OpenShift Nexus
External
Internal
Overview
Nexus is a repository and artifact manager used by OpenShift to cache locally build dependencies, and those used by Maven in particular, close to builds. It is recommended to set up one per OpenShift cluster, to speed up Maven builds.
Deploy Nexus Based on a Standard Sonatype Docker Image
oc new-app docker.io/sonatype/nexus3:latest
For more details what happens during a new application creation based on a container image, see:
Post-Creation Operations
Post-Creation Operations
Simply creating the application triggers a deployment, while the application is not ready yet to be deployed, so we disable the automatic deployment and drop what has already been deployed:
oc rollout pause dc nexus3 oc delete rc <rc-name>
Deleting the replication controller will also terminate the pod it started.
Change the Deployment Strategy
oc patch dc nexus3 --patch='{ "spec": { "strategy": { "type": "Recreate" }}}'
Don't I need to also change configuration?
Attach a Valid Persistence Volume
For this to work, a 2Gi or more persistent volume must be already provisioned and available.
Create the persistent volume claim:
echo "apiVersion: v1 kind: PersistentVolumeClaim metadata: name: production-nexus-pvc spec: accessModes: - ReadWriteOnce resources: requests: storage: 2Gi" | oc create -f -
If an appropriate persistent volume exists, it will be immediately bound after the persistent volume claim creation.
Modify the deployment configuration to use the persistent volume claim:
oc set volumes dc/nexus3 --remove --name=nexus3-volume-1
oc set volumes dc/nexus3 --add --name=nexus-data --mount-path=/nexus-data/ --type persistentVolumeClaim --claim-name=production-nexus-pvc
Setup Resources
oc set resources dc/nexus3 --limits=memory=2Gi --requests=memory=1Gi
Setup the Readiness and Liveness Probes
oc set probe dc/nexus3 --readiness \ --failure-threshold 3 --initial-delay-seconds 120 \ --get-url=http://:8081/repository/maven-public/
oc set probe dc/nexus3 --liveness \ --failure-threshold 3 --initial-delay-seconds 120 \ -- echo ok
Expose the Service
oc expose service nexus3 --hostname=maven.openshift.novaordis.io
Resume Rollout
oc rollout resume dc nexus3
Test
Wait for the pod to be brought on-line, connect as admin/admin123 and change the default password. The changes will be persisted in storage.
Set up Red Hat repositories with this script: https://github.com/NovaOrdis/playground/blob/master/openshift/auxiliary-tools/setup_nexus3.sh
./setup_nexus3.sh admin <admin-password> https://nexus3-cicd.apps.openshift.novaordis.io
Configuration
Image built-in credentials: deployment/deployment123. TODO - configure this during installation.
Method 1
Use the following template: https://github.com/NovaOrdis/playground/blob/master/openshift/templates/nexus-template.yaml
Copy it locally and then:
oc process -f nexus.yaml | oc create -f -
Verification
Nexus should be available at: https://nexus3-cicd.apps.openshift.novaordis.io
The new proxies installed into Browse -> Components: jboss, redhat-ga, maven-all-public, releases.
Troubleshooting
- OpenShift Nexus Kept Getting Restarted
- OpenShift Nexus Pod failed to Start During the CI/CD Pipeline Deployment
Interaction with OpenShift
MAVEN_MIRROR_URL
'MAVEN_MIRROR_URL' is an environment variable interpreted by the OpenShift s2i builders, which use the Maven repository whose URL is specified as a source of artifacts.
OpenShift image builders check for the environment variable MAVEN_MIRROR_URL, which should point to:
- Nexus 2: https://nexus-cicd.apps.openshift.novaordis.io/content/groups/public
- Nexus 3: https://nexus3-cicd.apps.openshift.novaordis.io/repository/maven-all-public
Configure Maven from Maven Build Pods to Use Nexus as Mirror
In all Maven build pods, invoke maven with an alternate settings file that specifies Nexus as a Maven mirror.
mvn -s ./openshift/nexus-settings.xml
Maven command can also be defined as:
def mavenCommand="mvn -s openshift/nexus-settings.xml"
where nexus-settings.xml should be similar to:
<settings>
<servers>
<server>
<id>nexus</id>
<username>deployment</username>
<password>deployment123</password>
</server>
</servers>
<mirrors>
<mirror>
<id>nexus</id>
<mirrorOf>*</mirrorOf>
<url>https://nexus-cicd.apps.openshift.novaordis.io/content/groups/public/</url>
</mirror>
</mirrors>
<profiles>
<profile>
<id>nexus</id>
<!--Enable snapshots for the built in central repo to direct -->
<!--all requests to nexus via the mirror -->
<repositories>
<repository>
<id>central</id>
<url>https://central</url>
<releases><enabled>true</enabled></releases>
<snapshots><enabled>true</enabled></snapshots>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>central</id>
<url>https://central</url>
<releases><enabled>true</enabled></releases>
<snapshots><enabled>true</enabled></snapshots>
</pluginRepository>
</pluginRepositories>
</profile>
</profiles>
<activeProfiles>
<activeProfile>nexus</activeProfile>
</activeProfiles>
</settings>