diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/README.md b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/README.md
index b5075eff..2a51775f 100644
--- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/README.md
+++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/README.md
@@ -29,4 +29,4 @@ The Artifactory role supports software upgrades. To use a role to perform a soft
artifactory_upgrade_only: true
roles:
- artifactory
-```
\ No newline at end of file
+```
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/defaults/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/defaults/main.yml
index e35ce3e2..aa78ca9d 100644
--- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/defaults/main.yml
+++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/defaults/main.yml
@@ -30,16 +30,13 @@ artifactory_mc_enabled: true
# The location where Artifactory should install
jfrog_home_directory: /opt/jfrog
+artifactory_home: "{{ jfrog_home_directory }}/artifactory"
+
# Pick the Artifactory flavour to install, can be also cpp-ce/jcr/pro
artifactory_flavour: pro
-# Whether to start Artifactory
-artifactory_start_service: true
-
artifactory_extra_java_opts: -server -Xms512m -Xmx4g -Xss256k -XX:+UseG1GC
-artifactory_system_yaml_template: system.yaml.j2
artifactory_tar_file_name: jfrog-artifactory-pro-{{ artifactory_version }}-linux.tar.gz
-artifactory_home: "{{ jfrog_home_directory }}/artifactory"
artifactory_tar: "https://releases.jfrog.io/artifactory/artifactory-pro/org/artifactory/pro/jfrog-artifactory-pro/\
{{ artifactory_version }}/{{ artifactory_tar_file_name }}"
artifactory_untar_home: "{{ jfrog_home_directory }}/artifactory-{{ artifactory_flavour }}-{{ artifactory_version }}"
@@ -56,8 +53,6 @@ postgres_driver_download_url: "https://repo1.maven.org/maven2/org/postgresql/pos
artifactory_user: artifactory
artifactory_group: artifactory
-artifactory_daemon: artifactory
-
artifactory_uid: 1030
artifactory_gid: 1030
@@ -71,49 +66,5 @@ artifactory_allowNonPostgresql: false
# artifactory_admin_username: admin
# artifactory_admin_password: password
-artifactory_service_file: /lib/systemd/system/artifactory.service
-
-# Provide systemyaml content below with 2-space indentation
-artifactory_systemyaml: |-
- configVersion: 1
- shared:
- security:
- joinKey: "{{ join_key }}"
- extraJavaOpts: "{{ artifactory_extra_java_opts }}"
- node:
- id: {{ ansible_hostname }}
- ip: {{ ansible_host }}
- taskAffinity: {{ artifactory_taskaffinity }}
- haEnabled: {{ artifactory_ha_enabled }}
- database:
- allowNonPostgresql: {{ artifactory_allowNonPostgresql }}
- type: "{{ artifactory_db_type }}"
- driver: "{{ artifactory_db_driver }}"
- url: "{{ artifactory_db_url }}"
- username: "{{ artifactory_db_user }}"
- password: "{{ artifactory_db_password }}"
- mc:
- enabled: {{ artifactory_mc_enabled }}
- router:
- entrypoints:
- internalPort: 8046
-
-# Provide binarystore XML content below with 2-space indentation
-artifactory_binarystore: |-
- {%- if artifactory_ha_enabled -%}
-
-
-
-
- {%- else -%}
-
-
-
-
- {%- endif -%}
-
-# Note: artifactory_systemyaml_override is by default false, if you want to change default artifactory_systemyaml
-artifactory_systemyaml_override: false
-
-# Allow artifactory user to create crontab rules
-artifactory_allow_crontab: false
\ No newline at end of file
+# Allow artifactory user to create crontab rules (required by app ?)
+artifactory_allow_crontab: true
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/handlers/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/handlers/main.yml
index 0e2bb38d..af42a945 100644
--- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/handlers/main.yml
+++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/handlers/main.yml
@@ -1,16 +1,15 @@
---
# handlers file for distribution
+
- name: Restart artifactory
become: true
- ansible.builtin.systemd:
+ ansible.builtin.systemd_service:
name: "{{ artifactory_daemon }}"
state: restarted
daemon_reload: true
- when:
- - artifactory_start_service | bool
- name: Stop artifactory
become: true
- ansible.builtin.systemd:
+ ansible.builtin.systemd_service:
name: "{{ artifactory_daemon }}"
state: stopped
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/meta/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/meta/main.yml
index ab0df7d6..76abcf7d 100644
--- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/meta/main.yml
+++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/meta/main.yml
@@ -7,12 +7,12 @@ galaxy_info:
company: JFrog
issue_tracker_url: "https://github.com/jfrog/JFrog-Cloud-Installers/issues"
license: license (Apache-2.0)
- min_ansible_version: 2.9
+ min_ansible_version: '2.9'
platforms:
- name: EL
versions:
- - 7
- 8
+ - 9
- name: Ubuntu
versions:
- bionic
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/Debian.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/Debian.yml
deleted file mode 100644
index 80df034b..00000000
--- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/Debian.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-- name: Install prerequisite packages
- become: true
- ansible.builtin.apt:
- name: ["net-tools", "locales"]
- state: present
- update_cache: true
- cache_valid_time: 3600
-
-- name: Ensure UTF-8 locale exists
- become: true
- community.general.locale_gen:
- name: en_US.UTF-8
- state: present
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/RedHat.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/RedHat.yml
deleted file mode 100644
index 599b2d61..00000000
--- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/RedHat.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-- name: Install prerequisite packages
- become: true
- ansible.builtin.yum:
- name: ['net-tools', '{{ selinux_policy_package }}']
- state: present
-
-- name: Configure SELinux context
- ansible.builtin.include_tasks: shared/selinux_configure_context.yml
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/install.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/install.yml
index a7d60e43..d3faaaf2 100644
--- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/install.yml
+++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/install.yml
@@ -1,229 +1,62 @@
-- name: Include distro specific variables
- ansible.builtin.include_vars: "{{ distro_vars_file }}"
- vars:
- distro_vars_file: "{{ lookup('first_found', distro_vars, errors='ignore') }}"
- distro_vars:
- files:
- - "vars/distro/{{ ansible_distribution ~ ansible_distribution_major_version }}.yml"
- - "vars/distro/{{ ansible_distribution }}.yml"
- - "vars/distro/{{ ansible_os_family }}.yml"
- - "vars/distro/default.yml"
-
-- name: Install prerequisite packages
- ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml"
+---
+- name: Include tasks to configure prerequisites
+ ansible.builtin.include_tasks: 'shared/prerequisites.yml'
- name: Install NGINX
ansible.builtin.include_role:
name: artifactory_nginx
when: artifactory_nginx_installed | bool
-- name: Ensure group artifactory exist
- become: true
- ansible.builtin.group:
- name: "{{ artifactory_group }}"
- state: present
-
-- name: Ensure user artifactory exist
- become: true
- ansible.builtin.user:
- name: "{{ artifactory_user }}"
- group: "{{ artifactory_group }}"
- create_home: true
- home: "{{ artifactory_home }}"
- shell: /bin/bash
- state: present
-
-- name: Allow using crontab
- ansible.builtin.lineinfile:
- path: /etc/cron.allow
- line: "{{ artifactory_user }}"
- state: present
- when: artifactory_allow_crontab
-
-- name: Allow reading cron.allow
- ansible.builtin.file:
- path: /etc/cron.allow
- mode: 0644
- when: artifactory_allow_crontab
-
-- name: Check if artifactory tar already exists
- become: true
- ansible.builtin.stat:
- path: "{{ jfrog_home_directory }}/{{ artifactory_tar_file_name }}"
- register: artifactory_tar_check
+- name: Include tasks to download and extract artifactory archive
+ ansible.builtin.include_tasks: 'shared/get_archive.yml'
-- name: Download artifactory
+- name: Install Artifactory
become: true
- ansible.builtin.get_url:
- url: "{{ artifactory_tar }}"
- timeout: "{{ artifactory_download_timeout }}"
- dest: "{{ jfrog_home_directory }}"
- register: download_artifactory
- until: download_artifactory is succeeded
- retries: 3
- when: not artifactory_tar_check.stat.exists
+ block:
-- name: Extract artifactory tar
- become: true
- ansible.builtin.unarchive:
- src: "{{ jfrog_home_directory }}/{{ artifactory_tar_file_name }}"
- dest: "{{ jfrog_home_directory }}"
- owner: "{{ artifactory_user }}"
- group: "{{ artifactory_group }}"
- creates: "{{ artifactory_untar_home }}"
- remote_src: true
- when: (download_artifactory is succeeded) and (not ansible_check_mode)
+ - name: Check if app directory exists
+ ansible.builtin.stat:
+ path: "{{ artifactory_home }}/app"
+ register: app_dir_check
-- name: Check if app directory exists
- become: true
- ansible.builtin.stat:
- path: "{{ artifactory_home }}/app"
- register: app_dir_check
+ - name: Copy untar directory to artifactory home
+ ansible.builtin.copy:
+ src: "{{ artifactory_untar_home }}/"
+ dest: "{{ artifactory_home }}"
+ owner: "{{ artifactory_user }}"
+ group: "{{ artifactory_group }}"
+ mode: '0755'
+ remote_src: true
+ when: not app_dir_check.stat.exists
-- name: Copy untar directory to artifactory home
- become: true
- ansible.builtin.copy:
- src: "{{ artifactory_untar_home }}/"
- dest: "{{ artifactory_home }}"
- owner: "{{ artifactory_user }}"
- group: "{{ artifactory_group }}"
- mode: 0755
- remote_src: true
- when: not app_dir_check.stat.exists
+- name: Include tasks to apply artifactory templates
+ ansible.builtin.include_tasks: 'shared/templates.yml'
-- name: Create required directories
- become: true
- ansible.builtin.file:
- path: "{{ item }}"
- state: directory
- recurse: true
- owner: "{{ artifactory_user }}"
- group: "{{ artifactory_group }}"
- loop:
- - "{{ artifactory_home }}/var/data"
- - "{{ artifactory_home }}/var/etc"
- - "{{ artifactory_home }}/var/etc/security/"
- - "{{ artifactory_home }}/var/etc/artifactory/info/"
+- name: Include tasks to configure master key
+ ansible.builtin.include_tasks: 'shared/master_key.yml'
-- name: Check if system.yaml exists
- become: true
- ansible.builtin.stat:
- path: "{{ artifactory_home }}/var/etc/system.yaml"
- register: systemyaml
+- name: Include tasks to configure JDBC driver
+ ansible.builtin.include_tasks: 'shared/jdbc_driver.yml'
-- name: Configure system.yaml
- become: true
- ansible.builtin.template:
- src: "{{ artifactory_system_yaml_template }}"
- dest: "{{ artifactory_home }}/var/etc/system.yaml"
- mode: 0644
- when:
- - artifactory_systemyaml is defined
- - artifactory_systemyaml | length > 0
- - artifactory_systemyaml_override or (not systemyaml.stat.exists)
- notify: Restart artifactory
+- name: Include tasks to apply and restore SELinux contexts on RHEL based systems
+ ansible.builtin.include_tasks: 'shared/selinux.yml'
+ when: ansible_facts['os_family'] | lower == 'redhat'
-- name: Configure master key
- become: true
- ansible.builtin.copy:
- dest: "{{ artifactory_home }}/var/etc/security/master.key"
- content: "{{ master_key }}"
- owner: "{{ artifactory_user }}"
- group: "{{ artifactory_group }}"
- mode: 0640
+- name: Include tasks to install artifactory service
+ ansible.builtin.include_tasks: 'shared/install_service.yml'
-- name: Configure installer info
- become: true
- ansible.builtin.template:
- src: installer-info.json.j2
- dest: "{{ artifactory_home }}/var/etc/artifactory/info/installer-info.json"
- mode: 0644
- notify: Restart artifactory
+- name: Include tasks to fix files ownership
+ ansible.builtin.include_tasks: 'shared/permissions.yml'
-- name: Configure binary store
- become: true
- ansible.builtin.template:
- src: binarystore.xml.j2
- dest: "{{ artifactory_home }}/var/etc/artifactory/binarystore.xml"
- mode: 0644
- notify: Restart artifactory
-
-- name: Configure artifactory license(s)
- become: true
- ansible.builtin.template:
- src: artifactory.cluster.license.j2
- dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.cluster.license"
- mode: 0644
- when:
- - artifactory_licenses is defined
- - artifactory_licenses | length > 0
- notify: Restart artifactory
-
-- name: Set up Artifactory admin account
- become: true
- ansible.builtin.template:
- src: bootstrap.creds.j2
- dest: "{{ artifactory_home }}/var/etc/access/bootstrap.creds"
- owner: "{{ artifactory_user }}"
- group: "{{ artifactory_group }}"
- mode: 0600
- when:
- - artifactory_admin_username is defined
- - artifactory_admin_password is defined
- notify: Restart artifactory
-
-- name: Check if included database driver is the correct version
- become: true
- ansible.builtin.stat:
- path: "{{ artifactory_home }}/app/artifactory/tomcat/lib/postgresql-{{ postgres_driver_version }}.jar"
- register: included_database_driver
-
-- name: Check if database driver exists
- become: true
- ansible.builtin.stat:
- path: "{{ artifactory_home }}/app/artifactory/tomcat/lib/jf_postgresql-{{ postgres_driver_version }}.jar"
- when:
- - not included_database_driver.stat.exists
- register: database_driver
+- name: Restart artifactory service
+ ansible.builtin.meta: flush_handlers
-- name: Download database driver
+- name: Ensure artifactory service is started and enabled
become: true
- ansible.builtin.get_url:
- url: "{{ postgres_driver_download_url }}"
- dest: "{{ artifactory_home }}/var/bootstrap/artifactory/tomcat/lib"
- owner: "{{ artifactory_user }}"
- group: "{{ artifactory_group }}"
- mode: 0644
- when:
- - postgres_driver_download_url is defined
- - not database_driver.stat.exists
- - not included_database_driver.stat.exists
- - postgres_driver_download | bool
- notify: Restart artifactory
-
-- name: Restore SELinux content
- ansible.builtin.include_tasks: shared/selinux_restore_context.yml
-
-- name: Install Service
- ansible.builtin.include_tasks: shared/install_service.yml
-
-- name: Ensure permissions are correct
- ansible.builtin.include_tasks: shared/ensure_permissions_correct.yml
-
-- name: Restart artifactory
- ansible.builtin.meta: flush_handlers
- when:
- - artifactory_start_service | bool
+ ansible.builtin.systemd_service:
+ name: "{{ artifactory_daemon }}"
+ state: started
+ enabled: true
-- name: Make sure artifactory is up and running
- ansible.builtin.uri:
- url: http://127.0.0.1:8082/router/api/v1/system/health
- timeout: 130
- status_code: 200
- register: result
- until: result is succeeded
- retries: 25
- delay: 5
- when:
- - not ansible_check_mode
- - artifactory_start_service | bool
\ No newline at end of file
+- name: Include tasks to ensure artifactory is up and running
+ ansible.builtin.include_tasks: 'shared/upcheck.yml'
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/main.yml
index 30e4281a..f82c967f 100644
--- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/main.yml
+++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/main.yml
@@ -1,11 +1,41 @@
-- name: Perform installation
- ansible.builtin.include_tasks: "install.yml"
+---
+- name: Gather system facts
+ ansible.builtin.setup:
+
+- name: Assert that we support the distribution
+ ansible.builtin.assert:
+ that: ansible_facts['os_family'] | lower in ['redhat', 'debian']
+ fail_msg: 'Host is unsupported. Aborting.'
+ success_msg: 'Host is supported. Proceeding.'
+ quiet: true
+
+- name: Assert that Red Hat OS family is version 8+
+ ansible.builtin.assert:
+ that: ansible_facts['distribution_major_version'] | int is version('8', '>=')
+ fail_msg: 'Host is unsupported. Aborting.'
+ success_msg: 'Host is supported. Proceeding.'
+ quiet: true
+ when: ansible_facts['os_family'] | lower == 'redhat'
+
+- name: Include variables for all distributions
+ ansible.builtin.include_vars: "vars/all.yml"
+
+- name: Include variables for this distribution
+ ansible.builtin.include_vars: "{{ item }}"
+ with_first_found:
+ - "vars/{{ ansible_facts['distribution'] | lower ~ ansible_facts['distribution_major_version'] }}.yml"
+ - "vars/{{ ansible_facts['distribution'] | lower }}.yml"
+ - "vars/{{ ansible_facts['os_family'] | lower }}.yml"
+ - "vars/default.yml"
+
+- name: Include artifactory installation tasks
+ ansible.builtin.include_tasks: 'install.yml'
when:
- - artifactory_enabled
+ - artifactory_enabled
- not artifactory_upgrade_only
-- name: Perform upgrade
- ansible.builtin.include_tasks: "upgrade.yml"
+- name: Include artifactory upgrade tasks
+ ansible.builtin.include_tasks: 'upgrade.yml'
when:
- artifactory_enabled
- artifactory_upgrade_only
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/get_archive.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/get_archive.yml
new file mode 100644
index 00000000..f3c9f50f
--- /dev/null
+++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/get_archive.yml
@@ -0,0 +1,34 @@
+---
+- name: Check if artifactory archive already exists
+ become: true
+ ansible.builtin.stat:
+ path: "{{ jfrog_home_directory }}/{{ artifactory_tar_file_name }}"
+ register: artifactory_tar_check
+
+- name: Download artifactory archive
+ become: true
+ ansible.builtin.get_url:
+ url: "{{ artifactory_tar }}"
+ timeout: "{{ artifactory_download_timeout }}"
+ dest: "{{ jfrog_home_directory }}"
+ owner: "{{ artifactory_user }}"
+ group: "{{ artifactory_group }}"
+ mode: '0644'
+ register: download_artifactory
+ until: download_artifactory is succeeded
+ retries: 3
+ when: not artifactory_tar_check.stat.exists
+
+- name: Extract artifactory archive
+ become: true
+ ansible.builtin.unarchive:
+ src: "{{ jfrog_home_directory }}/{{ artifactory_tar_file_name }}"
+ dest: "{{ jfrog_home_directory }}"
+ remote_src: true
+ owner: "{{ artifactory_user }}"
+ group: "{{ artifactory_group }}"
+ creates: "{{ artifactory_untar_home }}"
+ register: unarchived_artifactory
+ when:
+ - not ansible_check_mode
+ - download_artifactory is succeeded
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/install_service.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/install_service.yml
new file mode 100644
index 00000000..75bdc020
--- /dev/null
+++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/install_service.yml
@@ -0,0 +1,6 @@
+---
+- name: Install artifactory service
+ become: true
+ ansible.builtin.command:
+ cmd: "{{ artifactory_home }}/app/bin/installService.sh"
+ notify: Restart artifactory
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/jdbc_driver.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/jdbc_driver.yml
new file mode 100644
index 00000000..1bef407a
--- /dev/null
+++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/jdbc_driver.yml
@@ -0,0 +1,25 @@
+---
+- name: Check if included database driver is the correct version
+ ansible.builtin.stat:
+ path: "{{ artifactory_home }}/app/artifactory/tomcat/lib/postgresql-{{ postgres_driver_version }}.jar"
+ register: included_database_driver
+
+- name: Check if jdbc driver exists
+ ansible.builtin.stat:
+ path: "{{ artifactory_home }}/app/artifactory/tomcat/lib/jf_postgresql-{{ postgres_driver_version }}.jar"
+ when: not included_database_driver.stat.exists
+ register: database_driver
+
+- name: Download jdbc driver
+ ansible.builtin.get_url:
+ url: "{{ postgres_driver_download_url }}"
+ dest: "{{ artifactory_home }}/var/bootstrap/artifactory/tomcat/lib"
+ owner: "{{ artifactory_user }}"
+ group: "{{ artifactory_group }}"
+ mode: '0644'
+ when:
+ - postgres_driver_download | bool
+ - postgres_driver_download_url | d('') | length > 0
+ - not database_driver.stat.exists
+ - not included_database_driver.stat.exists
+ notify: Restart artifactory
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/master_key.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/master_key.yml
new file mode 100644
index 00000000..9bcad12d
--- /dev/null
+++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/master_key.yml
@@ -0,0 +1,9 @@
+---
+- name: Configure master key
+ become: true
+ ansible.builtin.copy:
+ dest: "{{ artifactory_home }}/var/etc/security/master.key"
+ content: "{{ master_key }}"
+ owner: "{{ artifactory_user }}"
+ group: "{{ artifactory_group }}"
+ mode: '0640'
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/permissions.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/permissions.yml
new file mode 100644
index 00000000..6a4470c0
--- /dev/null
+++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/permissions.yml
@@ -0,0 +1,16 @@
+---
+- name: Ensure user ownership of files in jfrog_home_directory is correct
+ become: true
+ ansible.builtin.command: >-
+ find {{ jfrog_home_directory }} ! -user {{ artifactory_user }}
+ -print -exec chown {{ artifactory_user }} {} \;
+ register: user_ownerships
+ changed_when: user_ownerships.stdout_lines | length > 0
+
+- name: Ensure group ownership of files in jfrog_home_directory is correct
+ become: true
+ ansible.builtin.command: >-
+ find {{ jfrog_home_directory }} ! -group {{ artifactory_group }}
+ -print -exec chgrp {{ artifactory_group }} {} \;
+ register: group_ownerships
+ changed_when: group_ownerships.stdout_lines | length > 0
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/prerequisites.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/prerequisites.yml
new file mode 100644
index 00000000..fafc0ad5
--- /dev/null
+++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/prerequisites.yml
@@ -0,0 +1,76 @@
+---
+- name: Ensure Debian prerequisite packages are installed
+ become: true
+ ansible.builtin.apt:
+ name: ["net-tools", "locales"]
+ state: present
+ update_cache: true
+ cache_valid_time: 3600
+ when: ansible_facts['pkg_mgr'] | lower == 'apt'
+
+- name: Ensure Red Hat prerequisite packages are installed
+ become: true
+ ansible.builtin.dnf:
+ name: ['net-tools', '{{ selinux_policy_package }}']
+ state: present
+ when: ansible_facts['pkg_mgr'] | lower == 'dnf'
+
+- name: Ensure UTF-8 locale exists on debian based systems
+ become: true
+ community.general.locale_gen:
+ name: en_US.UTF-8
+ state: present
+ when: ansible_facts['os_family'] | lower == 'debian'
+
+- name: Ensure artifactory user is added to cron.allow
+ become: true
+ ansible.builtin.lineinfile:
+ path: /etc/cron.allow
+ line: "{{ artifactory_user }}"
+ state: present
+ when: artifactory_allow_crontab | bool
+
+- name: Ensure cron.allow has the right permissions
+ become: true
+ ansible.builtin.file:
+ path: /etc/cron.allow
+ owner: root
+ group: root
+ mode: '0644'
+ when: artifactory_allow_crontab | bool
+
+- name: Ensure group artifactory exists
+ ansible.builtin.group:
+ name: "{{ artifactory_group }}"
+ state: present
+
+- name: Ensure user artifactory exists
+ ansible.builtin.user:
+ name: "{{ artifactory_user }}"
+ group: "{{ artifactory_group }}"
+ create_home: true
+ home: "{{ artifactory_home }}"
+ shell: '/bin/bash'
+ state: present
+
+- name: Ensure jfrog_home_directory exists
+ ansible.builtin.file:
+ path: "{{ jfrog_home_directory }}"
+ owner: "{{ artifactory_user }}"
+ group: "{{ artifactory_group }}"
+ state: directory
+ mode: '0755'
+
+- name: Ensure required directories exists
+ become: true
+ ansible.builtin.file:
+ path: "{{ item }}"
+ state: directory
+ owner: "{{ artifactory_user }}"
+ group: "{{ artifactory_group }}"
+ recurse: true
+ loop:
+ - "{{ artifactory_home }}/var/data"
+ - "{{ artifactory_home }}/var/etc"
+ - "{{ artifactory_home }}/var/etc/security/"
+ - "{{ artifactory_home }}/var/etc/artifactory/info/"
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/selinux.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/selinux.yml
new file mode 100644
index 00000000..4b48e552
--- /dev/null
+++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/selinux.yml
@@ -0,0 +1,13 @@
+---
+- name: Configure SELinux context
+ become: true
+ community.general.sefcontext:
+ target: "{{ jfrog_home_directory }}/artifactory/app/bin(/.*)?"
+ setype: bin_t
+ reload: true
+ state: present
+
+- name: Restore SELinux content
+ become: true
+ ansible.builtin.command: restorecon -Rv "{{ jfrog_home_directory }}/artifactory/app/bin"
+ changed_when: false
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/templates.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/templates.yml
new file mode 100644
index 00000000..9f512156
--- /dev/null
+++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/templates.yml
@@ -0,0 +1,63 @@
+---
+- name: Check if system.yaml exists
+ become: true
+ ansible.builtin.stat:
+ path: "{{ artifactory_home }}/var/etc/system.yaml"
+ register: _stat_systemyaml
+
+- name: Configure system.yaml
+ become: true
+ ansible.builtin.copy:
+ content: "{{ artifactory_systemyaml }}"
+ dest: "{{ artifactory_home }}/var/etc/system.yaml"
+ owner: "{{ artifactory_user }}"
+ group: "{{ artifactory_group }}"
+ mode: '0644'
+ backup: true
+ notify: Restart artifactory
+
+- name: Apply installer info template
+ become: true
+ ansible.builtin.template:
+ src: installer-info.json.j2
+ dest: "{{ artifactory_home }}/var/etc/artifactory/info/installer-info.json"
+ owner: "{{ artifactory_user }}"
+ group: "{{ artifactory_group }}"
+ mode: '0644'
+ backup: true
+ notify: Restart artifactory
+
+- name: Apply binary store XML content
+ ansible.builtin.template:
+ src: path/to/your_template.xml.j2
+ dest: "{{ artifactory_home }}/var/etc/artifactory/binarystore.xml"
+ owner: "{{ artifactory_user }}"
+ group: "{{ artifactory_group }}"
+ mode: '0644'
+ backup: true
+ notify: Restart artifactory
+
+- name: Apply licenses template
+ become: true
+ ansible.builtin.template:
+ src: artifactory.cluster.license.j2
+ dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.cluster.license"
+ owner: "{{ artifactory_user }}"
+ group: "{{ artifactory_group }}"
+ mode: '0644'
+ backup: true
+ when: artifactory_licenses | d('') | length > 0
+ notify: Restart artifactory
+
+- name: Apply boostrap credential template
+ become: true
+ ansible.builtin.template:
+ src: bootstrap.creds.j2
+ dest: "{{ artifactory_home }}/var/etc/access/bootstrap.creds"
+ owner: "{{ artifactory_user }}"
+ group: "{{ artifactory_group }}"
+ mode: '0600'
+ when:
+ - artifactory_admin_username | d('') | length > 0
+ - artifactory_admin_password | d('') | length > 0
+ notify: Restart artifactory
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/upcheck.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/upcheck.yml
new file mode 100644
index 00000000..752b32b0
--- /dev/null
+++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/shared/upcheck.yml
@@ -0,0 +1,11 @@
+---
+- name: Make sure artifactory is up and running
+ ansible.builtin.uri:
+ url: http://127.0.0.1:8082/router/api/v1/system/health
+ timeout: 130
+ status_code: 200
+ register: result
+ until: result is succeeded
+ retries: 25
+ delay: 5
+ when: not ansible_check_mode
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/upgrade.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/upgrade.yml
index e16881e0..8a603866 100644
--- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/upgrade.yml
+++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/upgrade.yml
@@ -1,182 +1,75 @@
-- name: Configure SELinux context
- ansible.builtin.include_tasks: shared/selinux_configure_context.yml
-
-- name: Allow using crontab
- ansible.builtin.lineinfile:
- path: /etc/cron.allow
- line: "{{ artifactory_user }}"
- state: present
- when: artifactory_allow_crontab
-
-- name: Allow reading cron.allow
- ansible.builtin.file:
- path: /etc/cron.allow
- mode: 0644
- when: artifactory_allow_crontab
-
-- name: Check if artifactory tar already exists
- become: true
- ansible.builtin.stat:
- path: "{{ jfrog_home_directory }}/{{ artifactory_tar_file_name }}"
- register: artifactory_tar_check
+---
+- name: Include tasks to configure prerequisites
+ ansible.builtin.include_tasks: 'shared/prerequisites.yml'
-- name: Download artifactory for upgrade
- become: true
- ansible.builtin.get_url:
- url: "{{ artifactory_tar }}"
- timeout: "{{ artifactory_download_timeout }}"
- dest: "{{ jfrog_home_directory }}"
- register: download_artifactory
- until: download_artifactory is succeeded
- retries: 3
- when: not artifactory_tar_check.stat.exists
-
-- name: Extract artifactory tar
- become: true
- ansible.builtin.unarchive:
- src: "{{ jfrog_home_directory }}/{{ artifactory_tar_file_name }}"
- dest: "{{ jfrog_home_directory }}"
- remote_src: true
- owner: "{{ artifactory_user }}"
- group: "{{ artifactory_group }}"
- creates: "{{ artifactory_untar_home }}"
- register: unarchived_artifactory
- when:
- - not ansible_check_mode
- - download_artifactory is succeeded
- notify: Stop artifactory
-
-- name: Stop artifactory
- ansible.builtin.meta: flush_handlers
+- name: Include tasks to apply and restore SELinux contexts on RHEL based systems
+ ansible.builtin.include_tasks: 'shared/selinux.yml'
+ when: ansible_facts['os_family'] | lower == 'redhat'
-- name: Ensure jfrog_home_directory exists
- become: true
- ansible.builtin.file:
- mode: 0755
- path: "{{ jfrog_home_directory }}"
- state: directory
-
-- name: Check artifactory version
- ansible.builtin.fetch:
- src: "{{ artifactory_home }}/app/artifactory.product.version.properties"
- dest: "/tmp/artifactory.product.version.properties"
- flat: true
- changed_when: false
-
-- name: Set running_version
- ansible.builtin.set_fact:
- running_version: "{{ lookup('ansible.builtin.ini', 'artifactory.product.version', type='properties', file='/tmp/artifactory.product.version.properties') }}"
-
-- name: Delete artifactory app directory
- become: true
- ansible.builtin.file:
- path: "{{ artifactory_home }}/app"
- state: absent
- when: running_version != artifactory_version
+- name: Include tasks to download and extract artifactory archive
+ ansible.builtin.include_tasks: 'shared/get_archive.yml'
-- name: Copy new app to artifactory app
+- name: Upgrade Artifactory
become: true
- ansible.builtin.command: "cp -r {{ artifactory_untar_home }}/app/. {{ artifactory_home }}/app"
- when: running_version != artifactory_version
- notify: Restart artifactory
+ block:
-- name: Configure artifactory license(s)
- become: true
- ansible.builtin.template:
- src: artifactory.cluster.license.j2
- dest: "{{ artifactory_home }}/var/etc/artifactory/artifactory.cluster.license"
- mode: 0644
- when:
- - artifactory_licenses is defined
- - artifactory_licenses | length > 0
- notify: Restart artifactory
-
-- name: Check if included database driver is the correct version
- become: true
- ansible.builtin.stat:
- path: "{{ artifactory_home }}/app/artifactory/tomcat/lib/postgresql-{{ postgres_driver_version }}.jar"
- register: included_database_driver
+ - name: Ensure artifactory is stopped
+ become: true
+ ansible.builtin.systemd_service:
+ name: "{{ artifactory_daemon }}"
+ state: stopped
+ when: unarchived_artifactory is changed
-- name: Check if jdbc driver exists
- become: true
- ansible.builtin.stat:
- path: "{{ artifactory_home }}/app/artifactory/tomcat/lib/jf_postgresql-{{ postgres_driver_version }}.jar"
- register: database_driver
+ - name: Check artifactory version
+ ansible.builtin.fetch:
+ src: "{{ artifactory_home }}/app/artifactory.product.version.properties"
+ dest: "/tmp/artifactory.product.version.properties"
+ flat: true
+ changed_when: false
-- name: Download jdbc driver
- become: true
- ansible.builtin.get_url:
- url: "{{ postgres_driver_download_url }}"
- dest: "{{ artifactory_home }}/var/bootstrap/artifactory/tomcat/lib"
- owner: "{{ artifactory_user }}"
- group: "{{ artifactory_group }}"
- when:
- - postgres_driver_download_url is defined
- - not database_driver.stat.exists
- - not included_database_driver.stat.exists
- - postgres_driver_download | bool
- notify: Restart artifactory
-
-- name: Configure installer info
- become: true
- ansible.builtin.template:
- src: installer-info.json.j2
- dest: "{{ artifactory_home }}/var/etc/artifactory/info/installer-info.json"
- mode: 0644
- notify: Restart artifactory
+ - name: Set running_version
+ ansible.builtin.set_fact:
+ running_version: "{{ lookup('ansible.builtin.ini', 'artifactory.product.version', type='properties', file='/tmp/artifactory.product.version.properties') }}"
-- name: Configure binary store
- become: true
- ansible.builtin.template:
- src: binarystore.xml.j2
- dest: "{{ artifactory_home }}/var/etc/artifactory/binarystore.xml"
- mode: 0644
- when:
- - artifactory_binarystore is defined
- - artifactory_binarystore | length > 0
- notify: Restart artifactory
-
-- name: Check if system.yaml exists
- become: true
- ansible.builtin.stat:
- path: "{{ artifactory_home }}/var/etc/system.yaml"
- register: systemyaml
+ - name: Delete old artifactory app directory
+ ansible.builtin.file:
+ path: "{{ artifactory_home }}/app"
+ state: absent
+ when: running_version != artifactory_version
-- name: Configure system.yaml
- become: true
- ansible.builtin.template:
- src: "{{ artifactory_system_yaml_template }}"
- dest: "{{ artifactory_home }}/var/etc/system.yaml"
- mode: 0644
- when:
- - artifactory_systemyaml is defined
- - artifactory_systemyaml | length > 0
- - artifactory_systemyaml_override or (not systemyaml.stat.exists)
- notify: Restart artifactory
+ - name: Copy new artifactory app directory
+ ansible.builtin.command: "cp -r {{ artifactory_untar_home }}/app/. {{ artifactory_home }}/app"
+ notify: Restart artifactory
+ when: running_version != artifactory_version
+
+- name: Include tasks to apply artifactory templates
+ ansible.builtin.include_tasks: 'shared/templates.yml'
-- name: Install Service
- ansible.builtin.include_tasks: shared/install_service.yml
+- name: Include tasks to configure JDBC driver
+ ansible.builtin.include_tasks: 'shared/jdbc_driver.yml'
-- name: Restore SELinux content
- ansible.builtin.include_tasks: shared/selinux_restore_context.yml
+- name: Include tasks to install Artifactory service
+ ansible.builtin.include_tasks: 'shared/all.yml'
-- name: Ensure permissions are correct
- ansible.builtin.include_tasks: shared/ensure_permissions_correct.yml
+- name: Include tasks to install artifactory service
+ ansible.builtin.include_tasks: 'shared/install_service.yml'
+
+- name: Include tasks to apply and restore SELinux contexts on RHEL based systems
+ ansible.builtin.include_tasks: 'shared/selinux.yml'
+ when: ansible_facts['os_family'] | lower == 'redhat'
+
+- name: Include tasks to fix files ownership
+ ansible.builtin.include_tasks: 'shared/permissions.yml'
- name: Restart artifactory
ansible.builtin.meta: flush_handlers
- when:
- - artifactory_start_service | bool
-
-- name: Make sure artifactory is up and running
- ansible.builtin.uri:
- url: http://127.0.0.1:8082/router/api/v1/system/health
- timeout: 130
- status_code: 200
- register: result
- until: result is succeeded
- retries: 25
- delay: 5
- when:
- - not ansible_check_mode
- - artifactory_start_service | bool
\ No newline at end of file
+
+- name: Ensure artifactory service is started and enabled
+ become: true
+ ansible.builtin.systemd_service:
+ name: "{{ artifactory_daemon }}"
+ state: started
+ enabled: true
+
+- name: Include tasks to ensure artifactory is up and running
+ ansible.builtin.include_tasks: 'shared/upcheck.yml'
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/artifactory.cluster.license.j2 b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/artifactory.cluster.license.j2
index e07edcc4..401fa483 100644
--- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/artifactory.cluster.license.j2
+++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/artifactory.cluster.license.j2
@@ -1 +1 @@
-{{ artifactory_licenses }}
\ No newline at end of file
+{{ artifactory_licenses }}
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/binarystore.xml.j2 b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/binarystore.xml.j2
index a1f6621a..64d3790e 100644
--- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/binarystore.xml.j2
+++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/binarystore.xml.j2
@@ -1 +1,4 @@
-{{ artifactory_binarystore }}
\ No newline at end of file
+
+
+
+
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/bootstrap.creds.j2 b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/bootstrap.creds.j2
index e2dadac0..c0586dd2 100644
--- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/bootstrap.creds.j2
+++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/bootstrap.creds.j2
@@ -1 +1 @@
-{{ artifactory_admin_username }}@*={{ artifactory_admin_password }}
\ No newline at end of file
+{{ artifactory_admin_username }}@*={{ artifactory_admin_password }}
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/installer-info.json.j2 b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/installer-info.json.j2
index 639e7415..357620ef 100644
--- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/installer-info.json.j2
+++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/installer-info.json.j2
@@ -6,4 +6,4 @@
"featureId": "Channel/{{ ansible_marketplace }}"
}
]
-}
\ No newline at end of file
+}
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/system.yaml.j2 b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/system.yaml.j2
index 5bc476cb..321f1a72 100644
--- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/system.yaml.j2
+++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/system.yaml.j2
@@ -1 +1,22 @@
-{{ artifactory_systemyaml }}
\ No newline at end of file
+configVersion: 1
+shared:
+ security:
+ joinKey: "{{ join_key }}"
+ extraJavaOpts: "{{ artifactory_extra_java_opts }}"
+ node:
+ id: "{{ ansible_fqdn | default(ansible_hostname, true) }}"
+ ip: "{{ ansible_default_ipv4.address | default(ansible_host, true) }}"
+ taskAffinity: {{ artifactory_taskaffinity }}
+ haEnabled: {{ artifactory_ha_enabled }}
+ database:
+ allowNonPostgresql: {{ artifactory_allowNonPostgresql }}
+ type: "{{ artifactory_db_type }}"
+ driver: "{{ artifactory_db_driver }}"
+ url: "{{ artifactory_db_url }}"
+ username: "{{ artifactory_db_user }}"
+ password: "{{ artifactory_db_password }}"
+mc:
+ enabled: {{ artifactory_mc_enabled }}
+router:
+ entrypoints:
+ internalPort: 8046
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/all.yml
similarity index 73%
rename from Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/main.yml
rename to Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/all.yml
index 4ec7f082..ce15c5bc 100644
--- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/main.yml
+++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/all.yml
@@ -3,3 +3,6 @@ platform_collection_version: 10.18.2
# indicates where this collection was downloaded from (galaxy, automation_hub, standalone)
ansible_marketplace: galaxy
+
+# Artifactory system service name
+artifactory_daemon: artifactory
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/distro/Amazon.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/amazon.yml
similarity index 100%
rename from Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/distro/Amazon.yml
rename to Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/amazon.yml
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/distro/CentOS7.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/centos7.yml
similarity index 100%
rename from Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/distro/CentOS7.yml
rename to Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/centos7.yml
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/distro/default.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/default.yml
similarity index 100%
rename from Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/distro/default.yml
rename to Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/default.yml
diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/distro/RedHat7.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/redhat7.yml
similarity index 100%
rename from Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/distro/RedHat7.yml
rename to Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/redhat7.yml