mirror of
https://github.com/ZwareBear/JFrog-Cloud-Installers.git
synced 2026-01-21 09:06:57 -06:00
Checking in code for rt 7.17.4 version
This commit is contained in:
Vinay Aggarwal
@@ -0,0 +1,29 @@
|
||||
---
|
||||
language: python
|
||||
python: "2.7"
|
||||
|
||||
# Use the new container infrastructure
|
||||
sudo: false
|
||||
|
||||
# Install ansible
|
||||
addons:
|
||||
apt:
|
||||
packages:
|
||||
- python-pip
|
||||
|
||||
install:
|
||||
# Install ansible
|
||||
- pip install ansible
|
||||
|
||||
# Check ansible version
|
||||
- ansible --version
|
||||
|
||||
# Create ansible.cfg with correct roles_path
|
||||
- printf '[defaults]\nroles_path=../' >ansible.cfg
|
||||
|
||||
script:
|
||||
# Basic role syntax check
|
||||
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
|
||||
|
||||
notifications:
|
||||
webhooks: https://galaxy.ansible.com/api/v1/notifications/
|
||||
@@ -0,0 +1,60 @@
|
||||
---
|
||||
# defaults file for artifactory
|
||||
# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone)
|
||||
ansible_marketplace: standalone
|
||||
|
||||
# whether we are creating a AMI for Marketplace or just for configuring EC2 instance
|
||||
ami_creation: false
|
||||
|
||||
# The version of Artifactory to install
|
||||
artifactory_version: 7.15.3
|
||||
|
||||
# licenses file - specify a licenses file or specify up to 5 licenses
|
||||
artifactory_license1:
|
||||
artifactory_license2:
|
||||
artifactory_license3:
|
||||
artifactory_license4:
|
||||
artifactory_license5:
|
||||
artifactory_license6:
|
||||
|
||||
# whether to enable HA
|
||||
artifactory_ha_enabled: true
|
||||
|
||||
# value for whether a host is primary. this should be set in host vars
|
||||
artifactory_is_primary: true
|
||||
|
||||
# The location where Artifactory should install.
|
||||
artifactory_download_directory: /opt/jfrog
|
||||
|
||||
# The location where Artifactory should store data.
|
||||
artifactory_file_store_dir: /data
|
||||
|
||||
extra_java_opts: -server -Xms2g -Xmx14g -Xss256k -XX:+UseG1GC
|
||||
|
||||
|
||||
|
||||
# Pick the Artifactory flavour to install, can be also cpp-ce, jcr, pro.
|
||||
# for Artifactory, use following values
|
||||
artifactory_flavour: pro
|
||||
artifactory_tar: https://releases.jfrog.io/artifactory/artifactory-pro/org/artifactory/{{ artifactory_flavour }}/jfrog-artifactory-{{ artifactory_flavour }}/{{ artifactory_version }}/jfrog-artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}-linux.tar.gz
|
||||
|
||||
# for JCR, use following values
|
||||
# artifactory_flavour: jcr
|
||||
# artifactory_tar: https://dl.bintray.com/jfrog/artifactory/org/artifactory/{{ artifactory_flavour }}/jfrog-artifactory-{{ artifactory_flavour }}/{{ artifactory_version }}/jfrog-artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}-linux.tar.gz
|
||||
|
||||
artifactory_home: "{{ artifactory_download_directory }}/artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}"
|
||||
db_download_url: "https://jdbc.postgresql.org/download/postgresql-42.2.12.jar"
|
||||
|
||||
artifactory_user: artifactory
|
||||
artifactory_group: artifactory
|
||||
|
||||
# Set the parameters required for the service.
|
||||
service_list:
|
||||
- name: artifactory
|
||||
description: Start script for Artifactory
|
||||
start_command: "{{ artifactory_home }}/bin/artifactory.sh start"
|
||||
stop_command: "{{ artifactory_home }}/bin/artifactory.sh stop"
|
||||
type: forking
|
||||
status_pattern: artifactory
|
||||
user_name: "{{ artifactory_user }}"
|
||||
group_name: "{{ artifactory_group }}"
|
||||
@@ -0,0 +1,10 @@
|
||||
---
|
||||
# handlers file for artifactory
|
||||
- name: systemctl daemon-reload
|
||||
systemd:
|
||||
daemon_reload: yes
|
||||
|
||||
- name: restart artifactory
|
||||
service:
|
||||
name: artifactory
|
||||
state: restarted
|
||||
@@ -0,0 +1,6 @@
|
||||
---
|
||||
exceptions:
|
||||
- variation: Alpine
|
||||
reason: Artifactory start/stop scripts don't properly work.
|
||||
- variation: amazonlinux:1
|
||||
reason: "Shutting down artifactory: /usr/bin/java\nfinding\nUsing the default catalina management port (8015) to test shutdown\nArtifactory Tomcat already stopped"
|
||||
@@ -0,0 +1,35 @@
|
||||
---
|
||||
galaxy_info:
|
||||
author: Robert de Bock
|
||||
role_name: artifactory
|
||||
description: Install and configure artifactory on your system.
|
||||
license: Apache-2.0
|
||||
company: none
|
||||
min_ansible_version: 2.8
|
||||
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- all
|
||||
- name: EL
|
||||
versions:
|
||||
- 7
|
||||
- 8
|
||||
- name: Fedora
|
||||
versions:
|
||||
- all
|
||||
- name: OpenSUSE
|
||||
versions:
|
||||
- all
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- bionic
|
||||
|
||||
galaxy_tags:
|
||||
- artifactory
|
||||
- centos
|
||||
- redhat
|
||||
- server
|
||||
- system
|
||||
|
||||
dependencies: []
|
||||
@@ -0,0 +1,2 @@
|
||||
---
|
||||
tox_parallel: yes
|
||||
@@ -0,0 +1,6 @@
|
||||
---
|
||||
project_name: JFrog
|
||||
reference: "https://github.com/robertdebock/ansible-role-artifactory/blob/master/defaults/main.yml"
|
||||
versions:
|
||||
- name: Artifactory
|
||||
url: "https://releases.jfrog.io/artifactory/"
|
||||
@@ -0,0 +1,82 @@
|
||||
---
|
||||
# tasks file for artifactory
|
||||
- name: install nginx
|
||||
include_role:
|
||||
name: artifactory-nginx-ami
|
||||
|
||||
- name: create group for artifactory
|
||||
group:
|
||||
name: "{{ artifactory_group }}"
|
||||
state: present
|
||||
become: yes
|
||||
|
||||
- name: create user for artifactory
|
||||
user:
|
||||
name: "{{ artifactory_user }}"
|
||||
group: "{{ artifactory_group }}"
|
||||
system: yes
|
||||
become: yes
|
||||
|
||||
- name: ensure artifactory_download_directory exists
|
||||
file:
|
||||
path: "{{ artifactory_download_directory }}"
|
||||
state: directory
|
||||
become: yes
|
||||
|
||||
- name: download artifactory
|
||||
unarchive:
|
||||
src: "{{ artifactory_tar }}"
|
||||
dest: "{{ artifactory_download_directory }}"
|
||||
remote_src: yes
|
||||
owner: "{{ artifactory_user }}"
|
||||
group: "{{ artifactory_group }}"
|
||||
creates: "{{ artifactory_home }}"
|
||||
become: yes
|
||||
register: downloadartifactory
|
||||
until: downloadartifactory is succeeded
|
||||
retries: 3
|
||||
|
||||
- name: ensure artifactory_file_store_dir exists
|
||||
file:
|
||||
path: "{{ artifactory_file_store_dir }}"
|
||||
state: directory
|
||||
owner: "{{ artifactory_user }}"
|
||||
group: "{{ artifactory_group }}"
|
||||
become: yes
|
||||
|
||||
- name: ensure data subdirectories exist
|
||||
file:
|
||||
path: "{{ artifactory_home }}/var/{{ item }}"
|
||||
state: directory
|
||||
owner: "{{ artifactory_user }}"
|
||||
group: "{{ artifactory_group }}"
|
||||
loop:
|
||||
- "bootstrap"
|
||||
- "etc"
|
||||
become: yes
|
||||
|
||||
- name: download database driver
|
||||
get_url:
|
||||
url: "{{ db_download_url }}"
|
||||
dest: "{{ artifactory_home }}/var/bootstrap/artifactory/tomcat/lib"
|
||||
owner: "{{ artifactory_user }}"
|
||||
group: "{{ artifactory_group }}"
|
||||
become: yes
|
||||
|
||||
- name: clean up after creating ami
|
||||
block:
|
||||
- name: Remove SSH keys
|
||||
file:
|
||||
path: "{{ ssh_keys.dir }}"
|
||||
state: absent
|
||||
loop:
|
||||
- dir: "/home/.jfrog_ami/.ssh/authorized_keys"
|
||||
- dir: "/root/.ssh/authorized_keys"
|
||||
- dir: "/home/centos/.ssh/authorized_keys"
|
||||
loop_control:
|
||||
loop_var: ssh_keys
|
||||
|
||||
- name: shutdown VM
|
||||
command: /sbin/shutdown -h now
|
||||
ignore_errors: 'yes'
|
||||
when: ami_creation
|
||||
@@ -0,0 +1,37 @@
|
||||
{% if artifactory_license1 %}
|
||||
{% if artifactory_license1|length %}
|
||||
{{ artifactory_license1 }}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if artifactory_license2 %}
|
||||
|
||||
|
||||
{% if artifactory_license2|length %}
|
||||
{{ artifactory_license2 }}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if artifactory_license3 %}
|
||||
|
||||
|
||||
{% if artifactory_license3|length %}
|
||||
{{ artifactory_license3 }}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if artifactory_license4 %}
|
||||
|
||||
{% if artifactory_license4|length %}
|
||||
{{ artifactory_license4 }}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if artifactory_license5 %}
|
||||
|
||||
{% if artifactory_license5|length %}
|
||||
{{ artifactory_license5 }}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if artifactory_license6 %}
|
||||
|
||||
{% if artifactory_license6|length %}
|
||||
{{ artifactory_license6 }}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
@@ -0,0 +1,4 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<config version="2">
|
||||
<chain template="cluster-file-system"/>
|
||||
</config>
|
||||
@@ -0,0 +1,12 @@
|
||||
{
|
||||
"productId": "Ansible_artifactory/1.0.0",
|
||||
"features": [
|
||||
{
|
||||
"featureId": "Partner/ACC-006973"
|
||||
},
|
||||
{
|
||||
"featureId": "Channel/{{ ansible_marketplace }}"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
{{ join_key }}
|
||||
@@ -0,0 +1 @@
|
||||
{{ master_key }}
|
||||
@@ -0,0 +1,38 @@
|
||||
## @formatter:off
|
||||
## JFROG ARTIFACTORY SYSTEM CONFIGURATION FILE
|
||||
## HOW TO USE: comment-out any field and keep the correct yaml indentation by deleting only the leading '#' character.
|
||||
configVersion: 1
|
||||
|
||||
## NOTE: JFROG_HOME is a place holder for the JFrog root directory containing the deployed product, the home directory for all JFrog products.
|
||||
## Replace JFROG_HOME with the real path! For example, in RPM install, JFROG_HOME=/opt/jfrog
|
||||
|
||||
## NOTE: Sensitive information such as passwords and join key are encrypted on first read.
|
||||
## NOTE: The provided commented key and value is the default.
|
||||
|
||||
## SHARED CONFIGURATIONS
|
||||
## A shared section for keys across all services in this config
|
||||
shared:
|
||||
|
||||
## Node Settings
|
||||
node:
|
||||
## A unique id to identify this node.
|
||||
## Default: auto generated at startup.
|
||||
id: {{ ansible_machine_id }}
|
||||
|
||||
## Sets this node as primary in HA installation
|
||||
primary: {{ artifactory_is_primary }}
|
||||
|
||||
## Sets this node as part of HA installation
|
||||
haEnabled: {{ artifactory_ha_enabled }}
|
||||
|
||||
## Database Configuration
|
||||
database:
|
||||
## One of: mysql, oracle, mssql, postgresql, mariadb
|
||||
## Default: Embedded derby
|
||||
|
||||
## Example for mysql/postgresql
|
||||
type: "{{ db_type }}"
|
||||
driver: "{{ db_driver }}"
|
||||
url: "{{ db_url }}"
|
||||
username: "{{ db_user }}"
|
||||
password: "{{ db_password }}"
|
||||
@@ -0,0 +1,2 @@
|
||||
---
|
||||
|
||||
@@ -0,0 +1,29 @@
|
||||
---
|
||||
language: python
|
||||
python: "2.7"
|
||||
|
||||
# Use the new container infrastructure
|
||||
sudo: false
|
||||
|
||||
# Install ansible
|
||||
addons:
|
||||
apt:
|
||||
packages:
|
||||
- python-pip
|
||||
|
||||
install:
|
||||
# Install ansible
|
||||
- pip install ansible
|
||||
|
||||
# Check ansible version
|
||||
- ansible --version
|
||||
|
||||
# Create ansible.cfg with correct roles_path
|
||||
- printf '[defaults]\nroles_path=../' >ansible.cfg
|
||||
|
||||
script:
|
||||
# Basic role syntax check
|
||||
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
|
||||
|
||||
notifications:
|
||||
webhooks: https://galaxy.ansible.com/api/v1/notifications/
|
||||
@@ -0,0 +1,2 @@
|
||||
---
|
||||
# defaults file for artifactory-nginx
|
||||
@@ -0,0 +1,37 @@
|
||||
#user nobody;
|
||||
worker_processes 1;
|
||||
error_log /var/log/nginx/error.log info;
|
||||
#pid logs/nginx.pid;
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
http {
|
||||
include mime.types;
|
||||
variables_hash_max_size 1024;
|
||||
variables_hash_bucket_size 64;
|
||||
server_names_hash_max_size 4096;
|
||||
server_names_hash_bucket_size 128;
|
||||
types_hash_max_size 2048;
|
||||
types_hash_bucket_size 64;
|
||||
proxy_read_timeout 2400s;
|
||||
client_header_timeout 2400s;
|
||||
client_body_timeout 2400s;
|
||||
proxy_connect_timeout 75s;
|
||||
proxy_send_timeout 2400s;
|
||||
proxy_buffer_size 32k;
|
||||
proxy_buffers 40 32k;
|
||||
proxy_busy_buffers_size 64k;
|
||||
proxy_temp_file_write_size 250m;
|
||||
proxy_http_version 1.1;
|
||||
client_body_buffer_size 128k;
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
default_type application/octet-stream;
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
access_log /var/log/nginx/access.log main;
|
||||
sendfile on;
|
||||
#tcp_nopush on;
|
||||
#keepalive_timeout 0;
|
||||
keepalive_timeout 65;
|
||||
}
|
||||
@@ -0,0 +1,2 @@
|
||||
---
|
||||
# handlers file for artifactory-nginx
|
||||
@@ -0,0 +1,53 @@
|
||||
galaxy_info:
|
||||
author: your name
|
||||
description: your role description
|
||||
company: your company (optional)
|
||||
|
||||
# If the issue tracker for your role is not on github, uncomment the
|
||||
# next line and provide a value
|
||||
# issue_tracker_url: http://example.com/issue/tracker
|
||||
|
||||
# Choose a valid license ID from https://spdx.org - some suggested licenses:
|
||||
# - BSD-3-Clause (default)
|
||||
# - MIT
|
||||
# - GPL-2.0-or-later
|
||||
# - GPL-3.0-only
|
||||
# - Apache-2.0
|
||||
# - CC-BY-4.0
|
||||
license: license (GPL-2.0-or-later, MIT, etc)
|
||||
|
||||
min_ansible_version: 2.9
|
||||
|
||||
# If this a Container Enabled role, provide the minimum Ansible Container version.
|
||||
# min_ansible_container_version:
|
||||
|
||||
#
|
||||
# Provide a list of supported platforms, and for each platform a list of versions.
|
||||
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
|
||||
# To view available platforms and versions (or releases), visit:
|
||||
# https://galaxy.ansible.com/api/v1/platforms/
|
||||
#
|
||||
# platforms:
|
||||
# - name: Fedora
|
||||
# versions:
|
||||
# - all
|
||||
# - 25
|
||||
# - name: SomePlatform
|
||||
# versions:
|
||||
# - all
|
||||
# - 1.0
|
||||
# - 7
|
||||
# - 99.99
|
||||
|
||||
galaxy_tags: []
|
||||
# List tags for your role here, one per line. A tag is a keyword that describes
|
||||
# and categorizes the role. Users find roles by searching for tags. Be sure to
|
||||
# remove the '[]' above, if you add tags to this list.
|
||||
#
|
||||
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
|
||||
# Maximum 20 tags per role.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
|
||||
# if you add dependencies to this list.
|
||||
|
||||
@@ -0,0 +1,30 @@
|
||||
---
|
||||
- name: Add epel-release repo
|
||||
yum:
|
||||
name: epel-release
|
||||
state: present
|
||||
vars:
|
||||
ansible_python_interpreter: /bin/python2
|
||||
|
||||
- name: Install nginx
|
||||
yum:
|
||||
name: nginx
|
||||
state: present
|
||||
vars:
|
||||
ansible_python_interpreter: /bin/python2
|
||||
|
||||
- name: configure main nginx conf file.
|
||||
copy:
|
||||
src: nginx.conf
|
||||
dest: /etc/nginx/nginx.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
become: yes
|
||||
|
||||
- name: restart nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: restarted
|
||||
enabled: yes
|
||||
become: yes
|
||||
@@ -0,0 +1,43 @@
|
||||
###########################################################
|
||||
## this configuration was generated by JFrog Artifactory ##
|
||||
###########################################################
|
||||
|
||||
## add HA entries when ha is configure
|
||||
upstream artifactory {
|
||||
server 127.0.0.1:8082;
|
||||
}
|
||||
upstream artifactory-direct {
|
||||
server 127.0.0.1:8081;
|
||||
}
|
||||
## server configuration
|
||||
server {
|
||||
listen 80 ;
|
||||
server_name _;
|
||||
if ($http_x_forwarded_proto = '') {
|
||||
set $http_x_forwarded_proto $scheme;
|
||||
}
|
||||
## Application specific logs
|
||||
access_log /var/log/nginx/artifactory-access.log;
|
||||
error_log /var/log/nginx/artifactory-error.log;
|
||||
rewrite ^/$ /ui/ redirect;
|
||||
rewrite ^/ui$ /ui/ redirect;
|
||||
chunked_transfer_encoding on;
|
||||
client_max_body_size 0;
|
||||
location / {
|
||||
proxy_read_timeout 2400s;
|
||||
proxy_pass_header Server;
|
||||
proxy_cookie_path ~*^/.* /;
|
||||
proxy_pass "http://artifactory";
|
||||
proxy_next_upstream error timeout non_idempotent;
|
||||
proxy_next_upstream_tries 1;
|
||||
proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
location ~ ^/artifactory/ {
|
||||
proxy_pass http://artifactory-direct;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,2 @@
|
||||
localhost
|
||||
|
||||
@@ -0,0 +1,5 @@
|
||||
---
|
||||
- hosts: localhost
|
||||
remote_user: root
|
||||
roles:
|
||||
- artifactory-nginx
|
||||
@@ -0,0 +1,2 @@
|
||||
---
|
||||
# vars file for artifactory-nginx
|
||||
@@ -0,0 +1,29 @@
|
||||
---
|
||||
language: python
|
||||
python: "2.7"
|
||||
|
||||
# Use the new container infrastructure
|
||||
sudo: false
|
||||
|
||||
# Install ansible
|
||||
addons:
|
||||
apt:
|
||||
packages:
|
||||
- python-pip
|
||||
|
||||
install:
|
||||
# Install ansible
|
||||
- pip install ansible
|
||||
|
||||
# Check ansible version
|
||||
- ansible --version
|
||||
|
||||
# Create ansible.cfg with correct roles_path
|
||||
- printf '[defaults]\nroles_path=../' >ansible.cfg
|
||||
|
||||
script:
|
||||
# Basic role syntax check
|
||||
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
|
||||
|
||||
notifications:
|
||||
webhooks: https://galaxy.ansible.com/api/v1/notifications/
|
||||
@@ -0,0 +1,2 @@
|
||||
---
|
||||
# defaults file for artifactory-nginx
|
||||
@@ -0,0 +1,2 @@
|
||||
---
|
||||
# handlers file for artifactory-nginx
|
||||
@@ -0,0 +1,53 @@
|
||||
galaxy_info:
|
||||
author: your name
|
||||
description: your role description
|
||||
company: your company (optional)
|
||||
|
||||
# If the issue tracker for your role is not on github, uncomment the
|
||||
# next line and provide a value
|
||||
# issue_tracker_url: http://example.com/issue/tracker
|
||||
|
||||
# Choose a valid license ID from https://spdx.org - some suggested licenses:
|
||||
# - BSD-3-Clause (default)
|
||||
# - MIT
|
||||
# - GPL-2.0-or-later
|
||||
# - GPL-3.0-only
|
||||
# - Apache-2.0
|
||||
# - CC-BY-4.0
|
||||
license: license (GPL-2.0-or-later, MIT, etc)
|
||||
|
||||
min_ansible_version: 2.9
|
||||
|
||||
# If this a Container Enabled role, provide the minimum Ansible Container version.
|
||||
# min_ansible_container_version:
|
||||
|
||||
#
|
||||
# Provide a list of supported platforms, and for each platform a list of versions.
|
||||
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
|
||||
# To view available platforms and versions (or releases), visit:
|
||||
# https://galaxy.ansible.com/api/v1/platforms/
|
||||
#
|
||||
# platforms:
|
||||
# - name: Fedora
|
||||
# versions:
|
||||
# - all
|
||||
# - 25
|
||||
# - name: SomePlatform
|
||||
# versions:
|
||||
# - all
|
||||
# - 1.0
|
||||
# - 7
|
||||
# - 99.99
|
||||
|
||||
galaxy_tags: []
|
||||
# List tags for your role here, one per line. A tag is a keyword that describes
|
||||
# and categorizes the role. Users find roles by searching for tags. Be sure to
|
||||
# remove the '[]' above, if you add tags to this list.
|
||||
#
|
||||
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
|
||||
# Maximum 20 tags per role.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
|
||||
# if you add dependencies to this list.
|
||||
|
||||
@@ -0,0 +1,54 @@
|
||||
---
|
||||
# tasks file for artifactory-nginx
|
||||
- name: configure the artifactory nginx conf
|
||||
template:
|
||||
src: artifactory.conf.j2
|
||||
dest: /etc/nginx/conf.d/artifactory.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
become: yes
|
||||
|
||||
- name: ensure nginx dir exists
|
||||
file:
|
||||
path: "/var/opt/jfrog/nginx/ssl"
|
||||
state: directory
|
||||
become: yes
|
||||
|
||||
- name: configure certificate
|
||||
template:
|
||||
src: certificate.pem.j2
|
||||
dest: "/var/opt/jfrog/nginx/ssl/cert.pem"
|
||||
become: yes
|
||||
|
||||
- name: ensure pki exists
|
||||
file:
|
||||
path: "/etc/pki/tls"
|
||||
state: directory
|
||||
become: yes
|
||||
|
||||
- name: configure key
|
||||
template:
|
||||
src: certificate.key.j2
|
||||
dest: "/etc/pki/tls/cert.key"
|
||||
become: yes
|
||||
|
||||
- name: Allow apache to modify files in /srv/git_repos
|
||||
sefcontext:
|
||||
target: '/var/opt/jfrog/nginx/ssl/cert.pem'
|
||||
setype: httpd_sys_content_t
|
||||
state: present
|
||||
vars:
|
||||
ansible_python_interpreter: /bin/python2
|
||||
become: yes
|
||||
|
||||
- name: Apply new SELinux file context to filesystem
|
||||
command: restorecon -v /var/opt/jfrog/nginx/ssl/cert.pem
|
||||
become: yes
|
||||
|
||||
- name: restart nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: restarted
|
||||
enabled: yes
|
||||
become: yes
|
||||
@@ -0,0 +1,49 @@
|
||||
###########################################################
|
||||
## this configuration was generated by JFrog Artifactory ##
|
||||
###########################################################
|
||||
|
||||
## add HA entries when ha is configure
|
||||
upstream artifactory {
|
||||
server 127.0.0.1:8082;
|
||||
}
|
||||
upstream artifactory-direct {
|
||||
server 127.0.0.1:8081;
|
||||
}
|
||||
ssl_protocols TLSv1.1 TLSv1.2;
|
||||
ssl_certificate /var/opt/jfrog/nginx/ssl/cert.pem;
|
||||
ssl_certificate_key /etc/pki/tls/cert.key;
|
||||
ssl_session_cache shared:SSL:1m;
|
||||
ssl_prefer_server_ciphers on;
|
||||
## server configuration
|
||||
server {
|
||||
listen 80;
|
||||
listen 443 ssl http2;
|
||||
server_name _;
|
||||
if ($http_x_forwarded_proto = '') {
|
||||
set $http_x_forwarded_proto $scheme;
|
||||
}
|
||||
## Application specific logs
|
||||
access_log /var/log/nginx/artifactory-access.log;
|
||||
error_log /var/log/nginx/artifactory-error.log;
|
||||
rewrite ^/$ /ui/ redirect;
|
||||
rewrite ^/ui$ /ui/ redirect;
|
||||
chunked_transfer_encoding on;
|
||||
client_max_body_size 0;
|
||||
location / {
|
||||
proxy_read_timeout 2400s;
|
||||
proxy_pass_header Server;
|
||||
proxy_cookie_path ~*^/.* /;
|
||||
proxy_pass "http://artifactory";
|
||||
proxy_next_upstream error timeout non_idempotent;
|
||||
proxy_next_upstream_tries 1;
|
||||
proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
location ~ ^/artifactory/ {
|
||||
proxy_pass http://artifactory-direct;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
{{ certificate_key | regex_replace('(-+(BEGIN|END) [A-Z ]*-+ ?|[A-Za-z0-9\+=/]* )', '\\1\n') }}
|
||||
@@ -0,0 +1 @@
|
||||
{{ certificate | regex_replace('(-+(BEGIN|END) [A-Z ]*-+ ?|[A-Za-z0-9\+=/]* )', '\\1\n') }}
|
||||
@@ -0,0 +1,2 @@
|
||||
localhost
|
||||
|
||||
@@ -0,0 +1,5 @@
|
||||
---
|
||||
- hosts: localhost
|
||||
remote_user: root
|
||||
roles:
|
||||
- artifactory-nginx
|
||||
@@ -0,0 +1,2 @@
|
||||
---
|
||||
# vars file for artifactory-nginx
|
||||
@@ -0,0 +1,29 @@
|
||||
---
|
||||
language: python
|
||||
python: "2.7"
|
||||
|
||||
# Use the new container infrastructure
|
||||
sudo: false
|
||||
|
||||
# Install ansible
|
||||
addons:
|
||||
apt:
|
||||
packages:
|
||||
- python-pip
|
||||
|
||||
install:
|
||||
# Install ansible
|
||||
- pip install ansible
|
||||
|
||||
# Check ansible version
|
||||
- ansible --version
|
||||
|
||||
# Create ansible.cfg with correct roles_path
|
||||
- printf '[defaults]\nroles_path=../' >ansible.cfg
|
||||
|
||||
script:
|
||||
# Basic role syntax check
|
||||
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
|
||||
|
||||
notifications:
|
||||
webhooks: https://galaxy.ansible.com/api/v1/notifications/
|
||||
@@ -0,0 +1,2 @@
|
||||
---
|
||||
# defaults file for artifactory-nginx
|
||||
@@ -0,0 +1,37 @@
|
||||
#user nobody;
|
||||
worker_processes 1;
|
||||
error_log /var/log/nginx/error.log info;
|
||||
#pid logs/nginx.pid;
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
http {
|
||||
include mime.types;
|
||||
variables_hash_max_size 1024;
|
||||
variables_hash_bucket_size 64;
|
||||
server_names_hash_max_size 4096;
|
||||
server_names_hash_bucket_size 128;
|
||||
types_hash_max_size 2048;
|
||||
types_hash_bucket_size 64;
|
||||
proxy_read_timeout 2400s;
|
||||
client_header_timeout 2400s;
|
||||
client_body_timeout 2400s;
|
||||
proxy_connect_timeout 75s;
|
||||
proxy_send_timeout 2400s;
|
||||
proxy_buffer_size 32k;
|
||||
proxy_buffers 40 32k;
|
||||
proxy_busy_buffers_size 64k;
|
||||
proxy_temp_file_write_size 250m;
|
||||
proxy_http_version 1.1;
|
||||
client_body_buffer_size 128k;
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
default_type application/octet-stream;
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
access_log /var/log/nginx/access.log main;
|
||||
sendfile on;
|
||||
#tcp_nopush on;
|
||||
#keepalive_timeout 0;
|
||||
keepalive_timeout 65;
|
||||
}
|
||||
@@ -0,0 +1,2 @@
|
||||
---
|
||||
# handlers file for artifactory-nginx
|
||||
@@ -0,0 +1,53 @@
|
||||
galaxy_info:
|
||||
author: your name
|
||||
description: your role description
|
||||
company: your company (optional)
|
||||
|
||||
# If the issue tracker for your role is not on github, uncomment the
|
||||
# next line and provide a value
|
||||
# issue_tracker_url: http://example.com/issue/tracker
|
||||
|
||||
# Choose a valid license ID from https://spdx.org - some suggested licenses:
|
||||
# - BSD-3-Clause (default)
|
||||
# - MIT
|
||||
# - GPL-2.0-or-later
|
||||
# - GPL-3.0-only
|
||||
# - Apache-2.0
|
||||
# - CC-BY-4.0
|
||||
license: license (GPL-2.0-or-later, MIT, etc)
|
||||
|
||||
min_ansible_version: 2.9
|
||||
|
||||
# If this a Container Enabled role, provide the minimum Ansible Container version.
|
||||
# min_ansible_container_version:
|
||||
|
||||
#
|
||||
# Provide a list of supported platforms, and for each platform a list of versions.
|
||||
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
|
||||
# To view available platforms and versions (or releases), visit:
|
||||
# https://galaxy.ansible.com/api/v1/platforms/
|
||||
#
|
||||
# platforms:
|
||||
# - name: Fedora
|
||||
# versions:
|
||||
# - all
|
||||
# - 25
|
||||
# - name: SomePlatform
|
||||
# versions:
|
||||
# - all
|
||||
# - 1.0
|
||||
# - 7
|
||||
# - 99.99
|
||||
|
||||
galaxy_tags: []
|
||||
# List tags for your role here, one per line. A tag is a keyword that describes
|
||||
# and categorizes the role. Users find roles by searching for tags. Be sure to
|
||||
# remove the '[]' above, if you add tags to this list.
|
||||
#
|
||||
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
|
||||
# Maximum 20 tags per role.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
|
||||
# if you add dependencies to this list.
|
||||
|
||||
@@ -0,0 +1,34 @@
|
||||
---
|
||||
- name: configure main nginx conf file.
|
||||
copy:
|
||||
src: nginx.conf
|
||||
dest: /etc/nginx/nginx.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
become: yes
|
||||
|
||||
- name: configure main nginx conf file.
|
||||
copy:
|
||||
src: nginx.conf
|
||||
dest: /etc/nginx/nginx.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
become: yes
|
||||
|
||||
- name: configure the artifactory nginx conf
|
||||
template:
|
||||
src: artifactory.conf.j2
|
||||
dest: /etc/nginx/conf.d/artifactory.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
become: yes
|
||||
|
||||
- name: restart nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: restarted
|
||||
enabled: yes
|
||||
become: yes
|
||||
@@ -0,0 +1,43 @@
|
||||
###########################################################
|
||||
## this configuration was generated by JFrog Artifactory ##
|
||||
###########################################################
|
||||
|
||||
## add HA entries when ha is configure
|
||||
upstream artifactory {
|
||||
server 127.0.0.1:8082;
|
||||
}
|
||||
upstream artifactory-direct {
|
||||
server 127.0.0.1:8081;
|
||||
}
|
||||
## server configuration
|
||||
server {
|
||||
listen 80 ;
|
||||
server_name _;
|
||||
if ($http_x_forwarded_proto = '') {
|
||||
set $http_x_forwarded_proto $scheme;
|
||||
}
|
||||
## Application specific logs
|
||||
access_log /var/log/nginx/artifactory-access.log;
|
||||
error_log /var/log/nginx/artifactory-error.log;
|
||||
rewrite ^/$ /ui/ redirect;
|
||||
rewrite ^/ui$ /ui/ redirect;
|
||||
chunked_transfer_encoding on;
|
||||
client_max_body_size 0;
|
||||
location / {
|
||||
proxy_read_timeout 2400s;
|
||||
proxy_pass_header Server;
|
||||
proxy_cookie_path ~*^/.* /;
|
||||
proxy_pass "http://artifactory";
|
||||
proxy_next_upstream error timeout non_idempotent;
|
||||
proxy_next_upstream_tries 1;
|
||||
proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
location ~ ^/artifactory/ {
|
||||
proxy_pass http://artifactory-direct;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,2 @@
|
||||
localhost
|
||||
|
||||
@@ -0,0 +1,5 @@
|
||||
---
|
||||
- hosts: localhost
|
||||
remote_user: root
|
||||
roles:
|
||||
- artifactory-nginx
|
||||
@@ -0,0 +1,2 @@
|
||||
---
|
||||
# vars file for artifactory-nginx
|
||||
@@ -0,0 +1,29 @@
|
||||
---
|
||||
language: python
|
||||
python: "2.7"
|
||||
|
||||
# Use the new container infrastructure
|
||||
sudo: false
|
||||
|
||||
# Install ansible
|
||||
addons:
|
||||
apt:
|
||||
packages:
|
||||
- python-pip
|
||||
|
||||
install:
|
||||
# Install ansible
|
||||
- pip install ansible
|
||||
|
||||
# Check ansible version
|
||||
- ansible --version
|
||||
|
||||
# Create ansible.cfg with correct roles_path
|
||||
- printf '[defaults]\nroles_path=../' >ansible.cfg
|
||||
|
||||
script:
|
||||
# Basic role syntax check
|
||||
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
|
||||
|
||||
notifications:
|
||||
webhooks: https://galaxy.ansible.com/api/v1/notifications/
|
||||
@@ -0,0 +1,52 @@
|
||||
---
|
||||
# defaults file for artifactory
|
||||
# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone)
|
||||
ansible_marketplace: standalone
|
||||
|
||||
# The version of Artifactory to install
|
||||
artifactory_version: 7.15.3
|
||||
|
||||
# licenses - cluster license content in json
|
||||
artifactory_licenses:
|
||||
|
||||
# whether to enable HA
|
||||
artifactory_ha_enabled: true
|
||||
|
||||
# value for whether a host is primary. this should be set in host vars
|
||||
artifactory_is_primary: true
|
||||
|
||||
# The location where Artifactory should install.
|
||||
artifactory_download_directory: /opt/jfrog
|
||||
|
||||
# The location where Artifactory should store data.
|
||||
artifactory_file_store_dir: /data
|
||||
|
||||
# whether to customer data directory
|
||||
use_custom_data_directory: false
|
||||
|
||||
# location for customer directory. Will be symlink to as artifactory/var
|
||||
custom_data_directory: /artifactory-user-data
|
||||
|
||||
# Pick the Artifactory flavour to install, can be also cpp-ce, jcr, pro.
|
||||
artifactory_flavour: pro
|
||||
|
||||
extra_java_opts: -server -Xms2g -Xmx14g -Xss256k -XX:+UseG1GC
|
||||
|
||||
artifactory_tar: https://releases.jfrog.io/artifactory/artifactory-pro/org/artifactory/{{ artifactory_flavour }}/jfrog-artifactory-{{ artifactory_flavour }}/{{ artifactory_version }}/jfrog-artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}-linux.tar.gz
|
||||
artifactory_home: "{{ artifactory_download_directory }}/artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}"
|
||||
|
||||
artifactory_user: artifactory
|
||||
artifactory_group: artifactory
|
||||
|
||||
# Set the parameters required for the service.
|
||||
service_list:
|
||||
- name: artifactory
|
||||
description: Start script for Artifactory
|
||||
start_command: "{{ artifactory_home }}/bin/artifactory.sh start"
|
||||
stop_command: "{{ artifactory_home }}/bin/artifactory.sh stop"
|
||||
type: forking
|
||||
status_pattern: artifactory
|
||||
user_name: "{{ artifactory_user }}"
|
||||
group_name: "{{ artifactory_group }}"
|
||||
|
||||
product_id: CloudFormation_QS_EC2/1.0.0
|
||||
@@ -0,0 +1,10 @@
|
||||
---
|
||||
# handlers file for artifactory
|
||||
- name: systemctl daemon-reload
|
||||
systemd:
|
||||
daemon_reload: yes
|
||||
|
||||
- name: restart artifactory
|
||||
service:
|
||||
name: artifactory
|
||||
state: restarted
|
||||
@@ -0,0 +1,6 @@
|
||||
---
|
||||
exceptions:
|
||||
- variation: Alpine
|
||||
reason: Artifactory start/stop scripts don't properly work.
|
||||
- variation: amazonlinux:1
|
||||
reason: "Shutting down artifactory: /usr/bin/java\nfinding\nUsing the default catalina management port (8015) to test shutdown\nArtifactory Tomcat already stopped"
|
||||
@@ -0,0 +1,35 @@
|
||||
---
|
||||
galaxy_info:
|
||||
author: Robert de Bock
|
||||
role_name: artifactory
|
||||
description: Install and configure artifactory on your system.
|
||||
license: Apache-2.0
|
||||
company: none
|
||||
min_ansible_version: 2.8
|
||||
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- all
|
||||
- name: EL
|
||||
versions:
|
||||
- 7
|
||||
- 8
|
||||
- name: Fedora
|
||||
versions:
|
||||
- all
|
||||
- name: OpenSUSE
|
||||
versions:
|
||||
- all
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- bionic
|
||||
|
||||
galaxy_tags:
|
||||
- artifactory
|
||||
- centos
|
||||
- redhat
|
||||
- server
|
||||
- system
|
||||
|
||||
dependencies: []
|
||||
@@ -0,0 +1,2 @@
|
||||
---
|
||||
tox_parallel: yes
|
||||
@@ -0,0 +1,6 @@
|
||||
---
|
||||
project_name: JFrog
|
||||
reference: "https://github.com/robertdebock/ansible-role-artifactory/blob/master/defaults/main.yml"
|
||||
versions:
|
||||
- name: Artifactory
|
||||
url: "https://releases.jfrog.io/artifactory/"
|
||||
@@ -0,0 +1,43 @@
|
||||
- name: set license for Enterprise
|
||||
block:
|
||||
- name: use license file
|
||||
copy:
|
||||
src: "{{ artifactory_license_file }}"
|
||||
dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.cluster.license"
|
||||
force: no # only copy if file doesn't exist
|
||||
become: yes
|
||||
when: artifactory_license_file is defined and artifactory_is_primary == true
|
||||
|
||||
- name: use license strings
|
||||
vars:
|
||||
artifactory_licenses_dict: "{{ artifactory_licenses | default('{}') }}"
|
||||
|
||||
template:
|
||||
src: artifactory.cluster.license.j2
|
||||
dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.cluster.license"
|
||||
force: no # only create if file doesn't exist
|
||||
become: yes
|
||||
when: artifactory_license_file is not defined and artifactory_is_primary == true
|
||||
when: artifactory_ha_enabled
|
||||
|
||||
- name: set license for Pro
|
||||
block:
|
||||
- name: use license file
|
||||
copy:
|
||||
src: "{{ artifactory_license_file }}"
|
||||
dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.lic"
|
||||
force: no # only create if file doesn't exist
|
||||
become: yes
|
||||
when: artifactory_license_file is defined
|
||||
|
||||
- name: use license strings
|
||||
vars:
|
||||
artifactory_licenses_dict: "{{ artifactory_licenses | default('{}') }}"
|
||||
|
||||
template:
|
||||
src: artifactory.pro.license.j2
|
||||
dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.lic"
|
||||
force: no # only create if file doesn't exist
|
||||
become: yes
|
||||
when: artifactory_license_file is not defined
|
||||
when: not artifactory_ha_enabled
|
||||
@@ -0,0 +1,44 @@
|
||||
- name: setup directory symlink for using custom data directory/volume
|
||||
block:
|
||||
- name: Create a xfs filesystem on /dev/nvme1n1
|
||||
# First non-root device is always mapped to /dev/nvme1n1
|
||||
# See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html
|
||||
community.general.filesystem:
|
||||
dev: /dev/nvme1n1
|
||||
fstype: xfs
|
||||
|
||||
- name: ensure external data directory exists
|
||||
file:
|
||||
path: "{{ custom_data_directory }}"
|
||||
state: directory
|
||||
|
||||
- name: Mount the EBS volume
|
||||
ansible.posix.mount:
|
||||
path: "{{ custom_data_directory }}"
|
||||
src: /dev/nvme1n1
|
||||
state: mounted
|
||||
fstype: xfs
|
||||
|
||||
- name: set custom data directory permission
|
||||
file:
|
||||
path: "{{ custom_data_directory }}"
|
||||
state: directory
|
||||
recurse: yes
|
||||
owner: "{{ artifactory_user }}"
|
||||
group: "{{ artifactory_group }}"
|
||||
mode: "u=rwX,g=rwX,o=rwX"
|
||||
|
||||
- name: remove var directory if exists
|
||||
file:
|
||||
path: "{{ artifactory_home }}/var"
|
||||
state: absent
|
||||
|
||||
- name: symlink custom data directory to var
|
||||
file:
|
||||
src: "{{ custom_data_directory }}"
|
||||
path: "{{ artifactory_home }}/var"
|
||||
state: link
|
||||
owner: "{{ artifactory_user }}"
|
||||
group: "{{ artifactory_group }}"
|
||||
become: yes
|
||||
when: use_custom_data_directory and custom_data_directory is defined
|
||||
@@ -0,0 +1,132 @@
|
||||
---
|
||||
# tasks file for artifactory
|
||||
- name: Set artifactory major version
|
||||
set_fact:
|
||||
artifactory_major_verion: "{{ artifactory_version.split('.')[0] }}"
|
||||
|
||||
- name: create group for artifactory
|
||||
group:
|
||||
name: "{{ artifactory_group }}"
|
||||
state: present
|
||||
become: yes
|
||||
|
||||
- name: create user for artifactory
|
||||
user:
|
||||
name: "{{ artifactory_user }}"
|
||||
group: "{{ artifactory_group }}"
|
||||
system: yes
|
||||
become: yes
|
||||
|
||||
- name: ensure artifactory_download_directory exists
|
||||
file:
|
||||
path: "{{ artifactory_download_directory }}"
|
||||
state: directory
|
||||
become: yes
|
||||
|
||||
- name: ensure artifactory_file_store_dir exists
|
||||
file:
|
||||
path: "{{ artifactory_file_store_dir }}"
|
||||
state: directory
|
||||
owner: "{{ artifactory_user }}"
|
||||
group: "{{ artifactory_group }}"
|
||||
become: yes
|
||||
|
||||
- name: setup directory symlink for using custom data directory/volume
|
||||
include_tasks: custom-data-directory.yml
|
||||
when: use_custom_data_directory and custom_data_directory is defined
|
||||
|
||||
- name: ensure data subdirectories exist and have correct ownership
|
||||
file:
|
||||
path: "{{ artifactory_home }}/var/{{ item }}"
|
||||
state: directory
|
||||
owner: "{{ artifactory_user }}"
|
||||
group: "{{ artifactory_group }}"
|
||||
loop:
|
||||
- "bootstrap"
|
||||
- "etc"
|
||||
- "data"
|
||||
- "etc/info"
|
||||
- "etc/security"
|
||||
- "etc/artifactory"
|
||||
become: yes
|
||||
|
||||
- name: check if system yaml file exits
|
||||
stat:
|
||||
path: "{{ artifactory_home }}/var/etc/system.yaml"
|
||||
register: system_yaml
|
||||
|
||||
- name: use specified system yaml
|
||||
copy:
|
||||
src: "{{ system_file }}"
|
||||
dest: "{{ artifactory_home }}/var/etc/system.yaml"
|
||||
become: yes
|
||||
when: system_file is defined and not system_yaml.stat.exists
|
||||
|
||||
- name: configure system yaml
|
||||
template:
|
||||
src: system.yaml.j2
|
||||
dest: "{{ artifactory_home }}/var/etc/system.yaml"
|
||||
become: yes
|
||||
when: system_file is not defined and not system_yaml.stat.exists
|
||||
|
||||
- name: configure master key
|
||||
template:
|
||||
src: master.key.j2
|
||||
dest: "{{ artifactory_home }}/var/etc/security/master.key"
|
||||
force: no # only create if file doesn't exist
|
||||
become: yes
|
||||
|
||||
- name: configure join key
|
||||
template:
|
||||
src: join.key.j2
|
||||
dest: "{{ artifactory_home }}/var/etc/security/join.key"
|
||||
force: no # only create if file doesn't exist
|
||||
become: yes
|
||||
|
||||
- name: configure installer info
|
||||
template:
|
||||
src: installer-info.json.j2
|
||||
dest: "{{ artifactory_home }}/var/etc/info/installer-info.json"
|
||||
become: yes
|
||||
|
||||
- name: use specified binary store file
|
||||
copy:
|
||||
src: "{{ binary_store_file }}"
|
||||
dest: "{{ artifactory_home }}/var/etc/artifactory/binarystore.xml"
|
||||
force: no # only copy if file doesn't exist
|
||||
become: yes
|
||||
when: binary_store_file is defined
|
||||
|
||||
- name: set default binary store
|
||||
template:
|
||||
src: binarystore.xml.j2
|
||||
dest: "{{ artifactory_home }}/var/etc/artifactory/binarystore.xml"
|
||||
force: no # only create if file doesn't exist
|
||||
become: yes
|
||||
when: binary_store_file is not defined
|
||||
|
||||
- name: configure licenses
|
||||
include_tasks: configure-licenses.yml
|
||||
|
||||
- name: create artifactory service
|
||||
shell: "{{ artifactory_home }}/app/bin/installService.sh"
|
||||
become: yes
|
||||
|
||||
- name: start and enable the primary node
|
||||
service:
|
||||
name: artifactory
|
||||
state: restarted
|
||||
become: yes
|
||||
when: artifactory_is_primary == true
|
||||
|
||||
- name: random wait before restarting to prevent secondary nodes from hitting DB first
|
||||
pause:
|
||||
seconds: "{{ 120 | random + 10}}"
|
||||
when: artifactory_is_primary == false
|
||||
|
||||
- name: start and enable the secondary nodes
|
||||
service:
|
||||
name: artifactory
|
||||
state: restarted
|
||||
become: yes
|
||||
when: artifactory_is_primary == false
|
||||
@@ -0,0 +1,6 @@
|
||||
{% if artifactory_licenses_dict %}
|
||||
{% for key in (artifactory_licenses_dict.keys() | select('match', '^ArtifactoryLicense\d$')) %}
|
||||
{{ artifactory_licenses_dict[key] }}
|
||||
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
@@ -0,0 +1,8 @@
|
||||
{% if artifactory_licenses_dict %}
|
||||
{% for key in (artifactory_licenses_dict.keys() | select('match', '^ArtifactoryLicense\d$')) %}
|
||||
{% if loop.first %}
|
||||
{{ artifactory_licenses_dict[key] }}
|
||||
{% endif %}
|
||||
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
@@ -0,0 +1,14 @@
|
||||
<config version="2">
|
||||
<chain>
|
||||
<provider id="cache-fs" type="cache-fs">
|
||||
<provider id="s3-storage-v3" type="s3-storage-v3"/>
|
||||
</provider>
|
||||
</chain>
|
||||
<provider id="s3-storage-v3" type="s3-storage-v3">
|
||||
<endpoint>s3.{{ s3_region }}.amazonaws.com</endpoint>
|
||||
<bucketName>{{ s3_bucket }}</bucketName>
|
||||
<path>artifactory/filestore</path>
|
||||
<region>{{ s3_region }}</region>
|
||||
<useInstanceCredentials>true</useInstanceCredentials>
|
||||
</provider>
|
||||
</config>
|
||||
@@ -0,0 +1,11 @@
|
||||
{
|
||||
"productId": "{{ product_id }}",
|
||||
"features": [
|
||||
{
|
||||
"featureId": "Partner/ACC-006973"
|
||||
},
|
||||
{
|
||||
"featureId": "Channel/{{ ansible_marketplace }}"
|
||||
}
|
||||
]
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
{{ join_key }}
|
||||
@@ -0,0 +1 @@
|
||||
{{ master_key }}
|
||||
@@ -0,0 +1,40 @@
|
||||
## @formatter:off
|
||||
## JFROG ARTIFACTORY SYSTEM CONFIGURATION FILE
|
||||
## HOW TO USE: comment-out any field and keep the correct yaml indentation by deleting only the leading '#' character.
|
||||
configVersion: 1
|
||||
|
||||
## NOTE: JFROG_HOME is a place holder for the JFrog root directory containing the deployed product, the home directory for all JFrog products.
|
||||
## Replace JFROG_HOME with the real path! For example, in RPM install, JFROG_HOME=/opt/jfrog
|
||||
|
||||
## NOTE: Sensitive information such as passwords and join key are encrypted on first read.
|
||||
## NOTE: The provided commented key and value is the default.
|
||||
|
||||
## SHARED CONFIGURATIONS
|
||||
## A shared section for keys across all services in this config
|
||||
shared:
|
||||
## Java options
|
||||
extraJavaOpts: "{{ extra_java_opts }}"
|
||||
|
||||
## Node Settings
|
||||
node:
|
||||
## A unique id to identify this node.
|
||||
## Default: auto generated at startup.
|
||||
id: {{ ansible_machine_id }}
|
||||
|
||||
## Sets this node as primary in HA installation
|
||||
primary: {{ artifactory_is_primary }}
|
||||
|
||||
## Sets this node as part of HA installation
|
||||
haEnabled: {{ artifactory_ha_enabled }}
|
||||
|
||||
## Database Configuration
|
||||
database:
|
||||
## One of: mysql, oracle, mssql, postgresql, mariadb
|
||||
## Default: Embedded derby
|
||||
|
||||
## Example for mysql/postgresql
|
||||
type: "{{ db_type }}"
|
||||
driver: "{{ db_driver }}"
|
||||
url: "{{ db_url }}"
|
||||
username: "{{ db_user }}"
|
||||
password: "{{ db_password }}"
|
||||
@@ -0,0 +1,2 @@
|
||||
---
|
||||
|
||||
@@ -0,0 +1,29 @@
|
||||
---
|
||||
language: python
|
||||
python: "2.7"
|
||||
|
||||
# Use the new container infrastructure
|
||||
sudo: false
|
||||
|
||||
# Install ansible
|
||||
addons:
|
||||
apt:
|
||||
packages:
|
||||
- python-pip
|
||||
|
||||
install:
|
||||
# Install ansible
|
||||
- pip install ansible
|
||||
|
||||
# Check ansible version
|
||||
- ansible --version
|
||||
|
||||
# Create ansible.cfg with correct roles_path
|
||||
- printf '[defaults]\nroles_path=../' >ansible.cfg
|
||||
|
||||
script:
|
||||
# Basic role syntax check
|
||||
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
|
||||
|
||||
notifications:
|
||||
webhooks: https://galaxy.ansible.com/api/v1/notifications/
|
||||
@@ -0,0 +1,26 @@
|
||||
---
|
||||
# defaults file for xray
|
||||
# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone)
|
||||
ansible_marketplace: standalone
|
||||
|
||||
# whether we are creating a AMI for Marketplace or just for configuring EC2 instance
|
||||
ami_creation: false
|
||||
|
||||
# The version of xray to install
|
||||
xray_version: 3.17.4
|
||||
|
||||
# whether to enable HA
|
||||
xray_ha_enabled: true
|
||||
|
||||
# The location where xray should install.
|
||||
xray_download_directory: /opt/jfrog
|
||||
|
||||
# The remote xray download file
|
||||
xray_tar: https://releases.jfrog.io/artifactory/jfrog-xray/xray-linux/{{ xray_version }}/jfrog-xray-{{ xray_version }}-linux.tar.gz
|
||||
|
||||
#The xray install directory
|
||||
xray_home: "{{ xray_download_directory }}/jfrog-xray-{{ xray_version }}-linux"
|
||||
|
||||
#xray users and groups
|
||||
xray_user: xray
|
||||
xray_group: xray
|
||||
@@ -0,0 +1,2 @@
|
||||
---
|
||||
# handlers file for xray
|
||||
@@ -0,0 +1,53 @@
|
||||
galaxy_info:
|
||||
author: your name
|
||||
description: your role description
|
||||
company: your company (optional)
|
||||
|
||||
# If the issue tracker for your role is not on github, uncomment the
|
||||
# next line and provide a value
|
||||
# issue_tracker_url: http://example.com/issue/tracker
|
||||
|
||||
# Choose a valid license ID from https://spdx.org - some suggested licenses:
|
||||
# - BSD-3-Clause (default)
|
||||
# - MIT
|
||||
# - GPL-2.0-or-later
|
||||
# - GPL-3.0-only
|
||||
# - Apache-2.0
|
||||
# - CC-BY-4.0
|
||||
license: license (GPL-2.0-or-later, MIT, etc)
|
||||
|
||||
min_ansible_version: 2.9
|
||||
|
||||
# If this a Container Enabled role, provide the minimum Ansible Container version.
|
||||
# min_ansible_container_version:
|
||||
|
||||
#
|
||||
# Provide a list of supported platforms, and for each platform a list of versions.
|
||||
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
|
||||
# To view available platforms and versions (or releases), visit:
|
||||
# https://galaxy.ansible.com/api/v1/platforms/
|
||||
#
|
||||
# platforms:
|
||||
# - name: Fedora
|
||||
# versions:
|
||||
# - all
|
||||
# - 25
|
||||
# - name: SomePlatform
|
||||
# versions:
|
||||
# - all
|
||||
# - 1.0
|
||||
# - 7
|
||||
# - 99.99
|
||||
|
||||
galaxy_tags: []
|
||||
# List tags for your role here, one per line. A tag is a keyword that describes
|
||||
# and categorizes the role. Users find roles by searching for tags. Be sure to
|
||||
# remove the '[]' above, if you add tags to this list.
|
||||
#
|
||||
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
|
||||
# Maximum 20 tags per role.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
|
||||
# if you add dependencies to this list.
|
||||
|
||||
@@ -0,0 +1,37 @@
|
||||
---
|
||||
- name: Install db5.3-util
|
||||
apt:
|
||||
deb: "{{ xray_home }}/app/third-party/misc/db5.3-util_5.3.28-3ubuntu3_amd64.deb"
|
||||
ignore_errors: yes
|
||||
become: yes
|
||||
|
||||
- name: Install db-util
|
||||
apt:
|
||||
deb: "{{ xray_home }}/app/third-party/misc/db-util_1_3a5.3.21exp1ubuntu1_all.deb"
|
||||
ignore_errors: yes
|
||||
become: yes
|
||||
|
||||
- name: Install libssl
|
||||
apt:
|
||||
deb: "{{ xray_home }}/app/third-party/rabbitmq/libssl1.1_1.1.0j-1_deb9u1_amd64.deb"
|
||||
ignore_errors: yes
|
||||
become: yes
|
||||
|
||||
- name: Install socat
|
||||
apt:
|
||||
deb: "{{ xray_home }}/app/third-party/rabbitmq/socat_1.7.3.1-2+deb9u1_amd64.deb"
|
||||
become: yes
|
||||
|
||||
- name: Install libwxbase3.0-0v5
|
||||
apt:
|
||||
name: libwxbase3.0-0v5
|
||||
update_cache: yes
|
||||
state: present
|
||||
ignore_errors: yes
|
||||
become: yes
|
||||
|
||||
- name: Install erlang
|
||||
apt:
|
||||
deb: "{{ xray_home }}/app/third-party/rabbitmq/esl-erlang_21.2.1-1~ubuntu~xenial_amd64.deb"
|
||||
become: yes
|
||||
|
||||
@@ -0,0 +1,21 @@
|
||||
---
|
||||
- name: Install db-utl
|
||||
yum:
|
||||
name: "{{ xray_home }}/app/third-party/misc/libdb-utils-5.3.21-19.el7.x86_64.rpm"
|
||||
state: present
|
||||
vars:
|
||||
ansible_python_interpreter: /bin/python2
|
||||
|
||||
- name: Install socat
|
||||
yum:
|
||||
name: "{{ xray_home }}/app/third-party/rabbitmq/socat-1.7.3.2-2.el7.x86_64.rpm"
|
||||
state: present
|
||||
vars:
|
||||
ansible_python_interpreter: /bin/python2
|
||||
|
||||
- name: Install erlang
|
||||
yum:
|
||||
name: "{{ xray_home }}/app/third-party/rabbitmq/erlang-22.3.4-1.el7.x86_64.rpm"
|
||||
state: present
|
||||
vars:
|
||||
ansible_python_interpreter: /bin/python2
|
||||
@@ -0,0 +1,60 @@
|
||||
---
|
||||
- name: create group for xray
|
||||
group:
|
||||
name: "{{ xray_group }}"
|
||||
state: present
|
||||
become: yes
|
||||
|
||||
- name: create user for xray
|
||||
user:
|
||||
name: "{{ xray_user }}"
|
||||
group: "{{ xray_group }}"
|
||||
system: yes
|
||||
become: yes
|
||||
|
||||
- name: ensure xray_download_directory exists
|
||||
file:
|
||||
path: "{{ xray_download_directory }}"
|
||||
state: directory
|
||||
become: yes
|
||||
|
||||
- name: download xray
|
||||
unarchive:
|
||||
src: "{{ xray_tar }}"
|
||||
dest: "{{ xray_download_directory }}"
|
||||
remote_src: yes
|
||||
owner: "{{ xray_user }}"
|
||||
group: "{{ xray_group }}"
|
||||
creates: "{{ xray_home }}"
|
||||
become: yes
|
||||
register: downloadxray
|
||||
until: downloadxray is succeeded
|
||||
retries: 3
|
||||
|
||||
- name: perform prerequisite installation
|
||||
include_tasks: "{{ ansible_os_family }}.yml"
|
||||
|
||||
- name: ensure etc exists
|
||||
file:
|
||||
path: "{{ xray_home }}/var/etc"
|
||||
state: directory
|
||||
owner: "{{ xray_user }}"
|
||||
group: "{{ xray_group }}"
|
||||
become: yes
|
||||
|
||||
- name: Remove SSH keys
|
||||
file:
|
||||
path: "{{ ssh_keys.dir }}"
|
||||
state: absent
|
||||
loop:
|
||||
- dir: "/home/.xray_ami/.ssh/authorized_keys"
|
||||
- dir: "/root/.ssh/authorized_keys"
|
||||
- dir: "/home/centos/.ssh/authorized_keys"
|
||||
loop_control:
|
||||
loop_var: ssh_keys
|
||||
when: ami_creation
|
||||
|
||||
- name: shutdown VM
|
||||
command: /sbin/shutdown -h now
|
||||
ignore_errors: 'yes'
|
||||
when: ami_creation
|
||||
@@ -0,0 +1,11 @@
|
||||
{
|
||||
"productId": "Ansible_artifactory/1.0.0",
|
||||
"features": [
|
||||
{
|
||||
"featureId": "Partner/ACC-006973"
|
||||
},
|
||||
{
|
||||
"featureId": "Channel/{{ ansible_marketplace }}"
|
||||
}
|
||||
]
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
{{ join_key }}
|
||||
@@ -0,0 +1 @@
|
||||
{{ master_key }}
|
||||
@@ -0,0 +1,36 @@
|
||||
## @formatter:off
|
||||
## JFROG ARTIFACTORY SYSTEM CONFIGURATION FILE
|
||||
## HOW TO USE: comment-out any field and keep the correct yaml indentation by deleting only the leading '#' character.
|
||||
configVersion: 1
|
||||
|
||||
## NOTE: JFROG_HOME is a place holder for the JFrog root directory containing the deployed product, the home directory for all JFrog products.
|
||||
## Replace JFROG_HOME with the real path! For example, in RPM install, JFROG_HOME=/opt/jfrog
|
||||
|
||||
## NOTE: Sensitive information such as passwords and join key are encrypted on first read.
|
||||
## NOTE: The provided commented key and value is the default.
|
||||
|
||||
## SHARED CONFIGURATIONS
|
||||
## A shared section for keys across all services in this config
|
||||
shared:
|
||||
## Base URL of the JFrog Platform Deployment (JPD)
|
||||
## This is the URL to the machine where JFrog Artifactory is deployed, or the load balancer pointing to it. It is recommended to use DNS names rather than direct IPs.
|
||||
## Examples: "http://jfrog.acme.com" or "http://10.20.30.40:8082"
|
||||
jfrogUrl: {{ jfrog_url }}
|
||||
|
||||
## Node Settings
|
||||
node:
|
||||
## A unique id to identify this node.
|
||||
## Default: auto generated at startup.
|
||||
id: {{ ansible_machine_id }}
|
||||
|
||||
## Database Configuration
|
||||
database:
|
||||
## One of: mysql, oracle, mssql, postgresql, mariadb
|
||||
## Default: Embedded derby
|
||||
|
||||
## Example for mysql/postgresql
|
||||
type: "{{ db_type }}"
|
||||
driver: "{{ db_driver }}"
|
||||
url: "{{ db_url }}"
|
||||
username: "{{ db_user }}"
|
||||
password: "{{ db_password }}"
|
||||
@@ -0,0 +1,2 @@
|
||||
localhost
|
||||
|
||||
@@ -0,0 +1,5 @@
|
||||
---
|
||||
- hosts: localhost
|
||||
remote_user: root
|
||||
roles:
|
||||
- xray
|
||||
@@ -0,0 +1,2 @@
|
||||
---
|
||||
# vars file for xray
|
||||
@@ -0,0 +1,29 @@
|
||||
---
|
||||
language: python
|
||||
python: "2.7"
|
||||
|
||||
# Use the new container infrastructure
|
||||
sudo: false
|
||||
|
||||
# Install ansible
|
||||
addons:
|
||||
apt:
|
||||
packages:
|
||||
- python-pip
|
||||
|
||||
install:
|
||||
# Install ansible
|
||||
- pip install ansible
|
||||
|
||||
# Check ansible version
|
||||
- ansible --version
|
||||
|
||||
# Create ansible.cfg with correct roles_path
|
||||
- printf '[defaults]\nroles_path=../' >ansible.cfg
|
||||
|
||||
script:
|
||||
# Basic role syntax check
|
||||
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
|
||||
|
||||
notifications:
|
||||
webhooks: https://galaxy.ansible.com/api/v1/notifications/
|
||||
@@ -0,0 +1,29 @@
|
||||
---
|
||||
# defaults file for xray
|
||||
# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone)
|
||||
ansible_marketplace: standalone
|
||||
|
||||
# The version of xray to install
|
||||
xray_version: 3.17.4
|
||||
|
||||
# whether to enable HA
|
||||
xray_ha_enabled: true
|
||||
|
||||
# The location where xray should install.
|
||||
xray_download_directory: /opt/jfrog
|
||||
|
||||
# whether to customer data directory
|
||||
use_custom_data_directory: false
|
||||
|
||||
# location for customer directory. Will be symlink to as artifactory/var
|
||||
custom_data_directory: /xray-user-data
|
||||
|
||||
# The remote xray download file
|
||||
xray_tar: https://releases.jfrog.io/artifactory/jfrog-xray/xray-linux/{{ xray_version }}/jfrog-xray-{{ xray_version }}-linux.tar.gz
|
||||
|
||||
#The xray install directory
|
||||
xray_home: "{{ xray_download_directory }}/jfrog-xray-{{ xray_version }}-linux"
|
||||
|
||||
#xray users and groups
|
||||
xray_user: xray
|
||||
xray_group: xray
|
||||
@@ -0,0 +1,2 @@
|
||||
---
|
||||
# handlers file for xray
|
||||
@@ -0,0 +1,53 @@
|
||||
galaxy_info:
|
||||
author: your name
|
||||
description: your role description
|
||||
company: your company (optional)
|
||||
|
||||
# If the issue tracker for your role is not on github, uncomment the
|
||||
# next line and provide a value
|
||||
# issue_tracker_url: http://example.com/issue/tracker
|
||||
|
||||
# Choose a valid license ID from https://spdx.org - some suggested licenses:
|
||||
# - BSD-3-Clause (default)
|
||||
# - MIT
|
||||
# - GPL-2.0-or-later
|
||||
# - GPL-3.0-only
|
||||
# - Apache-2.0
|
||||
# - CC-BY-4.0
|
||||
license: license (GPL-2.0-or-later, MIT, etc)
|
||||
|
||||
min_ansible_version: 2.9
|
||||
|
||||
# If this a Container Enabled role, provide the minimum Ansible Container version.
|
||||
# min_ansible_container_version:
|
||||
|
||||
#
|
||||
# Provide a list of supported platforms, and for each platform a list of versions.
|
||||
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
|
||||
# To view available platforms and versions (or releases), visit:
|
||||
# https://galaxy.ansible.com/api/v1/platforms/
|
||||
#
|
||||
# platforms:
|
||||
# - name: Fedora
|
||||
# versions:
|
||||
# - all
|
||||
# - 25
|
||||
# - name: SomePlatform
|
||||
# versions:
|
||||
# - all
|
||||
# - 1.0
|
||||
# - 7
|
||||
# - 99.99
|
||||
|
||||
galaxy_tags: []
|
||||
# List tags for your role here, one per line. A tag is a keyword that describes
|
||||
# and categorizes the role. Users find roles by searching for tags. Be sure to
|
||||
# remove the '[]' above, if you add tags to this list.
|
||||
#
|
||||
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
|
||||
# Maximum 20 tags per role.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
|
||||
# if you add dependencies to this list.
|
||||
|
||||
@@ -0,0 +1,37 @@
|
||||
---
|
||||
- name: Install db5.3-util
|
||||
apt:
|
||||
deb: "{{ xray_home }}/app/third-party/misc/db5.3-util_5.3.28-3ubuntu3_amd64.deb"
|
||||
ignore_errors: yes
|
||||
become: yes
|
||||
|
||||
- name: Install db-util
|
||||
apt:
|
||||
deb: "{{ xray_home }}/app/third-party/misc/db-util_1_3a5.3.21exp1ubuntu1_all.deb"
|
||||
ignore_errors: yes
|
||||
become: yes
|
||||
|
||||
- name: Install libssl
|
||||
apt:
|
||||
deb: "{{ xray_home }}/app/third-party/rabbitmq/libssl1.1_1.1.0j-1_deb9u1_amd64.deb"
|
||||
ignore_errors: yes
|
||||
become: yes
|
||||
|
||||
- name: Install socat
|
||||
apt:
|
||||
deb: "{{ xray_home }}/app/third-party/rabbitmq/socat_1.7.3.1-2+deb9u1_amd64.deb"
|
||||
become: yes
|
||||
|
||||
- name: Install libwxbase3.0-0v5
|
||||
apt:
|
||||
name: libwxbase3.0-0v5
|
||||
update_cache: yes
|
||||
state: present
|
||||
ignore_errors: yes
|
||||
become: yes
|
||||
|
||||
- name: Install erlang
|
||||
apt:
|
||||
deb: "{{ xray_home }}/app/third-party/rabbitmq/esl-erlang_21.2.1-1~ubuntu~xenial_amd64.deb"
|
||||
become: yes
|
||||
|
||||
@@ -0,0 +1,21 @@
|
||||
---
|
||||
- name: Install db-utl
|
||||
yum:
|
||||
name: "{{ xray_home }}/app/third-party/misc/libdb-utils-5.3.21-19.el7.x86_64.rpm"
|
||||
state: present
|
||||
vars:
|
||||
ansible_python_interpreter: /bin/python2
|
||||
|
||||
- name: Install socat
|
||||
yum:
|
||||
name: "{{ xray_home }}/app/third-party/rabbitmq/socat-1.7.3.2-2.el7.x86_64.rpm"
|
||||
state: present
|
||||
vars:
|
||||
ansible_python_interpreter: /bin/python2
|
||||
|
||||
- name: Install erlang
|
||||
yum:
|
||||
name: "{{ xray_home }}/app/third-party/rabbitmq/erlang-22.3.4-1.el7.x86_64.rpm"
|
||||
state: present
|
||||
vars:
|
||||
ansible_python_interpreter: /bin/python2
|
||||
@@ -0,0 +1,44 @@
|
||||
- name: setup directory symlink for using custom data directory/volume
|
||||
block:
|
||||
- name: Create a xfs filesystem on /dev/nvme1n1
|
||||
# First non-root device is always mapped to /dev/nvme1n1
|
||||
# See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html
|
||||
community.general.filesystem:
|
||||
dev: /dev/nvme1n1
|
||||
fstype: xfs
|
||||
|
||||
- name: ensure external data directory exists
|
||||
file:
|
||||
path: "{{ custom_data_directory }}"
|
||||
state: directory
|
||||
|
||||
- name: Mount the EBS volume
|
||||
ansible.posix.mount:
|
||||
path: "{{ custom_data_directory }}"
|
||||
src: /dev/nvme1n1
|
||||
state: mounted
|
||||
fstype: xfs
|
||||
|
||||
- name: set custom data directory permission
|
||||
file:
|
||||
path: "{{ custom_data_directory }}"
|
||||
state: directory
|
||||
recurse: yes
|
||||
owner: "{{ xray_user }}"
|
||||
group: "{{ xray_group }}"
|
||||
mode: "u=rwX,g=rwX,o=rwX"
|
||||
|
||||
- name: remove var directory if exists
|
||||
file:
|
||||
path: "{{ xray_home }}/var"
|
||||
state: absent
|
||||
|
||||
- name: symlink custom data directory to var
|
||||
file:
|
||||
src: "{{ custom_data_directory }}"
|
||||
path: "{{ xray_home }}/var"
|
||||
state: link
|
||||
owner: "{{ xray_user }}"
|
||||
group: "{{ xray_group }}"
|
||||
become: yes
|
||||
when: use_custom_data_directory and custom_data_directory is defined
|
||||
@@ -0,0 +1,52 @@
|
||||
- name: initialize Postgres DB
|
||||
block:
|
||||
- name: check if user/role exists
|
||||
command: psql -A -t {{db_master_url}} -c "SELECT 1 FROM pg_roles WHERE rolname='{{db_user}}'"
|
||||
register: user_exists
|
||||
|
||||
- debug:
|
||||
var: user_exists.stdout_lines
|
||||
|
||||
- name: create user/role
|
||||
command: psql {{db_master_url}} -c "CREATE USER {{db_user}} WITH PASSWORD '{{db_password}}'"
|
||||
register: shell_output
|
||||
when: user_exists.stdout != "1"
|
||||
|
||||
- debug:
|
||||
var: shell_output.stdout_lines
|
||||
when: user_exists.stdout != "1"
|
||||
|
||||
- name: grant membership role
|
||||
command: psql {{db_master_url}} -c "GRANT {{db_user}} TO {{db_master_user}}"
|
||||
register: shell_output
|
||||
when: user_exists.stdout != "1"
|
||||
|
||||
- debug:
|
||||
var: shell_output.stdout_lines
|
||||
when: user_exists.stdout != "1"
|
||||
|
||||
- name: check if xraydb exists
|
||||
command: psql -A -t {{db_master_url}} -c "SELECT 1 FROM pg_database WHERE datname='xraydb'"
|
||||
register: db_exists
|
||||
|
||||
- debug:
|
||||
var: db_exists.stdout_lines
|
||||
|
||||
- name: create xraydb database
|
||||
command: psql {{db_master_url}} -c "CREATE DATABASE xraydb WITH OWNER={{db_user}} ENCODING='UTF8'"
|
||||
register: shell_output
|
||||
when: db_exists.stdout != "1"
|
||||
|
||||
- debug:
|
||||
var: shell_output.stdout_lines
|
||||
when: db_exists.stdout != "1"
|
||||
|
||||
- name: grant xraydb privileges to role
|
||||
command: psql {{db_master_url}} -c "GRANT ALL PRIVILEGES ON DATABASE xraydb TO {{db_user}}"
|
||||
register: shell_output
|
||||
when: db_exists.stdout != "1"
|
||||
|
||||
- debug:
|
||||
var: shell_output.stdout_lines
|
||||
when: db_exists.stdout != "1"
|
||||
become: yes
|
||||
@@ -0,0 +1,80 @@
|
||||
---
|
||||
- name: initialize postgres database
|
||||
include_tasks: initialize-pg-db.yml
|
||||
|
||||
- name: create group for xray
|
||||
group:
|
||||
name: "{{ xray_group }}"
|
||||
state: present
|
||||
become: yes
|
||||
|
||||
- name: create user for xray
|
||||
user:
|
||||
name: "{{ xray_user }}"
|
||||
group: "{{ xray_group }}"
|
||||
system: yes
|
||||
become: yes
|
||||
|
||||
- name: ensure xray_download_directory exists
|
||||
file:
|
||||
path: "{{ xray_download_directory }}"
|
||||
state: directory
|
||||
become: yes
|
||||
|
||||
- name: perform prerequisite installation
|
||||
include_tasks: "{{ ansible_os_family }}.yml"
|
||||
|
||||
- name: setup directory symlink for using custom data directory/volume
|
||||
include_tasks: custom-data-directory.yml
|
||||
when: use_custom_data_directory and custom_data_directory is defined
|
||||
|
||||
- name: ensure data subdirectories exist and have correct ownership
|
||||
file:
|
||||
path: "{{ xray_home }}/var/{{ item }}"
|
||||
state: directory
|
||||
owner: "{{ xray_user }}"
|
||||
group: "{{ xray_group }}"
|
||||
loop:
|
||||
- "etc"
|
||||
- "data"
|
||||
- "etc/info"
|
||||
- "etc/security"
|
||||
become: yes
|
||||
|
||||
- name: configure system yaml
|
||||
template:
|
||||
src: system.yaml.j2
|
||||
dest: "{{ xray_home }}/var/etc/system.yaml"
|
||||
force: no # only create if file doesn't exist
|
||||
become: yes
|
||||
|
||||
- name: configure master key
|
||||
template:
|
||||
src: master.key.j2
|
||||
dest: "{{ xray_home }}/var/etc/security/master.key"
|
||||
force: no # only create if file doesn't exist
|
||||
become: yes
|
||||
|
||||
- name: configure join key
|
||||
template:
|
||||
src: join.key.j2
|
||||
dest: "{{ xray_home }}/var/etc/security/join.key"
|
||||
force: no # only create if file doesn't exist
|
||||
become: yes
|
||||
|
||||
- name: configure installer info
|
||||
template:
|
||||
src: installer-info.json.j2
|
||||
dest: "{{ xray_home }}/var/etc/info/installer-info.json"
|
||||
force: no # only create if file doesn't exist
|
||||
become: yes
|
||||
|
||||
- name: create xray service
|
||||
shell: "{{ xray_home }}/app/bin/installService.sh"
|
||||
become: yes
|
||||
|
||||
- name: start and enable xray
|
||||
service:
|
||||
name: xray
|
||||
state: restarted
|
||||
become: yes
|
||||
@@ -0,0 +1,11 @@
|
||||
{
|
||||
"productId": "Ansible_artifactory/1.0.0",
|
||||
"features": [
|
||||
{
|
||||
"featureId": "Partner/ACC-006973"
|
||||
},
|
||||
{
|
||||
"featureId": "Channel/{{ ansible_marketplace }}"
|
||||
}
|
||||
]
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
{{ join_key }}
|
||||
@@ -0,0 +1 @@
|
||||
{{ master_key }}
|
||||
@@ -0,0 +1,39 @@
|
||||
## @formatter:off
|
||||
## JFROG ARTIFACTORY SYSTEM CONFIGURATION FILE
|
||||
## HOW TO USE: comment-out any field and keep the correct yaml indentation by deleting only the leading '#' character.
|
||||
configVersion: 1
|
||||
|
||||
## NOTE: JFROG_HOME is a place holder for the JFrog root directory containing the deployed product, the home directory for all JFrog products.
|
||||
## Replace JFROG_HOME with the real path! For example, in RPM install, JFROG_HOME=/opt/jfrog
|
||||
|
||||
## NOTE: Sensitive information such as passwords and join key are encrypted on first read.
|
||||
## NOTE: The provided commented key and value is the default.
|
||||
|
||||
## SHARED CONFIGURATIONS
|
||||
## A shared section for keys across all services in this config
|
||||
shared:
|
||||
## Base URL of the JFrog Platform Deployment (JPD)
|
||||
## This is the URL to the machine where JFrog Artifactory is deployed, or the load balancer pointing to it. It is recommended to use DNS names rather than direct IPs.
|
||||
## Examples: "http://jfrog.acme.com" or "http://10.20.30.40:8082"
|
||||
jfrogUrl: {{ jfrog_url }}
|
||||
|
||||
## Java options
|
||||
extraJavaOpts: "{{ extra_java_opts }}"
|
||||
|
||||
## Node Settings
|
||||
node:
|
||||
## A unique id to identify this node.
|
||||
## Default: auto generated at startup.
|
||||
id: {{ ansible_machine_id }}
|
||||
|
||||
## Database Configuration
|
||||
database:
|
||||
## One of: mysql, oracle, mssql, postgresql, mariadb
|
||||
## Default: Embedded derby
|
||||
|
||||
## Example for mysql/postgresql
|
||||
type: "{{ db_type }}"
|
||||
driver: "{{ db_driver }}"
|
||||
url: "{{ db_url }}"
|
||||
username: "{{ db_user }}"
|
||||
password: "{{ db_password }}"
|
||||
@@ -0,0 +1,2 @@
|
||||
localhost
|
||||
|
||||
@@ -0,0 +1,5 @@
|
||||
---
|
||||
- hosts: localhost
|
||||
remote_user: root
|
||||
roles:
|
||||
- xray
|
||||
@@ -0,0 +1,2 @@
|
||||
---
|
||||
# vars file for xray
|
||||
Reference in New Issue
Block a user