mirror of
https://github.com/ZwareBear/JFrog-Cloud-Installers.git
synced 2026-01-21 11:06:56 -06:00
179 lines
7.4 KiB
Bash
179 lines
7.4 KiB
Bash
#!/bin/bash
|
|
DB_URL=$(cat /var/lib/cloud/instance/user-data.txt | grep "^JDBC_STR" | sed "s/JDBC_STR=//")
|
|
DB_NAME=$(cat /var/lib/cloud/instance/user-data.txt | grep "^DB_NAME=" | sed "s/DB_NAME=//")
|
|
DB_USER=$(cat /var/lib/cloud/instance/user-data.txt | grep "^DB_ADMIN_USER=" | sed "s/DB_ADMIN_USER=//")
|
|
DB_PASSWORD=$(cat /var/lib/cloud/instance/user-data.txt | grep "^DB_ADMIN_PASSWD=" | sed "s/DB_ADMIN_PASSWD=//")
|
|
STORAGE_ACCT=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_ACT_NAME=" | sed "s/STO_ACT_NAME=//")
|
|
STORAGE_ACT_ENDPOINT=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_ACT_ENDPOINT=" | sed "s/STO_ACT_ENDPOINT=//")
|
|
STORAGE_CONTAINER=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_CTR_NAME=" | sed "s/STO_CTR_NAME=//")
|
|
STORAGE_ACCT_KEY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^STO_ACT_KEY=" | sed "s/STO_ACT_KEY=//")
|
|
MASTER_KEY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^MASTER_KEY=" | sed "s/MASTER_KEY=//")
|
|
IS_PRIMARY=$(cat /var/lib/cloud/instance/user-data.txt | grep "^IS_PRIMARY=" | sed "s/IS_PRIMARY=//")
|
|
|
|
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
|
|
#Generate Self-Signed Cert
|
|
mkdir -p /etc/pki/tls/private/ /etc/pki/tls/certs/
|
|
openssl req -nodes -x509 -newkey rsa:4096 -keyout /etc/pki/tls/private/example.key -out /etc/pki/tls/certs/example.pem -days 356 -subj "/C=US/ST=California/L=SantaClara/O=IT/CN=*.localhost"
|
|
|
|
CERTIFICATE_DOMAIN=$(cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE_DOMAIN=" | sed "s/CERTIFICATE_DOMAIN=//")
|
|
[ -z "$CERTIFICATE_DOMAIN" ] && CERTIFICATE_DOMAIN=artifactory
|
|
|
|
ARTIFACTORY_SERVER_NAME=$(cat /var/lib/cloud/instance/user-data.txt | grep "^ARTIFACTORY_SERVER_NAME=" | sed "s/ARTIFACTORY_SERVER_NAME=//")
|
|
[ -z "$ARTIFACTORY_SERVER_NAME" ] && ARTIFACTORY_SERVER_NAME=artifactory
|
|
|
|
#Configuring nginx
|
|
rm /etc/nginx/sites-enabled/default
|
|
|
|
cat <<EOF >/etc/nginx/nginx.conf
|
|
#user nobody;
|
|
worker_processes 1;
|
|
error_log /var/log/nginx/error.log info;
|
|
#pid logs/nginx.pid;
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
http {
|
|
include mime.types;
|
|
variables_hash_max_size 1024;
|
|
variables_hash_bucket_size 64;
|
|
server_names_hash_max_size 4096;
|
|
server_names_hash_bucket_size 128;
|
|
types_hash_max_size 2048;
|
|
types_hash_bucket_size 64;
|
|
proxy_read_timeout 2400s;
|
|
client_header_timeout 2400s;
|
|
client_body_timeout 2400s;
|
|
proxy_connect_timeout 75s;
|
|
proxy_send_timeout 2400s;
|
|
proxy_buffer_size 32k;
|
|
proxy_buffers 40 32k;
|
|
proxy_busy_buffers_size 64k;
|
|
proxy_temp_file_write_size 250m;
|
|
proxy_http_version 1.1;
|
|
client_body_buffer_size 128k;
|
|
|
|
include /etc/nginx/conf.d/*.conf;
|
|
default_type application/octet-stream;
|
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
access_log /var/log/nginx/access.log main;
|
|
sendfile on;
|
|
#tcp_nopush on;
|
|
#keepalive_timeout 0;
|
|
keepalive_timeout 65;
|
|
}
|
|
EOF
|
|
|
|
cat <<EOF >/etc/nginx/conf.d/artifactory.conf
|
|
ssl_certificate /etc/pki/tls/certs/cert.pem;
|
|
ssl_certificate_key /etc/pki/tls/private/cert.key;
|
|
ssl_session_cache shared:SSL:1m;
|
|
ssl_prefer_server_ciphers on;
|
|
## server configuration
|
|
server {
|
|
listen 443 ssl;
|
|
listen 80 ;
|
|
server_name ~(?<repo>.+)\\.${CERTIFICATE_DOMAIN} artifactory ${ARTIFACTORY_SERVER_NAME}.${CERTIFICATE_DOMAIN};
|
|
if (\$http_x_forwarded_proto = '') {
|
|
set \$http_x_forwarded_proto \$scheme;
|
|
}
|
|
## Application specific logs
|
|
## access_log /var/log/nginx/artifactory-access.log timing;
|
|
## error_log /var/log/nginx/artifactory-error.log;
|
|
rewrite ^/$ /artifactory/webapp/ redirect;
|
|
rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect;
|
|
chunked_transfer_encoding on;
|
|
client_max_body_size 0;
|
|
location /artifactory/ {
|
|
proxy_read_timeout 2400;
|
|
proxy_pass_header Server;
|
|
proxy_cookie_path ~*^/.* /;
|
|
proxy_pass http://127.0.0.1:8081/artifactory/;
|
|
proxy_set_header X-Artifactory-Override-Base-Url
|
|
\$http_x_forwarded_proto://\$host:\$server_port/artifactory;
|
|
proxy_set_header X-Forwarded-Port \$server_port;
|
|
proxy_set_header X-Forwarded-Proto \$http_x_forwarded_proto;
|
|
proxy_set_header Host \$http_host;
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
}
|
|
location / {
|
|
proxy_read_timeout 2400;
|
|
proxy_pass_header Server;
|
|
proxy_cookie_path ~*^/.* /;
|
|
proxy_pass http://127.0.0.1:8082;
|
|
proxy_set_header X-Artifactory-Override-Base-Url \$http_x_forwarded_proto://\$host:\$server_port/artifactory;
|
|
proxy_set_header X-Forwarded-Port \$server_port;
|
|
proxy_set_header X-Forwarded-Proto \$http_x_forwarded_proto;
|
|
proxy_set_header Host \$http_host;
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
}
|
|
|
|
}
|
|
EOF
|
|
|
|
HOSTNAME=$(ip route get 8.8.8.8 | awk '{print $NF; exit}')
|
|
|
|
if [ "${IS_PRIMARY}" = "true" ]; then
|
|
NODE_NAME=art-primary
|
|
else
|
|
NODE_NAME=art-$(date +%s$RANDOM)
|
|
fi
|
|
|
|
# Java options
|
|
EXTRA_JAVA_OPTS=$(cat /var/lib/cloud/instance/user-data.txt | grep "^EXTRA_JAVA_OPTS=" | sed "s/EXTRA_JAVA_OPTS=//")
|
|
sed -i -e "s/#extraJavaOpts: \"-Xms512m -Xmx2g\"/extraJavaOpts: ${EXTRA_JAVA_OPTS}/" /var/opt/jfrog/artifactory/etc/system.yaml
|
|
|
|
# Set MS SQL configuration
|
|
cat <<EOF >>/var/opt/jfrog/artifactory/etc/system.yaml
|
|
## One of: mysql, oracle, mssql, postgresql, mariadb
|
|
## Default: Embedded derby
|
|
## Example for mysql
|
|
type: mssql
|
|
driver: com.microsoft.sqlserver.jdbc.SQLServerDriver
|
|
url: ${DB_URL};databaseName=${DB_NAME};sendStringParametersAsUnicode=false;applicationName=Artifactory Binary Repository
|
|
username: ${DB_USER}
|
|
password: ${DB_PASSWORD}
|
|
|
|
EOF
|
|
|
|
mkdir -p /var/opt/jfrog/artifactory/etc/security
|
|
|
|
cat <<EOF >/opt/jfrog/artifactory/var/etc/security/master.key
|
|
${MASTER_KEY}
|
|
EOF
|
|
|
|
# NOTE: Path is changed in Artifactory 7. Non-HA configuration
|
|
mkdir -p /var/opt/jfrog/artifactory/etc/artifactory
|
|
cat <<EOF >/var/opt/jfrog/artifactory/etc/artifactory/binarystore.xml
|
|
<config version="1">
|
|
<chain template="azure-blob-storage"/>
|
|
<provider id="azure-blob-storage" type="azure-blob-storage">
|
|
<accountName>${STORAGE_ACCT}</accountName>
|
|
<accountKey>${STORAGE_ACCT_KEY}</accountKey>
|
|
<endpoint>https://${STORAGE_ACCT}.blob.core.windows.net/</endpoint>
|
|
<containerName>${STORAGE_CONTAINER}</containerName>
|
|
</provider>
|
|
</config>
|
|
EOF
|
|
|
|
cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE=" | sed "s/CERTIFICATE=//" > /tmp/temp.pem
|
|
cat /tmp/temp.pem | sed 's/CERTIFICATE----- /&\n/g' | sed 's/ -----END/\n-----END/g' | awk '{if($0 ~ /----/) {print;} else { gsub(/ /,"\n");print;}}' > /etc/pki/tls/certs/cert.pem
|
|
rm /tmp/temp.pem
|
|
|
|
cat /var/lib/cloud/instance/user-data.txt | grep "^CERTIFICATE_KEY=" | sed "s/CERTIFICATE_KEY=//" > /tmp/temp.key
|
|
cat /tmp/temp.key | sed 's/KEY----- /&\n/' | sed 's/ -----END/\n-----END/' | awk '{if($0 ~ /----/) {print;} else { gsub(/ /,"\n");print;}}' > /etc/pki/tls/private/cert.key
|
|
rm /tmp/temp.key
|
|
|
|
chown artifactory:artifactory -R /var/opt/jfrog/artifactory/* && chown artifactory:artifactory -R /var/opt/jfrog/artifactory/etc/security && chown artifactory:artifactory -R /var/opt/jfrog/artifactory/etc/*
|
|
|
|
# start Artifactory
|
|
sleep $((RANDOM % 240))
|
|
service artifactory start
|
|
service nginx start
|
|
nginx -s reload
|
|
echo "INFO: Artifactory installation completed." >> /tmp/artifactory-install.log
|