artifactory

• reference

  • integration with pipeline

  • aql

  • Artifactory SSL Certification

• configuration

  • allow partial folder in particular repo

  • access token

• setup repository

  • debian/ubuntu

[!NOTE|label:reference:]

• How to enable verbose log on JVM Garbage Collection

  • JAVA_OPTIONS:

    -verbose:gc -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -Xloggc:/path/to/file/gc.log

reference

integration with pipeline

• Scripted Pipeline Syntax

• Jenkins Pipeline Examples

aql

Jenkins Artifactory Plugin AQL download latest artifact matching pattern

$pair = "$($art_user):$($art_pass)"
Write-Verbose "Attempting to convert Artifactory credentials to a base64 string for automation"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$headers = @{
    Authorization = $basicAuthValue
}

Write-Host "Attempting to perform a AQL search."
$aql_search = $art_base_url + "/api/search/aql"
Write-Host "Building aql query with the following parameters, groupID: $group_id, artifactID: $artifact_id, version: $version, classifier: $classifier and repos: $art_generic_repokey."
$aql_query = 'items.find({"repo":"' + $art_generic_repokey + '","$or":[{"$and":[{"path":{"$match":"' + $group_id + '/' + $artifact_id + '/' + $version + '"},"name":{"$match":"' + $artifact_id + '*' + $classifier + '*.' + $extension + '"}}]}]}).sort({"$desc":["modified"]}).limit(1)'
Write-Host "Built the following aql query: '$aql_query' ."
$aql_content = Invoke-RestMethod -Uri $aql_search -Headers $headers -Method Post -Body $aql_query -ContentType 'text/plain'
Write-Host "Attempting to submit the aql query to the following artifactory server: $art_base_url."
$aql_results = ($aql_content).results
Write-Host "Attempting to parse query results and build the artifact download uri."
$aql_repo,$aql_path,$aql_name = ($aql_results).repo,($aql_results).path,($aql_results).name
$artifactDownloadUri = $art_base_url + '/' + $aql_repo + '/' + $aql_path + '/' + $aql_name
Write-Host "Found the following uri: $artifactDownloadUri !!"

if ($artifactMimeType  -eq 'application/zip' -or $extension -eq 'zip') {
    Write-Verbose "Attempting to save the artifact to $download_dir/$art_dist_name.zip"
    Invoke-RestMethod -Uri $artifactDownloadUri -Headers $headers -OutFile "$download_dir/$art_dist_name.zip"
}

Artifactory SSL Certification

[!NOTE|label:references:]

• ARTIFACTORY: How to Resolve an “unable to find valid certification path to requested target” Error
• Using TLS Certificates as a Client
• Working with Certificates and SSL
• ibook : ssl/keystore

[!TIP|label:see also:]

• iMarslo: get remote server certs

get remote cert

$ openssl s_client -showcerts -connect <domain.com>:<port>

#i.e.
$ echo -n |
       openssl s_client -connect <domain.com>:<port> -debug |
       sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > <domain>.crt
# or
$ keytool -printcert \
          -rfc \
          -sslserver <domain.com>:<port> > <domain>.crt
# or
# https://www.howtouselinux.com/post/openssl-command-to-generate-view-check-certificate
$ echo -n |
       openssl s_client \
              [-servername <domain.com>] \
              -connect <domain.com>:<port> 2>/dev/null |
       openssl x509

[!NOTE] if issue (i:) is the same as subject (s:). Therefore, this is the root certificat. i.e. :

$ openssl s_client -connect cdn.redhat.com:443 -showcerts < /dev/null
Certificate chain
 0 s:C = US, ST = North Carolina, O = "Red Hat, Inc.", OU = Red Hat Network, CN = cdn.redhat.com
   i:C = US, ST = North Carolina, O = "Red Hat, Inc.", OU = Red Hat Network, CN = Red Hat Entitlement Operations Authority, emailAddress = ca-support@redhat.com
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
 1 s:C = US, ST = North Carolina, O = "Red Hat, Inc.", OU = Red Hat Network, CN = Red Hat Entitlement Operations Authority, emailAddress = ca-support@redhat.com
   i:C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU = Red Hat Network, CN = Entitlement Master CA, emailAddress = ca-support@redhat.com
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
 2 s:C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU = Red Hat Network, CN = Entitlement Master CA, emailAddress = ca-support@redhat.com
   i:C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU = Red Hat Network, CN = Entitlement Master CA, emailAddress = ca-support@redhat.com
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

import to truststore

$ sudo keytool -importcert \
               -keystore /usr/local/java/jdk1.8.0_60/jre/lib/security/cacerts \
               -storepass changeit \
               -file <domain>.crt \
               -alias "<domain>-crt"

configuration

allow partial folder in particular repo

allow temp && demo, and disallow sprint && weekly

access token

[!NOTE|label:references:]

• ARTIFACTORY: Creating Access Tokens in Artifactory
• Access Tokens

generating expirable tokens

• from version 7.21.1, this can be specified by setting the token.max-expiry parameter in the $JFROG_HOME/artifactory/var/etc/artifactory/access.config.yml file ( prior to version 7.21.1, the parameter to set was artifactory.access.token.non.admin.max.expires.in ).

• if the token.max-expiry is equal to 0 (which is the default), there is no limitation to the token expiry. However, if the maximum expiry is greater than 0, the user cannot create a non-expirable token.

• the token.max-expiry parameter must be set to a value higher than the token.default-expiry parameter value.

setup repository

debian/ubuntu

[!NOTE|label:references:]

• Setting_up_Debian_repositories_with_JFrog_Artifactory.md