Need help with other JFrog products?
Local Chef Supermarket
To enable calculation of Chef package metadata in local repositories so they are, in effect, Chef supermarkets, set the Package Type to Chef when you create the repository:
Artifactory allows you to define any layout for your Chef Cookbook repositories. In order to upload packages according to your custom layout, you need to package your Chef Cookbook files with Knife or Berkshelf and archive the files as tar.gz. Then you can upload to any path within your local Chef supermarket, see publishing Cookbooks.
Remote Chef Supermarket
A Remote Repository defined in Artifactory serves as a caching proxy for a supermarket managed at a remote URL such as
Artifacts (such as tgz files) requested from a remote repository are cached on demand. You can remove downloaded artifacts from the remote repository cache, however, you can not manually deploy artifacts to a remote Chef repository.
To define a remote repository to proxy a remote Chef Cookbook, repository follow the steps below:
- In the Admin module, under Repositories | Remote, click "New".
- In the New Repository dialog, set the Package Type to Chef, set the Repository Key value, and specify the URL to the remote repository in the URL field as displayed below.
- Click "Save & FInish".
Virtual Chef Supermarket
A Virtual Repository defined in Artifactory aggregates packages from both local and remote repositories.
This allows you to access both locally hosted Chef Cookbook packages and remote proxied Chef Cookbook repositories from a single URL defined for the virtual repository.
To define a virtual Chef Cookbook repository, create a virtual repository, set the Package Type to be Chef, and select the underlying local and remote Chef repositories to include in the Basic settings tab.
Using the Knife Command Line
Chef repositories must be prefixed with api/chef in the path
When accessing a Chef supermarket through Artifactory, the repository URL must be prefixed with api/chef in the path. This applies to all Knife commands.
For example, if you are using Artifactory standalone or as a local service, you would access your Chef supermarket using the following URL:
Or, if you are using Artifactory SaaS the URL would be:
https://<server name>.jfrog.io/<server name>/api/chef/<repository key>
To use the Knife command line you need to make sure it's installed. It's part of ChefDK, that can be installed in various ways.
Once you have created your Chef supermarket, you can select it in the Tree Browser and click Set Me Up to get code snippets you can use to change your Chef supermarket URL, and deploy and resolve packages using the knife command line tool.
Set the default Chef supermarket with a URL pointing to a Chef supermarket in Artifactory by editing your
~/.chef/knife.rb configuration file (the example below uses a repository with the key
chef-virtual). You authenticate the request using your username and password or with your Artifactory API key :
knife.rb file location
The knife.rb file doesn't exist by default. It can be created with the
knife configure command. Refer to the knife documentation for possible knife.rb locations.
The location of this file can be overidden with the
--config parameter when running a knife command
Working with Artifactory without Anonymous Access
By default, Artifactory allows Anonymous Access for Chef repositories. This is defined under Security | General Configuration. For details please refer to Allow Anonymous Access.
If you want to be able to trace how users interact with your repositories you need to uncheck the Allow Anonymous Access setting. This means that users will be required to enter their username and password.
The Knife command line tool does not support basic authentication (it only supports authentication with RSA keys).
To enable basic authentication, you will need to install the knife-art.gem plugin.
If properly installed you should see the following specific Artifactory commands:
These commands are a wrapper around the standard Knife supermarket commands, that enable basic authentication. To add these credentials, pre-pend them to the URL of the Chef supermarket configured in your knife.rb file:
Use an encrypted password
Use an encrypted password instead of clear-text; see Centrally Secure Passwords.
You can use the UI or a simple REST API call to upload the tgz/tar.gz containing the Cookbook to a Chef repository.
Artifactory will automatically extract the relevant information from the
metadata.json to later serve the index and respond properly to client calls. This
metadata.json file is mandatory. If it does not exist in your cookbook, you can use a Knife command to generate it and then publish it to Artifactory. For example:
Using the Berkshelf Command Line
From version 6.1.0, Berkshelf supports authenticated access to Artifactory using an API Key. Previous versions of Berkshelf only supported Anonymous access to Artifactory.
To resolve dependencies from a Chef supermarket in Artifactory, first configure your Artifactory API Key using config.rb:
Then set the default supermarket in your Berksfile's Cookbook:
Then you can execute the
berks command to download the required dependencies from Artifactory:
Viewing Individual Chef Cookbook Information
Artifactory lets you view selected metadata of a Chef Cookbook directly from the UI.
In the Artifacts tab, select Tree Browser and drill down to select the
tgz/tar.gz file you want to inspect. The metadata is displayed in the Chef Info tab.
Searching Chef Cookbooks
Artifactory supports a variety of ways to search for artifacts.
Artifactory also supports
knife search [search terms ...]:
- For local repositories, it will look for the given terms in the name, description and maintainer fields.
- For remote repositories, the search will be done on the local cache, then the search query will be forwarded to the external repository and the results merged before returned to the client.
- For virtual repositories, the search will be done on local repositories and then on remote repositories, the results merged before returning to the client.
Artifactory annotates each deployed or cached Chef Cookbook package with at least 3 properties:
chef.name, chef.version and
chef.maintainer. If available, it will also add
chef.dependencies, chef.platforms multi-valued properties.
You can use Property Search to search for Chef Cookbook according to their name, version, maintainer, dependencies or platforms requirements.