mirror of
https://github.com/ZwareBear/JFrog-Cloud-Installers.git
synced 2026-01-21 00:06:55 -06:00
upgraded to artifactory 7.21.5 and xray 3.27.2
This commit is contained in:
Vinay Aggarwal
@@ -1,44 +0,0 @@
|
||||
- name: setup directory symlink for using custom data directory/volume
|
||||
block:
|
||||
- name: Create a xfs filesystem on /dev/nvme1n1
|
||||
# First non-root device is always mapped to /dev/nvme1n1
|
||||
# See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html
|
||||
community.general.filesystem:
|
||||
dev: /dev/nvme1n1
|
||||
fstype: xfs
|
||||
|
||||
- name: ensure external data directory exists
|
||||
file:
|
||||
path: "{{ custom_data_directory }}"
|
||||
state: directory
|
||||
|
||||
- name: Mount the EBS volume
|
||||
ansible.posix.mount:
|
||||
path: "{{ custom_data_directory }}"
|
||||
src: /dev/nvme1n1
|
||||
state: mounted
|
||||
fstype: xfs
|
||||
|
||||
- name: set custom data directory permission
|
||||
file:
|
||||
path: "{{ custom_data_directory }}"
|
||||
state: directory
|
||||
recurse: yes
|
||||
owner: "{{ artifactory_user }}"
|
||||
group: "{{ artifactory_group }}"
|
||||
mode: "u=rwX,g=rwX,o=rwX"
|
||||
|
||||
- name: remove var directory if exists
|
||||
file:
|
||||
path: "{{ artifactory_home }}/var"
|
||||
state: absent
|
||||
|
||||
- name: symlink custom data directory to var
|
||||
file:
|
||||
src: "{{ custom_data_directory }}"
|
||||
path: "{{ artifactory_home }}/var"
|
||||
state: link
|
||||
owner: "{{ artifactory_user }}"
|
||||
group: "{{ artifactory_group }}"
|
||||
become: yes
|
||||
when: use_custom_data_directory and custom_data_directory is defined
|
||||
@@ -1,44 +0,0 @@
|
||||
- name: setup directory symlink for using custom data directory/volume
|
||||
block:
|
||||
- name: Create a xfs filesystem on /dev/nvme1n1
|
||||
# First non-root device is always mapped to /dev/nvme1n1
|
||||
# See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html
|
||||
community.general.filesystem:
|
||||
dev: /dev/nvme1n1
|
||||
fstype: xfs
|
||||
|
||||
- name: ensure external data directory exists
|
||||
file:
|
||||
path: "{{ custom_data_directory }}"
|
||||
state: directory
|
||||
|
||||
- name: Mount the EBS volume
|
||||
ansible.posix.mount:
|
||||
path: "{{ custom_data_directory }}"
|
||||
src: /dev/nvme1n1
|
||||
state: mounted
|
||||
fstype: xfs
|
||||
|
||||
- name: set custom data directory permission
|
||||
file:
|
||||
path: "{{ custom_data_directory }}"
|
||||
state: directory
|
||||
recurse: yes
|
||||
owner: "{{ xray_user }}"
|
||||
group: "{{ xray_group }}"
|
||||
mode: "u=rwX,g=rwX,o=rwX"
|
||||
|
||||
- name: remove var directory if exists
|
||||
file:
|
||||
path: "{{ xray_home }}/var"
|
||||
state: absent
|
||||
|
||||
- name: symlink custom data directory to var
|
||||
file:
|
||||
src: "{{ custom_data_directory }}"
|
||||
path: "{{ xray_home }}/var"
|
||||
state: link
|
||||
owner: "{{ xray_user }}"
|
||||
group: "{{ xray_group }}"
|
||||
become: yes
|
||||
when: use_custom_data_directory and custom_data_directory is defined
|
||||
@@ -0,0 +1,51 @@
|
||||
---
|
||||
# defaults file for artifactory
|
||||
# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone)
|
||||
ansible_marketplace: standalone
|
||||
|
||||
# whether we are creating a AMI for Marketplace or just for configuring EC2 instance
|
||||
ami_creation: false
|
||||
|
||||
# The version of Artifactory to install
|
||||
artifactory_version: 7.15.3
|
||||
|
||||
# licenses file - specify a licenses file or specify up to 5 licenses
|
||||
artifactory_license1:
|
||||
artifactory_license2:
|
||||
artifactory_license3:
|
||||
artifactory_license4:
|
||||
artifactory_license5:
|
||||
artifactory_license6:
|
||||
|
||||
# whether to enable HA
|
||||
artifactory_ha_enabled: true
|
||||
|
||||
# value for whether a host is primary. this should be set in host vars
|
||||
artifactory_is_primary: true
|
||||
|
||||
# The location where Artifactory should install.
|
||||
artifactory_download_directory: /opt/jfrog
|
||||
|
||||
# The location where Artifactory should store data.
|
||||
artifactory_file_store_dir: /data
|
||||
|
||||
extra_java_opts: -server -Xms2g -Xmx14g -Xss256k -XX:+UseG1GC
|
||||
|
||||
artifactory_tar: https://releases.jfrog.io/artifactory/artifactory-pro/org/artifactory/pro/jfrog-artifactory-pro/{{ artifactory_version }}/jfrog-artifactory-pro-{{ artifactory_version }}-linux.tar.gz
|
||||
|
||||
artifactory_home: "{{ artifactory_download_directory }}/artifactory-pro-{{ artifactory_version }}"
|
||||
db_download_url: "https://jdbc.postgresql.org/download/postgresql-42.2.12.jar"
|
||||
|
||||
artifactory_user: artifactory
|
||||
artifactory_group: artifactory
|
||||
|
||||
# Set the parameters required for the service.
|
||||
service_list:
|
||||
- name: artifactory
|
||||
description: Start script for Artifactory
|
||||
start_command: "{{ artifactory_home }}/bin/artifactory.sh start"
|
||||
stop_command: "{{ artifactory_home }}/bin/artifactory.sh stop"
|
||||
type: forking
|
||||
status_pattern: artifactory
|
||||
user_name: "{{ artifactory_user }}"
|
||||
group_name: "{{ artifactory_group }}"
|
||||
@@ -51,7 +51,7 @@
|
||||
owner: "{{ artifactory_user }}"
|
||||
group: "{{ artifactory_group }}"
|
||||
loop:
|
||||
- "bootstrap"
|
||||
- "bootstrap/artifactory/tomcat/lib"
|
||||
- "etc"
|
||||
become: yes
|
||||
|
||||
@@ -20,7 +20,8 @@ shared:
|
||||
id: {{ ansible_machine_id }}
|
||||
|
||||
## Sets this node as primary in HA installation
|
||||
primary: {{ artifactory_is_primary }}
|
||||
# primary: {{ artifactory_is_primary }}
|
||||
Affinity: "any"
|
||||
|
||||
## Sets this node as part of HA installation
|
||||
haEnabled: {{ artifactory_ha_enabled }}
|
||||
@@ -4,7 +4,7 @@
|
||||
ansible_marketplace: standalone
|
||||
|
||||
# The version of Artifactory to install
|
||||
artifactory_version: 7.15.3
|
||||
artifactory_version: 7.19.4
|
||||
|
||||
# licenses - cluster license content in json
|
||||
artifactory_licenses:
|
||||
@@ -21,19 +21,10 @@ artifactory_download_directory: /opt/jfrog
|
||||
# The location where Artifactory should store data.
|
||||
artifactory_file_store_dir: /data
|
||||
|
||||
# whether to customer data directory
|
||||
use_custom_data_directory: false
|
||||
|
||||
# location for customer directory. Will be symlink to as artifactory/var
|
||||
custom_data_directory: /artifactory-user-data
|
||||
|
||||
# Pick the Artifactory flavour to install, can be also cpp-ce, jcr, pro.
|
||||
artifactory_flavour: pro
|
||||
|
||||
extra_java_opts: -server -Xms2g -Xmx14g -Xss256k -XX:+UseG1GC
|
||||
|
||||
artifactory_tar: https://releases.jfrog.io/artifactory/artifactory-pro/org/artifactory/{{ artifactory_flavour }}/jfrog-artifactory-{{ artifactory_flavour }}/{{ artifactory_version }}/jfrog-artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}-linux.tar.gz
|
||||
artifactory_home: "{{ artifactory_download_directory }}/artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}"
|
||||
artifactory_tar: https://releases.jfrog.io/artifactory/artifactory-pro/org/artifactory/pro/jfrog-artifactory-pro/{{ artifactory_version }}/jfrog-artifactory-pro-{{ artifactory_version }}-linux.tar.gz
|
||||
artifactory_home: "{{ artifactory_download_directory }}/artifactory-pro-{{ artifactory_version }}"
|
||||
|
||||
artifactory_user: artifactory
|
||||
artifactory_group: artifactory
|
||||
@@ -31,10 +31,6 @@
|
||||
group: "{{ artifactory_group }}"
|
||||
become: yes
|
||||
|
||||
- name: setup directory symlink for using custom data directory/volume
|
||||
include_tasks: custom-data-directory.yml
|
||||
when: use_custom_data_directory and custom_data_directory is defined
|
||||
|
||||
- name: ensure data subdirectories exist and have correct ownership
|
||||
file:
|
||||
path: "{{ artifactory_home }}/var/{{ item }}"
|
||||
@@ -112,21 +108,44 @@
|
||||
shell: "{{ artifactory_home }}/app/bin/installService.sh"
|
||||
become: yes
|
||||
|
||||
- name: Delete plugin folder
|
||||
file:
|
||||
state: absent
|
||||
path: "{{ artifactory_home }}/var/etc/artifactory/plugins"
|
||||
|
||||
- name: symlink plugin folder to EFS
|
||||
file:
|
||||
src: "/efsmount/plugins"
|
||||
path: "{{ artifactory_home }}/var/etc/artifactory/plugins"
|
||||
state: link
|
||||
owner: "{{ artifactory_user }}"
|
||||
group: "{{ artifactory_group }}"
|
||||
|
||||
- name: ensure data subdirectories exist and have correct ownership
|
||||
file:
|
||||
path: "{{ artifactory_home }}/var/{{ item }}"
|
||||
state: directory
|
||||
owner: "{{ artifactory_user }}"
|
||||
group: "{{ artifactory_group }}"
|
||||
loop:
|
||||
- "etc/artifactory/plugins"
|
||||
become: yes
|
||||
|
||||
- name: start and enable the primary node
|
||||
service:
|
||||
name: artifactory
|
||||
state: restarted
|
||||
become: yes
|
||||
when: artifactory_is_primary == true
|
||||
# when: artifactory_is_primary == true
|
||||
|
||||
- name: random wait before restarting to prevent secondary nodes from hitting DB first
|
||||
pause:
|
||||
seconds: "{{ 120 | random + 10}}"
|
||||
when: artifactory_is_primary == false
|
||||
# - name: random wait before restarting to prevent secondary nodes from hitting DB first
|
||||
# pause:
|
||||
# seconds: "{{ 120 | random + 10}}"
|
||||
# when: artifactory_is_primary == false
|
||||
|
||||
- name: start and enable the secondary nodes
|
||||
service:
|
||||
name: artifactory
|
||||
state: restarted
|
||||
become: yes
|
||||
when: artifactory_is_primary == false
|
||||
# - name: start and enable the secondary nodes
|
||||
# service:
|
||||
# name: artifactory
|
||||
# state: restarted
|
||||
# become: yes
|
||||
# when: artifactory_is_primary == false
|
||||
@@ -22,7 +22,8 @@ shared:
|
||||
id: {{ ansible_machine_id }}
|
||||
|
||||
## Sets this node as primary in HA installation
|
||||
primary: {{ artifactory_is_primary }}
|
||||
# primary: {{ artifactory_is_primary }}
|
||||
Affinity: "any"
|
||||
|
||||
## Sets this node as part of HA installation
|
||||
haEnabled: {{ artifactory_ha_enabled }}
|
||||
@@ -1,7 +1,7 @@
|
||||
---
|
||||
- name: Install db-utl
|
||||
yum:
|
||||
name: "{{ xray_home }}/app/third-party/misc/libdb-utils-5.3.21-19.el7.x86_64.rpm"
|
||||
name: "{{ xray_home }}/app/third-party/misc/libdb-utils-5.3.21-25.el7.x86_64.rpm"
|
||||
state: present
|
||||
vars:
|
||||
ansible_python_interpreter: /bin/python2
|
||||
@@ -12,12 +12,6 @@ xray_ha_enabled: true
|
||||
# The location where xray should install.
|
||||
xray_download_directory: /opt/jfrog
|
||||
|
||||
# whether to customer data directory
|
||||
use_custom_data_directory: false
|
||||
|
||||
# location for customer directory. Will be symlink to as artifactory/var
|
||||
custom_data_directory: /xray-user-data
|
||||
|
||||
# The remote xray download file
|
||||
xray_tar: https://releases.jfrog.io/artifactory/jfrog-xray/xray-linux/{{ xray_version }}/jfrog-xray-{{ xray_version }}-linux.tar.gz
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
---
|
||||
- name: Install db-utl
|
||||
yum:
|
||||
name: "{{ xray_home }}/app/third-party/misc/libdb-utils-5.3.21-19.el7.x86_64.rpm"
|
||||
name: "{{ xray_home }}/app/third-party/misc/libdb-utils-5.3.21-25.el7.x86_64.rpm"
|
||||
state: present
|
||||
vars:
|
||||
ansible_python_interpreter: /bin/python2
|
||||
@@ -24,10 +24,6 @@
|
||||
- name: perform prerequisite installation
|
||||
include_tasks: "{{ ansible_os_family }}.yml"
|
||||
|
||||
- name: setup directory symlink for using custom data directory/volume
|
||||
include_tasks: custom-data-directory.yml
|
||||
when: use_custom_data_directory and custom_data_directory is defined
|
||||
|
||||
- name: ensure data subdirectories exist and have correct ownership
|
||||
file:
|
||||
path: "{{ xray_home }}/var/{{ item }}"
|
||||
@@ -0,0 +1,442 @@
|
||||
AWSTemplateFormatVersion: '2010-09-09'
|
||||
Description: 'JFrog Artifactory Quick Start Deployment (qs-1qpmmjh61)'
|
||||
Metadata:
|
||||
cfn-lint:
|
||||
config:
|
||||
ignore_checks:
|
||||
- W9006
|
||||
- W9002
|
||||
- W9003
|
||||
- W9004
|
||||
Parameters:
|
||||
# AvailabilityZones:
|
||||
# Description: List of Availability Zones to use for the subnets in the VPC. Two
|
||||
# Availability Zones are used for this deployment.
|
||||
# Type: List<AWS::EC2::AvailabilityZone::Name>
|
||||
VpcId:
|
||||
Type: AWS::EC2::VPC::Id
|
||||
VpcCidr:
|
||||
Description: CIDR block for the VPC
|
||||
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
|
||||
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
|
||||
Default: 10.0.0.0/16
|
||||
Type: String
|
||||
PrivateSubnet1Cidr:
|
||||
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
|
||||
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
|
||||
Default: 10.0.0.0/19
|
||||
Type: String
|
||||
PrivateSubnet2Cidr:
|
||||
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
|
||||
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
|
||||
Default: 10.0.32.0/19
|
||||
Type: String
|
||||
PrivateSubnet3Cidr:
|
||||
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$
|
||||
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
|
||||
Default: 10.0.64.0/19
|
||||
Type: String
|
||||
SubnetIds:
|
||||
Type: List<AWS::EC2::Subnet::Id>
|
||||
DatabaseAllocatedStorage:
|
||||
Type: Number
|
||||
DatabasePreferredAz:
|
||||
Type: String
|
||||
MultiAzDatabase:
|
||||
Description: Choose false to create an Amazon RDS instance in a single Availability Zone.
|
||||
ConstraintDescription: True or False
|
||||
AllowedValues:
|
||||
- "true"
|
||||
- "false"
|
||||
Type: String
|
||||
DatabaseUser:
|
||||
Type: String
|
||||
DatabasePassword:
|
||||
NoEcho: 'true'
|
||||
Type: String
|
||||
DatabaseInstance:
|
||||
Type: String
|
||||
DatabaseName:
|
||||
Type: String
|
||||
InstanceType:
|
||||
Default: m5.xlarge
|
||||
Type: String
|
||||
ArtifactoryHostRole:
|
||||
Type: String
|
||||
# VolumeSize:
|
||||
# Type: Number
|
||||
EfsSecurityGroup:
|
||||
Type: String
|
||||
|
||||
Mappings:
|
||||
DatabaseMap:
|
||||
Postgres:
|
||||
Name: postgresql
|
||||
DatabaseVersion: 11.5
|
||||
Driver: "org.postgresql.Driver"
|
||||
Plugin: postgresql-42.2.9.jar
|
||||
PluginURL: https://jdbc.postgresql.org/download/
|
||||
port: "5432"
|
||||
extraDatabaseOps: ""
|
||||
JavaOptionstoInstance:
|
||||
c5.2xlarge:
|
||||
Min: 8
|
||||
Max: 12
|
||||
DeploymentSize: Small
|
||||
c5.4xlarge:
|
||||
Min: 16
|
||||
Max: 24
|
||||
DeploymentSize: Large
|
||||
m5.large:
|
||||
Min: 4
|
||||
Max: 4
|
||||
DeploymentSize: xxSmall
|
||||
m5.xlarge:
|
||||
Min: 8
|
||||
Max: 12
|
||||
DeploymentSize: xSmall
|
||||
m5.2xlarge:
|
||||
Min: 16
|
||||
Max: 24
|
||||
DeploymentSize: Small
|
||||
m5.4xlarge:
|
||||
Min: 32
|
||||
Max: 48
|
||||
DeploymentSize: Medium
|
||||
m5.8xlarge:
|
||||
Min: 64
|
||||
Max: 96
|
||||
DeploymentSize: Large
|
||||
m5.12xlarge:
|
||||
Min: 96
|
||||
Max: 144
|
||||
DeploymentSize: xLarge
|
||||
m5.16xlarge:
|
||||
Min: 128
|
||||
Max: 192
|
||||
DeploymentSize: xxLarge
|
||||
m5.24xlarge:
|
||||
Min: 192
|
||||
Max: 288
|
||||
DeploymentSize: xxxLarge
|
||||
m5.metal:
|
||||
Min: 192
|
||||
Max: 288
|
||||
DeploymentSize: xxxLarge
|
||||
m5d.large:
|
||||
Min: 4
|
||||
Max: 4
|
||||
DeploymentSize: xxSmall
|
||||
m5d.xlarge:
|
||||
Min: 8
|
||||
Max: 12
|
||||
DeploymentSize: xSmall
|
||||
m5d.2xlarge:
|
||||
Min: 16
|
||||
Max: 24
|
||||
DeploymentSize: Small
|
||||
m5d.4xlarge:
|
||||
Min: 32
|
||||
Max: 48
|
||||
DeploymentSize: Medium
|
||||
m5d.8xlarge:
|
||||
Min: 64
|
||||
Max: 96
|
||||
DeploymentSize: Large
|
||||
m5d.12xlarge:
|
||||
Min: 96
|
||||
Max: 144
|
||||
DeploymentSize: xLarge
|
||||
m5d.16xlarge:
|
||||
Min: 128
|
||||
Max: 192
|
||||
DeploymentSize: xxLarge
|
||||
m5d.24xlarge:
|
||||
Min: 192
|
||||
Max: 288
|
||||
DeploymentSize: xxxLarge
|
||||
m5d.metal:
|
||||
Min: 192
|
||||
Max: 288
|
||||
DeploymentSize: xxxLarge
|
||||
m5a.large:
|
||||
Min: 4
|
||||
Max: 4
|
||||
DeploymentSize: xxSmall
|
||||
m5a.xlarge:
|
||||
Min: 8
|
||||
Max: 12
|
||||
DeploymentSize: xSmall
|
||||
m5a.2xlarge:
|
||||
Min: 16
|
||||
Max: 24
|
||||
DeploymentSize: Small
|
||||
m5a.4xlarge:
|
||||
Min: 32
|
||||
Max: 48
|
||||
DeploymentSize: Medium
|
||||
m5a.8xlarge:
|
||||
Min: 64
|
||||
Max: 96
|
||||
DeploymentSize: Large
|
||||
m5a.12xlarge:
|
||||
Min: 96
|
||||
Max: 144
|
||||
DeploymentSize: xLarge
|
||||
m5a.16xlarge:
|
||||
Min: 128
|
||||
Max: 192
|
||||
DeploymentSize: xxLarge
|
||||
m5a.24xlarge:
|
||||
Min: 192
|
||||
Max: 288
|
||||
DeploymentSize: xxxLarge
|
||||
|
||||
Conditions:
|
||||
IsMultiAzDatabase: !Equals [!Ref MultiAzDatabase, 'true']
|
||||
|
||||
Resources:
|
||||
ArtifactoryDatabaseSubnetGroup:
|
||||
Type: AWS::RDS::DBSubnetGroup
|
||||
Properties:
|
||||
DBSubnetGroupDescription: Private Subnets available to the RDS Instance(s)
|
||||
SubnetIds: !Ref SubnetIds
|
||||
ArtifactoryDatabase:
|
||||
Type: AWS::RDS::DBInstance
|
||||
Properties:
|
||||
AllocatedStorage: !Ref DatabaseAllocatedStorage
|
||||
AvailabilityZone: !If [IsMultiAzDatabase, !Ref AWS::NoValue, !Ref DatabasePreferredAz]
|
||||
BackupRetentionPeriod: 30
|
||||
DBInstanceClass: !Ref DatabaseInstance
|
||||
DBName: !Ref DatabaseName
|
||||
DBSubnetGroupName: !Ref ArtifactoryDatabaseSubnetGroup
|
||||
Engine: "Postgres"
|
||||
EngineVersion: !FindInMap
|
||||
- DatabaseMap
|
||||
- "Postgres"
|
||||
- DatabaseVersion
|
||||
MasterUsername: !Ref DatabaseUser
|
||||
MasterUserPassword: !Ref DatabasePassword
|
||||
MultiAZ: !Ref MultiAzDatabase
|
||||
StorageEncrypted: true
|
||||
VPCSecurityGroups:
|
||||
- !Ref ArtifactoryDatabaseSG
|
||||
ArtifactoryDatabaseSG:
|
||||
Type: AWS::EC2::SecurityGroup
|
||||
Properties:
|
||||
Tags:
|
||||
- Key: Name
|
||||
Value: artifactory-rds-sg
|
||||
GroupDescription: SG for RDS Instance to allow communication from the Bastion and Artifactory servers.
|
||||
VpcId: !Ref VpcId
|
||||
SecurityGroupIngress:
|
||||
- IpProtocol: tcp
|
||||
FromPort: 22
|
||||
ToPort: 22
|
||||
CidrIp: !Ref VpcCidr
|
||||
- IpProtocol: tcp
|
||||
FromPort: !FindInMap
|
||||
- DatabaseMap
|
||||
- "Postgres"
|
||||
- port
|
||||
ToPort: !FindInMap
|
||||
- DatabaseMap
|
||||
- "Postgres"
|
||||
- port
|
||||
CidrIp: !Ref PrivateSubnet1Cidr
|
||||
- IpProtocol: tcp
|
||||
FromPort: !FindInMap
|
||||
- DatabaseMap
|
||||
- "Postgres"
|
||||
- port
|
||||
ToPort: !FindInMap
|
||||
- DatabaseMap
|
||||
- "Postgres"
|
||||
- port
|
||||
CidrIp: !Ref PrivateSubnet2Cidr
|
||||
- IpProtocol: tcp
|
||||
FromPort: !FindInMap
|
||||
- DatabaseMap
|
||||
- "Postgres"
|
||||
- port
|
||||
ToPort: !FindInMap
|
||||
- DatabaseMap
|
||||
- "Postgres"
|
||||
- port
|
||||
CidrIp: !Ref PrivateSubnet3Cidr
|
||||
SecurityGroupEgress:
|
||||
- IpProtocol: tcp
|
||||
FromPort: 22
|
||||
ToPort: 22
|
||||
CidrIp: 0.0.0.0/0
|
||||
- IpProtocol: tcp
|
||||
FromPort: 80
|
||||
ToPort: 80
|
||||
CidrIp: 0.0.0.0/0
|
||||
- IpProtocol: tcp
|
||||
FromPort: 443
|
||||
ToPort: 443
|
||||
CidrIp: 0.0.0.0/0
|
||||
ArtifactoryS3Bucket:
|
||||
Type: AWS::S3::Bucket
|
||||
Properties:
|
||||
AccessControl: Private
|
||||
BucketEncryption:
|
||||
ServerSideEncryptionConfiguration:
|
||||
- ServerSideEncryptionByDefault:
|
||||
SSEAlgorithm: AES256
|
||||
ArtifactoryS3IAMPolicy:
|
||||
Type: AWS::IAM::Policy
|
||||
Metadata:
|
||||
cfn-lint:
|
||||
config:
|
||||
ignore_checks:
|
||||
- EIAMPolicyActionWildcard
|
||||
ignore_reasons:
|
||||
- EIAMPolicyWildcardResource: excluding for s3:Get*, s3:Put*, s3:List*
|
||||
Properties:
|
||||
PolicyName: S3BucketPermissions
|
||||
PolicyDocument:
|
||||
Version: 2012-10-17
|
||||
Statement:
|
||||
- Sid: S3BucketPermissions
|
||||
Effect: Allow
|
||||
Action:
|
||||
- s3:AbortMultipartUpload
|
||||
- s3:BypassGovernanceRetention
|
||||
- s3:CreateAccessPoint
|
||||
- s3:CreateAccessPointForObjectLambda
|
||||
- s3:CreateBucket
|
||||
- s3:CreateJob
|
||||
- s3:DeleteAccessPoint
|
||||
- s3:DeleteAccessPointForObjectLambda
|
||||
- s3:DeleteAccessPointPolicy
|
||||
- s3:DeleteAccessPointPolicyForObjectLambda
|
||||
- s3:DeleteBucket
|
||||
- s3:DeleteBucketOwnershipControls
|
||||
- s3:DeleteBucketPolicy
|
||||
- s3:DeleteBucketWebsite
|
||||
- s3:DeleteJobTagging
|
||||
- s3:DeleteObject
|
||||
- s3:DeleteObjectTagging
|
||||
- s3:DeleteObjectVersion
|
||||
- s3:DeleteObjectVersionTagging
|
||||
- s3:DeleteStorageLensConfiguration
|
||||
- s3:DeleteStorageLensConfigurationTagging
|
||||
- s3:DescribeJob
|
||||
- s3:Get*
|
||||
- s3:List*
|
||||
- s3:ObjectOwnerOverrideToBucketOwner
|
||||
- s3:Put*
|
||||
- s3:ReplicateDelete
|
||||
- s3:ReplicateObject
|
||||
- s3:ReplicateTags
|
||||
- s3:RestoreObject
|
||||
- s3:UpdateJobPriority
|
||||
- s3:UpdateJobStatus
|
||||
Resource:
|
||||
- Fn::Join:
|
||||
- ''
|
||||
- - !Sub "arn:${AWS::Partition}:s3:::"
|
||||
- !Ref ArtifactoryS3Bucket
|
||||
- Fn::Join:
|
||||
- ''
|
||||
- - !Sub "arn:${AWS::Partition}:s3:::"
|
||||
- !Ref ArtifactoryS3Bucket
|
||||
- "/*"
|
||||
Roles:
|
||||
- !Ref ArtifactoryHostRole
|
||||
# ArtifactoryEbsVolume:
|
||||
# Type: AWS::EC2::Volume
|
||||
# Properties:
|
||||
# AvailabilityZone:
|
||||
# !If
|
||||
# - IsMultiAzDatabase
|
||||
# - !Select
|
||||
# - '0'
|
||||
# - !Ref AvailabilityZones
|
||||
# - !Ref DatabasePreferredAz
|
||||
# Encrypted: false
|
||||
# Size: !Ref VolumeSize
|
||||
# Tags:
|
||||
# - Key: Name
|
||||
# Value: !Sub "Artifactory-${AWS::StackName}"
|
||||
# VolumeType: gp2
|
||||
# DeletionPolicy: Snapshot
|
||||
# UpdateReplacePolicy: Snapshot
|
||||
ArtifactoryEfsFileSystem:
|
||||
Type: AWS::EFS::FileSystem
|
||||
Properties:
|
||||
BackupPolicy:
|
||||
Status: DISABLED
|
||||
Encrypted: true
|
||||
FileSystemTags:
|
||||
- Key: Name
|
||||
Value: !Sub "Artifactory-${AWS::StackName}"
|
||||
PerformanceMode: generalPurpose
|
||||
ThroughputMode: bursting
|
||||
ArtifactoryEfsMountTarget1:
|
||||
Type: AWS::EFS::MountTarget
|
||||
Properties:
|
||||
FileSystemId: !Ref ArtifactoryEfsFileSystem
|
||||
SecurityGroups:
|
||||
- !Ref EfsSecurityGroup
|
||||
SubnetId: !Select ['0', !Ref SubnetIds]
|
||||
ArtifactoryEfsMountTarget2:
|
||||
Type: AWS::EFS::MountTarget
|
||||
Properties:
|
||||
FileSystemId: !Ref ArtifactoryEfsFileSystem
|
||||
SecurityGroups:
|
||||
- !Ref EfsSecurityGroup
|
||||
SubnetId: !Select ['1', !Ref SubnetIds]
|
||||
Outputs:
|
||||
S3Bucket:
|
||||
Value: !Ref ArtifactoryS3Bucket
|
||||
Description: Actual S3 bucket created for Artifactory
|
||||
DatabaseDriver:
|
||||
Value: !FindInMap [DatabaseMap, "Postgres", Driver]
|
||||
DatabasePlugin:
|
||||
Value: !FindInMap [DatabaseMap, "Postgres", Plugin]
|
||||
DatabasePluginUrl:
|
||||
Value: !Sub
|
||||
- "${MainURL}${PluginVersion}"
|
||||
- {
|
||||
MainURL: !FindInMap [DatabaseMap, "Postgres", PluginURL],
|
||||
PluginVersion: !FindInMap [DatabaseMap, "Postgres", Plugin]
|
||||
}
|
||||
DatabaseType:
|
||||
Value: !FindInMap [DatabaseMap, "Postgres", Name]
|
||||
DatabaseUrl:
|
||||
Value: !Sub
|
||||
- "jdbc:${DatabaseType}://${ArtifactoryDatabaseEndpointAddress}:${port}/${DatabaseName}${extraDatabaseOps}"
|
||||
- {
|
||||
DatabaseType: !FindInMap [DatabaseMap, "Postgres", Name],
|
||||
ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address,
|
||||
port: !FindInMap [DatabaseMap, "Postgres", port],
|
||||
extraDatabaseOps: !FindInMap [DatabaseMap, "Postgres", extraDatabaseOps],
|
||||
}
|
||||
XrayMasterDatabaseUrl:
|
||||
Value: !Sub
|
||||
- "${ArtifactoryDatabaseEndpointAddress}:${port}/${DatabaseName}?sslmode=disable"
|
||||
- {
|
||||
ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address,
|
||||
port: !FindInMap [DatabaseMap, "Postgres", port],
|
||||
}
|
||||
XrayDatabaseUrl:
|
||||
Value: !Sub
|
||||
- "${ArtifactoryDatabaseEndpointAddress}:${port}/xraydb?sslmode=disable"
|
||||
- {
|
||||
ArtifactoryDatabaseEndpointAddress: !GetAtt ArtifactoryDatabase.Endpoint.Address,
|
||||
port: !FindInMap [DatabaseMap, "Postgres", port],
|
||||
}
|
||||
JavaOpts:
|
||||
Value: !Sub
|
||||
- "-Xms${min}g -Xmx${max}g"
|
||||
- {
|
||||
min: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, Min],
|
||||
max: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, Max]
|
||||
}
|
||||
DeploymentSize:
|
||||
Value: !FindInMap [JavaOptionstoInstance, !Ref InstanceType, DeploymentSize]
|
||||
ArtifactoryEfsFileSystem:
|
||||
Value: !Ref ArtifactoryEfsFileSystem
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user