Releases: cloud-pi-native/socle
v3.1.0
v3.0.0
3.0.0 (2025-01-09)
⚠ BREAKING CHANGES
- 💥 Upgrade Nexus version to 3.76.0
Features
- 💥 Upgrade Nexus version to 3.76.0 (db44dfd)
Bug Fixes
- 🐛 Add first install check to prevent failures on upgrades (e1cc7b3)
Release Notes
Upgrade Nexus from 3.68.1 to 3.76.0
As indicated on the download page, beyond Nexus versions 3.70.x, the orientdb database is deprecated and must be migrated.
The 3.71.0 version therefore introduces a breaking change, which requires having previously migrated to another DBMS.
The upgrade page indicates the different options available to us.
It specifies in particular that the use of a PostgreSQL database requires a Pro license.
The other option, which we will therefore turn to, will consist of upgrading to version 3.70.3, then migrating our Nexus instance to an H2 database before continuing the version upgrades.
Prerequisites
Positioning on version 2.14.0 of the Socle repository
We will have to position ourselves on this version before carrying out all subsequent actions:
git checkout v2.14.0Retrieving Nexus credentials
As a precaution, we will first retrieve the credentials of our current Nexus installation.
ansible-playbook admin-tools/get-credentials.yaml -t nexusNote carefuly these credentials, which should ideally be stored in a KeePassXC or Vaultwarden type solution.
Upgrade from 3.68.1 to 3.70.3
Edit the spec.nexus.imageTag parameter in the dsc:
kubectl edit dsc conf-dso nexus:
imageTag: 3.70.3
Restart the install playbook for version upgrade:
ansible-playbook install.yaml -t nexusRetrieve Nexus credentials for connection to the web UI (the playbook will notably tell us the URL of our instance):
ansible-playbook admin-tools/get-credentials.yaml -t nexusCheck in the web UI that the new version number appears (top left).
Migration to H2 database
We first make sure of the type of database we are using, relying for this on the following documentation page:
As indicated, and because we are not using a Pro version of Nexus, we can find the information in our Nexus web interface, as follows:
- Click on the
Administrationtab (gear at the top). - Click on
SupportthenSystem Information.
In the nexus-properties section, we can see that the nexus.orient.enabled option is set to true, which means that we are indeed using an orientdb database.
We will also see in addition that our version of Java, indicated by the java.version parameter is 1.8.0_422.
Based on the table of possible upgrade paths, we will see that we must refer to the following page to perform our migration:
Prior backup of the database
We are going to perform a database backup via a Backup Task.
Reference for memory:
Open a shell on the Nexus pod:
kubectl -n dso-nexus exec -it -c nexus $(kubectl get pods -n dso-nexus -l "app=nexus" -o jsonpath='{.items[0].metadata.name}') -- bashThen create the following temporary directory there:
mkdir /tmp/db-backupVia the web UI, access the Administration tab (gear at the top) then click at the bottom on System then on Tasks.
Click on Create task then on Admin - Export databases for backup.
Give the task a name, for example DB backup.
In the Backup location field, indicate the directory we created previously:
/tmp/db-backupIn the Task frequency field, indicate Manual.
Click on Create task. The DB backup task now appears in the list of available tasks.
Click on the DB backup task then on the Run button (at the top). Validate by clicking on Yes.
The task goes into Running state.
Wait a bit and check in the meantime, via the shell opened in the Nexus pod, that our backup directory is filling up as expected:
du -shx /tmp/db-backup/*Refresh the backup task page from time to time, until it displays Status Waiting and Last result OK.
The page does not indeed refresh automatically.
Switching to readonly mode
The documentation indicates at this point that we need to shut down the Nexus repository.
The idea is to write-protect the database during the migration.
This would amount in our case to scaling down the Nexus deployment to temporarily remove the pod, then mounting the PVC in another pod having the same Java version.
An alternative will be to simply switch our Nexus instance to readonly mode, which also protects the database as indicated here:
To do this, go to the Nexus web UI then, in the Administration part (gear wheel), click at the bottom on System then on Nodes.
Then click on the Enable read-only mode button and confirm.
We will then have to run the migration tool in the Nexus pod.
Migration steps
First we retrieve, on our local workstation, the Database Migrator Utility for 3.70.x whose link is provided here:
wget https://download.sonatype.com/nexus/nxrm3-migrator/nexus-db-migrator-3.70.3-01.jarThen drop this utility in the /tmp/db-backup directory of the Nexus pod, example to be adapted with the name of the pod:
kubectl cp nexus-db-migrator-3.70.3-01.jar -c nexus dso-nexus/nexus-54b5c67fc9-x8rg5:/tmp/db-backupPosition yourself in the shell of the Nexus pod, then in /tmp/db-backup and launch the migration utility as follows:
cd /tmp/db-backupjava -Xmx16G -Xms16G -XX:+UseG1GC -XX:MaxDirectMemorySize=28672M -jar nexus-db-migrator-3.70.3-01.jar --migration_type=h2At the prompt, enter y to continue.
The utility will launch and will notably create a nexus.mv.db file.
Copy this file to the /nexus-data/db directory of our Nexus pod:
cp nexus.mv.db /nexus-data/db/Add the following line to the /nexus-data/etc/nexus.properties file:
nexus.datastore.enabled=true
Not having a text editing command in the pod, we can proceed as follows:
echo "nexus.datastore.enabled=true" >> /nexus-data/etc/nexus.propertiesWarning, very important! Via the web UI, take the node out of readonly mode.
To do this, in the Administration part (gear wheel), click at the bottom on System then on Nodes.
Then click on the Disable read-only mode button and confirm.
Indeed, if we forget this step the database upgrade will fail.
If this happens, we will have to resume the whole process by first recovering the /nexus-data/db/nexus.mv.db file locally from the pod (before it goes into crashloopbackoff). And we will only be able to connect to the UI with the old password recovered at the beginning of the procedure. It will then be necessary to put the old password back in the dso-config secret of the DSO Console namespace.
End of database migration
Close the pod's shell and delete the Nexus pod to restart it.
Monitor the pod's logs once it is UP, for example using K9s, until it has finished the migration tasks and displays the following message:
Started Sonatype Nexus OSS 3.70.3-01
Reconnect to the web UI and access the Administration then Support and System Information section.
We should see that the following parameters are set as follows:
nexus.datastore.enabled true
nexus.orient.enabled false
If we consult the nexus.log file in the Logs section of Support, we will notice the presence of a certain number of rebuild tasks and others, as indicated here:
Upgrade Java version
Our database having been migrated to H2, we can now proceed with the Java upgrade to version 17.
To do this, we edit the nexus.imageTag parameter in the dsc as follows:
kubectl edit dsc conf-dso
nexus:
imageTag: 3.70.3-java17-alpineThen we restart the install playbook for the Java version upgrade:
ansible-playbook install.yaml -t nexusWe can then check the version of Java used via the web UI, by going through Administration > Support > System Information and noting the presence of the following entries:
java.runtime.version 17.0.12+7-alpine-r0
java.specification.version 17
java.specification.version 17
java.version 17.0.12
java.vm.specification.version 17
java.vm.version 17.0.12+7-alpine-r0
Upgrade Nexus from 3.70.3 to 3.76.0 (latest)
We will have to edit the dsc one last time:
kubectl edit dsc conf-dsoIn order to remove the nexus.imageTag parameter line.
Then we will have to position ourselves on version 3.0.0 of the Socle:
git checkout v3.0.0And restart the install playbook to upgrade Nexus to version 3.76.0:
ansible-playbook install.yaml -t nexusThen check the version upgrade via the web UI and reconnect with the admin credentials.
Deleting the DB Backup task
Via the Nex...
v2.14.0
v2.13.0
2.13.0 (2024-12-10)
Features
- ⬆️ upgrade keycloak to v26.0.5 (2c1401e)
- ⬆️ Upgrade Vault version from 1.14.0 to 1.18.1 (a2bb7c0)
- ✨ add sonar cnes report allowing exports (8021d91)
- ✨ handle CNPG cluster images override (a28088e)
Bug Fixes
- 🎨 Add missing Argo CD ingressClassName (bc39fe0)
- 🐛 correctly handle imageName variable (db04671)
- 🐛 Fix some alert rules (missing namespace label) (6a91a7f)
- ✏️ ansible-lint (5278669)
- ✏️ grammar, description's 76 char width and full stop, fix urls, remove ref to bitnami for argocd & sonarqube (f57aceb)
- ✏️ https links (80412d6)
- ✏️ typos, grammar, double/end-of-line spaces (fa8fecb)
- 🚨 eslint (16492de)
Reverts
- ⏪ CHANGELOG.md (7483100)