jfrog / artifactory-docker-examples Goto Github PK

View Code? Open in Web Editor NEW

330.0 30.0 301.0 2.66 MB

Examples for using Artifactory Docker distribution in various environments

Home Page: https://www.jfrog.com/artifactory/

License: Apache License 2.0

Shell 91.09% Groovy 3.99% Dockerfile 3.69% JavaScript 1.23%

artifactory docker kubernetes helm-charts docker-compose dcos openshift

artifactory-docker-examples's Introduction

DEPRECATED

This repository's examples are deprecated and are not maintained anymore.
You should now use the official JFrog Artifactory installers.

Artifactory Docker Examples

This repository provides some examples that show different ways to run Artifactory with Docker orchestration tools.
For more detailed documentation on running Artifactory with Docker, please refer to Running with Docker in the JFrog Artifactory User Guide

Docker

To learn more about Docker and how to set it up, please refer to the Docker documentation.

Examples

The following examples are available

Docker compose (Deprecated)
Docker Swarm (Deprecated)
Kubernetes (Deprecated)
OpenShift (Deprecated)
DC/OS (Deprecated)
Helm Charts

NOTE: We have moved our Helm charts to jfrog/charts

artifactory-docker-examples's People

Contributors

Stargazers

Watchers

Forkers

40a lyqwaterway alexwang66 joshua-jfrog lpshikhar patran pombredanne devopsindia guy-cohen bujail antonk5 okere-prince whiteley prarthanabasgodumesh mfuxi johnrkriter robertkozak mohammadtibi jbaruch marcellodesales gopi158 paulberrett amninder staticjinno mygithubraj ilyagulya kevinkarwaski reconbug motiso jainishshah17 epsilonsolutions ipaste hawaiianspork huamixu franckf0971 nhutwkm zachtib christseng89 mervynokm meier74 forks-yugander-krishan-singh antonlebiedyntsev hichamjeffar ankushchadha ebbing rgdutta markgalpin n-daniel ms-building-blocks amgadmhm nimerb jkiddo anilsinghoneadvanced oronb rerigidindla ngocngv jonathancole-h1 maguro mytecheng maheshjfrog alextu valentyn-yakovlev bing1130 hangfan1 frankjian rakeshkamisetti mario21ic deepak9976 docker-craft jduraj leapingbytes thiyaguelmails systemlogic git-fork autoopsltd alexanderdenkbmw adrukh mnbokaem psibre shahiinn jay-peaas parvez84 freakmoder bhaktirishi m-ayman sofusalbertsen rushuiguan jlook616 raguventhan andreykishtov azurecloudmonk guysella jishandong tjm nefarius 1renwuruiming pkdsp devopsarchitect1 chengyh2golang rajuantony

artifactory-docker-examples's Issues

Artifactory in docker container crashes on second (!) run

Hi all!
I try start artifactory in docker using docker-compose file:

version: '3'
networks:
  jfrog_net:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 172.20.0.0/16

services:
  artifactory:
    image: docker.bintray.io/jfrog/artifactory-oss:6.1.0
    container_name: artifactory
    restart: always
    ports:
     - 8080:8081
    volumes:
     - ../artifactory:/var/opt/jfrog/artifactory
     - ../artifactory.config.import.xml:/var/opt/jfrog/artifactory/etc/artifactory.config.import.xml
    networks:
      jfrog_net:
        ipv4_address: "172.20.0.5"

At first run all works fine, but if I execute docker-compose down and than docker-compose up -d, docker container looks working:

docker container ls
CONTAINER ID        IMAGE                                           COMMAND                  CREATED             STATUS              PORTS                    NAMES
62c2b1707bb1        docker.bintray.io/jfrog/artifactory-oss:6.1.0   "/entrypoint-artifac…"   5 seconds ago       Up 4 seconds        0.0.0.0:8080->8081/tcp   artifactory

but artifactory not working:

curl -XGET 'http://localhost:8080/artifactory/api/repositories'
{
  "errors" : [ {
    "status" : 500,
    "message" : "Artifactory failed to initialize: check Artifactory logs for errors."
  } ]
}%

In logs (docker logs -f artifactory) I see next:

...
2018-07-03 12:07:39,701 [art-init] [INFO ] (o.j.s.c.EncryptionWrapperFactory:33) - createArtifactoryKeyWrapper  EncryptionWrapperBase{ encodingType=ARTIFACTORY_MASTER, topEncrypter=BytesEncrypterBase{ Cipher='AES128',  keyId='23Xpx'}, formatUsed=DotFormat, decrypters=[BytesEncrypterBase{ Cipher='AES128',  keyId='23Xpx'}]}
2018-07-03 12:07:39,743 [art-init] [ERROR] (o.j.s.c.EncryptionWrapperBase:185) - no matched algorithm and key for AES128 z5R8K
2018-07-03 12:07:39,751 [art-init] [ERROR] (o.a.w.s.ArtifactoryContextConfigListener:92) - Application could not be initialized: no matched algorithm and key forAES128 z5R8K
java.lang.reflect.InvocationTargetException: null
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
	at org.artifactory.webapp.servlet.ArtifactoryContextConfigListener.configure(ArtifactoryContextConfigListener.java:207)
	at org.artifactory.webapp.servlet.ArtifactoryContextConfigListener.access$200(ArtifactoryContextConfigListener.java:63)
	at org.artifactory.webapp.servlet.ArtifactoryContextConfigListener$1.run(ArtifactoryContextConfigListener.java:88)
Caused by: org.springframework.beans.factory.BeanInitializationException: Failed to initialize bean 'org.artifactory.config.InternalCentralConfigService'.; nested exception is org.jfrog.security.crypto.exception.CryptoRuntimeException: org.jfrog.security.crypto.KeyIdAlgCipherNotFound: no matched algorithm and key forAES128 z5R8K
	at org.artifactory.spring.ArtifactoryApplicationContext.refresh(ArtifactoryApplicationContext.java:253)
	at org.artifactory.spring.ArtifactoryApplicationContext.<init>(ArtifactoryApplicationContext.java:136)
	... 7 common frames omitted
Caused by: org.jfrog.security.crypto.exception.CryptoRuntimeException: org.jfrog.security.crypto.KeyIdAlgCipherNotFound: no matched algorithm and key forAES128 z5R8K
	at org.jfrog.security.crypto.EncryptionWrapperBase.decryptFallback(EncryptionWrapperBase.java:195)
	at org.jfrog.security.crypto.EncryptionWrapperBase.decrypt(EncryptionWrapperBase.java:129)
	at org.jfrog.security.crypto.EncryptionWrapperBase.decrypt(EncryptionWrapperBase.java:115)
	at org.jfrog.security.crypto.EncryptionWrapperBase.decrypt(EncryptionWrapperBase.java:101)
	at org.jfrog.security.crypto.EncryptionWrapperBase.decryptIfNeeded(EncryptionWrapperBase.java:92)
	at org.jfrog.security.crypto.EncryptionWrapperBase.encryptIfNeeded(EncryptionWrapperBase.java:253)
	at org.artifactory.common.crypto.CryptoHelper.encryptIfNeeded(CryptoHelper.java:73)
	at org.artifactory.layout.EncryptConfigurationInterceptor.getNewPassword(EncryptConfigurationInterceptor.java:181)
	at org.artifactory.layout.EncryptConfigurationInterceptor.encryptOrDecrypt(EncryptConfigurationInterceptor.java:171)
	at org.artifactory.layout.EncryptConfigurationInterceptor.encrypt(EncryptConfigurationInterceptor.java:203)
	at org.artifactory.layout.EncryptConfigurationInterceptor.onBeforeSave(EncryptConfigurationInterceptor.java:193)
	at org.artifactory.config.ConfigurationChangesInterceptorsImpl.onBeforeSave(ConfigurationChangesInterceptorsImpl.java:43)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:201)
	at com.sun.proxy.$Proxy119.onBeforeSave(Unknown Source)
	at org.artifactory.config.CentralConfigServiceImpl.preSaveDescriptor(CentralConfigServiceImpl.java:319)
	at org.artifactory.config.CentralConfigServiceImpl.forceSaveDescriptorInternal(CentralConfigServiceImpl.java:377)
	at org.artifactory.config.CentralConfigServiceImpl.initCacheAndGetCurrent(CentralConfigServiceImpl.java:166)
	at org.artifactory.config.CentralConfigServiceImpl.init(CentralConfigServiceImpl.java:147)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
	at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
	at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281)
	at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
	at org.artifactory.storage.fs.lock.aop.LockingAdvice.invoke(LockingAdvice.java:76)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207)
	at com.sun.proxy.$Proxy120.init(Unknown Source)
	at org.artifactory.spring.ArtifactoryApplicationContext.refresh(ArtifactoryApplicationContext.java:251)
	... 8 common frames omitted
Caused by: org.jfrog.security.crypto.KeyIdAlgCipherNotFound: no matched algorithm and key forAES128 z5R8K
	at org.jfrog.security.crypto.EncryptionWrapperBase.decryptFallback(EncryptionWrapperBase.java:186)
	... 45 common frames omitted
...

If needed, I can attach full log or file /artifactory.config.import.xml

Postgress, Artifactory, and Nginx all don't have write permission

Following the documentation here to get a docker private registry deployed on containers: https://www.jfrog.com/confluence/display/RTF/Getting+Started+with+Artifactory+as+a+Docker+Registry#GettingStartedwithArtifactoryasaDockerRegistry-UsingDockerCompose-1MinuteSetup.1

After running this command:
curl -L 'https://bintray.com/api/v1/content/jfrog/run/art-compose/$latest/art-compose?bt_package=art-compose' | sudo bash

All of my containers are restarting with the following errors:

Postgresql

chmod: changing permissions of ‘/var/lib/postgresql/data’: Permission denied

Artifactory

mkdir: cannot create directory ‘/var/opt/jfrog/artifactory/data’: Permission denied

Nginx

mkdir: cannot create directory '/var/opt/jfrog/nginx/conf.d': Permission denied

All of these directories are the specified volumes in the compose file.

How to best bootstrap a container based on jFrog image?

I was wondering how I bootstrap from Jfrogs base image. I would like to have pre-configured LDAP settings, DB connection, repositories and structure.

Would it be sufficient to copy own files , artifactory.config.xml, artifactory.system.properties, db.properties to images artifactory home?
e.g. something like:

ENV ARTIFACTORY_HOME=/opt/jfrog/artifactory

COPY ./etc ${ARTIFACTORY_HOME}/etc

Can I configure Artifactory to live at http://some.domain:port instead of http://some.domain:port/artifactory/

https://stackoverflow.com/questions/47177636/configure-artifactory-to-live-at-http-some-domainport-instead-of-http-some

Swarm Mode Version?

Requesting swarm mode (v3 file) Artifactory as a Docker Service version.

The nginx proxy pass value is not changing to the value of art_base_url in the docker compose file.

Maybe I'm doing this wrong, I set ART_BASE_URL=http://mycustomartifactory:8081/artifactory in my docker compose file. When I start with "docker-compose up " the nginx proxy pass does not change to the value in ART__BASE_URL. It is still http://artifactory:8081/artifactory. I have to stop the containers, change the file manually and then restart the containers to get it to work.

Thanks

Error when using ha-shared-data

Running prepareHostEnv.sh for ha-shared-data gives an error.

./prepareHostEnv.sh -t ha-shared-data -c
On Mac. Setting DEFAULT_ROOT_DATA_DIR to /Users/cyrilchene/.artifactory
Creating /Users/cyrilchene/.artifactory
Copying needed files to directories
Artifactory configuration files
Nginx Artifactory configuration
cp: ./../files/nginx/conf.d/ha-shared-data/*: No such file or directory

Potential copy/paste error in script

In the getArtifactoryComposeYaml function in the art-compose file there is this line:

        echo "Getting ${COMPOSE_FILE}"
        curl -# -o ${COMPOSE_FILE} ${ART_COMPOSE_YML} || errorExit "Getting ${DB_DRIVER} failed"

I'm guessing it probably should be something like this:

        echo "Getting ${COMPOSE_FILE}"
        curl -# -o ${COMPOSE_FILE} ${ART_COMPOSE_YML} || errorExit "Getting ${COMPOSE_FILE} failed"

Master key mismatch. The provided master.key file does't match the DB fingerprint. Make sure your db.properties configurations are valid and the master key matches the DB you are trying to connect to.

Given I would not know where to raise this I thought to join the party and do the same as done here (#12). I'm trying to install Artifactory in HA mode.

I am trying to start Artifactory from an EC2 instance that is currently configured as the primary node. When I do that via systemctl start artifactory, I get the following:

==> logs/catalina/catalina.2018-06-22.log <==
22-Jun-2018 10:27:18.193 SEVERE [localhost-startStop-2] org.apache.catalina.core.ContainerBase.addChildInternal ContainerBase.addChild: start:
 org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/access]]
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:752)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:728)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:734)
	at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:630)
	at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1842)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Caused by: org.springframework.context.ApplicationContextException: Unable to start embedded container; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.boot.autoconfigure.jersey.JerseyAutoConfiguration': Unsatisfied dependency expressed through constructor parameter 1; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jerseyConfig' defined in URL [jar:file:/opt/jfrog/artifactory/tomcat/webapps/access/WEB-INF/lib/access-application-4.0.1.jar!/org/jfrog/access/rest/config/JerseyConfig.class]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.jfrog.access.rest.config.JerseyConfig]: Constructor threw exception; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'authFilter' defined in URL [jar:file:/opt/jfrog/artifactory/tomcat/webapps/access/WEB-INF/lib/access-server-rest-4.0.1.jar!/org/jfrog/access/server/rest/filter/AuthFilter.class]: Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'authenticationServiceImpl': Unsatisfied dependency expressed through method 'setCertificateService' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'accessStartupService': Invocation of init method failed; nested exception is java.lang.RuntimeException: Master key mismatch. The provided master.key file does't match the DB fingerprint. Make sure your db.properties configurations are valid and the master key matches the DB you are trying to connect to.
	at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.onRefresh(EmbeddedWebApplicationContext.java:137)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:536)
	at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122)
	at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:693)
	at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:360)
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:303)
	at org.springframework.boot.web.support.SpringBootServletInitializer.run(SpringBootServletInitializer.java:151)
	at org.springframework.boot.web.support.SpringBootServletInitializer.createRootApplicationContext(SpringBootServletInitializer.java:131)
	at org.springframework.boot.web.support.SpringBootServletInitializer.onStartup(SpringBootServletInitializer.java:86)
	at org.springframework.web.SpringServletContainerInitializer.onStartup(SpringServletContainerInitializer.java:169)
	at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5196)
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
	... 10 more
Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.boot.autoconfigure.jersey.JerseyAutoConfiguration': Unsatisfied dependency expressed through constructor parameter 1; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jerseyConfig' defined in URL [jar:file:/opt/jfrog/artifactory/tomcat/webapps/access/WEB-INF/lib/access-application-4.0.1.jar!/org/jfrog/access/rest/config/JerseyConfig.class]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.jfrog.access.rest.config.JerseyConfig]: Constructor threw exception; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'authFilter' defined in URL [jar:file:/opt/jfrog/artifactory/tomcat/webapps/access/WEB-INF/lib/access-server-rest-4.0.1.jar!/org/jfrog/access/server/rest/filter/AuthFilter.class]: Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'authenticationServiceImpl': Unsatisfied dependency expressed through method 'setCertificateService' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'accessStartupService': Invocation of init method failed; nested exception is java.lang.RuntimeException: Master key mismatch. The provided master.key file does't match the DB fingerprint. Make sure your db.properties configurations are valid and the master key matches the DB you are trying to connect to.
	at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:749)
	at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:189)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1193)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1095)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:513)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:483)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
	at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:372)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1173)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1067)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:513)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:483)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
	at org.springframework.boot.web.servlet.ServletContextInitializerBeans.getOrderedBeansOfType(ServletContextInitializerBeans.java:234)
	at org.springframework.boot.web.servlet.ServletContextInitializerBeans.getOrderedBeansOfType(ServletContextInitializerBeans.java:215)
	at org.springframework.boot.web.servlet.ServletContextInitializerBeans.addServletContextInitializerBeans(ServletContextInitializerBeans.java:91)
	at org.springframework.boot.web.servlet.ServletContextInitializerBeans.<init>(ServletContextInitializerBeans.java:79)
	at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.getServletContextInitializerBeans(EmbeddedWebApplicationContext.java:241)
	at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.selfInitialize(EmbeddedWebApplicationContext.java:228)
	at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.access$000(EmbeddedWebApplicationContext.java:89)
	at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext$1.onStartup(EmbeddedWebApplicationContext.java:213)
	at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.createEmbeddedServletContainer(EmbeddedWebApplicationContext.java:168)
	at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.onRefresh(EmbeddedWebApplicationContext.java:134)
	... 21 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jerseyConfig' defined in URL [jar:file:/opt/jfrog/artifactory/tomcat/webapps/access/WEB-INF/lib/access-application-4.0.1.jar!/org/jfrog/access/rest/config/JerseyConfig.class]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.jfrog.access.rest.config.JerseyConfig]: Constructor threw exception; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'authFilter' defined in URL [jar:file:/opt/jfrog/artifactory/tomcat/webapps/access/WEB-INF/lib/access-server-rest-4.0.1.jar!/org/jfrog/access/server/rest/filter/AuthFilter.class]: Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'authenticationServiceImpl': Unsatisfied dependency expressed through method 'setCertificateService' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'accessStartupService': Invocation of init method failed; nested exception is java.lang.RuntimeException: Master key mismatch. The provided master.key file does't match the DB fingerprint. Make sure your db.properties configurations are valid and the master key matches the DB you are trying to connect to.
	at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:279)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1193)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1095)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:513)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:483)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
	at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:208)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1138)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1066)
	at org.springframework.beans.factory.support.ConstructorResolver.resolveAutowiredArgument(ConstructorResolver.java:835)
	at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:741)
	... 49 more
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.jfrog.access.rest.config.JerseyConfig]: Constructor threw exception; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'authFilter' defined in URL [jar:file:/opt/jfrog/artifactory/tomcat/webapps/access/WEB-INF/lib/access-server-rest-4.0.1.jar!/org/jfrog/access/server/rest/filter/AuthFilter.class]: Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'authenticationServiceImpl': Unsatisfied dependency expressed through method 'setCertificateService' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'accessStartupService': Invocation of init method failed; nested exception is java.lang.RuntimeException: Master key mismatch. The provided master.key file does't match the DB fingerprint. Make sure your db.properties configurations are valid and the master key matches the DB you are trying to connect to.
	at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:154)
	at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:122)
	at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:271)
	... 62 more
Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'authFilter' defined in URL [jar:file:/opt/jfrog/artifactory/tomcat/webapps/access/WEB-INF/lib/access-server-rest-4.0.1.jar!/org/jfrog/access/server/rest/filter/AuthFilter.class]: Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'authenticationServiceImpl': Unsatisfied dependency expressed through method 'setCertificateService' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'accessStartupService': Invocation of init method failed; nested exception is java.lang.RuntimeException: Master key mismatch. The provided master.key file does't match the DB fingerprint. Make sure your db.properties configurations are valid and the master key matches the DB you are trying to connect to.
	at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:749)
	at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:189)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1193)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1095)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:513)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:483)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:519)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:508)
	at org.springframework.context.support.AbstractApplicationContext.getBeansOfType(AbstractApplicationContext.java:1189)
	at org.jfrog.access.rest.config.JerseyConfig.registerAdditionalFilters(JerseyConfig.java:68)
	at org.jfrog.access.rest.config.JerseyConfig.<init>(JerseyConfig.java:33)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
	at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:142)
	... 64 more
Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'authenticationServiceImpl': Unsatisfied dependency expressed through method 'setCertificateService' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'accessStartupService': Invocation of init method failed; nested exception is java.lang.RuntimeException: Master key mismatch. The provided master.key file does't match the DB fingerprint. Make sure your db.properties configurations are valid and the master key matches the DB you are trying to connect to.
	at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:667)
	at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:88)
	at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:366)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1264)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:553)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:483)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
	at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:208)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1138)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1066)
	at org.springframework.beans.factory.support.ConstructorResolver.resolveAutowiredArgument(ConstructorResolver.java:835)
	at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:741)
	... 83 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'accessStartupService': Invocation of init method failed; nested exception is java.lang.RuntimeException: Master key mismatch. The provided master.key file does't match the DB fingerprint. Make sure your db.properties configurations are valid and the master key matches the DB you are trying to connect to.
	at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor.postProcessBeforeInitialization(InitDestroyAnnotationBeanPostProcessor.java:137)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:409)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1620)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:555)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:483)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:296)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
	at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:208)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1138)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1066)
	at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:659)
	... 97 more
Caused by: java.lang.RuntimeException: Master key mismatch. The provided master.key file does't match the DB fingerprint. Make sure your db.properties configurations are valid and the master key matches the DB you are trying to connect to.
	at org.jfrog.security.masterkey.MasterKeyBootstrapper.verifyKeyAgainstDb(MasterKeyBootstrapper.java:107)
	at org.jfrog.security.masterkey.MasterKeyBootstrapper.validateOrInsertKeyIfNeeded(MasterKeyBootstrapper.java:94)
	at org.jfrog.security.masterkey.MasterKeyBootstrapper.handleMasterKey(MasterKeyBootstrapper.java:35)
	at org.jfrog.access.server.startup.AccessStartupService.init(AccessStartupService.java:39)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor$LifecycleElement.invoke(InitDestroyAnnotationBeanPostProcessor.java:366)
	at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor$LifecycleMetadata.invokeInitMethods(InitDestroyAnnotationBeanPostProcessor.java:311)
	at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor.postProcessBeforeInitialization(InitDestroyAnnotationBeanPostProcessor.java:134)
	... 111 more

22-Jun-2018 10:27:18.205 SEVERE [localhost-startStop-2] org.apache.catalina.startup.HostConfig.deployDescriptor Error deploying configuration descriptor [/opt/jfrog/artifactory/tomcat/conf/Catalina/localhost/access.xml]
 java.lang.IllegalStateException: ContainerBase.addChild: start: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/access]]
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:756)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:728)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:734)
	at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:630)
	at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1842)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)

22-Jun-2018 10:27:18.207 INFO [localhost-startStop-2] org.apache.catalina.startup.HostConfig.deployDescriptor Deployment of configuration descriptor [/opt/jfrog/artifactory/tomcat/conf/Catalina/localhost/access.xml] has finished in [6,790] ms
22-Jun-2018 10:27:18.208 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/opt/jfrog/artifactory/tomcat/webapps/ROOT]
22-Jun-2018 10:27:18.224 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/opt/jfrog/artifactory/tomcat/webapps/ROOT] has finished in [16] ms
22-Jun-2018 10:27:18.226 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8081"]
22-Jun-2018 10:27:18.232 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8040"]
22-Jun-2018 10:27:18.234 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-8019"]
22-Jun-2018 10:27:41.877 INFO [main] org.apache.catalina.core.StandardServer.await A valid shutdown command was received via the shutdown port. Stopping the Server instance.
22-Jun-2018 10:27:41.877 INFO [main] org.apache.coyote.AbstractProtocol.pause Pausing ProtocolHandler ["http-nio-8081"]
22-Jun-2018 10:27:41.879 INFO [main] org.apache.coyote.AbstractProtocol.pause Pausing ProtocolHandler ["http-nio-8040"]
22-Jun-2018 10:27:41.880 INFO [main] org.apache.coyote.AbstractProtocol.pause Pausing ProtocolHandler ["ajp-nio-8019"]
22-Jun-2018 10:27:41.880 INFO [main] org.apache.catalina.core.StandardService.stopInternal Stopping service [Catalina]
22-Jun-2018 10:27:41.887 INFO [main] org.apache.coyote.AbstractProtocol.stop Stopping ProtocolHandler ["http-nio-8081"]
22-Jun-2018 10:27:41.889 INFO [main] org.apache.coyote.AbstractProtocol.stop Stopping ProtocolHandler ["http-nio-8040"]
22-Jun-2018 10:27:41.891 INFO [main] org.apache.coyote.AbstractProtocol.stop Stopping ProtocolHandler ["ajp-nio-8019"]
22-Jun-2018 10:27:41.892 INFO [main] org.apache.coyote.AbstractProtocol.destroy Destroying ProtocolHandler ["http-nio-8081"]
22-Jun-2018 10:27:41.893 INFO [main] org.apache.coyote.AbstractProtocol.destroy Destroying ProtocolHandler ["http-nio-8040"]
22-Jun-2018 10:27:41.894 INFO [main] org.apache.coyote.AbstractProtocol.destroy Destroying ProtocolHandler ["ajp-nio-8019"]
22-Jun-2018 10:27:41.897 WARNING [main] org.apache.catalina.loader.WebappClassLoaderBase.clearReferencesThreads The web application [access] appears to have started a thread named [logback-watchdog] but has failed to stop it. This is very likely to create a memory leak. Stack trace of thread:
 java.lang.Thread.sleep(Native Method)
 org.jfrog.common.util.FileWatchDog.run(FileWatchDog.java:101)

The master.key has been manually generated and provisioned on the EC2 instance at the location specified in the documentation ($ARTIFACTORY_HOME/etc/security/master.key). The EC2 instance is running Fedora 26.

Artifactory PRO has been installed via RPM and this is an enterprise installation.

Googling this error does not help. There is nothing I could find anywhere, nor on the official documentation...

Any help will be much appreciated.

Timezone ?

Currently the timezone for the docker image docker.bintray.io/jfrog/artifactory-pro is set to Etc/UTC

docker exec -it artifactory cat /etc/timezone

Would be nice if we can set the timezone through docker-compose file like :

version "2"

services:
  artifactory:
    image: docker.bintray.io/jfrog/artifactory-pro:5.4.6
    environment:
      TZ: "Europe/Paris"
    ...

Thanks!

Securing Artifactory with SSL

Is there any option to secure the docker.bintray.io/jfrog/artifactory-oss image directly with SSL?

Currently I only found examples that use the opinionated nginx-artifactory-pro image what yields some problems:

Imagine a Swarm cluster that provides some CI services like Artifactory, Jenkins and so on. Having all these services inside the swarm, often one central API/reverse proxy is desired (like Traefik) so that traffic can be routed to the distinct services without having to bring up a dedicated poxy for each service.

Also, having multiple proxies running in the swarm but port 443 being only bindable once, so kind of port mapping needs to be done in front of the Swarm cluster what is also no real good.

There is also a security concern, as traffic between Artifactory and the reverse proxy itself is not encrypted.

Using static ip address for HA Helm chart

I'm on GCP. I'd like to use a static IP address for my HA Helm chart setup.

art-compose and hosting a docker repository not working together.

I have a 3 note setup (by using art-compose) and then hosting a docker repository in the resulting artifactory instance. I can login to the docker repo if I point the docker client directly at artifactory but if I try to use the nginx the authentication doesn't seem to be making it across and it gives a strange error about v2 docker not supported.

I'm duplicating here but the original question is on slashdot.

CentOS 7.3
SELinux Disable
All activity below is on the "host" machine, just using different IP addresses and ports.
10.15.53.21 is the host itself, this is where the art-compose was run.
172.19.0.3 is the bridged docker network for the artifactory container. nginx is 172.19.0.4.

We're running artifactory ~~6.0.2~~ 6.0.3 on-perm as a container (along with nginx and postgresql) as described in running artifactory as a docker instance.

I have set up the basic "docker" instance.

Locally on the same machine as the artifactory container:

# docker login localhost:8081
Username: test
Password: 
Login Succeeded

However, using the nginx port:

# export DOCKER_OPTS=" --insecure-registry docker-local.artifactory.company.com"
# echo password | docker login -u test --password-stdin artifactory.company.com
Error response from daemon: Get https://artifactory.company.com/v2/: unknown: Unsupported docker repository request for 'v2'

I also tried using ~/.docker/config.json with the auth information (base64) however it still giving me the same error.

artifactory.log shows:

2018-06-21 13:25:48,088 [http-nio-8081-exec-3] [ERROR] (o.a.a.d.r.DockerResource:425) - Unsupported docker repository request for 'v2'

access.log shows:

2018-06-21 13:25:48,089 [DENIED LOGIN]  for test/172.19.0.4

request.log shows:

20180625075813|1|REQUEST|172.19.0.2|_internal|GET|/api/system/configuration/reverseProxy/nginx|HTTP/1.1|404|0
20180625075823|1|REQUEST|172.19.0.2|_internal|GET|/api/system/configuration/reverseProxy/nginx|HTTP/1.1|404|0
20180625075823|1|REQUEST|10.15.9.4|**non_authenticated_user**|GET|/api/docker//v2/|HTTP/1.0|401|0
20180625075823|2|REQUEST|10.15.9.4|**non_authenticated_user**|GET|/api/docker/v2/token|HTTP/1.0|400|0

nginx access.log:

ip = 10.15.53.21 user = "-" local_time = "27/Jun/2018:11:28:36 +0000" host = artifactory.company.com request = "GET /v2/ HTTP/1.1" status = 401 bytes = 87 upstream = "172.19.0.3:8081" upstream_time = 0.001 request_time = 0.001 referer = "-" UA = "docker/18.03.1-ce go/go1.9.5 git-commit/9ee9f40 kernel/3.10.0-862.3.3.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/18.03.1-ce \x5C(linux\x5C))"
ip = 10.15.53.121 user = "test" local_time = "27/Jun/2018:11:28:36 +0000" host = artifactory.company.com request = "GET /artifactory/api/docker//v2/token?account=test&client_id=docker&offline_token=true&service=artifactory.company.com%3A443 HTTP/1.1" status = 400 bytes = 122 upstream = "172.19.0.3:8081" upstream_time = 0.001 request_time = 0.001 referer = "-" UA = "docker/18.03.1-ce go/go1.9.5 git-commit/9ee9f40 kernel/3.10.0-862.3.3.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/18.03.1-ce \x5C(linux\x5C))"

Why is db password being written to file?

The database password for the docker examples are being written to a file in $ARTIFACTORY_HOME/.dbpassword in this setDbPassword but this file doesnt seem to actually be used anywhere.

It seems like this can be safely dropped. A better way to handle the password in the docker-compose files is also to use standard .env file with a ARTIFACTORY_DB_PASSWORD and the end user can either set the password in the .env file or remove the file in a production environment and pass it in as real environment variable to the docker-compose file.

Then the compose files can be changed to something like this:

version: '2'
services:
  postgresql:
    image: docker.bintray.io/postgres:9.5.2
    container_name: postgresql
    ports:
     - 5432:5432
    environment:
     - POSTGRES_DB=artifactory
     # The following must match the DB_USER and DB_PASSWORD values passed to Artifactory
     - POSTGRES_USER=artifactory
     - POSTGRES_PASSWORD=${ARTIFACTORY_DB_PASSWORD}
    volumes:
     - /data/postgresql:/var/lib/postgresql/data
    restart: always
    ulimits:
      nproc: 65535
      nofile:
        soft: 32000
        hard: 40000
  artifactory:
    image: docker.bintray.io/jfrog/artifactory-pro:5.9.0
    container_name: artifactory
    ports:
     - 8081:8081
    depends_on:
     - postgresql
    links:
     - postgresql
    volumes:
     - /data/artifactory:/var/opt/jfrog/artifactory
    environment:
     - DB_TYPE=postgresql
     # The following must match the POSTGRES_USER and POSTGRES_PASSWORD values passed to PostgreSQL
     - DB_USER=artifactory
     - DB_PASSWORD=${ARTIFACTORY_DB_PASSWORD}
     # Add extra Java options by uncommenting the following line
     #- EXTRA_JAVA_OPTIONS=-Xmx4g
    restart: always
    ulimits:
      nproc: 65535
      nofile:
        soft: 32000
        hard: 40000

Suggested Volume for Deployment using Swarm in AWS

Hi there,

Requirements

Our enterprise has apps that requires the most popular Registries such as Docker, Java, NPM, YUM (RPM), etc.
We are a RHEL shop
We need to support more than a thousand users around the globe
Comes down to thousands of Builds servers (AMI, Packer, Jenkins, CircleCI, etc)
We need a centralized, HA solution for all
We got a PRO license and our enterprise might be discussing long-term licenses.

Volume Requirement - Swarm Mode - Questions

Taking into account https://github.com/JFrogDev/artifactory-docker-examples/tree/master/swarm
Given the requirements above, what Volume management do you think it is feasible to use?
I've been experimenting with RexRay for Volume management backed by AWS EBS (single Host) and not started with AWS EFS (HA) for other applications.

Questions:

What is the appropriate architecture for dealing with remote Volume in an HA environment?
What volume in AWS? EFS? EBS? S3?
Any Trade-offs info around those?
When deploying everything using Swarm Mode, what is your recommended approach for each of the separate Registries needed?
Should a single install be sufficient for all the requirement, or should we partition installations in different accounts/regions?

thank you!

docker login error - x509: certificate signed by unknown authority

I was using docker-compose to deploy artifactory 5.3.1 and nginx. I read the instructions for : "Artifactory Pro with Derby and Nginx for https support" and I ran :

$ sudo ./prepareHostEnv.sh -t pro -c

Since I wanted reverse-proxy (I'm using artifactory for docker images as well) I also created my certs on the same box :

root@ip-10-0-0-96:/data/nginx/ssl# ls -asl
total 16
4 drwxr-xr-x 2 syslog crontab 4096 May 26 19:24 .
4 drwxr-xr-x 6 syslog crontab 4096 May 28 14:40 ..
4 -rw-r--r-- 1 syslog crontab 3272 May 26 19:24 art5.key
4 -rw-r--r-- 1 syslog crontab 1805 May 26 19:24 art5.pem

and I created my keys this way in the /data/nginx/ssl directory :
openssl req -nodes -x509 -newkey rsa:4096 -keyout art5.key -out art5.pem -days 356 -subj "/C=US/CN=mymachine.mydomain.com"

I then ran "docker-compose -f artifactory-pro-nginx-derby.yml up -d" and the artifactory and nginx containers startup.

From another machine I connect to http://mymachine.mydomain.com:8081 and I see artifactory starting up. I then tell the setup to create my admin user, and create a docker repo (which gets called docker-local which is ok cause I'm learning) and I make sure admin is allowed to read the "docker-local" repo. Nginx also allows http://mymachine.mydomain.com/ and https://mymachine.mydomain.com to work. The fun starts there ... from the cli on another machine I issue :

docker login mymachine.mydomain.com
username: admin
password:
Error response from daemon: Get https://mymachine.mydomain.com/v1/users/: x509: certificate signed by unknown authority

https through nginx is working :

curl -I -k -v https://mymachine.mydomain.com

Rebuilt URL to: https://mymachine.mydomain.com/
Trying 4.7.3.2...
Connected to mymachine.mydomain.com (4.7.3.2) port 443 (#0)
TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Server certificate: mymachine.mydomain.com

HEAD / HTTP/1.1
Host: mymachine.mydomain.com
User-Agent: curl/7.43.0
Accept: /

< HTTP/1.1 302 Moved Temporarily
HTTP/1.1 302 Moved Temporarily
< Server: nginx/1.11.10
Server: nginx/1.11.10
< Date: Sun, 28 May 2017 14:56:33 GMT
Date: Sun, 28 May 2017 14:56:33 GMT
< Content-Type: text/html
Content-Type: text/html
< Content-Length: 162
Content-Length: 162
< Location: https://mymachine.mydomain.com/artifactory/webapp/
Location: https://mymachine.mydomain.com/artifactory/webapp/
< Connection: keep-alive
Connection: keep-alive

Connection #0 to host mymachine.mydomain.com left intact

docker -v
Docker version 17.03.0-ce, build 3a232c8

docker-compose --version
docker-compose version 1.13.0, build 1719ceb

uname -a
Linux ip-10-0-0-96 4.4.0-78-generic #99-Ubuntu SMP Thu Apr 27 15:29:09 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.2 LTS"

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
35e36b270575 docker.bintray.io/jfrog/nginx-artifactory-pro:5.3.1 "/bin/sh -c /entry..." 43 hours ago Up 43 hours 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp nginx
e3f27bc62fd3 docker.bintray.io/jfrog/artifactory-pro:5.3.1 "/bin/sh -c /entry..." 43 hours ago Up 43 hours 0.0.0.0:8081->8081/tcp artifactory

Not using HTTPS requires Docker clients to add an --insecure-registry flag to DOCKER_OPTS ... but I HTTPS is obviously working cause I can get through in my web browser. Are there additional options I need to set on artifactory and/or from the machine I'm running 'docker login mymachine.mydomain.com' from ?

Directory '/opt/jfrog/artifactory/data' is not writable!

out of the box, Artifactory for k8s gives me an error of:

org.artifactory.common.ArtifactoryHome - Warning: Directory '/opt/jfrog/artifactory/data' is not writable!

I'm running as user 1030 (since we cannot run as root), is there something I'm missing that will get past this error?

Can't deploy helm charts onto Kubernetes cluster

Trying to deploy the helm charts according to the instructions in the README.md (https://github.com/jfrog/artifactory-docker-examples/tree/master/kubernetes/helm/artifactory) and according to this post: https://jfrog.com/blog/confessions-of-a-devops-frog-automating-artifactory-deployment-to-kubernetes-is-actually-easy/

But i'm getting some errors on mounting volumes:
Unable to mount volumes for pod "artifactory-postgresql-546887d8b9-v2rcr_default(01f63411-9305-11e8-b908-000d3ab658f8)": timeout expired waiting for volumes to attach/mount for pod "default"/"artifactory-postgresql-546887d8b9-v2rcr". list of unattached/unmounted volumes=[data]

The cluster is located on Azure, am I supposed to create manually the PV and PVC before deploying the charts?

Helm charts fail lint

$ helm lint --strict artifactory-ha
==> Linting artifactory-ha
[ERROR] templates/: render error in "artifactory-ha/templates/nginx-service.yaml": template: artifactory-ha/templates/_helpers.tpl:54:14: executing "artifactory-ha.nginx.fullname" at <.Values.nginx.fullna...>: map has no entry for key "fullnameOverride"

Error: 1 chart(s) linted, 1 chart(s) failed
$ helm lint --strict artifactory
==> Linting artifactory
[ERROR] templates/: render error in "artifactory/templates/nginx-service.yaml": template: artifactory/templates/_helpers.tpl:30:40: executing "artifactory.nginx.fullname" at <.Values.nameOverride>: map has no entry for key "nameOverride"

Error: 1 chart(s) linted, 1 chart(s) failed

Make server_name Configurable in Artifactory charts.

When we deploy Artifactory using charts it takes artifactory service name as Server Name. To change it to domain name we need to manually exec into pod and change it. IF container crashes it reverts nginx configuration to default.

Problem - download images from docker.bintray.io

Hi i have problem to download images.
Yesterday (13.06.2017) it works. I am trying to use https://github.com/JFrogDev/artifactory-docker-examples/blob/master/docker-compose/artifactory-pro.yml

docker.bintray.io/postgres:9.5.2
docker.bintray.io/jfrog/artifactory-pro:5.3.2
docker.bintray.io/jfrog/nginx-artifactory-pro:5.3.2

Allow support to set StorageClass for Artifactory-Ha helm chart

Settting JAVA Max Memory

When setting "EXTRA_JAVA_OPTIONS=-Xmx8g" the JVM will launch with with duplicate "-Xmx" args

JVM Arguments:
Args: -Djava.util.logging.config.file=/opt/jfrog/artifactory/tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djdk.tls.ephemeralDHKeySize=****
-Djava.protocol.handler.pkgs=org.apache.catalina.webresources
-Xms512m
-Xmx2g
-Xss256k
-XX:+UseG1GC
-XX:OnOutOfMemoryError=kill -9 %p
-Djruby.compile.invokedynamic=false
-Dfile.encoding=UTF8
-Dartdist=zip
-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true
-Djava.security.egd=file:/dev/./urandom
-Xmx8g

Provided private key and latest private key fingerprints mismatch.

I have no idea where to post this but doe anyone have an idea what is wrong and why artifactory fails to start?

09-Mar-2017 11:21:41.912 SEVERE [localhost-startStop-1] org.apache.catalina.core.StandardContext.listenerStart Exception sending context initialized event to listener instance of class org.artifactory.webapp.servlet.AccessServerStarter
java.lang.IllegalStateException: Provided private key and latest private key fingerprints mismatch. provided: 69bb6f7139e10fb1451354742734019fb8b76bb0a1b7ac66d11ded1d0671356c, latest: 72eb1d3af1a9035a7069450c0de547fded00575f856becc78d799ab86bbcb4c6
at org.jfrog.access.server.AccessServerBootstrap.verifyLatestPrivateKey(AccessServerBootstrap.java:251)
at org.jfrog.access.server.AccessServerBootstrap.copyPrivateKeyAndCertFromBootstrapIfExists(AccessServerBootstrap.java:210)
at org.jfrog.access.server.AccessServerBootstrap.initPrivateKeyAndCert(AccessServerBootstrap.java:128)
at org.jfrog.access.server.AccessServerBootstrap.(AccessServerBootstrap.java:80)
at org.artifactory.webapp.servlet.AccessServerStarter.startAccessServer(AccessServerStarter.java:51)
at org.artifactory.webapp.servlet.AccessServerStarter.contextInitialized(AccessServerStarter.java:34)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4853)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5314)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:753)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:729)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:587)
at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1798)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)

Database name is not configurable

The user needs to have capabilities to change database name. Looks likes its hard coded.

Confusing changes in artifactory for maven cache

Hi, I've been using jfrog-docker-reg2.bintray.io/jfrog/artifactory-oss:latest as my maven cache server. Either it changed recently or maybe docker 1.13 broke it, so I tried resetting the environment.

The new artifactory instructions and images are really confusing. This is supposedly "Running with Docker for V4.x":

https://www.jfrog.com/confluence/display/RTF/Running+Artifactory+OSS

but it says to use docker pull docker.bintray.io/jfrog/artifactory-oss:latest but that is the latest 5.0, not 4.x. Should it be frog-docker-reg2.bintray.io/jfrog/artifactory-oss:4.1.0 instead? Or docker.bintray.io/jfrog/artifactory-oss:4.1.2?

And does 5.0 really require an interactive setup in order to enable the maven repository? That used to be automatic, is there any way to script that to use default installation options?

Artifactory Docker Image(s) should support secrets

Currently, if using an external database, an environment property for setting the database password can be leveraged.

A better way would be to use Docker secrets. The official PostgreSQL image show cases how that can be achieved. They leave the choice to the user to provide the password via env property or secret definition.

More details can be found here: docker-library/postgres#111

(I am not quite sure if this is the correct place to report the issue. If not please correct me.)

Running the artifactory-ha.yml image fails to start Nginx

Steps to reproduce:

Save the docker-compose yaml file:
wget https://raw.githubusercontent.com/jfrog/artifactory-docker-examples/master/docker-compose/artifactory-ha.yml
Run docker-compose:
docker-compose up

Note the Nginx gets stuck in a restart loop as the artifactory.conf file is not set correctly

nginx | 2018-07-31 17:37:34 [146 entrypoint-nginx.sh] Preparing to run Nginx in Docker
nginx | 2018-07-31 17:37:34 [11 entrypoint-nginx.sh] Dockerfile for this image can found inside the container.
nginx | 2018-07-31 17:37:34 [12 entrypoint-nginx.sh] To view the Dockerfile: 'cat /docker/nginx-artifactory-pro/Dockerfile.nginx'.
nginx | 2018-07-31 17:37:34 [69 entrypoint-nginx.sh] Setting up directories if missing
nginx | 2018-07-31 17:37:34 [140 entrypoint-nginx.sh] Artifactory configuration already in /var/opt/jfrog/nginx/conf.d/artifactory.conf
nginx | 2018-07-31 17:37:34 [28 entrypoint-nginx.sh] SSL is set. Setting up SSL certificate and key
nginx | 2018-07-31 17:37:34 [41 entrypoint-nginx.sh] Found SSL_KEY /var/opt/jfrog/nginx/ssl/example.key
nginx | 2018-07-31 17:37:34 [43 entrypoint-nginx.sh] Found SSL_PEM /var/opt/jfrog/nginx/ssl/example.pem
nginx | 2018-07-31 17:37:34 [54 entrypoint-nginx.sh] Updating /var/opt/jfrog/nginx/conf.d/artifactory.conf with /var/opt/jfrog/nginx/ssl/example.key and /var/opt/jfrog/nginx/ssl/example.pem
nginx | 2018-07-31 17:37:34 [77 entrypoint-nginx.sh] Setting permissions on Nginx directories
nginx | 2018-07-31 17:37:34 [158 entrypoint-nginx.sh] Starting updateConf.sh in the background
nginx | 2018-07-31 17:37:34 [163 entrypoint-nginx.sh] Starting nginx daemon...
nginx | nginx: [emerg] host not found in upstream "artifactory" in /etc/nginx/conf.d/artifactory.conf:27

This is after both node1 and node2 have started. It looks like the Nginx node cannot communicate with the upstream URLs it is configured for.

**jfrog@jfrog:~/downloads/art-test$ docker-compose ps
Name Command State Ports

artifactory-node1 /entrypoint-artifactory.sh Up 0.0.0.0:8081->8081/tcp
artifactory-node2 /entrypoint-artifactory.sh Up 0.0.0.0:8082->8081/tcp
nginx /bin/sh -c /entrypoint-ngi ... Restarting
postgresql /docker-entrypoint.sh postgres Up 0.0.0.0:5432->5432/tcp**

Curls from within the Nginx container fail to reach the running Artifactory nodes on both the base_url and IP addresses.

Add node affinity support in helm charts

Allow helm charts to chose nodes to run pods on. For e.g Allow parameter to run artifactory-primary and artifactory-member pods on different nodes.

Dockerfile available?

I'm currently trying to find a Dockerfile for docker.bintray.io/jfrog/artifactory-pro.
Is there one available somewhere?

Docker image file permissions

I have been using the following Artifactory Docker images:

Image	Volume
docker.bintray.io/jfrog/artifactory-pro:5.9.0	`/srv/artifactory/artifactory:/var/opt/jfrog/artifactory`
docker.bintray.io/jfrog/nginx-artifactory-pro:5.9.0	`/srv/artifactory/nginx:/var/opt/jfrog/nginx`

I am using configuration management to place files into /srv/artifactory/artifactory aka my ARTIFACTORY_HOME and /srv/artifactory/nginx for the Nginx config and SSL files.

The problem I am running into with this is that both Docker images do not recursively chown all the contents of their respective folders to the right user/group on startup before starting the main Artifactory/nginx daemon.

What this means is if my configuration management on my host system sets the owner/group on the files to root:root, when we start the Artifactory image, it thinks some files are not there simply because it doesnt have ownership rights to them and fails to start properly.

What makes this more confusing to manage is that looking at the uid/gid assigned to these files on the host makes no sense from outside of the containers themselves because it can be a uid/gid that exists only in the container or random user/group on the host based on whatever uid/gid matches.

This is a request to make these containers always recursively chown the files in these folders to the respective uid/gid of each service before starting it so we dont have to manage this from outside the container in whatever volumes we use.

Documentation - How to install plugins in Artifactory if helm charts are used?

If Artifactory is installed via Helm Charts, there is no easy way to install plugins. Like the use of ConfigMaps as documented here - https://github.com/JFrogDev/artifactory-docker-examples/tree/master/openshift/artifactory#installing-user-plugins

Dockerfile missing

The Dockerfile & source for the images are missing:

docker.bintray.io/jfrog/nginx-artifactory-pro:5.5.1
docker.bintray.io/jfrog/artifactory-pro:5.5.1

There's quite a lot going on with the entrypoints, and fixing issues/forking is difficult.

Diff'ing the history, It seems the postgres image is an unmodifed postgres:9.5.2 image.

Artifactory in docker swarm does not work

Hi,

We are using Artifactory enterprise license and trying to setup a multi site network topology. Is Docker swarm mode suitable for that?

Volumes don't work in docker swarm-mode
Container names aren't supported
Unable to manage artifactory instances and the Swarm's load balancer will take to any task running the instance and not the one you want to manage in Mission Control.
Is Swarm Mode appropriate for multi site topology?

The liveness probe in the mission control deployment is over indented and when passing a nodeselector

Link to offending line of code: https://github.com/helm/charts/blob/edd5421c4724a1f41475b236bdf6d86b5de9e8a0/stable/mission-control/templates/mission-control-deployment.yaml#L117

Helm upgrade is not taking licenses from secret.

Once you install artifactory-ha using helm install --name artifactory-ha stable/artifactory-ha
Then if you create license secret and try to pass that secret to artifactory-ha using helm upgrade artifactory-ha --set artifactory.license.secret=artifactory-cluster-license,artifactory.license.dataKey=art.lic stable/artifactory-ha it's not taking licenses.

Unable to access artifactory gui when running artifactory container on nfs mounted volume

I can run artifactory-nginx-postgres just fine with the docker compose file provided.

I add the fstab entry and mount /data/artifactory to an nfs share, I can no longer reach the artifactory web gui. I check the logs and it looks like everything has started correctly, but I get a HTTP Status 404 - not found error. NFS versions 3 and 4 have been tried with the same result.

I unmount the share, restart docker-compose and everything is working again.

"persistence.enabled=false" still mounts the PV

When running Artifactory HA using an RDS database and S3 storage, we would like to avoid having the local persistent disk. A number of things are cached there, such as database passwords, and subsequent restarts of the pods don't update values from Secrets.

Please provide an example security.import.xml

It would be great if you provided an example of a security.import.xml file. I am presently trying to build a specific artifactory image for my organization. But I can't seem to find any decent references or examples to help me bake the permission setup into the image...

For example what would be the valid values of the masks property of ace?

But just in general it would be really great to have a reference of the XML and the properties.

For example what is the property for setting a group as administrators?

db.properties Setup Invalid - Kubernetes w/ PSQL

I am deploying Artifactory on Kubernetes, with an external Postgres database. I am having a difficult time using the environment variables as defined here: link

First, it is not clear in the documentation (link above) that one is expected to prepend the DB_URL env_var with jdbc:postgresql://, which I was able to figure out based on the sample postgresql file that gets copied to db.properties on boot. The next issue is that the password env_var DB_PASSWORD is being ignored completely. When looking at the finalized db.properties file created on first boot, the password is marked as password=password. I have confirmed the env_var is exported properly and visible in the container.

Running this container: docker.bintray.io/jfrog/artifactory-pro:6.1.0

Pieces of the manifest I am deploying:

        image: docker.bintray.io/jfrog/artifactory-pro:6.1.0
        env:
        - name: DB_TYPE
          value: postgresql
        - name: DB_USER
          value: artifactory
        - name: DB_PASSWORD
          valueFrom:
              secretKeyRef:
                name: artifactory-secret
                key: DB_PASSWORD
        - name: DB_URL
          value: jdbc:postgresql://url-database:5432/artifactory

From startup logs:

2018-07-15 02:56:22  [447 entrypoint-artifactory.sh] Setting DB_PASSWORD to **********
sed: -e expression #1, char 34: unterminated `s' command

Running Artifactory and Postgres as non-root

Hello,
I am trying to deploy Artifactory (Pro in a weeks time) OSS. I need to deploy Artifactory and Postgres with a non-root user. Just wondering if you have baked images which would allow that or would i need to write a dockerfile on my own. My environment doesn't allow running privileged containers. (kubernetes 1.8)

I did see a different issue where the security context was set to 1030 user id to run but caused issues since currently Artifactory doesn't allow to run as non-root Has that been fixed so that i can try it out?

Small typo creates a problem

The template should be defined as following

name: ${NAME}
namespace: ${NAMESPACE}

and not

name: ${NAME}
name: ${NAMESPACE}

https://github.com/JFrogDev/artifactory-docker-examples/blob/470cbb63c47afe985e8423b425f6e1607d4f7524/openshift/artifactory/database/postgresql/secrets/postgresql-secret.yaml#L11

Docker volumes are troublesome, wiki/repo does not provide proper examples

When using docker volumes, Artifactory is unable to create the sub-directories:

Preparing to run Artifactory in Docker
=====================================
2018-07-10 18:44:45   [44 entrypoint-artifactory.sh] Dockerfile for this image can found inside the container.
2018-07-10 18:44:45   [45 entrypoint-artifactory.sh] To view the Dockerfile: 'cat /docker/artifactory-oss/Dockerfile.artifactory'.
2018-07-10 18:44:45   [50 entrypoint-artifactory.sh] Checking open files and processes limits
2018-07-10 18:44:45   [53 entrypoint-artifactory.sh] Current max open files is 32000
2018-07-10 18:44:45   [65 entrypoint-artifactory.sh] Current max open processes is 65535
2018-07-10 18:44:45   [75 entrypoint-artifactory.sh] Checking if /var/opt/jfrog/artifactory is mounted
2018-07-10 18:44:45   [80 entrypoint-artifactory.sh] /var/opt/jfrog/artifactory is mounted
2018-07-10 18:44:45   [86 entrypoint-artifactory.sh] Setting up data directories if missing
mkdir: cannot create directory ‘/var/opt/jfrog/artifactory/etc’: Permission denied
2018-07-10 18:44:45   [34 entrypoint-artifactory.sh] ERROR: Creating /var/opt/jfrog/artifactory/etc folder failed

On inspection of the image, it seems they are chowned by user 'artifactory', which explains this:

[mtdeguzis@host: artifactory]$ sudo docker exec -it 46d7fb651c9582717992fa58dbca2138cb0a1c9af638e92230ba7d5351179369 bash
root@46d7fb651c95:/# ls
bin  boot  dev  docker  docker-java-home  entrypoint-artifactory.sh  etc  home  lib  lib32  lib64  libx32  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
root@46d7fb651c95:/# ls -la /var/
backups/ cache/   lib/     local/   lock/    log/     mail/    opt/     run/     spool/   tmp/
root@46d7fb651c95:/# ls -la /var/opt/jfrog/
total 0
drwxr-xr-x. 3 root        root        25 Jul 10 20:24 .
drwxr-xr-x. 3 root        root        19 Jul 10 20:24 ..
drwxr-xr-x. 7 artifactory artifactory 69 Jul 10 20:24 artifactory

The wiki docs, https://www.jfrog.com/confluence/display/RTF/Installing+with+Docker, do not explain this properly. You end up spending a long time trying to figure this out while using provided docker compose examples and noticing the container runs as root, but it appears some processes are contained to this user (makes sense), but sub-directory creation will then fail outright

My YAML file, based off this repo's: https://gist.github.com/mtdeguzis/693ac68afeee1de2b54b1fd80717972c

If you are going to go this route, it should be expalined to create the named volumes ahead of time and chown them property as the artifactory user. Since your Dockerfile is not posted online that I can see, I had to extract it from the image I ran. Where is this online? Same goes for the startup scrtipt.

Tried to fix this, but no luck:

sudo docker volume create --name artifactory-data
# UID sourced from Dockefile
useradd --uid 1030 artifactory

sudo chown artifactory $(sudo docker volume inspect --format='{{.Mountpoint}}' artifactory-data)

deployment section is part of service yaml

Noticed that the deployment section is part of the service yaml. Looks like an issue.

Examples use links instead of networks

The links directive is legacy, and should not be used: https://docs.docker.com/network/links/. Is there a reason links are being used here? I am using a network with no issue (e.g. "artifactory-network")

Warning: The --link flag is a legacy feature of Docker. It may eventually be removed. Unless you absolutely need to continue using it, we recommend that you use user-defined networks to facilitate communication between two containers instead of using --link. One feature that user-defined networks do not support that you can do with --link is sharing environmental variables between containers. However, you can use other mechanisms such as volumes to share environment variables between containers in a more controlled way.

See Differences between user-defined bridges and the default bridge for some alternatives to using --link.

Helm installer post deploy message does not apply to AWS

After successfully deploying to kurbernetes via helm on AWS, the following message is deployed.

Congratulations. You have just deployed JFrog Artifactory Pro!

Get the Artifactory URL by running these commands:

NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of the service by running 'kubectl get svc -w nginx'
export SERVICE_IP=$(kubectl get svc --namespace default nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP/
..
=====

On AWS, kubectl get svc outputs a hostname instead of IP address, SERVICE_IP evauates to empty string. Replacing ingress[0].ip with ingress[0]hostname works fine in AWS. So the message displayed is pertinent to GCP only and not to AWS. Either the message can be made cloud aware or can be made more generic

HA Helm chart doesn't seem to support TLS

I'm probably missing something obvious, but I can't seem to find how to configure TLS in the HA Helm chart. I see it for the "regular" Helm chart.

Amazon Linux wont start with compose due to ulimit

Currently, I have had issues starting the artifactory-pro-nginx-derby.yml compose file due to limits within amazon linux. The issue is that the containers inherit a very small ulimit(1024) no matter what I do.

What I suggest is to add a ulimit configuration to the docker compose files.
Something like
ulimits:
nproc: 65535
nofile:
soft: 20000
hard: 40000

Kubernetes examples should use a more generic PV type

The current storage examples use hostPath, which is good for Minikube and not for a real deployment on a Kubernetes cluster.
The PVC should use the volume.alpha.kubernetes.io/storage-class: default storage class which will allow it to choose the default PV type depending on the vendor hosting the cluster.

Why mounting postgresql.jar is required?

This is the manual step which requires human intervention to get Artifactory up and running. Why not to vendor it in inside the container?