Ke hoʻouka a me ka hoʻonohonoho ʻana iā Nexus Sonatype me ka hoʻohana ʻana i ka ʻōnaehana ma ke ʻano he code code

ʻO Sonatype Nexus kahi kahua i hoʻohui ʻia e hiki ai i nā mea hoʻomohala ke koho, mālama a mālama i nā mea hilinaʻi Java (Maven), Docker, Python, Ruby, NPM, nā kiʻi Bower, RPM packages, gitlfs, Apt, Go, Nuget, a puʻunaue i kā lākou polokalamu palekana.

No ke aha ʻoe e pono ai iā Sonatype Nexus?

• No ka mālama ʻana i nā mea waiwai pilikino;
• No ka mālama ʻana i nā mea waiwai i hoʻoiho ʻia mai ka Pūnaewele;

Kākoʻo ʻia nā mea hana i loko o ka pūʻolo Sonatype Nexus kumu:

• Java, Maven (jar)
• Docker
• Python (pip)
• Ruby
• NPM
• ʻO Bower
• Yum (rpm)
• gitlfs
• maka
• Apt (deb)
• Go
• Nuget

Nā mea hana i kākoʻo ʻia e ke Kaiāulu:

• haku mele
• Anohana
• CPAN
• ELPA
• Helm
• P2
• R

Ke hoʻouka nei iā Sonatype Nexus me ka hoʻohana ʻana https://github.com/ansible-ThoTeam/nexus3-oss

koi

• E heluhelu e pili ana i ka hoʻohana ʻana i ka ansible ma ka Pūnaewele.
• E hoʻouka ansible pip install ansible ma ke kahua hana kahi e holo ai ka puke pāʻani.
• Kau geerlingguy.java ma ke kahua hana kahi e holo ai ka puke pāʻani.
• Kau geerlingguy.apache ma ke kahua hana kahi e holo ai ka puke pāʻani.
• Ua hoʻāʻo ʻia kēia kuleana ma CentOS 7, Ubuntu Xenial (16.04) a me Bionic (18.04), Debian Jessie a me Stretch
• jmespath Pono e hoʻokomo ʻia ka waihona ma ke kahua hana kahi e holo ai ka puke pāʻani. E hoʻouka: sudo pip install -r requirements.txt
• E mālama i ka waihona puke pāʻani (laʻana ma lalo) i ka faile nexus.yml
• Holo i ka hoʻokomo ʻana o nexus ansible-playbook -i host nexus.yml

He laʻana ansible-playbook no ka hoʻokomo ʻana i ka nexus me ka ʻole o LDAP me Maven (java), Docker, Python, Ruby, NPM, Bower, RPM a me gitlfs repositories.

---
- name: Nexus
  hosts: nexus
  become: yes

  vars:
    nexus_timezone: 'Asia/Omsk'
    nexus_admin_password: "admin123"
    nexus_public_hostname: 'apatsev-nexus-playbook'
    httpd_setup_enable: false
    nexus_privileges:
      - name: all-repos-read
        description: 'Read & Browse access to all repos'
        repository: '*'
        actions:
          - read
          - browse
      - name: company-project-deploy
        description: 'Deployments to company-project'
        repository: company-project
        actions:
          - add
          - edit
    nexus_roles:
      - id: Developpers # maps to the LDAP group
        name: developers
        description: All developers
        privileges:
          - nx-search-read
          - all-repos-read
          - company-project-deploy
        roles: []
    nexus_local_users:
      - username: jenkins # used as key to update
        first_name: Jenkins
        last_name: CI
        email: [email protected]
        password: "s3cr3t"
        roles:
          - Developpers # role ID here
    nexus_blobstores:
      - name: company-artifacts
        path: /var/nexus/blobs/company-artifacts
    nexus_scheduled_tasks:
      - name: compact-blobstore
        cron: '0 0 22 * * ?'
        typeId: blobstore.compact
        taskProperties:
          blobstoreName: 'company-artifacts'

    nexus_repos_maven_proxy:
      - name: central
        remote_url: 'https://repo1.maven.org/maven2/'
        layout_policy: permissive
      - name: jboss
        remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
      - name: vaadin-addons
        remote_url: 'https://maven.vaadin.com/vaadin-addons/'
      - name: jaspersoft
        remote_url: 'https://jaspersoft.artifactoryonline.com/jaspersoft/jaspersoft-repo/'
        version_policy: mixed
    nexus_repos_maven_hosted:
      - name: company-project
        version_policy: mixed
        write_policy: allow
        blob_store: company-artifacts
    nexus_repos_maven_group:
      - name: public
        member_repos:
          - central
          - jboss
          - vaadin-addons
          - jaspersoft

    # Yum. Change nexus_config_yum to true for create yum repository
    nexus_config_yum: true
    nexus_repos_yum_hosted:
      - name: private_yum_centos_7
        repodata_depth: 1
    nexus_repos_yum_proxy:
      - name: epel_centos_7_x86_64
        remote_url: http://download.fedoraproject.org/pub/epel/7/x86_64
        maximum_component_age: -1
        maximum_metadata_age: -1
        negative_cache_ttl: 60
      - name: centos-7-os-x86_64
        remote_url: http://mirror.centos.org/centos/7/os/x86_64/
        maximum_component_age: -1
        maximum_metadata_age: -1
        negative_cache_ttl: 60
    nexus_repos_yum_group:
      - name: yum_all
        member_repos:
          - private_yum_centos_7
          - epel_centos_7_x86_64

    # NPM. Change nexus_config_npm to true for create npm repository
    nexus_config_npm: true
    nexus_repos_npm_hosted: []
    nexus_repos_npm_group:
      - name: npm-public
        member_repos:
          - npm-registry
    nexus_repos_npm_proxy:
      - name: npm-registry
        remote_url: https://registry.npmjs.org/
        negative_cache_enabled: false

    # Docker. Change nexus_config_docker to true for create docker repository
    nexus_config_docker: true
    nexus_repos_docker_hosted:
      - name: docker-hosted
        http_port: "{{ nexus_docker_hosted_port }}"
        v1_enabled: True
    nexus_repos_docker_proxy:
      - name: docker-proxy
        http_port: "{{ nexus_docker_proxy_port }}"
        v1_enabled: True
        index_type: "HUB"
        remote_url: "https://registry-1.docker.io"
        use_nexus_certificates_to_access_index: false
        maximum_component_age: 1440
        maximum_metadata_age: 1440
        negative_cache_enabled: true
        negative_cache_ttl: 1440
    nexus_repos_docker_group:
      - name: docker-group
        http_port: "{{ nexus_docker_group_port }}"
        v1_enabled: True
        member_repos:
          - docker-hosted
          - docker-proxy

    # Bower. Change nexus_config_bower to true for create bower repository
    nexus_config_bower: true
    nexus_repos_bower_hosted:
      - name: bower-hosted
    nexus_repos_bower_proxy:
      - name: bower-proxy
        index_type: "proxy"
        remote_url: "https://registry.bower.io"
        use_nexus_certificates_to_access_index: false
        maximum_component_age: 1440
        maximum_metadata_age: 1440
        negative_cache_enabled: true
        negative_cache_ttl: 1440
    nexus_repos_bower_group:
      - name: bower-group
        member_repos:
          - bower-hosted
          - bower-proxy

    # Pypi. Change nexus_config_pypi to true for create pypi repository
    nexus_config_pypi: true
    nexus_repos_pypi_hosted:
      - name: pypi-hosted
    nexus_repos_pypi_proxy:
      - name: pypi-proxy
        index_type: "proxy"
        remote_url: "https://pypi.org/"
        use_nexus_certificates_to_access_index: false
        maximum_component_age: 1440
        maximum_metadata_age: 1440
        negative_cache_enabled: true
        negative_cache_ttl: 1440
    nexus_repos_pypi_group:
      - name: pypi-group
        member_repos:
          - pypi-hosted
          - pypi-proxy

    # rubygems. Change nexus_config_rubygems to true for create rubygems repository
    nexus_config_rubygems: true
    nexus_repos_rubygems_hosted:
      - name: rubygems-hosted
    nexus_repos_rubygems_proxy:
      - name: rubygems-proxy
        index_type: "proxy"
        remote_url: "https://rubygems.org"
        use_nexus_certificates_to_access_index: false
        maximum_component_age: 1440
        maximum_metadata_age: 1440
        negative_cache_enabled: true
        negative_cache_ttl: 1440
    nexus_repos_rubygems_group:
      - name: rubygems-group
        member_repos:
          - rubygems-hosted
          - rubygems-proxy

    # gitlfs. Change nexus_config_gitlfs to true for create gitlfs repository
    nexus_config_gitlfs: true
    nexus_repos_gitlfs_hosted:
      - name: gitlfs-hosted

  roles:
    - { role: geerlingguy.java }
    # Debian/Ubuntu only
    # - { role: geerlingguy.apache, apache_create_vhosts: no, apache_mods_enabled: ["proxy_http.load", "headers.load"], apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
    # RedHat/CentOS only
    - { role: geerlingguy.apache, apache_create_vhosts: no, apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
    - { role: ansible-thoteam.nexus3-oss, tags: ['ansible-thoteam.nexus3-oss'] }

Nā kiʻikuhi:

Nā kuleana like ʻole

Nā mea hoʻololi Role

Nā mea hoʻololi me nā waiwai paʻamau (e ʻike default/main.yml):

Nā hoʻololi maʻamau

    nexus_version: ''
    nexus_timezone: 'UTC'

Ma ka paʻamau, e hoʻokomo ka hana i ka mana hou loa o Nexus. Hiki iā ʻoe ke hoʻoponopono i ka mana ma ka hoʻololi ʻana i ka loli nexus_version. E nānā i nā mana i loaʻa ma https://www.sonatype.com/download-oss-sonatype.

Inā hoʻololi ʻoe i kahi mana hou, e hoʻāʻo ka hana e hoʻohou i kāu hoʻonohonoho Nexus.

Inā ʻoe e hoʻohana nei i kahi mana kahiko o Nexus ma mua o ka mea hou loa, pono ʻoe e hōʻoia ʻaʻole ʻoe e hoʻohana nei i nā hiʻohiʻona ʻaʻole i loaʻa i ka hoʻokuʻu ʻia (no ka laʻana, loaʻa nā waihona yum no ka nexus ʻoi aku ma mua o 3.8.0, git lfs repo. no ka nexus ʻoi aku ma mua o 3.3.0 etc.)

nexus timezone ʻO ia ka inoa o ka ʻāpana manawa Java, hiki ke hoʻohana ʻia i ka hui pū ʻana me nā ʻōlelo cron aʻe no nā hana nexus_scheduled.

ʻO ke awa Nexus a me ke ala pōʻaiapili

    nexus_default_port: 8081
    nexus_default_context_path: '/'

ʻO ke awa a me ke ala pōʻaiapili o ke kaʻina hana pili Java. nexus_default_context_path Pono e loaʻa i kahi slash i mua ke hoʻonohonoho ʻia, e laʻa: nexus_default_context_path: '/nexus/'.

Mea hoʻohana a hui pū ʻo Nexus OS

    nexus_os_group: 'nexus'
    nexus_os_user: 'nexus'

ʻO ka mea hoʻohana a me ka hui i hoʻohana i nā faila Nexus a holo i ka lawelawe e hana ʻia e ka hana inā nalo kekahi.

    nexus_os_user_home_dir: '/home/nexus'

E ʻae i ka hoʻololi ʻana i ka papa kuhikuhi home paʻamau no ka mea hoʻohana nexus

Nā papa kuhikuhi kumu Nexus

    nexus_installation_dir: '/opt'
    nexus_data_dir: '/var/nexus'
    nexus_tmp_dir: "{{ (ansible_os_family == 'RedHat') | ternary('/var/nexus-tmp', '/tmp/nexus') }}"

Nā hua'ōlelo Nexus.

• nexus_installation_dir loaʻa nā faila i hoʻokomo ʻia
• nexus_data_dir Loaʻa nā hoʻonohonoho āpau, nā waihona a me nā mea i hoʻoiho ʻia. Nā ala blobstore maʻamau nexus_data_dir hiki ke hoʻopilikino ʻia, e ʻike ma lalo nexus_blobstores.
• nexus_tmp_dir Loaʻa nā faila manawa āpau. Ua hoʻoneʻe ʻia ke ala paʻamau no redhat mai /tmp e lanakila i nā pilikia me nā kaʻina hana hoʻomaʻemaʻe ʻakomi. E nana #168.

Ke hoʻonohonoho nei i ka hoʻohana ʻana i ka hoʻohana hoʻomanaʻo Nexus JVM

    nexus_min_heap_size: "1200M"
    nexus_max_heap_size: "{{ nexus_min_heap_size }}"
    nexus_max_direct_memory: "2G"

ʻO kēia nā hoʻonohonoho paʻamau no Nexus. Mai hoʻololi i kēia mau waiwai Inā ʻaʻole ʻoe i heluhelu ʻāpana hoʻomanaʻo pono pūnaewele nexus a maopopo ole ka lakou hana ana.

Ma ke ʻano he ʻōlelo aʻo ʻelua, eia kahi ʻāpana mai ka palapala i luna.

ʻAʻole ʻōlelo ʻia e hoʻonui i ka hoʻomanaʻo JVM heap ma mua o nā waiwai i manaʻo ʻia i ka hoʻāʻo e hoʻomaikaʻi i ka hana. Loaʻa paha kēia i ka hopena kū'ē, e hopena i ka hana pono ʻole no ka ʻōnaehana hana.

ʻōlelo huna luna

    nexus_admin_password: 'changeme'

ʻO ka ʻōlelo huna "admin" no ka hoʻonohonoho. Hoʻohana wale kēia i ka hoʻonohonoho paʻamau mua. E ʻoluʻolu e ʻike [Change admin password after first installation](# change-admin-password-after-first-install) inā makemake ʻoe e hoʻololi iā ia ma hope me ka hoʻohana ʻana i kahi kuleana.

Manaʻo ikaika ʻia ʻaʻole e mālama i kāu ʻōlelo huna ma kahi kikokikona ma ka playbook, akā e hoʻohana i [ansible-vault encryption] (https://docs.ansible.com/ansible/latest/user_guide/vault.html) (ma ka laina a i ʻole ma kahi faila ʻokoʻa i hoʻouka ʻia me ka laʻana. include_vars)

Loaʻa inoa ʻole ma ka paʻamau

    nexus_anonymous_access: false

Ua pio ke komo inoa ʻole ma ka paʻamau. E heluhelu hou e pili ana komo inoa ʻole.

inoa hoʻokipa lehulehu

    nexus_public_hostname: 'nexus.vm'
    nexus_public_scheme: https

ʻO ka inoa kikowaena kūpono piha a me ka papahana (https a i ʻole http) kahi e loaʻa ai ke kumu Nexus i kāna mau mea kūʻai.

Loaʻa API no kēia kuleana

    nexus_api_hostname: localhost
    nexus_api_scheme: http
    nexus_api_validate_certs: "{{ nexus_api_scheme == 'https' }}"
    nexus_api_context_path: "{{ nexus_default_context_path }}"
    nexus_api_port: "{{ nexus_default_port }}"

Mālama kēia mau ʻano hoʻololi i ka pili ʻana o ke kuleana i ka Nexus API no ka hoʻolako ʻana.
No nā mea hoʻohana kiʻekiʻe wale nō. ʻAʻole paha ʻoe makemake e hoʻololi i kēia mau hoʻonohonoho paʻamau

Hoʻonohonoho i kahi koho hope

    httpd_setup_enable: false
    httpd_server_name: "{{ nexus_public_hostname }}"
    httpd_default_admin_email: "[email protected]"
    httpd_ssl_certificate_file: 'files/nexus.vm.crt'
    httpd_ssl_certificate_key_file: 'files/nexus.vm.key'
    # httpd_ssl_certificate_chain_file: "{{ httpd_ssl_certificate_file }}"
    httpd_copy_ssl_files: true

Kau SSL Reverse Proxy.
No ka hana ʻana i kēia, pono ʻoe e hoʻokomo i ka httpd. Nānā: i ka manawa no httpd_setup_enable hoʻonohonoho waiwaitrue, nā pilina pili 127.0.0.1:8081, pēlā ole hiki ke kiʻi pololei ʻia ma o HTTP port 8081 mai ka helu IP waho.

ʻO ka inoa hostname i hoʻohana ʻia nexus_public_hostname. Inā makemake ʻoe i nā inoa like ʻole no kekahi kumu, hiki iā ʻoe ke hoʻonohonoho httpd_server_name me ke ano okoa.

С httpd_copy_ssl_files: true (ma ka paʻamau) pono nā palapala hōʻoia ma luna o kāu papa kuhikuhi puke a e kope ʻia i ke kikowaena a hoʻonohonoho ʻia ma apache.

Inā makemake ʻoe e hoʻohana i nā palapala hōʻoia ma ka kikowaena, e hoʻouka httpd_copy_ssl_files: false a hāʻawi i nā ʻano like ʻole:

    # These specifies to the vhost where to find on the remote server file
    # system the certificate files.
    httpd_ssl_cert_file_location: "/etc/pki/tls/certs/wildcard.vm.crt"
    httpd_ssl_cert_key_location: "/etc/pki/tls/private/wildcard.vm.key"
    # httpd_ssl_cert_chain_file_location: "{{ httpd_ssl_cert_file_location }}"

httpd_ssl_cert_chain_file_location he koho a pono e waiho ʻole ʻia inā ʻaʻole ʻoe makemake e hoʻopilikino i ka faila kaulahao

    httpd_default_admin_email: "[email protected]"

E hoʻonoho i ka helu leka uila paʻamau

Hoʻonohonoho LDAP

Ua pio nā pilina LDAP a me ke aupuni palekana

    nexus_ldap_realm: false
    ldap_connections: []

Nā pilina LDAP, ʻo kēlā me kēia mea e like me kēia:

    nexus_ldap_realm: true
    ldap_connections:
      - ldap_name: 'My Company LDAP' # used as a key to update the ldap config
        ldap_protocol: 'ldaps' # ldap or ldaps
        ldap_hostname: 'ldap.mycompany.com'
        ldap_port: 636
        ldap_use_trust_store: false # Wether or not to use certs in the nexus trust store
        ldap_search_base: 'dc=mycompany,dc=net'
        ldap_auth: 'none' # or simple
        ldap_auth_username: 'username' # if auth = simple
        ldap_auth_password: 'password' # if auth = simple
        ldap_user_base_dn: 'ou=users'
        ldap_user_filter: '(cn=*)' # (optional)
        ldap_user_object_class: 'inetOrgPerson'
        ldap_user_id_attribute: 'uid'
        ldap_user_real_name_attribute: 'cn'
        ldap_user_email_attribute: 'mail'
        ldap_user_subtree: false
        ldap_map_groups_as_roles: false
        ldap_group_base_dn: 'ou=groups'
        ldap_group_object_class: 'posixGroup'
        ldap_group_id_attribute: 'cn'
        ldap_group_member_attribute: 'memberUid'
        ldap_group_member_format: '${username}'
        ldap_group_subtree: false

He laʻana hoʻonohonoho LDAP no ka hōʻoia inoa ʻole (ka hoʻopaʻa inoa ʻole), he hoʻonohonoho "liʻiliʻi" hoʻi kēia:

    nexus_ldap_realm: true
    ldap_connection:
      - ldap_name: 'Simplest LDAP config'
        ldap_protocol: 'ldaps'
        ldap_hostname: 'annuaire.mycompany.com'
        ldap_search_base: 'dc=mycompany,dc=net'
        ldap_port: 636
        ldap_use_trust_store: false
        ldap_user_id_attribute: 'uid'
        ldap_user_real_name_attribute: 'cn'
        ldap_user_email_attribute: 'mail'
        ldap_user_object_class: 'inetOrgPerson'

Laʻana hoʻonohonoho LDAP no ka hōʻoia maʻalahi (me ka hoʻohana ʻana i ka moʻokāki DSA):

    nexus_ldap_realm: true
    ldap_connections:
      - ldap_name: 'LDAP config with DSA'
        ldap_protocol: 'ldaps'
        ldap_hostname: 'annuaire.mycompany.com'
        ldap_port: 636
        ldap_use_trust_store: false
        ldap_auth: 'simple'
        ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
        ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
        ldap_search_base: 'dc=mycompany,dc=net'
        ldap_user_base_dn: 'ou=users'
        ldap_user_object_class: 'inetOrgPerson'
        ldap_user_id_attribute: 'uid'
        ldap_user_real_name_attribute: 'cn'
        ldap_user_email_attribute: 'mail'
        ldap_user_subtree: false

Laʻana hoʻonohonoho LDAP no ka hōʻoia maʻalahi (me ka hoʻohana ʻana i ka moʻokāki DSA) + pūʻulu i palapala ʻia ma ke ʻano he kuleana:

    nexus_ldap_realm: true
    ldap_connections
      - ldap_name: 'LDAP config with DSA'
        ldap_protocol: 'ldaps'
        ldap_hostname: 'annuaire.mycompany.com'
        ldap_port: 636
        ldap_use_trust_store: false
        ldap_auth: 'simple'
        ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
        ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
        ldap_search_base: 'dc=mycompany,dc=net'
        ldap_user_base_dn: 'ou=users'
        ldap_user_object_class: 'inetOrgPerson'
        ldap_user_id_attribute: 'uid'
        ldap_user_real_name_attribute: 'cn'
        ldap_user_email_attribute: 'mail'
        ldap_map_groups_as_roles: true
        ldap_group_base_dn: 'ou=groups'
        ldap_group_object_class: 'groupOfNames'
        ldap_group_id_attribute: 'cn'
        ldap_group_member_attribute: 'member'
        ldap_group_member_format: 'uid=${username},ou=users,dc=mycompany,dc=net'
        ldap_group_subtree: false

Laʻana hoʻonohonoho LDAP no ka hōʻoia maʻalahi (me ka hoʻohana ʻana i ka moʻokāki DSA) + pūʻulu i hoʻopaʻa ʻia ma ke ʻano he mau kuleana:

    nexus_ldap_realm: true
    ldap_connections:
      - ldap_name: 'LDAP config with DSA'
        ldap_protocol: 'ldaps'
        ldap_hostname: 'annuaire.mycompany.com'
        ldap_port: 636
        ldap_use_trust_store: false
        ldap_auth: 'simple'
        ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
        ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
        ldap_search_base: 'dc=mycompany,dc=net'
        ldap_user_base_dn: 'ou=users'
        ldap_user_object_class: 'inetOrgPerson'
        ldap_user_id_attribute: 'uid'
        ldap_user_real_name_attribute: 'cn'
        ldap_user_email_attribute: 'mail'
        ldap_map_groups_as_roles: true
        ldap_map_groups_as_roles_type: 'dynamic'
        ldap_user_memberof_attribute: 'memberOf'

Pono

    nexus_privileges:
      - name: all-repos-read # used as key to update a privilege
        # type: <one of application, repository-admin, repository-content-selector, repository-view, script or wildcard>
        description: 'Read & Browse access to all repos'
        repository: '*'
        actions: # can be add, browse, create, delete, edit, read or  * (all)
          - read
          - browse
        # pattern: pattern
        # domain: domain
        # script_name: name

papa inoa nā pono no nā hoʻonohonoho. E nānā i ka palapala a me ka GUI e nānā i nā ʻano like ʻole e pono e hoʻonohonoho ʻia ma muli o ke ʻano o ka pono.

Hoʻohui ʻia kēia mau mea me nā waiwai paʻamau:

    _nexus_privilege_defaults:
      type: repository-view
      format: maven2
      actions:
        - read

Nā kuleana (i loko o Nexus kēia ʻano)

    nexus_roles:
      - id: Developpers # can map to a LDAP group id, also used as a key to update a role
        name: developers
        description: All developers
        privileges:
          - nx-search-read
          - all-repos-read
        roles: [] # references to other role names

papa inoa kuleana no nā hoʻonohonoho.

mea hoʻohana

    nexus_local_users: []
      # - username: jenkins # used as key to update
      #   state: present # default value if ommited, use 'absent' to remove user
      #   first_name: Jenkins
      #   last_name: CI
      #   email: [email protected]
      #   password: "s3cr3t"
      #   roles:
      #     - developers # role ID

Ka papa inoa o nā mea hoʻohana/nā moʻokāki kūloko (non-LDAP) e hana ai ma nexus.

Ka papa inoa o nā mea hoʻohana/nā moʻokāki kūloko (ʻaʻole LDAP) e hana ma Nexus.

      nexus_ldap_users: []
      # - username: j.doe
      #   state: present
      #   roles:
      #     - "nx-admin"

Ldap palapala 'āina o nā mea hoʻohana / kuleana. Mokuʻāina absent e wehe i nā kuleana mai kahi mea hoʻohana i kēia manawa inā loaʻa kekahi.
ʻAʻole holoi ʻia nā mea hoʻohana Ldap. Ke ho'āʻo nei e hoʻonoho i kahi kuleana no ka mea hoʻohana ʻole e loaʻa i kahi hewa.

Nā mea koho maʻiʻo

  nexus_content_selectors:
  - name: docker-login
    description: Selector for docker login privilege
    search_expression: format=="docker" and path=~"/v2/"

No ka ʻike hou aku e pili ana i ka mea koho maʻiʻo, e ʻike Palapala.

No ka hoʻohana ʻana i ka mea koho maʻiʻo, hoʻohui i kahi pono hou me type: repository-content-selector a pilicontentSelector

- name: docker-login-privilege
  type: repository-content-selector
  contentSelector: docker-login
  description: 'Login to Docker registry'
  repository: '*'
  actions:
  - read
  - browse

Blobstores a me nā waihona

    nexus_delete_default_repos: false

Holoi i nā waihona mai ka nexus e hoʻokomo i ka hoʻonohonoho paʻamau. Hoʻokō ʻia kēia hana ma ka hoʻokomo mua ʻana (i ka manawa nexus_data_dir ua ʻike ʻia me ka nele).

Ke wehe nei i nā waihona mai ka hoʻonohonoho paʻamau no Nexus. Hana ʻia kēia hana i ka wā o ka hoʻokomo mua ʻana (i ka wā nexus_data_dir nele).

    nexus_delete_default_blobstore: false

Holoi i ka blobstore paʻamau mai ka nexus install mua hoʻonohonoho paʻamau. Hiki ke hana i keia ina wale no nexus_delete_default_repos: true a me nā waihona waihona i hoʻonohonoho ʻia (e ʻike ma lalo) he kikoʻī blob_store: custom. Hoʻokō ʻia kēia hana ma ka hoʻokomo mua ʻana (i ka manawa nexus_data_dir ua ʻike ʻia me ka nele).

Hoʻopau ʻia ka wehe ʻana i ka waiho ʻana o nā blob (binary artifacts) ma ka paʻamau mai ka hoʻonohonoho mua. No ka wehe ʻana i ka waiho ʻana o nā blob (binary artifacts), hoʻopau nexus_delete_default_repos: true. Hana ʻia kēia hana i ka wā o ka hoʻokomo mua ʻana (i ka wā nexus_data_dir nele).

    nexus_blobstores: []
    # example blobstore item :
    # - name: separate-storage
    #   type: file
    #   path: /mnt/custom/path
    # - name: s3-blobstore
    #   type: S3
    #   config:
    #     bucket: s3-blobstore
    #     accessKeyId: "{{ VAULT_ENCRYPTED_KEY_ID }}"
    #     secretAccessKey: "{{ VAULT_ENCRYPTED_ACCESS_KEY }}"

Blobstores e hana. ʻAʻole hiki ke hōʻano hou ʻia kahi ala blobstore a me kahi blobstore waihona ma hope o ka hana mua ʻana (e nānā ʻole ʻia kekahi mea hou ma ʻaneʻi ma ka hoʻolako hou ʻana).

Hāʻawi ʻia ka hoʻonohonoho ʻana i ka blobstore ma S3 ma ke ʻano he mea maʻalahi a ʻaʻole ia he ʻāpana o nā hoʻokolohua automated a mākou e holo ai ma travis. E ʻoluʻolu e ʻoluʻolu e mālama ʻia ma S3 no nā manawa i kau ʻia ma AWS.

Hana ʻia Blobstores. ʻAʻole hiki ke hōʻano hou ʻia ke ala mālama a me ka waihona waihona ma hope o ka hana mua ʻana (e nānā ʻole ʻia kekahi mea hou ma aneʻi ke kau hou ʻia).

Hāʻawi ʻia ka hoʻonohonoho ʻana i kahi waihona blob ma S3 i mea maʻalahi. E ʻoluʻolu e ʻoluʻolu e ʻōlelo ʻia ka waiho ʻana o S3 no nā manawa i kau ʻia ma AWS.

    nexus_repos_maven_proxy:
      - name: central
        remote_url: 'https://repo1.maven.org/maven2/'
        layout_policy: permissive
        # maximum_component_age: -1
        # maximum_metadata_age: 1440
        # negative_cache_enabled: true
        # negative_cache_ttl: 1440
      - name: jboss
        remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
        # maximum_component_age: -1
        # maximum_metadata_age: 1440
        # negative_cache_enabled: true
        # negative_cache_ttl: 1440
    # example with a login/password :
    # - name: secret-remote-repo
    #   remote_url: 'https://company.com/repo/secure/private/go/away'
    #   remote_username: 'username'
    #   remote_password: 'secret'
    #   # maximum_component_age: -1
    #   # maximum_metadata_age: 1440
    #   # negative_cache_enabled: true
    #   # negative_cache_ttl: 1440

Aia ma luna kahi laʻana hoʻonohonoho kikowaena kikowaena Maven.

    nexus_repos_maven_hosted:
      - name: private-release
        version_policy: release
        write_policy: allow_once  # one of "allow", "allow_once" or "deny"

Maven nā waihona waihona hoʻonohonoho. ʻO ka hoʻonohonoho cache negative he koho a e paʻa i nā koina i luna inā haʻalele.

Kauoa nā waihona waihona Maven. ʻO ka hoʻonohonoho huna huna maikaʻi ʻole (-1) he koho a paʻa i nā koina i luna inā ʻaʻole i kuhikuhi ʻia.

    nexus_repos_maven_group:
      - name: public
        member_repos:
          - central
          - jboss

Kauoa nā hui Maven.

Hoʻohui ʻia nā ʻano waihona ʻekolu me nā waiwai paʻamau:

    _nexus_repos_maven_defaults:
      blob_store: default # Note : cannot be updated once the repo has been created
      strict_content_validation: true
      version_policy: release # release, snapshot or mixed
      layout_policy: strict # strict or permissive
      write_policy: allow_once # one of "allow", "allow_once" or "deny"
      maximum_component_age: -1  # Nexus gui default. For proxies only
      maximum_metadata_age: 1440  # Nexus gui default. For proxies only
      negative_cache_enabled: true # Nexus gui default. For proxies only
      negative_cache_ttl: 1440 # Nexus gui default. For proxies only

Docker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFS a me nā ʻano waihona waihona yum:
ike defaults/main.yml no kēia mau koho:

ʻO Docker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFS a me yum repositories ua hoʻopau ʻia e ka paʻamau:
E nānā defaults/main.yml no kēia mau koho:

      nexus_config_pypi: false
      nexus_config_docker: false
      nexus_config_raw: false
      nexus_config_rubygems: false
      nexus_config_bower: false
      nexus_config_npm: false
      nexus_config_gitlfs: false
      nexus_config_yum: false

E ʻoluʻolu e pono ʻoe e ʻae i kekahi mau ʻāpana palekana inā makemake ʻoe e hoʻohana i nā ʻano waihona ʻē aʻe ma mua o ka maven. He wahaheʻe kēia ma ka paʻamau

nexus_nuget_api_key_realm: false
nexus_npm_bearer_token_realm: false
nexus_docker_bearer_token_realm: false  # required for docker anonymous access

Hiki ke hoʻohana ʻia ka Realm User Remote me ka hoʻohana ʻana

nexus_rut_auth_realm: true

a hiki ke hoʻopilikino ʻia ke poʻo ma ka wehewehe ʻana

nexus_rut_auth_header: "CUSTOM_HEADER"

Nā hana i hoʻonohonoho ʻia

    nexus_scheduled_tasks: []
    #  #  Example task to compact blobstore :
    #  - name: compact-docker-blobstore
    #    cron: '0 0 22 * * ?'
    #    typeId: blobstore.compact
    #    task_alert_email: [email protected]  # optional
    #    taskProperties:
    #      blobstoreName: {{ nexus_blob_names.docker.blob }} # all task attributes are stored as strings by nexus internally
    #  #  Example task to purge maven snapshots
    #  - name: Purge-maven-snapshots
    #    cron: '0 50 23 * * ?'
    #    typeId: repository.maven.remove-snapshots
    #    task_alert_email: [email protected]  # optional
    #    taskProperties:
    #      repositoryName: "*"  # * for all repos. Change to a repository name if you only want a specific one
    #      minimumRetained: "2"
    #      snapshotRetentionDays: "2"
    #      gracePeriodInDays: "2"
    #    booleanTaskProperties:
    #      removeIfReleased: true
    #  #  Example task to purge unused docker manifest and images
    #  - name: Purge unused docker manifests and images
    #    cron: '0 55 23 * * ?'
    #    typeId: "repository.docker.gc"
    #    task_alert_email: [email protected]  # optional
    #    taskProperties:
    #      repositoryName: "*"  # * for all repos. Change to a repository name if you only want a specific one
    #  #  Example task to purge incomplete docker uploads
    #  - name: Purge incomplete docker uploads
    #    cron: '0 0 0 * * ?'
    #    typeId: "repository.docker.upload-purge"
    #    task_alert_email: [email protected]  # optional
    #    taskProperties:
    #      age: "24"

Nā hana i hoʻonohonoho ʻia no nā hoʻonohonoho. typeId a me ka hana kiko'ītaskProperties/booleanTaskProperties hiki iā ʻoe ke koho:

• mai ka Java type hierarchy org.sonatype.nexus.scheduling.TaskDescriptorSupport
• e nānā ana i ka palapala hana HTML ma kāu polokalamu kele pūnaewele
• mai ka nānā ʻana i nā noi AJAX i ka polokalamu kele i ka wā e hoʻonohonoho lima ai i kahi hana.

Pono e haʻi ʻia nā waiwai hana ma ka poloka yaml pololei ma muli o ko lākou ʻano:

• taskProperties no nā waiwai kaula āpau (ʻo ia hoʻi nā inoa waihona, nā inoa waihona, nā manawa manawa...).
• booleanTaskProperties no nā waiwai logical āpau (ʻo ia hoʻi nā pahu pahu ma ka GUI o ka hana hana nexus).

Nā waihona

      nexus_backup_configure: false
      nexus_backup_cron: '0 0 21 * * ?'  # See cron expressions definition in nexus create task gui
      nexus_backup_dir: '/var/nexus-backup'
      nexus_restore_log: '{{ nexus_backup_dir }}/nexus-restore.log'
      nexus_backup_rotate: false
      nexus_backup_rotate_first: false
      nexus_backup_keep_rotations: 4  # Keep 4 backup rotation by default (current + last 3)

ʻAʻole e hoʻonohonoho ʻia ka waihona a hiki i kou hoʻololi ʻana nexus_backup_configure в true.
I kēia hihia, e hoʻonohonoho ʻia ka hana script i hoʻonohonoho ʻia e holo ma Nexus
ma ka manawa i hoakakaia ma nexus_backup_cron (kahi paʻamau 21:00 i kēlā me kēia lā).
E nānā i [groovy template no kēia hana](templates/backup.groovy.j2) no nā kikoʻī.
Kūʻokoʻa kēia hana i hoʻonohonoho ʻia mai nā mea ʻē aʻe nexus_scheduled_taskska mea āu
e hoʻolaha ma kāu puke pāʻani.

Inā makemake ʻoe e hoʻololi / holoi i nā waihona, e hoʻouka nexus_backup_rotate: true a hoʻonohonoho i ka helu o nā waihona āu e makemake ai e mālama me ka hoʻohana ʻana nexus_backup_keep_rotations (paʻamau 4).

I ka hoʻohana ʻana i ka rotation, inā makemake ʻoe e mālama i kahi wahi disk hou i ka wā o ke kaʻina hana hoʻihoʻi,
Hiki iā ʻoe ke hoʻouka nexus_backup_rotate_first: true. E hoʻonohonoho kēia i ka hoʻololi ʻana/ka holoi ʻana ma mua o ka hoʻihoʻi ʻana. Ma ka paʻamau, hoʻololi ʻia ma hope o ka hana ʻana i kahi waihona. E ʻoluʻolu e hoʻomaopopo i kēia hihia i nā backup kahiko
e holoi ʻia ma mua o ka hana ʻana i ka waihona o kēia manawa.

Kaʻina hana hoʻihoʻi

E holo i ka puke pāʻani me ka ʻāpana -e nexus_restore_point=<YYYY-MM-dd-HH-mm-ss>
(no ka laʻana, 2017-12-17-21-00-00 no Dekemaba 17, 2017 ma 21:00

Ke wehe nei i ka nexus

'Ōlelo Aʻo: E holoi loa kēia i kāu ʻikepili o kēia manawa. E hoʻopaʻa ma mua inā pono

E hoʻohana i kahi loli nexus_purgeinā pono ʻoe e hoʻomaka hou mai ka ʻōpala a hoʻokomo hou i ka laʻana nexus me nā ʻikepili āpau.

ansible-playbook -i your/inventory.ini your_nexus_playbook.yml -e nexus_purge=true

E hoʻololi i ka ʻōlelo huna luna ma hope o ka hoʻokomo mua ʻana

    nexus_default_admin_password: 'admin123'

ʻAʻole pono e hoʻololi i kēia i kāu puke pāʻani. Hoʻopiha ʻia kēia ʻano hoʻololi me ka ʻōlelo huna admin Nexus paʻamau i ka wā i hoʻokomo mua ʻia a hōʻoia e hiki iā mākou ke hoʻololi i ka ʻōlelo huna admin nexus_admin_password.

Inā makemake ʻoe e hoʻololi i ka ʻōlelo huna luna ma hope o ka hoʻokomo mua ʻana, hiki iā ʻoe ke hoʻololi iā ia i ka ʻōlelo huna kahiko mai ka laina kauoha. Ma hope o ka hoʻololi nexus_admin_password ma kāu puke pāʻani hiki iā ʻoe ke holo:

ansible-playbook -i your/inventory.ini your_playbook.yml -e nexus_default_admin_password=oldPassword

Kaila Telegram ma Nexus Sonatype: https://t.me/ru_nexus_sonatype

Hiki i nā mea hoʻohana i hoʻopaʻa inoa ʻia ke komo i ka noiʻi. Eʻe, e 'oluʻolu.

He aha nā waihona artifact āu e hoʻohana ai?

• He manuahi ka Sonatype Nexus

• Ua uku ʻia ʻo Sonatype Nexus

• He manuahi ka mea hana

• Ua uku ʻia ʻo Artifactory

• Wahi

• Pulp

9 mea hoʻohana i koho. Ua hōʻole nā ​​mea hoʻohana 3.

Source: www.habr.com