Skip to content

Commit

Permalink
fix: [#378] Change initial admin pass (automatically).
Browse files Browse the repository at this point in the history
  • Loading branch information
030 committed Sep 16, 2023
1 parent 057ae4c commit aec17a7
Show file tree
Hide file tree
Showing 7 changed files with 280 additions and 8 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/dip.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ jobs:
NEXUS_VERSION=$(./dip image --name=sonatype/nexus3 --regex=^3\.[0-9]+\.[0-9]+$)
echo "Check whether the latest Nexus3 version: '${NEXUS_VERSION}' is used..."
sed -i "s|\(sonatype/nexus3:\).*|\1${NEXUS_VERSION}|" README.md
sed -i "s|\(sonatype/nexus3:\).*|\1${NEXUS_VERSION}|" configs/k8s/nexus3.yaml
sed -i "s|\(sonatype/nexus3:\)[0-9]\+\.[0-9]\+\.[0-9]\+\(.*\)|\1${NEXUS_VERSION}\2|" docs/quickstarts/DOCKER.md
sed -i "s|\(NEXUS_VERSION=\).*|\1${NEXUS_VERSION}|" ./test/integration-tests.sh
sed -i "s|\(nexus-version: \)[0-9]\.[0-9]\{2\}\.[0-9]$|\1${NEXUS_VERSION}|" ./.github/workflows/integration.yml
Expand All @@ -60,6 +61,7 @@ jobs:
sed -i "s|^\(version: \)\([0-9]\+\.\)\{2\}[0-9]\+|\1${{ env.NEW_TAG }}|" build/package/snap/snapcraft.yaml
echo "Checking README.md..."
sed -i "s|\(n3dr:\)\([0-9]\+\.\)\{2\}[0-9]\+|\1${{ env.NEW_TAG }}|" docs/README.md
sed -i "s|\(n3dr:\)\([0-9]\+\.\)\{2\}[0-9]\+|\1${{ env.NEW_TAG }}|" configs/k8s/nexus3.yaml
sed -i "s|\(n3dr\/releases\/tag\/\)\([0-9]\+\.\)\{2\}[0-9]\+|\1${{ env.NEW_TAG }}|g" README.md
sed -i "s|\(releases\/download\/\)\([0-9]\+\.\)\{2\}[0-9]\+|\1${{ env.NEW_TAG }}|g" README.md
sed -i "s|\(n3dr\/releases\/tag\/\)\([0-9]\+\.\)\{2\}[0-9]\+|\1${{ env.NEW_TAG }}|g" ./docs/quickstarts/snippets/n3dr/DOWNLOAD.md
Expand Down
3 changes: 2 additions & 1 deletion .github/workflows/snapcraft.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,8 @@ jobs:
sudo snap install --dangerous ${{ steps.snapcraft.outputs.snap }}
n3dr --version | grep "[0-9]\."
- uses: snapcore/action-publish@v1
env:
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_LOGIN }}
with:
store_login: ${{ secrets.SNAPCRAFT_LOGIN }}
snap: ${{ steps.snapcraft.outputs.snap }}
release: candidate
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ RUN apk add --no-cache \
CGO_ENABLED=0 go build -ldflags "-X main.Version=${VERSION}" -buildvcs=false && \
cp n3dr /n3dr

FROM alpine:3.18.2
FROM alpine:3.18.3
COPY --from=builder /etc/passwd /etc/passwd
COPY --from=builder /n3dr /usr/local/bin/n3dr
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
Expand Down
12 changes: 6 additions & 6 deletions cmd/n3dr/configUser.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,13 @@ var (
// configUserCmd represents the configUser command.
var configUserCmd = &cobra.Command{
Use: "configUser",
Short: "A brief description of your command",
Long: `A longer description that spans multiple lines and likely contains examples
and usage of using your command. For example:
Short: "Configure users.",
Long: `Create users or change their passwords.
Cobra is a CLI library for Go that empowers applications.
This application is a tool to generate the needed files
to quickly create a Cobra application.`,
Examples:
# Change the admin password:
n3dr configUser --changePass --https false --n3drUser admin --n3drURL nexus3:8081 --n3drPass initial-pass --pass some-pass --email [email protected] --firstName admin --id admin --lastName admin
`,
Run: func(cmd *cobra.Command, args []string) {
fmt.Println("configUser called")

Expand Down
54 changes: 54 additions & 0 deletions configs/k8s/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
# kind

## create secret

```bash
echo -n 'helloworld' | tr -d "\n\r" | base64 -w 0
```

## create cluster

```bash
mkdir -p /tmp/k8s/kind/nexus-data && \
sudo chown 8484 -R /tmp/k8s/kind/nexus-data && \
~/go/bin/kind create cluster --config=configs/k8s/kind.yaml
```

## add ingress

```bash
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml && \
kubectl wait --namespace ingress-nginx \
--for=condition=ready pod \
--selector=app.kubernetes.io/component=controller \
--timeout=90s
```

## deploy nexus

```bash
kubectl apply -f configs/k8s/nexus3.yaml
```

## access nexus

open `/etc/hosts`, add:

```bash
127.0.0.1 nexus3.some-domain
```

open a web browser, navigate to: <http://nexus3.some-domain/> and login as
`admin` with password: `helloworld`.

## n3dr

```bash
kubectl logs nexus3-0 -n nexus3
```

## cleanup

```bash
~/go/bin/kind delete cluster
```
22 changes: 22 additions & 0 deletions configs/k8s/kind.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
---
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
kubeadmConfigPatches:
- |
kind: InitConfiguration
nodeRegistration:
kubeletExtraArgs:
node-labels: "ingress-ready=true"
system-reserved: memory=8Gi
extraPortMappings:
- containerPort: 80
hostPort: 80
protocol: TCP
- containerPort: 443
hostPort: 443
protocol: TCP
extraMounts:
- hostPath: /tmp/k8s/kind/nexus-data
containerPath: /nexus-data
193 changes: 193 additions & 0 deletions configs/k8s/nexus3.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,193 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: nexus3
---
apiVersion: v1
kind: Secret
metadata:
name: n3dr
namespace: nexus3
data:
admin-password: aGVsbG93b3JsZA==
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: nexus3
namespace: nexus3
spec:
replicas: 1
selector:
matchLabels:
app: nexus3
serviceName: nexus3
template:
metadata:
labels:
app: nexus3
spec:
containers:
- image: sonatype/nexus3:3.59.0
imagePullPolicy: IfNotPresent
name: nexus3
livenessProbe:
failureThreshold: 6
initialDelaySeconds: 120
httpGet:
path: /
port: 8081
scheme: HTTP
periodSeconds: 60
timeoutSeconds: 30
readinessProbe:
failureThreshold: 6
initialDelaySeconds: 120
httpGet:
path: /
port: 8081
scheme: HTTP
periodSeconds: 60
timeoutSeconds: 30
ports:
- containerPort: 8081
name: nexus3
protocol: TCP
resources:
limits:
cpu: 1250m
memory: 2Gi
requests:
cpu: 1m
memory: 50Mi
securityContext:
readOnlyRootFilesystem: false
runAsUser: 8484
runAsGroup: 8484
volumeMounts:
- mountPath: /nexus-data
name: nexus3
- mountPath: /tmp
name: tmp
volumes:
- name: tmp
emptyDir: {}
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nexus3
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 4Gi
volumeMode: Filesystem
volumeName: nexus3
---
apiVersion: v1
kind: Service
metadata:
name: nexus3
namespace: nexus3
spec:
selector:
app: nexus3
ports:
- protocol: TCP
port: 8081
targetPort: 8081
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: n3dr
namespace: nexus3
spec:
schedule: '*/15 * * * *'
jobTemplate:
spec:
template:
spec:
containers:
- image: utrecht/n3dr:7.2.4
imagePullPolicy: IfNotPresent
name: n3dr
command:
- /bin/sh
- -c
- |
cat /tmp/nexus-data/admin.password
echo $NEXUS_ADMIN_PASSWORD
if [ -e /tmp/nexus-data/admin.password ]; then
echo "changing randomized generated password..."
pw=$(cat /tmp/nexus-data/admin.password)
n3dr configUser \
--changePass \
--https false \
--n3drUser admin \
--n3drURL nexus3:8081 \
--n3drPass "${pw}" \
--pass "${NEXUS_ADMIN_PASSWORD}" \
--email [email protected] \
--firstName Administrator \
--id admin \
--lastName User \
--showLogo=false
else
echo "Assumed that initial password has been changed as"
echo "/tmp/nexus-data/admin.password file was not been"
echo "found."
fi
env:
- name: NEXUS_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: n3dr
key: admin-password
securityContext:
readOnlyRootFilesystem: false
runAsUser: 8484
runAsGroup: 8484
volumeMounts:
- mountPath: /tmp/nexus-data
name: nexus3
volumes:
- name: nexus3
persistentVolumeClaim:
claimName: nexus3-nexus3-0
restartPolicy: Never
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nexus3
namespace: nexus3
spec:
rules:
- host: nexus3.some-domain
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: nexus3
port:
number: 8081
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nexus3
namespace: nexus3
spec:
storageClassName: standard
accessModes:
- ReadWriteOnce
capacity:
storage: 4Gi
hostPath:
path: /nexus-data

0 comments on commit aec17a7

Please sign in to comment.