如何使用 ansible 剧本在 "sonatype nexus" 中创建 "nexus local user and role"
Ho to create "nexus local user and role" in "sonatype nexus" using ansible playbook
我正在做一个自动化,我需要使用 ansible playbook 安装 sonatype nexus,并创建一个 nexus 用户和角色。
到目前为止,我已经使用 playbook 安装了 sonatype nexus,而且我能够登录应用程序并创建一个 "nexus local user"。但是,我想使用 ansible playbook 自动执行相同的角色和用户创建(在 nexus 中)。
非常感谢您的帮助。
您可以查看 ansible-thoteam.nexus3-oss 角色 on galaxy or on github,它安装 nexus3 并负责其配置。为了完全透明,我是这个开源角色的当前维护者。
你会想看看 following groovy script to create users(作为完整示例粘贴在下面):
import groovy.json.JsonOutput
import groovy.json.JsonSlurper
import groovy.transform.Field
import org.sonatype.nexus.security.role.RoleIdentifier
import org.sonatype.nexus.security.user.InvalidCredentialsException
import org.sonatype.nexus.security.user.UserManager
import org.sonatype.nexus.security.user.UserNotFoundException
import org.sonatype.nexus.security.user.User
List<Map<String, String>> actionDetails = []
@Field Map scriptResults = [changed: false, error: false]
scriptResults.put('action_details', actionDetails)
authManager = security.securitySystem.getAuthorizationManager(UserManager.DEFAULT_SOURCE)
def updateUser(userDef, currentResult) {
User user = security.securitySystem.getUser(userDef.username)
user.setFirstName(userDef.first_name)
user.setLastName(userDef.last_name)
user.setEmailAddress(userDef.email)
if (user != security.securitySystem.getUser(userDef.username)) {
security.securitySystem.updateUser(user)
currentResult.put('status', 'updated')
scriptResults['changed'] = true
}
Set<RoleIdentifier> existingRoles = user.getRoles()
Set<RoleIdentifier> definedRoles = []
userDef.roles.each { roleDef ->
RoleIdentifier role = new RoleIdentifier("default", authManager.getRole(roleDef).roleId);
definedRoles.add(role)
}
if (! existingRoles.equals(definedRoles)) {
security.securitySystem.setUsersRoles(user.getUserId(), "default", definedRoles)
currentResult.put('status', 'updated')
scriptResults['changed'] = true
}
try {
security.securitySystem.changePassword(userDef.username, userDef.password, userDef.password)
} catch (InvalidCredentialsException ignored) {
security.securitySystem.changePassword(userDef.username, userDef.password)
currentResult.put('status', 'updated')
scriptResults['changed'] = true
}
log.info("Updated user {}", userDef.username)
}
def addUser(userDef, currentResult) {
try {
security.addUser(userDef.username, userDef.first_name, userDef.last_name, userDef.email, true, userDef.password, userDef.roles)
currentResult.put('status', 'updated')
scriptResults['changed'] = true
log.info("Created user {}", userDef.username)
} catch (Exception e) {
currentResult.put('status', 'error')
currentResult.put('error_msg', e.toString())
scriptResults['error'] = true
}
}
def deleteUser(userDef, currentResult) {
try {
security.securitySystem.deleteUser(userDef.username, UserManager.DEFAULT_SOURCE)
log.info("Deleted user {}", userDef.username)
currentResult.put('status', 'deleted')
scriptResults['changed'] = true
} catch (UserNotFoundException ignored) {
log.info("Delete user: user {} does not exist", userDef.username)
} catch (Exception e) {
currentResult.put('status', 'error')
currentResult.put('error_msg', e.toString())
scriptResults['error'] = true
}
}
/* Main */
parsed_args = new JsonSlurper().parseText(args)
parsed_args.each { userDef ->
state = userDef.get('state', 'present')
Map<String, String> currentResult = [username: userDef.username, state: state]
currentResult.put('status', 'no change')
if (state == 'absent') {
deleteUser(userDef, currentResult)
} else {
try {
updateUser(userDef, currentResult)
} catch (UserNotFoundException ignored) {
addUser(userDef, currentResult)
} catch (Exception e) {
currentResult.put('status', 'error')
currentResult.put('error_msg', e.toString())
scriptResults['error'] = true
}
}
scriptResults['action_details'].add(currentResult)
}
return JsonOutput.toJson(scriptResults)
此脚本需要接收用户列表。您可以参考 README.md as well as the default vars 以获取有关预期数据结构的详细信息,如下所示:
nexus_local_users:
- username: my_user
first_name: my
last_name: user
email: my@user.com
password: "s3cr3t"
roles:
- developers
我不会再粘贴完整的示例,但还有一个 groovy script and a data structure 角色
您可以查看角色的其余部分以获取更多信息,更具体地说 tasks to declare the script in nexus and to call it with its parameters
即使您不想使用完整的角色,我认为这仍然是一个很好的示例,如果您愿意,可以开发自己的解决方案。
希望对您有所帮助。
我正在做一个自动化,我需要使用 ansible playbook 安装 sonatype nexus,并创建一个 nexus 用户和角色。
到目前为止,我已经使用 playbook 安装了 sonatype nexus,而且我能够登录应用程序并创建一个 "nexus local user"。但是,我想使用 ansible playbook 自动执行相同的角色和用户创建(在 nexus 中)。
非常感谢您的帮助。
您可以查看 ansible-thoteam.nexus3-oss 角色 on galaxy or on github,它安装 nexus3 并负责其配置。为了完全透明,我是这个开源角色的当前维护者。
你会想看看 following groovy script to create users(作为完整示例粘贴在下面):
import groovy.json.JsonOutput
import groovy.json.JsonSlurper
import groovy.transform.Field
import org.sonatype.nexus.security.role.RoleIdentifier
import org.sonatype.nexus.security.user.InvalidCredentialsException
import org.sonatype.nexus.security.user.UserManager
import org.sonatype.nexus.security.user.UserNotFoundException
import org.sonatype.nexus.security.user.User
List<Map<String, String>> actionDetails = []
@Field Map scriptResults = [changed: false, error: false]
scriptResults.put('action_details', actionDetails)
authManager = security.securitySystem.getAuthorizationManager(UserManager.DEFAULT_SOURCE)
def updateUser(userDef, currentResult) {
User user = security.securitySystem.getUser(userDef.username)
user.setFirstName(userDef.first_name)
user.setLastName(userDef.last_name)
user.setEmailAddress(userDef.email)
if (user != security.securitySystem.getUser(userDef.username)) {
security.securitySystem.updateUser(user)
currentResult.put('status', 'updated')
scriptResults['changed'] = true
}
Set<RoleIdentifier> existingRoles = user.getRoles()
Set<RoleIdentifier> definedRoles = []
userDef.roles.each { roleDef ->
RoleIdentifier role = new RoleIdentifier("default", authManager.getRole(roleDef).roleId);
definedRoles.add(role)
}
if (! existingRoles.equals(definedRoles)) {
security.securitySystem.setUsersRoles(user.getUserId(), "default", definedRoles)
currentResult.put('status', 'updated')
scriptResults['changed'] = true
}
try {
security.securitySystem.changePassword(userDef.username, userDef.password, userDef.password)
} catch (InvalidCredentialsException ignored) {
security.securitySystem.changePassword(userDef.username, userDef.password)
currentResult.put('status', 'updated')
scriptResults['changed'] = true
}
log.info("Updated user {}", userDef.username)
}
def addUser(userDef, currentResult) {
try {
security.addUser(userDef.username, userDef.first_name, userDef.last_name, userDef.email, true, userDef.password, userDef.roles)
currentResult.put('status', 'updated')
scriptResults['changed'] = true
log.info("Created user {}", userDef.username)
} catch (Exception e) {
currentResult.put('status', 'error')
currentResult.put('error_msg', e.toString())
scriptResults['error'] = true
}
}
def deleteUser(userDef, currentResult) {
try {
security.securitySystem.deleteUser(userDef.username, UserManager.DEFAULT_SOURCE)
log.info("Deleted user {}", userDef.username)
currentResult.put('status', 'deleted')
scriptResults['changed'] = true
} catch (UserNotFoundException ignored) {
log.info("Delete user: user {} does not exist", userDef.username)
} catch (Exception e) {
currentResult.put('status', 'error')
currentResult.put('error_msg', e.toString())
scriptResults['error'] = true
}
}
/* Main */
parsed_args = new JsonSlurper().parseText(args)
parsed_args.each { userDef ->
state = userDef.get('state', 'present')
Map<String, String> currentResult = [username: userDef.username, state: state]
currentResult.put('status', 'no change')
if (state == 'absent') {
deleteUser(userDef, currentResult)
} else {
try {
updateUser(userDef, currentResult)
} catch (UserNotFoundException ignored) {
addUser(userDef, currentResult)
} catch (Exception e) {
currentResult.put('status', 'error')
currentResult.put('error_msg', e.toString())
scriptResults['error'] = true
}
}
scriptResults['action_details'].add(currentResult)
}
return JsonOutput.toJson(scriptResults)
此脚本需要接收用户列表。您可以参考 README.md as well as the default vars 以获取有关预期数据结构的详细信息,如下所示:
nexus_local_users:
- username: my_user
first_name: my
last_name: user
email: my@user.com
password: "s3cr3t"
roles:
- developers
我不会再粘贴完整的示例,但还有一个 groovy script and a data structure 角色
您可以查看角色的其余部分以获取更多信息,更具体地说 tasks to declare the script in nexus and to call it with its parameters
即使您不想使用完整的角色,我认为这仍然是一个很好的示例,如果您愿意,可以开发自己的解决方案。
希望对您有所帮助。