How to clone an Xray’s Watches and Policies

Patrick Russell
2023-01-22 11:05

How to clone an Xray's Watches and Policies

Relevant Versions:Artifactory 7.X and Xray 3.X (Tested on Artifactory 7.27 and Xray 3.29)

This guide will go over how to use the Xray REST API to export and then import all of the Watches and Policies. This lets you set up a non-prod environment based on production settings.

Xray and Artifactory in the JFrog Platform system are tied more closely together than ever. Back in Artifactory 6.X and Xray 2.X, you were able to clone the databases of these systems and thenReset the Binary Managerto keep scan results and configurations, but use an updated URL. This way you could clone the Production Xray / Artifactory pair for testing purposes.

Because of the JFrog Platform system, this method needs updating. Xray and Artifactory both keep tabs on each other within their respective database tables, so attempting to clone the systems using a database dump will result in PreProd trying to use the original Production IP addresses and URLs.

The general process of cloning Production data follows this outline:

User-added image

Detailed steps on how to achieve the Xray sync piece are outlined below.

The Xray Export / Import Process

1]首先,请求源x光上导出:

curl http://localhost:8082/xray/api/v1/configuration/export -u admin -XPOST -H"Content-type: application/json" --data '{ "policies" : true, "watches" : true, "ignore_rules" : true, "custom_licenses" : true, "custom_issues" : true, "webhooks" : true, "mail_server" : true, "proxy_config": true, "indexed_resources" : true, "instance_id" : "default" }' ##Expected Output## { "info": "Successfully exported config to file jfxr@[...]_xray_exported_config_1639602312.zip under {XRAY_HOME}/var/work/server/backup/config/" }

2] Navigate to the Xray backup folder, it's usually/var/opt/jfrog/xray/work/server/backup/config

User-added image

3] SCP or otherwise transfer the backup zip file to the other Xray, specifically to the same directory"opt/jfrog/xray/var/work/server/backup/config/"

4] Finally, call the Import Configuration REST API and use the instance_id "default" to keep the pairing. Note that by default Xray's API looks for the file in the "backup/config" folder. You most likely need to supply only the filename.

curl http://localhost:8082/xray/api/v1/configuration/import -v -u admin -XPOST -H"Content-type: application/json" -XPOST --data '{ "instance_id":"default", "src_path":"jfxr-export.zip" }' ##Expected Output## {"info":"Successfully imported config from path jfxr-export.zip"}

这将完成导入,所有的相关Watches and Policies will have been imported and applied to the NonProd Artifactory. It's recommended that you retrigger indexing, these watches will produce slightly different scan results because the NonProd Xray is scanning the NonProd Artifactory.