diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1e6e65c --- /dev/null +++ b/.gitignore @@ -0,0 +1,8 @@ +.molecule +*.log +*.swp +.tox +./idea +.idea/ +.DS_Store + diff --git a/JFrogContainerRegistry/aws/HelmInstall/README.md b/Amazon/HelmInstall/README.md similarity index 100% rename from JFrogContainerRegistry/aws/HelmInstall/README.md rename to Amazon/HelmInstall/README.md diff --git a/Amazon/containers/Dockerfile b/Amazon/containers/Dockerfile new file mode 100755 index 0000000..0f05d7a --- /dev/null +++ b/Amazon/containers/Dockerfile @@ -0,0 +1,12 @@ +ARG UPSTREAM_IMAGE=docker.bintray.io/jfrog/artifactory-jcr +ARG UPSTREAM_TAG +FROM ${UPSTREAM_IMAGE}:${UPSTREAM_TAG} +USER root +# Copy security.xml +COPY ./security.xml /security_bootstrap/security.import.xml +RUN chown -R artifactory:artifactory /security_bootstrap +# Copy entrypoint script. +COPY ./entrypoint-artifactory.sh /entrypoint-artifactory.sh +COPY ./installer-info.json /artifactory_bootstrap/info/installer-info.json +RUN chmod 755 /entrypoint-artifactory.sh +USER artifactory diff --git a/JFrogContainerRegistry/aws/container/README.md b/Amazon/containers/README.md similarity index 97% rename from JFrogContainerRegistry/aws/container/README.md rename to Amazon/containers/README.md index 067e7bb..0791230 100644 --- a/JFrogContainerRegistry/aws/container/README.md +++ b/Amazon/containers/README.md @@ -16,7 +16,7 @@ JFrog Container Registry can be installed into either an ECS or EKS cluster. To simply get up and running, you can try: -```docker run -d -p 8081:8081 ``` +```docker run -d -p 8081:8081 -p 8082:8082 ``` After this, you can access the UI at \:8081. The default username is 'admin'. See 'Getting or setting initial password' to find out how to get the initial password. ### Getting or setting initial password diff --git a/Amazon/containers/buildAwsContainers.sh b/Amazon/containers/buildAwsContainers.sh new file mode 100755 index 0000000..cf036e8 --- /dev/null +++ b/Amazon/containers/buildAwsContainers.sh @@ -0,0 +1,88 @@ +#!/usr/bin/env bash +VERSION=$1 +EDITIONS=( artifactory-pro artifactory-jcr ) + +#for loop start: editoins +for EDITION in "${EDITIONS[@]}" +do + UPSTREAM_IMAGE_NAME=docker.bintray.io/jfrog/$EDITION + BUILD_IMAGE_NAME=partnership-public-images.jfrog.io/aws/$EDITION + ARTIFACTORY_PASSWORD=corona1831 + + # Logic starts here + if [ -z "$VERSION" ] + then + echo "No version passed in. Build failed." + echo "usage: buildAwsContainers " + echo "example: buildAwsContainers 7.2.1 " + exit -1 + fi + + # Extract and modify the entrypoint to run out custom code for first-time password + docker pull $UPSTREAM_IMAGE_NAME:$VERSION + docker run -d --rm --name tmp-docker $UPSTREAM_IMAGE_NAME:$VERSION + docker cp tmp-docker:/entrypoint-artifactory.sh original-entrypoint.sh + docker rm -f tmp-docker + perl -pe 's/^addExtraJavaArgs$/`cat extra_conf`/ge' original-entrypoint.sh > entrypoint-artifactory.sh + + #Create installer-info file + if [ "$EDITION" == "artifactory-pro" ] + then + cat < installer-info.json + { + "productId": "CloudFormation_artifactory-ha/$VERSION", + "features": [ + { + "featureId": "Partner/ACC-006973" + } + ] + } +EOF + else + cat < installer-info.json + { + "productId": "CloudFormation_artifactory-jcr/$VERSION", + "features": [ + { + "featureId": "Partner/ACC-006973" + } + ] + } +EOF + fi + cat installer-info.json + + # Create the new docker image + docker build --no-cache --build-arg UPSTREAM_TAG=$VERSION -t $BUILD_IMAGE_NAME:$VERSION . + + # Run minimal test + set -x + docker run --name test-new-image -d -e ARTIFACTORY_PASSWORD=$ARTIFACTORY_PASSWORD -p 8081:8081 -p 8082:8082 $BUILD_IMAGE_NAME:$VERSION + # Wait for it to come up + SUCCESS=false + for i in {1..30} + do + STATUS=$(docker exec test-new-image curl -u admin:$ARTIFACTORY_PASSWORD http://localhost:8082/router/api/v1/system/health | jq .services[0].state) + if [ "$STATUS" == "\"HEALTHY\"" ]; then + echo "Build successful!" + SUCCESS=true + break + fi + echo "Container is not up yet, waiting 10 seconds..." + sleep 10 + done + + #clearnup + docker stop test-new-image + docker rm test-new-image + rm installer-info.json + + + if [ "$SUCCESS" = true ] ; then + echo "Test Succeeded. Build succeeded." + else + echo "Test failed. Build failed. Removing docker image" + exit 1 + fi + #for loop endL: editions +done diff --git a/Amazon/containers/extra_conf b/Amazon/containers/extra_conf new file mode 100755 index 0000000..d533ea2 --- /dev/null +++ b/Amazon/containers/extra_conf @@ -0,0 +1,18 @@ +addExtraJavaArgs +setupFirstTimePass() { + # Create a unique password + if [ -z "$ARTIFACTORY_PASSWORD" ]; then + echo "INFO: Since ARTIFACTORY_PASSWORD environment is not set. We are generating our own random password." + ARTIFACTORY_PASSWORD=$(openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c 18) + echo "Generated ARTIFACTORY_PASSWORD is $ARTIFACTORY_PASSWORD" + echo $ARTIFACTORY_PASSWORD > /var/opt/jfrog/artifactory/generated-pass.txt + fi + SALTED_PASSWD=$(echo -n ${ARTIFACTORY_PASSWORD}{CAFEBABEEBABEFAC} | md5sum | cut -d ' ' -f1) + sed -i -e "s/$SALTED_PASSWD + + +admin + +CAFEBABEEBABEFAC +true +true +true +true +true +true +internal +false + + + + diff --git a/Ansible/README.md b/Ansible/README.md new file mode 100644 index 0000000..ec8c616 --- /dev/null +++ b/Ansible/README.md @@ -0,0 +1,35 @@ +# JFrog Ansible Collection + +This Ansible directory consists of the following directories that support the JFrog Ansible collection. + + * [collection directory](collection) - This directory contains the Ansible collection package that has the Ansible roles for Artifactory and Xray. See the collection [README](collection/README.md) for details on the available roles and variables. + * [infra directory](infra) - This directory contains example infrastructure templates that can be used for testing and as example deployments. + * [project directory](project) - This directory contains example playbooks for various architectures from single Artifactory (RT) deployments to high-availability setups. + * [test directory](test) - This directory contains Gradle tests that can be used to verify a deployment. It also has Ansible playbooks for creating infrastructure, provisioning software and testing with Gradle. + + ## Getting Started + + 1. Install this collection or the roles in your Ansible path using your ansible.cfg file. The following is an example: + ``` +# Installs collections into [current dir]/ansible_collections/namespace/collection_name +collections_paths = ~/.ansible/collections:/usr/share/ansible/collections:collection + +# Installs roles into [current dir]/roles/namespace.rolename +roles_path = Ansible/collection/jfrog/ansible/roles +``` + 2. Ansible uses SSH to connect to hosts. Ensure that your SSH private key is on your client and the public keys are installed on your Ansible hosts. If you are using a bastion host, you can add the following Ansible variable to allow proxying through the bastion host. + ``` + ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -A user@host -W %h:%p"' + + eg. + ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -A ubuntu@{{ azureDeployment.deployment.outputs.lbIp.value }} -W %h:%p"' + ``` + 3. Create your inventory file. Use one of the examples from the [project directory](project) to construct an inventory file (hosts.yml) with the host addresses and variables. + + 4. Create your playbook. Use one of the examples from the [project directory](project) to construct a playbook using the JFrog Ansible roles. These roles will be applied to your inventory and provision software. + + 5. Then execute with the following command to provision the JFrog software with Ansible. Variables can also be passed in at the command-line. + + ``` +ansible-playbook -i hosts.yml playbook.yml --extra-vars "master_key=$(openssl rand -hex 16) join_key=$(openssl rand -hex 16)" +``` \ No newline at end of file diff --git a/Ansible/collection/.ansible-lint b/Ansible/collection/.ansible-lint new file mode 100644 index 0000000..a59f903 --- /dev/null +++ b/Ansible/collection/.ansible-lint @@ -0,0 +1,8 @@ +# +# Ansible managed +# +exclude_paths: + - ./meta/version.yml + - ./meta/exception.yml + - ./meta/preferences.yml + - ./molecule/default/verify.yml diff --git a/Ansible/collection/.yamllint b/Ansible/collection/.yamllint new file mode 100644 index 0000000..c5ae64b --- /dev/null +++ b/Ansible/collection/.yamllint @@ -0,0 +1,12 @@ +--- +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/Ansible/collection/README.md b/Ansible/collection/README.md new file mode 100644 index 0000000..1913bd9 --- /dev/null +++ b/Ansible/collection/README.md @@ -0,0 +1,87 @@ +# Ansible +This repo contains the Ansible collection for JFrog roles. These roles allow you to provision Artifactory for High-Availability using a Primary node and multiple Secondary nodes. Additionally, a Postgresql role is provided for installing an Artifactory Postgresql database. + +## Roles Provided +### artifactory +The artifactory role installs the Artifactory Pro software onto the host. Per the Vars below, it will configure a node as primary or secondary. This role uses secondary roles artifactory-nginx to install nginx. + +### artifactory-nginx-ssl +The artifactory-nginx-ssl role installs and configures nginx for SSL. + +### postgres +The postgres role will install Postgresql software and configure a database and user to support an Artifactory or Xray server. + +### xray +The xray role will install Xray software onto the host. An Artifactory server and Postgress database is required. + +## Vars Required +The following Vars must be configured. + +### databsase vars +* db_users: This is a list of database users to create. eg. db_users: - { db_user: "artifactory", db_password: "Art1fAct0ry" } +* dbs: This is the database to create. eg. dbs: - { db_name: "artifactory", db_owner: "artifactory" } + +### artifactory vars +* artifactory_version: The version of Artifactory to install. eg. "7.4.1" +* master_key: This is the Artifactory Master Key. +* join_key: This is the Artifactory Join Key. +* db_download_url: This is the download URL for the JDBC driver for your database. eg. "https://jdbc.postgresql.org/download/postgresql-42.2.12.jar" +* db_type: This is the database type. eg. "postgresql" +* db_driver: This is the JDBC driver class. eg. "org.postgresql.Driver" +* db_url: This is the JDBC database url. eg. "jdbc:postgresql://10.0.0.120:5432/artifactory" +* db_user: The database user to configure. eg. "artifactory" +* db_password: The database password to configure. "Art1fact0ry" +* server_name: This is the server name. eg. "artifactory.54.175.51.178.xip.io" +* system_file: Your own system YAML file can be specified and used. If specified, this file will be used rather than constructing a file from the parameters above. +* binary_store_file: Your own binary store file can be used. If specified, the default cluster-file-system will not be used. + +### primary vars +* artifactory_is_primary: For the primary node this must be set to **true**. +* artifactory_license1 - 5: These are the cluster licenses. +* artifactory_license_file: Your own license file can be used. If specified, a license file constructed from the licenses above will not be used. + +### secondary vars +* artifactory_is_primary: For the secondary node(s) this must be set to **false**. + +### ssl vars (Used with artifactory-nginx-ssl role) +* certificate: This is the SSL cert. +* certificate_key: This is the SSL private key. + +### xray vars +* xray_version: The version of Artifactory to install. eg. "3.3.0" +* jfrog_url: This is the URL to the Artifactory base URL. eg. "http://ec2-54-237-207-135.compute-1.amazonaws.com" +* master_key: This is the Artifactory Master Key. +* join_key: This is the Artifactory Join Key. +* db_type: This is the database type. eg. "postgresql" +* db_driver: This is the JDBC driver class. eg. "org.postgresql.Driver" +* db_url: This is the database url. eg. "postgres://10.0.0.59:5432/xraydb?sslmode=disable" +* db_user: The database user to configure. eg. "xray" +* db_password: The database password to configure. "xray" + +## Example Inventory and Playbooks +Example playbooks are located in the [project](../project) directory. This directory contains several example inventory and plaaybooks for different Artifactory, HA and Xray architectures. + +## Executing a Playbook +``` +ansible-playbook -i + +eg. + ansible-playbook -i example-playbooks/rt-xray-ha/hosts.yml example-playbooks/rt-xray-ha/playbook.yml +``` + +## Autogenerating Master and Join Keys +You may want to auto-generate your master amd join keys and apply it to all the nodes. + +``` +ansible-playbook -i hosts.yml playbook.yml --extra-vars "master_key=$(openssl rand -hex 16) join_key=$(openssl rand -hex 16)" +``` + +## Bastion Hosts +In many cases, you may want to run this Ansible collection through a Bastion host to provision JFrog servers. You can include the following Var for a host or group of hosts: + +``` +ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -A user@host -W %h:%p"' + +eg. +ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -A ubuntu@{{ azureDeployment.deployment.outputs.lbIp.value }} -W %h:%p"' +``` \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/galaxy.yml b/Ansible/collection/jfrog/ansible/galaxy.yml new file mode 100644 index 0000000..2b44148 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/galaxy.yml @@ -0,0 +1,57 @@ +### REQUIRED + +# The namespace of the collection. This can be a company/brand/organization or product namespace under which all +# content lives. May only contain alphanumeric lowercase characters and underscores. Namespaces cannot start with +# underscores or numbers and cannot contain consecutive underscores +namespace: jfrog + +# The name of the collection. Has the same character restrictions as 'namespace' +name: ansible + +# The version of the collection. Must be compatible with semantic versioning +version: 1.0.0 + +# The path to the Markdown (.md) readme file. This path is relative to the root of the collection +readme: README.md + +# A list of the collection's content authors. Can be just the name or in the format 'Full Name (url) +# @nicks:irc/im.site#channel' +authors: +- your name + + +### OPTIONAL but strongly recommended + +# A short summary description of the collection +description: your collection description + +# Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only +# accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file' +license: +- GPL-2.0-or-later + +# The path to the license file for the collection. This path is relative to the root of the collection. This key is +# mutually exclusive with 'license' +license_file: '' + +# A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character +# requirements as 'namespace' and 'name' +tags: [] + +# Collections that this collection requires to be installed for it to be usable. The key of the dict is the +# collection label 'namespace.name'. The value is a version range +# L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version +# range specifiers can be set and are separated by ',' +dependencies: {} + +# The URL of the originating SCM repository +repository: http://example.com/repository + +# The URL to any online docs +documentation: http://docs.example.com + +# The URL to the homepage of the collection/project +homepage: http://example.com + +# The URL to the collection issue tracker +issues: http://example.com/issue/tracker diff --git a/Ansible/collection/jfrog/ansible/plugins/README.md b/Ansible/collection/jfrog/ansible/plugins/README.md new file mode 100644 index 0000000..6541cf7 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/plugins/README.md @@ -0,0 +1,31 @@ +# Collections Plugins Directory + +This directory can be used to ship various plugins inside an Ansible collection. Each plugin is placed in a folder that +is named after the type of plugin it is in. It can also include the `module_utils` and `modules` directory that +would contain module utils and modules respectively. + +Here is an example directory of the majority of plugins currently supported by Ansible: + +``` +└── plugins + ├── action + ├── become + ├── cache + ├── callback + ├── cliconf + ├── connection + ├── filter + ├── httpapi + ├── inventory + ├── lookup + ├── module_utils + ├── modules + ├── netconf + ├── shell + ├── strategy + ├── terminal + ├── test + └── vars +``` + +A full list of plugin types can be found at [Working With Plugins](https://docs.ansible.com/ansible/2.9/plugins/plugins.html). \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/.travis.yml b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/defaults/main.yml b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/defaults/main.yml new file mode 100644 index 0000000..6b28347 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for artifactory-nginx \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/handlers/main.yml b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/handlers/main.yml new file mode 100644 index 0000000..d212386 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for artifactory-nginx \ No newline at end of file diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/meta/main.yml b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/meta/main.yml similarity index 96% rename from JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/meta/main.yml rename to Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/meta/main.yml index 3a212a9..227ad9c 100644 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/meta/main.yml +++ b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/meta/main.yml @@ -1,6 +1,6 @@ galaxy_info: author: your name - description: your description + description: your role description company: your company (optional) # If the issue tracker for your role is not on github, uncomment the @@ -16,7 +16,7 @@ galaxy_info: # - CC-BY-4.0 license: license (GPL-2.0-or-later, MIT, etc) - min_ansible_version: 2.4 + min_ansible_version: 2.9 # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/tasks/main.yml b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/tasks/main.yml new file mode 100644 index 0000000..ba37c53 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/tasks/main.yml @@ -0,0 +1,41 @@ +--- +# tasks file for artifactory-nginx +- name: configure the artifactory nginx conf + template: + src: artifactory.conf.j2 + dest: /etc/nginx/conf.d/artifactory.conf + owner: root + group: root + mode: '0755' + become: yes + +- name: ensure nginx dir exists + file: + path: "/var/opt/jfrog/nginx/ssl" + state: directory + become: yes + +- name: configure certificate + template: + src: certificate.pem.j2 + dest: "/var/opt/jfrog/nginx/ssl/cert.pem" + become: yes + +- name: ensure pki exists + file: + path: "/etc/pki/tls" + state: directory + become: yes + +- name: configure key + template: + src: certificate.key.j2 + dest: "/etc/pki/tls/cert.key" + become: yes + +- name: restart nginx + service: + name: nginx + state: restarted + enabled: yes + become: yes \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/templates/artifactory.conf.j2 b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/templates/artifactory.conf.j2 new file mode 100644 index 0000000..315a601 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/templates/artifactory.conf.j2 @@ -0,0 +1,48 @@ +########################################################### +## this configuration was generated by JFrog Artifactory ## + ########################################################### + + ## add HA entries when ha is configure + upstream artifactory { + server 127.0.0.1:8082; +} + upstream artifactory-direct { + server 127.0.0.1:8081; +} + ssl_protocols TLSv1.1 TLSv1.2; + ssl_certificate /var/opt/jfrog/nginx/ssl/cert.pem; + ssl_certificate_key /etc/pki/tls/cert.key; + ssl_session_cache shared:SSL:1m; + ssl_prefer_server_ciphers on; + ## server configuration + server { + listen 443 ssl http2; + server_name {{ server_name }}; + if ($http_x_forwarded_proto = '') { + set $http_x_forwarded_proto $scheme; + } + ## Application specific logs + access_log /var/log/nginx/artifactory-access.log; + error_log /var/log/nginx/artifactory-error.log; + rewrite ^/$ /ui/ redirect; + rewrite ^/ui$ /ui/ redirect; + chunked_transfer_encoding on; + client_max_body_size 0; + location / { + proxy_read_timeout 2400s; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + proxy_pass "http://artifactory"; + proxy_next_upstream error timeout non_idempotent; + proxy_next_upstream_tries 1; + proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + location ~ ^/artifactory/ { + proxy_pass http://artifactory-direct; + } + } +} \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/templates/certificate.key.j2 b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/templates/certificate.key.j2 new file mode 100644 index 0000000..2c46be0 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/templates/certificate.key.j2 @@ -0,0 +1,4 @@ +{% set cert = certificate_key.split('|') %} +{% for line in cert %} +{{ line }} +{% endfor %} \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/templates/certificate.pem.j2 b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/templates/certificate.pem.j2 new file mode 100644 index 0000000..71e936d --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/templates/certificate.pem.j2 @@ -0,0 +1,4 @@ +{% set cert = certificate.split('|') %} +{% for line in cert %} +{{ line }} +{% endfor %} \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/tests/inventory b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/tests/test.yml b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/tests/test.yml new file mode 100644 index 0000000..7560bbb --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - artifactory-nginx \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/vars/main.yml b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/vars/main.yml new file mode 100644 index 0000000..7465197 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx-ssl/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for artifactory-nginx \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/.travis.yml b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/defaults/main.yml b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/defaults/main.yml new file mode 100644 index 0000000..6b28347 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for artifactory-nginx \ No newline at end of file diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/files/nginx.conf b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/files/nginx.conf similarity index 99% rename from JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/files/nginx.conf rename to Ansible/collection/jfrog/ansible/roles/artifactory-nginx/files/nginx.conf index ee0f4a6..19f9422 100644 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/files/nginx.conf +++ b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/files/nginx.conf @@ -34,4 +34,4 @@ http { #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; -} +} \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/handlers/main.yml b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/handlers/main.yml new file mode 100644 index 0000000..d212386 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for artifactory-nginx \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/meta/main.yml b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/meta/main.yml new file mode 100644 index 0000000..227ad9c --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/meta/main.yml @@ -0,0 +1,53 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.9 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. + \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/tasks/main.yml b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/tasks/main.yml new file mode 100644 index 0000000..5146b14 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/tasks/main.yml @@ -0,0 +1,35 @@ +--- +- name: install nginx + package: + name: nginx + state: present + register: package_res + retries: 5 + delay: 60 + become: yes + until: package_res is success + +- name: configure main nginx conf file. + copy: + src: nginx.conf + dest: /etc/nginx/nginx.conf + owner: root + group: root + mode: '0755' + become: yes + +- name: configure the artifactory nginx conf + template: + src: artifactory.conf.j2 + dest: /etc/nginx/conf.d/artifactory.conf + owner: root + group: root + mode: '0755' + become: yes + +- name: restart nginx + service: + name: nginx + state: restarted + enabled: yes + become: yes diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/templates/artifactory.conf.j2 b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/templates/artifactory.conf.j2 new file mode 100644 index 0000000..58280d9 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/templates/artifactory.conf.j2 @@ -0,0 +1,43 @@ +########################################################### +## this configuration was generated by JFrog Artifactory ## + ########################################################### + + ## add HA entries when ha is configure + upstream artifactory { + server 127.0.0.1:8082; +} + upstream artifactory-direct { + server 127.0.0.1:8081; +} + ## server configuration + server { + listen 80 ; + server_name {{ server_name }}; + if ($http_x_forwarded_proto = '') { + set $http_x_forwarded_proto $scheme; + } + ## Application specific logs + access_log /var/log/nginx/artifactory-access.log; + error_log /var/log/nginx/artifactory-error.log; + rewrite ^/$ /ui/ redirect; + rewrite ^/ui$ /ui/ redirect; + chunked_transfer_encoding on; + client_max_body_size 0; + location / { + proxy_read_timeout 2400s; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + proxy_pass "http://artifactory"; + proxy_next_upstream error timeout non_idempotent; + proxy_next_upstream_tries 1; + proxy_set_header X-JFrog-Override-Base-Url $http_x_forwarded_proto://$host:$server_port; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + location ~ ^/artifactory/ { + proxy_pass http://artifactory-direct; + } + } +} \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/tests/inventory b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/tests/test.yml b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/tests/test.yml new file mode 100644 index 0000000..7560bbb --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - artifactory-nginx \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/vars/main.yml b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/vars/main.yml new file mode 100644 index 0000000..7465197 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory-nginx/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for artifactory-nginx \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory/.travis.yml b/Ansible/collection/jfrog/ansible/roles/artifactory/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory/defaults/main.yml b/Ansible/collection/jfrog/ansible/roles/artifactory/defaults/main.yml new file mode 100644 index 0000000..4520463 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory/defaults/main.yml @@ -0,0 +1,48 @@ +--- +# defaults file for artifactory +# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone) +ansible_marketplace: standalone + +# The version of Artifactory to install +artifactory_version: 7.4.1 + +# licenses file - specify a licenses file or specify up to 5 licenses +artifactory_license1: +artifactory_license2: +artifactory_license3: +artifactory_license4: +artifactory_license5: + +# whether to enable HA +artifactory_ha_enabled: true + +# value for whether a host is primary. this should be set in host vars +artifactory_is_primary: true + +# The location where Artifactory should install. +artifactory_download_directory: /opt/jfrog + +# The location where Artifactory should store data. +artifactory_file_store_dir: /data + +# Pick the Artifactory flavour to install, can be also cpp-ce, jcr, pro. +artifactory_flavour: pro + +extra_java_opts: -server -Xms2g -Xmx14g -Xss256k -XX:+UseG1GC + +artifactory_tar: https://dl.bintray.com/jfrog/artifactory-pro/org/artifactory/pro/jfrog-artifactory-pro/{{ artifactory_version }}/jfrog-artifactory-pro-{{ artifactory_version }}-linux.tar.gz +artifactory_home: "{{ artifactory_download_directory }}/artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}" + +artifactory_user: artifactory +artifactory_group: artifactory + +# Set the parameters required for the service. +service_list: + - name: artifactory + description: Start script for Artifactory + start_command: "{{ artifactory_home }}/bin/artifactory.sh start" + stop_command: "{{ artifactory_home }}/bin/artifactory.sh stop" + type: forking + status_pattern: artifactory + user_name: "{{ artifactory_user }}" + group_name: "{{ artifactory_group }}" diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory/handlers/main.yml b/Ansible/collection/jfrog/ansible/roles/artifactory/handlers/main.yml new file mode 100644 index 0000000..6f8fcda --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory/handlers/main.yml @@ -0,0 +1,10 @@ +--- +# handlers file for artifactory +- name: systemctl daemon-reload + systemd: + daemon_reload: yes + +- name: restart artifactory + service: + name: artifactory + state: restarted diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory/meta/exception.yml b/Ansible/collection/jfrog/ansible/roles/artifactory/meta/exception.yml new file mode 100644 index 0000000..7de46df --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory/meta/exception.yml @@ -0,0 +1,6 @@ +--- +exceptions: + - variation: Alpine + reason: Artifactory start/stop scripts don't properly work. + - variation: amazonlinux:1 + reason: "Shutting down artifactory: /usr/bin/java\nfinding\nUsing the default catalina management port (8015) to test shutdown\nArtifactory Tomcat already stopped" diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory/meta/main.yml b/Ansible/collection/jfrog/ansible/roles/artifactory/meta/main.yml new file mode 100644 index 0000000..0dc573a --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory/meta/main.yml @@ -0,0 +1,35 @@ +--- +galaxy_info: + author: Robert de Bock + role_name: artifactory + description: Install and configure artifactory on your system. + license: Apache-2.0 + company: none + min_ansible_version: 2.8 + + platforms: + - name: Debian + versions: + - all + - name: EL + versions: + - 7 + - 8 + - name: Fedora + versions: + - all + - name: OpenSUSE + versions: + - all + - name: Ubuntu + versions: + - bionic + + galaxy_tags: + - artifactory + - centos + - redhat + - server + - system + +dependencies: [] diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory/meta/preferences.yml b/Ansible/collection/jfrog/ansible/roles/artifactory/meta/preferences.yml new file mode 100644 index 0000000..e7fdebf --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory/meta/preferences.yml @@ -0,0 +1,2 @@ +--- +tox_parallel: yes diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory/meta/version.yml b/Ansible/collection/jfrog/ansible/roles/artifactory/meta/version.yml new file mode 100644 index 0000000..ea2ef8f --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory/meta/version.yml @@ -0,0 +1,6 @@ +--- +project_name: JFrog +reference: "https://github.com/robertdebock/ansible-role-artifactory/blob/master/defaults/main.yml" +versions: + - name: Artifactory + url: "https://dl.bintray.com/jfrog/artifactory/" diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory/tasks/main.yml b/Ansible/collection/jfrog/ansible/roles/artifactory/tasks/main.yml new file mode 100644 index 0000000..04b3a8e --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory/tasks/main.yml @@ -0,0 +1,160 @@ +--- +# tasks file for artifactory +- name: install nginx + include_role: + name: artifactory-nginx + +- name: create group for artifactory + group: + name: "{{ artifactory_group }}" + state: present + become: yes + +- name: create user for artifactory + user: + name: "{{ artifactory_user }}" + group: "{{ artifactory_group }}" + system: yes + become: yes + +- name: ensure artifactory_download_directory exists + file: + path: "{{ artifactory_download_directory }}" + state: directory + become: yes + +- name: download artifactory + unarchive: + src: "{{ artifactory_tar }}" + dest: "{{ artifactory_download_directory }}" + remote_src: yes + owner: "{{ artifactory_user }}" + group: "{{ artifactory_group }}" + creates: "{{ artifactory_home }}" + become: yes + register: downloadartifactory + until: downloadartifactory is succeeded + retries: 3 + +- name: ensure artifactory_file_store_dir exists + file: + path: "{{ artifactory_file_store_dir }}" + state: directory + owner: "{{ artifactory_user }}" + group: "{{ artifactory_group }}" + become: yes + +- name: ensure etc exists + file: + path: "{{ artifactory_home }}/var/etc" + state: directory + owner: "{{ artifactory_user }}" + group: "{{ artifactory_group }}" + become: yes + +- name: use specified system yaml + copy: + src: "{{ system_file }}" + dest: "{{ artifactory_home }}/var/etc/system.yaml" + become: yes + when: system_file is defined + +- name: configure system yaml + template: + src: system.yaml.j2 + dest: "{{ artifactory_home }}/var/etc/system.yaml" + become: yes + when: system_file is not defined + +- name: ensure {{ artifactory_home }}/var/etc/security/ exists + file: + path: "{{ artifactory_home }}/var/etc/security/" + state: directory + owner: "{{ artifactory_user }}" + group: "{{ artifactory_group }}" + become: yes + +- name: configure master key + template: + src: master.key.j2 + dest: "{{ artifactory_home }}/var/etc/security/master.key" + become: yes + +- name: configure join key + template: + src: join.key.j2 + dest: "{{ artifactory_home }}/var/etc/security/join.key" + become: yes + +- name: ensure {{ artifactory_home }}/var/etc/info/ exists + file: + path: "{{ artifactory_home }}/var/etc/info/" + state: directory + owner: "{{ artifactory_user }}" + group: "{{ artifactory_group }}" + become: yes + +- name: configure installer info + template: + src: installer-info.json.j2 + dest: "{{ artifactory_home }}/var/etc/info/installer-info.json" + become: yes + +- name: use specified binary store + copy: + src: "{{ binary_store_file }}" + dest: "{{ artifactory_home }}/var/etc/binarystore.xml" + become: yes + when: binary_store_file is defined + +- name: use default binary store + template: + src: binarystore.xml.j2 + dest: "{{ artifactory_home }}/var/etc/binarystore.xml" + become: yes + when: binary_store_file is not defined + +- name: use license file + copy: + src: "{{ artifactory_license_file }}" + dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.cluster.license" + become: yes + when: artifactory_license_file is defined and artifactory_is_primary == true + +- name: use license strings + template: + src: artifactory.cluster.license.j2 + dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.cluster.license" + become: yes + when: artifactory_license_file is not defined and artifactory_is_primary == true + +- name: download database driver + get_url: + url: "{{ db_download_url }}" + dest: "{{ artifactory_home }}/var/bootstrap/artifactory/tomcat/lib" + owner: "{{ artifactory_user }}" + group: "{{ artifactory_group }}" + become: yes + +- name: create artifactory service + shell: "{{ artifactory_home }}/app/bin/installService.sh" + become: yes + +- name: start and enable the primary node + service: + name: artifactory + state: restarted + become: yes + when: artifactory_is_primary == true + +- name: random wait before restarting to prevent secondary nodes from hitting DB first + pause: + seconds: "{{ 120 | random + 10}}" + when: artifactory_is_primary == false + +- name: start and enable the secondary nodes + service: + name: artifactory + state: restarted + become: yes + when: artifactory_is_primary == false diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory/templates/artifactory.cluster.license.j2 b/Ansible/collection/jfrog/ansible/roles/artifactory/templates/artifactory.cluster.license.j2 new file mode 100644 index 0000000..3f674f6 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory/templates/artifactory.cluster.license.j2 @@ -0,0 +1,31 @@ +{% if artifactory_license1 %} +{% if artifactory_license1|length %} +{{ artifactory_license1 }} +{% endif %} +{% endif %} +{% if artifactory_license2 %} + + +{% if artifactory_license2|length %} +{{ artifactory_license2 }} +{% endif %} +{% endif %} +{% if artifactory_license3 %} + + +{% if artifactory_license3|length %} +{{ artifactory_license3 }} +{% endif %} +{% endif %} +{% if artifactory_license4 %} + +{% if artifactory_license4|length %} +{{ artifactory_license4 }} +{% endif %} +{% endif %} +{% if artifactory_license5 %} + +{% if artifactory_license5|length %} +{{ artifactory_license5 }} +{% endif %} +{% endif %} diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory/templates/binarystore.xml.j2 b/Ansible/collection/jfrog/ansible/roles/artifactory/templates/binarystore.xml.j2 new file mode 100644 index 0000000..f85f16f --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory/templates/binarystore.xml.j2 @@ -0,0 +1,4 @@ + + + + diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory/templates/installer-info.json.j2 b/Ansible/collection/jfrog/ansible/roles/artifactory/templates/installer-info.json.j2 new file mode 100644 index 0000000..f475256 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory/templates/installer-info.json.j2 @@ -0,0 +1,12 @@ +{ + "productId": "Ansible_artifactory/1.0.0", + "features": [ + { + "featureId": "Partner/ACC-006973" + }, + { + "featureId": "Channel/{{ ansible_marketplace }}" + } + ] +} + diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory/templates/join.key.j2 b/Ansible/collection/jfrog/ansible/roles/artifactory/templates/join.key.j2 new file mode 100644 index 0000000..17d05d2 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory/templates/join.key.j2 @@ -0,0 +1 @@ +{{ join_key }} \ No newline at end of file diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/master.key.j2 b/Ansible/collection/jfrog/ansible/roles/artifactory/templates/master.key.j2 similarity index 100% rename from JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/master.key.j2 rename to Ansible/collection/jfrog/ansible/roles/artifactory/templates/master.key.j2 diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory/templates/system.yaml.j2 b/Ansible/collection/jfrog/ansible/roles/artifactory/templates/system.yaml.j2 new file mode 100644 index 0000000..419a0c3 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory/templates/system.yaml.j2 @@ -0,0 +1,38 @@ +## @formatter:off +## JFROG ARTIFACTORY SYSTEM CONFIGURATION FILE +## HOW TO USE: comment-out any field and keep the correct yaml indentation by deleting only the leading '#' character. +configVersion: 1 + +## NOTE: JFROG_HOME is a place holder for the JFrog root directory containing the deployed product, the home directory for all JFrog products. +## Replace JFROG_HOME with the real path! For example, in RPM install, JFROG_HOME=/opt/jfrog + +## NOTE: Sensitive information such as passwords and join key are encrypted on first read. +## NOTE: The provided commented key and value is the default. + +## SHARED CONFIGURATIONS +## A shared section for keys across all services in this config +shared: + + ## Node Settings + node: + ## A unique id to identify this node. + ## Default: auto generated at startup. + id: {{ ansible_machine_id }} + + ## Sets this node as primary in HA installation + primary: {{ artifactory_is_primary }} + + ## Sets this node as part of HA installation + haEnabled: {{ artifactory_ha_enabled }} + + ## Database Configuration + database: + ## One of: mysql, oracle, mssql, postgresql, mariadb + ## Default: Embedded derby + + ## Example for mysql/postgresql + type: "{{ db_type }}" + driver: "{{ db_driver }}" + url: "{{ db_url }}" + username: "{{ db_user }}" + password: "{{ db_password }}" \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/artifactory/vars/main.yml b/Ansible/collection/jfrog/ansible/roles/artifactory/vars/main.yml new file mode 100644 index 0000000..cd21505 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/artifactory/vars/main.yml @@ -0,0 +1,2 @@ +--- + diff --git a/Ansible/collection/jfrog/ansible/roles/postgres/.travis.yml b/Ansible/collection/jfrog/ansible/roles/postgres/.travis.yml new file mode 100644 index 0000000..9d4d136 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/postgres/.travis.yml @@ -0,0 +1,30 @@ +--- +language: python + +services: + - docker + +env: + global: + - DEBUG=--debug + matrix: + - MOLECULE_DISTRO=centos7 MOLECULE_SCENARIO=default + - MOLECULE_DISTRO=centos7 MOLECULE_SCENARIO=version11 + # - MOLECULE_DISTRO: fedora27 + # - MOLECULE_DISTRO: fedora29 + - MOLECULE_DISTRO=ubuntu1604 MOLECULE_SCENARIO=default + - MOLECULE_DISTRO=ubuntu1604 MOLECULE_SCENARIO=version11 + - MOLECULE_DISTRO=ubuntu1804 MOLECULE_SCENARIO=default + - MOLECULE_DISTRO=ubuntu1804 MOLECULE_SCENARIO=version11 + # - MOLECULE_DISTRO: debian9 + +before_install: + - sudo apt-get -qq update + - sudo apt-get install -y net-tools +install: + - pip install molecule docker-py + +script: + - molecule --version + - ansible --version + - molecule $DEBUG test -s $MOLECULE_SCENARIO diff --git a/Ansible/collection/jfrog/ansible/roles/postgres/defaults/main.yml b/Ansible/collection/jfrog/ansible/roles/postgres/defaults/main.yml new file mode 100644 index 0000000..9f7a0ad --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/postgres/defaults/main.yml @@ -0,0 +1,84 @@ +--- +# Put database into alternative location with a bind mount. +postgres_server_bind_mount_var_lib_pgsql: false + +# Where to put database. +postgres_server_bind_mount_var_lib_pgsql_target: "" + +# Default version of Postgres server to install. +postgres_server_version: "9.6" + +# Server version in package: +postgres_server_pkg_version: "{{ postgres_server_version|replace('.', '') }}" + +# Whether or not the files are on ZFS. +postgres_server_volume_is_zfs: false + +# Postgres setting max_connections. +postgres_server_max_connections: 100 + +# Postgres setting shared_buffers. +postgres_server_shared_buffers: 128MB + +# Postgres setting maintenance_work_mem. +postgres_server_maintenance_work_mem: 64MB + +# Postgres setting effective_io_concurrency. +postgres_server_effective_io_concurrency: 1 + +# Postgres setting max_worker_processes. +postgres_server_max_worker_processes: 8 + +# Postgres setting max_parallel_maintenance_workers. +postgres_server_max_parallel_maintenance_workers: 2 + +# Postgres setting max_parallel_workers_per_gather. +postgres_server_max_parallel_workers_per_gather: 2 + +# Postgres setting parallel_leader_participation. +postgres_server_parallel_leader_participation: true + +# Postgres setting max_parallel_workers. +postgres_server_max_parallel_workers: 8 + +# Postgres setting max_locks_per_transaction. +postgres_server_max_locks_per_transaction: 64 + +# Configuration for "random access" cost. +postgres_server_random_page_cost: "4.0" + +# User name that the postgres user runs as. +postgres_server_user: postgres + +# Whether or not to lock checkpoints. +postgres_server_log_checkpoints: false + +# Whether or not to lock connects. +postgres_server_log_connections: false + +# Whether or not to lock disconnects. +postgres_server_log_disconnections: false + +# Whether or not to log duration +postgres_server_log_duration: false + +# Error logging verbosity. +postgres_server_log_error_verbosity: "default" + +# Whether or not to log the host name. +postgres_server_log_hostname: false + +# Whether or not to lock waits. +postgres_server_log_lock_waits: false + +# Which statements to log. +postgres_server_log_statements: "none" + +# Whether or not to enable the auto_explain module. +postgres_server_auto_explain_enabled: false + +# Minimal duration to log auto explain for. +postgres_server_auto_explain_log_min_duration: -1 + +# Whether or not to use EXPLAIN ANALYZE. +postgres_server_auto_explain_log_analyze: true diff --git a/Ansible/collection/jfrog/ansible/roles/postgres/handlers/main.yml b/Ansible/collection/jfrog/ansible/roles/postgres/handlers/main.yml new file mode 100644 index 0000000..5341b3d --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/postgres/handlers/main.yml @@ -0,0 +1,4 @@ +--- + +- name: restart postgres + systemd: name={{ postgres_server_service_name }} state=restarted diff --git a/Ansible/collection/jfrog/ansible/roles/postgres/meta/main.yml b/Ansible/collection/jfrog/ansible/roles/postgres/meta/main.yml new file mode 100644 index 0000000..cc79dee --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/postgres/meta/main.yml @@ -0,0 +1,25 @@ +--- + +galaxy_info: + role_name: postgres_server + author: Jeff Fry + description: Installation of Postgres for Artifactory HA + company: JFrog + min_ansible_version: 2.8 + platforms: + - name: Fedora + versions: + - 27 + - 29 + - name: Ubuntu + versions: + - xenial + - bionic + - name: Debian + versions: + - stretch + galaxy_tags: + - postgres + - postgresql + +dependencies: [] diff --git a/Ansible/collection/jfrog/ansible/roles/postgres/tasks/Debian.yml b/Ansible/collection/jfrog/ansible/roles/postgres/tasks/Debian.yml new file mode 100644 index 0000000..611332e --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/postgres/tasks/Debian.yml @@ -0,0 +1,35 @@ +--- +- name: install python2 psycopg2 + apt: + name: python-psycopg2 + update_cache: yes + become: yes + +- name: install python3 psycopg2 + apt: + name: python3-psycopg2 + update_cache: yes + become: yes + +- name: add postgres apt key + apt_key: + url: https://www.postgresql.org/media/keys/ACCC4CF8.asc + id: "0x7FCC7D46ACCC4CF8" + state: present + become: yes + +- name: register APT repository + apt_repository: + repo: deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main + state: present + filename: pgdg + become: yes + +- name: install postgres packages + apt: + name: + - postgresql-{{ postgres_server_version }} + - postgresql-server-dev-{{ postgres_server_version }} + - postgresql-contrib-{{ postgres_server_version }} + state: present + become: yes diff --git a/Ansible/collection/jfrog/ansible/roles/postgres/tasks/RedHat.yml b/Ansible/collection/jfrog/ansible/roles/postgres/tasks/RedHat.yml new file mode 100644 index 0000000..a30eba9 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/postgres/tasks/RedHat.yml @@ -0,0 +1,72 @@ +--- + +- name: install EPEL repository + yum: name=epel-release state=present + when: > # not for Fedora + ansible_distribution == 'CentOS' or + ansible_distribution == 'Red Hat Enterprise Linux' + become: yes + +- name: install python2 psycopg2 + yum: + name: + - python-psycopg2 + - sudo + - wget + - perl + state: present + +- name: install python3 psycopg2 + yum: + name: + - python3-psycopg2 + - sudo + - wget + - perl + state: present + +- name: fixup some locale issues + lineinfile: + dest: /etc/default/locale + line: 'LANGUAGE="{{ item }}"' + state: present + create: yes + loop: + - 'en_US:en' + - 'en_us.UTF-8' + +- name: get latest version + vars: + base: http://download.postgresql.org/pub/repos/yum + ver: "{{ ansible_distribution_version }}" + shell: | + set -eo pipefail + wget -O - {{ base }}/{{ postgres_server_version }}/redhat/rhel-{{ ver }}-x86_64/ 2>/dev/null | \ + grep 'pgdg-redhat' | \ + perl -pe 's/^.*rpm">//g' | \ + perl -pe 's/<\/a>.*//g' | \ + tail -n 1 + args: + executable: /bin/bash + changed_when: false + check_mode: false + register: latest_version + tags: [skip_ansible_lint] # yes, I want wget here + +- name: config postgres repository + vars: + base: http://download.postgresql.org/pub/repos/yum + ver: "{{ ansible_distribution_version }}" + yum: + name: "{{ base }}/{{ postgres_server_version }}/redhat/rhel-{{ ver }}-x86_64/{{ latest_version.stdout }}" + state: present + become: yes + +- name: install postgres packages + yum: + name: + - postgresql{{ postgres_server_pkg_version }}-server + - postgresql{{ postgres_server_pkg_version }}-contrib + - postgresql{{ postgres_server_pkg_version }}-devel + state: present + become: yes diff --git a/Ansible/collection/jfrog/ansible/roles/postgres/tasks/main.yml b/Ansible/collection/jfrog/ansible/roles/postgres/tasks/main.yml new file mode 100644 index 0000000..c267ba9 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/postgres/tasks/main.yml @@ -0,0 +1,105 @@ +--- +- name: define distribution-specific variables + include_vars: "{{ ansible_os_family }}.yml" + +- name: create directory for bind mount if necessary + file: + path: "{{ postgres_server_bind_mount_var_lib_pgsql_target }}" + state: directory + become: yes + when: postgres_server_bind_mount_var_lib_pgsql + + +- name: perform bind mount if necessary + mount: + path: "/var/lib/pgsql" + src: "{{ postgres_server_bind_mount_var_lib_pgsql_target }}" + opts: bind + state: mounted + fstype: none + become: yes + when: postgres_server_bind_mount_var_lib_pgsql + +- name: perform installation + include_tasks: "{{ ansible_os_family }}.yml" + +- name: extend path + copy: + dest: /etc/profile.d/postgres-path.sh + mode: a=rx + content: "export PATH=$PATH:/usr/pgsql-{{ postgres_server_version }}/bin" + become: yes + +- name: initialize PostgreSQL database cluster + environment: + LC_ALL: "en_US.UTF-8" + vars: + ansible_become: "{{ postgres_server_initdb_become }}" + ansible_become_user: "{{ postgres_server_user }}" + command: "{{ postgres_server_cmd_initdb }} {{ postgres_server_data_location }}" + args: + creates: "{{ postgres_server_data_location }}/PG_VERSION" + +- name: install postgres configuration + template: + src: "{{ item }}.j2" + dest: "{{ postgres_server_config_location }}/{{ item }}" + owner: postgres + group: postgres + mode: u=rw,go=r + vars: + ansible_become: "{{ postgres_server_initdb_become }}" + ansible_become_user: "{{ postgres_server_user }}" + loop: + - pg_hba.conf + - postgresql.conf + +- name: enable postgres service + systemd: + name: "{{ postgres_server_service_name }}" + state: started + enabled: yes + become: yes + +- name: Hold until Postgresql is up and running + wait_for: + port: 5432 + +- name: Create users + become_user: postgres + become: yes + postgresql_user: + name: "{{ item.db_user }}" + password: "{{ item.db_password }}" + conn_limit: "-1" + loop: "{{ db_users|default([]) }}" + no_log: true # secret passwords + +- name: Create a database + become_user: postgres + become: yes + postgresql_db: + name: "{{ item.db_name }}" + owner: "{{ item.db_owner }}" + encoding: UTF-8 + loop: "{{ dbs|default([]) }}" + +- name: Grant privs on db + become_user: postgres + become: yes + postgresql_privs: + database: "{{ item.db_name }}" + role: "{{ item.db_owner }}" + state: present + privs: ALL + type: database + loop: "{{ dbs|default([]) }}" + +- name: restart postgres + service: + name: "{{ postgres_server_service_name }}" + state: restarted + become: yes + +- debug: + msg: "Restarted postgres service {{ postgres_server_service_name }}" \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/postgres/templates/pg_hba.conf.j2 b/Ansible/collection/jfrog/ansible/roles/postgres/templates/pg_hba.conf.j2 new file mode 100644 index 0000000..7f0bc2c --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/postgres/templates/pg_hba.conf.j2 @@ -0,0 +1,7 @@ +# TYPE DATABASE USER ADDRESS METHOD +## localhost connections through Unix port (user name), IPv4, IPv6 (MD5 pw). +local all all peer +host all all 127.0.0.1/32 md5 +host all all ::1/128 md5 +## remote connections IPv4 +host all all 0.0.0.0/0 trust diff --git a/Ansible/collection/jfrog/ansible/roles/postgres/templates/postgresql.conf.j2 b/Ansible/collection/jfrog/ansible/roles/postgres/templates/postgresql.conf.j2 new file mode 100644 index 0000000..c213a99 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/postgres/templates/postgresql.conf.j2 @@ -0,0 +1,681 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, or use "pg_ctl reload". Some +# parameters, which are marked below, require a server shutdown and restart to +# take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: kB = kilobytes Time units: ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. + +{% if postgres_server_config_data_directory is not none %} +data_directory = '{{ postgres_server_config_data_directory }}' +{% else %} +#data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) +{% endif %} + +{% if postgres_server_config_data_directory %} +hba_file = '{{ postgres_server_config_hba_file }}' +{% else %} +#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) +{% endif %} + +{% if postgres_server_config_data_directory %} +ident_file = '{{ postgres_server_config_ident_file }}' +{% else %} +#ident_file = 'ConfigDir/pg_ident.conf' # host-based authentication file + # (change requires restart) +{% endif %} + +{% if postgres_server_config_external_pid_file %} +external_pid_file = '{{ postgres_server_config_external_pid_file }}' +{% else %} +# If external_pid_file is not explicitly set, no extra PID file is written. +#external_pid_file = '' # write an extra PID file + # (change requires restart) +{% endif %} + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +listen_addresses = '0.0.0.0' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +#port = 5432 # (change requires restart) +max_connections = {{ postgres_server_max_connections }} # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +#unix_socket_directories = '/var/run/postgresql, /tmp' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - Security and Authentication - + +#authentication_timeout = 1min # 1s-600s +#ssl = off # (change requires restart) +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers + # (change requires restart) +#ssl_prefer_server_ciphers = on # (change requires restart) +#ssl_ecdh_curve = 'prime256v1' # (change requires restart) +#ssl_cert_file = 'server.crt' # (change requires restart) +#ssl_key_file = 'server.key' # (change requires restart) +#ssl_ca_file = '' # (change requires restart) +#ssl_crl_file = '' # (change requires restart) +#password_encryption = on +#db_user_namespace = off +#row_security = on + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - TCP Keepalives - +# see "man 7 tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +shared_buffers = {{ postgres_server_shared_buffers }} # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Caution: it is not advisable to set max_prepared_transactions nonzero unless +# you actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +maintenance_work_mem = {{ postgres_server_maintenance_work_mem }} # min 1MB +#replacement_sort_tuples = 150000 # limits use of replacement selection sort +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#max_stack_depth = 2MB # min 100kB +dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # use none to disable dynamic shared memory + # (change requires restart) + +# - Disk - + +#temp_file_limit = -1 # limits per-process temp file space + # in kB, or -1 for no limit + +# - Kernel Resource Usage - + +#max_files_per_process = 1000 # min 25 + # (change requires restart) +shared_preload_libraries = 'pg_stat_statements' # restart on change + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round +#bgwriter_flush_after = 512kB # measured in pages, 0 disables + +# - Asynchronous Behavior - + +effective_io_concurrency = {{ postgres_server_effective_io_concurrency }} +max_worker_processes = {{ postgres_server_max_worker_processes }} +max_parallel_workers_per_gather = {{ postgres_server_max_parallel_maintenance_workers }} +max_parallel_workers_per_gather = {{ postgres_server_max_parallel_workers_per_gather }} +#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) +#backend_flush_after = 0 # measured in pages, 0 disables +{% if postgres_server_version|string != "9.6" %} +parallel_leader_participation = {{ "on" if postgres_server_parallel_leader_participation else "off" }} +max_parallel_maintenance_workers = {{ postgres_server_max_parallel_maintenance_workers }} +{% endif %} + +#------------------------------------------------------------------------------ +# WRITE AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +#wal_level = minimal # minimal, replica, or logical + # (change requires restart) +#fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) +#synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync +full_page_writes = {{ "off" if postgres_server_volume_is_zfs else "on" }} # off OK on ZFS # recover from partial page writes + +wal_compression = off # enable compression of full-page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds +#wal_writer_flush_after = 1MB # measured in pages, 0 disables + +commit_delay = 100000 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +checkpoint_timeout = 4h # range 30s-1d +max_wal_size = 100GB +min_wal_size = 1GB +checkpoint_completion_target = 0.8 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_flush_after = 256kB # measured in pages, 0 disables +#checkpoint_warning = 30s # 0 disables + +# - Archiving - + +#archive_mode = off # enables archiving; off, on, or always + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Server(s) - + +# Set these on the master and on any standby that will send replication data. + +#max_wal_senders = 0 # max number of walsender processes + # (change requires restart) +#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables + +#max_replication_slots = 0 # max number of replication slots + # (change requires restart) +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Master Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # number of sync standbys and comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a master server. + +#hot_standby = off # "on" allows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables +#wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +random_page_cost = {{ postgres_server_random_page_cost }} +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#parallel_tuple_cost = 0.1 # same scale as above +#parallel_setup_cost = 1000.0 # same scale as above +#min_parallel_relation_size = 8MB +#effective_cache_size = 4GB + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses +#force_parallel_mode = off + + +#------------------------------------------------------------------------------ +# ERROR REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +logging_collector = on # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +log_directory = 'pg_log' # directory where log files are written, + # can be absolute or relative to PGDATA +log_filename = 'postgresql-%a.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +log_truncate_on_rotation = on # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +log_rotation_size = 0 # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' +#syslog_sequence_numbers = on +#syslog_split_messages = on + +# This is only relevant when logging to eventlog (win32): +# (change requires restart) +#event_source = 'PostgreSQL' + +# - When to Log - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +log_checkpoints = {{ "on" if postgres_server_log_checkpoints else "off" }} +log_connections = {{ "on" if postgres_server_log_connections else "off" }} +log_disconnections = {{ "on" if postgres_server_log_disconnections else "off" }} +log_duration = {{ "on" if postgres_server_log_duration else "off" }} +log_error_verbosity = {{ postgres_server_log_error_verbosity }} # terse, default, or verbose messages +log_hostname = {{ "on" if postgres_server_log_hostname else "off" }} +log_line_prefix = '< %m > ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +log_lock_waits = {{ "on" if postgres_server_log_lock_waits else "off" }} # log lock waits >= deadlock_timeout +log_statement = '{{ postgres_server_log_statements }}' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Europe/Berlin' + + +# - Process Title - + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# RUNTIME STATISTICS +#------------------------------------------------------------------------------ + +# - Query/Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +track_activity_query_size = 102400 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + +# Track statements generated by stored procedures as well +pg_stat_statements.track = all + + +# - Statistics Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM PARAMETERS +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#search_path = '"$user", public' # schema names +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Europe/Berlin' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 0 # min -15, max 3 +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'en_US.UTF-8' # locale for system error message + # strings +lc_monetary = 'en_US.UTF-8' # locale for monetary formatting +lc_numeric = 'en_US.UTF-8' # locale for number formatting +lc_time = 'en_US.UTF-8' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Other Defaults - + +#dynamic_library_path = '$libdir' +#local_preload_libraries = '' +{% set preload_libraries = [] %} +{% if postgres_server_auto_explain_enabled %} + {{ preload_libraries.append("auto_explain") }} +{% endif %} + +session_preload_libraries = '{{ ",".join(preload_libraries) }}' + +#------------------------------------------------------------------------------ +# auto_explain SETTINGS +#------------------------------------------------------------------------------ + +auto_explain.log_min_duration = {{ "on" if postgres_server_auto_explain_log_min_duration else "off" }} +auto_explain.log_analyze = {{ "on" if postgres_server_auto_explain_log_analyze else "off" }} + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +max_locks_per_transaction = {{ postgres_server_max_locks_per_transaction }} # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) + + +#------------------------------------------------------------------------------ +# VERSION/PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#default_with_oids = off +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#sql_inheritance = on +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. + +#include_dir = 'conf.d' # include files ending in '.conf' from + # directory 'conf.d' +#include_if_exists = 'exists.conf' # include file only if it exists +#include = 'special.conf' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here + diff --git a/Ansible/collection/jfrog/ansible/roles/postgres/vars/Debian.yml b/Ansible/collection/jfrog/ansible/roles/postgres/vars/Debian.yml new file mode 100644 index 0000000..1c1a7f4 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/postgres/vars/Debian.yml @@ -0,0 +1,12 @@ +--- + +postgres_server_cmd_initdb: /usr/lib/postgresql/{{ postgres_server_version }}/bin/initdb -D +postgres_server_initdb_become: yes +postgres_server_data_location: /var/lib/postgresql/{{ postgres_server_version }}/main +postgres_server_config_location: /etc/postgresql/{{ postgres_server_version }}/main +postgres_server_service_name: postgresql@{{ postgres_server_version }}-main + +postgres_server_config_data_directory: "/var/lib/postgresql/{{ postgres_server_version }}/main" +postgres_server_config_hba_file: "/etc/postgresql/{{ postgres_server_version }}/main/pg_hba.conf" +postgres_server_config_ident_file: "/etc/postgresql/{{ postgres_server_version }}/main/pg_ident.conf" +postgres_server_config_external_pid_file: "/var/run/postgresql/{{ postgres_server_version }}-main.pid" diff --git a/Ansible/collection/jfrog/ansible/roles/postgres/vars/RedHat.yml b/Ansible/collection/jfrog/ansible/roles/postgres/vars/RedHat.yml new file mode 100644 index 0000000..f6faafd --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/postgres/vars/RedHat.yml @@ -0,0 +1,11 @@ +--- + +postgres_server_cmd_initdb: /usr/pgsql-{{ postgres_server_version }}/bin/postgresql{{ postgres_server_pkg_version }}-setup initdb -D +postgres_server_data_location: /var/lib/pgsql/{{ postgres_server_version }}/data +postgres_server_config_location: "{{ postgres_server_data_location }}" +postgres_server_service_name: postgresql-{{ postgres_server_version }} + +postgres_server_config_data_directory: null +postgres_server_config_hba_file: null +postgres_server_config_ident_file: null +postgres_server_config_external_pid_file: null diff --git a/Ansible/collection/jfrog/ansible/roles/postgres/vars/RedHat_pg-9.6.yml b/Ansible/collection/jfrog/ansible/roles/postgres/vars/RedHat_pg-9.6.yml new file mode 100644 index 0000000..56d0263 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/postgres/vars/RedHat_pg-9.6.yml @@ -0,0 +1,4 @@ +--- + +postgres_server_cmd_initdb: /usr/pgsql-{{ postgres_server_version }}/bin/postgresql{{ postgres_server_pkg_version }}-setup initdb +postgres_server_initdb_become: false diff --git a/Ansible/collection/jfrog/ansible/roles/postgres/vars/RedHat_pg-default.yml b/Ansible/collection/jfrog/ansible/roles/postgres/vars/RedHat_pg-default.yml new file mode 100644 index 0000000..3d974c2 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/postgres/vars/RedHat_pg-default.yml @@ -0,0 +1,4 @@ +--- + +postgres_server_cmd_initdb: /usr/pgsql-{{ postgres_server_version }}/bin/initdb -D /var/lib/pgsql/{{ postgres_server_version }}/data +postgres_server_initdb_become: yes diff --git a/Ansible/collection/jfrog/ansible/roles/xray/.travis.yml b/Ansible/collection/jfrog/ansible/roles/xray/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/xray/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/xray/defaults/main.yml b/Ansible/collection/jfrog/ansible/roles/xray/defaults/main.yml new file mode 100644 index 0000000..b8aad42 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/xray/defaults/main.yml @@ -0,0 +1,23 @@ +--- +# defaults file for xray +# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone) +ansible_marketplace: standalone + +# The version of xray to install +xray_version: 3.3.0 + +# whether to enable HA +xray_ha_enabled: true + +# The location where xray should install. +xray_download_directory: /opt/jfrog + +# The remote xray download file +xray_tar: https://bintray.com/standAloneDownload/downloadArtifact?agree=true&artifactPath=/jfrog/jfrog-xray/xray-linux/{{ xray_version }}/jfrog-xray-{{ xray_version }}-linux.tar.gz&callback_id=anonymous&product=xray + +#The xray install directory +xray_home: "{{ xray_download_directory }}/jfrog-xray-{{ xray_version }}-linux" + +#xray users and groups +xray_user: xray +xray_group: xray diff --git a/Ansible/collection/jfrog/ansible/roles/xray/handlers/main.yml b/Ansible/collection/jfrog/ansible/roles/xray/handlers/main.yml new file mode 100644 index 0000000..f236fe3 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/xray/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for xray \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/xray/meta/main.yml b/Ansible/collection/jfrog/ansible/roles/xray/meta/main.yml new file mode 100644 index 0000000..227ad9c --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/xray/meta/main.yml @@ -0,0 +1,53 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.9 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. + \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/xray/tasks/Debian.yml b/Ansible/collection/jfrog/ansible/roles/xray/tasks/Debian.yml new file mode 100644 index 0000000..420c2d0 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/xray/tasks/Debian.yml @@ -0,0 +1,37 @@ +--- +- name: Install db5.3-util + apt: + deb: "{{ xray_home }}/app/third-party/misc/db5.3-util_5.3.28-3ubuntu3_amd64.deb" + ignore_errors: yes + become: yes + +- name: Install db-util + apt: + deb: "{{ xray_home }}/app/third-party/misc/db-util_1_3a5.3.21exp1ubuntu1_all.deb" + ignore_errors: yes + become: yes + +- name: Install libssl + apt: + deb: "{{ xray_home }}/app/third-party/rabbitmq/libssl1.1_1.1.0j-1_deb9u1_amd64.deb" + ignore_errors: yes + become: yes + +- name: Install socat + apt: + deb: "{{ xray_home }}/app/third-party/rabbitmq/socat_1.7.3.1-2+deb9u1_amd64.deb" + become: yes + +- name: Install libwxbase3.0-0v5 + apt: + name: libwxbase3.0-0v5 + update_cache: yes + state: present + ignore_errors: yes + become: yes + +- name: Install erlang + apt: + deb: "{{ xray_home }}/app/third-party/rabbitmq/esl-erlang_21.2.1-1~ubuntu~xenial_amd64.deb" + become: yes + diff --git a/Ansible/collection/jfrog/ansible/roles/xray/tasks/RedHat.yml b/Ansible/collection/jfrog/ansible/roles/xray/tasks/RedHat.yml new file mode 100644 index 0000000..8d24eb7 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/xray/tasks/RedHat.yml @@ -0,0 +1,16 @@ +--- +- name: Install db-utl + yum: + name: "{{ xray_home }}/app/third-party/misc/db4-utils-4.7.25-20.el6_7.x86_64.rpm" + state: present + +- name: Install socat + yum: + name: "{{ xray_home }}/app/third-party/rabbitmq/socat-1.7.3.2-2.el7.x86_64.rpm" + state: present + +- name: Install erlang + yum: + name: "{{ xray_home }}/app/third-party/rabbitmq/erlang-21.1.4-1.el7.centos.x86_64.rpm" + state: present + diff --git a/Ansible/collection/jfrog/ansible/roles/xray/tasks/main.yml b/Ansible/collection/jfrog/ansible/roles/xray/tasks/main.yml new file mode 100644 index 0000000..16810f6 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/xray/tasks/main.yml @@ -0,0 +1,93 @@ +--- +- name: create group for xray + group: + name: "{{ xray_group }}" + state: present + become: yes + +- name: create user for xray + user: + name: "{{ xray_user }}" + group: "{{ xray_group }}" + system: yes + become: yes + +- name: ensure xray_download_directory exists + file: + path: "{{ xray_download_directory }}" + state: directory + become: yes + +- name: download xray + unarchive: + src: "{{ xray_tar }}" + dest: "{{ xray_download_directory }}" + remote_src: yes + owner: "{{ xray_user }}" + group: "{{ xray_group }}" + creates: "{{ xray_home }}" + become: yes + register: downloadxray + until: downloadxray is succeeded + retries: 3 + +- name: perform prerequisite installation + include_tasks: "{{ ansible_os_family }}.yml" + +- name: ensure etc exists + file: + path: "{{ xray_home }}/var/etc" + state: directory + owner: "{{ xray_user }}" + group: "{{ xray_group }}" + become: yes + +- name: configure system yaml + template: + src: system.yaml.j2 + dest: "{{ xray_home }}/var/etc/system.yaml" + become: yes + +- name: ensure {{ xray_home }}/var/etc/security/ exists + file: + path: "{{ xray_home }}/var/etc/security/" + state: directory + owner: "{{ xray_user }}" + group: "{{ xray_group }}" + become: yes + +- name: configure master key + template: + src: master.key.j2 + dest: "{{ xray_home }}/var/etc/security/master.key" + become: yes + +- name: configure join key + template: + src: join.key.j2 + dest: "{{ xray_home }}/var/etc/security/join.key" + become: yes + +- name: ensure {{ xray_home }}/var/etc/info/ exists + file: + path: "{{ xray_home }}/var/etc/info/" + state: directory + owner: "{{ xray_user }}" + group: "{{ xray_group }}" + become: yes + +- name: configure installer info + template: + src: installer-info.json.j2 + dest: "{{ xray_home }}/var/etc/info/installer-info.json" + become: yes + +- name: create xray service + shell: "{{ xray_home }}/app/bin/installService.sh" + become: yes + +- name: start and enable xray + service: + name: xray + state: restarted + become: yes \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/xray/templates/installer-info.json.j2 b/Ansible/collection/jfrog/ansible/roles/xray/templates/installer-info.json.j2 new file mode 100644 index 0000000..a76c88c --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/xray/templates/installer-info.json.j2 @@ -0,0 +1,11 @@ +{ + "productId": "Ansible_artifactory/1.0.0", + "features": [ + { + "featureId": "Partner/ACC-006973" + }, + { + "featureId": "Channel/{{ ansible_marketplace }}" + } + ] +} \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/xray/templates/join.key.j2 b/Ansible/collection/jfrog/ansible/roles/xray/templates/join.key.j2 new file mode 100644 index 0000000..17d05d2 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/xray/templates/join.key.j2 @@ -0,0 +1 @@ +{{ join_key }} \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/xray/templates/master.key.j2 b/Ansible/collection/jfrog/ansible/roles/xray/templates/master.key.j2 new file mode 100644 index 0000000..0462a64 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/xray/templates/master.key.j2 @@ -0,0 +1 @@ +{{ master_key }} \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/xray/templates/system.yaml.j2 b/Ansible/collection/jfrog/ansible/roles/xray/templates/system.yaml.j2 new file mode 100644 index 0000000..206eb77 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/xray/templates/system.yaml.j2 @@ -0,0 +1,36 @@ +## @formatter:off +## JFROG ARTIFACTORY SYSTEM CONFIGURATION FILE +## HOW TO USE: comment-out any field and keep the correct yaml indentation by deleting only the leading '#' character. +configVersion: 1 + +## NOTE: JFROG_HOME is a place holder for the JFrog root directory containing the deployed product, the home directory for all JFrog products. +## Replace JFROG_HOME with the real path! For example, in RPM install, JFROG_HOME=/opt/jfrog + +## NOTE: Sensitive information such as passwords and join key are encrypted on first read. +## NOTE: The provided commented key and value is the default. + +## SHARED CONFIGURATIONS +## A shared section for keys across all services in this config +shared: + ## Base URL of the JFrog Platform Deployment (JPD) + ## This is the URL to the machine where JFrog Artifactory is deployed, or the load balancer pointing to it. It is recommended to use DNS names rather than direct IPs. + ## Examples: "http://jfrog.acme.com" or "http://10.20.30.40:8082" + jfrogUrl: {{ jfrog_url }} + + ## Node Settings + node: + ## A unique id to identify this node. + ## Default: auto generated at startup. + id: {{ ansible_machine_id }} + + ## Database Configuration + database: + ## One of: mysql, oracle, mssql, postgresql, mariadb + ## Default: Embedded derby + + ## Example for mysql/postgresql + type: "{{ db_type }}" + driver: "{{ db_driver }}" + url: "{{ db_url }}" + username: "{{ db_user }}" + password: "{{ db_password }}" \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/xray/tests/inventory b/Ansible/collection/jfrog/ansible/roles/xray/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/xray/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/Ansible/collection/jfrog/ansible/roles/xray/tests/test.yml b/Ansible/collection/jfrog/ansible/roles/xray/tests/test.yml new file mode 100644 index 0000000..f296da6 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/xray/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - xray \ No newline at end of file diff --git a/Ansible/collection/jfrog/ansible/roles/xray/vars/main.yml b/Ansible/collection/jfrog/ansible/roles/xray/vars/main.yml new file mode 100644 index 0000000..55363e6 --- /dev/null +++ b/Ansible/collection/jfrog/ansible/roles/xray/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for xray \ No newline at end of file diff --git a/Ansible/infra/aws/lb-rt-xray-ha.json b/Ansible/infra/aws/lb-rt-xray-ha.json new file mode 100644 index 0000000..867e1df --- /dev/null +++ b/Ansible/infra/aws/lb-rt-xray-ha.json @@ -0,0 +1,769 @@ +{ + "Description": "This template deploys a VPC, with a pair of public and private subnets spread across two Availability Zones. It deploys an internet gateway, with a default route on the public subnets. It deploys a pair of NAT gateways (one in each AZ), and default routes for them in the private subnets.", + "Parameters": { + "SSHKeyName": { + "Description": "Name of the ec2 key you need one to use this template", + "Type": "AWS::EC2::KeyPair::KeyName", + "Default": "choose-key" + }, + "EnvironmentName": { + "Description": "An environment name that is prefixed to resource names", + "Type": "String", + "Default": "Ansible" + }, + "VpcCIDR": { + "Description": "Please enter the IP range (CIDR notation) for this VPC", + "Type": "String", + "Default": "10.192.0.0/16" + }, + "PublicSubnet1CIDR": { + "Description": "Please enter the IP range (CIDR notation) for the public subnet in the first Availability Zone", + "Type": "String", + "Default": "10.192.10.0/24" + }, + "PublicSubnet2CIDR": { + "Description": "Please enter the IP range (CIDR notation) for the public subnet in the second Availability Zone", + "Type": "String", + "Default": "10.192.11.0/24" + }, + "PrivateSubnet1CIDR": { + "Description": "Please enter the IP range (CIDR notation) for the private subnet in the first Availability Zone", + "Type": "String", + "Default": "10.192.20.0/24" + }, + "PrivateSubnet2CIDR": { + "Description": "Please enter the IP range (CIDR notation) for the private subnet in the second Availability Zone", + "Type": "String", + "Default": "10.192.21.0/24" + } + }, + "Mappings": { + "RegionToAmazonAMI": { + "us-east-1": { + "HVM64": "ami-03e33c1cefd1d3d74" + }, + "us-east-2": { + "HVM64": "ami-07d9419c80dc1113c" + }, + "us-west-1": { + "HVM64": "ami-0ee1a20d6b0c6a347" + }, + "us-west-2": { + "HVM64": "ami-0813245c0939ab3ca" + } + } + }, + "Resources": { + "VPC": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": { + "Ref": "VpcCIDR" + }, + "EnableDnsSupport": true, + "EnableDnsHostnames": true, + "Tags": [ + { + "Key": "Name", + "Value": { + "Ref": "EnvironmentName" + } + } + ] + } + }, + "InternetGateway": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": { + "Ref": "EnvironmentName" + } + } + ] + } + }, + "InternetGatewayAttachment": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Ref": "InternetGateway" + }, + "VpcId": { + "Ref": "VPC" + } + } + }, + "PublicSubnet1": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPC" + }, + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": { + "Ref": "PublicSubnet1CIDR" + }, + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "Name", + "Value": { + "Fn::Sub": "${EnvironmentName} Public Subnet (AZ1)" + } + } + ] + } + }, + "PublicSubnet2": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPC" + }, + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": { + "Ref": "PublicSubnet2CIDR" + }, + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "Name", + "Value": { + "Fn::Sub": "${EnvironmentName} Public Subnet (AZ2)" + } + } + ] + } + }, + "PrivateSubnet1": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPC" + }, + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": { + "Ref": "PrivateSubnet1CIDR" + }, + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "Name", + "Value": { + "Fn::Sub": "${EnvironmentName} Private Subnet (AZ1)" + } + } + ] + } + }, + "PrivateSubnet2": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPC" + }, + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": { + "Ref": "PrivateSubnet2CIDR" + }, + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "Name", + "Value": { + "Fn::Sub": "${EnvironmentName} Private Subnet (AZ2)" + } + } + ] + } + }, + "NatGateway1EIP": { + "Type": "AWS::EC2::EIP", + "DependsOn": "InternetGatewayAttachment", + "Properties": { + "Domain": "vpc" + } + }, + "NatGateway2EIP": { + "Type": "AWS::EC2::EIP", + "DependsOn": "InternetGatewayAttachment", + "Properties": { + "Domain": "vpc" + } + }, + "NatGateway1": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "NatGateway1EIP", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "PublicSubnet1" + } + } + }, + "NatGateway2": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "NatGateway2EIP", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "PublicSubnet2" + } + } + }, + "PublicRouteTable": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPC" + }, + "Tags": [ + { + "Key": "Name", + "Value": { + "Fn::Sub": "${EnvironmentName} Public Routes" + } + } + ] + } + }, + "DefaultPublicRoute": { + "Type": "AWS::EC2::Route", + "DependsOn": "InternetGatewayAttachment", + "Properties": { + "RouteTableId": { + "Ref": "PublicRouteTable" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "InternetGateway" + } + } + }, + "PublicSubnet1RouteTableAssociation": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "PublicRouteTable" + }, + "SubnetId": { + "Ref": "PublicSubnet1" + } + } + }, + "PublicSubnet2RouteTableAssociation": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "PublicRouteTable" + }, + "SubnetId": { + "Ref": "PublicSubnet2" + } + } + }, + "PrivateRouteTable1": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPC" + }, + "Tags": [ + { + "Key": "Name", + "Value": { + "Fn::Sub": "${EnvironmentName} Private Routes (AZ1)" + } + } + ] + } + }, + "DefaultPrivateRoute1": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "PrivateRouteTable1" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "NatGateway1" + } + } + }, + "PrivateSubnet1RouteTableAssociation": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "PrivateRouteTable1" + }, + "SubnetId": { + "Ref": "PrivateSubnet1" + } + } + }, + "PrivateRouteTable2": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPC" + }, + "Tags": [ + { + "Key": "Name", + "Value": { + "Fn::Sub": "${EnvironmentName} Private Routes (AZ2)" + } + } + ] + } + }, + "DefaultPrivateRoute2": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "PrivateRouteTable2" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "NatGateway2" + } + } + }, + "PrivateSubnet2RouteTableAssociation": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "PrivateRouteTable2" + }, + "SubnetId": { + "Ref": "PrivateSubnet2" + } + } + }, + "EC2SecurityGroup": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "SSH, Port 80, Database", + "VpcId": { + "Ref": "VPC" + }, + "SecurityGroupIngress": [ + { + "IpProtocol": "tcp", + "FromPort": 22, + "ToPort": 22, + "CidrIp": "0.0.0.0/0" + }, + { + "IpProtocol": "tcp", + "FromPort": 5432, + "ToPort": 5432, + "CidrIp": "0.0.0.0/0" + }, + { + "IpProtocol": "tcp", + "FromPort": 8082, + "ToPort": 8082, + "CidrIp": "0.0.0.0/0" + }, + { + "IpProtocol": "tcp", + "FromPort": 80, + "ToPort": 80, + "SourceSecurityGroupId": { + "Ref": "ELBSecurityGroup" + } + } + ] + } + }, + "ELBSecurityGroup": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "SSH and Port 80", + "VpcId": { + "Ref": "VPC" + }, + "SecurityGroupIngress": [ + { + "IpProtocol": "tcp", + "FromPort": 80, + "ToPort": 80, + "CidrIp": "0.0.0.0/0" + } + ] + } + }, + "BastionInstance": { + "Type": "AWS::EC2::Instance", + "Properties": { + "ImageId": { + "Fn::FindInMap": [ + "RegionToAmazonAMI", + { + "Ref": "AWS::Region" + }, + "HVM64" + ] + }, + "InstanceInitiatedShutdownBehavior": "stop", + "InstanceType": "t2.medium", + "KeyName": { + "Ref": "SSHKeyName" + }, + "Monitoring": "true", + "NetworkInterfaces": [ + { + "AssociatePublicIpAddress": "true", + "DeviceIndex": "0", + "GroupSet": [ + { + "Ref": "EC2SecurityGroup" + } + ], + "SubnetId": { + "Ref": "PublicSubnet1" + } + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "bastion" + } + ], + "Tenancy": "default" + } + }, + "RTPriInstance": { + "Type": "AWS::EC2::Instance", + "Properties": { + "ImageId": { + "Fn::FindInMap": [ + "RegionToAmazonAMI", + { + "Ref": "AWS::Region" + }, + "HVM64" + ] + }, + "InstanceInitiatedShutdownBehavior": "stop", + "InstanceType": "t2.medium", + "KeyName": { + "Ref": "SSHKeyName" + }, + "Monitoring": "true", + "NetworkInterfaces": [ + { + "AssociatePublicIpAddress": "false", + "DeviceIndex": "0", + "GroupSet": [ + { + "Ref": "EC2SecurityGroup" + } + ], + "SubnetId": { + "Ref": "PrivateSubnet1" + } + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "rtprimary" + } + ], + "Tenancy": "default" + } + }, + "RTSecInstance": { + "Type": "AWS::EC2::Instance", + "Properties": { + "ImageId": { + "Fn::FindInMap": [ + "RegionToAmazonAMI", + { + "Ref": "AWS::Region" + }, + "HVM64" + ] + }, + "InstanceInitiatedShutdownBehavior": "stop", + "InstanceType": "t2.medium", + "KeyName": { + "Ref": "SSHKeyName" + }, + "Monitoring": "true", + "NetworkInterfaces": [ + { + "AssociatePublicIpAddress": "false", + "DeviceIndex": "0", + "GroupSet": [ + { + "Ref": "EC2SecurityGroup" + } + ], + "SubnetId": { + "Ref": "PrivateSubnet2" + } + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "rtsecondary" + } + ], + "Tenancy": "default" + } + }, + "XrayInstance": { + "Type": "AWS::EC2::Instance", + "Properties": { + "ImageId": { + "Fn::FindInMap": [ + "RegionToAmazonAMI", + { + "Ref": "AWS::Region" + }, + "HVM64" + ] + }, + "InstanceInitiatedShutdownBehavior": "stop", + "InstanceType": "t2.medium", + "KeyName": { + "Ref": "SSHKeyName" + }, + "Monitoring": "true", + "NetworkInterfaces": [ + { + "AssociatePublicIpAddress": "false", + "DeviceIndex": "0", + "GroupSet": [ + { + "Ref": "EC2SecurityGroup" + } + ], + "SubnetId": { + "Ref": "PrivateSubnet1" + } + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "xray" + } + ], + "Tenancy": "default" + } + }, + "DBInstance": { + "Type": "AWS::EC2::Instance", + "Properties": { + "ImageId": { + "Fn::FindInMap": [ + "RegionToAmazonAMI", + { + "Ref": "AWS::Region" + }, + "HVM64" + ] + }, + "InstanceInitiatedShutdownBehavior": "stop", + "InstanceType": "t2.medium", + "KeyName": { + "Ref": "SSHKeyName" + }, + "Monitoring": "true", + "NetworkInterfaces": [ + { + "AssociatePublicIpAddress": "false", + "DeviceIndex": "0", + "GroupSet": [ + { + "Ref": "EC2SecurityGroup" + } + ], + "SubnetId": { + "Ref": "PrivateSubnet1" + } + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "database" + } + ], + "Tenancy": "default" + } + }, + "EC2TargetGroup": { + "Type": "AWS::ElasticLoadBalancingV2::TargetGroup", + "Properties": { + "HealthCheckIntervalSeconds": 30, + "HealthCheckProtocol": "HTTP", + "HealthCheckTimeoutSeconds": 15, + "HealthyThresholdCount": 2, + "Matcher": { + "HttpCode": "200,302" + }, + "Name": "EC2TargetGroup", + "Port": 80, + "Protocol": "HTTP", + "TargetGroupAttributes": [ + { + "Key": "deregistration_delay.timeout_seconds", + "Value": "20" + } + ], + "Targets": [ + { + "Id": { + "Ref": "RTPriInstance" + } + }, + { + "Id": { + "Ref": "RTSecInstance" + }, + "Port": 80 + } + ], + "UnhealthyThresholdCount": 3, + "VpcId": { + "Ref": "VPC" + }, + "Tags": [ + { + "Key": "Name", + "Value": "EC2TargetGroup" + }, + { + "Key": "Port", + "Value": 80 + } + ] + } + }, + "ALBListener": { + "Type": "AWS::ElasticLoadBalancingV2::Listener", + "Properties": { + "DefaultActions": [ + { + "Type": "forward", + "TargetGroupArn": { + "Ref": "EC2TargetGroup" + } + } + ], + "LoadBalancerArn": { + "Ref": "ApplicationLoadBalancer" + }, + "Port": 80, + "Protocol": "HTTP" + } + }, + "ApplicationLoadBalancer": { + "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", + "Properties": { + "Scheme": "internet-facing", + "Subnets": [ + { + "Ref": "PublicSubnet1" + }, + { + "Ref": "PublicSubnet2" + } + ], + "SecurityGroups": [ + { + "Ref": "ELBSecurityGroup" + } + ] + } + } + }, + + "Outputs": { + "VPC": { + "Description": "Virtual Private Cloud", + "Value": { + "Ref": "VPC" + } + }, + "ALBHostName": { + "Description": "Application Load Balancer Hostname", + "Value": { + "Fn::GetAtt": [ + "ApplicationLoadBalancer", + "DNSName" + ] + } + }, + "BastionInstancePublic": { + "Description": "Bastion", + "Value": { "Fn::GetAtt" : [ "BastionInstance", "PublicIp" ]} + }, + "BastionInstancePrivate": { + "Description": "Bastion", + "Value": { "Fn::GetAtt" : [ "BastionInstance", "PrivateIp" ]} + }, + "RTPriInstancePrivate": { + "Description": "RTPriInstance", + "Value": { "Fn::GetAtt" : [ "RTPriInstance", "PrivateIp" ]} + }, + "RTSecInstancePrivate": { + "Description": "RTSecInstance", + "Value": { "Fn::GetAtt" : [ "RTSecInstance", "PrivateIp" ]} + }, + "XrayInstancePrivate": { + "Description": "XrayInstance", + "Value": { "Fn::GetAtt" : [ "XrayInstance", "PrivateIp" ]} + }, + "DBInstancePrivate": { + "Description": "DBInstance", + "Value": { "Fn::GetAtt" : [ "DBInstance", "PrivateIp" ]} + } + } +} \ No newline at end of file diff --git a/Ansible/infra/azure/lb-rt-xray-ha.json b/Ansible/infra/azure/lb-rt-xray-ha.json new file mode 100644 index 0000000..1211d17 --- /dev/null +++ b/Ansible/infra/azure/lb-rt-xray-ha.json @@ -0,0 +1,679 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "vnetName": { + "type": "string", + "defaultValue": "vnet01", + "metadata": { + "description": "Name of new vnet to deploy into." + } + }, + "vnetAddressRange": { + "type": "string", + "defaultValue": "10.0.0.0/16", + "metadata": { + "description": "IP prefix for available addresses in vnet address space." + } + }, + "subnetAddressRange": { + "type": "string", + "defaultValue": "10.0.0.0/24", + "metadata": { + "description": "Subnet IP prefix MUST be within vnet IP prefix address space." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Location for all resources." + } + }, + "adminPublicKey": { + "type": "string", + "metadata": { + "description": "The ssh public key for the VMs." + } + }, + "sizeOfDiskInGB": { + "type": "int", + "defaultValue": 128, + "minValue": 128, + "maxValue": 1024, + "metadata": { + "description": "Size of data disk in GB 128-1024" + } + }, + "vmSize": { + "type": "string", + "defaultValue": "Standard_D2s_v3", + "metadata": { + "description": "Size of the VMs" + } + }, + "numberOfArtifactory": { + "type": "int", + "defaultValue": 1, + "minValue": 1, + "maxValue": 5, + "metadata": { + "description": "Number of Artifactory servers." + } + }, + "numberOfXray": { + "type": "int", + "defaultValue": 1, + "minValue": 1, + "maxValue": 5, + "metadata": { + "description": "Number of Xray servers." + } + }, + "numberOfDb": { + "type": "int", + "defaultValue": 1, + "minValue": 1, + "maxValue": 2, + "metadata": { + "description": "Number of database servers." + } + } + }, + "variables": { + "vnetName": "[parameters('vnetName')]", + "vnetAddressRange": "[parameters('vnetAddressRange')]", + "subnetAddressRange": "[parameters('subnetAddressRange')]", + "subnetName": "mainSubnet", + "loadBalancerName": "LB", + "loadBalancerIp": "lbIp", + "numberOfArtifactory": "[parameters('numberOfArtifactory')]", + "numberOfXray": "[parameters('numberOfXray')]", + "numberOfDb": "[parameters('numberOfDb')]", + "availabilitySetName": "availSet", + "vmArtPri": "vmArtPri", + "vmArtSec": "vmArtSec", + "vmXray": "vmXray", + "vmDb": "vmDb", + "storageAccountNameDiag": "[concat('diag',uniqueString(resourceGroup().id))]", + "subnet-id": "[resourceId('Microsoft.Network/virtualNetworks/subnets',variables('vnetName'),variables('subnetName'))]", + "imagePublisher": "Canonical", + "imageOffer": "UbuntuServer", + "imageSku": "16.04-LTS", + "mainNsg": "mainNsg", + "adminUsername": "ubuntu" + }, + "resources": [ + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Network/publicIPAddresses", + "name": "[variables('loadBalancerIp')]", + "location": "[parameters('location')]", + "properties": { + "publicIPAllocationMethod": "Static" + } + }, + { + "type": "Microsoft.Compute/availabilitySets", + "name": "[variables('availabilitySetName')]", + "apiVersion": "2019-12-01", + "location": "[parameters('location')]", + "sku": { + "name": "Aligned" + }, + "properties": { + "platformFaultDomainCount": 2, + "platformUpdateDomainCount": 2 + } + }, + { + "apiVersion": "2019-06-01", + "type": "Microsoft.Storage/storageAccounts", + "name": "[variables('storageAccountNameDiag')]", + "location": "[parameters('location')]", + "kind": "StorageV2", + "sku": { + "name": "Standard_LRS" + } + }, + { + "comments": "Simple Network Security Group for subnet [Subnet]", + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2019-08-01", + "name": "[variables('mainNsg')]", + "location": "[parameters('location')]", + "properties": { + "securityRules": [ + { + "name": "allow-ssh", + "properties": { + "description": "Allow SSH", + "protocol": "TCP", + "sourcePortRange": "*", + "destinationPortRange": "22", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 100, + "direction": "Inbound", + "sourcePortRanges": [], + "destinationPortRanges": [], + "sourceAddressPrefixes": [], + "destinationAddressPrefixes": [] + } + }, + { + "name": "allow-http", + "properties": { + "description": "Allow HTTP", + "protocol": "TCP", + "sourcePortRange": "*", + "destinationPortRange": "80", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 110, + "direction": "Inbound", + "sourcePortRanges": [], + "destinationPortRanges": [], + "sourceAddressPrefixes": [], + "destinationAddressPrefixes": [] + } + } + ] + } + }, + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Network/virtualNetworks", + "name": "[variables('vnetName')]", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Network/networkSecurityGroups', variables('mainNsg'))]" + ], + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[variables('vnetAddressRange')]" + ] + }, + "subnets": [ + { + "name": "[variables('subnetName')]", + "properties": { + "addressPrefix": "[variables('subnetAddressRange')]", + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('mainNsg'))]" + } + } + } + ] + } + }, + { + "apiVersion": "2018-10-01", + "name": "[variables('loadBalancerName')]", + "type": "Microsoft.Network/loadBalancers", + "location": "[parameters('location')]", + "dependsOn": [ + "[concat('Microsoft.Network/publicIPAddresses/',variables('loadBalancerIp'))]" + ], + "properties": { + "frontendIpConfigurations": [ + { + "name": "LBFE", + "properties": { + "publicIPAddress": { + "id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('loadBalancerIp'))]" + } + } + } + ], + "backendAddressPools": [ + { + "name": "LBArt" + } + ], + "inboundNatRules": [ + { + "name": "ssh", + "properties": { + "frontendIPConfiguration": { + "id": "[resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations',variables('loadBalancerName'),'LBFE')]" + }, + "frontendPort": 22, + "backendPort": 22, + "enableFloatingIP": false, + "idleTimeoutInMinutes": 4, + "protocol": "Tcp", + "enableTcpReset": false + } + } + ], + "loadBalancingRules": [ + { + "properties": { + "frontendIPConfiguration": { + "id": "[resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', variables('loadBalancerName'), 'LBFE')]" + }, + "backendAddressPool": { + "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', variables('loadBalancerName'), 'LBArt')]" + }, + "probe": { + "id": "[resourceId('Microsoft.Network/loadBalancers/probes', variables('loadBalancerName'), 'lbprobe')]" + }, + "protocol": "Tcp", + "frontendPort": 80, + "backendPort": 80, + "idleTimeoutInMinutes": 15 + }, + "name": "lbrule" + } + ], + "probes": [ + { + "properties": { + "protocol": "Tcp", + "port": 80, + "intervalInSeconds": 15, + "numberOfProbes": 2 + }, + "name": "lbprobe" + } + ] + } + }, + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Network/networkInterfaces", + "name": "[variables('vmArtPri')]", + "location": "[parameters('location')]", + "dependsOn": [ + "[variables('vnetName')]", + "[variables('loadBalancerName')]" + ], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig", + "properties": { + "privateIPAllocationMethod": "Dynamic", + "subnet": { + "id": "[variables('subnet-id')]" + }, + "loadBalancerBackendAddressPools": [ + { + "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools',variables('loadBalancerName'),'LBArt')]" + } + ], + "loadBalancerInboundNatRules": [ + { + "id": "[resourceId('Microsoft.Network/loadBalancers/inboundNatRules', variables('loadBalancerName'), 'ssh')]" + } + ] + } + } + ] + } + }, + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Network/networkInterfaces", + "name": "[concat(variables('vmArtSec'),copyindex())]", + "copy": { + "name": "netIntLoop", + "count": "[sub(variables('numberOfArtifactory'),1)]" + }, + "location": "[parameters('location')]", + "dependsOn": [ + "[variables('vnetName')]", + "[variables('loadBalancerName')]" + ], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig", + "properties": { + "privateIPAllocationMethod": "Dynamic", + "subnet": { + "id": "[variables('subnet-id')]" + }, + "loadBalancerBackendAddressPools": [ + { + "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools',variables('loadBalancerName'),'LBArt')]" + } + ] + } + } + ] + } + }, + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Network/networkInterfaces", + "name": "[concat(variables('vmXray'),copyindex())]", + "copy": { + "name": "netXrLoop", + "count": "[variables('numberOfXray')]" + }, + "location": "[parameters('location')]", + "dependsOn": [ + "[variables('vnetName')]" + ], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig", + "properties": { + "privateIPAllocationMethod": "Dynamic", + "subnet": { + "id": "[variables('subnet-id')]" + } + } + } + ] + } + }, + { + "apiVersion": "2019-08-01", + "type": "Microsoft.Network/networkInterfaces", + "name": "[concat(variables('vmDb'),copyindex())]", + "copy": { + "name": "netDbLoop", + "count": "[variables('numberOfDb')]" + }, + "location": "[parameters('location')]", + "dependsOn": [ + "[variables('vnetName')]" + ], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig", + "properties": { + "privateIPAllocationMethod": "Dynamic", + "subnet": { + "id": "[variables('subnet-id')]" + } + } + } + ] + } + }, + { + "apiVersion": "2019-12-01", + "type": "Microsoft.Compute/virtualMachines", + "name": "[variables('vmArtPri')]", + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountNameDiag'))]", + "[resourceId('Microsoft.Network/networkInterfaces', variables('vmArtPri'))]", + "[resourceId('Microsoft.Compute/availabilitySets', variables('availabilitySetName'))]" + ], + "properties": { + "availabilitySet": { + "id": "[resourceId('Microsoft.Compute/availabilitySets', variables('availabilitySetName'))]" + }, + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "osProfile": { + "computerName": "[variables('vmArtPri')]", + "adminUsername": "[variables('adminUsername')]", + "linuxConfiguration": { + "disablePasswordAuthentication": true, + "ssh": { + "publicKeys": [ + { + "path": "[concat('/home/', variables('adminUsername'), '/.ssh/authorized_keys')]", + "keyData": "[parameters('adminPublicKey')]" + } + ] + } + } + }, + "storageProfile": { + "imageReference": { + "publisher": "[variables('imagePublisher')]", + "offer": "[variables('imageOffer')]", + "sku": "[variables('imageSku')]", + "version": "latest" + }, + "osDisk": { + "createOption": "FromImage" + } + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "[resourceId('Microsoft.Network/networkInterfaces',variables('vmArtPri'))]" + } + ] + }, + "diagnosticsProfile": { + "bootDiagnostics": { + "enabled": true, + "storageUri": "[reference(variables('storageAccountNameDiag'), '2019-06-01').primaryEndpoints.blob]" + } + } + } + }, + { + "apiVersion": "2019-12-01", + "type": "Microsoft.Compute/virtualMachines", + "name": "[concat(variables('vmArtSec'), copyindex())]", + "copy": { + "name": "virtualMachineLoop", + "count": "[sub(variables('numberOfArtifactory'),1)]" + }, + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountNameDiag'))]", + "[resourceId('Microsoft.Network/networkInterfaces', concat(variables('vmArtSec'),copyindex()))]", + "[resourceId('Microsoft.Compute/availabilitySets', variables('availabilitySetName'))]" + ], + "properties": { + "availabilitySet": { + "id": "[resourceId('Microsoft.Compute/availabilitySets', variables('availabilitySetName'))]" + }, + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "osProfile": { + "computerName": "[concat(variables('vmArtSec'), copyindex())]", + "adminUsername": "[variables('adminUsername')]", + "linuxConfiguration": { + "disablePasswordAuthentication": true, + "ssh": { + "publicKeys": [ + { + "path": "[concat('/home/', variables('adminUsername'), '/.ssh/authorized_keys')]", + "keyData": "[parameters('adminPublicKey')]" + } + ] + } + } + }, + "storageProfile": { + "imageReference": { + "publisher": "[variables('imagePublisher')]", + "offer": "[variables('imageOffer')]", + "sku": "[variables('imageSku')]", + "version": "latest" + }, + "osDisk": { + "createOption": "FromImage" + } + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "[resourceId('Microsoft.Network/networkInterfaces',concat(variables('vmArtSec'),copyindex()))]" + } + ] + }, + "diagnosticsProfile": { + "bootDiagnostics": { + "enabled": true, + "storageUri": "[reference(variables('storageAccountNameDiag'), '2019-06-01').primaryEndpoints.blob]" + } + } + } + }, + { + "apiVersion": "2019-12-01", + "type": "Microsoft.Compute/virtualMachines", + "name": "[concat(variables('vmXray'), copyindex())]", + "copy": { + "name": "virtualMachineLoop", + "count": "[variables('numberOfXray')]" + }, + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountNameDiag'))]", + "[resourceId('Microsoft.Network/networkInterfaces', concat(variables('vmXray'),copyindex()))]", + "[resourceId('Microsoft.Compute/availabilitySets', variables('availabilitySetName'))]" + ], + "properties": { + "availabilitySet": { + "id": "[resourceId('Microsoft.Compute/availabilitySets', variables('availabilitySetName'))]" + }, + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "osProfile": { + "computerName": "[concat(variables('vmXray'), copyindex())]", + "adminUsername": "[variables('adminUsername')]", + "linuxConfiguration": { + "disablePasswordAuthentication": true, + "ssh": { + "publicKeys": [ + { + "path": "[concat('/home/', variables('adminUsername'), '/.ssh/authorized_keys')]", + "keyData": "[parameters('adminPublicKey')]" + } + ] + } + } + }, + "storageProfile": { + "imageReference": { + "publisher": "[variables('imagePublisher')]", + "offer": "[variables('imageOffer')]", + "sku": "[variables('imageSku')]", + "version": "latest" + }, + "osDisk": { + "createOption": "FromImage" + } + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "[resourceId('Microsoft.Network/networkInterfaces',concat(variables('vmXray'),copyindex()))]" + } + ] + }, + "diagnosticsProfile": { + "bootDiagnostics": { + "enabled": true, + "storageUri": "[reference(variables('storageAccountNameDiag'), '2019-06-01').primaryEndpoints.blob]" + } + } + } + }, + { + "apiVersion": "2019-12-01", + "type": "Microsoft.Compute/virtualMachines", + "name": "[concat(variables('vmDb'), copyindex())]", + "copy": { + "name": "virtualMachineLoop", + "count": "[variables('numberOfDb')]" + }, + "location": "[parameters('location')]", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountNameDiag'))]", + "[resourceId('Microsoft.Network/networkInterfaces', concat(variables('vmDb'),copyindex()))]", + "[resourceId('Microsoft.Compute/availabilitySets', variables('availabilitySetName'))]" + ], + "properties": { + "availabilitySet": { + "id": "[resourceId('Microsoft.Compute/availabilitySets', variables('availabilitySetName'))]" + }, + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "osProfile": { + "computerName": "[concat(variables('vmDb'), copyindex())]", + "adminUsername": "[variables('adminUsername')]", + "linuxConfiguration": { + "disablePasswordAuthentication": true, + "ssh": { + "publicKeys": [ + { + "path": "[concat('/home/', variables('adminUsername'), '/.ssh/authorized_keys')]", + "keyData": "[parameters('adminPublicKey')]" + } + ] + } + } + }, + "storageProfile": { + "imageReference": { + "publisher": "[variables('imagePublisher')]", + "offer": "[variables('imageOffer')]", + "sku": "[variables('imageSku')]", + "version": "latest" + }, + "osDisk": { + "createOption": "FromImage" + } + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "[resourceId('Microsoft.Network/networkInterfaces',concat(variables('vmDb'),copyindex()))]" + } + ] + }, + "diagnosticsProfile": { + "bootDiagnostics": { + "enabled": true, + "storageUri": "[reference(variables('storageAccountNameDiag'), '2019-06-01').primaryEndpoints.blob]" + } + } + } + } + ], + "outputs": { + "lbIp": { + "type": "string", + "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses', variables('loadBalancerIp'))).ipAddress]" + }, + "vmArtPriIp": { + "type": "string", + "value": "[reference(resourceId('Microsoft.Network/networkInterfaces', variables('vmArtPri'))).ipConfigurations[0].properties.privateIPAddress]" + }, + "vmArtSecArrIp": { + "type": "array", + "copy": { + "count": "[sub(variables('numberOfArtifactory'),1)]", + "input": "[reference(resourceId('Microsoft.Network/networkInterfaces', concat(variables('vmArtSec'),copyindex()))).ipConfigurations[0].properties.privateIPAddress]" + } + }, + "vmXrayArrIp": { + "type": "array", + "copy": { + "count": "[variables('numberOfXray')]", + "input": "[reference(resourceId('Microsoft.Network/networkInterfaces', concat(variables('vmXray'),copyindex()))).ipConfigurations[0].properties.privateIPAddress]" + } + }, + "vmDbArrIp": { + "type": "array", + "copy": { + "count": "[variables('numberOfDb')]", + "input": "[reference(resourceId('Microsoft.Network/networkInterfaces', concat(variables('vmDb'),copyindex()))).ipConfigurations[0].properties.privateIPAddress]" + } + } + } +} \ No newline at end of file diff --git a/Ansible/pipelines.yaml b/Ansible/pipelines.yaml new file mode 100644 index 0000000..3fd14a5 --- /dev/null +++ b/Ansible/pipelines.yaml @@ -0,0 +1,102 @@ +resources: + - name: ansibleRepo + type: GitRepo + configuration: + gitProvider: jefferyfryGithub + path: jefferyfry/JFrog-Cloud-Installers +pipelines: + - name: ansible_aws_azure_automation_pipeline + steps: + - name: execute_aws_ansible_playbook + type: Bash + configuration: + runtime: + type: image + image: + auto: + language: java + versions: + - "8" + integrations: + - name: ansibleAwsKeys + - name: ansibleEnvVars + - name: ansiblePrivateKey + inputResources: + - name: ansibleRepo + execution: + onStart: + - echo "Executing AWS Ansible playbook..." + onExecute: + - sudo apt-get update + - sudo apt-get install gnupg2 + - sudo apt-get install software-properties-common + - sudo apt-add-repository --yes --update ppa:ansible/ansible + - sudo apt -y --allow-unauthenticated install ansible + - sudo pip install packaging + - sudo pip install boto3 botocore + - cd ../dependencyState/resources/ansibleRepo + - echo 'Setting environment variables...' + - export artifactory_license1="$int_ansibleEnvVars_artifactory_license1" + - export artifactory_license2="$int_ansibleEnvVars_artifactory_license2" + - export artifactory_license3="$int_ansibleEnvVars_artifactory_license3" + - export master_key="$int_ansibleEnvVars_master_key" + - export join_key="$int_ansibleEnvVars_join_key" + - export ssh_public_key_name="$int_ansibleEnvVars_ssh_public_key_name" + - export cfn_template="$int_ansibleEnvVars_cfn_template" + - export stack_name="$int_ansibleEnvVars_stack_name" + - export AWS_ACCESS_KEY_ID="$int_ansibleEnvVars_AWS_ACCESS_KEY_ID" + - export AWS_SECRET_KEY="$int_ansibleEnvVars_AWS_SECRET_KEY" + - printenv + - eval $(ssh-agent -s) + - ssh-add <(echo "$int_ansiblePrivateKey_key") + - ansible-playbook Ansible/test/aws/playbook.yaml + onComplete: + - echo "AWS Ansible playbook complete." + - name: execute_azure_ansible_playbook + type: Bash + configuration: + runtime: + type: image + image: + auto: + language: java + versions: + - "8" + integrations: + - name: ansibleAzureKeys + - name: ansibleEnvVars + - name: ansiblePrivateKey + inputResources: + - name: ansibleRepo + execution: + onStart: + - echo "Executing Azure Ansible playbook..." + onExecute: + - sudo apt-get update + - sudo apt-get install gnupg2 + - sudo apt-get install software-properties-common + - sudo apt-add-repository --yes --update ppa:ansible/ansible + - sudo apt -y --allow-unauthenticated install ansible + - sudo pip install packaging + - sudo pip install msrestazure + - sudo pip install ansible[azure] + - cd ../dependencyState/resources/ansibleRepo + - echo 'Setting environment variables...' + - export artifactory_license1="$int_ansibleEnvVars_artifactory_license1" + - export artifactory_license2="$int_ansibleEnvVars_artifactory_license2" + - export artifactory_license3="$int_ansibleEnvVars_artifactory_license3" + - export master_key="$int_ansibleEnvVars_master_key" + - export join_key="$int_ansibleEnvVars_join_key" + - export ssh_public_key="$int_ansibleEnvVars_ssh_public_key" + - export arm_template="$int_ansibleEnvVars_arm_template" + - export azure_resource_group="$int_ansibleEnvVars_azure_resource_group" + - export clientId="$int_ansibleAzureKeys_appId" + - export clientSecret="$int_ansibleAzureKeys_password" + - export tenantId="$int_ansibleAzureKeys_tenant" + - printenv + - eval $(ssh-agent -s) + - ssh-add <(echo "$int_ansiblePrivateKey_key") + - az login --service-principal -u "$clientId" -p "$clientSecret" --tenant "$tenantId" + - ansible-playbook Ansible/test/azure/playbook.yaml + onComplete: + - echo "Azure Ansible playbook complete." \ No newline at end of file diff --git a/Ansible/project/rt-ha/hosts.yml b/Ansible/project/rt-ha/hosts.yml new file mode 100644 index 0000000..6246c53 --- /dev/null +++ b/Ansible/project/rt-ha/hosts.yml @@ -0,0 +1,51 @@ +--- +all: + vars: + ansible_user: "ubuntu" + ansible_ssh_private_key_file: "/Users/jefff/.ssh/ansible-priv.pem" + children: + database: + hosts: + #artifactory database + 52.86.32.79: + db_users: + - { db_user: "artifactory", db_password: "Art1fAct0ry" } + dbs: + - { db_name: "artifactory", db_owner: "artifactory" } + artifactory: + vars: + artifactory_ha_enabled: true + master_key: "c97b862469de0d94fbb7d48130637a5a" + join_key: "9bcca98f375c0728d907cc6ee39d4f02" + db_download_url: "https://jdbc.postgresql.org/download/postgresql-42.2.12.jar" + db_type: "postgresql" + db_driver: "org.postgresql.Driver" + db_url: "jdbc:postgresql://10.0.0.160:5432/artifactory" + db_user: "artifactory" + db_password: "Art1fAct0ry" + server_name: "ec2-100-25-104-198.compute-1.amazonaws.com" + certificate: | + -----BEGIN CERTIFICATE----- + x + -----END CERTIFICATE----- + certificate_key: | + -----BEGIN PRIVATE KEY----- + x + -----END PRIVATE KEY----- + children: + primary: + hosts: + 100.25.104.198: + artifactory_is_primary: true + artifactory_license1: x + artifactory_license2: x + artifactory_license3: x + artifactory_license4: x + artifactory_license5: x + secondary: + hosts: + 54.160.107.157: + 35.153.79.44: + vars: + artifactory_is_primary: false + diff --git a/Ansible/project/rt-ha/playbook.yml b/Ansible/project/rt-ha/playbook.yml new file mode 100644 index 0000000..ae9639e --- /dev/null +++ b/Ansible/project/rt-ha/playbook.yml @@ -0,0 +1,11 @@ +--- +- hosts: database + gather_facts: true + roles: + - jfrog/ansible/roles/postgres + +- hosts: primary:secondary + gather_facts: true + roles: + - jfrog/ansible/roles/artifactory + - jfrog/ansible/roles/artifactory-nginx-ssl \ No newline at end of file diff --git a/Ansible/project/rt-xray-auto-keys/hosts.yml b/Ansible/project/rt-xray-auto-keys/hosts.yml new file mode 100644 index 0000000..76babec --- /dev/null +++ b/Ansible/project/rt-xray-auto-keys/hosts.yml @@ -0,0 +1,40 @@ +--- +all: + vars: + ansible_user: "ubuntu" + ansible_ssh_private_key_file: "/Users/jefff/.ssh/ansible-priv.pem" + ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -A ubuntu@13.82.225.20 -W %h:%p"' + children: + database: + hosts: + 34.239.107.0: + dbs: + - { db_name: "artifactory", db_owner: "artifactory" } + - { db_name: "xraydb", db_owner: "xray" } + db_users: + - { db_user: "artifactory", db_password: "Art1fAct0ry" } + - { db_user: "xray", db_password: "xray" } + artifactory: + hosts: + 54.237.207.135: + artifactory_license1: x + artifactory_license2: x + artifactory_license3: x + artifactory_license4: x + artifactory_license5: x + db_download_url: "https://jdbc.postgresql.org/download/postgresql-42.2.12.jar" + db_type: "postgresql" + db_driver: "org.postgresql.Driver" + db_url: "jdbc:postgresql://10.0.0.59:5432/artifactory" + db_user: "artifactory" + db_password: "Art1fAct0ry" + server_name: "ec2-54-237-207-135.compute-1.amazonaws.com" + xray: + hosts: + 100.25.104.174: + jfrog_url: "http://ec2-54-237-207-135.compute-1.amazonaws.com" + db_type: "postgresql" + db_driver: "org.postgresql.Driver" + db_url: "postgres://10.0.0.59:5432/xraydb?sslmode=disable" + db_user: "xray" + db_password: "xray" diff --git a/Ansible/project/rt-xray-auto-keys/playbook.yml b/Ansible/project/rt-xray-auto-keys/playbook.yml new file mode 100644 index 0000000..2e99018 --- /dev/null +++ b/Ansible/project/rt-xray-auto-keys/playbook.yml @@ -0,0 +1,18 @@ +--- +- debug: + var: master_key + +- debug: + var: join_key + +- hosts: database + roles: + - postgres + +- hosts: artifactory + roles: + - artifactory + +- hosts: xray + roles: + - xray \ No newline at end of file diff --git a/Ansible/project/rt-xray-auto-keys/runAutoKeysPlaybook.sh b/Ansible/project/rt-xray-auto-keys/runAutoKeysPlaybook.sh new file mode 100755 index 0000000..0949cb0 --- /dev/null +++ b/Ansible/project/rt-xray-auto-keys/runAutoKeysPlaybook.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +ansible-playbook -i hosts.yml playbook.yml --extra-vars "master_key=$(openssl rand -hex 16) join_key=$(openssl rand -hex 16)" \ No newline at end of file diff --git a/Ansible/project/rt-xray-ha-ssh-proxy/hosts.yml b/Ansible/project/rt-xray-ha-ssh-proxy/hosts.yml new file mode 100644 index 0000000..8651299 --- /dev/null +++ b/Ansible/project/rt-xray-ha-ssh-proxy/hosts.yml @@ -0,0 +1,60 @@ +--- +all: + vars: + ansible_user: "ubuntu" + ansible_ssh_private_key_file: "/Users/jefff/.ssh/ansible-priv.pem" + ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -A ubuntu@13.82.225.20 -W %h:%p"' + children: + database: + hosts: + #artifactory database + 10.0.0.6: + db_users: + - { db_user: "artifactory", db_password: "Art1fAct0ry" } + dbs: + - { db_name: "artifactory", db_owner: "artifactory" } + #xray database + 10.0.0.4: + dbs: + - { db_name: "xraydb", db_owner: "xray" } + db_users: + - { db_user: "xray", db_password: "xray" } + artifactory: + vars: + artifactory_ha_enabled: true + master_key: "c97b862469de0d94fbb7d48130637a5a" + join_key: "9bcca98f375c0728d907cc6ee39d4f02" + db_download_url: "https://jdbc.postgresql.org/download/postgresql-42.2.12.jar" + db_type: "postgresql" + db_driver: "org.postgresql.Driver" + db_url: "jdbc:postgresql://10.0.0.6:5432/artifactory" + db_user: "artifactory" + db_password: "Art1fAct0ry" + server_name: "rt.13.82.225.208.xip.io" + children: + primary: + hosts: + 10.0.0.8: + artifactory_is_primary: true + artifactory_license1: x + artifactory_license2: x + artifactory_license3: x + artifactory_license4: x + artifactory_license5: x + secondary: + hosts: + 10.0.0.9: + vars: + artifactory_is_primary: false + xray: + vars: + jfrog_url: http://rt.13.82.225.208.xip.io/ + master_key: "c97b862469de0d94fbb7d48130637a5a" + join_key: "9bcca98f375c0728d907cc6ee39d4f02" + db_type: "postgresql" + db_driver: "org.postgresql.Driver" + db_url: "postgres://10.0.0.4:5432/xraydb?sslmode=disable" + db_user: "xray" + db_password: "xray" + hosts: + 10.0.0.5: diff --git a/Ansible/project/rt-xray-ha-ssh-proxy/playbook.yml b/Ansible/project/rt-xray-ha-ssh-proxy/playbook.yml new file mode 100644 index 0000000..825fe0b --- /dev/null +++ b/Ansible/project/rt-xray-ha-ssh-proxy/playbook.yml @@ -0,0 +1,12 @@ +--- +- hosts: database + roles: + - postgres + +- hosts: primary:secondary + roles: + - artifactory + +- hosts: xray + roles: + - xray \ No newline at end of file diff --git a/Ansible/project/rt-xray-ha/hosts.yml b/Ansible/project/rt-xray-ha/hosts.yml new file mode 100644 index 0000000..0a79555 --- /dev/null +++ b/Ansible/project/rt-xray-ha/hosts.yml @@ -0,0 +1,55 @@ +--- +all: + vars: + ansible_user: "ubuntu" + ansible_ssh_private_key_file: "/Users/jefff/.ssh/ansible-priv.pem" + children: + database: + hosts: + #artifactory database + 52.86.32.79: + dbs: + - { db_name: "artifactory", db_owner: "artifactory" } + db_users: + - { db_user: "artifactory", db_password: "Art1fAct0ry" } + #xray database + 100.25.152.93: + dbs: + - { db_name: "xraydb", db_owner: "xray" } + db_users: + - { db_user: "xray", db_password: "xray" } + artifactory: + vars: + artifactory_ha_enabled: true + master_key: "c97b862469de0d94fbb7d48130637a5a" + join_key: "9bcca98f375c0728d907cc6ee39d4f02" + db_download_url: "https://jdbc.postgresql.org/download/postgresql-42.2.12.jar" + db_type: "postgresql" + db_driver: "org.postgresql.Driver" + db_url: "jdbc:postgresql://10.0.0.51:5432/artifactory" + db_user: "artifactory" + db_password: "Art1fAct0ry" + server_name: "ec2-18-210-33-94.compute-1.amazonaws.com" + children: + primary: + hosts: + 18.210.33.94: + artifactory_is_primary: true + artifactory_license1: x + artifactory_license2: x + artifactory_license3: x + artifactory_license4: x + artifactory_license5: x + xray: + vars: + jfrog_url: http://ec2-18-210-33-94.compute-1.amazonaws.com + master_key: "c97b862469de0d94fbb7d48130637a5a" + join_key: "9bcca98f375c0728d907cc6ee39d4f02" + db_type: "postgresql" + db_driver: "org.postgresql.Driver" + db_url: "postgres://10.0.0.5:5432/xraydb?sslmode=disable" + db_user: "xray" + db_password: "xray" + hosts: +# 34.229.56.166: + 54.237.68.180 diff --git a/Ansible/project/rt-xray-ha/playbook.yml b/Ansible/project/rt-xray-ha/playbook.yml new file mode 100644 index 0000000..b25f3af --- /dev/null +++ b/Ansible/project/rt-xray-ha/playbook.yml @@ -0,0 +1,12 @@ +--- +- hosts: database + roles: + - postgres + +- hosts: primary + roles: + - artifactory + +- hosts: xray + roles: + - xray \ No newline at end of file diff --git a/Ansible/project/rt-xray/hosts.yml b/Ansible/project/rt-xray/hosts.yml new file mode 100644 index 0000000..c553954 --- /dev/null +++ b/Ansible/project/rt-xray/hosts.yml @@ -0,0 +1,43 @@ +--- +all: + vars: + ansible_user: "ubuntu" + ansible_ssh_private_key_file: "/Users/jefff/.ssh/ansible-priv.pem" + children: + database: + hosts: + 34.239.107.0: + dbs: + - { db_name: "artifactory", db_owner: "artifactory" } + - { db_name: "xraydb", db_owner: "xray" } + db_users: + - { db_user: "artifactory", db_password: "Art1fAct0ry" } + - { db_user: "xray", db_password: "xray" } + artifactory: + hosts: + 54.237.207.135: + artifactory_license1: x + artifactory_license2: x + artifactory_license3: x + artifactory_license4: x + artifactory_license5: x + master_key: "c97b862469de0d94fbb7d48130637a5a" + join_key: "9bcca98f375c0728d907cc6ee39d4f02" + db_download_url: "https://jdbc.postgresql.org/download/postgresql-42.2.12.jar" + db_type: "postgresql" + db_driver: "org.postgresql.Driver" + db_url: "jdbc:postgresql://10.0.0.59:5432/artifactory" + db_user: "artifactory" + db_password: "Art1fAct0ry" + server_name: "ec2-54-237-207-135.compute-1.amazonaws.com" + xray: + hosts: + 100.25.104.174: + jfrog_url: "http://ec2-54-237-207-135.compute-1.amazonaws.com" + master_key: "c97b862469de0d94fbb7d48130637a5a" + join_key: "9bcca98f375c0728d907cc6ee39d4f02" + db_type: "postgresql" + db_driver: "org.postgresql.Driver" + db_url: "postgres://10.0.0.59:5432/xraydb?sslmode=disable" + db_user: "xray" + db_password: "xray" diff --git a/Ansible/project/rt-xray/playbook.yml b/Ansible/project/rt-xray/playbook.yml new file mode 100644 index 0000000..9c0ff31 --- /dev/null +++ b/Ansible/project/rt-xray/playbook.yml @@ -0,0 +1,12 @@ +--- +- hosts: database + roles: + - postgres + +- hosts: artifactory + roles: + - artifactory + +- hosts: xray + roles: + - xray \ No newline at end of file diff --git a/Ansible/project/rt/hosts.yml b/Ansible/project/rt/hosts.yml new file mode 100644 index 0000000..42dab9b --- /dev/null +++ b/Ansible/project/rt/hosts.yml @@ -0,0 +1,24 @@ +--- +all: + vars: + ansible_user: "ubuntu" + children: + database: + hosts: + 54.83.163.100: + db_users: + - { db_user: "artifactory", db_password: "{{ lookup('env', 'artifactory_password') }}" } + dbs: + - { db_name: "artifactory", db_owner: "artifactory" } + primary: + hosts: + 54.165.47.191: + artifactory_is_primary: true + artifactory_license_file: "{{ lookup('env', 'artifactory_license_file') }}" + db_download_url: "https://jdbc.postgresql.org/download/postgresql-42.2.12.jar" + db_type: "postgresql" + db_driver: "org.postgresql.Driver" + db_url: "jdbc:postgresql://10.0.0.219:5432/artifactory" + db_user: "artifactory" + db_password: "{{ lookup('env', 'artifactory_password') }}" + server_name: "ec2-54-165-47-191.compute-1.amazonaws.com" \ No newline at end of file diff --git a/Ansible/project/rt/playbook.yml b/Ansible/project/rt/playbook.yml new file mode 100644 index 0000000..48d7c1e --- /dev/null +++ b/Ansible/project/rt/playbook.yml @@ -0,0 +1,8 @@ +--- +- hosts: database + roles: + - postgres + +- hosts: primary + roles: + - artifactory diff --git a/Ansible/project/rt/runPlaybook.sh b/Ansible/project/rt/runPlaybook.sh new file mode 100755 index 0000000..1c5d200 --- /dev/null +++ b/Ansible/project/rt/runPlaybook.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +ansible-playbook -i Ansible/project/rt/hosts.yml Ansible/project/rt/playbook.yml --extra-vars "master_key=$(openssl rand -hex 16) join_key=$(openssl rand -hex 16)" \ No newline at end of file diff --git a/Ansible/project/ssl/hosts.yml b/Ansible/project/ssl/hosts.yml new file mode 100644 index 0000000..c6c8f9f --- /dev/null +++ b/Ansible/project/ssl/hosts.yml @@ -0,0 +1,39 @@ +--- +all: + vars: + ansible_user: "ubuntu" + ansible_ssh_private_key_file: "/Users/jefff/.ssh/ansible-priv.pem" + children: + database: + hosts: + 52.86.32.79: + db_users: + - { db_user: "artifactory", db_password: "Art1fAct0ry" } + dbs: + - { db_name: "artifactory", db_owner: "artifactory" } + primary: + hosts: + 100.25.104.198: + artifactory_is_primary: true + artifactory_license1: x + artifactory_license2: x + artifactory_license3: x + artifactory_license4: x + artifactory_license5: x + master_key: "c97b862469de0d94fbb7d48130637a5a" + join_key: "9bcca98f375c0728d907cc6ee39d4f02" + db_download_url: "https://jdbc.postgresql.org/download/postgresql-42.2.12.jar" + db_type: "postgresql" + db_driver: "org.postgresql.Driver" + db_url: "jdbc:postgresql://10.0.0.160:5432/artifactory" + db_user: "artifactory" + db_password: "Art1fAct0ry" + server_name: "ec2-100-25-104-198.compute-1.amazonaws.com" + certificate: | + -----BEGIN CERTIFICATE----- + x + -----END CERTIFICATE----- + certificate_key: | + -----BEGIN PRIVATE KEY----- + x + -----END PRIVATE KEY----- diff --git a/Ansible/project/ssl/playbook.yml b/Ansible/project/ssl/playbook.yml new file mode 100644 index 0000000..359472b --- /dev/null +++ b/Ansible/project/ssl/playbook.yml @@ -0,0 +1,9 @@ +--- +- hosts: database + roles: + - postgres + +- hosts: primary + roles: + - artifactory + - artifactory-nginx-ssl diff --git a/Ansible/test/aws/playbook.yaml b/Ansible/test/aws/playbook.yaml new file mode 100644 index 0000000..fafe557 --- /dev/null +++ b/Ansible/test/aws/playbook.yaml @@ -0,0 +1,148 @@ +--- +- name: Provision AWS test infrastructure + hosts: localhost + tasks: + - shell: 'pwd' + register: cmd + + - debug: + msg: "{{ cmd.stdout }}" + - name: Create AWS test system + cloudformation: + stack_name: "{{ lookup('env', 'stack_name') }}" + state: "present" + region: "us-east-1" + disable_rollback: true + template: "{{ lookup('env', 'cfn_template') }}" + template_parameters: + SSHKeyName: "{{ lookup('env', 'ssh_public_key_name') }}" + tags: + Stack: "{{ lookup('env', 'stack_name') }}" + register: AWSDeployment + - name: Get AWS deployment details + debug: + var: AWSDeployment + + - name: Add bastion + add_host: + hostname: "{{ AWSDeployment.stack_outputs.BastionInstancePublic }}" + groups: bastion + ansible_user: "ubuntu" + - name: Add new RT primary to host group + add_host: + hostname: "{{ AWSDeployment.stack_outputs.RTPriInstancePrivate }}" + ansible_user: "ubuntu" + ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -A ubuntu@{{ AWSDeployment.stack_outputs.BastionInstancePublic }} -W %h:%p"' + db_url: "jdbc:postgresql://{{ AWSDeployment.stack_outputs.DBInstancePrivate }}:5432/artifactory" + server_name: "{{ AWSDeployment.stack_outputs.ALBHostName }}" + artifactory_is_primary: true + artifactory_license1: "{{ lookup('env', 'artifactory_license1') }}" + artifactory_license2: "{{ lookup('env', 'artifactory_license2') }}" + artifactory_license3: "{{ lookup('env', 'artifactory_license3') }}" + groups: + - artifactory + + - name: Add RT secondaries to host group + add_host: + hostname: "{{ AWSDeployment.stack_outputs.RTSecInstancePrivate }}" + ansible_user: "ubuntu" + ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -A ubuntu@{{ AWSDeployment.stack_outputs.BastionInstancePublic }} -W %h:%p"' + db_url: "jdbc:postgresql://{{ AWSDeployment.stack_outputs.DBInstancePrivate }}:5432/artifactory" + server_name: "{{ AWSDeployment.stack_outputs.ALBHostName }}" + artifactory_is_primary: false + groups: + - artifactory + + - name: Add xrays to host group + add_host: + hostname: "{{ AWSDeployment.stack_outputs.XrayInstancePrivate }}" + ansible_user: "ubuntu" + ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -A ubuntu@{{ AWSDeployment.stack_outputs.BastionInstancePublic }} -W %h:%p"' + jfrog_url: "http://{{ AWSDeployment.stack_outputs.ALBHostName }}" + master_key: "{{ lookup('env', 'master_key') }}" + join_key: "{{ lookup('env', 'join_key') }}" + db_type: "postgresql" + db_driver: "org.postgresql.Driver" + db_user: "xray" + db_password: "xray" + db_url: "postgres://{{ AWSDeployment.stack_outputs.DBInstancePrivate }}:5432/xraydb?sslmode=disable" + groups: xray + + - name: Add DBs to host group + add_host: + hostname: "{{ AWSDeployment.stack_outputs.DBInstancePrivate }}" + ansible_user: "ubuntu" + ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -A ubuntu@{{ AWSDeployment.stack_outputs.BastionInstancePublic }} -W %h:%p"' + db_users: + - { db_user: "artifactory", db_password: "Art1fAct0ry" } + - { db_user: "xray", db_password: "xray" } + dbs: + - { db_name: "artifactory", db_owner: "artifactory" } + - { db_name: "xraydb", db_owner: "xray" } + groups: database + + - name: Set up test environment url + replace: + path: ../tests/src/test/resources/testenv.yaml + regexp: 'urlval' + replace: "http://{{ AWSDeployment.stack_outputs.ALBHostName }}" + + - name: Set up test environment external_ip + replace: + path: ../tests/src/test/resources/testenv.yaml + regexp: 'ipval' + replace: "{{ AWSDeployment.stack_outputs.ALBHostName }}" + + - name: Set up test environment rt_password + replace: + path: ../tests/src/test/resources/testenv.yaml + regexp: 'passval' + replace: "password" + + - name: show testenv.yaml + debug: var=item + with_file: + - ../tests/src/test/resources/testenv.yaml + + - name: Wait 300 seconds for port 22 + wait_for: + port: 22 + host: "{{ AWSDeployment.stack_outputs.BastionInstancePublic }}" + delay: 10 + + - debug: + msg: "Unified URL is at http://{{ AWSDeployment.stack_outputs.ALBHostName }}" + +- hosts: database + roles: + - postgres + +- hosts: artifactory + vars: + artifactory_ha_enabled: true + master_key: "{{ lookup('env', 'master_key') }}" + join_key: "{{ lookup('env', 'join_key') }}" + db_download_url: "https://jdbc.postgresql.org/download/postgresql-42.2.12.jar" + db_type: "postgresql" + db_driver: "org.postgresql.Driver" + db_user: "artifactory" + db_password: "Art1fAct0ry" + roles: + - artifactory + +- hosts: xray + roles: + - xray + +- name: Test + hosts: localhost + tasks: + - name: Run tests + shell: + cmd: ./gradlew clean unified_test + chdir: ../tests/ + - name: Cleanup and delete stack + cloudformation: + stack_name: "{{ lookup('env', 'stack_name') }}" + region: "us-east-1" + state: "absent" \ No newline at end of file diff --git a/Ansible/test/aws/runAws.sh b/Ansible/test/aws/runAws.sh new file mode 100755 index 0000000..fa8da2a --- /dev/null +++ b/Ansible/test/aws/runAws.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +ansible-playbook Ansible/test/aws/playbook.yaml \ No newline at end of file diff --git a/Ansible/test/azure/playbook.yaml b/Ansible/test/azure/playbook.yaml new file mode 100644 index 0000000..f4eb24a --- /dev/null +++ b/Ansible/test/azure/playbook.yaml @@ -0,0 +1,162 @@ +--- +- name: Provision Azure test infrastructure + hosts: localhost + tasks: + - name: Create azure test system + azure_rm_deployment: + resource_group: "{{ lookup('env', 'azure_resource_group') }}" + location: eastus + name: AzureAnsibleInfra + parameters: + vnetName: + value: "vnetAnsible" + vnetAddressRange: + value: "10.0.0.0/16" + subnetAddressRange: + value: "10.0.0.0/24" + location: + value: "eastus" + adminPublicKey: + value: "{{ lookup('env', 'ssh_public_key') }}" + sizeOfDiskInGB: + value: 128 + vmSize: + value: Standard_D2s_v3 + numberOfArtifactory: + value: 2 + numberOfXray: + value: 1 + numberOfDb: + value: 1 + template_link: "{{ lookup('env', 'arm_template') }}" + register: azureDeployment + - name: Get Azure deployment details + debug: + var: azureDeployment + + - name: Add bastion + add_host: + hostname: "{{ azureDeployment.deployment.outputs.lbIp.value }}" + groups: bastion + ansible_user: "ubuntu" + - name: Add new RT primary to host group + add_host: + hostname: "{{ azureDeployment.deployment.outputs.vmArtPriIp.value }}" + ansible_user: "ubuntu" + ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -A ubuntu@{{ azureDeployment.deployment.outputs.lbIp.value }} -W %h:%p"' + db_url: "jdbc:postgresql://{{ azureDeployment.deployment.outputs.vmDbArrIp.value[0] }}:5432/artifactory" + server_name: "rt.{{ azureDeployment.deployment.outputs.lbIp.value }}.xip.io" + artifactory_is_primary: true + artifactory_license1: "{{ lookup('env', 'artifactory_license1') }}" + artifactory_license2: "{{ lookup('env', 'artifactory_license2') }}" + artifactory_license3: "{{ lookup('env', 'artifactory_license3') }}" + groups: + - artifactory + + - name: Add RT secondaries to host group + add_host: + hostname: "{{ item }}" + ansible_user: "ubuntu" + ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -A ubuntu@{{ azureDeployment.deployment.outputs.lbIp.value }} -W %h:%p"' + db_url: "jdbc:postgresql://{{ azureDeployment.deployment.outputs.vmDbArrIp.value[0] }}:5432/artifactory" + server_name: "rt.{{ azureDeployment.deployment.outputs.lbIp.value }}.xip.io" + artifactory_is_primary: false + groups: + - artifactory + loop: "{{ azureDeployment.deployment.outputs.vmArtSecArrIp.value }}" + + - name: Add xrays to host group + add_host: + hostname: "{{ item }}" + ansible_user: "ubuntu" + ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -A ubuntu@{{ azureDeployment.deployment.outputs.lbIp.value }} -W %h:%p"' + jfrog_url: "http://rt.{{ azureDeployment.deployment.outputs.lbIp.value }}.xip.io" + master_key: "{{ lookup('env', 'master_key') }}" + join_key: "{{ lookup('env', 'join_key') }}" + db_type: "postgresql" + db_driver: "org.postgresql.Driver" + db_user: "xray" + db_password: "xray" + db_url: "postgres://{{ azureDeployment.deployment.outputs.vmDbArrIp.value[0] }}:5432/xraydb?sslmode=disable" + groups: xray + loop: "{{ azureDeployment.deployment.outputs.vmXrayArrIp.value }}" + + - name: Add DBs to host group + add_host: + hostname: "{{ item }}" + ansible_user: "ubuntu" + ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -A ubuntu@{{ azureDeployment.deployment.outputs.lbIp.value }} -W %h:%p"' + db_users: + - { db_user: "artifactory", db_password: "Art1fAct0ry" } + - { db_user: "xray", db_password: "xray" } + dbs: + - { db_name: "artifactory", db_owner: "artifactory" } + - { db_name: "xraydb", db_owner: "xray" } + groups: database + loop: "{{ azureDeployment.deployment.outputs.vmDbArrIp.value }}" + + - name: Set up test environment url + replace: + path: ../tests/src/test/resources/testenv.yaml + regexp: 'urlval' + replace: "http://rt.{{ azureDeployment.deployment.outputs.lbIp.value }}.xip.io" + + - name: Set up test environment external_ip + replace: + path: ../tests/src/test/resources/testenv.yaml + regexp: 'ipval' + replace: "{{ azureDeployment.deployment.outputs.lbIp.value }}" + + - name: Set up test environment rt_password + replace: + path: ../tests/src/test/resources/testenv.yaml + regexp: 'passval' + replace: "password" + + - name: show testenv.yaml + debug: var=item + with_file: + - ../tests/src/test/resources/testenv.yaml + + - name: Wait 300 seconds for port 22 + wait_for: + port: 22 + host: "{{ azureDeployment.deployment.outputs.lbIp.value }}" + delay: 10 + + - debug: + msg: "Unified URL is at http://rt.{{ azureDeployment.deployment.outputs.lbIp.value }}.xip.io" + +- hosts: database + roles: + - postgres + +- hosts: artifactory + vars: + artifactory_ha_enabled: true + master_key: "{{ lookup('env', 'master_key') }}" + join_key: "{{ lookup('env', 'join_key') }}" + db_download_url: "https://jdbc.postgresql.org/download/postgresql-42.2.12.jar" + db_type: "postgresql" + db_driver: "org.postgresql.Driver" + db_user: "artifactory" + db_password: "Art1fAct0ry" + roles: + - artifactory + +- hosts: xray + roles: + - xray + +- name: Test + hosts: localhost + tasks: + - name: Run tests + shell: + cmd: ./gradlew clean unified_test + chdir: ../tests/ + - name: Cleanup and delete resource group + azure_rm_resourcegroup: + name: "{{ lookup('env', 'azure_resource_group') }}" + force_delete_nonempty: yes + state: absent \ No newline at end of file diff --git a/Ansible/test/azure/runAzure.sh b/Ansible/test/azure/runAzure.sh new file mode 100755 index 0000000..c9d7e80 --- /dev/null +++ b/Ansible/test/azure/runAzure.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +ansible-playbook Ansible/test/azure/playbook.yaml \ No newline at end of file diff --git a/Ansible/test/tests/README.md b/Ansible/test/tests/README.md new file mode 100755 index 0000000..21db3cf --- /dev/null +++ b/Ansible/test/tests/README.md @@ -0,0 +1,19 @@ +## Test framework + +### How to run it locally + +``` +./gradlew clean commonTests +``` + +### Adding new tests + +### Gradle cleanup. Delete the folder: +``` + ~/.gradle/caches/ + ./gradlew clean +``` +### Or run +``` + ./gradlew clean +``` \ No newline at end of file diff --git a/Ansible/test/tests/build.gradle b/Ansible/test/tests/build.gradle new file mode 100644 index 0000000..1a41ee3 --- /dev/null +++ b/Ansible/test/tests/build.gradle @@ -0,0 +1,63 @@ +plugins { + id 'groovy' +} + +group 'org.example' +version '1.0-SNAPSHOT' + +repositories { + mavenCentral() +} + +dependencies { + compile 'org.codehaus.groovy:groovy-all:3.0.0' + testCompile 'io.rest-assured:rest-assured:4.1.1' + testCompile 'org.testng:testng:6.14.3' + testCompile 'org.yaml:snakeyaml:1.17' +} + +test { + outputs.upToDateWhen { false } + useTestNG(){ + suites("src/test/groovy/testng.xml") + } + //maxParallelForks = Runtime.runtime.availableProcessors().intdiv(2) ?: 1 + testLogging { + showStandardStreams = true + } + +} + +task artifactory_jcr_test(type: Test) { + useTestNG() { + useDefaultListeners = true + suites 'src/test/groovy/testng.xml' + includeGroups ('common', 'jcr') + } + testLogging { + showStandardStreams = true + } +} + +task artifactory_ha_test(type: Test) { + useTestNG() { + useDefaultListeners = true + suites 'src/test/groovy/testng.xml' + includeGroups('common','pro') + } + testLogging { + showStandardStreams = true + } +} + +task unified_test(type: Test) { + useTestNG() { + useDefaultListeners = true + suites 'src/test/groovy/testng.xml' + includeGroups('common','pro','xray') + } + testLogging { + showStandardStreams = true + } +} + diff --git a/Ansible/test/tests/gradle/wrapper/gradle-wrapper.jar b/Ansible/test/tests/gradle/wrapper/gradle-wrapper.jar new file mode 100644 index 0000000..87b738c Binary files /dev/null and b/Ansible/test/tests/gradle/wrapper/gradle-wrapper.jar differ diff --git a/Ansible/test/tests/gradle/wrapper/gradle-wrapper.properties b/Ansible/test/tests/gradle/wrapper/gradle-wrapper.properties new file mode 100644 index 0000000..09c586a --- /dev/null +++ b/Ansible/test/tests/gradle/wrapper/gradle-wrapper.properties @@ -0,0 +1,6 @@ +#Wed Feb 12 10:23:21 PST 2020 +distributionUrl=https\://services.gradle.org/distributions/gradle-5.2.1-all.zip +distributionBase=GRADLE_USER_HOME +distributionPath=wrapper/dists +zipStorePath=wrapper/dists +zipStoreBase=GRADLE_USER_HOME diff --git a/Ansible/test/tests/gradlew b/Ansible/test/tests/gradlew new file mode 100755 index 0000000..af6708f --- /dev/null +++ b/Ansible/test/tests/gradlew @@ -0,0 +1,172 @@ +#!/usr/bin/env sh + +############################################################################## +## +## Gradle start up script for UN*X +## +############################################################################## + +# Attempt to set APP_HOME +# Resolve links: $0 may be a link +PRG="$0" +# Need this for relative symlinks. +while [ -h "$PRG" ] ; do + ls=`ls -ld "$PRG"` + link=`expr "$ls" : '.*-> \(.*\)$'` + if expr "$link" : '/.*' > /dev/null; then + PRG="$link" + else + PRG=`dirname "$PRG"`"/$link" + fi +done +SAVED="`pwd`" +cd "`dirname \"$PRG\"`/" >/dev/null +APP_HOME="`pwd -P`" +cd "$SAVED" >/dev/null + +APP_NAME="Gradle" +APP_BASE_NAME=`basename "$0"` + +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS='"-Xmx64m"' + +# Use the maximum available, or set MAX_FD != -1 to use that value. +MAX_FD="maximum" + +warn () { + echo "$*" +} + +die () { + echo + echo "$*" + echo + exit 1 +} + +# OS specific support (must be 'true' or 'false'). +cygwin=false +msys=false +darwin=false +nonstop=false +case "`uname`" in + CYGWIN* ) + cygwin=true + ;; + Darwin* ) + darwin=true + ;; + MINGW* ) + msys=true + ;; + NONSTOP* ) + nonstop=true + ;; +esac + +CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + +# Determine the Java command to use to start the JVM. +if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD="$JAVA_HOME/jre/sh/java" + else + JAVACMD="$JAVA_HOME/bin/java" + fi + if [ ! -x "$JAVACMD" ] ; then + die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +else + JAVACMD="java" + which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." +fi + +# Increase the maximum file descriptors if we can. +if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then + MAX_FD_LIMIT=`ulimit -H -n` + if [ $? -eq 0 ] ; then + if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then + MAX_FD="$MAX_FD_LIMIT" + fi + ulimit -n $MAX_FD + if [ $? -ne 0 ] ; then + warn "Could not set maximum file descriptor limit: $MAX_FD" + fi + else + warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" + fi +fi + +# For Darwin, add options to specify how the application appears in the dock +if $darwin; then + GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" +fi + +# For Cygwin, switch paths to Windows format before running java +if $cygwin ; then + APP_HOME=`cygpath --path --mixed "$APP_HOME"` + CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` + JAVACMD=`cygpath --unix "$JAVACMD"` + + # We build the pattern for arguments to be converted via cygpath + ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` + SEP="" + for dir in $ROOTDIRSRAW ; do + ROOTDIRS="$ROOTDIRS$SEP$dir" + SEP="|" + done + OURCYGPATTERN="(^($ROOTDIRS))" + # Add a user-defined pattern to the cygpath arguments + if [ "$GRADLE_CYGPATTERN" != "" ] ; then + OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" + fi + # Now convert the arguments - kludge to limit ourselves to /bin/sh + i=0 + for arg in "$@" ; do + CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` + CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option + + if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition + eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` + else + eval `echo args$i`="\"$arg\"" + fi + i=$((i+1)) + done + case $i in + (0) set -- ;; + (1) set -- "$args0" ;; + (2) set -- "$args0" "$args1" ;; + (3) set -- "$args0" "$args1" "$args2" ;; + (4) set -- "$args0" "$args1" "$args2" "$args3" ;; + (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; + (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; + (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; + (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; + (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; + esac +fi + +# Escape application args +save () { + for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done + echo " " +} +APP_ARGS=$(save "$@") + +# Collect all arguments for the java command, following the shell quoting and substitution rules +eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" + +# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong +if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then + cd "$(dirname "$0")" +fi + +exec "$JAVACMD" "$@" diff --git a/Ansible/test/tests/gradlew.bat b/Ansible/test/tests/gradlew.bat new file mode 100644 index 0000000..6d57edc --- /dev/null +++ b/Ansible/test/tests/gradlew.bat @@ -0,0 +1,84 @@ +@if "%DEBUG%" == "" @echo off +@rem ########################################################################## +@rem +@rem Gradle startup script for Windows +@rem +@rem ########################################################################## + +@rem Set local scope for the variables with windows NT shell +if "%OS%"=="Windows_NT" setlocal + +set DIRNAME=%~dp0 +if "%DIRNAME%" == "" set DIRNAME=. +set APP_BASE_NAME=%~n0 +set APP_HOME=%DIRNAME% + +@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +set DEFAULT_JVM_OPTS="-Xmx64m" + +@rem Find java.exe +if defined JAVA_HOME goto findJavaFromJavaHome + +set JAVA_EXE=java.exe +%JAVA_EXE% -version >NUL 2>&1 +if "%ERRORLEVEL%" == "0" goto init + +echo. +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:findJavaFromJavaHome +set JAVA_HOME=%JAVA_HOME:"=% +set JAVA_EXE=%JAVA_HOME%/bin/java.exe + +if exist "%JAVA_EXE%" goto init + +echo. +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:init +@rem Get command-line arguments, handling Windows variants + +if not "%OS%" == "Windows_NT" goto win9xME_args + +:win9xME_args +@rem Slurp the command line arguments. +set CMD_LINE_ARGS= +set _SKIP=2 + +:win9xME_args_slurp +if "x%~1" == "x" goto execute + +set CMD_LINE_ARGS=%* + +:execute +@rem Setup the command line + +set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + +@rem Execute Gradle +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% + +:end +@rem End local scope for the variables with windows NT shell +if "%ERRORLEVEL%"=="0" goto mainEnd + +:fail +rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of +rem the _cmd.exe /c_ return code! +if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 +exit /b 1 + +:mainEnd +if "%OS%"=="Windows_NT" endlocal + +:omega diff --git a/Ansible/test/tests/settings.gradle b/Ansible/test/tests/settings.gradle new file mode 100644 index 0000000..d30fe0d --- /dev/null +++ b/Ansible/test/tests/settings.gradle @@ -0,0 +1,2 @@ +rootProject.name = 'fozzie_jfrog_tests' + diff --git a/Ansible/test/tests/src/test/groovy/steps/RepositorySteps.groovy b/Ansible/test/tests/src/test/groovy/steps/RepositorySteps.groovy new file mode 100644 index 0000000..3ae8b07 --- /dev/null +++ b/Ansible/test/tests/src/test/groovy/steps/RepositorySteps.groovy @@ -0,0 +1,139 @@ +package steps + + +import static io.restassured.RestAssured.given + +class RepositorySteps { + + def getHealthCheckResponse(artifactoryURL) { + return given() + .when() + .get("http://" + artifactoryURL + "/router/api/v1/system/health") + .then() + .extract().response() + } + + def ping() { + return given() + .when() + .get("/api/system/ping") + .then() + .extract().response() + } + + def createRepositories(File body, username, password) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("content-Type", "application/yaml") + .body(body) + .when() + .patch("/api/system/configuration") + .then() + .extract().response() + } + // https://www.jfrog.com/confluence/display/JFROG/Artifactory+REST+API#ArtifactoryRESTAPI-GetRepositories + def getRepos() { + return given() + .header("Cache-Control", "no-cache") + .header("content-Type", "application/yaml") + .when() + .get("/api/repositories") + .then() + .extract().response() + + } + // https://www.jfrog.com/confluence/display/JFROG/Artifactory+REST+API#ArtifactoryRESTAPI-DeleteRepository + def deleteRepository(repoName, username, password) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("content-Type", "application/yaml") + .when() + .delete("/api/repositories/" + repoName) + .then() + .extract().response() + + } + + def createDirectory(repoName, directoryName) { + return given() + .header("Cache-Control", "no-cache") + .header("content-Type", "application/yaml") + .when() + .put("/" + repoName + "/" + directoryName) + .then() + .extract().response() + + } + + def deployArtifact(repoName, directoryName, artifact, filename) { + return given() + .header("Cache-Control", "no-cache") + .header("Content-Type", "application/json") + .body(artifact) + .when() + .put("/" + repoName + "/" + directoryName + "/" + filename) + .then() + .extract().response() + + } + + def deleteItem(repoName, directoryName, artifact, filename) { + return given() + .header("Cache-Control", "no-cache") + .header("Content-Type", "application/json") + .body(artifact) + .when() + .delete("/" + repoName + "/" + directoryName + "/" + filename) + .then() + .extract().response() + + } + + def getInfo(repoName, directoryName, artifact, filename) { + return given() + .header("Cache-Control", "no-cache") + .header("Content-Type", "application/json") + .body(artifact) + .when() + .get("/api/storage/" + repoName + "/" + directoryName + "/" + filename) + .then() + .extract().response() + + } + + def createSupportBundle(name, startDate, endDate) { + return given() + .header("Cache-Control", "no-cache") + .header("Content-Type", "application/json") + .body("{ \n" + + " \"name\":\"${name}\",\n" + + " \"description\":\"desc\",\n" + + " \"parameters\":{ \n" + + " \"configuration\": \"true\",\n" + + " \"system\": \"true\", \n" + + " \"logs\":{ \n" + + " \"include\": \"true\", \n" + + " \"start_date\":\"${startDate}\",\n" + + " \"end_date\":\"${endDate}\"\n" + + " },\n" + + " \"thread_dump\":{ \n" + + " \"count\": 1,\n" + + " \"interval\": 0\n" + + " }\n" + + " }\n" + + "}") + .when() + .post("/api/system/support/bundle") + .then() + .extract().response() + + } + + +} \ No newline at end of file diff --git a/Ansible/test/tests/src/test/groovy/steps/SecuritytSteps.groovy b/Ansible/test/tests/src/test/groovy/steps/SecuritytSteps.groovy new file mode 100644 index 0000000..4450b39 --- /dev/null +++ b/Ansible/test/tests/src/test/groovy/steps/SecuritytSteps.groovy @@ -0,0 +1,196 @@ +package steps + +import org.testng.annotations.DataProvider + +import static io.restassured.RestAssured.given + + +class SecuritytSteps { + + def createUser(usernameRt, emailRt, passwordRt) { + return given() + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .body("{\n" + + " \"email\" : \"${emailRt}\",\n" + + " \"password\": \"${passwordRt}\"\n" + + "}") + .when() + .put("/api/security/users/${usernameRt}") + .then() + .extract().response() + } + + def getUserDetails(usernameRt) { + return given() + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .when() + .get("/api/security/users/${usernameRt}") + .then() + .extract().response() + } + + def deleteUser(usernameRt) { + return given() + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .when() + .delete("/api/security/users/${usernameRt}") + .then() + .extract().response() + } + + def generateAPIKey(usernameRt, passwordRt) { + return given() + .auth() + .preemptive() + .basic("${usernameRt}", "${passwordRt}") + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .when() + .post("/api/security/apiKey") + .then() + .extract().response() + } + + def getAPIKey(usernameRt, passwordRt) { + return given() + .auth() + .preemptive() + .basic("${usernameRt}", "${passwordRt}") + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .when() + .get("/api/security/apiKey") + .then() + .extract().response() + } + + def regenerateAPIKey(usernameRt, passwordRt) { + return given() + .auth() + .preemptive() + .basic("${usernameRt}", "${passwordRt}") + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .when() + .put("/api/security/apiKey") + .then() + .extract().response() + } + + def createGroup(groupName) { + return given() + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .body("{\"name\": \"${groupName}\"}") + .when() + .put("/api/security/groups/${groupName}") + .then() + .extract().response() + } + + def getGroup(groupName) { + return given() + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .body("{\"name\": \"${groupName}\"}") + .when() + .get("/api/security/groups/${groupName}") + .then() + .extract().response() + } + + def deleteGroup(groupName) { + return given() + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .when() + .delete("/api/security/groups/${groupName}") + .then() + .extract().response() + } + + def createPermissions(permissionName, repository, user1, user2, + group1, group2, action1, action2, action3) { + return given() + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .body("{\n" + + " \"name\": \"${permissionName}\",\n" + + " \"repo\": {\n" + + " \"repositories\": [ \"${repository}\" ],\n" + + " \"actions\": {\n" + + " \"users\" : {\n" + + " \"${user1}\": [ \"${action1}\",\"${action2}\",\"${action3}\" ], \n" + + " \"${user2}\" : [ \"${action1}\",\"${action2}\",\"${action3}\" ]\n" + + " },\n" + + " \"groups\" : {\n" + + " \"${group1}\" : [ \"${action1}\",\"${action2}\",\"${action3}\" ],\n" + + " \"${group2}\" : [ \"${action1}\",\"${action2}\" ]\n" + + " }\n" + + " }\n" + + " }\n" + + "}") + .when() + .put("/api/v2/security/permissions/testPermission") + .then() + .extract().response() + } + + def getPermissions( permissionName) { + return given() + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .when() + .get("/api/v2/security/permissions/${permissionName}") + .then() + .extract().response() + } + + def deletePermissions(permissionName) { + return given() + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .when() + .delete("/api/v2/security/permissions/${permissionName}") + .then() + .extract().response() + } + + + // Data providers + + @DataProvider(name="users") + public Object[][] users() { + return new Object[][]{ + ["testuser0", "email0@jfrog.com", "password123"], + ["testuser1", "email1@jfrog.com", "password123"], + ["testuser2", "email2@jfrog.com", "password123"], + ["testuser3", "email3@jfrog.com", "password123"], + ["testuser4", "email4@jfrog.com", "password123"], + ["testuser5", "email5@jfrog.com", "password123"], + ["testuser6", "email6@jfrog.com", "password123"], + ["testuser7", "email7@jfrog.com", "password123"], + ["testuser8", "email8@jfrog.com", "password123"], + ["testuser9", "email9@jfrog.com", "password123"] + } + } + + @DataProvider(name="groups") + public Object[][] groups() { + return new Object[][]{ + ["test-group-0"], + ["test-group-1"], + ["test-group-2"], + ["test-group-3"], + ["test-group-4"], + ["test-group-5"], + ["test-group-6"], + ["test-group-7"], + ["test-group-8"], + ["test-group-9"] + } + } +} diff --git a/Ansible/test/tests/src/test/groovy/steps/XraySteps.groovy b/Ansible/test/tests/src/test/groovy/steps/XraySteps.groovy new file mode 100644 index 0000000..552ba93 --- /dev/null +++ b/Ansible/test/tests/src/test/groovy/steps/XraySteps.groovy @@ -0,0 +1,585 @@ +package steps + +import org.testng.annotations.DataProvider + +import static io.restassured.RestAssured.given + +class XraySteps { + + def createIssueEvent(issueID, cve, summary, description, username, password) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .body("{\n" + + " \"id\": \"${issueID}\",\n" + + " \"type\": \"Security\",\n" + + " \"provider\": \"JFrog\",\n" + + " \"package_type\": \"maven\",\n" + + " \"severity\": \"High\",\n" + + " \"components\": [\n" + + " {\n" + + " \"id\": \"aero:aero\",\n" + + " \"vulnerable_versions\": [\n" + + " \"[0.2.3]\"\n" + + " ]\n" + + " }\n" + + " ],\n" + + " \"cves\": [\n" + + " {\n" + + " \"cve\": \"${cve}\",\n" + + " \"cvss_v2\": \"2.4\"\n" + + " }\n" + + " ],\n" + + " \"summary\": \"${summary}\",\n" + + " \"description\": \"${description}\",\n" + + " \"sources\": [\n" + + " {\n" + + " \"source_id\": \"${cve}\"\n" + + " }\n" + + " ]\n" + + "}") + .when() + .post("/v1/events") + .then() + .extract().response() + } + + def updateIssueEvent(issueID, cve, summary, description, username, password) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .body("{\n" + + " \"type\": \"Security\",\n" + + " \"provider\": \"JFrog\",\n" + + " \"package_type\": \"maven\",\n" + + " \"severity\": \"High\",\n" + + " \"components\": [\n" + + " {\n" + + " \"id\": \"aero:aero\",\n" + + " \"vulnerable_versions\": [\n" + + " \"[0.2.3]\"\n" + + " ]\n" + + " }\n" + + " ],\n" + + " \"cves\": [\n" + + " {\n" + + " \"cve\": \"${cve}\",\n" + + " \"cvss_v2\": \"2.4\"\n" + + " }\n" + + " ],\n" + + " \"summary\": \"${summary}\",\n" + + " \"description\": \"${description}\",\n" + + " \"sources\": [\n" + + " {\n" + + " \"source_id\": \"${cve}\"\n" + + " }\n" + + " ]\n" + + "}") + .when() + .put("/v1/events/${issueID}") + .then() + .extract().response() + } + + def createPolicy(policyName, username, password) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .body("{\n" + + " \"name\": \"${policyName}\",\n" + + " \"type\": \"security\",\n" + + " \"description\": \"some description\",\n" + + " \"rules\": [\n" + + " {\n" + + " \"name\": \"securityRule\",\n" + + " \"priority\": 1,\n" + + " \"criteria\": {\n" + + " \"min_severity\": \"High\"\n" + + " },\n" + + " \"actions\": {\n" + + " \"mails\": [\n" + + " \"mail1@example.com\",\n" + + " \"mail2@example.com\"\n" + + " ],\n" + + " \"fail_build\": true,\n" + + " \"block_download\": {\n" + + " \"unscanned\": true,\n" + + " \"active\": true\n" + + " }\n" + + " }\n" + + " }\n" + + " ]\n" + + "}") + .when() + .post("/v1/policies") + .then() + .extract().response() + } + + def updatePolicy(policyName, description, username, password) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .body("{\n" + + " \"name\": \"${policyName}\",\n" + + " \"type\": \"security\",\n" + + " \"description\": \"${description}\",\n" + + " \"rules\": [\n" + + " {\n" + + " \"name\": \"securityRule\",\n" + + " \"priority\": 1,\n" + + " \"criteria\": {\n" + + " \"min_severity\": \"High\"\n" + + " },\n" + + " \"actions\": {\n" + + " \"mails\": [\n" + + " \"mail1@example.com\",\n" + + " \"mail2@example.com\"\n" + + " ],\n" + + " \"fail_build\": true,\n" + + " \"block_download\": {\n" + + " \"unscanned\": true,\n" + + " \"active\": true\n" + + " }\n" + + " }\n" + + " }\n" + + " ]\n" + + "}") + .when() + .put("/v1/policies/${policyName}") + .then() + .extract().response() + } + + def getPolicy(policyName, username, password) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .when() + .get("/v1/policies/${policyName}") + .then() + .extract().response() + } + + def getPolicies(username, password) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .when() + .get("/v1/policies") + .then() + .extract().response() + } + + def deletePolicy(policyName, username, password) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .when() + .delete("/v1/policies/${policyName}") + .then() + .extract().response() + } + + def getIssueEvent(issueID, username, password) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .when() + .get("/v1/events/${issueID}") + .then() + .extract().response() + } + + def createWatchEvent(watchName, policyName, username, password) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .body("{\n" + + " \"general_data\": {\n" + + " \"name\": \"${watchName}\",\n" + + " \"description\": \"This is a new watch created using API V2\",\n" + + " \"active\": true\n" + + " },\n" + + " \"project_resources\": {\n" + + " \"resources\": [\n" + + " {\n" + + " \"type\": \"all-repos\",\n" + + " \"filters\": [\n" + + " {\n" + + " \"type\": \"package-type\",\n" + + " \"value\": \"Docker\"\n" + + " },\n" + + " {\n" + + " \"type\": \"package-type\",\n" + + " \"value\": \"Debian\"\n" + + " }\n" + + " ]\n" + + " }\n" + + " ]\n" + + " },\n" + + " \"assigned_policies\": [\n" + + " {\n" + + " \"name\": \"${policyName}\",\n" + + " \"type\": \"security\"\n" + + " }\n" + + " ]\n" + + "}") + .when() + .post("/v2/watches") + .then() + .extract().response() + } + + def updateWatchEvent(watchName, description, policyName, username, password) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .body("{\n" + + " \"general_data\": {\n" + + " \"name\": \"${watchName}\",\n" + + " \"description\": \"${description}\",\n" + + " \"active\": true\n" + + " },\n" + + " \"project_resources\": {\n" + + " \"resources\": [\n" + + " {\n" + + " \"type\": \"all-repos\",\n" + + " \"filters\": [\n" + + " {\n" + + " \"type\": \"package-type\",\n" + + " \"value\": \"Docker\"\n" + + " },\n" + + " {\n" + + " \"type\": \"package-type\",\n" + + " \"value\": \"Debian\"\n" + + " }\n" + + " ]\n" + + " }\n" + + " ]\n" + + " },\n" + + " \"assigned_policies\": [\n" + + " {\n" + + " \"name\": \"${policyName}\",\n" + + " \"type\": \"security\"\n" + + " }\n" + + " ]\n" + + "}") + .when() + .put("/v2/watches/${watchName}") + .then() + .extract().response() + } + + def getWatchEvent(watchName, username, password) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .when() + .get("/v2/watches/${watchName}") + .then() + .extract().response() + } + + def deleteWatchEvent(watchName, username, password) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .when() + .delete("/v2/watches/${watchName}") + .then() + .extract().response() + } + + def assignPolicy(watchName, policyName, username, password) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .body("{\n" + + " \"watches\": [\n" + + " \"${watchName}\"\n" + + " ]\n" + + "}") + .when() + .post("/v1/policies/${policyName}/assign") + .then() + .extract().response() + } + + def getIntegrationConfiguration(username, password) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .when() + .get("/v1/integration") + .then() + .extract().response() + } + + def addtIntegrationConfiguration(username, password, vendorName) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .body("{\n" + + " \"vendor\": \"${vendorName}\",\n" + + " \"api_key\": \"12345\",\n" + + " \"enabled\": true,\n" + + " \"context\": \"project_id\",\n" + + " \"url\": \"https://saas.whitesourcesoftware.com/xray\",\n" + + " \"description\": \"WhiteSource provides a simple yet powerful open source security and licenses management solution. More details at http://www.whitesourcesoftware.com.\",\n" + + " \"test_url\": \"https://saas.whitesourcesoftware.com/xray/api/checkauth\"\n" + + "}") + .when() + .post("/v1/integration") + .then() + .extract().response() + } + + def postSystemParameters(username, password, body) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .body(body) + .when() + .put("/v1/configuration/systemParameters") + .then() + .extract().response() + } + + def getSystemParameters(username, password) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .when() + .get("/v1/configuration/systemParameters") + .then() + .extract().response() + } + + def getBinaryManager(username, password) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .when() + .get("/v1/binMgr/default") + .then() + .extract().response() + } + + + def getIndexingConfiguration(username, password) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .when() + .get("/v1/binMgr/default/repos") + .then() + .extract().response() + } + + def updateIndexingConfiguration(username, password) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .body("{\n" + + " \"indexed_repos\": [\n" + + " {\n" + + " \"name\": \"docker-local\",\n" + + " \"type\": \"local\",\n" + + " \"pkg_type\": \"Docker\"\n" + + " },\n" + + " {\n" + + " \"name\": \"generic-dev-local\",\n" + + " \"type\": \"local\",\n" + + " \"pkg_type\": \"Generic\"\n" + + " }\n" + + " ],\n" + + " \"non_indexed_repos\": []\n" + + "}") + .when() + .put("/v1/binMgr/default/repos") + .then() + .extract().response() + } + + + + def startScan(username, password, componentID) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("Content-Type", "application/json") + .body("{\n" + + " \"componentID\": \"${componentID}\"\n" + + "}") + .when() + .post("/v1/scanArtifact") + .then() + .extract().response() + } + + + def artifactSummary(username, password, artifactPath) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("content-Type", "application/json") + .body("{\n" + + " \"checksums\": [\n" + + " \"\"\n" + + " ],\n" + + " \"paths\": [\n" + + " \"${artifactPath}\"\n" + + " ]\n" + + "}") + .when() + .post("/v1/summary/artifact") + .then() + .extract().response() + } + + def createSupportBundle(username, password, name, startDate, endDate) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("Content-Type", "application/json") + .body("{ \n" + + " \"name\":\"${name}\",\n" + + " \"description\":\"desc\",\n" + + " \"parameters\":{ \n" + + " \"configuration\": true,\n" + + " \"system\": true, \n" + + " \"logs\":{ \n" + + " \"include\": true, \n" + + " \"start_date\":\"${startDate}\",\n" + + " \"end_date\":\"${endDate}\"\n" + + " },\n" + + " \"thread_dump\":{ \n" + + " \"count\": 1,\n" + + " \"interval\": 0\n" + + " }\n" + + " }\n" + + "}") + .when() + .post("/v1/system/support/bundle") + .then() + .extract().response() + + } + + def getSystemMonitoringStatus(username, password) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("Content-Type", "application/json") + .when() + .get("/v1/monitor") + .then() + .extract().response() + } + + def xrayPingRequest(username, password) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("Content-Type", "application/json") + .when() + .get("/v1/system/ping") + .then() + .extract().response() + } + + def xrayGetVersion(username, password) { + return given() + .auth() + .preemptive() + .basic("${username}", "${password}") + .header("Cache-Control", "no-cache") + .header("Content-Type", "application/json") + .when() + .get("/v1/system/version") + .then() + .extract().response() + } + + // Data providers + + @DataProvider(name = "issueEvents") + public Object[][] issueEvents() { + return new Object[][]{ + ["XRAY-", "CVE-2017-2000386", "A very important custom issue", "A very important custom issue"] + + } + } + +} \ No newline at end of file diff --git a/Ansible/test/tests/src/test/groovy/testng.xml b/Ansible/test/tests/src/test/groovy/testng.xml new file mode 100644 index 0000000..5342660 --- /dev/null +++ b/Ansible/test/tests/src/test/groovy/testng.xml @@ -0,0 +1,25 @@ + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/Ansible/test/tests/src/test/groovy/tests/HealthCheckTest.groovy b/Ansible/test/tests/src/test/groovy/tests/HealthCheckTest.groovy new file mode 100644 index 0000000..4e7fcce --- /dev/null +++ b/Ansible/test/tests/src/test/groovy/tests/HealthCheckTest.groovy @@ -0,0 +1,57 @@ +package tests + +import io.restassured.RestAssured +import io.restassured.path.json.JsonPath +import io.restassured.response.Response +import org.hamcrest.Matchers +import org.testng.Reporter +import org.testng.annotations.BeforeSuite +import org.testng.annotations.Test +import steps.RepositorySteps +import org.yaml.snakeyaml.Yaml +import utils.Shell + +class HealthCheckTest extends RepositorySteps{ + Yaml yaml = new Yaml() + def configFile = new File("./src/test/resources/testenv.yaml") + def config = yaml.load(configFile.text) + def artifactoryURL + + + @BeforeSuite(alwaysRun = true) + def setUp() { + artifactoryURL = config.artifactory.external_ip + RestAssured.baseURI = "http://${artifactoryURL}/artifactory" + } + + + @Test(priority=0, groups="common", testName = "Health check for all 4 services") + void healthCheckTest(){ + Response response = getHealthCheckResponse(artifactoryURL) + response.then().assertThat().statusCode(200). + body("router.state", Matchers.equalTo("HEALTHY")) + + int bodySize = response.body().jsonPath().getList("services").size() + for (int i = 0; i < bodySize; i++) { + JsonPath jsonPathEvaluator = response.jsonPath() + String serviceID = jsonPathEvaluator.getString("services[" + i + "].service_id") + String nodeID = jsonPathEvaluator.getString("services[" + i + "].node_id") + response.then(). + body("services[" + i + "].state", Matchers.equalTo("HEALTHY")) + + Reporter.log("- Health check. Service \"" + serviceID + "\" on node \"" + nodeID + "\" is healthy", true) + } + + } + + @Test(priority=1, groups=["ping","common"], testName = "Ping (In HA 200 only when licences were added)") + void pingTest() { + Response response = ping() + response.then().assertThat().statusCode(200). + body(Matchers.hasToString("OK")) + Reporter.log("- Ping test. Service is OK", true) + } + + + +} diff --git a/Ansible/test/tests/src/test/groovy/tests/RepositoryTest.groovy b/Ansible/test/tests/src/test/groovy/tests/RepositoryTest.groovy new file mode 100644 index 0000000..3deb72a --- /dev/null +++ b/Ansible/test/tests/src/test/groovy/tests/RepositoryTest.groovy @@ -0,0 +1,302 @@ +package tests + +import io.restassured.RestAssured +import io.restassured.path.json.JsonPath +import io.restassured.response.Response +import org.hamcrest.Matchers +import org.testng.Reporter +import org.testng.annotations.BeforeTest +import org.testng.annotations.Test +import org.yaml.snakeyaml.Yaml +import steps.RepositorySteps + +import java.time.LocalDate + +import static org.hamcrest.Matchers.containsString +import static org.hamcrest.Matchers.containsStringIgnoringCase +import static org.hamcrest.Matchers.equalTo +import static org.hamcrest.Matchers.equalToIgnoringCase +import static org.hamcrest.Matchers.greaterThanOrEqualTo + + +class RepositoryTest extends RepositorySteps{ + Yaml yaml = new Yaml() + def configFile = new File("./src/test/resources/testenv.yaml") + def repoListHA = new File("./src/test/resources/repositories/CreateDefault.yaml") + def repoListJCR = new File("./src/test/resources/repositories/CreateJCR.yaml") + def artifact = new File("./src/test/resources/repositories/artifact.zip") + def config = yaml.load(configFile.text) + def artifactoryURL + def username + def password + + @BeforeTest(groups=["jcr", "pro"]) + def setUp() { + artifactoryURL = config.artifactory.external_ip + username = config.artifactory.rt_username + password = config.artifactory.rt_password + RestAssured.baseURI = "http://${artifactoryURL}/artifactory" + RestAssured.authentication = RestAssured.basic(username, password); + RestAssured.useRelaxedHTTPSValidation(); + } + + + @Test(priority=1, groups=["pro"], testName = "Delete sample repositories") + void deleteReposTest(){ + Response getRepoResponse = getRepos() + JsonPath jsonPathEvaluator = getRepoResponse.jsonPath() + List repoNames = jsonPathEvaluator.getList("key", String.class) + for (int i = 0; i < repoNames.size(); i ++){ + Response delete = deleteRepository(repoNames[i], username, password) + delete.then().statusCode(200) + } + + Reporter.log("- Delete sample HA repositories. All repositories were successfully deleted", true) + } + + @Test(priority=1, groups=["jcr",], testName = "Delete sample repositories JCR") + void deleteDefaultJCRReposTest(){ + Response getRepoResponse = getRepos() + JsonPath jsonPathEvaluator = getRepoResponse.jsonPath() + List repoNames = jsonPathEvaluator.getList("key", String.class) + for (int i = 0; i < repoNames.size(); i ++){ + Response delete = deleteRepository(repoNames[i], username, password) + delete.then().statusCode(400).body("errors[0].message", + containsStringIgnoringCase("This REST API is available only in Artifactory Pro")) + } + + Reporter.log("- Delete sample JCR repositories. " + + "Verified - this REST API is available only in Artifactory Pro", true) + } + + @Test(priority=2, groups=["pro"], testName = "Create a list of repositories for HA, specified in YAML file") + void createDefaultHAReposTest(){ + def body + def expectedMessage + body = repoListHA + expectedMessage = "383 changes to config merged successfully" + Response response = createRepositories(body, username, password) + response.then().assertThat().statusCode(200) + .body(Matchers.hasToString(expectedMessage)) + .log().body() + + Reporter.log("- Create repositories for HA distribution. Successfully created", true) + } + + @Test(priority=2, groups=["jcr"], testName = "Create a list of repositories for JCR, specified in YAML file") + void createDefaultJCRReposTest(){ + def body + def expectedMessage + body = repoListJCR + expectedMessage = "82 changes to config merged successfully" + Response response = createRepositories(body, username, password) + response.then().assertThat().statusCode(200) + .body(Matchers.hasToString(expectedMessage)) + .log().body() + + Reporter.log("- Create repositories for JCR. Successfully created", true) + } + + @Test(priority=3, groups=["pro"], testName = "Verify HA repositories were created successfully") + void checkDefaultHAReposTest(){ + Response response = getRepos() + def numberOfRepos = response.then().extract().path("size()") + def expectedReposNumber = 84 + println("Number of created repositories is ${numberOfRepos}") + response.then().assertThat().statusCode(200) + .body("size()", greaterThanOrEqualTo(expectedReposNumber)) + + Reporter.log("- Verify HA repos were created. ${numberOfRepos} repositories were created", true) + } + + @Test(priority=3, groups=["jcr"], testName = "Verify JCR repositories were created successfully") + void checkDefaultJCRReposTest(){ + Response response = getRepos() + def numberOfRepos = response.then().extract().path("size()") + def expectedReposNumber = 17 + response.then().assertThat().statusCode(200) + .body("size()", greaterThanOrEqualTo(expectedReposNumber)) + + Reporter.log("- Verify JCR repos were created. ${numberOfRepos} repositories were created", true) + } + + /*@Test(priority=4, groups=["jcr","pro"], testName = "Create a directory in generic repo") + void createDirectoryTest(){ + def repoName = "generic-dev-local" + def directoryName = "test-directory/" + Response response = createDirectory(repoName, directoryName) + response.then().assertThat().statusCode(201) + .body("repo", equalTo(repoName)) + .body("path", equalTo("/" + directoryName)) + .body("uri", equalTo("http://" + artifactoryURL + ":80/artifactory/" + repoName + "/" + directoryName)) + + Reporter.log("- Create folder. Folder successfully created", true) + } + + @Test(priority=5, groups=["jcr","pro"], testName = "Deploy file to generic repo") + void deployArtifactToGenericTest(){ + def repoName = "generic-dev-local" + def directoryName = "test-directory" + def filename = "artifact.zip" + Response response = deployArtifact(repoName, directoryName, artifact, filename) + response.then().assertThat().statusCode(201) + .body("repo", equalTo(repoName)) + .body("path", equalTo("/" + directoryName + "/" + filename)) + .body("downloadUri", equalTo("http://" + artifactoryURL + ":80/artifactory/" + repoName + "/" + + directoryName + "/" + filename)) + + Reporter.log("- Deploy artifact. Artifact successfully deployed", true) + } + + @Test(priority=6, groups=["jcr", "pro"], testName = "Get the artifact info") + void getArtifactinfoTest(){ + def repoName = "generic-dev-local" + def directoryName = "test-directory" + def filename = "artifact.zip" + Response response = getInfo(repoName, directoryName, artifact, filename) + response.then().assertThat().statusCode(200) + .body("repo", equalTo(repoName)) + .body("path", equalTo("/" + directoryName + "/" + filename)) + .body("downloadUri", equalTo("http://" + artifactoryURL + ":80/artifactory/" + repoName + "/" + + directoryName + "/" + filename)) + + Reporter.log("- Get the artifact info. Artifact info is successfully returned", true) + }*/ + +/* @Test(priority=7, groups=["jcr", "pro"], testName = "Delete item") + void deleteJCRItemTest(){ + def repoName = "generic-dev-local" + def directoryName = "test-directory" + def filename = "artifact.zip" + Response response = deleteItem(repoName, directoryName, artifact, filename) + response.then().assertThat().statusCode(204) + + Response verification = getInfo(repoName, directoryName, artifact, filename) + verification.then().statusCode(404) + .body("errors[0].message", equalToIgnoringCase("Unable to find item")) + + Reporter.log("- Delete item. File has been deleted successfully", true) + }*/ + + /*@Test(priority=8, groups=["pro"], testName = "Create support bundle") + void createSupportBundleHATest(){ + def name = "Support Bundle" + LocalDate startDate = LocalDate.now().minusDays(5) + LocalDate endDate = LocalDate.now() + Response response = createSupportBundle(name, startDate, endDate) + response.then().assertThat().statusCode(200) + .body("artifactory.bundle_url", containsString(artifactoryURL)) + + Reporter.log("- Create support bundle. Successfully created", true) + }*/ + + @Test(priority=8, groups=["jcr"], testName = "Create support bundle") + void createSupportBundleJCATest(){ + def name = "Support Bundle" + LocalDate startDate = LocalDate.now().minusDays(5) + LocalDate endDate = LocalDate.now() + Response response = createSupportBundle(name, startDate, endDate) + response.then().assertThat().statusCode(400) + .body("errors[0].message", + containsStringIgnoringCase("This REST API is available only in Artifactory Pro")) + + Reporter.log("- Create support bundle, JCR. " + + "Call is not supported in JCR version, error message is correct", true) + } + + @Test(priority=9, groups=["pro"], testName = "Delete created repositories") + void deleteDefaultReposTest(){ + Response getRepoResponse = getRepos() + JsonPath jsonPathEvaluator = getRepoResponse.jsonPath() + List repoNames = jsonPathEvaluator.getList("key", String.class) + for (int i = 0; i < repoNames.size(); i ++){ + Response delete = deleteRepository(repoNames[i], username, password) + delete.then().statusCode(200) + } + + Reporter.log("- Delete HA repositories. All repositories were successfully deleted", true) + } + + @Test(priority=9, groups=["jcr",], testName = "Delete sample repositories JCR") + void deleteJCRReposTest(){ + Response getRepoResponse = getRepos() + JsonPath jsonPathEvaluator = getRepoResponse.jsonPath() + List repoNames = jsonPathEvaluator.getList("key", String.class) + for (int i = 0; i < repoNames.size(); i ++){ + Response delete = deleteRepository(repoNames[i], username, password) + delete.then().statusCode(400).body("errors[0].message", + containsStringIgnoringCase("This REST API is available only in Artifactory Pro")) + } + + Reporter.log("- Delete sample JCR repositories. All repositories were successfully deleted", true) + } + + @Test(priority=10, groups=["pro"], testName = "Verify repositories were deleted successfully") + void checkReposAreDeleted(){ + Response response = getRepos() + def numberOfRepos = response.then().extract().path("size()") + def expectedReposNumber = 0 + response.then().assertThat().statusCode(200) + .body("size()", equalTo(expectedReposNumber)) + + Reporter.log("- Verify repo were deleted. ${numberOfRepos} repositories remain", true) + } + + @Test(priority=11, groups=["pro"], testName = "Re-Create a list of repositories, for the next tests") + void reCreateDefaultHAReposTest(){ + def body + def expectedMessage + body = repoListHA + expectedMessage = "383 changes to config merged successfully" + Response response = createRepositories(body, username, password) + response.then().assertThat().statusCode(200) + .body(Matchers.hasToString(expectedMessage)) + .log().body() + + Reporter.log("- Re-create repositories for HA distribution. Successfully created", true) + } + + @Test(priority=12, groups=["jcr"], testName = "Re-Create a list of repositories, for the next tests") + void reCreateDefaultJCRReposTest(){ + def body + def expectedMessage + body = repoListJCR + expectedMessage = "82 changes to config merged successfully" + Response response = createRepositories(body, username, password) + response.then().assertThat().statusCode(200) + .body(Matchers.hasToString(expectedMessage)) + .log().body() + + Reporter.log("- Re-create repositories for JCR distribution. Successfully created", true) + } + +/* @Test(priority=13, groups=["jcr","pro"], testName = "Create a directory in generic repo") + void reCreateDirectoryTest(){ + def repoName = "generic-dev-local" + def directoryName = "test-directory/" + Response response = createDirectory(repoName, directoryName) + response.then().assertThat().statusCode(201) + .body("repo", equalTo(repoName)) + .body("path", equalTo("/" + directoryName)) + .body("uri", equalTo("http://" + artifactoryURL + ":80/artifactory/" + repoName + "/" + directoryName)) + + Reporter.log("- Create folder. Folder successfully created", true) + }*/ + +/* @Test(priority=14, groups=["jcr","pro"], testName = "Deploy file to generic repo") + void reDeployArtifactToGenericTest(){ + def repoName = "generic-dev-local" + def directoryName = "test-directory" + def filename = "artifact.zip" + Response response = deployArtifact(repoName, directoryName, artifact, filename) + response.then().assertThat().statusCode(201) + .body("repo", equalTo(repoName)) + .body("path", equalTo("/" + directoryName + "/" + filename)) + .body("downloadUri", equalTo("http://" + artifactoryURL + ":80/artifactory/" + repoName + "/" + + directoryName + "/" + filename)) + + Reporter.log("- Deploy artifact. Artifact successfully deployed", true) + }*/ + + +} diff --git a/Ansible/test/tests/src/test/groovy/tests/SecurityTest.groovy b/Ansible/test/tests/src/test/groovy/tests/SecurityTest.groovy new file mode 100644 index 0000000..a166cd0 --- /dev/null +++ b/Ansible/test/tests/src/test/groovy/tests/SecurityTest.groovy @@ -0,0 +1,153 @@ +package tests + +import io.restassured.RestAssured +import io.restassured.response.Response +import org.hamcrest.Matchers +import org.junit.Assert +import org.testng.Reporter +import org.testng.annotations.BeforeSuite +import org.testng.annotations.Test +import org.yaml.snakeyaml.Yaml +import steps.SecuritytSteps + + +class SecurityTest extends SecuritytSteps{ + + Yaml yaml = new Yaml() + def configFile = new File("./src/test/resources/testenv.yaml") + def config = yaml.load(configFile.text) + def artifactoryURL + def distribution + def username + def password + + @BeforeSuite(groups=["jcr","pro"]) + def setUp() { + artifactoryURL = config.artifactory.external_ip + distribution = config.artifactory.distribution + username = config.artifactory.rt_username + password = config.artifactory.rt_password + RestAssured.baseURI = "http://${artifactoryURL}/artifactory" + RestAssured.authentication = RestAssured.basic(username, password); + RestAssured.useRelaxedHTTPSValidation(); + } + + @Test(priority=1, groups=["pro"], dataProvider = "users", testName = "Create users") + void createUsersTest(usernameRt, emailRt, passwordRt){ + Response response = createUser(usernameRt, emailRt, passwordRt) + response.then().statusCode(201) + + Reporter.log("- Create users. User ${usernameRt} created successfully", true) + } + + @Test(priority=2, groups=["pro"], dataProvider = "users", testName = "Verify users were created successfully") + void verifyUsersTest(usernameRt, emailRt, passwordRt){ + Response response = getUserDetails(usernameRt) + response.then().statusCode(200). + body("name", Matchers.equalTo(usernameRt)). + body("email", Matchers.equalTo(emailRt)). + body("admin", Matchers.equalTo(false)). + body("groups[0]", Matchers.equalTo("readers")) + + Reporter.log("- Verify created users. User ${usernameRt} was successfully verified", true) + } + + @Test(priority=3, groups=["pro"], dataProvider = "users", testName = "Generate API keys") + void generateAPIKeysTest(usernameRt, emailRt, passwordRt) { + Response createKey = generateAPIKey(usernameRt, passwordRt) + def errorMessage = createKey.then().extract().path("error") + if (errorMessage == null) { + def key = createKey.then().extract().path("apiKey") + Response getKey = getAPIKey(usernameRt, passwordRt) + def keyVerification = getKey.then().extract().path("apiKey") + Assert.assertTrue(key == keyVerification) + Reporter.log("- Generate API keys. Key for ${usernameRt} created successfully", true) + } else if (errorMessage.toString().contains("Api key already exists for user:")){ + Reporter.log("- Generate API keys. Key for ${usernameRt} already exists, skipped", true) + } + } + + @Test(priority=4, groups=["pro"], dataProvider = "users", testName = "Re-generate API keys") + void regenerateAPIKeysTest(usernameRt, emailRt, passwordRt){ + Response regenerated = regenerateAPIKey(usernameRt, passwordRt) + regenerated.then().statusCode(200) + def key = regenerated.then().extract().path("apiKey") + Response getKey = getAPIKey(usernameRt, passwordRt) + getKey.then().statusCode(200) + def keyVerification = getKey.then().extract().path("apiKey") + Assert.assertTrue(key == keyVerification) + + Reporter.log("- Re-generate API keys. Key for ${usernameRt} re-generated successfully", true) + } + + @Test(priority=5, groups=["pro"], dataProvider = "groups", testName = "Create a group") + void createGroupTest(groupName){ + Response create = createGroup(groupName) + create.then().statusCode(201) + + Response get = getGroup(groupName) + get.then().statusCode(200) + def name = get.then().extract().path("name") + def adminPrivileges = get.then().extract().path("adminPrivileges") + Assert.assertTrue(name == groupName) + Assert.assertTrue(adminPrivileges == false) + + Reporter.log("- Create group. Group ${groupName} was successfully created", true) + } + + @Test(priority=6, groups=["pro"], testName = "Create and verify permissions") + void createPermissionsTest(){ + def permissionName = "testPermission" + def repository = "ANY" + def user1 = "testuser0" + def user2 = "testuser1" + def group1 = "test-group-0" + def group2 = "test-group-1" + def action1 = "read" + def action2 = "write" + def action3 = "manage" + Response create = createPermissions(permissionName, repository, user1, user2, + group1, group2, action1, action2, action3) + create.then().statusCode(200) + + Response get = getPermissions(permissionName) + get.then().statusCode(200) + Assert.assertTrue(permissionName == get.then().extract().path("name")) + Assert.assertTrue(repository == get.then().extract().path("repo.repositories[0]")) + Assert.assertTrue(action1 == get.then().extract().path("repo.actions.users.${user1}[0]")) + Assert.assertTrue(action2 == get.then().extract().path("repo.actions.users.${user1}[1]")) + Assert.assertTrue(action3 == get.then().extract().path("repo.actions.users.${user1}[2]")) + Assert.assertTrue(action1 == get.then().extract().path("repo.actions.users.${user2}[0]")) + Assert.assertTrue(action2 == get.then().extract().path("repo.actions.users.${user2}[1]")) + Assert.assertTrue(action3 == get.then().extract().path("repo.actions.users.${user2}[2]")) + Assert.assertTrue(action1 == get.then().extract().path("repo.actions.groups.${group1}[0]")) + Assert.assertTrue(action2 == get.then().extract().path("repo.actions.groups.${group2}[1]")) + Assert.assertTrue(action1 == get.then().extract().path("repo.actions.groups.${group2}[0]")) + Assert.assertTrue(action2 == get.then().extract().path("repo.actions.groups.${group2}[1]")) + + Reporter.log("- Create permissions. Permissions successfully created and verified", true) + } + + @Test(priority=7, groups=["pro"], testName = "Delete permissions") + void deletePermissionsTest(){ + def permissionName = "testPermission" + Response delete = deletePermissions(permissionName) + delete.then().statusCode(200) + Reporter.log("- Delete permissions. User ${permissionName} has been removed successfully", true) + } + + @Test(priority=8, groups=["pro"], dataProvider = "users", testName = "Delete non-default users") + void deleteUserTest(usernameRt, email, passwordRt){ + Response delete = deleteUser(usernameRt) + delete.then().statusCode(200).body(Matchers.containsString("${usernameRt}")) + Reporter.log("- Delete user. User ${usernameRt} has been removed successfully", true) + } + + @Test(priority=9, groups=["pro"], dataProvider = "groups", testName = "Delete non-default groups") + void deleteGroupTest(groupName){ + Response delete = deleteGroup(groupName) + delete.then().statusCode(200).body(Matchers.containsString("${groupName}")) + Reporter.log("- Delete group. Group ${groupName} has been removed successfully", true) + } + +} diff --git a/Ansible/test/tests/src/test/groovy/tests/XrayTest.groovy b/Ansible/test/tests/src/test/groovy/tests/XrayTest.groovy new file mode 100644 index 0000000..ef6e4c4 --- /dev/null +++ b/Ansible/test/tests/src/test/groovy/tests/XrayTest.groovy @@ -0,0 +1,332 @@ +package tests + +import io.restassured.RestAssured +import io.restassured.response.Response +import org.testng.Assert +import org.testng.Reporter +import org.testng.annotations.BeforeSuite +import org.testng.annotations.BeforeTest +import org.testng.annotations.Test +import org.yaml.snakeyaml.Yaml +import steps.XraySteps + +import java.time.LocalDate + +import static org.hamcrest.Matchers.containsStringIgnoringCase +import static org.hamcrest.Matchers.emptyArray +import static org.hamcrest.Matchers.equalTo +import static org.hamcrest.Matchers.hasItem +import static org.hamcrest.Matchers.is +import static org.hamcrest.Matchers.isA +import static org.hamcrest.Matchers.not +import static org.hamcrest.Matchers.notNullValue +import static org.hamcrest.Matchers.nullValue + + +class XrayTest extends XraySteps{ + + Yaml yaml = new Yaml() + def configFile = new File("./src/test/resources/testenv.yaml") + def config = yaml.load(configFile.text) + def artifactoryURL + def distribution + def username + def password + def randomIndex + def policyName + def watchName + + @BeforeSuite(groups=["xray"]) + def setUp() { + artifactoryURL = config.artifactory.external_ip + distribution = config.artifactory.distribution + username = config.artifactory.rt_username + password = config.artifactory.rt_password + RestAssured.authentication = RestAssured.basic(username, password) + RestAssured.useRelaxedHTTPSValidation() + Random random = new Random() + randomIndex = random.nextInt(10000000) + policyName = "security_policy_${randomIndex}" + watchName = "all-repositories_${randomIndex}" + } + @BeforeTest(groups=["xray"]) + def testSetUp() { + RestAssured.baseURI = "http://${artifactoryURL}/xray/api" + } + + @Test(priority=1, groups=["xray"], dataProvider = "issueEvents", testName = "Create Issue Event") + void createIssueEventTest(issueID, cve, summary, description){ + Response create = createIssueEvent(issueID+randomIndex, cve, summary, description, username, password) + create.then().statusCode(201) + Response get = getIssueEvent(issueID+randomIndex, username, password) + get.then().statusCode(200) + def issueIDverification = get.then().extract().path("id") + def cveVerification = get.then().extract().path("source_id") + def summaryVerification = get.then().extract().path("summary") + def descriptionVerification = get.then().extract().path("description") + Assert.assertTrue(issueID+randomIndex == issueIDverification) + Assert.assertTrue(cve == cveVerification) + Assert.assertTrue(summary == summaryVerification) + Assert.assertTrue(description == descriptionVerification) + + Reporter.log("- Create issue event. Issue event with ID ${issueID+randomIndex} created and verified successfully", true) + } + + @Test(priority=2, groups=["xray"], dataProvider = "issueEvents", testName = "Update Issue Event", + dependsOnMethods = "createIssueEventTest") + void updateIssueEventTest(issueID, cve, summary, description){ + cve = "CVE-2017-0000000" + summary = "Updated" + description = "Updated" + Response update = updateIssueEvent(issueID+randomIndex, cve, summary, description, username, password) + update.then().statusCode(200) + Response get = getIssueEvent(issueID+randomIndex, username, password) + get.then().statusCode(200) + def cveVerification = get.then().extract().path("source_id") + def summaryVerification = get.then().extract().path("summary") + def descriptionVerification = get.then().extract().path("description") + Assert.assertTrue(cve == cveVerification) + Assert.assertTrue(summary == summaryVerification) + Assert.assertTrue(description == descriptionVerification) + + Reporter.log("- Update issue event. Issue event with ID ${issueID+randomIndex} updated and verified successfully", true) + } + + @Test(priority=3, groups=["xray"], testName = "Create policy") + void createPolicyTest(){ + Response create = createPolicy(policyName, username, password) + create.then().statusCode(201) + + Response get = getPolicy(policyName, username, password) + get.then().statusCode(200) + def policyNameVerification = get.then().extract().path("name") + Assert.assertTrue(policyName == policyNameVerification) + + Reporter.log("- Create policy. Policy with name ${policyName} created and verified successfully", true) + } + + @Test(priority=4, groups=["xray"], testName = "Update policy", dependsOnMethods = "createPolicyTest") + void updatePolicyTest(){ + def description = "Updated description" + Response update = updatePolicy(policyName, description, username, password) + update.then().statusCode(200) + + Response get = getPolicy(policyName, username, password) + get.then().statusCode(200) + def descriptionVerification = get.then().extract().path("description") + Assert.assertTrue(description == descriptionVerification) + + Reporter.log("- Update policy. Policy with name ${policyName} updated and verified successfully", true) + } + + @Test(priority=4, groups=["xray"], testName = "Get policies") + void getPoliciesTest(){ + Response response = getPolicies(username, password) + response.then().statusCode(200) + .body("name", notNullValue()) + .body("type", notNullValue()) + .body("description", notNullValue()) + .body("author", notNullValue()) + .body("rules", notNullValue()) + .body("created", notNullValue()) + .body("modified", notNullValue()) + def policies = response.then().extract().path("name") + Reporter.log("- Get policies. Policies list is returned successfully. " + + "Policies returned: ${policies}", true) + } + + @Test(priority=5, groups=["xray"], testName = "Create watch for the repositories", dependsOnMethods = "createPolicyTest") + void createWatchTest(){ + Response create = createWatchEvent(watchName, policyName, username, password) + create.then().statusCode(201) + .body("info", + equalTo("Watch has been successfully created")) + + Response get = getWatchEvent(watchName, username, password) + get.then().statusCode(200) + .body("general_data.name", equalTo((watchName).toString())) + + Reporter.log("- Create watch. Watch with name ${watchName} has been created and verified successfully", true) + } + + @Test(priority=6, groups=["xray"], testName = "Update watch for the repositories", dependsOnMethods = "createWatchTest") + void updateWatchTest(){ + def description = "Updated watch" + Response create = updateWatchEvent(watchName, description, policyName, username, password) + create.then().statusCode(200) + .body("info", + equalTo("Watch was successfully updated")) + + Response get = getWatchEvent(watchName, username, password) + get.then().statusCode(200) + .body("general_data.description", equalTo(description)) + + Reporter.log("- Update watch. Watch with name ${watchName} has been updated and verified successfully", true) + } + + @Test(priority=7, groups=["xray"], testName = "Assign policy to watches") + void assignPolicyToWatchTest(){ + Response response = assignPolicy(watchName, policyName, username, password) + response.then().statusCode(200) + .body("result.${watchName}", + equalTo("Policy assigned successfully to Watch")) + + Reporter.log("- Assign policy to watch. Policy assigned successfully to Watch", true) + } + + @Test(priority=8, groups=["xray"], testName = "Delete watch") + void deleteWatchTest(){ + Response response = deleteWatchEvent(watchName, username, password) + response.then().statusCode(200) + .body("info", + equalTo("Watch was deleted successfully")) + + Reporter.log("- Delete watch. Watch ${watchName} has been successfully deleted", true) + } + + @Test(priority=9, groups=["xray"], testName = "Delete policy") + void deletePolicyTest(){ + + Response response = deletePolicy(policyName, username, password) + response.then().statusCode(200) + .body("info", + equalTo(("Policy ${policyName} was deleted successfully").toString())) + + Reporter.log("- Delete policy. Policy ${policyName} has been successfully deleted", true) + } + +/* @Test(priority=10, groups=["xray"], testName = "Start scan") + void startScanTest(){ + def artifactPath = "default/generic-dev-local/test-directory/artifact.zip" + Response getSha = artifactSummary(username, password, artifactPath) + def componentID = getSha.then().extract().path("artifacts[0].licenses[0].components[0]") + + Response scan = startScan(username, password, componentID) + scan.then().statusCode(200) + .body("info", + equalTo(("Scan of artifact is in progress").toString())) + + Reporter.log("- Start scan. Scan of ${componentID} has been started successfully", true) + }*/ + + @Test(priority=11, groups=["xray"], testName = "Create and get integration configuration") + void integrationConfigurationTest(){ + def vendorName = "vendor_${randomIndex}" + Response post = addtIntegrationConfiguration(username, password, vendorName) + post.then().statusCode(200) + + Response get = getIntegrationConfiguration(username, password) + int bodySize = get.body().jsonPath().getList(".").size() + get.then().statusCode(200) + .body("[" + (bodySize-1) + "].vendor", equalTo(vendorName.toString())) + + Reporter.log("- Integration configuration. " + + "Configuration for vendor ${vendorName} has been successfully added and verified", true) + } + + @Test(priority=12, groups=["xray"], testName = "Enable TLS for RabbitMQ") + void enableTLSRabbitMQTest(){ + File body = new File("./src/test/resources/enableRabbitMQ.json") + Response post = postSystemParameters(username, password, body) + post.then().statusCode(200) + + Response get = getSystemParameters(username, password) + get.then().statusCode(200).body("enableTlsConnectionToRabbitMQ", equalTo(true)) + + Reporter.log("- Enable TLS for RabbitMQ. TLS for RabbitMQ has been successfully enabled and verified", true) + } + + @Test(priority=13, groups=["xray"], testName = "Get binary manager") + void getBinaryManagerTest(){ + Response response = getBinaryManager(username, password) + response.then().statusCode(200) + .body("binMgrId", equalTo("default")) + .body("license_valid", equalTo(true)) + .body("binMgrId", equalTo("default")) + def version = response.then().extract().path("version") + + Reporter.log("- Get binary manager. Binary manager is verified, connected RT version: ${version}", true) + } + + @Test(priority=14, groups=["xray"], testName = "Get repo indexing configuration") + void getIndexingConfigurationTest(){ + Response response = getIndexingConfiguration(username, password) + response.then().statusCode(200) + .body("bin_mgr_id", equalTo("default")) + .body("indexed_repos.name", hasItem("generic-dev-local")) + + Reporter.log("- Get repo indexing configuration.", true) + } + + @Test(priority=15, groups=["xray"], testName = "Update repo indexing configuration") + void updateIndexingConfigurationTest(){ + Response response = updateIndexingConfiguration(username, password) + response.then().statusCode(200) + .body("info", equalTo("Repositories list has been successfully sent to Artifactory")) + + Reporter.log("- Update repo indexing configuration. Successfully updated", true) + } + + // Force reindex test, add in latest versions of X-ray + +/* @Test(priority=16, groups=["xray"], testName = "Get artifact summary") + void artifactSummaryTest(){ + def artifactPath = "default/generic-dev-local/test-directory/artifact.zip" + Response post = artifactSummary(username, password, artifactPath) + post.then().statusCode(200) + .body("artifacts[0].general.path", equalTo(artifactPath)) + + Reporter.log("- Get artifact summary. Artifact summary has been returned successfully", true) + }*/ + + @Test(priority=17, groups=["xray"], testName = "Create support bundle") + void createSupportBundleTest(){ + def name = "Support Bundle" + LocalDate startDate = LocalDate.now().minusDays(5) + LocalDate endDate = LocalDate.now() + Response response = createSupportBundle(username, password, name, startDate, endDate) + def bundle_url = response.then().extract().path("artifactory.bundle_url") + if ((bundle_url.toString()).contains(artifactoryURL)) { + Reporter.log("- Create support bundle. Successfully created using X-ray API", true) + } else if (((bundle_url.toString()).contains("localhost"))){ + Reporter.log("- Create support bundle. Created with a bug, localhost instead of the hostname", true) + } + } + + @Test(priority=18, groups=["xray"], testName = "Get system monitoring status") + void getSystemMonitoringTest(){ + Response response = getSystemMonitoringStatus(username, password) + response.then().statusCode(200) + + Reporter.log("- Get system monitoring status. Data returned successfully", true) + } + + @Test(priority=19, groups=["xray"], testName = "X-ray ping request") + void xrayPingRequestTest(){ + Response response = xrayPingRequest(username, password) + response.then().statusCode(200) + .body("status", equalTo("pong")) + + Reporter.log("- Get system monitoring status. Data returned successfully", true) + } + + @Test(priority=20, groups=["xray"], testName = "X-ray version") + void xrayGetVersionTest(){ + Response response = xrayGetVersion(username, password) + response.then().statusCode(200) + .body("xray_version", notNullValue()) + .body("xray_revision", notNullValue()) + def version = response.then().extract().path("xray_version") + def revision = response.then().extract().path("xray_revision") + + Reporter.log("- Get X-ray version. Version: ${version}, revision: ${revision}", true) + } + + + + +} + + + + diff --git a/Ansible/test/tests/src/test/groovy/utils/ConfigurationUtil.groovy b/Ansible/test/tests/src/test/groovy/utils/ConfigurationUtil.groovy new file mode 100644 index 0000000..208bf29 --- /dev/null +++ b/Ansible/test/tests/src/test/groovy/utils/ConfigurationUtil.groovy @@ -0,0 +1,19 @@ +package utils + +class ConfigurationUtil { + + static def getEnvironmentVariableValue(def name) { + def value = System.getProperty(name) + if (value == null) { + value = System.getenv(name) + if (value == null) { + throw new Exception("Environment variable $name not set!"); + } + } + return value + } + + + + +} diff --git a/Ansible/test/tests/src/test/groovy/utils/DSL.groovy b/Ansible/test/tests/src/test/groovy/utils/DSL.groovy new file mode 100644 index 0000000..6a14f48 --- /dev/null +++ b/Ansible/test/tests/src/test/groovy/utils/DSL.groovy @@ -0,0 +1,81 @@ +package utils + +import utils.ProcessOutputStream + +/** + * Created by eliom on 6/19/18. + */ +class DSL { + + /** + * Run shell command + */ + static def sh = { command, outputBuffer = null, folder = null, silent = false, customEnvVariables = null, errorBuffer = null -> + //def workdir = ConfigurationUtil.getEnvironmentVariableValue("KERMIT_WORKSPACE_DIR") + def workdir = "/Users/danielmi/projects/soldev/.kermit-workspace" + def commandFolder + if (folder != null) { + commandFolder = new File(folder, workdir) + } else { + commandFolder = workdir + } + + if (!silent) { + println "Running command at ${commandFolder}: $command" + } + def proc = null + try { + def env = System.getenv().collect { k, v -> "$k=$v" } + + if (customEnvVariables != null) { + env.addAll( customEnvVariables.collect { k, v -> "$k=$v" }) + } + + if (command instanceof List && command.size() > 0 && command[0] instanceof List) { + //Pipe Commands + command.each { + if (proc != null) { + proc = proc | it.execute(env, commandFolder) + } else { + proc = it.execute(env, commandFolder) + } + } + } else { + proc = command.execute(env, commandFolder) + } + } catch (IOException e) { + println "Failed to execute command: ${e.getMessage()}" + return -1 + } + def processOutput = new ProcessOutputStream(silent, outputBuffer == null) + def errorOutput = processOutput + if (errorBuffer != null) { + errorOutput = new ProcessOutputStream(silent, errorBuffer == null) + } + + proc.consumeProcessOutput(processOutput, errorOutput) + def exitStatus = proc.waitFor() + if (!silent) { + println "Exit: $exitStatus" + } + if (outputBuffer != null) { + outputBuffer.append(processOutput.toString()) + } + + processOutput.close() + + if (errorBuffer != null) { + errorBuffer.append(errorOutput.toString()) + errorOutput.close() + } + + return exitStatus + } + + + //... + + + + +} diff --git a/Ansible/test/tests/src/test/groovy/utils/EnvironmentConfig.groovy b/Ansible/test/tests/src/test/groovy/utils/EnvironmentConfig.groovy new file mode 100644 index 0000000..db7d017 --- /dev/null +++ b/Ansible/test/tests/src/test/groovy/utils/EnvironmentConfig.groovy @@ -0,0 +1,10 @@ +package utils + + + +class EnvironmentConfig { + + + + +} diff --git a/Ansible/test/tests/src/test/groovy/utils/ProcessOutputStream.groovy b/Ansible/test/tests/src/test/groovy/utils/ProcessOutputStream.groovy new file mode 100644 index 0000000..aff11c2 --- /dev/null +++ b/Ansible/test/tests/src/test/groovy/utils/ProcessOutputStream.groovy @@ -0,0 +1,32 @@ +package utils + +public class ProcessOutputStream extends ByteArrayOutputStream{ + + private boolean silent = false; + private boolean discardOutput = false; + + public ProcessOutputStream(boolean silent, boolean discardOutput) { + this.silent = silent; + this.discardOutput = discardOutput; + } + + @Override + public synchronized void write(int b) { + if (!silent) { + System.out.write(b); + } + if (!discardOutput) { + super.write(b); + } + } + + @Override + public synchronized void write(byte[] b, int off, int len) { + if (!silent) { + System.out.write(b, off, len); + } + if (!discardOutput) { + super.write(b, off, len); + } + } +} \ No newline at end of file diff --git a/Ansible/test/tests/src/test/groovy/utils/Shell.groovy b/Ansible/test/tests/src/test/groovy/utils/Shell.groovy new file mode 100644 index 0000000..87d4aaf --- /dev/null +++ b/Ansible/test/tests/src/test/groovy/utils/Shell.groovy @@ -0,0 +1,17 @@ +package utils + +class Shell { + + def executeProc(cmd) { + println(cmd) + def proc = cmd.execute() + + proc.in.eachLine {line -> + println line + } + + println proc.err.text + + proc.exitValue() + } +} diff --git a/Ansible/test/tests/src/test/groovy/utils/WorkSpaceManager.groovy b/Ansible/test/tests/src/test/groovy/utils/WorkSpaceManager.groovy new file mode 100644 index 0000000..f1262bb --- /dev/null +++ b/Ansible/test/tests/src/test/groovy/utils/WorkSpaceManager.groovy @@ -0,0 +1,32 @@ +package utils + +/** + * Created by eliom on 6/26/18. + */ +class WorkspaceManager { + + //TODO: Make it Thread safe + def static currentPath = [] + + def static pushPath(path) { + currentPath.push(path) + } + + def static popPath() { + currentPath.pop() + } + + def static getCurrentDir() { + def workspaceRoot = ConfigurationUtil.getWorkspaceDir() + if (currentPath.size() > 0) { + def currentDir = new File(currentPath.join('/'), workspaceRoot) + if (!currentDir.exists()) { + currentDir.mkdirs() + } + return currentDir + } else { + return workspaceRoot + } + } + +} diff --git a/Ansible/test/tests/src/test/resources/enableRabbitMQ.json b/Ansible/test/tests/src/test/resources/enableRabbitMQ.json new file mode 100644 index 0000000..c6e54d4 --- /dev/null +++ b/Ansible/test/tests/src/test/resources/enableRabbitMQ.json @@ -0,0 +1,11 @@ +{ + "sslInsecure": false, + "maxDiskDataUsage": 80, + "monitorSamplingInterval": 300, + "mailNoSsl": false, + "messageMaxTTL": 7, + "jobInterval": 86400, + "allowSendingAnalytics": true, + "httpsPort": 443, + "enableTlsConnectionToRabbitMQ": true +} \ No newline at end of file diff --git a/Ansible/test/tests/src/test/resources/integration.json b/Ansible/test/tests/src/test/resources/integration.json new file mode 100644 index 0000000..08ba303 --- /dev/null +++ b/Ansible/test/tests/src/test/resources/integration.json @@ -0,0 +1,9 @@ +{ + "vendor": "whitesource5", + "api_key": "12345", + "enabled": true, + "context": "project_id", + "url": "https://saas.whitesourcesoftware.com/xray", + "description": "WhiteSource provides a simple yet powerful open source security and licenses management solution. More details at http://www.whitesourcesoftware.com.", + "test_url": "https://saas.whitesourcesoftware.com/xray/api/checkauth" +} \ No newline at end of file diff --git a/Ansible/test/tests/src/test/resources/repositories/CreateDefault.yaml b/Ansible/test/tests/src/test/resources/repositories/CreateDefault.yaml new file mode 100644 index 0000000..ef1f5fd --- /dev/null +++ b/Ansible/test/tests/src/test/resources/repositories/CreateDefault.yaml @@ -0,0 +1,554 @@ +localRepositories: + libs-release-local: + type: maven + description: "production deployment" + repoLayout: maven-2-default + xray: + enabled: true + libs-snapshot-local: + type: maven + description: "snapshot deployment" + repoLayout: maven-2-default + xray: + enabled: true + maven-prod-local: + type: maven + description: "production release deployment" + repoLayout: maven-2-default + xray: + enabled: true + maven-dev-local: + type: maven + description: "development release deployment" + repoLayout: maven-2-default + xray: + enabled: true + maven-release-local: + type: maven + description: "development release deployment" + repoLayout: maven-2-default + xray: + enabled: true + maven-snapshot-local: + type: maven + description: "development release deployment" + repoLayout: maven-2-default + xray: + enabled: true + gradle-prod-local: + type: gradle + description: "production deployment" + repoLayout: gradle-default + xray: + enabled: true + gradle-dev-local: + type: gradle + description: "development deployment" + repoLayout: gradle-default + xray: + enabled: true + tomcat-local: + type: generic + description: "used by demo" + repoLayout: simple-default + xray: + enabled: true + generic-prod-local: + type: generic + description: "production deployment" + repoLayout: simple-default + xray: + enabled: true + generic-dev-local: + type: generic + description: "development deployment" + repoLayout: simple-default + xray: + enabled: true + ivy-prod-local: + type: ivy + description: "production deployment" + repoLayout: "ivy-default" + xray: + enabled: true + ivy-dev-local: + type: ivy + description: "development deployment" + repoLayout: ivy-default + xray: + enabled: true + helm-prod-local: + type: helm + description: "production deployment" + repoLayout: simple-default + xray: + enabled: true + helm-dev-local: + type: helm + description: "development deployment" + repoLayout: simple-default + xray: + enabled: true + sbt-prod-local: + type: sbt + description: "production deployment" + repoLayout: sbt-default + xray: + enabled: true + sbt-dev-local: + type: sbt + description: "development deployment" + repoLayout: sbt-default + xray: + enabled: true + nuget-prod-local: + type: nuget + description: "production deployment" + repoLayout: nuget-default + xray: + enabled: true + nuget-dev-local: + type: nuget + description: "development deployment" + repoLayout: nuget-default + xray: + enabled: true + gems-prod-local: + type: gems + description: "production deployment" + repoLayout: simple-default + xray: + enabled: true + gems-dev-local: + type: gems + description: "development deployment" + repoLayout: simple-default + xray: + enabled: true + npm-prod-local: + type: npm + description: "production deployment" + repoLayout: npm-default + xray: + enabled: true + npm-dev-local: + type: npm + description: "development deployment" + repoLayout: npm-default + xray: + enabled: true + bower-prod-local: + type: bower + description: "production deployment" + repoLayout: bower-default + xray: + enabled: true + bower-dev-local: + type: bower + description: "development deployment" + repoLayout: bower-default + xray: + enabled: true + debian-prod-local: + type: debian + description: "production deployment" + repoLayout: simple-default + xray: + enabled: true + debian-dev-local: + type: debian + description: "development deployment" + repoLayout: simple-default + xray: + enabled: true + php-prod-local: + type: composer + description: "production deployment" + repoLayout: composer-default + xray: + enabled: true + php-dev-local: + type: composer + description: "development deployment" + repoLayout: composer-default + xray: + enabled: true + pypi-prod-local: + type: pypi + description: "production deployment" + repoLayout: simple-default + xray: + enabled: true + pypi-dev-local: + type: pypi + description: "development deployment" + repoLayout: simple-default + xray: + enabled: true + docker-prod-local: + type: docker + description: "production deployment" + repoLayout: simple-default + xray: + enabled: true + docker-stage-local: + type: docker + description: "stage deployment" + repoLayout: simple-default + xray: + enabled: true + docker-dev-local: + type: docker + description: "development deployment" + repoLayout: simple-default + xray: + enabled: true + docker-local: + type: docker + description: "docker deployment" + repoLayout: simple-default + xray: + enabled: true + docker-push: + type: docker + description: "docker push repo for push replication testing" + repoLayout: simple-default + xray: + enabled: true + vagrant-prod-local: + type: vagrant + description: "production deployment" + repoLayout: simple-default + xray: + enabled: true + vagrant-dev-local: + type: vagrant + description: "development deployment" + repoLayout: simple-default + xray: + enabled: true + gitlfs-prod-local: + type: gitlfs + description: "production deployment" + repoLayout: simple-default + xray: + enabled: true + gitlfs-dev-local: + type: gitlfs + description: "development deployment" + repoLayout: simple-default + xray: + enabled: true + rpm-prod-local: + type: yum + description: "production deployment" + repoLayout: simple-default + xray: + enabled: true + rpm-dev-local: + type: yum + description: "development deployment" + repoLayout: simple-default + xray: + enabled: true + conan-prod-local: + type: conan + description: "production deployment" + repoLayout: conan-default + xray: + enabled: true + conan-dev-local: + type: conan + description: "development deployment" + repoLayout: conan-default + xray: + enabled: true + chef-prod-local: + type: chef + description: "production deployment" + repoLayout: simple-default + xray: + enabled: true + chef-dev-local: + type: chef + description: "development deployment" + repoLayout: simple-default + xray: + enabled: true + puppet-prod-local: + type: puppet + description: "production deployment" + repoLayout: puppet-default + xray: + enabled: true + puppet-dev-local: + type: puppet + description: "development deployment" + repoLayout: puppet-default + xray: + enabled: true + go-prod-local: + type: go + description: "production deployment" + repoLayout: go-default + xray: + enabled: true + go-staging-local: + type: go + description: "production deployment" + repoLayout: go-default + xray: + enabled: true +remoteRepositories: + docker-remote: + type: docker + url: https://registry-1.docker.io + repoLayout: simple-default + enableTokenAuthentication: true + xray: + enabled: true + helm-remote: + type: helm + url: https://storage.googleapis.com/kubernetes-charts + repoLayout: simple-default + xray: + enabled: true + jcenter: + type: maven + url: https://jcenter.bintray.com + repoLayout: maven-2-default + xray: + enabled: true + npm-remote: + type: npm + url: https://registry.npmjs.org + repoLayout: npm-default + xray: + enabled: true + nuget-remote: + type: nuget + url: https://www.nuget.org/ + repoLayout: nuget-default + xray: + enabled: true + bower-remote: + type: bower + url: https://github.com/ + repoLayout: bower-default + xray: + enabled: true + gems-remote: + type: gems + url: https://rubygems.org/ + repoLayout: simple-default + xray: + enabled: true + debian-remote: + type: debian + url: http://archive.ubuntu.com/ubuntu/ + repoLayout: simple-default + xray: + enabled: true + php-remote: + type: composer + url: https://github.com/ + repoLayout: composer-default + xray: + enabled: true + pypi-remote: + type: pypi + url: https://files.pythonhosted.org + repoLayout: simple-default + xray: + enabled: true + rpm-remote: + type: yum + url: http://mirror.centos.org/centos/ + repoLayout: simple-default + xray: + enabled: true + chef-remote: + type: chef + url: https://supermarket.chef.io + repoLayout: simple-default + xray: + enabled: true + puppet-remote: + type: puppet + url: https://forgeapi.puppetlabs.com/ + repoLayout: puppet-default + xray: + enabled: true +virtualRepositories: + maven-release-virtual: + type: maven + repositories: + - maven-prod-local + - jcenter + - maven-release-local + - libs-release-local + description: "maven release virtual repositories" + defaultDeploymentRepo: maven-release-local + maven-snapshot-virtual: + type: maven + repositories: + - maven-snapshot-local + - jcenter + - maven-dev-local + - libs-snapshot-local + description: "maven snapshot virtual repositories" + defaultDeploymentRepo: maven-snapshot-local + gradle-virtual: + type: gradle + repositories: + - gradle-dev-local + - jcenter + - gradle-prod-local + - libs-release-local + description: "gradle virtual repositories" + defaultDeploymentRepo: gradle-dev-local + docker-PLACEHOLDERFORBUILDSTEP: + type: docker + repositories: + - docker-local + - docker-remote + - docker-dev-local + - docker-prod-local + - docker-stage-local + - docker-push + description: "docker virtual" + defaultDeploymentRepo: docker-stage-local + docker-virtual: + type: docker + repositories: + - docker-local + - docker-remote + - docker-dev-local + - docker-prod-local + - docker-stage-local + - docker-push + description: "docker virtual" + defaultDeploymentRepo: docker-stage-local + libs-release: + type: maven + repositories: + - libs-release-local + - jcenter + description: "maven libraries virtual" + defaultDeploymentRepo: libs-release-local + libs-snapshot: + type: maven + repositories: + - libs-snapshot-local + - jcenter + description: "maven libraries virtual" + defaultDeploymentRepo: libs-snapshot-local + ivy-virtual: + type: ivy + repositories: + - ivy-prod-local + - ivy-dev-local + - jcenter + description: "ivy virtual" + defaultDeploymentRepo: ivy-dev-local + generic-virtual: + type: generic + repositories: + - generic-prod-local + - generic-dev-local + description: "generic virtual" + defaultDeploymentRepo: generic-dev-local + helm-virtual: + type: helm + repositories: + - helm-prod-local + - helm-dev-local + - helm-remote + description: "helm virtual" + defaultDeploymentRepo: helm-dev-local + nuget-virtual: + type: nuget + repositories: + - nuget-prod-local + - nuget-dev-local + - nuget-remote + description: "nuget virtual" + defaultDeploymentRepo: nuget-dev-local + npm-virtual: + type: npm + repositories: + - npm-dev-local + - npm-remote + - npm-prod-local + description: "npm virtual" + defaultDeploymentRepo: npm-dev-local + chef-virtual: + type: chef + repositories: + - chef-dev-local + - chef-remote + - chef-prod-local + description: "chef virtual" + defaultDeploymentRepo: chef-dev-local + puppet-virtual: + type: puppet + repositories: + - puppet-dev-local + - puppet-remote + - puppet-prod-local + description: "puppet virtual" + defaultDeploymentRepo: puppet-dev-local + rpm-virtual: + type: yum + repositories: + - rpm-dev-local + - rpm-remote + - rpm-prod-local + description: "rpm virtual" + defaultDeploymentRepo: rpm-dev-local + gitlfs-virtual: + type: gitlfs + repositories: + - gitlfs-dev-local + - gitlfs-prod-local + description: "gitlfs virtual" + defaultDeploymentRepo: gitlfs-dev-local + pypi-virtual: + type: pypi + repositories: + - pypi-dev-local + - pypi-prod-local + - pypi-remote + description: "pypi virtual" + defaultDeploymentRepo: pypi-dev-local + bower-virtual: + type: bower + repositories: + - bower-dev-local + - bower-prod-local + - bower-remote + description: "bower virtual" + defaultDeploymentRepo: bower-dev-local + gems-virtual: + type: gems + repositories: + - gems-dev-local + - gems-prod-local + - gems-remote + description: "gems virtual" + defaultDeploymentRepo: gems-dev-local + sbt-virtual: + type: sbt + repositories: + - sbt-dev-local + - sbt-prod-local + - jcenter + description: "sbt virtual" + defaultDeploymentRepo: sbt-dev-local + go-staging: + type: go + repositories: + - go-staging-local + - go-prod-local + description: "go virtual" + defaultDeploymentRepo: go-staging-local diff --git a/Ansible/test/tests/src/test/resources/repositories/CreateJCR.yaml b/Ansible/test/tests/src/test/resources/repositories/CreateJCR.yaml new file mode 100644 index 0000000..38a5feb --- /dev/null +++ b/Ansible/test/tests/src/test/resources/repositories/CreateJCR.yaml @@ -0,0 +1,119 @@ +localRepositories: + tomcat-local: + type: generic + description: "used by demo" + repoLayout: simple-default + xray: + enabled: true + generic-prod-local: + type: generic + description: "production deployment" + repoLayout: simple-default + xray: + enabled: true + generic-dev-local: + type: generic + description: "development deployment" + repoLayout: simple-default + xray: + enabled: true + helm-prod-local: + type: helm + description: "production deployment" + repoLayout: simple-default + xray: + enabled: true + helm-dev-local: + type: helm + description: "development deployment" + repoLayout: simple-default + xray: + enabled: true + docker-generator: + type: docker + description: "docker generator repo for generation testing" + repoLayout: simple-default + xray: + enabled: true + docker-prod-local: + type: docker + description: "production deployment" + repoLayout: simple-default + xray: + enabled: true + docker-stage-local: + type: docker + description: "stage deployment" + repoLayout: simple-default + xray: + enabled: true + docker-dev-local: + type: docker + description: "development deployment" + repoLayout: simple-default + xray: + enabled: true + docker-local: + type: docker + description: "docker deployment" + repoLayout: simple-default + xray: + enabled: true + docker-push: + type: docker + description: "docker push repo for push replication testing" + repoLayout: simple-default + xray: + enabled: true +virtualRepositories: + generic-virtual: + type: generic + repositories: + - generic-prod-local + - generic-dev-local + description: "generic virtual" + defaultDeploymentRepo: generic-dev-local + helm-virtual: + type: helm + repositories: + - helm-prod-local + - helm-dev-local + - helm-remote + description: "helm virtual" + defaultDeploymentRepo: helm-dev-local + docker-PLACEHOLDERFORBUILDSTEP: + type: docker + repositories: + - docker-local + - docker-remote + - docker-dev-local + - docker-prod-local + - docker-stage-local + - docker-push + description: "docker virtual" + defaultDeploymentRepo: docker-stage-local + docker-virtual: + type: docker + repositories: + - docker-local + - docker-remote + - docker-dev-local + - docker-prod-local + - docker-stage-local + - docker-push + description: "docker virtual" + defaultDeploymentRepo: docker-stage-local +remoteRepositories: + helm-remote: + type: helm + url: https://storage.googleapis.com/kubernetes-charts + repoLayout: simple-default + xray: + enabled: true + docker-remote: + type: docker + url: https://registry-1.docker.io + repoLayout: simple-default + enableTokenAuthentication: true + xray: + enabled: true \ No newline at end of file diff --git a/Ansible/test/tests/src/test/resources/repositories/artifact.zip b/Ansible/test/tests/src/test/resources/repositories/artifact.zip new file mode 100644 index 0000000..0e86cb5 Binary files /dev/null and b/Ansible/test/tests/src/test/resources/repositories/artifact.zip differ diff --git a/Ansible/test/tests/src/test/resources/testenv.yaml b/Ansible/test/tests/src/test/resources/testenv.yaml new file mode 100644 index 0000000..55ff648 --- /dev/null +++ b/Ansible/test/tests/src/test/resources/testenv.yaml @@ -0,0 +1,6 @@ +artifactory: + url: urlval + external_ip: ipval + distribution: artifactory_ha + rt_username: admin + rt_password: passval \ No newline at end of file diff --git a/JFrogContainerRegistry/AzureResourceManager/createUiDefinition.json b/AzureResourceManager/MP_submission_7/createUiDefinition.json similarity index 60% rename from JFrogContainerRegistry/AzureResourceManager/createUiDefinition.json rename to AzureResourceManager/MP_submission_7/createUiDefinition.json index 56ad946..b935f73 100644 --- a/JFrogContainerRegistry/AzureResourceManager/createUiDefinition.json +++ b/AzureResourceManager/MP_submission_7/createUiDefinition.json @@ -1,6 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#", - "handler": "Microsoft.Compute.MultiVm", + "handler": "Microsoft.Azure.CreateUIDef", "version": "0.1.2-preview", "parameters": { "basics": [ @@ -38,7 +38,7 @@ "osPlatform": "Linux", "constraints": { "required": true, - "customPasswordRegex": "^(?=.*[A-Z])(?=.*[a-z])(?=.*\\d)[A-Za-z\\d]{12,}$", + "customPasswordRegex": "^(?=.*[A-Za-z])(?=.*\\d)(?=.*[@$!%*#?&])[A-Za-z\\d@$!%*#?&]{12,}$", "customValidationMessage": "The password must contain at least 12 characters, with at least 1 uppercase letter, 1 lowercase letter and 1 number." }, "options": { @@ -48,30 +48,6 @@ "password": "Provide admin password for the virtual machine" }, "visible": true - }, - { - "name": "privateRepoUsername", - "type": "Microsoft.Compute.UserNameTextBox", - "label": "Private Repo username", - "osPlatform": "Linux", - "constraints": { - "required": false, - "regex": "^[a-z0-9A-Z]{1,30}$", - "validationMessage": "Only alphanumeric characters are allowed, and the value must be 1-30 characters long." - }, - "toolTip": "If you were provided a repo username and apikey by JFrog, enter it here" - }, - { - "name": "privateRepoApiKey", - "type": "Microsoft.Compute.UserNameTextBox", - "label": "Private Repo api key", - "osPlatform": "Linux", - "constraints": { - "required": false, - "regex": "^[a-z0-9A-Z]{1,100}$", - "validationMessage": "Only alphanumeric characters are allowed, and the value must be 1-100 characters long." - }, - "toolTip": "If you were provided a repo username and apikey by JFrog, enter it here" } ] }, @@ -102,15 +78,17 @@ "label": "Virtual machine size", "toolTip": "The size of the virtual machine for Artifactory", "recommendedSizes": [ - "Standard_A2_v2" + "Standard_D4s_v3" ], "constraints": { "allowedSizes": [ - "Standard_A2_v2", "Standard_A4_v2", + "Standard_A4", "Standard_D2s_v3", "Standard_D4s_v3", - "Standard_DS2_v2", + "Standard_D8s_v3", + "Standard_D16s_v3", + "Standard_D32s_v3", "Standard_DS3_v2", "Standard_D2_v2", "Standard_D3_v2", @@ -121,18 +99,70 @@ "osPlatform": "Linux", "count": 1 }, - + { + "name": "nodeCount", + "type": "Microsoft.Common.DropDown", + "label": "Number of additional VM instances for member Artifactory nodes. Minimum 1 node.(+1 primary = 2 node cluster)", + "defaultValue": "2", + "toolTip": "Number of Artifactory member nodes in cluster", + "constraints": { + "allowedValues": [ + { + "label": "1", + "value": 1 + }, + { + "label": "2", + "value": 2 + }, + { + "label": "3", + "value": 3 + }, + { + "label": "4", + "value": 4 + } + ], + "required": true + }, + "visible": "true" + }, { "name": "artifactoryVersion", "type": "Microsoft.Common.DropDown", "label": "Artifactory-vm image version to deploy.", - "defaultValue": "6.15.0", - "toolTip": "", + "defaultValue": "7.4.3", + "toolTip": "Version of Artifactory to deploy", "constraints": { "allowedValues": [ { - "label": "6.15.0", - "value": "6.15.0" + "label": "6.8.0", + "value": "6.8.0" + }, + { + "label": "6.16.0", + "value": "0.16.0" + }, + { + "label": "6.17.0", + "value": "0.17.0" + }, + { + "label": "6.18.0", + "value": "6.18.0" + }, + { + "label": "7.2.1", + "value": "7.2.1" + }, + { + "label": "7.3.2", + "value": "0.3.2" + }, + { + "label": "7.4.3", + "value": "7.4.3" } ], "required": true @@ -141,38 +171,108 @@ }, { "name": "masterKey", - "type": "Microsoft.Common.TextBox", - "label": "Artifactory master Key", - "defaultValue": "1ce2be4490ca2c662cb79636cf9b7b8e", + "type": "Microsoft.Common.PasswordBox", + "label": { + "password": "Artifactory master Key", + "confirmPassword": "Confirm master Key" + }, "toolTip": "Master key for Artifactory cluster. Generate master.key using command '$openssl rand -hex 16'", "constraints": { "required": true, "regex": "^[a-z0-9A-Z]{1,32}$", "validationMessage": "Only alphanumeric characters are allowed, and the value must be 1-32 characters long." + }, + "options": { + "hideConfirmation": true + } + }, + { + "name": "artifactoryLicense1", + "type": "Microsoft.Common.TextBox", + "label": "Artifactory Enterprise License.", + "toolTip": "Artifactory Enterprise License. Providing one license is mandatory", + "constraints": { + "required": true, + "regex": "^.{1,10000}", + "validationMessage": "Only Enterprise licenses are allowed." + } + }, + { + "name": "artifactoryLicense2", + "type": "Microsoft.Common.TextBox", + "label": "Artifactory Enterprise License.", + "toolTip": "Artifactory Enterprise License. Providing one license is mandatory", + "constraints": { + "required": true, + "regex": "^.{1,10000}", + "validationMessage": "Only Enterprise licenses are allowed." + } + }, + { + "name": "artifactoryLicense3", + "type": "Microsoft.Common.TextBox", + "label": "Artifactory Enterprise License.", + "toolTip": "Artifactory Enterprise License. Providing one license is mandatory", + "constraints": { + "required": false, + "regex": "^.{1,10000}", + "validationMessage": "Only Enterprise licenses are allowed." + } + }, + { + "name": "artifactoryLicense4", + "type": "Microsoft.Common.TextBox", + "label": "Artifactory Enterprise License.", + "toolTip": "Artifactory Enterprise License. Providing one license is mandatory", + "constraints": { + "required": false, + "regex": "^.{1,10000}", + "validationMessage": "Only Enterprise licenses are allowed." + } + }, + { + "name": "artifactoryLicense5", + "type": "Microsoft.Common.TextBox", + "label": "Artifactory Enterprise License.", + "toolTip": "Artifactory Enterprise License. Providing one license is mandatory", + "constraints": { + "required": false, + "regex": "^.{1,10000}", + "validationMessage": "Only Enterprise licenses are allowed." } }, { "name": "certificate", - "type": "Microsoft.Common.TextBox", - "label": "Provide your SSL Certificate.", - "defaultValue": "-----BEGIN CERTIFICATE----- MIIFhzCCA2+gAwIBAgIJALC4r5BQWZE4MA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRMwEQYDVQQHDApTYW50YUNsYXJh MQswCQYDVQQKDAJJVDEUMBIGA1UEAwwLKi5sb2NhbGhvc3QwHhcNMTgwMTE3MTk0 NjI4WhcNMTkwMTA4MTk0NjI4WjBaMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2Fs aWZvcm5pYTETMBEGA1UEBwwKU2FudGFDbGFyYTELMAkGA1UECgwCSVQxFDASBgNV BAMMCyoubG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA 7KfOWDQlov8cMa8r/lcJqiWZaH9myQC74Vbe0HXsntQbcvljkjG2P7ebm5dd9Bzc sauNOJpbKf5AhFK1iwJUAkciGc1LR4k8wfWmQM3NPS8hrqrtH20zqNpdFRpNYjja JofwccPNm030GhhZkZ95TpruvmswMDwspl3jfqdcc/eiQsHcKyGnV2a+UAeoqe7J mHhmhRy1MLqAjF5U1GrUYUONA+22iRDJb4c9B91QoWvsnXpdA9NKV/mmA3/rIdx6 Ld2IPRdrIw2K5sAnXsh3bx2oCSvSfussf0x+4XDrnsaHVfjwvfNL8ECOuac2Oi/E WOp9528gOohpFAuwEt63Vl5p8/CC9m0HJDTZBKm2l5eD1kdPIj4PvP9Sn9CxGXKQ E1bxWoFxGX8EyRW0b0NK31N7b8JPZ1SoFNiB5amOMNLvR26a7cQrKumTuJeYK9Ja JaxhMXM7R0DA0Ev8ZG2xmyCygox+1KPSmJOIEpT70BFbj3rKLNqP22ET+zvPuh+2 DdgyrpHFeYkGWjMbWPjK7wJsD2zM8ccoJQfepPz8I4rT0JfrKAQgCGuGOggneaNJ KTVGNOFbj5AXdZ/Q+GvNommyRdq4J7EnqY6L+P25fo5qZ6UZ/iS0tPcvxgn0Fdhs pUPbQyQIDZyxZd3Q1lUIE38ol8P66mS2zbzf8EeOCoUCAwEAAaNQME4wHQYDVR0O BBYEFETAQM/5P7XJ8kevHFj6BPndQOFaMB8GA1UdIwQYMBaAFETAQM/5P7XJ8kev HFj6BPndQOFaMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAJ1TepKv LWYhFmVQcgZwZf/qt1a1cohzJSm6da9RCnnAWC7WC/U117bgSomtrH1v0OysHFhB zBBUeBqI7+OmzAX8dhj+roKkcnFUM/IwlK1eueIIA//CWvEf/o0XExilVS2yCc9d PTpOQBXwk9QinxK36kHdBiGxa7dW0JPnOEEmuMgGORKeLy4J6Ik8iSeFY1SZVcOI +6WWvoKciPlmIeccC+6YVmkeBwhP2o5r5w/UAaO2hSnGvmm4UIj/VJv4VQu7xTUp cIfFz5NtIr80DbqcyPiEMS2ETJ4L/kO4MS5FfeEXyQuXCzmiIDVY6tE3C7+kZmK4 JzPLuWm9ndQoyQySOGfQqvlUR1+YxUdvmu3LrOS5dOA354Q36wHa4wEGUoHU/7GV fYQmmmDSDaNSpXW5PFey6scFyDBS/yYJ0H9EjYb/11HeWYj8Yv5xTWj8nhzJONC8 D6Y5ydlU4PifM2pOf88pTYpmogNwLJWXbql5I9cvMa8APo4yLVqcISU5ynsvFke+ Non+T0mHpJai/hrA9NK+s6EGC1dAX58jy61h6FhOPI1d4s/mov/KMa2t3SfZp5SF 81aR6dHvO56teiK5M1xMkrqG75zh3TMFJJLRFe9XxeB4JeN76URB3mgADOUqkBxd ibSgVqfKwOw4IujEcqMUc5mqSnbLY1Dv+oby -----END CERTIFICATE-----", + "type": "Microsoft.Common.PasswordBox", + "label": { + "password": "Provide your SSL Certificate.", + "confirmPassword": "Confirm SSL Certificate." + }, "toolTip": "To use Artifactory as docker registry you need to provide wild card valid Certificate. Provide your SSL Certificate.", "constraints": { "required": true, "regex": "^(-----BEGIN CERTIFICATE-----)(.+)(-----END CERTIFICATE-----)$", "validationMessage": "Provide SSL Certificate." + }, + "options": { + "hideConfirmation": true } }, { "name": "certificateKey", - "type": "Microsoft.Common.TextBox", - "label": "Provide your SSL Certificate key.", - "defaultValue": "-----BEGIN PRIVATE KEY----- MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDsp85YNCWi/xwx ryv+VwmqJZlof2bJALvhVt7Qdeye1Bty+WOSMbY/t5ubl130HNyxq404mlsp/kCE UrWLAlQCRyIZzUtHiTzB9aZAzc09LyGuqu0fbTOo2l0VGk1iONomh/Bxw82bTfQa GFmRn3lOmu6+azAwPCymXeN+p1xz96JCwdwrIadXZr5QB6ip7smYeGaFHLUwuoCM XlTUatRhQ40D7baJEMlvhz0H3VCha+ydel0D00pX+aYDf+sh3Hot3Yg9F2sjDYrm wCdeyHdvHagJK9J+6yx/TH7hcOuexodV+PC980vwQI65pzY6L8RY6n3nbyA6iGkU C7AS3rdWXmnz8IL2bQckNNkEqbaXl4PWR08iPg+8/1Kf0LEZcpATVvFagXEZfwTJ FbRvQ0rfU3tvwk9nVKgU2IHlqY4w0u9HbprtxCsq6ZO4l5gr0lolrGExcztHQMDQ S/xkbbGbILKCjH7Uo9KYk4gSlPvQEVuPesos2o/bYRP7O8+6H7YN2DKukcV5iQZa MxtY+MrvAmwPbMzxxyglB96k/PwjitPQl+soBCAIa4Y6CCd5o0kpNUY04VuPkBd1 n9D4a82iabJF2rgnsSepjov4/bl+jmpnpRn+JLS09y/GCfQV2GylQ9tDJAgNnLFl 3dDWVQgTfyiXw/rqZLbNvN/wR44KhQIDAQABAoICAQDm1pAp7UPBCELCG/I3t0KQ GvjWu17RNcwN86SHhl92VcMolSaQ1bjF0h0Q2ccldHm5PHMWAUpnXcAk0mCO5Yh4 aFZVALEraCxBrZGrqJNH2Q9rxwJhIy2+yLD/Apb09iukZfkdnzaRBKrUQWgs6Xd0 OyAh0YBBrJCI/xAG3M0LuUMnBt3xnHQUhv2gJrhYeble5iJqOSRsEZ+OS/1G7aWX 8kI80MS6UguKpEndv/0EV7eHrHHKZ3Ee+z76Lu52Kw9qaaqYnJ0+pdkVV92PUM9f LXhY6cv7TP4sdbtVv8W1LEWakKaTQhySjwYpBXeZrjpB2QlSlEzFi4WjrfrjjSca UZazm/jY5uDI2cXf35NyZUkbYxIKlGtURtDpoPp5R7XguHSoqLrh2Zsc79mZfNST zFwbhNBVB2nAl6ZyIRNFLjVhQScvlImpIVSVZm5/NiiABIEaxRh8w8C5qRMctSTy KF6rS6as2KsPQHpiu/6nDMqqTZ8UMQ3yXEpai5VwAzKFP67usHheKf4RIXNUn7Xc JxWiI8KfOV5n4cSJK1/R+i+ZpWyQiloao4v7GS/fwZTsILeBLBa0utDmNs5aJgVK cEagRjVGAeAEc2W+jXmSqtZRHQowJmEKOARMn4lI+duziSCjIfPH6xIDAUhVlc/K u03432NupfPepW6BYVBgQQKCAQEA/+CD2uiRZgmzuEn/vn/u7jGFjETdUQmfl5kX pMTtueXyQxHBRwBCZqq885doozeQd7mLRcW+klngq1NmnEnjx+NfUzFJLpEmQO1/ AMHUpYpZY4jOyntx9cBy+M+DUfNtdsJUz+VOe3HO5/lJJf+gSgpVp2ku1oOrgEeH a71aGIXOsiOQ/fHL4Q0CuylersD5Dq4Tdf/u6rr4NbwOZQCQ9WH0uTckA9SkjJFu iHXblg8j9RUNbj89WPrEulKA98duFuLvGTeohcAPQ8f60Z7sxDLGLRyRvhUO4EBr hTTmcfI2LsPWSo+X+n6eBqfUfGZub2qN+d2B08qKgnGdgFEf6QKCAQEA7MTtAphl lswq4kPvDkPHMqJhmPBgb5NAUzE2Z8yjJY3IX6zxinSDnuMwEzCinKe7rzv6aYIh klviND/oyLOxVlLESZu62epokgIey05sv9a/030z7q5hradNzcMP1VfGVs6IeOvr 3Kit4T7LI1L2eXwD1Yks6uHHw8lHAlyrrlbwCEmzqElKs0YtkvNa4HFgesFNnObe f8C29LOPZMqje7iAT91823MGI9NML9qGYON/ZLc4uCB9no+o6ZOTQHqX1xxSWv5D 66KGiRnUC/RAq6RbTVn3NxFgvb3k0rejbQbxW5KCri1E4sTw+pZ5bIRUJcXi+J+Z Tg88lVbmqXfwPQKCAQEA94yShDr0UC+au/R7hCXpVnB6r5YAN+KDj/sAsNwE0hDx LIoE31gU5ZbRbylQhne/QNU1NK93C8gAYEAzyYiC4mPLWYUZNAAhbjdW47iirfUH PhChX6vGOOeTU7wPZD2J7ZdczjUelLcqYar/Zc/Fl1wgOfK86bRBO733+fgbLhZm PlnCcKx5fqVDuybu/0qaqeUn1sVgs59nezURCA5gL8YxKO973GjhOU2KDmNXqfnD 49wWPk7YXzldEpW3SACdNW8futnqJFwHaKAUvLBwh/BHYmV9atScq8AnRZxERoD6 govcyg3aDvJomC/OlvvSY+BGszHl5KzTDBg3NGlH4QKCAQA/71lU5xQfqVg3K0MF ZhYHPUP/iYFw/6FSFarsUp0Higa+lzPOQHI+WHjl5a8zgDO1OQwAq6wnGnq1w0A3 2hYcClOI0O2e5KaCLuJj4fSJxRKdqGR6okosG05uLqs63+3mCPVfOc3CEyaI+Wzf SArYeT2LzvP7JSbNXq+3GpEdjcpZYpWJ7uimCmBKGz7B9runykUMBme0tbRx1X72 J6YHxaWYa2XI2IGi8O7UyTyaMzR2XOeLCPMC+yYQlNIhijkwVCyE974dhhCwOvJA nB9Oeh5Rf+a6zw2BjyKYKBCQY1yPbrutDvpYBfhQoot9Wyph3NLScj5yjri8VvAI eSO9AoIBAQDyUx5YUgHgpoJtRZ+8PGQBZHm5L5HJhvfUs96I9Z4lZSXnCmEJyOWn LIob8c0n4hU1EXdbbl+7eRQgG3oGKyF0XXhuaP3vHprIBW6tm9kCGORTliZOaZdW 0Mj9GUv2de1r8anwJMFvIMXsuO08rsGzsIt7DrNYa0YSMkeDwPenRfDHXOYH2fjf RKjlP3fQr/iLL/YuMGaNxzIeyWPZ2WTUUC0bllNxMTZmztuMkPNb7fhhs0hLecXM fE2nbwUaGwMZaails1+5G3HvEAlChJ1GN9XnYxrtfqq93tYELWBiNcv1LaMAFvj8 S+j1+iUKGGhwVmhqh75q5do3+VF3XlAh -----END PRIVATE KEY-----", + "type": "Microsoft.Common.PasswordBox", + "label": { + "password": "Provide your SSL Certificate key.", + "confirmPassword": "Confirm SSL Certificate key." + }, "toolTip": "Provide your SSL Certificate key", "constraints": { "required": true, - "regex": "^(-----BEGIN PRIVATE KEY-----)(.+)(-----END PRIVATE KEY-----)$", + "regex": "^(-----BEGIN)(.+)(PRIVATE KEY-----)(.+)(-----END)(.+)(PRIVATE KEY-----)$", "validationMessage": "Provide SSL Certificate Key." + }, + "options": { + "hideConfirmation": true } }, { @@ -203,12 +303,12 @@ "name": "extraJavaOptions", "type": "Microsoft.Common.TextBox", "label": "Setting Java Memory Parameters for Artifactory", - "defaultValue": "-server -Xms512m -Xmx2g -Xss256k -XX:+UseG1GC -XX:OnOutOfMemoryError=\\\"kill -9 %p\\\"", + "defaultValue": "-server -Xms2g -Xmx8g -Xss256k -XX:+UseG1GC -XX:OnOutOfMemoryError=\\\"kill -9 %p\\\"", "toolTip": "Setting Java Memory Parameters for Artifactory. Learn about system requirements for Artifactory https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware.", "constraints": { - "required": true, - "regex": "^.{1,10000}", - "validationMessage": "Provide SSL Certificate Key." + "required": false, + "regex": "[^a-zA-Z0-9]+\\S+\\D", + "validationMessage": "Example: -server -Xms2g -Xmx12g -Xss256k -XX:+UseG1GC -XX:OnOutOfMemoryError=\\\"kill -9 %p\\\"" } } ] @@ -244,7 +344,7 @@ "toolTip": "Admin password for the database", "constraints": { "required": true, - "regex": "^(?=.*[A-Z])(?=.*[a-z])(?=.*\\d)[A-Za-z\\d]{12,}$", + "regex": "^(?=.*[A-Za-z])(?=.*\\d)(?=.*[@$!%*#?&])[A-Za-z\\d@$!%*#?&]{12,}$", "validationMessage": "The password must contain at least 12 characters, with at least 1 uppercase letter, 1 lowercase letter and 1 number." }, "options": { @@ -268,7 +368,7 @@ "type": "Microsoft.Common.DropDown", "label": "Database Edition", "defaultValue": "Basic", - "toolTip": "", + "toolTip": "Edition of Database to use", "constraints": { "allowedValues": [ { @@ -307,17 +407,9 @@ "toolTip": "Storage account type", "constraints": { "allowedValues": [ - { - "label": "Premium_LRS", - "value": "Premium_LRS" - }, { "label": "Standard_LRS", "value": "Standard_LRS" - }, - { - "label": "Standard_GRS", - "value": "Standard_GRS" } ], "required": true @@ -331,8 +423,14 @@ "clusterName": "[steps('clusterConfig').clusterName]", "vmSku": "[steps('clusterConfig').vmSku]", "location": "[location()]", + "nodeCount": "[steps('clusterConfig').nodeCount]", "artifactoryVersion": "[steps('clusterConfig').artifactoryVersion]", "masterKey": "[steps('clusterConfig').masterKey]", + "artifactoryLicense1": "[steps('clusterConfig').artifactoryLicense1]", + "artifactoryLicense2": "[steps('clusterConfig').artifactoryLicense2]", + "artifactoryLicense3": "[steps('clusterConfig').artifactoryLicense3]", + "artifactoryLicense4": "[steps('clusterConfig').artifactoryLicense4]", + "artifactoryLicense5": "[steps('clusterConfig').artifactoryLicense5]", "certificate": "[steps('clusterConfig').certificate]", "certificateKey": "[steps('clusterConfig').certificateKey]", "certificateDomain": "[steps('clusterConfig').certificateDomain]", @@ -340,8 +438,6 @@ "extraJavaOptions": "[steps('clusterConfig').extraJavaOptions]", "adminUsername": "[steps('vmCredentials').adminUsername]", "adminPassword": "[steps('vmCredentials').adminPassword.password]", - "privateRepoUsername": "[steps('vmCredentials').privateRepoUsername]", - "privateRepoApiKey": "[steps('vmCredentials').privateRepoApiKey]", "DB_Admin_User": "[steps('databaseConfig').dbAdminUsername]", "DB_Admin_Password": "[steps('databaseConfig').dbAdminPassword]", "DB_Name": "[steps('databaseConfig').dbName]", diff --git a/AzureResourceManager/MP_submission_7/mainTemplate.json b/AzureResourceManager/MP_submission_7/mainTemplate.json new file mode 100644 index 0000000..0aaab5d --- /dev/null +++ b/AzureResourceManager/MP_submission_7/mainTemplate.json @@ -0,0 +1,924 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "vmSku": { + "type": "string", + "defaultValue": "Standard_D4s_v3", + "metadata": { + "description": "Size of VMs in the VM Scale Set." + } + }, + "clusterName": { + "type": "string", + "maxLength": 61, + "metadata": { + "description": "String used as a base for naming resources. Must be 3-61 characters in length and globally unique across Azure. A hash is prepended to this string for some resources, and resource-specific information is appended." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Location for the resources." + } + }, + "nodeCount": { + "type": "int", + "defaultValue": 2, + "minValue": 1, + "maxValue": 100, + "metadata": { + "description": "Number of VM instances (100 or less) for member artifactory nodes. Minimum 1 node." + } + }, + "artifactoryVersion": { + "type": "string", + "defaultValue": "7.4.3", + "allowedValues": [ + "6.6.0", + "6.6.1", + "6.7.0", + "6.8.0", + "6.11.3", + "6.15.0", + "0.16.0", + "0.17.0", + "6.18.0", + "7.2.1", + "0.3.2", + "7.4.3" + ], + "metadata": { + "description": "Artifactory-vm image version to deploy." + } + }, + "masterKey": { + "type": "securestring", + "maxLength": 64, + "metadata": { + "description": "Master key for Artifactory cluster. Generate master.key using command '$openssl rand -hex 16'" + } + }, + "adminUsername": { + "type": "string", + "metadata": { + "description": "Admin username on all VMs. Follow conventions for azure VM admin user name." + } + }, + "adminPassword": { + "type": "securestring", + "metadata": { + "description": "Admin password on all VMs. Follow conventions for azure VM admin password rules." + } + }, + "artifactoryLicense1": { + "type": "string", + "metadata": { + "description": "Artifactory Enterprise License. Providing one license is mandatory" + } + }, + "artifactoryLicense2": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Artifactory Enterprise License" + } + }, + "artifactoryLicense3": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Artifactory Enterprise License" + } + }, + "artifactoryLicense4": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Artifactory Enterprise License" + } + }, + "artifactoryLicense5": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Artifactory Enterprise License" + } + }, + "certificate": { + "type": "securestring", + "metadata": { + "description": "To use Artifactory as docker registry you need to provide wild card valid Certificate. Provide your SSL Certificate." + } + }, + "certificateKey": { + "type": "securestring", + "metadata": { + "description": "Provide your SSL Certificate key" + } + }, + "certificateDomain": { + "type": "string", + "minLength": 1, + "defaultValue": "artifactory", + "metadata": { + "description": "Provide your Certificate Domain Name. For e.g jfrog.team for certificate with *.jfrog.team" + } + }, + "artifactoryServerName": { + "type": "string", + "minLength": 1, + "defaultValue": "artifactory", + "metadata": { + "description": "Provide artifactory server name to be used in Nginx. e.g artifactory for artifactory.jfrog.team" + } + }, + "extraJavaOptions": { + "type": "string", + "minLength": 1, + "defaultValue": "-server -Xms2g -Xmx8g -Xss256k -XX:+UseG1GC -XX:OnOutOfMemoryError=\\\"kill -9 %p\\\"", + "metadata": { + "description": "Setting Java Memory Parameters for Artifactory. Learn about system requirements for Artifactory https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware." + } + }, + "DB_Admin_User": { + "type": "string", + "minLength": 1, + "metadata": { + "description": "Database Admin user name" + } + }, + "DB_Admin_Password": { + "type": "securestring", + "minLength": 1, + "metadata": { + "description": "Database Admin password" + } + }, + "DB_Name": { + "type": "string", + "minLength": 1, + "metadata": { + "description": "Database name" + } + }, + "DB_Edition": { + "type": "string", + "minLength": 1, + "defaultValue": "Basic", + "allowedValues": [ + "Basic", + "Standard", + "Premium" + ], + "metadata": { + "description": "Database Edition" + } + }, + "storageAccountType": { + "type": "string", + "defaultValue": "Standard_LRS", + "allowedValues": [ + "Standard_LRS", + "Standard_GRS", + "Standard_ZRS" + ], + "metadata": { + "description": "Storage Account type" + } + }, + "_artifactsLocation": { + "type": "string", + "metadata": { + "description": "The base URI where artifacts required by this template are located. When the template is deployed using the accompanying scripts, a private location in the subscription will be used and this value will be automatically generated." + }, + "defaultValue": "[deployment().properties.templateLink.uri]" + }, + "_artifactsLocationSasToken": { + "type": "securestring", + "metadata": { + "description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated." + }, + "defaultValue": "" + } + }, + "variables": { + "namingInfix": "[toLower(substring(concat(parameters('clusterName'), uniqueString(resourceGroup().id)), 0, 9))]", + "addressPrefix": "10.0.0.0/16", + "subnetPrimaryPrefix": "10.0.1.0/24", + "subnetMemberPrefix": "10.0.2.0/24", + "virtualNetworkName": "[concat(variables('namingInfix'), 'vnet')]", + "subnetPrimaryName": "[concat(variables('namingInfix'), 'primarySubnet')]", + "subnetMemberName": "[concat(variables('namingInfix'), 'memberSubnet')]", + "scaleSetPrimaryName": "[concat(variables('namingInfix'), 'primaryScaleset')]", + "scaleSetMemberName": "[concat(variables('namingInfix'), 'memberScaleset')]", + "lbName": "[concat(variables('namingInfix'), 'lb')]", + "bepoolPrimaryName": "[concat(variables('lbName'), 'primaryBepool')]", + "bepoolMemberName": "[concat(variables('lbName'), 'memberBepool')]", + "fepoolPrimaryName": "[concat(variables('lbName'), 'primaryFepool')]", + "fepoolMemberName": "[concat(variables('lbName'), 'memberFepool')]", + "bepoolPrimaryID": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', variables('lbName'), variables('bepoolPrimaryName'))]", + "bepoolMemberID": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', variables('lbName'), variables('bepoolMemberName'))]", + "feIpConfigPrimaryName": "[concat(variables('fepoolPrimaryName'), 'primaryIpConfig')]", + "feIpConfigMemberName": "[concat(variables('fepoolMemberName'), 'memberIpConfig')]", + "feIpConfigPrimaryId": "[resourceId('Microsoft.Network/loadBalancers/frontendIpConfigurations', variables('lbName'), variables('feIpConfigPrimaryName'))]", + "feIpConfigMemberId": "[resourceId('Microsoft.Network/loadBalancers/frontendIpConfigurations', variables('lbName'), variables('feIpConfigMemberName'))]", + "pipPrimaryName": "[concat(variables('namingInfix'), 'primaryPip')]", + "pipMemberName": "[concat(variables('namingInfix'), 'memberPip')]", + "nicPrimaryName": "[concat(variables('namingInfix'), 'primaryNic')]", + "nicMemberName": "[concat(variables('namingInfix'), 'memberNic')]", + "natPoolPrimaryName": "[concat(variables('lbName'), 'primaryNatpool')]", + "natPoolMemberName": "[concat(variables('lbName'), 'memberNatpool')]", + "ipConfigName": "[concat(variables('namingInfix'), 'ipconfig')]", + "httpProbePrimaryName": "primaryHttpProbe", + "httpsProbePrimaryName": "primaryHttpsProbe", + "httpProbeMemberName": "memberHttpProbe", + "httpsProbeMemberName": "memberHttpsProbe", + "storageAccountName": "[concat(variables('namingInfix'), 'storage')]", + "vmStorageAccountContainerName": "filestore", + "azureSqlServerName": "[concat(variables('namingInfix'), 'sqlsrv')]", + "DB_Name": "[parameters('DB_Name')]", + "DB_Admin_User": "[parameters('DB_Admin_User')]", + "DB_Admin_Password": "[parameters('DB_Admin_Password')]", + "DB_Edition": "[parameters('DB_Edition')]", + "DB_Location": "[parameters('location')]", + "masterKey": "[parameters('masterKey')]", + "certificate": "[parameters('certificate')]", + "certificateKey": "[parameters('certificateKey')]", + "certificateDomain": "[parameters('certificateDomain')]", + "artifactoryServerName": "[parameters('artifactoryServerName')]", + "extraJavaOptions": "[parameters('extraJavaOptions')]", + "artifactoryLicense1": "[parameters('artifactoryLicense1')]", + "artifactoryLicense2": "[parameters('artifactoryLicense2')]", + "artifactoryLicense3": "[parameters('artifactoryLicense3')]", + "artifactoryLicense4": "[parameters('artifactoryLicense4')]", + "artifactoryLicense5": "[parameters('artifactoryLicense5')]", + "osType": { + "publisher": "jfrog", + "offer": "artifactory-vm", + "sku": "artifactory-vm", + "version": "[parameters('artifactoryVersion')]" + }, + "imageReference": "[variables('osType')]", + "dbTemplate": "azureDBDeploy.json", + "dbTemplateLocation": "[uri(parameters('_artifactsLocation'), concat('nested/', variables('dbTemplate'), parameters('_artifactsLocationSasToken')))]", + "nsgName": "[concat(variables('namingInfix'), 'nsg')]" + }, + "resources": [ + { + "apiVersion": "2019-05-01", + "name": "pid-04c1c376-5d4b-4771-9a7f-054f5910dcef", + "type": "Microsoft.Resources/deployments", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/networkSecurityGroups", + "location": "[parameters('location')]", + "name": "[variables('nsgName')]", + "apiVersion": "2018-07-01", + "properties": { + "securityRules": [ + { + "name": "ssh-rule", + "properties": { + "description": "Allow SSH", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRange": "22", + "sourceAddressPrefix": "Internet", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 100, + "direction": "Inbound" + } + }, + { + "name": "http-artifactory-rule", + "properties": { + "description": "Allow HTTP", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRange": "8081", + "sourceAddressPrefix": "Internet", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 101, + "direction": "Inbound" + } + }, + { + "name": "http-nginx-rule", + "properties": { + "description": "Allow HTTP", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRange": "80", + "sourceAddressPrefix": "Internet", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 102, + "direction": "Inbound" + } + }, + { + "name": "https-nginx-rule", + "properties": { + "description": "Allow HTTP", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRange": "443", + "sourceAddressPrefix": "Internet", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 103, + "direction": "Inbound" + } + }, + { + "name": "membership-rule", + "properties": { + "description": "Allow HTTP", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRange": "10001", + "sourceAddressPrefix": "Internet", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 105, + "direction": "Inbound" + } + } + ] + } + }, + { + "type": "Microsoft.Network/virtualNetworks", + "name": "[variables('virtualNetworkName')]", + "location": "[parameters('location')]", + "apiVersion": "2018-07-01", + "dependsOn": [ + "[concat('Microsoft.Network/networkSecurityGroups/', variables('nsgName'))]" + ], + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[variables('addressPrefix')]" + ] + }, + "subnets": [ + { + "name": "[variables('subnetPrimaryName')]", + "properties": { + "addressPrefix": "[variables('subnetPrimaryPrefix')]", + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]" + } + } + }, + { + "name": "[variables('subnetMemberName')]", + "properties": { + "addressPrefix": "[variables('subnetMemberPrefix')]", + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]" + } + } + } + ] + } + }, + { + "apiVersion": "2018-07-01", + "type": "Microsoft.Network/networkInterfaces", + "name": "[variables('nicPrimaryName')]", + "location": "[parameters('location')]", + "dependsOn": [ + "[concat('Microsoft.Network/publicIPAddresses/', variables('pipPrimaryName'))]", + "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]", + "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]" + ], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "privateIPAllocationMethod": "Dynamic", + "subnet": { + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetPrimaryName'))]" + } + } + } + ], + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]" + } + } + }, + { + "apiVersion": "2018-07-01", + "type": "Microsoft.Network/networkInterfaces", + "name": "[variables('nicMemberName')]", + "location": "[parameters('location')]", + "dependsOn": [ + "[concat('Microsoft.Network/publicIPAddresses/', variables('pipMemberName'))]", + "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]", + "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]" + ], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "privateIPAllocationMethod": "Dynamic", + "subnet": { + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetMemberName'))]" + } + } + } + ], + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]" + } + } + }, + { + "type": "Microsoft.Network/publicIPAddresses", + "name": "[variables('pipPrimaryName')]", + "location": "[parameters('location')]", + "sku": { + "name": "Standard" + }, + "apiVersion": "2018-07-01", + "properties": { + "publicIPAllocationMethod": "Static", + "dnsSettings": { + "domainNameLabel": "[variables('namingInfix')]" + } + } + }, + { + "type": "Microsoft.Network/publicIPAddresses", + "name": "[variables('pipMemberName')]", + "location": "[parameters('location')]", + "sku": { + "name": "Standard" + }, + "apiVersion": "2018-07-01", + "properties": { + "publicIPAllocationMethod": "Static", + "dnsSettings": { + "domainNameLabel": "[concat(variables('namingInfix'),'2')]" + } + } + }, + { + "type": "Microsoft.Network/loadBalancers", + "name": "[variables('lbName')]", + "location": "[parameters('location')]", + "apiVersion": "2018-07-01", + "sku": { + "name": "Standard" + }, + "dependsOn": [ + "[concat('Microsoft.Network/publicIPAddresses/', variables('pipPrimaryName'))]", + "[concat('Microsoft.Network/publicIPAddresses/', variables('pipMemberName'))]" + ], + "tags":{ + "displayName": "Load Balancer" + }, + "properties": { + "frontendIPConfigurations": [ + { + "name": "[variables('feIpConfigPrimaryName')]", + "properties": { + "publicIPAddress": { + "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('pipPrimaryName'))]" + } + } + }, + { + "name": "[variables('feIpConfigMemberName')]", + "properties": { + "publicIPAddress": { + "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('pipMemberName'))]" + } + } + } + ], + "backendAddressPools": [ + { + "name": "[variables('bepoolPrimaryName')]" + }, + { + "name": "[variables('bepoolMemberName')]" + } + ], + "inboundNatPools": [ + { + "name": "[variables('natPoolPrimaryName')]", + "properties": { + "frontendIPConfiguration": { + "id": "[variables('feIpConfigPrimaryId')]" + }, + "protocol": "tcp", + "frontendPortRangeStart": 10022, + "frontendPortRangeEnd": 11022, + "backendPort": 22 + } + }, + { + "name": "[variables('natPoolMemberName')]", + "properties": { + "frontendIPConfiguration": { + "id": "[variables('feIpConfigMemberId')]" + }, + "protocol": "tcp", + "frontendPortRangeStart": 20022, + "frontendPortRangeEnd": 21022, + "backendPort": 22 + } + } + ], + "loadBalancingRules": [ + { + "name": "HTTPRulePrimary", + "properties": { + "loadDistribution": "Default", + "frontendIPConfiguration": { + "id": "[variables('feIpConfigPrimaryId')]" + }, + "backendAddressPool": { + "id": "[variables('bepoolPrimaryID')]" + }, + "protocol": "Tcp", + "frontendPort": 80, + "backendPort": 80, + "enableFloatingIP": false, + "idleTimeoutInMinutes": 5, + "probe": { + "id": "[resourceId('Microsoft.Network/loadBalancers/probes', variables('lbName'), variables('httpProbePrimaryName'))]" + } + } + }, + { + "name": "HTTPSRulePrimary", + "properties": { + "loadDistribution": "Default", + "frontendIPConfiguration": { + "id": "[variables('feIpConfigPrimaryId')]" + }, + "backendAddressPool": { + "id": "[variables('bepoolPrimaryID')]" + }, + "protocol": "Tcp", + "frontendPort": 443, + "backendPort": 443, + "enableFloatingIP": false, + "idleTimeoutInMinutes": 5, + "probe": { + "id": "[resourceId('Microsoft.Network/loadBalancers/probes', variables('lbName'), variables('httpsProbePrimaryName'))]" + } + } + }, + { + "name": "HTTPRuleMember", + "properties": { + "loadDistribution": "Default", + "frontendIPConfiguration": { + "id": "[variables('feIpConfigMemberId')]" + }, + "backendAddressPool": { + "id": "[variables('bepoolMemberID')]" + }, + "protocol": "Tcp", + "frontendPort": 80, + "backendPort": 80, + "enableFloatingIP": false, + "idleTimeoutInMinutes": 5, + "probe": { + "id": "[resourceId('Microsoft.Network/loadBalancers/probes', variables('lbName'), variables('httpProbeMemberName'))]" + } + } + }, + { + "name": "HTTPSRuleMember", + "properties": { + "loadDistribution": "Default", + "frontendIPConfiguration": { + "id": "[variables('feIpConfigMemberId')]" + }, + "backendAddressPool": { + "id": "[variables('bepoolMemberID')]" + }, + "protocol": "Tcp", + "frontendPort": 443, + "backendPort": 443, + "enableFloatingIP": false, + "idleTimeoutInMinutes": 5, + "probe": { + "id": "[resourceId('Microsoft.Network/loadBalancers/probes', variables('lbName'), variables('httpsProbeMemberName'))]" + } + } + } + ], + "probes": [ + { + "name": "[variables('httpProbePrimaryName')]", + "properties": { + "protocol": "Http", + "requestPath": "/artifactory/api/system/ping", + "port": 80, + "intervalInSeconds": 60, + "numberOfProbes": 5 + } + }, + { + "name": "[variables('httpsProbePrimaryName')]", + "properties": { + "protocol": "Tcp", + "port": 443, + "intervalInSeconds": 60, + "numberOfProbes": 5 + } + }, + { + "name": "[variables('httpProbeMemberName')]", + "properties": { + "protocol": "Http", + "requestPath": "/artifactory/api/system/ping", + "port": 80, + "intervalInSeconds": 60, + "numberOfProbes": 5 + } + }, + { + "name": "[variables('httpsProbeMemberName')]", + "properties": { + "protocol": "Tcp", + "port": 443, + "intervalInSeconds": 60, + "numberOfProbes": 5 + } + } + ] + } + }, + { + "apiVersion": "2018-07-01", + "type": "Microsoft.Storage/storageAccounts", + "name": "[variables('storageAccountName')]", + "location": "[parameters('location')]", + "sku": { + "name": "[parameters('storageAccountType')]" + }, + "tags":{ + "displayName": "Artifactory Storage Account" + }, + "kind": "Storage", + "properties": {} + }, + { + "type": "Microsoft.Resources/deployments", + "name": "deploySQLDB", + "apiVersion": "2018-07-01", + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('dbTemplateLocation')]", + "contentVersion": "1.0.0.0" + }, + "parameters": { + "db_user": { + "value": "[parameters('DB_Admin_User')]" + }, + "db_password": { + "value": "[parameters('DB_Admin_Password')]" + }, + "db_server": { + "value": "[variables('azureSqlServerName')]" + }, + "db_name": { + "value": "[parameters('DB_Name')]" + }, + "db_edition": { + "value": "[variables('DB_Edition')]" + }, + "db_location": { + "value": "[variables('DB_Location')]" + } + } + } + }, + { + "type": "Microsoft.Compute/virtualMachineScaleSets", + "name": "[variables('scaleSetPrimaryName')]", + "location": "[parameters('location')]", + "apiVersion": "2018-10-01", + "dependsOn": [ + "[concat('Microsoft.Network/loadBalancers/', variables('lbName'))]", + "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]", + "[concat('Microsoft.Resources/deployments/', 'deploySQLDB')]", + "[concat('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]" + ], + "plan": { + "name": "artifactory-vm", + "publisher": "jfrog", + "product": "artifactory-vm" + }, + "sku": { + "name": "[parameters('vmSku')]", + "tier": "Standard", + "capacity": "1" + }, + "properties": { + "singlePlacementGroup": true, + "overprovision": "false", + "upgradePolicy": { + "mode": "Manual" + }, + "virtualMachineProfile": { + "storageProfile": { + "osDisk": { + "caching": "ReadWrite", + "diskSizeGB": "250", + "createOption": "FromImage" + }, + "imageReference": "[variables('imageReference')]" + }, + "osProfile": { + "computerNamePrefix": "[variables('namingInfix')]", + "adminUsername": "[parameters('adminUsername')]", + "adminPassword": "[parameters('adminPassword')]", + "customData": "[base64(concat('#INSTALL SCRIPT INPUTS\nARTIFACTORY_VERSION=', parameters('artifactoryVersion'),'\nCERTIFICATE_KEY=',variables('certificateKey'),'\nCERTIFICATE=', variables('certificate'),'\nCERTIFICATE_DOMAIN=',variables('certificateDomain'),'\nARTIFACTORY_SERVER_NAME=',variables('artifactoryServerName'),'\nEXTRA_JAVA_OPTS=',variables('extraJavaOptions'),'\nJDBC_STR=',reference('Microsoft.Resources/deployments/deploySQLDB').outputs.jdbcConnString.value,'\nDB_NAME=',variables('DB_Name'),'\nDB_ADMIN_USER=',variables('DB_Admin_User'),'\nDB_ADMIN_PASSWD=',variables('DB_Admin_Password'),'\nSTO_ACT_NAME=',variables('storageAccountName'),'\nSTO_ACT_ENDPOINT=',reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))).primaryEndpoints.blob,'\nSTO_CTR_NAME=',variables('vmStorageAccountContainerName'),'\nSTO_ACT_KEY=',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2018-07-01').keys[0].value,'\nMASTER_KEY=',variables('masterKey'),'\nIS_PRIMARY=','true','\nLICENSE1=',variables('artifactoryLicense1'),'\nLICENSE2=',variables('artifactoryLicense2'),'\nLICENSE3=',variables('artifactoryLicense3'),'\nLICENSE4=',variables('artifactoryLicense4'),'\nLICENSE5=',variables('artifactoryLicense5'),'\n'))]" + }, + "networkProfile": { + "networkInterfaceConfigurations": [ + { + "name": "[variables('nicPrimaryName')]", + "properties": { + "primary": true, + "ipConfigurations": [ + { + "name": "[concat(variables('ipConfigName'),'1')]", + "properties": { + "subnet": { + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetPrimaryName'))]" + }, + "loadBalancerBackendAddressPools": [ + { + "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', variables('lbName'), variables('bePoolPrimaryName'))]" + } + ], + "loadBalancerInboundNatPools": [ + { + "id": "[resourceId('Microsoft.Network/loadBalancers/inboundNatPools', variables('lbName'), variables('natPoolPrimaryName'))]" + } + ] + } + } + ] + } + } + ] + }, + "extensionProfile": { + "extensions": [ + { + "name": "extension1", + "properties": { + "publisher": "Microsoft.Azure.Extensions", + "type": "CustomScript", + "typeHandlerVersion": "2.0", + "autoUpgradeMinorVersion": false, + "settings": { + "fileUris": [ + "[uri(parameters('_artifactsLocation'), concat('scripts/install_artifactory.sh', parameters('_artifactsLocationSasToken')))]", + "[uri(parameters('_artifactsLocation'), concat('scripts/install_artifactory7.sh', parameters('_artifactsLocationSasToken')))]", + "[uri(parameters('_artifactsLocation'), concat('scripts/version_selector.sh', parameters('_artifactsLocationSasToken')))]" + ] + }, + "protectedSettings": { + "commandToExecute": "bash version_selector.sh && ls -al && pwd >> /var/lib/cloud/instance/user-data.txt" + } + } + } + ] + } + } + } + }, + { + "type": "Microsoft.Compute/virtualMachineScaleSets", + "name": "[variables('scaleSetMemberName')]", + "location": "[parameters('location')]", + "apiVersion": "2018-10-01", + "dependsOn": [ + "[concat('Microsoft.Network/loadBalancers/', variables('lbName'))]", + "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]", + "[concat('Microsoft.Compute/virtualMachineScaleSets/', variables('scaleSetPrimaryName'))]", + "[concat('Microsoft.Resources/deployments/', 'deploySQLDB')]", + "[concat('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]" + ], + "plan": { + "name": "artifactory-vm", + "publisher": "jfrog", + "product": "artifactory-vm" + }, + "sku": { + "name": "[parameters('vmSku')]", + "tier": "Standard", + "capacity": "[parameters('nodeCount')]" + }, + "properties": { + "singlePlacementGroup": true, + "overprovision": "false", + "upgradePolicy": { + "mode": "Manual" + }, + "virtualMachineProfile": { + "storageProfile": { + "osDisk": { + "caching": "ReadWrite", + "diskSizeGB": "250", + "createOption": "FromImage" + }, + "imageReference": "[variables('imageReference')]" + }, + "osProfile": { + "computerNamePrefix": "[variables('namingInfix')]", + "adminUsername": "[parameters('adminUsername')]", + "adminPassword": "[parameters('adminPassword')]", + "customData": "[base64(concat('#INSTALL SCRIPT INPUTS\nARTIFACTORY_VERSION=', parameters('artifactoryVersion'),'\nCERTIFICATE_KEY=',parameters('certificateKey'),'\nCERTIFICATE=', parameters('certificate'),'\nCERTIFICATE_DOMAIN=',parameters('certificateDomain'),'\nARTIFACTORY_SERVER_NAME=',parameters('artifactoryServerName'),'\nEXTRA_JAVA_OPTS=',parameters('extraJavaOptions'),'\nJDBC_STR=',reference('Microsoft.Resources/deployments/deploySQLDB').outputs.jdbcConnString.value,'\nDB_NAME=',variables('DB_Name'),'\nDB_ADMIN_USER=',variables('DB_Admin_User'),'\nDB_ADMIN_PASSWD=',variables('DB_Admin_Password'),'\nSTO_ACT_NAME=',variables('storageAccountName'),'\nSTO_ACT_ENDPOINT=',reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))).primaryEndpoints.blob,'\nSTO_CTR_NAME=',variables('vmStorageAccountContainerName'),'\nSTO_ACT_KEY=',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2018-07-01').keys[0].value,'\nMASTER_KEY=',variables('masterKey'),'\nIS_PRIMARY=','false','\nLICENSE1=',variables('artifactoryLicense1'),'\nLICENSE2=',variables('artifactoryLicense2'),'\nLICENSE3=',variables('artifactoryLicense3'),'\nLICENSE4=',variables('artifactoryLicense4'),'\nLICENSE5=',variables('artifactoryLicense5'),'\n'))]" + }, + "networkProfile": { + "networkInterfaceConfigurations": [ + { + "name": "[variables('nicMemberName')]", + "properties": { + "primary": true, + "ipConfigurations": [ + { + "name": "[concat(variables('ipConfigName'),'1')]", + "properties": { + "subnet": { + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetMemberName'))]" + }, + "loadBalancerBackendAddressPools": [ + { + "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', variables('lbName'), variables('bePoolMemberName'))]" + } + ], + "loadBalancerInboundNatPools": [ + { + "id": "[resourceId('Microsoft.Network/loadBalancers/inboundNatPools', variables('lbName'), variables('natPoolMemberName'))]" + } + ] + } + } + ] + } + } + ] + }, + "extensionProfile": { + "extensions": [ + { + "name": "extension1", + "properties": { + "publisher": "Microsoft.Azure.Extensions", + "type": "CustomScript", + "typeHandlerVersion": "2.0", + "autoUpgradeMinorVersion": false, + "settings": { + "fileUris": [ + "[uri(parameters('_artifactsLocation'), concat('scripts/install_artifactory.sh', parameters('_artifactsLocationSasToken')))]", + "[uri(parameters('_artifactsLocation'), concat('scripts/install_artifactory7.sh', parameters('_artifactsLocationSasToken')))]", + "[uri(parameters('_artifactsLocation'), concat('scripts/version_selector.sh', parameters('_artifactsLocationSasToken')))]" + ] + }, + "protectedSettings": { + "commandToExecute": "bash version_selector.sh && ls -al && pwd >> /var/lib/cloud/instance/user-data.txt" + } + } + } + ] + } + } + } + } + ], + "outputs": { + "fqdn": { + "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses',variables('pipMemberName')),'2018-07-01').dnsSettings.fqdn]", + "type": "string" + } + } +} \ No newline at end of file diff --git a/AzureResourceManager/MP_submission_7/nested/azureDBDeploy.json b/AzureResourceManager/MP_submission_7/nested/azureDBDeploy.json new file mode 100644 index 0000000..70c31a5 --- /dev/null +++ b/AzureResourceManager/MP_submission_7/nested/azureDBDeploy.json @@ -0,0 +1,96 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "db_user": { + "type": "string", + "defaultValue": "artifactory", + "minLength": 1 + }, + "db_password": { + "type": "securestring" + }, + "db_server": { + "type": "string", + "defaultValue": "artmssqlsrv", + "minLength": 1 + }, + "db_name": { + "type": "string", + "defaultValue": "artdb", + "minLength": 1 + }, + "db_location": { + "type": "string", + "defaultValue": "" + }, + "db_edition": { + "type": "string", + "allowedValues": [ + "Basic", + "Standard", + "Premium" + ] + } + }, + "variables": { + "rtdbCollation": "Latin1_General_100_CS_AS", + "db_location": "[parameters('db_location')]" + }, + "resources": [ + { + "name": "[parameters('db_server')]", + "type": "Microsoft.Sql/servers", + "kind": "v12.0", + "location": "[variables('db_location')]", + "apiVersion": "2019-06-01-preview", + "tags": { + "displayName": "artifactoryDB" + }, + "properties": { + "administratorLogin": "[parameters('db_user')]", + "administratorLoginPassword": "[parameters('db_password')]", + "version": "12.0" + }, + "resources": [ + { + "name": "[uniqueString(parameters('db_server'), 'AllowAllWindowsAzureIps' )]", + "type": "firewallrules", + "location": "[variables('db_location')]", + "apiVersion": "2019-06-01-preview", + "dependsOn": [ + "[concat('Microsoft.Sql/servers/', parameters('db_server'))]" + ], + "properties": { + "startIpAddress": "0.0.0.0", + "endIpAddress": "0.0.0.0" + } + }, + { + "name": "[parameters('db_name')]", + "type": "databases", + "kind": "v12.0,user", + "location": "[variables('db_location')]", + "apiVersion": "2019-06-01-preview", + "dependsOn": [ + "[parameters('db_server')]" + ], + "tags": { + "displayName": "artifactoryDB" + }, + "properties": { + "edition": "[parameters('db_edition')]", + "maxSizeBytes": "1073741824", + "collation": "[variables('rtdbCollation')]" + } + } + ] + } + ], + "outputs": { + "jdbcConnString": { + "type": "string", + "value": "[concat('jdbc:sqlserver://', reference(concat('Microsoft.Sql/servers/', parameters('db_server'))).fullyQualifiedDomainName, ':1433')]" + } + } +} diff --git a/AzureResourceManager/MP_submission_7/scripts/install_artifactory.sh b/AzureResourceManager/MP_submission_7/scripts/install_artifactory.sh new file mode 100644 index 0000000..12238a9 --- /dev/null +++ b/AzureResourceManager/MP_submission_7/scripts/install_artifactory.sh @@ -0,0 +1,214 @@ +#!/bin/bash +DB_URL=$(cat /var/lib/cloud/instance/user-data.txt | grep "^JDBC_STR" | sed "s/JDBC_STR=//") +DB_NAME=$(cat /var/lib/cloud/instance/user-data.txt | grep "^DB_NAME=" | sed "s/DB_NAME=//") +DB_USER=$(cat /var/lib/cloud/instance/user-data.txt | grep "^DB_ADMIN_USER=" | sed "s/DB_ADMIN_USER=//") +DB_PASSWORD=$(cat /var/lib/cloud/instance/user-data.txt | grep "^DB_ADMIN_PASSWD=" | sed "s/DB_ADMIN_PASSWD=//") +STORAGE_ACCT=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_ACT_NAME=" | sed "s/STO_ACT_NAME=//") +STORAGE_CONTAINER=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_CTR_NAME=" | sed "s/STO_CTR_NAME=//") +STORAGE_ACCT_KEY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_ACT_KEY=" | sed "s/STO_ACT_KEY=//") +ARTIFACTORY_VERSION=$(cat /var/lib/cloud/instance/user-data.txt | grep "^ARTIFACTORY_VERSION=" | sed "s/ARTIFACTORY_VERSION=//") +MASTER_KEY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^MASTER_KEY=" | sed "s/MASTER_KEY=//") +IS_PRIMARY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^IS_PRIMARY=" | sed "s/IS_PRIMARY=//") +ARTIFACTORY_LICENSE_1=$(cat /var/lib/cloud/instance/user-data.txt | grep "^LICENSE1=" | sed "s/LICENSE1=//") +ARTIFACTORY_LICENSE_2=$(cat /var/lib/cloud/instance/user-data.txt | grep "^LICENSE2=" | sed "s/LICENSE2=//") +ARTIFACTORY_LICENSE_3=$(cat /var/lib/cloud/instance/user-data.txt | grep "^LICENSE3=" | sed "s/LICENSE3=//") +ARTIFACTORY_LICENSE_4=$(cat /var/lib/cloud/instance/user-data.txt | grep "^LICENSE4=" | sed "s/LICENSE4=//") +ARTIFACTORY_LICENSE_5=$(cat /var/lib/cloud/instance/user-data.txt | grep "^LICENSE5=" | sed "s/LICENSE5=//") + +UBUNTU_CODENAME=$(cat /etc/lsb-release | grep "^DISTRIB_CODENAME=" | sed "s/DISTRIB_CODENAME=//") + +export DEBIAN_FRONTEND=noninteractive + +#Generate Self-Signed Cert +mkdir -p /etc/pki/tls/private/ /etc/pki/tls/certs/ +openssl req -nodes -x509 -newkey rsa:4096 -keyout /etc/pki/tls/private/example.key -out /etc/pki/tls/certs/example.pem -days 356 -subj "/C=US/ST=California/L=SantaClara/O=IT/CN=*.localhost" + +CERTIFICATE_DOMAIN=$(cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE_DOMAIN=" | sed "s/CERTIFICATE_DOMAIN=//") +[ -z "$CERTIFICATE_DOMAIN" ] && CERTIFICATE_DOMAIN=artifactory + +ARTIFACTORY_SERVER_NAME=$(cat /var/lib/cloud/instance/user-data.txt | grep "^ARTIFACTORY_SERVER_NAME=" | sed "s/ARTIFACTORY_SERVER_NAME=//") +[ -z "$ARTIFACTORY_SERVER_NAME" ] && ARTIFACTORY_SERVER_NAME=artifactory + +#Configuring nginx +rm /etc/nginx/sites-enabled/default + +cat </etc/nginx/nginx.conf + #user nobody; + worker_processes 1; + error_log /var/log/nginx/error.log info; + #pid logs/nginx.pid; + events { + worker_connections 1024; + } + + http { + include mime.types; + variables_hash_max_size 1024; + variables_hash_bucket_size 64; + server_names_hash_max_size 4096; + server_names_hash_bucket_size 128; + types_hash_max_size 2048; + types_hash_bucket_size 64; + proxy_read_timeout 2400s; + client_header_timeout 2400s; + client_body_timeout 2400s; + proxy_connect_timeout 75s; + proxy_send_timeout 2400s; + proxy_buffer_size 32k; + proxy_buffers 40 32k; + proxy_busy_buffers_size 64k; + proxy_temp_file_write_size 250m; + proxy_http_version 1.1; + client_body_buffer_size 128k; + + include /etc/nginx/conf.d/*.conf; + default_type application/octet-stream; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + access_log /var/log/nginx/access.log main; + sendfile on; + #tcp_nopush on; + #keepalive_timeout 0; + keepalive_timeout 65; + } +EOF + +cat </etc/nginx/conf.d/artifactory.conf +ssl_certificate /etc/pki/tls/certs/cert.pem; +ssl_certificate_key /etc/pki/tls/private/cert.key; +ssl_session_cache shared:SSL:1m; +ssl_prefer_server_ciphers on; +## server configuration +server { + listen 443 ssl; + listen 80 ; + server_name ~(?.+)\\.${CERTIFICATE_DOMAIN} artifactory ${ARTIFACTORY_SERVER_NAME}.${CERTIFICATE_DOMAIN}; + if (\$http_x_forwarded_proto = '') { + set \$http_x_forwarded_proto \$scheme; + } + ## Application specific logs + ## access_log /var/log/nginx/artifactory-access.log timing; + ## error_log /var/log/nginx/artifactory-error.log; + rewrite ^/$ /artifactory/webapp/ redirect; + rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; + rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/\$repo/\$1/\$2; + chunked_transfer_encoding on; + client_max_body_size 0; + location /artifactory/ { + proxy_read_timeout 2400; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + proxy_pass http://127.0.0.1:8081/artifactory/; + proxy_set_header X-Artifactory-Override-Base-Url + \$http_x_forwarded_proto://\$host:\$server_port/artifactory; + proxy_set_header X-Forwarded-Port \$server_port; + proxy_set_header X-Forwarded-Proto \$http_x_forwarded_proto; + proxy_set_header Host \$http_host; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + } +} +EOF + +cat </var/opt/jfrog/artifactory/etc/artifactory.cluster.license +${ARTIFACTORY_LICENSE_1} + +${ARTIFACTORY_LICENSE_2} + +${ARTIFACTORY_LICENSE_3} + +${ARTIFACTORY_LICENSE_4} + +${ARTIFACTORY_LICENSE_5} +EOF + +cat </var/opt/jfrog/artifactory/etc/ha-node.properties +node.id=art1 +artifactory.ha.data.dir=/var/opt/jfrog/artifactory/data +context.url=http://127.0.0.1:8081/artifactory +membership.port=10001 +hazelcast.interface=172.25.0.3 +primary=${IS_PRIMARY} +EOF + +cat </var/opt/jfrog/artifactory/etc/db.properties +type=mssql +driver=com.microsoft.sqlserver.jdbc.SQLServerDriver +url=${DB_URL};databaseName=${DB_NAME};sendStringParametersAsUnicode=false;applicationName=Artifactory Binary Repository +username=${DB_USER} +password=${DB_PASSWORD} +EOF + +mkdir -p /var/opt/jfrog/artifactory/etc/security + +cat </var/opt/jfrog/artifactory/etc/security/master.key +${MASTER_KEY} +EOF + +cat </var/opt/jfrog/artifactory/etc/binarystore.xml + + + + + + + + + + + + + + + + + crossNetworkStrategy + crossNetworkStrategy + 2 + 1 + + + + + remote + + + + local + + + + + ${STORAGE_ACCT} + ${STORAGE_ACCT_KEY} + https://${STORAGE_ACCT}.blob.core.windows.net/ + ${STORAGE_CONTAINER} + + +EOF + + +HOSTNAME=$(hostname -i) +sed -i -e "s/art1/art-$(date +%s$RANDOM)/" /var/opt/jfrog/artifactory/etc/ha-node.properties +sed -i -e "s/127.0.0.1/$HOSTNAME/" /var/opt/jfrog/artifactory/etc/ha-node.properties +sed -i -e "s/172.25.0.3/$HOSTNAME/" /var/opt/jfrog/artifactory/etc/ha-node.properties + +cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE=" | sed "s/CERTIFICATE=//" > /tmp/temp.pem +cat /tmp/temp.pem | sed 's/CERTIFICATE----- /&\n/g' | sed 's/ -----END/\n-----END/g' | awk '{if($0 ~ /----/) {print;} else { gsub(/ /,"\n");print;}}' > /etc/pki/tls/certs/cert.pem +rm /tmp/temp.pem + +cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE_KEY=" | sed "s/CERTIFICATE_KEY=//" > /tmp/temp.key +cat /tmp/temp.key | sed 's/KEY----- /&\n/' | sed 's/ -----END/\n-----END/' | awk '{if($0 ~ /----/) {print;} else { gsub(/ /,"\n");print;}}' > /etc/pki/tls/private/cert.key +rm /tmp/temp.key + +EXTRA_JAVA_OPTS=$(cat /var/lib/cloud/instance/user-data.txt | grep "^EXTRA_JAVA_OPTS=" | sed "s/EXTRA_JAVA_OPTS=//") +[ -z "$EXTRA_JAVA_OPTS" ] && EXTRA_JAVA_OPTS='-server -Xms2g -Xmx6g -Xss256k -XX:+UseG1GC -XX:OnOutOfMemoryError="kill -9 %p"' +echo "export JAVA_OPTIONS=\"${EXTRA_JAVA_OPTS}\"" >> /var/opt/jfrog/artifactory/etc/default +chown artifactory:artifactory -R /var/opt/jfrog/artifactory/* && chown artifactory:artifactory -R /var/opt/jfrog/artifactory/etc/security && chown artifactory:artifactory -R /var/opt/jfrog/artifactory/etc/* + +# start Artifactory +sleep $((RANDOM % 120)) +service artifactory start +service nginx start +nginx -s reload +echo "INFO: Artifactory installation completed." diff --git a/AzureResourceManager/MP_submission_7/scripts/install_artifactory7.sh b/AzureResourceManager/MP_submission_7/scripts/install_artifactory7.sh new file mode 100644 index 0000000..438ea1f --- /dev/null +++ b/AzureResourceManager/MP_submission_7/scripts/install_artifactory7.sh @@ -0,0 +1,202 @@ +#!/bin/bash +DB_URL=$(cat /var/lib/cloud/instance/user-data.txt | grep "^JDBC_STR" | sed "s/JDBC_STR=//") +DB_NAME=$(cat /var/lib/cloud/instance/user-data.txt | grep "^DB_NAME=" | sed "s/DB_NAME=//") +DB_USER=$(cat /var/lib/cloud/instance/user-data.txt | grep "^DB_ADMIN_USER=" | sed "s/DB_ADMIN_USER=//") +DB_PASSWORD=$(cat /var/lib/cloud/instance/user-data.txt | grep "^DB_ADMIN_PASSWD=" | sed "s/DB_ADMIN_PASSWD=//") +STORAGE_ACCT=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_ACT_NAME=" | sed "s/STO_ACT_NAME=//") +STORAGE_CONTAINER=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_CTR_NAME=" | sed "s/STO_CTR_NAME=//") +STORAGE_ACCT_KEY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_ACT_KEY=" | sed "s/STO_ACT_KEY=//") +ARTIFACTORY_VERSION=$(cat /var/lib/cloud/instance/user-data.txt | grep "^ARTIFACTORY_VERSION=" | sed "s/ARTIFACTORY_VERSION=//") +MASTER_KEY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^MASTER_KEY=" | sed "s/MASTER_KEY=//") +JOIN_KEY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^JOIN_KEY=" | sed "s/JOIN_KEY=//") +IS_PRIMARY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^IS_PRIMARY=" | sed "s/IS_PRIMARY=//") +ARTIFACTORY_LICENSE_1=$(cat /var/lib/cloud/instance/user-data.txt | grep "^LICENSE1=" | sed "s/LICENSE1=//") +ARTIFACTORY_LICENSE_2=$(cat /var/lib/cloud/instance/user-data.txt | grep "^LICENSE2=" | sed "s/LICENSE2=//") +ARTIFACTORY_LICENSE_3=$(cat /var/lib/cloud/instance/user-data.txt | grep "^LICENSE3=" | sed "s/LICENSE3=//") +ARTIFACTORY_LICENSE_4=$(cat /var/lib/cloud/instance/user-data.txt | grep "^LICENSE4=" | sed "s/LICENSE4=//") +ARTIFACTORY_LICENSE_5=$(cat /var/lib/cloud/instance/user-data.txt | grep "^LICENSE5=" | sed "s/LICENSE5=//") +#JOIN_KEY_GENERATED=$(openssl rand -hex 16) +export DEBIAN_FRONTEND=noninteractive + +#Generate Self-Signed Cert +mkdir -p /etc/pki/tls/private/ /etc/pki/tls/certs/ +openssl req -nodes -x509 -newkey rsa:4096 -keyout /etc/pki/tls/private/example.key -out /etc/pki/tls/certs/example.pem -days 356 -subj "/C=US/ST=California/L=SantaClara/O=IT/CN=*.localhost" + +CERTIFICATE_DOMAIN=$(cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE_DOMAIN=" | sed "s/CERTIFICATE_DOMAIN=//") +[ -z "$CERTIFICATE_DOMAIN" ] && CERTIFICATE_DOMAIN=artifactory + +ARTIFACTORY_SERVER_NAME=$(cat /var/lib/cloud/instance/user-data.txt | grep "^ARTIFACTORY_SERVER_NAME=" | sed "s/ARTIFACTORY_SERVER_NAME=//") +[ -z "$ARTIFACTORY_SERVER_NAME" ] && ARTIFACTORY_SERVER_NAME=artifactory + +#Configuring nginx +rm /etc/nginx/sites-enabled/default + +cat </etc/nginx/nginx.conf + #user nobody; + worker_processes 1; + error_log /var/log/nginx/error.log info; + #pid logs/nginx.pid; + events { + worker_connections 1024; + } + + http { + include mime.types; + variables_hash_max_size 1024; + variables_hash_bucket_size 64; + server_names_hash_max_size 4096; + server_names_hash_bucket_size 128; + types_hash_max_size 2048; + types_hash_bucket_size 64; + proxy_read_timeout 2400s; + client_header_timeout 2400s; + client_body_timeout 2400s; + proxy_connect_timeout 75s; + proxy_send_timeout 2400s; + proxy_buffer_size 32k; + proxy_buffers 40 32k; + proxy_busy_buffers_size 64k; + proxy_temp_file_write_size 250m; + proxy_http_version 1.1; + client_body_buffer_size 128k; + + include /etc/nginx/conf.d/*.conf; + default_type application/octet-stream; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + access_log /var/log/nginx/access.log main; + sendfile on; + #tcp_nopush on; + #keepalive_timeout 0; + keepalive_timeout 65; + } +EOF + +cat </etc/nginx/conf.d/artifactory.conf +ssl_protocols TLSv1 TLSv1.1 TLSv1.2; +ssl_certificate /etc/pki/tls/certs/cert.pem; +ssl_certificate_key /etc/pki/tls/private/cert.key; +ssl_session_cache shared:SSL:1m; +ssl_prefer_server_ciphers on; +## server configuration +server { + listen 443 ssl; + listen 80 ; + server_name ~(?.+)\\.${CERTIFICATE_DOMAIN} artifactory ${ARTIFACTORY_SERVER_NAME}.${CERTIFICATE_DOMAIN}; + if (\$http_x_forwarded_proto = '') { + set \$http_x_forwarded_proto \$scheme; + } + ## Application specific logs + ## access_log /var/log/nginx/artifactory-access.log timing; + ## error_log /var/log/nginx/artifactory-error.log; + rewrite ^/$ /ui/ redirect; + rewrite ^/ui$ /ui/ redirect; + chunked_transfer_encoding on; + client_max_body_size 0; + location / { + proxy_read_timeout 2400; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + proxy_pass http://127.0.0.1:8082; + proxy_next_upstream error timeout non_idempotent; + proxy_next_upstream_tries 1; + proxy_set_header X-JFrog-Override-Base-Url \$http_x_forwarded_proto://\$host:\$server_port; + proxy_set_header X-Forwarded-Port \$server_port; + proxy_set_header X-Forwarded-Proto \$http_x_forwarded_proto; + proxy_set_header Host \$http_host; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + + location ~ ^/artifactory/ { + proxy_pass http://127.0.0.1:8081; + } + } +} +EOF + + +mkdir -p /opt/jfrog/artifactory/var/etc/artifactory/ +cat </opt/jfrog/artifactory/var/etc/artifactory/artifactory.cluster.license +${ARTIFACTORY_LICENSE_1} + +${ARTIFACTORY_LICENSE_2} + +${ARTIFACTORY_LICENSE_3} + +${ARTIFACTORY_LICENSE_4} + +${ARTIFACTORY_LICENSE_5} +EOF + +HOSTNAME=$(ip route get 8.8.8.8 | awk '{print $NF; exit}') + +if [ "${IS_PRIMARY}" = "true" ]; then + NODE_NAME=art-primary +else + NODE_NAME=art-$(date +%s$RANDOM) +fi + +# Java options +EXTRA_JAVA_OPTS=$(cat /var/lib/cloud/instance/user-data.txt | grep "^EXTRA_JAVA_OPTS=" | sed "s/EXTRA_JAVA_OPTS=//") +sed -i -e "s/#extraJavaOpts: \"-Xms512m -Xmx2g\"/extraJavaOpts: ${EXTRA_JAVA_OPTS}/" /var/opt/jfrog/artifactory/etc/system.yaml + +# Node settings +HOSTNAME=$(hostname -i) +sed -i -e "s/#id: \"art1\"/id: \"${NODE_NAME}\"/" /var/opt/jfrog/artifactory/etc/system.yaml +sed -i -e "s/#ip:/ip: ${HOSTNAME}/" /var/opt/jfrog/artifactory/etc/system.yaml +sed -i -e "s/#primary: true/primary: ${IS_PRIMARY}/" /var/opt/jfrog/artifactory/etc/system.yaml +sed -i -e "s/#haEnabled:/haEnabled:/" /var/opt/jfrog/artifactory/etc/system.yaml + +# Set MS SQL configuration +cat <>/var/opt/jfrog/artifactory/etc/system.yaml + ## One of: mysql, oracle, mssql, postgresql, mariadb + ## Default: Embedded derby + ## Example for mysql + type: mssql + driver: com.microsoft.sqlserver.jdbc.SQLServerDriver + url: ${DB_URL};databaseName=${DB_NAME};sendStringParametersAsUnicode=false;applicationName=Artifactory Binary Repository + username: ${DB_USER} + password: ${DB_PASSWORD} + +EOF + +# Create master.key on each node +mkdir -p /opt/jfrog/artifactory/var/etc/security/ + +cat </opt/jfrog/artifactory/var/etc/security/master.key +${MASTER_KEY} +EOF + +# Azure Blob Storage configuration +# https://www.jfrog.com/confluence/display/JFROG/Configuring+the+Filestore#ConfiguringtheFilestore-AzureBlobStorageClusterBinaryProvider +mkdir -p /var/opt/jfrog/artifactory/etc/artifactory/ +cat </var/opt/jfrog/artifactory/etc/artifactory/binarystore.xml + + + + ${STORAGE_ACCT} + ${STORAGE_ACCT_KEY} + https://${STORAGE_ACCT}.blob.core.windows.net/ + ${STORAGE_CONTAINER} + + +EOF + + +cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE=" | sed "s/CERTIFICATE=//" > /tmp/temp.pem +cat /tmp/temp.pem | sed 's/CERTIFICATE----- /&\n/g' | sed 's/ -----END/\n-----END/g' | awk '{if($0 ~ /----/) {print;} else { gsub(/ /,"\n");print;}}' > /etc/pki/tls/certs/cert.pem +rm /tmp/temp.pem + +cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE_KEY=" | sed "s/CERTIFICATE_KEY=//" > /tmp/temp.key +cat /tmp/temp.key | sed 's/KEY----- /&\n/' | sed 's/ -----END/\n-----END/' | awk '{if($0 ~ /----/) {print;} else { gsub(/ /,"\n");print;}}' > /etc/pki/tls/private/cert.key +rm /tmp/temp.key + +chown artifactory:artifactory -R /var/opt/jfrog/artifactory/* && chown artifactory:artifactory -R /var/opt/jfrog/artifactory/etc/security && chown artifactory:artifactory -R /var/opt/jfrog/artifactory/etc/* + +# start Artifactory +sleep $((RANDOM % 120)) +service artifactory start +service nginx start +nginx -s reload +echo "INFO: Artifactory HA installation completed." +echo "" diff --git a/AzureResourceManager/MP_submission_7/scripts/version_selector.sh b/AzureResourceManager/MP_submission_7/scripts/version_selector.sh new file mode 100644 index 0000000..13526b2 --- /dev/null +++ b/AzureResourceManager/MP_submission_7/scripts/version_selector.sh @@ -0,0 +1,13 @@ +#!/bin/bash +ARTIFACTORY_VERSION=$(cat /var/lib/cloud/instance/user-data.txt | grep "^ARTIFACTORY_VERSION=" | sed "s/ARTIFACTORY_VERSION=//") +IFS=$'\t' +SUPPORTED_VERSIONS=("6.8.0\t6.11.3\t6.15.0\t0.16.0\t0.17.0\t6.18.0") +unset IFS + +if [[ "\t${SUPPORTED_VERSIONS[@]}\t" =~ "\t${ARTIFACTORY_VERSION}\t" ]]; then + sh install_artifactory.sh + echo "\ninstall_artifactory.sh was selected" >> user-data.txt +else + sh install_artifactory7.sh + echo "\ninstall_artifactory7.sh was selected" >> user-data.txt +fi \ No newline at end of file diff --git a/AzureResourceManager/README.md b/AzureResourceManager/README.md index 31bd6ea..8725cd8 100644 --- a/AzureResourceManager/README.md +++ b/AzureResourceManager/README.md @@ -1,81 +1,81 @@ -# Setup Artifactory Enterprise - - - - - - - - -This template can help you setup the [Artifactory Enterprise](https://jfrog.com/artifactory) on Azure. - -## A. Deploy Artifactory Enterprise on Azure -![screenshot](images/HA_Diagram.png) - - -1. Click "Deploy to Azure" button. If you haven't got an Azure subscription, it will guide you on how to signup for a free trial. - -2. Enter a valid values to parameters. At least 1 license has to be provided. - - -![screenshot](images/Parameters.png) - -3. Click on Purchase to start deploying resources. It will deploy MsSQL database, Azure Blob storage container, VM installing Nginx and Artifactory and Load balancer. - -4. Once deployment is done. Copy FQDN from Output of deployment template. - -5. Access artifactory using FQDN. - -6. You will see specified artifactory member nodes in 'Admin -> High Availability' page. - -### Note: -1. This template only supports Artifactory version 5.8.x and above. -2. Turn off daily backups. Read Documentation provided [here](https://www.jfrog.com/confluence/display/RTF/Managing+Backups) -3. Use SSL Certificate with valid wild card to you artifactory as docker registry with subdomain method. -4. Input values for 'adminUsername' and 'adminPassword' parameters needs to follow azure VM access rules. -5. One primary node is configured automatically. And, Minimum 1 member node is expected for the Artifactory HA installation. -6. This template provides support for max 5 licenses. To add more licenses, Edit the template (input fields, CustomScript sections) and install_artifactory.sh script. -7. Refer to [System Requirements](https://www.jfrog.com/confluence/display/RTF/System+Requirements) for changing 'extraJavaOptions' input parameter value. - -### Steps to setup Artifactory as secure docker registry -considering you have SSL certificate for `*.jfrog.team` -1. Pass your SSL Certificate in parameter `Certificate` as string -2. Pass your SSL Certificate Key in parameter `CertificateKey` as string -3. Set `CertificateDomain` as `jfrog.team` -4. Set `ArtifactoryServerName` as `artifactory` if you want to access artifactory with `https://artifactory.jfrog.team` -5. Create DNS record with entry `artifactory.jfrog.team` pointing to load balancer value provided as output in template deployment. -6. Create DNS record with entry `*.jfrog.team` pointing to load balancer value provided as output in template deployment. -7. If you have virtual docker registry with name `docker-virtual` in artifactory. You can access it via `docker-virtual.jfrog.team` - e.g ```docker pull docker-virtual.jfrog.team/nginx``` - -### Steps to upgrade Artifactory Version - -1. Login into Primary VM instance and sudo as root. Use the admin credentials provided in the install setup. -Note: Use load balancer's NAT entries under Azure resources, to get the allocated NAT port for accessing the VM instance. - -2. Stop nginx and artifactory services. - ``` - service nginx stop - service artifactory stop - ``` - -3. Upgrade artifactory with following apt-get install command. - ``` - apt-get update - apt-get -y install jfrog-artifactory-pro=${ARTIFACTORY_VERSION} - ``` -4. Start artifactory and nginx services. - ``` - service artifactory start - service nginx start - ``` -5. Repeat above steps for all member nodes. - ------- -#### Note: -Supported locations: `East US 2`, `Central US`, `West Central US` and `West Europe`. -Please check the Azure region support for `Standard Sku` property in load balancer for this template to work properly. -Check for SQL server support on specified location. If SQL server is not available in the location, Use 'DB_Location' to specify the location with SQL server support. - - - +# Setup Artifactory Enterprise + + + + + + + + +This template can help you setup the [Artifactory Enterprise](https://jfrog.com/artifactory) on Azure. + +## A. Deploy Artifactory Enterprise on Azure +![screenshot](images/HA_Diagram.png) + + +1. Click "Deploy to Azure" button. If you haven't got an Azure subscription, it will guide you on how to signup for a free trial. + +2. Enter a valid values to parameters. At least 1 license has to be provided. + + +![screenshot](images/Parameters.png) + +3. Click on Purchase to start deploying resources. It will deploy MsSQL database, Azure Blob storage container, VM installing Nginx and Artifactory and Load balancer. + +4. Once deployment is done. Copy FQDN from Output of deployment template. + +5. Access artifactory using FQDN. + +6. You will see specified artifactory member nodes in 'Admin -> High Availability' page. + +### Note: +1. This template only supports Artifactory version 5.8.x and above. +2. Turn off daily backups. Read Documentation provided [here](https://www.jfrog.com/confluence/display/RTF/Managing+Backups) +3. Use SSL Certificate with valid wild card to you artifactory as docker registry with subdomain method. +4. Input values for 'adminUsername' and 'adminPassword' parameters needs to follow azure VM access rules. +5. One primary node is configured automatically. And, Minimum 1 member node is expected for the Artifactory HA installation. +6. This template provides support for max 5 licenses. To add more licenses, Edit the template (input fields, CustomScript sections) and install_artifactory.sh script. +7. Refer to [System Requirements](https://www.jfrog.com/confluence/display/RTF/System+Requirements) for changing 'extraJavaOptions' input parameter value. + +### Steps to setup Artifactory as secure docker registry +considering you have SSL certificate for `*.jfrog.team` +1. Pass your SSL Certificate in parameter `Certificate` as string +2. Pass your SSL Certificate Key in parameter `CertificateKey` as string +3. Set `CertificateDomain` as `jfrog.team` +4. Set `ArtifactoryServerName` as `artifactory` if you want to access artifactory with `https://artifactory.jfrog.team` +5. Create DNS record with entry `artifactory.jfrog.team` pointing to load balancer value provided as output in template deployment. +6. Create DNS record with entry `*.jfrog.team` pointing to load balancer value provided as output in template deployment. +7. If you have virtual docker registry with name `docker-virtual` in artifactory. You can access it via `docker-virtual.jfrog.team` + e.g ```docker pull docker-virtual.jfrog.team/nginx``` + +### Steps to upgrade Artifactory Version + +1. Login into Primary VM instance and sudo as root. Use the admin credentials provided in the install setup. +Note: Use load balancer's NAT entries under Azure resources, to get the allocated NAT port for accessing the VM instance. + +2. Stop nginx and artifactory services. + ``` + service nginx stop + service artifactory stop + ``` + +3. Upgrade artifactory with following apt-get install command. + ``` + apt-get update + apt-get -y install jfrog-artifactory-pro=${ARTIFACTORY_VERSION} + ``` +4. Start artifactory and nginx services. + ``` + service artifactory start + service nginx start + ``` +5. Repeat above steps for all member nodes. + +------ +#### Note: +Supported locations: `East US 2`, `Central US`, `West Central US` and `West Europe`. +Please check the Azure region support for `Standard Sku` property in load balancer for this template to work properly. +Check for SQL server support on specified location. If SQL server is not available in the location, Use 'DB_Location' to specify the location with SQL server support. + + + diff --git a/AzureResourceManager/azuredeploy.json b/AzureResourceManager/azuredeploy.json index 4091e4a..e2bdccf 100644 --- a/AzureResourceManager/azuredeploy.json +++ b/AzureResourceManager/azuredeploy.json @@ -4,41 +4,71 @@ "parameters": { "vmSku": { "type": "string", - "defaultValue": "Standard_A4", + "defaultValue": "Standard_D4s_v3", "metadata": { "description": "Size of VMs in the VM Scale Set." } }, "clusterName": { "type": "string", + "maxLength": 61, "metadata": { "description": "String used as a base for naming resources. Must be 3-61 characters in length and globally unique across Azure. A hash is prepended to this string for some resources, and resource-specific information is appended." - }, - "maxLength": 61 + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Location for the resources." + } }, "nodeCount": { "type": "int", "defaultValue": 2, "minValue": 1, + "maxValue": 100, "metadata": { "description": "Number of VM instances (100 or less) for member artifactory nodes. Minimum 1 node." - }, - "maxValue": 100 + } }, "artifactoryVersion": { "type": "string", - "defaultValue": "6.2.0", + "defaultValue": "7.4.30", + "allowedValues": [ + "6.6.0", + "6.6.1", + "6.7.0", + "6.8.0", + "6.11.3", + "6.15.0", + "0.16.0", + "0.17.0", + "6.18.0", + "7.0.0717", + "7.0.4001", + "7.2.1", + "7.4.3", + "7.4.30", + "7.4.31" + ], "metadata": { - "description": "Artifactory version to deploy. Supported from 5.8.0 and above." + "description": "Artifactory-vm image version to deploy." } }, "masterKey": { "type": "string", - "defaultValue": "1ce2be4490ca2c662cb79636cf9b7b8e", + "maxLength": 64, "metadata": { "description": "Master key for Artifactory cluster. Generate master.key using command '$openssl rand -hex 16'" - }, - "maxLength": 64 + } + }, + "joinKey": { + "type": "string", + "maxLength": 64, + "metadata": { + "description": "Join key for Artifactory cluster. Generate join.key using command '$openssl rand -hex 16'" + } }, "adminUsername": { "type": "string", @@ -52,18 +82,6 @@ "description": "Admin password on all VMs. Follow conventions for azure VM admin password rules." } }, - "ubuntuOSVersion": { - "type": "string", - "defaultValue": "16.04.0-LTS", - "allowedValues": [ - "12.04.5-LTS", - "14.04.2-LTS", - "16.04.0-LTS" - ], - "metadata": { - "description": "The Ubuntu version for the VM." - } - }, "artifactoryLicense1": { "type": "string", "metadata": { @@ -131,7 +149,7 @@ "extraJavaOptions": { "type": "string", "minLength": 1, - "defaultValue": "-server -Xms2g -Xmx12g -Xss256k -XX:+UseG1GC -XX:OnOutOfMemoryError=\\\"kill -9 %p\\\"", + "defaultValue": "-server -Xms2g -Xmx8g -Xss256k -XX:+UseG1GC -XX:OnOutOfMemoryError=\\\"kill -9 %p\\\"", "metadata": { "description": "Setting Java Memory Parameters for Artifactory. Learn about system requirements for Artifactory https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware." } @@ -139,7 +157,6 @@ "DB_Admin_User": { "type": "string", "minLength": 1, - "defaultValue": "artifactory", "metadata": { "description": "Database Admin user name" } @@ -147,7 +164,6 @@ "DB_Admin_Password": { "type": "securestring", "minLength": 1, - "defaultValue": "jFrog123", "metadata": { "description": "Database Admin password" } @@ -155,7 +171,6 @@ "DB_Name": { "type": "string", "minLength": 1, - "defaultValue": "artdb", "metadata": { "description": "Database name" } @@ -173,11 +188,16 @@ "description": "Database Edition" } }, - "DB_Location": { + "storageAccountType": { "type": "string", - "defaultValue": "", + "defaultValue": "Standard_LRS", + "allowedValues": [ + "Standard_LRS", + "Standard_GRS", + "Standard_ZRS" + ], "metadata": { - "description": "Database location. Default to resource group location if blank." + "description": "Storage Account type" } }, "_artifactsLocation": { @@ -185,7 +205,7 @@ "metadata": { "description": "The base URI where artifacts required by this template are located. When the template is deployed using the accompanying scripts, a private location in the subscription will be used and this value will be automatically generated." }, - "defaultValue": "https://raw.githubusercontent.com/JFrogDev/JFrog-Cloud-Installers/master/AzureResourceManager/" + "defaultValue": "https://raw.githubusercontent.com/jfrog/JFrog-Cloud-Installers/master/AzureResourceManager/" }, "_artifactsLocationSasToken": { "type": "securestring", @@ -198,34 +218,45 @@ "variables": { "namingInfix": "[toLower(substring(concat(parameters('clusterName'), uniqueString(resourceGroup().id)), 0, 9))]", "addressPrefix": "10.0.0.0/16", - "subnetPrefix": "10.0.1.0/24", + "subnetPrimaryPrefix": "10.0.1.0/24", + "subnetMemberPrefix": "10.0.2.0/24", "virtualNetworkName": "[concat(variables('namingInfix'), 'vnet')]", - "subnetName": "[concat(variables('namingInfix'), 'subnet')]", - "scaleSetName": "[concat(variables('namingInfix'), 'scaleset')]", + "subnetPrimaryName": "[concat(variables('namingInfix'), 'primarySubnet')]", + "subnetMemberName": "[concat(variables('namingInfix'), 'memberSubnet')]", + "scaleSetPrimaryName": "[concat(variables('namingInfix'), 'primaryScaleset')]", + "scaleSetMemberName": "[concat(variables('namingInfix'), 'memberScaleset')]", "lbName": "[concat(variables('namingInfix'), 'lb')]", - "bepoolName": "[concat(variables('lbName'), 'bepool')]", - "fepoolName": "[concat(variables('lbName'), 'fepool')]", - "lbID": "[resourceId('Microsoft.Network/loadBalancers',variables('lbName'))]", - "bepoolID": "[concat(variables('lbID'),'/backendAddressPools/', variables('bepoolName'))]", - "feIpConfigName": "[concat(variables('fepoolName'), 'IpConfig')]", - "feIpConfigId": "[concat(variables('lbID'),'/frontendIPConfigurations/', variables('feIpConfigName'))]", - "pipName": "[concat(variables('namingInfix'), 'pip')]", - "nicName": "[concat(variables('namingInfix'), 'nic')]", - "natPoolName": "[concat(variables('lbName'), 'natpool')]", + "bepoolPrimaryName": "[concat(variables('lbName'), 'primaryBepool')]", + "bepoolMemberName": "[concat(variables('lbName'), 'memberBepool')]", + "fepoolPrimaryName": "[concat(variables('lbName'), 'primaryFepool')]", + "fepoolMemberName": "[concat(variables('lbName'), 'memberFepool')]", + "bepoolPrimaryID": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', variables('lbName'), variables('bepoolPrimaryName'))]", + "bepoolMemberID": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', variables('lbName'), variables('bepoolMemberName'))]", + "feIpConfigPrimaryName": "[concat(variables('fepoolPrimaryName'), 'primaryIpConfig')]", + "feIpConfigMemberName": "[concat(variables('fepoolMemberName'), 'memberIpConfig')]", + "feIpConfigPrimaryId": "[resourceId('Microsoft.Network/loadBalancers/frontendIpConfigurations', variables('lbName'), variables('feIpConfigPrimaryName'))]", + "feIpConfigMemberId": "[resourceId('Microsoft.Network/loadBalancers/frontendIpConfigurations', variables('lbName'), variables('feIpConfigMemberName'))]", + "pipPrimaryName": "[concat(variables('namingInfix'), 'primaryPip')]", + "pipMemberName": "[concat(variables('namingInfix'), 'memberPip')]", + "nicPrimaryName": "[concat(variables('namingInfix'), 'primaryNic')]", + "nicMemberName": "[concat(variables('namingInfix'), 'memberNic')]", + "natPoolPrimaryName": "[concat(variables('lbName'), 'primaryNatpool')]", + "natPoolMemberName": "[concat(variables('lbName'), 'memberNatpool')]", "ipConfigName": "[concat(variables('namingInfix'), 'ipconfig')]", - "httpProbeName": "httpProbe", - "httpsProbeName": "httpsProbe", + "httpProbePrimaryName": "primaryHttpProbe", + "httpsProbePrimaryName": "primaryHttpsProbe", + "httpProbeMemberName": "memberHttpProbe", + "httpsProbeMemberName": "memberHttpsProbe", "storageAccountName": "[concat(variables('namingInfix'), 'storage')]", - "storageAccountType": "Standard_LRS", "vmStorageAccountContainerName": "filestore", "azureSqlServerName": "[concat(variables('namingInfix'), 'sqlsrv')]", "DB_Name": "[parameters('DB_Name')]", "DB_Admin_User": "[parameters('DB_Admin_User')]", "DB_Admin_Password": "[parameters('DB_Admin_Password')]", "DB_Edition": "[parameters('DB_Edition')]", - "DB_Location": "[parameters('DB_Location')]", - "artifactoryVersion": "[parameters('artifactoryVersion')]", + "DB_Location": "[parameters('location')]", "masterKey": "[parameters('masterKey')]", + "joinKey": "[parameters('joinKey')]", "certificate": "[parameters('certificate')]", "certificateKey": "[parameters('certificateKey')]", "certificateDomain": "[parameters('certificateDomain')]", @@ -237,21 +268,35 @@ "artifactoryLicense4": "[parameters('artifactoryLicense4')]", "artifactoryLicense5": "[parameters('artifactoryLicense5')]", "osType": { - "publisher": "Canonical", - "offer": "UbuntuServer", - "sku": "[parameters('ubuntuOSVersion')]", - "version": "latest" + "publisher": "jfrog", + "offer": "artifactory-vm", + "sku": "artifactory-vm-private", + "version": "[parameters('artifactoryVersion')]" }, - "apiVersion": "2015-06-15", "imageReference": "[variables('osType')]", "dbTemplate": "azureDBDeploy.json", - "dbTemplateLocation": "[concat(parameters('_artifactsLocation'), 'nested', '/', variables('dbTemplate'))]", + "dbTemplateLocation": "[uri(parameters('_artifactsLocation'), concat('nested/', variables('dbTemplate'), parameters('_artifactsLocationSasToken')))]", "nsgName": "[concat(variables('namingInfix'), 'nsg')]" }, "resources": [ + { + "apiVersion": "2019-05-01", + "name": "pid-04c1c376-5d4b-4771-9a7f-054f5910dcef", + "type": "Microsoft.Resources/deployments", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, { "type": "Microsoft.Network/networkSecurityGroups", - "location": "[resourceGroup().location]", + "location": "[parameters('location')]", + "name": "[variables('nsgName')]", + "apiVersion": "2018-07-01", "properties": { "securityRules": [ { @@ -269,7 +314,7 @@ } }, { - "name": "http-rule", + "name": "http-artifactory-rule", "properties": { "description": "Allow HTTP", "protocol": "Tcp", @@ -283,7 +328,7 @@ } }, { - "name": "http-rule-1", + "name": "http-nginx-rule", "properties": { "description": "Allow HTTP", "protocol": "Tcp", @@ -297,7 +342,7 @@ } }, { - "name": "https-rule", + "name": "https-nginx-rule", "properties": { "description": "Allow HTTP", "protocol": "Tcp", @@ -325,15 +370,13 @@ } } ] - }, - "name": "[variables('nsgName')]", - "apiVersion": "2016-03-30" + } }, { "type": "Microsoft.Network/virtualNetworks", "name": "[variables('virtualNetworkName')]", - "location": "[resourceGroup().location]", - "apiVersion": "2016-03-30", + "location": "[parameters('location')]", + "apiVersion": "2018-07-01", "dependsOn": [ "[concat('Microsoft.Network/networkSecurityGroups/', variables('nsgName'))]" ], @@ -345,9 +388,18 @@ }, "subnets": [ { - "name": "[variables('subnetName')]", + "name": "[variables('subnetPrimaryName')]", "properties": { - "addressPrefix": "[variables('subnetPrefix')]", + "addressPrefix": "[variables('subnetPrimaryPrefix')]", + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]" + } + } + }, + { + "name": "[variables('subnetMemberName')]", + "properties": { + "addressPrefix": "[variables('subnetMemberPrefix')]", "networkSecurityGroup": { "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]" } @@ -357,12 +409,12 @@ } }, { - "apiVersion": "[variables('apiVersion')]", + "apiVersion": "2018-07-01", "type": "Microsoft.Network/networkInterfaces", - "name": "[variables('nicName')]", - "location": "[resourceGroup().location]", + "name": "[variables('nicPrimaryName')]", + "location": "[parameters('location')]", "dependsOn": [ - "[concat('Microsoft.Network/publicIPAddresses/', variables('pipName'))]", + "[concat('Microsoft.Network/publicIPAddresses/', variables('pipPrimaryName'))]", "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]", "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]" ], @@ -373,7 +425,7 @@ "properties": { "privateIPAllocationMethod": "Dynamic", "subnet": { - "id": "[concat(resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName')), '/subnets/', variables('subnetName'))]" + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetPrimaryName'))]" } } } @@ -384,12 +436,12 @@ } }, { - "apiVersion": "[variables('apiVersion')]", + "apiVersion": "2018-07-01", "type": "Microsoft.Network/networkInterfaces", - "name": "[concat(variables('nicName'),'2')]", - "location": "[resourceGroup().location]", + "name": "[variables('nicMemberName')]", + "location": "[parameters('location')]", "dependsOn": [ - "[concat('Microsoft.Network/publicIPAddresses/', variables('pipName'),'2')]", + "[concat('Microsoft.Network/publicIPAddresses/', variables('pipMemberName'))]", "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]", "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]" ], @@ -400,7 +452,7 @@ "properties": { "privateIPAllocationMethod": "Dynamic", "subnet": { - "id": "[concat(resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName')), '/subnets/', variables('subnetName'))]" + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetMemberName'))]" } } } @@ -412,12 +464,12 @@ }, { "type": "Microsoft.Network/publicIPAddresses", - "name": "[variables('pipName')]", - "location": "[resourceGroup().location]", + "name": "[variables('pipPrimaryName')]", + "location": "[parameters('location')]", "sku": { "name": "Standard" }, - "apiVersion": "2017-08-01", + "apiVersion": "2018-07-01", "properties": { "publicIPAllocationMethod": "Static", "dnsSettings": { @@ -427,12 +479,12 @@ }, { "type": "Microsoft.Network/publicIPAddresses", - "name": "[concat(variables('pipName'),'2')]", - "location": "[resourceGroup().location]", + "name": "[variables('pipMemberName')]", + "location": "[parameters('location')]", "sku": { "name": "Standard" }, - "apiVersion": "2017-08-01", + "apiVersion": "2018-07-01", "properties": { "publicIPAllocationMethod": "Static", "dnsSettings": { @@ -443,51 +495,51 @@ { "type": "Microsoft.Network/loadBalancers", "name": "[variables('lbName')]", - "location": "[resourceGroup().location]", - "apiVersion": "2017-08-01", + "location": "[parameters('location')]", + "apiVersion": "2018-07-01", "sku": { "name": "Standard" }, "dependsOn": [ - "[concat('Microsoft.Network/publicIPAddresses/', variables('pipName'))]", - "[concat('Microsoft.Network/publicIPAddresses/', variables('pipName'), '2')]" + "[concat('Microsoft.Network/publicIPAddresses/', variables('pipPrimaryName'))]", + "[concat('Microsoft.Network/publicIPAddresses/', variables('pipMemberName'))]" ], - "tags": { + "tags":{ "displayName": "Load Balancer" }, "properties": { "frontendIPConfigurations": [ { - "name": "[variables('feIpConfigName')]", + "name": "[variables('feIpConfigPrimaryName')]", "properties": { "publicIPAddress": { - "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('pipName'))]" + "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('pipPrimaryName'))]" } } }, { - "name": "[concat(variables('feIpConfigName'),'2')]", + "name": "[variables('feIpConfigMemberName')]", "properties": { "publicIPAddress": { - "id": "[resourceId('Microsoft.Network/publicIPAddresses', concat(variables('pipName'),'2'))]" + "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('pipMemberName'))]" } } } ], "backendAddressPools": [ { - "name": "[variables('bepoolName')]" + "name": "[variables('bepoolPrimaryName')]" }, { - "name": "[concat(variables('bepoolName'),'2')]" + "name": "[variables('bepoolMemberName')]" } ], "inboundNatPools": [ { - "name": "[variables('natPoolName')]", + "name": "[variables('natPoolPrimaryName')]", "properties": { "frontendIPConfiguration": { - "id": "[variables('feIpConfigId')]" + "id": "[variables('feIpConfigPrimaryId')]" }, "protocol": "tcp", "frontendPortRangeStart": 10022, @@ -496,10 +548,10 @@ } }, { - "name": "[concat(variables('natPoolName'),'2')]", + "name": "[variables('natPoolMemberName')]", "properties": { "frontendIPConfiguration": { - "id": "[concat(variables('feIpConfigId'),'2')]" + "id": "[variables('feIpConfigMemberId')]" }, "protocol": "tcp", "frontendPortRangeStart": 20022, @@ -510,14 +562,14 @@ ], "loadBalancingRules": [ { - "name": "HTTPRule", + "name": "HTTPRulePrimary", "properties": { "loadDistribution": "Default", "frontendIPConfiguration": { - "id": "[variables('feIpConfigId')]" + "id": "[variables('feIpConfigPrimaryId')]" }, "backendAddressPool": { - "id": "[variables('bepoolID')]" + "id": "[variables('bepoolPrimaryID')]" }, "protocol": "Tcp", "frontendPort": 80, @@ -525,19 +577,19 @@ "enableFloatingIP": false, "idleTimeoutInMinutes": 5, "probe": { - "id": "[concat(variables('lbId'), '/probes/', variables('httpProbeName'))]" + "id": "[resourceId('Microsoft.Network/loadBalancers/probes', variables('lbName'), variables('httpProbePrimaryName'))]" } } }, { - "name": "HTTPSRule", + "name": "HTTPSRulePrimary", "properties": { "loadDistribution": "Default", "frontendIPConfiguration": { - "id": "[variables('feIpConfigId')]" + "id": "[variables('feIpConfigPrimaryId')]" }, "backendAddressPool": { - "id": "[variables('bepoolID')]" + "id": "[variables('bepoolPrimaryID')]" }, "protocol": "Tcp", "frontendPort": 443, @@ -545,19 +597,19 @@ "enableFloatingIP": false, "idleTimeoutInMinutes": 5, "probe": { - "id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('lbName')), '/probes/', variables('httpsProbeName'))]" + "id": "[resourceId('Microsoft.Network/loadBalancers/probes', variables('lbName'), variables('httpsProbePrimaryName'))]" } } }, { - "name": "HTTPRule2", + "name": "HTTPRuleMember", "properties": { "loadDistribution": "Default", "frontendIPConfiguration": { - "id": "[concat(variables('feIpConfigId'),'2')]" + "id": "[variables('feIpConfigMemberId')]" }, "backendAddressPool": { - "id": "[concat(variables('bepoolID'),'2')]" + "id": "[variables('bepoolMemberID')]" }, "protocol": "Tcp", "frontendPort": 80, @@ -565,19 +617,19 @@ "enableFloatingIP": false, "idleTimeoutInMinutes": 5, "probe": { - "id": "[concat(variables('lbId'), '/probes/', variables('httpProbeName'),'2')]" + "id": "[resourceId('Microsoft.Network/loadBalancers/probes', variables('lbName'), variables('httpProbeMemberName'))]" } } }, { - "name": "HTTPSRule2", + "name": "HTTPSRuleMember", "properties": { "loadDistribution": "Default", "frontendIPConfiguration": { - "id": "[concat(variables('feIpConfigId'),'2')]" + "id": "[variables('feIpConfigMemberId')]" }, "backendAddressPool": { - "id": "[concat(variables('bepoolID'),'2')]" + "id": "[variables('bepoolMemberID')]" }, "protocol": "Tcp", "frontendPort": 443, @@ -585,14 +637,14 @@ "enableFloatingIP": false, "idleTimeoutInMinutes": 5, "probe": { - "id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('lbName')), '/probes/', variables('httpsProbeName'),'2')]" + "id": "[resourceId('Microsoft.Network/loadBalancers/probes', variables('lbName'), variables('httpsProbeMemberName'))]" } } } ], "probes": [ { - "name": "[variables('httpProbeName')]", + "name": "[variables('httpProbePrimaryName')]", "properties": { "protocol": "Http", "requestPath": "/artifactory/api/system/ping", @@ -602,7 +654,7 @@ } }, { - "name": "[variables('httpsProbeName')]", + "name": "[variables('httpsProbePrimaryName')]", "properties": { "protocol": "Tcp", "port": 443, @@ -611,7 +663,7 @@ } }, { - "name": "[concat(variables('httpProbeName'),'2')]", + "name": "[variables('httpProbeMemberName')]", "properties": { "protocol": "Http", "requestPath": "/artifactory/api/system/ping", @@ -621,7 +673,7 @@ } }, { - "name": "[concat(variables('httpsProbeName'),'2')]", + "name": "[variables('httpsProbeMemberName')]", "properties": { "protocol": "Tcp", "port": 443, @@ -633,18 +685,23 @@ } }, { - "apiVersion": "[variables('apiVersion')]", + "apiVersion": "2018-07-01", "type": "Microsoft.Storage/storageAccounts", "name": "[variables('storageAccountName')]", - "location": "[resourceGroup().location]", - "properties": { - "accountType": "[variables('storageAccountType')]" - } + "location": "[parameters('location')]", + "sku": { + "name": "[parameters('storageAccountType')]" + }, + "tags":{ + "displayName": "Artifactory Storage Account" + }, + "kind": "Storage", + "properties": {} }, { "type": "Microsoft.Resources/deployments", "name": "deploySQLDB", - "apiVersion": "2014-04-01", + "apiVersion": "2018-07-01", "properties": { "mode": "Incremental", "templateLink": { @@ -668,29 +725,35 @@ "value": "[parameters('DB_Edition')]" }, "db_location": { - "value": "[parameters('DB_Location')]" + "value": "[variables('DB_Location')]" } } } }, { "type": "Microsoft.Compute/virtualMachineScaleSets", - "name": "[variables('scaleSetName')]", - "location": "[resourceGroup().location]", - "apiVersion": "2017-03-30", + "name": "[variables('scaleSetPrimaryName')]", + "location": "[parameters('location')]", + "apiVersion": "2018-10-01", "dependsOn": [ "[concat('Microsoft.Network/loadBalancers/', variables('lbName'))]", "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]", "[concat('Microsoft.Resources/deployments/', 'deploySQLDB')]", "[concat('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]" ], + "plan": { + "name": "artifactory-vm-private", + "publisher": "jfrog", + "product": "artifactory-vm" + }, "sku": { "name": "[parameters('vmSku')]", "tier": "Standard", - "capacity": "[1]" + "capacity": "1" }, "properties": { "singlePlacementGroup": true, + "overprovision": "false", "upgradePolicy": { "mode": "Manual" }, @@ -707,12 +770,12 @@ "computerNamePrefix": "[variables('namingInfix')]", "adminUsername": "[parameters('adminUsername')]", "adminPassword": "[parameters('adminPassword')]", - "customData": "[base64(concat('#INSTALL SCRIPT INPUTS\nCERTIFICATE_KEY=',parameters('certificateKey'),'\nCERTIFICATE=', parameters('certificate'),'\nCERTIFICATE_DOMAIN=',parameters('certificateDomain'),'\nARTIFACTORY_SERVER_NAME=',parameters('artifactoryServerName'),'\nEXTRA_JAVA_OPTS=',parameters('extraJavaOptions'),'\nJDBC_STR=',reference('Microsoft.Resources/deployments/deploySQLDB').outputs.jdbcConnString.value,'\nDB_NAME=',variables('DB_Name'),'\nDB_ADMIN_USER=',variables('DB_Admin_User'),'\nDB_ADMIN_PASSWD=',variables('DB_Admin_Password'),'\nSTO_ACT_NAME=',variables('storageAccountName'),'\nSTO_CTR_NAME=',variables('vmStorageAccountContainerName'),'\nSTO_ACT_KEY=',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), variables('apiVersion')).key1,'\nARTIFACTORY_VERSION=',variables('artifactoryVersion'),'\nMASTER_KEY=',variables('masterKey'),'\nIS_PRIMARY=','true','\nLICENSE1=',variables('artifactoryLicense1'),'\nLICENSE2=',variables('artifactoryLicense2'),'\nLICENSE3=',variables('artifactoryLicense3'),'\nLICENSE4=',variables('artifactoryLicense4'),'\nLICENSE5=',variables('artifactoryLicense5'),'\n'))]" + "customData": "[base64(concat('#INSTALL SCRIPT INPUTS\nARTIFACTORY_VERSION=', parameters('artifactoryVersion'),'\nCERTIFICATE_KEY=',parameters('certificateKey'),'\nCERTIFICATE=', parameters('certificate'),'\nCERTIFICATE_DOMAIN=',parameters('certificateDomain'),'\nARTIFACTORY_SERVER_NAME=',parameters('artifactoryServerName'),'\nEXTRA_JAVA_OPTS=',parameters('extraJavaOptions'),'\nJDBC_STR=',reference('Microsoft.Resources/deployments/deploySQLDB').outputs.jdbcConnString.value,'\nDB_NAME=',variables('DB_Name'),'\nDB_ADMIN_USER=',variables('DB_Admin_User'),'\nDB_ADMIN_PASSWD=',variables('DB_Admin_Password'),'\nSTO_ACT_NAME=',variables('storageAccountName'),'\nSTO_ACT_ENDPOINT=',reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))).primaryEndpoints.blob,'\nSTO_CTR_NAME=',variables('vmStorageAccountContainerName'),'\nSTO_ACT_KEY=',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2018-07-01').keys[0].value,'\nMASTER_KEY=',variables('masterKey'),'\nJOIN_KEY=',variables('joinKey'),'\nIS_PRIMARY=','true','\nLICENSE1=',variables('artifactoryLicense1'),'\nLICENSE2=',variables('artifactoryLicense2'),'\nLICENSE3=',variables('artifactoryLicense3'),'\nLICENSE4=',variables('artifactoryLicense4'),'\nLICENSE5=',variables('artifactoryLicense5'),'\n'))]" }, "networkProfile": { "networkInterfaceConfigurations": [ { - "name": "[variables('nicName')]", + "name": "[variables('nicPrimaryName')]", "properties": { "primary": true, "ipConfigurations": [ @@ -720,16 +783,16 @@ "name": "[concat(variables('ipConfigName'),'1')]", "properties": { "subnet": { - "id": "[concat(resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName')), '/subnets/', variables('subnetName'))]" + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetPrimaryName'))]" }, "loadBalancerBackendAddressPools": [ { - "id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', variables('lbName'), '/backendAddressPools/', variables('bePoolName'))]" + "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', variables('lbName'), variables('bePoolPrimaryName'))]" } ], "loadBalancerInboundNatPools": [ { - "id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', variables('lbName'), '/inboundNatPools/', variables('natPoolName'))]" + "id": "[resourceId('Microsoft.Network/loadBalancers/inboundNatPools', variables('lbName'), variables('natPoolPrimaryName'))]" } ] } @@ -750,11 +813,13 @@ "autoUpgradeMinorVersion": false, "settings": { "fileUris": [ - "[concat(parameters('_artifactsLocation'), 'scripts/','install_artifactory.sh')]" + "[uri(parameters('_artifactsLocation'), concat('scripts/install_artifactory.sh', parameters('_artifactsLocationSasToken')))]", + "[uri(parameters('_artifactsLocation'), concat('scripts/install_artifactory7.sh', parameters('_artifactsLocationSasToken')))]", + "[uri(parameters('_artifactsLocation'), concat('scripts/version_selector.sh', parameters('_artifactsLocationSasToken')))]" ] }, "protectedSettings": { - "commandToExecute": "sh install_artifactory.sh" + "commandToExecute": "bash version_selector.sh && ls -al && pwd >> /var/lib/cloud/instance/user-data.txt" } } } @@ -765,16 +830,21 @@ }, { "type": "Microsoft.Compute/virtualMachineScaleSets", - "name": "[concat(variables('scaleSetName'),'2')]", - "location": "[resourceGroup().location]", - "apiVersion": "2017-03-30", + "name": "[variables('scaleSetMemberName')]", + "location": "[parameters('location')]", + "apiVersion": "2018-10-01", "dependsOn": [ "[concat('Microsoft.Network/loadBalancers/', variables('lbName'))]", "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]", - "[concat('Microsoft.Compute/virtualMachineScaleSets/', variables('scaleSetName'))]", + "[concat('Microsoft.Compute/virtualMachineScaleSets/', variables('scaleSetPrimaryName'))]", "[concat('Microsoft.Resources/deployments/', 'deploySQLDB')]", "[concat('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]" ], + "plan": { + "name": "artifactory-vm-private", + "publisher": "jfrog", + "product": "artifactory-vm" + }, "sku": { "name": "[parameters('vmSku')]", "tier": "Standard", @@ -782,6 +852,7 @@ }, "properties": { "singlePlacementGroup": true, + "overprovision": "false", "upgradePolicy": { "mode": "Manual" }, @@ -798,12 +869,12 @@ "computerNamePrefix": "[variables('namingInfix')]", "adminUsername": "[parameters('adminUsername')]", "adminPassword": "[parameters('adminPassword')]", - "customData": "[base64(concat('#INSTALL SCRIPT INPUTS\nCERTIFICATE_KEY=',parameters('certificateKey'),'\nCERTIFICATE=', parameters('certificate'),'\nCERTIFICATE_DOMAIN=',parameters('certificateDomain'),'\nARTIFACTORY_SERVER_NAME=',parameters('artifactoryServerName'),'\nEXTRA_JAVA_OPTS=',parameters('extraJavaOptions'),'\nJDBC_STR=',reference('Microsoft.Resources/deployments/deploySQLDB').outputs.jdbcConnString.value,'\nDB_NAME=',variables('DB_Name'),'\nDB_ADMIN_USER=',variables('DB_Admin_User'),'\nDB_ADMIN_PASSWD=',variables('DB_Admin_Password'),'\nSTO_ACT_NAME=',variables('storageAccountName'),'\nSTO_CTR_NAME=',variables('vmStorageAccountContainerName'),'\nSTO_ACT_KEY=',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), variables('apiVersion')).key1,'\nARTIFACTORY_VERSION=',variables('artifactoryVersion'),'\nMASTER_KEY=',variables('masterKey'),'\nIS_PRIMARY=','false','\nLICENSE1=',variables('artifactoryLicense1'),'\nLICENSE2=',variables('artifactoryLicense2'),'\nLICENSE3=',variables('artifactoryLicense3'),'\nLICENSE4=',variables('artifactoryLicense4'),'\nLICENSE5=',variables('artifactoryLicense5'),'\n'))]" + "customData": "[base64(concat('#INSTALL SCRIPT INPUTS\nARTIFACTORY_VERSION=', parameters('artifactoryVersion'),'\nCERTIFICATE_KEY=',parameters('certificateKey'),'\nCERTIFICATE=', parameters('certificate'),'\nCERTIFICATE_DOMAIN=',parameters('certificateDomain'),'\nARTIFACTORY_SERVER_NAME=',parameters('artifactoryServerName'),'\nEXTRA_JAVA_OPTS=',parameters('extraJavaOptions'),'\nJDBC_STR=',reference('Microsoft.Resources/deployments/deploySQLDB').outputs.jdbcConnString.value,'\nDB_NAME=',variables('DB_Name'),'\nDB_ADMIN_USER=',variables('DB_Admin_User'),'\nDB_ADMIN_PASSWD=',variables('DB_Admin_Password'),'\nSTO_ACT_NAME=',variables('storageAccountName'),'\nSTO_ACT_ENDPOINT=',reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))).primaryEndpoints.blob,'\nSTO_CTR_NAME=',variables('vmStorageAccountContainerName'),'\nSTO_ACT_KEY=',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2018-07-01').keys[0].value,'\nMASTER_KEY=',variables('masterKey'),'\nJOIN_KEY=',variables('joinKey'),'\nIS_PRIMARY=','false','\nLICENSE1=',variables('artifactoryLicense1'),'\nLICENSE2=',variables('artifactoryLicense2'),'\nLICENSE3=',variables('artifactoryLicense3'),'\nLICENSE4=',variables('artifactoryLicense4'),'\nLICENSE5=',variables('artifactoryLicense5'),'\n'))]" }, "networkProfile": { "networkInterfaceConfigurations": [ { - "name": "[concat(variables('nicName'),'2')]", + "name": "[variables('nicMemberName')]", "properties": { "primary": true, "ipConfigurations": [ @@ -811,16 +882,16 @@ "name": "[concat(variables('ipConfigName'),'1')]", "properties": { "subnet": { - "id": "[concat(resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName')), '/subnets/', variables('subnetName'))]" + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetMemberName'))]" }, "loadBalancerBackendAddressPools": [ { - "id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', variables('lbName'), '/backendAddressPools/', variables('bePoolName'),'2')]" + "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', variables('lbName'), variables('bePoolMemberName'))]" } ], "loadBalancerInboundNatPools": [ { - "id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', variables('lbName'), '/inboundNatPools/', variables('natPoolName'),'2')]" + "id": "[resourceId('Microsoft.Network/loadBalancers/inboundNatPools', variables('lbName'), variables('natPoolMemberName'))]" } ] } @@ -841,11 +912,13 @@ "autoUpgradeMinorVersion": false, "settings": { "fileUris": [ - "[concat(parameters('_artifactsLocation'), 'scripts/','install_artifactory.sh')]" + "[uri(parameters('_artifactsLocation'), concat('scripts/install_artifactory.sh', parameters('_artifactsLocationSasToken')))]", + "[uri(parameters('_artifactsLocation'), concat('scripts/install_artifactory7.sh', parameters('_artifactsLocationSasToken')))]", + "[uri(parameters('_artifactsLocation'), concat('scripts/version_selector.sh', parameters('_artifactsLocationSasToken')))]" ] }, "protectedSettings": { - "commandToExecute": "sh install_artifactory.sh" + "commandToExecute": "bash version_selector.sh && ls -al && pwd >> /var/lib/cloud/instance/user-data.txt" } } } @@ -857,8 +930,8 @@ ], "outputs": { "fqdn": { - "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses',concat(variables('pipName'),'2')),'2016-03-30').dnsSettings.fqdn]", + "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses',variables('pipMemberName')),'2018-07-01').dnsSettings.fqdn]", "type": "string" } } -} +} \ No newline at end of file diff --git a/AzureResourceManager/azuredeploy.parameters.json b/AzureResourceManager/azuredeploy.parameters.json index b91b54e..e5c9929 100644 --- a/AzureResourceManager/azuredeploy.parameters.json +++ b/AzureResourceManager/azuredeploy.parameters.json @@ -2,29 +2,38 @@ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", "contentVersion": "1.0.0.0", "parameters": { - "vmSku": { - "value": "Standard_A4" - }, "clusterName": { "value": "GEN-UNIQUE" }, - "nodeCount": { - "value": 1 - }, "adminUsername": { - "value": "ubuntu" + "value": "GEN-UNIQUE" }, "adminPassword": { "value": "GEN-PASSWORD" }, - "artifactoryVersion": { - "value": "6.2.0" + "DB_Admin_User": { + "value": "GEN-UNIQUE" + }, + "DB_Admin_Password": { + "value": "GEN-PASSWORD" + }, + "DB_Name": { + "value": "GEN-UNIQUE" }, "masterKey": { "value": "35767fa0164bac66b6cccb8880babefb" }, + "joinKey": { + "value": "3143bf2aa4db9c00077e0443c84d252e" + }, "artifactoryLicense1": { "value": "GEN-UNIQUE" + }, + "artifactoryLicense2": { + "value": "GEN-UNIQUE" + }, + "artifactoryLicense3": { + "value": "GEN-UNIQUE" } } -} +} \ No newline at end of file diff --git a/AzureResourceManager/metadata.json b/AzureResourceManager/metadata.json deleted file mode 100644 index 0f4d967..0000000 --- a/AzureResourceManager/metadata.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "itemDisplayName": "Artifactory Enterprise Setup", - "description": "This template helps you setup a Artifactory Enterprise environment.", - "summary": "This template has setup Artifactory Enterprise cluster, MSSQL server to store metadata and Azure Blob storage container for storage.", - "githubUsername": "jainishshah17", - "dateUpdated": "2017-10-02" -} \ No newline at end of file diff --git a/AzureResourceManager/scripts/install_artifactory.sh b/AzureResourceManager/scripts/install_artifactory.sh index 2ed2f3d..12238a9 100644 --- a/AzureResourceManager/scripts/install_artifactory.sh +++ b/AzureResourceManager/scripts/install_artifactory.sh @@ -19,32 +19,10 @@ UBUNTU_CODENAME=$(cat /etc/lsb-release | grep "^DISTRIB_CODENAME=" | sed "s/DIST export DEBIAN_FRONTEND=noninteractive -# install the wget and curl -apt-get update -apt-get -y install wget curl>> /tmp/install-curl.log 2>&1 - -# install Java 8 -add-apt-repository -y ppa:webupd8team/java -apt-get update -echo "oracle-java8-installer shared/accepted-oracle-license-v1-1 select true" | debconf-set-selections -apt-get install -y oracle-java8-installer>> /tmp/install-java8.log 2>&1 - #Generate Self-Signed Cert mkdir -p /etc/pki/tls/private/ /etc/pki/tls/certs/ openssl req -nodes -x509 -newkey rsa:4096 -keyout /etc/pki/tls/private/example.key -out /etc/pki/tls/certs/example.pem -days 356 -subj "/C=US/ST=California/L=SantaClara/O=IT/CN=*.localhost" -# install the MySQL stack -echo "deb https://jfrog.bintray.com/artifactory-pro-debs ${UBUNTU_CODENAME} main" | tee -a /etc/apt/sources.list -curl https://bintray.com/user/downloadSubjectPublicKey?username=jfrog | apt-key add - -apt-get update -apt-get -y install nginx>> /tmp/install-nginx.log 2>&1 -apt-get -y install jfrog-artifactory-pro=${ARTIFACTORY_VERSION} >> /tmp/install-artifactory.log 2>&1 - -#Install database drivers -curl -L -o /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.38.jar https://bintray.com/artifact/download/bintray/jcenter/mysql/mysql-connector-java/5.1.38/mysql-connector-java-5.1.38.jar -curl -L -o /opt/jfrog/artifactory/tomcat/lib/mssql-jdbc-6.2.1.jre8.jar https://bintray.com/artifact/download/bintray/jcenter/com/microsoft/sqlserver/mssql-jdbc/6.2.1.jre8/mssql-jdbc-6.2.1.jre8.jar -curl -L -o /opt/jfrog/artifactory/tomcat/lib/postgresql-9.4.1212.jar https://jdbc.postgresql.org/download/postgresql-9.4.1212.jar - CERTIFICATE_DOMAIN=$(cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE_DOMAIN=" | sed "s/CERTIFICATE_DOMAIN=//") [ -z "$CERTIFICATE_DOMAIN" ] && CERTIFICATE_DOMAIN=artifactory @@ -209,19 +187,6 @@ cat </var/opt/jfrog/artifactory/etc/binarystore.xml EOF -# callhome metadata - -mkdir -p /var/opt/jfrog/artifactory/etc/info -cat </var/opt/jfrog/artifactory/etc/info/installer-info.json -{ - "productId": "JFrogInstaller_ARM/1.0.0", - "features": [ - { - "featureId": "SQLServer" - } - ] -} -EOF HOSTNAME=$(hostname -i) sed -i -e "s/art1/art-$(date +%s$RANDOM)/" /var/opt/jfrog/artifactory/etc/ha-node.properties @@ -236,7 +201,6 @@ cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE_KEY=" | sed "s/CE cat /tmp/temp.key | sed 's/KEY----- /&\n/' | sed 's/ -----END/\n-----END/' | awk '{if($0 ~ /----/) {print;} else { gsub(/ /,"\n");print;}}' > /etc/pki/tls/private/cert.key rm /tmp/temp.key -echo "artifactory.ping.allowUnauthenticated=true" >> /var/opt/jfrog/artifactory/etc/artifactory.system.properties EXTRA_JAVA_OPTS=$(cat /var/lib/cloud/instance/user-data.txt | grep "^EXTRA_JAVA_OPTS=" | sed "s/EXTRA_JAVA_OPTS=//") [ -z "$EXTRA_JAVA_OPTS" ] && EXTRA_JAVA_OPTS='-server -Xms2g -Xmx6g -Xss256k -XX:+UseG1GC -XX:OnOutOfMemoryError="kill -9 %p"' echo "export JAVA_OPTIONS=\"${EXTRA_JAVA_OPTS}\"" >> /var/opt/jfrog/artifactory/etc/default diff --git a/AzureResourceManager/scripts/install_artifactory7.sh b/AzureResourceManager/scripts/install_artifactory7.sh new file mode 100644 index 0000000..00d1dc2 --- /dev/null +++ b/AzureResourceManager/scripts/install_artifactory7.sh @@ -0,0 +1,199 @@ +#!/bin/bash +DB_URL=$(cat /var/lib/cloud/instance/user-data.txt | grep "^JDBC_STR" | sed "s/JDBC_STR=//") +DB_NAME=$(cat /var/lib/cloud/instance/user-data.txt | grep "^DB_NAME=" | sed "s/DB_NAME=//") +DB_USER=$(cat /var/lib/cloud/instance/user-data.txt | grep "^DB_ADMIN_USER=" | sed "s/DB_ADMIN_USER=//") +DB_PASSWORD=$(cat /var/lib/cloud/instance/user-data.txt | grep "^DB_ADMIN_PASSWD=" | sed "s/DB_ADMIN_PASSWD=//") +STORAGE_ACCT=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_ACT_NAME=" | sed "s/STO_ACT_NAME=//") +STORAGE_CONTAINER=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_CTR_NAME=" | sed "s/STO_CTR_NAME=//") +STORAGE_ACCT_KEY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_ACT_KEY=" | sed "s/STO_ACT_KEY=//") +ARTIFACTORY_VERSION=$(cat /var/lib/cloud/instance/user-data.txt | grep "^ARTIFACTORY_VERSION=" | sed "s/ARTIFACTORY_VERSION=//") +MASTER_KEY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^MASTER_KEY=" | sed "s/MASTER_KEY=//") +IS_PRIMARY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^IS_PRIMARY=" | sed "s/IS_PRIMARY=//") +ARTIFACTORY_LICENSE_1=$(cat /var/lib/cloud/instance/user-data.txt | grep "^LICENSE1=" | sed "s/LICENSE1=//") +ARTIFACTORY_LICENSE_2=$(cat /var/lib/cloud/instance/user-data.txt | grep "^LICENSE2=" | sed "s/LICENSE2=//") +ARTIFACTORY_LICENSE_3=$(cat /var/lib/cloud/instance/user-data.txt | grep "^LICENSE3=" | sed "s/LICENSE3=//") +ARTIFACTORY_LICENSE_4=$(cat /var/lib/cloud/instance/user-data.txt | grep "^LICENSE4=" | sed "s/LICENSE4=//") +ARTIFACTORY_LICENSE_5=$(cat /var/lib/cloud/instance/user-data.txt | grep "^LICENSE5=" | sed "s/LICENSE5=//") +export DEBIAN_FRONTEND=noninteractive + +#Generate Self-Signed Cert +mkdir -p /etc/pki/tls/private/ /etc/pki/tls/certs/ +openssl req -nodes -x509 -newkey rsa:4096 -keyout /etc/pki/tls/private/example.key -out /etc/pki/tls/certs/example.pem -days 356 -subj "/C=US/ST=California/L=SantaClara/O=IT/CN=*.localhost" + +CERTIFICATE_DOMAIN=$(cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE_DOMAIN=" | sed "s/CERTIFICATE_DOMAIN=//") +[ -z "$CERTIFICATE_DOMAIN" ] && CERTIFICATE_DOMAIN=artifactory + +ARTIFACTORY_SERVER_NAME=$(cat /var/lib/cloud/instance/user-data.txt | grep "^ARTIFACTORY_SERVER_NAME=" | sed "s/ARTIFACTORY_SERVER_NAME=//") +[ -z "$ARTIFACTORY_SERVER_NAME" ] && ARTIFACTORY_SERVER_NAME=artifactory + +#Configuring nginx +rm /etc/nginx/sites-enabled/default + +cat </etc/nginx/nginx.conf + #user nobody; + worker_processes 1; + error_log /var/log/nginx/error.log info; + #pid logs/nginx.pid; + events { + worker_connections 1024; + } + + http { + include mime.types; + variables_hash_max_size 1024; + variables_hash_bucket_size 64; + server_names_hash_max_size 4096; + server_names_hash_bucket_size 128; + types_hash_max_size 2048; + types_hash_bucket_size 64; + proxy_read_timeout 2400s; + client_header_timeout 2400s; + client_body_timeout 2400s; + proxy_connect_timeout 75s; + proxy_send_timeout 2400s; + proxy_buffer_size 32k; + proxy_buffers 40 32k; + proxy_busy_buffers_size 64k; + proxy_temp_file_write_size 250m; + proxy_http_version 1.1; + client_body_buffer_size 128k; + + include /etc/nginx/conf.d/*.conf; + default_type application/octet-stream; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + access_log /var/log/nginx/access.log main; + sendfile on; + #tcp_nopush on; + #keepalive_timeout 0; + keepalive_timeout 65; + } +EOF + +cat </etc/nginx/conf.d/artifactory.conf +ssl_protocols TLSv1 TLSv1.1 TLSv1.2; +ssl_certificate /etc/pki/tls/certs/cert.pem; +ssl_certificate_key /etc/pki/tls/private/cert.key; +ssl_session_cache shared:SSL:1m; +ssl_prefer_server_ciphers on; +## server configuration +server { + listen 443 ssl; + listen 80 ; + server_name ~(?.+)\\.${CERTIFICATE_DOMAIN} artifactory ${ARTIFACTORY_SERVER_NAME}.${CERTIFICATE_DOMAIN}; + if (\$http_x_forwarded_proto = '') { + set \$http_x_forwarded_proto \$scheme; + } + ## Application specific logs + ## access_log /var/log/nginx/artifactory-access.log timing; + ## error_log /var/log/nginx/artifactory-error.log; + rewrite ^/$ /ui/ redirect; + rewrite ^/ui$ /ui/ redirect; + chunked_transfer_encoding on; + client_max_body_size 0; + location / { + proxy_read_timeout 2400; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + proxy_pass http://127.0.0.1:8082; + proxy_next_upstream error timeout non_idempotent; + proxy_next_upstream_tries 1; + proxy_set_header X-JFrog-Override-Base-Url \$http_x_forwarded_proto://\$host:\$server_port; + proxy_set_header X-Forwarded-Port \$server_port; + proxy_set_header X-Forwarded-Proto \$http_x_forwarded_proto; + proxy_set_header Host \$http_host; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + + location ~ ^/artifactory/ { + proxy_pass http://127.0.0.1:8081; + } + } +} +EOF + + +mkdir -p /opt/jfrog/artifactory/var/etc/artifactory/ +cat </opt/jfrog/artifactory/var/etc/artifactory/artifactory.cluster.license +${ARTIFACTORY_LICENSE_1} + +${ARTIFACTORY_LICENSE_2} + +${ARTIFACTORY_LICENSE_3} + +${ARTIFACTORY_LICENSE_4} + +${ARTIFACTORY_LICENSE_5} +EOF + +HOSTNAME=$(ip route get 8.8.8.8 | awk '{print $NF; exit}') + +if [ "${IS_PRIMARY}" = "true" ]; then + NODE_NAME=art-primary +else + NODE_NAME=art-$(date +%s$RANDOM) +fi + +# Java options +EXTRA_JAVA_OPTS=$(cat /var/lib/cloud/instance/user-data.txt | grep "^EXTRA_JAVA_OPTS=" | sed "s/EXTRA_JAVA_OPTS=//") +sed -i -e "s/#extraJavaOpts: \"-Xms512m -Xmx2g\"/extraJavaOpts: ${EXTRA_JAVA_OPTS}/" /var/opt/jfrog/artifactory/etc/system.yaml + +# Node settings +HOSTNAME=$(hostname -i) +sed -i -e "s/#id: \"art1\"/id: \"${NODE_NAME}\"/" /var/opt/jfrog/artifactory/etc/system.yaml +sed -i -e "s/#ip:/ip: ${HOSTNAME}/" /var/opt/jfrog/artifactory/etc/system.yaml +sed -i -e "s/#primary: true/primary: ${IS_PRIMARY}/" /var/opt/jfrog/artifactory/etc/system.yaml +sed -i -e "s/#haEnabled:/haEnabled:/" /var/opt/jfrog/artifactory/etc/system.yaml + +# Set MS SQL configuration +cat <>/var/opt/jfrog/artifactory/etc/system.yaml + ## One of: mysql, oracle, mssql, postgresql, mariadb + ## Default: Embedded derby + ## Example for mysql + type: mssql + driver: com.microsoft.sqlserver.jdbc.SQLServerDriver + url: ${DB_URL};databaseName=${DB_NAME};sendStringParametersAsUnicode=false;applicationName=Artifactory Binary Repository + username: ${DB_USER} + password: ${DB_PASSWORD} + +EOF + +# Create master.key on each node +mkdir -p /opt/jfrog/artifactory/var/etc/security/ +cat </opt/jfrog/artifactory/var/etc/security/master.key +${MASTER_KEY} +EOF + +# Azure Blob Storage configuration +# https://www.jfrog.com/confluence/display/JFROG/Configuring+the+Filestore#ConfiguringtheFilestore-AzureBlobStorageClusterBinaryProvider +mkdir -p /var/opt/jfrog/artifactory/etc/artifactory/ +cat </var/opt/jfrog/artifactory/etc/artifactory/binarystore.xml + + + + ${STORAGE_ACCT} + ${STORAGE_ACCT_KEY} + https://${STORAGE_ACCT}.blob.core.windows.net/ + ${STORAGE_CONTAINER} + + +EOF + + +cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE=" | sed "s/CERTIFICATE=//" > /tmp/temp.pem +cat /tmp/temp.pem | sed 's/CERTIFICATE----- /&\n/g' | sed 's/ -----END/\n-----END/g' | awk '{if($0 ~ /----/) {print;} else { gsub(/ /,"\n");print;}}' > /etc/pki/tls/certs/cert.pem +rm /tmp/temp.pem + +cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE_KEY=" | sed "s/CERTIFICATE_KEY=//" > /tmp/temp.key +cat /tmp/temp.key | sed 's/KEY----- /&\n/' | sed 's/ -----END/\n-----END/' | awk '{if($0 ~ /----/) {print;} else { gsub(/ /,"\n");print;}}' > /etc/pki/tls/private/cert.key +rm /tmp/temp.key + +chown artifactory:artifactory -R /var/opt/jfrog/artifactory/* && chown artifactory:artifactory -R /var/opt/jfrog/artifactory/etc/security && chown artifactory:artifactory -R /var/opt/jfrog/artifactory/etc/* + +# start Artifactory +sleep 120 +systemctl start artifactory +systemctl start nginx +nginx -s reload +echo "INFO: Artifactory HA installation completed." +echo "" diff --git a/AzureResourceManager/scripts/version_selector.sh b/AzureResourceManager/scripts/version_selector.sh new file mode 100644 index 0000000..13526b2 --- /dev/null +++ b/AzureResourceManager/scripts/version_selector.sh @@ -0,0 +1,13 @@ +#!/bin/bash +ARTIFACTORY_VERSION=$(cat /var/lib/cloud/instance/user-data.txt | grep "^ARTIFACTORY_VERSION=" | sed "s/ARTIFACTORY_VERSION=//") +IFS=$'\t' +SUPPORTED_VERSIONS=("6.8.0\t6.11.3\t6.15.0\t0.16.0\t0.17.0\t6.18.0") +unset IFS + +if [[ "\t${SUPPORTED_VERSIONS[@]}\t" =~ "\t${ARTIFACTORY_VERSION}\t" ]]; then + sh install_artifactory.sh + echo "\ninstall_artifactory.sh was selected" >> user-data.txt +else + sh install_artifactory7.sh + echo "\ninstall_artifactory7.sh was selected" >> user-data.txt +fi \ No newline at end of file diff --git a/JFrog-Cloud-Installers.iml b/JFrog-Cloud-Installers.iml new file mode 100644 index 0000000..bbd4172 --- /dev/null +++ b/JFrog-Cloud-Installers.iml @@ -0,0 +1,11 @@ + + + + + + + + + + + \ No newline at end of file diff --git a/JFrogContainerRegistry/AzureResourceManager/MP_submission_6/createUiDefinition.json b/JFrogContainerRegistry/AzureResourceManager/MP_submission_6/createUiDefinition.json new file mode 100644 index 0000000..a0b103d --- /dev/null +++ b/JFrogContainerRegistry/AzureResourceManager/MP_submission_6/createUiDefinition.json @@ -0,0 +1,332 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#", + "handler": "Microsoft.Azure.CreateUIDef", + "version": "0.1.2-preview", + "parameters": { + "basics": [ + {} + ], + "steps": [ + { + "name": "vmCredentials", + "label": "VM Credential", + "bladeTitle": "VM Credential", + "subLabel": { + "preValidation": "Provide VM credentials", + "postValidation": "Great - let's move on!" + }, + "elements": [ + { + "name": "adminUsername", + "type": "Microsoft.Compute.UserNameTextBox", + "label": "Admin username", + "osPlatform": "Linux", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z]{1,30}$", + "validationMessage": "Only alphanumeric characters are allowed, and the value must be 1-30 characters long." + }, + "toolTip": "Provide admin username for the virtual machine" + }, + { + "name": "adminPassword", + "type": "Microsoft.Compute.CredentialsCombo", + "label": { + "password": "Password", + "confirmPassword": "Confirm password" + }, + "osPlatform": "Linux", + "constraints": { + "required": true, + "customPasswordRegex": "^(?=.*[A-Za-z])(?=.*\\d)(?=.*[@$!%*#?&])[A-Za-z\\d@$!%*#?&]{12,}$", + "customValidationMessage": "The password must contain at least 12 characters, with at least 1 uppercase letter, 1 lowercase letter and 1 number." + }, + "options": { + "hideConfirmation": false + }, + "toolTip": { + "password": "Provide admin password for the virtual machine" + }, + "visible": true + } + ] + }, + { + "name": "clusterConfig", + "label": "JFrog Container Registry Cluster settings", + "subLabel": { + "preValidation": "Configure JFrog Container Registry Cluster settings", + "postValidation": "Done!" + }, + "bladeTitle": "JFrog Container Registry Cluster Settings", + "elements": [ + { + "name": "clusterName", + "type": "Microsoft.Common.TextBox", + "label": "Cluster name", + "toolTip": "Cluster name", + "defaultValue": "", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z]{1,30}$", + "validationMessage": "Only alphanumeric characters are allowed, and the value must be 1-30 characters long." + } + }, + { + "name": "vmSku", + "type": "Microsoft.Compute.SizeSelector", + "label": "Virtual machine size", + "toolTip": "The size of the virtual machine for JFrog Container Registry", + "recommendedSizes": [ + "Standard_A2_v2" + ], + "constraints": { + "allowedSizes": [ + "Standard_A2_v2", + "Standard_A4_v2", + "Standard_A4", + "Standard_D2s_v3", + "Standard_D4s_v3", + "Standard_DS2_v2", + "Standard_DS3_v2", + "Standard_D2_v2", + "Standard_D3_v2", + "Standard_DC2s", + "Standard_DC4s" + ] + }, + "osPlatform": "Linux", + "count": 1 + }, + { + "name": "artifactoryVersion", + "type": "Microsoft.Common.DropDown", + "label": "JFrog Container Registry-vm image version to deploy.", + "defaultValue": "0.16.0", + "toolTip": "Version of JFrog Container Registry to dpeloy", + "constraints": { + "allowedValues": [ + { + "label": "6.16.0", + "value": "0.16.0" + } + ], + "required": true + }, + "visible": true + }, + { + "name": "masterKey", + "type": "Microsoft.Common.PasswordBox", + "label": { + "password": "JFrog Container Registry master Key", + "confirmPassword": "Confirm master Key" + }, + "defaultValue": "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "toolTip": "Master key for JFrog Container Registry cluster. Generate master.key using command '$openssl rand -hex 16'", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z]{1,32}$", + "validationMessage": "Only alphanumeric characters are allowed, and the value must be 1-32 characters long." + }, + "options": { + "hideConfirmation": true + } + }, + { + "name": "certificate", + "type": "Microsoft.Common.PasswordBox", + "label": { + "password": "Provide your SSL Certificate.", + "confirmPassword": "Confirm SSL Certificate." + }, + "toolTip": "To use JFrog Container Registry as docker registry you need to provide wild card valid Certificate. Provide your SSL Certificate.", + "constraints": { + "required": true, + "regex": "^(-----BEGIN CERTIFICATE-----)(.+)(-----END CERTIFICATE-----)$", + "validationMessage": "Provide SSL Certificate." + }, + "options": { + "hideConfirmation": true + } + }, + { + "name": "certificateKey", + "type": "Microsoft.Common.PasswordBox", + "label": { + "password": "Provide your SSL Certificate key.", + "confirmPassword": "Confirm SSL Certificate key." + }, + "toolTip": "Provide your SSL Certificate key", + "constraints": { + "required": true, + "regex": "^(-----BEGIN PRIVATE KEY-----)(.+)(-----END PRIVATE KEY-----)$", + "validationMessage": "Provide SSL Certificate Key." + }, + "options": { + "hideConfirmation": true + } + }, + { + "name": "certificateDomain", + "type": "Microsoft.Common.TextBox", + "label": "Provide your Certificate Domain Name.", + "defaultValue": "artifactory", + "toolTip": "Provide your Certificate Domain Name. For e.g jfrog.team for certificate with *.jfrog.team", + "constraints": { + "required": true, + "regex": "^(\\*)*([\\w-\\.])+$", + "validationMessage": "Must be a valid fully-qualified domain name." + } + }, + { + "name": "artifactoryServerName", + "type": "Microsoft.Common.TextBox", + "label": "Provide JFrog Container Registry server name to be used in Nginx.", + "defaultValue": "artifactory", + "toolTip": "Provide JFrog Container Registry server name to be used in Nginx. e.g artifactory for artifactory.jfrog.team", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z]{1,20}$", + "validationMessage": "Only letters and numbers are allowed, and the value must be 1-20 characters long." + } + }, + { + "name": "extraJavaOptions", + "type": "Microsoft.Common.TextBox", + "label": "Setting Java Memory Parameters for JFrog Container Registry", + "defaultValue": "-server -Xms512m -Xmx2g -Xss256k -XX:+UseG1GC -XX:OnOutOfMemoryError=\\\"kill -9 %p\\\"", + "toolTip": "Setting Java Memory Parameters for JFrog Container Registry. Learn about system requirements for JFrog Container Registry https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware", + "constraints": { + "required": false + } + } + ] + }, + { + "name": "databaseConfig", + "label": "Database Configuration", + "subLabel": { + "preValidation": "Configure the Database", + "postValidation": "Done" + }, + "bladeTitle": "Database Credential", + "elements": [ + { + "name": "dbAdminUsername", + "type": "Microsoft.Compute.UserNameTextBox", + "label": "User name", + "toolTip": "Admin username for the database", + "osPlatform": "Linux", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z]{1,30}$", + "validationMessage": "Only alphanumeric characters are allowed, and the value must be 1-30 characters long." + } + }, + { + "name": "dbAdminPassword", + "type": "Microsoft.Common.PasswordBox", + "label": { + "password": "Password", + "confirmPassword": "Confirm password" + }, + "toolTip": "Admin password for the database", + "constraints": { + "required": true, + "regex": "^(?=.*[A-Za-z])(?=.*\\d)(?=.*[@$!%*#?&])[A-Za-z\\d@$!%*#?&]{12,}$", + "validationMessage": "The password must contain at least 12 characters, with at least 1 uppercase letter, 1 lowercase letter and 1 number." + }, + "options": { + "hideConfirmation": false + }, + "visible": true + }, + { + "name": "dbName", + "type": "Microsoft.Common.TextBox", + "label": "Database name", + "toolTip": "Database name", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z]{1,15}$", + "validationMessage": "Only alphanumeric characters are allowed, and the value must be 1-15 characters long." + } + }, + { + "name": "dbEdition", + "type": "Microsoft.Common.DropDown", + "label": "Database Edition", + "defaultValue": "Basic", + "toolTip": "Edition of Database to use", + "constraints": { + "allowedValues": [ + { + "label": "Basic", + "value": "Basic" + }, + { + "label": "Standard", + "value": "Standard" + }, + { + "label": "Premium", + "value": "Premium" + } + ], + "required": true + }, + "visible": true + } + ] + }, + { + "name": "storageConfig", + "label": "Storage settings", + "subLabel": { + "preValidation": "Configure the infrastructure settings", + "postValidation": "Done" + }, + "bladeTitle": "Storage settings", + "elements": [ + { + "name": "storageAccountsType", + "type": "Microsoft.Common.DropDown", + "label": "Storage account type", + "defaultValue": "Standard_LRS", + "toolTip": "Storage account type", + "constraints": { + "allowedValues": [ + { + "label": "Standard_LRS", + "value": "Standard_LRS" + } + ], + "required": true + }, + "visible": true + } + ] + } + ], + "outputs": { + "clusterName": "[steps('clusterConfig').clusterName]", + "vmSku": "[steps('clusterConfig').vmSku]", + "location": "[location()]", + "artifactoryVersion": "[steps('clusterConfig').artifactoryVersion]", + "masterKey": "[steps('clusterConfig').masterKey]", + "certificate": "[steps('clusterConfig').certificate]", + "certificateKey": "[steps('clusterConfig').certificateKey]", + "certificateDomain": "[steps('clusterConfig').certificateDomain]", + "artifactoryServerName": "[steps('clusterConfig').artifactoryServerName]", + "extraJavaOptions": "[steps('clusterConfig').extraJavaOptions]", + "adminUsername": "[steps('vmCredentials').adminUsername]", + "adminPassword": "[steps('vmCredentials').adminPassword.password]", + "DB_Admin_User": "[steps('databaseConfig').dbAdminUsername]", + "DB_Admin_Password": "[steps('databaseConfig').dbAdminPassword]", + "DB_Name": "[steps('databaseConfig').dbName]", + "DB_Edition": "[steps('databaseConfig').dbEdition]", + "storageAccountType": "[steps('storageConfig').storageAccountsType]" + } + } +} \ No newline at end of file diff --git a/JFrogContainerRegistry/AzureResourceManager/MP_submission_6/mainTemplate.json b/JFrogContainerRegistry/AzureResourceManager/MP_submission_6/mainTemplate.json new file mode 100644 index 0000000..08f765c --- /dev/null +++ b/JFrogContainerRegistry/AzureResourceManager/MP_submission_6/mainTemplate.json @@ -0,0 +1,766 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "vmSku": { + "type": "string", + "defaultValue": "Standard_A4", + "metadata": { + "description": "Size of VMs in the VM Scale Set." + } + }, + "clusterName": { + "type": "string", + "maxLength": 61, + "metadata": { + "description": "String used as a base for naming resources. Must be 3-61 characters in length and globally unique across Azure. A hash is prepended to this string for some resources, and resource-specific information is appended." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Location for the resources." + } + }, + "artifactoryVersion": { + "type": "string", + "defaultValue": "0.16.0", + "allowedValues": [ + "6.6.0", + "6.6.1", + "6.7.0", + "6.8.0", + "0.16.0" + ], + "metadata": { + "description": "JFrog Container Registry-vm image version to deploy." + } + }, + "masterKey": { + "type": "securestring", + "maxLength": 64, + "metadata": { + "description": "Master key for JFrog Container Registry cluster. Generate master.key using command '$openssl rand -hex 16'" + } + }, + "adminUsername": { + "type": "string", + "metadata": { + "description": "Admin username on all VMs. Follow conventions for azure VM admin user name." + } + }, + "adminPassword": { + "type": "securestring", + "metadata": { + "description": "Admin password on all VMs. Follow conventions for azure VM admin password rules." + } + }, + "certificate": { + "type": "securestring", + "metadata": { + "description": "To use Artifactory as docker registry you need to provide wild card valid Certificate. Provide your SSL Certificate." + } + }, + "certificateKey": { + "type": "securestring", + "metadata": { + "description": "Provide your SSL Certificate key" + } + }, + "certificateDomain": { + "type": "string", + "minLength": 1, + "defaultValue": "artifactory", + "metadata": { + "description": "Provide your Certificate Domain Name. For e.g jfrog.team for certificate with *.jfrog.team" + } + }, + "artifactoryServerName": { + "type": "string", + "minLength": 1, + "defaultValue": "artifactory", + "metadata": { + "description": "Provide artifactory server name to be used in Nginx. e.g artifactory for artifactory.jfrog.team" + } + }, + "extraJavaOptions": { + "type": "string", + "minLength": 1, + "defaultValue": "-server -Xms2g -Xmx12g -Xss256k -XX:+UseG1GC -XX:OnOutOfMemoryError=\\\"kill -9 %p\\\"", + "metadata": { + "description": "Setting Java Memory Parameters for Artifactory. Learn about system requirements for Artifactory https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware." + } + }, + "DB_Admin_User": { + "type": "string", + "minLength": 1, + "metadata": { + "description": "Database Admin user name" + } + }, + "DB_Admin_Password": { + "type": "securestring", + "minLength": 1, + "metadata": { + "description": "Database Admin password" + } + }, + "DB_Name": { + "type": "string", + "minLength": 1, + "metadata": { + "description": "Database name" + } + }, + "DB_Edition": { + "type": "string", + "minLength": 1, + "defaultValue": "Basic", + "allowedValues": [ + "Basic", + "Standard", + "Premium" + ], + "metadata": { + "description": "Database Edition" + } + }, + "storageAccountType": { + "type": "string", + "defaultValue": "Standard_LRS", + "allowedValues": [ + "Standard_LRS", + "Standard_GRS", + "Standard_ZRS" + ], + "metadata": { + "description": "Storage Account type" + } + }, + "_artifactsLocation": { + "type": "string", + "metadata": { + "description": "The base URI where artifacts required by this template are located. When the template is deployed using the accompanying scripts, a private location in the subscription will be used and this value will be automatically generated." + }, + "defaultValue": "[deployment().properties.templateLink.uri]" + }, + "_artifactsLocationSasToken": { + "type": "securestring", + "metadata": { + "description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated." + }, + "defaultValue": "" + } + }, + "variables": { + "namingInfix": "[toLower(substring(concat(parameters('clusterName'), uniqueString(resourceGroup().id)), 0, 9))]", + "addressPrefix": "10.0.0.0/16", + "subnetPrimaryPrefix": "10.0.1.0/24", + "subnetMemberPrefix": "10.0.2.0/24", + "virtualNetworkName": "[concat(variables('namingInfix'), 'vnet')]", + "subnetPrimaryName": "[concat(variables('namingInfix'), 'primarySubnet')]", + "subnetMemberName": "[concat(variables('namingInfix'), 'memberSubnet')]", + "scaleSetPrimaryName": "[concat(variables('namingInfix'), 'primaryScaleset')]", + "lbName": "[concat(variables('namingInfix'), 'lb')]", + "bepoolPrimaryName": "[concat(variables('lbName'), 'primaryBepool')]", + "bepoolMemberName": "[concat(variables('lbName'), 'memberBepool')]", + "fepoolPrimaryName": "[concat(variables('lbName'), 'primaryFepool')]", + "fepoolMemberName": "[concat(variables('lbName'), 'memberFepool')]", + "bepoolPrimaryID": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', variables('lbName'), variables('bepoolPrimaryName'))]", + "bepoolMemberID": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', variables('lbName'), variables('bepoolMemberName'))]", + "feIpConfigPrimaryName": "[concat(variables('fepoolPrimaryName'), 'primaryIpConfig')]", + "feIpConfigMemberName": "[concat(variables('fepoolMemberName'), 'memberIpConfig')]", + "feIpConfigPrimaryId": "[resourceId('Microsoft.Network/loadBalancers/frontendIpConfigurations', variables('lbName'), variables('feIpConfigPrimaryName'))]", + "feIpConfigMemberId": "[resourceId('Microsoft.Network/loadBalancers/frontendIpConfigurations', variables('lbName'), variables('feIpConfigMemberName'))]", + "pipPrimaryName": "[concat(variables('namingInfix'), 'primaryPip')]", + "pipMemberName": "[concat(variables('namingInfix'), 'memberPip')]", + "nicPrimaryName": "[concat(variables('namingInfix'), 'primaryNic')]", + "nicMemberName": "[concat(variables('namingInfix'), 'memberNic')]", + "natPoolPrimaryName": "[concat(variables('lbName'), 'primaryNatpool')]", + "natPoolMemberName": "[concat(variables('lbName'), 'memberNatpool')]", + "ipConfigName": "[concat(variables('namingInfix'), 'ipconfig')]", + "httpProbePrimaryName": "primaryHttpProbe", + "httpsProbePrimaryName": "primaryHttpsProbe", + "httpProbeMemberName": "memberHttpProbe", + "httpsProbeMemberName": "memberHttpsProbe", + "storageAccountName": "[concat(variables('namingInfix'), 'storage')]", + "vmStorageAccountContainerName": "filestore", + "azureSqlServerName": "[concat(variables('namingInfix'), 'sqlsrv')]", + "DB_Name": "[parameters('DB_Name')]", + "DB_Admin_User": "[parameters('DB_Admin_User')]", + "DB_Admin_Password": "[parameters('DB_Admin_Password')]", + "DB_Edition": "[parameters('DB_Edition')]", + "DB_Location": "[parameters('location')]", + "masterKey": "[parameters('masterKey')]", + "certificate": "[parameters('certificate')]", + "certificateKey": "[parameters('certificateKey')]", + "certificateDomain": "[parameters('certificateDomain')]", + "artifactoryServerName": "[parameters('artifactoryServerName')]", + "extraJavaOptions": "[parameters('extraJavaOptions')]", + "osType": { + "publisher": "jfrog", + "offer": "jfrogcontainerregistry-vm", + "sku": "artifactory-jcr", + "version": "[parameters('artifactoryVersion')]" + }, + "imageReference": "[variables('osType')]", + "dbTemplate": "azureDBDeploy.json", + "dbTemplateLocation": "[uri(parameters('_artifactsLocation'), concat('nested/', variables('dbTemplate'), parameters('_artifactsLocationSasToken')))]", + "nsgName": "[concat(variables('namingInfix'), 'nsg')]" + }, + "resources": [ + { + "apiVersion": "2019-05-01", + "name": "pid-04c1c376-5d4b-4771-9a7f-054f5910dcef", + "type": "Microsoft.Resources/deployments", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/networkSecurityGroups", + "location": "[parameters('location')]", + "name": "[variables('nsgName')]", + "apiVersion": "2018-07-01", + "properties": { + "securityRules": [ + { + "name": "ssh-rule", + "properties": { + "description": "Allow SSH", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRange": "22", + "sourceAddressPrefix": "Internet", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 100, + "direction": "Inbound" + } + }, + { + "name": "http-artifactory-rule", + "properties": { + "description": "Allow HTTP", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRange": "8081", + "sourceAddressPrefix": "Internet", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 101, + "direction": "Inbound" + } + }, + { + "name": "http-nginx-rule", + "properties": { + "description": "Allow HTTP", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRange": "80", + "sourceAddressPrefix": "Internet", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 102, + "direction": "Inbound" + } + }, + { + "name": "https-nginx-rule", + "properties": { + "description": "Allow HTTP", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRange": "443", + "sourceAddressPrefix": "Internet", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 103, + "direction": "Inbound" + } + }, + { + "name": "membership-rule", + "properties": { + "description": "Allow HTTP", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRange": "10001", + "sourceAddressPrefix": "Internet", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 105, + "direction": "Inbound" + } + } + ] + } + }, + { + "type": "Microsoft.Network/virtualNetworks", + "name": "[variables('virtualNetworkName')]", + "location": "[parameters('location')]", + "apiVersion": "2018-07-01", + "dependsOn": [ + "[concat('Microsoft.Network/networkSecurityGroups/', variables('nsgName'))]" + ], + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[variables('addressPrefix')]" + ] + }, + "subnets": [ + { + "name": "[variables('subnetPrimaryName')]", + "properties": { + "addressPrefix": "[variables('subnetPrimaryPrefix')]", + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]" + } + } + }, + { + "name": "[variables('subnetMemberName')]", + "properties": { + "addressPrefix": "[variables('subnetMemberPrefix')]", + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]" + } + } + } + ] + } + }, + { + "apiVersion": "2018-07-01", + "type": "Microsoft.Network/networkInterfaces", + "name": "[variables('nicPrimaryName')]", + "location": "[parameters('location')]", + "dependsOn": [ + "[concat('Microsoft.Network/publicIPAddresses/', variables('pipPrimaryName'))]", + "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]", + "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]" + ], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "privateIPAllocationMethod": "Dynamic", + "subnet": { + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetPrimaryName'))]" + } + } + } + ], + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]" + } + } + }, + { + "apiVersion": "2018-07-01", + "type": "Microsoft.Network/networkInterfaces", + "name": "[variables('nicMemberName')]", + "location": "[parameters('location')]", + "dependsOn": [ + "[concat('Microsoft.Network/publicIPAddresses/', variables('pipMemberName'))]", + "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]", + "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]" + ], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "privateIPAllocationMethod": "Dynamic", + "subnet": { + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetMemberName'))]" + } + } + } + ], + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]" + } + } + }, + { + "type": "Microsoft.Network/publicIPAddresses", + "name": "[variables('pipPrimaryName')]", + "location": "[parameters('location')]", + "sku": { + "name": "Standard" + }, + "apiVersion": "2018-07-01", + "properties": { + "publicIPAllocationMethod": "Static", + "dnsSettings": { + "domainNameLabel": "[variables('namingInfix')]" + } + } + }, + { + "type": "Microsoft.Network/publicIPAddresses", + "name": "[variables('pipMemberName')]", + "location": "[parameters('location')]", + "sku": { + "name": "Standard" + }, + "apiVersion": "2018-07-01", + "properties": { + "publicIPAllocationMethod": "Static", + "dnsSettings": { + "domainNameLabel": "[concat(variables('namingInfix'),'2')]" + } + } + }, + { + "type": "Microsoft.Network/loadBalancers", + "name": "[variables('lbName')]", + "location": "[parameters('location')]", + "apiVersion": "2018-07-01", + "sku": { + "name": "Standard" + }, + "dependsOn": [ + "[concat('Microsoft.Network/publicIPAddresses/', variables('pipPrimaryName'))]" + ], + "tags":{ + "displayName": "Load Balancer" + }, + "properties": { + "frontendIPConfigurations": [ + { + "name": "[variables('feIpConfigPrimaryName')]", + "properties": { + "publicIPAddress": { + "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('pipPrimaryName'))]" + } + } + }, + { + "name": "[variables('feIpConfigMemberName')]", + "properties": { + "publicIPAddress": { + "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('pipMemberName'))]" + } + } + } + ], + "backendAddressPools": [ + { + "name": "[variables('bepoolPrimaryName')]" + }, + { + "name": "[variables('bepoolMemberName')]" + } + ], + "inboundNatPools": [ + { + "name": "[variables('natPoolPrimaryName')]", + "properties": { + "frontendIPConfiguration": { + "id": "[variables('feIpConfigPrimaryId')]" + }, + "protocol": "tcp", + "frontendPortRangeStart": 10022, + "frontendPortRangeEnd": 11022, + "backendPort": 22 + } + }, + { + "name": "[variables('natPoolMemberName')]", + "properties": { + "frontendIPConfiguration": { + "id": "[variables('feIpConfigMemberId')]" + }, + "protocol": "tcp", + "frontendPortRangeStart": 20022, + "frontendPortRangeEnd": 21022, + "backendPort": 22 + } + } + ], + "loadBalancingRules": [ + { + "name": "HTTPRulePrimary", + "properties": { + "loadDistribution": "Default", + "frontendIPConfiguration": { + "id": "[variables('feIpConfigPrimaryId')]" + }, + "backendAddressPool": { + "id": "[variables('bepoolPrimaryID')]" + }, + "protocol": "Tcp", + "frontendPort": 80, + "backendPort": 80, + "enableFloatingIP": false, + "idleTimeoutInMinutes": 5, + "probe": { + "id": "[resourceId('Microsoft.Network/loadBalancers/probes', variables('lbName'), variables('httpProbePrimaryName'))]" + } + } + }, + { + "name": "HTTPSRulePrimary", + "properties": { + "loadDistribution": "Default", + "frontendIPConfiguration": { + "id": "[variables('feIpConfigPrimaryId')]" + }, + "backendAddressPool": { + "id": "[variables('bepoolPrimaryID')]" + }, + "protocol": "Tcp", + "frontendPort": 443, + "backendPort": 443, + "enableFloatingIP": false, + "idleTimeoutInMinutes": 5, + "probe": { + "id": "[resourceId('Microsoft.Network/loadBalancers/probes', variables('lbName'), variables('httpsProbePrimaryName'))]" + } + } + }, + { + "name": "HTTPRuleMember", + "properties": { + "loadDistribution": "Default", + "frontendIPConfiguration": { + "id": "[variables('feIpConfigMemberId')]" + }, + "backendAddressPool": { + "id": "[variables('bepoolMemberID')]" + }, + "protocol": "Tcp", + "frontendPort": 80, + "backendPort": 80, + "enableFloatingIP": false, + "idleTimeoutInMinutes": 5, + "probe": { + "id": "[resourceId('Microsoft.Network/loadBalancers/probes', variables('lbName'), variables('httpProbeMemberName'))]" + } + } + }, + { + "name": "HTTPSRuleMember", + "properties": { + "loadDistribution": "Default", + "frontendIPConfiguration": { + "id": "[variables('feIpConfigMemberId')]" + }, + "backendAddressPool": { + "id": "[variables('bepoolMemberID')]" + }, + "protocol": "Tcp", + "frontendPort": 443, + "backendPort": 443, + "enableFloatingIP": false, + "idleTimeoutInMinutes": 5, + "probe": { + "id": "[resourceId('Microsoft.Network/loadBalancers/probes', variables('lbName'), variables('httpsProbeMemberName'))]" + } + } + } + ], + "probes": [ + { + "name": "[variables('httpProbePrimaryName')]", + "properties": { + "protocol": "Http", + "requestPath": "/artifactory/api/system/ping", + "port": 80, + "intervalInSeconds": 60, + "numberOfProbes": 5 + } + }, + { + "name": "[variables('httpsProbePrimaryName')]", + "properties": { + "protocol": "Tcp", + "port": 443, + "intervalInSeconds": 60, + "numberOfProbes": 5 + } + }, + { + "name": "[variables('httpProbeMemberName')]", + "properties": { + "protocol": "Http", + "requestPath": "/artifactory/api/system/ping", + "port": 80, + "intervalInSeconds": 60, + "numberOfProbes": 5 + } + }, + { + "name": "[variables('httpsProbeMemberName')]", + "properties": { + "protocol": "Tcp", + "port": 443, + "intervalInSeconds": 60, + "numberOfProbes": 5 + } + } + ] + } + }, + { + "apiVersion": "2018-07-01", + "type": "Microsoft.Storage/storageAccounts", + "name": "[variables('storageAccountName')]", + "location": "[parameters('location')]", + "sku": { + "name": "[parameters('storageAccountType')]" + }, + "tags":{ + "displayName": "Artifactory Storage Account" + }, + "kind": "Storage", + "properties": {} + }, + { + "type": "Microsoft.Resources/deployments", + "name": "deploySQLDB", + "apiVersion": "2018-07-01", + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('dbTemplateLocation')]", + "contentVersion": "1.0.0.0" + }, + "parameters": { + "db_user": { + "value": "[parameters('DB_Admin_User')]" + }, + "db_password": { + "value": "[parameters('DB_Admin_Password')]" + }, + "db_server": { + "value": "[variables('azureSqlServerName')]" + }, + "db_name": { + "value": "[parameters('DB_Name')]" + }, + "db_edition": { + "value": "[variables('DB_Edition')]" + }, + "db_location": { + "value": "[variables('DB_Location')]" + } + } + } + }, + { + "type": "Microsoft.Compute/virtualMachineScaleSets", + "name": "[variables('scaleSetPrimaryName')]", + "location": "[parameters('location')]", + "apiVersion": "2018-10-01", + "dependsOn": [ + "[concat('Microsoft.Network/loadBalancers/', variables('lbName'))]", + "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]", + "[concat('Microsoft.Resources/deployments/', 'deploySQLDB')]", + "[concat('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]" + ], + "plan": { + "name": "artifactory-jcr", + "publisher": "jfrog", + "product": "jfrogcontainerregistry-vm" + }, + "sku": { + "name": "[parameters('vmSku')]", + "tier": "Standard", + "capacity": "1" + }, + "properties": { + "singlePlacementGroup": true, + "overprovision": "false", + "upgradePolicy": { + "mode": "Manual" + }, + "virtualMachineProfile": { + "storageProfile": { + "osDisk": { + "caching": "ReadWrite", + "diskSizeGB": "250", + "createOption": "FromImage" + }, + "imageReference": "[variables('imageReference')]" + }, + "osProfile": { + "computerNamePrefix": "[variables('namingInfix')]", + "adminUsername": "[parameters('adminUsername')]", + "adminPassword": "[parameters('adminPassword')]", + "customData": "[base64(concat('#INSTALL SCRIPT INPUTS\nCERTIFICATE_KEY=',variables('certificateKey'),'\nCERTIFICATE=', variables('certificate'),'\nCERTIFICATE_DOMAIN=',variables('certificateDomain'),'\nARTIFACTORY_SERVER_NAME=',variables('artifactoryServerName'),'\nEXTRA_JAVA_OPTS=',variables('extraJavaOptions'),'\nJDBC_STR=',reference('Microsoft.Resources/deployments/deploySQLDB').outputs.jdbcConnString.value,'\nDB_NAME=',variables('DB_Name'),'\nDB_ADMIN_USER=',variables('DB_Admin_User'),'\nDB_ADMIN_PASSWD=',variables('DB_Admin_Password'),'\nSTO_ACT_NAME=',variables('storageAccountName'),'\nSTO_ACT_ENDPOINT=',reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))).primaryEndpoints.blob,'\nSTO_CTR_NAME=',variables('vmStorageAccountContainerName'),'\nSTO_ACT_KEY=',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2018-07-01').keys[0].value,'\nMASTER_KEY=',variables('masterKey'),'\nIS_PRIMARY=','true','\n'))]" + }, + "networkProfile": { + "networkInterfaceConfigurations": [ + { + "name": "[variables('nicPrimaryName')]", + "properties": { + "primary": true, + "ipConfigurations": [ + { + "name": "[concat(variables('ipConfigName'),'1')]", + "properties": { + "subnet": { + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetPrimaryName'))]" + }, + "loadBalancerBackendAddressPools": [ + { + "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', variables('lbName'), variables('bePoolPrimaryName'))]" + } + ], + "loadBalancerInboundNatPools": [ + { + "id": "[resourceId('Microsoft.Network/loadBalancers/inboundNatPools', variables('lbName'), variables('natPoolPrimaryName'))]" + } + ] + } + } + ] + } + } + ] + }, + "extensionProfile": { + "extensions": [ + { + "name": "extension1", + "properties": { + "publisher": "Microsoft.Azure.Extensions", + "type": "CustomScript", + "typeHandlerVersion": "2.0", + "autoUpgradeMinorVersion": false, + "settings": { + "fileUris": [ + "[uri(parameters('_artifactsLocation'), concat('scripts/install_artifactory.sh', parameters('_artifactsLocationSasToken')))]" + ] + }, + "protectedSettings": { + "commandToExecute": "sh install_artifactory.sh" + } + } + } + ] + } + } + } + } + ], + "outputs": { + "fqdn": { + "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses',variables('pipPrimaryName')),'2018-07-01').dnsSettings.fqdn]", + "type": "string" + } + } +} \ No newline at end of file diff --git a/JFrogContainerRegistry/AzureResourceManager/MP_submission_6/nested/azureDBDeploy.json b/JFrogContainerRegistry/AzureResourceManager/MP_submission_6/nested/azureDBDeploy.json new file mode 100644 index 0000000..70c31a5 --- /dev/null +++ b/JFrogContainerRegistry/AzureResourceManager/MP_submission_6/nested/azureDBDeploy.json @@ -0,0 +1,96 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "db_user": { + "type": "string", + "defaultValue": "artifactory", + "minLength": 1 + }, + "db_password": { + "type": "securestring" + }, + "db_server": { + "type": "string", + "defaultValue": "artmssqlsrv", + "minLength": 1 + }, + "db_name": { + "type": "string", + "defaultValue": "artdb", + "minLength": 1 + }, + "db_location": { + "type": "string", + "defaultValue": "" + }, + "db_edition": { + "type": "string", + "allowedValues": [ + "Basic", + "Standard", + "Premium" + ] + } + }, + "variables": { + "rtdbCollation": "Latin1_General_100_CS_AS", + "db_location": "[parameters('db_location')]" + }, + "resources": [ + { + "name": "[parameters('db_server')]", + "type": "Microsoft.Sql/servers", + "kind": "v12.0", + "location": "[variables('db_location')]", + "apiVersion": "2019-06-01-preview", + "tags": { + "displayName": "artifactoryDB" + }, + "properties": { + "administratorLogin": "[parameters('db_user')]", + "administratorLoginPassword": "[parameters('db_password')]", + "version": "12.0" + }, + "resources": [ + { + "name": "[uniqueString(parameters('db_server'), 'AllowAllWindowsAzureIps' )]", + "type": "firewallrules", + "location": "[variables('db_location')]", + "apiVersion": "2019-06-01-preview", + "dependsOn": [ + "[concat('Microsoft.Sql/servers/', parameters('db_server'))]" + ], + "properties": { + "startIpAddress": "0.0.0.0", + "endIpAddress": "0.0.0.0" + } + }, + { + "name": "[parameters('db_name')]", + "type": "databases", + "kind": "v12.0,user", + "location": "[variables('db_location')]", + "apiVersion": "2019-06-01-preview", + "dependsOn": [ + "[parameters('db_server')]" + ], + "tags": { + "displayName": "artifactoryDB" + }, + "properties": { + "edition": "[parameters('db_edition')]", + "maxSizeBytes": "1073741824", + "collation": "[variables('rtdbCollation')]" + } + } + ] + } + ], + "outputs": { + "jdbcConnString": { + "type": "string", + "value": "[concat('jdbc:sqlserver://', reference(concat('Microsoft.Sql/servers/', parameters('db_server'))).fullyQualifiedDomainName, ':1433')]" + } + } +} diff --git a/JFrogContainerRegistry/AzureResourceManager/MP_submission_6/scripts/install_artifactory.sh b/JFrogContainerRegistry/AzureResourceManager/MP_submission_6/scripts/install_artifactory.sh new file mode 100644 index 0000000..d033b1d --- /dev/null +++ b/JFrogContainerRegistry/AzureResourceManager/MP_submission_6/scripts/install_artifactory.sh @@ -0,0 +1,206 @@ +#!/bin/bash +DB_URL=$(cat /var/lib/cloud/instance/user-data.txt | grep "^JDBC_STR" | sed "s/JDBC_STR=//") +DB_NAME=$(cat /var/lib/cloud/instance/user-data.txt | grep "^DB_NAME=" | sed "s/DB_NAME=//") +DB_USER=$(cat /var/lib/cloud/instance/user-data.txt | grep "^DB_ADMIN_USER=" | sed "s/DB_ADMIN_USER=//") +DB_PASSWORD=$(cat /var/lib/cloud/instance/user-data.txt | grep "^DB_ADMIN_PASSWD=" | sed "s/DB_ADMIN_PASSWD=//") +STORAGE_ACCT=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_ACT_NAME=" | sed "s/STO_ACT_NAME=//") +STORAGE_ACT_ENDPOINT=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_ACT_ENDPOINT=" | sed "s/STO_ACT_ENDPOINT=//") +STORAGE_CONTAINER=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_CTR_NAME=" | sed "s/STO_CTR_NAME=//") +STORAGE_ACCT_KEY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_ACT_KEY=" | sed "s/STO_ACT_KEY=//") +MASTER_KEY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^MASTER_KEY=" | sed "s/MASTER_KEY=//") +IS_PRIMARY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^IS_PRIMARY=" | sed "s/IS_PRIMARY=//") + + +UBUNTU_CODENAME=$(cat /etc/lsb-release | grep "^DISTRIB_CODENAME=" | sed "s/DISTRIB_CODENAME=//") + +export DEBIAN_FRONTEND=noninteractive + +#Generate Self-Signed Cert +mkdir -p /etc/pki/tls/private/ /etc/pki/tls/certs/ +openssl req -nodes -x509 -newkey rsa:4096 -keyout /etc/pki/tls/private/example.key -out /etc/pki/tls/certs/example.pem -days 356 -subj "/C=US/ST=California/L=SantaClara/O=IT/CN=*.localhost" + +CERTIFICATE_DOMAIN=$(cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE_DOMAIN=" | sed "s/CERTIFICATE_DOMAIN=//") +[ -z "$CERTIFICATE_DOMAIN" ] && CERTIFICATE_DOMAIN=artifactory + +ARTIFACTORY_SERVER_NAME=$(cat /var/lib/cloud/instance/user-data.txt | grep "^ARTIFACTORY_SERVER_NAME=" | sed "s/ARTIFACTORY_SERVER_NAME=//") +[ -z "$ARTIFACTORY_SERVER_NAME" ] && ARTIFACTORY_SERVER_NAME=artifactory + +#Configuring nginx +rm /etc/nginx/sites-enabled/default + +cat </etc/nginx/nginx.conf + #user nobody; + worker_processes 1; + error_log /var/log/nginx/error.log info; + #pid logs/nginx.pid; + events { + worker_connections 1024; + } + + http { + include mime.types; + variables_hash_max_size 1024; + variables_hash_bucket_size 64; + server_names_hash_max_size 4096; + server_names_hash_bucket_size 128; + types_hash_max_size 2048; + types_hash_bucket_size 64; + proxy_read_timeout 2400s; + client_header_timeout 2400s; + client_body_timeout 2400s; + proxy_connect_timeout 75s; + proxy_send_timeout 2400s; + proxy_buffer_size 32k; + proxy_buffers 40 32k; + proxy_busy_buffers_size 64k; + proxy_temp_file_write_size 250m; + proxy_http_version 1.1; + client_body_buffer_size 128k; + + include /etc/nginx/conf.d/*.conf; + default_type application/octet-stream; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + access_log /var/log/nginx/access.log main; + sendfile on; + #tcp_nopush on; + #keepalive_timeout 0; + keepalive_timeout 65; + } +EOF + +cat </etc/nginx/conf.d/artifactory.conf +ssl_certificate /etc/pki/tls/certs/cert.pem; +ssl_certificate_key /etc/pki/tls/private/cert.key; +ssl_session_cache shared:SSL:1m; +ssl_prefer_server_ciphers on; +## server configuration +server { + listen 443 ssl; + listen 80 ; + server_name ~(?.+)\\.${CERTIFICATE_DOMAIN} artifactory ${ARTIFACTORY_SERVER_NAME}.${CERTIFICATE_DOMAIN}; + if (\$http_x_forwarded_proto = '') { + set \$http_x_forwarded_proto \$scheme; + } + ## Application specific logs + ## access_log /var/log/nginx/artifactory-access.log timing; + ## error_log /var/log/nginx/artifactory-error.log; + rewrite ^/$ /artifactory/webapp/ redirect; + rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; + rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/\$repo/\$1/\$2; + chunked_transfer_encoding on; + client_max_body_size 0; + location /artifactory/ { + proxy_read_timeout 2400; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + proxy_pass http://127.0.0.1:8081/artifactory/; + proxy_set_header X-Artifactory-Override-Base-Url + \$http_x_forwarded_proto://\$host:\$server_port/artifactory; + proxy_set_header X-Forwarded-Port \$server_port; + proxy_set_header X-Forwarded-Proto \$http_x_forwarded_proto; + proxy_set_header Host \$http_host; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + } +} +EOF + +HOSTNAME=$(ip route get 8.8.8.8 | awk '{print $NF; exit}') + +if [ "${IS_PRIMARY}" = "true" ]; then + NODE_NAME=art-primary +else + NODE_NAME=art-$(date +%s$RANDOM) +fi + +cat </var/opt/jfrog/artifactory/etc/ha-node.properties +node.id=${NODE_NAME} +artifactory.ha.data.dir=/var/opt/jfrog/artifactory/data +context.url=http://${HOSTNAME}:8081/artifactory +access.context.url=http://${HOSTNAME}:8081/access +membership.port=10001 +hazelcast.interface=${HOSTNAME} +primary=${IS_PRIMARY} +EOF + +cat </var/opt/jfrog/artifactory/etc/db.properties +type=mssql +driver=com.microsoft.sqlserver.jdbc.SQLServerDriver +url=${DB_URL};databaseName=${DB_NAME};sendStringParametersAsUnicode=false;applicationName=Artifactory Binary Repository +username=${DB_USER} +password=${DB_PASSWORD} +EOF + +mkdir -p /var/opt/jfrog/artifactory/etc/security + +cat </var/opt/jfrog/artifactory/etc/security/master.key +${MASTER_KEY} +EOF + +cat </var/opt/jfrog/artifactory/etc/binarystore.xml + + + + + + + + + + + + + + + + + crossNetworkStrategy + crossNetworkStrategy + 2 + 1 + + + + + remote + + + + local + + + + + ${STORAGE_ACCT} + ${STORAGE_ACCT_KEY} + ${STORAGE_ACT_ENDPOINT} + ${STORAGE_CONTAINER} + + +EOF + +HOSTNAME=$(hostname -i) +sed -i -e "s/art1/art-$(date +%s$RANDOM)/" /var/opt/jfrog/artifactory/etc/ha-node.properties +sed -i -e "s/127.0.0.1/$HOSTNAME/" /var/opt/jfrog/artifactory/etc/ha-node.properties +sed -i -e "s/172.25.0.3/$HOSTNAME/" /var/opt/jfrog/artifactory/etc/ha-node.properties + +cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE=" | sed "s/CERTIFICATE=//" > /tmp/temp.pem +cat /tmp/temp.pem | sed 's/CERTIFICATE----- /&\n/g' | sed 's/ -----END/\n-----END/g' | awk '{if($0 ~ /----/) {print;} else { gsub(/ /,"\n");print;}}' > /etc/pki/tls/certs/cert.pem +rm /tmp/temp.pem + +cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE_KEY=" | sed "s/CERTIFICATE_KEY=//" > /tmp/temp.key +cat /tmp/temp.key | sed 's/KEY----- /&\n/' | sed 's/ -----END/\n-----END/' | awk '{if($0 ~ /----/) {print;} else { gsub(/ /,"\n");print;}}' > /etc/pki/tls/private/cert.key +rm /tmp/temp.key + +EXTRA_JAVA_OPTS=$(cat /var/lib/cloud/instance/user-data.txt | grep "^EXTRA_JAVA_OPTS=" | sed "s/EXTRA_JAVA_OPTS=//") +[ -z "$EXTRA_JAVA_OPTS" ] && EXTRA_JAVA_OPTS='-server -Xms2g -Xmx6g -Xss256k -XX:+UseG1GC -XX:OnOutOfMemoryError="kill -9 %p"' +echo "export JAVA_OPTIONS=\"${EXTRA_JAVA_OPTS}\"" >> /var/opt/jfrog/artifactory/etc/default +chown artifactory:artifactory -R /var/opt/jfrog/artifactory/* && chown artifactory:artifactory -R /var/opt/jfrog/artifactory/etc/security && chown artifactory:artifactory -R /var/opt/jfrog/artifactory/etc/* + +# start Artifactory +sleep $((RANDOM % 240)) +service artifactory start +service nginx start +nginx -s reload +echo "INFO: Artifactory installation completed." > /tmp/artifactory-install.log diff --git a/JFrogContainerRegistry/AzureResourceManager/MP_submission_7/createUiDefinition.json b/JFrogContainerRegistry/AzureResourceManager/MP_submission_7/createUiDefinition.json new file mode 100644 index 0000000..e61080f --- /dev/null +++ b/JFrogContainerRegistry/AzureResourceManager/MP_submission_7/createUiDefinition.json @@ -0,0 +1,340 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#", + "handler": "Microsoft.Azure.CreateUIDef", + "version": "0.1.2-preview", + "parameters": { + "basics": [ + {} + ], + "steps": [ + { + "name": "vmCredentials", + "label": "VM Credential", + "bladeTitle": "VM Credential", + "subLabel": { + "preValidation": "Provide VM credentials", + "postValidation": "Great - let's move on!" + }, + "elements": [ + { + "name": "adminUsername", + "type": "Microsoft.Compute.UserNameTextBox", + "label": "Admin username", + "osPlatform": "Linux", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z]{1,30}$", + "validationMessage": "Only alphanumeric characters are allowed, and the value must be 1-30 characters long." + }, + "toolTip": "Provide admin username for the virtual machine" + }, + { + "name": "adminPassword", + "type": "Microsoft.Compute.CredentialsCombo", + "label": { + "password": "Password", + "confirmPassword": "Confirm password" + }, + "osPlatform": "Linux", + "constraints": { + "required": true, + "customPasswordRegex": "^(?=.*[A-Za-z])(?=.*\\d)(?=.*[@$!%*#?&])[A-Za-z\\d@$!%*#?&]{12,}$", + "customValidationMessage": "The password must contain at least 12 characters, with at least 1 uppercase letter, 1 lowercase letter and 1 number." + }, + "options": { + "hideConfirmation": false + }, + "toolTip": { + "password": "Provide admin password for the virtual machine" + }, + "visible": true + } + ] + }, + { + "name": "clusterConfig", + "label": "JFrog Container Registry Cluster settings", + "subLabel": { + "preValidation": "Configure JFrog Container Registry Cluster settings", + "postValidation": "Done!" + }, + "bladeTitle": "JFrog Container Registry Cluster Settings", + "elements": [ + { + "name": "clusterName", + "type": "Microsoft.Common.TextBox", + "label": "Cluster name", + "toolTip": "Cluster name", + "defaultValue": "", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z]{1,30}$", + "validationMessage": "Only alphanumeric characters are allowed, and the value must be 1-30 characters long." + } + }, + { + "name": "vmSku", + "type": "Microsoft.Compute.SizeSelector", + "label": "Virtual machine size", + "toolTip": "The size of the virtual machine for JFrog Container Registry", + "recommendedSizes": [ + "Standard_D2s_v3" + ], + "constraints": { + "allowedSizes": [ + "Standard_A4_v2", + "Standard_A4", + "Standard_D2s_v3", + "Standard_D4s_v3", + "Standard_DS2_v2", + "Standard_DS3_v2", + "Standard_D2_v2", + "Standard_D3_v2", + "Standard_DC2s", + "Standard_DC4s" + ] + }, + "osPlatform": "Linux", + "count": 1 + }, + { + "name": "artifactoryVersion", + "type": "Microsoft.Common.DropDown", + "label": "JFrog Container Registry-vm image version to deploy.", + "defaultValue": "7.4.3", + "toolTip": "Version of JFrog Container Registry to deploy", + "constraints": { + "allowedValues": [ + { + "label": "7.2.1", + "value": "7.2.1" + }, + { + "label": "7.3.2", + "value": "7.3.2" + }, + { + "label": "7.4.3", + "value": "7.4.3" + } + ], + "required": true + }, + "visible": true + }, + { + "name": "masterKey", + "type": "Microsoft.Common.PasswordBox", + "label": { + "password": "JFrog Container Registry master Key", + "confirmPassword": "Confirm master Key" + }, + "toolTip": "Master key for JFrog Container Registry cluster. Generate master.key using command '$openssl rand -hex 16'", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z]{1,32}$", + "validationMessage": "Only alphanumeric characters are allowed, and the value must be 1-32 characters long." + }, + "options": { + "hideConfirmation": true + } + }, + { + "name": "certificate", + "type": "Microsoft.Common.PasswordBox", + "label": { + "password": "Provide your SSL Certificate.", + "confirmPassword": "Confirm SSL Certificate." + }, + "toolTip": "To use JFrog Container Registry as docker registry you need to provide wild card valid Certificate. Provide your SSL Certificate.", + "constraints": { + "required": true, + "regex": "^(-----BEGIN CERTIFICATE-----)(.+)(-----END CERTIFICATE-----)$", + "validationMessage": "Provide SSL Certificate." + }, + "options": { + "hideConfirmation": true + } + }, + { + "name": "certificateKey", + "type": "Microsoft.Common.PasswordBox", + "label": { + "password": "Provide your SSL Certificate key.", + "confirmPassword": "Confirm SSL Certificate key." + }, + "toolTip": "Provide your SSL Certificate key", + "constraints": { + "required": true, + "regex": "^(-----BEGIN)(.+)(PRIVATE KEY-----)(.+)(-----END)(.+)(PRIVATE KEY-----)$", + "validationMessage": "Provide SSL Certificate Key." + }, + "options": { + "hideConfirmation": true + } + }, + { + "name": "certificateDomain", + "type": "Microsoft.Common.TextBox", + "label": "Provide your Certificate Domain Name.", + "defaultValue": "artifactory", + "toolTip": "Provide your Certificate Domain Name. For e.g jfrog.team for certificate with *.jfrog.team", + "constraints": { + "required": true, + "regex": "^(\\*)*([\\w-\\.])+$", + "validationMessage": "Must be a valid fully-qualified domain name." + } + }, + { + "name": "artifactoryServerName", + "type": "Microsoft.Common.TextBox", + "label": "Provide JFrog Container Registry server name to be used in Nginx.", + "defaultValue": "artifactory", + "toolTip": "Provide JFrog Container Registry server name to be used in Nginx. e.g artifactory for artifactory.jfrog.team", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z]{1,20}$", + "validationMessage": "Only letters and numbers are allowed, and the value must be 1-20 characters long." + } + }, + { + "name": "extraJavaOptions", + "type": "Microsoft.Common.TextBox", + "label": "Setting Java Memory Parameters for JFrog Container Registry", + "defaultValue": "-server -Xms512m -Xmx2g -Xss256k -XX:+UseG1GC -XX:OnOutOfMemoryError=\\\"kill -9 %p\\\"", + "toolTip": "Setting Java Memory Parameters for JFrog Container Registry. Learn about system requirements for JFrog Container Registry https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware", + "constraints": { + "required": false, + "regex": "[^a-zA-Z0-9]+\\S+\\D", + "validationMessage": "Example: -server -Xms512m -Xmx2g -Xss256k -XX:+UseG1GC -XX:OnOutOfMemoryError=\\\"kill -9 %p\\\"" + } + } + ] + }, + { + "name": "databaseConfig", + "label": "Database Configuration", + "subLabel": { + "preValidation": "Configure the Database", + "postValidation": "Done" + }, + "bladeTitle": "Database Credential", + "elements": [ + { + "name": "dbAdminUsername", + "type": "Microsoft.Compute.UserNameTextBox", + "label": "User name", + "toolTip": "Admin username for the database", + "osPlatform": "Linux", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z]{1,30}$", + "validationMessage": "Only alphanumeric characters are allowed, and the value must be 1-30 characters long." + } + }, + { + "name": "dbAdminPassword", + "type": "Microsoft.Common.PasswordBox", + "label": { + "password": "Password", + "confirmPassword": "Confirm password" + }, + "toolTip": "Admin password for the database", + "constraints": { + "required": true, + "regex": "^(?=.*[A-Za-z])(?=.*\\d)(?=.*[@$!%*#?&])[A-Za-z\\d@$!%*#?&]{12,}$", + "validationMessage": "The password must contain at least 12 characters, with at least 1 uppercase letter, 1 lowercase letter and 1 number." + }, + "options": { + "hideConfirmation": false + }, + "visible": true + }, + { + "name": "dbName", + "type": "Microsoft.Common.TextBox", + "label": "Database name", + "toolTip": "Database name", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z]{1,15}$", + "validationMessage": "Only alphanumeric characters are allowed, and the value must be 1-15 characters long." + } + }, + { + "name": "dbEdition", + "type": "Microsoft.Common.DropDown", + "label": "Database Edition", + "defaultValue": "Basic", + "toolTip": "Edition of Database to use", + "constraints": { + "allowedValues": [ + { + "label": "Basic", + "value": "Basic" + }, + { + "label": "Standard", + "value": "Standard" + }, + { + "label": "Premium", + "value": "Premium" + } + ], + "required": true + }, + "visible": true + } + ] + }, + { + "name": "storageConfig", + "label": "Storage settings", + "subLabel": { + "preValidation": "Configure the infrastructure settings", + "postValidation": "Done" + }, + "bladeTitle": "Storage settings", + "elements": [ + { + "name": "storageAccountsType", + "type": "Microsoft.Common.DropDown", + "label": "Storage account type", + "defaultValue": "Standard_LRS", + "toolTip": "Storage account type", + "constraints": { + "allowedValues": [ + { + "label": "Standard_LRS", + "value": "Standard_LRS" + } + ], + "required": true + }, + "visible": true + } + ] + } + ], + "outputs": { + "clusterName": "[steps('clusterConfig').clusterName]", + "vmSku": "[steps('clusterConfig').vmSku]", + "location": "[location()]", + "artifactoryVersion": "[steps('clusterConfig').artifactoryVersion]", + "masterKey": "[steps('clusterConfig').masterKey]", + "certificate": "[steps('clusterConfig').certificate]", + "certificateKey": "[steps('clusterConfig').certificateKey]", + "certificateDomain": "[steps('clusterConfig').certificateDomain]", + "artifactoryServerName": "[steps('clusterConfig').artifactoryServerName]", + "extraJavaOptions": "[steps('clusterConfig').extraJavaOptions]", + "adminUsername": "[steps('vmCredentials').adminUsername]", + "adminPassword": "[steps('vmCredentials').adminPassword.password]", + "DB_Admin_User": "[steps('databaseConfig').dbAdminUsername]", + "DB_Admin_Password": "[steps('databaseConfig').dbAdminPassword]", + "DB_Name": "[steps('databaseConfig').dbName]", + "DB_Edition": "[steps('databaseConfig').dbEdition]", + "storageAccountType": "[steps('storageConfig').storageAccountsType]" + } + } +} \ No newline at end of file diff --git a/JFrogContainerRegistry/AzureResourceManager/MP_submission_7/mainTemplate.json b/JFrogContainerRegistry/AzureResourceManager/MP_submission_7/mainTemplate.json new file mode 100644 index 0000000..bd39da3 --- /dev/null +++ b/JFrogContainerRegistry/AzureResourceManager/MP_submission_7/mainTemplate.json @@ -0,0 +1,619 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "vmSku": { + "type": "string", + "defaultValue": "Standard_D2s_v3", + "metadata": { + "description": "Size of VMs in the VM Scale Set." + } + }, + "clusterName": { + "type": "string", + "maxLength": 61, + "metadata": { + "description": "String used as a base for naming resources. Must be 3-61 characters in length and globally unique across Azure. A hash is prepended to this string for some resources, and resource-specific information is appended." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Location for the resources." + } + }, + "artifactoryVersion": { + "type": "string", + "defaultValue": "7.4.3", + "allowedValues": [ + "7.2.1", + "7.3.2", + "7.4.3" + ], + "metadata": { + "description": "JFrog Container Registry-vm image version to deploy." + } + }, + "masterKey": { + "type": "securestring", + "maxLength": 64, + "metadata": { + "description": "Master key for JFrog Container Registry cluster. Generate master.key using command '$openssl rand -hex 16'" + } + }, + "adminUsername": { + "type": "string", + "metadata": { + "description": "Admin username on all VMs. Follow conventions for azure VM admin user name." + } + }, + "adminPassword": { + "type": "securestring", + "metadata": { + "description": "Admin password on all VMs. Follow conventions for azure VM admin password rules." + } + }, + "certificate": { + "type": "securestring", + "metadata": { + "description": "To use Artifactory as docker registry you need to provide wild card valid Certificate. Provide your SSL Certificate." + } + }, + "certificateKey": { + "type": "securestring", + "metadata": { + "description": "Provide your SSL Certificate key" + } + }, + "certificateDomain": { + "type": "string", + "minLength": 1, + "defaultValue": "artifactory", + "metadata": { + "description": "Provide your Certificate Domain Name. For e.g jfrog.team for certificate with *.jfrog.team" + } + }, + "artifactoryServerName": { + "type": "string", + "minLength": 1, + "defaultValue": "artifactory", + "metadata": { + "description": "Provide artifactory server name to be used in Nginx. e.g artifactory for artifactory.jfrog.team" + } + }, + "extraJavaOptions": { + "type": "string", + "minLength": 1, + "defaultValue": "-server -Xms2g -Xmx12g -Xss256k -XX:+UseG1GC -XX:OnOutOfMemoryError=\\\"kill -9 %p\\\"", + "metadata": { + "description": "Setting Java Memory Parameters for Artifactory. Learn about system requirements for Artifactory https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware." + } + }, + "DB_Admin_User": { + "type": "string", + "minLength": 1, + "metadata": { + "description": "Database Admin user name" + } + }, + "DB_Admin_Password": { + "type": "securestring", + "minLength": 1, + "metadata": { + "description": "Database Admin password" + } + }, + "DB_Name": { + "type": "string", + "minLength": 1, + "metadata": { + "description": "Database name" + } + }, + "DB_Edition": { + "type": "string", + "minLength": 1, + "defaultValue": "Basic", + "allowedValues": [ + "Basic", + "Standard", + "Premium" + ], + "metadata": { + "description": "Database Edition" + } + }, + "storageAccountType": { + "type": "string", + "defaultValue": "Standard_LRS", + "allowedValues": [ + "Standard_LRS", + "Standard_GRS", + "Standard_ZRS" + ], + "metadata": { + "description": "Storage Account type" + } + }, + "_artifactsLocation": { + "type": "string", + "metadata": { + "description": "The base URI where artifacts required by this template are located. When the template is deployed using the accompanying scripts, a private location in the subscription will be used and this value will be automatically generated." + }, + "defaultValue": "[deployment().properties.templateLink.uri]" + }, + "_artifactsLocationSasToken": { + "type": "securestring", + "metadata": { + "description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated." + }, + "defaultValue": "" + } + }, + "variables": { + "namingInfix": "[toLower(substring(concat(parameters('clusterName'), uniqueString(resourceGroup().id)), 0, 9))]", + "addressPrefix": "10.0.0.0/16", + "subnetPrimaryPrefix": "10.0.1.0/24", + "virtualNetworkName": "[concat(variables('namingInfix'), 'vnet')]", + "subnetPrimaryName": "[concat(variables('namingInfix'), 'primarySubnet')]", + "scaleSetPrimaryName": "[concat(variables('namingInfix'), 'primaryScaleset')]", + "lbName": "[concat(variables('namingInfix'), 'lb')]", + "bepoolPrimaryName": "[concat(variables('lbName'), 'primaryBepool')]", + "fepoolPrimaryName": "[concat(variables('lbName'), 'primaryFepool')]", + "bepoolPrimaryID": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', variables('lbName'), variables('bepoolPrimaryName'))]", + "feIpConfigPrimaryName": "[concat(variables('fepoolPrimaryName'), 'primaryIpConfig')]", + "feIpConfigPrimaryId": "[resourceId('Microsoft.Network/loadBalancers/frontendIpConfigurations', variables('lbName'), variables('feIpConfigPrimaryName'))]", + "pipPrimaryName": "[concat(variables('namingInfix'), 'primaryPip')]", + "nicPrimaryName": "[concat(variables('namingInfix'), 'primaryNic')]", + "natPoolPrimaryName": "[concat(variables('lbName'), 'primaryNatpool')]", + "ipConfigName": "[concat(variables('namingInfix'), 'ipconfig')]", + "httpProbePrimaryName": "primaryHttpProbe", + "httpsProbePrimaryName": "primaryHttpsProbe", + "storageAccountName": "[concat(variables('namingInfix'), 'storage')]", + "vmStorageAccountContainerName": "filestore", + "azureSqlServerName": "[concat(variables('namingInfix'), 'sqlsrv')]", + "DB_Name": "[parameters('DB_Name')]", + "DB_Admin_User": "[parameters('DB_Admin_User')]", + "DB_Admin_Password": "[parameters('DB_Admin_Password')]", + "DB_Edition": "[parameters('DB_Edition')]", + "DB_Location": "[parameters('location')]", + "masterKey": "[parameters('masterKey')]", + "certificate": "[parameters('certificate')]", + "certificateKey": "[parameters('certificateKey')]", + "certificateDomain": "[parameters('certificateDomain')]", + "artifactoryServerName": "[parameters('artifactoryServerName')]", + "extraJavaOptions": "[parameters('extraJavaOptions')]", + "osType": { + "publisher": "jfrog", + "offer": "jfrogcontainerregistry-vm", + "sku": "artifactory-jcr", + "version": "[parameters('artifactoryVersion')]" + }, + "imageReference": "[variables('osType')]", + "dbTemplate": "azureDBDeploy.json", + "dbTemplateLocation": "[uri(parameters('_artifactsLocation'), concat('nested/', variables('dbTemplate'), parameters('_artifactsLocationSasToken')))]", + "nsgName": "[concat(variables('namingInfix'), 'nsg')]" + }, + "resources": [ + { + "apiVersion": "2019-05-01", + "name": "pid-04c1c376-5d4b-4771-9a7f-054f5910dcef", + "type": "Microsoft.Resources/deployments", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/networkSecurityGroups", + "location": "[parameters('location')]", + "name": "[variables('nsgName')]", + "apiVersion": "2018-07-01", + "properties": { + "securityRules": [ + { + "name": "ssh-rule", + "properties": { + "description": "Allow SSH", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRange": "22", + "sourceAddressPrefix": "Internet", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 100, + "direction": "Inbound" + } + }, + { + "name": "http-artifactory-rule", + "properties": { + "description": "Allow HTTP", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRange": "8081", + "sourceAddressPrefix": "Internet", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 101, + "direction": "Inbound" + } + }, + { + "name": "http-nginx-rule", + "properties": { + "description": "Allow HTTP", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRange": "80", + "sourceAddressPrefix": "Internet", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 102, + "direction": "Inbound" + } + }, + { + "name": "https-nginx-rule", + "properties": { + "description": "Allow HTTP", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRange": "443", + "sourceAddressPrefix": "Internet", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 103, + "direction": "Inbound" + } + }, + { + "name": "membership-rule", + "properties": { + "description": "Allow HTTP", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRange": "10001", + "sourceAddressPrefix": "Internet", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 105, + "direction": "Inbound" + } + } + ] + } + }, + { + "type": "Microsoft.Network/virtualNetworks", + "name": "[variables('virtualNetworkName')]", + "location": "[parameters('location')]", + "apiVersion": "2018-07-01", + "dependsOn": [ + "[concat('Microsoft.Network/networkSecurityGroups/', variables('nsgName'))]" + ], + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[variables('addressPrefix')]" + ] + }, + "subnets": [ + { + "name": "[variables('subnetPrimaryName')]", + "properties": { + "addressPrefix": "[variables('subnetPrimaryPrefix')]", + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]" + } + } + } + ] + } + }, + { + "apiVersion": "2018-07-01", + "type": "Microsoft.Network/networkInterfaces", + "name": "[variables('nicPrimaryName')]", + "location": "[parameters('location')]", + "dependsOn": [ + "[concat('Microsoft.Network/publicIPAddresses/', variables('pipPrimaryName'))]", + "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]", + "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]" + ], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "privateIPAllocationMethod": "Dynamic", + "subnet": { + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetPrimaryName'))]" + } + } + } + ], + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]" + } + } + }, + { + "type": "Microsoft.Network/publicIPAddresses", + "name": "[variables('pipPrimaryName')]", + "location": "[parameters('location')]", + "sku": { + "name": "Standard" + }, + "apiVersion": "2018-07-01", + "properties": { + "publicIPAllocationMethod": "Static", + "dnsSettings": { + "domainNameLabel": "[variables('namingInfix')]" + } + } + }, + { + "type": "Microsoft.Network/loadBalancers", + "name": "[variables('lbName')]", + "location": "[parameters('location')]", + "apiVersion": "2018-07-01", + "sku": { + "name": "Standard" + }, + "dependsOn": [ + "[concat('Microsoft.Network/publicIPAddresses/', variables('pipPrimaryName'))]" + ], + "tags":{ + "displayName": "Load Balancer" + }, + "properties": { + "frontendIPConfigurations": [ + { + "name": "[variables('feIpConfigPrimaryName')]", + "properties": { + "publicIPAddress": { + "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('pipPrimaryName'))]" + } + } + } + ], + "backendAddressPools": [ + { + "name": "[variables('bepoolPrimaryName')]" + } + ], + "inboundNatPools": [ + { + "name": "[variables('natPoolPrimaryName')]", + "properties": { + "frontendIPConfiguration": { + "id": "[variables('feIpConfigPrimaryId')]" + }, + "protocol": "tcp", + "frontendPortRangeStart": 10022, + "frontendPortRangeEnd": 11022, + "backendPort": 22 + } + } + ], + "loadBalancingRules": [ + { + "name": "HTTPRulePrimary", + "properties": { + "loadDistribution": "Default", + "frontendIPConfiguration": { + "id": "[variables('feIpConfigPrimaryId')]" + }, + "backendAddressPool": { + "id": "[variables('bepoolPrimaryID')]" + }, + "protocol": "Tcp", + "frontendPort": 80, + "backendPort": 80, + "enableFloatingIP": false, + "idleTimeoutInMinutes": 5, + "probe": { + "id": "[resourceId('Microsoft.Network/loadBalancers/probes', variables('lbName'), variables('httpProbePrimaryName'))]" + } + } + }, + { + "name": "HTTPSRulePrimary", + "properties": { + "loadDistribution": "Default", + "frontendIPConfiguration": { + "id": "[variables('feIpConfigPrimaryId')]" + }, + "backendAddressPool": { + "id": "[variables('bepoolPrimaryID')]" + }, + "protocol": "Tcp", + "frontendPort": 443, + "backendPort": 443, + "enableFloatingIP": false, + "idleTimeoutInMinutes": 5, + "probe": { + "id": "[resourceId('Microsoft.Network/loadBalancers/probes', variables('lbName'), variables('httpsProbePrimaryName'))]" + } + } + } + ], + "probes": [ + { + "name": "[variables('httpProbePrimaryName')]", + "properties": { + "protocol": "Http", + "requestPath": "/artifactory/api/system/ping", + "port": 80, + "intervalInSeconds": 60, + "numberOfProbes": 5 + } + }, + { + "name": "[variables('httpsProbePrimaryName')]", + "properties": { + "protocol": "Tcp", + "port": 443, + "intervalInSeconds": 60, + "numberOfProbes": 5 + } + } + ] + } + }, + { + "apiVersion": "2018-07-01", + "type": "Microsoft.Storage/storageAccounts", + "name": "[variables('storageAccountName')]", + "location": "[parameters('location')]", + "sku": { + "name": "[parameters('storageAccountType')]" + }, + "tags":{ + "displayName": "Artifactory Storage Account" + }, + "kind": "Storage", + "properties": {} + }, + { + "type": "Microsoft.Resources/deployments", + "name": "deploySQLDB", + "apiVersion": "2018-07-01", + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('dbTemplateLocation')]", + "contentVersion": "1.0.0.0" + }, + "parameters": { + "db_user": { + "value": "[parameters('DB_Admin_User')]" + }, + "db_password": { + "value": "[parameters('DB_Admin_Password')]" + }, + "db_server": { + "value": "[variables('azureSqlServerName')]" + }, + "db_name": { + "value": "[parameters('DB_Name')]" + }, + "db_edition": { + "value": "[variables('DB_Edition')]" + }, + "db_location": { + "value": "[variables('DB_Location')]" + } + } + } + }, + { + "type": "Microsoft.Compute/virtualMachineScaleSets", + "name": "[variables('scaleSetPrimaryName')]", + "location": "[parameters('location')]", + "apiVersion": "2018-10-01", + "dependsOn": [ + "[concat('Microsoft.Network/loadBalancers/', variables('lbName'))]", + "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]", + "[concat('Microsoft.Resources/deployments/', 'deploySQLDB')]", + "[concat('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]" + ], + "plan": { + "name": "artifactory-jcr", + "publisher": "jfrog", + "product": "jfrogcontainerregistry-vm" + }, + "sku": { + "name": "[parameters('vmSku')]", + "tier": "Standard", + "capacity": "1" + }, + "properties": { + "singlePlacementGroup": true, + "overprovision": "false", + "upgradePolicy": { + "mode": "Manual" + }, + "virtualMachineProfile": { + "storageProfile": { + "osDisk": { + "caching": "ReadWrite", + "diskSizeGB": "250", + "createOption": "FromImage" + }, + "imageReference": "[variables('imageReference')]" + }, + "osProfile": { + "computerNamePrefix": "[variables('namingInfix')]", + "adminUsername": "[parameters('adminUsername')]", + "adminPassword": "[parameters('adminPassword')]", + "customData": "[base64(concat('#INSTALL SCRIPT INPUTS\nCERTIFICATE_KEY=',variables('certificateKey'),'\nCERTIFICATE=', variables('certificate'),'\nCERTIFICATE_DOMAIN=',variables('certificateDomain'),'\nARTIFACTORY_SERVER_NAME=',variables('artifactoryServerName'),'\nEXTRA_JAVA_OPTS=',variables('extraJavaOptions'),'\nJDBC_STR=',reference('Microsoft.Resources/deployments/deploySQLDB').outputs.jdbcConnString.value,'\nDB_NAME=',variables('DB_Name'),'\nDB_ADMIN_USER=',variables('DB_Admin_User'),'\nDB_ADMIN_PASSWD=',variables('DB_Admin_Password'),'\nSTO_ACT_NAME=',variables('storageAccountName'),'\nSTO_ACT_ENDPOINT=',reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))).primaryEndpoints.blob,'\nSTO_CTR_NAME=',variables('vmStorageAccountContainerName'),'\nSTO_ACT_KEY=',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2018-07-01').keys[0].value,'\nMASTER_KEY=',variables('masterKey'),'\nIS_PRIMARY=','true','\n'))]" + }, + "networkProfile": { + "networkInterfaceConfigurations": [ + { + "name": "[variables('nicPrimaryName')]", + "properties": { + "primary": true, + "ipConfigurations": [ + { + "name": "[concat(variables('ipConfigName'),'1')]", + "properties": { + "subnet": { + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetPrimaryName'))]" + }, + "loadBalancerBackendAddressPools": [ + { + "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', variables('lbName'), variables('bePoolPrimaryName'))]" + } + ], + "loadBalancerInboundNatPools": [ + { + "id": "[resourceId('Microsoft.Network/loadBalancers/inboundNatPools', variables('lbName'), variables('natPoolPrimaryName'))]" + } + ] + } + } + ] + } + } + ] + }, + "extensionProfile": { + "extensions": [ + { + "name": "extension1", + "properties": { + "publisher": "Microsoft.Azure.Extensions", + "type": "CustomScript", + "typeHandlerVersion": "2.0", + "autoUpgradeMinorVersion": false, + "settings": { + "fileUris": [ + "[uri(parameters('_artifactsLocation'), concat('scripts/install_artifactory7.sh', parameters('_artifactsLocationSasToken')))]" + ] + }, + "protectedSettings": { + "commandToExecute": "sh install_artifactory7.sh" + } + } + } + ] + } + } + } + } + ], + "outputs": { + "fqdn": { + "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses',variables('pipPrimaryName')),'2018-07-01').dnsSettings.fqdn]", + "type": "string" + } + } +} \ No newline at end of file diff --git a/JFrogContainerRegistry/AzureResourceManager/MP_submission_7/nested/azureDBDeploy.json b/JFrogContainerRegistry/AzureResourceManager/MP_submission_7/nested/azureDBDeploy.json new file mode 100644 index 0000000..70c31a5 --- /dev/null +++ b/JFrogContainerRegistry/AzureResourceManager/MP_submission_7/nested/azureDBDeploy.json @@ -0,0 +1,96 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "db_user": { + "type": "string", + "defaultValue": "artifactory", + "minLength": 1 + }, + "db_password": { + "type": "securestring" + }, + "db_server": { + "type": "string", + "defaultValue": "artmssqlsrv", + "minLength": 1 + }, + "db_name": { + "type": "string", + "defaultValue": "artdb", + "minLength": 1 + }, + "db_location": { + "type": "string", + "defaultValue": "" + }, + "db_edition": { + "type": "string", + "allowedValues": [ + "Basic", + "Standard", + "Premium" + ] + } + }, + "variables": { + "rtdbCollation": "Latin1_General_100_CS_AS", + "db_location": "[parameters('db_location')]" + }, + "resources": [ + { + "name": "[parameters('db_server')]", + "type": "Microsoft.Sql/servers", + "kind": "v12.0", + "location": "[variables('db_location')]", + "apiVersion": "2019-06-01-preview", + "tags": { + "displayName": "artifactoryDB" + }, + "properties": { + "administratorLogin": "[parameters('db_user')]", + "administratorLoginPassword": "[parameters('db_password')]", + "version": "12.0" + }, + "resources": [ + { + "name": "[uniqueString(parameters('db_server'), 'AllowAllWindowsAzureIps' )]", + "type": "firewallrules", + "location": "[variables('db_location')]", + "apiVersion": "2019-06-01-preview", + "dependsOn": [ + "[concat('Microsoft.Sql/servers/', parameters('db_server'))]" + ], + "properties": { + "startIpAddress": "0.0.0.0", + "endIpAddress": "0.0.0.0" + } + }, + { + "name": "[parameters('db_name')]", + "type": "databases", + "kind": "v12.0,user", + "location": "[variables('db_location')]", + "apiVersion": "2019-06-01-preview", + "dependsOn": [ + "[parameters('db_server')]" + ], + "tags": { + "displayName": "artifactoryDB" + }, + "properties": { + "edition": "[parameters('db_edition')]", + "maxSizeBytes": "1073741824", + "collation": "[variables('rtdbCollation')]" + } + } + ] + } + ], + "outputs": { + "jdbcConnString": { + "type": "string", + "value": "[concat('jdbc:sqlserver://', reference(concat('Microsoft.Sql/servers/', parameters('db_server'))).fullyQualifiedDomainName, ':1433')]" + } + } +} diff --git a/JFrogContainerRegistry/AzureResourceManager/MP_submission_7/scripts/install_artifactory7.sh b/JFrogContainerRegistry/AzureResourceManager/MP_submission_7/scripts/install_artifactory7.sh new file mode 100644 index 0000000..77a62b7 --- /dev/null +++ b/JFrogContainerRegistry/AzureResourceManager/MP_submission_7/scripts/install_artifactory7.sh @@ -0,0 +1,178 @@ +#!/bin/bash +DB_URL=$(cat /var/lib/cloud/instance/user-data.txt | grep "^JDBC_STR" | sed "s/JDBC_STR=//") +DB_NAME=$(cat /var/lib/cloud/instance/user-data.txt | grep "^DB_NAME=" | sed "s/DB_NAME=//") +DB_USER=$(cat /var/lib/cloud/instance/user-data.txt | grep "^DB_ADMIN_USER=" | sed "s/DB_ADMIN_USER=//") +DB_PASSWORD=$(cat /var/lib/cloud/instance/user-data.txt | grep "^DB_ADMIN_PASSWD=" | sed "s/DB_ADMIN_PASSWD=//") +STORAGE_ACCT=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_ACT_NAME=" | sed "s/STO_ACT_NAME=//") +STORAGE_ACT_ENDPOINT=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_ACT_ENDPOINT=" | sed "s/STO_ACT_ENDPOINT=//") +STORAGE_CONTAINER=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_CTR_NAME=" | sed "s/STO_CTR_NAME=//") +STORAGE_ACCT_KEY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_ACT_KEY=" | sed "s/STO_ACT_KEY=//") +MASTER_KEY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^MASTER_KEY=" | sed "s/MASTER_KEY=//") +IS_PRIMARY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^IS_PRIMARY=" | sed "s/IS_PRIMARY=//") + + +export DEBIAN_FRONTEND=noninteractive + +#Generate Self-Signed Cert +mkdir -p /etc/pki/tls/private/ /etc/pki/tls/certs/ +openssl req -nodes -x509 -newkey rsa:4096 -keyout /etc/pki/tls/private/example.key -out /etc/pki/tls/certs/example.pem -days 356 -subj "/C=US/ST=California/L=SantaClara/O=IT/CN=*.localhost" + +CERTIFICATE_DOMAIN=$(cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE_DOMAIN=" | sed "s/CERTIFICATE_DOMAIN=//") +[ -z "$CERTIFICATE_DOMAIN" ] && CERTIFICATE_DOMAIN=artifactory + +ARTIFACTORY_SERVER_NAME=$(cat /var/lib/cloud/instance/user-data.txt | grep "^ARTIFACTORY_SERVER_NAME=" | sed "s/ARTIFACTORY_SERVER_NAME=//") +[ -z "$ARTIFACTORY_SERVER_NAME" ] && ARTIFACTORY_SERVER_NAME=artifactory + +#Configuring nginx +rm /etc/nginx/sites-enabled/default + +cat </etc/nginx/nginx.conf + #user nobody; + worker_processes 1; + error_log /var/log/nginx/error.log info; + #pid logs/nginx.pid; + events { + worker_connections 1024; + } + + http { + include mime.types; + variables_hash_max_size 1024; + variables_hash_bucket_size 64; + server_names_hash_max_size 4096; + server_names_hash_bucket_size 128; + types_hash_max_size 2048; + types_hash_bucket_size 64; + proxy_read_timeout 2400s; + client_header_timeout 2400s; + client_body_timeout 2400s; + proxy_connect_timeout 75s; + proxy_send_timeout 2400s; + proxy_buffer_size 32k; + proxy_buffers 40 32k; + proxy_busy_buffers_size 64k; + proxy_temp_file_write_size 250m; + proxy_http_version 1.1; + client_body_buffer_size 128k; + + include /etc/nginx/conf.d/*.conf; + default_type application/octet-stream; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + access_log /var/log/nginx/access.log main; + sendfile on; + #tcp_nopush on; + #keepalive_timeout 0; + keepalive_timeout 65; + } +EOF + +cat </etc/nginx/conf.d/artifactory.conf +ssl_certificate /etc/pki/tls/certs/cert.pem; +ssl_certificate_key /etc/pki/tls/private/cert.key; +ssl_session_cache shared:SSL:1m; +ssl_prefer_server_ciphers on; +## server configuration +server { + listen 443 ssl; + listen 80 ; + server_name ~(?.+)\\.${CERTIFICATE_DOMAIN} artifactory ${ARTIFACTORY_SERVER_NAME}.${CERTIFICATE_DOMAIN}; + if (\$http_x_forwarded_proto = '') { + set \$http_x_forwarded_proto \$scheme; + } + ## Application specific logs + ## access_log /var/log/nginx/artifactory-access.log timing; + ## error_log /var/log/nginx/artifactory-error.log; + rewrite ^/$ /artifactory/webapp/ redirect; + rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; + chunked_transfer_encoding on; + client_max_body_size 0; + location /artifactory/ { + proxy_read_timeout 2400; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + proxy_pass http://127.0.0.1:8081/artifactory/; + proxy_set_header X-Artifactory-Override-Base-Url + \$http_x_forwarded_proto://\$host:\$server_port/artifactory; + proxy_set_header X-Forwarded-Port \$server_port; + proxy_set_header X-Forwarded-Proto \$http_x_forwarded_proto; + proxy_set_header Host \$http_host; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + } + location / { + proxy_read_timeout 2400; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + proxy_pass http://127.0.0.1:8082; + proxy_set_header X-Artifactory-Override-Base-Url \$http_x_forwarded_proto://\$host:\$server_port/artifactory; + proxy_set_header X-Forwarded-Port \$server_port; + proxy_set_header X-Forwarded-Proto \$http_x_forwarded_proto; + proxy_set_header Host \$http_host; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + } + +} +EOF + +HOSTNAME=$(ip route get 8.8.8.8 | awk '{print $NF; exit}') + +if [ "${IS_PRIMARY}" = "true" ]; then + NODE_NAME=art-primary +else + NODE_NAME=art-$(date +%s$RANDOM) +fi + +# Java options +EXTRA_JAVA_OPTS=$(cat /var/lib/cloud/instance/user-data.txt | grep "^EXTRA_JAVA_OPTS=" | sed "s/EXTRA_JAVA_OPTS=//") +sed -i -e "s/#extraJavaOpts: \"-Xms512m -Xmx2g\"/extraJavaOpts: ${EXTRA_JAVA_OPTS}/" /var/opt/jfrog/artifactory/etc/system.yaml + +# Set MS SQL configuration +cat <>/var/opt/jfrog/artifactory/etc/system.yaml + ## One of: mysql, oracle, mssql, postgresql, mariadb + ## Default: Embedded derby + ## Example for mysql + type: mssql + driver: com.microsoft.sqlserver.jdbc.SQLServerDriver + url: ${DB_URL};databaseName=${DB_NAME};sendStringParametersAsUnicode=false;applicationName=Artifactory Binary Repository + username: ${DB_USER} + password: ${DB_PASSWORD} + +EOF + +mkdir -p /var/opt/jfrog/artifactory/etc/security + +cat </opt/jfrog/artifactory/var/etc/security/master.key +${MASTER_KEY} +EOF + +# NOTE: Path is changed in Artifactory 7. Non-HA configuration +mkdir -p /var/opt/jfrog/artifactory/etc/artifactory +cat </var/opt/jfrog/artifactory/etc/artifactory/binarystore.xml + + + + ${STORAGE_ACCT} + ${STORAGE_ACCT_KEY} + https://${STORAGE_ACCT}.blob.core.windows.net/ + ${STORAGE_CONTAINER} + + +EOF + +cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE=" | sed "s/CERTIFICATE=//" > /tmp/temp.pem +cat /tmp/temp.pem | sed 's/CERTIFICATE----- /&\n/g' | sed 's/ -----END/\n-----END/g' | awk '{if($0 ~ /----/) {print;} else { gsub(/ /,"\n");print;}}' > /etc/pki/tls/certs/cert.pem +rm /tmp/temp.pem + +cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE_KEY=" | sed "s/CERTIFICATE_KEY=//" > /tmp/temp.key +cat /tmp/temp.key | sed 's/KEY----- /&\n/' | sed 's/ -----END/\n-----END/' | awk '{if($0 ~ /----/) {print;} else { gsub(/ /,"\n");print;}}' > /etc/pki/tls/private/cert.key +rm /tmp/temp.key + +chown artifactory:artifactory -R /var/opt/jfrog/artifactory/* && chown artifactory:artifactory -R /var/opt/jfrog/artifactory/etc/security && chown artifactory:artifactory -R /var/opt/jfrog/artifactory/etc/* + +# start Artifactory +sleep $((RANDOM % 240)) +service artifactory start +service nginx start +nginx -s reload +echo "INFO: Artifactory installation completed." >> /tmp/artifactory-install.log diff --git a/JFrogContainerRegistry/AzureResourceManager/README.md b/JFrogContainerRegistry/AzureResourceManager/README.md old mode 100755 new mode 100644 index 5cfcd7d..5408864 --- a/JFrogContainerRegistry/AzureResourceManager/README.md +++ b/JFrogContainerRegistry/AzureResourceManager/README.md @@ -1,58 +1,58 @@ -# Setup JFrog Container Registry - - - - - - - - -This template can help you setup the [JFrog Container Registry](https://www.jfrog.com/confluence/display/JCR/Welcome+to+JFrog+Container+Registry) on Azure. - -## A. Deploy JFrog Container Registry on Azure - -1. Click the "Deploy to Azure" button. - -2. Fill out the settings. Make sure to provide a valid SSL certificate. If using no certificate or one that is self-signed, see [Docker's documentation on client configuration](https://docs.docker.com/registry/insecure/). - -3. Click on "Purchase" to start deploying resources. It will deploy: - * Microsoft SQL database - * Azure Blob storage service - * A VM with NGINX and JFrog Container Registry - * Azure Load Balancer - -4. Once deployment is done. Copy FQDN from Output of deployment template. - -5. Access artifactory using FQDN. - -### Note: -1. Turn off daily backups. Read Documentation provided [here](https://www.jfrog.com/confluence/display/RTF/Managing+Backups) -2. Add an SSL Certificate to access Docker without using the insecure option -3. Input values for 'adminUsername' and 'adminPassword' parameters needs to follow azure VM access rules. -4. Refer to [System Requirements](https://www.jfrog.com/confluence/display/RTF/System+Requirements) for changing 'extraJavaOptions' input parameter value. - -### Steps to setup Artifactory as secure docker registry -You will need a valid SSL certificate for a domain name (for example, artifactory.jfrog.team) -1. Pass your SSL Certificate in parameter `Certificate` as string -2. Pass your SSL Certificate Key in parameter `CertificateKey` as string -3. Create DNS record with an entry that matches your domain name pointing to the load balancer value provided as output in template deployment. -4. You should now be able to access any docker registry using the path method. - * Login: `docker login [domain name]` in our example, that would be `docker login artifactory.jfrog.team` - * Pull/Push to a particular repository: `docker pull [domain name]/[repository name]/[image name]:[tag]` - * Example with our domain, pull from repository `docker-local`, the `latest` `busybox` image - * `docker pull artifactory.jfrog.team/docker-local/busybox:latest` - -### Steps to upgrade Artifactory Version - -1. Login into the VM instance and sudo as root. Use the admin credentials provided in the install setup. -Note: Use load balancer's NAT entries under Azure resources, to get the allocated NAT port for accessing the VM instance. - -2. Upgrade artifactory with following [RPM instructions](https://www.jfrog.com/confluence/display/JCR/Upgrading+JFrog+Container+Registry#UpgradingJFrogContainerRegistry-RPMInstallation). ------- -#### Note: -Supported locations: `East US 2`, `Central US`, `West Central US` and `West Europe`. -Please check the Azure region support for `Standard Sku` property in load balancer for this template to work properly. -Check for SQL server support on specified location. If SQL server is not available in the location, Use 'DB_Location' to specify the location with SQL server support. - - - +# Setup JFrog Container Registry + + + + + + + + +This template can help you setup the [JFrog Container Registry](https://www.jfrog.com/confluence/display/JCR/Welcome+to+JFrog+Container+Registry) on Azure. + +## A. Deploy JFrog Container Registry on Azure + +1. Click the "Deploy to Azure" button. + +2. Fill out the settings. Make sure to provide a valid SSL certificate. If using no certificate or one that is self-signed, see [Docker's documentation on client configuration](https://docs.docker.com/registry/insecure/). + +3. Click on "Purchase" to start deploying resources. It will deploy: + * Microsoft SQL database + * Azure Blob storage service + * A VM with NGINX and JFrog Container Registry + * Azure Load Balancer + +4. Once deployment is done. Copy FQDN from Output of deployment template. + +5. Access artifactory using FQDN. + +### Note: +1. Turn off daily backups. Read Documentation provided [here](https://www.jfrog.com/confluence/display/RTF/Managing+Backups) +2. Add an SSL Certificate to access Docker without using the insecure option +3. Input values for 'adminUsername' and 'adminPassword' parameters needs to follow azure VM access rules. +4. Refer to [System Requirements](https://www.jfrog.com/confluence/display/RTF/System+Requirements) for changing 'extraJavaOptions' input parameter value. + +### Steps to setup Artifactory as secure docker registry +You will need a valid SSL certificate for a domain name (for example, artifactory.jfrog.team) +1. Pass your SSL Certificate in parameter `Certificate` as string +2. Pass your SSL Certificate Key in parameter `CertificateKey` as string +3. Create DNS record with an entry that matches your domain name pointing to the load balancer value provided as output in template deployment. +4. You should now be able to access any docker registry using the path method. + * Login: `docker login [domain name]` in our example, that would be `docker login artifactory.jfrog.team` + * Pull/Push to a particular repository: `docker pull [domain name]/[repository name]/[image name]:[tag]` + * Example with our domain, pull from repository `docker-local`, the `latest` `busybox` image + * `docker pull artifactory.jfrog.team/docker-local/busybox:latest` + +### Steps to upgrade Artifactory Version + +1. Login into the VM instance and sudo as root. Use the admin credentials provided in the install setup. +Note: Use load balancer's NAT entries under Azure resources, to get the allocated NAT port for accessing the VM instance. + +2. Upgrade artifactory with following [RPM instructions](https://www.jfrog.com/confluence/display/JCR/Upgrading+JFrog+Container+Registry#UpgradingJFrogContainerRegistry-RPMInstallation). +------ +#### Note: +Supported locations: `East US 2`, `Central US`, `West Central US` and `West Europe`. +Please check the Azure region support for `Standard Sku` property in load balancer for this template to work properly. +Check for SQL server support on specified location. If SQL server is not available in the location, Use 'DB_Location' to specify the location with SQL server support. + + + \ No newline at end of file diff --git a/JFrogContainerRegistry/AzureResourceManager/mainTemplate.json b/JFrogContainerRegistry/AzureResourceManager/azuredeploy.json old mode 100755 new mode 100644 similarity index 72% rename from JFrogContainerRegistry/AzureResourceManager/mainTemplate.json rename to JFrogContainerRegistry/AzureResourceManager/azuredeploy.json index 70d6d33..e6688ca --- a/JFrogContainerRegistry/AzureResourceManager/mainTemplate.json +++ b/JFrogContainerRegistry/AzureResourceManager/azuredeploy.json @@ -4,47 +4,44 @@ "parameters": { "vmSku": { "type": "string", - "defaultValue": "Standard_A2_v2", + "defaultValue": "Standard_D2s_v3", "metadata": { "description": "Size of VMs in the VM Scale Set." } }, "clusterName": { "type": "string", + "maxLength": 61, "metadata": { - "description": "String used as a base for naming resources. Must be 3-16 characters in length, use numbers and lower-case letters only and globally unique across Azure. A hash is prepended to this string for some resources, and resource-specific information is appended." - }, - "maxLength": 61 + "description": "String used as a base for naming resources. Must be 3-61 characters in length and globally unique across Azure. A hash is prepended to this string for some resources, and resource-specific information is appended." + } }, - "artifactoryEdition": { + "location": { "type": "string", - "defaultValue": "jfrog-artifactory-jcr", + "defaultValue": "[resourceGroup().location]", "metadata": { - "description": "Artifactory edition to deploy. Supported edition is jfrog-artifactory-jcr." + "description": "Location for the resources." } }, "artifactoryVersion": { "type": "string", - "defaultValue": "6.15.0", + "defaultValue": "7.4.3", + "allowedValues": [ + "7.2.1", + "7.3.2", + "7.4.3" + ], "metadata": { - "description": "Artifactory -vm image version to deploy. Supported from 6.15.0 and above." + "description": "JFrog Container Registry-vm image version to deploy." } }, "masterKey": { "type": "string", "defaultValue": "1ce2be4490ca2c662cb79636cf9b7b8e", + "maxLength": 64, "metadata": { - "description": "Master key for Artifactory cluster. Generate master.key using command '$openssl rand -hex 16'" - }, - "maxLength": 64 - }, - "joinKey": { - "type": "string", - "defaultValue": "abcdef1234567890abcdef1234567890", - "metadata": { - "description": "Join key for Artifactory cluster. Generate join.key using command '$openssl rand -hex 16'" - }, - "maxLength": 64 + "description": "Master key for JFrog Container Registry cluster. Generate master.key using command '$openssl rand -hex 16'" + } }, "adminUsername": { "type": "string", @@ -58,20 +55,6 @@ "description": "Admin password on all VMs. Follow conventions for azure VM admin password rules." } }, - "rhelOSVersion": { - "type": "string", - "defaultValue": "7.6.2019072418", - "metadata": { - "description": "The RHEL version for the VM." - } - }, - "rhelOSsku": { - "type": "string", - "defaultValue": "7-RAW-CI", - "metadata": { - "description": "The RHEL sku for the VM." - } - }, "certificate": { "type": "string", "defaultValue": "-----BEGIN CERTIFICATE----- MIIFhzCCA2+gAwIBAgIJALC4r5BQWZE4MA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRMwEQYDVQQHDApTYW50YUNsYXJh MQswCQYDVQQKDAJJVDEUMBIGA1UEAwwLKi5sb2NhbGhvc3QwHhcNMTgwMTE3MTk0 NjI4WhcNMTkwMTA4MTk0NjI4WjBaMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2Fs aWZvcm5pYTETMBEGA1UEBwwKU2FudGFDbGFyYTELMAkGA1UECgwCSVQxFDASBgNV BAMMCyoubG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA 7KfOWDQlov8cMa8r/lcJqiWZaH9myQC74Vbe0HXsntQbcvljkjG2P7ebm5dd9Bzc sauNOJpbKf5AhFK1iwJUAkciGc1LR4k8wfWmQM3NPS8hrqrtH20zqNpdFRpNYjja JofwccPNm030GhhZkZ95TpruvmswMDwspl3jfqdcc/eiQsHcKyGnV2a+UAeoqe7J mHhmhRy1MLqAjF5U1GrUYUONA+22iRDJb4c9B91QoWvsnXpdA9NKV/mmA3/rIdx6 Ld2IPRdrIw2K5sAnXsh3bx2oCSvSfussf0x+4XDrnsaHVfjwvfNL8ECOuac2Oi/E WOp9528gOohpFAuwEt63Vl5p8/CC9m0HJDTZBKm2l5eD1kdPIj4PvP9Sn9CxGXKQ E1bxWoFxGX8EyRW0b0NK31N7b8JPZ1SoFNiB5amOMNLvR26a7cQrKumTuJeYK9Ja JaxhMXM7R0DA0Ev8ZG2xmyCygox+1KPSmJOIEpT70BFbj3rKLNqP22ET+zvPuh+2 DdgyrpHFeYkGWjMbWPjK7wJsD2zM8ccoJQfepPz8I4rT0JfrKAQgCGuGOggneaNJ KTVGNOFbj5AXdZ/Q+GvNommyRdq4J7EnqY6L+P25fo5qZ6UZ/iS0tPcvxgn0Fdhs pUPbQyQIDZyxZd3Q1lUIE38ol8P66mS2zbzf8EeOCoUCAwEAAaNQME4wHQYDVR0O BBYEFETAQM/5P7XJ8kevHFj6BPndQOFaMB8GA1UdIwQYMBaAFETAQM/5P7XJ8kev HFj6BPndQOFaMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAJ1TepKv LWYhFmVQcgZwZf/qt1a1cohzJSm6da9RCnnAWC7WC/U117bgSomtrH1v0OysHFhB zBBUeBqI7+OmzAX8dhj+roKkcnFUM/IwlK1eueIIA//CWvEf/o0XExilVS2yCc9d PTpOQBXwk9QinxK36kHdBiGxa7dW0JPnOEEmuMgGORKeLy4J6Ik8iSeFY1SZVcOI +6WWvoKciPlmIeccC+6YVmkeBwhP2o5r5w/UAaO2hSnGvmm4UIj/VJv4VQu7xTUp cIfFz5NtIr80DbqcyPiEMS2ETJ4L/kO4MS5FfeEXyQuXCzmiIDVY6tE3C7+kZmK4 JzPLuWm9ndQoyQySOGfQqvlUR1+YxUdvmu3LrOS5dOA354Q36wHa4wEGUoHU/7GV fYQmmmDSDaNSpXW5PFey6scFyDBS/yYJ0H9EjYb/11HeWYj8Yv5xTWj8nhzJONC8 D6Y5ydlU4PifM2pOf88pTYpmogNwLJWXbql5I9cvMa8APo4yLVqcISU5ynsvFke+ Non+T0mHpJai/hrA9NK+s6EGC1dAX58jy61h6FhOPI1d4s/mov/KMa2t3SfZp5SF 81aR6dHvO56teiK5M1xMkrqG75zh3TMFJJLRFe9XxeB4JeN76URB3mgADOUqkBxd ibSgVqfKwOw4IujEcqMUc5mqSnbLY1Dv+oby -----END CERTIFICATE-----", @@ -113,7 +96,6 @@ "DB_Admin_User": { "type": "string", "minLength": 1, - "defaultValue": "artifactory", "metadata": { "description": "Database Admin user name" } @@ -121,7 +103,6 @@ "DB_Admin_Password": { "type": "securestring", "minLength": 1, - "defaultValue": "jFrog123", "metadata": { "description": "Database Admin password" } @@ -129,7 +110,6 @@ "DB_Name": { "type": "string", "minLength": 1, - "defaultValue": "artdb", "metadata": { "description": "Database name" } @@ -147,11 +127,16 @@ "description": "Database Edition" } }, - "DB_Location": { + "storageAccountType": { "type": "string", - "defaultValue": "", + "defaultValue": "Standard_LRS", + "allowedValues": [ + "Standard_LRS", + "Standard_GRS", + "Standard_ZRS" + ], "metadata": { - "description": "Database location. Default to resource group location if blank." + "description": "Storage Account type" } }, "_artifactsLocation": { @@ -159,7 +144,7 @@ "metadata": { "description": "The base URI where artifacts required by this template are located. When the template is deployed using the accompanying scripts, a private location in the subscription will be used and this value will be automatically generated." }, - "defaultValue": "https://raw.githubusercontent.com/jfrog/JFrog-Cloud-Installers/master/JFrogContainerRegistry/AzureResourceManager/" + "defaultValue": "https://raw.githubusercontent.com/JFrogDev/JFrog-Cloud-Installers/master/JFrogContainerRegistry/AzureResourceManager/" }, "_artifactsLocationSasToken": { "type": "securestring", @@ -172,57 +157,66 @@ "variables": { "namingInfix": "[toLower(substring(concat(parameters('clusterName'), uniqueString(resourceGroup().id)), 0, 9))]", "addressPrefix": "10.0.0.0/16", - "subnetPrefix": "10.0.1.0/24", + "subnetPrimaryPrefix": "10.0.1.0/24", "virtualNetworkName": "[concat(variables('namingInfix'), 'vnet')]", - "subnetName": "[concat(variables('namingInfix'), 'subnet')]", - "scaleSetName": "[concat(variables('namingInfix'), 'scaleset')]", + "subnetPrimaryName": "[concat(variables('namingInfix'), 'primarySubnet')]", + "scaleSetPrimaryName": "[concat(variables('namingInfix'), 'primaryScaleset')]", "lbName": "[concat(variables('namingInfix'), 'lb')]", - "bepoolName": "[concat(variables('lbName'), 'bepool')]", - "fepoolName": "[concat(variables('lbName'), 'fepool')]", - "lbID": "[resourceId('Microsoft.Network/loadBalancers',variables('lbName'))]", - "bepoolID": "[concat(variables('lbID'),'/backendAddressPools/', variables('bepoolName'))]", - "feIpConfigName": "[concat(variables('fepoolName'), 'IpConfig')]", - "feIpConfigId": "[concat(variables('lbID'),'/frontendIPConfigurations/', variables('feIpConfigName'))]", - "pipName": "[concat(variables('namingInfix'), 'pip')]", - "nicName": "[concat(variables('namingInfix'), 'nic')]", - "natPoolName": "[concat(variables('lbName'), 'natpool')]", + "bepoolPrimaryName": "[concat(variables('lbName'), 'primaryBepool')]", + "fepoolPrimaryName": "[concat(variables('lbName'), 'primaryFepool')]", + "bepoolPrimaryID": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', variables('lbName'), variables('bepoolPrimaryName'))]", + "feIpConfigPrimaryName": "[concat(variables('fepoolPrimaryName'), 'primaryIpConfig')]", + "feIpConfigPrimaryId": "[resourceId('Microsoft.Network/loadBalancers/frontendIpConfigurations', variables('lbName'), variables('feIpConfigPrimaryName'))]", + "pipPrimaryName": "[concat(variables('namingInfix'), 'primaryPip')]", + "nicPrimaryName": "[concat(variables('namingInfix'), 'primaryNic')]", + "natPoolPrimaryName": "[concat(variables('lbName'), 'primaryNatpool')]", "ipConfigName": "[concat(variables('namingInfix'), 'ipconfig')]", - "httpProbeName": "httpProbe", - "httpsProbeName": "httpsProbe", + "httpProbePrimaryName": "primaryHttpProbe", + "httpsProbePrimaryName": "primaryHttpsProbe", "storageAccountName": "[concat(variables('namingInfix'), 'storage')]", - "storageAccountType": "Standard_LRS", "vmStorageAccountContainerName": "filestore", "azureSqlServerName": "[concat(variables('namingInfix'), 'sqlsrv')]", "DB_Name": "[parameters('DB_Name')]", "DB_Admin_User": "[parameters('DB_Admin_User')]", "DB_Admin_Password": "[parameters('DB_Admin_Password')]", "DB_Edition": "[parameters('DB_Edition')]", - "DB_Location": "[parameters('DB_Location')]", - "artifactoryEdition": "[parameters('artifactoryEdition')]", - "artifactoryVersion": "[parameters('artifactoryVersion')]", + "DB_Location": "[parameters('location')]", "masterKey": "[parameters('masterKey')]", - "joinKey": "[parameters('joinKey')]", "certificate": "[parameters('certificate')]", "certificateKey": "[parameters('certificateKey')]", "certificateDomain": "[parameters('certificateDomain')]", "artifactoryServerName": "[parameters('artifactoryServerName')]", "extraJavaOptions": "[parameters('extraJavaOptions')]", "osType": { - "publisher": "RedHat", - "offer": "RHEL", - "sku": "[parameters('rhelOSsku')]", - "version": "[parameters('rhelOSVersion')]" + "publisher": "jfrog", + "offer": "jfrogcontainerregistry-vm", + "sku": "artifactory-jcr-private", + "version": "[parameters('artifactoryVersion')]" }, - "apiVersion": "2015-06-15", "imageReference": "[variables('osType')]", "dbTemplate": "azureDBDeploy.json", - "dbTemplateLocation": "[concat(parameters('_artifactsLocation'), 'nested', '/', variables('dbTemplate'))]", + "dbTemplateLocation": "[uri(parameters('_artifactsLocation'), concat('nested/', variables('dbTemplate'), parameters('_artifactsLocationSasToken')))]", "nsgName": "[concat(variables('namingInfix'), 'nsg')]" }, "resources": [ + { + "apiVersion": "2019-05-01", + "name": "pid-04c1c376-5d4b-4771-9a7f-054f5910dcef", + "type": "Microsoft.Resources/deployments", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, { "type": "Microsoft.Network/networkSecurityGroups", - "location": "[resourceGroup().location]", + "location": "[parameters('location')]", + "name": "[variables('nsgName')]", + "apiVersion": "2018-07-01", "properties": { "securityRules": [ { @@ -240,7 +234,7 @@ } }, { - "name": "http-rule", + "name": "http-artifactory-rule", "properties": { "description": "Allow HTTP", "protocol": "Tcp", @@ -254,7 +248,7 @@ } }, { - "name": "http-rule-1", + "name": "http-nginx-rule", "properties": { "description": "Allow HTTP", "protocol": "Tcp", @@ -268,7 +262,7 @@ } }, { - "name": "https-rule", + "name": "https-nginx-rule", "properties": { "description": "Allow HTTP", "protocol": "Tcp", @@ -296,15 +290,13 @@ } } ] - }, - "name": "[variables('nsgName')]", - "apiVersion": "2016-03-30" + } }, { "type": "Microsoft.Network/virtualNetworks", "name": "[variables('virtualNetworkName')]", - "location": "[resourceGroup().location]", - "apiVersion": "2016-03-30", + "location": "[parameters('location')]", + "apiVersion": "2018-07-01", "dependsOn": [ "[concat('Microsoft.Network/networkSecurityGroups/', variables('nsgName'))]" ], @@ -316,9 +308,9 @@ }, "subnets": [ { - "name": "[variables('subnetName')]", + "name": "[variables('subnetPrimaryName')]", "properties": { - "addressPrefix": "[variables('subnetPrefix')]", + "addressPrefix": "[variables('subnetPrimaryPrefix')]", "networkSecurityGroup": { "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]" } @@ -328,12 +320,12 @@ } }, { - "apiVersion": "[variables('apiVersion')]", + "apiVersion": "2018-07-01", "type": "Microsoft.Network/networkInterfaces", - "name": "[variables('nicName')]", - "location": "[resourceGroup().location]", + "name": "[variables('nicPrimaryName')]", + "location": "[parameters('location')]", "dependsOn": [ - "[concat('Microsoft.Network/publicIPAddresses/', variables('pipName'))]", + "[concat('Microsoft.Network/publicIPAddresses/', variables('pipPrimaryName'))]", "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]", "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]" ], @@ -344,7 +336,7 @@ "properties": { "privateIPAllocationMethod": "Dynamic", "subnet": { - "id": "[concat(resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName')), '/subnets/', variables('subnetName'))]" + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetPrimaryName'))]" } } } @@ -356,12 +348,12 @@ }, { "type": "Microsoft.Network/publicIPAddresses", - "name": "[variables('pipName')]", - "location": "[resourceGroup().location]", + "name": "[variables('pipPrimaryName')]", + "location": "[parameters('location')]", "sku": { "name": "Standard" }, - "apiVersion": "2017-08-01", + "apiVersion": "2018-07-01", "properties": { "publicIPAllocationMethod": "Static", "dnsSettings": { @@ -372,39 +364,39 @@ { "type": "Microsoft.Network/loadBalancers", "name": "[variables('lbName')]", - "location": "[resourceGroup().location]", - "apiVersion": "2017-08-01", + "location": "[parameters('location')]", + "apiVersion": "2018-07-01", "sku": { "name": "Standard" }, "dependsOn": [ - "[concat('Microsoft.Network/publicIPAddresses/', variables('pipName'))]" + "[concat('Microsoft.Network/publicIPAddresses/', variables('pipPrimaryName'))]" ], - "tags": { + "tags":{ "displayName": "Load Balancer" }, "properties": { "frontendIPConfigurations": [ { - "name": "[variables('feIpConfigName')]", + "name": "[variables('feIpConfigPrimaryName')]", "properties": { "publicIPAddress": { - "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('pipName'))]" + "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('pipPrimaryName'))]" } } } ], "backendAddressPools": [ { - "name": "[variables('bepoolName')]" + "name": "[variables('bepoolPrimaryName')]" } ], "inboundNatPools": [ { - "name": "[variables('natPoolName')]", + "name": "[variables('natPoolPrimaryName')]", "properties": { "frontendIPConfiguration": { - "id": "[variables('feIpConfigId')]" + "id": "[variables('feIpConfigPrimaryId')]" }, "protocol": "tcp", "frontendPortRangeStart": 10022, @@ -415,14 +407,14 @@ ], "loadBalancingRules": [ { - "name": "HTTPRule", + "name": "HTTPRulePrimary", "properties": { "loadDistribution": "Default", "frontendIPConfiguration": { - "id": "[variables('feIpConfigId')]" + "id": "[variables('feIpConfigPrimaryId')]" }, "backendAddressPool": { - "id": "[variables('bepoolID')]" + "id": "[variables('bepoolPrimaryID')]" }, "protocol": "Tcp", "frontendPort": 80, @@ -430,19 +422,19 @@ "enableFloatingIP": false, "idleTimeoutInMinutes": 5, "probe": { - "id": "[concat(variables('lbId'), '/probes/', variables('httpProbeName'))]" + "id": "[resourceId('Microsoft.Network/loadBalancers/probes', variables('lbName'), variables('httpProbePrimaryName'))]" } } }, { - "name": "HTTPSRule", + "name": "HTTPSRulePrimary", "properties": { "loadDistribution": "Default", "frontendIPConfiguration": { - "id": "[variables('feIpConfigId')]" + "id": "[variables('feIpConfigPrimaryId')]" }, "backendAddressPool": { - "id": "[variables('bepoolID')]" + "id": "[variables('bepoolPrimaryID')]" }, "protocol": "Tcp", "frontendPort": 443, @@ -450,24 +442,24 @@ "enableFloatingIP": false, "idleTimeoutInMinutes": 5, "probe": { - "id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('lbName')), '/probes/', variables('httpsProbeName'))]" + "id": "[resourceId('Microsoft.Network/loadBalancers/probes', variables('lbName'), variables('httpsProbePrimaryName'))]" } } } ], "probes": [ { - "name": "[variables('httpProbeName')]", + "name": "[variables('httpProbePrimaryName')]", "properties": { "protocol": "Http", - "requestPath": "/artifactory/webapp/", + "requestPath": "/artifactory/api/system/ping", "port": 80, "intervalInSeconds": 60, "numberOfProbes": 5 } }, { - "name": "[variables('httpsProbeName')]", + "name": "[variables('httpsProbePrimaryName')]", "properties": { "protocol": "Tcp", "port": 443, @@ -479,18 +471,23 @@ } }, { - "apiVersion": "[variables('apiVersion')]", + "apiVersion": "2018-07-01", "type": "Microsoft.Storage/storageAccounts", "name": "[variables('storageAccountName')]", - "location": "[resourceGroup().location]", - "properties": { - "accountType": "[variables('storageAccountType')]" - } + "location": "[parameters('location')]", + "sku": { + "name": "[parameters('storageAccountType')]" + }, + "tags":{ + "displayName": "Artifactory Storage Account" + }, + "kind": "Storage", + "properties": {} }, { "type": "Microsoft.Resources/deployments", "name": "deploySQLDB", - "apiVersion": "2014-04-01", + "apiVersion": "2018-07-01", "properties": { "mode": "Incremental", "templateLink": { @@ -511,32 +508,38 @@ "value": "[parameters('DB_Name')]" }, "db_edition": { - "value": "[parameters('DB_Edition')]" + "value": "[variables('DB_Edition')]" }, "db_location": { - "value": "[parameters('DB_Location')]" + "value": "[variables('DB_Location')]" } } } }, { "type": "Microsoft.Compute/virtualMachineScaleSets", - "name": "[variables('scaleSetName')]", - "location": "[resourceGroup().location]", - "apiVersion": "2017-03-30", + "name": "[variables('scaleSetPrimaryName')]", + "location": "[parameters('location')]", + "apiVersion": "2018-10-01", "dependsOn": [ "[concat('Microsoft.Network/loadBalancers/', variables('lbName'))]", "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]", "[concat('Microsoft.Resources/deployments/', 'deploySQLDB')]", "[concat('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]" ], + "plan": { + "name": "artifactory-jcr-private", + "publisher": "jfrog", + "product": "jfrogcontainerregistry-vm" + }, "sku": { "name": "[parameters('vmSku')]", "tier": "Standard", - "capacity": "[1]" + "capacity": "1" }, "properties": { "singlePlacementGroup": true, + "overprovision": "false", "upgradePolicy": { "mode": "Manual" }, @@ -553,12 +556,12 @@ "computerNamePrefix": "[variables('namingInfix')]", "adminUsername": "[parameters('adminUsername')]", "adminPassword": "[parameters('adminPassword')]", - "customData": "[base64(concat('#INSTALL SCRIPT INPUTS\nCERTIFICATE_KEY=',parameters('certificateKey'),'\nCERTIFICATE=', parameters('certificate'),'\nCERTIFICATE_DOMAIN=',parameters('certificateDomain'),'\nARTIFACTORY_SERVER_NAME=',parameters('artifactoryServerName'),'\nEXTRA_JAVA_OPTS=',parameters('extraJavaOptions'),'\nJDBC_STR=',reference('Microsoft.Resources/deployments/deploySQLDB').outputs.jdbcConnString.value,'\nDB_NAME=',variables('DB_Name'),'\nDB_ADMIN_USER=',variables('DB_Admin_User'),'\nDB_ADMIN_PASSWD=',variables('DB_Admin_Password'),'\nSTO_ACT_NAME=',variables('storageAccountName'),'\nSTO_CTR_NAME=',variables('vmStorageAccountContainerName'),'\nSTO_ACT_KEY=',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), variables('apiVersion')).key1,'\nARTIFACTORY_EDITION=',variables('artifactoryEdition'),'\nARTIFACTORY_VERSION=',variables('artifactoryVersion'),'\nMASTER_KEY=',variables('masterKey'),'\nJOIN_KEY=',variables('joinKey'),'\nIS_PRIMARY=','true','\n'))]" + "customData": "[base64(concat('#INSTALL SCRIPT INPUTS\nCERTIFICATE_KEY=',variables('certificateKey'),'\nCERTIFICATE=', variables('certificate'),'\nCERTIFICATE_DOMAIN=',variables('certificateDomain'),'\nARTIFACTORY_SERVER_NAME=',variables('artifactoryServerName'),'\nEXTRA_JAVA_OPTS=',variables('extraJavaOptions'),'\nJDBC_STR=',reference('Microsoft.Resources/deployments/deploySQLDB').outputs.jdbcConnString.value,'\nDB_NAME=',variables('DB_Name'),'\nDB_ADMIN_USER=',variables('DB_Admin_User'),'\nDB_ADMIN_PASSWD=',variables('DB_Admin_Password'),'\nSTO_ACT_NAME=',variables('storageAccountName'),'\nSTO_ACT_ENDPOINT=',reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))).primaryEndpoints.blob,'\nSTO_CTR_NAME=',variables('vmStorageAccountContainerName'),'\nSTO_ACT_KEY=',listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2018-07-01').keys[0].value,'\nMASTER_KEY=',variables('masterKey'),'\nIS_PRIMARY=','true','\n'))]" }, "networkProfile": { "networkInterfaceConfigurations": [ { - "name": "[variables('nicName')]", + "name": "[variables('nicPrimaryName')]", "properties": { "primary": true, "ipConfigurations": [ @@ -566,16 +569,16 @@ "name": "[concat(variables('ipConfigName'),'1')]", "properties": { "subnet": { - "id": "[concat(resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName')), '/subnets/', variables('subnetName'))]" + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetPrimaryName'))]" }, "loadBalancerBackendAddressPools": [ { - "id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', variables('lbName'), '/backendAddressPools/', variables('bePoolName'))]" + "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', variables('lbName'), variables('bePoolPrimaryName'))]" } ], "loadBalancerInboundNatPools": [ { - "id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', variables('lbName'), '/inboundNatPools/', variables('natPoolName'))]" + "id": "[resourceId('Microsoft.Network/loadBalancers/inboundNatPools', variables('lbName'), variables('natPoolPrimaryName'))]" } ] } @@ -596,11 +599,11 @@ "autoUpgradeMinorVersion": false, "settings": { "fileUris": [ - "[concat(parameters('_artifactsLocation'), 'scripts/','install_artifactory.sh')]" + "[uri(parameters('_artifactsLocation'), concat('scripts/install_artifactory7.sh', parameters('_artifactsLocationSasToken')))]" ] }, "protectedSettings": { - "commandToExecute": "sh install_artifactory.sh" + "commandToExecute": "sh install_artifactory7.sh" } } } @@ -608,25 +611,12 @@ } } } - }, - { - "apiVersion": "2015-01-01", - "name": "pid-04c1c376-5d4b-4771-9a7f-054f5910dcef", - "type": "Microsoft.Resources/deployments", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } } ], "outputs": { "fqdn": { - "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses',variables('pipName')),'2016-03-30').dnsSettings.fqdn]", + "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses',variables('pipPrimaryName')),'2018-07-01').dnsSettings.fqdn]", "type": "string" } } -} +} \ No newline at end of file diff --git a/JFrogContainerRegistry/AzureResourceManager/azuredeploy.parameters.json b/JFrogContainerRegistry/AzureResourceManager/azuredeploy.parameters.json new file mode 100644 index 0000000..5c200f7 --- /dev/null +++ b/JFrogContainerRegistry/AzureResourceManager/azuredeploy.parameters.json @@ -0,0 +1,27 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "clusterName": { + "value": "GEN-UNIQUE" + }, + "adminUsername": { + "value": "GEN-UNIQUE" + }, + "adminPassword": { + "value": "GEN-PASSWORD" + }, + "DB_Admin_User": { + "value": "GEN-UNIQUE" + }, + "DB_Admin_Password": { + "value": "GEN-PASSWORD" + }, + "DB_Name": { + "value": "GEN-UNIQUE" + }, + "masterKey": { + "value": "35767fa0164bac66b6cccb8880babefb" + } + } +} \ No newline at end of file diff --git a/JFrogContainerRegistry/AzureResourceManager/images/Parameters.png b/JFrogContainerRegistry/AzureResourceManager/images/Parameters.png deleted file mode 100644 index a735cef..0000000 Binary files a/JFrogContainerRegistry/AzureResourceManager/images/Parameters.png and /dev/null differ diff --git a/JFrogContainerRegistry/AzureResourceManager/metadata.json b/JFrogContainerRegistry/AzureResourceManager/metadata.json deleted file mode 100644 index e5a92b7..0000000 --- a/JFrogContainerRegistry/AzureResourceManager/metadata.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "itemDisplayName": "Artifactory JCR Setup", - "description": "This template helps you setup a Artifactory JCR environment.", - "summary": "This template has setup Artifactory JCR cluster", - "githubUsername": "danielmkn", - "dateUpdated": "2019-11-19" -} \ No newline at end of file diff --git a/JFrogContainerRegistry/AzureResourceManager/nested/azureDBDeploy.json b/JFrogContainerRegistry/AzureResourceManager/nested/azureDBDeploy.json index e107ea0..8c608f5 100644 --- a/JFrogContainerRegistry/AzureResourceManager/nested/azureDBDeploy.json +++ b/JFrogContainerRegistry/AzureResourceManager/nested/azureDBDeploy.json @@ -4,22 +4,18 @@ "parameters": { "db_user": { "type": "string", - "minLength": 1, - "defaultValue": "artifactory" + "minLength": 1 }, "db_password": { - "type": "securestring", - "defaultValue": "jFrog123" + "type": "securestring" }, "db_server": { "type": "string", - "minLength": 1, - "defaultValue": "artmssqlsrv" + "minLength": 1 }, "db_name": { "type": "string", - "minLength": 1, - "defaultValue": "artdb" + "minLength": 1 }, "db_location": { "type": "string", @@ -35,9 +31,8 @@ } }, "variables": { - "apiVersion": "2015-05-01-preview", "rtdbCollation": "Latin1_General_100_CS_AS", - "db_location": "[if(equals(parameters('db_location'), ''), resourceGroup().location, parameters('db_location'))]" + "db_location": "[parameters('db_location')]" }, "resources": [ { @@ -45,9 +40,9 @@ "type": "Microsoft.Sql/servers", "kind": "v12.0", "location": "[variables('db_location')]", - "apiVersion": "[variables('apiVersion')]", + "apiVersion": "2015-05-01-preview", "dependsOn": [ - + ], "tags": { "displayName": "artifactoryDB" @@ -62,7 +57,7 @@ "name": "[uniqueString(parameters('db_server'), 'AllowAllWindowsAzureIps' )]", "type": "firewallrules", "location": "[variables('db_location')]", - "apiVersion": "[variables('apiVersion')]", + "apiVersion": "2015-05-01-preview", "dependsOn": [ "[concat('Microsoft.Sql/servers/', parameters('db_server'))]" ], @@ -76,7 +71,7 @@ "type": "databases", "kind": "v12.0,user", "location": "[variables('db_location')]", - "apiVersion": "[variables('apiVersion')]", + "apiVersion": "2015-05-01-preview", "dependsOn": [ "[parameters('db_server')]" ], diff --git a/JFrogContainerRegistry/AzureResourceManager/scripts/install_artifactory.sh b/JFrogContainerRegistry/AzureResourceManager/scripts/install_artifactory.sh old mode 100755 new mode 100644 index 8ca98d6..d033b1d --- a/JFrogContainerRegistry/AzureResourceManager/scripts/install_artifactory.sh +++ b/JFrogContainerRegistry/AzureResourceManager/scripts/install_artifactory.sh @@ -4,51 +4,21 @@ DB_NAME=$(cat /var/lib/cloud/instance/user-data.txt | grep "^DB_NAME=" | sed "s/ DB_USER=$(cat /var/lib/cloud/instance/user-data.txt | grep "^DB_ADMIN_USER=" | sed "s/DB_ADMIN_USER=//") DB_PASSWORD=$(cat /var/lib/cloud/instance/user-data.txt | grep "^DB_ADMIN_PASSWD=" | sed "s/DB_ADMIN_PASSWD=//") STORAGE_ACCT=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_ACT_NAME=" | sed "s/STO_ACT_NAME=//") +STORAGE_ACT_ENDPOINT=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_ACT_ENDPOINT=" | sed "s/STO_ACT_ENDPOINT=//") STORAGE_CONTAINER=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_CTR_NAME=" | sed "s/STO_CTR_NAME=//") STORAGE_ACCT_KEY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_ACT_KEY=" | sed "s/STO_ACT_KEY=//") -ARTIFACTORY_EDITION=$(cat /var/lib/cloud/instance/user-data.txt | grep "^ARTIFACTORY_EDITION=" | sed "s/ARTIFACTORY_EDITION=//") -ARTIFACTORY_VERSION=$(cat /var/lib/cloud/instance/user-data.txt | grep "^ARTIFACTORY_VERSION=" | sed "s/ARTIFACTORY_VERSION=//") MASTER_KEY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^MASTER_KEY=" | sed "s/MASTER_KEY=//") -JFROG_JOIN_KEY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^JOIN_KEY=" | sed "s/JOIN_KEY=//") IS_PRIMARY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^IS_PRIMARY=" | sed "s/IS_PRIMARY=//") -#disable firewalld, also disable selinux. Both block traffic from load balancer. -systemctl stop firewalld -setenforce Permissive -# install the wget and curl -yum -y install wget curl>> /tmp/install-curl.log 2>&1 +UBUNTU_CODENAME=$(cat /etc/lsb-release | grep "^DISTRIB_CODENAME=" | sed "s/DISTRIB_CODENAME=//") -yum -y install java-1.8.0-openjdk >> /tmp/install-java.log 2>&1 -#yum -y install java-11-openjdk >> /tmp/install-java.log 2>&1 +export DEBIAN_FRONTEND=noninteractive #Generate Self-Signed Cert mkdir -p /etc/pki/tls/private/ /etc/pki/tls/certs/ openssl req -nodes -x509 -newkey rsa:4096 -keyout /etc/pki/tls/private/example.key -out /etc/pki/tls/certs/example.pem -days 356 -subj "/C=US/ST=California/L=SantaClara/O=IT/CN=*.localhost" -setenforce 0 -sed -i -e "s/SELINUX=.*/SELINUX=permissive/" /etc/sysconfig/selinux -wget https://bintray.com/jfrog/artifactory-pro-rpms/rpm -O bintray-jfrog-artifactory-pro-rpms.repo -mv bintray-jfrog-artifactory-pro-rpms.repo /etc/yum.repos.d/ -wget https://bintray.com/jfrog/artifactory-rpms/rpm -O bintray-jfrog-artifactory-rpms.repo; -mv bintray-jfrog-artifactory-rpms.repo /etc/yum.repos.d/ - -yum -y install ${ARTIFACTORY_EDITION}-${ARTIFACTORY_VERSION} >> /tmp/install-artifactory.log 2>&1 - -cat > /etc/yum.repos.d/nginx.repo <> /tmp/install-nginx.log 2>&1 - -#Install database drivers -curl -L -o /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.38.jar https://bintray.com/artifact/download/bintray/jcenter/mysql/mysql-connector-java/5.1.38/mysql-connector-java-5.1.38.jar -curl -L -o /opt/jfrog/artifactory/tomcat/lib/mssql-jdbc-6.2.1.jre8.jar https://bintray.com/artifact/download/bintray/jcenter/com/microsoft/sqlserver/mssql-jdbc/6.2.1.jre8/mssql-jdbc-6.2.1.jre8.jar -curl -L -o /opt/jfrog/artifactory/tomcat/lib/postgresql-9.4.1212.jar https://jdbc.postgresql.org/download/postgresql-9.4.1212.jar - CERTIFICATE_DOMAIN=$(cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE_DOMAIN=" | sed "s/CERTIFICATE_DOMAIN=//") [ -z "$CERTIFICATE_DOMAIN" ] && CERTIFICATE_DOMAIN=artifactory @@ -100,16 +70,60 @@ cat </etc/nginx/nginx.conf } EOF -rm /etc/nginx/conf.d/default.conf - - -mkdir -p /var/opt/jfrog/artifactory/etc/security - -cat </var/opt/jfrog/artifactory/etc/security/master.key -${MASTER_KEY} +cat </etc/nginx/conf.d/artifactory.conf +ssl_certificate /etc/pki/tls/certs/cert.pem; +ssl_certificate_key /etc/pki/tls/private/cert.key; +ssl_session_cache shared:SSL:1m; +ssl_prefer_server_ciphers on; +## server configuration +server { + listen 443 ssl; + listen 80 ; + server_name ~(?.+)\\.${CERTIFICATE_DOMAIN} artifactory ${ARTIFACTORY_SERVER_NAME}.${CERTIFICATE_DOMAIN}; + if (\$http_x_forwarded_proto = '') { + set \$http_x_forwarded_proto \$scheme; + } + ## Application specific logs + ## access_log /var/log/nginx/artifactory-access.log timing; + ## error_log /var/log/nginx/artifactory-error.log; + rewrite ^/$ /artifactory/webapp/ redirect; + rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; + rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/\$repo/\$1/\$2; + chunked_transfer_encoding on; + client_max_body_size 0; + location /artifactory/ { + proxy_read_timeout 2400; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + proxy_pass http://127.0.0.1:8081/artifactory/; + proxy_set_header X-Artifactory-Override-Base-Url + \$http_x_forwarded_proto://\$host:\$server_port/artifactory; + proxy_set_header X-Forwarded-Port \$server_port; + proxy_set_header X-Forwarded-Proto \$http_x_forwarded_proto; + proxy_set_header Host \$http_host; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + } +} +EOF + +HOSTNAME=$(ip route get 8.8.8.8 | awk '{print $NF; exit}') + +if [ "${IS_PRIMARY}" = "true" ]; then + NODE_NAME=art-primary +else + NODE_NAME=art-$(date +%s$RANDOM) +fi + +cat </var/opt/jfrog/artifactory/etc/ha-node.properties +node.id=${NODE_NAME} +artifactory.ha.data.dir=/var/opt/jfrog/artifactory/data +context.url=http://${HOSTNAME}:8081/artifactory +access.context.url=http://${HOSTNAME}:8081/access +membership.port=10001 +hazelcast.interface=${HOSTNAME} +primary=${IS_PRIMARY} EOF -# in case of JCR or OSS, use non-ha mode, also use derby, also do not create binary store xml cat </var/opt/jfrog/artifactory/etc/db.properties type=mssql driver=com.microsoft.sqlserver.jdbc.SQLServerDriver @@ -117,6 +131,13 @@ url=${DB_URL};databaseName=${DB_NAME};sendStringParametersAsUnicode=false;applic username=${DB_USER} password=${DB_PASSWORD} EOF + +mkdir -p /var/opt/jfrog/artifactory/etc/security + +cat </var/opt/jfrog/artifactory/etc/security/master.key +${MASTER_KEY} +EOF + cat </var/opt/jfrog/artifactory/etc/binarystore.xml @@ -153,72 +174,12 @@ cat </var/opt/jfrog/artifactory/etc/binarystore.xml ${STORAGE_ACCT} ${STORAGE_ACCT_KEY} - https://${STORAGE_ACCT}.blob.core.windows.net/ + ${STORAGE_ACT_ENDPOINT} ${STORAGE_CONTAINER} EOF -# begin JCR specific setup - -cat </etc/nginx/conf.d/artifactory.conf -ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; -ssl_certificate /etc/pki/tls/certs/cert.pem; -ssl_certificate_key /etc/pki/tls/private/cert.key; -ssl_session_cache shared:SSL:1m; -ssl_prefer_server_ciphers on; -## server configuration -server { - listen 443 ssl; - listen 80 ; - server_name ~(?.+)\\.${CERTIFICATE_DOMAIN} artifactory ${ARTIFACTORY_SERVER_NAME}.${CERTIFICATE_DOMAIN} ${CERTIFICATE_DOMAIN}; - if (\$http_x_forwarded_proto = '') { - set \$http_x_forwarded_proto \$scheme; - } - ## Application specific logs - ## access_log /var/log/nginx/artifactory-access.log timing; - ## error_log /var/log/nginx/artifactory-error.log; - rewrite ^/$ /artifactory/webapp/ redirect; - rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; - - rewrite ^/(v2)/(.*) /artifactory/\$1/\$2; - - chunked_transfer_encoding on; - client_max_body_size 0; - location /artifactory/ { - proxy_read_timeout 2400; - proxy_pass_header Server; - proxy_cookie_path ~*^/.* /; - - proxy_pass http://127.0.0.1:8081/artifactory/; - proxy_set_header X-Artifactory-Override-Base-Url \$http_x_forwarded_proto://\$host:\$server_port/artifactory; - proxy_set_header X-Forwarded-Port \$server_port; - proxy_set_header X-Forwarded-Proto \$http_x_forwarded_proto; - proxy_set_header Host \$http_host; - proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; - } -} -EOF - -# end JCR specific setup - - -# callhome metadata -mkdir -p /var/opt/jfrog/artifactory/etc/info -cat </var/opt/jfrog/artifactory/etc/info/installer-info.json -{ - "productId": "JFrogInstaller_AzureMP/${ARTIFACTORY_VERSION}", - "features": [ - { - "featureId": "ArtifactoryVersion/${ARTIFACTORY_EDITION}-${ARTIFACTORY_VERSION}" - }, - { - "featureId": "Platform/azure-mp-vm-jcr" - } - ] -} -EOF - HOSTNAME=$(hostname -i) sed -i -e "s/art1/art-$(date +%s$RANDOM)/" /var/opt/jfrog/artifactory/etc/ha-node.properties sed -i -e "s/127.0.0.1/$HOSTNAME/" /var/opt/jfrog/artifactory/etc/ha-node.properties @@ -232,16 +193,14 @@ cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE_KEY=" | sed "s/CE cat /tmp/temp.key | sed 's/KEY----- /&\n/' | sed 's/ -----END/\n-----END/' | awk '{if($0 ~ /----/) {print;} else { gsub(/ /,"\n");print;}}' > /etc/pki/tls/private/cert.key rm /tmp/temp.key -echo "artifactory.ping.allowUnauthenticated=true" >> /var/opt/jfrog/artifactory/etc/artifactory.system.properties EXTRA_JAVA_OPTS=$(cat /var/lib/cloud/instance/user-data.txt | grep "^EXTRA_JAVA_OPTS=" | sed "s/EXTRA_JAVA_OPTS=//") [ -z "$EXTRA_JAVA_OPTS" ] && EXTRA_JAVA_OPTS='-server -Xms2g -Xmx6g -Xss256k -XX:+UseG1GC -XX:OnOutOfMemoryError="kill -9 %p"' echo "export JAVA_OPTIONS=\"${EXTRA_JAVA_OPTS}\"" >> /var/opt/jfrog/artifactory/etc/default chown artifactory:artifactory -R /var/opt/jfrog/artifactory/* && chown artifactory:artifactory -R /var/opt/jfrog/artifactory/etc/security && chown artifactory:artifactory -R /var/opt/jfrog/artifactory/etc/* # start Artifactory -sleep $((RANDOM % 120)) +sleep $((RANDOM % 240)) service artifactory start service nginx start nginx -s reload -echo "INFO: Artifactory JCR installation completed." - +echo "INFO: Artifactory installation completed." > /tmp/artifactory-install.log diff --git a/JFrogContainerRegistry/AzureResourceManager/scripts/install_artifactory7.sh b/JFrogContainerRegistry/AzureResourceManager/scripts/install_artifactory7.sh new file mode 100644 index 0000000..77a62b7 --- /dev/null +++ b/JFrogContainerRegistry/AzureResourceManager/scripts/install_artifactory7.sh @@ -0,0 +1,178 @@ +#!/bin/bash +DB_URL=$(cat /var/lib/cloud/instance/user-data.txt | grep "^JDBC_STR" | sed "s/JDBC_STR=//") +DB_NAME=$(cat /var/lib/cloud/instance/user-data.txt | grep "^DB_NAME=" | sed "s/DB_NAME=//") +DB_USER=$(cat /var/lib/cloud/instance/user-data.txt | grep "^DB_ADMIN_USER=" | sed "s/DB_ADMIN_USER=//") +DB_PASSWORD=$(cat /var/lib/cloud/instance/user-data.txt | grep "^DB_ADMIN_PASSWD=" | sed "s/DB_ADMIN_PASSWD=//") +STORAGE_ACCT=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_ACT_NAME=" | sed "s/STO_ACT_NAME=//") +STORAGE_ACT_ENDPOINT=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_ACT_ENDPOINT=" | sed "s/STO_ACT_ENDPOINT=//") +STORAGE_CONTAINER=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_CTR_NAME=" | sed "s/STO_CTR_NAME=//") +STORAGE_ACCT_KEY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_ACT_KEY=" | sed "s/STO_ACT_KEY=//") +MASTER_KEY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^MASTER_KEY=" | sed "s/MASTER_KEY=//") +IS_PRIMARY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^IS_PRIMARY=" | sed "s/IS_PRIMARY=//") + + +export DEBIAN_FRONTEND=noninteractive + +#Generate Self-Signed Cert +mkdir -p /etc/pki/tls/private/ /etc/pki/tls/certs/ +openssl req -nodes -x509 -newkey rsa:4096 -keyout /etc/pki/tls/private/example.key -out /etc/pki/tls/certs/example.pem -days 356 -subj "/C=US/ST=California/L=SantaClara/O=IT/CN=*.localhost" + +CERTIFICATE_DOMAIN=$(cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE_DOMAIN=" | sed "s/CERTIFICATE_DOMAIN=//") +[ -z "$CERTIFICATE_DOMAIN" ] && CERTIFICATE_DOMAIN=artifactory + +ARTIFACTORY_SERVER_NAME=$(cat /var/lib/cloud/instance/user-data.txt | grep "^ARTIFACTORY_SERVER_NAME=" | sed "s/ARTIFACTORY_SERVER_NAME=//") +[ -z "$ARTIFACTORY_SERVER_NAME" ] && ARTIFACTORY_SERVER_NAME=artifactory + +#Configuring nginx +rm /etc/nginx/sites-enabled/default + +cat </etc/nginx/nginx.conf + #user nobody; + worker_processes 1; + error_log /var/log/nginx/error.log info; + #pid logs/nginx.pid; + events { + worker_connections 1024; + } + + http { + include mime.types; + variables_hash_max_size 1024; + variables_hash_bucket_size 64; + server_names_hash_max_size 4096; + server_names_hash_bucket_size 128; + types_hash_max_size 2048; + types_hash_bucket_size 64; + proxy_read_timeout 2400s; + client_header_timeout 2400s; + client_body_timeout 2400s; + proxy_connect_timeout 75s; + proxy_send_timeout 2400s; + proxy_buffer_size 32k; + proxy_buffers 40 32k; + proxy_busy_buffers_size 64k; + proxy_temp_file_write_size 250m; + proxy_http_version 1.1; + client_body_buffer_size 128k; + + include /etc/nginx/conf.d/*.conf; + default_type application/octet-stream; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + access_log /var/log/nginx/access.log main; + sendfile on; + #tcp_nopush on; + #keepalive_timeout 0; + keepalive_timeout 65; + } +EOF + +cat </etc/nginx/conf.d/artifactory.conf +ssl_certificate /etc/pki/tls/certs/cert.pem; +ssl_certificate_key /etc/pki/tls/private/cert.key; +ssl_session_cache shared:SSL:1m; +ssl_prefer_server_ciphers on; +## server configuration +server { + listen 443 ssl; + listen 80 ; + server_name ~(?.+)\\.${CERTIFICATE_DOMAIN} artifactory ${ARTIFACTORY_SERVER_NAME}.${CERTIFICATE_DOMAIN}; + if (\$http_x_forwarded_proto = '') { + set \$http_x_forwarded_proto \$scheme; + } + ## Application specific logs + ## access_log /var/log/nginx/artifactory-access.log timing; + ## error_log /var/log/nginx/artifactory-error.log; + rewrite ^/$ /artifactory/webapp/ redirect; + rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; + chunked_transfer_encoding on; + client_max_body_size 0; + location /artifactory/ { + proxy_read_timeout 2400; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + proxy_pass http://127.0.0.1:8081/artifactory/; + proxy_set_header X-Artifactory-Override-Base-Url + \$http_x_forwarded_proto://\$host:\$server_port/artifactory; + proxy_set_header X-Forwarded-Port \$server_port; + proxy_set_header X-Forwarded-Proto \$http_x_forwarded_proto; + proxy_set_header Host \$http_host; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + } + location / { + proxy_read_timeout 2400; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + proxy_pass http://127.0.0.1:8082; + proxy_set_header X-Artifactory-Override-Base-Url \$http_x_forwarded_proto://\$host:\$server_port/artifactory; + proxy_set_header X-Forwarded-Port \$server_port; + proxy_set_header X-Forwarded-Proto \$http_x_forwarded_proto; + proxy_set_header Host \$http_host; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + } + +} +EOF + +HOSTNAME=$(ip route get 8.8.8.8 | awk '{print $NF; exit}') + +if [ "${IS_PRIMARY}" = "true" ]; then + NODE_NAME=art-primary +else + NODE_NAME=art-$(date +%s$RANDOM) +fi + +# Java options +EXTRA_JAVA_OPTS=$(cat /var/lib/cloud/instance/user-data.txt | grep "^EXTRA_JAVA_OPTS=" | sed "s/EXTRA_JAVA_OPTS=//") +sed -i -e "s/#extraJavaOpts: \"-Xms512m -Xmx2g\"/extraJavaOpts: ${EXTRA_JAVA_OPTS}/" /var/opt/jfrog/artifactory/etc/system.yaml + +# Set MS SQL configuration +cat <>/var/opt/jfrog/artifactory/etc/system.yaml + ## One of: mysql, oracle, mssql, postgresql, mariadb + ## Default: Embedded derby + ## Example for mysql + type: mssql + driver: com.microsoft.sqlserver.jdbc.SQLServerDriver + url: ${DB_URL};databaseName=${DB_NAME};sendStringParametersAsUnicode=false;applicationName=Artifactory Binary Repository + username: ${DB_USER} + password: ${DB_PASSWORD} + +EOF + +mkdir -p /var/opt/jfrog/artifactory/etc/security + +cat </opt/jfrog/artifactory/var/etc/security/master.key +${MASTER_KEY} +EOF + +# NOTE: Path is changed in Artifactory 7. Non-HA configuration +mkdir -p /var/opt/jfrog/artifactory/etc/artifactory +cat </var/opt/jfrog/artifactory/etc/artifactory/binarystore.xml + + + + ${STORAGE_ACCT} + ${STORAGE_ACCT_KEY} + https://${STORAGE_ACCT}.blob.core.windows.net/ + ${STORAGE_CONTAINER} + + +EOF + +cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE=" | sed "s/CERTIFICATE=//" > /tmp/temp.pem +cat /tmp/temp.pem | sed 's/CERTIFICATE----- /&\n/g' | sed 's/ -----END/\n-----END/g' | awk '{if($0 ~ /----/) {print;} else { gsub(/ /,"\n");print;}}' > /etc/pki/tls/certs/cert.pem +rm /tmp/temp.pem + +cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE_KEY=" | sed "s/CERTIFICATE_KEY=//" > /tmp/temp.key +cat /tmp/temp.key | sed 's/KEY----- /&\n/' | sed 's/ -----END/\n-----END/' | awk '{if($0 ~ /----/) {print;} else { gsub(/ /,"\n");print;}}' > /etc/pki/tls/private/cert.key +rm /tmp/temp.key + +chown artifactory:artifactory -R /var/opt/jfrog/artifactory/* && chown artifactory:artifactory -R /var/opt/jfrog/artifactory/etc/security && chown artifactory:artifactory -R /var/opt/jfrog/artifactory/etc/* + +# start Artifactory +sleep $((RANDOM % 240)) +service artifactory start +service nginx start +nginx -s reload +echo "INFO: Artifactory installation completed." >> /tmp/artifactory-install.log diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/.gitmodules b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/.gitmodules deleted file mode 100644 index 940bc00..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/.gitmodules +++ /dev/null @@ -1,12 +0,0 @@ -[submodule "submodules/quickstart-aws-vpc"] - path = submodules/quickstart-aws-vpc - url = https://github.com/aws-quickstart/quickstart-aws-vpc.git - branch = master -[submodule "submodules/quickstart-linux-bastion"] - path = submodules/quickstart-linux-bastion - url = https://github.com/aws-quickstart/quickstart-linux-bastion.git - branch = master -[submodule "submodules/quickstart-amazon-eks"] - path = submodules/quickstart-amazon-eks - url = https://github.com/aws-quickstart/quickstart-amazon-eks.git - branch = master diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/LICENSE.txt b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/LICENSE.txt deleted file mode 100644 index 8f71f43..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/LICENSE.txt +++ /dev/null @@ -1,202 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/Makefile b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/Makefile deleted file mode 100644 index cc28cac..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/Makefile +++ /dev/null @@ -1,34 +0,0 @@ -.PHONY: help run submodules - -submodules: - git submodule init - git submodule update - cd submodules/quickstart-linux-bastion && git submodule init && git submodule update - cd submodules/quickstart-amazon-eks && git submodule init && git submodule update - -help: - @echo "make test : executes taskcat" - -create: - aws cloudformation create-stack --stack-name test --template-body file://$(pwd)/templates/jfrog-artifactory-ec2-new-vpc.template --parameters $(cat .ignore/params) --capabilities CAPABILITY_IAM - -delete: - aws cloudformation delete-stack --stack-name test - -.ONESHELL: -test: lint submodules - cd .. && pwd && taskcat -c theflash/ci/config.yml -n - -lint: - time taskcat -l -c ci/config.yml - -public_repo: - taskcat -c theflash/ci/config.yml -u - #https://taskcat-tag-quickstart-jfrog-artifactory-c2fa9d34.s3-us-west-2.amazonaws.com/quickstart-jfrog-artifactory/templates/jfrog-artifactory-ec2-master.template - #curl https://taskcat-tag-quickstart-jfrog-artifactory-7008506c.s3-us-west-2.amazonaws.com/quickstart-jfrog-artifactory/templates/jfrog-artifactory-ec2-master.template - -get_public_dns: - aws elb describe-load-balancers | jq '.LoadBalancerDescriptions[]| .CanonicalHostedZoneName' - -get_bastion_ip: - aws ec2 describe-instances | jq '.[] | select(.[].Instances[].Tags[].Value == "LinuxBastion") ' diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/README.md b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/README.md deleted file mode 100644 index e69de29..0000000 diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/ci/jfrog-new-vpc-jcr6-ecs.json b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/ci/jfrog-new-vpc-jcr6-ecs.json deleted file mode 100755 index 6c484e3..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/ci/jfrog-new-vpc-jcr6-ecs.json +++ /dev/null @@ -1,74 +0,0 @@ -[ - { - "ParameterKey": "KeyPairName", - "ParameterValue": "$[taskcat_getkeypair]" - }, - { - "ParameterKey": "RemoteAccessCIDR", - "ParameterValue": "10.0.0.0/16" - }, - { - "ParameterKey": "AccessCIDR", - "ParameterValue": "10.0.0.0/16" - }, - { - "ParameterKey": "AvailabilityZones", - "ParameterValue": "$[taskcat_genaz_2]" - }, - { - "ParameterKey": "DatabasePassword", - "ParameterValue": "$[taskcat_genpass_8A]" - }, - { - "ParameterKey": "QSS3BucketName", - "ParameterValue": "$[taskcat_autobucket]" - }, - { - "ParameterKey": "QSS3KeyPrefix", - "ParameterValue": "quickstart-jfrog-artifactory/" - }, - { - "ParameterKey": "SMLicensesName", - "ParameterValue": "jfrog-artifactory" - }, - { - "ParameterKey": "DatabaseInstance", - "ParameterValue": "db.m4.large" - }, - { - "ParameterKey": "ArtifactoryVersion", - "ParameterValue": "6.15.0" - }, - { - "ParameterKey": "NumberOfSecondary", - "ParameterValue": "2" - }, - { - "ParameterKey": "ArtifactoryServerName", - "ParameterValue": "taskcat" - }, - { - "ParameterKey": "AnsibleVaultPass", - "ParameterValue": "$[taskcat_genpass_8A]" - }, - { - "ParameterKey": "MasterKey", - "ParameterValue": "1ce2be4490ca2c662cb79636cf9b7b8e" - }, - { - "ParameterKey": "Certificate", - "ParameterValue": "-----BEGIN CERTIFICATE-----\nMIIFaDCCA1ACCQD45dB5tZFvCDANBgkqhkiG9w0BAQsFADB2MQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCQ0ExEjAQBgNVBAcMCVN1bm55dmFsZTEOMAwGA1UECgwFSkZy\nb2cxFDASBgNVBAsMC0FydGlmYWN0b3J5MSAwHgYDVQQDDBdhcnRpZmFjdG9yeS5s\nb2NhbGRvbWFpbjAeFw0xOTA3MjMyMzE4MjVaFw0yMDA3MjIyMzE4MjVaMHYxCzAJ\nBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2YWxlMQ4wDAYD\nVQQKDAVKRnJvZzEUMBIGA1UECwwLQXJ0aWZhY3RvcnkxIDAeBgNVBAMMF2FydGlm\nYWN0b3J5LmxvY2FsZG9tYWluMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC\nAgEA0b3OgTFKkNbXXHzPv3l9IqX7fFZcfS2ZMD4mBuNlGQ6kyyraeoKKiVdkOgQV\n/dwDxLeW6y+637J2KBiZTccHUS8/eC5ky9E6ECeFToCYsucUKRiWo9Uss6XS1N+Q\nKQHktCVYy+KFDkJIVEL6LFbUMLz0k1jOhI/FRveT8LQ9cZsfy8KIrCF92ErcdPSL\n02KO6RgaBjxRFtAw2ZdO07O9kcKBC5BpJdrEnJHalVJsJbZOqIuNjyKKp/8s9TtW\nEYhXAbz05RrdQ97Cse1a/rHR5EWL+ITRw3Q/mQUv/ilSrSxb+chtgGb0qdP7aV0h\nLOuxttQFFU2o62LHqnda6dWljxKpSYUz47ugCK0M4T2bRhy7lUgmZ3PcfZYLE2ue\nh1qIJfkDfi1WpbptJAs4MbgfTvF2FCAsh8tyFnl+TA5QBWLRcOF9y1qUAATa1JKX\nzKGf/5hExBRpuq371j4SLAb5qXYUuQqZiCe3O6qTx2Wo/jAOPV49wfK9D9fW5qmq\nND1Rpp8sKjlb2ixm7dhCWyWV+iGHpzX5tjBW35rikAisUoap47I1fNzYMiSTvbhv\n2+by2YY8jsiYRCRIAKzRbgOgDOXnYVtWFpLgUldMqWqo+X3LztYE8CxD0CQK5u12\nGxM5ztXKEaitCqUSjY34Gl4owukA9tzGnu09OuAYGkxVBO0CAwEAATANBgkqhkiG\n9w0BAQsFAAOCAgEATH4kyuKvZtq32b3I7yZ27Xp2yaxABs17g0jAzkv7o9GILo+3\ncVAJS2warQti+c+A2edjqEc97JXb6ul7/SHs7B9B0P4BZSUsI0byuPlQ45Kht891\njz3SF1o6jpKTniQPqsulMMshmYB6oY6CIyvKpaMaG3DypEXFmwEU7CdWr7oVISkn\npU6N6fI+V94Wzd1yHL8Jm/ixP4lqBAZqDhxNRq/Vok94wu2jvWwPIn2M+9myAiOs\nTSpcqLg8Vn70XkK5uuN1UXYU5QDo78GEZpOj7YfCxVjB43Ct/sEiu3iB0GzyEvq6\njlv07H9PyLjYeM7CuhZdgULBqEWbqNhO5XL/QJMYG06kXkT3GiWFP8pjnQRcJM4Z\nqQv8fOTDTuX5GumXKctXJwc7y9uywoIPwffEKlGuofWhihy8r/YXu2BgShDF3zYV\n1RAHVcWtPT5IqejpRZX5LdL4Hr2eCeUkcVCo7qqYLEwxFnQNG1nMrJJ2ewnlzPac\nJNNPRXgTDF3OkbON+3Wn/H0ndqIoqapHXSlkR54Stsk9yjHuaJ9TCANw2mxMDzf0\nRGw9ecirjpzQdP9jT/zK9X4kqFc0T3P6qN3X3s/OPPbroassRk/eqI/oMS6lNcQm\ny+SvRUrdtzKgmAfVE5yMLTVG0cZM4gWJ35DZHHqWnrbFEg7C0NLzoYc6yeQ=\n-----END CERTIFICATE-----" - }, - { - "ParameterKey": "CertificateKey", - "ParameterValue": "-----BEGIN PRIVATE KEY-----\nMIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDRvc6BMUqQ1tdc\nfM+/eX0ipft8Vlx9LZkwPiYG42UZDqTLKtp6goqJV2Q6BBX93APEt5brL7rfsnYo\nGJlNxwdRLz94LmTL0ToQJ4VOgJiy5xQpGJaj1SyzpdLU35ApAeS0JVjL4oUOQkhU\nQvosVtQwvPSTWM6Ej8VG95PwtD1xmx/LwoisIX3YStx09IvTYo7pGBoGPFEW0DDZ\nl07Ts72RwoELkGkl2sSckdqVUmwltk6oi42PIoqn/yz1O1YRiFcBvPTlGt1D3sKx\n7Vr+sdHkRYv4hNHDdD+ZBS/+KVKtLFv5yG2AZvSp0/tpXSEs67G21AUVTajrYseq\nd1rp1aWPEqlJhTPju6AIrQzhPZtGHLuVSCZnc9x9lgsTa56HWogl+QN+LValum0k\nCzgxuB9O8XYUICyHy3IWeX5MDlAFYtFw4X3LWpQABNrUkpfMoZ//mETEFGm6rfvW\nPhIsBvmpdhS5CpmIJ7c7qpPHZaj+MA49Xj3B8r0P19bmqao0PVGmnywqOVvaLGbt\n2EJbJZX6IYenNfm2MFbfmuKQCKxShqnjsjV83NgyJJO9uG/b5vLZhjyOyJhEJEgA\nrNFuA6AM5edhW1YWkuBSV0ypaqj5fcvO1gTwLEPQJArm7XYbEznO1coRqK0KpRKN\njfgaXijC6QD23Mae7T064BgaTFUE7QIDAQABAoICAAgKDnBFQ2Zp1bdl0VC1h2Zc\nllcduE3UAZsnxq1c6fMb7JUc/2LSvhyljOHsZitk04AmyVIacj9Ax+ahir7Acjda\naERjAtoNGvyjhyiLJU82LD+nAZ8l/KCmKn6eUxg/SlTdWZn3BMKXJ86TAqPQcDGu\nDHHZZZEPMbCWrMT9I53HJGDbBAIVBo3T0L9q4DEqBfBJTDYQ+cq2EClG826J5SpB\nGlEnJ+Cbkg2uSYKPtjV712f+cV6bJFVsIn0D2Tiy0SLv6zMc5H5Fe5D2WBaLGlB1\nmffcn22udwGWgVBspQ6eNKhOVmQljhs0VN6lAzCFmDo5xjga0e6zypNuH732wnG3\nrOoIs6Qo5FQT4fSRSdSANlWJ8cF1OPL7ll0CN1BGfNa304s/C+qNO9SgMn6gmp3G\nuXYSgILp5UraRvn/KYXXVf/IRYrg6bnJ1TcuKCWJPjtibFLmIZutPkOTNF3YSW4s\nUOfLFK8Ky4r0/H6Nzt1r/f9qPHqVG7ILPWP1fwpcq06Tb6wvrJ1xkW9f3JTiWLMi\njkDiuQTmDf1JOk/TslZ3Mj6JDYFdHgT3lZdSNHiRuGgQ278ax/waSRn5W0LXr5b5\ntdHOBqLKnq7l96Hj0IArcrgh1ocJw4pP9JFWGDV2zfG+HzTf6QGmWj6j1Vf/91VN\n75tJmgKjScdU/DX+hTQBAoIBAQDy1YVc5Xwr+JzBV+xMorzVdaZ9Fwpycoy7OPy2\nNjFk1XD/cSDDK7aTDd9v8HF8Kmw4kVtngIkP/kdY4Gdu1oP22f2wkKjXGFQaRWPl\nNNEDhC+f7tjvGbF702jhB0kFdn3f7fEWyr4j8FP4xUqOczF2tzPgKeTkfz+ckQ0m\nDgmjm3vcPb+ZDLDE7fBw0On/qZr9dCH0oBwl7CMWmKggzYQEKNBbJowBwIlwTmL6\nI8Xzj7CAcV9sIVboJb7jNQPOCzHJA9bTGf5LMbD6X6D6Avlvd1J74/fFWkLME6CI\n0mlF5aOW2qKMo57DtnnEEKCL/6DXPfRvX6CuwbHqS5SIbwnxAoIBAQDdHPfDcpjU\n51KgFe4WoygNGVI604Aqv4ZnumJ4oshS71KqQidXgGBch9fDUad1txbDkeOHFW4u\nYwT67VsHeP7jbCA1Rn7MY8DASlSdJkZ7e4trUh1xfYH5tJK3i5hXMPu221sc7l5z\nNTKlohn00tIjy0adehk5oIyr1w1l9DtX6TMK2uNa7Z79mYFZLhrWRX6a93M4MA+J\nTq0bKF8j+x8RG2VZF6mom4XkHLOhYC9osG4xbj8AbhKBt9XrUcu+TT9Ct/kE7b54\ncvWtyf19cwviApebfQIn31pwieUaSncztSHdARCgVETP1334yOtrgKWb3CifaQHH\n0N+BqsrJR469AoIBAHAufAHCcm7N13zqZVuyApKKW3OGZWkhyinj1btHpeHzSNR5\nKq1/UET3L7XC2mqGHqCzZgqWsrsUuVkxshbeOvCbHDupWJalwpSwYcnNcJGzS10T\nNlye/gM6U0VB3FYNu3Drt2jUGKr5p5FRc3QDe2JgmDKCqB93OafWysA90+4lMj84\nt365AiC321AC81cMv3E/aUBdhyNtx3f05hbhWo+hW0AAusVEcTnUvJzaUeSHCP8N\nYQvPCxsL9Pd50lwph8JZZ7D2XSfXuO6xpuhY32rDMPPTCO+/FwS4PH141vFXeQ+D\nyXw3Sm0Xq4EMPV7vpRpKoNWi09Rn3w1iBShSQ8ECggEBAK7l3flEaS1m+I1WK2jO\nj7ykvc14RJYLvwXHgWKI6EnpsgqonzPwgMhQT1PY/8v2EdSKTl4ojmm0u1i8bNeh\nVoSPn35kj6GeefXgFcPkZbYBCEvQvSdrLmdU9QSoL80wGrsOEaj1x9H7T1+CtGNa\nawwTG30u+ksB+qNmTNvLbzFfbZd1gocHFE7moFDpTiMU/0sW1pWoNnHWwMiNi4wL\ndAx1DhqFxBZxRlwkc9X/HiECBXemC8GMT6k5v8UOg0m5EoP0v82tPI9L55cbAh67\n5LdWc5NzM0RUwNXpzUWZh2ZoLSwCTqNzZKa+fo9OZiE3tkdtwtgtGFJ0noaTkSnb\nJ0UCggEAWh58mtJ9TdAZdtU7kkx1/3c91hxl+up8PTSS6BdFa8DXxt9iQq4r914c\nVbfdnzKH7K245alH2aOcdw/TrK0ulQOazGGX2E6pWJV/ndxaUM4beUDUYbTVec3O\niVFWQT/Kp4WQktHQIu0w2fZElgOo30X3eTFEx0bvAm9Or2PiR34JAB5yerrEuFWq\n+Y3oZVb1tzJgLrVqAE6ct/TwkzhLaehlzPFNQb1u5POe3aUHjr5gsZDkqZua3Ys2\nQhArEEmrhEqRBACPWKWb6fSc+ajYlhltLg2g3EMqL4arW/3hgI2KS0vdiPtMRDvQ\n2YpoPnf204ak0AcDNZX257FnjRltUg==\n-----END PRIVATE KEY-----" - }, - { - "ParameterKey": "CertificateDomain", - "ParameterValue": "localdomain" - }, - { - "ParameterKey": "ArtifactoryServerName", - "ParameterValue": "artifactory" - } -] diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/ci/taskcat.yml b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/ci/taskcat.yml deleted file mode 100755 index 76cd97e..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/ci/taskcat.yml +++ /dev/null @@ -1,14 +0,0 @@ -global: - marketplace-ami: false - owner: quickstart-eng@amazon.com - qsname: quickstart-jfrog-artifactory - regions: - - us-west-2 - reporting: true - -tests: - jfrog-artifactory-jcr6-ecs: - parameter_input: jfrog-new-vpc-jcr6-ecs.json - template_file: jfrog-jcr6-ecs-master.template.yaml - regions: - - us-west-2 \ No newline at end of file diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/README.md b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/README.md deleted file mode 100644 index 4ce5870..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/README.md +++ /dev/null @@ -1,72 +0,0 @@ -Artifactory Master -========= - -A configuration for Artifactory through Cloud Formation. This assumes it will be tied to an AutoScale group, the -environment will have 2 boot groups. 1 with `art_primary=True` and the other `art_primary=False`. Note: The MasterKey -must match in both boot groups or they will not connect. - -Requirements ------------- - -This role is dependent on specific inputs, but does not require any other roles. - -Role Variables --------------- - -artifactory_licesnes is expected as a list of Artifactory licesnse. -artifactory_server_name is the DNS name of the Artifactory instance. -certificate_domain: Domain name for the DNS name of the Artifactory instance. -s3_endpoint: S3 URL endpoint for backend storage. -s3_access_key: S3 Access key for the S3 Endpoint + Bucket. -s3_access_secret_key: S3 Secret key for the S3 Endpoint + Bucket. -s3_bucket: S3 bucket for backend storage. -certificate_key: Private Certificate Key used for NGINX to terminate SSL -certificate: Certificate used by NGINX to terminate SSL -db_type: Currently only MySQL is supported. -db_ipaddr: MySQL endpoint for the DB connection. -db_name: Name of the Database. -db_user: User with write/read permission on the `db_name` -db_password: Password for the `db_user` -art_primary: True or False (Very important that only one node is art_primary=True) -artifactory_keystore_pass: Java Keystore new Password -master_key: Master Cluster key to join the Artifactory cluster. -artifactory_version: Version of Artifactory to install. - -Dependencies ------------- - -None - -Example Playbook ----------------- - -```yaml -- import_playbook: site-artifactory.yml - vars: - artifactory_licenses: ${ArtifactoryLicense} - artifactory_server_name: ${ArtifactoryServerName} - certificate_domain: ${CertificateDomain} - s3_endpoint: s3.${AWS::Region}.amazonaws.com - s3_access_key: ${ArtifactoryIAMAcessKey} - s3_access_secret_key: ${SecretAccessKey} - s3_bucket: ${ArtifactoryS3Bucket} - certificate_key: ${CertificateKey} - certificate: ${Certificate} - db_type: ${DBType} - db_ipaddr: ${ArtifactoryDBEndpointAddress} - db_name: ${DatabaseName} - db_user: ${DatabaseUser} - db_password: ${DatabasePassword} - art_primary: ${ArtifactoryPrimary} - artifactory_keystore_pass: ${KeystorePassword} - master_key: ${MasterKey} - artifactory_version: ${ArtifactoryVersion} -``` - -License -------- - -BSD - -Author Information ------------------- diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/defaults/main.yml b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/defaults/main.yml deleted file mode 100644 index 1867abf..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/defaults/main.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -# defaults file for quickstart-jfrog-artifactory/scripts/roles/artifactory - -ecs_deployment: false - -db_type: mysql -db_driver: com.mysql.jdbc.Driver -db_ipaddr: 127.0.0.1 -db_name: artifactory -db_user: artuser -db_password: badpassword - -s3_endpoint: needs_to_be_passed -s3_access_key: needs_to_be_passed -s3_access_secret_key: needs_to_be_passed -s3_bucket: needs_to_be_passed - -# Differences required for nginx as a container. -artifactory_hostname: 127.0.0.1 -ssl_dir: /var/opt/jfrog/nginx/ssl -key_dir: /etc/pki/tls/private -nginx_user_id: 104 -nginx_group_id: 107 - -certificate_key_file: /root/key -certificate_file: /root/cert -art_primary: true -java_version: java-1.8.0 -extra_java_opts: -server -Xms2g -Xmx14g -Xss256k -XX:+UseG1GC -java_mysql_driver: - url: https://bintray.com/artifact/download/bintray/jcenter/mysql/mysql-connector-java/5.1.38/mysql-connector-java-5.1.38.jar - dest: /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.38.jar - owner: artifactory - group: artifactory -rds_cert: - url: https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem - dest: /root/rds-combined-ca-bundle.pem - owner: root - group: root - cert_alias: rds_ca -import_rds: true - - - -# The Docker scripts handle this, so we do not need these variables when configuring -# A docker system that will host -artifactory_keystore_path: /etc/alternatives/jre_1.8.0/lib/security/cacerts -artifactory_keystore_default: changeit -artifactory_keystore_pass: needs_to_be_passed - diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/files/inactiveServerCleaner.groovy b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/files/inactiveServerCleaner.groovy deleted file mode 100644 index 6d7daa1..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/files/inactiveServerCleaner.groovy +++ /dev/null @@ -1,46 +0,0 @@ -import org.artifactory.state.ArtifactoryServerState -import org.artifactory.storage.db.servers.service.ArtifactoryServersCommonService -import org.artifactory.common.ConstantValues -import org.slf4j.Logger -import java.util.concurrent.TimeUnit -jobs { - clean(interval: 90000, delay: 900000) { - runCleanupHAInactiveServers() - } -} -executions { - cleanHAInactiveServers() { params -> - runCleanupHAInactiveServers() - } -} -def runCleanupHAInactiveServers() { - def artifactoryServersCommonService = ctx.beanForType(ArtifactoryServersCommonService) - def artifactoryInactiveServerCleaner = new ArtifactoryInactiveServersCleaner(artifactoryServersCommonService, log) - artifactoryInactiveServerCleaner.cleanInactiveArtifactoryServers() -} -public class ArtifactoryInactiveServersCleaner { - private ArtifactoryServersCommonService artifactoryServersCommonService - private Logger log - ArtifactoryInactiveServersCleaner(ArtifactoryServersCommonService artifactoryServersCommonService, Logger log) { - this.artifactoryServersCommonService = artifactoryServersCommonService - this.log = log - } - def cleanInactiveArtifactoryServers() { - log.info "Executing inactive artifactory servers cleaner plugin" - List allMembers = artifactoryServersCommonService.getAllArtifactoryServers() - for (member in allMembers) { - def heartbeat = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis() - member.getLastHeartbeat()) - def noHeartbeat = heartbeat > ConstantValues.haHeartbeatStaleIntervalSecs.getInt() - if (member.getServerState() == ArtifactoryServerState.UNAVAILABLE || ( noHeartbeat && member.getServerState() != ArtifactoryServerState.CONVERTING && member.getServerState() != ArtifactoryServerState.STARTING )) { - try { - log.info "Inactive artifactory servers cleaning task found server ${member.serverId} to remove" - artifactoryServersCommonService.removeServer(member.serverId) - }catch (Exception e){ - log.error "Error: Not able to remove ${member.serverId}, ${e.message}" - } - } - } - log.info "No inactive servers found" - } -} - \ No newline at end of file diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/files/installer-info.json b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/files/installer-info.json deleted file mode 100644 index 5f9dafc..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/files/installer-info.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "productId": "JFrogInstaller_Cloudformation/1.0.0", - "features": [ - { - "featureId": "MySql/5.5" - }] -} \ No newline at end of file diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/handlers/main.yml b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/handlers/main.yml deleted file mode 100644 index b988370..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/handlers/main.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# handlers file for quickstart-jfrog-artifactory/scripts/roles/artifactory - -- name: restart nginx - service: - name: nginx - state: restarted - -- name: Enable Artifactory - service: - name: artifactory - state: started - enabled: yes diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/tasks/configure.yml b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/tasks/configure.yml deleted file mode 100644 index 94175a0..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/tasks/configure.yml +++ /dev/null @@ -1,100 +0,0 @@ ---- - -- name: Update Java - package: - name: "{{ java_version }}" - state: present - -- name: Configure Java - alternatives: - name: java - path: /usr/lib/jvm/jre-1.8.0-openjdk.x86_64/bin/java - -- name: Download Java requirements such as jbdc for mysql Driver and the RDS CA certificate - get_url: - url: "{{ item.url }}" - dest: "{{ item.dest }}" - owner: "{{ item.owner }}" - group: "{{ item.group }}" - loop: - - "{{ java_mysql_driver }}" - - "{{ rds_cert }}" - -- name: Import the RDS certificate into Java KeyStore - java_cert: - cert_path: "{{ rds_cert.dest }}" - cert_alias: "{{ rds_cert.cert_alias }}" - keystore_pass: "{{ artifactory_keystore_default }}" # Default JKS as you get from the Internet. - keystore_path: "{{ artifactory_keystore_path }}" - when: import_rds == true - register: r_java_cert - failed_when: "'Not found' in r_java_cert" - -- name: Change Keystore password - command: keytool -storepasswd -keystore {{ artifactory_keystore_path }} -storepass {{ artifactory_keystore_default }} -new {{ artifactory_keystore_pass }} - no_log: true - when: r_java_cert.rc == 0 - -- name: Configure Java - lineinfile: - path: /var/opt/jfrog/artifactory/etc/default - line: export JAVA_OPTIONS="$JAVA_OPTIONS {{ extra_java_opts }}" - create: yes - -- name: Configure Ping - lineinfile: - path: /var/opt/jfrog/artifactory/etc/artifactory.system.properties - line: artifactory.ping.allowUnauthenticated=true - create: yes - -- name: All File/Folders required for Artifactory configuration - file: - path: "{{ item.path }}" - state: "{{ item.state }}" - owner: artifactory - group: artifactory - loop: - - path: /var/opt/jfrog/artifactory/etc/security/ - state: directory - - path: /var/opt/jfrog/artifactory/etc/plugins - state: directory - - path: /var/opt/jfrog/artifactory/etc/info - state: directory - -- name: Template of the properties and certs as requires for Artifactory - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: artifactory - group: artifactory - mode: '0664' - loop: - - src: db.properties.j2 - dest: /var/opt/jfrog/artifactory/etc/db.properties - - src: binarystore.xml.j2 - dest: /var/opt/jfrog/artifactory/etc/binarystore.xml - - src: ha-node.properties.j2 - dest: /var/opt/jfrog/artifactory/etc/ha-node.properties - - src: master.key.j2 - dest: /var/opt/jfrog/artifactory/etc/security/master.key - - src: certificate.pem.j2 - dest: "{{ ssl_dir }}/cert.pem" - - src: certificate.key.j2 - dest: "{{ key_dir }}/cert.key" - - src: artifactory.cluster.license.j2 - dest: /var/opt/jfrog/artifactory/etc/artifactory.cluster.license - -- name: Copy all static files required for Artifactory - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: artifactory - group: artifactory - mode: "{{ item.mode }}" - loop: - - src: inactiveServerCleaner.groovy - dest: /var/opt/jfrog/artifactory/etc/plugins/inactiveServerCleaner.groovy - mode: '0660' - - src: installer-info.json - dest: /var/opt/jfrog/artifactory/etc/info/installer-info.json - mode: '0660' \ No newline at end of file diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/tasks/configure_ecs.yml b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/tasks/configure_ecs.yml deleted file mode 100644 index e520ace..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/tasks/configure_ecs.yml +++ /dev/null @@ -1,83 +0,0 @@ ---- - -- name: All File/Folders required for Artifactory configuration - file: - path: "{{ item.path }}" - state: "{{ item.state }}" - owner: root - group: root - loop: - - path: /data/jfrog/artifactory/etc/ # Needs mapped to /artifactory_extra_conf - state: directory - - path: /data/jfrog/artifactory/tmp/plugins # Needs mapped to /tmp/plugins - state: directory - - path: /data/jfrog/artifactory/java_certs # Needs mapped to /artifactory_extra_certs - state: directory - - path: /data/jfrog/artifactory/plugins # Needs mapped to /opt/jfrog/artifactory/tomcat/lib/ - state: directory - - -- name: Download Java requirements such as jbdc for mysql Driver and the RDS CA certificate - get_url: - url: "{{ item.url }}" - dest: "{{ item.dest }}" - owner: "{{ item.owner }}" - group: "{{ item.group }}" - loop: - - "{{ java_mysql_driver }}" - - "{{ rds_cert }}" - -- name: Template of the properties as requires for Artifactory - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root - group: root - mode: '0664' - loop: - - src: binarystore.xml.j2 - dest: /data/jfrog/artifactory/etc/binarystore.xml - - src: artifactory.cluster.license.j2 - dest: /data/jfrog/artifactory/etc/artifactory.cluster.license - -- name: All File/Folders required for Artifactory configuration - file: - path: "{{ item.path }}" - state: "{{ item.state }}" - owner: "{{ nginx_user_id }}" - group: "{{ nginx_group_id }}" - loop: - - path: /data/jfrog/nginx/ssl # Mapped to /var/opt/jfrog/nginx - state: directory - - path: /data/jfrog/nginx/conf.d # Mapped to /var/opt/jfrog/nginx - state: directory - -- name: Template nginx files as requires for Artifactory - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: "{{ nginx_user_id }}" - group: "{{ nginx_group_id }}" - mode: '0664' - loop: - - src: certificate.pem.j2 - dest: "{{ ssl_dir }}cert.pem" - - src: certificate.key.j2 - dest: "{{ key_dir }}cert.key" - - src: artifactory.conf.j2 - dest: /data/jfrog/nginx/conf.d/artifactory.conf - -- name: Copy all static files required for Artifactory - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root - group: root - mode: "{{ item.mode }}" - loop: - - src: inactiveServerCleaner.groovy - dest: /data/jfrog/artifactory/tmp/plugins/inactiveServerCleaner.groovy - mode: '0777' - - - diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/tasks/install.yml b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/tasks/install.yml deleted file mode 100644 index 1eb4b5c..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/tasks/install.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -- name: Add Artifactory Repo - yum_repository: - name: bintray--jfrog-artifactory-pro-rpms - description: bintray--jfrog-artifactory-pro-rpms - baseurl: https://jfrog.bintray.com/artifactory-pro-rpms - gpgcheck: no - enabled: yes - -- name: Install Artifactory from RPM - yum: - name: "jfrog-artifactory-pro-{{ artifactory_version }}" - state: installed - releasever: "{{ artifactory_version }}" - enablerepo: bintray--jfrog-artifactory-pro-rpms - disablerepo: "epel,amzn-main,amzn-updates" - notify: Enable Artifactory diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/tasks/main.yml b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/tasks/main.yml deleted file mode 100644 index a24e74b..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/tasks/main.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# tasks file for quickstart-jfrog-artifactory/scripts/roles/artifactory - - -- name: Configure an Instance to host Artifactory - include: "{{ item.name }}" - when: ecs_deployment == false - loop: - - name: install.yml - - name: configure.yml - - name: nginx-setup.yml - -- name: Configure ECS EC2 Node to host an Artifactory Container - include: configure_ecs.yml - when: ecs_deployment == true - - diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/tasks/nginx-setup.yml b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/tasks/nginx-setup.yml deleted file mode 100644 index 62d6d6a..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/tasks/nginx-setup.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- - -# Tasks for configuring NGINX for Artifactory -- name: Ensure latest nginx is installed - package: - name: nginx - state: latest - -- name: Configure main NGINX conf file. - copy: - src: nginx.conf - dest: /etc/nginx/nginx.conf - owner: root - group: root - mode: '0755' - notify: restart nginx - - -- name: Configure the Artifactory NGINX conf - template: - src: artifactory.conf.j2 - dest: /etc/nginx/conf.d/artifactory.conf - owner: root - group: root - mode: '0755' - notify: restart nginx diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/artifactory.cluster.license.j2 b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/artifactory.cluster.license.j2 deleted file mode 100644 index 88e5571..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/artifactory.cluster.license.j2 +++ /dev/null @@ -1,18 +0,0 @@ -{% if artifactory_license1 |length %} -{{ artifactory_license1 }} -{% endif %} - - -{% if artifactory_license2 |length %} -{{ artifactory_license2 }} -{% endif %} - - -{% if artifactory_license3 |length %} -{{ artifactory_license3 }} -{% endif %} - - -{% if artifactory_license4 |length %} -{{ artifactory_license4 }} -{% endif %} \ No newline at end of file diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/artifactory.conf.j2 b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/artifactory.conf.j2 deleted file mode 100644 index 7fb7fcf..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/artifactory.conf.j2 +++ /dev/null @@ -1,33 +0,0 @@ -ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; -ssl_certificate {{ ssl_dir }}/cert.pem; -ssl_certificate_key {{ key_dir }}/cert.key; -ssl_session_cache shared:SSL:1m; -ssl_prefer_server_ciphers on; -## server configuration -server { - listen 443 ssl; - listen 80 ; - server_name {{ artifactory_server_name }}.{{ certificate_domain }} ~(?.+)\.{{ certificate_domain }}; - if ($http_x_forwarded_proto = '') { - set $http_x_forwarded_proto $scheme; - } - ## Application specific logs - ## access_log /var/log/nginx/artifactory-access.log timing; - ## error_log /var/log/nginx/artifactory-error.log; - rewrite ^/$ /artifactory/webapp/ redirect; - rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; - rewrite ^/(v2)/(.*) /artifactory/$1/$2; - chunked_transfer_encoding on; - client_max_body_size 0; - location /artifactory/ { - proxy_read_timeout 900; - proxy_pass_header Server; - proxy_cookie_path ~*^/.* /; - proxy_pass http://{{ artifactory_hostname }}:8081/artifactory/; - proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } -} diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/binarystore.xml.j2 b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/binarystore.xml.j2 deleted file mode 100644 index 691eb3e..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/binarystore.xml.j2 +++ /dev/null @@ -1,38 +0,0 @@ - - - - - - - - - - - - - - - - crossNetworkStrategy - crossNetworkStrategy - 2 - 1 - - - - - remote - - - - local - - - - {{ s3_endpoint }} - {{ s3_access_key }} - {{ s3_access_secret_key }} - {{ s3_bucket }} - - - diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/certificate.key.j2 b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/certificate.key.j2 deleted file mode 100644 index 4ac8f0f..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/certificate.key.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ certificate_key | b64decode }} diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/certificate.pem.j2 b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/certificate.pem.j2 deleted file mode 100644 index 9bc0562..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/certificate.pem.j2 +++ /dev/null @@ -1,2 +0,0 @@ -{{ certificate | b64decode }} - diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/db.properties.j2 b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/db.properties.j2 deleted file mode 100644 index f92ba21..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/db.properties.j2 +++ /dev/null @@ -1,5 +0,0 @@ -type={{ db_type }} -driver={{ db_driver }} -url=jdbc:mysql://{{ db_ipaddr }}:3306/{{ db_name }}?characterEncoding=UTF-8&elideSetAutoCommits=true&verifyServerCertificate=true&useSSL=true&requireSSL=true -username={{ db_user }} -password={{ db_password }} \ No newline at end of file diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/ha-node.properties.j2 b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/ha-node.properties.j2 deleted file mode 100644 index bd6683b..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/roles/artifactory/templates/ha-node.properties.j2 +++ /dev/null @@ -1,9 +0,0 @@ -{% if art_primary == True %} -node.id=primary -{% else %} -node.id={{ ansible_hostname }} -{% endif %} -artifactory.ha.data.dir=/var/opt/jfrog/artifactory/data -context.url=http://{{ ansible_default_ipv4.address }}:8081/artifactory -membership.port=0 -primary={{ art_primary }} diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/site-artifactory.yml b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/site-artifactory.yml deleted file mode 100644 index 29b2f06..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/scripts/site-artifactory.yml +++ /dev/null @@ -1,5 +0,0 @@ -- hosts: localhost - gather_facts: true - become: true - roles: - - name: artifactory diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/templates/jfrog-jcr6-ecs-ec2.template.yaml b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/templates/jfrog-jcr6-ecs-ec2.template.yaml deleted file mode 100755 index ee2e9be..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/templates/jfrog-jcr6-ecs-ec2.template.yaml +++ /dev/null @@ -1,399 +0,0 @@ -AWSTemplateFormatVersion: "2010-09-09" -Description: "Deploys the EC2 Autoscaling, LaunchConfig, ECS Cluster, and calls nested Stack for the ECS Service" -Parameters: - PrivateSubnet1ID: - Type: 'AWS::EC2::Subnet::Id' - PrivateSubnet2ID: - Type: 'AWS::EC2::Subnet::Id' - MinScalingNodes: - Type: Number - MaxScalingNodes: - Type: Number - InstanceType: - Type: String - VolumeSize: - Type: Number - ClusterName: - Description: Desired name for your cluster. - Default: JFrog - Type: String - CreateNewECSCluster: - Description: Whether to create the ECS Cluster with given name or not. - Default: Enabled - Type: String - DeploymentTag: - Type: String - NumberOfSecondary: - Type: Number - ArtifactoryLicense1: - Type: String - ArtifactoryLicense2: - Type: String - ArtifactoryLicense3: - Type: String - ArtifactoryLicense4: - Type: String - ArtifactoryServerName: - Type: String - CertificateDomain: - Type: String - ArtifactoryIAMAcessKey: - Type: String - NoEcho: 'true' - SecretAccessKey: - Type: String - NoEcho: 'true' - ArtifactoryS3Bucket: - Type: String - CertificateKey: - Type: String - NoEcho: 'true' - Certificate: - Type: String - DBType: - Type: String - DBPluginUrl: - Default: https://bintray.com/artifact/download/bintray/jcenter/mysql/mysql-connector-java/5.1.38/mysql-connector-java-5.1.38.jar - Type: String - DBPlugin: - Default: mysql-connector-java-5.1.38.jar - Type: String - ArtifactoryDBEndpointAddress: - Type: String - DatabaseName: - Type: String - DatabaseUser: - Type: String - DatabasePassword: - NoEcho: 'true' - Type: String - MasterKey: - Type: String - NoEcho: 'true' - ExtraJavaOptions: - Type: String - ArtifactoryVersion: - Type: String - KeyPairName: - Type: AWS::EC2::KeyPair::KeyName - ArtifactoryTargetGroupArn: - Type: String - SecurityGroups: - Type: String - AnsibleVaultPass: - Description: Ansiblevault Password to secure the artifactory.yml - NoEcho: 'true' - Type: String - QSS3BucketName: - Type: String - QSS3KeyPrefix: - Type: String -Mappings: - AWSAMIRegionMap: - #AMI: - # AMZECSOTP: amzn-ami-2018.03.a-amazon-ecs-optimized - us-east-2: - AMI: ami-0307f7ccf6ea35750 - us-east-1: - AMI: ami-045f1b3f87ed83659 - us-west-2: - AMI: ami-01b70aea4161476b7 - us-west-1: - AMI: ami-0285183bbef6224bd - eu-west-3: - AMI: ami-0f4738fbeb53e6c3a - eu-west-2: - AMI: ami-01bee3897bba49d78 - eu-west-1: - AMI: ami-0627e141ce928067c - eu-central-1: - AMI: ami-0eaa3baf6969912ba - eu-north-1: - AMI: ami-03494b0c9e1c22492 - ap-northeast-2: - AMI: ami-00294948a592fc052 - ap-northeast-1: - AMI: ami-05b296a384694dfa4 - ap-southeast-2: - AMI: ami-02c73ee1100ce3e7a - ap-southeast-1: - AMI: ami-050865a806e0dae53 - ca-central-1: - AMI: ami-0f552e0a86f08b660 - ap-south-1: - AMI: ami-01ef9f6a829ae3956 - sa-east-1: - AMI: ami-084b1eee100c102ee -Conditions: - CreateECSCluster: !Equals [!Ref 'CreateNewECSCluster', 'Enabled'] - GovCloudCondition: !Equals - - !Ref 'AWS::Region' - - us-gov-west-1 -Resources: - ECSRole: - Type: AWS::IAM::Role - Properties: - Path: / - RoleName: !Sub - ${ClusterName}-ECSRole-${AWS::Region} - AssumeRolePolicyDocument: - Statement: - - Action: - - sts:AssumeRole - Principal: - Service: - - ecs-tasks.amazonaws.com - - ec2.amazonaws.com - - ecs.amazonaws.com - Effect: Allow - Version: 2012-10-17 - ManagedPolicyArns: - - 'arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM' - - arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy - - arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role - Policies: - - PolicyName: ecs-service - PolicyDocument: - Statement: - - Effect: Allow - Action: - - ecs:ListClusters - - ecs:ListServices - - ecs:DescribeServices - - ecr:ListImages - - ecs:RegisterTaskDefinition - - ecs:CreateService - - ecs:ListTasks - - ecs:DescribeTasks - - ecs:CreateService - - ecs:DeleteService - - ecs:UpdateService - - ecs:DescribeContainerInstances - - ecs:DescribeTaskDefinition - - application-autoscaling:DescribeScalableTargets - - iam:ListRoles - Resource: "*" - ECSInstanceProfile: - Type: AWS::IAM::InstanceProfile - Properties: - Path: / - Roles: - - !Ref ECSRole - ECSCluster: - Condition: CreateECSCluster - Type: AWS::ECS::Cluster - Properties: - ClusterName: !Ref ClusterName - ArtifactoryScalingGroup: - Type: 'AWS::AutoScaling::AutoScalingGroup' - Properties: - AutoScalingGroupName: ArtifactoryECSEC2ScaleGroup - LaunchConfigurationName: !Ref ArtifactoryLaunchConfiguration - VPCZoneIdentifier: - - !Ref PrivateSubnet1ID - - !Ref PrivateSubnet2ID - MinSize: !Ref MinScalingNodes - MaxSize: !Ref MaxScalingNodes - Cooldown: '300' - DesiredCapacity: !Ref MinScalingNodes - HealthCheckType: EC2 - HealthCheckGracePeriod: 600 - Tags: - - Key: Name - Value: !Ref DeploymentTag - PropagateAtLaunch: true - CreationPolicy: - ResourceSignal: - Count: 1 - Timeout: PT30M - ArtifactoryLaunchConfiguration: - Type: 'AWS::AutoScaling::LaunchConfiguration' - Metadata: - 'AWS::CloudFormation::Authentication': - S3AccessCreds: - type: S3 - roleName: - - !Ref ECSRole - buckets: - - !Ref QSS3BucketName - 'AWS::CloudFormation::Init': - configSets: - artifactory_install: - - "config-artifactory-master" - - "secure-artifactory" - config-artifactory-master: - files: - /root/.artifactory_ansible/artifactory.yml: - content: !Sub - - | - # Base install for Artifactory - - import_playbook: site-artifactory.yml - vars: - ecs_deployment: true - artifactory_hostname: artifactory - ssl_dir: /data/jfrog/nginx/ssl/ - key_dir: /data/jfrog/nginx/ssl/ - artifactory_license1: ${ArtifactoryLicense1} - artifactory_license2: ${ArtifactoryLicense2} - artifactory_license3: ${ArtifactoryLicense3} - artifactory_license4: ${ArtifactoryLicense4} - s3_endpoint: s3.${AWS::Region}.amazonaws.com - s3_access_key: ${ArtifactoryIAMAcessKey} - s3_access_secret_key: ${SecretAccessKey} - s3_bucket: ${ArtifactoryS3Bucket} - artifactory_server_name: ${ArtifactoryServerName} - certificate_domain: ${CertificateDomain} - certificate: ${cert} - certificate_key: ${cert_key} - java_mysql_driver: - url: ${DBPluginUrl} - dest: /data/jfrog/artifactory/plugins/${DBPlugin} - owner: root - group: root - rds_cert: - url: https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem - dest: /data/jfrog/artifactory/java_certs/rds-combined-ca-bundle.pem - owner: root - group: root - - cert: !Base64 - "Fn::Sub": "${Certificate}" - cert_key: !Base64 - "Fn::Sub": "${CertificateKey}" - mode: "0400" - /root/.vault_pass.txt: - content: !Sub | - ${AnsibleVaultPass} - mode: "0400" - /root/.secureit.sh: - content: /usr/local/bin/ansible-vault encrypt /root/.artifactory_ansible/artifactory.yml --vault-id /root/.vault_pass.txt - mode: "0770" - secure-artifactory: - commands: - 'secure ansible playbook': - command: '/root/.secureit.sh' - ignoreErrors: 'false' - Properties: - AssociatePublicIpAddress: false - KeyName: !Ref KeyPairName - IamInstanceProfile: !Ref ECSInstanceProfile - ImageId: !FindInMap - - AWSAMIRegionMap - - !Ref 'AWS::Region' - - AMI - SecurityGroups: - - !Ref SecurityGroups - InstanceType: !Ref InstanceType - LaunchConfigurationName: ArtifactoryECSEC2LaunchConfig - BlockDeviceMappings: - - DeviceName: /dev/xvda - Ebs: - VolumeSize: !Ref VolumeSize - VolumeType: gp2 - DeleteOnTermination: true - UserData: !Base64 - 'Fn::Sub': - - > - #!/bin/bash -x - - #CFN Functions - - function cfn_fail - - { - - cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} - --resource ArtifactoryScalingGroup - - exit 1 - - } - - function cfn_success - - { - - cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} - --resource ArtifactoryScalingGroup - - exit 0 - - } - - echo ECS_CLUSTER=${ClusterName} >> /etc/ecs/ecs.config - - S3URI=https://${QSS3BucketName}.${S3Region}.amazonaws.com/${QSS3KeyPrefix} - - yum install -y git - - echo $PATH - - PATH=/usr/local/bin/:/opt/aws/bin:$PATH - - echo $PATH - echo \'[Cloning: Load QuickStart Common Utils]\' - - git clone - https://github.com/aws-quickstart/quickstart-linux-utilities.git - - source /quickstart-linux-utilities/quickstart-cfn-tools.source - - echo \'[Loaded: Load QuickStart Common Utils]\' - - echo \'[Update Operating System]\' - - qs_update-os || qs_err - - qs_bootstrap_pip || qs_err - - qs_aws-cfn-bootstrap || qs_err - - pip install awscli &> /var/log/userdata.awscli_install.log || qs_err " awscli install failed " - - pip install ansible &> /var/log/userdata.ansible_install.log || qs_err " ansible install failed " - - mkdir ~/.artifactory_ansible - - aws s3 sync s3://${QSS3BucketName}/${QSS3KeyPrefix}scripts/ ~/.artifactory_ansible/ - - cfn-init -v --stack ${AWS::StackName} --resource - ArtifactoryLaunchConfiguration --configsets artifactory_install - --region ${AWS::Region} || cfn_fail - - export ANSIBLE_VAULT_PASSWORD_FILE="/root/.vault_pass.txt" - - /usr/local/bin/ansible-playbook /root/.artifactory_ansible/artifactory.yml - - rm -rf /root/.secureit.sh - - [ $(qs_status) == 0 ] && cfn_success || cfn_fail - - S3Region: !If - - GovCloudCondition - - s3-us-gov-west-1 - - s3 - ECSLogGroup: - Type: AWS::Logs::LogGroup - Properties: - RetentionInDays: 7 - PrimaryStack: - DependsOn: ArtifactoryScalingGroup - Type: AWS::CloudFormation::Stack - Properties: - TemplateURL: !Sub 'https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/jfrog-jcr6-ecs.template.yaml' - Parameters: - ECSCluster: !Ref ClusterName # In case we do not build the cluster we still require the Name of the cluster built. - ServiceName: ArtifactoryPrimary - ArtifactoryTargetGroupArn: !Ref ArtifactoryTargetGroupArn - ArtifactoryVersion: !Ref ArtifactoryVersion - DBPlugin: !Ref DBPlugin - MasterKey: !Ref MasterKey - ExtraJavaOptions: !Ref ExtraJavaOptions - NumberNodes: "1" - ArtifactoryPrimary: "true" - DBType: !Ref DBType - DatabaseUser: !Ref DatabaseUser - DatabaseName: !Ref DatabaseName - DatabasePassword: !Ref DatabasePassword - ArtifactoryDBEndpointAddress: !Ref ArtifactoryDBEndpointAddress - ECSLogGroup: !Ref ECSLogGroup - ECSRoleArn: - Fn::GetAtt: ECSRole.Arn diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/templates/jfrog-jcr6-ecs-existing-vpc.template.yaml b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/templates/jfrog-jcr6-ecs-existing-vpc.template.yaml deleted file mode 100755 index f27cd43..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/templates/jfrog-jcr6-ecs-existing-vpc.template.yaml +++ /dev/null @@ -1,704 +0,0 @@ -AWSTemplateFormatVersion: '2010-09-09' -Description: 'JFrog Artifactory Quick Start Deployment into an Existing VPC (qs-1q037eflr)' -Metadata: - AWS::CloudFormation::Interface: - ParameterGroups: - - Label: - default: Security configuration - Parameters: - - KeyPairName - - AccessCIDR - - RemoteAccessCIDR - - Label: - default: Network Configuration - Parameters: - - VPCID - - VPCCIDR - - PublicSubnet1ID - - PublicSubnet2ID - - PrivateSubnet1ID - - PrivateSubnet2ID - - PrivateSubnet1CIDR - - PrivateSubnet2CIDR - - ELBScheme - - Label: - default: Bastion Configuration - Parameters: - - ProvisionBastionHost - - BastionInstanceType - - BastionOS - - BastionRootVolumeSize - - BastionEnableTCPForwarding - - NumBastionHosts - - BastionEnableX11Forwarding - - Label: - default: ECS Configuration - Parameters: - - ClusterName - - CreateNewECSCluster - - InstanceType - - VolumeSize - - Label: - default: JFrog Artifactory Configuration - Parameters: - - ArtifactoryVersion - - NumberOfSecondary - - NumberOfEC2Nodes - - SMLicensesName - - Certificate - - CertificateKey - - CertificateDomain - - ArtifactoryServerName - - MasterKey - - ExtraJavaOptions - - AnsibleVaultPass - - Label: - default: Amazon RDS Configuration - Parameters: - - DatabaseName - - DatabaseEngine - - DatabaseVersion - - DatabaseUser - - DatabasePassword - - DatabaseInstance - - DBAllocatedStorage - - MultiAZDatabase - - Label: - default: AWS Quick Start Configuration - Parameters: - - QSS3BucketName - - QSS3KeyPrefix - ParameterLabels: - KeyPairName: - default: SSH key name - AccessCIDR: - default: Permitted IP range - RemoteAccessCIDR: - default: Remote access CIDR - VPCID: - default: VPC ID - VPCCIDR: - default: VPC CIDR - PublicSubnet1ID: - default: Public subnet 1 ID - PublicSubnet2ID: - default: Public subnet 2 ID - PrivateSubnet1ID: - default: Private subnet 1 ID - PrivateSubnet2ID: - default: Private subnet 2 ID - PrivateSubnet1CIDR: - default: Private subnet 1 CIDR - PrivateSubnet2CIDR: - default: Private subnet 2 CIDR - ELBScheme: - default: Elastic Load Balancer scheme - ProvisionBastionHost: - default: Bastion instance - BastionInstanceType: - default: Bastion instance type - BastionRootVolumeSize: - default: Bastion root volume size - BastionEnableTCPForwarding: - default: Bastion enable TCP forwarding - BastionEnableX11Forwarding: - default: Bastion enable X11 forwarding - BastionOS: - default: Bastion operating system - NumBastionHosts: - default: Number of bastion instances - ClusterName: - default: ECS cluster name - CreateNewECSCluster: - default: Create new ECS cluster - InstanceType: - default: EC2 instance type - VolumeSize: - default: EBS root volume size - ArtifactoryVersion: - default: Artifactory version - NumberOfSecondary: - default: Number of secondary instances - NumberOfEC2Nodes: - default: Number of EC2 nodes - SMLicensesName: - default: Artifactory licenses secret name - Certificate: - default: Certificate - CertificateKey: - default: Certificate key - CertificateDomain: - default: Certificate domain - ArtifactoryServerName: - default: Artifactory server name - MasterKey: - default: Master server key - ExtraJavaOptions: - default: Extra Java options - AnsibleVaultPass: - default: Ansible Vault password - DatabaseName: - default: Database name - DatabaseEngine: - default: Database engine - DatabaseVersion: - default: Database version - DatabaseUser: - default: Database user - DatabasePassword: - default: Database password - DatabaseInstance: - default: Database instance type - DBAllocatedStorage: - default: Database allocated storage - MultiAZDatabase: - default: High available database - QSS3BucketName: - default: Quick Start S3 bucket name - QSS3KeyPrefix: - default: Quick Start S3 key prefix - -Parameters: - KeyPairName: - Description: The name of an existing public/private key pair, which allows you - to securely connect to your instance after it launches. - Type: AWS::EC2::KeyPair::KeyName - AccessCIDR: - Description: The CIDR IP range that is permitted to access Artifactory. - We recommend that you set this value to a trusted IP range. - For example, you might want to grant only your corporate network access to the software. - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ - Type: String - RemoteAccessCIDR: - Description: The remote CIDR range for allowing SSH into the Bastion instance. - We recommend that you set this value to a trusted IP range. - For example, you might want to grant specific ranges inside your corporate network SSH access. - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ - Type: String - VPCID: - Description: The ID of your existing VPC (e.g., vpc-0343606e). - Type: "AWS::EC2::VPC::Id" - VPCCIDR: - Description: The CIDR block for the VPC. - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ - ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 - Default: 10.0.0.0/16 - Type: String - PublicSubnet1ID: - Description: The ID of the public subnet in Availability Zone 1 in your existing VPC (e.g., subnet-z0376dab). - Type: "AWS::EC2::Subnet::Id" - PublicSubnet2ID: - Description: The ID of the public subnet in Availability Zone 2 in your existing VPC (e.g., subnet-a29c3d84). - Type: "AWS::EC2::Subnet::Id" - PrivateSubnet1ID: - Description: The ID of the private subnet in Availability Zone 1 in your existing VPC (e.g., subnet-a0246dcd). - Type: "AWS::EC2::Subnet::Id" - PrivateSubnet2ID: - Description: The ID of the private subnet in Availability Zone 2 in your existing VPC (e.g., subnet-b58c3d67). - Type: "AWS::EC2::Subnet::Id" - PrivateSubnet1CIDR: - Description: The CIDR of the private subnet in Availability Zone 1 in your existing VPC (e.g., 10.0.0.0/19). - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ - ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 - Default: 10.0.0.0/19 - Type: String - PrivateSubnet2CIDR: - Description: The CIDR of the private subnet in Availability Zone 2 in your existing VPC (e.g., 10.0.32.0/19). - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ - ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 - Default: 10.0.32.0/19 - Type: String - ProvisionBastionHost: - Description: Choose Disabled to skip creating a bastion instance. Due to the Artifactory nodes being - created in private subnets, the default setting of Enabled this is highly recommended. - AllowedValues: - - "Enabled" - - "Disabled" - Default: "Enabled" - Type: String - BastionInstanceType: - Description: The size of the bastion instances. - AllowedValues: - - t2.nano - - t2.micro - - t2.small - - t2.medium - - t2.large - - m3.large - - m3.xlarge - - m3.2xlarge - - m4.large - - m4.xlarge - - m4.2xlarge - - m4.4xlarge - Default: "t2.micro" - Type: String - BastionRootVolumeSize: - Description: The size of the root volume on the bastion instances. - Default: 10 - Type: Number - BastionEnableTCPForwarding: - Description: Choose whether to enable TCPForwarding via the bootstrapping of the bastion instance - or not. - AllowedValues: - - "true" - - "false" - Default: "true" - Type: String - BastionEnableX11Forwarding: - Description: Choose true to enable X11 via the bootstrapping of the bastion host. - Setting this value to true will enable X Windows over SSH. - X11 forwarding can be very useful but it is also a security risk, so we recommend - that you keep the default (false) setting unless required. - AllowedValues: - - "true" - - "false" - Default: "false" - Type: String - BastionOS: - Description: The Linux distribution for the Amazon Machine Image (AMI) to be used for the bastion instances. - AllowedValues: - - "Amazon-Linux-HVM" - - "CentOS-7-HVM" - - "Ubuntu-Server-14.04-LTS-HVM" - - "Ubuntu-Server-16.04-LTS-HVM" - - "SUSE-SLES-15-HVM" - Default: "Amazon-Linux-HVM" - Type: String - NumBastionHosts: - Description: The number of bastion instances to create. - AllowedValues: - - '1' - - '2' - - '3' - - '4' - Default: '1' - Type: String - ClusterName: - Description: The name for your ECS cluster. - Default: JFrog - Type: String - CreateNewECSCluster: - Description: Choose whether to create a new ECS cluster with the name specified in the 'ClusterName' parameter. - If you choose Disabled, an ECS cluster with the name specified in the 'CluserName' parameter must already exist. - AllowedValues: - - "Enabled" - - "Disabled" - Default: "Enabled" - Type: String - InstanceType: - Description: The EC2 instance type for the Artifactory Docker hosts. - AllowedValues: - - m4.xlarge - - m4.2xlarge - - m4.4xlarge - - m4.10xlarge - ConstraintDescription: Must contain valid instance type. - Default: m4.xlarge - Type: String - VolumeSize: - Description: The size in GB of the available storage; the Quick Start will create an - Amazon Elastic Block Store (Amazon EBS) volumes of this size. - Default: 200 - Type: Number - NumberOfEC2Nodes: - Description: The number of EC2 nodes to create for the ECS cluster. There must be - enough nodes to run the number of secondaries plus the primary task. - AllowedValues: - - 3 - - 4 - - 5 - - 6 - - 7 - - 8 - Default: 3 - Type: Number - NumberOfSecondary: - Description: The number of secondary Artifactory servers to complete your - HA deployment. To fit the Artifactory best practices, the minimum number - is two; the maximum is seven. Do not select more than instances than you - have licenses for. - AllowedValues: - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - Default: 2 - Type: Number - ArtifactoryVersion: - Description: The version of Artifactory that you want to deploy into the Quick Start. - Please see the release notes to select the version you want to deploy. - https://www.jfrog.com/confluence/display/RTF/Release+Notes - #AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ - #ConstraintDescription: A version that matches X.X.X per Artifactory releases. - Default: 6.15.0 - Type: String - SMLicensesName: - Description: The secret name created in AWS Secrets Manager which contains the Artifactory licenses. - Type: String - Certificate: - Description: The certificate file to be used to terminate SSL. - AllowedPattern: ^(-----BEGIN CERTIFICATE-----)\n(.*?\n)+(-----END CERTIFICATE-----)$ - ConstraintDescription: A Certificate that begins with "-----BEGIN CERTIFICATE----- " and ends with "-----END CERTIFICATE----- " - Type: String - CertificateKey: - Description: The private key for the certificate. - AllowedPattern: ^(-----BEGIN [A-Za-z ]+ KEY-----)\n(.*?\n)+(-----END [A-Za-z ]+ KEY-----)$ - ConstraintDescription: A Private key that begins with "-----BEGIN PRIVATE KEY-----" and ends with "-----END PRIVATE KEY-----" - NoEcho: 'true' - Type: String - CertificateDomain: - Description: The domain matching that of the certificate. Ensure that it matches your certificate. - AllowedPattern: ^[A-Za-z0-9]+[.A-Za-z0-9]+[A-Za-z0-9]$ - ConstraintDescription: The domain must not start or end with a '.' - Type: String - ArtifactoryServerName: - Description: The name of your Artifactory server. Ensure that this matches your certificate. - Type: String - MasterKey: - Description: The master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'. - AllowedPattern: ^[a-zA-Z0-9]+$ - MinLength: '1' - MaxLength: '64' - ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters. - NoEcho: 'true' - Type: String - ExtraJavaOptions: - Description: Setting Java memory parameters for Artifactory. For more information, see the Artifactory - system requirements. - https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware. - Default: -Xmx4g - Type: String - AnsibleVaultPass: - Description: The Ansible Vault password to protect the Artifactory YAML configuration file - generated during the Artifactory deployment. This YAML file is stored on the EC2 nodes - and secured with this password. - NoEcho: 'true' - Type: String - DatabaseName: - Description: The name for your DB instance. The name must be unique across all DB instances - owned by your AWS account in the current AWS Region. The DB instance identifier is case-insensitive, - but is stored as all lowercase (as in "mydbinstance"). - AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ - MinLength: '1' - MaxLength: '60' - ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter. - Default: artdb - Type: String - DatabaseEngine: - Description: The database engine that you want to run, currently locked to MySQL. - AllowedValues: - - MySQL - Default: MySQL - Type: String - DatabaseVersion: - Description: The major version of the MySQL database engine you want to run. This is currently locked to MySQL versions - supported by Artifactory and RDS. - AllowedValues: - - 5.5 - - 5.6 - - 5.7 - Default: 5.7 - Type: String - DatabaseUser: - Description: The login ID for the master user of your DB instance. - MinLength: '1' - MaxLength: '16' - AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ - ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter - Default: artifactory - Type: String - DatabasePassword: - Description: The password for the Artifactory database user. - AllowedPattern: ^[^ \\']+$ - MinLength: '8' - MaxLength: '12' - ConstraintDescription: Must be at least 8 and no more than - 12 characters containing letters and (minimum 1 capital letter), numbers and - symbols. - NoEcho: 'true' - Type: String - DatabaseInstance: - Description: The size of the database to be deployed as part of the Quick Start. - AllowedValues: - - db.m3.medium - - db.m3.large - - db.m3.xlarge - - db.m3.2xlarge - - db.m4.large - - db.m4.xlarge - - db.m4.2xlarge - - db.m4.10xlarge - - db.m4.16xlarge - - db.m5.large - - db.m5.xlarge - - db.m5.2xlarge - - db.m5.4xlarge - - db.m5.12xlarge - - db.m5.24xlarge - ConstraintDescription: Must be a valid database Instance Type. - Default: db.m4.large - Type: String - DBAllocatedStorage: - Description: The size in GB of the available storage for the database instance. - MinValue: 5 - MaxValue: 1024 - Default: 10 - Type: Number - MultiAZDatabase: - Description: Choose false to create an Amazon RDS instance in a single Availability Zone. - ConstraintDescription: True or False - AllowedValues: - - "true" - - "false" - Default: "true" - Type: String - ELBScheme: - Description: Choose whether this will be internet facing or internal. - AllowedValues: - - internal - - internet-facing - Default: internet-facing - Type: String - QSS3BucketName: - Description: S3 bucket name for the Quick Start assets. This string can include - numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start - or end with a hyphen (-). - AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ - ConstraintDescription: Quick Start bucket name can include numbers, lowercase - letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen - (-). - Default: aws-quickstart - Type: String - QSS3KeyPrefix: - Description: S3 key prefix for the Quick Start assets. Quick Start key prefix - can include numbers, lowercase letters, uppercase letters, hyphens (-), and - forward slash (/). - AllowedPattern: ^[0-9a-zA-Z-/]*$ - ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, - uppercase letters, hyphens (-), and forward slash (/). - Default: quickstart-jfrog-artifactory/ - Type: String -Conditions: - EnableBastion: !Equals [!Ref 'ProvisionBastionHost', 'Enabled'] -Resources: - BastionStack: - Condition: EnableBastion - Type: AWS::CloudFormation::Stack - Properties: - TemplateURL: !Sub 'https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-linux-bastion/templates/linux-bastion.template' - Parameters: - VPCID: !Ref VPCID - PublicSubnet1ID: !Ref PublicSubnet1ID - PublicSubnet2ID: !Ref PublicSubnet2ID - KeyPairName: !Ref KeyPairName - QSS3BucketName: !Ref QSS3BucketName - QSS3KeyPrefix: !Sub '${QSS3KeyPrefix}submodules/quickstart-linux-bastion/' - RemoteAccessCIDR: !Ref RemoteAccessCIDR - BastionInstanceType: !Ref BastionInstanceType - RootVolumeSize: !Ref BastionRootVolumeSize - BastionAMIOS: !Ref BastionOS - EnableTCPForwarding: !Ref BastionEnableTCPForwarding - EnableX11Forwarding: !Ref BastionEnableX11Forwarding - NumBastionHosts: !Ref NumBastionHosts - ArtifactoryCoreInfraStack: - Type: AWS::CloudFormation::Stack - Properties: - TemplateURL: !Sub "https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/jfrog-artifactory-core-infrastructure.template.yaml" - Parameters: - VPCID: !Ref VPCID - VPCCIDR: !Ref VPCCIDR - PrivateSubnet1CIDR: !Ref PrivateSubnet1CIDR - PrivateSubnet2CIDR: !Ref PrivateSubnet2CIDR - PrivateSubnet3CIDR: !Ref PrivateSubnet2CIDR # This should end up in no new rule but required for EKS - SubnetIds: !Join [ ",", [ !Ref PrivateSubnet1ID, !Ref PrivateSubnet2ID ]] - DBAllocatedStorage: !Ref DBAllocatedStorage - MultiAZDatabase: !Ref MultiAZDatabase - DatabaseEngine: !Ref DatabaseEngine - DatabaseVersion: !Ref DatabaseVersion - DatabaseUser: !Ref DatabaseUser - DatabasePassword: !Ref DatabasePassword - DatabaseInstance: !Ref DatabaseInstance - DatabaseName: !Ref DatabaseName - ArtifactoryELB: - Type: AWS::ElasticLoadBalancingV2::LoadBalancer - Properties: - IpAddressType: ipv4 - Name: ArtifactoryELB - Scheme: !Ref ELBScheme - Subnets: - - !Ref PublicSubnet1ID - - !Ref PublicSubnet2ID - Tags: - - Key: Name - Value: artifactory-ELB - Type: network - ArtifactoryTargetGroup: - Type: AWS::ElasticLoadBalancingV2::TargetGroup - Properties: - HealthCheckEnabled: True - HealthCheckIntervalSeconds: 30 - HealthCheckProtocol: TCP - HealthCheckTimeoutSeconds: 10 - HealthyThresholdCount: 3 - Name: Artifactory - Port: 443 - Protocol: TCP - #Tags: - # - !Ref DeploymentTag - TargetType: instance - UnhealthyThresholdCount: 3 - VpcId: !Ref VPCID - ArtifactoryELBListener: - Type: AWS::ElasticLoadBalancingV2::Listener - Properties: - DefaultActions: - - TargetGroupArn: !Ref ArtifactoryTargetGroup - Type: forward - LoadBalancerArn: !Ref ArtifactoryELB - Port: 443 - Protocol: TCP - ArtifactoryELBSG: - Type: AWS::EC2::SecurityGroup - Properties: - Tags: - - Key: Name - Value: artifactory-ELB-sg - GroupDescription: SG for ELB Ingress from outside and egress to instances - VpcId: !Ref VPCID - SecurityGroupIngress: - - IpProtocol: tcp - FromPort: 80 - ToPort: 80 - CidrIp: !Ref AccessCIDR - - IpProtocol: tcp - FromPort: 443 - ToPort: 443 - CidrIp: !Ref AccessCIDR - - IpProtocol: tcp - FromPort: 8081 - ToPort: 8081 - CidrIp: !Ref AccessCIDR - SecurityGroupEgress: - - IpProtocol: tcp - FromPort: 80 - ToPort: 80 - CidrIp: 0.0.0.0/0 - - IpProtocol: tcp - FromPort: 443 - ToPort: 443 - CidrIp: 0.0.0.0/0 - - IpProtocol: tcp - FromPort: 8081 - ToPort: 8081 - CidrIp: 0.0.0.0/0 - ArtifactoryEC2SG: - Type: AWS::EC2::SecurityGroup - Properties: - Tags: - - Key: Name - Value: artifactory-ec2-instances-sg - GroupDescription: SG for EC2 instances (also permits SSH access from the bastion host) - VpcId: !Ref VPCID - SecurityGroupIngress: - - IpProtocol: tcp - FromPort: 22 - ToPort: 22 - CidrIp: !Ref VPCCIDR - - IpProtocol: tcp - FromPort: 80 - ToPort: 80 - CidrIp: !Ref VPCCIDR - - IpProtocol: tcp - FromPort: 443 - ToPort: 443 - CidrIp: 0.0.0.0/0 - - IpProtocol: tcp - FromPort: 8081 - ToPort: 8081 - CidrIp: !Ref PrivateSubnet1CIDR - - IpProtocol: tcp - FromPort: 8081 - ToPort: 8081 - CidrIp: !Ref PrivateSubnet2CIDR - SecurityGroupEgress: - - IpProtocol: tcp - FromPort: 22 - ToPort: 22 - CidrIp: 0.0.0.0/0 - - IpProtocol: tcp - FromPort: 80 - ToPort: 80 - CidrIp: 0.0.0.0/0 - - IpProtocol: tcp - FromPort: 443 - ToPort: 443 - CidrIp: 0.0.0.0/0 - - IpProtocol: tcp - FromPort: 3306 - ToPort: 3306 - CidrIp: !Ref PrivateSubnet1CIDR - - IpProtocol: tcp - FromPort: 3306 - ToPort: 3306 - CidrIp: !Ref PrivateSubnet2CIDR - - IpProtocol: tcp - FromPort: 8081 - ToPort: 8081 - CidrIp: !Ref PrivateSubnet1CIDR - - IpProtocol: tcp - FromPort: 8081 - ToPort: 8081 - CidrIp: !Ref PrivateSubnet2CIDR - ArtifactoryECSBuild: - Type: AWS::CloudFormation::Stack - Properties: - TemplateURL: !Sub 'https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/jfrog-jcr6-ecs-ec2.template.yaml' - Parameters: - PrivateSubnet1ID: !Ref PrivateSubnet1ID - PrivateSubnet2ID: !Ref PrivateSubnet2ID - ClusterName: !Ref ClusterName - CreateNewECSCluster: !Ref CreateNewECSCluster - MinScalingNodes: !Ref NumberOfEC2Nodes - MaxScalingNodes: !Ref NumberOfEC2Nodes - KeyPairName: !Ref KeyPairName - InstanceType: !Ref InstanceType - VolumeSize: !Ref VolumeSize - DeploymentTag: Artifactory - NumberOfSecondary: !Ref NumberOfSecondary - ArtifactoryLicense1: !Sub '{{resolve:secretsmanager:${SMLicensesName}:SecretString:ArtifactoryLicense1}}' - ArtifactoryLicense2: !Sub '{{resolve:secretsmanager:${SMLicensesName}:SecretString:ArtifactoryLicense2}}' - ArtifactoryLicense3: !Sub '{{resolve:secretsmanager:${SMLicensesName}:SecretString:ArtifactoryLicense3}}' - ArtifactoryLicense4: !Sub '{{resolve:secretsmanager:${SMLicensesName}:SecretString:ArtifactoryLicense4}}' - CertificateDomain: !Ref CertificateDomain - ArtifactoryServerName: !Ref ArtifactoryServerName - ArtifactoryIAMAcessKey: !GetAtt ArtifactoryCoreInfraStack.Outputs.IAMAcessKey - SecretAccessKey: !GetAtt ArtifactoryCoreInfraStack.Outputs.SecretAccessKey - ArtifactoryS3Bucket: !GetAtt ArtifactoryCoreInfraStack.Outputs.S3Bucket - ArtifactoryDBEndpointAddress: !GetAtt ArtifactoryCoreInfraStack.Outputs.ArtifactoryDBEndpointAddress - CertificateKey: !Ref CertificateKey - Certificate: !Ref Certificate - DBType: mysql - DatabaseName: !Ref DatabaseName - DatabaseUser: !Ref DatabaseUser - DatabasePassword: !Ref DatabasePassword - MasterKey: !Ref MasterKey - ExtraJavaOptions: !Ref ExtraJavaOptions - ArtifactoryVersion: !Ref ArtifactoryVersion - SecurityGroups: !Ref ArtifactoryEC2SG - ArtifactoryTargetGroupArn: !Ref ArtifactoryTargetGroup - AnsibleVaultPass: !Ref AnsibleVaultPass - QSS3BucketName: !Ref QSS3BucketName - QSS3KeyPrefix: !Ref QSS3KeyPrefix - -Outputs: - ArtifactoryUrl: - Description: URL of the ELB to access Artifactory - Value: !Sub "https://${ArtifactoryELB.DNSName}" - BastionIP: - Value: !If - - EnableBastion - - !GetAtt BastionStack.Outputs.EIP1 - - "" diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/templates/jfrog-jcr6-ecs-master.template.yaml b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/templates/jfrog-jcr6-ecs-master.template.yaml deleted file mode 100755 index da87f8f..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/templates/jfrog-jcr6-ecs-master.template.yaml +++ /dev/null @@ -1,541 +0,0 @@ -AWSTemplateFormatVersion: '2010-09-09' -Description: 'JFrog Artifactory Quick Start Deployment' -Metadata: - AWS::CloudFormation::Interface: - ParameterGroups: - - Label: - default: Security configuration - Parameters: - - KeyPairName - - AccessCIDR - - RemoteAccessCIDR - - Label: - default: Network configuration - Parameters: - - AvailabilityZones - - VPCCIDR - - PrivateSubnet1CIDR - - PrivateSubnet2CIDR - - PublicSubnet1CIDR - - PublicSubnet2CIDR - - Label: - default: Bastion configuration - Parameters: - - ProvisionBastionHost - - BastionInstanceType - - BastionOS - - BastionRootVolumeSize - - BastionEnableTCPForwarding - - NumBastionHosts - - BastionEnableX11Forwarding - - Label: - default: ECS configuration - Parameters: - - ClusterName - - InstanceType - - VolumeSize - - Label: - default: JFrog Artifactory configuration - Parameters: - - ArtifactoryVersion - - NumberOfSecondary - - NumberOfEC2Nodes - - SMLicensesName - - Certificate - - CertificateKey - - CertificateDomain - - ArtifactoryServerName - - MasterKey - - ExtraJavaOptions - - AnsibleVaultPass - - Label: - default: Amazon RDS Configuration - Parameters: - - DatabaseName - - DatabaseEngine - - DatabaseVersion - - DatabaseUser - - DatabasePassword - - DatabaseInstance - - DBAllocatedStorage - - MultiAZDatabase - - Label: - default: AWS Quick Start Configuration - Parameters: - - QSS3BucketName - - QSS3KeyPrefix - ParameterLabels: - KeyPairName: - default: SSH key name - AccessCIDR: - default: Permitted IP range - RemoteAccessCIDR: - default: Remote access CIDR - AvailabilityZones: - default: Availability Zones - VPCCIDR: - default: VPC CIDR - PrivateSubnet1CIDR: - default: Private subnet 1 CIDR - PrivateSubnet2CIDR: - default: Private subnet 2 CIDR - PublicSubnet1CIDR: - default: Public subnet 1 CIDR - PublicSubnet2CIDR: - default: Public subnet 2 CIDR - ProvisionBastionHost: - default: Bastion instance - BastionInstanceType: - default: Bastion instance type - BastionRootVolumeSize: - default: Bastion root volume size - BastionEnableTCPForwarding: - default: Bastion enable TCP forwarding - BastionEnableX11Forwarding: - default: Bastion enable X11 forwarding - BastionOS: - default: Bastion operating system - NumBastionHosts: - default: Number of bastion instances - ArtifactoryVersion: - default: Artifactory version - NumberOfSecondary: - default: Number of secondary instances - NumberOfEC2Nodes: - default: Number of EC2 nodes - ClusterName: - default: ECS cluster name - InstanceType: - default: EC2 instance type - VolumeSize: - default: EBS Root volume size - SMLicensesName: - default: Artifactory licenses secret name - Certificate: - default: Certificate - CertificateKey: - default: Certificate key - CertificateDomain: - default: Certificate domain - ArtifactoryServerName: - default: Artifactory server name - MasterKey: - default: Master server key - ExtraJavaOptions: - default: Extra Java options - AnsibleVaultPass: - Description: Ansiblevault Password to secure the artifactory.yml - Type: String - NoEcho: 'true' - DatabaseName: - default: Database name - DatabaseEngine: - default: Database negine - DatabaseVersion: - default: Database version - DatabaseUser: - default: Database user - DatabasePassword: - default: Database password - DatabaseInstance: - default: Database instance type - DBAllocatedStorage: - default: Database allocated storage - MultiAZDatabase: - default: High available database - QSS3BucketName: - default: Quick Start S3 bucket name - QSS3KeyPrefix: - default: Quick Start S3 key prefix -Parameters: - KeyPairName: - Description: The name of an existing public/private key pair, which allows you - to securely connect to your instance after it launches. - Type: AWS::EC2::KeyPair::KeyName - AccessCIDR: - Description: The CIDR IP range that is permitted to access Artifactory. - We recommend that you set this value to a trusted IP range. - For example, you might want to grant only your corporate network access to the software. - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ - Type: String - RemoteAccessCIDR: - Description: The remote CIDR range for allowing SSH into the Bastion instance. - We recommend that you set this value to a trusted IP range. - For example, you might want to grant specific ranges inside your corporate network SSH access. - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ - Type: String - AvailabilityZones: - Description: The list of Availability Zones to use for the subnets in the VPC. Two - Availability Zones are used for this deployment, and the logical order of your - selections is preserved. - Default: us-west-2a, us-west-1b - Type: List - VPCCIDR: - Description: The CIDR block for the VPC. - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ - ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 - Default: 10.0.0.0/16 - Type: String - PrivateSubnet1CIDR: - Description: The CIDR block for private subnet 1 located in Availability Zone 1. - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ - ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 - Default: 10.0.0.0/19 - Type: String - PrivateSubnet2CIDR: - Description: The CIDR block for private subnet 2 located in Availability Zone 2. - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ - ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 - Default: 10.0.32.0/19 - Type: String - PublicSubnet1CIDR: - Description: The CIDR block for the public (DMZ) subnet 1 located in Availability - Zone 1. - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ - ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 - Default: 10.0.128.0/20 - Type: String - PublicSubnet2CIDR: - Description: The CIDR block for the public (DMZ) subnet 2 located in Availability - Zone 2. - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ - ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 - Default: 10.0.144.0/20 - Type: String - ProvisionBastionHost: - Description: Choose Disabled to skip creating a bastion instance. Due to the Artifactory nodes being - created in private subnets, the default setting of Enabled this is highly recommended. - AllowedValues: - - "Enabled" - - "Disabled" - Default: "Enabled" - Type: String - BastionInstanceType: - Description: The size of the bastion instances. - AllowedValues: - - t2.nano - - t2.micro - - t2.small - - t2.medium - - t2.large - - m3.large - - m3.xlarge - - m3.2xlarge - - m4.large - - m4.xlarge - - m4.2xlarge - - m4.4xlarge - Default: "t2.micro" - Type: String - BastionRootVolumeSize: - Description: The size of the root volume on the bastion instances. - Default: 10 - Type: Number - BastionEnableTCPForwarding: - Description: Choose whether to enable TCPForwarding via the bootstrapping of the bastion instance - or not. - AllowedValues: - - "true" - - "false" - Default: "true" - Type: String - BastionEnableX11Forwarding: - Description: Choose true to enable X11 via the bootstrapping of the bastion host. - Setting this value to true will enable X Windows over SSH. - X11 forwarding can be very useful but it is also a security risk, so we recommend - that you keep the default (false) setting unless required. - AllowedValues: - - "true" - - "false" - Default: "false" - Type: String - BastionOS: - Description: The Linux distribution for the Amazon Machine Image (AMI) to be used for the bastion instances. - AllowedValues: - - "Amazon-Linux-HVM" - - "CentOS-7-HVM" - - "Ubuntu-Server-14.04-LTS-HVM" - - "Ubuntu-Server-16.04-LTS-HVM" - - "SUSE-SLES-15-HVM" - Default: "Amazon-Linux-HVM" - Type: String - NumBastionHosts: - Description: The number of bastion instances to create. - AllowedValues: - - '1' - - '2' - - '3' - - '4' - Default: '1' - Type: String - ClusterName: - Description: The desired name for your ECS cluster. - Default: JFrog - Type: String - InstanceType: - Description: The EC2 instance type for the Artifactory Docker hosts. - AllowedValues: - - m4.xlarge - - m4.2xlarge - - m4.4xlarge - - m4.10xlarge - ConstraintDescription: Must contain valid instance type - Default: m4.xlarge - Type: String - VolumeSize: - Description: The size in GB of the available storage; the Quick Start will create an - Amazon Elastic Block Store (Amazon EBS) volumes of this size. - Default: 200 - Type: Number - NumberOfEC2Nodes: - Description: The number of EC2 nodes to create for the ECS cluster. There must be - enough nodes to run the number of secondaries plus the primary task. - AllowedValues: - - 3 - - 4 - - 5 - - 6 - - 7 - - 8 - Default: 3 - Type: Number - NumberOfSecondary: - Description: The number of secondary Artifactory servers to complete your - HA deployment. To fit the Artifactory best practices, the minimum number - is two; the maximum is seven. Do not select more than instances than you - have licenses for. - AllowedValues: - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - Default: 2 - Type: Number - ArtifactoryVersion: - Description: The version of Artifactory that you want to deploy into the Quick Start. - Please see the release notes to select the version you want to deploy. - https://www.jfrog.com/confluence/display/RTF/Release+Notes - #AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ - #ConstraintDescription: A version that matches X.X.X per Artifactory releases. - Default: 6.15.0 - Type: String - SMLicensesName: - Description: The secret name created in AWS Secrets Manager which contains the Artifactory licenses. - Type: String - Certificate: - Description: The certificate file to be used to terminate SSL. - AllowedPattern: ^(-----BEGIN CERTIFICATE-----)\n(.*?\n)+(-----END CERTIFICATE-----)$ - ConstraintDescription: A Certificate that begins with "-----BEGIN CERTIFICATE----- " and ends with "-----END CERTIFICATE----- " - Type: String - CertificateKey: - Description: The private key for the certificate. - AllowedPattern: ^(-----BEGIN [A-Za-z ]+ KEY-----)\n(.*?\n)+(-----END [A-Za-z ]+ KEY-----)$ - ConstraintDescription: A Private key that begins with "-----BEGIN PRIVATE KEY-----" and ends with "-----END PRIVATE KEY-----" - NoEcho: 'true' - Type: String - CertificateDomain: - Description: The domain matching that of the certificate. Ensure that it matches your certificate. - AllowedPattern: ^[A-Za-z0-9]+[.A-Za-z0-9]+[A-Za-z0-9]$ - ConstraintDescription: The domain must not start or end with a '.' - Type: String - ArtifactoryServerName: - Description: The name of your Artifactory server. Ensure that this matches your certificate. - Type: String - MasterKey: - Description: The master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'. - AllowedPattern: ^[a-zA-Z0-9]+$ - MinLength: '1' - MaxLength: '64' - ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters. - NoEcho: 'true' - Type: String - ExtraJavaOptions: - Description: Setting Java memory parameters for Artifactory. For more information, see the Artifactory - system requirements. - https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware. - Default: -Xmx4g - Type: String - AnsibleVaultPass: - Description: The Ansible Vault password to protect the Artifactory YAML configuration file - generated during the Artifactory deployment. This YAML file is stored on the EC2 nodes - and secured with this password. - NoEcho: 'true' - Type: String - DatabaseName: - Description: The name for your DB instance. The name must be unique across all DB instances - owned by your AWS account in the current AWS Region. The DB instance identifier is case-insensitive, - but is stored as all lowercase (as in "mydbinstance"). - AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ - MinLength: '1' - MaxLength: '60' - ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter. - Default: artdb - Type: String - DatabaseEngine: - Description: The database engine that you want to run, currently locked to MySQL. - AllowedValues: - - MySQL - Default: MySQL - Type: String - DatabaseVersion: - Description: The major version of the MySQL database engine you want to run. This is currently locked to MySQL versions - supported by Artifactory and RDS. - AllowedValues: - - 5.5 - - 5.6 - - 5.7 - Default: 5.7 - Type: String - DatabaseUser: - Description: The login ID for the master user of your DB instance. - MinLength: '1' - MaxLength: '16' - AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ - ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter - Default: artifactory - Type: String - DatabasePassword: - Description: The password for the Artifactory database user. - AllowedPattern: ^[^ \\']+$ - MinLength: '8' - MaxLength: '12' - ConstraintDescription: Must be at least 8 and no more than - 12 characters containing letters and (minimum 1 capital letter), numbers and - symbols. - NoEcho: 'true' - Type: String - DatabaseInstance: - Description: The size of the database to be deployed as part of the Quick Start. - AllowedValues: - - db.m3.medium - - db.m3.large - - db.m3.xlarge - - db.m3.2xlarge - - db.m4.large - - db.m4.xlarge - - db.m4.2xlarge - - db.m4.10xlarge - - db.m4.16xlarge - - db.m5.large - - db.m5.xlarge - - db.m5.2xlarge - - db.m5.4xlarge - - db.m5.12xlarge - - db.m5.24xlarge - ConstraintDescription: Must be a valid database Instance Type. - Default: db.m4.large - Type: String - DBAllocatedStorage: - Description: The size in GB of the available storage for the database instance. - MinValue: 5 - MaxValue: 1024 - Default: 10 - Type: Number - MultiAZDatabase: - Description: Choose false to create an Amazon RDS instance in a single Availability Zone. - ConstraintDescription: True or False - AllowedValues: - - "true" - - "false" - Default: "true" - Type: String - QSS3BucketName: - Description: S3 bucket name for the Quick Start assets. This string can include - numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start - or end with a hyphen (-). - AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ - ConstraintDescription: Quick Start bucket name can include numbers, lowercase - letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen - (-). - Default: aws-quickstart - Type: String - QSS3KeyPrefix: - Description: S3 key prefix for the Quick Start assets. Quick Start key prefix - can include numbers, lowercase letters, uppercase letters, hyphens (-), and - forward slash (/). - AllowedPattern: ^[0-9a-zA-Z-/]*$ - ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, - uppercase letters, hyphens (-), and forward slash (/). - Default: quickstart-jfrog-artifactory/ - Type: String -Resources: - VPCStack: - Type: AWS::CloudFormation::Stack - Properties: - TemplateURL: - Fn::Sub: https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template - Parameters: - AvailabilityZones: - Fn::Join: - - ',' - - Ref: AvailabilityZones - KeyPairName: - Ref: KeyPairName - NumberOfAZs: '2' - PrivateSubnet1ACIDR: - Ref: PrivateSubnet1CIDR - PrivateSubnet2ACIDR: - Ref: PrivateSubnet2CIDR - PublicSubnet1CIDR: - Ref: PublicSubnet1CIDR - PublicSubnet2CIDR: - Ref: PublicSubnet2CIDR - VPCCIDR: - Ref: VPCCIDR - ArtifactoryExistingVPCStack: - Type: AWS::CloudFormation::Stack - Properties: - TemplateURL: !Sub 'https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/jfrog-jcr6-ecs-existing-vpc.template.yaml' - Parameters: - KeyPairName: !Ref KeyPairName - VPCID: !GetAtt VPCStack.Outputs.VPCID - VPCCIDR: !Ref VPCCIDR - PublicSubnet1ID: !GetAtt VPCStack.Outputs.PublicSubnet1ID - PublicSubnet2ID: !GetAtt VPCStack.Outputs.PublicSubnet2ID - PrivateSubnet1ID: !GetAtt VPCStack.Outputs.PrivateSubnet1AID - PrivateSubnet2ID: !GetAtt VPCStack.Outputs.PrivateSubnet2AID - PrivateSubnet1CIDR: !Ref PrivateSubnet1CIDR - PrivateSubnet2CIDR: !Ref PrivateSubnet2CIDR - AccessCIDR: !Ref AccessCIDR - RemoteAccessCIDR: !Ref RemoteAccessCIDR - ProvisionBastionHost: !Ref ProvisionBastionHost - BastionInstanceType: !Ref BastionInstanceType - BastionRootVolumeSize: !Ref BastionRootVolumeSize - BastionEnableTCPForwarding: !Ref BastionEnableTCPForwarding - BastionEnableX11Forwarding: !Ref BastionEnableX11Forwarding - BastionOS: !Ref BastionOS - NumBastionHosts: !Ref NumBastionHosts - ClusterName: !Ref ClusterName - InstanceType: !Ref InstanceType - VolumeSize: !Ref VolumeSize - NumberOfSecondary: !Ref NumberOfSecondary - NumberOfEC2Nodes: !Ref NumberOfEC2Nodes - ArtifactoryVersion: !Ref ArtifactoryVersion - SMLicensesName: !Ref SMLicensesName - Certificate: !Ref Certificate - CertificateKey: !Ref CertificateKey - CertificateDomain: !Ref CertificateDomain - ArtifactoryServerName: !Ref ArtifactoryServerName - MasterKey: !Ref MasterKey - ExtraJavaOptions: !Ref ExtraJavaOptions - AnsibleVaultPass: !Ref AnsibleVaultPass - DatabaseName: !Ref DatabaseName - DatabaseEngine: !Ref DatabaseEngine - DatabaseVersion: !Ref DatabaseVersion - DatabaseUser: !Ref DatabaseUser - DatabasePassword: !Ref DatabasePassword - DatabaseInstance: !Ref DatabaseInstance - DBAllocatedStorage: !Ref DBAllocatedStorage - MultiAZDatabase: !Ref MultiAZDatabase - QSS3BucketName: !Ref QSS3BucketName - QSS3KeyPrefix: !Ref QSS3KeyPrefix - -Outputs: - ArtifactoryUrl: - Description: URL of the ELB to access Artifactory - Value: !Sub ${ArtifactoryExistingVPCStack.Outputs.ArtifactoryUrl} - BastionIP: - Value: !Sub ${ArtifactoryExistingVPCStack.Outputs.BastionIP} - Description: Bastion host IP, for admin access via SSH diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/templates/jfrog-jcr6-ecs.template.yaml b/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/templates/jfrog-jcr6-ecs.template.yaml deleted file mode 100644 index d041c51..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-ECS/templates/jfrog-jcr6-ecs.template.yaml +++ /dev/null @@ -1,183 +0,0 @@ -AWSTemplateFormatVersion: "2010-09-09" -Description: "Deploys the ECS Artifactory Service and Task" -Parameters: - ECSCluster: - Type: String - ServiceName: - Type: String - ArtifactoryTargetGroupArn: - Type: String - ArtifactoryVersion: - Type: String - DBPlugin: - Type: String - MasterKey: - Type: String - NoEcho: 'true' - ExtraJavaOptions: - Type: String - ArtifactoryPrimary: - Type: String - NumberNodes: - Type: Number - DBType: - Type: String - DatabaseUser: - Type: String - DatabaseName: - Type: String - DatabasePassword: - Type: String - NoEcho: 'true' - ArtifactoryDBEndpointAddress: - Type: String - ECSRoleArn: - Type: String - ECSLogGroup: - Type: String -Resources: - ECSService: - Type: AWS::ECS::Service - Properties: - Cluster: !Ref ECSCluster - ServiceName: !Ref ServiceName - LaunchType: EC2 - DesiredCount: !Ref NumberNodes - LoadBalancers: - - ContainerName: nginx - ContainerPort: 443 - TargetGroupArn: !Ref ArtifactoryTargetGroupArn - TaskDefinition: - Ref: ArtifactoryTaskDefinition - HealthCheckGracePeriodSeconds: 300 - ArtifactoryTaskDefinition: - Type: AWS::ECS::TaskDefinition - Properties: - Cpu: "2048" - Family: !Sub ${ServiceName}-Task - Memory: "4096" - NetworkMode: bridge - RequiresCompatibilities: - - EC2 - ExecutionRoleArn: !Ref ECSRoleArn - Volumes: - - Name: etc - Host: - SourcePath: /data/jfrog/artifactory/etc/ - - Name: temp-plugins - Host: - SourcePath: /data/jfrog/artifactory/tmp/plugins - - Name: java-certs - Host: - SourcePath: /data/jfrog/artifactory/java_certs - - Name: plugins - Host: - SourcePath: !Sub - /data/jfrog/artifactory/plugins/${DBPlugin} - - Name: nginx - Host: - SourcePath: /data/jfrog/nginx - ContainerDefinitions: - - Name: artifactory - EntryPoint: - - /bin/bash - - "-c" - Command: - - "echo export HA_HOST_IP=`wget -q -O - http://169.254.169.254/latest/meta-data/local-ipv4` > /tmp/source; echo /entrypoint-artifactory.sh >> /tmp/source; chmod +x /tmp/source; /tmp/source" - Image: !Sub - docker.bintray.io/jfrog/artifactory-pro:${ArtifactoryVersion} - PortMappings: - - ContainerPort: 8081 - HostPort: 8081 - Protocol: tcp - MountPoints: - - ContainerPath: /artifactory_extra_conf - ReadOnly: False - SourceVolume: etc - - ContainerPath: /tmp/plugins - ReadOnly: False - SourceVolume: temp-plugins - - ContainerPath: /artifactory_extra_certs - ReadOnly: False - SourceVolume: java-certs - - ContainerPath: !Sub - /opt/jfrog/artifactory/tomcat/lib/${DBPlugin} - ReadOnly: False - SourceVolume: plugins - Ulimits: - - Name: nproc - SoftLimit: 65535 - HardLimit: 65535 - - Name: nofile - SoftLimit: 32000 - HardLimit: 40000 - HealthCheck: - Command: - - CMD-SHELL - - (printf 'GET / HTTP/1.0\r\n\r\n'; sleep 1) | nc 127.0.0.1 8081 | grep OK || exit 1 - Interval: 5 - Retries: 3 - StartPeriod: 60 - Timeout: 10 - Environment: - - Name: EXTRA_JAVA_OPTIONS - Value: !Ref ExtraJavaOptions - - Name: ARTIFACTORY_MASTER_KEY - Value: !Ref MasterKey - - Name: HA_IS_PRIMARY - Value: !Ref ArtifactoryPrimary - - Name: DB_URL - Value: !Sub - jdbc:mysql://${ArtifactoryDBEndpointAddress}:3306/${DatabaseName}?characterEncoding=UTF-8&elideSetAutoCommits=true&verifyServerCertificate=true&useSSL=false&requireSSL=false - - Name: DB_TYPE - Value: !Ref DBType - - Name: DB_USER - Value: !Ref DatabaseUser - - Name: DB_PASSWORD - Value: !Ref DatabasePassword - LogConfiguration: - LogDriver: awslogs - Options: - awslogs-group: !Ref ECSLogGroup - awslogs-region: !Ref AWS::Region - awslogs-stream-prefix: artifactory - - Name: nginx - Image: !Sub - docker.bintray.io/jfrog/nginx-artifactory-pro:6.14.1 - PortMappings: - - ContainerPort: 80 - HostPort: 80 - Protocol: tcp - - ContainerPort: 443 - HostPort: 443 - Protocol: tcp - Essential: false - DependsOn: - - Condition: HEALTHY - ContainerName: artifactory - Links: - - artifactory:artifactory - MountPoints: - - ContainerPath: /var/opt/jfrog/nginx - ReadOnly: False - SourceVolume: nginx - Ulimits: - - Name: nproc - SoftLimit: 65535 - HardLimit: 65535 - - Name: nofile - SoftLimit: 32000 - HardLimit: 40000 - Environment: - - Name: ART_BASE_URL - Value: http://artifactory:8081/artifactory - - Name: SSL - Value: "true" - LogConfiguration: - LogDriver: awslogs - Options: - awslogs-group: - Ref: ECSLogGroup - awslogs-region: - Ref: AWS::Region - awslogs-stream-prefix: nginx \ No newline at end of file diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-EKS/.gitmodules b/JFrogContainerRegistry/aws/CloudFormation-JCR-EKS/.gitmodules deleted file mode 100644 index 940bc00..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-EKS/.gitmodules +++ /dev/null @@ -1,12 +0,0 @@ -[submodule "submodules/quickstart-aws-vpc"] - path = submodules/quickstart-aws-vpc - url = https://github.com/aws-quickstart/quickstart-aws-vpc.git - branch = master -[submodule "submodules/quickstart-linux-bastion"] - path = submodules/quickstart-linux-bastion - url = https://github.com/aws-quickstart/quickstart-linux-bastion.git - branch = master -[submodule "submodules/quickstart-amazon-eks"] - path = submodules/quickstart-amazon-eks - url = https://github.com/aws-quickstart/quickstart-amazon-eks.git - branch = master diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-EKS/LICENSE.txt b/JFrogContainerRegistry/aws/CloudFormation-JCR-EKS/LICENSE.txt deleted file mode 100644 index 8f71f43..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-EKS/LICENSE.txt +++ /dev/null @@ -1,202 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-EKS/Makefile b/JFrogContainerRegistry/aws/CloudFormation-JCR-EKS/Makefile deleted file mode 100644 index cc28cac..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-EKS/Makefile +++ /dev/null @@ -1,34 +0,0 @@ -.PHONY: help run submodules - -submodules: - git submodule init - git submodule update - cd submodules/quickstart-linux-bastion && git submodule init && git submodule update - cd submodules/quickstart-amazon-eks && git submodule init && git submodule update - -help: - @echo "make test : executes taskcat" - -create: - aws cloudformation create-stack --stack-name test --template-body file://$(pwd)/templates/jfrog-artifactory-ec2-new-vpc.template --parameters $(cat .ignore/params) --capabilities CAPABILITY_IAM - -delete: - aws cloudformation delete-stack --stack-name test - -.ONESHELL: -test: lint submodules - cd .. && pwd && taskcat -c theflash/ci/config.yml -n - -lint: - time taskcat -l -c ci/config.yml - -public_repo: - taskcat -c theflash/ci/config.yml -u - #https://taskcat-tag-quickstart-jfrog-artifactory-c2fa9d34.s3-us-west-2.amazonaws.com/quickstart-jfrog-artifactory/templates/jfrog-artifactory-ec2-master.template - #curl https://taskcat-tag-quickstart-jfrog-artifactory-7008506c.s3-us-west-2.amazonaws.com/quickstart-jfrog-artifactory/templates/jfrog-artifactory-ec2-master.template - -get_public_dns: - aws elb describe-load-balancers | jq '.LoadBalancerDescriptions[]| .CanonicalHostedZoneName' - -get_bastion_ip: - aws ec2 describe-instances | jq '.[] | select(.[].Instances[].Tags[].Value == "LinuxBastion") ' diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-EKS/README.md b/JFrogContainerRegistry/aws/CloudFormation-JCR-EKS/README.md deleted file mode 100644 index e69de29..0000000 diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-EKS/ci/jfrog-new-vpc-jcr6-eks.json b/JFrogContainerRegistry/aws/CloudFormation-JCR-EKS/ci/jfrog-new-vpc-jcr6-eks.json deleted file mode 100755 index 87d9beb..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-EKS/ci/jfrog-new-vpc-jcr6-eks.json +++ /dev/null @@ -1,70 +0,0 @@ -[ - { - "ParameterKey": "KeyPairName", - "ParameterValue": "$[taskcat_getkeypair]" - }, - { - "ParameterKey": "RemoteAccessCIDR", - "ParameterValue": "10.0.0.0/16" - }, - { - "ParameterKey": "AccessCIDR", - "ParameterValue": "10.0.0.0/16" - }, - { - "ParameterKey": "AvailabilityZones", - "ParameterValue": "$[taskcat_genaz_3]" - }, - { - "ParameterKey": "DatabasePassword", - "ParameterValue": "$[taskcat_genpass_8A]" - }, - { - "ParameterKey": "QSS3BucketName", - "ParameterValue": "$[taskcat_autobucket]" - }, - { - "ParameterKey": "QSS3KeyPrefix", - "ParameterValue": "quickstart-jfrog-artifactory/" - }, - { - "ParameterKey": "SMLicensesName", - "ParameterValue": "jfrog-artifactory" - }, - { - "ParameterKey": "DatabaseInstance", - "ParameterValue": "db.t3.medium" - }, - { - "ParameterKey": "ArtifactoryVersion", - "ParameterValue": "6.15.0" - }, - { - "ParameterKey": "CertificateDomain", - "ParameterValue": "localdomain" - }, - { - "ParameterKey": "MasterKey", - "ParameterValue": "1ce2be4490ca2c662cb79636cf9b7b8e" - }, - { - "ParameterKey": "Certificate", - "ParameterValue": "-----BEGIN CERTIFICATE-----\nMIIFaDCCA1ACCQD45dB5tZFvCDANBgkqhkiG9w0BAQsFADB2MQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCQ0ExEjAQBgNVBAcMCVN1bm55dmFsZTEOMAwGA1UECgwFSkZy\nb2cxFDASBgNVBAsMC0FydGlmYWN0b3J5MSAwHgYDVQQDDBdhcnRpZmFjdG9yeS5s\nb2NhbGRvbWFpbjAeFw0xOTA3MjMyMzE4MjVaFw0yMDA3MjIyMzE4MjVaMHYxCzAJ\nBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJU3Vubnl2YWxlMQ4wDAYD\nVQQKDAVKRnJvZzEUMBIGA1UECwwLQXJ0aWZhY3RvcnkxIDAeBgNVBAMMF2FydGlm\nYWN0b3J5LmxvY2FsZG9tYWluMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC\nAgEA0b3OgTFKkNbXXHzPv3l9IqX7fFZcfS2ZMD4mBuNlGQ6kyyraeoKKiVdkOgQV\n/dwDxLeW6y+637J2KBiZTccHUS8/eC5ky9E6ECeFToCYsucUKRiWo9Uss6XS1N+Q\nKQHktCVYy+KFDkJIVEL6LFbUMLz0k1jOhI/FRveT8LQ9cZsfy8KIrCF92ErcdPSL\n02KO6RgaBjxRFtAw2ZdO07O9kcKBC5BpJdrEnJHalVJsJbZOqIuNjyKKp/8s9TtW\nEYhXAbz05RrdQ97Cse1a/rHR5EWL+ITRw3Q/mQUv/ilSrSxb+chtgGb0qdP7aV0h\nLOuxttQFFU2o62LHqnda6dWljxKpSYUz47ugCK0M4T2bRhy7lUgmZ3PcfZYLE2ue\nh1qIJfkDfi1WpbptJAs4MbgfTvF2FCAsh8tyFnl+TA5QBWLRcOF9y1qUAATa1JKX\nzKGf/5hExBRpuq371j4SLAb5qXYUuQqZiCe3O6qTx2Wo/jAOPV49wfK9D9fW5qmq\nND1Rpp8sKjlb2ixm7dhCWyWV+iGHpzX5tjBW35rikAisUoap47I1fNzYMiSTvbhv\n2+by2YY8jsiYRCRIAKzRbgOgDOXnYVtWFpLgUldMqWqo+X3LztYE8CxD0CQK5u12\nGxM5ztXKEaitCqUSjY34Gl4owukA9tzGnu09OuAYGkxVBO0CAwEAATANBgkqhkiG\n9w0BAQsFAAOCAgEATH4kyuKvZtq32b3I7yZ27Xp2yaxABs17g0jAzkv7o9GILo+3\ncVAJS2warQti+c+A2edjqEc97JXb6ul7/SHs7B9B0P4BZSUsI0byuPlQ45Kht891\njz3SF1o6jpKTniQPqsulMMshmYB6oY6CIyvKpaMaG3DypEXFmwEU7CdWr7oVISkn\npU6N6fI+V94Wzd1yHL8Jm/ixP4lqBAZqDhxNRq/Vok94wu2jvWwPIn2M+9myAiOs\nTSpcqLg8Vn70XkK5uuN1UXYU5QDo78GEZpOj7YfCxVjB43Ct/sEiu3iB0GzyEvq6\njlv07H9PyLjYeM7CuhZdgULBqEWbqNhO5XL/QJMYG06kXkT3GiWFP8pjnQRcJM4Z\nqQv8fOTDTuX5GumXKctXJwc7y9uywoIPwffEKlGuofWhihy8r/YXu2BgShDF3zYV\n1RAHVcWtPT5IqejpRZX5LdL4Hr2eCeUkcVCo7qqYLEwxFnQNG1nMrJJ2ewnlzPac\nJNNPRXgTDF3OkbON+3Wn/H0ndqIoqapHXSlkR54Stsk9yjHuaJ9TCANw2mxMDzf0\nRGw9ecirjpzQdP9jT/zK9X4kqFc0T3P6qN3X3s/OPPbroassRk/eqI/oMS6lNcQm\ny+SvRUrdtzKgmAfVE5yMLTVG0cZM4gWJ35DZHHqWnrbFEg7C0NLzoYc6yeQ=\n-----END CERTIFICATE-----" - }, - { - "ParameterKey": "CertificateKey", - "ParameterValue": "-----BEGIN PRIVATE KEY-----\nMIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDRvc6BMUqQ1tdc\nfM+/eX0ipft8Vlx9LZkwPiYG42UZDqTLKtp6goqJV2Q6BBX93APEt5brL7rfsnYo\nGJlNxwdRLz94LmTL0ToQJ4VOgJiy5xQpGJaj1SyzpdLU35ApAeS0JVjL4oUOQkhU\nQvosVtQwvPSTWM6Ej8VG95PwtD1xmx/LwoisIX3YStx09IvTYo7pGBoGPFEW0DDZ\nl07Ts72RwoELkGkl2sSckdqVUmwltk6oi42PIoqn/yz1O1YRiFcBvPTlGt1D3sKx\n7Vr+sdHkRYv4hNHDdD+ZBS/+KVKtLFv5yG2AZvSp0/tpXSEs67G21AUVTajrYseq\nd1rp1aWPEqlJhTPju6AIrQzhPZtGHLuVSCZnc9x9lgsTa56HWogl+QN+LValum0k\nCzgxuB9O8XYUICyHy3IWeX5MDlAFYtFw4X3LWpQABNrUkpfMoZ//mETEFGm6rfvW\nPhIsBvmpdhS5CpmIJ7c7qpPHZaj+MA49Xj3B8r0P19bmqao0PVGmnywqOVvaLGbt\n2EJbJZX6IYenNfm2MFbfmuKQCKxShqnjsjV83NgyJJO9uG/b5vLZhjyOyJhEJEgA\nrNFuA6AM5edhW1YWkuBSV0ypaqj5fcvO1gTwLEPQJArm7XYbEznO1coRqK0KpRKN\njfgaXijC6QD23Mae7T064BgaTFUE7QIDAQABAoICAAgKDnBFQ2Zp1bdl0VC1h2Zc\nllcduE3UAZsnxq1c6fMb7JUc/2LSvhyljOHsZitk04AmyVIacj9Ax+ahir7Acjda\naERjAtoNGvyjhyiLJU82LD+nAZ8l/KCmKn6eUxg/SlTdWZn3BMKXJ86TAqPQcDGu\nDHHZZZEPMbCWrMT9I53HJGDbBAIVBo3T0L9q4DEqBfBJTDYQ+cq2EClG826J5SpB\nGlEnJ+Cbkg2uSYKPtjV712f+cV6bJFVsIn0D2Tiy0SLv6zMc5H5Fe5D2WBaLGlB1\nmffcn22udwGWgVBspQ6eNKhOVmQljhs0VN6lAzCFmDo5xjga0e6zypNuH732wnG3\nrOoIs6Qo5FQT4fSRSdSANlWJ8cF1OPL7ll0CN1BGfNa304s/C+qNO9SgMn6gmp3G\nuXYSgILp5UraRvn/KYXXVf/IRYrg6bnJ1TcuKCWJPjtibFLmIZutPkOTNF3YSW4s\nUOfLFK8Ky4r0/H6Nzt1r/f9qPHqVG7ILPWP1fwpcq06Tb6wvrJ1xkW9f3JTiWLMi\njkDiuQTmDf1JOk/TslZ3Mj6JDYFdHgT3lZdSNHiRuGgQ278ax/waSRn5W0LXr5b5\ntdHOBqLKnq7l96Hj0IArcrgh1ocJw4pP9JFWGDV2zfG+HzTf6QGmWj6j1Vf/91VN\n75tJmgKjScdU/DX+hTQBAoIBAQDy1YVc5Xwr+JzBV+xMorzVdaZ9Fwpycoy7OPy2\nNjFk1XD/cSDDK7aTDd9v8HF8Kmw4kVtngIkP/kdY4Gdu1oP22f2wkKjXGFQaRWPl\nNNEDhC+f7tjvGbF702jhB0kFdn3f7fEWyr4j8FP4xUqOczF2tzPgKeTkfz+ckQ0m\nDgmjm3vcPb+ZDLDE7fBw0On/qZr9dCH0oBwl7CMWmKggzYQEKNBbJowBwIlwTmL6\nI8Xzj7CAcV9sIVboJb7jNQPOCzHJA9bTGf5LMbD6X6D6Avlvd1J74/fFWkLME6CI\n0mlF5aOW2qKMo57DtnnEEKCL/6DXPfRvX6CuwbHqS5SIbwnxAoIBAQDdHPfDcpjU\n51KgFe4WoygNGVI604Aqv4ZnumJ4oshS71KqQidXgGBch9fDUad1txbDkeOHFW4u\nYwT67VsHeP7jbCA1Rn7MY8DASlSdJkZ7e4trUh1xfYH5tJK3i5hXMPu221sc7l5z\nNTKlohn00tIjy0adehk5oIyr1w1l9DtX6TMK2uNa7Z79mYFZLhrWRX6a93M4MA+J\nTq0bKF8j+x8RG2VZF6mom4XkHLOhYC9osG4xbj8AbhKBt9XrUcu+TT9Ct/kE7b54\ncvWtyf19cwviApebfQIn31pwieUaSncztSHdARCgVETP1334yOtrgKWb3CifaQHH\n0N+BqsrJR469AoIBAHAufAHCcm7N13zqZVuyApKKW3OGZWkhyinj1btHpeHzSNR5\nKq1/UET3L7XC2mqGHqCzZgqWsrsUuVkxshbeOvCbHDupWJalwpSwYcnNcJGzS10T\nNlye/gM6U0VB3FYNu3Drt2jUGKr5p5FRc3QDe2JgmDKCqB93OafWysA90+4lMj84\nt365AiC321AC81cMv3E/aUBdhyNtx3f05hbhWo+hW0AAusVEcTnUvJzaUeSHCP8N\nYQvPCxsL9Pd50lwph8JZZ7D2XSfXuO6xpuhY32rDMPPTCO+/FwS4PH141vFXeQ+D\nyXw3Sm0Xq4EMPV7vpRpKoNWi09Rn3w1iBShSQ8ECggEBAK7l3flEaS1m+I1WK2jO\nj7ykvc14RJYLvwXHgWKI6EnpsgqonzPwgMhQT1PY/8v2EdSKTl4ojmm0u1i8bNeh\nVoSPn35kj6GeefXgFcPkZbYBCEvQvSdrLmdU9QSoL80wGrsOEaj1x9H7T1+CtGNa\nawwTG30u+ksB+qNmTNvLbzFfbZd1gocHFE7moFDpTiMU/0sW1pWoNnHWwMiNi4wL\ndAx1DhqFxBZxRlwkc9X/HiECBXemC8GMT6k5v8UOg0m5EoP0v82tPI9L55cbAh67\n5LdWc5NzM0RUwNXpzUWZh2ZoLSwCTqNzZKa+fo9OZiE3tkdtwtgtGFJ0noaTkSnb\nJ0UCggEAWh58mtJ9TdAZdtU7kkx1/3c91hxl+up8PTSS6BdFa8DXxt9iQq4r914c\nVbfdnzKH7K245alH2aOcdw/TrK0ulQOazGGX2E6pWJV/ndxaUM4beUDUYbTVec3O\niVFWQT/Kp4WQktHQIu0w2fZElgOo30X3eTFEx0bvAm9Or2PiR34JAB5yerrEuFWq\n+Y3oZVb1tzJgLrVqAE6ct/TwkzhLaehlzPFNQb1u5POe3aUHjr5gsZDkqZua3Ys2\nQhArEEmrhEqRBACPWKWb6fSc+ajYlhltLg2g3EMqL4arW/3hgI2KS0vdiPtMRDvQ\n2YpoPnf204ak0AcDNZX257FnjRltUg==\n-----END PRIVATE KEY-----" - }, - { - "ParameterKey": "CertificateDomain", - "ParameterValue": "localdomain" - }, - { - "ParameterKey": "PrivateRepoUsername", - "ParameterValue": "" - }, - { - "ParameterKey": "PrivateRepoApiKey", - "ParameterValue": "" - } -] diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-EKS/ci/taskcat.yml b/JFrogContainerRegistry/aws/CloudFormation-JCR-EKS/ci/taskcat.yml deleted file mode 100755 index 53f1017..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-EKS/ci/taskcat.yml +++ /dev/null @@ -1,13 +0,0 @@ -global: - marketplace-ami: false - owner: quickstart-eng@amazon.com - qsname: quickstart-jfrog-artifactory - regions: - - us-west-2 - reporting: true -tests: - jfrog-artifactory-jcr6-eks: - parameter_input: jfrog-new-vpc-jcr6-eks.json - template_file: jfrog-jcr6-eks-master.template.yaml - regions: - - us-west-2 diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-EKS/templates/jfrog-jcr6-eks-core-workload.template.yaml b/JFrogContainerRegistry/aws/CloudFormation-JCR-EKS/templates/jfrog-jcr6-eks-core-workload.template.yaml deleted file mode 100755 index 8f15f43..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-EKS/templates/jfrog-jcr6-eks-core-workload.template.yaml +++ /dev/null @@ -1,301 +0,0 @@ -AWSTemplateFormatVersion: "2010-09-09" -Description: "Deploys Artifactory into an existing Kubernetes cluster" -Parameters: - KubeManifestLambdaArn: - Type: String - HelmLambdaArn: - Type: String - KubeConfigPath: - Type: String - KubeConfigKmsContext: - Type: String - KubeGetLambdaArn: - Type: String - NumberOfSecondary: - Type: Number - AccessCIDR: - Type: String - ArtifactoryLicense1: - Type: String - ArtifactoryLicense2: - Type: String - ArtifactoryLicense3: - Type: String - ArtifactoryLicense4: - Type: String - ArtifactoryIAMAcessKey: - Type: String - NoEcho: 'true' - SecretAccessKey: - Type: String - NoEcho: 'true' - ArtifactoryS3Bucket: - Type: String - CertificateKey: - Type: String - NoEcho: 'true' - Certificate: - Type: String - CertificateDomain: - Type: String - PrivateRepoUsername: - NoEcho: 'true' - Type: String - PrivateRepoApiKey: - NoEcho: 'true' - Type: String - ArtifactoryDBEndpointAddress: - Type: String - DatabaseName: - Type: String - NoEcho: 'true' - DatabaseUser: - Type: String - DatabasePassword: - Type: String - NoEcho: 'true' - MasterKey: - Type: String - NoEcho: 'true' - ArtifactoryVersion: - Type: String - ArtifactoryDeploymentSize: - Type: String -Mappings: - DeploymentSize: - Large: - requestsMem: "6Gi" - requestsCpu: "4" - limitsMem: "10Gi" - limitsCpu: "8" - javaOptsXms: "6g" - javaOptsXmx: "8g" - Medium: - requestsMem: "4Gi" - requestsCpu: "2" - limitsMem: "8Gi" - limitsCpu: "6" - javaOptsXms: "4g" - javaOptsXmx: "6g" - Small: - requestsMem: "4Gi" - requestsCpu: "2" - limitsMem: "6Gi" - limitsCpu: "4" - javaOptsXms: "4g" - javaOptsXmx: "4g" -Resources: - NameSpace: - Type: "Custom::KubeManifest" - Version: '1.0' - Properties: - ServiceToken: !Ref KubeManifestLambdaArn - KubeConfigPath: !Ref KubeConfigPath - KubeConfigKmsContext: !Ref KubeConfigKmsContext - Manifest: - kind: Namespace - apiVersion: v1 - metadata: - name: jfrog-artifactory - labels: - app: artifactory - CertificateStore: - DependsOn: NameSpace - Type: "Custom::KubeManifest" - Version: '1.0' - Properties: - ServiceToken: !Ref KubeManifestLambdaArn - KubeConfigPath: !Ref KubeConfigPath - KubeConfigKmsContext: !Ref KubeConfigKmsContext - Manifest: - kind: Secret - apiVersion: v1 - metadata: - name: artifactory-nginx-tls - namespace: jfrog-artifactory - labels: - app: artifactory - chart: artifactory - type: kubernetes.io/tls - data: - tls.crt: - Fn::Base64: - !Sub "${Certificate}" - tls.key: - Fn::Base64: - !Sub "${CertificateKey}" - LicenseStore: - DependsOn: NameSpace - Type: "Custom::KubeManifest" - Version: '1.0' - Properties: - ServiceToken: !Ref KubeManifestLambdaArn - KubeConfigPath: !Ref KubeConfigPath - KubeConfigKmsContext: !Ref KubeConfigKmsContext - Manifest: - kind: Secret - apiVersion: v1 - metadata: - name: artifactory-cluster-license - namespace: jfrog-artifactory - labels: - app: artifactory - chart: artifactory - type: Opaque - stringData: - art.lic: !Sub - >- - ${ArtifactoryLicense1} - - - ${ArtifactoryLicense2} - - - ${ArtifactoryLicense3} - - - ${ArtifactoryLicense4} - ArtifactoryDeployment: - Type: "Custom::Helm" - DependsOn: - - LicenseStore - - CertificateStore - Version: '1.0' - Properties: - ServiceToken: !Ref HelmLambdaArn - KubeConfigPath: !Ref KubeConfigPath - KubeConfigKmsContext: !Ref KubeConfigKmsContext - Namespace: jfrog-artifactory - Name: quickstart-artifactory-ha - Chart: jfrog/artifactory-ha - RepoUrl: https://charts.jfrog.io - ValueYaml: !Sub - - | - artifactory: - name: artifactory-ha - image: - repository: docker.bintray.io/jfrog/artifactory-jcr - version: ${ArtifactoryVersion} - pullPolicy: Always - deleteDBPropertiesOnStartup: true - license: - secret: artifactory-cluster-license - dataKey: art.lic - masterKey: ${MasterKey} - preStartCommand: "wget -O /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar" - persistence: - enabled: false - type: aws-s3 - awsS3: - endpoint: s3.${AWS::Region}.amazonaws.com - region: ${AWS::Region} - identity: ${ArtifactoryIAMAcessKey} - credential: ${SecretAccessKey} - bucketName: ${ArtifactoryS3Bucket} - primary: - resources: - requests: - memory: "${requests_memory}" - cpu: "${requests_cpu}" - limits: - memory: "${limits_memory}" - cpu: "${limits_cpu}" - javaOpts: - xms: "${java_xms}" - xmx: "${java_xmx}" - nodeSelector: - partition: artifactory-primary - node: - replicaCount: ${NumberOfSecondary} - resources: - requests: - memory: "${requests_memory}" - cpu: "${requests_cpu}" - limits: - memory: "${limits_memory}" - cpu: "${limits_cpu}" - javaOpts: - xms: "${java_xms}" - xmx: "${java_xmx}" - nodeSelector: - partition: artifactory-secondary - ## Only used if "affinity" is empty - podAntiAffinity: - ## Valid values are "soft" or "hard"; any other value indicates no anti-affinity - type: "soft" - topologyKey: "kubernetes.io/hostname" - postgresql: - enabled: false - database: - type: mysql - url: jdbc:mysql://${ArtifactoryDBEndpointAddress}:3306/${DatabaseName}?characterEncoding=UTF-8&elideSetAutoCommits=true #&verifyServerCertificate=true&useSSL=true&requireSSL=true - user: ${DatabaseUser} - password: ${DatabasePassword} - nginx: - image: - repository: docker.bintray.io/jfrog/nginx-artifactory-pro - version: ${ArtifactoryVersion} - tlsSecretName: artifactory-nginx-tls - nodeSelector: - partition: artifactory-primary - service: - loadBalancerSourceRanges: [ "${AccessCIDR}" ] - artifactoryConf: | - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; - ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; - ssl_session_cache shared:SSL:1m; - ssl_prefer_server_ciphers on; - ## server configuration - server { - listen {{ .Values.nginx.internalPortHttps }} ssl; - listen {{ .Values.nginx.internalPortHttp }} ; - server_name ~(?.+).${CertificateDomain} ~(?.+).jfrog.team - {{- range .Values.ingress.hosts -}} - {{- if contains "." . -}} - {{ "" | indent 0 }} ~(?.+)\.{{ . }} - {{- end -}} - {{- end -}}; - if ($http_x_forwarded_proto = '') { - set $http_x_forwarded_proto $scheme; - } - ## Application specific logs - ## access_log /var/log/nginx/artifactory-access.log timing; - ## error_log /var/log/nginx/artifactory-error.log; - rewrite ^/$ /artifactory/webapp/ redirect; - rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; - rewrite ^/(v2)/(.*) /artifactory/$1/$2; - chunked_transfer_encoding on; - client_max_body_size 0; - location /artifactory/ { - proxy_read_timeout 2400; - proxy_pass_header Server; - proxy_cookie_path ~*^/.* /; - proxy_pass http://{{ include "artifactory-ha.fullname" . }}:{{ .Values.artifactory.externalPort }}/artifactory/; - proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - } - - { requests_memory: !FindInMap [DeploymentSize, !Ref ArtifactoryDeploymentSize, requestsMem], - requests_cpu: !FindInMap [DeploymentSize, !Ref ArtifactoryDeploymentSize, requestsCpu], - limits_memory: !FindInMap [DeploymentSize, !Ref ArtifactoryDeploymentSize, limitsMem ], - limits_cpu: !FindInMap [DeploymentSize, !Ref ArtifactoryDeploymentSize, limitsCpu ], - java_xms: !FindInMap [DeploymentSize, !Ref ArtifactoryDeploymentSize, javaOptsXms ], - java_xmx: !FindInMap [DeploymentSize, !Ref ArtifactoryDeploymentSize, javaOptsXmx ] } - IngressHostName: - DependsOn: ArtifactoryDeployment - Type: "Custom::KubeGet" - Version: '1.0' - Properties: - ServiceToken: !Ref KubeGetLambdaArn - KubeConfigPath: !Ref KubeConfigPath - KubeConfigKmsContext: !Ref KubeConfigKmsContext - Namespace: jfrog-artifactory - Name: svc/quickstart-artifactory-ha-nginx - JsonPath: '{.status.loadBalancer.ingress[0].hostname}' -Outputs: - ArtifactoryUrl: - Value: !Sub https://${IngressHostName} \ No newline at end of file diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-EKS/templates/jfrog-jcr6-eks-existing-vpc.template.yaml b/JFrogContainerRegistry/aws/CloudFormation-JCR-EKS/templates/jfrog-jcr6-eks-existing-vpc.template.yaml deleted file mode 100755 index d443802..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-EKS/templates/jfrog-jcr6-eks-existing-vpc.template.yaml +++ /dev/null @@ -1,663 +0,0 @@ -AWSTemplateFormatVersion: '2010-09-09' -Description: Deploys an EKS cluster with JFrog Artifactory into an existing VPC (qs-1q037efm3). -Metadata: - AWS::CloudFormation::Interface: - ParameterGroups: - - Label: - default: Security configuration - Parameters: - - KeyPairName - - AccessCIDR - - RemoteAccessCIDR - - AdditionalEKSAdminArns - - KubeConfigKmsContext - - Label: - default: Network configuration - Parameters: - - VPCID - - VPCCIDR - - PrivateSubnet1ID - - PrivateSubnet2ID - - PrivateSubnet3ID - - PublicSubnet1ID - - PublicSubnet2ID - - PublicSubnet3ID - - PrivateSubnet1CIDR - - PrivateSubnet2CIDR - - PrivateSubnet3CIDR - - Label: - default: Bastion configuration - Parameters: - - ProvisionBastionHost - - BastionInstanceType - - BastionOS - - BastionRootVolumeSize - - BastionEnableTCPForwarding - - BastionEnableX11Forwarding - - Label: - default: JFrog Artifactory configuration - Parameters: - - ArtifactoryVersion - - ArtifactoryDeploymentSize - - NumberOfSecondary - - SMLicensesName - - Certificate - - CertificateKey - - CertificateDomain - - MasterKey - - PrivateRepoUsername - - PrivateRepoApiKey - - Label: - default: Amazon RDS configuration - Parameters: - - DatabaseName - - DatabaseEngine - - DatabaseVersion - - DatabaseUser - - DatabasePassword - - DatabaseInstance - - DBAllocatedStorage - - MultiAZDatabase - - Label: - default: EC2/EKS configuration - Parameters: - - KubernetesVersion - - NodeInstanceType - - NumofSecondaryNodes - - NodeVolumeSize - - Label: - default: AWS Quick Start configuration - Parameters: - - QSS3BucketName - - QSS3KeyPrefix - - LambdaZipsBucketName - ParameterLabels: - KeyPairName: - default: SSH key name - AccessCIDR: - default: Permitted IP range - RemoteAccessCIDR: - default: Remote access CIDR - AdditionalEKSAdminArns: - default: Additional EKS admin ARNs - KubeConfigKmsContext: - default: Kubernetes config KMS context - VPCID: - default: VPC ID - VPCCIDR: - default: VPC CIDR - PublicSubnet1ID: - default: Public subnet 1 ID - PublicSubnet2ID: - default: Public subnet 2 ID - PublicSubnet3ID: - default: Public subnet 3 ID - PrivateSubnet1ID: - default: Private subnet 1 ID - PrivateSubnet2ID: - default: Private subnet 2 ID - PrivateSubnet3ID: - default: Private subnet 3 ID - PrivateSubnet1CIDR: - default: Private subnet 1 CIDR - PrivateSubnet2CIDR: - default: Private subnet 2 CIDR - PrivateSubnet3CIDR: - default: Private subnet 3 CIDR - ProvisionBastionHost: - default: Bastion instance - BastionInstanceType: - default: Bastion instance type - BastionRootVolumeSize: - default: Bastion root volume size - BastionEnableTCPForwarding: - default: Bastion enable TCP forwarding - BastionEnableX11Forwarding: - default: Bastion enable X11 forwarding - BastionOS: - default: Bastion operating system - ArtifactoryVersion: - default: Artifactory version - ArtifactoryDeploymentSize: - default: Artifactory deployment size - NumberOfSecondary: - default: Number of secondary pods - SMLicensesName: - default: Artifactory licenses secret name - Certificate: - default: Certificate - CertificateKey: - default: Certificate key - CertificateDomain: - default: Certificate domain - PrivateRepoUsername: - default: Username to include for private RPM repository - PrivateRepoApiKey: - default: Api Key for private RPM repository - MasterKey: - default: Master server key - DatabaseName: - default: Database name - DatabaseEngine: - default: Database engine - DatabaseVersion: - default: Database version - DatabaseUser: - default: Database user - DatabasePassword: - default: Database password - DatabaseInstance: - default: Database instance type - DBAllocatedStorage: - default: Database allocated storage - MultiAZDatabase: - default: High available database - NodeInstanceType: - default: Node instance type - NodeVolumeSize: - default: Node EBS volume size - NumofSecondaryNodes: - default: Number of secondary nodes - KubernetesVersion: - default: Kubernetes version - QSS3BucketName: - default: Quick Start S3 bucket name - QSS3KeyPrefix: - default: Quick Start S3 key prefix - LambdaZipsBucketName: - default: Lambda zips bucket name -Parameters: - KeyPairName: - Description: The name of an existing public/private key pair, which allows you - to securely connect to your instance after it launches. - Type: AWS::EC2::KeyPair::KeyName - AccessCIDR: - Description: The CIDR IP range that is permitted to access Artifactory. - We recommend that you set this value to a trusted IP range. - For example, you might want to grant only your corporate network access to the software. - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ - Type: String - RemoteAccessCIDR: - Description: - The remote CIDR range for allowing SSH into the Bastion instance. - We recommend that you set this value to a trusted IP range. - For example, you might want to grant specific ranges inside your corporate network SSH access. - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ - ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x - Type: String - AdditionalEKSAdminArns: - Description: '[OPTIONAL] The Amazon Resource Names (ARNs): a comma-separated list of IAM users and roles to be granted admin access to the EKS cluster.' - Default: "" - Type: CommaDelimitedList - KubeConfigKmsContext: - Description: String value used by KMS to encrypt/decrypt Kubernetes configuration file. - Default: "JFrogArtifactory" - Type: String - VPCID: - Description: The ID of your existing VPC for deployment (e.g., vpc-0343606e). - Type: AWS::EC2::VPC::Id - VPCCIDR: - Description: The CIDR block for the VPC. - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ - ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 - Default: 10.0.0.0/16 - Type: String - PublicSubnet1ID: - Description: The ID of the public subnet in Availability Zone 1 in your existing VPC (e.g., subnet-z0376dab). - Type: "AWS::EC2::Subnet::Id" - PublicSubnet2ID: - Description: The ID of the public subnet in Availability Zone 2 in your existing VPC (e.g., subnet-a29c3d84). - Type: "AWS::EC2::Subnet::Id" - PublicSubnet3ID: - Description: The ID of the public subnet in Availability Zone 3 in your existing VPC (e.g., subnet-a29c3d84). - Type: "AWS::EC2::Subnet::Id" - PrivateSubnet1ID: - Description: The ID of the private subnet in Availability Zone 1 in your existing VPC (e.g., subnet-a0246dcd). - Type: "AWS::EC2::Subnet::Id" - PrivateSubnet2ID: - Description: The ID of the private subnet in Availability Zone 2 in your existing VPC (e.g., subnet-b58c3d67). - Type: "AWS::EC2::Subnet::Id" - PrivateSubnet3ID: - Description: The ID of the private subnet in Availability Zone 3 in your existing VPC (e.g., subnet-b58c3d67). - Type: "AWS::EC2::Subnet::Id" - PrivateSubnet1CIDR: - Description: The CIDR of the private subnet in Availability Zone 1 in your existing VPC (e.g., 10.0.0.0/19). - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ - ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 - Default: 10.0.0.0/19 - Type: String - PrivateSubnet2CIDR: - Description: The CIDR of the private subnet in Availability Zone 2 in your existing VPC (e.g., 10.0.32.0/19). - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ - ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 - Default: 10.0.32.0/19 - Type: String - PrivateSubnet3CIDR: - Description: The CIDR block for private subnet 3 located in Availability Zone 3 in your existing VPC (e.g., 10.0.64.0/19). - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ - ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 - Default: 10.0.64.0/19 - Type: String - NodeInstanceType: - Description: The Amazon EC2 instance type for the nodes hosting the Kubernetes pods. - AllowedValues: - - m4.xlarge - - m4.2xlarge - - m4.4xlarge - - m4.10xlarge - ConstraintDescription: Must be a valid EC2 instance type - Default: m4.xlarge - Type: String - NodeVolumeSize: - Description: The size of EBS volumes for master node instances, in GB. - Default: 200 - Type: String - NumofSecondaryNodes: - Description: The initial number of secondary node instances to create. - If you do not have large enough instances to boot the number of secondary pods, the deployment will fail. - AllowedValues: - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - Default: 2 - Type: Number - KubernetesVersion: - Description: The Kubernetes control plane version. - AllowedValues: [ "1.13", "1.12", "1.11" ] - Default: "1.13" - Type: String - ProvisionBastionHost: - Description: Choose Disabled to skip creating a bastion instance. Due to the Artifactory nodes being - created in private subnets, the default setting of Enabled this is highly recommended. - AllowedValues: - - "Enabled" - - "Disabled" - Default: "Enabled" - Type: String - BastionInstanceType: - Description: The size of the bastion instances. - AllowedValues: - - t2.nano - - t2.micro - - t2.small - - t2.medium - - t2.large - - m3.large - - m3.xlarge - - m3.2xlarge - - m4.large - - m4.xlarge - - m4.2xlarge - - m4.4xlarge - Default: "t2.micro" - Type: String - BastionRootVolumeSize: - Description: The size of the root volume on the bastion instances. - Default: 10 - Type: Number - BastionEnableTCPForwarding: - Description: Choose whether to enable TCPForwarding via the bootstrapping of the bastion instance - or not. - AllowedValues: - - "true" - - "false" - Default: "true" - Type: String - BastionEnableX11Forwarding: - Description: Choose true to enable X11 via the bootstrapping of the bastion host. - Setting this value to true will enable X Windows over SSH. - X11 forwarding can be very useful but it is also a security risk, so we recommend - that you keep the default (false) setting unless required. - AllowedValues: - - "true" - - "false" - Default: "false" - Type: String - BastionOS: - Description: The Linux distribution for the Amazon Machine Image (AMI) to be used for the bastion instances. - AllowedValues: - - "Amazon-Linux-HVM" - - "CentOS-7-HVM" - - "Ubuntu-Server-14.04-LTS-HVM" - - "Ubuntu-Server-16.04-LTS-HVM" - - "SUSE-SLES-15-HVM" - Default: "Amazon-Linux-HVM" - Type: String - NumberOfSecondary: - Description: Number of secondary Artifactory pods to complete your HA deployment. - Minimum number of 2 to fit the Artifactory best practices. Do not select more than - you license for. - AllowedValues: - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - Default: 2 - Type: Number - ArtifactoryVersion: - Description: The version of Artifactory that you want to deploy into the Quick Start. - Please see the release notes to select the version you want to deploy. - https://www.jfrog.com/confluence/display/RTF/Release+Notes - #AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ - #ConstraintDescription: A version that matches X.X.X per Artifactory releases. - Default: 6.15.0 - Type: String - ArtifactoryDeploymentSize: - Description: Configuration settings implemented by the Helm chart. There are currently three supported sizes. - 'Large:' Memory request of 6 GiB, memory limit of 10GiB; CPU request of 4, CPU limit of 8; Java heap size minimum of 6 GB, maximum of 8 GB. - 'Medium:' Memory request of 4 GiB, memory limit of 8 GiB; CPU request of 2, CPU limit of 6; Java heap size minimum of 4 GB, maximum of 6 GB. - 'Small:' Memory request of 4 GiB, memory limit of 6 GiB; CPU request of 2, CPU limit of 4; Java heap size of 4 GB. - AllowedValues: - - Small - - Medium - - Large - Default: Medium - Type: String - SMLicensesName: - Description: The secret name created in AWS Secrets Manager which contains the Artifactory licenses. - Type: String - Certificate: - Description: The certificate file to be used to terminate SSL. - AllowedPattern: ^(-----BEGIN CERTIFICATE-----)\n(.*?\n)+(-----END CERTIFICATE-----)$ - ConstraintDescription: A Certificate that begins with "-----BEGIN CERTIFICATE----- " and ends with "-----END CERTIFICATE----- " - Type: String - CertificateKey: - Description: The private key for the certificate. - AllowedPattern: ^(-----BEGIN [A-Za-z ]+ KEY-----)\n(.*?\n)+(-----END [A-Za-z ]+ KEY-----)$ - ConstraintDescription: A Private key that begins with "-----BEGIN PRIVATE KEY-----" and ends with "-----END PRIVATE KEY-----" - NoEcho: 'true' - Type: String - CertificateDomain: - Description: The domain matching that of the certificate. Ensure that it matches your certificate. - AllowedPattern: ^[A-Za-z0-9]+[.A-Za-z0-9]+[A-Za-z0-9]$ - ConstraintDescription: The domain must not start or end with a '.' - Type: String - PrivateRepoUsername: - Description: Username to include for private RPM repository - NoEcho: 'true' - Type: String - PrivateRepoApiKey: - Description: Api Key for private RPM repository - NoEcho: 'true' - Type: String - MasterKey: - Description: The master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'. - AllowedPattern: ^[a-zA-Z0-9]+$ - MinLength: '1' - MaxLength: '64' - ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters. - NoEcho: 'true' - Type: String - DatabaseName: - Description: The name for your DB instance. The name must be unique across all DB instances - owned by your AWS account in the current AWS Region. The DB instance identifier is case-insensitive, - but is stored as all lowercase (as in "mydbinstance"). - AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ - MinLength: '1' - MaxLength: '60' - ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter. - Default: artdb - Type: String - DatabaseEngine: - Description: The database engine that you want to run, currently locked to MySQL. - AllowedValues: - - MySQL - Default: MySQL - Type: String - DatabaseVersion: - Description: The major version of the MySQL database engine you want to run. This is currently locked to MySQL versions - supported by Artifactory and RDS. - AllowedValues: - - 5.5 - - 5.6 - - 5.7 - Default: 5.7 - Type: String - DatabaseUser: - Description: The login ID for the master user of your DB instance. - MinLength: '1' - MaxLength: '16' - AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ - ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter - Default: artifactory - Type: String - DatabasePassword: - Description: The password for the Artifactory database user. - AllowedPattern: ^[^ \\']+$ - MinLength: '8' - MaxLength: '12' - ConstraintDescription: Must be at least 8 and no more than - 12 characters containing letters and (minimum 1 capital letter), numbers and - symbols. - NoEcho: 'true' - Type: String - DatabaseInstance: - Description: The size of the database to be deployed as part of the Quick Start. - AllowedValues: - - db.t3.medium - - db.m3.medium - - db.m3.large - - db.m3.xlarge - - db.m3.2xlarge - - db.m4.large - - db.m4.xlarge - - db.m4.2xlarge - - db.m4.10xlarge - - db.m4.16xlarge - - db.m5.large - - db.m5.xlarge - - db.m5.2xlarge - - db.m5.4xlarge - - db.m5.12xlarge - - db.m5.24xlarge - ConstraintDescription: Must be a valid database Instance Type. - Default: db.t3.medium - Type: String - DBAllocatedStorage: - Description: The size in GB of the available storage for the database instance. - MinValue: 5 - MaxValue: 1024 - Default: 10 - Type: Number - MultiAZDatabase: - Description: Choose false to create an Amazon RDS instance in a single Availability Zone. - ConstraintDescription: True or False - AllowedValues: - - "true" - - "false" - Default: "true" - Type: String - QSS3BucketName: - AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ - ConstraintDescription: - Quick Start bucket name can include numbers, lowercase - letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen - (-). - Default: aws-quickstart - Description: - S3 bucket name for the Quick Start assets. This string can include - numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start - or end with a hyphen (-). - Type: String - QSS3KeyPrefix: - AllowedPattern: ^[0-9a-zA-Z-/]*$ - ConstraintDescription: - Quick Start key prefix can include numbers, lowercase letters, - uppercase letters, hyphens (-), and forward slash (/). - Default: quickstart-jfrog-artifactory/ - Description: - S3 key prefix for the Quick Start assets. Quick Start key prefix - can include numbers, lowercase letters, uppercase letters, hyphens (-), and - forward slash (/). - Type: String - LambdaZipsBucketName: - Description: '[OPTIONAL] The name of the S3 bucket where the Lambda .zip - files should be placed. If you leave this parameter blank, an S3 bucket will be created.' - Default: '' - Type: String -Rules: - EKSSupport: - Assertions: - - AssertDescription: Your AWS Region does *NOT* yet support Amazon EKS - Assert: !Contains - - - us-west-2 - - us-east-1 - - us-east-2 - - eu-west-1 - - eu-west-2 - - eu-west-3 - - eu-north-1 - - eu-central-1 - - ap-southeast-1 - - ap-southeast-2 - - ap-northeast-1 - - ap-northeast-2 - - ap-south-1 - - !Ref 'AWS::Region' -Resources: - EKSStack: - Type: AWS::CloudFormation::Stack - Properties: - TemplateURL: !Sub "https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-amazon-eks/templates/amazon-eks.template.yaml" - Parameters: - KeyPairName: !Ref KeyPairName - RemoteAccessCIDR: !Ref RemoteAccessCIDR - AdditionalEKSAdminArns: !Join [ ",", !Ref AdditionalEKSAdminArns ] - VPCID: !Ref VPCID - PrivateSubnet1ID: !Ref PrivateSubnet1ID - PrivateSubnet2ID: !Ref PrivateSubnet2ID - PrivateSubnet3ID: !Ref PrivateSubnet3ID - PublicSubnet1ID: !Ref PublicSubnet1ID - PublicSubnet2ID: !Ref PublicSubnet2ID - PublicSubnet3ID: !Ref PublicSubnet3ID - KubernetesVersion: !Ref KubernetesVersion - NodeInstanceType: !Ref NodeInstanceType - NumberOfNodes: '1' # 1 for the Artifactory master? - NodeGroupName: "artifactory-primary" - NodeVolumeSize: !Ref NodeVolumeSize - KubeConfigKmsContext: !Ref KubeConfigKmsContext - BootstrapArguments: "--kubelet-extra-args '--node-labels=partition=artifactory-primary'" - ProvisionBastionHost: !Ref ProvisionBastionHost - BastionInstanceType: !Ref BastionInstanceType - BastionOS: !Ref BastionOS - BastionRootVolumeSize: !Ref BastionRootVolumeSize - BastionEnableTCPForwarding: !Ref BastionEnableTCPForwarding - BastionEnableX11Forwarding: !Ref BastionEnableX11Forwarding - QSS3BucketName: !Ref QSS3BucketName - QSS3KeyPrefix: !Sub "${QSS3KeyPrefix}submodules/quickstart-amazon-eks/" - LambdaZipsBucketName: !Ref LambdaZipsBucketName - ArtifactorySecondaryNodesStack: - Type: "AWS::CloudFormation::Stack" - Properties: - TemplateURL: !Sub 'https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-amazon-eks/templates/amazon-eks-nodegroup.template.yaml' - Parameters: - KeyPairName: !Ref KeyPairName - PrivateSubnet1ID: !Ref PrivateSubnet1ID - PrivateSubnet2ID: !Ref PrivateSubnet2ID - PrivateSubnet3ID: !Ref PrivateSubnet3ID - VPCID: !Ref VPCID - NodeInstanceType: !Ref NodeInstanceType - NumberOfNodes: !Ref NumofSecondaryNodes - NodeGroupName: "artifactory-secondary" - NodeVolumeSize: !Ref NodeVolumeSize - EKSControlPlane: !GetAtt EKSStack.Outputs.EKSClusterName - ControlPlaneSecurityGroup: !GetAtt EKSStack.Outputs.ControlPlaneSecurityGroup - NodeInstanceProfile: !GetAtt EKSStack.Outputs.NodeInstanceProfile - NodeInstanceRoleName: !GetAtt EKSStack.Outputs.NodeInstanceRoleName - KubernetesVersion: !Ref KubernetesVersion - BootstrapArguments: "--kubelet-extra-args '--node-labels=partition=artifactory-secondary'" - # Allow the bastion host to SSH into the secondary node pools - BastionToRegularIngress: - Type: "AWS::EC2::SecurityGroupIngress" - Properties: - Description: Allow SSH from Bastion server to Regular Nodes - GroupId: !GetAtt ArtifactorySecondaryNodesStack.Outputs.EKSNodeSecurityGroup - SourceSecurityGroupId: !GetAtt EKSStack.Outputs.BastionSecurityGroup - IpProtocol: tcp - ToPort: 22 - FromPort: 22 - # Allow the secondary node pools to bidirectionally communicate with "initial" (master) nodes - RegularToMasterIngress: - Type: AWS::EC2::SecurityGroupIngress - Properties: - Description: Allows regular nodes to communicate with master nodes - GroupId: !GetAtt EKSStack.Outputs.NodeGroupSecurityGroup - SourceSecurityGroupId: !GetAtt ArtifactorySecondaryNodesStack.Outputs.EKSNodeSecurityGroup - IpProtocol: '-1' - FromPort: 0 - ToPort: 65535 - MasterToRegularIngress: - Type: AWS::EC2::SecurityGroupIngress - Properties: - Description: Allows master nodes to communicate with regular agent nodes - GroupId: !GetAtt ArtifactorySecondaryNodesStack.Outputs.EKSNodeSecurityGroup - SourceSecurityGroupId: !GetAtt EKSStack.Outputs.NodeGroupSecurityGroup - IpProtocol: '-1' - FromPort: 0 - ToPort: 65535 - ArtifactoryCoreInfraStack: - Type: AWS::CloudFormation::Stack - Properties: - TemplateURL: !Sub "https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/jfrog-artifactory-core-infrastructure.template.yaml" - Parameters: - VPCID: !Ref VPCID - VPCCIDR: !Ref VPCCIDR - PrivateSubnet1CIDR: !Ref PrivateSubnet1CIDR - PrivateSubnet2CIDR: !Ref PrivateSubnet2CIDR - PrivateSubnet3CIDR: !Ref PrivateSubnet3CIDR - SubnetIds: !Join [ ",", [ !Ref PrivateSubnet1ID, !Ref PrivateSubnet2ID, !Ref PrivateSubnet3ID ]] - DBAllocatedStorage: !Ref DBAllocatedStorage - MultiAZDatabase: !Ref MultiAZDatabase - DatabaseEngine: !Ref DatabaseEngine - DatabaseVersion: !Ref DatabaseVersion - DatabaseUser: !Ref DatabaseUser - DatabasePassword: !Ref DatabasePassword - DatabaseInstance: !Ref DatabaseInstance - DatabaseName: !Ref DatabaseName - ArtifactoryCoreStack: - DependsOn: ArtifactorySecondaryNodesStack - Type: AWS::CloudFormation::Stack - Properties: - TemplateURL: !Sub "https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/jfrog-jcr6-eks-core-workload.template.yaml" - Parameters: - KubeManifestLambdaArn: !GetAtt EKSStack.Outputs.KubeManifestLambdaArn - HelmLambdaArn: !GetAtt EKSStack.Outputs.HelmLambdaArn - KubeConfigPath: !GetAtt EKSStack.Outputs.KubeConfigPath - KubeConfigKmsContext: !Ref KubeConfigKmsContext - KubeGetLambdaArn: !GetAtt EKSStack.Outputs.KubeGetLambdaArn - NumberOfSecondary: !Ref NumberOfSecondary - AccessCIDR: !Ref AccessCIDR - ArtifactoryLicense1: !Sub '{{resolve:secretsmanager:${SMLicensesName}:SecretString:ArtifactoryLicense1}}' - ArtifactoryLicense2: !Sub '{{resolve:secretsmanager:${SMLicensesName}:SecretString:ArtifactoryLicense2}}' - ArtifactoryLicense3: !Sub '{{resolve:secretsmanager:${SMLicensesName}:SecretString:ArtifactoryLicense3}}' - ArtifactoryLicense4: !Sub '{{resolve:secretsmanager:${SMLicensesName}:SecretString:ArtifactoryLicense4}}' - CertificateKey: !Ref CertificateKey - Certificate: !Ref Certificate - CertificateDomain: !Ref CertificateDomain - PrivateRepoUsername: !Ref PrivateRepoUsername - PrivateRepoApiKey: !Ref PrivateRepoApiKey - ArtifactoryIAMAcessKey: !GetAtt ArtifactoryCoreInfraStack.Outputs.IAMAcessKey - SecretAccessKey: !GetAtt ArtifactoryCoreInfraStack.Outputs.SecretAccessKey - ArtifactoryS3Bucket: !GetAtt ArtifactoryCoreInfraStack.Outputs.S3Bucket - ArtifactoryDBEndpointAddress: !GetAtt ArtifactoryCoreInfraStack.Outputs.ArtifactoryDBEndpointAddress - DatabaseName: !Ref DatabaseName - DatabaseUser: !Ref DatabaseUser - DatabasePassword: !Ref DatabasePassword - MasterKey: !Ref MasterKey - ArtifactoryVersion: !Ref ArtifactoryVersion - ArtifactoryDeploymentSize: !Ref ArtifactoryDeploymentSize -Outputs: - ArtifactoryUrl: - Value: !GetAtt ArtifactoryCoreStack.Outputs.ArtifactoryUrl - Description: Public Artifactory URL - BastionIP: - Value: !GetAtt EKSStack.Outputs.BastionIP - Description: Bastion host IP, for admin access via SSH - KubeConfigPath: - Value: !GetAtt EKSStack.Outputs.KubeConfigPath - Description: (Advanced) Amazon S3 bucket containing encrypted Kubernetes config which can be used to access the Kubernetes API. diff --git a/JFrogContainerRegistry/aws/CloudFormation-JCR-EKS/templates/jfrog-jcr6-eks-master.template.yaml b/JFrogContainerRegistry/aws/CloudFormation-JCR-EKS/templates/jfrog-jcr6-eks-master.template.yaml deleted file mode 100755 index 03034e0..0000000 --- a/JFrogContainerRegistry/aws/CloudFormation-JCR-EKS/templates/jfrog-jcr6-eks-master.template.yaml +++ /dev/null @@ -1,598 +0,0 @@ -AWSTemplateFormatVersion: '2010-09-09' -Description: 'JFrog Artifactory Quick Start Deployment' -Metadata: - AWS::CloudFormation::Interface: - ParameterGroups: - - Label: - default: Security configuration - Parameters: - - KeyPairName - - AccessCIDR - - RemoteAccessCIDR - - AdditionalEKSAdminArns - - KubeConfigKmsContext - - Label: - default: Network configuration - Parameters: - - AvailabilityZones - - VPCCIDR - - PrivateSubnet1CIDR - - PrivateSubnet2CIDR - - PrivateSubnet3CIDR - - PublicSubnet1CIDR - - PublicSubnet2CIDR - - PublicSubnet3CIDR - - Label: - default: Bastion configuration - Parameters: - - ProvisionBastionHost - - BastionInstanceType - - BastionOS - - BastionRootVolumeSize - - BastionEnableTCPForwarding - - BastionEnableX11Forwarding - - Label: - default: JFrog Artifactory configuration - Parameters: - - ArtifactoryVersion - - ArtifactoryDeploymentSize - - NumberOfSecondary - - SMLicensesName - - Certificate - - CertificateKey - - CertificateDomain - - MasterKey - - PrivateRepoUsername - - PrivateRepoApiKey - - Label: - default: Amazon RDS configuration - Parameters: - - DatabaseName - - DatabaseEngine - - DatabaseVersion - - DatabaseUser - - DatabasePassword - - DatabaseInstance - - DBAllocatedStorage - - MultiAZDatabase - - Label: - default: EC2/EKS configuration - Parameters: - - NodeInstanceType - - NodeVolumeSize - - NumofSecondaryNodes - - KubernetesVersion - - Label: - default: AWS Quick Start configuration - Parameters: - - QSS3BucketName - - QSS3KeyPrefix - - LambdaZipsBucketName - ParameterLabels: - KeyPairName: - default: SSH key name - AccessCIDR: - default: Permitted IP range - RemoteAccessCIDR: - default: Remote access CIDR - AdditionalEKSAdminArns: - default: Additional EKS admin ARNs - KubeConfigKmsContext: - default: Kubernetes config KMS context - AvailabilityZones: - default: Availability Zones - VPCCIDR: - default: VPC CIDR - PrivateSubnet1CIDR: - default: Private subnet 1 CIDR - PrivateSubnet2CIDR: - default: Private subnet 2 CIDR - PrivateSubnet3CIDR: - default: Private subnet 3 CIDR - PublicSubnet1CIDR: - default: Public subnet 1 CIDR - PublicSubnet2CIDR: - default: Public subnet 2 CIDR - PublicSubnet3CIDR: - default: Public subnet 3 CIDR - ProvisionBastionHost: - default: Bastion instance - BastionInstanceType: - default: Bastion instance type - BastionRootVolumeSize: - default: Bastion root volume size - BastionEnableTCPForwarding: - default: Bastion enable TCP forwarding - BastionEnableX11Forwarding: - default: Bastion enable X11 forwarding - BastionOS: - default: Bastion operating system - NumberOfSecondary: - default: Number of secondary pods - ArtifactoryVersion: - default: Artifactory version - ArtifactoryDeploymentSize: - default: Artifactory deployment size - SMLicensesName: - default: Artifactory licenses secret name - Certificate: - default: Certificate - CertificateKey: - default: Certificate key - CertificateDomain: - default: Certificate domain - PrivateRepoUsername: - default: Username to include for private RPM repository - PrivateRepoApiKey: - default: Api Key for private RPM repository - MasterKey: - default: Master server key - DatabaseName: - default: Database name - DatabaseEngine: - default: Database engine - DatabaseVersion: - default: Database version - DatabaseUser: - default: Database user - DatabasePassword: - default: Database password - DatabaseInstance: - default: Database instance type - DBAllocatedStorage: - default: Database allocated storage - MultiAZDatabase: - default: High available database - NodeInstanceType: - default: Node instance type - NodeVolumeSize: - default: Node EBS volume size - NumofSecondaryNodes: - default: Number of secondary nodes - KubernetesVersion: - default: Kubernetes version - QSS3BucketName: - default: Quick Start S3 bucket name - QSS3KeyPrefix: - default: Quick Start S3 key prefix - LambdaZipsBucketName: - default: Lambda zips bucket name -Parameters: - KeyPairName: - Description: The name of an existing public/private key pair, which allows you - to securely connect to your instance after it launches. - Type: AWS::EC2::KeyPair::KeyName - AccessCIDR: - Description: The CIDR IP range that is permitted to access Artifactory. - We recommend that you set this value to a trusted IP range. - For example, you might want to grant only your corporate network access to the software. - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ - Type: String - RemoteAccessCIDR: - Description: - The remote CIDR range for allowing SSH into the Bastion instance. - We recommend that you set this value to a trusted IP range. - For example, you might want to grant specific ranges inside your corporate network SSH access. - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ - ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x - Type: String - AdditionalEKSAdminArns: - Description: '[OPTIONAL] The Amazon Resource Names (ARNs): a comma-separated list of IAM users and roles to be granted admin access to the EKS cluster.' - Default: "" - Type: CommaDelimitedList - KubeConfigKmsContext: - Description: String value used by KMS to encrypt/decrypt Kubernetes configuration file. - Default: "JFrogArtifactory" - Type: String - AvailabilityZones: - Description: - The list of Availability Zones to use for the subnets in the VPC. Three - Availability Zones are used for this deployment, and the logical order of your - selections is preserved. - Type: List - VPCCIDR: - Description: The CIDR block for the VPC. - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ - ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 - Default: 10.0.0.0/16 - Type: String - PrivateSubnet1CIDR: - Description: The CIDR block for private subnet 1 located in Availability Zone 1. - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ - ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 - Default: 10.0.0.0/19 - Type: String - PrivateSubnet2CIDR: - Description: The CIDR block for private subnet 2 located in Availability Zone 2. - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ - ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 - Default: 10.0.32.0/19 - Type: String - PrivateSubnet3CIDR: - Description: The CIDR block for private subnet 3 located in Availability Zone 3. - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ - ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 - Default: 10.0.64.0/19 - Type: String - PublicSubnet1CIDR: - Description: - The CIDR block for the public (DMZ) subnet 1 located in Availability Zone 1. - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ - ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 - Default: 10.0.128.0/20 - Type: String - PublicSubnet2CIDR: - Description: - The CIDR block for the public (DMZ) subnet 2 located in Availability Zone 2. - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ - ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 - Default: 10.0.144.0/20 - Type: String - PublicSubnet3CIDR: - Description: The CIDR block for the public (DMZ) subnet 3 located in Availability Zone 3. - AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ - ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 - Default: 10.0.160.0/20 - Type: String - NodeInstanceType: - Description: The Amazon EC2 instance type for the nodes hosting the Kubernetes pods. - AllowedValues: - - m4.xlarge - - m4.2xlarge - - m4.4xlarge - - m4.10xlarge - ConstraintDescription: Must be a valid EC2 instance type. - Default: m4.xlarge - Type: String - NodeVolumeSize: - Description: The size of EBS volumes for master node instances, in GB. - Default: 200 - Type: String - NumofSecondaryNodes: - Description: The initial number of secondary node instances to create. - If you do not have large enough instances to boot the number of secondary pods, the deployment will fail. - AllowedValues: - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - Default: 2 - Type: Number - KubernetesVersion: - Description: The Kubernetes control plane version. - AllowedValues: [ "1.13", "1.12", "1.11" ] - Default: "1.13" - Type: String - ProvisionBastionHost: - Description: Choose Disabled to skip creating a bastion instance. Due to the Artifactory nodes being - created in private subnets, the default setting of Enabled this is highly recommended. - AllowedValues: - - "Enabled" - - "Disabled" - Default: "Enabled" - Type: String - BastionInstanceType: - Description: The size of the bastion instances. - AllowedValues: - - t2.nano - - t2.micro - - t2.small - - t2.medium - - t2.large - - m3.large - - m3.xlarge - - m3.2xlarge - - m4.large - - m4.xlarge - - m4.2xlarge - - m4.4xlarge - Default: "t2.micro" - Type: String - BastionRootVolumeSize: - Description: The size of the root volume on the bastion instances. - Default: 10 - Type: Number - BastionEnableTCPForwarding: - Description: Choose whether to enable TCPForwarding via the bootstrapping of the bastion instance - or not. - AllowedValues: - - "true" - - "false" - Default: "true" - Type: String - BastionEnableX11Forwarding: - Description: Choose true to enable X11 via the bootstrapping of the bastion host. - Setting this value to true will enable X Windows over SSH. - X11 forwarding can be very useful but it is also a security risk, so we recommend - that you keep the default (false) setting unless required. - AllowedValues: - - "true" - - "false" - Default: "false" - Type: String - BastionOS: - Description: The Linux distribution for the Amazon Machine Image (AMI) to be used for the bastion instances. - AllowedValues: - - "Amazon-Linux-HVM" - - "CentOS-7-HVM" - - "Ubuntu-Server-14.04-LTS-HVM" - - "Ubuntu-Server-16.04-LTS-HVM" - - "SUSE-SLES-15-HVM" - Default: "Amazon-Linux-HVM" - Type: String - NumberOfSecondary: - Description: Number of secondary Artifactory pods to complete your HA deployment. - Minimum number of 2 to fit the Artifactory best practices. Do not select more than - you license for. - AllowedValues: - - 2 - - 3 - - 4 - - 5 - - 6 - - 7 - Default: 2 - Type: Number - ArtifactoryVersion: - Description: The version of Artifactory that you want to deploy into the Quick Start. - Please see the release notes to select the version you want to deploy. - https://www.jfrog.com/confluence/display/RTF/Release+Notes - #AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$ - #ConstraintDescription: A version that matches X.X.X per Artifactory releases. - Default: 6.15.0 - Type: String - ArtifactoryDeploymentSize: - Description: Configuration settings implemented by the Helm chart. There are currently three supported sizes. - 'Large:' Memory request of 6 GiB, memory limit of 10GiB; CPU request of 4, CPU limit of 8; Java heap size minimum of 6 GB, maximum of 8 GB. - 'Medium:' Memory request of 4 GiB, memory limit of 8 GiB; CPU request of 2, CPU limit of 6; Java heap size minimum of 4 GB, maximum of 6 GB. - 'Small:' Memory request of 4 GiB, memory limit of 6 GiB; CPU request of 2, CPU limit of 4; Java heap size of 4 GB. - AllowedValues: - - Small - - Medium - - Large - Default: Medium - Type: String - SMLicensesName: - Description: The secret name created in AWS Secrets Manager which contains the Artifactory licenses. - Type: String - Certificate: - Description: The certificate file to be used to terminate SSL. - AllowedPattern: ^(-----BEGIN CERTIFICATE-----)\n(.*?\n)+(-----END CERTIFICATE-----)$ - ConstraintDescription: A Certificate that begins with "-----BEGIN CERTIFICATE----- " and ends with "-----END CERTIFICATE----- " - Type: String - CertificateKey: - Description: The private key for the certificate. - AllowedPattern: ^(-----BEGIN [A-Za-z ]+ KEY-----)\n(.*?\n)+(-----END [A-Za-z ]+ KEY-----)$ - ConstraintDescription: A Private key that begins with "-----BEGIN PRIVATE KEY-----" and ends with "-----END PRIVATE KEY-----" - NoEcho: 'true' - Type: String - CertificateDomain: - Description: The domain matching that of the certificate. Ensure that it matches your certificate. - AllowedPattern: ^[A-Za-z0-9]+[.A-Za-z0-9]+[A-Za-z0-9]$ - ConstraintDescription: The domain must not start or end with a '.' - Type: String - PrivateRepoUsername: - Description: Username to include for private RPM repository - NoEcho: 'true' - Type: String - PrivateRepoApiKey: - Description: Api Key for private RPM repository - NoEcho: 'true' - Type: String - MasterKey: - Description: The master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'. - AllowedPattern: ^[a-zA-Z0-9]+$ - MinLength: '1' - MaxLength: '64' - ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters. - NoEcho: 'true' - Type: String - DatabaseName: - Description: The name for your DB instance. The name must be unique across all DB instances - owned by your AWS account in the current AWS Region. The DB instance identifier is case-insensitive, - but is stored as all lowercase (as in "mydbinstance"). - AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ - MinLength: '1' - MaxLength: '60' - ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter. - Default: artdb - Type: String - DatabaseEngine: - Description: The database engine that you want to run, currently locked to MySQL. - AllowedValues: - - MySQL - Default: MySQL - Type: String - DatabaseVersion: - Description: The major version of the MySQL database engine you want to run. This is currently locked to MySQL versions - supported by Artifactory and RDS. - AllowedValues: - - 5.5 - - 5.6 - - 5.7 - Default: 5.7 - Type: String - DatabaseUser: - Description: The login ID for the master user of your DB instance. - MinLength: '1' - MaxLength: '16' - AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$ - ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter - Default: artifactory - Type: String - DatabasePassword: - Description: The password for the Artifactory database user. - AllowedPattern: ^[^ \\']+$ - MinLength: '8' - MaxLength: '12' - ConstraintDescription: Must be at least 8 and no more than - 12 characters containing letters and (minimum 1 capital letter), numbers and - symbols. - NoEcho: 'true' - Type: String - DatabaseInstance: - Description: The size of the database to be deployed as part of the Quick Start. - AllowedValues: - - db.t3.medium - - db.m3.medium - - db.m3.large - - db.m3.xlarge - - db.m3.2xlarge - - db.m4.large - - db.m4.xlarge - - db.m4.2xlarge - - db.m4.10xlarge - - db.m4.16xlarge - - db.m5.large - - db.m5.xlarge - - db.m5.2xlarge - - db.m5.4xlarge - - db.m5.12xlarge - - db.m5.24xlarge - ConstraintDescription: Must be a valid database Instance Type. - Default: db.t3.medium - Type: String - DBAllocatedStorage: - Description: The size in GB of the available storage for the database instance. - MinValue: 5 - MaxValue: 1024 - Default: 10 - Type: Number - MultiAZDatabase: - Description: Choose false to create an Amazon RDS instance in a single Availability Zone. - ConstraintDescription: True or False - AllowedValues: - - "true" - - "false" - Default: "true" - Type: String - QSS3BucketName: - AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ - ConstraintDescription: - Quick Start bucket name can include numbers, lowercase - letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen - (-). - Default: aws-quickstart - Description: - S3 bucket name for the Quick Start assets. This string can include - numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start - or end with a hyphen (-). - Type: String - QSS3KeyPrefix: - AllowedPattern: ^[0-9a-zA-Z-/]*$ - ConstraintDescription: - Quick Start key prefix can include numbers, lowercase letters, - uppercase letters, hyphens (-), and forward slash (/). - Default: quickstart-jfrog-artifactory/ - Description: - S3 key prefix for the Quick Start assets. Quick Start key prefix - can include numbers, lowercase letters, uppercase letters, hyphens (-), and - forward slash (/). - Type: String - LambdaZipsBucketName: - Description: '[OPTIONAL] The name of the S3 bucket where the Lambda .zip - files should be placed. If you leave this parameter blank, an S3 bucket will be created.' - Type: String - Default: '' -Rules: - EKSSupport: - Assertions: - - AssertDescription: Your AWS Region does *NOT* yet support Amazon EKS - Assert: !Contains - - - us-west-2 - - us-east-1 - - us-east-2 - - eu-west-1 - - eu-west-2 - - eu-west-3 - - eu-north-1 - - eu-central-1 - - ap-southeast-1 - - ap-southeast-2 - - ap-northeast-1 - - ap-northeast-2 - - ap-south-1 - - !Ref 'AWS::Region' - -Resources: - VPCStack: - Type: AWS::CloudFormation::Stack - Properties: - TemplateURL: !Sub https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template - Parameters: - KeyPairName: !Ref KeyPairName - AvailabilityZones: !Join [",", !Ref AvailabilityZones] - NumberOfAZs: '3' - VPCCIDR: !Ref VPCCIDR - PrivateSubnet1ACIDR: !Ref 'PrivateSubnet1CIDR' - PrivateSubnet2ACIDR: !Ref 'PrivateSubnet2CIDR' - PrivateSubnet3ACIDR: !Ref 'PrivateSubnet3CIDR' - PrivateSubnetATag2: "kubernetes.io/role/internal-elb=" - PublicSubnet1CIDR: !Ref 'PublicSubnet1CIDR' - PublicSubnet2CIDR: !Ref 'PublicSubnet2CIDR' - PublicSubnet3CIDR: !Ref 'PublicSubnet3CIDR' - PublicSubnetTag2: "kubernetes.io/role/elb=" - ArtifactoryEKSExistingVPCStack: - Type: AWS::CloudFormation::Stack - Properties: - TemplateURL: !Sub 'https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/jfrog-jcr6-eks-existing-vpc.template.yaml' - Parameters: - KeyPairName: !Ref KeyPairName - AccessCIDR: !Ref AccessCIDR - RemoteAccessCIDR: !Ref RemoteAccessCIDR - AdditionalEKSAdminArns: !Join [ ",", !Ref AdditionalEKSAdminArns ] - KubeConfigKmsContext: !Ref KubeConfigKmsContext - VPCID: !GetAtt VPCStack.Outputs.VPCID - VPCCIDR: !Ref VPCCIDR - PrivateSubnet1ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet1AID' - PrivateSubnet2ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet2AID' - PrivateSubnet3ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet3AID' - PublicSubnet1ID: !GetAtt 'VPCStack.Outputs.PublicSubnet1ID' - PublicSubnet2ID: !GetAtt 'VPCStack.Outputs.PublicSubnet2ID' - PublicSubnet3ID: !GetAtt 'VPCStack.Outputs.PublicSubnet3ID' - PrivateSubnet1CIDR: !Ref PrivateSubnet1CIDR - PrivateSubnet2CIDR: !Ref PrivateSubnet2CIDR - ProvisionBastionHost: !Ref ProvisionBastionHost - BastionInstanceType: !Ref BastionInstanceType - BastionOS: !Ref BastionOS - BastionRootVolumeSize: !Ref BastionRootVolumeSize - BastionEnableTCPForwarding: !Ref BastionEnableTCPForwarding - BastionEnableX11Forwarding: !Ref BastionEnableX11Forwarding - ArtifactoryVersion: !Ref ArtifactoryVersion - ArtifactoryDeploymentSize: !Ref ArtifactoryDeploymentSize - NumberOfSecondary: !Ref NumberOfSecondary - SMLicensesName: !Ref SMLicensesName - Certificate: !Ref Certificate - CertificateKey: !Ref CertificateKey - CertificateDomain: !Ref CertificateDomain - PrivateRepoUsername: !Ref PrivateRepoUsername - PrivateRepoApiKey: !Ref PrivateRepoApiKey - MasterKey: !Ref MasterKey - DatabaseName: !Ref DatabaseName - DatabaseEngine: !Ref DatabaseEngine - DatabaseVersion: !Ref DatabaseVersion - DatabaseUser: !Ref DatabaseUser - DatabasePassword: !Ref DatabasePassword - DatabaseInstance: !Ref DatabaseInstance - DBAllocatedStorage: !Ref DBAllocatedStorage - MultiAZDatabase: !Ref MultiAZDatabase - KubernetesVersion: !Ref KubernetesVersion - NodeInstanceType: !Ref NodeInstanceType - NodeVolumeSize: !Ref NodeVolumeSize - NumofSecondaryNodes: !Ref NumofSecondaryNodes - QSS3BucketName: !Ref QSS3BucketName - QSS3KeyPrefix: !Ref QSS3KeyPrefix - LambdaZipsBucketName: !Ref LambdaZipsBucketName - -Outputs: - ArtifactoryUrl: - Value: !GetAtt ArtifactoryEKSExistingVPCStack.Outputs.ArtifactoryUrl - Description: Public Artifactory URL - BastionIP: - Value: !GetAtt ArtifactoryEKSExistingVPCStack.Outputs.BastionIP - Description: Bastion host IP, for admin access via SSH - KubeConfigPath: - Value: !GetAtt ArtifactoryEKSExistingVPCStack.Outputs.KubeConfigPath - Description: (Advanced) Amazon S3 bucket containing encrypted Kubernetes config which can be used to access the Kubernetes API. diff --git a/README.md b/README.md index dba9f2b..7bd8bf3 100644 --- a/README.md +++ b/README.md @@ -4,4 +4,5 @@ Template to deploy/manage JFrog Artifactory enterprise cluster on various cloud * [Terraform](Terraform/README.md) * [CloudFormation](CloudFormation/README.md) -* [Azure Resource Manager](AzureResourceManager/README.md) \ No newline at end of file +* [Azure Resource Manager](AzureResourceManager/README.md) +* [Ansible](Ansible/README.md) \ No newline at end of file diff --git a/Terraform/README.md b/Terraform/README.md index e5d31cd..6e00a45 100644 --- a/Terraform/README.md +++ b/Terraform/README.md @@ -1,4 +1,5 @@ # Terraform Template For Artifactory Enterprise +*Note: This Terraform template is no longer maintained. Feel free to review this code for your own POC concepts, but we are not continuing to update it or add features. We do plan to revive this in the future with a better implementation.* ### Prerequisites: * An AWS account diff --git a/Terraform/userdata.sh b/Terraform/userdata.sh index f417754..3699a2c 100644 --- a/Terraform/userdata.sh +++ b/Terraform/userdata.sh @@ -178,7 +178,7 @@ cat </var/opt/jfrog/artifactory/etc/info/installer-info.json "productId": "Terraform_artifactory-ha/1.0.0", "features": [ { - "featureId": "MySql/5.5" + "featureId": "Partner/ACC-007450" } ] } diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..f0524a4 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,10 @@ +[defaults] +# Installs collections into [current dir]/ansible_collections/namespace/collection_name +collections_paths = ~/.ansible/collections:/usr/share/ansible/collections:collection + +# Installs roles into [current dir]/roles/namespace.rolename +roles_path = Ansible/collection/jfrog/ansible/roles + +host_key_checking = false + +deprecation_warnings=False \ No newline at end of file