Sonatype Nexus mangrupikeun platform terpadu dimana pamekar tiasa proksi, nyimpen sareng ngatur katergantungan Java (Maven), Docker, Python, Ruby, NPM, gambar Bower, bungkusan RPM, gitlfs, Apt, Go, Nuget, sareng nyebarkeun kaamanan parangkat lunakna.
Naha anjeun peryogi Sonatype Nexus?
- Pikeun nyimpen artefak swasta;
- Pikeun artefak cache anu diunduh tina Internét;
Artefak anu dirojong dina pakét Sonatype Nexus dasar:
- Java, Maven (jar)
- Docker
- Python (pip)
- Ruby (permata)
- NPM
- Bowers
- Yum (rpm)
- gitlfs
- atah
- Apt (deb)
- Go
- Nuget
Artefak anu Dirojong Komunitas:
- komposer
- Conan
- CPAN
- ELPA
- helem
- P2
- R
Masang Sonatype Nexus ngagunakeun
sarat
- Baca ngeunaan ngagunakeun ansible dina Internét.
- Pasang ansible
pip install ansibledina workstation dimana playbook dijalankeun. - Masang dina workstation dimana playbook dijalankeun.
- Masang dina workstation dimana playbook dijalankeun.
- Peran ieu parantos diuji dina CentOS 7, Ubuntu Xenial (16.04) sareng Bionic (18.04), Debian Jessie sareng Stretch
jmespathPerpustakaan kudu dipasang dina workstation dimana playbook dijalankeun. Pikeun masang:sudo pip install -r requirements.txt- Simpen file playbook (conto di handap) kana file nexus.yml
- Jalankeun instalasi Nexus
ansible-playbook -i host nexus.yml
Conto ansible-playbook pikeun masang nexus tanpa LDAP sareng Maven (java), Docker, Python, Ruby, NPM, Bower, RPM sareng repositori gitlfs.
---
- name: Nexus
hosts: nexus
become: yes
vars:
nexus_timezone: 'Asia/Omsk'
nexus_admin_password: "admin123"
nexus_public_hostname: 'apatsev-nexus-playbook'
httpd_setup_enable: false
nexus_privileges:
- name: all-repos-read
description: 'Read & Browse access to all repos'
repository: '*'
actions:
- read
- browse
- name: company-project-deploy
description: 'Deployments to company-project'
repository: company-project
actions:
- add
- edit
nexus_roles:
- id: Developpers # maps to the LDAP group
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
- company-project-deploy
roles: []
nexus_local_users:
- username: jenkins # used as key to update
first_name: Jenkins
last_name: CI
email: [email protected]
password: "s3cr3t"
roles:
- Developpers # role ID here
nexus_blobstores:
- name: company-artifacts
path: /var/nexus/blobs/company-artifacts
nexus_scheduled_tasks:
- name: compact-blobstore
cron: '0 0 22 * * ?'
typeId: blobstore.compact
taskProperties:
blobstoreName: 'company-artifacts'
nexus_repos_maven_proxy:
- name: central
remote_url: 'https://repo1.maven.org/maven2/'
layout_policy: permissive
- name: jboss
remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
- name: vaadin-addons
remote_url: 'https://maven.vaadin.com/vaadin-addons/'
- name: jaspersoft
remote_url: 'https://jaspersoft.artifactoryonline.com/jaspersoft/jaspersoft-repo/'
version_policy: mixed
nexus_repos_maven_hosted:
- name: company-project
version_policy: mixed
write_policy: allow
blob_store: company-artifacts
nexus_repos_maven_group:
- name: public
member_repos:
- central
- jboss
- vaadin-addons
- jaspersoft
# Yum. Change nexus_config_yum to true for create yum repository
nexus_config_yum: true
nexus_repos_yum_hosted:
- name: private_yum_centos_7
repodata_depth: 1
nexus_repos_yum_proxy:
- name: epel_centos_7_x86_64
remote_url: http://download.fedoraproject.org/pub/epel/7/x86_64
maximum_component_age: -1
maximum_metadata_age: -1
negative_cache_ttl: 60
- name: centos-7-os-x86_64
remote_url: http://mirror.centos.org/centos/7/os/x86_64/
maximum_component_age: -1
maximum_metadata_age: -1
negative_cache_ttl: 60
nexus_repos_yum_group:
- name: yum_all
member_repos:
- private_yum_centos_7
- epel_centos_7_x86_64
# NPM. Change nexus_config_npm to true for create npm repository
nexus_config_npm: true
nexus_repos_npm_hosted: []
nexus_repos_npm_group:
- name: npm-public
member_repos:
- npm-registry
nexus_repos_npm_proxy:
- name: npm-registry
remote_url: https://registry.npmjs.org/
negative_cache_enabled: false
# Docker. Change nexus_config_docker to true for create docker repository
nexus_config_docker: true
nexus_repos_docker_hosted:
- name: docker-hosted
http_port: "{{ nexus_docker_hosted_port }}"
v1_enabled: True
nexus_repos_docker_proxy:
- name: docker-proxy
http_port: "{{ nexus_docker_proxy_port }}"
v1_enabled: True
index_type: "HUB"
remote_url: "https://registry-1.docker.io"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_docker_group:
- name: docker-group
http_port: "{{ nexus_docker_group_port }}"
v1_enabled: True
member_repos:
- docker-hosted
- docker-proxy
# Bower. Change nexus_config_bower to true for create bower repository
nexus_config_bower: true
nexus_repos_bower_hosted:
- name: bower-hosted
nexus_repos_bower_proxy:
- name: bower-proxy
index_type: "proxy"
remote_url: "https://registry.bower.io"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_bower_group:
- name: bower-group
member_repos:
- bower-hosted
- bower-proxy
# Pypi. Change nexus_config_pypi to true for create pypi repository
nexus_config_pypi: true
nexus_repos_pypi_hosted:
- name: pypi-hosted
nexus_repos_pypi_proxy:
- name: pypi-proxy
index_type: "proxy"
remote_url: "https://pypi.org/"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_pypi_group:
- name: pypi-group
member_repos:
- pypi-hosted
- pypi-proxy
# rubygems. Change nexus_config_rubygems to true for create rubygems repository
nexus_config_rubygems: true
nexus_repos_rubygems_hosted:
- name: rubygems-hosted
nexus_repos_rubygems_proxy:
- name: rubygems-proxy
index_type: "proxy"
remote_url: "https://rubygems.org"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_rubygems_group:
- name: rubygems-group
member_repos:
- rubygems-hosted
- rubygems-proxy
# gitlfs. Change nexus_config_gitlfs to true for create gitlfs repository
nexus_config_gitlfs: true
nexus_repos_gitlfs_hosted:
- name: gitlfs-hosted
roles:
- { role: geerlingguy.java }
# Debian/Ubuntu only
# - { role: geerlingguy.apache, apache_create_vhosts: no, apache_mods_enabled: ["proxy_http.load", "headers.load"], apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
# RedHat/CentOS only
- { role: geerlingguy.apache, apache_create_vhosts: no, apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
- { role: ansible-thoteam.nexus3-oss, tags: ['ansible-thoteam.nexus3-oss'] }Tangkepan layar:
Peran variabel
Variabel Peran
Variabel kalayan nilai standar (tingali default/main.yml):
Variabel umum
nexus_version: ''
nexus_timezone: 'UTC'Sacara standar, peran bakal masang versi panganyarna tina Nexus sadia. Anjeun tiasa ngalereskeun versi ku cara ngarobah variabel nexus_version. Tempo versi sadia di .
Upami anjeun ngarobih kana versi anu langkung énggal, peran éta bakal nyobian ngapdet pamasangan Nexus anjeun.
Upami anjeun nganggo versi Nexus anu langkung lami tibatan anu panganyarna, anjeun kedah mastikeun yén anjeun henteu nganggo fitur anu henteu sayogi dina sékrési anu dipasang (contona, hosting repositori yum sayogi pikeun nexus langkung ageung tibatan 3.8.0, git lfs repo. pikeun nexus leuwih gede ti 3.3.0 jsb.)
nexus timezone nyaeta nami zona waktu Java, nu bisa jadi mangpaat dina kombinasi jeung ungkapan cron handap pikeun tugas nexus_scheduled.
port Nexus jeung jalur konteks
nexus_default_port: 8081
nexus_default_context_path: '/'Port sareng jalur kontéks prosés sambungan Java. nexus_default_context_path kudu ngandung garis miring maju nalika disetel, misalna: nexus_default_context_path: '/nexus/'.
Pangguna sareng Grup Nexus OS
nexus_os_group: 'nexus'
nexus_os_user: 'nexus'Pamaké sareng grup anu biasa gaduh file Nexus sareng ngajalankeun jasa bakal didamel ku peran upami aya anu leungit.
nexus_os_user_home_dir: '/home/nexus'Ngidinan ngarobah diréktori home standar pikeun pamaké Nexus
Diréktori conto Nexus
nexus_installation_dir: '/opt'
nexus_data_dir: '/var/nexus'
nexus_tmp_dir: "{{ (ansible_os_family == 'RedHat') | ternary('/var/nexus-tmp', '/tmp/nexus') }}"Katalog Nexus.
nexus_installation_dirngandung file laksana dipasangnexus_data_dirngandung sakabéh konfigurasi, repositories jeung artefak diundeur. Jalur blobstore customnexus_data_dirbisa ngaropéa, tingali di handapnexus_blobstores.nexus_tmp_dirngandung sakabéh file samentara. Jalur standar pikeun redhat geus dipindahkeun tina/tmppikeun ngatasi masalah poténsial sareng prosedur beberesih otomatis. Tingali #168.
Ngonpigurasikeun Nexus JVM Pamakéan Mémori
nexus_min_heap_size: "1200M"
nexus_max_heap_size: "{{ nexus_min_heap_size }}"
nexus_max_direct_memory: "2G"Ieu mangrupikeun setélan standar pikeun Nexus. Mangga ulah ngarobah nilai ieu Upami anjeun teu acan maca sareng teu ngartos naon anu aranjeunna lakukeun.
Salaku peringatan kadua, ieu mangrupikeun kutipan tina dokumén di luhur:
Henteu disarankeun pikeun ningkatkeun mémori tumpukan JVM saluareun nilai anu disarankeun dina usaha ningkatkeun kamampuan. Ieu sabenerna bisa boga pangaruh sabalikna, hasilna karya teu perlu pikeun sistem operasi.
Sandi administrator
nexus_admin_password: 'changeme'Sandi akun "admin" pikeun setelan. Ieu ukur jalan dina instalasi standar munggaran. Mangga tingali [Ganti kecap akses admin saatos pamasangan munggaran](# change-admin-password-after-first-install) upami anjeun hoyong ngarobih engké nganggo peran.
Disarankeun pisan henteu nyimpen kecap akses anjeun dina téks anu jelas dina playbook, tapi nganggo [enkripsi ansible-vault] () (boh inline atawa dina file misah dimuat ku misalna include_vars)
Aksés anonim sacara standar
nexus_anonymous_access: falseAksés anonim ditumpurkeun sacara standar. Baca leuwih seueur tentang .
Ngaran host umum
nexus_public_hostname: 'nexus.vm'
nexus_public_scheme: httpsNgaran domain sareng skéma anu mumpuni sapinuhna (https atanapi http) dimana conto Nexus bakal sayogi pikeun klienna.
aksés API pikeun peran ieu
nexus_api_hostname: localhost
nexus_api_scheme: http
nexus_api_validate_certs: "{{ nexus_api_scheme == 'https' }}"
nexus_api_context_path: "{{ nexus_default_context_path }}"
nexus_api_port: "{{ nexus_default_port }}"Variabel ieu ngadalikeun kumaha peranna nyambung ka Nexus API pikeun provisioning.
Pikeun pamaké canggih wungkul. Anjeun panginten henteu hoyong ngarobih setélan standar ieu
Nyetél proxy sabalikna
httpd_setup_enable: false
httpd_server_name: "{{ nexus_public_hostname }}"
httpd_default_admin_email: "[email protected]"
httpd_ssl_certificate_file: 'files/nexus.vm.crt'
httpd_ssl_certificate_key_file: 'files/nexus.vm.key'
# httpd_ssl_certificate_chain_file: "{{ httpd_ssl_certificate_file }}"
httpd_copy_ssl_files: trueMasang .
Jang ngalampahkeun ieu anjeun kudu masang httpd. Catetan: nalika keur httpd_setup_enable set nilaitrue, kontak Nexus 127.0.0.1:8081, sahingga teu diaksés langsung via port HTTP 8081 tina alamat IP éksternal.
Ngaran host standar anu dianggo nyaéta nexus_public_hostname. Upami anjeun peryogi nami anu béda pikeun sababaraha alesan, anjeun tiasa nyetél httpd_server_name kalawan harti anu béda.
С httpd_copy_ssl_files: true (sacara standar) sertipikat di luhur kedah aya dina diréktori playbook anjeun sareng bakal ditiron ka server sareng dikonpigurasi dina Apache.
Upami anjeun hoyong nganggo sertipikat anu aya dina server, pasang httpd_copy_ssl_files: false sarta nyadiakeun variabel handap:
# These specifies to the vhost where to find on the remote server file
# system the certificate files.
httpd_ssl_cert_file_location: "/etc/pki/tls/certs/wildcard.vm.crt"
httpd_ssl_cert_key_location: "/etc/pki/tls/private/wildcard.vm.key"
# httpd_ssl_cert_chain_file_location: "{{ httpd_ssl_cert_file_location }}"httpd_ssl_cert_chain_file_location nyaeta pilihan jeung kudu ditinggalkeun unset lamun teu hayang ngaropéa file ranté
httpd_default_admin_email: "[email protected]"Setel alamat surélék admin standar
Konfigurasi LDAP
Sambungan LDAP sareng alam kaamanan ditumpurkeun sacara standar
nexus_ldap_realm: false
ldap_connections: [], unggal unsur katingalina kieu:
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'My Company LDAP' # used as a key to update the ldap config
ldap_protocol: 'ldaps' # ldap or ldaps
ldap_hostname: 'ldap.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false # Wether or not to use certs in the nexus trust store
ldap_search_base: 'dc=mycompany,dc=net'
ldap_auth: 'none' # or simple
ldap_auth_username: 'username' # if auth = simple
ldap_auth_password: 'password' # if auth = simple
ldap_user_base_dn: 'ou=users'
ldap_user_filter: '(cn=*)' # (optional)
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_subtree: false
ldap_map_groups_as_roles: false
ldap_group_base_dn: 'ou=groups'
ldap_group_object_class: 'posixGroup'
ldap_group_id_attribute: 'cn'
ldap_group_member_attribute: 'memberUid'
ldap_group_member_format: '${username}'
ldap_group_subtree: falseConto konfigurasi LDAP pikeun auténtikasi anonim (ngariung anonim), ieu ogé konfigurasi "minimal":
nexus_ldap_realm: true
ldap_connection:
- ldap_name: 'Simplest LDAP config'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_search_base: 'dc=mycompany,dc=net'
ldap_port: 636
ldap_use_trust_store: false
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_object_class: 'inetOrgPerson'Conto konfigurasi LDAP pikeun auténtikasi basajan (ngagunakeun akun DSA):
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_subtree: falseConto konfigurasi LDAP pikeun auténtikasi basajan (ngagunakeun akun DSA) + grup dipetakeun salaku peran:
nexus_ldap_realm: true
ldap_connections
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_map_groups_as_roles: true
ldap_group_base_dn: 'ou=groups'
ldap_group_object_class: 'groupOfNames'
ldap_group_id_attribute: 'cn'
ldap_group_member_attribute: 'member'
ldap_group_member_format: 'uid=${username},ou=users,dc=mycompany,dc=net'
ldap_group_subtree: falseConto konfigurasi LDAP pikeun auténtikasi basajan (ngagunakeun akun DSA) + grup sacara dinamis dipetakeun salaku peran:
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_map_groups_as_roles: true
ldap_map_groups_as_roles_type: 'dynamic'
ldap_user_memberof_attribute: 'memberOf'Kaistimewaan
nexus_privileges:
- name: all-repos-read # used as key to update a privilege
# type: <one of application, repository-admin, repository-content-selector, repository-view, script or wildcard>
description: 'Read & Browse access to all repos'
repository: '*'
actions: # can be add, browse, create, delete, edit, read or * (all)
- read
- browse
# pattern: pattern
# domain: domain
# script_name: namedaptar pikeun setélan. Tingali kana dokuméntasi sareng GUI pikeun mariksa variabel mana anu kedah diatur gumantung kana jinis hak husus.
Unsur-unsur ieu digabungkeun sareng nilai standar ieu:
_nexus_privilege_defaults:
type: repository-view
format: maven2
actions:
- readPeran (dina Nexus ieu hartosna)
nexus_roles:
- id: Developpers # can map to a LDAP group id, also used as a key to update a role
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
roles: [] # references to other role namesdaptar pikeun setélan.
Pamaké
nexus_local_users: []
# - username: jenkins # used as key to update
# state: present # default value if ommited, use 'absent' to remove user
# first_name: Jenkins
# last_name: CI
# email: [email protected]
# password: "s3cr3t"
# roles:
# - developers # role IDDaptar pamaké / akun lokal (non-LDAP) pikeun didamel dina nexus.
Daptar pamaké/akun lokal (non-LDAP) pikeun dijieun dina Nexus.
nexus_ldap_users: []
# - username: j.doe
# state: present
# roles:
# - "nx-admin"Ldap pemetaan pamaké / kalungguhan. Nagara absent bakal ngahapus peran ti pangguna anu tos aya upami anu parantos aya.
pamaké Ldap teu dihapus. Nyobian nyetél peran pikeun pangguna anu henteu aya bakal nyababkeun kasalahan.
Pamilih eusi
nexus_content_selectors:
- name: docker-login
description: Selector for docker login privilege
search_expression: format=="docker" and path=~"/v2/"Kanggo inpo nu langkung lengkep ihwal pamilih eusi, tingali .
Pikeun make pamilih eusi, tambahkeun hak husus anyar kalawan type: repository-content-selector sarta relevancontentSelector
- name: docker-login-privilege
type: repository-content-selector
contentSelector: docker-login
description: 'Login to Docker registry'
repository: '*'
actions:
- read
- browseBlobstores na repositories
nexus_delete_default_repos: falsePupus repositori tina nexus install konfigurasi standar awal. Léngkah ieu ngan dieksekusi dina pamasangan mimitina (nalika nexus_data_dir geus dideteksi kosong).
Ngahapus repositori tina konfigurasi standar standar pikeun Nexus. Léngkah ieu ngan dilaksanakeun nalika pamasangan munggaran (sawaktos nexus_data_dir kosong).
nexus_delete_default_blobstore: falseHapus blobstore standar tina nexus install konfigurasi standar awal. Ieu bisa dipigawé ngan lamun nexus_delete_default_repos: true sarta sakabeh repositories ngonpigurasi (tempo di handap) boga hiji eksplisit blob_store: custom. Léngkah ieu ngan dieksekusi dina pamasangan mimitina (nalika nexus_data_dir geus dideteksi kosong).
Nyoplokkeun gudang blob (artefak binér) ditumpurkeun sacara standar tina konfigurasi awal. Pikeun mupus gudang blob (artefak binér), pareuman nexus_delete_default_repos: true. Léngkah ieu ngan dilaksanakeun nalika pamasangan munggaran (sawaktos nexus_data_dir kosong).
nexus_blobstores: []
# example blobstore item :
# - name: separate-storage
# type: file
# path: /mnt/custom/path
# - name: s3-blobstore
# type: S3
# config:
# bucket: s3-blobstore
# accessKeyId: "{{ VAULT_ENCRYPTED_KEY_ID }}"
# secretAccessKey: "{{ VAULT_ENCRYPTED_ACCESS_KEY }}"ngadamel. Jalur blobstore sareng blobstore Repository teu tiasa diénggalan saatos nyiptakeun awal (ngamutahirkeun naon waé di dieu bakal dipaliré dina provisioning ulang).
Ngonpigurasikeun blobstore on S3 disadiakeun salaku genah tur teu bagian tina tés otomatis urang ngajalankeun on travis. Punten dicatet yén nyimpen dina S3 ngan disarankeun pikeun instansi anu dipasang dina AWS.
Ciptaan . Jalur panyimpen sareng gudang panyimpen teu tiasa diénggalan saatos nyiptakeun awal (upami pembaruan di dieu bakal dipaliré nalika dipasang deui).
Nyetél gudang blob on S3 disadiakeun salaku genah a. Perhatikeun yén gudang S3 ngan dianjurkeun pikeun instansi deployed on AWS.
nexus_repos_maven_proxy:
- name: central
remote_url: 'https://repo1.maven.org/maven2/'
layout_policy: permissive
# maximum_component_age: -1
# maximum_metadata_age: 1440
# negative_cache_enabled: true
# negative_cache_ttl: 1440
- name: jboss
remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
# maximum_component_age: -1
# maximum_metadata_age: 1440
# negative_cache_enabled: true
# negative_cache_ttl: 1440
# example with a login/password :
# - name: secret-remote-repo
# remote_url: 'https://company.com/repo/secure/private/go/away'
# remote_username: 'username'
# remote_password: 'secret'
# # maximum_component_age: -1
# # maximum_metadata_age: 1440
# # negative_cache_enabled: true
# # negative_cache_ttl: 1440Di luhur aya conto konfigurasi Maven.
nexus_repos_maven_hosted:
- name: private-release
version_policy: release
write_policy: allow_once # one of "allow", "allow_once" or "deny"Maven konfigurasi. Konfigurasi cache négatip nyaéta opsional sareng bakal ditunakeun kana nilai di luhur upami dileungitkeun.
Konfigurasi Maven. Konfigurasi cache négatip (-1) opsional sareng bakal ditunakeun kana nilai-nilai di luhur upami henteu dieusian.
nexus_repos_maven_group:
- name: public
member_repos:
- central
- jbossKonfigurasi Maven.
Tilu jinis gudang digabungkeun sareng nilai standar ieu:
_nexus_repos_maven_defaults:
blob_store: default # Note : cannot be updated once the repo has been created
strict_content_validation: true
version_policy: release # release, snapshot or mixed
layout_policy: strict # strict or permissive
write_policy: allow_once # one of "allow", "allow_once" or "deny"
maximum_component_age: -1 # Nexus gui default. For proxies only
maximum_metadata_age: 1440 # Nexus gui default. For proxies only
negative_cache_enabled: true # Nexus gui default. For proxies only
negative_cache_ttl: 1440 # Nexus gui default. For proxies onlyDocker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFS sareng jinis gudang yum:
tempo defaults/main.yml pikeun pilihan ieu:
Docker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFS sareng repositori yum ditumpurkeun sacara standar:
Tempo defaults/main.yml pikeun pilihan ieu:
nexus_config_pypi: false
nexus_config_docker: false
nexus_config_raw: false
nexus_config_rubygems: false
nexus_config_bower: false
nexus_config_npm: false
nexus_config_gitlfs: false
nexus_config_yum: falsePunten dicatet yén anjeun kedah ngaktipkeun skop kaamanan anu tangtu upami anjeun hoyong nganggo jinis repositori sanés sanés maven. Ieu palsu sacara standar
nexus_nuget_api_key_realm: false
nexus_npm_bearer_token_realm: false
nexus_docker_bearer_token_realm: false # required for docker anonymous accessRealm Pamaké Jauh ogé tiasa diaktipkeun nganggo
nexus_rut_auth_realm: truejeung judulna bisa ngaropéa ku watesan
nexus_rut_auth_header: "CUSTOM_HEADER"tugas dijadwalkeun
nexus_scheduled_tasks: []
# # Example task to compact blobstore :
# - name: compact-docker-blobstore
# cron: '0 0 22 * * ?'
# typeId: blobstore.compact
# task_alert_email: [email protected] # optional
# taskProperties:
# blobstoreName: {{ nexus_blob_names.docker.blob }} # all task attributes are stored as strings by nexus internally
# # Example task to purge maven snapshots
# - name: Purge-maven-snapshots
# cron: '0 50 23 * * ?'
# typeId: repository.maven.remove-snapshots
# task_alert_email: [email protected] # optional
# taskProperties:
# repositoryName: "*" # * for all repos. Change to a repository name if you only want a specific one
# minimumRetained: "2"
# snapshotRetentionDays: "2"
# gracePeriodInDays: "2"
# booleanTaskProperties:
# removeIfReleased: true
# # Example task to purge unused docker manifest and images
# - name: Purge unused docker manifests and images
# cron: '0 55 23 * * ?'
# typeId: "repository.docker.gc"
# task_alert_email: [email protected] # optional
# taskProperties:
# repositoryName: "*" # * for all repos. Change to a repository name if you only want a specific one
# # Example task to purge incomplete docker uploads
# - name: Purge incomplete docker uploads
# cron: '0 0 0 * * ?'
# typeId: "repository.docker.upload-purge"
# task_alert_email: [email protected] # optional
# taskProperties:
# age: "24" pikeun setélan. typeId jeung tugas husustaskProperties/booleanTaskProperties anjeun tiasa nebak boh:
- ti hierarki tipe Java
org.sonatype.nexus.scheduling.TaskDescriptorSupport - mariksa formulir kreasi tugas HTML dina panyungsi anjeun
- tina ningali pamundut AJAX dina browser nalika sacara manual nyetél tugas.
Sipat tugas kedah dinyatakeun dina blok yaml anu leres gumantung kana jinisna:
taskPropertiespikeun sakabéh sipat string (ie ngaran gudang, ngaran gudang, perioda waktu ...).booleanTaskPropertiespikeun sakabéh sipat logis (i.e. utamana kotak centang dina GUI tina tugas nyiptakeun Nexus).
Cadangan
nexus_backup_configure: false
nexus_backup_cron: '0 0 21 * * ?' # See cron expressions definition in nexus create task gui
nexus_backup_dir: '/var/nexus-backup'
nexus_restore_log: '{{ nexus_backup_dir }}/nexus-restore.log'
nexus_backup_rotate: false
nexus_backup_rotate_first: false
nexus_backup_keep_rotations: 4 # Keep 4 backup rotation by default (current + last 3)Nyadangkeun moal ngonpigurasi dugi ka pindah nexus_backup_configure в true.
Dina hal ieu, tugas skrip anu dijadwalkeun bakal dikonpigurasi pikeun dijalankeun dina Nexus
dina interval nu ditangtukeun dina nexus_backup_cron (standar 21:00 unggal poé).
Tempo [témplat groovy pikeun tugas ieu] (templates/backup.groovy.j2) pikeun detil.
tugas dijadwalkeun ieu bebas batur nexus_scheduled_tasksanu anjeun
ngumumkeun dina playbook Anjeun.
Upami anjeun hoyong muterkeun / mupus cadangan, pasang nexus_backup_rotate: true sareng ngonpigurasikeun jumlah cadangan anu anjeun hoyong simpen nganggo nexus_backup_keep_rotations (standar 4).
Nalika nganggo rotasi, upami anjeun hoyong ngahémat rohangan disk tambahan salami prosés cadangan,
Anjeun tiasa install nexus_backup_rotate_first: true. Ieu bakal ngonpigurasikeun pre-rotasi/ngahapus saméméh cadangan. Sacara standar, rotasi lumangsung sanggeus cadangan dijieun. Perhatikeun yén dina hal ieu cadangan heubeul
bakal dipupus saméméh cadangan ayeuna dijieun.
Prosedur recovery
Ngajalankeun playbook kalawan parameter -e nexus_restore_point=<YYYY-MM-dd-HH-mm-ss>
(contona, 2017-12-17-21-00 pikeun 00 Désémber 17 di 2017:21
Ngahapus nexus
Awas: Ieu bakal ngahapus lengkep data anjeun ayeuna. Pastikeun pikeun nyieun cadangan saméméhna lamun perlu
Paké variabel a nexus_purgeupami anjeun kedah ngabalikan deui ti mimiti sareng pasang deui conto nexus sareng sadaya data dihapus.
ansible-playbook -i your/inventory.ini your_nexus_playbook.yml -e nexus_purge=trueRobah sandi administrator saatos instalasi munggaran
nexus_default_admin_password: 'admin123'Ieu teu kudu dirobah dina playbook Anjeun. Variabel ieu dieusi ku kecap akses admin Nexus standar nalika mimiti dipasang sareng mastikeun yén urang tiasa ngarobih sandi admin nexus_admin_password.
Upami anjeun hoyong ngarobih sandi administrator saatos pamasangan anu munggaran, anjeun tiasa samentawis ngarobih kana sandi lami tina garis paréntah. Sanggeus robah nexus_admin_password dina playbook anjeun anjeun tiasa ngajalankeun:
ansible-playbook -i your/inventory.ini your_playbook.yml -e nexus_default_admin_password=oldPasswordSaluran Telegram dina Nexus Sonatype:
Ngan pamaké nu kadaptar bisa ilubiung dina survey. , Punten.
Repositories artefak naon anu anjeun anggo?
-
Sonatype Nexus gratis
-
Sonatype Nexus mayar
-
Artifactory gratis
-
Artifactory dibayar
-
palabuhan
-
bubur
9 pamaké milih. 3 pamaké abstained.
sumber: www.habr.com