diff --git a/Ansible/ansible_collections/jfrog/platform/README.md b/Ansible/ansible_collections/jfrog/platform/README.md index 8bee90bb..ea924f39 100644 --- a/Ansible/ansible_collections/jfrog/platform/README.md +++ b/Ansible/ansible_collections/jfrog/platform/README.md @@ -168,4 +168,4 @@ artifactory_extra_java_opts: '-server -Xms512m -Xmx4g -Xss256k -XX:+UseG1GC -Dja ``` ## Known issues -* Refer [here](https://github.com/jfrog/JFrog-Cloud-Installers/issues?q=is%3Aopen+is%3Aissue+label%3AAnsible) \ No newline at end of file +* Refer [here](https://github.com/jfrog/JFrog-Cloud-Installers/issues?q=is%3Aopen+is%3Aissue+label%3AAnsible) diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/README.md b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/README.md index 2a51775f..f3b61744 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/README.md +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/README.md @@ -2,14 +2,70 @@ The artifactory role installs the Artifactory Pro software onto the host. Per the Vars below, it will configure a node as primary or secondary. This role uses secondary roles artifactory_nginx to install nginx. ## Role Variables -* _server_name_: **mandatory** This is the server name. eg. "artifactory.54.175.51.178.xip.io" -* _artifactory_upgrade_only_: Perform an software upgrade only. Default is false. -Additional variables can be found in [defaults/main.yml](./defaults/main.yml). +### Defaults variables + +| Name | Default Value | Description | +|-------------------------------------------|-----------------------------------|--------------------------------------------------------------------------------------------------------| +| `artifactory_server_name` | `inventory_hostname` | **Mandatory.** The hostname used to access the Artifactory server. Adjust for production environments. | +| `artifactory_version` | `7.84.14` | The version of Artifactory to install. | +| `artifactory_nginx_installed` | `true` | Install and configure NGINX with Artifactory. Set to false if NGINX is not required. If true, see variables in table below. | +| `artifactory_licenses` | `null` | Provide single or HA individual licenses file separated by new line and 2-space indentation. | +| `artifactory_upgrade_only` | `false` | If this is set, only perform an upgrade. | +| `artifactory_ha_enabled` | `false` | To enable High Availability (HA) mode, set to true. | +| `artifactory_taskaffinity` | `any` | By default, all nodes are primary (CNHA). | +| `artifactory_mc_enabled` | `true` | To enable mission-control in Artifactory (applicable only on E+ license and for versions >= 7.27.x). | +| `artifactory_jfrog_dir` | `/opt/jfrog` | Location where Artifactory should be installed. | +| `artifactory_application_dir` | `/opt/jfrog/artifactory` | Dynamic - append `/artifactory` to the `artifactory_jfrog_dir` directory path. | +| `artifactory_flavour` | `pro` | Pick the Artifactory flavor to install (e.g., cpp-ce/jcr/pro). | +| `artifactory_extra_java_opts` | `-server -Xms512m -Xmx4g -Xss256k -XX:+UseG1GC` | Additional Java options for Artifactory. | +| `artifactory_download_timeout` | `10` | Timeout in seconds for URL request. | +| `artifactory_postgresql_driver_download` | `true` | Boolean, set to true to download JDBC driver. | +| `artifactory_postgresql_driver_version` | `42.6.0` | Version of the PostgreSQL driver to download. | +| `artifactory_user` | `artifactory` | Default system user for Artifactory. | +| `artifactory_group` | `artifactory` | Default system group for Artifactory. | +| `artifactory_uid` | `1030` | User ID for the Artifactory user. | +| `artifactory_gid` | `1030` | Group ID for the Artifactory group. | +| `artifactory_allow_non_postgresql` | `false` | To run Artifactory with any database other than PostgreSQL, set to true. | +| `artifactory_allow_crontab` | `true` | Allow the Artifactory user to create crontab rules (required by the application ?). | + +**Additional variables for artifactory_nginx if artifactory_nginx_installed is true** + +| Variable Name | Default Value | Description | +|-------------------------------------------------------|-----------------------------------------|-------------| +| `artifactory_nginx_worker_processes` | `auto` | Specifies the number of NGINX worker processes, Defaults to auto to match the number of CPU cores. | +| `artifactory_nginx_enable_docker_registry_rewrite` | `false` | If true, enables a rewrite rule for Docker registry requests in the NGINX configuration. | +| `artifactory_nginx_enable_ssl` | `false` | Enables SSL configuration on NGINX. Important to secure connections. | +| `artifactory_nginx_enable_http_to_https_redirection` | `false` | Enables HTTP to HTTPS redirection; requires `nginx_enable_ssl` to be true. | +| `artifactory_nginx_ca_chain_name` | `ca_chain.pem` | File name of the CA chain. | +| `artifactory_nginx_ssl_certificate_name` | `{{ inventory_hostname ~ '.crt.pem' }}` | File name of the SSL certificate. | +| `artifactory_nginx_ssl_private_key_name` | `{{ inventory_hostname ~ '.key.pem' }}` | File name of the SSL private key. | +| `artifactory_nginx_ca_chain_content` | `''` | Content of the CA Chain. Store this variable in a vault file using block scalar. | +| `artifactory_nginx_ssl_certificate_content` | `''` | Content of the Certificate. Store this variable in a vault file using block scalar. | +| `artifactory_nginx_ssl_private_key_content` | `''` | Content of the Private key. Store this variable in a vault file using block scalar. | +| `artifactory_nginx_use_official_repos` | `false` | Set to true to use NGINX's official repositories for package installations. | +| `artifactory_nginx_enabled_repositories` | `[]` | List of repositories to enable when installing NGINX. Only applicable for CentOS/RHEL. | +| `artifactory_nginx_disabled_repositories` | `[]` | List of repositories to disable when installing NGINX. Only applicable for CentOS/RHEL. | + +### Distribution variables + +The following variables are distribution-specfic and should not be overriden. + +| Name | Default Value | Description | +|-------------------------------------------|-------------------|-------------------------------------------| +| `platform_collection_version` | `10.18.2` | The version of the platform collection. | +| `ansible_marketplace` | `galaxy` | Ansible marketplat | +| `artifactory_os_daemon` | `artifactory` | OS - Name of the Artifactory daemon. | +| `artifactory_tar_name` | `jfrog-artifactory-pro-{{ artifactory_version }}-linux.tar.gz` | The name of the Artifactory tar archive, dynamically generated based on the Artifactory version. | +| `artifactory_untar_dir` | `"{{ artifactory_jfrog_dir }}/artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}"` | The directory where the Artifactory tar is unpacked, dynamically based on version and flavour. | +| `artifactory_tar_url` | URL based on `artifactory_version` and `artifactory_tar_name` | The URL to download the Artifactory tar archive, dynamically generated. | +| `artifactory_postgresql_driver_download_url` | URL based on `artifactory_postgresql_driver_version` | The URL to download the PostgreSQL driver, dynamically generated based on the driver version. | +| `artifactory_selinux_policy_package` | `python3-policycoreutils` | The name of the SELinux policy package required by Artifactory. | ## Example Playbook + ``` ---- +---yaml - hosts: artifactory_servers collections: - community.general @@ -20,7 +76,7 @@ Additional variables can be found in [defaults/main.yml](./defaults/main.yml). ## Upgrades The Artifactory role supports software upgrades. To use a role to perform a software upgrade only, use the _artifactory_upgrade_only_ variable and specify the version. See the following example. -``` +```yaml - hosts: artifactory_servers collections: - community.general diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/defaults/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/defaults/main.yml index 382ea398..fbb2969e 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/defaults/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/defaults/main.yml @@ -3,12 +3,12 @@ # The version of artifactory to install artifactory_version: 7.84.14 +# **Mandatory.** The hostname used to access the Artifactory server. Adjust for production environments. +artifactory_server_name: "{{ inventory_hostname if '.' in inventory_hostname else 'test.artifactory.com' }}" + # [NGINX] Install and configure NGINX with Artifactory (default: true). Set to false if NGINX is not required. artifactory_nginx_installed: true -# [NGINX] Enable and configure NGINX with SSL (default: false) -artifactory_nginx_enable_ssl: false - # Provide single or HA individual licenses file separated by new line and 2-space indentation and for HA, set artifactory_ha_enabled: true. # Example: Replace , , with original licenses # artifactory_licenses: |- @@ -18,6 +18,9 @@ artifactory_nginx_enable_ssl: false # +# If this is an upgrade-only +artifactory_upgrade_only: false + # To enable HA, set to true artifactory_ha_enabled: false @@ -28,37 +31,31 @@ artifactory_taskaffinity: any artifactory_mc_enabled: true # The location where Artifactory should install -jfrog_home_directory: /opt/jfrog +artifactory_jfrog_dir: "{{ jfrog_home_directory | d('/opt/jfrog') }}" -artifactory_home: "{{ jfrog_home_directory }}/artifactory" +artifactory_application_dir: "{{ artifactory_jfrog_dir }}/artifactory" # Pick the Artifactory flavour to install, can be also cpp-ce/jcr/pro artifactory_flavour: pro +# Artifactory extra Java Options artifactory_extra_java_opts: -server -Xms512m -Xmx4g -Xss256k -XX:+UseG1GC -artifactory_tar_file_name: jfrog-artifactory-pro-{{ artifactory_version }}-linux.tar.gz -artifactory_tar: "https://releases.jfrog.io/artifactory/artifactory-pro/org/artifactory/pro/jfrog-artifactory-pro/\ - {{ artifactory_version }}/{{ artifactory_tar_file_name }}" -artifactory_untar_home: "{{ jfrog_home_directory }}/artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}" # Timeout in seconds for URL request artifactory_download_timeout: 10 # Added optional variable to download from external url -postgres_driver_download: true -postgres_driver_version: 42.6.0 -postgres_driver_download_url: "https://repo1.maven.org/maven2/org/postgresql/postgresql/\ - {{ postgres_driver_version }}/postgresql-{{ postgres_driver_version }}.jar" +artifactory_postgresql_driver_download: true +artifactory_postgresql_driver_version: '42.6.0' +# Default system user/group artifactory_user: artifactory artifactory_group: artifactory +# Default system user/group ID artifactory_uid: 1030 artifactory_gid: 1030 -# If this is an upgrade -artifactory_upgrade_only: false - # To run Artifactory with any database other than PostgreSQL, artifactory_allow_non_postgresql set to true artifactory_allow_non_postgresql: false diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/handlers/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/handlers/main.yml index af42a945..6f333f37 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/handlers/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/handlers/main.yml @@ -4,12 +4,12 @@ - name: Restart artifactory become: true ansible.builtin.systemd_service: - name: "{{ artifactory_daemon }}" + name: "{{ artifactory_os_daemon }}" state: restarted daemon_reload: true - name: Stop artifactory become: true ansible.builtin.systemd_service: - name: "{{ artifactory_daemon }}" + name: "{{ artifactory_os_daemon }}" state: stopped diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/install.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/install.yml index df8b9bd4..f18ff065 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/install.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/install.yml @@ -16,13 +16,13 @@ - name: Check if app directory exists ansible.builtin.stat: - path: "{{ artifactory_home }}/app" + path: "{{ artifactory_application_dir }}/app" register: app_dir_check - name: Copy untar directory to artifactory home ansible.builtin.copy: - src: "{{ artifactory_untar_home }}/" - dest: "{{ artifactory_home }}" + src: "{{ artifactory_untar_dir }}/" + dest: "{{ artifactory_application_dir }}" owner: "{{ artifactory_user }}" group: "{{ artifactory_group }}" mode: '0755' @@ -54,7 +54,7 @@ - name: Ensure artifactory service is started and enabled become: true ansible.builtin.systemd_service: - name: "{{ artifactory_daemon }}" + name: "{{ artifactory_os_daemon }}" state: started enabled: true diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/get_archive.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/get_archive.yml index f3c9f50f..c53b4049 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/get_archive.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/get_archive.yml @@ -2,33 +2,33 @@ - name: Check if artifactory archive already exists become: true ansible.builtin.stat: - path: "{{ jfrog_home_directory }}/{{ artifactory_tar_file_name }}" - register: artifactory_tar_check + path: "{{ artifactory_jfrog_dir }}/{{ artifactory_tar_name }}" + register: __stat_artifactory_tar - name: Download artifactory archive become: true ansible.builtin.get_url: - url: "{{ artifactory_tar }}" + url: "{{ artifactory_tar_url }}" timeout: "{{ artifactory_download_timeout }}" - dest: "{{ jfrog_home_directory }}" + dest: "{{ artifactory_jfrog_dir }}" owner: "{{ artifactory_user }}" group: "{{ artifactory_group }}" mode: '0644' - register: download_artifactory - until: download_artifactory is succeeded + register: __download_artifactory_tar + until: __download_artifactory_tar is succeeded retries: 3 - when: not artifactory_tar_check.stat.exists + when: not __stat_artifactory_tar.stat.exists - name: Extract artifactory archive become: true ansible.builtin.unarchive: - src: "{{ jfrog_home_directory }}/{{ artifactory_tar_file_name }}" - dest: "{{ jfrog_home_directory }}" + src: "{{ artifactory_jfrog_dir }}/{{ artifactory_tar_name }}" + dest: "{{ artifactory_jfrog_dir }}" remote_src: true owner: "{{ artifactory_user }}" group: "{{ artifactory_group }}" - creates: "{{ artifactory_untar_home }}" + creates: "{{ artifactory_untar_dir }}" register: unarchived_artifactory when: - not ansible_check_mode - - download_artifactory is succeeded + - __download_artifactory_tar is succeeded diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/install_service.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/install_service.yml index 75bdc020..13a445ef 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/install_service.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/install_service.yml @@ -2,5 +2,5 @@ - name: Install artifactory service become: true ansible.builtin.command: - cmd: "{{ artifactory_home }}/app/bin/installService.sh" + cmd: "{{ artifactory_application_dir }}/app/bin/installService.sh" notify: Restart artifactory diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/jdbc_driver.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/jdbc_driver.yml index 41a0c82d..aadb489d 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/jdbc_driver.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/jdbc_driver.yml @@ -2,27 +2,27 @@ - name: Check if included database driver is the correct version become: true ansible.builtin.stat: - path: "{{ artifactory_home }}/app/artifactory/tomcat/lib/postgresql-{{ postgres_driver_version }}.jar" - register: included_database_driver + path: "{{ artifactory_application_dir }}/app/artifactory/tomcat/lib/postgresql-{{ artifactory_postgresql_driver_version }}.jar" + register: __stat_postgresql_driver - name: Check if jdbc driver exists become: true ansible.builtin.stat: - path: "{{ artifactory_home }}/app/artifactory/tomcat/lib/jf_postgresql-{{ postgres_driver_version }}.jar" - when: not included_database_driver.stat.exists - register: database_driver + path: "{{ artifactory_application_dir }}/app/artifactory/tomcat/lib/jf_postgresql-{{ artifactory_postgresql_driver_version }}.jar" + register: __stat_jf_postgresql_driver + when: not __stat_postgresql_driver.stat.exists - name: Download jdbc driver become: true ansible.builtin.get_url: - url: "{{ postgres_driver_download_url }}" - dest: "{{ artifactory_home }}/var/bootstrap/artifactory/tomcat/lib" + url: "{{ artifactory_postgresql_driver_download_url }}" + dest: "{{ artifactory_application_dir }}/var/bootstrap/artifactory/tomcat/lib" owner: "{{ artifactory_user }}" group: "{{ artifactory_group }}" mode: '0644' when: - - postgres_driver_download | bool - - postgres_driver_download_url | d('') | length > 0 - - not database_driver.stat.exists - - not included_database_driver.stat.exists + - artifactory_postgresql_driver_download | bool + - artifactory_postgresql_driver_download_url | d('') | length > 0 + - not __stat_postgresql_driver.stat.exists + - not __stat_jf_postgresql_driver.stat.exists notify: Restart artifactory diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/master_key.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/master_key.yml index 9bcad12d..db258f4b 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/master_key.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/master_key.yml @@ -2,7 +2,7 @@ - name: Configure master key become: true ansible.builtin.copy: - dest: "{{ artifactory_home }}/var/etc/security/master.key" + dest: "{{ artifactory_application_dir }}/var/etc/security/master.key" content: "{{ master_key }}" owner: "{{ artifactory_user }}" group: "{{ artifactory_group }}" diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/permissions.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/permissions.yml index 6a4470c0..df499082 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/permissions.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/permissions.yml @@ -2,15 +2,15 @@ - name: Ensure user ownership of files in jfrog_home_directory is correct become: true ansible.builtin.command: >- - find {{ jfrog_home_directory }} ! -user {{ artifactory_user }} + find {{ artifactory_jfrog_dir }} ! -user {{ artifactory_user }} -print -exec chown {{ artifactory_user }} {} \; - register: user_ownerships - changed_when: user_ownerships.stdout_lines | length > 0 + register: __fix_user_ownerships + changed_when: __fix_user_ownerships.stdout_lines | length > 0 -- name: Ensure group ownership of files in jfrog_home_directory is correct +- name: Ensure group ownership of files in artifactory_jfrog_dir is correct become: true ansible.builtin.command: >- - find {{ jfrog_home_directory }} ! -group {{ artifactory_group }} + find {{ artifactory_jfrog_dir }} ! -group {{ artifactory_group }} -print -exec chgrp {{ artifactory_group }} {} \; - register: group_ownerships - changed_when: group_ownerships.stdout_lines | length > 0 + register: __fix_group_ownerships + changed_when: __fix_group_ownerships.stdout_lines | length > 0 diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/prerequisites.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/prerequisites.yml index 6cee84ae..ce3ebd8e 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/prerequisites.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/prerequisites.yml @@ -11,7 +11,7 @@ - name: Ensure Red Hat prerequisite packages are installed become: true ansible.builtin.dnf: - name: ['net-tools', '{{ selinux_policy_package }}'] + name: ['net-tools', '{{ artifactory_selinux_policy_package }}'] state: present when: ansible_facts['pkg_mgr'] | lower == 'dnf' @@ -51,14 +51,14 @@ name: "{{ artifactory_user }}" group: "{{ artifactory_group }}" create_home: true - home: "{{ artifactory_home }}" + home: "{{ artifactory_application_dir }}" shell: '/bin/bash' state: present -- name: Ensure jfrog_home_directory exists +- name: Ensure artifactory_jfrog_dir exists become: true ansible.builtin.file: - path: "{{ jfrog_home_directory }}" + path: "{{ artifactory_jfrog_dir }}" owner: "{{ artifactory_user }}" group: "{{ artifactory_group }}" state: directory @@ -73,7 +73,7 @@ group: "{{ artifactory_group }}" recurse: true loop: - - "{{ artifactory_home }}/var/data" - - "{{ artifactory_home }}/var/etc" - - "{{ artifactory_home }}/var/etc/security/" - - "{{ artifactory_home }}/var/etc/artifactory/info/" + - "{{ artifactory_application_dir }}/var/data" + - "{{ artifactory_application_dir }}/var/etc" + - "{{ artifactory_application_dir }}/var/etc/security/" + - "{{ artifactory_application_dir }}/var/etc/artifactory/info/" diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/selinux.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/selinux.yml index 4b48e552..ece71881 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/selinux.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/selinux.yml @@ -2,12 +2,12 @@ - name: Configure SELinux context become: true community.general.sefcontext: - target: "{{ jfrog_home_directory }}/artifactory/app/bin(/.*)?" + target: "{{ artifactory_jfrog_dir }}/artifactory/app/bin(/.*)?" setype: bin_t reload: true state: present - name: Restore SELinux content become: true - ansible.builtin.command: restorecon -Rv "{{ jfrog_home_directory }}/artifactory/app/bin" + ansible.builtin.command: restorecon -Rv "{{ artifactory_jfrog_dir }}/artifactory/app/bin" changed_when: false diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/templates.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/templates.yml index 9f512156..3464d35f 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/templates.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/templates.yml @@ -2,14 +2,14 @@ - name: Check if system.yaml exists become: true ansible.builtin.stat: - path: "{{ artifactory_home }}/var/etc/system.yaml" + path: "{{ artifactory_application_dir }}/var/etc/system.yaml" register: _stat_systemyaml - name: Configure system.yaml become: true ansible.builtin.copy: content: "{{ artifactory_systemyaml }}" - dest: "{{ artifactory_home }}/var/etc/system.yaml" + dest: "{{ artifactory_application_dir }}/var/etc/system.yaml" owner: "{{ artifactory_user }}" group: "{{ artifactory_group }}" mode: '0644' @@ -20,7 +20,7 @@ become: true ansible.builtin.template: src: installer-info.json.j2 - dest: "{{ artifactory_home }}/var/etc/artifactory/info/installer-info.json" + dest: "{{ artifactory_application_dir }}/var/etc/artifactory/info/installer-info.json" owner: "{{ artifactory_user }}" group: "{{ artifactory_group }}" mode: '0644' @@ -30,7 +30,7 @@ - name: Apply binary store XML content ansible.builtin.template: src: path/to/your_template.xml.j2 - dest: "{{ artifactory_home }}/var/etc/artifactory/binarystore.xml" + dest: "{{ artifactory_application_dir }}/var/etc/artifactory/binarystore.xml" owner: "{{ artifactory_user }}" group: "{{ artifactory_group }}" mode: '0644' @@ -41,7 +41,7 @@ become: true ansible.builtin.template: src: artifactory.cluster.license.j2 - dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.cluster.license" + dest: "{{ artifactory_application_dir }}/var/etc/artifactory/artifactory.cluster.license" owner: "{{ artifactory_user }}" group: "{{ artifactory_group }}" mode: '0644' @@ -53,7 +53,7 @@ become: true ansible.builtin.template: src: bootstrap.creds.j2 - dest: "{{ artifactory_home }}/var/etc/access/bootstrap.creds" + dest: "{{ artifactory_application_dir }}/var/etc/access/bootstrap.creds" owner: "{{ artifactory_user }}" group: "{{ artifactory_group }}" mode: '0600' diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/upgrade.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/upgrade.yml index d065291c..392a1894 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/upgrade.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/upgrade.yml @@ -15,13 +15,13 @@ - name: Ensure artifactory is stopped ansible.builtin.systemd_service: - name: "{{ artifactory_daemon }}" + name: "{{ artifactory_os_daemon }}" state: stopped when: unarchived_artifactory is changed - name: Check artifactory version ansible.builtin.fetch: - src: "{{ artifactory_home }}/app/artifactory.product.version.properties" + src: "{{ artifactory_application_dir }}/app/artifactory.product.version.properties" dest: "/tmp/artifactory.product.version.properties" flat: true changed_when: false @@ -36,12 +36,12 @@ - name: Delete old artifactory app directory ansible.builtin.file: - path: "{{ artifactory_home }}/app" + path: "{{ artifactory_application_dir }}/app" state: absent when: running_version != artifactory_version - name: Copy new artifactory app directory - ansible.builtin.command: "cp -r {{ artifactory_untar_home }}/app/. {{ artifactory_home }}/app" + ansible.builtin.command: "cp -r {{ artifactory_untar_dir }}/app/. {{ artifactory_application_dir }}/app" notify: Restart artifactory when: running_version != artifactory_version @@ -67,7 +67,7 @@ - name: Ensure artifactory service is started and enabled become: true ansible.builtin.systemd_service: - name: "{{ artifactory_daemon }}" + name: "{{ artifactory_os_daemon }}" state: started enabled: true diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/all.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/all.yml index ce15c5bc..8068ec08 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/all.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/all.yml @@ -1,3 +1,4 @@ +--- # platform collection version platform_collection_version: 10.18.2 @@ -5,4 +6,16 @@ platform_collection_version: 10.18.2 ansible_marketplace: galaxy # Artifactory system service name -artifactory_daemon: artifactory +artifactory_os_daemon: artifactory + +# Artifactory dynamic variables for tar archive +artifactory_tar_name: jfrog-artifactory-pro-{{ artifactory_version }}-linux.tar.gz + +artifactory_untar_dir: "{{ artifactory_jfrog_dir }}/artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}" + +artifactory_tar_url: "https://releases.jfrog.io/artifactory/artifactory-pro/org/artifactory/pro/jfrog-artifactory-pro/\ + {{ artifactory_version }}/{{ artifactory_tar_name }}" + +# Artifactory dynamic variables for postgresql archive +artifactory_postgresql_driver_download_url: "https://repo1.maven.org/maven2/org/postgresql/postgresql/\ + {{ artifactory_postgresql_driver_version }}/postgresql-{{ artifactory_postgresql_driver_version }}.jar" diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/amazon.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/amazon.yml index 0453cff5..4a72385e 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/amazon.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/amazon.yml @@ -1 +1,2 @@ -selinux_policy_package: policycoreutils-python +--- +artifactory_selinux_policy_package: policycoreutils-python diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/centos7.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/centos7.yml index 0453cff5..4a72385e 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/centos7.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/centos7.yml @@ -1 +1,2 @@ -selinux_policy_package: policycoreutils-python +--- +artifactory_selinux_policy_package: policycoreutils-python diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/default.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/default.yml index d6ac6f88..57531b4d 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/default.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/default.yml @@ -1 +1,2 @@ -selinux_policy_package: python3-policycoreutils +--- +artifactory_selinux_policy_package: python3-policycoreutils diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/redhat7.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/redhat7.yml index 0453cff5..4a72385e 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/redhat7.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/redhat7.yml @@ -1 +1,2 @@ -selinux_policy_package: policycoreutils-python +--- +artifactory_selinux_policy_package: policycoreutils-python diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/README.md b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/README.md index b52b7f89..3eaf1ca5 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/README.md +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/README.md @@ -4,21 +4,44 @@ This role installs NGINX for artifactory and is invoked by the artifactory role; ## Role Variables -``` +### Defaults + | Variable Name | Default Value | Description | |------------------------------------------------|-----------------------------------------|-------------| -| `artifactory_server_name` | `inventory_hostname` | Mandatory. The hostname used to access the Artifactory server. Adjust for production environments. | +| `artifactory_nginx_server_name` | `inventory_hostname` | Mandatory. The hostname used to access the Artifactory server. Adjust for production environments. | | `artifactory_nginx_worker_processes` | `auto` | Specifies the number of NGINX worker processes, Defaults to auto to match the number of CPU cores. | | `artifactory_nginx_enable_docker_registry_rewrite` | `false` | If true, enables a rewrite rule for Docker registry requests in the NGINX configuration. | | `artifactory_nginx_enable_ssl` | `false` | Enables SSL configuration on NGINX. Important to secure connections. | | `artifactory_nginx_enable_http_to_https_redirection` | `false` | Enables HTTP to HTTPS redirection; requires `nginx_enable_ssl` to be true. | -| `artifactory_ca_chain_name` | `ca_chain.pem` | File name of the CA chain. | -| `artifactory_ssl_certificate_name` | `{{ inventory_hostname ~ '.crt.pem' }}` | File name of the SSL certificate. | -| `artifactory_ssl_private_key_name` | `{{ inventory_hostname ~ '.key.pem' }}` | File name of the SSL private key. | -| `artifactory_ca_chain_content` | `''` | Content of the CA Chain. Store this variable in a vault file using block scalar. | -| `artifactory_ssl_certificate_content` | `''` | Content of the Certificate. Store this variable in a vault file using block scalar. | -| `artifactory_ssl_private_key_content` | `''` | Content of the Private key. Store this variable in a vault file using block scalar. | +| `artifactory_nginx_ca_chain_name` | `ca_chain.pem` | File name of the CA chain. | +| `artifactory_nginx_ssl_certificate_name` | `{{ inventory_hostname ~ '.crt.pem' }}` | File name of the SSL certificate. | +| `artifactory_nginx_ssl_private_key_name` | `{{ inventory_hostname ~ '.key.pem' }}` | File name of the SSL private key. | +| `artifactory_nginx_ca_chain_content` | `''` | Content of the CA Chain. Store this variable in a vault file using block scalar. | +| `artifactory_nginx_ssl_certificate_content` | `''` | Content of the Certificate. Store this variable in a vault file using block scalar. | +| `artifactory_nginx_ssl_private_key_content` | `''` | Content of the Private key. Store this variable in a vault file using block scalar. | | `artifactory_nginx_use_official_repos` | `false` | Set to true to use NGINX's official repositories for package installations. | | `artifactory_nginx_enabled_repositories` | `[]` | List of repositories to enable when installing NGINX. Only applicable for CentOS/RHEL. | | `artifactory_nginx_disabled_repositories` | `[]` | List of repositories to disable when installing NGINX. Only applicable for CentOS/RHEL. | -``` + + +### Distribution variables + +The following variables are distribution-specfic and should not be overriden. + +| Variable Name | Description | +|------------------------------------------------|--------------------------------------------------------------------------| +| `artifactory_nginx_official_repo_mapping` | NGINX Repository - Mapps the repo names with ansible distribution names. | +| `artifactory_nginx_official_repo_filename` | NGINX Repository - File name of the repository. | +| `artifactory_nginx_official_repo_description` | NGINX Repository - Description of the repository. | +| `artifactory_nginx_official_repo_signing_key` | NGINX Repository - URL of the signing key. | +| `artifactory_nginx_official_repo_url` | NGINX Repository - URL of the repository. | +| `artifactory_nginx_os_packages` | OS - List of the nginx packages to install. | +| `artifactory_nginx_os_daemon` | OS - Name of the nginx daemon. | +| `artifactory_nginx_os_cmd_truststore_update` | OS - Command to update the system trust-store. | +| `artifactory_nginx_os_dir_truststore` | OS - Dictionary for the system trust-store directory. | +| `artifactory_nginx_os_dir_certs` | OS - Dictionary for the system certificates directory. | +| `artifactory_nginx_os_dir_ssl` | OS - Dictionary for the system SSL directory. | +| `artifactory_nginx_os_dir_jfrog_ssl` | OS - Dictionary for the JFROG SSL directory (?). | +| `artifactory_nginx_tpl_nginx_config` | OS - Dictionary for the NGINX config template. | +| `artifactory_nginx_tpl_https_redirect` | OS - Dictionary for the NGINX HTTP to HTTPS redirect config template. | +| `artifactory_nginx_tpl_artifactory_config` | OS - Dictionary for the NGINX Artifactory config template. | diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/defaults/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/defaults/main.yml index 9c8d5dcf..a1ce75d7 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/defaults/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/defaults/main.yml @@ -2,38 +2,38 @@ # defaults file for artifactory_nginx # For production deployments, you SHOULD change it. -server_name: "{{ artifactory_server_name | d(inventory_hostname if '.' in inventory_hostname else 'test.artifactory.com') }}" +artifactory_nginx_server_name: "{{ artifactory_server_name | d(inventory_hostname if '.' in inventory_hostname else 'test.artifactory.com') }}" # [NGINX] Tune the number of worker processes used by NGINX. This variable determines how # many concurrent requests NGINX can handle. Default is `auto` so that NGINX determines # the optimal number based on the number of available CPU cores. -nginx_worker_processes: "{{ artifactory_nginx_worker_processes | d('auto') }}" +artifactory_nginx_worker_processes: 'auto' # [NGINX] If true, creates a rewrite rule for docker registry requests in the NGINX artifactory config. -nginx_enable_docker_registry_rewrite: "{{ artifactory_nginx_enable_docker_registry_rewrite | d(false) }}" +artifactory_nginx_enable_docker_registry_rewrite: false # [SSL Settings] Important - Set this to true if you want to configure SSL -nginx_enable_ssl: "{{ artifactory_nginx_enable_ssl | d(false) }}" +artifactory_nginx_enable_ssl: false # [SSL Settings] Configure NGINX for HTTP to HTTPS redirection -# Requires `nginx_enable_ssl` to be true -nginx_enable_http_to_https_redirection: "{{ artifactory_nginx_enable_http_to_https_redirection | d(false) }}" +# Requires `artifactory_nginx_enable_ssl` to be true +artifactory_nginx_enable_http_to_https_redirection: false # [SSL Settings] In a vault file, using a block scalar override the following # variables to pass the CA chain, SSL certificate and private key content. -ca_chain_content: "{{ artifactory_ca_chain_content | d('') }}" -ssl_certificate_content: "{{ artifactory_ssl_certificate_content | d('') }}" -ssl_private_key_content: "{{ artifactory_ssl_private_key_content | d('') }}" +artifactory_nginx_ca_chain_content: '' +artifactory_nginx_ssl_certificate_content: '' +artifactory_nginx_ssl_private_key_content: '' # [SSL Settings] Define the CA Chain, certificate and private name when created -ca_chain_name: "{{ artifactory_ca_chain_name | d('ca_chain.pem') }}" -ssl_certificate_name: "{{ artifactory_ssl_certificate_name | d(inventory_hostname ~ '.crt.pem') }}" -ssl_private_key_name: "{{ artifactory_ssl_private_key_name | d(inventory_hostname ~ '.key.pem') }}" +artifactory_nginx_ca_chain_name: 'ca_chain.pem' +artifactory_nginx_ssl_certificate_name: "{{ inventory_hostname ~ '.crt.pem' }}" +artifactory_nginx_ssl_private_key_name: "{{ inventory_hostname ~ '.key.pem' }}" # [Repository] Optional - If you want to use the NGINX official repository set this # value to true otherwise leave it to false to install NGINX provided with OS. -nginx_use_official_repos: "{{ artifactory_nginx_use_official_repos | d(false) }}" +artifactory_nginx_use_official_repos: false # [Repository] Optional - Centos/RHEL only - pass a list of enabled/disabled repositories if needed. -nginx_enabled_repositories: "{{ artifactory_nginx_enabled_repositories | d([]) }}" -nginx_disabled_repositories: "{{ artifactory_nginx_disabled_repositories | d([]) }}" +artifactory_nginx_enabled_repositories: [] +artifactory_nginx_disabled_repositories: [] diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/handlers/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/handlers/main.yml index 5fa285fb..204b68f2 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/handlers/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/handlers/main.yml @@ -3,10 +3,10 @@ - name: Update CA trust store become: true - ansible.builtin.command: "{{ system_trust_store_update }}" + ansible.builtin.command: "{{ artifactory_nginx_os_cmd_truststore_update }}" - name: Restart NGINX become: true ansible.builtin.systemd_service: - name: "{{ nginx_system_daemon }}" + name: "{{ artifactory_nginx_os_daemon }}" state: restarted diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/tasks/config/default.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/tasks/config/default.yml index 0db33bce..ca26e9c3 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/tasks/config/default.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/tasks/config/default.yml @@ -12,55 +12,56 @@ - name: Copy NGINX config file become: true ansible.builtin.template: - src: "{{ template_nginx_config.src }}" - dest: "{{ template_nginx_config.dst }}" - owner: "{{ template_nginx_config.owner }}" - group: "{{ template_nginx_config.group }}" - mode: "{{ template_nginx_config.mode }}" + src: "{{ artifactory_nginx_tpl_nginx_config.src }}" + dest: "{{ artifactory_nginx_tpl_nginx_config.dst }}" + owner: "{{ artifactory_nginx_tpl_nginx_config.owner }}" + group: "{{ artifactory_nginx_tpl_nginx_config.group }}" + mode: "{{ artifactory_nginx_tpl_nginx_config.mode }}" notify: Restart NGINX - name: Copy NGINX artifactory config become: true ansible.builtin.template: - src: "{{ template_nginx_artifactory.src }}" - dest: "{{ template_nginx_artifactory.dst }}" - owner: "{{ template_nginx_artifactory.owner }}" - group: "{{ template_nginx_artifactory.group }}" - mode: "{{ template_nginx_artifactory.mode }}" + src: "{{ artifactory_nginx_tpl_artifactory_config.src }}" + dest: "{{ artifactory_nginx_tpl_artifactory_config.dst }}" + owner: "{{ artifactory_nginx_tpl_artifactory_config.owner }}" + group: "{{ artifactory_nginx_tpl_artifactory_config.group }}" + mode: "{{ artifactory_nginx_tpl_artifactory_config.mode }}" notify: Restart NGINX +# TODO: Find out if certificate needs to be copied to into this directory. - name: Ensure NGINX dir exists become: true ansible.builtin.file: - path: "{{ jfrog_ssl_directory.path }}" + path: "{{ artifactory_nginx_os_dir_jfrog_ssl.path }}" state: directory - mode: "{{ jfrog_ssl_directory.mode }}" - when: nginx_enable_ssl | bool + mode: "{{ artifactory_nginx_os_dir_jfrog_ssl.mode }}" + when: artifactory_nginx_enable_ssl | bool - name: Copy NGINX redirect config become: true ansible.builtin.template: - src: "{{ template_https_redirect.src }}" - dest: "{{ template_https_redirect.dst }}" - owner: "{{ template_https_redirect.owner }}" - group: "{{ template_https_redirect.group }}" - mode: "{{ template_https_redirect.mode }}" + src: "{{ artifactory_nginx_tpl_https_redirect.src }}" + dest: "{{ artifactory_nginx_tpl_https_redirect.dst }}" + owner: "{{ artifactory_nginx_tpl_https_redirect.owner }}" + group: "{{ artifactory_nginx_tpl_https_redirect.group }}" + mode: "{{ artifactory_nginx_tpl_https_redirect.mode }}" notify: Restart NGINX when: - - nginx_enable_ssl | bool - - nginx_enable_http_to_https_redirection | bool + - artifactory_nginx_enable_ssl | bool + - artifactory_nginx_enable_http_to_https_redirection | bool - name: Copy CA Certificate chain become: true ansible.builtin.copy: - content: "{{ ca_chain_content }}" - dest: "{{ system_trust_store.path }}/{{ ca_chain_name }}" + content: "{{ artifactory_nginx_ca_chain_content }}" + dest: "{{ artifactory_nginx_os_dir_truststore.path }}/{{ artifactory_nginx_ca_chain_name }}" owner: root group: root mode: '0644' no_log: true notify: Update CA trust store - when: ca_chain_content is defined and ca_chain_content | length > 0 + when: artifactory_nginx_ca_chain_content is defined and artifactory_nginx_ca_chain_content | length > 0 - name: Copy SSL Key and Certificate become: true @@ -73,25 +74,25 @@ notify: Restart NGINX no_log: true loop: - - src: "{{ ssl_certificate }}" - dst: "{{ system_certs.path }}/{{ ssl_certificate_name }}" + - src: "{{ artifactory_nginx_ssl_certificate_content }}" + dst: "{{ artifactory_nginx_os_dir_certs.path }}/{{ artifactory_nginx_ssl_certificate_name }}" owner: 'root' group: 'root' mode: '0644' - - src: "{{ ssl_private_key }}" - dst: "{{ system_private_key.path }}/{{ ssl_private_key_name}}" + - src: "{{ artifactory_nginx_ssl_private_key_content }}" + dst: "{{ artifactory_nginx_os_dir_ssl.path }}/{{ artifactory_nginx_ssl_private_key_name }}" owner: 'root' group: 'root' mode: '0600' when: - - nginx_enable_ssl | bool - - ssl_certificate_content is defined and ssl_certificate_content | length > 0 - - ssl_private_key_content is defined and ssl_private_key_content | length > 0 + - artifactory_nginx_enable_ssl | bool + - artifactory_nginx_ssl_certificate_content is defined and artifactory_nginx_ssl_certificate_content | length > 0 + - artifactory_nginx_ssl_private_key_content is defined and artifactory_nginx_ssl_private_key_content | length > 0 - name: Ensure NGINX is Enabled become: true ansible.builtin.systemd_service: - name: "{{ nginx_system_daemon }}" + name: "{{ artifactory_nginx_os_daemon }}" enabled: true - name: Flush all handlers diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/tasks/install/debian.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/tasks/install/debian.yml index aa7c0f06..3cc841d6 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/tasks/install/debian.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/tasks/install/debian.yml @@ -1,6 +1,6 @@ --- - name: Configure NGINX repositories - when: nginx_use_official_repos | bool + when: artifactory_nginx_use_official_repos | bool become: true block: @@ -11,15 +11,15 @@ - name: Add NGINX stable repo ansible.builtin.apt_repository: - repo: "deb {{ nginx_official_repo_url }} {{ ansible_facts['ansible_distribution_release'] | lower }} nginx" - filename: "{{ nginx_official_repo_filename }}" + repo: "deb {{ artifactory_nginx_official_repo_url }} {{ ansible_facts['ansible_distribution_release'] | lower }} nginx" + filename: "{{ artifactory_nginx_official_repo_filename }}" state: present update_cache: true - name: Install NGINX packages become: true ansible.builtin.apt: - name: "{{ nginx_packages }}" + name: "{{ artifactory_nginx_os_packages }}" state: present update_cache: true cache_valid_time: 3600 diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/tasks/install/redhat.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/tasks/install/redhat.yml index 8c9243a0..1bf41f40 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/tasks/install/redhat.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/tasks/install/redhat.yml @@ -1,20 +1,20 @@ --- - name: Configure NGINX repositories - when: nginx_use_official_repos | bool + when: artifactory_nginx_use_official_repos | bool become: true block: - name: Import NGINX signing key ansible.builtin.rpm_key: - key: "{{ nginx_official_repo_signing_key }}" + key: "{{ artifactory_nginx_official_repo_signing_key }}" state: present - name: Add NGINX stable repo ansible.builtin.yum_repository: - name: "{{ nginx_official_repo_filename }}" - description: "{{ nginx_official_repo_description }}" - file: "{{ nginx_official_repo_filename }}" - baseurl: "{{ nginx_official_repo_url }}" + name: "{{ artifactory_nginx_official_repo_filename }}" + description: "{{ artifactory_nginx_official_repo_description }}" + file: "{{ artifactory_nginx_official_repo_filename }}" + baseurl: "{{ artifactory_nginx_official_repo_url }}" gpgcheck: true enabled: true module_hotfixes: true @@ -23,17 +23,17 @@ - name: Fallback to manually adding the repo if the previous task failed ansible.builtin.copy: - dest: "/etc/yum.repos.d/{{ nginx_official_repo_filename }}.repo" + dest: "/etc/yum.repos.d/{{ artifactory_nginx_official_repo_filename }}.repo" owner: root group: root mode: '0644' content: | - [{{ nginx_official_repo_filename }}] - name={{ nginx_official_repo_description }} - baseurl={{ nginx_official_repo_url }}/$releasever/$basearch + [{{ artifactory_nginx_official_repo_filename }}] + name={{ artifactory_nginx_official_repo_description }} + baseurl={{ artifactory_nginx_official_repo_url }}/$releasever/$basearch gpgcheck=1 enabled=1 - gpgkey={{ nginx_official_repo_signing_key }} + gpgkey={{ artifactory_nginx_official_repo_signing_key }} module_hotfixes=true when: __nginx_setup_repo is failed @@ -45,7 +45,7 @@ - name: Install NGINX become: true ansible.builtin.dnf: - name: "{{ nginx_packages }}" + name: "{{ artifactory_nginx_os_packages }}" state: present - disablerepo: "{{ nginx_disabled_repositories | d(omit, true) }}" - enablerepo: "{{ nginx_enabled_repositories | d(omit, true) }}" + disablerepo: "{{ artifactory_nginx_disabled_repositories | d(omit, true) }}" + enablerepo: "{{ artifactory_nginx_enabled_repositories | d(omit, true) }}" diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/templates/artifactory.conf.j2 b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/templates/artifactory.conf.j2 index 36485582..ecd51002 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/templates/artifactory.conf.j2 +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/templates/artifactory.conf.j2 @@ -10,13 +10,13 @@ upstream artifactory-direct { server 127.0.0.1:8081; } -{% if nginx_enable_ssl %} +{% if artifactory_nginx_enable_ssl %} ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; -ssl_certificate {{ system_certs.path }}/{{ ssl_certificate_name }}; -ssl_certificate_key {{ system_private_key.path }}/{{ ssl_private_key_name }}; - {% if ca_chain_content is defined and ca_chain_content | length > 0 %} -ssl_trusted_certificate {{ system_trust_store.path }}/{{ ca_chain_name }}; +ssl_certificate {{ artifactory_nginx_os_dir_certs.path }}/{{ artifactory_nginx_ssl_certificate_name }}; +ssl_certificate_key {{ artifactory_nginx_os_dir_ssl.path }}/{{ artifactory_nginx_ssl_private_key_name }}; + {% if artifactory_nginx_ca_chain_content is defined and artifactory_nginx_ca_chain_content | length > 0 %} +ssl_trusted_certificate {{ artifactory_nginx_os_dir_truststore.path }}/{{ artifactory_nginx_ca_chain_name }}; ssl_stapling on; ssl_stapling_verify on; {% endif %} @@ -27,13 +27,13 @@ ssl_prefer_server_ciphers on; ## server configuration server { - {% if nginx_enable_ssl %} + {% if artifactory_nginx_enable_ssl %} listen 443 ssl http2; {% else %} listen 80; {% endif %} - server_name {{ server_name }}; + server_name {{ artifactory_nginx_server_name }}; if ($http_x_forwarded_proto = '') { set $http_x_forwarded_proto $scheme; @@ -46,7 +46,7 @@ server { rewrite ^/$ /ui/ redirect; rewrite ^/ui$ /ui/ redirect; - {% if nginx_enable_docker_registry_rewrite %} + {% if artifactory_nginx_enable_docker_registry_rewrite %} rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2; {% endif %} diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/templates/nginx.conf.j2 b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/templates/nginx.conf.j2 index 59079a20..ac799333 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/templates/nginx.conf.j2 +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/templates/nginx.conf.j2 @@ -1,5 +1,5 @@ #user nobody; -worker_processes {{ nginx_worker_processes }}; +worker_processes {{ artifactory_nginx_worker_processes }}; error_log /var/log/nginx/error.log info; #pid logs/nginx.pid; diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/vars/all.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/vars/all.yml index 88cb6e22..f8175bdb 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/vars/all.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/vars/all.yml @@ -1,6 +1,6 @@ --- ## [Repository] OS mapping variable for NGINX official repository -nginx_official_repo_mapping: +artifactory_nginx_official_repo_mapping: amazon: amzn redhat: rhel centos: centos @@ -11,7 +11,7 @@ nginx_official_repo_mapping: aix: aix ## [Repository] variables for NGINX official repository -nginx_official_repo_filename: 'nginx-stable' -nginx_official_repo_description: 'nginx stable repo' -nginx_official_repo_signing_key: 'https://nginx.org/keys/nginx_signing.key' -nginx_official_repo_url: "https://nginx.org/packages/{{ nginx_official_repo_mapping[ansible_facts['distribution'] | lower] }}" +artifactory_nginx_official_repo_filename: 'nginx-stable' +artifactory_nginx_official_repo_description: 'nginx stable repo' +artifactory_nginx_official_repo_signing_key: 'https://nginx.org/keys/nginx_signing.key' +artifactory_nginx_official_repo_url: "https://nginx.org/packages/{{ artifactory_nginx_official_repo_mapping[ansible_facts['distribution'] | lower] }}" diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/vars/debian.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/vars/debian.yml index 63703908..92f438df 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/vars/debian.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/vars/debian.yml @@ -1,34 +1,34 @@ --- -nginx_packages: +artifactory_nginx_os_packages: - nginx -nginx_system_daemon: nginx +artifactory_nginx_os_daemon: nginx ########################### ## CERTIFICATES ## ########################### -system_trust_store_update: 'update-ca-certificates' +artifactory_nginx_os_cmd_truststore_update: 'update-ca-certificates' -system_trust_store: +artifactory_nginx_os_dir_truststore: path: '/usr/local/share/ca-certificates' owner: root group: root mode: '0755' -system_certs: +artifactory_nginx_os_dir_certs: path: '/etc/ssl/certs' owner: root group: root mode: '0755' -system_private_key: +artifactory_nginx_os_dir_ssl: path: '/etc/ssl/private' owner: root group: root mode: '0700' -jfrog_ssl_directory: +artifactory_nginx_os_dir_jfrog_ssl: path: '/var/opt/jfrog/nginx/ssl' mode: '0755' @@ -36,21 +36,21 @@ jfrog_ssl_directory: ## TEMPLATES ## ########################### -template_nginx_config: +artifactory_nginx_tpl_nginx_config: src: 'nginx.conf.j2' dst: '/etc/nginx/nginx.conf' owner: root group: root mode: '0755' -template_https_redirect: +artifactory_nginx_tpl_https_redirect: src: 'redirect_http_to_https.conf.j2' dst: '/etc/nginx/conf.d/redirect_http_to_https.conf' owner: root group: root mode: '0755' -template_nginx_artifactory: +artifactory_nginx_tpl_artifactory_config: src: 'artifactory.conf.j2' dst: '/etc/nginx/conf.d/artifactory.conf' owner: root diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/vars/redhat.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/vars/redhat.yml index bca813f4..8ec9c2d4 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/vars/redhat.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx/vars/redhat.yml @@ -1,34 +1,34 @@ --- -nginx_packages: +artifactory_nginx_os_packages: - nginx -nginx_system_daemon: 'nginx' +artifactory_nginx_os_daemon: nginx ########################### ## CERTIFICATES ## ########################### -system_trust_store_update: 'update-ca-trust' +artifactory_nginx_os_cmd_truststore_update: 'update-ca-trust' -system_trust_store: +artifactory_nginx_os_dir_truststore: path: '/etc/pki/ca-trust/source/anchors' owner: root group: root mode: '0755' -system_certs: +artifactory_nginx_os_dir_certs: path: '/etc/pki/tls/certs' owner: root group: root mode: '0755' -system_private_key: +artifactory_nginx_os_dir_ssl: path: '/etc/pki/tls/private' owner: root group: root mode: '0700' -jfrog_ssl_directory: +artifactory_nginx_os_dir_jfrog_ssl: path: '/var/opt/jfrog/nginx/ssl' mode: '0755' @@ -36,21 +36,21 @@ jfrog_ssl_directory: ## TEMPLATES ## ########################### -template_nginx_config: +artifactory_nginx_tpl_nginx_config: src: 'nginx.conf.j2' dst: '/etc/nginx/nginx.conf' owner: root group: root mode: '0755' -template_https_redirect: +artifactory_nginx_tpl_https_redirect: src: 'redirect_http_to_https.conf.j2' dst: '/etc/nginx/conf.d/redirect_http_to_https.conf' owner: root group: root mode: '0755' -template_nginx_artifactory: +artifactory_nginx_tpl_artifactory_config: src: 'artifactory.conf.j2' dst: '/etc/nginx/conf.d/artifactory.conf' owner: root diff --git a/Ansible/ansible_collections/jfrog/platform/roles/postgres/README.md b/Ansible/ansible_collections/jfrog/platform/roles/postgres/README.md index 026e9490..02bf8535 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/postgres/README.md +++ b/Ansible/ansible_collections/jfrog/platform/roles/postgres/README.md @@ -3,19 +3,78 @@ The postgres role will install Postgresql software and configure a database and ### Role Variables -By default, the [_pg_hba.conf_](https://www.postgresql.org/docs/13/auth-pg-hba-conf.html) client authentication file is configured for open access for development purposes through the _postgres_allowed_hosts_ variable: +### Default variables -``` +#### General + +| Name | Default Value | Description | +|-----------------------------------|------------------------------|-----------------------------------------------------------------------------| +| `postgresql_version` | `13` | Version of PostgreSQL to install. | +| `postgresql_use_official_repos` | `false` | Set to true to use PostgreSQL's official repositories. | +| `postgresql_user` | `postgres` | Default PostgreSQL user. | +| `postgresql_group` | `postgres` | Default PostgreSQL group. | +| `postgresql_auth_method` | `scram-sha-256` | Password authentication method, either `md5` or `scram-sha-256`. | +| `postgresql_locale` | `en_US.UTF-8` | Locale setting for PostgreSQL databases. | +| `postgresql_add_logrotate` | `false` | Set to true to add logrotate configuration. (applies only if an asbsolute path is specified for log_directory) | + +#### Host Based Authentication (HBA) Configuration + +Defaults to PostgreSQL default -- allowing only localhost: + +| Type | Database | User | Address | Auth Method | +|-------|----------|---------|---------------|--------------------------------------------| +| local | all | postgres| - | peer | +| local | all | all | - | peer | +| host | all | all | '127.0.0.1/32'| `{{ postgresql_auth_method }}` | +| host | all | all | '::1/128' | `{{ postgresql_auth_method }}` | + +Note: For development purposes you may overide it with the following variable: + +**THIS SHOULD NOT BE USED FOR PRODUCTION.** +**Update this variable to only allow access from Artifactory, Distribution, Insight and Xray.** + +```yaml postgres_allowed_hosts: - { type: "host", database: "all", user: "all", address: "0.0.0.0/0", method: "trust"} ``` -**THIS SHOULD NOT BE USED FOR PRODUCTION.** +#### Custom PostgreSQL Configuration Options -**Update this variable to only allow access from Artifactory, Distribution, Insight and Xray.** +Customize PostreSQL by passing a list of dictionaries as option/value, example: -## Example Playbook +```yaml +postgresql_custom_config_options: + - option: 'logging_collector' + value: 'on' + - option: 'log_directory' + value: '/var/log/postgresql' ``` + +#### PostgreSQL Users and Databases Configuration + +| Database Attribute | Example Values | Description | +|---------------------------|--------------------------------------------------------------------------------------|--------------------------------------------------------| +| `name` | `{{ artifactory_db_name | d('artifactory') }}`, `{{ xray_db_name | d('xray') }}`, etc.| Name of the database configured dynamically. | +| `username` | `{{ artifactory_db_user_name | d('artifactory') }}`, etc. | Username for the database. | +| `userpass` | `{{ artifactory_db_user_pass | d('...') }}` | Password for the database user. | +| `userpass_encrypted` | `{{ artifactory_db_user_pass_encrypted | d('true') }}` | Indicates if the password is encrypted. | +| `userprivs` | `{{ artifactory_db_user_privs | d(['ALL']) }}` | Privileges for the user. | +| `owner` | `{{ artifactory_db_owner | d(...) }}` | Owner of the database. (default is artifactory_db_user_name)| +| `lc_collate`, `lc_ctype` | Locale settings derived from `postgresql_locale`. | Locale settings for collation and character type. | +| `encoding` | `{{ artifactory_db_encoding | d('UTF-8') }}` | Encoding for the database. | +| `template` | `{{ artifactory_db_template | d('template0') }}` | Template used to create the database. | +| `login_host` | `{{ artifactory_db_login_host | d('localhost') }}` | Host for logging into the database. | +| `login_port` | `{{ artifactory_db_login_port | d(null) }}` | Port for logging into the database. | +| `login_user` | `{{ artifactory_db_login_user | d(postgresql_user) }}` | User for logging into the database. | +| `login_password` | `{{ artifactory_db_login_password | d(null) }}` | Password for logging into the database. | +| `login_unix_socket` | `{{ artifactory_db_unix_socket | d(null) }}` | Unix socket for logging into the database. | +| `state` | `{{ artifactory_db_state | d(...) }}` | State of the database (present, absent). | +| `driver` | `{{ artifactory_db_driver | d('org.postgresql.Driver') }}` | Database driver. | +| `url` | Dynamically generated JDBC connection strings. | URL for database connections. | + +## Example Playbook + +```yaml --- - hosts: postgres_servers collections: @@ -23,4 +82,4 @@ postgres_allowed_hosts: - community.general roles: - postgres -``` \ No newline at end of file +``` diff --git a/Ansible/ansible_collections/jfrog/platform/roles/postgres/defaults/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/postgres/defaults/main.yml index b65ccef8..59b684de 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/postgres/defaults/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/postgres/defaults/main.yml @@ -30,15 +30,15 @@ postgresql_hba_entries: # - {type: host, database: all, user: all, address: '0.0.0.0/0', auth_method: trust } # Whether to output user data when managing users. -postgres_users_no_log: true +postgresql_users_no_log: true # Base configuration option that will be set by default. # Any of these can be overriden in `postgresql_custom_config_options` postgresql_default_config_options: - option: 'unix_socket_directories' - value: "{{ postgresql_unix_socket_directories | join(',') }}" + value: "{{ postgresql_os_unix_socket_dirs | join(',') }}" - option: 'external_pid_file' - value: "{{ postgresql_external_pid_file }}" + value: "{{ postgresql_os_external_pid_file }}" - option: 'max_connections' value: '1000' diff --git a/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/configure.yml b/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/configure.yml index fccaa9b8..4c0b5a7a 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/configure.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/configure.yml @@ -45,7 +45,7 @@ become: true ansible.builtin.copy: content: "{{ postgresql_logrotate_content }}" - dest: "{{ logrotate_dir | d('/etc/logrotate.d') }}/postgresql" + dest: "{{ postgresql_os_logrotate_dir | d('/etc/logrotate.d') }}/postgresql" owner: root group: root mode: '0644' diff --git a/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/install/debian.yml b/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/install/debian.yml index e204862c..03ba2a8f 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/install/debian.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/install/debian.yml @@ -1,6 +1,6 @@ --- - name: Configure PostgreSQL repositories - when: artifactory_postgresql_use_official_repos | bool + when: postgresql_use_official_repos | bool become: true block: @@ -26,18 +26,18 @@ - name: Install PostgreSQL Python libraries become: true ansible.builtin.apt: - name: "{{ postgresql_python_library }}" + name: "{{ postgresql_os_python_library }}" state: present update_cache: true cache_valid_time: 3600 when: - - postgresql_python_library is defined - - postgresql_python_library | length > 0 + - postgresql_os_python_library is defined + - postgresql_os_python_library | length > 0 - name: Install PostgreSQL Server packages become: true ansible.builtin.apt: - name: "{{ postgresql_packages }}" + name: "{{ postgresql_os_packages }}" state: present register: postgresql_install_result diff --git a/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/install/redhat.yml b/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/install/redhat.yml index abb0f8f7..08cfc27b 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/install/redhat.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/install/redhat.yml @@ -1,6 +1,6 @@ --- - name: Configure PostgreSQL repositories - when: artifactory_postgresql_use_official_repos | bool + when: postgresql_use_official_repos | bool become: true block: @@ -52,18 +52,18 @@ - name: Install PostgreSQL Python libraries become: true ansible.builtin.dnf: - name: "{{ postgresql_python_library }}" + name: "{{ postgresql_os_python_library }}" state: present disablerepo: "{{ postgresql_install_disablerepo | d(omit, true) }}" enablerepo: "{{ postgresql_install_enablerepo | d(omit, true) }}" when: - - postgresql_python_library is defined - - postgresql_python_library | length > 0 + - postgresql_os_python_library is defined + - postgresql_os_python_library | length > 0 - name: Install PostgreSQL packages become: true ansible.builtin.dnf: - name: "{{ postgresql_packages }}" + name: "{{ postgresql_os_packages }}" state: present exclude: python-unversioned-command disablerepo: "{{ postgresql_install_disablerepo | d(omit, true) }}" diff --git a/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/main.yml index b2e380f9..06732218 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/main.yml @@ -24,8 +24,8 @@ ansible.builtin.assert: that: >- postgresql_version | int in - os_family_postgresql_support_map[ - ansible_facts['distribution'] | lower + + postgresql_redhat_support_map[ + ansible_facts['distribution'] | lower ~ ansible_facts['distribution_major_version'] ] success_msg: >- @@ -37,7 +37,7 @@ {{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_major_version'] }} quiet: false - when: artifactory_postgresql_use_official_repos | bool + when: postgresql_use_official_repos | bool - name: Include distribution variables ansible.builtin.include_vars: "{{ item }}" diff --git a/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/setup.yml b/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/setup.yml index 41428852..71318dd4 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/setup.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/setup.yml @@ -13,7 +13,7 @@ login_password: "{{ item.value.login_password | d(omit) }}" login_unix_socket: "{{ item.value.login_unix_socket | d(omit) }}" loop: "{{ lookup('ansible.builtin.dict', postgresql_databases_users) }}" - no_log: "{{ postgres_users_no_log | d(true) }}" + no_log: "{{ postgresql_users_no_log | d(true) }}" environment: PGOPTIONS: "{{ (postgresql_auth_method == 'scram-sha-256') | ternary('-c password_encryption=scram-sha-256', '') }}" @@ -49,4 +49,4 @@ login_password: "{{ item.value.login_password | d(omit) }}" login_unix_socket: "{{ item.value.login_unix_socket | d(omit) }}" loop: "{{ lookup('ansible.builtin.dict', postgresql_databases_users) }}" - no_log: "{{ postgres_users_no_log | d(true) }}" + no_log: "{{ postgresql_users_no_log | d(true) }}" diff --git a/Ansible/ansible_collections/jfrog/platform/roles/postgres/vars/all.yml b/Ansible/ansible_collections/jfrog/platform/roles/postgres/vars/all.yml index f05fb167..03647374 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/postgres/vars/all.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/postgres/vars/all.yml @@ -1,5 +1,5 @@ --- -# Our mapping to find out if PostgreSQL is supported or not -distribution_postgresql_support_map: +# Our mapping to find out if PostgreSQL is supported or not on Red Hat based systems +postgresql_redhat_support_map: redhat8: [10, 12, 13, 15, 16] redhat9: [13, 15, 16] diff --git a/Ansible/ansible_collections/jfrog/platform/roles/postgres/vars/debian.yml b/Ansible/ansible_collections/jfrog/platform/roles/postgres/vars/debian.yml index e9c83574..ba6cc26b 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/postgres/vars/debian.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/postgres/vars/debian.yml @@ -5,14 +5,13 @@ postgresql_config_dir: "/etc/postgresql/{{ postgresql_version }}/main" postgresql_config_file: "/etc/postgresql/{{ postgresql_version }}/main/postgresql.conf" postgresql_daemon: "{{ 'postgresql@' ~ postgresql_version ~ '-main' if postgresql_use_official_repos else 'postgresql' }}" -postgresql_unix_socket_directories_mode: '0755' -postgresql_unix_socket_directories: +postgresql_os_unix_socket_dirs: - /var/run/postgresql -postgresql_external_pid_file: "{{ '/var/run/postgresql/' ~ postgres_version '-main.pid' }}" +postgresql_os_external_pid_file: "{{ '/var/run/postgresql/' ~ postgres_version '-main.pid' }}" # System logrotation drop-in directory -logrotate_dir: '/etc/logrotate.d' +postgresql_os_logrotate_dir: '/etc/logrotate.d' # PostgreSQL Repository variables postgresql_repo_key_id: '0x7FCC7D46ACCC4CF8' @@ -20,13 +19,13 @@ postgresql_repo_key_url: 'https://www.postgresql.org/media/keys/ACCC4CF8.asc' postgresql_repo_url: "deb https://apt.postgresql.org/pub/repos/apt/ {{ ansible_facts['distribution_release'] | lower }}-pgdg main" # PostgreSQL Server Packages -postgresql_packages: >- +postgresql_os_packages: >- {{ ['postgresql-' ~ postgresql_version ~ '-server', 'postgresql-contrib-' ~ postgresql_version] - if artifactory_postgresql_use_official_repos + if postgresql_use_official_repos else ['postgresql', 'postgresql-contrib', 'libpq-dev'] }} # PostgreSQL Python Library Package -postgresql_python_library: 'python3-psycopg2' +postgresql_os_python_library: 'python3-psycopg2' diff --git a/Ansible/ansible_collections/jfrog/platform/roles/postgres/vars/redhat.yml b/Ansible/ansible_collections/jfrog/platform/roles/postgres/vars/redhat.yml index 7955f046..590c782d 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/postgres/vars/redhat.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/postgres/vars/redhat.yml @@ -19,14 +19,13 @@ postgresql_daemon: >- "{{ 'postgresql-' ~ postgresql_version ~ '.service' if postgresql_use_official_repos else 'postgresql' }}" -postgresql_unix_socket_directories_mode: '0755' -postgresql_unix_socket_directories: +postgresql_os_unix_socket_dirs: - /var/run/postgresql -postgresql_external_pid_file: "{{ '/var/run/postgresql/' ~ postgres_version '-main.pid' }}" +postgresql_os_external_pid_file: "{{ '/var/run/postgresql/' ~ postgres_version '-main.pid' }}" # System logrotation drop-in directory -logrotate_dir: '/etc/logrotate.d' +postgresql_os_logrotate_dir: '/etc/logrotate.d' # PostgreSQL Repository variables postgresql_repo_key_id: '' @@ -53,10 +52,10 @@ postgresql_repo_url: >- }} # PostgreSQL Server Packages -postgresql_packages: >- +postgresql_os_packages: >- {{ ['postgresql' ~ postgresql_version ~ '-server', 'postgresql' ~ postgresql_version ~ '-contrib'] - if artifactory_postgresql_use_official_repos + if postgresql_use_official_repos else (['@postgresql:' ~ postgresql_version ~ '/server', 'postgresql-contrib'] if postgresql_version != '13' @@ -65,4 +64,4 @@ postgresql_packages: >- }} # PostgreSQL Python Library Package -postgresql_python_library: 'python3-psycopg2' +postgresql_os_python_library: 'python3-psycopg2'