Before configuring or executing DR on a Master/Target pair, you need to execute the following preliminary steps:
You only need to perform this step if your Master service has Artifactory Key Encryption enabled.
If your Master service has Artifactory Key Encryption enabled, you need to synchronize over the Artifactory Encryption Key to your Target service so that all passwords can be properly decrypted once your security settings are replicated to the Target. To learn more, please refer to Artifactory Key Encryption in the JFrog Artifactory User Guide. From version 5.5, new installations of JFrog Artifactory will have Artifactory Key Encryption enabled by default.
To synchronize the Artifactory Encryption Key to the Target, execute the following steps:
artifactory.keyfile from the Master to the Target service. The default location is under the
You need to enable bi-directional synchronization of security entities (users, groups and permissions) between the Master and Target services. When invoking DR, security entities existing on the Master service need to be configured in the same way on the Target service so that any action that one of these entities can perform on the Master, will also be possible on the Target service. Similarly, the opposite synchronization of security entities (from the Target back to the Master service) must also be enabled, so that any changes made to the security entities on the Target service while DR is in effect, will also be valid once the Master service is restored.
To enable synchronization of security entities between the Master and Target services, you need to establish a circle of trust between the Master and Target services.
An Access service will only receive updates of security entities from a trusted source.
To support executing DR, you need to establish the Master service as trusted on the Target service by copying the Master service's root certificate found under
$ARTIFACTORY_HOME/access/etc/keys/root.crt into the Target service's
Similarly, to support restoring security entities from the Target back to the Master, copy the Target service's root certificate found under
$ARTIFACTORY_HOME/access/etc/keys/root.crt into the Master service's
Generally, the certificates exchange should be done synonymously between both Master and Target services.
We recommend renaming each service's certificate with a meaningful name. For example, if you are implementing DR with an Artifactory service at site "us-east" as the Master and a site called "us-west" as the DR target, then
The diagram and table below give a high-level view of how to set up and invoke disaster recovery, and later restore activity to the Master service.
Managing DR involves the following main steps:
|Configuring your DR replication Master and Target pairs.||For details, please refer to DR - Configure.|
You may work with the relevant department in your organization to manually sync between corresponding repositories on the Master and Target services outside of both Mission Control and Artifactory before you initialize DR (step 3, Init, below).
This optional, external synchronization can avoid lengthy and resource intensive synchronization (step 4 below) if the storage on your Master service contains large amounts of data.
Establishing the replication relationships between all local repositories on the Master service and the corresponding repositories on the Target service.
Backing up security settings and various configuration files from the Master service to Mission Control. These are later pushed to the Target service.
For details, please refer to DR - Init
Invoking replication from the Master service to the Target service so that each local repository on the Target service is synchronized with the corresponding repository on the Master service.
For details, please refer to DR - Synchronize
Invoking failover from the Master service to the Target. Once this operation is complete, and your Administrator should switch the DNS or change the load balancer configuration to point to the Target service.
For details, please refer to DR - Activate
Restoring the Master service from the Target service.
For details, please refer to DR - Restore
To delete a DR configuration, simple click the corresponding "Delete" icon in the DR Configurations list.
$MC_HOME/etc/mission-control.properties includes a number of properties related to your DR configuration:
|When performing an automatic sync of repositories, this parameter determines when the first repository will be synchronized.|
Default: 5 min
When performing an automatic sync of repositories, this parameter determines the time interval between the successive initiation of replication for the local repositories on the Master service. For example, if set to 5 minutes, Mission Control will set the cron expression in the first repository in the Master service to invoke replication as specified in the cron expression, the next one will start 5 minutes later, the one after that, 5 minutes later again, and so forth.
Default: 300,000 ms
Mission Control periodically synchronizes the repository definitions and replication settings between the Master and Target service (config descriptor) . This parameter sets period between these sync job executions.
Default: 45 seconds
Sets the timeout period for a socket opened to Artifactory.
Default: 15000 milliseconds
Sets the Artifactory replication socket timeout for DR.
Before initializing DR, Mission Control verifies that the target service has enough storage available. When true, this parameter specifies that Mission Control should not perform this check for available space. This is the desired behavior when your target service uses cloud storage in which case the check for available space is not needed.
If you modify your $MC_HOME/etc/mission-control.properties file, we recommend restarting Mission Control to make sure your changes take effect.