I've testing on using ansible to automate creation of a nexus server and when trying to deploy groovy, I get the below error. The automation successfully works upto declaring groovy script in the deploy_groovy.yaml file.
TASK [nexus : Declaring Groovy script {{ item }}] ****************************************************************************************
failed: [10.0.57.17] (item=update_admin_password) => {"ansible_loop_var": "item", "changed": false, "connection": "close", "content_length": "96", "content_type": "application/json", "date": "Fri, 18 Aug 2023 04:54:35 GMT", "elapsed": 0, "item": "update_admin_password", "json": {"name": "update_admin_password", "result": "Creating and updating scripts is disabled"}, "msg": "Status code was 410 and not [204]: HTTP Error 410: Gone", "redirected": false, "server": "Nexus/3.30.1-01 (OSS)", "status": 410, "url": "http://localhost:8081/service/rest/v1/script", "x_content_type_options": "nosniff"}
failed: [10.0.57.17] (item=create_repo_docker_hosted) => {"ansible_loop_var": "item", "changed": false, "connection": "close", "content_length": "100", "content_type": "application/json", "date": "Fri, 18 Aug 2023 04:54:36 GMT", "elapsed": 0, "item": "create_repo_docker_hosted", "json": {"name": "create_repo_docker_hosted", "result": "Creating and updating scripts is disabled"}, "msg": "Status code was 410 and not [204]: HTTP Error 410: Gone", "redirected": false, "server": "Nexus/3.30.1-01 (OSS)", "status": 410, "url": "http://localhost:8081/service/rest/v1/script", "x_content_type_options": "nosniff"}
failed: [10.0.57.17] (item=create_blobstore) => {"ansible_loop_var": "item", "changed": false, "connection": "close", "content_length": "91", "content_type": "application/json", "date": "Fri, 18 Aug 2023 04:54:37 GMT", "elapsed": 0, "item": "create_blobstore", "json": {"name": "create_blobstore", "result": "Creating and updating scripts is disabled"}, "msg": "Status code was 410 and not [204]: HTTP Error 410: Gone", "redirected": false, "server": "Nexus/3.30.1-01 (OSS)", "status": 410, "url": "http://localhost:8081/service/rest/v1/script", "x_content_type_options": "nosniff"}
PLAY RECAP *******************************************************************************************************************************
10.0.57.17 : ok=26 changed=5 unreachable=0 failed=1 skipped=0 rescued=1 ignored=0
here's my install_nexus.yaml file which runs first
---
- name: install dependencies
yum:
name: "{{ item }}"
state: latest
loop:
- java-1.8.0-openjdk.x86_64
- name: Create nexus service user
user:
name: "{{ nexus_config.nexus_service_user }}"
comment: nexus service user
- name: ensure app directory is exist
file:
path: "{{ nexus_config.application_location }}"
state: directory
owner: "{{ nexus_config.nexus_service_user }}"
group: "{{ nexus_config.nexus_service_user }}"
mode: '0755'
- name: Download the latest nexus
get_url:
url: "{{ nexus_config.nexus_download_url }}nexus-{{ nexus_config.nexus_version }}-unix.tar.gz"
dest: /tmp/nexus.tar.gz
register: package_path
- name: get package path
debug:
var: package_path.dest
when: ansible_config.debug == true
- name: unarchive nexus.tar.gz
unarchive:
src: "{{ package_path.dest }}"
dest: /tmp
remote_src: yes
list_files: yes
register: unarchive_path
- name: get path
debug:
var: unarchive_path.files[0].split("/")[0]
when: ansible_config.debug == true
- block:
- name: remove old config if exist
file:
path: "{{ nexus_config.application_location }}/{{ item }}"
state: absent
vars:
fresh_install: true
loop:
- nexus
- sonatype-work
when: fresh_install == true
- name: move to "{{nexus_config.application_location}}nexus"
command: "mv {{ unarchive_path.dest }}/{{ unarchive_path.files[0].split(\"/\")[0] }} {{nexus_config.application_location}}nexus"
rescue:
- name: copying files
copy:
src: "{{ unarchive_path.dest }}/{{ unarchive_path.files[0].split(\"/\")[0] }}/"
dest: "{{nexus_config.application_location}}nexus"
remote_src: true
copy:
src: "nexus.properties"
dest: "{{nexus_config.application_location}}nexus/etc/nexus.properties"
- name: grant permission to nexus user
file:
path: "{{nexus_config.application_location}}nexus"
owner: "{{ nexus_config.nexus_service_user }}"
group: "{{ nexus_config.nexus_service_user }}"
recurse: yes
- name: configuring nexus
lineinfile:
path: "{{ item.path }}"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
loop:
- { path: '{{nexus_config.application_location}}nexus/bin/nexus.rc', regexp: '^#run_as_user=', line: 'run_as_user="nexus"' }
- { path: '{{nexus_config.application_location}}nexus/bin/nexus.vmoptions', regexp: '^-Xms', line: "-Xms{{ nexus_config.xms }}m" }
- { path: '{{nexus_config.application_location}}nexus/bin/nexus.vmoptions', regexp: '^-Xmx', line: "-Xmx{{ nexus_config.xmx }}m" }
- { path: '{{nexus_config.application_location}}nexus/bin/nexus.vmoptions', regexp: '^-XX:MaxDirectMemorySize', line: "-XX:MaxDirectMemorySize={{ nexus_config.max_direct_memory_size }}m" }
- { path: '{{nexus_config.application_location}}nexus/bin/nexus.vmoptions', regexp: '^-Dkaraf.data', line: "-Dkaraf.data={{ nexus_config.dkaraf_data }}" }
- name: Create a nexus systemd unit file
template:
src: nexus.service.j2
dest: /etc/systemd/system/nexus.service
- name: Add a SELinux policy to allow Systemd to access the nexus binary in path
command: "chcon -R -t bin_t {{nexus_config.application_location}}nexus/bin/nexus"
# ignore_errors: Yes
- name: Enable nexus service
service:
name: "{{ nexus_config.nexus_service_name }}"
enabled: yes
- name: Enasure nexus is restarted
service:
name: "{{ nexus_config.nexus_service_name }}"
state: restarted
daemon_reload: yes
- name: Wait until nexus server get activated
wait_for:
port: "{{ nexus_config.default_nexus_port }}"
delay: 10
and here's my deploy_groovy.yaml file which runs next
---
- name: enable script creation
lineinfile:
path: "{{ nexus_config.application_location }}sonatype-work/nexus3/etc/nexus.properties"
line: "{{ item }}"
create: true
loop:
- nexus.scripts.allowCreation=true
- application-port={{ nexus_config.default_nexus_port }}
- name: Enasure nexus is restarted
service:
name: "{{ nexus_config.nexus_service_name }}"
state: restarted
- name: Wait until nexus server get activated
wait_for:
port: "{{ nexus_config.default_nexus_port }}"
delay: 2
- name: block function
block:
- name: get tempory admin password
command: "cat {{ nexus_config.application_location }}/sonatype-work/nexus3/admin.password"
register: temp_passwd
- name: remove tempory password file
file:
path: "{{ nexus_config.application_location }}sonatype-work/nexus3/admin.password"
state: absent
force: yes
- name: Ensure admin password set to default
set_fact:
current_nexus_admin_password: "{{ temp_passwd.stdout }}"
no_log: false
rescue:
- name: Ensure admin password set to current password
set_fact:
current_nexus_admin_password: "{{ temp_passwd.stdout }}"
no_log: false
- name: Removing (potential) previously declared Groovy script {{ item }}
uri:
url: "http://localhost:{{nexus_config.default_nexus_port}}/service/rest/v1/script/{{ item }}"
user: 'admin'
password: "{{ current_nexus_admin_password }}"
method: DELETE
force_basic_auth: yes
status_code: 204,404
loop:
- update_admin_password
- create_repo_docker_hosted
- create_blobstore
# - name: Enable Nexus scripting
# uri:
# url: "http://localhost:{{ nexus_config.default_nexus_port }}/service/rest/beta/security/scripting"
# user: 'admin'
# password: "{{ current_nexus_admin_password }}"
# method: PUT
# force_basic_auth: yes
# status_code: 204
# body_format: json
# body:
# enabled: true
# register: scripting_result
# - name: Restart Nexus if scripting was enabled
# service:
# name: "{{ nexus_config.nexus_service_name }}"
# state: restarted
# when: scripting_result.status == 204
- name: Declaring Groovy script {{ item }}
uri:
url: "http://localhost:{{nexus_config.default_nexus_port}}/service/rest/v1/script"
user: 'admin'
password: "{{ current_nexus_admin_password }}"
body_format: json
method: POST
force_basic_auth: yes
status_code: 204
body:
name: "{{ item }}"
type: 'groovy'
content: "{{ lookup('file', 'groovy/' + item + '.groovy') }}"
loop:
- update_admin_password
- create_repo_docker_hosted
- create_blobstore
below is the nexus.properties file
# Allow script creation
nexus.scripts.allowCreation=true
