Upgrade Nexus - HackMD

# Upgrading Sonatype Nexus on Minikube ### Introduction #### Build Artifacts >[!Note] >**建置時產生的構件** >**** >- Environment + Compiled output = Artifact >- Build artifacts are files produced by a build. >Typicall, these include distrubution packages, bin, container images, log files, and so on. >- an item that is produced during the development process #### Repository >[!Note] >**構件存放庫** >**** >- A repository is a storage location where components such as packages, libraraies, NuGet, or npm are retrieved so the can be installed or used. > >****Examples**** >- Central Repositroy >- RubyGems.org >- Nuget Gallery >- npmjs.org >- DockerHub #### Blob Store **component(npm, Maven)跟Metadata(component's content, version)儲存的位置** :::info - **Component :** 組件 npm, maven, nuget, etc.。 - **Metadata :** 元數據包刮component的信息，version, dependency, etc. ::: >[!Note] >- A binary large object (blob) storage, or blobstore, is the folder or network location for where Nexus Repository will store everything uploaded to or proxied from a repository, including basic metadata for the object. >- The blobstore location should be configured with as low latency as possible to avoid impacting performance. >- Every repository is configured against a single blobstore or blobstore group with one or many repositories using a given blobstore. #### Repository Manager >[!Note] >**存放庫管理者** >- **Hosted Repository** : Stored and retrieve from one hosted repository. >- **Proxy Repository** : Stored and retrieve from differnet repository. >- **Group Repository** : Using a single URL for hosted and proxy. >**** >1. Store and retrieve build artifacts. (儲存翰取回構件) >2. Proxies remote repositories and caches public components locally. >(DockerHub, npm, etc.) (跨域取得公用構件並形成快取) >3. Hosts internal repositories. (設定內部網路存放庫) >4. Group repositories into a single repository. >5. Enable greater collaboration between developers.(開發者可訪問統一存放庫) >6. Bring increased build performance due to a wider distribution of software and locally available parts. >7. Reduce network bandwidth and dependency on remote repositories. (只有需要時針對需要的構件下載) >8. Insulate your company from outages in the internet, outages of public repositories (npm, nuget, etc.) (隔離避免外部的public center repo出問題影響) > #### Nexus Advantages :::info Nexus is a popular repository manager. Basically, It is used for **storing** and **managing software artifacts** and there is no doubt that Nexus is widely used in software development environments for various purposes. ::: 1. **Dependency Management**: As I already mentioned above, Nexus acts as a central repository for storing and managing dependencies that are required by development projects. 2. **Artifact Hosting**: Mainly organizations can host their private repository in Nexus, This provides the control for accessing and sharing libraries, plugins, and many more. 3. **Release Management**: Nexus also supports staging repositories for testing and then validating artifacts before the push to the production release repository. 4. **Continuous Integration/Deployment**: Nexus seamlessly integrates with build automation tools like Jenkins, Azure DevOps, and many others. 5. **Docker Registry**: Nexus provides support for hosting private Docker repositories. It also allows you to store the image and manage the Docker images with versions. ![image](https://hackmd.io/_uploads/HyFDzCyw0.png) ## Nexus yaml to Kubernetes (minikube) :::success #### Kubernetes YAML Standard Format - **apiVersion :** 指定Kubernetes API版本。 - **kind :** 資源的類型。(Pod, Service, Deployment, ConfigMap) - **metadata:** 資源的數據。(name, namespace, labels) - **spec:** 資源規範。(replicas, selector, template) ::: ### 1. 新增一個命名空間 (pvc, deployment) kubectl create namespace (metadata.namespace) (為了資源隔離或資源配額，且易於管理) ### 2. 應用yaml啟動 kubectl apply -f <path-to-your-.yaml> --namespace (metadata.namespace) (pvc 要建在跟deplyment.yaml同一個namespace，這樣才找的到pvc) ```yaml= apiVersion: apps/v1 kind: Deployment metadata: name: nexus namespace: nexus-test spec: replicas: 1 selector: matchLabels: app: nexus template: metadata: labels: app: nexus spec: containers: - name: nexus image: sonatype/nexus3:3.24.0 env: - name: INSTALL4J_ADD_VM_PARAMS #lock User prefs Error、讓nexus偵測到可用的CPU有四個 value: "-Djava.util.prefs.userRoot=/nexus-data -XX:ActiveProcessorCount=4" ports: - containerPort: 8081 volumeMounts: - name: nexus-data mountPath: /nexus-data volumes: - name: nexus-data persistentVolumeClaim: claimName: nexus-pvc ``` ```yaml= apiVersion: v1 kind: PersistentVolumeClaim metadata: name: nexus-pvc namespace: nexus-test spec: accessModes: - ReadWriteOnce resources: #存儲資源 requests: storage: 10Gi ``` ### 3. 檢查Pod狀態 (Lens & 指令) kubectl get pods --namespace <namespace.name> (STATUS = READY 或 Lens查看服務狀態) ![image](https://hackmd.io/_uploads/r1Ho0-CwA.png) ![image](https://hackmd.io/_uploads/SJZTRZCPR.png) ### 4. 檢查PVC狀態 (Lens & 指令) kubectl get pvc --namespace <namespace.name> (STATUS = READY 或 Lens查看服務狀態) :::danger **PersistentVolume(PV) :** 持久化存儲資源，是Kubernetes中實際的存儲資源，目的是當Pod被關閉時，數據 **(設定檔、Log文件等)** 可以保存。 **PersistentVolumeClaim(PVC) :** 持久化存儲資源聲明，是對PV的請求和聲明，用來定義存儲特性 **(容量及訪問模式等等)** ，創建一個PVC時，Kubernetes會依據PVC的需求綁定一個合適的PV。 ::: ### 5. 端口轉發 port-forward kubectl port-forward svc/nexus 8081:8081 (將Service的端口轉發到localhost的port上，與yaml的containerPort一致) ![image](https://hackmd.io/_uploads/HkVZyf0v0.png) ### 6. 首次登入的nexus密碼 Pod shell : cd nexus-data/ (Log日誌看的到這個目錄) cat admin.password (獲取密碼) Cmd : kubectl exec <pods_name> -n <namespace.name> cat /nexus-data/admin.password ![image](https://hackmd.io/_uploads/BJYvyz0P0.png) ### 7.查看nexus儲存位置 kubectl exec -it -n <namespace.name> <pod.name> -- bash cd opt/sonatype/sonatype-work/nexus3/(切換到儲存目錄) ![image](https://hackmd.io/_uploads/ryuTbMCDR.png) # Backup and Restore - 照著下面的Nexus Backup步驟執行 - 禁止所有權限訪問直到備份完成 - 取消所有正在運行的Tasks ## Nexus Backup ### Back up Task **1. db** - **$data-dir/db** (default remote directory) - **Task -> nexus-backup** (Admin - Export databases for backup) ![image](https://hackmd.io/_uploads/B1ydmM0P0.png) ![image](https://hackmd.io/_uploads/SkDZVMAPA.png) - kubectl cp nexus-test/<pod.name>:opt/sonatype/sonatype-work/nexus3/nexus-bcakup/ ./ (Copy to remote or host dir just in case) **2. blob stores** - **$data-dir/blobs** (default remote directory) - **kubectl cp nexus-test/nexus-bc84d866c-2km4v:/nexus-data/blobs ./** (Copy to remote or host dir) ![image](https://hackmd.io/_uploads/S1LTEMCwA.png) **3. Node ID** - **$data-dir/keystores/node** - **作用於 blob儲存指標及 Nexus Firewall還原** ``` kubectl cp nexus-test/<pod.name>:opt/sonatype/sonatype-work/nexus3/keystores/node ./ cp -r keystores/node. Backup-node/ (Copy to remote or host dir) ``` ![image](https://hackmd.io/_uploads/rkeCHz0PC.png) 參考網站 : https://blog.csdn.net/qq522044637/article/details/126867717 ## Nexus Upgrade version ##### K8s env (Without Helm Charts) - 確認Nexus是依什麼 **資源形式(deployment, stateful sets)** 佈署的，底下例子是以deployment為資源 **:** 1. **停止服務，確保沒有實例在運行** ``` kubectl get deployments -n <namespce> kubectl scale deployment <deployment-name> --replicas=0 -n <namespace-name> ``` 2. **修改yaml的version到你要的版本**(範例以3.24.0更新到3.70.1) ![image](https://hackmd.io/_uploads/S1omLWzO0.png) 3. **重新apply -f deplotment.yaml** ``` kubectl apply -f <deployment.yaml> -n <namespace.name> ``` ![image](https://hackmd.io/_uploads/H1S-AGRD0.png) ![image](https://hackmd.io/_uploads/B1YYAfRw0.png) **** ##### K8s env (Using Helm Charts) - 確認Nexus是依什麼 **資源形式(deployment, stateful sets)** 佈署的，底下例子是以statefulsets為資源 **:** 1. **停止服務，確保沒有實例在運行** ``` kubectl get statefulsets -n <namespace> kubectl scale statefulsets <stateful-set-name> --replicas=0 -n <namespace> ``` 2. **修改yaml的version到你要的版本** 3. **重新upgrade values.yaml** 4. **將replicas設定為原本的數量** ``` kubectl get statefulsets -n <namespace> kubectl scale statefulsets <stateful-set-name> --replicas=<number of replicas> -n <namespace> ``` 參考網站 : https://help.sonatype.com/en/upgrading-nexus-repository-in-an-ha-environment.html ## Nexus Restore #### Start the database restoration with these steps: 1. **Stop Nexus Repository** (暫停nexus服務) ![image](https://hackmd.io/_uploads/ryz4_zRvC.png) ![image](https://hackmd.io/_uploads/ryGy_7Rw0.png) 2. **Remove the following directories from $data-dir/db** (刪除以下資料夾) - component - config - security ![image](https://hackmd.io/_uploads/S1YWDfCPC.png) 3. **Go to the location where you stored the exported databases** (到Task匯出.bak的路徑) ![image](https://hackmd.io/_uploads/BJ6KdM0vR.png) 4. **Copy the corresponding .bak files to $data-dir/restore-from-backup for restoration** (Note: For version 3.10.0 or earlier use $data-dir/backup as the restore location) (將.bak檔案複製到restore-from-backup路徑下) ![image](https://hackmd.io/_uploads/r1fztzAw0.png) 5. **Restore blob store backup corresponding to the DB backup** (還原Blob檔案相同如3.4步驟) ![image](https://hackmd.io/_uploads/HybrUXADC.png) ![image](https://hackmd.io/_uploads/SyHuI70D0.png) ![image](https://hackmd.io/_uploads/rkPzv7AvR.png) 6. **Restart Nexus Repository** (重啟nexus服務) 7. **Verify Nexus Repository is running correctly** 8. **Remove .bak files from restore-from-backup directory** 9. **Running associated Tasks to restore metadata** 10. **Repair - Reconcile component database from blob store** (復原遺失套件的metadata針對選取的blob store) ![image](https://hackmd.io/_uploads/r12DOZG_A.png) --- - 下圖為從3.24.0升級至3.41.0，可以不需要做Restore所有設定檔及component會保留 ![image](https://hackmd.io/_uploads/SJQ2MGAvC.png) - 版本3.42.0，有更新Search必須精確指定篩選，為了載入UI減少延時的問題 ![image](https://hackmd.io/_uploads/B1b17HRPC.png) - 下圖為照著官方文件步驟嘗試更新至3.70.0，會保留所有設定檔資訊，blob count也會有幾個套件數量，Search必須下精確的篩選才會顯示套件，Browse的檔案可看到有留存起來。 ![image](https://hackmd.io/_uploads/H1rCQrAPC.png) ![image](https://hackmd.io/_uploads/BJXMUrAP0.png) ![image](https://hackmd.io/_uploads/BkJZ0vRDC.png) lock User prefs Error : https://community.sonatype.com/t/problem-afer-upgrading-to-3-42-0-could-not-lock-user-prefs/9568/4 參考網站 : https://stackoverflow.com/questions/49272210/nexus-3-backup-via-command-line 參考網站 : https://help.sonatype.com/en/restore-exported-databases.html