sonatype / chef-nexus-repository-manager Goto Github PK
View Code? Open in Web Editor NEWChef recipes for Nexus Repository Manager
License: Other
Chef recipes for Nexus Repository Manager
License: Other
Hi the context of Openshift and secure SCC, the entrypoint is not correct:
When the entrypoint will be call, the value of USER_NAME will be empty.
sed "s@${USER_NAME}:x:\${USER_ID}:@${USER_NAME}:x:${USER_ID}:@g" /etc/passwd.template
I think the best way of settings this is by using the suggestion in the Openshift Doc:
# All permission must be corrected in the Image too
RUN chmod g=u /etc/passwd
ENTRYPOINT [ "uid_entrypoint" ]
USER 1001
if ! whoami &> /dev/null; then
if [ -w /etc/passwd ]; then
echo "${USER_NAME:-default}:x:$(id -u):0:${USER_NAME:-default} user:${HOME}:/sbin/nologin" >> /etc/passwd
fi
fi
I understand correctly?
Thanks!
The Sous Chefs released a version '2.y.z' of the java cookbook.
Please upgrade the dependencies of this cookbook to allow usages for those versions.
When initially setting up a Chef+Nexus instance, this repo was not found in Supermarket : https://supermarket.chef.io/cookbooks/nexus
Is there a timeline for getting it into the Supermarket?
My NXRM install is failing. Look like same problem seen in adamsb6/s3_file#114. If so a tertiary dependency is breaking the cookbook recipe? The parsing of S3 license crashes using the 's3_file' package dependency which itself uses a 'rest-client' dependency which is poorly maintained and uses very old version.
I got here using the latest Guide minimal template. Works fine when no parameters are supplied but fails if I provide s3 license file options...
https://s3.amazonaws.com/sonatype-cloudformation-templates/nexus-repository-manager/1.0.20190212-170522.3f01289/minimal-single-instance.template
To be very honest, I'm not 100% sure this is the correct place to race this issue, but as far as I understood the cloudformation templates provided at [1] , they use this chef recipes to install nexus on a ec2 instance.
The issue is quite simple:
I would expect nexus to come up and running with no data lost again. I did experience a similar issue before with an other tool (jenkins) the simple solution was to start docker with --restart=always
.
[1] https://help.sonatype.com/integrations/cloud-deployments/cloudformation---repository-manager
Looking at https://help.sonatype.com/display/NXRM3/Run+as+a+Service#RunasaService-systemd and prescribed Type=forking
, whereas cookbook is Type=simple
... curious if reason for that?
https://github.com/sonatype/chef-nexus-repository-manager/blob/master/recipes/systemd.rb#L13
I failed to start nexus3 by sonatype/nexus3:3.14.0 docker image due to some permission problems regarding etc folder of data directory. It seems that 'etc' directory created inside data directory of nexus (which is created with chef recipe) has owner of root, so as nexus process has UID of 200 by default, it fails to write on this directory and following error occurs while starting nexus server:
1) Error injecting constructor, java.lang.RuntimeException: java.nio.file.AccessDeniedException: /nexus-data/etc/logback
at org.sonatype.nexus.internal.log.LogbackLoggerOverrides.(LogbackLoggerOverrides.java:64)
at / (via modules: org.sonatype.nexus.extender.modules.NexusBundleModule -> org.eclipse.sisu.space.SpaceModule)
while locating org.sonatype.nexus.internal.log.LogbackLoggerOverrides
while locating java.lang.Object annotated with *
at org.eclipse.sisu.wire.LocatorWiring
while locating org.sonatype.nexus.internal.log.LoggerOverrides
for the 3rd parameter of org.sonatype.nexus.internal.log.LogbackLogManager.(LogbackLogManager.java:84)
at / (via modules: org.sonatype.nexus.extender.modules.NexusBundleModule -> org.eclipse.sisu.space.SpaceModule)
while locating org.sonatype.nexus.internal.log.LogbackLogManager
while locating java.lang.Object annotated with *
I tried to run nexus docker with following command:
run -p 18081:8081 -p 15000:5000 -p 18443:8443 --name nexus_tmp -v $BASE_DATA_DIR/etc/ssl:/opt/sonatype/nexus/etc/ssl -v $BASE_DATA_DIR/data:/nexus-data -v $BASE_DATA_DIR/etc/jetty/jetty-https.xml:/opt/sonatype/nexus/etc/jetty/jetty-https.xml -v $BASE_DATA_DIR/etc/nexus.properties:/opt/sonatype/sonatype-work/nexus3/etc/nexus.properties sonatype/nexus3:3.14.0
Here is the complete log:
nexus.log
nexus.vmoptions
is bundled in the tar, so editing it after the fact is cumbersome ... would be nice to to have the configure.rb
recipe take in overrides for the file .. or even just straight up file rather than template.
Currently we have to publicly expose the app, manually log in and change the password, which seems pretty unacceptable from a security perspective.
The workaround would be to deploy with basic auth on the ingress, and then log in to the UI and change the password that way, before disabling basic auth on ingress, but this hurts the simplicity and reproducibility of the deployment process. It would be much better if the default credentials were set by a secret, optionally generated by the chart or passed in externally.
Possible to get into proper Chef versioning for metadata.rb?
I am currently running 3.7.1 and am getting a file descriptor error when logging into the UI as admin. I found the following ticket; NEXUS-14857 that reference the same issue and took a look at the config file that is referenced. The following lines are present in the limits.conf file which sould resolve the problem, but I am still getting the warning
nexus hard nofile 65536
nexus soft nofile 65536
using release-0.5.20180105-135811.666c150.
And running nexus3 install via Docker file: https://github.com/sonatype/docker-nexus3/blob/master/Dockerfile
Receives the following error:
Recipe: java::set_java_home
Running handlers:
[2018-01-17T14:50:37+00:00] ERROR: Running exception handlers
Running handlers complete
[2018-01-17T14:50:37+00:00] ERROR: Exception handlers complete
Chef Client failed. 2 resources updated in 09 seconds
[2018-01-17T14:50:37+00:00] FATAL: Stacktrace dumped to /etc/chef/local-mode-cache/cache/chef-stacktrace.out
[2018-01-17T14:50:37+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2018-01-17T14:50:37+00:00] ERROR: exit
[2018-01-17T14:50:37+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
ERROR: Service 'mynexus3' failed to build: The command '/bin/sh -c curl -L https://www.getchef.com/chef/install.sh | bash && /opt/chef/embedded/bin/erb /var/chef/solo.json.erb > /var/chef/solo.json && chef-solo --recipe-url ${NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL} --json-attributes /var/chef/solo.json && rpm -qa chef | xargs rpm -e && rpm --rebuilddb && rm -rf /etc/chef && rm -rf /opt/chefdk && rm -rf /var/cache/yum && rm -rf /var/chef' returned a non-zero code: 1
Hi,
we have a corporate proxy, so I provided the nexus package in our local Artifactory and adjusted the variable NEXUS_DOWNLOAD_URL
. The download url is over https using a self signed corporate ssl certifacte. Internally the tar_extract
is not able to either fetch the certificate from the local system nor to ignore the ssl certificate issue (skip ssl verify).
Therefore I used curl to download the nexus artifact and tried to feed it locally to tar_extract.
A solution can be to adjust tar_extract
in download.rb file as following:
tar_extract node['nexus_repository_manager']['nexus_download_url'] do
action :extract_local
target_dir node['nexus_repository_manager']['nexus_home']['path']
checksum node['nexus_repository_manager']['nexus_download_sha256']
creates node['nexus_repository_manager']['nexus_home']['path'] + '/bin'
tar_flags [ '-P', '--strip-components 1' ]
end
Adding action :extract_local
hard coded is not optimal I know, but maybe there is a solution to pass the configuration via an environment variable as the other options.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.