diff --git a/Ansible/ansible_collections/jfrog/platform/CHANGELOG.md b/Ansible/ansible_collections/jfrog/platform/CHANGELOG.md index d7ab285f..6b066e80 100644 --- a/Ansible/ansible_collections/jfrog/platform/CHANGELOG.md +++ b/Ansible/ansible_collections/jfrog/platform/CHANGELOG.md @@ -1,6 +1,14 @@ # JFrog Platform Ansible Collection Changelog All changes to this collection will be documented in this file. +## [10.20.1] - Nov 26, 2024 +* Postgres - Fixed auth method in pg_hba.conf file [GH-428](https://github.com/jfrog/JFrog-Cloud-Installers/pull/428) +* Artifactory - Fixed issue around /etc/cron.allow does not exist [GH-420](https://github.com/jfrog/JFrog-Cloud-Installers/issues/420) +* Xray - Added `centos_gpg_key` variable to override defaults [GH-420](https://github.com/jfrog/JFrog-Cloud-Installers/issues/413) +* Added support for RHEL 9 +* Artifactory - Added AccessConfig Patch support to use mTLS [GH-392](https://github.com/jfrog/JFrog-Cloud-Installers/pull/392) +* Product Updates/fixes + ## [10.20.0] - Oct 29, 2024 * Product Updates/fixes diff --git a/Ansible/ansible_collections/jfrog/platform/galaxy.yml b/Ansible/ansible_collections/jfrog/platform/galaxy.yml index 7db8b808..1175c940 100644 --- a/Ansible/ansible_collections/jfrog/platform/galaxy.yml +++ b/Ansible/ansible_collections/jfrog/platform/galaxy.yml @@ -9,7 +9,7 @@ namespace: "jfrog" name: "platform" # The version of the collection. Must be compatible with semantic versioning -version: "10.20.0" +version: "10.20.1" # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: "README.md" diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/defaults/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/defaults/main.yml index f8675483..c94079e5 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/defaults/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/defaults/main.yml @@ -1,7 +1,7 @@ # Defaults file for artifactory # The version of artifactory to install -artifactory_version: 7.98.7 +artifactory_version: 7.98.9 # Set this to true when SSL is enabled (to use artifactory_nginx_ssl role), default to false (implies artifactory uses artifactory_nginx role ) artifactory_nginx_ssl_enabled: false @@ -116,4 +116,12 @@ artifactory_binarystore: |- artifactory_systemyaml_override: false # Allow artifactory user to create crontab rules -artifactory_allow_crontab: false \ No newline at end of file +artifactory_allow_crontab: false + +# Provide access config patch content +artifactory_access_config_patch: |- +# security: +# authentication: +# mtls: +# enabled: true +# extraction-regex: (.*) \ No newline at end of file diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/shared/access_configuration.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/shared/access_configuration.yml new file mode 100644 index 00000000..ec31a499 --- /dev/null +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/shared/access_configuration.yml @@ -0,0 +1,12 @@ +- name: Create the access.config.patch.yml file + become: true + template: + src: access-config-patch.yml.j2 + dest: "{{ artifactory_home }}/var/etc/access/access.config.patch.yml" + owner: "{{ artifactory_user }}" + group: "{{ artifactory_group }}" + mode: 0644 + notify: Restart artifactory + when: + - artifactory_access_config_patch is defined + - artifactory_access_config_patch | length > 0 \ No newline at end of file diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/install.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/install.yml index c3d54258..2ddd1185 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/install.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/install.yml @@ -47,6 +47,7 @@ path: /etc/cron.allow line: "{{ artifactory_user }}" state: present + create: true when: artifactory_allow_crontab - name: Allow reading cron.allow @@ -132,6 +133,9 @@ - artifactory_systemyaml_override or (not systemyaml.stat.exists) notify: Restart artifactory +- name: Configure access config + ansible.builtin.include_tasks: shared/access_configuration.yml + - name: Configure master key become: true ansible.builtin.copy: diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/upgrade.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/upgrade.yml index e16881e0..90d13e45 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/upgrade.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/tasks/upgrade.yml @@ -6,6 +6,7 @@ path: /etc/cron.allow line: "{{ artifactory_user }}" state: present + create: true when: artifactory_allow_crontab - name: Allow reading cron.allow @@ -154,6 +155,9 @@ - artifactory_systemyaml_override or (not systemyaml.stat.exists) notify: Restart artifactory +- name: Configure access config + ansible.builtin.include_tasks: shared/access_configuration.yml + - name: Install Service ansible.builtin.include_tasks: shared/install_service.yml @@ -179,4 +183,4 @@ delay: 5 when: - not ansible_check_mode - - artifactory_start_service | bool \ No newline at end of file + - artifactory_start_service | bool diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/access-config-patch.yml.j2 b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/access-config-patch.yml.j2 new file mode 100644 index 00000000..409e6aa2 --- /dev/null +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/templates/access-config-patch.yml.j2 @@ -0,0 +1 @@ +{{ artifactory_access_config_patch }} \ No newline at end of file diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/main.yml index c0901d4c..ed9a5da5 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory/vars/main.yml @@ -1,5 +1,5 @@ # platform collection version -platform_collection_version: 10.20.0 +platform_collection_version: 10.20.1 # indicates where this collection was downloaded from (galaxy, automation_hub, standalone) ansible_marketplace: galaxy diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/README.md b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/README.md index d8bd5a3b..99caecc4 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/README.md +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/README.md @@ -10,4 +10,96 @@ The artifactory_nginx_ssl role installs and configures nginx for SSL. * _ssl_certificate_key_path_: This is the full directory path for the SSL private key, excluding _ssl_certificate_key_. * _nginx_worker_processes_: The worker_processes configuration for nginx. Defaults to 1. * _artifactory_docker_registry_subdomain_: Whether to add a redirect directive to the nginx config for the use of docker - subdomains. \ No newline at end of file + subdomains. +* _mtls_ca_certificate_install_: `false` - Enable mTLS by updating to `true` +* _mtls_mtls_ca_certificate_crt_name_: This is the full name of the CA certificate +* _mtls_ca_certificate_path_: This is the full directory path for the CA certificate +* _mtls_mtls_ca_certificate_key_name_: This is the full name of the CA key +* _mtls_ca_certificate_crt_: This is the place to add the certificate +* _mtls_ca_certificate_key_: This is the place to add the key + + +# Configuring mTLS in Artifactory with NGINX +**To enable mTLS (Mutual TLS) authentication in Artifactory through NGINX, follow these steps:** + +1. NGINX Changes +2. Artifactory Changes + +## Step: 1 - NGINX Changes + +Open `main.yml` in `artifactory_nginx_ssl` from the following location: + +`platform/products/ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/defaults/main.yml` + +### Set Up CA Certificate + +Modify the `mtls_ca_certificate_install` parameter from `false` to `true`. + +**Create CA Certificates**: CA certificates in mTLS verifies the authenticity and trustworthiness of client and server certificates, ensuring secure and mutual authentication. + +**Run the following command to create CA certificates:** + +``` +openssl req -new -x509 -nodes -days 365 -subj '/CN=my-ca' -keyout ca.key -out ca.crt +``` + +Add the `ca.crt` and `ca.key` files to the relevant YAML file in the same directory. +Update the above generated certificates with below parameters: + +mtls_ca_certificate_crt: | + +mtls_ca_certificate_key: | + + +## Step: 2 - Arifactory Changes + +### Enable mTLS Configuration +Under `artifactory_access_config_patch`, add the configuration in the following location to enable mTLS: +`platform/products/ansible/ansible_collections/jfrog/platform/roles/artifactory/defaults/main.yml` + +``` +security: + authentication: + mtls: + enabled: true + extraction-regex: (.*) +``` + +In the same `main.yaml`, update the following flags to: + +- `artifactory_nginx_ssl_enabled: true` +- `artifactory_nginx_enabled: false` + +For more information, refer to the [Artifactory Documentation](https://jfrog.com/help/r/jfrog-artifactory-documentation/set-up-mtls-verification-and-certificate-termination-on-the-reverse-proxy). + +## Client Validation + +**Follow the below steps to validate client:** + +1. **Generate Server Certificate and Key for client validation** + +Create the Server Key and Certificate: +Use the CA certificates created in [Step 1](#step-1---nginx-changes) to generate the server key and certificate. + +``` +openssl genrsa -out server.key 2048 +``` + +``` +openssl req -new -key server.key -subj '/CN=localhost' -out server.csr +``` + +``` +openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -days 365 -out server.crt +``` + +2. **Verify mTLS Configuration for client testing** +To test the mTLS setup, use a tool like curl: + +``` +curl -u : "http:///artifactory/api/system/ping" --cert server.crt --key server.key -k +``` + +This command should establish a connection using the configured mTLS, ensuring proper communication with Artifactory. + + diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/defaults/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/defaults/main.yml index 181c6714..8e0847c0 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/defaults/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/defaults/main.yml @@ -8,6 +8,7 @@ nginx_daemon: nginx redirect_http_to_https_enabled: true nginx_worker_processes: 1 + artifactory_docker_registry_subdomain: false artifactory_conf_template: artifactory.conf.j2 @@ -18,3 +19,11 @@ ssl_certificate_path: /etc/pki/tls/certs ssl_certificate_key_path: /etc/pki/tls/private ssl_certificate: cert.pem ssl_certificate_key: cert.key + +## If we want to use mTLS, set the mtls_ca_certificate_install variable to true and provide the ca certificate and key +mtls_ca_certificate_install: false +mtls_mtls_ca_certificate_crt_name: ca.crt +mtls_ca_certificate_path: /etc/pki/tls/certs +mtls_mtls_ca_certificate_key_name: ca.key +mtls_ca_certificate_crt: | +mtls_ca_certificate_key: | \ No newline at end of file diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/tasks/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/tasks/main.yml index a6e91103..63940171 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/tasks/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/tasks/main.yml @@ -92,5 +92,39 @@ no_log: true when: ssl_certificate_install +- name: Ensure mtls_ca_certificate_key_path exists + become: true + ansible.builtin.file: + path: "{{ mtls_ca_certificate_path }}" + state: directory + mode: 0755 + when: + - mtls_ca_certificate_install + - artifactory_version is version('7.77.0', '>=') + +- name: Configure ca certificate + become: true + ansible.builtin.template: + src: certificate.crt.j2 + dest: "{{ mtls_ca_certificate_path }}/{{ mtls_mtls_ca_certificate_crt_name }}" + mode: 0644 + notify: Restart nginx + no_log: true + when: + - mtls_ca_certificate_install + - artifactory_version is version('7.77.0', '>=') + +- name: Configure ca key + become: true + ansible.builtin.template: + src: certificate.cakey.j2 + dest: "{{ mtls_ca_certificate_path }}/{{ mtls_mtls_ca_certificate_key_name }}" + mode: 0600 + notify: Restart nginx + no_log: true + when: + - mtls_ca_certificate_install + - artifactory_version is version('7.77.0', '>=') + - name: Restart nginx ansible.builtin.meta: flush_handlers diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/templates/artifactory.conf.j2 b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/templates/artifactory.conf.j2 index 4d3976ee..2efd2f4e 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/templates/artifactory.conf.j2 +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/templates/artifactory.conf.j2 @@ -22,6 +22,13 @@ if ($http_x_forwarded_proto = '') { set $http_x_forwarded_proto $scheme; } + ##Set up mTLS Verification and Certificate Termination on the Reverse Proxy + {% if mtls_ca_certificate_install %} + ssl_verify_client on; + ssl_verify_depth 2; + ssl_client_certificate {{ mtls_ca_certificate_path }}/{{ mtls_mtls_ca_certificate_crt_name }}; + proxy_set_header X-JFrog-Client-Cert $ssl_client_escaped_cert; + {% endif %} ## Application specific logs access_log /var/log/nginx/artifactory-access.log; error_log /var/log/nginx/artifactory-error.log; diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/templates/certificate.cakey.j2 b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/templates/certificate.cakey.j2 new file mode 100644 index 00000000..aa92ce06 --- /dev/null +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/templates/certificate.cakey.j2 @@ -0,0 +1,4 @@ +{% set cert = mtls_ca_certificate_key.split('|') %} +{% for line in cert %} +{{ line }} +{% endfor %} \ No newline at end of file diff --git a/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/templates/certificate.crt.j2 b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/templates/certificate.crt.j2 new file mode 100644 index 00000000..5afaa732 --- /dev/null +++ b/Ansible/ansible_collections/jfrog/platform/roles/artifactory_nginx_ssl/templates/certificate.crt.j2 @@ -0,0 +1,4 @@ +{% set cert = mtls_ca_certificate_crt.split('|') %} +{% for line in cert %} +{{ line }} +{% endfor %} \ No newline at end of file diff --git a/Ansible/ansible_collections/jfrog/platform/roles/distribution/defaults/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/distribution/defaults/main.yml index b6c0f19f..2a6894a1 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/distribution/defaults/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/distribution/defaults/main.yml @@ -1,7 +1,7 @@ # defaults file for distribution # The version of distribution to install -distribution_version: 2.26.1 +distribution_version: 2.27.2 # whether to enable HA distribution_ha_enabled: false diff --git a/Ansible/ansible_collections/jfrog/platform/roles/distribution/tasks/install.yml b/Ansible/ansible_collections/jfrog/platform/roles/distribution/tasks/install.yml index 8f000f33..f7e044cb 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/distribution/tasks/install.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/distribution/tasks/install.yml @@ -22,6 +22,7 @@ path: /etc/cron.allow line: "{{ distribution_user }}" state: present + create: true when: distribution_allow_crontab - name: Allow reading cron.allow diff --git a/Ansible/ansible_collections/jfrog/platform/roles/distribution/tasks/upgrade.yml b/Ansible/ansible_collections/jfrog/platform/roles/distribution/tasks/upgrade.yml index af0c2044..be313ab1 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/distribution/tasks/upgrade.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/distribution/tasks/upgrade.yml @@ -122,6 +122,7 @@ path: /etc/cron.allow line: "{{ distribution_user }}" state: present + create: true when: distribution_allow_crontab - name: Allow reading cron.allow diff --git a/Ansible/ansible_collections/jfrog/platform/roles/distribution/vars/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/distribution/vars/main.yml index eb88c804..0e9c0d14 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/distribution/vars/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/distribution/vars/main.yml @@ -1,5 +1,5 @@ # platform collection version -platform_collection_version: 10.20.0 +platform_collection_version: 10.20.1 # indicates were this collection was downlaoded from (galaxy, automation_hub, standalone) ansible_marketplace: galaxy diff --git a/Ansible/ansible_collections/jfrog/platform/roles/insight/vars/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/insight/vars/main.yml index eb88c804..0e9c0d14 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/insight/vars/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/insight/vars/main.yml @@ -1,5 +1,5 @@ # platform collection version -platform_collection_version: 10.20.0 +platform_collection_version: 10.20.1 # indicates were this collection was downlaoded from (galaxy, automation_hub, standalone) ansible_marketplace: galaxy diff --git a/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/RedHat.yml b/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/RedHat.yml index 110ebf34..bb5a1914 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/RedHat.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/postgres/tasks/RedHat.yml @@ -13,14 +13,14 @@ ansible.builtin.yum: name: python3-psycopg2 state: present - when: ansible_distribution_major_version == '8' + when: ansible_facts['distribution_major_version'] | int in [8, 9] - name: Install python2-psycopg2 become: true ansible.builtin.yum: name: python-psycopg2 state: present - when: ansible_distribution_major_version == '7' + when: ansible_facts['distribution_major_version'] | int == 7 - name: Fixup some locale issues become: true @@ -72,8 +72,8 @@ profiles= state=disabled when: - - ansible_os_family == 'RedHat' - - ansible_distribution_major_version | int == 8 + - ansible_facts['os_family'] == 'RedHat' + - ansible_facts['distribution_major_version'] | int in [8, 9] - name: Install PostgreSQL packages become: true diff --git a/Ansible/ansible_collections/jfrog/platform/roles/xray/defaults/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/xray/defaults/main.yml index c25bd14d..e682234b 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/xray/defaults/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/xray/defaults/main.yml @@ -1,7 +1,7 @@ # Defaults file for xray # The version of xray to install -xray_version: 3.104.18 +xray_version: 3.107.11 # Whether to enable HA xray_ha_enabled: false @@ -49,6 +49,8 @@ xray_system_yaml_template: system.yaml.j2 linux_distro: "{{ ansible_distribution | lower }}{{ ansible_distribution_major_version }}" +centos_gpg_key: "https://www.centos.org/keys/RPM-GPG-KEY-CentOS-Official" + xray_db_util_search_filter: ubuntu18: db5: 'db5.3-util.*ubuntu1.1.*amd64\.deb' @@ -65,6 +67,10 @@ xray_db_util_search_filter: debian11: db5: 'TBD' db: 'db-util_([0-9]{1,3}\.?){3}.*nmu1_all\.deb' + redhat7: + db: 'libdb-utils-5.3.*el7.x86_64.rpm' + redhat9: + db: 'libdb-utils-5.3.*el9.x86_64.rpm' yum_python_interpreter: >- diff --git a/Ansible/ansible_collections/jfrog/platform/roles/xray/tasks/expect.yml b/Ansible/ansible_collections/jfrog/platform/roles/xray/tasks/expect.yml index 01fd68ca..54f70f57 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/xray/tasks/expect.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/xray/tasks/expect.yml @@ -10,7 +10,7 @@ while { $CYCLE_END == 0 } { expect { {% for each_request in exp_scenarios %} - -nocase -re {{ '{' }}{{ each_request.expecting }}.*} { + -nocase -re {{ '{' }}{{ each_request.expecting }}.*{{ '}' }} { send "{{ each_request.sending }}\n" } {% endfor %} @@ -19,7 +19,7 @@ } } set count "[expr $count + 1]" - if { $count > 16} { + if { $count > 16 } { exit 128 } } diff --git a/Ansible/ansible_collections/jfrog/platform/roles/xray/tasks/install.yml b/Ansible/ansible_collections/jfrog/platform/roles/xray/tasks/install.yml index 6b4b954f..339f4710 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/xray/tasks/install.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/xray/tasks/install.yml @@ -22,6 +22,7 @@ path: /etc/cron.allow line: "{{ xray_user }}" state: present + create: true when: xray_allow_crontab - name: Allow reading cron.allow diff --git a/Ansible/ansible_collections/jfrog/platform/roles/xray/tasks/rabbitmq/setup/RedHat.yml b/Ansible/ansible_collections/jfrog/platform/roles/xray/tasks/rabbitmq/setup/RedHat.yml index e58e0d32..bea924d8 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/xray/tasks/rabbitmq/setup/RedHat.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/xray/tasks/rabbitmq/setup/RedHat.yml @@ -26,7 +26,7 @@ - name: Import CentOS GPG public key become: true ansible.builtin.rpm_key: - key: https://www.centos.org/keys/RPM-GPG-KEY-CentOS-Official + key: "{{ centos_gpg_key }}" state: present - name: Install socat package @@ -74,3 +74,30 @@ ansible_python_interpreter: "{{ yum_python_interpreter }}" register: install_erlang_package_result when: check_erlang_package_result.matched > 0 + +- name: Find db-util package + ansible.builtin.find: + paths: "{{ xray_home }}/app/third-party/misc/" + patterns: ["{{ xray_db_util_search_filter[linux_distro]['db'] }}"] + use_regex: yes + file_type: file + register: check_db_util_package_result + when: ansible_facts['distribution_major_version'] | int in [7, 9] + +- name: Set db-util package file name + ansible.builtin.set_fact: + xray_db5_util_package: "{{ check_db_util_package_result.files[0].path }}" + when: + - ansible_facts['distribution_major_version'] | int in [7, 9] + - check_db_util_package_result.matched > 0 + +- name: Install db-util package + become: true + yum: + name: "{{ xray_db5_util_package }}" + disable_gpg_check: yes + register: install_db_util_package_result + when: + - ansible_facts['distribution_major_version'] | int in [7, 9] + - check_db_util_package_result.matched > 0 + diff --git a/Ansible/ansible_collections/jfrog/platform/roles/xray/tasks/upgrade.yml b/Ansible/ansible_collections/jfrog/platform/roles/xray/tasks/upgrade.yml index 908e0023..a0412089 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/xray/tasks/upgrade.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/xray/tasks/upgrade.yml @@ -126,6 +126,7 @@ path: /etc/cron.allow line: "{{ xray_user }}" state: present + create: true when: xray_allow_crontab - name: Allow reading cron.allow diff --git a/Ansible/ansible_collections/jfrog/platform/roles/xray/vars/main.yml b/Ansible/ansible_collections/jfrog/platform/roles/xray/vars/main.yml index eb88c804..0e9c0d14 100644 --- a/Ansible/ansible_collections/jfrog/platform/roles/xray/vars/main.yml +++ b/Ansible/ansible_collections/jfrog/platform/roles/xray/vars/main.yml @@ -1,5 +1,5 @@ # platform collection version -platform_collection_version: 10.20.0 +platform_collection_version: 10.20.1 # indicates were this collection was downlaoded from (galaxy, automation_hub, standalone) ansible_marketplace: galaxy