JFrog Help Center

Our new portal is coming soon!
Documentation + Knowledge Base





JFrog Help Center - A new knowledge experience is coming your way soon!



Overview

The procedure to upgrade Insight depends on your installation type. We strongly recommend reading through this page before proceeding with your upgrade.

If you wish to continue using Insight, before upgrading, refer to the information onSystem Requirements.

Make sure to use the same upgrade method (RPM, Debian, Docker, etc.) as the one you initially used to install Insight.


Before You Proceed

JFrog Insight 1.x can only be installed as part of the JFrog Platform Deployment installation. Make sure this installation is completed first before continuing.

Default Home Directory

The default Insight home directory is defined according to the installation type. For additional details see theJFrog Product Directory Structurepage.

Note:This guide uses$JFROG_HOMEto represent the JFrog root directory containing the deployed product.

Setting Up High Availability on Mission Control

High Availability configuration for Insight requires a cluster of 3 or more active/active nodes on the same LAN.

JFrog Subscription Levels

SELF-HOSTED
ENTERPRISE
ENTERPRISE+
Page Contents



Upgrading from Version 1.x to 1.x

The following upgrade methods are supported:

When you upgrade a Insight high availability cluster, ensure that you trigger the upgrade process on all the nodes simultaneously.

Interactive Script Upgrade (Recommended)

This supports all install types, including Docker Compose, RPM and Debian.

  1. Stop the service.

    systemd OS
    systemctl stop insight
    systemv OS
    service insight stop
    Docker Compose
    cd jfrog-insight--compose docker-compose -p insight down
  2. Extract the contents of the compressed archive and go to the extracted folder.
    Note: Make sure to merge your customizations in your currentdocker-compose.yamlfile to the new extracted version of thedocker-compose.yamlfile.

    tar -xvf jfrog-insight--.tar.gz cd jfrog-insight--

    Copy the contents of the.envfile in the previous installation to the newly created.envfile in this archivewithout copying the versions, as this will affect the upgrade.

  3. Run the installer script.
    Note: If needed, the script will prompt you with a series of mandatory inputs, including thejfrogURL (custom base URL)andjoinKey.

    Compose
    ./config.sh
    RPM/DEB
    ./install.sh
  4. 启动和管理the Insight service.

    systemd OS
    systemctl start|stop insight
    systemv OS
    service insight start|stop
    Docker Compose
    cd jfrog-insight--compose docker-compose -p insight up -d docker-compose -p insight ps docker-compose -p insight down
  5. AccessInsightfrom your browser at:http:///ui/, go theDashboardtab in theApplicationmodule in the UI.
  6. Check Insight Log.

    tail -f $JFROG_HOME/insight/var/log/console.log

Manual RPM/Debian Upgrade

  1. Stop the current server.

    systemd OS
    systemctl stop insight
    systemv OS
    service insight stop
  2. Extract the contents of the compressed archive and go to the extracted folder.

    tar -xvf jfrog-insight--.tar.gz cd jfrog-insight--
  3. Configure Elasticsearch.


  4. When connecting an external instance of Elasticsearch to Insight, add the following flag in the Shared Configurations of$JFROG_HOME/insight/var/etc/system.yamlfile and step (6) can be skipped.

    shared: elasticsearch: external: true
  5. Recommended to install Search Guard plugin when using Elasticsearch that is packaged with Insight. This will help ensure secure communication to Elasticsearch.

    1. Search Guard package can be located in the extracted contents atjfrog-insight--/third-party/elasticsearch/search-guard-.zip.
      For installation steps, refer toSearch Guard documentation.

    2. Add an admin user to Search Guard which will ensure authenticated communication with Elasticsearch.
      1. The Search Guard configuration accepts a hashed password. Use the following command to generate the hash for the password. Also, add the username and password generated here in the Shared Configuration as specified in step (5) above.

        /etc/elasticsearch/plugins/search-guard-7/tools/hash.sh -p  #This will output a hashed password (), make a copy of it
      2. Prepare the configuration snippet to add a new(admin) user with the hashed password obtained from previous step

        : hash: "" backend_roles: - "admin" description: "Insight Elastic admin user"
      3. Paste the above snippet to the end of this filesg_internal_users.ymllocated at /etc/elasticsearch/plugins/search-guard-7/sgconfig/


    3. Enable anonymous access to “_cluster/health” endpoint. This is required to check the health of Elasticsearch cluster.
      1. Enable anonymous auth in this filesg_config.ymlat/etc/elasticsearch/plugins/search-guard-7/sgconfig/

        sg_config: dynamic: http: anonymous_auth_enabled: true #set this to true
      2. Map anonymous usersg_anonymousto backend rolesg_anonymous_backendrolein this file sg_roles_mapping.ymlat/etc/elasticsearch/plugins/search-guard-7/sgconfig

        sg_anonymous: backend_roles: - sg_anonymous_backendrole
      3. Add this snippet to the end of this filesg_roles.ymllocated at /etc/elasticsearch/plugins/search-guard-7/sgconfig

        sg_anonymous: cluster_permissions: - cluster:monitor/health
  6. Install Insight as a service on Red Hat compatible Linux distributions, as a root user.

    rpm
    yum -y install ./insight/insight.rpm
    Debian
    dpkg -i ./insight/insight.deb
  7. Set the Artifactory connection details.
  8. 启动和管理Insight.

    service insight start|stop
  9. Access Insight from your browser at:http:///ui/, go theDashboardtab in theApplicationmodule in the UI.

  10. CheckInsightLog.

    tail -f $JFROG_HOME/insight/var/log/console.log

Linux Archive Upgrade

  1. Stop the current server.

    Stop Mission Control
    cd $JFROG_HOME/insight/app/bin ./insight.sh stop
  2. Configure Elasticsearch.


  3. When connecting an external instance of Elasticsearch to Insight, add the following flag in the Shared Configurations of$JFROG_HOME/insight/var/etc/system.yamlfile and step (6) can be skipped.

    shared: elasticsearch: external: true
  4. Recommended to install Search Guard plugin when using Elasticsearch that is packaged with Insight. This will help ensure secure communication to Elasticsearch.

    1. Search Guard package can be located in the extracted contents atinsight/app/third-party/elasticsearch/search-guard-.zip
      For installation steps, refer toSearch Guard documentation.

    2. Add an admin user to Search Guard which will ensure authenticated communication with Elasticsearch.
      1. The Search Guard configuration accepts a hashed password. Use the following command to generate the hash for the password. Also, add the username and password generated here in the Shared Configuration as specified in step (5) above.

        /etc/elasticsearch/plugins/search-guard-7/tools/hash.sh -p  #This will output a hashed password (), make a copy of it
      2. Prepare the configuration snippet to add a new(admin) user with the hashed password obtained from previous step

        : hash: "" backend_roles: - "admin" description: "Insight Elastic admin user"
      3. Paste the above snippet to the end of this filesg_internal_users.ymllocated at/etc/elasticsearch/plugins/search-guard-7/sgconfig/


    3. Enable anonymous access to “_cluster/health” endpoint. This is required to check the health of Elasticsearch cluster.
      1. Enable anonymous auth in this filesg_config.ymlat/etc/elasticsearch/plugins/search-guard-7/sgconfig/

        sg_config: dynamic: http: anonymous_auth_enabled: true #set this to true
      2. Map anonymous usersg_anonymousto backend rolesg_anonymous_backendrolein this file sg_roles_mapping.ymlat/etc/elasticsearch/plugins/search-guard-7/sgconfig

        sg_anonymous: backend_roles: - sg_anonymous_backendrole
      3. Add this snippet to the end of this filesg_roles.ymllocated at/etc/elasticsearch/plugins/search-guard-7/sgconfig

        sg_anonymous: cluster_permissions: - cluster:monitor/health
  5. Extract the contents of the compressed archive and go to the extracted folder.

    Untar
    tar -xvf jfrog-insight--linux.tar.gz
  6. Replace the existing$JFROG_HOME/insight/appwith the newappfolder.

    Upgrade
    #出口出口JFR变量来简化命令OG_HOME=/opt/jfrog export JF_NEW_VERSION=/opt/jfrog/insight-4.x # Remove app rm -rf $JFROG_HOME/insight/app # Copy new app cp -r $JF_NEW_VERSION/app $JFROG_HOME/insight # Remove extracted new version rm -rf $JF_NEW_VERSION
  7. Run the migration script to remove old service directories.

    Run the migration script with the same privileges as you have in your current Insight installation. This script will remove old services directories, redundant service yaml files in router and translate your current configurations to the new configuration format, according to the new file system layout. $JFROG_HOME variable points to the new installation export JFROG_HOME= cd $JFROG_HOME/insight/app/bin ./migrate.sh Check that the migration has completed successfully, by reviewing the following files: - migration log: $JFROG_HOME/insight/var/log/migration.log - system.yaml configuration: $JFROG_HOME/insight/var/etc/system.yaml This newly created file will contain your current custom configurations in the new format.
  8. Manage Insight.

    $JFROG_HOME/app/bin/insight.sh start|stop
  9. AccessInsightfrom your browser at:http:///ui/, go theDashboardtab in theApplicationmodule in the UI.
  10. Check Insight Log.

    tail -f $JFROG_HOME/insight/var/log/console.log

Helm Upgrade

Once you have a new chart version, you can update your deployment.

Non-Compatible Upgrades

In cases where a new version is not compatible with existing deployed version (see the relevantChangelog), you will need to do the following:

  • Deploy a new version along side the old version (and set a new release name)
  • Copy configurations and data from old deployment to the new one


To upgrade.

  1. Verify that you have upgraded Artifactory to v.7x. For more information, seeHelm Upgrade.
  2. Update the existing deployed version to the updated version.

    helm upgrade insight jfrog/insight
  3. Stop the old Insight pod (scale down replicas to 0) (PostgreSQL remains in place).

    $ kubectl scale statefulsets -insight --replicas=0
  4. Export data from the old PostgreSQL instance in the following way.
    1. Connect to the old PostgreSQL pod (you can get the name by runningkubectl get pods).

      $ kubectl exec -it -postgresql bash
    2. Copy the jfmcDataExport.sh file and run the following commands.

      kubectl cp。/ jfmcDataExport美元。sh -postgresql:/tmp/jfmcDataExport.sh $ chown postgres:postgres /tmp/jfmcDataExport.sh $ su postgres -c "PGPASSWORD=password bash /tmp/jfmcDataExport.sh --output=/tmp" if you are on 2x charts(operating system user postgres is not there) run ./jfmcDataExport.sh --output=/tmp and provide jfmc user password
    3. Copy the exported file to your local system.

      $ kubectl cp -postgresql:/tmp/jfmcDataExport.tar.gz ./jfmcDataExport.tar.gz
  5. Install the new Insight and copy the exported file.
    1. Run thehelm installwith thenew versioncalledinsight-new.
    2. Copy the exported tar file to the new Insight pod.

      kubectl cp。/ jfmcDataExport美元。tar.gz -insight:/opt/jfrog/mc/var/bootstrap/mc/jfmcDataExport.tar.gz -c insight
    3. Restart the new Insight pod.
    4. Validate that the import was successful. The filename should be renamed tojfmcDataExport.tar.gz.done(it will be renamed tojfmcDataExport.tar.gz.failedif the import procedure failed).
  6. Run the following command to remove the old Insight deployment and Helm release.

    helm delete 
  7. Access Insight from your browser at:http:///ui/, then go to theSecurity & Compliancetab in theApplicationmodule in the UI.

  8. 检查你的状态管理loyed Helm releases.

    helm status insight

    Insight should now be available.

  • No labels
Copyright © 2023 JFrog Ltd.