ProHoster > Blog > Pulega > Faʻapipiʻi ma faʻapipiʻi le Nexus Sonatype e faʻaaoga ai atinaʻe e fai ma faʻasologa o tulafono
Faʻapipiʻi ma faʻapipiʻi le Nexus Sonatype e faʻaaoga ai atinaʻe e fai ma faʻasologa o tulafono
Sonatype Nexus o se faʻasalalauga tuʻufaʻatasia e mafai ai e le au atinaʻe ona sui, teu ma pulea Java (Maven) faʻalagolago, Docker, Python, Ruby, NPM, Bower images, RPM packages, gitlfs, Apt, Go, Nuget, ma tufatufa atu a latou polokalama saogalemu.
Aisea e te manaʻomia ai le Sonatype Nexus?
Mo le teuina o meafaitino tumaoti;
Mo le teuina o meafaitino e sii mai i luga ole Initaneti;
Meafaitino e lagolagoina i le paketi faavae Sonatype Nexus:
Faitau e uiga i le faʻaaogaina o le ansible i luga ole Initaneti.
Fa'apipi'i ansible pip install ansible i luga o le fale faigaluega o loʻo taʻavale ai le tusi taʻavale.
Faʻamau geerlingguy.java i luga o le fale faigaluega o loʻo taʻavale ai le tusi taʻavale.
Faʻamau geerlingguy.apache i luga o le fale faigaluega o loʻo taʻavale ai le tusi taʻavale.
O lenei matafaioi na tofotofoina i CentOS 7, Ubuntu Xenial (16.04) ma Bionic (18.04), Debian Jessie ma Stretch
jmespath E tatau ona fa'apipi'i le faletusi i luga o le fale faigaluega o lo'o ta'avale ai le tusi ta'aloga. Fa'apipi'i: sudo pip install -r requirements.txt
Fa'asaoina le faila tusi ta'alo (fa'ata'ita'iga i lalo) i le faila nexus.yml
Fa'ata'ita'iga ansible-ta'aloga mo le fa'apipi'iina o feso'ota'iga e aunoa ma le LDAP ma Maven (java), Docker, Python, Ruby, NPM, Bower, RPM ma gitlfs repositories.
Fesuia'iga ma tau fa'aletonu (va'ai default/main.yml):
Fesuiaiga lautele
nexus_version: ''
nexus_timezone: 'UTC'
I le le mafai, o le matafaioi o le a faʻapipiʻi le lomiga fou o loʻo avanoa ole Nexus. E mafai ona e faʻaleleia le faʻasologa e ala i le suia o le fesuiaiga nexus_version. Va'ai lomiga avanoa ile https://www.sonatype.com/download-oss-sonatype.
Afai e te sui i se lomiga fou, o le matafaioi o le a taumafai e faʻafouina lau faʻapipiʻi Nexus.
Afai o loʻo e faʻaaogaina se kopi tuai o Nexus nai lo le lata mai, e tatau ona e faʻamautinoa e te le o faʻaogaina foliga e le o maua i le faʻapipiʻi faʻapipiʻi (mo se faʻataʻitaʻiga, talimalo yum repository e avanoa mo nexus sili atu i le 3.8.0, git lfs repo. mo fesoʻotaʻiga sili atu i le 3.3.0 ma isi)
nexus timezone o le igoa o le Java time zone, lea e mafai ona aoga faʻatasi ma faʻamatalaga cron o loʻo i lalo mo galuega nexus_scheduled.
O le taulaga ma le ala o fesoʻotaʻiga o le Java connection process. nexus_default_context_path e tatau ona i ai se slash agai i luma pe a seti, eg: nexus_default_context_path: '/nexus/'.
Nexus OS Tagata fa'aoga ma le Vaega
nexus_os_group: 'nexus'
nexus_os_user: 'nexus'
O le tagata fa'aoga ma le kulupu na fa'aaogaina e umia faila Nexus ma fa'atautaia le auaunaga o le a faia e le matafaioi pe a misi se tasi.
nexus_os_user_home_dir: '/home/nexus'
Fa'ataga le suia o le fa'atonuga o le fale mo le tagata fa'aoga nexus
nexus_installation_dir o lo'o iai faila fa'apipi'iina
nexus_data_dir o lo'o i ai fa'atonuga uma, fale teu oloa ma mea na sii mai. Ala fa'aaufa'atauga nexus_data_dir e mafai ona fa'atulagaina, va'ai i lalo nexus_blobstores.
nexus_tmp_dir e iai faila lē tumau uma. O le ala masani mo redhat ua aveese mai /tmp e fa'ato'ilaloina fa'afitauli fa'aletonu i faiga fa'amama otometi. Va'ai #168.
O fa'atonuga ia mo Nexus. Faamolemole aua le suia nei tulaga faatauainaAfai e te le'i faitau nexus system mana'omia vaega manatua ma e le malamalama i le mea o loo latou faia.
I le avea ai o se lapataiga lona lua, o se vaega lenei mai le pepa o loʻo i luga:
E le fautuaina le faʻateleina o le JVM faʻaputu manatua i tua atu o tau fautuaina i se taumafaiga e faʻaleleia le faʻatinoga. Atonu o le mea moni lava e iai le fa'afeagai o a'afiaga, e i'u ai i galuega e le mana'omia mo le faiga fa'aoga.
Pule upu faataga
nexus_admin_password: 'changeme'
Le "admin" account password mo le seti. E na'o le fa'apipi'i fa'aletonu muamua e galue ai. Fa'amolemole va'ai [Change admin password after first installation](# change-admin-password-after-first-install) pe a e mana'o e sui mulimuli ane e fa'aaoga ai se matafaioi.
E matua fautuaina lava e aua ne'i teuina lau upu fa'aulu i tusitusiga manino i le tusi ta'aloga, ae ia fa'aoga [ansible-vault encryption] (https://docs.ansible.com/ansible/latest/user_guide/vault.html) (pe i totonu po'o se isi faila o lo'o tumu i fa'ata'ita'iga include_vars)
Avanoa e le ta'ua igoa e ala ile faaletonu
nexus_anonymous_access: false
O le avanoa e le ta'ua igoa ua le mafai ona o le faaletonu. Faitau atili e uiga i avanoa lē faailoaina.
O nei fesuiaiga e pulea le auala e fesoʻotaʻi ai le matafaioi i le Nexus API mo le tuʻuina atu. Mo na'o tagata fa'aoga maualuluga. Atonu e te le mana'o e sui nei tulaga fa'aletonu
Faʻamau SSL Reverse Proxy.
Ina ia faia lenei mea e te manaʻomia le faʻapipiʻi httpd. Manatua: o afea mo httpd_setup_enable seti tautrue, feso'ota'iga nexus 127.0.0.1:8081, fa'apea lē e mafai ona maua sa'o ile HTTP port 8081 mai le tuatusi IP fafo.
Ole igoa ole igoa ole igoa ole nexus_public_hostname. Afai e te manaʻomia ni igoa eseese mo nisi mafuaʻaga, e mafai ona e seti httpd_server_name e ese lona uiga.
С httpd_copy_ssl_files: true (e ala i le faaletonu) o tusi faamaonia o loʻo i luga e tatau ona i ai i lau lisi o tusi taʻavale ma o le a kopiina i le server ma faʻapipiʻi i apache.
Afai e te manaʻo e faʻaoga tusi faamaonia o loʻo iai i luga o le 'auʻaunaga, faʻapipiʻi httpd_copy_ssl_files: false ma tuʻuina atu fesuiaiga nei:
# These specifies to the vhost where to find on the remote server file
# system the certificate files.
httpd_ssl_cert_file_location: "/etc/pki/tls/certs/wildcard.vm.crt"
httpd_ssl_cert_key_location: "/etc/pki/tls/private/wildcard.vm.key"
# httpd_ssl_cert_chain_file_location: "{{ httpd_ssl_cert_file_location }}"
httpd_ssl_cert_chain_file_location e filifili ma e tatau ona tu'u le seti pe a e le mana'o e fa'avasega le faila faila
nexus_privileges:
- name: all-repos-read # used as key to update a privilege
# type: <one of application, repository-admin, repository-content-selector, repository-view, script or wildcard>
description: 'Read & Browse access to all repos'
repository: '*'
actions: # can be add, browse, create, delete, edit, read or * (all)
- read
- browse
# pattern: pattern
# domain: domain
# script_name: name
Lisi o avanoa mo faatulagaga. Va'ai i fa'amaumauga ma le GUI e siaki po'o fea fesuiaiga e mana'omia ona fa'atulaga e fa'atatau i le tulaga fa'apitoa.
O elemene nei e tu'ufa'atasia ma tau fa'aletonu nei:
nexus_roles:
- id: Developpers # can map to a LDAP group id, also used as a key to update a role
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
roles: [] # references to other role names
nexus_local_users: []
# - username: jenkins # used as key to update
# state: present # default value if ommited, use 'absent' to remove user
# first_name: Jenkins
# last_name: CI
# email: [email protected]
# password: "s3cr3t"
# roles:
# - developers # role ID
Fa'alotoifale (e le o LDAP) lisi o tagata fa'aoga/teuga e fai i totonu o feso'ota'iga.
Lisi o tagata fa'apitonu'u (e le LDAP) fa'aoga/teuga e fai ile Nexus.
Ldap fa'afanua o tagata fa'aoga/matafaioi. Setete absent o le a aveesea ai matafaioi mai se tagata fa'aoga o lo'o iai pe a iai se tasi.
Ldap tagata fa'aoga e le tapeina. O le taumafai e seti se matafaioi mo se tagata e le o iai o le a iʻu i se mea sese.
Tagata filifilia mea
nexus_content_selectors:
- name: docker-login
description: Selector for docker login privilege
search_expression: format=="docker" and path=~"/v2/"
Mo nisi fa'amatalaga e uiga i le mea e filifilia mea, va'ai Fa'amaumauga.
Ina ia fa'aoga le mea e filifili ai mea, fa'aopoopo se avanoa fou ma type: repository-content-selector ma talafeagaicontentSelector
Aveese fale teu mai le nexus faʻapipiʻi le faʻatulagaina muamua. O lenei laasaga e naʻo le faʻatinoina i le taimi muamua faʻapipiʻi (pe a nexus_data_dir ua iloa gaogao).
Ave'esea fale teu oloa mai le fa'aogaina fa'aletonu mo Nexus. O lenei laasaga e naʻo le taimi o le faʻapipiʻi muamua (pe a nexus_data_dir gaogao).
nexus_delete_default_blobstore: false
Ave'ese le poloka fa'aletonu mai le feso'ota'iga fa'apipi'i muamua le fa'atulagaina fa'aletonu. E mafai ona faia lenei mea pe afai nexus_delete_default_repos: true ma fale teu oloa uma (silasila i lalo) o loʻo i ai se faʻamatalaga manino blob_store: custom. O lenei laasaga e naʻo le faʻatinoina i le taimi muamua faʻapipiʻi (pe a nexus_data_dir ua iloa gaogao).
O le aveeseina o le teuina o pa'u (binary artifacts) ua le mafai ona o le faaletonu mai le uluai faatulagaga. Ina ia ave'ese le fa'aputuina o fugala'au (meafaitino fa'alua), tape nexus_delete_default_repos: true. O lenei laasaga e naʻo le taimi o le faʻapipiʻi muamua (pe a nexus_data_dir gaogao).
Blobstores e fatu. E le mafai ona toe fa'afouina se ala blobstore ma se fale teu oloa pe a uma ona faia muamua (so'o se fa'afouga iinei o le a le amana'ia i le toe tu'uina atu).
O le fa'atulagaina o le blobstore i luga o le S3 o lo'o tu'uina atu o se fa'aoga faigofie ma e le o se vaega o su'ega fa'autometi matou te faia i luga o travis. Fa'amolemole maitau o le teuina i luga ole S3 e na'o fa'atonuga mo fa'ata'ita'iga e fa'atino ile AWS.
Foafoaga Blobstores. E le mafai ona toe faʻafouina le auala e teu ai ma le fale teu oloa pe a maeʻa le amataga (soʻo se faʻafouga iinei o le a le amanaiaina pe a toe faʻapipiʻi).
O le setiina o le teuina o pa'u i luga ole S3 o lo'o tu'uina atu e faigofie. Fa'amolemole maitau o le teuina o S3 e na'o fa'atonuga mo taimi fa'apipi'i ile AWS.
E tu'ufa'atasi uma ituaiga fale teu oloa e tolu ma tulaga fa'aletonu nei:
_nexus_repos_maven_defaults:
blob_store: default # Note : cannot be updated once the repo has been created
strict_content_validation: true
version_policy: release # release, snapshot or mixed
layout_policy: strict # strict or permissive
write_policy: allow_once # one of "allow", "allow_once" or "deny"
maximum_component_age: -1 # Nexus gui default. For proxies only
maximum_metadata_age: 1440 # Nexus gui default. For proxies only
negative_cache_enabled: true # Nexus gui default. For proxies only
negative_cache_ttl: 1440 # Nexus gui default. For proxies only
Docker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFS ma ituaiga fale teu oloa:
vaʻai defaults/main.yml mo avanoa nei:
Docker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFS ma yum faleteuoloa ua le atoatoa ona o le faaletonu:
Vaai defaults/main.yml mo avanoa nei:
Faamolemole ia matau atonu e te manaʻomia le faʻatagaina o nisi tulaga saogalemu pe afai e te manaʻo e faʻaoga isi ituaiga o fale teu oloa e ese mai i le maven. E sese lenei mea ona o le faaletonu
E le fa'atulagaina le fa'aagaga se'ia e fesuia'i nexus_backup_configure в true.
I lenei tulaga, o le galuega faʻatulagaina o tusitusiga o le a faʻapipiʻiina e faʻatautaia i luga ole Nexus
i le va ua faamaoti mai i nexus_backup_cron (tauaga 21:00 i aso uma).
Va'ai le [fa'ata'ita'iga fa'apitoa mo lenei galuega](templates/backup.groovy.j2) mo fa'amatalaga.
O lenei galuega faatulagaina e tutoatasi mai isi nexus_scheduled_taskslea oe
fa'ailoa i lau api ta'aloga.
Afai e te mana'o e sui/tapē'e fa'amaumauga, fa'apipi'i nexus_backup_rotate: true ma fa'atulaga le numera o fa'amaumauga e te mana'o e fa'asaoina i le fa'aaogaina nexus_backup_keep_rotations (tauagai 4).
I le fa'aaogaina o le rotation, afai e te mana'o e fa'apolopolo avanoa fa'aopoopo i le taimi o le fa'asologa,
E mafai ona e fa'apipi'i nexus_backup_rotate_first: true. Ole mea lea ole a fa'apipi'i muamua-ta'amilosaga/tapē'ese a'o le'i fa'asaoina. Ona o le faaletonu, e tupu suiga pe a uma ona fai se faaleoleo. Faamolemole ia matau o le tulaga lea o le backup tuai
o le a tape a'o le'i faia le faaleoleo o iai nei.
Fa'asologa o le toe fa'aleleia
Fa'asolo le tusita'alo ma le parakalafa -e nexus_restore_point=<YYYY-MM-dd-HH-mm-ss>
(mo se faʻataʻitaʻiga, 2017-12-17-21-00-00 mo Tesema 17, 2017 i le 21:00
Aveese nexus
Lapataiga: Ole mea lea ole a tape atoa ai au fa'amatalaga o iai nei. Ia mautinoa e fai se fa'amaumauga muamua pe a mana'omia
Fa'aaoga se fesuiaiga nexus_purgepe afai e te manaʻomia le toe amata mai le sasa ma toe faʻapipiʻi le nexus faʻataʻitaʻiga ma faʻamaumauga uma ua aveese.
Suia le password administrator pe a uma ona fa'apipi'i muamua
nexus_default_admin_password: 'admin123'
E le tatau ona suia lenei mea i lau tusitaalo. O lenei fesuiaiga o loʻo faʻatumuina i le Nexus admin password le faʻaogaina pe a faʻapipiʻi muamua ma faʻamautinoa e mafai ona matou suia le upu faʻauluulu i nexus_admin_password.
Afai e te manaʻo e sui le upu faataga pule pe a uma le faʻapipiʻi muamua, e mafai ona e suia mo sina taimi i le upu tuai tuai mai le laina o le poloaiga. A mae'a suiga nexus_admin_password i lau tusitaalo e mafai ona e tamoe: