Skip to content

Commit

Permalink
standardize variables names. Update readme files.
Browse files Browse the repository at this point in the history
  • Loading branch information
EmptyByte committed Jun 28, 2024
1 parent d3326b7 commit c4f830f
Show file tree
Hide file tree
Showing 40 changed files with 386 additions and 235 deletions.
2 changes: 1 addition & 1 deletion Ansible/ansible_collections/jfrog/platform/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -168,4 +168,4 @@ artifactory_extra_java_opts: '-server -Xms512m -Xmx4g -Xss256k -XX:+UseG1GC -Dja
```

## Known issues
* Refer [here](https://github.com/jfrog/JFrog-Cloud-Installers/issues?q=is%3Aopen+is%3Aissue+label%3AAnsible)
* Refer [here](https://github.com/jfrog/JFrog-Cloud-Installers/issues?q=is%3Aopen+is%3Aissue+label%3AAnsible)
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,70 @@
The artifactory role installs the Artifactory Pro software onto the host. Per the Vars below, it will configure a node as primary or secondary. This role uses secondary roles artifactory_nginx to install nginx.

## Role Variables
* _server_name_: **mandatory** This is the server name. eg. "artifactory.54.175.51.178.xip.io"
* _artifactory_upgrade_only_: Perform an software upgrade only. Default is false.

Additional variables can be found in [defaults/main.yml](./defaults/main.yml).
### Defaults variables

| Name | Default Value | Description |
|-------------------------------------------|-----------------------------------|--------------------------------------------------------------------------------------------------------|
| `artifactory_server_name` | `inventory_hostname` | **Mandatory.** The hostname used to access the Artifactory server. Adjust for production environments. |
| `artifactory_version` | `7.84.14` | The version of Artifactory to install. |
| `artifactory_nginx_installed` | `true` | Install and configure NGINX with Artifactory. Set to false if NGINX is not required. If true, see variables in table below. |
| `artifactory_licenses` | `null` | Provide single or HA individual licenses file separated by new line and 2-space indentation. |
| `artifactory_upgrade_only` | `false` | If this is set, only perform an upgrade. |
| `artifactory_ha_enabled` | `false` | To enable High Availability (HA) mode, set to true. |
| `artifactory_taskaffinity` | `any` | By default, all nodes are primary (CNHA). |
| `artifactory_mc_enabled` | `true` | To enable mission-control in Artifactory (applicable only on E+ license and for versions >= 7.27.x). |
| `artifactory_jfrog_dir` | `/opt/jfrog` | Location where Artifactory should be installed. |
| `artifactory_application_dir` | `/opt/jfrog/artifactory` | Dynamic - append `/artifactory` to the `artifactory_jfrog_dir` directory path. |
| `artifactory_flavour` | `pro` | Pick the Artifactory flavor to install (e.g., cpp-ce/jcr/pro). |
| `artifactory_extra_java_opts` | `-server -Xms512m -Xmx4g -Xss256k -XX:+UseG1GC` | Additional Java options for Artifactory. |
| `artifactory_download_timeout` | `10` | Timeout in seconds for URL request. |
| `artifactory_postgresql_driver_download` | `true` | Boolean, set to true to download JDBC driver. |
| `artifactory_postgresql_driver_version` | `42.6.0` | Version of the PostgreSQL driver to download. |
| `artifactory_user` | `artifactory` | Default system user for Artifactory. |
| `artifactory_group` | `artifactory` | Default system group for Artifactory. |
| `artifactory_uid` | `1030` | User ID for the Artifactory user. |
| `artifactory_gid` | `1030` | Group ID for the Artifactory group. |
| `artifactory_allow_non_postgresql` | `false` | To run Artifactory with any database other than PostgreSQL, set to true. |
| `artifactory_allow_crontab` | `true` | Allow the Artifactory user to create crontab rules (required by the application ?). |

**Additional variables for artifactory_nginx if artifactory_nginx_installed is true**

| Variable Name | Default Value | Description |
|-------------------------------------------------------|-----------------------------------------|-------------|
| `artifactory_nginx_worker_processes` | `auto` | Specifies the number of NGINX worker processes, Defaults to auto to match the number of CPU cores. |
| `artifactory_nginx_enable_docker_registry_rewrite` | `false` | If true, enables a rewrite rule for Docker registry requests in the NGINX configuration. |
| `artifactory_nginx_enable_ssl` | `false` | Enables SSL configuration on NGINX. Important to secure connections. |
| `artifactory_nginx_enable_http_to_https_redirection` | `false` | Enables HTTP to HTTPS redirection; requires `nginx_enable_ssl` to be true. |
| `artifactory_nginx_ca_chain_name` | `ca_chain.pem` | File name of the CA chain. |
| `artifactory_nginx_ssl_certificate_name` | `{{ inventory_hostname ~ '.crt.pem' }}` | File name of the SSL certificate. |
| `artifactory_nginx_ssl_private_key_name` | `{{ inventory_hostname ~ '.key.pem' }}` | File name of the SSL private key. |
| `artifactory_nginx_ca_chain_content` | `''` | Content of the CA Chain. Store this variable in a vault file using block scalar. |
| `artifactory_nginx_ssl_certificate_content` | `''` | Content of the Certificate. Store this variable in a vault file using block scalar. |
| `artifactory_nginx_ssl_private_key_content` | `''` | Content of the Private key. Store this variable in a vault file using block scalar. |
| `artifactory_nginx_use_official_repos` | `false` | Set to true to use NGINX's official repositories for package installations. |
| `artifactory_nginx_enabled_repositories` | `[]` | List of repositories to enable when installing NGINX. Only applicable for CentOS/RHEL. |
| `artifactory_nginx_disabled_repositories` | `[]` | List of repositories to disable when installing NGINX. Only applicable for CentOS/RHEL. |

### Distribution variables

The following variables are distribution-specfic and should not be overriden.

| Name | Default Value | Description |
|-------------------------------------------|-------------------|-------------------------------------------|
| `platform_collection_version` | `10.18.2` | The version of the platform collection. |
| `ansible_marketplace` | `galaxy` | Ansible marketplat |
| `artifactory_os_daemon` | `artifactory` | OS - Name of the Artifactory daemon. |
| `artifactory_tar_name` | `jfrog-artifactory-pro-{{ artifactory_version }}-linux.tar.gz` | The name of the Artifactory tar archive, dynamically generated based on the Artifactory version. |
| `artifactory_untar_dir` | `"{{ artifactory_jfrog_dir }}/artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}"` | The directory where the Artifactory tar is unpacked, dynamically based on version and flavour. |
| `artifactory_tar_url` | URL based on `artifactory_version` and `artifactory_tar_name` | The URL to download the Artifactory tar archive, dynamically generated. |
| `artifactory_postgresql_driver_download_url` | URL based on `artifactory_postgresql_driver_version` | The URL to download the PostgreSQL driver, dynamically generated based on the driver version. |
| `artifactory_selinux_policy_package` | `python3-policycoreutils` | The name of the SELinux policy package required by Artifactory. |

## Example Playbook

```
---
---yaml
- hosts: artifactory_servers
collections:
- community.general
Expand All @@ -20,7 +76,7 @@ Additional variables can be found in [defaults/main.yml](./defaults/main.yml).
## Upgrades
The Artifactory role supports software upgrades. To use a role to perform a software upgrade only, use the _artifactory_upgrade_only_ variable and specify the version. See the following example.

```
```yaml
- hosts: artifactory_servers
collections:
- community.general
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,12 @@
# The version of artifactory to install
artifactory_version: 7.84.14

# **Mandatory.** The hostname used to access the Artifactory server. Adjust for production environments.
artifactory_server_name: "{{ inventory_hostname if '.' in inventory_hostname else 'test.artifactory.com' }}"

# [NGINX] Install and configure NGINX with Artifactory (default: true). Set to false if NGINX is not required.
artifactory_nginx_installed: true

# [NGINX] Enable and configure NGINX with SSL (default: false)
artifactory_nginx_enable_ssl: false

# Provide single or HA individual licenses file separated by new line and 2-space indentation and for HA, set artifactory_ha_enabled: true.
# Example: Replace <license_1> , <license_2> , <license_3> with original licenses
# artifactory_licenses: |-
Expand All @@ -18,6 +18,9 @@ artifactory_nginx_enable_ssl: false

# <license_3>

# If this is an upgrade-only
artifactory_upgrade_only: false

# To enable HA, set to true
artifactory_ha_enabled: false

Expand All @@ -28,37 +31,31 @@ artifactory_taskaffinity: any
artifactory_mc_enabled: true

# The location where Artifactory should install
jfrog_home_directory: /opt/jfrog
artifactory_jfrog_dir: "{{ jfrog_home_directory | d('/opt/jfrog') }}"

artifactory_home: "{{ jfrog_home_directory }}/artifactory"
artifactory_application_dir: "{{ artifactory_jfrog_dir }}/artifactory"

# Pick the Artifactory flavour to install, can be also cpp-ce/jcr/pro
artifactory_flavour: pro

# Artifactory extra Java Options
artifactory_extra_java_opts: -server -Xms512m -Xmx4g -Xss256k -XX:+UseG1GC
artifactory_tar_file_name: jfrog-artifactory-pro-{{ artifactory_version }}-linux.tar.gz
artifactory_tar: "https://releases.jfrog.io/artifactory/artifactory-pro/org/artifactory/pro/jfrog-artifactory-pro/\
{{ artifactory_version }}/{{ artifactory_tar_file_name }}"
artifactory_untar_home: "{{ jfrog_home_directory }}/artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}"

# Timeout in seconds for URL request
artifactory_download_timeout: 10

# Added optional variable to download from external url
postgres_driver_download: true
postgres_driver_version: 42.6.0
postgres_driver_download_url: "https://repo1.maven.org/maven2/org/postgresql/postgresql/\
{{ postgres_driver_version }}/postgresql-{{ postgres_driver_version }}.jar"
artifactory_postgresql_driver_download: true
artifactory_postgresql_driver_version: '42.6.0'

# Default system user/group
artifactory_user: artifactory
artifactory_group: artifactory

# Default system user/group ID
artifactory_uid: 1030
artifactory_gid: 1030

# If this is an upgrade
artifactory_upgrade_only: false

# To run Artifactory with any database other than PostgreSQL, artifactory_allow_non_postgresql set to true
artifactory_allow_non_postgresql: false

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,12 @@
- name: Restart artifactory
become: true
ansible.builtin.systemd_service:
name: "{{ artifactory_daemon }}"
name: "{{ artifactory_os_daemon }}"
state: restarted
daemon_reload: true

- name: Stop artifactory
become: true
ansible.builtin.systemd_service:
name: "{{ artifactory_daemon }}"
name: "{{ artifactory_os_daemon }}"
state: stopped
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,13 @@

- name: Check if app directory exists
ansible.builtin.stat:
path: "{{ artifactory_home }}/app"
path: "{{ artifactory_application_dir }}/app"
register: app_dir_check

- name: Copy untar directory to artifactory home
ansible.builtin.copy:
src: "{{ artifactory_untar_home }}/"
dest: "{{ artifactory_home }}"
src: "{{ artifactory_untar_dir }}/"
dest: "{{ artifactory_application_dir }}"
owner: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
mode: '0755'
Expand Down Expand Up @@ -54,7 +54,7 @@
- name: Ensure artifactory service is started and enabled
become: true
ansible.builtin.systemd_service:
name: "{{ artifactory_daemon }}"
name: "{{ artifactory_os_daemon }}"
state: started
enabled: true

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,33 +2,33 @@
- name: Check if artifactory archive already exists
become: true
ansible.builtin.stat:
path: "{{ jfrog_home_directory }}/{{ artifactory_tar_file_name }}"
register: artifactory_tar_check
path: "{{ artifactory_jfrog_dir }}/{{ artifactory_tar_name }}"
register: __stat_artifactory_tar

- name: Download artifactory archive
become: true
ansible.builtin.get_url:
url: "{{ artifactory_tar }}"
url: "{{ artifactory_tar_url }}"
timeout: "{{ artifactory_download_timeout }}"
dest: "{{ jfrog_home_directory }}"
dest: "{{ artifactory_jfrog_dir }}"
owner: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
mode: '0644'
register: download_artifactory
until: download_artifactory is succeeded
register: __download_artifactory_tar
until: __download_artifactory_tar is succeeded
retries: 3
when: not artifactory_tar_check.stat.exists
when: not __stat_artifactory_tar.stat.exists

- name: Extract artifactory archive
become: true
ansible.builtin.unarchive:
src: "{{ jfrog_home_directory }}/{{ artifactory_tar_file_name }}"
dest: "{{ jfrog_home_directory }}"
src: "{{ artifactory_jfrog_dir }}/{{ artifactory_tar_name }}"
dest: "{{ artifactory_jfrog_dir }}"
remote_src: true
owner: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
creates: "{{ artifactory_untar_home }}"
creates: "{{ artifactory_untar_dir }}"
register: unarchived_artifactory
when:
- not ansible_check_mode
- download_artifactory is succeeded
- __download_artifactory_tar is succeeded
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,5 @@
- name: Install artifactory service
become: true
ansible.builtin.command:
cmd: "{{ artifactory_home }}/app/bin/installService.sh"
cmd: "{{ artifactory_application_dir }}/app/bin/installService.sh"
notify: Restart artifactory
Original file line number Diff line number Diff line change
Expand Up @@ -2,27 +2,27 @@
- name: Check if included database driver is the correct version
become: true
ansible.builtin.stat:
path: "{{ artifactory_home }}/app/artifactory/tomcat/lib/postgresql-{{ postgres_driver_version }}.jar"
register: included_database_driver
path: "{{ artifactory_application_dir }}/app/artifactory/tomcat/lib/postgresql-{{ artifactory_postgresql_driver_version }}.jar"
register: __stat_postgresql_driver

- name: Check if jdbc driver exists
become: true
ansible.builtin.stat:
path: "{{ artifactory_home }}/app/artifactory/tomcat/lib/jf_postgresql-{{ postgres_driver_version }}.jar"
when: not included_database_driver.stat.exists
register: database_driver
path: "{{ artifactory_application_dir }}/app/artifactory/tomcat/lib/jf_postgresql-{{ artifactory_postgresql_driver_version }}.jar"
register: __stat_jf_postgresql_driver
when: not __stat_postgresql_driver.stat.exists

- name: Download jdbc driver
become: true
ansible.builtin.get_url:
url: "{{ postgres_driver_download_url }}"
dest: "{{ artifactory_home }}/var/bootstrap/artifactory/tomcat/lib"
url: "{{ artifactory_postgresql_driver_download_url }}"
dest: "{{ artifactory_application_dir }}/var/bootstrap/artifactory/tomcat/lib"
owner: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
mode: '0644'
when:
- postgres_driver_download | bool
- postgres_driver_download_url | d('') | length > 0
- not database_driver.stat.exists
- not included_database_driver.stat.exists
- artifactory_postgresql_driver_download | bool
- artifactory_postgresql_driver_download_url | d('') | length > 0
- not __stat_postgresql_driver.stat.exists
- not __stat_jf_postgresql_driver.stat.exists
notify: Restart artifactory
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
- name: Configure master key
become: true
ansible.builtin.copy:
dest: "{{ artifactory_home }}/var/etc/security/master.key"
dest: "{{ artifactory_application_dir }}/var/etc/security/master.key"
content: "{{ master_key }}"
owner: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,15 @@
- name: Ensure user ownership of files in jfrog_home_directory is correct
become: true
ansible.builtin.command: >-
find {{ jfrog_home_directory }} ! -user {{ artifactory_user }}
find {{ artifactory_jfrog_dir }} ! -user {{ artifactory_user }}
-print -exec chown {{ artifactory_user }} {} \;
register: user_ownerships
changed_when: user_ownerships.stdout_lines | length > 0
register: __fix_user_ownerships
changed_when: __fix_user_ownerships.stdout_lines | length > 0

- name: Ensure group ownership of files in jfrog_home_directory is correct
- name: Ensure group ownership of files in artifactory_jfrog_dir is correct
become: true
ansible.builtin.command: >-
find {{ jfrog_home_directory }} ! -group {{ artifactory_group }}
find {{ artifactory_jfrog_dir }} ! -group {{ artifactory_group }}
-print -exec chgrp {{ artifactory_group }} {} \;
register: group_ownerships
changed_when: group_ownerships.stdout_lines | length > 0
register: __fix_group_ownerships
changed_when: __fix_group_ownerships.stdout_lines | length > 0
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
- name: Ensure Red Hat prerequisite packages are installed
become: true
ansible.builtin.dnf:
name: ['net-tools', '{{ selinux_policy_package }}']
name: ['net-tools', '{{ artifactory_selinux_policy_package }}']
state: present
when: ansible_facts['pkg_mgr'] | lower == 'dnf'

Expand Down Expand Up @@ -51,14 +51,14 @@
name: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
create_home: true
home: "{{ artifactory_home }}"
home: "{{ artifactory_application_dir }}"
shell: '/bin/bash'
state: present

- name: Ensure jfrog_home_directory exists
- name: Ensure artifactory_jfrog_dir exists
become: true
ansible.builtin.file:
path: "{{ jfrog_home_directory }}"
path: "{{ artifactory_jfrog_dir }}"
owner: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
state: directory
Expand All @@ -73,7 +73,7 @@
group: "{{ artifactory_group }}"
recurse: true
loop:
- "{{ artifactory_home }}/var/data"
- "{{ artifactory_home }}/var/etc"
- "{{ artifactory_home }}/var/etc/security/"
- "{{ artifactory_home }}/var/etc/artifactory/info/"
- "{{ artifactory_application_dir }}/var/data"
- "{{ artifactory_application_dir }}/var/etc"
- "{{ artifactory_application_dir }}/var/etc/security/"
- "{{ artifactory_application_dir }}/var/etc/artifactory/info/"
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@
- name: Configure SELinux context
become: true
community.general.sefcontext:
target: "{{ jfrog_home_directory }}/artifactory/app/bin(/.*)?"
target: "{{ artifactory_jfrog_dir }}/artifactory/app/bin(/.*)?"
setype: bin_t
reload: true
state: present

- name: Restore SELinux content
become: true
ansible.builtin.command: restorecon -Rv "{{ jfrog_home_directory }}/artifactory/app/bin"
ansible.builtin.command: restorecon -Rv "{{ artifactory_jfrog_dir }}/artifactory/app/bin"
changed_when: false
Loading

0 comments on commit c4f830f

Please sign in to comment.