Airtight environments

The Digital.ai Release plugin manager has the ability to work in an airtight environment, where there’s no internet access. There are 3 options to choose from.

  1. Configure a reverse HTTP proxy, through which the plugin manager can access the official plugin repository
  2. Set up a local Nexus instance, and create a proxy repository in it that points to Digital.ai official plugin repository
  3. Set up a local Nexus instance, and set up its contents to mirror the official plugin repository, without creating a proxy repository

All the configuration values are located in <distributionRoot>/conf/xl-release.conf file

Configure access through a reverse HTTP proxy

Only the relevant parts are included here, the rest should stay at default values.

Proxy that doesn’t require security credentials

xl {
    features {
        plugins {
            servers {
                xebialabs-plugins {
                    ...
                    proxy {
                        host: http://proxy.example.com
                        port: 8888
                    }
                }
            }
            repositories {
                ...
            }
        }
    }
}

Proxy that does require security credentials

xl {
    features {
        plugins {
            servers {
                xebialabs-plugins {
                    ...
                    proxy {
                        host: http://proxy.example.com
                        port: 8888
                        credentials {
                            username: "user"
                            password: "password"
                        }
                    }
                }
            }
            repositories {
                ...
            }
        }
    }
}

Configure proxy repository on a local Nexus

To achieve this, a Nexus instance with a proxy type repository has to exist, and the instance has to be visible to the Digital.ai Release server. To setup this kind of repository please consult Nexus documentation.

Plugin manager only supports Sonatype Nexus 2. Version 3 is unsupported.

The following configuration snippet will make plugin manager always go to your local Nexus, and never to official one. The local Nexus will however require access to the official Nexus.

xl {
    features {
        plugins {
            servers {
                local-nexus {
                    server-type = "nexus"
                    url = "http://local-nexus-hostname:local-nexus-port/nexus"
                    credentials {
                      username = "your-local-nexus-instance-username"
                      password = "your-local-nexus-instance-password"
                    }
                }
            }
            repositories {
                xlr-official {
                    server-ref = "local-nexus"
                    ...
                }
            }
        }
    }
}

Note: when setting up a proxy repository in Nexus use credentials for official Nexus that came with the distribution, in <xl-release-root>/lib/xlr-server-10.4.0.jar/reference.conf file. Keys are:

  • Username: xl.features.plugins.servers.xebialabs-official.credentials.username
  • Password: xl.features.plugins.servers.xebialabs-official.credentials.password

Configure Nexus mirror

This option is when your Release server and Nexus have to reside in an environment with zero internet access (“air gapped”).

The solution is to set up a local Nexus instance, and copy the required parts of the official-plugins repository from the official Nexus. Special care needs to be taken to achieve a mirror like repository that matches the folder structure, file names, metadata, hashes, versions etc. of the official-plugins repository from the official Nexus.

Required subtree: official-plugins/com/xebialabs/xlrelease

Note: copying official-plugins/com/xebialabs/deployit and official-plugins/com/xebialabs/xldeploy subtrees is not needed for Digital.ai Release server to work, cause the Release server doesn’t traverse them at all.

Note: there is no mirror repository type in Nexus. The word is used here as an analogy.