Distribution Single Node Debian Installation

JFrog Installation & Setup Documentation

ft:sourceType
Paligo

The Debian installation bundles Distribution and all its dependencies. They are provided as native Debian packages, where you must separately install Distribution and its dependencies. Use this if you are automating installations.

Before you proceed, see System Requirements for information on supported platforms, supported browsers, and other requirements.Private Distribution Network (PDN) System Requirements

Operating Systems and Platform Support

The following table lists the supported operating systems and the versions.

Product

Debian

RHEL

Ubuntu

Windows Server

Amazon Linux

Distribution

10.x, 11.x

8.x, 9.x

20.04, 22.04

Amazon Linux 2023

Operating Systems - End of Support

As part of JFrog commitment to maintain the security and reliability of the JFrog Platform, Artifactory will officially run with Node.js 20.x on all installation types from Artifactory 7.77.3.

Node.js 20.x provided with Linux Archive/Debian/RPM installations (non-containerized distributions) is not supported on the following operating systems.

Hence, these operating systems will no longer supported from Artifactory version 7.77.3.

Supported Platforms

The following table lists the supported platforms.

Product

x86-64

ARM64

Kubernetes

OpenShift

Distribution

1.19+

Installation on Kubernetes environments is through Helm Charts. Supported Helm version is Helm 3+.

ARM64 Support

From version 7.41.4, Artifactory supports installation on ARM64 architecture through Helm and Docker installations. You must set up an external database as the Artifactory database since Artifactory does not support the bundled database with the ARM64 installation. Artifactory installation pulls the ARM64 image automatically when you run the Helm or Docker installation on the ARM64 platform.

ARM64 support is also available for Xray, Distribution, and Insight. ARM64 support is not available for Pipelines.

Database and Third-Party Applications in Distribution

Distribution supports the following versions of PostgreSQL.

  • 15.x

  • 13.x

  • 12.x

  • 11.x

  • 10.x

Distribution HA requires an external database. Any change to configuration requires restarting of any Distribution node for changes to take effect for the whole Distribution cluster.

Distribution requires Redis and supports Redis 7.x. A supported Redis version is bundled with the Distribution installer.

Redis Password Restrictions

Redis password should contain only alphanumeric characters and should not contain any special characters.

Distribution Network Ports

Distribution uses the 8082 port by default for external communication.

Distribution uses the following internal ports by default for communication with JFrog Platform microservices.

Microservice

Port

Distribution Server

8080

Router

8082, 8046, 8047, and 8049

Redis

6379

PostgreSQL (if you use the bundled Postgres database)

5432

Observability

8036

gRPC

8037

Complete the following steps to install the product.

  1. Download Distribution.

  2. Extract the contents of the compressed archive, and go to the extracted folder.

    tar -xvf jfrog-distribution-<version>-deb.tar.gz
    cd jfrog-distribution-<version>-deb
  3. Install PostgreSQL.

    Already have a PostgreSQL installation?

    Set your PostgreSQL connection details in the Shared Configurations section of the $JFROG_HOME/distribution/var/etc/system.yaml file.

  4. Install Redis.

  5. Install Distribution.

    dpkg -i ./distribution/distribution.deb

    You must run as a root user.

  6. Customize the product configuration.

    1. Set the Artifactory connection details.

    2. Customize the PostgreSQL Database connection details. (optional)

    3. Set any additional configurations (for example: ports, node id) using the Distribution system.yaml file.

  7. Start and manage the Distribution service.

    systemd OS

    systemctl start|stop distribution.service

    systemv OS

    service distribution start|stop|status|restart
  8. Access Distribution from your browser at: http://<jfrogUrl>/ui/.

    Go to the Distribution tab in the Application module in the UI.

  9. Check the Distribution log.

    tail -f $JFROG_HOME/distribution/var/log/console.log

    Configure log rotation of the console log

    The console.log file can grow quickly since all services write to it. For more information, see configure the log rotation.Logging

After installing and before running Distribution, you may set the following configurations.

Where to find the system configurations?

You can configure all your system settings using the system.yaml file located in the $JFROG_HOME/distribution/var/etc folder. For more information, see Distribution YAML Configuration.

If you don't have a System YAML file in your folder, copy the template available in the folder and name it system.yaml.

For the Helm charts, the system.yaml file is managed in the chart’s values.yaml.

Artifactory Connection Details for Distribution

Distribution requires a working Artifactory server and a suitable license.

The Distribution connection to Artifactory requires the following parameters.

  • jfrogUrl - URL to the machine where JFrog Artifactory is deployed, or the load balancer pointing to it. It is recommended to use DNS names rather than direct IPs. For example: http://jfrog.acme.com instead of http://10.20.30.40:8082.

    Set it in the Shared Configurations section of the $JFROG_HOME/distribution/var/etc/system.yaml file.

  • join.key - This is the secret key required by Artifactory for registering and authenticating the Distribution server.

    You can fetch the Artifactory joinKey (join Key) from the JPD UI in the Administration module | User Management | Settings | Join Key.

    Set the join.key used by your Artifactory server in the Shared Configurations section of the $JFROG_HOME/distribution/var/etc/system.yaml file.

Add Signing Keys to JFrog Distribution

The JFrog Platform supports signing keys to establish trust with your clients for downloading your packages from Artifactory. Signing keys consist of a public and a private key pair, which are used for signing and verifying release bundles. When installing a new Edge, you will need to propagate the public keys to the new Edge. To learn about how to add and propagate keys, see GPG Signing.GPG Signing

Change PostgreSQL Database Credentials

Distribution comes bundled with a PostgreSQL Database out-of-the-box, which comes pre-configured with default credentials

To change the default credentials:

# Access PostgreSQL as the Distribution user adding the optional -W flag to invoke the password prompt
$ psql -d distribution -U distribution -W
  
# Securely change the password for user "distribution". Enter and then retype the password at the prompt.
\password distribution
  
# Verify the update was successful by logging in with the new credentials
$ psql -d distribution -U distribution -W

Set your PostgreSQL connection details in the Shared Configurations section of the $JFROG_HOME/distribution/var/etc/system.yaml file.

Change Redis Database Credentials

Redis Password Restrictions

Redis password should contain only alphanumeric characters and should not contain any special characters.

  1. Set the new password in the $JFROG_HOME/distribution/app/third-party/redis/redis.conf file.

    requirepass <new password>
    • RPM/DEB

      The file is available at $JFROG_HOME/distribution/app/third-party/redis/redis.conf.

  2. Set your Redis password in the Shared Configurations section of the $JFROG_HOME/distribution/var/etc/system.yaml file.

  3. Restart all the services.

    RPM/DEB
    
    service distribution restart / systemctl restart distribution.service
Third Party Applications for Distribution
PostgreSQL for Distribution

You must install PostgreSQL before you proceed with the installation of Distribution.

PostgreSQL for Debian

We recommended to get your apt-get libraries up-to-date by using the following commands.

apt-get update
apt-get install -f -y
apt-get update
  1. Create the file repository configuration to pull PostgreSQL dependencies.

    cp -f /etc/apt/sources.list /etc/apt/sources.list.origfile
    sh -c 'echo "deb http://ftp.de.debian.org/debian/ $(lsb_release -cs) main non-free contrib" >> /etc/apt/sources.list'
    sh -c 'echo "deb-src http://ftp.de.debian.org/debian/ $(lsb_release -cs) main non-free contrib" >> /etc/apt/sources.list' 
        
    cp -f /etc/apt/sources.list.d/pgdg.list /etc/apt/sources.list.d/pgdg.list.origfile
    sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -cs)-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'
    sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ precise-pgdg main" >> /etc/apt/sources.list.d/pgdg.list'
      
    wget --no-check-certificate --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
  2. Install PostgreSQL.

    Run the following commands from the extracted jfrog-distribution-<version>-deb directory.

    mkdir -p /var/opt/postgres/data

    Ubuntu 18.04 (bionic)

    dpkg -i ./third-party/postgresql/postgresql-13_13.2-1.pgdg18.04+1_amd64.deb

    Ubuntu 20.04 (focal)

    dpkg -i ./third-party/postgresql/postgresql-13_13.2-1.pgdg20.04+1_amd64.deb

    Debian 9 (stretch)

    dpkg -i ./third-party/postgresql/postgresql-13_13.2-1.pgdg90+1_amd64.deb

    Debian 10 (buster)

    apt update -y
    apt-get install wget sudo -y
    apt-get install -y gnupg gnupg1 gnupg2
    dpkg -i ./third-party/postgresql/postgresql-13_13.2-1.pgdg100+1_amd64.deb
  3. Stop the PostgreSQL service.

    systemctl stop postgresql.service
  4. Change permissions for the PostgreSQL folder.

    chown -R postgres:postgres /var/opt/postgres
      
    sed -i "s~^data_directory =.*~data_directory = '/var/opt/postgres/data'~" "/etc/postgresql/13/main/postgresql.conf"
    sed -i "s~^hba_file =.*~hba_file = '/var/opt/postgres/data/pg_hba.conf'~" "/etc/postgresql/13/main/postgresql.conf"
    sed -i "s~^ident_file =.*~ident_file = '/var/opt/postgres/data/pg_ident.conf'~" "/etc/postgresql/13/main/postgresql.conf"
      
    su postgres -c "/usr/lib/postgresql/12/bin/initdb --pgdata=/var/opt/postgres/data"
  5. Configure PostgreSQL to allow external IP connections.

  6. By default PostgreSQL will only allow localhost clients communications. To enable different IPs to communicate with the database you need to configure the pg_hba.conf file.

    The file is available at /var/opt/postgres/data.

    To grant all IPs access add the following entry under the IPv4 local connections section:

    host    all             all             0.0.0.0/0               trust

    Add the following entry to /etc/postgresql/13/main/postgresql.conf.

    listen_addresses='*'
    port=5432
  7. Start PostgreSQL.

    systemctl start postgresql-<version>.service
       
    or   
    
    service postgresql-<version> start
  8. Set up the database and user.

    Run the following commands to seed the tables and schemas needed by Distribution

    sudo -u postgres psql -c "CREATE USER distribution WITH PASSWORD 'password';"
    sudo -u postgres psql -c "CREATE DATABASE distribution WITH OWNER=distribution ENCODING='UTF8';"
    sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE distribution TO distribution;"
    
    cp -f ./third-party/postgresql/createPostgresUsers.sh /tmp
    source /etc/default/locale
    cd /tmp && su postgres -c "POSTGRES_PATH=/usr/lib/postgresql/13/bin PGPASSWORD=postgres DB_PASSWORD=password bash /tmp/createPostgresUsers.sh"
  9. Put back the original pgdg.list.

    mv /etc/apt/sources.list.d/pgdg.list /etc/apt/sources.list.d/pgdg.list.tmp &&
    cp -f /etc/apt/sources.list.d/pgdg.list.origfile /etc/apt/sources.list.d/pgdg.list
  10. Remove the backup files.

    rm -f /etc/apt/sources.list.d/pgdg.list.tmp
    rm -f /etc/apt/sources.list.d/pgdg.list.origfile
  11. Put back the originalsources.list .

    mv /etc/apt/sources.list /etc/apt/sources.list.tmp &&
    cp -f /etc/apt/sources.list.origfile /etc/apt/sources.list
  12. Remove the backup files.

    rm -f /etc/apt/sources.list.tmp &&
    rm -f /etc/apt/sources.list.origfile
Redis for Distribution

Redis Password Restrictions

Redis password should contain only alphanumeric characters and should not contain any special characters.

Redis Debian Installation

Run the following commands from the extracted jfrog-distribution-<version>-deb directory.

dpkg -i ./third-party/redis/redis-tools_6.0.5-1chl1_xenial1_amd64.deb
dpkg -i ./third-party/redis/redis-server_6.0.5-1chl1_xenial1_amd64.deb
service redis-server start
    
# To verify if Redis is working. The command should return PONG.

redis-cli -a password ping
    
sed -i "s|# requirepass foobared|requirepass password|g" /etc/redis/redis.conf
   
echo "appendonly yes" >> /etc/redis/redis.conf
echo "appendfsync everysec" >> /etc/redis/redis.conf
   
sysctl vm.overcommit_memory=1
    
service redis-server restart