-
Notifications
You must be signed in to change notification settings - Fork 141
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Example of API use for configuration.
- Loading branch information
1 parent
0419e12
commit eee0193
Showing
8 changed files
with
431 additions
and
0 deletions.
There are no files selected for viewing
31 changes: 31 additions & 0 deletions
31
Ansible/examples/roles/artifactory_config/defaults/main.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
--- | ||
# Run checks | ||
verify_state: true | ||
# Proxy | ||
artifactory_proxy_host: '' | ||
artifactory_proxy_port: '' | ||
# admin account for API use | ||
artifactory_admin_username: admin | ||
artifactory_admin_password: password | ||
|
||
repo_users: | ||
- username: rpm | ||
password: 'Changeit1+' | ||
- username: maven | ||
password: 'Changeit2-' | ||
artifactory_delete_anonymous: false | ||
|
||
# For 'remote_repos.yml.j2' template | ||
repo_upstream: | ||
- key: nginx | ||
url: https://nginx.org/packages/rhel/ | ||
type: rpm | ||
- key: postgresql | ||
url: https://download.postgresql.org/pub/repos/yum/ | ||
type: rpm | ||
- key: docker-ce-stable | ||
url: https://download.docker.com/linux/centos/8/x86_64/stable/ | ||
type: rpm | ||
- key: kubernetes | ||
url: https://packages.cloud.google.com/yum/ | ||
type: rpm |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
--- | ||
|
||
- name: Restart Artifactory | ||
ansible.builtin.systemd: | ||
name: artifactory | ||
state: restarted | ||
daemon_reload: true | ||
|
154 changes: 154 additions & 0 deletions
154
Ansible/examples/roles/artifactory_config/tasks/main.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,154 @@ | ||
--- | ||
|
||
- name: Artifactory Bootstrap YAML File | ||
tags: | ||
- config | ||
ansible.builtin.template: | ||
src: artifactory.config.import.yml.j2 | ||
dest: /opt/jfrog/artifactory/var/etc/artifactory/artifactory.config.import.yml | ||
mode: '0644' | ||
notify: Restart Artifactory | ||
|
||
- name: Allow token creation | ||
tags: | ||
- access | ||
ansible.builtin.blockinfile: | ||
path: /opt/jfrog/artifactory/var/etc/access/access.config.latest.yml | ||
block: | | ||
token: | ||
default-expiry: 31536000 | ||
allow-basic-auth: true | ||
insertbefore: 'federation:' | ||
owner: artifactory | ||
group: artifactory | ||
mode: '640' | ||
register: access_config | ||
|
||
- name: Enable access config change | ||
tags: | ||
- access | ||
when: access_config.changed | bool # noqa no-handler | ||
ansible.builtin.command: | | ||
mv /opt/jfrog/artifactory/var/etc/access/access.config.latest.yml \ | ||
/opt/jfrog/artifactory/var/etc/access/access.config.import.yml | ||
changed_when: true | ||
notify: Restart Artifactory | ||
|
||
- name: Restart artifactory | ||
tags: | ||
- config | ||
- access | ||
ansible.builtin.meta: flush_handlers | ||
|
||
- name: Make sure artifactory is up and running | ||
tags: | ||
- config | ||
- access | ||
- users | ||
- token | ||
- repos | ||
ansible.builtin.uri: | ||
url: http://127.0.0.1:8082/router/api/v1/system/health | ||
timeout: 130 | ||
status_code: 200 | ||
register: result | ||
until: result is succeeded | ||
retries: 25 | ||
delay: 5 | ||
when: | ||
- not ansible_check_mode | ||
|
||
- name: Configure remote repositories | ||
tags: | ||
- repos | ||
ansible.builtin.uri: | ||
body: "{{ lookup('ansible.builtin.template', 'remote_repos.yml.j2') }}" | ||
force_basic_auth: true | ||
headers: | ||
Content-Type: application/yaml | ||
method: PATCH | ||
url: http://127.0.0.1:8081/artifactory/api/system/configuration | ||
url_username: "{{ artifactory_admin_username }}" | ||
url_password: "{{ artifactory_admin_password }}" | ||
|
||
- name: Create access token | ||
tags: | ||
- token | ||
- users | ||
- permissions | ||
ansible.builtin.uri: | ||
body: "scope=applied-permissions/admin&expires_in=3600" | ||
body_format: form-urlencoded | ||
force_basic_auth: true | ||
method: POST | ||
status_code: | ||
- 200 | ||
url: http://localhost:8082/access/api/v1/tokens | ||
url_username: "{{ artifactory_admin_username }}" | ||
url_password: "{{ artifactory_admin_password }}" | ||
register: token_request | ||
no_log: true | ||
|
||
- name: Set access_token | ||
tags: | ||
- token | ||
- users | ||
- permissions | ||
ansible.builtin.set_fact: | ||
access_token: "{{ token_request.json.access_token }}" | ||
no_log: true | ||
|
||
- name: Create users | ||
tags: | ||
- users | ||
ansible.builtin.uri: | ||
body: "{{ lookup('template', 'repo_user.json.j2') }}" | ||
body_format: json | ||
headers: | ||
Authorization: Bearer {{ access_token }} | ||
Content-Type: application/json | ||
method: POST | ||
status_code: | ||
- 201 | ||
- 409 | ||
url: http://localhost:8082/access/api/v2/users | ||
with_items: | ||
- "{{ repo_users }}" | ||
no_log: false | ||
|
||
- name: Delete anonymous permission | ||
when: artifactory_delete_anonymous | bool | ||
tags: | ||
- permissions | ||
ansible.builtin.uri: | ||
headers: | ||
Authorization: Bearer {{ access_token }} | ||
Content-Type: application/json | ||
method: DELETE | ||
status_code: | ||
- 200 | ||
- 404 | ||
url: "http://127.0.0.1:8082/artifactory/api/v2/security/permissions/{{ item }}" | ||
loop: | ||
- Anything | ||
- Any+Remote | ||
|
||
- name: Configure permission | ||
tags: | ||
- permissions | ||
ansible.builtin.uri: | ||
body: "{{ lookup('ansible.builtin.template', 'permissions.json.j2') }}" | ||
body_format: json | ||
headers: | ||
Authorization: Bearer {{ access_token }} | ||
Content-Type: application/json | ||
method: PUT | ||
url: "http://127.0.0.1:8082/artifactory/api/v2/security/permissions/{{ item.name }}" | ||
loop: | ||
- name: RPMS | ||
dict: "{{ repo_upstream }}" | ||
|
||
- name: Verify state | ||
when: verify_state | bool | ||
ansible.builtin.include_tasks: | ||
file: verify.yml |
115 changes: 115 additions & 0 deletions
115
Ansible/examples/roles/artifactory_config/tasks/verify.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,115 @@ | ||
--- | ||
|
||
- name: Gather package facts | ||
ansible.builtin.package_facts: | ||
|
||
- name: Assert packages are installed | ||
ansible.builtin.assert: | ||
quiet: true | ||
that: | ||
- "'nginx' in ansible_facts.packages" | ||
- "'python3-psycopg2' in ansible_facts.packages" | ||
|
||
- name: Gather service facts | ||
ansible.builtin.service_facts: | ||
|
||
- name: Assert that services are running | ||
ansible.builtin.assert: | ||
quiet: true | ||
that: | ||
- ansible_facts.services['crond.service'].status == 'enabled' | ||
- ansible_facts.services['crond.service'].state == 'running' | ||
- ansible_facts.services['nginx.service'].status == 'enabled' | ||
- ansible_facts.services['nginx.service'].state == 'running' | ||
- ansible_facts.services['postgresql-13.service'].status == 'enabled' | ||
- ansible_facts.services['postgresql-13.service'].state == 'running' | ||
|
||
- name: Check TLSv1.2 termination | ||
ansible.builtin.uri: | ||
ciphers: TLSv1.2 | ||
url: "https://{{ server_name }}/" | ||
method: HEAD | ||
return_content: false | ||
register: web | ||
|
||
- name: Verify other ports are listening | ||
ansible.builtin.wait_for: | ||
port: "{{ item }}" | ||
state: started | ||
timeout: 10 | ||
loop: | ||
- 5432 | ||
- 8082 | ||
|
||
- name: Make sure artifactory is up and running | ||
ansible.builtin.uri: | ||
url: http://127.0.0.1:8082/router/api/v1/system/health | ||
timeout: 130 | ||
status_code: 200 | ||
register: result | ||
until: result is succeeded | ||
retries: 25 | ||
delay: 5 | ||
when: | ||
- not ansible_check_mode | ||
|
||
- name: Create access token | ||
ansible.builtin.uri: | ||
body: "scope=applied-permissions/admin&expires_in=18000" | ||
body_format: form-urlencoded | ||
force_basic_auth: true | ||
method: POST | ||
status_code: | ||
- 200 | ||
url: http://localhost:8082/access/api/v1/tokens | ||
url_username: "{{ artifactory_admin_username }}" | ||
url_password: "{{ artifactory_admin_password }}" | ||
register: token_request | ||
no_log: true | ||
|
||
- name: Set access_token | ||
ansible.builtin.set_fact: | ||
access_token: "{{ token_request.json.access_token }}" | ||
no_log: true | ||
|
||
- name: Get users | ||
ansible.builtin.uri: | ||
headers: | ||
Authorization: Bearer {{ access_token }} | ||
method: GET | ||
status_code: | ||
- 200 | ||
url: http://localhost:8082/access/api/v2/users | ||
register: users | ||
no_log: true | ||
|
||
- name: Display users | ||
ansible.builtin.debug: | ||
msg: "{{ users.json.users }}" | ||
|
||
- name: List permissions | ||
tags: | ||
- permissions | ||
ansible.builtin.uri: | ||
headers: | ||
Authorization: Bearer {{ access_token }} | ||
method: GET | ||
url: "http://127.0.0.1:8082/artifactory/api/v2/security/permissions" | ||
register: permission_list | ||
no_log: false | ||
|
||
- name: Get permissions | ||
ansible.builtin.uri: | ||
headers: | ||
Authorization: Bearer {{ access_token }} | ||
method: GET | ||
url: "{{ item.uri }}" | ||
with_items: "{{ permission_list.json }}" | ||
register: permissions | ||
|
||
- name: Display permissions | ||
ansible.builtin.debug: | ||
msg: "{{ item.json }}" | ||
loop: "{{ permissions.results }}" | ||
loop_control: | ||
label: "{{ item.json.name }}" |
79 changes: 79 additions & 0 deletions
79
Ansible/examples/roles/artifactory_config/templates/artifactory.config.import.yml.j2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
--- | ||
version: 1 | ||
## This file is complementary to the JFrog Artifactory startup wizard, and may be used to specify the initial basic | ||
## settings for a new Artifactory installation, namely: | ||
## * License Key(s) | ||
## * Base URL | ||
## * Proxy | ||
## * Default repositories | ||
## | ||
## | ||
## HOW TO USE THIS FILE: | ||
## | ||
## To import these settings when bootstrapping Artifactory, save this file as artifactory.config.import.yml under Artifactory’s /etc folder | ||
## Artifactory will load this file if all of the following conditions are met: | ||
## - no repositories have been created | ||
## - a proxy has not been set up, or you did set up a proxy externally, but did not configure proxy setup through this file | ||
## - the base URL has not been set up, or you did set up the base URL externally, but did not configure the base URL setup through this file | ||
## - Artifactory has not been activated with a license, or Artifactory has been activated with a license, and you did not specify a license in this file | ||
## | ||
## To have any of these parameters automatically configured when you bootstrap an Artifactory instance using this file, | ||
## simply uncomment the relevant sections below, and where required, provide values. | ||
|
||
################################################################################## | ||
# General Configurations # | ||
################################################################################## | ||
GeneralConfiguration: | ||
## License key to import in onboarding | ||
licenseKey : "{{ artifactory_license | default('') }}" | ||
|
||
## Setup the Artifactory base URL | ||
## For more information about the Artifactory base URL, please refer to | ||
## https://www.jfrog.com/confluence/display/RTF/Configuring+Artifactory#ConfiguringArtifactory-GeneralSettings | ||
## Uncomment the line below to set the Artifactory base URL | ||
baseUrl : "https://{{ server_name | default(ansible_fqdn) }}" | ||
|
||
## Configure proxies for artifactory | ||
## For more information on configuring a proxy in Artifactory, please refer to | ||
## https://www.jfrog.com/confluence/display/RTF/Managing+Proxies | ||
## Uncomment the lines below to setup a proxy | ||
{% if https_proxy is defined %} | ||
|
||
proxies : | ||
- key : "proxy" | ||
host : "{{ artifactory_proxy_host }}" | ||
port : "{{ artifactory_proxy_port }}" | ||
{% if artifactory_proxy_user is defined %} | ||
userName : "{{ artifactory_proxy_user }}" | ||
password : "{{ artifactory_proxy_password }}" | ||
{% endif %} | ||
platformDefault : true | ||
# services: "jfxr, jfrt" ## (Optional field. Comma separated string of services, options are: jfrt, jfmc, jfxr, jfds) | ||
# - key : "proxy2" | ||
# ... | ||
{% endif %} | ||
|
||
################################################################################## | ||
# Onboarding Configurations # | ||
################################################################################## | ||
OnboardingConfiguration: | ||
## Uncomment the package types for which you want to create default repositories | ||
repoTypes : | ||
# - bower | ||
# - cocoapods | ||
# - composer | ||
# - conan | ||
# - debian | ||
- docker | ||
# - gems | ||
# - gitlfs | ||
# - gradle | ||
# - ivy | ||
- maven | ||
# - npm | ||
# - nuget | ||
# - opkg | ||
- pypi | ||
# - rpm | ||
# - sbt | ||
# - vagrant |
Oops, something went wrong.