Infrastructure Anti-pattern: Death by a Thousand Passwords
I’ve had the opportunity to see many development environments: from the mature organization with tens of thousands of developers that can afford to spend millions on dedicated infrastructure teams, to the three person start-up lacking something as simple as source control. This series of posts discusses some of the common anti-patterns in development infrastructure that are relevant regardless of team size or approach. It also provides some hints for how to avoid these problems.
Problem/Anti-pattern: Too Many Logins
No matter how mature your process is, I’ve always found credentials to be especially difficult for a new hire. It takes days, and then, even when you think you’ve created all of the necessary passwords, there are those other systems that jump up from out of nowhere.
“Do you have a login for Subversion? No. Talk to Tom about that? How about JIRA? I’m not sure who setup JIRA, let me check on that. Ok, we have this VPN, and you are going to need to get those credentials in order to check your email which, unfortunately, is a whole different set of passwords.”
The first few days of employment are meeting people, downloading Gigabytes of software, and remembering an encyclopedia of passwords. Some of these password might be managed by HR, others are managed by your Technology department, but this post focuses on those credentials that affect development infrastructure. If your development infrastructure is mature, your organization might solve this by consolidating authorization and access control information on an LDAP server or Atlassian’s Crowd. If you don’t use one of these products, then you are dealing with an expanding constellation of moving parts: JIRA, Subversion, GitHub, Basecamp, Bugzilla, Confluence, Twiki, Matrix, CruiseControl, etc.
Partitioning Nexus Repositories: Video Overview and Demonstration
This video is a follow-up to Juven Xu’s post from this morning,
How to Partition Nexus Repositories: Targets, Privileges, and Roles. It provides some motivation and quick demonstration of how repositories are partitioned on http://oss.sonatype.org.
How to Partition Nexus Repositories: Targets, Privileges, and Roles
Part of my daily routine involves managing the Sonatype OSS Repository
, a free, hosted Nexus Professional instance for hosting open source project repositories . There are more than 100 projects hosted on the OSS instance, and each project has at least one release repository, one snapshot repository, and one repository group. When we started offering this service I would create two repositories and a single repository group for each project, but as community adoption increased, I found that managing hundreds of repositories was become a very complicated and time-consuming task. In this post, I’m going to discuss how I consolidated hundreds of repositories down to a single release repository, snapshot repository, and repository group. I’m also going to discuss how I used Nexus security settings to partition these consolidated repositories, providing necessary isolation between separate projects.
If you are running a large instance of Nexus to manage internal development, or if you are responsible for an open source project’s installation of Nexus, you can use the approach outlined in this post. (more…)
Nexus 1.5.0 Highlights: Open Sourcing Nexus LDAP Integration
With the 1.5.0 release of Nexus, Sonatype is opening up the current LDAP features in Pro, and making them a part of Nexus Open Source. Starting with this release, Nexus Open Source users will be able to integrate with LDAP, Active Directory, and Atlassian Crowd servers (via LDAP). Nexus is the only repository manager with both Authentication AND Authorization (group / role mapping) via LDAP and now this integration is free for all to use.
As we transition this feature to Nexus Open Source, we are also announcing a new Nexus Enterprise LDAP plugin that will support more advanced deployment use cases including support for federated LDAP servers and more intelligent caching of authentication information. (more…)
Meet the Nexus Remote Repository Browsing Plugin
Having used Nexus since it was a beta release and having also written a Plexus component-style Nexus plugin (the nexus-ldap realm), I was curious about the new Nexus Plugin API introduced in Nexus 1.4.0. To try it out, I asked two of our developers here at Devoteam Sweden to develop the Nexus Remote Repository Browsing Plugin – a Nexus plugin that makes it possible to directly browse the remote Maven repository of a proxy repository within the Nexus UI. The plugin has been contributed to Nexus OSS and will be released as a part of the upcoming 1.5.0 release. In this blog post, I will talk a little bit about the plugin and its use case. (more…)
