Nexus storage change, update Nexus to latest 3.70.x version (#1342)

Author: BraisVQ

CHANGELOG.md

@@ -6,6 +6,7 @@
 
 
 ### Changed
+- Nexus storage change ([#1341](https://github.com/opendevstack/ods-core/issues/1341))
 
 
 ### Fixed

Makefile

@@ -179,6 +179,13 @@ backup-sonarqube:
 .PHONY: backup-sonarqube
 
 
+# PVC MIGRATION
+## Migrate data from one PVC to another.
+migrate-pvc-data:
+	./scripts/migrate_pvc_data.sh --source-pvc $(SOURCE_PVC) --target-pvc $(TARGET_PVC) --namespace $(ODS_NAMESPACE)
+.PHONY: migrate-pvc-data
+
+
 ### HELP
 ### Based on https://gist.github.com/prwhite/8168133#gistcomment-2278355.
 help:

configuration-sample/ods-core.env.sample

@@ -45,8 +45,8 @@ ODS_BITBUCKET_PROJECT=opendevstack
 # Nexus base image
 # See Dockerhub https://hub.docker.com/r/sonatype/nexus3/tags.
 # Officially supported is:
-# - 3.70.3-java11-ubi
-NEXUS_IMAGE_TAG=3.70.3-java11-ubi
+# - 3.70.4-java11-ubi
+NEXUS_IMAGE_TAG=3.70.4-java11-ubi
 
 # Nexus host without protocol.
 # The domain should be equal to OPENSHIFT_APPS_BASEDOMAIN (see below).
@@ -77,9 +77,26 @@ NEXUS_MEMORY_REQUEST=3Gi
 NEXUS_CPU_LIMIT=1
 NEXUS_MEMORY_LIMIT=5Gi
 
-# Nexus data and backup capacity
+# Nexus data capacity
 NEXUS_DATA_CAPACITY=60Gi
-NEXUS_DATA_BACKUP_CAPACITY=10Gi
+
+# Nexus storage name
+NEXUS_STORAGE_NAME="storage"
+
+# Storage class provisioner, for AWS this should be "kubernetes.io/aws-ebs"
+NEXUS_STORAGE_PROVISIONER=""
+
+# Storage class for Nexus data, for AWS this should be "gp3"
+NEXUS_STORAGE_CLASS_DATA=""
+
+# Storage class for Nexus backup, for AWS this should be "gp2-encrypted"
+NEXUS_STORAGE_CLASS_BACKUP=""
+
+# Nexus snapshot configuration, default to run daily at 2 AM
+NEXUS_SNAPSHOT_SCHEDULE="0 2 * * *"
+
+# Nexus snapshot TTL in seconds (default: 30 days)
+NEXUS_SNAPSHOT_TTL=2592000
 
 #############
 # SonarQube #

docs/modules/administration/nav.adoc

@@ -2,6 +2,7 @@
 ** xref:administration:installation.adoc[Installation]
 ** Upgrade
 *** xref:administration:helm-migration.adoc[Helm migration]
+*** xref:administration:pvc-migration.adoc[PVC Migration]
 *** xref:administration:update-2-to-3.adoc[2.x to 3.x]
 *** xref:administration:update-older.adoc[older]
 ** xref:provisioning-app:configuration.adoc[Provisioning App]

docs/modules/administration/pages/pvc-migration.adoc

@@ -0,0 +1,28 @@
+= PVC Migration
+
+This document describes the process to migrate data from one Persistent Volume Claim (PVC) to another within the OpenShift cluster.
+
+== Prerequisites
+
+- Ensure the source and target PVCs exist in the desired namespace.
+- Have access to the `ods-core` repository.
+
+== Migration Process
+
+To migrate data between PVCs, follow these steps:
+
+1. Navigate to the `ods-core` repository.
+2. Run the following command:
+
+[source,sh]
+----
+make migrate-pvc-data SOURCE_PVC=<source-pvc-name> TARGET_PVC=<target-pvc-name>
+----
+
+Replace `<source-pvc-name>`, and `<target-pvc-name>` with the appropriate values for your environment.
+
+== Details
+
+- The migration process creates a temporary pod that uses `rsync` to copy data from the source PVC to the target PVC.
+- Logs of the migration are stored in `/tmp/target/rsync.log` within the target PVC.
+- After the migration, verify the data integrity and delete the temporary pod if necessary.

nexus/chart/Chart.yaml

@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.1.0
+version: 1.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "3.70.3-java11-ubi"
+appVersion: "3.70.4-java11-ubi"

nexus/chart/templates/NOTES.txt

@@ -1 +1,16 @@
-OpenDevStack Nexus OSS edition on version {{ .Values.global.nexusImageTag }} released with Helm!
+Thank you for installing the OpenDevStack Nexus OSS Helm chart!
+
+Nexus Repository Manager has been deployed.
+
+Access Nexus UI:
+  https://{{ .Values.global.nexusHost }}
+
+Docker Registry Endpoint:
+  {{ .Values.global.nexusDockerGroup }}-{{ .Values.global.odsNamespace }}{{ .Values.global.openshiftAppDomain}}
+
+Nexus Version: {{ .Values.global.nexusImageTag }}
+
+For more information, visit:
+  - Sonatype Nexus Repository OSS: https://help.sonatype.com/en/ce-onboarding.html
+  - OpenDevStack: https://www.opendevstack.org/ods-documentation/opendevstack/latest/nexus/administration.html
+  - Community Support: https://community.sonatype.com/

nexus/chart/templates/deploymentconfig.yml

@@ -37,10 +37,7 @@ spec:
       volumes:
         - name: {{ .Values.global.appName }}-data
           persistentVolumeClaim:
-            claimName: {{ .Values.global.appName }}-data
-        - name: {{ .Values.global.appName }}-db-backup
-          persistentVolumeClaim:
-            claimName: {{ .Values.global.appName }}-db-backup
+            claimName: {{ .Values.global.nexusStorageName }}
       containers:
         - resources:
             limits:
@@ -88,8 +85,6 @@ spec:
           volumeMounts:
             - name: {{ .Values.global.appName }}-data
               mountPath: /nexus-data
-            - name: {{ .Values.global.appName }}-db-backup
-              mountPath: /nexus-backup
           terminationMessagePolicy: File
           image: {{ .Values.global.registry }}/{{ .Values.global.odsNamespace }}/{{ .Values.global.appName }}:{{ .Values.global.odsImageTag }}
       restartPolicy: Always

nexus/chart/templates/nexus-snapshot-cronjob.yaml

@@ -0,0 +1,46 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: nexus-volume-snapshot
+  labels:
+    app: nexus
+spec:
+  schedule: "{{ .Values.global.nexusSnapshotSchedule }}"
+  concurrencyPolicy: Forbid
+  jobTemplate:
+    spec:
+      ttlSecondsAfterFinished: {{ .Values.global.nexusSnapshotTTL }}
+      template:
+        spec:
+          serviceAccountName: ods-edit
+          containers:
+          - name: snapshot-creator
+            image: image-registry.openshift-image-registry.svc:5000/openshift/ose-cli:latest
+            command:
+            - /bin/sh
+            - -c
+            - |
+              cat <<EOF | oc apply -f -
+              apiVersion: snapshot.storage.k8s.io/v1
+              kind: VolumeSnapshot
+              metadata:
+                name: {{ .Values.global.appName }}-snapshot.$(date +%Y-%m-%d.%H-%M-%S)
+                namespace: {{ .Values.global.odsNamespace }}
+              spec:
+                volumeSnapshotClassName: {{ .Values.global.nexusSnapshotClass }}
+                source:
+                  persistentVolumeClaimName: {{ .Values.global.nexusStorageName }}
+              EOF
+              # Cleanup snapshots older than the TTL
+              oc get volumesnapshots --namespace {{ .Values.global.odsNamespace }} \
+                --no-headers -o custom-columns=NAME:.metadata.name,CREATED:.metadata.creationTimestamp | \
+                while read name created; do
+                  if [[ $(date -d "$created" +%s) -lt $(date -d "-{{ .Values.global.nexusSnapshotTTL }} seconds" +%s) ]]; then
+                    oc delete volumesnapshot "$name" --namespace {{ .Values.global.odsNamespace }}
+                  fi
+                done
+            resources: {}
+            imagePullPolicy: IfNotPresent
+          restartPolicy: OnFailure
+  successfulJobsHistoryLimit: 30
+  failedJobsHistoryLimit: 30

nexus/chart/templates/pvc-data.yml

@@ -3,11 +3,12 @@ kind: PersistentVolumeClaim
 metadata:
   annotations:
     volume.beta.kubernetes.io/storage-provisioner: {{ .Values.global.storageProvisioner }}
+    helm.sh/resource-policy: keep
   finalizers:
     - kubernetes.io/pvc-protection
   labels:
     app: {{ .Values.global.appName }}
-  name: {{ .Values.global.appName }}-data
+  name: {{ .Values.global.nexusStorageName }}
 spec:
   accessModes:
   - ReadWriteOnce