The following installation methods are supported:
The installer script works with all supported upgrade methods (Linux Archive, RPM, Debian and Docker Compose). It provides you an interactive way to install Xray and its dependencies.
When running the installer script for a Linux Archive installation, do not run the installer script from a symlinked folder, as this may cause the installer to fail. |
Extract the contents of the compressed archive and go to the extracted folder.
tar -xvf jfrog-xray-<version>-<compose|rpm|deb>.tar.gz cd jfrog-xray-<version>-<compose|rpm|deb> |
When running Xray, the installation script creates a user called xray by default which must have run and execute permissions on the installation directory. It is recommended to extract the Xray download file into a directory that gives run and execute permissions to all users such as |
mv jfrog-xray-<version>-linux.tar.gz /opt/ cd /opt tar -xf jfrog-xray-<version>-linux.tar.gz mv jfrog-xray-<version>-linux xray cd xray |
This .env file is used by docker-compose and is updated during installations and upgrades. Notice that some operating systems do not display dot files by default. If you make any changes to the file, remember to backup before an upgrade. |
Run the installer script.
The script will prompt you with a series of mandatory inputs, including the jfrogURL (custom base URL) and joinKey |
./install.sh |
./config.sh |
Refer prerequisites for Xray in Linux Archive before running install script. |
./install.sh --user <user name> --group <group name> -h | --help : [optional] display usage -u | --user : [optional] (default: xray) user which will be used to run the product, it will be created if its unavailable -g | --group : [optional] (default: xray) group which will be used to run the product, it will be created if its unavailable |
Validate and customize the product configuration(optional), including the third party dependencies connection details and ports.
Verify that a large file handle limit is specified before you start Xray. |
Start and manage the Xray service.
systemctl start|stop xray.service |
Starting from Xray 3.8x, the stop and restart action on Xray will not be applied to RabbitMQ process. On start action of Xray, if RabbitMQ is not running, it will be started. If you want the script to perform stop and restart action on RabbitMQ, set shared.rabbitMq.autoStop as true in the system.yaml. Note that this flag is not consumed in docker-compose installation. |
service xray start|stop |
cd jfrog-xray-<version>-compose # Starting from Xray 3.8x RabbitMQ has been moved to a compose file of its own, this needs to be started before starting other services docker-compose -p xray-rabbitmq -f docker-compose-rabbitmq.yaml up -d # Starting from 3.8.x, PostgreSQL needs to be started before starting the other services. docker-compose -p xray-postgres -f docker-compose-postgres.yaml up -d docker-compose -p xray up -d docker-compose -p xray ps docker-compose -p xray down |
Xray can be installed and managed as a service in a Linux archive installation. Refer start Xray section under Linux Archive Manual Installation for more details. |
xray/app/bin/xray.sh start|stop |
http://<jfrogUrl>/ui/:
go to the Xray Security & Compliance tab in the Administration module in the UI.Check the Xray log.
tail -f $JFROG_HOME/xray/var/log/console.log |
The |
The following prerequisites must be installed independently of the Xray archive installation. Make sure to install them before staring your Xray service.
Erlang - Packaged as RPM (or DEB) within the archive.
Db-Utils - Packaged as RPM (or DEB) within the archive.
For your convenience, they are included within the archive. |
Install Steps
Extract the contents of the compressed archive and move it into xray directory.
tar -xvf jfrog-xray-<version>-linux.tar.gz mv jfrog-xray-<version>-linux xray |
PostgreSQL is required and must be installed before continuing with the next installation steps. Set your PostgreSQL connection details in the Shared Configurations section of the |
Start PostgreSQL.
system.yam
l configuration file.Start and manage the Xray service as the user who extracted the tar.
As a process
xray/app/bin/xray.sh start |
Manage the process.
xray/app/bin/xray.sh start|stop|status|restart |
As a service
Xray is packaged as an archive file and an install script that can be used to install it as a service running under a custom user. Currently supported on Linux systems.
When running Xray as a service, the installation script creates a user called It is recommended to extract the Xray download file into a directory that gives run and execute permissions to all users such as |
To install Xray as a service, execute the following command as root:
User and group can be passed through |
xray/app/bin/installService.sh --user <enter user, default value is xray> --group <enter group, default value is xray> -u | --user : [optional] (default: xray) user which will be used to run the product, it will be created if its unavailable -g | --group : [optional] (default: xray) group which will be used to run the product, it will be created if its unavailable |
The user and group will be stored in xray/var/etc/system.yaml
at the end of installation.
To manage the service, use systemd
or init.d
commands depending on your system.
systemctl <start|stop|status> xray.service |
service xray <start|stop|status> |
http://<jfrogUrl>/ui/
, go the Dashboard tab in the Application module in the UI.Check Xray Log.
tail -f xray/var/log/console.log |
The RPM installation bundles Xray and all its dependencies. It is provided as native RPM packages, where Xray and its dependencies must be installed separately. Use this, if you are automating installations.
Extract the contents of the compressed archive, and go to the extracted folder.
tar -xvf jfrog-xray-<version>-rpm.tar.gz cd jfrog-xray-<version>-rpm |
Install PostgreSQL. You can choose to install any compatible PostgreSQL version, or use the PostgreSQL RPM bundled with the Xray installer located under /third-party/postgresql
.
PostgreSQL is required and must be installed before continuing with the next installation steps. For a manually installed PostgreSQL, you need to set the database connection details in the Shared Configurations section of the |
Install db-util
. You can use the bundled db-utils RPM found under /third-party/misc/
.
# This will install db-util if db_dump is not available hash db_dump 2>/dev/null || rpm -ivh --replacepkgs ./third-party/misc/<db-utils version>.x86_64.rpm |
Install RabbitMQ dependencies.
# Note : Use rpms with el6 when installing on Centos 6 and RHEL 6. Run the following from the extracted folder. rpm -ivh --replacepkgs ./third-party/rabbitmq/socat-<version>.x86_64.rpm rpm -ivh --replacepkgs ./third-party/rabbitmq/erlang-<version>.x86_64.rpm |
Install Xray. You must run as a root user.
rpm -Uvh --replacepkgs ./xray/xray.rpm |
Customize the product configuration.
Set the Artifactory connection details.
Customize the PostgreSQL Database connection details. (optional)
Set any additional configurations (for example: ports, node id) using the Xray system.yaml
configuration file.
Verify that a large file handle limit is specified before you start Xray. |
Start and manage the Xray service.
systemctl start|stop xray.service |
service xray start|stop|status|restart |
http://<jfrogUrl>/ui/:
go to the Xray Security & Compliance tab in the Administration module in the UICheck the Xray Log.
tail -f $JFROG_HOME/xray/var/log/console.log |
The Debian installation bundles Xray and all its dependencies. It is provided as native Debian packages, where Xray and its dependencies must be installed separately. Use this, if you are automating installations.
Extract the contents of the compressed archive, and go to the extracted folder.
tar -xvf jfrog-xray-<version>-deb.tar.gz cd jfrog-xray-<version>-deb |
Install PostgreSQL.
PostgreSQL is required and must be installed before continuing with the next installation steps. Set your PostgreSQL connection details in the Shared Configurations section of the |
Install db-util.
db-util allows us to interact with the Berkley DB that contains information about RPM-based Docker images. This way, JFrog Xray can index OS packages for these images. |
dpkg -i ./third-party/misc/db5.<version>.deb dpkg -i ./third-party/misc/db-util_<version>.deb |
dpkg -i ./third-party/misc/db5.<version>.deb dpkg -i ./third-party/misc/db-util_<version>.deb |
dpkg -i ./third-party/misc/db5.<version>.deb dpkg -i ./third-party/misc/db-util_<version>_all.deb |
Install RabbitMQ dependencies.
dpkg -i ./third-party/rabbitmq/libss<version>.deb dpkg -i ./third-party/rabbitmq/socat_<version>.deb dpkg -i ./third-party/rabbitmq/esl-erlang_<version>.deb |
dpkg -i ./third-party/rabbitmq/socat_<version>.deb dpkg -i ./third-party/rabbitmq/esl-erlang_<version>.deb |
dpkg -i ./third-party/rabbitmq/socat_<version>.deb dpkg -i ./third-party/rabbitmq/esl-erlang_<version>.deb |
# Before installing Erlang dependencies mv /etc/apt/sources.list.d/backports.list /etc/apt >/dev/null apt-get update dpkg -i ./third-party/rabbitmq/libss<version>.deb dpkg -i ./third-party/rabbitmq/socat_<version>.deb dpkg -i ./third-party/rabbitmq/esl-erlang_<version>.deb # After installing Erlang dependencies mv /etc/apt/backports.list /etc/apt/sources.list.d/backports.list >/dev/null apt-get update |
dpkg -i ./third-party/rabbitmq/socat_<version>.deb dpkg -i ./third-party/rabbitmq/esl-erlang_<version>.deb |
dpkg -i ./third-party/rabbitmq/socat_<version>.deb dpkg -i ./third-party/rabbitmq/esl-erlang_<version>.deb |
Run the following commands if you have any issues running the above commands to install the dependencies. These will include any missing dependencies from your system.
|
Install Xray. You must run as a root user.
dpkg -i ./xray/xray.deb |
Customize the product configuration.
Set the Artifactory connection details.
Customize the PostgreSQL Database connection details. (optional)
Set any additional configurations (for example: ports, node id) using the Xray system.yaml
configuration file
Verify that a large file handle limit is specified before you start Xray. |
Start and manage the Xray service.
systemctl start|stop xray.service |
service xray start|stop|status|restart |
http://<jfrogUrl>/ui/:
go to the Xray Security & Compliance tab in the Administration module in the UICheck Xray Log.
tail -f $JFROG_HOME/xray/var/log/console.log |
The chart directory includes three values files, one for each installation type–small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. You can find the files in the corresponding chart directory. |
Add the ChartCenter Helm repository to your Helm client.
helm repo add center https://repo.chartcenter.io |
Update the repository.
helm repo update |
Initiate installation by providing a join key and JFrog url as a parameter to the Xray chart installation.
helm upgrade --install xray --set xray.joinKey=<YOUR_PREVIOUSLY_RETRIEVED_JOIN_KEY> \ --set xray.jfrogUrl=<YOUR_PREVIOUSLY_RETRIEVED_BASE_URL> --namespace xray center/jfrog/xray |
Alternatively, you can manually create a secret containing the join key and then pass it to the template during install/upgrade. The key must be named join-key.
kubectl create secret generic my-secret --from-literal=join-key=<YOUR_PREVIOUSLY_RETRIEVED_JOIN_KEY> # Pass the created secret to helm helm upgrade --install xray --set xray.joinKeySecretName=my-secret --namespace xray center/jfrog/xray |
In either case, make sure to pass the same join key on all future calls to |
Customize the product configuration (optional) including database, Java Opts, and filestore.
Unlike other installations, Helm Chart configurations are made to the Follow these steps to apply the configuration changes.
|
Access Xray from your browser at: http://<jfrogUrl>/ui/:
go to the Xray Security & Compliance tab in the Administration module in the UI
Check the status of your deployed Helm release.
helm status xray |
For advanced installation options, see Helm Charts Installers for Advanced Users. |
The following describes how to set up an Xray HA cluster with two or more nodes. For more information, see the System Architecture.
All nodes within the same Xray HA installation must be running the same Xray version.
Xray HA requires an external PostgreSQL database. Make sure to install the database before proceeding to install the first node. There are several ways to set up PostgreSQL for redundancy, such as Load Balancing and Replication. For more information, see PostgreSQL..
RabbitMQ is automatically installed as part of the Xray installation for every node. In an HA architecture, RabbitMQ uses queue mirroring between the different RabbitMQ nodes, which are set up automatically.
Xray HA is supported with an Enterprise License. Each node in the cluster must be activated with a different license.
All the Xray HA components (Xray cluster nodes, database server and RabbitMQ) must be within the same fast LAN.
All the HA nodes must communicate with each other through dedicated TCP ports.
The following installation methods are supported:
First node installation steps:
Configure the system.yaml file with the database and first node configuration details. For example,
shared: database: type: postgresql driver: org.postgresql.Driver url: postgres://<ip:port>/xraydb?sslmode=disable username: xray password: xray jfrogUrl: <JFrog URL> security: joinKey: <Artifactory Join Key> |
Start and manage the Xray service.
systemctl start|stop xray.service |
service xray start|stop |
http://<jfrogUrl>/ui/:
go to the Xray Security & Compliance tab in the Administration module in the UICheck the Xray log.
tail -f $JFROG_HOME/xray/var/log/console.log |
Additional node installation steps:
For a node to join a cluster, the node must have the same database configuration and the Master Key.
The master key used by Xray is not the same one used by Artifactory. |
Configure the system.yaml
file for the additional node with master key, database and active node configurations. For example,
shared: database: type: postgresql driver: org.postgresql.Driver url: postgres://<ip:port>/xraydb?sslmode=disable username: xray password: xray jfrogUrl: <JFrog URL> security: joinKey: <Artifactory Join Key> rabbitMq: active: node: name: ip: |
master.key
from the first node to the additional node located at $JFROG_HOME/xray/var/etc/security/master.key.
Start the additional node.
http://<jfrogUrl>/ui/:
go to the Xray Security & Compliance tab in the Administration module in the UICheck the Xray log.
tail -f $JFROG_HOME/xray/var/log/console.log |
First node installation steps:
Extract the contents of the compressed archive and go to the extracted folder.
tar -xvf jfrog-xray-<version>-compose.tar.gz cd jfrog-xray-<version>-compose |
This .env file is used by docker-compose and is updated during installations and upgrades. Notice that some operating systems do not display dot files by default. If you make any changes to the file, remember to backup before an upgrade. |
Run the config.sh
script to setup folders with required ownership. Note: the script will prompt you with a series of mandatory inputs, including if this is part of a cluster, and configure the needed system.yaml
.
./config.sh |
Start and manage Xray using docker-compose commands. Note: Run this command only from the extracted folder.
cd jfrog-xray-<version>-compose # Starting from Xray 3.8x RabbitMQ has been moved to a compose file of its own, this needs to be started before starting other services docker-compose -p xray-rabbitmq -f docker-compose-rabbitmq.yaml up -d # Starting from Xray 3.8x, PostgreSQL needs to be started before starting the other services. docker-compose -p xray-postgres -f docker-compose-postgres.yaml up -d docker-compose -p xray up -d docker-compose -p xray logs docker-compose -p xray ps docker-compose -p xray down |
Access Xray from your browser at: http://<jfrogUrl>/ui/:
go to the Xray Security & Compliance tab in the Administration module in the UI
Check the Xray log.
docker-compose -p xray logs |
Additional node installation steps:
Extract the contents of the compressed archive and go to the extracted folder.
tar -xvf jfrog-xray-<version>-compose.tar.gz cd jfrog-xray-<version>-compose |
Run the config.sh
script to setup folders with required ownership. Note: the script will prompt you with a series of mandatory inputs, including if this is part of a cluster, and configure the needed system.yaml
.
./config.sh |
Start and manage Xray using docker-compose commands. Note: Run this command only from the extracted folder.
cd jfrog-xray-<version>-compose # Starting from Xray 3.8x RabbitMQ has been moved to a compose file of its own, this needs to be started before starting other services docker-compose -p xray-rabbitmq -f docker-compose-rabbitmq.yaml up -d docker-compose -p xray up -d docker-compose -p xray logs docker-compose -p xray ps docker-compose -p xray down |
Access Xray from your browser at: http://<jfrogUrl>/ui/:
go to the Xray Security & Compliance tab in the Administration module in the UI
Check the Xray log.
docker-compose -p xray logs |
Currently, it is not possible to connect a JFrog product (e.g., Xray) that is within a Kubernetes cluster with another JFrog product (e.g., Artifactory) that is outside of the cluster, as this is considered a separate network. Therefore, JFrog products cannot be joined together if one of them is in a cluster. |
The chart directory includes three values files, one for each installation type–small/medium/large. These values files are recommendations for setting resources requests and limits for your installation. You can find the files in the corresponding chart directory. |
For an HA Xray installation, set the replicaCount in the values.yaml file to >1 (the recommended is 3). It is highly recommended to also set RabbitMQ to run as an HA cluster. Start Xray with 3 replicas per service and 3 replicas for RabbitMQ.
|
Add the ChartCenter Helm repository to your Helm client.
helm repo add center https://repo.chartcenter.io |
Update the repository.
helm repo update |
Next, create a unique master key; JFrog Xray requires a unique master key to be used by all micro-services in the same cluster. By default the chart has one set in values.yaml
(xray.masterKey
).
For production grade installations it is strongly recommended to use a custom master key. If you initially use the default master key it will be very hard to change the master key at a later stage This key is for demo purpose and should not be used in a production environment. |
Generate a unique key and pass it to the template during installation/upgrade.
# Create a key export MASTER_KEY=$(openssl rand -hex 32) echo ${MASTER_KEY} # Pass the created master key to Helm helm upgrade --install --set xray.masterKey=${MASTER_KEY} --namespace xray center/jfrog/xray |
Alternatively, you can create a secret containing the master key manually and pass it to the template during installation/upgrade.
# Create a key export MASTER_KEY=$(openssl rand -hex 32) echo ${MASTER_KEY} # Create a secret containing the key. The key in the secret must be named master-key kubectl create secret generic my-secret --from-literal=master-key=${MASTER_KEY} # Pass the created secret to Helm helm upgrade --install xray --set xray.masterKeySecretName=my-secret --namespace xray center/jfrog/xray |
In either case, make sure to pass the same master key on all future calls to |
Initiate installation by providing a join key and JFrog url as a parameter to the Xray chart installation.
helm upgrade --install xray --set xray.joinKey=<YOUR_PREVIOUSLY_RETRIEVED_JOIN_KEY> \ --set xray.jfrogUrl=<YOUR_PREVIOUSLY_RETRIEVED_BASE_URL> --namespace xray center/jfrog/xray |
Alternatively, you can manually create a secret containing the join key and then pass it to the template during install/upgrade. The key must be named join-key.
kubectl create secret generic my-secret --from-literal=join-key=<YOUR_PREVIOUSLY_RETRIEVED_JOIN_KEY> # Pass the created secret to helm helm upgrade --install xray --set xray.joinKeySecretName=my-secret --namespace xray center/jfrog/xray |
In either case, make sure to pass the same join key on all future calls to |
Customize the product configuration (optional) including database, Java Opts, and filestore.
Unlike other installations, Helm Chart configurations are made to the Follow these steps to apply the configuration changes.
|
Access Xray from your browser at: http://<jfrogUrl>/ui/:
go to the Xray Security & Compliance tab in the Administration module in the UI
Check the status of your deployed helm releases.
helm status xray |
For advanced installation options, see Helm Charts Installers for Advanced Users. |
After installing and before running Xray, you may set the following configurations.
You can configure all your system settings using the If you don't have a System YAML file in your folder, copy the template available in the folder and name it For the Helm charts, the |
Xray requires a working Artifactory server and a suitable license. The Xray connection to Artifactory requires 2 parameters:
|
Xray comes bundled with a postgreSQL Database out-of-the-box, which come pre-configured with default credentials.
To change the default credentials:
# Access PostgreSQL as the Xray user adding the optional -W flag to invoke the password prompt $ psql -d xraydb -U xray -W # Securely change the password for user "xray". Enter and then retype the password at the prompt. \password xray # Verify the update was successful by logging in with the new credentials $ psql -d xraydb -U xray -W |
Set your PostgreSQL connection details in the Shared Configurations section of the $JFROG_HOME/xray
/var/etc/system.yaml
file.
To change the default credentials.
Set the new password in the <MOUNT_DIR>/app/third-party/rabbitmq/rabbitmq.conf
file.
default_pass = <new password> |
$JFROG_HOME/xray/var/etc/system.yaml
file.Restart all services.
cd jfrog-xray-<version>-compose docker-compose -p xray restart |
To change the default credentials.
Set the new password in the$JFROG_HOME
/app/bin/rabbitmq/rabbitmq.conf
file.
default_pass = <new password> |
$JFROG_HOME/xray/var/etc/system.yaml
file.Restart all services.
service xray restart / systemctl restart xray.service |
To change the default credentials.
Set the new password in the$JFROG_HOME
/app/bin/rabbitmq/rabbitmq.conf
file.
default_pass = <new password> |
$JFROG_HOME/xray/var/etc/system.yaml
file.Restart all services.
xray/app/bin/xray.sh restart |
By default, RabbitMQ uses the short hostnames of other nodes in the cluster for communication. However, it be can be configured to use a fully qualified domain name (FQND) host name (a long hostname).
To configure RabbitMQ to use FQDN, follow these steps.
Modify the following files according to the installer type.
In docker-compose-rabbitmq.yaml: environment: - RABBITMQ_USE_LONGNAME=true In .env: HOST_ID=<long hostname> ## For secondary nodes only #JF_SHARED_RABBITMQ_ACTIVE_NODE_NAME=<long hostname of active node> |
In system.yaml: shared: node: id: <long hostname> name: <long hostname> ## For secondary nodes only # shared: # rabbitMq: # active: # node: # name: <long hostname of active node> |
In JFROG_HOME/app/bin/xray.default: export RABBITMQ_USE_LONGNAME=true |
Start RabbitMQ and the Xray services.
Xray enables using an external log collector such as Sumologic or Splunk.
To adjust the permissions to allow the log collection service perform read operations on the generated log files:
Apply the user and group permissions as needed on the $JFROG_HOME/xray/var/log
directory using:
$ chmod -R 640 $JFROG_HOME/xray/var/log |
Adjust the group read inheritance permissions setgid bit
using:
$ chmod -R 2755 $JFROG_HOME/xray/var/log |
This will cause the generated log files to inherit the folder's group permissions.
It is recommended to increase the maximum connections setting in the PostgreSQL configuration file. Open the
Restart the database to enable this change. |
Some managed databases, such as Azure, have a different username for accessing the database than the actual one inside the database. For Azure-managed PostgreSQL, the |
Install PostgreSQL.
# Run the following commands from the extracted jfrog-xray-<version>-rpm directory. # Note : Use postgreSQL rpms with el6 when installing on Centos 6 and RHEL 6 and use postgresql12-12.3-1 packages # Note : Use postgreSQL rpms with el8 when installing on Centos 8 and RHEL 8 mkdir -p /var/opt/postgres/data rpm -ivh --replacepkgs ./third-party/postgresql/libicu-50.2-3.el7.x86_64.rpm (only AWS instance) rpm -ivh --replacepkgs ./third-party/postgresql/postgresql12-libs-12.3-5PGDG.rhel7.x86_64.rpm rpm -ivh --replacepkgs ./third-party/postgresql/postgresql12-12.3-5PGDG.rhel7.x86_64.rpm rpm -ivh --replacepkgs ./third-party/postgresql/postgresql12-server-12.3-5PGDG.rhel7.x86_64.rpm chown -R postgres:postgres /var/opt/postgres export PGDATA="/var/opt/postgres/data" export PGSETUP_INITDB_OPTIONS="-D /var/opt/postgres/data" # For centos 7&8 / rhel 7&8 sed -i "s~^Environment=PGDATA=.*~Environment=PGDATA=/var/opt/postgres/data~" /lib/systemd/system/postgresql-12.service systemctl daemon-reload /usr/pgsql-12/bin/postgresql-12-setup initdb # For centos 6 / rhel 6 sed -i "s~^PGDATA=.*~PGDATA=/var/opt/postgres/data~" /etc/init.d/postgresql-12 service postgresql-12 initdb Replace "ident" and "peer" with "trust" in postgres hba configuration files ie /var/opt/postgres/data/pg_hba.conf |
Configure PostgreSQL to allow external IP connections.
By default PostgreSQL will only allow localhost clients communications. To enable different IPs to communicate with the database you will need to configure the pg_hba.conf file.
|
To grant all IPs access you may add the below, under the IPv4 local connections section.
host all all 0.0.0.0/0 trust |
Add the following line to /var/opt/postgres/data
/postgresql.conf.
listen_addresses='*' port=5432 |
Start PostgreSQL.
systemctl start postgresql-12.service or service postgresql-12 start |
Setup the database and user.
## run the script to seed the tables and schemas needed by Xray cp -f ./third-party/postgresql/createPostgresUsers.sh /tmp source /etc/locale.conf cd /tmp && su postgres -c "POSTGRES_PATH=/usr/pgsql-12/bin PGPASSWORD=postgres DB_PASSWORD=password bash /tmp/createPostgresUsers.sh" |
It is recommended to ensure your apt-get
libraries are up-to-date, using the following commands.
apt-get update apt-get install -f -y apt-get update |
# Create the file repository configuration to pull postgresql dependencies cp -f /etc/apt/sources.list /etc/apt/sources.list.origfile sh -c 'echo "deb http://ftp.de.debian.org/debian/ $(lsb_release -cs) main non-free contrib" >> /etc/apt/sources.list' sh -c 'echo "deb-src http://ftp.de.debian.org/debian/ $(lsb_release -cs) main non-free contrib" >> /etc/apt/sources.list' cp -f /etc/apt/sources.list.d/pgdg.list /etc/apt/sources.list.d/pgdg.list.origfile sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -cs)-pgdg main" >> /etc/apt/sources.list.d/pgdg.list' sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ precise-pgdg main" >> /etc/apt/sources.list.d/pgdg.list' wget --no-check-certificate --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - |
Install PostgreSQL.
Run the following commands from the extracted jfrog-xray-<version>-deb directory.
mkdir -p /var/opt/postgres/data |
dpkg -i ./third-party/postgresql/postgresql-12_12.3-1.pgdg16.04+1_amd64.deb |
dpkg -i ./third-party/postgresql/postgresql-12_12.3-1.pgdg18.04+1_amd64.deb |
dpkg -i ./third-party/postgresql/postgresql-12_12.3-1.pgdg20.04+1_amd64.deb |
## Before installing Postgres dependencies mv /etc/apt/sources.list.d/backports.list /etc/apt >/dev/null apt-get update dpkg -i ./third-party/postgresql/postgresql-12_12.3-1.pgdg80+1_amd64.deb # After installing Postgres dependencies mv /etc/apt/backports.list /etc/apt/sources.list.d/backports.list >/dev/null apt-get update |
dpkg -i ./third-party/postgresql/postgresql-12_12.3-1.pgdg90+1_amd64.deb |
apt update -y apt-get install wget sudo -y apt-get install -y gnupg gnupg1 gnupg2 dpkg -i ./third-party/postgresql/postgresql-12_12.3-1.pgdg100+1_amd64.deb |
Stop the Xray service.
systemctl stop postgresql.service |
Change permissions for the postgres folder.
chown -R postgres:postgres /var/opt/postgres sed -i "s~^data_directory =.*~data_directory = '/var/opt/postgres/data'~" "/etc/postgresql/12/main/postgresql.conf" sed -i "s~^hba_file =.*~hba_file = '/var/opt/postgres/data/pg_hba.conf'~" "/etc/postgresql/12/main/postgresql.conf" sed -i "s~^ident_file =.*~ident_file = '/var/opt/postgres/data/pg_ident.conf'~" "/etc/postgresql/12/main/postgresql.conf" su postgres -c "/usr/lib/postgresql/12/bin/initdb --pgdata=/var/opt/postgres/data" |
Configure PostgreSQL to allow external IP connections.
By default PostgreSQL will only allow localhost clients communications. To enable different IPs to communicate with the database you will need to configure the pg_hba.conf file.
|
To grant all IPs access you may add the below, under the IPv4 local connections section:
host all all 0.0.0.0/0 trust |
Add the following line to /etc/postgresql/12/main/postgresql.conf
listen_addresses='*' |
Start PostgreSQL
systemctl start postgresql.service or service postgresql start |
Setup the database and user
## run the script to seed the tables and schemas needed by Xray cp -f ./third-party/postgresql/createPostgresUsers.sh /tmp source /etc/default/locale cd /tmp && su postgres -c "POSTGRES_PATH=/usr/lib/postgresql/12/bin PGPASSWORD=postgres DB_PASSWORD=password bash /tmp/createPostgresUsers.sh" |
Putting back the original pgdg.list
mv /etc/apt/sources.list.d/pgdg.list /etc/apt/sources.list.d/pgdg.list.tmp && cp -f /etc/apt/sources.list.d/pgdg.list.origfile /etc/apt/sources.list.d/pgdg.list |
Removing backup files
rm -f /etc/apt/sources.list.d/pgdg.list.tmp rm -f /etc/apt/sources.list.d/pgdg.list.origfile |
Putting back the original sources.list
mv /etc/apt/sources.list /etc/apt/sources.list.tmp && cp -f /etc/apt/sources.list.origfile /etc/apt/sources.list |
Removing backup files
rm -f /etc/apt/sources.list.tmp && rm -f /etc/apt/sources.list.origfile |
Postgres binaries are no longer bundled with linux archive installer for Xray. Remember to install Postgres manually. |
# Create the psql database (the script "xray/app/third-party/postgresql/createPostgresUsers.sh" , responsible for seeding Postgres assumes this database exists) <pgsql bin path>/psql template1 <postgres prompt>: CREATE DATABASE <user_name>; <postgres prompt>: \q ## run the script to seed the tables and schemas needed by Xray POSTGRES_PATH=<pgsql bin path> xray/app/third-party/postgresql/createPostgresUsers.sh |
Xray 3.x and 2.x support PostgreSQL versions 9.5, 9.6, 10, 11, 12 (the earliest version of Xray 2.x that supports PostgreSQL 10-12 is Xray 2.16). Because PostgreSQL is ending its support for some of its older versions, including 9.5 in February 2021 and 9.6 in November 2021.Although it is possible to upgrade incrementally from 9.5 to 9.6, JFrog recommends upgrading to PostgreSQL 12. This will extend the time until the next PostgreSQL end of support and enables Xray to take advantage of the latest abilities provided by the new versions, such as better performance, etcTo learn about the process and requirements for upgrading PostgreSQL, see JFrog Xray PostgreSQL Upgrade - PostgreSQL 9.x EoS. |
# Note : Use the following rpm files with el6 when installing on CentOS 6 and RHEL 6. Run the following commands from the extracted folder. rpm -ivh --replacepkgs xray/app/third-party/rabbitmq/socat-<version>.rpm rpm -ivh --replacepkgs xray/app/third-party/rabbitmq/erlang-<version>.rpm |
It is recommended to make sure your
|
dpkg -i xray/app/third-party/rabbitmq/libss<version>.deb dpkg -i xray/app/third-party/rabbitmq/socat_<version>.deb dpkg -i xray/app/third-party/rabbitmq/esl-erlang_<version>.deb |
dpkg -i xray/app/third-party/rabbitmq/socat_<version>.deb dpkg -i xray/app/third-party/rabbitmq/esl-erlang_<version>.deb |
# Before installing Erlang dependencies mv /etc/apt/sources.list.d/backports.list /etc/apt >/dev/null apt-get update dpkg -i xray/app/third-party/rabbitmq/libss<version>.deb dpkg -i xray/app/third-party/rabbitmq/socat_<version>.deb dpkg -i xray/app/third-party/rabbitmq/esl-erlang_<version>.deb # After installing Erlang dependencies mv /etc/apt/backports.list /etc/apt/sources.list.d/backports.list >/dev/null apt-get update |
dpkg -i xray/app/third-party/rabbitmq/socat_<version>.deb dpkg -i xray/app/third-party/rabbitmq/esl-erlang_<version>.deb |
db-util allows us to interact with the Berkley DB that contains information about RPM-based Docker images. This way, JFrog Xray can index OS packages for these images. |
# This will install db-util if db_dump is not available hash db_dump 2>/dev/null || rpm -ivh --replacepkgs xray/app/third-party/misc/db4-utils-<version>.rpm |
dpkg -i xray/app/third-party/misc/db5.3-util_<version>.deb dpkg -i xray/app/third-party/misc/db-util_<version>.deb |
dpkg -i xray/app/third-party/misc/db5.3-util_<version>.deb dpkg -i xray/app/third-party/misc/db-util_<version>.deb |
dpkg -i xray/app/third-party/misc/db5.3-util_<version>.deb dpkg -i xray/app/third-party/misc/db-util_<version>.deb |
Extract the contents of the compressed archive and go to the extracted folder.
tar -xvf jfrog-xray-<version>-compose.tar.gz |
This .env file is used by docker-compose and is updated during installations and upgrades. Notice that some operating systems do not display dot files by default. If you've made any changes to the file, remember to backup before an upgrade. |
Create the following folder structure under $JFROG_HOME/xray
.
|-- [ ] app | `-- [ ] third-party `-- [999 999 ] rabbitmq `-- [1035 1035 ] var |-- [1035 1035 ] data |-- [1035 1035 ] etc |
Copy the appropriate docker-compose templates from the templates folder to the extracted folder. Rename it as docker-compose.yaml
.
Requirement | Template |
---|---|
Xray | docker-compose.yaml |
RabbitMQ | docker-compose-rabbitmq.yaml |
PostgreSQL | docker-compose-postgres.yaml |
Update the .env
file.
## The Installation directory for Xray. IF not entered, the script will prompt you for this input. Default [$HOME/.jfrog/xray] ROOT_DATA_DIR= # Host ID. Other nodes in the cluster will use this ID to identify this node HOST_ID= # ID of the active node. Please leave the value as "None" for active nodes. (shared.rabbitMq.active.node.name). JF_SHARED_RABBITMQ_ACTIVE_NODE_NAME=None # IP of the active node. (shared.rabbitMq.active.node.ip) JF_SHARED_RABBITMQ_ACTIVE_NODE_IP=127.0.0.1 # Bind IP for Internal ports of Third party applications JF_THIRD_PARTY_BIND_IP=127.0.0.1 |
Set any additional configurations (for example: ports, node id) using the Xray system.yaml
configuration file.
Ensure the host's ID and IP are added to the |
Customize any additional product configuration (optional) including, Java Opts and filestore.
rabbitmq.conf
and setRabbitCluster.sh files to the folder: app/third-party/rabbitmq
. Ensure both are owned by 999:999 (rabbitmq uid/gid)Start Xray and PostgreSQL using docker-compose commands.
## RabbitMQ needs to be started before starting other services docker-compose -p xray-rabbitmq -f docker-compose-rabbitmq.yaml up -d ## From Xray 3.8.x, PostgreSQL needs to be started before starting the other services. docker-compose -p xray-postgres -f docker-compose-postgres.yaml up -d docker-compose -p xray up -d ## Check whether service is up docker-compose -p xray ps |
Access Artifactory from your browser at: http://SERVER_HOSTNAME/ui/
. For example, on your local machine: http://localhost/ui/
.
Check Distribution log.
docker ps docker-compose -p xray logs |
The This is not done for manual Docker Compose installations. Learn more on how to configure the log rotation. |
<iframe width="560" height="315" src="https://www.youtube.com/embed/sGV6lFCi0ro" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe> |