zware/JFrog-Cloud-Installers
1
0
Fork 0
mirror of https://github.com/ZwareBear/JFrog-Cloud-Installers.git synced 2026-01-20 22:06:55 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #84 from jfrog/aws-7.15.3

Browse Source 
Update AWS CFT for RT 7.15.3
This commit is contained in:
Alex Hung
2021-02-19 12:37:34 -08:00
committed by GitHub
parent a4778172f6 40cf0c4cb0
commit 8ddf11d7f8
4 changed files with 2159 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

408
Amazon/Marketplace/v7153/templates/jfrog-artifactory-core-infrastructure.template.yaml Normal file
View File

@@ -0,0 +1,408 @@
AWSTemplateFormatVersion: '2010-09-09'
Description: 'JFrog Artifactory Quick Start Deployment (qs-1qpmmjh61)'
Parameters:
AvailabilityZones:
Description: List of Availability Zones to use for the subnets in the VPC. Two
Availability Zones are used for this deployment.
Type: List<AWS::EC2::AvailabilityZone::Name>
VpcId:
Type: AWS::EC2::VPC::Id
VpcCidr:
Description: CIDR block for the VPC
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/16
Type: String
PrivateSubnet1Cidr:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/19
Type: String
PrivateSubnet2Cidr:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.32.0/19
Type: String
PrivateSubnet3Cidr:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.64.0/19
Type: String
SubnetIds:
Type: List<AWS::EC2::Subnet::Id>
DatabaseAllocatedStorage:
Type: Number
MultiAzDatabase:
Description: Choose false to create an Amazon RDS instance in a single Availability Zone.
ConstraintDescription: True or False
AllowedValues:
- "true"
- "false"
Type: String
DatabaseEngine:
Type: String
DatabaseUser:
Type: String
DatabasePassword:
NoEcho: 'true'
Type: String
DatabaseInstance:
Type: String
DatabaseName:
Type: String
ArtifactoryProduct:
Default: JFrog-Artifactory-Pro
Type: String
ReleaseStage:
Default: GA
Type: String
InstanceType:
Default: m5.xlarge
Type: String
ArtifactoryHostRole:
Type: String
VolumeSize:
Type: Number
Mappings:
DatabaseMap:
Postgres:
Name: postgresql
DatabaseVersion: 11.5
Driver: "org.postgresql.Driver"
Plugin: postgresql-42.2.9.jar
PluginURL: https://jdbc.postgresql.org/download/
port: "5432"
extraDatabaseOps: ""
ReleaseStageMap:
BETA:
ProDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/artifactory-pro"
JcrDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/artifactory-jcr"
NginxDockerRepo: "earlyaccess-docker.jfrog.io/jfrog/nginx-artifactory-pro"
GA:
ProDockerRepo: "docker.bintray.io/jfrog/artifactory-pro"
JcrDockerRepo: "docker.bintray.io/jfrog/artifactory-jcr"
NginxDockerRepo: "docker.bintray.io/jfrog/nginx-artifactory-pro"
ProductMap:
JFrog-Container-Registry:
RepoName: JcrDockerRepo
JFrog-Artifactory-Pro:
RepoName: ProDockerRepo
JavaOptionstoInstance:
m5.large:
Min: 4
Max: 4
DeploymentSize: xxSmall
m5.xlarge:
Min: 8
Max: 12
DeploymentSize: xSmall
m5.2xlarge:
Min: 16
Max: 24
DeploymentSize: Small
m5.4xlarge:
Min: 32
Max: 48
DeploymentSize: Medium
m5.8xlarge:
Min: 64
Max: 96
DeploymentSize: Large
m5.12xlarge:
Min: 96
Max: 144
DeploymentSize: xLarge
m5.16xlarge:
Min: 128
Max: 192
DeploymentSize: xxLarge
m5.24xlarge:
Min: 192
Max: 288
DeploymentSize: xxxLarge
m5.metal:
Min: 192
Max: 288
DeploymentSize: xxxLarge
m5d.large:
Min: 4
Max: 4
DeploymentSize: xxSmall
m5d.xlarge:
Min: 8
Max: 12
DeploymentSize: xSmall
m5d.2xlarge:
Min: 16
Max: 24
DeploymentSize: Small
m5d.4xlarge:
Min: 32
Max: 48
DeploymentSize: Medium
m5d.8xlarge:
Min: 64
Max: 96
DeploymentSize: Large
m5d.12xlarge:
Min: 96
Max: 144
DeploymentSize: xLarge
m5d.16xlarge:
Min: 128
Max: 192
DeploymentSize: xxLarge
m5d.24xlarge:
Min: 192
Max: 288
DeploymentSize: xxxLarge
m5d.metal:
Min: 192
Max: 288
DeploymentSize: xxxLarge
m5a.large:
Min: 4
Max: 4
DeploymentSize: xxSmall
m5a.xlarge:
Min: 8
Max: 12
DeploymentSize: xSmall
m5a.2xlarge:
Min: 16
Max: 24
DeploymentSize: Small
m5a.4xlarge:
Min: 32
Max: 48
DeploymentSize: Medium
m5a.8xlarge:
Min: 64
Max: 96
DeploymentSize: Large
m5a.12xlarge:
Min: 96
Max: 144
DeploymentSize: xLarge
m5a.16xlarge:
Min: 128
Max: 192
DeploymentSize: xxLarge
m5a.24xlarge:
Min: 192
Max: 288
DeploymentSize: xxxLarge
m5ad.large:
Min: 4
Max: 4
DeploymentSize: xxSmall
m5ad.xlarge:
Min: 8
Max: 12
DeploymentSize: xSmall
m5ad.2xlarge:
Min: 16
Max: 24
DeploymentSize: Small
m5ad.4xlarge:
Min: 32
Max: 48
DeploymentSize: Medium
m5ad.12xlarge:
Min: 96
Max: 144
DeploymentSize: xLarge
m5ad.24xlarge:
Min: 192
Max: 288
DeploymentSize: xxxLarge
Resources:
ArtifactoryDatabaseSubnetGroup:
Type: AWS::RDS::DBSubnetGroup
Properties:
DBSubnetGroupDescription: Private Subnets available to the RDS Instance(s)
SubnetIds: !Ref SubnetIds
ArtifactoryDatabase:
Type: AWS::RDS::DBInstance
Properties:
AllocatedStorage: !Ref DatabaseAllocatedStorage
MultiAZ: !Ref MultiAzDatabase
Engine: !Ref DatabaseEngine
EngineVersion: !FindInMap
- DatabaseMap
- !Ref DatabaseEngine
- DatabaseVersion
MasterUsername: !Ref DatabaseUser
MasterUserPassword: !Ref DatabasePassword
DBInstanceClass: !Ref DatabaseInstance
DBName: !Ref DatabaseName
DBSubnetGroupName: !Ref ArtifactoryDatabaseSubnetGroup
StorageEncrypted: true
VPCSecurityGroups:
- !Ref ArtifactoryDatabaseSG
ArtifactoryDatabaseSG:
Type: AWS::EC2::SecurityGroup
Properties:
Tags:
- Key: Name
Value: artifactory-rds-sg
GroupDescription: SG for RDS Instance to allow communication from the Bastion and Artifactory servers.
VpcId: !Ref VpcId
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: !Ref VpcCidr
- IpProtocol: tcp
FromPort: !FindInMap
- DatabaseMap
- !Ref DatabaseEngine
- port
ToPort: !FindInMap
- DatabaseMap
- !Ref DatabaseEngine
- port
CidrIp: !Ref PrivateSubnet1Cidr
- IpProtocol: tcp
FromPort: !FindInMap
- DatabaseMap
- !Ref DatabaseEngine
- port
ToPort: !FindInMap
- DatabaseMap
- !Ref DatabaseEngine
- port
CidrIp: !Ref PrivateSubnet2Cidr
- IpProtocol: tcp
FromPort: !FindInMap
- DatabaseMap
- !Ref DatabaseEngine
- port
ToPort: !FindInMap
- DatabaseMap
- !Ref DatabaseEngine
- port
CidrIp: !Ref PrivateSubnet3Cidr
SecurityGroupEgress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
ArtifactoryS3Bucket:
Type: AWS::S3::Bucket
Properties:
AccessControl: Private
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
ArtifactoryS3IAMPolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: S3BucketPermissions
PolicyDocument:
Version: 2012-10-17
Statement:
- Sid: S3BucketPermissions
Effect: Allow
Action:
- s3:*
Resource:
- Fn::Join:
- ''
- - !Sub "arn:${AWS::Partition}:s3:::"
- !Ref ArtifactoryS3Bucket
- Fn::Join:
- ''
- - !Sub "arn:${AWS::Partition}:s3:::"
- !Ref ArtifactoryS3Bucket
- "/*"
Roles:
- !Ref ArtifactoryHostRole
ArtifactoryEbsVolume:
Type: AWS::EC2::Volume
Properties:
AvailabilityZone:
!Select
- '0'
- !Ref AvailabilityZones
Encrypted: false
Size: !Ref VolumeSize
Tags:
- Key: Name
Value: !Sub "Artifactory-${AWS::StackName}"
VolumeType: gp2
DeletionPolicy: Snapshot
UpdateReplacePolicy: Snapshot
Outputs:
S3Bucket:
Value: !Ref ArtifactoryS3Bucket
Description: Actual S3 bucket created for Artifactory
DatabaseDriver:
Value: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Driver]
DatabasePlugin:
Value: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Plugin]
DatabasePluginUrl:
Value: !Sub
- "${MainURL}${PluginVersion}"
- {
MainURL: !FindInMap [DatabaseMap, !Ref DatabaseEngine, PluginURL],
PluginVersion: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Plugin]
}
DatabaseType:
Value: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Name]
DatabaseUrl:
Value: !Sub
- "jdbc:${DatabaseType}://${ArtifactoryDatabaseEndpointAddress}:${port}/${DatabaseName}${extraDatabaseOps}"
- {
DatabaseType: !FindInMap [DatabaseMap, !Ref DatabaseEngine, Name],
ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address,
port: !FindInMap [DatabaseMap, !Ref DatabaseEngine, port],
extraDatabaseOps: !FindInMap [DatabaseMap, !Ref DatabaseEngine, extraDatabaseOps],
}
XrayMasterDatabaseUrl:
Value: !Sub
- "${ArtifactoryDatabaseEndpointAddress}:${port}/${DatabaseName}?sslmode=disable"
- {
ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address,
port: !FindInMap [DatabaseMap, !Ref DatabaseEngine, port],
}
XrayDatabaseUrl:
Value: !Sub
- "${ArtifactoryDatabaseEndpointAddress}:${port}/xraydb?sslmode=disable"
- {
ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address,
port: !FindInMap [DatabaseMap, !Ref DatabaseEngine, port],
}
ProDockerRepo:
Value: !FindInMap
- ReleaseStageMap
- !Ref ReleaseStage
- !FindInMap
- ProductMap
- !Ref ArtifactoryProduct
- RepoName
NginxDockerRepo:
Value: !FindInMap [ReleaseStageMap, !Ref ReleaseStage, NginxDockerRepo]
JavaOpts:
Value: !Sub
- "-Xms${min}g -Xmx${max}g"
- {
min: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, Min],
max: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, Max]
}
DeploymentSize:
Value: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, DeploymentSize]
ArtifactoryEbsVolume:
Value: !Ref ArtifactoryEbsVolume

1051
Amazon/Marketplace/v7153/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

408
Amazon/Marketplace/v7153/templates/jfrog-artifactory-ec2-instance.template.yaml Normal file
View File

@@ -0,0 +1,408 @@
AWSTemplateFormatVersion: "2010-09-09"
Description: "Deploys the EC2 Autoscaling, LaunchConfig and Instance for Artifactory (qs-1qpmmjh5o)"
Parameters:
PrivateSubnetIds:
Type: List<AWS::EC2::Subnet::Id>
MinScalingNodes:
Type: Number
MaxScalingNodes:
Type: Number
DeploymentTag:
Type: String
HostRole:
Type: String
AmiId:
Type: String
ArtifactoryProduct:
Type: String
QsS3BucketName:
Type: String
QsS3KeyPrefix:
Type: String
QsS3Uri:
Type: String
ArtifactoryLicensesSecretName:
Type: String
ArtifactoryServerName:
Type: String
Certificate:
Type: String
CertificateKey:
Type: String
NoEcho: 'true'
CertificateDomain:
Type: String
EnableSSL:
Type: String
ArtifactoryS3Bucket:
Type: String
DatabaseUrl:
Type: String
DatabaseDriver:
Type: String
DatabasePluginUrl:
Type: String
DatabasePlugin:
Type: String
DatabaseType:
Type: String
DatabaseUser:
Type: String
DatabasePassword:
Type: String
NoEcho: 'true'
ArtifactoryPrimary:
Type: String
MasterKey:
Type: String
NoEcho: 'true'
ExtraJavaOptions:
Type: String
ArtifactoryVersion:
Type: String
KeyPairName:
Type: AWS::EC2::KeyPair::KeyName
TargetGroupARN:
Type: String
SSLTargetGroupARN:
Type: String
InternalTargetGroupARN:
Type: String
HostProfile:
Type: String
SecurityGroups:
Type: String
InstanceType:
Type: String
PrimaryVolume:
Type: String
VolumeSize:
Type: Number
UserDataDirectory:
Description: Directory to store Artifactory data. Can be used to store data (via symlink) in detachable volume
Type: String
Default: '/artifactory-user-data'
Mappings:
AWSAMIRegionMap:
us-east-1:
"Artifactory7153": ami-07a437a0be21eb6c8
us-east-2:
"Artifactory7153": ami-08f834139a150fb62
us-west-1:
"Artifactory7153": ami-0afdf2d63fc2c0895
us-west-2:
"Artifactory7153": ami-09274621c30cae078
ca-central-1:
"Artifactory7153": ami-0f422f5980aeba60f
eu-central-1:
"Artifactory7153": ami-05df4fbab56afe702
eu-west-1:
"Artifactory7153": ami-05386b580a110a49a
eu-west-2:
"Artifactory7153": ami-094b79d303c9e1e0d
eu-west-3:
"Artifactory7153": ami-0ed4d6971439caf27
ap-southeast-1:
"Artifactory7153": ami-01ec4e8b4ffbf7dc1
ap-southeast-2:
"Artifactory7153": ami-0ccb1a939c83d8062
ap-south-1:
"Artifactory7153": ami-078c43a083b6500be
ap-northeast-1:
"Artifactory7153": ami-0695fd32ca193cccd
ap-northeast-2:
"Artifactory7153": ami-0a03d23e6dc213b5e
sa-east-1:
"Artifactory7153": ami-0b831f8403d6979d4
us-gov-east-1:
"Artifactory7153": ami-0ec712ae031edcb34
us-gov-west-1:
"Artifactory7153": ami-0b6229d13d677cd16
ArtifactoryProductMap:
JFrog-Container-Registry:
"7153": "Jcr7153"
product: "jcr"
JFrog-Artifactory-Pro:
"7153": "Artifactory7153"
product: "artifactory"
Conditions:
IsSecondary: !Equals [!Ref ArtifactoryPrimary, 'false']
Resources:
ArtifactoryScalingGroup:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
LaunchConfigurationName: !Ref ArtifactoryLaunchConfiguration
VPCZoneIdentifier: !Ref PrivateSubnetIds
MinSize: !Ref MinScalingNodes
MaxSize: !Ref MaxScalingNodes
Cooldown: '300'
DesiredCapacity: !Ref MinScalingNodes
TargetGroupARNs:
- !Ref TargetGroupARN
- !Ref SSLTargetGroupARN
- !Ref InternalTargetGroupARN
HealthCheckType: ELB
HealthCheckGracePeriod: 1800
Tags:
- Key: Name
Value: !Ref DeploymentTag
PropagateAtLaunch: true
- Key: ArtifactoryVersion
Value: !Ref ArtifactoryVersion
PropagateAtLaunch: true
TerminationPolicies:
- OldestInstance
- Default
CreationPolicy:
ResourceSignal:
Count: !Ref MinScalingNodes
Timeout: PT60M
ArtifactoryLaunchConfiguration:
Type: 'AWS::AutoScaling::LaunchConfiguration'
Metadata:
AWS::CloudFormation::Authentication:
S3AccessCreds:
type: S3
roleName:
- !Ref HostRole # !Ref ArtifactoryHostRole
buckets:
- !Ref QsS3BucketName
AWS::CloudFormation::Init:
configSets:
artifactory_install:
- "config-cloudwatch"
- "config-artifactory-primary"
- "secure-artifactory"
config-cloudwatch:
files:
/root/cloudwatch.conf:
content: |
[general]
state_file = /var/awslogs/state/agent-state
[/var/log/messages]
file = /var/log/messages
log_group_name = /artifactory/instances/{instance_id}
log_stream_name = /var/log/messages/
datetime_format = %b %d %H:%M:%S
[/var/log/jfrog-ami-setup.log]
file = /var/log/messages
log_group_name = /artifactory/instances/{instance_id}
log_stream_name = /var/log/jfrog-ami-setup.log
datetime_format = %b %d %H:%M:%S
[/var/log/jfrog-ami-artifactory.log]
file = /var/log/messages
log_group_name = /artifactory/instances/{instance_id}
log_stream_name = /var/log/jfrog-ami-artifactory.log
datetime_format = %b %d %H:%M:%S
mode: "0400"
config-artifactory-primary:
files:
/root/attach_volume.sh:
content: !Sub |
#!/usr/bin/env bash
IS_PRIMARY="${ArtifactoryPrimary}"
if [[ $IS_PRIMARY != "true" ]]; then
echo 'Not primary node. Skipping EBS volume attachment.'
lsblk # debug
exit 0
fi
echo "Using primary volume ID ${PrimaryVolume}"
VOLUME_ID="${PrimaryVolume}"
echo "VOLUME_ID: $VOLUME_ID"
if [[ -z "$VOLUME_ID" ]]; then
echo 'Invalid $VOLUME_ID'
exit 1
fi
# Get instance id from AWS
INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
# Attach the volume created by another CFT
# the device name should become /dev/nvme1n1
# See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html
echo "Attaching volume $VOLUME_ID to instance $INSTANCE_ID"
/var/awslogs/bin/aws ec2 attach-volume --volume-id $VOLUME_ID --instance-id $INSTANCE_ID --device /dev/xvdf --region ${AWS::Region}
echo "Wait for volume $VOLUME_ID to attach"
sleep 30 # Give volume time to attach
lsblk # debug
mode: "0770"
/root/.jfrog_ami/artifactory.yml:
content: !Sub
- |
# Base install for Artifactory
- import_playbook: site-artifactory.yml
vars:
artifactory_product: ${product}
artifactory_flavour: "{{ 'pro' if '${product}' == 'artifactory' else 'jcr' if '${product}' == 'jcr' }}"
artifactory_ha_enabled: true
artifactory_is_primary: ${ArtifactoryPrimary}
artifactory_server_name: ${ArtifactoryServerName}
server_name: ${ArtifactoryServerName}.${CertificateDomain}
use_custom_data_directory: true
custom_data_directory: "${UserDataDirectory}"
s3_region: ${AWS::Region}
s3_bucket: ${ArtifactoryS3Bucket}
certificate: ${Certificate}
certificate_key: ${CertificateKey}
certificate_domain: ${CertificateDomain}
enable_ssl: ${EnableSSL}
ssl_dir: /etc/pki/tls/certs
db_type: ${DatabaseType}
db_driver: ${DatabaseDriver}
db_url: ${DatabaseUrl}
db_user: ${DatabaseUser}
db_password: ${DatabasePassword}
# db_download_url: https://jdbc.postgresql.org/download/postgresql-42.2.12.jar
art_primary: ${ArtifactoryPrimary}
master_key: ${MasterKey}
join_key: ${MasterKey}
extra_java_opts: ${ExtraJavaOptions}
artifactory_version: ${ArtifactoryVersion}
artifactory_keystore:
path: /opt/jfrog/artifactory/app/third-party/java/lib/security/cacerts
default_password: changeit
new_keystore_pass: ${DatabasePassword}
artifactory_java_db_drivers:
- name: ${DatabasePlugin}
url: ${DatabasePluginUrl}
owner: artifactory
group: artifactory
- product: !FindInMap [ArtifactoryProductMap, !Ref ArtifactoryProduct, product]
mode: "0400"
/root/.vault_pass.txt:
content: !Sub |
${DatabasePassword}
mode: "0400"
/root/.secureit.sh:
content:
ansible-vault encrypt /root/.jfrog_ami/artifactory.yml --vault-id /root/.vault_pass.txt
mode: "0770"
secure-artifactory:
commands:
'secure ansible playbook':
command: '/root/.secureit.sh'
ignoreErrors: 'false'
Properties:
KeyName: !Ref KeyPairName
IamInstanceProfile: !Ref HostProfile
ImageId: !FindInMap
- AWSAMIRegionMap
- !Ref 'AWS::Region'
- !FindInMap
- ArtifactoryProductMap
- !Ref ArtifactoryProduct
- !Ref AmiId
SecurityGroups:
- !Ref SecurityGroups
InstanceType: !Ref InstanceType
BlockDeviceMappings:
!If
- IsSecondary
- - DeviceName: /dev/xvda
Ebs:
VolumeSize: !Ref VolumeSize
VolumeType: gp2
DeleteOnTermination: true
Encrypted: true
- !Ref AWS::NoValue
UserData:
Fn::Base64:
!Sub |
#!/bin/bash -x
#CFN Functions
function cfn_fail
{
cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource ArtifactoryScalingGroup
exit 1
}
function cfn_success
{
cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource ArtifactoryScalingGroup
exit 0
}
S3URI=${QsS3Uri}
# Update OS
yum update -y
# Install git
yum install -y epel-release git policycoreutils-python
yum update --security -y 2>&1 | tee /var/log/userdata.yum_security_update.log
yum install -y jq python3 libselinux-python3
echo $PATH
PATH=/opt/aws/bin:$PATH
echo $PATH
# Create virtual env and activate
python3 -m venv ~/venv --system-site-packages
source ~/venv/bin/activate
pip install --upgrade pip
pip install jmespath wheel
# Install Cloudformation helper scripts
pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz 2>&1 | tee /var/log/userdata.aws_cfn_bootstrap_install.log
pip install awscli 2>&1 | tee /var/log/userdata.awscli_install.log
pip install ansible 2>&1 | tee /var/log/userdata.ansible_install.log
mkdir ~/.jfrog_ami
aws s3 --region ${AWS::Region} sync s3://${QsS3BucketName}/${QsS3KeyPrefix}cloudInstallerScripts/ ~/.jfrog_ami/ || cfn_fail
setsebool httpd_can_network_connect 1 -P
# CentOS cloned virtual machines do not create a new machine id
# https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/
rm -f /etc/machine-id
systemd-machine-id-setup
cfn-init -v --stack ${AWS::StackName} --resource ArtifactoryLaunchConfiguration --configsets artifactory_install --region ${AWS::Region} || cfn_fail
# Setup CloudWatch Agent
curl https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py -O
chmod +x ./awslogs-agent-setup.py
./awslogs-agent-setup.py -n -r ${AWS::Region} -c /root/cloudwatch.conf 2>&1 | tee /var/log/userdata.cloudwatch_agent_install.log
/root/attach_volume.sh || cfn_fail
ansible-galaxy collection install community.general ansible.posix
setsebool httpd_can_network_connect 1 -P
aws secretsmanager get-secret-value --secret-id ${ArtifactoryLicensesSecretName} --region ${AWS::Region} | jq -r '{"artifactory_licenses":(.SecretString | fromjson )}' > ~/.jfrog_ami/licenses.json || cfn_fail
ansible-playbook /root/.jfrog_ami/artifactory.yml -e "@~/.jfrog_ami/licenses.json" --vault-id /root/.vault_pass.txt 2>&1 | tee /var/log/jfrog-ami-artifactory.log || cfn_fail
rm -rf /root/.secureit.sh
cfn_success &> /var/log/cfn_success.log
cfn_success || cfn_fail

292
Amazon/Marketplace/v7153/templates/jfrog-xray-ec2-instance.template.yaml Normal file
View File

@@ -0,0 +1,292 @@
AWSTemplateFormatVersion: "2010-09-09"
Description: "Deploys the EC2 Autoscaling, LaunchConfig and Instance for Xray"
Parameters:
PrivateSubnet1Id:
Type: AWS::EC2::Subnet::Id
PrivateSubnet2Id:
Type: AWS::EC2::Subnet::Id
KeyPairName:
Type: AWS::EC2::KeyPair::KeyName
MinScalingNodes:
Type: Number
MaxScalingNodes:
Type: Number
DeploymentTag:
Type: String
QsS3BucketName:
Type: String
QsS3KeyPrefix:
Type: String
QsS3Uri:
Type: String
DatabaseDriver:
Type: String
DatabaseType:
Type: String
DatabaseUser:
Type: String
DatabasePassword:
Type: String
NoEcho: 'true'
MasterKey:
Type: String
NoEcho: 'true'
ExtraJavaOptions:
Type: String
SecurityGroups:
Type: String
VolumeSize:
Type: Number
XrayHostProfile:
Type: String
XrayHostRole:
Type: String
XrayInstanceType:
Type: String
JfrogInternalUrl:
Type: String
XrayDatabaseUser:
Type: String
XrayDatabasePassword:
Type: String
NoEcho: 'true'
XrayMasterDatabaseUrl:
Type: String
XrayDatabaseUrl:
Type: String
XrayVersion:
Type: String
XrayAmiId:
Type: String
# To populate additional mappings use the following with the desired --region
# aws --region us-west-2 ec2 describe-images --owners amazon --filters 'Name=name,Values=amzn-ami-hvm-2018.03.0.20181129-x86_64-gp2' 'Name=state,Values=available' --output json | jq -r '.Images | sort_by(.CreationDate) | last(.[]).ImageId'
Mappings:
AWSAMIRegionMap:
us-east-1:
"3174": ami-028555fa3b9469dc3
us-east-2:
"3174": ami-0f4980801d180776a
us-west-1:
"3174": ami-006041db0f601e438
us-west-2:
"3174": ami-0d67b78b4f09fa9a7
ca-central-1:
"3174": ami-056bafb407aa8e445
eu-central-1:
"3174": ami-05ab6de966f830b8a
eu-west-1:
"3174": ami-055507b35a350806d
eu-west-2:
"3174": ami-007c8adf17c3bee79
eu-west-3:
"3174": ami-033e74f7f2e7b43ae
ap-southeast-1:
"3174": ami-0114ff3241c5a86a8
ap-southeast-2:
"3174": ami-0c753f85c64c4169d
ap-south-1:
"3174": ami-09f40817a8786b93c
ap-northeast-1:
"3174": ami-00f6ec6314c6ddd27
ap-northeast-2:
"3174": ami-05a10d14c3289f2b3
sa-east-1:
"3174": ami-0c2acb2f23c3e6743
us-gov-east-1:
"3174": ami-0349215efccd0d9f6
us-gov-west-1:
"3174": ami-0b52a6d3379d2c20c
Resources:
XrayScalingGroup:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
LaunchConfigurationName: !Ref XrayLaunchConfiguration
VPCZoneIdentifier:
- !Ref PrivateSubnet1Id
- !Ref PrivateSubnet2Id
MinSize: !Ref MinScalingNodes
MaxSize: !Ref MaxScalingNodes
Cooldown: '300'
DesiredCapacity: !Ref MinScalingNodes
HealthCheckType: EC2
HealthCheckGracePeriod: 1800
Tags:
- Key: Name
Value: !Ref DeploymentTag
PropagateAtLaunch: true
- Key: XrayVersion
Value: !Ref XrayVersion
PropagateAtLaunch: true
TerminationPolicies:
- OldestInstance
- Default
CreationPolicy:
ResourceSignal:
Count: !Ref MinScalingNodes
Timeout: PT60M
XrayLaunchConfiguration:
Type: AWS::AutoScaling::LaunchConfiguration
Metadata:
AWS::CloudFormation::Authentication:
S3AccessCreds:
type: S3
roleName:
- !Ref XrayHostRole
buckets:
- !Ref QsS3BucketName
AWS::CloudFormation::Init:
configSets:
xray_install:
- "config-cloudwatch"
- "config-xray"
config-cloudwatch:
files:
/root/cloudwatch.conf:
content: |
[general]
state_file = /var/awslogs/state/agent-state
[/var/log/messages]
file = /var/log/messages
log_group_name = /xray/instances/{instance_id}
log_stream_name = /var/log/messages/
datetime_format = %b %d %H:%M:%S
[/var/log/xray-ami-setup.log]
file = /var/log/messages
log_group_name = /xray/instances/{instance_id}
log_stream_name = /var/log/xray-ami-setup.log
datetime_format = %b %d %H:%M:%S
[/var/log/xray.log]
file = /var/log/messages
log_group_name = /xray/instances/{instance_id}
log_stream_name = /var/log/xray.log
datetime_format = %b %d %H:%M:%S
mode: "0400"
config-xray:
files:
/root/.xray_ami/xray.yml:
content: !Sub |
# Base install for Xray
- import_playbook: site-xray.yml
vars:
jfrog_url: ${JfrogInternalUrl}
master_key: ${MasterKey}
join_key: ${MasterKey}
extra_java_opts: ${ExtraJavaOptions}
db_type: ${DatabaseType}
db_driver: ${DatabaseDriver}
db_master_url: postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl}
db_url: postgres://${XrayDatabaseUrl}
db_master_user: ${DatabaseUser}
db_user: ${XrayDatabaseUser}
db_password: ${XrayDatabasePassword}
xray_version: ${XrayVersion}
mode: "0400"
/root/.vault_pass.txt:
content: !Sub |
${DatabasePassword}
mode: "0400"
Properties:
KeyName: !Ref KeyPairName
IamInstanceProfile: !Ref XrayHostProfile
ImageId: !FindInMap
- AWSAMIRegionMap
- !Ref 'AWS::Region'
- !Ref XrayAmiId
SecurityGroups:
- !Ref SecurityGroups
InstanceType: !Ref XrayInstanceType
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
VolumeSize: !Ref VolumeSize
VolumeType: gp2
DeleteOnTermination: true
Encrypted: true
UserData:
Fn::Base64:
!Sub |
#!/bin/bash -x
exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1
#CFN Functions
function cfn_fail
{
cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource XrayScalingGroup
exit 1
}
function cfn_success
{
cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource XrayScalingGroup
exit 0
}
S3URI=${QsS3Uri}
yum update --security -y &> /var/log/userdata.yum_security_update.log
yum install -y git python3 libselinux-python3
yum install -y postgresql-server postgresql-devel
echo $PATH
PATH=/opt/aws/bin:$PATH
echo $PATH
# Create virtual env and activate
python3 -m venv ~/venv --system-site-packages
source ~/venv/bin/activate
pip install --upgrade pip
pip install wheel
# Install Cloudformation helper scripts
pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz 2>&1 | tee /var/log/userdata.aws_cfn_bootstrap_install.log
pip install awscli &> /var/log/userdata.awscli_install.log
pip install ansible &> /var/log/userdata.ansible_install.log
mkdir ~/.xray_ami
aws s3 --region ${AWS::Region} sync s3://${QsS3BucketName}/${QsS3KeyPrefix}cloudInstallerScripts/ ~/.xray_ami/
setsebool httpd_can_network_connect 1 -P
# CentOS cloned virtual machines do not create a new machine id
# https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/
rm -f /etc/machine-id
systemd-machine-id-setup
cfn-init -v --stack ${AWS::StackName} --resource XrayLaunchConfiguration --configsets xray_install --region ${AWS::Region} || cfn_fail
# Setup CloudWatch Agent
curl https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py -O
chmod +x ./awslogs-agent-setup.py
./awslogs-agent-setup.py -n -r ${AWS::Region} -c /root/cloudwatch.conf
lsblk # debug
ansible-galaxy collection install community.general ansible.posix
ansible-playbook /root/.xray_ami/xray.yml --vault-id /root/.vault_pass.txt 2>&1 | tee /var/log/xray.log || cfn_fail
rm -rf /root/.secureit.sh
cfn_success &> /var/log/cfn_success.log
cfn_success || cfn_fail