nexus_config

Sonatype Nexus Repository Manager configuration

Galaxy Quality Role version Role downloads molecule lint License

This Ansible role will configure Sonatype Nexus Repository Manager using the Rest API. Currently, this role is covers:

  • Initial admin password setup
  • Users creation
  • Users update
  • Users deletion
  • Blob storage (file) creation
  • Blob storage (file) update
  • Blob storage (file) deletion
  • Blob storage (AWS S3) creation
  • Blob storage (AWS S3) update
  • Blob storage (AWS S3) deletion
  • Blob storage (Azure) creation
  • Blob storage (Azure) update
  • Blob storage (Azure) deletion
  • Repositories (Maven, Docker, PyPi, Conda, R, npm) creation
  • Repositories (Maven, Docker, PyPi, Conda, R, npm) update
  • Repositories (Maven, Docker, PyPi, Conda, R, npm) deletion
  • Roles creation
  • Roles update
  • Roles detetion
  • TBD ...

Requirements

Ansible >= 2.10

Role Variables

This is a copy of defaults/main.yml

---

# Administrator user name
admin_username: admin

# Initial Nexus admin password
initial_admin_password: admin123

# Admin password which will be set during the initial setup.
admin_password: "{{ lookup('env', 'ADMIN_PASSWORD') }}"

# Nexus API host
api_host: localhost

# Nexus API port
api_port: 8081

# Nexus endpoint protocol
api_protocol: http

# Path to root ca .pem file, if https with custom ssl is used
root_ca:

# Hide sensitive Ansible error logs (may contain passwords)
hide_sensitive_logs: true

# Anonymous access
anonymous_access: true

users: []
  # - id: joan                    # User ID
  #   first_name: Joan            # User's first name
  #   last_name: Doe              # User's last name
  #   email: [email protected]     # Email
  #   password: nbusr123          # Password ( do not push it to git :) )
  #   status: active              # Status of the user. You can set active/disabled or deleted to delete the user.
  #   source: default             # Source
  #   roles:                      # List of the assigned roles
  #     - nx-admin
  # - id: joe
  #   first_name: Joe
  #   last_name: Doe
  #   email: [email protected]
  #   password: "{{ lookup('env', 'JOE_PASSWORD') }}"
  #   status: disabled
  #   source: default
  #   roles:
  #     - nx-anonymous

roles: []
  #  - id: nx-role                         # Role ID
  #    name: nx-role                       # Role name
  #    description: Some new role          # Role description
  #    status: created                     # Status of the role. You can set created or deleted to delete the role.
  #    privileges:                         # Privileges to include
  #      - nx-repository-view-*-*-add
  #      - nx-repository-view-*-*-browse
  #      - nx-repository-view-*-*-read
  #    roles: [ ]                          # Roles to include

stores: []
  # - name: file_blob             # Blob Store name
  #   type: file                  # Blob Store type (file, s3)
  #   soft_quota: 0               # Blob Store quota
  #   path: /tmp/blobs
  #   status: active              # Blob Store status (active, deleted)
  # - name: s3_blog
  #   type: s3
  #   soft_quota: 0
  #   prefix: ""
  #   region: default
  #   expiration_days: -1
  #   status: active

repositories: []
  # - name: maven_repo_hosted
  #   online: true                                  # Repository state (true, false, deleted)
  #   type: maven                                   # Repository type (Currently supported: maven)
  #   kind: hosted                                  # Repository kind (hosted, proxy)
  #   blob_store: default                           # Blob storeage
  #   strict_content_type_validation: false         # Strict Content Type Validation
  #   write_policy: allow                           # Controls if deployments of and updates to assets are allowed (allow, allow_once, deny)
  #   cleanup_names: []                             # Cleanup policies names. Omit if no cleanup is needed.
  #   version_policy: MIXED                         # Version Policy (MIXED, RELEASE, SNAPSHOT)
  #   layout_policy: STRICT                         # Layout Policy (STRICT, PERMISSIVE)
  #   content: INLINE                               # Content Disposition (INLINE)

  # - name: maven_repo_proxy
  #   online: true
  #   type: maven
  #   kind: proxy
  #   blob_store: default
  #   strict_content_type_validation: false
  #   remote_url: https://maven.example.org/repo    # Remote repository url
  #   maximum_artifacts_age: -1                     # Maximum component age
  #   maximum_metadata_age: 1440                    # Maximum metadata age
  #   negative_cache: true                          # Not found cache
  #   not_found_cache_ttl: 1440                     # Not found cache TTL
  #   http_client:
  #     blocked: false
  #     auto_block: true
  #     connection:
  #       retries: 0
  #       user_agent_suffix: ""
  #       timeout: 60
  #       enable_circular_redirects: false
  #       enable_cookies: false
  #       user_trust_store: false
  #     authentication:                             # Remote repo authentication
  #       type: username                            # Authentication type (username, ntlm)
  #       username: joe
  #       password: nbusr123
  #       ntlm_host:
  #       ntlm_domain:
  #       preemptive: false
  #   routing_rule: null
  #   version_policy: MIXED
  #   layout_policy: STRICT
  #   content: INLINE

  # - name: maven_repo_group
  #   online: true
  #   type: maven
  #   kind: group
  #   blob_store: default
  #   strict_content_type_validation: false
  #   group:
  #     - maven-releases
  #     - maven-snapshots

  #  - name: docker-hub-proxy
  #    online: true
  #    type: docker
  #    kind: proxy
  #    blob_store: default
  #    strict_content_type_validation: false
  #    remote_url: "https://index.docker.io/"       # Location of the remote repository being proxied (Optional)
  #    maximum_artifacts_age: -1
  #    maximum_metadata_age: 1440
  #    negative_cache: true
  #    not_found_cache_ttl: 1440
  #    routing_rule: null
  #    v1_enabled: true                             # Whether to allow clients to use the V1 API to interact with this repository
  #    force_basic_auth: true                       # Whether to force authentication (Docker Bearer Token Realm required if false)
  #    index_type: "REGISTRY"                       # Type of Docker Index (HUB, REGISTRY, CUSTOM)
  #    index_url: "https://index.docker.io/"        # Url of Docker Index to use (Optional)

  #  - name: conda-forge-proxy
  #    online: true
  #    type: conda
  #    kind: proxy
  #    blob_store: default
  #    strict_content_type_validation: false
  #    remote_url: "https://conda.anaconda.org/conda-forge/"
  #    maximum_artifacts_age: -1
  #    maximum_metadata_age: 1440
  #    negative_cache: true
  #    not_found_cache_ttl: 1440
  #    routing_rule: null

  #  - name: cran-proxy
  #    online: true
  #    type: r
  #    kind: proxy
  #    blob_store: default
  #    strict_content_type_validation: false
  #    remote_url: "https://cloud.r-project.org"
  #    maximum_artifacts_age: -1
  #    maximum_metadata_age: 1440
  #    negative_cache: true
  #    not_found_cache_ttl: 1440
  #    routing_rule: null

  #  - name: npm-proxy
  #    online: true
  #    type: npm
  #    kind: proxy
  #    blob_store: default
  #    strict_content_type_validation: false
  #    remote_url: "https://registry.npmjs.org/"
  #    maximum_artifacts_age: -1
  #    maximum_metadata_age: 1440
  #    negative_cache: true
  #    not_found_cache_ttl: 1440
  #    routing_rule: null

Example Playbook

In this example the playbook will create two additional Nexus users and one additional Blob Storage.

---
- name: Configure Nexus
  hosts: all
  user: ansible
  become: yes
  vars:
    config:
      users:
        - id: joan
          first_name: Joan
          last_name: Doe
          email: [email protected]
          password: "{{ lookup('env', 'JOAN_PASSWORD') }}"
          status: active
          source: default
          roles:
            - nx-admin
        - id: joe
          first_name: Joe
          last_name: Doe
          email: [email protected]
          password: nbusr123
          status: disabled
          source: default
          roles:
            - nx-anonymous
      stores:
        - name: file_blob
          type: file
          soft_quota: 0
          path: /mydata/blobs
          status: active
  roles:
    - role: lablabs.nexus_config

License

License

See LICENSE for full details.

Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements.  See the NOTICE file
distributed with this work for additional information
regarding copyright ownership.  The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License.  You may obtain a copy of the License at

  https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied.  See the License for the
specific language governing permissions and limitations
under the License.

Author Information

Created in 2021 by Labyrinth Labs

About

Configure Sonatype Nexus Repository Manager

Install
ansible-galaxy install lablabs/ansible-role-nexus_config
GitHub repository
License
apache-2.0
Downloads
74