├── .gitignore
├── LICENSE
├── README.md
├── dc-os
├── Artifactory-Ha.md
├── Artifactory-Pro.md
├── Docker
│ ├── HA
│ │ ├── Dockerfile
│ │ ├── artifactory.config.xml
│ │ ├── binarystore.xml
│ │ ├── run.sh
│ │ └── server.xml
│ ├── PRO
│ │ ├── Dockerfile
│ │ ├── artifactory.config.xml
│ │ ├── build.sh
│ │ ├── run.sh
│ │ └── server.xml
│ └── README.md
├── README.md
├── images
│ ├── Artifactory_UI.png
│ ├── HA_Diagram.png
│ ├── artifactory_cache.png
│ ├── usage_from_ui.png
│ └── usage_services_view.png
├── install-artifactory-lb.md
└── install-mysql.md
├── docker-compose
├── artifactory
│ ├── .env
│ ├── NginxSSL.md
│ ├── README.md
│ ├── art-compose
│ ├── artifactory-ha-shared-data.yml
│ ├── artifactory-ha.yml
│ ├── artifactory-oss-postgresql.yml
│ ├── artifactory-oss.yml
│ ├── artifactory-pro-nginx-derby.yml
│ ├── artifactory-pro-postgresql.yml
│ ├── artifactory-pro.yml
│ └── prepareHostEnv.sh
└── xray
│ ├── .env
│ ├── README.md
│ ├── createMongoUsers.js
│ ├── prepareHostEnv.sh
│ ├── rabbitmq.conf
│ ├── xray-traefik-letsencrypt.yml
│ └── xray.yml
├── files
├── access
│ └── etc
│ │ └── keys
│ │ ├── private.key
│ │ └── root.crt
├── binarystore.xml
├── nginx
│ ├── conf.d
│ │ ├── ha
│ │ │ └── artifactory.conf
│ │ ├── oss
│ │ │ └── artifactory.conf
│ │ └── pro
│ │ │ └── artifactory.conf
│ └── ssl
│ │ ├── demo.key
│ │ └── demo.pem
├── plugins
│ └── inactiveServerCleaner.groovy
└── security
│ └── communication.key
├── kubernetes
├── Dockerfile.mysql
├── README.md
├── artifactory-binarystore.yml
├── artifactory-ha-node1.yml
├── artifactory-ha-node2.yml
├── artifactory-ha-service.yml
├── artifactory-ha-storage.yml
├── artifactory-storage.yml
├── artifactory.yml
├── mysql-storage.yml
├── mysql.yml
├── nginx-deployment.yml
├── nginx-service-minikube.yml
├── nginx-service.yml
├── nginx-storage.yml
├── postgresql-storage.yml
└── postgresql.yml
├── openshift
├── artifactory
│ ├── README.md
│ ├── artifactory-ha-common
│ │ ├── artifactory-imagestream.yaml
│ │ ├── artifactory-primary-pvc.yaml
│ │ ├── artifactory-secondary-pvc.yaml
│ │ ├── artifactory-service.yaml
│ │ ├── config
│ │ │ └── database-config-map.yaml
│ │ └── secrets
│ │ │ ├── artifactory-licenses-secret.yaml
│ │ │ └── artifactory-master-key-secret.yaml
│ ├── artifactory-ha-nfs
│ │ ├── artifactory-backup-pvc.yaml
│ │ ├── artifactory-data-pvc.yaml
│ │ ├── artifactory-primary-deployment.yaml
│ │ ├── artifactory-secondary-deployment.yaml
│ │ ├── config
│ │ │ └── binarystore-config-map.yaml
│ │ ├── install.sh
│ │ ├── process.sh
│ │ ├── rolling-upgrade.sh
│ │ └── sample-params.env
│ ├── artifactory-ha-no-nfs
│ │ ├── artifactory-primary-deployment.yaml
│ │ ├── artifactory-secondary-deployment.yaml
│ │ ├── config
│ │ │ └── binarystore-config-map.yaml
│ │ ├── install.sh
│ │ ├── process.sh
│ │ ├── rolling-upgrade.sh
│ │ └── sample-params.env
│ ├── database
│ │ └── postgresql
│ │ │ ├── install.sh
│ │ │ ├── postgresql-deployment.yaml
│ │ │ ├── postgresql-pvc.yaml
│ │ │ ├── postgresql-service.yaml
│ │ │ ├── process.sh
│ │ │ ├── sample-params.env
│ │ │ └── secrets
│ │ │ └── postgresql-secret.yaml
│ └── images
│ │ ├── artifactory-license-template.png
│ │ ├── artifactory-master-key-template.png
│ │ ├── docker-virtual-route.png
│ │ └── user-plugin-config-map.png
└── xray
│ ├── README.md
│ ├── images
│ ├── pv_efs_ebs.png
│ ├── pv_nfs.png
│ ├── rabbitmq_route.png
│ ├── xray_server_route.png
│ └── xray_ui.png
│ ├── xray-analysis.yaml
│ ├── xray-data-pv.yaml
│ ├── xray-data-pvc.yaml
│ ├── xray-imagestream.yaml
│ ├── xray-indexer.yaml
│ ├── xray-mongodb
│ ├── xray-mongodb-ebs-pv.yaml
│ ├── xray-mongodb-pv.yaml
│ ├── xray-mongodb-pvc.yaml
│ ├── xray-mongodb-setup-configmap.yaml
│ └── xray-mongodb.yaml
│ ├── xray-params.env
│ ├── xray-persist.yaml
│ ├── xray-postgres
│ ├── xray-postgres-ebs-pv.yaml
│ ├── xray-postgres-pv.yaml
│ ├── xray-postgres-pvc.yaml
│ └── xray-postgres.yaml
│ ├── xray-rabbitmq
│ ├── xray-rabbitmq-configmap.yaml
│ ├── xray-rabbitmq-ebs-pv.yaml
│ ├── xray-rabbitmq-pv.yaml
│ ├── xray-rabbitmq-pvc.yaml
│ └── xray-rabbitmq.yaml
│ ├── xray-server.yaml
│ ├── xray-setup-configmap.yaml
│ ├── xray-upgrade.sh
│ └── xray-wrapper.sh
└── swarm
├── README.md
└── artifactory-pro.yml
/.gitignore:
--------------------------------------------------------------------------------
1 | .idea
2 | *.iml
3 | .DS_Store
4 | temp
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # DEPRECATED
2 | This repository's examples are deprecated and are not maintained anymore.
3 | You should now use the [official JFrog Artifactory installers](https://www.jfrog.com/confluence/display/JFROG/Installing+Artifactory).
4 |
5 | # Artifactory Docker Examples
6 | This repository provides some examples that show different ways to run Artifactory with Docker orchestration tools.
7 | For more detailed documentation on running Artifactory with Docker, please refer to [Running with Docker](https://www.jfrog.com/confluence/display/RTF/Running+with+Docker) in the JFrog Artifactory User Guide
8 |
9 | ## Docker
10 | To learn more about Docker and how to set it up, please refer to the [Docker](https://docs.docker.com) documentation.
11 |
12 | ## Examples
13 | The following examples are available
14 | - [Docker compose](docker-compose) (Deprecated)
15 | - [Docker Swarm](swarm) (Deprecated)
16 | - [Kubernetes](kubernetes) (Deprecated)
17 | - [OpenShift](openshift) (Deprecated)
18 | - [DC/OS](dc-os) (Deprecated)
19 | - [Helm Charts](https://github.com/jfrog/charts)
20 |
21 | **NOTE**: We have moved our Helm charts to [jfrog/charts](https://github.com/jfrog/charts)
22 |
--------------------------------------------------------------------------------
/dc-os/Artifactory-Ha.md:
--------------------------------------------------------------------------------
1 | ## Artifactory HA installation guide for DC/OS
2 |
3 | ##### Architecture of Artifactory HA
4 |
5 | 
6 |
7 | ## To set up Artifactory HA in DC/OS following are prerequisites:
8 | 1. **Database (MySQL, Oracle, MS SQL and PostgreSQL)**
9 | 2. **Artifactory Pro Enterprise Value Pack**
10 |
11 | ## It requires min 1 public slave to install Artifactory Pro/Enterprise
12 |
13 | ## Steps to set up Artifactory HA:
14 |
15 | 1. Install MySQL in DC/OS.
16 | [Here is guide to install MySQL in DC/OS](install-mysql.md)
17 | The database is used by all the nodes to store metadata attached to artifacts.
18 |
19 | 2. Install artifactory-primary using DC/OS CLI.
20 | 1. create `artifactory-primary-options.json` with following content:
21 | ```
22 | {
23 | "service": {
24 | "name": "artifactory",
25 | "cpus": 2,
26 | "mem": 2048,
27 | "licenses": "$ARTIFACTORY_ENTERPRISE_LICENSES",
28 | "host-volume": "/var/artifactory",
29 | "database": {
30 | "connection-string": "jdbc:mysql://mysql.marathon.mesos:3306/artdb?characterEncoding=UTF-8&elideSetAutoCommits=true",
31 | "user": "jfrogdcos",
32 | "password": "jfrogdcos"
33 | }
34 | },
35 | "pro": {
36 | "local-volumes": {},
37 | "external-volumes": {
38 | "enabled": false
39 | }
40 | },
41 | "high-availability": {
42 | "enabled": true,
43 | "secondary": {
44 | "enabled": false,
45 | "unique-nodes": true,
46 | "nodes": 1,
47 | "name": "artifactory"
48 | }
49 | }
50 | }
51 | ```
52 |
53 | ###NOTE: Make sure database name, is correct in connection-string as well as username & password for database.
54 | ### Licenses: Provide all Artifactory licenses as a single string comma separated without white spaces in string.
55 |
56 | 2. Install Artifactory-Primary using following command:
57 | `dcos package install --options=artifactory-primary-options.json artifactory`
58 |
59 | 3. Make sure artifactory-primary is running and Healthy.
60 |
61 | 3. Install Artifactory-secondary:DC/OS CLI.
62 |
63 | 1. create `artifactory-secondary-options.json` with following content:
64 | ```
65 | {
66 | "service": {
67 | "name": "artifactory-secondary",
68 | "cpus": 2,
69 | "mem": 2048,
70 | "licenses": "$ARTIFACTORY_ENTERPRISE_LICENSES",
71 | "host-volume": "/var/artifactory",
72 | "database": {
73 | "connection-string": "jdbc:mysql://mysql.marathon.mesos:3306/artdb?characterEncoding=UTF-8&elideSetAutoCommits=true",
74 | "user": "jfrogdcos",
75 | "password": "jfrogdcos"
76 | }
77 | },
78 | "pro": {
79 | "local-volumes": {},
80 | "external-volumes": {
81 | "enabled": false
82 | }
83 | },
84 | "high-availability": {
85 | "enabled": true,
86 | "secondary": {
87 | "enabled": true,
88 | "unique-nodes": true,
89 | "nodes": 1,
90 | "name": "artifactory"
91 | }
92 | }
93 | }
94 | ```
95 |
96 | 2. Install Artifactory-Primary using following command:
97 | `dcos package install --options=artifactory-secondary-options.json artifactory`
98 |
99 | 3. Make sure artifactory-secondary is running and healthy.
100 |
101 | ### NOTE: API Key of Artifactory generated by Artifactory-Primary to fetch license from Artifactory-Primary (Optional)
102 |
103 | ## NOW you are just one step away from accessing Artifactory
104 |
105 | 4. [Install Artifactory-lb by following this guide](install-artifactory-lb.md)
106 |
107 | 5. Access Artifactory on public IP of DC/OS public slave.
108 |
109 | ### Now try to access your DC/OS public slave load balancer you should be able to access Artifactory.
110 |
111 | Here is how Artifactory UI looks like!!!
112 | 
113 |
114 | ## To use JFrog Artifactory please visit wiki.jfrog.com
115 | ## To learn more about DC/OS go to the [official DC/OS website](https://dcos.io/)
116 |
--------------------------------------------------------------------------------
/dc-os/Artifactory-Pro.md:
--------------------------------------------------------------------------------
1 | ## Artifactory-Pro installation guide for DC/OS
2 |
3 | ## To set up Artifactory HA in DC/OS following are prerequisites:
4 | 1. **Database (MySQL)**
5 | 2. **Artifactory Pro license**
6 |
7 | ## It requires min 1 public slave to install Artifactory Pro or Enterprise
8 |
9 | *[Here is guide to install MySQL in DC/OS](install-mysql.md)
10 |
11 | *[Go here to get your trial license](https://www.jfrog.com/artifactory/free-trial-mesosphere/)
12 |
13 | *Steps to install Artifactory Pro using DC/OS CLI.
14 |
15 | 1. create `artifactory-pro-options.json` file with following content:
16 | ```
17 | {
18 | "service": {
19 | "name": "artifactory",
20 | "cpus": 2,
21 | "mem": 2048,
22 | "licenses": "$ARTIFACTORY_PRO_LICENSE",
23 | "host-volume": "/var/artifactory",
24 | "database": {
25 | "connection-string": "jdbc:mysql://mysql.marathon.mesos:3306/artdb?characterEncoding=UTF-8&elideSetAutoCommits=true",
26 | "user": "jfrogdcos",
27 | "password": "jfrogdcos"
28 | }
29 | },
30 | "pro": {
31 | "local-volumes": {},
32 | "external-volumes": {
33 | "enabled": false
34 | }
35 | },
36 | "high-availability": {
37 | "enabled": false,
38 | "secondary": {
39 | "enabled": false,
40 | "unique-nodes": true,
41 | "nodes": 1,
42 | "name": "artifactory"
43 | }
44 | }
45 | }
46 | ```
47 |
48 | #### NOTE: Make sure you provide your Artifactory-Pro/Enterprise trial license in json file.
49 |
50 | 2. Run command to install Artifactory Pro ```dcos package install --options=artifactory-pro-option.json artifactory```
51 |
52 | 3. Make sure Artifactory is running and its healthy by looking at Marathon UI.
53 |
54 | ## NOW you are just one step away from accessing Artifactory
55 |
56 | 4. [Install Artifactory-lb by following this guide to access artifactory](install-artifactory-lb.md)
57 |
58 | ---
59 |
60 | #### To learn more about DC/OS go to the [official DC/OS website](https://dcos.io/)
61 |
--------------------------------------------------------------------------------
/dc-os/Docker/HA/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM docker.bintray.io/jfrog/artifactory-pro:6.23.13
2 |
3 | MAINTAINER jainishs@jfrog.com
4 |
5 | # We download all the usual JDBC drivers available so we can configure them at runtime
6 | RUN wget -O /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar
7 |
8 | COPY run.sh /runArtifactory.sh
9 |
10 | # Dynamic configurations
11 | COPY files/plugins/inactiveServerCleaner.groovy /tmp/inactiveServerCleaner.groovy
12 | COPY server.xml /opt/jfrog/artifactory/tomcat/conf/server.xml
13 | COPY binarystore.xml /tmp/binarystore.xml
14 | COPY artifactory.config.xml /tmp/artifactory.config.xml
15 |
16 | # Pre-Populated keys
17 | RUN mkdir -p /var/opt/jfrog/artifactory/access/etc/keys/ && \
18 | mkdir -p /var/opt/jfrog/artifactory/etc/security/
19 | ADD files/access/etc/keys/private.key /var/opt/jfrog/artifactory/access/etc/keys/private.key
20 | ADD files/access/etc/keys/root.crt /var/opt/jfrog/artifactory/access/etc/keys/root.crt
21 | ADD files/security/communication.key /var/opt/jfrog/artifactory/communication.key
22 |
23 | ENTRYPOINT /runArtifactory.sh
24 |
--------------------------------------------------------------------------------
/dc-os/Docker/HA/binarystore.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 | local
13 |
14 |
15 |
16 |
17 | remote
18 |
19 |
20 |
21 | crossNetworkStrategy
22 | crossNetworkStrategy
23 | true
24 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/dc-os/Docker/HA/run.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # We're executing some admin task as root (modifying perms)
3 |
4 |
5 | function checkEnv {
6 | local envVarName=$1
7 | eval local envVarValue=\$$envVarName
8 | if [ -z "$envVarValue" ]; then
9 | echo "Env variable $envVarName is not set, cannot start primary instance."
10 | exit 1
11 | fi
12 | }
13 |
14 | function checkAllEnvs {
15 | checkEnv ART_LICENSES
16 | checkEnv DB_TYPE
17 | checkEnv DB_USER
18 | checkEnv DB_PASSWORD
19 | checkEnv DB_HOST
20 | checkEnv DB_PORT
21 | }
22 |
23 | #Set Ports for DC/OS
24 | setPorts() {
25 | # Artifactory's membership port, the PORT0 et PORT1 are specific to MESOS
26 | : ${HA_MEMBERSHIP_PORT:=10042}
27 | : ${INSTANCE_PORT:=8081}
28 | if [ ! -z "$PORT0" ]; then
29 | INSTANCE_PORT=$PORT0
30 | fi
31 | if [ ! -z "$PORT1" ]; then
32 | export HA_MEMBERSHIP_PORT=$PORT1
33 | fi
34 | # Change the port
35 | sed -i -e 's,Connector port="\(.*\)",Connector port="'"$INSTANCE_PORT"'",g' /opt/jfrog/artifactory/tomcat/conf/server.xml
36 | }
37 |
38 | #Set initial configuration
39 | function setInitialConfiguration {
40 | echo "Setting initial configuration"
41 |
42 | if [ ! -d /var/opt/jfrog/artifactory/etc/plugins ]; then
43 | mkdir -p /var/opt/jfrog/artifactory/etc/plugins
44 | cp -f /tmp/inactiveServerCleaner.groovy /var/opt/jfrog/artifactory/etc/plugins/inactiveServerCleaner.groovy
45 | fi
46 | cp -f /tmp/binarystore.xml /var/opt/jfrog/artifactory/etc/binarystore.xml
47 | # Artifactory's external server name
48 | : ${ART_SERVER_NAME:=artifactory-cluster}
49 | # Artifactory's port method, default to PORTPERREPO (can be SUBDOMAIN)
50 | : ${ART_REVERSE_PROXY_METHOD:=portPerRepo}
51 | # This configuration doesn't exist on the first run
52 | if [ ! -f /var/opt/jfrog/artifactory/etc/artifactory.config.bootstrap.xml ]; then
53 | sed -i -e "s,\[SERVERNAME\],$ART_SERVER_NAME,g" /tmp/artifactory.config.xml
54 | sed -i -e "s,\[RPMETHOD\],$ART_REVERSE_PROXY_METHOD,g" /tmp/artifactory.config.xml
55 | sed -i -e "s,\[PORT\],$INSTANCE_PORT,g" /tmp/artifactory.config.xml
56 | mv /tmp/artifactory.config.xml /var/opt/jfrog/artifactory/etc/artifactory.config.import.xml
57 | # On later runs, we'll re import the latest configuration to change the instance port
58 | else
59 | if [ -f /var/opt/jfrog/artifactory/etc/artifactory.config.latest.xml ]; then
60 | cp -f /var/opt/jfrog/artifactory/etc/artifactory.config.latest.xml /var/opt/jfrog/artifactory/etc/artifactory.config.import.xml
61 | else
62 | # If not we take the bootstrap one, and import it
63 | cp /var/opt/jfrog/artifactory/etc/artifactory.config.bootstrap.xml /var/opt/jfrog/artifactory/etc/artifactory.config.import.xml
64 | fi
65 | # Changing the instance port
66 | sed -i -e "s,\(.*\),$INSTANCE_PORT,g" /var/opt/jfrog/artifactory/etc/artifactory.config.import.xml
67 | fi
68 | }
69 |
70 | #Set license
71 | function setLicense {
72 | logger "Setting up license."
73 | echo -n "$ART_LICENSES" | cut -d, -f1 > /var/opt/jfrog/artifactory/etc/artifactory.lic
74 | chmod 777 /var/opt/jfrog/artifactory/etc/artifactory.lic
75 | echo "Added license"
76 | }
77 |
78 | #Set HA_NODE_ID
79 | function setNodeId {
80 | if [ -z "$HA_NODE_ID" ]; then
81 | echo "HA_NODE_ID not set. Generating"
82 | export HA_NODE_ID=$(date +%s$RANDOM)
83 | echo "HA_NODE_ID set to **** $HA_NODE_ID"
84 | fi
85 | }
86 |
87 | #Set instance IP
88 | function setInstanceIp {
89 | # If no network is provided we take the first ip address we found
90 | if [ -z "$ART_NETWORK" ]; then
91 | export HA_HOST_IP=$(hostname -i)
92 | echo "HA_HOST_IP is set to $HA_HOST_IP"
93 | # else we try to get it from the network provided
94 | else
95 | export HA_HOST_IP=$(ip route show to match $ART_NETWORK | grep -Eo '[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}' | tail -1)
96 | if [ -z "$HA_HOST_IP" ]; then
97 | echo "[ERROR] Couldn't find a source IP routing to $ART_NETWORK, exiting" >&2
98 | exit 1
99 | fi
100 | fi
101 |
102 | if [ -z "$HA_CONTEXT_URL" ]; then
103 | export HA_CONTEXT_URL=http://$HA_HOST_IP:$INSTANCE_PORT/artifactory
104 | echo "HA_CONTEXT_URL is $HA_CONTEXT_URL"
105 | fi
106 | }
107 |
108 | checkAllEnvs
109 | setLicense
110 | setPorts
111 | setInstanceIp
112 | setNodeId
113 | setInitialConfiguration
114 |
115 | /entrypoint-artifactory.sh
--------------------------------------------------------------------------------
/dc-os/Docker/HA/server.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
19 |
20 |
21 |
22 |
--------------------------------------------------------------------------------
/dc-os/Docker/PRO/Dockerfile:
--------------------------------------------------------------------------------
1 | # Dockerfile for a primary node
2 | FROM docker.bintray.io/jfrog/artifactory-pro:6.23.13
3 |
4 | MAINTAINER jainishs@jfrog.com
5 |
6 | # Will be filtered and copied in etc when first running
7 | ADD artifactory.config.xml /tmp/artifactory.config.xml
8 |
9 | # We download all the usual JDBC drivers available so we can configure them at runtime
10 | RUN wget -O /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar
11 |
12 | # Copy the run script
13 | COPY run.sh /runArtifactory.sh
14 |
15 | # Still needed ?
16 | COPY server.xml /opt/jfrog/artifactory/tomcat/conf/server.xml
17 |
18 | # This should be mapped to a shared NFS mounted on the host
19 | EXPOSE 8081 10042
20 |
21 | ENTRYPOINT /runArtifactory.sh
22 |
--------------------------------------------------------------------------------
/dc-os/Docker/PRO/build.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | SCRIPT_DIR=$(PWD)
4 |
5 | echo $SCRIPT_DIR
6 | mkdir files
7 |
8 | echo "adding configuration file"
9 | cp -Rf $SCRIPT_DIR/../../../files/* files/
10 |
11 | docker build -t $1 .
--------------------------------------------------------------------------------
/dc-os/Docker/PRO/run.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # We're executing some admin task as root (modifying perms)
3 |
4 |
5 | function checkEnv {
6 | local envVarName=$1
7 | eval local envVarValue=\$$envVarName
8 | if [ -z "$envVarValue" ]; then
9 | echo "Env variable $envVarName is not set, cannot start primary instance."
10 | exit 1
11 | fi
12 | }
13 |
14 | function checkAllEnvs {
15 | checkEnv ART_LICENSES
16 | checkEnv DB_TYPE
17 | checkEnv DB_USER
18 | checkEnv DB_PASSWORD
19 | checkEnv DB_HOST
20 | checkEnv DB_PORT
21 | }
22 |
23 | #Set Ports for DC/OS
24 | setPorts() {
25 | # Artifactory's membership port, the PORT0 et PORT1 are specific to MESOS
26 | : ${HA_MEMBERSHIP_PORT:=10042}
27 | : ${INSTANCE_PORT:=8081}
28 | if [ ! -z "$PORT0" ]; then
29 | INSTANCE_PORT=$PORT0
30 | fi
31 | if [ ! -z "$PORT1" ]; then
32 | export HA_MEMBERSHIP_PORT=$PORT1
33 | fi
34 | # Change the port
35 | sed -i -e 's,Connector port="\(.*\)",Connector port="'"$INSTANCE_PORT"'",g' /opt/jfrog/artifactory/tomcat/conf/server.xml
36 | }
37 |
38 | #Set initial configuration
39 | function setInitialConfiguration {
40 | echo "Setting initial configuration"
41 |
42 | # Artifactory's external server name
43 | : ${ART_SERVER_NAME:=artifactory-cluster}
44 | # Artifactory's port method, default to PORTPERREPO (can be SUBDOMAIN)
45 | : ${ART_REVERSE_PROXY_METHOD:=portPerRepo}
46 |
47 | # This configuration doesn't exist on the first run
48 | if [ ! -f /var/opt/jfrog/artifactory/etc/artifactory.config.bootstrap.xml ]; then
49 | sed -i -e "s,\[SERVERNAME\],$ART_SERVER_NAME,g" /tmp/artifactory.config.xml
50 | sed -i -e "s,\[ARTSERVICE\],${MARATHON_APP_ID:1},g" /tmp/artifactory.config.xml
51 | sed -i -e "s,\[RPMETHOD\],$ART_REVERSE_PROXY_METHOD,g" /tmp/artifactory.config.xml
52 | sed -i -e "s,\[PORT\],$INSTANCE_PORT,g" /tmp/artifactory.config.xml
53 | mv /tmp/artifactory.config.xml /var/opt/jfrog/artifactory/etc/artifactory.config.import.xml
54 | # On later runs, we'll re import the latest configuration to change the instance port
55 | else
56 | if [ -f /var/opt/jfrog/artifactory/etc/artifactory.config.latest.xml ]; then
57 | cp -f /var/opt/jfrog/artifactory/etc/artifactory.config.latest.xml /var/opt/jfrog/artifactory/etc/artifactory.config.import.xml
58 | else
59 | # If not we take the bootstrap one, and import it
60 | cp -f /var/opt/jfrog/artifactory/etc/artifactory.config.bootstrap.xml /var/opt/jfrog/artifactory/etc/artifactory.config.import.xml
61 | fi
62 | # Changing the instance port
63 | sed -i -e "s,\(.*\),$INSTANCE_PORT,g" /var/opt/jfrog/artifactory/etc/artifactory.config.import.xml
64 | fi
65 | }
66 |
67 | #Set license
68 | function setLicense {
69 | logger "Setting up license."
70 | echo -n "$ART_LICENSES" | cut -d, -f1 > /var/opt/jfrog/artifactory/etc/artifactory.lic
71 | chmod 777 /var/opt/jfrog/artifactory/etc/artifactory.lic
72 | echo "Added license"
73 | }
74 |
75 | #Set instance IP
76 | function setInstanceIp {
77 | # If no network is provided we take the first ip address we found
78 | if [ -z "$ART_NETWORK" ]; then
79 | export HA_HOST_IP=$(hostname -i)
80 | echo "HA_HOST_IP is set to $HA_HOST_IP"
81 | # else we try to get it from the network provided
82 | else
83 | export HA_HOST_IP=$(ip route show to match $ART_NETWORK | grep -Eo '[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}' | tail -1)
84 | if [ -z "$HA_HOST_IP" ]; then
85 | echo "[ERROR] Couldn't find a source IP routing to $ART_NETWORK, exiting" >&2
86 | exit 1
87 | fi
88 | fi
89 | }
90 |
91 | checkAllEnvs
92 | setLicense
93 | setPorts
94 | setInstanceIp
95 | setInitialConfiguration
96 |
97 | /entrypoint-artifactory.sh
--------------------------------------------------------------------------------
/dc-os/Docker/PRO/server.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
9 |
10 |
11 |
12 |
16 |
17 |
18 |
19 |
--------------------------------------------------------------------------------
/dc-os/Docker/README.md:
--------------------------------------------------------------------------------
1 | ## Steps to build Artifactory HA docker image for DC/OS:
2 |
3 | 1. Create `files` directory inside HA directory and copy all contents form [files](../../files) to it.
4 |
5 |
6 | 2. Build docker image using docker build command.
7 | e.g ```docker build -t jfrog/artifactory-dcos:ha .```
8 |
9 | 3. Deploy image in environment (e.g [Bintray](https://bintray.com/)) which is accessible by your DC/OS cluster.
10 |
11 | ---
12 |
13 | ## Steps to build Artifactory Pro docker images:
14 |
15 | 1. Build docker image using docker build command.
16 | e.g ```docker build -t jfrog/artifactory-dcos:pro .```
17 |
18 | 2. Deploy image in environment (e.g [Bintray](https://bintray.com/)) which is accessible by your DC/OS cluster.
19 |
--------------------------------------------------------------------------------
/dc-os/README.md:
--------------------------------------------------------------------------------
1 | ## Artifactory-Pro installation guide for DC/OS
2 | [Install Artifactory-Pro by following this guide](Artifactory-Pro.md)
3 |
4 | ## Artifactory Enterprise installation guide for DC/OS
5 | [Install Artifactory Enterprise by following this guide](Artifactory-Ha.md)
6 |
7 | ## Building Docker images for DC/OS
8 | [Build Artifactory Pro/HA docker image for DC/OS](Docker)
9 |
--------------------------------------------------------------------------------
/dc-os/images/Artifactory_UI.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jfrog/artifactory-docker-examples/b669d505652b922bd4897b6448073c713eb255db/dc-os/images/Artifactory_UI.png
--------------------------------------------------------------------------------
/dc-os/images/HA_Diagram.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jfrog/artifactory-docker-examples/b669d505652b922bd4897b6448073c713eb255db/dc-os/images/HA_Diagram.png
--------------------------------------------------------------------------------
/dc-os/images/artifactory_cache.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jfrog/artifactory-docker-examples/b669d505652b922bd4897b6448073c713eb255db/dc-os/images/artifactory_cache.png
--------------------------------------------------------------------------------
/dc-os/images/usage_from_ui.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jfrog/artifactory-docker-examples/b669d505652b922bd4897b6448073c713eb255db/dc-os/images/usage_from_ui.png
--------------------------------------------------------------------------------
/dc-os/images/usage_services_view.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jfrog/artifactory-docker-examples/b669d505652b922bd4897b6448073c713eb255db/dc-os/images/usage_services_view.png
--------------------------------------------------------------------------------
/dc-os/install-artifactory-lb.md:
--------------------------------------------------------------------------------
1 | ## Artifactory-lb installation guide for DC/OS
2 |
3 | ## To set up Artifactory-lb in DC/OS following are prerequisites:
4 | 1. **Running Artifactory**
5 |
6 | ## It requires minimum 1 Public Slave to install Artifactory Pro/Enterprise
7 |
8 | ## Steps to install Artifactory-lb:
9 |
10 | 1. create `artifactory-lb-options.json` with following contents:
11 | ```
12 | {
13 | "service": {
14 | "name": "artifactory-lb",
15 | "cpus": 1,
16 | "instances": 1,
17 | "mem": 1024,
18 | "bridge": false,
19 | "ssl": {
20 | "enabled": false,
21 | "ssl_key_path": "http://www.example.com/example.key",
22 | "ssl_cert_path": "http://www.example.com/example.crt"
23 | }
24 | },
25 | "artifactory": {
26 | "name": "artifactory"
27 | }
28 | }
29 | ```
30 | 2. Run this command to install Artifactory-lb:
31 | `dcos package install --options="artifactory-lb-options.json" artifactory-lb`
32 |
33 | ##### NOTE: If name of your artifactory service is not "artifactory" then change it under artifactory tab.
34 | ##### Use pre populated API KEY in case you have changed artifactory password.
35 | ##### It needs port 5000-5010 open to use artifactory as docker registry.
36 |
37 | ## Awesome!! now you can access artifactory UI by going to public ip of node where Artifactory-lb is running.
38 |
39 | Here is how Artifactory UI looks like!!!
40 | 
41 |
42 | ---
43 |
44 | ## Steps to use artifactory as docker registry
45 |
46 | ### Insecure
47 | In case you'd like to run an insecure registry without using any TLS certificates, you can configure the nodes in your DC/OS cluster to work without certificates or security.
48 |
49 | This basically tells the Docker engine in each node to entirely disregard security for your registry. While this is relatively easy to configure the daemon in this way, it is very insecure. It does expose your registry to trivial MITM. Only use this solution for isolated testing or in a tightly controlled, air-gapped environment.
50 | Run this in all agent nodes of your cluster:
51 |
52 | ```
53 | sudo cp /usr/lib/systemd/system/docker.service /etc/systemd/system/docker.service
54 |
55 | sudo vim /etc/systemd/system/docker.service
56 |
57 | add this line: Environment="DOCKER_OPTS=--insecure-registry artifactory-lb.marathon.mesos:5001”
58 |
59 | sudo systemctl daemon-reload
60 |
61 | sudo systemctl restart docker.service
62 | ```
63 |
64 | ### Pull image from local registry
65 |
66 | The Docker registry at `artifactory-lb.marathon.mesos:5001` is now available for use in your Marathon applications. It can be used to launch applications from the GUI or the CLI interfaces.
67 |
68 | ### From the Marathon UI
69 |
70 | Simply use ```artifactory-lb.marathon.mesos:5001``` as a prefix in the `Container Settings`/`Container Image` field of the `Services` form:
71 |
72 | 
73 |
74 | Launch your application normally and check it’s working correctly in the “Services” tab:
75 |
76 | 
77 |
78 | Check cached image in Artifactory UI
79 |
80 | 
81 |
82 |
83 | #### From the CLI
84 |
85 | Check that your DC/OS CLI is connected properly to the DC/OS cluster:
86 |
87 | ```
88 | $ dcos node
89 | HOSTNAME IP ID
90 | 10.0.0.78 10.0.0.78 2bbf0f97-5c2b-453b-9ecc-e1023411d770-S5
91 | 10.0.2.27 10.0.2.27 2bbf0f97-5c2b-453b-9ecc-e1023411d770-S3
92 | 10.0.3.224 10.0.3.224 2bbf0f97-5c2b-453b-9ecc-e1023411d770-S0
93 | 10.0.3.228 10.0.3.228 2bbf0f97-5c2b-453b-9ecc-e1023411d770-S4
94 | 10.0.5.162 10.0.5.162 2bbf0f97-5c2b-453b-9ecc-e1023411d770-S1
95 | 10.0.7.12 10.0.7.12 2bbf0f97-5c2b-453b-9ecc-e1023411d770-S2
96 | ```
97 |
98 | Write a JSON file that uses the image from the local registry:
99 |
100 | ```
101 | $cat registry-example-app.json
102 | {
103 | "id": "/artifactory-registry-docker-example",
104 | "cmd": null,
105 | "cpus": 1,
106 | "mem": 128,
107 | "disk": 0,
108 | "instances": 1,
109 | "executor": null,
110 | "fetch": null,
111 | "constraints": null,
112 | "acceptedResourceRoles": null,
113 | "user": null,
114 | "container": {
115 | "docker": {
116 | "image": "artifactory-lb.marathon.mesos:5001/nginx",
117 | "forcePullImage": false,
118 | "privileged": false,
119 | "portMappings": [
120 | {
121 | "containerPort": 80,
122 | "protocol": "tcp",
123 | "name": "http"
124 | }
125 | ],
126 | "network": "BRIDGE"
127 | }
128 | },
129 | "labels": null,
130 | "healthChecks": null,
131 | "env": null
132 | }
133 | ```
134 |
135 | Load that JSON into Marathon:
136 |
137 | ```
138 | $ dcos marathon app add registry-example-app.json
139 | ```
140 |
141 | Check that the application is running properly:
142 |
143 | ```
144 | $ dcos marathon app list
145 | ID MEM CPUS TASKS HEALTH DEPLOYMENT CONTAINER CMD
146 | /artifactory 2048 2 1/1 1/1 --- DOCKER None
147 | /artifactory-lb 1024 1 1/1 1/1 --- DOCKER None
148 | /artifactory-registry-docker-example 128 1 1/1 --- --- DOCKER None
149 | /mysql 512 0.3 1/1 1/1 --- DOCKER None
150 | /universe 128 0.25 1/1 1/1 --- DOCKER None ```
151 | ```
152 |
--------------------------------------------------------------------------------
/dc-os/install-mysql.md:
--------------------------------------------------------------------------------
1 | ## MySQL installation guide for DC/OS
2 |
3 | ## Steps to set up MySQL using DC/OS CLI:
4 |
5 | 1. Create mysql-options.json with following values:
6 | ```
7 | {
8 | "service": {
9 | "name": "mysql"
10 | },
11 | "mysql": {
12 | "cpus": 0.3,
13 | "mem": 512
14 | },
15 | "database": {
16 | "name": "artdb",
17 | "username": "jfrogdcos",
18 | "password": "jfrogdcos",
19 | "root_password": "root"
20 | },
21 | "storage": {
22 | "host_volume": "/tmp",
23 | "persistence": {
24 | "enable": false,
25 | "volume_size": 256,
26 | "external": {
27 | "enable": false,
28 | "volume_name": "mysql",
29 | "provider": "dvdi",
30 | "driver": "rexray"
31 | }
32 | }
33 | },
34 | "networking": {
35 | "port": 3306,
36 | "host_mode": true,
37 | "external_access": {
38 | "enable": false,
39 | "external_access_port": 13306
40 | }
41 | }
42 | }
43 | ```
44 |
45 | 2. run command ```dcos package install --options=mysql-options.json mysql```
46 |
47 | 3. Make sure MySQL is running and is healthy by looking under the services tab in the DC/OS UI.
48 |
49 | Bingo! Now you can install Artifactory Pro/Enterprise.
50 | *[Here is guide to install Artifactory Pro in DC/OS](Artifactory-Pro.md)
51 |
--------------------------------------------------------------------------------
/docker-compose/artifactory/.env:
--------------------------------------------------------------------------------
1 | POSTGRES_PSWRD=password
2 |
3 |
--------------------------------------------------------------------------------
/docker-compose/artifactory/NginxSSL.md:
--------------------------------------------------------------------------------
1 | # Configure Nginx SSL
2 | This page explains how to override the default, built it, self signed SSL certificates that come with the
3 | Nginx for Artifactory Docker image.
4 |
5 | ## Overriding built in SSL certificate
6 | When the Nginx container start, the host's `/data/nginx` is mounted to the container's `/var/opt/jfrog/nginx`.
7 | The `/var/opt/jfrog/nginx/ssl` directory has the pre-loaded SSL certificate files `example.pem` and `example.key`.
8 | These keys were generated at the time the Docker image was built by the following command:
9 | ```bash
10 | openssl req -nodes -x509 -newkey rsa:4096 -keyout /etc/pki/tls/private/example.key \
11 | -out /etc/pki/tls/certs/example.pem -days 356 \
12 | -subj "/C=US/ST=California/L=SantaClara/O=IT/CN=localhost"
13 | ```
14 | If you wish to use your own key and certificate, you need to place your own `.key` and `.pem` in the host's
15 | `/data/nginx/ssl` directory. The Nginx container will detect and use them instead of the pre-loaded example.
16 |
--------------------------------------------------------------------------------
/docker-compose/artifactory/artifactory-ha-shared-data.yml:
--------------------------------------------------------------------------------
1 | version: '2'
2 | services:
3 | postgresql:
4 | image: docker.bintray.io/postgres:9.6.11
5 | container_name: postgresql
6 | ports:
7 | - 5432:5432
8 | environment:
9 | - POSTGRES_DB=artifactory
10 | # The following must match the DB_USER and DB_PASSWORD values passed to Artifactory
11 | - POSTGRES_USER=artifactory
12 | - POSTGRES_PASSWORD=password
13 | volumes:
14 | - /data/postgresql:/var/lib/postgresql/data
15 | restart: always
16 | ulimits:
17 | nproc: 65535
18 | nofile:
19 | soft: 32000
20 | hard: 40000
21 | artifactory-node1:
22 | image: docker.bintray.io/jfrog/artifactory-pro:6.23.13
23 | container_name: artifactory-node1
24 | ports:
25 | - 8081:8081
26 | depends_on:
27 | - postgresql
28 | links:
29 | - postgresql
30 | volumes:
31 | - /data/artifactory/node1:/var/opt/jfrog/artifactory
32 | - /data/artifactory/ha:/var/opt/jfrog/artifactory-ha
33 | - /data/artifactory/backup:/var/opt/jfrog/artifactory-backup
34 | environment:
35 | - ARTIFACTORY_MASTER_KEY=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
36 | - HA_IS_PRIMARY=true
37 | - HA_DATA_DIR=/var/opt/jfrog/artifactory-ha
38 | - HA_BACKUP_DIR=/var/opt/jfrog/artifactory-backup
39 | - HA_MEMBERSHIP_PORT=10017
40 | - DB_TYPE=postgresql
41 | # The following must match the POSTGRES_USER and POSTGRES_PASSWORD values passed to PostgreSQL
42 | - DB_USER=artifactory
43 | - DB_PASSWORD=password
44 | # Add extra Java options by uncommenting the following line
45 | #- EXTRA_JAVA_OPTIONS=-Xms512m -Xmx4g
46 | restart: always
47 | ulimits:
48 | nproc: 65535
49 | nofile:
50 | soft: 32000
51 | hard: 40000
52 | artifactory-node2:
53 | image: docker.bintray.io/jfrog/artifactory-pro:6.23.13
54 | container_name: artifactory-node2
55 | ports:
56 | - 8082:8081
57 | depends_on:
58 | - postgresql
59 | - artifactory-node1
60 | links:
61 | - postgresql
62 | # Must pass this to non primary so it can wait for primary to be up
63 | - artifactory-node1
64 | volumes:
65 | - /data/artifactory/node2:/var/opt/jfrog/artifactory
66 | - /data/artifactory/ha:/var/opt/jfrog/artifactory-ha
67 | - /data/artifactory/backup:/var/opt/jfrog/artifactory-backup
68 | environment:
69 | - ARTIFACTORY_MASTER_KEY=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
70 | - HA_IS_PRIMARY=false
71 | - HA_DATA_DIR=/var/opt/jfrog/artifactory-ha
72 | - HA_BACKUP_DIR=/var/opt/jfrog/artifactory-backup
73 | - HA_MEMBERSHIP_PORT=10017
74 | - DB_TYPE=postgresql
75 | # The following must match the POSTGRES_USER and POSTGRES_PASSWORD values passed to PostgreSQL
76 | - DB_USER=artifactory
77 | - DB_PASSWORD=password
78 | # Add extra Java options by uncommenting the following line
79 | #- EXTRA_JAVA_OPTIONS=-Xms512m -Xmx4g
80 | restart: always
81 | ulimits:
82 | nproc: 65535
83 | nofile:
84 | soft: 32000
85 | hard: 40000
86 | nginx:
87 | image: docker.bintray.io/jfrog/nginx-artifactory-pro:6.23.13
88 | container_name: nginx
89 | ports:
90 | - 80:80
91 | - 443:443
92 | depends_on:
93 | - artifactory-node1
94 | - artifactory-node2
95 | links:
96 | - artifactory-node1
97 | - artifactory-node2
98 | volumes:
99 | - /data/nginx:/var/opt/jfrog/nginx
100 | environment:
101 | - ART_BASE_URL=http://artifactory-node1:8081/artifactory
102 | - SSL=true
103 | # Set SKIP_AUTO_UPDATE_CONFIG=true to disable auto loading of NGINX conf
104 | #- SKIP_AUTO_UPDATE_CONFIG=true
105 | restart: always
106 | ulimits:
107 | nproc: 65535
108 | nofile:
109 | soft: 32000
110 | hard: 40000
111 |
--------------------------------------------------------------------------------
/docker-compose/artifactory/artifactory-ha.yml:
--------------------------------------------------------------------------------
1 | version: '2'
2 | services:
3 | postgresql:
4 | image: docker.bintray.io/postgres:9.6.11
5 | container_name: postgresql
6 | ports:
7 | - 5432:5432
8 | environment:
9 | - POSTGRES_DB=artifactory
10 | # The following must match the DB_USER and DB_PASSWORD values passed to Artifactory
11 | - POSTGRES_USER=artifactory
12 | - POSTGRES_PASSWORD=password
13 | volumes:
14 | - /data/postgresql:/var/lib/postgresql/data
15 | restart: always
16 | ulimits:
17 | nproc: 65535
18 | nofile:
19 | soft: 32000
20 | hard: 40000
21 | artifactory-node1:
22 | image: docker.bintray.io/jfrog/artifactory-pro:6.23.13
23 | container_name: artifactory-node1
24 | ports:
25 | - 8081:8081
26 | depends_on:
27 | - postgresql
28 | links:
29 | - postgresql
30 | volumes:
31 | - /data/artifactory/node1:/var/opt/jfrog/artifactory
32 | environment:
33 | - ARTIFACTORY_MASTER_KEY=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
34 | - HA_IS_PRIMARY=true
35 | - HA_MEMBERSHIP_PORT=10017
36 | - DB_TYPE=postgresql
37 | # The following must match the POSTGRES_USER and POSTGRES_PASSWORD values passed to PostgreSQL
38 | - DB_USER=artifactory
39 | - DB_PASSWORD=password
40 | # Add extra Java options by uncommenting the following line
41 | #- EXTRA_JAVA_OPTIONS=-Xms512m -Xmx4g
42 | restart: always
43 | ulimits:
44 | nproc: 65535
45 | nofile:
46 | soft: 32000
47 | hard: 40000
48 | artifactory-node2:
49 | image: docker.bintray.io/jfrog/artifactory-pro:6.23.13
50 | container_name: artifactory-node2
51 | ports:
52 | - 8082:8081
53 | depends_on:
54 | - postgresql
55 | - artifactory-node1
56 | links:
57 | - postgresql
58 | # Must pass this to non primary so it can wait for primary to be up
59 | - artifactory-node1
60 | volumes:
61 | - /data/artifactory/node2:/var/opt/jfrog/artifactory
62 | environment:
63 | - ARTIFACTORY_MASTER_KEY=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
64 | - HA_IS_PRIMARY=false
65 | - HA_MEMBERSHIP_PORT=10017
66 | - DB_TYPE=postgresql
67 | # The following must match the POSTGRES_USER and POSTGRES_PASSWORD values passed to PostgreSQL
68 | - DB_USER=artifactory
69 | - DB_PASSWORD=password
70 | # Add extra Java options by uncommenting the following line
71 | #- EXTRA_JAVA_OPTIONS=-Xmx4g
72 | restart: always
73 | ulimits:
74 | nproc: 65535
75 | nofile:
76 | soft: 32000
77 | hard: 40000
78 | nginx:
79 | image: docker.bintray.io/jfrog/nginx-artifactory-pro:6.23.13
80 | container_name: nginx
81 | ports:
82 | - 80:80
83 | - 443:443
84 | depends_on:
85 | - artifactory-node1
86 | - artifactory-node2
87 | links:
88 | - artifactory-node1
89 | - artifactory-node2
90 | volumes:
91 | - /data/nginx:/var/opt/jfrog/nginx
92 | environment:
93 | - ART_BASE_URL=http://artifactory-node1:8081/artifactory
94 | - SSL=true
95 | # Set SKIP_AUTO_UPDATE_CONFIG=true to disable auto loading of NGINX conf
96 | #- SKIP_AUTO_UPDATE_CONFIG=true
97 | restart: always
98 | ulimits:
99 | nproc: 65535
100 | nofile:
101 | soft: 32000
102 | hard: 40000
103 |
--------------------------------------------------------------------------------
/docker-compose/artifactory/artifactory-oss-postgresql.yml:
--------------------------------------------------------------------------------
1 | version: '2'
2 | services:
3 | postgresql:
4 | image: docker.bintray.io/postgres:9.6.11
5 | container_name: postgresql
6 | ports:
7 | - 5432:5432
8 | environment:
9 | - POSTGRES_DB=artifactory
10 | # The following must match the DB_USER and DB_PASSWORD values passed to Artifactory
11 | - POSTGRES_USER=artifactory
12 | - POSTGRES_PASSWORD=password
13 | volumes:
14 | - /data/postgresql:/var/lib/postgresql/data
15 | restart: always
16 | ulimits:
17 | nproc: 65535
18 | nofile:
19 | soft: 32000
20 | hard: 40000
21 | artifactory:
22 | image: docker.bintray.io/jfrog/artifactory-oss:6.23.13
23 | container_name: artifactory
24 | ports:
25 | - 80:8081
26 | depends_on:
27 | - postgresql
28 | links:
29 | - postgresql
30 | volumes:
31 | - /data/artifactory:/var/opt/jfrog/artifactory
32 | environment:
33 | - DB_TYPE=postgresql
34 | # The following must match the POSTGRES_USER and POSTGRES_PASSWORD values passed to PostgreSQL
35 | - DB_USER=artifactory
36 | - DB_PASSWORD=password
37 | # Add extra Java options by uncommenting the following line
38 | #- EXTRA_JAVA_OPTIONS=-Xms512m -Xmx4g
39 | restart: always
40 | ulimits:
41 | nproc: 65535
42 | nofile:
43 | soft: 32000
44 | hard: 40000
45 |
--------------------------------------------------------------------------------
/docker-compose/artifactory/artifactory-oss.yml:
--------------------------------------------------------------------------------
1 | version: '3'
2 | services:
3 | artifactory:
4 | image: docker.bintray.io/jfrog/artifactory-oss:6.23.13
5 | container_name: artifactory
6 | ports:
7 | - 80:8081
8 | volumes:
9 | - /data/artifactory:/var/opt/jfrog/artifactory
10 | # Add extra Java options by uncommenting the following lines
11 | # environment:
12 | # - EXTRA_JAVA_OPTIONS=-Xms512m -Xmx4g
13 | restart: always
14 | ulimits:
15 | nproc: 65535
16 | nofile:
17 | soft: 32000
18 | hard: 40000
19 |
--------------------------------------------------------------------------------
/docker-compose/artifactory/artifactory-pro-nginx-derby.yml:
--------------------------------------------------------------------------------
1 | version: '2'
2 | services:
3 | artifactory:
4 | image: docker.bintray.io/jfrog/artifactory-pro:6.23.13
5 | container_name: artifactory
6 | ports:
7 | - 8081:8081
8 | volumes:
9 | - /data/artifactory:/var/opt/jfrog/artifactory
10 | restart: always
11 | ulimits:
12 | nproc: 65535
13 | nofile:
14 | soft: 32000
15 | hard: 40000
16 | nginx:
17 | image: docker.bintray.io/jfrog/nginx-artifactory-pro:6.23.13
18 | container_name: nginx
19 | ports:
20 | - 80:80
21 | - 443:443
22 | depends_on:
23 | - artifactory
24 | links:
25 | - artifactory
26 | volumes:
27 | - /data/nginx:/var/opt/jfrog/nginx
28 | environment:
29 | - ART_BASE_URL=http://artifactory:8081/artifactory
30 | - SSL=true
31 | # Set SKIP_AUTO_UPDATE_CONFIG=true to disable auto loading of NGINX conf
32 | #- SKIP_AUTO_UPDATE_CONFIG=true
33 | restart: always
34 | ulimits:
35 | nproc: 65535
36 | nofile:
37 | soft: 32000
38 | hard: 40000
39 |
--------------------------------------------------------------------------------
/docker-compose/artifactory/artifactory-pro-postgresql.yml:
--------------------------------------------------------------------------------
1 | version: '2'
2 | services:
3 | postgresql:
4 | image: docker.bintray.io/postgres:9.6.11
5 | container_name: postgresql
6 | ports:
7 | - 5432:5432
8 | environment:
9 | - POSTGRES_DB=artifactory
10 | # The following must match the DB_USER and DB_PASSWORD values passed to Artifactory
11 | - POSTGRES_USER=artifactory
12 | - POSTGRES_PASSWORD=password
13 | volumes:
14 | - /data/postgresql:/var/lib/postgresql/data
15 | restart: always
16 | ulimits:
17 | nproc: 65535
18 | nofile:
19 | soft: 32000
20 | hard: 40000
21 | artifactory:
22 | image: docker.bintray.io/jfrog/artifactory-pro:6.23.13
23 | container_name: artifactory
24 | ports:
25 | - 80:8081
26 | depends_on:
27 | - postgresql
28 | links:
29 | - postgresql
30 | volumes:
31 | - /data/artifactory:/var/opt/jfrog/artifactory
32 | environment:
33 | - DB_TYPE=postgresql
34 | # The following must match the POSTGRES_USER and POSTGRES_PASSWORD values passed to PostgreSQL
35 | - DB_USER=artifactory
36 | - DB_PASSWORD=password
37 | # Add extra Java options by uncommenting the following line
38 | #- EXTRA_JAVA_OPTIONS=-Xms512m -Xmx4g
39 | restart: always
40 | ulimits:
41 | nproc: 65535
42 | nofile:
43 | soft: 32000
44 | hard: 40000
45 |
--------------------------------------------------------------------------------
/docker-compose/artifactory/artifactory-pro.yml:
--------------------------------------------------------------------------------
1 | version: '3'
2 | services:
3 | postgresql:
4 | image: docker.bintray.io/postgres:9.6.11
5 | container_name: postgresql
6 | ports:
7 | - 5432:5432
8 | environment:
9 | - POSTGRES_DB=artifactory
10 | # The following must match the DB_USER and DB_PASSWORD values passed to Artifactory
11 | - POSTGRES_USER=artifactory
12 | - POSTGRES_PASSWORD=${POSTGRES_PSWRD}
13 | volumes:
14 | - /data/postgresql:/var/lib/postgresql/data
15 | restart: always
16 | ulimits:
17 | nproc: 65535
18 | nofile:
19 | soft: 32000
20 | hard: 40000
21 | artifactory:
22 | image: docker.bintray.io/jfrog/artifactory-pro:6.23.13
23 | container_name: artifactory
24 | ports:
25 | - 8081:8081
26 | depends_on:
27 | - postgresql
28 | links:
29 | - postgresql
30 | volumes:
31 | - /data/artifactory:/var/opt/jfrog/artifactory
32 | environment:
33 | - DB_TYPE=postgresql
34 | # The following must match the POSTGRES_USER and POSTGRES_PASSWORD values passed to PostgreSQL
35 | - DB_USER=artifactory
36 | - DB_PASSWORD=${POSTGRES_PSWRD}
37 | # Add extra Java options by uncommenting the following line
38 | #- EXTRA_JAVA_OPTIONS=-Xms512m -Xmx4g
39 | restart: always
40 | ulimits:
41 | nproc: 65535
42 | nofile:
43 | soft: 32000
44 | hard: 40000
45 | nginx:
46 | image: docker.bintray.io/jfrog/nginx-artifactory-pro:6.23.13
47 | container_name: nginx
48 | ports:
49 | - 80:80
50 | - 443:443
51 | depends_on:
52 | - artifactory
53 | links:
54 | - artifactory
55 | volumes:
56 | - /data/nginx:/var/opt/jfrog/nginx
57 | environment:
58 | - ART_BASE_URL=http://artifactory:8081/artifactory
59 | - SSL=true
60 | restart: always
61 | ulimits:
62 | nproc: 65535
63 | nofile:
64 | soft: 32000
65 | hard: 40000
66 |
--------------------------------------------------------------------------------
/docker-compose/xray/.env:
--------------------------------------------------------------------------------
1 | XRAY_VERSION=2.11.9
2 | RABBITMQ_VERSION=3.7.0-management
3 | POSTGRES_VERSION=9.6.11
4 | MONGO_VERSION=3.2.6
5 |
6 | XRAY_DOCKER_REPO=docker.bintray.io/jfrog
7 | XRAYDB_DOCKER_REPO=docker.bintray.io/jfrog
8 |
9 | XRAY_SERVER_PORT=8000
10 | XRAY_MOUNT_ROOT=/data
11 | XRAY_DATA=/var/opt/jfrog/xray/data
12 | XRAY_USER_ID=1035
13 |
14 | DOCKER_SERVER_HOSTNAME=xray
15 | DOCKER_SERVER_FQDN=xray.example.com
16 |
17 | DOCKER_COMPOSE_FLAGS=
18 | DOCKER_COMPOSE_XRAY_SERVER_FLAGS=
19 | DOCKER_COMPOSE_XRAY_INDEXER_FLAGS=
20 | DOCKER_COMPOSE_XRAY_ANALYSIS_FLAGS=
21 | DOCKER_COMPOSE_XRAY_PERSIST_FLAGS=
22 |
23 | RABBITMQ_ERLANG_COOKIE=xray-erlang-cookie
24 |
25 | POSTGRES_USER=xray
26 | POSTGRES_PASSWORD=xray
27 | POSTGRES_DB=xraydb
28 |
--------------------------------------------------------------------------------
/docker-compose/xray/README.md:
--------------------------------------------------------------------------------
1 | # DEPRECATED
2 | [JFrog Xray](https://jfrog.com/xray/) is now distributed with an [official Docker-compose installer](https://www.jfrog.com/confluence/display/JFROG/Installing+Xray).
3 | The current Docker-compose examples will not be maintained anymore.
4 |
5 | # Xray Docker Compose Examples
6 |
7 | This directory provides some examples that show different ways to run Xray with Docker Compose.
8 | To learn more about Docker and how to set it up, please refer to the [Docker](https://docs.docker.com) and [Docker Compose](https://docs.docker.com/compose/overview/) documentation.
9 |
10 | Xray is available as different Docker images for:
11 |
12 | * [xray-server](https://bintray.com/jfrog/reg2/jfrog%3Axray-server) : Generating violations, hosting API / UI endpoints, running scheduled jobs
13 | * [xray-indexer](https://bintray.com/jfrog/reg2/jfrog%3Axray-indexer) : Responsible for the indexing process
14 | * [xray-analysis](https://bintray.com/jfrog/reg2/jfrog%3Axray-analysis) : Responsible for enriching component metadata
15 | * [xray-persist](https://bintray.com/jfrog/reg2/jfrog%3Axray-persist) : Matching the given components graph, completing component naming, storing the data in the relevant databases
16 | * [xray-rabbitmq](https://bintray.com/jfrog/reg2/jfrog%3Axray-rabbitmq) : Microservice Communication and Messaging
17 | * [xray-postgres](https://bintray.com/jfrog/reg2/jfrog%3Axray-postgres) : Components Graph Database
18 | * [xray-mongo](https://bintray.com/jfrog/reg2/jfrog%3Axray-mongo) : Components Metadata and Configuration
19 |
20 | These images are available for download from [JFrog Bintray](https://bintray.com/jfrog).
21 |
22 | ## Docker-Compose Usage
23 |
24 | To run any of the examples, you should execute:
25 |
26 | ```bash
27 | $ docker-compose -f
28 | ```
29 |
30 | ---
31 | ### Persistent Storage
32 |
33 | For persistent storage, all volumes are mounted from the host.
34 |
35 | All examples default to the host's **/data** directory via `.env` file
36 |
37 | > **IMPORTANT:** You should create the directories on the host before running `docker-compose`.
38 |
39 | - Xray data: **/data/xray**
40 | - RabbitMQ data: **/data/rabbitmq**
41 | - PostgreSQL data: **/data/postgres**
42 | - MongoDB data: **/data/mongodb**
43 |
44 | ---
45 | # Docker Compose Examples
46 |
47 | Below is a list of included examples. You are welcome to contribute.
48 |
49 | ---
50 | ## Xray
51 |
52 | Before starting with those examples, you have to prepare all the needed files and directories on the host.
53 |
54 | ```bash
55 | $ sudo ./prepareHostEnv.sh
56 | ```
57 |
58 | If it's the first installation, you have to create users first using [`createMongoUsers.js`](createMongoUsers.js) script.
59 |
60 | ```bash
61 | $ sudo docker-compose -f up -d mongodb
62 | $ sudo cat createMongoUsers.js | docker exec -i xray-mongodb mongo
63 | ```
64 |
65 | > Replace `` with one of those available in the examples.
66 |
67 | ### Run Xray with RabbitMQ, PostgreSQL and MongoDB
68 |
69 | ```bash
70 | $ sudo docker-compose -f up -d
71 | ```
72 |
73 | This example starts the containers and exposes Xray on port `8000` (http)
74 |
75 | ### Run Xray with Traefik + Let's Encrypt
76 |
77 | [Traefik](https://traefik.io/) is a [Docker-aware reverse proxy](https://docs.traefik.io/basics/) that includes its own [monitoring dashboard](https://docs.traefik.io/configuration/api/). In its essence it is dynamic reverse proxy. It can connect to many popular deployment platforms (docker, swarm, mezos, kubernetes, etc.) and obtain information about services (containers).
78 |
79 | In this example, Traefik will act as a reverse proxy of Xray Server container through [labels](https://docs.docker.com/config/labels-custom-metadata/) and automatically [create/renew Let's Encrypt certificates](https://docs.traefik.io/configuration/acme/).
80 |
81 | ```bash
82 | $ sudo touch acme.json
83 | $ sudo chmod 600 acme.json
84 | $ sudo docker-compose -f xray-traefik-letsencrypt.yml up -d
85 | ```
86 |
87 | This example starts the containers and exposes Traefik on ports `80` (http) and `443` (https) as a reverse proxy of Xray Server.
88 |
--------------------------------------------------------------------------------
/docker-compose/xray/createMongoUsers.js:
--------------------------------------------------------------------------------
1 | //JFrog Xray MongoDB Bootstrap
2 |
3 | //Creating default admin user
4 | var adminUser = {
5 | user:"admin",
6 | pwd: "password",
7 | roles: ["root"],
8 | customData: {
9 | createdBy: "JFrog Xray installer"
10 | }
11 | }
12 | db.getSiblingDB("admin").createUser(adminUser)
13 |
14 | //Creating default xray user
15 | var xrayUser = {
16 | user:"xray",
17 | pwd: "password",
18 | roles: ["dbOwner"],
19 | customData: {
20 | createdBy: "JFrog Xray installer"
21 | }
22 | }
23 |
24 | //Authenticating as admin to create xray user
25 | var loginOutput = db.getSiblingDB("admin").auth(adminUser.user,adminUser.pwd)
26 | db.getSiblingDB("xray").createUser(xrayUser)
--------------------------------------------------------------------------------
/docker-compose/xray/prepareHostEnv.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # This file is for preparing all the needed files and directories on the host.
3 |
4 | SCRIPT_DIR=$(dirname $0)
5 | OS_NAME=$(uname)
6 |
7 | errorExit () {
8 | echo; echo "ERROR: $1"; echo
9 | exit 1
10 | }
11 |
12 | if [ "${OS_NAME}" = "Linux" ] && [ "$EUID" != 0 ]; then
13 | errorExit "This script must be run as root or with sudo"
14 | fi
15 |
16 | if [ ! -f ./.env ]; then
17 | errorExit ".env file does not exist in $SCRIPT_DIR"
18 | fi
19 |
20 | source ./.env
21 |
22 | if [ ! -d ${XRAY_MOUNT_ROOT}/xray ]; then
23 | echo "Creating ${XRAY_MOUNT_ROOT}/xray"
24 | mkdir -p ${XRAY_MOUNT_ROOT}/xray
25 | mkdir -p ${XRAY_MOUNT_ROOT}/rabbitmq/conf
26 | mkdir -p ${XRAY_MOUNT_ROOT}/rabbitmq/logs
27 | cp rabbitmq.conf ${XRAY_MOUNT_ROOT}/rabbitmq/conf
28 | fi
29 |
30 | if [ $(stat -c '%u' ${XRAY_MOUNT_ROOT}/xray) != "${XRAY_USER_ID}" ] || [ $(stat -c '%g' ${XRAY_MOUNT_ROOT}/xray) != "${XRAY_USER_ID}" ]; then
31 | echo "Setting needed ownerships on ${XRAY_MOUNT_ROOT}/xray"
32 | chown -R ${XRAY_USER_ID}:${XRAY_USER_ID} ${XRAY_MOUNT_ROOT}/xray || errorExit "Setting ownership of ${XRAY_MOUNT_ROOT}/xray to ${XRAY_USER_ID} failed"
33 | fi
34 |
35 | echo "Done!"
36 |
--------------------------------------------------------------------------------
/docker-compose/xray/xray-traefik-letsencrypt.yml:
--------------------------------------------------------------------------------
1 | version: "3.2"
2 |
3 | services:
4 | traefik:
5 | image: traefik:1.6-alpine
6 | command:
7 | - "--logLevel=INFO"
8 | - "--defaultentrypoints=http,https"
9 | - "--entryPoints=Name:http Address::80 Redirect.EntryPoint:https"
10 | - "--entryPoints=Name:https Address::443 TLS"
11 | - "--docker"
12 | - "--docker.exposedbydefault=false"
13 | - "--docker.watch=true"
14 | - "--docker.domain=example.com"
15 | - "--acme=true"
16 | - "--acme.acmelogging=true"
17 | - "--acme.email=webmaster@example.com"
18 | - "--acme.storage=acme.json"
19 | - "--acme.entryPoint=https"
20 | - "--acme.onhostrule=true"
21 | - "--acme.httpchallenge=true"
22 | - "--acme.httpchallenge.entrypoint=http"
23 | ports:
24 | - target: 80
25 | published: 80
26 | protocol: tcp
27 | - target: 443
28 | published: 443
29 | protocol: tcp
30 | volumes:
31 | - "$XRAY_MOUNT_ROOT/acme.json:/acme.json"
32 | - "/var/run/docker.sock:/var/run/docker.sock"
33 | restart: always
34 |
35 | xray-server:
36 | image: $XRAY_DOCKER_REPO/xray-server:$XRAY_VERSION
37 | container_name: xray-server
38 | depends_on:
39 | - mongodb
40 | - postgres
41 | - rabbitmq
42 | volumes:
43 | - "$XRAY_MOUNT_ROOT/xray:$XRAY_DATA"
44 | labels:
45 | - "traefik.enable=true"
46 | - "traefik.backend=xray-server"
47 | - "traefik.port=$XRAY_SERVER_PORT"
48 | - "traefik.frontend.rule=Host:$DOCKER_SERVER_FQDN"
49 | environment:
50 | - "XRAYCONFIGPATH=$XRAY_DATA"
51 | - "DOCKER_COMPOSE_FLAGS=$DOCKER_COMPOSE_FLAGS"
52 | - "DOCKER_COMPOSE_XRAY_FLAGS=$DOCKER_COMPOSE_XRAY_SERVER_FLAGS"
53 | restart: always
54 |
55 | xray-indexer:
56 | image: $XRAY_DOCKER_REPO/xray-indexer:$XRAY_VERSION
57 | container_name: xray-indexer
58 | depends_on:
59 | - postgres
60 | - rabbitmq
61 | volumes:
62 | - "$XRAY_MOUNT_ROOT/xray:$XRAY_DATA"
63 | environment:
64 | - "XRAYCONFIGPATH=$XRAY_DATA"
65 | - "DOCKER_COMPOSE_FLAGS=$DOCKER_COMPOSE_FLAGS"
66 | - "DOCKER_COMPOSE_XRAY_FLAGS=$DOCKER_COMPOSE_XRAY_INDEXER_FLAGS"
67 | restart: always
68 |
69 | xray-analysis:
70 | image: $XRAY_DOCKER_REPO/xray-analysis:$XRAY_VERSION
71 | container_name: xray-analysis
72 | depends_on:
73 | - postgres
74 | - rabbitmq
75 | volumes:
76 | - "$XRAY_MOUNT_ROOT/xray:$XRAY_DATA"
77 | environment:
78 | - "XRAYCONFIGPATH=$XRAY_DATA"
79 | - "DOCKER_COMPOSE_FLAGS=$DOCKER_COMPOSE_FLAGS"
80 | - "DOCKER_COMPOSE_XRAY_FLAGS=$DOCKER_COMPOSE_XRAY_ANALYSIS_FLAGS"
81 | restart: always
82 |
83 | xray-persist:
84 | image: $XRAY_DOCKER_REPO/xray-persist:$XRAY_VERSION
85 | container_name: xray-persist
86 | depends_on:
87 | - postgres
88 | - rabbitmq
89 | volumes:
90 | - "$XRAY_MOUNT_ROOT/xray:$XRAY_DATA"
91 | environment:
92 | - "XRAYCONFIGPATH=$XRAY_DATA"
93 | - "DOCKER_COMPOSE_FLAGS=$DOCKER_COMPOSE_FLAGS"
94 | - "DOCKER_COMPOSE_XRAY_FLAGS=$DOCKER_COMPOSE_XRAY_PERSIST_FLAGS"
95 | restart: always
96 |
97 | rabbitmq:
98 | image: $XRAYDB_DOCKER_REPO/xray-rabbitmq:$RABBITMQ_VERSION
99 | container_name: xray-rabbitmq
100 | hostname: $DOCKER_SERVER_HOSTNAME
101 | volumes:
102 | - "$XRAY_MOUNT_ROOT/rabbitmq:/var/lib/rabbitmq"
103 | environment:
104 | - "RABBITMQ_ERLANG_COOKIE=$RABBITMQ_ERLANG_COOKIE"
105 | restart: always
106 |
107 | postgres:
108 | image: $XRAYDB_DOCKER_REPO/xray-postgres:$POSTGRES_VERSION
109 | container_name: xray-postgres
110 | environment:
111 | - "POSTGRES_USER=$POSTGRES_USER"
112 | - "POSTGRES_PASSWORD=$POSTGRES_PASSWORD"
113 | - "POSTGRES_DB=$POSTGRES_DB"
114 | volumes:
115 | - "$XRAY_MOUNT_ROOT/postgres:/var/lib/postgresql/data"
116 | restart: always
117 |
118 | mongodb:
119 | image: $XRAYDB_DOCKER_REPO/xray-mongo:$MONGO_VERSION
120 | container_name: xray-mongodb
121 | entrypoint: /bin/bash -c "chmod 777 /data/logs; /entrypoint.sh --logpath /data/logs/xray-mongo.log --auth"
122 | volumes:
123 | - "$XRAY_MOUNT_ROOT/mongodb/logs:/data/logs"
124 | - "$XRAY_MOUNT_ROOT/mongodb/configdb:/data/configdb"
125 | - "$XRAY_MOUNT_ROOT/mongodb/db:/data/db"
126 | restart: always
--------------------------------------------------------------------------------
/docker-compose/xray/xray.yml:
--------------------------------------------------------------------------------
1 | version: "3"
2 |
3 | services:
4 | xray-server:
5 | image: $XRAY_DOCKER_REPO/xray-server:$XRAY_VERSION
6 | container_name: xray-server
7 | ports:
8 | - "$XRAY_SERVER_PORT:$XRAY_SERVER_PORT"
9 | depends_on:
10 | - mongodb
11 | - postgres
12 | - rabbitmq
13 | volumes:
14 | - "$XRAY_MOUNT_ROOT/xray:$XRAY_DATA"
15 | environment:
16 | - "XRAYCONFIGPATH=$XRAY_DATA"
17 | - "DOCKER_COMPOSE_FLAGS=$DOCKER_COMPOSE_FLAGS"
18 | - "DOCKER_COMPOSE_XRAY_FLAGS=$DOCKER_COMPOSE_XRAY_SERVER_FLAGS"
19 | restart: always
20 |
21 | xray-indexer:
22 | image: $XRAY_DOCKER_REPO/xray-indexer:$XRAY_VERSION
23 | container_name: xray-indexer
24 | depends_on:
25 | - postgres
26 | - rabbitmq
27 | volumes:
28 | - "$XRAY_MOUNT_ROOT/xray:$XRAY_DATA"
29 | environment:
30 | - "XRAYCONFIGPATH=$XRAY_DATA"
31 | - "DOCKER_COMPOSE_FLAGS=$DOCKER_COMPOSE_FLAGS"
32 | - "DOCKER_COMPOSE_XRAY_FLAGS=$DOCKER_COMPOSE_XRAY_INDEXER_FLAGS"
33 | restart: always
34 |
35 | xray-analysis:
36 | image: $XRAY_DOCKER_REPO/xray-analysis:$XRAY_VERSION
37 | container_name: xray-analysis
38 | depends_on:
39 | - postgres
40 | - rabbitmq
41 | volumes:
42 | - "$XRAY_MOUNT_ROOT/xray:$XRAY_DATA"
43 | environment:
44 | - "XRAYCONFIGPATH=$XRAY_DATA"
45 | - "DOCKER_COMPOSE_FLAGS=$DOCKER_COMPOSE_FLAGS"
46 | - "DOCKER_COMPOSE_XRAY_FLAGS=$DOCKER_COMPOSE_XRAY_ANALYSIS_FLAGS"
47 | restart: always
48 |
49 | xray-persist:
50 | image: $XRAY_DOCKER_REPO/xray-persist:$XRAY_VERSION
51 | container_name: xray-persist
52 | depends_on:
53 | - postgres
54 | - rabbitmq
55 | volumes:
56 | - "$XRAY_MOUNT_ROOT/xray:$XRAY_DATA"
57 | environment:
58 | - "XRAYCONFIGPATH=$XRAY_DATA"
59 | - "DOCKER_COMPOSE_FLAGS=$DOCKER_COMPOSE_FLAGS"
60 | - "DOCKER_COMPOSE_XRAY_FLAGS=$DOCKER_COMPOSE_XRAY_PERSIST_FLAGS"
61 | restart: always
62 |
63 | rabbitmq:
64 | image: $XRAYDB_DOCKER_REPO/xray-rabbitmq:$RABBITMQ_VERSION
65 | container_name: xray-rabbitmq
66 | hostname: $DOCKER_SERVER_HOSTNAME
67 | volumes:
68 | - "$XRAY_MOUNT_ROOT/rabbitmq:/var/lib/rabbitmq"
69 | - "$XRAY_MOUNT_ROOT/rabbitmq/conf:/etc/rabbitmq"
70 | - "$XRAY_MOUNT_ROOT/rabbitmq/logs:/var/log/rabbitmq/logs"
71 | environment:
72 | - "RABBITMQ_ERLANG_COOKIE=$RABBITMQ_ERLANG_COOKIE"
73 | restart: always
74 |
75 | postgres:
76 | image: docker.bintray.io/postgres:$POSTGRES_VERSION
77 | container_name: xray-postgres
78 | environment:
79 | - "POSTGRES_USER=$POSTGRES_USER"
80 | - "POSTGRES_PASSWORD=$POSTGRES_PASSWORD"
81 | - "POSTGRES_DB=$POSTGRES_DB"
82 | volumes:
83 | - "$XRAY_MOUNT_ROOT/postgres:/var/lib/postgresql/data"
84 | restart: always
85 |
86 | mongodb:
87 | image: $XRAYDB_DOCKER_REPO/xray-mongo:$MONGO_VERSION
88 | container_name: xray-mongodb
89 | entrypoint: /bin/bash -c "chmod 777 /data/logs; /entrypoint.sh --logpath /data/logs/xray-mongo.log --auth"
90 | volumes:
91 | - "$XRAY_MOUNT_ROOT/mongodb/logs:/data/logs"
92 | - "$XRAY_MOUNT_ROOT/mongodb/configdb:/data/configdb"
93 | - "$XRAY_MOUNT_ROOT/mongodb/db:/data/db"
94 | restart: always
95 |
--------------------------------------------------------------------------------
/files/access/etc/keys/private.key:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIIEogIBAAKCAQEAw4LGKn8fJi08vA53PPkP1Jw8LuG4Bf1trBXe4Reo1FavZCcl
3 | ZaeEGF4qG/meEQRujilaVb27SrCPaLKxI/kzATz2NRn9SQj66N70nbVCsD2RPvjM
4 | K4UlCu/IuyLmOf2Jv1NuFSwdnYK2wj5Mf91tiOzVn+QC1tT/2X0kuDiwb4p8ybv0
5 | DE9EooLUSs1iWWamSfRbEMyVXfGVIO2ULYOJxqf03vg96JvoCL3qkDUYo/85Fd2u
6 | hWwDXE3Dv1q5DM9TCAkVZOuOh+OmgEiln6ybp7Y4cV6mqiWuBu3DvtiBNla10qNA
7 | Z9g+hqkeuqJPIvbXZSOqXW5KqUH0S3KwhJa93QIDAQABAoIBABK3eEUlOlQrTH8s
8 | W1no9g0Cj/hk/3sDUfaBeX7PBwic69mIrdnXeZvjl+Bpuyoh5HuTleRTb5Ss5m29
9 | fZvWBX3+2gsnW8ocI/kbLwvSCHpayobexpz7+Bnd7reLlcLDdOZuFEHOoV8s3lYm
10 | JKixCAVttt3BtEvgxEWL53IDa1CiJEszv7exW+udB+xy/YygrvNhYT9kPrgPZYHT
11 | ZRyO3x40iICI8mLBOaNAdQM0lEVDpjKLpKXcpFHZn+ApBskxvWNbFAJYOA5VGv3V
12 | YveS8mUV/xT+GZ7WJxWm9Ar1cBDNcCbiO0z1MI4yEL+NOsCizxD3mtzpb0n0+TTY
13 | hXklz/kCgYEA+eLQ3qubcHyaTg6xEri56eJjaso3CKpcStDAuu/Ni3JMzEc1zljH
14 | hRotKhd872b55Go+8DeNWqbDz19R2/1F2pW1I+2X7baL4FJHZDv0F4Wwo7/5sr8g
15 | pPawcoFDk52sIka5TDMI4IK75x5CZcax0PpP/nQBAGj5nayRFSuQWHMCgYEAyEtf
16 | 0zexJsaicXJClallrH0YybnVXIqHwuC+zfszwzPPLKEqsQXEYCNHijeIR4VT27iv
17 | BBkZaIvXFYQmSO+GlyrnMAAXD0pmU+RhWvmN1k83Rb0t1+OFZ+X3Os1k0ewBxl/U
18 | pab1K8VPG08YFddukzKncppWg3tvydtIApf5DG8CgYAr/kSrjybUjPtVlrySATep
19 | 95NtL6C0w9lvyoTD5IgZbswagsb0RykJQ+yDppL2Svjfv9zIyd73ALkkfzGYO2Ta
20 | 8NRtON0wmpzRp2quOOfmZEEO8zNwxrlmkY/K+Pr+uBmgBzeENM/xRtLyA5/I70xK
21 | 8Ga4849hlRmtKr54La1CBQKBgBjSjoukqUW+9D7PBEV7+ufHkRze9PxFBtI1/C+W
22 | 5DFa6GAFkT7jEhVACgutGiyS73OZjccaPTXhrsQx3nTHioyNep1ORY1VkRzwfshB
23 | iTx4EMeJzHam8c+QhnU5IzeI4idtlPL6oAPOriEaSkfarQ99BZeEXRhqYc5IaMI5
24 | h1ntAoGAF0u8cQZqiZgwDHDk7zS7bpgkBSf49sx2Aa53+kZd5+s0muo+8HOxARC+
25 | +M4x7WYIKFonah7yYKbR36w5o87G9wN7bP52FMYrsccR6AQy02kEG52M38xXJ3Fb
26 | LgngQmLBNaOE/75tFkqhzj9MnTMbUvaA8K9Q54WGswzvGjkOlqM=
27 | -----END RSA PRIVATE KEY-----
28 |
--------------------------------------------------------------------------------
/files/access/etc/keys/root.crt:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIC7TCCAdWgAwIBAgIBATANBgkqhkiG9w0BAQsFADA5MTcwNQYDVQQDDC5qZi1h
3 | Y2Nlc3NAMjYxMTIxMDEtMTJhYy00ZTdhLWI5YjEtNGRjODQ3OTI3ZDg5MCAXDTE2
4 | MTIxMjE0MTMzM1oYDzcwMDAwMTAxMDAwMDMyWjA5MTcwNQYDVQQDDC5qZi1hY2Nl
5 | c3NAMjYxMTIxMDEtMTJhYy00ZTdhLWI5YjEtNGRjODQ3OTI3ZDg5MIIBIjANBgkq
6 | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4LGKn8fJi08vA53PPkP1Jw8LuG4Bf1t
7 | rBXe4Reo1FavZCclZaeEGF4qG/meEQRujilaVb27SrCPaLKxI/kzATz2NRn9SQj6
8 | 6N70nbVCsD2RPvjMK4UlCu/IuyLmOf2Jv1NuFSwdnYK2wj5Mf91tiOzVn+QC1tT/
9 | 2X0kuDiwb4p8ybv0DE9EooLUSs1iWWamSfRbEMyVXfGVIO2ULYOJxqf03vg96Jvo
10 | CL3qkDUYo/85Fd2uhWwDXE3Dv1q5DM9TCAkVZOuOh+OmgEiln6ybp7Y4cV6mqiWu
11 | Bu3DvtiBNla10qNAZ9g+hqkeuqJPIvbXZSOqXW5KqUH0S3KwhJa93QIDAQABMA0G
12 | CSqGSIb3DQEBCwUAA4IBAQBElKIpJBg52lZv9cCgRr1jzx2q2BUUADb/kBw8HiYD
13 | AcfQqzT1ByqPBe36PkucIUxHEfoqadIfTzzAjHpaXMr3EvXxCt293tXxFyPyzWx5
14 | rOW5zyymWukF6DqNAAK5B2pbd1oyx7lTMWZdgegzMKxONfQ9nsuAEtvE3eOly49s
15 | XxUA7uJXf7GZhdR0OX9jQMzTflw+kjtF1mayc17/zTGhValHkIhOYDo0YxNRPqXv
16 | GGf/H4xYWQmigxHsPmiG1U2JvBWyrSq3MNH69E6HgfcNS5M7+m4b7LhTeC7lyqSH
17 | iR5dbZEmaL9IrPmxclUyBJT0Htlu61NrDaKIxzj9s3zr
18 | -----END CERTIFICATE-----
19 |
--------------------------------------------------------------------------------
/files/binarystore.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | crossNetworkStrategy
6 | crossNetworkStrategy
7 | 2
8 | 1
9 | 2
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 | shard-fs-1
20 | local
21 |
22 |
23 |
24 | 30
25 | tester-remote1
26 | 10000
27 | remote
28 |
29 |
30 |
--------------------------------------------------------------------------------
/files/nginx/conf.d/ha/artifactory.conf:
--------------------------------------------------------------------------------
1 | ## add HA entries when ha is configure
2 | upstream artifactory {
3 | server artifactory-node1:8081;
4 | server artifactory-node2:8081;
5 | }
6 | ## add ssl entries when https has been set in config
7 | ssl_certificate /etc/nginx/ssl/example.pem;
8 | ssl_certificate_key /etc/nginx/ssl/example.key;
9 | ssl_session_cache shared:SSL:1m;
10 | ssl_prefer_server_ciphers on;
11 | ## server configuration
12 | server {
13 | listen 443 ssl;
14 | listen 80 ;
15 | server_name ~(?.+)\.artifactory artifactory;
16 |
17 | if ($http_x_forwarded_proto = '') {
18 | set $http_x_forwarded_proto $scheme;
19 | }
20 | ## Application specific logs
21 | ## access_log /var/log/nginx/artifactory-access.log timing;
22 | ## error_log /var/log/nginx/artifactory-error.log;
23 | rewrite ^/$ /artifactory/webapp/ redirect;
24 | rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect;
25 | rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2;
26 | chunked_transfer_encoding on;
27 | client_max_body_size 0;
28 | location /artifactory/ {
29 | proxy_read_timeout 900;
30 | proxy_pass_header Server;
31 | proxy_cookie_path ~*^/.* /;
32 | proxy_pass http://artifactory/artifactory/;
33 | proxy_next_upstream http_503 non_idempotent;
34 | proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory;
35 | proxy_set_header X-Forwarded-Port $server_port;
36 | proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
37 | proxy_set_header Host $http_host;
38 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
39 | }
40 | }
41 |
--------------------------------------------------------------------------------
/files/nginx/conf.d/oss/artifactory.conf:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | ## add ssl entries when https has been set in config
6 | ssl_certificate /etc/nginx/ssl/example.pem;
7 | ssl_certificate_key /etc/nginx/ssl/example.key;
8 | ssl_session_cache shared:SSL:1m;
9 | ssl_prefer_server_ciphers on;
10 | ## server configuration
11 | server {
12 | listen 443 ssl;
13 | listen 80 ;
14 | server_name ~(?.+)\.artifactory artifactory;
15 |
16 | if ($http_x_forwarded_proto = '') {
17 | set $http_x_forwarded_proto $scheme;
18 | }
19 | ## Application specific logs
20 | ## access_log /var/log/nginx/artifactory-access.log timing;
21 | ## error_log /var/log/nginx/artifactory-error.log;
22 | rewrite ^/$ /artifactory/webapp/ redirect;
23 | rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect;
24 | rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2;
25 | chunked_transfer_encoding on;
26 | client_max_body_size 0;
27 | location /artifactory/ {
28 | proxy_read_timeout 900;
29 | proxy_pass_header Server;
30 | proxy_cookie_path ~*^/.* /;
31 | proxy_pass http://artifactory:8081/artifactory/;
32 | proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory;
33 | proxy_set_header X-Forwarded-Port $server_port;
34 | proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
35 | proxy_set_header Host $http_host;
36 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/files/nginx/conf.d/pro/artifactory.conf:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | ## add ssl entries when https has been set in config
6 | ssl_certificate /etc/nginx/ssl/example.pem;
7 | ssl_certificate_key /etc/nginx/ssl/example.key;
8 | ssl_session_cache shared:SSL:1m;
9 | ssl_prefer_server_ciphers on;
10 | ## server configuration
11 | server {
12 | listen 443 ssl;
13 | listen 80 ;
14 | server_name ~(?.+)\.artifactory artifactory;
15 |
16 | if ($http_x_forwarded_proto = '') {
17 | set $http_x_forwarded_proto $scheme;
18 | }
19 | ## Application specific logs
20 | ## access_log /var/log/nginx/artifactory-access.log timing;
21 | ## error_log /var/log/nginx/artifactory-error.log;
22 | rewrite ^/$ /artifactory/webapp/ redirect;
23 | rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect;
24 | rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2;
25 | chunked_transfer_encoding on;
26 | client_max_body_size 0;
27 | location /artifactory/ {
28 | proxy_read_timeout 900;
29 | proxy_pass_header Server;
30 | proxy_cookie_path ~*^/.* /;
31 | proxy_pass http://artifactory:8081/artifactory/;
32 | proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory;
33 | proxy_set_header X-Forwarded-Port $server_port;
34 | proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
35 | proxy_set_header Host $http_host;
36 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/files/nginx/ssl/demo.key:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIIJJwIBAAKCAgEAkCF7tEyHvVzzIqxa/3EdyfJu9FsjJKM+8FjmroX/1Xk78NeU
3 | UulOZMLDnOGSpxQDSeh7eiHq7CL9cIZCscPGVHRrspKcRnBQp2P9wfu9VpGfG+fE
4 | MJjelKqxp59gw04sxe1Z6UgayOxs3OZCTAURDKYbLXvFRaWnY0W3Gr350dVqdMrk
5 | x5TQPycJSmgCJqNyfxGnhY9EcpD6TmoZrTdM4zSp75MUKahuqr0xFXu2HJz0OH8v
6 | tE1zA1WxOhLJmlZPh7jjfjCjbQUDnPcWbkYf0QYGTRTrDPbj3c1HnDDalWc6y1Uo
7 | PwMIc6Ev+DGqVgxv2p2PB1vKRXh/hvnHB77oUO23UKLhlo5bBsVxGvAlT8Hkss1h
8 | uPCIjL8WgyF4sRZAsHiMhqHJlpk8puKXENWA2+tElyEERKNRGPOT9EcPJMEzEJ9O
9 | ZC4qVB4Wmew+MPwYcMnOinYvB7xY7bVlWs+REanoyTAvSnPbMRsmbsW05nLipQze
10 | wrJqu1pEo5to6RWRpWf/v73EYP/Pr73QiZ6EuXNYWGrsiktz9L8PEvWjsGMzkbNV
11 | uu841wTxFXNDMLvZwSsGWdxK8hIAQYjZ8YtDTqLI7InkkZV8+gQ/vQMREVJv1igT
12 | tIx8M0KW4T6HpUrNhFBV84Uxk2qQ5gELgn4nySMtadrQPMOZzkq30PC8AnkCAwEA
13 | AQKCAgBTtz8VAIavVLfcYeQRDvDQhcIwqGcHNtKt49VJdYedxOcuAumiJuVj3USl
14 | cNgvt44ZdbGSxPSg58nxe+ptOluOXnjXphSjTUVrlMalz8Sv7bFPEhWAbKqMC4FY
15 | 7VfU2SlkZXKd70WvgrPQsuW7Jg47HJgYmRWCWK+bF7k9DS9309AbumWcDzHOHKxm
16 | zXbCXpl4eRammwqUyOS6eyIi3EYKimJSR0mk0LJG9dD2u36RrBCmaCmbPokZXMKu
17 | Co+S16MmIBvzBelGv2zT1SjwMEb2r9slFotYYmcEQ+HeNPohYW5jADl6MBbOoscs
18 | EBzyEhM+Fdon2gboxw67pYUXWKmyyNuOF7NKL023qNToBJDqvskFKSHBTjsWLzCh
19 | QV4/rUIXLaBdTokR4Vr1HyRa4jAzlomtMgb9Pxc3F0inQ4rhGvf9+laLxCTdd8YE
20 | gQz2LyMIWXBkcx61aphTA7hB7DnW0aene56+VYsLN8MsNDGDO4T7poVCkm/Dalj+
21 | T8053ob5e7i0e1PRkld23Psju52P4MbH4h0mGFgDjpa7oZBbTkFUlsR3l+qXpd0n
22 | O/O73gZ7t/aGsddK1YjqJe1sW0uTHhdlh9Tsk+3BvxtyCoKHgGdAIKLAj+EqE6oc
23 | Lct/CvYaqX1oGtRETIq0UxavCtUJIaM7hseRadyfbqtapct1iQKCAQEAwB8yeqaK
24 | GQklXqnrw5E6AOmHaQS4l05s+MR5uMsRshlfHycTXa3+NK+wMbcw5xKZkJLQxBvW
25 | F85HVkTlO0YcT2Xbf0YuhIQbn2gKj2ea5HHZvC0BAl6SLFrGpqhfIf84a/kNJRzB
26 | OxNksjiyeppRGC+i1/9tInOcQRszf80ikHtrwGvh/H9UcS79elwafPW9E5zA33Vt
27 | R7wNdPQb72oAAtentJOiUYmtv36nt7n/5SIkkrZ+nBaiKEn5pDmGDZyXYnp2Ise5
28 | hB4KMbiRALHaXY/KUU+2H5VPlZGXYRyP/eda4mLxO8GWfdZCJZLkfUwNnhjkE1ZR
29 | RKnIWww7OSZfKwKCAQEAwA1wRsDrpiG4yo/stMiZg+Qu6j3cZVtKMfU5/dGYX5vj
30 | h3rslPf2a87k13eNyV4lr8k/Wb7xRKNeC8O8lK6EnnMESOdxpYCaTSJkb3vlWr8I
31 | YetQDLklbhz4Sl5PBsKqjyxY9ahwr71DAmhcwo7dhZPSqbkBxNYWppbaE909ix7O
32 | c2p93g0oK2lCa8rVjNtEGi0+Jd443C/obb8qPbwjR0UYu/9EC2JBVLG7X7Q7p4f4
33 | 7a3zUwxfpO3D+uc74qMAMc23847RvY9EGKZlVbhBd+qnrNXEYgyhmjBe+BesD94D
34 | ctFb5C5Q4E7DPQGRSFilWWQdH0XI/+YnyDAyN6Ty6wKCAQBxOTGHpORYEtLKMjv2
35 | unzDkt0xoA2lZhvElA3kQREBtAAiHOZF3EenBy9AbWTNmWGVGWEdYgZPa0sRZXLu
36 | 9seyZyXvoQ3DHRQmYqtujjFzlkEqrB8fJVrh9vGBwFKod3/p6hG8IHEkfq5mdhGB
37 | PbazGUfQIgFQP3AD0qMMG3nWSlZbRXkeVHAQcBAEb4lQwYYXq9bjGpI3p3UKyt43
38 | v3GYOz3jpuoPQaN66oqvNVfA0tlY+WIuXQxd0BLmnNwK45E4AVHj9262lPmPCeWy
39 | 0h4N67LhLqf3fwgy7mWXXrzhdtpR9tuSSumE6aN7/1DXIt4XoTWwy7sDS0f/mHrC
40 | mIGXAoIBAFfyD3cnAwI5sQB5deC3d60xAdbcax+y9T/5VwwHPeqSXVf+D3aMMjje
41 | LmcI5VHQHhvoYW08hglzci6a/LFtVWelrdGgwqcSRBaMaEexCa9LiZAljKu24RAS
42 | jhSoKTIkVKxpl3cvIiMn3RauKcQiXgi8T5zPDqNPkmHI9KZiCru5aLrriiX0CnAO
43 | rI7l/HKbOg1uqGX45DrYaWxQPQy2KcWKO7BjTYqU/OvG09IYm7S1DGXy4Vkncmj5
44 | RGSSHRdEo2MrHFCZFyzh/UH4eLEPRlOejhgUb/CibiJIgkTDulQty5B5lMXh+8Er
45 | 8DXwkNH7XgSYVsmqUEf24kLG50gZ7e8CggEACQNoUoONzKrNsowavmVuEwal5mXz
46 | BabfCGlvw+fPIbBM/b5Pdo801xkLRdIaxJkO+g4LHX2Kiy0Mp7/Q5JzOEYnAP5iM
47 | I8+OcFZVZDx4HmTPOVl5rZHn+LCAqel73IfcYelRfNEBDd0YfdN3wh1nXrb+UBW2
48 | pES4VgFzJ4VOvoTNPlQrWyE4E711mkY1mR5TGs5Q/9i07Q+kzFggNs9zpm0/qmtq
49 | Cqg4gwy9bLd9DzYZLb21KRxTx9rAQqs1wM5Qk6c/vH1Ia2tFBYZw2shX/f457sqQ
50 | 74+j6nuMiI7K+J99oM1eUzWSW50tyKC9kk8133iSnyNMSu+S8DPe21ICzQ==
51 | -----END RSA PRIVATE KEY-----
52 |
--------------------------------------------------------------------------------
/files/nginx/ssl/demo.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIF8DCCA9igAwIBAgIJAKSiOwHGeidsMA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
3 | BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpTYW50YUNsYXJh
4 | MQswCQYDVQQKEwJJVDESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTE3MDExMTE0NDMx
5 | MVoXDTE4MDEwMjE0NDMxMVowWDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlm
6 | b3JuaWExEzARBgNVBAcTClNhbnRhQ2xhcmExCzAJBgNVBAoTAklUMRIwEAYDVQQD
7 | Ewlsb2NhbGhvc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCQIXu0
8 | TIe9XPMirFr/cR3J8m70WyMkoz7wWOauhf/VeTvw15RS6U5kwsOc4ZKnFANJ6Ht6
9 | IersIv1whkKxw8ZUdGuykpxGcFCnY/3B+71WkZ8b58QwmN6UqrGnn2DDTizF7Vnp
10 | SBrI7Gzc5kJMBREMphste8VFpadjRbcavfnR1Wp0yuTHlNA/JwlKaAImo3J/EaeF
11 | j0RykPpOahmtN0zjNKnvkxQpqG6qvTEVe7YcnPQ4fy+0TXMDVbE6EsmaVk+HuON+
12 | MKNtBQOc9xZuRh/RBgZNFOsM9uPdzUecMNqVZzrLVSg/AwhzoS/4MapWDG/anY8H
13 | W8pFeH+G+ccHvuhQ7bdQouGWjlsGxXEa8CVPweSyzWG48IiMvxaDIXixFkCweIyG
14 | ocmWmTym4pcQ1YDb60SXIQREo1EY85P0Rw8kwTMQn05kLipUHhaZ7D4w/Bhwyc6K
15 | di8HvFjttWVaz5ERqejJMC9Kc9sxGyZuxbTmcuKlDN7Csmq7WkSjm2jpFZGlZ/+/
16 | vcRg/8+vvdCJnoS5c1hYauyKS3P0vw8S9aOwYzORs1W67zjXBPEVc0Mwu9nBKwZZ
17 | 3EryEgBBiNnxi0NOosjsieSRlXz6BD+9AxERUm/WKBO0jHwzQpbhPoelSs2EUFXz
18 | hTGTapDmAQuCfifJIy1p2tA8w5nOSrfQ8LwCeQIDAQABo4G8MIG5MB0GA1UdDgQW
19 | BBS65lqDTvd4wdYeq6c8U8r/0ytY7TCBiQYDVR0jBIGBMH+AFLrmWoNO93jB1h6r
20 | pzxTyv/TK1jtoVykWjBYMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p
21 | YTETMBEGA1UEBxMKU2FudGFDbGFyYTELMAkGA1UEChMCSVQxEjAQBgNVBAMTCWxv
22 | Y2FsaG9zdIIJAKSiOwHGeidsMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
23 | ggIBAHhbnNBz9a/3evFuN+WQ5OntYHJybQj7a8h+GLWHAglqFq0/QJ0n1YZVBoI2
24 | ExajRGVdwgOFadgvM8SDrgXBHNEWGRahOpnRPuYh9AhG+bnWsXSUEO05xFmNH/Mu
25 | roYaKhPZda8jNq3+GPEWlHqiJf1FQ9qmizWoxm0jLCjyAMtzDai8KvagHYSr0Zym
26 | FXUI19/ROy9YAgnL6u7wwRVmp9VbP/MI/C5cmNmykDbiXcxy3TprSPlmrPtb9Rs0
27 | 7hLmmNtM3cXW5gpID7q16XesyOlDH/+yhvVB93B4d93MHxd1TzBGVmX4zRKC10dV
28 | gy8/cWjoIa8HIzXBBj4X5WfUMin8JhZy/IhlKe8Ssc5qljOCV/6FgGCnfAbGo8BM
29 | bHD2CsPP43krFSTZqwcsFErRHSHfi5xkjsE1OvkgRO1vJX0Y4EKkH3vN26b93dRb
30 | W1vVd9IHWOyLj8dQFSVZNiaP6xnV2NRCf7ryesxhSx4YWF6M1fV28rrhELYs303I
31 | puA3iyzogT5/oLddmedJF8UlAjUtkIuYhajaOSCtMWWmOmpftbgJyGHYYBsQ33Dj
32 | gr8fB7s2DRLqcWxeCEAfW+sj6/sE33mYkiHcoIzKfmn42xJg3k3pIv1RKEr8NKnW
33 | 5FIiDSX2vzCA9l1E3z3xMDhPaZV32tsxwp5xI5sNqlYxJdpV
34 | -----END CERTIFICATE-----
35 |
--------------------------------------------------------------------------------
/files/plugins/inactiveServerCleaner.groovy:
--------------------------------------------------------------------------------
1 | import org.artifactory.state.ArtifactoryServerState
2 | import org.artifactory.storage.db.servers.service.ArtifactoryServersCommonService
3 | import org.artifactory.common.ConstantValues
4 | import org.slf4j.Logger
5 |
6 | import java.util.concurrent.TimeUnit
7 |
8 | jobs {
9 | clean(cron: "0 * * * * ?") {
10 | def artifactoryServersCommonService = ctx.beanForType(ArtifactoryServersCommonService)
11 | def artifactoryInactiveServerCleaner = new ArtifactoryInactiveServersCleaner(artifactoryServersCommonService, log)
12 | artifactoryInactiveServerCleaner.cleanInactiveArtifactoryServers()
13 | }
14 | }
15 |
16 | public class ArtifactoryInactiveServersCleaner {
17 |
18 | private ArtifactoryServersCommonService artifactoryServersCommonService
19 | private Logger log
20 |
21 | ArtifactoryInactiveServersCleaner(ArtifactoryServersCommonService artifactoryServersCommonService, Logger log) {
22 | this.artifactoryServersCommonService = artifactoryServersCommonService
23 | this.log = log
24 | }
25 |
26 | def cleanInactiveArtifactoryServers() {
27 | log.info "Executing inactive artifactory servers cleaner plugin"
28 | List allMembers = artifactoryServersCommonService.getAllArtifactoryServers()
29 | for (member in allMembers) {
30 | def heartbeat = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis() - member.getLastHeartbeat())
31 | def noHeartbeat = heartbeat > ConstantValues.haHeartbeatStaleIntervalSecs.getInt()
32 | if (member.getServerState() == ArtifactoryServerState.UNAVAILABLE || noHeartbeat) {
33 | try {
34 | log.info "Inactive artifactory servers cleaning task found server ${member.serverId} to remove"
35 | artifactoryServersCommonService.removeServer(member.serverId)
36 |
37 | }catch (Exception e){
38 | log.error "Error: Not able to remove ${member.serverId}, ${e.message}"
39 | }
40 | }
41 | }
42 | log.info "No inactive servers found"
43 | }
44 | }
--------------------------------------------------------------------------------
/files/security/communication.key:
--------------------------------------------------------------------------------
1 | JR7r2vwkhxwYuNPspf7MEeqcwECLnPvBBB5YaruK2opLo4M9BLj81bn5p2PBrC662RZvKqKGFBkGX5R5x6aKtiRtCvWuTeH5Qm8RyTrUQHezqY3dSxKt4oAHoodzMj3DYBJncDoAmxu9RLX7c7RuZfn5n6kFX8zGhv7cjxqeyPNKkL8DLLvE8oVne1VRq5mEBMJUEKGZVdqzjmx9bD2DJ144Z5YBD8LxjY7wAqxkit4zy69R5L8CZmzWgx3JKT2Pd5M4MzrBhHnNhN98T8Aet19gwbspM39kzxgWswSijUp8jjRGE17waM7bxsor4Mk3mN7zxR4xHdutQoQfBA1Ei7eTiVoJ7MgUqEyrVfinC1ooDgc5kQshx7CUjw94KfRPtVPV6NHJ4EoR12c6Kmi6xxAfry2wPRLwXpA8ByViEPrTvKfjuVx4qtYkHPfkCQVq78RHxPHsgghrPehVzpAsiV2dqN47
2 | JUHfDLxBPMe4YZbWLKdbams2ZTPq3rmG1zxgbG9D5K8dmt4PhN2x6isBCtD1JVb15rkMX9DScvPAviTYFW72ivFnBiy4mATGjCAL54PdyPXhwmW7VhjqTBQQcJcCQoHuRKaBC
3 |
--------------------------------------------------------------------------------
/kubernetes/Dockerfile.mysql:
--------------------------------------------------------------------------------
1 | FROM docker.bintray.io/jfrog/artifactory-pro:6.23.13
2 |
3 | MAINTAINER eldada@jfrog.com
4 |
5 | # Download the DB driver into Tomcat's lib
6 | RUN wget -O /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.41.jar https://jcenter.bintray.com/mysql/mysql-connector-java/5.1.41/mysql-connector-java-5.1.41.jar
7 |
--------------------------------------------------------------------------------
/kubernetes/artifactory-binarystore.yml:
--------------------------------------------------------------------------------
1 | kind: ConfigMap
2 | apiVersion: v1
3 | metadata:
4 | name: artifactory-binarystore
5 | data:
6 | binarystore.xml: |-
7 |
8 |
9 |
10 |
11 | crossNetworkStrategy
12 | crossNetworkStrategy
13 | true
14 | 2
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 | shard-fs-1
25 | local
26 |
27 |
28 |
29 |
30 | 30
31 | tester-remote1
32 | 10000
33 | remote
34 |
35 |
36 |
37 |
--------------------------------------------------------------------------------
/kubernetes/artifactory-ha-node1.yml:
--------------------------------------------------------------------------------
1 | apiVersion: extensions/v1beta1
2 | kind: Deployment
3 | metadata:
4 | name: artifactory-ha-node1
5 | spec:
6 | replicas: 1
7 | template:
8 | metadata:
9 | labels:
10 | app: artifactory-ha
11 | role: artifactory-primary
12 | group: artifactory-k8s-demo
13 | spec:
14 | containers:
15 | - name: artifactory-ha-node1
16 | # Set your actual artifactory-pro image
17 | image: /jfrog/artifactory-pro-mysql:6.23.13
18 | env:
19 | - name: DB_TYPE
20 | value: mysql
21 | - name: DB_USER
22 | value: artifactory
23 | - name: DB_PASSWORD
24 | value: password
25 | - name: DB_HOST
26 | value: mysql-k8s-service
27 | - name: HA_IS_PRIMARY
28 | value: "true"
29 | - name: HA_NODE_ID
30 | value: ha-node1
31 | - name: HA_MEMBERSHIP_PORT
32 | value: "10117"
33 | - name: ARTIFACTORY_MASTER_KEY
34 | value: "fc9dfbbfb055f18c765ed19e63ad41a9e1fda67bdb6a24ebfb2aeb6aa6349549"
35 | # Make sure to keep the memory java args aligned with the resources definitions
36 | - name: EXTRA_JAVA_OPTIONS
37 | value: "-Xms1g -Xmx2g"
38 | ports:
39 | - containerPort: 8081
40 | volumeMounts:
41 | - name: artifactory-node1-volume
42 | mountPath: "/var/opt/jfrog/artifactory"
43 | - name: binarystore-xml
44 | mountPath: "/var/opt/jfrog/artifactory/etc/binarystore.xml"
45 | subPath: binarystore.xml
46 | # Make sure to keep the resources set with values matching EXTRA_JAVA_OPTIONS above
47 | resources:
48 | requests:
49 | memory: "1Gi"
50 | cpu: "500m"
51 | limits:
52 | memory: "2Gi"
53 | cpu: "1"
54 | readinessProbe:
55 | httpGet:
56 | path: '/artifactory/webapp/#/login'
57 | port: 8081
58 | initialDelaySeconds: 60
59 | periodSeconds: 10
60 | failureThreshold: 10
61 | livenessProbe:
62 | httpGet:
63 | path: '/artifactory/webapp/#/login'
64 | port: 8081
65 | initialDelaySeconds: 180
66 | periodSeconds: 10
67 | volumes:
68 | - name: artifactory-node1-volume
69 | persistentVolumeClaim:
70 | claimName: artifactory-node1-claim
71 | - name: binarystore-xml
72 | configMap:
73 | name: artifactory-binarystore
74 | imagePullSecrets:
75 | - name: docker-reg-secret
76 | ---
77 | # This service it to allow all new member nodes to check that primary is up
78 | apiVersion: v1
79 | kind: Service
80 | metadata:
81 | name: artifactory-node1
82 | labels:
83 | app: artifactory-ha
84 | group: artifactory-k8s-demo
85 | spec:
86 | type: NodePort
87 | ports:
88 | - port: 8081
89 | protocol: TCP
90 | selector:
91 | role: artifactory-primary
92 |
--------------------------------------------------------------------------------
/kubernetes/artifactory-ha-node2.yml:
--------------------------------------------------------------------------------
1 | apiVersion: extensions/v1beta1
2 | kind: Deployment
3 | metadata:
4 | name: artifactory-ha-node2
5 | spec:
6 | replicas: 1
7 | template:
8 | metadata:
9 | labels:
10 | app: artifactory-ha
11 | group: artifactory-k8s-demo
12 | spec:
13 | containers:
14 | - name: artifactory-ha-node2
15 | # Set your actual artifactory-pro image
16 | image: /jfrog/artifactory-pro-mysql:6.23.13
17 | env:
18 | - name: DB_TYPE
19 | value: mysql
20 | - name: DB_USER
21 | value: artifactory
22 | - name: DB_PASSWORD
23 | value: password
24 | - name: DB_HOST
25 | value: mysql-k8s-service
26 | - name: HA_IS_PRIMARY
27 | value: "false"
28 | - name: HA_NODE_ID
29 | value: ha-node2
30 | - name: HA_MEMBERSHIP_PORT
31 | value: "10117"
32 | - name: ARTIFACTORY_MASTER_KEY
33 | value: "fc9dfbbfb055f18c765ed19e63ad41a9e1fda67bdb6a24ebfb2aeb6aa6349549"
34 | # Make sure to keep the memory java args aligned with the resources definitions
35 | - name: EXTRA_JAVA_OPTIONS
36 | value: "-Xms1g -Xmx2g"
37 | ports:
38 | - containerPort: 8081
39 | volumeMounts:
40 | - name: artifactory-node2-volume
41 | mountPath: "/var/opt/jfrog/artifactory"
42 | - name: binarystore-xml
43 | mountPath: "/var/opt/jfrog/artifactory/etc/binarystore.xml"
44 | subPath: binarystore.xml
45 | # Make sure to keep the resources set with values matching EXTRA_JAVA_OPTIONS above
46 | resources:
47 | requests:
48 | memory: "1Gi"
49 | cpu: "500m"
50 | limits:
51 | memory: "2Gi"
52 | cpu: "1"
53 | readinessProbe:
54 | httpGet:
55 | path: '/artifactory/webapp/#/login'
56 | port: 8081
57 | initialDelaySeconds: 60
58 | periodSeconds: 10
59 | failureThreshold: 10
60 | livenessProbe:
61 | httpGet:
62 | path: '/artifactory/webapp/#/login'
63 | port: 8081
64 | initialDelaySeconds: 180
65 | periodSeconds: 10
66 | volumes:
67 | - name: artifactory-node2-volume
68 | persistentVolumeClaim:
69 | claimName: artifactory-node2-claim
70 | - name: binarystore-xml
71 | configMap:
72 | name: artifactory-binarystore
73 | imagePullSecrets:
74 | - name: docker-reg-secret
75 |
--------------------------------------------------------------------------------
/kubernetes/artifactory-ha-service.yml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: artifactory
5 | labels:
6 | app: artifactory
7 | group: artifactory-k8s-demo
8 | spec:
9 | type: NodePort
10 | ports:
11 | - port: 8081
12 | protocol: TCP
13 | selector:
14 | app: artifactory-ha
15 |
--------------------------------------------------------------------------------
/kubernetes/artifactory-ha-storage.yml:
--------------------------------------------------------------------------------
1 | kind: PersistentVolumeClaim
2 | apiVersion: v1
3 | metadata:
4 | name: artifactory-node1-claim
5 | labels:
6 | group: artifactory-k8s-demo
7 | spec:
8 | accessModes:
9 | - ReadWriteOnce
10 | resources:
11 | requests:
12 | storage: 10Gi
13 | ---
14 | kind: PersistentVolumeClaim
15 | apiVersion: v1
16 | metadata:
17 | name: artifactory-node2-claim
18 | labels:
19 | group: artifactory-k8s-demo
20 | spec:
21 | accessModes:
22 | - ReadWriteOnce
23 | resources:
24 | requests:
25 | storage: 10Gi
26 |
--------------------------------------------------------------------------------
/kubernetes/artifactory-storage.yml:
--------------------------------------------------------------------------------
1 | kind: PersistentVolumeClaim
2 | apiVersion: v1
3 | metadata:
4 | name: artifactory-claim
5 | labels:
6 | group: artifactory-k8s-demo
7 | spec:
8 | accessModes:
9 | - ReadWriteOnce
10 | resources:
11 | requests:
12 | storage: 5Gi
13 |
--------------------------------------------------------------------------------
/kubernetes/artifactory.yml:
--------------------------------------------------------------------------------
1 | apiVersion: extensions/v1beta1
2 | kind: Deployment
3 | metadata:
4 | name: artifactory-k8s-deployment
5 | spec:
6 | replicas: 1
7 | template:
8 | metadata:
9 | labels:
10 | app: artifactory-pro-k8s
11 | group: artifactory-k8s-demo
12 | spec:
13 | securityContext:
14 | runAsUser: 1030
15 | fsGroup: 1030
16 | initContainers:
17 | - name: "remove-lost-found"
18 | image: "alpine:3.9"
19 | command:
20 | - 'sh'
21 | - '-c'
22 | - 'rm -rfv /var/opt/jfrog/artifactory/lost+found'
23 | volumeMounts:
24 | - name: artifactory-pro-volume
25 | mountPath: "/var/opt/jfrog/artifactory"
26 | containers:
27 | - name: artifactory-pro-k8s
28 | image: docker.bintray.io/jfrog/artifactory-pro:6.23.13
29 | env:
30 | - name: DB_TYPE
31 | value: postgresql
32 | - name: DB_USER
33 | value: artifactory
34 | - name: DB_PASSWORD
35 | value: password
36 | - name: DB_HOST
37 | value: postgresql-k8s-service
38 | # Make sure to keep the memory java args aligned with the resources definitions
39 | - name: EXTRA_JAVA_OPTIONS
40 | value: "-Xms1g -Xmx2g"
41 | ports:
42 | - containerPort: 8081
43 | volumeMounts:
44 | - mountPath: "/var/opt/jfrog/artifactory"
45 | name: artifactory-pro-volume
46 | # Make sure to keep the resources set with values matching EXTRA_JAVA_OPTIONS above
47 | resources:
48 | requests:
49 | memory: "1Gi"
50 | cpu: "500m"
51 | limits:
52 | memory: "2Gi"
53 | cpu: "1"
54 | readinessProbe:
55 | httpGet:
56 | path: '/artifactory/webapp/#/login'
57 | port: 8081
58 | initialDelaySeconds: 60
59 | periodSeconds: 10
60 | failureThreshold: 10
61 | livenessProbe:
62 | httpGet:
63 | path: '/artifactory/webapp/#/login'
64 | port: 8081
65 | initialDelaySeconds: 180
66 | periodSeconds: 10
67 | volumes:
68 | - name: artifactory-pro-volume
69 | persistentVolumeClaim:
70 | claimName: artifactory-claim
71 | imagePullSecrets:
72 | - name: docker-reg-secret
73 | ---
74 | apiVersion: v1
75 | kind: Service
76 | metadata:
77 | name: artifactory
78 | labels:
79 | app: artifactory
80 | group: artifactory-k8s-demo
81 | spec:
82 | type: NodePort
83 | ports:
84 | - port: 8081
85 | protocol: TCP
86 | selector:
87 | app: artifactory-pro-k8s
88 |
--------------------------------------------------------------------------------
/kubernetes/mysql-storage.yml:
--------------------------------------------------------------------------------
1 | kind: PersistentVolumeClaim
2 | apiVersion: v1
3 | metadata:
4 | name: mysql-claim
5 | labels:
6 | group: artifactory-k8s-demo
7 | spec:
8 | accessModes:
9 | - ReadWriteOnce
10 | resources:
11 | requests:
12 | storage: 5Gi
13 |
--------------------------------------------------------------------------------
/kubernetes/mysql.yml:
--------------------------------------------------------------------------------
1 | apiVersion: extensions/v1beta1
2 | kind: Deployment
3 | metadata:
4 | name: mysql-k8s-deployment
5 | spec:
6 | replicas: 1
7 | template:
8 | metadata:
9 | labels:
10 | app: mysql-k8s
11 | group: artifactory-k8s-demo
12 | spec:
13 | containers:
14 | - name: db-mysql-k8s
15 | image: docker.bintray.io/mysql:5.6.35
16 | env:
17 | - name: MYSQL_DATABASE
18 | value: artdb
19 | - name: MYSQL_USER
20 | value: artifactory
21 | - name: MYSQL_PASSWORD
22 | value: password
23 | - name: MYSQL_ROOT_PASSWORD
24 | value: password
25 | ports:
26 | - containerPort: 3306
27 | volumeMounts:
28 | - mountPath: "/var/lib/mysql"
29 | name: db-volume
30 | resources:
31 | requests:
32 | memory: "500Mi"
33 | cpu: "100m"
34 | limits:
35 | memory: "1Gi"
36 | cpu: "500m"
37 | livenessProbe:
38 | exec:
39 | command:
40 | - sh
41 | - -c
42 | - "mysqladmin ping -u root -p${MYSQL_ROOT_PASSWORD}"
43 | initialDelaySeconds: 30
44 | periodSeconds: 10
45 | timeoutSeconds: 5
46 | successThreshold: 1
47 | failureThreshold: 3
48 | readinessProbe:
49 | exec:
50 | command:
51 | - sh
52 | - -c
53 | - "mysqladmin ping -u root -p${MYSQL_ROOT_PASSWORD}"
54 | initialDelaySeconds: 5
55 | periodSeconds: 10
56 | timeoutSeconds: 1
57 | successThreshold: 1
58 | failureThreshold: 3
59 | volumes:
60 | - name: db-volume
61 | persistentVolumeClaim:
62 | claimName: mysql-claim
63 | ---
64 | apiVersion: v1
65 | kind: Service
66 | metadata:
67 | name: mysql-k8s-service
68 | labels:
69 | app: mysql-k8s-service
70 | group: artifactory-k8s-demo
71 | spec:
72 | ports:
73 | - port: 3306
74 | protocol: TCP
75 | selector:
76 | app: mysql-k8s
--------------------------------------------------------------------------------
/kubernetes/nginx-deployment.yml:
--------------------------------------------------------------------------------
1 | apiVersion: extensions/v1beta1
2 | kind: Deployment
3 | metadata:
4 | name: nginx-k8s-deployment
5 | spec:
6 | replicas: 1
7 | template:
8 | metadata:
9 | labels:
10 | app: nginx-k8s-deployment
11 | group: artifactory-k8s-demo
12 | spec:
13 | containers:
14 | - name: nginx-k8s
15 | image: docker.bintray.io/jfrog/nginx-artifactory-pro:6.23.13
16 | env:
17 | - name: ART_BASE_URL
18 | value: "http://artifactory-pro:8081/artifactory"
19 | - name: SSL
20 | value: "true"
21 | ports:
22 | - containerPort: 80
23 | - containerPort: 443
24 | resources:
25 | requests:
26 | memory: "100Mi"
27 | cpu: "100m"
28 | limits:
29 | memory: "200Mi"
30 | cpu: "200m"
31 | volumeMounts:
32 | - mountPath: "/var/opt/jfrog/nginx"
33 | name: nginx-volume
34 | - mountPath: "/var/opt/jfrog/nginx/ssl"
35 | name: ssl-secret-volume
36 | volumes:
37 | - name: nginx-volume
38 | persistentVolumeClaim:
39 | claimName: nginx-claim
40 | - name: ssl-secret-volume
41 | secret:
42 | secretName: art-tls
43 |
--------------------------------------------------------------------------------
/kubernetes/nginx-service-minikube.yml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: nginx-k8s-service
5 | labels:
6 | app: nginx-k8s-service
7 | group: artifactory-k8s-demo
8 | spec:
9 | type: NodePort
10 | ports:
11 | - port: 80
12 | name: port-1
13 | protocol: TCP
14 | targetPort: 80
15 | - port: 443
16 | name: port-2
17 | protocol: TCP
18 | targetPort: 443
19 | selector:
20 | app: nginx-k8s-deployment
21 |
--------------------------------------------------------------------------------
/kubernetes/nginx-service.yml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: nginx-k8s-service
5 | labels:
6 | app: nginx-k8s-service
7 | group: artifactory-k8s-demo
8 | spec:
9 | type: LoadBalancer
10 | ports:
11 | - port: 80
12 | name: port-1
13 | protocol: TCP
14 | targetPort: 80
15 | - port: 443
16 | name: port-2
17 | protocol: TCP
18 | targetPort: 443
19 | selector:
20 | app: nginx-k8s-deployment
21 |
--------------------------------------------------------------------------------
/kubernetes/nginx-storage.yml:
--------------------------------------------------------------------------------
1 | kind: PersistentVolumeClaim
2 | apiVersion: v1
3 | metadata:
4 | name: nginx-claim
5 | labels:
6 | group: artifactory-k8s-demo
7 | spec:
8 | accessModes:
9 | - ReadWriteOnce
10 | resources:
11 | requests:
12 | storage: 5Gi
13 |
--------------------------------------------------------------------------------
/kubernetes/postgresql-storage.yml:
--------------------------------------------------------------------------------
1 | kind: PersistentVolumeClaim
2 | apiVersion: v1
3 | metadata:
4 | name: postgresql-claim
5 | labels:
6 | group: artifactory-k8s-demo
7 | spec:
8 | accessModes:
9 | - ReadWriteOnce
10 | resources:
11 | requests:
12 | storage: 5Gi
13 |
--------------------------------------------------------------------------------
/kubernetes/postgresql.yml:
--------------------------------------------------------------------------------
1 | apiVersion: extensions/v1beta1
2 | kind: Deployment
3 | metadata:
4 | name: postgresql-k8s-deployment
5 | spec:
6 | replicas: 1
7 | template:
8 | metadata:
9 | labels:
10 | app: postgresql-k8s
11 | group: artifactory-k8s-demo
12 | spec:
13 | initContainers:
14 | - name: "remove-lost-found"
15 | image: "busybox:1.26.2"
16 | imagePullPolicy: "IfNotPresent"
17 | command:
18 | - 'sh'
19 | - '-c'
20 | - 'rm -rf /var/lib/postgresql/data/lost+found'
21 | volumeMounts:
22 | - mountPath: "/var/lib/postgresql/data"
23 | name: postgresql-volume
24 | containers:
25 | - name: postgresql-k8s
26 | image: docker.bintray.io/postgres:9.6.11
27 | env:
28 | - name: POSTGRES_DB
29 | value: artifactory
30 | - name: POSTGRES_USER
31 | value: artifactory
32 | - name: POSTGRES_PASSWORD
33 | value: password
34 | ports:
35 | - containerPort: 5432
36 | resources:
37 | requests:
38 | memory: "500Mi"
39 | cpu: "100m"
40 | limits:
41 | memory: "1Gi"
42 | cpu: "500m"
43 | volumeMounts:
44 | - mountPath: "/var/lib/postgresql/data"
45 | name: postgresql-volume
46 | livenessProbe:
47 | exec:
48 | command:
49 | - sh
50 | - -c
51 | - exec pg_isready
52 | initialDelaySeconds: 60
53 | timeoutSeconds: 5
54 | failureThreshold: 6
55 | readinessProbe:
56 | exec:
57 | command:
58 | - sh
59 | - -c
60 | - exec pg_isready
61 | initialDelaySeconds: 30
62 | timeoutSeconds: 3
63 | periodSeconds: 5
64 | volumes:
65 | - name: postgresql-volume
66 | persistentVolumeClaim:
67 | claimName: postgresql-claim
68 | ---
69 | apiVersion: v1
70 | kind: Service
71 | metadata:
72 | name: postgresql-k8s-service
73 | labels:
74 | app: postgresql-k8s-service
75 | group: artifactory-k8s-demo
76 | spec:
77 | ports:
78 | - port: 5432
79 | protocol: TCP
80 | selector:
81 | app: postgresql-k8s
82 |
--------------------------------------------------------------------------------
/openshift/artifactory/artifactory-ha-common/artifactory-imagestream.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: artifactory-imagestream-template
5 | annotations:
6 | openshift.io/provider-display-name: "JFrog"
7 | openshift.io/display-name: "Artifactory Image Stream"
8 | description: |-
9 | This template creates an ImageStream to the Artifactory Docker image.
10 | tags: "ci-cd"
11 |
12 | objects:
13 | - apiVersion: v1
14 | kind: ImageStream
15 | metadata:
16 | name: ${ARTIFACTORY_IMAGE_STREAM_NAME}
17 | namespace: ${NAMESPACE}
18 | spec:
19 | dockerImageRepository: ${ARTIFACTORY_IMAGE_REPOSITORY}
20 | tags:
21 | - name: ${ARTIFACTORY_VERSION}
22 | from:
23 | kind: DockerImage
24 | name: ${ARTIFACTORY_IMAGE_REPOSITORY}:${ARTIFACTORY_VERSION}
25 |
26 | parameters:
27 | - name: NAMESPACE
28 | description: Namespace
29 | displayName: Namespace
30 | required: true
31 | - name: ARTIFACTORY_IMAGE_STREAM_NAME
32 | description: Artifactory Image Stream name
33 | displayName: Artifactory Image Stream name
34 | required: true
35 | - name: ARTIFACTORY_IMAGE_REPOSITORY
36 | description: Artifactory Image Repository
37 | displayName: Artifactory Image Repository
38 | value: "jfrog-docker-reg2.bintray.io/jfrog/artifactory-pro"
39 | required: true
40 | - name: ARTIFACTORY_VERSION
41 | description: Artifactory Version
42 | displayName: Artifactory Version
43 | value: "5.8.3"
44 | required: true
45 |
--------------------------------------------------------------------------------
/openshift/artifactory/artifactory-ha-common/artifactory-primary-pvc.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: artifactory-primary-pvc-template
5 | annotations:
6 | openshift.io/provider-display-name: "JFrog"
7 | openshift.io/display-name: "Artifactory Primary PVC"
8 | description: |-
9 | This template creates a PVC to be used by a primary node in an
10 | Artifactory cluster.
11 | tags: "ci-cd"
12 |
13 | objects:
14 | - apiVersion: v1
15 | kind: PersistentVolumeClaim
16 | metadata:
17 | name: ${NAME}-primary
18 | namespace: ${NAMESPACE}
19 | spec:
20 | resources:
21 | requests:
22 | storage: ${ARTIFACTORY_PVC_SIZE}
23 | accessModes:
24 | - "ReadWriteOnce"
25 |
26 | parameters:
27 | - name: NAMESPACE
28 | description: Namespace
29 | displayName: Namespace
30 | required: true
31 | - name: NAME
32 | description: Artifactory HA Name
33 | displayName: Artifactory HA Name
34 | required: true
35 | - name: ARTIFACTORY_PVC_SIZE
36 | description: Artifactory PVC size
37 | displayName: Artifactory PVC size
38 | value: "20Gi"
39 | required: true
40 |
--------------------------------------------------------------------------------
/openshift/artifactory/artifactory-ha-common/artifactory-secondary-pvc.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: artifactory-secondary-pvc-template
5 | annotations:
6 | openshift.io/provider-display-name: "JFrog"
7 | openshift.io/display-name: "Artifactory Secondary PVC"
8 | description: |-
9 | This template creates a PVC to be used by a secondary node in an
10 | Artifactory cluster.
11 | tags: "ci-cd"
12 |
13 | objects:
14 | - apiVersion: v1
15 | kind: PersistentVolumeClaim
16 | metadata:
17 | name: ${NAME}-secondary
18 | namespace: ${NAMESPACE}
19 | spec:
20 | resources:
21 | requests:
22 | storage: ${ARTIFACTORY_PVC_SIZE}
23 | accessModes:
24 | - "ReadWriteOnce"
25 |
26 | parameters:
27 | - name: NAMESPACE
28 | description: Namespace
29 | displayName: Namespace
30 | required: true
31 | - name: NAME
32 | description: Artifactory HA Name
33 | displayName: Artifactory HA Name
34 | required: true
35 | - name: ARTIFACTORY_PVC_SIZE
36 | description: Artifactory PVC size
37 | displayName: Artifactory PVC size
38 | value: "20Gi"
39 | required: true
40 |
--------------------------------------------------------------------------------
/openshift/artifactory/artifactory-ha-common/artifactory-service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: artifactory-service-template
5 | annotations:
6 | openshift.io/provider-display-name: "JFrog"
7 | openshift.io/display-name: "Artifactory Service"
8 | description: |-
9 | This template creates Services and Routes for an Artifactory cluster.
10 | tags: "ci-cd"
11 |
12 | objects:
13 |
14 | - apiVersion: v1
15 | kind: Route
16 | metadata:
17 | name: ${NAME}
18 | namespace: ${NAMESPACE}
19 | spec:
20 | to:
21 | kind: Service
22 | name: ${NAME}
23 | port:
24 | targetPort: web
25 | tls:
26 | termination: edge
27 | insecureEdgeTerminationPolicy: Redirect
28 |
29 | - apiVersion: v1
30 | kind: Route
31 | metadata:
32 | name: docker-virtual
33 | namespace: ${NAMESPACE}
34 | spec:
35 | to:
36 | kind: Service
37 | name: ${NAME}
38 | port:
39 | targetPort: web
40 | tls:
41 | termination: edge
42 | insecureEdgeTerminationPolicy: Redirect
43 |
44 | - apiVersion: v1
45 | kind: Service
46 | metadata:
47 | name: ${NAME}
48 | namespace: ${NAMESPACE}
49 | spec:
50 | ports:
51 | - name: web
52 | port: 8081
53 | protocol: TCP
54 | targetPort: 8081
55 | selector:
56 | artifactory-ha: ${NAME}
57 |
58 | parameters:
59 | - name: NAMESPACE
60 | description: Namespace
61 | displayName: Namespace
62 | required: true
63 | - name: NAME
64 | description: Artifactory HA Name
65 | displayName: Artifactory HA Name
66 | required: true
67 |
--------------------------------------------------------------------------------
/openshift/artifactory/artifactory-ha-common/config/database-config-map.yaml:
--------------------------------------------------------------------------------
1 |
2 | apiVersion: v1
3 | kind: Template
4 | metadata:
5 | name: artifactory-database-config-map-template
6 | annotations:
7 | openshift.io/provider-display-name: "JFrog"
8 | openshift.io/display-name: "Artifactory Database Configuration"
9 | description: |-
10 | This template creates a ConfigMap to store database configuration used
11 | by Artifactory.
12 | tags: "ci-cd"
13 | objects:
14 | - apiVersion: v1
15 | kind: ConfigMap
16 | metadata:
17 | name: ${DATABASE_CONFIG_MAP_NAME}
18 | namespace: ${NAMESPACE}
19 | data:
20 | db.type: ${DATABASE_TYPE}
21 | db.host: ${DATABASE_HOST}
22 | db.port: ${DATABASE_PORT}
23 |
24 | parameters:
25 | - name: NAMESPACE
26 | description: Namespace
27 | displayName: Namespace
28 | required: true
29 | - name: DATABASE_CONFIG_MAP_NAME
30 | description: Artifactory Database Config Map name
31 | displayName: Artifactory Database Config Map name
32 | required: true
33 | - name: DATABASE_TYPE
34 | description: Artifactory Database type. Possible values are postgresql, mysql, oracle or mssql.
35 | displayName: Artifactory Database type
36 | required: true
37 | - name: DATABASE_HOST
38 | description: Artifactory Database Hostname
39 | displayName: Artifactory Database Hostname
40 | required: true
41 | - name: DATABASE_PORT
42 | description: Artifactory Database Port
43 | displayName: Artifactory Database Port
44 | required: true
45 |
--------------------------------------------------------------------------------
/openshift/artifactory/artifactory-ha-common/secrets/artifactory-licenses-secret.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: artifactory-licenses-secret-template
5 | annotations:
6 | openshift.io/provider-display-name: "JFrog"
7 | openshift.io/display-name: "Artifactory Licenses"
8 | description: |-
9 | This template creates a Secret to store Artifactory licenses to be
10 | used to by a Artifactory cluster.
11 | tags: "ci-cd"
12 |
13 | objects:
14 | - apiVersion: v1
15 | kind: Secret
16 | metadata:
17 | name: ${LICENSES_SECRET_NAME}
18 | namespace: ${NAMESPACE}
19 | data:
20 | artifactory.cluster.license: ${ARTIFACTORY_LICENSES_BASE_64}
21 |
22 | parameters:
23 | - name: NAMESPACE
24 | description: Secret Namespace
25 | displayName: Namespace
26 | required: true
27 | - name: LICENSES_SECRET_NAME
28 | description: Artifactory licenses secret name
29 | displayName: Artifactory licenses secret name
30 | required: true
31 | - name: ARTIFACTORY_LICENSES_BASE_64
32 | description: Artifactory licenses in base 64
33 | displayName: Artifactory licences in base 64
34 | required: true
35 |
--------------------------------------------------------------------------------
/openshift/artifactory/artifactory-ha-common/secrets/artifactory-master-key-secret.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: artifactory-master-key-secret-template
5 | annotations:
6 | openshift.io/provider-display-name: "JFrog"
7 | openshift.io/display-name: "Artifactory Cluster Master Key"
8 | description: |-
9 | This template creates a Secret to store Artifactory cluster master key.
10 | This key should be used by the nodes to identify them as members of the
11 | same cluster.
12 |
13 | You can generate a new master key and convert it to base 64 using the
14 | following command:
15 | openssl rand -hex 16 | base64
16 | tags: "ci-cd"
17 |
18 | objects:
19 | - apiVersion: v1
20 | kind: Secret
21 | metadata:
22 | name: ${MASTER_KEY_SECRET_NAME}
23 | namespace: ${NAMESPACE}
24 | data:
25 | master.key: ${ARTIFACTORY_MASTER_KEY_BASE_64}
26 |
27 | parameters:
28 | - name: NAMESPACE
29 | description: Secret Namespace
30 | displayName: Namespace
31 | required: true
32 | - name: MASTER_KEY_SECRET_NAME
33 | description: Artifactory Master Key secret name
34 | displayName: Artifactory Master Key secret name
35 | required: true
36 | - name: ARTIFACTORY_MASTER_KEY_BASE_64
37 | description: Artifactory Master Key in base 64
38 | displayName: Artifactory Master Key in base 64
39 | required: true
40 |
--------------------------------------------------------------------------------
/openshift/artifactory/artifactory-ha-nfs/artifactory-backup-pvc.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: artifactory-backup-pvc-template
5 | annotations:
6 | openshift.io/provider-display-name: "JFrog"
7 | openshift.io/display-name: "Artifactory Backup PVC"
8 | description: |-
9 | This template creates a PVC to be used by all the nodes in an
10 | Artifactory cluster using NFS to store backup data.
11 | tags: "ci-cd"
12 |
13 | objects:
14 | - apiVersion: v1
15 | kind: PersistentVolumeClaim
16 | metadata:
17 | name: ${NAME}-backup
18 | namespace: ${NAMESPACE}
19 | spec:
20 | resources:
21 | requests:
22 | storage: ${ARTIFACTORY_BACKUP_PVC_SIZE}
23 | accessModes:
24 | - "ReadWriteMany"
25 |
26 | parameters:
27 | - name: NAMESPACE
28 | description: Namespace
29 | displayName: Namespace
30 | required: true
31 | - name: NAME
32 | description: Artifactory HA Name
33 | displayName: Artifactory HA Name
34 | required: true
35 | - name: ARTIFACTORY_BACKUP_PVC_SIZE
36 | description: Artifactory Backup folder PVC size
37 | displayName: Artifactory Backup folder PVC size
38 | value: "20Gi"
39 | required: true
40 |
--------------------------------------------------------------------------------
/openshift/artifactory/artifactory-ha-nfs/artifactory-data-pvc.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: artifactory-data-pvc-template
5 | annotations:
6 | openshift.io/provider-display-name: "JFrog"
7 | openshift.io/display-name: "Artifactory Data PVC"
8 | description: |-
9 | This template creates a PVC to be used by all the nodes in an
10 | Artifactory cluster using NFS to store artifacts data.
11 | tags: "ci-cd"
12 |
13 | objects:
14 | - apiVersion: v1
15 | kind: PersistentVolumeClaim
16 | metadata:
17 | name: ${NAME}-data
18 | namespace: ${NAMESPACE}
19 | spec:
20 | resources:
21 | requests:
22 | storage: ${ARTIFACTORY_DATA_PVC_SIZE}
23 | accessModes:
24 | - "ReadWriteMany"
25 |
26 | parameters:
27 | - name: NAMESPACE
28 | description: Namespace
29 | displayName: Namespace
30 | required: true
31 | - name: NAME
32 | description: Artifactory HA Name
33 | displayName: Artifactory HA Name
34 | required: true
35 | - name: ARTIFACTORY_DATA_PVC_SIZE
36 | description: Artifactory Data folder PVC size
37 | displayName: Artifactory Data folder PVC size
38 | value: "20Gi"
39 | required: true
40 |
--------------------------------------------------------------------------------
/openshift/artifactory/artifactory-ha-nfs/config/binarystore-config-map.yaml:
--------------------------------------------------------------------------------
1 |
2 | apiVersion: v1
3 | kind: Template
4 | metadata:
5 | name: artifactory-binarystore-nfs-config-map-template
6 | annotations:
7 | openshift.io/provider-display-name: "JFrog"
8 | openshift.io/display-name: "Artifactory NFS Binarystore"
9 | description: |-
10 | This template creates a ConfigMap to store the binarystore.xml file.
11 | The file content is suitable to Artifactory clusters using NFS.
12 | tags: "ci-cd"
13 |
14 | objects:
15 | - apiVersion: v1
16 | kind: ConfigMap
17 | metadata:
18 | name: ${BINARYSTORE_CONFIG_MAP_NAME}
19 | namespace: ${NAMESPACE}
20 | data:
21 | binarystore.xml: |-
22 |
23 |
24 |
25 | ${HA_DATA_DIR}
26 |
27 |
28 |
29 |
30 | parameters:
31 | - name: NAMESPACE
32 | description: Namespace
33 | displayName: Namespace
34 | required: true
35 | - name: BINARYSTORE_CONFIG_MAP_NAME
36 | description: Artifactory Binarystore Config Map name
37 | displayName: Artifactory Binarystore Config Map name
38 | required: true
39 | - name: HA_DATA_DIR
40 | description: Shared Data Directory
41 | displayName: Shared Data Directory
42 | value: "/var/opt/jfrog/artifactory/data"
43 | required: true
44 |
--------------------------------------------------------------------------------
/openshift/artifactory/artifactory-ha-nfs/install.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | print_help() {
3 | echo "Usage:"
4 | echo " install.sh -o OPERATION"
5 | echo ""
6 | echo "Options:"
7 | echo " -o, --operation: (create|replace|delete)"
8 | }
9 |
10 | COMMON_TEMPLATES=("../artifactory-ha-common/config/database-config-map.yaml" "../artifactory-ha-common/secrets/artifactory-licenses-secret.yaml" "../artifactory-ha-common/secrets/artifactory-master-key-secret.yaml" "../artifactory-ha-common/artifactory-imagestream.yaml" "../artifactory-ha-common/artifactory-primary-pvc.yaml" "../artifactory-ha-common/artifactory-secondary-pvc.yaml" "../artifactory-ha-common/artifactory-service.yaml")
11 | SPECIFIC_TEMPLATES=("config/binarystore-config-map.yaml" "artifactory-data-pvc.yaml" "artifactory-backup-pvc.yaml" "artifactory-primary-deployment.yaml" "artifactory-secondary-deployment.yaml")
12 |
13 | install_template() {
14 | oc $OPERATION -f $1
15 | }
16 |
17 | OPERATION=""
18 |
19 | while [ "$1" != "" ]; do
20 | case $1 in
21 | -o | --operation )
22 | shift
23 | OPERATION=$1
24 | esac
25 | shift
26 | done
27 |
28 | if [ "$OPERATION" == "" ]; then
29 | print_help
30 | exit -1
31 | fi
32 |
33 | for TEMPLATE in "${COMMON_TEMPLATES[@]}"; do
34 | install_template $TEMPLATE
35 | done
36 |
37 | for TEMPLATE in "${SPECIFIC_TEMPLATES[@]}"; do
38 | install_template $TEMPLATE
39 | done
40 |
--------------------------------------------------------------------------------
/openshift/artifactory/artifactory-ha-nfs/process.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | print_help() {
3 | echo "Usage:"
4 | echo " process.sh -o OPERATION -p PARAMETERS_FILE [options]"
5 | echo ""
6 | echo "Options:"
7 | echo " -o, --operation: (create|replace|delete)"
8 | echo " -p, --param-file: Path to the parameters file"
9 | }
10 |
11 | COMMON_TEMPLATES=("artifactory-database-config-map-template" "artifactory-imagestream-template" "artifactory-primary-pvc-template" "artifactory-secondary-pvc-template" "artifactory-service-template")
12 | SPECIFIC_TEMPLATES=("artifactory-binarystore-nfs-config-map-template" "artifactory-data-pvc-template" "artifactory-backup-pvc-template" "artifactory-nfs-primary-deployment-template" "artifactory-nfs-secondary-deployment-template")
13 |
14 | process_template() {
15 | printenv | oc process $1 --ignore-unknown-parameters --param-file=- | oc $OPERATION -f -
16 | }
17 |
18 | OPERATION=""
19 | PARAMETERS_FILE=""
20 |
21 | while [ "$1" != "" ]; do
22 | case $1 in
23 | -o | --operation )
24 | shift
25 | OPERATION=$1
26 | ;;
27 | -p | --param-file )
28 | shift
29 | PARAMETERS_FILE=$1
30 | esac
31 | shift
32 | done
33 |
34 | if [ "$OPERATION" == "" -o "$PARAMETERS_FILE" == "" ]; then
35 | print_help
36 | exit -1
37 | fi
38 |
39 | if [ ! -f $PARAMETERS_FILE ]; then
40 | echo "File $PARAMETERS_FILE not found"
41 | exit -2
42 | fi
43 |
44 | while IFS='' read -r line || [[ -n "$line" ]]; do
45 | export "$line"
46 | done < "$PARAMETERS_FILE"
47 |
48 | for TEMPLATE in "${COMMON_TEMPLATES[@]}"; do
49 | process_template $TEMPLATE
50 | done
51 |
52 | for TEMPLATE in "${SPECIFIC_TEMPLATES[@]}"; do
53 | process_template $TEMPLATE
54 | done
55 |
--------------------------------------------------------------------------------
/openshift/artifactory/artifactory-ha-nfs/rolling-upgrade.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | print_help() {
3 | echo "Usage:"
4 | echo " rolling-upgrade.sh -p PARAMETERS_FILE"
5 | echo ""
6 | echo "Options:"
7 | echo " -p, --param-file: Path to the parameters file"
8 | }
9 |
10 | get_replicas_count() {
11 | local REPLICAS=$(oc get dc $1 -n $NAMESPACE -o yaml | grep -w availableReplicas: | sed -n 's/.*availableReplicas: \([0-9]*\)/\1/p')
12 | echo "$REPLICAS"
13 | }
14 |
15 | shutdown() {
16 | echo "Shuting down $1"
17 | oc scale dc $1 -n $NAMESPACE --replicas=0
18 |
19 | echo "Waiting for $1 to be down"
20 | while [ true ]; do
21 | local REPLICAS=$(get_replicas_count $1)
22 | if [ $REPLICAS == 0 ]; then
23 | echo "$1 is down"
24 | return 0
25 | else
26 | echo "."
27 | sleep 10
28 | fi
29 | done
30 |
31 | }
32 |
33 | deploy() {
34 | echo "Deploying $1"
35 | oc scale dc $1 -n $NAMESPACE --replicas=1
36 | echo "Waiting for $1 to be up"
37 | while [ true ]; do
38 | local REPLICAS=$(get_replicas_count $1)
39 | if [ $REPLICAS == 1 ]; then
40 | echo "$1 is up"
41 | return 0
42 | else
43 | echo "."
44 | sleep 10
45 | fi
46 | done
47 | }
48 |
49 | PARAMETERS_FILE=""
50 |
51 | while [ "$1" != "" ]; do
52 | case $1 in
53 | -p | --param-file )
54 | shift
55 | PARAMETERS_FILE=$1
56 | esac
57 | shift
58 | done
59 |
60 | if [ "$PARAMETERS_FILE" == "" ]; then
61 | print_help
62 | exit -1
63 | fi
64 |
65 | if [ ! -f $PARAMETERS_FILE ]; then
66 | echo "File $PARAMETERS_FILE not found"
67 | exit -2
68 | fi
69 |
70 | while IFS='' read -r line || [[ -n "$line" ]]; do
71 | export "$line"
72 | done < "$PARAMETERS_FILE"
73 |
74 | # Update image stream
75 | echo "Upgrading image stream"
76 | printenv | oc process artifactory-imagestream-template --ignore-unknown-parameters --param-file=- | oc replace -f -
77 |
78 | # Update primary node
79 | shutdown "$NAME-primary"
80 | echo "Upgrading $NAME-primary"
81 | printenv | oc process artifactory-nfs-primary-deployment-template --ignore-unknown-parameters --param-file=- | oc replace -f -
82 | deploy "$NAME-primary"
83 |
84 | # Update secondary node
85 | shutdown "$NAME-secondary"
86 | echo "Upgrading $NAME-secondary"
87 | printenv | oc process artifactory-nfs-secondary-deployment-template --ignore-unknown-parameters --param-file=- | oc replace -f -
88 | deploy "$NAME-secondary"
89 |
90 | echo "$NAME upgraded successfully"
91 |
--------------------------------------------------------------------------------
/openshift/artifactory/artifactory-ha-nfs/sample-params.env:
--------------------------------------------------------------------------------
1 | NAME=artifactory
2 | NAMESPACE=artifactory-ha-nfs
3 | SERVICE_ACCOUNT=default
4 | LICENSES_SECRET_NAME=artifactory-licenses
5 | MASTER_KEY_SECRET_NAME=artifactory-master-key
6 | BINARYSTORE_CONFIG_MAP_NAME=artifactory-binarystore
7 | DATABASE_CONFIG_MAP_NAME=artifactory-db
8 | DATABASE_CREDENTIALS_SECRET_NAME=postgresql-credentials
9 | DATABASE_TYPE=postgresql
10 | DATABASE_HOST=postgresql.artifactory-ha-nfs.svc
11 | DATABASE_PORT=5432
12 | ARTIFACTORY_IMAGE_STREAM_NAME=artifactory
13 | ARTIFACTORY_IMAGE_REPOSITORY=jfrog-docker-reg2.bintray.io/jfrog/artifactory-pro
14 | ARTIFACTORY_VERSION=6.23.13
15 | INIT_CONTAINER_IMAGE=alpine:3.6
16 | ARTIFACTORY_PVC_SIZE=20Gi
17 | ARTIFACTORY_DATA_PVC_SIZE=20Gi
18 | ARTIFACTORY_BACKUP_PVC_SIZE=20Gi
19 | CPU_REQUEST=500m
20 | CPU_LIMIT=1
21 | MEMORY_REQUEST=2Gi
22 | MEMORY_LIMIT=3Gi
23 | ARTIFACTORY_EXTRA_JAVA_OPTIONS=-Xms1g -Xmx2g
24 | HA_DATA_DIR=/var/opt/jfrog/artifactory/data
25 | HA_BACKUP_DIR=/var/opt/jfrog/artifactory/backup
26 |
--------------------------------------------------------------------------------
/openshift/artifactory/artifactory-ha-no-nfs/artifactory-primary-deployment.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: artifactory-primary-deployment-template
5 | annotations:
6 | openshift.io/provider-display-name: "JFrog"
7 | openshift.io/display-name: "Artifactory Primary"
8 | description: |-
9 | This template deploys the primary node of an Artifactory Cluster.
10 | tags: "ci-cd"
11 |
12 | objects:
13 |
14 | - apiVersion: v1
15 | kind: DeploymentConfig
16 | metadata:
17 | name: ${NAME}-primary
18 | namespace: ${NAMESPACE}
19 |
20 | spec:
21 | replicas: 1
22 | strategy:
23 | type: Recreate
24 | template:
25 | metadata:
26 | labels:
27 | name: ${NAME}-primary
28 | artifactory-ha: ${NAME}
29 | spec:
30 | serviceAccountName: ${SERVICE_ACCOUNT}
31 |
32 | initContainers:
33 | - name: remove-lost-found
34 | image: ${INIT_CONTAINER_IMAGE}
35 | command: ["sh", "-c", "rm -rf /var/opt/jfrog/artifactory/lost+found"]
36 | volumeMounts:
37 | - name: artifactory-data
38 | mountPath: /var/opt/jfrog/artifactory
39 | - name: wait-for-db
40 | image: ${INIT_CONTAINER_IMAGE}
41 | command: ["sh", "-c", "until nc -z -w 2 $(DB_HOST) $(DB_PORT) && echo database ok; do sleep 2; done"]
42 | env:
43 | - name: DB_HOST
44 | valueFrom:
45 | configMapKeyRef:
46 | name: ${DATABASE_CONFIG_MAP_NAME}
47 | key: db.host
48 | - name: DB_PORT
49 | valueFrom:
50 | configMapKeyRef:
51 | name: ${DATABASE_CONFIG_MAP_NAME}
52 | key: db.port
53 |
54 | containers:
55 | - image: ''
56 | imagePullPolicy: Always
57 | name: ${NAME}-primary
58 | ports:
59 | - containerPort: 8081
60 | protocol: TCP
61 | - containerPort: 10042
62 | protocol: TCP
63 | volumeMounts:
64 | - name: artifactory-data
65 | mountPath: /var/opt/jfrog/artifactory
66 | - name: artifactory-licenses
67 | mountPath: /artifactory_extra_conf/artifactory.cluster.license
68 | subPath: artifactory.cluster.license
69 | - name: artifactory-binarystore
70 | mountPath: /artifactory_extra_conf/binarystore.xml
71 | subPath: binarystore.xml
72 | env:
73 | - name: DB_TYPE
74 | valueFrom:
75 | configMapKeyRef:
76 | name: ${DATABASE_CONFIG_MAP_NAME}
77 | key: db.type
78 | - name: DB_HOST
79 | valueFrom:
80 | configMapKeyRef:
81 | name: ${DATABASE_CONFIG_MAP_NAME}
82 | key: db.host
83 | - name: DB_PORT
84 | valueFrom:
85 | configMapKeyRef:
86 | name: ${DATABASE_CONFIG_MAP_NAME}
87 | key: db.port
88 | - name: DB_USER
89 | valueFrom:
90 | secretKeyRef:
91 | name: ${DATABASE_CREDENTIALS_SECRET_NAME}
92 | key: username
93 | - name: DB_PASSWORD
94 | valueFrom:
95 | secretKeyRef:
96 | name: ${DATABASE_CREDENTIALS_SECRET_NAME}
97 | key: password
98 | - name: ARTIFACTORY_MASTER_KEY
99 | valueFrom:
100 | secretKeyRef:
101 | name: ${MASTER_KEY_SECRET_NAME}
102 | key: master.key
103 | - name: HA_NODE_ID
104 | value: "${NAME}-primary"
105 | - name: HA_IS_PRIMARY
106 | value: "true"
107 | - name: HA_MEMBERSHIP_PORT
108 | value: "10042"
109 | - name: EXTRA_JAVA_OPTIONS
110 | value: ${ARTIFACTORY_EXTRA_JAVA_OPTIONS}
111 |
112 | readinessProbe:
113 | httpGet:
114 | path: /artifactory/webapp/#/login
115 | port: 8081
116 | initialDelaySeconds: 60
117 | timeoutSeconds: 10
118 | livenessProbe:
119 | httpGet:
120 | path: /artifactory/webapp/#/login
121 | port: 8081
122 | initialDelaySeconds: 180
123 | timeoutSeconds: 10
124 |
125 | resources:
126 | requests:
127 | cpu: ${CPU_REQUEST}
128 | memory: ${MEMORY_REQUEST}
129 | limits:
130 | cpu: ${CPU_LIMIT}
131 | memory: ${MEMORY_LIMIT}
132 |
133 | volumes:
134 | - name: artifactory-data
135 | persistentVolumeClaim:
136 | claimName: ${NAME}-primary
137 | - name: artifactory-licenses
138 | secret:
139 | secretName: ${LICENSES_SECRET_NAME}
140 | - name: artifactory-binarystore
141 | configMap:
142 | name: ${BINARYSTORE_CONFIG_MAP_NAME}
143 | triggers:
144 | - type: ImageChange
145 | imageChangeParams:
146 | automatic: true
147 | containerNames:
148 | - ${NAME}-primary
149 | from:
150 | kind: ImageStreamTag
151 | name: ${ARTIFACTORY_IMAGE_STREAM_NAME}:${ARTIFACTORY_VERSION}
152 | - type: ConfigChange
153 |
154 | parameters:
155 | - name: NAMESPACE
156 | description: Namespace
157 | displayName: Namespace
158 | required: true
159 | - name: NAME
160 | description: Artifactory HA Name
161 | displayName: Artifactory HA Name
162 | required: true
163 | - name: SERVICE_ACCOUNT
164 | description: Service account
165 | displayName: Service account
166 | required: true
167 | - name: INIT_CONTAINER_IMAGE
168 | description: Init container image
169 | displayName: Init container image
170 | value: "busybox"
171 | required: true
172 | - name: LICENSES_SECRET_NAME
173 | description: Artifactory licenses secret name
174 | displayName: Artifactory licenses secret name
175 | required: true
176 | - name: MASTER_KEY_SECRET_NAME
177 | description: Artifactory Master Key secret name
178 | displayName: Artifactory Master Key secret name
179 | required: true
180 | - name: DATABASE_CONFIG_MAP_NAME
181 | description: Artifactory Database Config Map name
182 | displayName: Artifactory Database Config Map name
183 | required: true
184 | - name: DATABASE_CREDENTIALS_SECRET_NAME
185 | description: Database Credentials secret name
186 | displayName: Database Credentials secret name
187 | required: true
188 | - name: BINARYSTORE_CONFIG_MAP_NAME
189 | description: Artifactory Binarystore Config Map name
190 | displayName: Artifactory Binarystore Config Map name
191 | required: true
192 | - name: ARTIFACTORY_IMAGE_STREAM_NAME
193 | description: Artifactory Image Stream name
194 | displayName: Artifactory Image Stream name
195 | required: true
196 | - name: ARTIFACTORY_VERSION
197 | description: Artifactory Version
198 | displayName: Artifactory Version
199 | value: "5.8.3"
200 | required: true
201 | - name: ARTIFACTORY_EXTRA_JAVA_OPTIONS
202 | description: Artifactory Extra Java Options
203 | displayName: Artifactory Extra Java Options
204 | value: "-Xms1g -Xmx2g"
205 | - name: CPU_REQUEST
206 | description: Artifactory CPU Request
207 | displayName: Artifactory CPU Request
208 | value: "500m"
209 | required: true
210 | - name: CPU_LIMIT
211 | description: Artifactory CPU Limit
212 | displayName: Artifactory CPU Limit
213 | value: "1"
214 | required: true
215 | - name: MEMORY_REQUEST
216 | description: Artifactory Memory Request
217 | displayName: Artifactory Memory Request
218 | value: "2Gi"
219 | required: true
220 | - name: MEMORY_LIMIT
221 | description: Artifactory Memory Limit
222 | displayName: Artifactory Memory Limit
223 | value: "3Gi"
224 | required: true
225 |
--------------------------------------------------------------------------------
/openshift/artifactory/artifactory-ha-no-nfs/artifactory-secondary-deployment.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: artifactory-secondary-deployment-template
5 | annotations:
6 | openshift.io/provider-display-name: "JFrog"
7 | openshift.io/display-name: "Artifactory Secondary"
8 | description: |-
9 | This template deploys the secondary node of an Artifactory Cluster.
10 | tags: "ci-cd"
11 |
12 | objects:
13 |
14 | - apiVersion: v1
15 | kind: DeploymentConfig
16 | metadata:
17 | name: ${NAME}-secondary
18 | namespace: ${NAMESPACE}
19 |
20 | spec:
21 | replicas: 1
22 | strategy:
23 | type: Recreate
24 | template:
25 | metadata:
26 | labels:
27 | name: ${NAME}-secondary
28 | artifactory-ha: ${NAME}
29 | spec:
30 | serviceAccountName: ${SERVICE_ACCOUNT}
31 |
32 | initContainers:
33 | - name: remove-lost-found
34 | image: ${INIT_CONTAINER_IMAGE}
35 | command: ["sh", "-c", "rm -rf /var/opt/jfrog/artifactory/lost+found"]
36 | volumeMounts:
37 | - name: artifactory-data
38 | mountPath: /var/opt/jfrog/artifactory
39 | - name: wait-for-db
40 | image: ${INIT_CONTAINER_IMAGE}
41 | command: ["sh", "-c", "until nc -z -w 2 $(DB_HOST) $(DB_PORT) && echo database ok; do sleep 2; done"]
42 | env:
43 | - name: DB_HOST
44 | valueFrom:
45 | configMapKeyRef:
46 | name: ${DATABASE_CONFIG_MAP_NAME}
47 | key: db.host
48 | - name: DB_PORT
49 | valueFrom:
50 | configMapKeyRef:
51 | name: ${DATABASE_CONFIG_MAP_NAME}
52 | key: db.port
53 |
54 | containers:
55 | - image: ''
56 | imagePullPolicy: Always
57 | name: ${NAME}-secondary
58 | ports:
59 | - containerPort: 8081
60 | protocol: TCP
61 | - containerPort: 10042
62 | protocol: TCP
63 | volumeMounts:
64 | - name: artifactory-data
65 | mountPath: /var/opt/jfrog/artifactory
66 | env:
67 | - name: DB_TYPE
68 | valueFrom:
69 | configMapKeyRef:
70 | name: ${DATABASE_CONFIG_MAP_NAME}
71 | key: db.type
72 | - name: DB_HOST
73 | valueFrom:
74 | configMapKeyRef:
75 | name: ${DATABASE_CONFIG_MAP_NAME}
76 | key: db.host
77 | - name: DB_PORT
78 | valueFrom:
79 | configMapKeyRef:
80 | name: ${DATABASE_CONFIG_MAP_NAME}
81 | key: db.port
82 | - name: DB_USER
83 | valueFrom:
84 | secretKeyRef:
85 | name: ${DATABASE_CREDENTIALS_SECRET_NAME}
86 | key: username
87 | - name: DB_PASSWORD
88 | valueFrom:
89 | secretKeyRef:
90 | name: ${DATABASE_CREDENTIALS_SECRET_NAME}
91 | key: password
92 | - name: ARTIFACTORY_MASTER_KEY
93 | valueFrom:
94 | secretKeyRef:
95 | name: ${MASTER_KEY_SECRET_NAME}
96 | key: master.key
97 | - name: HA_NODE_ID
98 | value: "${NAME}-secondary"
99 | - name: HA_IS_PRIMARY
100 | value: "false"
101 | - name: ART_PRIMARY_BASE_URL
102 | value: "http://${NAME}.${NAMESPACE}.svc:8081/artifactory"
103 | - name: HA_MEMBERSHIP_PORT
104 | value: "10042"
105 | - name: EXTRA_JAVA_OPTIONS
106 | value: ${ARTIFACTORY_EXTRA_JAVA_OPTIONS}
107 |
108 | readinessProbe:
109 | httpGet:
110 | path: /artifactory/webapp/#/login
111 | port: 8081
112 | initialDelaySeconds: 60
113 | timeoutSeconds: 10
114 | livenessProbe:
115 | httpGet:
116 | path: /artifactory/webapp/#/login
117 | port: 8081
118 | initialDelaySeconds: 300
119 | timeoutSeconds: 10
120 |
121 | resources:
122 | requests:
123 | cpu: ${CPU_REQUEST}
124 | memory: ${MEMORY_REQUEST}
125 | limits:
126 | cpu: ${CPU_LIMIT}
127 | memory: ${MEMORY_LIMIT}
128 |
129 | volumes:
130 | - name: artifactory-data
131 | persistentVolumeClaim:
132 | claimName: ${NAME}-secondary
133 | triggers:
134 | - type: ImageChange
135 | imageChangeParams:
136 | automatic: true
137 | containerNames:
138 | - ${NAME}-secondary
139 | from:
140 | kind: ImageStreamTag
141 | name: ${ARTIFACTORY_IMAGE_STREAM_NAME}:${ARTIFACTORY_VERSION}
142 | - type: ConfigChange
143 |
144 | parameters:
145 | - name: NAMESPACE
146 | description: Namespace
147 | displayName: Namespace
148 | required: true
149 | - name: NAME
150 | description: Artifactory HA Name
151 | displayName: Artifactory HA Name
152 | required: true
153 | - name: SERVICE_ACCOUNT
154 | description: Service account
155 | displayName: Service account
156 | required: true
157 | - name: INIT_CONTAINER_IMAGE
158 | description: Init container image
159 | displayName: Init container image
160 | value: "busybox"
161 | required: true
162 | - name: LICENSES_SECRET_NAME
163 | description: Artifactory licenses secret name
164 | displayName: Artifactory licenses secret name
165 | required: true
166 | - name: MASTER_KEY_SECRET_NAME
167 | description: Artifactory Master Key secret name
168 | displayName: Artifactory Master Key secret name
169 | required: true
170 | - name: DATABASE_CONFIG_MAP_NAME
171 | description: Artifactory Database Config Map name
172 | displayName: Artifactory Database Config Map name
173 | required: true
174 | - name: DATABASE_CREDENTIALS_SECRET_NAME
175 | description: Database Credentials secret name
176 | displayName: Database Credentials secret name
177 | required: true
178 | - name: BINARYSTORE_CONFIG_MAP_NAME
179 | description: Artifactory Binarystore Config Map name
180 | displayName: Artifactory Binarystore Config Map name
181 | required: true
182 | - name: ARTIFACTORY_IMAGE_STREAM_NAME
183 | description: Artifactory Image Stream name
184 | displayName: Artifactory Image Stream name
185 | required: true
186 | - name: ARTIFACTORY_VERSION
187 | description: Artifactory Version
188 | displayName: Artifactory Version
189 | value: "5.8.3"
190 | required: true
191 | - name: ARTIFACTORY_EXTRA_JAVA_OPTIONS
192 | description: Artifactory Extra Java Options
193 | displayName: Artifactory Extra Java Options
194 | value: "-Xms1g -Xmx2g"
195 | - name: CPU_REQUEST
196 | description: Artifactory CPU Request
197 | displayName: Artifactory CPU Request
198 | value: "500m"
199 | required: true
200 | - name: CPU_LIMIT
201 | description: Artifactory CPU Limit
202 | displayName: Artifactory CPU Limit
203 | value: "1"
204 | required: true
205 | - name: MEMORY_REQUEST
206 | description: Artifactory Memory Request
207 | displayName: Artifactory Memory Request
208 | value: "2Gi"
209 | required: true
210 | - name: MEMORY_LIMIT
211 | description: Artifactory Memory Limit
212 | displayName: Artifactory Memory Limit
213 | value: "3Gi"
214 | required: true
215 |
--------------------------------------------------------------------------------
/openshift/artifactory/artifactory-ha-no-nfs/config/binarystore-config-map.yaml:
--------------------------------------------------------------------------------
1 |
2 | apiVersion: v1
3 | kind: Template
4 | metadata:
5 | name: artifactory-binarystore-no-nfs-config-map-template
6 | annotations:
7 | openshift.io/provider-display-name: "JFrog"
8 | openshift.io/display-name: "Artifactory No NFS Binarystore"
9 | description: |-
10 | This template creates a ConfigMap to store the binarystore.xml file.
11 | The file content is suitable to Artifactory clusters using no NFS
12 | Binarystore solutions.
13 | tags: "ci-cd"
14 |
15 | objects:
16 | - apiVersion: v1
17 | kind: ConfigMap
18 | metadata:
19 | name: ${BINARYSTORE_CONFIG_MAP_NAME}
20 | namespace: ${NAMESPACE}
21 | data:
22 | binarystore.xml: |-
23 |
24 |
25 |
26 |
27 | parameters:
28 | - name: NAMESPACE
29 | description: Namespace
30 | displayName: Namespace
31 | required: true
32 | - name: BINARYSTORE_CONFIG_MAP_NAME
33 | description: Artifactory Binarystore Config Map name
34 | displayName: Artifactory Binarystore Config Map name
35 | required: true
36 |
--------------------------------------------------------------------------------
/openshift/artifactory/artifactory-ha-no-nfs/install.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | print_help() {
3 | echo "Usage:"
4 | echo " install.sh -o OPERATION"
5 | echo ""
6 | echo "Options:"
7 | echo " -o, --operation: (create|replace|delete)"
8 | }
9 |
10 | COMMON_TEMPLATES=("../artifactory-ha-common/config/database-config-map.yaml" "../artifactory-ha-common/secrets/artifactory-licenses-secret.yaml" "../artifactory-ha-common/secrets/artifactory-master-key-secret.yaml" "../artifactory-ha-common/artifactory-imagestream.yaml" "../artifactory-ha-common/artifactory-primary-pvc.yaml" "../artifactory-ha-common/artifactory-secondary-pvc.yaml" "../artifactory-ha-common/artifactory-service.yaml")
11 | SPECIFIC_TEMPLATES=("artifactory-primary-deployment.yaml" "artifactory-secondary-deployment.yaml" "config/binarystore-config-map.yaml")
12 |
13 | install_template() {
14 | oc $OPERATION -f $1
15 | }
16 |
17 | OPERATION=""
18 |
19 | while [ "$1" != "" ]; do
20 | case $1 in
21 | -o | --operation )
22 | shift
23 | OPERATION=$1
24 | esac
25 | shift
26 | done
27 |
28 | if [ "$OPERATION" == "" ]; then
29 | print_help
30 | exit -1
31 | fi
32 |
33 | for TEMPLATE in "${COMMON_TEMPLATES[@]}"; do
34 | install_template $TEMPLATE
35 | done
36 |
37 | for TEMPLATE in "${SPECIFIC_TEMPLATES[@]}"; do
38 | install_template $TEMPLATE
39 | done
40 |
--------------------------------------------------------------------------------
/openshift/artifactory/artifactory-ha-no-nfs/process.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | print_help() {
3 | echo "Usage:"
4 | echo " process.sh -o OPERATION -p PARAMETERS_FILE [options]"
5 | echo ""
6 | echo "Options:"
7 | echo " -o, --operation: (create|replace|delete)"
8 | echo " -p, --param-file: Path to the parameters file"
9 | }
10 |
11 | COMMON_TEMPLATES=("artifactory-database-config-map-template" "artifactory-imagestream-template" "artifactory-primary-pvc-template" "artifactory-secondary-pvc-template" "artifactory-service-template")
12 | SPECIFIC_TEMPLATES=("artifactory-binarystore-no-nfs-config-map-template" "artifactory-primary-deployment-template" "artifactory-secondary-deployment-template")
13 |
14 | process_template() {
15 | printenv | oc process $1 --ignore-unknown-parameters --param-file=- | oc $OPERATION -f -
16 | }
17 |
18 | OPERATION=""
19 | PARAMETERS_FILE=""
20 |
21 | while [ "$1" != "" ]; do
22 | case $1 in
23 | -o | --operation )
24 | shift
25 | OPERATION=$1
26 | ;;
27 | -p | --param-file )
28 | shift
29 | PARAMETERS_FILE=$1
30 | esac
31 | shift
32 | done
33 |
34 | if [ "$OPERATION" == "" -o "$PARAMETERS_FILE" == "" ]; then
35 | print_help
36 | exit -1
37 | fi
38 |
39 | if [ ! -f $PARAMETERS_FILE ]; then
40 | echo "File $PARAMETERS_FILE not found"
41 | exit -2
42 | fi
43 |
44 | while IFS='' read -r line || [[ -n "$line" ]]; do
45 | export "$line"
46 | done < "$PARAMETERS_FILE"
47 |
48 | for TEMPLATE in "${COMMON_TEMPLATES[@]}"; do
49 | process_template $TEMPLATE
50 | done
51 |
52 | for TEMPLATE in "${SPECIFIC_TEMPLATES[@]}"; do
53 | process_template $TEMPLATE
54 | done
55 |
--------------------------------------------------------------------------------
/openshift/artifactory/artifactory-ha-no-nfs/rolling-upgrade.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | print_help() {
3 | echo "Usage:"
4 | echo " rolling-upgrade.sh -p PARAMETERS_FILE"
5 | echo ""
6 | echo "Options:"
7 | echo " -p, --param-file: Path to the parameters file"
8 | }
9 |
10 | get_replicas_count() {
11 | local REPLICAS=$(oc get dc $1 -n $NAMESPACE -o yaml | grep -w availableReplicas: | sed -n 's/.*availableReplicas: \([0-9]*\)/\1/p')
12 | echo "$REPLICAS"
13 | }
14 |
15 | shutdown() {
16 | echo "Shuting down $1"
17 | oc scale dc $1 -n $NAMESPACE --replicas=0
18 |
19 | echo "Waiting for $1 to be down"
20 | while [ true ]; do
21 | local REPLICAS=$(get_replicas_count $1)
22 | if [ $REPLICAS == 0 ]; then
23 | echo "$1 is down"
24 | return 0
25 | else
26 | echo "."
27 | sleep 10
28 | fi
29 | done
30 |
31 | }
32 |
33 | deploy() {
34 | echo "Deploying $1"
35 | oc scale dc $1 -n $NAMESPACE --replicas=1
36 | echo "Waiting for $1 to be up"
37 | while [ true ]; do
38 | local REPLICAS=$(get_replicas_count $1)
39 | if [ $REPLICAS == 1 ]; then
40 | echo "$1 is up"
41 | return 0
42 | else
43 | echo "."
44 | sleep 10
45 | fi
46 | done
47 | }
48 |
49 | PARAMETERS_FILE=""
50 |
51 | while [ "$1" != "" ]; do
52 | case $1 in
53 | -p | --param-file )
54 | shift
55 | PARAMETERS_FILE=$1
56 | esac
57 | shift
58 | done
59 |
60 | if [ "$PARAMETERS_FILE" == "" ]; then
61 | print_help
62 | exit -1
63 | fi
64 |
65 | if [ ! -f $PARAMETERS_FILE ]; then
66 | echo "File $PARAMETERS_FILE not found"
67 | exit -2
68 | fi
69 |
70 | while IFS='' read -r line || [[ -n "$line" ]]; do
71 | export "$line"
72 | done < "$PARAMETERS_FILE"
73 |
74 | # Update image stream
75 | echo "Upgrading image stream"
76 | printenv | oc process artifactory-imagestream-template --ignore-unknown-parameters --param-file=- | oc replace -f -
77 |
78 | # Update primary node
79 | shutdown "$NAME-primary"
80 | echo "Upgrading $NAME-primary"
81 | printenv | oc process artifactory-primary-deployment-template --ignore-unknown-parameters --param-file=- | oc replace -f -
82 | deploy "$NAME-primary"
83 |
84 | # Update secondary node
85 | shutdown "$NAME-secondary"
86 | echo "Upgrading $NAME-secondary"
87 | printenv | oc process artifactory-secondary-deployment-template --ignore-unknown-parameters --param-file=- | oc replace -f -
88 | deploy "$NAME-secondary"
89 |
90 | echo "$NAME upgraded successfully"
91 |
--------------------------------------------------------------------------------
/openshift/artifactory/artifactory-ha-no-nfs/sample-params.env:
--------------------------------------------------------------------------------
1 | NAME=artifactory
2 | NAMESPACE=artifactory-ha-no-nfs
3 | SERVICE_ACCOUNT=default
4 | LICENSES_SECRET_NAME=artifactory-licenses
5 | MASTER_KEY_SECRET_NAME=artifactory-master-key
6 | BINARYSTORE_CONFIG_MAP_NAME=artifactory-binarystore-s3
7 | DATABASE_CONFIG_MAP_NAME=artifactory-db
8 | DATABASE_CREDENTIALS_SECRET_NAME=postgresql-credentials
9 | DATABASE_TYPE=postgresql
10 | DATABASE_HOST=postgresql.artifactory-ha-no-nfs.svc
11 | DATABASE_PORT=5432
12 | ARTIFACTORY_IMAGE_STREAM_NAME=artifactory
13 | ARTIFACTORY_IMAGE_REPOSITORY=jfrog-docker-reg2.bintray.io/jfrog/artifactory-pro
14 | ARTIFACTORY_VERSION=6.23.13
15 | INIT_CONTAINER_IMAGE=alpine:3.6
16 | ARTIFACTORY_PVC_SIZE=20Gi
17 | CPU_REQUEST=500m
18 | CPU_LIMIT=1
19 | MEMORY_REQUEST=2Gi
20 | MEMORY_LIMIT=3Gi
21 | ARTIFACTORY_EXTRA_JAVA_OPTIONS=-Xms1g -Xmx2g
22 |
--------------------------------------------------------------------------------
/openshift/artifactory/database/postgresql/install.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | print_help() {
3 | echo "Usage:"
4 | echo " install.sh -o OPERATION"
5 | echo ""
6 | echo "Options:"
7 | echo " -o, --operation: (create|replace|delete)"
8 | }
9 |
10 | OPERATION=""
11 |
12 | while [ "$1" != "" ]; do
13 | case $1 in
14 | -o | --operation )
15 | shift
16 | OPERATION=$1
17 | esac
18 | shift
19 | done
20 |
21 | if [ "$OPERATION" == "" ]; then
22 | print_help
23 | exit -1
24 | fi
25 |
26 | oc $OPERATION -f postgresql-pvc.yaml
27 | oc $OPERATION -f postgresql-deployment.yaml
28 | oc $OPERATION -f postgresql-service.yaml
29 |
--------------------------------------------------------------------------------
/openshift/artifactory/database/postgresql/postgresql-deployment.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: postgresql-template
5 |
6 | objects:
7 |
8 | - apiVersion: v1
9 | kind: DeploymentConfig
10 | metadata:
11 | name: ${NAME}
12 | namespace: ${NAMESPACE}
13 | spec:
14 | replicas: 1
15 | strategy:
16 | type: Recreate
17 | template:
18 | metadata:
19 | labels:
20 | name: ${NAME}
21 | spec:
22 | serviceAccountName: ${SERVICE_ACCOUNT}
23 |
24 | initContainers:
25 | - name: init-postgresql
26 | image: ${INIT_CONTAINER_IMAGE}
27 | command: ["sh", "-c", "chown -R 26:26 /var/lib/pgsql/data && rm -rf /var/lib/pgsql/data/lost+found"]
28 | volumeMounts:
29 | - name: ${NAME}-data
30 | mountPath: /var/lib/pgsql/data
31 |
32 | containers:
33 | - image: ''
34 | imagePullPolicy: Always
35 | name: ${NAME}
36 | ports:
37 | - containerPort: 5432
38 | protocol: TCP
39 | volumeMounts:
40 | - name: ${NAME}-data
41 | mountPath: /var/lib/pgsql/data
42 | env:
43 | - name: POSTGRESQL_USER
44 | valueFrom:
45 | secretKeyRef:
46 | name: ${POSTGRESQL_SECRET_NAME}
47 | key: username
48 | - name: POSTGRESQL_PASSWORD
49 | valueFrom:
50 | secretKeyRef:
51 | name: ${POSTGRESQL_SECRET_NAME}
52 | key: password
53 | - name: POSTGRESQL_DATABASE
54 | value: ${POSTGRESQL_DATABASE}
55 |
56 | volumes:
57 | - name: ${NAME}-data
58 | persistentVolumeClaim:
59 | claimName: ${POSTGRESQL_PVC_NAME}
60 | triggers:
61 | - type: ImageChange
62 | imageChangeParams:
63 | automatic: true
64 | containerNames:
65 | - ${NAME}
66 | from:
67 | kind: ImageStreamTag
68 | name: postgresql:${POSTGRESQL_VERSION}
69 | namespace: openshift
70 | - type: ConfigChange
71 | parameters:
72 | - name: NAMESPACE
73 | description: Namespace
74 | displayName: Namespace
75 | required: true
76 | - name: NAME
77 | description: Service name
78 | displayName: Service name
79 | value: "postgresql"
80 | - name: SERVICE_ACCOUNT
81 | description: Service account
82 | displayName: Service account
83 | required: true
84 | - name: "POSTGRESQL_VERSION"
85 | description: PostgreSQL version
86 | displayName: PostgreSQL version
87 | value: "9.5"
88 | - name: POSTGRESQL_SECRET_NAME
89 | description: PostgreSQL secret name
90 | displayName: PostgreSQL secret name
91 | value: "postgresql-credentials"
92 | - name: "POSTGRESQL_DATABASE"
93 | description: PostgreSQL database name
94 | displayName: PostgreSQL database name
95 | value: "artifactory"
96 | - name: "POSTGRESQL_PVC_NAME"
97 | description: PostgreSQL PVC name
98 | displayName: PostgreSQL PVC name
99 | value: "postgresql"
100 | - name: INIT_CONTAINER_IMAGE
101 | description: Init container image
102 | displayName: Init container image
103 | value: "alpine:3.6"
104 | required: true
105 |
--------------------------------------------------------------------------------
/openshift/artifactory/database/postgresql/postgresql-pvc.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: postgresql-volumes-claim-template
5 |
6 | objects:
7 | - apiVersion: v1
8 | kind: PersistentVolumeClaim
9 | metadata:
10 | name: ${POSTGRESQL_PVC_NAME}
11 | namespace: ${NAMESPACE}
12 | spec:
13 | resources:
14 | requests:
15 | storage: ${POSTGRESQL_PVC_SIZE}
16 | accessModes:
17 | - "ReadWriteOnce"
18 |
19 | parameters:
20 | - name: NAMESPACE
21 | description: Namespace
22 | displayName: Namespace
23 | required: true
24 | - name: POSTGRESQL_PVC_NAME
25 | description: PostgreSQL PVC name
26 | displayName: PostgreSQL PVC name
27 | value: "postgresql"
28 | - name: POSTGRESQL_PVC_SIZE
29 | description: PostgreSQL size
30 | displayName: PostgreSQL size
31 | value: "10Gi"
32 |
--------------------------------------------------------------------------------
/openshift/artifactory/database/postgresql/postgresql-service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: postgresql-service-template
5 |
6 | objects:
7 |
8 | - apiVersion: v1
9 | kind: Service
10 | metadata:
11 | name: ${NAME}
12 | namespace: ${NAMESPACE}
13 | spec:
14 | ports:
15 | - name: postgresql
16 | port: 5432
17 | protocol: TCP
18 | targetPort: 5432
19 | selector:
20 | name: ${NAME}
21 |
22 | parameters:
23 | - name: NAMESPACE
24 | description: Namespace
25 | displayName: Namespace
26 | required: true
27 | - name: NAME
28 | description: Service name
29 | displayName: Service name
30 | value: "postgresql"
31 |
--------------------------------------------------------------------------------
/openshift/artifactory/database/postgresql/process.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | print_help() {
3 | echo "Usage:"
4 | echo " run.sh -o OPERATION -p PARAMETERS_FILE [options]"
5 | echo ""
6 | echo "Options:"
7 | echo " -o, --operation: (create|delete)"
8 | echo " -p, --param-file: Path to the parameters file"
9 | }
10 |
11 | OPERATION=""
12 | PARAMETERS_FILE=""
13 |
14 | while [ "$1" != "" ]; do
15 | case $1 in
16 | -o | --operation )
17 | shift
18 | OPERATION=$1
19 | ;;
20 | -p | --param-file )
21 | shift
22 | PARAMETERS_FILE=$1
23 | esac
24 | shift
25 | done
26 |
27 | if [ "$OPERATION" == "" -o "$PARAMETERS_FILE" == "" ]; then
28 | print_help
29 | exit -1
30 | fi
31 |
32 | if [ ! -f $PARAMETERS_FILE ]; then
33 | echo "File $PARAMETERS_FILE not found"
34 | exit -2
35 | fi
36 |
37 | while IFS='' read -r line || [[ -n "$line" ]]; do
38 | export "$line"
39 | done < "$PARAMETERS_FILE"
40 |
41 | printenv | oc process postgresql-volumes-claim-template --ignore-unknown-parameters --param-file=- | oc $OPERATION -f -
42 | printenv | oc process postgresql-template --ignore-unknown-parameters --param-file=- | oc $OPERATION -f -
43 | printenv | oc process postgresql-service-template --ignore-unknown-parameters --param-file=- | oc $OPERATION -f -
44 |
--------------------------------------------------------------------------------
/openshift/artifactory/database/postgresql/sample-params.env:
--------------------------------------------------------------------------------
1 | NAME=postgresql
2 | NAMESPACE=artifactory
3 | SERVICE_ACCOUNT=artifactory
4 | POSTGRESQL_PVC_NAME=postgresql
5 | POSTGRESQL_PVC_SIZE=10Gi
6 | POSTGRESQL_SECRET_NAME=postgresql-credentials
7 | POSTGRESQL_DATABASE=artifactory
8 | INIT_CONTAINER_IMAGE=busybox
9 |
--------------------------------------------------------------------------------
/openshift/artifactory/database/postgresql/secrets/postgresql-secret.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: postgresql-secret-template
5 |
6 | objects:
7 | - apiVersion: v1
8 | kind: Secret
9 | metadata:
10 | name: ${POSTGRESQL_SECRET_NAME}
11 | namespace: ${NAMESPACE}
12 | type: kubernetes.io/basic-auth
13 | data:
14 | username: ${POSTGRESQL_USERNAME}
15 | password: ${POSTGRESQL_PASSWORD}
16 |
17 | parameters:
18 | - name: NAMESPACE
19 | description: Namespace
20 | displayName: Namespace
21 | required: true
22 | - name: POSTGRESQL_SECRET_NAME
23 | description: PostgreSQL secret name
24 | displayName: PostgreSQL secret name
25 | value: "postgresql-credentials"
26 | - name: POSTGRESQL_USERNAME
27 | description: PostgreSQL username
28 | displayName: PostgreSQL username
29 | - name: POSTGRESQL_PASSWORD
30 | description: PostgreSQL password
31 | displayName: PostgreSQL password
32 |
--------------------------------------------------------------------------------
/openshift/artifactory/images/artifactory-license-template.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jfrog/artifactory-docker-examples/b669d505652b922bd4897b6448073c713eb255db/openshift/artifactory/images/artifactory-license-template.png
--------------------------------------------------------------------------------
/openshift/artifactory/images/artifactory-master-key-template.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jfrog/artifactory-docker-examples/b669d505652b922bd4897b6448073c713eb255db/openshift/artifactory/images/artifactory-master-key-template.png
--------------------------------------------------------------------------------
/openshift/artifactory/images/docker-virtual-route.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jfrog/artifactory-docker-examples/b669d505652b922bd4897b6448073c713eb255db/openshift/artifactory/images/docker-virtual-route.png
--------------------------------------------------------------------------------
/openshift/artifactory/images/user-plugin-config-map.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jfrog/artifactory-docker-examples/b669d505652b922bd4897b6448073c713eb255db/openshift/artifactory/images/user-plugin-config-map.png
--------------------------------------------------------------------------------
/openshift/xray/README.md:
--------------------------------------------------------------------------------
1 | # JFrog Xray templates for OpenShift Container Platform (DEPRECATED)#
2 |
3 | The templates part of this github project can be used to install JFrog Xray on OpenShift Container Platform.
4 |
5 | These templates have been tested with OpenShift Container Platform 3.6 (single node) and latest version of oc cli (3.7.14).
6 |
7 | 4 step process to install [JFrog Xray](https://www.jfrog.com/confluence/display/XRAY/Welcome+to+JFrog+Xray) -
8 | * Setup persistent volumes
9 | * Create a project, service account and assign a SCC policy to the service account that will allow RW operations to the PV.
10 | * Deploy templates (ConfigMaps, PersistentVolumeClaims, ImageStreams, DeploymentConfig)
11 | * Create Routes to access JFrog Xray
12 |
13 |
14 | ## Step 1: Setup PersistentVolume ##
15 |
16 | There are at least two ways to setup persistent volume -
17 |
18 | ### NFS as PersistentVolume for Xray microservices and Third party microservices ###
19 |
20 | As part of this architecture, all Xray and third party microservices uses NFS as persistent volume.
21 |
22 | The files below can be used as a reference:
23 | * [xray-data-pv.yaml](xray-data-pv.yaml)
24 | * [xray-mongodb-pv.yaml](xray-mongodb/xray-mongodb-pv.yaml)
25 | * [xray-postgres-pv.yaml](xray-postgres/xray-postgres-pv.yaml)
26 | * [xray-rabbitmq-pv.yaml](xray-rabbitmq/xray-rabbitmq-pv.yaml)
27 |
28 | 
29 |
30 | *Note: It is recommended to use an NFS server where the ulimit can be set (or is already set) to a higher number. Example - in EFS, the number of open files is only 37k and is not configurable.*
31 |
32 | ### NFS as PersistentVolume for Xray microservices and EBS for Third party microservices ###
33 |
34 | As part of this architecture, all Xray microservices uses NFS and each third party microservice can use EBS or persistent disks.
35 |
36 | The files below can be used as a reference:
37 | * [xray-data-pv.yaml](xray-data-pv.yaml)
38 | * [xray-mongodb-ebs-pv.yaml](xray-mongodb/xray-mongodb-ebs-pv.yaml)
39 | * [xray-postgres-ebs-pv.yaml](xray-postgres/xray-postgres-ebs-pv.yaml)
40 | * [xray-rabbitmq-ebs-pv.yaml](xray-rabbitmq/xray-rabbitmq-ebs-pv.yaml)
41 |
42 | 
43 |
44 | ### Note: ###
45 | It is recommended to setup a high nofile limit by updating `/etc/security/limits.conf` file. At the docker daemon and node level, this number is set to a higher value. But make sure that this value is set to a high number on the file system side.
46 | For more information about ulimits, refer [here](https://www.jfrog.com/confluence/display/XRAY/Installing+Xray#InstallingXray-FileHandleAllocationLimit).
47 |
48 | Make sure that Xray user (UID 1035) is the owner of the root path used to create xray-data-pv volume.
49 |
50 | ## Step 2: Create a project (or use existing project) and create a service account
51 | ```
52 | oc new-project test-proj-2
53 | oc create serviceaccount xray-user
54 | ```
55 | This service account will be referred in the DeploymentConfig of Xray microservices.
56 | Xray docker images require root access.
57 | One way to achieve this in OpenShift is to assign a scc that has 'RUNASUSER' policy set as 'RunAsAny'.
58 | OpenShift has builtin scc called 'anyuid' that can be used.
59 |
60 | To assign scc to the service account use following command -
61 | ```
62 | oc adm policy add-scc-to-user $POLICY_NAME -z $SERVICE_ACCOUNT
63 | ```
64 |
65 | Example for 'anyuid' scc will be as follows:
66 | ```
67 | oc adm policy add-scc-to-user anyuid -z xray-user
68 | ```
69 |
70 | Also, ssc linked to the service account should have ReadWrite access to the persistent volume type being used.
71 | Example persistent volume types are 'nfs', 'awsElasticBlockStore'.
72 |
73 |
74 | ## Step 3: Deploy templates ##
75 |
76 | * Update [PARAMETERS_FILE](xray-params.env). This file includes key value pairs required to install Xray.
77 |
78 | * The templates are configured with base requirements. It is recommended to increase CPU, memory, disk limits based on your scale.
79 |
80 | * Make sure that the project (namespace) exists and the username has the right SCC policy to be able to do RW operations on the PVs.
81 |
82 | * Once the templates are updated, run the xray-wrapper script. The xray-wrapper.sh script creates ConfigMaps, PersistentVolumeClaims, ImageStreams and the DeploymentConfig templates of Xray and third party microservices.
83 |
84 | ```
85 | ./xray-wrapper.sh $USERNAME $PARAMETERS_FILE
86 | ```
87 |
88 |
89 |
90 | ## Step 4: Create routes ##
91 |
92 | * Create a route to access [JFrog Xray](https://www.jfrog.com/confluence/display/XRAY/Welcome+to+JFrog+Xray) UI by selecting 'server' as a 'Service' -
93 | 
94 |
95 | [JFrog Xray](https://www.jfrog.com/confluence/display/XRAY/Welcome+to+JFrog+Xray) UI can be accessed using this route. During the first login, there will be an [onboarding wizard](https://www.jfrog.com/confluence/display/XRAY/Getting+Started).
96 |
97 | 
98 |
99 |
100 | * Create a route to access RabbitMQ console (to troubleshoot any issue) -
101 | 
102 |
103 |
104 |
105 | ## Upgrade ##
106 |
107 | ### Usage ###
108 | ```
109 |
110 | # Login
111 | oc login -u username
112 |
113 | # Switch to the correct project or namespace
114 | oc project $NAMESPACE
115 |
116 | # Add ImageStreamTag that corresponds to new Xray version.
117 | oc process -f xray-imagestream.yaml -p NAMESPACE=$NAMESPACE -p XRAY_VERSION=$XRAY_TO_VERSION | oc replace -f -
118 |
119 | # Update xray-upgrade.sh
120 | Set XRAY_TO_VERSION to point to a newer version
121 |
122 | # Execute the upgrade script
123 | ./xray-upgrade.sh
124 |
125 | ```
126 |
127 | The upgrade script stops all Xray microservices, update ImageTrigger to point to the new version of Xray and then starts all Xray microservices.
128 | The new Xray version is set in `xray-upgrade.sh` script.
129 |
130 | *Note that the value of `automatic` in ConfigTrigger will be set to `false` after running the upgrade script.*
131 |
132 | *Note: event microservice has been deprecated in version 2.0.0. If you are upgrading from a previous version, delete the xray-event DeploymentConfig before running the upgrade script.
133 |
134 |
135 |
136 | ## Appendix: ##
137 |
138 |
139 | ### Logs of init containers ###
140 | ``` oc logs podName -c init-xray ```
141 |
142 |
143 | ### Configure NFS ###
144 |
145 | Update etc/security/limits.conf file and add following two lines
146 | ```
147 | 0:1040 hard nofile 100000
148 | 0:1040 soft nofile 100000
149 | ```
150 |
151 | ### Offline DB Sync ###
152 | * JFrog Xray supports [offline DB sync](https://www.jfrog.com/confluence/display/XRAY/Configuring+Xray#ConfiguringXray-OfflineSynchronization)
153 | * The offline DB sync command downloads files from jxray and bintray. These files can be copied to the PV.
154 | * The best approach will be the usage of a sidecar container pattern that shares the same PVC as Xray microservice and copies the data directly to volume.
155 |
156 | ### Installing Xray if a direct access to bintray is not allowed ###
157 | Update DOCKER_REGISTRY value in [PARAMETERS_FILE](xray-params.env) to point to Artifactory's docker registry
158 |
159 | ### Updating credentials of third party microservices ###
160 | Credentials of MongoDB, RabbitMQ and PostGres can be modified by following these [instructions](https://www.jfrog.com/confluence/display/XRAY/Configuring+Xray#ConfiguringXray-ChangingThirdPartyServiceCredentials)
161 |
--------------------------------------------------------------------------------
/openshift/xray/images/pv_efs_ebs.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jfrog/artifactory-docker-examples/b669d505652b922bd4897b6448073c713eb255db/openshift/xray/images/pv_efs_ebs.png
--------------------------------------------------------------------------------
/openshift/xray/images/pv_nfs.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jfrog/artifactory-docker-examples/b669d505652b922bd4897b6448073c713eb255db/openshift/xray/images/pv_nfs.png
--------------------------------------------------------------------------------
/openshift/xray/images/rabbitmq_route.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jfrog/artifactory-docker-examples/b669d505652b922bd4897b6448073c713eb255db/openshift/xray/images/rabbitmq_route.png
--------------------------------------------------------------------------------
/openshift/xray/images/xray_server_route.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jfrog/artifactory-docker-examples/b669d505652b922bd4897b6448073c713eb255db/openshift/xray/images/xray_server_route.png
--------------------------------------------------------------------------------
/openshift/xray/images/xray_ui.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jfrog/artifactory-docker-examples/b669d505652b922bd4897b6448073c713eb255db/openshift/xray/images/xray_ui.png
--------------------------------------------------------------------------------
/openshift/xray/xray-analysis.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | labels:
4 | template: Xray-Analysis
5 | message: |-
6 | The following service(s) have been created in your project: xray-analysis.
7 |
8 | Connection URL: http://xray-analysis:7000
9 | metadata:
10 | annotations:
11 | description: |-
12 | Xray Analysis Template
13 |
14 | NOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.
15 | openshift.io/display-name: JFrog Xray Analysis
16 | tags: ci-cd,build,repository
17 | name: xray-analysis
18 | objects:
19 | - apiVersion: v1
20 | kind: Service
21 | metadata:
22 | name: analysis
23 | spec:
24 | ports:
25 | - name: 7000-tcp
26 | port: 7000
27 | protocol: TCP
28 | targetPort: 7000
29 | selector:
30 | name: analysis
31 | - apiVersion: v1
32 | kind: DeploymentConfig
33 | metadata:
34 | name: analysis
35 | spec:
36 | replicas: 1
37 | selector:
38 | name: analysis
39 | strategy:
40 | type: Recreate
41 | template:
42 | metadata:
43 | labels:
44 | name: analysis
45 | spec:
46 | serviceAccountName: ${SERVICE_ACCOUNT}
47 | initContainers:
48 | - name: init-xray
49 | image: ${INIT_CONTAINER_IMAGE}
50 | command:
51 | - 'sh'
52 | - '-c'
53 | - >
54 | until nc -z -w 2 rabbitmq 5672 && echo rabbitmq ok && nc -z -w 2 mongodb 27017 && echo mongodb ok && nc -z -w 2 postgres 5432 && echo postgres ok ; do sleep 2; done;
55 | mkdir -p /var/opt/jfrog/xray/data/config;
56 | chmod 777 /var/opt/jfrog/xray/data/config;
57 | cp /xray-config/xray_config.yaml /var/opt/jfrog/xray/data/config/xray_config.yaml;
58 | chmod 777 /var/opt/jfrog/xray/data/config/xray_config.yaml;
59 | imagePullPolicy: IfNotPresent
60 | volumeMounts:
61 | - mountPath: /var/opt/jfrog/xray/data
62 | name: volume-xray-analysis
63 | - mountPath: /xray-config/xray_config.yaml
64 | name: xray-conf-setup
65 | subPath: xray_config.yaml
66 | containers:
67 | - env:
68 | - name: XRAYCONFIGPATH
69 | value: /var/opt/jfrog/xray/data
70 | image: ''
71 | imagePullPolicy: IfNotPresent
72 | name: analysis
73 | ports:
74 | - containerPort: 7000
75 | protocol: TCP
76 | volumeMounts:
77 | - mountPath: /var/opt/jfrog/xray/data
78 | name: volume-xray-analysis
79 | resources:
80 | requests:
81 | memory: "256Mi"
82 | cpu: "100m"
83 | limits:
84 | memory: "1Gi"
85 | cpu: "1"
86 | livenessProbe:
87 | failureThreshold: 3
88 | httpGet:
89 | path: /debug/pprof/
90 | port: 7000
91 | scheme: HTTP
92 | initialDelaySeconds: 10
93 | periodSeconds: 10
94 | successThreshold: 1
95 | timeoutSeconds: 10
96 | readinessProbe:
97 | failureThreshold: 3
98 | httpGet:
99 | path: /debug/pprof/
100 | port: 7000
101 | scheme: HTTP
102 | initialDelaySeconds: 10
103 | periodSeconds: 10
104 | successThreshold: 1
105 | timeoutSeconds: 10
106 | securityContext:
107 | supplementalGroups: [1035]
108 | volumes:
109 | - name: volume-xray-analysis
110 | persistentVolumeClaim:
111 | claimName: xray-data-pvc
112 | - name: xray-conf-setup
113 | configMap:
114 | name: xray-conf-setup
115 | triggers:
116 | - type: ConfigChange
117 | - type: ImageChange
118 | imageChangeParams:
119 | automatic: true
120 | containerNames:
121 | - analysis
122 | from:
123 | kind: ImageStreamTag
124 | namespace: ${NAMESPACE}
125 | name: xray-analysis:${XRAY_VERSION}
126 |
127 | parameters:
128 | - name: NAMESPACE
129 | description: Namespace
130 | displayName: Namespace
131 | required: true
132 | - name: XRAY_VERSION
133 | description: JFrog Xray Version
134 | displayName: JFrog Xray Version
135 | value: 1.10.1
136 | required: true
137 | - name: SERVICE_ACCOUNT
138 | description: Service account
139 | displayName: Service account
140 | required: true
141 | - name: INIT_CONTAINER_IMAGE
142 | description: Init container image
143 | displayName: Init container image
144 | value: "alpine:3.6"
145 | required: true
146 |
--------------------------------------------------------------------------------
/openshift/xray/xray-data-pv.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolume
3 | metadata:
4 | name: xray-data-pv-NAMESPACE
5 | spec:
6 | capacity:
7 | storage: 100Gi
8 | accessModes:
9 | - ReadWriteMany
10 | nfs:
11 | path: /data/xray
12 | server: NFS_SERVER
13 | persistentVolumeReclaimPolicy: Retain
14 |
--------------------------------------------------------------------------------
/openshift/xray/xray-data-pvc.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: xray-data-pvc-template
5 | annotations:
6 | openshift.io/provider-display-name: "JFrog"
7 | openshift.io/display-name: "JFrog Xray Data PVC"
8 | description: |-
9 | This template creates a PVC to be used by JFrog Xray
10 | tags: "ci-cd"
11 |
12 | objects:
13 | - apiVersion: v1
14 | kind: PersistentVolumeClaim
15 | metadata:
16 | name: xray-data-pvc
17 | namespace: ${NAMESPACE}
18 | spec:
19 | accessModes:
20 | - ReadWriteMany
21 | resources:
22 | requests:
23 | storage: ${XRAY_DATA_PVC_SIZE}
24 | volumeName: xray-data-pv-${NAMESPACE}
25 |
26 | parameters:
27 | - name: NAMESPACE
28 | description: Namespace
29 | displayName: Namespace
30 | required: true
31 | - name: XRAY_DATA_PVC_SIZE
32 | description: Size of JFrog Xray data
33 | displayName: Size of JFrog Xray data
34 | value: 100Gi
35 | required: true
36 |
--------------------------------------------------------------------------------
/openshift/xray/xray-imagestream.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: xray-imagestream-template
5 |
6 | objects:
7 | - apiVersion: v1
8 | kind: ImageStream
9 | metadata:
10 | name: xray-server
11 | namespace: ${NAMESPACE}
12 | spec:
13 | dockerImageRepository: ${DOCKER_REGISTRY}/jfrog/xray-server
14 | tags:
15 | - name: ${XRAY_VERSION}
16 | from:
17 | kind: DockerImage
18 | name: ${DOCKER_REGISTRY}/jfrog/xray-server:${XRAY_VERSION}
19 | - apiVersion: v1
20 | kind: ImageStream
21 | metadata:
22 | name: xray-persist
23 | namespace: ${NAMESPACE}
24 | spec:
25 | dockerImageRepository: ${DOCKER_REGISTRY}/jfrog/xray-persist
26 | tags:
27 | - name: ${XRAY_VERSION}
28 | from:
29 | kind: DockerImage
30 | name: ${DOCKER_REGISTRY}/jfrog/xray-persist:${XRAY_VERSION}
31 | - apiVersion: v1
32 | kind: ImageStream
33 | metadata:
34 | name: xray-event
35 | namespace: ${NAMESPACE}
36 | spec:
37 | dockerImageRepository: ${DOCKER_REGISTRY}/jfrog/xray-event
38 | tags:
39 | - name: ${XRAY_VERSION}
40 | from:
41 | kind: DockerImage
42 | name: ${DOCKER_REGISTRY}/jfrog/xray-event:${XRAY_VERSION}
43 | - apiVersion: v1
44 | kind: ImageStream
45 | metadata:
46 | name: xray-analysis
47 | namespace: ${NAMESPACE}
48 | spec:
49 | dockerImageRepository: ${DOCKER_REGISTRY}/jfrog/xray-analysis
50 | tags:
51 | - name: ${XRAY_VERSION}
52 | from:
53 | kind: DockerImage
54 | name: ${DOCKER_REGISTRY}/jfrog/xray-analysis:${XRAY_VERSION}
55 | - apiVersion: v1
56 | kind: ImageStream
57 | metadata:
58 | name: xray-indexer
59 | namespace: ${NAMESPACE}
60 | spec:
61 | dockerImageRepository: ${DOCKER_REGISTRY}/jfrog/xray-indexer
62 | tags:
63 | - name: ${XRAY_VERSION}
64 | from:
65 | kind: DockerImage
66 | name: ${DOCKER_REGISTRY}/jfrog/xray-indexer:${XRAY_VERSION}
67 | parameters:
68 | - name: NAMESPACE
69 | description: Namespace
70 | displayName: Namespace
71 | required: true
72 | - name: DOCKER_REGISTRY
73 | description: Docker registry that provides JFrog Xray docker images
74 | displayName: Docker registry that provides JFrog Xray docker images
75 | value: "docker.bintray.io"
76 | required: true
77 | - name: XRAY_VERSION
78 | description: JFrog Xray Version
79 | displayName: JFrog Xray Version
80 | value: "1.8.6.5"
81 | required: true
82 |
83 |
--------------------------------------------------------------------------------
/openshift/xray/xray-indexer.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | labels:
4 | template: Xray-Indexer
5 | message: |-
6 | The following service(s) have been created in your project: xray-indexer.
7 |
8 | Connection URL: http://xray-indexer:7002
9 | metadata:
10 | annotations:
11 | description: |-
12 | Xray Indexer Template
13 |
14 | NOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.
15 | openshift.io/display-name: JFrog Xray Indexer
16 | tags: ci-cd,build,repository
17 | name: xray-indexer
18 | objects:
19 | - apiVersion: v1
20 | kind: Service
21 | metadata:
22 | name: indexer
23 | spec:
24 | ports:
25 | - name: 7002-tcp
26 | port: 7002
27 | protocol: TCP
28 | targetPort: 7002
29 | selector:
30 | name: indexer
31 | - apiVersion: v1
32 | kind: DeploymentConfig
33 | metadata:
34 | name: indexer
35 | spec:
36 | replicas: 1
37 | selector:
38 | name: indexer
39 | strategy:
40 | type: Recreate
41 | template:
42 | metadata:
43 | labels:
44 | name: indexer
45 | spec:
46 | serviceAccountName: ${SERVICE_ACCOUNT}
47 | initContainers:
48 | - name: init-xray
49 | image: ${INIT_CONTAINER_IMAGE}
50 | command:
51 | - 'sh'
52 | - '-c'
53 | - >
54 | until nc -z -w 2 rabbitmq 5672 && echo rabbitmq ok && nc -z -w 2 mongodb 27017 && echo mongodb ok && nc -z -w 2 postgres 5432 && echo postgres ok ; do sleep 2; done;
55 | mkdir -p /var/opt/jfrog/xray/data/config;
56 | chmod 777 /var/opt/jfrog/xray/data/config;
57 | cp /xray-config/xray_config.yaml /var/opt/jfrog/xray/data/config/xray_config.yaml;
58 | chmod 777 /var/opt/jfrog/xray/data/config/xray_config.yaml;
59 | imagePullPolicy: IfNotPresent
60 | volumeMounts:
61 | - mountPath: /var/opt/jfrog/xray/data
62 | name: volume-xray-indexer
63 | - mountPath: /xray-config/xray_config.yaml
64 | name: xray-conf-setup
65 | subPath: xray_config.yaml
66 | containers:
67 | - env:
68 | - name: XRAYCONFIGPATH
69 | value: /var/opt/jfrog/xray/data
70 | image: ''
71 | imagePullPolicy: IfNotPresent
72 | name: indexer
73 | ports:
74 | - containerPort: 7002
75 | protocol: TCP
76 | volumeMounts:
77 | - mountPath: /var/opt/jfrog/xray/data
78 | name: volume-xray-indexer
79 | resources:
80 | requests:
81 | memory: "256Mi"
82 | cpu: "100m"
83 | limits:
84 | memory: "1Gi"
85 | cpu: "1"
86 | livenessProbe:
87 | failureThreshold: 3
88 | httpGet:
89 | path: /debug/pprof/
90 | port: 7002
91 | scheme: HTTP
92 | initialDelaySeconds: 10
93 | periodSeconds: 10
94 | successThreshold: 1
95 | timeoutSeconds: 10
96 | readinessProbe:
97 | failureThreshold: 3
98 | httpGet:
99 | path: /debug/pprof/
100 | port: 7002
101 | scheme: HTTP
102 | initialDelaySeconds: 10
103 | periodSeconds: 10
104 | successThreshold: 1
105 | timeoutSeconds: 10
106 | securityContext:
107 | supplementalGroups: [1035]
108 | volumes:
109 | - name: volume-xray-indexer
110 | persistentVolumeClaim:
111 | claimName: xray-data-pvc
112 | - name: xray-conf-setup
113 | configMap:
114 | name: xray-conf-setup
115 | triggers:
116 | - type: ConfigChange
117 | - type: ImageChange
118 | imageChangeParams:
119 | automatic: true
120 | containerNames:
121 | - indexer
122 | from:
123 | kind: ImageStreamTag
124 | namespace: ${NAMESPACE}
125 | name: xray-indexer:${XRAY_VERSION}
126 |
127 | parameters:
128 | - name: NAMESPACE
129 | description: Namespace
130 | displayName: Namespace
131 | required: true
132 | - name: XRAY_VERSION
133 | description: JFrog Xray Version
134 | displayName: JFrog Xray Version
135 | value: 1.10.1
136 | required: true
137 | - name: SERVICE_ACCOUNT
138 | description: Service account
139 | displayName: Service account
140 | required: true
141 | - name: INIT_CONTAINER_IMAGE
142 | description: Init container image
143 | displayName: Init container image
144 | value: "alpine:3.6"
145 | required: true
146 |
--------------------------------------------------------------------------------
/openshift/xray/xray-mongodb/xray-mongodb-ebs-pv.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolume
3 | metadata:
4 | name: xray-mongodb-pv-NAMESPACE
5 | spec:
6 | capacity:
7 | storage: 50Gi
8 | accessModes:
9 | - "ReadWriteOnce"
10 | awsElasticBlockStore:
11 | fsType: "ext4"
12 | volumeID: MONGODB_VOLUME_ID
13 |
--------------------------------------------------------------------------------
/openshift/xray/xray-mongodb/xray-mongodb-pv.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolume
3 | metadata:
4 | name: xray-mongodb-pv-NAMESPACE
5 | spec:
6 | accessModes:
7 | - ReadWriteMany
8 | capacity:
9 | storage: 50Gi
10 | nfs:
11 | path: /data/xraydb/mongodb
12 | server: NFS_SERVER
13 | persistentVolumeReclaimPolicy: Retain
14 |
--------------------------------------------------------------------------------
/openshift/xray/xray-mongodb/xray-mongodb-pvc.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: xray-mongodb-pvc-template
5 | annotations:
6 | openshift.io/provider-display-name: "JFrog"
7 | openshift.io/display-name: "JFrog Xray MongoDB PVC"
8 | description: |-
9 | This template creates a PVC to be used by MongoDB
10 | tags: "ci-cd"
11 |
12 | objects:
13 | - apiVersion: v1
14 | kind: PersistentVolumeClaim
15 | metadata:
16 | name: xray-mongodb-pvc
17 | namespace: ${NAMESPACE}
18 | spec:
19 | accessModes:
20 | - ReadWriteMany
21 | resources:
22 | requests:
23 | storage: ${MONGODB_PVC_SIZE}
24 | volumeName: xray-mongodb-pv-${NAMESPACE}
25 | parameters:
26 | - name: NAMESPACE
27 | description: Namespace
28 | displayName: Namespace
29 | required: true
30 | - name: MONGODB_PVC_SIZE
31 | description: Size of MongoDB pvc
32 | displayName: Size of MongoDB pvc
33 | value: 50Gi
34 | required: true
35 |
36 |
--------------------------------------------------------------------------------
/openshift/xray/xray-mongodb/xray-mongodb-setup-configmap.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: xray-mongodb-configmap-template
5 | annotations:
6 | openshift.io/provider-display-name: "JFrog"
7 | openshift.io/display-name: "MongoDB ConfigMap"
8 | description: |-
9 | This template creates a ConfigMap to be used to bootstrap MongoDB
10 | tags: "ci-cd"
11 |
12 | objects:
13 | - apiVersion: v1
14 | kind: ConfigMap
15 | metadata:
16 | name: xray-mongodb-setup
17 | namespace: ${NAMESPACE}
18 | data:
19 | createMongoDBUsers.js: |
20 | //JFrog Xray MongoDB Bootstrap
21 | //Creating default admin user
22 | var adminUser = {
23 | user:"admin",
24 | pwd: "password",
25 | roles: ["root"],
26 | customData: {
27 | createdBy: "JFrog Xray installer"
28 | }
29 | }
30 | db.getSiblingDB("admin").createUser(adminUser)
31 | //Creating default xray user
32 | var xrayUser = {
33 | user:"xray",
34 | pwd: "password",
35 | roles: ["dbOwner"],
36 | customData: {
37 | createdBy: "JFrog Xray installer"
38 | }
39 | }
40 | //Authenticating as admin to create xray user
41 | var loginOutput = db.getSiblingDB("admin").auth(adminUser.user,adminUser.pwd)
42 | db.getSiblingDB("xray").createUser(xrayUser)
43 | setup.sh: |
44 | #!/bin/bash
45 | # Setup script to create MongoDB users
46 | MONGO_DATA=/data
47 | DB_CREATED_FLAG=${MONGO_DATA}/db/createMongoDBUsers.done
48 | errorExit () {
49 | echo; echo "ERROR: $1"; echo; exit 1
50 | }
51 | if [ ! -f ${DB_CREATED_FLAG} ]; then
52 | echo "Waiting for mongodb to come up"
53 | until mongo --eval "db.adminCommand('ping')" --host ${MONGODB_SERVICE_HOST} > /dev/null 2>&1; do
54 | echo "Waiting for db availability"
55 | sleep 2
56 | done
57 | echo "DB ready. Configuring..."
58 | mongo --host ${MONGODB_SERVICE_HOST} < /scripts/createMongoDBUsers.js || errorExit "DB user setup failed"
59 | touch ${DB_CREATED_FLAG} || errorExit "Creating ${DB_CREATED_FLAG} failed"
60 | echo "DB config done"
61 | else
62 | echo "${DB_CREATED_FLAG} exists! DB was already setup before. Skipping DB configuration..."
63 | fi
64 |
65 | parameters:
66 | - name: NAMESPACE
67 | description: Namespace
68 | displayName: Namespace
69 | required: true
70 |
--------------------------------------------------------------------------------
/openshift/xray/xray-mongodb/xray-mongodb.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | labels:
4 | template: Xray-Mongodb
5 | message: |-
6 | The following service(s) have been created in your project: xray-mongodb.
7 |
8 | Connection URL: http://xray-mongodb:27017
9 | metadata:
10 | annotations:
11 | description: |-
12 | Xray Mongodb Template
13 |
14 | NOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.
15 | iconClass: icon-mysql-database
16 | openshift.io/display-name: JFrog Xray Mongodb
17 | tags: datastore
18 | name: xray-mongodb
19 | objects:
20 | - apiVersion: v1
21 | kind: Service
22 | metadata:
23 | name: mongodb
24 | spec:
25 | ports:
26 | - name: 27017-tcp
27 | port: 27017
28 | protocol: TCP
29 | targetPort: 27017
30 | - name: 28017-tcp
31 | port: 28017
32 | protocol: TCP
33 | targetPort: 28017
34 | selector:
35 | name: mongodb
36 | - apiVersion: v1
37 | kind: ImageStream
38 | metadata:
39 | name: mongodb
40 | namespace: ${NAMESPACE}
41 | spec:
42 | tags:
43 | - name: latest
44 | annotations: null
45 | from:
46 | kind: DockerImage
47 | name: ${DOCKER_REGISTRY}/jfrog/xray-mongo:3.2.6
48 | - apiVersion: v1
49 | kind: DeploymentConfig
50 | metadata:
51 | name: mongodb
52 | spec:
53 | replicas: 1
54 | selector:
55 | name: mongodb
56 | strategy:
57 | type: Recreate
58 | recreateParams:
59 | post:
60 | failurePolicy: ignore
61 | execNewPod:
62 | command:
63 | - '/bin/sh'
64 | - '-c'
65 | - sleep 10 && bash /scripts/setup.sh > /data/db/setup-$(date +%Y%m%d%H%M%S).log 2>&1
66 | containerName: mongodb
67 | volumes:
68 | - xray-mongodb-setup
69 | - mongodb-volume-db
70 | timeoutSeconds: 600
71 | template:
72 | metadata:
73 | labels:
74 | name: mongodb
75 | spec:
76 | containers:
77 | - env:
78 | image: ${DOCKER_REGISTRY}/jfrog/xray-mongo:3.2.6@sha256:d040daee83452b3a2db3a8d91bfe29e890a5cbe6c331dc12c32024bd132c99a3
79 | imagePullPolicy: IfNotPresent
80 | name: mongodb
81 | command:
82 | - mongod
83 | - '--wiredTigerCacheSizeGB=6'
84 | lifecycle:
85 | preStop:
86 | exec:
87 | command:
88 | - mongod
89 | - '--dbpath /data/db'
90 | - '--shutdown'
91 | ports:
92 | - containerPort: 27017
93 | protocol: TCP
94 | - containerPort: 28017
95 | protocol: TCP
96 | volumeMounts:
97 | - mountPath: /scripts
98 | name: xray-mongodb-setup
99 | - mountPath: /data/db
100 | name: mongodb-volume-db
101 | resources:
102 | requests:
103 | memory: "5Gi"
104 | cpu: "200m"
105 | limits:
106 | memory: "7Gi"
107 | cpu: "1"
108 | livenessProbe:
109 | exec:
110 | command:
111 | - mongo
112 | - --eval
113 | - "db.adminCommand('ping')"
114 | initialDelaySeconds: 30
115 | periodSeconds: 30
116 | timeoutSeconds: 10
117 | readinessProbe:
118 | exec:
119 | command:
120 | - mongo
121 | - --eval
122 | - "db.adminCommand('ping')"
123 | initialDelaySeconds: 30
124 | periodSeconds: 30
125 | timeoutSeconds: 10
126 | volumes:
127 | - name: mongodb-volume-db
128 | persistentVolumeClaim:
129 | claimName: xray-mongodb-pvc
130 | - name: xray-mongodb-setup
131 | configMap:
132 | name: xray-mongodb-setup
133 | triggers:
134 | - type: ConfigChange
135 |
136 | parameters:
137 | - name: NAMESPACE
138 | description: Namespace
139 | displayName: Namespace
140 | required: true
141 | - name: DOCKER_REGISTRY
142 | description: Docker registry that provides JFrog Xray docker images
143 | displayName: Docker registry that provides JFrog Xray docker images
144 | value: "docker.bintray.io"
145 | required: true
146 |
--------------------------------------------------------------------------------
/openshift/xray/xray-params.env:
--------------------------------------------------------------------------------
1 | NAMESPACE=test-proj-2
2 | SERVICE_ACCOUNT=xray-user
3 | XRAY_VERSION=2.3.0
4 | INIT_CONTAINER_IMAGE=alpine:3.6
5 | DOCKER_REGISTRY=docker.bintray.io
6 | XRAY_DATA_PVC_SIZE=100Gi
7 | MONGODB_PVC_SIZE=50Gi
8 | RABBITMQ_PVC_SIZE=50Gi
9 | POSTGRES_PVC_SIZE=50Gi
10 |
--------------------------------------------------------------------------------
/openshift/xray/xray-persist.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | labels:
4 | template: Xray-Persist
5 | message: |-
6 | The following service(s) have been created in your project: xray-persist.
7 |
8 | Connection URL: http://xray-persist:7003
9 | metadata:
10 | annotations:
11 | description: |-
12 | JFrog Xray Persist Template
13 |
14 | NOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.
15 | openshift.io/display-name: JFrog Xray Persist
16 | tags: ci-cd,build,repository
17 | name: xray-persist
18 | objects:
19 | - apiVersion: v1
20 | kind: Service
21 | metadata:
22 | name: persist
23 | spec:
24 | ports:
25 | - name: 7003-tcp
26 | port: 7003
27 | protocol: TCP
28 | targetPort: 7003
29 | selector:
30 | name: persist
31 | - apiVersion: v1
32 | kind: DeploymentConfig
33 | metadata:
34 | name: persist
35 | spec:
36 | replicas: 1
37 | selector:
38 | name: persist
39 | strategy:
40 | type: Recreate
41 | template:
42 | metadata:
43 | labels:
44 | name: persist
45 | spec:
46 | serviceAccountName: ${SERVICE_ACCOUNT}
47 | initContainers:
48 | - name: init-xray
49 | image: ${INIT_CONTAINER_IMAGE}
50 | command:
51 | - 'sh'
52 | - '-c'
53 | - >
54 | until nc -z -w 2 rabbitmq 5672 && echo rabbitmq ok && nc -z -w 2 mongodb 27017 && echo mongodb ok && nc -z -w 2 postgres 5432 && echo postgres ok ; do sleep 2; done;
55 | mkdir -p /var/opt/jfrog/xray/data/config;
56 | chmod 777 /var/opt/jfrog/xray/data/config;
57 | cp /xray-config/xray_config.yaml /var/opt/jfrog/xray/data/config/xray_config.yaml;
58 | chmod 777 /var/opt/jfrog/xray/data/config/xray_config.yaml;
59 | imagePullPolicy: IfNotPresent
60 | volumeMounts:
61 | - mountPath: /var/opt/jfrog/xray/data
62 | name: volume-xray-persist
63 | - mountPath: /xray-config/xray_config.yaml
64 | name: xray-conf-setup
65 | subPath: xray_config.yaml
66 | containers:
67 | - env:
68 | - name: XRAYCONFIGPATH
69 | value: /var/opt/jfrog/xray/data
70 | image: ''
71 | imagePullPolicy: IfNotPresent
72 | name: persist
73 | securityContext:
74 | supplementalGroups: [1035]
75 | ports:
76 | - containerPort: 7003
77 | protocol: TCP
78 | volumeMounts:
79 | - mountPath: /var/opt/jfrog/xray/data
80 | name: volume-xray-persist
81 | resources:
82 | requests:
83 | memory: "256Mi"
84 | cpu: "100m"
85 | limits:
86 | memory: "1Gi"
87 | cpu: "1"
88 | livenessProbe:
89 | failureThreshold: 3
90 | httpGet:
91 | path: /debug/pprof/
92 | port: 7003
93 | scheme: HTTP
94 | initialDelaySeconds: 10
95 | periodSeconds: 10
96 | successThreshold: 1
97 | timeoutSeconds: 10
98 | readinessProbe:
99 | failureThreshold: 3
100 | httpGet:
101 | path: /debug/pprof/
102 | port: 7003
103 | scheme: HTTP
104 | initialDelaySeconds: 10
105 | periodSeconds: 10
106 | successThreshold: 1
107 | timeoutSeconds: 10
108 | securityContext:
109 | supplementalGroups: [1035]
110 | volumes:
111 | - name: volume-xray-persist
112 | persistentVolumeClaim:
113 | claimName: xray-data-pvc
114 | - name: xray-conf-setup
115 | configMap:
116 | name: xray-conf-setup
117 | triggers:
118 | - type: ConfigChange
119 | - type: ImageChange
120 | imageChangeParams:
121 | automatic: true
122 | containerNames:
123 | - persist
124 | from:
125 | kind: ImageStreamTag
126 | namespace: ${NAMESPACE}
127 | name: xray-persist:${XRAY_VERSION}
128 |
129 | parameters:
130 | - name: NAMESPACE
131 | description: Namespace
132 | displayName: Namespace
133 | required: true
134 | - name: XRAY_VERSION
135 | description: JFrog Xray Version
136 | displayName: JFrog Xray Version
137 | value: 1.10.1
138 | required: true
139 | - name: SERVICE_ACCOUNT
140 | description: Service account
141 | displayName: Service account
142 | required: true
143 | - name: INIT_CONTAINER_IMAGE
144 | description: Init container image
145 | displayName: Init container image
146 | value: "alpine:3.6"
147 | required: true
148 |
--------------------------------------------------------------------------------
/openshift/xray/xray-postgres/xray-postgres-ebs-pv.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolume
3 | metadata:
4 | name: xray-postgres-pv-NAMESPACE
5 | spec:
6 | capacity:
7 | storage: 50Gi
8 | accessModes:
9 | - "ReadWriteOnce"
10 | awsElasticBlockStore:
11 | fsType: "ext4"
12 | volumeID: POSTGRES_VOLUME_ID
13 |
--------------------------------------------------------------------------------
/openshift/xray/xray-postgres/xray-postgres-pv.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolume
3 | metadata:
4 | name: xray-postgres-pv-NAMESPACE
5 | spec:
6 | capacity:
7 | storage: 50Gi
8 | accessModes:
9 | - ReadWriteMany
10 | nfs:
11 | path: /data/xraydb/xraypostgres
12 | server: NFS_SERVER
13 | persistentVolumeReclaimPolicy: Retain
14 |
--------------------------------------------------------------------------------
/openshift/xray/xray-postgres/xray-postgres-pvc.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: xray-postgres-pvc-template
5 | annotations:
6 | openshift.io/provider-display-name: "JFrog"
7 | openshift.io/display-name: "JFrog Xray PostGres PVC"
8 | description: |-
9 | This template creates a PVC to be used by PostGres
10 | tags: "ci-cd"
11 |
12 | objects:
13 | - apiVersion: v1
14 | kind: PersistentVolumeClaim
15 | metadata:
16 | name: xray-postgres-pvc
17 | namespace: ${NAMESPACE}
18 | spec:
19 | accessModes:
20 | - ReadWriteMany
21 | resources:
22 | requests:
23 | storage: ${POSTGRES_PVC_SIZE}
24 | volumeName: xray-postgres-pv-${NAMESPACE}
25 |
26 | parameters:
27 | - name: NAMESPACE
28 | description: Namespace
29 | displayName: Namespace
30 | required: true
31 | - name: POSTGRES_PVC_SIZE
32 | description: Size of Postgres pvc
33 | displayName: Size of Postgres pvc
34 | value: 50Gi
35 | required: true
36 |
--------------------------------------------------------------------------------
/openshift/xray/xray-postgres/xray-postgres.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | labels:
4 | template: Xray-Postgres
5 | message: |-
6 | The following service(s) have been created in your project: xray-postgres.
7 |
8 | Connection URL: http://xray-postgres:5432
9 | metadata:
10 | annotations:
11 | description: |-
12 | JFrog Xray Postgres Template
13 |
14 | NOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.
15 | iconClass: icon-mysql-database
16 | openshift.io/display-name: JFrog Xray Postgres
17 | tags: datastore,ci-cd,jfrog
18 | name: xray-postgres
19 | objects:
20 | - apiVersion: v1
21 | kind: Service
22 | metadata:
23 | name: postgres
24 | spec:
25 | ports:
26 | - name: 5432-tcp
27 | port: 5432
28 | protocol: TCP
29 | targetPort: 5432
30 | selector:
31 | name: postgres
32 | - apiVersion: v1
33 | kind: ImageStream
34 | metadata:
35 | name: postgres
36 | namespace: ${NAMESPACE}
37 | spec:
38 | tags:
39 | - name: latest
40 | annotations: null
41 | from:
42 | kind: DockerImage
43 | name: ${DOCKER_REGISTRY}/jfrog/xray-postgres:9.5.2
44 | - apiVersion: v1
45 | kind: DeploymentConfig
46 | metadata:
47 | name: postgres
48 | spec:
49 | replicas: 1
50 | selector:
51 | name: postgres
52 | strategy:
53 | type: Recreate
54 | template:
55 | metadata:
56 | labels:
57 | name: postgres
58 | spec:
59 | initContainers:
60 | - name: init
61 | image: ${INIT_CONTAINER_IMAGE}
62 | command: ['sh', '-c', 'rm -rf /var/lib/postgresql/data/lost+found']
63 | volumeMounts:
64 | - name: postgres-volume
65 | mountPath: /var/lib/postgresql/data
66 | containers:
67 | - env:
68 | - name: POSTGRES_USER
69 | value: xray
70 | - name: POSTGRES_PASSWORD
71 | value: xray
72 | - name: POSTGRES_DB
73 | value: xraydb
74 | - name: PGDATA
75 | value: /var/lib/postgresql/data/pgdata
76 | image: ${DOCKER_REGISTRY}/jfrog/xray-postgres:9.5.2@sha256:17395001988c5551b7c6468218641d185b9ab4c36734101324d84ab54c466b21
77 | imagePullPolicy: IfNotPresent
78 | name: postgres
79 | ports:
80 | - containerPort: 5432
81 | protocol: TCP
82 | volumeMounts:
83 | - mountPath: /var/lib/postgresql/data
84 | name: postgres-volume
85 | resources:
86 | requests:
87 | memory: "1Gi"
88 | cpu: "250m"
89 | limits:
90 | memory: "2Gi"
91 | cpu: "1"
92 | volumes:
93 | - name: postgres-volume
94 | persistentVolumeClaim:
95 | claimName: xray-postgres-pvc
96 | triggers:
97 | - type: ConfigChange
98 |
99 | parameters:
100 | - name: NAMESPACE
101 | description: Namespace
102 | displayName: Namespace
103 | required: true
104 | - name: DOCKER_REGISTRY
105 | description: Docker registry that provides JFrog Xray docker images
106 | displayName: Docker registry that provides JFrog Xray docker images
107 | value: "docker.bintray.io"
108 | required: true
109 | - name: INIT_CONTAINER_IMAGE
110 | description: Init container image
111 | displayName: Init container image
112 | value: "alpine:3.6"
113 | required: true
114 |
--------------------------------------------------------------------------------
/openshift/xray/xray-rabbitmq/xray-rabbitmq-configmap.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: xray-rabbitmq-configmap-template
5 | annotations:
6 | openshift.io/provider-display-name: "JFrog"
7 | openshift.io/display-name: "RabbitMQ ConfigMap"
8 | description: |-
9 | This template creates a ConfigMap to be used by RabbitMQ
10 | tags: "ci-cd"
11 |
12 | objects:
13 | - apiVersion: v1
14 | data:
15 | rabbitmq.config: "[{rabbit,[{loopback_users, []},{vm_memory_high_watermark,
16 | {absolute, \"1GiB\"}}]}]."
17 | kind: ConfigMap
18 | metadata:
19 | name: xray-rabbitmq-conf
20 | namespace: ${NAMESPACE}
21 |
22 | parameters:
23 | - name: NAMESPACE
24 | description: Namespace
25 | displayName: Namespace
26 | required: true
27 |
--------------------------------------------------------------------------------
/openshift/xray/xray-rabbitmq/xray-rabbitmq-ebs-pv.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolume
3 | metadata:
4 | name: xray-rabbitmq-pv-NAMESPACE
5 | spec:
6 | capacity:
7 | storage: 50Gi
8 | accessModes:
9 | - "ReadWriteOnce"
10 | awsElasticBlockStore:
11 | fsType: "ext4"
12 | volumeID: RABBITMQ_VOLUME_ID
13 |
--------------------------------------------------------------------------------
/openshift/xray/xray-rabbitmq/xray-rabbitmq-pv.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolume
3 | metadata:
4 | name: xray-rabbitmq-pv-NAMESPACE
5 | spec:
6 | capacity:
7 | storage: 50Gi
8 | accessModes:
9 | - ReadWriteMany
10 | nfs:
11 | path: /data/xraydb/rabbitmq
12 | server: NFS_SERVER
13 | persistentVolumeReclaimPolicy: Retain
14 |
--------------------------------------------------------------------------------
/openshift/xray/xray-rabbitmq/xray-rabbitmq-pvc.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: xray-rabbitmq-pvc-template
5 | annotations:
6 | openshift.io/provider-display-name: "JFrog"
7 | openshift.io/display-name: "JFrog Xray RabbitMQ PVC"
8 | description: |-
9 | This template creates a PVC to be used by RabbitMQ
10 | tags: "ci-cd"
11 |
12 | objects:
13 | - apiVersion: v1
14 | kind: PersistentVolumeClaim
15 | metadata:
16 | name: xray-rabbitmq-pvc
17 | namespace: ${NAMESPACE}
18 | spec:
19 | accessModes:
20 | - ReadWriteMany
21 | resources:
22 | requests:
23 | storage: ${RABBITMQ_PVC_SIZE}
24 | volumeName: xray-rabbitmq-pv-${NAMESPACE}
25 |
26 | parameters:
27 | - name: NAMESPACE
28 | description: Namespace
29 | displayName: Namespace
30 | required: true
31 | - name: RABBITMQ_PVC_SIZE
32 | description: Size of RabbitMQ pvc
33 | displayName: Size of RabbitMQ pvc
34 | value: 50Gi
35 | required: true
36 |
--------------------------------------------------------------------------------
/openshift/xray/xray-rabbitmq/xray-rabbitmq.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | labels:
4 | template: Xray-RabbitMQ
5 | message: |-
6 | The following service(s) have been created in your project: xray-rabbitmq.
7 |
8 | Connection URL: http://xray-rabbitmq:5672
9 | metadata:
10 | annotations:
11 | description: |-
12 | Xray RabbitMQ Template
13 |
14 | NOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.
15 | openshift.io/display-name: "JFrog Xray RabbitMQ"
16 | openshift.io/provider-display-name: "JFrog"
17 | openshift.io/documentation-url: "https://www.jfrog.com/confluence/display/XRAY/Welcome+to+JFrog+Xray"
18 | openshift.io/support-url: "https://jfrog.com/support/"
19 | tags: messaging,jfrog,ci-cd
20 | name: xray-rabbitmq
21 | objects:
22 | - apiVersion: v1
23 | kind: Service
24 | metadata:
25 | name: rabbitmq
26 | spec:
27 | ports:
28 | - name: 5672-tcp
29 | port: 5672
30 | protocol: TCP
31 | targetPort: 5672
32 | - name: 15672-tcp
33 | port: 15672
34 | protocol: TCP
35 | targetPort: 15672
36 | selector:
37 | name: rabbitmq
38 | - apiVersion: v1
39 | kind: ImageStream
40 | metadata:
41 | name: rabbitmq
42 | namespace: ${NAMESPACE}
43 | spec:
44 | tags:
45 | - name: latest
46 | annotations: null
47 | from:
48 | kind: DockerImage
49 | name: ${DOCKER_REGISTRY}/jfrog/xray-rabbitmq:3.6.1-management
50 | - apiVersion: v1
51 | kind: DeploymentConfig
52 | metadata:
53 | name: rabbitmq
54 | spec:
55 | replicas: 1
56 | selector:
57 | name: rabbitmq
58 | strategy:
59 | type: Recreate
60 | template:
61 | metadata:
62 | labels:
63 | name: rabbitmq
64 | spec:
65 | initContainers:
66 | - name: init
67 | image: ${INIT_CONTAINER_IMAGE}
68 | command: ['sh', '-c', 'rm -rf /var/lib/rabbitmq/lost+found']
69 | volumeMounts:
70 | - name: rabbitmq-volume
71 | mountPath: "/var/lib/rabbitmq"
72 | containers:
73 | - env:
74 | - name: HOSTNAME
75 | value: localhost
76 | image: ${DOCKER_REGISTRY}/jfrog/xray-rabbitmq:3.6.1-management@sha256:4ea3f7a098cd8ee857278baeb07bce2857646bbdcb1b365dc908544e859112ef
77 | imagePullPolicy: IfNotPresent
78 | name: rabbitmq
79 | ports:
80 | - containerPort: 5672
81 | protocol: TCP
82 | - containerPort: 15672
83 | protocol: TCP
84 | volumeMounts:
85 | - mountPath: /var/lib/rabbitmq
86 | name: rabbitmq-volume
87 | - mountPath: /etc/rabbitmq/rabbitmq.config
88 | name: xray-rabbitmq-conf
89 | subPath: rabbitmq.config
90 | resources:
91 | requests:
92 | memory: "500Mi"
93 | cpu: "100m"
94 | limits:
95 | memory: "1Gi"
96 | cpu: "250m"
97 | livenessProbe:
98 | exec:
99 | command:
100 | - rabbitmqctl
101 | - status
102 | initialDelaySeconds: 120
103 | periodSeconds: 5
104 | timeoutSeconds: 5
105 | failureThreshold: 6
106 | readinessProbe:
107 | exec:
108 | command:
109 | - rabbitmqctl
110 | - status
111 | initialDelaySeconds: 10
112 | periodSeconds: 5
113 | timeoutSeconds: 3
114 | volumes:
115 | - name: rabbitmq-volume
116 | persistentVolumeClaim:
117 | claimName: xray-rabbitmq-pvc
118 | - name: xray-rabbitmq-conf
119 | configMap:
120 | name: xray-rabbitmq-conf
121 | triggers:
122 | - type: ConfigChange
123 |
124 | parameters:
125 | - name: NAMESPACE
126 | description: Namespace
127 | displayName: Namespace
128 | required: true
129 | - name: DOCKER_REGISTRY
130 | description: Docker registry that provides JFrog Xray docker images
131 | displayName: Docker registry that provides JFrog Xray docker images
132 | value: "docker.bintray.io"
133 | required: true
134 | - name: INIT_CONTAINER_IMAGE
135 | description: Init container image
136 | displayName: Init container image
137 | value: "alpine:3.6"
138 | required: true
139 |
--------------------------------------------------------------------------------
/openshift/xray/xray-server.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | labels:
4 | template: Xray-Server
5 | message: |-
6 | The following service(s) have been created in your project: xray-server.
7 |
8 | Connection URL: http://xray-server:8000
9 | metadata:
10 | annotations:
11 | description: |-
12 | Xray Server Template
13 |
14 | NOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.
15 | openshift.io/display-name: JFrog Xray Server
16 | tags: ci-cd,build,repository
17 | name: xray-server
18 | objects:
19 | - apiVersion: v1
20 | kind: Service
21 | metadata:
22 | name: server
23 | spec:
24 | ports:
25 | - name: 8000-tcp
26 | port: 8000
27 | protocol: TCP
28 | targetPort: 8000
29 | selector:
30 | name: server
31 | - apiVersion: v1
32 | kind: DeploymentConfig
33 | metadata:
34 | name: server
35 | spec:
36 | replicas: 1
37 | selector:
38 | name: server
39 | strategy:
40 | type: Recreate
41 | template:
42 | metadata:
43 | labels:
44 | name: server
45 | spec:
46 | serviceAccountName: ${SERVICE_ACCOUNT}
47 | initContainers:
48 | - name: init-xray
49 | image: ${INIT_CONTAINER_IMAGE}
50 | command:
51 | - 'sh'
52 | - '-c'
53 | - >
54 | until nc -z -w 2 rabbitmq 5672 && echo rabbitmq ok && nc -z -w 2 mongodb 27017 && echo mongodb ok && nc -z -w 2 postgres 5432 && echo postgres ok ; do sleep 2; done;
55 | mkdir -p /var/opt/jfrog/xray/data/config;
56 | chmod 777 /var/opt/jfrog/xray/data/config;
57 | cp /xray-config/xray_config.yaml /var/opt/jfrog/xray/data/config/xray_config.yaml;
58 | chmod 777 /var/opt/jfrog/xray/data/config/xray_config.yaml;
59 | imagePullPolicy: IfNotPresent
60 | volumeMounts:
61 | - mountPath: /var/opt/jfrog/xray/data
62 | name: volume-xray-server
63 | - mountPath: /xray-config/xray_config.yaml
64 | name: xray-conf-setup
65 | subPath: xray_config.yaml
66 | containers:
67 | - env:
68 | - name: XRAYCONFIGPATH
69 | value: /var/opt/jfrog/xray/data
70 | image: ''
71 | imagePullPolicy: IfNotPresent
72 | name: server
73 | ports:
74 | - containerPort: 8000
75 | protocol: TCP
76 | volumeMounts:
77 | - mountPath: /var/opt/jfrog/xray/data
78 | name: volume-xray-server
79 | resources:
80 | requests:
81 | memory: "1Gi"
82 | cpu: "100m"
83 | limits:
84 | memory: "2Gi"
85 | cpu: "1"
86 | livenessProbe:
87 | failureThreshold: 3
88 | httpGet:
89 | path: /debug/pprof/
90 | port: 8000
91 | scheme: HTTP
92 | initialDelaySeconds: 10
93 | periodSeconds: 10
94 | successThreshold: 1
95 | timeoutSeconds: 10
96 | readinessProbe:
97 | failureThreshold: 3
98 | httpGet:
99 | path: /debug/pprof/
100 | port: 8000
101 | scheme: HTTP
102 | initialDelaySeconds: 10
103 | periodSeconds: 10
104 | successThreshold: 1
105 | timeoutSeconds: 10
106 | securityContext:
107 | supplementalGroups: [1035]
108 | privileged: false
109 | volumes:
110 | - name: volume-xray-server
111 | persistentVolumeClaim:
112 | claimName: xray-data-pvc
113 | - name: xray-conf-setup
114 | configMap:
115 | name: xray-conf-setup
116 | triggers:
117 | - type: ConfigChange
118 | - type: ImageChange
119 | imageChangeParams:
120 | automatic: true
121 | containerNames:
122 | - server
123 | from:
124 | kind: ImageStreamTag
125 | namespace: ${NAMESPACE}
126 | name: xray-server:${XRAY_VERSION}
127 |
128 | parameters:
129 | - name: NAMESPACE
130 | description: Namespace
131 | displayName: Namespace
132 | required: true
133 | - name: XRAY_VERSION
134 | description: JFrog Xray Version
135 | displayName: JFrog Xray Version
136 | value: 1.10.1
137 | required: true
138 | - name: SERVICE_ACCOUNT
139 | description: Service account
140 | displayName: Service account
141 | required: true
142 | - name: INIT_CONTAINER_IMAGE
143 | description: Init container image
144 | displayName: Init container image
145 | value: "alpine:3.6"
146 | required: true
147 |
--------------------------------------------------------------------------------
/openshift/xray/xray-setup-configmap.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Template
3 | metadata:
4 | name: xray-conf-configmap-template
5 | annotations:
6 | openshift.io/provider-display-name: "JFrog"
7 | openshift.io/display-name: "Xray ConfigMap"
8 | description: |-
9 | This template creates a ConfigMap to be used to bootstrap Xray
10 | tags: "ci-cd"
11 |
12 | objects:
13 | - apiVersion: v1
14 | kind: ConfigMap
15 | metadata:
16 | name: xray-conf-setup
17 | namespace: ${NAMESPACE}
18 | data:
19 | xray_config.yaml: |
20 | ---
21 | ver: 1.0
22 | XrayServerPort: 8000
23 | mqBaseUrl: amqp://guest:guest@rabbitmq:5672/
24 | mongoUrl: mongodb://xray:password@mongodb:27017/?authSource=xray&authMechanism=SCRAM-SHA-1
25 | postgresqlUrl: postgres://xray:xray@postgres:5432/xraydb?sslmode=disable
26 | stdOutEnabled: true
27 | sslInsecure: false
28 |
29 | parameters:
30 | - name: NAMESPACE
31 | description: Namespace
32 | displayName: Namespace
33 | required: true
34 |
--------------------------------------------------------------------------------
/openshift/xray/xray-upgrade.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | export XRAY_TO_VERSION=2.3.0
3 | # Current Xray version can be fetched via curl XRAY_URL/api/v1/system/version
4 |
5 |
6 | start() {
7 | scale $1 1
8 | }
9 |
10 | shutdown() {
11 | scale $1 0
12 | }
13 |
14 | scale() {
15 | oc scale dc $1 --replicas=$2
16 | }
17 |
18 |
19 | upgrade() {
20 | oc set triggers dc $1
21 | oc set triggers dc $1 --remove-all
22 | oc set triggers dc $1 --from-image=xray-$1:$2 --containers=$1
23 | oc set triggers dc $1
24 | }
25 |
26 |
27 | export DC="server persist analysis indexer"
28 |
29 | for i in $DC; do
30 | shutdown $i
31 | done
32 |
33 | sleep 30
34 |
35 | for i in $DC; do
36 | upgrade $i $XRAY_TO_VERSION
37 | start $i
38 | done
39 |
--------------------------------------------------------------------------------
/openshift/xray/xray-wrapper.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | if [ $# -lt 2 ]
3 | then
4 | echo "Usage: ./xray-wrapper.sh USER PARAMETERS_FILE"
5 | exit 1
6 | fi
7 |
8 | export USER=$1
9 | export PARAMETERS_FILE=$2
10 |
11 | if [ ! -f $PARAMETERS_FILE ]; then
12 | echo "File $PARAMETERS_FILE not found"
13 | exit -2
14 | fi
15 |
16 | processTemplates() {
17 | printenv | oc process -f $1 --ignore-unknown-parameters --param-file=- | oc create -f -
18 | }
19 |
20 | export PERSISTENT_VOLUME_CLAIMS="xray-data-pvc.yaml xray-postgres/xray-postgres-pvc.yaml xray-mongodb/xray-mongodb-pvc.yaml xray-rabbitmq/xray-rabbitmq-pvc.yaml"
21 |
22 | export CONFIG_MAPS="xray-mongodb/xray-mongodb-setup-configmap.yaml xray-rabbitmq/xray-rabbitmq-configmap.yaml xray-setup-configmap.yaml"
23 |
24 | export IMAGE_STREAMS="xray-imagestream.yaml"
25 |
26 | export THIRDPARTY_MICROSERVICES="xray-postgres/xray-postgres.yaml xray-mongodb/xray-mongodb.yaml xray-rabbitmq/xray-rabbitmq.yaml"
27 |
28 | export XRAY_MICROSERVICES="xray-indexer.yaml xray-analysis.yaml xray-persist.yaml xray-server.yaml"
29 |
30 | export PROCESS_TEMPLATES="$CONFIG_MAPS $PERSISTENT_VOLUME_CLAIMS $IMAGE_STREAMS $THIRDPARTY_MICROSERVICES"
31 |
32 | while IFS='' read -r line || [[ -n "$line" ]]; do
33 | export "$line"
34 | done < "$PARAMETERS_FILE"
35 |
36 |
37 | oc login -u $USER
38 | oc project $NAMESPACE
39 |
40 | for i in $PROCESS_TEMPLATES; do
41 | processTemplates $i
42 | done
43 |
44 | sleep 100
45 |
46 | for i in $XRAY_MICROSERVICES; do
47 | processTemplates $i
48 | done
49 |
--------------------------------------------------------------------------------
/swarm/README.md:
--------------------------------------------------------------------------------
1 |
2 | # Artifactory in Swarm example
3 |
4 | This directory contains an example for setting up Artifactory running in a Docker Swarm cluster.
5 | In this example Artifactory Pro runs on one leader, meaning three images will run on the leader:
6 | **docker.bintray.io/jfrog/artifactory-pro, docker.bintray.io/jfrog/postgres, docker.bintray.io/jfrog/nginx-artifactory-pro**
7 |
8 | **This example applies only for Linux machines and was tested on Ubuntu 16.04 with Docker version 17.03.1-ce, build c6d412e**
9 |
10 | ## Docker Swarm
11 |
12 | A swarm is a cluster of one or more Docker Engines running in swarm mode.
13 | See details in the official [Swarm](https://docs.docker.com/engine/swarm/) documentation.
14 |
15 | ## Artifactory Pro with PostgreSQL and Nginx for Docker registry support
16 |
17 | ```bash
18 | $ sudo ../docker-compose/prepareHostEnv.sh -t pro -c
19 | $ sudo docker swarm init
20 | $ docker stack deploy -c artifactory-pro.yml artifactory
21 | ```
22 |
--------------------------------------------------------------------------------
/swarm/artifactory-pro.yml:
--------------------------------------------------------------------------------
1 | version: '3'
2 |
3 | services:
4 |
5 | postgresql:
6 | image: docker.bintray.io/postgres:9.6.11
7 | ports:
8 | - 5432:5432
9 | environment:
10 | - POSTGRES_DB=artifactory
11 | # The following must match the DB_USER and DB_PASSWORD values passed to Artifactory
12 | - POSTGRES_USER=artifactory
13 | - POSTGRES_PASSWORD=password
14 | #volumes:
15 | # - artifactory:/var/lib/postgresql/data
16 | deploy:
17 | mode: replicated
18 | replicas: 1
19 | restart_policy:
20 | condition: on-failure
21 | delay: 5s
22 | max_attempts: 3
23 | placement:
24 | constraints: [node.role != manager]
25 |
26 | artifactory:
27 | image: docker.bintray.io/jfrog/artifactory-pro:5.4.4
28 | ports:
29 | - 8081:8081
30 | depends_on:
31 | - postgresql
32 | deploy:
33 | mode: replicated
34 | replicas: 1
35 | restart_policy:
36 | condition: on-failure
37 | delay: 5s
38 | max_attempts: 3
39 | placement:
40 | constraints: [node.role != manager]
41 | #volumes:
42 | # - artifactory:/var/opt/jfrog/artifactory
43 | environment:
44 | - DB_TYPE=postgresql
45 | # The following must match the POSTGRES_USER and POSTGRES_PASSWORD values passed to PostgreSQL
46 | - DB_USER=artifactory
47 | - DB_PASSWORD=password
48 | # Add extra Java options by uncommenting the following line
49 | #- EXTRA_JAVA_OPTIONS=-Xmx4g
50 |
51 | nginx:
52 | image: docker.bintray.io/jfrog/nginx-artifactory-pro:5.4.4
53 | ports:
54 | - 80:80
55 | - 443:443
56 | depends_on:
57 | - artifactory
58 | links:
59 | - artifactory
60 | deploy:
61 | mode: replicated
62 | replicas: 1
63 | restart_policy:
64 | condition: on-failure
65 | delay: 5s
66 | max_attempts: 3
67 | placement:
68 | constraints: [node.role != manager]
69 | #volumes:
70 | # - artifactory:/var/opt/jfrog/nginx
71 | environment:
72 | - ART_BASE_URL=http://artifactory:8081/artifactory
73 | - SSL=true
74 |
75 | #volumes:
76 | # artifactory:
77 |
--------------------------------------------------------------------------------