Added Cloud Installer templates

CloudFormation/README.md

@@ -0,0 +1,71 @@
+# CloudFormation Template For Artifactory Enterprise
+
+### Steps to Deploy Artifactory Enterprise using CloudFormation template
+
+1. Go to AWS Console and Select CloudFormation. Then click on Create Stack.
+   You will see following window. 
+![screenshot](images/1.png)
+
+2. Upload Artifactory-enterprise.json (Artifactory Enterprise template) and click next.
+![screenshot](images/2.png)
+
+3. Provide required information like stack name, DBAllocatedStorage, DBInstanceClass, DBName, DBPassword,
+   DBUser, InstanceType, InstanceStorage, MasterKey, ArtifactoryVersion, KeyName, ArtifactoryLicense1-5, MultiAZDatabase, SSHLocation, Certificate, CertificateKey, SecondaryNodeCount. Then click next.
+![screenshot](images/3.png)
+
+4. Mark on checkbox to allow CloudFormation to create IAM user for Artifactory to access S3 bucket.
+![screenshot](images/4.png)
+
+5. Once Stack in deployed you will see Artifactory Load Balancer URL in output as showed in screenshot.
+![screenshot](images/5.png)
+
+6. Open Artifactory URL and you will be able to see Artifactory UI.
+![screenshot](images/6.png)
+
+7. Let's make sure that Artifactory is running in High Availability mode. Go to Admin -> High Availability in Artifactory UI to see this table.
+![screenshot](images/8.png)
+
+8. Now let's add 2 more nodes to Artifactory Enterprise cluster. Go to CloudFormation UI in AWS console and select newly deployed Artifactory Enterprise Stack.
+   Click on Action -> Update Stack.
+![screenshot](images/9.png)
+
+9. Increase SecondaryNodeCount from 0 to 2. Then update the Stack.
+![screenshot](images/10.png)
+
+10. It will take few minutes to update stack.
+![screenshot](images/11.png)
+
+11. Once Stack is updated.
+![screenshot](images/12.png)
+
+12. You will be able to see 3 nodes in High Availability table in Artifactory UI as part of Enterprise cluster.
+![screenshot](images/13.png)
+
+### Note: 
+1. This template only supports Artifactory version 5.8.x and above.
+2. Turn off daily backups.  Read Documentation provided [here](https://www.jfrog.com/confluence/display/RTF/Managing+Backups)
+3. Use SSL Certificate with valid wild card to you artifactory as docker registry with subdomain method.
+
+### Steps to setup Artifactory as secure docker registry
+considering you have SSL certificate for `*.jfrog.team`
+1. Pass your SSL Certificate in parameter `Certificate` as string
+2. Pass your SSL Certificate Key in parameter `CertificateKey` as string
+3. Set `CertificateDomain` as `jfrog.team`
+4. Set `ArtifactoryServerName` as `artifactory` if you want to access artifactory with `https://artifactory.jfrog.team`
+5. Create Rout53 with entry `artifactory.jfrog.team` pointing to ELB value provided as output in CloudFormation Stack.
+6. Create Rout53 with entry `*.jfrog.team` pointing to ELB value provided as output in CloudFormation Stack.
+7. If you have virtual docker registry with name `docker-virtual` in artifactory. You can access it via `docker-virtual.jfrog.team`
+   e.g ```docker pull docker-virtual.jfrog.team/nginx```
+
+### Steps to upgrade Artifactory Version
+
+1. Go to AWS Console and Select CloudFormation Artifactory Stack you want to upgrade. Then click on Update Stack.
+
+2. Change Artifactory version in parameters from old version to version you want to deploy.  
+   for e.g. 5.8.1 to 5.8.2
+   
+   ![screenshot](images/14.png)
+   
+3. You will see instances will get upgraded one by one. Depending on your cluster size it will take 20-30 minutes to update stack.
+
+![screenshot](images/15.png)

README.md

@@ -1 +1,6 @@
 # JFrog-Cloud-Installers
+
+Template to deploy/manage JFrog Artifactory enterprise cluster on various cloud providers.
+
+[Terraform](Terraform/README.md)
+[CloudFormation](CloudFormation/README.md)

Terraform/README.md

@@ -0,0 +1,84 @@
+# Terraform Template For Artifactory Enterprise
+
+### Prerequisites:
+* AWS account
+* Basic knowledge to AWS
+* Pre created Keys
+* Basic knowledge of Artifactory
+
+### Steps to Deploy Artifactory Enterprise using Terraform template
+
+1. Set your AWS account credentials.
+   Easy way to do it is by setting environment variables.
+   ```
+      export AWS_ACCESS_KEY_ID="your_access_key"
+      export AWS_SECRET_ACCESS_KEY="your_secret_key"
+      export AWS_DEFAULT_REGION="aws_region"
+    ```
+   To learn more about Terraform aws provider follow there documentation.
+   https://www.terraform.io/docs/providers/aws/index.html
+   
+2. Make Changes in `variables.tf` file to change default values to desired once. Also pass Artifactory Enterprise licenses as string in Variables `artifactory_license_1-5`."
+   e.g Change disk space to 500Gb:
+   ```
+   variable "volume_size" {
+     description = "Disk size for each EC2 instances"
+     default     = 500
+   }
+   ```
+
+3. Run command `terraform init -var 'key_name=myAwsKey'`
+   This is install required plugin for AWS provider.
+
+4. Run command `terraform plan -var 'key_name=myAwsKey'`.
+
+5. Run command `terraform apply -var 'key_name=myAwsKey'` to deploy Artifactory Enterprise cluster on AWS.
+   
+   It will take approximately 15 min to bring up cluster. 
+   
+   You will get ELB Url to access Artifactory.By default This template will start only 1 node in Artifactory cluster.
+   ```
+   Outputs:
+   
+   address = artifactory-elb-265664219.us-west-2.elb.amazonaws.com
+    ```
+   
+6. Access Artifactory UI using ELB Url provided in outputs.
+
+7. Scale your cluster using following command: 
+
+   `terraform apply -var 'key_name=myAwsKey' -var 'secondary_node_count=2'`
+   
+   In this example we are scaling artifactory cluster to 2 nodes.   
+   
+   Note: You can only scale nodes to number of artifactory licenses you have available for cluster.
+   
+8. SSH into Artifactory primary instance and write [inactiveServerCleaner](inactiveServerCleaner.groovy) plugin in '/var/opt/jfrog/artifactory/etc/plugins' directory.
+
+9. Command to destroy cluster:
+   `terraform destroy -var 'key_name=myAwsKey'`
+   
+### Note: 
+1. This template only supports Artifactory version 5.8.x and above.
+2. Turn off daily backups.  Read Documentation provided [here](https://www.jfrog.com/confluence/display/RTF/Managing+Backups)
+3. Use SSL Certificate with valid wild card to you artifactory as docker registry with subdomain method.
+
+### Steps to setup Artifactory as secure docker registry
+considering you have SSL certificate for `*.jfrog.team`
+1. Pass your SSL Certificate in variable `ssl_certificate` as string
+2. Pass your SSL Certificate Key in variable `ssl_certificate_key` as string
+3. Set `certificate_domain` as `jfrog.team`
+4. Set `artifactory_server_name` as `artifactory` if you want to access artifactory with `https://artifactory.jfrog.team`
+5. Create Rout53 with entry `artifactory.jfrog.team` pointing to ELB value provided as output in CloudFormation Stack.
+6. Create Rout53 with entry `*.jfrog.team` pointing to ELB value provided as output in CloudFormation Stack.
+7. If you have virtual docker registry with name `docker-virtual` in artifactory. You can access it via `docker-virtual.jfrog.team`
+   e.g ```docker pull docker-virtual.jfrog.team/nginx```
+
+
+### Steps to upgrade Artifactory Version 
+1. Change value of `artifactory_version` from old version to new Artifactory version you want to deploy.
+   for e.g. 5.8.1 to 5.8.2
+   Run command `terraform apply -var 'key_name=myAwsKey' -var 'secondary_node_count=2' -ver 'artifactory_version=5.8.2'`.
+        
+2. You will see instances will get upgraded one by one. Depending on your cluster size it will take 20-30 minutes to update stack.
+   

Terraform/inactiveServerCleaner.groovy

@@ -0,0 +1,37 @@
+import org.artifactory.state.ArtifactoryServerState
+import org.artifactory.storage.db.servers.service.ArtifactoryServersCommonService
+import org.artifactory.common.ConstantValues
+import org.slf4j.Logger
+import java.util.concurrent.TimeUnit
+
+jobs {
+    clean(cron: "* 0/1 * * * ?") {
+        def artifactoryServersCommonService = ctx.beanForType(ArtifactoryServersCommonService)
+        def artifactoryInactiveServerCleaner = new ArtifactoryInactiveServersCleaner(artifactoryServersCommonService, log)
+        artifactoryInactiveServerCleaner.cleanInactiveArtifactoryServers()
+    }
+}
+
+public class ArtifactoryInactiveServersCleaner {
+
+    private ArtifactoryServersCommonService artifactoryServersCommonService
+    private Logger log
+
+    ArtifactoryInactiveServersCleaner(ArtifactoryServersCommonService artifactoryServersCommonService, Logger log) {
+        this.artifactoryServersCommonService = artifactoryServersCommonService
+        this.log = log
+    }
+
+    def cleanInactiveArtifactoryServers() {
+        List<String> allMembers = artifactoryServersCommonService.getAllArtifactoryServers()
+        for (member in allMembers) {
+            def heartbeat = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis() - member.getLastHeartbeat())
+            def noheartbeat = heartbeat > ConstantValues.haHeartbeatStaleIntervalSecs.getInt()
+            if (member.getServerState() == ArtifactoryServerState.UNAVAILABLE || noheartbeat) {
+                log.info "Running inactive artifactory servers cleaning task, found ${member.serverId} inactive servers to " +
+                        "remove"
+                artifactoryServersCommonService.removeServer(member.serverId)
+            }
+        }
+    }
+}

Terraform/main.tf

@@ -0,0 +1,447 @@
+# Specify the provider and access details
+provider "aws" {
+  region = "${var.aws_region}"
+}
+
+# Create a VPC to launch our instances into
+resource "aws_vpc" "default" {
+  cidr_block = "10.0.0.0/16"
+}
+
+# Create an internet gateway to give our subnet access to the outside world
+resource "aws_internet_gateway" "default" {
+  vpc_id = "${aws_vpc.default.id}"
+}
+
+# Grant the VPC internet access on its main route table
+resource "aws_route" "internet_access" {
+  route_table_id         = "${aws_vpc.default.main_route_table_id}"
+  destination_cidr_block = "0.0.0.0/0"
+  gateway_id             = "${aws_internet_gateway.default.id}"
+}
+
+# Declare the data source
+data "aws_availability_zones" "available" {}
+
+# Create a subnet to launch our instances into
+resource "aws_subnet" "default" {
+  vpc_id                  = "${aws_vpc.default.id}"
+  cidr_block              = "10.0.1.0/24"
+  map_public_ip_on_launch = true
+}
+
+# Create a subnet to launch our instances into
+resource "aws_subnet" "default_2" {
+  vpc_id                  = "${aws_vpc.default.id}"
+  cidr_block              = "10.0.2.0/24"
+  map_public_ip_on_launch = true
+  availability_zone = "${data.aws_availability_zones.available.names[0]}"
+}
+
+resource "aws_subnet" "default_3" {
+  vpc_id                  = "${aws_vpc.default.id}"
+  cidr_block              = "10.0.3.0/24"
+  map_public_ip_on_launch = true
+  availability_zone = "${data.aws_availability_zones.available.names[1]}"
+}
+
+# A security group for the ELB so it is accessible via the web
+resource "aws_security_group" "elb" {
+  name        = "artifactory_elb"
+  description = "Used in the terraform"
+  vpc_id      = "${aws_vpc.default.id}"
+
+  # HTTP access from anywhere
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  # HTTPS access from anywhere
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  # outbound internet access
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+
+#IAM user for S3
+resource "aws_iam_user" "s3" {
+  name = "s3-access"
+}
+
+#IAM access key for S3
+resource "aws_iam_access_key" "s3" {
+  user = "${aws_iam_user.s3.name}"
+}
+
+# S3 bucket
+resource "aws_s3_bucket" "b" {
+  bucket = "${var.bucket_name}"
+  acl    = "private"
+}
+
+#IAM Policy
+resource "aws_iam_user_policy" "lb_ro" {
+  user = "${aws_iam_user.s3.name}"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "s3:*"
+      ],
+      "Effect": "Allow",
+      "Resource": [
+      "arn:aws:s3:::${aws_s3_bucket.b.id}/*",
+      "arn:aws:s3:::${aws_s3_bucket.b.id}"
+      ]
+    }
+  ]
+}
+EOF
+}
+
+# Our default security group to access
+# the instances over SSH and HTTP
+resource "aws_security_group" "default" {
+  name        = "artifactory_sg"
+  description = "Used in the terraform"
+  vpc_id      = "${aws_vpc.default.id}"
+
+  # SSH access from anywhere
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  # HTTP access from the VPC
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  # HTTPS access from the VPC
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  # HTTPS access from the VPC
+  ingress {
+    from_port   = 10001
+    to_port     = 10001
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  # HTTP access from the VPC
+  ingress {
+    from_port   = 8081
+    to_port     = 8081
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  # outbound internet access
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+#RDS Security Group
+resource "aws_security_group" "main_db_access" {
+  description = "Allow access to the database"
+  vpc_id      = "${aws_vpc.default.id}"
+}
+
+resource "aws_security_group_rule" "allow_db_access" {
+  type = "ingress"
+
+  from_port   = "3306"
+  to_port     = "3306"
+  protocol    = "tcp"
+  cidr_blocks = ["0.0.0.0/0"]
+
+  security_group_id = "${aws_security_group.main_db_access.id}"
+}
+
+resource "aws_security_group_rule" "allow_all_outbound" {
+  type = "egress"
+
+  from_port   = 0
+  to_port     = 0
+  protocol    = "-1"
+  cidr_blocks = ["0.0.0.0/0"]
+
+  security_group_id = "${aws_security_group.main_db_access.id}"
+}
+
+resource "aws_db_subnet_group" "main_db_subnet_group" {
+  name        = "db-subnetgrp"
+  description = "RDS subnet group"
+  subnet_ids  = ["${aws_subnet.default.id}","${aws_subnet.default_2.id}","${aws_subnet.default_3.id}"]
+
+}
+
+#RDS to for Artifactory
+resource "aws_db_instance" "default" {
+  allocated_storage    = "${var.db_allocated_storage}"
+  storage_type         = "gp2"
+  engine               = "mysql"
+  engine_version       = "5.5"
+  instance_class       = "${var.db_instance_class}"
+  name                 = "${var.db_name}"
+  username             = "${var.db_user}"
+  password             = "${var.db_password}"
+  multi_az             = "false"
+  vpc_security_group_ids   = ["${aws_security_group.main_db_access.id}"]
+  skip_final_snapshot  = "true"
+  db_subnet_group_name = "${aws_db_subnet_group.main_db_subnet_group.name}"
+}
+
+resource "aws_elb" "web" {
+  name = "artifactory-elb"
+
+  subnets         = ["${aws_subnet.default_2.id}","${aws_subnet.default_3.id}"]
+  security_groups = ["${aws_security_group.elb.id}"]
+
+  listener {
+    instance_port     = 80
+    instance_protocol = "http"
+    lb_port           = 80
+    lb_protocol       = "http"
+  }
+
+  listener {
+    instance_port     = 443
+    instance_protocol = "tcp"
+    lb_port           = 443
+    lb_protocol       = "tcp"
+  }
+
+  health_check {
+     healthy_threshold   = 3
+     unhealthy_threshold = 3
+     timeout             = 15
+     target              = "HTTP:80/artifactory/webapp/#/login"
+     interval            = 30
+   }
+}
+
+resource "aws_cloudformation_stack" "autoscaling_group" {
+  name = "artifactory-asg"
+  template_body = <<EOF
+{
+  "Resources": {
+    "MyAsg": {
+      "Type": "AWS::AutoScaling::AutoScalingGroup",
+      "Properties": {
+        "AvailabilityZones": ["${aws_subnet.default_2.availability_zone}","${aws_subnet.default_3.availability_zone}"],
+        "VPCZoneIdentifier": ["${aws_subnet.default_2.id}","${aws_subnet.default_3.id}"],
+        "LaunchConfigurationName": "${aws_launch_configuration.master.name}",
+        "MaxSize": "2",
+        "MinSize": "1",
+        "DesiredCapacity": "1",
+        "LoadBalancerNames": ["${aws_elb.web.name}"],
+        "HealthCheckType": "ELB",
+        "HealthCheckGracePeriod" : "480"
+      },
+      "UpdatePolicy": {
+        "AutoScalingRollingUpdate": {
+          "MinInstancesInService": "0",
+          "MaxBatchSize": "1",
+          "PauseTime": "PT7M"
+        }
+      }
+    }
+  },
+  "Outputs": {
+    "AsgName": {
+      "Description": "The name of the auto scaling group",
+       "Value": {"Ref": "MyAsg"}
+    }
+  }
+}
+EOF
+}
+
+resource "aws_autoscaling_policy" "my_policy" {
+  name = "my-policy"
+  scaling_adjustment = 1
+  adjustment_type = "ChangeInCapacity"
+  cooldown = 300
+  autoscaling_group_name = "${aws_cloudformation_stack.autoscaling_group.outputs["AsgName"]}"
+}
+
+resource "aws_cloudformation_stack" "autoscaling_group_secondary" {
+  name = "artifactory-secondary-asg"
+  template_body = <<EOF
+{
+  "Resources": {
+    "MySecondaryAsg": {
+      "Type": "AWS::AutoScaling::AutoScalingGroup",
+      "Properties": {
+        "AvailabilityZones": ["${aws_subnet.default_2.availability_zone}","${aws_subnet.default_3.availability_zone}"],
+        "VPCZoneIdentifier": ["${aws_subnet.default_2.id}","${aws_subnet.default_3.id}"],
+        "LaunchConfigurationName": "${aws_launch_configuration.secondary.name}",
+        "MaxSize": "9",
+        "MinSize": "0",
+        "DesiredCapacity": "${var.secondary_node_count}",
+        "LoadBalancerNames": ["${aws_elb.web.name}"],
+        "HealthCheckType": "ELB",
+        "HealthCheckGracePeriod" : "480"
+      },
+      "UpdatePolicy": {
+        "AutoScalingRollingUpdate": {
+          "MinInstancesInService": "1",
+          "MaxBatchSize": "1",
+          "PauseTime": "PT7M"
+        }
+      }
+    }
+  },
+  "Outputs": {
+    "SecondaryAsgName": {
+      "Description": "The name of the auto scaling group",
+       "Value": {"Ref": "MySecondaryAsg"}
+    }
+  }
+}
+EOF
+}
+
+resource "aws_autoscaling_policy" "my_secondary_policy" {
+  name = "my-secondary-policy"
+  scaling_adjustment = 1
+  adjustment_type = "ChangeInCapacity"
+  cooldown = 300
+  autoscaling_group_name = "${aws_cloudformation_stack.autoscaling_group_secondary.outputs["SecondaryAsgName"]}"
+}
+
+
+resource "aws_launch_configuration" "master" {
+    image_id = "${lookup(var.aws_amis, var.aws_region)}"
+
+    instance_type = "${var.artifactory_instance_type}"
+
+    # The name of our SSH keypair we created above.
+    key_name = "${var.key_name}"
+
+    security_groups = ["${aws_security_group.default.id}"]
+
+    associate_public_ip_address = true
+
+    user_data = "${template_file.init.rendered}"
+
+    root_block_device {
+        volume_type = "gp2"
+        volume_size = "${var.volume_size}"
+        delete_on_termination = true
+    }
+
+    lifecycle {
+      create_before_destroy = true
+    }
+}
+
+resource "template_file" "init" {
+  template = "${file("userdata.sh")}"
+
+  vars = {
+    s3_bucket_name = "${aws_s3_bucket.b.id}"
+    s3_bucket_region = "${aws_s3_bucket.b.region}"
+    s3_access_key = "${aws_iam_access_key.s3.id}"
+    s3_secret_key = "${aws_iam_access_key.s3.secret}"
+    db_url = "${aws_db_instance.default.endpoint}"
+    db_name = "${aws_db_instance.default.name}"
+    db_user = "${aws_db_instance.default.username}"
+    db_password = "${aws_db_instance.default.password}"
+    master_key = "${var.master_key}"
+    artifactory_version = "${var.artifactory_version}"
+    artifactory_license_1 = "${var.artifactory_license_1}"
+    artifactory_license_2 = "${var.artifactory_license_2}"
+    artifactory_license_3 = "${var.artifactory_license_3}"
+    artifactory_license_4 = "${var.artifactory_license_4}"
+    artifactory_license_5 = "${var.artifactory_license_5}"
+    ssl_certificate = "${var.ssl_certificate}"
+    ssl_certificate_key = "${var.ssl_certificate_key}"
+    certificate_domain = "${var.certificate_domain}"
+    artifactory_server_name = "${var.artifactory_server_name}"
+    EXTRA_JAVA_OPTS = "${var.extra_java_options}"
+  }
+}
+
+resource "aws_launch_configuration" "secondary" {
+  image_id = "${lookup(var.aws_amis, var.aws_region)}"
+
+  instance_type = "${var.artifactory_instance_type}"
+
+  # The name of our SSH keypair we created above.
+  key_name = "${var.key_name}"
+
+  security_groups = ["${aws_security_group.default.id}"]
+
+  associate_public_ip_address = true
+
+  user_data = "${template_file.secondary_init.rendered}"
+
+  root_block_device {
+    volume_type = "gp2"
+    volume_size = "${var.volume_size}"
+    delete_on_termination = true
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "template_file" "secondary_init" {
+  template = "${file("userdata_secondary.sh")}"
+
+  vars = {
+    s3_bucket_name = "${aws_s3_bucket.b.id}"
+    s3_bucket_region = "${aws_s3_bucket.b.region}"
+    s3_access_key = "${aws_iam_access_key.s3.id}"
+    s3_secret_key = "${aws_iam_access_key.s3.secret}"
+    db_url = "${aws_db_instance.default.endpoint}"
+    db_name = "${aws_db_instance.default.name}"
+    db_user = "${aws_db_instance.default.username}"
+    db_password = "${aws_db_instance.default.password}"
+    master_key = "${var.master_key}"
+    artifactory_version = "${var.artifactory_version}"
+    artifactory_license_1 = "${var.artifactory_license_1}"
+    artifactory_license_2 = "${var.artifactory_license_2}"
+    artifactory_license_3 = "${var.artifactory_license_3}"
+    artifactory_license_4 = "${var.artifactory_license_4}"
+    artifactory_license_5 = "${var.artifactory_license_5}"
+    ssl_certificate = "${var.ssl_certificate}"
+    ssl_certificate_key = "${var.ssl_certificate_key}"
+    certificate_domain = "${var.certificate_domain}"
+    artifactory_server_name = "${var.artifactory_server_name}"
+    EXTRA_JAVA_OPTS = "${var.extra_java_options}"
+  }
+}

Terraform/output.tf

@@ -0,0 +1,3 @@
+output "address" {
+  value = "${aws_elb.web.dns_name}"
+}

Terraform/userdata.sh

@@ -0,0 +1,168 @@
+#!/bin/bash
+
+yum update -y
+yum install -y java-1.8.0>> /tmp/yum-java8.log
+alternatives --set java /usr/lib/jvm/jre-1.8.0-openjdk.x86_64/bin/java
+yum -y remove java-1.7.0-openjdk>> /tmp/yum-java7.log 2>&1
+
+##Install Artifactory
+wget https://bintray.com/jfrog/artifactory-pro-rpms/rpm -O bintray-jfrog-artifactory-pro-rpms.repo
+mv bintray-jfrog-artifactory-pro-rpms.repo /etc/yum.repos.d/
+sleep 10
+yum install -y jfrog-artifactory-pro-${artifactory_version}>> /tmp/yum-artifactory.log 2>&1
+yum install -y nginx>> /tmp/yum-nginx.log 2>&1
+curl -L -o  /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.38.jar https://bintray.com/artifact/download/bintray/jcenter/mysql/mysql-connector-java/5.1.38/mysql-connector-java-5.1.38.jar
+openssl req -nodes -x509 -newkey rsa:4096 -keyout /etc/pki/tls/private/example.key -out /etc/pki/tls/certs/example.pem -days 356 -subj "/C=US/ST=California/L=SantaClara/O=IT/CN=*.localhost"
+
+cat <<EOF >/var/opt/jfrog/artifactory/etc/binarystore.xml
+<config version="2">
+    <chain> <!--template="cluster-s3"-->
+        <provider id="cache-fs-eventual-s3" type="cache-fs">
+            <provider id="sharding-cluster-eventual-s3" type="sharding-cluster">
+                <sub-provider id="eventual-cluster-s3" type="eventual-cluster">
+                    <provider id="retry-s3" type="retry">
+                        <provider id="s3" type="s3"/>
+                    </provider>
+                </sub-provider>
+                <dynamic-provider id="remote-s3" type="remote"/>
+            </provider>
+        </provider>
+    </chain>
+
+    <provider id="sharding-cluster-eventual-s3" type="sharding-cluster">
+        <readBehavior>crossNetworkStrategy</readBehavior>
+        <writeBehavior>crossNetworkStrategy</writeBehavior>
+        <redundancy>2</redundancy>
+        <property name="zones" value="local,remote"/>
+    </provider>
+
+    <provider id="remote-s3" type="remote">
+        <zone>remote</zone>
+    </provider>
+
+    <provider id="eventual-cluster-s3" type="eventual-cluster">
+        <zone>local</zone>
+    </provider>
+    <provider id="s3" type="s3">
+       <endpoint>s3.dualstack.${s3_bucket_region}.amazonaws.com</endpoint>
+       <identity>${s3_access_key}</identity>
+       <credential>${s3_secret_key}</credential>
+       <bucketName>${s3_bucket_name}</bucketName>
+    </provider>
+</config>
+EOF
+
+cat <<EOF >/var/opt/jfrog/artifactory/etc/db.properties
+  type=mysql
+  driver=com.mysql.jdbc.Driver
+  url=jdbc:mysql://${db_url}/${db_name}??characterEncoding=UTF-8&elideSetAutoCommits=true
+  username=${db_user}
+  password=${db_password}
+EOF
+
+mkdir -p /var/opt/jfrog/artifactory/etc/security
+
+cat <<EOF >/var/opt/jfrog/artifactory/etc/security/master.key
+${master_key}
+EOF
+
+cat <<EOF >/var/opt/jfrog/artifactory/etc/artifactory.cluster.license
+${artifactory_license_1}
+
+${artifactory_license_2}
+
+${artifactory_license_3}
+
+${artifactory_license_4}
+
+${artifactory_license_5}
+EOF
+
+cat <<EOF >/var/opt/jfrog/artifactory/etc/ha-node.properties
+  node.id=art1
+  artifactory.ha.data.dir=/var/opt/jfrog/artifactory/data
+  context.url=http://127.0.0.1:8081/artifactory
+  membership.port=10001
+  hazelcast.interface=172.25.0.3
+  primary=true
+EOF
+
+cat <<EOF >/etc/pki/tls/certs/result.pem
+${ssl_certificate}
+EOF
+
+cat <<EOF >/etc/pki/tls/private/result.key
+${ssl_certificate_key}
+EOF
+
+cat <<EOF >/etc/nginx/nginx.conf
+  #user  nobody;
+  worker_processes  1;
+  error_log  /var/log/nginx/error.log  info;
+  #pid        logs/nginx.pid;
+  events {
+    worker_connections  1024;
+  }
+
+  http {
+    include       mime.types;
+    include    /etc/nginx/conf.d/*.conf;
+    default_type  application/octet-stream;
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+    '$status $body_bytes_sent "$http_referer" '
+    '"$http_user_agent" "$http_x_forwarded_for"';
+    access_log  /var/log/nginx/access.log  main;
+    sendfile        on;
+    #tcp_nopush     on;
+    #keepalive_timeout  0;
+    keepalive_timeout  65;
+    }
+EOF
+
+cat <<EOF >/etc/nginx/conf.d/artifactory.conf
+ssl_certificate      /etc/pki/tls/certs/cert.pem;
+ssl_certificate_key  /etc/pki/tls/private/cert.key;
+ssl_session_cache shared:SSL:1m;
+ssl_prefer_server_ciphers   on;
+## server configuration
+server {
+  listen 443 ssl;
+  listen 80 ;
+  server_name ~(?<repo>.+)\\.${certificate_domain} ${artifactory_server_name}.${certificate_domain};
+  if (\$http_x_forwarded_proto = '') {
+    set \$http_x_forwarded_proto  \$scheme;
+  }
+  ## Application specific logs
+  ## access_log /var/log/nginx/artifactory-access.log timing;
+  ## error_log /var/log/nginx/artifactory-error.log;
+  rewrite ^/$ /artifactory/webapp/ redirect;
+  rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect;
+  rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/\$repo/\$1/\$2;
+  chunked_transfer_encoding on;
+  client_max_body_size 0;
+  location /artifactory/ {
+    proxy_read_timeout  900;
+    proxy_pass_header   Server;
+    proxy_cookie_path   ~*^/.* /;
+    proxy_pass          http://127.0.0.1:8081/artifactory/;
+    proxy_set_header    X-Artifactory-Override-Base-Url \$http_x_forwarded_proto://\$host:\$server_port/artifactory;
+    proxy_set_header    X-Forwarded-Port  \$server_port;
+    proxy_set_header    X-Forwarded-Proto \$http_x_forwarded_proto;
+    proxy_set_header    Host              \$http_host;
+    proxy_set_header    X-Forwarded-For   \$proxy_add_x_forwarded_for;
+   }
+}
+EOF
+
+cat /etc/pki/tls/certs/result.pem | sed 's/CERTIFICATE----- /CERTIFICATE-----\n/g' | sed 's/-----END/\n-----END/' > temp.pem
+mv -f temp.pem /etc/pki/tls/certs/cert.pem
+cat /etc/pki/tls/private/result.key | sed 's/KEY----- /KEY-----\n/g' | sed 's/-----END/\n-----END/'  > temp.key
+mv -f temp.key /etc/pki/tls/private/cert.key
+echo "artifactory.ping.allowUnauthenticated=true" >> /var/opt/jfrog/artifactory/etc/artifactory.system.properties
+echo "export JAVA_OPTIONS=\"${EXTRA_JAVA_OPTS}\"" >> /var/opt/jfrog/artifactory/etc/default
+sed -i -e "s/art1/art-$(date +%s$RANDOM)/" /var/opt/jfrog/artifactory/etc/ha-node.properties
+sed -i -e "s/127.0.0.1/$(curl http://169.254.169.254/latest/meta-data/public-ipv4)/" /var/opt/jfrog/artifactory/etc/ha-node.properties
+sed -i -e "s/172.25.0.3/$(curl http://169.254.169.254/latest/meta-data/local-ipv4)/" /var/opt/jfrog/artifactory/etc/ha-node.properties
+chown artifactory:artifactory -R /var/opt/jfrog/artifactory/etc/*  && chown artifactory:artifactory -R /var/opt/jfrog/artifactory/*  && chown artifactory:artifactory -R /var/opt/jfrog/artifactory/etc/security
+service artifactory start
+service nginx start

Terraform/userdata_secondary.sh

@@ -0,0 +1,172 @@
+#!/bin/bash
+
+yum update -y
+yum install -y java-1.8.0>> /tmp/yum-java8.log
+alternatives --set java /usr/lib/jvm/jre-1.8.0-openjdk.x86_64/bin/java
+yum -y remove java-1.7.0-openjdk>> /tmp/yum-java7.log 2>&1
+
+##Install Artifactory
+wget https://bintray.com/jfrog/artifactory-pro-rpms/rpm -O bintray-jfrog-artifactory-pro-rpms.repo
+mv bintray-jfrog-artifactory-pro-rpms.repo /etc/yum.repos.d/
+sleep 10
+yum install -y jfrog-artifactory-pro-${artifactory_version}>> /tmp/yum-artifactory.log 2>&1
+yum install -y nginx>> /tmp/yum-nginx.log 2>&1
+curl -L -o  /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.38.jar https://bintray.com/artifact/download/bintray/jcenter/mysql/mysql-connector-java/5.1.38/mysql-connector-java-5.1.38.jar
+openssl req -nodes -x509 -newkey rsa:4096 -keyout /etc/pki/tls/private/example.key -out /etc/pki/tls/certs/example.pem -days 356 -subj "/C=US/ST=California/L=SantaClara/O=IT/CN=*.localhost"
+
+
+cat <<EOF >/var/opt/jfrog/artifactory/etc/binarystore.xml
+<config version="2">
+    <chain> <!--template="cluster-s3"-->
+        <provider id="cache-fs-eventual-s3" type="cache-fs">
+            <provider id="sharding-cluster-eventual-s3" type="sharding-cluster">
+                <sub-provider id="eventual-cluster-s3" type="eventual-cluster">
+                    <provider id="retry-s3" type="retry">
+                        <provider id="s3" type="s3"/>
+                    </provider>
+                </sub-provider>
+                <dynamic-provider id="remote-s3" type="remote"/>
+            </provider>
+        </provider>
+    </chain>
+
+    <provider id="sharding-cluster-eventual-s3" type="sharding-cluster">
+        <readBehavior>crossNetworkStrategy</readBehavior>
+        <writeBehavior>crossNetworkStrategy</writeBehavior>
+        <redundancy>2</redundancy>
+        <property name="zones" value="local,remote"/>
+    </provider>
+
+    <provider id="remote-s3" type="remote">
+        <zone>remote</zone>
+    </provider>
+
+    <provider id="eventual-cluster-s3" type="eventual-cluster">
+        <zone>local</zone>
+    </provider>
+    <provider id="s3" type="s3">
+       <endpoint>s3.dualstack.${s3_bucket_region}.amazonaws.com</endpoint>
+       <identity>${s3_access_key}</identity>
+       <credential>${s3_secret_key}</credential>
+       <bucketName>${s3_bucket_name}</bucketName>
+    </provider>
+</config>
+EOF
+
+cat <<EOF >/var/opt/jfrog/artifactory/etc/db.properties
+  type=mysql
+  driver=com.mysql.jdbc.Driver
+  url=jdbc:mysql://${db_url}/${db_name}??characterEncoding=UTF-8&elideSetAutoCommits=true
+  username=${db_user}
+  password=${db_password}
+EOF
+
+mkdir -p /var/opt/jfrog/artifactory/etc/security
+
+cat <<EOF >/var/opt/jfrog/artifactory/etc/security/master.key
+${master_key}
+EOF
+
+cat <<EOF >/var/opt/jfrog/artifactory/etc/artifactory.cluster.license
+${artifactory_license_1}
+
+${artifactory_license_2}
+
+${artifactory_license_3}
+
+${artifactory_license_4}
+
+${artifactory_license_5}
+EOF
+
+cat <<EOF >/var/opt/jfrog/artifactory/etc/ha-node.properties
+  node.id=art1
+  artifactory.ha.data.dir=/var/opt/jfrog/artifactory/data
+  context.url=http://127.0.0.1:8081/artifactory
+  membership.port=10001
+  hazelcast.interface=172.25.0.3
+  primary=false
+EOF
+
+cat <<EOF >/etc/pki/tls/certs/result.pem
+${ssl_certificate}
+EOF
+
+cat <<EOF >/etc/pki/tls/private/result.key
+${ssl_certificate_key}
+EOF
+
+cat <<EOF >/etc/nginx/nginx.conf
+  #user  nobody;
+  worker_processes  1;
+  error_log  /var/log/nginx/error.log  info;
+  #pid        logs/nginx.pid;
+  events {
+    worker_connections  1024;
+  }
+
+  http {
+    include       mime.types;
+    include    /etc/nginx/conf.d/*.conf;
+    default_type  application/octet-stream;
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+    '$status $body_bytes_sent "$http_referer" '
+    '"$http_user_agent" "$http_x_forwarded_for"';
+    access_log  /var/log/nginx/access.log  main;
+    sendfile        on;
+    #tcp_nopush     on;
+    #keepalive_timeout  0;
+    keepalive_timeout  65;
+    }
+EOF
+
+cat <<EOF >/etc/nginx/conf.d/artifactory.conf
+ssl_certificate      /etc/pki/tls/certs/cert.pem;
+ssl_certificate_key  /etc/pki/tls/private/cert.key;
+ssl_session_cache shared:SSL:1m;
+ssl_prefer_server_ciphers   on;
+## server configuration
+server {
+  listen 443 ssl;
+  listen 80 ;
+  server_name ~(?<repo>.+)\\.${certificate_domain} ${artifactory_server_name}.${certificate_domain};
+  if (\$http_x_forwarded_proto = '') {
+    set \$http_x_forwarded_proto  \$scheme;
+  }
+  ## Application specific logs
+  ## access_log /var/log/nginx/artifactory-access.log timing;
+  ## error_log /var/log/nginx/artifactory-error.log;
+  rewrite ^/$ /artifactory/webapp/ redirect;
+  rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect;
+  rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/\$repo/\$1/\$2;
+  chunked_transfer_encoding on;
+  client_max_body_size 0;
+  location /artifactory/ {
+    proxy_read_timeout  900;
+    proxy_pass_header   Server;
+    proxy_cookie_path   ~*^/.* /;
+    proxy_pass          http://127.0.0.1:8081/artifactory/;
+    proxy_set_header    X-Artifactory-Override-Base-Url \$http_x_forwarded_proto://\$host:\$server_port/artifactory;
+    proxy_set_header    X-Forwarded-Port  \$server_port;
+    proxy_set_header    X-Forwarded-Proto \$http_x_forwarded_proto;
+    proxy_set_header    Host              \$http_host;
+    proxy_set_header    X-Forwarded-For   \$proxy_add_x_forwarded_for;
+   }
+}
+EOF
+
+cat /etc/pki/tls/certs/result.pem | sed 's/CERTIFICATE----- /CERTIFICATE-----\n/g' | sed 's/-----END/\n-----END/' > temp.pem
+mv -f temp.pem /etc/pki/tls/certs/cert.pem
+cat /etc/pki/tls/private/result.key | sed 's/KEY----- /KEY-----\n/g' | sed 's/-----END/\n-----END/'  > temp.key
+mv -f temp.key /etc/pki/tls/private/cert.key
+echo "artifactory.ping.allowUnauthenticated=true" >> /var/opt/jfrog/artifactory/etc/artifactory.system.properties
+echo "export JAVA_OPTIONS=\"${EXTRA_JAVA_OPTS}\"" >> /var/opt/jfrog/artifactory/etc/default
+sed -i -e "s/art1/art-$(date +%s$RANDOM)/" /var/opt/jfrog/artifactory/etc/ha-node.properties
+sed -i -e "s/127.0.0.1/$(curl http://169.254.169.254/latest/meta-data/public-ipv4)/" /var/opt/jfrog/artifactory/etc/ha-node.properties
+sed -i -e "s/172.25.0.3/$(curl http://169.254.169.254/latest/meta-data/local-ipv4)/" /var/opt/jfrog/artifactory/etc/ha-node.properties
+chown artifactory:artifactory -R /var/opt/jfrog/artifactory/etc/* && chown artifactory:artifactory -R /var/opt/jfrog/artifactory/*  && chown artifactory:artifactory -R /var/opt/jfrog/artifactory/etc/security
+
+## Sleep 2 minute to avoid race condition
+sleep 120
+service artifactory start
+service nginx start

Terraform/variables.tf

@@ -0,0 +1,133 @@
+variable "aws_region" {
+  description = "AWS region to launch servers."
+  default     = "us-west-1"
+}
+
+variable "key_name" {
+  description = "Desired name of AWS key pair"
+}
+
+variable "artifactory_version" {
+  description = "Artifactory version to deploy"
+  default     = "5.8.1"
+}
+
+variable "artifactory_license_1" {
+  description = "Artifactory Enterprise License"
+}
+
+variable "artifactory_license_2" {
+  description = "Artifactory Enterprise License"
+}
+
+variable "artifactory_license_3" {
+  description = "Artifactory Enterprise License"
+  default = ""
+}
+
+variable "artifactory_license_4" {
+  description = "Artifactory Enterprise License"
+  default = ""
+}
+
+variable "artifactory_license_5" {
+  description = "Artifactory Enterprise License"
+  default = ""
+}
+
+variable "volume_size" {
+  description = "Disk size for each EC2 instances"
+  default     = 250
+}
+
+variable "artifactory_instance_type" {
+  default = "m4.xlarge"
+  description = "Artifactory EC2 instance type"
+}
+
+variable "extra_java_options" {
+  default = "-server -Xms2g -Xmx14g -Xss256k -XX:+UseG1GC -XX:OnOutOfMemoryError=\\\\\\\"kill -9 %p\\\\\\\""
+  description = "Setting Java Memory Parameters for Artifactory"
+}
+
+variable "bucket_name" {
+  description = "AWS S3 Buket name"
+  default     = "artifactory-enterprise-bucket"
+}
+
+variable "db_name" {
+  description = "MySQL database name"
+  default = "artdb"
+}
+
+variable "db_user" {
+  description = "Database user name"
+  default     = "artifactory"
+}
+
+variable "db_instance_class" {
+  description = "The database instance type"
+  default = "db.t2.small"
+}
+
+variable "db_password" {
+  description = "Database password"
+  default     = "password"
+}
+
+variable "db_allocated_storage" {
+  description = "The size of the database (Gb)"
+  default = "5"
+}
+
+variable "master_key" {
+  description = "Master key for Artifactory cluster. Generate master.key using command '$openssl rand -hex 16'"
+  default = "35767fa0164bac66b6cccb8880babefb"
+}
+
+variable "secondary_node_count" {
+  description = "Desired number of Artifactory secondary nodes"
+  default     = 0
+}
+
+variable "ssl_certificate" {
+  description = "To use Artifactory as docker registry you need to provide wild card valid Certificate. Provide your SSL Certificate."
+  default = "-----BEGIN CERTIFICATE----- MIIFhzCCA2+gAwIBAgIJALC4r5BQWZE4MA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRMwEQYDVQQHDApTYW50YUNsYXJh MQswCQYDVQQKDAJJVDEUMBIGA1UEAwwLKi5sb2NhbGhvc3QwHhcNMTgwMTE3MTk0 NjI4WhcNMTkwMTA4MTk0NjI4WjBaMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2Fs aWZvcm5pYTETMBEGA1UEBwwKU2FudGFDbGFyYTELMAkGA1UECgwCSVQxFDASBgNV BAMMCyoubG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA 7KfOWDQlov8cMa8r/lcJqiWZaH9myQC74Vbe0HXsntQbcvljkjG2P7ebm5dd9Bzc sauNOJpbKf5AhFK1iwJUAkciGc1LR4k8wfWmQM3NPS8hrqrtH20zqNpdFRpNYjja JofwccPNm030GhhZkZ95TpruvmswMDwspl3jfqdcc/eiQsHcKyGnV2a+UAeoqe7J mHhmhRy1MLqAjF5U1GrUYUONA+22iRDJb4c9B91QoWvsnXpdA9NKV/mmA3/rIdx6 Ld2IPRdrIw2K5sAnXsh3bx2oCSvSfussf0x+4XDrnsaHVfjwvfNL8ECOuac2Oi/E WOp9528gOohpFAuwEt63Vl5p8/CC9m0HJDTZBKm2l5eD1kdPIj4PvP9Sn9CxGXKQ E1bxWoFxGX8EyRW0b0NK31N7b8JPZ1SoFNiB5amOMNLvR26a7cQrKumTuJeYK9Ja JaxhMXM7R0DA0Ev8ZG2xmyCygox+1KPSmJOIEpT70BFbj3rKLNqP22ET+zvPuh+2 DdgyrpHFeYkGWjMbWPjK7wJsD2zM8ccoJQfepPz8I4rT0JfrKAQgCGuGOggneaNJ KTVGNOFbj5AXdZ/Q+GvNommyRdq4J7EnqY6L+P25fo5qZ6UZ/iS0tPcvxgn0Fdhs pUPbQyQIDZyxZd3Q1lUIE38ol8P66mS2zbzf8EeOCoUCAwEAAaNQME4wHQYDVR0O BBYEFETAQM/5P7XJ8kevHFj6BPndQOFaMB8GA1UdIwQYMBaAFETAQM/5P7XJ8kev HFj6BPndQOFaMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAJ1TepKv LWYhFmVQcgZwZf/qt1a1cohzJSm6da9RCnnAWC7WC/U117bgSomtrH1v0OysHFhB zBBUeBqI7+OmzAX8dhj+roKkcnFUM/IwlK1eueIIA//CWvEf/o0XExilVS2yCc9d PTpOQBXwk9QinxK36kHdBiGxa7dW0JPnOEEmuMgGORKeLy4J6Ik8iSeFY1SZVcOI +6WWvoKciPlmIeccC+6YVmkeBwhP2o5r5w/UAaO2hSnGvmm4UIj/VJv4VQu7xTUp cIfFz5NtIr80DbqcyPiEMS2ETJ4L/kO4MS5FfeEXyQuXCzmiIDVY6tE3C7+kZmK4 JzPLuWm9ndQoyQySOGfQqvlUR1+YxUdvmu3LrOS5dOA354Q36wHa4wEGUoHU/7GV fYQmmmDSDaNSpXW5PFey6scFyDBS/yYJ0H9EjYb/11HeWYj8Yv5xTWj8nhzJONC8 D6Y5ydlU4PifM2pOf88pTYpmogNwLJWXbql5I9cvMa8APo4yLVqcISU5ynsvFke+ Non+T0mHpJai/hrA9NK+s6EGC1dAX58jy61h6FhOPI1d4s/mov/KMa2t3SfZp5SF 81aR6dHvO56teiK5M1xMkrqG75zh3TMFJJLRFe9XxeB4JeN76URB3mgADOUqkBxd ibSgVqfKwOw4IujEcqMUc5mqSnbLY1Dv+oby -----END CERTIFICATE-----"
+}
+
+variable "ssl_certificate_key" {
+  description = "Provide your SSL Certificate key"
+  default = "-----BEGIN PRIVATE KEY----- MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDsp85YNCWi/xwx ryv+VwmqJZlof2bJALvhVt7Qdeye1Bty+WOSMbY/t5ubl130HNyxq404mlsp/kCE UrWLAlQCRyIZzUtHiTzB9aZAzc09LyGuqu0fbTOo2l0VGk1iONomh/Bxw82bTfQa GFmRn3lOmu6+azAwPCymXeN+p1xz96JCwdwrIadXZr5QB6ip7smYeGaFHLUwuoCM XlTUatRhQ40D7baJEMlvhz0H3VCha+ydel0D00pX+aYDf+sh3Hot3Yg9F2sjDYrm wCdeyHdvHagJK9J+6yx/TH7hcOuexodV+PC980vwQI65pzY6L8RY6n3nbyA6iGkU C7AS3rdWXmnz8IL2bQckNNkEqbaXl4PWR08iPg+8/1Kf0LEZcpATVvFagXEZfwTJ FbRvQ0rfU3tvwk9nVKgU2IHlqY4w0u9HbprtxCsq6ZO4l5gr0lolrGExcztHQMDQ S/xkbbGbILKCjH7Uo9KYk4gSlPvQEVuPesos2o/bYRP7O8+6H7YN2DKukcV5iQZa MxtY+MrvAmwPbMzxxyglB96k/PwjitPQl+soBCAIa4Y6CCd5o0kpNUY04VuPkBd1 n9D4a82iabJF2rgnsSepjov4/bl+jmpnpRn+JLS09y/GCfQV2GylQ9tDJAgNnLFl 3dDWVQgTfyiXw/rqZLbNvN/wR44KhQIDAQABAoICAQDm1pAp7UPBCELCG/I3t0KQ GvjWu17RNcwN86SHhl92VcMolSaQ1bjF0h0Q2ccldHm5PHMWAUpnXcAk0mCO5Yh4 aFZVALEraCxBrZGrqJNH2Q9rxwJhIy2+yLD/Apb09iukZfkdnzaRBKrUQWgs6Xd0 OyAh0YBBrJCI/xAG3M0LuUMnBt3xnHQUhv2gJrhYeble5iJqOSRsEZ+OS/1G7aWX 8kI80MS6UguKpEndv/0EV7eHrHHKZ3Ee+z76Lu52Kw9qaaqYnJ0+pdkVV92PUM9f LXhY6cv7TP4sdbtVv8W1LEWakKaTQhySjwYpBXeZrjpB2QlSlEzFi4WjrfrjjSca UZazm/jY5uDI2cXf35NyZUkbYxIKlGtURtDpoPp5R7XguHSoqLrh2Zsc79mZfNST zFwbhNBVB2nAl6ZyIRNFLjVhQScvlImpIVSVZm5/NiiABIEaxRh8w8C5qRMctSTy KF6rS6as2KsPQHpiu/6nDMqqTZ8UMQ3yXEpai5VwAzKFP67usHheKf4RIXNUn7Xc JxWiI8KfOV5n4cSJK1/R+i+ZpWyQiloao4v7GS/fwZTsILeBLBa0utDmNs5aJgVK cEagRjVGAeAEc2W+jXmSqtZRHQowJmEKOARMn4lI+duziSCjIfPH6xIDAUhVlc/K u03432NupfPepW6BYVBgQQKCAQEA/+CD2uiRZgmzuEn/vn/u7jGFjETdUQmfl5kX pMTtueXyQxHBRwBCZqq885doozeQd7mLRcW+klngq1NmnEnjx+NfUzFJLpEmQO1/ AMHUpYpZY4jOyntx9cBy+M+DUfNtdsJUz+VOe3HO5/lJJf+gSgpVp2ku1oOrgEeH a71aGIXOsiOQ/fHL4Q0CuylersD5Dq4Tdf/u6rr4NbwOZQCQ9WH0uTckA9SkjJFu iHXblg8j9RUNbj89WPrEulKA98duFuLvGTeohcAPQ8f60Z7sxDLGLRyRvhUO4EBr hTTmcfI2LsPWSo+X+n6eBqfUfGZub2qN+d2B08qKgnGdgFEf6QKCAQEA7MTtAphl lswq4kPvDkPHMqJhmPBgb5NAUzE2Z8yjJY3IX6zxinSDnuMwEzCinKe7rzv6aYIh klviND/oyLOxVlLESZu62epokgIey05sv9a/030z7q5hradNzcMP1VfGVs6IeOvr 3Kit4T7LI1L2eXwD1Yks6uHHw8lHAlyrrlbwCEmzqElKs0YtkvNa4HFgesFNnObe f8C29LOPZMqje7iAT91823MGI9NML9qGYON/ZLc4uCB9no+o6ZOTQHqX1xxSWv5D 66KGiRnUC/RAq6RbTVn3NxFgvb3k0rejbQbxW5KCri1E4sTw+pZ5bIRUJcXi+J+Z Tg88lVbmqXfwPQKCAQEA94yShDr0UC+au/R7hCXpVnB6r5YAN+KDj/sAsNwE0hDx LIoE31gU5ZbRbylQhne/QNU1NK93C8gAYEAzyYiC4mPLWYUZNAAhbjdW47iirfUH PhChX6vGOOeTU7wPZD2J7ZdczjUelLcqYar/Zc/Fl1wgOfK86bRBO733+fgbLhZm PlnCcKx5fqVDuybu/0qaqeUn1sVgs59nezURCA5gL8YxKO973GjhOU2KDmNXqfnD 49wWPk7YXzldEpW3SACdNW8futnqJFwHaKAUvLBwh/BHYmV9atScq8AnRZxERoD6 govcyg3aDvJomC/OlvvSY+BGszHl5KzTDBg3NGlH4QKCAQA/71lU5xQfqVg3K0MF ZhYHPUP/iYFw/6FSFarsUp0Higa+lzPOQHI+WHjl5a8zgDO1OQwAq6wnGnq1w0A3 2hYcClOI0O2e5KaCLuJj4fSJxRKdqGR6okosG05uLqs63+3mCPVfOc3CEyaI+Wzf SArYeT2LzvP7JSbNXq+3GpEdjcpZYpWJ7uimCmBKGz7B9runykUMBme0tbRx1X72 J6YHxaWYa2XI2IGi8O7UyTyaMzR2XOeLCPMC+yYQlNIhijkwVCyE974dhhCwOvJA nB9Oeh5Rf+a6zw2BjyKYKBCQY1yPbrutDvpYBfhQoot9Wyph3NLScj5yjri8VvAI eSO9AoIBAQDyUx5YUgHgpoJtRZ+8PGQBZHm5L5HJhvfUs96I9Z4lZSXnCmEJyOWn LIob8c0n4hU1EXdbbl+7eRQgG3oGKyF0XXhuaP3vHprIBW6tm9kCGORTliZOaZdW 0Mj9GUv2de1r8anwJMFvIMXsuO08rsGzsIt7DrNYa0YSMkeDwPenRfDHXOYH2fjf RKjlP3fQr/iLL/YuMGaNxzIeyWPZ2WTUUC0bllNxMTZmztuMkPNb7fhhs0hLecXM fE2nbwUaGwMZaails1+5G3HvEAlChJ1GN9XnYxrtfqq93tYELWBiNcv1LaMAFvj8 S+j1+iUKGGhwVmhqh75q5do3+VF3XlAh -----END PRIVATE KEY-----"
+}
+
+variable "certificate_domain" {
+  description = "Provide your Certificate Domain Name. For e.g jfrog.team for certificate with *.jfrog.team"
+  default = "artifactory"
+}
+
+variable "artifactory_server_name" {
+  description = "Provide artifactory server name to be used in Nginx. e.g artifactory for artifactory.jfrog.team"
+  default = "artifactory"
+}
+
+variable "aws_amis" {
+  type = "map"
+  default = {
+    us-east-1 = "ami-6869aa05"
+    us-west-2 = "ami-7172b611"
+    us-west-1 = "ami-31490d51"
+    us-west-2 = "ami-7172b611"
+    eu-west-1 = "ami-f9dd458a"
+    eu-west-2 = "ami-886369ec"
+    eu-central-1 = "ami-ea26ce85"
+    ap-northeast-1 = "ami-374db956"
+    ap-northeast-2 = "ami-2b408b45"
+    ap-southeast-1 = "ami-a59b49c6"
+    ap-southeast-2 = "ami-dc361ebf"
+    ap-south-1 = "ami-ffbdd790"
+    us-east-2 = "ami-f6035893"
+    ca-central-1 ="ami-730ebd17"
+    sa-east-1 = "ami-6dd04501"
+    cn-north-1 = "ami-8e6aa0e3"
+  }
+}