Configure JFrog Platform in an Air-gapped Environment

An air-gapped environment is a system without access to the outside Internet.

An air-gapped environment is a system without access to the outside Internet. JFrog Platform uses the JFConnect microservice to fetch entitlements that enable the usage of various services. For more information, see JFConnect Microservice.

As of Artifactory version 7.77, you can configure the JFrog Platform to run in an air-gapped environment.

To configure the JFrog Platform to work in an air-gapped environment:

Set the following values in the Artifactory System YAML file and restart Artifactory.

jfconnect:
    airgap:
        enabled: true

Perform initial update of entitlements on the air-gapped platform, as described in Update Entitlements on an Air-gapped JFrog Platform.

Update Entitlements on an Air-gapped JFrog Platform

Use this procedure to obtain entitlements and upload them to the platform when there is no internet connectivity.

Entitlements are needed to run services and to set the correct expiry date on the air-gapped platform.

When is the entitlements file available? For both new subscriptions and renewals, the entitlements file becomes available 14 days before the contract start date. This allows you to update the file ahead of time in your air-gapped environment.

My subscription is unchanged or My new contract adds features or capacity

In the final two weeks (14 days) before your current contract expires, perform the procedure described in this section to update the entitlements file.

My new contract reduces features or capacity

Use this two-step update to ensure service continuity:

In the final two weeks (14 days) before your current contract expires, perform the procedure described in this section to update the entitlements file. This entitlements file extends current features and capacity for the first 14 days of the new contract.
In the first two weeks (14 days) of your new contract, repeat this procedure to update the entitlements file. This entitlements file implements your new contract. You must install an updated entitlements file before the 14-day grace period ends to ensure uninterrupted access to services.

To update entitlements on an Air-gapped JFrog platform:

Generate an Admin scoped token.
In the air-gapped environment, use the token from the previous step to submit a Start Register request to the JFConnect API, as in the following example:
```
curl -H 'Authorization: Bearer <TOKEN>' -X GET
'http://<JFROG_PLATFORM_URL>:8082/jfconnect/api/v1/offline/start_register
```
This API returns an offline request token string, as in the following example:
```
{"offline_request_token": <offline_request_token>}
```
On a server with external Internet access, submit the Post Offline Request Token to JFrog Entitlements Service API request. Include the offline request token from the previous step in the request body, as in the following example:
```
curl -v -L 'https://jes.jfrog.io/api/v1/offline_register' \
-H 'Content-Type: application/json' \
--data '{
    "offline_request_token": "<offline_request_token>"
}' > entitlements.json
```
Keep the following information from the return message:
- The value of the offline_response_token field in the header
- The entitlments.json file in the payload.that you need to provide to the air-gapped JPD.

📘
Note
Do not modify the entitlements.json file.

On the air-gapped JFrog Platform, submit the Offline Register JFConnect API request, including the offline response token and the entitlements.json file from the previous step, as in the following example:.

curl -L -H 'Authorization: Bearer <TOKEN>' -X POST 
'http://<JFROG_PLATFORM_URL>:8082/jfconnect/api/v1/offline/register' \
--form '[email protected];type=application/json' \
--form 'offline_response_token=""'

⚠️
Warning
In this step you must use the offline_responsetoken that was returned during offline registration (Step 3). Do not use the offlinerequest_token you generated in Step 2. The API request fails if the incorrect token is used.

Updated about 9 hours ago