How do I deploy to nexus (hosted by secureci)?

Question

Like recommended in a previous SO-Answer I'm running a VmWare image of secureci as a preconfigured development infrastructure containing maven, nexus, hudson, svn.

Now I want to configure maven on my Windows XP machine to deploy its artifacts to nexus. But when I configure my pom.xml like this (taken from Deploying Artifacts to Nexus):

<distributionManagement>
 <!-- use the following if you're not using a snapshot version. -->
 <repository>
  <id>nexus</id>
  <name>RepositoryProxy</name>
  <url>scp://192.168.0.197/nexus/content/repositories/releases</url>
 </repository>
 <!-- use the following if you ARE using a snapshot version. -->
 <snapshotRepository>
  <id>nexus</id>
  <name>RepositoryProxy</name>
  <url>scp://192.168.0.197/nexus/content/repositories/snapshots</url>
 </snapshotRepository>
</distributionManagement>

... mvn deploy prints the error message:

Error deploying artifact: Exit code: 1 - 
    mkdir: cannot create directory `/nexus': Permission denied

In settings.xml I configured username and password like this:

<servers>
  <server>
    <id>nexus</id>
    <username>tangens</username>
    <password>********</password>
  </server>
</servers>

Question: What configuration do I have to use for deploying to nexus?

---

I already tried https instead of scp, but with this maven ran into problems with missing certificates.

I tried http instead of scp, but secureci has a firewall installed to block access to port 80 (http), causing a timeout.

EDIT:

I found that nexus stores its artifacts at /root/sonatype-work/nexus/storage/snapshots/. But I don't like the idea to enter the credentials of the root account in my settings.xml.

EDIT:

Q: Did you enabled deployment for a hosted repository under Nexus?

Yes, it's enabled by default.

Q: Is Nexus listening on port 80?

There is an apache running on port 80. Server: Apache/2.2.8 (Ubuntu) DAV/2 SVN/1.4.6 mod_ssl/2.2.8 OpenSSL/0.9.8g mod_wsgi/1.3 Python/2.5.2

Q: If a firewall is not allowing HTTP, why don't you just add an exception for HTTP connections from the "host" IP?

Because I assumed SecureCI is well configured and there should be a way to do it without tweaking the installation. But perhaps I'm too naive here.

Answer 1

The error is clear: the user tangens doesn't have the permission to create /nexus on the remote machine. Actually, your scp url is not correct and isn't pointing to the right location as you mentioned it. You'd have to give the user tangens the right permission or to configure sshd to allow root to connect but this is not a good idea.

Having that said, I don't think that scp is the way to go with Nexus. If you deploy using scp, Nexus won't be notified of the deployment and your artifacts won't be visible. According to Deploying Artifacts to Nexus and to the chapter 9.4.2. Update the POM: Deployment Configuration of the Nexus book, deployment must be done with HTTP PUT. In other words, your distributionManagement section should look like something like this:

  <distributionManagement>
    ...
    <repository>
      <id>releases</id>
      <name>Internal Releases</name>
      <url>http://localhost:8081/nexus/content/repositories/releases&lt;/url&gt;
    </repository>
    ...
  </distributionManagement>

I noticed you said that SecureCI uses a firewall that is configured to drop connections on port 80. However, as I'm not using SecureCI myself, I have a few (maybe stupid) questions:

• Did you enabled deployment for a hosted repository under Nexus?
• Is Nexus listening on port 80?
• If a firewall is not allowing HTTP, why don't you just add an exception for HTTP connections from the "host" IP?

EDIT: According to the OP answers, I think that using HTTPS might be indeed the "natural" way to go with SecureCI. But, before you can upload via HTTPS, you'll need to add the SecureCI's CA certificate (the certificate of the issuer of their certificate) into your JDK. You can follow these instructions to do this. But before going further, the real question is:

• Does SecureCI provide the CA certificate (the certificate of the issuer of their certificate)?

If they don't, I don't know how to make deployment possible without tweaking the firewall rules.

Answer 2

Sorry. Just came across the question.

There are two options, as other posters have mentioned: supply the certificate to Maven or turn on HTTP access and open port 80 (which is closed by default for security).

For enabling HTTP access, see /trac/secureci/wiki/HowTo/EnableHttp in SecureCI (under the HowTo docs on the wiki, How do I enable HTTP access?).

For the certificate, the public and private key are in /etc/apache2/ssl/.

If you want to replace the default cert, the docs for installing your own (which could be self-signed or signed by a recognized CA) are in the SecureCI wiki at /trac/secureci/wiki/HowTo/InstallSslCert (under the HowTo docs on the wiki, How do I install an SSL certificate?). The location of the existing cert is noted there as well.