Cloud customer?
Start for Free >
Upgrade in MyJFrog >
What's New in Cloud >





Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

This page provides a guide for the different ways you can install and configure JFrog Insight, single node and high availability. Additional information on high availability can be found here.

Warning

You must install or upgrade to Artifactory 7.27.3 or later, if you want to install Insight. For previous versions, install and use Mission Control.

Do not install Insight if you have standalone Mission Control service running. Run the migration steps before you install Insight. For more information, see Migrating from Mission Control to Insight.



Before You Begin

System Requirements

Before installing Insight, refer to System Requirements for information on supported platforms, supported browsers, and other requirements.

Warning

Insight requires the Mission Control microservice to be running on Artifactory. If you use a standalone Mission Control service, migrate to Mission Control microservice before you proceed with Insight installation. For more information, see Migrating Platform Deployments and License Buckets.

Note
When installing Insights, you must run the installation as a root user or provide sudo access to a non-root user. This does not apply to the Linux Archive and Docker installations.

System Architecture

To learn about the JFrog Platform Deployment, refer to System Architecture.

Installing Insight

Before installing Insight 1.x, you must first install JFrog Artifactory 7.x.

Installation Steps

The installation procedure involves the following main steps:

  1. Download Insight as per your required installer type (Linux Archive, Docker Compose, RPM, Debian).
  2. Install Insight either as a single node installation, or high availability cluster.
    1. Install third party dependencies (PostgreSQL and Elasticsearch databases, included in the archive)
    2. Install Insight
  3. Configure the service
    1. Connection to Artifactory (joinKey and jfrogUrl)
    2. Additional optional configuration including changing default credentials for databases
  4. Start the Service using the start scripts or OS service management.
  5. Check the Service Log to check the status of the service.
Info
titleDefault Home Directory

The default Insight home directory is defined according to the installation type. For additional details see the Product Directory Structure page.

Note: This guide uses $JFROG_HOME to represent the JFrog root directory containing the deployed product.

Panel

JFrog Subscription Levels

SELF-HOSTED
ENTERPRISE+
Panel
titlePage Contents

Table of Contents
maxLevel3


Single Node Installation

The following installation methods are supported:

Interactive Script Installation (recommended)

All install types are supported, including: Docker Compose, Linux Archive, RPM and Debian.

The installer script provides you an interactive way to install Insight and its dependencies. All install types are supported. This installer should be used for Docker Compose.

  1. Download Insight.
  2. Extract the contents of the compressed archive and go to the extracted folder.

    Code Block
    languagebash
    tar -xvf jfrog-insight-<version>-<compose|rpm|deb>.tar.gz
    cd jfrog-insight-<version>-<compose|rpm|deb>
    Info
    titleOS user permissions for Linux archive

    When running Insight, the installation script creates a user called insight by default which must have run and execute permissions on the installation directory.

    It is recommended to extract the Insight download file into a directory that gives run and execute permissions to all users such as /opt.

    Code Block
    languagebash
    titleLinux archive
    mv jfrog-insight-<version>-linux.tar.gz /opt/
    cd /opt
    tar -xf jfrog-insight-<version>-linux.tar.gz
    mv jfrog-insight-<version>-linux insight
    cd insight
    Note
    title.env file included within the Docker-Compose archive

    This .env file is used by docker-compose and is updated during installations and upgrades.

    Notice that some operating systems do not display dot files by default. If you've made any changes to the file, remember to backup before an upgrade.

  3. Run the installer script.
    Note: the script will prompt you with a series of mandatory inputs, including the jfrogURL (custom base URL) and joinKey.

    Code Block
    languagebash
    titleDocker Compose
    ./config.sh
    Code Block
    languagebash
    titleRPM/DEB
    ./install.sh
    Info
    titlePrerequisites for Linux archive

    Refer to prerequisites for Insight in Linux Archive  before running the install script.

    Code Block
    languagebash
    titleLinux archive
    ./install.sh --user <user name> --group <group name>
    
    -h | --help                                       : [optional] display usage
    -u | --user                                       : [optional] (default: insight) user which will be used to run the product, it will be created if its unavailable
    -g | --group                                      : [optional] (default: insight) group which will be used to run the product, it will be created if its unavailable
  4. Validate and customize the product configuration (optional), including the third party dependencies connection details and ports.
  5. Start and manage the Insight service.

    Code Block
    languagebash
    titlesystemd OS
    systemctl start|stop insight.service
    Code Block
    languagebash
    titlesystemv
    service insight start|stop
    Code Block
    languagebash
    titleDocker Compose
    cd jfrog-insight-<version>-compose
    docker-compose -p insight up -d
    docker-compose -p insight ps
    docker-compose -p insight down
    Info

    Insight can be installed and managed as a service in a Linux archive installation. Refer start Insight section under Linux Archive Manual Installation for more details. 

    Code Block
    languagebash
    titleLinux archive
    insight/app/bin/insight.sh start|stop
  6. Access Insight from your browser at: http://<jfrogUrl>/ui/and go to the Dashboard tab in the Application module in the UI.
  7. Check the Insight log.

    Code Block
    languagebash
    tail -f $JFROG_HOME/insight/var/log/console.log
    Warning
    titleConfiguring the Log Rotation of the Console Log

    The console.log file can grow quickly since all services write to it. This file is not log rotated for Darwin installations. Learn more on how to configure the log rotation.

Linux Archive Installation

  1. Download Insight.
  2. Extract the contents of the compressed archive and move it into /insight directory..

    Code Block
    languagebash
    tar -xvf jfrog-insight-<version>-linux.tar.gz
    mv jfrog-insight-<version>-linux insight
  3. Install PostgreSQL.

    Note

    PostgreSQL is required and must be installed before continuing with the next installation steps.

    Set your PostgreSQL connection details in the Shared Configurations section of the $JFROG_HOME/insight/var/etc/system.yaml file 

  4. Prepare for the Elasticsearch Installation by increasing the map count. For additional information refer to the Elastic Search documentation.

    Code Block
    languagebash
    sudo sysctl -w vm.max_map_count=262144
    Note

    To make this change permanent, remember to update the vm.max_map_count setting in /etc/sysctl.conf.

  5. Install Elasticsearch. Instructions to install Elasticsearch are available here.

    You can install the package available at <JFROG_HOME>/insight/app/third-party/elasticsearch/elasticsearch-<version>.tar.gz or you can download a compatible version of Elasticsearch from this page.

    1. Install Search Guard. The Search Guard package can be located in the extracted contents at <JFROG_HOME>/mc/app/third-party/elasticsearch/search-guard-<version>.tar.gz. For installation steps, refer to the Search Guard documentation.

      Note
      titleImportant

      You must install the Search Guard plugin to ensure secure communication with Elasticsearch.


      1. Add an admin user to Search Guard, to ensure authenticated communication with Elasticsearch. 
        The Search Guard configuration accepts a hashed password. Use the following command to generate the hash for the password.

        Code Block
        languagebash
        <JFROG_HOME>/insight/app/third-party/elasticsearch/elasticsearch-<version>/plugins/search-guard-7/tools/hash.sh -p <clear_text_password>
        
        #This will output a hashed password (<hash_password>), make a copy of it
      2. Prepare the configuration snippet to add a new(admin) user with the hashed password obtained from previous step.

        Code Block
        languagebash
        <username>:
           hash: "<hashed_password>"
           backend_roles:
             - "admin"
            description: "Insight Elastic admin user"
      3. Paste the above snippet to the end of this file “sg_internal_users.yml” located at <JFROG_HOME>/insight/app/third-party/elasticsearch/elasticsearch-<version>/plugins/search-guard-7/sgconfig/.

    2. Enable the anonymous access to _cluster/health endpoint. This is required to check the health of Elasticsearch cluster.
      Enable the anonymous auth in this file sg_config.yml at <JFROG_HOME>/insight/app/third-party/elasticsearch/elasticsearch-<version>/plugins/search-guard-7/sgconfig/.

      Code Block
      languagebash
      sg_config:
        dynamic:
          http:
            anonymous_auth_enabled: true #set this to true
    3. Map the anonymous user sg_anonymous to the backend role "sg_anonymous_backendrole" in this file "sg_roles_mapping.yml" at <JFROG_HOME>/insight/app/third-party/elasticsearch/elasticsearch-<version>/plugins/search-guard-7/sgconfig/.

      Code Block
      languagebash
      sg_anonymous:
        backend_roles:
          - sg_anonymous_backendrole
    4. Add the following snippet to the end of this file sg_roles.yml located at <JFROG_HOME>/insight/app/third-party/elasticsearch/elasticsearch-<version>/plugins/search-guard-7/sgconfig/.

      Code Block
      languagebash
      sg_anonymous:
        cluster_permissions:
          - cluster:monitor/health
  6. Add the following in the shared section of $JFROG_HOME/insight/var/etc/system.yaml file. Refer to Shared Configurations section.

    Code Block
    languagebash
    shared:
      elasticsearch:
        external: true
        url: <URL_TO_ELASTICSEARCH_INSTANCE>:<ELASTICSEARCH_PORT>
        username: <USERNAME_SET_IN_SEARCHGUARD>
        password: <CLEAR_TEXT_PASSWORD_FOR_THE_ABOVE_USERNAME>
           
    Note

    If you use Amazon Elasticsearch Service, enter the following in the shared section of the YAML file.

    Code Block
    languageyml
    shared:
        elasticsearch:
             url: <URL_TO_ELASTICSEARCH>:<ELASTICSEARCH_PORT>
             external: true
             aes:
                  signed: true
                  serviceName: <AES_SERVICE_NAME>
                  region: <AES_SERVICE_REGION>
                  accessKey: <AWS_ACCESS_KEY>
                  secretKey: <AWS_SECRET_KEY>

    If you use the Amazon Elasticsearch Service, you must log in to the service using your Amazon AWS credentials.

  7. Start PostgreSQL and Elasticsearch

  8. Customize the product configuration.
    1. Set the Artifactory connection details.
    2. Customize the PostgreSQL Database connection details (optional).
    3. Set any additional configurations (for example: ports, node id) using the Insight system.yaml configuration file.

  9. Start and manage the Insight service as the user who extracted the tar.
    As a process

    Code Block
    languagebash
    titleDaemon Process
    insight/app/bin/insight.sh start

    Manage the process.

    Code Block
    insight/app/bin/insight.sh start|stop|status|restart

    As a service
    Insight is packaged as an archive file and an install script that can be used to install it as a service running under a custom user. Currently supported on Linux systems.

    Tip
    titleOS User Permissions

    When running Insight as a service, the installation script creates a user called insight (by default) which must have run and execute permissions on the installation directory.

    It is recommended to extract the Insight download file into a directory that gives run and execute permissions to all users such as /opt.

    To install Insight as a service, execute the following command as root: 

    Note

    User and group can be passed through insight/var/etc/system.yaml as shared.user and shared.group. This takes precedence over values passed through command line on install. 

    Code Block
    languagebash
    insight/app/bin/installService.sh --user <enter user, default value is insight> --group <enter group, default value is insight>
    
    -u | --user                                       : [optional] (default: insight) user which will be used to run the product, it will be created if its unavailable
    -g | --group                                      : [optional] (default: insight) group which will be used to run the product, it will be created if its unavailable

    The user and group will be stored in the insight/var/etc/system.yaml at the end of the installation.
    To manage the service, use the systemd or init.d commands depending on your system. 

    Code Block
    languagebash
    titleUsing systemd
     systemctl <start|stop|status> insight.service
    Code Block
    languagebash
    titleUsing init.d
    service insight <start|stop|status>
  10. Access Insight from your browser at: http://<jfrogUrl>/ui/and go to the Dashboard tab in the Application module in the UI
  11. Check the Insight log.

    Code Block
    languagebash
    tail -f $JFROG_HOME/insight/var/log/console.log

Manual RPM Installation

The RPM installation bundles Insight and all its dependencies. It is provided as native RPM packages, where Insight and its dependencies must be installed separately. Use this, if you are automating installations.

  1. Download Insight.

  2. Extract the contents of the compressed archive, and go to the extracted folder:

    Code Block
    languagebash
    tar -xvf jfrog-insight-<version>-rpm.tar.gz
    cd jfrog-insight-<version>-rpm
  3. Install Insight. You must run as a root user.

    Code Block
    languagebash
    rpm -Uvh --replacepkgs ./insight/insight.rpm
  4. Install PostgreSQL and start the PostgreSQL service.

    Note

    PostgreSQL is required and must be installed before continuing with the next installation steps.

    Set your PostgreSQL connection details in the Shared Configurations section of the $JFROG_HOME/insight/var/etc/system.yaml file.

  5. Install Elasticsearch. Instructions to install Elasticsearch are available here.

    You can install the package available at jfrog-insight-<version>-rpm/third-party/elasticsearch/elasticsearch-<version>.tar.gz or you can download a compatible version of Elasticsearch from this page.

    When connecting an external instance of Elasticsearch to Insight, add the following flag in the Shared Configurations of $JFROG_HOME/insight/var/etc/system.yaml file.

    Code Block
    languagebash
    shared:
      elasticsearch:
        external: true


    1. Install Search Guard. The Search Guard package can be located in the extracted contents at jfrog-insight-<version>-rpm/third-party/elasticsearch/search-guard-<version>.tar.gz. For installation steps, refer to the Search Guard documentation.

      Note
      titleImportant

      You must install the Search Guard plugin to ensure secure communication with Elasticsearch.


      1. Add an admin user to Search Guard, to ensure authenticated communication with Elasticsearch. 
        The Search Guard configuration accepts a hashed password. Use the following command to generate the hash for the password.

        Code Block
        languagebash
        /etc/elasticsearch/plugins/search-guard-7/tools/hash.sh -p <clear_text_password>
        
        #This will output a hashed password (<hash_password>), make a copy of it
      2. Prepare the configuration snippet to add a new(admin) user with the hashed password obtained from previous step.

        Code Block
        languagebash
        <username>:
           hash: "<hashed_password>"
           backend_roles:
             - "admin"
           description: "Insight Elastic admin user"
      3. Paste the above snippet to the end of this file “sg_internal_users.yml” located at /etc/elasticsearch/plugins/search-guard-7/sgconfig/.

    2. Enable the anonymous access to _cluster/health endpoint. This is required to check the health of Elasticsearch cluster.
      Enable the anonymous auth in this file sg_config.yml at /etc/elasticsearch/plugins/search-guard-7/sgconfig/.

      Code Block
      languagebash
      sg_config:
        dynamic:
          http:
            anonymous_auth_enabled: true #set this to true
    3. Map the anonymous user sg_anonymous to the backend role "sg_anonymous_backendrole" in this file "sg_roles_mapping.yml" at /etc/elasticsearch/plugins/search-guard-7/sgconfig.

      Code Block
      languagebash
      sg_anonymous:
        backend_roles:
          - sg_anonymous_backendrole
    4. Add the following snippet to the end of this file sg_roles.yml located at /etc/elasticsearch/plugins/search-guard-7/sgconfig/.

      Code Block
      languagebash
      sg_anonymous:
        cluster_permissions:
          - cluster:monitor/health
  6. Add the following in the shared section of $JFROG_HOME/insight/var/etc/system.yaml file. Refer to Shared Configurations section.

    Code Block
    languagebash
    shared:
      elasticsearch:
        url: <URL_TO_ELASTICSEARCH_INSTANCE>:<ELASTICSEARCH_PORT>
        username: <USERNAME_SET_IN_SEARCHGUARD>
        password: <CLEAR_TEXT_PASSWORD_FOR_THE_ABOVE_USERNAME>
           
    Note

    If you use Amazon Elasticsearch Service, enter the following in the shared section of the YAML file.

    Code Block
    languageyml
    shared:
        elasticsearch:
             url: <URL_TO_ELASTICSEARCH>:<ELASTICSEARCH_PORT>
             external: true
             aes:
                  signed: true
                  serviceName: <AES_SERVICE_NAME>
                  region: <AES_SERVICE_REGION>
                  accessKey: <AWS_ACCESS_KEY>
                  secretKey: <AWS_SECRET_KEY>

    If you use the Amazon Elasticsearch Service, you must log in to the service using your Amazon AWS credentials.



  7. Customize the product configuration.

    1. Set the Artifactory connection details.
    2. Customize the PostgreSQL Database connection details. (optional)
    3. Set any additional configurations (for example: ports, node id) using the Insight system.yaml configuration file.

  8. Start and manage the Insight service.

    Code Block
    languagebash
    titlesystemd OS
    systemctl start|stop insight.service
    Code Block
    languagebash
    titlesystemv OS
    service insight start|stop|status|restart
  9. Access Insight from your browser at: http://<jfrogUrl>/ui/and go to the Dashboard tab in the Application module in the UI
  10. Check the Insight log.

    Code Block
    languagebash
    titleLinux
    tail -f $JFROG_HOME/insight/var/log/console.log

Manual Debian Installation

The Debian installation bundles Insight and all its dependencies. It is provided as native Debian packages, where Insight and its dependencies must be installed separately. Use this, if you are automating installations.

  1. Download Insight.
  2. Extract the contents of the compressed archive, and go to the extracted folder:

    Code Block
    languagebash
    tar -xvf jfrog-insight-<version>-deb.tar.gz
    cd jfrog-insight-<version>-deb
  3. Install Insight. You must run as a root user.

    Code Block
    languagebash
    dpkg -i ./insight/insight.deb
  4. Install PostgreSQL.

    Note

    PostgreSQL is required and must be installed before continuing with the next installation steps.

    Set your PostgreSQL connection details in the Shared Configurations section of the $JFROG_HOME/insight/var/etc/system.yaml file.

  5. Install Elasticsearch. Instructions to install Elasticsearch are available here.


    You can install the package available at jfrog-insight-<version>-deb
    /third-party/elasticsearch/elasticsearch-<version>.tar.gz or you can download a compatible version of Elasticsearch from this page.

    1. Install Search Guard. The Search Guard package can be located in the extracted contents at jfrog-insight-<version>-deb/third-party/elasticsearch/search-guard-<version>.tar.gz. For installation steps, refer to the Search Guard documentation.

      Note
      titleImportant

      You must install the Search Guard plugin to ensure secure communication with Elasticsearch.


      1. Add an admin user to Search Guard, to ensure authenticated communication with Elasticsearch. 
        The Search Guard configuration accepts a hashed password. Use the following command to generate the hash for the password.

        Code Block
        languagebash
        /usr/share/elasticsearch/plugins/search-guard-7/tools/hash.sh -p <clear_text_password>
        
        #This will output a hashed password (<hash_password>), make a copy of it
      2. Prepare the configuration snippet to add a new(admin) user with the hashed password obtained from previous step.

        Code Block
        languagebash
        <username>:
           hash: "<hashed_password>"
           backend_roles:
             - "admin"
           description: "Insight Elastic admin user"
      3. Paste the above snippet to the end of this file “sg_internal_users.yml” located at /usr/share/elasticsearch/plugins/search-guard-7/sgconfig/.

    2. Enable the anonymous access to _cluster/health endpoint. This is required to check the health of Elasticsearch cluster.
      Enable the anonymous auth in this file sg_config.yml at /usr/share/elasticsearch/plugins/search-guard-7/sgconfig/.

      Code Block
      languagebash
      sg_config:
        dynamic:
          http:
            anonymous_auth_enabled: true #set this to true
    3. Map the anonymous user sg_anonymous to the backend role "sg_anonymous_backendrole" in this file "sg_roles_mapping.yml" at /usr/share/elasticsearch/plugins/search-guard-7/sgconfig/.

      Code Block
      languagebash
      sg_anonymous:
        backend_roles:
          - sg_anonymous_backendrole
    4. Add the following snippet to the end of this file sg_roles.yml located at /usr/share/elasticsearch/plugins/search-guard-7/sgconfig/.

      Code Block
      languagebash
      sg_anonymous:
        cluster_permissions:
          - cluster:monitor/health



  6. Add the following in the shared section of $JFROG_HOME/insight/var/etc/system.yaml file. Refer to Shared Configurations section.

    Code Block
    languagebash
    shared:
      elasticsearch:
        url: <URL_TO_ELASTICSEARCH_INSTANCE>:<ELASTICSEARCH_PORT>
        username: <USERNAME_SET_IN_SEARCHGUARD>
        password: <CLEAR_TEXT_PASSWORD_FOR_THE_ABOVE_USERNAME>
           
    Note

    If you use Amazon Elasticsearch Service, enter the following in the shared section of the YAML file.

    Code Block
    languageyml
    shared:
        elasticsearch:
             url: <URL_TO_ELASTICSEARCH>:<ELASTICSEARCH_PORT>
             external: true
             aes:
                  signed: true
                  serviceName: <AES_SERVICE_NAME>
                  region: <AES_SERVICE_REGION>
                  accessKey: <AWS_ACCESS_KEY>
                  secretKey: <AWS_SECRET_KEY>

    If you use the Amazon Elasticsearch Service, you must log in to the service using your Amazon AWS credentials.

  7. Customize the product configuration.

    1. Set the Artifactory connection details.
    2. Customize the PostgreSQL Database connection details. (optional)
    3. Set any additional configurations (for example: ports, node id) using the Insight system.yaml configuration file.

  8. Start and manage the Insight service.

    Code Block
    languagebash
    titlesystemd OS
    systemctl start|stop insight.service
    Code Block
    languagebash
    titlesystemv OS
    service insight start|stop|status|restart
  9. Access Insight from your browser at: http://<jfrogUrl>/ui/and go to the Dashboard tab in the Application module in the UI.
  10. Check the Insight log.

    Code Block
    languagebash
    titleLinux
    tail -f $JFROG_HOME/insight/var/log/console.log

Helm Chart Installation

Note
titleDeploying Artifactory for Small, Medium or Large Installations

In the chart directory, includes three values files, one for each installation type - small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. You can find the files in the corresponding chart directory:

  1. Add the ChartCenter Helm repository to your Helm client.

    Code Block
    languagebash
    helm repo add jfrog https://charts.jfrog.io 
    
  2. Update the repository.

    Code Block
    languagebash
    helm repo update
  3. Initiate installation by providing a join key and JFrog url as a parameter to the Insight chart installation.

    Code Block
    languagebash
    helm upgrade --install insight --set insightServer.joinKey=<YOUR_PREVIOUSLY_RETRIEVED_JOIN_KEY> \
                 --set insightServer.jfrogUrl=<YOUR_PREVIOUSLY_RETRIEVED_BASE_URL> --namespace insight jfrog/insight

    Alternatively, you can manually create a secret containing the join key and then pass it to the template during install/upgrade. The key must be named join-key.

    Code Block
    languagebash
    kubectl create secret generic my-secret --from-literal=join-key=<YOUR_PREVIOUSLY_RETIREVED_JOIN_KEY>
    
    # Pass the created secret to helm
    helm upgrade --install insight --set insightServer.joinKeySecretName=my-secret --namespace insight jfrog/insight
    Note

    In either case, make sure to pass the same join key on all future calls to helm install and helm upgrade! This means always passing --set insightServer.joinKey=<YOUR_PREVIOUSLY_RETRIEVED_JOIN_KEY>. In the second, this means always passing --set insightServer.joinKeySecretName=my-secret and ensuring the contents of the secret remain unchanged.

  4. Customize the product configuration (optional) including database, Java Opts, and filestore.

    Note

    Unlike other installations, Helm Chart configurations are made to the values.yaml and are then applied to the system.yaml.

    Follow these steps to apply the configuration changes.

    1. Make the changes to values.yaml. 
    2. Run the command.

      helm upgrade --install insight --namespace insight -f values.yaml

    3. Restart Insight to apply the changes.
  5. Access Insight from your browser at: http://<jfrogUrl>/ui/and go to the Dashboard tab in the Application module in the UI.

  6. Check the status of your deployed Helm releases.

    Code Block
    helm status insight

HA Installation

The following describes how to set up a Insight HA cluster with more than one node. For more information about HA, see  System Architecture .

Prerequisites

All nodes within the same Insight HA installation must be running the same Artifactory version.

Warning

For a Insight HA cluster to work correctly, you must have at least three nodes in the cluster.


Database

Insight HA requires an external PostgreSQL database. Make sure to install it before proceeding to install the first node. There are several ways to setup PostgreSQL for redundancy. Including: HA, Load Balancing and Replication. For more information, see the  PostgreSQL documentation

Network

  • All the Insight HA components (Insight cluster nodes, database server and Elasticsearch) must be within the same fast LAN.

  • All the HA nodes must communicate with each other through dedicated TCP ports.

The following installation methods are supported:

Interactive Script

All install types are supported, including: Docker Compose, Linux Archive, RPM, and Debian.

The installer script provides you an interactive way to install Insight and its dependencies. All install types are supported. Use this installer for Docker Compose.

  1. Install the first node. The installation is identical to the single node installation.

    Warning

    Do not start the Insight service.

  2. Start the Insight service.

    Code Block
    languagebash
    titlesystemd OS
    systemctl start insight.service
    Code Block
    languagebash
    titlesystemv
    service insight start
    Code Block
    languagebash
    titleDocker Compose
    cd jfrog-insight-<version>-compose
    docker-compose -p insight up -d
    
    Info

    You can install and manage Insight as a service in a Linux archive installation. Refer the Start Insight section under Manual Linux Archive Installation for more details. 

    Code Block
    languagebash
    titleLinux Archive
    insight/app/bin/insight.sh start
  3. Access Insight from your browser at: http://<jfrogUrl>/ui/ and go to the Dashboard  tab in the Application module in the UI.

  4. Check the Insight log.

    Code Block
    languagebash
    tail -f $JFROG_HOME/insight/var/log/console.log
    Code Block
    languagebash
    titleDocker Compose
    docker-compose -p insight logs

Installing Additional Nodes

For a node to join a cluster, the node must have the same database configuration and the master key.

  1. If you installed Search Guard along with Elasticsearch , you must copy the client and node certificates from Elasticsearch's configuration folder in the primary node to all the additional nodes.
    If you want to use the bundled Elasticsearch installation with Insight in RPM and Debian installations, copy the client and node certificates from Elasticsearch's configuration folder from the master node to a new directory named as "sg-certs" under the extracted folder on additional node.

    Info
    titleRPM

    Create the folder, sg-certs inside the installer folder, jfrog-insight-<version>-rpm.

    Copy localhost.key, localhost.pem, and root-ca.pem from the Elasticsearch source folder, /etc/elasticsearch/, to jfrog-insight-<version>-rpm/sg-certs.

    Info
    titleDebian

    Create the folder, sg-certs inside the installer folder, jfrog-insight-<version>-deb.

    Copy localhost.key, localhost.pem, and root-ca.pem from the Elasticsearch source folder, /etc/elasticsearch/, to jfrog-insight-<version>-deb/sg-certs.

    Info
    titleDocker Compose

     Docker Compose installer uses pre-generated certificates for Search Guard. You do not need to manually copy the client and node certificates.

  2. Install the additional node. The installation is identical to the single node installation with the following differences:
    • Enter Y when the installer prompts whether to join a cluster.
    • Enter the database connection string of the primary node.
    • If you use the bundled PostgreSQL database, enter the database name as insight.
    • Enter the master key of the primary Insight node. 
      The master key is available at $JFROG_HOME/etc/security/master.key.

  3. Start the additional node.

  4. Access Insight from your browser at: http://<jfrogUrl>/ui/and go to the Dashboard tab in the Application module in the UI.

  5. Check the Insight log.

    Code Block
    languagebash
    titleLinux
    tail -f $JFROG_HOME/insight/var/log/console.log
    Code Block
    languagebash
    titleDocker Compose
    docker-compose -p insight logs

Manual Linux Archive Installation

Installing the First Node

  1. Install the first node. The installation is identical to the single node installation.

    Warning

    Do not start the Insight service.

  2. Configure the system.yaml file with the database and first node configuration details. For example,

    Code Block
    languageyml
    titleFirst node system.yaml
    shared:
      database:
        type: postgresql
        driver: org.postgresql.Driver
        url: jdbc:postgresql://<ip:port>/insight?sslmode=disable
        username: <username>
        password: <password>
      jfrogUrl: <JFrog URL>
      security:
        joinKey: <Artifactory Join Key>
  3. Start and manage the Insight service.

    Code Block
    languagebash
    titlesystemd OS
    systemctl start|stop insight.service
    Code Block
    languagebash
    titleSystemv OS
    service insight start|stop



  4. Access Insight from your browser at: http://<jfrogUrl>/ui/ and go to the Dashboard  tab in the Application module in the UI

  5. Check the Insight log.

    Code Block
    languagebash
    titleLinux
    tail -f $JFROG_HOME/insight/var/log/console.log

Installing Additional Nodes

For a node to join a cluster, the node must have the same database configuration and the master key. Install all additional nodes using the same steps described above, with the following additional steps:

  1. Configure the system.yaml file for the additional node with master key, database and active node configurations.
    For example:

    Code Block
    languageyml
    titleAdditional node system.yaml
    shared:
      database:
        type: postgresql
        driver: org.postgresql.Driver
        url: jdbc:postgresql://<ip:port>/insight?sslmode=disable
        username: <username>
        password: <password>
      jfrogUrl: <JFrog URL>
      security:
        joinKey: <Artifactory Join Key>
      # Configure the following property values when Elasticsearch is installed from the bundled Insight package.
      elasticsearch:
        clusterSetup: "YES"
        unicastFile: "$JFROG_HOME/insight/data/elasticsearch/config/unicast_hosts.txt"
  2. Copy the master.key from the first node to the additional node located at $JFROG_HOME/insight/var/etc/security/master.key.
  3. Add the username and password as configured for Elasticsearch on master node on the additional node too. Add it to the Shared Configurations section in $JFROG_HOME/insight/var/etc/system.yaml file.
  4. If you installed Search Guard along with Elasticsearch, copy the client and node certificates from Elasticsearch's config folder from the primary node to a new directory, sg-certs, under the extracted folder on the additional node.

  5. Start the additional node.

  6. Access Insight from your browser at: http://<jfrogUrl>/ui/and go to the Dashboard tab in the Application module in the UI.
  7. Check the Insight log.

    Code Block
    languagebash
    titleLinux
    tail -f $JFROG_HOME/insight/var/log/console.log

Helm Installation HA

Note
titleImportant

Currently, it is not possible to connect a JFrog product (like Insight) that is within a Kubernetes cluster with another JFrog product (like Artifactory) that is outside of the cluster, as this is considered a separate network. Therefore, JFrog products cannot be joined together if one of them is in a cluster.

Note
titleDeploying Artifactory for Small, Medium or Large Installations

In the chart directory, includes three values files, one for each installation type–small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. You can find the files in the corresponding chart directory:

Info
titleHigh Availability

For high availability of Insight, set the replicaCount in the values.yaml file to >1 (the recommended value is 3).

Code Block
languagebash
helm upgrade --install insight --namespace insight --set replicaCount=3 jfrog/insight
  1. Add the   ChartCenter Helm repository   to your Helm client.

    Code Block
    languagebash
    helm repo add jfrog https://charts.jfrog.io 
    
  2. Update the repository.

    Code Block
    languagebash
    helm repo update
  3. Initiate installation by providing a join key and JFrog url as a parameter to the Insight chart installation.

    Code Block
    languagebash
    helm upgrade --install insight --set insight.joinKey=<YOUR_PREVIOUSLY_RETIREVED_JOIN_KEY> \
                 --set insight.jfrogUrl=<YOUR_PREVIOUSLY_RETIREVED_BASE_URL> --namespace insight jfrog/insight

    Alternatively, you can manually create a secret containing the join key and then pass it to the template during install/upgrade. the key must be named join-key.

    Code Block
    languagebash
    # Create a secret containing the key: 
    kubectl create secret generic my-secret --from-literal=join-key=<YOUR_PREVIOUSLY_RETIREVED_JOIN_KEY>
    
    # Pass the created secret to helm
    helm upgrade --install insight --set insight.joinKeySecretName=my-secret --namespace insight jfrog/insight
    Note

    In either case, make sure to pass the same join key on all future calls to  helm install  and  helm upgrade! This means always passing  --set insight.joinKey=<YOUR_PREVIOUSLY_RETIREVED_JOIN_KEY>. In the second, this means always passing  --set missionControl.joinKeySecretName=my-secret  and ensuring the contents of the secret remain unchanged.

  4. Customize the product configuration   (optional)  including database, Java Opts, and filestore.

    Note

    Unlike other installations, Helm Chart configurations are made to the values.yaml and are then applied to the system.yaml.

    Follow these steps to apply the configuration changes.

    1. Make the changes to values.yaml. 
    2. Run the command.

      helm upgrade -- install   insight --namespace insight -f values.yaml

    3. Restart Insight to apply the changes.
  5. Access Insight from your browser at: http://<jfrogUrl>/ui/ and go to the Dashboard  tab in the Application module in the UI

  6. Check the status of your deployed Helm releases.

    Code Block
    helm status insight

Product Configuration

After installing and before running Insight, you may set the following configurations.

Info
titleWhere to find the system configurations?

You can configure all your system settings using the system.yaml file located in the $JFROG_HOME/insight/var/etc folder. For more information, see Insight YAML Configuration.

If you don't have a System YAML file in your folder, copy the template available in the folder and name it system.yaml.

For the Helm charts, the system.yaml file is managed in the chart’s values.yaml.

Artifactory Connection Details

Insight requires a working Artifactory server and a suitable license. The Insight connection to Artifactory requires 2 parameters:

  • jfrogUrl - URL to the machine where JFrog Artifactory is deployed, or the load balancer pointing to it. It is recommended to use DNS names rather than direct IPs. For example: http://jfrog.acme.com or http://10.20.30.40:8082
    Set it in the Shared Configurations section of the $JFROG_HOME/insight/etc/system.yaml file.
  • join.key - This is the "secret" key required by Artifactory for registering and authenticating the Insight server.
    You can fetch the Artifactory joinKey (join Key) from the JPD UI in the Administration module | Security | Settings | Join Key
    Set the join.key used by your Artifactory server in the Shared Configurations section of the $JFROG_HOME/insight/etc/system.yaml file.

Changing PostgreSQL Database Credentials

Insight comes bundled with a PostgreSQL Database out-of-the-box, which comes pre-configured with default credentials.

Note

These commands are indicative and assume some familiarity with PostgreSQL. Please do not copy and paste them. For docker-compose, you will need to ssh into the PostgreSQL container before you run them

To change the default credentials:

Code Block
languagebash
titlePostgreSQL
#Change password for Insight user
# Access PostgreSQL as the insight user adding the optional -W flag to invoke the password prompt
$ psql -d insight -U insight -W
# Securely change the password for user "mission_control". Enter and then retype the password at the prompt.
\password insight
# Verify the update was successful by logging in with the new credentials
$ psql -d insight -U insight -W

Changing Elasticsearch Credentials

Search Guard tool is used to manage authentication. To change password for the default user, Search Guard accepts a hash password to be provided in the configuration.

  1. Obtain the username used to access Elasticsearch from $JFROG_HOME/insight/var/etc/system.yaml available at elasticsearch.username
  2. Generate the hash password by providing the password(in text format) as input

    Code Block
    languagebash
    $ELASTICSEARCH_HOME/plugins/search-guard-<major_version_number>/tools/hash.sh -p <password_in_text_format>
    
  3. The output from the previous step should be updated in the configuration for the default user

    Code Block
    languagebash
    titleOther flavours
    vi $ELASTICSEARCH_HOME/plugins/search-guard-<major_version_number>/sgconfig/sg_internal_users.yml
    #Scroll in the file to find an entry for the username of the default user
    #Update the value for "hash" with the hash content obtained from previous step
    <default_username>:
       hash: <hash_output_from_previous_step>
  4. Run the command to initialise Search Guard 

Add Certificates when Connecting to SSL Enabled Elasticsearch

Code Block
languagebash
titleOther flavours
cd $JFROG_HOME/insight/var/etc/security/keys/trusted
#Copy the certificates to this location and restart insight services

Set your PostgreSQL and Elasticsearch connection details in the Shared Configurations section of the $JFROG_HOME/insight/var/etc/system.yaml file.

Load a Custom Certificate to Elasticsearch Search Guard 

If you prefer to use the custom certificates when Search Guard enabled with tls in Elasticsearch, you can use the search-guard-tlstool  to generate Search Guard certificates.

The tool to generate Search Guard certificates is be available in $JFROG_HOME/app/third-party/elasticsearch/search-guard-tlstool-1.6.tar.gz. For more information about generating certificates, see Search Guard TLS Tool.

  1. Run the tool to generate the certificates.

    Code Block
    languagebash
    tar -xvf $JFROG_HOME/app/third-party/elasticsearch/search-guard-tlstool-1.6.tar.gz
    cp $JFROG_HOME/app/third-party/elasticsearch/config/tlsconfig.yml $JFROG_HOME/app/third-party/elasticsearch/search-guard-tlstool-1.8/config
    cd $JFROG_HOME/app/third-party/elasticsearch/search-guard-tlstool-1.8/tools
    ./sgtlstool.sh -c ../config/tlsconfig.yml -ca -crt # folder named "out" will be created with all the required certificates, 
    cd out 
    
  2. Copy the generated certificates [[  localhost.key,  localhost.pem, root-ca.pem,  sgadmin.key,  sgadmin.pem  ]]  to the target location based on the installer type.

    Code Block
    languagebash
    titleNative
    cp localhost.key localhost.pem root-ca.pem sgadmin.key sgadmin.pem  /etc/elasticsearch/certs/
    Code Block
    languagebash
    titleDocker Compose
    cp localhost.key localhost.pem root-ca.pem sgadmin.key sgadmin.pem $JFROG_HOME/insight/var/data/elasticsearch/certs

Configuring a Custom Elasticsearch Role

The Search Guard tool is used to manage authentication. By default, an admin user is required to authenticate Elasticsearch. As an alternative to this, a new user can be configured to authenticate Elasticsearch by assigning a custom role with permissions for the application to work.

  1. Add the following snippet to define a new role with custom permissions:

    Code Block
    vi $ELASTICSEARCH_HOME/plugins/search-guard-<major_version_number>/sgconfig/sg_roles.yml
    
    #Add the following snippet to define a new role with custom permissions
    
    <role_name>:
      cluster_permissions:
        - cluster:monitor/health
        - cluster:monitor/main
        - cluster:monitor/state
        - "indices:admin/template/get"
        - "indices:admin/template/delete"
        - "indices:admin/template/put"
        - "indices:admin/aliases"
        - "indices:admin/create" 
      index_permissions:
        - index_patterns:
            - "active_*"
          allowed_actions:
            - "indices:monitor/health"
            - "indices:monitor/stats"
            - "indices:monitor/settings/get"
            - "indices:admin/aliases/get"
            - "indices:admin/get"
            - "indices:admin/aliases" 
            - "indices:admin/create"
            - "indices:admin/delete"
            - "indices:admin/rollover"
            - SGS_CRUD


  2. Add the following snippet to add a new user:

    Code Block
    vi $ELASTICSEARCH_HOME/plugins/search-guard-<major_version_number>/sgconfig/sg_roles.yml/sg_internal_users.yml
    
    
    # Add the following snippet to add a new user
    
    <user_name>:
      hash: <Hash_password>
      backend_roles:
        - "<role_name>"   //role_name defined in previous step
      description: "<description>"


    1. Run the following command to generate a hash password:

      Code Block
      $ELASTICSEARCH_HOME/plugins/search-guard-<major_version_number>/tools/hash.sh -p <clear_text_password>
  3. Add the following snippet to map the new username to the role defined in the previous step:

    Code Block
    vi $ELASTICSEARCH_HOME/plugins/search-guard-<major_version_number>/sgconfig/sg_roles.yml/sg_roles_mapping.yml
    
    # Add the following snippet to map the new username to the role defined in the previous step
    
    <role_name>:
      users:
        - "<user_name>"
  4. Initialize Search Guard to upload the above changes made in the configuration.
  5. Set the new credentials in $JFROG_HOME/insight/etc/system.yaml file:

    Code Block
    shared:
        elasticsearch:
               username: <user_name>
               password: <clear_text_password>
    
    
  6. Restart Insight services.

Installing PostgreSQL 
Anchor
InstallingPostgreSQL
InstallingPostgreSQL

Note
titleUsing Microsoft Azure PostgreSQL

Some managed databases, such as Azure, have a different username for accessing the database than the actual one inside the database. For Azure-managed PostgreSQL, the username will be, for example insight@mycompany and the actualUsername will be insight. For more information, see Insight System YAML.

Note
titlePasswords for Postgres with Special Characters

Do not use a password for PostgreSQL that has special characters: Xray may not work if you configure a password that has special characters, such as ~ = # @ $ /.

RPM

  1. Install PostgreSQL.

    Code Block
    # Run the following commands from the extracted jfrog-xray-<version>-rpm directory.
    # Note : Use postgreSQL rpms with el6 when installing on Centos 6 and RHEL 6 and use postgresql13-13.2-1 packages 
    # Note : Use postgreSQL rpms with el8 when installing on Centos 8 and RHEL 8
    
    mkdir -p /var/opt/postgres/data
    
    rpm -ivh --replacepkgs ./third-party/postgresql/libicu-50.2-3.el7.x86_64.rpm (only AWS instance)
    rpm -ivh --replacepkgs ./third-party/postgresql/postgresql13-libs-13.2-5PGDG.rhel7.x86_64.rpm
    rpm -ivh --replacepkgs ./third-party/postgresql/postgresql13-13.2-5PGDG.rhel7.x86_64.rpm
    rpm -ivh --replacepkgs ./third-party/postgresql/postgresql13-server-13.2-5PGDG.rhel7.x86_64.rpm
    
    chown -R postgres:postgres /var/opt/postgres
    
    export PGDATA="/var/opt/postgres/data"
    export PGSETUP_INITDB_OPTIONS="-D /var/opt/postgres/data"
    
    # For centos 7&8 / rhel 7&8 
    sed -i "s~^Environment=PGDATA=.*~Environment=PGDATA=/var/opt/postgres/data~" /lib/systemd/system/postgresql-13.service
    systemctl daemon-reload
    /usr/pgsql-13/bin/postgresql-13-setup initdb
    
    # For centos 6 / rhel 6
    sed -i "s~^PGDATA=.*~PGDATA=/var/opt/postgres/data~" /etc/init.d/postgresql-13
    service postgresql-13 initdb
    
    Replace "ident" and "peer" with "trust" in postgres hba configuration files ie /var/opt/postgres/data/pg_hba.conf
    
  2. Configure PostgreSQL to allow external IP connections. 

    Anchor
    postgres_allow_external
    postgres_allow_external

  3. By default PostgreSQL will only allow localhost clients communications. To enable different IPs to communicate with the database you will need to configure the pg_hba.conf file.

    Note
    titleFile location according to installation type
    • Docker-compose$JFROG_HOME/xray/var/data/postgres/data
    • Native installations: /var/opt/postgres/data

    To grant all IPs access you may add the below, under the IPv4 local connections section.

    Code Block
    host    all             all             0.0.0.0/0               trust

     Add the following line to /var/opt/postgres/data/postgresql.conf.

    Code Block
    listen_addresses='*'
    port=5432
  4. Start PostgreSQL.

    Code Block
    systemctl start postgresql-13.service 
    
    or 
    
    service postgresql-13 start
  5. Setup the database and user.

    Code Block
    languagebash
    ## run the script to seed the tables and schemas needed by Xray
    cp -f ./third-party/postgresql/createPostgresUsers.sh /tmp
    source /etc/locale.conf
    
    cd /tmp && su postgres -c "POSTGRES_PATH=/usr/pgsql-13/bin PGPASSWORD=postgres DB_PASSWORD=password bash /tmp/createPostgresUsers.sh"

Debian   

Prerequisites

It is recommended to ensure your apt-get libraries are up-to-date, using the following commands.

Code Block
titleInstall any missing dependancies
apt-get update
apt-get install -f -y
apt-get update
Code Block
# Create the file repository configuration to pull postgresql dependencies

cp -f /etc/apt/sources.list /etc/apt/sources.list.origfile
sh -c 'echo "deb http://ftp.de.debian.org/debian/ $(lsb_release -cs) main non-free contrib" >> /etc/apt/sources.list'
sh -c 'echo "deb-src http://ftp.de.debian.org/debian/ $(lsb_release -cs) main non-free contrib" >> /etc/apt/sources.list'  
  
cp -f /etc/apt/sources.list.d/pgdg.list /etc/apt/sources.list.d/pgdg.list.origfile
sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -cs)-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'
sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ precise-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'

wget --no-check-certificate --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
Install Steps
  1. Install PostgreSQL.
    Run the following commands from the extracted jfrog-xray-<version>-deb directory.

    Code Block
    mkdir -p /var/opt/postgres/data
    
    
    Code Block
    titleUbuntu 16.04 (xenial)
    dpkg -i ./third-party/postgresql/postgresql-13_13.2-1.pgdg16.04+1_amd64.deb
    Code Block
    titleUbuntu 18.04 (bionic)
    dpkg -i ./third-party/postgresql/postgresql-13_13.2-1.pgdg18.04+1_amd64.deb
    Code Block
    titleUbuntu 20.04 (focal)
    dpkg -i ./third-party/postgresql/postgresql-13_13.2-1.pgdg20.04+1_amd64.deb
    Code Block
    titleDebian 8 (jessie)
    ## Before installing Postgres dependencies
    mv /etc/apt/sources.list.d/backports.list /etc/apt >/dev/null
    apt-get update
    dpkg -i ./third-party/postgresql/postgresql-13_13.2-1.pgdg80+1_amd64.deb
    
    # After installing Postgres dependencies
    mv /etc/apt/backports.list /etc/apt/sources.list.d/backports.list >/dev/null
    apt-get update
    Code Block
    titleDebian 9 (stretch)
    dpkg -i ./third-party/postgresql/postgresql-13_13.2-1.pgdg90+1_amd64.deb
    Code Block
    titleDebian 10 (buster)
    apt update -y 
    apt-get install wget sudo -y 
    apt-get install -y gnupg gnupg1 gnupg2 
    dpkg -i ./third-party/postgresql/postgresql-13_13.2-1.pgdg100+1_amd64.deb
  2. Stop the Xray service.

    Code Block
    systemctl stop postgresql.service
  3. Change permissions for the postgres folder.

    Code Block
    chown -R postgres:postgres /var/opt/postgres
    
    sed -i "s~^data_directory =.*~data_directory = '/var/opt/postgres/data'~" "/etc/postgresql/13/main/postgresql.conf"
    sed -i "s~^hba_file =.*~hba_file = '/var/opt/postgres/data/pg_hba.conf'~" "/etc/postgresql/13/main/postgresql.conf"
    sed -i "s~^ident_file =.*~ident_file = '/var/opt/postgres/data/pg_ident.conf'~" "/etc/postgresql/13/main/postgresql.conf"
    
    su postgres -c "/usr/lib/postgresql/13/bin/initdb --pgdata=/var/opt/postgres/data"
  4. Configure PostgreSQL to allow external IP connections. 

    Anchor
    postgres_allow_external
    postgres_allow_external

  5. By default PostgreSQL will only allow localhost clients communications. To enable different IPs to communicate with the database you will need to configure the pg_hba.conf file.

    Note
    titleFile Location According to Installation Type
    • Docker-compose$JFROG_HOME/xray/var/data/postgres/data
    • Native installations: /var/opt/postgres/data

    To grant all IPs access you may add the below, under the IPv4 local connections section:

    Code Block
    host    all             all             0.0.0.0/0               trust

    Add the following line to /etc/postgresql/13/main/postgresql.conf

    Code Block
    listen_addresses='*'
  6.  Start PostgreSQL 

    Code Block
    systemctl start postgresql.service 
    
    or 
    
    service postgresql start
  7. Set up the database and user.

    Code Block
    languagebash
    ## run the script to seed the tables and schemas needed by Xray
    cp -f ./third-party/postgresql/createPostgresUsers.sh /tmp
    source /etc/default/locale
    
    cd /tmp && su postgres -c "POSTGRES_PATH=/usr/lib/postgresql/13/bin PGPASSWORD=postgres DB_PASSWORD=password bash /tmp/createPostgresUsers.sh"
  8. Put back the original pgdg.list.

    Code Block
    mv /etc/apt/sources.list.d/pgdg.list /etc/apt/sources.list.d/pgdg.list.tmp &&
    cp -f /etc/apt/sources.list.d/pgdg.list.origfile /etc/apt/sources.list.d/pgdg.list
  9. Remove backup files.

    Code Block
    rm -f /etc/apt/sources.list.d/pgdg.list.tmp
    rm -f /etc/apt/sources.list.d/pgdg.list.origfile
  10. Put back the original sources.list.

    Code Block
    mv /etc/apt/sources.list /etc/apt/sources.list.tmp &&
    cp -f /etc/apt/sources.list.origfile /etc/apt/sources.list
  11. Remove the backup files.

    Code Block
    rm -f /etc/apt/sources.list.tmp &&
    rm -f /etc/apt/sources.list.origfile

 Linux Archive

Note
Postgres binaries are no longer bundled with linux archive installer for Xray. Remember to install Postgres manually.  
Anchor
linuxarchive
linuxarchive

   

Code Block
languagebash
 
# Create the psql database (the script "insight/app/third-party/postgresql/createPostgresUsers.sh" , responsible for seeding Postgres assumes this database exists)
<pgsql bin path>/psql template1
<postgres prompt>: CREATE DATABASE <user_name>;
<postgres prompt>: \q
 
## run the script to seed the tables and schemas needed by Xray
POSTGRES_PATH=<pgsql bin path> insight/app/third-party/postgresql/createPostgresUsers.sh


Anchor
postgres
postgres
Setting up Your PostgreSQL Databases, Users and Schemas

Warning

Database can only be changed for a new installation. Changing the names during an upgrade will result in the loss of existing data.

Info
titleHelm Users

Create a user with permission. Use this user's credentials during your Helm installation on this page.

  1. Log in to the PostgreSQL database as an admin and execute the following commands.

    Code Block
    languagebash
    titlePostgreSQL Database and User Creation
    CREATE DATABASE insight WITH ENCODING='UTF8' TABLESPACE=pg_default;
    #    Exit from current login
    \q
    #    Login to $DB_NAME database using admin user (by default its postgres)
    psql -U postgres insight
    CREATE USER insight WITH PASSWORD 'password';
    GRANT ALL ON DATABASE insight TO insight;
  2. Configure the system.yaml file with the database configuration details according to the information above. For example.

    Code Block
    languagebash
    shared:
      database:
        type: postgresql
        driver: org.postgresql.Driver
        url: jdbc:postgresql://localhost:5432/insight
        username: insight
        password: password

For Advanced Users

Manual Docker Compose Installation

  1. Extract the contents of the compressed archive and go to the extracted folder.

    Code Block
    tar -xvf jfrog-insight-<version>-compose.tar.gz
    Note
    title.env file included within the Docker-Compose archive

    This .env file is used by docker-compose and is updated during installations and upgrades.

    Notice that some operating systems do not display dot files by default. If you've made any changes to the file, remember to backup before an upgrade.

  2. Create the following folder structure under $JFROG_HOME/insight.

    Code Block
    $JFROG_HOME/insight/var
    $JFROG_HOME/insight/var/data
    $JFROG_HOME/insight/var/etc
    $JFROG_HOME/insight/var/data/elasticsearch
    $JFROG_HOME/insight/var/data/postgres
  3. Provide folder permissions to the folders as follows.

    Code Block
    chown -R 1040:1040 $JFROG_HOME/insight/var
    chown -R 1040:1040 $JFROG_HOME/insight/var/data
    chown -R 1040:1040 $JFROG_HOME/insight/var/etc
    chown -R 1000:1000 $JFROG_HOME/insight/var/data/elasticsearch
    chown -R 999:999 $JFROG_HOME/insight/var/data/postgres
  4. Copy the appropriate docker-compose templates from the templates folder to the extracted folder. Rename it as docker-compose.yaml

    NOTE: The commands below assume you are using the template: docker-compose-postgres-es.yaml

    RequirementTemplate
    Insight with externalised databasesdocker-compose.yaml
    Insight with Elasticsearch and PostgreSQLdocker-compose-postgres-es.yaml
    Note
    titleDocker for Mac

    When you use Docker Compose in Mac, /etc/localtime might not work as expected since it might not be a shared location in the docker-for-mac settings.

    You can remove the following line from the selected docker-compose.yaml file to avoid installation issues.

    Code Block
    languageyml
    - /etc/localtime:/etc/localtime:ro



  5. Update the .env file

    Code Block
    ## The Installation directory for Insight. IF not entered, the script will prompt you for this input. Default [$HOME/.jfrog/insight]
    ROOT_DATA_DIR=
    
    ## Public IP of this machine
    HOST_IP=
  6. Customize the product configuration.
    1. Set the Artifactory connection details.
    2. Customize the PostgreSQL Database connection details. (optional)
    3. Set any additional configurations (for example: ports, node id) using the Insight system.yaml configuration file.

      Note

      Verify that the host's ID and IP are added to the system.yaml. This is important to ensure that other products and Platform Deployments can reach this instance.

  7. For Elasticsearch to work correctly, increase the map count. For additional information, see Elasticsearch documentation

  8. Create the necessary tables and users using the script: "createPostgresUsers.sh". 
    • Start the PostgreSQL container.

      Code Block
      docker-compose -p insight up -d postgres
  9. Start Insight using docker-compose commands.

    Code Block
    docker-compose -p insight logs
    docker-compose -p insight ps
    docker-compose -p insight up -d
    docker-compose -p insight down
  10. Access Insight from your browser at: http://SERVER_HOSTNAME/ui/. For example, on your local machine: http://localhost/ui/.

  11. Check the Insight log.

    Code Block
    docker-compose -p insight logs
    Warning
    titleConfiguring the Log Rotation of the Console Log

    The console.log file can grow quickly since all services write to it. The installation scripts add a cron job to log rotate the console.log file every hour.

    This is not  done for manual Docker Compose installations. Learn more on how to configure the log rotation.


Copyright © 2022 JFrog Ltd.