Skip Navigation

Repository Management

Chapter 10

10.1 Installing and Running Sonatype Nexus Repository

10.1.1. Task

You need to download and install Sonatype Nexus Repository to proxy and host Maven repositories.

10.1.2. Action

If you've installed Sonatype Nexus Repository on the default port 8081 listening on localhost, going to http://localhost:8081/nexus/ will load the interface shown in Figure 10.3, “Crowd Menu Link under the Security Section of the Nexus Menu”.

repoman open source unauthenticated

Figure 10.1. Sonatype Nexus Repository Prior to Authentication

Clicking on the Log In link in the upper right-hand corner of the window, will prompt you for a username and password in the Sonatype Nexus Repository Log In dialog in shown in Figure 10.2, “The Nexus Log In Dialog”. The default administrative username is "admin" and the default administrative password is "admin123".

repoman login

Figure 10.2. The Sonatype Nexus Log In Dialog

Once you have successfully authenticated as an administrative user, you will see the full Sonatype Nexus Repository user interface as shown in Figure 10.3, “Crowd Menu Link under the Security Section of the Nexus Menu”.

repoman open source interface

Figure 10.3. Crowd Menu Link under the Security Section of the Sonatype Nexus Repository Menu

10.2. Proxying a Remote Repository

10.2.1. Task

You and your team or organization are heavy users of remote repositories. Every time a user installs a development environment, they end up downloading data directly from the remote repository. You want to create a caching proxy of the remote repository that will increase the speed of your builds and give you some stability in case the remote repository is unavailable.

10.2.2. Action

To configure a new Proxy repository, open the Repositories panel by clicking on Repositories under Views/Repositories section of the Sonatype Nexus Repository menu. Clicking Repositories should display the Repositories panel shown in Figure 10.4, “Opening the Repositories Panel”.

repoman open repositories

Figure 10.4. Opening the Repositories Panel

To create a new proxy repository, click on the Add... button and select Proxy Repository from the dropdown as shown in Figure 10.5, “Creating a New Proxy Repository”.

repoman create proxy

Figure 10.5. Creating a New Proxy Repository

When you create a new proxy repository, you'll need to choose a Repository ID. A Repository ID is an internal identifier which is used in the URL that you will connect your clients to. The standard for Repository IDs is to use a lower case word or words separated by a hyphen. Examples of valid Repository IDs are: "central", "internal", and "custom-snapshots".

Other important fields in the form shown in Figure 10.5, “Creating a New Proxy Repository”, are: Repository Policy, Remote Storage Location, and Download Remote Indexes. The repository policy controls what artifacts can be stored in a repository: snapshot artifacts or release artifacts. The Remote Storage Location is the URL of the remote repository, and Download Remote Indexes tells Sonatype Nexus Repository to download an index that will enable searching and browsing from the remote repository.

10.3. Browsing a Sonatype Nexus Repository

10.3.1. Task

You want to browse the contents of a Sonatype Nexus Repository.

10.3.2. Action

If your Sonatype Nexus Repository is a proxy repository, you will have two browsing tabs available: Browse Storage and Browse Index. If your Sonatype Nexus Repository is a hosted repository, you will only see the Browse Storage option, and if you are browsing a repository group, you will see both Browse Storage and Browse Index.

The Browse Storage tab shown in Figure 10.6, “Browsing Repository Storage”, allows you to see the artifacts that available available in the local disk storage associated with a repostiory. If you are browsing a hosted repository, the storage contains the entire repository. If you are browsing a proxy repository, the Browse Storage tab will display only the artifacts that have been referenced, downloaded, and cached by Sonatype Nexus Repository.

repoman browse storage repo tab

Figure 10.6. Browsing Repository Storage

If you are browsing a proxy repository and you have configured Sonatype Nexus Repository to download the remote repository index, you will be able to browse the entire repository in the Browse Index tab as shown in Figure 10.7, “Crowd Menu Link under the Security Section of the Sonatype Nexus Menu”.

repoman browse index repo tab

10.4. Configuring a Sonatype Nexus Repository

10.4.1 Task

You need to change the configuration of a Sonatype Nexus repository.

10.4.2 Action

To configure a Sonatype Nexus Repository, click on Repositories under the Views/Repositories section of the Sonatype Nexus Repository menu, and then select the repository you wish to configure. Once the repository is select, click on the Configuration tab to display the form shown in Figure 10.8, “Crowd Menu Link under the Security Section of the Sonatype Nexus Menu”.

repoman configuration repo tab

Figure 10.8. Crowd Menu Link under the Security Section of the Sonatype Nexus Menu

10.5. Viewing Summary Information for Sonatype Nexus Repositories

10.5.1 Task

You need to view some summary information about a particular repository in Sonatype Nexus.

10.5.2 Action

To view summary information about a Sonatype Nexus repository, click on Repositories under the Views/Repositories section of the Sonatype Nexus menu, and then select the repository you wish to view. Once the repository is select, click on the Summary tab to display the form shown in Figure 10.9, “Crowd Menu Link under the Security Section of the Sonatype Nexus Menu”.

repoman summary repo tab

Figure 10.9. Crowd Menu Link under the Security Section of the Sonatype Nexus Menu

10.6. Using Mirrors for Proxy Repositories

10.6.1. Task

You want to help ease the traffic and bandwidth burden on the Central Maven repository by configuring your Sonatype Nexus instance to use a mirror to download artifacts.

10.6.2. Action

Once you have created a proxy repository, you should configure Sonatype Nexus Repository to download artifacts from one or more mirrors. To configure mirrors, click on Repositories under the View/Repositories section of the Sonatype Nexus menu, select the proxy repository you want to configure, and then select the Mirrors tab for this repository. Clicking on the Mirrors tab will display the form shown in Figure 10.10, “Configuring Mirrors for Proxy Repositories”.

repoman mirror repo tab

Figure 10.10. Configuring Mirrors for Proxy Repositories

The Central Maven repository contains an XML file which will be used to populate the mirrors dropdown shown in Figure 10.10, “Configuring Mirrors for Proxy Repositories”. To configure a mirror, select it from the dropdown, and click on the Add button to add the mirror to the list of Mirror URLs.

10.6.3. Details

When a proxy repository is configured to retrieve artifacts from a Mirror, it will consult each configured mirror in the order shown in the Mirror URLs list from Figure 10.10, “Configuring Mirrors for Proxy Repositories”.. While Sonatype Nexus Repository will retrieve POM information, checksums, and PGP signatures from the original repository, it will retrieve all artifacts directly from the first available mirror.

10.7. Grouping Repositories

10.7.1. Task

You want to consolidate access to multiple repositories with a single repository URL.

10.7.2. Action

Sonatype Nexus Repository provides for the ability to group one or more repositories into a Repository Group. The default installation of Sonatype Nexus is preconfigured with two Repository Groups: Public Repositories and Public Snapshot Repositories. Public Repositories groups all of the repositories with a Release policy together, and Public Snapshot Repositories groups all of the repositories with a Snapshot policy together. To add a repository to the Public Repositories group, click on Repositories under the View/Repositories section of the Sonatype Nexus menu, and then click on the Repository Group that you want to add a Repository to. Once the group is selected, click on the Configuration tab shown in Figure 10.11, “Adding a Repository to a Repository Group”, and drag the repository you wish to add from the Available Repositories list to the Ordered Group Repositories list.

repoman add to group

Figure 10.11. Adding a Repository to a Repository Group

To add a new Repository Group, click on the Add.. button and choose Repository Group.

repoman adding new group

Figure 10.12. Adding a New Repository Group

10.8. Installing Sonatype Nexus Repository

10.8.1. Task

You need to download and install Sonatype Nexus Repository to integrate your repository manager with enterprise security, manage the procurement of software artifacts, and track staged software releases.

10.8.2. Action

To download and install Sonatype Nexus Repository, follow the instructions in Section 2.1.2, "Downloading Sonatype Nexus Repository" , and Section 2.2.3, "Installing Sonatype Nexus Repository", from "Repository Management with Sonatype Nexus".

10.9. Configuring a Staging Repository for Deployment in Sonatype Nexus Repository

There might be any number of reasons why you might want to require your developers to use a staging repository. You might want to make sure that software artifacts contain valid POMs using a Staging Ruleset, or you might want to make sure that your process guarantees that QA has the final decision making authority to either promote or drop a release candidate. Staged software releases are very easy to implement using the Staging Plugin in Sonatype Nexus Repository. If you want to learn how to make a staged release, you can read the remainder of this section.

10.9.1. Task

Deploy an artifact to a staging repository in Sonatype Nexus Repository.

10.9.2. Action

First step, is to download Sonatype Nexus Repository if you don’t already have it installed, you can do so, by going to the Sonatype Nexus Repository product page and clicking on the download link in the right-hand menu. Once you’ve downloaded Sonatype Nexus Repository, log in as an administrator as you must have administrative rights to perform the following configuration:

  1. From Sonatype Nexus Repository, click on the ‘Repositories’ link in left navigation.
  2. Click on the repository you want to use, or create one (If you need help with that take a look at the Nexus book, here)
  3. Click on the ‘Configuration’ tab.
  4. Set the ‘Deployment Policy’ field to "Read Only".
  5. Click the Save button.

repoman stage allow deploy release

Figure 10.13. Prohibit Direct Deployment to a Release Repository

That is it! Users will not be able to deploy or upload artifacts directly to the repository. All artifacts must be staged and promoted to this repository. For more information on staging and promoting take a look at this, or with the maven plugin, here.

Next, create a staging repository. To create a staging repository:

  1. From Sonatype Nexus Repository, click on the ‘Staging’ link in left navigation.
  2. Click the ‘Add’ button then the ‘Staging Profile’ item.
  3. Enter the following information:
    • Profile Name: Staging Demo Profile
    • Profile Repository Target: All (Maven2)
    • Staging Repository ID Template: staging-demo
    • Staging Repository Name Template: Staging Demo
    • Staging Repository Template: Default Release Hosted Repository Template
    • Target Groups: Public Releases
  4. Click the ‘Save’ button

repoman stage create stage profile

Figure 10.14. Configuring a Staging Profile

Next, assign new permissions to users who will need to deploy to the staging repository. A new role is created for each staging profile that is created ( in this example the role is ‘Staging Deployer: (Staging Demo Profile)’). Assign the new role to your users. You can find more details on user management, here.

repoman stage roles

Figure 10.15. Assigning Staging Roles