From 9314d19bbf02c29405920e39b793e6589a5fd1c3 Mon Sep 17 00:00:00 2001 From: xuchuan19 Date: Mon, 11 Aug 2025 16:53:02 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E5=8F=96=E6=B6=88=E5=85=A8=E9=9B=B6?= =?UTF-8?q?=E7=9B=91=E5=90=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ascend_deployer/scripts/nexus.py | 93 ++++++++++++++++++++++++++++++-- 1 file changed, 88 insertions(+), 5 deletions(-) diff --git a/ascend_deployer/scripts/nexus.py b/ascend_deployer/scripts/nexus.py index eb77e176..d96f4c48 100644 --- a/ascend_deployer/scripts/nexus.py +++ b/ascend_deployer/scripts/nexus.py @@ -225,7 +225,6 @@ class OsRepository: def _run_nexus(self): self._delete_nexus_container() self._create_data_dir() - network_command_opt = "" if self.working_on_ipv6: if not os.path.exists("/etc/docker/daemon.json"): os.makedirs("/etc/docker/", mode=0o755, exist_ok=True) @@ -239,14 +238,98 @@ class OsRepository: json.dump(docker_settings, fid, indent=1) self._run_cmd("systemctl daemon-reload") self._run_cmd("systemctl restart docker") - self._run_cmd("docker network create --ipv6 --subnet 2001:0DB8::/112 ip6net_nexus") - network_command_opt = "--network ip6net_nexus" + self._run_cmd("docker load -i {}".format(self.nexus_image)) - start_nexus_cmd = "docker run -d --name nexus {} -p {}:8081 -v {}:/nexus-data {}".format( - network_command_opt, self.nexus_run_port, self.nexus_data_dir, self.nexus_image_name + start_nexus_cmd = "docker run -d --name nexus --network host -v {}:/nexus-data {}".format( + self.nexus_data_dir, self.nexus_image_name ) self._run_cmd(start_nexus_cmd) + # 开放防火墙端口 + self._open_firewall_port() + + # 修改/nexus-data/etc/nexus.properties 绑定 IP 和端口 + self._update_nexus_properties() + + def _open_firewall_port(self): + """ + Open firewall rules for Nexus port + """ + try: + # Check and open firewalld port + out, _ = self._run_cmd("systemctl is-active firewalld", ignore_errors=True, log=False) + if "active" in out: + cmd = "firewall-cmd --permanent --add-port={}/tcp".format(self.nexus_run_port) + self._run_cmd(cmd, ignore_errors=True) + self._run_cmd("firewall-cmd --reload", ignore_errors=True) + LOG.info("Opening port {} using firewalld".format(self.nexus_run_port)) + return + + # Check and open iptables port (without overwriting existing config) + out, _ = self._run_cmd("systemctl is-active iptables", ignore_errors=True, log=False) + if "active" in out: + # 只添加规则,不保存到文件(规则在重启后会丢失) + cmd = "iptables -I INPUT -p tcp --dport {} -j ACCEPT".format(self.nexus_run_port) + self._run_cmd(cmd, ignore_errors=True) + LOG.info("Added iptables rule for port {} (not persisted across reboots)".format(self.nexus_run_port)) + return + + # Check and open ufw port + out, _ = self._run_cmd("ufw status", ignore_errors=True, log=False) + if "active" in out: + cmd = "ufw allow {}".format(self.nexus_run_port) + self._run_cmd(cmd, ignore_errors=True) + LOG.info("Opening port {} using ufw".format(self.nexus_run_port)) + return + + LOG.info("No active firewall service detected, skipping port opening") + except Exception as e: + LOG.warning("Error opening firewall port: {}".format(str(e))) + + def _update_nexus_properties(self): + """ + 等待 /nexus-data/etc/nexus.properties 生成,并修改绑定 IP 和端口 + """ + nexus_properties_path = os.path.join(self.nexus_data_dir, "etc", "nexus.properties") + + # 等待 nexus.properties 生成(最多等待 120 秒) + timeout = 120 + start_time = time.time() + while not os.path.exists(nexus_properties_path): + if time.time() - start_time > timeout: + raise RuntimeError("Timeout waiting for nexus.properties, Nexus may not have initialized correctly") + time.sleep(2) # 每 2 秒检查一次 + + # 读取原配置 + with open(nexus_properties_path, "r") as f: + props = f.readlines() + + # 更新或添加 application-host 和 application-port + new_lines = [] + host_found = False + port_found = False + for line in props: + if line.strip().startswith("application-host="): + new_lines.append("application-host={}\n".format(self.nexus_run_ip)) + host_found = True + elif line.strip().startswith("application-port="): + new_lines.append("application-port=58081\n") + port_found = True + else: + new_lines.append(line) + + if not host_found: + new_lines.append("application-host={}\n".format(self.nexus_run_ip)) + if not port_found: + new_lines.append("application-port=58081\n") + + # 写回nexus.properties + with open(nexus_properties_path, "w") as f: + f.writelines(new_lines) + + # 重启 Nexus 容器让配置生效 + self._run_cmd("docker restart nexus") + class YumRepository(OsRepository): def create_blob(self): -- Gitee From 64c3623ed72eb4b1166da7a2b4b7f68bdaa6f779 Mon Sep 17 00:00:00 2001 From: xuchuan19 Date: Wed, 13 Aug 2025 15:24:34 +0800 Subject: [PATCH 2/2] =?UTF-8?q?=E5=8F=96=E6=B6=88=E5=85=A8=E9=9B=B6?= =?UTF-8?q?=E7=9B=91=E5=90=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ascend_deployer/scripts/nexus.py | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/ascend_deployer/scripts/nexus.py b/ascend_deployer/scripts/nexus.py index d96f4c48..a2879f8d 100644 --- a/ascend_deployer/scripts/nexus.py +++ b/ascend_deployer/scripts/nexus.py @@ -309,12 +309,22 @@ class OsRepository: host_found = False port_found = False for line in props: - if line.strip().startswith("application-host="): - new_lines.append("application-host={}\n".format(self.nexus_run_ip)) + stripped = line.strip() + + if stripped.startswith("application-host="): + value = stripped.split("=", 1)[1].strip() + if not value or value == "0.0.0.0": # 按需判断是否替换 + value = self.nexus_run_ip + new_lines.append("application-host={}\n".format(value)) host_found = True - elif line.strip().startswith("application-port="): - new_lines.append("application-port=58081\n") + + elif stripped.startswith("application-port="): + value = stripped.split("=", 1)[1].strip() + if not value or not value.isdigit(): + value = "58081" + new_lines.append("application-port={}\n".format(value)) port_found = True + else: new_lines.append(line) -- Gitee