Prerequisites for enabling federated repository replication between Artifactory servers
- Artifactory Versions Must be Identical between federated members.
- JFrog Platform Deployments (JPDs) Clocks Must be Synchronized
- Before creating federated repositories on Artifactory, it is mandatory to configure custom base url for Artifactory. In order to configure Custom Base URL Open Artifactory UI > Administration > General > General Settings > Configure Custom Base URL
- A circle of trust must be set between the Artifactory instances. There are two ways to establish a circle of trust.
- By Setting up bindings between relevant JPDs (In order to use this option, we need to have Mission control enabled as a service for Artifactory.
- By Enabling Circle of Trust. (This option is applicable only for On-prem)
An unexpected error occurred: The Base URL is mandatory and is not configured.”,
you will need to configure the Custom base url first.
2. Circle of trust
When adding a federated member if you see errors,
Failed to add federated repository. Make sure that cross-instance authentication is established between this instance and the remote JFrog Platform Deployments.”,
we need to establish circle trust between the federated artifactory members.
3. Full sync of Federated repositories
After converting a local repository to a federated repository, the artifacts that were uploaded before, will not be replicated automatically. We need to run a sync call in order to trigger the replication.
curl -u <user> -p <password> -X POST
4. Trailing slash in url
When adding a federated member, make sure to remove any trailing slash(/) at the end of the repository name during the configuration. If there are any slashes at the end of the repository name, we will get the below error message while saving the configuration.
Failed to update remote members for federated repository: maven-source-repo, failed members: [http://destination-artifactory:8082/artifactory/maven-dest-repo/]. Please check the URL, network, proxy accessibility, and then try again.
Below is an example of correct configuration.
5. Replicated artifacts are visible at the target instance but not downloadable
If you are on a version lower than 7.26.3, the federated replication might fail to replicate the actual contents of the artifacts, and only the database entries will be replicated. That means, we can see the artifacts on the destination side when we expand the Artifactory tree view, however we can not download them.
Below are the log entries we can see in the destination server at $JFROG_HOME/artifactory/var/log/artifactory-service location.
2022-07-18T09:34:38.584Z [jfrt ] [INFO ] [54af869eb79958bd] [o.a.a.m.i.MirrorImpl:301 ] [http-nio-8081-exec-5] - Mirror member from: http://destination-artifactory:8082/artifactory/maven-d1 to: http://source-artifactory:8082/artifactory/maven-s1 active
2022-07-18T09:34:38.685Z [jfrt ] [INFO ] [70117083326bde1a] [o.a.e.UploadServiceImpl:454 ] [http-nio-8081-exec-3] - Deploy to 'maven-d1:acegi-security/acegi-security/0.5/acegi-security-0.5.jar' Content-Length: 168502 (estimation) artificial: true
2022-07-18T09:34:38.727Z [jfrt ] [ERROR] [5b3a0e48fd06ea0 ] [s.b.c.RemoteBinaryProvider:317] [ated-binary-importer] - Remote endpoint at http://source-artifactory:8082/artifactory/binarystore unreachable for 'mvn-destination-federated-repo-http://source-artifactory:8082/artifactory/mvn-source'. Got response: 503 : Service Unavailable
2022-07-18T09:34:38.736Z [jfrt ] [ERROR] [5b3a0e48fd06ea0 ] [.a.f.b.RemoteBinaryImporter:92] [ated-binary-importer] - Failed to import remote binary with checksum: dc44aac08d4cd9e61047769b52274e8a28a5e268 to local
org.jfrog.storage.binstore.exceptions.BinaryStorageException: 503 : Failed to import binary with sha1: dc44aac08d4cd9e61047769b52274e8a28a5e268
And when you try to download the file at the destination, you will receive 503 and the below entry will be observed in the artifactory-service.log
2022-07-18T09:37:58.665Z [jfrt ] [WARN ] [176c6034415f3e29] [.r.ArtifactoryResponseBase:136] [http-nio-8081-exec-7] - Sending HTTP error code 500: Could not process download request: Binary provider has no content for 'dc44aac08d4cd9e61047769b52274e8a28a5e268'
It is identified as a bug and recommended to upgrade to a version 7.26.3 or above.
If you have several Artifactory instances that are connected to a single Geo basedurl
For example you have http://my-artifactory/ where there are two underlying artifactories in two different locations like http://my-EAST-artifactory/ and http://my-WEST-artifactory/ and depending on the user location, the routing happens. In such cases, along with the base url , we need to add the following XML Tag under the <systemProperties/> section in the Global Configuration Descriptor at Administration > Artifactory > Advanced > Config Descriptor.
Note : We should be careful while editing this file as any unexpected changes to this configuration can corrupt Artifactory.
For example, for the EAST site, we need the below tag.
Note: There are a lot of improvements and features added in latest versions of Artifactory with regards to federation. We recommend upgrading to the latest version in order to get all the features of federated repositories.