Added offline mode for xray. Added option to configure pg_hba.conf.

2026-01-21 11:06:56 -06:00 · 2020-09-27 10:53:12 -07:00
parent cd8e0debde b3413d6266
commit f4b9f13ea0
111 changed files with 9069 additions and 599 deletions
--- a/Ansible/ansible_collections/jfrog/installers/roles/artifactory/README.md
+++ b/Ansible/ansible_collections/jfrog/installers/roles/artifactory/README.md
@@ -12,7 +12,7 @@ The artifactory role installs the Artifactory Pro software onto the host. Per th
 * _db_user_: The database user to configure. eg. "artifactory"
 * _db_password_: The database password to configure. "Art1fact0ry"
 * _server_name_: This is the server name. eg. "artifactory.54.175.51.178.xip.io"
-* _system_file_: Your own [system YAML](https://www.jfrog.com/confluence/display/JFROG/System+YAML+Configuration+File) file can be specified and used. **If specified, this file will be used rather than constructing a file from the parameters above.**
+* _artifactory_system_yaml_: Your own [system YAML](https://www.jfrog.com/confluence/display/JFROG/System+YAML+Configuration+File) file can be specified and used. **If specified, this file will be used rather than constructing a file from the parameters above.**
 * _binary_store_file_: Your own [binary store file](https://www.jfrog.com/confluence/display/JFROG/Configuring+the+Filestore) can be used. If specified, the default cluster-file-system will not be used.
 * _artifactory_upgrade_only_: Perform an software upgrade only. Default is false.

@@ -24,6 +24,8 @@ The artifactory role installs the Artifactory Pro software onto the host. Per th
 ### secondary vars (vars used by the secondary Artifactory server)
 * _artifactory_is_primary_: For the secondary node(s) this must be set to **false**.

+Additional variables can be found in [defaults/main.yml](./defaults/main.yml).
+
 ## Example Playbook
 ```
 ---
--- a/Ansible/ansible_collections/jfrog/installers/roles/artifactory/defaults/main.yml
+++ b/Ansible/ansible_collections/jfrog/installers/roles/artifactory/defaults/main.yml
@@ -4,7 +4,7 @@
 ansible_marketplace: standalone

 # The version of Artifactory to install
-artifactory_version: 7.6.1
+artifactory_version: 7.7.8

 # licenses file - specify a licenses file or specify up to 5 licenses
 artifactory_license1:
@@ -29,7 +29,7 @@ artifactory_file_store_dir: /data
 artifactory_flavour: pro

 extra_java_opts: -server -Xms2g -Xmx14g -Xss256k -XX:+UseG1GC
-
+artifactory_system_yaml_template: system.yaml.j2
 artifactory_tar: https://dl.bintray.com/jfrog/artifactory-pro/org/artifactory/pro/jfrog-artifactory-pro/{{ artifactory_version }}/jfrog-artifactory-pro-{{ artifactory_version }}-linux.tar.gz
 artifactory_home: "{{ jfrog_home_directory }}/artifactory"
 artifactory_untar_home: "{{ jfrog_home_directory }}/artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}"
--- a/Ansible/ansible_collections/jfrog/installers/roles/artifactory/tasks/install.yml
+++ b/Ansible/ansible_collections/jfrog/installers/roles/artifactory/tasks/install.yml
@@ -25,6 +25,19 @@
    state: directory
  become: yes

+- name: Local Copy artifactory
+  unarchive:
+    src: "{{ local_artifactory_tar }}"
+    dest: "{{ jfrog_home_directory }}"
+    owner: "{{ artifactory_user }}"
+    group: "{{ artifactory_group }}"
+    creates: "{{ artifactory_untar_home }}"
+  become: yes
+  when: local_artifactory_tar is defined
+  register: downloadartifactory
+  until: downloadartifactory is succeeded
+  retries: 3
+
 - name: download artifactory
  unarchive:
    src: "{{ artifactory_tar }}"
@@ -34,6 +47,7 @@
    group: "{{ artifactory_group }}"
    creates: "{{ artifactory_untar_home }}"
  become: yes
+  when: artifactory_tar is defined
  register: downloadartifactory
  until: downloadartifactory is succeeded
  retries: 3
@@ -50,6 +64,12 @@
    group: "{{ artifactory_group }}"
  become: yes

+- name: ensure ownership of data
+  file:
+    path: "{{ artifactory_home }}/var/data"
+    owner: "artifactory"
+    group: "artifactory"
+
 - name: ensure etc exists
  file:
    path: "{{ artifactory_home }}/var/etc"
@@ -60,17 +80,17 @@

 - name: use specified system yaml
  copy:
-    src: "{{ system_file }}"
+    src: "{{ artifactory_system_yaml }}"
    dest: "{{ artifactory_home }}/var/etc/system.yaml"
  become: yes
-  when: system_file is defined
+  when: artifactory_system_yaml is defined

- name: configure system yaml
+- name: configure system yaml template
  template:
-    src: system.yaml.j2
+    src: "{{ artifactory_system_yaml_template }}"
    dest: "{{ artifactory_home }}/var/etc/system.yaml"
  become: yes
-  when: system_file is not defined
+  when: artifactory_system_yaml is not defined

 - name: ensure {{ artifactory_home }}/var/etc/security/ exists
  file:
@@ -134,23 +154,34 @@
  become: yes
  when: artifactory_license_file is not defined and artifactory_is_primary == true

+- name: Copy local database driver
+  copy:
+    src: "{{ db_local_location }}"
+    dest: "{{ artifactory_home }}/var/bootstrap/artifactory/tomcat/lib"
+    owner: "{{ artifactory_user }}"
+    group: "{{ artifactory_group }}"
+  when: db_local_location is defined
+  become: yes
+  
 - name: download database driver
  get_url:
    url: "{{ db_download_url }}"
    dest: "{{ artifactory_home }}/var/bootstrap/artifactory/tomcat/lib"
    owner: "{{ artifactory_user }}"
    group: "{{ artifactory_group }}"
+  when: db_download_url is defined
  become: yes

 - name: create artifactory service
  shell: "{{ artifactory_home }}/app/bin/installService.sh"
  become: yes

- name: ensure ownership of var/data
+- name: Ensure permissions are correct
  file:
-    path: "{{ artifactory_home }}/var/data"
-    owner: "artifactory"
-    group: "artifactory"
+    path: "{{ artifactory_home }}"
+    group: "{{ artifactory_group }}"
+    owner: "{{ artifactory_user }}"
+    recurse: yes
  become: yes

 - name: start and enable the primary node
--- a/Ansible/ansible_collections/jfrog/installers/roles/artifactory_nginx/tasks/main.yml
+++ b/Ansible/ansible_collections/jfrog/installers/roles/artifactory_nginx/tasks/main.yml
@@ -1,16 +1,27 @@
 ---
- name: perform dependency installation
-  include_tasks: "{{ ansible_os_family }}.yml"
-
- name: install nginx
-  package:
-    name: nginx
-    state: present
-  register: package_res
-  retries: 5
-  delay: 60
-  become: yes
-  until: package_res is success
+- name: Nginx Install Block
+  block:
+    - name: install nginx
+      package:
+        name: nginx
+        state: present
+      register: package_res
+      retries: 5
+      delay: 60
+      become: yes
+      until: package_res is success
+  rescue:
+    - name: perform dependency installation
+      include_tasks: "{{ ansible_os_family }}.yml"
+    - name: install nginx
+      package:
+        name: nginx
+        state: present
+      register: package_res
+      retries: 5
+      delay: 60
+      become: yes
+      until: package_res is success

 - name: configure main nginx conf file.
  copy:
--- a/Ansible/ansible_collections/jfrog/installers/roles/postgres/README.md
+++ b/Ansible/ansible_collections/jfrog/installers/roles/postgres/README.md
@@ -5,6 +5,17 @@ The postgres role will install Postgresql software and configure a database and
 * _db_users_: This is a list of database users to create. eg. db_users: - { db_user: "artifactory", db_password: "Art1fAct0ry" }
 * _dbs_: This is the database to create. eg. dbs: - { db_name: "artifactory", db_owner: "artifactory" }

+By default, the [_pg_hba.conf_](https://www.postgresql.org/docs/9.1/auth-pg-hba-conf.html) client authentication file is configured for open access for development purposes through the _postgres_allowed_hosts_ variable:
+
+```
+postgres_allowed_hosts:
+  - { type: "host", database: "all", user: "all", address: "0.0.0.0/0", method: "trust"}
+```
+
+**THIS SHOULD NOT BE USED FOR PRODUCTION.**
+
+**Update this variable to only allow access from Artifactory and Xray.**
+
 ## Example Playbook
 ```
 ---
--- a/Ansible/ansible_collections/jfrog/installers/roles/postgres/defaults/main.yml
+++ b/Ansible/ansible_collections/jfrog/installers/roles/postgres/defaults/main.yml
@@ -82,3 +82,8 @@ postgres_server_auto_explain_log_min_duration: -1

 # Whether or not to use EXPLAIN ANALYZE.
 postgres_server_auto_explain_log_analyze: true
+
+# Sets the hosts that can access the database
+postgres_allowed_hosts:
+  - { type: "host", database: "all", user: "all", address: "0.0.0.0/0", method: "trust"}
+
--- a/Ansible/ansible_collections/jfrog/installers/roles/postgres/templates/pg_hba.conf.j2
+++ b/Ansible/ansible_collections/jfrog/installers/roles/postgres/templates/pg_hba.conf.j2
@@ -4,4 +4,8 @@ local   all             all                                     peer
 host    all             all             127.0.0.1/32            md5
 host    all             all             ::1/128                 md5
 ## remote connections IPv4
-host    all             all             0.0.0.0/0               trust
+{% if postgres_allowed_hosts and postgres_allowed_hosts is iterable %}
+    {% for host in postgres_allowed_hosts %}
+        {{ host.type | default('host') }}         {{ host.database | default('all') }}        {{ host.user | default('all') }}             {{ host.address | default('0.0.0.0/0') }}            {{ item.auth | default('trust') }}
+    {% endfor %}
+{% endif %}
--- a/Ansible/ansible_collections/jfrog/installers/roles/xray/README.md
+++ b/Ansible/ansible_collections/jfrog/installers/roles/xray/README.md
@@ -11,9 +11,10 @@ The xray role will install Xray software onto the host. An Artifactory server an
 * _db_url_: This is the database url. eg. "postgres://10.0.0.59:5432/xraydb?sslmode=disable"
 * _db_user_: The database user to configure. eg. "xray"
 * _db_password_: The database password to configure. "xray"
-* _system_file_: Your own [system YAML](https://www.jfrog.com/confluence/display/JFROG/System+YAML+Configuration+File) file can be specified and used. If specified, this file will be used rather than constructing a file from the parameters above.
+* _xray_system_yaml_: Your own [system YAML](https://www.jfrog.com/confluence/display/JFROG/System+YAML+Configuration+File) file can be specified and used. If specified, this file will be used rather than constructing a file from the parameters above.
 * _xray_upgrade_only_: Perform an software upgrade only. Default is false.

+Additional variables can be found in [defaults/main.yml](./defaults/main.yml).
 ## Example Playbook
 ```
 ---
--- a/Ansible/ansible_collections/jfrog/installers/roles/xray/defaults/main.yml
+++ b/Ansible/ansible_collections/jfrog/installers/roles/xray/defaults/main.yml
@@ -4,7 +4,7 @@
 ansible_marketplace: standalone

 # The version of xray to install
-xray_version: 3.5.2
+xray_version: 3.8.6

 # whether to enable HA
 xray_ha_enabled: true
@@ -24,4 +24,6 @@ xray_user: xray
 xray_group: xray

 # if this is an upgrade
-xray_upgrade_only: false
+xray_upgrade_only: false
+
+xray_system_yaml_template: system.yaml.j2
--- a/Ansible/ansible_collections/jfrog/installers/roles/xray/tasks/install.yml
+++ b/Ansible/ansible_collections/jfrog/installers/roles/xray/tasks/install.yml
@@ -52,11 +52,19 @@
    group: "{{ xray_group }}"
  become: yes

- name: configure system yaml
-  template:
-    src: system.yaml.j2
-    dest: "{{ xray_home }}/var/etc/system.yaml"
+- name: use specified system yaml
+  copy:
+    src: "{{ artifactory_system_yaml }}"
+    dest: "{{ artifactory_home }}/var/etc/system.yaml"
  become: yes
+  when: artifactory_system_yaml is defined
+
+- name: configure system yaml template
+  template:
+    src: "{{ artifactory_system_yaml_template }}"
+    dest: "{{ artifactory_home }}/var/etc/system.yaml"
+  become: yes
+  when: artifactory_system_yaml is not defined

 - name: ensure {{ xray_home }}/var/etc/security/ exists
  file: