Sonatype Nexus ááẠdeveloper áá»á¬ážááẠJava (Maven) ááŸá®ááá¯ááŸá¯á Dockerá Pythoná Rubyá NPMá Bower áá¯á¶áá»á¬ážá RPM áááºáá±á·áá»áºáá»á¬ážá gitlfsá Aptá Goá Nuget ááŸáá·áº áááºážááá¯á·ááá±á¬á·ááºáá²ááºáá¯á¶ááŒá¯á¶áá±ážááᯠááŒáá·áºáá±áá±ážááá·áº ááá±á¬ááºá á®á ááááºážáááºážááŒááºážááŸáá·áº á á®áá¶ááá·áºááœá²ááá¯ááºááá·áº áá±á«ááºážá ááºááááºáá±á¬ááºážáá áºáá¯ááŒá áºáááºá
á¡áááºááŒá±á¬áá·áº Sonatype Nexus ááá¯á¡ááºááááºážá
- ááá¯ááºááá¯ááºááŸá±ážáá±á¬ááºážáá á¹á ááºážáá»á¬ážááᯠááááºážáááºážáááºá¡ááœááºá
- á¡ááºáá¬áááºááŸáá±á«ááºážáá¯ááºáá¯ááºáá¬ážáá±á¬ caching artifacts á¡ááœááºá
á¡ááŒá±áᶠSonatype Nexus áááºáá±á·áá»áºááœáẠáá¶á·ááá¯ážáá¬ážáá±á¬ áá á¹á ááºážáá»á¬áž-
- Javaá Maven (á¡áá¯áž)
- Docker
- á áá«ážá¡á¯á¶áž (pip)
- ááá¹áááŒá¬áž (áá»á±á¬ááºáá»ááº)
- NPM
- Bower
- ááœáẠ(rpm)
- gitlfs
- áá¯ááºááŒááºáž
- á¡áááºáž (deb)
- Go
- Nuget
á¡ááá¯ááºá¡áááºáž áá¶á·ááá¯ážáá¬ážáá±á¬ áá á¹á ááºážáá»á¬áž-
- áá±ážáá±ážááá¬
- Conan
- CPAN
- ELPA
- áá¶ááá±á¬ááº
- P2
- R
Sonatype Nexus ááᯠá¡áá¯á¶ážááŒá¯á ááá·áºááœááºážááŒááºážá https://github.com/ansible-ThoTeam/nexus3-oss
ááá¯á¡ááºáá»ááº
- á¡ááºáá¬áááºáá±á«áºááœáẠansible á¡áá¯á¶ážááŒá¯ááŒááºážá¡ááŒá±á¬ááºážáááºáá«á
- ansible ááᯠinstall áá¯ááºáá«á
pip install ansible
playbook áááºáááºááá·áº workstation áá±á«áºááœááºá - áááºááŸááºáááº
geerlingguy.java playbook áááºáááºááá·áº workstation áá±á«áºááœááºá - áááºááŸááºáááº
geerlingguy.apache playbook áááºáááºááá·áº workstation áá±á«áºááœááºá - á€á¡áááºážááá¹áááᯠCentOS 7á Ubuntu Xenial (16.04) ááŸáá·áº Bionic (18.04)á Debian Jessie ááŸáá·áº Stretch ááœáẠá ááºážáááºáá¬ážáááºá
jmespath
Playbook áááºáááºáá±ááá·áº á¡áá¯ááºáá¯á¶áá±á«áºááœáẠá á¬ááŒáá·áºááá¯ááºááᯠááá·áºááœááºážááá«áááºá ááá·áºááœááºážáááº-sudo pip install -r requirements.txt
- playbook ááá¯áẠ(á¥ááᬠá¡á±á¬ááºáá±á¬áºááŒáá«) ááᯠnexus.yml ááá¯ááºááœáẠááááºážáááºážáá«á
- áá»áááºáááºááŸá¯ááá·áºááœááºážááŒááºážááᯠáá¯ááºáá±á¬ááºáá«á
ansible-playbook -i host nexus.yml
Maven (java), Docker, Python, Ruby, NPM, Bower, RPM ááŸáá·áº gitlfs repositories ááá¯á·ááŒáá·áº LDAP ááá«áá² nexus áááºáááºááŒááºážá¡ááœáẠansible-playbook á¥ááá¬á
---
- name: Nexus
hosts: nexus
become: yes
vars:
nexus_timezone: 'Asia/Omsk'
nexus_admin_password: "admin123"
nexus_public_hostname: 'apatsev-nexus-playbook'
httpd_setup_enable: false
nexus_privileges:
- name: all-repos-read
description: 'Read & Browse access to all repos'
repository: '*'
actions:
- read
- browse
- name: company-project-deploy
description: 'Deployments to company-project'
repository: company-project
actions:
- add
- edit
nexus_roles:
- id: Developpers # maps to the LDAP group
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
- company-project-deploy
roles: []
nexus_local_users:
- username: jenkins # used as key to update
first_name: Jenkins
last_name: CI
email: [email protected]
password: "s3cr3t"
roles:
- Developpers # role ID here
nexus_blobstores:
- name: company-artifacts
path: /var/nexus/blobs/company-artifacts
nexus_scheduled_tasks:
- name: compact-blobstore
cron: '0 0 22 * * ?'
typeId: blobstore.compact
taskProperties:
blobstoreName: 'company-artifacts'
nexus_repos_maven_proxy:
- name: central
remote_url: 'https://repo1.maven.org/maven2/'
layout_policy: permissive
- name: jboss
remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
- name: vaadin-addons
remote_url: 'https://maven.vaadin.com/vaadin-addons/'
- name: jaspersoft
remote_url: 'https://jaspersoft.artifactoryonline.com/jaspersoft/jaspersoft-repo/'
version_policy: mixed
nexus_repos_maven_hosted:
- name: company-project
version_policy: mixed
write_policy: allow
blob_store: company-artifacts
nexus_repos_maven_group:
- name: public
member_repos:
- central
- jboss
- vaadin-addons
- jaspersoft
# Yum. Change nexus_config_yum to true for create yum repository
nexus_config_yum: true
nexus_repos_yum_hosted:
- name: private_yum_centos_7
repodata_depth: 1
nexus_repos_yum_proxy:
- name: epel_centos_7_x86_64
remote_url: http://download.fedoraproject.org/pub/epel/7/x86_64
maximum_component_age: -1
maximum_metadata_age: -1
negative_cache_ttl: 60
- name: centos-7-os-x86_64
remote_url: http://mirror.centos.org/centos/7/os/x86_64/
maximum_component_age: -1
maximum_metadata_age: -1
negative_cache_ttl: 60
nexus_repos_yum_group:
- name: yum_all
member_repos:
- private_yum_centos_7
- epel_centos_7_x86_64
# NPM. Change nexus_config_npm to true for create npm repository
nexus_config_npm: true
nexus_repos_npm_hosted: []
nexus_repos_npm_group:
- name: npm-public
member_repos:
- npm-registry
nexus_repos_npm_proxy:
- name: npm-registry
remote_url: https://registry.npmjs.org/
negative_cache_enabled: false
# Docker. Change nexus_config_docker to true for create docker repository
nexus_config_docker: true
nexus_repos_docker_hosted:
- name: docker-hosted
http_port: "{{ nexus_docker_hosted_port }}"
v1_enabled: True
nexus_repos_docker_proxy:
- name: docker-proxy
http_port: "{{ nexus_docker_proxy_port }}"
v1_enabled: True
index_type: "HUB"
remote_url: "https://registry-1.docker.io"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_docker_group:
- name: docker-group
http_port: "{{ nexus_docker_group_port }}"
v1_enabled: True
member_repos:
- docker-hosted
- docker-proxy
# Bower. Change nexus_config_bower to true for create bower repository
nexus_config_bower: true
nexus_repos_bower_hosted:
- name: bower-hosted
nexus_repos_bower_proxy:
- name: bower-proxy
index_type: "proxy"
remote_url: "https://registry.bower.io"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_bower_group:
- name: bower-group
member_repos:
- bower-hosted
- bower-proxy
# Pypi. Change nexus_config_pypi to true for create pypi repository
nexus_config_pypi: true
nexus_repos_pypi_hosted:
- name: pypi-hosted
nexus_repos_pypi_proxy:
- name: pypi-proxy
index_type: "proxy"
remote_url: "https://pypi.org/"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_pypi_group:
- name: pypi-group
member_repos:
- pypi-hosted
- pypi-proxy
# rubygems. Change nexus_config_rubygems to true for create rubygems repository
nexus_config_rubygems: true
nexus_repos_rubygems_hosted:
- name: rubygems-hosted
nexus_repos_rubygems_proxy:
- name: rubygems-proxy
index_type: "proxy"
remote_url: "https://rubygems.org"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_rubygems_group:
- name: rubygems-group
member_repos:
- rubygems-hosted
- rubygems-proxy
# gitlfs. Change nexus_config_gitlfs to true for create gitlfs repository
nexus_config_gitlfs: true
nexus_repos_gitlfs_hosted:
- name: gitlfs-hosted
roles:
- { role: geerlingguy.java }
# Debian/Ubuntu only
# - { role: geerlingguy.apache, apache_create_vhosts: no, apache_mods_enabled: ["proxy_http.load", "headers.load"], apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
# RedHat/CentOS only
- { role: geerlingguy.apache, apache_create_vhosts: no, apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
- { role: ansible-thoteam.nexus3-oss, tags: ['ansible-thoteam.nexus3-oss'] }
Screenshots:
ááŒá±á¬ááºážáá²ááá¯ááºáá±á¬ á¡áááºážááá¹ááá»á¬áž
Role Variables áá»á¬áž
áá¯á¶áá±áááºááá¯ážáá»á¬ážááŒáá·áº ááááºážááŸááºáá»á¬áž (ááŒáá·áºááŸá¯áá«á default/main.yml
):
á¡ááœá±ááœá±ááŒá±á¬ááºážáá²ááŸá¯áá»á¬áž
nexus_version: ''
nexus_timezone: 'UTC'
áá°áááºážá¡á¬ážááŒáá·áºá á¡áááºážááá¹áááẠáá±á¬ááºáá¯á¶ážáááá¯ááºáá±á¬ Nexus áá¬ážááŸááºážááᯠááá·áºááœááºážáá«áááºá variable ááá¯ááŒá±á¬ááºážááŒááºážááŒáá·áº áá¬ážááŸááºážááᯠáááºááŒááºááá¯ááºáááºá nexus_version
. áááá¯ááºáá±á¬áá¬ážááŸááºážáá»á¬ážááᯠááŒáá·áºááŸá¯áá«á
áááºááẠáá¬ážááŸááºážá¡áá áºááá¯á· ááŒá±á¬ááºážáá«áá á¡áááºážááá¹áááẠáááºá Nexus ááá·áºááœááºážááŸá¯ááᯠá¡ááºááááºáá¯ááºááẠááŒáá¯ážáááºážáááºááŒá áºáááºá
á¡áááºá áááºááẠáá±á¬ááºáá¯á¶ážááœáẠNexus áá¬ážááŸááºážáá±á¬ááºážááᯠá¡áá¯á¶ážááŒá¯áá±áá«áá ááá·áºááœááºážáá¬ážáá±á¬ áá¯ááºááœáŸááºááŸá¯ááœáẠááááŸáááá¯ááºáá±á¬ á¡ááºá¹áá«áááºáá»á¬ážááᯠáááºá¡áá¯á¶ážáááŒá¯ááŒá±á¬ááºáž áá±áá»á¬á á±ááá·áºááẠ(á¥ááá¬á hosting yum repositories ááẠ3.8.0 áááºááŒá®ážáá±á¬ nexus á¡ááœáẠáááá¯ááºáááºá git lfs repo 3.3.0 áááºááŒá®ážáá±á¬ áá»áááºáááºááŸá¯á¡ááœááºá)
nexus timezone
nexus_scheduled áá¯ááºáá±á¬ááºá
áá¬áá»á¬ážá¡ááœáẠá¡á±á¬ááºáá« cron á¡áá¯á¶ážá¡ááŸá¯ááºážáá»á¬ážááŸáá·áº áá±á«ááºážá
ááºá¡áá¯á¶ážááŒá¯ááá¯ááºáá±á¬ Java á¡áá»áááºáá¯ááºá á¡áááºááŒá
áºáá«áááºá
Nexus á¡áá±á«ááºááŸáá·áº áááºá ááºáááºážááŒá±á¬ááºáž
nexus_default_port: 8081
nexus_default_context_path: '/'
Java áá»áááºáááºááŸá¯áá¯ááºáááºážá
ááºá port ááŸáá·áº context áááºážááŒá±á¬ááºážá nexus_default_context_path
áááºááŸááºáá±á¬á¡áá«ááœáẠááŸá±á·ááá¯á·áá»ááºážá
á±á¬ááºážáá
áºáá¯áá«ááŸáááááºá á¥ááá¬- nexus_default_context_path: '/nexus/'
.
Nexus OS á¡áá¯á¶ážááŒá¯áá°ááŸáá·áº á¡ááœá²á·
nexus_os_group: 'nexus'
nexus_os_user: 'nexus'
Nexus ááá¯ááºáá»á¬ážááᯠááá¯ááºááá¯ááºááŒá®áž áááºáá±á¬ááºááŸá¯ááᯠáá¯ááºáá±á¬ááºááẠá¡áá¯á¶ážááŒá¯áá°ááŸáá·áº á¡ááœá²á·ááẠáá»á±á¬ááºáá¯á¶ážááœá¬ážáá«á á¡áááºážááá¹áá០áááºáá®ážáá±ážáááºááŒá áºáááºá
nexus_os_user_home_dir: '/home/nexus'
Nexus á¡áá¯á¶ážááŒá¯áá°á¡ááœáẠáá°áááºážá¡áááºáááºážááœáŸááºááᯠááŒá±á¬ááºážááœáá·áºááŒá¯áá«á
Nexus instance áááºážááœáŸááºáá»á¬áž
nexus_installation_dir: '/opt'
nexus_data_dir: '/var/nexus'
nexus_tmp_dir: "{{ (ansible_os_family == 'RedHat') | ternary('/var/nexus-tmp', '/tmp/nexus') }}"
Nexus áááºááá±á¬ááºáá»á¬áž
nexus_installation_dir
ááá·áºááœááºážáá¬ážáá±á¬ executable ááá¯ááºáá»á¬ážáá«ááŸááááºánexus_data_dir
ááœá²á·á ááºážááŸá¯á áá áºá ááá¯ááŸá±á¬ááºáá¬áá±áá¬áá»á¬ážááŸáá·áº áá±á«ááºážáá¯ááºáá¯ááºáá¬ážáá±á¬ á¡áá¬áá»á¬ážá¡á¬ážáá¯á¶áž áá«ááŸááááºá á áááºááŒáá¯áẠblobstore áááºážááŒá±á¬ááºážáá»á¬ážnexus_data_dir
á áááºááŒáá¯ááºáá¯ááºááá¯ááºáááºá á¡á±á¬ááºááœááºááŒáá·áºáá«ánexus_blobstores
.nexus_tmp_dir
áá¬áá®ááá¯ááºáá»á¬ážá¡á¬ážáá¯á¶áž áá«ááŸááááºá redhat á¡ááœáẠáá°áááºážáááºážááŒá±á¬ááºážááᯠááœáŸá±á·áá¬ážáááºá/tmp
á¡ááá¯á¡áá»á±á¬áẠááá·áºááŸááºážáá±ážáá¯ááºáá¯á¶ážáá¯ááºáááºážáá»á¬ážááŒáá·áº ááŒá áºáá¬ááá¯ááºáá±á¬ ááŒá¿áá¬áá»á¬ážááᯠáá»á±á¬áºááœáŸá¬ážáááºá #168 ááá¯ááŒáá·áºáá«á
Nexus JVM Memory á¡áá¯á¶ážááŒá¯ááŸá¯ááᯠááŒááºáááºáááºááŸááºááŒááºážá
nexus_min_heap_size: "1200M"
nexus_max_heap_size: "{{ nexus_min_heap_size }}"
nexus_max_direct_memory: "2G"
á€á¡áá¬áá»á¬ážááẠNexus á¡ááœáẠáá°áááºážáááºáááºáá»á¬ážááŒá
áºáááºá á€áááºááá¯ážáá»á¬ážááᯠáááŒá±á¬ááºážáá²áá«ááŸáá·áº ááááºááá±ážáááº
áá¯áááááááá±ážáá»ááºá¡áá±ááŒáá·áº á€áááºááŸá¬ á¡áááºáá«á á¬áááºážá០áá±á¬ááºáá¯ááºáá»ááºááŒá áºáá«áááºá
á áœááºážáá±á¬ááºááẠááŒáŸáá·áºáááºááẠááŒáá¯ážáááºážááŸá¯ááœáẠá¡ááŒá¶ááŒá¯áá¬ážáá±á¬ áááºááá¯ážáá»á¬ážááᯠáá»á±á¬áºááœááºá JVM á¡ááŸáá¯ááºáá¯á¶ááŸááºáá¬ááºááᯠááá¯ážááŒáŸáá·áºááẠá¡ááŒá¶ááŒá¯áá¬ážááŒááºáž áááŸááá«á áááºážááẠá¡ááŸááºááááºááœáẠááá·áºáá»ááºáááºá¡áá»áá¯ážáááºáá±á¬ááºááŸá¯ááŸáááá¯ááºááŒá®áž áááºáááºááŸá¯á áá áºá¡ááœáẠáááá¯á¡ááºáá±á¬á¡áá¯ááºáá»á¬ážááᯠááŒá áºáá±á«áºá á±áá«áááºá
á á®áá¶ááá·áºááœá²áá° á áá¬ážááŸááº
nexus_admin_password: 'changeme'
á áá áºááá·áºááœááºážáááºá¡ááœáẠ"á á®áá¶ááá·áºááœá²áá°" á¡áá±á¬áá·áºá áá¬ážááŸááºá áááºážááẠááááá¯á¶áž áá¯á¶áá±áááºáááºááŸá¯ááœááºáᬠá¡áá¯ááºáá¯ááºáá«áááºá. á¡áááºážááá¹ááá áºáá¯á¡áá¯á¶ážááŒá¯ááŒá®áž áá±á¬ááºááá¯ááºážááœáẠáááºážááá¯ááŒá±á¬ááºážáá²ááá¯áá«á [á á®áá¶ááá·áºááœá²áá°á áá¬ážááŸááºááᯠááŒá±á¬ááºážáá²áááº](# change-admin-password-after-first-install) ááá¯ááŒáá·áºáá«á
áááºáá
áá¬ážááŸááºááᯠplaybook ááœááºááŸááºážáááºážáá±á¬á
á¬áá¬ážááŒáá·áºáááááºážáááºážáááºá ááá¯á·áá±á¬áº [ansible-vault encryption] ááá¯á¡áá¯á¶ážááŒá¯ááẠááŒááºážááŒááºážáááºáááºá¡ááŒá¶ááŒá¯áá¬ážáááºá
áá°áááºážá¡á¬ážááŒáá·áº á¡áááºáááá¡áá¯á¶ážááŒá¯ááœáá·áº
nexus_anonymous_access: false
á¡áááºáááá¡áá¯á¶ážááŒá¯ááœáá·áºááᯠáá°áááºážá¡á¬ážááŒáá·áº ááááºáá¬ážáááºá á¡ááŒá±á¬ááºážááá¯ááá¯áááºáá«á
á¡áá»á¬ážáá°ááŸá¬ á¡áá¯á¶ážááŒá¯áá°á¡áááº
nexus_public_hostname: 'nexus.vm'
nexus_public_scheme: https
Nexus á á¶ááá°áá¬ááᯠáááºážááá±á¬ááºáááºáá»á¬ážá¡ááœáẠáááŸáááá¯ááºááá·áº á¡áááºá¡áá»ááºážááŒáá·áºáá®áá±á¬ ááá¯ááááºážá¡áááºááŸáá·áº á¡á á®á¡á áẠ(https ááá¯á·ááá¯áẠhttp)á
á€á¡áááºážááá¹áá¡ááœáẠAPI á¡áá¯á¶ážááŒá¯ááœáá·áº
nexus_api_hostname: localhost
nexus_api_scheme: http
nexus_api_validate_certs: "{{ nexus_api_scheme == 'https' }}"
nexus_api_context_path: "{{ nexus_default_context_path }}"
nexus_api_port: "{{ nexus_default_port }}"
á€ááááºážááŸááºáá»á¬ážááẠá¡áááºážááá¹áááᯠáá¶á·ááá¯ážáá±ážáááºá¡ááœáẠNexus API ááá¯á· áá»áááºáááºáá¯á¶ááᯠááááºážáá»á¯ááºáá«áááºá
á¡ááá·áºááŒáá·áºá¡áá¯á¶ážááŒá¯áá°áá»á¬ážá¡ááœááºáá¬á áááºááẠá€áá°ááááºáááºáá»á¬ážááᯠáááŒá±á¬ááºážáá»ááºáá«á
ááŒá±á¬ááºážááŒááºááá±á¬ááºá á®ááᯠá áá áºááá·áºááœááºážááŒááºážá
httpd_setup_enable: false
httpd_server_name: "{{ nexus_public_hostname }}"
httpd_default_admin_email: "[email protected]"
httpd_ssl_certificate_file: 'files/nexus.vm.crt'
httpd_ssl_certificate_key_file: 'files/nexus.vm.key'
# httpd_ssl_certificate_chain_file: "{{ httpd_ssl_certificate_file }}"
httpd_copy_ssl_files: true
áááºááŸááºáááº
áá®ááá¯áá¯ááºááá¯á·ááẠhttpd ááᯠinstall áá¯ááºááá¯á·ááá¯á¡ááºáá«áááºá ááŸááºáá»áẠhttpd_setup_enable
áááºááŸááºáááºááá¯ážtrue
, Nexus ááẠ127.0.0.1:8081á ááá¯á·ááŒá±á¬áá·áº ááá¯áẠááŒááºá IP ááááºá
á¬á០HTTP port 8081 ááŸáááá·áº ááá¯ááºááá¯ááºáááºáá±á¬ááºááá¯ááºáááºá
á¡áá¯á¶ážááŒá¯áá¬ážáá±á¬ áá°áááºáž hostname ááŸá¬ nexus_public_hostname
. á¡ááŒá±á¬ááºážáá
áºáá¯áá¯ááŒá±á¬áá·áº ááá°áá®áá±á¬á¡áááºáá»á¬áž ááá¯á¡ááºáá«á áááºááŸááºááá¯ááºáá«áááºá httpd_server_name
ááá°áá®áá±á¬ á¡áááá¹áá«ááºááŒáá·áº
С httpd_copy_ssl_files: true
(áá°áááºážá¡á¬ážááŒáá·áº) á¡áááºáá±á¬áºááŒáá« áááºááŸááºáá»á¬ážááẠááá·áº playbook áááºážááœáŸááºááœáẠááŸááá±ááá·áºááŒá®áž áá¬áá¬ááá¯á· áá°ážáá°áᬠapache ááœáẠá
á®á
ááºáááºááŸááºáá±ážáááºááŒá
áºáááºá
áá¬áá¬ááœáẠááŸáááŒá®ážáá¬ážáááºááŸááºáá»á¬ážááᯠá¡áá¯á¶ážááŒá¯ááá¯áá«á ááá·áºááœááºážáá«á httpd_copy_ssl_files: false
ááŸáá·áº á¡á±á¬ááºáá« ááááºážááŸááºáá»á¬ážááᯠáá¶á·ááá¯ážáá±ážáááº-
# These specifies to the vhost where to find on the remote server file
# system the certificate files.
httpd_ssl_cert_file_location: "/etc/pki/tls/certs/wildcard.vm.crt"
httpd_ssl_cert_key_location: "/etc/pki/tls/private/wildcard.vm.key"
# httpd_ssl_cert_chain_file_location: "{{ httpd_ssl_cert_file_location }}"
httpd_ssl_cert_chain_file_location
ááœááºážáááºááá¯ááºááᯠá
áááºááŒáá¯ááºáááŒááºáááºááá¯áá«á áá»ááºááŸááºáá¬ážááá¯ááºááŒá®áž áááºááŸááºááá¬ážáá²á·ááá·áºáá«á
httpd_default_admin_email: "[email protected]"
áá°áááºáž á á®áá¶ááá·áºááœá²áá° á¡á®ážáá±ážááºááááºá á¬ááᯠáááºááŸááºáá«á
LDAP ááœá²á·á ááºážááŸá¯
LDAP áá»áááºáááºááŸá¯áá»á¬ážááŸáá·áº áá¯á¶ááŒá¯á¶áá±ážáááºáááºááᯠáá°áááºážá¡ááá¯ááºáž ááááºáá¬ážáááºá
nexus_ldap_realm: false
ldap_connections: []
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'My Company LDAP' # used as a key to update the ldap config
ldap_protocol: 'ldaps' # ldap or ldaps
ldap_hostname: 'ldap.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false # Wether or not to use certs in the nexus trust store
ldap_search_base: 'dc=mycompany,dc=net'
ldap_auth: 'none' # or simple
ldap_auth_username: 'username' # if auth = simple
ldap_auth_password: 'password' # if auth = simple
ldap_user_base_dn: 'ou=users'
ldap_user_filter: '(cn=*)' # (optional)
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_subtree: false
ldap_map_groups_as_roles: false
ldap_group_base_dn: 'ou=groups'
ldap_group_object_class: 'posixGroup'
ldap_group_id_attribute: 'cn'
ldap_group_member_attribute: 'memberUid'
ldap_group_member_format: '${username}'
ldap_group_subtree: false
á¡áááºááá á¡áá±á¬ááºá¡áá¬ážá áá á áºááŒááºážá¡ááœáẠá¥ááᬠLDAP ááœá²á·á ááºážááŸá¯áá¯á¶á ᶠ(á¡áááºááá áá»áááºáááºááŸá¯)á áááºážááẠ"á¡áááºážáá¯á¶áž" ááœá²á·á ááºážááŸá¯áá áºáá¯áááºážááŒá áºáááº-
nexus_ldap_realm: true
ldap_connection:
- ldap_name: 'Simplest LDAP config'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_search_base: 'dc=mycompany,dc=net'
ldap_port: 636
ldap_use_trust_store: false
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_object_class: 'inetOrgPerson'
ááá¯ážááŸááºážáá±á¬á¡áá±á¬ááºá¡áá¬ážá áá á áºááŒááºážá¡ááœáẠá¥ááᬠLDAP ááœá²á·á ááºážááŸá¯áá¯á¶á ᶠ(DSA á¡áá±á¬áá·áºááá¯á¡áá¯á¶ážááŒá¯áááº)
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_subtree: false
ááá¯ážááŸááºážáá±á¬á¡áá±á¬ááºá¡áá¬ážá áá á áºááŒááºážá¡ááœáẠLDAP ááœá²á·á ááºážááŸá¯áá¯á¶á ᶠ(DSA á¡áá±á¬áá·áºááá¯á¡áá¯á¶ážááŒá¯áááº) + á¡áááºážááá¹ááá»á¬ážá¡ááŒá Ạáá¯á¶áá±á¬áºáá¬ážáá±á¬ á¡á¯ááºá á¯áá»á¬áž-
nexus_ldap_realm: true
ldap_connections
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_map_groups_as_roles: true
ldap_group_base_dn: 'ou=groups'
ldap_group_object_class: 'groupOfNames'
ldap_group_id_attribute: 'cn'
ldap_group_member_attribute: 'member'
ldap_group_member_format: 'uid=${username},ou=users,dc=mycompany,dc=net'
ldap_group_subtree: false
ááá¯ážááŸááºážáá±á¬á¡áá±á¬ááºá¡áá¬ážá áá á áºááŒááºážá¡ááœáẠLDAP ááœá²á·á ááºážááŸá¯áá¯á¶á ᶠ(DSA á¡áá±á¬áá·áºááá¯á¡áá¯á¶ážááŒá¯áááº) + á¡áááºážááá¹ááá»á¬ážá¡ááŒá Ạááá¯ááºážááá áºáá¯á¶áá±á¬áºáá¬ážáá±á¬ á¡á¯ááºá á¯áá»á¬áž-
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_map_groups_as_roles: true
ldap_map_groups_as_roles_type: 'dynamic'
ldap_user_memberof_attribute: 'memberOf'
áá¶á á¬ážááœáá·áº
nexus_privileges:
- name: all-repos-read # used as key to update a privilege
# type: <one of application, repository-admin, repository-content-selector, repository-view, script or wildcard>
description: 'Read & Browse access to all repos'
repository: '*'
actions: # can be add, browse, create, delete, edit, read or * (all)
- read
- browse
# pattern: pattern
# domain: domain
# script_name: name
á
á¬áááºáž
á€ááŒááºá ááºáá»á¬ážááᯠá¡á±á¬ááºáá« áá¯á¶áá±áááºááá¯ážáá»á¬ážááŸáá·áº áá±á«ááºážá ááºáá¬ážáááº-
_nexus_privilege_defaults:
type: repository-view
format: maven2
actions:
- read
áá¬áá°ážáá»á¬áž ( Nexus á¡ááœááºážá ááá¯ááá¯áááºááŸá¬ )
nexus_roles:
- id: Developpers # can map to a LDAP group id, also used as a key to update a role
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
roles: [] # references to other role names
á
á¬áááºáž
á¡áá¯á¶ážááŒá¯áá°áá»á¬ážáááº
nexus_local_users: []
# - username: jenkins # used as key to update
# state: present # default value if ommited, use 'absent' to remove user
# first_name: Jenkins
# last_name: CI
# email: [email protected]
# password: "s3cr3t"
# roles:
# - developers # role ID
áá»áááºáááºááŸá¯ááœáẠáááºáá®ážááẠáá±áááœááºáž (LDAP ááá¯ááºáá±á¬) á¡áá¯á¶ážááŒá¯áá°áá»á¬áž/á¡áá±á¬áá·áºáá»á¬ážá á¬áááºážá
Nexus ááœáẠáááºáá®ážááẠáá±áááœááºáž (LDAP ááá¯ááºáá±á¬) á¡áá¯á¶ážááŒá¯áá°áá»á¬áž/á¡áá±á¬áá·áºáá»á¬ážá á¬áááºážá
nexus_ldap_users: []
# - username: j.doe
# state: present
# roles:
# - "nx-admin"
á¡áá¯á¶ážááŒá¯áá°áá»á¬áž/á¡áááºážááá¹ááá»á¬ážááᯠLdap ááŒá±áá¯á¶ááœá²ááŒááºážá ááŒááºááẠabsent
áá
áºáá¯ááŸáááŸáá·áºááŒá®ážáá¬ážááŒá
áºáá«á áááºááŸáá¡áá¯á¶ážááŒá¯áá°áá
áºáŠážá០á¡áááºážááá¹ááá»á¬ážááᯠáááºááŸá¬ážáá«áááºá
Ldap á¡áá¯á¶ážááŒá¯áá°áá»á¬ážááᯠááá»ááºáá«á áááŸááá±á¬á¡áá¯á¶ážááŒá¯áá°á¡ááœáẠá¡áááºážááá¹ááá
áºáá¯áááºááŸááºááẠááŒáá¯ážá
á¬ážááŒááºážááẠá¡ááŸá¬ážá¡ááœááºážáá
áºáᯠááŒá
áºáá¬ááá¯ááºáááºá
á¡ááŒá±á¬ááºážá¡áá¬ááœá±ážáá»ááºááŸá¯áá»á¬áž
nexus_content_selectors:
- name: docker-login
description: Selector for docker login privilege
search_expression: format=="docker" and path=~"/v2/"
á¡ááŒá±á¬ááºážá¡áá¬ááœá±ážáá»ááºá
áá
áºá¡ááŒá±á¬ááºáž áá±á¬ááºáááºá¡áá»ááºá¡áááºáá»á¬ážá¡ááœáẠááŒáá·áºáá«á
á¡ááŒá±á¬ááºážá¡áá¬ááœá±ážáá»ááºááŸá¯á
áá
áºááᯠá¡áá¯á¶ážááŒá¯ááẠá¡ááœáá·áºáá°ážá¡áá
áºáá
áºáᯠááá·áºáá«á type: repository-content-selector
ááŸáá·áºáááºááá¯ááºáááºácontentSelector
- name: docker-login-privilege
type: repository-content-selector
contentSelector: docker-login
description: 'Login to Docker registry'
repository: '*'
actions:
- read
- browse
Blobstores ááŸáá·áº repositories
nexus_delete_default_repos: false
nexus ááá·áºááœááºážááá·áº áááŠážáá°ááá¯á¶á
á¶ááœá²á·á
ááºážááŸá¯á០ááá¯ááŸá±á¬ááºáá
á¹á
ááºážáá»á¬ážááᯠáá»ááºáá«á á€á¡ááá·áºááᯠáááá¡ááŒááẠááá·áºááœááºážááŒááºážááœááºáᬠáá¯ááºáá±á¬ááºááẠ(á¡áá« nexus_data_dir
ááá¬ááŒá
áºáá±ááŒá±á¬ááºáž ááœá±á·ááŸááá²á·áááºá)
Nexus á¡ááœáẠáá¯á¶áá± áá¯á¶áá± ááœá²á·á
ááºážááŸá¯á០ááááºážáááºážááŸá¯áá»á¬ážááᯠáááºááŸá¬ážááŒááºážá á€á¡ááá·áºááẠááááááºáááºááŸá¯á¡ááœááºážáᬠáá¯ááºáá±á¬ááºááẠ(á¡áá« nexus_data_dir
ááá¬)á
nexus_delete_default_blobstore: false
nexus ááá·áºááœááºážááá·áº áááŠáž áá¯á¶áá±ááœá²á·á
ááºážáá¯á¶á០áá¯á¶áá± blobstore ááᯠáá»ááºáá«á áá«ááŸáá¬áá»áŸáẠáá¯ááºááá¯á·ááááºá nexus_delete_default_repos: true
ááŸáá·áº configured repositories áá»á¬ážá¡á¬ážáá¯á¶áž (á¡á±á¬ááºááœááºááŒáá·áºáá«) ááœáẠááŸááºážáááºážááŒááºáá¬ážá
áœá¬ ááŸááá«áááºá blob_store: custom
. á€á¡ááá·áºááᯠáááá¡ááŒááẠááá·áºááœááºážááŒááºážááœááºáᬠáá¯ááºáá±á¬ááºááẠ(á¡áá« nexus_data_dir
ááá¬ááŒá
áºáá±ááŒá±á¬ááºáž ááœá±á·ááŸááá²á·áááºá)
blob ááá¯ááŸá±á¬ááºááŸá¯ (binary artifacts) ááᯠáááºááŸá¬ážááŒááºážááẠáá°áááœá²á·á
ááºážáá¯á¶á០áá¯á¶áá±ááŒáá·áº ááááºáá¬ážáááºá blob ááá¯ááŸá±á¬ááºááŸá¯ (binary artifacts) ááᯠáááºááŸá¬ážááẠááááºáá«á nexus_delete_default_repos: true
. á€á¡ááá·áºááẠááááááºáááºááŸá¯á¡ááœááºážáᬠáá¯ááºáá±á¬ááºááẠ(á¡áá« nexus_data_dir
ááá¬)á
nexus_blobstores: []
# example blobstore item :
# - name: separate-storage
# type: file
# path: /mnt/custom/path
# - name: s3-blobstore
# type: S3
# config:
# bucket: s3-blobstore
# accessKeyId: "{{ VAULT_ENCRYPTED_KEY_ID }}"
# secretAccessKey: "{{ VAULT_ENCRYPTED_ACCESS_KEY }}"
S3 áá±á«áºááŸá blobstore ááᯠááŒááºáááºáááºááŸááºááŒááºážááẠá¡áááºááŒá±ááŸá¯áá áºáá¯á¡ááŒá Ạáá¶á·ááá¯ážáá¬ážááŒá®áž travis ááœáẠáá»áœááºá¯ááºááá¯á·áá¯ááºáá±á¬ááºááá·áº á¡ááá¯á¡áá»á±á¬ááºá ááºážáááºááŸá¯áá»á¬ážá á¡á áááºá¡ááá¯ááºážááá¯ááºáá«á S3 ááœáẠááááºážáááºážááŒááºážááᯠAWS ááœáẠá¡áá¯á¶ážááŒá¯ááá·áº áá¬áááá»á¬ážá¡ááœááºáᬠá¡ááŒá¶ááŒá¯áá¬ážááŒá±á¬ááºáž áá»á±ážáá°ážááŒá¯á áááááŒá¯áá«á
áááºáá®ážááŸá¯
S3 ááœáẠblob ááá¯ááŸá±á¬ááºááŸá¯ á áá áºááá·áºááœááºážááŒááºážááᯠá¡áááºááŒá±á á±áááºá¡ááœáẠáá¶á·ááá¯ážáá±ážáá«áááºá S3 ááá¯ááŸá±á¬ááºááŸá¯ááᯠAWS ááœáẠá¡áá¯á¶ážááŒá¯ááá·áº áá¬áááá»á¬ážá¡ááœááºáᬠá¡ááŒá¶ááŒá¯áá¬ážááŒá±á¬ááºáž áá»á±ážáá°ážááŒá¯á áááááŒá¯áá«á
nexus_repos_maven_proxy:
- name: central
remote_url: 'https://repo1.maven.org/maven2/'
layout_policy: permissive
# maximum_component_age: -1
# maximum_metadata_age: 1440
# negative_cache_enabled: true
# negative_cache_ttl: 1440
- name: jboss
remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
# maximum_component_age: -1
# maximum_metadata_age: 1440
# negative_cache_enabled: true
# negative_cache_ttl: 1440
# example with a login/password :
# - name: secret-remote-repo
# remote_url: 'https://company.com/repo/secure/private/go/away'
# remote_username: 'username'
# remote_password: 'secret'
# # maximum_component_age: -1
# # maximum_metadata_age: 1440
# # negative_cache_enabled: true
# # negative_cache_ttl: 1440
á¡áá±á«áºá ááá°áá¬áá¯á¶á
á¶áá
áºáá¯áá«á
nexus_repos_maven_hosted:
- name: private-release
version_policy: release
write_policy: allow_once # one of "allow", "allow_once" or "deny"
áá»áœááºážáá»ááºáá°
configuration áá»á¬áž
nexus_repos_maven_group:
- name: public
member_repos:
- central
- jboss
configuration áá»á¬áž
ááá¯ááŸá±á¬ááºááŸá¯ á¡áá»áá¯ážá¡á á¬áž áá¯á¶ážáá¯á áá¯á¶ážááᯠá¡á±á¬ááºáá« áá¯á¶áá±áááºááá¯ážáá»á¬ážááŸáá·áº áá±á«ááºážá ááºáá¬ážáááº-
_nexus_repos_maven_defaults:
blob_store: default # Note : cannot be updated once the repo has been created
strict_content_validation: true
version_policy: release # release, snapshot or mixed
layout_policy: strict # strict or permissive
write_policy: allow_once # one of "allow", "allow_once" or "deny"
maximum_component_age: -1 # Nexus gui default. For proxies only
maximum_metadata_age: 1440 # Nexus gui default. For proxies only
negative_cache_enabled: true # Nexus gui default. For proxies only
negative_cache_ttl: 1440 # Nexus gui default. For proxies only
Dockerá Pypiá Rawá Rubygemsá Bowerá NPMá Git-LFS ááŸáá·áº yum repository á¡áá»áá¯ážá¡á
á¬ážáá»á¬áž-
ááŒáẠdefaults/main.yml
á€ááœá±ážáá»ááºá
áá¬áá»á¬ážá¡ááœááº-
Dockerá Pypiá Rawá Rubygemsá Bowerá NPMá Git-LFS ááŸáá·áº yum repositories áá»á¬ážááᯠáá°áááºážá¡á¬ážááŒáá·áº ááááºáá¬ážáááº-
ááŒáẠdefaults/main.yml
á€ááœá±ážáá»ááºá
áá¬áá»á¬ážá¡ááœááº-
nexus_config_pypi: false
nexus_config_docker: false
nexus_config_raw: false
nexus_config_rubygems: false
nexus_config_bower: false
nexus_config_npm: false
nexus_config_gitlfs: false
nexus_config_yum: false
maven ááŸááœá²á á¡ááŒá¬ážáá±á¬ repositories á¡áá»áá¯ážá¡á á¬ážáá»á¬ážááᯠáááºá¡áá¯á¶ážááŒá¯ááá¯áá«á á¡áá»áá¯á·áá±á¬ áá¯á¶ááŒá¯á¶áá±ážáááºáááºáá»á¬ážááᯠááœáá·áºáá¬ážááẠááá¯á¡ááºááá¯ááºáááºááᯠáá»á±ážáá°ážááŒá¯á áááááŒá¯áá«á áááºážááẠáá¯á¶áá±á¡á¬ážááŒáá·áº ááŸá¬ážááœááºážáááºá
nexus_nuget_api_key_realm: false
nexus_npm_bearer_token_realm: false
nexus_docker_bearer_token_realm: false # required for docker anonymous access
Remote User Realm ááᯠá¡áá¯á¶ážááŒá¯ááááºáž ááœáá·áºááá¯ááºáááºá
nexus_rut_auth_realm: true
áá±á«ááºážá ááºááᯠáááºááŸááºááŒááºážááŒáá·áº á áááºááŒáá¯ááºááŒá¯áá¯ááºááá¯ááºáá«áááºá
nexus_rut_auth_header: "CUSTOM_HEADER"
á á®á ááºáá¬ážáá±á¬á¡áá¯ááºáá»á¬áž
nexus_scheduled_tasks: []
# # Example task to compact blobstore :
# - name: compact-docker-blobstore
# cron: '0 0 22 * * ?'
# typeId: blobstore.compact
# task_alert_email: [email protected] # optional
# taskProperties:
# blobstoreName: {{ nexus_blob_names.docker.blob }} # all task attributes are stored as strings by nexus internally
# # Example task to purge maven snapshots
# - name: Purge-maven-snapshots
# cron: '0 50 23 * * ?'
# typeId: repository.maven.remove-snapshots
# task_alert_email: [email protected] # optional
# taskProperties:
# repositoryName: "*" # * for all repos. Change to a repository name if you only want a specific one
# minimumRetained: "2"
# snapshotRetentionDays: "2"
# gracePeriodInDays: "2"
# booleanTaskProperties:
# removeIfReleased: true
# # Example task to purge unused docker manifest and images
# - name: Purge unused docker manifests and images
# cron: '0 55 23 * * ?'
# typeId: "repository.docker.gc"
# task_alert_email: [email protected] # optional
# taskProperties:
# repositoryName: "*" # * for all repos. Change to a repository name if you only want a specific one
# # Example task to purge incomplete docker uploads
# - name: Purge incomplete docker uploads
# cron: '0 0 0 * * ?'
# typeId: "repository.docker.upload-purge"
# task_alert_email: [email protected] # optional
# taskProperties:
# age: "24"
typeId
ááŸáá·áºáá¬áááºá¡ááá¡áá»taskProperties
/booleanTaskProperties
áááºááá·áºááŸááºážááá¯ááºáááº-
- Java type hierarchy ááŸ
org.sonatype.nexus.scheduling.TaskDescriptorSupport
- áááºáááá±á¬ááºáá¬ááŸá HTML á¡áá¯ááºáááºáá®ážááŸá¯áá¯á¶á á¶ááá¯á á áºáá±ážáá«á
- á¡áá¯ááºáá áºáá¯ááᯠááá¯ááºááá¯ááºáááºááŸááºááá·áºá¡áá« ááá±á¬ááºáá¬ááŸá AJAX áá±á¬ááºážááá¯ááŸá¯áá»á¬ážááᯠááŒáá·áºááŸá¯ááŒááºážááŸá
áááºážááá¯á·á á¡áá»áá¯ážá¡á á¬ážáá±á«áº áá°áááºá áá¯ááºáá±á¬ááºá áᬠáá¯ááºááá¹áááá»á¬ážááᯠááŸááºáááºáá±á¬ yaml ááá±á¬ááºááœáẠááŒá±áá¬ááá«áááºá:
taskProperties
á á¬ááŒá±á¬ááºážáá¯ááºááá¹ááá¡á¬ážáá¯á¶ážá¡ááœáẠ(ááá¯ááá¯áááºááŸá¬ ááá¯ááŸá±á¬ááºááŸá¯á¡áááºáá»á¬ážá ááá¯ááŸá±á¬ááºááŸá¯á¡áááºáá»á¬ážá á¡áá»áááºáá¬ááá»á¬áž...)ábooleanTaskProperties
áá¯áá¹áááá±ááá¯ááºááá¹áááá»á¬áž á¡á¬ážáá¯á¶ážá¡ááœáẠ(ááá¯ááá¯áááºááŸá¬ á¡áááá¡á¬ážááŒáá·áº nexus áááºáá®ážááŒááºážáá¯ááºáááºážá GUI ááŸá á¡ááŸááºááŒá áºáá»á¬áž)á
á¡áááºáá»á¬áž
nexus_backup_configure: false
nexus_backup_cron: '0 0 21 * * ?' # See cron expressions definition in nexus create task gui
nexus_backup_dir: '/var/nexus-backup'
nexus_restore_log: '{{ nexus_backup_dir }}/nexus-restore.log'
nexus_backup_rotate: false
nexus_backup_rotate_first: false
nexus_backup_keep_rotations: 4 # Keep 4 backup rotation by default (current + last 3)
áááºáááŒá±á¬ááºážááá»ááºáž áááá¹áá°áá°ážááŒááºážááᯠáááºááŸááºáááºááá¯ááºáá«á nexus_backup_configure
в true
.
á€ááá
á¹á
ááœááºá á
á®á
ááºáá¬ážáá±á¬ script task ááᯠNexus ááœááºáááºáááºáááºá
á®á
ááºáá¬ážáááá·áºáááºá
áááºááŸááºáá¬ážáá±á¬ ááŒá¬ážáá¬áááœáẠnexus_backup_cron
(áá¯á¶ááŸáẠ21:00 áá±á·ááá¯ááºáž)á
á¡áá±ážá
áááºá¡ááœáẠ[groovy template](templates/backup.groovy.j2) ááᯠááŒáá·áºáá«á
á€á
á®á
ááºáá¬ážááá·áºá¡áá¯ááºááẠá¡ááŒá¬ážáá°áá»á¬ážááŸáá·áºáááá¯ááºáá«á nexus_scheduled_tasks
áááºážááá¬áá²
áááºá playbook ááœááºááŒá±ááŒá¬áá«á
á¡áááºáá»á¬ážááᯠááŸáá·áº/áá»ááºááá¯áá«áá ááá·áºááœááºážáá«á nexus_backup_rotate: true
ááŒá®ážáá»áŸáẠáááºá¡áá¯á¶ážááŒá¯ááááºážáááºážááá¯áá±á¬ á¡áááºáá°ážáá°ááŸá¯ á¡áá±á¡ááœááºááᯠá
á®á
ááºáááºááŸááºáá«á nexus_backup_keep_rotations
(áá°áááºáž á)á
áááºáááºááŸá¯ááᯠá¡áá¯á¶ážááŒá¯ááá·áºá¡áá«á á¡áááºááááºážáááºážááŒááºážáá¯ááºáááºážá
ááºá¡ááœááºáž á¡ááá¯áá
áºáá±áá¬ááᯠááááºážáááºážááá¯áá«áá
áááºáááºááá¯ááºáááºá nexus_backup_rotate_first: true
. áááºážááẠá¡áááºááá°ážáá® á¡ááŒáá¯ááŸáá·áºááŒááºáž/áá»ááºááŒááºážááá¯á·ááᯠá
á®á
ááºáá±ážáá«áááºá áá¯á¶áá±á¡á¬ážááŒáá·áºá á¡áááºááááºážááŒááºážááᯠáááºáá®ážááŒá®ážáá±á¬áẠáááºáááºááŸá¯ ááŒá
áºáá±á«áºáááºá á€á¡ááŒá±á¡áá±ááœáẠá¡áááºáá±á¬ááºážáá»á¬ážááᯠáááááŒá¯áá«á
áááºááŸá á¡áááºááááºážáááºážááŸá¯ áááŒá¯áá¯ááºáá® áá»ááºááá¯ááºáá«áááºá
ááŒááºáááºáá°áá±á¬ááºáá±ážáá¯ááºáá¯á¶ážáá¯ááºáááºáž
ááá·áºáááºáá»ááºááŒáá·áº áá
á¬ážá
á¬á¡á¯ááºááᯠááœáá·áºáá«á -e nexus_restore_point=<YYYY-MM-dd-HH-mm-ss>
(á¥ááá¬á 2017-12-17-21-00-00 áá®áááºáᬠ17á 2017 ááœáẠ21:00á
áá»áááºáááºááŸá¯ááᯠáááºááŸá¬ážááŒááºážá
ááááá±ážáá»ááº- áááºážááẠááá·áºáááºááŸááá±áá¬ááᯠáá¯á¶ážááá»ááºáá áºáááºááŒá áºáááºá ááá¯á¡ááºáá«á á á±á¬á á±á¬ááá¯ááºáž Backup ááŒá¯áá¯ááºááẠáá±áá»á¬áá«á á±á
ááááºážááŸááºááá¯áá¯á¶ážáá«á nexus_purge
á¡áááºá áááºááẠá¡á
á០ááŒááºá
ááẠááá¯á¡ááºáá«á áá±áá¬á¡á¬ážáá¯á¶ážááᯠáááºááŸá¬ážááŒá®áž nexus instance ááᯠááŒááºáááºááá·áºááœááºážáá«á
ansible-playbook -i your/inventory.ini your_nexus_playbook.yml -e nexus_purge=true
ááááá¯á¶áž ááá·áºááœááºážááŒá®ážáá±á¬áẠá á®áá¶ááá·áºááœá²áá° á áá¬ážááŸááºááᯠááŒá±á¬ááºážáá«á
nexus_default_admin_password: 'admin123'
áááºážááᯠáááºá playbook ááœáẠáááŒá±á¬ááºážáá²ááá·áºáá«á. ááááá¯á¶ážááá·áºááœááºážáá±á¬á¡áá«ááœáẠá€áá¯á¶á
á¶ááœá²ááœá²áá»ááºááᯠáá°áááºáž Nexus á
á®áá¶ááá·áºááœá²áá°á
áá¬ážááŸááºááŒáá·áº ááŒáá·áºááœááºážáá¬ážááŒá®áž á
á®áá¶ááá·áºááœá²áá°á
áá¬ážááŸááºááᯠáá»áœááºá¯ááºááá¯á·ááŒá±á¬ááºážáá²ááá¯ááºáááºááᯠáá±áá»á¬á
á±áá«áááºá nexus_admin_password
.
ááááááºáááºááŒá®ážáá±á¬áẠá
á®áá¶ááá·áºááœá²áá°á
áá¬ážááŸááºááᯠááŒá±á¬ááºážáá²ááá¯áá«áá á¡áááá·áºáá±ážá
á¬ááŒá±á¬ááºážá០á
áá¬ážááŸááºá¡áá±á¬ááºážááá¯á· áá¬áá®ááŒá±á¬ááºážááá¯ááºáááºá ááŒá±á¬ááºážáá²ááŒá®ážáá±á¬áẠnexus_admin_password
áááºá playbook ááœááºááẠrun ááá¯ááºáááº-
ansible-playbook -i your/inventory.ini your_playbook.yml -e nexus_default_admin_password=oldPassword
Nexus Sonatype ááŸá Telegram áá»ááºáááº-
á
á¬áááºážááœááºážá¡áá¯á¶ážááŒá¯áá°áá»á¬ážáᬠá
á
áºáááºážááœáẠáá«áááºááá¯ááºáá«áááºá
áááºááá·áº ááŸá±ážáá±á¬ááºážáá á¹á ááºáž ááá¯ááŸá±á¬ááºáá¯á¶áá»á¬ážááᯠáááºá¡áá¯á¶ážááŒá¯ááááºážá
-
Sonatype Nexus ááẠá¡ááá²á·ááŒá áºáááºá
-
Sonatype Nexus á áá±ážáá»á±áááºá
-
Artifactory ááẠá¡ááá²á·ááŒá áºáááºá
-
Artifactory ááœá± áá±ážááá«áááºá
-
ááááºáááºáž
-
áá»á±á¬á·áááº
á¡áá¯á¶ážááŒá¯áá° ááá áŠáž áá²áá±ážáá²á·áááºá á¡áá¯á¶ážááŒá¯áá° 9 áŠáž ááŒá¬ážáá±áá²á·áá«áááºá
source: www.habr.com