zware/JFrog-Cloud-Installers
1
0
Fork 0
mirror of https://github.com/ZwareBear/JFrog-Cloud-Installers.git synced 2026-01-22 03:06:59 -06:00
Code Issues Packages Projects Releases Wiki Activity

[ansible] JFrog Platform 7.19.4 (#124)

Browse Source
This commit is contained in:
Ram Mohan Rao Chukka
2021-05-30 20:51:17 +05:30
committed by GitHub
parent c5478f8840
commit 5b9899995b
38 changed files with 399 additions and 310 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/install.yml
View File

@@ -9,7 +9,7 @@
state: present
when: ansible_os_family == 'Redhat'
- name: Install expect dependency
- name: Install expect dependency
become: yes
apt:
name: expect
@@ -59,7 +59,7 @@
command: "cp -r {{ mc_untar_home }}/. {{ mc_home }}"
when: not app_dir_check.stat.exists
- name: Create required directories
- name: Create required directories
become: yes
file:
path: "{{ item }}"
@@ -76,8 +76,7 @@
become: yes
copy:
dest: "{{ mc_home }}/var/etc/security/master.key"
content: |
{{ master_key }}
content: "{{ master_key }}"
owner: "{{ mc_user }}"
group: "{{ mc_group }}"
mode: 0640
@@ -100,10 +99,10 @@
exp_executable_cmd: "./install.sh -u {{ mc_user }} -g {{ mc_group }}"
exp_dir: "{{ mc_install_script_path }}"
exp_scenarios: "{{ mc_installer_scenario['main'] }}"
args:
args:
apply:
environment:
YQ_PATH: "{{ mc_thirdparty_path }}/yq"
environment:
YQ_PATH: "{{ mc_thirdparty_path }}/yq"
when: install_wrapper_script.stat.exists
- name: Configure installer info
@@ -113,11 +112,21 @@
dest: "{{ mc_home }}/var/etc/info/installer-info.json"
notify: restart missioncontrol
- name: Check if systemyaml exists
become: yes
stat:
path: "{{ mc_home }}/var/etc/system.yaml"
register: systemyaml
- name: Configure systemyaml
become: yes
template:
src: "{{ mc_system_yaml_template }}"
dest: "{{ mc_home }}/var/etc/system.yaml"
when:
- mc_systemyaml is defined
- mc_systemyaml|length > 0
- mc_systemyaml_override or (not systemyaml.stat.exists)
notify: restart missioncontrol
- name: Update correct permissions
@@ -128,7 +137,6 @@
recurse: yes
owner: "{{ mc_user }}"
group: "{{ mc_group }}"
mode: '0755'
- name: Install mc as a service
become: yes
@@ -136,15 +144,16 @@
{{ mc_archive_service_cmd }}
args:
chdir: "{{ mc_install_script_path }}"
creates: "{{ mc_service_file }}"
register: check_service_status_result
ignore_errors: yes
- name: Restart missioncontrol
meta: flush_handlers
- name : Wait for missionControl to be fully deployed
- name : Wait for missionControl to be fully deployed
uri: url=http://127.0.0.1:8082/router/api/v1/system/health timeout=130
register: result
until: result.status == 200
retries: 25
delay: 5
delay: 5
when: not ansible_check_mode

12
Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/setup-elasticsearch.yml
View File

@@ -16,7 +16,7 @@
shell: /bin/bash
state: present
- name: Create required directories
- name: Create required directories
become: yes
file:
path: "{{ item }}"
@@ -69,16 +69,15 @@
when: check_elasticsearch_package_result.matched > 0
- name: Ensure /usr/share/elasticsearch exists
become: yes
file:
path: "{{ mc_es_home }}"
state: directory
owner: elasticsearch
group: elasticsearch
become: yes
- name: Extract elasticsearch package
become: yes
become_user: elasticsearch
ignore_errors: yes
unarchive:
src: "{{ mc_elasticsearch_package }}"
@@ -88,18 +87,21 @@
- --strip-components=1
owner: elasticsearch
group: elasticsearch
creates: "{{ mc_es_java_home }}"
register: unarchive_result
when: check_elasticsearch_package_result.matched > 0
- name: Copy elasticsearch config files to ES_PATH_CONF dir
become: yes
command: "cp -r {{ mc_es_home }}/config/. {{ mc_es_conf_base }}/"
when: unarchive_result.changed
- name: Remove elasticsearch config dir
become: yes
file:
path: "{{ mc_es_home }}/config"
state: absent
when: unarchive_result.changed
- name: Generate HA elasticsearch.yml template file
become: yes
@@ -150,7 +152,7 @@
- "{{ mc_es_data_dir }}"
- "{{ mc_es_log_dir }}"
- "{{ mc_es_home }}"
- name: Start elasticsearch
become: yes
become_user: elasticsearch
@@ -176,4 +178,4 @@
environment:
JAVA_HOME: "{{ mc_es_java_home }}"
register: install_searchguard_result
when: check_searchguard_bundle_result.matched == 1
when: check_searchguard_bundle_result.matched == 1

77
Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/setup-searchguard.yml
View File

@@ -1,31 +1,18 @@
- name: Copy elasticsearch certificate
- name: Copy elasticsearch cert files
become: yes
copy:
mode: 0600
src: files/searchguard/localhost.pem
dest: "{{ mc_es_conf_base }}/localhost.pem"
owner: elasticsearch
group: elasticsearch
- name: Copy elasticsearch private key
become: yes
copy:
mode: 0600
src: files/searchguard/localhost.key
dest: "{{ mc_es_conf_base }}/localhost.key"
owner: elasticsearch
group: elasticsearch
- name: Copy searchguard root ca
become: yes
copy:
mode: 0600
src: files/searchguard/root-ca.pem
dest: "{{ mc_es_conf_base }}/root-ca.pem"
src: "files/searchguard/{{ item }}"
dest: "{{ mc_es_conf_base }}/{{ item }}"
owner: elasticsearch
group: elasticsearch
loop:
- "localhost.pem"
- "localhost.key"
- "root-ca.pem"
- name: Find searchguard bundle
become: yes
find:
paths: "{{ mc_home }}/app/third-party/elasticsearch/"
patterns: "^search-guard-.+\\.zip$"
@@ -46,50 +33,30 @@
register: install_searchguard_result
when: check_searchguard_bundle_result.matched == 1
- name: Copy searchguard admin certificate
- name: Copy searchguard certificate files
become: yes
copy:
mode: 0600
src: files/searchguard/sgadmin.pem
dest: "{{ mc_es_searchgaurd_home }}/tools/sgadmin.pem"
src: "files/searchguard/{{ item }}"
dest: "{{ mc_es_searchgaurd_home }}/tools/{{ item }}"
owner: elasticsearch
group: elasticsearch
loop:
- "sgadmin.pem"
- "sgadmin.key"
- "root-ca.pem"
- name: Copy searchguard admin private key
- name: Copy SG roles files
become: yes
copy:
mode: 0600
src: files/searchguard/sgadmin.key
dest: "{{ mc_es_searchgaurd_home }}/tools/sgadmin.key"
owner: elasticsearch
group: elasticsearch
- name: Copy searchguard root ca
become: yes
copy:
mode: 0600
src: files/searchguard/root-ca.pem
dest: "{{ mc_es_searchgaurd_home }}/tools/root-ca.pem"
owner: elasticsearch
group: elasticsearch
- name: Copy roles template
become: yes
copy:
mode: 0600
src: files/searchguard/sg_roles.yml
dest: "{{ mc_es_searchgaurd_home }}/sgconfig/sg_roles.yml"
owner: elasticsearch
group: elasticsearch
- name: Copy roles template
become: yes
copy:
mode: 0600
src: files/searchguard/sg_roles_mapping.yml
dest: "{{ mc_es_searchgaurd_home }}/sgconfig/sg_roles_mapping.yml"
src: "files/searchguard/{{ item }}"
dest: "{{ mc_es_searchgaurd_home }}/sgconfig/{{ item }}"
owner: elasticsearch
group: elasticsearch
loop:
- "sg_roles.yml"
- "sg_roles_mapping.yml"
- name: Check execution bit
become: yes
@@ -97,4 +64,4 @@
path: "{{ mc_es_searchgaurd_home }}/tools/sgadmin.sh"
owner: elasticsearch
group: elasticsearch
mode: 0700
mode: 0700

1
Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/upgrade-elasticsearch.yml
View File

@@ -65,7 +65,6 @@
- name: Extract elasticsearch package
become: yes
become_user: elasticsearch
ignore_errors: yes
unarchive:
src: "{{ mc_elasticsearch_package }}"

72
Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/upgrade-searchguard.yml
View File

@@ -1,58 +1,27 @@
- name: Create elasticsearch config path folder
become: yes
file:
path: "{{ mc_es_conf_base }}/searchguard"
path: "{{ mc_es_conf_base }}"
state: directory
mode: 0755
owner: elasticsearch
group: elasticsearch
- name: Copy elasticsearch certificate
- name: Copy elasticsearch cert files
become: yes
copy:
mode: 0600
src: files/searchguard/localhost.pem
dest: "{{ mc_es_conf_base }}/localhost.pem"
owner: elasticsearch
group: elasticsearch
- name: Copy elasticsearch private key
become: yes
copy:
mode: 0600
src: files/searchguard/localhost.key
dest: "{{ mc_es_conf_base }}/localhost.key"
owner: elasticsearch
group: elasticsearch
- name: Copy searchguard admin certificate
become: yes
copy:
mode: 0600
src: files/searchguard/sgadmin.pem
dest: "{{ mc_es_conf_base }}/searchguard/sgadmin.pem"
owner: elasticsearch
group: elasticsearch
- name: Copy searchguard admin private key
become: yes
copy:
mode: 0600
src: files/searchguard/sgadmin.key
dest: "{{ mc_es_conf_base }}/searchguard/sgadmin.key"
owner: elasticsearch
group: elasticsearch
- name: Copy searchguard root ca
become: yes
copy:
mode: 0600
src: files/searchguard/root-ca.pem
dest: "{{ mc_es_conf_base }}/root-ca.pem"
src: "files/searchguard/{{ item }}"
dest: "{{ mc_es_conf_base }}/{{ item }}"
owner: elasticsearch
group: elasticsearch
loop:
- "localhost.pem"
- "localhost.key"
- "root-ca.pem"
- name: Find searchguard bundle
become: yes
find:
paths: "{{ mc_home }}/app/third-party/elasticsearch/"
patterns: "^search-guard-.+\\.zip$"
@@ -66,35 +35,42 @@
ignore_errors: yes
shell: |
{{ mc_es_script_path }}/elasticsearch-plugin install \
-b file://{{ check_searchguard_bundle_result.files[0].path }}
-b file://{{ check_searchguard_bundle_result.files[0].path }}
environment:
JAVA_HOME: "{{ mc_es_java_home }}"
ES_PATH_CONF: "{{ mc_es_conf_base }}/"
register: install_searchguard_result
when: check_searchguard_bundle_result.matched == 1
- name: Copy roles template
- name: Copy searchguard cert files
become: yes
copy:
mode: 0600
src: files/searchguard/sg_roles.yml
dest: "{{ mc_es_home }}/plugins/search-guard-7/sgconfig/sg_roles.yml"
src: "files/searchguard/{{ item }}"
dest: "{{ mc_es_searchgaurd_home }}/tools/{{ item }}"
owner: elasticsearch
group: elasticsearch
loop:
- "sgadmin.pem"
- "sgadmin.key"
- "root-ca.pem"
- name: Copy roles template
- name: Copy SG roles files
become: yes
copy:
mode: 0600
src: files/searchguard/sg_roles_mapping.yml
dest: "{{ mc_es_home }}/plugins/search-guard-7/sgconfig/sg_roles_mapping.yml"
src: "files/searchguard/{{ item }}"
dest: "{{ mc_es_searchgaurd_home }}/sgconfig/{{ item }}"
owner: elasticsearch
group: elasticsearch
loop:
- "sg_roles.yml"
- "sg_roles_mapping.yml"
- name: Check execution bit
become: yes
file:
path: "{{ mc_es_home }}/plugins/search-guard-7/tools/sgadmin.sh"
path: "{{ mc_es_searchgaurd_home }}/tools/sgadmin.sh"
owner: elasticsearch
group: elasticsearch
mode: 0700

46
Ansible/ansible_collections/jfrog/platform/roles/missioncontrol/tasks/upgrade.yml
View File

@@ -2,12 +2,6 @@
- debug:
msg: "Performing Upgrade of missionControl version - {{ missioncontrol_version }}"
- name: Stop mc service
become: yes
systemd:
name: "{{ mc_daemon }}"
state: stopped
- name: Download mc for upgrade
unarchive:
src: "{{ mc_tar }}"
@@ -21,30 +15,42 @@
until: downloadmc is succeeded
retries: 3
- name: Stop mc service
become: yes
systemd:
name: "{{ mc_daemon }}"
state: stopped
when: downloadmc.changed
- name: Delete current app folder
become: yes
file:
path: "{{ mc_home }}/app"
state: absent
when: downloadmc.changed
- name: Copy new app to mc app
command: "cp -r {{ mc_untar_home }}/app/. {{ mc_home }}/app"
become: yes
when: downloadmc.changed
- name: Delete untar directory
file:
path: "{{ mc_untar_home }}"
state: absent
become: yes
when: downloadmc.changed
- name: Upgrade elasticsearch
import_tasks: upgrade-elasticsearch.yml
when: downloadmc.changed
- name: Check if install.sh wrapper script exist
become: yes
stat:
path: "{{ mc_install_script_path }}/install.sh"
register: upgrade_wrapper_script
when: downloadmc.changed
- name: Include interactive installer scripts
include_vars: script/archive.yml
@@ -55,11 +61,13 @@
exp_executable_cmd: "./install.sh -u {{ mc_user }} -g {{ mc_group }}"
exp_dir: "{{ mc_install_script_path }}"
exp_scenarios: "{{ mc_installer_scenario['main'] }}"
args:
args:
apply:
environment:
YQ_PATH: "{{ mc_thirdparty_path }}/yq"
when: upgrade_wrapper_script.stat.exists
environment:
YQ_PATH: "{{ mc_thirdparty_path }}/yq"
when:
- upgrade_wrapper_script.stat.exists
- downloadmc.changed
- name: Configure installer info
become: yes
@@ -68,11 +76,21 @@
dest: "{{ mc_home }}/var/etc/info/installer-info.json"
notify: restart missioncontrol
- name: Check if systemyaml exists
become: yes
stat:
path: "{{ mc_home }}/var/etc/system.yaml"
register: systemyaml
- name: Configure systemyaml
become: yes
template:
src: "{{ mc_system_yaml_template }}"
dest: "{{ mc_home }}/var/etc/system.yaml"
become: yes
when:
- mc_systemyaml is defined
- mc_systemyaml|length > 0
- mc_systemyaml_override or (not systemyaml.stat.exists)
notify: restart missioncontrol
- name: Update correct permissions
@@ -83,14 +101,14 @@
recurse: yes
owner: "{{ mc_user }}"
group: "{{ mc_group }}"
mode: '0755'
- name: Restart missioncontrol
meta: flush_handlers
- name : Wait for missionControl to be fully deployed
- name : Wait for missionControl to be fully deployed
uri: url=http://127.0.0.1:8082/router/api/v1/system/health timeout=130
register: result
until: result.status == 200
retries: 25
delay: 5
delay: 5
when: not ansible_check_mode