From 8c40d2b2d123c588d0d8b8a8be8e1b2dd94127dc Mon Sep 17 00:00:00 2001 From: jefferyfry Date: Mon, 25 May 2020 18:09:56 -0700 Subject: [PATCH] Updated/added READMEs. Changes to playbooks. Added license file, system yaml file, binary story file support. --- Ansible/README.md | 35 +++++++++++++++++++ Ansible/collection/README.md | 3 ++ .../roles/artifactory/defaults/main.yml | 5 +-- .../ansible/roles/artifactory/tasks/main.yml | 29 +++++++++++++-- .../project/rt-xray-auto-keys/playbook.yml | 9 ++--- .../project/rt-xray-ha-ssh-proxy/playbook.yml | 9 ++--- Ansible/project/rt-xray-ha/playbook.yml | 9 ++--- Ansible/project/rt-xray/playbook.yml | 9 ++--- Ansible/project/rt/hosts.yml | 21 ++++------- Ansible/project/rt/playbook.yml | 6 ++-- Ansible/project/rt/runPlaybook.sh | 3 ++ Ansible/project/ssl/playbook.yml | 8 ++--- README.md | 3 +- 13 files changed, 94 insertions(+), 55 deletions(-) create mode 100644 Ansible/README.md create mode 100755 Ansible/project/rt/runPlaybook.sh diff --git a/Ansible/README.md b/Ansible/README.md new file mode 100644 index 0000000..ec8c616 --- /dev/null +++ b/Ansible/README.md @@ -0,0 +1,35 @@ +# JFrog Ansible Collection + +This Ansible directory consists of the following directories that support the JFrog Ansible collection. + + * [collection directory](collection) - This directory contains the Ansible collection package that has the Ansible roles for Artifactory and Xray. See the collection [README](collection/README.md) for details on the available roles and variables. + * [infra directory](infra) - This directory contains example infrastructure templates that can be used for testing and as example deployments. + * [project directory](project) - This directory contains example playbooks for various architectures from single Artifactory (RT) deployments to high-availability setups. + * [test directory](test) - This directory contains Gradle tests that can be used to verify a deployment. It also has Ansible playbooks for creating infrastructure, provisioning software and testing with Gradle. + + ## Getting Started + + 1. Install this collection or the roles in your Ansible path using your ansible.cfg file. The following is an example: + ``` +# Installs collections into [current dir]/ansible_collections/namespace/collection_name +collections_paths = ~/.ansible/collections:/usr/share/ansible/collections:collection + +# Installs roles into [current dir]/roles/namespace.rolename +roles_path = Ansible/collection/jfrog/ansible/roles +``` + 2. Ansible uses SSH to connect to hosts. Ensure that your SSH private key is on your client and the public keys are installed on your Ansible hosts. If you are using a bastion host, you can add the following Ansible variable to allow proxying through the bastion host. + ``` + ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -A user@host -W %h:%p"' + + eg. + ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -A ubuntu@{{ azureDeployment.deployment.outputs.lbIp.value }} -W %h:%p"' + ``` + 3. Create your inventory file. Use one of the examples from the [project directory](project) to construct an inventory file (hosts.yml) with the host addresses and variables. + + 4. Create your playbook. Use one of the examples from the [project directory](project) to construct a playbook using the JFrog Ansible roles. These roles will be applied to your inventory and provision software. + + 5. Then execute with the following command to provision the JFrog software with Ansible. Variables can also be passed in at the command-line. + + ``` +ansible-playbook -i hosts.yml playbook.yml --extra-vars "master_key=$(openssl rand -hex 16) join_key=$(openssl rand -hex 16)" +``` \ No newline at end of file diff --git a/Ansible/collection/README.md b/Ansible/collection/README.md index edae0e5..1913bd9 100644 --- a/Ansible/collection/README.md +++ b/Ansible/collection/README.md @@ -32,10 +32,13 @@ The following Vars must be configured. * db_user: The database user to configure. eg. "artifactory" * db_password: The database password to configure. "Art1fact0ry" * server_name: This is the server name. eg. "artifactory.54.175.51.178.xip.io" +* system_file: Your own system YAML file can be specified and used. If specified, this file will be used rather than constructing a file from the parameters above. +* binary_store_file: Your own binary store file can be used. If specified, the default cluster-file-system will not be used. ### primary vars * artifactory_is_primary: For the primary node this must be set to **true**. * artifactory_license1 - 5: These are the cluster licenses. +* artifactory_license_file: Your own license file can be used. If specified, a license file constructed from the licenses above will not be used. ### secondary vars * artifactory_is_primary: For the secondary node(s) this must be set to **false**. diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory/defaults/main.yml b/Ansible/collection/jfrog/ansible/roles/artifactory/defaults/main.yml index dd8cac9..4520463 100644 --- a/Ansible/collection/jfrog/ansible/roles/artifactory/defaults/main.yml +++ b/Ansible/collection/jfrog/ansible/roles/artifactory/defaults/main.yml @@ -6,7 +6,7 @@ ansible_marketplace: standalone # The version of Artifactory to install artifactory_version: 7.4.1 -# licenses +# licenses file - specify a licenses file or specify up to 5 licenses artifactory_license1: artifactory_license2: artifactory_license3: @@ -26,9 +26,6 @@ artifactory_download_directory: /opt/jfrog artifactory_file_store_dir: /data # Pick the Artifactory flavour to install, can be also cpp-ce, jcr, pro. -# note that for "pro" version, the artifactory_zip URL would need to be overridden to e.g.: -# https://dl.bintray.com/jfrog/artifactory-pro/org/artifactory/pro/jfrog-artifactory-pro/{{ artifactory_version }}/jfrog-artifactory-pro-{{ artifactory_version }}.zip -# https://dl.bintray.com/jfrog/artifactory-pro/org/artifactory/pro/jfrog-artifactory-pro/{{ artifactory_version }}/jfrog-artifactory-pro-{{ artifactory_version }}-linux.tar.gz artifactory_flavour: pro extra_java_opts: -server -Xms2g -Xmx14g -Xss256k -XX:+UseG1GC diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory/tasks/main.yml b/Ansible/collection/jfrog/ansible/roles/artifactory/tasks/main.yml index a23a047..04b3a8e 100644 --- a/Ansible/collection/jfrog/ansible/roles/artifactory/tasks/main.yml +++ b/Ansible/collection/jfrog/ansible/roles/artifactory/tasks/main.yml @@ -52,11 +52,19 @@ group: "{{ artifactory_group }}" become: yes +- name: use specified system yaml + copy: + src: "{{ system_file }}" + dest: "{{ artifactory_home }}/var/etc/system.yaml" + become: yes + when: system_file is defined + - name: configure system yaml template: src: system.yaml.j2 dest: "{{ artifactory_home }}/var/etc/system.yaml" become: yes + when: system_file is not defined - name: ensure {{ artifactory_home }}/var/etc/security/ exists file: @@ -92,18 +100,33 @@ dest: "{{ artifactory_home }}/var/etc/info/installer-info.json" become: yes -- name: configure binary store +- name: use specified binary store + copy: + src: "{{ binary_store_file }}" + dest: "{{ artifactory_home }}/var/etc/binarystore.xml" + become: yes + when: binary_store_file is defined + +- name: use default binary store template: src: binarystore.xml.j2 dest: "{{ artifactory_home }}/var/etc/binarystore.xml" become: yes + when: binary_store_file is not defined -- name: configure cluster license +- name: use license file + copy: + src: "{{ artifactory_license_file }}" + dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.cluster.license" + become: yes + when: artifactory_license_file is defined and artifactory_is_primary == true + +- name: use license strings template: src: artifactory.cluster.license.j2 dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.cluster.license" become: yes - when: artifactory_is_primary == true + when: artifactory_license_file is not defined and artifactory_is_primary == true - name: download database driver get_url: diff --git a/Ansible/project/rt-xray-auto-keys/playbook.yml b/Ansible/project/rt-xray-auto-keys/playbook.yml index 10dc19d..2e99018 100644 --- a/Ansible/project/rt-xray-auto-keys/playbook.yml +++ b/Ansible/project/rt-xray-auto-keys/playbook.yml @@ -6,16 +6,13 @@ var: join_key - hosts: database - gather_facts: true roles: - - jfrog/ansible/roles/postgres + - postgres - hosts: artifactory - gather_facts: true roles: - - jfrog/ansible/roles/artifactory + - artifactory - hosts: xray - gather_facts: true roles: - - jfrog/ansible/roles/xray \ No newline at end of file + - xray \ No newline at end of file diff --git a/Ansible/project/rt-xray-ha-ssh-proxy/playbook.yml b/Ansible/project/rt-xray-ha-ssh-proxy/playbook.yml index e47c473..825fe0b 100644 --- a/Ansible/project/rt-xray-ha-ssh-proxy/playbook.yml +++ b/Ansible/project/rt-xray-ha-ssh-proxy/playbook.yml @@ -1,15 +1,12 @@ --- - hosts: database - gather_facts: true roles: - - jfrog/ansible/roles/postgres + - postgres - hosts: primary:secondary - gather_facts: true roles: - - jfrog/ansible/roles/artifactory + - artifactory - hosts: xray - gather_facts: true roles: - - jfrog/ansible/roles/xray \ No newline at end of file + - xray \ No newline at end of file diff --git a/Ansible/project/rt-xray-ha/playbook.yml b/Ansible/project/rt-xray-ha/playbook.yml index 1f55bcf..b25f3af 100644 --- a/Ansible/project/rt-xray-ha/playbook.yml +++ b/Ansible/project/rt-xray-ha/playbook.yml @@ -1,15 +1,12 @@ --- - hosts: database - gather_facts: true roles: - - jfrog/ansible/roles/postgres + - postgres - hosts: primary - gather_facts: true roles: - - jfrog/ansible/roles/artifactory + - artifactory - hosts: xray - gather_facts: true roles: - - jfrog/ansible/roles/xray \ No newline at end of file + - xray \ No newline at end of file diff --git a/Ansible/project/rt-xray/playbook.yml b/Ansible/project/rt-xray/playbook.yml index 9dea61f..9c0ff31 100644 --- a/Ansible/project/rt-xray/playbook.yml +++ b/Ansible/project/rt-xray/playbook.yml @@ -1,15 +1,12 @@ --- - hosts: database - gather_facts: true roles: - - jfrog/ansible/roles/postgres + - postgres - hosts: artifactory - gather_facts: true roles: - - jfrog/ansible/roles/artifactory + - artifactory - hosts: xray - gather_facts: true roles: - - jfrog/ansible/roles/xray \ No newline at end of file + - xray \ No newline at end of file diff --git a/Ansible/project/rt/hosts.yml b/Ansible/project/rt/hosts.yml index 79cf45d..42dab9b 100644 --- a/Ansible/project/rt/hosts.yml +++ b/Ansible/project/rt/hosts.yml @@ -2,30 +2,23 @@ all: vars: ansible_user: "ubuntu" - ansible_ssh_private_key_file: "/Users/jefff/.ssh/ansible-priv.pem" children: database: hosts: - 52.86.32.79: + 54.83.163.100: db_users: - - { db_user: "artifactory", db_password: "Art1fAct0ry" } + - { db_user: "artifactory", db_password: "{{ lookup('env', 'artifactory_password') }}" } dbs: - { db_name: "artifactory", db_owner: "artifactory" } primary: hosts: - 100.25.104.198: + 54.165.47.191: artifactory_is_primary: true - artifactory_license1: x - artifactory_license2: x - artifactory_license3: x - artifactory_license4: x - artifactory_license5: x - master_key: "c97b862469de0d94fbb7d48130637a5a" - join_key: "9bcca98f375c0728d907cc6ee39d4f02" + artifactory_license_file: "{{ lookup('env', 'artifactory_license_file') }}" db_download_url: "https://jdbc.postgresql.org/download/postgresql-42.2.12.jar" db_type: "postgresql" db_driver: "org.postgresql.Driver" - db_url: "jdbc:postgresql://10.0.0.160:5432/artifactory" + db_url: "jdbc:postgresql://10.0.0.219:5432/artifactory" db_user: "artifactory" - db_password: "Art1fAct0ry" - server_name: "ec2-100-25-104-198.compute-1.amazonaws.com" \ No newline at end of file + db_password: "{{ lookup('env', 'artifactory_password') }}" + server_name: "ec2-54-165-47-191.compute-1.amazonaws.com" \ No newline at end of file diff --git a/Ansible/project/rt/playbook.yml b/Ansible/project/rt/playbook.yml index 472706a..48d7c1e 100644 --- a/Ansible/project/rt/playbook.yml +++ b/Ansible/project/rt/playbook.yml @@ -1,10 +1,8 @@ --- - hosts: database - gather_facts: true roles: - - jfrog/ansible/roles/postgres + - postgres - hosts: primary - gather_facts: true roles: - - jfrog/ansible/roles/artifactory + - artifactory diff --git a/Ansible/project/rt/runPlaybook.sh b/Ansible/project/rt/runPlaybook.sh new file mode 100755 index 0000000..1c5d200 --- /dev/null +++ b/Ansible/project/rt/runPlaybook.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +ansible-playbook -i Ansible/project/rt/hosts.yml Ansible/project/rt/playbook.yml --extra-vars "master_key=$(openssl rand -hex 16) join_key=$(openssl rand -hex 16)" \ No newline at end of file diff --git a/Ansible/project/ssl/playbook.yml b/Ansible/project/ssl/playbook.yml index 6f1ba22..359472b 100644 --- a/Ansible/project/ssl/playbook.yml +++ b/Ansible/project/ssl/playbook.yml @@ -1,11 +1,9 @@ --- - hosts: database - gather_facts: true roles: - - jfrog/ansible/roles/postgres + - postgres - hosts: primary - gather_facts: true roles: - - jfrog/ansible/roles/artifactory - - jfrog/ansible/roles/artifactory-nginx-ssl + - artifactory + - artifactory-nginx-ssl diff --git a/README.md b/README.md index dba9f2b..7bd8bf3 100644 --- a/README.md +++ b/README.md @@ -4,4 +4,5 @@ Template to deploy/manage JFrog Artifactory enterprise cluster on various cloud * [Terraform](Terraform/README.md) * [CloudFormation](CloudFormation/README.md) -* [Azure Resource Manager](AzureResourceManager/README.md) \ No newline at end of file +* [Azure Resource Manager](AzureResourceManager/README.md) +* [Ansible](Ansible/README.md) \ No newline at end of file