搭建Artifactory集群
制品倉庫系統有很多,例如Artifactory、Archiva、Sonatype Nexus、Eclipse Package Drone,其中Artifactory擁有很多強大的企業級特性和人性化的用戶接口,擁有眾多客戶群。很多大型的公司都在使用它,通過以下的Google趨勢圖可以看出,它越來越受青睞。功能對比在此:Binary Repository Manager Feature Matrix
Artifactory許可證
官方正版license,3個 License 25900美元(16.7萬人民幣)一年,貴的離譜。本文以實驗學習為主使用最新破解版4.7.4,破解也非常容易就不贅述了。商業用途,請使用正版。
所需硬件
Artifactory集群需要以下硬件設備:
- 支持粘性會話的均衡負載(HAProxy/Nginx等)。
- NFS共享文件夾。
- 數據庫(MySQL等)。
搭建架構圖
網絡
集群中所有的節點最好處於同一局域網內,節點之間使用固定端口傳輸數據。
服務器
本文使用阿里雲ECS服務器,申請三台阿里雲ECS服務器分別取名artifactory-master,artifactory-slave,artifactory-nfs。
Artifactory節點配置
artifactory會部署在artifactory-master和artifactory-slave上,需要安裝所需的軟件。
- 生成ssh key並配置authorized_keys方便服務管理。
-
安裝JDK 8。
apt-get install software-properties-common add-apt-repository ppa:webupd8team/java apt-get update apt-get install oracle-java8-installer
-
編輯.bashrc文件
vi ~/.bashrc在文件尾加入以下內容:if [ -f ~/.bash_env ]; then . ~/.bash_env fi -
創建
.bash_env文件touch ~/.bash_env並添加JAVA_HOME環境變量:export JAVA_HOME=/usr/lib/jvm/java-8-oracle export JRE_HOME=$JAVA_HOME/jre export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib export PATH=$JAVA_HOME/bin:$PATH
-
上傳artifactory-pro-4.7.4.zip到artifactory-master和artifactory-slave服務器
/opt目錄並解壓,並生成兩個不同的artifactory.lic許可證,分別放在/opt/artifactory-pro-4.7.4/etc目錄下。scp artifactory-pro-4.7.4.zip root@<ip>:/opt
-
分別在artifactory兩個節點設置artifactory環境變量,編輯
.bash_env文件。export ARTIFACTORY_HOME=/opt/jfrog/artifactory-pro-4.7.4 export JAVA_HOME=/usr/lib/jvm/java-8-oracle export JRE_HOME=$JAVA_HOME/jre export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib export PATH=$JAVA_HOME/bin:$PATH
-
安裝artifactory as service。
sh installService.sh passwd artifactory <new password>
NFS配置
NFS配置需要在artifactory-nfs上安裝NFS服務端,需要在artifactory-master和artifactory-salve上安裝NFS客戶端。
-
在artifactory-nfs服務器上安裝nfs-kernel-server。
apt-get install nfs-kernel-server
-
在/etc/exports文件里增加一行。
/artifactory/cluster-home *(rw,sync,no_root_squash,no_subtree_check)
-
在artifactory-master和artifactory-salve分別安裝NFS客戶端。
apt-get install nfs-common portmap
-
在artifactory-master和artifactory-salve分別創建NFS待掛載目錄/artifactory/cluster-home。
mkdir /artifactory/cluster-home mount <artifactory-nfs' IP>:/artifactory/cluster-home /artifactory/cluster-home
-
將NFS目錄分配權限。
chown -R artifactory:artifactory /artifactory/cluster-home
安裝MySQL
在artifactory-nfs上安裝MySQL。
-
安裝MySQL。
apt-get install mysql-server mysql-client mysql> CREATE DATABASE artdb CHARACTER SET utf8 COLLATE utf8_bin; CREATE USER artifactory IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON *.* TO 'artifactory'@'%' IDENTIFIED BY 'password' WITH GRANT OPTION; FLUSH PRIVILEGES;
-
允許MySQL遠程訪問。修改雲主機上的/etc/mysql/my.cnf 文件,注釋掉 bind_address=127.0.0.1就可以了,然后重啟MySQL。
- 復制mysql-connector-java-5.1.38.jar到/opt/jfrog/artifactory-pro-4.7.4/tomcat/lib下面。
配置artifactory-master
-
在
/artifactory/cluster-home下創建一下目錄:mkdir ha-etc mkdir ha-data mkdir ha-backup
-
在
./ha-etc下創建文件cluster.properties,內容為:##隨機生成的token,保證唯一就行 security.token=4n4tpxip7spQQu2pKf3811S2W7GY46Yb
-
在
./ha-etc下創建文件storage.properties,內容為:type=mysql driver=com.mysql.jdbc.Driver url=jdbc:mysql://<artifactory-nfs' IP>:3306/artdb?characterEncoding=UTF-8&elideSetAutoCommits=true username=artifactory password=password
-
復制
artifactory.system.properties和mimetypes.xml文件mv /opt/jfrog/artifactory-pro-4.7.4/etc/artifactory.system.properties /artifactory/cluster-home/ha-etc mv /opt/jfrog/artifactory-pro-4.7.4/etc/mimetypes.xml /artifactory/cluster-home/ha-etc
-
在/opt/artifactory-pro-4.7.4/etc目錄下創建
ha-node.properties文件,內容如下:node.id=art1 cluster.home=/artifactory/cluster-home context.url=http://<artifactory-master's IP>:8081/artifactory membership.port=10001 primary=true
-
在
.bash_env文件添加$CLUSTER_HOME環境變量。export ARTIFACTORY_HOME=/opt/jfrog/artifactory-pro-4.7.4 export CLUSTER_HOME=/artifactory/cluster-home export JAVA_HOME=/usr/lib/jvm/java-8-oracle export JRE_HOME=$JAVA_HOME/jre export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib export PATH=$JAVA_HOME/bin:$PATH
配置artifactory-slave
注意:對於每個artifactory集群節點使用的artifactory.lic是不一樣的,否者將會報錯。
-
在/opt/artifactory-pro-4.7.4/etc目錄下創建
ha-node.properties文件,內容如下:node.id=art2 cluster.home=/artifactory/cluster-home context.url=http://<artifactory-slave's IP>:8081/artifactory membership.port=10001 primary=false
-
在.bash_env文件添加
$CLUSTER_HOME環境變量。export ARTIFACTORY_HOME=/opt/jfrog/artifactory-pro-4.7.4 export CLUSTER_HOME=/artifactory/cluster-home export JAVA_HOME=/usr/lib/jvm/java-8-oracle export JRE_HOME=$JAVA_HOME/jre export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib export PATH=$JAVA_HOME/bin:$PATH
安裝Nginx負載均衡
Nginx也支持粘性會話如使用ip_hash等,但是最好的方案是借助第三份中間件例如Redis來存儲session,使用Nginx+Tomcat+Redis組合。在此我使用最簡單的ip_hash方法。Nginx的/etc/nginx/nginx.conf文件配置:
##/etc/nginx/nginx.conf
user www-data;
worker_processes 8;
error_log /var/log/nginx/error.log crit;
pid /run/nginx.pid;
events
{
use epoll;
worker_connections 8192;
}
http
{
include /etc/nginx/mime.types;
default_type application/octet-stream;
charset utf-8;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
keepalive_timeout 30;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
# gzip壓縮功能設置
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/json application/xml application/x-javascript text/css text/xml text/javascript;
gzip_vary on;
#允許客戶端請求的最大的單個文件字節數
client_max_body_size 10m;
#緩沖區代理緩沖用戶端請求的最大字節數
client_body_buffer_size 128k;
#跟后端服務器連接的超時時間_發起握手等候響應超時時間
proxy_connect_timeout 600;
#連接成功后_等候后端服務器響應時間_其實已經進入后端的排隊之中等候處理
proxy_read_timeout 600;
#后端服務器數據回傳時間_就是在規定時間之內后端服務器必須傳完所有的數據
proxy_send_timeout 600;
#代理請求緩存區_這個緩存區間會保存用戶的頭信息以供Nginx經行規則處理_一般只要能保存下頭信息即可
proxy_buffer_size 16k;
#Nginx保存單個用的幾個Buffer及最大用多大空間
proxy_buffers 4 32k;
#如果系統很忙的時候可以申請最大的proxy_buffers
proxy_busy_buffers_size 64k;
#proxy緩存臨時文件的大小
proxy_temp_file_write_size 64k;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
##/etc/nginx/site-available/default
upstream artifactory {
ip_hash;
server <ip>:<port>;
server <ip>:<port>;
}
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.html index.htm;
# Make site accessible from http://localhost/
server_name localhost;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
location /artifactory {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Url-Scheme $scheme;
proxy_redirect off;
proxy_pass http://artifactory;
}
# Media: images, icons, video, audio, HTC
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc| woff)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
proxy_pass http://artifactory;
}
# CSS and Javascript
location ~* \.(?:css|js)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
proxy_pass http://artifactory;
}
}
啟動
su - artifactory service artifactory start
倉庫之間復制
Artifactory允許支持不同地區不同項目之間artifactory實例復制。帶來的好處有以下幾點:
- 不同地區的開發團隊可以使用相同artifacts。
- 構建的產出artifacts能夠及時共享。
- 緩解遠程網絡連接不穩定性。
- 訪問遠程其他artifactory倉庫。
Push方式
用於本地倉庫,上傳到某個artifactory實例的某個本地倉庫能夠同步到其他遠程artifactory倉庫里面。
Pull方式
用於遠程倉庫,將遠程artifactory倉庫同步到本地artifactory某個倉庫。
安裝JFrog Mission Control
服務器有限,在artifactory-master上安裝Mission Control。
wget https://akamai.bintray.com/84/842469ab2f8d53dcd01e99c1f96b39b7580571a20096f741446e5c789ff2bca5?__gda__=exp=1462285257~hmac=76ab0b04df1b8b374bd539b83e246f8fe00ad8be57d7d7e47138b9ffb1b13a78&response-content-disposition=attachment%3Bfilename%3D%22jfrog-mission-control-1.1.deb%22&response-content-type=application%2Fx-debian-package apt-get install net-tools dpkg -i jfrog-mission-control-1.1.deb
安裝Jenkins
在artifactory-slave上安裝Jenkins
wget -q -O - https://jenkins-ci.org/debian/jenkins-ci.org.key | sudo apt-key add - sudo sh -c 'echo deb http://pkg.jenkins-ci.org/debian binary/ > /etc/apt/sources.list.d/jenkins.list' sudo apt-get update sudo apt-get install jenkins
安裝Packer
安裝jenkins packer plugin
安裝docker
apt-get install docker.io
把jenkins用戶加入到docker的group里面。
gpasswd -a jenkins docker
設置Artifactory的docker repository
生成ssl
apt-get install openssl mkdir /etc/nginx/ssl openssl genrsa -out "/etc/nginx/ssl/artifactory.key" 2048 openssl req -new -key "/etc/nginx/ssl/artifactory.key" -out "/etc/nginx/ssl/artifactory.csr" openssl x509 -req -days 365 -in "/etc/nginx/ssl/artifactory.csr" -signkey "/etc/nginx/ssl/artifactory.key" -out "/etc/nginx/ssl/artifactory.crt"
配置Nginx
upstream artifactory {
ip_hash;
server <IP>:<PORT>;
server <IP>:<PORT>;
}
server {
listen 80;
server_name <IP>;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
rewrite ^/$ /artifactory/webapp/ redirect;
rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect;
location /artifactory/ {
proxy_read_timeout 900;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
proxy_pass http://artifactory/artifactory/;
proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 443 ssl;
server_name <IP>;
ssl on;
ssl_certificate /etc/nginx/ssl/artifactory.crt;
ssl_certificate_key /etc/nginx/ssl/artifactory.key;
ssl_session_cache shared:SSL:1m;
ssl_prefer_server_ciphers on;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
rewrite ^/$ /artifactory/webapp/ redirect;
rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect;
location /artifactory/ {
proxy_read_timeout 900;
proxy_pass_header Server;
proxy_cookie_path ~*^/.* /;
proxy_pass http://artifactory/artifactory/;
proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Artifactory生態鏈
