diff --git a/Ansible/ansible_collections/jfrog/platform/CHANGELOG.md b/Ansible/ansible_collections/jfrog/platform/CHANGELOG.md index cbddfe4..960584a 100644 --- a/Ansible/ansible_collections/jfrog/platform/CHANGELOG.md +++ b/Ansible/ansible_collections/jfrog/platform/CHANGELOG.md @@ -1,9 +1,14 @@ # JFrog Platform Ansible Collection Changelog All changes to this collection will be documented in this file. +## [7.9.4] - May 31, 2021 +* Moved product versions from `groups_vars/all/package_version.yml` to roles//defaults +* Added variable to configure postgres apt key (`postgres_apt_key_url`) and id (`postgres_apt_key_id`) +* Squashed bugs from previous release + ## [7.8.6] - May 10, 2021 * Fixed broken URLs in ansible galaxy - [108](https://github.com/jfrog/JFrog-Cloud-Installers/issues/108) -* Added option to configure system.yaml (using `_systemyaml` variable) and binarystore.xml (using `artifactory_binarystore` variable) +* Added variable to configure system.yaml (using `_systemyaml`) and binarystore.xml (using `artifactory_binarystore`) ## [7.8.5] - May 3, 2021 * Added new `jfrog.platform` collection with Artifactory, Distribution, Missioncontrol and Xray roles diff --git a/Ansible/ansible_collections/jfrog/platform/README.md b/Ansible/ansible_collections/jfrog/platform/README.md index cec9f31..319753f 100644 --- a/Ansible/ansible_collections/jfrog/platform/README.md +++ b/Ansible/ansible_collections/jfrog/platform/README.md @@ -2,8 +2,8 @@ This Ansible directory consists of the following directories that support the JFrog Platform collection. - * [ansible_collections directory](ansible_collections) - This directory contains the Ansible collection package that has the Ansible roles for Artifactory, Distribution, Missioncontrol and Xray. See the roles README for details on the product roles and variables. - * [examples directory](examples) - This directory contains example playbooks for various architectures. + * ansible_collections directory - This directory contains the Ansible collection package that has the Ansible roles for Artifactory, Distribution, Missioncontrol and Xray. See the roles README for details on the product roles and variables. + * examples directory - This directory contains example playbooks for various architectures. ## Getting Started @@ -28,9 +28,9 @@ This Ansible directory consists of the following directories that support the JF 2. Ansible uses SSH to connect to hosts. Ensure that your SSH private key is on your client and the public keys are installed on your Ansible hosts. - 3. Create your inventory file. Use one of the examples from the [examples directory](examples) to construct an inventory file (hosts.ini) with the host addresses + 3. Create your inventory file. Use one of the examples from the examples directory to construct an inventory file (hosts.ini) with the host addresses - 4. Create your playbook. Use one of the examples from the [examples directory](examples) to construct a playbook using the JFrog Ansible roles. These roles will be applied to your inventory and provision software. + 4. Create your playbook. Use one of the examples from the examples directory to construct a playbook using the JFrog Ansible roles. These roles will be applied to your inventory and provision software. 5. Then execute with the following command to provision the JFrog Platform with Ansible. @@ -89,7 +89,7 @@ All JFrog product roles support software updates. To use a role to perform a sof ``` ## Building the Collection Archive -1. Go to the [ansible_collections/jfrog/platform directory](ansible_collections/jfrog/platform). +1. Go to the ansible_collections/jfrog/platform directory. 2. Update the galaxy.yml meta file as needed. Update the version. 3. Build the archive. (Requires Ansible 2.9+) ``` diff --git a/Ansible/ansible_collections/jfrog/platform/galaxy.yml b/Ansible/ansible_collections/jfrog/platform/galaxy.yml index 96333ca..dd96571 100644 --- a/Ansible/ansible_collections/jfrog/platform/galaxy.yml +++ b/Ansible/ansible_collections/jfrog/platform/galaxy.yml @@ -9,7 +9,7 @@ namespace: "jfrog" name: "platform" # The version of the collection. Must be compatible with semantic versioning -version: "7.18.6" +version: "7.19.4" # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: "README.md" @@ -23,7 +23,7 @@ authors: ### OPTIONAL but strongly recommended # A short summary description of the collection -description: "This collection provides roles for installing JFrog Platform which includes Artifactory, Distribution, Mission-control and Xray. Additionally, it provides optional SSL and Postgresql roles if these are needed for your deployment." +description: "This collection provides roles for installing JFrog Platform which includes Artifactory, Distribution, Missioncontrol and Xray. Additionally, it provides optional SSL and Postgresql roles if these are needed for your deployment." # Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only # accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file' diff --git a/Ansible/ansible_collections/jfrog/platform/group_vars/all/package_version.yml b/Ansible/ansible_collections/jfrog/platform/group_vars/all/package_version.yml deleted file mode 100644 index 473c62f..0000000 --- a/Ansible/ansible_collections/jfrog/platform/group_vars/all/package_version.yml +++ /dev/null @@ -1,8 +0,0 @@ -# The version of products to install -artifactory_version: 7.18.6 -xray_version: 3.24.2 -distribution_version: 2.7.1 -missioncontrol_version: 4.7.3 - -# platform collection version -platform_collection_version: 7.18.6 diff --git a/Ansible/ansible_collections/jfrog/platform/jfrog-platform-7.18.6.tar.gz b/Ansible/ansible_collections/jfrog/platform/jfrog-platform-7.18.6.tar.gz deleted file mode 100644 index 401e06f..0000000 Binary files a/Ansible/ansible_collections/jfrog/platform/jfrog-platform-7.18.6.tar.gz and /dev/null differ diff --git a/Ansible/ansible_collections/jfrog/platform/jfrog-platform-7.19.4.tar.gz b/Ansible/ansible_collections/jfrog/platform/jfrog-platform-7.19.4.tar.gz new file mode 100644 index 0000000..e05c07d Binary files /dev/null and b/Ansible/ansible_collections/jfrog/platform/jfrog-platform-7.19.4.tar.gz differ diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/defaults/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/defaults/main.yml index 853f884..d1fa1bb 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/defaults/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/defaults/main.yml @@ -1,7 +1,8 @@ --- # defaults file for artifactory -# indicates where this collection was downloaded from (galaxy, automation_hub, standalone) -ansible_marketplace: standalone + +# The version of artifactory to install +artifactory_version: 7.19.4 # Set this to true when SSL is enabled (to use artifactory_nginx_ssl role), default to false (implies artifactory uses artifactory_nginx role ) artifactory_nginx_ssl_enabled: false @@ -30,9 +31,6 @@ artifactory_taskAffinity: any # The location where Artifactory should install. jfrog_home_directory: /opt/jfrog -# The location where Artifactory should store data. -artifactory_file_store_dir: /data - # Pick the Artifactory flavour to install, can be also cpp-ce, jcr, pro. artifactory_flavour: pro @@ -42,7 +40,8 @@ artifactory_tar: https://releases.jfrog.io/artifactory/artifactory-pro/org/artif artifactory_home: "{{ jfrog_home_directory }}/artifactory" artifactory_untar_home: "{{ jfrog_home_directory }}/artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}" -postgres_driver_download_url: https://repo1.maven.org/maven2/org/postgresql/postgresql/42.2.20/postgresql-42.2.20.jar +postgres_driver_version: 42.2.20 +postgres_driver_download_url: https://repo1.maven.org/maven2/org/postgresql/postgresql/{{ postgres_driver_version }}/postgresql-{{ postgres_driver_version }}.jar artifactory_user: artifactory artifactory_group: artifactory @@ -59,6 +58,7 @@ artifactory_upgrade_only: false artifactory_admin_username: admin artifactory_admin_password: password +artifactory_service_file : /lib/systemd/system/artifactory.service # Provide binarystore XML content below with 2-space indentation artifactory_binarystore: |- @@ -71,6 +71,8 @@ artifactory_binarystore: |- artifactory_systemyaml: |- configVersion: 1 shared: + security: + joinKey: "{{ join_key }}" extraJavaOpts: "{{ artifactory_extra_java_opts }}" node: id: {{ ansible_hostname }} @@ -86,3 +88,6 @@ artifactory_systemyaml: |- router: entrypoints: internalPort: 8046 + +# Note: artifactory_systemyaml_override is by default false, if you want to change default artifactory_systemyaml +artifactory_systemyaml_override: false diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/meta/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/meta/main.yml index e604dfc..76ebd4b 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/meta/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/meta/main.yml @@ -1,6 +1,6 @@ galaxy_info: author: "JFrog Maintainers Team " - description: "The artifactory role installs the Artifactory Pro software onto the host. Per the Vars below, it will configure a node as primary or secondary. This role uses secondary roles artifactory_nginx to install nginx." + description: "The artifactory role installs the Artifactory Pro software onto the host." company: JFrog issue_tracker_url: "https://github.com/jfrog/JFrog-Cloud-Installers/issues" diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/install.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/install.yml index ee33f09..cec6fb7 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/install.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/install.yml @@ -5,12 +5,16 @@ - name: install nginx include_role: name: artifactory_nginx - when: artifactory_nginx_enabled == true + when: + - artifactory_nginx_enabled | bool + - not artifactory_nginx_ssl_enabled | bool - name: install nginx with SSL include_role: name: artifactory_nginx_ssl - when: artifactory_nginx_ssl_enabled == true + when: + - not artifactory_nginx_enabled | bool + - artifactory_nginx_ssl_enabled | bool - name: Ensure group artifactory exist become: yes @@ -55,7 +59,7 @@ command: "cp -r {{ artifactory_untar_home }}/. {{ artifactory_home }}" when: not app_dir_check.stat.exists -- name: Create required directories +- name: Create required directories become: yes file: path: "{{ item }}" @@ -64,40 +68,37 @@ owner: "{{ artifactory_user }}" group: "{{ artifactory_group }}" loop: - - "{{ artifactory_file_store_dir }}" - "{{ artifactory_home }}/var/data" - "{{ artifactory_home }}/var/etc" - "{{ artifactory_home }}/var/etc/security/" - "{{ artifactory_home }}/var/etc/artifactory/info/" +- name: Check if systemyaml exists + become: yes + stat: + path: "{{ artifactory_home }}/var/etc/system.yaml" + register: systemyaml + - name: Configure systemyaml become: yes template: src: "{{ artifactory_system_yaml_template }}" dest: "{{ artifactory_home }}/var/etc/system.yaml" + when: + - artifactory_systemyaml is defined + - artifactory_systemyaml|length > 0 + - artifactory_systemyaml_override or (not systemyaml.stat.exists) notify: restart artifactory - name: Configure master key become: yes copy: dest: "{{ artifactory_home }}/var/etc/security/master.key" - content: | - {{ master_key }} + content: "{{ master_key }}" owner: "{{ artifactory_user }}" group: "{{ artifactory_group }}" mode: 0640 -- name: Configure join key - become: yes - copy: - dest: "{{ artifactory_home }}/var/etc/security/join.key" - content: | - {{ join_key }} - owner: "{{ artifactory_user }}" - group: "{{ artifactory_group }}" - mode: 0640 - notify: restart artifactory - - name: Configure installer info become: yes template: @@ -110,6 +111,9 @@ template: src: binarystore.xml.j2 dest: "{{ artifactory_home }}/var/etc/artifactory/binarystore.xml" + when: + - artifactory_binarystore is defined + - artifactory_binarystore|length > 0 notify: restart artifactory - name: Configure single license @@ -117,17 +121,27 @@ template: src: artifactory.lic.j2 dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.lic" - when: artifactory_single_license is defined + when: + - artifactory_single_license is defined + - artifactory_single_license|length > 0 notify: restart artifactory -- name: Configure HA licenses +- name: Configure HA licenses become: yes template: src: artifactory.cluster.license.j2 dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.cluster.license" - when: artifactory_licenses is defined + when: + - artifactory_licenses is defined + - artifactory_licenses|length > 0 notify: restart artifactory +- name: Check if database driver exists + become: yes + stat: + path: "{{ artifactory_home }}/app/artifactory/tomcat/lib/jf_postgresql-{{ postgres_driver_version }}.jar" + register: database_driver + - name: Download database driver become: yes get_url: @@ -135,13 +149,17 @@ dest: "{{ artifactory_home }}/var/bootstrap/artifactory/tomcat/lib" owner: "{{ artifactory_user }}" group: "{{ artifactory_group }}" - when: postgres_driver_download_url is defined + when: + - postgres_driver_download_url is defined + - not database_driver.stat.exists notify: restart artifactory - name: Create artifactory service become: yes shell: "{{ artifactory_home }}/app/bin/installService.sh" - + args: + creates: "{{ artifactory_service_file }}" + - name: Ensure permissions are correct become: yes file: @@ -153,9 +171,10 @@ - name: Restart artifactory meta: flush_handlers -- name : Wait for artifactory to be fully deployed +- name : Wait for artifactory to be fully deployed uri: url=http://127.0.0.1:8082/router/api/v1/system/health timeout=130 register: result until: result.status == 200 retries: 25 delay: 5 + when: not ansible_check_mode diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/upgrade.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/upgrade.yml index 547c41d..514363b 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/upgrade.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/upgrade.yml @@ -2,18 +2,6 @@ - debug: msg: "Performing upgrade of Artifactory version to : {{ artifactory_version }} " -- name: Stop artifactory - become: yes - systemd: - name: "{{ artifactory_daemon }}" - state: stopped - -- name: Ensure jfrog_home_directory exists - become: yes - file: - path: "{{ jfrog_home_directory }}" - state: directory - - name: Download artifactory for upgrade become: yes unarchive: @@ -28,41 +16,67 @@ until: downloadartifactory is succeeded retries: 3 +- name: Stop artifactory + become: yes + systemd: + name: "{{ artifactory_daemon }}" + state: stopped + when: downloadartifactory.changed + +- name: Ensure jfrog_home_directory exists + become: yes + file: + path: "{{ jfrog_home_directory }}" + state: directory + - name: Delete artifactory app directory become: yes file: path: "{{ artifactory_home }}/app" state: absent + when: downloadartifactory.changed - name: Copy new app to artifactory app become: yes command: "cp -r {{ artifactory_untar_home }}/app/. {{ artifactory_home }}/app" - -- name: Configure join key - become: yes - copy: - dest: "{{ artifactory_home }}/var/etc/security/join.key" - content: | - {{ join_key }} - owner: "{{ artifactory_user }}" - group: "{{ artifactory_group }}" - mode: 0640 - notify: restart artifactory + when: downloadartifactory.changed - name: Configure single license become: yes template: src: artifactory.lic.j2 dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.lic" - when: artifactory_single_license is defined + when: + - artifactory_single_license is defined + - artifactory_single_license|length > 0 notify: restart artifactory -- name: Configure HA licenses +- name: Configure HA licenses become: yes template: src: artifactory.cluster.license.j2 dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.cluster.license" - when: artifactory_licenses is defined + when: + - artifactory_licenses is defined + - artifactory_licenses|length > 0 + notify: restart artifactory + +- name: Check if database driver exists + become: yes + stat: + path: "{{ artifactory_home }}/app/artifactory/tomcat/lib/jf_postgresql-{{ postgres_driver_version }}.jar" + register: database_driver + +- name: Download database driver + become: yes + get_url: + url: "{{ postgres_driver_download_url }}" + dest: "{{ artifactory_home }}/var/bootstrap/artifactory/tomcat/lib" + owner: "{{ artifactory_user }}" + group: "{{ artifactory_group }}" + when: + - postgres_driver_download_url is defined + - not database_driver.stat.exists notify: restart artifactory - name: Configure installer info @@ -77,13 +91,26 @@ template: src: binarystore.xml.j2 dest: "{{ artifactory_home }}/var/etc/artifactory/binarystore.xml" + when: + - artifactory_binarystore is defined + - artifactory_binarystore|length > 0 notify: restart artifactory +- name: Check if systemyaml exists + become: yes + stat: + path: "{{ artifactory_home }}/var/etc/system.yaml" + register: systemyaml + - name: Configure systemyaml become: yes template: src: "{{ artifactory_system_yaml_template }}" dest: "{{ artifactory_home }}/var/etc/system.yaml" + when: + - artifactory_systemyaml is defined + - artifactory_systemyaml|length > 0 + - artifactory_systemyaml_override or (not systemyaml.stat.exists) notify: restart artifactory - name: Ensure permissions are correct @@ -97,9 +124,10 @@ - name: Restart artifactory meta: flush_handlers -- name : Wait for artifactory to be fully deployed +- name : Wait for artifactory to be fully deployed uri: url=http://127.0.0.1:8082/router/api/v1/system/health timeout=130 register: result until: result.status == 200 retries: 25 delay: 5 + when: not ansible_check_mode diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/artifactory.cluster.license.j2 b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/artifactory.cluster.license.j2 index 8fa3367..e07edcc 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/artifactory.cluster.license.j2 +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/artifactory.cluster.license.j2 @@ -1,3 +1 @@ -{% if (artifactory_licenses) and (artifactory_licenses|length > 0) %} -{{ artifactory_licenses }} -{% endif %} +{{ artifactory_licenses }} \ No newline at end of file diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/artifactory.lic.j2 b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/artifactory.lic.j2 index 49fa0ca..2366f39 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/artifactory.lic.j2 +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/artifactory.lic.j2 @@ -1,3 +1 @@ -{% if (artifactory_single_license) and (artifactory_single_license|length > 0) %} -{{ artifactory_single_license }} -{% endif %} +{{ artifactory_single_license }} \ No newline at end of file diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/binarystore.xml.j2 b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/binarystore.xml.j2 index 50c4625..a1f6621 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/binarystore.xml.j2 +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/binarystore.xml.j2 @@ -1,3 +1 @@ -{% if (artifactory_binarystore) and (artifactory_binarystore|length > 0) %} -{{ artifactory_binarystore }} -{% endif %} \ No newline at end of file +{{ artifactory_binarystore }} \ No newline at end of file diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/system.yaml.j2 b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/system.yaml.j2 index fb8c0ed..5bc476c 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/system.yaml.j2 +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/system.yaml.j2 @@ -1,3 +1 @@ -{% if (artifactory_systemyaml) and (artifactory_systemyaml|length > 0) %} -{{ artifactory_systemyaml }} -{% endif %} \ No newline at end of file +{{ artifactory_systemyaml }} \ No newline at end of file diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/main.yml new file mode 100644 index 0000000..64c6a7d --- /dev/null +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/main.yml @@ -0,0 +1,6 @@ +--- +# platform collection version +platform_collection_version: 7.19.4 + +# indicates where this collection was downloaded from (galaxy, automation_hub, standalone) +ansible_marketplace: galaxy \ No newline at end of file diff --git a/Ansible/ansible_collections/jfrog/platform/roles/distribution/defaults/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/distribution/defaults/main.yml index 1fc0c31..aca0d96 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/distribution/defaults/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/distribution/defaults/main.yml @@ -1,7 +1,8 @@ --- # defaults file for distribution -# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone) -ansible_marketplace: standalone + +# The version of distribution to install +distribution_version: 2.7.1 # whether to enable HA distribution_ha_enabled: false @@ -21,6 +22,7 @@ distribution_home: "{{ jfrog_home_directory }}/distribution" distribution_install_script_path: "{{ distribution_home }}/app/bin" distribution_thirdparty_path: "{{ distribution_home }}/app/third-party" distribution_archive_service_cmd: "{{ distribution_install_script_path }}/installService.sh" +distribution_service_file: /lib/systemd/system/distribution.service #distribution users and groups distribution_user: distribution @@ -64,3 +66,6 @@ distribution_systemyaml: |- router: entrypoints: internalPort: 8046 + +# Note: distribution_systemyaml_override is by default false, if you want to change default distribution_systemyaml +distribution_systemyaml_override: false diff --git a/Ansible/ansible_collections/jfrog/platform/roles/distribution/tasks/install.yml b/Ansible/ansible_collections/jfrog/platform/roles/distribution/tasks/install.yml index 7e6124b..4499cdc 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/distribution/tasks/install.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/distribution/tasks/install.yml @@ -9,7 +9,7 @@ become: yes when: ansible_os_family == 'Redhat' -- name: Install expect dependency +- name: Install expect dependency apt: name: expect state: present @@ -17,7 +17,7 @@ become: yes when: ansible_os_family == 'Debian' -- name: Ensure group jfdistribution exist +- name: Ensure group distribution exist become: yes group: name: "{{ distribution_group }}" @@ -59,7 +59,7 @@ command: "cp -r {{ distribution_untar_home }}/. {{ distribution_home }}" when: not app_dir_check.stat.exists -- name: Create required directories +- name: Create required directories become: yes file: path: "{{ item }}" @@ -77,8 +77,7 @@ become: yes copy: dest: "{{ distribution_home }}/var/etc/security/master.key" - content: | - {{ master_key }} + content: "{{ master_key }}" owner: "{{ distribution_user }}" group: "{{ distribution_group }}" mode: 0640 @@ -98,10 +97,10 @@ exp_executable_cmd: "./install.sh -u {{ distribution_user }} -g {{ distribution_group }}" exp_dir: "{{ distribution_install_script_path }}" exp_scenarios: "{{ distribution_installer_scenario['main'] }}" - args: + args: apply: - environment: - YQ_PATH: "{{ distribution_thirdparty_path }}/yq" + environment: + YQ_PATH: "{{ distribution_thirdparty_path }}/yq" when: install_wrapper_script.stat.exists - name: Configure redis config @@ -111,11 +110,21 @@ dest: "{{ distribution_home }}/var/etc/redis/redis.conf" notify: restart distribution +- name: Check if systemyaml exists + become: yes + stat: + path: "{{ distribution_home }}/var/etc/system.yaml" + register: systemyaml + - name: Configure systemyaml become: yes template: src: "{{ distribution_system_yaml_template }}" dest: "{{ distribution_home }}/var/etc/system.yaml" + when: + - distribution_systemyaml is defined + - distribution_systemyaml|length > 0 + - distribution_systemyaml_override or (not systemyaml.stat.exists) notify: restart distribution - name: Configure installer info @@ -133,7 +142,6 @@ recurse: yes owner: "{{ distribution_user }}" group: "{{ distribution_group }}" - mode: '0755' - name: Install Distribution as a service become: yes @@ -141,15 +149,25 @@ {{ distribution_archive_service_cmd }} args: chdir: "{{ distribution_install_script_path }}" + creates: "{{ distribution_service_file }}" register: check_service_status_result - ignore_errors: yes + +- name: Update distribution permissions + become: yes + file: + path: "{{ distribution_home }}" + state: directory + recurse: yes + owner: "{{ distribution_user }}" + group: "{{ distribution_group }}" - name: Restart distribution meta: flush_handlers -- name : Wait for distribution to be fully deployed +- name : Wait for distribution to be fully deployed uri: url=http://127.0.0.1:8082/router/api/v1/system/health timeout=130 register: result until: result.status == 200 retries: 25 delay: 5 + when: not ansible_check_mode diff --git a/Ansible/ansible_collections/jfrog/platform/roles/distribution/tasks/upgrade.yml b/Ansible/ansible_collections/jfrog/platform/roles/distribution/tasks/upgrade.yml index 4e83e9e..e71f3c9 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/distribution/tasks/upgrade.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/distribution/tasks/upgrade.yml @@ -2,12 +2,6 @@ - debug: msg: "Performing upgrade of Distribution version to {{ distribution_version }} " -- name: Stop distribution - become: yes - systemd: - name: "{{ distribution_daemon }}" - state: stopped - - name: Download distribution for upgrade become: yes unarchive: @@ -21,21 +15,31 @@ until: downloaddistribution is succeeded retries: 3 +- name: Stop distribution + become: yes + systemd: + name: "{{ distribution_daemon }}" + state: stopped + when: downloaddistribution.changed + - name: Delete distribution app become: yes file: path: "{{ distribution_home }}/app" state: absent + when: downloaddistribution.changed - name: Copy new app to distribution app become: yes command: "cp -r {{ distribution_untar_home }}/app/. {{ distribution_home }}/app" + when: downloaddistribution.changed - name: Check if install.sh wrapper script exist become: yes stat: path: "{{ distribution_install_script_path }}/install.sh" register: install_wrapper_script + when: downloaddistribution.changed - name: Include interactive installer scripts include_vars: script/archive.yml @@ -46,11 +50,13 @@ exp_executable_cmd: "./install.sh -u {{ distribution_user }} -g {{ distribution_group }}" exp_dir: "{{ distribution_install_script_path }}" exp_scenarios: "{{ distribution_installer_scenario['main'] }}" - args: + args: apply: - environment: - YQ_PATH: "{{ distribution_thirdparty_path }}/yq" - when: install_wrapper_script.stat.exists + environment: + YQ_PATH: "{{ distribution_thirdparty_path }}/yq" + when: + - install_wrapper_script.stat.exists + - downloaddistribution.changed - name: Ensure {{ distribution_home }}/var/etc/redis exists become: yes @@ -74,14 +80,24 @@ dest: "{{ distribution_home }}/var/etc/info/installer-info.json" notify: restart distribution +- name: Check if systemyaml exists + become: yes + stat: + path: "{{ distribution_home }}/var/etc/system.yaml" + register: systemyaml + - name: Configure systemyaml become: yes template: src: "{{ distribution_system_yaml_template }}" dest: "{{ distribution_home }}/var/etc/system.yaml" + when: + - distribution_systemyaml is defined + - distribution_systemyaml|length > 0 + - distribution_systemyaml_override or (not systemyaml.stat.exists) notify: restart distribution -- name: Update Distribution base dir owner and group +- name: Update distribution permissions become: yes file: path: "{{ distribution_home }}" @@ -89,23 +105,14 @@ recurse: yes owner: "{{ distribution_user }}" group: "{{ distribution_group }}" - mode: '0755' - -- name: Install Distribution as a service - become: yes - shell: | - {{ distribution_archive_service_cmd }} - args: - chdir: "{{ distribution_install_script_path }}" - register: check_service_status_result - ignore_errors: yes - name: Restart distribution meta: flush_handlers -- name : Wait for distribution to be fully deployed +- name : Wait for distribution to be fully deployed uri: url=http://127.0.0.1:8082/router/api/v1/system/health timeout=130 register: result until: result.status == 200 retries: 25 delay: 5 + when: not ansible_check_mode diff --git a/Ansible/ansible_collections/jfrog/platform/roles/distribution/templates/system.yaml.j2 b/Ansible/ansible_collections/jfrog/platform/roles/distribution/templates/system.yaml.j2 index a4cfba4..e2f91f7 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/distribution/templates/system.yaml.j2 +++ b/Ansible/ansible_collections/jfrog/platform/roles/distribution/templates/system.yaml.j2 @@ -1,3 +1 @@ -{% if (distribution_systemyaml) and (distribution_systemyaml|length > 0) %} -{{ distribution_systemyaml }} -{% endif %} \ No newline at end of file +{{ distribution_systemyaml }} \ No newline at end of file diff --git a/Ansible/ansible_collections/jfrog/platform/roles/distribution/vars/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/distribution/vars/main.yml index cd21505..f44ee2c 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/distribution/vars/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/distribution/vars/main.yml @@ -1,2 +1,6 @@ --- +# platform collection version +platform_collection_version: 7.19.4 +# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone) +ansible_marketplace: galaxy diff --git a/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/defaults/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/defaults/main.yml index 22940bd..fd8fbfe 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/defaults/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/defaults/main.yml @@ -1,7 +1,8 @@ --- # defaults file for mc -# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone) -ansible_marketplace: standalone + +# The version of missioncontrol to install +missioncontrol_version: 4.7.4 # whether to enable HA mc_ha_enabled: false @@ -12,16 +13,16 @@ mc_ha_node_type : master jfrog_home_directory: /opt/jfrog # The remote mc download file -mc_tar: https://releases.jfrog.io/artifactory/jfrog-mc/linux/{{ missionControl_version }}/jfrog-mc-{{ missionControl_version }}-linux.tar.gz - +mc_tar: https://releases.jfrog.io/artifactory/jfrog-mc/linux/{{ missioncontrol_version }}/jfrog-mc-{{ missioncontrol_version }}-linux.tar.gz #The mc install directory -mc_untar_home: "{{ jfrog_home_directory }}/jfrog-mc-{{ missionControl_version }}-linux" +mc_untar_home: "{{ jfrog_home_directory }}/jfrog-mc-{{ missioncontrol_version }}-linux" mc_home: "{{ jfrog_home_directory }}/mc" mc_install_script_path: "{{ mc_home }}/app/bin" mc_thirdparty_path: "{{ mc_home }}/app/third-party" mc_archive_service_cmd: "{{ mc_install_script_path }}/installService.sh" +mc_service_file : /lib/systemd/system/mc.service #mc users and groups mc_user: jfmc @@ -94,3 +95,6 @@ mc_systemyaml: |- router: entrypoints: internalPort: 8046 + +# Note: mc_systemyaml_override is by default false, if you want to change default mc_systemyaml +mc_systemyaml_override: false diff --git a/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/meta/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/meta/main.yml index 2a11e72..c70b8e9 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/meta/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/meta/main.yml @@ -1,6 +1,6 @@ galaxy_info: author: "JFrog Maintainers Team " - description: "The missionControl role will install missionControl software onto the host. An Artifactory server and Postgress database is required." + description: "The missioncontrol role will install missioncontrol software onto the host. An Artifactory server and Postgress database is required." company: JFrog issue_tracker_url: "https://github.com/jfrog/JFrog-Cloud-Installers/issues" @@ -10,7 +10,7 @@ galaxy_info: min_ansible_version: 2.9 galaxy_tags: - - missionControl + - missioncontrol - jfrog dependencies: [] \ No newline at end of file diff --git a/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/install.yml b/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/install.yml index 14b2c30..4a8c75b 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/install.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/install.yml @@ -9,7 +9,7 @@ state: present when: ansible_os_family == 'Redhat' -- name: Install expect dependency +- name: Install expect dependency become: yes apt: name: expect @@ -59,7 +59,7 @@ command: "cp -r {{ mc_untar_home }}/. {{ mc_home }}" when: not app_dir_check.stat.exists -- name: Create required directories +- name: Create required directories become: yes file: path: "{{ item }}" @@ -76,8 +76,7 @@ become: yes copy: dest: "{{ mc_home }}/var/etc/security/master.key" - content: | - {{ master_key }} + content: "{{ master_key }}" owner: "{{ mc_user }}" group: "{{ mc_group }}" mode: 0640 @@ -100,10 +99,10 @@ exp_executable_cmd: "./install.sh -u {{ mc_user }} -g {{ mc_group }}" exp_dir: "{{ mc_install_script_path }}" exp_scenarios: "{{ mc_installer_scenario['main'] }}" - args: + args: apply: - environment: - YQ_PATH: "{{ mc_thirdparty_path }}/yq" + environment: + YQ_PATH: "{{ mc_thirdparty_path }}/yq" when: install_wrapper_script.stat.exists - name: Configure installer info @@ -113,11 +112,21 @@ dest: "{{ mc_home }}/var/etc/info/installer-info.json" notify: restart missioncontrol +- name: Check if systemyaml exists + become: yes + stat: + path: "{{ mc_home }}/var/etc/system.yaml" + register: systemyaml + - name: Configure systemyaml become: yes template: src: "{{ mc_system_yaml_template }}" dest: "{{ mc_home }}/var/etc/system.yaml" + when: + - mc_systemyaml is defined + - mc_systemyaml|length > 0 + - mc_systemyaml_override or (not systemyaml.stat.exists) notify: restart missioncontrol - name: Update correct permissions @@ -128,7 +137,6 @@ recurse: yes owner: "{{ mc_user }}" group: "{{ mc_group }}" - mode: '0755' - name: Install mc as a service become: yes @@ -136,15 +144,16 @@ {{ mc_archive_service_cmd }} args: chdir: "{{ mc_install_script_path }}" + creates: "{{ mc_service_file }}" register: check_service_status_result - ignore_errors: yes - name: Restart missioncontrol meta: flush_handlers -- name : Wait for missionControl to be fully deployed +- name : Wait for missionControl to be fully deployed uri: url=http://127.0.0.1:8082/router/api/v1/system/health timeout=130 register: result until: result.status == 200 retries: 25 - delay: 5 \ No newline at end of file + delay: 5 + when: not ansible_check_mode diff --git a/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/setup-elasticsearch.yml b/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/setup-elasticsearch.yml index 768e508..1ef44b9 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/setup-elasticsearch.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/setup-elasticsearch.yml @@ -16,7 +16,7 @@ shell: /bin/bash state: present -- name: Create required directories +- name: Create required directories become: yes file: path: "{{ item }}" @@ -69,16 +69,15 @@ when: check_elasticsearch_package_result.matched > 0 - name: Ensure /usr/share/elasticsearch exists + become: yes file: path: "{{ mc_es_home }}" state: directory owner: elasticsearch group: elasticsearch - become: yes - name: Extract elasticsearch package become: yes - become_user: elasticsearch ignore_errors: yes unarchive: src: "{{ mc_elasticsearch_package }}" @@ -88,18 +87,21 @@ - --strip-components=1 owner: elasticsearch group: elasticsearch + creates: "{{ mc_es_java_home }}" register: unarchive_result when: check_elasticsearch_package_result.matched > 0 - name: Copy elasticsearch config files to ES_PATH_CONF dir become: yes command: "cp -r {{ mc_es_home }}/config/. {{ mc_es_conf_base }}/" + when: unarchive_result.changed - name: Remove elasticsearch config dir become: yes file: path: "{{ mc_es_home }}/config" state: absent + when: unarchive_result.changed - name: Generate HA elasticsearch.yml template file become: yes @@ -150,7 +152,7 @@ - "{{ mc_es_data_dir }}" - "{{ mc_es_log_dir }}" - "{{ mc_es_home }}" - + - name: Start elasticsearch become: yes become_user: elasticsearch @@ -176,4 +178,4 @@ environment: JAVA_HOME: "{{ mc_es_java_home }}" register: install_searchguard_result - when: check_searchguard_bundle_result.matched == 1 \ No newline at end of file + when: check_searchguard_bundle_result.matched == 1 diff --git a/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/setup-searchguard.yml b/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/setup-searchguard.yml index 54fcaaf..92e206b 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/setup-searchguard.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/setup-searchguard.yml @@ -1,31 +1,18 @@ -- name: Copy elasticsearch certificate +- name: Copy elasticsearch cert files become: yes copy: mode: 0600 - src: files/searchguard/localhost.pem - dest: "{{ mc_es_conf_base }}/localhost.pem" - owner: elasticsearch - group: elasticsearch - -- name: Copy elasticsearch private key - become: yes - copy: - mode: 0600 - src: files/searchguard/localhost.key - dest: "{{ mc_es_conf_base }}/localhost.key" - owner: elasticsearch - group: elasticsearch - -- name: Copy searchguard root ca - become: yes - copy: - mode: 0600 - src: files/searchguard/root-ca.pem - dest: "{{ mc_es_conf_base }}/root-ca.pem" + src: "files/searchguard/{{ item }}" + dest: "{{ mc_es_conf_base }}/{{ item }}" owner: elasticsearch group: elasticsearch + loop: + - "localhost.pem" + - "localhost.key" + - "root-ca.pem" - name: Find searchguard bundle + become: yes find: paths: "{{ mc_home }}/app/third-party/elasticsearch/" patterns: "^search-guard-.+\\.zip$" @@ -46,50 +33,30 @@ register: install_searchguard_result when: check_searchguard_bundle_result.matched == 1 -- name: Copy searchguard admin certificate +- name: Copy searchguard certificate files become: yes copy: mode: 0600 - src: files/searchguard/sgadmin.pem - dest: "{{ mc_es_searchgaurd_home }}/tools/sgadmin.pem" + src: "files/searchguard/{{ item }}" + dest: "{{ mc_es_searchgaurd_home }}/tools/{{ item }}" owner: elasticsearch group: elasticsearch + loop: + - "sgadmin.pem" + - "sgadmin.key" + - "root-ca.pem" -- name: Copy searchguard admin private key +- name: Copy SG roles files become: yes copy: mode: 0600 - src: files/searchguard/sgadmin.key - dest: "{{ mc_es_searchgaurd_home }}/tools/sgadmin.key" - owner: elasticsearch - group: elasticsearch - -- name: Copy searchguard root ca - become: yes - copy: - mode: 0600 - src: files/searchguard/root-ca.pem - dest: "{{ mc_es_searchgaurd_home }}/tools/root-ca.pem" - owner: elasticsearch - group: elasticsearch - -- name: Copy roles template - become: yes - copy: - mode: 0600 - src: files/searchguard/sg_roles.yml - dest: "{{ mc_es_searchgaurd_home }}/sgconfig/sg_roles.yml" - owner: elasticsearch - group: elasticsearch - -- name: Copy roles template - become: yes - copy: - mode: 0600 - src: files/searchguard/sg_roles_mapping.yml - dest: "{{ mc_es_searchgaurd_home }}/sgconfig/sg_roles_mapping.yml" + src: "files/searchguard/{{ item }}" + dest: "{{ mc_es_searchgaurd_home }}/sgconfig/{{ item }}" owner: elasticsearch group: elasticsearch + loop: + - "sg_roles.yml" + - "sg_roles_mapping.yml" - name: Check execution bit become: yes @@ -97,4 +64,4 @@ path: "{{ mc_es_searchgaurd_home }}/tools/sgadmin.sh" owner: elasticsearch group: elasticsearch - mode: 0700 + mode: 0700 \ No newline at end of file diff --git a/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/upgrade-elasticsearch.yml b/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/upgrade-elasticsearch.yml index 527284e..fd51ce7 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/upgrade-elasticsearch.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/upgrade-elasticsearch.yml @@ -65,7 +65,6 @@ - name: Extract elasticsearch package become: yes - become_user: elasticsearch ignore_errors: yes unarchive: src: "{{ mc_elasticsearch_package }}" diff --git a/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/upgrade-searchguard.yml b/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/upgrade-searchguard.yml index cde3228..e8f0009 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/upgrade-searchguard.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/upgrade-searchguard.yml @@ -1,58 +1,27 @@ - name: Create elasticsearch config path folder become: yes file: - path: "{{ mc_es_conf_base }}/searchguard" + path: "{{ mc_es_conf_base }}" state: directory mode: 0755 owner: elasticsearch group: elasticsearch -- name: Copy elasticsearch certificate +- name: Copy elasticsearch cert files become: yes copy: mode: 0600 - src: files/searchguard/localhost.pem - dest: "{{ mc_es_conf_base }}/localhost.pem" - owner: elasticsearch - group: elasticsearch - -- name: Copy elasticsearch private key - become: yes - copy: - mode: 0600 - src: files/searchguard/localhost.key - dest: "{{ mc_es_conf_base }}/localhost.key" - owner: elasticsearch - group: elasticsearch - -- name: Copy searchguard admin certificate - become: yes - copy: - mode: 0600 - src: files/searchguard/sgadmin.pem - dest: "{{ mc_es_conf_base }}/searchguard/sgadmin.pem" - owner: elasticsearch - group: elasticsearch - -- name: Copy searchguard admin private key - become: yes - copy: - mode: 0600 - src: files/searchguard/sgadmin.key - dest: "{{ mc_es_conf_base }}/searchguard/sgadmin.key" - owner: elasticsearch - group: elasticsearch - -- name: Copy searchguard root ca - become: yes - copy: - mode: 0600 - src: files/searchguard/root-ca.pem - dest: "{{ mc_es_conf_base }}/root-ca.pem" + src: "files/searchguard/{{ item }}" + dest: "{{ mc_es_conf_base }}/{{ item }}" owner: elasticsearch group: elasticsearch + loop: + - "localhost.pem" + - "localhost.key" + - "root-ca.pem" - name: Find searchguard bundle + become: yes find: paths: "{{ mc_home }}/app/third-party/elasticsearch/" patterns: "^search-guard-.+\\.zip$" @@ -66,35 +35,42 @@ ignore_errors: yes shell: | {{ mc_es_script_path }}/elasticsearch-plugin install \ - -b file://{{ check_searchguard_bundle_result.files[0].path }} + -b file://{{ check_searchguard_bundle_result.files[0].path }} environment: JAVA_HOME: "{{ mc_es_java_home }}" ES_PATH_CONF: "{{ mc_es_conf_base }}/" register: install_searchguard_result when: check_searchguard_bundle_result.matched == 1 -- name: Copy roles template +- name: Copy searchguard cert files become: yes copy: mode: 0600 - src: files/searchguard/sg_roles.yml - dest: "{{ mc_es_home }}/plugins/search-guard-7/sgconfig/sg_roles.yml" + src: "files/searchguard/{{ item }}" + dest: "{{ mc_es_searchgaurd_home }}/tools/{{ item }}" owner: elasticsearch group: elasticsearch + loop: + - "sgadmin.pem" + - "sgadmin.key" + - "root-ca.pem" -- name: Copy roles template +- name: Copy SG roles files become: yes copy: mode: 0600 - src: files/searchguard/sg_roles_mapping.yml - dest: "{{ mc_es_home }}/plugins/search-guard-7/sgconfig/sg_roles_mapping.yml" + src: "files/searchguard/{{ item }}" + dest: "{{ mc_es_searchgaurd_home }}/sgconfig/{{ item }}" owner: elasticsearch group: elasticsearch + loop: + - "sg_roles.yml" + - "sg_roles_mapping.yml" - name: Check execution bit become: yes file: - path: "{{ mc_es_home }}/plugins/search-guard-7/tools/sgadmin.sh" + path: "{{ mc_es_searchgaurd_home }}/tools/sgadmin.sh" owner: elasticsearch group: elasticsearch mode: 0700 diff --git a/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/upgrade.yml b/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/upgrade.yml index b988568..28e8a87 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/upgrade.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/upgrade.yml @@ -2,12 +2,6 @@ - debug: msg: "Performing Upgrade of missionControl version - {{ missioncontrol_version }}" -- name: Stop mc service - become: yes - systemd: - name: "{{ mc_daemon }}" - state: stopped - - name: Download mc for upgrade unarchive: src: "{{ mc_tar }}" @@ -21,30 +15,42 @@ until: downloadmc is succeeded retries: 3 +- name: Stop mc service + become: yes + systemd: + name: "{{ mc_daemon }}" + state: stopped + when: downloadmc.changed + - name: Delete current app folder become: yes file: path: "{{ mc_home }}/app" state: absent + when: downloadmc.changed - name: Copy new app to mc app command: "cp -r {{ mc_untar_home }}/app/. {{ mc_home }}/app" become: yes + when: downloadmc.changed - name: Delete untar directory file: path: "{{ mc_untar_home }}" state: absent become: yes + when: downloadmc.changed - name: Upgrade elasticsearch import_tasks: upgrade-elasticsearch.yml + when: downloadmc.changed - name: Check if install.sh wrapper script exist become: yes stat: path: "{{ mc_install_script_path }}/install.sh" register: upgrade_wrapper_script + when: downloadmc.changed - name: Include interactive installer scripts include_vars: script/archive.yml @@ -55,11 +61,13 @@ exp_executable_cmd: "./install.sh -u {{ mc_user }} -g {{ mc_group }}" exp_dir: "{{ mc_install_script_path }}" exp_scenarios: "{{ mc_installer_scenario['main'] }}" - args: + args: apply: - environment: - YQ_PATH: "{{ mc_thirdparty_path }}/yq" - when: upgrade_wrapper_script.stat.exists + environment: + YQ_PATH: "{{ mc_thirdparty_path }}/yq" + when: + - upgrade_wrapper_script.stat.exists + - downloadmc.changed - name: Configure installer info become: yes @@ -68,11 +76,21 @@ dest: "{{ mc_home }}/var/etc/info/installer-info.json" notify: restart missioncontrol +- name: Check if systemyaml exists + become: yes + stat: + path: "{{ mc_home }}/var/etc/system.yaml" + register: systemyaml + - name: Configure systemyaml + become: yes template: src: "{{ mc_system_yaml_template }}" dest: "{{ mc_home }}/var/etc/system.yaml" - become: yes + when: + - mc_systemyaml is defined + - mc_systemyaml|length > 0 + - mc_systemyaml_override or (not systemyaml.stat.exists) notify: restart missioncontrol - name: Update correct permissions @@ -83,14 +101,14 @@ recurse: yes owner: "{{ mc_user }}" group: "{{ mc_group }}" - mode: '0755' - name: Restart missioncontrol meta: flush_handlers -- name : Wait for missionControl to be fully deployed +- name : Wait for missionControl to be fully deployed uri: url=http://127.0.0.1:8082/router/api/v1/system/health timeout=130 register: result until: result.status == 200 retries: 25 - delay: 5 \ No newline at end of file + delay: 5 + when: not ansible_check_mode diff --git a/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/templates/installer-info.json.j2 b/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/templates/installer-info.json.j2 index 5e02d5b..b99ddbe 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/templates/installer-info.json.j2 +++ b/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/templates/installer-info.json.j2 @@ -1,6 +1,6 @@ {{ ansible_managed | comment }} { - "productId": "Ansible_MissionControl/{{ platform_collection_version }}-{{ missionControl_version }}", + "productId": "Ansible_Missioncontrol/{{ platform_collection_version }}-{{ missioncontrol_version }}", "features": [ { "featureId": "Channel/{{ ansible_marketplace }}" diff --git a/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/templates/system.yaml.j2 b/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/templates/system.yaml.j2 index 5c51aae..09ad5eb 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/templates/system.yaml.j2 +++ b/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/templates/system.yaml.j2 @@ -1,3 +1 @@ -{% if (mc_systemyaml) and (mc_systemyaml|length > 0) %} -{{ mc_systemyaml }} -{% endif %} \ No newline at end of file +{{ mc_systemyaml }} \ No newline at end of file diff --git a/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/vars/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/vars/main.yml index ed97d53..dafb8b2 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/vars/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/vars/main.yml @@ -1 +1,6 @@ --- +# platform collection version +platform_collection_version: 7.19.4 + +# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone) +ansible_marketplace: galaxy \ No newline at end of file diff --git a/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/Debian.yml b/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/Debian.yml index 948ac74..08f2d3f 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/Debian.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/Debian.yml @@ -12,15 +12,15 @@ - name: add postgres apt key become: yes apt_key: - url: https://www.postgresql.org/media/keys/ACCC4CF8.asc - id: "0x7FCC7D46ACCC4CF8" + url: "{{ postgres_apt_key_url }}" + id: "{{ postgres_apt_key_id }}" validate_certs: no state: present - name: register APT repository become: yes apt_repository: - repo: deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main + repo: "{{ postgres_apt_repository_repo }}" state: present filename: pgdg diff --git a/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/main.yml index 59612e5..92b4d95 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/main.yml @@ -4,7 +4,7 @@ - name: perform installation include_tasks: "{{ ansible_os_family }}.yml" - + - name: Set PostgreSQL environment variables. become: yes template: @@ -96,7 +96,7 @@ become: yes become_user: postgres postgresql_privs: - database: "{{ mc_db_name}}" + database: "{{ mc_db_name }}" privs: ALL type: schema roles: "{{ mc_db_user }}" diff --git a/Ansible/ansible_collections/jfrog/platform/roles/postgres/vars/Debian.yml b/Ansible/ansible_collections/jfrog/platform/roles/postgres/vars/Debian.yml index 122f95f..8c2321d 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/postgres/vars/Debian.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/postgres/vars/Debian.yml @@ -4,3 +4,6 @@ postgresql_bin_path: "/usr/lib/postgresql/{{ postgres_version }}/bin" postgresql_config_path: "/etc/postgresql/{{ postgres_version }}/main" postgresql_daemon: postgresql@{{ postgres_version}}-main postgresql_external_pid_file: "/var/run/postgresql/{{ postgres_version }}-main.pid" +postgres_apt_key_url: "https://www.postgresql.org/media/keys/ACCC4CF8.asc" +postgres_apt_key_id: "0x7FCC7D46ACCC4CF8" +postgres_apt_repository_repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main" \ No newline at end of file diff --git a/Ansible/ansible_collections/jfrog/platform/roles/xray/defaults/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/xray/defaults/main.yml index afafb02..82be97b 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/xray/defaults/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/xray/defaults/main.yml @@ -1,7 +1,8 @@ --- # defaults file for xray -# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone) -ansible_marketplace: standalone + +# The version of xray to install +xray_version: 3.25.1 # whether to enable HA xray_ha_enabled: false @@ -21,6 +22,7 @@ xray_home: "{{ jfrog_home_directory }}/xray" xray_install_script_path: "{{ xray_home }}/app/bin" xray_thirdparty_path: "{{ xray_home }}/app/third-party" xray_archive_service_cmd: "{{ xray_install_script_path }}/installService.sh" +xray_service_file : /lib/systemd/system/xray.service #xray users and groups xray_user: xray @@ -102,3 +104,6 @@ xray_systemyaml: |- router: entrypoints: internalPort: 8046 + +# Note: xray_systemyaml_override is by default false, if you want to change default xray_systemyaml +xray_systemyaml_override: false diff --git a/Ansible/ansible_collections/jfrog/platform/roles/xray/tasks/install.yml b/Ansible/ansible_collections/jfrog/platform/roles/xray/tasks/install.yml index d279367..0b48c79 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/xray/tasks/install.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/xray/tasks/install.yml @@ -62,7 +62,7 @@ command: "cp -r {{ xray_untar_home }}/. {{ xray_home }}" when: not app_dir_check.stat.exists -- name: Create required directories +- name: Create required directories become: yes file: path: "{{ item }}" @@ -79,8 +79,7 @@ become: yes copy: dest: "{{ xray_home }}/var/etc/security/master.key" - content: | - {{ master_key }} + content: "{{ master_key }}" owner: "{{ xray_user }}" group: "{{ xray_group }}" mode: 0640 @@ -108,12 +107,11 @@ exp_executable_cmd: "./install.sh -u {{ xray_user }} -g {{ xray_group }}" exp_dir: "{{ xray_install_script_path }}" exp_scenarios: "{{ xray_installer_scenario['main'] }}" - args: + args: apply: - environment: - YQ_PATH: "{{ xray_thirdparty_path }}/yq" + environment: + YQ_PATH: "{{ xray_thirdparty_path }}/yq" when: install_wrapper_script.stat.exists - ignore_errors: yes - name: Configure rabbitmq config become: yes @@ -122,11 +120,21 @@ dest: "{{ xray_home }}/app/bin/rabbitmq/rabbitmq.conf" notify: restart xray +- name: Check if systemyaml exists + become: yes + stat: + path: "{{ xray_home }}/var/etc/system.yaml" + register: systemyaml + - name: Configure systemyaml become: yes template: src: "{{ xray_system_yaml_template }}" dest: "{{ xray_home }}/var/etc/system.yaml" + when: + - xray_systemyaml is defined + - xray_systemyaml|length > 0 + - xray_systemyaml_override or (not systemyaml.stat.exists) notify: restart xray - name: Configure installer info @@ -151,15 +159,16 @@ {{ xray_archive_service_cmd }} args: chdir: "{{ xray_install_script_path }}" + creates: "{{ xray_service_file }}" register: check_service_status_result - ignore_errors: yes - name: Restart xray meta: flush_handlers -- name : Wait for xray to be fully deployed +- name : Wait for xray to be fully deployed uri: url=http://127.0.0.1:8082/router/api/v1/system/health timeout=130 register: result until: result.status == 200 retries: 25 delay: 5 + when: not ansible_check_mode diff --git a/Ansible/ansible_collections/jfrog/platform/roles/xray/tasks/upgrade.yml b/Ansible/ansible_collections/jfrog/platform/roles/xray/tasks/upgrade.yml index 3db9b00..3c68a5b 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/xray/tasks/upgrade.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/xray/tasks/upgrade.yml @@ -2,12 +2,6 @@ - debug: msg: "Performing upgrade of Xray version to {{ xray_version }}..." -- name: stop xray - become: yes - systemd: - name: "{{ xray_daemon }}" - state: stopped - - name: download xray for upgrade become: yes unarchive: @@ -17,28 +11,40 @@ owner: "{{ xray_user }}" group: "{{ xray_group }}" creates: "{{ xray_untar_home }}" - register: downloadxray until: downloadxray is succeeded retries: 3 +- name: stop xray + become: yes + systemd: + name: "{{ xray_daemon }}" + state: stopped + when: downloadxray.changed + - name: Delete xray app become: yes file: path: "{{ xray_home }}/app" state: absent + when: downloadxray.changed - name: Copy new app to xray app become: yes command: "cp -r {{ xray_untar_home }}/app/. {{ xray_home }}/app" + when: downloadxray.changed - name: Upgrade rabbitmq import_tasks: rabbitmq/upgrade/RedHat.yml - when: ansible_os_family == 'RedHat' + when: + - ansible_os_family == 'RedHat' + - downloadxray.changed - name: Upgrade rabbitmq import_tasks: rabbitmq/upgrade/Debian.yml - when: ansible_os_family == 'Debian' + when: + - ansible_os_family == 'Debian' + - downloadxray.changed - name: Check if install.sh wrapper script exist become: yes @@ -55,25 +61,38 @@ exp_executable_cmd: "./install.sh -u {{ xray_user }} -g {{ xray_group }}" exp_dir: "{{ xray_install_script_path }}" exp_scenarios: "{{ xray_installer_scenario['main'] }}" - args: + args: apply: - environment: - YQ_PATH: "{{ xray_thirdparty_path }}/yq" - when: install_wrapper_script.stat.exists - ignore_errors: yes + environment: + YQ_PATH: "{{ xray_thirdparty_path }}/yq" + when: + - install_wrapper_script.stat.exists + - downloadxray.changed - name: Configure rabbitmq config become: yes template: src: "rabbitmq.conf.j2" dest: "{{ xray_home }}/app/bin/rabbitmq/rabbitmq.conf" + when: + - downloadxray.changed notify: restart xray +- name: Check if systemyaml exists + become: yes + stat: + path: "{{ xray_home }}/var/etc/system.yaml" + register: systemyaml + - name: Configure systemyaml become: yes template: src: "{{ xray_system_yaml_template }}" dest: "{{ xray_home }}/var/etc/system.yaml" + when: + - xray_systemyaml is defined + - xray_systemyaml|length > 0 + - xray_systemyaml_override or (not systemyaml.stat.exists) notify: restart xray - name: configure installer info @@ -92,21 +111,13 @@ group: "{{ xray_group }}" recurse: yes -- name: Install xray as a service - become: yes - shell: | - {{ xray_archive_service_cmd }} - args: - chdir: "{{ xray_install_script_path }}" - register: check_service_status_result - ignore_errors: yes - - name: Restart xray meta: flush_handlers -- name : wait for xray to be fully deployed +- name : wait for xray to be fully deployed uri: url=http://127.0.0.1:8082/router/api/v1/system/health timeout=130 register: result until: result.status == 200 retries: 25 - delay: 5 \ No newline at end of file + delay: 5 + when: not ansible_check_mode diff --git a/Ansible/ansible_collections/jfrog/platform/roles/xray/vars/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/xray/vars/main.yml index 55363e6..dafb8b2 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/xray/vars/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/xray/vars/main.yml @@ -1,2 +1,6 @@ --- -# vars file for xray \ No newline at end of file +# platform collection version +platform_collection_version: 7.19.4 + +# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone) +ansible_marketplace: galaxy \ No newline at end of file