搭建Artifactory集羣

時間  2019-11-12
標籤 搭建 artifactory 集羣 欄目 負載均衡 简体版
原文   原文鏈接

搭建Artifactory集羣

製品倉庫系統有不少,例如ArtifactoryArchivaSonatype NexusEclipse Package Drone,其中Artifactory擁有不少強大的企業級特性和人性化的用戶接口,擁有衆多客戶羣。不少大型的公司都在使用它,經過如下的Google趨勢圖能夠看出,它愈來愈受青睞。功能對比在此:Binary Repository Manager Feature Matrixjavascript

Artifactory許可證

官方正版license,3個 License 25900美圓(16.7萬人民幣)一年,貴的離譜。本文以實驗學習爲主使用最新破解版4.7.4,破解也很是容易就不贅述了。商業用途,請使用正版。css

所需硬件

Artifactory集羣須要如下硬件設備:html

  1. 支持粘性會話的均衡負載(HAProxy/Nginx等)。
  2. NFS共享文件夾。
  3. 數據庫(MySQL等)。

搭建架構圖

網絡

集羣中全部的節點最好處於同一局域網內,節點之間使用固定端口傳輸數據。java

服務器

本文使用阿里雲ECS服務器,申請三臺阿里雲ECS服務器分別取名artifactory-master,artifactory-slave,artifactory-nfs。node

Artifactory節點配置

artifactory會部署在artifactory-master和artifactory-slave上,須要安裝所需的軟件。mysql

  1. 生成ssh key並配置authorized_keys方便服務管理。

  2. 安裝JDK 8。nginx

    apt-get install software-properties-common
add-apt-repository ppa:webupd8team/java
apt-get update
apt-get install oracle-java8-installer

  3. 編輯.bashrc文件vi ~/.bashrc在文件尾加入如下內容:git

    if [ -f ~/.bash_env ]; then
     . ~/.bash_env
fi

  4. 建立.bash_env文件touch ~/.bash_env並添加JAVA_HOME環境變量:github

    export JAVA_HOME=/usr/lib/jvm/java-8-oracle
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib
export PATH=$JAVA_HOME/bin:$PATH

  5. 上傳artifactory-pro-4.7.4.zip到artifactory-master和artifactory-slave服務器/opt目錄並解壓,並生成兩個不一樣的artifactory.lic許可證,分別放在/opt/artifactory-pro-4.7.4/etc目錄下。web

    scp artifactory-pro-4.7.4.zip root@<ip>:/opt

  6. 分別在artifactory兩個節點設置artifactory環境變量,編輯.bash_env文件。

    export ARTIFACTORY_HOME=/opt/jfrog/artifactory-pro-4.7.4
export JAVA_HOME=/usr/lib/jvm/java-8-oracle
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib
export PATH=$JAVA_HOME/bin:$PATH

  7. 安裝artifactory as service。

    sh installService.sh

passwd artifactory <new password>

NFS配置

NFS配置須要在artifactory-nfs上安裝NFS服務端,須要在artifactory-master和artifactory-salve上安裝NFS客戶端。

  1. 在artifactory-nfs服務器上安裝nfs-kernel-server。

    apt-get install nfs-kernel-server

  2. 在/etc/exports文件裏增長一行。

    /artifactory/cluster-home *(rw,sync,no_root_squash,no_subtree_check)

  3. 在artifactory-master和artifactory-salve分別安裝NFS客戶端。

    apt-get install nfs-common portmap

  4. 在artifactory-master和artifactory-salve分別建立NFS待掛載目錄/artifactory/cluster-home。

    mkdir /artifactory/cluster-home
mount <artifactory-nfs' IP>:/artifactory/cluster-home /artifactory/cluster-home

  5. 將NFS目錄分配權限。

    chown -R artifactory:artifactory /artifactory/cluster-home

安裝MySQL

在artifactory-nfs上安裝MySQL。

  1. 安裝MySQL。

    apt-get install mysql-server mysql-client

mysql>
CREATE DATABASE artdb CHARACTER SET utf8 COLLATE utf8_bin;
CREATE USER artifactory IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'artifactory'@'%' IDENTIFIED BY 'password' WITH GRANT OPTION;
FLUSH PRIVILEGES;

  2. MySQL性能優化

  3. 容許MySQL遠程訪問。修改雲主機上的/etc/mysql/my.cnf 文件,註釋掉 bind_address=127.0.0.1就能夠了,而後重啓MySQL。

  4. 複製mysql-connector-java-5.1.38.jar到/opt/jfrog/artifactory-pro-4.7.4/tomcat/lib下面。

配置artifactory-master

  1. /artifactory/cluster-home下建立一下目錄:

    mkdir ha-etc
mkdir ha-data
mkdir ha-backup

  2. ./ha-etc下建立文件cluster.properties,內容爲:

    ##隨機生成的token,保證惟一就行
security.token=4n4tpxip7spQQu2pKf3811S2W7GY46Yb

  3. ./ha-etc下建立文件storage.properties,內容爲:

    type=mysql
driver=com.mysql.jdbc.Driver
url=jdbc:mysql://<artifactory-nfs' IP>:3306/artdb?characterEncoding=UTF-8&elideSetAutoCommits=true
username=artifactory
password=password

  4. 複製artifactory.system.propertiesmimetypes.xml文件

    mv /opt/jfrog/artifactory-pro-4.7.4/etc/artifactory.system.properties /artifactory/cluster-home/ha-etc
mv /opt/jfrog/artifactory-pro-4.7.4/etc/mimetypes.xml /artifactory/cluster-home/ha-etc

  5. 在/opt/artifactory-pro-4.7.4/etc目錄下建立ha-node.properties文件,內容以下:

    node.id=art1
cluster.home=/artifactory/cluster-home
context.url=http://<artifactory-master's IP>:8081/artifactory
membership.port=10001
primary=true

  6. .bash_env文件添加$CLUSTER_HOME環境變量。

    export ARTIFACTORY_HOME=/opt/jfrog/artifactory-pro-4.7.4
export CLUSTER_HOME=/artifactory/cluster-home
export JAVA_HOME=/usr/lib/jvm/java-8-oracle
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib
export PATH=$JAVA_HOME/bin:$PATH

配置artifactory-slave

注意:對於每一個artifactory集羣節點使用的artifactory.lic是不同的,否者將會報錯。

  1. 在/opt/artifactory-pro-4.7.4/etc目錄下建立ha-node.properties文件,內容以下:

    node.id=art2
cluster.home=/artifactory/cluster-home
context.url=http://<artifactory-slave's IP>:8081/artifactory
membership.port=10001
primary=false

  2. 在.bash_env文件添加$CLUSTER_HOME環境變量。

    export ARTIFACTORY_HOME=/opt/jfrog/artifactory-pro-4.7.4
export CLUSTER_HOME=/artifactory/cluster-home
export JAVA_HOME=/usr/lib/jvm/java-8-oracle
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib
export PATH=$JAVA_HOME/bin:$PATH

安裝Nginx負載均衡

Nginx也支持粘性會話如使用ip_hash等,可是最好的方案是藉助第三份中間件例如Redis來存儲session,使用Nginx+Tomcat+Redis組合。在此我使用最簡單的ip_hash方法。Nginx的/etc/nginx/nginx.conf文件配置:

##/etc/nginx/nginx.conf
user www-data;

worker_processes 8;

error_log /var/log/nginx/error.log crit;

pid /run/nginx.pid;

events
{
  use epoll;
  worker_connections 8192;
}

http
{
  include /etc/nginx/mime.types;
  default_type application/octet-stream;

  charset utf-8;

  server_names_hash_bucket_size 128;
  client_header_buffer_size 32k;
  large_client_header_buffers 4 32k;

  keepalive_timeout 30;

  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;

  # gzip壓縮功能設置
  gzip on;
  gzip_min_length 1k;
  gzip_buffers 4 16k;
  gzip_http_version 1.1;
  gzip_comp_level 2;
  gzip_types text/plain application/json application/xml application/x-javascript text/css text/xml text/javascript;
  gzip_vary on;

  #容許客戶端請求的最大的單個文件字節數
  client_max_body_size 10m;

  #緩衝區代理緩衝用戶端請求的最大字節數
  client_body_buffer_size 128k;

  #跟後端服務器鏈接的超時時間_發起握手等候響應超時時間
  proxy_connect_timeout 600;

  #鏈接成功後_等候後端服務器響應時間_其實已經進入後端的排隊之中等候處理
  proxy_read_timeout 600;

  #後端服務器數據回傳時間_就是在規定時間以內後端服務器必須傳完全部的數據
  proxy_send_timeout 600;

  #代理請求緩存區_這個緩存區間會保存用戶的頭信息以供Nginx經行規則處理_通常只要能保存下頭信息便可
  proxy_buffer_size 16k;

  #Nginx保存單個用的幾個Buffer及最大用多大空間
  proxy_buffers 4 32k;

  #若是系統很忙的時候能夠申請最大的proxy_buffers
  proxy_busy_buffers_size 64k;

  #proxy緩存臨時文件的大小
  proxy_temp_file_write_size 64k;

  include /etc/nginx/conf.d/*.conf;
  include /etc/nginx/sites-enabled/*;
}

##/etc/nginx/site-available/default
upstream artifactory {
    ip_hash;
    server <ip>:<port>;
    server <ip>:<port>;
}

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    root /usr/share/nginx/html;
    index index.html index.htm;

    # Make site accessible from http://localhost/
    server_name localhost;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
        # Uncomment to enable naxsi on this location
        # include /etc/nginx/naxsi.rules
    }

   location /artifactory {
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Url-Scheme $scheme;
       proxy_redirect off;
       proxy_pass http://artifactory;
   }
  
   # Media: images, icons, video, audio, HTC
   location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc| woff)$ {
       expires 1M;
       access_log off;
       add_header Cache-Control "public";
       proxy_pass http://artifactory;
   }
    
   # CSS and Javascript
   location ~* \.(?:css|js)$ {
       expires 1M;
       access_log off;
       add_header Cache-Control "public";
       proxy_pass http://artifactory;
   }
}

啓動

su - artifactory
service artifactory start

倉庫之間複製

Artifactory容許支持不一樣地區不一樣項目之間artifactory實例複製。帶來的好處有如下幾點:

  1. 不一樣地區的開發團隊可使用相同artifacts。
  2. 構建的產出artifacts可以及時共享。
  3. 緩解遠程網絡鏈接不穩定性。
  4. 訪問遠程其餘artifactory倉庫。

Push方式

用於本地倉庫,上傳到某個artifactory實例的某個本地倉庫可以同步到其餘遠程artifactory倉庫裏面。

Pull方式

用於遠程倉庫,將遠程artifactory倉庫同步到本地artifactory某個倉庫。

安裝JFrog Mission Control

服務器有限,在artifactory-master上安裝Mission Control。

wget https://akamai.bintray.com/84/842469ab2f8d53dcd01e99c1f96b39b7580571a20096f741446e5c789ff2bca5?__gda__=exp=1462285257~hmac=76ab0b04df1b8b374bd539b83e246f8fe00ad8be57d7d7e47138b9ffb1b13a78&response-content-disposition=attachment%3Bfilename%3D%22jfrog-mission-control-1.1.deb%22&response-content-type=application%2Fx-debian-package

apt-get install net-tools

dpkg -i jfrog-mission-control-1.1.deb

安裝Jenkins

在artifactory-slave上安裝Jenkins

wget -q -O - https://jenkins-ci.org/debian/jenkins-ci.org.key | sudo apt-key add -
sudo sh -c 'echo deb http://pkg.jenkins-ci.org/debian binary/ > /etc/apt/sources.list.d/jenkins.list'
sudo apt-get update
sudo apt-get install jenkins

安裝Packer

安裝jenkins packer plugin

安裝docker

apt-get install docker.io

把jenkins用戶加入到docker的group裏面。

gpasswd -a jenkins docker

設置Artifactory的docker repository

生成ssl

apt-get install openssl

mkdir /etc/nginx/ssl

openssl genrsa -out "/etc/nginx/ssl/artifactory.key" 2048

openssl req -new -key "/etc/nginx/ssl/artifactory.key" -out "/etc/nginx/ssl/artifactory.csr"

openssl x509 -req -days 365 -in "/etc/nginx/ssl/artifactory.csr" -signkey "/etc/nginx/ssl/artifactory.key" -out "/etc/nginx/ssl/artifactory.crt"

配置Nginx

upstream artifactory {
    ip_hash;
    server <IP>:<PORT>;
    server <IP>:<PORT>;
}

server {
    listen 80;

    server_name <IP>;

    if ($http_x_forwarded_proto = '') {
        set $http_x_forwarded_proto  $scheme;
    }

    rewrite ^/$ /artifactory/webapp/ redirect;
    rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect;

    location /artifactory/ {
        proxy_read_timeout  900;
        proxy_pass_header   Server;
        proxy_cookie_path ~*^/.* /;
        proxy_pass         http://artifactory/artifactory/;
        proxy_set_header   X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory;
        proxy_set_header    X-Forwarded-Port  $server_port;
        proxy_set_header    X-Forwarded-Proto $http_x_forwarded_proto;
        proxy_set_header    Host              $http_host;
        proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
    }
}

server {
    listen 443 ssl;

    server_name <IP>;

    ssl on;
    ssl_certificate     /etc/nginx/ssl/artifactory.crt;
    ssl_certificate_key /etc/nginx/ssl/artifactory.key;
    ssl_session_cache shared:SSL:1m;
    ssl_prefer_server_ciphers   on;

    if ($http_x_forwarded_proto = '') {
        set $http_x_forwarded_proto  $scheme;
    }

    rewrite ^/$ /artifactory/webapp/ redirect;
    rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect;

    location /artifactory/ {
        proxy_read_timeout  900;
        proxy_pass_header   Server;
        proxy_cookie_path ~*^/.* /;
        proxy_pass         http://artifactory/artifactory/;
        proxy_set_header   X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory;
        proxy_set_header    X-Forwarded-Port  $server_port;
        proxy_set_header    X-Forwarded-Proto $http_x_forwarded_proto;
        proxy_set_header    Host              $http_host;
        proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
    }
}

Artifactory生態鏈

   

Artifactory集羣性能優化

  1. Artifactory Performance Tuning
相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程