zware/JFrog-Cloud-Installers
1
0
Fork 0
mirror of https://github.com/ZwareBear/JFrog-Cloud-Installers.git synced 2026-01-21 09:06:57 -06:00
Code Issues Packages Projects Releases Wiki Activity

added readme file to install JCR with Helm with external DBs

Browse Source
This commit is contained in:
Vinay Aggarwal
2019-11-26 01:12:50 -03:00
parent 5d2fb7a659
commit d00fa3f2f7
41 changed files with 173 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
JFrogContainerRegistry/CloudFormation-JCR-ECS/scripts/roles/artifactory/README.md Normal file
View File

@@ -0,0 +1,72 @@
Artifactory Master
=========
A configuration for Artifactory through Cloud Formation. This assumes it will be tied to an AutoScale group, the
environment will have 2 boot groups. 1 with `art_primary=True` and the other `art_primary=False`. Note: The MasterKey
must match in both boot groups or they will not connect.
Requirements
------------
This role is dependent on specific inputs, but does not require any other roles.
Role Variables
--------------
artifactory_licesnes is expected as a list of Artifactory licesnse.
artifactory_server_name is the DNS name of the Artifactory instance.
certificate_domain: Domain name for the DNS name of the Artifactory instance.
s3_endpoint: S3 URL endpoint for backend storage.
s3_access_key: S3 Access key for the S3 Endpoint + Bucket.
s3_access_secret_key: S3 Secret key for the S3 Endpoint + Bucket.
s3_bucket: S3 bucket for backend storage.
certificate_key: Private Certificate Key used for NGINX to terminate SSL
certificate: Certificate used by NGINX to terminate SSL
db_type: Currently only MySQL is supported.
db_ipaddr: MySQL endpoint for the DB connection.
db_name: Name of the Database.
db_user: User with write/read permission on the `db_name`
db_password: Password for the `db_user`
art_primary: True or False (Very important that only one node is art_primary=True)
artifactory_keystore_pass: Java Keystore new Password
master_key: Master Cluster key to join the Artifactory cluster.
artifactory_version: Version of Artifactory to install.
Dependencies
------------
None
Example Playbook
----------------
```yaml
- import_playbook: site-artifactory.yml
vars:
artifactory_licenses: ${ArtifactoryLicense}
artifactory_server_name: ${ArtifactoryServerName}
certificate_domain: ${CertificateDomain}
s3_endpoint: s3.${AWS::Region}.amazonaws.com
s3_access_key: ${ArtifactoryIAMAcessKey}
s3_access_secret_key: ${SecretAccessKey}
s3_bucket: ${ArtifactoryS3Bucket}
certificate_key: ${CertificateKey}
certificate: ${Certificate}
db_type: ${DBType}
db_ipaddr: ${ArtifactoryDBEndpointAddress}
db_name: ${DatabaseName}
db_user: ${DatabaseUser}
db_password: ${DatabasePassword}
art_primary: ${ArtifactoryPrimary}
artifactory_keystore_pass: ${KeystorePassword}
master_key: ${MasterKey}
artifactory_version: ${ArtifactoryVersion}
```
License
-------
BSD
Author Information
------------------

50
JFrogContainerRegistry/CloudFormation-JCR-ECS/scripts/roles/artifactory/defaults/main.yml Normal file
View File

@@ -0,0 +1,50 @@
---
# defaults file for quickstart-jfrog-artifactory/scripts/roles/artifactory
ecs_deployment: false
db_type: mysql
db_driver: com.mysql.jdbc.Driver
db_ipaddr: 127.0.0.1
db_name: artifactory
db_user: artuser
db_password: badpassword
s3_endpoint: needs_to_be_passed
s3_access_key: needs_to_be_passed
s3_access_secret_key: needs_to_be_passed
s3_bucket: needs_to_be_passed
# Differences required for nginx as a container.
artifactory_hostname: 127.0.0.1
ssl_dir: /var/opt/jfrog/nginx/ssl
key_dir: /etc/pki/tls/private
nginx_user_id: 104
nginx_group_id: 107
certificate_key_file: /root/key
certificate_file: /root/cert
art_primary: true
java_version: java-1.8.0
extra_java_opts: -server -Xms2g -Xmx14g -Xss256k -XX:+UseG1GC
java_mysql_driver:
url: https://bintray.com/artifact/download/bintray/jcenter/mysql/mysql-connector-java/5.1.38/mysql-connector-java-5.1.38.jar
dest: /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.38.jar
owner: artifactory
group: artifactory
rds_cert:
url: https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem
dest: /root/rds-combined-ca-bundle.pem
owner: root
group: root
cert_alias: rds_ca
import_rds: true
# The Docker scripts handle this, so we do not need these variables when configuring
# A docker system that will host
artifactory_keystore_path: /etc/alternatives/jre_1.8.0/lib/security/cacerts
artifactory_keystore_default: changeit
artifactory_keystore_pass: needs_to_be_passed

46
JFrogContainerRegistry/CloudFormation-JCR-ECS/scripts/roles/artifactory/files/inactiveServerCleaner.groovy Normal file
View File

@@ -0,0 +1,46 @@
import org.artifactory.state.ArtifactoryServerState
import org.artifactory.storage.db.servers.service.ArtifactoryServersCommonService
import org.artifactory.common.ConstantValues
import org.slf4j.Logger
import java.util.concurrent.TimeUnit
jobs {
clean(interval: 90000, delay: 900000) {
runCleanupHAInactiveServers()
}
}
executions {
cleanHAInactiveServers() { params ->
runCleanupHAInactiveServers()
}
}
def runCleanupHAInactiveServers() {
def artifactoryServersCommonService = ctx.beanForType(ArtifactoryServersCommonService)
def artifactoryInactiveServerCleaner = new ArtifactoryInactiveServersCleaner(artifactoryServersCommonService, log)
artifactoryInactiveServerCleaner.cleanInactiveArtifactoryServers()
}
public class ArtifactoryInactiveServersCleaner {
private ArtifactoryServersCommonService artifactoryServersCommonService
private Logger log
ArtifactoryInactiveServersCleaner(ArtifactoryServersCommonService artifactoryServersCommonService, Logger log) {
this.artifactoryServersCommonService = artifactoryServersCommonService
this.log = log
}
def cleanInactiveArtifactoryServers() {
log.info "Executing inactive artifactory servers cleaner plugin"
List<String> allMembers = artifactoryServersCommonService.getAllArtifactoryServers()
for (member in allMembers) {
def heartbeat = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis() - member.getLastHeartbeat())
def noHeartbeat = heartbeat > ConstantValues.haHeartbeatStaleIntervalSecs.getInt()
if (member.getServerState() == ArtifactoryServerState.UNAVAILABLE || ( noHeartbeat && member.getServerState() != ArtifactoryServerState.CONVERTING && member.getServerState() != ArtifactoryServerState.STARTING )) {
try {
log.info "Inactive artifactory servers cleaning task found server ${member.serverId} to remove"
artifactoryServersCommonService.removeServer(member.serverId)
}catch (Exception e){
log.error "Error: Not able to remove ${member.serverId}, ${e.message}"
}
}
}
log.info "No inactive servers found"
}
}

7
JFrogContainerRegistry/CloudFormation-JCR-ECS/scripts/roles/artifactory/files/installer-info.json Normal file
View File

@@ -0,0 +1,7 @@
{
"productId": "JFrogInstaller_Cloudformation/1.0.0",
"features": [
{
"featureId": "MySql/5.5"
}]
}

37
JFrogContainerRegistry/CloudFormation-JCR-ECS/scripts/roles/artifactory/files/nginx.conf Normal file
View File

@@ -0,0 +1,37 @@
#user nobody;
worker_processes 1;
error_log /var/log/nginx/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
variables_hash_max_size 1024;
variables_hash_bucket_size 64;
server_names_hash_max_size 4096;
server_names_hash_bucket_size 128;
types_hash_max_size 2048;
types_hash_bucket_size 64;
proxy_read_timeout 2400s;
client_header_timeout 2400s;
client_body_timeout 2400s;
proxy_connect_timeout 75s;
proxy_send_timeout 2400s;
proxy_buffer_size 32k;
proxy_buffers 40 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 250m;
proxy_http_version 1.1;
client_body_buffer_size 128k;
include /etc/nginx/conf.d/*.conf;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
}

13
JFrogContainerRegistry/CloudFormation-JCR-ECS/scripts/roles/artifactory/handlers/main.yml Normal file
View File

@@ -0,0 +1,13 @@
---
# handlers file for quickstart-jfrog-artifactory/scripts/roles/artifactory
- name: restart nginx
service:
name: nginx
state: restarted
- name: Enable Artifactory
service:
name: artifactory
state: started
enabled: yes

53
JFrogContainerRegistry/CloudFormation-JCR-ECS/scripts/roles/artifactory/meta/main.yml Normal file
View File

@@ -0,0 +1,53 @@
galaxy_info:
author: your name
description: your description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.4
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

100
JFrogContainerRegistry/CloudFormation-JCR-ECS/scripts/roles/artifactory/tasks/configure.yml Normal file
View File

@@ -0,0 +1,100 @@
---
- name: Update Java
package:
name: "{{ java_version }}"
state: present
- name: Configure Java
alternatives:
name: java
path: /usr/lib/jvm/jre-1.8.0-openjdk.x86_64/bin/java
- name: Download Java requirements such as jbdc for mysql Driver and the RDS CA certificate
get_url:
url: "{{ item.url }}"
dest: "{{ item.dest }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
loop:
- "{{ java_mysql_driver }}"
- "{{ rds_cert }}"
- name: Import the RDS certificate into Java KeyStore
java_cert:
cert_path: "{{ rds_cert.dest }}"
cert_alias: "{{ rds_cert.cert_alias }}"
keystore_pass: "{{ artifactory_keystore_default }}" # Default JKS as you get from the Internet.
keystore_path: "{{ artifactory_keystore_path }}"
when: import_rds == true
register: r_java_cert
failed_when: "'Not found' in r_java_cert"
- name: Change Keystore password
command: keytool -storepasswd -keystore {{ artifactory_keystore_path }} -storepass {{ artifactory_keystore_default }} -new {{ artifactory_keystore_pass }}
no_log: true
when: r_java_cert.rc == 0
- name: Configure Java
lineinfile:
path: /var/opt/jfrog/artifactory/etc/default
line: export JAVA_OPTIONS="$JAVA_OPTIONS {{ extra_java_opts }}"
create: yes
- name: Configure Ping
lineinfile:
path: /var/opt/jfrog/artifactory/etc/artifactory.system.properties
line: artifactory.ping.allowUnauthenticated=true
create: yes
- name: All File/Folders required for Artifactory configuration
file:
path: "{{ item.path }}"
state: "{{ item.state }}"
owner: artifactory
group: artifactory
loop:
- path: /var/opt/jfrog/artifactory/etc/security/
state: directory
- path: /var/opt/jfrog/artifactory/etc/plugins
state: directory
- path: /var/opt/jfrog/artifactory/etc/info
state: directory
- name: Template of the properties and certs as requires for Artifactory
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: artifactory
group: artifactory
mode: '0664'
loop:
- src: db.properties.j2
dest: /var/opt/jfrog/artifactory/etc/db.properties
- src: binarystore.xml.j2
dest: /var/opt/jfrog/artifactory/etc/binarystore.xml
- src: ha-node.properties.j2
dest: /var/opt/jfrog/artifactory/etc/ha-node.properties
- src: master.key.j2
dest: /var/opt/jfrog/artifactory/etc/security/master.key
- src: certificate.pem.j2
dest: "{{ ssl_dir }}/cert.pem"
- src: certificate.key.j2
dest: "{{ key_dir }}/cert.key"
- src: artifactory.cluster.license.j2
dest: /var/opt/jfrog/artifactory/etc/artifactory.cluster.license
- name: Copy all static files required for Artifactory
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: artifactory
group: artifactory
mode: "{{ item.mode }}"
loop:
- src: inactiveServerCleaner.groovy
dest: /var/opt/jfrog/artifactory/etc/plugins/inactiveServerCleaner.groovy
mode: '0660'
- src: installer-info.json
dest: /var/opt/jfrog/artifactory/etc/info/installer-info.json
mode: '0660'

83
JFrogContainerRegistry/CloudFormation-JCR-ECS/scripts/roles/artifactory/tasks/configure_ecs.yml Normal file
View File

@@ -0,0 +1,83 @@
---
- name: All File/Folders required for Artifactory configuration
file:
path: "{{ item.path }}"
state: "{{ item.state }}"
owner: root
group: root
loop:
- path: /data/jfrog/artifactory/etc/ # Needs mapped to /artifactory_extra_conf
state: directory
- path: /data/jfrog/artifactory/tmp/plugins # Needs mapped to /tmp/plugins
state: directory
- path: /data/jfrog/artifactory/java_certs # Needs mapped to /artifactory_extra_certs
state: directory
- path: /data/jfrog/artifactory/plugins # Needs mapped to /opt/jfrog/artifactory/tomcat/lib/
state: directory
- name: Download Java requirements such as jbdc for mysql Driver and the RDS CA certificate
get_url:
url: "{{ item.url }}"
dest: "{{ item.dest }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
loop:
- "{{ java_mysql_driver }}"
- "{{ rds_cert }}"
- name: Template of the properties as requires for Artifactory
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: '0664'
loop:
- src: binarystore.xml.j2
dest: /data/jfrog/artifactory/etc/binarystore.xml
- src: artifactory.cluster.license.j2
dest: /data/jfrog/artifactory/etc/artifactory.cluster.license
- name: All File/Folders required for Artifactory configuration
file:
path: "{{ item.path }}"
state: "{{ item.state }}"
owner: "{{ nginx_user_id }}"
group: "{{ nginx_group_id }}"
loop:
- path: /data/jfrog/nginx/ssl # Mapped to /var/opt/jfrog/nginx
state: directory
- path: /data/jfrog/nginx/conf.d # Mapped to /var/opt/jfrog/nginx
state: directory
- name: Template nginx files as requires for Artifactory
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ nginx_user_id }}"
group: "{{ nginx_group_id }}"
mode: '0664'
loop:
- src: certificate.pem.j2
dest: "{{ ssl_dir }}cert.pem"
- src: certificate.key.j2
dest: "{{ key_dir }}cert.key"
- src: artifactory.conf.j2
dest: /data/jfrog/nginx/conf.d/artifactory.conf
- name: Copy all static files required for Artifactory
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
loop:
- src: inactiveServerCleaner.groovy
dest: /data/jfrog/artifactory/tmp/plugins/inactiveServerCleaner.groovy
mode: '0777'

18
JFrogContainerRegistry/CloudFormation-JCR-ECS/scripts/roles/artifactory/tasks/install.yml Normal file
View File

@@ -0,0 +1,18 @@
---
- name: Add Artifactory Repo
yum_repository:
name: bintray--jfrog-artifactory-pro-rpms
description: bintray--jfrog-artifactory-pro-rpms
baseurl: https://jfrog.bintray.com/artifactory-pro-rpms
gpgcheck: no
enabled: yes
- name: Install Artifactory from RPM
yum:
name: "jfrog-artifactory-pro-{{ artifactory_version }}"
state: installed
releasever: "{{ artifactory_version }}"
enablerepo: bintray--jfrog-artifactory-pro-rpms
disablerepo: "epel,amzn-main,amzn-updates"
notify: Enable Artifactory

17
JFrogContainerRegistry/CloudFormation-JCR-ECS/scripts/roles/artifactory/tasks/main.yml Normal file
View File

@@ -0,0 +1,17 @@
---
# tasks file for quickstart-jfrog-artifactory/scripts/roles/artifactory
- name: Configure an Instance to host Artifactory
include: "{{ item.name }}"
when: ecs_deployment == false
loop:
- name: install.yml
- name: configure.yml
- name: nginx-setup.yml
- name: Configure ECS EC2 Node to host an Artifactory Container
include: configure_ecs.yml
when: ecs_deployment == true

26
JFrogContainerRegistry/CloudFormation-JCR-ECS/scripts/roles/artifactory/tasks/nginx-setup.yml Normal file
View File

@@ -0,0 +1,26 @@
---
# Tasks for configuring NGINX for Artifactory
- name: Ensure latest nginx is installed
package:
name: nginx
state: latest
- name: Configure main NGINX conf file.
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0755'
notify: restart nginx
- name: Configure the Artifactory NGINX conf
template:
src: artifactory.conf.j2
dest: /etc/nginx/conf.d/artifactory.conf
owner: root
group: root
mode: '0755'
notify: restart nginx

18
JFrogContainerRegistry/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/artifactory.cluster.license.j2 Normal file
View File

@@ -0,0 +1,18 @@
{% if artifactory_license1 |length %}
{{ artifactory_license1 }}
{% endif %}
{% if artifactory_license2 |length %}
{{ artifactory_license2 }}
{% endif %}
{% if artifactory_license3 |length %}
{{ artifactory_license3 }}
{% endif %}
{% if artifactory_license4 |length %}
{{ artifactory_license4 }}
{% endif %}

33
JFrogContainerRegistry/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/artifactory.conf.j2 Normal file
View File

@@ -0,0 +1,33 @@
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_certificate {{ ssl_dir }}/cert.pem;
ssl_certificate_key {{ key_dir }}/cert.key;
ssl_session_cache shared:SSL:1m;
ssl_prefer_server_ciphers on;
## server configuration
server {
listen 443 ssl;
listen 80 ;
server_name {{ artifactory_server_name }}.{{ certificate_domain }} ~(?<repo>.+)\.{{ certificate_domain }};
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
## Application specific logs
## access_log /var/log/nginx/artifactory-access.log timing;
## error_log /var/log/nginx/artifactory-error.log;
rewrite ^/$ /artifactory/webapp/ redirect;
rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect;
rewrite ^/(v2)/(.*) /artifactory/$1/$2;
chunked_transfer_encoding on;
client_max_body_size 0;
location /artifactory/ {
proxy_read_timeout 900;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
proxy_pass http://{{ artifactory_hostname }}:8081/artifactory/;
proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

38
JFrogContainerRegistry/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/binarystore.xml.j2 Normal file
View File

@@ -0,0 +1,38 @@
<config version="2">
<chain> <!--template="cluster-s3"-->
<provider id="cache-fs-eventual-s3" type="cache-fs">
<provider id="sharding-cluster-eventual-s3" type="sharding-cluster">
<sub-provider id="eventual-cluster-s3" type="eventual-cluster">
<provider id="retry-s3" type="retry">
<provider id="s3" type="s3"/>
</provider>
</sub-provider>
<dynamic-provider id="remote-s3" type="remote"/>
</provider>
</provider>
</chain>
<provider id="sharding-cluster-eventual-s3" type="sharding-cluster">
<readBehavior>crossNetworkStrategy</readBehavior>
<writeBehavior>crossNetworkStrategy</writeBehavior>
<redundancy>2</redundancy>
<lenientLimit>1</lenientLimit>
<property name="zones" value="local,remote"/>
</provider>
<provider id="remote-s3" type="remote">
<zone>remote</zone>
</provider>
<provider id="eventual-cluster-s3" type="eventual-cluster">
<zone>local</zone>
</provider>
<provider id="s3" type="s3">
<endpoint>{{ s3_endpoint }}</endpoint>
<identity>{{ s3_access_key }}</identity>
<credential>{{ s3_access_secret_key }}</credential>
<bucketName>{{ s3_bucket }}</bucketName>
<property name="s3service.server-side-encryption" value="AES256"/>
</provider>
</config>

1
JFrogContainerRegistry/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/certificate.key.j2 Normal file
View File

@@ -0,0 +1 @@
{{ certificate_key | b64decode }}

2
JFrogContainerRegistry/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/certificate.pem.j2 Normal file
View File

@@ -0,0 +1,2 @@
{{ certificate | b64decode }}

5
JFrogContainerRegistry/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/db.properties.j2 Normal file
View File

@@ -0,0 +1,5 @@
type={{ db_type }}
driver={{ db_driver }}
url=jdbc:mysql://{{ db_ipaddr }}:3306/{{ db_name }}?characterEncoding=UTF-8&elideSetAutoCommits=true&verifyServerCertificate=true&useSSL=true&requireSSL=true
username={{ db_user }}
password={{ db_password }}

9
JFrogContainerRegistry/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/ha-node.properties.j2 Normal file
View File

@@ -0,0 +1,9 @@
{% if art_primary == True %}
node.id=primary
{% else %}
node.id={{ ansible_hostname }}
{% endif %}
artifactory.ha.data.dir=/var/opt/jfrog/artifactory/data
context.url=http://{{ ansible_default_ipv4.address }}:8081/artifactory
membership.port=0
primary={{ art_primary }}

1
JFrogContainerRegistry/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/master.key.j2 Normal file
View File

@@ -0,0 +1 @@
{{ master_key }}