Nexus 有多個(gè)產(chǎn)品活烙,比如一種安全掃描工具遣鼓,或者谷歌的平板電腦/手機(jī)。
這里加上限定詞 Sonatype宫补,表示這個(gè)Nexus 是二進(jìn)制包管理工具曾我,業(yè)界跟它類似的工具是 Artifactory 。
社區(qū)版是 Nexus repository OSS
Installing and Starting Nexus Repository Manager 3
Ubuntu 20 環(huán)境上測(cè)試贫贝,已經(jīng)安裝 openjdk-8 (當(dāng)前不支持 java11 或者其它版本)
下面是官網(wǎng)的安裝步驟蛉谜,寫的很詳細(xì),就直接抄了客燕。
- Create an installation directory in your desired location.
- Download the most recent repository manager for your operating system.
- If the file is downloaded to a location outside the installation directory, move it there.
- Unpack the
.tar.gzor.zipfile in its new location. Both an application (i.e.nexus-<version>) and data directory (i.e.../sonatype-work/nexus3) are created after extraction. - Go to the application directory which contains the repository manager file you need to start up.
- In the application directory, run the startup script launching the repository manager:
- Linux:
./bin/nexus run (front end method, for testing) ./bin/nexus start (backend method)
- Linux:
- Wait until the log shows the message “Started Sonatype Nexus.”
- Open your browser and type http://localhost:8081/ in your URL field.
- From the user interface click Sign In, which generates a modal to enter your credentials.
- Navigate to
../sonatype-work/nexus3/in your terminal. - Locate the
admin.passwordfile. - Copy the string from the file to the password field, and sign in.
- Complete the step-by-step setup modal to update your password and set Anonymous Access defaults upon logging in.
基本結(jié)構(gòu)
Nexus 安裝后發(fā)現(xiàn)內(nèi)置的 maven repos也搓,不用修改涵紊,直接能用。
它有三種 type:proxy颤练,group,hosted 代表著用什么方式獲取代碼嗦玖。跟 Artifactory 對(duì)比:
| Nexus | Artifactory |
|---|---|
| proxy | remote |
| group | virtual |
| hosted | local |
Format 表示支持哪種二進(jìn)制文件,包括(maven2, docker, yum ...)
image-20230406142348673.png
Proxying Maven
-
修改
settings.xml比如~/.m2/settings.xml.<settings> <servers> <server> <id>nexus</id> <username>admin</username> <password>admin123</password> </server> </servers> <mirrors> <mirror> <!--This sends everything else to /public --> <id>nexus</id> <mirrorOf>*</mirrorOf> <url>http://localhost:8081/repository/maven-public/</url> </mirror> </mirrors> </settings>
-
創(chuàng)建 POM file (
pom.xml) with the values below:<project> <modelVersion>4.0.0</modelVersion> <groupId>com.example</groupId> <artifactId>nexus-proxy</artifactId> <version>1.0-SNAPSHOT</version> <dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.10</version> </dependency> </dependencies> </project>
-
Run the Maven build with the command
mvn package.$ mvn package [INFO] Scanning for projects... [INFO] [INFO] ----------------------< com.example:nexus-proxy >----------------------- [INFO] Building nexus-proxy 1.0-SNAPSHOT [INFO] from pom.xml [INFO] --------------------------------[ jar ]--------------------------------- Downloading from nexus: http://localhost:8081/repository/maven-public/org/apache/maven/plugins/maven-resources-plugin/3.3.0/maven-resources-plugin-3.3.0.pom Downloaded from nexus: http://localhost:8081/repository/maven-public/org/apache/maven/plugins/maven-resources-plugin/3.3.0/maven-resources-plugin-3.3.0.pom (8.5 kB at 6.0 kB/s) Downloading from nexus: http://localhost:8081/repository/maven-public/org/apache/maven/plugins/maven-plugins/36/maven-plugins-36.pom Downloaded from nexus: http://localhost:8081/repository/maven-public/org/apache/maven/plugins/maven-plugins/36/maven-plugins-36.pom (9.9 kB at 22 kB/s) ....You can see downloading from private repo.
網(wǎng)頁確認(rèn)
image-20230406144301281.png
image-20230406144329477.png
Deploy to Nexus
修改 POM file ,添加下面的內(nèi)容
<project>
....
<distributionManagement>
<repository>
<id>nexus</id>
<name>maven-releases</name>
<url>http://localhost:8081/repository/maven-releases/</url>
</repository>
<snapshotRepository>
<id>nexus</id>
<name>maven-snapshots</name>
<url>http://localhost:8081/repository/maven-snapshots/</url>
</snapshotRepository>
</distributionManagement>
</project>
測(cè)試上傳
$ mvn clean deploy
[INFO] Scanning for projects...
[INFO]
[INFO] ----------------------< com.example:nexus-proxy >-----------------------
[INFO] Building nexus-proxy 1.0-SNAPSHOT
[INFO] from pom.xml
....
Uploading to nexus: http://localhost:8081/repository/maven-snapshots/com/example/nexus-proxy/1.0-SNAPSHOT/maven-metadata.xml
Uploaded to nexus: http://localhost:8081/repository/maven-snapshots/com/example/nexus-proxy/1.0-SNAPSHOT/maven-metadata.xml (766 B at 25 kB/s)
Uploading to nexus: http://localhost:8081/repository/maven-snapshots/com/example/nexus-proxy/maven-metadata.xml
Uploaded to nexus: http://localhost:8081/repository/maven-snapshots/com/example/nexus-proxy/maven-metadata.xml (280 B at 10 kB/s)
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.832 s
[INFO] Finished at: 2023-04-06T05:39:58+02:00
[INFO] ------------------------------------------------------------------------
從日志看,已經(jīng)上傳了娱局,到網(wǎng)頁上再次確認(rèn)。
image-20230406144852493.png
以上任斋,功能上 Maven 和 Nexus 結(jié)合的基本讀寫已經(jīng)測(cè)試完畢耻涛。
用戶權(quán)限管理
使用 Role-Based Access Controls 來管理權(quán)限,Artifactory 7.X 之后也使用 RBAC澈蟆。
基本操作思路就是創(chuàng)建 role 卓研, 分配權(quán)限, 關(guān)聯(lián)用戶或組寥闪。
假如一個(gè)新組 apollo 磨淌,提交文件到 dev-apollo 來舉例。
創(chuàng)建repo
image-20230406151124681.png
image-20230406151226480.png
image-20230406151305309.png
Creates a new role named team-apollo.
image-20230406151522015.png
- The admin adds the following browse, read, and write privileges for that repository to the team-apollo role:
- nx-repository-view-maven2-dev-apollo-add
- nx-repository-view-maven2-dev-apollo-read
- nx-repository-view-maven2-dev-apollo-browse
image-20230406151641719.png
Create local user and assign role
開發(fā)環(huán)境應(yīng)該配置 LDAP,然后分配 LDAP 用戶到 role 喂击。 這里使用本地賬戶來測(cè)試淤翔。
image-20230406152901212.png
網(wǎng)頁驗(yàn)證
用新建賬戶登錄后只能看到一個(gè)repo (期待的結(jié)果)佩谷。
image-20230406153022720.png
Maven 驗(yàn)證
change settings.xml for local user authentication
<servers>
<server>
<id>apollo</id>
<username>testuser</username>
<password>testuser</password>
</server>
....
</servers>
change POM file for distribution.
<project>
<modelVersion>4.0.0</modelVersion>
<groupId>com.example</groupId>
<artifactId>my-artifact</artifactId>
<version>1.0</version>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.10</version>
</dependency>
</dependencies>
<distributionManagement>
<repository>
<id>apollo</id>
<name>maven-releases</name>
<url>http://localhost:8081/repository/dev-apollo/</url>
</repository>
</distributionManagement>
</project>
Test deploy
$ mvn deploy
....
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:3.1.0:deploy (default-deploy) on project my-artifact: Failed to deploy artifacts: Could not transfer artifact com.example:my-artifact:pom:1.0 from/to apollo (http://localhost:8081/repository/dev-apollo/): status code: 403, reason phrase: Forbidden (403) -> [Help 1]
報(bào)錯(cuò) Forbidden ,說明權(quán)限不夠裁奇÷竽欤回到之前配置 role 的頁面,添加 nx-repository-view-maven2-dev-apollo-* 免胃,重試,成功了躺涝。
$ mvn deploy
....
[INFO] --- deploy:3.1.0:deploy (default-deploy) @ my-artifact ---
Uploading to apollo: http://localhost:8081/repository/dev-apollo/com/example/my-artifact/1.0/my-artifact-1.0.pom
Uploaded to apollo: http://localhost:8081/repository/dev-apollo/com/example/my-artifact/1.0/my-artifact-1.0.pom (538 B at 6.3 kB/s)
Uploading to apollo: http://localhost:8081/repository/dev-apollo/com/example/my-artifact/1.0/my-artifact-1.0.jar
Uploaded to apollo: http://localhost:8081/repository/dev-apollo/com/example/my-artifact/1.0/my-artifact-1.0.jar (1.3 kB at 45 kB/s)
Downloading from apollo: http://localhost:8081/repository/dev-apollo/com/example/my-artifact/maven-metadata.xml
Uploading to apollo: http://localhost:8081/repository/dev-apollo/com/example/my-artifact/maven-metadata.xml
Uploaded to apollo: http://localhost:8081/repository/dev-apollo/com/example/my-artifact/maven-metadata.xml (298 B at 12 kB/s)
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
在網(wǎng)頁驗(yàn)證坚嗜,也成功诗充。
image-20230406155844225.png
refs:
Official document: https://help.sonatype.com/repomanager3
