vmware · VenelinBakalov · Oct 14, 2024 · Jul 23, 2024 · Sep 13, 2024 · Sep 20, 2024
@@ -47,3 +47,5 @@ typescript/vrotsc-annotations/package-lock.json
 .vscode/*
 
 .flattened-pom.xml
+
+infrastructure/.m2/repository
@@ -39,33 +39,49 @@ There are several things that need to be in place before you can use the Build T
 
 #### Java Keystore
 
-Java keystore used for signing packages build time.
+Java keystore is used for signing packages build time.
 
-```shell
-# Create new Keystore
-keytool -keystore package.jks -genkey -alias _dunesrsa_alias_ -storepass 'VMware1!' -keyalg RSA
+#### Create private key and certificate
 
-# Delete default alias
-keytool -delete -alias _dunesrsa_alias_ -keystore package.jks -storepass 'VMware1!'
+The process creates an archive called **archetype.keystore-1.0.0** (artifact name + version) containing the generated files (**archetype.keystore**, **cert.pem**, **private_key.pem** ). The archive needs to be deployed on the artifact manager.
 
-# Generate new Key
-keytool -genkey -keyalg RSA -keysize 2048 -alias _dunesrsa_alias_ -keystore package.jks -storepass 'VMware1!' -validity 3650 -dname 'CN=Project,OU=Department,O=Company,L=City,ST=State,C=XX,[email protected]'
+```sh
+mkdir -p ~/cert/archetype.keystore-1.0.0
+cd ~/cert/archetype.keystore-1.0.0
 
-##  Optional  ##
+## Create the certificates and fill in the required country,state,location,organization details ...
+openssl req -newkey rsa:2048 -new -x509 -days 3650 -keyout private_key.pem -out cert.pem
+keytool -genkey -v -keystore archetype.keystore -alias _dunesrsa_alias_ -keyalg RSA -keysize 2048 -validity 10000
 
-# Generate Certificate Signing Request
-keytool -certreq -alias _dunesrsa_alias_ -keypass 'VMware1!' -keystore package.jre -storepass 'VMware1!' -file packageCertRequest.csr
+cd ~/cert
+zip archetype.keystore-1.0.0.zip -r archetype.keystore-1.0.0
+```
+`Note:` Its very important to note that "Email" field should be EMPTY, otherwise the vRO import will break with 400 OK error
 
-# Import the signed certificate
-keytool -importcert -alias _dunesrsa_alias_ -keypass 'VMware1!' -file packageCertRequest.crt -keystore package.jks -storepass 'VMware1!'
+`Note:` JKS is a propriatary format specific to the particular JVM provider. When running above commands, ensure the keytool used is the one under the JVM that Maven would use (check with `mvn -v`).
 
-# Export/Backup Certificate
-keytool -exportcert -alias _dunesrsa_alias_ -keystore package.jks -storepass 'VMware1!' -file packageCertExport
-```
+#### Deploy the keystore artifact
 
-> **Note**: Mind the single quotes in the examples above on Windows - those might be part of the passowrd depending on which interpreter (shell) you are using. Correct the string literal and escaping appropriately for your case.
+The artifact should be deployed to any path as long as the **settings.xml** file points to it.
 
-**Note**: JKS is a propriatary format specific to the particular JVM provider. When running above commands, ensure the keytool used is the one under the JVM that Maven would use (check with `mvn -v`).
+Example:
+- artifact group ID: com.clientname.build
+- artifact ID: archetype.keystore
+- artifact version: 1.0.0
+- **keystorePassword** and **vroKeyPass** passwords need to be replaced with the values used during the key generation process above
+- settings section:
+```xml
+<properties>
+    <keystoreGroupId>com.clientname.build</keystoreGroupId>
+    <keystoreArtifactId>archetype.keystore</keystoreArtifactId>
+    <keystoreLocation>target/${keystoreArtifactId}-${keystoreVersion}/archetype.keystore</keystoreLocation>
+    <keystoreVersion>1.0.0</keystoreVersion>
+    <keystorePassword>{{keystorePassword}}</keystorePassword>
+    <vroPrivateKeyPem>target/${keystoreArtifactId}-${keystoreVersion}/private_key.pem</vroPrivateKeyPem>
+    <vroCertificatePem>target/${keystoreArtifactId}-${keystoreVersion}/cert.pem</vroCertificatePem>
+    <vroKeyPass>{{vroKeyPass}}</vroKeyPass>
+</properties>
+```
 
 #### Global Configuration (*settings.xml*)
 

@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<settings xmlns="http://maven.apache.org/SETTINGS/1.1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.1.0 http://maven.apache.org/xsd/settings-1.1.0.xsd">
+    <servers>
+        <server>
+            <id>releases</id>
+            <username>admin</username>
+            <password>VMware1!</password>
+        </server>
+        <server>
+            <id>snapshots</id>
+            <username>admin</username>
+            <password>VMware1!</password>
+        </server>		
+    </servers>
+    <mirrors>
+        <mirror>
+            <id>nexus</id>
+            <mirrorOf>*</mirrorOf> <!-- Use '*' for all repositories or 'central,snapshots' to specify -->
+            <name>Mirror of Central Repository</name>
+            <url>https://repo1.maven.org/maven2/</url>
+        </mirror>
+    </mirrors>
+    <profiles>
+        <profile>
+            <id>nexus</id>
+
+            <properties>
+            	<releaseRepositoryUrl>http://infra.corp.local/nexus/repository/maven-releases/</releaseRepositoryUrl>
+            	<snapshotRepositoryUrl>http://infra.corp.local/nexus/repository/maven-snapshots/</snapshotRepositoryUrl>
+            </properties>
+
+            <repositories>
+                <repository>
+                    <id>releases</id>
+                    <name>maven-releases</name>
+                    <url>http://infra.corp.local/nexus/repository/maven-releases/</url>
+                    <releases>
+                        <enabled>true</enabled>
+                    </releases>
+                    <snapshots>
+                        <enabled>false</enabled>
+                    </snapshots>
+                </repository>
+                <repository>
+                    <id>snapshots</id>
+                    <name>maven-snapshots</name>
+                    <url>http://infra.corp.local/nexus/repository/maven-snapshots/</url>
+                    <releases>
+                        <enabled>false</enabled>
+                    </releases>
+                    <snapshots>
+                        <enabled>true</enabled>
+                    </snapshots>
+                </repository>
+            </repositories>
+        </profile>
+        <profile>
+            <id>packaging</id>
+            <properties>
+                <keystoreGroupId>com.vmware.pscoe.build</keystoreGroupId>
+                <keystoreArtifactId>keystore.example</keystoreArtifactId>
+                <keystoreVersion>2.42.0</keystoreVersion>
+                <vroPrivateKeyPem>target/${keystoreArtifactId}-${keystoreVersion}/private_key.pem</vroPrivateKeyPem>
+                <vroCertificatePem>target/${keystoreArtifactId}-${keystoreVersion}/cert.pem</vroCertificatePem>
+                <vroKeyPass>VMware1!</vroKeyPass>
+            </properties>
+        </profile>
+    </profiles>
+    <activeProfiles>
+        <activeProfile>nexus</activeProfile>
+        <activeProfile>packaging</activeProfile>
+    </activeProfiles>
+</settings>
@@ -1,85 +1,88 @@
-version: "3"
 services:
-  # NGINX reverse proxy server
   nginx:
-    image: nginx:1.18.0
+    image: nginx
     container_name: nginx
     restart: always
     networks:
       infranet:
-        ipv4_address: 172.18.0.10
+        ipv4_address: 172.19.0.10
     ports:
-      - "80:80"
-      - "443:443"
+      - 80:80 # Web Interface
     hostname: "infra.corp.local"
     volumes:
-      - "./nginx/conf.d:/etc/nginx/conf.d"
-      - "./nginx/vhost.d:/etc/nginx/vhost.d"
-      - "./nginx/html:/usr/share/nginx/html"
-      - "./nginx/certs:/etc/nginx/certs:ro"
-      - "./nginx/proxy.conf:/etc/nginx/proxy.conf:ro"
-      - "/var/log/nginx:/var/log/nginx"
-  # GitLab CE Git repository manager
+      - "./nginx:/etc/nginx/"
+  nexus:
+    image: sonatype/nexus3 # Linux
+    #image: klo2k/nexus3 # Mac
+    container_name: nexus
+    hostname: "nexus.corp.local"
+    environment:
+      NEXUS_CONTEXT: nexus
+    networks:
+      infranet:
+        ipv4_address: 172.19.0.11
+    extra_hosts:
+      - "gitlab.corp.local:172.19.0.12"
+    ports:
+     - 8081:8081 # Web Interfac
+    volumes:
+      - "nexus-data:/var/sonatype/work"
+    restart: always
+    ulimits:
+      nproc: 65535
+      nofile:
+        soft: 32000
+        hard: 40000
   gitlab:
-    image: gitlab/gitlab-ce:12.10.3-ce.0
+    image: gitlab/gitlab-ce # Linux
+    #image: yrzr/gitlab-ce-arm64v8 # Mac
     container_name: gitlab-ce
     restart: always
     environment:
       GITLAB_OMNIBUS_CONFIG: |
-        external_url "http://infra.corp.local/gitlab"
+        external_url 'http://infra.corp.local/gitlab'
     networks:
       infranet:
-        ipv4_address: 172.18.0.11
+        ipv4_address: 172.19.0.12
     extra_hosts:
-      - "infra.corp.local:<DOCKER_HOST_IP>"
+      - "infra.corp.local:172.19.0.10"
     ports:
-    - "127.0.0.1:8080:80"
+      - 8082:80 # Web Interface
+      - 8022:22 # SSH
     hostname: "gitlab.corp.local"
     volumes:
-      - "/srv/gitlab/config:/etc/gitlab"
-      - "/srv/gitlab/logs:/var/log/gitlab"
-      - "/srv/gitlab/data:/var/opt/gitlab"
-  # GitLab CI Runner for CI/CD integration
+      - "gitlab-config:/var/gitlab/config"
+      - "gitlab-data:/var/gitlab/data"
+      - "gitlab-log:/var/gitlab/log"
   gitlab-runner:
-    image: pscoelab/vrbt-gitlab-runner:latest
+    image: gitlab-runner # Custom image build from the gitlab-runner directory
     container_name: gitlab-runner
     restart: always
     hostname: "gitlab-runner.corp.local"
     networks:
       infranet:
-        ipv4_address: 172.18.0.12
-    extra_hosts:
-      - "infra.corp.local:172.18.0.10"
-      - "gitlab.corp.local:172.18.0.11"
-      - "artifactory.corp.local:172.18.0.13"
-    volumes:
-     - "/srv/gitlab-runner/config:/etc/gitlab-runner"
-     - "/srv/gitlab-runner/m2:/home/gitlab-runner/.m2"     
-     - "/srv/gitlab-runner/opt:/var/opt"     
-     - "/var/run/docker.sock:/var/run/docker.sock"
-  # JFrog Artifactory OSS for artifact management
-  artifactory:
-    image: docker.bintray.io/jfrog/artifactory-oss:6.19.1
-    container_name: artifactory
-    hostname: "artifactory.corp.local"
-    networks:
-      infranet:
-        ipv4_address: 172.18.0.13
+        ipv4_address: 172.19.0.13
     extra_hosts:
-      - "gitlab.corp.local:172.18.0.11"
+      - "infra.corp.local:172.19.0.10"
+      - "nexus.corp.local:172.19.0.11"
+      - "gitlab.corp.local:172.19.0.12"
     ports:
-     - 127.0.0.1:8081:8081
+      - 2811:2811
     volumes:
-     - /data/artifactory:/var/opt/jfrog/artifactory
-#    Add extra Java options by uncommenting the following lines
-#    environment:
-#     - EXTRA_JAVA_OPTIONS=-Xmx4g
-    restart: always
-    ulimits:
-      nproc: 65535
-      nofile:
-        soft: 32000
-        hard: 40000
+      - "./.m2:/home/gitlab-runner/.m2"
+      - "gitlab-runner-config:/var/gitlab-runner/config"
+      - "gitlab-runner-opt:/var/gitlab-runner/opt"
+      - "/var/run/docker.sock:/var/run/docker.sock"
+volumes:
+  nexus-data: {}
+  gitlab-config: {}
+  gitlab-data: {}
+  gitlab-log: {}
+  gitlab-runner-config: {}
+  gitlab-runner-opt: {}
 networks:
- infranet:
-  external: true
+  infranet:
+    driver: bridge
+    ipam:
+      config:
+        - subnet: 172.19.0.0/24
@@ -0,0 +1,20 @@
+FROM gitlab/gitlab-runner:latest
+
+RUN apt-get update
+RUN apt-get install -y curl
+RUN apt-get install -y openjdk-17-jdk
+RUN apt-get install -y software-properties-common
+RUN apt-get install -y maven
+
+# Install Node.js (npm is included in the package)
+RUN curl -fsSL https://deb.nodesource.com/setup_14.x | bash -
+RUN apt-get install -y nodejs
+
+# Print the versions
+RUN node -v
+RUN npm -v
+RUN mvn -v
+RUN java --version
+
+# Clean up the package lists to reduce image size
+RUN rm -rf /var/lib/apt/lists/*