Sonatype Nexus ืืื ืคืืืคืืจืื ืืฉืืืืช ืฉืืืืฆืขืืชื ืืคืชืืื ืืืืืื ืืืฆืืจ proxy, ืืืืกื ืืื ืื ืชืืืช ืฉื Java (Maven), Docker, Python, Ruby, NPM, ืชืืื ืืช Bower, ืืืืืืช RPM, gitlfs, Apt, Go, Nuget, ืืืืคืืฅ ืืช ืืืืืช ืืชืืื ื ืฉืืื.
ืืื ืืชื ืฆืจืื Sonatype Nexus?
- ืืืืกืื ืืคืฆืื ืคืจืืืื;
- ืขืืืจ ืืืกืื ืืคืฆืื ืืืืืื ืฉืืืจืื ืืืืื ืืจื ื;
ืืคืฆืื ื ืชืืืื ืืืืืืช Sonatype Nexus ืืืกืืกืืช:
- Java, Maven (ืฆื ืฆื ืช)
- ืกึทืึธืจ
- Python (pip)
- ืจืืื (ืคื ืื ื)
- NPM
- ืึตึผืืช ืงึทืึดื
- ืืื (ืกื"ื)
- gitlfs
- ืื
- Apt (ืื)
- Go
- ื ืืื
ืืคืฆืื ื ืชืืืื ืขื ืืื ืงืืืื:
- ืืืืื
- ืงืื ืื
- CPAN
- ELPA
- ืืื
- P2
- R
ืืชืงื ืช Sonatype Nexus ืืืืฆืขืืช
ืืจืืฉืืช
- ืงืจืื ืขื ืฉืืืืฉ ื- ansible ืืืื ืืจื ื.
- ืืชืงื ืื ืกืืื
pip install ansibleืืชืื ืช ืืขืืืื ืฉืื ืคืืขื ืกืคืจ ืืืฉืืงืื. - ืืืชืงืื ืืชืื ืช ืืขืืืื ืฉืื ืคืืขื ืกืคืจ ืืืฉืืงืื.
- ืืืชืงืื ืืชืื ืช ืืขืืืื ืฉืื ืคืืขื ืกืคืจ ืืืฉืืงืื.
- ืชืคืงืื ืื ื ืืืง ื-CentOS 7, ืืืืื ืื Xenial (16.04) ืื-Bionic (18.04), ืืืืื ื'ืกื ื-Stretch
jmespathืืกืคืจืืื ืืืืืช ืืืืืช ืืืชืงื ืช ืืชืื ืช ืืขืืืื ืฉืื ืคืืขื ืกืคืจ ืืืคืขืื. ืืืชืงืื:sudo pip install -r requirements.txt- ืฉืืืจ ืืช ืงืืืฅ ื-Playbook (ืืืืื ืืืื) ืืงืืืฅ nexus.yml
- ืืคืขื ืืช ืืชืงื ืช nexus
ansible-playbook -i host nexus.yml
ืืืืื ื- ansible-playbook ืืืชืงื ืช nexus ืืื LDAP ืขื ืืืืจื Maven (Java), Docker, Python, Ruby, NPM, Bower, RPM ื-gitlfs.
---
- name: Nexus
hosts: nexus
become: yes
vars:
nexus_timezone: 'Asia/Omsk'
nexus_admin_password: "admin123"
nexus_public_hostname: 'apatsev-nexus-playbook'
httpd_setup_enable: false
nexus_privileges:
- name: all-repos-read
description: 'Read & Browse access to all repos'
repository: '*'
actions:
- read
- browse
- name: company-project-deploy
description: 'Deployments to company-project'
repository: company-project
actions:
- add
- edit
nexus_roles:
- id: Developpers # maps to the LDAP group
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
- company-project-deploy
roles: []
nexus_local_users:
- username: jenkins # used as key to update
first_name: Jenkins
last_name: CI
email: [email protected]
password: "s3cr3t"
roles:
- Developpers # role ID here
nexus_blobstores:
- name: company-artifacts
path: /var/nexus/blobs/company-artifacts
nexus_scheduled_tasks:
- name: compact-blobstore
cron: '0 0 22 * * ?'
typeId: blobstore.compact
taskProperties:
blobstoreName: 'company-artifacts'
nexus_repos_maven_proxy:
- name: central
remote_url: 'https://repo1.maven.org/maven2/'
layout_policy: permissive
- name: jboss
remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
- name: vaadin-addons
remote_url: 'https://maven.vaadin.com/vaadin-addons/'
- name: jaspersoft
remote_url: 'https://jaspersoft.artifactoryonline.com/jaspersoft/jaspersoft-repo/'
version_policy: mixed
nexus_repos_maven_hosted:
- name: company-project
version_policy: mixed
write_policy: allow
blob_store: company-artifacts
nexus_repos_maven_group:
- name: public
member_repos:
- central
- jboss
- vaadin-addons
- jaspersoft
# Yum. Change nexus_config_yum to true for create yum repository
nexus_config_yum: true
nexus_repos_yum_hosted:
- name: private_yum_centos_7
repodata_depth: 1
nexus_repos_yum_proxy:
- name: epel_centos_7_x86_64
remote_url: http://download.fedoraproject.org/pub/epel/7/x86_64
maximum_component_age: -1
maximum_metadata_age: -1
negative_cache_ttl: 60
- name: centos-7-os-x86_64
remote_url: http://mirror.centos.org/centos/7/os/x86_64/
maximum_component_age: -1
maximum_metadata_age: -1
negative_cache_ttl: 60
nexus_repos_yum_group:
- name: yum_all
member_repos:
- private_yum_centos_7
- epel_centos_7_x86_64
# NPM. Change nexus_config_npm to true for create npm repository
nexus_config_npm: true
nexus_repos_npm_hosted: []
nexus_repos_npm_group:
- name: npm-public
member_repos:
- npm-registry
nexus_repos_npm_proxy:
- name: npm-registry
remote_url: https://registry.npmjs.org/
negative_cache_enabled: false
# Docker. Change nexus_config_docker to true for create docker repository
nexus_config_docker: true
nexus_repos_docker_hosted:
- name: docker-hosted
http_port: "{{ nexus_docker_hosted_port }}"
v1_enabled: True
nexus_repos_docker_proxy:
- name: docker-proxy
http_port: "{{ nexus_docker_proxy_port }}"
v1_enabled: True
index_type: "HUB"
remote_url: "https://registry-1.docker.io"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_docker_group:
- name: docker-group
http_port: "{{ nexus_docker_group_port }}"
v1_enabled: True
member_repos:
- docker-hosted
- docker-proxy
# Bower. Change nexus_config_bower to true for create bower repository
nexus_config_bower: true
nexus_repos_bower_hosted:
- name: bower-hosted
nexus_repos_bower_proxy:
- name: bower-proxy
index_type: "proxy"
remote_url: "https://registry.bower.io"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_bower_group:
- name: bower-group
member_repos:
- bower-hosted
- bower-proxy
# Pypi. Change nexus_config_pypi to true for create pypi repository
nexus_config_pypi: true
nexus_repos_pypi_hosted:
- name: pypi-hosted
nexus_repos_pypi_proxy:
- name: pypi-proxy
index_type: "proxy"
remote_url: "https://pypi.org/"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_pypi_group:
- name: pypi-group
member_repos:
- pypi-hosted
- pypi-proxy
# rubygems. Change nexus_config_rubygems to true for create rubygems repository
nexus_config_rubygems: true
nexus_repos_rubygems_hosted:
- name: rubygems-hosted
nexus_repos_rubygems_proxy:
- name: rubygems-proxy
index_type: "proxy"
remote_url: "https://rubygems.org"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_rubygems_group:
- name: rubygems-group
member_repos:
- rubygems-hosted
- rubygems-proxy
# gitlfs. Change nexus_config_gitlfs to true for create gitlfs repository
nexus_config_gitlfs: true
nexus_repos_gitlfs_hosted:
- name: gitlfs-hosted
roles:
- { role: geerlingguy.java }
# Debian/Ubuntu only
# - { role: geerlingguy.apache, apache_create_vhosts: no, apache_mods_enabled: ["proxy_http.load", "headers.load"], apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
# RedHat/CentOS only
- { role: geerlingguy.apache, apache_create_vhosts: no, apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
- { role: ansible-thoteam.nexus3-oss, tags: ['ansible-thoteam.nexus3-oss'] }ืฆืืืืื ืืกื:
ืชืคืงืืืื ืืฉืชื ืื
ืืฉืชื ื ืชืคืงืืืื
ืืฉืชื ืื ืขื ืขืจืื ืืจืืจืช ืืืื (ืจืื default/main.yml):
ืืฉืชื ืื ืืืืืื
nexus_version: ''
nexus_timezone: 'UTC'ืืืจืืจืช ืืืื, ืืชืคืงืื ืืชืงืื ืืช ืืืจืกื ืืืืจืื ื ืืืืื ื ืฉื Nexus. ืืชื ืืืื ืืชืงื ืืช ืืืจืกื ืขื ืืื ืฉืื ืื ืืืฉืชื ื nexus_version. ืจืื ืืจืกืืืช ืืืื ืืช ื .
ืื ืชืฉื ื ืืืจืกื ืืืฉื ืืืชืจ, ืืชืคืงืื ืื ืกื ืืขืืื ืืช ืืชืงื ืช ื-Nexus ืฉืื.
ืื ืืชื ืืฉืชืืฉ ืืืจืกื ืืฉื ื ืืืชืจ ืฉื Nexus ืืืืจืกื ืืืืจืื ื, ืขืืื ืืืืื ืฉืืื ื ืืฉืชืืฉ ืืชืืื ืืช ืฉืืื ื ืืืื ืืช ืืืืืืจื ืืืืชืงื ืช (ืืืืืื, ืืืจืื ืืืืจื yum ืืืื ืขืืืจ nexus ืืืื ื-3.8.0, git lfs repo ืขืืืจ nexus ืืืื ื-3.3.0 ืืื')
nexus timezone ืืื ืืฉื ืฉื ืืืืจ ืืืื ืฉื Java, ืฉืืืื ืืืืืช ืฉืืืืฉื ืืฉืืืื ืขื ืืืืืื ื-cron ืืืืื ืขืืืจ ืืฉืืืืช nexus_scheduled.
ืืฆืืืช Nexus ืื ืชืื ืืงืฉืจ
nexus_default_port: 8081
nexus_default_context_path: '/'ืืืฆืืื ืื ืชืื ืืืงืฉืจ ืฉื ืชืืืื ืืืืืจ Java. nexus_default_context_path ืืืื ืืืืื ืืืืกื ืงืืืื ืืืฉืจ ืืื ืืืืืจ, ืืืฉื: nexus_default_context_path: '/nexus/'.
ืืฉืชืืฉ ืืงืืืฆื ืฉื Nexus OS
nexus_os_group: 'nexus'
nexus_os_user: 'nexus'ืืืฉืชืืฉ ืืืงืืืฆื ืืืฉืืฉืื ืืืขืืืช ืงืืฆื Nexus ืืืืคืขืื ืืช ืืฉืืจืืช ืืืืืฆืจื ืขื ืืื ืืชืคืงืื ืื ืืื ืืกืจ.
nexus_os_user_home_dir: '/home/nexus'ืืคืฉืจ ืืฉื ืืช ืืช ืกืคืจืืืช ืืืืช ืืืืืืจืช ืืืจืืจืช ืืืื ืขืืืจ ืืฉืชืืฉ nexus
ืกืคืจืืืช ืืืคืขืื ืฉื Nexus
nexus_installation_dir: '/opt'
nexus_data_dir: '/var/nexus'
nexus_tmp_dir: "{{ (ansible_os_family == 'RedHat') | ternary('/var/nexus-tmp', '/tmp/nexus') }}"ืงืืืืืื ืฉื Nexus.
nexus_installation_dirืืืื ืงืืฆื ืืคืขืื ืืืชืงื ืืnexus_data_dirืืืื ืืช ืื ืืชืฆืืจื, ืืืืืจืื ืืืืคืฆืื ืฉืืืจืืช. ื ืชืืืื ืืืชืืืื ืืืฉืืช ืฉื blobstorenexus_data_dirื ืืชื ืืืชืืื ืืืฉืืช, ืจืื ืืืืnexus_blobstores.nexus_tmp_dirืืืื ืืช ืื ืืงืืฆืื ืืืื ืืื. ื ืชืื ืืจืืจืช ืืืืื ืฉื redhat ืืืขืืจ/tmpืืื ืืืชืืืจ ืขื ืืขืืืช ืคืืื ืฆืืืืืืช ืขื ืืืืื ื ืืงืื ืืืืืืืืื. ืจืื ืืก' 168.
ืืืืจืช ืฉืืืืฉ ืืืืืจืื ืฉื Nexus JVM
nexus_min_heap_size: "1200M"
nexus_max_heap_size: "{{ nexus_min_heap_size }}"
nexus_max_direct_memory: "2G"ืืื ืื ืืืืจืืช ืืจืืจืช ืืืืื ืขืืืจ Nexus. ื ื ืื ืืฉื ืืช ืขืจืืื ืืื ืื ืื ืงืจืืช ืืื ืืืื ืื ืื ืื ืขืืฉืื.
ืืืืืจื ืฉื ืืื, ืื ื ืงืืข ืืืืกืื ืืขืื:
ืื ืืืืืฅ ืืืืืื ืืช ืืืืจืื ืขืจืืืช ื-JVM ืืขืืจ ืืขืจืืื ืืืืืืฆืื ืื ืืกืืื ืืฉืคืจ ืืช ืืืืฆืืขืื. ืื ืขืฉืื ืืืฉืคืืข ืืืขืฉื ืืคืื, ืืืชืืฆืื ืืื ืขืืืื ืืืืชืจืช ืขืืืจ ืืขืจืืช ืืืคืขืื.
ืกืืกืืช ืื ืื
nexus_admin_password: 'changeme'ืกืืกืืช ืืฉืืื "ืื ืื" ืืืืืจื. ืื ืขืืื ืจืง ืืืชืงื ืช ืืจืืจืช ืืืืื ืืจืืฉืื ื. ืื ื ืจืื [ืฉื ื ืกืืกืืช ืื ืื ืืืืจ ืืชืงื ื ืจืืฉืื ื](# change-admin-password-after-first-install) ืื ืืจืฆืื ื ืืฉื ืืช ืืืชื ืืืืืจ ืืืชืจ ืืืืฆืขืืช ืชืคืงืื.
ืืืืืฅ ืืืื ืื ืืืืกื ืืช ืืกืืกืื ืฉืื ืืืงืกื ืืจืืจ ืืกืคืจ ืืืฉืืงืื, ืืื ืืืฉืชืืฉ ื[ืืฆืคื ืช ืืกืคืช ansible] () (ืืื ืื ืืฉืืจื ืื ืืงืืืฅ ื ืคืจื ืฉื ืืขื ืขื, ืืืฉื, include_vars)
ืืืฉื ืื ืื ืืืืช ืืืจืืจืช ืืืื
nexus_anonymous_access: falseืืืฉื ืื ืื ืืืืช ืืืฉืืชืช ืืืจืืจืช ืืืื. ืงืจื ืขืื ืขื .
ืฉื ืืืจื ืฆืืืืจื
nexus_public_hostname: 'nexus.vm'
nexus_public_scheme: httpsืฉื ืืืืืืื ืืืกืืืื ืืืืื (https ืื http) ืฉืืคืืื ืืืคืข ื-Nexus ืืืื ืืืื ืืืงืืืืชืื.
ืืืฉืช API ืขืืืจ ืชืคืงืื ืื
nexus_api_hostname: localhost
nexus_api_scheme: http
nexus_api_validate_certs: "{{ nexus_api_scheme == 'https' }}"
nexus_api_context_path: "{{ nexus_default_context_path }}"
nexus_api_port: "{{ nexus_default_port }}"ืืฉืชื ืื ืืื ืฉืืืืื ืืืฆื ืืชืคืงืื ืืชืืืจ ื-Nexus API ืืฆืืจื ืืงืฆืื.
ืืืฉืชืืฉืื ืืชืงืืืื ืืืื. ืืชื ืื ืจืื ืื ืจืืฆื ืืฉื ืืช ืืช ืืืืจืืช ืืจืืจืช ืืืืื ืืืื
ืืืืจืช ืคืจืืงืกื ืืคืื
httpd_setup_enable: false
httpd_server_name: "{{ nexus_public_hostname }}"
httpd_default_admin_email: "[email protected]"
httpd_ssl_certificate_file: 'files/nexus.vm.crt'
httpd_ssl_certificate_key_file: 'files/nexus.vm.key'
# httpd_ssl_certificate_chain_file: "{{ httpd_ssl_certificate_file }}"
httpd_copy_ssl_files: trueืืืชืงืื .
ืืฉื ืื ืขืืื ืืืชืงืื httpd. ืืขืจื: ืืชื ืขืืืจ httpd_setup_enable ืืืืจ ืขืจืtrue, ืงืฉืจื ืงืฉืจ 127.0.0.1:8081, ืืคืืื ืื ื ืืืฉ ืืฉืืจืืช ืืจื ืืฆืืืช HTTP 8081 ืืืชืืืช ื-IP ืืืืฆืื ืืช.
ืืจืืจืช ืืืืื ืฉื ืฉื ืืืืจื ืืฉืืืืฉ ืืื nexus_public_hostname. ืื ืืชื ืฆืจืื ืฉืืืช ืฉืื ืื ืืกืืื ืืืฉืื, ืืชื ืืืื ืืืืืืจ httpd_server_name ืขื ืืฉืืขืืช ืืืจืช.
ะก httpd_copy_ssl_files: true (ืืืจืืจืช ืืืื) ืืืืฉืืจืื ืฉืืขืื ืฆืจืืืื ืืืชืงืืื ืืกืคืจืืืช ื-Playbook ืฉืื ืืืืขืชืงื ืืฉืจืช ืืืืืืจื ื-apache.
ืื ืืจืฆืื ื ืืืฉืชืืฉ ืืชืขืืืืช ืงืืืืืช ืืฉืจืช, ืืชืงื httpd_copy_ssl_files: false ืืกืคืง ืืช ืืืฉืชื ืื ืืืืื:
# These specifies to the vhost where to find on the remote server file
# system the certificate files.
httpd_ssl_cert_file_location: "/etc/pki/tls/certs/wildcard.vm.crt"
httpd_ssl_cert_key_location: "/etc/pki/tls/private/wildcard.vm.key"
# httpd_ssl_cert_chain_file_location: "{{ httpd_ssl_cert_file_location }}"httpd_ssl_cert_chain_file_location ืืื ืืืคืฆืืื ืื ืืืฉ ืื ืืืืืืจ ืืืชื ืื ืืื ื ืจืืฆื ืืืชืืื ืืืฉืืช ืืช ืงืืืฅ ืืฉืจืฉืจืช
httpd_default_admin_email: "[email protected]"ืืืืจ ืืชืืืช ืืื"ื ืืื ืื ืืจืืจืช ืืืื
ืชืฆืืจืช LDAP
ืืืืืจื LDAP ืืชืืื ืืืืืื ืืืฉืืชืื ืืืจืืจืช ืืืื
nexus_ldap_realm: false
ldap_connections: [], ืื ืจืืื ื ืจืื ืื:
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'My Company LDAP' # used as a key to update the ldap config
ldap_protocol: 'ldaps' # ldap or ldaps
ldap_hostname: 'ldap.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false # Wether or not to use certs in the nexus trust store
ldap_search_base: 'dc=mycompany,dc=net'
ldap_auth: 'none' # or simple
ldap_auth_username: 'username' # if auth = simple
ldap_auth_password: 'password' # if auth = simple
ldap_user_base_dn: 'ou=users'
ldap_user_filter: '(cn=*)' # (optional)
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_subtree: false
ldap_map_groups_as_roles: false
ldap_group_base_dn: 'ou=groups'
ldap_group_object_class: 'posixGroup'
ldap_group_id_attribute: 'cn'
ldap_group_member_attribute: 'memberUid'
ldap_group_member_format: '${username}'
ldap_group_subtree: falseืืืืื ืืชืฆืืจืช LDAP ืขืืืจ ืืืืืช ืื ืื ืืื (ืืจืืื ืื ืื ืืืืช), ืื ืื ืชืฆืืจื "ืืื ืืืืืช":
nexus_ldap_realm: true
ldap_connection:
- ldap_name: 'Simplest LDAP config'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_search_base: 'dc=mycompany,dc=net'
ldap_port: 636
ldap_use_trust_store: false
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_object_class: 'inetOrgPerson'ืืืืื ืืชืฆืืจืช LDAP ืขืืืจ ืืืืืช ืคืฉืื (ืืืืฆืขืืช ืืฉืืื DSA):
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_subtree: falseืืืืื ืืชืฆืืจืช LDAP ืขืืืจ ืืืืืช ืคืฉืื (ืืืืฆืขืืช ืืฉืืื DSA) + ืงืืืฆืืช ืืืืคื ืืชืคืงืืืื:
nexus_ldap_realm: true
ldap_connections
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_map_groups_as_roles: true
ldap_group_base_dn: 'ou=groups'
ldap_group_object_class: 'groupOfNames'
ldap_group_id_attribute: 'cn'
ldap_group_member_attribute: 'member'
ldap_group_member_format: 'uid=${username},ou=users,dc=mycompany,dc=net'
ldap_group_subtree: falseืืืืื ืืชืฆืืจืช LDAP ืขืืืจ ืืืืืช ืคืฉืื (ืืืืฆืขืืช ืืฉืืื DSA) + ืงืืืฆืืช ืืืืืคืืช ืืืืคื ืืื ืื ืืชืคืงืืืื:
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_map_groups_as_roles: true
ldap_map_groups_as_roles_type: 'dynamic'
ldap_user_memberof_attribute: 'memberOf'ืึฐืืึผืช
nexus_privileges:
- name: all-repos-read # used as key to update a privilege
# type: <one of application, repository-admin, repository-content-selector, repository-view, script or wildcard>
description: 'Read & Browse access to all repos'
repository: '*'
actions: # can be add, browse, create, delete, edit, read or * (all)
- read
- browse
# pattern: pattern
# domain: domain
# script_name: nameืจืฉืืื ืืืืืจืืช. ืขืืื ืืชืืขืื ืื-GUI ืืื ืืืืืง ืืืื ืืฉืชื ืื ืืฉ ืืืืืืจ ืืืชืื ืืกืื ืืืจืฉืื.
ืืืื ืืื ืืื ืืฉืืืืื ืขื ืขืจืื ืืจืืจืช ืืืืื ืืืืื:
_nexus_privilege_defaults:
type: repository-view
format: maven2
actions:
- readืชืคืงืืืื (ืืชืื Nexus ืื ืืืืจ)
nexus_roles:
- id: Developpers # can map to a LDAP group id, also used as a key to update a role
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
roles: [] # references to other role namesืจืฉืืื ืืืืืจืืช.
ืืืจืื
nexus_local_users: []
# - username: jenkins # used as key to update
# state: present # default value if ommited, use 'absent' to remove user
# first_name: Jenkins
# last_name: CI
# email: [email protected]
# password: "s3cr3t"
# roles:
# - developers # role IDืจืฉืืืช ืืฉืชืืฉืื/ืืฉืืื ืืช ืืงืืืืื (ืฉืืื ื LDAP) ืืืฆืืจื ื-nexus.
ืจืฉืืืช ืืฉืชืืฉืื/ืืฉืืื ืืช ืืงืืืืื (ืฉืืื ื LDAP) ืืืฆืืจื ื-Nexus.
nexus_ldap_users: []
# - username: j.doe
# state: present
# roles:
# - "nx-admin"ืืืคืื Ldap ืฉื ืืฉืชืืฉืื/ืชืคืงืืืื. ืืืื ื absent ืืกืืจ ืชืคืงืืืื ืืืฉืชืืฉ ืงืืื ืื ืืืจ ืงืืื.
ืืฉืชืืฉื Ldap ืืื ื ื ืืืงืื. ื ืืกืืื ืืืืืืจ ืชืคืงืื ืขืืืจ ืืฉืชืืฉ ืื ืงืืื ืืืจืื ืืฉืืืื.
ืืืจืจื ืชืืื
nexus_content_selectors:
- name: docker-login
description: Selector for docker login privilege
search_expression: format=="docker" and path=~"/v2/"ืืืืืข ื ืืกืฃ ืขื ืืืจืจ ืืชืืื, ืจืื .
ืืื ืืืฉืชืืฉ ืืืืจืจ ืืชืืื, ืืืกืฃ ืืจืฉืื ืืืฉื ืขื type: repository-content-selector ืืจืืืื ืืcontentSelector
- name: docker-login-privilege
type: repository-content-selector
contentSelector: docker-login
description: 'Login to Docker registry'
repository: '*'
actions:
- read
- browseืืืืจืื ืืืืืจืื
nexus_delete_default_repos: falseืืืง ืืช ืืืืืจืื ืืชืฆืืจืช ืืจืืจืช ืืืืื ืืจืืฉืื ืืช ืฉื ืืชืงื ืช nexus. ืฉืื ืื ืืืืฆืข ืจืง ืืืชืงื ื ืืคืขื ืืจืืฉืื ื (ืืชื nexus_data_dir ืืืื ืจืืง).
ืืกืจืช ืืืืจืื ืืชืฆืืจืช ืืจืืจืช ืืืืื ืขืืืจ Nexus. ืฉืื ืื ืืืืฆืข ืจืง ืืืืื ืืืชืงื ื ืืจืืฉืื ื (ืืชื nexus_data_dir ืจืืง).
nexus_delete_default_blobstore: falseืืืง ืืช ืืจืืจืช ืืืืื blobstore ืืชืฆืืจืช ืืจืืจืช ืืืืื ืืจืืฉืื ืืช ืฉื ืืชืงื ืช nexus. ืื ืืืื ืืืืขืฉืืช ืจืง ืื nexus_delete_default_repos: true ืืืื ืืืืืจืื ืืืืืืจืื (ืจืื ืืืื) ืืฉ ืืคืืจืฉ blob_store: custom. ืฉืื ืื ืืืืฆืข ืจืง ืืืชืงื ื ืืคืขื ืืจืืฉืื ื (ืืชื nexus_data_dir ืืืื ืจืืง).
ืืกืจืช ืืืกืื ืืืื (ืืคืฆืื ืืื ืืจืืื) ืืืฉืืชืช ืืืจืืจืช ืืืื ืืืชืฆืืจื ืืจืืฉืื ืืช. ืืื ืืืกืืจ ืืืกืื ืืชืืื (ืืคืฆืื ืืื ืืจืืื), ืืื nexus_delete_default_repos: true. ืฉืื ืื ืืืืฆืข ืจืง ืืืืื ืืืชืงื ื ืืจืืฉืื ื (ืืชื nexus_data_dir ืจืืง).
nexus_blobstores: []
# example blobstore item :
# - name: separate-storage
# type: file
# path: /mnt/custom/path
# - name: s3-blobstore
# type: S3
# config:
# bucket: s3-blobstore
# accessKeyId: "{{ VAULT_ENCRYPTED_KEY_ID }}"
# secretAccessKey: "{{ VAULT_ENCRYPTED_ACCESS_KEY }}"ืืืฆืืจ. ืื ื ืืชื ืืขืืื ื ืชืื blobstore ื-repository blobstore ืืืืจ ืืืฆืืจื ืืจืืฉืื ืืช (ืืชืขืื ืืื ืขืืืื ืืื ืืขืช โโืืงืฆืื ืืืืฉ).
ืงืืืขืช ืืชืฆืืจื ืฉื blobstore ื-S3 ื ืืชื ืช ืืืขืื ื ืืืืช ืืืื ื ืืืง ืืืืืืงืืช ืืืืืืืืืืช ืฉืื ื ืืจืืฆืื ื-travis. ืฉืื ืื ืฉืืืกืื ื-S3 ืืืืืฅ ืจืง ืขืืืจ ืืงืจืื ืฉื ืคืจืกื ื-AWS.
ืืฆืืจื . ืื ื ืืชื ืืขืืื ืืช ื ืชืื ืืืืกืื ืืืืืจ ืืืืกืื ืืืืจ ืืืฆืืจื ืืจืืฉืื ืืช (ืื ืขืืืื ืืื ืืชืขืื ืืืฉืจ ืืืชืงื ืฉืื).
ืืืืจืช ืืืกืื ืืชืืื ื-S3 ืืกืืคืงืช ืื ืืืืืชืื. ืฉืื ืื ืฉืืืกืื S3 ืืืืืฅ ืจืง ืขืืืจ ืืงืจืื ืืคืจืืกืื ื-AWS.
nexus_repos_maven_proxy:
- name: central
remote_url: 'https://repo1.maven.org/maven2/'
layout_policy: permissive
# maximum_component_age: -1
# maximum_metadata_age: 1440
# negative_cache_enabled: true
# negative_cache_ttl: 1440
- name: jboss
remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
# maximum_component_age: -1
# maximum_metadata_age: 1440
# negative_cache_enabled: true
# negative_cache_ttl: 1440
# example with a login/password :
# - name: secret-remote-repo
# remote_url: 'https://company.com/repo/secure/private/go/away'
# remote_username: 'username'
# remote_password: 'secret'
# # maximum_component_age: -1
# # maximum_metadata_age: 1440
# # negative_cache_enabled: true
# # negative_cache_ttl: 1440ืืืขืื ืืื ืชืฆืืจื ืืืืืื ืืืืื.
nexus_repos_maven_hosted:
- name: private-release
version_policy: release
write_policy: allow_once # one of "allow", "allow_once" or "deny"Maven ืชึฐืฆืึผืจึธื. ืชืฆืืจืช ืืืืื ืฉืืืืืช ืืื ืืืคืฆืืื ืืืช ืืชืืื ืืจืืจืช ืืืืื ืืขืจืืื ืฉืืขืื ืื ืืืฉืื.
ืชึฐืฆืึผืจึธื ืืืืื. ืชืฆืืจืช ืืืืืื ืืฉืืืื (-1) ืืื ืืืคืฆืืื ืืืช ืืชืืื ืืจืืจืช ืืืืื ืืขืจืืื ืฉืืขืื ืื ืื ืฆืืื.
nexus_repos_maven_group:
- name: public
member_repos:
- central
- jbossืชึฐืฆืึผืจึธื ืืืืื.
ืื ืฉืืืฉืช ืกืืื ืืืืืจืื ืืฉืืืืื ืขื ืขืจืื ืืจืืจืช ืืืืื ืืืืื:
_nexus_repos_maven_defaults:
blob_store: default # Note : cannot be updated once the repo has been created
strict_content_validation: true
version_policy: release # release, snapshot or mixed
layout_policy: strict # strict or permissive
write_policy: allow_once # one of "allow", "allow_once" or "deny"
maximum_component_age: -1 # Nexus gui default. For proxies only
maximum_metadata_age: 1440 # Nexus gui default. For proxies only
negative_cache_enabled: true # Nexus gui default. For proxies only
negative_cache_ttl: 1440 # Nexus gui default. For proxies onlyืกืืืื ืฉื Docker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFS ื-yum:
ืึดืจึฐืืึนืช defaults/main.yml ืขืืืจ ืืคืฉืจืืืืช ืืื:
ืืืืจื Docker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFS ื-yum ืืืฉืืชืื ืืืจืืจืช ืืืื:
ืืจืืืช defaults/main.yml ืขืืืจ ืืคืฉืจืืืืช ืืื:
nexus_config_pypi: false
nexus_config_docker: false
nexus_config_raw: false
nexus_config_rubygems: false
nexus_config_bower: false
nexus_config_npm: false
nexus_config_gitlfs: false
nexus_config_yum: falseืฉืื ืื ืฉืืืชืื ืฉืชืฆืืจื ืืืคืขืื ืืืงืคื ืืืืื ืืกืืืืื ืื ืืชื ืจืืฆื ืืืฉืชืืฉ ืืกืืืื ืืืจืื ืฉื ืืืืจืื ืืืื maven. ืื ืฉืงืจ ืืืจืืจืช ืืืื
nexus_nuget_api_key_realm: false
nexus_npm_bearer_token_realm: false
nexus_docker_bearer_token_realm: false # required for docker anonymous accessื ืืชื ืืืคืขืื ืืช ืชืืื ืืืฉืชืืฉืื ืืืจืืืง ืืืืฆืขืืช
nexus_rut_auth_realm: trueืื ืืชื ืืืชืืื ืืืฉืืช ืืช ืืืืชืจืช ืขื ืืื ืืืืจื
nexus_rut_auth_header: "CUSTOM_HEADER"ืืฉืืืืช ืืชืืืื ืืช
nexus_scheduled_tasks: []
# # Example task to compact blobstore :
# - name: compact-docker-blobstore
# cron: '0 0 22 * * ?'
# typeId: blobstore.compact
# task_alert_email: [email protected] # optional
# taskProperties:
# blobstoreName: {{ nexus_blob_names.docker.blob }} # all task attributes are stored as strings by nexus internally
# # Example task to purge maven snapshots
# - name: Purge-maven-snapshots
# cron: '0 50 23 * * ?'
# typeId: repository.maven.remove-snapshots
# task_alert_email: [email protected] # optional
# taskProperties:
# repositoryName: "*" # * for all repos. Change to a repository name if you only want a specific one
# minimumRetained: "2"
# snapshotRetentionDays: "2"
# gracePeriodInDays: "2"
# booleanTaskProperties:
# removeIfReleased: true
# # Example task to purge unused docker manifest and images
# - name: Purge unused docker manifests and images
# cron: '0 55 23 * * ?'
# typeId: "repository.docker.gc"
# task_alert_email: [email protected] # optional
# taskProperties:
# repositoryName: "*" # * for all repos. Change to a repository name if you only want a specific one
# # Example task to purge incomplete docker uploads
# - name: Purge incomplete docker uploads
# cron: '0 0 0 * * ?'
# typeId: "repository.docker.upload-purge"
# task_alert_email: [email protected] # optional
# taskProperties:
# age: "24" ืืืืืจืืช. typeId ืืกืคืฆืืคืืช ืืืฉืืืtaskProperties/booleanTaskProperties ืืชื ืืืื ืื ืืฉ ืื:
- ืืืืจืจืืืืช ืกืืื Java
org.sonatype.nexus.scheduling.TaskDescriptorSupport - ืืืืงืช ืืืคืก ืืฆืืจืช ืืฉืืืืช HTML ืืืคืืคื ืฉืื
- ืืฆืคืืื ืืืงืฉืืช AJAX ืืืคืืคื ืืขืช โโืืืืจื ืืื ืืช ืฉื ืืฉืืื.
ืืฉ ืืืฆืืืจ ืขื ืืืคืืื ื ืืืฉืืื ืืืืืง yaml ืื ืืื ืืืชืื ืืกืื ืฉืืื:
taskPropertiesืขืืืจ ืื ืืืคืืื ื ืืืืจืืืช (ืืืืืจ ืฉืืืช ืืืืจ, ืฉืืืช ืืืืจ, ืคืจืงื ืืื...).booleanTaskPropertiesืขืืืจ ืื ืืืืคืืื ืื ืืืืืืื (ืืืืืจ, ืืขืืงืจ ืชืืืืช ืกืืืื ื-GUI ืฉื ืืฉืืืช ืืฆืืจืช ืืงืฉืจ).
ืืืืืืื
nexus_backup_configure: false
nexus_backup_cron: '0 0 21 * * ?' # See cron expressions definition in nexus create task gui
nexus_backup_dir: '/var/nexus-backup'
nexus_restore_log: '{{ nexus_backup_dir }}/nexus-restore.log'
nexus_backup_rotate: false
nexus_backup_rotate_first: false
nexus_backup_keep_rotations: 4 # Keep 4 backup rotation by default (current + last 3)ืืืืื ืื ืืืืืจ ืขื ืฉืชืืืืฃ nexus_backup_configure ะฒ true.
ืืืงืจื ืื, ืืฉืืืช ืืกืงืจืืคื ืืืชืืืื ืช ืชืืืืจ ืืืคืขืื ื-Nexus
ืืืจืืื ืฉืฆืืื ื nexus_backup_cron (ืืจืืจืช ืืืื 21:00 ืื ืืื).
ืจืื [ืชืื ืืช ืืจืืื ืืืฉืืื ืื](templates/backup.groovy.j2) ืืคืจืืื.
ืืฉืืื ืืชืืืื ืช ืื ืืื ื ืชืืืื ืืืืจืื nexus_scheduled_tasksืืฉืจ ืืชื
ืืืจืื ืืกืคืจ ืืืฉืืงืื ืฉืื.
ืื ืืจืฆืื ื ืืกืืื/ืืืืืง ืืืืืืื, ืืชืงื nexus_backup_rotate: true ืืืืืืืจ ืืช ืืกืคืจ ืืืืืืืื ืฉืืื ืชืจืฆื ืืฉืืืจ ืืืืฆืขืืชื nexus_backup_keep_rotations (ืืจืืจืช ืืืื 4).
ืืขืช ืฉืืืืฉ ืืกืืืื, ืื ืืจืฆืื ื ืืืกืื ืฉืื ืืืกืง ื ืืกืฃ ืืืืื ืชืืืื ืืืืืื,
ืืชื ืืืื ืืืชืงืื nexus_backup_rotate_first: true. ืคืขืืื ืื ืชืืืืจ ืกืืืื/ืืืืงื ืืจืืฉ ืืคื ื ืืืืืื. ืืืจืืจืช ืืืื, ืืกืืืื ืืชืจืืฉ ืืืืจ ืืฆืืจืช ืืืืื. ืฉืืื ืื ืฉืืืงืจื ืื ืืืืืืืื ืืืฉื ืื
ืืืืืง ืืคื ื ืืืฆืืข ืืืืืื ืื ืืืื.
ืืืื ืืืืื
ืืคืขื ืืช ืกืคืจ ืืืฉืืงืื ืขื ืคืจืืืจ -e nexus_restore_point=<YYYY-MM-dd-HH-mm-ss>
(ืืืืืื, 2017-12-17-21-00-00 ืขืืืจ 17 ืืืฆืืืจ 2017 ืืฉืขื 21:00
ืืกืจืช ืงืฉืจ
ืืืืจื: ืคืขืืื ืื ืชืืืง ืืืืืืื ืืช ืื ืชืื ืื ืื ืืืืืื ืฉืื. ืืงืคื ืืืฆืข ืืืืื ืืืงืื ืืืชืจ ืืืืืช ืืฆืืจื
ืืฉืชืืฉ ืืืฉืชื ื nexus_purgeืื ืืชื ืฆืจืื ืืืคืขืื ืืืืฉ ืืืคืก ืืืืชืงืื ืืืืฉ ืืช ืืืคืข ื-nexus ืขื ืื ืื ืชืื ืื ืฉืืืกืจื.
ansible-playbook -i your/inventory.ini your_nexus_playbook.yml -e nexus_purge=trueืฉื ื ืืช ืกืืกืืช ืืื ืื ืืืืจ ืืืชืงื ื ืืจืืฉืื ื
nexus_default_admin_password: 'admin123'ืืื ืืฉื ืืช ืืืช ืืกืคืจ ืืืฉืืงืื ืฉืื. ืืฉืชื ื ืื ืืืืืืก ืืกืืกืืช ืื ืื ืืจืืจืช ืืืืื ืฉื Nexus ืืขืช ืืืชืงื ื ืืจืืฉืื ื ืืืืืื ืฉื ืืื ืืฉื ืืช ืืช ืกืืกืืช ืืื ืื ื- nexus_admin_password.
ืื ืืจืฆืื ื ืืฉื ืืช ืืช ืกืืกืืช ืืื ืื ืืืืจ ืืืชืงื ื ืืจืืฉืื ื, ืชืืื ืืฉื ืืช ืืืชื ืืืืคื ืืื ื ืืกืืกืื ืืืฉื ื ืืฉืืจืช ืืคืงืืื. ืืืืจ ืฉืื ืื nexus_admin_password ืืกืคืจ ืืืฉืืงืื ืฉืื ืืชื ืืืื ืืืจืืฅ:
ansible-playbook -i your/inventory.ini your_playbook.yml -e nexus_default_admin_password=oldPasswordืขืจืืฅ ืืืืจื ื-Nexus Sonatype:
ืจืง ืืฉืชืืฉืื ืจืฉืืืื ืืืืืื ืืืฉืชืชืฃ ืืกืงืจ. ืืืงืฉื.
ืืืืื ืืืืจื ืืคืฆืื ืืชื ืืฉืชืืฉ?
-
Sonatype Nexus ืืื ืืืื ื
-
Sonatype Nexus ืืชืฉืืื
-
Artifactory ืืืื ื
-
Artifactory ืฉืืื
-
ื ืื
-
ืฆืืคื
9 ืืฉืชืืฉืื ืืฆืืืขื. 3 ืืฉืชืืฉืื ื ืื ืขื.
ืืงืืจ: www.habr.com