zware/JFrog-Cloud-Installers
1
0
Fork 0
mirror of https://github.com/ZwareBear/JFrog-Cloud-Installers.git synced 2026-01-21 02:06:56 -06:00
Code Issues Packages Projects Releases Wiki Activity

[ansible] JFrog Platform 7.19.4 (#124)

Browse Source
This commit is contained in:
Ram Mohan Rao Chukka
2021-05-30 20:51:17 +05:30
committed by GitHub
parent c5478f8840
commit 5b9899995b
38 changed files with 399 additions and 310 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
Ansible/ansible_collections/jfrog/platform/roles/artifactory/defaults/main.yml
View File

@@ -1,7 +1,8 @@
---
# defaults file for artifactory
# indicates where this collection was downloaded from (galaxy, automation_hub, standalone)
ansible_marketplace: standalone
# The version of artifactory to install
artifactory_version: 7.19.4
# Set this to true when SSL is enabled (to use artifactory_nginx_ssl role), default to false (implies artifactory uses artifactory_nginx role )
artifactory_nginx_ssl_enabled: false
@@ -30,9 +31,6 @@ artifactory_taskAffinity: any
# The location where Artifactory should install.
jfrog_home_directory: /opt/jfrog
# The location where Artifactory should store data.
artifactory_file_store_dir: /data
# Pick the Artifactory flavour to install, can be also cpp-ce, jcr, pro.
artifactory_flavour: pro
@@ -42,7 +40,8 @@ artifactory_tar: https://releases.jfrog.io/artifactory/artifactory-pro/org/artif
artifactory_home: "{{ jfrog_home_directory }}/artifactory"
artifactory_untar_home: "{{ jfrog_home_directory }}/artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}"
postgres_driver_download_url: https://repo1.maven.org/maven2/org/postgresql/postgresql/42.2.20/postgresql-42.2.20.jar
postgres_driver_version: 42.2.20
postgres_driver_download_url: https://repo1.maven.org/maven2/org/postgresql/postgresql/{{ postgres_driver_version }}/postgresql-{{ postgres_driver_version }}.jar
artifactory_user: artifactory
artifactory_group: artifactory
@@ -59,6 +58,7 @@ artifactory_upgrade_only: false
artifactory_admin_username: admin
artifactory_admin_password: password
artifactory_service_file : /lib/systemd/system/artifactory.service
# Provide binarystore XML content below with 2-space indentation
artifactory_binarystore: |-
@@ -71,6 +71,8 @@ artifactory_binarystore: |-
artifactory_systemyaml: |-
configVersion: 1
shared:
security:
joinKey: "{{ join_key }}"
extraJavaOpts: "{{ artifactory_extra_java_opts }}"
node:
id: {{ ansible_hostname }}
@@ -86,3 +88,6 @@ artifactory_systemyaml: |-
router:
entrypoints:
internalPort: 8046
# Note: artifactory_systemyaml_override is by default false, if you want to change default artifactory_systemyaml
artifactory_systemyaml_override: false

2
Ansible/ansible_collections/jfrog/platform/roles/artifactory/meta/main.yml
View File

@@ -1,6 +1,6 @@
galaxy_info:
author: "JFrog Maintainers Team <installers@jfrog.com>"
description: "The artifactory role installs the Artifactory Pro software onto the host. Per the Vars below, it will configure a node as primary or secondary. This role uses secondary roles artifactory_nginx to install nginx."
description: "The artifactory role installs the Artifactory Pro software onto the host."
company: JFrog
issue_tracker_url: "https://github.com/jfrog/JFrog-Cloud-Installers/issues"

65
Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/install.yml
View File

@@ -5,12 +5,16 @@
- name: install nginx
include_role:
name: artifactory_nginx
when: artifactory_nginx_enabled == true
when:
- artifactory_nginx_enabled | bool
- not artifactory_nginx_ssl_enabled | bool
- name: install nginx with SSL
include_role:
name: artifactory_nginx_ssl
when: artifactory_nginx_ssl_enabled == true
when:
- not artifactory_nginx_enabled | bool
- artifactory_nginx_ssl_enabled | bool
- name: Ensure group artifactory exist
become: yes
@@ -55,7 +59,7 @@
command: "cp -r {{ artifactory_untar_home }}/. {{ artifactory_home }}"
when: not app_dir_check.stat.exists
- name: Create required directories
- name: Create required directories
become: yes
file:
path: "{{ item }}"
@@ -64,40 +68,37 @@
owner: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
loop:
- "{{ artifactory_file_store_dir }}"
- "{{ artifactory_home }}/var/data"
- "{{ artifactory_home }}/var/etc"
- "{{ artifactory_home }}/var/etc/security/"
- "{{ artifactory_home }}/var/etc/artifactory/info/"
- name: Check if systemyaml exists
become: yes
stat:
path: "{{ artifactory_home }}/var/etc/system.yaml"
register: systemyaml
- name: Configure systemyaml
become: yes
template:
src: "{{ artifactory_system_yaml_template }}"
dest: "{{ artifactory_home }}/var/etc/system.yaml"
when:
- artifactory_systemyaml is defined
- artifactory_systemyaml|length > 0
- artifactory_systemyaml_override or (not systemyaml.stat.exists)
notify: restart artifactory
- name: Configure master key
become: yes
copy:
dest: "{{ artifactory_home }}/var/etc/security/master.key"
content: |
{{ master_key }}
content: "{{ master_key }}"
owner: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
mode: 0640
- name: Configure join key
become: yes
copy:
dest: "{{ artifactory_home }}/var/etc/security/join.key"
content: |
{{ join_key }}
owner: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
mode: 0640
notify: restart artifactory
- name: Configure installer info
become: yes
template:
@@ -110,6 +111,9 @@
template:
src: binarystore.xml.j2
dest: "{{ artifactory_home }}/var/etc/artifactory/binarystore.xml"
when:
- artifactory_binarystore is defined
- artifactory_binarystore|length > 0
notify: restart artifactory
- name: Configure single license
@@ -117,17 +121,27 @@
template:
src: artifactory.lic.j2
dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.lic"
when: artifactory_single_license is defined
when:
- artifactory_single_license is defined
- artifactory_single_license|length > 0
notify: restart artifactory
- name: Configure HA licenses
- name: Configure HA licenses
become: yes
template:
src: artifactory.cluster.license.j2
dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.cluster.license"
when: artifactory_licenses is defined
when:
- artifactory_licenses is defined
- artifactory_licenses|length > 0
notify: restart artifactory
- name: Check if database driver exists
become: yes
stat:
path: "{{ artifactory_home }}/app/artifactory/tomcat/lib/jf_postgresql-{{ postgres_driver_version }}.jar"
register: database_driver
- name: Download database driver
become: yes
get_url:
@@ -135,13 +149,17 @@
dest: "{{ artifactory_home }}/var/bootstrap/artifactory/tomcat/lib"
owner: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
when: postgres_driver_download_url is defined
when:
- postgres_driver_download_url is defined
- not database_driver.stat.exists
notify: restart artifactory
- name: Create artifactory service
become: yes
shell: "{{ artifactory_home }}/app/bin/installService.sh"
args:
creates: "{{ artifactory_service_file }}"
- name: Ensure permissions are correct
become: yes
file:
@@ -153,9 +171,10 @@
- name: Restart artifactory
meta: flush_handlers
- name : Wait for artifactory to be fully deployed
- name : Wait for artifactory to be fully deployed
uri: url=http://127.0.0.1:8082/router/api/v1/system/health timeout=130
register: result
until: result.status == 200
retries: 25
delay: 5
when: not ansible_check_mode

82
Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/upgrade.yml
View File

@@ -2,18 +2,6 @@
- debug:
msg: "Performing upgrade of Artifactory version to : {{ artifactory_version }} "
- name: Stop artifactory
become: yes
systemd:
name: "{{ artifactory_daemon }}"
state: stopped
- name: Ensure jfrog_home_directory exists
become: yes
file:
path: "{{ jfrog_home_directory }}"
state: directory
- name: Download artifactory for upgrade
become: yes
unarchive:
@@ -28,41 +16,67 @@
until: downloadartifactory is succeeded
retries: 3
- name: Stop artifactory
become: yes
systemd:
name: "{{ artifactory_daemon }}"
state: stopped
when: downloadartifactory.changed
- name: Ensure jfrog_home_directory exists
become: yes
file:
path: "{{ jfrog_home_directory }}"
state: directory
- name: Delete artifactory app directory
become: yes
file:
path: "{{ artifactory_home }}/app"
state: absent
when: downloadartifactory.changed
- name: Copy new app to artifactory app
become: yes
command: "cp -r {{ artifactory_untar_home }}/app/. {{ artifactory_home }}/app"
- name: Configure join key
become: yes
copy:
dest: "{{ artifactory_home }}/var/etc/security/join.key"
content: |
{{ join_key }}
owner: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
mode: 0640
notify: restart artifactory
when: downloadartifactory.changed
- name: Configure single license
become: yes
template:
src: artifactory.lic.j2
dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.lic"
when: artifactory_single_license is defined
when:
- artifactory_single_license is defined
- artifactory_single_license|length > 0
notify: restart artifactory
- name: Configure HA licenses
- name: Configure HA licenses
become: yes
template:
src: artifactory.cluster.license.j2
dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.cluster.license"
when: artifactory_licenses is defined
when:
- artifactory_licenses is defined
- artifactory_licenses|length > 0
notify: restart artifactory
- name: Check if database driver exists
become: yes
stat:
path: "{{ artifactory_home }}/app/artifactory/tomcat/lib/jf_postgresql-{{ postgres_driver_version }}.jar"
register: database_driver
- name: Download database driver
become: yes
get_url:
url: "{{ postgres_driver_download_url }}"
dest: "{{ artifactory_home }}/var/bootstrap/artifactory/tomcat/lib"
owner: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
when:
- postgres_driver_download_url is defined
- not database_driver.stat.exists
notify: restart artifactory
- name: Configure installer info
@@ -77,13 +91,26 @@
template:
src: binarystore.xml.j2
dest: "{{ artifactory_home }}/var/etc/artifactory/binarystore.xml"
when:
- artifactory_binarystore is defined
- artifactory_binarystore|length > 0
notify: restart artifactory
- name: Check if systemyaml exists
become: yes
stat:
path: "{{ artifactory_home }}/var/etc/system.yaml"
register: systemyaml
- name: Configure systemyaml
become: yes
template:
src: "{{ artifactory_system_yaml_template }}"
dest: "{{ artifactory_home }}/var/etc/system.yaml"
when:
- artifactory_systemyaml is defined
- artifactory_systemyaml|length > 0
- artifactory_systemyaml_override or (not systemyaml.stat.exists)
notify: restart artifactory
- name: Ensure permissions are correct
@@ -97,9 +124,10 @@
- name: Restart artifactory
meta: flush_handlers
- name : Wait for artifactory to be fully deployed
- name : Wait for artifactory to be fully deployed
uri: url=http://127.0.0.1:8082/router/api/v1/system/health timeout=130
register: result
until: result.status == 200
retries: 25
delay: 5
when: not ansible_check_mode

4
Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/artifactory.cluster.license.j2
View File

@@ -1,3 +1 @@
{% if (artifactory_licenses) and (artifactory_licenses|length > 0) %}
{{ artifactory_licenses }}
{% endif %}
{{ artifactory_licenses }}

4
Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/artifactory.lic.j2
View File

@@ -1,3 +1 @@
{% if (artifactory_single_license) and (artifactory_single_license|length > 0) %}
{{ artifactory_single_license }}
{% endif %}
{{ artifactory_single_license }}

4
Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/binarystore.xml.j2
View File

@@ -1,3 +1 @@
{% if (artifactory_binarystore) and (artifactory_binarystore|length > 0) %}
{{ artifactory_binarystore }}
{% endif %}
{{ artifactory_binarystore }}

4
Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/system.yaml.j2
View File

@@ -1,3 +1 @@
{% if (artifactory_systemyaml) and (artifactory_systemyaml|length > 0) %}
{{ artifactory_systemyaml }}
{% endif %}
{{ artifactory_systemyaml }}

6
Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/main.yml Normal file
View File

@@ -0,0 +1,6 @@
---
# platform collection version
platform_collection_version: 7.19.4
# indicates where this collection was downloaded from (galaxy, automation_hub, standalone)
ansible_marketplace: galaxy

9
Ansible/ansible_collections/jfrog/platform/roles/distribution/defaults/main.yml
View File

@@ -1,7 +1,8 @@
---
# defaults file for distribution
# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone)
ansible_marketplace: standalone
# The version of distribution to install
distribution_version: 2.7.1
# whether to enable HA
distribution_ha_enabled: false
@@ -21,6 +22,7 @@ distribution_home: "{{ jfrog_home_directory }}/distribution"
distribution_install_script_path: "{{ distribution_home }}/app/bin"
distribution_thirdparty_path: "{{ distribution_home }}/app/third-party"
distribution_archive_service_cmd: "{{ distribution_install_script_path }}/installService.sh"
distribution_service_file: /lib/systemd/system/distribution.service
#distribution users and groups
distribution_user: distribution
@@ -64,3 +66,6 @@ distribution_systemyaml: |-
router:
entrypoints:
internalPort: 8046
# Note: distribution_systemyaml_override is by default false, if you want to change default distribution_systemyaml
distribution_systemyaml_override: false

40
Ansible/ansible_collections/jfrog/platform/roles/distribution/tasks/install.yml
View File

@@ -9,7 +9,7 @@
become: yes
when: ansible_os_family == 'Redhat'
- name: Install expect dependency
- name: Install expect dependency
apt:
name: expect
state: present
@@ -17,7 +17,7 @@
become: yes
when: ansible_os_family == 'Debian'
- name: Ensure group jfdistribution exist
- name: Ensure group distribution exist
become: yes
group:
name: "{{ distribution_group }}"
@@ -59,7 +59,7 @@
command: "cp -r {{ distribution_untar_home }}/. {{ distribution_home }}"
when: not app_dir_check.stat.exists
- name: Create required directories
- name: Create required directories
become: yes
file:
path: "{{ item }}"
@@ -77,8 +77,7 @@
become: yes
copy:
dest: "{{ distribution_home }}/var/etc/security/master.key"
content: |
{{ master_key }}
content: "{{ master_key }}"
owner: "{{ distribution_user }}"
group: "{{ distribution_group }}"
mode: 0640
@@ -98,10 +97,10 @@
exp_executable_cmd: "./install.sh -u {{ distribution_user }} -g {{ distribution_group }}"
exp_dir: "{{ distribution_install_script_path }}"
exp_scenarios: "{{ distribution_installer_scenario['main'] }}"
args:
args:
apply:
environment:
YQ_PATH: "{{ distribution_thirdparty_path }}/yq"
environment:
YQ_PATH: "{{ distribution_thirdparty_path }}/yq"
when: install_wrapper_script.stat.exists
- name: Configure redis config
@@ -111,11 +110,21 @@
dest: "{{ distribution_home }}/var/etc/redis/redis.conf"
notify: restart distribution
- name: Check if systemyaml exists
become: yes
stat:
path: "{{ distribution_home }}/var/etc/system.yaml"
register: systemyaml
- name: Configure systemyaml
become: yes
template:
src: "{{ distribution_system_yaml_template }}"
dest: "{{ distribution_home }}/var/etc/system.yaml"
when:
- distribution_systemyaml is defined
- distribution_systemyaml|length > 0
- distribution_systemyaml_override or (not systemyaml.stat.exists)
notify: restart distribution
- name: Configure installer info
@@ -133,7 +142,6 @@
recurse: yes
owner: "{{ distribution_user }}"
group: "{{ distribution_group }}"
mode: '0755'
- name: Install Distribution as a service
become: yes
@@ -141,15 +149,25 @@
{{ distribution_archive_service_cmd }}
args:
chdir: "{{ distribution_install_script_path }}"
creates: "{{ distribution_service_file }}"
register: check_service_status_result
ignore_errors: yes
- name: Update distribution permissions
become: yes
file:
path: "{{ distribution_home }}"
state: directory
recurse: yes
owner: "{{ distribution_user }}"
group: "{{ distribution_group }}"
- name: Restart distribution
meta: flush_handlers
- name : Wait for distribution to be fully deployed
- name : Wait for distribution to be fully deployed
uri: url=http://127.0.0.1:8082/router/api/v1/system/health timeout=130
register: result
until: result.status == 200
retries: 25
delay: 5
when: not ansible_check_mode

51
Ansible/ansible_collections/jfrog/platform/roles/distribution/tasks/upgrade.yml
View File

@@ -2,12 +2,6 @@
- debug:
msg: "Performing upgrade of Distribution version to {{ distribution_version }} "
- name: Stop distribution
become: yes
systemd:
name: "{{ distribution_daemon }}"
state: stopped
- name: Download distribution for upgrade
become: yes
unarchive:
@@ -21,21 +15,31 @@
until: downloaddistribution is succeeded
retries: 3
- name: Stop distribution
become: yes
systemd:
name: "{{ distribution_daemon }}"
state: stopped
when: downloaddistribution.changed
- name: Delete distribution app
become: yes
file:
path: "{{ distribution_home }}/app"
state: absent
when: downloaddistribution.changed
- name: Copy new app to distribution app
become: yes
command: "cp -r {{ distribution_untar_home }}/app/. {{ distribution_home }}/app"
when: downloaddistribution.changed
- name: Check if install.sh wrapper script exist
become: yes
stat:
path: "{{ distribution_install_script_path }}/install.sh"
register: install_wrapper_script
when: downloaddistribution.changed
- name: Include interactive installer scripts
include_vars: script/archive.yml
@@ -46,11 +50,13 @@
exp_executable_cmd: "./install.sh -u {{ distribution_user }} -g {{ distribution_group }}"
exp_dir: "{{ distribution_install_script_path }}"
exp_scenarios: "{{ distribution_installer_scenario['main'] }}"
args:
args:
apply:
environment:
YQ_PATH: "{{ distribution_thirdparty_path }}/yq"
when: install_wrapper_script.stat.exists
environment:
YQ_PATH: "{{ distribution_thirdparty_path }}/yq"
when:
- install_wrapper_script.stat.exists
- downloaddistribution.changed
- name: Ensure {{ distribution_home }}/var/etc/redis exists
become: yes
@@ -74,14 +80,24 @@
dest: "{{ distribution_home }}/var/etc/info/installer-info.json"
notify: restart distribution
- name: Check if systemyaml exists
become: yes
stat:
path: "{{ distribution_home }}/var/etc/system.yaml"
register: systemyaml
- name: Configure systemyaml
become: yes
template:
src: "{{ distribution_system_yaml_template }}"
dest: "{{ distribution_home }}/var/etc/system.yaml"
when:
- distribution_systemyaml is defined
- distribution_systemyaml|length > 0
- distribution_systemyaml_override or (not systemyaml.stat.exists)
notify: restart distribution
- name: Update Distribution base dir owner and group
- name: Update distribution permissions
become: yes
file:
path: "{{ distribution_home }}"
@@ -89,23 +105,14 @@
recurse: yes
owner: "{{ distribution_user }}"
group: "{{ distribution_group }}"
mode: '0755'
- name: Install Distribution as a service
become: yes
shell: |
{{ distribution_archive_service_cmd }}
args:
chdir: "{{ distribution_install_script_path }}"
register: check_service_status_result
ignore_errors: yes
- name: Restart distribution
meta: flush_handlers
- name : Wait for distribution to be fully deployed
- name : Wait for distribution to be fully deployed
uri: url=http://127.0.0.1:8082/router/api/v1/system/health timeout=130
register: result
until: result.status == 200
retries: 25
delay: 5
when: not ansible_check_mode

4
Ansible/ansible_collections/jfrog/platform/roles/distribution/templates/system.yaml.j2
View File

@@ -1,3 +1 @@
{% if (distribution_systemyaml) and (distribution_systemyaml|length > 0) %}
{{ distribution_systemyaml }}
{% endif %}
{{ distribution_systemyaml }}

4
Ansible/ansible_collections/jfrog/platform/roles/distribution/vars/main.yml
View File

@@ -1,2 +1,6 @@
---
# platform collection version
platform_collection_version: 7.19.4
# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone)
ansible_marketplace: galaxy

14
Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/defaults/main.yml
View File

@@ -1,7 +1,8 @@
---
# defaults file for mc
# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone)
ansible_marketplace: standalone
# The version of missioncontrol to install
missioncontrol_version: 4.7.4
# whether to enable HA
mc_ha_enabled: false
@@ -12,16 +13,16 @@ mc_ha_node_type : master
jfrog_home_directory: /opt/jfrog
# The remote mc download file
mc_tar: https://releases.jfrog.io/artifactory/jfrog-mc/linux/{{ missionControl_version }}/jfrog-mc-{{ missionControl_version }}-linux.tar.gz
mc_tar: https://releases.jfrog.io/artifactory/jfrog-mc/linux/{{ missioncontrol_version }}/jfrog-mc-{{ missioncontrol_version }}-linux.tar.gz
#The mc install directory
mc_untar_home: "{{ jfrog_home_directory }}/jfrog-mc-{{ missionControl_version }}-linux"
mc_untar_home: "{{ jfrog_home_directory }}/jfrog-mc-{{ missioncontrol_version }}-linux"
mc_home: "{{ jfrog_home_directory }}/mc"
mc_install_script_path: "{{ mc_home }}/app/bin"
mc_thirdparty_path: "{{ mc_home }}/app/third-party"
mc_archive_service_cmd: "{{ mc_install_script_path }}/installService.sh"
mc_service_file : /lib/systemd/system/mc.service
#mc users and groups
mc_user: jfmc
@@ -94,3 +95,6 @@ mc_systemyaml: |-
router:
entrypoints:
internalPort: 8046
# Note: mc_systemyaml_override is by default false, if you want to change default mc_systemyaml
mc_systemyaml_override: false

4
Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/meta/main.yml
View File

@@ -1,6 +1,6 @@
galaxy_info:
author: "JFrog Maintainers Team <installers@jfrog.com>"
description: "The missionControl role will install missionControl software onto the host. An Artifactory server and Postgress database is required."
description: "The missioncontrol role will install missioncontrol software onto the host. An Artifactory server and Postgress database is required."
company: JFrog
issue_tracker_url: "https://github.com/jfrog/JFrog-Cloud-Installers/issues"
@@ -10,7 +10,7 @@ galaxy_info:
min_ansible_version: 2.9
galaxy_tags:
- missionControl
- missioncontrol
- jfrog
dependencies: []

31
Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/install.yml
View File

@@ -9,7 +9,7 @@
state: present
when: ansible_os_family == 'Redhat'
- name: Install expect dependency
- name: Install expect dependency
become: yes
apt:
name: expect
@@ -59,7 +59,7 @@
command: "cp -r {{ mc_untar_home }}/. {{ mc_home }}"
when: not app_dir_check.stat.exists
- name: Create required directories
- name: Create required directories
become: yes
file:
path: "{{ item }}"
@@ -76,8 +76,7 @@
become: yes
copy:
dest: "{{ mc_home }}/var/etc/security/master.key"
content: |
{{ master_key }}
content: "{{ master_key }}"
owner: "{{ mc_user }}"
group: "{{ mc_group }}"
mode: 0640
@@ -100,10 +99,10 @@
exp_executable_cmd: "./install.sh -u {{ mc_user }} -g {{ mc_group }}"
exp_dir: "{{ mc_install_script_path }}"
exp_scenarios: "{{ mc_installer_scenario['main'] }}"
args:
args:
apply:
environment:
YQ_PATH: "{{ mc_thirdparty_path }}/yq"
environment:
YQ_PATH: "{{ mc_thirdparty_path }}/yq"
when: install_wrapper_script.stat.exists
- name: Configure installer info
@@ -113,11 +112,21 @@
dest: "{{ mc_home }}/var/etc/info/installer-info.json"
notify: restart missioncontrol
- name: Check if systemyaml exists
become: yes
stat:
path: "{{ mc_home }}/var/etc/system.yaml"
register: systemyaml
- name: Configure systemyaml
become: yes
template:
src: "{{ mc_system_yaml_template }}"
dest: "{{ mc_home }}/var/etc/system.yaml"
when:
- mc_systemyaml is defined
- mc_systemyaml|length > 0
- mc_systemyaml_override or (not systemyaml.stat.exists)
notify: restart missioncontrol
- name: Update correct permissions
@@ -128,7 +137,6 @@
recurse: yes
owner: "{{ mc_user }}"
group: "{{ mc_group }}"
mode: '0755'
- name: Install mc as a service
become: yes
@@ -136,15 +144,16 @@
{{ mc_archive_service_cmd }}
args:
chdir: "{{ mc_install_script_path }}"
creates: "{{ mc_service_file }}"
register: check_service_status_result
ignore_errors: yes
- name: Restart missioncontrol
meta: flush_handlers
- name : Wait for missionControl to be fully deployed
- name : Wait for missionControl to be fully deployed
uri: url=http://127.0.0.1:8082/router/api/v1/system/health timeout=130
register: result
until: result.status == 200
retries: 25
delay: 5
delay: 5
when: not ansible_check_mode

12
Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/setup-elasticsearch.yml
View File

@@ -16,7 +16,7 @@
shell: /bin/bash
state: present
- name: Create required directories
- name: Create required directories
become: yes
file:
path: "{{ item }}"
@@ -69,16 +69,15 @@
when: check_elasticsearch_package_result.matched > 0
- name: Ensure /usr/share/elasticsearch exists
become: yes
file:
path: "{{ mc_es_home }}"
state: directory
owner: elasticsearch
group: elasticsearch
become: yes
- name: Extract elasticsearch package
become: yes
become_user: elasticsearch
ignore_errors: yes
unarchive:
src: "{{ mc_elasticsearch_package }}"
@@ -88,18 +87,21 @@
- --strip-components=1
owner: elasticsearch
group: elasticsearch
creates: "{{ mc_es_java_home }}"
register: unarchive_result
when: check_elasticsearch_package_result.matched > 0
- name: Copy elasticsearch config files to ES_PATH_CONF dir
become: yes
command: "cp -r {{ mc_es_home }}/config/. {{ mc_es_conf_base }}/"
when: unarchive_result.changed
- name: Remove elasticsearch config dir
become: yes
file:
path: "{{ mc_es_home }}/config"
state: absent
when: unarchive_result.changed
- name: Generate HA elasticsearch.yml template file
become: yes
@@ -150,7 +152,7 @@
- "{{ mc_es_data_dir }}"
- "{{ mc_es_log_dir }}"
- "{{ mc_es_home }}"
- name: Start elasticsearch
become: yes
become_user: elasticsearch
@@ -176,4 +178,4 @@
environment:
JAVA_HOME: "{{ mc_es_java_home }}"
register: install_searchguard_result
when: check_searchguard_bundle_result.matched == 1
when: check_searchguard_bundle_result.matched == 1

77
Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/setup-searchguard.yml
View File

@@ -1,31 +1,18 @@
- name: Copy elasticsearch certificate
- name: Copy elasticsearch cert files
become: yes
copy:
mode: 0600
src: files/searchguard/localhost.pem
dest: "{{ mc_es_conf_base }}/localhost.pem"
owner: elasticsearch
group: elasticsearch
- name: Copy elasticsearch private key
become: yes
copy:
mode: 0600
src: files/searchguard/localhost.key
dest: "{{ mc_es_conf_base }}/localhost.key"
owner: elasticsearch
group: elasticsearch
- name: Copy searchguard root ca
become: yes
copy:
mode: 0600
src: files/searchguard/root-ca.pem
dest: "{{ mc_es_conf_base }}/root-ca.pem"
src: "files/searchguard/{{ item }}"
dest: "{{ mc_es_conf_base }}/{{ item }}"
owner: elasticsearch
group: elasticsearch
loop:
- "localhost.pem"
- "localhost.key"
- "root-ca.pem"
- name: Find searchguard bundle
become: yes
find:
paths: "{{ mc_home }}/app/third-party/elasticsearch/"
patterns: "^search-guard-.+\\.zip$"
@@ -46,50 +33,30 @@
register: install_searchguard_result
when: check_searchguard_bundle_result.matched == 1
- name: Copy searchguard admin certificate
- name: Copy searchguard certificate files
become: yes
copy:
mode: 0600
src: files/searchguard/sgadmin.pem
dest: "{{ mc_es_searchgaurd_home }}/tools/sgadmin.pem"
src: "files/searchguard/{{ item }}"
dest: "{{ mc_es_searchgaurd_home }}/tools/{{ item }}"
owner: elasticsearch
group: elasticsearch
loop:
- "sgadmin.pem"
- "sgadmin.key"
- "root-ca.pem"
- name: Copy searchguard admin private key
- name: Copy SG roles files
become: yes
copy:
mode: 0600
src: files/searchguard/sgadmin.key
dest: "{{ mc_es_searchgaurd_home }}/tools/sgadmin.key"
owner: elasticsearch
group: elasticsearch
- name: Copy searchguard root ca
become: yes
copy:
mode: 0600
src: files/searchguard/root-ca.pem
dest: "{{ mc_es_searchgaurd_home }}/tools/root-ca.pem"
owner: elasticsearch
group: elasticsearch
- name: Copy roles template
become: yes
copy:
mode: 0600
src: files/searchguard/sg_roles.yml
dest: "{{ mc_es_searchgaurd_home }}/sgconfig/sg_roles.yml"
owner: elasticsearch
group: elasticsearch
- name: Copy roles template
become: yes
copy:
mode: 0600
src: files/searchguard/sg_roles_mapping.yml
dest: "{{ mc_es_searchgaurd_home }}/sgconfig/sg_roles_mapping.yml"
src: "files/searchguard/{{ item }}"
dest: "{{ mc_es_searchgaurd_home }}/sgconfig/{{ item }}"
owner: elasticsearch
group: elasticsearch
loop:
- "sg_roles.yml"
- "sg_roles_mapping.yml"
- name: Check execution bit
become: yes
@@ -97,4 +64,4 @@
path: "{{ mc_es_searchgaurd_home }}/tools/sgadmin.sh"
owner: elasticsearch
group: elasticsearch
mode: 0700
mode: 0700

1
Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/upgrade-elasticsearch.yml
View File

@@ -65,7 +65,6 @@
- name: Extract elasticsearch package
become: yes
become_user: elasticsearch
ignore_errors: yes
unarchive:
src: "{{ mc_elasticsearch_package }}"

72
Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/upgrade-searchguard.yml
View File

@@ -1,58 +1,27 @@
- name: Create elasticsearch config path folder
become: yes
file:
path: "{{ mc_es_conf_base }}/searchguard"
path: "{{ mc_es_conf_base }}"
state: directory
mode: 0755
owner: elasticsearch
group: elasticsearch
- name: Copy elasticsearch certificate
- name: Copy elasticsearch cert files
become: yes
copy:
mode: 0600
src: files/searchguard/localhost.pem
dest: "{{ mc_es_conf_base }}/localhost.pem"
owner: elasticsearch
group: elasticsearch
- name: Copy elasticsearch private key
become: yes
copy:
mode: 0600
src: files/searchguard/localhost.key
dest: "{{ mc_es_conf_base }}/localhost.key"
owner: elasticsearch
group: elasticsearch
- name: Copy searchguard admin certificate
become: yes
copy:
mode: 0600
src: files/searchguard/sgadmin.pem
dest: "{{ mc_es_conf_base }}/searchguard/sgadmin.pem"
owner: elasticsearch
group: elasticsearch
- name: Copy searchguard admin private key
become: yes
copy:
mode: 0600
src: files/searchguard/sgadmin.key
dest: "{{ mc_es_conf_base }}/searchguard/sgadmin.key"
owner: elasticsearch
group: elasticsearch
- name: Copy searchguard root ca
become: yes
copy:
mode: 0600
src: files/searchguard/root-ca.pem
dest: "{{ mc_es_conf_base }}/root-ca.pem"
src: "files/searchguard/{{ item }}"
dest: "{{ mc_es_conf_base }}/{{ item }}"
owner: elasticsearch
group: elasticsearch
loop:
- "localhost.pem"
- "localhost.key"
- "root-ca.pem"
- name: Find searchguard bundle
become: yes
find:
paths: "{{ mc_home }}/app/third-party/elasticsearch/"
patterns: "^search-guard-.+\\.zip$"
@@ -66,35 +35,42 @@
ignore_errors: yes
shell: |
{{ mc_es_script_path }}/elasticsearch-plugin install \
-b file://{{ check_searchguard_bundle_result.files[0].path }}
-b file://{{ check_searchguard_bundle_result.files[0].path }}
environment:
JAVA_HOME: "{{ mc_es_java_home }}"
ES_PATH_CONF: "{{ mc_es_conf_base }}/"
register: install_searchguard_result
when: check_searchguard_bundle_result.matched == 1
- name: Copy roles template
- name: Copy searchguard cert files
become: yes
copy:
mode: 0600
src: files/searchguard/sg_roles.yml
dest: "{{ mc_es_home }}/plugins/search-guard-7/sgconfig/sg_roles.yml"
src: "files/searchguard/{{ item }}"
dest: "{{ mc_es_searchgaurd_home }}/tools/{{ item }}"
owner: elasticsearch
group: elasticsearch
loop:
- "sgadmin.pem"
- "sgadmin.key"
- "root-ca.pem"
- name: Copy roles template
- name: Copy SG roles files
become: yes
copy:
mode: 0600
src: files/searchguard/sg_roles_mapping.yml
dest: "{{ mc_es_home }}/plugins/search-guard-7/sgconfig/sg_roles_mapping.yml"
src: "files/searchguard/{{ item }}"
dest: "{{ mc_es_searchgaurd_home }}/sgconfig/{{ item }}"
owner: elasticsearch
group: elasticsearch
loop:
- "sg_roles.yml"
- "sg_roles_mapping.yml"
- name: Check execution bit
become: yes
file:
path: "{{ mc_es_home }}/plugins/search-guard-7/tools/sgadmin.sh"
path: "{{ mc_es_searchgaurd_home }}/tools/sgadmin.sh"
owner: elasticsearch
group: elasticsearch
mode: 0700

46
Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/upgrade.yml
View File

@@ -2,12 +2,6 @@
- debug:
msg: "Performing Upgrade of missionControl version - {{ missioncontrol_version }}"
- name: Stop mc service
become: yes
systemd:
name: "{{ mc_daemon }}"
state: stopped
- name: Download mc for upgrade
unarchive:
src: "{{ mc_tar }}"
@@ -21,30 +15,42 @@
until: downloadmc is succeeded
retries: 3
- name: Stop mc service
become: yes
systemd:
name: "{{ mc_daemon }}"
state: stopped
when: downloadmc.changed
- name: Delete current app folder
become: yes
file:
path: "{{ mc_home }}/app"
state: absent
when: downloadmc.changed
- name: Copy new app to mc app
command: "cp -r {{ mc_untar_home }}/app/. {{ mc_home }}/app"
become: yes
when: downloadmc.changed
- name: Delete untar directory
file:
path: "{{ mc_untar_home }}"
state: absent
become: yes
when: downloadmc.changed
- name: Upgrade elasticsearch
import_tasks: upgrade-elasticsearch.yml
when: downloadmc.changed
- name: Check if install.sh wrapper script exist
become: yes
stat:
path: "{{ mc_install_script_path }}/install.sh"
register: upgrade_wrapper_script
when: downloadmc.changed
- name: Include interactive installer scripts
include_vars: script/archive.yml
@@ -55,11 +61,13 @@
exp_executable_cmd: "./install.sh -u {{ mc_user }} -g {{ mc_group }}"
exp_dir: "{{ mc_install_script_path }}"
exp_scenarios: "{{ mc_installer_scenario['main'] }}"
args:
args:
apply:
environment:
YQ_PATH: "{{ mc_thirdparty_path }}/yq"
when: upgrade_wrapper_script.stat.exists
environment:
YQ_PATH: "{{ mc_thirdparty_path }}/yq"
when:
- upgrade_wrapper_script.stat.exists
- downloadmc.changed
- name: Configure installer info
become: yes
@@ -68,11 +76,21 @@
dest: "{{ mc_home }}/var/etc/info/installer-info.json"
notify: restart missioncontrol
- name: Check if systemyaml exists
become: yes
stat:
path: "{{ mc_home }}/var/etc/system.yaml"
register: systemyaml
- name: Configure systemyaml
become: yes
template:
src: "{{ mc_system_yaml_template }}"
dest: "{{ mc_home }}/var/etc/system.yaml"
become: yes
when:
- mc_systemyaml is defined
- mc_systemyaml|length > 0
- mc_systemyaml_override or (not systemyaml.stat.exists)
notify: restart missioncontrol
- name: Update correct permissions
@@ -83,14 +101,14 @@
recurse: yes
owner: "{{ mc_user }}"
group: "{{ mc_group }}"
mode: '0755'
- name: Restart missioncontrol
meta: flush_handlers
- name : Wait for missionControl to be fully deployed
- name : Wait for missionControl to be fully deployed
uri: url=http://127.0.0.1:8082/router/api/v1/system/health timeout=130
register: result
until: result.status == 200
retries: 25
delay: 5
delay: 5
when: not ansible_check_mode

2
Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/templates/installer-info.json.j2
View File

@@ -1,6 +1,6 @@
{{ ansible_managed | comment }}
{
"productId": "Ansible_MissionControl/{{ platform_collection_version }}-{{ missionControl_version }}",
"productId": "Ansible_Missioncontrol/{{ platform_collection_version }}-{{ missioncontrol_version }}",
"features": [
{
"featureId": "Channel/{{ ansible_marketplace }}"

4
Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/templates/system.yaml.j2
View File

@@ -1,3 +1 @@
{% if (mc_systemyaml) and (mc_systemyaml|length > 0) %}
{{ mc_systemyaml }}
{% endif %}
{{ mc_systemyaml }}

5
Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/vars/main.yml
View File

@@ -1 +1,6 @@
---
# platform collection version
platform_collection_version: 7.19.4
# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone)
ansible_marketplace: galaxy

6
Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/Debian.yml
View File

@@ -12,15 +12,15 @@
- name: add postgres apt key
become: yes
apt_key:
url: https://www.postgresql.org/media/keys/ACCC4CF8.asc
id: "0x7FCC7D46ACCC4CF8"
url: "{{ postgres_apt_key_url }}"
id: "{{ postgres_apt_key_id }}"
validate_certs: no
state: present
- name: register APT repository
become: yes
apt_repository:
repo: deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main
repo: "{{ postgres_apt_repository_repo }}"
state: present
filename: pgdg

4
Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/main.yml
View File

@@ -4,7 +4,7 @@
- name: perform installation
include_tasks: "{{ ansible_os_family }}.yml"
- name: Set PostgreSQL environment variables.
become: yes
template:
@@ -96,7 +96,7 @@
become: yes
become_user: postgres
postgresql_privs:
database: "{{ mc_db_name}}"
database: "{{ mc_db_name }}"
privs: ALL
type: schema
roles: "{{ mc_db_user }}"

3
Ansible/ansible_collections/jfrog/platform/roles/postgres/vars/Debian.yml
View File

@@ -4,3 +4,6 @@ postgresql_bin_path: "/usr/lib/postgresql/{{ postgres_version }}/bin"
postgresql_config_path: "/etc/postgresql/{{ postgres_version }}/main"
postgresql_daemon: postgresql@{{ postgres_version}}-main
postgresql_external_pid_file: "/var/run/postgresql/{{ postgres_version }}-main.pid"
postgres_apt_key_url: "https://www.postgresql.org/media/keys/ACCC4CF8.asc"
postgres_apt_key_id: "0x7FCC7D46ACCC4CF8"
postgres_apt_repository_repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main"

9
Ansible/ansible_collections/jfrog/platform/roles/xray/defaults/main.yml
View File

@@ -1,7 +1,8 @@
---
# defaults file for xray
# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone)
ansible_marketplace: standalone
# The version of xray to install
xray_version: 3.25.1
# whether to enable HA
xray_ha_enabled: false
@@ -21,6 +22,7 @@ xray_home: "{{ jfrog_home_directory }}/xray"
xray_install_script_path: "{{ xray_home }}/app/bin"
xray_thirdparty_path: "{{ xray_home }}/app/third-party"
xray_archive_service_cmd: "{{ xray_install_script_path }}/installService.sh"
xray_service_file : /lib/systemd/system/xray.service
#xray users and groups
xray_user: xray
@@ -102,3 +104,6 @@ xray_systemyaml: |-
router:
entrypoints:
internalPort: 8046
# Note: xray_systemyaml_override is by default false, if you want to change default xray_systemyaml
xray_systemyaml_override: false

27
Ansible/ansible_collections/jfrog/platform/roles/xray/tasks/install.yml
View File

@@ -62,7 +62,7 @@
command: "cp -r {{ xray_untar_home }}/. {{ xray_home }}"
when: not app_dir_check.stat.exists
- name: Create required directories
- name: Create required directories
become: yes
file:
path: "{{ item }}"
@@ -79,8 +79,7 @@
become: yes
copy:
dest: "{{ xray_home }}/var/etc/security/master.key"
content: |
{{ master_key }}
content: "{{ master_key }}"
owner: "{{ xray_user }}"
group: "{{ xray_group }}"
mode: 0640
@@ -108,12 +107,11 @@
exp_executable_cmd: "./install.sh -u {{ xray_user }} -g {{ xray_group }}"
exp_dir: "{{ xray_install_script_path }}"
exp_scenarios: "{{ xray_installer_scenario['main'] }}"
args:
args:
apply:
environment:
YQ_PATH: "{{ xray_thirdparty_path }}/yq"
environment:
YQ_PATH: "{{ xray_thirdparty_path }}/yq"
when: install_wrapper_script.stat.exists
ignore_errors: yes
- name: Configure rabbitmq config
become: yes
@@ -122,11 +120,21 @@
dest: "{{ xray_home }}/app/bin/rabbitmq/rabbitmq.conf"
notify: restart xray
- name: Check if systemyaml exists
become: yes
stat:
path: "{{ xray_home }}/var/etc/system.yaml"
register: systemyaml
- name: Configure systemyaml
become: yes
template:
src: "{{ xray_system_yaml_template }}"
dest: "{{ xray_home }}/var/etc/system.yaml"
when:
- xray_systemyaml is defined
- xray_systemyaml|length > 0
- xray_systemyaml_override or (not systemyaml.stat.exists)
notify: restart xray
- name: Configure installer info
@@ -151,15 +159,16 @@
{{ xray_archive_service_cmd }}
args:
chdir: "{{ xray_install_script_path }}"
creates: "{{ xray_service_file }}"
register: check_service_status_result
ignore_errors: yes
- name: Restart xray
meta: flush_handlers
- name : Wait for xray to be fully deployed
- name : Wait for xray to be fully deployed
uri: url=http://127.0.0.1:8082/router/api/v1/system/health timeout=130
register: result
until: result.status == 200
retries: 25
delay: 5
when: not ansible_check_mode

61
Ansible/ansible_collections/jfrog/platform/roles/xray/tasks/upgrade.yml
View File

@@ -2,12 +2,6 @@
- debug:
msg: "Performing upgrade of Xray version to {{ xray_version }}..."
- name: stop xray
become: yes
systemd:
name: "{{ xray_daemon }}"
state: stopped
- name: download xray for upgrade
become: yes
unarchive:
@@ -17,28 +11,40 @@
owner: "{{ xray_user }}"
group: "{{ xray_group }}"
creates: "{{ xray_untar_home }}"
register: downloadxray
until: downloadxray is succeeded
retries: 3
- name: stop xray
become: yes
systemd:
name: "{{ xray_daemon }}"
state: stopped
when: downloadxray.changed
- name: Delete xray app
become: yes
file:
path: "{{ xray_home }}/app"
state: absent
when: downloadxray.changed
- name: Copy new app to xray app
become: yes
command: "cp -r {{ xray_untar_home }}/app/. {{ xray_home }}/app"
when: downloadxray.changed
- name: Upgrade rabbitmq
import_tasks: rabbitmq/upgrade/RedHat.yml
when: ansible_os_family == 'RedHat'
when:
- ansible_os_family == 'RedHat'
- downloadxray.changed
- name: Upgrade rabbitmq
import_tasks: rabbitmq/upgrade/Debian.yml
when: ansible_os_family == 'Debian'
when:
- ansible_os_family == 'Debian'
- downloadxray.changed
- name: Check if install.sh wrapper script exist
become: yes
@@ -55,25 +61,38 @@
exp_executable_cmd: "./install.sh -u {{ xray_user }} -g {{ xray_group }}"
exp_dir: "{{ xray_install_script_path }}"
exp_scenarios: "{{ xray_installer_scenario['main'] }}"
args:
args:
apply:
environment:
YQ_PATH: "{{ xray_thirdparty_path }}/yq"
when: install_wrapper_script.stat.exists
ignore_errors: yes
environment:
YQ_PATH: "{{ xray_thirdparty_path }}/yq"
when:
- install_wrapper_script.stat.exists
- downloadxray.changed
- name: Configure rabbitmq config
become: yes
template:
src: "rabbitmq.conf.j2"
dest: "{{ xray_home }}/app/bin/rabbitmq/rabbitmq.conf"
when:
- downloadxray.changed
notify: restart xray
- name: Check if systemyaml exists
become: yes
stat:
path: "{{ xray_home }}/var/etc/system.yaml"
register: systemyaml
- name: Configure systemyaml
become: yes
template:
src: "{{ xray_system_yaml_template }}"
dest: "{{ xray_home }}/var/etc/system.yaml"
when:
- xray_systemyaml is defined
- xray_systemyaml|length > 0
- xray_systemyaml_override or (not systemyaml.stat.exists)
notify: restart xray
- name: configure installer info
@@ -92,21 +111,13 @@
group: "{{ xray_group }}"
recurse: yes
- name: Install xray as a service
become: yes
shell: |
{{ xray_archive_service_cmd }}
args:
chdir: "{{ xray_install_script_path }}"
register: check_service_status_result
ignore_errors: yes
- name: Restart xray
meta: flush_handlers
- name : wait for xray to be fully deployed
- name : wait for xray to be fully deployed
uri: url=http://127.0.0.1:8082/router/api/v1/system/health timeout=130
register: result
until: result.status == 200
retries: 25
delay: 5
delay: 5
when: not ansible_check_mode

6
Ansible/ansible_collections/jfrog/platform/roles/xray/vars/main.yml
View File

@@ -1,2 +1,6 @@
---
# vars file for xray
# platform collection version
platform_collection_version: 7.19.4
# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone)
ansible_marketplace: galaxy