Tha Sonatype Nexus na à rd-Úrlar aonaichte tro am faod luchd-leasachaidh eisimeileachd Java (Maven), Docker, Python, Ruby, NPM, Bower, pasganan RPM, gitlfs, Apt, Go, Nuget, agus an tèarainteachd bathar-bog a sgaoileadh.
Carson a tha feum agad air Sonatype Nexus?
- Airson stuthan prÏobhaideach a stòradh;
- Airson caching artifacts a thèid a luchdachadh sÏos bhon eadar-lÏn;
Artifacts le taic ann am pasgan bunaiteach Sonatype Nexus:
- Java, Maven (jar)
- Docker
- Python (pip)
- Rubaidh (gem)
- NPM
- BĂ gair
- Yum (rpm)
- gitlfs
- Raw
- Apt (deb)
- Go
- Nuget
Artifacts le taic coimhearsnachd:
- sgrĂŹobhadh
- Conan
- CPAN
- ELPA
- Helm
- P2
- R
A 'stĂ ladh Sonatype Nexus a' cleachdadh
riatanasan
- Leugh mu bhith aâ cleachdadh ansible air an eadar-lĂŹn.
- StĂ ladh iomchaidh
pip install ansibleair an ionad-obrach far a bheil an leabhar-cluiche a' ruith. - StĂ laich air an ionad-obrach far a bheil an leabhar-cluiche a' ruith.
- StĂ laich air an ionad-obrach far a bheil an leabhar-cluiche a' ruith.
- Chaidh an dreuchd seo a dhearbhadh air CentOS 7, Ubuntu Xenial (16.04) agus Bionic (18.04), Debian Jessie agus Stretch
jmespathFeumaidh an leabharlann a bhith air a chuir a-steach air an ionad-obrach far a bheil an leabhar-cluiche aâ ruith. Gus a stĂ ladh:sudo pip install -r requirements.txt- SĂ bhail am faidhle leabhar-cluiche (eisimpleir gu h-ĂŹosal) gu faidhle nexus.yml
- Ruith stĂ ladh nexus
ansible-playbook -i host nexus.yml
Eisimpleir leabhar-cluiche freagarrach airson a bhith aâ stĂ ladh nexus Ă s aonais LDAP le stòran Maven (java), Docker, Python, Ruby, NPM, Bower, RPM agus gitlfs.
---
- name: Nexus
hosts: nexus
become: yes
vars:
nexus_timezone: 'Asia/Omsk'
nexus_admin_password: "admin123"
nexus_public_hostname: 'apatsev-nexus-playbook'
httpd_setup_enable: false
nexus_privileges:
- name: all-repos-read
description: 'Read & Browse access to all repos'
repository: '*'
actions:
- read
- browse
- name: company-project-deploy
description: 'Deployments to company-project'
repository: company-project
actions:
- add
- edit
nexus_roles:
- id: Developpers # maps to the LDAP group
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
- company-project-deploy
roles: []
nexus_local_users:
- username: jenkins # used as key to update
first_name: Jenkins
last_name: CI
email: support@company.com
password: "s3cr3t"
roles:
- Developpers # role ID here
nexus_blobstores:
- name: company-artifacts
path: /var/nexus/blobs/company-artifacts
nexus_scheduled_tasks:
- name: compact-blobstore
cron: '0 0 22 * * ?'
typeId: blobstore.compact
taskProperties:
blobstoreName: 'company-artifacts'
nexus_repos_maven_proxy:
- name: central
remote_url: 'https://repo1.maven.org/maven2/'
layout_policy: permissive
- name: jboss
remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
- name: vaadin-addons
remote_url: 'https://maven.vaadin.com/vaadin-addons/'
- name: jaspersoft
remote_url: 'https://jaspersoft.artifactoryonline.com/jaspersoft/jaspersoft-repo/'
version_policy: mixed
nexus_repos_maven_hosted:
- name: company-project
version_policy: mixed
write_policy: allow
blob_store: company-artifacts
nexus_repos_maven_group:
- name: public
member_repos:
- central
- jboss
- vaadin-addons
- jaspersoft
# Yum. Change nexus_config_yum to true for create yum repository
nexus_config_yum: true
nexus_repos_yum_hosted:
- name: private_yum_centos_7
repodata_depth: 1
nexus_repos_yum_proxy:
- name: epel_centos_7_x86_64
remote_url: http://download.fedoraproject.org/pub/epel/7/x86_64
maximum_component_age: -1
maximum_metadata_age: -1
negative_cache_ttl: 60
- name: centos-7-os-x86_64
remote_url: http://mirror.centos.org/centos/7/os/x86_64/
maximum_component_age: -1
maximum_metadata_age: -1
negative_cache_ttl: 60
nexus_repos_yum_group:
- name: yum_all
member_repos:
- private_yum_centos_7
- epel_centos_7_x86_64
# NPM. Change nexus_config_npm to true for create npm repository
nexus_config_npm: true
nexus_repos_npm_hosted: []
nexus_repos_npm_group:
- name: npm-public
member_repos:
- npm-registry
nexus_repos_npm_proxy:
- name: npm-registry
remote_url: https://registry.npmjs.org/
negative_cache_enabled: false
# Docker. Change nexus_config_docker to true for create docker repository
nexus_config_docker: true
nexus_repos_docker_hosted:
- name: docker-hosted
http_port: "{{ nexus_docker_hosted_port }}"
v1_enabled: True
nexus_repos_docker_proxy:
- name: docker-proxy
http_port: "{{ nexus_docker_proxy_port }}"
v1_enabled: True
index_type: "HUB"
remote_url: "https://registry-1.docker.io"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_docker_group:
- name: docker-group
http_port: "{{ nexus_docker_group_port }}"
v1_enabled: True
member_repos:
- docker-hosted
- docker-proxy
# Bower. Change nexus_config_bower to true for create bower repository
nexus_config_bower: true
nexus_repos_bower_hosted:
- name: bower-hosted
nexus_repos_bower_proxy:
- name: bower-proxy
index_type: "proxy"
remote_url: "https://registry.bower.io"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_bower_group:
- name: bower-group
member_repos:
- bower-hosted
- bower-proxy
# Pypi. Change nexus_config_pypi to true for create pypi repository
nexus_config_pypi: true
nexus_repos_pypi_hosted:
- name: pypi-hosted
nexus_repos_pypi_proxy:
- name: pypi-proxy
index_type: "proxy"
remote_url: "https://pypi.org/"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_pypi_group:
- name: pypi-group
member_repos:
- pypi-hosted
- pypi-proxy
# rubygems. Change nexus_config_rubygems to true for create rubygems repository
nexus_config_rubygems: true
nexus_repos_rubygems_hosted:
- name: rubygems-hosted
nexus_repos_rubygems_proxy:
- name: rubygems-proxy
index_type: "proxy"
remote_url: "https://rubygems.org"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_rubygems_group:
- name: rubygems-group
member_repos:
- rubygems-hosted
- rubygems-proxy
# gitlfs. Change nexus_config_gitlfs to true for create gitlfs repository
nexus_config_gitlfs: true
nexus_repos_gitlfs_hosted:
- name: gitlfs-hosted
roles:
- { role: geerlingguy.java }
# Debian/Ubuntu only
# - { role: geerlingguy.apache, apache_create_vhosts: no, apache_mods_enabled: ["proxy_http.load", "headers.load"], apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
# RedHat/CentOS only
- { role: geerlingguy.apache, apache_create_vhosts: no, apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
- { role: ansible-thoteam.nexus3-oss, tags: ['ansible-thoteam.nexus3-oss'] }Dealbhan-sgrĂŹn:
Dreuchdan caochlaideach
Caochlaidhean dreuchd
Caochlaidhean le luachan bunaiteach (faic default/main.yml):
Caochladairean coitcheann
nexus_version: ''
nexus_timezone: 'UTC'Gu gnĂ thach, stĂ laidhidh an dreuchd an dreach as Ăšire de Nexus a tha ri fhaighinn. Faodaidh tu an dreach a chĂ radh le bhith ag atharrachadh an caochladair nexus_version. Faic na dreachan a tha rim faighinn aig .
Ma dh'atharraicheas tu gu tionndadh nas Ăšire, feuchaidh an dreuchd ris an stĂ ladh Nexus agad Ăšrachadh.
Ma tha thu a âcleachdadh dreach nas sine de Nexus na an fheadhainn as Ăšire, bu chòir dhut dèanamh cinnteach nach eil thu aâ cleachdadh feartan nach eil rim faighinn san fhoillseachadh stĂ laichte (mar eisimpleir, tha aoigheachd stòran yum ri fhaighinn airson nexus nas motha na 3.8.0, git lfs repo airson nexus nas motha na 3.3.0 msaa.)
nexus timezone an t-ainm a thâ air sòn Ăšine Java, a dhâ fhaodadh a bhith feumail còmhla ris na h-abairtean cron a leanas airson gnĂŹomhan nexus_scheduled.
Port Nexus agus slighe co-theacsa
nexus_default_port: 8081
nexus_default_context_path: '/'Port agus slighe co-theacsa pròiseas ceangail Java. nexus_default_context_path feumaidh slais air adhart a bhith ann nuair a thèid a shuidheachadh, m.e.: nexus_default_context_path: '/nexus/'.
Cleachdaiche agus Buidheann Nexus OS
nexus_os_group: 'nexus'
nexus_os_user: 'nexus'Bidh an neach-cleachdaidh agus a 'bhuidheann a' sealbhachadh faidhlichean Nexus agus a 'ruith na seirbheis air a chruthachadh leis an dreuchd ma tha fear a dhĂŹth.
nexus_os_user_home_dir: '/home/nexus'Leig leis an eòlaire dachaigh bunaiteach atharrachadh airson an neach-cleachdaidh nexus
ClĂ r-innse eisimpleirean Nexus
nexus_installation_dir: '/opt'
nexus_data_dir: '/var/nexus'
nexus_tmp_dir: "{{ (ansible_os_family == 'RedHat') | ternary('/var/nexus-tmp', '/tmp/nexus') }}"Nexus catalogs.
nexus_installation_dirtha faidhlichean so-ghnĂŹomhaichte stĂ laichte annnexus_data_diranns a bheil a h-uile rèiteachadh, stòr agus artifact a chaidh a luchdachadh sĂŹos. Slighean blobstore gnĂ thaichtenexus_data_dirfaodar a ghnĂ thachadh, faic gu h-ĂŹosalnexus_blobstores.nexus_tmp_dirtha a h-uile faidhle sealach ann. Chaidh an t-slighe bhunaiteach airson redhat a ghluasad bho/tmpgus faighinn thairis air duilgheadasan a dhâ fhaodadh a bhith ann le modhan glanaidh fèin-ghluasadach. Faic #168.
Aâ rèiteachadh cleachdadh cuimhne Nexus JVM
nexus_min_heap_size: "1200M"
nexus_max_heap_size: "{{ nexus_min_heap_size }}"
nexus_max_direct_memory: "2G"Is iad seo na roghainnean bunaiteach airson Nexus. Feuch nach atharraich thu na luachan sin Mura h-eil thu air leughadh agus nach 'eil iad a' tuigsinn ciod a tha iad a' deanamh.
Mar dhĂ rna rabhadh, seo earrann bhon sgrĂŹobhainn gu h-Ă rd:
Chan eilear aâ moladh cuimhne cruachan JVM a mheudachadh nas fhaide na na luachan a chaidh a mholadh ann an oidhirp coileanadh a leasachadh. Dhâ fhaodadh aâ bhuaidh eile a bhith aig seo, aâ leantainn gu obair neo-riatanach airson an t-siostam-obrachaidh.
Am facal-faire rianaire
nexus_admin_password: 'changeme'Am facal-faire cunntais âadminâ airson an stèidheachadh. Chan obraich seo ach air aâ chiad stĂ ladh bunaiteach. Feuch an toir thu sĂšil air [Atharraich am facal-faire rianachd Ă s deidh aâ chiad stĂ ladh] (# change-admin-password-after-first-install) ma tha thu airson atharrachadh nas fhaide air adhart aâ cleachdadh dreuchd.
Thathas aâ moladh gu lĂ idir gun a bhith aâ stòradh am facal-faire agad ann an teacsa shoilleir san leabhar-cluiche, ach a bhith aâ cleachdadh [crioptachadh ansible-vault] () (an dĂ rna cuid in-loidhne no ann am faidhle air leth air a luchdachadh le m.e. include_vars)
Ruigsinneachd gun urra gu bunaiteach
nexus_anonymous_access: falseTha inntrigeadh gun urra Ă comas gu bunaiteach. Leugh tuilleadh mu dheidhinn .
Ainm aoigheachd poblach
nexus_public_hostname: 'nexus.vm'
nexus_public_scheme: httpsAn t-ainm agus an sgeama à rainn là n-teisteanasach (https no http) fo am bi an eisimpleir Nexus ri fhaighinn don luchd-dèiligidh aige.
Cothrom API airson na dreuchd seo
nexus_api_hostname: localhost
nexus_api_scheme: http
nexus_api_validate_certs: "{{ nexus_api_scheme == 'https' }}"
nexus_api_context_path: "{{ nexus_default_context_path }}"
nexus_api_port: "{{ nexus_default_port }}"Bidh na caochladairean sin aâ cumail smachd air mar a tha an dreuchd aâ ceangal ris an API Nexus airson solar.
Airson luchd-cleachdaidh adhartach a-mhà in. Is dòcha nach eil thu airson na roghainnean bunaiteach seo atharrachadh
A' stèidheachadh neach-ionaid cÚil
httpd_setup_enable: false
httpd_server_name: "{{ nexus_public_hostname }}"
httpd_default_admin_email: "admin@example.com"
httpd_ssl_certificate_file: 'files/nexus.vm.crt'
httpd_ssl_certificate_key_file: 'files/nexus.vm.key'
# httpd_ssl_certificate_chain_file: "{{ httpd_ssl_certificate_file }}"
httpd_copy_ssl_files: trueStĂ laich .
Gus seo a dhèanamh feumaidh tu httpd a stà ladh. Nota: cuin airson httpd_setup_enable luach suidhichtetrue, nexus fios 127.0.0.1:8081, mar sin chan eil a bhith ruigsinneach gu dÏreach tro phort HTTP 8081 bhon t-seòladh IP taobh a-muigh.
Is e an t-ainm aoigheachd bunaiteach a chleachdar nexus_public_hostname. Ma tha feum agad air ainmean eadar-dhealaichte airson adhbhar air choireigin, faodaidh tu suidheachadh httpd_server_name le ciall eadar-dhealaichte.
Х httpd_copy_ssl_files: true (gu gnà thach) bu chòir na teisteanasan gu h-à rd a bhith ann an eòlaire an leabhar-cluiche agad agus thèid an lethbhreacadh chun an fhrithealaiche agus an rèiteachadh ann an apache.
Ma tha thu airson teisteanasan gnĂ thaichte a chleachdadh air an fhrithealaiche, stĂ laich httpd_copy_ssl_files: false agus thoir seachad na caochladairean a leanas:
# These specifies to the vhost where to find on the remote server file
# system the certificate files.
httpd_ssl_cert_file_location: "/etc/pki/tls/certs/wildcard.vm.crt"
httpd_ssl_cert_key_location: "/etc/pki/tls/private/wildcard.vm.key"
# httpd_ssl_cert_chain_file_location: "{{ httpd_ssl_cert_file_location }}"httpd_ssl_cert_chain_file_location tha e roghainneil agus bu chòir a bhith air fhà gail neo-sheasmhach mura h-eil thu airson am faidhle slabhraidh a ghnà thachadh
httpd_default_admin_email: "admin@example.com"Suidhich an seòladh puist-d admin bunaiteach
Rèiteachadh LDAP
Tha ceanglaichean LDAP agus raon tèarainteachd à comas gu bunaiteach
nexus_ldap_realm: false
ldap_connections: [], tha gach eileamaid aâ coimhead mar seo:
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'My Company LDAP' # used as a key to update the ldap config
ldap_protocol: 'ldaps' # ldap or ldaps
ldap_hostname: 'ldap.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false # Wether or not to use certs in the nexus trust store
ldap_search_base: 'dc=mycompany,dc=net'
ldap_auth: 'none' # or simple
ldap_auth_username: 'username' # if auth = simple
ldap_auth_password: 'password' # if auth = simple
ldap_user_base_dn: 'ou=users'
ldap_user_filter: '(cn=*)' # (optional)
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_subtree: false
ldap_map_groups_as_roles: false
ldap_group_base_dn: 'ou=groups'
ldap_group_object_class: 'posixGroup'
ldap_group_id_attribute: 'cn'
ldap_group_member_attribute: 'memberUid'
ldap_group_member_format: '${username}'
ldap_group_subtree: falseEisimpleir de rèiteachadh LDAP airson dearbhadh gun urra (ceangal gun urra), tha seo cuideachd na rèiteachadh âas ĂŹsleâ:
nexus_ldap_realm: true
ldap_connection:
- ldap_name: 'Simplest LDAP config'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_search_base: 'dc=mycompany,dc=net'
ldap_port: 636
ldap_use_trust_store: false
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_object_class: 'inetOrgPerson'Eisimpleir de rèiteachadh LDAP airson dearbhadh sĂŹmplidh (aâ cleachdadh cunntas DSA):
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_subtree: falseEisimpleir de rèiteachadh LDAP airson dearbhadh sĂŹmplidh (aâ cleachdadh cunntas DSA) + buidhnean air am mapadh mar dhleastanasan:
nexus_ldap_realm: true
ldap_connections
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_map_groups_as_roles: true
ldap_group_base_dn: 'ou=groups'
ldap_group_object_class: 'groupOfNames'
ldap_group_id_attribute: 'cn'
ldap_group_member_attribute: 'member'
ldap_group_member_format: 'uid=${username},ou=users,dc=mycompany,dc=net'
ldap_group_subtree: falseEisimpleir de rèiteachadh LDAP airson dearbhadh sĂŹmplidh (aâ cleachdadh cunntas DSA) + buidhnean air am mapadh gu dinamach mar dhleastanasan:
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_map_groups_as_roles: true
ldap_map_groups_as_roles_type: 'dynamic'
ldap_user_memberof_attribute: 'memberOf'Sochairean
nexus_privileges:
- name: all-repos-read # used as key to update a privilege
# type: <one of application, repository-admin, repository-content-selector, repository-view, script or wildcard>
description: 'Read & Browse access to all repos'
repository: '*'
actions: # can be add, browse, create, delete, edit, read or * (all)
- read
- browse
# pattern: pattern
# domain: domain
# script_name: nameLiosta de airson roghainnean. Thoir sĂšil air na sgrĂŹobhainnean agus GUI gus faighinn a-mach dè na caochladairean a dhâ fheumar a shuidheachadh a rèir an seòrsa sochair.
Tha na h-eileamaidean sin air an cur còmhla ris na luachan bunaiteach a leanas:
_nexus_privilege_defaults:
type: repository-view
format: maven2
actions:
- readDreuchdan (taobh a-staigh Nexus tha seo a 'ciallachadh)
nexus_roles:
- id: Developpers # can map to a LDAP group id, also used as a key to update a role
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
roles: [] # references to other role namesLiosta de airson roghainnean.
Luchd-cleachdaidh
nexus_local_users: []
# - username: jenkins # used as key to update
# state: present # default value if ommited, use 'absent' to remove user
# first_name: Jenkins
# last_name: CI
# email: support@company.com
# password: "s3cr3t"
# roles:
# - developers # role IDLiosta luchd-cleachdaidh / cunntasan ionadail (neo-LDAP) ri chruthachadh ann an nexus.
Liosta de luchd-cleachdaidh / cunntasan ionadail (neo-LDAP) ri chruthachadh ann an Nexus.
nexus_ldap_users: []
# - username: j.doe
# state: present
# roles:
# - "nx-admin"Ldap aâ mapadh luchd-cleachdaidh/dreuchdan. StĂ ite absent bheir e air falbh dreuchdan bho chleachdaiche a tha ann ma tha fear ann mu thrĂ th.
Chan eil luchd-cleachdaidh ldap air an sguabadh Ă s. Ma dhâ fheuchas tu ri dreuchd a shuidheachadh airson neach-cleachdaidh nach eil ann, thig mearachd.
Luchd-taghaidh susbaint
nexus_content_selectors:
- name: docker-login
description: Selector for docker login privilege
search_expression: format=="docker" and path=~"/v2/"Airson tuilleadh fiosrachaidh mun neach-taghaidh susbaint, faic .
Gus an roghnaiche susbaint a chleachdadh, cuir sochair Ăšr ris le type: repository-content-selector agus buntainneachcontentSelector
- name: docker-login-privilege
type: repository-content-selector
contentSelector: docker-login
description: 'Login to Docker registry'
repository: '*'
actions:
- read
- browseBlobstores agus stòran
nexus_delete_default_repos: falseSguab Ă s na tasgaidhean bhon nexus stĂ laich an rèiteachadh bunaiteach tĂšsail. Cha tèid an ceum seo a chuir gu bĂ s ach air stĂ ladh aâ chiad uair (nuair nexus_data_dir air a lorg falamh).
A 'toirt air falbh stòran bhon rèiteachadh bunaiteach airson Nexus. Cha tèid an ceum seo a dhèanamh ach aig aâ chiad stĂ ladh (nuair nexus_data_dir falamh).
nexus_delete_default_blobstore: falseSguab Ă s am blobstore bunaiteach bhon nexus stĂ laich an rèiteachadh bunaiteach tĂšsail. Chan urrainnear seo a dhèanamh ach ma tha nexus_delete_default_repos: true agus tha Ă ite soilleir aig a h-uile ionad-tasgaidh rèiteachaidh (faic gu h-ĂŹosal). blob_store: custom. Cha tèid an ceum seo a chuir gu bĂ s ach air stĂ ladh aâ chiad uair (nuair nexus_data_dir air a lorg falamh).
Tha toirt air falbh stòradh blob (artifacts binary) Ă comas gu bunaiteach bhon rèiteachadh tĂšsail. Gus stòradh blob a thoirt air falbh (artifacts binary), cuir dheth nexus_delete_default_repos: true. Cha tèid an ceum seo a dhèanamh ach aig aâ chiad stĂ ladh (nuair nexus_data_dir falamh).
nexus_blobstores: []
# example blobstore item :
# - name: separate-storage
# type: file
# path: /mnt/custom/path
# - name: s3-blobstore
# type: S3
# config:
# bucket: s3-blobstore
# accessKeyId: "{{ VAULT_ENCRYPTED_KEY_ID }}"
# secretAccessKey: "{{ VAULT_ENCRYPTED_ACCESS_KEY }}"a chruthachadh. Chan urrainnear slighe blobstore agus stòr blobstore Úrachadh às deidh an cruthachadh tÚsail (cha tèid Úrachadh sam bith an seo a leigeil seachad nuair a thèid ath-sholarachadh).
Tha rèiteachadh blobstore air S3 air a thoirt seachad mar ghoireas agus chan eil e na phĂ irt de na deuchainnean fèin-ghluasadach a bhios sinn aâ ruith air travis. Thoir an aire nach eilear aâ moladh stòradh air S3 ach airson suidheachaidhean air an cleachdadh air AWS.
Cruthachadh . Chan urrainnear an t-slighe stòraidh agus an stòr-stòraidh Ăšrachadh Ă s deidh aâ chiad chruthachadh (thèid Ăšrachadh sam bith an seo a leigeil seachad nuair a thèid a chuir a-steach a-rithist).
Tha e na ghoireas a bhith aâ stèidheachadh stòradh blobaichean air S3. Thoir an aire nach eilear aâ moladh stòradh S3 ach airson suidheachaidhean air an cleachdadh air AWS.
nexus_repos_maven_proxy:
- name: central
remote_url: 'https://repo1.maven.org/maven2/'
layout_policy: permissive
# maximum_component_age: -1
# maximum_metadata_age: 1440
# negative_cache_enabled: true
# negative_cache_ttl: 1440
- name: jboss
remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
# maximum_component_age: -1
# maximum_metadata_age: 1440
# negative_cache_enabled: true
# negative_cache_ttl: 1440
# example with a login/password :
# - name: secret-remote-repo
# remote_url: 'https://company.com/repo/secure/private/go/away'
# remote_username: 'username'
# remote_password: 'secret'
# # maximum_component_age: -1
# # maximum_metadata_age: 1440
# # negative_cache_enabled: true
# # negative_cache_ttl: 1440Gu h-à rd tha eisimpleir de rèiteachadh Mabhainn.
nexus_repos_maven_hosted:
- name: private-release
version_policy: release
write_policy: allow_once # one of "allow", "allow_once" or "deny"Maven rèiteachadh. Tha rèiteachadh tasgadan à icheil roghainneil agus bidh e bunaiteach dha na luachan gu h-à rd ma thèid an dearmad.
Rèiteachadh Mabhainn. Tha an rèiteachadh tasgadan à icheil (-1) roghainneil agus bidh e bunaiteach dha na luachan gu h-à rd mura h-eil e air a shònrachadh.
nexus_repos_maven_group:
- name: public
member_repos:
- central
- jbossRèiteachadh Mabhainn.
Tha na trÏ seòrsaichean tasgaidh air an cur còmhla ris na luachan bunaiteach a leanas:
_nexus_repos_maven_defaults:
blob_store: default # Note : cannot be updated once the repo has been created
strict_content_validation: true
version_policy: release # release, snapshot or mixed
layout_policy: strict # strict or permissive
write_policy: allow_once # one of "allow", "allow_once" or "deny"
maximum_component_age: -1 # Nexus gui default. For proxies only
maximum_metadata_age: 1440 # Nexus gui default. For proxies only
negative_cache_enabled: true # Nexus gui default. For proxies only
negative_cache_ttl: 1440 # Nexus gui default. For proxies onlySeòrsaichean stòr Docker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFS agus yum:
fhaicinn defaults/main.yml airson na roghainnean seo:
Tha stòran Docker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFS agus yum à comas gu bunaiteach:
Faic defaults/main.yml airson na roghainnean seo:
nexus_config_pypi: false
nexus_config_docker: false
nexus_config_raw: false
nexus_config_rubygems: false
nexus_config_bower: false
nexus_config_npm: false
nexus_config_gitlfs: false
nexus_config_yum: falseThoir an aire gur dòcha gum feum thu cuid de raointean tèarainteachd a chomasachadh ma tha thu airson seòrsachan eile de thasgaidhean a chleachdadh a bharrachd air maven. Tha seo ceà rr gu bunaiteach
nexus_nuget_api_key_realm: false
nexus_npm_bearer_token_realm: false
nexus_docker_bearer_token_realm: false # required for docker anonymous accessFaodar Raon Cleachdaiche Iomallach a chomasachadh le bhith aâ cleachdadh
nexus_rut_auth_realm: trueagus faodar an tiotal a ghnĂ thachadh le bhith aâ mĂŹneachadh
nexus_rut_auth_header: "CUSTOM_HEADER"GnĂŹomhan clĂ raichte
nexus_scheduled_tasks: []
# # Example task to compact blobstore :
# - name: compact-docker-blobstore
# cron: '0 0 22 * * ?'
# typeId: blobstore.compact
# task_alert_email: alerts@example.org # optional
# taskProperties:
# blobstoreName: {{ nexus_blob_names.docker.blob }} # all task attributes are stored as strings by nexus internally
# # Example task to purge maven snapshots
# - name: Purge-maven-snapshots
# cron: '0 50 23 * * ?'
# typeId: repository.maven.remove-snapshots
# task_alert_email: alerts@example.org # optional
# taskProperties:
# repositoryName: "*" # * for all repos. Change to a repository name if you only want a specific one
# minimumRetained: "2"
# snapshotRetentionDays: "2"
# gracePeriodInDays: "2"
# booleanTaskProperties:
# removeIfReleased: true
# # Example task to purge unused docker manifest and images
# - name: Purge unused docker manifests and images
# cron: '0 55 23 * * ?'
# typeId: "repository.docker.gc"
# task_alert_email: alerts@example.org # optional
# taskProperties:
# repositoryName: "*" # * for all repos. Change to a repository name if you only want a specific one
# # Example task to purge incomplete docker uploads
# - name: Purge incomplete docker uploads
# cron: '0 0 0 * * ?'
# typeId: "repository.docker.upload-purge"
# task_alert_email: alerts@example.org # optional
# taskProperties:
# age: "24" airson roghainnean. typeId agus gnÏomh sònraichtetaskProperties/booleanTaskProperties faodaidh tu tomhas an dà rna cuid:
- bhon rangachd seòrsa Java
org.sonatype.nexus.scheduling.TaskDescriptorSupport - thoir sĂšil air an fhoirm cruthachadh gnĂŹomh HTML sa bhrobhsair agad
- bho bhith aâ coimhead air iarrtasan AJAX sa bhrobhsair nuair a bhios tu aâ stèidheachadh gnĂŹomh le lĂ imh.
Feumar feartan gnĂŹomh ainmeachadh anns aâ bhloc yaml ceart a rèir an seòrsa:
taskPropertiesairson a h-uile seilbh sreang (ie ainmean tasgaidh, ainmean tasgaidh, amannan Úine...).booleanTaskPropertiesairson a h-uile seilbh loidsigeach (ie sa mhòr-chuid bogsaichean-seic ann an GUI na h-obrach cruthachaidh nexus).
CĂšl-taic
nexus_backup_configure: false
nexus_backup_cron: '0 0 21 * * ?' # See cron expressions definition in nexus create task gui
nexus_backup_dir: '/var/nexus-backup'
nexus_restore_log: '{{ nexus_backup_dir }}/nexus-restore.log'
nexus_backup_rotate: false
nexus_backup_rotate_first: false
nexus_backup_keep_rotations: 4 # Keep 4 backup rotation by default (current + last 3)Cha tèid cÚl-taic a rèiteachadh gus an atharraich thu nexus_backup_configure в true.
Anns a 'chÚis seo, thèid an obair sgriobt clà raichte a rèiteachadh gus ruith air Nexus
aig an eadar-ama a tha air a shònrachadh ann nexus_backup_cron (à bhaisteach 21:00 gach latha).
Faic [teamplaid groovy airson na h-obrach seo] (templates/backup.groovy.j2) airson mion-fhiosrachadh.
Tha an obair chlĂ raichte seo neo-eisimeileach bho dhaoine eile nexus_scheduled_tasksa tha thu
ainmeachadh anns an leabhar-cluiche agad.
Ma tha thu airson cĂšl-taic a thionndadh / a sguabadh Ă s, stĂ laich nexus_backup_rotate: true agus rèitich an Ă ireamh de chĂšl-taic a bu mhath leat a shĂ bhaladh aâ cleachdadh nexus_backup_keep_rotations (bunaiteach 4).
Nuair a bhios tu aâ cleachdadh cuairteachadh, ma tha thu airson Ă ite diosc a bharrachd a shĂ bhaladh tron ââââphròiseas cĂšl-taic,
Faodaidh tu a stĂ ladh nexus_backup_rotate_first: true. Rèitichidh seo ro-rotation/sguab Ă s mus dèan thu lethbhreac-glèidhidh. Gu gnĂ thach, bidh cuairteachadh aâ tachairt Ă s deidh cĂšl-taic a chruthachadh. Thoir an aire gur ann sa chĂšis seo a tha na seann lethbhreacan-glèidhidh
thèid a sguabadh às mus tèid an cÚl-taic là ithreach a dhèanamh.
Dòigh-obrach ath-bheothachaidh
Ruith leabhar-cluiche le paramadair -e nexus_restore_point=<YYYY-MM-dd-HH-mm-ss>
(mar eisimpleir, 2017-12-17-21-00-00 airson 17 DĂšbhlachd, 2017 aig 21:00
A 'toirt air falbh nexus
Rabhadh: Sguabaidh seo às an dà ta là ithreach agad gu tur. Dèan cinnteach gun dèan thu cÚl-taic nas trà ithe ma tha sin riatanach
Cleachd caochladair nexus_purgema dh'fheumas tu ath-thòiseachadh bhon toiseach agus ath-shuidheachadh an eisimpleir nexus leis a h-uile dà ta air a thoirt air falbh.
ansible-playbook -i your/inventory.ini your_nexus_playbook.yml -e nexus_purge=trueAtharraich facal-faire rianadair Ă s deidh aâ chiad stĂ ladh
nexus_default_admin_password: 'admin123'Cha bu chòir seo atharrachadh anns an leabhar-cluiche agad. Tha am facal-faire rianachd Nexus bunaiteach air a' chaochladair seo nuair a thèid a stà ladh an toiseach agus nÏ e cinnteach gun urrainn dhuinn am facal-faire rianachd atharrachadh gu nexus_admin_password.
Ma tha thu airson facal-faire an rianaire atharrachadh Ă s deidh aâ chiad stĂ ladh, faodaidh tu atharrachadh gu sealach chun t-seann fhacal-fhaire bhon loidhne-Ă ithne. Ăs deidh atharrachadh nexus_admin_password anns an leabhar-cluiche agad faodaidh tu ruith:
ansible-playbook -i your/inventory.ini your_playbook.yml -e nexus_default_admin_password=oldPasswordSianal teileagram air Nexus Sonatype:
Chan fhaod ach luchd-cleachdaidh clĂ raichte pĂ irt a ghabhail san sgrĂšdadh. , mas e do thoil e.
Dè na stòran artifact a bhios tu aâ cleachdadh?
Sonatype nexus saor an asgaidh
Sonatype Nexus pĂ ighte
Artifactory saor an asgaidh
Artifactory pĂ ighte
Cala
CĂšp
Bhòt 9 neach-cleachdaidh. Cha do stad 3 neach-cleachdaidh.
Source: www.habr.com
