From 58d79d0b32a3aa5ddefe85d0948569450db6cdf7 Mon Sep 17 00:00:00 2001 From: Raul Sanchez Date: Sat, 22 Jul 2017 02:39:36 +0200 Subject: [PATCH 1/3] updated artifactory package. added reverse proxy to docker registry integration --- templates/artifactory-oss/0/README.md | 9 +++-- .../artifactory-oss/0/docker-compose.yml.tpl | 35 +++++++++++++++++ .../artifactory-oss/0/rancher-compose.yml | 39 +++++++++++++++++-- 3 files changed, 76 insertions(+), 7 deletions(-) diff --git a/templates/artifactory-oss/0/README.md b/templates/artifactory-oss/0/README.md index f7ca52e..f6e1271 100644 --- a/templates/artifactory-oss/0/README.md +++ b/templates/artifactory-oss/0/README.md @@ -9,14 +9,15 @@ generated artifacts. ### Usage: - Select Artifactory from catalog. - + - Select Artifactory from catalog. - Select artifactory version, OSS or PRO. - - Set the params. + - Set the params and select certificate. Click deploy. -Note: To use the PRO version, you need to get a free trial. +Notes: +- To use the PRO version, you need to get a free trial. +- You need a certificate imported in rancher enviroment to launch the package. ### More info: diff --git a/templates/artifactory-oss/0/docker-compose.yml.tpl b/templates/artifactory-oss/0/docker-compose.yml.tpl index d34f2f0..7c90946 100644 --- a/templates/artifactory-oss/0/docker-compose.yml.tpl +++ b/templates/artifactory-oss/0/docker-compose.yml.tpl @@ -10,6 +10,41 @@ services: - artifactory-data:/var/opt/jfrog/artifactory environment: - EXTRA_JAVA_OPTIONS=${EXTRA_JAVA_OPTIONS} + artifactory-rb: + image: rawmind/alpine-nginx:1.12.1-3 + environment: + NGINX_SERVER_NAME: artifactory + NGINX_SERVER_CONF: | + server { + + listen ${PUBLISH_PORT}; + server_name ~(?.+)\.${PUBLISH_NAME} ${PUBLISH_NAME}; + + set $$http_x_forwarded_proto ${PUBLISH_SCHEMA}; + + ## Application specific logs + ## access_log /var/log/nginx/oss.local-access.log timing; + ## error_log /var/log/nginx/oss.local-error.log; + + chunked_transfer_encoding on; + client_max_body_size 0; + + proxy_read_timeout 900; + proxy_pass_header Server; + proxy_cookie_path ~*^/.* /; + + location /v2 { + proxy_pass http://artifactory:8081/artifactory/api/docker/$$repo/v2/; + } + location / { + proxy_pass http://artifactory:8081/artifactory/; + } + proxy_set_header X-Artifactory-Override-Base-Url $$http_x_forwarded_proto://$$host:$$server_port; + proxy_set_header X-Forwarded-Port $$server_port; + proxy_set_header X-Forwarded-Proto $$http_x_forwarded_proto; + proxy_set_header Host $$http_host; + proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for; + } {{- if (.Values.PUBLISH_PORT)}} artifactory-lb: image: rancher/lb-service-haproxy:v0.6.4 diff --git a/templates/artifactory-oss/0/rancher-compose.yml b/templates/artifactory-oss/0/rancher-compose.yml index 091c01e..2dc5d77 100644 --- a/templates/artifactory-oss/0/rancher-compose.yml +++ b/templates/artifactory-oss/0/rancher-compose.yml @@ -14,6 +14,22 @@ catalog: options: - OSS - PRO + - variable: "PUBLISH_SCHEMA" + description: "Publish schema" + label: "Publish schema:" + required: false + default: "https" + type: "enum" + options: + - http + - https + - variable: "PUBLISH_NAME" + label: "Publish name" + description: | + Set publish fqdn for Artifactory server. + required: true + type: "string" + default: "artifactory.local" - variable: "PUBLISH_PORT" label: "Publish port" description: | @@ -21,6 +37,12 @@ catalog: required: true type: "int" default: 8081 + - variable: "SSL_CERT" + description: "SSL certificate. Mandatory if schema https." + label: "SSL certificate:" + required: true + default: "" + type: "certificate" - variable: "EXTRA_JAVA_OPTIONS" label: "Extra Java options" description: | @@ -38,16 +60,27 @@ services: scale: 1 lb_config: certs: [] + default_cert: ${SSL_CERT} port_rules: - - protocol: http - service: artifactory + - protocol: ${PUBLISH_SCHEMA} + service: artifactory-rb source_port: ${PUBLISH_PORT} - target_port: 8081 + target_port: ${PUBLISH_PORT} health_check: response_timeout: 2000 healthy_threshold: 2 port: 42 unhealthy_threshold: 3 + artifactory-rb: + scale: 1 + retain_ip: true + health_check: + port: ${PUBLISH_PORT} + interval: 5000 + unhealthy_threshold: 3 + request_line: 'GET / HTTP/1.0' + healthy_threshold: 2 + response_timeout: 5000 artifactory: scale: 1 retain_ip: true From acfee1cb239df574c34a6fc6277bee20cf997bc4 Mon Sep 17 00:00:00 2001 From: Raul Sanchez Date: Mon, 24 Jul 2017 18:14:52 +0200 Subject: [PATCH 2/3] Updated README.md --- templates/artifactory-oss/0/README.md | 38 +++++++++++++++++++ .../artifactory-oss/0/docker-compose.yml.tpl | 4 +- .../artifactory-oss/0/rancher-compose.yml | 8 ++-- 3 files changed, 45 insertions(+), 5 deletions(-) diff --git a/templates/artifactory-oss/0/README.md b/templates/artifactory-oss/0/README.md index f6e1271..e0298ba 100644 --- a/templates/artifactory-oss/0/README.md +++ b/templates/artifactory-oss/0/README.md @@ -7,6 +7,44 @@ Repository managers serve two purposes: they act as highly configurable proxies external repositories and they also provide build servers with a deployment destination for your internally generated artifacts. +### Usage: + + - Select Artifactory from catalog. + - Select artifactory version. + - Select artifactory release, OSS or PRO. + - Set the params and select certificate. + + Click "Launch". + +### Notes: + +- To use the PRO version, you need to get a free trial. +- You need a certificate imported in rancher enviroment before deploy this package. +- If you use self signed certificates, you should implement [self-signed-certificates][using-self-signed-certificates] in your hosts. +- If you use http schema, you should implement [insecure-registry][insecure-registry] in your hosts. + + +### More info: + +- [Resources][artifactory-resources] +- [Free-trial][artifactory-trial] +- [Self-signed-certificates][using-self-signed-certificates] +- [Insecure-registry][insecure-registry] + + +[artifactory]: https://www.jfrog.com/artifactory/ +[artifactory-resources]: https://www.jfrog.com/support-service/resources/ +[artifactory-trial]: https://www.jfrog.com/artifactory/free-trial/ +[using-self-signed-certificates]: https://docs.docker.com/registry/insecure/#using-self-signed-certificates +[insecure-registry]: https://docs.docker.com/registry/insecure/# Artifactory + +[Artifactory][artifactory] is a universal Binary Repository Manager for use by build tools (like Maven and Gradle), +dependency management tools (like Ivy and NuGet) and build servers (like Jenkins, Hudson, TeamCity and Bamboo). + +Repository managers serve two purposes: they act as highly configurable proxies between your organization and +external repositories and they also provide build servers with a deployment destination for your internally +generated artifacts. + ### Usage: - Select Artifactory from catalog. diff --git a/templates/artifactory-oss/0/docker-compose.yml.tpl b/templates/artifactory-oss/0/docker-compose.yml.tpl index 7c90946..92260da 100644 --- a/templates/artifactory-oss/0/docker-compose.yml.tpl +++ b/templates/artifactory-oss/0/docker-compose.yml.tpl @@ -10,8 +10,10 @@ services: - artifactory-data:/var/opt/jfrog/artifactory environment: - EXTRA_JAVA_OPTIONS=${EXTRA_JAVA_OPTIONS} - artifactory-rb: + artifactory-rp: image: rawmind/alpine-nginx:1.12.1-3 + external_links: + - artifactory:artifactory environment: NGINX_SERVER_NAME: artifactory NGINX_SERVER_CONF: | diff --git a/templates/artifactory-oss/0/rancher-compose.yml b/templates/artifactory-oss/0/rancher-compose.yml index 2dc5d77..c8459aa 100644 --- a/templates/artifactory-oss/0/rancher-compose.yml +++ b/templates/artifactory-oss/0/rancher-compose.yml @@ -17,7 +17,7 @@ catalog: - variable: "PUBLISH_SCHEMA" description: "Publish schema" label: "Publish schema:" - required: false + required: true default: "https" type: "enum" options: @@ -38,7 +38,7 @@ catalog: type: "int" default: 8081 - variable: "SSL_CERT" - description: "SSL certificate. Mandatory if schema https." + description: "Select SSL certificate." label: "SSL certificate:" required: true default: "" @@ -63,7 +63,7 @@ services: default_cert: ${SSL_CERT} port_rules: - protocol: ${PUBLISH_SCHEMA} - service: artifactory-rb + service: artifactory-rp source_port: ${PUBLISH_PORT} target_port: ${PUBLISH_PORT} health_check: @@ -71,7 +71,7 @@ services: healthy_threshold: 2 port: 42 unhealthy_threshold: 3 - artifactory-rb: + artifactory-rp: scale: 1 retain_ip: true health_check: From 8c284944dc94cbd356d088bb99a1844f98dae1b0 Mon Sep 17 00:00:00 2001 From: Raul Sanchez Date: Mon, 24 Jul 2017 18:22:40 +0200 Subject: [PATCH 3/3] Updated README.md --- templates/artifactory-oss/0/README.md | 32 ++------------------------- 1 file changed, 2 insertions(+), 30 deletions(-) diff --git a/templates/artifactory-oss/0/README.md b/templates/artifactory-oss/0/README.md index e0298ba..c98776b 100644 --- a/templates/artifactory-oss/0/README.md +++ b/templates/artifactory-oss/0/README.md @@ -22,6 +22,7 @@ generated artifacts. - You need a certificate imported in rancher enviroment before deploy this package. - If you use self signed certificates, you should implement [self-signed-certificates][using-self-signed-certificates] in your hosts. - If you use http schema, you should implement [insecure-registry][insecure-registry] in your hosts. +- KNOWN LIMITATION: "SSL certificate" is required for http and https publish schema. ### More info: @@ -37,33 +38,4 @@ generated artifacts. [artifactory-trial]: https://www.jfrog.com/artifactory/free-trial/ [using-self-signed-certificates]: https://docs.docker.com/registry/insecure/#using-self-signed-certificates [insecure-registry]: https://docs.docker.com/registry/insecure/# Artifactory - -[Artifactory][artifactory] is a universal Binary Repository Manager for use by build tools (like Maven and Gradle), -dependency management tools (like Ivy and NuGet) and build servers (like Jenkins, Hudson, TeamCity and Bamboo). - -Repository managers serve two purposes: they act as highly configurable proxies between your organization and -external repositories and they also provide build servers with a deployment destination for your internally -generated artifacts. - -### Usage: - - - Select Artifactory from catalog. - - Select artifactory version, OSS or PRO. - - Set the params and select certificate. - - Click deploy. - -Notes: -- To use the PRO version, you need to get a free trial. -- You need a certificate imported in rancher enviroment to launch the package. - - -### More info: - -- [Resources][artifactory-resources] -- [Free-trial][artifactory-trial] - - -[artifactory]: https://www.jfrog.com/artifactory/ -[artifactory-resources]: https://www.jfrog.com/support-service/resources/ -[artifactory-trial]: https://www.jfrog.com/artifactory/free-trial/ \ No newline at end of file + \ No newline at end of file