Showing posts with label SRE. Show all posts
Showing posts with label SRE. Show all posts

Tuesday 7 September 2021

Create Private Docker Repository in Nexus & Connect with docker

 1. Create Docker Repository ( hosted )

Create Docker repo with host type and select HTTPS Connector with port 18080


2. Login to the Client system which is going to use docker login pointing to this repository 

https://www.tamilcloud.com:8443/repository/tamilcloud/


3. Check Docker info [ Using root user account ]


4. Add Repository URL details into Client System host  file to make sure the domain URL based docker login

#  sudo echo "192.168.1.3      www.tamilcloud.com repo.tamilcloud.com clm.tamilcloud.com nexus.tamilcloud.com" >> /etc/hosts

5. Create Repository name based folder in /etc/docker/certs.d to copy the Docker Root certificate

# sudo mkdir -p /etc/docker/certs.d/www.tamilcloud.com:18079

6. Copy Nexus Root certificate ca.crt to client system /etc/docker/certs.d/www.tamilcloud.com:18079 folder 

sudo cp /cert/ca.crt /etc/docker/certs.d/www.tamilcloud.com:18079

7. Docker Login to Repository



8. Push Local image to Docker Private repository

# docker pull mysql:5.7
# docker images
# docker tag 1d7aba917169 www.tamilcloud.com:18079/mysql:5.7
# docker push  www.tamilcloud.com:18079/mysql:5.7


9. Verify image in private docker repository


Completed :)

Posted by at No comments:
Labels: ,

Install On-Premise Nexus Sonatype Artefact repository [ SSL Enabled ]

 1.  Download the Nexus Open source from Nexus Sonatype website

https://help.sonatype.com/repomanager3/download/download-archives---repository-manager-3

2. Unzip it and place the file into /opt/nexus folder

3. To create Nexus service to start and stop add nexus.service file with the following content

[Unit]
Description=nexus service
After=network.target
  
[Service]
Type=forking
LimitNOFILE=65536
ExecStart=/opt/nexus/nexus-3.34.0-01/bin/nexus start
ExecStop=/opt/nexus/nexus-3.34.0-01/bin/nexus stop
User=tamilarasan
Restart=on-abort
TimeoutSec=600
  
[Install]
WantedBy=multi-user.target


4. Copy the file into /etc/systemd/system/ folder & enable the service


$ sudo cp nexus.service /etc/systemd/system

$ sudo systemctl daemon-reload

$ sudo systemctl enable nexus.service

$ sudo systemctl start nexus.service

5. Verify the Nexus status 

$sudo systemctl status nexus.service


6. To check the nexus log file 


7. Setup the initial admin password

By default the initial password will be stored into ' admin.password' file into $data-dir


8. Create Self -Signed certificate to enable Nexus with https

# 1 Generate public private key pair using keytool:

keytool -genkeypair -keystore keystore.jks -storepass password -alias tamilcloud.com \

 -keyalg RSA -keysize 2048 -validity 5000 -keypass password \

 -dname 'CN=*.tamilcloud.com, OU=Sonatype, O=Sonatype, L=Unspecified, ST=Unspecified, C=US' \

 -ext 'SAN=DNS:nexus.tamilcloud.com,DNS:clm.tamilcloud.com,DNS:repo.tamilcloud.com,DNS:www.tamilcloud.com'


 # 2. Generate PEM encoded public certificate file using keytool:

keytool -exportcert -keystore keystore.jks -alias tamilcloud.com -rfc > tamilcloud.cert


# 3. Convert our Java specific keystore binary".jks" file to a widely compatible PKCS12 keystore ".p12" file:

keytool -importkeystore -srckeystore keystore.jks -destkeystore tamilcloud.p12 -deststoretype PKCS12


# 4. Extract pem (certificate) from ".p12" keystore file ( this is same as step 2, but openssl spits out more verbose contents ):

openssl pkcs12 -nokeys -in tamilcloud.p12 -out tamilcloud.pem


# 5. Extract unencrypted private key file from ".p12" keystore file:

openssl pkcs12 -nocerts -nodes -in tamilcloud.p12 -out tamilcloud.key


# 6. List and verify new keystore file contents:

keytool -list -keystore tamilcloud.p12 -storetype PKCS12


# 7. copy tamilcloud.cert to the same folder as ca.crt root certificate

mv tamilcloud.cert ca.crt

# 8. Add host name in to /etc/hosts file

1*.*.*.*      www.tamilcloud.com repo.tamilcloud.com clm.tamilcloud.com nexus.tamilcloud.com


9. Copy Java keystore file at $data-dir/etc/ssl/keystore.jks


$ mkdir -p /opt/nexus/sonatype-work/nexus3/etc/ssl

cp keystore.jks /opt/nexus/sonatype-work/nexus3/etc/ssl/


10. Edit $data-dir/etc/nexus-default.properties and save the file after making the following changes. Add a new line containing:

application-port-ssl=8443


10. update the nexus-arg int the nexus-default.properties file

nexus-args=${jetty.etc}/jetty.xml,${jetty.etc}/jetty-http.xml,${jetty.etc}/jetty-https.xml,${jetty.etc}/jetty-requestlog.xml

11. Update the application host value as specific ip address

application-host=1*.*.*.*

12.  Run the Nexus and start Use it :)


Reference: 

1. SSL Configuration :  https://help.sonatype.com/repomanager3/system-configuration/configuring-ssl#ConfiguringSSL-ServingSSLDirectly

2. Prepare Self sign certificate : https://support.sonatype.com/hc/en-us/articles/213465768-SSL-Certificate-Guide?_ga=2.104409540.550049495.1630897268-1578994290.1629198342

3. Configure Runtime environment : https://help.sonatype.com/repomanager3/installation/configuring-the-runtime-environment


Posted by at No comments:
Labels: ,

Gogs - Create Git Repository

 1. Create New git repository for java application 


2. Created Repository for java Application


3. Git Project clone into Local folder

$ git clone http://192.168.1.110:8300/STR/pacspruapi.git


4. Move Local Files into the folder to start commit

$ git status


5. Git add all local files
$ git add .
$ git status


6. Git Commit 

$ git commit -m 'comment for the commit'


7. Push the committed code to Gogs Repository

$ git status
$ git remote -v # to display the available remote repository 
$ git push origin master 


8. If the Remote system code updated and the local code not yet sync then 
$ git remote show origin


# Use Git pull to sync with the remote
$ git pull



9. If Local file changed which is not sync with Remote
Change the Readme file 


Add only update file into git

$ git add README.md


Git Commit the code 
$ git commit -m 'Readme file updated - Tamilarasan'



Git Push the changes to Repository 
$ git push origin master



10. Verify the Code in Gogs repository


                                     Completed :)

Posted by at No comments:
Labels: ,

Nexus Maven Repository & Setup

Steps to Configure Nexus Maven & Application integration

PART - A Nexus Maven Creation


1. Create User Account in Nexus

2. Create a Maven Group repository

3. Add existing  maven host & proxy repositories into the new maven repo

4. Make Sure , enable the HTTP user authentication for Maven Central Repository part of newly created Group Repository.

5. Verify the Repository  Access using the URL



PART - B  Maven Config files creation

1. Create Maven Master Password Creation

$ mvn --encrypt-master-password <PASSWORD>

2. Save the result into a file "settings-security.xml" 
<settingsSecurity>
<master>{XOZTXCnPjDsHo1jxbPOEdjSCkMamoy4fgdfYej7588I=}</master>

</settingsSecurity>
Notes:
If you like to keep the password somewhere USB to plug & Build 
Store the file into USB drive specific folder 
like '/Volumes/mySecureUsb/secure/settings-security.xml' & use it.

<settingsSecurity>
    <relocation>/Volumes/mySecureUsb/secure/settings-security.xml</relocation></settingsSecurity>

3. Using Master password encrypt Repository Password to be used in pom.xml for build

For Example :

Repository URL : https://www.tamilcloud.com:8443/repository/maven-central/
Repository User Name : tamilarasan
Repository Password  : abcdefgh => needs to be encrypted to be used in CI CD pipeline

$ mvn --encrypt-password "abcdefgh" -s Settings.xml -Dsettings.security=settings-security.xml

4. Update the encrypted password into Settings.xml in server password Section

<servers>
 <server>
 <id>nexus</id>
 <username>tamilarasan</username>
 <password>{zVwvg21CdkIHM9hA5GsKv+9rzIZlslT3qAmkxcvh+xA=}</password> <!-- Encrypted Repo Password -->
 </server>
 </servers>

5. Update the Application pom.xml with nexus repository details.

<distributionManagement> <repository> <id>nexus</id> <name>Releases</name> <url>http://www.tamilcloud.com:8081/repository/maven-releases/</url> </repository> <snapshotRepository> <id>nexus</id> <name>Snapshot</name> <url>http://www.tamilcloud.com:8081/repository/maven-snapshots/</url> </snapshotRepository> </distributionManagement>

6. Compile and build with Settings.xml & settings-Security.xml

mvn -s settings.xml -Dsettings.security=settings-security.xml clean compile package deploy

7. Verify build result.

8. Verify the Nexus repository

Source Code : Click here

Done :)












Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)