Sonatype Nexus ke sethala se kopantsoeng seo bahlahisi ba ka khonang ho ba moemeli, ho boloka le ho laola ho itšetleha ka Java (Maven), Docker, Python, Ruby, NPM, litšoantšo tsa Bower, liphutheloana tsa RPM, gitlfs, Apt, Go, Nuget, le ho aba ts'ireletso ea software ea bona.
Ke hobane'ng ha u hloka Sonatype Nexus?
- Bakeng sa ho boloka li-artifacts tsa poraefete;
- Bakeng sa li-artifacts tsa caching tse jarollotsoeng Inthaneteng;
Lintho tsa khale tse tšehetsoeng ka har'a sephutheloana sa Nexus sa Sonatype:
- Java, Maven (nkho)
- Docker
- Python (pip)
- Ruby (lehakoe)
- NPM
- Bowers
- Yum (rpm)
- gitlfs
- Raw
- Apt (deb)
- Go
- Nuget
Lisebelisoa tse Tšehetsoeng ke Sechaba:
- Moqapi
- Conan
- CPAN
- ELPA
- helmete
- P2
- R
Ho kenya Sonatype Nexus u sebelisa
litlhokahalo
- Bala ka ho sebelisa bohlale Inthaneteng.
- Kenya ansible
pip install ansiblesetsing sa mosebetsi moo buka ea ho bapala e sebetsang teng. - Beha setsing sa mosebetsi moo buka ea ho bapala e sebetsang teng.
- Beha setsing sa mosebetsi moo buka ea ho bapala e sebetsang teng.
- Karolo ena e lekoa ho CentOS 7, Ubuntu Xenial (16.04) le Bionic (18.04), Debian Jessie le Stretch.
jmespathLaebrari e tlameha ho kenngoa setsing sa mosebetsi moo buka ea ho bapala e sebetsang teng. Ho kenya:sudo pip install -r requirements.txt- Boloka faele ea buka ea ho bapala (mohlala o ka tlase) faeleng ea nexus.yml
- Matha ho kenya Nexus
ansible-playbook -i host nexus.yml
Mohlala oa buka ea ho bapala bakeng sa ho kenya nexus ntle le LDAP le Maven (java), Docker, Python, Ruby, NPM, Bower, RPM le gitlfs repositories.
---
- name: Nexus
hosts: nexus
become: yes
vars:
nexus_timezone: 'Asia/Omsk'
nexus_admin_password: "admin123"
nexus_public_hostname: 'apatsev-nexus-playbook'
httpd_setup_enable: false
nexus_privileges:
- name: all-repos-read
description: 'Read & Browse access to all repos'
repository: '*'
actions:
- read
- browse
- name: company-project-deploy
description: 'Deployments to company-project'
repository: company-project
actions:
- add
- edit
nexus_roles:
- id: Developpers # maps to the LDAP group
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
- company-project-deploy
roles: []
nexus_local_users:
- username: jenkins # used as key to update
first_name: Jenkins
last_name: CI
email: [email protected]
password: "s3cr3t"
roles:
- Developpers # role ID here
nexus_blobstores:
- name: company-artifacts
path: /var/nexus/blobs/company-artifacts
nexus_scheduled_tasks:
- name: compact-blobstore
cron: '0 0 22 * * ?'
typeId: blobstore.compact
taskProperties:
blobstoreName: 'company-artifacts'
nexus_repos_maven_proxy:
- name: central
remote_url: 'https://repo1.maven.org/maven2/'
layout_policy: permissive
- name: jboss
remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
- name: vaadin-addons
remote_url: 'https://maven.vaadin.com/vaadin-addons/'
- name: jaspersoft
remote_url: 'https://jaspersoft.artifactoryonline.com/jaspersoft/jaspersoft-repo/'
version_policy: mixed
nexus_repos_maven_hosted:
- name: company-project
version_policy: mixed
write_policy: allow
blob_store: company-artifacts
nexus_repos_maven_group:
- name: public
member_repos:
- central
- jboss
- vaadin-addons
- jaspersoft
# Yum. Change nexus_config_yum to true for create yum repository
nexus_config_yum: true
nexus_repos_yum_hosted:
- name: private_yum_centos_7
repodata_depth: 1
nexus_repos_yum_proxy:
- name: epel_centos_7_x86_64
remote_url: http://download.fedoraproject.org/pub/epel/7/x86_64
maximum_component_age: -1
maximum_metadata_age: -1
negative_cache_ttl: 60
- name: centos-7-os-x86_64
remote_url: http://mirror.centos.org/centos/7/os/x86_64/
maximum_component_age: -1
maximum_metadata_age: -1
negative_cache_ttl: 60
nexus_repos_yum_group:
- name: yum_all
member_repos:
- private_yum_centos_7
- epel_centos_7_x86_64
# NPM. Change nexus_config_npm to true for create npm repository
nexus_config_npm: true
nexus_repos_npm_hosted: []
nexus_repos_npm_group:
- name: npm-public
member_repos:
- npm-registry
nexus_repos_npm_proxy:
- name: npm-registry
remote_url: https://registry.npmjs.org/
negative_cache_enabled: false
# Docker. Change nexus_config_docker to true for create docker repository
nexus_config_docker: true
nexus_repos_docker_hosted:
- name: docker-hosted
http_port: "{{ nexus_docker_hosted_port }}"
v1_enabled: True
nexus_repos_docker_proxy:
- name: docker-proxy
http_port: "{{ nexus_docker_proxy_port }}"
v1_enabled: True
index_type: "HUB"
remote_url: "https://registry-1.docker.io"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_docker_group:
- name: docker-group
http_port: "{{ nexus_docker_group_port }}"
v1_enabled: True
member_repos:
- docker-hosted
- docker-proxy
# Bower. Change nexus_config_bower to true for create bower repository
nexus_config_bower: true
nexus_repos_bower_hosted:
- name: bower-hosted
nexus_repos_bower_proxy:
- name: bower-proxy
index_type: "proxy"
remote_url: "https://registry.bower.io"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_bower_group:
- name: bower-group
member_repos:
- bower-hosted
- bower-proxy
# Pypi. Change nexus_config_pypi to true for create pypi repository
nexus_config_pypi: true
nexus_repos_pypi_hosted:
- name: pypi-hosted
nexus_repos_pypi_proxy:
- name: pypi-proxy
index_type: "proxy"
remote_url: "https://pypi.org/"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_pypi_group:
- name: pypi-group
member_repos:
- pypi-hosted
- pypi-proxy
# rubygems. Change nexus_config_rubygems to true for create rubygems repository
nexus_config_rubygems: true
nexus_repos_rubygems_hosted:
- name: rubygems-hosted
nexus_repos_rubygems_proxy:
- name: rubygems-proxy
index_type: "proxy"
remote_url: "https://rubygems.org"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_rubygems_group:
- name: rubygems-group
member_repos:
- rubygems-hosted
- rubygems-proxy
# gitlfs. Change nexus_config_gitlfs to true for create gitlfs repository
nexus_config_gitlfs: true
nexus_repos_gitlfs_hosted:
- name: gitlfs-hosted
roles:
- { role: geerlingguy.java }
# Debian/Ubuntu only
# - { role: geerlingguy.apache, apache_create_vhosts: no, apache_mods_enabled: ["proxy_http.load", "headers.load"], apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
# RedHat/CentOS only
- { role: geerlingguy.apache, apache_create_vhosts: no, apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
- { role: ansible-thoteam.nexus3-oss, tags: ['ansible-thoteam.nexus3-oss'] }Litšoantšo tsa skrini:
Likarolo tse feto-fetohang
Liphetoho tsa Karolo
Liphetoho tse nang le boleng ba kamehla (bona default/main.yml):
Liphetoho tse akaretsang
nexus_version: ''
nexus_timezone: 'UTC'Ka ho sa feleng, karolo e tla kenya mofuta oa morao-rao o fumanehang oa Nexus. O ka lokisa phetolelo ka ho fetola phetoho nexus_version. Sheba liphetolelo tse fumanehang ho .
Haeba u fetohela ho mofuta o mocha, karolo e tla leka ho ntlafatsa Nexus ea hau.
Haeba u sebelisa mofuta oa khale oa Nexus ho feta oa morao-rao, u lokela ho etsa bonnete ba hore ha u sebelise likarolo tse sieo tokollong e kentsoeng (mohlala, hosting yum repositories e teng bakeng sa nexus e kholo ho feta 3.8.0, git lfs repo. bakeng sa khokahano e kholo ho feta 3.3.0 joalo-joalo)
nexus timezone ke lebitso la sebaka sa nako sa Java, se ka thusang hammoho le mantsoe a latelang a cron bakeng sa nexus_scheduled tasks.
Boema-kepe ba Nexus le tsela ea moelelo
nexus_default_port: 8081
nexus_default_context_path: '/'Tsela ea boema-kepe le moelelo oa ts'ebetso ea khokahano ea Java. nexus_default_context_path e tlameha ho ba le slash ea pele ha e setiloe, mohlala: nexus_default_context_path: '/nexus/'.
Mosebelisi le Sehlopha sa Nexus OS
nexus_os_group: 'nexus'
nexus_os_user: 'nexus'Mosebelisi le sehlopha se sebelisoang ho ba le lifaele tsa Nexus le ho tsamaisa ts'ebeletso se tla hlahisoa ke karolo haeba e le sieo.
nexus_os_user_home_dir: '/home/nexus'Lumella ho fetola bukana ea kamehla ea lapeng bakeng sa mosebelisi oa nexus
Lihokela tsa mohlala tsa Nexus
nexus_installation_dir: '/opt'
nexus_data_dir: '/var/nexus'
nexus_tmp_dir: "{{ (ansible_os_family == 'RedHat') | ternary('/var/nexus-tmp', '/tmp/nexus') }}"Nexus Catalogs.
nexus_installation_dire na le lifaele tse kentsoeng tse ka sebetsoangnexus_data_dire na le litlhophiso tsohle, polokelo ea polokelo le lintho tsa khale tse jarollotsoeng. Litsela tse ikhethileng tsa li-blobstorenexus_data_dirka customized, bona mona ka tlasenexus_blobstores.nexus_tmp_dire na le lifaele tsohle tsa nakoana. Tsela ea kamehla ea redhat e tlositsoe/tmpho hlola mathata a ka bang teng ka mekhoa ea ho hloekisa ka boiketsetso. Sheba #168.
E lokisa Tšebeliso ea Memori ea Nexus JVM
nexus_min_heap_size: "1200M"
nexus_max_heap_size: "{{ nexus_min_heap_size }}"
nexus_max_direct_memory: "2G"Tsena ke litlhophiso tsa kamehla tsa Nexus. Ke kopa o seke oa fetola litekanyetso tsena Haeba ha o eso bale mme ha ba utlwisise seo ba se etsang.
E le temoso ea bobeli, mona ke karolo ea tokomane e ka holimo:
Ha e khothalletsoe ho eketsa mohopolo oa qubu ea JVM ho feta litekanyetso tse khothaletsoang molemong oa ho ntlafatsa ts'ebetso. Sena se kanna sa ba le phello e fapaneng, e bakang mosebetsi o sa hlokahaleng bakeng sa sistimi e sebetsang.
Password ea molaoli
nexus_admin_password: 'changeme'"admin" password ea akhaonto bakeng sa ho seta. Sena se sebetsa feela ts'ebetsong ea pele ea kamehla. Ka kopo bona [Fetola phasewete ea admin ka mor'a ho kenya pele](# fetola-admin-password-after-first-install) haeba u batla ho e fetola hamorao u sebelisa karolo e itseng.
Ho khothaletsoa ka matla hore u se ke ua boloka phasewete ea hau ka mongolo o hlakileng bukeng ea ho bapala, empa ho sebelisa [ansible-vault encryption] () (ebang ke inline kapa faeleng e arohaneng e laetsoeng ka mohlala include_vars)
Mokhoa oa ho fihlella o sa tsejoe ka mokhoa oa kamehla
nexus_anonymous_access: falseMokhoa oa ho kena o sa tsebahaleng o tingoa ka ho sa feleng. Bala haholoanyane ka .
Lebitso la moamoheli oa sechaba
nexus_public_hostname: 'nexus.vm'
nexus_public_scheme: httpsLebitso le sekeme se tšoanelehang ka botlalo (https kapa http) moo mohlala oa Nexus o tla fumaneha ho bareki ba eona.
Ho fihlella API bakeng sa karolo ena
nexus_api_hostname: localhost
nexus_api_scheme: http
nexus_api_validate_certs: "{{ nexus_api_scheme == 'https' }}"
nexus_api_context_path: "{{ nexus_default_context_path }}"
nexus_api_port: "{{ nexus_default_port }}"Liphetoho tsena li laola hore na karolo e hokahana joang le Nexus API bakeng sa ho fana.
Bakeng sa basebelisi ba tsoetseng pele feela. Mohlomong ha u batle ho fetola litlhophiso tsena tsa kamehla
Ho theha proxy e ka morao
httpd_setup_enable: false
httpd_server_name: "{{ nexus_public_hostname }}"
httpd_default_admin_email: "[email protected]"
httpd_ssl_certificate_file: 'files/nexus.vm.crt'
httpd_ssl_certificate_key_file: 'files/nexus.vm.key'
# httpd_ssl_certificate_chain_file: "{{ httpd_ssl_certificate_file }}"
httpd_copy_ssl_files: trueBeha .
Ho etsa sena o hloka ho kenya httpd. Tlhokomeliso: neng bakeng sa httpd_setup_enable seta bolengtrue, mabitso a amanang 127.0.0.1:8081, kahoo ha e fumaneha ka kotloloho ka HTTP port 8081 ho tsoa atereseng ea IP e kantle.
Lebitso la moamoheli le sebelisitsoeng ke nexus_public_hostname. Haeba o hloka mabitso a fapaneng ka lebaka le itseng, o ka seta httpd_server_name ka moelelo o fapaneng.
С httpd_copy_ssl_files: true (ka ho sa feleng) litifikeiti tse ka holimo li lokela ho ba teng bukeng ea hau ea playbook mme li tla kopitsoa ho seva ebe li hlophisoa ka apache.
Haeba o batla ho sebelisa litifikeiti tse teng ho seva, kenya httpd_copy_ssl_files: false 'me u fane ka mefuta e latelang:
# These specifies to the vhost where to find on the remote server file
# system the certificate files.
httpd_ssl_cert_file_location: "/etc/pki/tls/certs/wildcard.vm.crt"
httpd_ssl_cert_key_location: "/etc/pki/tls/private/wildcard.vm.key"
# httpd_ssl_cert_chain_file_location: "{{ httpd_ssl_cert_file_location }}"httpd_ssl_cert_chain_file_location ke boikhethelo 'me e lokela ho tloheloa e sa hlophisoa haeba u sa batle ho hlophisa faele ea ketane
httpd_default_admin_email: "[email protected]"Beha aterese ea lengolo-tsoibila ea kamehla
LDAP Configuration
Likhokahano tsa LDAP le sebaka sa ts'ireletso li tingoa ka mokhoa oa kamehla
nexus_ldap_realm: false
ldap_connections: [], ntho e 'ngoe le e' ngoe e shebahala tjena:
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'My Company LDAP' # used as a key to update the ldap config
ldap_protocol: 'ldaps' # ldap or ldaps
ldap_hostname: 'ldap.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false # Wether or not to use certs in the nexus trust store
ldap_search_base: 'dc=mycompany,dc=net'
ldap_auth: 'none' # or simple
ldap_auth_username: 'username' # if auth = simple
ldap_auth_password: 'password' # if auth = simple
ldap_user_base_dn: 'ou=users'
ldap_user_filter: '(cn=*)' # (optional)
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_subtree: false
ldap_map_groups_as_roles: false
ldap_group_base_dn: 'ou=groups'
ldap_group_object_class: 'posixGroup'
ldap_group_id_attribute: 'cn'
ldap_group_member_attribute: 'memberUid'
ldap_group_member_format: '${username}'
ldap_group_subtree: falseMohlala tlhophiso ea LDAP bakeng sa netefatso e sa tsejoeng (tlamo e sa tsejoeng), sena hape ke "bonyane" tlhophiso:
nexus_ldap_realm: true
ldap_connection:
- ldap_name: 'Simplest LDAP config'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_search_base: 'dc=mycompany,dc=net'
ldap_port: 636
ldap_use_trust_store: false
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_object_class: 'inetOrgPerson'Mohlala oa tlhophiso ea LDAP bakeng sa netefatso e bonolo (ho sebelisa ak'haonte ea DSA):
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_subtree: falseMohlala oa tlhophiso ea LDAP bakeng sa netefatso e bonolo (ho sebelisa ak'haonte ea DSA) + lihlopha tse entsoeng ka 'mapa e le likarolo:
nexus_ldap_realm: true
ldap_connections
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_map_groups_as_roles: true
ldap_group_base_dn: 'ou=groups'
ldap_group_object_class: 'groupOfNames'
ldap_group_id_attribute: 'cn'
ldap_group_member_attribute: 'member'
ldap_group_member_format: 'uid=${username},ou=users,dc=mycompany,dc=net'
ldap_group_subtree: falseMohlala oa tlhophiso ea LDAP bakeng sa netefatso e bonolo (ho sebelisa ak'haonte ea DSA) + lihlopha tse entsoeng ka 'mapa e le mesebetsi:
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_map_groups_as_roles: true
ldap_map_groups_as_roles_type: 'dynamic'
ldap_user_memberof_attribute: 'memberOf'Tokelo
nexus_privileges:
- name: all-repos-read # used as key to update a privilege
# type: <one of application, repository-admin, repository-content-selector, repository-view, script or wildcard>
description: 'Read & Browse access to all repos'
repository: '*'
actions: # can be add, browse, create, delete, edit, read or * (all)
- read
- browse
# pattern: pattern
# domain: domain
# script_name: nameLethathamo la bakeng sa litlhophiso. Sheba litokomane le GUI ho lekola hore na ke mefuta efe e lokelang ho hlophisoa ho latela mofuta oa tokelo.
Lintlha tsena li kopantsoe le litekanyetso tse latelang tsa kamehla:
_nexus_privilege_defaults:
type: repository-view
format: maven2
actions:
- readLikarolo (ka hare ho Nexus sena se bolela)
nexus_roles:
- id: Developpers # can map to a LDAP group id, also used as a key to update a role
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
roles: [] # references to other role namesLethathamo la bakeng sa litlhophiso.
Basebelisi
nexus_local_users: []
# - username: jenkins # used as key to update
# state: present # default value if ommited, use 'absent' to remove user
# first_name: Jenkins
# last_name: CI
# email: [email protected]
# password: "s3cr3t"
# roles:
# - developers # role IDLethathamo la basebelisi ba lehae (bao e seng ba LDAP) /akhaonto ho theha ho nexus.
Lenane la basebedisi ba lehae (bao e seng ba LDAP) kapa diakhaonto tseo o ka di etsang ho Nexus.
nexus_ldap_users: []
# - username: j.doe
# state: present
# roles:
# - "nx-admin"Ldap 'mapa oa basebelisi/karolo. Naha absent e tla tlosa likarolo ho tsoa ho mosebelisi ea seng a ntse a le teng.
Basebelisi ba Ldap ha ba hlakoloe. Ho leka ho beha karolo bakeng sa mosebelisi ea seng teng ho tla baka phoso.
Bakhethi ba litaba
nexus_content_selectors:
- name: docker-login
description: Selector for docker login privilege
search_expression: format=="docker" and path=~"/v2/"Bakeng sa tlhaiso-leseling e batsi ka mokhethoa oa litaba, bona .
Ho sebelisa sekhetho sa litaba, eketsa monyetla o mocha ka type: repository-content-selector le malebacontentSelector
- name: docker-login-privilege
type: repository-content-selector
contentSelector: docker-login
description: 'Login to Docker registry'
repository: '*'
actions:
- read
- browseLi-blobstores le polokelo ea polokelo
nexus_delete_default_repos: falseHlakola li-repositories ho tloha ho nexus install configuration ea pele ea kamehla. Mohato ona o etsoa feela ha ho kengoa lekhetlo la pele (ha nexus_data_dir e fumanoe e se na letho).
Ho tlosa lipolokelo ho tlhophiso ea kamehla ea Nexus. Mohato ona o etsoa feela nakong ea ho kenya pele (ha nexus_data_dir qeka).
nexus_delete_default_blobstore: falseHlakola blobstore ea kamehla ho tloha ho nexus install configuration ea pele ea kamehla. Sena se ka etsoa feela haeba nexus_delete_default_repos: true 'me lipolokelo tsohle tse hlophisitsoeng (sheba ka tlase) li na le lintlha tse hlakileng blob_store: custom. Mohato ona o etsoa feela ha ho kengoa lekhetlo la pele (ha nexus_data_dir e fumanoe e se na letho).
Ho tlosa blob storage (binary artifacts) ho koetsoe ka ho sa feleng ho tloha ho tlhophiso ea pele. Ho tlosa blob storage (binary artifacts), tima nexus_delete_default_repos: true. Mohato ona o etsoa feela nakong ea ho kenya pele (ha nexus_data_dir qeka).
nexus_blobstores: []
# example blobstore item :
# - name: separate-storage
# type: file
# path: /mnt/custom/path
# - name: s3-blobstore
# type: S3
# config:
# bucket: s3-blobstore
# accessKeyId: "{{ VAULT_ENCRYPTED_KEY_ID }}"
# secretAccessKey: "{{ VAULT_ENCRYPTED_ACCESS_KEY }}"ho bopa. Tsela ea blobstore le polokelo ea polokelo ea polokelo e ke ke ea ntlafatsoa ka mor'a tlhahiso ea pele (ntlafatso efe kapa efe mona e tla hlokomolohuoa mabapi le tokiso hape).
Ho lokisa blobstore ho S3 ho fanoe ka mokhoa o bonolo 'me ha se karolo ea liteko tse ikemetseng tseo re li etsang ho travis. Ka kopo hlokomela hore ho boloka ho S3 ho khothaletsoa feela bakeng sa maemo a sebelisitsoeng ho AWS.
Pōpo . Tsela ea polokelo le polokelo ea polokelo e ke ke ea nchafatsoa ka mor'a pōpo ea pele (ntlafatso leha e le efe mona e tla hlokomolohuoa ha e kenngoa hape).
Ho theha polokelo ea blob ho S3 ho fanoa joalo ka boiketlo. Ka kopo hlokomela hore polokelo ea S3 e khothaletsoa feela maemong a sebelisoang ho AWS.
nexus_repos_maven_proxy:
- name: central
remote_url: 'https://repo1.maven.org/maven2/'
layout_policy: permissive
# maximum_component_age: -1
# maximum_metadata_age: 1440
# negative_cache_enabled: true
# negative_cache_ttl: 1440
- name: jboss
remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
# maximum_component_age: -1
# maximum_metadata_age: 1440
# negative_cache_enabled: true
# negative_cache_ttl: 1440
# example with a login/password :
# - name: secret-remote-repo
# remote_url: 'https://company.com/repo/secure/private/go/away'
# remote_username: 'username'
# remote_password: 'secret'
# # maximum_component_age: -1
# # maximum_metadata_age: 1440
# # negative_cache_enabled: true
# # negative_cache_ttl: 1440Ka holimo ke mohlala oa tlhophiso Maven.
nexus_repos_maven_hosted:
- name: private-release
version_policy: release
write_policy: allow_once # one of "allow", "allow_once" or "deny"Maven tlhophiso. Negative cache config ke boikhethelo 'me e tla ikhethela ho litekanyetso tse ka holimo haeba e siiloe.
Moralo Maven. Tlhophiso e mpe ea "cache" (-1) ke ea boikhethelo 'me e tla ikamahanya le litekanyetso tse ka holimo haeba e sa boleloa.
nexus_repos_maven_group:
- name: public
member_repos:
- central
- jbossMoralo Maven.
Mefuta eohle e meraro ea polokelo e kopantsoe le litekanyetso tse latelang tsa kamehla:
_nexus_repos_maven_defaults:
blob_store: default # Note : cannot be updated once the repo has been created
strict_content_validation: true
version_policy: release # release, snapshot or mixed
layout_policy: strict # strict or permissive
write_policy: allow_once # one of "allow", "allow_once" or "deny"
maximum_component_age: -1 # Nexus gui default. For proxies only
maximum_metadata_age: 1440 # Nexus gui default. For proxies only
negative_cache_enabled: true # Nexus gui default. For proxies only
negative_cache_ttl: 1440 # Nexus gui default. For proxies onlyDocker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFS le mefuta ea polokelo ea yum:
sheba defaults/main.yml bakeng sa likhetho tsena:
Docker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFS le yum repositories li holofalitsoe ka ho sa feleng:
Bona defaults/main.yml bakeng sa likhetho tsena:
nexus_config_pypi: false
nexus_config_docker: false
nexus_config_raw: false
nexus_config_rubygems: false
nexus_config_bower: false
nexus_config_npm: false
nexus_config_gitlfs: false
nexus_config_yum: falseKa kopo elelloa hore o kanna oa hloka ho lumella libaka tse itseng tsa ts'ireletso haeba u batla ho sebelisa mefuta e meng ea polokelo ntle le maven. Sena ke leshano ka ho sa feleng
nexus_nuget_api_key_realm: false
nexus_npm_bearer_token_realm: false
nexus_docker_bearer_token_realm: false # required for docker anonymous accessRemote User Realm le eona e ka nolofalloa ho sebelisoa
nexus_rut_auth_realm: truemme sehlooho se ka hlophiswa ka ho hlalosa
nexus_rut_auth_header: "CUSTOM_HEADER"Mesebetsi e hlophisitsoeng
nexus_scheduled_tasks: []
# # Example task to compact blobstore :
# - name: compact-docker-blobstore
# cron: '0 0 22 * * ?'
# typeId: blobstore.compact
# task_alert_email: [email protected] # optional
# taskProperties:
# blobstoreName: {{ nexus_blob_names.docker.blob }} # all task attributes are stored as strings by nexus internally
# # Example task to purge maven snapshots
# - name: Purge-maven-snapshots
# cron: '0 50 23 * * ?'
# typeId: repository.maven.remove-snapshots
# task_alert_email: [email protected] # optional
# taskProperties:
# repositoryName: "*" # * for all repos. Change to a repository name if you only want a specific one
# minimumRetained: "2"
# snapshotRetentionDays: "2"
# gracePeriodInDays: "2"
# booleanTaskProperties:
# removeIfReleased: true
# # Example task to purge unused docker manifest and images
# - name: Purge unused docker manifests and images
# cron: '0 55 23 * * ?'
# typeId: "repository.docker.gc"
# task_alert_email: [email protected] # optional
# taskProperties:
# repositoryName: "*" # * for all repos. Change to a repository name if you only want a specific one
# # Example task to purge incomplete docker uploads
# - name: Purge incomplete docker uploads
# cron: '0 0 0 * * ?'
# typeId: "repository.docker.upload-purge"
# task_alert_email: [email protected] # optional
# taskProperties:
# age: "24" bakeng sa litlhophiso. typeId le mosebetsi o khethehilengtaskProperties/booleanTaskProperties u ka inahanela:
- ho tsoa ho sehlopha sa mofuta oa Java
org.sonatype.nexus.scheduling.TaskDescriptorSupport - ho hlahloba foromo ea tlhahiso ea mesebetsi ea HTML ho sebatli sa hau
- ho tloha ho shebella likopo tsa AJAX ho sebatli ha u theha mosebetsi ka letsoho.
Mehaho ea mosebetsi e tlameha ho phatlalatsoa ka har'a block yaml e nepahetseng ho latela mofuta oa eona:
taskPropertiesbakeng sa thepa eohle ea likhoele (ke hore mabitso a polokelo, mabitso a polokelo, linako ...).booleanTaskPropertiesbakeng sa thepa eohle e utloahalang (ke hore, haholo-holo li-checkbox tse ho GUI ea mosebetsi oa pōpo ea Nexus).
Li-backups
nexus_backup_configure: false
nexus_backup_cron: '0 0 21 * * ?' # See cron expressions definition in nexus create task gui
nexus_backup_dir: '/var/nexus-backup'
nexus_restore_log: '{{ nexus_backup_dir }}/nexus-restore.log'
nexus_backup_rotate: false
nexus_backup_rotate_first: false
nexus_backup_keep_rotations: 4 # Keep 4 backup rotation by default (current + last 3)bekapo e ke ke ea hlophisoa ho fihlela u switjha nexus_backup_configure в true.
Tabeng ena, mosebetsi o hlophisitsoeng oa script o tla hlophisoa hore o sebetse ho Nexus
ka nako e boletsoeng ho nexus_backup_cron (ka ho sa feleng 21:00 letsatsi le letsatsi).
Sheba [groovy template bakeng sa mosebetsi ona](templates/backup.groovy.j2) bakeng sa lintlha.
Mosebetsi ona o hlophisitsoeng o ikemetse ho tse ling nexus_scheduled_taskstseo u
phatlalatsa bukeng ea hau ea ho bapala.
Haeba u batla ho potoloha / hlakola li-backups, kenya nexus_backup_rotate: true 'me u hlophise palo ea li-backups tseo u ka ratang ho li boloka u li sebelisa nexus_backup_keep_rotations (ka ho sa feleng 4).
Ha u sebelisa ho potoloha, haeba u batla ho boloka sebaka se eketsehileng sa disk nakong ea ts'ebetso ea ho boloka,
U ka kenya nexus_backup_rotate_first: true. Sena se tla hlophisa ho potoloha / ho hlakolwa pele ho bekapo. Ka kamehla, ho potoloha ho etsahala ka mor'a hore bekapo e etsoe. Ka kopo hlokomela hore tabeng ena li-backups tsa khale
e tla hlakoloa pele bekapo ea hajoale e etsoa.
Mokhoa oa ho hlaphoheloa
Matha buka ea ho bapala ka parameter -e nexus_restore_point=<YYYY-MM-dd-HH-mm-ss>
(mohlala, 2017-12-17-21-00-00 ka la 17 Tšitoe, 2017 ka 21:00
Ho tlosa khokahano
Tlhokomeliso: Sena se tla hlakola data ea hau ea hajoale ka botlalo. Etsa bonnete ba hore u etsa "backup" pejana haeba ho hlokahala
Sebelisa phetoho nexus_purgehaeba o hloka ho qala bocha ho tloha qalong ebe o kenya mohlala oa nexus ka data eohle e tlositsoeng.
ansible-playbook -i your/inventory.ini your_nexus_playbook.yml -e nexus_purge=trueFetola password ea motsamaisi ka mor'a ho kenya pele
nexus_default_admin_password: 'admin123'Sena ha sea lokela ho fetoloa bukeng ea hau ea ho bapala. Phapang ena e na le password ea kamehla ea Nexus admin ha e qala ho kenngoa mme e netefatsa hore re ka fetola password ea admin ho nexus_admin_password.
Haeba u batla ho fetola phasewete ea motsamaisi ka mor'a ho kenya pele, u ka e fetola ka nakoana ho password ea khale ho tloha molaong oa taelo. Ka mor'a phetoho nexus_admin_password bukeng ea hau ea ho bapala u ka matha:
ansible-playbook -i your/inventory.ini your_playbook.yml -e nexus_default_admin_password=oldPasswordSeteishene sa thelekramo ho Nexus Sonatype:
Ke basebelisi ba ngolisitsoeng feela ba ka kenyang letsoho phuputsong. ka kopo.
U sebelisa lipolokelo life tsa maiketsetso?
-
Sonatype Nexus ke mahala
-
Sonatype Nexus e lefelletse
-
Artifactory ke mahala
-
Artifactory e lefuoang
-
Haruo
-
Makhasi ao
Basebelisi ba 9 ba ile ba khetha. Basebelisi ba 3 ba hanne.
Source: www.habr.com