zware/JFrog-Cloud-Installers
1
0
Fork 0
mirror of https://github.com/ZwareBear/JFrog-Cloud-Installers.git synced 2026-01-20 22:06:55 -06:00
Code Issues Packages Projects Releases Wiki Activity

restructured and added script to create aws containers

Browse Source
This commit is contained in:
Vinay Aggarwal
2020-03-26 07:13:32 -07:00
parent 75833a3d44
commit 67fd380371
49 changed files with 309 additions and 4690 deletions
Download Patch File Download Diff File Expand all files Collapse all files

173
Amazon/HelmInstall/README.md Executable file
View File

@@ -0,0 +1,173 @@
# JFrog Container Registry Helm Chart with external Database
JFrog Container Registry is a free Artifactory edition with Docker and Helm repositories support.
## Prerequisites Details
* Kubernetes 1.10+
* Helm
* A preinstalled Database
## Chart Details
This chart will do the following:
* Deploy JFrog Container Registry
* Deploy an optional Nginx server
* Connect to an external Database
* Optionally expose Artifactory with Ingress [Ingress documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/)
## Installing the Chart
### Add JFrog Helm repository
Before installing JFrog helm charts, you need to add the [JFrog helm repository](https://charts.jfrog.io/) to your helm client
```bash
helm repo add jfrog https://charts.jfrog.io
```
### Install Chart with external PostgreSQL DB
To install the chart with the release name `jfrog-container-registry`:
```bash
helm install
--name jfrog-container-registry \
--set artifactory.postgresql.enabled=false \
--set artifactory.database.type=postgresql \
--set artifactory.database.url='jdbc:postgresql://${DB_HOST}:${DB_PORT}/my-artifactory-db' \
--set artifactory.database.user=${DB_USER} \
--set artifactory.database.password=${DB_PASSWORD} \
jfrog/artifactory-jcr
```
**NOTE:** You must set `artifactory.postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored!
### Install Chart with external PostgreSQL DB
To install the chart with the release name `jfrog-container-registry`:
```bash
helm install
--name jfrog-container-registry \
--set artifactory.postgresql.enabled=false \
--set artifactory.database.type=postgresql \
--set artifactory.database.url='jdbc:postgresql://${DB_HOST}:${DB_PORT}/my-artifactory-db' \
--set artifactory.database.user=${DB_USER} \
--set artifactory.database.password=${DB_PASSWORD} \
jfrog/artifactory-jcr
```
**NOTE:** You must set `artifactory.postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored!
### Install Chart with external Other DB
There are cases where you will want to use a different database and not the enclosed **PostgreSQL**.
See more details on [configuring the database](https://www.jfrog.com/confluence/display/RTF/Configuring+the+Database)
> The official Artifactory Docker images include the PostgreSQL database driver.
> For other database types, you will have to add the relevant database driver to Artifactory's tomcat/lib
To install the chart with the release name `jfrog-container-registry`:
```bash
helm install
--name jfrog-container-registry \
--set artifactory.postgresql.enabled=false \
--set artifactory.artifactory.preStartCommand="wget -O /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" \
--set artifactory.database.type=mysql \
--set artifactory.database.host=${DB_HOST} \
--set artifactory.database.port=${DB_PORT} \
--set artifactory.database.user=${DB_USER} \
--set artifactory.database.password=${DB_PASSWORD} \
jfrog/artifactory-jcr
```
**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored!
### Accessing JFrog Container Registry
**NOTE:** If using artifactory or nginx service type `LoadBalancer`, it might take a few minutes for JFrog Container Registry's public IP to become available.
### Updating JFrog Container Registry
Once you have a new chart version, you can upgrade your deployment with
```bash
helm upgrade jfrog-container-registry jfrog/artifactory-jcr
```
### Deleting JFrog Container Registry
```bash
helm delete --purge jfrog-container-registry
```
This will delete your JFrog Container Registry deployment.<br>
**NOTE:** You might have left behind persistent volumes. You should explicitly delete them with
```bash
kubectl delete pvc ...
kubectl delete pv ...
```
## Database
The JFrog Container Registry chart comes with PostgreSQL deployed by default.<br>
For details on the PostgreSQL configuration or customising the database, Look at the options described in the [Artifactory helm chart](https://github.com/jfrog/charts/tree/master/stable/artifactory).
## Configuration
The following table lists the **basic** configurable parameters of the JFrog Container Registry chart and their default values.
**NOTE:** All supported parameters are documented in the main [artifactory helm chart](https://github.com/jfrog/charts/tree/master/stable/artifactory).
| Parameter | Description | Default |
|------------------------------------------------|-----------------------------------|---------------------------------------------------|
| `artifactory.artifactory.image.repository` | Container image | `docker.bintray.io/jfrog/artifactory-jcr` |
| `artifactory.artifactory.image.version` | Container tag | `.Chart.AppVersion` |
| `artifactory.artifactory.resources` | Artifactory container resources | `{}` |
| `artifactory.artifactory.javaOpts` | Artifactory Java options | `{}` |
| `artifactory.nginx.enabled` | Deploy nginx server | `true` |
| `artifactory.nginx.service.type` | Nginx service type | `LoadBalancer` |
| `artifactory.nginx.tlsSecretName` | TLS secret for Nginx pod | `` |
| `artifactory.ingress.enabled` | Enable Ingress (should come with `artifactory.nginx.enabled=false`) | `false` |
| `artifactory.ingress.tls` | Ingress TLS configuration (YAML) | `[]` |
| `artifactory.postgresql.enabled` | Use the Artifactory PostgreSQL sub chart | `true` |
| `artifactory.database` | Custom database configuration (if not using bundled PostgreSQL sub-chart) | |
| `postgresql.enabled` | Enable the Artifactory PostgreSQL sub chart | `true` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
### Ingress and TLS
To get Helm to create an ingress object with a hostname, add these two lines to your Helm command:
```bash
helm install --name artifactory \
--set artifactory.nginx.enabled=false \
--set artifactory.ingress.enabled=true \
--set artifactory.ingress.hosts[0]="artifactory.company.com" \
--set artifactory.artifactory.service.type=NodePort \
jfrog/artifactory-jcr
```
To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace:
```bash
kubectl create secret tls artifactory-tls --cert=path/to/tls.cert --key=path/to/tls.key
```
Include the secret's name, along with the desired hostnames, in the Artifactory Ingress TLS section of your custom `values.yaml` file:
```yaml
artifactory:
artifactory:
ingress:
## If true, Artifactory Ingress will be created
##
enabled: true
## Artifactory Ingress hostnames
## Must be provided if Ingress is enabled
##
hosts:
- jfrog-container-registry.domain.com
annotations:
kubernetes.io/tls-acme: "true"
## Artifactory Ingress TLS configuration
## Secrets must be manually created in the namespace
##
tls:
- secretName: artifactory-tls
hosts:
- jfrog-container-registry.domain.com
```
## Useful links
https://www.jfrog.com
https://www.jfrog.com/confluence/

46
Amazon/container/README.md Normal file
View File

@@ -0,0 +1,46 @@
# JFrog Container Registry for AWS Container Marketplace
JFrog Container Registry can be installed into either an ECS or EKS cluster.
### Prerequisites
* AWS account
* EKS or ECS cluster
#### Recommended requirements
* S3
* ELB/ALB
* RDS
* Valid SSL certificate
* EBS (for persistent storage)
### For testing only
To simply get up and running, you can try:
```docker run -d -p 8081:8081 <image-url>```
After this, you can access the UI at \<URL\>:8081. The default username is 'admin'. See 'Getting or setting initial password' to find out how to get the initial password.
### Getting or setting initial password
If no initial password is provided for the default user 'admin', one will be generated and saved to the container at '/var/opt/jfrog/artifactory/generated-pass.txt'.
You can print it out with a Docker command:
```docker exec -it <container-id> cat /var/opt/jfrog/artifactory/generated-pass.txt```
You can also set a default password by passing it as an environment variable (ARTIFACTORY_PASSWORD) during container creation:
```docker run -d -p 8081:8081 --env ARTIFACTORY-PASSWORD=<PASSWORD> <image-url>```
### For production
1. Set up an [RDS](https://aws.amazon.com/rds/) (PSQL is the preferred database)
2. Set up an [S3 bucket](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#create-bucket-intro)
3. Run the Docker image, pointing it to the RDS, S3 and to some persistent storage (EBS)
* See [S3 Binarystore Configuration](https://www.jfrog.com/confluence/display/JCR/Configuring+the+Filestore#ConfiguringtheFilestore-AmazonS3OfficialSDKTemplate) for more information
* See [Configuring the databse](https://www.jfrog.com/confluence/display/JCR/Configuring+the+Database) for more information
* See [Extra Configuration](https://www.jfrog.com/confluence/display/JCR/Installing+with+Docker#InstallingwithDocker-ExtraConfigurationDirectory) to learn how to pass this information to the Docker container
* Create a medium sized mount point (~50GB) on /var/opt/jfrog/artifactory. See [Managing Data Persistence](https://www.jfrog.com/confluence/display/JCR/Installing+with+Docker#InstallingwithDocker-ManagingDataPersistence)
4. Expose the service (running on port 8081) via a load balancer to port 443
* Docker requires a valid SSL certificate
5. Learn how to use your [JFrog Container Registry](https://www.jfrog.com/confluence/display/JCR/Overview)
* See 'Getting or setting initial password'

12
Amazon/containers/Dockerfile Executable file
View File

@@ -0,0 +1,12 @@
ARG UPSTREAM_IMAGE=docker.bintray.io/jfrog/artifactory-jcr
ARG UPSTREAM_TAG
FROM ${UPSTREAM_IMAGE}:${UPSTREAM_TAG}
USER root
# Copy security.xml
COPY ./security.xml /security_bootstrap/security.import.xml
RUN chown -R artifactory:artifactory /security_bootstrap
# Copy entrypoint script.
COPY ./entrypoint-artifactory.sh /entrypoint-artifactory.sh
COPY ./installer-info.json /artifactory_bootstrap/info/installer-info.json
RUN chmod 755 /entrypoint-artifactory.sh
USER artifactory

27
Amazon/containers/a.json Normal file
View File

@@ -0,0 +1,27 @@
{
"router": {
"node_id": "1dae71383ae3",
"state": "HEALTHY",
"message": "OK"
},
"services": [
{
"service_id": "jfac@01e49jb08bm7051xb2rp9k1ed8",
"node_id": "1dae71383ae3",
"state": "UNHEALTHY_PEER",
"message": "Service is healthy; there is at least one unhealthy service; there are missing services: jffe"
},
{
"service_id": "jfmd@01e49jbpqfhn39k8z3kyvqepzh",
"node_id": "1dae71383ae3",
"state": "UNHEALTHY_PEER",
"message": "Service is healthy; there is at least one unhealthy service; there are missing services: jffe"
},
{
"service_id": "jfrt@01e49jcq7t96ag11tq25h60759",
"node_id": "1dae71383ae3",
"state": "UNHEALTHY",
"message": "unexpected response status code: 503"
}
]
}

90
Amazon/containers/buildAwsContainers.sh Executable file
View File

@@ -0,0 +1,90 @@
#!/usr/bin/env bash
VERSION=$1
EDITIONS=( artifactory-pro artifactory-jcr )
#EDITIONS=( artifactory-jcr )
#EDITIONS=( artifactory-pro )
#for loop start: editoins
for EDITION in "${EDITIONS[@]}"
do
UPSTREAM_IMAGE_NAME=docker.bintray.io/jfrog/$EDITION
BUILD_IMAGE_NAME=partnership-public-images.jfrog.io/aws/$EDITION
ARTIFACTORY_PASSWORD=corona1831
# Logic starts here
if [ -z "$VERSION" ]
then
echo "No version passed in. Build failed."
echo "usage: buildAwsContainers <vesion> <edition>"
echo "example: buildAwsContainers artifactory-pro 7.2.1 "
exit -1
fi
# Extract and modify the entrypoint to run out custom code for first-time password
docker pull $UPSTREAM_IMAGE_NAME:$VERSION
docker run -d --rm --name tmp-docker $UPSTREAM_IMAGE_NAME:$VERSION
docker cp tmp-docker:/entrypoint-artifactory.sh original-entrypoint.sh
docker rm -f tmp-docker
perl -pe 's/^addExtraJavaArgs$/`cat extra_conf`/ge' original-entrypoint.sh > entrypoint-artifactory.sh
#Create installer-info file
if [ "$EDITION" == "artifactory-pro" ]
then
cat <<EOF > installer-info.json
{
"productId": "CloudFormation_artifactory-ha/$VERSION",
"features": [
{
"featureId": "Partner/ACC-006973"
}
]
}
EOF
else
cat <<EOF > installer-info.json
{
"productId": "CloudFormation_artifactory-jcr/$VERSION",
"features": [
{
"featureId": "Partner/ACC-006973"
}
]
}
EOF
fi
cat installer-info.json
# Create the new docker image
docker build --no-cache --build-arg UPSTREAM_TAG=$VERSION -t $BUILD_IMAGE_NAME:$VERSION .
# Run minimal test
set -x
docker run --name test-new-image -d -e ARTIFACTORY_PASSWORD=$ARTIFACTORY_PASSWORD -p 8081:8081 -p 8082:8082 $BUILD_IMAGE_NAME:$VERSION
# Wait for it to come up
SUCCESS=false
for i in {1..30}
do
STATUS=$(curl -u admin:$ARTIFACTORY_PASSWORD http://localhost:8082/router/api/v1/system/health | jq .services[0].state)
if [ "$STATUS" == "\"HEALTHY\"" ]; then
echo "Build successful!"
SUCCESS=true
break
fi
echo "Container is not up yet, waiting 10 seconds..."
sleep 10
done
if [ "$SUCCESS" = true ] ; then
echo "Test Succeeded. Build succeeded."
docker push $BUILD_IMAGE_NAME:$VERSION
else
echo "Test failed. Build failed. Removing docker image"
fi
#clearnup
docker stop test-new-image
docker rm test-new-image
rm installer-info.json
#for loop endL: editions
done

72
Amazon/containers/entrypoint-artifactory.sh Normal file
View File

@@ -0,0 +1,72 @@
#!/bin/bash
#
# An entrypoint script for Artifactory to allow custom setup before server starts
#
: ${ARTIFACTORY_NAME:=artifactory}
JF_ARTIFACTORY_PID=${JF_PRODUCT_HOME}/app/run/${ARTIFACTORY_NAME}.pid
. ${JF_PRODUCT_HOME}/app/bin/installerCommon.sh
ARTIFACTORY_BIN_FOLDER=${JF_PRODUCT_HOME}/app/bin
sourceScript(){
local file=$1
[ ! -z "${file}" ] || errorExit "target file is not passed to source a file"
[ -f "${file}" ] || errorExit "${file} file is not found"
source "${file}" || errorExit "Unable to source ${file}, please check if the $USER user has permissions to perform this action"
}
initHelpers(){
local systemYamlHelper="${ARTIFACTORY_BIN_FOLDER}"/systemYamlHelper.sh
local installerCommon="${ARTIFACTORY_BIN_FOLDER}"/installerCommon.sh
local artCommon="${ARTIFACTORY_BIN_FOLDER}"/artifactoryCommon.sh
export YQ_PATH="${ARTIFACTORY_BIN_FOLDER}/../third-party/yq"
sourceScript "${systemYamlHelper}"
sourceScript "${installerCommon}"
sourceScript "${artCommon}"
export JF_SYSTEM_YAML="${JF_PRODUCT_HOME}/var/etc/system.yaml"
}
# Print on container startup information about Dockerfile location
printDockerFileLocation() {
logger "Dockerfile for this image can found inside the container."
logger "To view the Dockerfile: 'cat /docker/artifactory-pro/Dockerfile.artifactory'."
}
terminate () {
echo -e "\nTerminating Artifactory"
${JF_PRODUCT_HOME}/app/bin/artifactory.sh stop
}
# Catch Ctrl+C and other termination signals to try graceful shutdown
trap terminate SIGINT SIGTERM SIGHUP
logger "Preparing to run Artifactory in Docker"
logger "Running as $(id)"
printDockerFileLocation
initHelpers
# Wait for DB
# On slow systems, when working with docker-compose, the DB container might be up,
# but not ready to accept connections when Artifactory is already trying to access it.
waitForDB
[ $? -eq 0 ] || errorExit "Database failed to start in the given time"
# Run Artifactory as JF_ARTIFACTORY_USER user
exec ${JF_PRODUCT_HOME}/app/bin/artifactory.sh &
art_pid=$!
if [ -n "$JF_ARTIFACTORY_PID" ];
then
mkdir -p $(dirname "$JF_ARTIFACTORY_PID") || \
errorExit "Could not create dir for $JF_ARTIFACTORY_PID";
fi
echo "${art_pid}" > ${JF_ARTIFACTORY_PID}
wait ${art_pid}

18
Amazon/containers/extra_conf Executable file
View File

@@ -0,0 +1,18 @@
addExtraJavaArgs
setupFirstTimePass() {
# Create a unique password
if [ -z "$ARTIFACTORY_PASSWORD" ]; then
echo "INFO: Since ARTIFACTORY_PASSWORD environment is not set. We are generating our own random password."
ARTIFACTORY_PASSWORD=$(openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c 18)
echo "Generated ARTIFACTORY_PASSWORD is $ARTIFACTORY_PASSWORD"
echo $ARTIFACTORY_PASSWORD > /var/opt/jfrog/artifactory/generated-pass.txt
fi
SALTED_PASSWD=$(echo -n ${ARTIFACTORY_PASSWORD}{CAFEBABEEBABEFAC} | md5sum | cut -d ' ' -f1)
sed -i -e "s/<password></<password>$SALTED_PASSWD</g" /security_bootstrap/security.import.xml
cp /security_bootstrap/security.import.xml /var/opt/jfrog/artifactory/etc/artifactory/security/security.import.xml
}
# Set up first time password only on initial boot
if [[ ! -f "/var/opt/jfrog/artifactory/init.boot.done" ]]; then
touch /var/opt/jfrog/artifactory/init.boot.done
setupFirstTimePass
fi

72
Amazon/containers/original-entrypoint.sh Executable file
View File

@@ -0,0 +1,72 @@
#!/bin/bash
#
# An entrypoint script for Artifactory to allow custom setup before server starts
#
: ${ARTIFACTORY_NAME:=artifactory}
JF_ARTIFACTORY_PID=${JF_PRODUCT_HOME}/app/run/${ARTIFACTORY_NAME}.pid
. ${JF_PRODUCT_HOME}/app/bin/installerCommon.sh
ARTIFACTORY_BIN_FOLDER=${JF_PRODUCT_HOME}/app/bin
sourceScript(){
local file=$1
[ ! -z "${file}" ] || errorExit "target file is not passed to source a file"
[ -f "${file}" ] || errorExit "${file} file is not found"
source "${file}" || errorExit "Unable to source ${file}, please check if the $USER user has permissions to perform this action"
}
initHelpers(){
local systemYamlHelper="${ARTIFACTORY_BIN_FOLDER}"/systemYamlHelper.sh
local installerCommon="${ARTIFACTORY_BIN_FOLDER}"/installerCommon.sh
local artCommon="${ARTIFACTORY_BIN_FOLDER}"/artifactoryCommon.sh
export YQ_PATH="${ARTIFACTORY_BIN_FOLDER}/../third-party/yq"
sourceScript "${systemYamlHelper}"
sourceScript "${installerCommon}"
sourceScript "${artCommon}"
export JF_SYSTEM_YAML="${JF_PRODUCT_HOME}/var/etc/system.yaml"
}
# Print on container startup information about Dockerfile location
printDockerFileLocation() {
logger "Dockerfile for this image can found inside the container."
logger "To view the Dockerfile: 'cat /docker/artifactory-pro/Dockerfile.artifactory'."
}
terminate () {
echo -e "\nTerminating Artifactory"
${JF_PRODUCT_HOME}/app/bin/artifactory.sh stop
}
# Catch Ctrl+C and other termination signals to try graceful shutdown
trap terminate SIGINT SIGTERM SIGHUP
logger "Preparing to run Artifactory in Docker"
logger "Running as $(id)"
printDockerFileLocation
initHelpers
# Wait for DB
# On slow systems, when working with docker-compose, the DB container might be up,
# but not ready to accept connections when Artifactory is already trying to access it.
waitForDB
[ $? -eq 0 ] || errorExit "Database failed to start in the given time"
# Run Artifactory as JF_ARTIFACTORY_USER user
exec ${JF_PRODUCT_HOME}/app/bin/artifactory.sh &
art_pid=$!
if [ -n "$JF_ARTIFACTORY_PID" ];
then
mkdir -p $(dirname "$JF_ARTIFACTORY_PID") || \
errorExit "Could not create dir for $JF_ARTIFACTORY_PID";
fi
echo "${art_pid}" > ${JF_ARTIFACTORY_PID}
wait ${art_pid}

18
Amazon/containers/security.xml Executable file
View File

@@ -0,0 +1,18 @@
<security version="v8">
<users>
<user>
<username>admin</username>
<password></password>
<salt>CAFEBABEEBABEFAC</salt>
<admin>true</admin>
<enabled>true</enabled>
<updatableProfile>true</updatableProfile>
<accountNonExpired>true</accountNonExpired>
<credentialsNonExpired>true</credentialsNonExpired>
<accountNonLocked>true</accountNonLocked>
<realm>internal</realm>
<transientUser>false</transientUser>
<groups/>
</user>
</users>
</security>