Table of Contents

1. Nexus for Component Management
2. Nexus for Component Management
3. Nexus for Component Management
4. Nexus for Component Management
5. But What About the Top Ten Tips?
6. And What About My Questions?
7. So What is a Component?
8. So What is a Component?
9. Development Lifecycle Integration?
10. Getting Started - Nexus OSS
11. What is a Repository?
12. Component Manager Tasks
13. Repository Concepts
14. Security
15. Search & Component Information
16. Component Management
17. Component Management
18. Component Management
19. Component Management
20. Component Management with Nexus OSS
21. Managing Nexus
22. Nexus Professional - More Information
23. Nexus Professional - More Security
24. Sonatype Nexus as Central Hub
25. Scaling Nexus Deployments
26. Scaling Nexus Deployments
27. Release Process
28. Release Process
29. Nexus Professional CLM Edition
30. Sonatype CLM
31. Integrating with Nexus
32. Resources

Nexus for Component Management

Manfred Moser, Sonatype, Inc.
September 2014

Nexus for Component Management

Join me on a journey

from no component manager usage
to full software development lifecycle integration

Hold on tight. This is going to be a whirlwind trip.

Nexus for Component Management

We will move …

from using unknown jar files
dependencies not being understood
and brittle version updates

enforced policies
well understood component usage
avoided security and license issues

Nexus for Component Management

We will move …

from using e.g. jars checked into version control
or just using Maven, Gradle, … out of the box
via Nexus OSS
to Nexus Professional
and onwards to Nexus Professional CLM Edition
to Sontype CLM with all its tools
- IDE integration,
- CI integration,
- and more

But What About the Top Ten Tips?

Don’t worry. I got this covered. There will be lots of tips and tricks.

Right Here (And Very Soon)
— Manfred Moser

And What About My Questions?

Go right ahead - ask any time.

But first, let me set the stage…

So What is a Component?

All the stuff you use to create your applications
The plumbing you don’t want to write yourself
Logging, IoC, persistence layer, ORM, …
And that you get easily by declaring dependencies with Maven, Gradle, nuget, npm…
Comprises 80-90% of your application

And you are responsible for all of them.

So What is a Component?

But also all the parts you create and use
- Including the application deployment packages
JARs, WARs, EARs..
- but also rpm and npm packages or tar.gz files

Development Lifecycle Integration?

It is an endless circle of activities:

Research what components to use
Implement usage of components in development
Check component usage in QA and release process
Monitor applications and components used in production
Go back to the start and change versions or entire components

It only ends when any production deployments are decommissioned and not when development stops.

Getting Started - Nexus OSS

Installation is simple
- Extract archive and run
Configuration
- conf/nexus.properties
- bin/nexus(.bat)
Run as a service (JSW)
- bin/jsw/conf/wrapper.conf

Let’s have a look at these files.

→ It’s easy and the benefits are immediate.

What is a Repository?

Organized storage for components
Uses e.g. GAV coordinates for structure

→ A Component Manager helps with administration and usage of components stored in repositories

Component Manager Tasks

Proxy and manage access to public repositories
Store components that are not in public repositories
Manage internal releases and development components

→ Facilitate internal collaboration across components and teams

Repository Concepts

Proxy and hosted repositories
Repository groups for easy access/aggregation
Maven 2, NuGet and NPM

We explore all that in the user interface.

Security

Privileges, roles and users
External role mappings e.g. LDAP
Repository targets
Authentication from tools
- settings.xml and more

Understanding security and possible setups is crucial to control component usage.

Search & Component Information

Different search methods
Find components in different repositories
Find available versions - not yet used
- Useful for component selection
GAV coordinates and repository location

Demo time!

Component Management

Supply change management for components

Security and authentication
Repositories and repository targets
Component information

→ Set the stage for first repository and component management

Component Management

Who can read?

other teams (QA, operations)
remote offices
contractors, partner companies, public access

Component Management

Who can write?

Build master
Release engineers
CI servers
SNAPSHOTS vs. release

Component Management

What information is available to whom?

development
QA
security
legal
…

Component Management with Nexus OSS

Internal caching and storing of components → enables collaboration
Reduced dependency on external repositories
One component storage location for backup, audit, control…
Highly performant
Reduced bandwitdh usage and costs
Efficient search
Repository Health Check
Some meta data
Formats include Maven, NuGet, NPM, site, Yum and JRuby/Gems

→ Way better than manual management or ignoring the need

Yet easy to implement…

Managing Nexus

Logging
Support tools
Scheduled tasks
System feeds
JMX
External monitoring software

Nexus Professional - More Information

Lots more component information:

Archive browser and Maven dependency
Age & popularity
Security information
License information
Repository health check with component details

You gotta see this!

Nexus Professional - More Security

More security features:

User token
Enterprise LDAP, Atlassian Crowd
SSL management
Maven settings management

Sonatype Nexus as Central Hub

→ Nexus is a key component of your enterprise development infrastructure

Scaling Nexus Deployments

One server
Bigger server
With failover setup
Multiple servers for read, single write
With load balancer

Scaling Nexus Deployments

With Nexus Professional → Smart proxy

This is used for sync to OSSRH and Central from e.g. JBoss, Apache,…

Release Process

Security controls write access
Configurable with repository targets
- Disallow deployments outside company GAV
- Specific GAV’s allowed per team
- Or only CI server can deploy
- Or build master

Release Process

Dedicated tooling for release process in Nexus Professional - Staging

Temporary repository
Rule validation upon deployment
Configurable for repository targets
Security controlled stages
Releases can be dropped, if desired
Used as input funnel for Central Repository - OSSRH

Check out the free video training course on staging.

Nexus Professional CLM Edition

In a nutshell:

Configurable component policies - very powerful
Managed on the Sonatype CLM server
Tied into Nexus staging

Demo time!

Sonatype CLM

Expands Nexus Professional CLM Edition

Manual analysis in CLM server
Eclipse IDE integration
Continuous Integration Server support
SonarQube support
Command line scanning

Integrating with Nexus

Lots of build tools can integrate with Maven repositories
- Ant/Ivy, Gradle, SBT, Grails Leiningen, …
Lots of other repository formats supported
- Maven, NuGet, NPM, Yum, Site,…
All functionality is available in REST API
Java client for REST API available
Plugin architecture with examples to create your own

Check out the community chapter in the Nexus book.

Resources

Repository Management with Nexus - free book
The Nexus Community
- with articles, videos, mailing Lists, Nexus Live and more
Sonatype Support
Nexus Professional website
Nexus Professional Trial Bundle and Guide - some examples can be used with Nexus OSS as well
Talk to the developers/support - HipChat
Training classes

Last updated 2015-07-06 14:36:31 PDT

slide 1/32

Space or Right Arrow to move to next slide, M to see keys mapping, click help below for more details