Sonatype Nexus yog lub platform sib koom ua ke los ntawm cov neeg tsim khoom tuaj yeem tso npe, khaws thiab tswj hwm Java (Maven) kev vam khom, Docker, Python, Ruby, NPM, Bower dluab, RPM pob, gitlfs, Apt, Mus, Nuget, thiab faib lawv cov software ruaj ntseg.
Vim li cas koj thiaj xav tau Sonatype Nexus?
- Txhawm rau khaws cov khoom ntiag tug;
- Rau caching artifacts uas yog downloaded los ntawm Internet;
Artifacts txaus siab nyob rau hauv cov yooj yim Sonatype Nexus pob:
- Java, Maven (zeeg)
- docker
- Python (pib)
- Ruby (zeeg)
- NPM
- Bowers
- Yog (rpm)
- gitlfs ua
- Nyoo
- Apt (dab)
- Go
- Nugs
Zej Zog Txhawb Khoom Artifacts:
- Composer
- Conan
- CPAN
- ELPA
- Helm
- P2
- R
Txhim kho Sonatype Nexus siv https://github.com/ansible-ThoTeam/nexus3-oss
uas yuav tsum tau
- Nyeem txog kev siv ansible hauv Internet.
- Nruab ansible
pip install ansible
ntawm qhov chaw ua haujlwm qhov chaw ua si ua haujlwm. - Teeb
geerlingguy.java ntawm qhov chaw ua haujlwm qhov chaw ua si ua haujlwm. - Teeb
geerlingguy.apache ntawm qhov chaw ua haujlwm qhov chaw ua si ua haujlwm. - Lub luag haujlwm no tau raug sim ntawm CentOS 7, Ubuntu Xenial (16.04) thiab Bionic (18.04), Debian Jessie thiab Stretch
jmespath
Lub tsev qiv ntawv yuav tsum tau muab ntsia rau ntawm qhov chaw ua haujlwm uas cov phau ntawv ua si tau ua haujlwm. Rau nruab:sudo pip install -r requirements.txt
- Txuag cov ntaub ntawv playbook (piv txwv li hauv qab) rau nexus.yml cov ntaub ntawv
- Khiav Nexus installation
ansible-playbook -i host nexus.yml
Piv txwv li ansible-playbook rau kev txhim kho nexus tsis muaj LDAP nrog Maven (java), Docker, Python, Ruby, NPM, Bower, RPM thiab gitlfs repositories.
---
- name: Nexus
hosts: nexus
become: yes
vars:
nexus_timezone: 'Asia/Omsk'
nexus_admin_password: "admin123"
nexus_public_hostname: 'apatsev-nexus-playbook'
httpd_setup_enable: false
nexus_privileges:
- name: all-repos-read
description: 'Read & Browse access to all repos'
repository: '*'
actions:
- read
- browse
- name: company-project-deploy
description: 'Deployments to company-project'
repository: company-project
actions:
- add
- edit
nexus_roles:
- id: Developpers # maps to the LDAP group
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
- company-project-deploy
roles: []
nexus_local_users:
- username: jenkins # used as key to update
first_name: Jenkins
last_name: CI
email: [email protected]
password: "s3cr3t"
roles:
- Developpers # role ID here
nexus_blobstores:
- name: company-artifacts
path: /var/nexus/blobs/company-artifacts
nexus_scheduled_tasks:
- name: compact-blobstore
cron: '0 0 22 * * ?'
typeId: blobstore.compact
taskProperties:
blobstoreName: 'company-artifacts'
nexus_repos_maven_proxy:
- name: central
remote_url: 'https://repo1.maven.org/maven2/'
layout_policy: permissive
- name: jboss
remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
- name: vaadin-addons
remote_url: 'https://maven.vaadin.com/vaadin-addons/'
- name: jaspersoft
remote_url: 'https://jaspersoft.artifactoryonline.com/jaspersoft/jaspersoft-repo/'
version_policy: mixed
nexus_repos_maven_hosted:
- name: company-project
version_policy: mixed
write_policy: allow
blob_store: company-artifacts
nexus_repos_maven_group:
- name: public
member_repos:
- central
- jboss
- vaadin-addons
- jaspersoft
# Yum. Change nexus_config_yum to true for create yum repository
nexus_config_yum: true
nexus_repos_yum_hosted:
- name: private_yum_centos_7
repodata_depth: 1
nexus_repos_yum_proxy:
- name: epel_centos_7_x86_64
remote_url: http://download.fedoraproject.org/pub/epel/7/x86_64
maximum_component_age: -1
maximum_metadata_age: -1
negative_cache_ttl: 60
- name: centos-7-os-x86_64
remote_url: http://mirror.centos.org/centos/7/os/x86_64/
maximum_component_age: -1
maximum_metadata_age: -1
negative_cache_ttl: 60
nexus_repos_yum_group:
- name: yum_all
member_repos:
- private_yum_centos_7
- epel_centos_7_x86_64
# NPM. Change nexus_config_npm to true for create npm repository
nexus_config_npm: true
nexus_repos_npm_hosted: []
nexus_repos_npm_group:
- name: npm-public
member_repos:
- npm-registry
nexus_repos_npm_proxy:
- name: npm-registry
remote_url: https://registry.npmjs.org/
negative_cache_enabled: false
# Docker. Change nexus_config_docker to true for create docker repository
nexus_config_docker: true
nexus_repos_docker_hosted:
- name: docker-hosted
http_port: "{{ nexus_docker_hosted_port }}"
v1_enabled: True
nexus_repos_docker_proxy:
- name: docker-proxy
http_port: "{{ nexus_docker_proxy_port }}"
v1_enabled: True
index_type: "HUB"
remote_url: "https://registry-1.docker.io"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_docker_group:
- name: docker-group
http_port: "{{ nexus_docker_group_port }}"
v1_enabled: True
member_repos:
- docker-hosted
- docker-proxy
# Bower. Change nexus_config_bower to true for create bower repository
nexus_config_bower: true
nexus_repos_bower_hosted:
- name: bower-hosted
nexus_repos_bower_proxy:
- name: bower-proxy
index_type: "proxy"
remote_url: "https://registry.bower.io"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_bower_group:
- name: bower-group
member_repos:
- bower-hosted
- bower-proxy
# Pypi. Change nexus_config_pypi to true for create pypi repository
nexus_config_pypi: true
nexus_repos_pypi_hosted:
- name: pypi-hosted
nexus_repos_pypi_proxy:
- name: pypi-proxy
index_type: "proxy"
remote_url: "https://pypi.org/"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_pypi_group:
- name: pypi-group
member_repos:
- pypi-hosted
- pypi-proxy
# rubygems. Change nexus_config_rubygems to true for create rubygems repository
nexus_config_rubygems: true
nexus_repos_rubygems_hosted:
- name: rubygems-hosted
nexus_repos_rubygems_proxy:
- name: rubygems-proxy
index_type: "proxy"
remote_url: "https://rubygems.org"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_rubygems_group:
- name: rubygems-group
member_repos:
- rubygems-hosted
- rubygems-proxy
# gitlfs. Change nexus_config_gitlfs to true for create gitlfs repository
nexus_config_gitlfs: true
nexus_repos_gitlfs_hosted:
- name: gitlfs-hosted
roles:
- { role: geerlingguy.java }
# Debian/Ubuntu only
# - { role: geerlingguy.apache, apache_create_vhosts: no, apache_mods_enabled: ["proxy_http.load", "headers.load"], apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
# RedHat/CentOS only
- { role: geerlingguy.apache, apache_create_vhosts: no, apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
- { role: ansible-thoteam.nexus3-oss, tags: ['ansible-thoteam.nexus3-oss'] }
Screenshots:
Cov luag hauj lwm sib txawv
Role Variables
Cov kev hloov pauv uas muaj qhov tseem ceeb (saib default/main.yml
):
General variables
nexus_version: ''
nexus_timezone: 'UTC'
Los ntawm lub neej ntawd, lub luag hauj lwm yuav nruab qhov tseeb muaj version ntawm Nexus. Koj tuaj yeem kho qhov version los ntawm kev hloov pauv hloov pauv nexus_version
. Saib muaj versions ntawm
Yog hais tias koj hloov mus rau ib tug tshiab version, lub luag hauj lwm yuav sim hloov kho koj Nexus installation.
Yog hais tias koj siv ib tug laus version ntawm Nexus tshaj qhov tseeb, koj yuav tsum xyuas kom meej tias koj tsis siv cov yam ntxwv uas tsis muaj nyob rau hauv lub tso tawm (piv txwv li, hosting yum repositories yog muaj nyob rau nexus ntau dua 3.8.0, git lfs repo rau Nexus ntau dua 3.3.0 thiab lwm yam)
nexus timezone
yog lub npe ntawm Java lub sijhawm thaj tsam, uas tuaj yeem pab tau ua ke nrog cov kab lus hauv qab no rau cov haujlwm nexus_scheduled.
Nexus chaw nres nkoj thiab cov ntsiab lus teb txoj kev
nexus_default_port: 8081
nexus_default_context_path: '/'
Qhov chaw nres nkoj thiab cov ntsiab lus ntawm txoj kev sib txuas ntawm Java. nexus_default_context_path
yuav tsum muaj ib tug pem hauv ntej slash thaum nws yog teem, xws li: nexus_default_context_path: '/nexus/'
.
Nexus OS User and Group
nexus_os_group: 'nexus'
nexus_os_user: 'nexus'
Cov neeg siv thiab pab pawg siv los ua tus kheej cov ntaub ntawv Nexus thiab khiav cov kev pabcuam yuav raug tsim los ntawm lub luag haujlwm yog tias ib tus ploj lawm.
nexus_os_user_home_dir: '/home/nexus'
Tso cai hloov lub neej ntawd hauv tsev directory rau tus neeg siv nexus
Nexus cov ntaub ntawv piv txwv
nexus_installation_dir: '/opt'
nexus_data_dir: '/var/nexus'
nexus_tmp_dir: "{{ (ansible_os_family == 'RedHat') | ternary('/var/nexus-tmp', '/tmp/nexus') }}"
Nexus Catalogs.
nexus_installation_dir
muaj cov ntaub ntawv executable ntsia taunexus_data_dir
muaj tag nrho cov configuration, repositories thiab downloaded artifacts. Kev cai blobstore txoj kevnexus_data_dir
tuaj yeem kho tau, saib hauv qab nonexus_blobstores
.nexus_tmp_dir
muaj tag nrho cov ntaub ntawv ib ntus. Txoj kev default rau redhat tau tsiv los ntawm/tmp
kom kov yeej tej teeb meem nrog cov txheej txheem ntxuav tsis siv neeg. Saib #168.
Configuring Nexus JVM Memory Siv
nexus_min_heap_size: "1200M"
nexus_max_heap_size: "{{ nexus_min_heap_size }}"
nexus_max_direct_memory: "2G"
Cov no yog lub neej ntawd nqis rau Nexus. Thov tsis txhob hloov cov nqi no Yog koj tsis tau nyeem
Raws li kev ceeb toom thib ob, ntawm no yog ib qho excerpt los ntawm cov ntaub ntawv saum toj no:
Nws tsis pom zoo kom nce JVM heap nco tshaj qhov pom zoo qhov tseem ceeb hauv kev sim los txhim kho kev ua haujlwm. Qhov no tej zaum yuav muaj qhov cuam tshuam tsis zoo, ua rau muaj kev ua haujlwm tsis tsim nyog rau lub operating system.
Administrator password
nexus_admin_password: 'changeme'
Tus password "admin" rau kev teeb tsa. Qhov no tsuas yog ua haujlwm ntawm thawj lub neej ntawd installation. Thov saib [Hloov tus password admin tom qab kev teeb tsa thawj zaug] (# change-admin-password-after-first-install) yog tias koj xav hloov nws tom qab siv lub luag haujlwm.
Nws raug pom zoo kom tsis txhob khaws koj tus password hauv cov ntawv ntshiab hauv phau ntawv ua si, tab sis siv [ansible-vault encryption] (
Tsis qhia npe nkag los ntawm lub neej ntawd
nexus_anonymous_access: false
Kev nkag tsis qhia npe yog raug kaw los ntawm lub neej ntawd. Nyeem ntxiv txog
Public hostname
nexus_public_hostname: 'nexus.vm'
nexus_public_scheme: https
Lub npe tag nrho tsim nyog thiab cov tswv yim (https lossis http) raws li qhov piv txwv Nexus yuav muaj rau nws cov neeg siv khoom.
API nkag rau lub luag haujlwm no
nexus_api_hostname: localhost
nexus_api_scheme: http
nexus_api_validate_certs: "{{ nexus_api_scheme == 'https' }}"
nexus_api_context_path: "{{ nexus_default_context_path }}"
nexus_api_port: "{{ nexus_default_port }}"
Cov kev hloov pauv no tswj hwm lub luag haujlwm txuas mus rau Nexus API li cas rau kev muab.
Rau cov neeg siv siab heev nkaus xwb. Tej zaum koj yuav tsis xav hloov cov kev teeb tsa no
Teem lub npe rov qab
httpd_setup_enable: false
httpd_server_name: "{{ nexus_public_hostname }}"
httpd_default_admin_email: "[email protected]"
httpd_ssl_certificate_file: 'files/nexus.vm.crt'
httpd_ssl_certificate_key_file: 'files/nexus.vm.key'
# httpd_ssl_certificate_chain_file: "{{ httpd_ssl_certificate_file }}"
httpd_copy_ssl_files: true
Teeb
Ua li no koj yuav tsum tau nruab httpd. Nco tseg: thaum twg rau httpd_setup_enable
teeb tus nqitrue
, Nexus hu 127.0.0.1:8081, li tsis tau ncaj qha mus siv tau los ntawm HTTP chaw nres nkoj 8081 los ntawm qhov chaw nyob sab nraud IP.
Lub neej ntawd hostname siv yog nexus_public_hostname
. Yog tias koj xav tau cov npe sib txawv rau qee qhov laj thawj, koj tuaj yeem teeb tsa httpd_server_name
nrog lub ntsiab lus txawv.
Π‘ httpd_copy_ssl_files: true
(los ntawm lub neej ntawd) cov ntawv pov thawj saum toj no yuav tsum muaj nyob hauv koj phau ntawv teev npe playbook thiab yuav raug theej rau lub server thiab teeb tsa hauv apache.
Yog tias koj xav siv daim ntawv pov thawj uas twb muaj lawm ntawm lub server, nruab httpd_copy_ssl_files: false
thiab muab cov kev hloov pauv hauv qab no:
# These specifies to the vhost where to find on the remote server file
# system the certificate files.
httpd_ssl_cert_file_location: "/etc/pki/tls/certs/wildcard.vm.crt"
httpd_ssl_cert_key_location: "/etc/pki/tls/private/wildcard.vm.key"
# httpd_ssl_cert_chain_file_location: "{{ httpd_ssl_cert_file_location }}"
httpd_ssl_cert_chain_file_location
yog xaiv tau thiab yuav tsum tau sab laug unset yog tias koj tsis xav kho cov ntaub ntawv saw
httpd_default_admin_email: "[email protected]"
Teem lub default admin email chaw nyob
LDAP Configuration
Kev sib txuas ntawm LDAP thiab thaj chaw ruaj ntseg raug kaw los ntawm lub neej ntawd
nexus_ldap_realm: false
ldap_connections: []
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'My Company LDAP' # used as a key to update the ldap config
ldap_protocol: 'ldaps' # ldap or ldaps
ldap_hostname: 'ldap.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false # Wether or not to use certs in the nexus trust store
ldap_search_base: 'dc=mycompany,dc=net'
ldap_auth: 'none' # or simple
ldap_auth_username: 'username' # if auth = simple
ldap_auth_password: 'password' # if auth = simple
ldap_user_base_dn: 'ou=users'
ldap_user_filter: '(cn=*)' # (optional)
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_subtree: false
ldap_map_groups_as_roles: false
ldap_group_base_dn: 'ou=groups'
ldap_group_object_class: 'posixGroup'
ldap_group_id_attribute: 'cn'
ldap_group_member_attribute: 'memberUid'
ldap_group_member_format: '${username}'
ldap_group_subtree: false
Piv txwv LDAP configuration rau anonymous authentication (anonymous binding), qhov no kuj yog ib tug "tsawg kawg" configuration:
nexus_ldap_realm: true
ldap_connection:
- ldap_name: 'Simplest LDAP config'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_search_base: 'dc=mycompany,dc=net'
ldap_port: 636
ldap_use_trust_store: false
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_object_class: 'inetOrgPerson'
Piv txwv li LDAP configuration rau yooj yim authentication (siv DSA account):
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_subtree: false
Piv txwv li LDAP kev teeb tsa rau kev txheeb xyuas yooj yim (siv DSA tus account) + pab pawg ua raws li lub luag haujlwm:
nexus_ldap_realm: true
ldap_connections
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_map_groups_as_roles: true
ldap_group_base_dn: 'ou=groups'
ldap_group_object_class: 'groupOfNames'
ldap_group_id_attribute: 'cn'
ldap_group_member_attribute: 'member'
ldap_group_member_format: 'uid=${username},ou=users,dc=mycompany,dc=net'
ldap_group_subtree: false
Piv txwv LDAP configuration rau yooj yim authentication (siv DSA account) + pab pawg dynamically mapped raws li lub luag hauj lwm:
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_map_groups_as_roles: true
ldap_map_groups_as_roles_type: 'dynamic'
ldap_user_memberof_attribute: 'memberOf'
Muaj cai
nexus_privileges:
- name: all-repos-read # used as key to update a privilege
# type: <one of application, repository-admin, repository-content-selector, repository-view, script or wildcard>
description: 'Read & Browse access to all repos'
repository: '*'
actions: # can be add, browse, create, delete, edit, read or * (all)
- read
- browse
# pattern: pattern
# domain: domain
# script_name: name
Sau npe
Cov ntsiab lus no tau ua ke nrog cov txiaj ntsig hauv qab no:
_nexus_privilege_defaults:
type: repository-view
format: maven2
actions:
- read
Roles (Internal Nexus txhais tau tias)
nexus_roles:
- id: Developpers # can map to a LDAP group id, also used as a key to update a role
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
roles: [] # references to other role names
Sau npe
Cov Neeg Siv
nexus_local_users: []
# - username: jenkins # used as key to update
# state: present # default value if ommited, use 'absent' to remove user
# first_name: Jenkins
# last_name: CI
# email: [email protected]
# password: "s3cr3t"
# roles:
# - developers # role ID
Hauv zos (tsis yog LDAP) cov neeg siv / cov npe teev npe los tsim hauv kev sib txuas.
Cov npe ntawm cov neeg siv hauv zos (tsis yog LDAP) cov neeg siv / nyiaj los tsim hauv Nexus.
nexus_ldap_users: []
# - username: j.doe
# state: present
# roles:
# - "nx-admin"
Ldap daim ntawv qhia ntawm cov neeg siv / lub luag haujlwm. Xeev absent
yuav tshem tawm lub luag haujlwm ntawm tus neeg siv uas twb muaj lawm yog tias muaj ib tus neeg twb muaj lawm.
Ldap cov neeg siv tsis raug tshem tawm. Sim los teeb tsa lub luag haujlwm rau tus neeg siv uas tsis muaj nyob yuav ua rau muaj kev ua yuam kev.
Cov ntsiab lus xaiv
nexus_content_selectors:
- name: docker-login
description: Selector for docker login privilege
search_expression: format=="docker" and path=~"/v2/"
Yog xav paub ntxiv txog cov ntsiab lus xaiv, saib
Txhawm rau siv cov ntsiab lus xaiv, ntxiv ib txoj cai tshiab nrog type: repository-content-selector
thiab cuam tshuamcontentSelector
- name: docker-login-privilege
type: repository-content-selector
contentSelector: docker-login
description: 'Login to Docker registry'
repository: '*'
actions:
- read
- browse
Blobstores thiab repositories
nexus_delete_default_repos: false
Rho tawm cov repositories los ntawm lub nexus nruab pib lub neej ntawd configuration. Cov kauj ruam no tsuas yog ua tiav ntawm thawj zaug nruab (thaum nexus_data_dir
tau kuaj pom qhov khoob).
Tshem cov repositories los ntawm lub default configuration rau Nexus. Cov kauj ruam no tsuas yog ua thaum thawj lub installation (thaum nexus_data_dir
khoob).
nexus_delete_default_blobstore: false
Rho tawm lub default blobstore los ntawm nexus nruab qhov pib qhov kev teeb tsa. Qhov no tuaj yeem ua tiav yog tias nexus_delete_default_repos: true
thiab tag nrho cov chaw khaws cia (saib hauv qab) muaj qhov qhia meej blob_store: custom
. Cov kauj ruam no tsuas yog ua tiav ntawm thawj zaug nruab (thaum nexus_data_dir
tau kuaj pom qhov khoob).
Tshem tawm blob cia (binary artifacts) yog neeg xiam oob qhab los ntawm lub neej ntawd los ntawm kev teeb tsa thawj zaug. Txhawm rau tshem tawm blob cia (binary artifacts), tua nexus_delete_default_repos: true
. Cov kauj ruam no tsuas yog ua thaum thawj lub installation (thaum nexus_data_dir
khoob).
nexus_blobstores: []
# example blobstore item :
# - name: separate-storage
# type: file
# path: /mnt/custom/path
# - name: s3-blobstore
# type: S3
# config:
# bucket: s3-blobstore
# accessKeyId: "{{ VAULT_ENCRYPTED_KEY_ID }}"
# secretAccessKey: "{{ VAULT_ENCRYPTED_ACCESS_KEY }}"
Configuring blobstore ntawm S3 yog muab raws li ib qho yooj yim thiab tsis yog ib feem ntawm cov automated xeem peb khiav ntawm travis. Thov nco ntsoov tias khaws cia rau ntawm S3 tsuas yog pom zoo rau cov piv txwv uas siv rau AWS.
Tsim
Kev teeb tsa blob cia ntawm S3 yog muab raws li qhov yooj yim. Thov nco ntsoov tias S3 cia tsuas yog pom zoo rau cov piv txwv uas siv rau AWS.
nexus_repos_maven_proxy:
- name: central
remote_url: 'https://repo1.maven.org/maven2/'
layout_policy: permissive
# maximum_component_age: -1
# maximum_metadata_age: 1440
# negative_cache_enabled: true
# negative_cache_ttl: 1440
- name: jboss
remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
# maximum_component_age: -1
# maximum_metadata_age: 1440
# negative_cache_enabled: true
# negative_cache_ttl: 1440
# example with a login/password :
# - name: secret-remote-repo
# remote_url: 'https://company.com/repo/secure/private/go/away'
# remote_username: 'username'
# remote_password: 'secret'
# # maximum_component_age: -1
# # maximum_metadata_age: 1440
# # negative_cache_enabled: true
# # negative_cache_ttl: 1440
Saum toj no yog ib qho piv txwv configuration
nexus_repos_maven_hosted:
- name: private-release
version_policy: release
write_policy: allow_once # one of "allow", "allow_once" or "deny"
Maven
Configuration
nexus_repos_maven_group:
- name: public
member_repos:
- central
- jboss
Configuration
Tag nrho peb hom repository tau ua ke nrog cov txiaj ntsig hauv qab no:
_nexus_repos_maven_defaults:
blob_store: default # Note : cannot be updated once the repo has been created
strict_content_validation: true
version_policy: release # release, snapshot or mixed
layout_policy: strict # strict or permissive
write_policy: allow_once # one of "allow", "allow_once" or "deny"
maximum_component_age: -1 # Nexus gui default. For proxies only
maximum_metadata_age: 1440 # Nexus gui default. For proxies only
negative_cache_enabled: true # Nexus gui default. For proxies only
negative_cache_ttl: 1440 # Nexus gui default. For proxies only
Docker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFS thiab yum repository hom:
saib defaults/main.yml
rau cov kev xaiv no:
Docker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFS thiab yum repositories yog neeg xiam los ntawm lub neej ntawd:
Saib defaults/main.yml
rau cov kev xaiv no:
nexus_config_pypi: false
nexus_config_docker: false
nexus_config_raw: false
nexus_config_rubygems: false
nexus_config_bower: false
nexus_config_npm: false
nexus_config_gitlfs: false
nexus_config_yum: false
Thov nco ntsoov tias tej zaum koj yuav xav tau kom muaj qee qhov kev nyab xeeb yog tias koj xav siv lwm hom chaw khaws cia uas tsis yog maven. Qhov no yog cuav los ntawm lub neej ntawd
nexus_nuget_api_key_realm: false
nexus_npm_bearer_token_realm: false
nexus_docker_bearer_token_realm: false # required for docker anonymous access
Tej thaj chaw deb neeg siv Realm kuj yuav enabled siv
nexus_rut_auth_realm: true
thiab lub npe tuaj yeem hloov kho los ntawm kev txhais
nexus_rut_auth_header: "CUSTOM_HEADER"
Teem caij ua hauj lwm
nexus_scheduled_tasks: []
# # Example task to compact blobstore :
# - name: compact-docker-blobstore
# cron: '0 0 22 * * ?'
# typeId: blobstore.compact
# task_alert_email: [email protected] # optional
# taskProperties:
# blobstoreName: {{ nexus_blob_names.docker.blob }} # all task attributes are stored as strings by nexus internally
# # Example task to purge maven snapshots
# - name: Purge-maven-snapshots
# cron: '0 50 23 * * ?'
# typeId: repository.maven.remove-snapshots
# task_alert_email: [email protected] # optional
# taskProperties:
# repositoryName: "*" # * for all repos. Change to a repository name if you only want a specific one
# minimumRetained: "2"
# snapshotRetentionDays: "2"
# gracePeriodInDays: "2"
# booleanTaskProperties:
# removeIfReleased: true
# # Example task to purge unused docker manifest and images
# - name: Purge unused docker manifests and images
# cron: '0 55 23 * * ?'
# typeId: "repository.docker.gc"
# task_alert_email: [email protected] # optional
# taskProperties:
# repositoryName: "*" # * for all repos. Change to a repository name if you only want a specific one
# # Example task to purge incomplete docker uploads
# - name: Purge incomplete docker uploads
# cron: '0 0 0 * * ?'
# typeId: "repository.docker.upload-purge"
# task_alert_email: [email protected] # optional
# taskProperties:
# age: "24"
typeId
thiab ua haujlwm tshwj xeebtaskProperties
/booleanTaskProperties
koj tuaj yeem twv yog:
- los ntawm Java hom hierarchy
org.sonatype.nexus.scheduling.TaskDescriptorSupport
- tshawb xyuas daim ntawv tsim ua haujlwm HTML hauv koj tus browser
- los ntawm saib AJAX thov nyob rau hauv qhov browser thaum manually teeb tsa ib txoj haujlwm.
Cov cuab yeej ua haujlwm yuav tsum tau tshaj tawm hauv qhov tseeb yaml thaiv nyob ntawm lawv hom:
taskProperties
rau tag nrho cov hlua khoom (piv txwv li lub npe chaw cia khoom, lub npe chaw cia khoom, lub sijhawm ...).booleanTaskProperties
rau tag nrho cov khoom muaj txiaj ntsig (piv txwv li feem ntau checkboxes nyob rau hauv GUI ntawm lub nexus creation hauj lwm).
Thaub qab
nexus_backup_configure: false
nexus_backup_cron: '0 0 21 * * ?' # See cron expressions definition in nexus create task gui
nexus_backup_dir: '/var/nexus-backup'
nexus_restore_log: '{{ nexus_backup_dir }}/nexus-restore.log'
nexus_backup_rotate: false
nexus_backup_rotate_first: false
nexus_backup_keep_rotations: 4 # Keep 4 backup rotation by default (current + last 3)
Cov thaub qab yuav tsis raug teeb tsa kom txog thaum koj hloov nexus_backup_configure
Π² true
.
Nyob rau hauv cov ntaub ntawv no, lub sij hawm tsab ntawv ua hauj lwm yuav configured khiav ntawm Nexus
ntawm lub caij nyoog teev nyob rau hauv nexus_backup_cron
(default 21:00 txhua hnub).
Saib [groovy template rau txoj haujlwm no](templates/backup.groovy.j2) kom paub meej.
Cov haujlwm uas tau teem tseg no yog ywj siab ntawm lwm tus nexus_scheduled_tasks
koj
tshaj tawm hauv koj phau ntawv ua si.
Yog tias koj xav tig / rho tawm cov thaub qab, nruab nexus_backup_rotate: true
thiab teeb tsa tus naj npawb ntawm cov thaub qab koj xav txuag siv nexus_backup_keep_rotations
(default 4).
Thaum siv kev sib hloov, yog tias koj xav txuag qhov chaw disk ntxiv thaum lub sijhawm thaub qab,
Koj tuaj yeem nruab nexus_backup_rotate_first: true
. Qhov no yuav configure pre-rotation / deletion ua ntej backup. Los ntawm lub neej ntawd, kev sib hloov tshwm sim tom qab tsim kev thaub qab. Thov nco ntsoov tias nyob rau hauv rooj plaub no cov qub thaub qab
yuav muab deleted ua ntej lub backup tam sim no.
Cov txheej txheem rov qab
Khiav playbook nrog parameter -e nexus_restore_point=<YYYY-MM-dd-HH-mm-ss>
(piv txwv li, 2017-12-17-21-00-00 rau Lub Kaum Ob Hlis 17, 2017 ntawm 21:00
Tshem tawm nexus
Ceeb Toom: Qhov no yuav tshem koj cov ntaub ntawv tam sim no tag nrho. Nco ntsoov ua thaub qab ua ntej yog tias tsim nyog
Siv qhov sib txawv nexus_purge
yog tias koj xav tau rov pib dua los ntawm kos thiab rov nruab qhov piv txwv nexus nrog tag nrho cov ntaub ntawv tshem tawm.
ansible-playbook -i your/inventory.ini your_nexus_playbook.yml -e nexus_purge=true
Hloov tus thawj tswj tus password tom qab kev teeb tsa thawj zaug
nexus_default_admin_password: 'admin123'
Qhov no yuav tsum tsis txhob hloov pauv hauv koj phau ntawv ua si. Qhov sib txawv no yog populated nrog lub neej ntawd Nexus admin lo lus zais thaum xub thawj thiab xyuas kom meej tias peb tuaj yeem hloov tus password admin rau nexus_admin_password
.
Yog tias koj xav hloov tus password tus thawj tswj hwm tom qab kev teeb tsa thawj zaug, koj tuaj yeem hloov nws mus rau tus password qub los ntawm kab hais kom ua. Tom qab hloov nexus_admin_password
hauv koj phau ntawv playbook koj tuaj yeem khiav:
ansible-playbook -i your/inventory.ini your_playbook.yml -e nexus_default_admin_password=oldPassword
Telegram channel ntawm Nexus Sonatype:
Tsuas yog cov neeg siv sau npe tuaj yeem koom nrog hauv daim ntawv ntsuam xyuas.
Dab tsi artifact repositories koj siv?
-
Sonatype Nexus yog dawb
-
Sonatype Nexus them
-
Artifactory yog dawb
-
Artifactory them
-
Chaw nres nkoj
-
Pulp
9 cov neeg siv pov npav. 3 cov neeg siv tau txwv.
Tau qhov twg los: www.hab.com