Cloud customer?
Start for Free >
Upgrade in MyJFrog >
What's New in Cloud >

Search





Working with an older version? JFrog Artifactory 6.x | JFrog Xray 2.x | JFrog Mission Control 3.x | JFrog Distribution 1.x |


Skip to end of metadata
Go to start of metadata

Overview

This page provides a guide for the different ways you can install and configure JFrog Artifactory, single node and high availability. For additional information, refer to high availability.

Before You Begin

System Requirements

Before installing Artifactory, refer to System Requirements for information on supported platforms, supported browsers and other requirements.

When installing Artifactory, you must run the installation as a root user or provide sudo access to a non-root user. 

Admin Permissions

You will need to have admin permissions on the installation machine in the following cases

  • Native installer - always requires admin permissions
  • Archive installer - requires admin permissions only during installation
  • Docker installer - does not require admin permissions

Use a dedicated server for Artifactory with no other software running to alleviate performance bottlenecks, avoid port conflicts, and avoid setting uncommon configurations.

System Architecture

To learn about the JFrog Platform Deployment, refer to System Architecture.

Installation Types

The install type is referenced as <type> in the different installation instructions below.

Subscription TypeInstall TypeDownload the Package
Pro
Pro X
Enterprise X
Enterprise+
proDownload Link
Artifactory OSS
ossDownload Link
Artifactory CE
cpp-ceDownload Link
JFrog Container Registry
jcrDownload Link

Installation Steps

The installation procedure involves the following main steps:

  1. Download the relevant package from the Download JFrog Platform page, according to the above table, to install (Linux Archive, Docker Image, Docker Compose, RPM, Debian, Helm, Windows).
  2. Install Artifactory either as a single node installation or a high availability cluster.
  3. Customize the product configuration (optional) including database, Java Opts, and filestore.
  4. Start the service using the start scripts or OS service management.
  5. Check the Artifactory Log to check the status of the service.
  6. Implement post-installation steps including changing the default password.

Default Home Directory / $JFROG_HOME

The default Artifactory home directory is defined according to the installation type. For additional details see the Product Directory Structure page.

This guide uses $JFROG_HOME to represent the JFrog root directory containing the deployed product, the home directory for all JFrog products.

Did you know?

You can also deploy the JFrog products with different Cloud providers and multiple orchestration tools. For more information, see JFrog Partner Integrations.

JFrog Subscription Levels

SELF-HOSTED
PRO
PRO X
ENTERPRISE X
ENTERPRISE+
Page Contents

Single Node Installation

The following installation methods are supported:

Linux Archive Installation

  1. Create a JFrog Home directory and move the downloaded installer archive into that directory, for example:

    mkdir jfrog
mv jfrog-artifactory-<pro|oss|cpp-ce>-<version>-linux.tar.gz jfrog
cd jfrog


  2. Set the JFrog Home environment variable

    export JFROG_HOME=<full path of the jfrog directory>

    To learn more about the system variable JFROG_HOME, click below.

     JFrog Product Directory Structure

    ProductEnvironment Variable

    Linux/Windows Archive

    		RPM/DebianDocker ContainerDocker Host
    JFrog HomeJFROG_HOME

    <extracted directory>

    		/opt/jfrog/opt/jfrogROOT_DATA_DIR *
    Note: Defined and customized in the .env file
    Default value~/.jfrog
    Application

    JFROG_HOME/<product>/app

    		<extracted directory>/<product>/app/opt/jfrog/<product>/app/opt/jfrog/<product>/app-
    Data

    JFROG_HOME/<product>/var

    		<extracted directory>/<product>/var/var/opt/jfrog/<product>/var1.
    Note: symbolic link    		/var/opt/jfrog/<product>/varROOT_DATA_DIR/var *
    Default value~/.jfrog/<product>/var

    Directory is customizable

    1. Customizing the RPM/Debian JFrog product data

    There are 2 ways to customize the data folder:

    1. Manual Option: Create a symbolic link from your custom folders to the default folders. For example, $JFROG_HOME/artifactory/var → /mnt/artifactory/var .
    2. Environment Variable Option: Set the JF_PRODUCT_VAR environment variable to point to a custom location in your system's environment variables files. See Ubuntu System environment variables for reference.

    Generic Directory Layout

    This is a generic directory layout for all JFrog products.

    JFROG_HOME
  └── <product>
     ├── app
     │   ├── bin
     │   ├── run
     │   ├── doc
     │   ├── <third-party>
     │   │   ├── java
     │   │   ├── yq
     │   │   └── others
     │   └── <service>
     │   │   ├── bin
     │   │   └── lib
     │   └── misc
     │
     └── var
        ├── backup
        │   └── <service>
        ├── bootstrap
        │   └── <service>
        ├── data
        │   └── <service>
        ├── etc
        │   ├── system.yaml
        │   ├── <service>
        │   └── security
        │       └──master.key
        │       └──join.key
        ├── log
        │   └── <service logs>
        │   └── archived
        │       └── <archived service logs>
        └── work
            └── <service>

  3. Extract the contents of the compressed archive and move it into the artifactory directory.

    tar -xvf jfrog-artifactory-<pro|oss|cpp-ce>-<version>-linux.tar.gz
mv artifactory-<pro|oss|cpp-ce>-<version> artifactory
  4. Customize the product configuration (optional) including database, Java Opts, and filestore.

  5. Run Artifactory as a foreground, background process, or as a service.

    Run Artifactory as a Process

    Run Artifactory as a foreground or as daemon process: When when running as a foreground process, the console will be locked and the process can be stopped at any time.

    Foreground Process
    $JFROG_HOME/artifactory/app/bin/artifactoryctl
    Daemon Process
    $JFROG_HOME/artifactory/app/bin/artifactoryctl start

    Manage the process:

    $JFROG_HOME/artifactory/app/bin/artifactoryctl check|stop

    Run Artifactory as a Service

    Artifactory is packaged as an archive file with a bundled Tomcat, and a complete install script that can be used to install it as a service running under a custom user. This is currently supported on Linux and Solaris systems.

    OS User Permissions

    When running Artifactory as a service, the installation script creates a user called artifactory which must have run and execute permissions on the installation directory.

    It is recommended to extract the Artifactory download file into a directory that gives run and execute permissions to all users such as /opt.

    To install Artifactory as a service, browse to the $JFROG_HOME/artifactory/app/bin directory and execute the following command as root:

    # USER (optional) - the user you want application to run as (default = artifactory)
# GROUP (optional) - the group with which the application will run as. (default = artifactory)
$JFROG_HOME/artifactory/app/bin/installService.sh [USER [GROUP]]

    Manage the service:

    Use systemd or init.d commands depending on your system.

    Using systemd
     systemctl <start|stop|status> artifactory.service
    Using init.d
    service artifactory <start|stop|check>

    If Artifactory is running, you should see its pid , if not, you will see a list of environment variables used by the service.

  6. Access Artifactory from your browser at: http://SERVER_HOSTNAME:8082/ui/For example, on your local machine: http://localhost:8082/ui/.

  7. Check Artifactory Log.

    tail -f $JFROG_HOME/artifactory/var/log/console.log

    Configuring the Log Rotation of the Console Log

    The console.log file can grow quickly since all services write to it. Learn more on how to configure the log rotation.

Docker Installation

  1. Create your Artifactory home directory and an empty system.yaml file. The user creating the folder should be the user running the docker run.

    The following steps assume that $JFROG_HOME environment variable is created in the system. For the correct location of $JFROG_HOME, see to System Directories - JFrog Product Directory Structure

    mkdir -p $JFROG_HOME/artifactory/var/etc/
cd $JFROG_HOME/artifactory/var/etc/
touch ./system.yaml
chown -R $UID:$GID $JFROG_HOME/artifactory/var

    Run the following command in addition if you are using Docker on a Mac machine.

    chmod -R 777 $JFROG_HOME/artifactory/var

  2. Customize the product configuration (optional) including database, Java Opts, and filestore.

    For Docker installations, verify that the host's ID shared.node.id and IP shared.node.ip are added to the system.yaml. 
    If these are not manually added, they are automatically resolved as the the container's IP, meaning other nodes and services will not be able to reach this instance.

  3. Start the Artifactory container using the process that is relevant for your system.

    docker run --name artifactory -v $JFROG_HOME/artifactory/var/:/var/opt/jfrog/artifactory -d -p 8081:8081 -p 8082:8082 releases-docker.jfrog.io/jfrog/artifactory-pro:latest

    docker run --name artifactory -v $JFROG_HOME/artifactory/var/:/var/opt/jfrog/artifactory -d -p 8081:8081 -p 8082:8082 releases-docker.jfrog.io/jfrog/artifactory-oss:latest

    docker run --name artifactory -v $JFROG_HOME/artifactory/var/:/var/opt/jfrog/artifactory -d -p 8081:8081 -p 8082:8082 releases-docker.jfrog.io/jfrog/artifactory-cpp-ce:latest

    Exposing Multiple Ports

    The Docker run command exposes more than one port: 8081 for Artifactory REST APIs and 8082 for all other uses.

  4. Manage Artifactory using native Docker commands.

    Examples
    docker ps
docker stop artifactory
  5. Access Artifactory from your browser at: http://SERVER_HOSTNAME:8082/ui/For example, on your local machine: http://localhost:8082/ui/.

  6. Check the Artifactory log.

    docker logs -f artifactory

    Configuring the Log Rotation of the Console Log

    The console.log file can grow quickly since all services write to it. Learn more on how to configure log rotation.

Docker Compose Installation

  1. Go to the download page, click the green arrow to download Docker Compose. Extract the contents of the compressed archive (.tar.gz file) and then go to the extracted folder.

    tar -xvf jfrog-artifactory-<pro|oss|jcr|cpp-ce>-<version>-compose.tar.gz

    .env file included within the Docker-Compose archive

    This .env file is used by docker-compose and is updated during installations and upgrades.

    Notice that some operating systems do not display dot files by default. If you make any changes to the file, remember to backup before an upgrade.

  2.  Run the script to setup folders with required ownership. This is an interactive script.

    ./config.sh

  3. Customize the product configuration (optional) including database, Java Opts, and filestore. Depending on your choices, a selected docker-compose.yaml will be available in the extracted folder. However, there are a few docker-compose templates in the directory templates. You can choose any template and copy it to the extracted folder as docker-compose.yaml

    For Docker installations, verify that the host's ID shared.node.id and IP shared.node.ip are added to the system.yaml

    If these are not manually added, they are automatically resolved as the the container's IP, meaning other nodes and services will not be able to reach this instance.


  4. Manage Artifactory using native Docker Compose commands, docker-compose -p rt <action> command.
    Run this command from the extracted folder.

    Examples
    # Starting from 7.8.x, PostgreSQL needs to be started before starting the other services.
docker-compose -p rt-postgres -f docker-compose-postgres.yaml up -d
docker-compose -p rt up -d
docker-compose -p rt ps
docker-compose -p rt down
  5. Access Artifactory from your browser at: http://SERVER_HOSTNAME:8082/ui/For example, on your local machine: http://localhost:8082/ui/

  6. Check Artifactory Log.

    docker-compose -p rt logs

    Configuring the Log Rotation of the Console Log

    The console.log file can grow quickly since all services write to it. This file is not log rotated for Darwin installations. Learn more on how to configure the log rotation.

Docker Compose Installation Using Docker Volumes

  1. Create Docker volumes.

    docker volume create --name=artifactory_data
docker volume create --name=postgres_data

  2. Extract the contents of the compressed archive and go to the extracted folder.

    tar -xvf jfrog-artifactory-<pro|oss|cpp-ce>-<version>-compose.tar.gz

  3. Copy the docker-compose-volumes.yaml to the extracted folder.

    cp templates/docker-compose-volumes.yaml docker-compose.yaml

  4. Add the entries in the .env file.       
    Avoid adding duplicate entries in the .env file.

    echo -e "JF_SHARED_NODE_IP=$(hostname -i)" >> .env
echo -e "JF_SHARED_NODE_ID=$(hostname -s)" >> .env
echo -e "JF_SHARED_NODE_NAME=$(hostname -s)" >> .env

  5. Manage Artifactory using native Docker Compose commands: docker-compose -p rt <action> command.
    Run this command from the extracted folder.

    Examples
    docker-compose -p rt up -d
docker-compose -p rt ps
docker-compose -p rt down

RPM Installation

  1. Install Artifactory as a service on Red Hat compatible Linux distributions, as a root user.

    yum install -y jfrog-artifactory-<pro|oss|cpp-ce>-<version>.rpm
  2. Customize the product configuration (optional) including database, Java Opts, and filestore.

  3. Manage Artifactory using the following commands.

    service artifactory start|stop
  4. Access Artifactory from your browser at: http://SERVER_HOSTNAME:8082/ui/For example, on your local machine: http://localhost:8082/ui/.

  5. Check Artifactory Log.

    tail -F $JFROG_HOME/artifactory/var/log/console.log

Debian Installation

  1. Install Artifactory as a service on compatible Linux distributions, as a root user.

    dpkg -i jfrog-artifactory-<pro|oss|cpp-ce>-<version>.deb
  2. Customize the product configuration (optional) including database, Java Opts, and filestore.

  3. Manage Artifactory using the following commands.

    service artifactory start|stop|status
  4. Access Artifactory from your browser at: http://SERVER_HOSTNAME:8082/ui/For example, on your local machine: http://localhost:8082/ui/.

  5. Check Artifactory Log.

    tail -F $JFROG_HOME/artifactory/var/log/console.log

Helm Installation 

Deploying Artifactory for Small, Medium or Large Installations

The chart directory, includes three values files, one for each installation type–small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. You can find the files in the corresponding chart directory.

Customized Yaml File

When using a customized values.yaml file, remember to attach a -f flag to each upgrade command in the file.

  1. Add the ChartCenter Helm repository to your Helm client.

    helm repo add jfrog https://charts.jfrog.io

  2. Update the repository.

    helm repo update

  3. Create a unique Master Key (Artifactory requires a unique master key) pass it to the template during installation.

    Custom Master Key in Production Installations

    For production grade installations it is strongly recommended to use a custom master key. If you initially use the default master key it will be very hard to change the master key at a later stage. Therefore, generate a unique key and pass it to the template at install/upgrade time.

    # Create a key
export MASTER_KEY=$(openssl rand -hex 32)
echo ${MASTER_KEY}

    Alternatively, you can manually create a secret containing the master key and pass it to the template during installation.

    # Create a key
export MASTER_KEY=$(openssl rand -hex 32)
echo ${MASTER_KEY}

# Create a secret containing the key. The key in the secret must be named master-key
kubectl create secret generic my-masterkey-secret -n artifactory --from-literal=master-key=${MASTER_KEY}

    In either case, make sure to pass the same master key on all future calls to Helm install and Helm upgrade. This means always passing --set artifactory.masterKey=${MASTER_KEY} (for the custom master key) or --set artifactory.masterKeySecretName=my-masterkey-secret (for the manual secret) and verifying that the the contents of the secret remain unchanged.

  4. Next, create a unique join key: By default the chart has one set in the values.yaml (artifactory.joinKey). However, this  key is for demonstration purposes only and should not be used in a production environment. Generate a unique key and pass it to the template during installation.

    # Create a key
export JOIN_KEY=$(openssl rand -hex 32)
echo ${JOIN_KEY}

    Alternatively, you can manually create a secret containing the join key and pass it to the template during installation.

    # Create a key
export JOIN_KEY=$(openssl rand -hex 32)
echo ${JOIN_KEY}

# Create a secret containing the key. The key in the secret must be named join-key
kubectl create secret generic my-joinkey-secret -n artifactory --from-literal=join-key=${JOIN_KEY}

    In either case, make sure to pass the same join key on all future calls to Helm install and Helm upgrade. This means always passing --set artifactory.joinKey=${JOIN_KEY} (for the custom join key) or --set artifactory.joinKeySecretName=my-joinkey-secret (for the manual secret) and verifying that the the contents of the secret remain unchanged.

  5. Install the chart with the release name artifactory and with master key and join key.

    helm upgrade --install artifactory --set artifactory.masterKey=${MASTER_KEY} --set artifactory.joinKey=${JOIN_KEY} --namespace artifactory jfrog/artifactory

    If you are using an internal PostgreSQL, it is recommended to change the PostgreSQL password. For more information, see Helm Charts for Advanced Users - Auto-generated Passwords (Internal PostgreSQL).

  6. Connect to Artifactory.

    It may take a few minutes for Artifactory's public IP to become available. Follow the instructions that are output by the install command above to get the Artifactory IP to access it. Below you will find a sample instruction of what to look for to pick the URL to reach Artifactory (in the example below, art77 is the release name and art is the namespace).

    Congratulations. You have just deployed JFrog Artifactory.
1. Get the Artifactory URL by running these commands:
   NOTE: It may take a few minutes for the LoadBalancer IP to be available.
         You can watch the status of the service by running 'kubectl get svc --namespace art -w art77-artifactory-nginx'
   export SERVICE_IP=$(kubectl get svc --namespace art art77-artifactory-nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
   echo http://$SERVICE_IP/
2. Open Artifactory in your browser
   Default credential for Artifactory:
   user: admin
   password: password

  7. To access the logs, find the name of the pod using this command.

    kubectl --namespace <your namespace> get pods

  8. To get the container logs, run the following command.

    kubectl --namespace <your namespace> logs -f <name of the pod>

  9. Optional Steps

    1. Customize the product configuration including database, Java Opts, and filestore.

      Filestore Options

      Helm filestore (storage) installations require certain modifications; for more information, see Advanced Storage Options.

      Unlike other installations, Helm Chart configurations are made to the values.yaml and are then applied to the system.yaml.

      Follow these steps to apply the configuration changes.

      1. Make the changes to values.yaml. 

      2. Run the command.

        helm upgrade --install artifactory -n artifactory -f values.yaml

    2. To configure Artifactory for Helm, you will need to override the default system.yaml configuration. For more information, see Overriding the Default System YAML File.

    3. By default, Helm deploys Artifactory with PostgreSQL (running in a separate pod). It is possible to deploy Artifactory without PostgreSQL (or any other external database), which will default to the embedded Derby database.

      # Disable the default postgresql
helm upgrade --install artifactory --set postgresql.enabled=false -n artifactory center/jfrog/artifactory

Mac (Darwin) Installation

The Mac installation can only be used for testing. It is not supported in development, staging or production environments.

  1. Create a JFrog Home directory and move the downloaded installer archive into that directory, for example:

    mkdir jfrog
mv jfrog-artifactory-<pro|oss|cpp-ce>-<version>-darwin.tar.gz jfrog
cd jfrog

  2. Set the JFrog Home environment variable

    export JFROG_HOME=<full path of the jfrog directory>

  3. Extract the contents of the compressed archive and move it into artifactory directory.

    tar -xvf jfrog-artifactory-<pro|oss|cpp-ce>-<version>-darwin.tar.gz
mv artifactory-<pro|oss|cpp-ce>-<version> artifactory
chmod -R 777 $JFROG_HOME/artifactory/var
  4. Customize the product configuration (optional) including database, Java Opts, and filestore.

  5. Run Artifactory as a foreground or a background process.

    When running as a foreground process, the console will be locked and the process can be stopped at any time.

    Foreground Process
    $JFROG_HOME/artifactory/app/bin/artifactoryctl
    Daemon Process
    $JFROG_HOME/artifactory/app/bin/artifactoryctl start

    Manage the process.

    $JFROG_HOME/artifactory/app/bin/artifactoryctl check|stop
  6. Access Artifactory from your browser at: http://SERVER_HOSTNAME:8082/ui/For example, on your local machine: http://localhost:8082/ui/.

  7. Check Artifactory Log.

    tail -f $JFROG_HOME/artifactory/var/log/console.log

    Configuring the Log Rotation of the Console Log

    The console.log file can grow quickly since all services write to it. This file is not log rotated for Darwin installations. Learn more on how to configure log rotation.

Windows Installation

  1. Create a JFrog Home directory and move the downloaded installer archive into that directory, for example:

    mkdir jfrog
move jfrog-artifactory-<pro|oss|cpp-ce>-<version>-windows.zip jfrog
cd jfrog

  2. Set the JFrog Home environment variable

    set JFROG_HOME=<full path of the jfrog directory>

  3. Extract the contents of the compressed archive and go to the extracted folder. Define the path to this folder as an environment variable called JFROG_HOME.

    # Extract jfrog-artifactory-<pro|oss|cpp-ce>-<version>-windows.zip into jfrog folder
move artifactory-<pro|oss|cpp-ce>-<version> artifactory

  4. Install Artifactory manually or as a service.
    Manual Installation
    Browse to %JFROG_HOME%\artifactory\app\bin and execute the file artifactory.bat.

    Security settings

    Depending on the security settings under Windows, you might need to run artifactory.bat using 'Run as administrator'

    Service Installation
    Browse to %JFROG_HOME%\artifactory\app\bin, and execute the file InstallService.bat.

    Security

    Windows 8 implements strict User Account Control (UAC). You must either disable UAC or right-click on cmd.exe and select "Run as administrator" in order to run this script.

    Firewall Alerts for first time Artifactory Windows Installation

    When starting Artifactory, you may get some firewall exception messages. Please select private networks and allow access to continue working.

  5. Customize the product configuration (optional) including database, Java Opts, and filestore.

  6. Manage Artifactory using the following commands, in a Command Prompt window.

    sc start|stop|query artifactory

  7. Check Artifactory Log in the %JFROG_HOME%\artifactory\var\log\artifactory-service.log file.

HA Installation

The following describes how to set up an Artifactory HA cluster with more than one node. For more information about HA, see JFrog High Availability.

HA versions before Artifactory 7.17.4 support using primary and secondary nodes.

Prerequisites

All nodes within the same Artifactory HA installation must be running the same Artifactory version.

Database

Artifactory HA requires an external database, and currently supports the following databases: Oracle, MySQL, MS SQL and PostgreSQL.

Make sure you have completed setting up your external database before proceeding to install the cluster nodes. The database connection details are used for each node installation.

Licensing

Artifactory HA is supported with an Enterprise License. Each node in the cluster must be activated with a different license.

Before adding any additional node, please add each additional node's license using the node that is already running.

Load Balancer

Artifactory HA requires a dedicated Load Balancer. The load balancer should be installed once all of the cluster nodes are up and running. It is the responsibility of your organization to manage and configure it correctly.

Network

  • All the Artifactory HA components (Artifactory cluster nodes, database server and load balancer) must be within the same fast LAN.
  • All the HA nodes must communicate with each other through dedicated TCP ports.
  • Network communications between the cluster nodes must be enabled for each of the nodes.

The following installation methods are supported:

HA is not supported for Mac (Darwin) installation

Linux Archive/Docker/RPM/Debian/Windows HA Installation

  1. Install the cluster nodes according to the single node installation. Important: make sure not to start Artifactory.

  2. Configure the system.yaml file with the database and node configuration details. For example: 

    Node system.yaml
    shared: 
  database: 
    driver: org.postgresql.Driver
    password: password
    type: postgresql
    url: "jdbc:postgresql://<your db url, for example: localhost:5432>/artifactory"
    username: artifactory
  node: 
    haEnabled: true
    taskAffinity: any

  3. Optional: You can now configure the binarystore.xml in $JFROG_HOME/artifactory/var/etc/artifactoryIf the directory and file do not exist, you can create them yourself.

    <config version="2">
    <chain template="cluster-file-system"/>
</config>

  4. Start the node.

    service artifactory start
    Docker
    $ docker run --name artifactory -v $JFROG_HOME/artifactory/var/:/var -d -p 8081:8081 -p 8082:8082 releases-docker.jfrog.io/jfrog/artifactory-<pro|oss|cpp-ce>:latest
    Windows
    sc start artifactory

    For a node to join a cluster, the nodes must have the same database configuration and the Master Key.

  5. Install the additional nodes following the steps above.
  6. Copy the master.key from the first node to the additional nodes located at $JFROG_HOME/artifactory/var/etc/security/master.key.

  7. Start the additional nodes.

  8. Check the Artifactory log.

Node ID and IP

For Docker installations, verify that the host's ID shared.node.id and IP shared.node.ip are added to the system.yaml
If these are not manually added, they are automatically resolved as the container's hostname and IP, meaning other nodes and services will not be able to reach this instance.

shared:
  node:
    id: "MyNodeID"
    ip: "10.1.2.3"

Installing a Non-Management Node

By default, all Artifactory nodes in a cluster are installed as equal nodes, meaning they can be be used to manage the cluster. You also have the option of installing a node that does not have management capabilities.

In this case, you will need to set the system.yaml parameter taskAffinity to none.

shared: 
  database: 
    driver: org.postgresql.Driver
    password: password
    type: postgresql
    url: "jdbc:postgresql://<your db url, for example: localhost:5432>/artifactory"
    username: artifactory
  node: 
    haEnabled: true
    taskAffinity: none

Docker Compose HA Installation

Use the Docker Compose script with the following commands to easily set up your HA instance. Make sure to install the database and each Artifactory cluster node on different nodes.

  1. Go to the download page, click the green arrow to download Docker Compose. Extract the contents of the compressed archive (.tar.gz file) and then go to the extracted folder.

    tar -xvf jfrog-artifactory-<pro|oss|cpp-ce>-<version>-compose.tar.gz

    .env file included within the Docker-Compose archive

    This .env file is used by docker-compose and is updated during installations and upgrades.

    Notice that some operating systems do not display dot files by default. If you make any changes to the file, remember to backup before an upgrade.

  2. Run the config.sh script to setup folders with required ownership. This is an interactive script.

    ./config.sh

  3. Configure the system.yaml file with the node's configuration details.

    Node system.yaml
    shared:
  node:
    haEnabled: true
    taskAffinity: any
  4. Customize any additional product configuration (optional) including, Java Opts and filestore.

  5. Start Artifactory using docker-compose commands. 
    Run this command only from the extracted folder.

    # Starting from 7.8.x, PostgreSQL needs to be started before starting the other services.
docker-compose -p rt-postgres -f docker-compose-postgres.yaml up -d
docker-compose -p rt up -d
docker-compose -p rt ps
docker-compose -p rt down

  6. Access Artifactory from your browser at: http://SERVER_HOSTNAME/ui/. For example, on your local machine: http://localhost/ui/.
    For a node to join a cluster, the nodes must have the same database configuration and the Master Key.

  7. Install the additional nodes following the steps above.
  8. Copy the master.key from the first node to the additional nodes located at $JFROG_HOME/artifactory/var/etc/security/master.key.

  9. Start the additional nodes.

  10. Check the Artifactory log.

    docker-compose  -p rt logs

Node ID and IP

For Docker installations, verify that the host's ID shared.node.id and IP shared.node.ip are added to the system.yaml
If these are not manually added, they are automatically resolved as the container's hostname and IP, meaning other nodes and services will not be able to reach this instance.

shared:
  node:
    id: "MyNodeID"
    ip: "10.1.2.3"

Installing a Non-Management Node

By default, all Artifactory nodes in a cluster are installed as equal nodes, meaning they can be be used to manage the cluster. You also have the option of installing a node that does not have management capabilities.

In this case, you will need to set the system.yaml parameter taskAffinity to none.

shared: 
  database: 
    driver: org.postgresql.Driver
    password: password
    type: postgresql
    url: "jdbc:postgresql://<your db url, for example: localhost:5432>/artifactory"
    username: artifactory
  node: 
    haEnabled: true
    taskAffinity: none

Helm HA Installation

The Helm HA installation can be installed so that each node you install can run all tasks in the cluster.

Installing HA from Artifactory 7.17.4 and Above

Prior to version 7.17.4, the Artifactory HA cluster in the chart was comprised of a single primary node and two member nodes. The cluster could be resized as needed (this was based on changing the number of member nodes), and load balancing was done to the member nodes only. This left the primary node free to handle jobs and tasks and to not be interrupted by inbound traffic.

From version 7.17.4 and above, the Artifactory HA cluster can be full HA with all nodes designated as primary nodes. In this case, the basic HA installation will create three primary nodes and 0 member nodes.  To create this HA cluster, set the parameters artifactory.primary.replicaCount=3 and  artifactory.node.replicaCount=0 in the values.yaml file. This indicates that the primary nodes (any one of the nodes) will be able to handle load balancing, jobs, and tasks.

Important

Currently, it is not possible to connect a JFrog product (e.g., Xray) that is within a Kubernetes cluster with another JFrog product (e.g., Artifactory) that is outside of the cluster, as this is considered a separate network. Therefore, JFrog products cannot be joined together if one of them is in a cluster.

Deploying Artifactory for Small, Medium or Large Installations

The chart directory, includes three values files, one for each installation type–small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. You can find the files in the corresponding chart directory.

  1. Add the ChartCenter Helm repository to your Helm client.

    helm repo add jfrog https://charts.jfrog.io

  2. Create a unique Master Key (Artifactory requires a unique master key) pass it to the template during installation.

    Custom Master Key in Production Installations

    For production grade installations it is strongly recommended to use a custom master key. If you initially use the default master key it will be very hard to change the master key at a later stage. Therefore, generate a unique key and pass it to the template at install/upgrade time.

    # Create a key
export MASTER_KEY=$(openssl rand -hex 32)
echo ${MASTER_KEY}

    Alternatively, you can create a secret containing the master key manually and pass it to the template during installation.

    # Create a secret containing the key. The key in the secret must be named master-key
kubectl create secret generic my-masterkey-secret -n artifactory --from-literal=master-key=${MASTER_KEY}

    In either case, make sure to pass the same master key on all future calls to Helm install and Helm upgrade. This means always passing --set artifactory.masterKey=${MASTER_KEY} (for the custom master key) or --set artifactory.masterKeySecretName=my-masterkey-secret (for the manual secret) and verifying that the the contents of the secret remain unchanged.

  3. Next, create a unique join key: By default the chart has one set in the values.yaml (artifactory.joinKey). However, this  key is for demonstration purposes only and should not be used in a production environment. Generate a unique key and pass it to the template during installation.

    # Create a key
export JOIN_KEY=$(openssl rand -hex 32)
echo ${JOIN_KEY}

    Alternatively, you can manually create a secret containing the join key and pass it to the template during installation.

    # Create a key
export JOIN_KEY=$(openssl rand -hex 32)
echo ${JOIN_KEY}

# Create a secret containing the key. The key in the secret must be named join-key
kubectl create secret generic my-joinkey-secret -n artifactory --from-literal=join-key=${JOIN_KEY}

    In either case, make sure to pass the same join key on all future calls to Helm install and Helm upgrade. This means always passing --set artifactory.joinKey=${JOIN_KEY} (for the custom join key) or --set artifactory.joinKeySecretName=my-joinkey-secret (for the manual secret) and verifying that the the contents of the secret remain unchanged.

  4. Update the repository.

    helm repo update

  5. Install the chart with the release name artifactory-ha and with the master key and join key.

    helm upgrade --install artifactory-ha --set artifactory.masterKey=${MASTER_KEY} --set artifactory.joinKey=${JOIN_KEY} --namespace artifactory-ha jfrog/artifactory-ha

    If you are using an internal PostgreSQL, it is recommended to change the PostgreSQL password. For more information, see Helm Charts for Advanced Users - Auto-generated Passwords (Internal PostgreSQL).

  6. Connect to Artifactory.

    It might take a few minutes for Artifactory's public IP to become available. Follow the instructions that are output by the install command above to get the Artifactory IP to access it. Below you will find a sample instruction of what to look for to pick the URL to reach Artifactory (in the example below, art77 is the release name and art is the namespace).

    Congratulations. You have just deployed JFrog Artifactory HA.
SETUP:
1. Get the Artifactory IP and URL
   NOTE: It may take a few minutes for the LoadBalancer public IP to be available!
   You can watch the status of the service by running 'kubectl get svc -w artha77-nginx'
   export SERVICE_IP=$(kubectl get svc --namespace art artha77-nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
   echo http://$SERVICE_IP/
2. Open Artifactory in your browser
   Default credential for Artifactory:
   user:     admin
   password: password

  7. Install the Artifactory HA license using one of three methods: REST API, Artifactory UI, or a Kubernetes Secret. For more information, click the link below.

     Adding Licenses

    To activate Artifactory HA, you must install an appropriate license as part of the installation. There are three ways to manage the license: via Artifactory UI, REST API, or a Kubernetes Secret.

    Specifying multiple licenses

    Whether in the Artifactory UI, using the REST API or in the artifactory.cluster.license file, make sure that the licenses are separated by a newline.

    The easiest and recommended way is by using Artifactory UI. Using the Kubernetes Secret or REST API is for advanced users and is better suited for automation.

    You should use only one of these methods. Switching between them while a cluster is running might disable your Artifactory HA cluster.


    Option A: Using REST API

    You can add licenses via REST API. Note that the REST API uses "\n" for the newlines in the licenses (this is currently recommended method).

    Option B: Using the Artifactory UI

    Once the primary cluster is running, open Artifactory UI and insert the license(s) in the UI. See HA installation and setup for more details.

    Enter all of the licenses at once, with each license separated by a newline. If you add the licenses one at a time, you may get redirected to a node without a license and the UI will not load for that node.

    Option C: Using a Kubernetes Secret

    Important

    This method is relevant for initial deployment only. Once Artifactory is deployed, you should not keep passing these parameters, since the license is already persisted into Artifactory's storage (and they will be ignored). Updating the license should be done via Artifactory UI or REST API.


    You can deploy the Artifactory license(s) as a     Kubernetes Secret    You will need to prepare a text file with the license(s) written in it. If adding multiple licenses, they are added in the same file. Remember to add two new lines between each license block.

    1. Create the Kubernetes secret (assuming the local license file is 'art.lic').

      kubectl create secret generic artifactory-cluster-license --from-file=./art.lic

    2. Create a license-values.yaml.

      artifactory:
  license:
    secret: artifactory-cluster-license
    dataKey: art.lic

    3. Install with the license-values.yaml.

      helm upgrade --install jfrog-platform --namespace jfrog-platform center/jfrog/jfrog-platform -f license-values.yaml
    Create the Kubernetes Secret as Part of the Helm Release

    1. Create a license-values.yaml.

      artifactory:
  license:
    licenseKey: |-
      <LICENSE_KEY1>


      <LICENSE_KEY2>


      <LICENSE_KEY3>

    2. Install with the license-values.yaml.

      helm upgrade --install jfrog-platform --namespace jfrog-platform center/jfrog/jfrog-platform -f license-values.yaml

    This method is relevant for initial deployment only. Once Artifactory is deployed, you should not keep passing these parameters, since the license is already persisted into Artifactory's storage (and they will be ignored). Updating the license should be done via Artifactory UI or REST API.

    If you want to keep managing the Artifactory license using the same method, you can use the copyOnEveryStartup example shown in the values.yaml file.

  8. To access the logs, find the name of the pod using this command.

    kubectl --namespace <your namespace> get pods

  9. To get the container logs, run the following command.

    kubectl --namespace <your namespace> logs -f <name of the pod>

  10. Optional steps

    1. Customize the product configuration (optional) including database, Java Opts, and filestore.

      Filestore Options

      Helm filestore (storage) installations require certain modifications; for more information, see Advanced Storage Options.

      Unlike other installations, Helm Chart configurations are made to the values.yaml and are then applied to the system.yaml.

      Follow these steps to apply the configuration changes.

      1. Make the changes to values.yaml. 

      2. Run the command.

        helm upgrade --install artifactory-ha --namespace artifactory-ha -f values.yaml

      Alert: Use a PVC when Using an External Blob Storage

      When using external blob storage (for example, AWS S3, Azure blob storage, or Google storage), there is still a need to persist temporary eventual storage in a PVC (Persistent Volume Claims) in cases of loss of connection to the external storage or if the Artifactory pod crashes.

      Avoiding the usage of a PVC can lead to data loss in case of unplanned pod termination.

    2. To configure Artifactory for Helm, you will need to override the default system.yaml configuration. For more information, see Overriding the Default System YAML File.

    3. By default, Helm deploys Artifactory with PostgreSQL (running in a separate pod). It is possible to deploy Artifactory without PostgreSQL (or any other external database), which will default to the embedded Derby database.

      # Disable the default postgresql
helm upgrade --install artifactory-ha --set postgresql.enabled=false --namespace artifactory-ha center/jfrog/artifactory-ha

Adding Licenses

Add licenses according to your license type:
License Key

  • Option 1: Copy the artifactory.cluster.license file to the first node's configuration directory.

    cp artifactory.cluster.license $JFROG_HOME/artifactory/var/etc/artifactory/

  • This can also be done once you start Artifactory using:

Specifying multiple licenses

Whether in the Artifactory UI, using the REST API or in the artifactory.cluster.license file, make sure that the licenses are separated by a newline.

License Bucket

Applying a license bucket requires installing JFrog Mission Control. To apply the license bucket:

  1. Complete configuring and starting the first node (steps 4 and 5)
  2. Install JFrog Mission Control

  3. Apply your license Bucket Management in the UI

Post-Installation Steps

Once the installation is complete, you will need to validate these items:

Product Configuration

After installing and before running Artifactory, you may set the following configurations:

  • System YAML Configuration File

    Where to find system.yaml?

    You can configure all your system settings using the system.yaml file located in the $JFROG_HOME/artifactory/var/etc folder. For more information, see Artifactory YAML Configuration.

    If you don't have a System YAML file in your folder, copy the template available in the folder and name it system.yaml.

    For the Helm charts, the system.yaml file is managed in the chart’s values.yaml.

  • Database
    Artifactory comes with an embedded Derby Database out-of-the-box. If you're planning to use it in production, it is highly recommended to first configure any alternate supported databases, and then start Artifactory


  • Customize Java Opts (optional)
    Remember to modify your JVM Parameters as needed by setting JAVA_OPTIONS in $JFROG_HOME/artifactory/var/etc/system.yaml. The property to pass extra Java opts is artifactory.extraJavaOpts. It is highly recommended to set your Java memory parameters as follows:

    The larger your repository or number of concurrent users, the larger you need to make the -Xms and -Xmx values accordingly. If you can reserve at least 512MB for Artifactory, the recommended minimal values are:

    -server -Xms512m -Xmx2g -Xss256k -XX:+UseG1GC

    For more recommendations about your hardware configuration (especially the -Xmx parameter), please refer to System Requirements

  • Additional Settings
    These include: customizing ports, joinKey (join.key), masterKey (master.key).

  • Configuring the Filestore
    By default, Artifactory is configured to use the local file system as its filestore. Artifactory supports a variety of additional filestore configurations to meet a variety of needs for binary storage providers, storage size and redundancy.

Enabling TLS 1.0 and 1.1 for Connectivity with Older Databases

Artifactory version 7.25.2 onwards includes OpenJDK version 11.0.11 and later. TLS 1.0 and TLS 1.1 are disabled by default from OpenJDK 11.0.11 onwards. If your database version does not support TLS 1.2, the Artifactory startup fails.

If you are unable to upgrade your database to a version that supports TLS 1.2 or later, perform the following steps to run Artifactory:

  1. Download the java.security file that has TLS 1.0 and 1.1 enabled.


  2. Create the directory, ${JFROG_HOME}/artifactory/var/bootstrap/artifactory/java.

    mkdir -p ${JFROG_HOME}/artifactory/var/bootstrap/artifactory/java
  3. Copy the java.security file into ${JFROG_HOME}/artifactory/var/bootstrap/artifactory/java.

  4. Provide the appropriate permissions to the directory.

    chmod 755 ${JFROG_HOME}/artifactory/var/bootstrap/artifactory/java/java.security

    Artifactory startup takes a backup of the existing java.security file and bootstraps custom java.security into the ${JFROG_HOME}/artifactory/app/third-party/java/conf/security folder.

Configuring Java Security File for Helm Installations

  1. Create the following local directory.

    mkdir -p java/configmap

  2. Download the java.security file that has TLS 1.0 and 1.1 enabled.


  3. Copy the java.security file to java/configmap.

  4. Run the following command to create a custom config map. For more information, refer to Using Config Maps.

    kubectl create configmap java-security-config --from-file=java/configmap/java.security

  5. Pass the following custom config map to your Helm install. For more information, refer to Using Config Maps.

    artifactory:
  preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/java && cp -Lrf /tmp/java/* /opt/jfrog/artifactory/var/bootstrap/artifactory/java/"
  customVolumes: |
   - name: java-security-config
     configMap:
       name: java-security-config
  customVolumeMounts: |
    - name: java-security-config
      mountPath: /tmp/java/java.security
      subPath: java.security

For Advanced Users

Linux Archive

Install Script Commands

The following are the sequence of commands performed by the Linux Archive install script.

User creation
  • Creates a default user named artifactory ($JF_ARTIFACTORY_USER).

To change the default user, edit the shared.user (and shared.group) parameter in the $JFROG_HOME/artifactory/var/etc/system.yaml.

When running the service with a different user, make sure to update the shared.user and the shared.group parameters in the $JFROG_HOME/artifactory/var/etc/system.yaml file.

artifactory default
  • Modifies the $JFROG_HOME/artifactory/app/bin/artifactory.default file containing the main environment variables needed for Artifactory to run.
    Such as: JF_PRODUCT_HOME, TOMCAT_HOMEJAVA_OPTIONS.

To modify your JVM parameters, modify the artifactory.extraJavaOpts parameter in the $JFROG_HOME/artifactory/var/etc/system.yaml

systemd or init
  • Installs the Artifactory service on systemd if supported, or init.d.
    • systemd is supported: the install script copies the artifactory to /etc/systemd/system/artifactory.service script file
    • systemd is not supported: the install script copies the artifactory script file to /etc/init.d/artifactory 
Tomcat Preparation
  • Creates the logs directory $JFROG_HOME/artifactory/var/log folder, with write permissions to the JF_ARTIFACTORY_USER (created at the start of the script).
  • Creates a soft link $JFROG_HOME/artifactory/var/log/artifactory/catalina.
    The $JFROG_HOME/artifactory/app/artifactory/tomcat/logs folder is linked to $JFROG_HOME/artifactory/var/log/artifactory/catalina.
  • Creates a work directory for tomcat $JFROG_HOME/artifactory/var/work/artifactory/tomcat.
chkconfig calls
  • Activates the Artifactory Service and adds it to the chkconfig list.
Set ownership
  • Defines the permissions for the $JFROG_HOME/artifactory/var and $JFROG_HOME/artifactory/app files, for the $JF_ARTIFACTORY_USER. 

Manual Docker Compose Installation

  1. Go to the download page, click the green arrow to download Docker Compose. Extract the contents of the compressed archive (.tar.gz file) and then go to the extracted folder.

    tar -xvf jfrog-artifactory-<pro|oss|cpp-ce>-<version>-compose.tar.gz

    .env file included within the Docker-Compose archive

    This .env file is used by docker-compose and is updated during installations and upgrades.

    Notice that some operating systems do not display dot files by default. If you've made any changes to the file, remember to backup before an upgrade.

  2. Create the following folder structure under $JFROG_HOME/artifactory_HOME

    -- [1030     1030    ]  var
    |-- [1030     1030    ]  data
    |   |-- [104   107 ]  nginx 						- Necessary if you want to add nginx
    |   `-- [999     999  ]  postgres					- Necessary if you want to add postgres
    |-- [1030     1030    ]  etc

  3. Copy the appropriate docker-compose templates from the templates folder to the extracted folder. Rename it as docker-compose.yaml

    RequirementTemplate
    Artifactory + Derby (inbuilt database)docker-compose.yaml
    Artifactory + Postgresdocker-compose-postgres.yaml
    Artifactory + Nginxdocker-compose-nginx.yaml

  4. Update the .env file with the Installation directory.

    ROOT_DATA_DIR=/root/.jfrog/artifactory
  5. Customize the product configuration.
    1. Customize the PostgreSQL Database connection details. (optional)

    2. Set any additional configurations (for example: ports, node id) using the Artifactory system.yaml configuration file.

      Ensure the host's ID "shared.node.id" and IP "shared.node.ip" are added to the system.yaml. If these are not added, the container's IP will be used and other Platform Deployments, products will be unable to reach this instance

  6. Customize any additional product configuration (optional) including, Java Opts and filestore.

  7. Start Artifactory using docker-compose commands.

    docker-compose -p rt logs
docker-compose -p rt ps
docker-compose -p rt up -d
docker-compose -p rt down

  8. Access Artifactory from your browser at: http://SERVER_HOSTNAME:8082/ui/. For example, on your local machine: http://localhost:8082/ui/.

  9. Check Artifactory Log.

    docker-compose -p rt logs

    Configuring the Log Rotation of the Console Log

    The console.log file can grow quickly since all services write to it. The installation scripts add a cron job to log rotate the console.log file every hour.

    This is not  done for manual Docker Compose installations. Learn more on how to configure log rotation.

Watch the Screencast

  • No labels
Copyright © 2021 JFrog Ltd.