How to Automate Nexus Repository Manager
Nexus a repository manager that allows you to manage, host your binaries and artifacts. It’s an open-source project that can qualify for a free Professional license. Nexus provides various repository formats such as Apt, Docker, Conan, npm, GO see the full list here. For features and more visit Sonatype homepage.
Tools* nexus repository manager
* docker
* groovy scripting
I will set up nexus in a docker container but for the automation process, it doesn’t matter where to run nexus. Actually nexus setup process is relatively straightforward unless you have to do more than once then things get boring :). At this point as a DevOps Engineer, we have to automate this process to save time and avoid kind of boring tasks. There are a few blogs where automation issued but unfortunately, those are neither up to date nor well explained. Let’s make it simple, up to date, and straightforward.
Luckily nexus with version 3+ provides a provisioning REST API which allows us to upload scripts to Nexus and execute those scripts to perform desired tasks. I will go through step by step. Step 1 and 2 have to be done with or without docker but 3rd step is only docker specific and other steps are also the platform-independent.
Step 1: For security concern scripting feature in nexus 3+ is disabled by default. Firstly we have to enable that by adding following line nexus.scripts.allowCreation=true to the Nexus configuration file which called nexus.properties.We will create it as below
#simply add line below
$ vim nexus.properties
nexus.scripts.allowCreation=true
~
~Step 2: Since Nexus 3.21 there is also an initial password feature created randomly. We have to disable this feature and set our own custom password. Otherwise, we have to enter manually, which we actually want to avoid. Therefore I will create my custom Docker image from Nexus official docker image with the custom configuration file above by adding one more line nexus.security.randompassword=false. This tells the nexus, do not create any random password. Then our configuration file looks as follows:
#simply add new line below
$ vim nexus.properties
nexus.scripts.allowCreation=true
nexus.security.randompassword=false
~
~Step 3: We are ready to create and run the custom Docker image. It’s really simple. If you don’t use docker then go and change your nexus.properties file under the corresponding directory on your machine which mostly placed under /etc on Linux. So here is the Dockerfile
# pulling offical image
FROM sonatype/nexus3LABEL maintainer="mehmetalibaykara@gmail.com"#copy configuration file to in docker container
COPY nexus.properties nexus-data/etc/nexus.properties
So here is my directory and I will create a docker image. Note that I already built the image that's why docker is using cache.
dexter@debian:codebase$ tree
├── Dockerfile
├── nexus.properties# Let's build the docker image
$ docker build -t automate_nexus . Sending build context to Docker daemon 105.5kB
Step 1/2 : FROM sonatype/nexus3
---> 57a6261043b9
Step 2/2 : COPY nexus.properties nexus-data/etc/nexus.properties
---> Using cache
---> 07aeb440e707
Successfully built 07aeb440e707
Successfully tagged automate_nexus:latest
Now we have our custom image and time to run the nexus docker container.
#Running on port 8081, container name is nexus
$ docker run --rm -p 8081:8081 --name nexus automate_nexusIt takes about a minute to nexus be ready. If you go browse http://localhost:8081 you should see:
Step 4: Now on we are starting to automate it. The following task will be automated:
-> Change admin password
-> Create new users
-> Create docker repositories: Host, Proxy and Group
-> Add role such as developer, admin etc
-> Create raw repositories
For each task above I have a corresponding groovy file. My directory structure looks as below:
.
├── configs
│ └── nexus.properties
├── Dockerfile
└── scripts
├── addRole.groovy
├── addUpdateScript.groovy
├── dockerRepositories.groovy
├── provision.sh
├── rawRepositories.groovy
└── security.groovyThe resources above can be cloned from my GitHub repository. As you see we have multiple groovy scripts and a shell script called provision.sh. This bash script will fire up the entire process. Hence we disabled random initial password in nexus.properties configuration file, the user and password assigned to admin:admin123.
Nexus is running on http://localhost:8081. To execute our custom groovy script, we have to add them to nexus script API via function method in provision.sh. Please read all comments in scripts.
Step 5: If you clone the repository on your local machine then simply :
#start docker container
$ docker run --rm -d -p 8081:8081 --name nexus auto#approximately 1 minutes later nexus server is ready
# then make the provision executable and run it by$ chmod +x scripts/provision.sh && ./provision
The script starts as
debian@debian:~/nexus-automation/scripts$ ./provision.sh
Provisioning Integration API Scripts StartingPublishing and executing on http://localhost:8081
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.codehaus.groovy.reflection.CachedClass (file:/usr/share/groovy/lib/groovy-2.4.16.jar) to method
terminate with the following output:
>
< HTTP/1.1 200 OK
< Date: Thu, 07 May 2020 11:25:31 GMT
< Server: Nexus/3.22.1-02 (OSS)
< X-Content-Type-Options: nosniff
< Content-Type: application/json
< Content-Length: 44
<
{
"name" : "docker",
"result" : "null"
* Connection #0 to host localhost left intact
}
Successfully executed docker scriptProvisioning Scripts Completed
Now the users and repositories have to be created by full automated scripts. Let’s verify via UI login as administrator. You can verify other users by login via name and password. For instance:
username: test.developer
password: dev456
#For other users name and passwords check security.groovy script
So we automate the complete setup process which is a key part of the DevOps environment. I hope this gives you an idea of where you might start. The Nexus provides excellent REST API to script it and automate it. Sure using infrastructure tools such as Ansible or terraform might be a better option for the build chain.
PS: please do not hesitate to contact me if you have any question or contribution
References
* https://blog.sonatype.com/2010/04/why-nexus-for-the-non-programmer/
* https://blog.sonatype.com/automated-setup-of-a-repository-manager
*https://help.sonatype.com/repomanager3/rest-and-integration-api/script-api
