From d1d9e51f01eac79d879673c27b5df11381cc7e4a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= <valtri@civ.zcu.cz>
Date: Wed, 12 Mar 2025 18:01:37 +0000
Subject: [PATCH] Remove the older Nexus Repository deployment
---
eosc-devel/inventory/99-all.yaml | 5 -
eosc-devel/playbooks/repository-nexus.yaml | 178 ------------------
.../playbooks/subtasks/nexus-repository.yaml | 23 ---
eosc-devel/playbooks/subtasks/nexus-role.yaml | 23 ---
eosc-devel/playbooks/subtasks/nexus-user.yaml | 27 ---
.../playbooks/templates/nexus-blobstore.yaml | 18 --
.../playbooks/templates/nexus-realms.yaml | 3 -
.../nexus-repository-container-notebooks.yaml | 12 --
.../templates/nexus-repository-registry.yaml | 11 --
.../templates/nexus-role-anonymous.yaml | 10 -
.../templates/nexus-role-binder.yaml | 10 -
.../templates/nexus-role-registry-read.yaml | 7 -
.../templates/nexus-role-registry-write.yaml | 10 -
.../templates/nexus-user-binder.yaml | 9 -
.../templates/nexus-user-notebooks.yaml | 9 -
.../templates/nexus-user-writer.yaml | 9 -
eosc-devel/playbooks/templates/nexus.yaml | 147 ---------------
17 files changed, 511 deletions(-)
delete mode 100644 eosc-devel/playbooks/repository-nexus.yaml
delete mode 100644 eosc-devel/playbooks/subtasks/nexus-repository.yaml
delete mode 100644 eosc-devel/playbooks/subtasks/nexus-role.yaml
delete mode 100644 eosc-devel/playbooks/subtasks/nexus-user.yaml
delete mode 100644 eosc-devel/playbooks/templates/nexus-blobstore.yaml
delete mode 100644 eosc-devel/playbooks/templates/nexus-realms.yaml
delete mode 100644 eosc-devel/playbooks/templates/nexus-repository-container-notebooks.yaml
delete mode 100644 eosc-devel/playbooks/templates/nexus-repository-registry.yaml
delete mode 100644 eosc-devel/playbooks/templates/nexus-role-anonymous.yaml
delete mode 100644 eosc-devel/playbooks/templates/nexus-role-binder.yaml
delete mode 100644 eosc-devel/playbooks/templates/nexus-role-registry-read.yaml
delete mode 100644 eosc-devel/playbooks/templates/nexus-role-registry-write.yaml
delete mode 100644 eosc-devel/playbooks/templates/nexus-user-binder.yaml
delete mode 100644 eosc-devel/playbooks/templates/nexus-user-notebooks.yaml
delete mode 100644 eosc-devel/playbooks/templates/nexus-user-writer.yaml
delete mode 100644 eosc-devel/playbooks/templates/nexus.yaml
diff --git a/eosc-devel/inventory/99-all.yaml b/eosc-devel/inventory/99-all.yaml
index 5b1474d..24e3c91 100644
--- a/eosc-devel/inventory/99-all.yaml
+++ b/eosc-devel/inventory/99-all.yaml
@@ -16,9 +16,4 @@ all:
vault_mount_point: secrets/users/e1662e20-e34b-468c-b0ce-d899bc878364@egi.eu/eosc-dev
notebooks_hostname: fullhub.eosc.zcu.cz
- binder_hostname: replay.eosc.zcu.cz
- old_binder_hostname: binder.eosc.zcu.cz
- docker2_hostname: registry.eosc.zcu.cz
- docker_hostname: docker.eosc.zcu.cz
grafana_hostname: grafana.eosc.zcu.cz
- nexus_hostname: nexus.eosc.zcu.cz
diff --git a/eosc-devel/playbooks/repository-nexus.yaml b/eosc-devel/playbooks/repository-nexus.yaml
deleted file mode 100644
index 470ce7b..0000000
--- a/eosc-devel/playbooks/repository-nexus.yaml
+++ /dev/null
@@ -1,178 +0,0 @@
----
-- name: Sonatype Nexus deployment
- hosts: master
- vars:
- nexus_url: "https://{{ nexus_hostname }}/service/rest/v1"
- nexus_admin_password: "{{ lookup('community.hashi_vault.hashi_vault', (vault_mount_point, 'nexus_admin_password:value') | join('/'),
- token_validate=false) }}"
- nexus_binder_password: "{{ lookup('community.hashi_vault.hashi_vault', (vault_mount_point, 'nexus_binder_password:value') | join('/'),
- token_validate=false) }}"
- nexus_notebooks_password: "{{ lookup('community.hashi_vault.hashi_vault', (vault_mount_point, 'nexus_notebooks_password:value') | join('/'),
- token_validate=false) }}"
- nexus_writer_password: "{{ lookup('community.hashi_vault.hashi_vault', (vault_mount_point, 'nexus_writer_password:value') | join('/'),
- token_validate=false) }}"
- nexus_blobstore_name: default
- nexus_blobstore_type: file
- nexus_repository_name: container-notebooks
- nexus_docker_port: 8082
- become: true
- tasks:
- - name: Create Nexus configuration file on master
- vars:
- name: nexus
- template:
- src: templates/nexus.yaml
- dest: /tmp/nexus.yaml
- mode: 0600
- - name: Deploy/update Nexus instance
- command: kubectl apply -f /tmp/nexus.yaml
- environment:
- KUBECONFIG: /etc/kubernetes/admin.conf
- PATH: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
- changed_when: true
- when: true
- - name: Wait for Nexus pod ready
- command: kubectl wait pod --all --namespace nexus --for condition=ready --timeout=5m
- environment:
- KUBECONFIG: /etc/kubernetes/admin.conf
- changed_when: false
- when: true
- - name: Wait for Nexus REST API
- uri:
- url: "{{ nexus_url }}/status"
- status_code: 200
- method: GET
- register: _result
- until: _result.status == 200
- retries: 120
- delay: 15
- - name: Check the admin password
- uri:
- url: "{{ nexus_url }}/status"
- force_basic_auth: true
- method: HEAD
- user: 'admin'
- password: "{{ nexus_admin_password }}"
- status_code: 200, 401
- register: nexus_admin_password_check
- - name: Admin password setup
- when:
- - nexus_admin_password_check.status == 401
- block:
- - name: Get initial admin password
- shell: 'kubectl exec -it -n nexus $(kubectl get pod -n nexus -l app=sonatype-nexus -o name) -- cat /nexus-data/admin.password'
- register: nexus_admin_password_initial
- changed_when: false
- environment:
- KUBECONFIG: /etc/kubernetes/admin.conf
- - name: Set the admin password
- uri:
- url: "{{ nexus_url }}/security/users/admin/change-password"
- force_basic_auth: true
- headers:
- Content-Type: text/plain
- method: PUT
- user: 'admin'
- password: "{{ nexus_admin_password_initial.stdout }}"
- body: "{{ nexus_admin_password }}"
- body_format: raw
- status_code: [200, 204]
- rescue:
- - name: Admin Password Setup Fail
- fail:
- msg: "Failed admin password setup"
- - name: Check blobstore
- uri:
- url: "{{ nexus_url }}/blobstores/{{ nexus_blobstore_type }}/{{ nexus_blobstore_name }}"
- force_basic_auth: true
- user: 'admin'
- password: "{{ nexus_admin_password }}"
- # XXX: workaround REST API bug for S3 (Nexus 3.33.0-01)
- status_code: [200, 400, 404, 500]
- register: nexus_blobstore_check
- # XXX: REST API bug II - needs to be created manually
- - name: Create blobstore
- when: &blobstore_changed
- - nexus_blobstore_check.status == 404 or nexus_blobstore_check.status == 400
- uri:
- url: "{{ nexus_url }}/blobstores/{{ nexus_blobstore_type }}"
- force_basic_auth: true
- method: POST
- user: 'admin'
- password: "{{ nexus_admin_password }}"
- body: "{{ lookup('template', 'templates/nexus-blobstore.yaml') | from_yaml }}"
- body_format: json
- status_code: [200, 201]
- changed_when: *blobstore_changed
- - name: Check binder repository
- uri:
- url: "{{ nexus_url }}/repositories/docker/hosted/{{ nexus_repository_name }}"
- force_basic_auth: true
- user: 'admin'
- password: "{{ nexus_admin_password }}"
- status_code: [200, 404]
- register: nexus_repository_check
- - name: Delete original repositories
- when: &repositories_deleted
- - nexus_repository_check.status == 404
- uri:
- url: "{{ nexus_url }}/repositories/{{ item }}"
- force_basic_auth: true
- method: DELETE
- user: 'admin'
- password: "{{ nexus_admin_password }}"
- status_code: [200, 204, 404]
- register: _result
- loop:
- - maven-central
- - maven-public
- - maven-releases
- - maven-snapshots
- - nuget-group
- - nuget-hosted
- - nuget.org-proxy
- changed_when: _result.status == 200 or _result.status == 204
- - name: Create repositories
- include_tasks: subtasks/nexus-repository.yaml
- loop:
- - name: "{{ nexus_repository_name }}"
- type: docker/hosted
- - name: registry
- type: docker/hosted
- - name: Create roles
- include_tasks: subtasks/nexus-role.yaml
- loop:
- - anonymous
- - binder
- - registry-read
- - registry-write
- - name: Create users
- include_tasks: subtasks/nexus-user.yaml
- loop:
- - binder
- - notebooks
- - writer
- - name: Check security realms
- uri:
- url: "{{ nexus_url }}/security/realms/active"
- force_basic_auth: true
- user: 'admin'
- password: "{{ nexus_admin_password }}"
- return_content: true
- register: nexus_realms_check
- - name: Update securty realms
- when: &realms_changed
- - '"DockerToken" not in nexus_realms_check.content'
- uri:
- url: "{{ nexus_url }}/security/realms/active"
- force_basic_auth: true
- headers:
- accept: application/json
- Content-Type: application/json
- method: PUT
- user: 'admin'
- password: "{{ nexus_admin_password }}"
- body: "{{ lookup('template', 'templates/nexus-realms.yaml') | from_yaml }}"
- body_format: json
- status_code: [200, 204]
- changed_when: *realms_changed
diff --git a/eosc-devel/playbooks/subtasks/nexus-repository.yaml b/eosc-devel/playbooks/subtasks/nexus-repository.yaml
deleted file mode 100644
index 198d9fc..0000000
--- a/eosc-devel/playbooks/subtasks/nexus-repository.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-- name: Check repository {{ item.name }}
- uri:
- url: "{{ nexus_url }}/repositories/{{ item.type }}/{{ item.name }}"
- force_basic_auth: true
- user: 'admin'
- password: "{{ nexus_admin_password }}"
- status_code: [200, 404]
- register: nexus_repository_check
-
-- name: Create repository {{ item.name }}
- when: &repository_created
- - nexus_repository_check.status == 404
- uri:
- url: "{{ nexus_url }}/repositories/{{ item.type }}"
- force_basic_auth: true
- method: POST
- user: 'admin'
- password: "{{ nexus_admin_password }}"
- body: "{{ lookup('template', 'templates/nexus-repository-' + item.name + '.yaml') | from_yaml }}"
- body_format: json
- status_code: [200, 201]
- changed_when: *repository_created
diff --git a/eosc-devel/playbooks/subtasks/nexus-role.yaml b/eosc-devel/playbooks/subtasks/nexus-role.yaml
deleted file mode 100644
index 7cb3128..0000000
--- a/eosc-devel/playbooks/subtasks/nexus-role.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-- name: Check role {{ item }}
- uri:
- url: "{{ nexus_url }}/security/roles/{{ item }}"
- force_basic_auth: true
- user: 'admin'
- password: "{{ nexus_admin_password }}"
- status_code: [200, 404]
- register: nexus_role_check
-
-- name: Create role {{ item }}
- when: &role_created
- - nexus_role_check.status == 404
- uri:
- url: "{{ nexus_url }}/security/roles"
- force_basic_auth: true
- method: POST
- user: 'admin'
- password: "{{ nexus_admin_password }}"
- body: "{{ lookup('template', 'templates/nexus-role-' + item + '.yaml') | from_yaml }}"
- body_format: json
- status_code: [200, 201]
- changed_when: *role_created
diff --git a/eosc-devel/playbooks/subtasks/nexus-user.yaml b/eosc-devel/playbooks/subtasks/nexus-user.yaml
deleted file mode 100644
index 2355a57..0000000
--- a/eosc-devel/playbooks/subtasks/nexus-user.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
----
-- name: Check user {{ item }}
- uri:
- url: "{{ nexus_url }}/security/users?userId={{ item }}"
- force_basic_auth: true
- user: 'admin'
- password: "{{ nexus_admin_password }}"
- return_content: true
- status_code: [200, 404]
- register: nexus_user_check
-
-- name: Create user {{ item }}
- when: &user_created
- - item not in nexus_user_check.content
- uri:
- url: "{{ nexus_url }}/security/users"
- force_basic_auth: true
- headers:
- accept: application/json
- Content-Type: application/json
- method: POST
- user: 'admin'
- password: "{{ nexus_admin_password }}"
- body: "{{ lookup('template', 'templates/nexus-user-' + item + '.yaml') | from_yaml }}"
- body_format: json
- status_code: [200, 201]
- changed_when: *user_created
diff --git a/eosc-devel/playbooks/templates/nexus-blobstore.yaml b/eosc-devel/playbooks/templates/nexus-blobstore.yaml
deleted file mode 100644
index a186bd1..0000000
--- a/eosc-devel/playbooks/templates/nexus-blobstore.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-name: {{ nexus_blobstore_name }}
-
-# CESNET OpenStack - container object storage
-# bucketConfiguration:
-# bucket:
-# name: binder-repository
-# expiration: 3
-# region: storage
-# bucketSecurity:
-# accessKeyId: XXXX
-# secretAccessKey: XXXX
-# advancedBucketConnection:
-# endpoint: https://object-store.cloud.muni.cz
-# forcePathStyle: true
-
-# default
-path: default
diff --git a/eosc-devel/playbooks/templates/nexus-realms.yaml b/eosc-devel/playbooks/templates/nexus-realms.yaml
deleted file mode 100644
index c49f88f..0000000
--- a/eosc-devel/playbooks/templates/nexus-realms.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-- NexusAuthenticatingRealm
-- DockerToken
diff --git a/eosc-devel/playbooks/templates/nexus-repository-container-notebooks.yaml b/eosc-devel/playbooks/templates/nexus-repository-container-notebooks.yaml
deleted file mode 100644
index 7b9a316..0000000
--- a/eosc-devel/playbooks/templates/nexus-repository-container-notebooks.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-name: {{ nexus_repository_name }}
-online: true
-storage:
- blobStoreName: {{ nexus_blobstore_name }}
- strictContentTypeValidation: true
- writePolicy: allow
-docker:
- v1Enabled: false
- # basic-auth worked only with binder 0.2.0-n577.h14cc6c7 + jupyterhub 0.11.1
- forceBasicAuth: false
- httpPort: {{ nexus_docker_port }}
diff --git a/eosc-devel/playbooks/templates/nexus-repository-registry.yaml b/eosc-devel/playbooks/templates/nexus-repository-registry.yaml
deleted file mode 100644
index 4e8310d..0000000
--- a/eosc-devel/playbooks/templates/nexus-repository-registry.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-name: registry
-online: true
-storage:
- blobStoreName: {{ nexus_blobstore_name }}
- strictContentTypeValidation: true
- writePolicy: allow
-docker:
- v1Enabled: false
- forceBasicAuth: true
- httpPort: {{ nexus_docker_port + 1 }}
diff --git a/eosc-devel/playbooks/templates/nexus-role-anonymous.yaml b/eosc-devel/playbooks/templates/nexus-role-anonymous.yaml
deleted file mode 100644
index 1a0e63c..0000000
--- a/eosc-devel/playbooks/templates/nexus-role-anonymous.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-id: anonymous
-name: anonymous
-description: Anonymous Role for Notebooks repository manager
-# only explicit repository read roles to avoid access to the internal repository
-privileges:
- - nx-healthcheck-read
- - nx-repository-view-docker-{{ nexus_repository_name }}-browse
- - nx-repository-view-docker-{{ nexus_repository_name }}-read
- - nx-search-read
diff --git a/eosc-devel/playbooks/templates/nexus-role-binder.yaml b/eosc-devel/playbooks/templates/nexus-role-binder.yaml
deleted file mode 100644
index 5926f10..0000000
--- a/eosc-devel/playbooks/templates/nexus-role-binder.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-id: binder
-name: binder
-description: EGI Notebooks Binder
-privileges:
- - nx-repository-view-docker-{{ nexus_repository_name }}-add
- - nx-repository-view-docker-{{ nexus_repository_name }}-edit
- - nx-repository-view-docker-{{ nexus_repository_name }}-read
-roles:
- - anonymous
diff --git a/eosc-devel/playbooks/templates/nexus-role-registry-read.yaml b/eosc-devel/playbooks/templates/nexus-role-registry-read.yaml
deleted file mode 100644
index 15c97da..0000000
--- a/eosc-devel/playbooks/templates/nexus-role-registry-read.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-id: registry-read
-name: registry-read
-description: EGI Notebooks internal repositories read access
-privileges:
- - nx-repository-view-docker-registry-browse
- - nx-repository-view-docker-registry-read
diff --git a/eosc-devel/playbooks/templates/nexus-role-registry-write.yaml b/eosc-devel/playbooks/templates/nexus-role-registry-write.yaml
deleted file mode 100644
index b6197a7..0000000
--- a/eosc-devel/playbooks/templates/nexus-role-registry-write.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-id: registry-write
-name: registry-write
-description: EGI Notebooks internal repositories write access
-privileges:
- - nx-repository-view-docker-registry-add
- - nx-repository-view-docker-registry-browse
- - nx-repository-view-docker-registry-delete
- - nx-repository-view-docker-registry-edit
- - nx-repository-view-docker-registry-read
diff --git a/eosc-devel/playbooks/templates/nexus-user-binder.yaml b/eosc-devel/playbooks/templates/nexus-user-binder.yaml
deleted file mode 100644
index 5a9f2f6..0000000
--- a/eosc-devel/playbooks/templates/nexus-user-binder.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-userId: binder
-firstName: EGI
-lastName: Binder
-emailAddress: valtri@civ.zcu.cz
-password: {{ nexus_binder_password }}
-status: active
-roles:
- - binder
diff --git a/eosc-devel/playbooks/templates/nexus-user-notebooks.yaml b/eosc-devel/playbooks/templates/nexus-user-notebooks.yaml
deleted file mode 100644
index 0fc60b3..0000000
--- a/eosc-devel/playbooks/templates/nexus-user-notebooks.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-userId: notebooks
-firstName: EGI
-lastName: Notebooks
-emailAddress: valtri@civ.zcu.cz
-password: {{ nexus_notebooks_password }}
-status: active
-roles:
- - registry-read
diff --git a/eosc-devel/playbooks/templates/nexus-user-writer.yaml b/eosc-devel/playbooks/templates/nexus-user-writer.yaml
deleted file mode 100644
index 9fb4126..0000000
--- a/eosc-devel/playbooks/templates/nexus-user-writer.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-userId: writer
-firstName: EGI
-lastName: Writer
-emailAddress: valtri@civ.zcu.cz
-password: {{ nexus_writer_password }}
-status: active
-roles:
- - registry-write
diff --git a/eosc-devel/playbooks/templates/nexus.yaml b/eosc-devel/playbooks/templates/nexus.yaml
deleted file mode 100644
index 861ff0b..0000000
--- a/eosc-devel/playbooks/templates/nexus.yaml
+++ /dev/null
@@ -1,147 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
- name: {{ name }}
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: nexus-pvc
- namespace: {{ name }}
- labels:
- app: sonatype-nexus
-spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 500Gi
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: nexus
- namespace: {{ name }}
- labels:
- app: sonatype-nexus
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: sonatype-nexus
- template:
- metadata:
- labels:
- app: sonatype-nexus
- spec:
- containers:
- - image: sonatype/nexus3
- imagePullPolicy: Always
- name: nexus
- ports:
- - containerPort: 8081
- - containerPort: {{ nexus_docker_port }}
- - containerPort: {{ nexus_docker_port + 1 }}
- resources:
- limits:
- cpu: 4
- volumeMounts:
- - mountPath: /nexus-data
- name: nexus-data-volume
- volumes:
- - name: nexus-data-volume
- persistentVolumeClaim:
- claimName: nexus-pvc
----
-apiVersion: v1
-kind: Service
-metadata:
- name: nexus
- namespace: {{ name }}
-spec:
- ports:
- - port: 80
- targetPort: 8081
- protocol: TCP
- name: http
- - port: 5000
- targetPort: {{ nexus_docker_port }}
- protocol: TCP
- name: docker-container-notebooks
- - port: 5001
- targetPort: {{ nexus_docker_port + 1 }}
- protocol: TCP
- name: docker-repository
- selector:
- app: sonatype-nexus
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: nexus-ingress
- namespace: nexus
- annotations:
- kubernetes.io/ingress.class: "nginx"
- kubernetes.io/tls-acme: "true"
- ingress.kubernetes.io/proxy-body-size: 100m
- nginx.ingress.kubernetes.io/proxy-connect-timeout: "15"
- nginx.ingress.kubernetes.io/proxy-send-timeout: "1800"
- nginx.ingress.kubernetes.io/proxy-read-timeout: "1800"
- nginx.ingress.kubernetes.io/proxy-next-upstream-timeout: "1800"
- nginx.ingress.kubernetes.io/proxy-request-buffering: "on"
-spec:
- tls:
- - hosts:
- - {{ nexus_hostname }}
- - {{ docker_hostname }}
- - {{ docker2_hostname }}
- secretName: acme-tls-{{ name }}
- rules:
- - host: {{ nexus_hostname }}
- http:
- paths:
- - backend:
- service:
- name: nexus
- port:
- number: 80
- path: /
- pathType: Prefix
- - host: {{ docker_hostname }}
- http:
- paths:
- - backend:
- service:
- name: nexus
- port:
- number: 5000
- path: /
- pathType: Prefix
- - host: {{ docker2_hostname }}
- http:
- paths:
- - backend:
- service:
- name: nexus
- port:
- number: 5001
- path: /
- pathType: Prefix
-# direct access without nginx layer and SSL (for debugging)
-# ---
-# apiVersion: v1
-# kind: Service
-# metadata:
-# name: nexus-repository-direct
-# namespace: {{ name }}
-# spec:
-# type: NodePort
-# selector:
-# app: sonatype-nexus
-# ports:
-# - port: 5002
-# targetPort: {{ nexus_docker_port + 1 }}
-# protocol: TCP
-# nodePort: 31444
-# externalIPs: {{ groups['ingress'] }}
--
GitLab