@ Metadata:
Parameters: Parameters:
- KeyPairName - KeyPairName
- AccessCidr - AccessCidr
- RemoteAccessCidr
- Label: - Label:
default: Network configuration default: Network configuration
Parameters: Parameters:
@@ -24,16 +23,6 @@ Metadata:
- PrivateSubnet1Cidr - PrivateSubnet1Cidr
- PrivateSubnet2Cidr - PrivateSubnet2Cidr
- ELBScheme - ELBScheme
- Label:
default: Bastion configuration
Parameters:
- ProvisionBastionHost
- BastionInstanceType
- BastionOs
- BastionRootVolumeSize
- BastionEnableTcpForwarding
- NumBastionHosts
- BastionEnableX11Forwarding
- Label: - Label:
default: Amazon EC2 configuration default: Amazon EC2 configuration
Parameters: Parameters:
@@ -43,7 +32,6 @@ Metadata:
default: JFrog Artifactory configuration default: JFrog Artifactory configuration
Parameters: Parameters:
- ArtifactoryProduct - ArtifactoryProduct
- ArtifactoryVersion
- NumberOfSecondary - NumberOfSecondary
- SmLicenseName - SmLicenseName
- SmCertName - SmCertName
@@ -55,22 +43,15 @@ Metadata:
default: Amazon RDS configuration default: Amazon RDS configuration
Parameters: Parameters:
- DatabaseName - DatabaseName
- DatabaseEngine
- DatabaseUser - DatabaseUser
- DatabasePassword - DatabasePassword
- DatabaseInstance - DatabaseInstance
- DatabaseAllocatedStorage - DatabaseAllocatedStorage
- MultiAzDatabase - MultiAzDatabase
- Label:
default: AWS Quick Start configuration
Parameters:
- QsS3BucketName
- QsS3KeyPrefix
- Label: - Label:
default: JFrog Xray Configuration default: JFrog Xray Configuration
Parameters: Parameters:
- InstallXray - InstallXray
- XrayVersion
- XrayNumberOfInstances - XrayNumberOfInstances
- XrayInstanceType - XrayInstanceType
- XrayDatabaseUser - XrayDatabaseUser
@@ -98,24 +79,8 @@ Metadata:
default: Private subnet 2 CIDR default: Private subnet 2 CIDR
AccessCidr: AccessCidr:
default: Permitted IP range default: Permitted IP range
RemoteAccessCidr:
default: Remote access CIDR
ELBScheme: ELBScheme:
default: Elastic Load Balancing scheme default: Elastic Load Balancing scheme
ProvisionBastionHost:
default: Bastion instance
BastionInstanceType:
default: Bastion instance type
BastionRootVolumeSize:
default: Bastion root volume size
BastionEnableTcpForwarding:
default: Bastion enable TCP forwarding
BastionEnableX11Forwarding:
default: Bastion enable X11 forwarding
BastionOs:
default: Bastion operating system
NumBastionHosts:
default: Number of bastion instances
VolumeSize: VolumeSize:
default: EBS root volume size default: EBS root volume size
InstanceType: InstanceType:
@@ -124,8 +89,6 @@ Metadata:
default: Secondary instances default: Secondary instances
ArtifactoryProduct: ArtifactoryProduct:
default: Artifactory product to install default: Artifactory product to install
ArtifactoryVersion:
default: Artifactory version
SmLicenseName: SmLicenseName:
default: Artifactory licenses secret name default: Artifactory licenses secret name
SmCertName: SmCertName:
@@ -140,8 +103,6 @@ Metadata:
default: Default Java memory settings default: Default Java memory settings
DatabaseName: DatabaseName:
default: Database name default: Database name
DatabaseEngine:
default: Database engine
DatabaseUser: DatabaseUser:
default: Database user default: Database user
DatabasePassword: DatabasePassword:
@@ -152,16 +113,8 @@ Metadata:
default: Database allocated storage default: Database allocated storage
MultiAzDatabase: MultiAzDatabase:
default: High-availability database default: High-availability database
QsS3BucketName:
default: Quick Start S3 bucket name
QsS3KeyPrefix:
default: Quick Start S3 key prefix
QsS3BucketRegion:
default: Quick Start S3 bucket region
InstallXray: InstallXray:
default: Install JFrog Xray default: Install JFrog Xray
XrayVersion:
default: Version of Xray to install
XrayNumberOfInstances: XrayNumberOfInstances:
default: Number of JFrog Xray instances default: Number of JFrog Xray instances
XrayInstanceType: XrayInstanceType:
@@ -219,12 +172,6 @@ Parameters:
For example, you might want to grant only your corporate network access to the software. For example, you might want to grant only your corporate network access to the software.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
Type: String Type: String
RemoteAccessCidr:
Description: Remote CIDR range that allows you to connect to the bastion instance by using SSH.
We recommend that you set this value to a trusted IP range.
For example, you might want to grant specific ranges inside your corporate network SSH access.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
Type: String
ELBScheme: ELBScheme:
Description: Choose whether this is internet facing or internal. Description: Choose whether this is internet facing or internal.
AllowedValues: AllowedValues:
@@ -232,68 +179,6 @@ Parameters:
- internet-facing - internet-facing
Default: internet-facing Default: internet-facing
Type: String Type: String
ProvisionBastionHost:
Description: Choose Disabled to skip creating a bastion instance. Due to the JFrog Container Registry nodes being
created in private subnets, the default setting of Enabled this is highly recommended.
AllowedValues:
- "Enabled"
- "Disabled"
Default: "Enabled"
Type: String
BastionInstanceType:
Description: Size of the bastion instances.
AllowedValues:
- t3.nano
- t3.micro
- t3.small
- t3.medium
- t3.large
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
Default: "t3.micro"
Type: String
BastionRootVolumeSize:
Description: Size of the root volume on the bastion instances.
Default: 10
Type: Number
BastionEnableTcpForwarding:
Description: Choose whether to enable TCPForwarding via the bootstrapping of the bastion instance
or not.
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
BastionEnableX11Forwarding:
Description: Choose true to enable X11 via the bootstrapping of the bastion host.
Setting this value to true will enable X Windows over SSH.
X11 forwarding can be useful, but it is also a security risk, so it's recommended
that you keep the default (false) setting.
AllowedValues:
- "true"
- "false"
Default: "false"
Type: String
BastionOs:
Description: Linux distribution for the Amazon Machine Image (AMI) to be used for the bastion instances.
AllowedValues:
- "Amazon-Linux2-HVM"
- "CentOS-7-HVM"
- "Ubuntu-Server-20.04-LTS-HVM"
- "SUSE-SLES-15-HVM"
Default: "Amazon-Linux2-HVM"
Type: String
NumBastionHosts:
Description: Number of bastion instances to create.
AllowedValues:
- '1'
- '2'
- '3'
- '4'
Default: '1'
Type: String
VolumeSize: VolumeSize:
Description: Size in gigabytes of the available storage (min 10GB); the Quick Start will create an Description: Size in gigabytes of the available storage (min 10GB); the Quick Start will create an
Amazon Elastic Block Store (Amazon EBS) volumes of this size. Amazon Elastic Block Store (Amazon EBS) volumes of this size.
@@ -354,14 +239,6 @@ Parameters:
- JFrog-Container-Registry - JFrog-Container-Registry
Default: JFrog-Artifactory-Pro Default: JFrog-Artifactory-Pro
Type: String Type: String
ArtifactoryVersion:
Description: Version of Artifactory that you want to deploy into the Quick Start.
See the release notes to select the version you want to deploy at
https://www.jfrog.com/confluence/display/RTF/Release+Notes.
AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$
ConstraintDescription: A version that matches X.X.X per Artifactory releases
Default: 7.15.3
Type: String
SmLicenseName: SmLicenseName:
Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses. Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses.
Default: '' Default: ''
@@ -406,12 +283,6 @@ Parameters:
ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter. ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter.
Default: artdb Default: artdb
Type: String Type: String
DatabaseEngine:
Description: Database engine that you want to run, which is currently locked to MySQL.
AllowedValues:
- Postgres
Default: Postgres
Type: String
DatabaseUser: DatabaseUser:
Description: Login ID for the master user of your database instance. Description: Login ID for the master user of your database instance.
MinLength: '1' MinLength: '1'
@@ -461,28 +332,6 @@ Parameters:
- "false" - "false"
Default: "true" Default: "true"
Type: String Type: String
QsS3BucketName:
Description: S3 bucket name for the Quick Start assets. This string can include
numbers, lowercase letters, and hyphens (-). It cannot start
or end with a hyphen (-).
AllowedPattern: ^[0-9a-z]+([0-9a-z-]*[0-9a-z])*$
ConstraintDescription: Quick Start bucket name can include numbers, lowercase
letters, and hyphens (-). It cannot start or end with a hyphen (-).
Default: aws-quickstart
Type: String
QsS3KeyPrefix:
Description: S3 key prefix for the Quick Start assets. Quick Start key prefix
can include numbers, lowercase letters, uppercase letters, hyphens (-), and
forward slash (/).
AllowedPattern: ^[0-9a-zA-Z-/]*$
ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters,
uppercase letters, hyphens (-), and forward slash (/).
Default: quickstart-jfrog-artifactory/
Type: String
QsS3BucketRegion:
Default: 'us-east-1'
Description: AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. If you use your own bucket, you must specify your own value.
Type: String
InstallXray: InstallXray:
Description: Choose true to install JFrog Xray instance(s). Description: Choose true to install JFrog Xray instance(s).
ConstraintDescription: True or False ConstraintDescription: True or False
@@ -491,12 +340,6 @@ Parameters:
- "false" - "false"
Default: "true" Default: "true"
Type: String Type: String
XrayVersion:
Description: The version of Xray that you want to deploy into the Quick Start.
AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$
ConstraintDescription: A version that matches X.X.X per Xray releases.
Default: 3.17.4
Type: String
XrayNumberOfInstances: XrayNumberOfInstances:
Description: The number of Xray instances servers to complete your Description: The number of Xray instances servers to complete your
HA deployment. The minimum number is one; the maximum is seven. HA deployment. The minimum number is one; the maximum is seven.
@@ -533,7 +376,6 @@ Parameters:
Type: String Type: String
Conditions: Conditions:
EnableBastion: !Equals [!Ref 'ProvisionBastionHost', 'Enabled']
IsArtifactory: !Not [!Equals [!Ref ArtifactoryProduct, 'JFrog-Container-Registry']] IsArtifactory: !Not [!Equals [!Ref ArtifactoryProduct, 'JFrog-Container-Registry']]
HasSecondaryNodes: !Not [!Equals [!Ref NumberOfSecondary, '0']] HasSecondaryNodes: !Not [!Equals [!Ref NumberOfSecondary, '0']]
DefaultJava: !Equals [!Ref DefaultJavaMemSettings, "true"] DefaultJava: !Equals [!Ref DefaultJavaMemSettings, "true"]
@@ -541,67 +383,10 @@ Conditions:
SmCertNameExists: !Not [!Equals [!Ref 'SmCertName', '']] SmCertNameExists: !Not [!Equals [!Ref 'SmCertName', '']]
Resources: Resources:
BastionRole:
Condition: EnableBastion
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: ec2.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: QSBucketAccess
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action: s3:GetObject
Resource: !Sub "arn:${AWS::Partition}:s3:::${QsS3BucketName}/*"
- Effect: Allow
Action:
- logs:CreateLogStream
- logs:GetLogEvents
- logs:PutLogEvents
- logs:DescribeLogGroups
- logs:DescribeLogStreams
- logs:PutRetentionPolicy
- logs:PutMetricFilter
- logs:CreateLogGroup
Resource: !Sub "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:*:*"
- Effect: Allow
Action:
- ec2:AssociateAddress
- ec2:DescribeAddresses
Resource: "*"
BastionStack:
Condition: EnableBastion
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: https://aws-quickstart.s3.amazonaws.com/quickstart-jfrog-artifactory/submodules/quickstart-linux-bastion/templates/linux-bastion.template
Parameters:
VPCID: !Ref VpcId
PublicSubnet1ID: !Ref PublicSubnet1Id
PublicSubnet2ID: !Ref PublicSubnet2Id
KeyPairName: !Ref KeyPairName
QSS3BucketName: !Ref QsS3BucketName
QSS3KeyPrefix: !Sub '${QsS3KeyPrefix}submodules/quickstart-linux-bastion/'
QSS3BucketRegion: !Ref QsS3BucketRegion
RemoteAccessCIDR: !Ref RemoteAccessCidr
BastionInstanceType: !Ref BastionInstanceType
RootVolumeSize: !Ref BastionRootVolumeSize
BastionAMIOS: !Ref BastionOs
EnableTCPForwarding: !Ref BastionEnableTcpForwarding
EnableX11Forwarding: !Ref BastionEnableX11Forwarding
AlternativeIAMRole: !Ref BastionRole
NumBastionHosts: !Ref NumBastionHosts
ArtifactoryCoreInfraStack: ArtifactoryCoreInfraStack:
Type: AWS::CloudFormation::Stack Type: AWS::CloudFormation::Stack
Properties: Properties:
TemplateURL: https://jfrog-marketplace-test-us-east-1.s3.amazonaws.com/marketplace-jfrog-artifactory/templates/jfrog-artifactory-core-infrastructure.template.yaml TemplateURL: https://jfrog-marketplace-test-us-east-1.s3.amazonaws.com/marketplace-jfrog-artifactory/v7153/templates/jfrog-artifactory-core-infrastructure.template.yaml
Parameters: Parameters:
AvailabilityZones: AvailabilityZones:
Fn::Join: Fn::Join:
@@ -615,7 +400,6 @@ Resources:
SubnetIds: !Join [",", [!Ref PrivateSubnet1Id, !Ref PrivateSubnet2Id]] SubnetIds: !Join [",", [!Ref PrivateSubnet1Id, !Ref PrivateSubnet2Id]]
DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage
MultiAzDatabase: !Ref MultiAzDatabase MultiAzDatabase: !Ref MultiAzDatabase
DatabaseEngine: !Ref DatabaseEngine
DatabaseUser: !Ref DatabaseUser DatabaseUser: !Ref DatabaseUser
DatabasePassword: !Ref DatabasePassword DatabasePassword: !Ref DatabasePassword
DatabaseInstance: !Ref DatabaseInstance DatabaseInstance: !Ref DatabaseInstance
@@ -716,7 +500,7 @@ Resources:
Tags: Tags:
- Key: Name - Key: Name
Value: !Sub ${ArtifactoryProduct}-ec2-instances-sg Value: !Sub ${ArtifactoryProduct}-ec2-instances-sg
GroupDescription: SG for EC2 instances (also permits access using SSH from the bastion host) GroupDescription: SG for EC2 instances
VpcId: !Ref VpcId VpcId: !Ref VpcId
SecurityGroupIngress: SecurityGroupIngress:
- IpProtocol: tcp - IpProtocol: tcp
@@ -795,21 +579,17 @@ Resources:
- "logs:CreateLogStream" - "logs:CreateLogStream"
- "logs:PutLogEvents" - "logs:PutLogEvents"
- "logs:DescribeLogStreams" - "logs:DescribeLogStreams"
Resource: "arn:aws:logs:*:*:*" Resource: !Sub "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:*:*"
- Effect: "Allow" - PolicyName: 'SecretsManager-policy'
Action:
- "s3:GetObject"
Resource: "*"
- PolicyName: 'SecretsMaanger-policy'
PolicyDocument: PolicyDocument:
Version: "2012-10-17" Version: "2012-10-17"
Statement: Statement:
- Effect: "Allow" - Effect: "Allow"
Action: Action:
- "secretsmanager:GetSecretValue" - "secretsmanager:GetSecretValue"
Resource: "arn:aws:secretsmanager:*:*:secret:*" Resource: !Sub "arn:${AWS::Partition}:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:*"
ArtifactoryHostProfile: ArtifactoryHostProfile:
Type: 'AWS::IAM::InstanceProfile' Type: AWS::IAM::InstanceProfile
Properties: Properties:
Roles: Roles:
- !Ref ArtifactoryHostRole - !Ref ArtifactoryHostRole
@@ -817,17 +597,13 @@ Resources:
ArtifactoryPrimary: ArtifactoryPrimary:
Type: AWS::CloudFormation::Stack Type: AWS::CloudFormation::Stack
Properties: Properties:
TemplateURL: https://jfrog-marketplace-test-us-east-1.s3.amazonaws.com/marketplace-jfrog-artifactory/templates/jfrog-artifactory-ec2-instance.template.yaml TemplateURL: https://jfrog-marketplace-test-us-east-1.s3.amazonaws.com/marketplace-jfrog-artifactory/v7153/templates/jfrog-artifactory-ec2-instance.template.yaml
Parameters: Parameters:
PrivateSubnetIds: !Join [',', [!Ref PrivateSubnet1Id]] PrivateSubnetIds: !Join [',', [!Ref PrivateSubnet1Id]]
MinScalingNodes: '1' # Always have 1 MasterNode MinScalingNodes: '1' # Always have 1 Primary Node
MaxScalingNodes: '1' # Always have 1 MasterNode MaxScalingNodes: '1' # Always have 1 Primary Node
DeploymentTag: !If [IsArtifactory, "ArtifactoryPrimary", "JcrPrimary"] DeploymentTag: !If [IsArtifactory, "ArtifactoryPrimary", "JcrPrimary"]
HostRole: !Ref ArtifactoryHostRole HostRole: !Ref ArtifactoryHostRole
QsS3BucketName: !Ref QsS3BucketName
QsS3KeyPrefix: !Ref QsS3KeyPrefix
QsS3Uri: !Sub https://${QsS3BucketName}.s3.${AWS::URLSuffix}/${QsS3KeyPrefix}
AmiId: !Join ['', !Split [".", !Ref ArtifactoryVersion]]
ArtifactoryProduct: !Ref ArtifactoryProduct ArtifactoryProduct: !Ref ArtifactoryProduct
ArtifactoryLicensesSecretName: !Ref SmLicenseName ArtifactoryLicensesSecretName: !Ref SmLicenseName
ArtifactoryServerName: !Ref ArtifactoryServerName ArtifactoryServerName: !Ref ArtifactoryServerName
@@ -846,7 +622,8 @@ Resources:
ArtifactoryPrimary: true ArtifactoryPrimary: true
MasterKey: !Ref MasterKey MasterKey: !Ref MasterKey
ExtraJavaOptions: !If [DefaultJava, !Sub "${ArtifactoryCoreInfraStack.Outputs.JavaOpts} ${ExtraJavaOptions}", !Ref ExtraJavaOptions] ExtraJavaOptions: !If [DefaultJava, !Sub "${ArtifactoryCoreInfraStack.Outputs.JavaOpts} ${ExtraJavaOptions}", !Ref ExtraJavaOptions]
ArtifactoryVersion: !Ref ArtifactoryVersion AmiId: "7153"
ArtifactoryVersion: "7.15.3"
KeyPairName: !Ref KeyPairName KeyPairName: !Ref KeyPairName
HostProfile: !Ref ArtifactoryHostProfile HostProfile: !Ref ArtifactoryHostProfile
SecurityGroups: !Ref ArtifactoryEc2Sg SecurityGroups: !Ref ArtifactoryEc2Sg
@@ -862,14 +639,13 @@ Resources:
DependsOn: ArtifactoryPrimary DependsOn: ArtifactoryPrimary
Type: AWS::CloudFormation::Stack Type: AWS::CloudFormation::Stack
Properties: Properties:
TemplateURL: https://jfrog-marketplace-test-us-east-1.s3.amazonaws.com/marketplace-jfrog-artifactory/templates/jfrog-artifactory-ec2-instance.template.yaml TemplateURL: https://jfrog-marketplace-test-us-east-1.s3.amazonaws.com/marketplace-jfrog-artifactory/v7153/templates/jfrog-artifactory-ec2-instance.template.yaml
Parameters: Parameters:
PrivateSubnetIds: !Join [',', [!Ref PrivateSubnet1Id, !Ref PrivateSubnet2Id]] PrivateSubnetIds: !Join [',', [!Ref PrivateSubnet1Id, !Ref PrivateSubnet2Id]]
MinScalingNodes: !Ref NumberOfSecondary MinScalingNodes: !Ref NumberOfSecondary
MaxScalingNodes: !Ref NumberOfSecondary MaxScalingNodes: !Ref NumberOfSecondary
DeploymentTag: ArtifactorySecondary DeploymentTag: ArtifactorySecondary
HostRole: !Ref ArtifactoryHostRole HostRole: !Ref ArtifactoryHostRole
AmiId: !Join ['', !Split [".", !Ref ArtifactoryVersion]]
ArtifactoryProduct: !Ref ArtifactoryProduct ArtifactoryProduct: !Ref ArtifactoryProduct
ArtifactoryLicensesSecretName: !Ref SmLicenseName ArtifactoryLicensesSecretName: !Ref SmLicenseName
ArtifactoryServerName: !Ref ArtifactoryServerName ArtifactoryServerName: !Ref ArtifactoryServerName
@@ -888,7 +664,8 @@ Resources:
ArtifactoryPrimary: false ArtifactoryPrimary: false
MasterKey: !Ref MasterKey MasterKey: !Ref MasterKey
ExtraJavaOptions: !If [DefaultJava, !Sub "${ArtifactoryCoreInfraStack.Outputs.JavaOpts} ${ExtraJavaOptions}", !Ref ExtraJavaOptions] ExtraJavaOptions: !If [DefaultJava, !Sub "${ArtifactoryCoreInfraStack.Outputs.JavaOpts} ${ExtraJavaOptions}", !Ref ExtraJavaOptions]
ArtifactoryVersion: !Ref ArtifactoryVersion AmiId: "7153"
ArtifactoryVersion: "7.15.3"
KeyPairName: !Ref KeyPairName KeyPairName: !Ref KeyPairName
HostProfile: !Ref ArtifactoryHostProfile HostProfile: !Ref ArtifactoryHostProfile
SecurityGroups: !Ref ArtifactoryEc2Sg SecurityGroups: !Ref ArtifactoryEc2Sg
@@ -898,9 +675,6 @@ Resources:
TargetGroupARN: !Ref ArtifactoryTargetGroup TargetGroupARN: !Ref ArtifactoryTargetGroup
SSLTargetGroupARN: !Ref ArtifactorySslTargetGroup SSLTargetGroupARN: !Ref ArtifactorySslTargetGroup
InternalTargetGroupARN: !Ref ArtifactoryInternalTargetGroup InternalTargetGroupARN: !Ref ArtifactoryInternalTargetGroup
QsS3BucketName: !Ref QsS3BucketName
QsS3KeyPrefix: !Ref QsS3KeyPrefix
QsS3Uri: !Sub https://${QsS3BucketName}.s3.${AWS::URLSuffix}/${QsS3KeyPrefix}
XrayHostRole: XrayHostRole:
Condition: EnableXray Condition: EnableXray
Type: AWS::IAM::Role Type: AWS::IAM::Role
@@ -947,11 +721,7 @@ Resources:
- "logs:CreateLogStream" - "logs:CreateLogStream"
- "logs:PutLogEvents" - "logs:PutLogEvents"
- "logs:DescribeLogStreams" - "logs:DescribeLogStreams"
Resource: "arn:aws:logs:*:*:*" Resource: !Sub "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:*:*"
- Effect: "Allow"
Action:
- "s3:GetObject"
Resource: "*"
XrayHostProfile: XrayHostProfile:
Condition: EnableXray Condition: EnableXray
Type: 'AWS::IAM::InstanceProfile' Type: 'AWS::IAM::InstanceProfile'
@@ -964,7 +734,7 @@ Resources:
DependsOn: ArtifactoryPrimary DependsOn: ArtifactoryPrimary
Type: AWS::CloudFormation::Stack Type: AWS::CloudFormation::Stack
Properties: Properties:
TemplateURL: https://jfrog-marketplace-test-us-east-1.s3.amazonaws.com/marketplace-jfrog-artifactory/templates/jfrog-xray-ec2-instance.template.yaml TemplateURL: https://jfrog-marketplace-test-us-east-1.s3.amazonaws.com/marketplace-jfrog-artifactory/v7153/templates/jfrog-xray-ec2-instance.template.yaml
Parameters: Parameters:
PrivateSubnet1Id: !Ref PrivateSubnet1Id PrivateSubnet1Id: !Ref PrivateSubnet1Id
PrivateSubnet2Id: !Ref PrivateSubnet2Id PrivateSubnet2Id: !Ref PrivateSubnet2Id
@@ -972,9 +742,6 @@ Resources:
MinScalingNodes: !Ref XrayNumberOfInstances MinScalingNodes: !Ref XrayNumberOfInstances
MaxScalingNodes: !Ref XrayNumberOfInstances MaxScalingNodes: !Ref XrayNumberOfInstances
DeploymentTag: 'xray' DeploymentTag: 'xray'
QsS3BucketName: !Ref QsS3BucketName
QsS3KeyPrefix: !Ref QsS3KeyPrefix
QsS3Uri: !Sub https://${QsS3BucketName}.s3.${AWS::URLSuffix}/${QsS3KeyPrefix}
DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver
DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType
DatabaseUser: !Ref DatabaseUser DatabaseUser: !Ref DatabaseUser
@@ -989,8 +756,8 @@ Resources:
XrayDatabasePassword: !Ref XrayDatabasePassword XrayDatabasePassword: !Ref XrayDatabasePassword
XrayMasterDatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayMasterDatabaseUrl XrayMasterDatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayMasterDatabaseUrl
XrayDatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayDatabaseUrl XrayDatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayDatabaseUrl
XrayVersion: !Ref XrayVersion XrayVersion: "3.17.4"
XrayAmiId: !Join ['', !Split [".", !Ref XrayVersion]] XrayAmiId: "3174"
XrayHostRole: !Ref XrayHostRole XrayHostRole: !Ref XrayHostRole
XrayHostProfile: !Ref XrayHostProfile XrayHostProfile: !Ref XrayHostProfile
Outputs: Outputs:
@@ -1034,11 +801,6 @@ Outputs:
Value: !Ref ArtifactoryEc2Sg Value: !Ref ArtifactoryEc2Sg
Export: Export:
Name: !Sub '${AWS::StackName}-ArtifactoryEc2Sg' Name: !Sub '${AWS::StackName}-ArtifactoryEc2Sg'
BastionIp:
Value: !If
- EnableBastion
- !GetAtt BastionStack.Outputs.EIP1
- ""
XrayMasterDatabaseUrl: XrayMasterDatabaseUrl:
Description: Database driver Description: Database driver
Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayMasterDatabaseUrl Value: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayMasterDatabaseUrl

54
Amazon/Marketplace/v7153/templates/jfrog-artifactory-ec2-instance.template.yaml
View File

@@ -15,12 +15,6 @@ Parameters:
Type: String Type: String
ArtifactoryProduct: ArtifactoryProduct:
Type: String Type: String
QsS3BucketName:
Type: String
QsS3KeyPrefix:
Type: String
QsS3Uri:
Type: String
ArtifactoryLicensesSecretName: ArtifactoryLicensesSecretName:
Type: String Type: String
ArtifactoryServerName: ArtifactoryServerName:
@@ -86,13 +80,13 @@ Parameters:
Mappings: Mappings:
AWSAMIRegionMap: AWSAMIRegionMap:
us-east-1: us-east-1:
"Artifactory7153": ami-07a437a0be21eb6c8 "Artifactory7153": ami-0e25fbf67a59cc92b
us-east-2: us-east-2:
"Artifactory7153": ami-08f834139a150fb62 "Artifactory7153": ami-08f834139a150fb62
us-west-1: us-west-1:
"Artifactory7153": ami-0afdf2d63fc2c0895 "Artifactory7153": ami-0afdf2d63fc2c0895
us-west-2: us-west-2:
"Artifactory7153": ami-09274621c30cae078 "Artifactory7153": ami-03c0e58806c907dee
ca-central-1: ca-central-1:
"Artifactory7153": ami-0f422f5980aeba60f "Artifactory7153": ami-0f422f5980aeba60f
eu-central-1: eu-central-1:
@@ -116,9 +110,9 @@ Mappings:
sa-east-1: sa-east-1:
"Artifactory7153": ami-0b831f8403d6979d4 "Artifactory7153": ami-0b831f8403d6979d4
us-gov-east-1: us-gov-east-1:
"Artifactory7153": ami-0ec712ae031edcb34 "Artifactory7153": ami-0d91ab5cda810462b
us-gov-west-1: us-gov-west-1:
"Artifactory7153": ami-0b6229d13d677cd16 "Artifactory7153": ami-08343af72f1764764
ArtifactoryProductMap: ArtifactoryProductMap:
JFrog-Container-Registry: JFrog-Container-Registry:
"7153": "Jcr7153" "7153": "Jcr7153"
@@ -164,13 +158,6 @@ Resources:
ArtifactoryLaunchConfiguration: ArtifactoryLaunchConfiguration:
Type: 'AWS::AutoScaling::LaunchConfiguration' Type: 'AWS::AutoScaling::LaunchConfiguration'
Metadata: Metadata:
AWS::CloudFormation::Authentication:
S3AccessCreds:
type: S3
roleName:
- !Ref HostRole # !Ref ArtifactoryHostRole
buckets:
- !Ref QsS3BucketName
AWS::CloudFormation::Init: AWS::CloudFormation::Init:
configSets: configSets:
artifactory_install: artifactory_install:
@@ -342,17 +329,9 @@ Resources:
} }
S3URI=${QsS3Uri} # Install jq
yum install -y epel-release
# Update OS yum install -y jq
yum update -y
# Install git
yum install -y epel-release git policycoreutils-python
yum update --security -y 2>&1 | tee /var/log/userdata.yum_security_update.log
yum install -y jq python3 libselinux-python3
echo $PATH echo $PATH
@@ -360,24 +339,9 @@ Resources:
echo $PATH echo $PATH
# Create virtual env and activate # Activate virtual env
python3 -m venv ~/venv --system-site-packages
source ~/venv/bin/activate source ~/venv/bin/activate
pip install --upgrade pip
pip install jmespath wheel
# Install Cloudformation helper scripts
pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz 2>&1 | tee /var/log/userdata.aws_cfn_bootstrap_install.log
pip install awscli 2>&1 | tee /var/log/userdata.awscli_install.log
pip install ansible 2>&1 | tee /var/log/userdata.ansible_install.log
mkdir ~/.jfrog_ami
aws s3 --region ${AWS::Region} sync s3://${QsS3BucketName}/${QsS3KeyPrefix}cloudInstallerScripts/ ~/.jfrog_ami/ || cfn_fail
setsebool httpd_can_network_connect 1 -P setsebool httpd_can_network_connect 1 -P
# CentOS cloned virtual machines do not create a new machine id # CentOS cloned virtual machines do not create a new machine id
@@ -394,8 +358,6 @@ Resources:
/root/attach_volume.sh || cfn_fail /root/attach_volume.sh || cfn_fail
ansible-galaxy collection install community.general ansible.posix
setsebool httpd_can_network_connect 1 -P setsebool httpd_can_network_connect 1 -P
aws secretsmanager get-secret-value --secret-id ${ArtifactoryLicensesSecretName} --region ${AWS::Region} | jq -r '{"artifactory_licenses":(.SecretString | fromjson )}' > ~/.jfrog_ami/licenses.json || cfn_fail aws secretsmanager get-secret-value --secret-id ${ArtifactoryLicensesSecretName} --region ${AWS::Region} | jq -r '{"artifactory_licenses":(.SecretString | fromjson )}' > ~/.jfrog_ami/licenses.json || cfn_fail

49
Amazon/Marketplace/v7153/templates/jfrog-xray-ec2-instance.template.yaml
View File

@@ -13,12 +13,6 @@ Parameters:
Type: Number Type: Number
DeploymentTag: DeploymentTag:
Type: String Type: String
QsS3BucketName:
Type: String
QsS3KeyPrefix:
Type: String
QsS3Uri:
Type: String
DatabaseDriver: DatabaseDriver:
Type: String Type: String
DatabaseType: DatabaseType:
@@ -64,13 +58,13 @@ Parameters:
Mappings: Mappings:
AWSAMIRegionMap: AWSAMIRegionMap:
us-east-1: us-east-1:
"3174": ami-028555fa3b9469dc3 "3174": ami-0cfe501ba23b450bd
us-east-2: us-east-2:
"3174": ami-0f4980801d180776a "3174": ami-0f4980801d180776a
us-west-1: us-west-1:
"3174": ami-006041db0f601e438 "3174": ami-006041db0f601e438
us-west-2: us-west-2:
"3174": ami-0d67b78b4f09fa9a7 "3174": ami-05019f9185d4f809e
ca-central-1: ca-central-1:
"3174": ami-056bafb407aa8e445 "3174": ami-056bafb407aa8e445
eu-central-1: eu-central-1:
@@ -94,9 +88,9 @@ Mappings:
sa-east-1: sa-east-1:
"3174": ami-0c2acb2f23c3e6743 "3174": ami-0c2acb2f23c3e6743
us-gov-east-1: us-gov-east-1:
"3174": ami-0349215efccd0d9f6 "3174": ami-06e63f61fa6c13b25
us-gov-west-1: us-gov-west-1:
"3174": ami-0b52a6d3379d2c20c "3174": ami-006010831d25af96b
Resources: Resources:
XrayScalingGroup: XrayScalingGroup:
@@ -129,13 +123,6 @@ Resources:
XrayLaunchConfiguration: XrayLaunchConfiguration:
Type: AWS::AutoScaling::LaunchConfiguration Type: AWS::AutoScaling::LaunchConfiguration
Metadata: Metadata:
AWS::CloudFormation::Authentication:
S3AccessCreds:
type: S3
roleName:
- !Ref XrayHostRole
buckets:
- !Ref QsS3BucketName
AWS::CloudFormation::Init: AWS::CloudFormation::Init:
configSets: configSets:
xray_install: xray_install:
@@ -195,7 +182,7 @@ Resources:
IamInstanceProfile: !Ref XrayHostProfile IamInstanceProfile: !Ref XrayHostProfile
ImageId: !FindInMap ImageId: !FindInMap
- AWSAMIRegionMap - AWSAMIRegionMap
- !Ref 'AWS::Region' - !Ref AWS::Region
- !Ref XrayAmiId - !Ref XrayAmiId
SecurityGroups: SecurityGroups:
- !Ref SecurityGroups - !Ref SecurityGroups
@@ -235,37 +222,15 @@ Resources:
} }
S3URI=${QsS3Uri}
yum update --security -y &> /var/log/userdata.yum_security_update.log
yum install -y git python3 libselinux-python3
yum install -y postgresql-server postgresql-devel
echo $PATH echo $PATH
PATH=/opt/aws/bin:$PATH PATH=/opt/aws/bin:$PATH
echo $PATH echo $PATH
# Create virtual env and activate # Activate virtual env
python3 -m venv ~/venv --system-site-packages
source ~/venv/bin/activate source ~/venv/bin/activate
pip install --upgrade pip
pip install wheel
# Install Cloudformation helper scripts
pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz 2>&1 | tee /var/log/userdata.aws_cfn_bootstrap_install.log
pip install awscli &> /var/log/userdata.awscli_install.log
pip install ansible &> /var/log/userdata.ansible_install.log
mkdir ~/.xray_ami
aws s3 --region ${AWS::Region} sync s3://${QsS3BucketName}/${QsS3KeyPrefix}cloudInstallerScripts/ ~/.xray_ami/
setsebool httpd_can_network_connect 1 -P setsebool httpd_can_network_connect 1 -P
# CentOS cloned virtual machines do not create a new machine id # CentOS cloned virtual machines do not create a new machine id
@@ -282,8 +247,6 @@ Resources:
lsblk # debug lsblk # debug
ansible-galaxy collection install community.general ansible.posix
ansible-playbook /root/.xray_ami/xray.yml --vault-id /root/.vault_pass.txt 2>&1 | tee /var/log/xray.log || cfn_fail ansible-playbook /root/.xray_ami/xray.yml --vault-id /root/.vault_pass.txt 2>&1 | tee /var/log/xray.log || cfn_fail
rm -rf /root/.secureit.sh rm -rf /root/.secureit.sh