Sonatype Nexus se yon platfòm entegre kote devlopè yo ka proxy, estoke ak jere depandans Java (Maven), Docker, Python, Ruby, NPM, imaj Bower, pakè RPM, gitlfs, Apt, Go, Nuget, epi distribye sekirite lojisyèl yo.
Poukisa ou bezwen Sonatype Nexus?
- Pou estoke zafè prive;
- Pou kachèt zafè ki telechaje sou entènèt la;
Afèk yo sipòte nan pake debaz Sonatype Nexus:
- Java, Maven (bokal)
- Koupre
- Python (pip)
- Ruby (gem)
- NPM
- Bowers
- Yum (rpm)
- gitlfs
- Anvan tout koreksyon
- Apt (deb)
- Go
- Nuget
Afèk Kominote sipòte:
- konpozitè
- Conan
- CPAN
- ELPA
- Helm
- P2
- R
Enstale Sonatype Nexus lè l sèvi avèk
Kondisyon pou
- Li sou itilizasyon ansible sou entènèt la.
- Enstale ansible
pip install ansiblesou estasyon travay la kote playbook la kouri. - Mete sou estasyon travay la kote playbook la kouri.
- Mete sou estasyon travay la kote playbook la kouri.
- Wòl sa a te teste sou CentOS 7, Ubuntu Xenial (16.04) ak Bionic (18.04), Debian Jessie ak Stretch.
jmespathBibliyotèk la dwe enstale sou estasyon travay kote liv la ap kouri. Pou enstale:sudo pip install -r requirements.txt- Sove dosye playbook la (egzanp anba a) nan dosye nexus.yml
- Kouri enstalasyon nexus
ansible-playbook -i host nexus.yml
Egzanp ansible-playbook pou enstale nexus san LDAP ak Maven (java), Docker, Python, Ruby, NPM, Bower, RPM ak depo gitlfs.
---
- name: Nexus
hosts: nexus
become: yes
vars:
nexus_timezone: 'Asia/Omsk'
nexus_admin_password: "admin123"
nexus_public_hostname: 'apatsev-nexus-playbook'
httpd_setup_enable: false
nexus_privileges:
- name: all-repos-read
description: 'Read & Browse access to all repos'
repository: '*'
actions:
- read
- browse
- name: company-project-deploy
description: 'Deployments to company-project'
repository: company-project
actions:
- add
- edit
nexus_roles:
- id: Developpers # maps to the LDAP group
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
- company-project-deploy
roles: []
nexus_local_users:
- username: jenkins # used as key to update
first_name: Jenkins
last_name: CI
email: [email protected]
password: "s3cr3t"
roles:
- Developpers # role ID here
nexus_blobstores:
- name: company-artifacts
path: /var/nexus/blobs/company-artifacts
nexus_scheduled_tasks:
- name: compact-blobstore
cron: '0 0 22 * * ?'
typeId: blobstore.compact
taskProperties:
blobstoreName: 'company-artifacts'
nexus_repos_maven_proxy:
- name: central
remote_url: 'https://repo1.maven.org/maven2/'
layout_policy: permissive
- name: jboss
remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
- name: vaadin-addons
remote_url: 'https://maven.vaadin.com/vaadin-addons/'
- name: jaspersoft
remote_url: 'https://jaspersoft.artifactoryonline.com/jaspersoft/jaspersoft-repo/'
version_policy: mixed
nexus_repos_maven_hosted:
- name: company-project
version_policy: mixed
write_policy: allow
blob_store: company-artifacts
nexus_repos_maven_group:
- name: public
member_repos:
- central
- jboss
- vaadin-addons
- jaspersoft
# Yum. Change nexus_config_yum to true for create yum repository
nexus_config_yum: true
nexus_repos_yum_hosted:
- name: private_yum_centos_7
repodata_depth: 1
nexus_repos_yum_proxy:
- name: epel_centos_7_x86_64
remote_url: http://download.fedoraproject.org/pub/epel/7/x86_64
maximum_component_age: -1
maximum_metadata_age: -1
negative_cache_ttl: 60
- name: centos-7-os-x86_64
remote_url: http://mirror.centos.org/centos/7/os/x86_64/
maximum_component_age: -1
maximum_metadata_age: -1
negative_cache_ttl: 60
nexus_repos_yum_group:
- name: yum_all
member_repos:
- private_yum_centos_7
- epel_centos_7_x86_64
# NPM. Change nexus_config_npm to true for create npm repository
nexus_config_npm: true
nexus_repos_npm_hosted: []
nexus_repos_npm_group:
- name: npm-public
member_repos:
- npm-registry
nexus_repos_npm_proxy:
- name: npm-registry
remote_url: https://registry.npmjs.org/
negative_cache_enabled: false
# Docker. Change nexus_config_docker to true for create docker repository
nexus_config_docker: true
nexus_repos_docker_hosted:
- name: docker-hosted
http_port: "{{ nexus_docker_hosted_port }}"
v1_enabled: True
nexus_repos_docker_proxy:
- name: docker-proxy
http_port: "{{ nexus_docker_proxy_port }}"
v1_enabled: True
index_type: "HUB"
remote_url: "https://registry-1.docker.io"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_docker_group:
- name: docker-group
http_port: "{{ nexus_docker_group_port }}"
v1_enabled: True
member_repos:
- docker-hosted
- docker-proxy
# Bower. Change nexus_config_bower to true for create bower repository
nexus_config_bower: true
nexus_repos_bower_hosted:
- name: bower-hosted
nexus_repos_bower_proxy:
- name: bower-proxy
index_type: "proxy"
remote_url: "https://registry.bower.io"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_bower_group:
- name: bower-group
member_repos:
- bower-hosted
- bower-proxy
# Pypi. Change nexus_config_pypi to true for create pypi repository
nexus_config_pypi: true
nexus_repos_pypi_hosted:
- name: pypi-hosted
nexus_repos_pypi_proxy:
- name: pypi-proxy
index_type: "proxy"
remote_url: "https://pypi.org/"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_pypi_group:
- name: pypi-group
member_repos:
- pypi-hosted
- pypi-proxy
# rubygems. Change nexus_config_rubygems to true for create rubygems repository
nexus_config_rubygems: true
nexus_repos_rubygems_hosted:
- name: rubygems-hosted
nexus_repos_rubygems_proxy:
- name: rubygems-proxy
index_type: "proxy"
remote_url: "https://rubygems.org"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_rubygems_group:
- name: rubygems-group
member_repos:
- rubygems-hosted
- rubygems-proxy
# gitlfs. Change nexus_config_gitlfs to true for create gitlfs repository
nexus_config_gitlfs: true
nexus_repos_gitlfs_hosted:
- name: gitlfs-hosted
roles:
- { role: geerlingguy.java }
# Debian/Ubuntu only
# - { role: geerlingguy.apache, apache_create_vhosts: no, apache_mods_enabled: ["proxy_http.load", "headers.load"], apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
# RedHat/CentOS only
- { role: geerlingguy.apache, apache_create_vhosts: no, apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
- { role: ansible-thoteam.nexus3-oss, tags: ['ansible-thoteam.nexus3-oss'] }Ekran:
Wòl varyab
Varyab wòl
Varyab ak valè default (gade default/main.yml):
Varyab jeneral
nexus_version: ''
nexus_timezone: 'UTC'Pa default, wòl la pral enstale dènye vèsyon ki disponib nan Nexus. Ou ka ranje vèsyon an pa chanje varyab la nexus_version. Gade vèsyon ki disponib nan .
Si w chanje nan yon nouvo vèsyon, wòl la ap eseye mete ajou enstalasyon Nexus ou a.
Si w ap itilize yon vèsyon Nexus ki pi gran pase dènye a, ou ta dwe asire w ke w pa itilize karakteristik ki pa disponib nan lage ki enstale a (pa egzanp, hosting yum repositories disponib pou nexus ki pi gran pase 3.8.0, git lfs repo). pou lyen ki pi gran pase 3.3.0 elatriye)
nexus timezone se non zòn tan Java a, ki ka itil nan konbinezon ak ekspresyon cron sa yo pou travay nexus_scheduled.
Pò Nexus ak chemen kontèks
nexus_default_port: 8081
nexus_default_context_path: '/'Pò ak chemen kontèks pwosesis koneksyon Java a. nexus_default_context_path dwe genyen yon koupe devan lè li mete, pa egzanp: nexus_default_context_path: '/nexus/'.
Nexus OS Itilizatè ak gwoup
nexus_os_group: 'nexus'
nexus_os_user: 'nexus'Itilizatè a ak gwoup ki te itilize pou posede fichiers Nexus ak kouri sèvis la pral kreye pa wòl si yonn ki manke.
nexus_os_user_home_dir: '/home/nexus'Pèmèt chanje anyè lakay default pou itilizatè lyen an
Anyè egzanp Nexus
nexus_installation_dir: '/opt'
nexus_data_dir: '/var/nexus'
nexus_tmp_dir: "{{ (ansible_os_family == 'RedHat') | ternary('/var/nexus-tmp', '/tmp/nexus') }}"Katalòg Nexus.
nexus_installation_dirgen enstale dosye ègzèkutablnexus_data_dirgen tout konfigirasyon, depo ak zafè telechaje. Chemen blobstore koutimnexus_data_dirka Customized, gade anba anexus_blobstores.nexus_tmp_dirgen tout dosye tanporè. Chemen default pou redhat te deplase soti nan/tmpsimonte pwoblèm potansyèl ak pwosedi netwayaj otomatik yo. Gade #168.
Konfigirasyon itilizasyon Nexus JVM memwa
nexus_min_heap_size: "1200M"
nexus_max_heap_size: "{{ nexus_min_heap_size }}"
nexus_max_direct_memory: "2G"Sa yo se anviwònman yo default pou Nexus. Tanpri pa chanje valè sa yo Si ou poko li epi yo pa konprann sa yo ap fè.
Kòm yon dezyèm avètisman, isit la se yon ekstrè nan dokiman ki anwo a:
Li pa rekòmande pou ogmante memwa pil JVM pi lwen pase valè rekòmande yo pou eseye amelyore pèfòmans. Sa a ka aktyèlman gen efè opoze a, sa ki lakòz travay nesesè pou sistèm operasyon an.
Modpas administratè
nexus_admin_password: 'changeme'Modpas kont "admin" pou konfigirasyon an. Sa a sèlman travay sou premye enstalasyon an default. Tanpri gade [Chanje modpas admin apre premye enstalasyon](# change-admin-password-after-first-install) si ou vle chanje li pita lè w sèvi ak yon wòl.
Li rekòmande fòtman pa estoke modpas ou nan tèks klè nan liv la, men pou itilize [ansible-vault cryptage] () (swa inline oswa nan yon fichye separe ki chaje ak egzanp include_vars)
Aksè anonim pa default
nexus_anonymous_access: falseAksè anonim enfim pa default. Li plis sou .
Non animatè piblik
nexus_public_hostname: 'nexus.vm'
nexus_public_scheme: httpsNon domèn totalman kalifye ak konplo (https oswa http) kote egzanp Nexus a ap disponib pou kliyan li yo.
Aksè API pou wòl sa a
nexus_api_hostname: localhost
nexus_api_scheme: http
nexus_api_validate_certs: "{{ nexus_api_scheme == 'https' }}"
nexus_api_context_path: "{{ nexus_default_context_path }}"
nexus_api_port: "{{ nexus_default_port }}"Varyab sa yo kontwole kijan wòl la konekte ak API Nexus pou pwovizyon.
Pou itilizatè avanse sèlman. Ou pwobableman pa vle chanje paramèt default sa yo
Mete kanpe yon prokurasyon ranvèse
httpd_setup_enable: false
httpd_server_name: "{{ nexus_public_hostname }}"
httpd_default_admin_email: "[email protected]"
httpd_ssl_certificate_file: 'files/nexus.vm.crt'
httpd_ssl_certificate_key_file: 'files/nexus.vm.key'
# httpd_ssl_certificate_chain_file: "{{ httpd_ssl_certificate_file }}"
httpd_copy_ssl_files: trueMete .
Pou fè sa ou bezwen enstale httpd. Nòt: lè pou httpd_setup_enable mete valètrue, lyen kontak 127.0.0.1:8081, konsa pa gen okenn yo te dirèkteman aksesib atravè pò HTTP 8081 soti nan adrès la IP ekstèn.
Non host default yo itilize a se nexus_public_hostname. Si ou bezwen diferan non pou kèk rezon, ou ka mete httpd_server_name ak yon siyifikasyon diferan.
С httpd_copy_ssl_files: true (pa default) sètifika ki anwo yo ta dwe egziste nan anyè playbook ou a epi yo pral kopye sou sèvè a ak konfigirasyon nan apache.
Si ou vle sèvi ak sètifika ki egziste deja sou sèvè a, enstale httpd_copy_ssl_files: false epi bay varyab sa yo:
# These specifies to the vhost where to find on the remote server file
# system the certificate files.
httpd_ssl_cert_file_location: "/etc/pki/tls/certs/wildcard.vm.crt"
httpd_ssl_cert_key_location: "/etc/pki/tls/private/wildcard.vm.key"
# httpd_ssl_cert_chain_file_location: "{{ httpd_ssl_cert_file_location }}"httpd_ssl_cert_chain_file_location se opsyonèl epi yo ta dwe kite unset si ou pa vle Customize dosye a chèn
httpd_default_admin_email: "[email protected]"Mete adrès imel admin default
Konfigirasyon LDAP
Koneksyon LDAP ak domèn sekirite yo enfim pa default
nexus_ldap_realm: false
ldap_connections: [], chak eleman sanble sa a:
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'My Company LDAP' # used as a key to update the ldap config
ldap_protocol: 'ldaps' # ldap or ldaps
ldap_hostname: 'ldap.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false # Wether or not to use certs in the nexus trust store
ldap_search_base: 'dc=mycompany,dc=net'
ldap_auth: 'none' # or simple
ldap_auth_username: 'username' # if auth = simple
ldap_auth_password: 'password' # if auth = simple
ldap_user_base_dn: 'ou=users'
ldap_user_filter: '(cn=*)' # (optional)
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_subtree: false
ldap_map_groups_as_roles: false
ldap_group_base_dn: 'ou=groups'
ldap_group_object_class: 'posixGroup'
ldap_group_id_attribute: 'cn'
ldap_group_member_attribute: 'memberUid'
ldap_group_member_format: '${username}'
ldap_group_subtree: falseEgzanp konfigirasyon LDAP pou otantifikasyon anonim (anonim obligatwa), sa a se tou yon konfigirasyon "minimòm":
nexus_ldap_realm: true
ldap_connection:
- ldap_name: 'Simplest LDAP config'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_search_base: 'dc=mycompany,dc=net'
ldap_port: 636
ldap_use_trust_store: false
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_object_class: 'inetOrgPerson'Egzanp konfigirasyon LDAP pou otantifikasyon senp (itilize kont DSA):
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_subtree: falseEgzanp konfigirasyon LDAP pou otantifikasyon senp (itilize kont DSA) + gwoup ki trase kòm wòl:
nexus_ldap_realm: true
ldap_connections
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_map_groups_as_roles: true
ldap_group_base_dn: 'ou=groups'
ldap_group_object_class: 'groupOfNames'
ldap_group_id_attribute: 'cn'
ldap_group_member_attribute: 'member'
ldap_group_member_format: 'uid=${username},ou=users,dc=mycompany,dc=net'
ldap_group_subtree: falseEgzanp konfigirasyon LDAP pou otantifikasyon senp (itilize kont DSA) + gwoup ki te trase dinamik kòm wòl:
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_map_groups_as_roles: true
ldap_map_groups_as_roles_type: 'dynamic'
ldap_user_memberof_attribute: 'memberOf'Privilèj
nexus_privileges:
- name: all-repos-read # used as key to update a privilege
# type: <one of application, repository-admin, repository-content-selector, repository-view, script or wildcard>
description: 'Read & Browse access to all repos'
repository: '*'
actions: # can be add, browse, create, delete, edit, read or * (all)
- read
- browse
# pattern: pattern
# domain: domain
# script_name: nameLis pou paramèt. Gade nan dokiman an ak entèfas pou tcheke ki varyab yo bezwen mete depann sou kalite a privilèj.
Eleman sa yo konbine avèk valè default sa yo:
_nexus_privilege_defaults:
type: repository-view
format: maven2
actions:
- readWòl (andan Nexus sa vle di)
nexus_roles:
- id: Developpers # can map to a LDAP group id, also used as a key to update a role
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
roles: [] # references to other role namesLis pou paramèt.
Manm
nexus_local_users: []
# - username: jenkins # used as key to update
# state: present # default value if ommited, use 'absent' to remove user
# first_name: Jenkins
# last_name: CI
# email: [email protected]
# password: "s3cr3t"
# roles:
# - developers # role IDLis itilizatè/kont lokal (ki pa LDAP) pou kreye nan nexus.
Lis itilizatè/kont lokal (ki pa LDAP) pou kreye nan Nexus.
nexus_ldap_users: []
# - username: j.doe
# state: present
# roles:
# - "nx-admin"Ldap kat itilizatè yo / wòl. Eta absent pral retire wòl nan yon itilizatè ki egziste deja si youn deja egziste.
Itilizatè Ldap yo pa efase. Eseye mete yon wòl pou yon itilizatè ki pa egziste pral lakòz yon erè.
Seleksyon kontni
nexus_content_selectors:
- name: docker-login
description: Selector for docker login privilege
search_expression: format=="docker" and path=~"/v2/"Pou plis enfòmasyon sou seleksyon kontni an, gade .
Pou itilize seleksyon kontni an, ajoute yon nouvo privilèj ak type: repository-content-selector ak ki enpòtancontentSelector
- name: docker-login-privilege
type: repository-content-selector
contentSelector: docker-login
description: 'Login to Docker registry'
repository: '*'
actions:
- read
- browseBlobstores ak depo
nexus_delete_default_repos: falseEfase depo yo nan nexus enstale premye konfigirasyon default. Se etap sa a sèlman egzekite sou premye fwa enstale (lè nexus_data_dir te detekte vid).
Retire depo nan konfigirasyon default default pou Nexus. Etap sa a fèt sèlman pandan premye enstalasyon an (lè nexus_data_dir vid).
nexus_delete_default_blobstore: falseEfase defo blobstore nan nexus enstale inisyal konfigirasyon default la. Sa a ka fè sèlman si nexus_delete_default_repos: true ak tout depo konfigirasyon (gade anba a) gen yon eksplisit blob_store: custom. Se etap sa a sèlman egzekite sou premye fwa enstale (lè nexus_data_dir te detekte vid).
Retire depo blob (afèkti binè) se enfim pa default nan konfigirasyon inisyal la. Pou retire depo blob (afèkti binè), fèmen nexus_delete_default_repos: true. Etap sa a fèt sèlman pandan premye enstalasyon an (lè nexus_data_dir vid).
nexus_blobstores: []
# example blobstore item :
# - name: separate-storage
# type: file
# path: /mnt/custom/path
# - name: s3-blobstore
# type: S3
# config:
# bucket: s3-blobstore
# accessKeyId: "{{ VAULT_ENCRYPTED_KEY_ID }}"
# secretAccessKey: "{{ VAULT_ENCRYPTED_ACCESS_KEY }}"kreye. Yon chemen blobstore ak yon depo blobstore pa kapab mete ajou apre premye kreyasyon (nenpòt aktyalizasyon isit la pral inyore sou re-pwovizyon).
Konfigirasyon blobstore sou S3 bay kòm yon konvenyans epi li pa fè pati tès otomatik nou fè sou travis yo. Tanpri sonje ke estoke sou S3 rekòmande sèlman pou ka deplwaye sou AWS.
Kreyasyon . Chemen depo a ak depo depo pa ka mete ajou apre kreyasyon inisyal la (nenpòt aktyalizasyon isit la pral inyore lè enstale ankò).
Mete kanpe depo blob sou S3 bay kòm yon konvenyans. Tanpri sonje ke depo S3 rekòmande sèlman pou ka deplwaye sou AWS.
nexus_repos_maven_proxy:
- name: central
remote_url: 'https://repo1.maven.org/maven2/'
layout_policy: permissive
# maximum_component_age: -1
# maximum_metadata_age: 1440
# negative_cache_enabled: true
# negative_cache_ttl: 1440
- name: jboss
remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
# maximum_component_age: -1
# maximum_metadata_age: 1440
# negative_cache_enabled: true
# negative_cache_ttl: 1440
# example with a login/password :
# - name: secret-remote-repo
# remote_url: 'https://company.com/repo/secure/private/go/away'
# remote_username: 'username'
# remote_password: 'secret'
# # maximum_component_age: -1
# # maximum_metadata_age: 1440
# # negative_cache_enabled: true
# # negative_cache_ttl: 1440Anwo a se yon egzanp konfigirasyon Maven.
nexus_repos_maven_hosted:
- name: private-release
version_policy: release
write_policy: allow_once # one of "allow", "allow_once" or "deny"Maven konfigirasyon. Konfigirasyon kachèt negatif opsyonèl epi yo pral default nan valè ki anwo yo si yo omisyon.
Konfigirasyon Maven. Konfigirasyon kachèt negatif la (-1) se opsyonèl epi li pral default nan valè ki anwo yo si yo pa espesifye.
nexus_repos_maven_group:
- name: public
member_repos:
- central
- jbossKonfigirasyon Maven.
Tout twa kalite depo yo konbine avèk valè default sa yo:
_nexus_repos_maven_defaults:
blob_store: default # Note : cannot be updated once the repo has been created
strict_content_validation: true
version_policy: release # release, snapshot or mixed
layout_policy: strict # strict or permissive
write_policy: allow_once # one of "allow", "allow_once" or "deny"
maximum_component_age: -1 # Nexus gui default. For proxies only
maximum_metadata_age: 1440 # Nexus gui default. For proxies only
negative_cache_enabled: true # Nexus gui default. For proxies only
negative_cache_ttl: 1440 # Nexus gui default. For proxies onlyDocker, Pypi, kri, Rubygems, Bower, NPM, Git-LFS ak yum kalite depo:
wè defaults/main.yml pou opsyon sa yo:
Docker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFS ak depo yum yo enfim pa default:
Al gade nan defaults/main.yml pou opsyon sa yo:
nexus_config_pypi: false
nexus_config_docker: false
nexus_config_raw: false
nexus_config_rubygems: false
nexus_config_bower: false
nexus_config_npm: false
nexus_config_gitlfs: false
nexus_config_yum: falseTanpri sonje ke ou ka bezwen aktive sèten sijè ki abòde sekirite si ou vle sèvi ak lòt kalite depo lòt pase Maven. Sa a se fo pa default
nexus_nuget_api_key_realm: false
nexus_npm_bearer_token_realm: false
nexus_docker_bearer_token_realm: false # required for docker anonymous accessRemote User Realm kapab tou aktive lè l sèvi avèk
nexus_rut_auth_realm: trueak tit la ka Customized pa defini
nexus_rut_auth_header: "CUSTOM_HEADER"Travay pwograme yo
nexus_scheduled_tasks: []
# # Example task to compact blobstore :
# - name: compact-docker-blobstore
# cron: '0 0 22 * * ?'
# typeId: blobstore.compact
# task_alert_email: [email protected] # optional
# taskProperties:
# blobstoreName: {{ nexus_blob_names.docker.blob }} # all task attributes are stored as strings by nexus internally
# # Example task to purge maven snapshots
# - name: Purge-maven-snapshots
# cron: '0 50 23 * * ?'
# typeId: repository.maven.remove-snapshots
# task_alert_email: [email protected] # optional
# taskProperties:
# repositoryName: "*" # * for all repos. Change to a repository name if you only want a specific one
# minimumRetained: "2"
# snapshotRetentionDays: "2"
# gracePeriodInDays: "2"
# booleanTaskProperties:
# removeIfReleased: true
# # Example task to purge unused docker manifest and images
# - name: Purge unused docker manifests and images
# cron: '0 55 23 * * ?'
# typeId: "repository.docker.gc"
# task_alert_email: [email protected] # optional
# taskProperties:
# repositoryName: "*" # * for all repos. Change to a repository name if you only want a specific one
# # Example task to purge incomplete docker uploads
# - name: Purge incomplete docker uploads
# cron: '0 0 0 * * ?'
# typeId: "repository.docker.upload-purge"
# task_alert_email: [email protected] # optional
# taskProperties:
# age: "24" pou paramèt. typeId ak travay espesifiktaskProperties/booleanTaskProperties ou ka devine swa:
- soti nan yerachi a kalite Java
org.sonatype.nexus.scheduling.TaskDescriptorSupport - tcheke fòm kreyasyon travay HTML nan navigatè w la
- soti nan gade demann AJAX nan navigatè a lè manyèlman mete kanpe yon travay.
Pwopriyete travay yo dwe deklare nan blòk yaml ki kòrèk la selon kalite yo:
taskPropertiespou tout pwopriyete fisèl (sa vle di non depo, non depo, peryòd tan...).booleanTaskPropertiespou tout pwopriyete lojik (sa vle di sitou kaz nan entèfas travay kreyasyon lyen an).
Sovgad
nexus_backup_configure: false
nexus_backup_cron: '0 0 21 * * ?' # See cron expressions definition in nexus create task gui
nexus_backup_dir: '/var/nexus-backup'
nexus_restore_log: '{{ nexus_backup_dir }}/nexus-restore.log'
nexus_backup_rotate: false
nexus_backup_rotate_first: false
nexus_backup_keep_rotations: 4 # Keep 4 backup rotation by default (current + last 3)Sovgad pa pral configuré jiskaske ou chanje nexus_backup_configure в true.
Nan ka sa a, travay script pwograme a pral configuré pou kouri sou Nexus
nan entèval ki espesifye nan nexus_backup_cron (default 21:00 chak jou).
Gade [modèl groovy pou travay sa a](templates/backup.groovy.j2) pou plis detay.
Travay pwograme sa a endepandan de lòt moun nexus_scheduled_taskski ou
anonse nan liv jwèt ou a.
Si ou vle Thorne / efase sovgad, enstale nexus_backup_rotate: true epi configured kantite sovgad ou ta renmen sove lè l sèvi avèk nexus_backup_keep_rotations (default 4).
Lè w ap itilize wotasyon, si ou vle sove plis espas disk pandan pwosesis backup la,
Ou ka enstale nexus_backup_rotate_first: true. Sa a pral configured pre-wotasyon / efase anvan backup. Pa default, wotasyon fèt apre yo fin kreye yon backup. Tanpri sonje ke nan ka sa a sovgad yo fin vye granmoun
yo pral efase anvan backup aktyèl la fèt.
Pwosedi rekiperasyon an
Kouri playbook ak paramèt -e nexus_restore_point=<YYYY-MM-dd-HH-mm-ss>
(pa egzanp, 2017-12-17-21-00-00 pou 17 desanm 2017 a 21:00
Retire lyen
Avètisman: Sa a pral konplètman efase done aktyèl ou yo. Asire w ou fè yon backup pi bonè si sa nesesè
Sèvi ak yon varyab nexus_purgesi ou bezwen rekòmanse nan grafouyen epi réinstaller egzanp lyen an ak tout done yo retire.
ansible-playbook -i your/inventory.ini your_nexus_playbook.yml -e nexus_purge=trueChanje modpas administratè apre premye enstalasyon
nexus_default_admin_password: 'admin123'Sa a pa ta dwe chanje nan playbook ou a. Varyab sa a peple ak modpas admin default Nexus lè premye enstale epi asire ke nou ka chanje modpas admin la. nexus_admin_password.
Si ou vle chanje modpas administratè a apre premye enstalasyon an, ou ka tanporèman chanje li nan ansyen modpas la nan liy lòd la. Apre chanjman nexus_admin_password nan liv jwèt ou a ou ka kouri:
ansible-playbook -i your/inventory.ini your_playbook.yml -e nexus_default_admin_password=oldPasswordChanèl Telegram sou Nexus Sonatype:
Se sèlman itilizatè ki anrejistre ki ka patisipe nan sondaj la. , tanpri.
Ki depo zam ou itilize?
-
Sonatype Nexus gratis
-
Sonatype Nexus peye
-
Artifactory gratis
-
Artifactory peye
-
Harbor
-
Kaka
9 itilizatè yo te vote. 3 itilizatè te absteni.
Sous: www.habr.com