Forem: Disha Meswania

JFrog Platform - Distribution automation using Pipelines

Disha Meswania — Tue, 02 Jun 2020 09:30:49 +0000

Several organizations that are looking forward to adopting complete DevOps, need a one-stop solution for their CI/CD processes. With the newest addition of JFrog Pipelines, the JFrog platform provides end-to-end automation of your DevOps workflow.

As Continuous integrations with JFrog Pipelines is a major amendment for many organizations - modifying the build processes can be a slow and gradual process. However, the Continuous delivery process can be automated easily with the one-stop solution of the JFrog Platform using Distribution and Pipelines.

In this blog, we will be focusing on the step-by-step configuration of the JFrog Pipeline to automate the Distribution flow to various Edge nodes.

Pre-requisites:

JFrog Distribution - Installed and configured with the required assets
JFrog Pipelines - Installed and Pipeline source, Node pools defined
JFrog Pipelines - Artifactory Integration and Distribution Integration defined

Step1:
Creating a release bundle in Distribution using Pipeline native steps and resources

For Example:

      - name: Create_ReleaseBundle
        type: CreateReleaseBundle
        configuration:
          releaseBundleName:        Demo_RB
          releaseBundleVersion:     V1.2.${run_number}
          inputResources:
            - name:                final_docker_gradleBuild_Info
            - name:                final_docker_npmBuild_Info 
          outputResources:
            - name:                New_ReleaseBundle
          description:              Release Bundle of gradle and npm 
          releaseNotes:
            syntax:                 markdown
            content: |
              ## Heading
                * Bullet
                * Points

(Please note; the inputResources here are defined as build info resources in this Pipeline)

Once the bundle is created, we can view it in JFrog Distribution as below;

Step2:
Sign the release bundle (Can be done with the above step by adding the sign parameter as ‘true’)

For example:

   - name: Sign_ReleaseBundle
     type: SignReleaseBundle
     configuration:
     inputResources:
       - name:    New_ReleaseBundle
         trigger: true
     outputResources:
       - name:  Signed_ReleaseBundle

Step3:
Creating the Distribution rule resource to define the Edge nodes where we want to distribute our releases

For example:

   - name:           Distribution_Rule
     type:           DistributionRule
     configuration:
       sourceDistribution:   distribution
       serviceName:          edge-jpd
       siteName:             "edge-jpd"
       cityName:             "*"
       countryCodes:
         - "*"

Step4:
Distributing the release bundle by using the input resources - Release bundle + Distribution rule created in the above steps

For example:

   - name: Distribute_ReleaseBundle
     type: DistributeReleaseBundle
     configuration:
       dryRun: false
       inputResources:
         - name: Signed_ReleaseBundle
           trigger: true
         - name: Distribution_Rule

After the Distribution is complete - we can view the release bundle completion in JFrog UI of both Source and Destination Edge nodes as below:

In Source - Distribution tracking

In Edge node - Available packages that were Distributed

Thus, in some simple steps - we can automate the whole process of distribution using JFrog Pipelines.

In other words, our continuous delivery processes can be streamlined along with our Continuous integration processes and we are able to have an end-to-end CI/CD implementation.

Wishing you fast and healthy software deliveries!
The JFrog Platform

Unified Permissions Model

Disha Meswania — Wed, 18 Mar 2020 14:24:10 +0000

In today’s DevOps world, developers like you are compelled to work with several bits and pieces of different software to put CI/CD processes together. What if I told you an end-to-end DevOps set of solutions -- The JFrog Platform -- enables you to have all these components together in a single unified software experience.

To create this, we at JFrog have unified our installers, the file-structures, the administration functions, the metadata from different parts as well as the UI and permissions.

I would like to focus here on the unification of permissions. Specifically, why we did it and how this actuates the permissions model for our end-to-end platform.

WHY UNIFY PERMISSIONS

An inevitable part of administering the DevOps workflow is to have a mechanism for managing user permissions to different resources in an efficient manner. With different resources, i.e. parts of different DevOps tools, working independently, administrators need to ensure this mechanism is in place for CRUD (Create, Read, Update and Delete) permissions for each resource. Unifying user permissions is an important benefit to administrators for ease of use.

HOW THIS ENABLES THE PLATFORM

We identified each resource that can be qualified for a different level of access and enabled them to have role-based permissions for these resources in a single module. Here’s how;

Identifying the resources: All you need to do is add relevant resources such as Repositories and Builds (from Artifactory), Release bundles (from Distribution), Destinations (Edge nodes) and Pipeline Sources (From JFrog Pipelines) to a single Permission target.

Selecting Users/Groups and defining CRUD permissions for each role: When selecting several users or groups, you can simply select an entity to allocate necessary permissions to them as shown below:

These permissions define various action items that are available for the resources selected.
Briefly, they are CRUD permissions + Xray Metadata permissions for Artifactory resources such as Repositories, Builds and Release bundles. Additionally, Distribute and Trigger permissions are specifically for Distribution and JFrog Pipelines.

The permissions as mentioned above can be assigned to users/groups that can be linked to any identity provider that is synchronized with Artifactory with simple integrations such as LDAP/SAML.

The process of managing the whole permissions model thus becomes simpler and complete for the admins. Enjoy the unification and try out the whole new platform yourself!

Managing your Public and Private Container Registries

Disha Meswania — Thu, 12 Dec 2019 16:27:12 +0000

Container registries have become an essential part of our (work) lives with the increasing usage of various containers, and container management tools, used in our CI/CD processes. As developer and DevOps enthusiasts, we surely find the need to have a registry that can be robust and scalable according to our needs. It is also requisite that the access to these registries is in accordance with our business use cases.

Using the JFrog Container registry, here’s how we can have our public and private repositories segregated and managed using the basic permissions model.

Public repositories
The public repositories are the ones that can be accessed by anyone in our organization regardless of the team they belong to. To make them public, all we need to do is to enable anonymous access generally (Under Admin-> Security Configuration) and give the user ‘anonymous’ appropriate permissions to these repositories or builds that use these public repositories.

Step 1: Enabling anonymous access to the instance

Step 2: Allocating appropriate resources (repositories/builds)

Step 3: Giving the user ‘anonymous’ required permissions to the resources

Private repositories
The private repositories are the ones that are being utilized by a particular user/team or a group of teams in your organization. The access to these repositories can be based on the teams - groups, or users.

To give pertinent role-based access control to these repositories, we just need to allocate users or groups apt permissions to these resources (repositories/builds) based on the use cases.

Step 1:Include the relevant resources (Private repositories/Builds) in a Permission Target

Step 2: Give apt permissions based on the Business use cases (Team-based permissions)

Additionally, the users of a registry can authenticate using LDAP integration as the JFrog Container Registry is powered by Artifactory. These users can then be set up to have different permissions/groups in the Registry instance based on the Permissions model of the organization.

In this way, managing all of your public, as well as private registries, can be easy and secure with a Container Registry that you can always trust.