Self-Managed Pro / Pro X Start Guide
2023-02-12 09:09
Thank you for taking an interest in JFrog! This guide will cover setting up a self-managed Artifactory and Xray with all the steps in one place. In the end, there are some interesting videos on how to set up package managers for the application and some examples of where to look next.
This is the outline of what's covered:
1. Install Artifactory
2. Install Xray
3. Configure the Application and set up Docker Repositories
4. Additional Video Resources
1. Install Artifactory
Artifactory Installation Requirements:
- A Red Hat, Centos, Ubuntu, or Debian host machine
- Hardware recommended for a single Pro installation:
- 8-core CPU, 32 GB RAM, 2 TB disk for the filestore
- A Postgresql database (Optional, but recommended)
- Root access to the host
Installing the JFrog applications is straightforward, especially if the packaged installers are used.
First, download either the Debian DPKG or Red Hat RPM files from the JFrog Platform Downloads page. These packages can install themselves with a single command (Wiki Source):# Debian / Ubuntu
dpkg -i jfrog-artifactory-<pro|oss|cpp-ce>-<version>.deb
# Red Hat / Centos
yum install -y jfrog-artifactory-<pro|oss|cpp-ce>-<version>.rpm
Install and set up a Postgres database as well, it scales better than the bundled Derby database even if it is installed on the same host. Exact installation and setup instructions will differ, please refer to the Postgres documentation for details on installing the database.
You can create the database schema using these SQL commands:CREATE USER artifactory WITH PASSWORD 'password';
CREATE DATABASE artifactory WITH OWNER=artifactory ENCODING='UTF8';
GRANT ALL PRIVILEGES ON DATABASE artifactory TO artifactory;
Next, go to the newly installed Artifactory Home folder and modify the system.yaml:cd /var/opt/jfrog/artifactory/
vim etc/system.yaml
You should adjust these settings to set up a medium-scale Artifactory; feel free to copy/paste the text into the system.yaml:shared:
database:
type: postgresql
driver: org.postgresql.Driver
url: "jdbc:postgresql://<Database URL - Or localhost>:5432/artifactory"
username: artifactory
password: <password>
extraJavaOpts: "-Xms512m -Xmx16g"
artifactory:
database:
maxOpenConnections: 300 #Default: 100
tomcat:
connector:
maxThreads: 600 #Default: 200
access:
database:
maxOpenConnections: 300 #Default: 100
tomcat:
connector:
maxThreads: 150 #Default: 50
metadata:
database:
maxOpenConnections: 300 #Default: 100
When you boot up Artifactory, it will connect to the Postgres database and create the tables and indexes for you. You should be able to access the application UI on port 8082.
In the UI, log in using "admin" and "password". You'll need to set up the license key and change the default Admin's password on the welcome screen.
2. Install Xray
Xray Requirements (Single node):
- A Red Hat, Centos, Ubuntu, or Debian host machine
- Hardware requirements:
- 6-core CPU, 24 GB RAM, 500 GB disk space using an SSD
- Root access to the host
- Networking access to the Artifactory host machine
Installing Xray will also install a bundled Postgres database, for small to medium scale deployments this is recommended. You can download the Xray installer bundle from the JFrog Platform Downloads page.
Xray needs to connect with Artifactory, and to do so securely you need to retrieve a Join Key from the Artifactory UI. It can be found under Admin -> User Management -> Settings -> Connection Details:
The installer script will ask for this key and the Artifactory URL, it's a good idea to note the key down now. Another thing to keep in mind is the network on these host machines may be internal, so you might need to use the Artifactory host's internal IP rather than the public JFrog URL seen in this menu.
You can refer to the steps on the JFrog Wiki for the commands to set up Xray. It's recommended for this guide to install the Postgres on the same host as Xray for ease of maintenance; you can also set up an external Postgres as well if that's preferred.
When you boot up Xray for the first time, there should be a welcome popup and a new set of Xray security buttons in the Platform UI.
3. Configure the Application for Docker
Add Repositories and Artifacts
This step will walk you through creating a Docker repository type and uploading your container images, allowing you to use Artifactory as your Docker Registry. You can then follow the instructions to create other types of repositories for additional binaries out of the supported technologies such as npm, Maven, Go, and others.
b. Click on the Remote tab and add a new Remote Repository with the Repository Key “docker-quickstart-remote” and keep the rest of the default settings.
c. Click on the Virtual tab and add a new Virtual Repository with the Repository Key “docker-quickstart”.
- Add the local and remote Docker repositories you just created.
- Select your local repository as the Default Deployment Repository and keep the rest of the default settings.
b. In the Docker Settings panel, select Repository Path as the Docker Access Method.
c. In the Reverse Proxy Settings panel select Embedded Tomcat as the Server Provider (which indicates you're not using a reverse proxy).
d. By default, Docker will only send basic HTTP authentication when working against an HTTPS host. Since we are using the repository path method, we’ll use HTTP and need to use insecure registry configuration for our Docker registry.
- For example, in Linux systems create and add the following daemon.json file under /etc/docker
{
"insecure-registries" : ["<My_artifactory_IP:Artifactory_Port"]
}
- The repository path method is intended for testing purposes. When working in production, set up a reverse proxy to achieve a secure registry.
FROM ${Artifactory_URL:Artifactory_PORT}/${VIRTUAL_REPO_NAME}/ubuntu:16.04$ docker login ${SERVER_NAME}
$ docker build --tag ${SERVER_NAME}/${VIRTUAL_REPO_NAME}/my-docker-image:latest .
$ docker push ${SERVER_NAME}/${VIRTUAL_REPO_NAME}/my-docker-image:latest
Scan for OSS Security Vulnerabilities and Compliance
*Available with a JFrog ProX subscription
This step will walk you through defining a Policy, assigning it to a Watch, selecting a repository to monitor, and running your scan.
- Navigate to the Administration Module. Click on the Xray Security & Compliance menu and the Indexed Resources menu item.
- Add your “docker-quickstart-local”, “docker-quickstart-remote” repositories to your indexed resources by clicking Add a Repository.
- Keep in mind for your future work that indexing all repositories is resource intensive. It is recommended to select only the repositories you need to scan according to your organization needs.
- Define a security policy that you will later enforce in a watch.
b. Create a new watch called “sample-watch”, with your 2 repositories (“docker-quickstart-local” and “docker-quickstart-remote”) and your “docker-security” policy assigned to it by clicking Manage Policies.
Watches, Policies & Rules
Set up Users, Groups and Permissions
This step will walk you through managing role-based access control (RBAC) for your resources, such as repositories by defining users, groups, roles and permissions. This will allow you, as an administrator of the JFrog Platform, to set up access for different teams in your organization.
b. Create a new user with the User Name “frog”. Set the Email Address and Password.
b. Create a new group called “dev-team1”. Set the Group Name and assign your newly created “frog” user to it.
b. Create a new permission called “dev-team1-permissions”.
- Add your “docker-quickstart-local”, “docker-quickstart-remote” repositories to your resources by clicking Add Repositories.
- Click on the Groups tab, select your newly created “dev-team1” group, and select the Deploy/Cache permission. This also will provide your group with Read and Annotation permissions.
Use a meaningful name for the permission target that will easily help you manage and detect the required permission. For example, RnD_India, Project A, DevOps_US..
4. Additional Video Resources
Congratulations! You’re all set and ready to continue exploring the JFrog Platform.
You may be interested in these videos, they cover how to set up the most popular package managers and other important topics:
Package Managers:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Application Details:
|
|
|
|
|
|
|
|
|
|
|
|
Documentation Resources
- JFrog Platform: JFrog Platform Overview, Application Module, Administration Module, REST API
- JFrog Artifactory: Package Management, Browsing Artifacts, Artifactory as a Docker Registry
- JFrog Xray: Indexing Resources, Creating Xray Policies and Rules, Configuring Xray Watches
- Administration: Identity and Access
- Tools & Integrations: JFrog CLI, IDE Integration
