nexus3部署

环境信息：

系统：CentOS 7
配置: CPU 4核(建议最少4核)、内存4G 、磁盘200G
IP：192.168.86.9
nexus3版本：nexus-3.27.0-03-unix.tar.gz
nexus3安装包下载地址：

wget http://download.sonatype.com/nexus/3/nexus-3.27.0-03-unix.tar.gz
或者
链接：https://pan.baidu.com/s/1OFruEz3aIU1NxHVQf5YBFQ 提取码：demo

JDK下载地址
JDK版本：jdk-8u151-linux-x64

https://www.oracle.com/cn/java/technologies/javase/javase-jdk8-downloads.html
或者
链接：https://pan.baidu.com/s/1dPIVFRi8hGdP7wOztoX6lg 提取码：demo

一、源码包方式部署

1>安装jdk并配置环境变量并验证

tar -xf jdk-8u151-linux-x64.tar -C /usr/local/
ln -s /usr/local/jdk1.8.0_151 /usr/local/java
echo "JAVA_HOME=/usr/local/java" >>/etc/profile
echo "PATH=\$JAVA_HOME/bin:\$PATH">>/etc/profile
echo "export JAVA_HOME PATH" >>/etc/profile
source /etc/profile
java -version

2>安装nexus

tar -xf nexus-3.27.0-03-unix.tar.gz -C /usr/local/
ln -s /usr/local/nexus-3.27.0-03 /usr/local/nexus
useradd -d "/home/nexus" -m -s "/sbin/nologin" nexus
chown -R nexus:nexus  /usr/local/nexus
chown -R nexus:nexus /usr/local/sonatype-work
echo run_as_user='"nexus"' >>/usr/local/nexus/bin/nexus.rc

配置systemctl管理nexus

cat <<EOF >/etc/systemd/system/nexus.service
[Install]
WantedBy=multi-user.target

[Unit]
Description=nexus service
After=network.target

[Service]
Type=forking
LimitNOFILE=65536
ExecStart=/usr/local/nexus/bin/nexus start
ExecStop=/usr/local/nexus/bin/nexus stop
User=nexus
Restart=on-abort

[Install]
WantedBy=multi-user.target
EOF

启动nexus

systemctl daemon-reload
systemctl  start nexus.service
systemctl  enable nexus.service

3>登录nexus（hostIP:8081）

查看nexus的admin用户密码，使用admin用户登录
cat /usr/local/sonatype-work/nexus3/admin.password

设置新密码

设置仓库访问权限

4>配置https访问

生成服务端需要配置的认证文件

NEXUS_DOMAIN=192.168.86.9
NEXUS_IP_ADDRESS=192.168.86.9
PASSWD=password

keytool -genkeypair -keystore keystore.jks -storepass ${PASSWD}  -keypass ${PASSWD} -alias nexus -keyalg RSA -keysize 2048 -validity 5000 -dname "CN=${NEXUS_DOMAIN}, OU=demo, O=demo, L=Beijing, ST=Beijing, C=CN" -ext "SAN=IP:${NEXUS_IP_ADDRESS}" -ext "BC=ca:true"

mv keystore.jks /usr/local/nexus/etc/ssl/

keytool -export -alias nexus -keystore /usr/local/nexus/etc/ssl/keystore.jks -file keystore.cer -storepass password

mv keystore.cer /usr/local/nexus/etc/ssl/

生产客户端证书

口令都配置password
keytool -importkeystore -srckeystore /usr/local/nexus/etc/ssl/keystore.jks -destkeystore keystore.p12 -deststoretype PKCS12

openssl pkcs12 -in keystore.p12 -nokeys -out keystore.crt
mv keystore.crt keystore.p12 /usr/local/nexus/etc/ssl/

配置 Nexus 使用证书，开启 https

cp /usr/local/nexus/etc/nexus-default.properties /usr/local/nexus/etc/nexus-default.properties.bak

sed -i '/application-port=/i\\ application-port-ssl=8443' /usr/local/nexus/etc/nexus-default.properties

sed -i '/nexus-args/d' /usr/local/nexus/etc/nexus-default.properties

echo 'nexus-args=${jetty.etc}/jetty.xml,${jetty.etc}/jetty-http.xml,${jetty.etc}/jetty-https.xml,${jetty.etc}/jetty-requestlog.xml' >>/usr/local/nexus/etc/nexus-default.properties

重启nexus验证https访问
systemctl  restart nexus.service

二、k8s方式部署

1、环境信息
ingress入口：192.168.86.36
域名规划：
主站点：repository.onap.vip
2、生成证书（参考:certbot生成证书）

certbot --server https://acme-v02.api.letsencrypt.org/directory -d "repository.onap.vip" -d "*.repository.onap.vip" --manual --preferred-challenges dns-01 certonly

3、nexus3部署yaml

#创建namespace
kubectl create ns repository
#生成ingress使用htts需要的secret
kubectl -n repository create secret tls repository-onap-vip-tls-secret --cert=repository.onap.vip.fullchain.pem --key=repository.onap.vip.privkey.pem
kubectl -n repository apply -f nexus3-deploy.yaml

nexus3-deploy.yaml

apiVersion: v1
kind: Service
metadata:
  name: sonatype-nexus
  labels:
    app: sonatype-nexus
spec:
  type: NodePort
  ports:
  - name: sonatype-nexus
    port: 8081
    targetPort: 8081
    protocol: TCP
  - name: dockerio-proxy
    port: 10001
    targetPort: 10001
    nodePort: 32001
    protocol: TCP
  - name: local-docker
    port: 10002
    targetPort: 10002
    protocol: TCP
  selector:
    app: sonatype-nexus
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: repository.onap.vip
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  rules:
  - host: repository.onap.vip
    http:
      paths:
      - path:
        backend:
          serviceName: sonatype-nexus
          servicePort: 8081
  tls:
  - hosts:
    - repository.onap.vip
    secretName: repository-onap-vip-tls-secret
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: sonatype-nexus
spec:
  accessModes:
    - ReadWriteOnce
  volumeMode: Filesystem
  resources:
    requests:
      storage: 10Gi
  storageClassName: csi-rbd-sc
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: sonatype-nexus
  labels:
    app: sonatype-nexus
spec:
  replicas: 1
  selector:
    matchLabels:
      app: sonatype-nexus
  template:
    metadata:
      labels:
        app: sonatype-nexus
    spec:
      containers:
      - name: sonatype-nexus
        image: sonatype/nexus3:3.34.0
        imagePullPolicy: IfNotPresent
        ports:
        - name: server
          containerPort: 8081
          containerPort: 10001
          containerPort: 10002
        livenessProbe:
          httpGet:
            path: /
            port: 8081
          initialDelaySeconds: 30
          periodSeconds: 30
          failureThreshold: 6
        readinessProbe:
          httpGet:
            path: /
            port: 8081
          initialDelaySeconds: 30
          periodSeconds: 30
          failureThreshold: 6
        env:
        - name: INSTALL4J_ADD_VM_PARAMS
          value: "
                  -Xms4096M 
                  -Xmx6096M 
                  -XX:MaxDirectMemorySize=4G 
                  -XX:+UnlockExperimentalVMOptions 
                  -XX:+UseCGroupMemoryLimitForHeap
                 "
        resources:
          limits:
            cpu: 4000m
            memory: 4096Mi   
          requests:
            cpu: 2000m
            memory: 2048Mi
        volumeMounts:
        - name: sonatype-nexus-data
          mountPath: /nexus-data
      volumes:
      - name: sonatype-nexus-data
        persistentVolumeClaim:
          claimName: sonatype-nexus