Sonatype Nexus o se faʻasalalauga tuʻufaʻatasia e mafai ai e le au atinaʻe ona sui, teu ma pulea Java (Maven) faʻalagolago, Docker, Python, Ruby, NPM, Bower images, RPM packages, gitlfs, Apt, Go, Nuget, ma tufatufa atu a latou polokalama saogalemu.
Aisea e te manaʻomia ai le Sonatype Nexus?
- Mo le teuina o meafaitino tumaoti;
- Mo le teuina o meafaitino e sii mai i luga ole Initaneti;
Meafaitino e lagolagoina i le paketi faavae Sonatype Nexus:
- Java, Maven (gu)
- Docker
- Python (pip)
- Ruby (maa taua)
- NPM
- Bowers
- Yum (rpm)
- gitlfs
- mata
- Apt (deb)
- Go
- Nuget
Meafaitino Lagolago a Nuu:
- fatupese
- Conan
- CPAN
- ELPA
- pūlou faʻafao
- P2
- R
Fa'apipi'i Sonatype Nexus fa'aaoga
manaoga
- Faitau e uiga i le faʻaaogaina o le ansible i luga ole Initaneti.
- Fa'apipi'i ansible
pip install ansiblei luga o le fale faigaluega o loʻo taʻavale ai le tusi taʻavale. - Faʻamau i luga o le fale faigaluega o loʻo taʻavale ai le tusi taʻavale.
- Faʻamau i luga o le fale faigaluega o loʻo taʻavale ai le tusi taʻavale.
- O lenei matafaioi na tofotofoina i CentOS 7, Ubuntu Xenial (16.04) ma Bionic (18.04), Debian Jessie ma Stretch
jmespathE tatau ona fa'apipi'i le faletusi i luga o le fale faigaluega o lo'o ta'avale ai le tusi ta'aloga. Fa'apipi'i:sudo pip install -r requirements.txt- Fa'asaoina le faila tusi ta'alo (fa'ata'ita'iga i lalo) i le faila nexus.yml
- Fa'aola nexus installation
ansible-playbook -i host nexus.yml
Fa'ata'ita'iga ansible-ta'aloga mo le fa'apipi'iina o feso'ota'iga e aunoa ma le LDAP ma Maven (java), Docker, Python, Ruby, NPM, Bower, RPM ma gitlfs repositories.
---
- name: Nexus
hosts: nexus
become: yes
vars:
nexus_timezone: 'Asia/Omsk'
nexus_admin_password: "admin123"
nexus_public_hostname: 'apatsev-nexus-playbook'
httpd_setup_enable: false
nexus_privileges:
- name: all-repos-read
description: 'Read & Browse access to all repos'
repository: '*'
actions:
- read
- browse
- name: company-project-deploy
description: 'Deployments to company-project'
repository: company-project
actions:
- add
- edit
nexus_roles:
- id: Developpers # maps to the LDAP group
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
- company-project-deploy
roles: []
nexus_local_users:
- username: jenkins # used as key to update
first_name: Jenkins
last_name: CI
email: [email protected]
password: "s3cr3t"
roles:
- Developpers # role ID here
nexus_blobstores:
- name: company-artifacts
path: /var/nexus/blobs/company-artifacts
nexus_scheduled_tasks:
- name: compact-blobstore
cron: '0 0 22 * * ?'
typeId: blobstore.compact
taskProperties:
blobstoreName: 'company-artifacts'
nexus_repos_maven_proxy:
- name: central
remote_url: 'https://repo1.maven.org/maven2/'
layout_policy: permissive
- name: jboss
remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
- name: vaadin-addons
remote_url: 'https://maven.vaadin.com/vaadin-addons/'
- name: jaspersoft
remote_url: 'https://jaspersoft.artifactoryonline.com/jaspersoft/jaspersoft-repo/'
version_policy: mixed
nexus_repos_maven_hosted:
- name: company-project
version_policy: mixed
write_policy: allow
blob_store: company-artifacts
nexus_repos_maven_group:
- name: public
member_repos:
- central
- jboss
- vaadin-addons
- jaspersoft
# Yum. Change nexus_config_yum to true for create yum repository
nexus_config_yum: true
nexus_repos_yum_hosted:
- name: private_yum_centos_7
repodata_depth: 1
nexus_repos_yum_proxy:
- name: epel_centos_7_x86_64
remote_url: http://download.fedoraproject.org/pub/epel/7/x86_64
maximum_component_age: -1
maximum_metadata_age: -1
negative_cache_ttl: 60
- name: centos-7-os-x86_64
remote_url: http://mirror.centos.org/centos/7/os/x86_64/
maximum_component_age: -1
maximum_metadata_age: -1
negative_cache_ttl: 60
nexus_repos_yum_group:
- name: yum_all
member_repos:
- private_yum_centos_7
- epel_centos_7_x86_64
# NPM. Change nexus_config_npm to true for create npm repository
nexus_config_npm: true
nexus_repos_npm_hosted: []
nexus_repos_npm_group:
- name: npm-public
member_repos:
- npm-registry
nexus_repos_npm_proxy:
- name: npm-registry
remote_url: https://registry.npmjs.org/
negative_cache_enabled: false
# Docker. Change nexus_config_docker to true for create docker repository
nexus_config_docker: true
nexus_repos_docker_hosted:
- name: docker-hosted
http_port: "{{ nexus_docker_hosted_port }}"
v1_enabled: True
nexus_repos_docker_proxy:
- name: docker-proxy
http_port: "{{ nexus_docker_proxy_port }}"
v1_enabled: True
index_type: "HUB"
remote_url: "https://registry-1.docker.io"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_docker_group:
- name: docker-group
http_port: "{{ nexus_docker_group_port }}"
v1_enabled: True
member_repos:
- docker-hosted
- docker-proxy
# Bower. Change nexus_config_bower to true for create bower repository
nexus_config_bower: true
nexus_repos_bower_hosted:
- name: bower-hosted
nexus_repos_bower_proxy:
- name: bower-proxy
index_type: "proxy"
remote_url: "https://registry.bower.io"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_bower_group:
- name: bower-group
member_repos:
- bower-hosted
- bower-proxy
# Pypi. Change nexus_config_pypi to true for create pypi repository
nexus_config_pypi: true
nexus_repos_pypi_hosted:
- name: pypi-hosted
nexus_repos_pypi_proxy:
- name: pypi-proxy
index_type: "proxy"
remote_url: "https://pypi.org/"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_pypi_group:
- name: pypi-group
member_repos:
- pypi-hosted
- pypi-proxy
# rubygems. Change nexus_config_rubygems to true for create rubygems repository
nexus_config_rubygems: true
nexus_repos_rubygems_hosted:
- name: rubygems-hosted
nexus_repos_rubygems_proxy:
- name: rubygems-proxy
index_type: "proxy"
remote_url: "https://rubygems.org"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_rubygems_group:
- name: rubygems-group
member_repos:
- rubygems-hosted
- rubygems-proxy
# gitlfs. Change nexus_config_gitlfs to true for create gitlfs repository
nexus_config_gitlfs: true
nexus_repos_gitlfs_hosted:
- name: gitlfs-hosted
roles:
- { role: geerlingguy.java }
# Debian/Ubuntu only
# - { role: geerlingguy.apache, apache_create_vhosts: no, apache_mods_enabled: ["proxy_http.load", "headers.load"], apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
# RedHat/CentOS only
- { role: geerlingguy.apache, apache_create_vhosts: no, apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
- { role: ansible-thoteam.nexus3-oss, tags: ['ansible-thoteam.nexus3-oss'] }Screenshots:
Matafaioi eseese
Fesuiaiga Matafaioi
Fesuia'iga ma tau fa'aletonu (va'ai default/main.yml):
Fesuiaiga lautele
nexus_version: ''
nexus_timezone: 'UTC'I le le mafai, o le matafaioi o le a faʻapipiʻi le lomiga fou o loʻo avanoa ole Nexus. E mafai ona e faʻaleleia le faʻasologa e ala i le suia o le fesuiaiga nexus_version. Va'ai lomiga avanoa ile .
Afai e te sui i se lomiga fou, o le matafaioi o le a taumafai e faʻafouina lau faʻapipiʻi Nexus.
Afai o loʻo e faʻaaogaina se kopi tuai o Nexus nai lo le lata mai, e tatau ona e faʻamautinoa e te le o faʻaogaina foliga e le o maua i le faʻapipiʻi faʻapipiʻi (mo se faʻataʻitaʻiga, talimalo yum repository e avanoa mo nexus sili atu i le 3.8.0, git lfs repo. mo fesoʻotaʻiga sili atu i le 3.3.0 ma isi)
nexus timezone o le igoa o le Java time zone, lea e mafai ona aoga faʻatasi ma faʻamatalaga cron o loʻo i lalo mo galuega nexus_scheduled.
Nexus uafu ma ala talatala
nexus_default_port: 8081
nexus_default_context_path: '/'O le taulaga ma le ala o fesoʻotaʻiga o le Java connection process. nexus_default_context_path e tatau ona i ai se slash agai i luma pe a seti, eg: nexus_default_context_path: '/nexus/'.
Nexus OS Tagata fa'aoga ma le Vaega
nexus_os_group: 'nexus'
nexus_os_user: 'nexus'O le tagata fa'aoga ma le kulupu na fa'aaogaina e umia faila Nexus ma fa'atautaia le auaunaga o le a faia e le matafaioi pe a misi se tasi.
nexus_os_user_home_dir: '/home/nexus'Fa'ataga le suia o le fa'atonuga o le fale mo le tagata fa'aoga nexus
Nexus fa'ata'ita'iga fa'atonuga
nexus_installation_dir: '/opt'
nexus_data_dir: '/var/nexus'
nexus_tmp_dir: "{{ (ansible_os_family == 'RedHat') | ternary('/var/nexus-tmp', '/tmp/nexus') }}"Nexus Catalogs.
nexus_installation_diro lo'o iai faila fa'apipi'iinanexus_data_diro lo'o i ai fa'atonuga uma, fale teu oloa ma mea na sii mai. Ala fa'aaufa'atauganexus_data_dire mafai ona fa'atulagaina, va'ai i lalonexus_blobstores.nexus_tmp_dire iai faila lē tumau uma. O le ala masani mo redhat ua aveese mai/tmpe fa'ato'ilaloina fa'afitauli fa'aletonu i faiga fa'amama otometi. Va'ai #168.
Fa'atulagaina le Nexus JVM Memory Fa'aoga
nexus_min_heap_size: "1200M"
nexus_max_heap_size: "{{ nexus_min_heap_size }}"
nexus_max_direct_memory: "2G"O fa'atonuga ia mo Nexus. Faamolemole aua le suia nei tulaga faatauaina Afai e te le'i faitau ma e le malamalama i le mea o loo latou faia.
I le avea ai o se lapataiga lona lua, o se vaega lenei mai le pepa o loʻo i luga:
E le fautuaina le faʻateleina o le JVM faʻaputu manatua i tua atu o tau fautuaina i se taumafaiga e faʻaleleia le faʻatinoga. Atonu o le mea moni lava e iai le fa'afeagai o a'afiaga, e i'u ai i galuega e le mana'omia mo le faiga fa'aoga.
Pule upu faataga
nexus_admin_password: 'changeme'Le "admin" account password mo le seti. E na'o le fa'apipi'i fa'aletonu muamua e galue ai. Fa'amolemole va'ai [Change admin password after first installation](# change-admin-password-after-first-install) pe a e mana'o e sui mulimuli ane e fa'aaoga ai se matafaioi.
E matua fautuaina lava e aua ne'i teuina lau upu fa'aulu i tusitusiga manino i le tusi ta'aloga, ae ia fa'aoga [ansible-vault encryption] () (pe i totonu po'o se isi faila o lo'o tumu i fa'ata'ita'iga include_vars)
Avanoa e le ta'ua igoa e ala ile faaletonu
nexus_anonymous_access: falseO le avanoa e le ta'ua igoa ua le mafai ona o le faaletonu. Faitau atili e uiga i .
igoa talimalo lautele
nexus_public_hostname: 'nexus.vm'
nexus_public_scheme: httpsLe igoa fa'apitoa ma le polokalame (https po'o le http) lea o le a avanoa ai le Nexus instance i ana tagata fa'atau.
API avanoa mo lenei matafaioi
nexus_api_hostname: localhost
nexus_api_scheme: http
nexus_api_validate_certs: "{{ nexus_api_scheme == 'https' }}"
nexus_api_context_path: "{{ nexus_default_context_path }}"
nexus_api_port: "{{ nexus_default_port }}"O nei fesuiaiga e pulea le auala e fesoʻotaʻi ai le matafaioi i le Nexus API mo le tuʻuina atu.
Mo na'o tagata fa'aoga maualuluga. Atonu e te le mana'o e sui nei tulaga fa'aletonu
Fa'atulaga se sui sui
httpd_setup_enable: false
httpd_server_name: "{{ nexus_public_hostname }}"
httpd_default_admin_email: "[email protected]"
httpd_ssl_certificate_file: 'files/nexus.vm.crt'
httpd_ssl_certificate_key_file: 'files/nexus.vm.key'
# httpd_ssl_certificate_chain_file: "{{ httpd_ssl_certificate_file }}"
httpd_copy_ssl_files: trueFaʻamau .
Ina ia faia lenei mea e te manaʻomia le faʻapipiʻi httpd. Manatua: o afea mo httpd_setup_enable seti tautrue, feso'ota'iga nexus 127.0.0.1:8081, fa'apea lē e mafai ona maua sa'o ile HTTP port 8081 mai le tuatusi IP fafo.
Ole igoa ole igoa ole igoa ole nexus_public_hostname. Afai e te manaʻomia ni igoa eseese mo nisi mafuaʻaga, e mafai ona e seti httpd_server_name e ese lona uiga.
С httpd_copy_ssl_files: true (e ala i le faaletonu) o tusi faamaonia o loʻo i luga e tatau ona i ai i lau lisi o tusi taʻavale ma o le a kopiina i le server ma faʻapipiʻi i apache.
Afai e te manaʻo e faʻaoga tusi faamaonia o loʻo iai i luga o le 'auʻaunaga, faʻapipiʻi httpd_copy_ssl_files: false ma tuʻuina atu fesuiaiga nei:
# These specifies to the vhost where to find on the remote server file
# system the certificate files.
httpd_ssl_cert_file_location: "/etc/pki/tls/certs/wildcard.vm.crt"
httpd_ssl_cert_key_location: "/etc/pki/tls/private/wildcard.vm.key"
# httpd_ssl_cert_chain_file_location: "{{ httpd_ssl_cert_file_location }}"httpd_ssl_cert_chain_file_location e filifili ma e tatau ona tu'u le seti pe a e le mana'o e fa'avasega le faila faila
httpd_default_admin_email: "[email protected]"Seti le tuatusi imeli a le pulega
LDAP Configuration
O feso'ota'iga LDAP ma le malo o le puipuiga e fa'aletonu ona o le fa'aletonu
nexus_ldap_realm: false
ldap_connections: [], o elemene taitasi e pei o lenei:
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'My Company LDAP' # used as a key to update the ldap config
ldap_protocol: 'ldaps' # ldap or ldaps
ldap_hostname: 'ldap.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false # Wether or not to use certs in the nexus trust store
ldap_search_base: 'dc=mycompany,dc=net'
ldap_auth: 'none' # or simple
ldap_auth_username: 'username' # if auth = simple
ldap_auth_password: 'password' # if auth = simple
ldap_user_base_dn: 'ou=users'
ldap_user_filter: '(cn=*)' # (optional)
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_subtree: false
ldap_map_groups_as_roles: false
ldap_group_base_dn: 'ou=groups'
ldap_group_object_class: 'posixGroup'
ldap_group_id_attribute: 'cn'
ldap_group_member_attribute: 'memberUid'
ldap_group_member_format: '${username}'
ldap_group_subtree: falseFa'ata'ita'iga LDAP fa'atonuga mo le fa'amaoni e le o ta'ua (fa'amauina e le o ta'ua), o se fa'atulagaga "fa'atauva'a" fo'i lenei:
nexus_ldap_realm: true
ldap_connection:
- ldap_name: 'Simplest LDAP config'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_search_base: 'dc=mycompany,dc=net'
ldap_port: 636
ldap_use_trust_store: false
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_object_class: 'inetOrgPerson'Fa'ata'ita'iga le fa'atulagaina o le LDAP mo le fa'amaoni faigofie (fa'aaogā fa'amatalaga DSA):
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_subtree: falseFa'ata'ita'iga LDAP fa'atonuga mo fa'amaoniga faigofie (fa'aaogā fa'amatalaga DSA) + vaega fa'afanua o lo'o fa'afanua e fai ma matafaioi:
nexus_ldap_realm: true
ldap_connections
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_map_groups_as_roles: true
ldap_group_base_dn: 'ou=groups'
ldap_group_object_class: 'groupOfNames'
ldap_group_id_attribute: 'cn'
ldap_group_member_attribute: 'member'
ldap_group_member_format: 'uid=${username},ou=users,dc=mycompany,dc=net'
ldap_group_subtree: falseFa'ata'ita'iga LDAP fa'atulagaina mo fa'amaoniga faigofie (fa'aaogā fa'amatalaga DSA) + vaega fa'atosina fa'afanua e fai ma matafaioi:
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_map_groups_as_roles: true
ldap_map_groups_as_roles_type: 'dynamic'
ldap_user_memberof_attribute: 'memberOf'Avanoa
nexus_privileges:
- name: all-repos-read # used as key to update a privilege
# type: <one of application, repository-admin, repository-content-selector, repository-view, script or wildcard>
description: 'Read & Browse access to all repos'
repository: '*'
actions: # can be add, browse, create, delete, edit, read or * (all)
- read
- browse
# pattern: pattern
# domain: domain
# script_name: nameLisi o mo faatulagaga. Va'ai i fa'amaumauga ma le GUI e siaki po'o fea fesuiaiga e mana'omia ona fa'atulaga e fa'atatau i le tulaga fa'apitoa.
O elemene nei e tu'ufa'atasia ma tau fa'aletonu nei:
_nexus_privilege_defaults:
type: repository-view
format: maven2
actions:
- readMatafaioi (i totonu o le Nexus o lona uiga)
nexus_roles:
- id: Developpers # can map to a LDAP group id, also used as a key to update a role
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
roles: [] # references to other role namesLisi o mo faatulagaga.
Tagata faaaoga
nexus_local_users: []
# - username: jenkins # used as key to update
# state: present # default value if ommited, use 'absent' to remove user
# first_name: Jenkins
# last_name: CI
# email: [email protected]
# password: "s3cr3t"
# roles:
# - developers # role IDFa'alotoifale (e le o LDAP) lisi o tagata fa'aoga/teuga e fai i totonu o feso'ota'iga.
Lisi o tagata fa'apitonu'u (e le LDAP) fa'aoga/teuga e fai ile Nexus.
nexus_ldap_users: []
# - username: j.doe
# state: present
# roles:
# - "nx-admin"Ldap fa'afanua o tagata fa'aoga/matafaioi. Setete absent o le a aveesea ai matafaioi mai se tagata fa'aoga o lo'o iai pe a iai se tasi.
Ldap tagata fa'aoga e le tapeina. O le taumafai e seti se matafaioi mo se tagata e le o iai o le a iʻu i se mea sese.
Tagata filifilia mea
nexus_content_selectors:
- name: docker-login
description: Selector for docker login privilege
search_expression: format=="docker" and path=~"/v2/"Mo nisi fa'amatalaga e uiga i le mea e filifilia mea, va'ai .
Ina ia fa'aoga le mea e filifili ai mea, fa'aopoopo se avanoa fou ma type: repository-content-selector ma talafeagaicontentSelector
- name: docker-login-privilege
type: repository-content-selector
contentSelector: docker-login
description: 'Login to Docker registry'
repository: '*'
actions:
- read
- browseBlobstores ma fale teu oloa
nexus_delete_default_repos: falseAveese fale teu mai le nexus faʻapipiʻi le faʻatulagaina muamua. O lenei laasaga e naʻo le faʻatinoina i le taimi muamua faʻapipiʻi (pe a nexus_data_dir ua iloa gaogao).
Ave'esea fale teu oloa mai le fa'aogaina fa'aletonu mo Nexus. O lenei laasaga e naʻo le taimi o le faʻapipiʻi muamua (pe a nexus_data_dir gaogao).
nexus_delete_default_blobstore: falseAve'ese le poloka fa'aletonu mai le feso'ota'iga fa'apipi'i muamua le fa'atulagaina fa'aletonu. E mafai ona faia lenei mea pe afai nexus_delete_default_repos: true ma fale teu oloa uma (silasila i lalo) o loʻo i ai se faʻamatalaga manino blob_store: custom. O lenei laasaga e naʻo le faʻatinoina i le taimi muamua faʻapipiʻi (pe a nexus_data_dir ua iloa gaogao).
O le aveeseina o le teuina o pa'u (binary artifacts) ua le mafai ona o le faaletonu mai le uluai faatulagaga. Ina ia ave'ese le fa'aputuina o fugala'au (meafaitino fa'alua), tape nexus_delete_default_repos: true. O lenei laasaga e naʻo le taimi o le faʻapipiʻi muamua (pe a nexus_data_dir gaogao).
nexus_blobstores: []
# example blobstore item :
# - name: separate-storage
# type: file
# path: /mnt/custom/path
# - name: s3-blobstore
# type: S3
# config:
# bucket: s3-blobstore
# accessKeyId: "{{ VAULT_ENCRYPTED_KEY_ID }}"
# secretAccessKey: "{{ VAULT_ENCRYPTED_ACCESS_KEY }}"e fatu. E le mafai ona toe fa'afouina se ala blobstore ma se fale teu oloa pe a uma ona faia muamua (so'o se fa'afouga iinei o le a le amana'ia i le toe tu'uina atu).
O le fa'atulagaina o le blobstore i luga o le S3 o lo'o tu'uina atu o se fa'aoga faigofie ma e le o se vaega o su'ega fa'autometi matou te faia i luga o travis. Fa'amolemole maitau o le teuina i luga ole S3 e na'o fa'atonuga mo fa'ata'ita'iga e fa'atino ile AWS.
Foafoaga . E le mafai ona toe faʻafouina le auala e teu ai ma le fale teu oloa pe a maeʻa le amataga (soʻo se faʻafouga iinei o le a le amanaiaina pe a toe faʻapipiʻi).
O le setiina o le teuina o pa'u i luga ole S3 o lo'o tu'uina atu e faigofie. Fa'amolemole maitau o le teuina o S3 e na'o fa'atonuga mo taimi fa'apipi'i ile AWS.
nexus_repos_maven_proxy:
- name: central
remote_url: 'https://repo1.maven.org/maven2/'
layout_policy: permissive
# maximum_component_age: -1
# maximum_metadata_age: 1440
# negative_cache_enabled: true
# negative_cache_ttl: 1440
- name: jboss
remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
# maximum_component_age: -1
# maximum_metadata_age: 1440
# negative_cache_enabled: true
# negative_cache_ttl: 1440
# example with a login/password :
# - name: secret-remote-repo
# remote_url: 'https://company.com/repo/secure/private/go/away'
# remote_username: 'username'
# remote_password: 'secret'
# # maximum_component_age: -1
# # maximum_metadata_age: 1440
# # negative_cache_enabled: true
# # negative_cache_ttl: 1440O luga o se faʻataʻitaʻiga faʻatulagaina Maven.
nexus_repos_maven_hosted:
- name: private-release
version_policy: release
write_policy: allow_once # one of "allow", "allow_once" or "deny"Mau faatulagaga. O le fa'aogaina o le cache le lelei e filifili ma o le a le mafai ona fa'aoga i tau o lo'o i luga pe a le fa'aaogaina.
Fetuunaiga Maven. O le fa'aogaina o le cache le lelei (-1) e filifili ma o le a fa'aletonu i tau o lo'o i luga pe a le fa'amaonia.
nexus_repos_maven_group:
- name: public
member_repos:
- central
- jbossFetuunaiga Maven.
E tu'ufa'atasi uma ituaiga fale teu oloa e tolu ma tulaga fa'aletonu nei:
_nexus_repos_maven_defaults:
blob_store: default # Note : cannot be updated once the repo has been created
strict_content_validation: true
version_policy: release # release, snapshot or mixed
layout_policy: strict # strict or permissive
write_policy: allow_once # one of "allow", "allow_once" or "deny"
maximum_component_age: -1 # Nexus gui default. For proxies only
maximum_metadata_age: 1440 # Nexus gui default. For proxies only
negative_cache_enabled: true # Nexus gui default. For proxies only
negative_cache_ttl: 1440 # Nexus gui default. For proxies onlyDocker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFS ma ituaiga fale teu oloa:
vaʻai defaults/main.yml mo avanoa nei:
Docker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFS ma yum faleteuoloa ua le atoatoa ona o le faaletonu:
Vaai defaults/main.yml mo avanoa nei:
nexus_config_pypi: false
nexus_config_docker: false
nexus_config_raw: false
nexus_config_rubygems: false
nexus_config_bower: false
nexus_config_npm: false
nexus_config_gitlfs: false
nexus_config_yum: falseFaamolemole ia matau atonu e te manaʻomia le faʻatagaina o nisi tulaga saogalemu pe afai e te manaʻo e faʻaoga isi ituaiga o fale teu oloa e ese mai i le maven. E sese lenei mea ona o le faaletonu
nexus_nuget_api_key_realm: false
nexus_npm_bearer_token_realm: false
nexus_docker_bearer_token_realm: false # required for docker anonymous accessE mafai fo'i ona fa'aogaina le Realm User Remote
nexus_rut_auth_realm: truema o le ulutala e mafai ona faʻavasegaina e ala i le faʻamalamalamaina
nexus_rut_auth_header: "CUSTOM_HEADER"Galuega fa'atulagaina
nexus_scheduled_tasks: []
# # Example task to compact blobstore :
# - name: compact-docker-blobstore
# cron: '0 0 22 * * ?'
# typeId: blobstore.compact
# task_alert_email: [email protected] # optional
# taskProperties:
# blobstoreName: {{ nexus_blob_names.docker.blob }} # all task attributes are stored as strings by nexus internally
# # Example task to purge maven snapshots
# - name: Purge-maven-snapshots
# cron: '0 50 23 * * ?'
# typeId: repository.maven.remove-snapshots
# task_alert_email: [email protected] # optional
# taskProperties:
# repositoryName: "*" # * for all repos. Change to a repository name if you only want a specific one
# minimumRetained: "2"
# snapshotRetentionDays: "2"
# gracePeriodInDays: "2"
# booleanTaskProperties:
# removeIfReleased: true
# # Example task to purge unused docker manifest and images
# - name: Purge unused docker manifests and images
# cron: '0 55 23 * * ?'
# typeId: "repository.docker.gc"
# task_alert_email: [email protected] # optional
# taskProperties:
# repositoryName: "*" # * for all repos. Change to a repository name if you only want a specific one
# # Example task to purge incomplete docker uploads
# - name: Purge incomplete docker uploads
# cron: '0 0 0 * * ?'
# typeId: "repository.docker.upload-purge"
# task_alert_email: [email protected] # optional
# taskProperties:
# age: "24" mo faatulagaga. typeId ma galuega patinotaskProperties/booleanTaskProperties e mafai ona e mateina pe:
- mai le ituaiga Java hierarchy
org.sonatype.nexus.scheduling.TaskDescriptorSupport - siaki le fomu fatuga o galuega HTML i lau su'esu'ega
- mai le matamataina o talosaga AJAX i le suʻesuʻega pe a faʻatulagaina ma le lima se galuega.
O meafaigaluega e tatau ona fa'ailoa ile poloka yaml sa'o e fa'atatau ile latou ituaiga:
taskPropertiesmo mea tau manoa uma (ie igoa fale teu oloa, igoa fale teu oloa, vaitaimi...).booleanTaskPropertiesmo mea fa'atatau uma (fa'ata'ita'iga o pusa siaki i le GUI o le galuega fa'atupu feso'ota'iga).
Fa'aola
nexus_backup_configure: false
nexus_backup_cron: '0 0 21 * * ?' # See cron expressions definition in nexus create task gui
nexus_backup_dir: '/var/nexus-backup'
nexus_restore_log: '{{ nexus_backup_dir }}/nexus-restore.log'
nexus_backup_rotate: false
nexus_backup_rotate_first: false
nexus_backup_keep_rotations: 4 # Keep 4 backup rotation by default (current + last 3)E le fa'atulagaina le fa'aagaga se'ia e fesuia'i nexus_backup_configure в true.
I lenei tulaga, o le galuega faʻatulagaina o tusitusiga o le a faʻapipiʻiina e faʻatautaia i luga ole Nexus
i le va ua faamaoti mai i nexus_backup_cron (tauaga 21:00 i aso uma).
Va'ai le [fa'ata'ita'iga fa'apitoa mo lenei galuega](templates/backup.groovy.j2) mo fa'amatalaga.
O lenei galuega faatulagaina e tutoatasi mai isi nexus_scheduled_taskslea oe
fa'ailoa i lau api ta'aloga.
Afai e te mana'o e sui/tapē'e fa'amaumauga, fa'apipi'i nexus_backup_rotate: true ma fa'atulaga le numera o fa'amaumauga e te mana'o e fa'asaoina i le fa'aaogaina nexus_backup_keep_rotations (tauagai 4).
I le fa'aaogaina o le rotation, afai e te mana'o e fa'apolopolo avanoa fa'aopoopo i le taimi o le fa'asologa,
E mafai ona e fa'apipi'i nexus_backup_rotate_first: true. Ole mea lea ole a fa'apipi'i muamua-ta'amilosaga/tapē'ese a'o le'i fa'asaoina. Ona o le faaletonu, e tupu suiga pe a uma ona fai se faaleoleo. Faamolemole ia matau o le tulaga lea o le backup tuai
o le a tape a'o le'i faia le faaleoleo o iai nei.
Fa'asologa o le toe fa'aleleia
Fa'asolo le tusita'alo ma le parakalafa -e nexus_restore_point=<YYYY-MM-dd-HH-mm-ss>
(mo se faʻataʻitaʻiga, 2017-12-17-21-00-00 mo Tesema 17, 2017 i le 21:00
Aveese nexus
Lapataiga: Ole mea lea ole a tape atoa ai au fa'amatalaga o iai nei. Ia mautinoa e fai se fa'amaumauga muamua pe a mana'omia
Fa'aaoga se fesuiaiga nexus_purgepe afai e te manaʻomia le toe amata mai le sasa ma toe faʻapipiʻi le nexus faʻataʻitaʻiga ma faʻamaumauga uma ua aveese.
ansible-playbook -i your/inventory.ini your_nexus_playbook.yml -e nexus_purge=trueSuia le password administrator pe a uma ona fa'apipi'i muamua
nexus_default_admin_password: 'admin123'E le tatau ona suia lenei mea i lau tusitaalo. O lenei fesuiaiga o loʻo faʻatumuina i le Nexus admin password le faʻaogaina pe a faʻapipiʻi muamua ma faʻamautinoa e mafai ona matou suia le upu faʻauluulu i nexus_admin_password.
Afai e te manaʻo e sui le upu faataga pule pe a uma le faʻapipiʻi muamua, e mafai ona e suia mo sina taimi i le upu tuai tuai mai le laina o le poloaiga. A mae'a suiga nexus_admin_password i lau tusitaalo e mafai ona e tamoe:
ansible-playbook -i your/inventory.ini your_playbook.yml -e nexus_default_admin_password=oldPasswordTelegram alalaupapa ile Nexus Sonatype:
Na'o tagata fa'aigoaina e mafai ona auai i le su'esu'ega. , faʻamolemole.
O a fale teu oloa e te fa'aogaina?
-
Sonatype Nexus e leai se totogi
-
Sonatype Nexus totogi
-
E leai se totogi
-
Fa'atosina totogi
-
Vaʻa
-
Pulp
9 tagata fa'aoga na palota. 3 tagata fa'aoga na fa'amama.
puna: www.habr.com