How would you upload an artifact to artifactory without using a password?
If I create a new user specific for uploads, that user by default doesn't git the 'upload' permission unless they are an administrator.
To upload with credentials
curl -u admin:'correct-horse-battery-staple' -T foo.zip
To upload with an api key
curl --header 'X-JFrog-Art-Api: 1234567890' -T foo.zip
Alternativly you can use the syntax <username:apikey>
curl -u admin:1234567890 -T foo.zip
https://www.jfrog.com/confluence/display/RTF/Artifactory+REST+API
You can create the api key on the user profile page.
See the various authentication options, including authentication using API key, in the JFrog CLI for Artifactory documentation page:
https://www.jfrog.com/confluence/display/CLI/CLI+for+JFrog+Artifactory
If you want to use .pypirc you can just put:
[distutils]
index-servers = local
[local]
repository: https://artifactory-url/repo
username: <username>
password: <api-key>
Then you can upload using python setup.py bdist_wheel upload -r local.
Though my user is an admin at the moment so it answers only the API key part of the question.
If you're looking at a nuget artifact, here's the one line CLI command below.
nuget push <your-package-name.nupkg> -source <artifactory-repo-url>/nuget-local/ -ApiKey <your-user-name>:<apikey>
It's buried in the jfrog documentation. I would think uploading other artifacts would follow a similar pattern.
Related
I've run Artifactory using Docker.
Downloaded JFrog cli inside the container and configured it.
So ./jfrog rt ping returns
OK
Is there a way to perform system level export/import using JFrog cli?
Succeeded to perform it using web ui. Couldn't find information on how to perform system level export/import in the documentation.
Edit
Succeeded to perform export using REST API:
curl -u admin:pass -X POST -H "Content-Type: application/json" --data #/tmp/export-settings.json http://localhost:8081/artifactory/api/export/system
You can invoke the same REST API using JFrog CLI's curl command as shown below. This way, you don't need to provide the URL and credentials. JFrog CLI's config storage will be used. You can manage this storage using the jfrog rt c command.
If you have multiple Artifactory severs configured, and you don't want to use the default server, the jfrog rt curl command also accepts the --server-id option, with the pre configured Artifactory server ID as the valve.
jfrog rt curl -X POST -H "Content-Type: application/json" --data #/tmp/export-settings.json api/export/system
This feature is currently not supported by the CLI.
Feel free to create a feature request.
I've tried changing the /etc/glance/policy.json and setting the following:
"publicize_image": "role:member",
And then restarting both the glance-api and glance-registry services but of course that would be too easy so it doesn't work :)
openstack image create --file gammy_image.iso JACOBS-GAMMY-IMAGE --public
403 Forbidden
You are not authorized to complete publicize_image action.
(HTTP 403)
I often upload image with command:
glance image-create --name "cirros" --file ./cirros.qcow2 --disk-format qcow2 --container-format bare --visibility public --progress
And it works fine, all users can see my image.
You have two options:
add the admin role to your user;
openstack role add --user USER_NAME --project PROJECT_NAME admin
remove the need for admin rights for this operation
As an administrator, edit the file /etc/glance/policy.json and change the following line:
"publicize_image": "role:admin",
With:
"publicize_image": "",
Then restart glance:
$ sudo glance-control all restart
Do we have any option/way to download a docker image using wget or curl.
My docker image is present in Jfrog artifactory.
First, any curl command to an Artifactory repo would need the API key of your account. See "How to use docker registry API with Artifactory Docker Repository when not using docker client?"
you can use the following header: "X-JFrog-Art-Api" and pass the API key of the user to authenticate. The API key of the user can be retrieved from the "User Profile" page in Artifactory. Artifactory REST API supports three forms of authentication and you can use any one of them with the docker repository
Second, downloading an image is not trivial (as you need to get all the layers).
You might have some chance adapting the moby contrib script download-frozen-image-v2.sh
Or try docker-registry-debug which will print a curl command for fetching the layer, as explained here.
I found this answer while looking to do the same thing with gitlab. I modified the suggested moby contrib script to do the same thing for a gitlab instance.
Download download-gitlab-frozen-docker-image.sh
Mark it executable (chmod +x download-gitlab-frozen-docker-image.sh)
Run the script:
./download-gitlab-frozen-docker-image.sh <FOLDER_NAME> <DOCKER_URL>
where FOLDER_NAME is the folder to store the frozen docker image and DOCKER_URL is the url straight out of the gitlab container registry.
Import the frozen folder into docker (at your convenience/any future date):
tar -cC '<FOLDER_NAME>' . | docker load
i have installed latest version of Artifactory Pro (5.8.3) on Centos7. The default admin credentials are admin/password. i want to change the password through command-line but unable to do so.
Does any one has any inputs how to do this?
Following troubleshootings i tried:
jfrog rt c rt-server-1 --url=http://domain/artifactory --user=admin --password=password ...
nothing happens , when i try to use a new password i get 401: unauthorize error
jfrog guide tells to generate security.xml and add the hash code of the new password but security.xml does not get generated even after following all their steps.
also tried to use curl commands but no use.
If any one has gone through similar issue please share your findings. let me know if you need more info.know on case
JFrog CLI currently does not support changing of a user's password. the CLI config method you were using simply lets you configure your server and credentials to be used by other CLI command later.
What you can do is use a simple curl command to invoke the change password API as described here.
specifically, in your example changing the Admin's password to "NewPassword" will be something like:
curl -X POST -u admin:password -H "Content-type: application/json" -d '{ "userName" : "admin", "oldPassword" : "password", "newPassword1" : "NewPassword", "newPassword2" : "NewPassword" }' http://yourartifactory:8081/artifactory/api/security/users/authorization/changePassword
We have a website we're developing with WP-Engine. To simplify the processes I've set up the git repository for the site to automatically push code changes up to the WP-Engine staging area, using a Post Receive hook that looks like this:
#!/bin/bash -x
PUSH_AS_USER="admin"
sudo -u $PUSH_AS_USER git push wp-engine-staging master
I've also made it so that any user in the admin group, can sudo -u admin git, without typing the password (for reference, add the following to /etc/sudoers
%admin ALL=(admin) NOPASSWD: /usr/bin/git`
When I push to the repository, it fires the post commit hook no problem, however for some reason it only works for me. Two other users get the following warning:
[username#server repository]$ sudo -u admin git push wp-engine-staging master
fatal: unable to access '/home/username/.config/git/config': Permission denied
The weird thing is, I don't have this file for my user and mine works ok. Additionally, if I create the file for those users, I can't seem to give admin permission to view it, even if I add admin to the users own group, and give read permission to the group in every directory to the file. (ie, /home/username/.config/git/ and the config file itself).
As another example of this weird issue:
[daniel#server repository]$ sudo su username
[username#server repository]$ sudo -u admin git config --global --list
fatal: unable to access '/home/username/.config/git/config': Permission denied
[username#server repository]$ exit
[daniel#server repository]$ sudo -u admin git config --global --list
user.email=daniel#example.com
user.name=Daniel
[daniel#server repository]$ cat /home/daniel/.config/git/config
cat: /home/daniel/.config/git/config: No such file or directory
It's rather messing with our workflow. Any ideas?