mirror of
https://github.com/ZwareBear/JFrog-Cloud-Installers.git
synced 2026-01-21 12:06:56 -06:00
ARM templates changes to met MS requirements
This commit is contained in:
danielmkn
171
JFrogContainerRegistry/AzureResourceManager/scripts/install_artifactory.sh
Executable file → Normal file
171
JFrogContainerRegistry/AzureResourceManager/scripts/install_artifactory.sh
Executable file → Normal file
@@ -4,51 +4,21 @@ DB_NAME=$(cat /var/lib/cloud/instance/user-data.txt | grep "^DB_NAME=" | sed "s/
|
||||
DB_USER=$(cat /var/lib/cloud/instance/user-data.txt | grep "^DB_ADMIN_USER=" | sed "s/DB_ADMIN_USER=//")
|
||||
DB_PASSWORD=$(cat /var/lib/cloud/instance/user-data.txt | grep "^DB_ADMIN_PASSWD=" | sed "s/DB_ADMIN_PASSWD=//")
|
||||
STORAGE_ACCT=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_ACT_NAME=" | sed "s/STO_ACT_NAME=//")
|
||||
STORAGE_ACT_ENDPOINT=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_ACT_ENDPOINT=" | sed "s/STO_ACT_ENDPOINT=//")
|
||||
STORAGE_CONTAINER=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_CTR_NAME=" | sed "s/STO_CTR_NAME=//")
|
||||
STORAGE_ACCT_KEY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_ACT_KEY=" | sed "s/STO_ACT_KEY=//")
|
||||
ARTIFACTORY_EDITION=$(cat /var/lib/cloud/instance/user-data.txt | grep "^ARTIFACTORY_EDITION=" | sed "s/ARTIFACTORY_EDITION=//")
|
||||
ARTIFACTORY_VERSION=$(cat /var/lib/cloud/instance/user-data.txt | grep "^ARTIFACTORY_VERSION=" | sed "s/ARTIFACTORY_VERSION=//")
|
||||
MASTER_KEY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^MASTER_KEY=" | sed "s/MASTER_KEY=//")
|
||||
JFROG_JOIN_KEY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^JOIN_KEY=" | sed "s/JOIN_KEY=//")
|
||||
IS_PRIMARY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^IS_PRIMARY=" | sed "s/IS_PRIMARY=//")
|
||||
|
||||
#disable firewalld, also disable selinux. Both block traffic from load balancer.
|
||||
systemctl stop firewalld
|
||||
setenforce Permissive
|
||||
|
||||
# install the wget and curl
|
||||
yum -y install wget curl>> /tmp/install-curl.log 2>&1
|
||||
UBUNTU_CODENAME=$(cat /etc/lsb-release | grep "^DISTRIB_CODENAME=" | sed "s/DISTRIB_CODENAME=//")
|
||||
|
||||
yum -y install java-1.8.0-openjdk >> /tmp/install-java.log 2>&1
|
||||
#yum -y install java-11-openjdk >> /tmp/install-java.log 2>&1
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
#Generate Self-Signed Cert
|
||||
mkdir -p /etc/pki/tls/private/ /etc/pki/tls/certs/
|
||||
openssl req -nodes -x509 -newkey rsa:4096 -keyout /etc/pki/tls/private/example.key -out /etc/pki/tls/certs/example.pem -days 356 -subj "/C=US/ST=California/L=SantaClara/O=IT/CN=*.localhost"
|
||||
|
||||
setenforce 0
|
||||
sed -i -e "s/SELINUX=.*/SELINUX=permissive/" /etc/sysconfig/selinux
|
||||
wget https://bintray.com/jfrog/artifactory-pro-rpms/rpm -O bintray-jfrog-artifactory-pro-rpms.repo
|
||||
mv bintray-jfrog-artifactory-pro-rpms.repo /etc/yum.repos.d/
|
||||
wget https://bintray.com/jfrog/artifactory-rpms/rpm -O bintray-jfrog-artifactory-rpms.repo;
|
||||
mv bintray-jfrog-artifactory-rpms.repo /etc/yum.repos.d/
|
||||
|
||||
yum -y install ${ARTIFACTORY_EDITION}-${ARTIFACTORY_VERSION} >> /tmp/install-artifactory.log 2>&1
|
||||
|
||||
cat > /etc/yum.repos.d/nginx.repo <<EOF
|
||||
[nginx]
|
||||
name=nginx repo
|
||||
baseurl=http://nginx.org/packages/mainline/rhel/7/\$basearch/
|
||||
gpgcheck=0
|
||||
enabled=1
|
||||
EOF
|
||||
yum -y install nginx>> /tmp/install-nginx.log 2>&1
|
||||
|
||||
#Install database drivers
|
||||
curl -L -o /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.38.jar https://bintray.com/artifact/download/bintray/jcenter/mysql/mysql-connector-java/5.1.38/mysql-connector-java-5.1.38.jar
|
||||
curl -L -o /opt/jfrog/artifactory/tomcat/lib/mssql-jdbc-6.2.1.jre8.jar https://bintray.com/artifact/download/bintray/jcenter/com/microsoft/sqlserver/mssql-jdbc/6.2.1.jre8/mssql-jdbc-6.2.1.jre8.jar
|
||||
curl -L -o /opt/jfrog/artifactory/tomcat/lib/postgresql-9.4.1212.jar https://jdbc.postgresql.org/download/postgresql-9.4.1212.jar
|
||||
|
||||
CERTIFICATE_DOMAIN=$(cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE_DOMAIN=" | sed "s/CERTIFICATE_DOMAIN=//")
|
||||
[ -z "$CERTIFICATE_DOMAIN" ] && CERTIFICATE_DOMAIN=artifactory
|
||||
|
||||
@@ -100,16 +70,60 @@ cat <<EOF >/etc/nginx/nginx.conf
|
||||
}
|
||||
EOF
|
||||
|
||||
rm /etc/nginx/conf.d/default.conf
|
||||
|
||||
|
||||
mkdir -p /var/opt/jfrog/artifactory/etc/security
|
||||
|
||||
cat <<EOF >/var/opt/jfrog/artifactory/etc/security/master.key
|
||||
${MASTER_KEY}
|
||||
cat <<EOF >/etc/nginx/conf.d/artifactory.conf
|
||||
ssl_certificate /etc/pki/tls/certs/cert.pem;
|
||||
ssl_certificate_key /etc/pki/tls/private/cert.key;
|
||||
ssl_session_cache shared:SSL:1m;
|
||||
ssl_prefer_server_ciphers on;
|
||||
## server configuration
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen 80 ;
|
||||
server_name ~(?<repo>.+)\\.${CERTIFICATE_DOMAIN} artifactory ${ARTIFACTORY_SERVER_NAME}.${CERTIFICATE_DOMAIN};
|
||||
if (\$http_x_forwarded_proto = '') {
|
||||
set \$http_x_forwarded_proto \$scheme;
|
||||
}
|
||||
## Application specific logs
|
||||
## access_log /var/log/nginx/artifactory-access.log timing;
|
||||
## error_log /var/log/nginx/artifactory-error.log;
|
||||
rewrite ^/$ /artifactory/webapp/ redirect;
|
||||
rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect;
|
||||
rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/\$repo/\$1/\$2;
|
||||
chunked_transfer_encoding on;
|
||||
client_max_body_size 0;
|
||||
location /artifactory/ {
|
||||
proxy_read_timeout 2400;
|
||||
proxy_pass_header Server;
|
||||
proxy_cookie_path ~*^/.* /;
|
||||
proxy_pass http://127.0.0.1:8081/artifactory/;
|
||||
proxy_set_header X-Artifactory-Override-Base-Url
|
||||
\$http_x_forwarded_proto://\$host:\$server_port/artifactory;
|
||||
proxy_set_header X-Forwarded-Port \$server_port;
|
||||
proxy_set_header X-Forwarded-Proto \$http_x_forwarded_proto;
|
||||
proxy_set_header Host \$http_host;
|
||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
HOSTNAME=$(ip route get 8.8.8.8 | awk '{print $NF; exit}')
|
||||
|
||||
if [ "${IS_PRIMARY}" = "true" ]; then
|
||||
NODE_NAME=art-primary
|
||||
else
|
||||
NODE_NAME=art-$(date +%s$RANDOM)
|
||||
fi
|
||||
|
||||
cat <<EOF >/var/opt/jfrog/artifactory/etc/ha-node.properties
|
||||
node.id=${NODE_NAME}
|
||||
artifactory.ha.data.dir=/var/opt/jfrog/artifactory/data
|
||||
context.url=http://${HOSTNAME}:8081/artifactory
|
||||
access.context.url=http://${HOSTNAME}:8081/access
|
||||
membership.port=10001
|
||||
hazelcast.interface=${HOSTNAME}
|
||||
primary=${IS_PRIMARY}
|
||||
EOF
|
||||
|
||||
# in case of JCR or OSS, use non-ha mode, also use derby, also do not create binary store xml
|
||||
cat <<EOF >/var/opt/jfrog/artifactory/etc/db.properties
|
||||
type=mssql
|
||||
driver=com.microsoft.sqlserver.jdbc.SQLServerDriver
|
||||
@@ -117,6 +131,13 @@ url=${DB_URL};databaseName=${DB_NAME};sendStringParametersAsUnicode=false;applic
|
||||
username=${DB_USER}
|
||||
password=${DB_PASSWORD}
|
||||
EOF
|
||||
|
||||
mkdir -p /var/opt/jfrog/artifactory/etc/security
|
||||
|
||||
cat <<EOF >/var/opt/jfrog/artifactory/etc/security/master.key
|
||||
${MASTER_KEY}
|
||||
EOF
|
||||
|
||||
cat <<EOF >/var/opt/jfrog/artifactory/etc/binarystore.xml
|
||||
<config version="2">
|
||||
<chain>
|
||||
@@ -153,72 +174,12 @@ cat <<EOF >/var/opt/jfrog/artifactory/etc/binarystore.xml
|
||||
<provider id="azure-blob-storage" type="azure-blob-storage">
|
||||
<accountName>${STORAGE_ACCT}</accountName>
|
||||
<accountKey>${STORAGE_ACCT_KEY}</accountKey>
|
||||
<endpoint>https://${STORAGE_ACCT}.blob.core.windows.net/</endpoint>
|
||||
<endpoint>${STORAGE_ACT_ENDPOINT}</endpoint>
|
||||
<containerName>${STORAGE_CONTAINER}</containerName>
|
||||
</provider>
|
||||
</config>
|
||||
EOF
|
||||
|
||||
# begin JCR specific setup
|
||||
|
||||
cat <<EOF >/etc/nginx/conf.d/artifactory.conf
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
|
||||
ssl_certificate /etc/pki/tls/certs/cert.pem;
|
||||
ssl_certificate_key /etc/pki/tls/private/cert.key;
|
||||
ssl_session_cache shared:SSL:1m;
|
||||
ssl_prefer_server_ciphers on;
|
||||
## server configuration
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen 80 ;
|
||||
server_name ~(?<repo>.+)\\.${CERTIFICATE_DOMAIN} artifactory ${ARTIFACTORY_SERVER_NAME}.${CERTIFICATE_DOMAIN} ${CERTIFICATE_DOMAIN};
|
||||
if (\$http_x_forwarded_proto = '') {
|
||||
set \$http_x_forwarded_proto \$scheme;
|
||||
}
|
||||
## Application specific logs
|
||||
## access_log /var/log/nginx/artifactory-access.log timing;
|
||||
## error_log /var/log/nginx/artifactory-error.log;
|
||||
rewrite ^/$ /artifactory/webapp/ redirect;
|
||||
rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect;
|
||||
|
||||
rewrite ^/(v2)/(.*) /artifactory/\$1/\$2;
|
||||
|
||||
chunked_transfer_encoding on;
|
||||
client_max_body_size 0;
|
||||
location /artifactory/ {
|
||||
proxy_read_timeout 2400;
|
||||
proxy_pass_header Server;
|
||||
proxy_cookie_path ~*^/.* /;
|
||||
|
||||
proxy_pass http://127.0.0.1:8081/artifactory/;
|
||||
proxy_set_header X-Artifactory-Override-Base-Url \$http_x_forwarded_proto://\$host:\$server_port/artifactory;
|
||||
proxy_set_header X-Forwarded-Port \$server_port;
|
||||
proxy_set_header X-Forwarded-Proto \$http_x_forwarded_proto;
|
||||
proxy_set_header Host \$http_host;
|
||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
# end JCR specific setup
|
||||
|
||||
|
||||
# callhome metadata
|
||||
mkdir -p /var/opt/jfrog/artifactory/etc/info
|
||||
cat <<EOF >/var/opt/jfrog/artifactory/etc/info/installer-info.json
|
||||
{
|
||||
"productId": "JFrogInstaller_AzureMP/${ARTIFACTORY_VERSION}",
|
||||
"features": [
|
||||
{
|
||||
"featureId": "ArtifactoryVersion/${ARTIFACTORY_EDITION}-${ARTIFACTORY_VERSION}"
|
||||
},
|
||||
{
|
||||
"featureId": "Platform/azure-mp-vm-jcr"
|
||||
}
|
||||
]
|
||||
}
|
||||
EOF
|
||||
|
||||
HOSTNAME=$(hostname -i)
|
||||
sed -i -e "s/art1/art-$(date +%s$RANDOM)/" /var/opt/jfrog/artifactory/etc/ha-node.properties
|
||||
sed -i -e "s/127.0.0.1/$HOSTNAME/" /var/opt/jfrog/artifactory/etc/ha-node.properties
|
||||
@@ -232,16 +193,14 @@ cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE_KEY=" | sed "s/CE
|
||||
cat /tmp/temp.key | sed 's/KEY----- /&\n/' | sed 's/ -----END/\n-----END/' | awk '{if($0 ~ /----/) {print;} else { gsub(/ /,"\n");print;}}' > /etc/pki/tls/private/cert.key
|
||||
rm /tmp/temp.key
|
||||
|
||||
echo "artifactory.ping.allowUnauthenticated=true" >> /var/opt/jfrog/artifactory/etc/artifactory.system.properties
|
||||
EXTRA_JAVA_OPTS=$(cat /var/lib/cloud/instance/user-data.txt | grep "^EXTRA_JAVA_OPTS=" | sed "s/EXTRA_JAVA_OPTS=//")
|
||||
[ -z "$EXTRA_JAVA_OPTS" ] && EXTRA_JAVA_OPTS='-server -Xms2g -Xmx6g -Xss256k -XX:+UseG1GC -XX:OnOutOfMemoryError="kill -9 %p"'
|
||||
echo "export JAVA_OPTIONS=\"${EXTRA_JAVA_OPTS}\"" >> /var/opt/jfrog/artifactory/etc/default
|
||||
chown artifactory:artifactory -R /var/opt/jfrog/artifactory/* && chown artifactory:artifactory -R /var/opt/jfrog/artifactory/etc/security && chown artifactory:artifactory -R /var/opt/jfrog/artifactory/etc/*
|
||||
|
||||
# start Artifactory
|
||||
sleep $((RANDOM % 120))
|
||||
sleep $((RANDOM % 240))
|
||||
service artifactory start
|
||||
service nginx start
|
||||
nginx -s reload
|
||||
echo "INFO: Artifactory JCR installation completed."
|
||||
|
||||
echo "INFO: Artifactory installation completed." > /tmp/artifactory-install.log
|
||||
|
||||
Reference in New Issue
Block a user