Sonatype Nexus ni jukwaa lililojumuishwa ambalo wasanidi programu wanaweza kutumia seva mbadala, kuhifadhi na kudhibiti vitegemezi vya Java (Maven), Docker, Python, Ruby, NPM, picha za Bower, vifurushi vya RPM, gitlfs, Apt, Go, Nuget, na kusambaza usalama wa programu zao.
Kwa nini unahitaji Sonatype Nexus?
- Kwa kuhifadhi mabaki ya kibinafsi;
- Kwa mabaki ya caching ambayo yanapakuliwa kutoka kwenye mtandao;
Vizalia vya programu vinavyotumika katika kifurushi cha msingi cha Sonatype Nexus:
- Java, Maven (jar)
- Docker
- Chatu (bomba)
- Ruby (vito)
- NPM
- Mzito
- Yum (rpm)
- gitlfs
- Ghafi
- Apt (deni)
- Go
- Nuget
Vipengee Vilivyoainishwa na Jumuiya:
- Kutunga
- Conan
- CPAN
- ELPA
- Helm
- P2
- R
Inasakinisha Sonatype Nexus kwa kutumia
Mahitaji
- Soma juu ya kutumia busara kwenye mtandao.
- Sakinisha inavyowezekana
pip install ansiblekwenye kituo cha kazi ambapo kitabu cha kucheza kinaendeshwa. - Weka kwenye kituo cha kazi ambapo kitabu cha kucheza kinaendeshwa.
- Weka kwenye kituo cha kazi ambapo kitabu cha kucheza kinaendeshwa.
- Jukumu hili limejaribiwa kwenye CentOS 7, Ubuntu Xenial (16.04) na Bionic (18.04), Debian Jessie na Stretch.
jmespathNi lazima maktaba isakinishwe kwenye kituo cha kazi ambapo kitabu cha kucheza kinaendeshwa. Ili kusakinisha:sudo pip install -r requirements.txt- Hifadhi faili ya kitabu cha kucheza (mfano hapa chini) kwenye faili ya nexus.yml
- Endesha usakinishaji wa nexus
ansible-playbook -i host nexus.yml
Mfano ansible-playbook kwa kusakinisha nexus bila LDAP na Maven (java), Docker, Python, Ruby, NPM, Bower, RPM na hazina za gitlfs.
---
- name: Nexus
hosts: nexus
become: yes
vars:
nexus_timezone: 'Asia/Omsk'
nexus_admin_password: "admin123"
nexus_public_hostname: 'apatsev-nexus-playbook'
httpd_setup_enable: false
nexus_privileges:
- name: all-repos-read
description: 'Read & Browse access to all repos'
repository: '*'
actions:
- read
- browse
- name: company-project-deploy
description: 'Deployments to company-project'
repository: company-project
actions:
- add
- edit
nexus_roles:
- id: Developpers # maps to the LDAP group
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
- company-project-deploy
roles: []
nexus_local_users:
- username: jenkins # used as key to update
first_name: Jenkins
last_name: CI
email: [email protected]
password: "s3cr3t"
roles:
- Developpers # role ID here
nexus_blobstores:
- name: company-artifacts
path: /var/nexus/blobs/company-artifacts
nexus_scheduled_tasks:
- name: compact-blobstore
cron: '0 0 22 * * ?'
typeId: blobstore.compact
taskProperties:
blobstoreName: 'company-artifacts'
nexus_repos_maven_proxy:
- name: central
remote_url: 'https://repo1.maven.org/maven2/'
layout_policy: permissive
- name: jboss
remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
- name: vaadin-addons
remote_url: 'https://maven.vaadin.com/vaadin-addons/'
- name: jaspersoft
remote_url: 'https://jaspersoft.artifactoryonline.com/jaspersoft/jaspersoft-repo/'
version_policy: mixed
nexus_repos_maven_hosted:
- name: company-project
version_policy: mixed
write_policy: allow
blob_store: company-artifacts
nexus_repos_maven_group:
- name: public
member_repos:
- central
- jboss
- vaadin-addons
- jaspersoft
# Yum. Change nexus_config_yum to true for create yum repository
nexus_config_yum: true
nexus_repos_yum_hosted:
- name: private_yum_centos_7
repodata_depth: 1
nexus_repos_yum_proxy:
- name: epel_centos_7_x86_64
remote_url: http://download.fedoraproject.org/pub/epel/7/x86_64
maximum_component_age: -1
maximum_metadata_age: -1
negative_cache_ttl: 60
- name: centos-7-os-x86_64
remote_url: http://mirror.centos.org/centos/7/os/x86_64/
maximum_component_age: -1
maximum_metadata_age: -1
negative_cache_ttl: 60
nexus_repos_yum_group:
- name: yum_all
member_repos:
- private_yum_centos_7
- epel_centos_7_x86_64
# NPM. Change nexus_config_npm to true for create npm repository
nexus_config_npm: true
nexus_repos_npm_hosted: []
nexus_repos_npm_group:
- name: npm-public
member_repos:
- npm-registry
nexus_repos_npm_proxy:
- name: npm-registry
remote_url: https://registry.npmjs.org/
negative_cache_enabled: false
# Docker. Change nexus_config_docker to true for create docker repository
nexus_config_docker: true
nexus_repos_docker_hosted:
- name: docker-hosted
http_port: "{{ nexus_docker_hosted_port }}"
v1_enabled: True
nexus_repos_docker_proxy:
- name: docker-proxy
http_port: "{{ nexus_docker_proxy_port }}"
v1_enabled: True
index_type: "HUB"
remote_url: "https://registry-1.docker.io"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_docker_group:
- name: docker-group
http_port: "{{ nexus_docker_group_port }}"
v1_enabled: True
member_repos:
- docker-hosted
- docker-proxy
# Bower. Change nexus_config_bower to true for create bower repository
nexus_config_bower: true
nexus_repos_bower_hosted:
- name: bower-hosted
nexus_repos_bower_proxy:
- name: bower-proxy
index_type: "proxy"
remote_url: "https://registry.bower.io"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_bower_group:
- name: bower-group
member_repos:
- bower-hosted
- bower-proxy
# Pypi. Change nexus_config_pypi to true for create pypi repository
nexus_config_pypi: true
nexus_repos_pypi_hosted:
- name: pypi-hosted
nexus_repos_pypi_proxy:
- name: pypi-proxy
index_type: "proxy"
remote_url: "https://pypi.org/"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_pypi_group:
- name: pypi-group
member_repos:
- pypi-hosted
- pypi-proxy
# rubygems. Change nexus_config_rubygems to true for create rubygems repository
nexus_config_rubygems: true
nexus_repos_rubygems_hosted:
- name: rubygems-hosted
nexus_repos_rubygems_proxy:
- name: rubygems-proxy
index_type: "proxy"
remote_url: "https://rubygems.org"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_rubygems_group:
- name: rubygems-group
member_repos:
- rubygems-hosted
- rubygems-proxy
# gitlfs. Change nexus_config_gitlfs to true for create gitlfs repository
nexus_config_gitlfs: true
nexus_repos_gitlfs_hosted:
- name: gitlfs-hosted
roles:
- { role: geerlingguy.java }
# Debian/Ubuntu only
# - { role: geerlingguy.apache, apache_create_vhosts: no, apache_mods_enabled: ["proxy_http.load", "headers.load"], apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
# RedHat/CentOS only
- { role: geerlingguy.apache, apache_create_vhosts: no, apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
- { role: ansible-thoteam.nexus3-oss, tags: ['ansible-thoteam.nexus3-oss'] }Picha za skrini:
Majukumu yanayobadilika
Vigezo vya Wajibu
Vigezo vilivyo na maadili chaguo-msingi (tazama default/main.yml):
Vigezo vya jumla
nexus_version: ''
nexus_timezone: 'UTC'Kwa chaguomsingi, jukumu litasakinisha toleo jipya zaidi linalopatikana la Nexus. Unaweza kurekebisha toleo kwa kubadilisha tofauti nexus_version. Tazama matoleo yanayopatikana kwa .
Ukibadilisha hadi toleo jipya zaidi, jukumu litajaribu kusasisha usakinishaji wako wa Nexus.
Ikiwa unatumia toleo la zamani la Nexus kuliko la hivi punde zaidi, unapaswa kuhakikisha kuwa hutumii vipengele ambavyo havipatikani kwenye toleo lililosakinishwa (kwa mfano, kupangisha hazina za yum kunapatikana kwa nexus kubwa kuliko 3.8.0, git lfs repo kwa uhusiano mkubwa kuliko 3.3.0 n.k.)
nexus timezone ni jina la eneo la saa la Java, ambalo linaweza kuwa muhimu pamoja na misemo ifuatayo ya cron kwa kazi zilizopangwa.
Mlango wa Nexus na njia ya muktadha
nexus_default_port: 8081
nexus_default_context_path: '/'Njia ya bandari na muktadha wa mchakato wa muunganisho wa Java. nexus_default_context_path lazima iwe na kufyeka mbele inapowekwa, kwa mfano: nexus_default_context_path: '/nexus/'.
Mtumiaji na Kikundi cha Nexus OS
nexus_os_group: 'nexus'
nexus_os_user: 'nexus'Mtumiaji na kikundi kinachotumiwa kumiliki faili za Nexus na kuendesha huduma kitaundwa na jukumu ikiwa moja haipo.
nexus_os_user_home_dir: '/home/nexus'Ruhusu kubadilisha saraka chaguo-msingi ya nyumbani kwa mtumiaji wa nexus
Saraka za mifano ya Nexus
nexus_installation_dir: '/opt'
nexus_data_dir: '/var/nexus'
nexus_tmp_dir: "{{ (ansible_os_family == 'RedHat') | ternary('/var/nexus-tmp', '/tmp/nexus') }}"Katalogi za Nexus.
nexus_installation_dirina faili zinazoweza kutekelezwa zilizosakinishwanexus_data_dirina usanidi wote, hazina na vizalia vya programu vilivyopakuliwa. Njia maalum za duka la blobsnexus_data_dirinaweza kubinafsishwa, tazama hapa chininexus_blobstores.nexus_tmp_dirina faili zote za muda. Njia chaguomsingi ya redhat imehamishwa kutoka/tmpili kuondokana na matatizo yanayowezekana na taratibu za kusafisha moja kwa moja. Angalia #168.
Inasanidi Matumizi ya Kumbukumbu ya Nexus JVM
nexus_min_heap_size: "1200M"
nexus_max_heap_size: "{{ nexus_min_heap_size }}"
nexus_max_direct_memory: "2G"Hii ndiyo mipangilio chaguomsingi ya Nexus. Tafadhali usibadilishe maadili haya Ikiwa haujasoma na hawaelewi wanachofanya.
Kama onyo la pili, hapa kuna nukuu kutoka kwa hati hapo juu:
Haipendekezi kuongeza kumbukumbu ya lundo la JVM zaidi ya maadili yaliyopendekezwa ili kujaribu kuboresha utendaji. Hii inaweza kweli kuwa na athari kinyume, na kusababisha kazi isiyo ya lazima kwa mfumo wa uendeshaji.
Nenosiri la msimamizi
nexus_admin_password: 'changeme'Nenosiri la akaunti ya "msimamizi" kwa ajili ya kusanidi. Hii inafanya kazi tu kwenye usakinishaji chaguo-msingi wa kwanza. Tafadhali angalia [Badilisha nenosiri la msimamizi baada ya usakinishaji wa kwanza](# badilisha-admin-nenosiri-baada-ya-kwanza-kusakinisha) ikiwa ungependa kulibadilisha baadaye kwa kutumia jukumu.
Inapendekezwa sana usihifadhi nenosiri lako katika maandishi wazi katika kitabu cha kucheza, lakini utumie [usible-vault encryption] () (ama inline au katika faili tofauti iliyopakiwa kwa mfano include_vars)
Ufikiaji bila jina kwa chaguomsingi
nexus_anonymous_access: falseUfikiaji usiojulikana umezimwa kwa chaguomsingi. Soma zaidi kuhusu .
Jina la mwenyeji wa umma
nexus_public_hostname: 'nexus.vm'
nexus_public_scheme: httpsJina la kikoa na mpango uliohitimu kikamilifu (https au http) ambapo mfano wa Nexus utapatikana kwa wateja wake.
Ufikiaji wa API wa jukumu hili
nexus_api_hostname: localhost
nexus_api_scheme: http
nexus_api_validate_certs: "{{ nexus_api_scheme == 'https' }}"
nexus_api_context_path: "{{ nexus_default_context_path }}"
nexus_api_port: "{{ nexus_default_port }}"Vigezo hivi hudhibiti jinsi jukumu linavyounganishwa na API ya Nexus kwa utoaji.
Kwa watumiaji wa hali ya juu pekee. Labda hutaki kubadilisha mipangilio hii chaguomsingi
Kuweka seva mbadala ya nyuma
httpd_setup_enable: false
httpd_server_name: "{{ nexus_public_hostname }}"
httpd_default_admin_email: "[email protected]"
httpd_ssl_certificate_file: 'files/nexus.vm.crt'
httpd_ssl_certificate_key_file: 'files/nexus.vm.key'
# httpd_ssl_certificate_chain_file: "{{ httpd_ssl_certificate_file }}"
httpd_copy_ssl_files: trueWeka .
Ili kufanya hivyo unahitaji kusakinisha httpd. Kumbuka: lini kwa httpd_setup_enable kuweka thamanitrue, anwani za uhusiano 127.0.0.1:8081, kwa hivyo hakuna kufikiwa moja kwa moja kupitia HTTP port 8081 kutoka kwa anwani ya IP ya nje.
Jina la mpangishaji chaguo-msingi linalotumika ni nexus_public_hostname. Ikiwa unahitaji majina tofauti kwa sababu fulani, unaweza kuweka httpd_server_name yenye maana tofauti.
Π‘ httpd_copy_ssl_files: true (kwa chaguo-msingi) vyeti vilivyo hapo juu vinapaswa kuwepo katika saraka ya kitabu chako cha kucheza na vitanakiliwa kwa seva na kusanidiwa katika apache.
Ikiwa unataka kutumia vyeti vilivyopo kwenye seva, sakinisha httpd_copy_ssl_files: false na kutoa vigezo vifuatavyo:
# These specifies to the vhost where to find on the remote server file
# system the certificate files.
httpd_ssl_cert_file_location: "/etc/pki/tls/certs/wildcard.vm.crt"
httpd_ssl_cert_key_location: "/etc/pki/tls/private/wildcard.vm.key"
# httpd_ssl_cert_chain_file_location: "{{ httpd_ssl_cert_file_location }}"httpd_ssl_cert_chain_file_location ni ya hiari na inapaswa kuachwa bila kuwekwa ikiwa hutaki kubinafsisha faili ya mnyororo
httpd_default_admin_email: "[email protected]"Weka anwani ya barua pepe ya msimamizi chaguomsingi
Usanidi wa LDAP
Miunganisho ya LDAP na eneo la usalama huzimwa kwa chaguo-msingi
nexus_ldap_realm: false
ldap_connections: [], kila kipengele kinaonekana kama hii:
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'My Company LDAP' # used as a key to update the ldap config
ldap_protocol: 'ldaps' # ldap or ldaps
ldap_hostname: 'ldap.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false # Wether or not to use certs in the nexus trust store
ldap_search_base: 'dc=mycompany,dc=net'
ldap_auth: 'none' # or simple
ldap_auth_username: 'username' # if auth = simple
ldap_auth_password: 'password' # if auth = simple
ldap_user_base_dn: 'ou=users'
ldap_user_filter: '(cn=*)' # (optional)
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_subtree: false
ldap_map_groups_as_roles: false
ldap_group_base_dn: 'ou=groups'
ldap_group_object_class: 'posixGroup'
ldap_group_id_attribute: 'cn'
ldap_group_member_attribute: 'memberUid'
ldap_group_member_format: '${username}'
ldap_group_subtree: falseMfano usanidi wa LDAP kwa uthibitishaji usiojulikana (kumfunga bila kujulikana), huu pia ni usanidi "ndogo":
nexus_ldap_realm: true
ldap_connection:
- ldap_name: 'Simplest LDAP config'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_search_base: 'dc=mycompany,dc=net'
ldap_port: 636
ldap_use_trust_store: false
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_object_class: 'inetOrgPerson'Mfano usanidi wa LDAP kwa uthibitishaji rahisi (kwa kutumia akaunti ya DSA):
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_subtree: falseMfano usanidi wa LDAP kwa uthibitishaji rahisi (kwa kutumia akaunti ya DSA) + vikundi vilivyopangwa kama majukumu:
nexus_ldap_realm: true
ldap_connections
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_map_groups_as_roles: true
ldap_group_base_dn: 'ou=groups'
ldap_group_object_class: 'groupOfNames'
ldap_group_id_attribute: 'cn'
ldap_group_member_attribute: 'member'
ldap_group_member_format: 'uid=${username},ou=users,dc=mycompany,dc=net'
ldap_group_subtree: falseMfano usanidi wa LDAP kwa uthibitishaji rahisi (kwa kutumia akaunti ya DSA) + vikundi vilivyopangwa kama majukumu:
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_map_groups_as_roles: true
ldap_map_groups_as_roles_type: 'dynamic'
ldap_user_memberof_attribute: 'memberOf'Upendeleo
nexus_privileges:
- name: all-repos-read # used as key to update a privilege
# type: <one of application, repository-admin, repository-content-selector, repository-view, script or wildcard>
description: 'Read & Browse access to all repos'
repository: '*'
actions: # can be add, browse, create, delete, edit, read or * (all)
- read
- browse
# pattern: pattern
# domain: domain
# script_name: nameOrodha ya kwa mipangilio. Angalia hati na GUI ili kuangalia ni vigeu gani vinahitaji kuwekwa kulingana na aina ya upendeleo.
Vipengee hivi vimeunganishwa na maadili chaguomsingi yafuatayo:
_nexus_privilege_defaults:
type: repository-view
format: maven2
actions:
- readMajukumu (ndani ya Nexus hii inamaanisha)
nexus_roles:
- id: Developpers # can map to a LDAP group id, also used as a key to update a role
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
roles: [] # references to other role namesOrodha ya kwa mipangilio.
Watumiaji
nexus_local_users: []
# - username: jenkins # used as key to update
# state: present # default value if ommited, use 'absent' to remove user
# first_name: Jenkins
# last_name: CI
# email: [email protected]
# password: "s3cr3t"
# roles:
# - developers # role IDOrodha ya akaunti za ndani (zisizo za LDAP) za kuunda kwenye uhusiano.
Orodha ya watumiaji/akaunti za ndani (zisizo za LDAP) za kuunda katika Nexus.
nexus_ldap_users: []
# - username: j.doe
# state: present
# roles:
# - "nx-admin"Ramani ya Ldap ya watumiaji/majukumu. Jimbo absent itaondoa majukumu kutoka kwa mtumiaji aliyepo ikiwa tayari ipo.
Watumiaji wa Ldap hawajafutwa. Kujaribu kuweka jukumu kwa mtumiaji ambaye hayupo kutasababisha hitilafu.
Viteuzi vya yaliyomo
nexus_content_selectors:
- name: docker-login
description: Selector for docker login privilege
search_expression: format=="docker" and path=~"/v2/"Kwa maelezo zaidi kuhusu kiteuzi cha maudhui, ona .
Ili kutumia kiteuzi cha maudhui, ongeza upendeleo mpya na type: repository-content-selector na husikacontentSelector
- name: docker-login-privilege
type: repository-content-selector
contentSelector: docker-login
description: 'Login to Docker registry'
repository: '*'
actions:
- read
- browseBlobstores na hazina
nexus_delete_default_repos: falseFuta hazina kutoka kwa usanidi wa awali wa kusakinisha uhusiano. Hatua hii inatekelezwa tu kwenye usakinishaji wa mara ya kwanza (wakati nexus_data_dir imegunduliwa tupu).
Inaondoa hazina kutoka kwa usanidi chaguo-msingi wa Nexus. Hatua hii inafanywa tu wakati wa usakinishaji wa kwanza (wakati nexus_data_dir tupu).
nexus_delete_default_blobstore: falseFuta blobsstore chaguo-msingi kutoka kwa usanidi chaguo-msingi wa nexus. Hii inaweza kufanyika tu ikiwa nexus_delete_default_repos: true na hazina zote zilizosanidiwa (tazama hapa chini) zina wazi blob_store: custom. Hatua hii inatekelezwa tu kwenye usakinishaji wa mara ya kwanza (wakati nexus_data_dir imegunduliwa tupu).
Kuondoa hifadhi ya blob (vizalia vya awali vya binary) kumezimwa kwa chaguo-msingi kutoka kwa usanidi wa awali. Ili kuondoa hifadhi ya blob (vizalia vya awali vya binary), zima nexus_delete_default_repos: true. Hatua hii inafanywa tu wakati wa usakinishaji wa kwanza (wakati nexus_data_dir tupu).
nexus_blobstores: []
# example blobstore item :
# - name: separate-storage
# type: file
# path: /mnt/custom/path
# - name: s3-blobstore
# type: S3
# config:
# bucket: s3-blobstore
# accessKeyId: "{{ VAULT_ENCRYPTED_KEY_ID }}"
# secretAccessKey: "{{ VAULT_ENCRYPTED_ACCESS_KEY }}"kuunda. Njia ya blobstore na hazina ya blobstore haiwezi kusasishwa baada ya uundaji wa awali (sasisho lolote hapa litapuuzwa wakati wa kutoa upya).
Kusanidi blobstore kwenye S3 kunatolewa kama urahisi na si sehemu ya majaribio ya kiotomatiki tunayofanya kwenye travis. Tafadhali kumbuka kuwa kuhifadhi kwenye S3 kunapendekezwa tu kwa matukio yaliyowekwa kwenye AWS.
Uumbaji . Njia ya hifadhi na hazina ya hifadhi haiwezi kusasishwa baada ya uundaji wa awali (sasisho lolote hapa litapuuzwa litakaposakinishwa tena).
Kuweka hifadhi ya blob kwenye S3 imetolewa kama urahisi. Tafadhali kumbuka kuwa hifadhi ya S3 inapendekezwa tu kwa matukio yaliyowekwa kwenye AWS.
nexus_repos_maven_proxy:
- name: central
remote_url: 'https://repo1.maven.org/maven2/'
layout_policy: permissive
# maximum_component_age: -1
# maximum_metadata_age: 1440
# negative_cache_enabled: true
# negative_cache_ttl: 1440
- name: jboss
remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
# maximum_component_age: -1
# maximum_metadata_age: 1440
# negative_cache_enabled: true
# negative_cache_ttl: 1440
# example with a login/password :
# - name: secret-remote-repo
# remote_url: 'https://company.com/repo/secure/private/go/away'
# remote_username: 'username'
# remote_password: 'secret'
# # maximum_component_age: -1
# # maximum_metadata_age: 1440
# # negative_cache_enabled: true
# # negative_cache_ttl: 1440Hapo juu ni usanidi wa mfano Maven.
nexus_repos_maven_hosted:
- name: private-release
version_policy: release
write_policy: allow_once # one of "allow", "allow_once" or "deny"Maven usanidi. Mipangilio hasi ya akiba ni ya hiari na itakuwa chaguomsingi kwa maadili yaliyo hapo juu ikiwa yataachwa.
Usanidi Maven. Usanidi hasi wa akiba (-1) ni wa hiari na utabadilika kwa maadili yaliyo hapo juu ikiwa haijabainishwa.
nexus_repos_maven_group:
- name: public
member_repos:
- central
- jbossUsanidi Maven.
Aina zote tatu za hazina zimeunganishwa na maadili chaguomsingi yafuatayo:
_nexus_repos_maven_defaults:
blob_store: default # Note : cannot be updated once the repo has been created
strict_content_validation: true
version_policy: release # release, snapshot or mixed
layout_policy: strict # strict or permissive
write_policy: allow_once # one of "allow", "allow_once" or "deny"
maximum_component_age: -1 # Nexus gui default. For proxies only
maximum_metadata_age: 1440 # Nexus gui default. For proxies only
negative_cache_enabled: true # Nexus gui default. For proxies only
negative_cache_ttl: 1440 # Nexus gui default. For proxies onlyDocker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFS na aina za hazina za yum:
kuona defaults/main.yml kwa chaguzi hizi:
Docker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFS na hazina za yum zimezimwa kwa chaguo-msingi:
Kuona defaults/main.yml kwa chaguzi hizi:
nexus_config_pypi: false
nexus_config_docker: false
nexus_config_raw: false
nexus_config_rubygems: false
nexus_config_bower: false
nexus_config_npm: false
nexus_config_gitlfs: false
nexus_config_yum: falseTafadhali kumbuka kuwa unaweza kuhitaji kuwezesha wigo fulani wa usalama ikiwa unataka kutumia aina zingine za hazina isipokuwa maven. Hii ni uongo kwa chaguo-msingi
nexus_nuget_api_key_realm: false
nexus_npm_bearer_token_realm: false
nexus_docker_bearer_token_realm: false # required for docker anonymous accessUfalme wa Mtumiaji wa Mbali unaweza pia kuwezeshwa kwa kutumia
nexus_rut_auth_realm: truena kichwa kinaweza kubinafsishwa kwa kufafanua
nexus_rut_auth_header: "CUSTOM_HEADER"Kazi zilizopangwa
nexus_scheduled_tasks: []
# # Example task to compact blobstore :
# - name: compact-docker-blobstore
# cron: '0 0 22 * * ?'
# typeId: blobstore.compact
# task_alert_email: [email protected] # optional
# taskProperties:
# blobstoreName: {{ nexus_blob_names.docker.blob }} # all task attributes are stored as strings by nexus internally
# # Example task to purge maven snapshots
# - name: Purge-maven-snapshots
# cron: '0 50 23 * * ?'
# typeId: repository.maven.remove-snapshots
# task_alert_email: [email protected] # optional
# taskProperties:
# repositoryName: "*" # * for all repos. Change to a repository name if you only want a specific one
# minimumRetained: "2"
# snapshotRetentionDays: "2"
# gracePeriodInDays: "2"
# booleanTaskProperties:
# removeIfReleased: true
# # Example task to purge unused docker manifest and images
# - name: Purge unused docker manifests and images
# cron: '0 55 23 * * ?'
# typeId: "repository.docker.gc"
# task_alert_email: [email protected] # optional
# taskProperties:
# repositoryName: "*" # * for all repos. Change to a repository name if you only want a specific one
# # Example task to purge incomplete docker uploads
# - name: Purge incomplete docker uploads
# cron: '0 0 0 * * ?'
# typeId: "repository.docker.upload-purge"
# task_alert_email: [email protected] # optional
# taskProperties:
# age: "24" kwa mipangilio. typeId na kazi maalumtaskProperties/booleanTaskProperties unaweza kukisia ama:
- kutoka kwa safu ya aina ya Java
org.sonatype.nexus.scheduling.TaskDescriptorSupport - kuangalia fomu ya kuunda kazi ya HTML kwenye kivinjari chako
- kutoka kwa kutazama maombi ya AJAX kwenye kivinjari wakati wa kusanidi kazi mwenyewe.
Sifa za kazi lazima zitangazwe katika kizuizi sahihi cha yaml kulingana na aina yao:
taskPropertieskwa sifa zote za kamba (yaani majina ya hazina, majina ya hazina, vipindi vya muda...).booleanTaskPropertieskwa sifa zote za kimantiki (yaani hasa visanduku vya kuteua kwenye GUI ya kazi ya kuunda nexus).
Hifadhi rudufu
nexus_backup_configure: false
nexus_backup_cron: '0 0 21 * * ?' # See cron expressions definition in nexus create task gui
nexus_backup_dir: '/var/nexus-backup'
nexus_restore_log: '{{ nexus_backup_dir }}/nexus-restore.log'
nexus_backup_rotate: false
nexus_backup_rotate_first: false
nexus_backup_keep_rotations: 4 # Keep 4 backup rotation by default (current + last 3)Hifadhi rudufu haitawekwa hadi ubadilishe nexus_backup_configure Π² true.
Katika hali hii, kazi ya hati iliyoratibiwa itasanidiwa ili kuendeshwa kwenye Nexus
kwa muda ulioainishwa katika nexus_backup_cron (chaguo-msingi 21:00 kila siku).
Tazama [kiolezo cha groovy kwa kazi hii](templates/backup.groovy.j2) kwa maelezo.
Kazi hii iliyoratibiwa haitegemei wengine nexus_scheduled_tasksambayo wewe
tangaza katika kitabu chako cha kucheza.
Ikiwa unataka kuzungusha/kufuta nakala rudufu, sakinisha nexus_backup_rotate: true na usanidi idadi ya chelezo ungependa kuhifadhi ukitumia nexus_backup_keep_rotations (chaguo-msingi 4).
Unapotumia mzunguko, ikiwa unataka kuhifadhi nafasi ya ziada ya diski wakati wa mchakato wa kuhifadhi nakala rudufu,
Unaweza kusakinisha nexus_backup_rotate_first: true. Hii itasanidi mzunguko wa awali/ufutaji kabla ya kuhifadhi nakala. Kwa chaguo-msingi, mzunguko hutokea baada ya kuunda nakala rudufu. Tafadhali kumbuka kuwa katika kesi hii chelezo za zamani
itafutwa kabla ya kuhifadhi nakala ya sasa kufanywa.
Utaratibu wa kurejesha
Endesha kitabu cha kucheza na kigezo -e nexus_restore_point=<YYYY-MM-dd-HH-mm-ss>
(kwa mfano, 2017-12-17-21-00-00 kwa Desemba 17, 2017 saa 21:00
Inaondoa uhusiano
Onyo: Hii itafuta kabisa data yako ya sasa. Hakikisha kufanya nakala rudufu mapema ikiwa ni lazima
Tumia kibadilishaji nexus_purgeikiwa unahitaji kuanzisha upya kutoka mwanzo na kusakinisha tena mfano wa uhusiano na data yote kuondolewa.
ansible-playbook -i your/inventory.ini your_nexus_playbook.yml -e nexus_purge=trueBadilisha nenosiri la msimamizi baada ya usakinishaji wa kwanza
nexus_default_admin_password: 'admin123'Hii haipaswi kubadilishwa katika kitabu chako cha kucheza. Tofauti hii imejaa nenosiri chaguo-msingi la msimamizi wa Nexus linaposakinishwa kwa mara ya kwanza na huhakikisha kwamba tunaweza kubadilisha nenosiri la msimamizi nexus_admin_password.
Ikiwa unataka kubadilisha nenosiri la msimamizi baada ya usakinishaji wa kwanza, unaweza kuibadilisha kwa muda kwa nenosiri la zamani kutoka kwa mstari wa amri. Baada ya mabadiliko nexus_admin_password katika kitabu chako cha kucheza unaweza kukimbia:
ansible-playbook -i your/inventory.ini your_playbook.yml -e nexus_default_admin_password=oldPasswordKituo cha Telegramu kwenye Nexus Sonatype:
Watumiaji waliojiandikisha pekee ndio wanaweza kushiriki katika utafiti. tafadhali.
Je, unatumia hazina gani za vizalia vya programu?
-
Sonatype Nexus ni bure
-
Sonatype Nexus imelipwa
-
Artifactory ni bure
-
Malipo ya bandia yamelipwa
-
Bandari
-
Pulp
Watumiaji 9 walipiga kura. Watumiaji 3 walijizuia.
Chanzo: mapenzi.com