Dekedda iyo macnaha guud ee habka isku xirka Java. nexus_default_context_path waa in uu ka kooban yahay jeex hore marka la dhigayo, tusaale: nexus_default_context_path: '/nexus/'.
Isticmaalaha Nexus OS iyo Kooxda
nexus_os_group: 'nexus'
nexus_os_user: 'nexus'
Isticmaalaha iyo kooxda loo isticmaalay inay lahaadaan faylalka Nexus oo ay maamulaan adeegga waxaa abuuri doona doorka haddii mid la waayo.
nexus_os_user_home_dir: '/home/nexus'
Oggolow in la beddelo tusaha guriga ee caadiga ah ee isticmaalaha nexus
nexus_installation_dir waxaa ku jira faylal la rakibay oo la fulin karo
nexus_data_dir ka kooban dhammaan qaabeynta, bakhaarrada iyo agabka la soo dejiyay. Wadooyinka blobstore gaarka ah nexus_data_dir waa la habayn karaa, hoos eeg nexus_blobstores.
nexus_tmp_dir ka kooban dhammaan faylasha ku meel gaarka ah. Dariiqii caadiga ahaa ee redhat waa laga raray /tmp si looga gudbo dhibaatooyinka iman kara hababka nadiifinta tooska ah. Fiiri #168.
Laguma talinayo in la kordhiyo xusuusta taallo ee JVM ee ka baxsan qiyamka lagu taliyey ee isku dayga lagu hagaajinayo waxqabadka. Tani waxay dhab ahaantii yeelan kartaa saameyn lid ku ah, taasoo keentay shaqo aan loo baahnayn ee nidaamka hawlgalka.
Furaha maamulaha
nexus_admin_password: 'changeme'
Koontada sirta ah ee "admin" ee dejinta. Tani waxay kaliya ka shaqeysaa rakibaadda hore ee caadiga ah. Fadlan eeg [Beddel furaha sirta ah ee maamulka kadib rakibida koowaad](# change-admin-password-after-first-install) haddii aad rabto in aad bedesho hadhow adigoo isticmaalaya door.
Waxaa aad loogu talinayaa in aadan ku kaydsan eraygaaga sirta ah qoraal cad oo ku jira buugga ciyaarta, laakiin aad isticmaasho [ansible-vault encryption] (https://docs.ansible.com/ansible/latest/user_guide/vault.html) (khad khad ama fayl gaar ah oo ay ku raran yihiin tusaale_vars)
Deji SSL Proxy Reverse.
Si aad tan u samayso waxaad u baahan tahay inaad ku rakibto httpd. Fiiro gaar ah: marka httpd_setup_enable qiimaha go'antrue, xidhiidhada xidhiidhka 127.0.0.1:8081, sidaas darteed ma in si toos ah looga heli karo HTTP port 8081 ee cinwaanka IP-ga ee dibadda.
Magaca martida loo isticmaalo waa nexus_public_hostname. Haddii aad u baahan tahay magacyo kala duwan sababo jira awgood, waad dejin kartaa httpd_server_name macne kale leh.
Π‘ httpd_copy_ssl_files: true (sida caadiga ah) shahaadooyinka sare waa inay ku jiraan hagahaaga ciyaarta waxaana lagu koobiyi doonaa server-ka waxaana lagu habayn doonaa apache.
Haddii aad rabto inaad isticmaasho shahaadooyinka jira ee seerfarka, ku rakib httpd_copy_ssl_files: false oo bixi doorsoomayaasha soo socda:
# These specifies to the vhost where to find on the remote server file
# system the certificate files.
httpd_ssl_cert_file_location: "/etc/pki/tls/certs/wildcard.vm.crt"
httpd_ssl_cert_key_location: "/etc/pki/tls/private/wildcard.vm.key"
# httpd_ssl_cert_chain_file_location: "{{ httpd_ssl_cert_file_location }}"
httpd_ssl_cert_chain_file_location waa ikhtiyaari waana in laga tagaa iyada oo aan la dejin haddii aadan rabin inaad habayso faylka silsiladda
nexus_privileges:
- name: all-repos-read # used as key to update a privilege
# type: <one of application, repository-admin, repository-content-selector, repository-view, script or wildcard>
description: 'Read & Browse access to all repos'
repository: '*'
actions: # can be add, browse, create, delete, edit, read or * (all)
- read
- browse
# pattern: pattern
# domain: domain
# script_name: name
liiska mudnaanta goobaha. Fiiri dukumeentiga iyo GUI si aad u hubiso doorsoomayaasha loo baahan yahay in la dejiyo iyadoo ku xiran nooca mudnaanta.
Cutubyadan waxaa lagu daray qiimayaasha soo socda:
nexus_roles:
- id: Developpers # can map to a LDAP group id, also used as a key to update a role
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
roles: [] # references to other role names
nexus_local_users: []
# - username: jenkins # used as key to update
# state: present # default value if ommited, use 'absent' to remove user
# first_name: Jenkins
# last_name: CI
# email: [email protected]
# password: "s3cr3t"
# roles:
# - developers # role ID
Liistada isticmaaleyaasha maxalliga ah (aan ahayn LDAP) ama liiska xisaabaadka si loo abuuro xidhiidh.
Liiska isticmaalayaasha/koonada maxaliga ah (aan ahayn LDAP) ee lagu dhex abuurayo Nexus.
Khariidaynta Ldap ee isticmaalayaasha/doorarka Gobolka absent waxay ka saari doontaa doorarka isticmaale jira haddii uu hore u jiray.
Isticmaalayaasha Ldap lama tirtirin Isku day inaad door u dejiso isticmaale aan jirin waxay ku dambayn doontaa khalad.
Xulashooyinka nuxurka
nexus_content_selectors:
- name: docker-login
description: Selector for docker login privilege
search_expression: format=="docker" and path=~"/v2/"
Macluumaad dheeraad ah oo ku saabsan xulashada nuxurka, eeg Dukumeenti.
Si aad u isticmaasho xulashada nuxurka, ku dar mudnaan cusub type: repository-content-selector oo khuseeyacontentSelector
Ka tirtir meelaha kaydka ah ee ku rakib habaynta bilowga hore. Talaabadani waxa kaliya oo lafuliyaa marka ugu horeysa ee la rakibo (goorma nexus_data_dir ayaa la ogaaday maran).
Ka saaritaanka kaydadka qaabaynta caadiga ah ee Nexus. Tallaabadan waxa la sameeyaa oo keliya inta lagu jiro rakibidda koowaad (goorma nexus_data_dir maran).
nexus_delete_default_blobstore: false
Ka tirtir kaydiyaha caadiga ah ee nexus ku rakib qaabeynta bilowga hore. Tan waxaa la samayn karaa oo keliya haddii nexus_delete_default_repos: true iyo dhammaan bakhaarrada la habeeyey (hoos eeg) waxay leeyihiin si cad blob_store: custom. Talaabadani waxa kaliya oo lafuliyaa marka ugu horeysa ee la rakibo (goorma nexus_data_dir ayaa la ogaaday maran).
Ka saarida kaydinta baloobyada (farshaxanka binary) waa la naafo si caadi ah marka loo eego qaabaynta hore. Si aad meesha uga saarto kaydinta boobka (farshaxanka binary), dami nexus_delete_default_repos: true. Tallaabadan waxa la sameeyaa oo keliya inta lagu jiro rakibidda koowaad (goorma nexus_data_dir maran).
Blobstore in la abuuro. Jidka bakhaarka iyo kaydka kaydka lama cusboonaysiin karo abuuritaanka bilowga ah ka dib (cusbooneysi kasta oo halkan ah waa la iska indhatiraa dib-u-bixinta).
Isku-dubbaridka blobstore-ka S3 waxa loo bixiyay si ku habboon oo aan ka mid ahayn tijaabooyinka iswada ee aan ku wadno travis. Fadlan ogow in kaydinta S3 lagu taliyay oo kaliya tusaaleyaal la geeyo AWS.
Abuuridda Blobstore. Jidka kaydinta iyo kaydka kaydinta lama cusboonaysiin karo abuuritaanka bilowga ah ka dib (cusbooneysi kasta oo halkan ah waa la iska indhatiraa marka mar labaad la rakibo).
Dejinta kaydinta blob ee S3 waxaa loo bixiyay si ku habboon. Fadlan ogow in kaydinta S3 lagu taliyay oo kaliya tusaaleyaal la geeyo AWS.
Dhammaan saddexda nooc ee kaydka waxaa lagu daraa qiimayaasha soo socda:
_nexus_repos_maven_defaults:
blob_store: default # Note : cannot be updated once the repo has been created
strict_content_validation: true
version_policy: release # release, snapshot or mixed
layout_policy: strict # strict or permissive
write_policy: allow_once # one of "allow", "allow_once" or "deny"
maximum_component_age: -1 # Nexus gui default. For proxies only
maximum_metadata_age: 1440 # Nexus gui default. For proxies only
negative_cache_enabled: true # Nexus gui default. For proxies only
negative_cache_ttl: 1440 # Nexus gui default. For proxies only
Fadlan ogow in laga yaabo inaad u baahato inaad awood u yeelatid qaybo amniga qaarkood haddii aad rabto inaad isticmaasho noocyo kale oo kayd ah oo aan ahayn maven. Tani waa been asal ahaan
Kaabta lama habayn doono ilaa aad bedesho nexus_backup_configure Π² true.
Xaaladdan oo kale, hawsha qoraalka la qorsheeyay ayaa loo habayn doonaa si ay ugu shaqeyso Nexus
inta u dhaxaysa ee lagu cayimay nexus_backup_cron (caadiga ah 21:00 maalin kasta).
Ka eeg [qaababka groovy ee hawshan](templates/backup.groovy.j2) wixii faahfaahin ah.
Hawshan la qorsheeyay way ka madax banaan tahay kuwa kale nexus_scheduled_taskskaas oo aad
ku dhawaaq buuggaaga ciyaarta.
Markaad isticmaalayso wareeg, haddii aad rabto inaad kaydiso meel disk dheeraad ah inta lagu jiro habka kaydinta,
Waad rakibi kartaa nexus_backup_rotate_first: true. Tani waxay habayn doontaa wareegga hore/tirtiridda kahor kaydinta. Sida caadiga ah, wareejintu waxay dhacdaa ka dib marka kaydinta la sameeyo. Fadlan ogow in kiiskan kaydkii hore
waa la tirtiri doonaa ka hor inta aan kaydka hadda la samayn.
Habka soo kabashada
Ku orod buugga-ciyaaraha oo leh cabbir -e nexus_restore_point=<YYYY-MM-dd-HH-mm-ss>
(tusaale ahaan, 2017-12-17-21-00-00 ee Diisambar 17, 2017 saacada 21:00
Ka saarida xidhiidhka
Digniin: Tani waxay si buuxda u tirtiri doontaa xogtaada hadda. U hubso inaad hore u samayso gurmad haddii loo baahdo
Isticmaal doorsoome nexus_purgeHaddii aad u baahan tahay inaad dib uga bilowdo xoqdo oo aad dib u rakibto tusaale ahaan nexus-ka iyadoo dhammaan xogta laga saaray.
Beddel furaha sirta ah ee maamulaha ka dib marka ugu horeysa ee la rakibo
nexus_default_admin_password: 'admin123'
Tani waa in aan lagu beddelin buug-yarahaaga. Doorsoomayaashan waxa ku jira erayga sirta ah ee maamulaha Nexus markii ugu horraysa ee la rakibo oo uu hubiyo in aan u beddeli karno erayga sirta ah ee maamulka nexus_admin_password.
Haddii aad rabto inaad bedesho lambarka sirta ah ee maamulaha ka dib rakibidda ugu horreysa, waxaad si ku meel gaar ah ugu beddeli kartaa erayga sirta ah ee hore ee khadka taliska. Isbadal ka dib nexus_admin_password Buugaaga ciyaarta waxaad ku orod kartaa: