Deploy Nexus for the Central Artefact Repository
Deploy Nexus OSS edition for the Central Artefact Repository on AWS.
Summary
This repo deploys Nexus OSS edition using an adpated version of https://github.com/ansible-ThoTeam/nexus3-oss. The changes are found in the ./resources
directory, and are used to overwrite the freshly checked out roles held in the ./collections
directory.
To use this repository:
$ git clone git@gitlab.com:ska-telescope/sdi/deploy-nexus.git
$ cd deploy-nexus
$ make reinstall # installs the necessary roles and collections in `./collections`
Edit the ssh.config
and ./inventory_nexus
files appropriate to your target host. and then create a ./PrivateRules.mak
file containing the passwords for the Nexus user accounts admin
,gitlab
, publisher
and quarantiner
, as well as the webhook url and secret key as follows:
EXTRA_VARS = vault_nexus_admin_password='...' vault_nexus_user_password_gitlab='...' vault_nexus_user_password_publisher='...' vault_nexus_ldap_conn_passwd='...' vault_nexus_email_server_password='...' vault_nexus_user_password_quarantiner='...' nexus_webhook_url='...' nexus_webhook_secret_key='...'
Then build using:
$ make nexus
Deployment
The basic deployment consists of:
a role (common) that sets basic host configuration
the system-common-roles docker role that installs a standard Docker daemon footprint
The modified Nexus role from https://github.com/ansible-ThoTeam/nexus3-oss#example-playbook
This sets up and deploys Nexus, which is then frontended with HAProxy runnning in a docker container. HAProxy does the URI and port mapping necessary to expose Nexus and the Docker repository.
The nexus3-oss role is patched by the files found in the ./resources
directory.
Production site
The production Nexus instance for the Central Artefact Repository is hosted at https://artefact.skatelescope.org/. This is integrated with SKAO LDAP based authentication for administration access - all other service accounts are maintained as local users.
Configuration
The complete configuration for the deployment is contained in nexus.yml.
Development
As this repo relies on a modified upstream version of https://github.com/ansible-ThoTeam/nexus3-oss, the differences are maintained as a patch file in the ./resources
directory.
The patch can be maintained by checking out upstream with:
$ make update-patch
This creates the checked out code in ./nexus3-oss
, and applies the (uncommited) current version of the patch. Edit the repository as required (without commiting the changes), and regenerate the patch file with:
$ make make-patch
This will update the path in ./resources
. To activate these new changes, the ./collections
directory needs to be regenerated with:
$ make reinstall
$ make patch
make help
Run make
to get the help:
$ make
make targets:
Makefile:build_nexus Install nexus
Makefile:help show this help.
Makefile:install Install dependent ansible collections
Makefile:lint Lint check playbook
Makefile:reinstall reinstall collections
Makefile:vars List Variables
make vars (+defaults):
Makefile:COLLECTIONS_PATHS ./collections
Makefile:COLLECTIONS_VERSION v2.4.14
Makefile:EXTRA_VARS vault_nexus_admin_password='whatwhat' vault_nexus_user_password_gitlab='whatwhat' vault_nexus_user_password_publisher='whatwhat'
Makefile:INVENTORY_FILE ./inventory_nexus
Makefile:NODES localhost
Makefile:PRIVATE_VARS ./nexus_vars.yml