How to set up Peer-to-Peer Downloads [Video]

Inbar Cisling
2021-02-02 19:38

JFrog Peer-to-Peer (P2P) Downloads- is allowing clients connected to Artifactory to directly download their Docker and Generic artifacts through a network of peers instead of directly from Artifactory.

This setup improves the download speed and decreases the bandwidth consumption from Artifactory Edge nodes, along with some other advantages as described here and here .

Please find below, step by step instructions, on how to set up a Peer-to-Peer topology.
Peer-to-Peer is supported for E+ license and requires Edge node license as well.

In this example. we are using:

  • Single Edge node and Single Peer node
  • Unsecured Artifactoy with a secured Peer.
  • centos on the Peer node

Setting up the Tracker:
1. Update the Edge node system.yaml file as following:

2. Restart the Edge node
3. Copy the join.key from the tracker

User-added image

Setting up the Peer:

  1. Unzip the Peer installation file from Artifactory installation (app/replicator/p2p/jfrog-p2p-client.zip)
  2. Set up $JF_PRODUCT_HOME=[path on your machine]  this will be the home folder for all the peer-related data and jfrog application on this machine in general
  3. Create /var/etc folder under the JF_PRODUCT_HOME dir
  4. Create system.yaml file and add the following: p2p:

      peer:

        ## Mandatory field

        ## Artifactory URL on which the Tracker was enabled.

        trackerUrl: "Tracker_IP:8852"

     ## Mandatory field
      ## HTTP address to expose for external clients.
      ## Should be accessible to other machines

        selfHttpAddress: "Peer_IP:8089"
     ## Mandatory field
     ## gRPC address to expose for other peers must be aligned with the gRPC port.

        selfGrpcAddress: "Peer_IP:8088"

        ## Mandatory field

        ## P2P Join key value generated in the Artifactory node an used for establishing a connection between the Peers to the Tracker

        joinKey: "Tracker_Join.key"

        forceTls: true

     

  5. Start the peer (./peer-<executable_name>)
  6. Copy certificates files (Security fields are generated only after the peer started successfully) :

In my installation, I am using a Centos machine

$ cp jfrog_peer.crt jfrog_proxy.crt jfrog_access_root.crt /etc/pki/ca-trust/source/anchors

update-ca-trust

 

​​​Set up the Docker Proxy:

  1. In Centos, we need to create the docker.service.d folder
sudo mkdir -p /etc/systemd/system/docker.service.d
       2. Create http-proxy.conf file with the following settings (allow both HTTP and HTTPS settings, and in this example              we will be using Https)

 [Service]

Environment="HTTP_PROXY=https://Peer_IP:8089"

Environment="HTTPS_PROXY=https://Peer_IP:8089"

 

3. Reload and restart the Docker Deamon:

sudo systemctl daemon-reload

sudo systemctl daemon-reload​​​​​​ 

 
4. Login and Pull an image:
Running Docker commands in the Docker client through the peer is the same as running Docker commands opposite Artifactory. Your permissions and credentials for downloading files are identical to your permissions in Artifactory and are retrieved when performing actions opposite the peer.

docker login myartifactory.com -u username -p password

docker pull myartifactory/docker/nginx