Installing Mission Control

JFrog Installation & Setup Documentation

Content Type
Installation & Setup
ft:sourceType
Paligo

Subscription Information

This feature is supported on the Self-Hosted platform, with an Enterprise X or Enterprise+ license.

Overview

This page provides a guide for the different ways you can install and configure JFrog Mission Control, single node and high availability. Additional information on high availability can be found here.

Mission Control is Moving to Artifactory as a Service

From JFrog Artifactory version 7.27.3, Mission Control has been integrated directly into Artifactory as a service. You no longer need to install Mission Control to use the features it provides. You must enable the service in Artifactory through the Artifactory system YAML file. The metrics capabilities that were provided Mission Control will now be provided through JFrog Insight. To learn more about how to install Insight, see Installing Insight.

To learn more about how Mission Control has been integrated into Artifactory and to migrate to Mission Control microservice, see Migrating Platform Deployments and License Buckets.

You must install JFrog Insights to use trends and charts after you migrate to Mission Control microservice. For more information, see Migrating from Mission Control to Insight.

You can still install Mission Control with Artifactory version 7.27.3 and later, until the end-of-life of Mission Control as a standalone product. Mission Control will continue to receive critical fixes and security updates.

Before You Begin

Note

When installing Mission Control, you must run the installation as a root user or provide sudo access to a non-root user.

Admin Permissions

You will need to have admin permissions on the installation machine in the following cases

  • Native installer - always requires admin permissions

  • Archive installer - requires admin permissions only during installation

  • Docker installer - does not require admin permissions

Note

Use a dedicated server for Mission Control with no other software running to alleviate performance bottlenecks, avoid port conflicts, and avoid setting uncommon configurations.

Supported Platforms for Mission Control

Debian

Centos

RHEL

Ubuntu

Windows Server

Helm Charts

SLES

8.x, 9.x, 10.x

7.x, 8.x

7.x, 8.x

16.04, 18.04, 20.04

2.x, 3.x

12 SP 5

Mission Control Requirements

Version 4.0 to 4.7.x

  • Min requirements. Assuming running with an external database.

  • Actual values may change based on the amount of data in your application.

  • You can install and use Mission Control only if you use an Artifactory 7.26.0 or lower.

  • Mission Control functionality has been integrated into Artifactory and from Artifactory 7.27.3 and later

Processor

Memory

Storage

External Network Port

Internal Network Ports (default)

Databases/Third Party Applications

4 cores

12 GB

100 GB

  • 8082

  • 8080 for Mission Control Server

  • 8085 for Scheduler

  • 8087 for Executor

    (Obsolete from Mission Control version 4.5 and above)

  • 8087 for Insights

  • 9200 for Elasticsearch (if bundled)

  • 5432 for PostgreSQL (if bundled)

  • 8082, 8046, 8047 and 8049 for the Router

Required:

PostgreSQL:

  • 9.5 (EOL)

  • 9.6 (EOL soon)

  • 10.x

  • 11.x

  • 12.x

  • 13.x

Elasticsearch 6.6.x

(for Mission Control versions 4.0 and 4.2)

Elasticsearch 7.6.1

(for Mission Control versions 4.3.2 to 4.5.0)

Elasticsearch 7.8.0 and 7.8.1 (for Mission Control version 4.6.0)

Elasticsearch 7.10.2. (for Mission Control version 4.7.0 to 4.7.7)

Elasticsearch 7.12.1. (for Mission Control version 4.7.8)

Elasticsearch 7.14.1. (for Mission Control version 4.7.15)

System Architecture

To learn about the JFrog Platform Deployment, see System Architecture.

Installing Mission Control

Before installing Mission Control 4.x, you must first install JFrog Artifactory 7.x.

Single Node Installation

The following installation methods are supported:

Interactive Script Installation (recommended)

All install types are supported, including: Docker Compose, Linux Archive, RPM, and Debian.

The installer script provides you an interactive way to install Mission Control and its dependencies. All install types are supported. This installer should be used for Docker Compose.

  1. Download Mission Control.

  2. Extract the contents of the compressed archive and go to the extracted folder.

    OS user permissions for Linux archive

    When running Mission Control, the installation script creates a user called jfmc by defaultwhich must have run and execute permissions on the installation directory.

    It is recommended to extract the Mission Control download file into a directory that gives run and execute permissions to all users such as /opt.

    Linux archive

    .env file included within the Docker-Compose archive

    This .env file is used by docker-compose and is updated during installations and upgrades.

    Notice that some operating systems do not display dot files by default. If you've made any changes to the file, remember to backup before an upgrade.

  3. Run the installer script.

    Note

    The script prompts you with a series of mandatory inputs, including the jfrogURL (custom base URL) and joinKey. Enter N when the script prompts you whether or not to join a cluster. Enter Yes only if you are adding secondary Mission Control nodes to a cluster.

    Docker Compose RPM/DEB

    Prerequisites for Linux archive

    Refer prerequisites for Mission Control in Linux Archive before running install script.

    Linux archive

  4. Validate and customize the product configuration (optional), including the third party dependencies connection details and ports.

  5. Start and manage the Mission Control service.

    systemd OS systemv Docker Compose

    Note

    You can install and manage Mission Control as a service in a Linux archive installation. Refer start Mission Control section under Linux Archive Manual Installation for more details.

    Linux archive

  6. Access Mission Control from your browser at: http://<jfrogUrl>/ui/and go to the Dashboard tab in the Application module in the UI.

  7. Check the Mission Control log.

    Configuring the Log Rotation of the Console Log

    The console.log file can grow quickly since all services write to it. This file is not log rotated for Darwin installations. Learn more on how to configure the log rotation.Logging

Manual Linux Archive Installation
  1. Download Mission Control.

  2. Extract the contents of the compressed archive under JFROG_HOME and move it into mc directory.

  3. Install PostgreSQL by following the steps detailed in Installing PostgreSQL.

    Note

    PostgreSQL is required and must be installed before continuing with the next installation steps. Set your PostgreSQL connection details in the Shared Configurations section of the $JFROG_HOME/mc/var/etc/system.yaml file.

  4. Prepare for the Elasticsearch installation by increasing the map count. For more information, see the Elastic Search documentation.

    Note

    To make this change permanent, remember to update the vm.max_map_count setting in /etc/sysctl.conf.

  5. Install Elasticsearch. Instructions to install Elasticsearch are available here.

    You can install the package available at <JFROG_HOME>/mc/app/third-party/elasticsearch/elasticsearch-oss-<version>.tar.gz or you can download a compatible version of Elasticsearch from this page.

    1. Install Search Guard. The Search Guard package can be located in the extracted contents at <JFROG_HOME>/m c/app/third-party/elasticsearch/search-guard-<version>.tar.gz. For installation steps, refer to the Search Guard documentation.

      Important

      You must install the Search Guard plugin to ensure secure communication with Elasticsearch.

      1. Add an admin user to Search Guard, to ensure authenticated communication with Elasticsearch.

        The Search Guard configuration accepts a hashed password. Use the following command to generate the hash for the password.

      2. Prepare the configuration snippet to add a new(admin) user with the hashed password obtained from previous step.

      3. Paste the above snippet to the end of this file “sg_internal_users.yml” located at <JFROG_HOME>/mc/app/third-party/elasticsearch/elasticsearch-<version>/plugins/search-guard-7/sgconfig/.

    2. Enable the anonymous access to_cluster/health endpoint. This is required to check the health of Elasticsearch cluster.

      Enable the anonymous auth in this filesg_config.yml at <JFROG_HOME>/mc/app/third-party/elasticsearch/elasticsearch-<version>/plugins/search-guard-7/sgconfig/.

    3. Map the anonymous usersg_anonymous to the backend role "sg_anonymous_backendrole" in this file "sg_roles_mapping.yml" at <JFROG_HOME>/mc/app/third-party/elasticsearch/elasticsearch-<version>/plugins/search-guard-7/sgconfig/.

    4. Add the following snippet to the end of this filesg_roles.yml located at <JFROG_HOME>/mc/app/third-party/elasticsearch/elasticsearch-<version>/plugins/search-guard-7/sgconfig/.

  6. Add the following in the shared section of$JFROG_HOME/mc/var/etc/system. yaml file. Refer to Shared Configurations section.

    Warning

    You must set the value of external as true under Elasticsearch configuration in the system.yaml file even if you install Elasticsearch in the same machine as Mission Control.

    Note

    If you use Amazon Elasticsearch Service, enter the following in the shared section of the YAML file.

    If you use the Amazon Elasticsearch Service, you must log in to the service using your Amazon AWS credentials.

  7. Start PostgreSQL and Elasticsearch.

  8. Customize the product configuration.

    1. Set the Artifactory connection details.

    2. Customize the PostgreSQL Database connection details (optional).

    3. Set any additional configurations (for example: ports, node id) using the Mission Control System YAML.

  9. Start and manage the Mission Control service as the user who extracted the tar.

    As a process

    Daemon Process

    Manage the process.

    As a service, Mission Control is packaged as an archive file and an install script that can be used to install it as a service running under a custom user. Currently supported on Linux systems.

    OS User Permissions

    When running Mission Control as a service, the installation script creates a user called jfmc (by default)which must have run and execute permissions on the installation directory.

    It is recommended to extract the Mission Control download file into a directory that gives run and execute permissions to all users such as /opt.

    To install Mission Control as a service, execute the following command as root:

    Note

    User and group can be passed through <JFROG_HOME>/mc/var/etc/system.yaml as shared.user and shared.group. This takes precedence over values passed through command line on install.

    The user and group will be stored in the <JFROG_HOME>/mc/var/etc/system.yamlat the end of the installation.

    To manage the service, use the systemd or init.dcommands depending on your system.

    Using systemd Using init.d

  10. Access Mission Control from your browser at:http://<jfrogUrl>/ui/and go to theDashboard tab in theApplicationmodule in the UI

  11. Check the Mission Control log.

Manual RPM Installation

The RPM installation bundles Mission Control and all its dependencies. It is provided as native RPM packages, where Mission Control and its dependencies must be installed separately. Use this, if you are automating installations.

  1. Download Mission Control.

  2. Extract the contents of the compressed archive, and go to the extracted folder:

  3. Install Mission Control. You must run as a root user.

  4. Install PostgreSQL and start the PostgreSQL service.

    Note

    PostgreSQL is required and must be installed before continuing with the next installation steps.

    Set your PostgreSQL connection details in the Shared Configurations section of the $JFROG_HOME/mc/var/etc/system.yaml file.

  5. Install Elasticsearch. Instructions to install Elasticsearch are available here.

    You can install the package available at jfrog-mc-<version>-rpm /third-party/elasticsearch/elasticsearch-oss-<version>.tar.gzor you can download a compatible version of Elasticsearch from this page.

    When connecting an external instance of Elasticsearch to Mission Control, add the following flag in the Shared Configurations of $JFROG_HOME/mc/var/etc/system. yaml file.

    1. Install Search Guard. The Search Guard package can be located in the extracted contents at jfrog-mc-<version>-rpm /third-party/elasticsearch/search-guard-<version>.tar.gz. For installation steps, refer to the Search Guard documentation.

      Important

      You must install the Search Guard plugin to ensure secure communication with Elasticsearch.

      1. Add an admin user to Search Guard, to ensure authenticated communication with Elasticsearch.

        The Search Guard configuration accepts a hashed password. Use the following command to generate the hash for the password.

      2. Prepare the configuration snippet to add a new(admin) user with the hashed password obtained from previous step.

      3. Paste the above snippet to the end of this file “sg_internal_users.yml” located at /etc/elasticsearch/plugins/search-guard-7/sgconfig/.

    2. Enable the anonymous access to_cluster/health endpoint. This is required to check the health of Elasticsearch cluster.

      Enable the anonymous auth in this filesg_config.yml at /etc/elasticsearch/plugins/search-guard-7/sgconfig/.

    3. Map the anonymous usersg_anonymous to the backend role "sg_anonymous_backendrole" in this file "sg_roles_mapping.yml" at /etc/elasticsearch/plugins/search-guard-7/sgconfig.

    4. Add the following snippet to the end of this filesg_roles.yml located at /etc/elasticsearch/plugins/search-guard-7 /sgconfig/.

  6. Add the following in the shared section of$JFROG_HOME/mc/var/etc/system. yaml file. Refer to Shared Configurations section.

    Warning

    You must set the value of external as true under Elasticsearch configuration in the system.yaml file even if you install Elasticsearch in the same machine as Mission Control.

    Note

    If you use Amazon Elasticsearch Service, enter the following in the shared section of the YAML file.

    If you use the Amazon Elasticsearch Service, you must log in to the service using your Amazon AWS credentials.

  7. Customize the product configuration.

    1. Set the Artifactory connection details.

    2. Customize the PostgreSQL Database connection details. (optional)

    3. Set any additional configurations (for example: ports, node id) using Mission Control System YAML.

  8. Start and manage the Mission Control service.

    systemd OS systemv OS

  9. Access Mission Control from your browser at: http://<jfrogUrl>/ui/and go to theDashboard tab in theApplicationmodule in the UI

  10. Check the Mission Control log.

Manual Debian Installation

The Debian installation bundles Mission Control and all its dependencies. It is provided as native Debian packages, where Mission Control and its dependencies must be installed separately. Use this, if you are automating installations.

  1. Download Mission Control.

  2. Extract the contents of the compressed archive, and go to the extracted folder:

  3. Install Mission control. You must run as a root user.

  4. Install PostgreSQL.

    Note

    PostgreSQL is required and must be installed before continuing with the next installation steps.

    Set your PostgreSQL connection details in the Shared Configurations section of the $JFROG_HOME/mc/var/etc/system.yaml file.

  5. Install Elasticsearch. Instructions to install Elasticsearch are available here.

    You can install the package available at jfrog-mc-<version>-deb /third-party/elasticsearch/elasticsearch-oss-<version>.tar.gz or you can download a compatible version of Elasticsearch from this page.

    1. Install Search Guard. The Search Guard package can be located in the extracted contents at jfrog-mc-<version>-deb /third-party/elasticsearch/search-guard-<version>.tar.gz. For installation steps, refer to the Search Guard documentation.

      Important

      You must install the Search Guard plugin to ensure secure communication with Elasticsearch.

      1. Add an admin user to Search Guard, to ensure authenticated communication with Elasticsearch.

        The Search Guard configuration accepts a hashed password. Use the following command to generate the hash for the password.

      2. Prepare the configuration snippet to add a new(admin) user with the hashed password obtained from previous step.

      3. Paste the above snippet to the end of this file “sg_internal_users.yml” located at /usr/share/elasticsearch/plugins/search-guard-7/sgconfig/.

    2. Enable the anonymous access to_cluster/health endpoint. This is required to check the health of Elasticsearch cluster.

      Enable the anonymous auth in this filesg_config.yml at /usr/share/elasticsearch/plugins/search-guard-7/sgconfig/.

    3. Map the anonymous usersg_anonymous to the backend role "sg_anonymous_backendrole" in this file "sg_roles_mapping.yml" at/usr/share/elasticsearch/plugins/search-guard-7/sgconfig/.

    4. Add the following snippet to the end of this filesg_roles.yml located at /usr/share/elasticsearch/plugins/search-guard-7/sgconfig/.

  6. Add the following in the shared section of$JFROG_HOME/mc/var/etc/system. yaml file. Refer to Shared Configurations section.

    Warning

    You must set the value of external as true under Elasticsearch configuration in the system.yaml file even if you install Elasticsearch in the same machine as Mission Control.

    Note

    If you use Amazon Elasticsearch Service, enter the following in the shared section of the YAML file.

    If you use the Amazon Elasticsearch Service, you must log in to the service using your Amazon AWS credentials.

  7. Customize the product configuration.

    1. Set the Artifactory connection details.

    2. Customize the PostgreSQL Database connection details. (optional)

    3. Set any additional configurations (for example: ports, node id) using Mission Control System YAML.

  8. Start and manage the Mission Control service.

    systemd OS systemv OS

  9. Access Mission Control from your browser at:http://<jfrogUrl>/ui/and go to theDashboard tab in theApplicationmodule in the UI.

  10. Check the Mission Control log.

    Linux

Helm Chart Installation

TO : Helm Chart Requirements. (reuse_003) System Requirements

Deploying Artifactory for Small, Medium or Large Installations

In the chart directory, includes three values files, one for each installation type - small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. You can find the files in the corresponding chart directory:

  1. Add the https://charts.jfrog.io to your Helm client.

  2. Update the repository.

  3. Initiate installation by providing a join key and JFrog url as a parameter to the Mission Control chart installation.

    Alternatively, you can manually create a secret containing the join key and then pass it to the template during install/upgrade. The key must be named join-key.

    Note

    In either case, make sure to pass the same join key on all future calls to helm install and helm upgrade! This means always passing --set missionControl.joinKey=<YOUR_PREVIOUSLY_RETRIEVED_JOIN_KEY>. In the second, this means always passing --set missionControl.joinKeySecretName=my-secret and ensuring the contents of the secret remain unchanged.

  4. Customize the product configuration (optional)including database, Java Opts, and filestore.

    Note

    Unlike other installations, Helm Chart configurations are made to the values.yaml and are then applied to the system.yaml.

    Follow these steps to apply the configuration changes.

    1. Make the changes to values.yaml.

    2. Run the command.

      helm upgrade -- install mission-control --namespace mission-control -f values.yaml

    3. Restart Mission Control to apply the changes.

  5. Access Mission Control from your browser at:http://<jfrogUrl>/ui/and go to theDashboard tab in theApplicationmodule in the UI.

  6. Check the status of your deployed Helm releases.

HA Installation

The following describes how to set up a Mission Control HA cluster with more than one node. For more information about HA, see System Architecture.

Prerequisites

All nodes within the same Mission Control HA installation must be running the same Artifactory version.

Warning

For a Mission Control HA cluster to work correctly, you must have at least three nodes in the cluster.

Database

Mission Control HA requires an external PostgreSQL database. Make sure to install it before proceeding to install the first node. There are several ways to setup PostgreSQL for redundancy. Including: HA, Load Balancing and Replication. For more information, see the PostgreSQL documentation

Network
  • All the Mission Control HA components (Mission Control cluster nodes, database server and Elasticsearch) must be within the same fast LAN.

  • All the HA nodes must communicate with each other through dedicated TCP ports.

The following installation methods are supported:

Interactive Script

All install types are supported, including: Docker Compose, Linux Archive, RPM, and Debian.

The installer script provides you an interactive way to install Mission Control and its dependencies. All install types are supported. This installer should be used for Docker Compose.

Installing the First Node
  1. Install the first node. The installation is identical to the single node installation.

    Warning

    Do not start the Mission Control service.

  2. Start the Mission Control service.

    systemd OS systemv Docker Compose

    Note

    You can install and manage Mission Control as a service in a Linux archive installation. Refer start Mission Control section under Linux Archive Manual Installation for more details.

    Linux Archive

  3. Access Mission Control from your browser at:http://<jfrogUrl>/ui/and go to theDashboard tab in theApplicationmodule in the UI.

  4. Check the Mission Control log.

    Docker Compose

Installing Additional Nodes

For a node to join a cluster, the node must have the same database configuration and the master key.

  1. If you installed Search Guard along with Elasticsearch , you must copy the client and node certificates from Elasticsearch's configuration folder in the primary node to all the additional nodes.

    If you want to use the bundled Elasticsearch installation with Mission Control in RPM and Debian installations, copy the client and node certificates from Elasticsearch's configuration folder from the master node to a new directory named as "sg-certs" under the extracted folder on additional node.

    RPM

    Create the folder, sg-certs inside the installer folder, jfrog-mc-<version>-rpm.

    Copy localhost.key, localhost.pem, and root-ca.pem from the Elasticsearch source folder, /etc/elasticsearch/, to jfrog-mc-<version>-rpm/sg-certs.

    Debian

    Create the folder, sg-certs inside the installer folder, jfrog-mc-<version>-deb.

    Copy localhost.key, localhost.pem, and root-ca.pem from the Elasticsearch source folder, /etc/elasticsearch/, to jfrog-mc-<version>-deb/sg-certs.

    Docker Compose

    Docker Compose installer uses pre-generated certificates for Search Guard. You do not need to manually copy the client and node certificates.

  2. Install the additional node. The installation is identical to the single node installation with the following differences:

    • Enter Y when the installer prompts whether to join a cluster.

    • Enter the database connection string of the primary node.

    • If you use the bundled PostgreSQL database, enter the database name as mc.

    • Enter the master key of the primary Mission Control node.

      The master key is available at $JFROG_HOME/etc/security/master.key.

  3. Start the additional node.

  4. Access Mission Control from your browser at: http://<jfrogUrl>/ui/and go to the Dashboard tab in the Application module in the UI.

  5. Check the Mission Control log.

    Linux Docker Compose

Manual Linux Archive Installation
Installing the First Node
  1. Install the first node. The installation is identical to the single node installation.

    Warning

    Do not start the Mission Control service.

  2. Configure the system.yaml file with the database and first node configuration details. For example,

    First node system.yaml

  3. Start and manage the Mission Control service.

    systemd OS Systemv OS

  4. Access Mission Control from your browser at: http://<jfrogUrl>/ui/and go to theDashboard tab in theApplicationmodule in the UI

  5. Check the Mission Control log.

    Linux

Installing Additional Nodes

For a node to join a cluster, the node must have the same database configuration and the master key. Install all additional nodes using the same steps described above, with the additional steps below:

  1. Configure the system.yaml file for the additional node with master key, database and active node configurations. For example,

    Additional node system.yaml

  2. Copy the master.key from the first node to the additional node located at $JFROG_HOME/mc/var/etc/security/master.key.

  3. Add the username and password as configured for Elasticsearch on master node on the additional node too. Add it to the Shared Configurations section in $JFROG_HOME/mc/var/etc/system.yaml file.

  4. If you installed Search Guard along with Elasticsearch , copy the client and node certificates from Elasticsearch's config folder from the primary node to a new directory, sg-certs, under the extracted folder on the additional node.

  5. Start the additional node.

  6. Access Mission Control from your browser at: http://<jfrogUrl>/ui/and go to the Dashboard tab in the Application module in the UI.

  7. Check the Mission Control log.

    Linux

Helm Installation HA

Important

Currently, it is not possible to connect a JFrog product (e.g., Mission Control) that is within a Kubernetes cluster with another JFrog product (e.g., Artifactory) that is outside of the cluster, as this is considered a separate network. Therefore, JFrog products cannot be joined together if one of them is in a cluster.

Deploying Artifactory for Small, Medium or Large Installations

In the chart directory, includes three values files, one for each installation type–small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. You can find the files in the corresponding chart directory.

High Availability

For high availability of Mission Control, set the replicaCount in the values.yaml file to >1 (the recommended value is 3).

  1. Add the JFrog Helm repository to your Helm client.

  2. Update the repository.

  3. Initiate installation by providing a join key and JFrog url as a parameter to the Mission Control chart installation.

    Alternatively, you can manually create a secret containing the join key and then pass it to the template during install/upgrade. the key must be named join-key.

    Note

    In either case, make sure to pass the same join key on all future calls to helm install and helm upgrade! This means always passing --set missionControl.joinKey=<YOUR_PREVIOUSLY_RETIREVED_JOIN_KEY>. In the second, this means always passing --set missionControl.joinKeySecretName=my-secret and ensuring the contents of the secret remain unchanged.

  4. Customize the product configuration (optional) including database, Java Opts, and filestore.

    Note

    Unlike other installations, Helm Chart configurations are made to the values.yaml and are then applied to the system.yaml.

    Follow these steps to apply the configuration changes.

    1. Make the changes to values.yaml.

    2. Run the command.

      helm upgrade -- install mission-control --namespace mission-control -f values.yaml

    3. Restart Mission Control to apply the changes.

  5. Access Mission Control from your browser at:http://<jfrogUrl>/ui/and go to theDashboard tab in theApplicationmodule in the UI

  6. Check the status of your deployed Helm releases.

Product Configuration

After installing and before running Mission Control, you may set the following configurations.

Where to find the system configurations?

You can configure all your system settings using the system.yaml file located in the $JFROG_HOME/mc/var/etc folder. For more information, see Mission Control YAML Configuration.

If you don't have a System YAML file in your folder, copy the template available in the folder and name it system.yaml.

For the Helm charts, the system.yaml file is managed in the chart’s values.yaml.

Artifactory Connection Details

Mission Control requires a working Artifactory server and a suitable license. The Mission Control connection to Artifactory requires 2 parameters:

  • jfrogUrl - URL to the machine where JFrog Artifactory is deployed, or the load balancer pointing to it. It is recommended to use DNS names rather than direct IPs. For example: http://jfrog.acme.com or http://10.20.30.40:8082.

    Set it in the Shared Configurations section of the $JFROG_HOME/mc/etc/system.yaml file.

  • join.key - This is the "secret" key required by Artifactory for registering and authenticating the Mission Control server.

    You can fetch the Artifactory joinKey (join Key) from the JPD UI in the Administration module | User Management | Settings | Join Key.

    Set the join.key used by your Artifactory server in the Shared Configurations section of the $JFROG_HOME/mc/etc/system.yaml file.

Changing PostgreSQL Database Credentials

Mission Control comes bundled with a PostgreSQL Database out-of-the-box, which comes pre-configured with default credentials.

Note

These commands are indicative and assume some familiarity with PostgreSQL. Please do not copy and paste them. For docker-compose, you will need to ssh into the PostgreSQL container before you run them

To change the default credentials:

PostgreSQL

Changing Elasticsearch Credentials

Search Guard tool is used to manage authentication. To change password for the default user, Search Guard accepts a hash password to be provided in the configuration.

  1. Obtain the username used to access Elasticsearch from $JFROG_HOME/mc/var/etc/system.yaml available at elasticsearch.username

  2. Generate the hash password by providing the password(in text format) as input

  3. The output from the previous step should be updated in the configuration for the default user

    Other flavours

  4. Run the command to initialise Search Guard

Add Certificates when Connecting to SSL Enabled Elasticsearch

Other flavours

Set your PostgreSQL and Elasticsearch connection details in the Shared Configurations section of the $JFROG_HOME/mc/var/etc/system.yaml file.

Load a Custom Certificate to Elasticsearch Search Guard

If you prefer to use the custom certificates when Search Guard enabled with tls in Elasticsearch, you can use the search-guard-tlstool to generate Search Guard certificates.

The tool to generate Search Guard certificates is be available in $JFROG_HOME/app/third-party/elasticsearch/search-guard-tlstool-<version>.tar.gz. For more information about generating certificates, see Search Guard TLS Tool.

  1. Run the tool to generate the certificates.

  2. Copy the generated certificates [[ localhost.key, localhost.pem, root-ca.pem, sgadmin.key, sgadmin.pem ]] to the target location based on the installer type.

    Native Docker Compose

Configuring a Custom Elasticsearch Role

The Search Guard tool is used to manage authentication. By default, an admin user is required to authenticate Elasticsearch. As an alternative to this, a new user can be configured to authenticate Elasticsearch by assigning a custom role with permissions for the application to work.

  1. Add the following snippet to define a new role with custom permissions:

  2. Add the following snippet to add a new user:

    1. Run the following command to generate a hash password:

  3. Add the following snippet to map the new username to the role defined in the previous step:

  4. Initialize Search Guard to upload the above changes made in the configuration.

  5. Set the new credentials in $JFROG_HOME/mc/etc/system.yaml file:

  6. Restart Mission Control services.

Installing PostgreSQL

Passwords for Postgres with Special Characters

Do not use a password for PostgreSQL that has special characters: Mission Control may not work if you configure a password that has special characters, such as~ = # @ $ /.

RPM
  1. Install PostgreSQL.

  2. Configure PostgreSQL to allow external IP connections.

  3. By default PostgreSQL will only allow localhost clients communications. To enable different IPs to communicate with the database you will need to configure the pg_hba.conf file.

    File location according to installation type

    • Docker-compose: $JFROG_HOME/mc/var/data/postgres/data

    • Native installations: /var/opt/postgres/data

    To grant all IPs access you may add the below, under the IPv4 local connections section.

    Add the following line to /var/opt/postgres/data/postgresql.conf.

  4. Start PostgreSQL.

  5. Setup the database and user.

Debian
Prerequisites

It is recommended to ensure your apt-get libraries are up-to-date, using the following commands.

Install any missing dependancies

Install Steps
  1. Install PostgreSQL.

    Run the following commands from the extracted jfrog-mc-<version>-deb directory.

    Ubuntu 16.04 (xenial) Ubuntu 18.04 (bionic) Ubuntu 20.04 (focal) Debian 8 (jessie) Debian 9 (stretch) Debian 10 (buster)

  2. Stop the Xray service.

  3. Change permissions for the postgres folder.

  4. Configure PostgreSQL to allow external IP connections.

  5. By default PostgreSQL will only allow localhost clients communications. To enable different IPs to communicate with the database you will need to configure the pg_hba.conf file.

    File Location According to Installation Type

    • Docker-compose: $JFROG_HOME/mc/var/data/postgres/data

    • Native installations: /var/opt/postgres/data

    To grant all IPs access you may add the below, under the IPv4 local connections section:

    Add the following line to /etc/postgresql/13/main/postgresql.conf

  6. Start PostgreSQL

  7. Set up the database and user.

  8. Put back the original pgdg.list.

  9. Remove backup files.

  10. Put back the original sources.list.

  11. Remove the backup files.

Linux Archive

Note

Postgres binaries are no longer bundled with linux archive installer for Mission Control. Remember to install Postgres manually.

Setting up Your PostgreSQL Databases, Users and Schemas

Warning

Database and schema names can only be changed for a new installation. Changing the names during an upgrade will result in the loss of existing data.

Helm Users

Create a single user with permission to all schemas. Use this user's credentials during your Helm installation on this page.

  1. Log in to the PostgreSQL database as an admin and execute the following commands.

    PostgreSQL Database, Schema and User Creation

  2. Configure the system.yaml file with the database configuration details according to the information above. For example.

For Advanced Users

Manual Docker Compose Installation

TO: Docker Requirements. (reuse_006) System Requirements

  1. Extract the contents of the compressed archive and go to the extracted folder.

    .env file included within the Docker-Compose archive

    This .env file is used by docker-compose and is updated during installations and upgrades.

    Notice that some operating systems do not display dot files by default. If you've made any changes to the file, remember to backup before an upgrade.

  2. Create the following folder structure under $JFROG_HOME/mc.

  3. Copy the appropriate docker-compose templates from the templates folder to the extracted folder. Rename it asdocker-compose.yaml.

    Note

    The commands below assume you are using the template: docker-compose-postgres.yaml.

    Requirement

    Template

    Mission control with Elasticsearch

    docker-compose.yaml

    PostgreSQL

    docker-compose-postgres.yaml

    Docker for Mac

    When you use Docker Compose in Mac, /etc/localtime might not work as expected since it might not be a shared location in the docker-for-mac settings.

    You can remove the following line from the selected docker-compose.yaml file to avoid installation issues.

  4. Update the .env file

  5. Customize the product configuration.

    1. Set the Artifactory connection details.

    2. Customize the PostgreSQL Database connection details. (optional)

    3. Set any additional configurations (for example: ports, node id) using Mission Control System YAML.

      Note

      Verify that the host's ID and IP are added to the system.yaml. This is important to ensure that other products and Platform Deployments can reach this instance.

  6. For Elasticsearch to work correctly, increase the map count. For additional information, see Elasticsearch documentation.

  7. Create the necessary tables and users using the script: "createPostgresUsers.sh".

    • Start the PostgreSQL container.

    • Copy the script into the PostgreSQL container.

    • Exec into the container and execute the script. This will create the database tables and users.

      PostgreSQL 9.x PostgreSQL 10.x/12.x

  8. Run the following commands.

  9. Start Mission Control using docker-compose commands.

  10. Access Mission Control from your browser at: http://SERVER_HOSTNAME/ui/ . For example, on your local machine: http://localhost/ui/ .

  11. Check the Mission Control log.

    Configuring the Log Rotation of the Console Log

    The console.log file can grow quickly since all services write to it. The installation scripts add a cron job to log rotate the console.log file every hour.

    This is not done for manual Docker Compose installations. Learn more on how to configure the log rotation.Logging