Insight Single Node Linux Archive Installation

JFrog Installation & Setup Documentation

Content Type
Installation & Setup
ft:sourceType
Paligo

You need to first install PostgreSQL separately as the PostgreSQL binaries are no longer bundled with the Linux archive installer for Insight. For more information, see Install PostgreSQL for Insight.

Before you proceed, see System Requirements for information on supported platforms, supported browsers, and other requirements.

Operating Systems and Platform Support

The following table lists the supported operating systems and the versions.

Product

Debian

RHEL

Ubuntu

Amazon Linux

Windows Server

Artifactory

10.x, 11.x

8.x, 9.x

20.04, 22.04

Amazon Linux 2023

2016 or 2019

Xray

10.x, 11.x

8.x, 9.x

20.04, 22.04

Distribution

10.x, 11.x

8.x, 9.x

20.04, 22.04

Insight

10.x, 11.x

8.x, 9.x

20.04, 22.04

Amazon Linux 2023

Pipelines

8.x

20.04, 22.04

Amazon Linux 2023

Build nodes only

Supported Platforms

The following table lists the supported platforms.

Product

x86-64

ARM64

Kubernetes

OpenShift

Artifactory

1.19+

4.13+

Xray

1.19+

4.13+

Distribution

1.19+

4.13+

Insight

1.19+

Pipelines

1.19+

Installation on Kubernetes environments is through Helm Charts. Supported Helm version is Helm 3+.

Kubernetes Sizing Requirements

We have included YAML files with the different sizing configuration for Artifactory in our GitHub page. You can use these YAML when you set up your cluster.

We have included YAML files with the different sizing configuration for Xray in our GitHub page. You can use these YAML when you set up your cluster.

We have included YAML files with the different sizing configuration for Distribution in our GitHub page. You can use these YAML when you set up your cluster.

ARM64 Support

From version 7.41.4, Artifactory supports installation on ARM64 architecture through Helm and Docker installations. You must set up an external database as the Artifactory database since Artifactory does not support the bundled database with the ARM64 installation. Artifactory installation pulls the ARM64 image automatically when you run the Helm or Docker installation on the ARM64 platform.

ARM64 support is also available for Xray, Distribution and Insight.

Database and Third-Party Applications in Insight

A database is required, which is fundamental to management of Insight and is also used to store cluster wide configuration files. Currently PostgreSQL is supported, and any change to configuration requires restarting all Insight nodes for changes to take effect.

Insight supports the following versions of PostgreSQL.

  • 15.x

  • 13.x

  • 12.x

An Elasticsearch database is required to store the data from which Insight generates trends and charts.

Insight supports the following versions of Elasticsearch.

  • 7.17.1 (for Insight 1.11.3 and later)

  • 7.16.2 (for Insight 1.5.0 to 1.10.2)

  • 7.15.1 (for Insight 1.2.3 to 1.30)

  • 7.14.1 (for Insight 1.0.1 to 1.1.3)

Insight Network Ports

Insight uses the 8082 port by default for external communication.

Insight uses the following internal ports by default for communication with JFrog Platform microservices.

  • 8080 for the Insight Server

  • 8082, 8046, 8047, and 8049 for the Router

  • 8087 for Insights

  • 5432 for PostgreSQL (if you use the bundled Postgres database)

  • 9200 for Elasticsearch (if you use the bundled Elasticsearch)

Complete the following steps to install the product.

  1. Download Insight.

  2. Extract the contents of the compressed archive and move it into /insight directory.

    tar -xvf jfrog-insight-<version>-linux.tar.gz
    mv jfrog-insight-<version>-linux insight
  3. Install PostgreSQL and start the PostgreSQL service.

    Already have a PostgreSQL installation?

    Set your PostgreSQL connection details in the Shared Configurations section of the $JFROG_HOME/insight/var/etc/system.yaml file.

    PostgreSQL is required and must be installed before continuing with the next installation steps.

  4. Prepare for the Elasticsearch Installation by increasing the map count. For additional information refer to the&nbsp;Elastic Search documentation.

    sudo sysctl -w vm.max_map_count=262144

    To make this change permanent, remember to update the vm.max_map_count setting in /etc/sysctl.conf.

  5. Install Elasticsearch.

    You can download a compatible version of Elasticsearch from this page. Instructions to install Elasticsearch are available here.

    You can install the package available at jfrog-insight-<version>-rpm/third-party/elasticsearch/elasticsearch-<version>.tar.gzor you can download a compatible version of Elasticsearch from this page.

    When connecting an external instance of Elasticsearch to Insight, add the following flag in the Shared Configurations of $JFROG_HOME/insight/var/etc/system.yaml file.

    shared:
      elasticsearch:
        external: true
  6. Navigate to the Elasticsearch installation directory and create Elasticsearch users.

    $ELASTICSEARCH_HOME/bin/elasticsearch-users useradd <USERNAME> -p <PASSWORD>-r superuser
  7. Copy Elasticsearch CA certificate, <ES_PATH>/config/certs/http_ca.crt into the Insight certificates folder, <INSIGHT_HOME>/var/etc/security/keys/trusted.

  8. Add the following in the shared section of $JFROG_HOME/insight/var/etc/system.yaml file. Refer to Shared Configurations section.

    shared:
      elasticsearch:
        url: <URL_TO_ELASTICSEARCH_INSTANCE>:<ELASTICSEARCH_PORT>
        username: <USERNAME>
        password: <CLEAR_TEXT_PASSWORD_FOR_THE_ABOVE_USERNAME>

    If you use Amazon Elasticsearch Service

    Enter the following in the shared section of the YAML file.

    shared:
        elasticsearch:
             url: <URL_TO_ELASTICSEARCH>:<ELASTICSEARCH_PORT>
             external: true
             aes:
                  signed: true
                  serviceName: <AES_SERVICE_NAME>
                  region: <AES_SERVICE_REGION>
                  accessKey: <AWS_ACCESS_KEY>
                  secretKey: <AWS_SECRET_KEY>

    You must log in to the service using your Amazon AWS credentials.

  9. Customize the product configuration.

    1. Set the Artifactory connection details.

    2. Customize the PostgreSQL Database connection details. (optional)

    3. Set any additional configurations (for example: ports, node id) using the Insight system.yaml configuration file.

  10. Start and manage the Insight service as the user who extracted the tar.

    As a process

    insight/app/bin/insight.sh start

    Manage the process.

    insight/app/bin/insight.sh start|stop|status|restart

    As a service

    Insight is packaged as an archive file and an install script that can be used to install it as a service running under a custom user. Currently supported on Linux systems.

    OS User Permissions

    When running Insight as a service, the installation script creates a user called insight (by default)which must have run and execute permissions on the installation directory.

    It is recommended to extract the Insight download file into a directory that gives run and execute permissions to all users such as /opt.

    To install Insight as a service, execute the following command as root:

    Note

    User and group can be passed through distribution/var/etc/system.yaml as shared.user and shared.group. This takes precedence over values passed through the command line on install.

    insight/app/bin/installService.sh 
    --user <enter user, default value is insight> 
    --group <enter group, default value is insight> -u | --user                                       : [optional] (default: distribution) user which will be used to run the product, it will be created if its unavailable-g | --group                                      : [optional] (default: distribution) group which will be used to run the product, it will be created if its unavailable

    The user and group is stored in insight/var/etc/system.yaml at the end of installation.

    To manage the service, use systemd or init.d commands depending on your system.

    Using systemd

     systemctl <start|stop|status> insight.service

    Using init.d

    service insight <start|stop|status>
  11. Access Insight from your browser at: http://<jfrogUrl>/ui/.

    Go to the Dashboard tab in theApplicationmodule in the UI

  12. Add the following in the shared section of$JFROG_HOME/insight/var/etc/system. yaml file. Refer to Shared Configurations section.

    Note

    If you use Amazon Elasticsearch Service, enter the following in the shared section of the YAML file.

    If you use the Amazon Elasticsearch Service, you must log in to the service using your Amazon AWS credentials.

  13. Check the Insight log.

    tail -f $JFROG_HOME/insight/var/log/console.log

    Configure log rotation of the console log

    The console.log file can grow quickly since all services write to it. For more information, see configure the log rotation.Configuring Log Rotation for Tomcat

After installing and before running Insight, you may set the following configurations.

Where to find the system configurations?

You can configure all your system settings using the system.yaml file located in the $JFROG_HOME/insight/var/etc folder. For more information, see Insight YAML Configuration.

If you don't have a System YAML file in your folder, copy the template available in the folder and name it system.yaml.

For the Helm charts, the system.yaml file is managed in the chart’s values.yaml.

Artifactory Connection Details

Insight requires a working Artifactory server and a suitable license. The Insight connection to Artifactory requires 2 parameters:

  • jfrogUrl - URL to the machine where JFrog Artifactory is deployed, or the load balancer pointing to it. We recommend that you use DNS names rather than direct IPs. For example, http://jfrog.acme.com instead of http://10.20.30.40:8082.

    Set it in the Shared Configurations section of the $JFROG_HOME/insight/etc/system.yaml file.

  • join.key - This is the "secret" key required by Artifactory for registering and authenticating the Insight server.

    You can fetch the Artifactory joinKey (join Key) from the JPD UI in the Administration module | User Management | Settings | Join Key.

    Set the join.key used by your Artifactory server in the Shared Configurations section of the $JFROG_HOME/insight/etc/system.yaml file.

Change PostgreSQL Database Credentials

Insight comes bundled with a PostgreSQL Database out-of-the-box, which comes pre-configured with default credentials.

Note

These commands are indicative and assume some familiarity with PostgreSQL. Do not copy and paste them. For docker-compose, you need to ssh into the PostgreSQL container before you run them.

To change the default credentials:

# Access PostgreSQL as the insight user adding the optional -W flag to invoke the password prompt
$ psql -d insight -U insight -W
# Securely change the password for user "mission_control". Enter and then retype the password at the prompt.
\password insight
# Verify the update was successful by logging in with the new credentials
$ psql -d insight -U insight -W
Change Elasticsearch Credentials
  1. Obtain the username used to access Elasticsearch from $JFROG_HOME/insight/var/etc/system.yaml available at elasticsearch.username.

  2. Update the user's password:

    $ELASTICSEARCH_HOME/bin/elasticsearch-users passwd <username>.

  3. Change the password in system.yaml to the new password

Change Elasticsearch Credentials in Docker-Compose
  1. Stop Docker services.

    docker-compose -p insight down
  2. Change the password in docker-compose.yaml and system.yaml to the new password.

    In docker-compose.yaml:
    
    - ELASTICSEARCH_PASSWORD=<new_password>
     
    In system.yaml:
    
    shared.elasticsearch.password
  3. Restart Docker services.

    docker-compose -p insight up -d
Add certificates to connect to external Elasticsearch over SSL

To use an external Elasticsearch over an SSL connection, you must copy the certificate files to the trusted folder in the Insight installation ($JFROG_HOME/insight/var/etc/security/keys/trusted) and restart Insight services.

Set your PostgreSQL and Elasticsearch connection details in the Shared Configurations section of the $JFROG_HOME/insight/var/etc/system.yaml file.

Install PostgreSQL for Insight

You must install PostgreSQL before you proceed with the installation of Insight.

Using Microsoft Azure PostgreSQL

Some managed databases, such as Azure, have a different username for accessing the database than the actual one inside the database. For Azure-managed PostgreSQL, the username will be, for example insight@mycompany and the actualUsername will be insight. For more information, see Insight System YAML.

Passwords for PostgreSQL with special characters

Do not use a password for PostgreSQL that has special characters: Xray may not work if you configure a password that has special characters, such as~ = # @ $ /.

Set up Your PostgreSQL Databases, Users and Schemas

Warning

Database can only be changed for a new installation. Changing the names during an upgrade will result in the loss of existing data.

Helm Users

Create a user with permission. Use this user's credentials during your Helm installation on this page.

  1. Log in to the PostgreSQL database as an admin and execute the following commands.

    PostgreSQL Database and User Creation

    CREATE DATABASE insight WITH ENCODING='UTF8' TABLESPACE=pg_default;
    #    Exit from current login
    \q
    #    Login to $DB_NAME database using admin user (by default its postgres)
    psql -U postgres insight
    CREATE USER insight WITH PASSWORD 'password';
    GRANT ALL ON DATABASE insight TO insight;
  2. Configure the system.yaml file with the database configuration details according to the information above. For example.

    shared:
      database:
        type: postgresql
        driver: org.postgresql.Driver
        url: jdbc:postgresql://localhost:5432/insight
        username: insight
        password: password