Nexus Registry
安装配置
Nexus versiion 3.15.1-01
创建共享容器卷
docker volume create --driver local --opt type=none --opt device=$(pwd) --opt o=bind nexus-data
获取 nexus 镜像
docker pull sonatype/nexus3
启动镜像
docker run -d -p 8081:8081 --name nexus -v nexus-data:/nexus-data sonatype/nexus3
说明
- 启动参数说明
设置 jvm
变量名称:INSTALL4J_ADD_VM_PARAMS
默认:-Xms1200m -Xmx1200m -XX:MaxDirectMemorySize=2g -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs
配置实例:-e INSTALL4J_ADD_VM_PARAMS="-Xms2g -Xmx2g -XX:MaxDirectMemorySize=3g -Djava.util.prefs.userRoot=/some-other-dir"
配置访问路径
NEXUS_CONTEXT:默认为/
-e NEXUS_CONTEXT=nexus
默认用户密码
admin/admin123
查看日志
docker logs -f nexus
YUM源配置
Nexus 配置
安装软件后会进行代理并存储在本地
-
创建如下代理
-
yum-base
-
yum-epel
-
yum-extras
-
yum-updates
-
效果
客户端配置
- 基础源配置文件
cat nexus.repo
[nexus]
name=Nexus Repository
baseurl=http://172.18.0.11:8081/repository/yum-base/$releasever/os/$basearch/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
priority=1
[nexus-updates]
name=Nexus CentOS-$releasever
enabled=1
failovermethod=priority
baseurl=http://172.18.0.11:8081/repository/yum-updates/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://172.18.0.11:8081/repository/yum-updates/RPM-GPG-KEY-CentOS-7
[nexus-extras]
name=Nexus CentOS-$releasever
enabled=1
failovermethod=priority
baseurl=http://172.18.0.11:8081/repository/yum-extras/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://172.18.0.11:8081/repository/yum-extras/RPM-GPG-KEY-CentOS-7
cat nexus-epel.repo
[nexus-epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
baseurl=http://172.18.0.11:8081/repository/yum-epel/$releasever/$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=http://172.18.0.11:8081/repository/yum-epel/RPM-GPG-KEY-EPEL-7
[nexus-epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
baseurl=http://172.18.0.11:8081/repository/yum-epel/$releasever/$basearch/debug
failovermethod=priority
enabled=0
gpgkey=http://172.18.0.11:8081/repository/yum-epel/RPM-GPG-KEY-EPEL-7
gpgcheck=1
[nexus-epel-source]
name=Extra Packages for Enterprise Linux 7 - $basearch - Source
baseurl=http://172.18.0.11:8081/repository/yum-epel/$releasever/SRPMS
failovermethod=priority
enabled=0
gpgkey=http://172.18.0.11:8081/repository/yum-epel/RPM-GPG-KEY-EPEL-7
gpgcheck=1
Docker 仓库
创建 Nexus3 Docker 仓库步骤
- 创建私有仓库
所有 push 操作需要指向该仓库
自行选择是否开启 V1版本 API 支持
-
配置代理仓库
-
配置 group 组包含(私有仓库与代理仓库)
pull 镜像操作可以使用配置该项时的端口进行,如果本地没有要 pull 的镜像会自动像代理请求,并且存放到本地
-
配置
Realms
权限
-
增加
docekr
roles
-
增加
docekr
用户并应用规则
客户端配置
-
配置
docker
指定仓库[root@kubernetes-node1 ~]# cat /etc/docker/daemon.json { "insecure-registries": [ "172.18.0.2:8082", "172.18.0.2:8083" ], "disable-legacy-registry": true }
-
登录仓库
docker login 172.18.0.2:8083 docker login 172.18.0.2:8082
-
docker
push
镜像[root@kubernetes-node1 ~]# docker push 172.18.0.2:8083/nginx:1.14.3 The push refers to a repository [172.18.0.2:8083/nginx] 1295dc4c83dd: Pushed 4e9c3671be7b: Pushed 59b059d445c1: Pushed 0246bb21855f: Pushed 42acf078bf60: Pushed 7bff100f35cb: Pushed 1.14.3: digest: sha256:bb31b7147d854d94e2f0600f7f0a66bb0a6f2f5205d8a52ee7db9f069c44faed size: 1568
-
docker
pull
本地仓库没有会进行代理下载
[root@kubernetes-node1 ~]# docker pull 172.18.0.2:8082/alpine:3.8 Trying to pull repository 172.18.0.2:8082/alpine ... 3.8: Pulling from 172.18.0.2:8082/alpine cd784148e348: Pull complete Digest: sha256:3d2e482b82608d153a374df3357c0291589a61cc194ec4a9ca2381073a17f58e Status: Downloaded newer image for 172.18.0.2:8082/alpine:3.8
-
效果
PYPI 仓库
使用 Nexus 3 创建PYPI 仓库步骤
由于 PYPI 安装需使用 HTTPS 所以需要对 nexus 进行 HTTPS 配置,具体配置详见NexusHttps配置
- 配置
PYPI
私有仓库(同docker
相同步骤) - 配置
PYPI
代理仓库(此处主要的配置代理连接可自行选择 本文使用http://mirrors.aliyun.com/pypi) - 配置
PYPI Group
(同docker
配置过程相同) - 配置
PYPI Roles
(配置包含所有pypi
相关的规则) - 配置
PYPI
用户信息并关联PYPI Roles
客户端配置
-
配置全局配置文件
cert 配置选项要注意:
要配置成与 Nginx 跳转的域名相同的文件夹名称,并将 CA 证书存放到该目录下cat ~/.pip/pip.conf [global] index = https://ipypi.registory.com/repository/pypi-group/pypi index-url = https://ipypi.registory.com/repository/pypi-group/simple cert = root.crt
-
配置私有仓库上传配置
[root@kubernetes-node1 certs.d]# cat ~/.pypirc [distutils] index-servers = pypi [pypi] repository: https://ipypi.registory.com/repository/pypi-internal/ # 此处根据 Nginx 配置的域名进行配置 username: pypi password: <your_password>
-
效果验证
pip install ansible # 输出 Looking in indexes: https://ipypi.registory.com/repository/pypi-group/simple Collecting ansible