mirror of
https://github.com/ZwareBear/JFrog-Cloud-Installers.git
synced 2026-01-21 01:06:55 -06:00
upgraded to artifactory 7.21.5 and xray 3.27.2
This commit is contained in:
Vinay Aggarwal
@@ -1,44 +0,0 @@
|
|||||||
- name: setup directory symlink for using custom data directory/volume
|
|
||||||
block:
|
|
||||||
- name: Create a xfs filesystem on /dev/nvme1n1
|
|
||||||
# First non-root device is always mapped to /dev/nvme1n1
|
|
||||||
# See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html
|
|
||||||
community.general.filesystem:
|
|
||||||
dev: /dev/nvme1n1
|
|
||||||
fstype: xfs
|
|
||||||
|
|
||||||
- name: ensure external data directory exists
|
|
||||||
file:
|
|
||||||
path: "{{ custom_data_directory }}"
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: Mount the EBS volume
|
|
||||||
ansible.posix.mount:
|
|
||||||
path: "{{ custom_data_directory }}"
|
|
||||||
src: /dev/nvme1n1
|
|
||||||
state: mounted
|
|
||||||
fstype: xfs
|
|
||||||
|
|
||||||
- name: set custom data directory permission
|
|
||||||
file:
|
|
||||||
path: "{{ custom_data_directory }}"
|
|
||||||
state: directory
|
|
||||||
recurse: yes
|
|
||||||
owner: "{{ artifactory_user }}"
|
|
||||||
group: "{{ artifactory_group }}"
|
|
||||||
mode: "u=rwX,g=rwX,o=rwX"
|
|
||||||
|
|
||||||
- name: remove var directory if exists
|
|
||||||
file:
|
|
||||||
path: "{{ artifactory_home }}/var"
|
|
||||||
state: absent
|
|
||||||
|
|
||||||
- name: symlink custom data directory to var
|
|
||||||
file:
|
|
||||||
src: "{{ custom_data_directory }}"
|
|
||||||
path: "{{ artifactory_home }}/var"
|
|
||||||
state: link
|
|
||||||
owner: "{{ artifactory_user }}"
|
|
||||||
group: "{{ artifactory_group }}"
|
|
||||||
become: yes
|
|
||||||
when: use_custom_data_directory and custom_data_directory is defined
|
|
||||||
@@ -1,44 +0,0 @@
|
|||||||
- name: setup directory symlink for using custom data directory/volume
|
|
||||||
block:
|
|
||||||
- name: Create a xfs filesystem on /dev/nvme1n1
|
|
||||||
# First non-root device is always mapped to /dev/nvme1n1
|
|
||||||
# See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html
|
|
||||||
community.general.filesystem:
|
|
||||||
dev: /dev/nvme1n1
|
|
||||||
fstype: xfs
|
|
||||||
|
|
||||||
- name: ensure external data directory exists
|
|
||||||
file:
|
|
||||||
path: "{{ custom_data_directory }}"
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: Mount the EBS volume
|
|
||||||
ansible.posix.mount:
|
|
||||||
path: "{{ custom_data_directory }}"
|
|
||||||
src: /dev/nvme1n1
|
|
||||||
state: mounted
|
|
||||||
fstype: xfs
|
|
||||||
|
|
||||||
- name: set custom data directory permission
|
|
||||||
file:
|
|
||||||
path: "{{ custom_data_directory }}"
|
|
||||||
state: directory
|
|
||||||
recurse: yes
|
|
||||||
owner: "{{ xray_user }}"
|
|
||||||
group: "{{ xray_group }}"
|
|
||||||
mode: "u=rwX,g=rwX,o=rwX"
|
|
||||||
|
|
||||||
- name: remove var directory if exists
|
|
||||||
file:
|
|
||||||
path: "{{ xray_home }}/var"
|
|
||||||
state: absent
|
|
||||||
|
|
||||||
- name: symlink custom data directory to var
|
|
||||||
file:
|
|
||||||
src: "{{ custom_data_directory }}"
|
|
||||||
path: "{{ xray_home }}/var"
|
|
||||||
state: link
|
|
||||||
owner: "{{ xray_user }}"
|
|
||||||
group: "{{ xray_group }}"
|
|
||||||
become: yes
|
|
||||||
when: use_custom_data_directory and custom_data_directory is defined
|
|
||||||
@@ -0,0 +1,51 @@
|
|||||||
|
---
|
||||||
|
# defaults file for artifactory
|
||||||
|
# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone)
|
||||||
|
ansible_marketplace: standalone
|
||||||
|
|
||||||
|
# whether we are creating a AMI for Marketplace or just for configuring EC2 instance
|
||||||
|
ami_creation: false
|
||||||
|
|
||||||
|
# The version of Artifactory to install
|
||||||
|
artifactory_version: 7.15.3
|
||||||
|
|
||||||
|
# licenses file - specify a licenses file or specify up to 5 licenses
|
||||||
|
artifactory_license1:
|
||||||
|
artifactory_license2:
|
||||||
|
artifactory_license3:
|
||||||
|
artifactory_license4:
|
||||||
|
artifactory_license5:
|
||||||
|
artifactory_license6:
|
||||||
|
|
||||||
|
# whether to enable HA
|
||||||
|
artifactory_ha_enabled: true
|
||||||
|
|
||||||
|
# value for whether a host is primary. this should be set in host vars
|
||||||
|
artifactory_is_primary: true
|
||||||
|
|
||||||
|
# The location where Artifactory should install.
|
||||||
|
artifactory_download_directory: /opt/jfrog
|
||||||
|
|
||||||
|
# The location where Artifactory should store data.
|
||||||
|
artifactory_file_store_dir: /data
|
||||||
|
|
||||||
|
extra_java_opts: -server -Xms2g -Xmx14g -Xss256k -XX:+UseG1GC
|
||||||
|
|
||||||
|
artifactory_tar: https://releases.jfrog.io/artifactory/artifactory-pro/org/artifactory/pro/jfrog-artifactory-pro/{{ artifactory_version }}/jfrog-artifactory-pro-{{ artifactory_version }}-linux.tar.gz
|
||||||
|
|
||||||
|
artifactory_home: "{{ artifactory_download_directory }}/artifactory-pro-{{ artifactory_version }}"
|
||||||
|
db_download_url: "https://jdbc.postgresql.org/download/postgresql-42.2.12.jar"
|
||||||
|
|
||||||
|
artifactory_user: artifactory
|
||||||
|
artifactory_group: artifactory
|
||||||
|
|
||||||
|
# Set the parameters required for the service.
|
||||||
|
service_list:
|
||||||
|
- name: artifactory
|
||||||
|
description: Start script for Artifactory
|
||||||
|
start_command: "{{ artifactory_home }}/bin/artifactory.sh start"
|
||||||
|
stop_command: "{{ artifactory_home }}/bin/artifactory.sh stop"
|
||||||
|
type: forking
|
||||||
|
status_pattern: artifactory
|
||||||
|
user_name: "{{ artifactory_user }}"
|
||||||
|
group_name: "{{ artifactory_group }}"
|
||||||
@@ -51,7 +51,7 @@
|
|||||||
owner: "{{ artifactory_user }}"
|
owner: "{{ artifactory_user }}"
|
||||||
group: "{{ artifactory_group }}"
|
group: "{{ artifactory_group }}"
|
||||||
loop:
|
loop:
|
||||||
- "bootstrap"
|
- "bootstrap/artifactory/tomcat/lib"
|
||||||
- "etc"
|
- "etc"
|
||||||
become: yes
|
become: yes
|
||||||
|
|
||||||
@@ -20,7 +20,8 @@ shared:
|
|||||||
id: {{ ansible_machine_id }}
|
id: {{ ansible_machine_id }}
|
||||||
|
|
||||||
## Sets this node as primary in HA installation
|
## Sets this node as primary in HA installation
|
||||||
primary: {{ artifactory_is_primary }}
|
# primary: {{ artifactory_is_primary }}
|
||||||
|
Affinity: "any"
|
||||||
|
|
||||||
## Sets this node as part of HA installation
|
## Sets this node as part of HA installation
|
||||||
haEnabled: {{ artifactory_ha_enabled }}
|
haEnabled: {{ artifactory_ha_enabled }}
|
||||||
@@ -4,7 +4,7 @@
|
|||||||
ansible_marketplace: standalone
|
ansible_marketplace: standalone
|
||||||
|
|
||||||
# The version of Artifactory to install
|
# The version of Artifactory to install
|
||||||
artifactory_version: 7.15.3
|
artifactory_version: 7.19.4
|
||||||
|
|
||||||
# licenses - cluster license content in json
|
# licenses - cluster license content in json
|
||||||
artifactory_licenses:
|
artifactory_licenses:
|
||||||
@@ -21,19 +21,10 @@ artifactory_download_directory: /opt/jfrog
|
|||||||
# The location where Artifactory should store data.
|
# The location where Artifactory should store data.
|
||||||
artifactory_file_store_dir: /data
|
artifactory_file_store_dir: /data
|
||||||
|
|
||||||
# whether to customer data directory
|
|
||||||
use_custom_data_directory: false
|
|
||||||
|
|
||||||
# location for customer directory. Will be symlink to as artifactory/var
|
|
||||||
custom_data_directory: /artifactory-user-data
|
|
||||||
|
|
||||||
# Pick the Artifactory flavour to install, can be also cpp-ce, jcr, pro.
|
|
||||||
artifactory_flavour: pro
|
|
||||||
|
|
||||||
extra_java_opts: -server -Xms2g -Xmx14g -Xss256k -XX:+UseG1GC
|
extra_java_opts: -server -Xms2g -Xmx14g -Xss256k -XX:+UseG1GC
|
||||||
|
|
||||||
artifactory_tar: https://releases.jfrog.io/artifactory/artifactory-pro/org/artifactory/{{ artifactory_flavour }}/jfrog-artifactory-{{ artifactory_flavour }}/{{ artifactory_version }}/jfrog-artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}-linux.tar.gz
|
artifactory_tar: https://releases.jfrog.io/artifactory/artifactory-pro/org/artifactory/pro/jfrog-artifactory-pro/{{ artifactory_version }}/jfrog-artifactory-pro-{{ artifactory_version }}-linux.tar.gz
|
||||||
artifactory_home: "{{ artifactory_download_directory }}/artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}"
|
artifactory_home: "{{ artifactory_download_directory }}/artifactory-pro-{{ artifactory_version }}"
|
||||||
|
|
||||||
artifactory_user: artifactory
|
artifactory_user: artifactory
|
||||||
artifactory_group: artifactory
|
artifactory_group: artifactory
|
||||||
@@ -31,10 +31,6 @@
|
|||||||
group: "{{ artifactory_group }}"
|
group: "{{ artifactory_group }}"
|
||||||
become: yes
|
become: yes
|
||||||
|
|
||||||
- name: setup directory symlink for using custom data directory/volume
|
|
||||||
include_tasks: custom-data-directory.yml
|
|
||||||
when: use_custom_data_directory and custom_data_directory is defined
|
|
||||||
|
|
||||||
- name: ensure data subdirectories exist and have correct ownership
|
- name: ensure data subdirectories exist and have correct ownership
|
||||||
file:
|
file:
|
||||||
path: "{{ artifactory_home }}/var/{{ item }}"
|
path: "{{ artifactory_home }}/var/{{ item }}"
|
||||||
@@ -112,21 +108,44 @@
|
|||||||
shell: "{{ artifactory_home }}/app/bin/installService.sh"
|
shell: "{{ artifactory_home }}/app/bin/installService.sh"
|
||||||
become: yes
|
become: yes
|
||||||
|
|
||||||
|
- name: Delete plugin folder
|
||||||
|
file:
|
||||||
|
state: absent
|
||||||
|
path: "{{ artifactory_home }}/var/etc/artifactory/plugins"
|
||||||
|
|
||||||
|
- name: symlink plugin folder to EFS
|
||||||
|
file:
|
||||||
|
src: "/efsmount/plugins"
|
||||||
|
path: "{{ artifactory_home }}/var/etc/artifactory/plugins"
|
||||||
|
state: link
|
||||||
|
owner: "{{ artifactory_user }}"
|
||||||
|
group: "{{ artifactory_group }}"
|
||||||
|
|
||||||
|
- name: ensure data subdirectories exist and have correct ownership
|
||||||
|
file:
|
||||||
|
path: "{{ artifactory_home }}/var/{{ item }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ artifactory_user }}"
|
||||||
|
group: "{{ artifactory_group }}"
|
||||||
|
loop:
|
||||||
|
- "etc/artifactory/plugins"
|
||||||
|
become: yes
|
||||||
|
|
||||||
- name: start and enable the primary node
|
- name: start and enable the primary node
|
||||||
service:
|
service:
|
||||||
name: artifactory
|
name: artifactory
|
||||||
state: restarted
|
state: restarted
|
||||||
become: yes
|
become: yes
|
||||||
when: artifactory_is_primary == true
|
# when: artifactory_is_primary == true
|
||||||
|
|
||||||
- name: random wait before restarting to prevent secondary nodes from hitting DB first
|
# - name: random wait before restarting to prevent secondary nodes from hitting DB first
|
||||||
pause:
|
# pause:
|
||||||
seconds: "{{ 120 | random + 10}}"
|
# seconds: "{{ 120 | random + 10}}"
|
||||||
when: artifactory_is_primary == false
|
# when: artifactory_is_primary == false
|
||||||
|
|
||||||
- name: start and enable the secondary nodes
|
# - name: start and enable the secondary nodes
|
||||||
service:
|
# service:
|
||||||
name: artifactory
|
# name: artifactory
|
||||||
state: restarted
|
# state: restarted
|
||||||
become: yes
|
# become: yes
|
||||||
when: artifactory_is_primary == false
|
# when: artifactory_is_primary == false
|
||||||
@@ -22,7 +22,8 @@ shared:
|
|||||||
id: {{ ansible_machine_id }}
|
id: {{ ansible_machine_id }}
|
||||||
|
|
||||||
## Sets this node as primary in HA installation
|
## Sets this node as primary in HA installation
|
||||||
primary: {{ artifactory_is_primary }}
|
# primary: {{ artifactory_is_primary }}
|
||||||
|
Affinity: "any"
|
||||||
|
|
||||||
## Sets this node as part of HA installation
|
## Sets this node as part of HA installation
|
||||||
haEnabled: {{ artifactory_ha_enabled }}
|
haEnabled: {{ artifactory_ha_enabled }}
|
||||||
@@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
- name: Install db-utl
|
- name: Install db-utl
|
||||||
yum:
|
yum:
|
||||||
name: "{{ xray_home }}/app/third-party/misc/libdb-utils-5.3.21-19.el7.x86_64.rpm"
|
name: "{{ xray_home }}/app/third-party/misc/libdb-utils-5.3.21-25.el7.x86_64.rpm"
|
||||||
state: present
|
state: present
|
||||||
vars:
|
vars:
|
||||||
ansible_python_interpreter: /bin/python2
|
ansible_python_interpreter: /bin/python2
|
||||||
@@ -12,12 +12,6 @@ xray_ha_enabled: true
|
|||||||
# The location where xray should install.
|
# The location where xray should install.
|
||||||
xray_download_directory: /opt/jfrog
|
xray_download_directory: /opt/jfrog
|
||||||
|
|
||||||
# whether to customer data directory
|
|
||||||
use_custom_data_directory: false
|
|
||||||
|
|
||||||
# location for customer directory. Will be symlink to as artifactory/var
|
|
||||||
custom_data_directory: /xray-user-data
|
|
||||||
|
|
||||||
# The remote xray download file
|
# The remote xray download file
|
||||||
xray_tar: https://releases.jfrog.io/artifactory/jfrog-xray/xray-linux/{{ xray_version }}/jfrog-xray-{{ xray_version }}-linux.tar.gz
|
xray_tar: https://releases.jfrog.io/artifactory/jfrog-xray/xray-linux/{{ xray_version }}/jfrog-xray-{{ xray_version }}-linux.tar.gz
|
||||||
|
|
||||||
@@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
- name: Install db-utl
|
- name: Install db-utl
|
||||||
yum:
|
yum:
|
||||||
name: "{{ xray_home }}/app/third-party/misc/libdb-utils-5.3.21-19.el7.x86_64.rpm"
|
name: "{{ xray_home }}/app/third-party/misc/libdb-utils-5.3.21-25.el7.x86_64.rpm"
|
||||||
state: present
|
state: present
|
||||||
vars:
|
vars:
|
||||||
ansible_python_interpreter: /bin/python2
|
ansible_python_interpreter: /bin/python2
|
||||||
@@ -24,10 +24,6 @@
|
|||||||
- name: perform prerequisite installation
|
- name: perform prerequisite installation
|
||||||
include_tasks: "{{ ansible_os_family }}.yml"
|
include_tasks: "{{ ansible_os_family }}.yml"
|
||||||
|
|
||||||
- name: setup directory symlink for using custom data directory/volume
|
|
||||||
include_tasks: custom-data-directory.yml
|
|
||||||
when: use_custom_data_directory and custom_data_directory is defined
|
|
||||||
|
|
||||||
- name: ensure data subdirectories exist and have correct ownership
|
- name: ensure data subdirectories exist and have correct ownership
|
||||||
file:
|
file:
|
||||||
path: "{{ xray_home }}/var/{{ item }}"
|
path: "{{ xray_home }}/var/{{ item }}"
|
||||||
@@ -0,0 +1,442 @@
|
|||||||
|
AWSTemplateFormatVersion: '2010-09-09'
|
||||||
|
Description: 'JFrog Artifactory Quick Start Deployment (qs-1qpmmjh61)'
|
||||||
|
Metadata:
|
||||||
|
cfn-lint:
|
||||||
|
config:
|
||||||
|
ignore_checks:
|
||||||
|
- W9006
|
||||||
|
- W9002
|
||||||
|
- W9003
|
||||||
|
- W9004
|
||||||
|
Parameters:
|
||||||
|
# AvailabilityZones:
|
||||||
|
# Description: List of Availability Zones to use for the subnets in the VPC. Two
|
||||||
|
# Availability Zones are used for this deployment.
|
||||||
|
# Type: List<AWS::EC2::AvailabilityZone::Name>
|
||||||
|
VpcId:
|
||||||
|
Type: AWS::EC2::VPC::Id
|
||||||
|
VpcCidr:
|
||||||
|
Description: CIDR block for the VPC
|
||||||
|
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
|
||||||
|
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
|
||||||
|
Default: 10.0.0.0/16
|
||||||
|
Type: String
|
||||||
|
PrivateSubnet1Cidr:
|
||||||
|
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
|
||||||
|
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
|
||||||
|
Default: 10.0.0.0/19
|
||||||
|
Type: String
|
||||||
|
PrivateSubnet2Cidr:
|
||||||
|
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
|
||||||
|
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
|
||||||
|
Default: 10.0.32.0/19
|
||||||
|
Type: String
|
||||||
|
PrivateSubnet3Cidr:
|
||||||
|
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
|
||||||
|
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
|
||||||
|
Default: 10.0.64.0/19
|
||||||
|
Type: String
|
||||||
|
SubnetIds:
|
||||||
|
Type: List<AWS::EC2::Subnet::Id>
|
||||||
|
DatabaseAllocatedStorage:
|
||||||
|
Type: Number
|
||||||
|
DatabasePreferredAz:
|
||||||
|
Type: String
|
||||||
|
MultiAzDatabase:
|
||||||
|
Description: Choose false to create an Amazon RDS instance in a single Availability Zone.
|
||||||
|
ConstraintDescription: True or False
|
||||||
|
AllowedValues:
|
||||||
|
- "true"
|
||||||
|
- "false"
|
||||||
|
Type: String
|
||||||
|
DatabaseUser:
|
||||||
|
Type: String
|
||||||
|
DatabasePassword:
|
||||||
|
NoEcho: 'true'
|
||||||
|
Type: String
|
||||||
|
DatabaseInstance:
|
||||||
|
Type: String
|
||||||
|
DatabaseName:
|
||||||
|
Type: String
|
||||||
|
InstanceType:
|
||||||
|
Default: m5.xlarge
|
||||||
|
Type: String
|
||||||
|
ArtifactoryHostRole:
|
||||||
|
Type: String
|
||||||
|
# VolumeSize:
|
||||||
|
# Type: Number
|
||||||
|
EfsSecurityGroup:
|
||||||
|
Type: String
|
||||||
|
|
||||||
|
Mappings:
|
||||||
|
DatabaseMap:
|
||||||
|
Postgres:
|
||||||
|
Name: postgresql
|
||||||
|
DatabaseVersion: 11.5
|
||||||
|
Driver: "org.postgresql.Driver"
|
||||||
|
Plugin: postgresql-42.2.9.jar
|
||||||
|
PluginURL: https://jdbc.postgresql.org/download/
|
||||||
|
port: "5432"
|
||||||
|
extraDatabaseOps: ""
|
||||||
|
JavaOptionstoInstance:
|
||||||
|
c5.2xlarge:
|
||||||
|
Min: 8
|
||||||
|
Max: 12
|
||||||
|
DeploymentSize: Small
|
||||||
|
c5.4xlarge:
|
||||||
|
Min: 16
|
||||||
|
Max: 24
|
||||||
|
DeploymentSize: Large
|
||||||
|
m5.large:
|
||||||
|
Min: 4
|
||||||
|
Max: 4
|
||||||
|
DeploymentSize: xxSmall
|
||||||
|
m5.xlarge:
|
||||||
|
Min: 8
|
||||||
|
Max: 12
|
||||||
|
DeploymentSize: xSmall
|
||||||
|
m5.2xlarge:
|
||||||
|
Min: 16
|
||||||
|
Max: 24
|
||||||
|
DeploymentSize: Small
|
||||||
|
m5.4xlarge:
|
||||||
|
Min: 32
|
||||||
|
Max: 48
|
||||||
|
DeploymentSize: Medium
|
||||||
|
m5.8xlarge:
|
||||||
|
Min: 64
|
||||||
|
Max: 96
|
||||||
|
DeploymentSize: Large
|
||||||
|
m5.12xlarge:
|
||||||
|
Min: 96
|
||||||
|
Max: 144
|
||||||
|
DeploymentSize: xLarge
|
||||||
|
m5.16xlarge:
|
||||||
|
Min: 128
|
||||||
|
Max: 192
|
||||||
|
DeploymentSize: xxLarge
|
||||||
|
m5.24xlarge:
|
||||||
|
Min: 192
|
||||||
|
Max: 288
|
||||||
|
DeploymentSize: xxxLarge
|
||||||
|
m5.metal:
|
||||||
|
Min: 192
|
||||||
|
Max: 288
|
||||||
|
DeploymentSize: xxxLarge
|
||||||
|
m5d.large:
|
||||||
|
Min: 4
|
||||||
|
Max: 4
|
||||||
|
DeploymentSize: xxSmall
|
||||||
|
m5d.xlarge:
|
||||||
|
Min: 8
|
||||||
|
Max: 12
|
||||||
|
DeploymentSize: xSmall
|
||||||
|
m5d.2xlarge:
|
||||||
|
Min: 16
|
||||||
|
Max: 24
|
||||||
|
DeploymentSize: Small
|
||||||
|
m5d.4xlarge:
|
||||||
|
Min: 32
|
||||||
|
Max: 48
|
||||||
|
DeploymentSize: Medium
|
||||||
|
m5d.8xlarge:
|
||||||
|
Min: 64
|
||||||
|
Max: 96
|
||||||
|
DeploymentSize: Large
|
||||||
|
m5d.12xlarge:
|
||||||
|
Min: 96
|
||||||
|
Max: 144
|
||||||
|
DeploymentSize: xLarge
|
||||||
|
m5d.16xlarge:
|
||||||
|
Min: 128
|
||||||
|
Max: 192
|
||||||
|
DeploymentSize: xxLarge
|
||||||
|
m5d.24xlarge:
|
||||||
|
Min: 192
|
||||||
|
Max: 288
|
||||||
|
DeploymentSize: xxxLarge
|
||||||
|
m5d.metal:
|
||||||
|
Min: 192
|
||||||
|
Max: 288
|
||||||
|
DeploymentSize: xxxLarge
|
||||||
|
m5a.large:
|
||||||
|
Min: 4
|
||||||
|
Max: 4
|
||||||
|
DeploymentSize: xxSmall
|
||||||
|
m5a.xlarge:
|
||||||
|
Min: 8
|
||||||
|
Max: 12
|
||||||
|
DeploymentSize: xSmall
|
||||||
|
m5a.2xlarge:
|
||||||
|
Min: 16
|
||||||
|
Max: 24
|
||||||
|
DeploymentSize: Small
|
||||||
|
m5a.4xlarge:
|
||||||
|
Min: 32
|
||||||
|
Max: 48
|
||||||
|
DeploymentSize: Medium
|
||||||
|
m5a.8xlarge:
|
||||||
|
Min: 64
|
||||||
|
Max: 96
|
||||||
|
DeploymentSize: Large
|
||||||
|
m5a.12xlarge:
|
||||||
|
Min: 96
|
||||||
|
Max: 144
|
||||||
|
DeploymentSize: xLarge
|
||||||
|
m5a.16xlarge:
|
||||||
|
Min: 128
|
||||||
|
Max: 192
|
||||||
|
DeploymentSize: xxLarge
|
||||||
|
m5a.24xlarge:
|
||||||
|
Min: 192
|
||||||
|
Max: 288
|
||||||
|
DeploymentSize: xxxLarge
|
||||||
|
|
||||||
|
Conditions:
|
||||||
|
IsMultiAzDatabase: !Equals [!Ref MultiAzDatabase, 'true']
|
||||||
|
|
||||||
|
Resources:
|
||||||
|
ArtifactoryDatabaseSubnetGroup:
|
||||||
|
Type: AWS::RDS::DBSubnetGroup
|
||||||
|
Properties:
|
||||||
|
DBSubnetGroupDescription: Private Subnets available to the RDS Instance(s)
|
||||||
|
SubnetIds: !Ref SubnetIds
|
||||||
|
ArtifactoryDatabase:
|
||||||
|
Type: AWS::RDS::DBInstance
|
||||||
|
Properties:
|
||||||
|
AllocatedStorage: !Ref DatabaseAllocatedStorage
|
||||||
|
AvailabilityZone: !If [IsMultiAzDatabase, !Ref AWS::NoValue, !Ref DatabasePreferredAz]
|
||||||
|
BackupRetentionPeriod: 30
|
||||||
|
DBInstanceClass: !Ref DatabaseInstance
|
||||||
|
DBName: !Ref DatabaseName
|
||||||
|
DBSubnetGroupName: !Ref ArtifactoryDatabaseSubnetGroup
|
||||||
|
Engine: "Postgres"
|
||||||
|
EngineVersion: !FindInMap
|
||||||
|
- DatabaseMap
|
||||||
|
- "Postgres"
|
||||||
|
- DatabaseVersion
|
||||||
|
MasterUsername: !Ref DatabaseUser
|
||||||
|
MasterUserPassword: !Ref DatabasePassword
|
||||||
|
MultiAZ: !Ref MultiAzDatabase
|
||||||
|
StorageEncrypted: true
|
||||||
|
VPCSecurityGroups:
|
||||||
|
- !Ref ArtifactoryDatabaseSG
|
||||||
|
ArtifactoryDatabaseSG:
|
||||||
|
Type: AWS::EC2::SecurityGroup
|
||||||
|
Properties:
|
||||||
|
Tags:
|
||||||
|
- Key: Name
|
||||||
|
Value: artifactory-rds-sg
|
||||||
|
GroupDescription: SG for RDS Instance to allow communication from the Bastion and Artifactory servers.
|
||||||
|
VpcId: !Ref VpcId
|
||||||
|
SecurityGroupIngress:
|
||||||
|
- IpProtocol: tcp
|
||||||
|
FromPort: 22
|
||||||
|
ToPort: 22
|
||||||
|
CidrIp: !Ref VpcCidr
|
||||||
|
- IpProtocol: tcp
|
||||||
|
FromPort: !FindInMap
|
||||||
|
- DatabaseMap
|
||||||
|
- "Postgres"
|
||||||
|
- port
|
||||||
|
ToPort: !FindInMap
|
||||||
|
- DatabaseMap
|
||||||
|
- "Postgres"
|
||||||
|
- port
|
||||||
|
CidrIp: !Ref PrivateSubnet1Cidr
|
||||||
|
- IpProtocol: tcp
|
||||||
|
FromPort: !FindInMap
|
||||||
|
- DatabaseMap
|
||||||
|
- "Postgres"
|
||||||
|
- port
|
||||||
|
ToPort: !FindInMap
|
||||||
|
- DatabaseMap
|
||||||
|
- "Postgres"
|
||||||
|
- port
|
||||||
|
CidrIp: !Ref PrivateSubnet2Cidr
|
||||||
|
- IpProtocol: tcp
|
||||||
|
FromPort: !FindInMap
|
||||||
|
- DatabaseMap
|
||||||
|
- "Postgres"
|
||||||
|
- port
|
||||||
|
ToPort: !FindInMap
|
||||||
|
- DatabaseMap
|
||||||
|
- "Postgres"
|
||||||
|
- port
|
||||||
|
CidrIp: !Ref PrivateSubnet3Cidr
|
||||||
|
SecurityGroupEgress:
|
||||||
|
- IpProtocol: tcp
|
||||||
|
FromPort: 22
|
||||||
|
ToPort: 22
|
||||||
|
CidrIp: 0.0.0.0/0
|
||||||
|
- IpProtocol: tcp
|
||||||
|
FromPort: 80
|
||||||
|
ToPort: 80
|
||||||
|
CidrIp: 0.0.0.0/0
|
||||||
|
- IpProtocol: tcp
|
||||||
|
FromPort: 443
|
||||||
|
ToPort: 443
|
||||||
|
CidrIp: 0.0.0.0/0
|
||||||
|
ArtifactoryS3Bucket:
|
||||||
|
Type: AWS::S3::Bucket
|
||||||
|
Properties:
|
||||||
|
AccessControl: Private
|
||||||
|
BucketEncryption:
|
||||||
|
ServerSideEncryptionConfiguration:
|
||||||
|
- ServerSideEncryptionByDefault:
|
||||||
|
SSEAlgorithm: AES256
|
||||||
|
ArtifactoryS3IAMPolicy:
|
||||||
|
Type: AWS::IAM::Policy
|
||||||
|
Metadata:
|
||||||
|
cfn-lint:
|
||||||
|
config:
|
||||||
|
ignore_checks:
|
||||||
|
- EIAMPolicyActionWildcard
|
||||||
|
ignore_reasons:
|
||||||
|
- EIAMPolicyWildcardResource: excluding for s3:Get*, s3:Put*, s3:List*
|
||||||
|
Properties:
|
||||||
|
PolicyName: S3BucketPermissions
|
||||||
|
PolicyDocument:
|
||||||
|
Version: 2012-10-17
|
||||||
|
Statement:
|
||||||
|
- Sid: S3BucketPermissions
|
||||||
|
Effect: Allow
|
||||||
|
Action:
|
||||||
|
- s3:AbortMultipartUpload
|
||||||
|
- s3:BypassGovernanceRetention
|
||||||
|
- s3:CreateAccessPoint
|
||||||
|
- s3:CreateAccessPointForObjectLambda
|
||||||
|
- s3:CreateBucket
|
||||||
|
- s3:CreateJob
|
||||||
|
- s3:DeleteAccessPoint
|
||||||
|
- s3:DeleteAccessPointForObjectLambda
|
||||||
|
- s3:DeleteAccessPointPolicy
|
||||||
|
- s3:DeleteAccessPointPolicyForObjectLambda
|
||||||
|
- s3:DeleteBucket
|
||||||
|
- s3:DeleteBucketOwnershipControls
|
||||||
|
- s3:DeleteBucketPolicy
|
||||||
|
- s3:DeleteBucketWebsite
|
||||||
|
- s3:DeleteJobTagging
|
||||||
|
- s3:DeleteObject
|
||||||
|
- s3:DeleteObjectTagging
|
||||||
|
- s3:DeleteObjectVersion
|
||||||
|
- s3:DeleteObjectVersionTagging
|
||||||
|
- s3:DeleteStorageLensConfiguration
|
||||||
|
- s3:DeleteStorageLensConfigurationTagging
|
||||||
|
- s3:DescribeJob
|
||||||
|
- s3:Get*
|
||||||
|
- s3:List*
|
||||||
|
- s3:ObjectOwnerOverrideToBucketOwner
|
||||||
|
- s3:Put*
|
||||||
|
- s3:ReplicateDelete
|
||||||
|
- s3:ReplicateObject
|
||||||
|
- s3:ReplicateTags
|
||||||
|
- s3:RestoreObject
|
||||||
|
- s3:UpdateJobPriority
|
||||||
|
- s3:UpdateJobStatus
|
||||||
|
Resource:
|
||||||
|
- Fn::Join:
|
||||||
|
- ''
|
||||||
|
- - !Sub "arn:${AWS::Partition}:s3:::"
|
||||||
|
- !Ref ArtifactoryS3Bucket
|
||||||
|
- Fn::Join:
|
||||||
|
- ''
|
||||||
|
- - !Sub "arn:${AWS::Partition}:s3:::"
|
||||||
|
- !Ref ArtifactoryS3Bucket
|
||||||
|
- "/*"
|
||||||
|
Roles:
|
||||||
|
- !Ref ArtifactoryHostRole
|
||||||
|
# ArtifactoryEbsVolume:
|
||||||
|
# Type: AWS::EC2::Volume
|
||||||
|
# Properties:
|
||||||
|
# AvailabilityZone:
|
||||||
|
# !If
|
||||||
|
# - IsMultiAzDatabase
|
||||||
|
# - !Select
|
||||||
|
# - '0'
|
||||||
|
# - !Ref AvailabilityZones
|
||||||
|
# - !Ref DatabasePreferredAz
|
||||||
|
# Encrypted: false
|
||||||
|
# Size: !Ref VolumeSize
|
||||||
|
# Tags:
|
||||||
|
# - Key: Name
|
||||||
|
# Value: !Sub "Artifactory-${AWS::StackName}"
|
||||||
|
# VolumeType: gp2
|
||||||
|
# DeletionPolicy: Snapshot
|
||||||
|
# UpdateReplacePolicy: Snapshot
|
||||||
|
ArtifactoryEfsFileSystem:
|
||||||
|
Type: AWS::EFS::FileSystem
|
||||||
|
Properties:
|
||||||
|
BackupPolicy:
|
||||||
|
Status: DISABLED
|
||||||
|
Encrypted: true
|
||||||
|
FileSystemTags:
|
||||||
|
- Key: Name
|
||||||
|
Value: !Sub "Artifactory-${AWS::StackName}"
|
||||||
|
PerformanceMode: generalPurpose
|
||||||
|
ThroughputMode: bursting
|
||||||
|
ArtifactoryEfsMountTarget1:
|
||||||
|
Type: AWS::EFS::MountTarget
|
||||||
|
Properties:
|
||||||
|
FileSystemId: !Ref ArtifactoryEfsFileSystem
|
||||||
|
SecurityGroups:
|
||||||
|
- !Ref EfsSecurityGroup
|
||||||
|
SubnetId: !Select ['0', !Ref SubnetIds]
|
||||||
|
ArtifactoryEfsMountTarget2:
|
||||||
|
Type: AWS::EFS::MountTarget
|
||||||
|
Properties:
|
||||||
|
FileSystemId: !Ref ArtifactoryEfsFileSystem
|
||||||
|
SecurityGroups:
|
||||||
|
- !Ref EfsSecurityGroup
|
||||||
|
SubnetId: !Select ['1', !Ref SubnetIds]
|
||||||
|
Outputs:
|
||||||
|
S3Bucket:
|
||||||
|
Value: !Ref ArtifactoryS3Bucket
|
||||||
|
Description: Actual S3 bucket created for Artifactory
|
||||||
|
DatabaseDriver:
|
||||||
|
Value: !FindInMap [DatabaseMap, "Postgres", Driver]
|
||||||
|
DatabasePlugin:
|
||||||
|
Value: !FindInMap [DatabaseMap, "Postgres", Plugin]
|
||||||
|
DatabasePluginUrl:
|
||||||
|
Value: !Sub
|
||||||
|
- "${MainURL}${PluginVersion}"
|
||||||
|
- {
|
||||||
|
MainURL: !FindInMap [DatabaseMap, "Postgres", PluginURL],
|
||||||
|
PluginVersion: !FindInMap [DatabaseMap, "Postgres", Plugin]
|
||||||
|
}
|
||||||
|
DatabaseType:
|
||||||
|
Value: !FindInMap [DatabaseMap, "Postgres", Name]
|
||||||
|
DatabaseUrl:
|
||||||
|
Value: !Sub
|
||||||
|
- "jdbc:${DatabaseType}://${ArtifactoryDatabaseEndpointAddress}:${port}/${DatabaseName}${extraDatabaseOps}"
|
||||||
|
- {
|
||||||
|
DatabaseType: !FindInMap [DatabaseMap, "Postgres", Name],
|
||||||
|
ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address,
|
||||||
|
port: !FindInMap [DatabaseMap, "Postgres", port],
|
||||||
|
extraDatabaseOps: !FindInMap [DatabaseMap, "Postgres", extraDatabaseOps],
|
||||||
|
}
|
||||||
|
XrayMasterDatabaseUrl:
|
||||||
|
Value: !Sub
|
||||||
|
- "${ArtifactoryDatabaseEndpointAddress}:${port}/${DatabaseName}?sslmode=disable"
|
||||||
|
- {
|
||||||
|
ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address,
|
||||||
|
port: !FindInMap [DatabaseMap, "Postgres", port],
|
||||||
|
}
|
||||||
|
XrayDatabaseUrl:
|
||||||
|
Value: !Sub
|
||||||
|
- "${ArtifactoryDatabaseEndpointAddress}:${port}/xraydb?sslmode=disable"
|
||||||
|
- {
|
||||||
|
ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address,
|
||||||
|
port: !FindInMap [DatabaseMap, "Postgres", port],
|
||||||
|
}
|
||||||
|
JavaOpts:
|
||||||
|
Value: !Sub
|
||||||
|
- "-Xms${min}g -Xmx${max}g"
|
||||||
|
- {
|
||||||
|
min: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, Min],
|
||||||
|
max: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, Max]
|
||||||
|
}
|
||||||
|
DeploymentSize:
|
||||||
|
Value: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, DeploymentSize]
|
||||||
|
ArtifactoryEfsFileSystem:
|
||||||
|
Value: !Ref ArtifactoryEfsFileSystem
|
||||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user