DevOps Tools/Repository Management/Artifactory

From r00tedvw.com wiki
(Difference between revisions)
Jump to: navigation, search
 
(26 intermediate revisions by one user not shown)
Line 8: Line 8:
 
~$ docker pull docker.bintray.io/jfrog/artifactory-oss:latest
 
~$ docker pull docker.bintray.io/jfrog/artifactory-oss:latest
 
~$ docker run --name artifactory-oss -d -v /opt/jfrog/artifactory:/var/opt/jfrog/artifactory -p 8081:8081 docker.bintray.io/jfrog/artifactory-oss:latest</nowiki>
 
~$ docker run --name artifactory-oss -d -v /opt/jfrog/artifactory:/var/opt/jfrog/artifactory -p 8081:8081 docker.bintray.io/jfrog/artifactory-oss:latest</nowiki>
 +
 +
==Repository==
 +
Done on CentOS7
 +
===Dependencies===
 +
<nowiki>~$ sudo yum install -y wget java-1.8.0-openjdk  java-1.8.0-openjdk-devel</nowiki>
 +
Set the Java variables.
 +
<nowiki>~$ sudo vim /etc/profile.d/java.sh
 +
#!/bin/bash
 +
export JAVA_HOME=$(dirname $(dirname $(readlink $(readlink $(which javac)))))
 +
export PATH=$PATH:$JAVA_HOME/bin
 +
export CLASSPATH=.:$JAVA_HOME/jre/lib:$JAVA_HOME/lib:$JAVA_HOME/lib/tools.jar</nowiki>
 +
 +
<nowiki>~$ source /etc/profile.d/java.sh
 +
~$ echo "JAVA_HOME: $JAVA_HOME"; echo "PATH: $PATH"; echo "CLASSPATH: $CLASSPATH"
 +
JAVA_HOME: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.262.b10-0.el7_8.x86_64
 +
PATH: /usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/r00t/.local/bin:/home/r00t/bin:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.262.b10-0.el7_8.x86_64/bin
 +
CLASSPATH: .:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.262.b10-0.el7_8.x86_64/jre/lib:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.262.b10-0.el7_8.x86_64/lib:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.262.b10-0.el7_8.x86_64/lib/tools.jar</nowiki>
 +
 +
===Add artifactory repo and install===
 +
<nowiki>~$ wget https://bintray.com/jfrog/artifactory-rpms/rpm -O bintray-jfrog-artifactory-oss-rpms.repo
 +
~$ sudo mv bintray-jfrog-artifactory-oss-rpms.repo /etc/yum.repos.d/
 +
~$ sudo yum install -y jfrog-artifactory-oss</nowiki>
 +
Add the Artifactory home environment variable
 +
<nowiki>~$ sudo vim /etc/profile.d/artifactory.sh
 +
#!/bin/bash
 +
export ARTIFACTORY_HOME=/opt/jfrog/artifactory
 +
export JFROG_HOME=/opt/jfrog</nowiki>
 +
 +
===Install Database===
 +
Artifactory requires Mariadb 10.2.9 or greater.
 +
<nowiki>~$ sudo vim /etc/yum.repos.d/MariaDB.repo
 +
[mariadb]
 +
name = MariaDB
 +
baseurl = http://yum.mariadb.org/10.5/centos7-amd64
 +
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
 +
gpgcheck=1
 +
 +
~$ sudo yum install -y mariadb-server
 +
~$ sudo systemctl start mariadb.service
 +
~$ sudo systemctl enable mariadb.service</nowiki>
 +
Configure the Database
 +
<nowiki>~$ mysql_secure_installation
 +
Enter current password for root (enter for none):
 +
Set root password? [Y/n] y
 +
New password:
 +
Re-enter new password:
 +
Remove anonymous users? [Y/n] y
 +
Disallow root login remotely? [Y/n] y
 +
Remove test database and access to it? [Y/n] y
 +
Reload privilege tables now? [Y/n] y</nowiki>
 +
 +
===Configure Database===
 +
Artifactory provides a series of example sql scripts for setting up the needed resources: <code>/opt/jfrog/artifactory/app/misc/db/</code>.<br>
 +
For mariadb, we can modify the mariadb sql script appropriately.
 +
<nowiki>~$ sudo vim /opt/jfrog/artifactory/app/misc/db/createdb_mariadb.sql
 +
CREATE DATABASE artdb CHARACTER SET utf8 COLLATE utf8_bin;
 +
CREATE USER 'artifactory'@'localhost' IDENTIFIED BY 'Password';
 +
GRANT ALL ON artdb.* TO 'artifactory'@'localhost' IDENTIFIED BY 'Password';
 +
FLUSH PRIVILEGES;</nowiki>
 +
Now implement
 +
<nowiki>~$ sudo mysql -u root -p < /opt/jfrog/artifactory/app/misc/db/createdb_mariadb.sql</nowiki>
 +
 +
===Install & Setup Connector/J===
 +
Download the latest version of the <code>mariadb-java-client</code> Jar from here [https://downloads.mariadb.org/connector-java/ https://downloads.mariadb.org/connector-java/] or [https://downloads.mariadb.com/Connectors/java/ https://downloads.mariadb.com/Connectors/java/]
 +
<br>
 +
In my case, the latest was 2.6.2
 +
<nowiki>~$ wget https://downloads.mariadb.com/Connectors/java/connector-java-2.6.2/mariadb-java-client-2.6.2.jar</nowiki>
 +
Move it to the right directory and make sure the permissions are correct and match <code>$JFROG_HOME/artifactory/var</code>
 +
<nowiki>~$ sudo mv mariadb-java-client-2.6.2.jar $JFROG_HOME/artifactory/var/bootstrap/artifactory/tomcat/lib
 +
~$ ls -la $JFROG_HOME/artifactory
 +
lrwxrwxrwx.  1 artifactory artifactory  26 Aug 22 17:29 var -> /var/opt/jfrog/artifactory
 +
~$ ls -la /var/opt/jfrog/
 +
drwxr-xr-x. 6 artifactory artifactory 57 Aug 22 17:29 artifactory
 +
~$ sudo chown artifactory:artifactory $JFROG_HOME/artifactory/var/bootstrap/artifactory/tomcat/lib/mariadb-java-client-2.6.2.jar
 +
~$ sudo chmod 755 $JFROG_HOME/artifactory/var/bootstrap/artifactory/tomcat/lib/mariadb-java-client-2.6.2.jar</nowiki>
 +
Update <code>system.yaml</code> with the correct changes.
 +
<nowiki>~$ sudo rm $JFROG_HOME/artifactory/var/etc/system.yaml
 +
~$ sudo touch $JFROG_HOME/artifactory/var/etc/system.yaml
 +
~$ sudo chmod 755 $JFROG_HOME/artifactory/var/etc/system.yaml
 +
~$ sudo vim $JFROG_HOME/artifactory/var/etc/system.yaml
 +
configVersion: 1
 +
shared:
 +
  database:
 +
    type: mariadb
 +
    driver: org.mariadb.jdbc.Driver
 +
    url: jdbc:mariadb://localhost:3306/artdb?characterEncoding=UTF-8&elideSetAutoCommits=true&useSSL=false&useMysqlMetadata=true
 +
    username: artifactory
 +
    password: password</nowiki>
 +
 +
===Increase File descriptor and open file limits===
 +
The defaults that come with CentOS 7 will not be sufficient for artifactory, so we need to increase both.
 +
<nowiki>~$ sudo vim /etc/sysctl.conf
 +
...
 +
fs.file-max = 100000</nowiki>
 +
<nowiki>~$ sudo vim /etc/security/limits.conf
 +
...
 +
* soft nproc 65535
 +
* hard nproc 65535
 +
* soft nofile 65535
 +
* hard nofile 65535
 +
#End</nowiki>
 +
Update
 +
<nowiki>~$ sudo sysctl -p</nowiki>
 +
Check to make sure the artifactory user has the updated limits.
 +
<nowiki>~$ sudo su artifactory --shell /bin/bash --command "ulimit -n"
 +
65535
 +
~$ sudo su artifactory --shell /bin/bash --command "cat /proc/sys/fs/file-max"
 +
100000</nowiki>
 +
 +
===Open Firewall===
 +
<nowiki>~$ sudo firewall-cmd --permanent --zone=public --add-port=8081/tcp
 +
~$ sudo firewall-cmd --permanent --zone=public --add-port=8082/tcp
 +
~$ sudo firewall-cmd --reload</nowiki>
 +
 +
===Start and Enable===
 +
<nowiki>~$ sudo systemctl enable artifactory.service
 +
~$ sudo systemctl start artifactory.service</nowiki>
  
 
=Uploading bulk=
 
=Uploading bulk=
Line 27: Line 144:
 
  <nowiki>#!/bin/bash
 
  <nowiki>#!/bin/bash
  
url=http://dockerhost:8081/artifactory/generic-local
+
url=http://dockerhost:8081/artifactory/generic-local/SubFolder
 
apikey=697929fdb66e46e1db0b4ec1fd4292028a853c7879a969b3e0188b14ee24d55d98d7e8110c2579c0
 
apikey=697929fdb66e46e1db0b4ec1fd4292028a853c7879a969b3e0188b14ee24d55d98d7e8110c2579c0
 
localfile=/Users/r00t/test.html
 
localfile=/Users/r00t/test.html
 +
FILES=/Users/r00t/Downloads/crap/artifactoryfiles/*
 +
search='partialfilename'
  
file=$(basename $localfile)
+
for f in $FILES
sha1checksum=$(openssl sha1 $localfile | awk '{ print $2 }')
+
do
md5checksum=$(openssl md5 $localfile | awk '{ print $2 }')
+
sha256checksum=$(openssl sha256 $localfile | awk '{ print $2 }')
+
  
curl --header "X-JFrog-Art-Api:${apikey}" \
+
if [[ $f =~ "$search" ]]; then
    --header "X-Checksum-Sha1:${sha1checksum}" \
+
file=$(basename $f)
    --header "X-Checksum-MD5:${md5checksum}" \
+
sha1checksum=$(openssl sha1 $f | awk '{ print $2 }')
    --header "X-Checksum-Sha256:${sha256checksum}" \
+
md5checksum=$(openssl md5 $f | awk '{ print $2 }')
    --upload-file $localfile \
+
sha256checksum=$(openssl sha256 $f | awk '{ print $2 }')
    -X PUT "$url/$file"</nowiki>
+
 
 +
echo "uploading file: $f"
 +
curl --header "X-JFrog-Art-Api:${apikey}" \
 +
        --header "X-Checksum-Sha1:${sha1checksum}" \
 +
        --header "X-Checksum-MD5:${md5checksum}" \
 +
        --header "X-Checksum-Sha256:${sha256checksum}" \
 +
        --upload-file $f \
 +
        -X PUT "$url/$file"
 +
fi
 +
done</nowiki>
 +
 
 +
=Downloading Bulk=
 +
Done on a mac
 +
<nowiki>#!/bin/bash
 +
 
 +
url=http://dockerhost:8081
 +
repo=generic-local
 +
path=/SubFolder
 +
apikey=697929fdb66e46e1db0b4ec1fd4292028a853c7879a969b3e0188b14ee24d55d98d7e8110c2579c0
 +
 
 +
for f in $(curl $url/artifactory/api/storage/$repo$path | jq '.children[].uri' | sed -E -e 's/"|"\///g')
 +
do
 +
echo "downloading file: $f"
 +
curl --header "X-JFrog-Art-Api:${apikey}" --remote-name $url/artifactory/$repo$path/$f
 +
done </nowiki>
 +
 
 +
=Deleting Bulk=
 +
If you need to delete a series of files in bulk, using a loose matching search term (regex)
 +
<nowiki>#!/bin/bash
 +
 
 +
url=http://dockerhost:8081
 +
repo=generic-local
 +
path=/SubFolder
 +
apikey=697929fdb66e46e1db0b4ec1fd4292028a853c7879a969b3e0188b14ee24d55d98d7e8110c2579c0
 +
search='partialfilename'
 +
 
 +
for f in $(curl $url/artifactory/api/storage/$repo$path | jq '.children[].uri' | sed -E -e 's/"|"\///g')
 +
do
 +
if [[ $f =~ "$search" ]]; then
 +
echo "deleting file: $f"
 +
curl --header "X-JFrog-Art-Api:${apikey}" -X DELETE $url/artifactory/$repo$path/$f
 +
fi
 +
done</nowiki>

Latest revision as of 14:39, 8 May 2021

Artifactory

Contents

[edit] Installation

[edit] Docker

Using docker you can pull the container from jfrog and then mount a local volume to house the configuration files and data.
https://www.jfrog.com/confluence/display/RTF/Installing+with+Docker

~$ sudo mkdir -p /opt/jfrog/artifactory
~$ sudo chown -R 1030:1030 /opt/jfrog/artifactory
~$ docker pull docker.bintray.io/jfrog/artifactory-oss:latest
~$ docker run --name artifactory-oss -d -v /opt/jfrog/artifactory:/var/opt/jfrog/artifactory -p 8081:8081 docker.bintray.io/jfrog/artifactory-oss:latest

[edit] Repository

Done on CentOS7

[edit] Dependencies

~$ sudo yum install -y wget java-1.8.0-openjdk  java-1.8.0-openjdk-devel

Set the Java variables.

~$ sudo vim /etc/profile.d/java.sh
#!/bin/bash
export JAVA_HOME=$(dirname $(dirname $(readlink $(readlink $(which javac)))))
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=.:$JAVA_HOME/jre/lib:$JAVA_HOME/lib:$JAVA_HOME/lib/tools.jar
~$ source /etc/profile.d/java.sh
~$ echo "JAVA_HOME: $JAVA_HOME"; echo "PATH: $PATH"; echo "CLASSPATH: $CLASSPATH"
JAVA_HOME: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.262.b10-0.el7_8.x86_64
PATH: /usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/r00t/.local/bin:/home/r00t/bin:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.262.b10-0.el7_8.x86_64/bin
CLASSPATH: .:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.262.b10-0.el7_8.x86_64/jre/lib:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.262.b10-0.el7_8.x86_64/lib:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.262.b10-0.el7_8.x86_64/lib/tools.jar

[edit] Add artifactory repo and install

~$ wget https://bintray.com/jfrog/artifactory-rpms/rpm -O bintray-jfrog-artifactory-oss-rpms.repo
~$ sudo mv bintray-jfrog-artifactory-oss-rpms.repo /etc/yum.repos.d/
~$ sudo yum install -y jfrog-artifactory-oss

Add the Artifactory home environment variable

~$ sudo vim /etc/profile.d/artifactory.sh
#!/bin/bash
export ARTIFACTORY_HOME=/opt/jfrog/artifactory
export JFROG_HOME=/opt/jfrog

[edit] Install Database

Artifactory requires Mariadb 10.2.9 or greater.

~$ sudo vim /etc/yum.repos.d/MariaDB.repo
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.5/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

~$ sudo yum install -y mariadb-server
~$ sudo systemctl start mariadb.service
~$ sudo systemctl enable mariadb.service

Configure the Database

~$ mysql_secure_installation
Enter current password for root (enter for none):
Set root password? [Y/n] y
New password:
Re-enter new password:
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y

[edit] Configure Database

Artifactory provides a series of example sql scripts for setting up the needed resources: /opt/jfrog/artifactory/app/misc/db/.
For mariadb, we can modify the mariadb sql script appropriately.

~$ sudo vim /opt/jfrog/artifactory/app/misc/db/createdb_mariadb.sql
CREATE DATABASE artdb CHARACTER SET utf8 COLLATE utf8_bin;
CREATE USER 'artifactory'@'localhost' IDENTIFIED BY 'Password';
GRANT ALL ON artdb.* TO 'artifactory'@'localhost' IDENTIFIED BY 'Password';
FLUSH PRIVILEGES;

Now implement

~$ sudo mysql -u root -p < /opt/jfrog/artifactory/app/misc/db/createdb_mariadb.sql

[edit] Install & Setup Connector/J

Download the latest version of the mariadb-java-client Jar from here https://downloads.mariadb.org/connector-java/ or https://downloads.mariadb.com/Connectors/java/
In my case, the latest was 2.6.2

~$ wget https://downloads.mariadb.com/Connectors/java/connector-java-2.6.2/mariadb-java-client-2.6.2.jar

Move it to the right directory and make sure the permissions are correct and match $JFROG_HOME/artifactory/var

~$ sudo mv mariadb-java-client-2.6.2.jar $JFROG_HOME/artifactory/var/bootstrap/artifactory/tomcat/lib
~$ ls -la $JFROG_HOME/artifactory
lrwxrwxrwx.  1 artifactory artifactory  26 Aug 22 17:29 var -> /var/opt/jfrog/artifactory
~$ ls -la /var/opt/jfrog/
drwxr-xr-x. 6 artifactory artifactory 57 Aug 22 17:29 artifactory
~$ sudo chown artifactory:artifactory $JFROG_HOME/artifactory/var/bootstrap/artifactory/tomcat/lib/mariadb-java-client-2.6.2.jar
~$ sudo chmod 755 $JFROG_HOME/artifactory/var/bootstrap/artifactory/tomcat/lib/mariadb-java-client-2.6.2.jar

Update system.yaml with the correct changes.

~$ sudo rm $JFROG_HOME/artifactory/var/etc/system.yaml
~$ sudo touch $JFROG_HOME/artifactory/var/etc/system.yaml
~$ sudo chmod 755 $JFROG_HOME/artifactory/var/etc/system.yaml
~$ sudo vim $JFROG_HOME/artifactory/var/etc/system.yaml
configVersion: 1
shared:
  database:
    type: mariadb
    driver: org.mariadb.jdbc.Driver
    url: jdbc:mariadb://localhost:3306/artdb?characterEncoding=UTF-8&elideSetAutoCommits=true&useSSL=false&useMysqlMetadata=true
    username: artifactory
    password: password

[edit] Increase File descriptor and open file limits

The defaults that come with CentOS 7 will not be sufficient for artifactory, so we need to increase both.

~$ sudo vim /etc/sysctl.conf
...
fs.file-max = 100000
~$ sudo vim /etc/security/limits.conf
...
* soft nproc 65535
 * hard nproc 65535
 * soft nofile 65535
 * hard nofile 65535
#End

Update

~$ sudo sysctl -p

Check to make sure the artifactory user has the updated limits.

~$ sudo su artifactory --shell /bin/bash --command "ulimit -n"
65535
~$ sudo su artifactory --shell /bin/bash --command "cat /proc/sys/fs/file-max"
100000

[edit] Open Firewall

~$ sudo firewall-cmd --permanent --zone=public --add-port=8081/tcp
~$ sudo firewall-cmd --permanent --zone=public --add-port=8082/tcp
~$ sudo firewall-cmd --reload

[edit] Start and Enable

~$ sudo systemctl enable artifactory.service
~$ sudo systemctl start artifactory.service

[edit] Uploading bulk

quick script to upload in bulk and add the sha1 checksum.

#!/bin/bash
FILES=/Users/r00t/Downloads/*
username=r00t
password=FDOdohfsohf347fsHDJDokhf89
artifactoryurl=http://usa-rnc-dockerhost:8081/artifactory/generic-local/
for f in $FILES
do
	echo "Uploading $f to artifactory"
	checksum=$(shasum -a 1 $f | awk '{ print $1 }')
	file=$(printf $f | awk -F "/" '{ print $NF}')
	curl --header "X-Checksum-Sha1:${checksum}" -u $username:$password -T $f "$artifactoryurl/$file"
done

[edit] Using API token

also calculating all the hashes with openssl

#!/bin/bash

url=http://dockerhost:8081/artifactory/generic-local/SubFolder
apikey=697929fdb66e46e1db0b4ec1fd4292028a853c7879a969b3e0188b14ee24d55d98d7e8110c2579c0
localfile=/Users/r00t/test.html
FILES=/Users/r00t/Downloads/crap/artifactoryfiles/*
search='partialfilename'

for f in $FILES
do

	if [[ $f =~ "$search" ]]; then
		file=$(basename $f)
		sha1checksum=$(openssl sha1 $f | awk '{ print $2 }')
		md5checksum=$(openssl md5 $f | awk '{ print $2 }')
		sha256checksum=$(openssl sha256 $f | awk '{ print $2 }')

		echo "uploading file: $f"
		curl --header "X-JFrog-Art-Api:${apikey}" \
     	     	--header "X-Checksum-Sha1:${sha1checksum}" \
     	     	--header "X-Checksum-MD5:${md5checksum}" \
     	     	--header "X-Checksum-Sha256:${sha256checksum}" \
     	     	--upload-file $f \
     	     	-X PUT "$url/$file"
	fi
done

[edit] Downloading Bulk

Done on a mac

#!/bin/bash

url=http://dockerhost:8081
repo=generic-local
path=/SubFolder
apikey=697929fdb66e46e1db0b4ec1fd4292028a853c7879a969b3e0188b14ee24d55d98d7e8110c2579c0

for f in $(curl $url/artifactory/api/storage/$repo$path | jq '.children[].uri' | sed -E -e 's/"|"\///g')
do
	echo "downloading file: $f"
	curl --header "X-JFrog-Art-Api:${apikey}" --remote-name $url/artifactory/$repo$path/$f
done 

[edit] Deleting Bulk

If you need to delete a series of files in bulk, using a loose matching search term (regex)

#!/bin/bash

url=http://dockerhost:8081
repo=generic-local
path=/SubFolder
apikey=697929fdb66e46e1db0b4ec1fd4292028a853c7879a969b3e0188b14ee24d55d98d7e8110c2579c0
search='partialfilename'

for f in $(curl $url/artifactory/api/storage/$repo$path | jq '.children[].uri' | sed -E -e 's/"|"\///g')
do
	if [[ $f =~ "$search" ]]; then
		echo "deleting file: $f"
		curl --header "X-JFrog-Art-Api:${apikey}" -X DELETE $url/artifactory/$repo$path/$f
	fi
done
Personal tools
Namespaces

Variants
Actions
Navigation
Mediawiki
Confluence
DevOps Tools
Open Source Products
Ubuntu
Ubuntu 22
Mac OSX
Oracle Linux
AWS
Windows
OpenVPN
Grafana
InfluxDB2
TrueNas
MagicMirror
OwnCloud
Pivotal
osTicket
OTRS
phpBB
WordPress
VmWare ESXI 5.1
Crypto currencies
HTML
CSS
Python
Java Script
PHP
Raspberry Pi
Canvas LMS
Kaltura Media Server
Plex Media Server
MetaSploit
Zoneminder
ShinobiCE
Photoshop CS2
Fortinet
Uploaded
Certifications
General Info
Games
Meal Plans
NC Statutes
Politics
Volkswagen
Covid
NCDMV
Toolbox