Artifactory 6.x

Using the latest version?
JFrog Platform User Guide

Expand all   Collapse all

JFrog Artifactory 6.x Documentation
To get the latest version, go to the JFrog Unified Platform

Skip to end of metadata
Go to start of metadata

Overview

JFrog Artifactory Edge (an "Edge node") is an edition of JFrog Artifactory whose available features have been customized to serve the primary purpose of distributing software to a runtime such as a data center, a point-of-sale or even a mobile device. All packages hosted in an Edge node are part of a release bundle which is a secure and immutable collection of software packages that make up a release to be provisioned.

The Release Bundles REST API can be found here

Edge Node Capabilities

An Artifactory Edge node is customized to only provide functionality needed for the distribution of packages specified in release bundles. The following table summarizes what an Edge node can and cannot do compared to a full Artifactory instance:


ArtifactoryEdge Node
Uploading files
  • Upload from a source Artifactory instance during a Distribution transaction

  • Direct file upload through UI or REST API


(tick)

(tick)


(tick)

(tick)
Uploading is only supported to the artifactory-edge-uploads generic repository.

Downloading files
(tick)(tick)
Repositories
  • Local

  • Remote

  • Virtual

(tick)

(tick)

(tick)

(tick)

(tick)
Smart Remote Repository
(Note: regular remote repositories are not supported)

(tick)

Storage

All forms of storage including cloud storage providers such as S3, GCP and Azure


(tick)


(tick)

Sharding
(tick)(tick)
User plugins
(tick)(tick)
Replication
(tick)

(warning)

Can only receive data specified in a distribution bundle via the replicator
Builds
(tick)(error)
Xray integration
(tick)

(error)
Any analysis of components should be done on the fully featured source Artifactory instance.

High Availability
(tick)(tick)

Page Contents

The Distribution Flow

The high-level distribution flow has two main steps:

  1. Creating a Release Bundle
    A REST API call on JFrog Distribution specifies a variety of parameters including the files comprising the release bundle, and different properties associated with it. 

  2. Distributing a Release Bundle
    The distribution is itself split into three steps:
    1. Start a distribution transaction - query JFrog Mission Control for details on the distribution target nodes, and provide the target nodes with information about distributed files such as their checksum.
    2. Transfer files with smart replication - JFrog Distribution invokes the Replicator which distributes files by replicating them from the source Artifactory instance over to the target node.
    3. End a distribution transaction - JFrog Distribution notifies the Edge node that the transaction is complete. In turn, the Edge node validates the integrity of the transferred files through their checksum and hosts them in the correct place as specified in the release bundle.

Installing an Edge Node

The process of installing an Edge node is identical to installing any other Artifactory instance. For details, please refer to Installing Artifactory.

Make sure to activate the Replicator

The primary purpose of an Edge node is to receive release bundles for deployment to a runtime which requires the use of the Replicator. Therefore, once your Edge node is installed, you need to ensure its Replicator has been activated and is ready for use as described in Installation and Activation

Circle of Trust

An Edge node can only receive release bundles from an Artifactory service if they are both within the same circle of trust. Once you have completed the installation of the Edge node, make sure to add it to the circle of trust for any Artifactory service from which it should receive release bundles. To learn how to establish a circle of trust, please refer to Establishing a Circle of Trust in the JFrog Access User Guide.

Deploying Artifacts

The artifactory-edge-uploads repository is automatically created and cannot be removed. Deploying artifacts to this repository can be done using the UI or REST API.

All repositories in an Artifactory Edge are read-only. This is the only repository that's available for deploying files to.

Pulling Artifacts

From version 6.12, an Artifactory Edge node can be configured to pull artifacts using a Smart Remote Repository. Artifacts can be pulled from other Artifactory instances (ones with Enterprise+ or Edge licenses, just like any remote repository.

When pulling data from a smart remote repository, the Edge node will first attempt to pull the data from cache. If it does not exist, it will continue to try and fetch it from the remote repository on the target instance.

Support for remote repositories (that are not Smart Remote) is not available. For example, creating a remote repository pointing to Docker hub is not supported.

This feature is available as a JFrog Artifactory On-Premise installation and requires a JFrog Enterprise+ or JFrog Artifactory Edge license.

Pull replication is not available.

Setting a GPG Key

To enable a secure distribution flow, an Edge node must be able to validate the contents of any Release Bundles that it receives. This is done by furnishing the Edge node with the GPG signing key of any Distribution service that will be uploading Release Bundles as a one-time action before any Distribution flows are invoked. 

Updating GPG Keys

 Note that if you change the GPG signing keys on any Distribution service that is uploading Release Bundles to an Edge node, the Edge node must be updated with the new public key.

To upload the GPG key of a Distribution service to an Edge node, use the following REST API endpoint:

Set Distribution Public Key

Description: Sets the public GPG key of a JFrog Distribution service that needs to upload Release Bundles to an Edge node.
Security: Requires a valid admin user
Usage: POST /api/security/keys/trusted
Note that when the GPG key is provided as part of the JSON payload and not in the request header, you need to add the --data-binary flag to the call.
Consumes: application/json
Since: 6.0
Sample Usage:

API URL: http://<EdgeNode>:<Port>/artifactory/api/security/keys/trusted
 Method : POST
 Content-Type: application/json
 Authorization : Basic XXXXXXXXX
 Body : {
 "alias" : "distribution key 1.0.0",
 "public_key" : "-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: BCPG C# v1.6.1.0
 
mQENBFpDamEBCACrrAoudjlwnrRqqjdrCgPwEPyHqYddXPLDHViOVZfiREp9ENkq
2PIThlj79Cj+60ePaE4Kxaze+uH1ckTxhCNIblHWiGUluKxH8Cpy7huCBdwqkD/y


...


x4w+26u0BNxE+4xlWaJ3NUb4CWtXLERfr8aKdkf1RXdMF3c96EXCBtGzLJbhrw==
=D24P
-----END PGP PUBLIC KEY BLOCK-----"
} 
  
Expected Response:{
 "kid": "46635b",
 "fingerprint": "f5:80:6a:1b:08:35:e7:8c:fa:a8:a0:fc:b4:fd:30:87:93:7d:19:22",
 "key": "-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: BCPG C# 1.6.1.0\n\nmQENBFpDamEBCACrrAoudjlwnrRqqjdrCgPwEPyHqYddXPLDHViOVZfiREp9ENkq
2PIThlj79Cj+60ePaE4Kxaze+uH1ckTxhCNIblHWiGUluKxH8Cpy7huCBdwqkD/y
 
... 
 
x4w+26u0BNxE+4xlWaJ3NUb4CWtXLERfr8aKdkf1RXdMF3c96EXCBtGzLJbhrw==
=D24P
-----END PGP PUBLIC KEY BLOCK-----",
 "issued_on": "2017-12-27T09:39:45.000Z",
 "issued_by": "alen@alen.com",
 "valid_until": "1970-01-01T00:00:00.000Z"
}


NGINX Configuration

As part of the distribution flow, Artifactory needs to interact with JFrog Distribution which relies on HTTP/1.1 protocol functionalities, such as chunked transfer encoding. To support these functionalities, you need to add the following settings  to your NGINX configuration

proxy_http_version 1.1;
chunked_transfer_encoding on;
  • No labels

JFrog.com | Documentation | Featured | Have a question? Want to report an issue? Contact JFrog support