From aec17a7b24c6fbf50e101c0f6e9c56f874847d6a Mon Sep 17 00:00:00 2001 From: 030 Date: Sun, 20 Aug 2023 20:36:21 +0200 Subject: [PATCH] fix: [#378] Change initial admin pass (automatically). --- .github/workflows/dip.yml | 2 + .github/workflows/snapcraft.yml | 3 +- Dockerfile | 2 +- cmd/n3dr/configUser.go | 12 +- configs/k8s/README.md | 54 +++++++++ configs/k8s/kind.yaml | 22 ++++ configs/k8s/nexus3.yaml | 193 ++++++++++++++++++++++++++++++++ 7 files changed, 280 insertions(+), 8 deletions(-) create mode 100644 configs/k8s/README.md create mode 100644 configs/k8s/kind.yaml create mode 100644 configs/k8s/nexus3.yaml diff --git a/.github/workflows/dip.yml b/.github/workflows/dip.yml index 3ce0b9e6..046db565 100644 --- a/.github/workflows/dip.yml +++ b/.github/workflows/dip.yml @@ -35,6 +35,7 @@ jobs: NEXUS_VERSION=$(./dip image --name=sonatype/nexus3 --regex=^3\.[0-9]+\.[0-9]+$) echo "Check whether the latest Nexus3 version: '${NEXUS_VERSION}' is used..." sed -i "s|\(sonatype/nexus3:\).*|\1${NEXUS_VERSION}|" README.md + sed -i "s|\(sonatype/nexus3:\).*|\1${NEXUS_VERSION}|" configs/k8s/nexus3.yaml sed -i "s|\(sonatype/nexus3:\)[0-9]\+\.[0-9]\+\.[0-9]\+\(.*\)|\1${NEXUS_VERSION}\2|" docs/quickstarts/DOCKER.md sed -i "s|\(NEXUS_VERSION=\).*|\1${NEXUS_VERSION}|" ./test/integration-tests.sh sed -i "s|\(nexus-version: \)[0-9]\.[0-9]\{2\}\.[0-9]$|\1${NEXUS_VERSION}|" ./.github/workflows/integration.yml @@ -60,6 +61,7 @@ jobs: sed -i "s|^\(version: \)\([0-9]\+\.\)\{2\}[0-9]\+|\1${{ env.NEW_TAG }}|" build/package/snap/snapcraft.yaml echo "Checking README.md..." sed -i "s|\(n3dr:\)\([0-9]\+\.\)\{2\}[0-9]\+|\1${{ env.NEW_TAG }}|" docs/README.md + sed -i "s|\(n3dr:\)\([0-9]\+\.\)\{2\}[0-9]\+|\1${{ env.NEW_TAG }}|" configs/k8s/nexus3.yaml sed -i "s|\(n3dr\/releases\/tag\/\)\([0-9]\+\.\)\{2\}[0-9]\+|\1${{ env.NEW_TAG }}|g" README.md sed -i "s|\(releases\/download\/\)\([0-9]\+\.\)\{2\}[0-9]\+|\1${{ env.NEW_TAG }}|g" README.md sed -i "s|\(n3dr\/releases\/tag\/\)\([0-9]\+\.\)\{2\}[0-9]\+|\1${{ env.NEW_TAG }}|g" ./docs/quickstarts/snippets/n3dr/DOWNLOAD.md diff --git a/.github/workflows/snapcraft.yml b/.github/workflows/snapcraft.yml index 68d1bdc6..8b610004 100644 --- a/.github/workflows/snapcraft.yml +++ b/.github/workflows/snapcraft.yml @@ -22,7 +22,8 @@ jobs: sudo snap install --dangerous ${{ steps.snapcraft.outputs.snap }} n3dr --version | grep "[0-9]\." - uses: snapcore/action-publish@v1 + env: + SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_LOGIN }} with: - store_login: ${{ secrets.SNAPCRAFT_LOGIN }} snap: ${{ steps.snapcraft.outputs.snap }} release: candidate diff --git a/Dockerfile b/Dockerfile index cf6998a5..9e4a9b72 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,7 @@ RUN apk add --no-cache \ CGO_ENABLED=0 go build -ldflags "-X main.Version=${VERSION}" -buildvcs=false && \ cp n3dr /n3dr -FROM alpine:3.18.2 +FROM alpine:3.18.3 COPY --from=builder /etc/passwd /etc/passwd COPY --from=builder /n3dr /usr/local/bin/n3dr COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ diff --git a/cmd/n3dr/configUser.go b/cmd/n3dr/configUser.go index a0e72dca..d841b0ed 100644 --- a/cmd/n3dr/configUser.go +++ b/cmd/n3dr/configUser.go @@ -18,13 +18,13 @@ var ( // configUserCmd represents the configUser command. var configUserCmd = &cobra.Command{ Use: "configUser", - Short: "A brief description of your command", - Long: `A longer description that spans multiple lines and likely contains examples -and usage of using your command. For example: + Short: "Configure users.", + Long: `Create users or change their passwords. -Cobra is a CLI library for Go that empowers applications. -This application is a tool to generate the needed files -to quickly create a Cobra application.`, +Examples: + # Change the admin password: + n3dr configUser --changePass --https false --n3drUser admin --n3drURL nexus3:8081 --n3drPass initial-pass --pass some-pass --email admin@example.org --firstName admin --id admin --lastName admin +`, Run: func(cmd *cobra.Command, args []string) { fmt.Println("configUser called") diff --git a/configs/k8s/README.md b/configs/k8s/README.md new file mode 100644 index 00000000..70caa140 --- /dev/null +++ b/configs/k8s/README.md @@ -0,0 +1,54 @@ +# kind + +## create secret + +```bash +echo -n 'helloworld' | tr -d "\n\r" | base64 -w 0 +``` + +## create cluster + +```bash +mkdir -p /tmp/k8s/kind/nexus-data && \ +sudo chown 8484 -R /tmp/k8s/kind/nexus-data && \ +~/go/bin/kind create cluster --config=configs/k8s/kind.yaml +``` + +## add ingress + +```bash +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml && \ +kubectl wait --namespace ingress-nginx \ + --for=condition=ready pod \ + --selector=app.kubernetes.io/component=controller \ + --timeout=90s +``` + +## deploy nexus + +```bash +kubectl apply -f configs/k8s/nexus3.yaml +``` + +## access nexus + +open `/etc/hosts`, add: + +```bash +127.0.0.1 nexus3.some-domain +``` + +open a web browser, navigate to: and login as +`admin` with password: `helloworld`. + +## n3dr + +```bash +kubectl logs nexus3-0 -n nexus3 +``` + +## cleanup + +```bash +~/go/bin/kind delete cluster +``` diff --git a/configs/k8s/kind.yaml b/configs/k8s/kind.yaml new file mode 100644 index 00000000..d14d73d7 --- /dev/null +++ b/configs/k8s/kind.yaml @@ -0,0 +1,22 @@ +--- +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +nodes: + - role: control-plane + kubeadmConfigPatches: + - | + kind: InitConfiguration + nodeRegistration: + kubeletExtraArgs: + node-labels: "ingress-ready=true" + system-reserved: memory=8Gi + extraPortMappings: + - containerPort: 80 + hostPort: 80 + protocol: TCP + - containerPort: 443 + hostPort: 443 + protocol: TCP + extraMounts: + - hostPath: /tmp/k8s/kind/nexus-data + containerPath: /nexus-data diff --git a/configs/k8s/nexus3.yaml b/configs/k8s/nexus3.yaml new file mode 100644 index 00000000..05bb6899 --- /dev/null +++ b/configs/k8s/nexus3.yaml @@ -0,0 +1,193 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: nexus3 +--- +apiVersion: v1 +kind: Secret +metadata: + name: n3dr + namespace: nexus3 +data: + admin-password: aGVsbG93b3JsZA== +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: nexus3 + namespace: nexus3 +spec: + replicas: 1 + selector: + matchLabels: + app: nexus3 + serviceName: nexus3 + template: + metadata: + labels: + app: nexus3 + spec: + containers: + - image: sonatype/nexus3:3.59.0 + imagePullPolicy: IfNotPresent + name: nexus3 + livenessProbe: + failureThreshold: 6 + initialDelaySeconds: 120 + httpGet: + path: / + port: 8081 + scheme: HTTP + periodSeconds: 60 + timeoutSeconds: 30 + readinessProbe: + failureThreshold: 6 + initialDelaySeconds: 120 + httpGet: + path: / + port: 8081 + scheme: HTTP + periodSeconds: 60 + timeoutSeconds: 30 + ports: + - containerPort: 8081 + name: nexus3 + protocol: TCP + resources: + limits: + cpu: 1250m + memory: 2Gi + requests: + cpu: 1m + memory: 50Mi + securityContext: + readOnlyRootFilesystem: false + runAsUser: 8484 + runAsGroup: 8484 + volumeMounts: + - mountPath: /nexus-data + name: nexus3 + - mountPath: /tmp + name: tmp + volumes: + - name: tmp + emptyDir: {} + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: nexus3 + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 4Gi + volumeMode: Filesystem + volumeName: nexus3 +--- +apiVersion: v1 +kind: Service +metadata: + name: nexus3 + namespace: nexus3 +spec: + selector: + app: nexus3 + ports: + - protocol: TCP + port: 8081 + targetPort: 8081 +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: n3dr + namespace: nexus3 +spec: + schedule: '*/15 * * * *' + jobTemplate: + spec: + template: + spec: + containers: + - image: utrecht/n3dr:7.2.4 + imagePullPolicy: IfNotPresent + name: n3dr + command: + - /bin/sh + - -c + - | + cat /tmp/nexus-data/admin.password + echo $NEXUS_ADMIN_PASSWORD + if [ -e /tmp/nexus-data/admin.password ]; then + echo "changing randomized generated password..." + pw=$(cat /tmp/nexus-data/admin.password) + n3dr configUser \ + --changePass \ + --https false \ + --n3drUser admin \ + --n3drURL nexus3:8081 \ + --n3drPass "${pw}" \ + --pass "${NEXUS_ADMIN_PASSWORD}" \ + --email admin@example.org \ + --firstName Administrator \ + --id admin \ + --lastName User \ + --showLogo=false + else + echo "Assumed that initial password has been changed as" + echo "/tmp/nexus-data/admin.password file was not been" + echo "found." + fi + env: + - name: NEXUS_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: n3dr + key: admin-password + securityContext: + readOnlyRootFilesystem: false + runAsUser: 8484 + runAsGroup: 8484 + volumeMounts: + - mountPath: /tmp/nexus-data + name: nexus3 + volumes: + - name: nexus3 + persistentVolumeClaim: + claimName: nexus3-nexus3-0 + restartPolicy: Never +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nexus3 + namespace: nexus3 +spec: + rules: + - host: nexus3.some-domain + http: + paths: + - pathType: Prefix + path: / + backend: + service: + name: nexus3 + port: + number: 8081 +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: nexus3 + namespace: nexus3 +spec: + storageClassName: standard + accessModes: + - ReadWriteOnce + capacity: + storage: 4Gi + hostPath: + path: /nexus-data