UNCLASSIFIED

Skip to content

GitLab

Commits (2)
Hide whitespace changes
Inline Side-by-side
Showing with 118 additions and 70 deletions
Dockerfile
View file @ 1119169b
ARG BASE_REGISTRY=registry1.dso.mil ARG BASE_REGISTRY=registry1.dso.mil
ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8
ARG BASE_TAG=8.4 ARG BASE_TAG=8.4
ARG ARTIFACTORY_BASE_VERSION=7.24.3 ARG ARTIFACTORY_BASE_VERSION=7.25.5
FROM releases-docker.jfrog.io/jfrog/artifactory-pro:${ARTIFACTORY_BASE_VERSION} AS base FROM releases-docker.jfrog.io/jfrog/artifactory-pro:${ARTIFACTORY_BASE_VERSION} AS base
......
hardening_manifest.yaml
View file @ 1119169b
...@@ -5,13 +5,13 @@ name: "jfrog/artifactory/artifactory" ...@@ -5,13 +5,13 @@ name: "jfrog/artifactory/artifactory"
# The most specific version should be the first tag and will be shown # The most specific version should be the first tag and will be shown
# on ironbank.dsop.io # on ironbank.dsop.io
tags: tags:
- "7.24.3" - "7.25.5"
- "latest" - "latest"
# Build args passed to Dockerfile ARGs # Build args passed to Dockerfile ARGs
args: args:
BASE_IMAGE: "redhat/ubi/ubi8" BASE_IMAGE: "redhat/ubi/ubi8"
BASE_TAG: "8.4" BASE_TAG: "8.4"
ARTIFACTORY_BASE_VERSION: "7.24.3" ARTIFACTORY_BASE_VERSION: "7.25.5"
# Docker image labels # Docker image labels
labels: labels:
org.opencontainers.image.title: "artifactory" org.opencontainers.image.title: "artifactory"
...@@ -23,7 +23,7 @@ labels: ...@@ -23,7 +23,7 @@ labels:
org.opencontainers.image.url: "https://jfrog.com" org.opencontainers.image.url: "https://jfrog.com"
## Name of the distributing entity, organization or individual ## Name of the distributing entity, organization or individual
org.opencontainers.image.vendor: "JFrog" org.opencontainers.image.vendor: "JFrog"
org.opencontainers.image.version: "7.24.3" org.opencontainers.image.version: "7.25.5"
## Keywords to help with search (ex. "cicd,gitops,golang") ## Keywords to help with search (ex. "cicd,gitops,golang")
mil.dso.ironbank.image.keywords: "storage,devops,container,binary,docker,npm,rpm,debian,python,registry,oci,kubernetes" mil.dso.ironbank.image.keywords: "storage,devops,container,binary,docker,npm,rpm,debian,python,registry,oci,kubernetes"
## This value can be "opensource" or "commercial" ## This value can be "opensource" or "commercial"
...@@ -32,8 +32,8 @@ labels: ...@@ -32,8 +32,8 @@ labels:
mil.dso.ironbank.product.name: "JFrog Artifactory Pro" mil.dso.ironbank.product.name: "JFrog Artifactory Pro"
# List of resources to make available to the offline build context # List of resources to make available to the offline build context
resources: resources:
- tag: releases-docker.jfrog.io/jfrog/artifactory-pro:7.24.3 - tag: releases-docker.jfrog.io/jfrog/artifactory-pro:7.25.5
url: docker://releases-docker.jfrog.io/jfrog/artifactory-pro@sha256:493a972fd48819f6c54b02618a174ba058fa53df5dd11d6c9c10aa2d7091dca6 url: docker://releases-docker.jfrog.io/jfrog/artifactory-pro@sha256:dd8c14f831f2a7390967c796fb56e39686ba9c9d1012efb101446cab9bd9d77c
# List of project maintainers # List of project maintainers
maintainers: maintainers:
- email: "danielmi@jfrog.com" - email: "danielmi@jfrog.com"
......
helm/iron_bank_values.yaml
View file @ 1119169b
...@@ -5,7 +5,7 @@ artifactory: ...@@ -5,7 +5,7 @@ artifactory:
# Image is pending certification with Iron Bank # Image is pending certification with Iron Bank
registry: registry1.dso.mil registry: registry1.dso.mil
repository: ironbank/jfrog/artifactory/artifactory repository: ironbank/jfrog/artifactory/artifactory
tag: 7.24.3 tag: 7.25.5
global: global:
imagePullSecrets: imagePullSecrets:
- regcred - regcred
......
scripts/artifactory.sh
View file @ 1119169b
...@@ -11,6 +11,7 @@ ROUTER_NAME=router ...@@ -11,6 +11,7 @@ ROUTER_NAME=router
ROUTER_SERVICE_NAME=router_service ROUTER_SERVICE_NAME=router_service
FRONTEND_NAME=frontend FRONTEND_NAME=frontend
JFCONNECT_NAME=jfconnect JFCONNECT_NAME=jfconnect
OBSERVABILITY_NAME=observability
EVENT_NAME=event EVENT_NAME=event
# Map contains environment variable key from old version (<7.x) to key from 7.x version # Map contains environment variable key from old version (<7.x) to key from 7.x version
...@@ -339,6 +340,7 @@ startupActions () { ...@@ -339,6 +340,7 @@ startupActions () {
prepareTomcat prepareTomcat
prioritizeCustomJoinKey prioritizeCustomJoinKey
configureServerXml configureServerXml
bootstrapJavaSecurityFile
exportEnv "shared" exportEnv "shared"
exportEnv "${ARTIFACTORY_NAME}" exportEnv "${ARTIFACTORY_NAME}"
exportEnv "${ACCESS_NAME}" exportEnv "${ACCESS_NAME}"
...@@ -462,10 +464,10 @@ routerScript=${ARTIFACTORY_BIN_FOLDER}/../router/bin/router.sh ...@@ -462,10 +464,10 @@ routerScript=${ARTIFACTORY_BIN_FOLDER}/../router/bin/router.sh
frontendScript=${ARTIFACTORY_BIN_FOLDER}/../frontend/bin/frontend.sh frontendScript=${ARTIFACTORY_BIN_FOLDER}/../frontend/bin/frontend.sh
eventScript=${ARTIFACTORY_BIN_FOLDER}/../event/bin/event.sh eventScript=${ARTIFACTORY_BIN_FOLDER}/../event/bin/event.sh
jfconnectScript=${ARTIFACTORY_BIN_FOLDER}/../jfconnect/bin/jfconnect.sh jfconnectScript=${ARTIFACTORY_BIN_FOLDER}/../jfconnect/bin/jfconnect.sh
observabilityScript=${ARTIFACTORY_BIN_FOLDER}/../observability/bin/observability.sh
# Any new mandatory service to be started or stopped can be added to this variable # Any new mandatory service to be started or stopped can be added to this variable
MANDATORY_JF_SERVICES_SCRIPT="${routerScript} ${metadataScript} ${eventScript} ${frontendScript}" MANDATORY_JF_SERVICES_SCRIPT="${routerScript} ${metadataScript} ${eventScript} ${frontendScript} ${observabilityScript}"
export JF_PRODUCT_HOME="$(cd ${ARTIFACTORY_BIN_FOLDER}/../.. && pwd)" export JF_PRODUCT_HOME="$(cd ${ARTIFACTORY_BIN_FOLDER}/../.. && pwd)"
export JF_ARTIFACTORY_PID="${JF_PRODUCT_HOME}/app/run/artifactory.pid" export JF_ARTIFACTORY_PID="${JF_PRODUCT_HOME}/app/run/artifactory.pid"
......
scripts/artifactoryCommon.sh
View file @ 1119169b
...@@ -43,6 +43,24 @@ syncEtc() { ...@@ -43,6 +43,24 @@ syncEtc() {
createRecursiveDir "${JF_PRODUCT_HOME}/var" "bootstrap access etc security" "${JF_ARTIFACTORY_USER}" "${JF_ARTIFACTORY_GROUP}" >/dev/null 2>&1 || true createRecursiveDir "${JF_PRODUCT_HOME}/var" "bootstrap access etc security" "${JF_ARTIFACTORY_USER}" "${JF_ARTIFACTORY_GROUP}" >/dev/null 2>&1 || true
} }
# Bootstraping custom java security file
bootstrapJavaSecurityFile(){
local javaSecurityFileName="java.security"
local srcJavaSecurityFilepath="${JF_PRODUCT_HOME}/var/bootstrap/artifactory/java"
local desJavaSecurityFilepath="${JF_PRODUCT_HOME}/app/third-party/java/conf/security"
if [[ -f "${srcJavaSecurityFilepath}/${javaSecurityFileName}" ]]; then
logger "Bootstraping custom java security file"
# backup existing java security file
local backupJavaSecurityFile="${desJavaSecurityFilepath}/${javaSecurityFileName}.$(date +"%Y%m%d%H%M")"
mv -f ${desJavaSecurityFilepath}/${javaSecurityFileName} ${backupJavaSecurityFile} || warn "Moving ${desJavaSecurityFilepath}/${javaSecurityFileName} to ${backupJavaSecurityFile} failed"
# copy custom java security file
copyFile "${srcJavaSecurityFilepath}/${javaSecurityFileName}" "${desJavaSecurityFilepath}/${javaSecurityFileName}"
chmod 755 "${desJavaSecurityFilepath}/${javaSecurityFileName}" >/dev/null 2>&1 || true
rm -f "${srcJavaSecurityFilepath}/${javaSecurityFileName}" || warn "Failed to remove file ${srcJavaSecurityFilepath}/${javaSecurityFileName}"
fi
}
removeOriginalJoinKey() { removeOriginalJoinKey() {
logDebug "Method removeOriginalJoinKey" logDebug "Method removeOriginalJoinKey"
local actualJoinKey="${JF_PRODUCT_HOME}/var/etc/security/join.key" local actualJoinKey="${JF_PRODUCT_HOME}/var/etc/security/join.key"
...@@ -116,50 +134,67 @@ configureServerXml () { ...@@ -116,50 +134,67 @@ configureServerXml () {
local server_xml_template=${JF_PRODUCT_HOME}/app/misc/tomcat/server.xml.template local server_xml_template=${JF_PRODUCT_HOME}/app/misc/tomcat/server.xml.template
local server_xml_template_copy=${JF_PRODUCT_HOME}/app/misc/tomcat/server.xml.template.copy local server_xml_template_copy=${JF_PRODUCT_HOME}/app/misc/tomcat/server.xml.template.copy
local yaml_server_xml= local yaml_server_xml=
local httpsEnabledValue=
local serverXmlKey="shared.tomcat.server.xml" local serverXmlKey="shared.tomcat.server.xml"
local httpsEnabledKey="artifactory.tomcat.httpsConnector.enabled" local httpsEnabledKey="artifactory.tomcat.httpsConnector.enabled"
local httpsCrtYamlKey="artifactory.tomcat.httpsConnector.certificateFile" local httpsCrtYamlKey="artifactory.tomcat.httpsConnector.certificateFile"
local httpsPvtYamlKey="artifactory.tomcat.httpsConnector.certificateKeyFile" local httpsPvtYamlKey="artifactory.tomcat.httpsConnector.certificateKeyFile"
local routerDataKeysPath="${JF_PRODUCT_HOME}/var/data/router/keys"
local routerBootstrapKeysPath="${JF_PRODUCT_HOME}/var/bootstrap/router/keys"
getSystemValue "${httpsEnabledKey}" "NOT_SET" "false" getSystemValue "${httpsEnabledKey}" "NOT_SET" "false"
local httpsEnabledValue=${YAML_VALUE} httpsEnabledValue=${YAML_VALUE}
if [[ "${httpsEnabledValue}" == "true" ]]; then if [[ "${httpsEnabledValue}" == "true" ]]; then
server_xml_template=${JF_PRODUCT_HOME}/app/misc/tomcat/server.xml.https.template server_xml_template=${JF_PRODUCT_HOME}/app/misc/tomcat/server.xml.https.hotreload.template
server_xml_template_copy=${JF_PRODUCT_HOME}/app/misc/tomcat/server.xml.https.template.copy server_xml_template_copy=${JF_PRODUCT_HOME}/app/misc/tomcat/server.xml.https.hotreload.template.copy
server_xml_template_custom=${JF_PRODUCT_HOME}/app/misc/tomcat/server.xml.https.custom.template
server_xml_template_custom_copy=${JF_PRODUCT_HOME}/app/misc/tomcat/server.xml.https.custom.template.copy
getSystemValue "${httpsCrtYamlKey}" "NOT_SET" "false" getSystemValue "${httpsCrtYamlKey}" "NOT_SET" "false"
yamlCrtValue=${YAML_VALUE} yamlCrtValue=${YAML_VALUE}
getSystemValue "${httpsPvtYamlKey}" "NOT_SET" "false" getSystemValue "${httpsPvtYamlKey}" "NOT_SET" "false"
yamlPvtKeyValue=${YAML_VALUE} yamlPvtKeyValue=${YAML_VALUE}
local routerDataKeysPath="${JF_PRODUCT_HOME}/var/data/router/keys"
local rtSSLPath="${JF_PRODUCT_HOME}/var/etc/artifactory/security/ssl"
# check private key and cert files # check private key and cert files
checkCertsAndKeysInSystemYaml "${rtSSLPath}" "${yamlCrtValue}" "${yamlPvtKeyValue}" "${httpsCrtYamlKey}" "${httpsPvtYamlKey}" "${routerDataKeysPath}" checkCertsAndKeysInSystemYaml "${yamlCrtValue}" "${yamlPvtKeyValue}" "${httpsCrtYamlKey}" "${httpsPvtYamlKey}" "${routerDataKeysPath}"
fi fi
[ -f ${server_xml_template} ] || errorExit "${server_xml_template} not found" [ -f ${server_xml_template} ] || errorExit "${server_xml_template} not found"
getSystemValue "${serverXmlKey}" "NOT_SET" "false" getSystemValue "${serverXmlKey}" "NOT_SET" "false"
yaml_server_xml=${YAML_VALUE} yaml_server_xml=${YAML_VALUE}
# Save original and replace with the template # Save original and replace with the template
if [[ -f "${server_xml}" && ! -f "${server_xml}".orig ]]; then if [[ -f "${server_xml}" && ! -f "${server_xml}".orig ]]; then
logger "Saving ${server_xml} as ${server_xml}.orig" logger "Saving ${server_xml} as ${server_xml}.orig"
mv -f ${server_xml} ${server_xml}.orig || errorExit "Moving ${server_xml} to ${server_xml}.orig failed" mv -f ${server_xml} ${server_xml}.orig || errorExit "Moving ${server_xml} to ${server_xml}.orig failed"
fi fi
if [ "${yaml_server_xml}" != "NOT_SET" ]; then if [ "${yaml_server_xml}" != "NOT_SET" ]; then
logger "Creating ${server_xml} from ${serverXmlKey} in system.yaml" logger "Creating ${server_xml} from ${serverXmlKey} in system.yaml"
echo "${YAML_VALUE}" > "${server_xml}" || errorExit "Failed to create ${server_xml}, please check if ${serverXmlKey} has a valid xml value" echo "${YAML_VALUE}" > "${server_xml}" || errorExit "Failed to create ${server_xml}, please check if ${serverXmlKey} has a valid xml value"
else else
logger "Using Tomcat template to generate : ${server_xml}" logger "Using Tomcat template to generate : ${server_xml}"
cp -f "${server_xml_template}" "${server_xml_template_copy}" || errorExit "Copying ${server_xml_template} to ${server_xml_template_copy} failed" cp -f "${server_xml_template}" "${server_xml_template_copy}" || errorExit "Copying ${server_xml_template_copy} to ${server_xml_template_copy} failed"
resolveSystemKeys "${server_xml_template_copy}" resolveSystemKeys "${server_xml_template_copy}"
mv -f "${server_xml_template_copy}" "${server_xml}" || errorExit "Copying ${server_xml_template_copy} to ${server_xml} failed"
if [[ "${httpsEnabledValue}" == "true" ]]; then
customServerExtn=$(getcustomServerExtn "${routerDataKeysPath}")
# TODO simplify this logic later
if [[ -f "${routerBootstrapKeysPath}/custom-server.${customServerExtn}" && -f "${routerBootstrapKeysPath}/custom-server.key" ]]; then
CUSTOM_HTTPS_SERVER_XML=true
elif [[ -f "${routerDataKeysPath}/custom-server.${customServerExtn}" && -f "${routerDataKeysPath}/custom-server.key" ]]; then
CUSTOM_HTTPS_SERVER_XML=true
elif [[ "${yamlCrtValue}" != "NOT_SET" && "${yamlPvtKeyValue}" != "NOT_SET" ]]; then
CUSTOM_HTTPS_SERVER_XML=true
else
CUSTOM_HTTPS_SERVER_XML=false
fi
mv -f "${server_xml_template_copy}" "${server_xml}" || errorExit "Copying ${server_xml_template} to ${server_xml} failed" if $CUSTOM_HTTPS_SERVER_XML ; then
cp -f "${server_xml_template_custom}" "${server_xml_template_custom_copy}" || errorExit "Copying ${server_xml_template_custom_copy} to ${server_xml_template_custom_copy} failed"
resolveSystemKeys "${server_xml_template_custom_copy}"
mv -f "${server_xml_template_custom_copy}" "${server_xml}" || errorExit "Copying ${server_xml_template_custom_copy} to ${server_xml} failed"
fi
fi
fi fi
#Setting Tomcat shutdown command #Setting Tomcat shutdown command
...@@ -170,17 +205,13 @@ configureServerXml () { ...@@ -170,17 +205,13 @@ configureServerXml () {
else else
sed -i -e "s:shutdown=\"SHUTDOWN\":shutdown=\"$TOMCAT_SHUTDOWN_COMMAND\":" ${server_xml} sed -i -e "s:shutdown=\"SHUTDOWN\":shutdown=\"$TOMCAT_SHUTDOWN_COMMAND\":" ${server_xml}
fi fi
} }
# setting custom certificate and private key path to environment variable getcustomServerExtn() {
bootstrapCustomCertsAndKeys() { local routerDataKeysPath="$1"
local rtSSLPath="$1"
local routerDataKeysPath="$2"
local customServerExtn="crt" local customServerExtn="crt"
local fileExtn= local fileExtn=
local supportFileExtns="crt cer pem" local supportFileExtns="crt cer pem"
if [[ -d "${routerDataKeysPath}" ]]; then if [[ -d "${routerDataKeysPath}" ]]; then
for fileExtn in $supportFileExtns; do for fileExtn in $supportFileExtns; do
local customCertList=$(ls ${routerDataKeysPath}) local customCertList=$(ls ${routerDataKeysPath})
...@@ -189,6 +220,22 @@ bootstrapCustomCertsAndKeys() { ...@@ -189,6 +220,22 @@ bootstrapCustomCertsAndKeys() {
fi fi
done done
fi fi
echo "${customServerExtn}"
}
# Cleanup old certificates (server.crt,server.key) generated under var/data/router/keys
cleanDefaultRouterCrtAndKey () {
local routerDataKeysPath="$1"
[[ -f "${routerDataKeysPath}/server.crt" ]] && rm -f "${routerDataKeysPath}/server.crt"
[[ -f "${routerDataKeysPath}/server.key" ]] && rm -f "${routerDataKeysPath}/server.key"
}
# setting custom certificate and private key path to environment variable
bootstrapCustomCertsAndKeys() {
local routerDataKeysPath="$1"
customServerExtn=$(getcustomServerExtn "${routerDataKeysPath}")
if [[ -f "${routerDataKeysPath}/custom-server.${customServerExtn}" && -f "${routerDataKeysPath}/custom-server.key" ]]; then if [[ -f "${routerDataKeysPath}/custom-server.${customServerExtn}" && -f "${routerDataKeysPath}/custom-server.key" ]]; then
logger "Setting custom ${customServerExtn} and key path to environment variable" logger "Setting custom ${customServerExtn} and key path to environment variable"
JF_ARTIFACTORY_TOMCAT_HTTPSCONNECTOR_CERTIFICATEKEYFILE="${routerDataKeysPath}/custom-server.key" JF_ARTIFACTORY_TOMCAT_HTTPSCONNECTOR_CERTIFICATEKEYFILE="${routerDataKeysPath}/custom-server.key"
...@@ -198,40 +245,17 @@ bootstrapCustomCertsAndKeys() { ...@@ -198,40 +245,17 @@ bootstrapCustomCertsAndKeys() {
elif [[ -f "${routerDataKeysPath}/custom-server.${customServerExtn}" && ! -f "${routerDataKeysPath}/custom-server.key" ]]; then elif [[ -f "${routerDataKeysPath}/custom-server.${customServerExtn}" && ! -f "${routerDataKeysPath}/custom-server.key" ]]; then
errorExit "custom-server.${customServerExtn} found, but could not find custom-server.key in path ${routerDataKeysPath}" errorExit "custom-server.${customServerExtn} found, but could not find custom-server.key in path ${routerDataKeysPath}"
else else
#Using default router's certificate and private key cleanDefaultRouterCrtAndKey "${routerDataKeysPath}"
logger "Using default router's certificate and private key"
useRoutersDefaultCertsAndKeys "${rtSSLPath}" "${routerDataKeysPath}"
fi
}
# Copying router default certificate and private key
useRoutersDefaultCertsAndKeys () {
local rtSSLPath="$1"
local routerDataKeysPath="$2"
if [[ -f "${routerDataKeysPath}/server.crt" && -f "${routerDataKeysPath}/server.key" ]]; then
if [[ ! -f "${rtSSLPath}/server.crt" && ! -f "${rtSSLPath}/server.key" ]]; then
logger "Copying default router's server.crt and server.key"
mkdir -p "${rtSSLPath}" || errorExit "Failed to create ${rtSSLPath} directory"
logger "Copying ${routerDataKeysPath}/server.crt to ${rtSSLPath}/server.crt"
cp -f "${routerDataKeysPath}/server.crt" "${rtSSLPath}/server.crt" || warn "Router's ${routerDataKeysPath}/server.crt is not generated to copy into pre-defined location ${rtSSLPath}, please try restarting artifactory"
logger "Copying ${routerDataKeysPath}/server.key to ${rtSSLPath}/server.key"
cp -f "${routerDataKeysPath}/server.key" "${rtSSLPath}/server.key" || warn "Router's ${routerDataKeysPath}/server.key is not generated to copy into pre-defined location ${rtSSLPath}, please try restarting artifactory"
fi
elif [[ ! -f "${routerDataKeysPath}/server.crt" && -f "${routerDataKeysPath}/server.key" ]]; then
errorExit "Private key found, but could not find certificate in path ${routerDataKeysPath}"
elif [[ -f "${routerDataKeysPath}/server.crt" && ! -f "${routerDataKeysPath}/server.key" ]]; then
errorExit "Certificate found, but could not find private key in path ${routerDataKeysPath}"
fi fi
} }
# Check for private key and certificate configured in system.yaml # Check for private key and certificate configured in system.yaml
checkCertsAndKeysInSystemYaml() { checkCertsAndKeysInSystemYaml() {
local rtSSLPath="$1" local yamlCrtValue="$1"
local yamlCrtValue="$2" local yamlPvtKeyValue="$2"
local yamlPvtKeyValue="$3" local httpsCrtYamlKey="$3"
local httpsCrtYamlKey="$4" local httpsPvtYamlKey="$4"
local httpsPvtYamlKey="$5" local routerDataKeysPath="$5"
local routerDataKeysPath="$6"
if [[ "${yamlCrtValue}" == "NOT_SET" && "${yamlPvtKeyValue}" != "NOT_SET" ]]; then if [[ "${yamlCrtValue}" == "NOT_SET" && "${yamlPvtKeyValue}" != "NOT_SET" ]]; then
[[ -f "${yamlPvtKeyValue}" ]] || errorExit "Could not find private key in path ${yamlPvtKeyValue}. Update ${httpsPvtYamlKey} with correct <private key path> in ${JF_PRODUCT_HOME}/var/etc/system.yaml" [[ -f "${yamlPvtKeyValue}" ]] || errorExit "Could not find private key in path ${yamlPvtKeyValue}. Update ${httpsPvtYamlKey} with correct <private key path> in ${JF_PRODUCT_HOME}/var/etc/system.yaml"
...@@ -243,8 +267,8 @@ checkCertsAndKeysInSystemYaml() { ...@@ -243,8 +267,8 @@ checkCertsAndKeysInSystemYaml() {
# Private key and certificate configured in system.yaml # Private key and certificate configured in system.yaml
logger "Using private key and certificate files from the path configured in system.yaml" logger "Using private key and certificate files from the path configured in system.yaml"
elif [[ "${yamlCrtValue}" == "NOT_SET" && "${yamlPvtKeyValue}" == "NOT_SET" ]]; then elif [[ "${yamlCrtValue}" == "NOT_SET" && "${yamlPvtKeyValue}" == "NOT_SET" ]]; then
# check for custom certificate and private key under ${JF_PRODUCT_HOME}/var/data/router/keys location # check for custom certificate and private key under location ${JF_PRODUCT_HOME}/var/data/router/keys
bootstrapCustomCertsAndKeys "${rtSSLPath}" "${routerDataKeysPath}" bootstrapCustomCertsAndKeys "${routerDataKeysPath}"
fi fi
} }
...@@ -298,7 +322,7 @@ createSymlink() { ...@@ -298,7 +322,7 @@ createSymlink() {
} }
setRouterToplogy(){ setRouterToplogy(){
JF_ROUTER_TOPOLOGY_LOCAL_REQUIREDSERVICETYPES=jfrt,jfac,jfmd,jffe JF_ROUTER_TOPOLOGY_LOCAL_REQUIREDSERVICETYPES=jfrt,jfac,jfmd,jffe,jfob
if runReplicator; then if runReplicator; then
JF_ROUTER_TOPOLOGY_LOCAL_REQUIREDSERVICETYPES="${JF_ROUTER_TOPOLOGY_LOCAL_REQUIREDSERVICETYPES},jfxfer" JF_ROUTER_TOPOLOGY_LOCAL_REQUIREDSERVICETYPES="${JF_ROUTER_TOPOLOGY_LOCAL_REQUIREDSERVICETYPES},jfxfer"
fi fi
...@@ -478,6 +502,19 @@ runRouter() { ...@@ -478,6 +502,19 @@ runRouter() {
fi fi
} }
# Check if conditions to run local observability are met
runObservability() {
local isEnabled=
getSystemValue "${OBSERVABILITY_SERVICE_NAME}.enabled" "true"
isEnabled="${YAML_VALUE}"
if [[ "${isEnabled}" == "true" && -f "${observabilityScript}" ]]; then
return 0
else
return 1
fi
}
# Check if conditions to run local replicator are met # Check if conditions to run local replicator are met
runReplicator() { runReplicator() {
local isEnabled= local isEnabled=
...@@ -711,6 +748,11 @@ performActionOnScript(){ ...@@ -711,6 +748,11 @@ performActionOnScript(){
return 0 return 0
fi fi
# If run Observability is not enabled, do not perform any action
if [[ "${script}" == *${OBSERVABILITY_NAME}* ]] && ! runObservability ; then
return 0
fi
# If run event is not enabled, do not perform any action # If run event is not enabled, do not perform any action
if [[ "${script}" == *${EVENT_NAME}* ]] && ! runEvent ; then if [[ "${script}" == *${EVENT_NAME}* ]] && ! runEvent ; then
return 0 return 0
...@@ -921,6 +963,7 @@ rpmDebStartupActions() { ...@@ -921,6 +963,7 @@ rpmDebStartupActions() {
configureServerXml configureServerXml
prepareTomcat prepareTomcat
syncEtc syncEtc
bootstrapJavaSecurityFile
prioritizeCustomJoinKey prioritizeCustomJoinKey
changeArtOwnership "${JF_PRODUCT_HOME}/app" changeArtOwnership "${JF_PRODUCT_HOME}/app"
[ -d ${JF_PRODUCT_HOME}/var/etc ] && changeArtOwnership "${JF_PRODUCT_HOME}/var/etc" || true [ -d ${JF_PRODUCT_HOME}/var/etc ] && changeArtOwnership "${JF_PRODUCT_HOME}/var/etc" || true
......
scripts/artifactoryManage.sh
View file @ 1119169b
...@@ -27,6 +27,7 @@ ROUTER_NAME=router ...@@ -27,6 +27,7 @@ ROUTER_NAME=router
FRONTEND_NAME=frontend FRONTEND_NAME=frontend
EVENT_NAME=event EVENT_NAME=event
JFCONNECT_NAME=jfconnect JFCONNECT_NAME=jfconnect
OBSERVABILITY_NAME=observability
# Map contains environment variable key from old version (<7.x) to key from 7.x version # Map contains environment variable key from old version (<7.x) to key from 7.x version
# This info will be used to assign value from old key to new key # This info will be used to assign value from old key to new key
...@@ -265,9 +266,11 @@ routerScript=${ARTIFACTORY_BIN_FOLDER}/../router/bin/router.sh ...@@ -265,9 +266,11 @@ routerScript=${ARTIFACTORY_BIN_FOLDER}/../router/bin/router.sh
frontendScript=${ARTIFACTORY_BIN_FOLDER}/../frontend/bin/frontend.sh frontendScript=${ARTIFACTORY_BIN_FOLDER}/../frontend/bin/frontend.sh
eventScript=${ARTIFACTORY_BIN_FOLDER}/../event/bin/event.sh eventScript=${ARTIFACTORY_BIN_FOLDER}/../event/bin/event.sh
jfconnectScript=${ARTIFACTORY_BIN_FOLDER}/../jfconnect/bin/jfconnect.sh jfconnectScript=${ARTIFACTORY_BIN_FOLDER}/../jfconnect/bin/jfconnect.sh
observabilityScript=${ARTIFACTORY_BIN_FOLDER}/../observability/bin/observability.sh
# Any new mandatory service to be started or stopped can be added to this variable # Any new mandatory service to be started or stopped can be added to this variable
MANDATORY_JF_SERVICES_SCRIPT="${routerScript} ${metadataScript} ${eventScript} ${frontendScript}" MANDATORY_JF_SERVICES_SCRIPT="${routerScript} ${metadataScript} ${eventScript} ${frontendScript} ${observabilityScript}"
export JF_PRODUCT_HOME="$(cd ${ARTIFACTORY_BIN_FOLDER}/../.. && pwd)" export JF_PRODUCT_HOME="$(cd ${ARTIFACTORY_BIN_FOLDER}/../.. && pwd)"
export JF_ARTIFACTORY_PID="/var/run/artifactory.pid" export JF_ARTIFACTORY_PID="/var/run/artifactory.pid"
......
scripts/installerCommon.sh
View file @ 1119169b
...@@ -435,8 +435,8 @@ setInstallerStateKeys() { ...@@ -435,8 +435,8 @@ setInstallerStateKeys() {
} }
# To bump up Elasticsearch version in JFMC (native installers) change version # To bump up Elasticsearch version in JFMC (native installers) change version
RPM_DEB_ES_VERSION="7.13.2" RPM_DEB_ES_VERSION="7.13.4"
# To bump up postgresql version in all products (native installer) change version # To bump up postgresql version in all products (native installer) change version
POSTGRES_VERSION="13.2" POSTGRES_VERSION="13.2"
......
scripts/migrate.sh
View file @ 1119169b
...@@ -435,8 +435,8 @@ setInstallerStateKeys() { ...@@ -435,8 +435,8 @@ setInstallerStateKeys() {
} }
# To bump up Elasticsearch version in JFMC (native installers) change version # To bump up Elasticsearch version in JFMC (native installers) change version
RPM_DEB_ES_VERSION="7.13.2" RPM_DEB_ES_VERSION="7.13.4"
# To bump up postgresql version in all products (native installer) change version # To bump up postgresql version in all products (native installer) change version
POSTGRES_VERSION="13.2" POSTGRES_VERSION="13.2"
......
scripts/systemYamlHelper.sh
View file @ 1119169b
...@@ -435,8 +435,8 @@ setInstallerStateKeys() { ...@@ -435,8 +435,8 @@ setInstallerStateKeys() {
} }
# To bump up Elasticsearch version in JFMC (native installers) change version # To bump up Elasticsearch version in JFMC (native installers) change version
RPM_DEB_ES_VERSION="7.13.2" RPM_DEB_ES_VERSION="7.13.4"
# To bump up postgresql version in all products (native installer) change version # To bump up postgresql version in all products (native installer) change version
POSTGRES_VERSION="13.2" POSTGRES_VERSION="13.2"
......

UNCLASSIFIED