Squid Labs

Part 5 CI: Setting up Nexus Repository

Kev's photo
Kev
·

3 min read

Table of contents

In CI/CD process upon building the project, the outcome is an artifactory. In the CD Phase, we deploy these artifactories on our production/pre-production server.

Sonatype Nexus Repository is a robust package registry for all of my Docker images. Well there are others like JFrog Container Registry. Nexus Repository is easier for most people.

I have setup this in the same SonarQube machine, running Xubuntu. So let's get started on how to get this to be installed

First of install OpenJDK

sudo apt install openjdk-8-jre-headless

Next go to Sonatype page to download. You might need to register

https://www.sonatype.com/products/sonatype-nexus-oss-download

tar -xvzf nexus-3.56.0-01-unix.tar.gz

As security practice, not to run nexus service using root user, so lets create new user named nexus to run nexus service

sudo adduser nexus

To set no password for nexus user open the visudo file in ubuntu

sudo visudo

Add below line into it , save and exit

nexus ALL=(ALL) NOPASSWD: ALL

Give permission to nexus files and nexus directory to nexus user

sudo chown -R nexus:nexus /opt/nexus

sudo chown -R nexus:nexus /opt/sonatype-work

To run nexus as service at boot time, open /opt/nexus/bin/nexus.rc file, uncomment it. Add nexus user as shown below

sudo nano /opt/nexus/bin/nexus.rc

run_as_user="nexus"

To Increase the nexus JVM heap size, open the /opt/nexus/bin/nexus.vmoptions file, you can modify the size as shown below

In the below settings, the directory is changed from ../sonatype-work to ./sonatype-work

-Xms2703m
-Xmx2703m
-XX:MaxDirectMemorySize=2703m
-XX:+UnlockDiagnosticVMOptions
-XX:+LogVMOutput
-XX:LogFile=./sonatype-work/nexus3/log/jvm.log
-XX:-OmitStackTraceInFastThrow
-Djava.net.preferIPv4Stack=true
-Dkaraf.home=.
-Dkaraf.base=.
-Dkaraf.etc=etc/karaf
-Djava.util.logging.config.file=etc/karaf/java.util.logging.properties
-Dkaraf.data=./sonatype-work/nexus3
-Dkaraf.log=./sonatype-work/nexus3/log
-Djava.io.tmpdir=./sonatype-work/nexus3/tmp
-Dkaraf.startLocalConsole=false
-Djdk.tls.ephemeralDHKeySize=2048

Run Nexus as a service

To run nexus as service using systemd

sudo nano /etc/systemd/system/nexus.service

paste the below lines into it.

[Unit]
Description=nexus service
After=network.target

[Service]
Type=forking
LimitNOFILE=65536
ExecStart=/opt/nexus/bin/nexus start
ExecStop=/opt/nexus/bin/nexus stop
User=nexus
Restart=on-abort

[Install]
WantedBy=multi-user.target

To start nexus service using systemctl

sudo systemctl start nexus

To enable nexus service at system startup

sudo systemctl enable nexus

if the nexus service is not started, you can the nexus logs using below command

tail -f /opt/sonatype-work/nexus3/log/nexus.log

If you are running UFW firewall on Ubuntu, open the firewall port 8081 using below command.

ufw allow 8081/tcp

Accessing Nexus Repository Interface.

You can go to localhost:8081. To login to Nexus, click on Sign In, default username is admin

To find default password run the below command

cat /opt/nexus/sonatype-work/nexus3/admin.password

copy the default nexus password and login, you can reset the password once logged in to nexus. Follow the wizard to complete the process of changing your password.

Configuring Nexus Repository

Go to the nexus repository, click on the Create Repository

Select docker (hosted)

Select the options as below

After completing, go to Security > Realms, add Docker Bearer Token. Click on Save

Setting up Docker

Make sure you have Docker installed and up and running. If not please proceed with that first

Steps to configure in Docker to upload Docker images to Nexus:

Go to sudo nano /etc/hosts, add the below on the machine Nexus is configured,

127.0.0.1  nexus.testlabs.local

for other machine if you want to connect, add the ip instead. example is below

192.168.1.112  nexus.testlabs.local

Next, configure Docker service to use insecure registry with http.Create Docker daemon file if it does not exist.

sudo vi /etc/docker/daemon.json

Add entries like below:

{
    "insecure-registries" : ["nexus.testlabs.local:8083"]
}

Restart Docker daemon after above configuration changes.

sudo systemctl restart docker

Login into Nexus Docker Registry

Make sure you are able to login to Docker Registry hosted in Nexus by executing below command:

sudo docker login -u admin nexus.testlabs.local:8083
and then enter nexus admin password

if the login is successful you can use

sudo docker build -t nexus.testlabs.local:8083/{your image}

sudo docker push nexus.testlabs.local:8083/{your image}

Final thoughts

There are more advance topic such as adding certificates, doinng CI/CD from Gitlab etc. Hope you enjoy the tutorial

sonatypeCI/CDDocker