Description

Installs and configures Sonatype Nexus. Can optionally configure and install an nginx installation or provide SSL access to the Jetty server that runs Nexus.

Requirements

Platform:

• Ubuntu
• CentOS

The following cookbooks are dependencies:

• java
• nginx
• artifact

Recipes

• default - the recipe you want in your run-list. Configures a system and installs a Nexus server.
• app - the core recipe used for installing the Nexus server.
• nginx - add this recipe to your run-list when you want nginx installed and configured to proxy the Nexus server.
• cli - installs packages at compilation time and uses chef_gem to instal the nexus_cli gem. Primarily used by the LWRPs of this cookbook.

Usage

Simply add the nexus::default recipe to the node where you want Sonatype Nexus installed.

Due to a recent change on Sonatypes website, the downloads got a bit weird. Each time you download a tar.gz from Sonatype's site, it has two version numbers. One that is an internal folder inside the tar (ex: 2.3.1-01) and one that they use on their website's downloads page (ex: 2.3, latest). I have recently added a new attribute to reflect this change - node.nexus.version will be used to reflect the inner version, and node.nexus.external_version will be used to reflect the version in the downloads URL.

Data Bags

As of version 2.0.0, this cookbook now uses fewer, more standardized Encrypted Data Bags. Following the style used at Riot, Data bags are created per Chef Environment and default to a data bag item named "_wildcard" if there is no environmental data bag item.

For version 2.0.0, the data bag has been revised to only include the credentials, and license elements.

Below is how you should create your data bags for using this cookbook:

knife data bag create nexus _wildcard -c your/chef/config --secret-file your/encrypted_data_bag_key

{
  "id": "_wildcard",
  "credentials": {
    "default_admin": {
      "username": "admin",
      "password": "admin123"
    },
    "updated_admin": {
      "username": "admin",
      "password": "new_password"
    },
  },
  "license": {
    "file": "base64d license file"
  }
}

When you want to configure the Nexus to be served via SSL, you will need to set the nexus.app_server_proxy.ssl.enabled attribtue and configure an encrypted data bag.

Your data bag items should look like the following:

knife data bag create nexus_ssl_files _wildcard -c your/chef/config --secret-file your/encrypted_data_bag_key

{
  "id": "_wildcard",
  "fully-qualified-domain-name": {
    "crt": "base64-encoded-ssl-certificate",
    "key": "base64-encoded-private-key"
  }
}

Resources/Providers

nexus_plugin

Installs a Nexus plugin by creating a symlink of a named plugin from the Nexus' optional-plugins directory into the Nexus' plugin-repositroy directory.

Actions

Action	Description	Default
install	Installs the plugin	Yes

Attributes

Attribute	Description	Type	Default
name	Name of the plugin to install	String	name

nexus_hosted_repository

Resource provider for creating and deleting hosted Neuxs repositories.

Actions

Action	Description	Default
create	Creates a new repository	Yes
delete	Deletes a repository
update	Updates a repository

Attributes

Attribute	Description	Type	Default
name	Name of the repository to create/delete/update	String	name
publisher	The type of repository - either "hosted" or "proxy".	String
policy	Either "HOSTED" or "SNAPSHOT" repository policy for artifacts	String
repo_provider	'rubygems-hosted', 'maven2', ...etc	String	nil will use 'maven2'

nexus_group_repository

Resource provider for creating and deleting group Neuxs repositories.

Actions

Action	Description	Default
create	Creates a new repository	Yes
delete	Deletes a repository
add_to	Adds a repository to group repository
remove_from	Removes a repository to group repository

Attributes

Attribute	Description	Type	Default
name	Name of the repository to create/delete/add_to /remove_from	String	name
repository	Repository to add/remove from group repo	String
repo_provider	'rubygems-group', 'maven2', ...etc	String	nil will use 'maven2'

nexus_proxy_repository

Resource provider for creating and deleting proxy Neuxs repositories.

Actions

Action	Description	Default
create	Creates a new repository	Yes
delete	Deletes a repository
update	Updates a repository

Attributes

Attribute	Description	Type	Default
name	Name of the repository to create/delete/update	String	name
url	The url used for a proxy repository.	String
policy	Either "HOSTED" or "SNAPSHOT" repository policy for artifacts	String
publisher	The type of repository - either "hosted" or "proxy".	String
subscriber	Whether this repository is a subscriber to artifacts.	TrueClass, FalseClass
preemptive_fetch	Whether this (proxy) repository should preemptively fetch artifacts	TrueClass, FalseClass
repo_provider	'rubygems-proxy', 'maven2', ...etc	String	nil will use 'maven2'

nexus_settings

Resource provider for modifying the global Nexus settings.

Actions

Action	Description	Default
update	Updates a global Nexus setting to a new value.	Yes

Attributes

Attribute	Description	Type	Default
path	Period '.' delimited path to element of the settings that is going to be changed.	String	name
value	The new value to update the path to.	String, TrueClass, FalseClass, Hash

nexus_user

Resource provider for creating, deleting, and modifying Nexus user accounts.

Actions

Action	Description	Default
create	Creates a new Nexus user.	Yes
delete	Deletes a Nexus user.
update	Updates a Nexus user with updated information
change_password	Changes a Nexus user's password

Attributes

Attribute	Description	Type	Default
username	The element of the settings that is going to be changed.	String	name
first_name	The first name of the user.	String
last_name	The last name of the user.	String
email	The email address of the user.	String
enabled	Whether or not this user is enabled or disabled.	TrueClass, FalseClass
password	The current (or new) password of the user.	String
old_password	The old password of the user, used in change_password.	String
roles	A list of roles (permissions) to apply to the user.	Array

nexus_license

Resource provider for installing a license file into Nexus.

Actions

Action	Description	Default
install	Installs a license file into the server.	Yes

Attributes

Attribute	Description	Type	Default
name	Some useful information about the license. Similar to ruby_block.	String	name

nexus_proxy

Resource provider for manipulating the Nexus' settings for Smart Proxy.

Actions

Action	Description	Default
enable	Enables the Smart Proxy functionality.	Yes
disable	Disables the Smart Proxy functionality.
add_trusted_key	Adds a trusted key to the server.
delete_trusted_key	Removes a trusted key from the server.

Attributes

Attribute	Description	Type	Default
name	Some useful information about the proxy. Similar to ruby_block.	String	name
id	Used for delete_trusted_key. The id of the key to delete.	String
host	The host to use for Smart Proxy. Used for enable.	String
port	The port to use for Smart Proxy. Used for enable.	Fixnum
certificate	The certificate of another Nexus to add. Used for add_trusted_key.	String
description	The description of the other Nexus. Used for add_trusted_key.	String

Attributes

Most attributes under nexus are basic attributes needed for correctly installing the server. You can define things like the url to download the Nexus zip from, the install location, and other similar things here.

• nexus.version - sets the version inside the nexus package
• nexus.base_dir - sets the base directory under which to place the nexus user's home directory.
• nexus.user - sets the user to install nexus under
• nexus.group - sets the group to install nexus under
• nexus.external_version - the version used on the downloads page for nexus
• nexus.url - sets the URL where the nexus package is located
• nexus.checksum - The SHA256 checksum of the Nexus installation package
• nexus.port - the port to run nexus on
• nexus.host - the hostname to use for nexus
• nexus.context_path - the context path under which Nexus is running under. ie. "/nexus" #=> "http://localhost:8081/nexus"
• nexus.name - the name of the Nexus
• nexus.bundle_name - the name of the internal folder of the Nexus tar. Usually nexus-{professional or nothing}-{VERSION}
• nexus.home - the installation directory for the nexus application. Uses name.
• nexus.current_path - the above home/current/bundle_name. The artifact_deploy resource uses the current symlink to denote the currently installed version.
• nexus.pid_dir - the pid directory defined in the nexus.erb template. Saves a pid in the pids directory created by the artifact_deploy resource.
• nexus.conf_dir - the above home/conf
• nexus.bin_dir - the above home/bin
• nexus.work_dir - the above path/sonatype-work/nexus
• nexus.plugins - an Array of Nexus plugins that will be installed by the default recipe.
• nexus.logs.logs_to_keep - a fixnum value for the maximum number of logs the Nexus should keep.

Attributes under app_server_proxy help when you want to install an proxy in front of the running Nexus Jetty container. At the moment, the only supported alternative is nginx. Also, here is where you can configure SSL for either nginx or Jetty.

• nexus.app_server_proxy.nginx.server_name - the name to be configured in the nginx.conf server element.
• nexus.app_server.jetty.loopback - true if you want to loop back on the default port (useful if you want to disable HTTP access).
• nexus.app_server_proxy.ssl.setup - set this attribute when you want SSL configured. Valid values are :none, :nginx, or :jetty.
• nexus.app_server_proxy.use_self_signed - defaults to false, set to true to use the pre-packaged, self signed certificate.
• nexus.app_server_proxy.ssl.port - the port to use for SSL connections.
• nexus.app_server_proxy.ssl.key - defines where to look in the credentials data bag for the SSL certificate and key information.
• nexus.app_server_proxy.nginx.server.options - used to generate options in the server section of the nginx conf file.
• nexus.app_server_proxy.nginx.proxy.options - used to generate proxy options in the location section of the nginx conf file.

Attributes under cli are used for configuring how the nexus_cli should behave. Most LWRPs in this cookboo use the nexus_cli gem for configuring a running Nexus server. Here you can configure how many attempts the gem should make before raising an exception about the Nexus server not being reachable (useful when you start or restart the server).

• nexus.cli.ssl.verify - true if we want to verify SSL connections. false if you have bad SSL certificates on your servers. If you are testing local nginx and SSL, you'll want this value to be false, because the certificate is self-signed.
• nexus.cli.repository - The repository that nexus_cli gem will use for push / pull operations. A requirement of nexus_cli, not used by this cookbook.
• nexus.cli.default_admin_credentials_updated - this attribute is used for setting chosing what credentials the nexus_cli will use. This attribute will be set on the node after the nexus_user resource changes the Nexus server's password.
• nexus.cli.retries - the number of attempts to make when connecting to a Nexus server. Most LWRPs in this cookbook require the Nexus server to be running.
• nexus.cli.retry_delay - the time to wait in between attempts to connect to the Nexus server.

Local Development

In order to run this cookbook locally in Vagrant, you need to configure data bags in ~/.chef/data_bags and place your encrypted data bag secret key in ~/.chef/encrypted_data_bag_secret.

License and Author

Author:: Kyle Allan (kallan@riotgames.com) Based on work by Joseph Holsten (joseph@josephholsten.com), Charles Scott (connaryscott@gmail.com), Greg Schueler (greg.schueler@gmail.com), and Seth Chisamore (schisamo@opscode.com)

Copyright 2014, Riot Games

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.