Creating docker host
Make sure you create a new key pair or select an existing one before creating the instance.
Also make sure that the security group has all the required rules. If you know you will be accessing the host from a static IP or a single subnet set the source to that IP or IP range, if you are not sure just select Anywhere
- Instance type: t2.medium
- EBS volume: 80 GB SSD
- Image: CoreOS: CoreOS-stable-723.3.0-hvm
- VPC: default
- Subnet: default
- Security Group: default
- Security Groups Rules:
- SSH - 22
- TCP - 8081
- ICMP - ALL
Docker host access
To enable remote access, first associate an Elastic IP with the instance.
You can also create a custom domain with DNS Route 53 service but to begin with you can simply add an entry to your /etc/hosts file
With CoreOS the password authentication is disabled via SSH so make sure to select a key pair when creating the instance.
The root user is disabled for SSH access, use the user core instead.
To make access more convenient you can configure the identity file with a given host.
- First copy the key file to
~/.ssh/configand add the following
- Host docker01.aws.cloud
- IdentityFile ~/.ssh/aws-dev.pem
Now you should be able to access you docker host by typing
Another option is to simply reference the key identity file when accessing the host
ssh -i aws-dev.pem email@example.com
Running nexus container
We decided to use the official sonatype nexus image
The recommended way to run nexus is by keeping its data in a data volume which gives the flexibility of updating nexus without loosing all its data and configuration.
- Create data volume
docker run -d --name nexus-data sonatype/nexus echo "data-only container for Nexus"
- Run nexus container
docker run -d -p 8081:8081 --restart=always --name nexus --volumes-from nexus-data sonatype/nexus
You should be able to access your nexus repo at http://docker01.aws.cloud:8081/
Uploading private artifacts
- In the Views/Repositories menu, select Repositories
- Click in the 3rd party repository
- Go to the Artifact Upload tab
By default nexus is pre-configured with three users:
- admin - admin123
- deployment - deployment123
Make sure you change the admin user password and delete both the deployment and anonymous users.
In some cases having anonymous access enabled might be required, but in that situation you can re-create the anonymous user and re-enable anonymous access with the correct set of roles and privileges. If you don't have a use case to enable anonymous access then simply don't.
To disable anonymous access:
- Under the Administration menu, select Server
- In the Security Settings group, disabled the check box for Anonymous Access
After anonymous access has been disabled you must configure a new Privilege, Role and User to access your private group.
Nexus has 3 types of privileges
- Application privileges - covers actions a user can execute in Nexus,
- Repository target privileges - governs the level of access a user has to a particular repository or repository target, and
- Repository view privileges - controls whether a user can view a repository
In our case we are creating a privilege to the Cloud Dynamics group, which has our 3rd party plus public artifacts.
A Nexus role is comprised of other Nexus roles and individual Nexus privileges.
Our custom role gives access to the previous created privilege
I suggest you create a user for each developer that needs access to nexus, both from an administrative perspective or simply to download the artifacts required for a given project
Now with the nexus repo installed and configured the last step is to update the maven settings to use the nexus repo instead of the default central one.
Update the $M2_HOME/conf/settings.xml file
<?xml version="1.0" encoding="UTF-8"?> <settings> <mirrors> <mirror> <id>cdi</id> <mirrorOf>*</mirrorOf> <url>http://docker01.aws.cloud:8081/content/groups/cdi</url> </mirror> </mirrors> <servers> <server> <id>cdi</id> <username>diogogmt</username> <password>your-password</password> </server> </servers> </settings>
The server section specifies the credentials for your nexus user while the mirror sets the URL maven will look for when downloading the pom dependencies for your projects.
If you don't want to change your global maven settings you can always add the server and mirror configuration to the pom.xml for a given project.