use the nexus api to create the docker repositories

2024-12-09 08:40:53 +00:00 · 2024-12-09 08:40:53 +00:00 · 254ce1189d
parent 02426896a3
commit 254ce1189d
3 changed files with 108 additions and 17 deletions
--- a/README.md
+++ b/README.md
@ -8,6 +8,7 @@ This will:
  * Create the `npm-group`, `npm-hosted` and `npmjs.org-proxy` repositories.
  * Create the `powershell-group`, `powershell-hosted` and `powershellgallery.com-proxy` repositories.
  * Create the `chocolatey-group`, `chocolatey-hosted` and `chocolatey.org-proxy` repositories.
+  * Create the `docker-group`, `docker-hosted` and `docker-hub-proxy` repositories.
  * Configure the NuGet `nuget-hosted` repository to accept pushing with an API key.
 * Configure Nexus through Groovy scripts.
  * Schedule a task to remove the old snapshots from the `maven-snapshots` repository.
--- a/provision/provision-nexus.sh
+++ b/provision/provision-nexus.sh
@ -492,6 +492,113 @@ http \
 EOF


+# create the docker-hosted docker registry repository.
+# see https://help.sonatype.com/en/docker-registry.html
+http \
+    --check-status \
+    --auth "$api_auth" \
+    POST \
+    https://$nexus_domain/service/rest/v1/repositories/docker/hosted \
+    <<'EOF'
+{
+  "name": "docker-hosted",
+  "online": true,
+  "storage": {
+    "blobStoreName": "default",
+    "strictContentTypeValidation": true,
+    "writePolicy": "allow_once",
+    "latestPolicy": true
+  },
+  "component": {
+    "proprietaryComponents": true
+  },
+  "docker": {
+    "v1Enabled": false,
+    "forceBasicAuth": true,
+    "httpPort": 6003
+  }
+}
+EOF
+
+
+# create the docker hub registry proxy repository.
+# see https://help.sonatype.com/en/docker-registry.html
+# NB as-of docker 19.03.5, there is still no way to specify a registry mirror credentials...
+#    as such, we cannot use our docker-group registry, instead we must use the docker-proxy
+#    registry, enable the Docker Bearer Token Realm and allow anonymous access to it.
+#    see https://github.com/moby/moby/issues/30880
+# NB this will make https://nexus.example.com:5002/v2/library/debian/manifests/buster-slim proxy
+#    to https://registry-1.docker.io/v2/library/debian/manifests/buster-slim
+#       https://registry-1.docker.io/v2/library/golang/tags/list
+http \
+    --check-status \
+    --auth "$api_auth" \
+    POST \
+    https://$nexus_domain/service/rest/v1/repositories/docker/proxy \
+    <<'EOF'
+{
+  "name": "docker-hub-proxy",
+  "online": true,
+  "storage": {
+    "blobStoreName": "default",
+    "strictContentTypeValidation": true
+  },
+  "proxy": {
+    "remoteUrl": "https://registry-1.docker.io",
+    "contentMaxAge": 1440,
+    "metadataMaxAge": 1440
+  },
+  "negativeCache": {
+    "enabled": true,
+    "timeToLive": 1440
+  },
+  "httpClient": {
+    "blocked": false,
+    "autoBlock": true
+  },
+  "docker": {
+    "v1Enabled": false,
+    "forceBasicAuth": true,
+    "httpPort": 6002
+  },
+  "dockerProxy": {
+    "indexType": "HUB",
+    "cacheForeignLayers": true
+  }
+}
+EOF
+
+
+# create the docker-group docker group repository.
+# see https://help.sonatype.com/en/docker-registry.html
+http \
+    --check-status \
+    --auth "$api_auth" \
+    POST \
+    https://$nexus_domain/service/rest/v1/repositories/docker/group \
+    <<'EOF'
+{
+  "name": "docker-group",
+  "online": true,
+  "storage": {
+    "blobStoreName": "default",
+    "strictContentTypeValidation": true
+  },
+  "group": {
+    "memberNames": [
+      "docker-hosted",
+      "docker-hub-proxy"
+    ]
+  },
+  "docker": {
+    "v1Enabled": false,
+    "forceBasicAuth": true,
+    "httpPort": 6001
+  }
+}
+EOF
+
+
 # configure nexus ldap with a groovy script.
 if [ "$config_authentication" = 'ldap' ]; then
    bash /vagrant/provision/execute-provision-ldap.groovy-script.sh
--- a/provision/provision-nexus/src/main/groovy/provision.groovy
+++ b/provision/provision-nexus/src/main/groovy/provision.groovy
@ -26,23 +26,6 @@ capabilityRegistry.all.findAll {it.context().type().toString().startsWith("Outre
 //])


-// create a docker registry repository backed by the default blob store.
-repository.createDockerHosted("docker-hosted", 6003, null, "default", true, true, WritePolicy.ALLOW, true)
-// create a docker proxy repository backed by the default blob store.
-// see https://help.sonatype.com/repomanager3/formats/docker-registry
-// TODO set Allow Nexus Repository Manager to download and cache foreign layers.
-// NB as-of docker 19.03.5, there is still no way to specify a registry mirror credentials...
-//    as such, we cannot use our docker-group registry, instead we must use the docker-proxy
-//    registry, enable the Docker Bearer Token Realm and allow anonymous access to it.
-//    see https://github.com/moby/moby/issues/30880
-// NB this will make https://nexus.example.com:5002/v2/library/debian/manifests/buster-slim proxy
-//    to https://registry-1.docker.io/v2/library/debian/manifests/buster-slim
-//       https://registry-1.docker.io/v2/library/golang/tags/list
-repository.createDockerProxy("docker-hub-proxy", "https://registry-1.docker.io", "HUB", null, 6002, null, "default", true, true, false)
-// create a docker group repository that merges the docker-hosted and docker-hub-proxy together.
-repository.createDockerGroup("docker-group", 6001, null, ["docker-hosted", "docker-hub-proxy"], true, "default", true)
-
-
 // set the base url. this is used when sending emails.
 // see https://help.sonatype.com/display/NXRM3/Configuration#Configuration-BaseURLCreation
 core.baseUrl("https://" + java.net.InetAddress.localHost.canonicalHostName)