Nesusi Sonatype jẹ ipilẹ ti a ṣepọ nipasẹ eyiti awọn olupilẹṣẹ le ṣe aṣoju, tọju ati ṣakoso awọn igbẹkẹle Java (Maven), Docker, Python, Ruby, NPM, awọn aworan Bower, awọn idii RPM, gitlfs, Apt, Go, Nuget, ati pinpin aabo sọfitiwia wọn.
Kini idi ti o nilo Sonatype Nesusi?
- Fun titoju ikọkọ onisebaye;
- Fun caching artifacts ti o ti wa ni gbaa lati ayelujara lati ayelujara;
Awọn ohun-ọṣọ ti o ṣe atilẹyin ni ipilẹ Sonatype Nesusi package:
- Java, Maven (ipọn)
- Docker
- Python (pip)
- Ruby (olowoiyebiye)
- NPM
- Bowers
- Yum (rpm)
- gitlfs
- aise
- Apt (gbese)
- Go
- Nuget
Awọn Ohun-iṣe Atilẹyin Agbegbe:
- olupilẹṣẹ
- Conan
- CPAN
- ELPA
- Iranlọwọ
- P2
- R
Fifi Sonatype Nesusi lilo
awọn ibeere
- Ka nipa lilo agbara lori Intanẹẹti.
- Fi sori ẹrọ ni anfani
pip install ansiblelori ibi iṣẹ ti iwe-iṣere nṣiṣẹ. - Fi sori ẹrọ lori ibi iṣẹ ti iwe-iṣere nṣiṣẹ.
- Fi sori ẹrọ lori ibi iṣẹ ti iwe-iṣere nṣiṣẹ.
- Ipa yii ti ni idanwo lori CentOS 7, Ubuntu Xenial (16.04) ati Bionic (18.04), Debian Jessie ati Stretch
jmespathIle-ikawe gbọdọ wa ni fi sori ẹrọ lori ibi iṣẹ ti iwe-iṣere nṣiṣẹ. Lati fi sori ẹrọ:sudo pip install -r requirements.txt- Fi faili playbook pamọ (apẹẹrẹ ni isalẹ) si faili nexus.yml
- Ṣiṣe fifi sori ẹrọ nexus
ansible-playbook -i host nexus.yml
Apẹẹrẹ iwe-iṣere ti o ṣeeṣe fun fifi nexus laisi LDAP pẹlu Maven (java), Docker, Python, Ruby, NPM, Bower, RPM ati awọn ibi ipamọ gitlfs.
---
- name: Nexus
hosts: nexus
become: yes
vars:
nexus_timezone: 'Asia/Omsk'
nexus_admin_password: "admin123"
nexus_public_hostname: 'apatsev-nexus-playbook'
httpd_setup_enable: false
nexus_privileges:
- name: all-repos-read
description: 'Read & Browse access to all repos'
repository: '*'
actions:
- read
- browse
- name: company-project-deploy
description: 'Deployments to company-project'
repository: company-project
actions:
- add
- edit
nexus_roles:
- id: Developpers # maps to the LDAP group
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
- company-project-deploy
roles: []
nexus_local_users:
- username: jenkins # used as key to update
first_name: Jenkins
last_name: CI
email: [email protected]
password: "s3cr3t"
roles:
- Developpers # role ID here
nexus_blobstores:
- name: company-artifacts
path: /var/nexus/blobs/company-artifacts
nexus_scheduled_tasks:
- name: compact-blobstore
cron: '0 0 22 * * ?'
typeId: blobstore.compact
taskProperties:
blobstoreName: 'company-artifacts'
nexus_repos_maven_proxy:
- name: central
remote_url: 'https://repo1.maven.org/maven2/'
layout_policy: permissive
- name: jboss
remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
- name: vaadin-addons
remote_url: 'https://maven.vaadin.com/vaadin-addons/'
- name: jaspersoft
remote_url: 'https://jaspersoft.artifactoryonline.com/jaspersoft/jaspersoft-repo/'
version_policy: mixed
nexus_repos_maven_hosted:
- name: company-project
version_policy: mixed
write_policy: allow
blob_store: company-artifacts
nexus_repos_maven_group:
- name: public
member_repos:
- central
- jboss
- vaadin-addons
- jaspersoft
# Yum. Change nexus_config_yum to true for create yum repository
nexus_config_yum: true
nexus_repos_yum_hosted:
- name: private_yum_centos_7
repodata_depth: 1
nexus_repos_yum_proxy:
- name: epel_centos_7_x86_64
remote_url: http://download.fedoraproject.org/pub/epel/7/x86_64
maximum_component_age: -1
maximum_metadata_age: -1
negative_cache_ttl: 60
- name: centos-7-os-x86_64
remote_url: http://mirror.centos.org/centos/7/os/x86_64/
maximum_component_age: -1
maximum_metadata_age: -1
negative_cache_ttl: 60
nexus_repos_yum_group:
- name: yum_all
member_repos:
- private_yum_centos_7
- epel_centos_7_x86_64
# NPM. Change nexus_config_npm to true for create npm repository
nexus_config_npm: true
nexus_repos_npm_hosted: []
nexus_repos_npm_group:
- name: npm-public
member_repos:
- npm-registry
nexus_repos_npm_proxy:
- name: npm-registry
remote_url: https://registry.npmjs.org/
negative_cache_enabled: false
# Docker. Change nexus_config_docker to true for create docker repository
nexus_config_docker: true
nexus_repos_docker_hosted:
- name: docker-hosted
http_port: "{{ nexus_docker_hosted_port }}"
v1_enabled: True
nexus_repos_docker_proxy:
- name: docker-proxy
http_port: "{{ nexus_docker_proxy_port }}"
v1_enabled: True
index_type: "HUB"
remote_url: "https://registry-1.docker.io"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_docker_group:
- name: docker-group
http_port: "{{ nexus_docker_group_port }}"
v1_enabled: True
member_repos:
- docker-hosted
- docker-proxy
# Bower. Change nexus_config_bower to true for create bower repository
nexus_config_bower: true
nexus_repos_bower_hosted:
- name: bower-hosted
nexus_repos_bower_proxy:
- name: bower-proxy
index_type: "proxy"
remote_url: "https://registry.bower.io"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_bower_group:
- name: bower-group
member_repos:
- bower-hosted
- bower-proxy
# Pypi. Change nexus_config_pypi to true for create pypi repository
nexus_config_pypi: true
nexus_repos_pypi_hosted:
- name: pypi-hosted
nexus_repos_pypi_proxy:
- name: pypi-proxy
index_type: "proxy"
remote_url: "https://pypi.org/"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_pypi_group:
- name: pypi-group
member_repos:
- pypi-hosted
- pypi-proxy
# rubygems. Change nexus_config_rubygems to true for create rubygems repository
nexus_config_rubygems: true
nexus_repos_rubygems_hosted:
- name: rubygems-hosted
nexus_repos_rubygems_proxy:
- name: rubygems-proxy
index_type: "proxy"
remote_url: "https://rubygems.org"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_rubygems_group:
- name: rubygems-group
member_repos:
- rubygems-hosted
- rubygems-proxy
# gitlfs. Change nexus_config_gitlfs to true for create gitlfs repository
nexus_config_gitlfs: true
nexus_repos_gitlfs_hosted:
- name: gitlfs-hosted
roles:
- { role: geerlingguy.java }
# Debian/Ubuntu only
# - { role: geerlingguy.apache, apache_create_vhosts: no, apache_mods_enabled: ["proxy_http.load", "headers.load"], apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
# RedHat/CentOS only
- { role: geerlingguy.apache, apache_create_vhosts: no, apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
- { role: ansible-thoteam.nexus3-oss, tags: ['ansible-thoteam.nexus3-oss'] }Awọn sikirinisoti:
Awọn ipa iyipada
Awọn iyipada ipa
Awọn oniyipada pẹlu awọn iye aiyipada (wo default/main.yml):
Gbogbogbo oniyipada
nexus_version: ''
nexus_timezone: 'UTC'Nipa aiyipada, ipa naa yoo fi ẹya tuntun ti Nesusi ti o wa. O le ṣatunṣe ẹya nipa yiyipada oniyipada nexus_version. Wo awọn ẹya ti o wa ni .
Ti o ba yipada si ẹya tuntun, ipa naa yoo gbiyanju lati ṣe imudojuiwọn fifi sori Nesusi rẹ.
Ti o ba nlo ẹya agbalagba ti Nesusi ju tuntun lọ, o yẹ ki o rii daju pe o ko lo awọn ẹya ti ko si ninu idasilẹ ti a fi sii (fun apẹẹrẹ, awọn ibi ipamọ yum alejo gbigba wa fun nexus ti o tobi ju 3.8.0, git lfs repo). fun nexus ti o tobi ju 3.3.0 ati bẹbẹ lọ)
nexus timezone ni orukọ agbegbe aago Java, eyiti o le wulo ni apapo pẹlu awọn ikosile cron wọnyi fun awọn iṣẹ ṣiṣe ti nexus_scheduled.
Nesusi ibudo ati o tọ ona
nexus_default_port: 8081
nexus_default_context_path: '/'Ibudo ati ọna ipo ti ilana asopọ Java. nexus_default_context_path gbọdọ ni idinku siwaju nigbati o ba ṣeto, fun apẹẹrẹ: nexus_default_context_path: '/nexus/'.
Olumulo Nesusi OS ati Ẹgbẹ
nexus_os_group: 'nexus'
nexus_os_user: 'nexus'Olumulo ati ẹgbẹ ti a lo lati ni awọn faili Nesusi ati ṣiṣe iṣẹ naa yoo ṣẹda nipasẹ ipa ti ọkan ba nsọnu.
nexus_os_user_home_dir: '/home/nexus'Gba iyipada itọsọna ile aiyipada fun olumulo nexus
Awọn ilana apẹẹrẹ Nesusi
nexus_installation_dir: '/opt'
nexus_data_dir: '/var/nexus'
nexus_tmp_dir: "{{ (ansible_os_family == 'RedHat') | ternary('/var/nexus-tmp', '/tmp/nexus') }}"Nexus Catalogs.
nexus_installation_dirni ti fi sori ẹrọ executable awọn failinexus_data_dirni gbogbo iṣeto ni, awọn ibi ipamọ ati awọn ohun elo ti a ṣe igbasilẹ. Aṣa blobstore onanexus_data_dirle ti wa ni adani, wo isalẹnexus_blobstores.nexus_tmp_dirni gbogbo igba diẹ awọn faili. Awọn ọna aiyipada fun redhat ti a ti gbe lati/tmplati bori awọn iṣoro ti o pọju pẹlu awọn ilana mimọ laifọwọyi. Wo #168.
Tito leto Nesusi JVM Memory Lilo
nexus_min_heap_size: "1200M"
nexus_max_heap_size: "{{ nexus_min_heap_size }}"
nexus_max_direct_memory: "2G"Awọn wọnyi ni awọn eto aiyipada fun Nesusi. Jọwọ maṣe yi awọn iye wọnyi pada Ti o ko ba ti ka ati pe ko ye ohun ti wọn nṣe.
Gẹgẹbi ikilọ keji, eyi ni yiyan lati inu iwe-ipamọ loke:
Ko ṣe iṣeduro lati mu iranti okiti JVM pọ si ju awọn iye iṣeduro ni igbiyanju lati mu ilọsiwaju ṣiṣẹ. Eyi le ni ipa idakeji, ti o mu ki iṣẹ ti ko wulo fun ẹrọ ṣiṣe.
Ọrọigbaniwọle Alakoso
nexus_admin_password: 'changeme'Ọrọ igbaniwọle akọọlẹ “abojuto” fun iṣeto. Eyi nikan ṣiṣẹ lori fifi sori aiyipada akọkọ. Jọwọ wo [Yi ọrọ igbaniwọle abojuto pada lẹhin fifi sori akọkọ](# change-admin-password-after-first-install) ti o ba fẹ yi pada nigbamii nipa lilo ipa kan.
O gbaniyanju ni pataki lati maṣe fi ọrọ igbaniwọle rẹ pamọ sinu ọrọ ti o han gbangba ninu iwe-iṣere, ṣugbọn lati lo [encryption-vault]) (boya laini tabi ni faili ọtọtọ ti kojọpọ pẹlu apẹẹrẹ_inkludert)
Wiwọle ailorukọ nipasẹ aiyipada
nexus_anonymous_access: falseWiwọle ailorukọ jẹ alaabo nipasẹ aiyipada. Ka siwaju sii nipa .
Gbangba ogun orukọ
nexus_public_hostname: 'nexus.vm'
nexus_public_scheme: httpsOrukọ ìkápá ti o ni kikun ati ero (https tabi http) labẹ eyiti apẹẹrẹ Nesusi yoo wa fun awọn alabara rẹ.
Wiwọle API fun ipa yii
nexus_api_hostname: localhost
nexus_api_scheme: http
nexus_api_validate_certs: "{{ nexus_api_scheme == 'https' }}"
nexus_api_context_path: "{{ nexus_default_context_path }}"
nexus_api_port: "{{ nexus_default_port }}"Awọn oniyipada wọnyi ṣakoso bi ipa ṣe sopọ si Nesusi API fun ipese.
Fun awọn olumulo to ti ni ilọsiwaju nikan. Boya o ko fẹ yi awọn eto aiyipada wọnyi pada
Ṣiṣeto aṣoju yiyipada
httpd_setup_enable: false
httpd_server_name: "{{ nexus_public_hostname }}"
httpd_default_admin_email: "[email protected]"
httpd_ssl_certificate_file: 'files/nexus.vm.crt'
httpd_ssl_certificate_key_file: 'files/nexus.vm.key'
# httpd_ssl_certificate_chain_file: "{{ httpd_ssl_certificate_file }}"
httpd_copy_ssl_files: trueFi sori ẹrọ .
Lati ṣe eyi o nilo lati fi sori ẹrọ httpd. Akiyesi: nigbati fun httpd_setup_enable ṣeto iyetrue, awọn olubasọrọ nexus 127.0.0.1:8081, bayi kii ṣe ni wiwọle taara nipasẹ HTTP ibudo 8081 lati ita IP adirẹsi.
Orukọ ogun aiyipada ti a lo ni nexus_public_hostname. Ti o ba nilo awọn orukọ oriṣiriṣi fun idi kan, o le ṣeto httpd_server_name pẹlu kan yatọ si itumo.
С httpd_copy_ssl_files: true (nipasẹ aiyipada) awọn iwe-ẹri ti o wa loke yẹ ki o wa ninu itọsọna iwe-iṣere rẹ ati pe yoo daakọ si olupin naa ati tunto ni apache.
Ti o ba fẹ lo awọn iwe-ẹri ti o wa tẹlẹ lori olupin, fi sori ẹrọ httpd_copy_ssl_files: false ati pese awọn oniyipada wọnyi:
# These specifies to the vhost where to find on the remote server file
# system the certificate files.
httpd_ssl_cert_file_location: "/etc/pki/tls/certs/wildcard.vm.crt"
httpd_ssl_cert_key_location: "/etc/pki/tls/private/wildcard.vm.key"
# httpd_ssl_cert_chain_file_location: "{{ httpd_ssl_cert_file_location }}"httpd_ssl_cert_chain_file_location jẹ iyan ati pe o yẹ ki o wa ni aifọwọyi ti o ko ba fẹ ṣe akanṣe faili pq
httpd_default_admin_email: "[email protected]"Ṣeto adirẹsi imeeli abojuto aiyipada
Iṣeto LDAP
Awọn asopọ LDAP ati agbegbe aabo jẹ alaabo nipasẹ aiyipada
nexus_ldap_realm: false
ldap_connections: [], kọọkan eroja wulẹ bi yi:
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'My Company LDAP' # used as a key to update the ldap config
ldap_protocol: 'ldaps' # ldap or ldaps
ldap_hostname: 'ldap.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false # Wether or not to use certs in the nexus trust store
ldap_search_base: 'dc=mycompany,dc=net'
ldap_auth: 'none' # or simple
ldap_auth_username: 'username' # if auth = simple
ldap_auth_password: 'password' # if auth = simple
ldap_user_base_dn: 'ou=users'
ldap_user_filter: '(cn=*)' # (optional)
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_subtree: false
ldap_map_groups_as_roles: false
ldap_group_base_dn: 'ou=groups'
ldap_group_object_class: 'posixGroup'
ldap_group_id_attribute: 'cn'
ldap_group_member_attribute: 'memberUid'
ldap_group_member_format: '${username}'
ldap_group_subtree: falseIṣeto LDAP apẹẹrẹ fun ìfàṣẹsí alailorukọ (abuda alailorukọ), eyi tun jẹ iṣeto “kere” kan:
nexus_ldap_realm: true
ldap_connection:
- ldap_name: 'Simplest LDAP config'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_search_base: 'dc=mycompany,dc=net'
ldap_port: 636
ldap_use_trust_store: false
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_object_class: 'inetOrgPerson'Apeere iṣeto LDAP fun ijẹrisi ti o rọrun (lilo akọọlẹ DSA):
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_subtree: falseApeere iṣeto LDAP fun ijẹrisi ti o rọrun (lilo akọọlẹ DSA) + awọn ẹgbẹ ti a ya aworan bi awọn ipa:
nexus_ldap_realm: true
ldap_connections
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_map_groups_as_roles: true
ldap_group_base_dn: 'ou=groups'
ldap_group_object_class: 'groupOfNames'
ldap_group_id_attribute: 'cn'
ldap_group_member_attribute: 'member'
ldap_group_member_format: 'uid=${username},ou=users,dc=mycompany,dc=net'
ldap_group_subtree: falseApẹẹrẹ iṣeto LDAP fun ìfàṣẹsí ti o rọrun (lilo akọọlẹ DSA) + awọn ẹgbẹ ti a ya aworan ni agbara bi awọn ipa:
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_map_groups_as_roles: true
ldap_map_groups_as_roles_type: 'dynamic'
ldap_user_memberof_attribute: 'memberOf'Anfaani
nexus_privileges:
- name: all-repos-read # used as key to update a privilege
# type: <one of application, repository-admin, repository-content-selector, repository-view, script or wildcard>
description: 'Read & Browse access to all repos'
repository: '*'
actions: # can be add, browse, create, delete, edit, read or * (all)
- read
- browse
# pattern: pattern
# domain: domain
# script_name: nameakojọ fun awọn eto. Wo iwe ati GUI lati ṣayẹwo iru awọn oniyipada ti o nilo lati ṣeto da lori iru anfani naa.
Awọn eroja wọnyi ni idapo pẹlu awọn iye aiyipada wọnyi:
_nexus_privilege_defaults:
type: repository-view
format: maven2
actions:
- readAwọn ipa (ninu Nesusi eyi tumọ si)
nexus_roles:
- id: Developpers # can map to a LDAP group id, also used as a key to update a role
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
roles: [] # references to other role namesakojọ fun awọn eto.
users
nexus_local_users: []
# - username: jenkins # used as key to update
# state: present # default value if ommited, use 'absent' to remove user
# first_name: Jenkins
# last_name: CI
# email: [email protected]
# password: "s3cr3t"
# roles:
# - developers # role IDAwọn olumulo agbegbe (ti kii ṣe LDAP) / atokọ awọn akọọlẹ lati ṣẹda ni nexus.
Atokọ ti agbegbe (ti kii ṣe LDAP) awọn olumulo/awọn akọọlẹ lati ṣẹda ni Nesusi.
nexus_ldap_users: []
# - username: j.doe
# state: present
# roles:
# - "nx-admin"Ldap aworan agbaye ti awọn olumulo / ipa. Ìpínlẹ̀ absent yoo yọ awọn ipa kuro lati olumulo ti o wa tẹlẹ ti ọkan ba wa tẹlẹ.
Awọn olumulo Ldap ko ni paarẹ. Gbiyanju lati ṣeto ipa kan fun olumulo ti ko si tẹlẹ yoo ja si aṣiṣe kan.
Awọn oluyan akoonu
nexus_content_selectors:
- name: docker-login
description: Selector for docker login privilege
search_expression: format=="docker" and path=~"/v2/"Fun alaye diẹ ẹ sii nipa oluyan akoonu, wo .
Lati lo oluyan akoonu, ṣafikun anfani tuntun pẹlu type: repository-content-selector ati ti o yẹcontentSelector
- name: docker-login-privilege
type: repository-content-selector
contentSelector: docker-login
description: 'Login to Docker registry'
repository: '*'
actions:
- read
- browseBlobstores ati awọn ibi ipamọ
nexus_delete_default_repos: falsePa awọn ibi ipamọ kuro lati nexus fi sori ẹrọ iṣeto aiyipada akọkọ. Igbesẹ yii jẹ ṣiṣe nikan ni fifi sori akoko akọkọ (nigbawo nexus_data_dir ti ri ofo).
Yiyọ awọn ibi ipamọ kuro lati iṣeto aiyipada aiyipada fun Nesusi. Igbesẹ yii ni a ṣe nikan lakoko fifi sori ẹrọ akọkọ (nigbawo nexus_data_dir ofo).
nexus_delete_default_blobstore: falsePa blobstore aiyipada rẹ lati nexus fi sori ẹrọ iṣeto aiyipada akọkọ. Eyi le ṣee ṣe nikan ti o ba nexus_delete_default_repos: true ati gbogbo awọn tunto ibi ipamọ (wo isalẹ) ni ohun fojuhan blob_store: custom. Igbesẹ yii jẹ ṣiṣe nikan ni fifi sori akoko akọkọ (nigbawo nexus_data_dir ti ri ofo).
Yiyọ ibi ipamọ blob (awọn ohun-ọṣọ alakomeji) jẹ alaabo nipasẹ aiyipada lati iṣeto ni ibẹrẹ. Lati yọ ibi ipamọ blob kuro (awọn ohun elo alakomeji), paa nexus_delete_default_repos: true. Igbesẹ yii ni a ṣe nikan lakoko fifi sori ẹrọ akọkọ (nigbawo nexus_data_dir ofo).
nexus_blobstores: []
# example blobstore item :
# - name: separate-storage
# type: file
# path: /mnt/custom/path
# - name: s3-blobstore
# type: S3
# config:
# bucket: s3-blobstore
# accessKeyId: "{{ VAULT_ENCRYPTED_KEY_ID }}"
# secretAccessKey: "{{ VAULT_ENCRYPTED_ACCESS_KEY }}"lati ṣẹda. Ona blobstore ati ibi ipamọ blobstore ko le ṣe imudojuiwọn lẹhin ẹda akọkọ (imudojuiwọn eyikeyi nibi yoo jẹ kọbikita lori atunbere).
Tito leto blobstore on S3 ti pese bi a wewewe ati ki o jẹ ko apakan ti aládàáṣiṣẹ igbeyewo a run lori travis. Jọwọ ṣe akiyesi pe fifipamọ sori S3 nikan ni a ṣe iṣeduro fun awọn iṣẹlẹ ti a fi ranṣẹ lori AWS.
Iṣẹda . Ọna ibi ipamọ ati ibi ipamọ ko le ṣe imudojuiwọn lẹhin ẹda akọkọ (imudojuiwọn eyikeyi nibi yoo jẹ bikita nigbati o ba fi sii lẹẹkansi).
Ṣiṣeto ibi ipamọ blob lori S3 ti pese bi irọrun kan. Jọwọ ṣakiyesi pe ibi ipamọ S3 nikan ni a ṣeduro fun awọn iṣẹlẹ ti a fi ranṣẹ lori AWS.
nexus_repos_maven_proxy:
- name: central
remote_url: 'https://repo1.maven.org/maven2/'
layout_policy: permissive
# maximum_component_age: -1
# maximum_metadata_age: 1440
# negative_cache_enabled: true
# negative_cache_ttl: 1440
- name: jboss
remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
# maximum_component_age: -1
# maximum_metadata_age: 1440
# negative_cache_enabled: true
# negative_cache_ttl: 1440
# example with a login/password :
# - name: secret-remote-repo
# remote_url: 'https://company.com/repo/secure/private/go/away'
# remote_username: 'username'
# remote_password: 'secret'
# # maximum_component_age: -1
# # maximum_metadata_age: 1440
# # negative_cache_enabled: true
# # negative_cache_ttl: 1440Loke jẹ iṣeto ni apẹẹrẹ Maven.
nexus_repos_maven_hosted:
- name: private-release
version_policy: release
write_policy: allow_once # one of "allow", "allow_once" or "deny"maven iṣeto ni. Iṣeto kaṣe odi jẹ iyan ati pe yoo jẹ aiyipada si awọn iye ti o wa loke ti o ba yọkuro.
Iṣeto ni Maven. Iṣeto kaṣe odi (-1) jẹ iyan ati pe yoo jẹ aiyipada si awọn iye ti o wa loke ti ko ba pato.
nexus_repos_maven_group:
- name: public
member_repos:
- central
- jbossIṣeto ni Maven.
Gbogbo awọn oriṣi ibi ipamọ mẹta ni idapo pẹlu awọn iye aiyipada wọnyi:
_nexus_repos_maven_defaults:
blob_store: default # Note : cannot be updated once the repo has been created
strict_content_validation: true
version_policy: release # release, snapshot or mixed
layout_policy: strict # strict or permissive
write_policy: allow_once # one of "allow", "allow_once" or "deny"
maximum_component_age: -1 # Nexus gui default. For proxies only
maximum_metadata_age: 1440 # Nexus gui default. For proxies only
negative_cache_enabled: true # Nexus gui default. For proxies only
negative_cache_ttl: 1440 # Nexus gui default. For proxies onlyDocker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFS ati awọn iru ibi ipamọ yum:
wo defaults/main.yml fun awọn aṣayan wọnyi:
Docker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFS ati awọn ibi ipamọ yum jẹ alaabo nipasẹ aiyipada:
Wo defaults/main.yml fun awọn aṣayan wọnyi:
nexus_config_pypi: false
nexus_config_docker: false
nexus_config_raw: false
nexus_config_rubygems: false
nexus_config_bower: false
nexus_config_npm: false
nexus_config_gitlfs: false
nexus_config_yum: falseJọwọ ṣe akiyesi pe o le nilo lati mu awọn aaye aabo kan ṣiṣẹ ti o ba fẹ lo awọn iru ibi ipamọ miiran yatọ si maven. Eleyi jẹ eke nipa aiyipada
nexus_nuget_api_key_realm: false
nexus_npm_bearer_token_realm: false
nexus_docker_bearer_token_realm: false # required for docker anonymous accessIbugbe Olumulo Latọna jijin tun le mu ṣiṣẹ ni lilo
nexus_rut_auth_realm: trueati awọn akọle le ti wa ni adani nipa asọye
nexus_rut_auth_header: "CUSTOM_HEADER"Awọn iṣẹ ṣiṣe eto
nexus_scheduled_tasks: []
# # Example task to compact blobstore :
# - name: compact-docker-blobstore
# cron: '0 0 22 * * ?'
# typeId: blobstore.compact
# task_alert_email: [email protected] # optional
# taskProperties:
# blobstoreName: {{ nexus_blob_names.docker.blob }} # all task attributes are stored as strings by nexus internally
# # Example task to purge maven snapshots
# - name: Purge-maven-snapshots
# cron: '0 50 23 * * ?'
# typeId: repository.maven.remove-snapshots
# task_alert_email: [email protected] # optional
# taskProperties:
# repositoryName: "*" # * for all repos. Change to a repository name if you only want a specific one
# minimumRetained: "2"
# snapshotRetentionDays: "2"
# gracePeriodInDays: "2"
# booleanTaskProperties:
# removeIfReleased: true
# # Example task to purge unused docker manifest and images
# - name: Purge unused docker manifests and images
# cron: '0 55 23 * * ?'
# typeId: "repository.docker.gc"
# task_alert_email: [email protected] # optional
# taskProperties:
# repositoryName: "*" # * for all repos. Change to a repository name if you only want a specific one
# # Example task to purge incomplete docker uploads
# - name: Purge incomplete docker uploads
# cron: '0 0 0 * * ?'
# typeId: "repository.docker.upload-purge"
# task_alert_email: [email protected] # optional
# taskProperties:
# age: "24" fun awọn eto. typeId ati iṣẹ-ṣiṣe ni patotaskProperties/booleanTaskProperties o le gboju boya:
- lati Java iru logalomomoise
org.sonatype.nexus.scheduling.TaskDescriptorSupport - ṣayẹwo fọọmu ẹda iṣẹ-ṣiṣe HTML ninu ẹrọ aṣawakiri rẹ
- lati wiwo awọn ibeere AJAX ni ẹrọ aṣawakiri nigbati o ṣeto iṣẹ-ṣiṣe pẹlu ọwọ.
Awọn ohun-ini iṣẹ gbọdọ jẹ ikede ni bulọki yaml ti o tọ da lori iru wọn:
taskPropertiesfun gbogbo awọn ohun-ini okun (ie awọn orukọ ibi ipamọ, awọn orukọ ibi ipamọ, awọn akoko akoko…).booleanTaskPropertiesfun gbogbo mogbonwa-ini (ie o kun checkboxes ni GUI ti nexus iṣẹ-ṣiṣe ẹda).
Awọn afẹyinti
nexus_backup_configure: false
nexus_backup_cron: '0 0 21 * * ?' # See cron expressions definition in nexus create task gui
nexus_backup_dir: '/var/nexus-backup'
nexus_restore_log: '{{ nexus_backup_dir }}/nexus-restore.log'
nexus_backup_rotate: false
nexus_backup_rotate_first: false
nexus_backup_keep_rotations: 4 # Keep 4 backup rotation by default (current + last 3)Afẹyinti kii yoo tunto titi iwọ o fi yipada nexus_backup_configure в true.
Ni idi eyi, iṣẹ-ṣiṣe iwe afọwọkọ ti a ṣeto yoo wa ni tunto lati ṣiṣẹ lori Nesusi
ni aarin pato ninu nexus_backup_cron (aiyipada 21:00 gbogbo ọjọ).
Wo [groovy awoṣe fun yi iṣẹ-ṣiṣe] (awọn awoṣe/backup.groovy.j2) fun awọn alaye.
Iṣẹ ṣiṣe eto yii jẹ ominira ti awọn miiran nexus_scheduled_tasksti iwo
kede ninu rẹ playbook.
Ti o ba fẹ yiyi / paarẹ awọn afẹyinti, fi sori ẹrọ nexus_backup_rotate: true ati tunto nọmba awọn afẹyinti ti o fẹ lati fipamọ nipa lilo nexus_backup_keep_rotations (aiyipada 4).
Nigba lilo yiyi, ti o ba fẹ lati fi aaye disk afikun pamọ lakoko ilana afẹyinti,
O le fi sori ẹrọ nexus_backup_rotate_first: true. Eyi yoo tunto yiyi-tẹlẹ / piparẹ ṣaaju afẹyinti. Nipa aiyipada, iyipo waye lẹhin ti o ṣẹda afẹyinti. Jọwọ ṣe akiyesi pe ninu ọran yii awọn afẹyinti atijọ
yoo paarẹ ṣaaju ṣiṣe afẹyinti lọwọlọwọ.
Ilana imularada
Ṣiṣe iwe-iṣere pẹlu paramita -e nexus_restore_point=<YYYY-MM-dd-HH-mm-ss>
(fun apẹẹrẹ, 2017-12-17-21-00-00 fun December 17, 2017 ni 21:00
Yiyọ nexus
Ikilọ: Eyi yoo pa data rẹ lọwọlọwọ rẹ patapata. Rii daju lati ṣe afẹyinti tẹlẹ ti o ba jẹ dandan
Lo oniyipada kan nexus_purgeti o ba nilo lati tun bẹrẹ lati ibere ki o tun fi apẹẹrẹ nexus sori ẹrọ pẹlu gbogbo data kuro.
ansible-playbook -i your/inventory.ini your_nexus_playbook.yml -e nexus_purge=trueYi ọrọ igbaniwọle oluṣakoso pada lẹhin fifi sori akọkọ
nexus_default_admin_password: 'admin123'Eyi ko yẹ ki o yipada ninu iwe-iṣere rẹ. Oniyipada yii jẹ olugbe pẹlu ọrọ igbaniwọle abojuto Nesusi aiyipada nigbati a fi sori ẹrọ akọkọ ati rii daju pe a le yi ọrọ igbaniwọle abojuto pada si nexus_admin_password.
Ti o ba fẹ yi ọrọ igbaniwọle adari pada lẹhin fifi sori akọkọ, o le yipada ni igba diẹ si ọrọ igbaniwọle atijọ lati laini aṣẹ. Lẹhin iyipada nexus_admin_password ninu iwe ere rẹ o le ṣiṣẹ:
ansible-playbook -i your/inventory.ini your_playbook.yml -e nexus_default_admin_password=oldPasswordikanni Telegram lori Nesusi Sonatype:
Awọn olumulo ti o forukọsilẹ nikan le kopa ninu iwadi naa. , Jowo.
Awọn ibi ipamọ ohun-ọṣọ wo ni o lo?
-
Sonatype Nesusi jẹ ọfẹ
-
Sonatype Nesusi san
-
Ọfẹ iṣẹ-ọnà
-
Artifctory san
-
Iboju
-
Pulp
9 olumulo dibo. 3 olumulo abstained.
orisun: www.habr.com