Sonatype Nexus yog lub platform sib koom ua ke los ntawm cov neeg tsim khoom tuaj yeem tso npe, khaws thiab tswj hwm Java (Maven) kev vam khom, Docker, Python, Ruby, NPM, Bower dluab, RPM pob, gitlfs, Apt, Mus, Nuget, thiab faib lawv cov software ruaj ntseg.
Vim li cas koj thiaj xav tau Sonatype Nexus?
- Txhawm rau khaws cov khoom ntiag tug;
- Rau caching artifacts uas yog downloaded los ntawm Internet;
Artifacts txaus siab nyob rau hauv cov yooj yim Sonatype Nexus pob:
- Java, Maven (zeeg)
- docker
- Python (pib)
- Ruby (zeeg)
- NPM
- Bowers
- Yog (rpm)
- gitlfs ua
- Nyoo
- Apt (dab)
- Go
- Nugs
Zej Zog Txhawb Khoom Artifacts:
- Composer
- Conan
- CPAN
- ELPA
- Helm
- P2
- R
Txhim kho Sonatype Nexus siv
uas yuav tsum tau
- Nyeem txog kev siv ansible hauv Internet.
- Nruab ansible
pip install ansiblentawm qhov chaw ua haujlwm qhov chaw ua si ua haujlwm. - Teeb ntawm qhov chaw ua haujlwm qhov chaw ua si ua haujlwm.
- Teeb ntawm qhov chaw ua haujlwm qhov chaw ua si ua haujlwm.
- Lub luag haujlwm no tau raug sim ntawm CentOS 7, Ubuntu Xenial (16.04) thiab Bionic (18.04), Debian Jessie thiab Stretch
jmespathLub tsev qiv ntawv yuav tsum tau muab ntsia rau ntawm qhov chaw ua haujlwm uas cov phau ntawv ua si tau ua haujlwm. Rau nruab:sudo pip install -r requirements.txt- Txuag cov ntaub ntawv playbook (piv txwv li hauv qab) rau nexus.yml cov ntaub ntawv
- Khiav Nexus installation
ansible-playbook -i host nexus.yml
Piv txwv li ansible-playbook rau kev txhim kho nexus tsis muaj LDAP nrog Maven (java), Docker, Python, Ruby, NPM, Bower, RPM thiab gitlfs repositories.
---
- name: Nexus
hosts: nexus
become: yes
vars:
nexus_timezone: 'Asia/Omsk'
nexus_admin_password: "admin123"
nexus_public_hostname: 'apatsev-nexus-playbook'
httpd_setup_enable: false
nexus_privileges:
- name: all-repos-read
description: 'Read & Browse access to all repos'
repository: '*'
actions:
- read
- browse
- name: company-project-deploy
description: 'Deployments to company-project'
repository: company-project
actions:
- add
- edit
nexus_roles:
- id: Developpers # maps to the LDAP group
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
- company-project-deploy
roles: []
nexus_local_users:
- username: jenkins # used as key to update
first_name: Jenkins
last_name: CI
email: [email protected]
password: "s3cr3t"
roles:
- Developpers # role ID here
nexus_blobstores:
- name: company-artifacts
path: /var/nexus/blobs/company-artifacts
nexus_scheduled_tasks:
- name: compact-blobstore
cron: '0 0 22 * * ?'
typeId: blobstore.compact
taskProperties:
blobstoreName: 'company-artifacts'
nexus_repos_maven_proxy:
- name: central
remote_url: 'https://repo1.maven.org/maven2/'
layout_policy: permissive
- name: jboss
remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
- name: vaadin-addons
remote_url: 'https://maven.vaadin.com/vaadin-addons/'
- name: jaspersoft
remote_url: 'https://jaspersoft.artifactoryonline.com/jaspersoft/jaspersoft-repo/'
version_policy: mixed
nexus_repos_maven_hosted:
- name: company-project
version_policy: mixed
write_policy: allow
blob_store: company-artifacts
nexus_repos_maven_group:
- name: public
member_repos:
- central
- jboss
- vaadin-addons
- jaspersoft
# Yum. Change nexus_config_yum to true for create yum repository
nexus_config_yum: true
nexus_repos_yum_hosted:
- name: private_yum_centos_7
repodata_depth: 1
nexus_repos_yum_proxy:
- name: epel_centos_7_x86_64
remote_url: http://download.fedoraproject.org/pub/epel/7/x86_64
maximum_component_age: -1
maximum_metadata_age: -1
negative_cache_ttl: 60
- name: centos-7-os-x86_64
remote_url: http://mirror.centos.org/centos/7/os/x86_64/
maximum_component_age: -1
maximum_metadata_age: -1
negative_cache_ttl: 60
nexus_repos_yum_group:
- name: yum_all
member_repos:
- private_yum_centos_7
- epel_centos_7_x86_64
# NPM. Change nexus_config_npm to true for create npm repository
nexus_config_npm: true
nexus_repos_npm_hosted: []
nexus_repos_npm_group:
- name: npm-public
member_repos:
- npm-registry
nexus_repos_npm_proxy:
- name: npm-registry
remote_url: https://registry.npmjs.org/
negative_cache_enabled: false
# Docker. Change nexus_config_docker to true for create docker repository
nexus_config_docker: true
nexus_repos_docker_hosted:
- name: docker-hosted
http_port: "{{ nexus_docker_hosted_port }}"
v1_enabled: True
nexus_repos_docker_proxy:
- name: docker-proxy
http_port: "{{ nexus_docker_proxy_port }}"
v1_enabled: True
index_type: "HUB"
remote_url: "https://registry-1.docker.io"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_docker_group:
- name: docker-group
http_port: "{{ nexus_docker_group_port }}"
v1_enabled: True
member_repos:
- docker-hosted
- docker-proxy
# Bower. Change nexus_config_bower to true for create bower repository
nexus_config_bower: true
nexus_repos_bower_hosted:
- name: bower-hosted
nexus_repos_bower_proxy:
- name: bower-proxy
index_type: "proxy"
remote_url: "https://registry.bower.io"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_bower_group:
- name: bower-group
member_repos:
- bower-hosted
- bower-proxy
# Pypi. Change nexus_config_pypi to true for create pypi repository
nexus_config_pypi: true
nexus_repos_pypi_hosted:
- name: pypi-hosted
nexus_repos_pypi_proxy:
- name: pypi-proxy
index_type: "proxy"
remote_url: "https://pypi.org/"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_pypi_group:
- name: pypi-group
member_repos:
- pypi-hosted
- pypi-proxy
# rubygems. Change nexus_config_rubygems to true for create rubygems repository
nexus_config_rubygems: true
nexus_repos_rubygems_hosted:
- name: rubygems-hosted
nexus_repos_rubygems_proxy:
- name: rubygems-proxy
index_type: "proxy"
remote_url: "https://rubygems.org"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_rubygems_group:
- name: rubygems-group
member_repos:
- rubygems-hosted
- rubygems-proxy
# gitlfs. Change nexus_config_gitlfs to true for create gitlfs repository
nexus_config_gitlfs: true
nexus_repos_gitlfs_hosted:
- name: gitlfs-hosted
roles:
- { role: geerlingguy.java }
# Debian/Ubuntu only
# - { role: geerlingguy.apache, apache_create_vhosts: no, apache_mods_enabled: ["proxy_http.load", "headers.load"], apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
# RedHat/CentOS only
- { role: geerlingguy.apache, apache_create_vhosts: no, apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
- { role: ansible-thoteam.nexus3-oss, tags: ['ansible-thoteam.nexus3-oss'] }Screenshots:
Cov luag hauj lwm sib txawv
Role Variables
Cov kev hloov pauv uas muaj qhov tseem ceeb (saib default/main.yml):
General variables
nexus_version: ''
nexus_timezone: 'UTC'Los ntawm lub neej ntawd, lub luag hauj lwm yuav nruab qhov tseeb muaj version ntawm Nexus. Koj tuaj yeem kho qhov version los ntawm kev hloov pauv hloov pauv nexus_version. Saib muaj versions ntawm .
Yog hais tias koj hloov mus rau ib tug tshiab version, lub luag hauj lwm yuav sim hloov kho koj Nexus installation.
Yog hais tias koj siv ib tug laus version ntawm Nexus tshaj qhov tseeb, koj yuav tsum xyuas kom meej tias koj tsis siv cov yam ntxwv uas tsis muaj nyob rau hauv lub tso tawm (piv txwv li, hosting yum repositories yog muaj nyob rau nexus ntau dua 3.8.0, git lfs repo rau Nexus ntau dua 3.3.0 thiab lwm yam)
nexus timezone yog lub npe ntawm Java lub sijhawm thaj tsam, uas tuaj yeem pab tau ua ke nrog cov kab lus hauv qab no rau cov haujlwm nexus_scheduled.
Nexus chaw nres nkoj thiab cov ntsiab lus teb txoj kev
nexus_default_port: 8081
nexus_default_context_path: '/'Qhov chaw nres nkoj thiab cov ntsiab lus ntawm txoj kev sib txuas ntawm Java. nexus_default_context_path yuav tsum muaj ib tug pem hauv ntej slash thaum nws yog teem, xws li: nexus_default_context_path: '/nexus/'.
Nexus OS User and Group
nexus_os_group: 'nexus'
nexus_os_user: 'nexus'Cov neeg siv thiab pab pawg siv los ua tus kheej cov ntaub ntawv Nexus thiab khiav cov kev pabcuam yuav raug tsim los ntawm lub luag haujlwm yog tias ib tus ploj lawm.
nexus_os_user_home_dir: '/home/nexus'Tso cai hloov lub neej ntawd hauv tsev directory rau tus neeg siv nexus
Nexus cov ntaub ntawv piv txwv
nexus_installation_dir: '/opt'
nexus_data_dir: '/var/nexus'
nexus_tmp_dir: "{{ (ansible_os_family == 'RedHat') | ternary('/var/nexus-tmp', '/tmp/nexus') }}"Nexus Catalogs.
nexus_installation_dirmuaj cov ntaub ntawv executable ntsia taunexus_data_dirmuaj tag nrho cov configuration, repositories thiab downloaded artifacts. Kev cai blobstore txoj kevnexus_data_dirtuaj yeem kho tau, saib hauv qab nonexus_blobstores.nexus_tmp_dirmuaj tag nrho cov ntaub ntawv ib ntus. Txoj kev default rau redhat tau tsiv los ntawm/tmpkom kov yeej tej teeb meem nrog cov txheej txheem ntxuav tsis siv neeg. Saib #168.
Configuring Nexus JVM Memory Siv
nexus_min_heap_size: "1200M"
nexus_max_heap_size: "{{ nexus_min_heap_size }}"
nexus_max_direct_memory: "2G"Cov no yog lub neej ntawd nqis rau Nexus. Thov tsis txhob hloov cov nqi no Yog koj tsis tau nyeem thiab tsis nkag siab tias lawv ua dab tsi.
Raws li kev ceeb toom thib ob, ntawm no yog ib qho excerpt los ntawm cov ntaub ntawv saum toj no:
Nws tsis pom zoo kom nce JVM heap nco tshaj qhov pom zoo qhov tseem ceeb hauv kev sim los txhim kho kev ua haujlwm. Qhov no tej zaum yuav muaj qhov cuam tshuam tsis zoo, ua rau muaj kev ua haujlwm tsis tsim nyog rau lub operating system.
Administrator password
nexus_admin_password: 'changeme'Tus password "admin" rau kev teeb tsa. Qhov no tsuas yog ua haujlwm ntawm thawj lub neej ntawd installation. Thov saib [Hloov tus password admin tom qab kev teeb tsa thawj zaug] (# change-admin-password-after-first-install) yog tias koj xav hloov nws tom qab siv lub luag haujlwm.
Nws raug pom zoo kom tsis txhob khaws koj tus password hauv cov ntawv ntshiab hauv phau ntawv ua si, tab sis siv [ansible-vault encryption] () (xws li inline lossis hauv ib cov ntaub ntawv sib cais loaded nrog e.g. include_vars)
Tsis qhia npe nkag los ntawm lub neej ntawd
nexus_anonymous_access: falseKev nkag tsis qhia npe yog raug kaw los ntawm lub neej ntawd. Nyeem ntxiv txog .
Public hostname
nexus_public_hostname: 'nexus.vm'
nexus_public_scheme: httpsLub npe tag nrho tsim nyog thiab cov tswv yim (https lossis http) raws li qhov piv txwv Nexus yuav muaj rau nws cov neeg siv khoom.
API nkag rau lub luag haujlwm no
nexus_api_hostname: localhost
nexus_api_scheme: http
nexus_api_validate_certs: "{{ nexus_api_scheme == 'https' }}"
nexus_api_context_path: "{{ nexus_default_context_path }}"
nexus_api_port: "{{ nexus_default_port }}"Cov kev hloov pauv no tswj hwm lub luag haujlwm txuas mus rau Nexus API li cas rau kev muab.
Rau cov neeg siv siab heev nkaus xwb. Tej zaum koj yuav tsis xav hloov cov kev teeb tsa no
Teem lub npe rov qab
httpd_setup_enable: false
httpd_server_name: "{{ nexus_public_hostname }}"
httpd_default_admin_email: "[email protected]"
httpd_ssl_certificate_file: 'files/nexus.vm.crt'
httpd_ssl_certificate_key_file: 'files/nexus.vm.key'
# httpd_ssl_certificate_chain_file: "{{ httpd_ssl_certificate_file }}"
httpd_copy_ssl_files: trueTeeb .
Ua li no koj yuav tsum tau nruab httpd. Nco tseg: thaum twg rau httpd_setup_enable teeb tus nqitrue, Nexus hu 127.0.0.1:8081, li tsis tau ncaj qha mus siv tau los ntawm HTTP chaw nres nkoj 8081 los ntawm qhov chaw nyob sab nraud IP.
Lub neej ntawd hostname siv yog nexus_public_hostname. Yog tias koj xav tau cov npe sib txawv rau qee qhov laj thawj, koj tuaj yeem teeb tsa httpd_server_name nrog lub ntsiab lus txawv.
Π‘ httpd_copy_ssl_files: true (los ntawm lub neej ntawd) cov ntawv pov thawj saum toj no yuav tsum muaj nyob hauv koj phau ntawv teev npe playbook thiab yuav raug theej rau lub server thiab teeb tsa hauv apache.
Yog tias koj xav siv daim ntawv pov thawj uas twb muaj lawm ntawm lub server, nruab httpd_copy_ssl_files: false thiab muab cov kev hloov pauv hauv qab no:
# These specifies to the vhost where to find on the remote server file
# system the certificate files.
httpd_ssl_cert_file_location: "/etc/pki/tls/certs/wildcard.vm.crt"
httpd_ssl_cert_key_location: "/etc/pki/tls/private/wildcard.vm.key"
# httpd_ssl_cert_chain_file_location: "{{ httpd_ssl_cert_file_location }}"httpd_ssl_cert_chain_file_location yog xaiv tau thiab yuav tsum tau sab laug unset yog tias koj tsis xav kho cov ntaub ntawv saw
httpd_default_admin_email: "[email protected]"Teem lub default admin email chaw nyob
LDAP Configuration
Kev sib txuas ntawm LDAP thiab thaj chaw ruaj ntseg raug kaw los ntawm lub neej ntawd
nexus_ldap_realm: false
ldap_connections: [], txhua yam zoo li no:
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'My Company LDAP' # used as a key to update the ldap config
ldap_protocol: 'ldaps' # ldap or ldaps
ldap_hostname: 'ldap.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false # Wether or not to use certs in the nexus trust store
ldap_search_base: 'dc=mycompany,dc=net'
ldap_auth: 'none' # or simple
ldap_auth_username: 'username' # if auth = simple
ldap_auth_password: 'password' # if auth = simple
ldap_user_base_dn: 'ou=users'
ldap_user_filter: '(cn=*)' # (optional)
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_subtree: false
ldap_map_groups_as_roles: false
ldap_group_base_dn: 'ou=groups'
ldap_group_object_class: 'posixGroup'
ldap_group_id_attribute: 'cn'
ldap_group_member_attribute: 'memberUid'
ldap_group_member_format: '${username}'
ldap_group_subtree: falsePiv txwv LDAP configuration rau anonymous authentication (anonymous binding), qhov no kuj yog ib tug "tsawg kawg" configuration:
nexus_ldap_realm: true
ldap_connection:
- ldap_name: 'Simplest LDAP config'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_search_base: 'dc=mycompany,dc=net'
ldap_port: 636
ldap_use_trust_store: false
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_object_class: 'inetOrgPerson'Piv txwv li LDAP configuration rau yooj yim authentication (siv DSA account):
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_subtree: falsePiv txwv li LDAP kev teeb tsa rau kev txheeb xyuas yooj yim (siv DSA tus account) + pab pawg ua raws li lub luag haujlwm:
nexus_ldap_realm: true
ldap_connections
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_map_groups_as_roles: true
ldap_group_base_dn: 'ou=groups'
ldap_group_object_class: 'groupOfNames'
ldap_group_id_attribute: 'cn'
ldap_group_member_attribute: 'member'
ldap_group_member_format: 'uid=${username},ou=users,dc=mycompany,dc=net'
ldap_group_subtree: falsePiv txwv LDAP configuration rau yooj yim authentication (siv DSA account) + pab pawg dynamically mapped raws li lub luag hauj lwm:
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_map_groups_as_roles: true
ldap_map_groups_as_roles_type: 'dynamic'
ldap_user_memberof_attribute: 'memberOf'Muaj cai
nexus_privileges:
- name: all-repos-read # used as key to update a privilege
# type: <one of application, repository-admin, repository-content-selector, repository-view, script or wildcard>
description: 'Read & Browse access to all repos'
repository: '*'
actions: # can be add, browse, create, delete, edit, read or * (all)
- read
- browse
# pattern: pattern
# domain: domain
# script_name: nameSau npe rau kev teeb tsa. Saib cov ntaub ntawv thiab GUI los xyuas seb qhov hloov pauv twg yuav tsum tau teeb tsa nyob ntawm seb hom cai.
Cov ntsiab lus no tau ua ke nrog cov txiaj ntsig hauv qab no:
_nexus_privilege_defaults:
type: repository-view
format: maven2
actions:
- readRoles (Internal Nexus txhais tau tias)
nexus_roles:
- id: Developpers # can map to a LDAP group id, also used as a key to update a role
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
roles: [] # references to other role namesSau npe rau kev teeb tsa.
Cov Neeg Siv
nexus_local_users: []
# - username: jenkins # used as key to update
# state: present # default value if ommited, use 'absent' to remove user
# first_name: Jenkins
# last_name: CI
# email: [email protected]
# password: "s3cr3t"
# roles:
# - developers # role IDHauv zos (tsis yog LDAP) cov neeg siv / cov npe teev npe los tsim hauv kev sib txuas.
Cov npe ntawm cov neeg siv hauv zos (tsis yog LDAP) cov neeg siv / nyiaj los tsim hauv Nexus.
nexus_ldap_users: []
# - username: j.doe
# state: present
# roles:
# - "nx-admin"Ldap daim ntawv qhia ntawm cov neeg siv / lub luag haujlwm. Xeev absent yuav tshem tawm lub luag haujlwm ntawm tus neeg siv uas twb muaj lawm yog tias muaj ib tus neeg twb muaj lawm.
Ldap cov neeg siv tsis raug tshem tawm. Sim los teeb tsa lub luag haujlwm rau tus neeg siv uas tsis muaj nyob yuav ua rau muaj kev ua yuam kev.
Cov ntsiab lus xaiv
nexus_content_selectors:
- name: docker-login
description: Selector for docker login privilege
search_expression: format=="docker" and path=~"/v2/"Yog xav paub ntxiv txog cov ntsiab lus xaiv, saib .
Txhawm rau siv cov ntsiab lus xaiv, ntxiv ib txoj cai tshiab nrog type: repository-content-selector thiab cuam tshuamcontentSelector
- name: docker-login-privilege
type: repository-content-selector
contentSelector: docker-login
description: 'Login to Docker registry'
repository: '*'
actions:
- read
- browseBlobstores thiab repositories
nexus_delete_default_repos: falseRho tawm cov repositories los ntawm lub nexus nruab pib lub neej ntawd configuration. Cov kauj ruam no tsuas yog ua tiav ntawm thawj zaug nruab (thaum nexus_data_dir tau kuaj pom qhov khoob).
Tshem cov repositories los ntawm lub default configuration rau Nexus. Cov kauj ruam no tsuas yog ua thaum thawj lub installation (thaum nexus_data_dir khoob).
nexus_delete_default_blobstore: falseRho tawm lub default blobstore los ntawm nexus nruab qhov pib qhov kev teeb tsa. Qhov no tuaj yeem ua tiav yog tias nexus_delete_default_repos: true thiab tag nrho cov chaw khaws cia (saib hauv qab) muaj qhov qhia meej blob_store: custom. Cov kauj ruam no tsuas yog ua tiav ntawm thawj zaug nruab (thaum nexus_data_dir tau kuaj pom qhov khoob).
Tshem tawm blob cia (binary artifacts) yog neeg xiam oob qhab los ntawm lub neej ntawd los ntawm kev teeb tsa thawj zaug. Txhawm rau tshem tawm blob cia (binary artifacts), tua nexus_delete_default_repos: true. Cov kauj ruam no tsuas yog ua thaum thawj lub installation (thaum nexus_data_dir khoob).
nexus_blobstores: []
# example blobstore item :
# - name: separate-storage
# type: file
# path: /mnt/custom/path
# - name: s3-blobstore
# type: S3
# config:
# bucket: s3-blobstore
# accessKeyId: "{{ VAULT_ENCRYPTED_KEY_ID }}"
# secretAccessKey: "{{ VAULT_ENCRYPTED_ACCESS_KEY }}"tsim. Ib txoj hauv kev blobstore thiab lub chaw khaws cia blobstore tsis tuaj yeem hloov kho tom qab pib tsim (txhua qhov hloov tshiab ntawm no yuav raug tsis quav ntsej txog kev rov muab).
Configuring blobstore ntawm S3 yog muab raws li ib qho yooj yim thiab tsis yog ib feem ntawm cov automated xeem peb khiav ntawm travis. Thov nco ntsoov tias khaws cia rau ntawm S3 tsuas yog pom zoo rau cov piv txwv uas siv rau AWS.
Tsim . Txoj kev khaws cia thiab chaw cia khoom tsis tuaj yeem hloov kho tom qab kev tsim thawj zaug (txhua qhov hloov tshiab ntawm no yuav raug tsis quav ntsej thaum nruab dua).
Kev teeb tsa blob cia ntawm S3 yog muab raws li qhov yooj yim. Thov nco ntsoov tias S3 cia tsuas yog pom zoo rau cov piv txwv uas siv rau AWS.
nexus_repos_maven_proxy:
- name: central
remote_url: 'https://repo1.maven.org/maven2/'
layout_policy: permissive
# maximum_component_age: -1
# maximum_metadata_age: 1440
# negative_cache_enabled: true
# negative_cache_ttl: 1440
- name: jboss
remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
# maximum_component_age: -1
# maximum_metadata_age: 1440
# negative_cache_enabled: true
# negative_cache_ttl: 1440
# example with a login/password :
# - name: secret-remote-repo
# remote_url: 'https://company.com/repo/secure/private/go/away'
# remote_username: 'username'
# remote_password: 'secret'
# # maximum_component_age: -1
# # maximum_metadata_age: 1440
# # negative_cache_enabled: true
# # negative_cache_ttl: 1440Saum toj no yog ib qho piv txwv configuration Maven.
nexus_repos_maven_hosted:
- name: private-release
version_policy: release
write_policy: allow_once # one of "allow", "allow_once" or "deny"Maven kev teeb tsa. Tsis zoo cache config yog xaiv tau thiab yuav ua li cas rau cov nqi saum toj no yog tshem tawm.
Configuration Maven. Qhov tsis zoo cache configuration (-1) yog xaiv tau thiab yuav ua raws li cov nqi saum toj no yog tias tsis tau teev tseg.
nexus_repos_maven_group:
- name: public
member_repos:
- central
- jbossConfiguration Maven.
Tag nrho peb hom repository tau ua ke nrog cov txiaj ntsig hauv qab no:
_nexus_repos_maven_defaults:
blob_store: default # Note : cannot be updated once the repo has been created
strict_content_validation: true
version_policy: release # release, snapshot or mixed
layout_policy: strict # strict or permissive
write_policy: allow_once # one of "allow", "allow_once" or "deny"
maximum_component_age: -1 # Nexus gui default. For proxies only
maximum_metadata_age: 1440 # Nexus gui default. For proxies only
negative_cache_enabled: true # Nexus gui default. For proxies only
negative_cache_ttl: 1440 # Nexus gui default. For proxies onlyDocker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFS thiab yum repository hom:
saib defaults/main.yml rau cov kev xaiv no:
Docker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFS thiab yum repositories yog neeg xiam los ntawm lub neej ntawd:
Saib defaults/main.yml rau cov kev xaiv no:
nexus_config_pypi: false
nexus_config_docker: false
nexus_config_raw: false
nexus_config_rubygems: false
nexus_config_bower: false
nexus_config_npm: false
nexus_config_gitlfs: false
nexus_config_yum: falseThov nco ntsoov tias tej zaum koj yuav xav tau kom muaj qee qhov kev nyab xeeb yog tias koj xav siv lwm hom chaw khaws cia uas tsis yog maven. Qhov no yog cuav los ntawm lub neej ntawd
nexus_nuget_api_key_realm: false
nexus_npm_bearer_token_realm: false
nexus_docker_bearer_token_realm: false # required for docker anonymous accessTej thaj chaw deb neeg siv Realm kuj yuav enabled siv
nexus_rut_auth_realm: truethiab lub npe tuaj yeem hloov kho los ntawm kev txhais
nexus_rut_auth_header: "CUSTOM_HEADER"Teem caij ua hauj lwm
nexus_scheduled_tasks: []
# # Example task to compact blobstore :
# - name: compact-docker-blobstore
# cron: '0 0 22 * * ?'
# typeId: blobstore.compact
# task_alert_email: [email protected] # optional
# taskProperties:
# blobstoreName: {{ nexus_blob_names.docker.blob }} # all task attributes are stored as strings by nexus internally
# # Example task to purge maven snapshots
# - name: Purge-maven-snapshots
# cron: '0 50 23 * * ?'
# typeId: repository.maven.remove-snapshots
# task_alert_email: [email protected] # optional
# taskProperties:
# repositoryName: "*" # * for all repos. Change to a repository name if you only want a specific one
# minimumRetained: "2"
# snapshotRetentionDays: "2"
# gracePeriodInDays: "2"
# booleanTaskProperties:
# removeIfReleased: true
# # Example task to purge unused docker manifest and images
# - name: Purge unused docker manifests and images
# cron: '0 55 23 * * ?'
# typeId: "repository.docker.gc"
# task_alert_email: [email protected] # optional
# taskProperties:
# repositoryName: "*" # * for all repos. Change to a repository name if you only want a specific one
# # Example task to purge incomplete docker uploads
# - name: Purge incomplete docker uploads
# cron: '0 0 0 * * ?'
# typeId: "repository.docker.upload-purge"
# task_alert_email: [email protected] # optional
# taskProperties:
# age: "24" rau kev teeb tsa. typeId thiab ua haujlwm tshwj xeebtaskProperties/booleanTaskProperties koj tuaj yeem twv yog:
- los ntawm Java hom hierarchy
org.sonatype.nexus.scheduling.TaskDescriptorSupport - tshawb xyuas daim ntawv tsim ua haujlwm HTML hauv koj tus browser
- los ntawm saib AJAX thov nyob rau hauv qhov browser thaum manually teeb tsa ib txoj haujlwm.
Cov cuab yeej ua haujlwm yuav tsum tau tshaj tawm hauv qhov tseeb yaml thaiv nyob ntawm lawv hom:
taskPropertiesrau tag nrho cov hlua khoom (piv txwv li lub npe chaw cia khoom, lub npe chaw cia khoom, lub sijhawm ...).booleanTaskPropertiesrau tag nrho cov khoom muaj txiaj ntsig (piv txwv li feem ntau checkboxes nyob rau hauv GUI ntawm lub nexus creation hauj lwm).
Thaub qab
nexus_backup_configure: false
nexus_backup_cron: '0 0 21 * * ?' # See cron expressions definition in nexus create task gui
nexus_backup_dir: '/var/nexus-backup'
nexus_restore_log: '{{ nexus_backup_dir }}/nexus-restore.log'
nexus_backup_rotate: false
nexus_backup_rotate_first: false
nexus_backup_keep_rotations: 4 # Keep 4 backup rotation by default (current + last 3)Cov thaub qab yuav tsis raug teeb tsa kom txog thaum koj hloov nexus_backup_configure Π² true.
Nyob rau hauv cov ntaub ntawv no, lub sij hawm tsab ntawv ua hauj lwm yuav configured khiav ntawm Nexus
ntawm lub caij nyoog teev nyob rau hauv nexus_backup_cron (default 21:00 txhua hnub).
Saib [groovy template rau txoj haujlwm no](templates/backup.groovy.j2) kom paub meej.
Cov haujlwm uas tau teem tseg no yog ywj siab ntawm lwm tus nexus_scheduled_taskskoj
tshaj tawm hauv koj phau ntawv ua si.
Yog tias koj xav tig / rho tawm cov thaub qab, nruab nexus_backup_rotate: true thiab teeb tsa tus naj npawb ntawm cov thaub qab koj xav txuag siv nexus_backup_keep_rotations (default 4).
Thaum siv kev sib hloov, yog tias koj xav txuag qhov chaw disk ntxiv thaum lub sijhawm thaub qab,
Koj tuaj yeem nruab nexus_backup_rotate_first: true. Qhov no yuav configure pre-rotation / deletion ua ntej backup. Los ntawm lub neej ntawd, kev sib hloov tshwm sim tom qab tsim kev thaub qab. Thov nco ntsoov tias nyob rau hauv rooj plaub no cov qub thaub qab
yuav muab deleted ua ntej lub backup tam sim no.
Cov txheej txheem rov qab
Khiav playbook nrog parameter -e nexus_restore_point=<YYYY-MM-dd-HH-mm-ss>
(piv txwv li, 2017-12-17-21-00-00 rau Lub Kaum Ob Hlis 17, 2017 ntawm 21:00
Tshem tawm nexus
Ceeb Toom: Qhov no yuav tshem koj cov ntaub ntawv tam sim no tag nrho. Nco ntsoov ua thaub qab ua ntej yog tias tsim nyog
Siv qhov sib txawv nexus_purgeyog tias koj xav tau rov pib dua los ntawm kos thiab rov nruab qhov piv txwv nexus nrog tag nrho cov ntaub ntawv tshem tawm.
ansible-playbook -i your/inventory.ini your_nexus_playbook.yml -e nexus_purge=trueHloov tus thawj tswj tus password tom qab kev teeb tsa thawj zaug
nexus_default_admin_password: 'admin123'Qhov no yuav tsum tsis txhob hloov pauv hauv koj phau ntawv ua si. Qhov sib txawv no yog populated nrog lub neej ntawd Nexus admin lo lus zais thaum xub thawj thiab xyuas kom meej tias peb tuaj yeem hloov tus password admin rau nexus_admin_password.
Yog tias koj xav hloov tus password tus thawj tswj hwm tom qab kev teeb tsa thawj zaug, koj tuaj yeem hloov nws mus rau tus password qub los ntawm kab hais kom ua. Tom qab hloov nexus_admin_password hauv koj phau ntawv playbook koj tuaj yeem khiav:
ansible-playbook -i your/inventory.ini your_playbook.yml -e nexus_default_admin_password=oldPasswordTelegram channel ntawm Nexus Sonatype:
Tsuas yog cov neeg siv sau npe tuaj yeem koom nrog hauv daim ntawv ntsuam xyuas. thov.
Dab tsi artifact repositories koj siv?
-
Sonatype Nexus yog dawb
-
Sonatype Nexus them
-
Artifactory yog dawb
-
Artifactory them
-
Chaw nres nkoj
-
Pulp
9 cov neeg siv pov npav. 3 cov neeg siv tau txwv.
Tau qhov twg los: www.hab.com