We run most of our nodes in a context where public web access is not allowed. We’re making heavy use of JFrog’s Artifactory’s “Remote Repo” for providing a smart cache/mirror for well known repository types (ruby gems, npm, rpm, nuget/chocolately, etc.). I haven’t found a way to accomplish something similar for the chef packages we pull from omnitruck API during the bootstrap process and during the chef-client runs of the cookbooks that manage our Chef Server and Chef Automate servers. We started down the path of creating a sync script that pulls from Omnitruck and pushes to a custom Artifactory repo, but this is starting to explode in complexity as we have to support more platforms and manage versions. I fear we’re on a path of creating our own Omnitruck which I want to avoid. So i’m going back and reviewing my initial analysis and thinking.
As best I can tell, Onitruck API is a simple 2-endpoint API that offers metadata lookup + download url discovery and the download itself. I wasn’t able to find a way front this with Artifactory natively. It wants a package manager repo/protocol, which this is not.
This must be a common problem - what are other people doing to solve this?