Cloud customer?
Start for Free >
Upgrade in MyJFrog >
What's New in Cloud >

Search





Working with an older version? JFrog Artifactory 6.x | JFrog Xray 2.x | JFrog Mission Control 3.x | JFrog Distribution 1.x |


Skip to end of metadata
Go to start of metadata

Overview

JFrog’s Ansible Collection includes several Ansible roles for JFrog Artifactory, JFrog Xray, JFrog Distribution, JFrog Mission Control and PostgreSQL (optional) that allow you to install the latest JFrog Platform in many different configurations - from simple single server installations to redundant and highly available setups - this collection provides the flexibility for any architecture.

In addition, the Ansible Collection includes optional roles for a PostgreSQL database and NGINX, which also allows you to add those components (refer to the example inventory and playbook files that are included in the Collection and that address most of the popular use cases).

Setting up Ansible and the JFrog Ansible Collection

There are several ways to install Ansible depending on your system; Ansible uses SSH to connect to hosts, so the best practice is to set up SSH key pairs and place the public key on the hosts (refer to the Ansible documentation for information on how to set this up). Some cloud providers also make this easier by setting up the SSH keys for you.

The JFrog Ansible Platform Collection consists of the following:

  • ansible_collections directory: This directory contains the Ansible Collection package with the Ansible roles for the following products:
    • Artifactory
    • Xray
    • Distribution
    • Mission Control
  • examples directory: This directory contains example playbooks for various architectures

Pipelines is not supported in this installation.

System Requirements

Before installing the JFrog Ansible Collection, refer to System Requirements for information on supported platforms, supported browsers, required ports and other requirements. 

Important

Each JFrog product must be installed on a separate box.

When installing the JFrog Platform, you must run the installation as a root user or provide sudo access to a non-root user. 

Operating Systems

The JFrog Ansible Collection can be installed on the following operating systems:

  • Ubuntu LTS versions (16.04/18.04/20.4)
  • Centos/RHEL 7.x/8.x
  • Debian  9.x/10.x

For the specific supported versions, see the System Requirements Matrix.

Page Contents

Installation

Single Node Installation

The following installation installs the JFrog Platform as single product (single node) installations and not as clusters/HA.

  1. Install the Ansible Collection from the Ansible Galaxy.

    ansible-galaxy collection install jfrog.platform

  2. Verify that you reference the Ansible Collection in your playbook when using these roles.

    ---
- hosts: artifactory_servers
      collections:
        - jfrog.platform
      roles:
        - artifactory

    Ansible uses SSH to connect to hosts. Verify that your SSH private key is on your client and that the public keys are installed on your Ansible hosts.

  3. Create an inventory file: Use one of the examples from the examples directory to construct an inventory file (hosts.yml) with the host addresses and variables.

  4. Next, create your playbook: Use one of the examples from the examples directory to construct a playbook using the JFrog Ansible roles. These roles will be applied to your inventory and provision software.

  5. Execute the following command to provision the JFrog software with Ansible. 

    ansible-playbook -vv platform.yml -i hosts.ini

Generating Master and Join Keys

  1. Generate the master and join keys. If you do not provide these keys, they will be set to the defaults in the groupvars/all/vars.yaml file under each role. For production deployments, you may want to generate your master and join keys and to apply them to all the nodes using the following command.

    MASTER_KEY_VALUE=$(openssl rand -hex 32)
JOIN_KEY_VALUE=$(openssl rand -hex 32)
ansible-playbook -vv platform.yml -i hosts.ini --extra-vars "master_key=$MASTER_KEY_VALUE join_key=$JOIN_KEY_VALUE"

    Important

    Remember to save the generated master and join keys for future upgrades.

Overriding the system.yaml in Ansible Installations

By default, the flag <product>_systemyaml_override is set to false, which means that any changes you do to override/edit the existing yaml will not be applied.
By setting this flag to true, e.g., artifactory_systemyaml_override: true, you can then override the existing configurations for the product, in this case Artifactory.

Using Ansible Vault to Encrypt Vars

Some vars you may want to keep secret. You may put these vars into a separate file and encrypt them using the Ansible Vault.

Use the following command.

ansible-vault encrypt secret-vars.yml --vault-password-file ~/.vault_pass.txt

Then in your playbook include the secret vars file.

- hosts: artifactory_servers
  vars_files:
    - ./vars/secret-vars.yml
    - ./vars/vars.yml
  roles:
    - artifactory

Using an External Database

If you want to use an external database for one or more products, you will need to run the PostgreSQL role as part of the platform.yml file. You can also do this by setting the value of the postgres_enabled field as false in group_Vars/all/vars.yml

Create an external database and change the corresponding product values in group_Vars/all/vars.yml

The following example shows a sample configuration for Artifactory. 

postgres_enabled: false

artifactory_db_type: postgresql
artifactory_db_driver: org.postgresql.Driver
artifactory_db_name: <external_db_name>
artifactory_db_user: <external_db_user>
artifactory_db_password: <external_db_pasword>
artifactory_db_url: jdbc:postgresql://<external_db_host>:5432/{{ artifactory_db_name }}

High Availability (HA) Installation

By default, the Ansible Platform Collection is installed in a single node configuration. Currently, HA is supported for Artifactory and not the other products.

To enable HA for Artifactory, set the following as true in roles/artifactory/defaults/main.yml inside the Ansible Platform Collection.

artifactory_ha_enabled: true

You can also enable HA by setting extra-vars by running the following command if you are doing a fresh installation. 

ansible-playbook -vv platform.yml -i hosts.ini --extra-vars "artifactory_ha_enabled=true"

You can enable HA for an existing single node installation by running the following command.

ansible-playbook -vv platform.yml -i hosts.ini --extra-vars "artifactory_ha_enabled=true artifactory_systemyaml_override=true"


By default, all nodes are installed as primary nodes, which means that all nodes in the high availability cluster can perform tasks such as replication, garbage collection, backups, exporting, and importing. Every node in the cluster can serve any of the mentioned tasks and if any node goes down, the different nodes in the cluster will be able to perform these tasks instead. By default, when adding a new node (member) to the cluster, it will be able to perform cluster-wide tasks without user intervention. 

The "taskAffinity": "any" attribute is set by default, on all the nodes in the cluster, when installing an Artifactory version 7.17.4 and above and is configured under the Nodes section in the Artifactory Configuration YAML. To remove this functionality from a node, set  "taskAffinity": "none". For more information, see Cloud-Native High Availability

Building the Collection Archive

  1. Go to the ansible_collections/jfrog/installers directory.

  2. Update the galaxy.yml meta file as needed. Update the version.

  3. Build the archive (this requires Ansible 2.9+).

    ansible-galaxy collection build
  • No labels
Copyright © 2021 JFrog Ltd.