Skip to content

Commit

Permalink
[ansible/artifactory] Configure admin credentials (#335)
Browse files Browse the repository at this point in the history
* Setup admin credentials - credits: @eugene-krivosheyev

* README.md

* CHANGELOG.md

Signed-off-by: Bas Meijer <[email protected]>

* Revert directory creation.

* artifactory_admin_password was not used before, define it to manage it with Ansible.

* Stay secure!

---------

Signed-off-by: Bas Meijer <[email protected]>
  • Loading branch information
bbaassssiiee authored and chukka committed Oct 26, 2023
1 parent cbbd03e commit 3924c61
Show file tree
Hide file tree
Showing 5 changed files with 55 additions and 30 deletions.
4 changes: 4 additions & 0 deletions Ansible/ansible_collections/jfrog/platform/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@
# JFrog Platform Ansible Collection Changelog
All changes to this collection will be documented in this file.

## [10.15.4] - Oct 2, 2023
* Configure admin password
* Formatting README.md

## [10.15.3] - Oct 16, 2023
* Product Updates/fixes

Expand Down
56 changes: 32 additions & 24 deletions Ansible/ansible_collections/jfrog/platform/README.md
Original file line number Diff line number Diff line change
@@ -1,48 +1,48 @@
# JFrog Platform Ansible Collection

This Ansible directory consists of the following directories that support the JFrog Platform collection.

* ansible_collections directory - This directory contains the Ansible collection package that has the Ansible roles for Artifactory, Distribution, Insight and Xray. See the roles README for details on the product roles and variables.
* examples directory - This directory contains example playbooks for various architectures.


## Getting Started

## Prerequisites
From 10.11.x collection and above, Using fully qualified collection name (FQCN) , This is required for installing collection dependencies

```
```bash
ansible-galaxy collection install community.postgresql community.general ansible.posix
```

1. Install this collection from Ansible Galaxy.

```
ansible-galaxy collection install jfrog.platform
```
Ensure you reference the collection in your playbook when using these roles.
```
```yaml
---
- hosts: artifactory_servers
collections:
- jfrog.platform
- community.general
roles:
- artifactory
```
2. Ansible uses SSH to connect to hosts. Ensure that your SSH private key is on your client and the public keys are installed on your Ansible hosts.
2. Ansible uses SSH to connect to hosts. Ensure that your SSH private key is on your client and the public keys are installed on your Ansible hosts.
3. Create your inventory file. Use one of the examples from the examples directory to construct an inventory file (hosts.ini) with the host addresses
4. Create your playbook. Use one of the examples from the examples directory to construct a playbook using the JFrog Ansible roles. These roles will be applied to your inventory and provision software.
5. Then execute with the following command to provision the JFrog Platform with Ansible.
```
```bash
ansible-playbook -vv platform.yml -i hosts.ini"
```

Expand All @@ -51,7 +51,7 @@ ansible-playbook -vv platform.yml -i hosts.ini"
For production deployments,You may want to generate your master and join keys and apply it to all the nodes.
**IMPORTANT** : Save below generated master and join keys for future upgrades

```
```bash
MASTER_KEY_VALUE=$(openssl rand -hex 32)
JOIN_KEY_VALUE=$(openssl rand -hex 32)
ansible-playbook -vv platform.yml -i hosts.ini --extra-vars "master_key=$MASTER_KEY_VALUE join_key=$JOIN_KEY_VALUE"
Expand All @@ -60,13 +60,21 @@ ansible-playbook -vv platform.yml -i hosts.ini --extra-vars "master_key=$MASTER_
## Using [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html) to Encrypt Vars
Some vars you may want to keep secret. You may put these vars into a separate file and encrypt them using [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html).

For example, you will probably change the default password for the admin user using an encrypted file.

```yaml
# Default password
artifactory_admin_password: password
```
```bash
ansible-vault encrypt secret-vars.yml --vault-password-file ~/.vault_pass.txt
```

then in your playbook include the secret vars file.

```
```yaml
- hosts: artifactory_servers
collections:
- community.general
Expand All @@ -81,7 +89,7 @@ then in your playbook include the secret vars file.
## Upgrades
All JFrog product roles support software updates. To use a role to perform a software update only, use the _<product>_upgrade_only_ variable and specify the version. See the following example.
```
```yaml
- hosts: artifactory_servers
collections:
- community.general
Expand All @@ -108,7 +116,7 @@ Create an external database as documented [here](https://www.jfrog.com/confluenc

For example, for artifactory, these below values needs to be set for using external postgresql

```
```yaml
postgres_enabled: false
artifactory_db_type: postgresql
Expand All @@ -124,11 +132,11 @@ artifactory_db_url: jdbc:postgresql://<external_db_host_ip>:5432/{{ artifactory_
1. Go to the ansible_collections/jfrog/platform directory.
2. Update the galaxy.yml meta file as needed. Update the version.
3. Build the archive. (Requires Ansible 2.9+)
```
```bash
ansible-galaxy collection build
```

## OS support
## OS support
The JFrog Platform Ansible Collection can be installed on the following operating systems:

* Ubuntu LTS versions (18.04/20.4/22.04)
Expand All @@ -139,6 +147,6 @@ The JFrog Platform Ansible Collection can be installed on the following operatin
## Known issues
* Refer [here](https://github.com/jfrog/JFrog-Cloud-Installers/issues?q=is%3Aopen+is%3Aissue+label%3AAnsible)
* By default, ansible_python_interpreter: "/usr/bin/python3" used , For Centos/RHEL-7, Set this to "/usr/bin/python" . For example
```
```bash
ansible-playbook -vv platform.yml -i hosts.ini -e 'ansible_python_interpreter=/usr/bin/python'
```
```
Original file line number Diff line number Diff line change
Expand Up @@ -64,10 +64,9 @@ artifactory_gid: 1030
# If this is an upgrade
artifactory_upgrade_only: false

# Default username and password
artifactory_admin_username: admin
artifactory_admin_password: password

# Default username and password, uncomment and change to manage with ansible
# artifactory_admin_username: admin
# artifactory_admin_password: password
artifactory_service_file: /lib/systemd/system/artifactory.service

# Provide systemyaml content below with 2-space indentation
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@
group: "{{ artifactory_group }}"
loop:
- "{{ artifactory_home }}/var/data"
- "{{ artifactory_home }}/var/etc"
- "{{ artifactory_home }}/var/etc/"
- "{{ artifactory_home }}/var/etc/security/"
- "{{ artifactory_home }}/var/etc/artifactory/info/"

Expand Down Expand Up @@ -168,6 +168,18 @@
- artifactory_licenses | length > 0
notify: Restart artifactory

- name: Set up Artifactory admin account
ansible.builtin.template:
src: bootstrap.creds
dest: "{{ artifactory_home }}/var/etc/access/"
owner: "{{ artifactory_user }}"
group: "{{ artifactory_group }}"
mode: 0600
when:
- artifactory_admin_username is defined
- artifactory_admin_password is defined
notify: Restart artifactory

- name: Check if included database driver is the correct version
become: true
ansible.builtin.stat:
Expand Down Expand Up @@ -222,4 +234,4 @@
delay: 5
when:
- not ansible_check_mode
- artifactory_start_service | bool
- artifactory_start_service | bool
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
{{ artifactory_admin_username }}@*={{ artifactory_admin_password }}

0 comments on commit 3924c61

Please sign in to comment.