Skip to content

Commit

Permalink
Merge branch 'jfrog:master' into feature/323
Browse files Browse the repository at this point in the history
  • Loading branch information
bbaassssiiee authored Jan 5, 2024
2 parents df55cb9 + 0419e12 commit b6db6e2
Show file tree
Hide file tree
Showing 42 changed files with 225 additions and 87 deletions.
31 changes: 31 additions & 0 deletions Ansible/ansible_collections/jfrog/platform/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,37 @@
# JFrog Platform Ansible Collection Changelog
All changes to this collection will be documented in this file.

## [10.16.5] - Jan 05, 2024
* Postgres - change to the new location of the RPM GPG key URL. [GH-362](https://github.com/jfrog/JFrog-Cloud-Installers/pull/362)
* Product Updates/fixes

## [10.16.4] - Dec 21, 2023
* Artifactory - Upgrade version when tar is already present [GH-356](https://github.com/jfrog/JFrog-Cloud-Installers/pull/356)
* Product Updates/fixes

## [10.16.3] - Dec 6, 2023
* Added How to avoid IPv6 binding in Readme [GH-349](https://github.com/jfrog/JFrog-Cloud-Installers/pull/349)
* Product Updates/fixes

## [10.16.2] - Nov 10, 2023
* Postgres - Change postgres_apt_repository_repo url for ubuntu 18
* Product Updates/fixes

## [10.16.1] - Nov 3, 2023
* Artifactory - Fix bootstrap template issue [GH-340](https://github.com/jfrog/JFrog-Cloud-Installers/pull/340)

## [10.16.0] - Oct 26, 2023
* Artifactory - Configure admin credentials [GH-335](https://github.com/jfrog/JFrog-Cloud-Installers/pull/335)
* Postgres - Assert that database username and password are defined [GH-336](https://github.com/jfrog/JFrog-Cloud-Installers/pull/336)
* Xray - Added a condition to check if socat already exists in rabbitmq
* Product Updates/fixes

## [10.15.3] - Oct 16, 2023
* Product Updates/fixes

## [10.15.2] - Sep 28, 2023
* Product Updates/fixes

## [10.15.0] - Sep 12, 2023
* Increase heap space in artifactory java opts [GH-329](https://github.com/jfrog/JFrog-Cloud-Installers/issues/329)
* Product Updates/fixes
Expand Down
75 changes: 50 additions & 25 deletions Ansible/ansible_collections/jfrog/platform/README.md
Original file line number Diff line number Diff line change
@@ -1,57 +1,57 @@
# JFrog Platform Ansible Collection

This Ansible directory consists of the following directories that support the JFrog Platform collection.

* ansible_collections directory - This directory contains the Ansible collection package that has the Ansible roles for Artifactory, Distribution, Insight and Xray. See the roles README for details on the product roles and variables.
* examples directory - This directory contains example playbooks for various architectures.


## Getting Started

## Prerequisites
From 10.11.x collection and above, Using fully qualified collection name (FQCN) , This is required for installing collection dependencies

```
```bash
ansible-galaxy collection install community.postgresql community.general ansible.posix
```

1. Install this collection from Ansible Galaxy.

```
ansible-galaxy collection install jfrog.platform
```
Ensure you reference the collection in your playbook when using these roles.
```
```yaml
---
- hosts: artifactory_servers
collections:
- jfrog.platform
- community.general
roles:
- artifactory
```
2. Ansible uses SSH to connect to hosts. Ensure that your SSH private key is on your client and the public keys are installed on your Ansible hosts.
2. Ansible uses SSH to connect to hosts. Ensure that your SSH private key is on your client and the public keys are installed on your Ansible hosts.
3. Create your inventory file. Use one of the examples from the examples directory to construct an inventory file (hosts.ini) with the host addresses
4. Create your playbook. Use one of the examples from the examples directory to construct a playbook using the JFrog Ansible roles. These roles will be applied to your inventory and provision software.
5. Then execute with the following command to provision the JFrog Platform with Ansible.
```
ansible-playbook -vv platform.yml -i hosts.ini"
```bash
ansible-playbook -vv platform.yml -i hosts.ini
```

## Generating Master and Join Keys
**Note** : If you don't provide these keys, they will be set to defaults (check groupvars/all/vars.yaml file)
For production deployments,You may want to generate your master and join keys and apply it to all the nodes.
**IMPORTANT** : Save below generated master and join keys for future upgrades

```
```bash
MASTER_KEY_VALUE=$(openssl rand -hex 32)
JOIN_KEY_VALUE=$(openssl rand -hex 32)
ansible-playbook -vv platform.yml -i hosts.ini --extra-vars "master_key=$MASTER_KEY_VALUE join_key=$JOIN_KEY_VALUE"
Expand All @@ -60,13 +60,21 @@ ansible-playbook -vv platform.yml -i hosts.ini --extra-vars "master_key=$MASTER_
## Using [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html) to Encrypt Vars
Some vars you may want to keep secret. You may put these vars into a separate file and encrypt them using [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html).

For example, you will probably change the default password for the admin user using an encrypted file.

```yaml
# Default password
artifactory_admin_password: password
```
```bash
ansible-vault encrypt secret-vars.yml --vault-password-file ~/.vault_pass.txt
```

then in your playbook include the secret vars file.

```
```yaml
- hosts: artifactory_servers
collections:
- community.general
Expand All @@ -81,7 +89,7 @@ then in your playbook include the secret vars file.
## Upgrades
All JFrog product roles support software updates. To use a role to perform a software update only, use the _<product>_upgrade_only_ variable and specify the version. See the following example.
```
```yaml
- hosts: artifactory_servers
collections:
- community.general
Expand All @@ -108,7 +116,7 @@ Create an external database as documented [here](https://www.jfrog.com/confluenc

For example, for artifactory, these below values needs to be set for using external postgresql

```
```yaml
postgres_enabled: false
artifactory_db_type: postgresql
Expand All @@ -124,21 +132,38 @@ artifactory_db_url: jdbc:postgresql://<external_db_host_ip>:5432/{{ artifactory_
1. Go to the ansible_collections/jfrog/platform directory.
2. Update the galaxy.yml meta file as needed. Update the version.
3. Build the archive. (Requires Ansible 2.9+)
```
```bash
ansible-galaxy collection build
```

## OS support
## OS support
The JFrog Platform Ansible Collection can be installed on the following operating systems:

* Ubuntu LTS versions (18.04/20.4/22.04)
* Ubuntu LTS versions (18.04/20.04/22.04)
* Centos/RHEL 7.x/8.x/9.x
* Debian 10.x/11.x
* Amazon Linux 2

## How to avoid IPv6 binding

Some distributions have two entries for localhost in `/etc/hosts`:

```
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
```

This can cause Java apps trying binding using IPv6, which fails when that's disabled. This causes some tcp ports not listening, like the Artifactory router service.

Solution: add an extra JAVA_OPTION: `-Djava.net.preferIPv4Stack=true` to this variable:

```
artifactory_extra_java_opts: '-server -Xms512m -Xmx4g -Xss256k -XX:+UseG1GC -Djava.net.preferIPv4Stack=true'
```

## Known issues
* Refer [here](https://github.com/jfrog/JFrog-Cloud-Installers/issues?q=is%3Aopen+is%3Aissue+label%3AAnsible)
* By default, ansible_python_interpreter: "/usr/bin/python3" used , For Centos/RHEL-7, Set this to "/usr/bin/python" . For example
```
```bash
ansible-playbook -vv platform.yml -i hosts.ini -e 'ansible_python_interpreter=/usr/bin/python'
```
3 changes: 2 additions & 1 deletion Ansible/ansible_collections/jfrog/platform/artifactory.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,5 @@
- 1
- 100%
roles:
- artifactory
- role: artifactory
when: artifactory_enabled | bool
3 changes: 2 additions & 1 deletion Ansible/ansible_collections/jfrog/platform/distribution.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,5 @@
collections:
- community.general
roles:
- distribution
- role: distribution
when: distribution_enabled | bool
2 changes: 1 addition & 1 deletion Ansible/ansible_collections/jfrog/platform/galaxy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ namespace: "jfrog"
name: "platform"

# The version of the collection. Must be compatible with semantic versioning
version: "10.15.0"
version: "10.16.5"

# The path to the Markdown (.md) readme file. This path is relative to the root of the collection
readme: "README.md"
Expand Down
3 changes: 2 additions & 1 deletion Ansible/ansible_collections/jfrog/platform/insight.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,5 @@
- community.general
- ansible.posix
roles:
- insight
- role: insight
when: insight_enabled | bool
5 changes: 3 additions & 2 deletions Ansible/ansible_collections/jfrog/platform/postgres.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
- name: Play for postgres_servers
hosts: postgres
hosts: postgres_servers
collections:
- community.postgresql
- community.general
roles:
- postgres
- role: postgres
when: postgres_enabled | bool
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# Defaults file for artifactory

# The version of artifactory to install
artifactory_version: 7.68.7
artifactory_version: 7.71.11

# Set this to true when SSL is enabled (to use artifactory_nginx_ssl role), default to false (implies artifactory uses artifactory_nginx role )
artifactory_nginx_ssl_enabled: false
Expand Down Expand Up @@ -64,9 +64,9 @@ artifactory_gid: 1030
# If this is an upgrade
artifactory_upgrade_only: false

# Default username and password
artifactory_admin_username: admin
artifactory_admin_password: password
# Default username and password, uncomment and change to manage with ansible
# artifactory_admin_username: admin
# artifactory_admin_password: password

artifactory_service_file: /lib/systemd/system/artifactory.service

Expand Down Expand Up @@ -112,4 +112,4 @@ artifactory_binarystore: |-
artifactory_systemyaml_override: false

# Allow artifactory user to create crontab rules
artifactory_allow_crontab: false
artifactory_allow_crontab: false
Original file line number Diff line number Diff line change
Expand Up @@ -159,6 +159,19 @@
- artifactory_licenses | length > 0
notify: Restart artifactory

- name: Set up Artifactory admin account
become: true
ansible.builtin.template:
src: bootstrap.creds.j2
dest: "{{ artifactory_home }}/var/etc/access/bootstrap.creds"
owner: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
mode: 0600
when:
- artifactory_admin_username is defined
- artifactory_admin_password is defined
notify: Restart artifactory

- name: Check if included database driver is the correct version
become: true
ansible.builtin.stat:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -56,17 +56,28 @@
path: "{{ jfrog_home_directory }}"
state: directory

- name: Check artifactory version
ansible.builtin.shell: |
set -o pipefail;
grep artifactory.product.version "{{ artifactory_home }}/app/artifactory.product.version.properties" |cut -d= -f2
register: check_version_cmd
changed_when: false

- name: Set running_version
ansible.builtin.set_fact:
running_version: "{{ check_version_cmd.stdout }}"

- name: Delete artifactory app directory
become: true
ansible.builtin.file:
path: "{{ artifactory_home }}/app"
state: absent
when: (download_artifactory.changed) or (unarchived_artifactory.changed)
when: running_version != artifactory_version

- name: Copy new app to artifactory app
become: true
ansible.builtin.command: "cp -r {{ artifactory_untar_home }}/app/. {{ artifactory_home }}/app"
when: (download_artifactory.changed) or (unarchived_artifactory.changed)
when: running_version != artifactory_version
notify: Restart artifactory

- name: Configure artifactory license(s)
Expand Down Expand Up @@ -168,4 +179,4 @@
delay: 5
when:
- not ansible_check_mode
- artifactory_start_service | bool
- artifactory_start_service | bool
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{{ artifactory_admin_username }}@*={{ artifactory_admin_password }}
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# platform collection version
platform_collection_version: 10.15.0
platform_collection_version: 10.16.5

# indicates where this collection was downloaded from (galaxy, automation_hub, standalone)
ansible_marketplace: galaxy
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# defaults file for distribution

# The version of distribution to install
distribution_version: 2.20.1
distribution_version: 2.21.3

# whether to enable HA
distribution_ha_enabled: false
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# platform collection version
platform_collection_version: 10.15.0
platform_collection_version: 10.16.5

# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone)
ansible_marketplace: galaxy
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# defaults file for insight

# The version of insight to install
insight_version: 1.15.3
insight_version: 1.16.5

# whether to enable HA
insight_ha_enabled: false
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# platform collection version
platform_collection_version: 10.15.0
platform_collection_version: 10.16.5

# indicates were this collection was downlaoded from (galaxy, automation_hub, standalone)
ansible_marketplace: galaxy
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ postgres_listen_addresses: 0.0.0.0
# Default port of Postgres server
postgres_port: 5432

# Location of GPG key used to sign the RPMs
postgres_rpmkey_url: "https://download.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-RHEL"

# Server version in package:
postgres_server_pkg_version: "{{ postgres_version | replace('.', '') }}"

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
- name: Import PostgreSQL GPG public key
become: true
ansible.builtin.rpm_key:
key: https://download.postgresql.org/pub/repos/yum/RPM-GPG-KEY-PGDG
key: "{{ postgres_rpmkey_url }}"
state: present
register: download_postgresql_key
until: download_postgresql_key is success
Expand Down
Loading

0 comments on commit b6db6e2

Please sign in to comment.