āĻ¸ā§āĻ¨āĻžāĻāĻžāĻāĻĒ āĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ āĻšāĻ˛ āĻāĻāĻāĻŋ āĻ¸āĻŽāĻ¨ā§āĻŦāĻŋāĻ¤ āĻĒā§āĻ˛ā§āĻ¯āĻžāĻāĻĢāĻ°ā§āĻŽ āĻ¯āĻžāĻ° āĻŽāĻžāĻ§ā§āĻ¯āĻŽā§ āĻĄā§āĻā§āĻ˛āĻĒāĻžāĻ°āĻ°āĻž āĻāĻžāĻāĻž (āĻŽā§āĻ¯āĻžāĻā§āĻ¨) āĻ¨āĻŋāĻ°ā§āĻāĻ°āĻ¤āĻž, āĻĄāĻāĻžāĻ°, āĻĒāĻžāĻāĻĨāĻ¨, āĻ°ā§āĻŦāĻŋ, āĻāĻ¨āĻĒāĻŋāĻāĻŽ, āĻŦā§āĻ¯āĻŧāĻžāĻ° āĻāĻŽā§āĻ, RPM āĻĒā§āĻ¯āĻžāĻā§āĻ, gitlfs, Apt, Go, Nuget āĻĒā§āĻ°āĻā§āĻ¸āĻŋ, āĻ¸āĻā§āĻāĻ¯āĻŧ āĻāĻŦāĻ āĻĒāĻ°āĻŋāĻāĻžāĻ˛āĻ¨āĻž āĻāĻ°āĻ¤ā§ āĻĒāĻžāĻ°ā§ āĻāĻŦāĻ āĻ¤āĻžāĻĻā§āĻ° āĻ¸āĻĢā§āĻāĻāĻ¯āĻŧā§āĻ¯āĻžāĻ° āĻ¨āĻŋāĻ°āĻžāĻĒāĻ¤ā§āĻ¤āĻž āĻŦāĻŋāĻ¤āĻ°āĻŖ āĻāĻ°āĻ¤ā§ āĻĒāĻžāĻ°ā§āĨ¤
āĻā§āĻ¨ āĻāĻĒāĻ¨āĻŋ Sonatype āĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ āĻĒā§āĻ°āĻ¯āĻŧā§āĻāĻ¨?
- āĻŦā§āĻ¯āĻā§āĻ¤āĻŋāĻāĻ¤ āĻ¨āĻŋāĻĻāĻ°ā§āĻļāĻ¨ āĻ¸āĻāĻ°āĻā§āĻˇāĻŖā§āĻ° āĻāĻ¨ā§āĻ¯;
- āĻāĻ¨ā§āĻāĻžāĻ°āĻ¨ā§āĻ āĻĨā§āĻā§ āĻĄāĻžāĻāĻ¨āĻ˛ā§āĻĄ āĻāĻ°āĻž āĻāĻ°ā§āĻāĻŋāĻĢā§āĻ¯āĻžāĻā§āĻ āĻā§āĻ¯āĻžāĻļ āĻāĻ°āĻžāĻ° āĻāĻ¨ā§āĻ¯;
āĻŽā§āĻ˛āĻŋāĻ āĻ¸ā§āĻ¨āĻžāĻāĻžāĻāĻĒ āĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ āĻĒā§āĻ¯āĻžāĻā§āĻā§ āĻ¸āĻŽāĻ°ā§āĻĨāĻŋāĻ¤ āĻļāĻŋāĻ˛ā§āĻĒāĻāĻ°ā§āĻŽ:
- āĻāĻžāĻāĻž, āĻŽāĻžāĻā§āĻ¨ (āĻāĻžāĻ°)
- āĻĄāĻāĻļā§āĻ°āĻŽāĻŋāĻ
- āĻĒāĻžāĻāĻĨāĻ¨ (āĻĒāĻŋāĻĒ)
- āĻ°ā§āĻŦāĻŋ (āĻ°āĻ¤ā§āĻ¨)
- NPM
- āĻŦā§āĻ°
- āĻāĻ¯āĻŧāĻžāĻŽ (āĻāĻ°āĻĒāĻŋāĻāĻŽ)
- gitlfs
- āĻāĻžāĻāĻāĻž
- Apt (āĻĻā§āĻŦ)
- Go
- āĻ¨āĻžāĻā§āĻ
āĻ¸āĻŽā§āĻĒā§āĻ°āĻĻāĻžāĻ¯āĻŧ āĻ¸āĻŽāĻ°ā§āĻĨāĻŋāĻ¤ āĻļāĻŋāĻ˛ā§āĻĒāĻāĻ°ā§āĻŽ:
- āĻ¸ā§āĻ°āĻāĻžāĻ°
- āĻā§āĻ¨āĻžāĻ¨
- āĻ¸āĻŋāĻĒāĻŋāĻāĻāĻ¨
- āĻāĻāĻ˛āĻĒāĻŋāĻ
- āĻšāĻžāĻ˛
- P2
- R
āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°ā§ āĻ¸ā§āĻ¨āĻžāĻāĻžāĻāĻĒ āĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°āĻž āĻšāĻā§āĻā§
āĻĒā§āĻ°āĻ¯āĻŧā§āĻāĻ¨ā§āĻ¯āĻŧāĻ¤āĻž
- āĻāĻ¨ā§āĻāĻžāĻ°āĻ¨ā§āĻā§ āĻāĻ¤ā§āĻ¤āĻ°āĻ¯ā§āĻā§āĻ¯ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻ¸āĻŽā§āĻĒāĻ°ā§āĻā§ āĻĒāĻĄāĻŧā§āĻ¨āĨ¤
- āĻāĻ¤ā§āĻ¤āĻ°āĻ¯ā§āĻā§āĻ¯ āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°ā§āĻ¨
pip install ansibleāĻāĻ¯āĻŧāĻžāĻ°ā§āĻāĻ¸ā§āĻā§āĻļāĻ¨ā§ āĻ¯ā§āĻāĻžāĻ¨ā§ āĻĒā§āĻ˛ā§āĻŦā§āĻ āĻāĻ˛ā§āĨ¤ - āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°ā§āĻ¨ āĻāĻ¯āĻŧāĻžāĻ°ā§āĻāĻ¸ā§āĻā§āĻļāĻ¨ā§ āĻ¯ā§āĻāĻžāĻ¨ā§ āĻĒā§āĻ˛ā§āĻŦā§āĻ āĻāĻ˛ā§āĨ¤
- āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°ā§āĻ¨ āĻāĻ¯āĻŧāĻžāĻ°ā§āĻāĻ¸ā§āĻā§āĻļāĻ¨ā§ āĻ¯ā§āĻāĻžāĻ¨ā§ āĻĒā§āĻ˛ā§āĻŦā§āĻ āĻāĻ˛ā§āĨ¤
- āĻāĻ āĻā§āĻŽāĻŋāĻāĻžāĻāĻŋ CentOS 7, āĻāĻŦā§āĻ¨ā§āĻā§ āĻā§āĻ¨āĻŋāĻ¯āĻŧāĻžāĻ˛ (16.04) āĻāĻŦāĻ āĻŦāĻžāĻ¯āĻŧā§āĻ¨āĻŋāĻ (18.04), āĻĄā§āĻŦāĻŋāĻ¯āĻŧāĻžāĻ¨ āĻā§āĻ¸āĻŋ āĻāĻŦāĻ āĻ¸ā§āĻā§āĻ°ā§āĻā§ āĻĒāĻ°ā§āĻā§āĻˇāĻž āĻāĻ°āĻž āĻšāĻ¯āĻŧā§āĻā§
jmespathāĻ˛āĻžāĻāĻŦā§āĻ°ā§āĻ°āĻŋāĻāĻŋ āĻ āĻŦāĻļā§āĻ¯āĻ āĻāĻ¯āĻŧāĻžāĻ°ā§āĻāĻ¸ā§āĻā§āĻļāĻ¨ā§ āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°āĻ¤ā§ āĻšāĻŦā§ āĻ¯ā§āĻāĻžāĻ¨ā§ āĻĒā§āĻ˛ā§āĻŦā§āĻ āĻāĻ˛āĻā§āĨ¤ āĻ¸ā§āĻĨāĻžāĻĒāĻ¨ āĻāĻ°āĻž:sudo pip install -r requirements.txt- āĻĒā§āĻ˛ā§āĻŦā§āĻ āĻĢāĻžāĻāĻ˛āĻāĻŋ (āĻ¨ā§āĻā§āĻ° āĻāĻĻāĻžāĻšāĻ°āĻŖ) nexus.yml āĻĢāĻžāĻāĻ˛ā§ āĻ¸āĻāĻ°āĻā§āĻˇāĻŖ āĻāĻ°ā§āĻ¨
- āĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ āĻāĻ¨āĻ¸ā§āĻāĻ˛ā§āĻļāĻ¨ āĻāĻžāĻ˛āĻžāĻ¨
ansible-playbook -i host nexus.yml
Maven (java), Docker, Python, Ruby, NPM, Bower, RPM āĻāĻŦāĻ gitlfs āĻ¸āĻāĻā§āĻ°āĻšāĻ¸ā§āĻĨāĻ˛ā§āĻ° āĻ¸āĻžāĻĨā§ LDAP āĻāĻžāĻĄāĻŧāĻž āĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°āĻžāĻ° āĻāĻ¨ā§āĻ¯ āĻāĻ¤ā§āĻ¤āĻ°āĻ¯ā§āĻā§āĻ¯-āĻĒā§āĻ˛ā§āĻŦā§āĻ āĻāĻĻāĻžāĻšāĻ°āĻŖāĨ¤
---
- name: Nexus
hosts: nexus
become: yes
vars:
nexus_timezone: 'Asia/Omsk'
nexus_admin_password: "admin123"
nexus_public_hostname: 'apatsev-nexus-playbook'
httpd_setup_enable: false
nexus_privileges:
- name: all-repos-read
description: 'Read & Browse access to all repos'
repository: '*'
actions:
- read
- browse
- name: company-project-deploy
description: 'Deployments to company-project'
repository: company-project
actions:
- add
- edit
nexus_roles:
- id: Developpers # maps to the LDAP group
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
- company-project-deploy
roles: []
nexus_local_users:
- username: jenkins # used as key to update
first_name: Jenkins
last_name: CI
email: [email protected]
password: "s3cr3t"
roles:
- Developpers # role ID here
nexus_blobstores:
- name: company-artifacts
path: /var/nexus/blobs/company-artifacts
nexus_scheduled_tasks:
- name: compact-blobstore
cron: '0 0 22 * * ?'
typeId: blobstore.compact
taskProperties:
blobstoreName: 'company-artifacts'
nexus_repos_maven_proxy:
- name: central
remote_url: 'https://repo1.maven.org/maven2/'
layout_policy: permissive
- name: jboss
remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
- name: vaadin-addons
remote_url: 'https://maven.vaadin.com/vaadin-addons/'
- name: jaspersoft
remote_url: 'https://jaspersoft.artifactoryonline.com/jaspersoft/jaspersoft-repo/'
version_policy: mixed
nexus_repos_maven_hosted:
- name: company-project
version_policy: mixed
write_policy: allow
blob_store: company-artifacts
nexus_repos_maven_group:
- name: public
member_repos:
- central
- jboss
- vaadin-addons
- jaspersoft
# Yum. Change nexus_config_yum to true for create yum repository
nexus_config_yum: true
nexus_repos_yum_hosted:
- name: private_yum_centos_7
repodata_depth: 1
nexus_repos_yum_proxy:
- name: epel_centos_7_x86_64
remote_url: http://download.fedoraproject.org/pub/epel/7/x86_64
maximum_component_age: -1
maximum_metadata_age: -1
negative_cache_ttl: 60
- name: centos-7-os-x86_64
remote_url: http://mirror.centos.org/centos/7/os/x86_64/
maximum_component_age: -1
maximum_metadata_age: -1
negative_cache_ttl: 60
nexus_repos_yum_group:
- name: yum_all
member_repos:
- private_yum_centos_7
- epel_centos_7_x86_64
# NPM. Change nexus_config_npm to true for create npm repository
nexus_config_npm: true
nexus_repos_npm_hosted: []
nexus_repos_npm_group:
- name: npm-public
member_repos:
- npm-registry
nexus_repos_npm_proxy:
- name: npm-registry
remote_url: https://registry.npmjs.org/
negative_cache_enabled: false
# Docker. Change nexus_config_docker to true for create docker repository
nexus_config_docker: true
nexus_repos_docker_hosted:
- name: docker-hosted
http_port: "{{ nexus_docker_hosted_port }}"
v1_enabled: True
nexus_repos_docker_proxy:
- name: docker-proxy
http_port: "{{ nexus_docker_proxy_port }}"
v1_enabled: True
index_type: "HUB"
remote_url: "https://registry-1.docker.io"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_docker_group:
- name: docker-group
http_port: "{{ nexus_docker_group_port }}"
v1_enabled: True
member_repos:
- docker-hosted
- docker-proxy
# Bower. Change nexus_config_bower to true for create bower repository
nexus_config_bower: true
nexus_repos_bower_hosted:
- name: bower-hosted
nexus_repos_bower_proxy:
- name: bower-proxy
index_type: "proxy"
remote_url: "https://registry.bower.io"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_bower_group:
- name: bower-group
member_repos:
- bower-hosted
- bower-proxy
# Pypi. Change nexus_config_pypi to true for create pypi repository
nexus_config_pypi: true
nexus_repos_pypi_hosted:
- name: pypi-hosted
nexus_repos_pypi_proxy:
- name: pypi-proxy
index_type: "proxy"
remote_url: "https://pypi.org/"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_pypi_group:
- name: pypi-group
member_repos:
- pypi-hosted
- pypi-proxy
# rubygems. Change nexus_config_rubygems to true for create rubygems repository
nexus_config_rubygems: true
nexus_repos_rubygems_hosted:
- name: rubygems-hosted
nexus_repos_rubygems_proxy:
- name: rubygems-proxy
index_type: "proxy"
remote_url: "https://rubygems.org"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_rubygems_group:
- name: rubygems-group
member_repos:
- rubygems-hosted
- rubygems-proxy
# gitlfs. Change nexus_config_gitlfs to true for create gitlfs repository
nexus_config_gitlfs: true
nexus_repos_gitlfs_hosted:
- name: gitlfs-hosted
roles:
- { role: geerlingguy.java }
# Debian/Ubuntu only
# - { role: geerlingguy.apache, apache_create_vhosts: no, apache_mods_enabled: ["proxy_http.load", "headers.load"], apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
# RedHat/CentOS only
- { role: geerlingguy.apache, apache_create_vhosts: no, apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
- { role: ansible-thoteam.nexus3-oss, tags: ['ansible-thoteam.nexus3-oss'] }āĻ¸ā§āĻā§āĻ°āĻŋāĻ¨āĻļāĻ:
āĻĒāĻ°āĻŋāĻŦāĻ°ā§āĻ¤āĻ¨āĻļā§āĻ˛ āĻā§āĻŽāĻŋāĻāĻž
āĻā§āĻŽāĻŋāĻāĻž āĻā§āĻ°āĻŋāĻ¯āĻŧā§āĻŦāĻ˛
āĻĄāĻŋāĻĢāĻ˛ā§āĻ āĻŽāĻžāĻ¨ āĻ¸āĻš āĻā§āĻ°āĻŋāĻ¯āĻŧā§āĻŦāĻ˛ (āĻĻā§āĻā§āĻ¨ default/main.yml):
āĻ¸āĻžāĻ§āĻžāĻ°āĻŖ āĻā§āĻ°āĻŋāĻ¯āĻŧā§āĻŦāĻ˛
nexus_version: ''
nexus_timezone: 'UTC'āĻĄāĻŋāĻĢāĻ˛ā§āĻāĻ°ā§āĻĒā§, āĻā§āĻŽāĻŋāĻāĻž āĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ā§āĻ° āĻ¸āĻ°ā§āĻŦāĻļā§āĻˇ āĻāĻĒāĻ˛āĻŦā§āĻ§ āĻ¸āĻāĻ¸ā§āĻāĻ°āĻŖ āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°āĻŦā§ā§ˇ āĻāĻĒāĻ¨āĻŋ āĻā§āĻ°āĻŋāĻ¯āĻŧā§āĻŦāĻ˛ āĻĒāĻ°āĻŋāĻŦāĻ°ā§āĻ¤āĻ¨ āĻāĻ°ā§ āĻ¸āĻāĻ¸ā§āĻāĻ°āĻŖāĻāĻŋ āĻ āĻŋāĻ āĻāĻ°āĻ¤ā§ āĻĒāĻžāĻ°ā§āĻ¨ nexus_version. āĻāĻĒāĻ˛āĻŦā§āĻ§ āĻ¸āĻāĻ¸ā§āĻāĻ°āĻŖ āĻĻā§āĻā§āĻ¨ .
āĻāĻĒāĻ¨āĻŋ āĻ¯āĻĻāĻŋ āĻāĻāĻāĻŋ āĻ¨āĻ¤ā§āĻ¨ āĻ¸āĻāĻ¸ā§āĻāĻ°āĻŖā§ āĻĒāĻ°āĻŋāĻŦāĻ°ā§āĻ¤āĻ¨ āĻāĻ°ā§āĻ¨, āĻā§āĻŽāĻŋāĻāĻžāĻāĻŋ āĻāĻĒāĻ¨āĻžāĻ° Nexus āĻāĻ¨āĻ¸ā§āĻāĻ˛ā§āĻļāĻ¨ āĻāĻĒāĻĄā§āĻ āĻāĻ°āĻžāĻ° āĻā§āĻˇā§āĻāĻž āĻāĻ°āĻŦā§ā§ˇ
āĻāĻĒāĻ¨āĻŋ āĻ¯āĻĻāĻŋ āĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ā§āĻ° āĻ¸āĻžāĻŽā§āĻĒā§āĻ°āĻ¤āĻŋāĻ āĻ¸āĻāĻ¸ā§āĻāĻ°āĻŖā§āĻ° āĻā§āĻ¯āĻŧā§ āĻĒā§āĻ°āĻžāĻ¨ā§ āĻ¸āĻāĻ¸ā§āĻāĻ°āĻŖ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°ā§āĻ¨, āĻ¤āĻžāĻšāĻ˛ā§ āĻāĻĒāĻ¨āĻžāĻ° āĻ¨āĻŋāĻļā§āĻāĻŋāĻ¤ āĻšāĻāĻ¯āĻŧāĻž āĻāĻāĻŋāĻ¤ āĻ¯ā§ āĻāĻĒāĻ¨āĻŋ āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°āĻž āĻ°āĻŋāĻ˛āĻŋāĻā§ āĻāĻĒāĻ˛āĻŦā§āĻ§ āĻ¨āĻ¯āĻŧ āĻāĻŽāĻ¨ āĻŦā§āĻļāĻŋāĻˇā§āĻā§āĻ¯āĻā§āĻ˛āĻŋ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°āĻā§āĻ¨ āĻ¨āĻž (āĻāĻĻāĻžāĻšāĻ°āĻŖāĻ¸ā§āĻŦāĻ°ā§āĻĒ, 3.8.0-āĻāĻ° āĻŦā§āĻļāĻŋ āĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻšā§āĻ¸ā§āĻāĻŋāĻ yum āĻ¸āĻāĻā§āĻ°āĻšāĻ¸ā§āĻĨāĻ˛ āĻāĻĒāĻ˛āĻŦā§āĻ§, git lfs repo 3.3.0 āĻāĻ° āĻŦā§āĻļāĻŋ āĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻāĻ¤ā§āĻ¯āĻžāĻĻāĻŋ)
nexus timezone āĻāĻāĻŋ āĻāĻžāĻāĻž āĻāĻžāĻāĻŽ āĻā§āĻ¨ā§āĻ° āĻ¨āĻžāĻŽ, āĻ¯āĻž nexus_scheduled āĻāĻžāĻā§āĻ° āĻāĻ¨ā§āĻ¯ āĻ¨āĻŋāĻŽā§āĻ¨āĻ˛āĻŋāĻāĻŋāĻ¤ āĻā§āĻ°ā§āĻ¨ āĻāĻā§āĻ¸āĻĒā§āĻ°ā§āĻļāĻ¨āĻā§āĻ˛āĻŋāĻ° āĻ¸āĻžāĻĨā§ āĻāĻāĻ¤ā§āĻ°ā§ āĻāĻžāĻ°ā§āĻ¯āĻāĻ° āĻšāĻ¤ā§ āĻĒāĻžāĻ°ā§āĨ¤
āĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ āĻĒā§āĻ°ā§āĻ āĻāĻŦāĻ āĻĒā§āĻ°āĻ¸āĻā§āĻ āĻĒāĻĨ
nexus_default_port: 8081
nexus_default_context_path: '/'āĻāĻžāĻāĻž āĻ¸āĻāĻ¯ā§āĻ āĻĒā§āĻ°āĻā§āĻ°āĻŋāĻ¯āĻŧāĻžāĻ° āĻĒā§āĻ°ā§āĻ āĻāĻŦāĻ āĻĒā§āĻ°āĻ¸āĻā§āĻ āĻĒāĻĨāĨ¤ nexus_default_context_path āĻāĻāĻŋ āĻ¸ā§āĻ āĻāĻ°āĻžāĻ° āĻ¸āĻŽāĻ¯āĻŧ āĻāĻāĻāĻŋ āĻĢāĻ°ā§āĻ¯āĻŧāĻžāĻ°ā§āĻĄ āĻ¸ā§āĻ˛ā§āĻ¯āĻžāĻļ āĻĨāĻžāĻāĻ¤ā§ āĻšāĻŦā§, āĻ¯ā§āĻŽāĻ¨: nexus_default_context_path: '/nexus/'.
āĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ āĻāĻāĻ¸ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ°āĻāĻžāĻ°ā§ āĻāĻŦāĻ āĻā§āĻ°ā§āĻĒ
nexus_os_group: 'nexus'
nexus_os_user: 'nexus'Nexus āĻĢāĻžāĻāĻ˛ā§āĻ° āĻŽāĻžāĻ˛āĻŋāĻ āĻāĻŦāĻ āĻĒāĻ°āĻŋāĻˇā§āĻŦāĻž āĻāĻžāĻ˛āĻžāĻ¨ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻŦā§āĻ¯āĻŦāĻšā§āĻ¤ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ°āĻāĻžāĻ°ā§ āĻāĻŦāĻ āĻā§āĻˇā§āĻ ā§ āĻāĻāĻāĻŋ āĻ āĻ¨ā§āĻĒāĻ¸ā§āĻĨāĻŋāĻ¤ āĻĨāĻžāĻāĻ˛ā§ āĻā§āĻŽāĻŋāĻāĻž āĻĻā§āĻŦāĻžāĻ°āĻž āĻ¤ā§āĻ°āĻŋ āĻāĻ°āĻž āĻšāĻŦā§āĨ¤
nexus_os_user_home_dir: '/home/nexus'āĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ°āĻāĻžāĻ°ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻĄāĻŋāĻĢāĻ˛ā§āĻ āĻšā§āĻŽ āĻĄāĻŋāĻ°ā§āĻā§āĻāĻ°āĻŋ āĻĒāĻ°āĻŋāĻŦāĻ°ā§āĻ¤āĻ¨ āĻāĻ°āĻžāĻ° āĻ āĻ¨ā§āĻŽāĻ¤āĻŋ āĻĻāĻŋāĻ¨
āĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ āĻāĻ¨āĻ¸ā§āĻā§āĻ¯āĻžāĻ¨ā§āĻ¸ āĻĄāĻŋāĻ°ā§āĻā§āĻāĻ°āĻŋ
nexus_installation_dir: '/opt'
nexus_data_dir: '/var/nexus'
nexus_tmp_dir: "{{ (ansible_os_family == 'RedHat') | ternary('/var/nexus-tmp', '/tmp/nexus') }}"āĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ āĻā§āĻ¯āĻžāĻāĻžāĻ˛āĻāĨ¤
nexus_installation_dirāĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°āĻž āĻāĻā§āĻ¸āĻŋāĻāĻŋāĻāĻā§āĻŦāĻ˛ āĻĢāĻžāĻāĻ˛ āĻ°āĻ¯āĻŧā§āĻā§nexus_data_dirāĻ¸āĻŽāĻ¸ā§āĻ¤ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨, āĻ¸āĻāĻā§āĻ°āĻšāĻ¸ā§āĻĨāĻ˛ āĻāĻŦāĻ āĻĄāĻžāĻāĻ¨āĻ˛ā§āĻĄ āĻāĻ°āĻž āĻļāĻŋāĻ˛ā§āĻĒāĻāĻ°ā§āĻŽ āĻ°āĻ¯āĻŧā§āĻā§āĨ¤ āĻāĻžāĻ¸ā§āĻāĻŽ āĻŦā§āĻ˛āĻŦāĻ¸ā§āĻā§āĻ° āĻĒāĻžāĻĨnexus_data_dirāĻāĻžāĻ¸ā§āĻāĻŽāĻžāĻāĻ āĻāĻ°āĻž āĻ¯ā§āĻ¤ā§ āĻĒāĻžāĻ°ā§, āĻ¨ā§āĻā§ āĻĻā§āĻā§āĻ¨nexus_blobstores.nexus_tmp_dirāĻ¸āĻŽāĻ¸ā§āĻ¤ āĻ āĻ¸ā§āĻĨāĻžāĻ¯āĻŧā§ āĻĢāĻžāĻāĻ˛ āĻ°āĻ¯āĻŧā§āĻā§āĨ¤ redhat-āĻāĻ° āĻāĻ¨ā§āĻ¯ āĻĄāĻŋāĻĢāĻ˛ā§āĻ āĻĒāĻžāĻĨ āĻĨā§āĻā§ āĻ¸āĻ°āĻžāĻ¨ā§ āĻšāĻ¯āĻŧā§āĻā§/tmpāĻ¸ā§āĻŦāĻ¯āĻŧāĻāĻā§āĻ°āĻŋāĻ¯āĻŧ āĻĒāĻ°āĻŋāĻ¸ā§āĻāĻžāĻ° āĻĒāĻĻā§āĻ§āĻ¤āĻŋāĻ° āĻ¸āĻžāĻĨā§ āĻ¸āĻŽā§āĻāĻžāĻŦā§āĻ¯ āĻ¸āĻŽāĻ¸ā§āĻ¯āĻžāĻā§āĻ˛āĻŋ āĻāĻžāĻāĻŋāĻ¯āĻŧā§ āĻāĻ āĻ¤ā§āĨ¤ āĻĻā§āĻā§āĻ¨ #168āĨ¤
Nexus JVM āĻŽā§āĻŽāĻ°āĻŋ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ° āĻāĻ°āĻž āĻšāĻā§āĻā§
nexus_min_heap_size: "1200M"
nexus_max_heap_size: "{{ nexus_min_heap_size }}"
nexus_max_direct_memory: "2G"āĻāĻā§āĻ˛āĻŋ āĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻĄāĻŋāĻĢāĻ˛ā§āĻ āĻ¸ā§āĻāĻŋāĻāĻ¸ā§ˇ āĻāĻ āĻŽāĻžāĻ¨ āĻĒāĻ°āĻŋāĻŦāĻ°ā§āĻ¤āĻ¨ āĻāĻ°āĻŦā§āĻ¨ āĻ¨āĻž āĻĻāĻ¯āĻŧāĻž āĻāĻ°ā§ āĻ¯āĻĻāĻŋ āĻ¨āĻž āĻĒāĻĄāĻŧā§ āĻĨāĻžāĻā§āĻ¨ āĻāĻŦāĻ āĻ¤āĻžāĻ°āĻž āĻāĻŋ āĻāĻ°āĻā§ āĻŦā§āĻāĻ¤ā§ āĻĒāĻžāĻ°ā§ āĻ¨āĻžāĨ¤
āĻĻā§āĻŦāĻŋāĻ¤ā§āĻ¯āĻŧ āĻ¸āĻ¤āĻ°ā§āĻāĻ¤āĻž āĻšāĻŋāĻ¸āĻžāĻŦā§, āĻāĻāĻžāĻ¨ā§ āĻāĻĒāĻ°ā§āĻ° āĻ¨āĻĨāĻŋ āĻĨā§āĻā§ āĻāĻāĻāĻŋ āĻāĻĻā§āĻ§ā§āĻ¤āĻŋ āĻĻā§āĻāĻ¯āĻŧāĻž āĻšāĻ˛:
āĻāĻ°ā§āĻŽāĻā§āĻˇāĻŽāĻ¤āĻž āĻāĻ¨ā§āĻ¨āĻ¤ āĻāĻ°āĻžāĻ° āĻĒā§āĻ°āĻ¯āĻŧāĻžāĻ¸ā§ āĻĒā§āĻ°āĻ¸ā§āĻ¤āĻžāĻŦāĻŋāĻ¤ āĻŽāĻžāĻ¨āĻā§āĻ˛āĻŋāĻ° āĻŦāĻžāĻāĻ°ā§ JVM āĻšāĻŋāĻĒ āĻŽā§āĻŽāĻ°āĻŋ āĻŦāĻžāĻĄāĻŧāĻžāĻ¨ā§āĻ° āĻ¸ā§āĻĒāĻžāĻ°āĻŋāĻļ āĻāĻ°āĻž āĻšāĻ¯āĻŧ āĻ¨āĻžāĨ¤ āĻāĻāĻŋ āĻāĻ¸āĻ˛ā§ āĻŦāĻŋāĻĒāĻ°ā§āĻ¤ āĻĒā§āĻ°āĻāĻžāĻŦ āĻĢā§āĻ˛āĻ¤ā§ āĻĒāĻžāĻ°ā§, āĻ¯āĻžāĻ° āĻĢāĻ˛ā§ āĻ āĻĒāĻžāĻ°ā§āĻāĻŋāĻ āĻ¸āĻŋāĻ¸ā§āĻā§āĻŽā§āĻ° āĻāĻ¨ā§āĻ¯ āĻ āĻĒā§āĻ°āĻ¯āĻŧā§āĻāĻ¨ā§āĻ¯āĻŧ āĻāĻžāĻ āĻšāĻ¤ā§ āĻĒāĻžāĻ°ā§āĨ¤
āĻĒā§āĻ°āĻļāĻžāĻ¸āĻā§āĻ° āĻĒāĻžāĻ¸āĻāĻ¯āĻŧāĻžāĻ°ā§āĻĄ
nexus_admin_password: 'changeme'āĻ¸ā§āĻāĻāĻĒā§āĻ° āĻāĻ¨ā§āĻ¯ "āĻ ā§āĻ¯āĻžāĻĄāĻŽāĻŋāĻ¨" āĻ ā§āĻ¯āĻžāĻāĻžāĻāĻ¨ā§āĻā§āĻ° āĻĒāĻžāĻ¸āĻāĻ¯āĻŧāĻžāĻ°ā§āĻĄāĨ¤ āĻāĻāĻŋ āĻļā§āĻ§ā§āĻŽāĻžāĻ¤ā§āĻ° āĻĒā§āĻ°āĻĨāĻŽ āĻĄāĻŋāĻĢāĻ˛ā§āĻ āĻāĻ¨āĻ¸ā§āĻāĻ˛ā§āĻļāĻ¨ā§ āĻāĻžāĻ āĻāĻ°ā§. āĻ āĻ¨ā§āĻā§āĻ°āĻš āĻāĻ°ā§ āĻĻā§āĻā§āĻ¨ [āĻĒā§āĻ°āĻĨāĻŽ āĻāĻ¨āĻ¸ā§āĻāĻ˛ā§āĻļāĻ¨ā§āĻ° āĻĒāĻ°ā§ āĻ ā§āĻ¯āĻžāĻĄāĻŽāĻŋāĻ¨ āĻĒāĻžāĻ¸āĻāĻ¯āĻŧāĻžāĻ°ā§āĻĄ āĻĒāĻ°āĻŋāĻŦāĻ°ā§āĻ¤āĻ¨ āĻāĻ°ā§āĻ¨](# āĻĒāĻ°āĻŋāĻŦāĻ°ā§āĻ¤āĻ¨-āĻ ā§āĻ¯āĻžāĻĄāĻŽāĻŋāĻ¨-āĻĒāĻžāĻ¸āĻāĻ¯āĻŧāĻžāĻ°ā§āĻĄ-āĻāĻĢāĻāĻžāĻ°-āĻĒā§āĻ°āĻĨāĻŽ-āĻāĻ¨āĻ¸ā§āĻāĻ˛) āĻ¯āĻĻāĻŋ āĻāĻĒāĻ¨āĻŋ āĻĒāĻ°ā§ āĻāĻāĻāĻŋ āĻā§āĻŽāĻŋāĻāĻž āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°ā§ āĻāĻāĻŋ āĻĒāĻ°āĻŋāĻŦāĻ°ā§āĻ¤āĻ¨ āĻāĻ°āĻ¤ā§ āĻāĻžāĻ¨āĨ¤
āĻĒā§āĻ˛ā§āĻŦā§āĻā§ āĻ¸ā§āĻĒāĻˇā§āĻ āĻĒāĻžāĻ ā§āĻ¯ā§ āĻāĻĒāĻ¨āĻžāĻ° āĻĒāĻžāĻ¸āĻāĻ¯āĻŧāĻžāĻ°ā§āĻĄ āĻ¸āĻāĻ°āĻā§āĻˇāĻŖ āĻ¨āĻž āĻāĻ°āĻžāĻ° āĻāĻ¨ā§āĻ¯, āĻ¤āĻŦā§ [āĻ ā§āĻ¯āĻžāĻ¨āĻ¸āĻŋāĻŦāĻ˛-āĻāĻ˛ā§āĻ āĻāĻ¨āĻā§āĻ°āĻŋāĻĒāĻļāĻ¨] āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°āĻžāĻ° āĻāĻ¨ā§āĻ¯ āĻāĻāĻŋ āĻĻā§āĻĸāĻŧāĻāĻžāĻŦā§ āĻ¸ā§āĻĒāĻžāĻ°āĻŋāĻļ āĻāĻ°āĻž āĻšāĻ¯āĻŧ () (āĻšāĻ¯āĻŧ āĻāĻ¨āĻ˛āĻžāĻāĻ¨ āĻŦāĻž āĻāĻāĻāĻŋ āĻĒā§āĻĨāĻ āĻĢāĻžāĻāĻ˛ā§ āĻ˛ā§āĻĄ āĻāĻ°āĻž āĻšāĻ¯āĻŧā§āĻā§ āĻ¯ā§āĻŽāĻ¨ āĻ āĻ¨ā§āĻ¤āĻ°ā§āĻā§āĻā§āĻ¤_āĻāĻžāĻ°āĻ¸)
āĻĄāĻŋāĻĢāĻ˛ā§āĻāĻ°ā§āĻĒā§ āĻŦā§āĻ¨āĻžāĻŽā§ āĻ ā§āĻ¯āĻžāĻā§āĻ¸ā§āĻ¸
nexus_anonymous_access: falseāĻŦā§āĻ¨āĻžāĻŽā§ āĻ ā§āĻ¯āĻžāĻā§āĻ¸ā§āĻ¸ āĻĄāĻŋāĻĢāĻ˛ā§āĻāĻ°ā§āĻĒā§ āĻ āĻā§āĻˇāĻŽ āĻāĻ°āĻž āĻšāĻ¯āĻŧ. āĻ¸āĻŽā§āĻĒāĻ°ā§āĻā§ āĻāĻ°ā§ āĻĒāĻĄāĻŧā§āĻ¨ .
āĻ¸āĻ°ā§āĻŦāĻāĻ¨ā§āĻ¨ āĻšā§āĻ¸ā§āĻāĻ¨āĻžāĻŽ
nexus_public_hostname: 'nexus.vm'
nexus_public_scheme: httpsāĻ¸āĻŽā§āĻĒā§āĻ°ā§āĻŖāĻ°ā§āĻĒā§ āĻ¯ā§āĻā§āĻ¯āĻ¤āĻžāĻ¸āĻŽā§āĻĒāĻ¨ā§āĻ¨ āĻĄā§āĻŽā§āĻ¨ āĻ¨āĻžāĻŽ āĻāĻŦāĻ āĻ¸ā§āĻāĻŋāĻŽ (https āĻŦāĻž http) āĻ¯āĻžāĻ° āĻ āĻ§ā§āĻ¨ā§ Nexus āĻĻā§āĻˇā§āĻāĻžāĻ¨ā§āĻ¤āĻāĻŋ āĻ¤āĻžāĻ° āĻā§āĻ˛āĻžāĻ¯āĻŧā§āĻ¨ā§āĻāĻĻā§āĻ° āĻāĻ¨ā§āĻ¯ āĻāĻĒāĻ˛āĻŦā§āĻ§ āĻšāĻŦā§ā§ˇ
āĻāĻ āĻā§āĻŽāĻŋāĻāĻžāĻ° āĻāĻ¨ā§āĻ¯ API āĻ ā§āĻ¯āĻžāĻā§āĻ¸ā§āĻ¸
nexus_api_hostname: localhost
nexus_api_scheme: http
nexus_api_validate_certs: "{{ nexus_api_scheme == 'https' }}"
nexus_api_context_path: "{{ nexus_default_context_path }}"
nexus_api_port: "{{ nexus_default_port }}"āĻāĻ āĻā§āĻ°āĻŋāĻ¯āĻŧā§āĻŦāĻ˛āĻā§āĻ˛āĻŋ āĻ¨āĻŋāĻ¯āĻŧāĻ¨ā§āĻ¤ā§āĻ°āĻŖ āĻāĻ°ā§ āĻāĻŋāĻāĻžāĻŦā§ āĻā§āĻŽāĻŋāĻāĻžāĻāĻŋ āĻŦāĻŋāĻ§āĻžāĻ¨ā§āĻ° āĻāĻ¨ā§āĻ¯ Nexus API-āĻāĻ° āĻ¸āĻžāĻĨā§ āĻ¸āĻāĻ¯ā§āĻ āĻāĻ°ā§ā§ˇ
āĻļā§āĻ§ā§āĻŽāĻžāĻ¤ā§āĻ° āĻāĻ¨ā§āĻ¨āĻ¤ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ°āĻāĻžāĻ°ā§āĻĻā§āĻ° āĻāĻ¨ā§āĻ¯āĨ¤ āĻāĻĒāĻ¨āĻŋ āĻ¸āĻŽā§āĻāĻŦāĻ¤ āĻāĻ āĻĄāĻŋāĻĢāĻ˛ā§āĻ āĻ¸ā§āĻāĻŋāĻāĻ¸ āĻĒāĻ°āĻŋāĻŦāĻ°ā§āĻ¤āĻ¨ āĻāĻ°āĻ¤ā§ āĻāĻžāĻ¨ āĻ¨āĻž
āĻāĻāĻāĻŋ āĻŦāĻŋāĻĒāĻ°ā§āĻ¤ āĻĒā§āĻ°āĻā§āĻ¸āĻŋ āĻ¸ā§āĻ āĻāĻĒ āĻāĻ°āĻž āĻšāĻā§āĻā§ā§ˇ
httpd_setup_enable: false
httpd_server_name: "{{ nexus_public_hostname }}"
httpd_default_admin_email: "[email protected]"
httpd_ssl_certificate_file: 'files/nexus.vm.crt'
httpd_ssl_certificate_key_file: 'files/nexus.vm.key'
# httpd_ssl_certificate_chain_file: "{{ httpd_ssl_certificate_file }}"
httpd_copy_ssl_files: trueāĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°ā§āĻ¨ .
āĻāĻāĻŋ āĻāĻ°āĻžāĻ° āĻāĻ¨ā§āĻ¯ āĻāĻĒāĻ¨āĻžāĻā§ httpd āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°āĻ¤ā§ āĻšāĻŦā§āĨ¤ āĻĻā§āĻ°āĻˇā§āĻāĻŦā§āĻ¯: āĻāĻāĻ¨ āĻāĻ¨ā§āĻ¯ httpd_setup_enable āĻŽāĻžāĻ¨ āĻ¸ā§āĻ āĻāĻ°ā§āĻ¨true, āĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ āĻĒāĻ°āĻŋāĻāĻŋāĻ¤āĻŋ 127.0.0.1:8081, āĻāĻāĻāĻžāĻŦā§ āĻ¨āĻž āĻŦāĻžāĻšā§āĻ¯āĻŋāĻ IP āĻ āĻŋāĻāĻžāĻ¨āĻž āĻĨā§āĻā§ HTTP āĻĒā§āĻ°ā§āĻ 8081 āĻāĻ° āĻŽāĻžāĻ§ā§āĻ¯āĻŽā§ āĻ¸āĻ°āĻžāĻ¸āĻ°āĻŋ āĻ
ā§āĻ¯āĻžāĻā§āĻ¸ā§āĻ¸āĻ¯ā§āĻā§āĻ¯āĨ¤
āĻŦā§āĻ¯āĻŦāĻšā§āĻ¤ āĻĄāĻŋāĻĢāĻ˛ā§āĻ āĻšā§āĻ¸ā§āĻāĻ¨āĻžāĻŽ āĻšāĻ˛ nexus_public_hostname. āĻā§āĻ¨ā§ āĻāĻžāĻ°āĻŖā§ āĻŦāĻŋāĻāĻŋāĻ¨ā§āĻ¨ āĻ¨āĻžāĻŽā§āĻ° āĻĒā§āĻ°āĻ¯āĻŧā§āĻāĻ¨ āĻšāĻ˛ā§ āĻ¸ā§āĻ āĻāĻ°āĻ¤ā§ āĻĒāĻžāĻ°ā§āĻ¨ httpd_server_name āĻāĻāĻāĻŋ āĻāĻŋāĻ¨ā§āĻ¨ āĻ
āĻ°ā§āĻĨ āĻ¸āĻšāĨ¤
ĐĄ httpd_copy_ssl_files: true (āĻĄāĻŋāĻĢāĻ˛ā§āĻāĻ°ā§āĻĒā§) āĻāĻĒāĻ°ā§āĻ° āĻļāĻāĻ¸āĻžāĻĒāĻ¤ā§āĻ°āĻā§āĻ˛āĻŋ āĻāĻĒāĻ¨āĻžāĻ° āĻĒā§āĻ˛ā§āĻŦā§āĻ āĻĄāĻŋāĻ°ā§āĻā§āĻāĻ°āĻŋāĻ¤ā§ āĻĨāĻžāĻāĻž āĻāĻāĻŋāĻ¤ āĻāĻŦāĻ āĻ¸āĻžāĻ°ā§āĻāĻžāĻ°ā§ āĻ
āĻ¨ā§āĻ˛āĻŋāĻĒāĻŋ āĻāĻ°āĻž āĻšāĻŦā§ āĻāĻŦāĻ āĻ
ā§āĻ¯āĻžāĻĒāĻžāĻāĻŋāĻ¤ā§ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ° āĻāĻ°āĻž āĻšāĻŦā§āĨ¤
āĻāĻĒāĻ¨āĻŋ āĻ¸āĻžāĻ°ā§āĻāĻžāĻ°ā§ āĻŦāĻŋāĻĻā§āĻ¯āĻŽāĻžāĻ¨ āĻ¸āĻžāĻ°ā§āĻāĻŋāĻĢāĻŋāĻā§āĻ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°āĻ¤ā§ āĻāĻžāĻ¨, āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°ā§āĻ¨ httpd_copy_ssl_files: false āĻāĻŦāĻ āĻ¨āĻŋāĻŽā§āĻ¨āĻ˛āĻŋāĻāĻŋāĻ¤ āĻā§āĻ°āĻŋāĻ¯āĻŧā§āĻŦāĻ˛ āĻĒā§āĻ°āĻĻāĻžāĻ¨ āĻāĻ°ā§āĻ¨:
# These specifies to the vhost where to find on the remote server file
# system the certificate files.
httpd_ssl_cert_file_location: "/etc/pki/tls/certs/wildcard.vm.crt"
httpd_ssl_cert_key_location: "/etc/pki/tls/private/wildcard.vm.key"
# httpd_ssl_cert_chain_file_location: "{{ httpd_ssl_cert_file_location }}"httpd_ssl_cert_chain_file_location āĻāĻā§āĻāĻŋāĻ āĻāĻŦāĻ āĻ¯āĻĻāĻŋ āĻāĻĒāĻ¨āĻŋ āĻā§āĻāĻ¨ āĻĢāĻžāĻāĻ˛āĻāĻŋ āĻāĻžāĻ¸ā§āĻāĻŽāĻžāĻāĻ āĻāĻ°āĻ¤ā§ āĻ¨āĻž āĻāĻžāĻ¨ āĻ¤āĻŦā§ āĻ¸ā§āĻ āĻ¨āĻž āĻāĻ°ā§ āĻ°ā§āĻā§ āĻĻā§āĻāĻ¯āĻŧāĻž āĻāĻāĻŋāĻ¤
httpd_default_admin_email: "[email protected]"āĻĄāĻŋāĻĢāĻ˛ā§āĻ āĻ ā§āĻ¯āĻžāĻĄāĻŽāĻŋāĻ¨ āĻāĻŽā§āĻ˛ āĻ āĻŋāĻāĻžāĻ¨āĻž āĻ¸ā§āĻ āĻāĻ°ā§āĻ¨
LDAP āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨
LDAP āĻ¸āĻāĻ¯ā§āĻ āĻāĻŦāĻ āĻ¨āĻŋāĻ°āĻžāĻĒāĻ¤ā§āĻ¤āĻž āĻā§āĻˇā§āĻ¤ā§āĻ° āĻĄāĻŋāĻĢāĻ˛ā§āĻāĻ°ā§āĻĒā§ āĻ āĻā§āĻˇāĻŽ āĻāĻ°āĻž āĻšāĻ¯āĻŧ
nexus_ldap_realm: false
ldap_connections: [], āĻĒā§āĻ°āĻ¤āĻŋāĻāĻŋ āĻāĻĒāĻžāĻĻāĻžāĻ¨ āĻāĻ āĻŽāĻ¤ āĻĻā§āĻāĻžāĻ¯āĻŧ:
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'My Company LDAP' # used as a key to update the ldap config
ldap_protocol: 'ldaps' # ldap or ldaps
ldap_hostname: 'ldap.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false # Wether or not to use certs in the nexus trust store
ldap_search_base: 'dc=mycompany,dc=net'
ldap_auth: 'none' # or simple
ldap_auth_username: 'username' # if auth = simple
ldap_auth_password: 'password' # if auth = simple
ldap_user_base_dn: 'ou=users'
ldap_user_filter: '(cn=*)' # (optional)
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_subtree: false
ldap_map_groups_as_roles: false
ldap_group_base_dn: 'ou=groups'
ldap_group_object_class: 'posixGroup'
ldap_group_id_attribute: 'cn'
ldap_group_member_attribute: 'memberUid'
ldap_group_member_format: '${username}'
ldap_group_subtree: falseāĻŦā§āĻ¨āĻžāĻŽā§ āĻĒā§āĻ°āĻŽāĻžāĻŖā§āĻāĻ°āĻŖā§āĻ° āĻāĻ¨ā§āĻ¯ LDAP āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨ā§āĻ° āĻāĻĻāĻžāĻšāĻ°āĻŖ (āĻŦā§āĻ¨āĻžāĻŽā§ āĻŦāĻžāĻāĻ¨ā§āĻĄāĻŋāĻ), āĻāĻāĻŋāĻ āĻāĻāĻāĻŋ "āĻ¨ā§āĻ¯ā§āĻ¨āĻ¤āĻŽ" āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨:
nexus_ldap_realm: true
ldap_connection:
- ldap_name: 'Simplest LDAP config'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_search_base: 'dc=mycompany,dc=net'
ldap_port: 636
ldap_use_trust_store: false
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_object_class: 'inetOrgPerson'āĻ¸āĻžāĻ§āĻžāĻ°āĻŖ āĻĒā§āĻ°āĻŽāĻžāĻŖā§āĻāĻ°āĻŖā§āĻ° āĻāĻ¨ā§āĻ¯ LDAP āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨ā§āĻ° āĻāĻĻāĻžāĻšāĻ°āĻŖ (DSA āĻ ā§āĻ¯āĻžāĻāĻžāĻāĻ¨ā§āĻ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°ā§):
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_subtree: falseāĻ¸āĻžāĻ§āĻžāĻ°āĻŖ āĻĒā§āĻ°āĻŽāĻžāĻŖā§āĻāĻ°āĻŖā§āĻ° āĻāĻ¨ā§āĻ¯ āĻāĻĻāĻžāĻšāĻ°āĻŖ LDAP āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨ (DSA āĻ ā§āĻ¯āĻžāĻāĻžāĻāĻ¨ā§āĻ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°ā§) + āĻā§āĻŽāĻŋāĻāĻž āĻšāĻŋāĻ¸āĻžāĻŦā§ āĻŽā§āĻ¯āĻžāĻĒ āĻāĻ°āĻž āĻā§āĻ°ā§āĻĒ:
nexus_ldap_realm: true
ldap_connections
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_map_groups_as_roles: true
ldap_group_base_dn: 'ou=groups'
ldap_group_object_class: 'groupOfNames'
ldap_group_id_attribute: 'cn'
ldap_group_member_attribute: 'member'
ldap_group_member_format: 'uid=${username},ou=users,dc=mycompany,dc=net'
ldap_group_subtree: falseāĻ¸āĻžāĻ§āĻžāĻ°āĻŖ āĻĒā§āĻ°āĻŽāĻžāĻŖā§āĻāĻ°āĻŖā§āĻ° āĻāĻ¨ā§āĻ¯ LDAP āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨ā§āĻ° āĻāĻĻāĻžāĻšāĻ°āĻŖ (DSA āĻ ā§āĻ¯āĻžāĻāĻžāĻāĻ¨ā§āĻ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°ā§) + āĻā§āĻ°ā§āĻĒāĻā§āĻ˛āĻŋāĻā§ āĻā§āĻŽāĻŋāĻāĻž āĻšāĻŋāĻ¸āĻžāĻŦā§ āĻāĻ¤āĻŋāĻļā§āĻ˛āĻāĻžāĻŦā§ āĻŽā§āĻ¯āĻžāĻĒ āĻāĻ°āĻž āĻšāĻ¯āĻŧā§āĻā§:
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_map_groups_as_roles: true
ldap_map_groups_as_roles_type: 'dynamic'
ldap_user_memberof_attribute: 'memberOf'āĻŦāĻŋāĻļā§āĻˇāĻžāĻ§āĻŋāĻāĻžāĻ°
nexus_privileges:
- name: all-repos-read # used as key to update a privilege
# type: <one of application, repository-admin, repository-content-selector, repository-view, script or wildcard>
description: 'Read & Browse access to all repos'
repository: '*'
actions: # can be add, browse, create, delete, edit, read or * (all)
- read
- browse
# pattern: pattern
# domain: domain
# script_name: nameāĻ¤āĻžāĻ˛āĻŋāĻāĻž āĻ¸ā§āĻāĻŋāĻāĻ¸ā§āĻ° āĻāĻ¨ā§āĻ¯āĨ¤ āĻŦāĻŋāĻļā§āĻˇāĻžāĻ§āĻŋāĻāĻžāĻ° āĻĒā§āĻ°āĻāĻžāĻ°ā§āĻ° āĻāĻĒāĻ° āĻ¨āĻŋāĻ°ā§āĻāĻ° āĻāĻ°ā§ āĻā§āĻ¨ āĻā§āĻ°āĻŋāĻ¯āĻŧā§āĻŦāĻ˛ āĻ¸ā§āĻ āĻāĻ°āĻž āĻĻāĻ°āĻāĻžāĻ° āĻ¤āĻž āĻĒāĻ°ā§āĻā§āĻˇāĻž āĻāĻ°āĻ¤ā§ āĻĄāĻā§āĻŽā§āĻ¨ā§āĻā§āĻļāĻ¨ āĻāĻŦāĻ GUI āĻĻā§āĻā§āĻ¨āĨ¤
āĻāĻ āĻāĻĒāĻžāĻĻāĻžāĻ¨āĻā§āĻ˛āĻŋ āĻ¨āĻŋāĻŽā§āĻ¨āĻ˛āĻŋāĻāĻŋāĻ¤ āĻĄāĻŋāĻĢāĻ˛ā§āĻ āĻŽāĻžāĻ¨āĻā§āĻ˛āĻŋāĻ° āĻ¸āĻžāĻĨā§ āĻŽāĻŋāĻ˛āĻŋāĻ¤ āĻšāĻ¯āĻŧ:
_nexus_privilege_defaults:
type: repository-view
format: maven2
actions:
- readāĻā§āĻŽāĻŋāĻāĻž (āĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ āĻāĻ° āĻāĻŋāĻ¤āĻ°ā§ āĻāĻ° āĻŽāĻžāĻ¨ā§)
nexus_roles:
- id: Developpers # can map to a LDAP group id, also used as a key to update a role
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
roles: [] # references to other role namesāĻ¤āĻžāĻ˛āĻŋāĻāĻž āĻ¸ā§āĻāĻŋāĻāĻ¸ā§āĻ° āĻāĻ¨ā§āĻ¯āĨ¤
āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ°āĻāĻžāĻ°ā§āĻĻā§āĻ°
nexus_local_users: []
# - username: jenkins # used as key to update
# state: present # default value if ommited, use 'absent' to remove user
# first_name: Jenkins
# last_name: CI
# email: [email protected]
# password: "s3cr3t"
# roles:
# - developers # role IDāĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ā§ āĻ¤ā§āĻ°āĻŋ āĻāĻ°āĻžāĻ° āĻāĻ¨ā§āĻ¯ āĻ¸ā§āĻĨāĻžāĻ¨ā§āĻ¯āĻŧ (āĻ¨āĻ¨-āĻāĻ˛āĻĄāĻŋāĻāĻĒāĻŋ) āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ°āĻāĻžāĻ°ā§/āĻ ā§āĻ¯āĻžāĻāĻžāĻāĻ¨ā§āĻ āĻ¤āĻžāĻ˛āĻŋāĻāĻžāĨ¤
Nexus-āĻ āĻ¤ā§āĻ°āĻŋ āĻāĻ°āĻ¤ā§ āĻ¸ā§āĻĨāĻžāĻ¨ā§āĻ¯āĻŧ (āĻ¨āĻ¨-LDAP) āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ°āĻāĻžāĻ°ā§/āĻ ā§āĻ¯āĻžāĻāĻžāĻāĻ¨ā§āĻā§āĻ° āĻ¤āĻžāĻ˛āĻŋāĻāĻžāĨ¤
nexus_ldap_users: []
# - username: j.doe
# state: present
# roles:
# - "nx-admin"āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ°āĻāĻžāĻ°ā§/āĻā§āĻŽāĻŋāĻāĻžāĻ° Ldap āĻŽā§āĻ¯āĻžāĻĒāĻŋāĻāĨ¤ āĻ
āĻŦāĻ¸ā§āĻĨāĻž absent āĻāĻāĻāĻŋ āĻŦāĻŋāĻĻā§āĻ¯āĻŽāĻžāĻ¨ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ°āĻāĻžāĻ°ā§āĻ° āĻĨā§āĻā§ āĻā§āĻŽāĻŋāĻāĻž āĻŽā§āĻā§ āĻĢā§āĻ˛āĻŦā§ āĻ¯āĻĻāĻŋ āĻāĻāĻāĻŋ āĻāĻ¤āĻŋāĻŽāĻ§ā§āĻ¯ā§ āĻŦāĻŋāĻĻā§āĻ¯āĻŽāĻžāĻ¨ āĻĨāĻžāĻā§āĨ¤
Ldap āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ°āĻāĻžāĻ°ā§āĻĻā§āĻ° āĻŽā§āĻā§ āĻĢā§āĻ˛āĻž āĻšāĻ¯āĻŧ āĻ¨āĻž. āĻāĻāĻāĻŋ āĻ
āĻ¸ā§āĻ¤āĻŋāĻ¤ā§āĻŦāĻšā§āĻ¨ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ°āĻāĻžāĻ°ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻāĻāĻāĻŋ āĻā§āĻŽāĻŋāĻāĻž āĻ¸ā§āĻ āĻāĻ°āĻžāĻ° āĻā§āĻˇā§āĻāĻž āĻāĻ°āĻ˛ā§ āĻāĻāĻāĻŋ āĻ¤ā§āĻ°ā§āĻāĻŋ āĻĻā§āĻāĻž āĻĻā§āĻŦā§ā§ˇ
āĻŦāĻŋāĻˇāĻ¯āĻŧāĻŦāĻ¸ā§āĻ¤ā§ āĻ¨āĻŋāĻ°ā§āĻŦāĻžāĻāĻ
nexus_content_selectors:
- name: docker-login
description: Selector for docker login privilege
search_expression: format=="docker" and path=~"/v2/"āĻŦāĻŋāĻˇāĻ¯āĻŧāĻŦāĻ¸ā§āĻ¤ā§ āĻ¨āĻŋāĻ°ā§āĻŦāĻžāĻāĻ āĻ¸āĻŽā§āĻĒāĻ°ā§āĻā§ āĻāĻ°āĻ āĻ¤āĻĨā§āĻ¯ā§āĻ° āĻāĻ¨ā§āĻ¯, āĻĻā§āĻā§āĻ¨ .
āĻŦāĻŋāĻˇāĻ¯āĻŧāĻŦāĻ¸ā§āĻ¤ā§ āĻ¨āĻŋāĻ°ā§āĻŦāĻžāĻāĻ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°āĻ¤ā§, āĻāĻ° āĻ¸āĻžāĻĨā§ āĻāĻāĻāĻŋ āĻ¨āĻ¤ā§āĻ¨ āĻŦāĻŋāĻļā§āĻˇāĻžāĻ§āĻŋāĻāĻžāĻ° āĻ¯ā§āĻ āĻāĻ°ā§āĻ¨ type: repository-content-selector āĻāĻŦāĻ āĻĒā§āĻ°āĻžāĻ¸āĻā§āĻāĻŋāĻcontentSelector
- name: docker-login-privilege
type: repository-content-selector
contentSelector: docker-login
description: 'Login to Docker registry'
repository: '*'
actions:
- read
- browseāĻŦā§āĻ˛āĻŦāĻ¸ā§āĻā§āĻ° āĻāĻŦāĻ āĻ¸āĻāĻā§āĻ°āĻšāĻ¸ā§āĻĨāĻ˛
nexus_delete_default_repos: falseāĻĒā§āĻ°āĻžāĻĨāĻŽāĻŋāĻ āĻĄāĻŋāĻĢāĻ˛ā§āĻ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨ āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°āĻžāĻ° āĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ āĻĨā§āĻā§ āĻ¸āĻāĻā§āĻ°āĻšāĻ¸ā§āĻĨāĻ˛āĻā§āĻ˛āĻŋ āĻŽā§āĻā§āĻ¨āĨ¤ āĻāĻ āĻĒāĻĻāĻā§āĻˇā§āĻĒāĻāĻŋ āĻļā§āĻ§ā§āĻŽāĻžāĻ¤ā§āĻ° āĻĒā§āĻ°āĻĨāĻŽāĻŦāĻžāĻ° āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°āĻžāĻ° āĻ¸āĻŽāĻ¯āĻŧ āĻāĻžāĻ°ā§āĻ¯āĻāĻ° āĻāĻ°āĻž āĻšāĻ¯āĻŧ (āĻ¯āĻāĻ¨ nexus_data_dir āĻāĻžāĻ˛āĻŋ āĻ¸āĻ¨āĻžāĻā§āĻ¤ āĻāĻ°āĻž āĻšāĻ¯āĻŧā§āĻā§)āĨ¤
Nexus-āĻāĻ° āĻāĻ¨ā§āĻ¯ āĻĄāĻŋāĻĢāĻ˛ā§āĻ āĻĄāĻŋāĻĢāĻ˛ā§āĻ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨ āĻĨā§āĻā§ āĻ¸āĻāĻā§āĻ°āĻšāĻ¸ā§āĻĨāĻ˛āĻā§āĻ˛āĻŋ āĻ¸āĻ°āĻžāĻ¨ā§ āĻšāĻā§āĻā§āĨ¤ āĻāĻ āĻĒāĻĻāĻā§āĻˇā§āĻĒāĻāĻŋ āĻļā§āĻ§ā§āĻŽāĻžāĻ¤ā§āĻ° āĻĒā§āĻ°āĻĨāĻŽ āĻāĻ¨āĻ¸ā§āĻāĻ˛ā§āĻļāĻ¨ā§āĻ° āĻ¸āĻŽāĻ¯āĻŧ āĻ¸āĻā§āĻāĻžāĻ˛āĻŋāĻ¤ āĻšāĻ¯āĻŧ (āĻ¯āĻāĻ¨ nexus_data_dir āĻāĻžāĻ˛āĻŋ)āĨ¤
nexus_delete_default_blobstore: falseāĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻĒā§āĻ°āĻžāĻĨāĻŽāĻŋāĻ āĻĄāĻŋāĻĢāĻ˛ā§āĻ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨ āĻĨā§āĻā§ āĻĄāĻŋāĻĢāĻ˛ā§āĻ āĻŦā§āĻ˛āĻŦāĻ¸ā§āĻā§āĻ° āĻŽā§āĻā§āĻ¨āĨ¤ āĻāĻāĻŋ āĻļā§āĻ§ā§āĻŽāĻžāĻ¤ā§āĻ° āĻ¯āĻĻāĻŋ āĻāĻ°āĻž āĻ¯ā§āĻ¤ā§ āĻĒāĻžāĻ°ā§ nexus_delete_default_repos: true āĻāĻŦāĻ āĻ¸āĻŽāĻ¸ā§āĻ¤ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ° āĻāĻ°āĻž āĻ¸āĻāĻā§āĻ°āĻšāĻ¸ā§āĻĨāĻ˛ā§āĻ° (āĻ¨ā§āĻā§ āĻĻā§āĻā§āĻ¨) āĻāĻāĻāĻŋ āĻ¸ā§āĻ¸ā§āĻĒāĻˇā§āĻ āĻāĻā§ blob_store: custom. āĻāĻ āĻĒāĻĻāĻā§āĻˇā§āĻĒāĻāĻŋ āĻļā§āĻ§ā§āĻŽāĻžāĻ¤ā§āĻ° āĻĒā§āĻ°āĻĨāĻŽāĻŦāĻžāĻ° āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°āĻžāĻ° āĻ¸āĻŽāĻ¯āĻŧ āĻāĻžāĻ°ā§āĻ¯āĻāĻ° āĻāĻ°āĻž āĻšāĻ¯āĻŧ (āĻ¯āĻāĻ¨ nexus_data_dir āĻāĻžāĻ˛āĻŋ āĻ¸āĻ¨āĻžāĻā§āĻ¤ āĻāĻ°āĻž āĻšāĻ¯āĻŧā§āĻā§)āĨ¤
āĻĒā§āĻ°āĻžāĻĨāĻŽāĻŋāĻ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨ āĻĨā§āĻā§ āĻŦā§āĻ˛āĻŦ āĻ¸ā§āĻā§āĻ°ā§āĻ (āĻŦāĻžāĻāĻ¨āĻžāĻ°ā§ āĻāĻ°ā§āĻāĻŋāĻĢā§āĻ¯āĻžāĻā§āĻ) āĻ
āĻĒāĻ¸āĻžāĻ°āĻŖ āĻĄāĻŋāĻĢāĻ˛ā§āĻāĻ°ā§āĻĒā§ āĻ
āĻā§āĻˇāĻŽ āĻāĻ°āĻž āĻšāĻ¯āĻŧāĨ¤ āĻŦā§āĻ˛āĻŦ āĻ¸ā§āĻā§āĻ°ā§āĻ (āĻŦāĻžāĻāĻ¨āĻžāĻ°ā§ āĻāĻ°ā§āĻāĻŋāĻĢā§āĻ¯āĻžāĻā§āĻ) āĻ
āĻĒāĻ¸āĻžāĻ°āĻŖ āĻāĻ°āĻ¤ā§, āĻŦāĻ¨ā§āĻ§ āĻāĻ°ā§āĻ¨ nexus_delete_default_repos: true. āĻāĻ āĻĒāĻĻāĻā§āĻˇā§āĻĒāĻāĻŋ āĻļā§āĻ§ā§āĻŽāĻžāĻ¤ā§āĻ° āĻĒā§āĻ°āĻĨāĻŽ āĻāĻ¨āĻ¸ā§āĻāĻ˛ā§āĻļāĻ¨ā§āĻ° āĻ¸āĻŽāĻ¯āĻŧ āĻ¸āĻā§āĻāĻžāĻ˛āĻŋāĻ¤ āĻšāĻ¯āĻŧ (āĻ¯āĻāĻ¨ nexus_data_dir āĻāĻžāĻ˛āĻŋ)āĨ¤
nexus_blobstores: []
# example blobstore item :
# - name: separate-storage
# type: file
# path: /mnt/custom/path
# - name: s3-blobstore
# type: S3
# config:
# bucket: s3-blobstore
# accessKeyId: "{{ VAULT_ENCRYPTED_KEY_ID }}"
# secretAccessKey: "{{ VAULT_ENCRYPTED_ACCESS_KEY }}"āĻ¤ā§āĻ°ā§ āĻāĻ°āĻ¤ā§. āĻāĻāĻāĻŋ āĻŦā§āĻ˛āĻŦāĻ¸ā§āĻā§āĻ° āĻĒāĻžāĻĨ āĻāĻŦāĻ āĻāĻāĻāĻŋ āĻ¸āĻāĻā§āĻ°āĻšāĻ¸ā§āĻĨāĻ˛ āĻŦā§āĻ˛āĻŦāĻ¸ā§āĻā§āĻ° āĻĒā§āĻ°āĻžāĻĨāĻŽāĻŋāĻ āĻ¤ā§āĻ°āĻŋāĻ° āĻĒāĻ°ā§ āĻāĻĒāĻĄā§āĻ āĻāĻ°āĻž āĻ¯āĻžāĻŦā§ āĻ¨āĻž (āĻāĻāĻžāĻ¨ā§ āĻ¯ā§āĻā§āĻ¨ āĻāĻĒāĻĄā§āĻ āĻĒā§āĻ¨āĻāĻĒā§āĻ°āĻāĻŋāĻļāĻ¨āĻŋāĻ āĻ āĻāĻĒā§āĻā§āĻˇāĻž āĻāĻ°āĻž āĻšāĻŦā§)āĨ¤
S3 āĻ āĻŦā§āĻ˛āĻŦāĻ¸ā§āĻā§āĻ° āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ° āĻāĻ°āĻž āĻāĻāĻāĻŋ āĻ¸ā§āĻŦāĻŋāĻ§āĻž āĻšāĻŋāĻ¸āĻžāĻŦā§ āĻĒā§āĻ°āĻĻāĻžāĻ¨ āĻāĻ°āĻž āĻšāĻ¯āĻŧā§āĻā§ āĻāĻŦāĻ āĻāĻŽāĻ°āĻž āĻā§āĻ°ā§āĻ¯āĻžāĻāĻŋāĻ¸ā§ āĻ¯ā§ āĻ¸ā§āĻŦāĻ¯āĻŧāĻāĻā§āĻ°āĻŋāĻ¯āĻŧ āĻĒāĻ°ā§āĻā§āĻˇāĻž āĻāĻžāĻ˛āĻžāĻ āĻ¤āĻžāĻ° āĻ āĻāĻļ āĻ¨āĻ¯āĻŧāĨ¤ āĻ āĻ¨ā§āĻā§āĻ°āĻš āĻāĻ°ā§ āĻŽāĻ¨ā§ āĻ°āĻžāĻāĻŦā§āĻ¨ āĻ¯ā§ S3 āĻ āĻ¸āĻā§āĻāĻ¯āĻŧ āĻāĻ°āĻž āĻļā§āĻ§ā§āĻŽāĻžāĻ¤ā§āĻ° AWS-āĻ āĻ¸ā§āĻĨāĻžāĻĒāĻ¨ āĻāĻ°āĻž āĻāĻĻāĻžāĻšāĻ°āĻŖā§āĻ° āĻāĻ¨ā§āĻ¯ āĻ¸ā§āĻĒāĻžāĻ°āĻŋāĻļ āĻāĻ°āĻž āĻšāĻ¯āĻŧāĨ¤
āĻ¸ā§āĻˇā§āĻāĻŋ . āĻ¸ā§āĻā§āĻ°ā§āĻ āĻĒāĻžāĻĨ āĻāĻŦāĻ āĻ¸ā§āĻā§āĻ°ā§āĻ āĻ°āĻŋāĻĒā§āĻāĻŋāĻāĻ°āĻŋ āĻĒā§āĻ°āĻžāĻĨāĻŽāĻŋāĻ āĻ¤ā§āĻ°āĻŋāĻ° āĻĒāĻ°ā§ āĻāĻĒāĻĄā§āĻ āĻāĻ°āĻž āĻ¯āĻžāĻŦā§ āĻ¨āĻž (āĻāĻŦāĻžāĻ° āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°āĻžāĻ° āĻ¸āĻŽāĻ¯āĻŧ āĻāĻāĻžāĻ¨ā§ āĻ¯ā§ āĻā§āĻ¨ā§ āĻāĻĒāĻĄā§āĻ āĻāĻĒā§āĻā§āĻˇāĻž āĻāĻ°āĻž āĻšāĻŦā§)āĨ¤
S3 āĻ¤ā§ āĻŦā§āĻ˛āĻŦ āĻ¸ā§āĻā§āĻ°ā§āĻ āĻ¸ā§āĻ āĻāĻĒ āĻāĻ°āĻž āĻāĻāĻāĻŋ āĻ¸ā§āĻŦāĻŋāĻ§āĻž āĻšāĻŋāĻ¸āĻžāĻŦā§ āĻĒā§āĻ°āĻĻāĻžāĻ¨ āĻāĻ°āĻž āĻšāĻ¯āĻŧā§āĻā§ā§ˇ āĻĻāĻ¯āĻŧāĻž āĻāĻ°ā§ āĻŽāĻ¨ā§ āĻ°āĻžāĻāĻŦā§āĻ¨ āĻ¯ā§ S3 āĻ¸ā§āĻā§āĻ°ā§āĻ āĻļā§āĻ§ā§āĻŽāĻžāĻ¤ā§āĻ° AWS-āĻ āĻ¸ā§āĻĨāĻžāĻĒāĻ¨ āĻāĻ°āĻž āĻāĻĻāĻžāĻšāĻ°āĻŖā§āĻ° āĻāĻ¨ā§āĻ¯ āĻ¸ā§āĻĒāĻžāĻ°āĻŋāĻļ āĻāĻ°āĻž āĻšāĻ¯āĻŧāĨ¤
nexus_repos_maven_proxy:
- name: central
remote_url: 'https://repo1.maven.org/maven2/'
layout_policy: permissive
# maximum_component_age: -1
# maximum_metadata_age: 1440
# negative_cache_enabled: true
# negative_cache_ttl: 1440
- name: jboss
remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
# maximum_component_age: -1
# maximum_metadata_age: 1440
# negative_cache_enabled: true
# negative_cache_ttl: 1440
# example with a login/password :
# - name: secret-remote-repo
# remote_url: 'https://company.com/repo/secure/private/go/away'
# remote_username: 'username'
# remote_password: 'secret'
# # maximum_component_age: -1
# # maximum_metadata_age: 1440
# # negative_cache_enabled: true
# # negative_cache_ttl: 1440āĻāĻĒāĻ°ā§ āĻāĻāĻāĻŋ āĻāĻĻāĻžāĻšāĻ°āĻŖ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨ āĻāĻā§ āĻŽāĻžāĻā§āĻ¨
nexus_repos_maven_hosted:
- name: private-release
version_policy: release
write_policy: allow_once # one of "allow", "allow_once" or "deny"āĻŽā§āĻ¯āĻžāĻā§āĻ¨ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨. āĻ¨ā§āĻ¤āĻŋāĻŦāĻžāĻāĻ āĻā§āĻ¯āĻžāĻļā§ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨ āĻāĻā§āĻāĻŋāĻ āĻāĻŦāĻ āĻ¯āĻĻāĻŋ āĻŦāĻžāĻĻ āĻĻā§āĻāĻ¯āĻŧāĻž āĻšāĻ¯āĻŧ āĻ¤āĻŦā§ āĻāĻĒāĻ°ā§āĻ° āĻŽāĻžāĻ¨āĻā§āĻ˛āĻŋāĻ¤ā§ āĻĄāĻŋāĻĢāĻ˛ā§āĻ āĻšāĻŦā§āĨ¤
āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨ āĻŽāĻžāĻā§āĻ¨āĨ¤ āĻ¨ā§āĻ¤āĻŋāĻŦāĻžāĻāĻ āĻā§āĻ¯āĻžāĻļā§ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨ (-1) āĻāĻā§āĻāĻŋāĻ āĻāĻŦāĻ āĻ¨āĻŋāĻ°ā§āĻĻāĻŋāĻˇā§āĻ āĻ¨āĻž āĻĨāĻžāĻāĻ˛ā§ āĻāĻĒāĻ°ā§āĻ° āĻŽāĻžāĻ¨āĻā§āĻ˛āĻŋāĻ¤ā§ āĻĄāĻŋāĻĢāĻ˛ā§āĻ āĻšāĻŦā§āĨ¤
nexus_repos_maven_group:
- name: public
member_repos:
- central
- jbossāĻāĻ¨āĻĢāĻŋāĻāĻžāĻ°ā§āĻļāĻ¨ āĻŽāĻžāĻā§āĻ¨
āĻ¤āĻŋāĻ¨āĻāĻŋ āĻ°āĻŋāĻĒā§āĻāĻŋāĻāĻ°āĻŋ āĻĒā§āĻ°āĻāĻžāĻ° āĻ¨āĻŋāĻŽā§āĻ¨āĻ˛āĻŋāĻāĻŋāĻ¤ āĻĄāĻŋāĻĢāĻ˛ā§āĻ āĻŽāĻžāĻ¨āĻā§āĻ˛āĻŋāĻ° āĻ¸āĻžāĻĨā§ āĻŽāĻŋāĻ˛āĻŋāĻ¤ āĻšāĻ¯āĻŧ:
_nexus_repos_maven_defaults:
blob_store: default # Note : cannot be updated once the repo has been created
strict_content_validation: true
version_policy: release # release, snapshot or mixed
layout_policy: strict # strict or permissive
write_policy: allow_once # one of "allow", "allow_once" or "deny"
maximum_component_age: -1 # Nexus gui default. For proxies only
maximum_metadata_age: 1440 # Nexus gui default. For proxies only
negative_cache_enabled: true # Nexus gui default. For proxies only
negative_cache_ttl: 1440 # Nexus gui default. For proxies onlyDocker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFS āĻāĻŦāĻ yum āĻ¸āĻāĻā§āĻ°āĻšāĻ¸ā§āĻĨāĻ˛ā§āĻ° āĻ§āĻ°āĻ¨:
āĻĻā§āĻ defaults/main.yml āĻāĻ āĻŦāĻŋāĻāĻ˛ā§āĻĒāĻā§āĻ˛āĻŋāĻ° āĻāĻ¨ā§āĻ¯:
Docker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFS āĻāĻŦāĻ yum āĻ¸āĻāĻā§āĻ°āĻšāĻ¸ā§āĻĨāĻ˛āĻā§āĻ˛āĻŋ āĻĄāĻŋāĻĢāĻ˛ā§āĻāĻ°ā§āĻĒā§ āĻ
āĻā§āĻˇāĻŽ āĻāĻ°āĻž āĻšāĻ¯āĻŧā§āĻā§:
āĻĻā§āĻ defaults/main.yml āĻāĻ āĻŦāĻŋāĻāĻ˛ā§āĻĒāĻā§āĻ˛āĻŋāĻ° āĻāĻ¨ā§āĻ¯:
nexus_config_pypi: false
nexus_config_docker: false
nexus_config_raw: false
nexus_config_rubygems: false
nexus_config_bower: false
nexus_config_npm: false
nexus_config_gitlfs: false
nexus_config_yum: falseāĻ āĻ¨ā§āĻā§āĻ°āĻš āĻāĻ°ā§ āĻŽāĻ¨ā§ āĻ°āĻžāĻāĻŦā§āĻ¨ āĻ¯ā§ āĻāĻĒāĻ¨āĻŋ āĻ¯āĻĻāĻŋ āĻŽā§āĻ¯āĻžāĻā§āĻ¨ āĻŦā§āĻ¯āĻ¤ā§āĻ¤ āĻ āĻ¨ā§āĻ¯ āĻ§āĻ°āĻ¨ā§āĻ° āĻ¸āĻāĻā§āĻ°āĻšāĻ¸ā§āĻĨāĻ˛ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°āĻ¤ā§ āĻāĻžāĻ¨ āĻ¤āĻŦā§ āĻāĻĒāĻ¨āĻžāĻā§ āĻāĻŋāĻā§ āĻ¨āĻŋāĻ°āĻžāĻĒāĻ¤ā§āĻ¤āĻž āĻ¸ā§āĻ¯ā§āĻ āĻ¸āĻā§āĻ°āĻŋāĻ¯āĻŧ āĻāĻ°āĻ¤ā§ āĻšāĻŦā§āĨ¤ āĻāĻāĻŋ āĻĄāĻŋāĻĢāĻ˛ā§āĻāĻ°ā§āĻĒā§ āĻŽāĻŋāĻĨā§āĻ¯āĻž
nexus_nuget_api_key_realm: false
nexus_npm_bearer_token_realm: false
nexus_docker_bearer_token_realm: false # required for docker anonymous accessāĻ°āĻŋāĻŽā§āĻ āĻāĻāĻāĻžāĻ° āĻ°āĻŋāĻ¯āĻŧā§āĻ˛āĻŽ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°ā§āĻ āĻ¸āĻā§āĻˇāĻŽ āĻāĻ°āĻž āĻ¯ā§āĻ¤ā§ āĻĒāĻžāĻ°ā§
nexus_rut_auth_realm: trueāĻāĻŦāĻ āĻļāĻŋāĻ°ā§āĻ¨āĻžāĻŽ āĻ¸āĻāĻā§āĻāĻžāĻ¯āĻŧāĻŋāĻ¤ āĻāĻ°ā§ āĻāĻžāĻ¸ā§āĻāĻŽāĻžāĻāĻ āĻāĻ°āĻž āĻ¯ā§āĻ¤ā§ āĻĒāĻžāĻ°ā§
nexus_rut_auth_header: "CUSTOM_HEADER"āĻĒāĻ°āĻŋāĻāĻ˛ā§āĻĒāĻ¨āĻžāĻŽāĻžāĻĢāĻŋāĻ āĻāĻžāĻ
nexus_scheduled_tasks: []
# # Example task to compact blobstore :
# - name: compact-docker-blobstore
# cron: '0 0 22 * * ?'
# typeId: blobstore.compact
# task_alert_email: [email protected] # optional
# taskProperties:
# blobstoreName: {{ nexus_blob_names.docker.blob }} # all task attributes are stored as strings by nexus internally
# # Example task to purge maven snapshots
# - name: Purge-maven-snapshots
# cron: '0 50 23 * * ?'
# typeId: repository.maven.remove-snapshots
# task_alert_email: [email protected] # optional
# taskProperties:
# repositoryName: "*" # * for all repos. Change to a repository name if you only want a specific one
# minimumRetained: "2"
# snapshotRetentionDays: "2"
# gracePeriodInDays: "2"
# booleanTaskProperties:
# removeIfReleased: true
# # Example task to purge unused docker manifest and images
# - name: Purge unused docker manifests and images
# cron: '0 55 23 * * ?'
# typeId: "repository.docker.gc"
# task_alert_email: [email protected] # optional
# taskProperties:
# repositoryName: "*" # * for all repos. Change to a repository name if you only want a specific one
# # Example task to purge incomplete docker uploads
# - name: Purge incomplete docker uploads
# cron: '0 0 0 * * ?'
# typeId: "repository.docker.upload-purge"
# task_alert_email: [email protected] # optional
# taskProperties:
# age: "24" āĻ¸ā§āĻāĻŋāĻāĻ¸ā§āĻ° āĻāĻ¨ā§āĻ¯āĨ¤ typeId āĻāĻŦāĻ āĻāĻžāĻ¸ā§āĻ āĻ¨āĻŋāĻ°ā§āĻĻāĻŋāĻˇā§āĻtaskProperties/booleanTaskProperties āĻāĻĒāĻ¨āĻŋ āĻšāĻ¯āĻŧ āĻ
āĻ¨ā§āĻŽāĻžāĻ¨ āĻāĻ°āĻ¤ā§ āĻĒāĻžāĻ°ā§āĻ¨:
- āĻāĻžāĻāĻž āĻāĻžāĻāĻĒ āĻ
āĻ¨ā§āĻā§āĻ°āĻŽ āĻĨā§āĻā§
org.sonatype.nexus.scheduling.TaskDescriptorSupport - āĻāĻĒāĻ¨āĻžāĻ° āĻŦā§āĻ°āĻžāĻāĻāĻžāĻ°ā§ HTML āĻāĻžāĻ¸ā§āĻ āĻ¤ā§āĻ°āĻŋāĻ° āĻĢāĻ°ā§āĻŽ āĻĒāĻ°ā§āĻā§āĻˇāĻž āĻāĻ°āĻž āĻšāĻā§āĻā§
- āĻŽā§āĻ¯āĻžāĻ¨ā§āĻ¯āĻŧāĻžāĻ˛āĻŋ āĻāĻāĻāĻŋ āĻāĻžāĻ¸ā§āĻ āĻ¸ā§āĻ āĻāĻĒ āĻāĻ°āĻžāĻ° āĻ¸āĻŽāĻ¯āĻŧ āĻŦā§āĻ°āĻžāĻāĻāĻžāĻ°ā§ AJAX āĻ āĻ¨ā§āĻ°ā§āĻ§āĻā§āĻ˛āĻŋ āĻĻā§āĻāĻž āĻĨā§āĻā§āĨ¤
āĻāĻžāĻ¸ā§āĻā§āĻ° āĻŦā§āĻļāĻŋāĻˇā§āĻā§āĻ¯āĻā§āĻ˛āĻŋāĻā§ āĻ¤āĻžāĻĻā§āĻ° āĻĒā§āĻ°āĻāĻžāĻ°ā§āĻ° āĻāĻĒāĻ° āĻ¨āĻŋāĻ°ā§āĻāĻ° āĻāĻ°ā§ āĻ¸āĻ āĻŋāĻ yaml āĻŦā§āĻ˛āĻā§ āĻā§āĻˇāĻŖāĻž āĻāĻ°āĻ¤ā§ āĻšāĻŦā§:
taskPropertiesāĻ¸āĻŽāĻ¸ā§āĻ¤ āĻ¸ā§āĻā§āĻ°āĻŋāĻ āĻŦā§āĻļāĻŋāĻˇā§āĻā§āĻ¯ā§āĻ° āĻāĻ¨ā§āĻ¯ (āĻ¯ā§āĻŽāĻ¨ āĻ¸āĻāĻā§āĻ°āĻšāĻ¸ā§āĻĨāĻ˛ā§āĻ° āĻ¨āĻžāĻŽ, āĻ¸āĻāĻā§āĻ°āĻšāĻ¸ā§āĻĨāĻ˛ā§āĻ° āĻ¨āĻžāĻŽ, āĻ¸āĻŽāĻ¯āĻŧāĻāĻžāĻ˛...)āĨ¤booleanTaskPropertiesāĻ¸āĻŽāĻ¸ā§āĻ¤ āĻ˛āĻāĻŋāĻā§āĻ¯āĻžāĻ˛ āĻŦā§āĻļāĻŋāĻˇā§āĻā§āĻ¯ā§āĻ° āĻāĻ¨ā§āĻ¯ (āĻ āĻ°ā§āĻĨāĻžā§ āĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ āĻ¤ā§āĻ°āĻŋāĻ° āĻāĻžāĻ¸ā§āĻā§āĻ° GUI-āĻ¤ā§ āĻĒā§āĻ°āĻ§āĻžāĻ¨āĻ¤ āĻā§āĻāĻŦāĻā§āĻ¸)āĨ¤
āĻŦā§āĻ¯āĻžāĻāĻāĻĒ
nexus_backup_configure: false
nexus_backup_cron: '0 0 21 * * ?' # See cron expressions definition in nexus create task gui
nexus_backup_dir: '/var/nexus-backup'
nexus_restore_log: '{{ nexus_backup_dir }}/nexus-restore.log'
nexus_backup_rotate: false
nexus_backup_rotate_first: false
nexus_backup_keep_rotations: 4 # Keep 4 backup rotation by default (current + last 3)āĻāĻĒāĻ¨āĻŋ āĻ¸ā§āĻ¯ā§āĻāĻ āĻ¨āĻž āĻāĻ°āĻž āĻĒāĻ°ā§āĻ¯āĻ¨ā§āĻ¤ āĻŦā§āĻ¯āĻžāĻāĻāĻĒ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ° āĻāĻ°āĻž āĻšāĻŦā§ āĻ¨āĻž nexus_backup_configure в true.
āĻāĻ āĻā§āĻˇā§āĻ¤ā§āĻ°ā§, āĻ¨āĻŋāĻ°ā§āĻ§āĻžāĻ°āĻŋāĻ¤ āĻ¸ā§āĻā§āĻ°āĻŋāĻĒā§āĻ āĻāĻžāĻ¸ā§āĻ āĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ā§ āĻāĻžāĻ˛āĻžāĻ¨ā§āĻ° āĻāĻ¨ā§āĻ¯ āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ° āĻāĻ°āĻž āĻšāĻŦā§
āĻ¨āĻŋāĻ°ā§āĻĻāĻŋāĻˇā§āĻ āĻŦā§āĻ¯āĻŦāĻ§āĻžāĻ¨ā§ nexus_backup_cron (āĻĒā§āĻ°āĻ¤āĻŋāĻĻāĻŋāĻ¨ āĻĄāĻŋāĻĢāĻ˛ā§āĻ 21:00)āĨ¤
āĻŦāĻŋāĻ¸ā§āĻ¤āĻžāĻ°āĻŋāĻ¤ āĻāĻžāĻ¨āĻžāĻ° āĻāĻ¨ā§āĻ¯ [āĻāĻ āĻāĻžāĻā§āĻ° āĻāĻ¨ā§āĻ¯ āĻā§āĻ°ā§āĻāĻŋ āĻā§āĻŽāĻĒā§āĻ˛ā§āĻ](templates/backup.groovy.j2) āĻĻā§āĻā§āĻ¨āĨ¤
āĻāĻ āĻ¨āĻŋāĻ°ā§āĻ§āĻžāĻ°āĻŋāĻ¤ āĻāĻžāĻāĻāĻŋ āĻ
āĻ¨ā§āĻ¯āĻĻā§āĻ° āĻĨā§āĻā§ āĻ¸ā§āĻŦāĻžāĻ§ā§āĻ¨ nexus_scheduled_tasksāĻ¯āĻž āĻāĻĒāĻ¨āĻŋ
āĻāĻĒāĻ¨āĻžāĻ° āĻĒā§āĻ˛ā§āĻŦā§āĻā§ āĻā§āĻˇāĻŖāĻž āĻāĻ°ā§āĻ¨āĨ¤
āĻāĻĒāĻ¨āĻŋ āĻ¯āĻĻāĻŋ āĻŦā§āĻ¯āĻžāĻāĻāĻĒāĻā§āĻ˛āĻŋ āĻā§āĻ°āĻžāĻ¤ā§/āĻŽā§āĻāĻ¤ā§ āĻāĻžāĻ¨ āĻ¤āĻŦā§ āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°ā§āĻ¨ nexus_backup_rotate: true āĻāĻŦāĻ āĻāĻĒāĻ¨āĻŋ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°ā§ āĻ¸āĻāĻ°āĻā§āĻˇāĻŖ āĻāĻ°āĻ¤ā§ āĻāĻžāĻ¨ āĻŦā§āĻ¯āĻžāĻāĻāĻĒ āĻ¸āĻāĻā§āĻ¯āĻž āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ° āĻāĻ°ā§āĻ¨ nexus_backup_keep_rotations (āĻĄāĻŋāĻĢāĻ˛ā§āĻ 4)āĨ¤
āĻā§āĻ°ā§āĻŖāĻ¨ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°āĻžāĻ° āĻ¸āĻŽāĻ¯āĻŧ, āĻāĻĒāĻ¨āĻŋ āĻ¯āĻĻāĻŋ āĻŦā§āĻ¯āĻžāĻāĻāĻĒ āĻĒā§āĻ°āĻā§āĻ°āĻŋāĻ¯āĻŧāĻž āĻāĻ˛āĻžāĻāĻžāĻ˛ā§āĻ¨ āĻ
āĻ¤āĻŋāĻ°āĻŋāĻā§āĻ¤ āĻĄāĻŋāĻ¸ā§āĻ āĻ¸ā§āĻĨāĻžāĻ¨ āĻ¸āĻāĻ°āĻā§āĻˇāĻŖ āĻāĻ°āĻ¤ā§ āĻāĻžāĻ¨,
āĻāĻĒāĻ¨āĻŋ āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°āĻ¤ā§ āĻĒāĻžāĻ°ā§āĻ¨ nexus_backup_rotate_first: true. āĻāĻāĻŋ āĻŦā§āĻ¯āĻžāĻāĻāĻĒā§āĻ° āĻāĻā§ āĻĒā§āĻ°āĻžāĻ-āĻā§āĻ°ā§āĻŖāĻ¨/āĻŽā§āĻāĻž āĻāĻ¨āĻĢāĻŋāĻāĻžāĻ° āĻāĻ°āĻŦā§āĨ¤ āĻĄāĻŋāĻĢāĻ˛ā§āĻāĻ°ā§āĻĒā§, āĻŦā§āĻ¯āĻžāĻāĻāĻĒ āĻ¤ā§āĻ°āĻŋ āĻšāĻāĻ¯āĻŧāĻžāĻ° āĻĒāĻ°ā§ āĻā§āĻ°ā§āĻŖāĻ¨ āĻāĻā§āĨ¤ āĻĻāĻ¯āĻŧāĻž āĻāĻ°ā§ āĻ¨ā§āĻ āĻāĻ°ā§āĻ¨ āĻ¯ā§ āĻāĻ āĻā§āĻˇā§āĻ¤ā§āĻ°ā§ āĻĒā§āĻ°āĻžāĻ¨ā§ āĻŦā§āĻ¯āĻžāĻāĻāĻĒāĻā§āĻ˛āĻŋ
āĻŦāĻ°ā§āĻ¤āĻŽāĻžāĻ¨ āĻŦā§āĻ¯āĻžāĻāĻāĻĒ āĻ¤ā§āĻ°āĻŋ āĻšāĻāĻ¯āĻŧāĻžāĻ° āĻāĻā§ āĻŽā§āĻā§ āĻĢā§āĻ˛āĻž āĻšāĻŦā§āĨ¤
āĻĒā§āĻ¨āĻ°ā§āĻĻā§āĻ§āĻžāĻ°ā§āĻ° āĻĒāĻĻā§āĻ§āĻ¤āĻŋ
āĻĒā§āĻ¯āĻžāĻ°āĻžāĻŽāĻŋāĻāĻžāĻ° āĻ¸āĻš āĻĒā§āĻ˛ā§āĻŦā§āĻ āĻāĻžāĻ˛āĻžāĻ¨ -e nexus_restore_point=<YYYY-MM-dd-HH-mm-ss>
(āĻāĻĻāĻžāĻšāĻ°āĻŖāĻ¸ā§āĻŦāĻ°ā§āĻĒ, 2017-12-17-21-00-00 17 āĻĄāĻŋāĻ¸ā§āĻŽā§āĻŦāĻ°, 2017 āĻāĻ° āĻāĻ¨ā§āĻ¯ 21:00 āĻ
āĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ āĻ¸āĻ°āĻžāĻ¨ā§ āĻšāĻā§āĻā§
āĻ¸āĻ¤āĻ°ā§āĻāĻ¤āĻž: āĻāĻāĻŋ āĻāĻĒāĻ¨āĻžāĻ° āĻŦāĻ°ā§āĻ¤āĻŽāĻžāĻ¨ āĻĄā§āĻāĻž āĻ¸āĻŽā§āĻĒā§āĻ°ā§āĻŖāĻ°ā§āĻĒā§ āĻŽā§āĻā§ āĻĢā§āĻ˛āĻŦā§āĨ¤ āĻĒā§āĻ°āĻ¯āĻŧā§āĻāĻ¨ā§ āĻāĻā§ āĻŦā§āĻ¯āĻžāĻāĻāĻĒ āĻāĻ°āĻ¤ā§ āĻā§āĻ˛āĻŦā§āĻ¨ āĻ¨āĻž
āĻāĻāĻāĻŋ āĻĒāĻ°āĻŋāĻŦāĻ°ā§āĻ¤āĻ¨āĻļā§āĻ˛ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°ā§āĻ¨ nexus_purgeāĻ¯āĻĻāĻŋ āĻāĻĒāĻ¨āĻžāĻā§ āĻ¸ā§āĻā§āĻ°ā§āĻ¯āĻžāĻ āĻĨā§āĻā§ āĻĒā§āĻ¨āĻ°āĻžāĻ¯āĻŧ āĻāĻžāĻ˛ā§ āĻāĻ°āĻ¤ā§ āĻšāĻ¯āĻŧ āĻāĻŦāĻ āĻ¸āĻŽāĻ¸ā§āĻ¤ āĻĄā§āĻāĻž āĻ¸āĻ°āĻŋāĻ¯āĻŧā§ āĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ āĻāĻ¨āĻ¸ā§āĻā§āĻ¯āĻžāĻ¨ā§āĻ¸ āĻĒā§āĻ¨āĻ°āĻžāĻ¯āĻŧ āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°āĻ¤ā§ āĻšāĻ¯āĻŧāĨ¤
ansible-playbook -i your/inventory.ini your_nexus_playbook.yml -e nexus_purge=trueāĻĒā§āĻ°āĻĨāĻŽ āĻāĻ¨āĻ¸ā§āĻāĻ˛ā§āĻļāĻ¨ā§āĻ° āĻĒāĻ°ā§ āĻĒā§āĻ°āĻļāĻžāĻ¸āĻā§āĻ° āĻĒāĻžāĻ¸āĻāĻ¯āĻŧāĻžāĻ°ā§āĻĄ āĻĒāĻ°āĻŋāĻŦāĻ°ā§āĻ¤āĻ¨ āĻāĻ°ā§āĻ¨
nexus_default_admin_password: 'admin123'āĻāĻāĻŋ āĻāĻĒāĻ¨āĻžāĻ° āĻĒā§āĻ˛ā§āĻŦā§āĻā§ āĻĒāĻ°āĻŋāĻŦāĻ°ā§āĻ¤āĻ¨ āĻāĻ°āĻž āĻāĻāĻŋāĻ¤ āĻ¨āĻ¯āĻŧ. āĻāĻ āĻā§āĻ°āĻŋāĻ¯āĻŧā§āĻŦāĻ˛āĻāĻŋ āĻĒā§āĻ°āĻĨāĻŽ āĻāĻ¨āĻ¸ā§āĻāĻ˛ āĻāĻ°āĻžāĻ° āĻ¸āĻŽāĻ¯āĻŧ āĻĄāĻŋāĻĢāĻ˛ā§āĻ āĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ āĻ
ā§āĻ¯āĻžāĻĄāĻŽāĻŋāĻ¨ āĻĒāĻžāĻ¸āĻāĻ¯āĻŧāĻžāĻ°ā§āĻĄ āĻĻāĻŋāĻ¯āĻŧā§ āĻ¤ā§āĻ°āĻŋ āĻāĻ°āĻž āĻšāĻ¯āĻŧ āĻāĻŦāĻ āĻ¨āĻŋāĻļā§āĻāĻŋāĻ¤ āĻāĻ°ā§ āĻ¯ā§ āĻāĻŽāĻ°āĻž āĻ
ā§āĻ¯āĻžāĻĄāĻŽāĻŋāĻ¨ āĻĒāĻžāĻ¸āĻāĻ¯āĻŧāĻžāĻ°ā§āĻĄ āĻĒāĻ°āĻŋāĻŦāĻ°ā§āĻ¤āĻ¨ āĻāĻ°āĻ¤ā§ āĻĒāĻžāĻ°āĻŋ nexus_admin_password.
āĻāĻĒāĻ¨āĻŋ āĻ¯āĻĻāĻŋ āĻĒā§āĻ°āĻĨāĻŽ āĻāĻ¨āĻ¸ā§āĻāĻ˛ā§āĻļāĻ¨ā§āĻ° āĻĒāĻ°ā§ āĻĒā§āĻ°āĻļāĻžāĻ¸āĻā§āĻ° āĻĒāĻžāĻ¸āĻāĻ¯āĻŧāĻžāĻ°ā§āĻĄ āĻĒāĻ°āĻŋāĻŦāĻ°ā§āĻ¤āĻ¨ āĻāĻ°āĻ¤ā§ āĻāĻžāĻ¨ āĻ¤āĻŦā§ āĻāĻĒāĻ¨āĻŋ āĻ
āĻ¸ā§āĻĨāĻžāĻ¯āĻŧā§āĻāĻžāĻŦā§ āĻāĻāĻŋāĻā§ āĻāĻŽāĻžāĻ¨ā§āĻĄ āĻ˛āĻžāĻāĻ¨ āĻĨā§āĻā§ āĻĒā§āĻ°āĻžāĻ¨ā§ āĻĒāĻžāĻ¸āĻāĻ¯āĻŧāĻžāĻ°ā§āĻĄā§ āĻĒāĻ°āĻŋāĻŦāĻ°ā§āĻ¤āĻ¨ āĻāĻ°āĻ¤ā§ āĻĒāĻžāĻ°ā§āĻ¨āĨ¤ āĻĒāĻ°āĻŋāĻŦāĻ°ā§āĻ¤āĻ¨ā§āĻ° āĻĒāĻ° nexus_admin_password āĻāĻĒāĻ¨āĻžāĻ° āĻĒā§āĻ˛ā§āĻŦā§āĻā§ āĻāĻĒāĻ¨āĻŋ āĻāĻžāĻ˛āĻžāĻ¤ā§ āĻĒāĻžāĻ°ā§āĻ¨:
ansible-playbook -i your/inventory.ini your_playbook.yml -e nexus_default_admin_password=oldPasswordāĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ āĻ¸ā§āĻ¨āĻžāĻāĻžāĻāĻĒā§ āĻā§āĻ˛āĻŋāĻā§āĻ°āĻžāĻŽ āĻā§āĻ¯āĻžāĻ¨ā§āĻ˛:
āĻļā§āĻ§ā§āĻŽāĻžāĻ¤ā§āĻ° āĻ¨āĻŋāĻŦāĻ¨ā§āĻ§āĻŋāĻ¤ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ°āĻāĻžāĻ°ā§āĻ°āĻž āĻāĻ°āĻŋāĻĒā§ āĻ āĻāĻļāĻā§āĻ°āĻšāĻŖ āĻāĻ°āĻ¤ā§ āĻĒāĻžāĻ°āĻŦā§āĻ¨āĨ¤ āĻāĻ°ā§āĻ¨āĨ¤
āĻāĻĒāĻ¨āĻŋ āĻāĻŋ āĻāĻ°ā§āĻāĻŋāĻĢā§āĻ¯āĻžāĻā§āĻ āĻ¸āĻāĻā§āĻ°āĻšāĻ¸ā§āĻĨāĻ˛ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ° āĻāĻ°ā§āĻ¨?
-
āĻ¸ā§āĻ¨āĻžāĻāĻžāĻāĻĒ āĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ āĻŦāĻŋāĻ¨āĻžāĻŽā§āĻ˛ā§āĻ¯ā§
-
āĻ¸ā§āĻ¨āĻžāĻāĻžāĻāĻĒ āĻ¨ā§āĻā§āĻ¸āĻžāĻ¸ āĻ āĻ°ā§āĻĨāĻĒā§āĻ°āĻĻāĻžāĻ¨ āĻāĻ°ā§āĻā§
-
āĻāĻ°ā§āĻāĻŋāĻĢā§āĻ¯āĻžāĻā§āĻāĻ°āĻŋ āĻŦāĻŋāĻ¨āĻžāĻŽā§āĻ˛ā§āĻ¯ā§
-
āĻā§āĻ¤ā§āĻ°āĻŋāĻŽ āĻ āĻ°ā§āĻĨ āĻĒā§āĻ°āĻĻāĻžāĻ¨
-
āĻāĻļā§āĻ°āĻ¯āĻŧ
-
āĻ¸āĻā§āĻāĻž
9 āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ°āĻāĻžāĻ°ā§ āĻā§āĻ āĻĻāĻŋāĻ¯āĻŧā§āĻā§āĻ¨āĨ¤ 3 āĻāĻ¨ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ°āĻāĻžāĻ°ā§ āĻŦāĻŋāĻ°āĻ¤ āĻāĻŋāĻ˛ā§āĻ¨āĨ¤
āĻāĻ¤ā§āĻ¸: www.habr.com