Single Node Installation
The following installation methods are supported:
Create a JFrog Home directory and move the downloaded installer archive into that directory, for example: Set the JFrog Home environment variable To learn more about the system variable JFROG_HOME , click below. Extract the contents of the compressed archive and move it into the artifactory directory. Run Artifactory as a foreground, background process, or as a service. Run Artifactory as a Process Run Artifactory as a foreground or as daemon process: When running as a foreground process, the console will be locked and the process can be stopped at any time. Manage the process: Run Artifactory as a Service Artifactory is packaged as an archive file with a bundled Tomcat, and a complete install script that can be used to install it as a service running under a custom user. This is currently supported on Linux and Solaris systems. OS User Permissions When running Artifactory as a service, the installation script creates a user called a It is recommended to extract the Artifactory download file into a directory that gives run and execute permissions to all users such as To install Artifactory as a service, browse to the Manage the service: Use If Artifactory is running, you should see its pid , if not, you will see a list of environment variables used by the service. Check Artifactory Log. Configuring the Log Rotation of the Console Log The Linux Archive Installation
mkdir jfrog
mv jfrog-artifactory-<pro|oss|cpp-ce>-<version>-linux.tar.gz jfrog
cd jfrog
export JFROG_HOME=<full path of the jfrog directory>
tar -xvf jfrog-artifactory-<pro|oss|cpp-ce>-<version>-linux.tar.gz
mv artifactory-<pro|oss|cpp-ce>-<version> artifactory
$JFROG_HOME/artifactory/app/bin/artifactoryctl
$JFROG_HOME/artifactory/app/bin/artifactoryctl start
$JFROG_HOME/artifactory/app/bin/artifactoryctl check|stop
rtifactory
which must have run and execute permissions on the installation directory./opt
.$JFROG_HOME/artifactory
/app/bin
directory and execute the following command as root:# USER (optional) - the user you want application to run as (default = artifactory)
# GROUP (optional) - the group with which the application will run as. (default = artifactory)
$JFROG_HOME/artifactory/app/bin/installService.sh [USER [GROUP]]
systemd
or init.d
commands depending on your system. systemctl <start|stop|status> artifactory.service
service artifactory <start|stop|check>
http://SERVER_
HOSTNAME:8082/ui/
. For example, on your local machine: http://localhost:8082/ui/
.tail -f $JFROG_HOME/artifactory/var/log/console.log
console.log
file can grow quickly since all services write to it. Learn more on how to configure the log rotation.
Docker Installation
Create your Artifactory home directory and an empty
system.yaml
file. The user creating the folder should be the user running the docker run.The following steps assume that
$JFROG_HOME
environment variable is created in the system. For the correct location of$JFROG_HOME
, see JFrog Product Directory Structure.mkdir -p $JFROG_HOME/artifactory/var/etc/ cd $JFROG_HOME/artifactory/var/etc/ touch ./system.yaml chown -R 1030:1030 $JFROG_HOME/artifactory/var
Run the following command in addition if you are using Docker on a Mac machine.
chmod -R 777 $JFROG_HOME/artifactory/var
Customize the product configuration (optional) including database, Java Opts, and filestore.
For Docker installations, verify that the host's ID
shared.node.id
and IPshared.node.ip
are added to thesystem.yaml
.
If these are not manually added, they are automatically resolved as the container's IP, meaning other nodes and services will not be able to reach this instance.Start the Artifactory container using the process that is relevant for your system.
docker run --name artifactory -v $JFROG_HOME/artifactory/var/:/var/opt/jfrog/artifactory -d -p 8081:8081 -p 8082:8082 releases-docker.jfrog.io/jfrog/artifactory-pro:latest
docker run --name artifactory -v $JFROG_HOME/artifactory/var/:/var/opt/jfrog/artifactory -d -p 8081:8081 -p 8082:8082 releases-docker.jfrog.io/jfrog/artifactory-oss:latest
docker run --name artifactory -v $JFROG_HOME/artifactory/var/:/var/opt/jfrog/artifactory -d -p 8081:8081 -p 8082:8082 releases-docker.jfrog.io/jfrog/artifactory-cpp-ce:latest
Exposing Multiple Ports
The Docker run command exposes more than one port: 8081 for Artifactory REST APIs and 8082 for all other uses.
Manage Artifactory using native Docker commands.
Examplesdocker ps docker stop artifactory
- Access Artifactory from your browser at:
http://SERVER_ HOSTNAME:8082/ui/
. For example, on your local machine:http://localhost:8082/ui/
. Check the Artifactory log.
docker logs -f artifactory
Configuring the Log Rotation of the Console Log
The
console.log
file can grow quickly since all services write to it. Learn more on how to configure log rotation.In an effort to provide a more secure Artifactory image, Artifactory now uses the Redhat UBI Micro base image. Some of the tools that were available in the Artifactory image are not available in this more secure image. For more information, see JFrog Products Container Base Image .
Docker Compose Installation
Go to the download page, click the green arrow to download Docker Compose. Extract the contents of the compressed archive (.tar.gz file) and then go to the extracted folder.
tar -xvf jfrog-artifactory-<pro|oss|jcr|cpp-ce>-<version>-compose.tar.gz
.env file included within the Docker-Compose archive
This .env file is used by docker-compose and is updated during installations and upgrades.
Notice that some operating systems do not display dot files by default. If you make any changes to the file, remember to backup before an upgrade.
Run the script to setup folders with required ownership. This is an interactive script.
bash ./config.sh
Customize the product configuration (optional) including database, Java Opts, and filestore. Depending on your choices, a selected
docker-compose.yaml
will be available in the extracted folder. However, there are a few docker-compose templates in the directory templates. You can choose any template and copy it to the extracted folder asdocker-compose.yaml
.For Docker installations, verify that the host's ID
shared.node.id
and IPshared.node.ip
are added to thesystem.yaml
.If these are not manually added, they are automatically resolved as the container's IP, meaning other nodes and services will not be able to reach this instance.
Docker for Mac
When you use Docker Compose in Mac,
/etc/localtime
might not work as expected since it might not be a shared location in the docker-for-mac settings.You can remove the following line from the selected
docker-compose.yaml
file to avoid installation issues.
- /etc/localtime:/etc/localtime:ro
Manage Artifactory using native Docker Compose commands,
docker-compose -p rt <action> command
.
Run this command from the extracted folder.Examples# Starting from 7.8.x, PostgreSQL needs to be started before starting the other services. docker-compose -p rt-postgres -f docker-compose-postgres.yaml up -d docker-compose -p rt up -d docker-compose -p rt ps docker-compose -p rt down
- Access Artifactory from your browser at:
http://SERVER_ HOSTNAME:8082/ui/
. For example, on your local machine:http://localhost:8082/ui/
. Check Artifactory Log.
docker-compose -p rt logs
Configuring the Log Rotation of the Console Log
The
console.log
file can grow quickly since all services write to it. This file is not log rotated for Darwin installations. Learn more on how to configure the log rotation.
Docker Compose Installation Using Docker Volumes
Create Docker volumes.
docker volume create --name=artifactory_data docker volume create --name=postgres_data
Extract the contents of the compressed archive and go to the extracted folder.
tar -xvf jfrog-artifactory-<pro|oss|cpp-ce>-<version>-compose.tar.gz
Copy the
docker-compose-volumes.yaml
to the extracted folder.cp templates/docker-compose-volumes.yaml docker-compose.yaml
Add the entries in the
.env
file.
Avoid adding duplicate entries in the.env
file.echo -e "JF_SHARED_NODE_IP=$(hostname -i)" >> .env echo -e "JF_SHARED_NODE_ID=$(hostname -s)" >> .env echo -e "JF_SHARED_NODE_NAME=$(hostname -s)" >> .env
Manage Artifactory using native Docker Compose commands:
docker-compose -p rt <action> command
.
Run this command from the extracted folder.Examplesdocker-compose -p rt up -d docker-compose -p rt ps docker-compose -p rt down
RPM Installation
Install Artifactory as a service on Red Hat compatible Linux distributions, as a root user.
yum install -y jfrog-artifactory-<pro|oss|cpp-ce>-<version>.rpm
- Customize the product configuration (optional) including database, Java Opts, and filestore.
Manage Artifactory using the following commands.
service artifactory start|stop
- Access Artifactory from your browser at:
http://SERVER_ HOSTNAME:8082/ui/
. For example, on your local machine:http://localhost:8082/ui/
. Check Artifactory Log.
tail -F $JFROG_HOME/artifactory/var/log/console.log
Debian Installation
Install Artifactory as a service on compatible Linux distributions, as a root user.
dpkg -i jfrog-artifactory-<pro|oss|cpp-ce>-<version>.deb
- Customize the product configuration (optional) including database, Java Opts, and filestore.
Manage Artifactory using the following commands.
service artifactory start|stop|status
- Access Artifactory from your browser at:
http://SERVER_ HOSTNAME:8082/ui/
. For example, on your local machine:http://localhost:8082/ui/
. Check Artifactory Log.
tail -F $JFROG_HOME/artifactory/var/log/console.log
Helm Installation
JFrog validates compatibility with the core Kubernetes distribution. Since Kubernetes distribution vendors may apply additional logic or hardening (for example, OpenShift and Rancher) JFrog Platform deployment with such platform vendors might not be fully supported.
From Artifactory 7.27.6
From Artifactory 7.27.6, you can use the artifactory chart to install Artifactory in high availability mode as well instead of using the artifactory-ha chart. For more information on Helm HA installation, see Helm HA Installation.
Deploying Artifactory for Small, Medium or Large Installations
The chart directory, includes three values files, one for each installation type–small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. You can find the files in the corresponding chart directory.
Customized Yaml File
When using a customized values.yaml
file, remember to attach a -f
flag to each upgrade command in the file.
Add the https://charts.jfrog.io to your Helm client.
helm repo add jfrog https://charts.jfrog.io
Update the repository.
helm repo update
Create a unique Master Key (Artifactory requires a unique master key) pass it to the template during installation.
Custom Master Key in Production Installations
For production grade installations it is strongly recommended to use a custom master key. If you initially use the default master key it will be very hard to change the master key at a later stage. Therefore, generate a unique key and pass it to the template at install/upgrade time.
# Create a key export MASTER_KEY=$(openssl rand -hex 32) echo ${MASTER_KEY}
Alternatively, you can manually create a secret containing the master key and pass it to the template during installation.
# Create a key export MASTER_KEY=$(openssl rand -hex 32) echo ${MASTER_KEY} # Create a secret containing the key. The key in the secret must be named master-key kubectl create secret generic my-masterkey-secret -n artifactory --from-literal=master-key=${MASTER_KEY}
In either case, make sure to pass the same master key on all future calls to Helm install and Helm upgrade. This means always passing
--set artifactory.masterKey=${MASTER_KEY}
(for the custom master key) or--set artifactory.masterKeySecretName=my-masterkey-secret
(for the manual secret) and verifying that the contents of the secret remain unchanged.Next, create a unique join key: By default the chart has one set in the
values.yaml
(artifactory.joinKey
). However, this key is for demonstration purposes only and should not be used in a production environment. Generate a unique key and pass it to the template during installation.# Create a key export JOIN_KEY=$(openssl rand -hex 32) echo ${JOIN_KEY}
Alternatively, you can manually create a secret containing the join key and pass it to the template during installation.
# Create a key export JOIN_KEY=$(openssl rand -hex 32) echo ${JOIN_KEY} # Create a secret containing the key. The key in the secret must be named join-key kubectl create secret generic my-joinkey-secret -n artifactory --from-literal=join-key=${JOIN_KEY}
In either case, make sure to pass the same join key on all future calls to Helm install and Helm upgrade. This means always passing
--set artifactory.joinKey=${JOIN_KEY}
(for the custom join key) or--set artifactory.joinKeySecretName=my-joinkey-secret
(for the manual secret) and verifying that the contents of the secret remain unchanged.Install the chart with the release name
artifactory
and with master key and join key.
helm upgrade --install artifactory --set artifactory.masterKey=${MASTER_KEY} --set artifactory.joinKey=${JOIN_KEY} --namespace artifactory jfrog/artifactory
If you are using an internal PostgreSQL, it is recommended to change the PostgreSQL password. For more information, see Helm Charts for Advanced Users - Auto-generated Passwords (Internal PostgreSQL).
Connect to Artifactory.
It may take a few minutes for Artifactory's public IP to become available. Follow the instructions that are output by the install command above to get the Artifactory IP to access it. Below you will find a sample instruction of what to look for to pick the URL to reach Artifactory (in the example below, art77 is the release name and art is the namespace).
Congratulations. You have just deployed JFrog Artifactory. 1. Get the Artifactory URL by running these commands: NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch the status of the service by running 'kubectl get svc --namespace art -w art77-artifactory-nginx' export SERVICE_IP=$(kubectl get svc --namespace art art77-artifactory-nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo http://$SERVICE_IP/ 2. Open Artifactory in your browser Default credential for Artifactory: user: admin password: password
To access the logs, find the name of the pod using this command.
kubectl --namespace <your namespace> get pods
To get the container logs, run the following command.
kubectl --namespace <your namespace> logs -f <name of the pod>
Optional Steps
Customize the product configuration including database, Java Opts, and filestore.
Filestore Options
Helm filestore (storage) installations require certain modifications; for more information, see Advanced Storage Options.
Unlike other installations, Helm Chart configurations are made to the
values.yaml
and are then applied to thesystem.yaml
.Follow these steps to apply the configuration changes.
- Make the changes to
values.yaml.
Run the command.
helm upgrade --install artifactory -n artifactory -f values.yaml
- Make the changes to
To configure Artifactory for Helm, you will need to override the default
system.yaml
configuration. For more information, see Overriding the Default System YAML File.By default, Helm deploys Artifactory with PostgreSQL (running in a separate pod). It is possible to deploy Artifactory without PostgreSQL (or any other external database), which will default to the embedded Derby database.
# Disable the default postgresql helm upgrade --install artifactory --set postgresql.enabled=false -n artifactory center/jfrog/artifactory
Mac (Darwin) Installation
The Mac installation can only be used for testing. It is not supported in development, staging or production environments.
Create a JFrog Home directory and move the downloaded installer archive into that directory, for example:
mkdir jfrog mv jfrog-artifactory-<pro|oss|cpp-ce>-<version>-darwin.tar.gz jfrog cd jfrog
Set the JFrog Home environment variable
export JFROG_HOME=<full path of the jfrog directory>
Extract the contents of the compressed archive and move it into artifactory directory.
tar -xvf jfrog-artifactory-<pro|oss|cpp-ce>-<version>-darwin.tar.gz mv artifactory-<pro|oss|cpp-ce>-<version> artifactory chmod -R 777 $JFROG_HOME/artifactory/var
- Customize the product configuration (optional) including database, Java Opts, and filestore.
Run Artifactory as a foreground or a background process.
When running as a foreground process, the console will be locked and the process can be stopped at any time.
Foreground Process$JFROG_HOME/artifactory/app/bin/artifactoryctl
Daemon Process$JFROG_HOME/artifactory/app/bin/artifactoryctl start
Manage the process.
$JFROG_HOME/artifactory/app/bin/artifactoryctl check|stop
- Access Artifactory from your browser at:
http://SERVER_ HOSTNAME:8082/ui/
. For example, on your local machine:http://localhost:8082/ui/
. Check Artifactory Log.
tail -f $JFROG_HOME/artifactory/var/log/console.log
Configuring the Log Rotation of the Console Log
The
console.log
file can grow quickly since all services write to it. This file is not log rotated for Darwin installations. Learn more on how to configure log rotation.
Windows Installation
Create a JFrog Home directory and move the downloaded installer archive into that directory, for example:
mkdir jfrog move jfrog-artifactory-<pro|oss|cpp-ce>-<version>-windows.zip jfrog cd jfrog
Set the JFrog Home environment variable
set JFROG_HOME=<full path of the jfrog directory>
Extract the contents of the compressed archive and go to the extracted folder. Define the path to this folder as an environment variable called
JFROG_HOME
.# Extract jfrog-artifactory-<pro|oss|cpp-ce>-<version>-windows.zip into jfrog folder move artifactory-<pro|oss|cpp-ce>-<version> artifactory
Install Artifactory manually or as a service.
Manual Installation
Browse to%JFROG_HOME%\artifactory\app\bin
and execute the fileartifactory.bat
.Security settings
Depending on the security settings under Windows, you might need to run
artifactory.bat
using 'Run as administrator'Service Installation
Browse to%JFROG_HOME%\artifactory\app\bin
, and execute the fileInstallService.bat
.Security
Windows 8 implements strict User Account Control (UAC). You must either disable UAC or right-click on
cmd.exe
and select "Run as administrator" in order to run this script.Firewall Alerts for first time Artifactory Windows Installation
When starting Artifactory, you may get some firewall exception messages. Please select private networks and allow access to continue working.
- Customize the product configuration (optional) including database, Java Opts, and filestore.
Manage Artifactory using the following commands, in a Command Prompt window.
sc start|stop|query artifactory
Check Artifactory Log in the
%JFROG_HOME%\artifactory\var\log\artifactory-service.log
file.
HA Installation
The following describes how to set up an Artifactory HA cluster with more than one node. For more information about HA, see JFrog High Availability.
HA versions before Artifactory 7.17.4 support using primary and secondary nodes.
Prerequisites
All nodes within the same Artifactory HA installation must be running the same Artifactory version.
Database
Artifactory HA requires an external database, and currently supports the following databases: PostgreSQL, Oracle, MySQL, and MS SQL.
Make sure you have completed setting up your external database before proceeding to install the cluster nodes. The database connection details are used for each node installation.
Licensing
Artifactory HA is supported with an Enterprise License. Each node in the cluster must be activated with a different license.
Before adding any additional node, please add each additional node's license using the node that is already running.
Load Balancer
Artifactory HA requires a dedicated Load Balancer . The load balancer should be installed once all of the cluster nodes are up and running. It is the responsibility of your organization to manage and configure it correctly.
Network
- All the Artifactory HA components (Artifactory cluster nodes, database server and load balancer) must be within the same fast LAN.
- All the HA nodes must communicate with each other through dedicated TCP ports.
- Network communications between the cluster nodes must be enabled for each of the nodes.
The following installation methods are supported:
- Linux Archive / Docker / RPM / Debian / Windows HA Installation
- Docker Compose HA Installation
- Helm HA Installation
HA is not supported for Mac (Darwin) installation
Linux Archive/Docker/RPM/Debian/Windows HA Installation
- Install the cluster nodes according to the single node installation. Important: make sure not to start Artifactory.
Configure the
system.yaml
file with the database and node configuration details. For example:
Node system.yamlshared: database: driver: org.postgresql.Driver password: password type: postgresql url: "jdbc:postgresql://<your db url, for example: localhost:5432>/artifactory" username: artifactory node: haEnabled: true taskAffinity: any
Optional: You can now configure the
binarystore.xml
in$JFROG_HOME/artifactory
/
var/etc/artifactory<config version="2"> <chain template="cluster-file-system"/> </config>
Start the node.
service artifactory start
Docker$ docker run --name artifactory -v $JFROG_HOME/artifactory/var/:/var -d -p 8081:8081 -p 8082:8082 releases-docker.jfrog.io/jfrog/artifactory-<pro|oss|cpp-ce>:latest
Windowssc start artifactory
For a node to join a cluster, the nodes must have the same database configuration and the Master Key.
- Install the additional nodes following the steps above.
- Copy the
master.key
from the first node to the additional nodes located at $JFROG_HOME/artifactory/var/etc/security/master.key.
Start the additional nodes.
- Check the Artifactory log.
Node ID and IP
For Docker installations, verify that the host's ID shared.node.id
and IP shared.node.ip
are added to the system.yaml
.
If these are not manually added, they are automatically resolved as the container's hostname and IP, meaning other nodes and services will not be able to reach this instance.
shared: node: id: "MyNodeID" ip: "10.1.2.3"
Installing a Non-Management Node
By default, all Artifactory nodes in a cluster are installed as equal nodes, meaning they can be be used to manage the cluster. You also have the option of installing a node that does not have management capabilities.
In this case, you will need to set the system.yaml
parameter task
Affinity
to none.
shared: database: driver: org.postgresql.Driver password: password type: postgresql url: "jdbc:postgresql://<your db url, for example: localhost:5432>/artifactory" username: artifactory node: haEnabled: true taskAffinity: none
Docker Compose HA Installation
Use the Docker Compose script with the following commands to easily set up your HA instance. Make sure to install the database and each Artifactory cluster node on different nodes.
Go to the download page, click the green arrow to download Docker Compose. Extract the contents of the compressed archive (.tar.gz file) and then go to the extracted folder.
tar -xvf jfrog-artifactory-<pro|oss|cpp-ce>-<version>-compose.tar.gz
.env file included within the Docker-Compose archive
This .env file is used by docker-compose and is updated during installations and upgrades.
Notice that some operating systems do not display dot files by default. If you make any changes to the file, remember to backup before an upgrade.
Run the
config.sh
script to setup folders with required ownership. This is an interactive script.bash ./config.sh
Configure the
system.yaml
file with the node's configuration details.Node system.yamlshared: node: haEnabled: true taskAffinity: any
- Customize any additional product configuration (optional) including, Java Opts and filestore.
Start Artifactory using docker-compose commands.
Run this command only from the extracted folder.# Starting from 7.8.x, PostgreSQL needs to be started before starting the other services. docker-compose -p rt-postgres -f docker-compose-postgres.yaml up -d docker-compose -p rt up -d docker-compose -p rt ps docker-compose -p rt down
Access Artifactory from your browser at:
http://SERVER_ HOSTNAME/ui/
. For example, on your local machine:http://localhost/ui/
.
For a node to join a cluster, the nodes must have the same database configuration and the Master Key.- Install the additional nodes following the steps above.
- Copy the
master.key
from the first node to the additional nodes located at $JFROG_HOME/artifactory/var/etc/security/master.key.
Start the additional nodes.
Check the Artifactory log.
docker-compose -p rt logs
Node ID and IP
For Docker installations, verify that the host's ID
shared.node.id
and IP shared.node.ip
are added to the system.yaml
.
If these are not manually added, they are automatically resolved as the container's hostname and IP, meaning other nodes and services will not be able to reach this instance.
shared: node: id: "MyNodeID" ip: "10.1.2.3"
Installing a Non-Management Node
By default, all Artifactory nodes in a cluster are installed as equal nodes, meaning they can be be used to manage the cluster. You also have the option of installing a node that does not have management capabilities.
In this case, you will need to set the system.yaml
parameter task
Affinity
to none.
shared: database: driver: org.postgresql.Driver password: password type: postgresql url: "jdbc:postgresql://<your db url, for example: localhost:5432>/artifactory" username: artifactory node: haEnabled: true taskAffinity: none
Helm HA Installation
Installing HA from Artifactory 7.27.6 and Above
From Artifactory 7.27.6, you can use the artifactory chart to install an Artifactory HA cluster. Prior to version 7.27.6, you need to use the artifactory-ha chart to install an Artifactory HA cluster. You can still use the artifactory-ha chart.
You can use the artifactory chart or the artifactory-ha chart to install Artifactory HA.
Important
Currently, it is not possible to connect a JFrog product (like Xray) that is within a Kubernetes cluster with another JFrog product (e.g., Artifactory) that is outside of the cluster, as this is considered a separate network. Therefore, JFrog products cannot be joined together if one of them is in a cluster.
Deploying Artifactory for Small, Medium or Large Installations
The chart directory, includes three values files, one for each installation type–small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. You can find the files in the corresponding chart directory.
Helm HA Installation Using Artifactory Chart
Add https://charts.jfrog.io to your Helm client.
helm repo add jfrog https://charts.jfrog.io
Create a unique Master Key (Artifactory requires a unique master key) pass it to the template during installation.
Custom Master Key in Production Installations
For production grade installations it is strongly recommended to use a custom master key. If you initially use the default master key it will be very hard to change the master key at a later stage. Therefore, generate a unique key and pass it to the template at install/upgrade time.
# Create a key export MASTER_KEY=$(openssl rand -hex 32) echo ${MASTER_KEY}
Alternatively, you can create a secret containing the master key manually and pass it to the template during installation.
# Create a secret containing the key. The key in the secret must be named master-key kubectl create secret generic my-masterkey-secret -n artifactory --from-literal=master-key=${MASTER_KEY}
In either case, make sure to pass the same master key on all future calls to Helm install and Helm upgrade. This means always passing
--set artifactory.masterKey=${MASTER_KEY}
(for the custom master key) or--set artifactory.masterKeySecretName=my-masterkey-secret
(for the manual secret) and verifying that the contents of the secret remain unchanged.Next, create a unique join key: By default the chart has one set in the
values.yaml
(artifactory.joinKey
). However, this key is for demonstration purposes only and should not be used in a production environment. Generate a unique key and pass it to the template during installation.# Create a key export JOIN_KEY=$(openssl rand -hex 32) echo ${JOIN_KEY}
Alternatively, you can manually create a secret containing the join key and pass it to the template during installation.
# Create a key export JOIN_KEY=$(openssl rand -hex 32) echo ${JOIN_KEY} # Create a secret containing the key. The key in the secret must be named join-key kubectl create secret generic my-joinkey-secret -n artifactory --from-literal=join-key=${JOIN_KEY}
In either case, make sure to pass the same join key on all future calls to Helm install and Helm upgrade. This means always passing
--set artifactory.joinKey=${JOIN_KEY}
(for the custom join key) or--set artifactory.joinKeySecretName=my-joinkey-secret
(for the manual secret) and verifying that the contents of the secret remain unchanged.Update the repository.
helm repo update
Install the chart with the release name
artifactory
and with the master key and join key.helm upgrade --install artifactory --set artifactory.replicaCount=3 --set artifactory.masterKey=${MASTER_KEY} --set artifactory.joinKey=${JOIN_KEY} --namespace artifactory jfrog/artifactory
The parameter
replicaCount
decides the number of pods with Artifactory. You can set the replica count to a value for than or equal to 2. We recommend that you provide the value as 3.If you are using an internal PostgreSQL, it is recommended to change the PostgreSQL password. For more information, see Helm Charts for Advanced Users - Auto-generated Passwords (Internal PostgreSQL).
Connect to Artifactory.
It might take a few minutes for Artifactory's public IP to become available. Follow the instructions that are output by the install command above to get the Artifactory IP to access it. Below you will find a sample instruction of what to look for to pick the URL to reach Artifactory (in the example below, art77 is the release name and art is the namespace).
Congratulations. You have just deployed JFrog Artifactory HA. SETUP: 1. Get the Artifactory IP and URL NOTE: It may take a few minutes for the LoadBalancer public IP to be available! You can watch the status of the service by running 'kubectl get svc -w artha77-nginx' export SERVICE_IP=$(kubectl get svc --namespace art artha77-nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo http://$SERVICE_IP/ 2. Open Artifactory in your browser Default credential for Artifactory: user: admin password: password
Install the Artifactory HA license using one of three methods: REST API, Artifactory UI, or a Kubernetes Secret. For more information, click the link below.
To access the logs, find the name of the pod using this command.
kubectl --namespace <your namespace> get pods
To get the container logs, run the following command.
kubectl --namespace <your namespace> logs -f <name of the pod>
Optional steps
Customize the product configuration (optional) including database, Java Opts, and filestore.
Filestore Options
Helm filestore (storage) installations require certain modifications; for more information, see Advanced Storage Options.
Unlike other installations, Helm Chart configurations are made to the
values.yaml
and are then applied to thesystem.yaml
.Follow these steps to apply the configuration changes.
- Make the changes to
values.yaml.
Run the command.
helm upgrade --install artifactory --namespace artifactory -f values.yaml
Alert: Use a PVC when Using an External Blob Storage
When using external blob storage (for example, AWS S3, Azure blob storage, or Google storage), there is still a need to persist temporary eventual storage in a PVC (Persistent Volume Claims) in cases of loss of connection to the external storage or if the Artifactory pod crashes.
Avoiding the usage of a PVC can lead to data loss in case of unplanned pod termination.
- Make the changes to
To configure Artifactory for Helm, you will need to override the default
system.yaml
configuration. For more information, see Overriding the Default System YAML File.By default, Helm deploys Artifactory with PostgreSQL (running in a separate pod). It is possible to deploy Artifactory without PostgreSQL (or any other external database), which will default to the embedded Derby database.
# Disable the default postgresql helm upgrade --install artifactory --set replicaCount=3 postgresql.enabled=false --namespace artifactory center/jfrog/artifactory
Helm HA Installation Using artifactory-ha Chart
Installing HA from Artifactory 7.17.4 and Above
Prior to version 7.17.4, the Artifactory HA cluster in the chart was comprised of a single primary node and two m ember nodes. The cluster could be resized as needed (this was based on changing the number of member nodes), and l oad balancing was done to the member nodes only. This left the primary node free to handle jobs and tasks and to not be interrupted by inbound traffic.
From version 7.17.4 and above, the Artifactory HA cluster can be full HA with all nodes designated as primary nodes. In this case, the basic HA installation will create t hree primary nodes and 0 member nodes. To create this HA cluster, set the parameters artifactory.primary.replicaCount=3
and artifactory.node.replicaCount=0
in the values.yaml
file. This indicates that the primary nodes (any one of the nodes) will be able to handle l oad balancing, jobs, and tasks.
Add https://charts.jfrog.io to your Helm client.
helm repo add jfrog https://charts.jfrog.io
Create a unique Master Key (Artifactory requires a unique master key) pass it to the template during installation.
Custom Master Key in Production Installations
For production grade installations it is strongly recommended to use a custom master key. If you initially use the default master key it will be very hard to change the master key at a later stage. Therefore, generate a unique key and pass it to the template at install/upgrade time.
# Create a key export MASTER_KEY=$(openssl rand -hex 32) echo ${MASTER_KEY}
Alternatively, you can create a secret containing the master key manually and pass it to the template during installation.
# Create a secret containing the key. The key in the secret must be named master-key kubectl create secret generic my-masterkey-secret -n artifactory-ha --from-literal=master-key=${MASTER_KEY}
In either case, make sure to pass the same master key on all future calls to Helm install and Helm upgrade. This means always passing
--set artifactory.masterKey=${MASTER_KEY}
(for the custom master key) or--set artifactory.masterKeySecretName=my-masterkey-secret
(for the manual secret) and verifying that the contents of the secret remain unchanged.Next, create a unique join key: By default the chart has one set in the
values.yaml
(artifactory.joinKey
). However, this key is for demonstration purposes only and should not be used in a production environment. Generate a unique key and pass it to the template during installation.# Create a key export JOIN_KEY=$(openssl rand -hex 32) echo ${JOIN_KEY}
Alternatively, you can manually create a secret containing the join key and pass it to the template during installation.
# Create a key export JOIN_KEY=$(openssl rand -hex 32) echo ${JOIN_KEY} # Create a secret containing the key. The key in the secret must be named join-key kubectl create secret generic my-joinkey-secret -n artifactory-ha --from-literal=join-key=${JOIN_KEY}
In either case, make sure to pass the same join key on all future calls to Helm install and Helm upgrade. This means always passing
--set artifactory.joinKey=${JOIN_KEY}
(for the custom join key) or--set artifactory.joinKeySecretName=my-joinkey-secret
(for the manual secret) and verifying that the contents of the secret remain unchanged.Update the repository.
helm repo update
Install the chart with the release name
artifactory-ha
and with the master key and join key.helm upgrade --install artifactory-ha --set artifactory.masterKey=${MASTER_KEY} --set artifactory.joinKey=${JOIN_KEY} --namespace artifactory-ha jfrog/artifactory-ha
If you are using an internal PostgreSQL, it is recommended to change the PostgreSQL password. For more information, see Helm Charts for Advanced Users - Auto-generated Passwords (Internal PostgreSQL).
Connect to Artifactory.
It might take a few minutes for Artifactory's public IP to become available. Follow the instructions that are output by the install command above to get the Artifactory IP to access it. Below you will find a sample instruction of what to look for to pick the URL to reach Artifactory (in the example below, art77 is the release name and art is the namespace).
Congratulations. You have just deployed JFrog Artifactory HA. SETUP: 1. Get the Artifactory IP and URL NOTE: It may take a few minutes for the LoadBalancer public IP to be available! You can watch the status of the service by running 'kubectl get svc -w artha77-nginx' export SERVICE_IP=$(kubectl get svc --namespace art artha77-nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo http://$SERVICE_IP/ 2. Open Artifactory in your browser Default credential for Artifactory: user: admin password: password
Install the Artifactory HA license using one of three methods: REST API, Artifactory UI, or a Kubernetes Secret. For more information, click the link below.
To access the logs, find the name of the pod using this command.
kubectl --namespace <your namespace> get pods
To get the container logs, run the following command.
kubectl --namespace <your namespace> logs -f <name of the pod>
Optional steps
Customize the product configuration (optional) including database, Java Opts, and filestore.
Filestore Options
Helm filestore (storage) installations require certain modifications; for more information, see Advanced Storage Options.
Unlike other installations, Helm Chart configurations are made to the
values.yaml
and are then applied to thesystem.yaml
.Follow these steps to apply the configuration changes.
- Make the changes to
values.yaml.
Run the command.
helm upgrade --install artifactory-ha --namespace artifactory-ha -f values.yaml
Alert: Use a PVC when Using an External Blob Storage
When using external blob storage (for example, AWS S3, Azure blob storage, or Google storage), there is still a need to persist temporary eventual storage in a PVC (Persistent Volume Claims) in cases of loss of connection to the external storage or if the Artifactory pod crashes.
Avoiding the usage of a PVC can lead to data loss in case of unplanned pod termination.
- Make the changes to
To configure Artifactory for Helm, you will need to override the default
system.yaml
configuration. For more information, see Overriding the Default System YAML File.By default, Helm deploys Artifactory with PostgreSQL (running in a separate pod). It is possible to deploy Artifactory without PostgreSQL (or any other external database), which will default to the embedded Derby database.
# Disable the default postgresql helm upgrade --install artifactory-ha --set postgresql.enabled=false --namespace artifactory-ha center/jfrog/artifactory-ha
Adding Licenses
Add licenses according to your license type:
License Key
Option 1: Copy the
artifactory.cluster.license
file to the first node's configuration directory.cp artifactory.cluster.license $JFROG_HOME/artifactory/var/etc/artifactory/
This can also be done once you start Artifactory using:
Option 2: License Management in the UI
Option 3: Install License REST API
Specifying multiple licenses
Whether in the Artifactory UI, using the REST API or in the artifactory.cluster.license
file, make sure that the licenses are separated by a newline.
License Bucket
Applying a license bucket requires installing JFrog Mission Control. To apply the license bucket:
- Complete configuring and starting the first node (steps 4 and 5)
- Install JFrog Mission Control
Post-Installation Steps
Once the installation is complete, you will need to validate these items:
- Change the default admin password . The default user will have the following credentials predefined in the system:
- User: admin, Password: password
- Make sure you have applied your licenses
- Continue to configure the system using the Administration guide
- Configure a reverse proxy (optional for Docker Registry)
- You can run Artifactory with one of the supported HTTP servers set up as a front end of each node.
Product Configuration
After installing and before running Artifactory, you may set the following configurations:
System YAML Configuration File
Where to find system.yaml?
You can configure all your system settings using the
system.yaml
file located in the$JFROG_HOME
/artifactory/var/etc
folder. For more information, see Artifactory YAML Configuration.If you don't have a System YAML file in your folder, copy the template available in the folder and name it
system.yaml
.For the Helm charts, the
system.yaml
file is managed in the chart’svalues.yaml.
Database
Artifactory comes with an embedded Derby Database out-of-the-box. If you're planning to use it in production, it is highly recommended to first Configure the Database, and then start Artifactory.Customize Java Opts (optional)
Remember to modify your JVM Parameters as needed by settingJAVA_OPTIONS
in Shared Configurations . The property to pass extra Java opts isartifactory.extraJavaOpts
. It is highly recommended to set your Java memory parameters as follows:The larger your repository or number of concurrent users, the larger you need to make the -Xms and -Xmx values accordingly. If you can reserve at least 512MB for Artifactory, the recommended minimal values are:
-server -Xms512m -Xmx2g -Xss256k -XX:+UseG1GC
For more recommendations about your hardware configuration (especially the -Xmx parameter), see System Requirements
- Additional Settings
These include: customizing ports, joinKey (join.key), masterKey (master.key). - Configuring the Filestore
By default, Artifactory is configured to use the local file system as its filestore. Artifactory supports a variety of additional filestore configurations to meet a variety of needs for binary storage providers, storage size and redundancy.
Enabling TLS 1.0 and 1.1 for Connectivity with Older Databases
Artifactory version 7.25.2 onwards includes OpenJDK version 11.0.11 and later. TLS 1.0 and TLS 1.1 are disabled by default from OpenJDK 11.0.11 onwards. If your database version does not support TLS 1.2, the Artifactory startup fails.
If you are unable to upgrade your database to a version that supports TLS 1.2 or later, perform the following steps to run Artifactory:
Download the java.security file that has TLS 1.0 and 1.1 enabled.
Create the directory,
${JFROG_HOME}/artifactory/var/bootstrap/artifactory/java
.mkdir -p ${JFROG_HOME}/artifactory/var/bootstrap/artifactory/java
- Copy the java.security file into
${JFROG_HOME}/artifactory/var/bootstrap/artifactory/java.
Provide the appropriate permissions to the directory.
chmod 755 ${JFROG_HOME}/artifactory/var/bootstrap/artifactory/java/java.security
Artifactory startup takes a backup of the existing java.security file and bootstraps custom java.security into the
${JFROG_HOME}/artifactory/app/third-party/java/conf/security
folder.
Configuring Java Security File for Helm Installations
Create the following local directory.
mkdir -p java/configmap
Download the java.security file that has TLS 1.0 and 1.1 enabled.
- Copy the java.security file to
java/configmap
. Run the following command to create a custom config map. For more information, see Using Config Maps.
kubectl create configmap java-security-config --from-file=java/configmap/java.security
Pass the following custom config map to your Helm install. For more information, see Using Config Maps.
artifactory: preStartCommand: "mkdir -p /opt/jfrog/artifactory/var/bootstrap/artifactory/java && cp -Lrf /tmp/java/* /opt/jfrog/artifactory/var/bootstrap/artifactory/java/" customVolumes: | - name: java-security-config configMap: name: java-security-config customVolumeMounts: | - name: java-security-config mountPath: /tmp/java/java.security subPath: java.security
For Advanced Users
Linux Archive
Install Script Commands
The following are the s equence of commands performed by the Linux Archive install script.
User creation |
To change the default user, edit the shared When running the service with a different user, make sure to update the shared.user and the shared |
artifactory default |
To modify your JVM parameters , modify the |
systemd or init |
|
Tomcat Preparation |
|
chkconfig calls |
|
Set ownership |
|
Manual Docker Compose Installation
Go to the download page, click the green arrow to download Docker Compose. Extract the contents of the compressed archive (.tar.gz file) and then go to the extracted folder.
tar -xvf jfrog-artifactory-<pro|oss|cpp-ce>-<version>-compose.tar.gz
.env file included within the Docker-Compose archive
This .env file is used by docker-compose and is updated during installations and upgrades.
Notice that some operating systems do not display dot files by default. If you've made any changes to the file, remember to backup before an upgrade.
Create the following folder structure under
$JFROG_HOME/artifactory
-- [1030 1030 ] var |-- [1030 1030 ] data | |-- [104 107] nginx - Necessary if you want to add nginx | `-- [999 999] postgres - Necessary if you want to add postgres |-- [1030 1030 ] etc
Enter the following commands in order so that you can set the ownership correctly.
chown -R 1030:1030 $JFROG_HOME/artifactory/var chown -R 1030:1030 $JFROG_HOME/artifactory/var/data chown -R 1030:1030 $JFROG_HOME/artifactory/var/etc chown -R 104:107 $JFROG_HOME/artifactory/var/data/nginx chown -R 999:999 $JFROG_HOME/artifactory/var/data/postgres
Copy the appropriate docker-compose templates from the templates folder to the extracted folder. Rename it as
docker-compose.yaml
Requirement Template Artifactory + Derby (inbuilt database) docker-compose.yaml
Artifactory + Postgres docker-compose-postgres.yaml
Artifactory + Nginx docker-compose-nginx.yaml
Update the .env file with the Installation directory.
ROOT_DATA_DIR=$JFROG_HOME/artifactory ##Enter the exact value of $JFROG_HOME. For example, /root/.jfrog.
- Customize the product configuration.
- Customize the PostgreSQL Database connection details. (optional)
Set any additional configurations (for example: ports, node id) using the Artifactory
system.yaml
configuration file .Ensure the host's ID "shared.node.id" and IP "shared.node.ip" are added to the
system.yaml
. If these are not added, the container's IP will be used and other Platform Deployments, products will be unable to reach this instance
- Customize the product configuration (optional) including, Java Opts and filestore.
Start Artifactory using docker-compose commands.
docker-compose -p rt logs docker-compose -p rt ps docker-compose -p rt up -d docker-compose -p rt down
Access Artifactory from your browser at:
http://SERVER_HOSTNAME:8082/ui/
. For example, on your local machine:http://localhost:8082/ui/
.Check Artifactory Log.
docker-compose -p rt logs
Configuring the Log Rotation of the Console Log
The
console.log
file can grow quickly since all services write to it. The installation scripts add a cron job to log rotate theconsole.log
file every hour.This is not done for manual Docker Compose installations. Learn more on how to configure log rotation .