zware/JFrog-Cloud-Installers
1
0
Fork 0
mirror of https://github.com/ZwareBear/JFrog-Cloud-Installers.git synced 2026-01-21 06:06:56 -06:00
Code Issues Packages Projects Releases Wiki Activity

updated v7175

Browse Source
This commit is contained in:
anupteal
2021-04-10 00:11:18 +05:30
parent b3bf574db9
commit a4223d6eea
161 changed files with 5674 additions and 9223 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/.github/workflows/master-docs-build.yml vendored
View File

@@ -1,37 +0,0 @@
name: main-documentation
on:
push:
branches:
- master
jobs:
build-adocs:
runs-on: ubuntu-18.04
name: asciidoc builder
steps:
- name: Checkout (master)
uses: actions/checkout@v2
- name: Get new doc updates
run: |
wget https://raw.githubusercontent.com/aws-quickstart/quickstart-documentation-base-common/master/.utils/configure_git_env.sh
chmod +x configure_git_env.sh
./configure_git_env.sh
- name: Setup python
uses: actions/setup-python@v2
with:
python-version: 3.x
- name: Generate dynamic content.
run: ./docs/boilerplate/.utils/generate_dynamic_content.sh
- name: Run local actions
id: adoc
uses: ./docs/boilerplate/.actions/asciidoctor-action
with:
program: "./docs/boilerplate/.utils/build_docs.sh"
- name: Stage and Push changes to gh-pages branch.
run: ./docs/boilerplate/.utils/commit_and_push_to_ghpages.sh
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
- name: Configure gh-pages source and trigger build if necessary.
run: ./docs/boilerplate/.utils/config_and_trigger_gh-pages.sh
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

4
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/.gitmodules vendored
View File

@@ -1,4 +0,0 @@
[submodule "docs/boilerplate"]
path = docs/boilerplate
url = https://github.com/aws-quickstart/quickstart-documentation-base-common.git
branch = main

0
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/.nojekyll
View File

354
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/.taskcat.yml
View File

@@ -1,354 +0,0 @@
project:
name: quickstart-aws-vpc
owner: quickstart@amazon.com
package_lambda: false
regions:
- af-south-1
- ap-east-1
- ap-south-1
- ap-northeast-3
- ap-northeast-2
- ap-southeast-1
- ap-southeast-2
- ap-northeast-1
- ca-central-1
- cn-north-1
- cn-northwest-1
- eu-central-1
- eu-west-1
- eu-west-2
- eu-south-1
- eu-west-3
- eu-north-1
- me-south-1
- sa-east-1
- us-east-1
- us-east-2
- us-west-1
- us-west-2
s3_bucket: ''
tests:
vpc-complete-all-possible-regions:
parameters:
AvailabilityZones: $[taskcat_getaz_2]
CreateAdditionalPrivateSubnets: 'true'
CreatePrivateSubnets: 'true'
NumberOfAZs: '2'
PrivateSubnet1ACIDR: 10.0.0.0/19
PrivateSubnet1BCIDR: 10.0.192.0/21
PrivateSubnet2ACIDR: 10.0.32.0/19
PrivateSubnet2BCIDR: 10.0.200.0/21
PrivateSubnet3ACIDR: 10.0.64.0/19
PrivateSubnet3BCIDR: 10.0.208.0/21
PrivateSubnet4ACIDR: 10.0.96.0/19
PrivateSubnet4BCIDR: 10.0.216.0/21
PublicSubnet1CIDR: 10.0.128.0/20
PublicSubnet2CIDR: 10.0.144.0/20
PublicSubnet3CIDR: 10.0.160.0/20
PublicSubnet4CIDR: 10.0.176.0/20
VPCCIDR: 10.0.0.0/16
VPCTenancy: default
regions:
- af-south-1
- ap-east-1
- ap-south-1
## - ap-northeast-3
- ap-northeast-2
- ap-southeast-1
- ap-southeast-2
- ap-northeast-1
- ca-central-1
## - cn-north-1
## - cn-northwest-1
- eu-central-1
- eu-west-1
- eu-west-2
- eu-south-1
- eu-west-3
- eu-north-1
- me-south-1
- sa-east-1
- us-east-1
- us-east-2
- us-west-1
- us-west-2
s3_bucket: ''
template: templates/aws-vpc.template.yaml
vpc-defaults-all-possible-regions:
parameters:
AvailabilityZones: $[taskcat_getaz_2]
CreateAdditionalPrivateSubnets: 'false'
CreatePrivateSubnets: 'true'
NumberOfAZs: '2'
PrivateSubnet1ACIDR: 10.0.0.0/19
PrivateSubnet1BCIDR: 10.0.192.0/21
PrivateSubnet2ACIDR: 10.0.32.0/19
PrivateSubnet2BCIDR: 10.0.200.0/21
PrivateSubnet3ACIDR: 10.0.64.0/19
PrivateSubnet3BCIDR: 10.0.208.0/21
PrivateSubnet4ACIDR: 10.0.96.0/19
PrivateSubnet4BCIDR: 10.0.216.0/21
PublicSubnet1CIDR: 10.0.128.0/20
PublicSubnet2CIDR: 10.0.144.0/20
PublicSubnet3CIDR: 10.0.160.0/20
PublicSubnet4CIDR: 10.0.176.0/20
VPCCIDR: 10.0.0.0/16
VPCTenancy: default
regions:
- af-south-1
- ap-east-1
- ap-south-1
## - ap-northeast-3
- ap-northeast-2
- ap-southeast-1
- ap-southeast-2
- ap-northeast-1
- ca-central-1
## - cn-north-1
## - cn-northwest-1
- eu-central-1
- eu-west-1
- eu-west-2
- eu-south-1
- eu-west-3
- eu-north-1
- me-south-1
- sa-east-1
- us-east-1
- us-east-2
- us-west-1
- us-west-2
s3_bucket: ''
template: templates/aws-vpc.template.yaml
vpc-public-all-possible-regions:
parameters:
AvailabilityZones: $[taskcat_getaz_2]
CreateAdditionalPrivateSubnets: 'false'
CreateNATGateways: 'false'
CreatePrivateSubnets: 'false'
NumberOfAZs: '2'
PrivateSubnet1ACIDR: 10.0.0.0/19
PrivateSubnet1BCIDR: 10.0.192.0/21
PrivateSubnet2ACIDR: 10.0.32.0/19
PrivateSubnet2BCIDR: 10.0.200.0/21
PrivateSubnet3ACIDR: 10.0.64.0/19
PrivateSubnet3BCIDR: 10.0.208.0/21
PrivateSubnet4ACIDR: 10.0.96.0/19
PrivateSubnet4BCIDR: 10.0.216.0/21
PublicSubnet1CIDR: 10.0.128.0/20
PublicSubnet2CIDR: 10.0.144.0/20
PublicSubnet3CIDR: 10.0.160.0/20
PublicSubnet4CIDR: 10.0.176.0/20
VPCCIDR: 10.0.0.0/16
VPCTenancy: default
regions:
- af-south-1
- ap-east-1
- ap-south-1
## - ap-northeast-3
- ap-northeast-2
- ap-southeast-1
- ap-southeast-2
- ap-northeast-1
- ca-central-1
## - cn-north-1
## - cn-northwest-1
- eu-central-1
- eu-west-1
- eu-west-2
- eu-south-1
- eu-west-3
- eu-north-1
- me-south-1
- sa-east-1
- us-east-1
- us-east-2
- us-west-1
- us-west-2
s3_bucket: ''
template: templates/aws-vpc.template.yaml
vpc-private-all-possible-regions:
parameters:
AvailabilityZones: $[taskcat_getaz_2]
CreateAdditionalPrivateSubnets: 'false'
CreatePublicSubnets: 'false'
CreateNATGateways: 'false'
NumberOfAZs: '2'
PrivateSubnet1ACIDR: 10.0.0.0/19
PrivateSubnet1BCIDR: 10.0.192.0/21
PrivateSubnet2ACIDR: 10.0.32.0/19
PrivateSubnet2BCIDR: 10.0.200.0/21
PrivateSubnet3ACIDR: 10.0.64.0/19
PrivateSubnet3BCIDR: 10.0.208.0/21
PrivateSubnet4ACIDR: 10.0.96.0/19
PrivateSubnet4BCIDR: 10.0.216.0/21
PublicSubnet1CIDR: 10.0.128.0/20
PublicSubnet2CIDR: 10.0.144.0/20
PublicSubnet3CIDR: 10.0.160.0/20
PublicSubnet4CIDR: 10.0.176.0/20
VPCCIDR: 10.0.0.0/16
VPCTenancy: default
regions:
- af-south-1
- ap-east-1
- ap-south-1
## - ap-northeast-3
- ap-northeast-2
- ap-southeast-1
- ap-southeast-2
- ap-northeast-1
- ca-central-1
## - cn-north-1
## - cn-northwest-1
- eu-central-1
- eu-west-1
- eu-west-2
- eu-south-1
- eu-west-3
- eu-north-1
- me-south-1
- sa-east-1
- us-east-1
- us-east-2
- us-west-1
- us-west-2
s3_bucket: ''
template: templates/aws-vpc.template.yaml
3az-complete-all-possible-regions:
parameters:
AvailabilityZones: $[taskcat_getaz_3]
CreateAdditionalPrivateSubnets: 'true'
CreatePrivateSubnets: 'true'
NumberOfAZs: '3'
PrivateSubnet1ACIDR: 10.0.0.0/19
PrivateSubnet1BCIDR: 10.0.192.0/21
PrivateSubnet2ACIDR: 10.0.32.0/19
PrivateSubnet2BCIDR: 10.0.200.0/21
PrivateSubnet3ACIDR: 10.0.64.0/19
PrivateSubnet3BCIDR: 10.0.208.0/21
PrivateSubnet4ACIDR: 10.0.96.0/19
PrivateSubnet4BCIDR: 10.0.216.0/21
PublicSubnet1CIDR: 10.0.128.0/20
PublicSubnet2CIDR: 10.0.144.0/20
PublicSubnet3CIDR: 10.0.160.0/20
PublicSubnet4CIDR: 10.0.176.0/20
VPCCIDR: 10.0.0.0/16
VPCTenancy: default
regions:
- af-south-1
- ap-east-1
- ap-south-1
## - ap-northeast-3
- ap-northeast-2
- ap-southeast-1
- ap-southeast-2
- ap-northeast-1
## - ca-central-1
## - cn-north-1
## - cn-northwest-1
- eu-central-1
- eu-west-1
- eu-west-2
- eu-south-1
- eu-west-3
- eu-north-1
- me-south-1
- sa-east-1
- us-east-1
- us-east-2
## - us-west-1
- us-west-2
s3_bucket: ''
template: templates/aws-vpc.template
4az-complete-all-possible-regions:
parameters:
AvailabilityZones: $[taskcat_getaz_4]
CreateAdditionalPrivateSubnets: 'true'
CreatePrivateSubnets: 'true'
NumberOfAZs: '4'
PrivateSubnet1ACIDR: 10.0.0.0/19
PrivateSubnet1BCIDR: 10.0.192.0/21
PrivateSubnet2ACIDR: 10.0.32.0/19
PrivateSubnet2BCIDR: 10.0.200.0/21
PrivateSubnet3ACIDR: 10.0.64.0/19
PrivateSubnet3BCIDR: 10.0.208.0/21
PrivateSubnet4ACIDR: 10.0.96.0/19
PrivateSubnet4BCIDR: 10.0.216.0/21
PublicSubnet1CIDR: 10.0.128.0/20
PublicSubnet2CIDR: 10.0.144.0/20
PublicSubnet3CIDR: 10.0.160.0/20
PublicSubnet4CIDR: 10.0.176.0/20
VPCCIDR: 10.0.0.0/16
VPCTenancy: default
regions:
## - af-south-1
## - ap-east-1
## - ap-south-1
## - ap-northeast-3
## - ap-northeast-2
## - ap-southeast-1
## - ap-southeast-2
## - ap-northeast-1
## - ca-central-1
## - cn-north-1
## - cn-northwest-1
## - eu-central-1
## - eu-west-1
## - eu-west-2
## - eu-south-1
## - eu-west-3
## - eu-north-1
## - me-south-1
## - sa-east-1
- us-east-1
## - us-east-2
## - us-west-1
- us-west-2
s3_bucket: ''
template: templates/aws-vpc.template
4az-public-all-possible-regions:
parameters:
AvailabilityZones: $[taskcat_getaz_4]
CreateAdditionalPrivateSubnets: 'false'
CreatePrivateSubnets: 'false'
NumberOfAZs: '4'
PrivateSubnet1ACIDR: 10.0.0.0/19
PrivateSubnet1BCIDR: 10.0.192.0/21
PrivateSubnet2ACIDR: 10.0.32.0/19
PrivateSubnet2BCIDR: 10.0.200.0/21
PrivateSubnet3ACIDR: 10.0.64.0/19
PrivateSubnet3BCIDR: 10.0.208.0/21
PrivateSubnet4ACIDR: 10.0.96.0/19
PrivateSubnet4BCIDR: 10.0.216.0/21
PublicSubnet1CIDR: 10.0.128.0/20
PublicSubnet2CIDR: 10.0.144.0/20
PublicSubnet3CIDR: 10.0.160.0/20
PublicSubnet4CIDR: 10.0.176.0/20
VPCCIDR: 10.0.0.0/16
VPCTenancy: default
regions:
## - af-south-1
## - ap-east-1
## - ap-south-1
## - ap-northeast-3
## - ap-northeast-2
## - ap-southeast-1
## - ap-southeast-2
## - ap-northeast-1
## - ca-central-1
## - cn-north-1
## - cn-northwest-1
## - eu-central-1
## - eu-west-1
## - eu-west-2
## - eu-south-1
## - eu-west-3
## - eu-north-1
## - me-south-1
## - sa-east-1
- us-east-1
## - us-east-2
## - us-west-1
- us-west-2
s3_bucket: ''
template: templates/aws-vpc.template

201
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/LICENSE.txt
View File

@@ -1,201 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

7
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/NOTICE.txt
View File

@@ -1,7 +0,0 @@
Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at
http://aws.amazon.com/apache2.0/
or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

9
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/README.md
View File

@@ -1,9 +0,0 @@
# quickstart-aws-vpc
This Quick Start provides a networking foundation for AWS Cloud infrastructures. It deploys an Amazon Virtual Private Cloud (Amazon VPC) according to AWS best practices and guidelines.
The Amazon VPC architecture includes public and private subnets. The first set of private subnets share the default network access control list (ACL) from the Amazon VPC, and a second, optional set of private subnets include dedicated custom network ACLs per subnet. The Quick Start divides the Amazon VPC address space in a predictable manner across multiple Availability Zones, and deploys NAT gateways in each Availability Zone, which provide highly available outbound internet access for the private subnets.
For architectural details, best practices, step-by-step instructions, and customization options, see the [deployment guide](https://fwd.aws/9VdxN).
![Quick Start VPC Design Architecture](https://docs.aws.amazon.com/quickstart/latest/vpc/images/quickstart-vpc-design-fullscreen.png)

74
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/ci/aws-vpc-3az-complete.json
View File

@@ -1,74 +0,0 @@
[
{
"ParameterKey": "AvailabilityZones",
"ParameterValue": "$[taskcat_getaz_3]"
},
{
"ParameterKey": "CreateAdditionalPrivateSubnets",
"ParameterValue": "true"
},
{
"ParameterKey": "CreatePrivateSubnets",
"ParameterValue": "true"
},
{
"ParameterKey": "NumberOfAZs",
"ParameterValue": "3"
},
{
"ParameterKey": "PrivateSubnet1ACIDR",
"ParameterValue": "10.0.0.0/19"
},
{
"ParameterKey": "PrivateSubnet1BCIDR",
"ParameterValue": "10.0.192.0/21"
},
{
"ParameterKey": "PrivateSubnet2ACIDR",
"ParameterValue": "10.0.32.0/19"
},
{
"ParameterKey": "PrivateSubnet2BCIDR",
"ParameterValue": "10.0.200.0/21"
},
{
"ParameterKey": "PrivateSubnet3ACIDR",
"ParameterValue": "10.0.64.0/19"
},
{
"ParameterKey": "PrivateSubnet3BCIDR",
"ParameterValue": "10.0.208.0/21"
},
{
"ParameterKey": "PrivateSubnet4ACIDR",
"ParameterValue": "10.0.96.0/19"
},
{
"ParameterKey": "PrivateSubnet4BCIDR",
"ParameterValue": "10.0.216.0/21"
},
{
"ParameterKey": "PublicSubnet1CIDR",
"ParameterValue": "10.0.128.0/20"
},
{
"ParameterKey": "PublicSubnet2CIDR",
"ParameterValue": "10.0.144.0/20"
},
{
"ParameterKey": "PublicSubnet3CIDR",
"ParameterValue": "10.0.160.0/20"
},
{
"ParameterKey": "PublicSubnet4CIDR",
"ParameterValue": "10.0.176.0/20"
},
{
"ParameterKey": "VPCCIDR",
"ParameterValue": "10.0.0.0/16"
},
{
"ParameterKey": "VPCTenancy",
"ParameterValue": "default"
}
]

74
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/ci/aws-vpc-3az-public.json
View File

@@ -1,74 +0,0 @@
[
{
"ParameterKey": "AvailabilityZones",
"ParameterValue": "$[taskcat_getaz_3]"
},
{
"ParameterKey": "CreateAdditionalPrivateSubnets",
"ParameterValue": "false"
},
{
"ParameterKey": "CreatePrivateSubnets",
"ParameterValue": "false"
},
{
"ParameterKey": "NumberOfAZs",
"ParameterValue": "3"
},
{
"ParameterKey": "PrivateSubnet1ACIDR",
"ParameterValue": "10.0.0.0/19"
},
{
"ParameterKey": "PrivateSubnet1BCIDR",
"ParameterValue": "10.0.192.0/21"
},
{
"ParameterKey": "PrivateSubnet2ACIDR",
"ParameterValue": "10.0.32.0/19"
},
{
"ParameterKey": "PrivateSubnet2BCIDR",
"ParameterValue": "10.0.200.0/21"
},
{
"ParameterKey": "PrivateSubnet3ACIDR",
"ParameterValue": "10.0.64.0/19"
},
{
"ParameterKey": "PrivateSubnet3BCIDR",
"ParameterValue": "10.0.208.0/21"
},
{
"ParameterKey": "PrivateSubnet4ACIDR",
"ParameterValue": "10.0.96.0/19"
},
{
"ParameterKey": "PrivateSubnet4BCIDR",
"ParameterValue": "10.0.216.0/21"
},
{
"ParameterKey": "PublicSubnet1CIDR",
"ParameterValue": "10.0.128.0/20"
},
{
"ParameterKey": "PublicSubnet2CIDR",
"ParameterValue": "10.0.144.0/20"
},
{
"ParameterKey": "PublicSubnet3CIDR",
"ParameterValue": "10.0.160.0/20"
},
{
"ParameterKey": "PublicSubnet4CIDR",
"ParameterValue": "10.0.176.0/20"
},
{
"ParameterKey": "VPCCIDR",
"ParameterValue": "10.0.0.0/16"
},
{
"ParameterKey": "VPCTenancy",
"ParameterValue": "default"
}
]

74
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/ci/aws-vpc-3az.json
View File

@@ -1,74 +0,0 @@
[
{
"ParameterKey": "AvailabilityZones",
"ParameterValue": "$[taskcat_getaz_3]"
},
{
"ParameterKey": "CreateAdditionalPrivateSubnets",
"ParameterValue": "false"
},
{
"ParameterKey": "CreatePrivateSubnets",
"ParameterValue": "true"
},
{
"ParameterKey": "NumberOfAZs",
"ParameterValue": "3"
},
{
"ParameterKey": "PrivateSubnet1ACIDR",
"ParameterValue": "10.0.0.0/19"
},
{
"ParameterKey": "PrivateSubnet1BCIDR",
"ParameterValue": "10.0.192.0/21"
},
{
"ParameterKey": "PrivateSubnet2ACIDR",
"ParameterValue": "10.0.32.0/19"
},
{
"ParameterKey": "PrivateSubnet2BCIDR",
"ParameterValue": "10.0.200.0/21"
},
{
"ParameterKey": "PrivateSubnet3ACIDR",
"ParameterValue": "10.0.64.0/19"
},
{
"ParameterKey": "PrivateSubnet3BCIDR",
"ParameterValue": "10.0.208.0/21"
},
{
"ParameterKey": "PrivateSubnet4ACIDR",
"ParameterValue": "10.0.96.0/19"
},
{
"ParameterKey": "PrivateSubnet4BCIDR",
"ParameterValue": "10.0.216.0/21"
},
{
"ParameterKey": "PublicSubnet1CIDR",
"ParameterValue": "10.0.128.0/20"
},
{
"ParameterKey": "PublicSubnet2CIDR",
"ParameterValue": "10.0.144.0/20"
},
{
"ParameterKey": "PublicSubnet3CIDR",
"ParameterValue": "10.0.160.0/20"
},
{
"ParameterKey": "PublicSubnet4CIDR",
"ParameterValue": "10.0.176.0/20"
},
{
"ParameterKey": "VPCCIDR",
"ParameterValue": "10.0.0.0/16"
},
{
"ParameterKey": "VPCTenancy",
"ParameterValue": "default"
}
]

74
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/ci/aws-vpc-4az-complete.json
View File

@@ -1,74 +0,0 @@
[
{
"ParameterKey": "AvailabilityZones",
"ParameterValue": "$[taskcat_getaz_4]"
},
{
"ParameterKey": "CreateAdditionalPrivateSubnets",
"ParameterValue": "true"
},
{
"ParameterKey": "CreatePrivateSubnets",
"ParameterValue": "true"
},
{
"ParameterKey": "NumberOfAZs",
"ParameterValue": "4"
},
{
"ParameterKey": "PrivateSubnet1ACIDR",
"ParameterValue": "10.0.0.0/19"
},
{
"ParameterKey": "PrivateSubnet1BCIDR",
"ParameterValue": "10.0.192.0/21"
},
{
"ParameterKey": "PrivateSubnet2ACIDR",
"ParameterValue": "10.0.32.0/19"
},
{
"ParameterKey": "PrivateSubnet2BCIDR",
"ParameterValue": "10.0.200.0/21"
},
{
"ParameterKey": "PrivateSubnet3ACIDR",
"ParameterValue": "10.0.64.0/19"
},
{
"ParameterKey": "PrivateSubnet3BCIDR",
"ParameterValue": "10.0.208.0/21"
},
{
"ParameterKey": "PrivateSubnet4ACIDR",
"ParameterValue": "10.0.96.0/19"
},
{
"ParameterKey": "PrivateSubnet4BCIDR",
"ParameterValue": "10.0.216.0/21"
},
{
"ParameterKey": "PublicSubnet1CIDR",
"ParameterValue": "10.0.128.0/20"
},
{
"ParameterKey": "PublicSubnet2CIDR",
"ParameterValue": "10.0.144.0/20"
},
{
"ParameterKey": "PublicSubnet3CIDR",
"ParameterValue": "10.0.160.0/20"
},
{
"ParameterKey": "PublicSubnet4CIDR",
"ParameterValue": "10.0.176.0/20"
},
{
"ParameterKey": "VPCCIDR",
"ParameterValue": "10.0.0.0/16"
},
{
"ParameterKey": "VPCTenancy",
"ParameterValue": "default"
}
]

74
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/ci/aws-vpc-4az-public.json
View File

@@ -1,74 +0,0 @@
[
{
"ParameterKey": "AvailabilityZones",
"ParameterValue": "$[taskcat_getaz_4]"
},
{
"ParameterKey": "CreateAdditionalPrivateSubnets",
"ParameterValue": "false"
},
{
"ParameterKey": "CreatePrivateSubnets",
"ParameterValue": "false"
},
{
"ParameterKey": "NumberOfAZs",
"ParameterValue": "4"
},
{
"ParameterKey": "PrivateSubnet1ACIDR",
"ParameterValue": "10.0.0.0/19"
},
{
"ParameterKey": "PrivateSubnet1BCIDR",
"ParameterValue": "10.0.192.0/21"
},
{
"ParameterKey": "PrivateSubnet2ACIDR",
"ParameterValue": "10.0.32.0/19"
},
{
"ParameterKey": "PrivateSubnet2BCIDR",
"ParameterValue": "10.0.200.0/21"
},
{
"ParameterKey": "PrivateSubnet3ACIDR",
"ParameterValue": "10.0.64.0/19"
},
{
"ParameterKey": "PrivateSubnet3BCIDR",
"ParameterValue": "10.0.208.0/21"
},
{
"ParameterKey": "PrivateSubnet4ACIDR",
"ParameterValue": "10.0.96.0/19"
},
{
"ParameterKey": "PrivateSubnet4BCIDR",
"ParameterValue": "10.0.216.0/21"
},
{
"ParameterKey": "PublicSubnet1CIDR",
"ParameterValue": "10.0.128.0/20"
},
{
"ParameterKey": "PublicSubnet2CIDR",
"ParameterValue": "10.0.144.0/20"
},
{
"ParameterKey": "PublicSubnet3CIDR",
"ParameterValue": "10.0.160.0/20"
},
{
"ParameterKey": "PublicSubnet4CIDR",
"ParameterValue": "10.0.176.0/20"
},
{
"ParameterKey": "VPCCIDR",
"ParameterValue": "10.0.0.0/16"
},
{
"ParameterKey": "VPCTenancy",
"ParameterValue": "default"
}
]

74
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/ci/aws-vpc-4az.json
View File

@@ -1,74 +0,0 @@
[
{
"ParameterKey": "AvailabilityZones",
"ParameterValue": "$[taskcat_getaz_4]"
},
{
"ParameterKey": "CreateAdditionalPrivateSubnets",
"ParameterValue": "false"
},
{
"ParameterKey": "CreatePrivateSubnets",
"ParameterValue": "true"
},
{
"ParameterKey": "NumberOfAZs",
"ParameterValue": "4"
},
{
"ParameterKey": "PrivateSubnet1ACIDR",
"ParameterValue": "10.0.0.0/19"
},
{
"ParameterKey": "PrivateSubnet1BCIDR",
"ParameterValue": "10.0.192.0/21"
},
{
"ParameterKey": "PrivateSubnet2ACIDR",
"ParameterValue": "10.0.32.0/19"
},
{
"ParameterKey": "PrivateSubnet2BCIDR",
"ParameterValue": "10.0.200.0/21"
},
{
"ParameterKey": "PrivateSubnet3ACIDR",
"ParameterValue": "10.0.64.0/19"
},
{
"ParameterKey": "PrivateSubnet3BCIDR",
"ParameterValue": "10.0.208.0/21"
},
{
"ParameterKey": "PrivateSubnet4ACIDR",
"ParameterValue": "10.0.96.0/19"
},
{
"ParameterKey": "PrivateSubnet4BCIDR",
"ParameterValue": "10.0.216.0/21"
},
{
"ParameterKey": "PublicSubnet1CIDR",
"ParameterValue": "10.0.128.0/20"
},
{
"ParameterKey": "PublicSubnet2CIDR",
"ParameterValue": "10.0.144.0/20"
},
{
"ParameterKey": "PublicSubnet3CIDR",
"ParameterValue": "10.0.160.0/20"
},
{
"ParameterKey": "PublicSubnet4CIDR",
"ParameterValue": "10.0.176.0/20"
},
{
"ParameterKey": "VPCCIDR",
"ParameterValue": "10.0.0.0/16"
},
{
"ParameterKey": "VPCTenancy",
"ParameterValue": "default"
}
]

74
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/ci/aws-vpc-complete.json
View File

@@ -1,74 +0,0 @@
[
{
"ParameterKey": "AvailabilityZones",
"ParameterValue": "$[taskcat_getaz_2]"
},
{
"ParameterKey": "CreateAdditionalPrivateSubnets",
"ParameterValue": "true"
},
{
"ParameterKey": "CreatePrivateSubnets",
"ParameterValue": "true"
},
{
"ParameterKey": "NumberOfAZs",
"ParameterValue": "2"
},
{
"ParameterKey": "PrivateSubnet1ACIDR",
"ParameterValue": "10.0.0.0/19"
},
{
"ParameterKey": "PrivateSubnet1BCIDR",
"ParameterValue": "10.0.192.0/21"
},
{
"ParameterKey": "PrivateSubnet2ACIDR",
"ParameterValue": "10.0.32.0/19"
},
{
"ParameterKey": "PrivateSubnet2BCIDR",
"ParameterValue": "10.0.200.0/21"
},
{
"ParameterKey": "PrivateSubnet3ACIDR",
"ParameterValue": "10.0.64.0/19"
},
{
"ParameterKey": "PrivateSubnet3BCIDR",
"ParameterValue": "10.0.208.0/21"
},
{
"ParameterKey": "PrivateSubnet4ACIDR",
"ParameterValue": "10.0.96.0/19"
},
{
"ParameterKey": "PrivateSubnet4BCIDR",
"ParameterValue": "10.0.216.0/21"
},
{
"ParameterKey": "PublicSubnet1CIDR",
"ParameterValue": "10.0.128.0/20"
},
{
"ParameterKey": "PublicSubnet2CIDR",
"ParameterValue": "10.0.144.0/20"
},
{
"ParameterKey": "PublicSubnet3CIDR",
"ParameterValue": "10.0.160.0/20"
},
{
"ParameterKey": "PublicSubnet4CIDR",
"ParameterValue": "10.0.176.0/20"
},
{
"ParameterKey": "VPCCIDR",
"ParameterValue": "10.0.0.0/16"
},
{
"ParameterKey": "VPCTenancy",
"ParameterValue": "default"
}
]

74
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/ci/aws-vpc-dedicated.json
View File

@@ -1,74 +0,0 @@
[
{
"ParameterKey": "AvailabilityZones",
"ParameterValue": "$[taskcat_getaz_2]"
},
{
"ParameterKey": "CreateAdditionalPrivateSubnets",
"ParameterValue": "false"
},
{
"ParameterKey": "CreatePrivateSubnets",
"ParameterValue": "false"
},
{
"ParameterKey": "NumberOfAZs",
"ParameterValue": "2"
},
{
"ParameterKey": "PrivateSubnet1ACIDR",
"ParameterValue": "10.0.0.0/19"
},
{
"ParameterKey": "PrivateSubnet1BCIDR",
"ParameterValue": "10.0.192.0/21"
},
{
"ParameterKey": "PrivateSubnet2ACIDR",
"ParameterValue": "10.0.32.0/19"
},
{
"ParameterKey": "PrivateSubnet2BCIDR",
"ParameterValue": "10.0.200.0/21"
},
{
"ParameterKey": "PrivateSubnet3ACIDR",
"ParameterValue": "10.0.64.0/19"
},
{
"ParameterKey": "PrivateSubnet3BCIDR",
"ParameterValue": "10.0.208.0/21"
},
{
"ParameterKey": "PrivateSubnet4ACIDR",
"ParameterValue": "10.0.96.0/19"
},
{
"ParameterKey": "PrivateSubnet4BCIDR",
"ParameterValue": "10.0.216.0/21"
},
{
"ParameterKey": "PublicSubnet1CIDR",
"ParameterValue": "10.0.128.0/20"
},
{
"ParameterKey": "PublicSubnet2CIDR",
"ParameterValue": "10.0.144.0/20"
},
{
"ParameterKey": "PublicSubnet3CIDR",
"ParameterValue": "10.0.160.0/20"
},
{
"ParameterKey": "PublicSubnet4CIDR",
"ParameterValue": "10.0.176.0/20"
},
{
"ParameterKey": "VPCCIDR",
"ParameterValue": "10.0.0.0/16"
},
{
"ParameterKey": "VPCTenancy",
"ParameterValue": "dedicated"
}
]

74
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/ci/aws-vpc-defaults.json
View File

@@ -1,74 +0,0 @@
[
{
"ParameterKey": "AvailabilityZones",
"ParameterValue": "$[taskcat_getaz_2]"
},
{
"ParameterKey": "CreateAdditionalPrivateSubnets",
"ParameterValue": "false"
},
{
"ParameterKey": "CreatePrivateSubnets",
"ParameterValue": "true"
},
{
"ParameterKey": "NumberOfAZs",
"ParameterValue": "2"
},
{
"ParameterKey": "PrivateSubnet1ACIDR",
"ParameterValue": "10.0.0.0/19"
},
{
"ParameterKey": "PrivateSubnet1BCIDR",
"ParameterValue": "10.0.192.0/21"
},
{
"ParameterKey": "PrivateSubnet2ACIDR",
"ParameterValue": "10.0.32.0/19"
},
{
"ParameterKey": "PrivateSubnet2BCIDR",
"ParameterValue": "10.0.200.0/21"
},
{
"ParameterKey": "PrivateSubnet3ACIDR",
"ParameterValue": "10.0.64.0/19"
},
{
"ParameterKey": "PrivateSubnet3BCIDR",
"ParameterValue": "10.0.208.0/21"
},
{
"ParameterKey": "PrivateSubnet4ACIDR",
"ParameterValue": "10.0.96.0/19"
},
{
"ParameterKey": "PrivateSubnet4BCIDR",
"ParameterValue": "10.0.216.0/21"
},
{
"ParameterKey": "PublicSubnet1CIDR",
"ParameterValue": "10.0.128.0/20"
},
{
"ParameterKey": "PublicSubnet2CIDR",
"ParameterValue": "10.0.144.0/20"
},
{
"ParameterKey": "PublicSubnet3CIDR",
"ParameterValue": "10.0.160.0/20"
},
{
"ParameterKey": "PublicSubnet4CIDR",
"ParameterValue": "10.0.176.0/20"
},
{
"ParameterKey": "VPCCIDR",
"ParameterValue": "10.0.0.0/16"
},
{
"ParameterKey": "VPCTenancy",
"ParameterValue": "default"
}
]

74
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/ci/aws-vpc-public.json
View File

@@ -1,74 +0,0 @@
[
{
"ParameterKey": "AvailabilityZones",
"ParameterValue": "$[taskcat_getaz_2]"
},
{
"ParameterKey": "CreateAdditionalPrivateSubnets",
"ParameterValue": "false"
},
{
"ParameterKey": "CreatePrivateSubnets",
"ParameterValue": "false"
},
{
"ParameterKey": "NumberOfAZs",
"ParameterValue": "2"
},
{
"ParameterKey": "PrivateSubnet1ACIDR",
"ParameterValue": "10.0.0.0/19"
},
{
"ParameterKey": "PrivateSubnet1BCIDR",
"ParameterValue": "10.0.192.0/21"
},
{
"ParameterKey": "PrivateSubnet2ACIDR",
"ParameterValue": "10.0.32.0/19"
},
{
"ParameterKey": "PrivateSubnet2BCIDR",
"ParameterValue": "10.0.200.0/21"
},
{
"ParameterKey": "PrivateSubnet3ACIDR",
"ParameterValue": "10.0.64.0/19"
},
{
"ParameterKey": "PrivateSubnet3BCIDR",
"ParameterValue": "10.0.208.0/21"
},
{
"ParameterKey": "PrivateSubnet4ACIDR",
"ParameterValue": "10.0.96.0/19"
},
{
"ParameterKey": "PrivateSubnet4BCIDR",
"ParameterValue": "10.0.216.0/21"
},
{
"ParameterKey": "PublicSubnet1CIDR",
"ParameterValue": "10.0.128.0/20"
},
{
"ParameterKey": "PublicSubnet2CIDR",
"ParameterValue": "10.0.144.0/20"
},
{
"ParameterKey": "PublicSubnet3CIDR",
"ParameterValue": "10.0.160.0/20"
},
{
"ParameterKey": "PublicSubnet4CIDR",
"ParameterValue": "10.0.176.0/20"
},
{
"ParameterKey": "VPCCIDR",
"ParameterValue": "10.0.0.0/16"
},
{
"ParameterKey": "VPCTenancy",
"ParameterValue": "default"
}
]

74
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/ci/aws-vpc-sa-east-1.json
View File

@@ -1,74 +0,0 @@
[
{
"ParameterKey": "AvailabilityZones",
"ParameterValue": "sa-east-1b,sa-east-1c"
},
{
"ParameterKey": "CreateAdditionalPrivateSubnets",
"ParameterValue": "false"
},
{
"ParameterKey": "CreatePrivateSubnets",
"ParameterValue": "true"
},
{
"ParameterKey": "NumberOfAZs",
"ParameterValue": "2"
},
{
"ParameterKey": "PrivateSubnet1ACIDR",
"ParameterValue": "10.0.0.0/19"
},
{
"ParameterKey": "PrivateSubnet1BCIDR",
"ParameterValue": "10.0.192.0/21"
},
{
"ParameterKey": "PrivateSubnet2ACIDR",
"ParameterValue": "10.0.32.0/19"
},
{
"ParameterKey": "PrivateSubnet2BCIDR",
"ParameterValue": "10.0.200.0/21"
},
{
"ParameterKey": "PrivateSubnet3ACIDR",
"ParameterValue": "10.0.64.0/19"
},
{
"ParameterKey": "PrivateSubnet3BCIDR",
"ParameterValue": "10.0.208.0/21"
},
{
"ParameterKey": "PrivateSubnet4ACIDR",
"ParameterValue": "10.0.96.0/19"
},
{
"ParameterKey": "PrivateSubnet4BCIDR",
"ParameterValue": "10.0.216.0/21"
},
{
"ParameterKey": "PublicSubnet1CIDR",
"ParameterValue": "10.0.128.0/20"
},
{
"ParameterKey": "PublicSubnet2CIDR",
"ParameterValue": "10.0.144.0/20"
},
{
"ParameterKey": "PublicSubnet3CIDR",
"ParameterValue": "10.0.160.0/20"
},
{
"ParameterKey": "PublicSubnet4CIDR",
"ParameterValue": "10.0.176.0/20"
},
{
"ParameterKey": "VPCCIDR",
"ParameterValue": "10.0.0.0/16"
},
{
"ParameterKey": "VPCTenancy",
"ParameterValue": "default"
}
]

70
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/ci/taskcat.yml
View File

@@ -1,70 +0,0 @@
global:
govcloud: true
marketplace-ami: false
owner: quickstart@amazon.com
qsname: quickstart-aws-vpc
regions:
- ap-northeast-1
- ap-northeast-2
- ap-south-1
- ap-southeast-1
- ap-southeast-2
- ca-central-1
- eu-central-1
- eu-west-1
- eu-west-2
- us-east-1
- us-east-2
- us-west-1
- us-west-2
reporting: true
tests:
vpc-defaults:
parameter_input: aws-vpc-defaults.json
template_file: aws-vpc.template
vpc-complete:
parameter_input: aws-vpc-complete.json
template_file: aws-vpc.template
vpc-defaults-sa-east-1:
parameter_input: aws-vpc-sa-east-1.json
template_file: aws-vpc.template
regions:
- sa-east-1
vpc-public:
parameter_input: aws-vpc-public.json
template_file: aws-vpc.template
3az-eu-west-1:
parameter_input: aws-vpc-3az.json
regions:
- eu-west-1
template_file: aws-vpc.template
3az-complete-us-east-2:
parameter_input: aws-vpc-3az-complete.json
regions:
- us-east-2
template_file: aws-vpc.template
3az-public-us-west-2:
parameter_input: aws-vpc-3az-public.json
regions:
- us-west-2
template_file: aws-vpc.template
4az-us-east-1:
parameter_input: aws-vpc-4az.json
regions:
- us-east-1
template_file: aws-vpc.template
4az-complete-us-east-1:
parameter_input: aws-vpc-4az-complete.json
regions:
- us-east-1
template_file: aws-vpc.template
4az-public-us-east-1:
parameter_input: aws-vpc-4az-public.json
regions:
- us-east-1
template_file: aws-vpc.template
dedicated-us-west-1:
parameter_input: aws-vpc-dedicated.json
regions:
- us-west-1
template_file: aws-vpc.template

1
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/docs/generated/parameters/index.adoc
View File

@@ -1 +0,0 @@
// placeholder

1
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/docs/generated/regions/index.adoc
View File

@@ -1 +0,0 @@
// placeholder

1
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/docs/generated/services/index.adoc
View File

@@ -1 +0,0 @@
// placeholder

1
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/docs/generated/services/metadata.adoc
View File

@@ -1 +0,0 @@
// placeholder

BIN
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/docs/images/architecture_diagram.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 88 KiB

BIN
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/docs/images/aws-quickstart-graphic.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 26 KiB

BIN
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/docs/images/cfn_outputs.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 197 KiB

14
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/docs/partner_editable/_settings.adoc
View File

@@ -1,14 +0,0 @@
:quickstart-project-name: quickstart-aws-vpc
:partner-product-name: Amazon VPC
:partner-company-name:
:doc-month: July
:doc-year: 2020
:partner-contributors:
:quickstart-contributors: Santiago Cardenas, AWS Quick Start team
:deployment_time: 5 minutes
:default_deployment_region: us-west-2
// Uncomment these two attributes if you are leveraging
// - an AWS Marketplace listing.
// Additional content will be auto-generated based on these attributes.
// :marketplace_subscription:
// :marketplace_listing_url: https://example.com/

323
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/docs/partner_editable/additional_info.adoc
View File

@@ -1,323 +0,0 @@
// Add steps as necessary for accessing the software, post-configuration, and testing. Dont include full usage instructions for your software, but add links to your product documentation for that information.
//Should any sections not be applicable, remove them
== Add AWS services or other applications
// If Post-deployment steps are required, add them here. If not, remove the heading
After you use this Quick Start to build your VPC environment, you can deploy additional
Quick Starts or deploy your own applications on top of this AWS infrastructure. If you
decide to extend your AWS environment with https://aws.amazon.com/quickstart/[additional Quick Starts] for trial or production
use, we recommend that you choose the option to deploy the Quick Start into an existing
VPC, where that option is available.
If you decide to deploy additional private subnets with dedicated network ACLs, make sure
you review the configuration and adjust it accordingly. By default, the custom ACLs are
configured to allow all inbound and outbound traffic to flow in order to facilitate the
deployment of additional infrastructure. For more information, see https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html[Network ACLs] and
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Appendix_NACLs.html[Recommended Network ACL Rules for Your VPC] in the Amazon VPC documentation.
== Best practices for using {partner-product-name} on AWS
// Provide post-deployment best practices for using the technology on AWS, including considerations such as migrating data, backups, ensuring high performance, high availability, etc. Link to software documentation for detailed information.
The architecture built by this Quick Start supports AWS best practices for high availability
and security. The Quick Start provides:
* Up to four Availability Zones for high availability and disaster recovery. (AWS
recommends maximizing your use of Availability Zones to isolate a data center outage.)
Availability Zones are geographically distributed within a region and spaced for best
insulation and stability in the event of a natural disaster.
* Separate subnets for unique routing requirements. AWS recommends using public
subnets for external-facing resources and private subnets for internal resources. For
each Availability Zone, this Quick Start provisions one public subnet and one private
subnet by default. (If you need public subnets only, you can disable the creation of the
private subnets.) For subnet sizing strategies, see the next section.
* Additional layer of security. AWS recommends using network ACLs as firewalls to
control inbound and outbound traffic at the subnet level. This Quick Start provides an
option to create a network ACL protected subnet in each Availability Zone. These
network ACLs provide individual controls that you can customize as a second layer of
defense.
We recommend that you use network ACLs sparingly for the following reasons: they can
be complex to manage, they are stateless, every IP address must be explicitly opened in
each (inbound/outbound) direction, and they affect a complete subnet. We recommend
that you use security groups more often than network ACLs, and create and apply these
based on a schema that works for your organization. Some examples are server roles and
application roles. For more information about security groups and network ACLs, see
the link:#_security[Security] section later in this guide.
* Independent route tables configured for every private subnet to control the flow of
traffic within and outside the Amazon VPC. The public subnets share a single routing
table, because they all use the same Internet gateway as the sole route to communicate
with the Internet.
* Highly available NAT gateways, where supported, instead of NAT instances. NAT
gateways offer major advantages in terms of deployment, availability, and maintenance.
For more information see the http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-comparison.html[comparison] provided in the Amazon VPC documentation.
* Spare capacity for additional subnets, to support your environment as it grows or
changes over time.
For additional information about these best practices, see the following documentation:
* http://d0.awsstatic.com/aws-answers/AWS_Single_VPC_Design.pdf[AWS Single VPC Design] from the AWS Answers website
* http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html[Your VPC and Subnets] in the Amazon VPC documentation
* https://medium.com/aws-activate-startup-blog/practical-vpc-design-8412e1a18dcc[Practical VPC Design] in the AWS Startups blog
* http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html[Network ACLs] in the Amazon VPC documentation
=== Subnet Sizing
In this Quick Start, the sizing of CIDR blocks used in the subnets is based on a typical
deployment, where private subnets would have roughly double the number of instances
found in public subnets. However, during deployment, you can use the CIDR block
parameters to resize the CIDR scopes to meet your architectural needs.
In the default subnet allocation, the VPC is divided into subnet types and then further
segmented per Availability Zone, as illustrated in link:#_architecture[Figure 1]. The Quick Start provides the
following default CIDR block sizes to maximize capacity:
[cols="60,40a", options="header",grid=none, frame=topbot, stripes=even]
|===
| VPC
^| 10.0.0.0/16
|Private subnets A
^|10.0.0.0/17
|
|
[cols="2,1", grid=rows, frame=topbot]
!===
! Availability Zone 1
^! 10.0.0.0/19
! Availability Zone 2
^! 10.0.32.0/19
! Availability Zone 3
^! 10.0.64.0/19
! Availability Zone 4
^! 10.0.96.0/19
!===
|Public subnets
^|10.0.128.0/18
|
|
[cols="2,1", grid=rows, frame=topbot]
!===
! Availability Zone 1
^! 10.0.128.0/20
! Availability Zone 2
^! 10.0.144.0/20
! Availability Zone 3
^! 10.0.160.0/20
! Availability Zone 4
^! 10.0.176.0/20
!===
|Private subnets B with
dedicated custom network
ACL
^|10.0.192.0/19
|
|
[cols="2,1", grid=rows, frame=topbot]
!===
! Availability Zone 1
^! 10.0.192.0/21
! Availability Zone 2
^! 10.0.200.0/21
! Availability Zone 3
^! 10.0.208.0/21
! Availability Zone 4
^! 10.0.216.0/21
!===
|Spare subnet capacity
^|10.0.224.0/19
|
|
[cols="2,1", grid=rows, frame=topbot]
!===
! Availability Zone 1
^! 10.0.224.0/21
! Availability Zone 2
^! 10.0.232.0/21
! Availability Zone 3
^! 10.0.240.0/21
! Availability Zone 4
^! 10.0.248.0/21
!===
|===
Alternatively, there may be situations where you would want to separate the CIDR scopes
by dividing the VPC into Availability Zones and then into subnet types. The recommended
CIDR blocks to maximize capacity for this scenario are as follows:
[cols="60,40a", options="header",grid=none, frame=topbot, stripes=even]
|===
| VPC
^| 10.0.0.0/16
|Availability Zone 1
^|10.0.0.0/18
|
|
[cols="2,1", grid=rows, frame=topbot]
!===
! Private subnet A
^! 10.0.0.0/19
! Public subnet
^! 10.0.32.0/20
! Private subnet B
^! 10.0.48.0/21
! Spare subnet capacity
^! 10.0.56.0/21
!===
|Availability Zone 2
^|10.0.64.0/18
|
|
[cols="2,1", grid=rows, frame=topbot]
!===
! Private subnet A
^! 10.0.64.0/19
! Public subnet
^! 10.0.96.0/20
! Private subnet B
^! 10.0.112.0/21
! Spare subnet capacity
^! 10.0.120.0/21
!===
|Availability Zone 3
^|10.0.128.0/18
|
|
[cols="2,1", grid=rows, frame=topbot]
!===
! Private subnet A
^! 10.0.128.0/19
! Public subnet
^! 10.0.160.0/20
! Private subnet B
^! 10.0.176.0/21
! Spare subnet capacity
^! 10.0.184.0/21
!===
|Availability Zone 4
^|10.0.192.0/18
|
|
[cols="2,1", grid=rows, frame=topbot]
!===
! Private subnet A
^! 10.0.192.0/19
! Public subnet
^! 10.0.224.0/20
! Private subnet B
^! 10.0.240.0/21
! Spare subnet capacity
^! 10.0.248.0/21
!===
|===
To customize the CIDR ranges for this scenario or to implement your own segmentation
strategy, you can configure the Quick Start parameters described in link:#_launch_a_new_vpc[Launch a new VPC]. For more
information about VPC and subnet sizing, see the https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html#VPC_Sizing[AWS documentation].
== Security
// Provide post-deployment best practices for using the technology on AWS, including considerations such as migrating data, backups, ensuring high performance, high availability, etc. Link to software documentation for detailed information.
=== Public and Private Subnets
This Quick Start provisions one public and one private subnet in each Availability Zone by
default. You can also choose to add additional private subnets with dedicated network
ACLs.
A public subnet is directly routable to the Internet via a route in the route table that points
to the Internet gateway. This type of subnet allows the use of Elastic IPs and public IPs, and
(if the security group and network ACLs permit) a public subnet is reachable from the
Internet. A public subnet is useful as a DMZ infrastructure for web servers and for Internetfacing Elastic Load Balancing (ELB) load balancers.
Private subnets can indirectly route to the Internet via a NAT instance or NAT gateway.
These NAT devices reside in a public subnet in order to route directly to the Internet.
Instances in a private subnet are not externally reachable from outside the Amazon VPC,
regardless of whether they have a public or Elastic IP address attached. A private subnet is
useful for application servers and databases.
=== Using Security Groups and Network ACLs
The following table describes the differences between security groups and network ACLs:
|===
|Security group |Network ACL
// Space needed to maintain table headers
|Operates at the instance level (first layer of defense) |Operates at the subnet level (second layer of defense)
|Supports allow rules only |Supports allow rules and deny rules
|Is stateful: Return traffic is automatically allowed, regardless of any rules|Is stateless: Return traffic must be explicitly allowed by rules
|We evaluate all rules before deciding whether to allow traffic|We process rules in numerical order when deciding whether to allow traffic
|Applies to an instance only if someone specifies the security group when launching the instance, or associates the security group with the instance later on| Automatically applies to all instances in the subnets it's associated with (backup layer of defense, so you don't have to rely on someone specifying the security group)
|===
The network ACLs in this Quick Start are configured as follows:
* All public and private subnets are associated with the same default network ACL, which
is automatically created for all VPCs on AWS. This network ACL allows all inbound and
outbound traffic. As you deploy instances and services, you should associate them with
security groups and allow only the traffic and ports needed for your application.
* Each additional private subnet is associated with a custom network ACL (1:1 ratio).
These network ACLs are initially configured to allow all inbound and outbound traffic to
facilitate the deployment of additional instances and services. As with the other subnets,
you should use security groups to secure the environment internally, and you can lock
down the custom network ACLs during or after deployment as required by your
application.
If the Quick Start deploys NAT instances instead of NAT gateways in the AWS Region you
selected, it adds a single security group as a virtual firewall. This security group is required
for NAT instances and any other instances in the private subnets to access the Internet. The
security group is configured as follows:
==== Inbound:
|===
|Source|Protocol|Ports
|VPC CIDR|All|All
|===
==== Outbound:
|===
|Destination|Protocol|Ports
|0.0.0.0/0 |All|All
|===
For additional details, see https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Security.html[Security in Your VPC] in the Amazon VPC documentation.
== Other useful information
//Provide any other information of interest to users, especially focusing on areas where AWS or cloud usage differs from on-premises usage.
=== AWS services
* http://aws.amazon.com/documentation/cloudformation/[AWS CloudFormation]
* Amazon EC2
** http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/[User guide for Microsoft Windows]
** https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/[User guide for Linux:]
* http://aws.amazon.com/documentation/vpc/[Amazon VPC]
** https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html[Security groups]
** https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html[Network ACLs]
** http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html[NAT gateways]
* Best practices for implementing VPCs
** http://d0.awsstatic.com/aws-answers/AWS_Single_VPC_Design.pdf[AWS Single VPC Design]
** http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html[Your VPC and Subnets]
** https://medium.com/aws-activate-startup-blog/practical-vpc-design-8412e1a18dcc[Practical VPC Design]
=== Quick Start reference deployments
* https://aws.amazon.com/quickstart/[AWS Quick Start home page]
=== GitHub Repository
You can visit our https://fwd.aws/rdXz7[GitHub repository] to download the templates and scripts for this Quick
Start, to post your comments, and to share your customizations with others.

35
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/docs/partner_editable/architecture.adoc
View File

@@ -1,35 +0,0 @@
Deploying this Quick Start for a new virtual private cloud (VPC) with
*default parameters* builds the following _{partner-product-name}_ environment in the
AWS Cloud.
// Replace this example diagram with your own. Send us your source PowerPoint file. Be sure to follow our guidelines here : http://(we should include these points on our contributors giude)
[#architecture1]
.Quick Start architecture for _{partner-product-name}_ on AWS
[link=images/architecture_diagram.png]
image::../images/architecture_diagram.png[Architecture,width=648,height=439]
NOTE: The IP addresses exclude five addresses from each subnet that are reserved and unavailable for use *
As shown in Figure 1, the Quick Start sets up the following:
The AWS CloudFormation template sets up the virtual network and creates networking
resources.
The template creates a Multi-AZ, multi-subnet VPC infrastructure with managed NAT
gateways in the public subnet for each Availability Zone. You can also create additional
private subnets with dedicated custom network access control lists (ACLs). If you deploy
the Quick Start in a region that doesnt support NAT gateways, NAT instances are deployed
instead. Default subnet sizes are based on a typical deployment but can be reconfigured, as
discussed in the link:#_subnet_sizing[Subnet Sizing] section.
The Quick Start also includes VPC endpoints, which provide a secure, reliable connection to
Amazon S3 without requiring an Internet gateway, a NAT device, or a virtual private
gateway. With these endpoints, you can access S3 resources from within the VPC created by
the Quick Start. These endpoints are valid only for the AWS Region in which you launch the
Quick Start.
The Quick Start uses the default endpoint policy, which gives any user or service within the
VPC full access to Amazon S3 resources. This policy supplements any IAM user policies or
S3 bucket policies that you may have in place.
The Quick Start also enables Domain Name System (DNS) resolution in the VPC. For more
information about VPC endpoints, see the https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-s3.html[AWS documentation].

52
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/docs/partner_editable/deploy_steps.adoc
View File

@@ -1,52 +0,0 @@
// We need to work around Step numbers here if we are going to potentially exclude the AMI subscription
=== Sign in to your AWS account
. Sign in to your AWS account at https://aws.amazon.com with an IAM user role that has the necessary permissions. For details, see link:#_planning_the_deployment[Planning the deployment] earlier in this guide.
. Make sure that your AWS account is configured correctly, as discussed in the link:#_technical_requirements[Technical requirements] section.
// Optional based on Marketplace listing. Not to be edited
ifdef::marketplace_subscription[]
=== Subscribe to the {partner-product-name} AMI
This Quick Start requires a subscription to the AMI for {partner-product-name} in AWS Marketplace.
. Sign in to your AWS account.
. {marketplace_listing_url}[Open the page for the {partner-product-name} AMI in AWS Marketplace], and then choose *Continue to Subscribe*.
. Review the terms and conditions for software usage, and then choose *Accept Terms*. +
A confirmation page loads, and an email confirmation is sent to the account owner. For detailed subscription instructions, see the https://aws.amazon.com/marketplace/help/200799470[AWS Marketplace documentation^].
. When the subscription process is complete, exit out of AWS Marketplace without further action. *Do not* provision the software from AWS Marketplace—the Quick Start deploys the AMI for you.
endif::marketplace_subscription[]
// \Not to be edited
=== Launch the Quick Start
NOTE: You are responsible for the cost of the AWS services used while running this Quick Start reference deployment. There is no additional cost for using this Quick Start. For full details, see the pricing pages for each AWS service used by this Quick Start. Prices are subject to change.
. Sign in to your AWS account, and choose the following option to launch the AWS CloudFormation template.
[cols=2*]
|===
^|https://fwd.aws/mm853[Deploy {partner-product-name} on AWS^]
^|link:=../../templates/aws-vpc.template.yaml[View template^]
|===
Also, make sure that the domain name option in the DHCP options is configured as explained in the http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_DHCP_Options.html[Amazon VPC documentation^]. You provide your VPC settings when you launch the Quick Start.
Each deployment takes about {deployment_time} to complete.
[start=2]
. Check the AWS Region thats displayed in the upper-right corner of the navigation bar, and change it if necessary. This is where the network infrastructure for {partner-product-name} will be built. The template is launched in the {default_deployment_region} Region by default.
// *Note:* This deployment includes Amazon EFS, which isnt currently supported in all AWS Regions. For a current list of supported Regions, see the https://docs.aws.amazon.com/general/latest/gr/elasticfilesystem.html[endpoints and quotas webpage].
[start=3]
. On the *Create stack* page, keep the default setting for the template URL, and then choose *Next*.
. On the *Specify stack details* page, change the stack name if needed. Review the parameters for the template. Provide values for the parameters that require input. For all other parameters, review the default settings and customize them as necessary. For example, you can change the network configuration parameters if you
want to reconfigure the subnet segmentation used for the VPC, as discussed earlier in
the link:#_subnet_sizing[Subnet Sizing] section.
// In the following tables, parameters are listed by category and described separately for the two deployment options:
// * Parameters for deploying {partner-product-name} into a new VPC
// * Parameters for deploying {partner-product-name} into an existing VPC

5
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/docs/partner_editable/deployment_options.adoc
View File

@@ -1,5 +0,0 @@
// There are generally two deployment options. If additional are required, add them here
This Quick Start provides one deployment option:
* *Deploy a new VPC (end-to-end deployment)*. This option builds a new AWS environment consisting of the VPC, subnets, NAT gateways, security groups, and other infrastructure components.

33
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/docs/partner_editable/faq_troubleshooting.adoc
View File

@@ -1,33 +0,0 @@
// Add any tips or answers to anticipated questions. This could include the following troubleshooting information. If you dont have any other Q&A to add, change “FAQ” to “Troubleshooting.”
== FAQ
*Q.* I encountered a *CREATE_FAILED* error when I launched the Quick Start.
*A.* If AWS CloudFormation fails to create the stack, we recommend that you relaunch the template with *Rollback on failure* set to *No*. (This setting is under *Advanced* in the AWS CloudFormation console, *Options* page.) With this setting, the stacks state is retained and the instance is left running, so you can troubleshoot the issue. (For Windows, look at the log files in %ProgramFiles%\Amazon\EC2ConfigService and C:\cfn\log.)
// If youre deploying on Linux instances, provide the location for log files on Linux, or omit this sentence.
WARNING: When you set *Rollback on failure* to *Disabled*, you continue to incur AWS charges for this stack. Please make sure to delete the stack when you finish troubleshooting.
For additional information, see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/troubleshooting.html[Troubleshooting AWS CloudFormation^] on the AWS website.
*Q.* I encountered a size limitation error when I deployed the AWS CloudFormation templates.
*A.* We recommend that you launch the Quick Start templates from the links in this guide or from another S3 bucket. If you deploy the templates from a local copy on your computer or from a location other than an S3 bucket, you might encounter template size limitations. For more information about AWS CloudFormation quotas, see the http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cloudformation-limits.html[AWS documentation^].
== Troubleshooting
The following table lists specific *CREATE_FAILED* error messages you might encounter.
|===
|Error message|Possible cause|What to do
|*API: ec2: RunInstances Not authorized for images: ami-ID*|The template is referencing an AMI that has expired.|We refresh AMIs on a regular basis, but our schedule isnt always synchronized with AWS AMI updates. If you get this error message, notify us, and well update the template with the new AMI ID.
If youd like to fix the template yourself, you can https://fwd.aws/px53q[download it] and update the `Mappings` section with the latest AMI ID for your region.
|*We currently do not have sufficient t2.small capacity in the AZ you requested*|The NAT instance requires a larger or different instance type|Switch to an instance type that supports higher capacity. If a higher-capacity instance type isnt available, try a different Availability Zone or region. Or you can complete the https://console.aws.amazon.com/support/home#/case/create?issueType=service-limit-increase&limitType=service-code-[request form] in the AWS Support Center to increase the Amazon EC2 limit for the instance type or region. Limit increases are tied to the region they were requested for.
|*Instance ID did not stabilize*|You have exceeded your IOPS for the region.|Request a limit increase by completing the https://console.aws.amazon.com/support/home#/case/create?issueType=service-limit-increase&limitType=service-code-[request form] in the AWS Support Center.
|===
If you encounter a template validation error during deployment, check for a mismatch in the values of the *Availability Zones* and *Number of Availability Zones* parameters. If you select more Availability Zones than you request, the AWS CloudFormation template wont validate. Correct the parameters so that theyre in sync, and redeploy the Quick Start.

3
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/docs/partner_editable/licenses.adoc
View File

@@ -1,3 +0,0 @@
// Include details about the license and how they can sign up. If no license is required, clarify that.
There are no licencing requirements for this Quick Start

11
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/docs/partner_editable/overview_target_and_usage.adoc
View File

@@ -1,11 +0,0 @@
// Replace the content in <>
// Identify your target audience and explain how/why they would use this Quick Start.
//Avoid borrowing text from third-party websites (copying text from AWS service documentation is fine). Also, avoid marketing-speak, focusing instead on the technical aspect.
This Quick Start provides a networking foundation for AWS Cloud infrastructures. It
deploys an Amazon Virtual Private Cloud (Amazon VPC) according to AWS best practices
and guidelines. Amazon VPC is the networking layer for Amazon Elastic Compute Cloud
(Amazon EC2) and provides a private, isolated section of the AWS Cloud where you can
launch AWS services and other resources in a virtual network. For a discussion of best
design practices for Amazon VPC environments, see the documentation and articles listed
in the link:#_other_useful_information[Other useful information] section.

1
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/docs/partner_editable/pre-reqs.adoc
View File

@@ -1 +0,0 @@
// If no preperation is required, remove all content from here

18
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/docs/partner_editable/product_description.adoc
View File

@@ -1,18 +0,0 @@
// Replace the content in <>
// Briefly describe the software. Use consistent and clear branding.
// Include the benefits of using the software on AWS, and provide details on usage scenarios.
The Amazon VPC architecture includes public and private subnets. The first set of private
subnets share the default network access control list (ACL) from the Amazon VPC, and a
second, optional set of private subnets includes dedicated custom network ACLs per subnet.
Optionally you may choose to deploy a completely public VPC (no private subnets), or a completely private VPC (no public subnets).
The Quick Start divides the Amazon VPC address space in a predictable manner across
multiple Availability Zones, and deploys either NAT instances or NAT gateways for
outbound Internet access, depending on the AWS Region you deploy the Quick Start in.
You can use this Quick Start as a building block for your own deployments. You can scale it
up or down by adding or removing subnets and Availability Zones according to your needs,
and add other infrastructure components and software layers to complete your AWS
environment.

29
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/docs/partner_editable/regions.adoc
View File

@@ -1,29 +0,0 @@
[cols=3*,options="header"]
|===
|Code
|Name
| Opt-in Status
|us-east-2 |US East (Ohio) |Not required
|us-east-1 |US East (N. Virginia) |Not required
|us-west-1 |US West (N. California) |Not required
|us-west-2 |US West (Oregon) |Not required
|af-south-1 |Africa (Cape Town) |Required
|ap-east-1 |Asia Pacific (Hong Kong) |Required
|ap-south-1 |Asia Pacific (Mumbai) |Not required
|ap-northeast-3 |Asia Pacific (Osaka-Local) |Not required
|ap-northeast-2 |Asia Pacific (Seoul) |Not required
|ap-southeast-1 |Asia Pacific (Singapore) |Not required
|ap-southeast-2 |Asia Pacific (Sydney) |Not required
|ap-northeast-1 |Asia Pacific (Tokyo) |Not required
|ca-central-1 |Canada (Central) |Not required
|eu-central-1 |Europe (Frankfurt) |Not required
|eu-west-1 |Europe (Ireland) |Not required
|eu-west-2 |Europe (London) |Not required
|eu-south-1 |Europe (Milan) |Required
|eu-west-3 |Europe (Paris) |Not required
|eu-north-1 |Europe (Stockholm) |Not required
|me-south-1 |Middle East (Bahrain) |Required
|sa-east-1 |South America (São Paulo) |Not required
|===

7
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/docs/partner_editable/service_limits.adoc
View File

@@ -1,7 +0,0 @@
// Replace the <n> in each row to specify the number of resources used in this deployment. Remove the rows for resources that arent used.
|===
|Resource |This deployment uses
// Space needed to maintain table headers
|VPCs |1
|===

6
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/docs/partner_editable/specialized_knowledge.adoc
View File

@@ -1,6 +0,0 @@
// Replace the content in <>
// Describe or link to specific knowledge requirements; for example: “familiarity with basic concepts in the areas of networking, database operations, and data encryption” or “familiarity with <software>.”
This Quick Start assumes familiarity with VPC architecure and CloudFormation.

3591
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/templates/aws-vpc.template
View File

File diff suppressed because it is too large Load Diff

1809
Amazon/artifactory7/latest/submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml
View File

File diff suppressed because it is too large Load Diff

3
Amazon/artifactory7/latest/submodules/quickstart-linux-bastion/.gitignore vendored
View File

@@ -1,3 +0,0 @@
.DS_Store
taskcat_outputs/*
packages/

4
Amazon/artifactory7/latest/submodules/quickstart-linux-bastion/.gitmodules vendored
View File

@@ -1,4 +0,0 @@
[submodule "submodules/quickstart-aws-vpc"]
path = submodules/quickstart-aws-vpc
url = https://github.com/aws-quickstart/quickstart-aws-vpc.git
branch = main

94
Amazon/artifactory7/latest/submodules/quickstart-linux-bastion/.taskcat.yml
View File

@@ -1,94 +0,0 @@
project:
name: quickstart-linux-bastion
owner: quickstart-eng@amazon.com
lambda_source_path: functions/source
lambda_zip_path: packages
s3_regional_buckets: true
regions:
- ap-northeast-1
- ap-northeast-2
- ap-south-1
- ap-southeast-1
- ap-southeast-2
- ap-east-1
- ca-central-1
- eu-central-1
- eu-west-1
- eu-west-2
- eu-west-3
- me-south-1
- sa-east-1
- us-east-1
- us-east-2
- us-west-1
- us-west-2
- us-gov-east-1
- us-gov-west-1
template: templates/linux-bastion-master.template
parameters:
AvailabilityZones: $[taskcat_getaz_2]
BastionInstanceType: t3.medium
KeyPairName: $[taskcat_getkeypair]
PrivateSubnet1CIDR: 10.0.0.0/19
PrivateSubnet2CIDR: 10.0.32.0/19
PublicSubnet1CIDR: 10.0.128.0/20
PublicSubnet2CIDR: 10.0.144.0/20
QSS3BucketName: $[taskcat_autobucket]
RemoteAccessCIDR: 10.0.0.0/16
VPCCIDR: 10.0.0.0/16
QSS3BucketRegion: $[taskcat_current_region]
tests:
amznlinux2hvm:
parameters:
BastionAMIOS: Amazon-Linux2-HVM
regions:
- ap-northeast-1
- ap-northeast-2
- ap-south-1
- ap-southeast-1
- ap-southeast-2
- ca-central-1
- eu-central-1
- eu-north-1
- eu-west-1
- eu-west-2
- eu-west-3
- sa-east-1
- us-east-1
- us-east-2
- us-west-1
- us-west-2
- cn-north-1
- cn-northwest-1
- us-gov-east-1
- us-gov-west-1
centos7hvm:
parameters:
BastionAMIOS: CentOS-7-HVM
regions:
- ap-south-1
- ca-central-1
- eu-central-1
- eu-north-1
- eu-west-1
- us-east-1
sles15hvm:
parameters:
BastionAMIOS: SUSE-SLES-15-HVM
regions:
- ap-south-1
- ca-central-1
- eu-central-1
- eu-north-1
- eu-west-1
- us-east-1
us2004hvm:
parameters:
BastionAMIOS: Ubuntu-Server-20.04-LTS-HVM
regions:
- ap-south-1
- ca-central-1
- eu-central-1
- eu-north-1
- eu-west-1
- us-east-1

202
Amazon/artifactory7/latest/submodules/quickstart-linux-bastion/LICENSE.txt
View File

@@ -1,202 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

7
Amazon/artifactory7/latest/submodules/quickstart-linux-bastion/NOTICE.txt
View File

@@ -1,7 +0,0 @@
Copyright 2016-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at
http://aws.amazon.com/apache2.0/
or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

16
Amazon/artifactory7/latest/submodules/quickstart-linux-bastion/README.md
View File

@@ -1,16 +0,0 @@
# quickstart-linux-bastion
This Quick Start adds Linux bastion functionality to your AWS Cloud environment. It deploys Linux bastion hosts that provide secure access to your Linux instances in public or private subnets. Use this Quick Start as a building block for your Linux-based deployments on AWS. You can choose to create a new VPC environment for your Linux bastion hosts or deploy them into your existing VPC environment. After you deploy the Quick Start, you can add other AWS services, infrastructure components, and software layers to complete your test or production Linux environment on the AWS Cloud.
![Quick Start Linux Bastion Design Architecture](https://docs.aws.amazon.com/quickstart/latest/linux-bastion/images/linux-bastion-hosts-on-aws-architecture.png )
Deployment steps:
1. Sign up for an AWS account at https://aws.amazon.com, select a region, and create a key pair.
2. In the AWS CloudFormation console, launch one of the following templates to build a new stack:
* /templates/linux-bastion-master.template (to deploy bastion hosts into a new VPC)
* /templates/linux-bastion.template (to deploy bastion hosts into your existing VPC)
3. Add AWS services and other applications.
The Quick Start provides parameters that you can set to customize your deployment. For architectural details, best practices, step-by-step instructions, and customization options, see the [deployment guide](https://fwd.aws/R9NRw).

32
Amazon/artifactory7/latest/submodules/quickstart-linux-bastion/scripts/auditing_configure.sh
View File

@@ -1,32 +0,0 @@
#!/bin/bash
function install_stuff_ubuntu(){
apt-get -y install auditd
}
function add_the_rules(){
cat /tmp/auditd.rules >> /etc/audit/rules.d/audit.rules
rm /tmp/auditd.rules
}
function restart_services(){
case "${BASTION_OS}" in
Amazon)
/usr/sbin/service auditd restart
;;
CentOS|SUSE)
/sbin/service auditd restart
;;
Ubuntu)
service auditd restart
;;
esac
}
case "${BASTION_OS}" in
Ubuntu)
install_stuff_ubuntu
;;
esac
add_the_rules
restart_services

12
Amazon/artifactory7/latest/submodules/quickstart-linux-bastion/scripts/banner_message.txt
View File

@@ -1,12 +0,0 @@
###############################################################################
# ___ ______ ___ _ _ ____ _ _ #
# / \ \ / / ___| / _ \ _ _(_) ___| | __ / ___|| |_ __ _ _ __| |_ #
# / _ \ \ /\ / /\___ \ | | | | | | | |/ __| |/ / \___ \| __/ _` | '__| __| #
# / ___ \ V V / ___) | | |_| | |_| | | (__| < ___) | || (_| | | | |_ #
# /_/ \_\_/\_/ |____/ \__\_\\__,_|_|\___|_|\_\ |____/ \__\__,_|_| \__| #
#-----------------------------------------------------------------------------#
# Authorized access only! #
# Disconnect IMMEDIATELY if you are not an authorized user!!! #
# All actions will be monitored and recorded. #
###############################################################################

380
Amazon/artifactory7/latest/submodules/quickstart-linux-bastion/scripts/bastion_bootstrap.sh
View File

@@ -1,380 +0,0 @@
#!/bin/bash -e
# Bastion Bootstrapping
# authors: tonynv@amazon.com, sancard@amazon.com, ianhill@amazon.com
# NOTE: This requires GNU getopt. On Mac OS X and FreeBSD you must install GNU getopt and mod the checkos function so that it's supported
# Configuration
PROGRAM='Linux Bastion'
##################################### Functions Definitions
function checkos () {
platform='unknown'
unamestr=`uname`
if [[ "${unamestr}" == 'Linux' ]]; then
platform='linux'
else
echo "[WARNING] This script is not supported on MacOS or FreeBSD"
exit 1
fi
echo "${FUNCNAME[0]} Ended"
}
function setup_environment_variables() {
REGION=$(curl -sq http://169.254.169.254/latest/meta-data/placement/availability-zone/)
#ex: us-east-1a => us-east-1
REGION=${REGION: :-1}
ETH0_MAC=$(/sbin/ip link show dev eth0 | /bin/egrep -o -i 'link/ether\ ([0-9a-z]{2}:){5}[0-9a-z]{2}' | /bin/sed -e 's,link/ether\ ,,g')
_userdata_file="/var/lib/cloud/instance/user-data.txt"
INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
EIP_LIST=$(grep EIP_LIST ${_userdata_file} | sed -e 's/EIP_LIST=//g' -e 's/\"//g')
LOCAL_IP_ADDRESS=$(curl -sq 169.254.169.254/latest/meta-data/network/interfaces/macs/${ETH0_MAC}/local-ipv4s/)
CWG=$(grep CLOUDWATCHGROUP ${_userdata_file} | sed 's/CLOUDWATCHGROUP=//g')
export REGION ETH0_MAC EIP_LIST CWG LOCAL_IP_ADDRESS INSTANCE_ID
}
function verify_dependencies(){
if [[ "a$(which aws)" == "a" ]]; then
pip install awscli
fi
echo "${FUNCNAME[0]} Ended"
}
function usage() {
echo "$0 <usage>"
echo " "
echo "options:"
echo -e "--help \t Show options for this script"
echo -e "--banner \t Enable or Disable Bastion Message"
echo -e "--enable \t SSH Banner"
echo -e "--tcp-forwarding \t Enable or Disable TCP Forwarding"
echo -e "--x11-forwarding \t Enable or Disable X11 Forwarding"
}
function chkstatus () {
if [[ $? -eq 0 ]]
then
echo "Script [PASS]"
else
echo "Script [FAILED]" >&2
exit 1
fi
}
function osrelease () {
OS=`cat /etc/os-release | grep '^NAME=' | tr -d \" | sed 's/\n//g' | sed 's/NAME=//g'`
if [[ "${OS}" == "Ubuntu" ]]; then
echo "Ubuntu"
elif [[ "${OS}" == "Amazon Linux AMI" ]] || [[ "${OS}" == "Amazon Linux" ]]; then
echo "AMZN"
elif [[ "${OS}" == "CentOS Linux" ]]; then
echo "CentOS"
elif [[ "${OS}" == "SLES" ]]; then
echo "SLES"
else
echo "Operating System Not Found"
fi
echo "${FUNCNAME[0]} Ended" >> /var/log/cfn-init.log
}
function setup_logs () {
echo "${FUNCNAME[0]} Started"
URL_SUFFIX="${URL_SUFFIX:-amazonaws.com}"
if [[ "${release}" == "SLES" ]]; then
curl "https://amazoncloudwatch-agent-${REGION}.s3.${REGION}.${URL_SUFFIX}/suse/amd64/latest/amazon-cloudwatch-agent.rpm" -O
zypper install --allow-unsigned-rpm -y ./amazon-cloudwatch-agent.rpm
rm ./amazon-cloudwatch-agent.rpm
elif [[ "${release}" == "CentOS" ]]; then
curl "https://amazoncloudwatch-agent-${REGION}.s3.${REGION}.${URL_SUFFIX}/centos/amd64/latest/amazon-cloudwatch-agent.rpm" -O
rpm -U ./amazon-cloudwatch-agent.rpm
rm ./amazon-cloudwatch-agent.rpm
elif [[ "${release}" == "Ubuntu" ]]; then
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
curl "https://amazoncloudwatch-agent-${REGION}.s3.${REGION}.${URL_SUFFIX}/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb" -O
dpkg -i -E ./amazon-cloudwatch-agent.deb
rm ./amazon-cloudwatch-agent.deb
elif [[ "${release}" == "AMZN" ]]; then
curl "https://amazoncloudwatch-agent-${REGION}.s3.${REGION}.${URL_SUFFIX}/amazon_linux/amd64/latest/amazon-cloudwatch-agent.rpm" -O
rpm -U ./amazon-cloudwatch-agent.rpm
rm ./amazon-cloudwatch-agent.rpm
fi
cat <<EOF >> /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json
{
"logs": {
"force_flush_interval": 5,
"logs_collected": {
"files": {
"collect_list": [
{
"file_path": "/var/log/auditd/auditd.log",
"log_group_name": "${CWG}",
"log_stream_name": "{instance_id}",
"timestamp_format": "%Y-%m-%d %H:%M:%S",
"timezone": "UTC"
}
]
}
}
}
}
EOF
if [ -x /bin/systemctl ] || [ -x /usr/bin/systemctl ]; then
systemctl enable amazon-cloudwatch-agent.service
systemctl restart amazon-cloudwatch-agent.service
else
start amazon-cloudwatch-agent
fi
}
function setup_os () {
echo "${FUNCNAME[0]} Started"
echo "Defaults env_keep += \"SSH_CLIENT\"" >> /etc/sudoers
if [[ "${release}" == "Ubuntu" ]]; then
user_group="ubuntu"
elif [[ "${release}" == "CentOS" ]]; then
user_group="centos"
elif [[ "${release}" == "SLES" ]]; then
user_group="users"
else
user_group="ec2-user"
fi
if [[ "${release}" == "CentOS" ]]; then
/sbin/restorecon -v /etc/ssh/sshd_config
systemctl restart sshd
fi
if [[ "${release}" == "SLES" ]]; then
echo "0 0 * * * zypper patch --non-interactive" > ~/mycron
elif [[ "${release}" == "Ubuntu" ]]; then
apt-get install -y unattended-upgrades
echo "0 0 * * * unattended-upgrades -d" > ~/mycron
else
echo "0 0 * * * yum -y update --security" > ~/mycron
fi
crontab ~/mycron
rm ~/mycron
echo "${FUNCNAME[0]} Ended"
}
function request_eip() {
# Is the already-assigned Public IP an elastic IP?
_query_assigned_public_ip
set +e
_determine_eip_assc_status ${PUBLIC_IP_ADDRESS}
set -e
if [[ ${_eip_associated} -eq 0 ]]; then
echo "The Public IP address associated with eth0 (${PUBLIC_IP_ADDRESS}) is already an Elastic IP. Not proceeding further."
exit 1
fi
EIP_ARRAY=(${EIP_LIST//,/ })
_eip_assigned_count=0
for eip in "${EIP_ARRAY[@]}"; do
if [[ "${eip}" == "Null" ]]; then
echo "Detected a NULL Value, moving on."
continue
fi
# Determine if the EIP has already been assigned.
set +e
_determine_eip_assc_status ${eip}
set -e
if [[ ${_eip_associated} -eq 0 ]]; then
echo "Elastic IP [${eip}] already has an association. Moving on."
let _eip_assigned_count+=1
if [[ "${_eip_assigned_count}" -eq "${#EIP_ARRAY[@]}" ]]; then
echo "All of the stack EIPs have been assigned (${_eip_assigned_count}/${#EIP_ARRAY[@]}). I can't assign anything else. Exiting."
exit 1
fi
continue
fi
_determine_eip_allocation ${eip}
# Attempt to assign EIP to the ENI.
set +e
aws ec2 associate-address --instance-id ${INSTANCE_ID} --allocation-id ${eip_allocation} --region ${REGION}
rc=$?
set -e
if [[ ${rc} -ne 0 ]]; then
let _eip_assigned_count+=1
continue
else
echo "The newly-assigned EIP is ${eip}. It is mapped under EIP Allocation ${eip_allocation}"
break
fi
done
echo "${FUNCNAME[0]} Ended"
}
function _query_assigned_public_ip() {
# Note: ETH0 Only.
# - Does not distinguish between EIP and Standard IP. Need to cross-ref later.
echo "Querying the assigned public IP"
PUBLIC_IP_ADDRESS=$(curl -sq 169.254.169.254/latest/meta-data/public-ipv4/${ETH0_MAC}/public-ipv4s/)
}
function _determine_eip_assc_status(){
# Is the provided EIP associated?
# Also determines if an IP is an EIP.
# 0 => true
# 1 => false
echo "Determining EIP Association Status for [${1}]"
set +e
aws ec2 describe-addresses --public-ips ${1} --output text --region ${REGION} 2>/dev/null | grep -o -i eipassoc -q
rc=$?
set -e
if [[ ${rc} -eq 1 ]]; then
_eip_associated=1
else
_eip_associated=0
fi
}
function _determine_eip_allocation(){
echo "Determining EIP Allocation for [${1}]"
resource_id_length=$(aws ec2 describe-addresses --public-ips ${1} --output text --region ${REGION} | head -n 1 | awk {'print $2'} | sed 's/.*eipalloc-//')
if [[ "${#resource_id_length}" -eq 17 ]]; then
eip_allocation=$(aws ec2 describe-addresses --public-ips ${1} --output text --region ${REGION}| egrep 'eipalloc-([a-z0-9]{17})' -o)
else
eip_allocation=$(aws ec2 describe-addresses --public-ips ${1} --output text --region ${REGION}| egrep 'eipalloc-([a-z0-9]{8})' -o)
fi
}
function prevent_process_snooping() {
# Prevent bastion host users from viewing processes owned by other users.
mount -o remount,rw,hidepid=2 /proc
awk '!/proc/' /etc/fstab > temp && mv temp /etc/fstab
echo "proc /proc proc defaults,hidepid=2 0 0" >> /etc/fstab
echo "${FUNCNAME[0]} Ended"
}
##################################### End Function Definitions
# Call checkos to ensure platform is Linux
checkos
# Verify dependencies are installed.
verify_dependencies
# Assuming it is, setup environment variables.
setup_environment_variables
## set an initial value
SSH_BANNER="LINUX BASTION"
# Read the options from cli input
TEMP=`getopt -o h --longoptions help,banner:,enable:,tcp-forwarding:,x11-forwarding: -n $0 -- "$@"`
eval set -- "${TEMP}"
if [[ $# == 1 ]] ; then echo "No input provided! type ($0 --help) to see usage help" >&2 ; exit 1 ; fi
# extract options and their arguments into variables.
while true; do
case "$1" in
-h | --help)
usage
exit 1
;;
--banner)
BANNER_PATH="$2";
shift 2
;;
--enable)
ENABLE="$2";
shift 2
;;
--tcp-forwarding)
TCP_FORWARDING="$2";
shift 2
;;
--x11-forwarding)
X11_FORWARDING="$2";
shift 2
;;
--)
break
;;
*)
break
;;
esac
done
# BANNER CONFIGURATION
BANNER_FILE="/etc/ssh_banner"
if [[ ${ENABLE} == "true" ]];then
if [[ -z ${BANNER_PATH} ]];then
echo "BANNER_PATH is null skipping ..."
else
echo "BANNER_PATH = ${BANNER_PATH}"
echo "Creating Banner in ${BANNER_FILE}"
aws s3 cp "${BANNER_PATH}" "${BANNER_FILE}" --region ${BANNER_REGION}
if [[ -e ${BANNER_FILE} ]] ;then
echo "[INFO] Installing banner ... "
echo -e "\n Banner ${BANNER_FILE}" >>/etc/ssh/sshd_config
else
echo "[INFO] banner file is not accessible skipping ..."
exit 1;
fi
fi
else
echo "Banner message is not enabled!"
fi
#Enable/Disable TCP forwarding
TCP_FORWARDING=`echo "${TCP_FORWARDING}" | sed 's/\\n//g'`
#Enable/Disable X11 forwarding
X11_FORWARDING=`echo "${X11_FORWARDING}" | sed 's/\\n//g'`
echo "Value of TCP_FORWARDING - ${TCP_FORWARDING}"
echo "Value of X11_FORWARDING - ${X11_FORWARDING}"
if [[ ${TCP_FORWARDING} == "false" ]];then
awk '!/AllowTcpForwarding/' /etc/ssh/sshd_config > temp && mv temp /etc/ssh/sshd_config
echo "AllowTcpForwarding no" >> /etc/ssh/sshd_config
fi
if [[ ${X11_FORWARDING} == "false" ]];then
awk '!/X11Forwarding/' /etc/ssh/sshd_config > temp && mv temp /etc/ssh/sshd_config
echo "X11Forwarding no" >> /etc/ssh/sshd_config
fi
release=$(osrelease)
if [[ "${release}" == "Operating System Not Found" ]]; then
echo "[ERROR] Unsupported Linux Bastion OS"
exit 1
else
setup_os
setup_logs
fi
prevent_process_snooping
request_eip
echo "Bootstrap complete."

299
Amazon/artifactory7/latest/submodules/quickstart-linux-bastion/templates/linux-bastion-master.template
View File

@@ -1,299 +0,0 @@
AWSTemplateFormatVersion: 2010-09-09
Description: LinuxBastion+VPC Jul,30,2020 (qs-1qup6ra9p) (Please do not remove)
Metadata:
LICENSE: Apache License, Version 2.0
'AWS::CloudFormation::Interface':
ParameterGroups:
- Label:
default: Network configuration
Parameters:
- AvailabilityZones
- VPCCIDR
- PrivateSubnet1CIDR
- PrivateSubnet2CIDR
- PublicSubnet1CIDR
- PublicSubnet2CIDR
- RemoteAccessCIDR
- VPCTenancy
- Label:
default: Amazon EC2 configuration
Parameters:
- KeyPairName
- BastionAMIOS
- BastionInstanceType
- Label:
default: Linux bastion configuration
Parameters:
- NumBastionHosts
- BastionHostName
- BastionTenancy
- EnableBanner
- BastionBanner
- EnableTCPForwarding
- EnableX11Forwarding
- Label:
default: AWS Quick Start configuration
Parameters:
- QSS3BucketName
- QSS3KeyPrefix
- QSS3BucketRegion
ParameterLabels:
AvailabilityZones:
default: Availability Zones
BastionAMIOS:
default: Bastion AMI operating system
BastionHostName:
default: Bastion Host Name
BastionTenancy:
default: Bastion tenancy
BastionBanner:
default: Banner text
BastionInstanceType:
default: Bastion instance type
QSS3BucketRegion:
default: Quick Start S3 bucket region
EnableBanner:
default: Bastion banner
EnableTCPForwarding:
default: TCP forwarding
EnableX11Forwarding:
default: X11 forwarding
KeyPairName:
default: Key pair name
NumBastionHosts:
default: Number of bastion hosts
PrivateSubnet1CIDR:
default: Private subnet 1 CIDR
PrivateSubnet2CIDR:
default: Private subnet 2 CIDR
PublicSubnet1CIDR:
default: Public subnet 1 CIDR
PublicSubnet2CIDR:
default: Public subnet 2 CIDR
VPCTenancy:
default: VPC tenancy
QSS3BucketName:
default: Quick Start S3 bucket name
QSS3KeyPrefix:
default: Quick Start S3 key prefix
RemoteAccessCIDR:
default: Allowed bastion external access CIDR
VPCCIDR:
default: VPC CIDR
cfn-lint: { config: { ignore_checks: [E9007] } }
Parameters:
AvailabilityZones:
Description: 'List of Availability Zones to use for the subnets in the VPC. Note: ( The logical order is preserved and only 2 AZs are used for this deployment.'
Type: 'List<AWS::EC2::AvailabilityZone::Name>'
BastionAMIOS:
AllowedValues:
- Amazon-Linux2-HVM
- CentOS-7-HVM
- Ubuntu-Server-20.04-LTS-HVM
- SUSE-SLES-15-HVM
Default: Amazon-Linux2-HVM
Description: The Linux distribution for the AMI to be used for the bastion instances.
Type: String
BastionHostName:
Default: 'LinuxBastion'
Description: The value used for the name tag of the bastion host
Type: String
BastionBanner:
Default: ""
Description: Banner text to display upon login.
Type: String
BastionTenancy:
Description: 'VPC tenancy to launch the bastion in. Options: ''dedicated'' or ''default'''
Type: String
Default: default
AllowedValues:
- dedicated
- default
BastionInstanceType:
Description: Amazon EC2 instance type for the bastion instances.
Type: String
Default: t2.micro
AllowedValues:
- t2.nano
- t2.micro
- t2.small
- t2.medium
- t2.large
- t3.micro
- t3.small
- t3.medium
- t3.large
- t3.xlarge
- t3.2xlarge
- m3.large
- m3.xlarge
- m3.2xlarge
- m4.large
- m4.xlarge
- m4.2xlarge
- m4.4xlarge
EnableBanner:
AllowedValues:
- 'true'
- 'false'
Default: 'false'
Description: To include a banner to be displayed when connecting via SSH to the
bastion, choose true.
Type: String
EnableTCPForwarding:
Type: String
Description: To enable TCP forwarding, choose true.
Default: 'false'
AllowedValues:
- 'true'
- 'false'
EnableX11Forwarding:
Type: String
Description: To enable X11 forwarding, choose true.
Default: 'false'
AllowedValues:
- 'true'
- 'false'
KeyPairName:
Description: Name of an existing public/private key pair, which allows you to securely connect to your instance
after it launches.
Type: 'AWS::EC2::KeyPair::KeyName'
NumBastionHosts:
AllowedValues:
- '1'
- '2'
- '3'
- '4'
Default: '1'
Description: The number of bastion hosts to create. The maximum number is four.
Type: String
PrivateSubnet1CIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/19
Description: CIDR block for private subnet 1 located in Availability Zone 1.
Type: String
PrivateSubnet2CIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.32.0/19
Description: CIDR block for private subnet 2 located in Availability Zone 2.
Type: String
PublicSubnet1CIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.128.0/20
Description: CIDR Block for the public DMZ subnet 1 located in Availability Zone 1.
Type: String
PublicSubnet2CIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.144.0/20
Description: CIDR Block for the public DMZ subnet 2 located in Availability Zone 2.
Type: String
VPCTenancy:
AllowedValues:
- default
- dedicated
Default: default
Description: The allowed tenancy of instances launched into the VPC.
Type: String
QSS3BucketName:
AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$
ConstraintDescription: Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).
Default: aws-quickstart
Description: S3 bucket name for the Quick Start assets. Quick Start bucket name can
include numbers, lowercase letters, uppercase letters, and hyphens (-). It
cannot start or end with a hyphen (-).
Type: String
QSS3KeyPrefix:
AllowedPattern: ^([0-9a-zA-Z-.]+/)*$
ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), dots (.) and forward slash (/). The prefix should end with a forward slash (/).
Default: quickstart-linux-bastion/
Description: S3 key prefix for the Quick Start assets. Quick Start key prefix can
include numbers, lowercase letters, uppercase letters, hyphens (-), dots
(.) and forward slash (/) and it should end with a forward slash (/).
Type: String
QSS3BucketRegion:
Default: 'us-east-1'
Description: The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value.
Type: String
RemoteAccessCIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x
Description: Allowed CIDR block for external SSH access to the bastions
Type: String
VPCCIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/16
Description: CIDR Block for the VPC.
Type: String
Conditions:
UsingDefaultBucket: !Equals
- !Ref QSS3BucketName
- 'aws-quickstart'
Resources:
VPCStack:
Type: 'AWS::CloudFormation::Stack'
Properties:
TemplateURL: !Sub
- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template
- S3Bucket: !If
- UsingDefaultBucket
- !Sub 'aws-quickstart-${AWS::Region}'
- !Ref 'QSS3BucketName'
S3Region: !If
- UsingDefaultBucket
- !Ref 'AWS::Region'
- !Ref 'QSS3BucketRegion'
Parameters:
AvailabilityZones: !Join
- ','
- !Ref AvailabilityZones
KeyPairName: !Ref KeyPairName
NumberOfAZs: '2'
PrivateSubnet1ACIDR: !Ref PrivateSubnet1CIDR
PrivateSubnet2ACIDR: !Ref PrivateSubnet2CIDR
PublicSubnet1CIDR: !Ref PublicSubnet1CIDR
PublicSubnet2CIDR: !Ref PublicSubnet2CIDR
VPCCIDR: !Ref VPCCIDR
VPCTenancy: !Ref VPCTenancy
BastionStack:
Type: 'AWS::CloudFormation::Stack'
Properties:
TemplateURL: !Sub
- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/linux-bastion.template
- S3Bucket: !If
- UsingDefaultBucket
- !Sub 'aws-quickstart-${AWS::Region}'
- !Ref 'QSS3BucketName'
S3Region: !If
- UsingDefaultBucket
- !Ref 'AWS::Region'
- !Ref 'QSS3BucketRegion'
Parameters:
BastionAMIOS: !Ref BastionAMIOS
BastionHostName: !Ref BastionHostName
BastionBanner: !Ref BastionBanner
BastionInstanceType: !Ref BastionInstanceType
BastionTenancy: !Ref BastionTenancy
EnableBanner: !Ref EnableBanner
EnableTCPForwarding: !Ref EnableTCPForwarding
EnableX11Forwarding: !Ref EnableX11Forwarding
KeyPairName: !Ref KeyPairName
NumBastionHosts: !Ref NumBastionHosts
PublicSubnet1ID: !GetAtt
- VPCStack
- Outputs.PublicSubnet1ID
PublicSubnet2ID: !GetAtt
- VPCStack
- Outputs.PublicSubnet2ID
QSS3BucketRegion: !Ref QSS3BucketRegion
QSS3BucketName: !Ref QSS3BucketName
QSS3KeyPrefix: !Ref QSS3KeyPrefix
RemoteAccessCIDR: !Ref RemoteAccessCIDR
VPCID: !GetAtt
- VPCStack
- Outputs.VPCID

725
Amazon/artifactory7/latest/submodules/quickstart-linux-bastion/templates/linux-bastion.template
View File

@@ -1,725 +0,0 @@
AWSTemplateFormatVersion: 2010-09-09
Description: LinuxBastion+VPC Jul,30,2020 (qs-1qup6ra99) (Please do not remove)
Metadata:
LICENSE: Apache License, Version 2.0
'AWS::CloudFormation::Interface':
ParameterGroups:
- Label:
default: Network configuration
Parameters:
- VPCID
- PublicSubnet1ID
- PublicSubnet2ID
- RemoteAccessCIDR
- Label:
default: Amazon EC2 configuration
Parameters:
- KeyPairName
- BastionAMIOS
- BastionInstanceType
- RootVolumeSize
- Label:
default: Linux bastion configuration
Parameters:
- NumBastionHosts
- BastionHostName
- BastionTenancy
- EnableBanner
- BastionBanner
- EnableTCPForwarding
- EnableX11Forwarding
- Label:
default: Alternative configurations
Parameters:
- AlternativeInitializationScript
- OSImageOverride
- AlternativeIAMRole
- EnvironmentVariables
- Label:
default: AWS Quick Start configuration
Parameters:
- QSS3BucketName
- QSS3KeyPrefix
- QSS3BucketRegion
ParameterLabels:
AlternativeIAMRole:
default: Alternative IAM role
AlternativeInitializationScript:
default: Alternative initialization script
BastionAMIOS:
default: Bastion AMI operating system
BastionHostName:
default: Bastion Host Name
BastionTenancy:
default: Bastion tenancy
BastionBanner:
default: Banner text
QSS3BucketRegion:
default: Quick Start S3 bucket region
BastionInstanceType:
default: Bastion instance type
EnableBanner:
default: Bastion banner
EnableTCPForwarding:
default: TCP forwarding
EnableX11Forwarding:
default: X11 forwarding
EnvironmentVariables:
default: Environment variables
KeyPairName:
default: Key pair name
NumBastionHosts:
default: Number of bastion hosts
OSImageOverride:
default: Operating system override
PublicSubnet1ID:
default: Public subnet 1 ID
PublicSubnet2ID:
default: Public subnet 2 ID
QSS3BucketName:
default: Quick Start S3 bucket name
QSS3KeyPrefix:
default: Quick Start S3 key prefix
RemoteAccessCIDR:
default: Allowed bastion external access CIDR
VPCID:
default: VPC ID
RootVolumeSize:
default: Root volume size
cfn-lint: { config: { ignore_checks: [E9007] } }
Parameters:
BastionAMIOS:
AllowedValues:
- Amazon-Linux2-HVM
- CentOS-7-HVM
- Ubuntu-Server-20.04-LTS-HVM
- SUSE-SLES-15-HVM
Default: Amazon-Linux2-HVM
Description: The Linux distribution for the AMI to be used for the bastion instances.
Type: String
BastionHostName:
Default: 'LinuxBastion'
Description: The value used for the name tag of the bastion host
Type: String
BastionBanner:
Default: ""
Description: Banner text to display upon login.
Type: String
BastionTenancy:
Description: 'VPC tenancy to launch the bastion in. Options: ''dedicated'' or ''default'''
Type: String
Default: default
AllowedValues:
- dedicated
- default
BastionInstanceType:
AllowedValues:
- t2.nano
- t2.micro
- t2.small
- t2.medium
- t2.large
- t3.micro
- t3.small
- t3.medium
- t3.large
- t3.xlarge
- t3.2xlarge
- m4.large
- m4.xlarge
- m4.2xlarge
- m4.4xlarge
Default: t2.micro
Description: Amazon EC2 instance type for the bastion instances.
Type: String
EnableBanner:
AllowedValues:
- 'true'
- 'false'
Default: 'false'
Description: To include a banner to be displayed when connecting via SSH to the
bastion, choose true.
Type: String
EnableTCPForwarding:
Type: String
Description: To enable TCP forwarding, choose true.
Default: 'false'
AllowedValues:
- 'true'
- 'false'
EnableX11Forwarding:
Type: String
Description: To enable X11 forwarding, choose true.
Default: 'false'
AllowedValues:
- 'true'
- 'false'
KeyPairName:
Description: Name of an existing public/private key pair. If you do not have one in this AWS Region,
please create it before continuing.
Type: 'AWS::EC2::KeyPair::KeyName'
NumBastionHosts:
AllowedValues:
- '1'
- '2'
- '3'
- '4'
Default: '1'
Description: The number of bastion hosts to create. The maximum number is four.
Type: String
PublicSubnet1ID:
Description: ID of the public subnet 1 that you want to provision the first bastion
into (e.g., subnet-a0246dcd).
Type: 'AWS::EC2::Subnet::Id'
PublicSubnet2ID:
Description: ID of the public subnet 2 that you want to provision the second bastion into
(e.g., subnet-e3246d8e).
Type: 'AWS::EC2::Subnet::Id'
QSS3BucketName:
AllowedPattern: '^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$'
ConstraintDescription: Quick Start bucket name can include numbers, lowercase letters, uppercase
letters, and hyphens (-). It cannot start or end with a hyphen (-).
Default: aws-quickstart
Description: S3 bucket name for the Quick Start assets. Quick Start bucket name can
include numbers, lowercase letters, uppercase letters, and hyphens (-). It
cannot start or end with a hyphen (-).
Type: String
QSS3BucketRegion:
Default: 'us-east-1'
Description: The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value.
Type: String
QSS3KeyPrefix:
AllowedPattern: '^([0-9a-zA-Z-.]+/)*$'
ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, uppercase
letters, hyphens (-), dots (.) and forward slash (/). The prefix should
end with a forward slash (/).
Default: quickstart-linux-bastion/
Description: S3 key prefix for the Quick Start assets. Quick Start key prefix can
include numbers, lowercase letters, uppercase letters, hyphens (-), dots
(.) and forward slash (/) and it should end with a forward slash (/).
Type: String
RemoteAccessCIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x
Description: Allowed CIDR block for external SSH access to the bastions.
Type: String
VPCID:
Description: 'ID of the VPC (e.g., vpc-0343606e).'
Type: 'AWS::EC2::VPC::Id'
AlternativeInitializationScript:
AllowedPattern: ^http.*|^$
ConstraintDescription: URL must begin with http
Description: An alternative initialization script to run during setup.
Default: ''
Type: String
OSImageOverride:
Description: The Region-specific image to use for the instance.
Type: String
Default: ''
AlternativeIAMRole:
Description: An existing IAM Role name to attach to the bastion. If left blank,
a new role will be created.
Default: ''
Type: String
EnvironmentVariables:
Description: A comma-separated list of environment variables for use in
bootstrapping. Variables must be in the format KEY=VALUE. VALUE cannot
contain commas.
Type: String
Default: ''
RootVolumeSize:
Description: The size in GB for the root EBS volume.
Type: Number
Default: '10'
Rules:
SubnetsInVPC:
Assertions:
- Assert:
'Fn::EachMemberIn':
- 'Fn::ValueOfAll':
- 'AWS::EC2::Subnet::Id'
- VpcId
- 'Fn::RefAll': 'AWS::EC2::VPC::Id'
AssertDescription: All subnets must exist in the VPC
Mappings:
AWSAMIRegionMap:
ap-northeast-1:
AMZNLINUX2: ami-0cc75a8978fbbc969
US2004HVM: ami-0461b11e2fad8c14a
CENTOS7HVM: ami-06a46da680048c8ae
SLES15HVM: ami-056ac8ad44e6a7e1f
ap-northeast-2:
AMZNLINUX2: ami-0bd7691bf6470fe9c
US2004HVM: ami-0dbad3c7f731477cb
CENTOS7HVM: ami-06e83aceba2cb0907
SLES15HVM: ami-0f81fff879bafe6b8
ap-south-1:
AMZNLINUX2: ami-0ebc1ac48dfd14136
US2004HVM: ami-0ebd654017556e025
CENTOS7HVM: ami-026f33d38b6410e30
SLES15HVM: ami-01be89269d32f2a16
ap-southeast-1:
AMZNLINUX2: ami-0cd31be676780afa7
US2004HVM: ami-0ba1d1f3433cd4c68
CENTOS7HVM: ami-07f65177cb990d65b
SLES15HVM: ami-070356c21596ddc67
ap-southeast-2:
AMZNLINUX2: ami-0ded330691a314693
US2004HVM: ami-02be36619a83e9a16
CENTOS7HVM: ami-0b2045146eb00b617
SLES15HVM: ami-0c4245381c67efb39
ca-central-1:
AMZNLINUX2: ami-013d1df4bcea6ba95
US2004HVM: ami-071c33c681c9d4a00
CENTOS7HVM: ami-04a25c39dc7a8aebb
SLES15HVM: ami-0c97d9b588207dad6
eu-central-1:
AMZNLINUX2: ami-0c115dbd34c69a004
US2004HVM: ami-0c2b1c303a2e4cb49
CENTOS7HVM: ami-0e8286b71b81c3cc1
SLES15HVM: ami-05dfd265ea534a3e9
me-south-1:
AMZNLINUX2: ami-01f41d49c363da2ad
US2004HVM: ami-07f9fe3f7a8c82448
CENTOS7HVM: ami-011c71a894b10f35b
SLES15HVM: ami-0252c6d3a59c7473b
ap-east-1:
AMZNLINUX2: ami-47317236
US2004HVM: ami-545b1825
CENTOS7HVM: ami-0e5c29e6c87a9644f
SLES15HVM: ami-0ad6e15bcbb2dbe38
eu-north-1:
AMZNLINUX2: ami-039609244d2810a6b
US2004HVM: ami-08baf9e3c347b7092
CENTOS7HVM: ami-05788af9005ef9a93
SLES15HVM: ami-0741fa1a008af40ad
eu-west-1:
AMZNLINUX2: ami-07d9160fa81ccffb5
US2004HVM: ami-0f1d11c92a9467c07
CENTOS7HVM: ami-0b850cf02cc00fdc8
SLES15HVM: ami-0a58a1b152ba55f1d
eu-west-2:
AMZNLINUX2: ami-0a13d44dccf1f5cf6
US2004HVM: ami-082335b69bcfdb15b
CENTOS7HVM: ami-09e5afc68eed60ef4
SLES15HVM: ami-01497522185aaa4ee
eu-west-3:
AMZNLINUX2: ami-093fa4c538885becf
US2004HVM: ami-00f6fb16625871821
CENTOS7HVM: ami-0cb72d2e599cffbf9
SLES15HVM: ami-0f238bd4c6fdbefb0
sa-east-1:
AMZNLINUX2: ami-018ccfb6b4745882a
US2004HVM: ami-083aa2af86ff2bd11
CENTOS7HVM: ami-0b30f38d939dd4b54
SLES15HVM: ami-0772af912976aa692
us-east-1:
AMZNLINUX2: ami-02354e95b39ca8dec
US2004HVM: ami-0758470213bdd23b1
CENTOS7HVM: ami-0affd4508a5d2481b
SLES15HVM: ami-0b1764f3d7d2e2316
us-gov-west-1:
AMZNLINUX2: ami-74c4f215
SLES15HVM: ami-57c0ba36
us-gov-east-1:
AMZNLINUX2: ami-30e00c41
SLES15HVM: ami-05e4bedfad53425e9
us-east-2:
AMZNLINUX2: ami-07c8bc5c1ce9598c3
US2004HVM: ami-07fb7bd53bacdfc16
CENTOS7HVM: ami-01e36b7901e884a10
SLES15HVM: ami-05ea824317ffc0c20
us-west-1:
AMZNLINUX2: ami-05655c267c89566dd
US2004HVM: ami-0cd230f950c3de5d8
CENTOS7HVM: ami-098f55b4287a885ba
SLES15HVM: ami-00e34a7624e5a7107
us-west-2:
AMZNLINUX2: ami-0873b46c45c11058d
US2004HVM: ami-056cb9ae6e2df09e8
CENTOS7HVM: ami-0bc06212a56393ee1
SLES15HVM: ami-0f1e3b3fb0fec0361
cn-north-1:
AMZNLINUX2: ami-010e92a33d9d1fc40
CENTOS7HVM: ami-0e02aaefeb74c3373
SLES15HVM: ami-021392849b6221a81
cn-northwest-1:
AMZNLINUX2: ami-0959f8e18a2aac0fb
CENTOS7HVM: ami-07183a7702633260b
SLES15HVM: ami-00e1de3ee6d0d28ea
LinuxAMINameMap:
Amazon-Linux2-HVM:
Code: AMZNLINUX2
OS: Amazon
CentOS-7-HVM:
Code: CENTOS7HVM
OS: CentOS
Ubuntu-Server-18.04-LTS-HVM:
Code: US1804HVM
OS: Ubuntu
Ubuntu-Server-20.04-LTS-HVM:
Code: US2004HVM
OS: Ubuntu
SUSE-SLES-15-HVM:
Code: SLES15HVM
OS: SLES
Conditions:
2BastionCondition: !Or
- !Equals
- !Ref NumBastionHosts
- '2'
- !Condition 3BastionCondition
- !Condition 4BastionCondition
3BastionCondition: !Or
- !Equals
- !Ref NumBastionHosts
- '3'
- !Condition 4BastionCondition
4BastionCondition: !Equals
- !Ref NumBastionHosts
- '4'
UseAlternativeInitialization: !Not
- !Equals
- !Ref AlternativeInitializationScript
- ''
CreateIAMRole: !Equals
- !Ref AlternativeIAMRole
- ''
UseOSImageOverride: !Not
- !Equals
- !Ref OSImageOverride
- ''
UsingDefaultBucket: !Equals
- !Ref QSS3BucketName
- 'aws-quickstart'
DefaultBanner: !Equals [!Ref BastionBanner, ""]
Resources:
BastionMainLogGroup:
Type: 'AWS::Logs::LogGroup'
SSHMetricFilter:
Type: 'AWS::Logs::MetricFilter'
Properties:
LogGroupName: !Ref BastionMainLogGroup
FilterPattern: ON FROM USER PWD
MetricTransformations:
- MetricName: SSHCommandCount
MetricValue: '1'
MetricNamespace: !Sub "AWSQuickStart/${AWS::StackName}"
BastionHostRole:
Condition: CreateIAMRole
Type: 'AWS::IAM::Role'
Properties:
Path: /
AssumeRolePolicyDocument:
Statement:
- Action:
- 'sts:AssumeRole'
Principal:
Service:
- !Sub 'ec2.${AWS::URLSuffix}'
Effect: Allow
Version: 2012-10-17
ManagedPolicyArns:
- !Sub 'arn:${AWS::Partition}:iam::aws:policy/AmazonSSMManagedInstanceCore'
- !Sub 'arn:${AWS::Partition}:iam::aws:policy/CloudWatchAgentServerPolicy'
BastionHostPolicy:
Type: 'AWS::IAM::Policy'
Properties:
PolicyName: BastionPolicy
PolicyDocument:
Version: 2012-10-17
Statement:
- Action:
- 's3:GetObject'
Resource: !Sub
- arn:${AWS::Partition}:s3:::${S3Bucket}/${QSS3KeyPrefix}*
- S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
Effect: Allow
- Action:
- 'logs:CreateLogStream'
- 'logs:GetLogEvents'
- 'logs:PutLogEvents'
- 'logs:DescribeLogGroups'
- 'logs:DescribeLogStreams'
- 'logs:PutRetentionPolicy'
- 'logs:PutMetricFilter'
- 'logs:CreateLogGroup'
Resource: !Sub "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:${BastionMainLogGroup}:*"
Effect: Allow
- Action:
- 'ec2:AssociateAddress'
- 'ec2:DescribeAddresses'
Resource: '*'
Effect: Allow
Roles:
- !If
- CreateIAMRole
- !Ref BastionHostRole
- !Ref AlternativeIAMRole
BastionHostProfile:
DependsOn: BastionHostPolicy
Type: 'AWS::IAM::InstanceProfile'
Properties:
Roles:
- !If
- CreateIAMRole
- !Ref BastionHostRole
- !Ref AlternativeIAMRole
Path: /
EIP1:
Type: 'AWS::EC2::EIP'
Properties:
Domain: vpc
EIP2:
Type: 'AWS::EC2::EIP'
Condition: 2BastionCondition
Properties:
Domain: vpc
EIP3:
Type: 'AWS::EC2::EIP'
Condition: 3BastionCondition
Properties:
Domain: vpc
EIP4:
Type: 'AWS::EC2::EIP'
Condition: 4BastionCondition
Properties:
Domain: vpc
BastionAutoScalingGroup:
Type: 'AWS::AutoScaling::AutoScalingGroup'
Properties:
LaunchConfigurationName: !Ref BastionLaunchConfiguration
VPCZoneIdentifier:
- !Ref PublicSubnet1ID
- !Ref PublicSubnet2ID
MinSize: !Ref NumBastionHosts
MaxSize: !Ref NumBastionHosts
Cooldown: '900'
DesiredCapacity: !Ref NumBastionHosts
Tags:
- Key: Name
Value: !Ref BastionHostName
PropagateAtLaunch: true
CreationPolicy:
ResourceSignal:
Count: !Ref NumBastionHosts
Timeout: PT60M
AutoScalingCreationPolicy:
MinSuccessfulInstancesPercent: 100
UpdatePolicy:
AutoScalingReplacingUpdate:
WillReplace: true
BastionLaunchConfiguration:
Type: 'AWS::AutoScaling::LaunchConfiguration'
Metadata:
'AWS::CloudFormation::Authentication':
S3AccessCreds:
type: S3
roleName: !If
- CreateIAMRole
- !Ref BastionHostRole
- !Ref AlternativeIAMRole
buckets:
- !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
'AWS::CloudFormation::Init':
config:
files:
/tmp/auditd.rules:
mode: '000550'
owner: root
group: root
content: |
-a exit,always -F arch=b64 -S execve
-a exit,always -F arch=b32 -S execve
/tmp/auditing_configure.sh:
source: !Sub
- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/auditing_configure.sh
- S3Bucket: !If
- UsingDefaultBucket
- !Sub 'aws-quickstart-${AWS::Region}'
- !Ref 'QSS3BucketName'
S3Region: !If
- UsingDefaultBucket
- !Ref 'AWS::Region'
- !Ref 'QSS3BucketRegion'
mode: '000550'
owner: root
group: root
authentication: S3AccessCreds
/tmp/bastion_bootstrap.sh:
source: !If
- UseAlternativeInitialization
- !Ref AlternativeInitializationScript
- !Sub
- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/bastion_bootstrap.sh
- S3Bucket: !If
- UsingDefaultBucket
- !Sub 'aws-quickstart-${AWS::Region}'
- !Ref 'QSS3BucketName'
S3Region: !If
- UsingDefaultBucket
- !Ref 'AWS::Region'
- !Ref 'QSS3BucketRegion'
mode: '000550'
owner: root
group: root
authentication: S3AccessCreds
commands:
a-add_auditd_rules:
cwd: '/tmp/'
env:
BASTION_OS: !FindInMap [LinuxAMINameMap, !Ref BastionAMIOS, OS]
command: "./auditing_configure.sh"
# command:
# - !If [ ]
# - "cat /tmp/auditd.rules >> /etc/audit/rules.d/audit.rules && service auditd restart"
b-bootstrap:
cwd: '/tmp/'
env:
REGION: !Sub ${AWS::Region}
URL_SUFFIX: !Sub ${AWS::URLSuffix}
BANNER_REGION: !If [ UsingDefaultBucket, !Ref 'AWS::Region', !Ref 'QSS3BucketRegion' ]
command: !Sub
- "./bastion_bootstrap.sh --banner ${BannerUrl} --enable ${EnableBanner} --tcp-forwarding ${EnableTCPForwarding} --x11-forwarding ${EnableX11Forwarding}"
- BannerUrl: !If
- DefaultBanner
- !Sub
- s3://${S3Bucket}/${QSS3KeyPrefix}scripts/banner_message.txt
- S3Bucket: !If [ UsingDefaultBucket, !Sub 'aws-quickstart-${AWS::Region}', !Ref 'QSS3BucketName' ]
- !Ref BastionBanner
Properties:
AssociatePublicIpAddress: true
PlacementTenancy: !Ref BastionTenancy
KeyName: !Ref KeyPairName
IamInstanceProfile: !Ref BastionHostProfile
ImageId: !If
- UseOSImageOverride
- !Ref OSImageOverride
- !FindInMap
- AWSAMIRegionMap
- !Ref 'AWS::Region'
- !FindInMap
- LinuxAMINameMap
- !Ref BastionAMIOS
- Code
SecurityGroups:
- !Ref BastionSecurityGroup
InstanceType: !Ref BastionInstanceType
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
VolumeSize: !Ref RootVolumeSize
VolumeType: gp2
Encrypted: true
DeleteOnTermination: true
UserData:
Fn::Base64: !Sub
- |
#!/bin/bash
set -x
for e in $(echo "${EnvironmentVariables}" | tr ',' ' '); do
export $e
done
export PATH=$PATH:/usr/local/bin
#cfn signaling functions
yum install git -y || apt-get install -y git || zypper -n install git
function cfn_fail
{
cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource BastionAutoScalingGroup
exit 1
}
function cfn_success
{
cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource BastionAutoScalingGroup
exit 0
}
until git clone https://github.com/aws-quickstart/quickstart-linux-utilities.git ; do echo "Retrying"; done
cd /quickstart-linux-utilities;
source quickstart-cfn-tools.source;
qs_update-os || qs_err;
qs_bootstrap_pip || qs_err " pip bootstrap failed ";
qs_aws-cfn-bootstrap || qs_err " cfn bootstrap failed ";
EIP_LIST="${EIP1},${EIP2},${EIP3},${EIP4}"
CLOUDWATCHGROUP=${BastionMainLogGroup}
cfn-init -v --stack '${AWS::StackName}' --resource BastionLaunchConfiguration --region ${AWS::Region} || cfn_fail
[ $(qs_status) == 0 ] && cfn_success || cfn_fail
- EIP2:
!If
- 2BastionCondition
- !Ref EIP2
- 'Null'
EIP3:
!If
- 3BastionCondition
- !Ref EIP3
- 'Null'
EIP4:
!If
- 4BastionCondition
- !Ref EIP4
- 'Null'
BastionSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: Enables SSH Access to Bastion Hosts
VpcId: !Ref VPCID
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: !Ref RemoteAccessCIDR
- IpProtocol: icmp
FromPort: -1
ToPort: -1
CidrIp: !Ref RemoteAccessCIDR
Outputs:
BastionAutoScalingGroup:
Description: Auto Scaling Group Reference ID
Value: !Ref BastionAutoScalingGroup
Export:
Name: !Sub '${AWS::StackName}-BastionAutoScalingGroup'
EIP1:
Description: Elastic IP 1 for Bastion
Value: !Ref EIP1
Export:
Name: !Sub '${AWS::StackName}-EIP1'
EIP2:
Condition: 2BastionCondition
Description: Elastic IP 2 for Bastion
Value: !Ref EIP2
Export:
Name: !Sub '${AWS::StackName}-EIP2'
EIP3:
Condition: 3BastionCondition
Description: Elastic IP 3 for Bastion
Value: !Ref EIP3
Export:
Name: !Sub '${AWS::StackName}-EIP3'
EIP4:
Condition: 4BastionCondition
Description: Elastic IP 4 for Bastion
Value: !Ref EIP4
Export:
Name: !Sub '${AWS::StackName}-EIP4'
CloudWatchLogs:
Description: CloudWatch Logs GroupName. Your SSH logs will be stored here.
Value: !Ref BastionMainLogGroup
Export:
Name: !Sub '${AWS::StackName}-CloudWatchLogs'
BastionSecurityGroupID:
Description: Bastion Security Group ID
Value: !Ref BastionSecurityGroup
Export:
Name: !Sub '${AWS::StackName}-BastionSecurityGroupID'
BastionHostRole:
Description: Bastion IAM Role name
Value: !If
- CreateIAMRole
- !Ref BastionHostRole
- !Ref AlternativeIAMRole
Export:
Name: !Sub '${AWS::StackName}-BastionHostRole'

6
Amazon/artifactory7/latest/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml
View File

@@ -365,7 +365,7 @@ Parameters:
https://www.jfrog.com/confluence/display/RTF/Release+Notes. https://www.jfrog.com/confluence/display/RTF/Release+Notes.
AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$
ConstraintDescription: A version that matches X.X.X per Artifactory releases ConstraintDescription: A version that matches X.X.X per Artifactory releases
Default: 7.17.4 Default: 7.17.5
Type: String Type: String
SmLicenseName: SmLicenseName:
Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses. Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses.
@@ -504,7 +504,7 @@ Parameters:
Description: The version of Xray that you want to deploy into the Quick Start. Description: The version of Xray that you want to deploy into the Quick Start.
AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$
ConstraintDescription: A version that matches X.X.X per Xray releases. ConstraintDescription: A version that matches X.X.X per Xray releases.
Default: 3.21.2 Default: 3.22.1
Type: String Type: String
XrayNumberOfInstances: XrayNumberOfInstances:
Description: The number of Xray instances servers to complete your Description: The number of Xray instances servers to complete your
@@ -546,7 +546,7 @@ Conditions:
IsArtifactory: !Not [!Equals [!Ref ArtifactoryProduct, 'JFrog-Container-Registry']] IsArtifactory: !Not [!Equals [!Ref ArtifactoryProduct, 'JFrog-Container-Registry']]
HasSecondaryNodes: !Not [!Equals [!Ref NumberOfSecondary, '0']] HasSecondaryNodes: !Not [!Equals [!Ref NumberOfSecondary, '0']]
DefaultJava: !Equals [!Ref DefaultJavaMemSettings, "true"] DefaultJava: !Equals [!Ref DefaultJavaMemSettings, "true"]
UsingDefaultBucket: !Equals [!Ref QsS3BucketName, 'aws-quickstart'] UsingDefaultBucket: !Equals [!Ref QsS3BucketName, 'jfrog-aws']
EnableXray: !Equals [!Ref InstallXray, 'true'] EnableXray: !Equals [!Ref InstallXray, 'true']
SmCertNameNotExists: !Equals [!Ref 'SmCertName', ''] SmCertNameNotExists: !Equals [!Ref 'SmCertName', '']
SmCertNameExists: !Not [!Equals [!Ref 'SmCertName', '']] SmCertNameExists: !Not [!Equals [!Ref 'SmCertName', '']]

6
Amazon/artifactory7/latest/templates/jfrog-artifactory-ec2-master.template.yaml
View File

@@ -343,7 +343,7 @@ Parameters:
Description: Version of Artifactory that you want to deploy into the Quick Start. Description: Version of Artifactory that you want to deploy into the Quick Start.
To select the correct version, see the release notes at To select the correct version, see the release notes at
https://www.jfrog.com/confluence/display/RTF/Release+Notes. https://www.jfrog.com/confluence/display/RTF/Release+Notes.
Default: 7.17.4 Default: 7.17.5
Type: String Type: String
SmLicenseName: SmLicenseName:
Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses. Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses.
@@ -480,7 +480,7 @@ Parameters:
Type: String Type: String
XrayVersion: XrayVersion:
Description: The version of Xray that you want to deploy into the Quick Start. Description: The version of Xray that you want to deploy into the Quick Start.
Default: 3.21.2 Default: 3.22.1
Type: String Type: String
XrayNumberOfInstances: XrayNumberOfInstances:
Description: The number of Xray instances servers to complete your Description: The number of Xray instances servers to complete your
@@ -517,7 +517,7 @@ Parameters:
NoEcho: 'true' NoEcho: 'true'
Type: String Type: String
Conditions: Conditions:
UsingDefaultBucket: !Equals [!Ref QsS3BucketName, 'aws-quickstart'] UsingDefaultBucket: !Equals [!Ref QsS3BucketName, 'jfrog-aws']
Resources: Resources:
ArtifactoryVpcStack: ArtifactoryVpcStack:

6
Amazon/artifactory7/latest/templates/jfrog-artifactory-pro-ec2-existing-vpc-master.template.yaml
View File

@@ -222,7 +222,7 @@ Parameters:
https://www.jfrog.com/confluence/display/RTF/Release+Notes. https://www.jfrog.com/confluence/display/RTF/Release+Notes.
AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$
ConstraintDescription: A version that matches X.X.X per Artifactory releases. ConstraintDescription: A version that matches X.X.X per Artifactory releases.
Default: 7.17.4 Default: 7.17.5
Type: String Type: String
SmLicenseName: SmLicenseName:
Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses. Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses.
@@ -294,7 +294,7 @@ Parameters:
Description: The version of Xray that you want to deploy into the Quick Start. Description: The version of Xray that you want to deploy into the Quick Start.
AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$
ConstraintDescription: A version that matches X.X.X per Xray releases. ConstraintDescription: A version that matches X.X.X per Xray releases.
Default: 3.21.2 Default: 3.22.1
Type: String Type: String
XrayInstanceType: XrayInstanceType:
Description: The EC2 instance type for the Xray instances. Description: The EC2 instance type for the Xray instances.
@@ -305,7 +305,7 @@ Parameters:
Default: c5.2xlarge Default: c5.2xlarge
Type: String Type: String
Conditions: Conditions:
UsingDefaultBucket: !Equals [!Ref QsS3BucketName, 'aws-quickstart'] UsingDefaultBucket: !Equals [!Ref QsS3BucketName, 'jfrog-aws']
Resources: Resources:
ArtifactoryExistingVpcStack: ArtifactoryExistingVpcStack:
Type: AWS::CloudFormation::Stack Type: AWS::CloudFormation::Stack

6
Amazon/artifactory7/latest/templates/jfrog-artifactory-pro-ec2-new-vpc-master.template.yaml
View File

@@ -176,7 +176,7 @@ Parameters:
Description: Version of Artifactory that you want to deploy into the Quick Start. Description: Version of Artifactory that you want to deploy into the Quick Start.
To select the correct version, see the release notes at To select the correct version, see the release notes at
https://www.jfrog.com/confluence/display/RTF/Release+Notes. https://www.jfrog.com/confluence/display/RTF/Release+Notes.
Default: 7.17.4 Default: 7.17.5
Type: String Type: String
SmLicenseName: SmLicenseName:
Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses. Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses.
@@ -242,7 +242,7 @@ Parameters:
Type: String Type: String
XrayVersion: XrayVersion:
Description: The version of Xray that you want to deploy into the Quick Start. Description: The version of Xray that you want to deploy into the Quick Start.
Default: 3.21.2 Default: 3.22.1
Type: String Type: String
XrayInstanceType: XrayInstanceType:
Description: The EC2 instance type for the Xray instances. Description: The EC2 instance type for the Xray instances.
@@ -253,7 +253,7 @@ Parameters:
Default: c5.2xlarge Default: c5.2xlarge
Type: String Type: String
Conditions: Conditions:
UsingDefaultBucket: !Equals [!Ref QsS3BucketName, 'aws-quickstart'] UsingDefaultBucket: !Equals [!Ref QsS3BucketName, 'jfrog-aws']
Resources: Resources:
ArtifactoryNewVpcStack: ArtifactoryNewVpcStack:
Type: AWS::CloudFormation::Stack Type: AWS::CloudFormation::Stack

5
Amazon/artifactory7/v7175/cloudInstallerScripts/artifactory-ami.yml Normal file
View File

@@ -0,0 +1,5 @@
- hosts: localhost
gather_facts: true
become: true
roles:
- name: artifactory-ami

29
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-ami/.travis.yml Normal file
View File

@@ -0,0 +1,29 @@
---
language: python
python: "2.7"
# Use the new container infrastructure
sudo: false
# Install ansible
addons:
apt:
packages:
- python-pip
install:
# Install ansible
- pip install ansible
# Check ansible version
- ansible --version
# Create ansible.cfg with correct roles_path
- printf '[defaults]\nroles_path=../' >ansible.cfg
script:
# Basic role syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

60
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-ami/defaults/main.yml Normal file
View File

@@ -0,0 +1,60 @@
---
# defaults file for artifactory
# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone)
ansible_marketplace: standalone
# whether we are creating a AMI for Marketplace or just for configuring EC2 instance
ami_creation: false
# The version of Artifactory to install
artifactory_version: 7.15.3
# licenses file - specify a licenses file or specify up to 5 licenses
artifactory_license1:
artifactory_license2:
artifactory_license3:
artifactory_license4:
artifactory_license5:
artifactory_license6:
# whether to enable HA
artifactory_ha_enabled: true
# value for whether a host is primary. this should be set in host vars
artifactory_is_primary: true
# The location where Artifactory should install.
artifactory_download_directory: /opt/jfrog
# The location where Artifactory should store data.
artifactory_file_store_dir: /data
extra_java_opts: -server -Xms2g -Xmx14g -Xss256k -XX:+UseG1GC
# Pick the Artifactory flavour to install, can be also cpp-ce, jcr, pro.
# for Artifactory, use following values
artifactory_flavour: pro
artifactory_tar: https://releases.jfrog.io/artifactory/artifactory-pro/org/artifactory/{{ artifactory_flavour }}/jfrog-artifactory-{{ artifactory_flavour }}/{{ artifactory_version }}/jfrog-artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}-linux.tar.gz
# for JCR, use following values
# artifactory_flavour: jcr
# artifactory_tar: https://dl.bintray.com/jfrog/artifactory/org/artifactory/{{ artifactory_flavour }}/jfrog-artifactory-{{ artifactory_flavour }}/{{ artifactory_version }}/jfrog-artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}-linux.tar.gz
artifactory_home: "{{ artifactory_download_directory }}/artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}"
db_download_url: "https://jdbc.postgresql.org/download/postgresql-42.2.12.jar"
artifactory_user: artifactory
artifactory_group: artifactory
# Set the parameters required for the service.
service_list:
- name: artifactory
description: Start script for Artifactory
start_command: "{{ artifactory_home }}/bin/artifactory.sh start"
stop_command: "{{ artifactory_home }}/bin/artifactory.sh stop"
type: forking
status_pattern: artifactory
user_name: "{{ artifactory_user }}"
group_name: "{{ artifactory_group }}"

10
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-ami/handlers/main.yml Normal file
View File

@@ -0,0 +1,10 @@
---
# handlers file for artifactory
- name: systemctl daemon-reload
systemd:
daemon_reload: yes
- name: restart artifactory
service:
name: artifactory
state: restarted

6
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-ami/meta/exception.yml Normal file
View File

@@ -0,0 +1,6 @@
---
exceptions:
- variation: Alpine
reason: Artifactory start/stop scripts don't properly work.
- variation: amazonlinux:1
reason: "Shutting down artifactory: /usr/bin/java\nfinding\nUsing the default catalina management port (8015) to test shutdown\nArtifactory Tomcat already stopped"

35
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-ami/meta/main.yml Normal file
View File

@@ -0,0 +1,35 @@
---
galaxy_info:
author: Robert de Bock
role_name: artifactory
description: Install and configure artifactory on your system.
license: Apache-2.0
company: none
min_ansible_version: 2.8
platforms:
- name: Debian
versions:
- all
- name: EL
versions:
- 7
- 8
- name: Fedora
versions:
- all
- name: OpenSUSE
versions:
- all
- name: Ubuntu
versions:
- bionic
galaxy_tags:
- artifactory
- centos
- redhat
- server
- system
dependencies: []

2
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-ami/meta/preferences.yml Normal file
View File

@@ -0,0 +1,2 @@
---
tox_parallel: yes

6
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-ami/meta/version.yml Normal file
View File

@@ -0,0 +1,6 @@
---
project_name: JFrog
reference: "https://github.com/robertdebock/ansible-role-artifactory/blob/master/defaults/main.yml"
versions:
- name: Artifactory
url: "https://releases.jfrog.io/artifactory/"

82
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-ami/tasks/main.yml Normal file
View File

@@ -0,0 +1,82 @@
---
# tasks file for artifactory
- name: install nginx
include_role:
name: artifactory-nginx-ami
- name: create group for artifactory
group:
name: "{{ artifactory_group }}"
state: present
become: yes
- name: create user for artifactory
user:
name: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
system: yes
become: yes
- name: ensure artifactory_download_directory exists
file:
path: "{{ artifactory_download_directory }}"
state: directory
become: yes
- name: download artifactory
unarchive:
src: "{{ artifactory_tar }}"
dest: "{{ artifactory_download_directory }}"
remote_src: yes
owner: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
creates: "{{ artifactory_home }}"
become: yes
register: downloadartifactory
until: downloadartifactory is succeeded
retries: 3
- name: ensure artifactory_file_store_dir exists
file:
path: "{{ artifactory_file_store_dir }}"
state: directory
owner: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
become: yes
- name: ensure data subdirectories exist
file:
path: "{{ artifactory_home }}/var/{{ item }}"
state: directory
owner: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
loop:
- "bootstrap"
- "etc"
become: yes
- name: download database driver
get_url:
url: "{{ db_download_url }}"
dest: "{{ artifactory_home }}/var/bootstrap/artifactory/tomcat/lib"
owner: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
become: yes
- name: clean up after creating ami
block:
- name: Remove SSH keys
file:
path: "{{ ssh_keys.dir }}"
state: absent
loop:
- dir: "/home/.jfrog_ami/.ssh/authorized_keys"
- dir: "/root/.ssh/authorized_keys"
- dir: "/home/centos/.ssh/authorized_keys"
loop_control:
loop_var: ssh_keys
- name: shutdown VM
command: /sbin/shutdown -h now
ignore_errors: 'yes'
when: ami_creation

37
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-ami/templates/artifactory.cluster.license.j2 Normal file
View File

@@ -0,0 +1,37 @@
{% if artifactory_license1 %}
{% if artifactory_license1|length %}
{{ artifactory_license1 }}
{% endif %}
{% endif %}
{% if artifactory_license2 %}
{% if artifactory_license2|length %}
{{ artifactory_license2 }}
{% endif %}
{% endif %}
{% if artifactory_license3 %}
{% if artifactory_license3|length %}
{{ artifactory_license3 }}
{% endif %}
{% endif %}
{% if artifactory_license4 %}
{% if artifactory_license4|length %}
{{ artifactory_license4 }}
{% endif %}
{% endif %}
{% if artifactory_license5 %}
{% if artifactory_license5|length %}
{{ artifactory_license5 }}
{% endif %}
{% endif %}
{% if artifactory_license6 %}
{% if artifactory_license6|length %}
{{ artifactory_license6 }}
{% endif %}
{% endif %}

4
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-ami/templates/binarystore.xml.j2 Normal file
View File

@@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
<config version="2">
<chain template="cluster-file-system"/>
</config>

12
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-ami/templates/installer-info.json.j2 Normal file
View File

@@ -0,0 +1,12 @@
{
"productId": "Ansible_artifactory/1.0.0",
"features": [
{
"featureId": "Partner/ACC-006973"
},
{
"featureId": "Channel/{{ ansible_marketplace }}"
}
]
}

1
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-ami/templates/join.key.j2 Normal file
View File

@@ -0,0 +1 @@
{{ join_key }}

1
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-ami/templates/master.key.j2 Normal file
View File

@@ -0,0 +1 @@
{{ master_key }}

38
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-ami/templates/system.yaml.j2 Normal file
View File

@@ -0,0 +1,38 @@
## @formatter:off
## JFROG ARTIFACTORY SYSTEM CONFIGURATION FILE
## HOW TO USE: comment-out any field and keep the correct yaml indentation by deleting only the leading '#' character.
configVersion: 1
## NOTE: JFROG_HOME is a place holder for the JFrog root directory containing the deployed product, the home directory for all JFrog products.
## Replace JFROG_HOME with the real path! For example, in RPM install, JFROG_HOME=/opt/jfrog
## NOTE: Sensitive information such as passwords and join key are encrypted on first read.
## NOTE: The provided commented key and value is the default.
## SHARED CONFIGURATIONS
## A shared section for keys across all services in this config
shared:
## Node Settings
node:
## A unique id to identify this node.
## Default: auto generated at startup.
id: {{ ansible_machine_id }}
## Sets this node as primary in HA installation
primary: {{ artifactory_is_primary }}
## Sets this node as part of HA installation
haEnabled: {{ artifactory_ha_enabled }}
## Database Configuration
database:
## One of: mysql, oracle, mssql, postgresql, mariadb
## Default: Embedded derby
## Example for mysql/postgresql
type: "{{ db_type }}"
driver: "{{ db_driver }}"
url: "{{ db_url }}"
username: "{{ db_user }}"
password: "{{ db_password }}"

2
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-ami/vars/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---

29
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx-ami/.travis.yml Normal file
View File

@@ -0,0 +1,29 @@
---
language: python
python: "2.7"
# Use the new container infrastructure
sudo: false
# Install ansible
addons:
apt:
packages:
- python-pip
install:
# Install ansible
- pip install ansible
# Check ansible version
- ansible --version
# Create ansible.cfg with correct roles_path
- printf '[defaults]\nroles_path=../' >ansible.cfg
script:
# Basic role syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

2
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx-ami/defaults/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# defaults file for artifactory-nginx

37
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx-ami/files/nginx.conf Normal file
View File

@@ -0,0 +1,37 @@
#user nobody;
worker_processes 1;
error_log /var/log/nginx/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
variables_hash_max_size 1024;
variables_hash_bucket_size 64;
server_names_hash_max_size 4096;
server_names_hash_bucket_size 128;
types_hash_max_size 2048;
types_hash_bucket_size 64;
proxy_read_timeout 2400s;
client_header_timeout 2400s;
client_body_timeout 2400s;
proxy_connect_timeout 75s;
proxy_send_timeout 2400s;
proxy_buffer_size 32k;
proxy_buffers 40 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 250m;
proxy_http_version 1.1;
client_body_buffer_size 128k;
include /etc/nginx/conf.d/*.conf;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
}

2
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx-ami/handlers/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# handlers file for artifactory-nginx

53
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx-ami/meta/main.yml Normal file
View File

@@ -0,0 +1,53 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.9
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

30
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx-ami/tasks/main.yml Normal file
View File

@@ -0,0 +1,30 @@
---
- name: Add epel-release repo
yum:
name: epel-release
state: present
vars:
ansible_python_interpreter: /bin/python2
- name: Install nginx
yum:
name: nginx
state: present
vars:
ansible_python_interpreter: /bin/python2
- name: configure main nginx conf file.
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0755'
become: yes
- name: restart nginx
service:
name: nginx
state: restarted
enabled: yes
become: yes

43
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx-ami/templates/artifactory.conf.j2 Normal file
View File

@@ -0,0 +1,43 @@
###########################################################
## this configuration was generated by JFrog Artifactory ##
###########################################################
## add HA entries when ha is configure
upstream artifactory {
server 127.0.0.1:8082;
}
upstream artifactory-direct {
server 127.0.0.1:8081;
}
## server configuration
server {
listen 80 ;
server_name _;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
## Application specific logs
access_log /var/log/nginx/artifactory-access.log;
error_log /var/log/nginx/artifactory-error.log;
rewrite ^/$ /ui/ redirect;
rewrite ^/ui$ /ui/ redirect;
chunked_transfer_encoding on;
client_max_body_size 0;
location / {
proxy_read_timeout 2400s;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
proxy_pass "http://artifactory";
proxy_next_upstream error timeout non_idempotent;
proxy_next_upstream_tries 1;
proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location ~ ^/artifactory/ {
proxy_pass http://artifactory-direct;
}
}
}

2
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx-ami/tests/inventory Normal file
View File

@@ -0,0 +1,2 @@
localhost

5
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx-ami/tests/test.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- artifactory-nginx

2
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx-ami/vars/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# vars file for artifactory-nginx

29
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx-ssl/.travis.yml Normal file
View File

@@ -0,0 +1,29 @@
---
language: python
python: "2.7"
# Use the new container infrastructure
sudo: false
# Install ansible
addons:
apt:
packages:
- python-pip
install:
# Install ansible
- pip install ansible
# Check ansible version
- ansible --version
# Create ansible.cfg with correct roles_path
- printf '[defaults]\nroles_path=../' >ansible.cfg
script:
# Basic role syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

2
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx-ssl/defaults/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# defaults file for artifactory-nginx

2
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx-ssl/handlers/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# handlers file for artifactory-nginx

53
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx-ssl/meta/main.yml Normal file
View File

@@ -0,0 +1,53 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.9
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

54
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx-ssl/tasks/main.yml Normal file
View File

@@ -0,0 +1,54 @@
---
# tasks file for artifactory-nginx
- name: configure the artifactory nginx conf
template:
src: artifactory.conf.j2
dest: /etc/nginx/conf.d/artifactory.conf
owner: root
group: root
mode: '0755'
become: yes
- name: ensure nginx dir exists
file:
path: "/var/opt/jfrog/nginx/ssl"
state: directory
become: yes
- name: configure certificate
template:
src: certificate.pem.j2
dest: "/var/opt/jfrog/nginx/ssl/cert.pem"
become: yes
- name: ensure pki exists
file:
path: "/etc/pki/tls"
state: directory
become: yes
- name: configure key
template:
src: certificate.key.j2
dest: "/etc/pki/tls/cert.key"
become: yes
- name: Allow apache to modify files in /srv/git_repos
sefcontext:
target: '/var/opt/jfrog/nginx/ssl/cert.pem'
setype: httpd_sys_content_t
state: present
vars:
ansible_python_interpreter: /bin/python2
become: yes
- name: Apply new SELinux file context to filesystem
command: restorecon -v /var/opt/jfrog/nginx/ssl/cert.pem
become: yes
- name: restart nginx
service:
name: nginx
state: restarted
enabled: yes
become: yes

49
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx-ssl/templates/artifactory.conf.j2 Normal file
View File

@@ -0,0 +1,49 @@
###########################################################
## this configuration was generated by JFrog Artifactory ##
###########################################################
## add HA entries when ha is configure
upstream artifactory {
server 127.0.0.1:8082;
}
upstream artifactory-direct {
server 127.0.0.1:8081;
}
ssl_protocols TLSv1.1 TLSv1.2;
ssl_certificate /var/opt/jfrog/nginx/ssl/cert.pem;
ssl_certificate_key /etc/pki/tls/cert.key;
ssl_session_cache shared:SSL:1m;
ssl_prefer_server_ciphers on;
## server configuration
server {
listen 80;
listen 443 ssl http2;
server_name _;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
## Application specific logs
access_log /var/log/nginx/artifactory-access.log;
error_log /var/log/nginx/artifactory-error.log;
rewrite ^/$ /ui/ redirect;
rewrite ^/ui$ /ui/ redirect;
chunked_transfer_encoding on;
client_max_body_size 0;
location / {
proxy_read_timeout 2400s;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
proxy_pass "http://artifactory";
proxy_next_upstream error timeout non_idempotent;
proxy_next_upstream_tries 1;
proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location ~ ^/artifactory/ {
proxy_pass http://artifactory-direct;
}
}
}

1
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx-ssl/templates/certificate.key.j2 Normal file
View File

@@ -0,0 +1 @@
{{ certificate_key | regex_replace('(-+(BEGIN|END) [A-Z ]*-+ ?|[A-Za-z0-9\+=/]* )', '\\1\n') }}

1
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx-ssl/templates/certificate.pem.j2 Normal file
View File

@@ -0,0 +1 @@
{{ certificate | regex_replace('(-+(BEGIN|END) [A-Z ]*-+ ?|[A-Za-z0-9\+=/]* )', '\\1\n') }}

2
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx-ssl/tests/inventory Normal file
View File

@@ -0,0 +1,2 @@
localhost

5
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx-ssl/tests/test.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- artifactory-nginx

2
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx-ssl/vars/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# vars file for artifactory-nginx

29
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx/.travis.yml Normal file
View File

@@ -0,0 +1,29 @@
---
language: python
python: "2.7"
# Use the new container infrastructure
sudo: false
# Install ansible
addons:
apt:
packages:
- python-pip
install:
# Install ansible
- pip install ansible
# Check ansible version
- ansible --version
# Create ansible.cfg with correct roles_path
- printf '[defaults]\nroles_path=../' >ansible.cfg
script:
# Basic role syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

2
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx/defaults/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# defaults file for artifactory-nginx

37
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx/files/nginx.conf Normal file
View File

@@ -0,0 +1,37 @@
#user nobody;
worker_processes 1;
error_log /var/log/nginx/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
variables_hash_max_size 1024;
variables_hash_bucket_size 64;
server_names_hash_max_size 4096;
server_names_hash_bucket_size 128;
types_hash_max_size 2048;
types_hash_bucket_size 64;
proxy_read_timeout 2400s;
client_header_timeout 2400s;
client_body_timeout 2400s;
proxy_connect_timeout 75s;
proxy_send_timeout 2400s;
proxy_buffer_size 32k;
proxy_buffers 40 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 250m;
proxy_http_version 1.1;
client_body_buffer_size 128k;
include /etc/nginx/conf.d/*.conf;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
}

2
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx/handlers/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# handlers file for artifactory-nginx

53
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx/meta/main.yml Normal file
View File

@@ -0,0 +1,53 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.9
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

34
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx/tasks/main.yml Normal file
View File

@@ -0,0 +1,34 @@
---
- name: configure main nginx conf file.
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0755'
become: yes
- name: configure main nginx conf file.
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0755'
become: yes
- name: configure the artifactory nginx conf
template:
src: artifactory.conf.j2
dest: /etc/nginx/conf.d/artifactory.conf
owner: root
group: root
mode: '0755'
become: yes
- name: restart nginx
service:
name: nginx
state: restarted
enabled: yes
become: yes

43
Amazon/artifactory7/v7175/cloudInstallerScripts/roles/artifactory-nginx/templates/artifactory.conf.j2 Normal file
View File

@@ -0,0 +1,43 @@
###########################################################
## this configuration was generated by JFrog Artifactory ##
###########################################################
## add HA entries when ha is configure
upstream artifactory {
server 127.0.0.1:8082;
}
upstream artifactory-direct {
server 127.0.0.1:8081;
}
## server configuration
server {
listen 80 ;
server_name _;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
## Application specific logs
access_log /var/log/nginx/artifactory-access.log;
error_log /var/log/nginx/artifactory-error.log;
rewrite ^/$ /ui/ redirect;
rewrite ^/ui$ /ui/ redirect;
chunked_transfer_encoding on;
client_max_body_size 0;
location / {
proxy_read_timeout 2400s;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
proxy_pass "http://artifactory";
proxy_next_upstream error timeout non_idempotent;
proxy_next_upstream_tries 1;
proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location ~ ^/artifactory/ {
proxy_pass http://artifactory-direct;
}
}
}

Some files were not shown because too many files have changed in this diff Show More