zware/JFrog-Cloud-Installers
1
0
Fork 0
mirror of https://github.com/ZwareBear/JFrog-Cloud-Installers.git synced 2026-01-21 03:06:57 -06:00
Code Issues Packages Projects Releases Wiki Activity

upgraded to artifactory 7.21.5 and xray 3.27.2

Browse Source
This commit is contained in:
Vinay Aggarwal
2021-07-11 15:54:45 -07:00
parent 4ac8b06ce2
commit fbba8620f0
110 changed files with 2378 additions and 562 deletions
Download Patch File Download Diff File Expand all files Collapse all files

442
Amazon/artifactory7/v7215/templates/jfrog-artifactory-core-infrastructure.template.yaml Normal file
View File

@@ -0,0 +1,442 @@
AWSTemplateFormatVersion: '2010-09-09'
Description: 'JFrog Artifactory Quick Start Deployment (qs-1qpmmjh61)'
Metadata:
cfn-lint:
config:
ignore_checks:
- W9006
- W9002
- W9003
- W9004
Parameters:
# AvailabilityZones:
# Description: List of Availability Zones to use for the subnets in the VPC. Two
# Availability Zones are used for this deployment.
# Type: List<AWS::EC2::AvailabilityZone::Name>
VpcId:
Type: AWS::EC2::VPC::Id
VpcCidr:
Description: CIDR block for the VPC
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/16
Type: String
PrivateSubnet1Cidr:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/19
Type: String
PrivateSubnet2Cidr:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.32.0/19
Type: String
PrivateSubnet3Cidr:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.64.0/19
Type: String
SubnetIds:
Type: List<AWS::EC2::Subnet::Id>
DatabaseAllocatedStorage:
Type: Number
DatabasePreferredAz:
Type: String
MultiAzDatabase:
Description: Choose false to create an Amazon RDS instance in a single Availability Zone.
ConstraintDescription: True or False
AllowedValues:
- "true"
- "false"
Type: String
DatabaseUser:
Type: String
DatabasePassword:
NoEcho: 'true'
Type: String
DatabaseInstance:
Type: String
DatabaseName:
Type: String
InstanceType:
Default: m5.xlarge
Type: String
ArtifactoryHostRole:
Type: String
# VolumeSize:
# Type: Number
EfsSecurityGroup:
Type: String
Mappings:
DatabaseMap:
Postgres:
Name: postgresql
DatabaseVersion: 11.5
Driver: "org.postgresql.Driver"
Plugin: postgresql-42.2.9.jar
PluginURL: https://jdbc.postgresql.org/download/
port: "5432"
extraDatabaseOps: ""
JavaOptionstoInstance:
c5.2xlarge:
Min: 8
Max: 12
DeploymentSize: Small
c5.4xlarge:
Min: 16
Max: 24
DeploymentSize: Large
m5.large:
Min: 4
Max: 4
DeploymentSize: xxSmall
m5.xlarge:
Min: 8
Max: 12
DeploymentSize: xSmall
m5.2xlarge:
Min: 16
Max: 24
DeploymentSize: Small
m5.4xlarge:
Min: 32
Max: 48
DeploymentSize: Medium
m5.8xlarge:
Min: 64
Max: 96
DeploymentSize: Large
m5.12xlarge:
Min: 96
Max: 144
DeploymentSize: xLarge
m5.16xlarge:
Min: 128
Max: 192
DeploymentSize: xxLarge
m5.24xlarge:
Min: 192
Max: 288
DeploymentSize: xxxLarge
m5.metal:
Min: 192
Max: 288
DeploymentSize: xxxLarge
m5d.large:
Min: 4
Max: 4
DeploymentSize: xxSmall
m5d.xlarge:
Min: 8
Max: 12
DeploymentSize: xSmall
m5d.2xlarge:
Min: 16
Max: 24
DeploymentSize: Small
m5d.4xlarge:
Min: 32
Max: 48
DeploymentSize: Medium
m5d.8xlarge:
Min: 64
Max: 96
DeploymentSize: Large
m5d.12xlarge:
Min: 96
Max: 144
DeploymentSize: xLarge
m5d.16xlarge:
Min: 128
Max: 192
DeploymentSize: xxLarge
m5d.24xlarge:
Min: 192
Max: 288
DeploymentSize: xxxLarge
m5d.metal:
Min: 192
Max: 288
DeploymentSize: xxxLarge
m5a.large:
Min: 4
Max: 4
DeploymentSize: xxSmall
m5a.xlarge:
Min: 8
Max: 12
DeploymentSize: xSmall
m5a.2xlarge:
Min: 16
Max: 24
DeploymentSize: Small
m5a.4xlarge:
Min: 32
Max: 48
DeploymentSize: Medium
m5a.8xlarge:
Min: 64
Max: 96
DeploymentSize: Large
m5a.12xlarge:
Min: 96
Max: 144
DeploymentSize: xLarge
m5a.16xlarge:
Min: 128
Max: 192
DeploymentSize: xxLarge
m5a.24xlarge:
Min: 192
Max: 288
DeploymentSize: xxxLarge
Conditions:
IsMultiAzDatabase: !Equals [!Ref MultiAzDatabase, 'true']
Resources:
ArtifactoryDatabaseSubnetGroup:
Type: AWS::RDS::DBSubnetGroup
Properties:
DBSubnetGroupDescription: Private Subnets available to the RDS Instance(s)
SubnetIds: !Ref SubnetIds
ArtifactoryDatabase:
Type: AWS::RDS::DBInstance
Properties:
AllocatedStorage: !Ref DatabaseAllocatedStorage
AvailabilityZone: !If [IsMultiAzDatabase, !Ref AWS::NoValue, !Ref DatabasePreferredAz]
BackupRetentionPeriod: 30
DBInstanceClass: !Ref DatabaseInstance
DBName: !Ref DatabaseName
DBSubnetGroupName: !Ref ArtifactoryDatabaseSubnetGroup
Engine: "Postgres"
EngineVersion: !FindInMap
- DatabaseMap
- "Postgres"
- DatabaseVersion
MasterUsername: !Ref DatabaseUser
MasterUserPassword: !Ref DatabasePassword
MultiAZ: !Ref MultiAzDatabase
StorageEncrypted: true
VPCSecurityGroups:
- !Ref ArtifactoryDatabaseSG
ArtifactoryDatabaseSG:
Type: AWS::EC2::SecurityGroup
Properties:
Tags:
- Key: Name
Value: artifactory-rds-sg
GroupDescription: SG for RDS Instance to allow communication from the Bastion and Artifactory servers.
VpcId: !Ref VpcId
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: !Ref VpcCidr
- IpProtocol: tcp
FromPort: !FindInMap
- DatabaseMap
- "Postgres"
- port
ToPort: !FindInMap
- DatabaseMap
- "Postgres"
- port
CidrIp: !Ref PrivateSubnet1Cidr
- IpProtocol: tcp
FromPort: !FindInMap
- DatabaseMap
- "Postgres"
- port
ToPort: !FindInMap
- DatabaseMap
- "Postgres"
- port
CidrIp: !Ref PrivateSubnet2Cidr
- IpProtocol: tcp
FromPort: !FindInMap
- DatabaseMap
- "Postgres"
- port
ToPort: !FindInMap
- DatabaseMap
- "Postgres"
- port
CidrIp: !Ref PrivateSubnet3Cidr
SecurityGroupEgress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
ArtifactoryS3Bucket:
Type: AWS::S3::Bucket
Properties:
AccessControl: Private
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
ArtifactoryS3IAMPolicy:
Type: AWS::IAM::Policy
Metadata:
cfn-lint:
config:
ignore_checks:
- EIAMPolicyActionWildcard
ignore_reasons:
- EIAMPolicyWildcardResource: excluding for s3:Get*, s3:Put*, s3:List*
Properties:
PolicyName: S3BucketPermissions
PolicyDocument:
Version: 2012-10-17
Statement:
- Sid: S3BucketPermissions
Effect: Allow
Action:
- s3:AbortMultipartUpload
- s3:BypassGovernanceRetention
- s3:CreateAccessPoint
- s3:CreateAccessPointForObjectLambda
- s3:CreateBucket
- s3:CreateJob
- s3:DeleteAccessPoint
- s3:DeleteAccessPointForObjectLambda
- s3:DeleteAccessPointPolicy
- s3:DeleteAccessPointPolicyForObjectLambda
- s3:DeleteBucket
- s3:DeleteBucketOwnershipControls
- s3:DeleteBucketPolicy
- s3:DeleteBucketWebsite
- s3:DeleteJobTagging
- s3:DeleteObject
- s3:DeleteObjectTagging
- s3:DeleteObjectVersion
- s3:DeleteObjectVersionTagging
- s3:DeleteStorageLensConfiguration
- s3:DeleteStorageLensConfigurationTagging
- s3:DescribeJob
- s3:Get*
- s3:List*
- s3:ObjectOwnerOverrideToBucketOwner
- s3:Put*
- s3:ReplicateDelete
- s3:ReplicateObject
- s3:ReplicateTags
- s3:RestoreObject
- s3:UpdateJobPriority
- s3:UpdateJobStatus
Resource:
- Fn::Join:
- ''
- - !Sub "arn:${AWS::Partition}:s3:::"
- !Ref ArtifactoryS3Bucket
- Fn::Join:
- ''
- - !Sub "arn:${AWS::Partition}:s3:::"
- !Ref ArtifactoryS3Bucket
- "/*"
Roles:
- !Ref ArtifactoryHostRole
# ArtifactoryEbsVolume:
# Type: AWS::EC2::Volume
# Properties:
# AvailabilityZone:
# !If
# - IsMultiAzDatabase
# - !Select
# - '0'
# - !Ref AvailabilityZones
# - !Ref DatabasePreferredAz
# Encrypted: false
# Size: !Ref VolumeSize
# Tags:
# - Key: Name
# Value: !Sub "Artifactory-${AWS::StackName}"
# VolumeType: gp2
# DeletionPolicy: Snapshot
# UpdateReplacePolicy: Snapshot
ArtifactoryEfsFileSystem:
Type: AWS::EFS::FileSystem
Properties:
BackupPolicy:
Status: DISABLED
Encrypted: true
FileSystemTags:
- Key: Name
Value: !Sub "Artifactory-${AWS::StackName}"
PerformanceMode: generalPurpose
ThroughputMode: bursting
ArtifactoryEfsMountTarget1:
Type: AWS::EFS::MountTarget
Properties:
FileSystemId: !Ref ArtifactoryEfsFileSystem
SecurityGroups:
- !Ref EfsSecurityGroup
SubnetId: !Select ['0', !Ref SubnetIds]
ArtifactoryEfsMountTarget2:
Type: AWS::EFS::MountTarget
Properties:
FileSystemId: !Ref ArtifactoryEfsFileSystem
SecurityGroups:
- !Ref EfsSecurityGroup
SubnetId: !Select ['1', !Ref SubnetIds]
Outputs:
S3Bucket:
Value: !Ref ArtifactoryS3Bucket
Description: Actual S3 bucket created for Artifactory
DatabaseDriver:
Value: !FindInMap [DatabaseMap, "Postgres", Driver]
DatabasePlugin:
Value: !FindInMap [DatabaseMap, "Postgres", Plugin]
DatabasePluginUrl:
Value: !Sub
- "${MainURL}${PluginVersion}"
- {
MainURL: !FindInMap [DatabaseMap, "Postgres", PluginURL],
PluginVersion: !FindInMap [DatabaseMap, "Postgres", Plugin]
}
DatabaseType:
Value: !FindInMap [DatabaseMap, "Postgres", Name]
DatabaseUrl:
Value: !Sub
- "jdbc:${DatabaseType}://${ArtifactoryDatabaseEndpointAddress}:${port}/${DatabaseName}${extraDatabaseOps}"
- {
DatabaseType: !FindInMap [DatabaseMap, "Postgres", Name],
ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address,
port: !FindInMap [DatabaseMap, "Postgres", port],
extraDatabaseOps: !FindInMap [DatabaseMap, "Postgres", extraDatabaseOps],
}
XrayMasterDatabaseUrl:
Value: !Sub
- "${ArtifactoryDatabaseEndpointAddress}:${port}/${DatabaseName}?sslmode=disable"
- {
ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address,
port: !FindInMap [DatabaseMap, "Postgres", port],
}
XrayDatabaseUrl:
Value: !Sub
- "${ArtifactoryDatabaseEndpointAddress}:${port}/xraydb?sslmode=disable"
- {
ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address,
port: !FindInMap [DatabaseMap, "Postgres", port],
}
JavaOpts:
Value: !Sub
- "-Xms${min}g -Xmx${max}g"
- {
min: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, Min],
max: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, Max]
}
DeploymentSize:
Value: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, DeploymentSize]
ArtifactoryEfsFileSystem:
Value: !Ref ArtifactoryEfsFileSystem

1166
Amazon/artifactory7/v7215/templates/jfrog-artifactory-ec2-existing-vpc.template.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

466
Amazon/artifactory7/v7215/templates/jfrog-artifactory-ec2-instance.template.yaml Normal file
View File

@@ -0,0 +1,466 @@
AWSTemplateFormatVersion: "2010-09-09"
Description: "Artifactory: Deploys the EC2 Autoscaling, LaunchConfig and instances (qs-1qpmmjh5o)"
Metadata:
cfn-lint:
config:
ignore_checks:
- W9006
- W9002
- W9003
- W9004
- E9101
ignore_reasons:
- E9101: "'master' is part of the product naming conventions for now"
Parameters:
PrivateSubnetIds:
Type: List<AWS::EC2::Subnet::Id>
MinScalingNodes:
Type: Number
MaxScalingNodes:
Type: Number
DeploymentTag:
Type: String
HostRole:
Type: String
QsS3BucketName:
Type: String
QsS3KeyPrefix:
Type: String
QsS3Uri:
Type: String
ArtifactoryLicensesSecretName:
Type: String
ArtifactoryServerName:
Type: String
Certificate:
Type: String
CertificateKey:
Type: String
NoEcho: 'true'
CertificateDomain:
Type: String
EnableSSL:
Type: String
ArtifactoryS3Bucket:
Type: String
DatabaseUrl:
Type: String
DatabaseDriver:
Type: String
DatabasePluginUrl:
Type: String
DatabasePlugin:
Type: String
DatabaseType:
Type: String
DatabaseUser:
Type: String
DatabasePassword:
Type: String
NoEcho: 'true'
MasterKey:
Type: String
NoEcho: 'true'
ExtraJavaOptions:
Type: String
ArtifactoryVersion:
Type: String
KeyPairName:
Type: AWS::EC2::KeyPair::KeyName
TargetGroupARN:
Type: String
SSLTargetGroupARN:
Type: String
InternalTargetGroupARN:
Type: String
HostProfile:
Type: String
SecurityGroups:
Type: String
InstanceType:
Type: String
# PrimaryVolume:
# Type: String
# VolumeSize:
# Type: Number
ArtifactoryEfsFileSystem:
Type: String
# To populate additional mappings use following link
# https://raw.githubusercontent.com/aws-quickstart/quickstart-linux-bastion/master/templates/linux-bastion.template
Mappings:
AWSAMIRegionMap:
ap-northeast-1:
CentOS7HVM: "ami-06a46da680048c8ae"
ap-northeast-2:
CentOS7HVM: "ami-06e83aceba2cb0907"
ap-south-1:
CentOS7HVM: "ami-026f33d38b6410e30"
ap-southeast-1:
CentOS7HVM: "ami-07f65177cb990d65b"
ap-southeast-2:
CentOS7HVM: "ami-0b2045146eb00b617"
ca-central-1:
CentOS7HVM: "ami-04a25c39dc7a8aebb"
eu-central-1:
CentOS7HVM: "ami-0e8286b71b81c3cc1"
me-south-1:
CentOS7HVM: "ami-011c71a894b10f35b"
ap-east-1:
CentOS7HVM: "ami-0e5c29e6c87a9644f"
eu-north-1:
CentOS7HVM: "ami-05788af9005ef9a93"
eu-south-1:
CentOS7HVM: "ami-0a84267606bcea16b"
eu-west-1:
CentOS7HVM: "ami-0b850cf02cc00fdc8"
eu-west-2:
CentOS7HVM: "ami-09e5afc68eed60ef4"
eu-west-3:
CentOS7HVM: "ami-0cb72d2e599cffbf9"
sa-east-1:
CentOS7HVM: "ami-0b30f38d939dd4b54"
us-east-1:
CentOS7HVM: "ami-0affd4508a5d2481b"
us-east-2:
CentOS7HVM: "ami-01e36b7901e884a10"
us-west-1:
CentOS7HVM: "ami-098f55b4287a885ba"
us-west-2:
CentOS7HVM: "ami-0bc06212a56393ee1"
cn-north-1:
CentOS7HVM: "ami-0e02aaefeb74c3373"
cn-northwest-1:
CentOS7HVM: "ami-07183a7702633260b"
us-gov-east-1:
CentOS7HVM: "ami-00e30c71"
us-gov-west-1:
CentOS7HVM: "ami-bbba86da"
Resources:
ArtifactoryScalingGroup:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
LaunchConfigurationName: !Ref ArtifactoryLaunchConfiguration
VPCZoneIdentifier: !Ref PrivateSubnetIds
MinSize: !Ref MinScalingNodes
MaxSize: !Ref MaxScalingNodes
Cooldown: '300'
DesiredCapacity: !Ref MinScalingNodes
TargetGroupARNs:
- !Ref TargetGroupARN
- !Ref SSLTargetGroupARN
- !Ref InternalTargetGroupARN
HealthCheckType: ELB
HealthCheckGracePeriod: 1800
Tags:
- Key: Name
Value: !Ref DeploymentTag
PropagateAtLaunch: true
- Key: ArtifactoryVersion
Value: !Ref ArtifactoryVersion
PropagateAtLaunch: true
TerminationPolicies:
- OldestInstance
- Default
CreationPolicy:
ResourceSignal:
Count: !Ref MinScalingNodes
Timeout: PT60M
ArtifactoryLaunchConfiguration:
Type: AWS::AutoScaling::LaunchConfiguration
Metadata:
AWS::CloudFormation::Authentication:
S3AccessCreds:
type: S3
roleName:
- !Ref HostRole # !Ref ArtifactoryHostRole
buckets:
- !Ref QsS3BucketName
AWS::CloudFormation::Init:
configSets:
jfrog_ami_setup:
- "config-cloudwatch"
- "config-ansible-art-ami"
- "config-artifactory"
- "secure-artifactory"
artifactory_install:
- "config-cloudwatch"
- "config-artifactory"
- "secure-artifactory"
config-cloudwatch:
files:
/root/cloudwatch.conf:
content: |
[general]
state_file = /var/awslogs/state/agent-state
[/var/log/messages]
file = /var/log/messages
log_group_name = /artifactory/instances/{instance_id}
log_stream_name = /var/log/messages/
datetime_format = %b %d %H:%M:%S
[/var/log/amazon/efs]
file = /var/log/amazon/efs
log_group_name = /artifactory/instances/{instance_id}
log_stream_name = /var/log/amazon/efs/
datetime_format = %b %d %H:%M:%S
[/var/log/jfrog-ami-setup.log]
file = /var/log/messages
log_group_name = /artifactory/instances/{instance_id}
log_stream_name = /var/log/jfrog-ami-setup.log
datetime_format = %b %d %H:%M:%S
[/var/log/jfrog-ami-artifactory.log]
file = /var/log/messages
log_group_name = /artifactory/instances/{instance_id}
log_stream_name = /var/log/jfrog-ami-artifactory.log
datetime_format = %b %d %H:%M:%S
mode: "0400"
config-ansible-art-ami:
files:
/root/.jfrog_ami/jfrog-ami-setup.yml:
content: !Sub |
# Base install for JFrogAMIInstance
- import_playbook: artifactory-ami.yml
vars:
ami_creation: false
artifactory_ha_enabled: false
artifactory_tar: "https://releases.jfrog.io/artifactory/artifactory-pro/org/artifactory/pro/jfrog-artifactory-pro/${ArtifactoryVersion}/jfrog-artifactory-pro-${ArtifactoryVersion}-linux.tar.gz"
artifactory_version: ${ArtifactoryVersion}
db_download_url: "https://jdbc.postgresql.org/download/postgresql-42.2.12.jar"
db_type: "postgresql"
db_driver: "org.postgresql.Driver"
mode: "0400"
# config-artifactory-primary:
# files:
# /root/attach_volume.sh:
# content: !Sub |
# #!/usr/bin/env bash
# echo "Using primary volume ID ${PrimaryVolume}"
# VOLUME_ID="${PrimaryVolume}"
# echo "VOLUME_ID: $VOLUME_ID"
# if [[ -z "$VOLUME_ID" ]]; then
# echo 'Invalid $VOLUME_ID'
# exit 1
# fi
# # Get instance id from AWS
# INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
# # Attach the volume created by another CFT
# # the device name should become /dev/nvme1n1
# # See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html
# echo "Attaching volume $VOLUME_ID to instance $INSTANCE_ID"
# /var/awslogs/bin/aws ec2 attach-volume --volume-id $VOLUME_ID --instance-id $INSTANCE_ID --device /dev/xvdf --region ${AWS::Region}
# echo "Wait for volume $VOLUME_ID to attach"
# sleep 30 # Give volume time to attach
# lsblk # debug
# mode: "0770"
config-artifactory:
files:
/root/mount_efs.sh:
content: !Sub |
#!/usr/bin/env bash
ARTIFACTORY_HOME="/opt/jfrog/artifactory-pro-${ArtifactoryVersion}"
# Get instance id from AWS
INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
EFS_FILE_SYSTEM_ID="${ArtifactoryEfsFileSystem}"
EFS_MOUNT_POINT="/efsmount"
EFS_MOUNT_TARGET_DNS="$EFS_FILE_SYSTEM_ID.efs.${AWS::Region}.amazonaws.com"
echo "before mounting efs"
ls -l /
mkdir -p $EFS_MOUNT_POINT
mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport $EFS_MOUNT_TARGET_DNS:/ $EFS_MOUNT_POINT
chmod go+rw $EFS_MOUNT_POINT
echo "after mounting efs"
ls -l /
# mkdir -p $EFS_MOUNT_POINT/$INSTANCE_ID/var
# mkdir -p $ARTIFACTORY_HOME
# ln -s $EFS_MOUNT_POINT/$INSTANCE_ID/var $ARTIFACTORY_HOME
echo "before creating plugins folder"
echo ls -l $EFS_MOUNT_POINT
ls -l $EFS_MOUNT_POINT
mkdir -p $EFS_MOUNT_POINT/plugins
echo ls -l $ARTIFACTORY_HOME/var/etc/artifactory
ls -l $ARTIFACTORY_HOME/var/etc/artifactory
# mkdir -p $ARTIFACTORY_HOME/var/etc/artifactory
# ln -s $EFS_MOUNT_POINT/plugins $ARTIFACTORY_HOME/var/etc/artifactory
# echo ls -l $ARTIFACTORY_HOME/var/etc/artifactory
# ls -l $ARTIFACTORY_HOME/var/etc/artifactory
mode: "0770"
/root/.jfrog_ami/artifactory.yml:
content: !Sub |
# Base install for Artifactory
- import_playbook: site-artifactory.yml
vars:
artifactory_download_directory: "/opt/jfrog"
artifactory_home: "/opt/jfrog/artifactory-pro-${ArtifactoryVersion}"
artifactory_ha_enabled: true
artifactory_server_name: ${ArtifactoryServerName}
server_name: ${ArtifactoryServerName}.${CertificateDomain}
s3_region: ${AWS::Region}
s3_bucket: ${ArtifactoryS3Bucket}
certificate: ${Certificate}
certificate_key: ${CertificateKey}
certificate_domain: ${CertificateDomain}
enable_ssl: ${EnableSSL}
ssl_dir: /etc/pki/tls/certs
db_type: ${DatabaseType}
db_driver: ${DatabaseDriver}
db_url: ${DatabaseUrl}
db_user: ${DatabaseUser}
db_password: ${DatabasePassword}
master_key: ${MasterKey}
join_key: ${MasterKey}
extra_java_opts: ${ExtraJavaOptions}
artifactory_version: ${ArtifactoryVersion}
artifactory_keystore:
path: /opt/jfrog/artifactory/app/third-party/java/lib/security/cacerts
default_password: changeit
new_keystore_pass: ${DatabasePassword}
artifactory_java_db_drivers:
- name: ${DatabasePlugin}
url: ${DatabasePluginUrl}
owner: artifactory
group: artifactory
product_id: 'CloudFormation_SP_EC2/1.0.0'
mode: "0400"
/root/.vault_pass.txt:
content: !Sub |
${DatabasePassword}
mode: "0400"
/root/.secureit.sh:
content:
ansible-vault encrypt /root/.jfrog_ami/artifactory.yml --vault-id /root/.vault_pass.txt
mode: "0770"
secure-artifactory:
commands:
'secure ansible playbook':
command: '/root/.secureit.sh'
ignoreErrors: 'false'
Properties:
KeyName: !Ref KeyPairName
IamInstanceProfile: !Ref HostProfile
ImageId: !FindInMap
- AWSAMIRegionMap
- !Ref AWS::Region
- 'CentOS7HVM'
SecurityGroups:
- !Ref SecurityGroups
InstanceType: !Ref InstanceType
# BlockDeviceMappings:
# - DeviceName: /dev/xvda
# Ebs:
# VolumeSize: !Ref VolumeSize
# VolumeType: gp2
# DeleteOnTermination: true
# Encrypted: true
UserData:
Fn::Base64:
!Sub |
#!/bin/bash -x
#CFN Functions
function cfn_fail
{
cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource ArtifactoryScalingGroup
exit 1
}
function cfn_success
{
cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource ArtifactoryScalingGroup
exit 0
}
S3URI=${QsS3Uri}
# Update OS
yum update -y
# Install EPEL Repository
yum install -y epel-release
# Install git, jq, nfs-utils, policycoreutils python
yum install -y git jq nfs-utils policycoreutils-python
yum update --security -y 2>&1 | tee /var/log/userdata.yum_security_update.log
yum install -y python3 libselinux-python3
echo $PATH
PATH=/opt/aws/bin:$PATH
echo $PATH
# Create virtual env and activate
python3 -m venv ~/venv --system-site-packages
source ~/venv/bin/activate
pip install --upgrade pip
pip install wheel
# Install Cloudformation helper scripts
pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz 2>&1 | tee /var/log/userdata.aws_cfn_bootstrap_install.log
pip install awscli 2>&1 | tee /var/log/userdata.awscli_install.log
pip install ansible 2>&1 | tee /var/log/userdata.ansible_install.log
mkdir ~/.jfrog_ami
aws s3 --region ${AWS::Region} sync s3://${QsS3BucketName}/${QsS3KeyPrefix}cloudInstallerScripts/ ~/.jfrog_ami/ || cfn_fail
setsebool httpd_can_network_connect 1 -P
# CentOS cloned virtual machines do not create a new machine id
# https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/
rm -f /etc/machine-id
systemd-machine-id-setup
cfn-init -v --stack ${AWS::StackName} --resource ArtifactoryLaunchConfiguration --configsets jfrog_ami_setup --region ${AWS::Region} || cfn_fail
# Setup CloudWatch Agent
curl https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py -O
chmod +x ./awslogs-agent-setup.py
./awslogs-agent-setup.py -n -r ${AWS::Region} -c /root/cloudwatch.conf 2>&1 | tee /var/log/userdata.cloudwatch_agent_install.log
/root/mount_efs.sh 2>&1 | tee /var/log/jfrog-efs-mount.log || cfn_fail
#/root/attach_volume.sh || cfn_fail
ansible-galaxy collection install community.general ansible.posix
setsebool httpd_can_network_connect 1 -P
aws secretsmanager get-secret-value --secret-id ${ArtifactoryLicensesSecretName} --region ${AWS::Region} | jq -r '{"artifactory_licenses":(.SecretString | fromjson )}' > ~/.jfrog_ami/licenses.json || cfn_fail
ansible-playbook /root/.jfrog_ami/jfrog-ami-setup.yml --vault-id /root/.vault_pass.txt 2>&1 | tee /var/log/jfrog-ami-setup.log || cfn_fail
ansible-playbook /root/.jfrog_ami/artifactory.yml -e "@~/.jfrog_ami/licenses.json" --vault-id /root/.vault_pass.txt 2>&1 | tee /var/log/jfrog-ami-artifactory.log || cfn_fail
rm -rf /root/.secureit.sh
cfn_success &> /var/log/cfn_success.log
cfn_success || cfn_fail

590
Amazon/artifactory7/v7215/templates/jfrog-artifactory-ec2-main.template.yaml Normal file
View File

@@ -0,0 +1,590 @@
AWSTemplateFormatVersion: '2010-09-09'
Description: 'JFrog Artifactory Quick Start Deployment (qs-1qpmmjh2f)'
Metadata:
cfn-lint:
config:
ignore_checks:
- E9101
ignore_reasons:
- E9101: "'master' is part of the product naming conventions for now"
QuickStartDocumentation:
EntrypointName: "Parameters for launching into a new VPC"
Order: "1"
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: Security configuration
Parameters:
- KeyPairName
- AccessCidr
- RemoteAccessCidr
- Label:
default: Network configuration
Parameters:
- AvailabilityZones
- VpcCidr
- PrivateSubnet1Cidr
- PrivateSubnet2Cidr
- PublicSubnet1Cidr
- PublicSubnet2Cidr
- Label:
default: Bastion configuration
Parameters:
- ProvisionBastionHost
- BastionInstanceType
- BastionOs
- BastionRootVolumeSize
- BastionEnableTcpForwarding
- NumBastionHosts
- BastionEnableX11Forwarding
- Label:
default: Amazon EC2 configuration
Parameters:
- VolumeSize
- InstanceType
- Label:
default: JFrog Artifactory configuration
Parameters:
- ArtifactoryVersion
- NumberOfSecondary
- SmLicenseName
- SmCertName
- ArtifactoryServerName
- MasterKey
- ExtraJavaOptions
- DefaultJavaMemSettings
- Label:
default: Amazon RDS configuration
Parameters:
- DatabaseName
- DatabaseUser
- DatabasePassword
- DatabaseInstance
- DatabaseAllocatedStorage
- DatabasePreferredAz
- MultiAzDatabase
- Label:
default: AWS Quick Start configuration
Parameters:
- QsS3BucketName
- QsS3KeyPrefix
- QsS3BucketRegion
- Label:
default: JFrog Xray Configuration
Parameters:
- InstallXray
- XrayVersion
- XrayNumberOfSecondary
- XrayInstanceType
- XrayDatabaseUser
- XrayDatabasePassword
ParameterLabels:
AvailabilityZones:
default: Availability Zones
KeyPairName:
default: SSH key name
PrivateSubnet1Cidr:
default: Private subnet 1 CIDR
PrivateSubnet2Cidr:
default: Private subnet 2 CIDR
PublicSubnet1Cidr:
default: Public subnet 1 CIDR
PublicSubnet2Cidr:
default: Public subnet 2 CIDR
AccessCidr:
default: Permitted IP range
RemoteAccessCidr:
default: Remote access CIDR
VpcCidr:
default: VPC CIDR
ProvisionBastionHost:
default: Bastion instance
BastionInstanceType:
default: Bastion instance type
BastionRootVolumeSize:
default: Bastion root volume size
BastionEnableTcpForwarding:
default: Bastion enable TCP forwarding
BastionEnableX11Forwarding:
default: Bastion enable X11 forwarding
BastionOs:
default: Bastion operating system
NumBastionHosts:
default: Number of bastion instances
VolumeSize:
default: EBS root volume size
InstanceType:
default: EC2 instance type
NumberOfSecondary:
default: Secondary instances
ArtifactoryVersion:
default: Artifactory version
SmLicenseName:
default: Artifactory licenses secret name
SmCertName:
default: Artifactory certificate secret name
ArtifactoryServerName:
default: Artifactory server name
MasterKey:
default: Master server key
ExtraJavaOptions:
default: Extra Java options
DefaultJavaMemSettings:
default: Default Java memory settings
DatabaseName:
default: Database name
DatabaseUser:
default: Database user
DatabasePassword:
default: Database password
DatabaseInstance:
default: Database instance type
DatabaseAllocatedStorage:
default: Database allocated storage
DatabasePreferredAz:
default: Database preferred Availability Zone
MultiAzDatabase:
default: High-availability database
QsS3BucketName:
default: Quick Start S3 bucket name
QsS3KeyPrefix:
default: Quick Start S3 key prefix
QsS3BucketRegion:
default: Quick Start S3 bucket region
InstallXray:
default: Install JFrog Xray
XrayVersion:
default: Version of Xray to install
XrayNumberOfSecondary:
default: Number of JFrog Xray secondary instances
XrayInstanceType:
default: Xray instance type
XrayDatabaseUser:
default: Xray Database user
XrayDatabasePassword:
default: Xray Database password
Parameters:
VpcCidr:
Description: CIDR block for the VPC.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/16
Type: String
AvailabilityZones:
Description: List of Availability Zones to use for the subnets in the VPC. Two
Availability Zones are used for this deployment.
Type: List<AWS::EC2::AvailabilityZone::Name>
KeyPairName:
Description: Name of an existing key pair,
which allows you to connect securely to your instance after it launches.
This is the key pair you created in your preferred Region.
Type: AWS::EC2::KeyPair::KeyName
PrivateSubnet1Cidr:
Description: CIDR block for private subnet 1 located in Availability Zone 1.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/19
Type: String
PrivateSubnet2Cidr:
Description: CIDR block for private subnet 2 located in Availability Zone 2.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.32.0/19
Type: String
PublicSubnet1Cidr:
Description: CIDR block for the public (DMZ) subnet 1 located in Availability
Zone 1.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.128.0/20
Type: String
PublicSubnet2Cidr:
Description: CIDR block for the public (DMZ) subnet 2 located in Availability
Zone 2.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.144.0/20
Type: String
AccessCidr:
Description: CIDR IP range permitted to access Artifactory.
It is recommended that you set this value to a trusted IP range.
For example, you may want to limit software access to your corporate network.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
Type: String
RemoteAccessCidr:
Description: Remote CIDR range that allows you to connect to the bastion instance by using SSH.
It is recommended that you set this value to a trusted IP range.
For example, you may want to grant specific ranges from within your corporate network that use the SSH protocol.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
Type: String
ProvisionBastionHost:
Description: To skip creating a bastion instance, choose Disabled. Because Artifactory nodes are
created in private subnets, it's highly recommended to set this value to Enabled.
AllowedValues:
- "Enabled"
- "Disabled"
Default: "Enabled"
Type: String
BastionInstanceType:
Description: Size of the bastion instances.
AllowedValues:
- t3.nano
- t3.micro
- t3.small
- t3.medium
- t3.large
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
Default: "t3.micro"
Type: String
BastionRootVolumeSize:
Description: Size of the root volume in the bastion instances.
Default: 10
Type: Number
BastionEnableTcpForwarding:
Description: Choose whether to enable TCP forwarding via bootstrapping of the bastion
instance.
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
BastionEnableX11Forwarding:
Description: Choose true to enable X11 via bootstrapping of the bastion host.
Setting this value to true enables X Windows over SSH.
X11 forwarding can be useful, but it is also a security risk, so it's recommended
that you keep the default (false) setting.
AllowedValues:
- "true"
- "false"
Default: "false"
Type: String
BastionOs:
Description: Linux distribution for the Amazon Machine Image (AMI) to be used for the bastion instances.
AllowedValues:
- "Amazon-Linux2-HVM"
- "CentOS-7-HVM"
- "Ubuntu-Server-20.04-LTS-HVM"
- "SUSE-SLES-15-HVM"
Default: "Amazon-Linux2-HVM"
Type: String
NumBastionHosts:
Description: Number of bastion instances to create.
AllowedValues:
- '1'
- '2'
- '3'
- '4'
Default: '1'
Type: String
VolumeSize:
Description: Size in gigabytes of available storage (min 10GB). The Quick Start creates an
Amazon Elastic Block Store (Amazon EBS) volumes of this size.
Default: 200
Type: Number
InstanceType:
Description: EC2 instance type for the Artifactory instances.
AllowedValues:
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m5.metal
- m5d.large
- m5d.xlarge
- m5d.2xlarge
- m5d.4xlarge
- m5d.8xlarge
- m5d.12xlarge
- m5d.16xlarge
- m5d.24xlarge
- m5d.metal
- m5a.large
- m5a.xlarge
- m5a.2xlarge
- m5a.4xlarge
- m5a.8xlarge
- m5a.12xlarge
- m5a.16xlarge
- m5a.24xlarge
ConstraintDescription: Must contain valid instance type.
Default: m5.xlarge
Type: String
NumberOfSecondary:
Description: Number of secondary Artifactory servers to complete your
HA deployment. To align with Artifactory best practices, the minimum number
is two, and the maximum is seven. Do not select more instances than you
have licenses for.
AllowedValues:
- 0
- 1
- 2
- 3
- 4
- 5
- 6
- 7
Default: 2
Type: Number
ArtifactoryVersion:
Description: Version of Artifactory that you want to deploy into the Quick Start.
To select the correct version, see the release notes at
https://www.jfrog.com/confluence/display/RTF/Release+Notes.
Default: 7.21.5
Type: String
SmLicenseName:
Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses.
Default: ''
Type: String
SmCertName:
Description: Secret name created in AWS Secrets Manager, which contains the SSL certificate and certificate key.
Default: ''
Type: String
ArtifactoryServerName:
Description: Name of your Artifactory server. Ensure that this matches your certificate.
Type: String
MasterKey:
Description: Master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'.
AllowedPattern: ^[a-zA-Z0-9]+$
MinLength: '1'
MaxLength: '64'
ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters.
NoEcho: 'true'
Type: String
ExtraJavaOptions:
Description: Set Java options to pass to the JVM for Artifactory. For more information, see the Artifactory
system requirements at https://www.jfrog.com/confluence/display/RTF/System+Requirements#SystemRequirements-RecommendedHardware.
Do not add Xms or Xmx settings without disabling DefaultJavaMemSettings.
Default: -Xss256k -XX:+UseG1GC
Type: String
DefaultJavaMemSettings:
Description: Choose false to overwrite the standard memory-calculation options to pass to the Artifactory JVM.
If you plan to overwrite them, ensure they are added to the ExtraJavaOptions to prevent the stack provision from failing.
ConstraintDescription: True or False
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
DatabaseName:
Description: Name of your database instance. The name must be unique across all instances
owned by your AWS account in the current Region. The database instance identifier is case-insensitive,
but it's stored in lowercase (as in "mydbinstance").
AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$
MinLength: '1'
MaxLength: '60'
ConstraintDescription: 1 to 60 alphanumeric characters First character must be a letter.
Default: artdb
Type: String
DatabaseUser:
Description: Login ID for the master user of your database instance.
MinLength: '1'
MaxLength: '16'
AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$
ConstraintDescription: 1 to 16 alphanumeric characters. The first character must be a letter.
Default: artifactory
Type: String
DatabasePassword:
Description: Password for the Artifactory database user.
AllowedPattern: ^[^ \\'"]+$
MinLength: '8'
MaxLength: '20'
ConstraintDescription: Must be at least 8 and no more than 20 printable ASCII characters (letters, numbers and symbols.
Can't contain any of / (slash), '(single quote), "(double quote) and @ (at sign).
NoEcho: 'true'
Type: String
DatabaseInstance:
Description: Size of the database to be deployed as part of the Quick Start.
AllowedValues:
- db.m5.large
- db.m5.xlarge
- db.m5.2xlarge
- db.m5.4xlarge
- db.m5.8xlarge
- db.m5.12xlarge
- db.m5.16xlarge
- db.m5.24xlarge
ConstraintDescription: Must be a valid database Instance Type.
Default: db.m5.large
Type: String
DatabaseAllocatedStorage:
Description: Size in gigabytes of available storage for the database instance.
MinValue: 5
MaxValue: 1024
Default: 10
Type: Number
DatabasePreferredAz:
Description: Preferred availability zone for Amazon RDS primary instance
Type: String
Default: ''
MultiAzDatabase:
Description: Choose false to create an Amazon RDS instance in a single Availability Zone.
ConstraintDescription: True or False
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
QsS3BucketName:
Description: S3 bucket name for the Quick Start assets. This string can include
numbers, lowercase letters, and hyphens (-). It cannot start
or end with a hyphen (-).
AllowedPattern: ^[0-9a-z]+([0-9a-z-]*[0-9a-z])*$
ConstraintDescription: Quick Start bucket name can include numbers, lowercase
letters, and hyphens (-). It cannot start or end with a hyphen (-).
Default: jfrog-aws
Type: String
QsS3KeyPrefix:
Description: S3 key prefix for the Quick Start assets. Quick Start key prefix
can include numbers, lowercase letters, uppercase letters, hyphens (-), and
forward slash (/).
AllowedPattern: ^[0-9a-zA-Z-/]*$
ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters,
uppercase letters, hyphens (-), and forward slash (/).
Default: artifactory7/latest/
Type: String
QsS3BucketRegion:
Default: 'us-east-1'
Description: AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. If you use your own bucket, you must specify your own value.
Type: String
InstallXray:
Description: Choose true to install JFrog Xray instance(s).
ConstraintDescription: True or False
AllowedValues:
- "true"
- "false"
Default: "true"
Type: String
XrayVersion:
Description: The version of Xray that you want to deploy into the Quick Start.
Default: 3.27.2
Type: String
XrayNumberOfSecondary:
Description: The number of Xray secondary instances servers to complete your
HA deployment. The minimum number is zero; the maximum is six.
Do not select more than instances than you have licenses for.
MinValue: 0
MaxValue: 6
Default: 0
Type: Number
XrayInstanceType:
Description: The EC2 instance type for the Xray instances.
AllowedValues:
- c5.2xlarge
- c5.4xlarge
ConstraintDescription: Must contain valid instance type.
Default: c5.2xlarge
Type: String
XrayDatabaseUser:
Description: The login ID for the Xray database user.
MinLength: '1'
MaxLength: '16'
AllowedPattern: ^[a-zA-Z]([a-zA-Z0-9])+$
ConstraintDescription: 1 to 16 alphanumeric characters. First character must be a letter.
Default: xray
Type: String
XrayDatabasePassword:
Description: The password for the Xray database user.
AllowedPattern: ^[^ \\'"]+$
MinLength: '8'
MaxLength: '20'
ConstraintDescription: Must be at least 8 and no more than 20 printable ASCII characters (letters, numbers and symbols.
Can't contain any of / (slash), '(single quote), "(double quote) and @ (at sign).
NoEcho: 'true'
Type: String
Conditions:
UsingDefaultBucket: !Equals [!Ref QsS3BucketName, 'aws-quickstart']
Resources:
ArtifactoryVpcStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Sub
- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml
- S3Bucket: !If [UsingDefaultBucket, !Sub '${QsS3BucketName}-${AWS::Region}', !Ref 'QsS3BucketName']
S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref 'QsS3BucketRegion']
Parameters:
AvailabilityZones:
Fn::Join:
- ','
- Ref: AvailabilityZones
NumberOfAZs: '2'
PrivateSubnet1ACIDR:
Ref: PrivateSubnet1Cidr
PrivateSubnet2ACIDR:
Ref: PrivateSubnet2Cidr
PublicSubnet1CIDR:
Ref: PublicSubnet1Cidr
PublicSubnet2CIDR:
Ref: PublicSubnet2Cidr
VPCCIDR:
Ref: VpcCidr
ArtifactoryExistingVpcStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Sub
- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-ec2-existing-vpc.template.yaml
- S3Bucket: !If [UsingDefaultBucket, !Sub '${QsS3BucketName}-${AWS::Region}', !Ref 'QsS3BucketName']
S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref 'QsS3BucketRegion']
Parameters:
# AvailabilityZones:
# Fn::Join:
# - ','
# - Ref: AvailabilityZones
KeyPairName: !Ref KeyPairName
VpcId: !GetAtt ArtifactoryVpcStack.Outputs.VPCID
VpcCidr: !Ref VpcCidr
PublicSubnet1Id: !GetAtt ArtifactoryVpcStack.Outputs.PublicSubnet1ID
PublicSubnet2Id: !GetAtt ArtifactoryVpcStack.Outputs.PublicSubnet2ID
PrivateSubnet1Id: !GetAtt ArtifactoryVpcStack.Outputs.PrivateSubnet1AID
PrivateSubnet2Id: !GetAtt ArtifactoryVpcStack.Outputs.PrivateSubnet2AID
PrivateSubnet1Cidr: !Ref PrivateSubnet1Cidr
PrivateSubnet2Cidr: !Ref PrivateSubnet2Cidr
AccessCidr: !Ref AccessCidr
RemoteAccessCidr: !Ref RemoteAccessCidr
ProvisionBastionHost: !Ref ProvisionBastionHost
BastionInstanceType: !Ref BastionInstanceType
BastionRootVolumeSize: !Ref BastionRootVolumeSize
BastionEnableTcpForwarding: !Ref BastionEnableTcpForwarding
BastionEnableX11Forwarding: !Ref BastionEnableX11Forwarding
BastionOs: !Ref BastionOs
NumBastionHosts: !Ref NumBastionHosts
VolumeSize: !Ref VolumeSize
InstanceType: !Ref InstanceType
NumberOfSecondary: !Ref NumberOfSecondary
ArtifactoryVersion: !Ref ArtifactoryVersion
SmLicenseName: !Ref SmLicenseName
SmCertName: !Ref SmCertName
ArtifactoryServerName: !Ref ArtifactoryServerName
MasterKey: !Ref MasterKey
ExtraJavaOptions: !Ref ExtraJavaOptions
DefaultJavaMemSettings: !Ref DefaultJavaMemSettings
DatabaseName: !Ref DatabaseName
DatabaseUser: !Ref DatabaseUser
DatabasePassword: !Ref DatabasePassword
DatabaseInstance: !Ref DatabaseInstance
DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage
DatabasePreferredAz: !Ref DatabasePreferredAz
MultiAzDatabase: !Ref MultiAzDatabase
QsS3BucketName: !Ref QsS3BucketName
QsS3KeyPrefix: !Ref QsS3KeyPrefix
QsS3BucketRegion: !Ref QsS3BucketRegion
InstallXray: !Ref InstallXray
XrayVersion: !Ref XrayVersion
XrayNumberOfSecondary: !Ref XrayNumberOfSecondary
XrayInstanceType: !Ref XrayInstanceType
XrayDatabaseUser: !Ref XrayDatabaseUser
XrayDatabasePassword: !Ref XrayDatabasePassword
Outputs:
ArtifactoryUrl:
Description: URL of the ELB to access Artifactory
Value: !Sub ${ArtifactoryExistingVpcStack.Outputs.ArtifactoryUrl}
BastionIp:
Value: !Sub ${ArtifactoryExistingVpcStack.Outputs.BastionIp}
Description: Bastion host IP, for admin access via SSH

347
Amazon/artifactory7/v7215/templates/jfrog-artifactory-pro-ec2-existing-vpc-main.template.yaml Normal file
View File

@@ -0,0 +1,347 @@
AWSTemplateFormatVersion: '2010-09-09'
Description: 'JFrog Artifactory Quick Start Deployment into an Existing VPC (qs-1q037efj0)'
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: AWS Quick Start configuration
Parameters:
- QsS3BucketName
- QsS3KeyPrefix
- QsS3BucketRegion
- Label:
default: Essential configuration
Parameters:
- KeyPairName
- DatabasePassword
- Label:
default: Network configuration
Parameters:
- VpcId
- PublicSubnet1Id
- PublicSubnet2Id
- PrivateSubnet1Id
- PrivateSubnet2Id
- PrivateSubnet1Cidr
- PrivateSubnet2Cidr
- Label:
default: Security configuration
Parameters:
- AccessCidr
- RemoteAccessCidr
- Label:
default: Amazon EC2 configuration
Parameters:
- VolumeSize
- InstanceType
- Label:
default: JFrog Artifactory configuration
Parameters:
- ArtifactoryVersion
- SmLicenseName
- SmCertName
- ArtifactoryServerName
- MasterKey
- Label:
default: Amazon RDS configuration
Parameters:
- DatabaseInstance
- DatabaseAllocatedStorage
- DatabasePreferredAz
- Label:
default: JFrog Xray Configuration
Parameters:
- InstallXray
- XrayVersion
- XrayInstanceType
ParameterLabels:
QsS3BucketName:
default: Quick Start S3 bucket name
QsS3KeyPrefix:
default: Quick Start S3 key prefix
QsS3BucketRegion:
default: Quick Start S3 bucket region
KeyPairName:
default: SSH key name
VpcId:
default: VPC ID
PublicSubnet1Id:
default: Public subnet 1 ID
PublicSubnet2Id:
default: Public subnet 2 ID
PrivateSubnet1Id:
default: Private subnet 1 ID
PrivateSubnet2Id:
default: Private subnet 2 ID
PrivateSubnet1Cidr:
default: Private subnet 1 CIDR
PrivateSubnet2Cidr:
default: Private subnet 2 CIDR
AccessCidr:
default: Permitted IP range
RemoteAccessCidr:
default: Remote access CIDR
VolumeSize:
default: EBS root volume size
InstanceType:
default: EC2 instance type
ArtifactoryVersion:
default: Artifactory version
SmLicenseName:
default: Artifactory licenses secret name
SmCertName:
default: Artifactory certificate secret name
ArtifactoryServerName:
default: Artifactory server name
MasterKey:
default: Master server key
DatabasePassword:
default: Database password
DatabaseInstance:
default: Database instance type
DatabaseAllocatedStorage:
default: Database allocated storage
DatabasePreferredAz:
default: Database preferred Availability Zone
InstallXray:
default: Install JFrog Xray
XrayVersion:
default: Version of Xray to install
XrayInstanceType:
default: Xray instance type
Parameters:
QsS3BucketName:
Description: S3 bucket name for the Quick Start assets. This string can include
numbers, lowercase letters, and hyphens (-). It cannot start
or end with a hyphen (-).
AllowedPattern: ^[0-9a-z]+([0-9a-z-]*[0-9a-z])*$
ConstraintDescription: Quick Start bucket name can include numbers, lowercase
letters, and hyphens (-). It cannot start or end with a hyphen (-).
Default: jfrog-aws
Type: String
QsS3KeyPrefix:
Description: S3 key prefix for the Quick Start assets. Quick Start key prefix
can include numbers, lowercase letters, uppercase letters, hyphens (-), and
forward slash (/).
AllowedPattern: ^[0-9a-zA-Z-/]*$
ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters,
uppercase letters, hyphens (-), and forward slash (/).
Default: artifactory7/latest/
Type: String
QsS3BucketRegion:
Default: 'us-east-1'
Description: AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. If you use your own bucket, you must specify your own value.
Type: String
KeyPairName:
Description: Name of an existing key pair,
which allows you to connect securely to your instance after it launches.
This is the key pair you created in your preferred Region.
Type: AWS::EC2::KeyPair::KeyName
VpcId:
Description: ID of your existing VPC (e.g., vpc-0343606e).
Type: "AWS::EC2::VPC::Id"
PublicSubnet1Id:
Description: ID of the public subnet 1 in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab).
Type: "AWS::EC2::Subnet::Id"
PublicSubnet2Id:
Description: ID of the public subnet 2 in Availability Zone 1 of your existing VPC (e.g., subnet-z0376dab).
Type: "AWS::EC2::Subnet::Id"
PrivateSubnet1Id:
Description: ID of the private subnet 1 in Availability Zone 1 of your existing VPC (e.g., subnet-a29c3d84).
Type: "AWS::EC2::Subnet::Id"
PrivateSubnet2Id:
Description: ID of the private subnet 2 in Availability Zone 1 of your existing VPC (e.g., subnet-a29c3d84).
Type: "AWS::EC2::Subnet::Id"
PrivateSubnet1Cidr:
Description: CIDR of the private subnet 1 in Availability Zone 1 of your existing VPC (e.g., 10.0.0.0/19).
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/19
Type: String
PrivateSubnet2Cidr:
Description: CIDR of the private subnet 2 in Availability Zone 1 of your existing VPC (e.g., 10.0.0.0/19).
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.32.0/19
Type: String
AccessCidr:
Description: CIDR IP range that is permitted to access Artifactory.
We recommend that you set this value to a trusted IP range.
For example, you might want to grant only your corporate network access to the software.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
Default: 0.0.0.0/0
Type: String
RemoteAccessCidr:
Description: Remote CIDR range that allows you to connect to the bastion instance by using SSH.
It is recommended that you set this value to a trusted IP range.
For example, you may want to grant specific ranges from within your corporate network that use the SSH protocol.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
Type: String
VolumeSize:
Description: Size in gigabytes of the available storage (min 10GB); the Quick Start will create an
Amazon Elastic Block Store (Amazon EBS) volumes of this size.
Default: 100
Type: Number
InstanceType:
Description: EC2 type for the Artifactory instances.
AllowedValues:
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m5.metal
- m5d.large
- m5d.xlarge
- m5d.2xlarge
- m5d.4xlarge
- m5d.8xlarge
- m5d.12xlarge
- m5d.16xlarge
- m5d.24xlarge
- m5d.metal
- m5a.large
- m5a.xlarge
- m5a.2xlarge
- m5a.4xlarge
- m5a.8xlarge
- m5a.12xlarge
- m5a.16xlarge
- m5a.24xlarge
ConstraintDescription: Must contain valid instance type.
Default: m5.xlarge
Type: String
ArtifactoryVersion:
Description: Version of Artifactory that you want to deploy into the Quick Start.
To select the correct version, see the release notes at
https://www.jfrog.com/confluence/display/RTF/Release+Notes.
AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$
ConstraintDescription: A version that matches X.X.X per Artifactory releases.
Default: 7.21.5
Type: String
SmLicenseName:
Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses.
Default: ''
Type: String
SmCertName:
Description: Secret name created in AWS Secrets Manager, which contains the SSL certificate and certificate key.
Default: ''
Type: String
ArtifactoryServerName:
Description: Name of your Artifactory server. Ensure that this matches your certificate.
Default: 'artifactory'
Type: String
MasterKey:
Description: Master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'.
AllowedPattern: ^[a-zA-Z0-9]+$
MinLength: '1'
MaxLength: '64'
ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters.
NoEcho: 'true'
Default: 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF'
Type: String
DatabasePassword:
Description: Password for the Artifactory database user.
AllowedPattern: ^[^ \\'"]+$
MinLength: '8'
MaxLength: '20'
ConstraintDescription: Must be at least 8 and no more than 20 printable ASCII characters (letters, numbers and symbols.
Can't contain any of / (slash), '(single quote), "(double quote) and @ (at sign).
NoEcho: 'true'
Type: String
DatabaseInstance:
Description: Size of the database to be deployed as part of the Quick Start.
AllowedValues:
- db.m5.large
- db.m5.xlarge
- db.m5.2xlarge
- db.m5.4xlarge
- db.m5.8xlarge
- db.m5.12xlarge
- db.m5.16xlarge
- db.m5.24xlarge
ConstraintDescription: Must be a valid database Instance Type.
Default: db.m5.large
Type: String
DatabaseAllocatedStorage:
Description: Size in gigabytes of the available storage for the database instance.
MinValue: 5
MaxValue: 1024
Default: 10
Type: Number
DatabasePreferredAz:
Description: Preferred availability zone for Amazon RDS primary instance
Default: us-west-2a
Type: AWS::EC2::AvailabilityZone::Name
InstallXray:
Description: Choose true to install JFrog Xray instance(s).
ConstraintDescription: True or False
AllowedValues:
- "true"
- "false"
Default: "false"
Type: String
XrayVersion:
Description: The version of Xray that you want to deploy into the Quick Start.
AllowedPattern: ^(([0-9]|[1-9][0-9])\.){2}([1-9][0-9]|[0-9])$
ConstraintDescription: A version that matches X.X.X per Xray releases.
Default: 3.27.2
Type: String
XrayInstanceType:
Description: The EC2 instance type for the Xray instances.
AllowedValues:
- c5.2xlarge
- c5.4xlarge
ConstraintDescription: Must contain valid instance type.
Default: c5.2xlarge
Type: String
Conditions:
UsingDefaultBucket: !Equals [!Ref QsS3BucketName, 'aws-quickstart']
Resources:
ArtifactoryExistingVpcStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Sub
- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-ec2-existing-vpc.template.yaml
- S3Bucket: !If [UsingDefaultBucket, !Sub '${QsS3BucketName}-${AWS::Region}', !Ref 'QsS3BucketName']
S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref 'QsS3BucketRegion']
Parameters:
KeyPairName: !Ref KeyPairName
ProvisionBastionHost: "Enabled"
AccessCidr: !Ref AccessCidr
RemoteAccessCidr: !Ref RemoteAccessCidr
ArtifactoryVersion: !Ref ArtifactoryVersion
VolumeSize: !Ref VolumeSize
InstanceType: !Ref InstanceType
NumberOfSecondary: 0
SmLicenseName: !Ref SmLicenseName
SmCertName: !Ref SmCertName
ArtifactoryServerName: !Ref ArtifactoryServerName
MasterKey: !Ref MasterKey
DatabasePassword: !Ref DatabasePassword
DatabaseInstance: !Ref DatabaseInstance
DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage
DatabasePreferredAz: !Ref DatabasePreferredAz
MultiAzDatabase: false
QsS3BucketName: !Ref QsS3BucketName
QsS3KeyPrefix: !Ref QsS3KeyPrefix
QsS3BucketRegion: !Ref QsS3BucketRegion
InstallXray: !Ref InstallXray
XrayVersion: !Ref XrayVersion
XrayInstanceType: !Ref XrayInstanceType
XrayDatabasePassword: !Ref DatabasePassword
VpcId: !Ref VpcId
PublicSubnet1Id: !Ref PublicSubnet1Id
PublicSubnet2Id: !Ref PublicSubnet2Id
PrivateSubnet1Id: !Ref PrivateSubnet1Id
PrivateSubnet2Id: !Ref PrivateSubnet2Id
PrivateSubnet1Cidr: !Ref PrivateSubnet1Cidr
PrivateSubnet2Cidr: !Ref PrivateSubnet2Cidr
Outputs:
ArtifactoryUrl:
Description: URL of the ELB to access Artifactory
Value: !Sub ${ArtifactoryExistingVpcStack.Outputs.ArtifactoryUrl}

293
Amazon/artifactory7/v7215/templates/jfrog-artifactory-pro-ec2-new-vpc-main.template.yaml Normal file
View File

@@ -0,0 +1,293 @@
AWSTemplateFormatVersion: '2010-09-09'
Description: 'JFrog Artifactory Quick Start Deployment into an Existing VPC (qs-1q037efj0)'
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: AWS Quick Start configuration
Parameters:
- QsS3BucketName
- QsS3KeyPrefix
- QsS3BucketRegion
- Label:
default: Essential configuration
Parameters:
- KeyPairName
- DatabasePassword
- Label:
default: Network configuration
Parameters:
- AvailabilityZones
- Label:
default: Security configuration
Parameters:
- AccessCidr
- RemoteAccessCidr
- Label:
default: Amazon EC2 configuration
Parameters:
- VolumeSize
- InstanceType
- Label:
default: JFrog Artifactory configuration
Parameters:
- ArtifactoryVersion
- SmLicenseName
- SmCertName
- ArtifactoryServerName
- MasterKey
- Label:
default: Amazon RDS configuration
Parameters:
- DatabaseInstance
- DatabaseAllocatedStorage
- Label:
default: JFrog Xray Configuration
Parameters:
- InstallXray
- XrayVersion
- XrayInstanceType
ParameterLabels:
QsS3BucketName:
default: Quick Start S3 bucket name
QsS3KeyPrefix:
default: Quick Start S3 key prefix
QsS3BucketRegion:
default: Quick Start S3 bucket region
KeyPairName:
default: SSH key name
AccessCidr:
default: Permitted IP range
RemoteAccessCidr:
default: Remote access CIDR
AvailabilityZones:
default: Availability Zones
VolumeSize:
default: EBS root volume size
InstanceType:
default: EC2 instance type
ArtifactoryVersion:
default: Artifactory version
SmLicenseName:
default: Artifactory licenses secret name
SmCertName:
default: Artifactory certificate secret name
ArtifactoryServerName:
default: Artifactory server name
MasterKey:
default: Master server key
DatabasePassword:
default: Database password
DatabaseInstance:
default: Database instance type
DatabaseAllocatedStorage:
default: Database allocated storage
InstallXray:
default: Install JFrog Xray
XrayVersion:
default: Version of Xray to install
XrayInstanceType:
default: Xray instance type
Parameters:
QsS3BucketName:
Description: S3 bucket name for the Quick Start assets. This string can include
numbers, lowercase letters, and hyphens (-). It cannot start
or end with a hyphen (-).
AllowedPattern: ^[0-9a-z]+([0-9a-z-]*[0-9a-z])*$
ConstraintDescription: Quick Start bucket name can include numbers, lowercase
letters, and hyphens (-). It cannot start or end with a hyphen (-).
Default: jfrog-aws
Type: String
QsS3KeyPrefix:
Description: S3 key prefix for the Quick Start assets. Quick Start key prefix
can include numbers, lowercase letters, uppercase letters, hyphens (-), and
forward slash (/).
AllowedPattern: ^[0-9a-zA-Z-/]*$
ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters,
uppercase letters, hyphens (-), and forward slash (/).
Default: artifactory7/latest/
Type: String
QsS3BucketRegion:
Default: 'us-east-1'
Description: AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. If you use your own bucket, you must specify your own value.
Type: String
KeyPairName:
Description: Name of an existing key pair,
which allows you to connect securely to your instance after it launches.
This is the key pair you created in your preferred Region.
Type: AWS::EC2::KeyPair::KeyName
AccessCidr:
Description: CIDR IP range that is permitted to access Artifactory.
We recommend that you set this value to a trusted IP range.
For example, you might want to grant only your corporate network access to the software.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
Default: 0.0.0.0/0
Type: String
RemoteAccessCidr:
Description: Remote CIDR range that allows you to connect to the bastion instance by using SSH.
It is recommended that you set this value to a trusted IP range.
For example, you may want to grant specific ranges from within your corporate network that use the SSH protocol.
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
Type: String
AvailabilityZones:
Description: List of Availability Zones to use for the subnets in the VPC. Two
Availability Zones are used for this deployment.
Type: List<AWS::EC2::AvailabilityZone::Name>
VolumeSize:
Description: Size in gigabytes of the available storage (min 10GB); the Quick Start will create an
Amazon Elastic Block Store (Amazon EBS) volumes of this size.
Default: 100
Type: Number
InstanceType:
Description: EC2 type for the Artifactory instances.
AllowedValues:
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m5.metal
- m5d.large
- m5d.xlarge
- m5d.2xlarge
- m5d.4xlarge
- m5d.8xlarge
- m5d.12xlarge
- m5d.16xlarge
- m5d.24xlarge
- m5d.metal
- m5a.large
- m5a.xlarge
- m5a.2xlarge
- m5a.4xlarge
- m5a.8xlarge
- m5a.12xlarge
- m5a.16xlarge
- m5a.24xlarge
ConstraintDescription: Must contain valid instance type.
Default: m5.xlarge
Type: String
ArtifactoryVersion:
Description: Version of Artifactory that you want to deploy into the Quick Start.
To select the correct version, see the release notes at
https://www.jfrog.com/confluence/display/RTF/Release+Notes.
Default: 7.21.5
Type: String
SmLicenseName:
Description: Secret name created in AWS Secrets Manager, which contains the Artifactory licenses.
Default: ''
Type: String
SmCertName:
Description: Secret name created in AWS Secrets Manager, which contains the SSL certificate and certificate key.
Default: ''
Type: String
ArtifactoryServerName:
Description: Name of your Artifactory server. Ensure that this matches your certificate.
Default: 'artifactory'
Type: String
MasterKey:
Description: Master key for the Artifactory cluster. Generate a master key by using the command '$openssl rand -hex 16'.
AllowedPattern: ^[a-zA-Z0-9]+$
MinLength: '1'
MaxLength: '64'
ConstraintDescription: Only capital or lowercase letters and numbers, with a Max of 64 characters.
NoEcho: 'true'
Default: 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF'
Type: String
DatabasePassword:
Description: Password for the Artifactory database user.
AllowedPattern: ^[^ \\'"]+$
MinLength: '8'
MaxLength: '20'
ConstraintDescription: Must be at least 8 and no more than 20 printable ASCII characters (letters, numbers and symbols.
Can't contain any of / (slash), '(single quote), "(double quote) and @ (at sign).
NoEcho: 'true'
Type: String
DatabaseInstance:
Description: Size of the database to be deployed as part of the Quick Start.
AllowedValues:
- db.m5.large
- db.m5.xlarge
- db.m5.2xlarge
- db.m5.4xlarge
- db.m5.8xlarge
- db.m5.12xlarge
- db.m5.16xlarge
- db.m5.24xlarge
ConstraintDescription: Must be a valid database Instance Type.
Default: db.m5.large
Type: String
DatabaseAllocatedStorage:
Description: Size in gigabytes of the available storage for the database instance.
MinValue: 5
MaxValue: 1024
Default: 10
Type: Number
InstallXray:
Description: Choose true to install JFrog Xray instance(s).
ConstraintDescription: True or False
AllowedValues:
- "true"
- "false"
Default: "false"
Type: String
XrayVersion:
Description: The version of Xray that you want to deploy into the Quick Start.
Default: 3.27.2
Type: String
XrayInstanceType:
Description: The EC2 instance type for the Xray instances.
AllowedValues:
- c5.2xlarge
- c5.4xlarge
ConstraintDescription: Must contain valid instance type.
Default: c5.2xlarge
Type: String
Conditions:
UsingDefaultBucket: !Equals [!Ref QsS3BucketName, 'aws-quickstart']
Resources:
ArtifactoryNewVpcStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Sub
- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QsS3KeyPrefix}templates/jfrog-artifactory-ec2-main.template.yaml
- S3Bucket: !If [UsingDefaultBucket, !Sub '${QsS3BucketName}-${AWS::Region}', !Ref 'QsS3BucketName']
S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref 'QsS3BucketRegion']
Parameters:
KeyPairName: !Ref KeyPairName
ProvisionBastionHost: "Enabled"
AccessCidr: !Ref AccessCidr
RemoteAccessCidr: !Ref RemoteAccessCidr
ArtifactoryVersion: !Ref ArtifactoryVersion
VolumeSize: !Ref VolumeSize
InstanceType: !Ref InstanceType
NumberOfSecondary: 0
SmLicenseName: !Ref SmLicenseName
SmCertName: !Ref SmCertName
ArtifactoryServerName: !Ref ArtifactoryServerName
MasterKey: !Ref MasterKey
DatabasePassword: !Ref DatabasePassword
DatabaseInstance: !Ref DatabaseInstance
DatabaseAllocatedStorage: !Ref DatabaseAllocatedStorage
DatabasePreferredAz: !Select
- '0'
- !Ref 'AvailabilityZones'
MultiAzDatabase: false
QsS3BucketName: !Ref QsS3BucketName
QsS3KeyPrefix: !Ref QsS3KeyPrefix
QsS3BucketRegion: !Ref QsS3BucketRegion
InstallXray: !Ref InstallXray
XrayVersion: !Ref XrayVersion
XrayInstanceType: !Ref XrayInstanceType
XrayDatabasePassword: !Ref DatabasePassword
AvailabilityZones:
Fn::Join:
- ','
- Ref: AvailabilityZones
Outputs:
ArtifactoryUrl:
Description: URL of the ELB to access Artifactory
Value: !Sub ${ArtifactoryNewVpcStack.Outputs.ArtifactoryUrl}

342
Amazon/artifactory7/v7215/templates/jfrog-xray-ec2-instance.template.yaml Normal file
View File

@@ -0,0 +1,342 @@
AWSTemplateFormatVersion: "2010-09-09"
Description: "Xray: Deploys the EC2 Autoscaling, LaunchConfig and instances (qs-1rtidak0g)"
Metadata:
cfn-lint:
config:
ignore_checks:
- W9006
- W9002
- W9003
- W9004
- E9101
ignore_reasons:
- E9101: "'master' is part of the product naming conventions for now"
Parameters:
PrivateSubnet1Id:
Type: 'AWS::EC2::Subnet::Id'
PrivateSubnet2Id:
Type: 'AWS::EC2::Subnet::Id'
KeyPairName:
Type: AWS::EC2::KeyPair::KeyName
MinScalingNodes:
Type: Number
MaxScalingNodes:
Type: Number
DeploymentTag:
Type: String
QsS3BucketName:
Type: String
QsS3KeyPrefix:
Type: String
QsS3Uri:
Type: String
DatabaseDriver:
Type: String
DatabaseType:
Type: String
DatabaseUser:
Type: String
DatabasePassword:
Type: String
NoEcho: 'true'
MasterKey:
Type: String
NoEcho: 'true'
ExtraJavaOptions:
Type: String
SecurityGroups:
Type: String
XrayHostProfile:
Type: String
XrayHostRole:
Type: String
XrayInstanceType:
Type: String
JfrogInternalUrl:
Type: String
VolumeSize:
Type: Number
XrayDatabaseUser:
Type: String
XrayDatabasePassword:
Type: String
NoEcho: 'true'
XrayMasterDatabaseUrl:
Type: String
XrayDatabaseUrl:
Type: String
XrayVersion:
Type: String
# To populate additional mappings use the following with the desired --region
# aws --region us-west-2 ec2 describe-images --owners amazon --filters 'Name=name,Values=amzn-ami-hvm-2018.03.0.20181129-x86_64-gp2' 'Name=state,Values=available' --output json | jq -r '.Images | sort_by(.CreationDate) | last(.[]).ImageId'
Mappings:
AWSAMIRegionMap:
ap-northeast-1:
CentOS7HVM: "ami-06a46da680048c8ae"
ap-northeast-2:
CentOS7HVM: "ami-06e83aceba2cb0907"
ap-south-1:
CentOS7HVM: "ami-026f33d38b6410e30"
ap-southeast-1:
CentOS7HVM: "ami-07f65177cb990d65b"
ap-southeast-2:
CentOS7HVM: "ami-0b2045146eb00b617"
ca-central-1:
CentOS7HVM: "ami-04a25c39dc7a8aebb"
eu-central-1:
CentOS7HVM: "ami-0e8286b71b81c3cc1"
me-south-1:
CentOS7HVM: "ami-011c71a894b10f35b"
ap-east-1:
CentOS7HVM: "ami-0e5c29e6c87a9644f"
eu-north-1:
CentOS7HVM: "ami-05788af9005ef9a93"
eu-south-1:
CentOS7HVM: "ami-0a84267606bcea16b"
eu-west-1:
CentOS7HVM: "ami-0b850cf02cc00fdc8"
eu-west-2:
CentOS7HVM: "ami-09e5afc68eed60ef4"
eu-west-3:
CentOS7HVM: "ami-0cb72d2e599cffbf9"
sa-east-1:
CentOS7HVM: "ami-0b30f38d939dd4b54"
us-east-1:
CentOS7HVM: "ami-0affd4508a5d2481b"
us-east-2:
CentOS7HVM: "ami-01e36b7901e884a10"
us-west-1:
CentOS7HVM: "ami-098f55b4287a885ba"
us-west-2:
CentOS7HVM: "ami-0bc06212a56393ee1"
cn-north-1:
CentOS7HVM: "ami-0e02aaefeb74c3373"
cn-northwest-1:
CentOS7HVM: "ami-07183a7702633260b"
us-gov-east-1:
CentOS7HVM: "ami-00e30c71"
us-gov-west-1:
CentOS7HVM: "ami-bbba86da"
Conditions:
IsArtifactoryPro: !Equals [!Ref MaxScalingNodes, '1']
Resources:
XrayScalingGroup:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
LaunchConfigurationName: !Ref XrayLaunchConfiguration
VPCZoneIdentifier:
!If [IsArtifactoryPro, [!Ref PrivateSubnet1Id], [!Ref PrivateSubnet1Id, !Ref PrivateSubnet2Id]]
MinSize: !Ref MinScalingNodes
MaxSize: !Ref MaxScalingNodes
Cooldown: '300'
DesiredCapacity: !Ref MinScalingNodes
HealthCheckType: EC2
HealthCheckGracePeriod: 1800
Tags:
- Key: Name
Value: !Ref DeploymentTag
PropagateAtLaunch: true
- Key: XrayVersion
Value: !Ref XrayVersion
PropagateAtLaunch: true
TerminationPolicies:
- OldestInstance
- Default
CreationPolicy:
ResourceSignal:
Count: !Ref MinScalingNodes
Timeout: PT60M
XrayLaunchConfiguration:
Type: AWS::AutoScaling::LaunchConfiguration
Metadata:
AWS::CloudFormation::Authentication:
S3AccessCreds:
type: S3
roleName:
- !Ref XrayHostRole
buckets:
- !Ref QsS3BucketName
AWS::CloudFormation::Init:
configSets:
xray_ami_setup:
- "config-cloudwatch"
- "config-ansible-xray-ami"
xray_install:
- "config-cloudwatch"
- "config-ansible-xray-ami"
- "config-xray"
- "secure-xray"
config-cloudwatch:
files:
/root/cloudwatch.conf:
content: |
[general]
state_file = /var/awslogs/state/agent-state
[/var/log/messages]
file = /var/log/messages
log_group_name = /xray/instances/{instance_id}
log_stream_name = /var/log/messages/
datetime_format = %b %d %H:%M:%S
[/var/log/xray-ami-setup.log]
file = /var/log/messages
log_group_name = /xray/instances/{instance_id}
log_stream_name = /var/log/xray-ami-setup.log
datetime_format = %b %d %H:%M:%S
[/var/log/xray.log]
file = /var/log/messages
log_group_name = /xray/instances/{instance_id}
log_stream_name = /var/log/xray.log
datetime_format = %b %d %H:%M:%S
mode: "0400"
config-ansible-xray-ami:
files:
/root/.xray_ami/xray-ami-setup.yml:
content: !Sub |
# Base install for Xray
- import_playbook: xray-ami.yml
vars:
ami_creation: false
db_type: postgresql
db_driver: org.postgresql.Driver
xray_version: ${XrayVersion}
xray_ha_enabled: false
mode: "0400"
config-xray:
files:
/root/.xray_ami/xray.yml:
content: !Sub |
# Base install for Xray
- import_playbook: site-xray.yml
vars:
jfrog_url: ${JfrogInternalUrl}
master_key: ${MasterKey}
join_key: ${MasterKey}
extra_java_opts: ${ExtraJavaOptions}
db_type: ${DatabaseType}
db_driver: ${DatabaseDriver}
db_master_url: postgresql://${DatabaseUser}:${DatabasePassword}@${XrayMasterDatabaseUrl}
db_url: postgres://${XrayDatabaseUrl}
db_master_user: ${DatabaseUser}
db_user: ${XrayDatabaseUser}
db_password: ${XrayDatabasePassword}
xray_version: ${XrayVersion}
mode: "0400"
/root/.vault_pass.txt:
content: !Sub |
${DatabasePassword}
mode: "0400"
/root/.secureit.sh:
content:
ansible-vault encrypt /root/.xray_ami/xray.yml --vault-id /root/.vault_pass.txt
mode: "0770"
secure-xray:
commands:
'secure ansible playbook':
command: '/root/.secureit.sh'
ignoreErrors: 'false'
Properties:
KeyName: !Ref KeyPairName
IamInstanceProfile: !Ref XrayHostProfile
ImageId: !FindInMap
- AWSAMIRegionMap
- !Ref AWS::Region
- 'CentOS7HVM'
SecurityGroups:
- !Ref SecurityGroups
InstanceType: !Ref XrayInstanceType
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
VolumeSize: !Ref VolumeSize
VolumeType: gp2
DeleteOnTermination: true
Encrypted: true
UserData:
Fn::Base64:
!Sub |
#!/bin/bash -x
exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1
#CFN Functions
function cfn_fail
{
cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource XrayScalingGroup
exit 1
}
function cfn_success
{
cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource XrayScalingGroup
exit 0
}
S3URI=${QsS3Uri}
yum update --security -y &> /var/log/userdata.yum_security_update.log
yum install -y git python3 libselinux-python3
yum install -y postgresql-server postgresql-devel
echo $PATH
PATH=/opt/aws/bin:$PATH
echo $PATH
# Create virtual env and activate
python3 -m venv ~/venv --system-site-packages
source ~/venv/bin/activate
pip install --upgrade pip
pip install wheel
# Install Cloudformation helper scripts
pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz 2>&1 | tee /var/log/userdata.aws_cfn_bootstrap_install.log
pip install awscli &> /var/log/userdata.awscli_install.log
pip install ansible &> /var/log/userdata.ansible_install.log
mkdir ~/.xray_ami
aws s3 --region ${AWS::Region} sync s3://${QsS3BucketName}/${QsS3KeyPrefix}cloudInstallerScripts/ ~/.xray_ami/
setsebool httpd_can_network_connect 1 -P
# CentOS cloned virtual machines do not create a new machine id
# https://www.thegeekdiary.com/centos-rhel-7-how-to-change-the-machine-id/
rm -f /etc/machine-id
systemd-machine-id-setup
cfn-init -v --stack ${AWS::StackName} --resource XrayLaunchConfiguration --configsets xray_install --region ${AWS::Region} || cfn_fail
# Setup CloudWatch Agent
curl https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py -O
chmod +x ./awslogs-agent-setup.py
./awslogs-agent-setup.py -n -r ${AWS::Region} -c /root/cloudwatch.conf
lsblk # debug
ansible-galaxy collection install community.general ansible.posix
ansible-playbook /root/.xray_ami/xray-ami-setup.yml --vault-id /root/.vault_pass.txt 2>&1 | tee /var/log/xray-ami.log || cfn_fail
ansible-playbook /root/.xray_ami/xray.yml --vault-id /root/.vault_pass.txt 2>&1 | tee /var/log/xray.log || cfn_fail
rm -rf /root/.secureit.sh
cfn_success &> /var/log/cfn_success.log
cfn_success || cfn_fail