zware/JFrog-Cloud-Installers
1
0
Fork 0
mirror of https://github.com/ZwareBear/JFrog-Cloud-Installers.git synced 2026-01-21 05:06:56 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add new templates for RT 7.15.3 and Xray 3.17.4

Browse Source
This commit is contained in:
Alex Hung
2021-02-19 12:13:54 -08:00
parent fe08f1896f
commit d46a74b247
7 changed files with 913 additions and 765 deletions
Download Patch File Download Diff File Expand all files Collapse all files

345
Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-instance.template.yaml
View File

@@ -1,345 +0,0 @@
AWSTemplateFormatVersion: "2010-09-09"
Description: "Deploys the EC2 Autoscaling, LaunchConfig and Instance for Artifactory (qs-1qpmmjh5o)"
Parameters:
PrivateSubnet1Id:
Type: 'AWS::EC2::Subnet::Id'
PrivateSubnet2Id:
Type: 'AWS::EC2::Subnet::Id'
MinScalingNodes:
Type: Number
MaxScalingNodes:
Type: Number
DeploymentTag:
Type: String
HostRole:
Type: String
AmiId:
Type: String
ArtifactoryProduct:
Type: String
QsS3BucketName:
Type: String
QsS3KeyPrefix:
Type: String
QsS3Uri:
Type: String
ArtifactoryLicense1:
Type: String
ArtifactoryLicense2:
Type: String
ArtifactoryLicense3:
Type: String
ArtifactoryLicense4:
Type: String
ArtifactoryLicense5:
Type: String
ArtifactoryLicense6:
Type: String
ArtifactoryServerName:
Type: String
Certificate:
Type: String
CertificateKey:
Type: String
NoEcho: 'true'
CertificateDomain:
Type: String
EnableSSL:
Type: String
ArtifactoryIamAcessKey:
Type: String
NoEcho: 'true'
SecretAccessKey:
Type: String
NoEcho: 'true'
ArtifactoryS3Bucket:
Type: String
DatabaseUrl:
Type: String
DatabaseDriver:
Type: String
DatabasePluginUrl:
Type: String
DatabasePlugin:
Type: String
DatabaseType:
Type: String
DatabaseUser:
Type: String
DatabasePassword:
Type: String
NoEcho: 'true'
ArtifactoryPrimary:
Type: String
MasterKey:
Type: String
NoEcho: 'true'
ExtraJavaOptions:
Type: String
ArtifactoryVersion:
Type: String
KeyPairName:
Type: AWS::EC2::KeyPair::KeyName
TargetGroupARN:
Type: String
SSLTargetGroupARN:
Type: String
InternalTargetGroupARN:
Type: String
HostProfile:
Type: String
SecurityGroups:
Type: String
InstanceType:
Type: String
VolumeSize:
Type: Number
KeystorePassword:
Description: Default Keystore from Java in which we upgrade.
Type: String
NoEcho: 'true'
AnsibleVaultPass:
Description: Ansiblevault Password to secure the artifactory.yml
Type: String
NoEcho: 'true'
Mappings:
AWSAMIRegionMap:
us-east-1:
"Artifactory7125": ami-02dc25a6b0c7c20f9
us-east-2:
"Artifactory7125": ami-0a282b74eef1c84b5
us-west-1:
"Artifactory7125": ami-0e426b68e4ce468ff
us-west-2:
"Artifactory7125": ami-0ea26f5ddc490f184
ca-central-1:
"Artifactory7125": ami-0f422f5980aeba60f
eu-central-1:
"Artifactory7125": ami-05df4fbab56afe702
eu-west-1:
"Artifactory7125": ami-05386b580a110a49a
eu-west-2:
"Artifactory7125": ami-094b79d303c9e1e0d
eu-west-3:
"Artifactory7125": ami-0ed4d6971439caf27
ap-southeast-1:
"Artifactory7125": ami-01ec4e8b4ffbf7dc1
ap-southeast-2:
"Artifactory7125": ami-0ccb1a939c83d8062
ap-south-1:
"Artifactory7125": ami-078c43a083b6500be
ap-northeast-1:
"Artifactory7125": ami-0695fd32ca193cccd
ap-northeast-2:
"Artifactory7125": ami-0a03d23e6dc213b5e
sa-east-1:
"Artifactory7125": ami-0b831f8403d6979d4
us-gov-west-1:
"Artifactory7125": ami-0a626a31c3b8854d6
ArtifactoryProductMap:
JFrog-Container-Registry:
"7125": "Jcr7125"
product: "jcr"
JFrog-Artifactory-Pro:
"7125": "Artifactory7125"
product: "artifactory"
Resources:
ArtifactoryScalingGroup:
Type: 'AWS::AutoScaling::AutoScalingGroup'
Properties:
LaunchConfigurationName: !Ref ArtifactoryLaunchConfiguration
VPCZoneIdentifier:
- !Ref PrivateSubnet1Id
- !Ref PrivateSubnet2Id
MinSize: !Ref MinScalingNodes
MaxSize: !Ref MaxScalingNodes
Cooldown: '300'
DesiredCapacity: !Ref MinScalingNodes
TargetGroupARNs:
- !Ref TargetGroupARN
- !Ref SSLTargetGroupARN
- !Ref InternalTargetGroupARN
HealthCheckType: ELB
HealthCheckGracePeriod: 900
Tags:
- Key: Name
Value: !Ref DeploymentTag
PropagateAtLaunch: true
CreationPolicy:
ResourceSignal:
Count: 1
Timeout: PT30M
ArtifactoryLaunchConfiguration:
Type: 'AWS::AutoScaling::LaunchConfiguration'
Metadata:
'AWS::CloudFormation::Authentication':
S3AccessCreds:
type: S3
roleName:
- !Ref HostRole # !Ref ArtifactoryHostRole
buckets:
- !Ref QsS3BucketName
'AWS::CloudFormation::Init':
configSets:
artifactory_install:
- "config-artifactory-master"
- "secure-artifactory"
config-artifactory-master:
files:
/root/.jfrog_ami/artifactory.yml:
content: !Sub
- |
# Base install for Artifactory
- import_playbook: site-artifactory.yml
vars:
artifactory_license1: ${ArtifactoryLicense1}
artifactory_license2: ${ArtifactoryLicense2}
artifactory_license3: ${ArtifactoryLicense3}
artifactory_license4: ${ArtifactoryLicense4}
artifactory_license5: ${ArtifactoryLicense5}
artifactory_license6: ${ArtifactoryLicense6}
artifactory_product: ${product}
artifactory_flavour: "{{ 'pro' if '${product}' == 'artifactory' else 'jcr' if '${product}' == 'jcr' }}"
artifactory_server_name: ${ArtifactoryServerName}
server_name: ${ArtifactoryServerName}.${CertificateDomain}
s3_region: ${AWS::Region}
s3_access_key: ${ArtifactoryIamAcessKey}
s3_access_secret_key: ${SecretAccessKey}
s3_bucket: ${ArtifactoryS3Bucket}
certificate: ${Certificate}
certificate_key: ${CertificateKey}
certificate_domain: ${CertificateDomain}
enable_ssl: ${EnableSSL}
ssl_dir: /etc/pki/tls/certs
db_type: ${DatabaseType}
db_driver: ${DatabaseDriver}
db_url: ${DatabaseUrl}
db_user: ${DatabaseUser}
db_password: ${DatabasePassword}
# db_download_url: https://jdbc.postgresql.org/download/postgresql-42.2.12.jar
art_primary: ${ArtifactoryPrimary}
master_key: ${MasterKey}
join_key: ${MasterKey}
extra_java_opts: ${ExtraJavaOptions}
artifactory_version: ${ArtifactoryVersion}
artifactory_keystore:
path: /opt/jfrog/artifactory/app/third-party/java/lib/security/cacerts
default_password: changeit
new_keystore_pass: ${KeystorePassword}
artifactory_java_db_drivers:
- name: ${DatabasePlugin}
url: ${DatabasePluginUrl}
owner: artifactory
group: artifactory
- {
product: !FindInMap [ArtifactoryProductMap, !Ref ArtifactoryProduct, product]
}
mode: "0400"
/root/.vault_pass.txt:
content: !Sub |
${AnsibleVaultPass}
mode: "0400"
/root/.secureit.sh:
content:
ansible-vault encrypt /root/.jfrog_ami/artifactory.yml --vault-id /root/.vault_pass.txt
mode: "0770"
secure-artifactory:
commands:
'secure ansible playbook':
command: '/root/.secureit.sh'
ignoreErrors: 'false'
Properties:
AssociatePublicIpAddress: false
KeyName: !Ref KeyPairName
IamInstanceProfile: !Ref HostProfile
ImageId: !FindInMap
- AWSAMIRegionMap
- !Ref 'AWS::Region'
- !FindInMap
- ArtifactoryProductMap
- !Ref ArtifactoryProduct
- !Ref AmiId
SecurityGroups:
- !Ref SecurityGroups
InstanceType: !Ref InstanceType
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
VolumeSize: !Ref VolumeSize
VolumeType: gp2
DeleteOnTermination: true
UserData:
'Fn::Base64':
!Sub |
#!/bin/bash -x
#CFN Functions
function cfn_fail
{
cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource ArtifactoryScalingGroup
exit 1
}
function cfn_success
{
cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource ArtifactoryScalingGroup
exit 0
}
S3URI=${QsS3Uri}
# yum install -y git
echo $PATH
PATH=/opt/aws/bin:$PATH
echo $PATH
echo \'[Cloning: Load QuickStart Common Utils]\'
# git clone https://github.com/aws-quickstart/quickstart-linux-utilities.git
source /quickstart-linux-utilities/quickstart-cfn-tools.source
echo \'[Loaded: Load QuickStart Common Utils]\'
echo \'[Update Operating System]\'
qs_update-os || qs_err
qs_bootstrap_pip || qs_err
qs_aws-cfn-bootstrap || qs_err
source ~/venv/bin/activate &> /var/log/userdata.activate_venv.log || qs_err " activate venv failed "
# CentOS cloned virtual machines do not create a new machine id
# https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/
rm -f /etc/machine-id
systemd-machine-id-setup
# mkdir ~/.artifactory_ansible
# aws s3 --region ${AWS::Region} sync s3://${QsS3BucketName}/${QsS3KeyPrefix}cloudInstallerScripts/ ~/.artifactory_ansible/
cfn-init -v --stack ${AWS::StackName} --resource ArtifactoryLaunchConfiguration --configsets artifactory_install --region ${AWS::Region} || cfn_fail
export ANSIBLE_VAULT_PASSWORD_FILE="/root/.vault_pass.txt"
setsebool httpd_can_network_connect 1 -P
ansible-playbook /root/.jfrog_ami/artifactory.yml || qs_err " ansible execution failed "
rm -rf /root/.secureit.sh
[ $(qs_status) == 0 ] && cfn_success || cfn_fail

259
Amazon/Marketplace/v7125/templates/jfrog-xray-ec2-instance.template.yaml
View File

@@ -1,259 +0,0 @@
AWSTemplateFormatVersion: "2010-09-09"
Description: "Deploys the EC2 Autoscaling, LaunchConfig and Instance for Xray"
Parameters:
PrivateSubnet1Id:
Type: 'AWS::EC2::Subnet::Id'
PrivateSubnet2Id:
Type: 'AWS::EC2::Subnet::Id'
KeyPairName:
Type: AWS::EC2::KeyPair::KeyName
MinScalingNodes:
Type: Number
MaxScalingNodes:
Type: Number
DeploymentTag:
Type: String
QsS3BucketName:
Type: String
QsS3KeyPrefix:
Type: String
QsS3Uri:
Type: String
DatabaseDriver:
Type: String
DatabaseType:
Type: String
DatabaseUser:
Type: String
DatabasePassword:
Type: String
NoEcho: 'true'
MasterKey:
Type: String
NoEcho: 'true'
SecurityGroups:
Type: String
VolumeSize:
Type: Number
XrayHostProfile:
Type: String
XrayHostRole:
Type: String
XrayInstanceType:
Type: String
JfrogInternalUrl:
Type: String
AnsibleVaultPass:
Description: Ansiblevault Password to secure the artifactory.yml
Type: String
NoEcho: 'true'
XrayDatabaseUser:
Type: String
XrayDatabasePassword:
Type: String
NoEcho: 'true'
XrayMasterDatabaseUrl:
Type: String
XrayDatabaseUrl:
Type: String
XrayFirstNode:
Description: Runs database scripts if this is the first node
Type: String
XrayVersion:
Type: String
XrayAmiId:
Type: String
# To populate additional mappings use the following with the desired --region
# aws --region us-west-2 ec2 describe-images --owners amazon --filters 'Name=name,Values=amzn-ami-hvm-2018.03.0.20181129-x86_64-gp2' 'Name=state,Values=available' --output json | jq -r '.Images | sort_by(.CreationDate) | last(.[]).ImageId'
Mappings:
AWSAMIRegionMap:
us-east-1:
"3151": ami-0569c7c79a4dcf3e8
us-east-2:
"3151": ami-0dde651cd599d64e8
us-west-1:
"3151": ami-03fdb28548522d872
us-west-2:
"3151": ami-0e48dd6310c205c33
ca-central-1:
"3151": ami-056bafb407aa8e445
eu-central-1:
"3151": ami-05ab6de966f830b8a
eu-west-1:
"3151": ami-055507b35a350806d
eu-west-2:
"3151": ami-007c8adf17c3bee79
eu-west-3:
"3151": ami-033e74f7f2e7b43ae
ap-southeast-1:
"3151": ami-0114ff3241c5a86a8
ap-southeast-2:
"3151": ami-0c753f85c64c4169d
ap-south-1:
"3151": ami-09f40817a8786b93c
ap-northeast-1:
"3151": ami-00f6ec6314c6ddd27
ap-northeast-2:
"3151": ami-05a10d14c3289f2b3
sa-east-1:
"3151": ami-0c2acb2f23c3e6743
us-gov-west-1:
"3151": ami-019ab5372c3e3c7ea
Resources:
XrayScalingGroup:
Type: 'AWS::AutoScaling::AutoScalingGroup'
Properties:
LaunchConfigurationName: !Ref XrayLaunchConfiguration
VPCZoneIdentifier:
- !Ref PrivateSubnet1Id
- !Ref PrivateSubnet2Id
MinSize: !Ref MinScalingNodes
MaxSize: !Ref MaxScalingNodes
Cooldown: '300'
DesiredCapacity: !Ref MinScalingNodes
HealthCheckType: EC2
HealthCheckGracePeriod: 900
Tags:
- Key: Name
Value: !Ref DeploymentTag
PropagateAtLaunch: true
CreationPolicy:
ResourceSignal:
Count: 1
Timeout: PT60M
XrayLaunchConfiguration:
Type: 'AWS::AutoScaling::LaunchConfiguration'
Metadata:
'AWS::CloudFormation::Authentication':
S3AccessCreds:
type: S3
roleName:
- !Ref XrayHostRole
buckets:
- !Ref QsS3BucketName
'AWS::CloudFormation::Init':
configSets:
xray_install:
- "config-xray"
config-xray:
files:
/root/.xray_ami/xray.yml:
content: !Sub
- |
# Base install for Xray
- import_playbook: site-xray.yml
vars:
jfrog_url: ${JfrogInternalUrl}
master_key: ${MasterKey}
join_key: ${MasterKey}
db_type: ${DatabaseType}
db_driver: ${DatabaseDriver}
db_url: postgres://${XrayDatabaseUrl}
db_user: ${XrayDatabaseUser}
db_password: ${XrayDatabasePassword}
xray_version: ${XrayVersion}
- {
product: Xray
}
mode: "0400"
/root/.vault_pass.txt:
content: !Sub |
${AnsibleVaultPass}
mode: "0400"
Properties:
AssociatePublicIpAddress: false
KeyName: !Ref KeyPairName
IamInstanceProfile: !Ref XrayHostProfile
ImageId: !FindInMap
- AWSAMIRegionMap
- !Ref 'AWS::Region'
- !Ref XrayAmiId
SecurityGroups:
- !Ref SecurityGroups
InstanceType: !Ref XrayInstanceType
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
VolumeSize: !Ref VolumeSize
VolumeType: gp2
DeleteOnTermination: true
UserData:
'Fn::Base64':
!Sub |
#!/bin/bash -x
exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1
#CFN Functions
function cfn_fail
{
cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource XrayScalingGroup
exit 1
}
function cfn_success
{
cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource XrayScalingGroup
exit 0
}
S3URI=${QsS3Uri}
# yum install -y git
echo $PATH
PATH=/opt/aws/bin:$PATH
echo $PATH
echo \'[Cloning: Load QuickStart Common Utils]\'
# git clone https://github.com/aws-quickstart/quickstart-linux-utilities.git
source /quickstart-linux-utilities/quickstart-cfn-tools.source
echo \'[Loaded: Load QuickStart Common Utils]\'
echo \'[Update Operating System]\'
qs_update-os || qs_err
qs_bootstrap_pip || qs_err
qs_aws-cfn-bootstrap || qs_err
source ~/venv/bin/activate &> /var/log/userdata.activate_venv.log || qs_err " activate venv failed "
# mkdir ~/.xray_ansible
# aws s3 --region ${AWS::Region} sync s3://${QsS3BucketName}/${QsS3KeyPrefix}cloudInstallerScripts/ ~/.xray_ansible/
cfn-init -v --stack ${AWS::StackName} --resource XrayLaunchConfiguration --configsets xray_install --region ${AWS::Region} || cfn_fail
# CentOS cloned virtual machines do not create a new machine id
# https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/
rm -f /etc/machine-id
systemd-machine-id-setup
if "true" == "${XrayFirstNode}"
then
psql postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} -c "CREATE USER ${XrayDatabaseUser} WITH PASSWORD '${XrayDatabasePassword}'" &>> /var/log/userdata.xray_database.log;
psql postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} -c "grant ${XrayDatabaseUser} to ${DatabaseUser}" &>> /var/log/userdata.xray_database.log;
psql postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} -c "CREATE DATABASE xraydb WITH OWNER=${XrayDatabaseUser} ENCODING='UTF8'" &>> /var/log/userdata.xray_database.log;
psql postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl} -c "GRANT ALL PRIVILEGES ON DATABASE xraydb TO ${XrayDatabaseUser}" &>> /var/log/userdata.xray_database.log;
fi
ansible-playbook /root/.xray_ami/xray.yml || qs_err " ansible execution failed "
$(qs_status) &> /var/log/qs_status.log
cfn_success &> /var/log/cfn_success.log
[ $(qs_status) == 0 ] && cfn_success || cfn_fail

40
Amazon/Marketplace/v7125/templates/jfrog-artifactory-core-infrastructure.template.yaml → Amazon/Marketplace/v7153/templates/jfrog-artifactory-core-infrastructure.template.yaml
View File

@@ -1,6 +1,10 @@
AWSTemplateFormatVersion: '2010-09-09' AWSTemplateFormatVersion: '2010-09-09'
Description: 'JFrog Artifactory Quick Start Deployment (qs-1qpmmjh61)' Description: 'JFrog Artifactory Quick Start Deployment (qs-1qpmmjh61)'
Parameters: Parameters:
AvailabilityZones:
Description: List of Availability Zones to use for the subnets in the VPC. Two
Availability Zones are used for this deployment.
Type: List<AWS::EC2::AvailabilityZone::Name>
VpcId: VpcId:
Type: AWS::EC2::VPC::Id Type: AWS::EC2::VPC::Id
VpcCidr: VpcCidr:
@@ -29,6 +33,11 @@ Parameters:
DatabaseAllocatedStorage: DatabaseAllocatedStorage:
Type: Number Type: Number
MultiAzDatabase: MultiAzDatabase:
Description: Choose false to create an Amazon RDS instance in a single Availability Zone.
ConstraintDescription: True or False
AllowedValues:
- "true"
- "false"
Type: String Type: String
DatabaseEngine: DatabaseEngine:
Type: String Type: String
@@ -41,9 +50,6 @@ Parameters:
Type: String Type: String
DatabaseName: DatabaseName:
Type: String Type: String
ArtifactoryS3IAMUser:
NoEcho: 'true'
Type: String
ArtifactoryProduct: ArtifactoryProduct:
Default: JFrog-Artifactory-Pro Default: JFrog-Artifactory-Pro
Type: String Type: String
@@ -53,6 +59,10 @@ Parameters:
InstanceType: InstanceType:
Default: m5.xlarge Default: m5.xlarge
Type: String Type: String
ArtifactoryHostRole:
Type: String
VolumeSize:
Type: Number
Mappings: Mappings:
DatabaseMap: DatabaseMap:
@@ -207,6 +217,7 @@ Mappings:
Min: 192 Min: 192
Max: 288 Max: 288
DeploymentSize: xxxLarge DeploymentSize: xxxLarge
Resources: Resources:
ArtifactoryDatabaseSubnetGroup: ArtifactoryDatabaseSubnetGroup:
Type: AWS::RDS::DBSubnetGroup Type: AWS::RDS::DBSubnetGroup
@@ -228,6 +239,7 @@ Resources:
DBInstanceClass: !Ref DatabaseInstance DBInstanceClass: !Ref DatabaseInstance
DBName: !Ref DatabaseName DBName: !Ref DatabaseName
DBSubnetGroupName: !Ref ArtifactoryDatabaseSubnetGroup DBSubnetGroupName: !Ref ArtifactoryDatabaseSubnetGroup
StorageEncrypted: true
VPCSecurityGroups: VPCSecurityGroups:
- !Ref ArtifactoryDatabaseSG - !Ref ArtifactoryDatabaseSG
ArtifactoryDatabaseSG: ArtifactoryDatabaseSG:
@@ -315,8 +327,24 @@ Resources:
- - !Sub "arn:${AWS::Partition}:s3:::" - - !Sub "arn:${AWS::Partition}:s3:::"
- !Ref ArtifactoryS3Bucket - !Ref ArtifactoryS3Bucket
- "/*" - "/*"
Users: Roles:
- !Ref ArtifactoryS3IAMUser - !Ref ArtifactoryHostRole
ArtifactoryEbsVolume:
Type: AWS::EC2::Volume
Properties:
AvailabilityZone:
!Select
- '0'
- !Ref AvailabilityZones
Encrypted: false
Size: !Ref VolumeSize
Tags:
- Key: Name
Value: !Sub "Artifactory-${AWS::StackName}"
VolumeType: gp2
DeletionPolicy: Snapshot
UpdateReplacePolicy: Snapshot
Outputs: Outputs:
S3Bucket: S3Bucket:
Value: !Ref ArtifactoryS3Bucket Value: !Ref ArtifactoryS3Bucket
@@ -376,3 +404,5 @@ Outputs:
} }
DeploymentSize: DeploymentSize:
Value: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, DeploymentSize] Value: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, DeploymentSize]
ArtifactoryEbsVolume:
Value: !Ref ArtifactoryEbsVolume

253
Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml → Amazon/Marketplace/v7153/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml
View File

@@ -14,6 +14,7 @@ Metadata:
- Label: - Label:
default: Network configuration default: Network configuration
Parameters: Parameters:
- AvailabilityZones
- VpcId - VpcId
- VpcCidr - VpcCidr
- PublicSubnet1Id - PublicSubnet1Id
@@ -44,13 +45,12 @@ Metadata:
- ArtifactoryProduct - ArtifactoryProduct
- ArtifactoryVersion - ArtifactoryVersion
- NumberOfSecondary - NumberOfSecondary
- SmLicenseCertName - SmLicenseName
- SmCertName
- ArtifactoryServerName - ArtifactoryServerName
- MasterKey - MasterKey
- ExtraJavaOptions - ExtraJavaOptions
- DefaultJavaMemSettings - DefaultJavaMemSettings
- KeystorePassword
- AnsibleVaultPass
- Label: - Label:
default: Amazon RDS configuration default: Amazon RDS configuration
Parameters: Parameters:
@@ -66,7 +66,6 @@ Metadata:
Parameters: Parameters:
- QsS3BucketName - QsS3BucketName
- QsS3KeyPrefix - QsS3KeyPrefix
- QsS3BucketRegion
- Label: - Label:
default: JFrog Xray Configuration default: JFrog Xray Configuration
Parameters: Parameters:
@@ -77,6 +76,8 @@ Metadata:
- XrayDatabaseUser - XrayDatabaseUser
- XrayDatabasePassword - XrayDatabasePassword
ParameterLabels: ParameterLabels:
AvailabilityZones:
default: Availability Zones
KeyPairName: KeyPairName:
default: SSH key name default: SSH key name
VpcId: VpcId:
@@ -125,8 +126,10 @@ Metadata:
default: Artifactory product to install default: Artifactory product to install
ArtifactoryVersion: ArtifactoryVersion:
default: Artifactory version default: Artifactory version
SmLicenseCertName: SmLicenseName:
default: Artifactory licenses and certificate secret name default: Artifactory licenses secret name
SmCertName:
default: Artifactory certificate secret name
ArtifactoryServerName: ArtifactoryServerName:
default: Artifactory server name default: Artifactory server name
MasterKey: MasterKey:
@@ -135,10 +138,6 @@ Metadata:
default: Extra Java options default: Extra Java options
DefaultJavaMemSettings: DefaultJavaMemSettings:
default: Default Java memory settings default: Default Java memory settings
KeystorePassword:
default: Java keystore password
AnsibleVaultPass:
default: Ansible Vault password
DatabaseName: DatabaseName:
default: Database name default: Database name
DatabaseEngine: DatabaseEngine:
@@ -172,6 +171,10 @@ Metadata:
XrayDatabasePassword: XrayDatabasePassword:
default: Xray Database password default: Xray Database password
Parameters: Parameters:
AvailabilityZones:
Description: List of Availability Zones to use for the subnets in the VPC. Two
Availability Zones are used for this deployment.
Type: List<AWS::EC2::AvailabilityZone::Name>
KeyPairName: KeyPairName:
Description: Name of an existing key pair, Description: Name of an existing key pair,
which allows you to connect securely to your instance after it launches. which allows you to connect securely to your instance after it launches.
@@ -357,10 +360,14 @@ Parameters:
https://www.jfrog.com/confluence/display/RTF/Release+Notes. https://www.jfrog.com/confluence/display/RTF/Release+Notes.
AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$
ConstraintDescription: A version that matches X.X.X per Artifactory releases ConstraintDescription: A version that matches X.X.X per Artifactory releases
Default: 7.12.5 Default: 7.15.3
Type: String Type: String
SmLicenseCertName: SmLicenseName:
Description: Secret name created in AWS Secrets Manager, which contains the SSL certificate, certificate key, and Artifactory licenses. Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses.
Default: ''
Type: String
SmCertName:
Description: Secret name created in AWS Secrets Manager, which contains the SSL certificate and certificate key.
Default: '' Default: ''
Type: String Type: String
ArtifactoryServerName: ArtifactoryServerName:
@@ -389,17 +396,6 @@ Parameters:
- "false" - "false"
Default: "true" Default: "true"
Type: String Type: String
KeystorePassword:
Description: Java keystore password. For better security, the password that you specify will
replace the default Java key store password.
NoEcho: 'true'
Type: String
AnsibleVaultPass:
Description: Ansible Vault password to protect the Artifactory YAML configuration file
generated during the Artifactory deployment. This YAML file is stored on the EC2 nodes
and secured with this password.
NoEcho: 'true'
Type: String
DatabaseName: DatabaseName:
Description: Name of your database instance. The name must be unique across all instances Description: Name of your database instance. The name must be unique across all instances
owned by your AWS account in the current Region. The database instance identifier is case-insensitive, owned by your AWS account in the current Region. The database instance identifier is case-insensitive,
@@ -499,7 +495,7 @@ Parameters:
Description: The version of Xray that you want to deploy into the Quick Start. Description: The version of Xray that you want to deploy into the Quick Start.
AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$
ConstraintDescription: A version that matches X.X.X per Xray releases. ConstraintDescription: A version that matches X.X.X per Xray releases.
Default: 3.12.1 Default: 3.17.4
Type: String Type: String
XrayNumberOfInstances: XrayNumberOfInstances:
Description: The number of Xray instances servers to complete your Description: The number of Xray instances servers to complete your
@@ -535,14 +531,15 @@ Parameters:
symbols. symbols.
NoEcho: 'true' NoEcho: 'true'
Type: String Type: String
Conditions: Conditions:
EnableBastion: !Equals [!Ref 'ProvisionBastionHost', 'Enabled'] EnableBastion: !Equals [!Ref 'ProvisionBastionHost', 'Enabled']
IsArtifactory: !Not [!Equals [!Ref ArtifactoryProduct, 'JFrog-Container-Registry']] IsArtifactory: !Not [!Equals [!Ref ArtifactoryProduct, 'JFrog-Container-Registry']]
HasSecondaryNodes: !Not [!Equals [!Ref NumberOfSecondary, '0']] HasSecondaryNodes: !Not [!Equals [!Ref NumberOfSecondary, '0']]
DefaultJava: !Equals [!Ref DefaultJavaMemSettings, "true"] DefaultJava: !Equals [!Ref DefaultJavaMemSettings, "true"]
UsingDefaultBucket: !Equals [!Ref QsS3BucketName, 'aws-quickstart']
EnableXray: !Equals [!Ref InstallXray, 'true'] EnableXray: !Equals [!Ref InstallXray, 'true']
SmLicenseCertNameExists: !Not [!Equals [!Ref 'SmLicenseCertName', '']] SmCertNameExists: !Not [!Equals [!Ref 'SmCertName', '']]
Resources: Resources:
BastionRole: BastionRole:
Condition: EnableBastion Condition: EnableBastion
@@ -600,17 +597,16 @@ Resources:
EnableX11Forwarding: !Ref BastionEnableX11Forwarding EnableX11Forwarding: !Ref BastionEnableX11Forwarding
AlternativeIAMRole: !Ref BastionRole AlternativeIAMRole: !Ref BastionRole
NumBastionHosts: !Ref NumBastionHosts NumBastionHosts: !Ref NumBastionHosts
ArtifactoryS3IAMUser:
Type: AWS::IAM::User
ArtifactoryIamAcessKey:
Type: AWS::IAM::AccessKey
Properties:
UserName: !Ref ArtifactoryS3IAMUser
ArtifactoryCoreInfraStack: ArtifactoryCoreInfraStack:
Type: AWS::CloudFormation::Stack Type: AWS::CloudFormation::Stack
Properties: Properties:
TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-core-infrastructure.template.yaml TemplateURL: https://jfrog-marketplace-test-us-east-1.s3.amazonaws.com/marketplace-jfrog-artifactory/templates/jfrog-artifactory-core-infrastructure.template.yaml
Parameters: Parameters:
AvailabilityZones:
Fn::Join:
- ','
- Ref: AvailabilityZones
VpcId: !Ref VpcId VpcId: !Ref VpcId
VpcCidr: !Ref VpcCidr VpcCidr: !Ref VpcCidr
PrivateSubnet1Cidr: !Ref PrivateSubnet1Cidr PrivateSubnet1Cidr: !Ref PrivateSubnet1Cidr
@@ -624,13 +620,13 @@ Resources:
DatabasePassword: !Ref DatabasePassword DatabasePassword: !Ref DatabasePassword
DatabaseInstance: !Ref DatabaseInstance DatabaseInstance: !Ref DatabaseInstance
DatabaseName: !Ref DatabaseName DatabaseName: !Ref DatabaseName
ArtifactoryS3IAMUser: !Ref ArtifactoryS3IAMUser
InstanceType: !Ref InstanceType InstanceType: !Ref InstanceType
ArtifactoryHostRole: !Ref ArtifactoryHostRole
VolumeSize: !Ref VolumeSize
ArtifactoryElb: ArtifactoryElb:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties: Properties:
IpAddressType: ipv4 IpAddressType: ipv4
Name: !Sub ${ArtifactoryProduct}-EC2-ELB
Scheme: !Ref ELBScheme Scheme: !Ref ELBScheme
Subnets: Subnets:
- !Ref PublicSubnet1Id - !Ref PublicSubnet1Id
@@ -686,7 +682,6 @@ Resources:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties: Properties:
IpAddressType: ipv4 IpAddressType: ipv4
Name: ArtifactoryInternal-ELB
Scheme: internal Scheme: internal
Subnets: Subnets:
- !Ref PrivateSubnet1Id - !Ref PrivateSubnet1Id
@@ -701,7 +696,6 @@ Resources:
HealthCheckTimeoutSeconds: 10 HealthCheckTimeoutSeconds: 10
HealthyThresholdCount: 3 HealthyThresholdCount: 3
HealthCheckPort: "8082" HealthCheckPort: "8082"
Name: artifactory-internal-http
Port: 80 Port: 80
Protocol: TCP Protocol: TCP
TargetType: instance TargetType: instance
@@ -771,50 +765,76 @@ Resources:
Version: 2012-10-17 Version: 2012-10-17
ManagedPolicyArns: ManagedPolicyArns:
- !Sub 'arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonEC2RoleforSSM' - !Sub 'arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonEC2RoleforSSM'
Policies:
- PolicyName: "JFrogAMI-policy"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action: "ec2:Describe*"
Resource: "*"
- Effect: "Allow"
Action: "ec2:AttachVolume"
Resource: "*"
- Effect: "Allow"
Action: "ec2:DetachVolume"
Resource: "*"
- Effect: "Allow"
Action:
- "s3:GetObject"
- "s3:ListObject"
- "s3:ListBucket"
Resource: "*"
- PolicyName: 'CloudWatch-policy'
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "logs:CreateLogGroup"
- "logs:CreateLogStream"
- "logs:PutLogEvents"
- "logs:DescribeLogStreams"
Resource: "arn:aws:logs:*:*:*"
- Effect: "Allow"
Action:
- "s3:GetObject"
Resource: "*"
- PolicyName: 'SecretsMaanger-policy'
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "secretsmanager:GetSecretValue"
Resource: "arn:aws:secretsmanager:*:*:secret:*"
ArtifactoryHostProfile: ArtifactoryHostProfile:
Type: 'AWS::IAM::InstanceProfile' Type: 'AWS::IAM::InstanceProfile'
Properties: Properties:
Roles: Roles:
- !Ref ArtifactoryHostRole - !Ref ArtifactoryHostRole
Path: / Path: /
ArtifactoryMaster: ArtifactoryPrimary:
Type: AWS::CloudFormation::Stack Type: AWS::CloudFormation::Stack
Properties: Properties:
TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-ec2-instance.template.yaml TemplateURL: https://jfrog-marketplace-test-us-east-1.s3.amazonaws.com/marketplace-jfrog-artifactory/templates/jfrog-artifactory-ec2-instance.template.yaml
Parameters: Parameters:
PrivateSubnet1Id: !Ref PrivateSubnet1Id PrivateSubnetIds: !Join [',', [!Ref PrivateSubnet1Id]]
PrivateSubnet2Id: !Ref PrivateSubnet2Id
MinScalingNodes: '1' # Always have 1 MasterNode MinScalingNodes: '1' # Always have 1 MasterNode
MaxScalingNodes: '1' # Always have 1 MasterNode MaxScalingNodes: '1' # Always have 1 MasterNode
DeploymentTag: !If [IsArtifactory, "ArtifactoryMaster", "JcrMaster"] DeploymentTag: !If [IsArtifactory, "ArtifactoryPrimary", "JcrPrimary"]
HostRole: !Ref ArtifactoryHostRole HostRole: !Ref ArtifactoryHostRole
QsS3BucketName: !Ref QsS3BucketName QsS3BucketName: !Ref QsS3BucketName
QsS3KeyPrefix: !Ref QsS3KeyPrefix QsS3KeyPrefix: !Ref QsS3KeyPrefix
QsS3Uri: !Sub QsS3Uri: !Sub https://${QsS3BucketName}.s3.${AWS::URLSuffix}/${QsS3KeyPrefix}
- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix}
- S3Bucket: !If
- UsingDefaultBucket
- !Sub 'aws-quickstart-${AWS::Region}'
- !Ref 'QsS3BucketName'
S3Region: !If
- UsingDefaultBucket
- !Ref 'AWS::Region'
- !Ref 'QsS3BucketRegion'
AmiId: !Join ['', !Split [".", !Ref ArtifactoryVersion]] AmiId: !Join ['', !Split [".", !Ref ArtifactoryVersion]]
ArtifactoryProduct: !Ref ArtifactoryProduct ArtifactoryProduct: !Ref ArtifactoryProduct
ArtifactoryLicense1: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense1}}', ''] ArtifactoryLicensesSecretName: !Ref SmLicenseName
ArtifactoryLicense2: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense2}}', '']
ArtifactoryLicense3: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense3}}', '']
ArtifactoryLicense4: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense4}}', '']
ArtifactoryLicense5: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense5}}', '']
ArtifactoryLicense6: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense6}}', '']
ArtifactoryServerName: !Ref ArtifactoryServerName ArtifactoryServerName: !Ref ArtifactoryServerName
EnableSSL: !If [SmLicenseCertNameExists, 'true' , 'false'] EnableSSL: !If [SmCertNameExists, true, false]
Certificate: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:Certificate}}', ''] Certificate: !If [SmCertNameExists, !Sub '{{resolve:secretsmanager:${SmCertName}:SecretString:Certificate}}', '']
CertificateKey: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:CertificateKey}}', ''] CertificateKey: !If [SmCertNameExists, !Sub '{{resolve:secretsmanager:${SmCertName}:SecretString:CertificateKey}}', '']
CertificateDomain: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:CertificateDomain}}', ''] CertificateDomain: !If [SmCertNameExists, !Sub '{{resolve:secretsmanager:${SmCertName}:SecretString:CertificateDomain}}', '']
ArtifactoryIamAcessKey: !Ref ArtifactoryIamAcessKey
SecretAccessKey: !GetAtt ArtifactoryIamAcessKey.SecretAccessKey
ArtifactoryS3Bucket: !GetAtt ArtifactoryCoreInfraStack.Outputs.S3Bucket ArtifactoryS3Bucket: !GetAtt ArtifactoryCoreInfraStack.Outputs.S3Bucket
DatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl DatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl
DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver
@@ -823,48 +843,40 @@ Resources:
DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType
DatabaseUser: !Ref DatabaseUser DatabaseUser: !Ref DatabaseUser
DatabasePassword: !Ref DatabasePassword DatabasePassword: !Ref DatabasePassword
ArtifactoryPrimary: 'true' ArtifactoryPrimary: true
MasterKey: !Ref MasterKey MasterKey: !Ref MasterKey
ExtraJavaOptions: !If [DefaultJava, !Sub "${ArtifactoryCoreInfraStack.Outputs.JavaOpts} ${ExtraJavaOptions}", !Ref ExtraJavaOptions] ExtraJavaOptions: !If [DefaultJava, !Sub "${ArtifactoryCoreInfraStack.Outputs.JavaOpts} ${ExtraJavaOptions}", !Ref ExtraJavaOptions]
KeystorePassword: !Ref KeystorePassword
ArtifactoryVersion: !Ref ArtifactoryVersion ArtifactoryVersion: !Ref ArtifactoryVersion
KeyPairName: !Ref KeyPairName KeyPairName: !Ref KeyPairName
HostProfile: !Ref ArtifactoryHostProfile HostProfile: !Ref ArtifactoryHostProfile
SecurityGroups: !Ref ArtifactoryEc2Sg SecurityGroups: !Ref ArtifactoryEc2Sg
InstanceType: !Ref InstanceType InstanceType: !Ref InstanceType
PrimaryVolume: !GetAtt ArtifactoryCoreInfraStack.Outputs.ArtifactoryEbsVolume
VolumeSize: !Ref VolumeSize VolumeSize: !Ref VolumeSize
TargetGroupARN: !Ref ArtifactoryTargetGroup TargetGroupARN: !Ref ArtifactoryTargetGroup
SSLTargetGroupARN: !Ref ArtifactorySslTargetGroup SSLTargetGroupARN: !Ref ArtifactorySslTargetGroup
InternalTargetGroupARN: !Ref ArtifactoryInternalTargetGroup InternalTargetGroupARN: !Ref ArtifactoryInternalTargetGroup
AnsibleVaultPass: !Ref AnsibleVaultPass
ArtifactorySecondary: ArtifactorySecondary:
Condition: HasSecondaryNodes Condition: HasSecondaryNodes
DependsOn: ArtifactoryMaster DependsOn: ArtifactoryPrimary
Type: AWS::CloudFormation::Stack Type: AWS::CloudFormation::Stack
Properties: Properties:
TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-ec2-instance.template.yaml TemplateURL: https://jfrog-marketplace-test-us-east-1.s3.amazonaws.com/marketplace-jfrog-artifactory/templates/jfrog-artifactory-ec2-instance.template.yaml
Parameters: Parameters:
PrivateSubnet1Id: !Ref PrivateSubnet1Id PrivateSubnetIds: !Join [',', [!Ref PrivateSubnet1Id, !Ref PrivateSubnet2Id]]
PrivateSubnet2Id: !Ref PrivateSubnet2Id
MinScalingNodes: !Ref NumberOfSecondary MinScalingNodes: !Ref NumberOfSecondary
MaxScalingNodes: !Ref NumberOfSecondary MaxScalingNodes: !Ref NumberOfSecondary
DeploymentTag: ArtifactorySecondary DeploymentTag: ArtifactorySecondary
HostRole: !Ref ArtifactoryHostRole HostRole: !Ref ArtifactoryHostRole
AmiId: !Join ['', !Split [".", !Ref ArtifactoryVersion]] AmiId: !Join ['', !Split [".", !Ref ArtifactoryVersion]]
ArtifactoryProduct: !Ref ArtifactoryProduct ArtifactoryProduct: !Ref ArtifactoryProduct
ArtifactoryLicense1: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense1}}', ''] ArtifactoryLicensesSecretName: !Ref SmLicenseName
ArtifactoryLicense2: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense2}}', '']
ArtifactoryLicense3: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense3}}', '']
ArtifactoryLicense4: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense4}}', '']
ArtifactoryLicense5: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense5}}', '']
ArtifactoryLicense6: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:ArtifactoryLicense6}}', '']
ArtifactoryServerName: !Ref ArtifactoryServerName ArtifactoryServerName: !Ref ArtifactoryServerName
EnableSSL: !If [SmLicenseCertNameExists, 'true' , 'false'] EnableSSL: !If [SmCertNameExists, true, false]
Certificate: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:Certificate}}', ''] Certificate: !If [SmCertNameExists, !Sub '{{resolve:secretsmanager:${SmCertName}:SecretString:Certificate}}', '']
CertificateKey: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:CertificateKey}}', ''] CertificateKey: !If [SmCertNameExists, !Sub '{{resolve:secretsmanager:${SmCertName}:SecretString:CertificateKey}}', '']
CertificateDomain: !If [SmLicenseCertNameExists, !Sub '{{resolve:secretsmanager:${SmLicenseCertName}:SecretString:CertificateDomain}}', ''] CertificateDomain: !If [SmCertNameExists, !Sub '{{resolve:secretsmanager:${SmCertName}:SecretString:CertificateDomain}}', '']
ArtifactoryIamAcessKey: !Ref ArtifactoryIamAcessKey
SecretAccessKey: !GetAtt ArtifactoryIamAcessKey.SecretAccessKey
ArtifactoryS3Bucket: !GetAtt ArtifactoryCoreInfraStack.Outputs.S3Bucket ArtifactoryS3Bucket: !GetAtt ArtifactoryCoreInfraStack.Outputs.S3Bucket
DatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl DatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseUrl
DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver
@@ -873,35 +885,25 @@ Resources:
DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType
DatabaseUser: !Ref DatabaseUser DatabaseUser: !Ref DatabaseUser
DatabasePassword: !Ref DatabasePassword DatabasePassword: !Ref DatabasePassword
ArtifactoryPrimary: 'false' ArtifactoryPrimary: false
MasterKey: !Ref MasterKey MasterKey: !Ref MasterKey
ExtraJavaOptions: !If [DefaultJava, !Sub "${ArtifactoryCoreInfraStack.Outputs.JavaOpts} ${ExtraJavaOptions}", !Ref ExtraJavaOptions] ExtraJavaOptions: !If [DefaultJava, !Sub "${ArtifactoryCoreInfraStack.Outputs.JavaOpts} ${ExtraJavaOptions}", !Ref ExtraJavaOptions]
KeystorePassword: !Ref KeystorePassword
ArtifactoryVersion: !Ref ArtifactoryVersion ArtifactoryVersion: !Ref ArtifactoryVersion
KeyPairName: !Ref KeyPairName KeyPairName: !Ref KeyPairName
HostProfile: !Ref ArtifactoryHostProfile HostProfile: !Ref ArtifactoryHostProfile
SecurityGroups: !Ref ArtifactoryEc2Sg SecurityGroups: !Ref ArtifactoryEc2Sg
InstanceType: !Ref InstanceType InstanceType: !Ref InstanceType
PrimaryVolume: !GetAtt ArtifactoryCoreInfraStack.Outputs.ArtifactoryEbsVolume
VolumeSize: !Ref VolumeSize VolumeSize: !Ref VolumeSize
TargetGroupARN: !Ref ArtifactoryTargetGroup TargetGroupARN: !Ref ArtifactoryTargetGroup
SSLTargetGroupARN: !Ref ArtifactorySslTargetGroup SSLTargetGroupARN: !Ref ArtifactorySslTargetGroup
InternalTargetGroupARN: !Ref ArtifactoryInternalTargetGroup InternalTargetGroupARN: !Ref ArtifactoryInternalTargetGroup
AnsibleVaultPass: !Ref AnsibleVaultPass
QsS3BucketName: !Ref QsS3BucketName QsS3BucketName: !Ref QsS3BucketName
QsS3KeyPrefix: !Ref QsS3KeyPrefix QsS3KeyPrefix: !Ref QsS3KeyPrefix
QsS3Uri: !Sub QsS3Uri: !Sub https://${QsS3BucketName}.s3.${AWS::URLSuffix}/${QsS3KeyPrefix}
- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix}
- S3Bucket: !If
- UsingDefaultBucket
- !Sub 'aws-quickstart-${AWS::Region}'
- !Ref 'QsS3BucketName'
S3Region: !If
- UsingDefaultBucket
- !Ref 'AWS::Region'
- !Ref 'QsS3BucketRegion'
XrayHostRole: XrayHostRole:
Condition: EnableXray Condition: EnableXray
Type: 'AWS::IAM::Role' Type: AWS::IAM::Role
Properties: Properties:
Path: / Path: /
AssumeRolePolicyDocument: AssumeRolePolicyDocument:
@@ -915,6 +917,41 @@ Resources:
Version: 2012-10-17 Version: 2012-10-17
ManagedPolicyArns: ManagedPolicyArns:
- !Sub 'arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonEC2RoleforSSM' - !Sub 'arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonEC2RoleforSSM'
Policies:
- PolicyName: "JFrogAMI-policy"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action: "ec2:Describe*"
Resource: "*"
- Effect: "Allow"
Action: "ec2:AttachVolume"
Resource: "*"
- Effect: "Allow"
Action: "ec2:DetachVolume"
Resource: "*"
- Effect: "Allow"
Action:
- "s3:GetObject"
- "s3:ListObject"
- "s3:ListBucket"
Resource: "*"
- PolicyName: 'CloudWatch-policy'
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "logs:CreateLogGroup"
- "logs:CreateLogStream"
- "logs:PutLogEvents"
- "logs:DescribeLogStreams"
Resource: "arn:aws:logs:*:*:*"
- Effect: "Allow"
Action:
- "s3:GetObject"
Resource: "*"
XrayHostProfile: XrayHostProfile:
Condition: EnableXray Condition: EnableXray
Type: 'AWS::IAM::InstanceProfile' Type: 'AWS::IAM::InstanceProfile'
@@ -924,10 +961,10 @@ Resources:
Path: / Path: /
XrayExistingVpcStack: XrayExistingVpcStack:
Condition: EnableXray Condition: EnableXray
DependsOn: ArtifactorySecondary DependsOn: ArtifactoryPrimary
Type: AWS::CloudFormation::Stack Type: AWS::CloudFormation::Stack
Properties: Properties:
TemplateURL: !Sub https://${QsS3BucketName}.s3.${QsS3BucketRegion}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-xray-ec2-instance.template.yaml TemplateURL: https://jfrog-marketplace-test-us-east-1.s3.amazonaws.com/marketplace-jfrog-artifactory/templates/jfrog-xray-ec2-instance.template.yaml
Parameters: Parameters:
PrivateSubnet1Id: !Ref PrivateSubnet1Id PrivateSubnet1Id: !Ref PrivateSubnet1Id
PrivateSubnet2Id: !Ref PrivateSubnet2Id PrivateSubnet2Id: !Ref PrivateSubnet2Id
@@ -937,16 +974,7 @@ Resources:
DeploymentTag: 'xray' DeploymentTag: 'xray'
QsS3BucketName: !Ref QsS3BucketName QsS3BucketName: !Ref QsS3BucketName
QsS3KeyPrefix: !Ref QsS3KeyPrefix QsS3KeyPrefix: !Ref QsS3KeyPrefix
QsS3Uri: !Sub QsS3Uri: !Sub https://${QsS3BucketName}.s3.${AWS::URLSuffix}/${QsS3KeyPrefix}
- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix}
- S3Bucket: !If
- UsingDefaultBucket
- !Sub 'aws-quickstart-${AWS::Region}'
- !Ref 'QsS3BucketName'
S3Region: !If
- UsingDefaultBucket
- !Ref 'AWS::Region'
- !Ref 'QsS3BucketRegion'
DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver DatabaseDriver: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseDriver
DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType DatabaseType: !GetAtt ArtifactoryCoreInfraStack.Outputs.DatabaseType
DatabaseUser: !Ref DatabaseUser DatabaseUser: !Ref DatabaseUser
@@ -954,14 +982,13 @@ Resources:
MasterKey: !Ref MasterKey MasterKey: !Ref MasterKey
SecurityGroups: !Ref ArtifactoryEc2Sg SecurityGroups: !Ref ArtifactoryEc2Sg
VolumeSize: !Ref VolumeSize VolumeSize: !Ref VolumeSize
ExtraJavaOptions: !GetAtt ArtifactoryCoreInfraStack.Outputs.JavaOpts
XrayInstanceType: !Ref XrayInstanceType XrayInstanceType: !Ref XrayInstanceType
JfrogInternalUrl: !Sub "http://${ArtifactoryInternalElb.DNSName}" JfrogInternalUrl: !Sub "http://${ArtifactoryInternalElb.DNSName}"
AnsibleVaultPass: !Ref AnsibleVaultPass
XrayDatabaseUser: !Ref XrayDatabaseUser XrayDatabaseUser: !Ref XrayDatabaseUser
XrayDatabasePassword: !Ref XrayDatabasePassword XrayDatabasePassword: !Ref XrayDatabasePassword
XrayMasterDatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayMasterDatabaseUrl XrayMasterDatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayMasterDatabaseUrl
XrayDatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayDatabaseUrl XrayDatabaseUrl: !GetAtt ArtifactoryCoreInfraStack.Outputs.XrayDatabaseUrl
XrayFirstNode: 'true'
XrayVersion: !Ref XrayVersion XrayVersion: !Ref XrayVersion
XrayAmiId: !Join ['', !Split [".", !Ref XrayVersion]] XrayAmiId: !Join ['', !Split [".", !Ref XrayVersion]]
XrayHostRole: !Ref XrayHostRole XrayHostRole: !Ref XrayHostRole
@@ -969,7 +996,7 @@ Resources:
Outputs: Outputs:
ArtifactoryUrl: ArtifactoryUrl:
Description: URL of the ELB to access Artifactory Description: URL of the ELB to access Artifactory
Value: !If [SmLicenseCertNameExists, !Sub "https://${ArtifactoryElb.DNSName}", !Sub "http://${ArtifactoryElb.DNSName}"] Value: !If [SmCertNameExists, !Sub "https://${ArtifactoryElb.DNSName}", !Sub "http://${ArtifactoryElb.DNSName}"]
Export: Export:
Name: !Sub '${AWS::StackName}-ArtifactoryUrl' Name: !Sub '${AWS::StackName}-ArtifactoryUrl'
ArtifactoryInternalUrl: ArtifactoryInternalUrl:

408
Amazon/Marketplace/v7153/templates/jfrog-artifactory-ec2-instance.template.yaml Normal file
View File

@@ -0,0 +1,408 @@
AWSTemplateFormatVersion: "2010-09-09"
Description: "Deploys the EC2 Autoscaling, LaunchConfig and Instance for Artifactory (qs-1qpmmjh5o)"
Parameters:
PrivateSubnetIds:
Type: List<AWS::EC2::Subnet::Id>
MinScalingNodes:
Type: Number
MaxScalingNodes:
Type: Number
DeploymentTag:
Type: String
HostRole:
Type: String
AmiId:
Type: String
ArtifactoryProduct:
Type: String
QsS3BucketName:
Type: String
QsS3KeyPrefix:
Type: String
QsS3Uri:
Type: String
ArtifactoryLicensesSecretName:
Type: String
ArtifactoryServerName:
Type: String
Certificate:
Type: String
CertificateKey:
Type: String
NoEcho: 'true'
CertificateDomain:
Type: String
EnableSSL:
Type: String
ArtifactoryS3Bucket:
Type: String
DatabaseUrl:
Type: String
DatabaseDriver:
Type: String
DatabasePluginUrl:
Type: String
DatabasePlugin:
Type: String
DatabaseType:
Type: String
DatabaseUser:
Type: String
DatabasePassword:
Type: String
NoEcho: 'true'
ArtifactoryPrimary:
Type: String
MasterKey:
Type: String
NoEcho: 'true'
ExtraJavaOptions:
Type: String
ArtifactoryVersion:
Type: String
KeyPairName:
Type: AWS::EC2::KeyPair::KeyName
TargetGroupARN:
Type: String
SSLTargetGroupARN:
Type: String
InternalTargetGroupARN:
Type: String
HostProfile:
Type: String
SecurityGroups:
Type: String
InstanceType:
Type: String
PrimaryVolume:
Type: String
VolumeSize:
Type: Number
UserDataDirectory:
Description: Directory to store Artifactory data. Can be used to store data (via symlink) in detachable volume
Type: String
Default: '/artifactory-user-data'
Mappings:
AWSAMIRegionMap:
us-east-1:
"Artifactory7153": ami-03ebf7aac08335c84
us-east-2:
"Artifactory7153": ami-055521cc288bb4106
us-west-1:
"Artifactory7153": ami-00ecacc68cf47a87a
us-west-2:
"Artifactory7153": ami-09274621c30cae078
ca-central-1:
"Artifactory7153": ami-0f422f5980aeba60f
eu-central-1:
"Artifactory7153": ami-05df4fbab56afe702
eu-west-1:
"Artifactory7153": ami-05386b580a110a49a
eu-west-2:
"Artifactory7153": ami-094b79d303c9e1e0d
eu-west-3:
"Artifactory7153": ami-0ed4d6971439caf27
ap-southeast-1:
"Artifactory7153": ami-01ec4e8b4ffbf7dc1
ap-southeast-2:
"Artifactory7153": ami-0ccb1a939c83d8062
ap-south-1:
"Artifactory7153": ami-078c43a083b6500be
ap-northeast-1:
"Artifactory7153": ami-0695fd32ca193cccd
ap-northeast-2:
"Artifactory7153": ami-0a03d23e6dc213b5e
sa-east-1:
"Artifactory7153": ami-0b831f8403d6979d4
us-gov-east-1:
"Artifactory7153": ami-0ec712ae031edcb34
us-gov-west-1:
"Artifactory7153": ami-0b6229d13d677cd16
ArtifactoryProductMap:
JFrog-Container-Registry:
"7153": "Jcr7153"
product: "jcr"
JFrog-Artifactory-Pro:
"7153": "Artifactory7153"
product: "artifactory"
Conditions:
IsSecondary: !Equals [!Ref ArtifactoryPrimary, 'false']
Resources:
ArtifactoryScalingGroup:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
LaunchConfigurationName: !Ref ArtifactoryLaunchConfiguration
VPCZoneIdentifier: !Ref PrivateSubnetIds
MinSize: !Ref MinScalingNodes
MaxSize: !Ref MaxScalingNodes
Cooldown: '300'
DesiredCapacity: !Ref MinScalingNodes
TargetGroupARNs:
- !Ref TargetGroupARN
- !Ref SSLTargetGroupARN
- !Ref InternalTargetGroupARN
HealthCheckType: ELB
HealthCheckGracePeriod: 1800
Tags:
- Key: Name
Value: !Ref DeploymentTag
PropagateAtLaunch: true
- Key: ArtifactoryVersion
Value: !Ref ArtifactoryVersion
PropagateAtLaunch: true
TerminationPolicies:
- OldestInstance
- Default
CreationPolicy:
ResourceSignal:
Count: !Ref MinScalingNodes
Timeout: PT60M
ArtifactoryLaunchConfiguration:
Type: 'AWS::AutoScaling::LaunchConfiguration'
Metadata:
AWS::CloudFormation::Authentication:
S3AccessCreds:
type: S3
roleName:
- !Ref HostRole # !Ref ArtifactoryHostRole
buckets:
- !Ref QsS3BucketName
AWS::CloudFormation::Init:
configSets:
artifactory_install:
- "config-cloudwatch"
- "config-artifactory-primary"
- "secure-artifactory"
config-cloudwatch:
files:
/root/cloudwatch.conf:
content: |
[general]
state_file = /var/awslogs/state/agent-state
[/var/log/messages]
file = /var/log/messages
log_group_name = /artifactory/instances/{instance_id}
log_stream_name = /var/log/messages/
datetime_format = %b %d %H:%M:%S
[/var/log/jfrog-ami-setup.log]
file = /var/log/messages
log_group_name = /artifactory/instances/{instance_id}
log_stream_name = /var/log/jfrog-ami-setup.log
datetime_format = %b %d %H:%M:%S
[/var/log/jfrog-ami-artifactory.log]
file = /var/log/messages
log_group_name = /artifactory/instances/{instance_id}
log_stream_name = /var/log/jfrog-ami-artifactory.log
datetime_format = %b %d %H:%M:%S
mode: "0400"
config-artifactory-primary:
files:
/root/attach_volume.sh:
content: !Sub |
#!/usr/bin/env bash
IS_PRIMARY="${ArtifactoryPrimary}"
if [[ $IS_PRIMARY != "true" ]]; then
echo 'Not primary node. Skipping EBS volume attachment.'
lsblk # debug
exit 0
fi
echo "Using primary volume ID ${PrimaryVolume}"
VOLUME_ID="${PrimaryVolume}"
echo "VOLUME_ID: $VOLUME_ID"
if [[ -z "$VOLUME_ID" ]]; then
echo 'Invalid $VOLUME_ID'
exit 1
fi
# Get instance id from AWS
INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
# Attach the volume created by another CFT
# the device name should become /dev/nvme1n1
# See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html
echo "Attaching volume $VOLUME_ID to instance $INSTANCE_ID"
/var/awslogs/bin/aws ec2 attach-volume --volume-id $VOLUME_ID --instance-id $INSTANCE_ID --device /dev/xvdf --region ${AWS::Region}
echo "Wait for volume $VOLUME_ID to attach"
sleep 30 # Give volume time to attach
lsblk # debug
mode: "0770"
/root/.jfrog_ami/artifactory.yml:
content: !Sub
- |
# Base install for Artifactory
- import_playbook: site-artifactory.yml
vars:
artifactory_product: ${product}
artifactory_flavour: "{{ 'pro' if '${product}' == 'artifactory' else 'jcr' if '${product}' == 'jcr' }}"
artifactory_ha_enabled: true
artifactory_is_primary: ${ArtifactoryPrimary}
artifactory_server_name: ${ArtifactoryServerName}
server_name: ${ArtifactoryServerName}.${CertificateDomain}
use_custom_data_directory: true
custom_data_directory: "${UserDataDirectory}"
s3_region: ${AWS::Region}
s3_bucket: ${ArtifactoryS3Bucket}
certificate: ${Certificate}
certificate_key: ${CertificateKey}
certificate_domain: ${CertificateDomain}
enable_ssl: ${EnableSSL}
ssl_dir: /etc/pki/tls/certs
db_type: ${DatabaseType}
db_driver: ${DatabaseDriver}
db_url: ${DatabaseUrl}
db_user: ${DatabaseUser}
db_password: ${DatabasePassword}
# db_download_url: https://jdbc.postgresql.org/download/postgresql-42.2.12.jar
art_primary: ${ArtifactoryPrimary}
master_key: ${MasterKey}
join_key: ${MasterKey}
extra_java_opts: ${ExtraJavaOptions}
artifactory_version: ${ArtifactoryVersion}
artifactory_keystore:
path: /opt/jfrog/artifactory/app/third-party/java/lib/security/cacerts
default_password: changeit
new_keystore_pass: ${DatabasePassword}
artifactory_java_db_drivers:
- name: ${DatabasePlugin}
url: ${DatabasePluginUrl}
owner: artifactory
group: artifactory
- product: !FindInMap [ArtifactoryProductMap, !Ref ArtifactoryProduct, product]
mode: "0400"
/root/.vault_pass.txt:
content: !Sub |
${DatabasePassword}
mode: "0400"
/root/.secureit.sh:
content:
ansible-vault encrypt /root/.jfrog_ami/artifactory.yml --vault-id /root/.vault_pass.txt
mode: "0770"
secure-artifactory:
commands:
'secure ansible playbook':
command: '/root/.secureit.sh'
ignoreErrors: 'false'
Properties:
KeyName: !Ref KeyPairName
IamInstanceProfile: !Ref HostProfile
ImageId: !FindInMap
- AWSAMIRegionMap
- !Ref 'AWS::Region'
- !FindInMap
- ArtifactoryProductMap
- !Ref ArtifactoryProduct
- !Ref AmiId
SecurityGroups:
- !Ref SecurityGroups
InstanceType: !Ref InstanceType
BlockDeviceMappings:
!If
- IsSecondary
- - DeviceName: /dev/xvda
Ebs:
VolumeSize: !Ref VolumeSize
VolumeType: gp2
DeleteOnTermination: true
Encrypted: true
- !Ref AWS::NoValue
UserData:
Fn::Base64:
!Sub |
#!/bin/bash -x
#CFN Functions
function cfn_fail
{
cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource ArtifactoryScalingGroup
exit 1
}
function cfn_success
{
cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource ArtifactoryScalingGroup
exit 0
}
S3URI=${QsS3Uri}
# Update OS
yum update -y
# Install git
yum install -y epel-release git policycoreutils-python
yum update --security -y 2>&1 | tee /var/log/userdata.yum_security_update.log
yum install -y jq python3 libselinux-python3
echo $PATH
PATH=/opt/aws/bin:$PATH
echo $PATH
# Create virtual env and activate
python3 -m venv ~/venv --system-site-packages
source ~/venv/bin/activate
pip install --upgrade pip
pip install jmespath wheel
# Install Cloudformation helper scripts
pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz 2>&1 | tee /var/log/userdata.aws_cfn_bootstrap_install.log
pip install awscli 2>&1 | tee /var/log/userdata.awscli_install.log
pip install ansible 2>&1 | tee /var/log/userdata.ansible_install.log
mkdir ~/.jfrog_ami
aws s3 --region ${AWS::Region} sync s3://${QsS3BucketName}/${QsS3KeyPrefix}cloudInstallerScripts/ ~/.jfrog_ami/ || cfn_fail
setsebool httpd_can_network_connect 1 -P
# CentOS cloned virtual machines do not create a new machine id
# https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/
rm -f /etc/machine-id
systemd-machine-id-setup
cfn-init -v --stack ${AWS::StackName} --resource ArtifactoryLaunchConfiguration --configsets artifactory_install --region ${AWS::Region} || cfn_fail
# Setup CloudWatch Agent
curl https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py -O
chmod +x ./awslogs-agent-setup.py
./awslogs-agent-setup.py -n -r ${AWS::Region} -c /root/cloudwatch.conf 2>&1 | tee /var/log/userdata.cloudwatch_agent_install.log
/root/attach_volume.sh || cfn_fail
ansible-galaxy collection install community.general ansible.posix
setsebool httpd_can_network_connect 1 -P
aws secretsmanager get-secret-value --secret-id ${ArtifactoryLicensesSecretName} --region ${AWS::Region} | jq -r '{"artifactory_licenses":(.SecretString | fromjson )}' > ~/.jfrog_ami/licenses.json || cfn_fail
ansible-playbook /root/.jfrog_ami/artifactory.yml -e "@~/.jfrog_ami/licenses.json" --vault-id /root/.vault_pass.txt 2>&1 | tee /var/log/jfrog-ami-artifactory.log || cfn_fail
rm -rf /root/.secureit.sh
cfn_success &> /var/log/cfn_success.log
cfn_success || cfn_fail

81
Amazon/Marketplace/v7125/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml → Amazon/Marketplace/v7153/templates/jfrog-artifactory-ec2-marketplace-master.template.yaml
View File

@@ -14,14 +14,15 @@ Metadata:
- Label: - Label:
default: Network configuration default: Network configuration
Parameters: Parameters:
- PrivateSubnet1Cidr
- PrivateSubnet2Cidr
- VpcId - VpcId
- VpcCidr - VpcCidr
- AvailabilityZones
- PublicSubnet1Id - PublicSubnet1Id
- PublicSubnet2Id - PublicSubnet2Id
- PrivateSubnet1Id - PrivateSubnet1Id
- PrivateSubnet1Cidr
- PrivateSubnet2Id - PrivateSubnet2Id
- PrivateSubnet2Cidr
- Label: - Label:
default: Amazon EC2 configuration default: Amazon EC2 configuration
Parameters: Parameters:
@@ -32,13 +33,12 @@ Metadata:
Parameters: Parameters:
- ArtifactoryVersion - ArtifactoryVersion
- NumberOfSecondary - NumberOfSecondary
- SmLicenseCertName - SmLicenseName
- SmCertName
- ArtifactoryServerName - ArtifactoryServerName
- MasterKey - MasterKey
- ExtraJavaOptions - ExtraJavaOptions
- DefaultJavaMemSettings - DefaultJavaMemSettings
- KeystorePassword
- AnsibleVaultPass
- Label: - Label:
default: Amazon RDS configuration default: Amazon RDS configuration
Parameters: Parameters:
@@ -48,7 +48,6 @@ Metadata:
- DatabasePassword - DatabasePassword
- DatabaseInstance - DatabaseInstance
- DatabaseAllocatedStorage - DatabaseAllocatedStorage
- MultiAzDatabase
- Label: - Label:
default: JFrog Xray Configuration default: JFrog Xray Configuration
Parameters: Parameters:
@@ -59,6 +58,8 @@ Metadata:
- XrayDatabaseUser - XrayDatabaseUser
- XrayDatabasePassword - XrayDatabasePassword
ParameterLabels: ParameterLabels:
AvailabilityZones:
default: Availability Zones
KeyPairName: KeyPairName:
default: SSH key name default: SSH key name
PrivateSubnet1Cidr: PrivateSubnet1Cidr:
@@ -89,8 +90,10 @@ Metadata:
default: Secondary instances default: Secondary instances
ArtifactoryVersion: ArtifactoryVersion:
default: Artifactory version default: Artifactory version
SmLicenseCertName: SmLicenseName:
default: Artifactory licenses and certificate secret name default: Artifactory licenses secret name
SmCertName:
default: Artifactory certificate secret name
ArtifactoryServerName: ArtifactoryServerName:
default: Artifactory server name default: Artifactory server name
MasterKey: MasterKey:
@@ -99,10 +102,6 @@ Metadata:
default: Extra Java options default: Extra Java options
DefaultJavaMemSettings: DefaultJavaMemSettings:
default: Default Java memory settings default: Default Java memory settings
KeystorePassword:
default: Java key store password
AnsibleVaultPass:
default: Ansible Vault password
DatabaseName: DatabaseName:
default: Database name default: Database name
DatabaseEngine: DatabaseEngine:
@@ -115,8 +114,6 @@ Metadata:
default: Database instance type default: Database instance type
DatabaseAllocatedStorage: DatabaseAllocatedStorage:
default: Database allocated storage default: Database allocated storage
MultiAzDatabase:
default: High-availability database
InstallXray: InstallXray:
default: Install JFrog Xray default: Install JFrog Xray
XrayVersion: XrayVersion:
@@ -130,6 +127,10 @@ Metadata:
XrayDatabasePassword: XrayDatabasePassword:
default: Xray Database password default: Xray Database password
Parameters: Parameters:
AvailabilityZones:
Description: List of Availability Zones to use for the subnets in the VPC. Two
Availability Zones are used for this deployment.
Type: List<AWS::EC2::AvailabilityZone::Name>
VpcId: VpcId:
Description: ID of your existing VPC (e.g., vpc-0343606e). Description: ID of your existing VPC (e.g., vpc-0343606e).
Type: "AWS::EC2::VPC::Id" Type: "AWS::EC2::VPC::Id"
@@ -173,6 +174,7 @@ Parameters:
It is recommended that you set this value to a trusted IP range. It is recommended that you set this value to a trusted IP range.
For example, you may want to limit software access to your corporate network. For example, you may want to limit software access to your corporate network.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
Default: 0.0.0.0/0
Type: String Type: String
RemoteAccessCidr: RemoteAccessCidr:
Description: Remote CIDR range that allows you to connect to the bastion instance by using SSH. Description: Remote CIDR range that allows you to connect to the bastion instance by using SSH.
@@ -239,10 +241,17 @@ Parameters:
https://www.jfrog.com/confluence/display/RTF/Release+Notes. https://www.jfrog.com/confluence/display/RTF/Release+Notes.
AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$
ConstraintDescription: A version that matches X.X.X per Artifactory releases. ConstraintDescription: A version that matches X.X.X per Artifactory releases.
Default: 7.12.5 AllowedValues:
- 7.2.1
- 7.15.3
Default: 7.15.3
Type: String Type: String
SmLicenseCertName: SmLicenseName:
Description: Secret name created in AWS Secrets Manager that contains the SSL certificate, certificate key, and Artifactory licenses. Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses.
Default: ''
Type: String
SmCertName:
Description: Secret name created in AWS Secrets Manager, which contains the SSL certificate and certificate key.
Default: '' Default: ''
Type: String Type: String
ArtifactoryServerName: ArtifactoryServerName:
@@ -271,17 +280,6 @@ Parameters:
- "false" - "false"
Default: "true" Default: "true"
Type: String Type: String
KeystorePassword:
Description: Java key store password. For better security, the password that you specify will
replace the default Java key store password.
NoEcho: 'true'
Type: String
AnsibleVaultPass:
Description: Ansible Vault password to protect the Artifactory YAML configuration file
generated during the Artifactory deployment. This YAML file is stored on the EC2 nodes
and secured with this password.
NoEcho: 'true'
Type: String
DatabaseName: DatabaseName:
Description: Name of your database instance. The name must be unique across all instances Description: Name of your database instance. The name must be unique across all instances
owned by your AWS account in the current Region. The database instance identifier is case-insensitive, owned by your AWS account in the current Region. The database instance identifier is case-insensitive,
@@ -339,14 +337,6 @@ Parameters:
MaxValue: 1024 MaxValue: 1024
Default: 10 Default: 10
Type: Number Type: Number
MultiAzDatabase:
Description: Choose false to create an Amazon RDS instance in a single Availability Zone.
ConstraintDescription: True or False
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
InstallXray: InstallXray:
Description: Choose true to install JFrog Xray instance(s). Description: Choose true to install JFrog Xray instance(s).
ConstraintDescription: True or False ConstraintDescription: True or False
@@ -359,7 +349,9 @@ Parameters:
Description: The version of Xray that you want to deploy into the Quick Start. Description: The version of Xray that you want to deploy into the Quick Start.
AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$
ConstraintDescription: A version that matches X.X.X per Xray releases. ConstraintDescription: A version that matches X.X.X per Xray releases.
Default: 3.12.1 AllowedValues:
- 3.17.4
Default: 3.17.4
Type: String Type: String
XrayNumberOfInstances: XrayNumberOfInstances:
Description: The number of Xray instances servers to complete your Description: The number of Xray instances servers to complete your
@@ -399,8 +391,12 @@ Resources:
ArtifactoryExistingVpcStack: ArtifactoryExistingVpcStack:
Type: AWS::CloudFormation::Stack Type: AWS::CloudFormation::Stack
Properties: Properties:
TemplateURL: https://awsmp-fulfillment-cf-templates-prod.s3-external-1.amazonaws.com/aecfe1d1-907c-4812-b7b8-91497013cb16-jfrog-artifactory-ec2-existing-vpc.template TemplateURL: https://jfrog-marketplace-test-us-east-1.s3.amazonaws.com/marketplace-jfrog-artifactory/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml
Parameters: Parameters:
AvailabilityZones:
Fn::Join:
- ','
- Ref: AvailabilityZones
KeyPairName: !Ref KeyPairName KeyPairName: !Ref KeyPairName
VpcId: !Ref VpcId VpcId: !Ref VpcId
VpcCidr: !Ref VpcCidr VpcCidr: !Ref VpcCidr
@@ -424,22 +420,21 @@ Resources:
NumberOfSecondary: !Ref NumberOfSecondary NumberOfSecondary: !Ref NumberOfSecondary
ArtifactoryProduct: "JFrog-Artifactory-Pro" ArtifactoryProduct: "JFrog-Artifactory-Pro"
ArtifactoryVersion: !Ref ArtifactoryVersion ArtifactoryVersion: !Ref ArtifactoryVersion
SmLicenseCertName: !Ref SmLicenseCertName SmLicenseName: !Ref SmLicenseName
SmCertName: !Ref SmCertName
ArtifactoryServerName: !Ref ArtifactoryServerName ArtifactoryServerName: !Ref ArtifactoryServerName
MasterKey: !Ref MasterKey MasterKey: !Ref MasterKey
ExtraJavaOptions: !Ref ExtraJavaOptions ExtraJavaOptions: !Ref ExtraJavaOptions
DefaultJavaMemSettings: !Ref DefaultJavaMemSettings DefaultJavaMemSettings: !Ref DefaultJavaMemSettings
KeystorePassword: !Ref KeystorePassword
AnsibleVaultPass: !Ref AnsibleVaultPass
DatabaseName: !Ref DatabaseName DatabaseName: !Ref DatabaseName
DatabaseEngine: !Ref DatabaseEngine DatabaseEngine: !Ref DatabaseEngine
DatabaseUser: !Ref DatabaseUser DatabaseUser: !Ref DatabaseUser
DatabasePassword: !Ref DatabasePassword DatabasePassword: !Ref DatabasePassword
DatabaseInstance: !Ref DatabaseInstance DatabaseInstance: !Ref DatabaseInstance
DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage
MultiAzDatabase: !Ref MultiAzDatabase MultiAzDatabase: "true"
QsS3BucketName: "jfrog-aws-test" QsS3BucketName: "jfrog-aws-test"
QsS3KeyPrefix: "artifactory7/v7112/" QsS3KeyPrefix: "artifactory7/pro/v7153/"
QsS3BucketRegion: "us-east-1" QsS3BucketRegion: "us-east-1"
InstallXray: !Ref InstallXray InstallXray: !Ref InstallXray
XrayVersion: !Ref XrayVersion XrayVersion: !Ref XrayVersion

292
Amazon/Marketplace/v7153/templates/jfrog-xray-ec2-instance.template.yaml Normal file
View File

@@ -0,0 +1,292 @@
AWSTemplateFormatVersion: "2010-09-09"
Description: "Deploys the EC2 Autoscaling, LaunchConfig and Instance for Xray"
Parameters:
PrivateSubnet1Id:
Type: AWS::EC2::Subnet::Id
PrivateSubnet2Id:
Type: AWS::EC2::Subnet::Id
KeyPairName:
Type: AWS::EC2::KeyPair::KeyName
MinScalingNodes:
Type: Number
MaxScalingNodes:
Type: Number
DeploymentTag:
Type: String
QsS3BucketName:
Type: String
QsS3KeyPrefix:
Type: String
QsS3Uri:
Type: String
DatabaseDriver:
Type: String
DatabaseType:
Type: String
DatabaseUser:
Type: String
DatabasePassword:
Type: String
NoEcho: 'true'
MasterKey:
Type: String
NoEcho: 'true'
ExtraJavaOptions:
Type: String
SecurityGroups:
Type: String
VolumeSize:
Type: Number
XrayHostProfile:
Type: String
XrayHostRole:
Type: String
XrayInstanceType:
Type: String
JfrogInternalUrl:
Type: String
XrayDatabaseUser:
Type: String
XrayDatabasePassword:
Type: String
NoEcho: 'true'
XrayMasterDatabaseUrl:
Type: String
XrayDatabaseUrl:
Type: String
XrayVersion:
Type: String
XrayAmiId:
Type: String
# To populate additional mappings use the following with the desired --region
# aws --region us-west-2 ec2 describe-images --owners amazon --filters 'Name=name,Values=amzn-ami-hvm-2018.03.0.20181129-x86_64-gp2' 'Name=state,Values=available' --output json | jq -r '.Images | sort_by(.CreationDate) | last(.[]).ImageId'
Mappings:
AWSAMIRegionMap:
us-east-1:
"3174": ami-023ca6575274f7100
us-east-2:
"3174": ami-0592fa8e68995ea08
us-west-1:
"3174": ami-00d52c51cbf22a2fc
us-west-2:
"3174": ami-0d67b78b4f09fa9a7
ca-central-1:
"3174": ami-056bafb407aa8e445
eu-central-1:
"3174": ami-05ab6de966f830b8a
eu-west-1:
"3174": ami-055507b35a350806d
eu-west-2:
"3174": ami-007c8adf17c3bee79
eu-west-3:
"3174": ami-033e74f7f2e7b43ae
ap-southeast-1:
"3174": ami-0114ff3241c5a86a8
ap-southeast-2:
"3174": ami-0c753f85c64c4169d
ap-south-1:
"3174": ami-09f40817a8786b93c
ap-northeast-1:
"3174": ami-00f6ec6314c6ddd27
ap-northeast-2:
"3174": ami-05a10d14c3289f2b3
sa-east-1:
"3174": ami-0c2acb2f23c3e6743
us-gov-east-1:
"3174": ami-0349215efccd0d9f6
us-gov-west-1:
"3174": ami-0b52a6d3379d2c20c
Resources:
XrayScalingGroup:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
LaunchConfigurationName: !Ref XrayLaunchConfiguration
VPCZoneIdentifier:
- !Ref PrivateSubnet1Id
- !Ref PrivateSubnet2Id
MinSize: !Ref MinScalingNodes
MaxSize: !Ref MaxScalingNodes
Cooldown: '300'
DesiredCapacity: !Ref MinScalingNodes
HealthCheckType: EC2
HealthCheckGracePeriod: 1800
Tags:
- Key: Name
Value: !Ref DeploymentTag
PropagateAtLaunch: true
- Key: XrayVersion
Value: !Ref XrayVersion
PropagateAtLaunch: true
TerminationPolicies:
- OldestInstance
- Default
CreationPolicy:
ResourceSignal:
Count: !Ref MinScalingNodes
Timeout: PT60M
XrayLaunchConfiguration:
Type: AWS::AutoScaling::LaunchConfiguration
Metadata:
AWS::CloudFormation::Authentication:
S3AccessCreds:
type: S3
roleName:
- !Ref XrayHostRole
buckets:
- !Ref QsS3BucketName
AWS::CloudFormation::Init:
configSets:
xray_install:
- "config-cloudwatch"
- "config-xray"
config-cloudwatch:
files:
/root/cloudwatch.conf:
content: |
[general]
state_file = /var/awslogs/state/agent-state
[/var/log/messages]
file = /var/log/messages
log_group_name = /xray/instances/{instance_id}
log_stream_name = /var/log/messages/
datetime_format = %b %d %H:%M:%S
[/var/log/xray-ami-setup.log]
file = /var/log/messages
log_group_name = /xray/instances/{instance_id}
log_stream_name = /var/log/xray-ami-setup.log
datetime_format = %b %d %H:%M:%S
[/var/log/xray.log]
file = /var/log/messages
log_group_name = /xray/instances/{instance_id}
log_stream_name = /var/log/xray.log
datetime_format = %b %d %H:%M:%S
mode: "0400"
config-xray:
files:
/root/.xray_ami/xray.yml:
content: !Sub |
# Base install for Xray
- import_playbook: site-xray.yml
vars:
jfrog_url: ${JfrogInternalUrl}
master_key: ${MasterKey}
join_key: ${MasterKey}
extra_java_opts: ${ExtraJavaOptions}
db_type: ${DatabaseType}
db_driver: ${DatabaseDriver}
db_master_url: postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl}
db_url: postgres://${XrayDatabaseUrl}
db_master_user: ${DatabaseUser}
db_user: ${XrayDatabaseUser}
db_password: ${XrayDatabasePassword}
xray_version: ${XrayVersion}
mode: "0400"
/root/.vault_pass.txt:
content: !Sub |
${DatabasePassword}
mode: "0400"
Properties:
KeyName: !Ref KeyPairName
IamInstanceProfile: !Ref XrayHostProfile
ImageId: !FindInMap
- AWSAMIRegionMap
- !Ref 'AWS::Region'
- !Ref XrayAmiId
SecurityGroups:
- !Ref SecurityGroups
InstanceType: !Ref XrayInstanceType
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
VolumeSize: !Ref VolumeSize
VolumeType: gp2
DeleteOnTermination: true
Encrypted: true
UserData:
Fn::Base64:
!Sub |
#!/bin/bash -x
exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1
#CFN Functions
function cfn_fail
{
cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource XrayScalingGroup
exit 1
}
function cfn_success
{
cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource XrayScalingGroup
exit 0
}
S3URI=${QsS3Uri}
yum update --security -y &> /var/log/userdata.yum_security_update.log
yum install -y git python3 libselinux-python3
yum install -y postgresql-server postgresql-devel
echo $PATH
PATH=/opt/aws/bin:$PATH
echo $PATH
# Create virtual env and activate
python3 -m venv ~/venv --system-site-packages
source ~/venv/bin/activate
pip install --upgrade pip
pip install wheel
# Install Cloudformation helper scripts
pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz 2>&1 | tee /var/log/userdata.aws_cfn_bootstrap_install.log
pip install awscli &> /var/log/userdata.awscli_install.log
pip install ansible &> /var/log/userdata.ansible_install.log
mkdir ~/.xray_ami
aws s3 --region ${AWS::Region} sync s3://${QsS3BucketName}/${QsS3KeyPrefix}cloudInstallerScripts/ ~/.xray_ami/
setsebool httpd_can_network_connect 1 -P
# CentOS cloned virtual machines do not create a new machine id
# https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/
rm -f /etc/machine-id
systemd-machine-id-setup
cfn-init -v --stack ${AWS::StackName} --resource XrayLaunchConfiguration --configsets xray_install --region ${AWS::Region} || cfn_fail
# Setup CloudWatch Agent
curl https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py -O
chmod +x ./awslogs-agent-setup.py
./awslogs-agent-setup.py -n -r ${AWS::Region} -c /root/cloudwatch.conf
lsblk # debug
ansible-galaxy collection install community.general ansible.posix
ansible-playbook /root/.xray_ami/xray.yml --vault-id /root/.vault_pass.txt 2>&1 | tee /var/log/xray.log || cfn_fail
rm -rf /root/.secureit.sh
cfn_success &> /var/log/cfn_success.log
cfn_success || cfn_fail