From ac6169db7b90e950156a87d9784308429ce3bee2 Mon Sep 17 00:00:00 2001 From: Dan K Date: Sun, 4 Aug 2019 08:26:17 -0400 Subject: [PATCH 1/4] feat: add initial Nexus3 files --- nexus3/Dockerfile | 106 +++++++++++++++++++++++++++++++++++++ nexus3/etc/training.repo | 54 +++++++++++++++++++ nexus3/help.1 | 75 ++++++++++++++++++++++++++ nexus3/licenses/LICENSE | 10 ++++ nexus3/probes/liveness.sh | 13 +++++ nexus3/probes/readiness.sh | 13 +++++ nexus3/uid_entrypoint | 6 +++ 7 files changed, 277 insertions(+) create mode 100644 nexus3/Dockerfile create mode 100644 nexus3/etc/training.repo create mode 100644 nexus3/help.1 create mode 100644 nexus3/licenses/LICENSE create mode 100644 nexus3/probes/liveness.sh create mode 100644 nexus3/probes/readiness.sh create mode 100644 nexus3/uid_entrypoint diff --git a/nexus3/Dockerfile b/nexus3/Dockerfile new file mode 100644 index 0000000..0493f34 --- /dev/null +++ b/nexus3/Dockerfile @@ -0,0 +1,106 @@ +# Copyright (c) 2016-present Sonatype, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM registry.access.redhat.com/rhel7:7.6 +MAINTAINER Red Hat Training + + +# Atomic Labels +LABEL name="Nexus Repository Manager" \ + vendor="Sonatype" \ + version="3.6.0-02" \ + release="3.6.0" \ + url="https://sonatype.com" \ + summary="The Nexus Repository Manager server \ + with universal support for popular component formats." \ + run="docker run -d --name NAME \ + -p 8081:8081 \ + IMAGE" \ + stop="docker stop NAME" + +# OpenShift Labels +LABEL io.k8s.description="The Nexus Repository Manager server \ + with universal support for popular component formats." \ + io.k8s.display-name="Nexus Repository Manager" \ + io.openshift.expose-services="8081:8081" \ +io.openshift.tags="Sonatype,Nexus,Repository Manager" + +LABEL com.sonatype.license="Apache License, Version 2.0" + +COPY help.1 uid_entrypoint / + +COPY licenses /licenses + + +RUN rpm --rebuilddb && \ + yum install -y \ + curl tar createrepo java-1.8.0-openjdk-devel \ + && yum clean all + + +# Install Nexus +ENV SONATYPE_DIR=/opt/sonatype +ENV NEXUS_DATA=/nexus-data \ + NEXUS_HOME=${SONATYPE_DIR}/nexus \ + NEXUS_VERSION=3.6.0-02 \ + SONATYPE_WORK=${SONATYPE_DIR}/sonatype-work \ + NEXUS_CONTEXT='' \ + USER_NAME=nexus \ + USER_UID=200 + +# Install Nexus and Configure Nexus Runtime Environment +RUN mkdir -p ${NEXUS_HOME} && \ + curl --fail --silent --location --retry 3 \ + http://content.example.com/ocp3.6/x86_64/installers/nexus-${NEXUS_VERSION}-unix.tar.gz \ + | gunzip \ + | tar x -C ${NEXUS_HOME} --strip-components=1 nexus-${NEXUS_VERSION} && \ + chown -R root:root ${NEXUS_HOME} && \ + \ + sed \ + -e '/^nexus-context/ s:$:${NEXUS_CONTEXT}:' \ + -i ${NEXUS_HOME}/etc/nexus-default.properties && \ + \ + useradd -l -u ${USER_UID} -r -g 0 -m -d ${NEXUS_DATA} -s /sbin/no-login \ + -c "${USER_NAME} application user" ${USER_NAME} && \ + mkdir -p ${NEXUS_DATA}/etc ${NEXUS_DATA}/log ${NEXUS_DATA}/tmp ${SONATYPE_WORK} && \ + ln -s ${NEXUS_DATA} ${SONATYPE_WORK}/nexus3 && \ + chown -R ${USER_NAME}:0 ${NEXUS_DATA} && \ + chmod -R g+rw ${NEXUS_DATA} /etc/passwd && \ + chmod ug+x /uid_entrypoint && \ + find ${NEXUS_DATA} -type d -exec chmod g+x {} + + +VOLUME ${NEXUS_DATA} + +#Configure probes scripts +COPY probes/liveness.sh /usr/local/bin/liveness.sh +COPY probes/readiness.sh /usr/local/bin/readiness.sh + +RUN chmod 775 /usr/local/bin/liveness.sh && \ + chmod 775 /usr/local/bin/readiness.sh + +# arbitrary uid recognition at runtime - for OpenShift deployments +RUN sed "s@${USER_NAME}:x:${USER_UID}:@${USER_NAME}:x:\${USER_ID}:@g" /etc/passwd > /etc/passwd.template + +# Supply non variable to USER command ${USER_NAME} +USER 200 +WORKDIR ${NEXUS_HOME} + +ENV JAVA_MAX_MEM=1200m \ + JAVA_MIN_MEM=1200m + +EXPOSE 8081 + +ENTRYPOINT [ "/uid_entrypoint" ] +CMD ["bin/nexus", "run"] + diff --git a/nexus3/etc/training.repo b/nexus3/etc/training.repo new file mode 100644 index 0000000..18e48ef --- /dev/null +++ b/nexus3/etc/training.repo @@ -0,0 +1,54 @@ +[rhel-7-dvd] +baseurl = http://content.example.com/rhel7.6/x86_64/dvd +enabled = true +gpgcheck = false +name = Remote classroom copy of RHEL DVD + +[rhel-server-rhscl-7-rpms] +baseurl = http://content.example.com/ocp4.0/x86_64/rhelrhscl +enabled = true +gpgcheck = false +name = Remote classroom copy of RHSCL + +[rhel-7-server-datapath-rpms] +baseurl = http://content.example.com/ocp4.0/x86_64/rheladditional/rhel-7-fast-datapath-rpms +enabled = true +gpgcheck = false +name = Remote classroom copy of RHEL 7.6 Datapath Packages + +[rhel-7-server-ansible-26] +baseurl = http://content.example.com/ocp4.0/x86_64/rheladditional/rhel-7-server-ansible-2.6-rpms +enabled = true +gpgcheck = false +name = Remote classroom copy of RHEL 7.6 Ansible Packages + +[rhel-7-server-extras-rpms] +baseurl = http://content.example.com/ocp4.0/x86_64/rheladditional/rhel-7-server-extras-rpms +enabled = true +gpgcheck = false +name = Remote classroom copy of RHEL 7.6 Extra Packages + +[rhel-7-server-common-rpms] +baseurl = http://content.example.com/ocp4.0/x86_64/rheladditional/rhel-7-server-rh-common-rpms +enabled = true +gpgcheck = false +name = Remote classroom copy of RHEL 7.6 Common Packages + +[rhel-7-server-supplementary] +baseurl = http://content.example.com/ocp4.0/x86_64/rhelsupplementary +enabled = true +gpgcheck = false +name = Remote classroom copy of RHEL 7.6 Supplementary Packages + +[rhel-7-server-optional-rpms] +baseurl = http://content.example.com/ocp4.0/x86_64/rhelopt +enabled = true +gpgcheck = false +name = Remote classroom copy of RHEL 7.6 Optional Packages + +[rhel-7-server-updates] +baseurl = http://content.example.com/ocp4.0/x86_64/rhelupdates +enabled = true +gpgcheck = false +name = Remote classroom copy of RHEL 7.6 Updates + diff --git a/nexus3/help.1 b/nexus3/help.1 new file mode 100644 index 0000000..b74db88 --- /dev/null +++ b/nexus3/help.1 @@ -0,0 +1,75 @@ +.PP +% +.BR NEXUS (1) +Container Image Pages +% Sonatype +% November 21, 2016 +.TH NAME +.PP +nexus \- Nexus Repository Manager container image +.SH DESCRIPTION +.PP +The nexus image provides a containerized packaging of the Nexus Repository Manager. +Nexus Repository Manager is a repository manager with universal support for popular component formats including Maven, Docker, NuGet, npm, PyPi, Bower and more. +.PP +The nexus image is designed to be run by the atomic command with one of these options: +.PP +\fB\fCrun\fR +.PP +Starts the installed container with selected privileges to the host. +.PP +\fB\fCstop\fR +.PP +Stops the installed container +.PP +The container itself consists of: + \- Linux base image + \- Oracle Java JDK + \- Nexus Repository Manager + \- Atomic help file +.PP +Files added to the container during docker build include: /help.1. +.SH USAGE +.PP +To use the nexus container, you can run the atomic command with run, stop, or uninstall options: +.PP +To run the nexus container: +.IP +atomic run nexus +.PP +To stop the nexus container (after it is installed), run: +.IP +atomic stop nexus +.SH LABELS +.PP +The nexus container includes the following LABEL settings: +.PP +That atomic command runs the docker command set in this label: +.PP +\fB\fCRUN=\fR +.IP +LABEL RUN='docker run \-d \-p 8081:8081 \-\-name ${NAME} ${IMAGE}' +.IP +The contents of the RUN label tells an \fB\fCatomic run nexus\fR command to open port 8081 & set the name of the container. +.PP +\fB\fCSTOP=\fR +.IP +LABEL STOP='docker stop ${NAME}' +.PP +\fB\fCName=\fR +.PP +The registry location and name of the image. For example, Name="Nexus Repository Manager". +.PP +\fB\fCVersion=\fR +.PP +The Nexus Repository Manager version from which the container was built. For example, Version="3.0.2\-02". +.PP +When the atomic command runs the nexus container, it reads the command line associated with the selected option +from a LABEL set within the Docker container itself. It then runs that command. The following sections detail +each option and associated LABEL: +.SH SECURITY IMPLICATIONS +.PP +\fB\fC\-d\fR +.PP +Runs continuously as a daemon process in the background + diff --git a/nexus3/licenses/LICENSE b/nexus3/licenses/LICENSE new file mode 100644 index 0000000..6ddf595 --- /dev/null +++ b/nexus3/licenses/LICENSE @@ -0,0 +1,10 @@ +Sonatype Nexus (TM) Open Source Version +Copyright (c) 2008-present Sonatype, Inc. +All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions. + +This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0, +which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html. + +Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks +of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the +Eclipse Foundation. All other trademarks are the property of their respective owners. diff --git a/nexus3/probes/liveness.sh b/nexus3/probes/liveness.sh new file mode 100644 index 0000000..8ae9cf5 --- /dev/null +++ b/nexus3/probes/liveness.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +curl -siu admin:admin123 http://localhost:8081/service/metrics/healthcheck | grep healthy | grep true +RESPONSE=$? + +if [ "$RESPONSE" = "0" ] ; then + echo "******** liveness is Alive ********" + exit 0; +else + echo "******** liveness is Dead ********" + exit 1; +fi + diff --git a/nexus3/probes/readiness.sh b/nexus3/probes/readiness.sh new file mode 100644 index 0000000..cd59e66 --- /dev/null +++ b/nexus3/probes/readiness.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +curl -siu admin:admin123 http://localhost:8081/service/metrics/ping | grep pong +RESPONSE=$? + +if [ "$RESPONSE" = "0" ] ; then + echo "******** readiness is Alive ********" + exit 0; +else + echo "******** readiness is Dead ********" + exit 1; +fi + diff --git a/nexus3/uid_entrypoint b/nexus3/uid_entrypoint new file mode 100644 index 0000000..02c2913 --- /dev/null +++ b/nexus3/uid_entrypoint @@ -0,0 +1,6 @@ +#!/bin/sh +USER_ID=$(id -u) +if [ ${USER_UID} != ${USER_ID} ]; then + sed "s@${USER_NAME}:x:\${USER_ID}:@${USER_NAME}:x:${USER_ID}:@g" /etc/passwd.template > /etc/passwd +fi +exec "$@" From eb776d87763ac92966562f5bba8ed6d28bc5accd Mon Sep 17 00:00:00 2001 From: Student User Date: Mon, 5 Aug 2019 15:41:37 +0000 Subject: [PATCH 2/4] smaller repo --- nexus3/Dockerfile | 115 ++++++++++++--------------------------- nexus3/etc/training.repo | 54 ------------------ nexus3/help.1 | 75 ------------------------- nexus3/licenses/LICENSE | 10 ---- nexus3/uid_entrypoint | 6 -- 5 files changed, 35 insertions(+), 225 deletions(-) delete mode 100644 nexus3/etc/training.repo delete mode 100644 nexus3/help.1 delete mode 100644 nexus3/licenses/LICENSE delete mode 100644 nexus3/uid_entrypoint diff --git a/nexus3/Dockerfile b/nexus3/Dockerfile index 0493f34..a7fd5bb 100644 --- a/nexus3/Dockerfile +++ b/nexus3/Dockerfile @@ -12,95 +12,50 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM registry.access.redhat.com/rhel7:7.6 -MAINTAINER Red Hat Training +FROM registry.access.redhat.com/ubi8/ubi +LABEL vendor=Sonatype \ + maintainer="Sonatype " \ + com.sonatype.license="Apache License, Version 2.0" \ + com.sonatype.name="Nexus Repository Manager base image" -# Atomic Labels -LABEL name="Nexus Repository Manager" \ - vendor="Sonatype" \ - version="3.6.0-02" \ - release="3.6.0" \ - url="https://sonatype.com" \ - summary="The Nexus Repository Manager server \ - with universal support for popular component formats." \ - run="docker run -d --name NAME \ - -p 8081:8081 \ - IMAGE" \ - stop="docker stop NAME" +ARG NEXUS_VERSION=3.18.0-01 +ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz +ARG NEXUS_DOWNLOAD_SHA256_HASH=e1d9d84d8b169b2f6c735e7db35e3310cf9e242da12b4af83da4e3618acfc99e -# OpenShift Labels -LABEL io.k8s.description="The Nexus Repository Manager server \ - with universal support for popular component formats." \ - io.k8s.display-name="Nexus Repository Manager" \ - io.openshift.expose-services="8081:8081" \ -io.openshift.tags="Sonatype,Nexus,Repository Manager" - -LABEL com.sonatype.license="Apache License, Version 2.0" - -COPY help.1 uid_entrypoint / - -COPY licenses /licenses - - -RUN rpm --rebuilddb && \ - yum install -y \ - curl tar createrepo java-1.8.0-openjdk-devel \ - && yum clean all - - -# Install Nexus +# configure nexus runtime ENV SONATYPE_DIR=/opt/sonatype -ENV NEXUS_DATA=/nexus-data \ - NEXUS_HOME=${SONATYPE_DIR}/nexus \ - NEXUS_VERSION=3.6.0-02 \ - SONATYPE_WORK=${SONATYPE_DIR}/sonatype-work \ +ENV NEXUS_HOME=${SONATYPE_DIR}/nexus \ + NEXUS_DATA=/nexus-data \ NEXUS_CONTEXT='' \ - USER_NAME=nexus \ - USER_UID=200 + SONATYPE_WORK=${SONATYPE_DIR}/sonatype-work \ + DOCKER_TYPE='rh-docker' -# Install Nexus and Configure Nexus Runtime Environment -RUN mkdir -p ${NEXUS_HOME} && \ - curl --fail --silent --location --retry 3 \ - http://content.example.com/ocp3.6/x86_64/installers/nexus-${NEXUS_VERSION}-unix.tar.gz \ - | gunzip \ - | tar x -C ${NEXUS_HOME} --strip-components=1 nexus-${NEXUS_VERSION} && \ - chown -R root:root ${NEXUS_HOME} && \ - \ - sed \ - -e '/^nexus-context/ s:$:${NEXUS_CONTEXT}:' \ - -i ${NEXUS_HOME}/etc/nexus-default.properties && \ - \ - useradd -l -u ${USER_UID} -r -g 0 -m -d ${NEXUS_DATA} -s /sbin/no-login \ - -c "${USER_NAME} application user" ${USER_NAME} && \ - mkdir -p ${NEXUS_DATA}/etc ${NEXUS_DATA}/log ${NEXUS_DATA}/tmp ${SONATYPE_WORK} && \ - ln -s ${NEXUS_DATA} ${SONATYPE_WORK}/nexus3 && \ - chown -R ${USER_NAME}:0 ${NEXUS_DATA} && \ - chmod -R g+rw ${NEXUS_DATA} /etc/passwd && \ - chmod ug+x /uid_entrypoint && \ - find ${NEXUS_DATA} -type d -exec chmod g+x {} + +ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION="release-0.5.20190212-155606.d1afdfe" +ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL="https://github.com/sonatype/chef-nexus-repository-manager/releases/download/${NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION}/chef-nexus-repository-manager.tar.gz" + +ADD solo.json.erb /var/chef/solo.json.erb + +# Install using chef-solo +# Chef version locked to avoid needing to accept the EULA on behalf of whomever builds the image +RUN yum install -y --disableplugin=subscription-manager hostname procps \ + && curl -L https://www.getchef.com/chef/install.sh | bash -s -- -v 14.12.9 \ + && /opt/chef/embedded/bin/erb /var/chef/solo.json.erb > /var/chef/solo.json \ + && chef-solo \ + --recipe-url ${NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL} \ + --json-attributes /var/chef/solo.json \ + && rpm -qa *chef* | xargs rpm -e \ + && rm -rf /etc/chef \ + && rm -rf /opt/chefdk \ + && rm -rf /var/cache/yum \ + && rm -rf /var/chef \ + && yum clean all VOLUME ${NEXUS_DATA} -#Configure probes scripts -COPY probes/liveness.sh /usr/local/bin/liveness.sh -COPY probes/readiness.sh /usr/local/bin/readiness.sh - -RUN chmod 775 /usr/local/bin/liveness.sh && \ - chmod 775 /usr/local/bin/readiness.sh - -# arbitrary uid recognition at runtime - for OpenShift deployments -RUN sed "s@${USER_NAME}:x:${USER_UID}:@${USER_NAME}:x:\${USER_ID}:@g" /etc/passwd > /etc/passwd.template - -# Supply non variable to USER command ${USER_NAME} -USER 200 -WORKDIR ${NEXUS_HOME} - -ENV JAVA_MAX_MEM=1200m \ - JAVA_MIN_MEM=1200m - EXPOSE 8081 +USER nexus -ENTRYPOINT [ "/uid_entrypoint" ] -CMD ["bin/nexus", "run"] +ENV INSTALL4J_ADD_VM_PARAMS="-Xms1200m -Xmx1200m -XX:MaxDirectMemorySize=2g -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs" +CMD ["sh", "-c", "${SONATYPE_DIR}/start-nexus-repository-manager.sh"] diff --git a/nexus3/etc/training.repo b/nexus3/etc/training.repo deleted file mode 100644 index 18e48ef..0000000 --- a/nexus3/etc/training.repo +++ /dev/null @@ -1,54 +0,0 @@ -[rhel-7-dvd] -baseurl = http://content.example.com/rhel7.6/x86_64/dvd -enabled = true -gpgcheck = false -name = Remote classroom copy of RHEL DVD - -[rhel-server-rhscl-7-rpms] -baseurl = http://content.example.com/ocp4.0/x86_64/rhelrhscl -enabled = true -gpgcheck = false -name = Remote classroom copy of RHSCL - -[rhel-7-server-datapath-rpms] -baseurl = http://content.example.com/ocp4.0/x86_64/rheladditional/rhel-7-fast-datapath-rpms -enabled = true -gpgcheck = false -name = Remote classroom copy of RHEL 7.6 Datapath Packages - -[rhel-7-server-ansible-26] -baseurl = http://content.example.com/ocp4.0/x86_64/rheladditional/rhel-7-server-ansible-2.6-rpms -enabled = true -gpgcheck = false -name = Remote classroom copy of RHEL 7.6 Ansible Packages - -[rhel-7-server-extras-rpms] -baseurl = http://content.example.com/ocp4.0/x86_64/rheladditional/rhel-7-server-extras-rpms -enabled = true -gpgcheck = false -name = Remote classroom copy of RHEL 7.6 Extra Packages - -[rhel-7-server-common-rpms] -baseurl = http://content.example.com/ocp4.0/x86_64/rheladditional/rhel-7-server-rh-common-rpms -enabled = true -gpgcheck = false -name = Remote classroom copy of RHEL 7.6 Common Packages - -[rhel-7-server-supplementary] -baseurl = http://content.example.com/ocp4.0/x86_64/rhelsupplementary -enabled = true -gpgcheck = false -name = Remote classroom copy of RHEL 7.6 Supplementary Packages - -[rhel-7-server-optional-rpms] -baseurl = http://content.example.com/ocp4.0/x86_64/rhelopt -enabled = true -gpgcheck = false -name = Remote classroom copy of RHEL 7.6 Optional Packages - -[rhel-7-server-updates] -baseurl = http://content.example.com/ocp4.0/x86_64/rhelupdates -enabled = true -gpgcheck = false -name = Remote classroom copy of RHEL 7.6 Updates - diff --git a/nexus3/help.1 b/nexus3/help.1 deleted file mode 100644 index b74db88..0000000 --- a/nexus3/help.1 +++ /dev/null @@ -1,75 +0,0 @@ -.PP -% -.BR NEXUS (1) -Container Image Pages -% Sonatype -% November 21, 2016 -.TH NAME -.PP -nexus \- Nexus Repository Manager container image -.SH DESCRIPTION -.PP -The nexus image provides a containerized packaging of the Nexus Repository Manager. -Nexus Repository Manager is a repository manager with universal support for popular component formats including Maven, Docker, NuGet, npm, PyPi, Bower and more. -.PP -The nexus image is designed to be run by the atomic command with one of these options: -.PP -\fB\fCrun\fR -.PP -Starts the installed container with selected privileges to the host. -.PP -\fB\fCstop\fR -.PP -Stops the installed container -.PP -The container itself consists of: - \- Linux base image - \- Oracle Java JDK - \- Nexus Repository Manager - \- Atomic help file -.PP -Files added to the container during docker build include: /help.1. -.SH USAGE -.PP -To use the nexus container, you can run the atomic command with run, stop, or uninstall options: -.PP -To run the nexus container: -.IP -atomic run nexus -.PP -To stop the nexus container (after it is installed), run: -.IP -atomic stop nexus -.SH LABELS -.PP -The nexus container includes the following LABEL settings: -.PP -That atomic command runs the docker command set in this label: -.PP -\fB\fCRUN=\fR -.IP -LABEL RUN='docker run \-d \-p 8081:8081 \-\-name ${NAME} ${IMAGE}' -.IP -The contents of the RUN label tells an \fB\fCatomic run nexus\fR command to open port 8081 & set the name of the container. -.PP -\fB\fCSTOP=\fR -.IP -LABEL STOP='docker stop ${NAME}' -.PP -\fB\fCName=\fR -.PP -The registry location and name of the image. For example, Name="Nexus Repository Manager". -.PP -\fB\fCVersion=\fR -.PP -The Nexus Repository Manager version from which the container was built. For example, Version="3.0.2\-02". -.PP -When the atomic command runs the nexus container, it reads the command line associated with the selected option -from a LABEL set within the Docker container itself. It then runs that command. The following sections detail -each option and associated LABEL: -.SH SECURITY IMPLICATIONS -.PP -\fB\fC\-d\fR -.PP -Runs continuously as a daemon process in the background - diff --git a/nexus3/licenses/LICENSE b/nexus3/licenses/LICENSE deleted file mode 100644 index 6ddf595..0000000 --- a/nexus3/licenses/LICENSE +++ /dev/null @@ -1,10 +0,0 @@ -Sonatype Nexus (TM) Open Source Version -Copyright (c) 2008-present Sonatype, Inc. -All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions. - -This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0, -which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html. - -Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks -of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the -Eclipse Foundation. All other trademarks are the property of their respective owners. diff --git a/nexus3/uid_entrypoint b/nexus3/uid_entrypoint deleted file mode 100644 index 02c2913..0000000 --- a/nexus3/uid_entrypoint +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -USER_ID=$(id -u) -if [ ${USER_UID} != ${USER_ID} ]; then - sed "s@${USER_NAME}:x:\${USER_ID}:@${USER_NAME}:x:${USER_ID}:@g" /etc/passwd.template > /etc/passwd -fi -exec "$@" From 2f2b2ecef98b569b745acd8aa61c3ad2b89fe75d Mon Sep 17 00:00:00 2001 From: Student User Date: Mon, 5 Aug 2019 15:42:18 +0000 Subject: [PATCH 3/4] add Docker build file --- nexus3/solo.json.erb | 52 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 nexus3/solo.json.erb diff --git a/nexus3/solo.json.erb b/nexus3/solo.json.erb new file mode 100644 index 0000000..ebe57e6 --- /dev/null +++ b/nexus3/solo.json.erb @@ -0,0 +1,52 @@ +// Copyright (c) 2016-present Sonatype, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +<%= +require 'json' + +raise RuntimeError, 'environment variable DOCKER_TYPE is required' if ENV['DOCKER_TYPE'].nil? || ENV['DOCKER_TYPE'].empty? +raise RuntimeError, 'environment variable SONATYPE_DIR is required' if ENV['SONATYPE_DIR'].nil? || ENV['SONATYPE_DIR'].empty? +raise RuntimeError, 'environment variable NEXUS_HOME is required' if ENV['NEXUS_HOME'].nil? || ENV['NEXUS_HOME'].empty? +raise RuntimeError, 'environment variable NEXUS_DATA is required' if ENV['NEXUS_DATA'].nil? || ENV['NEXUS_DATA'].empty? + +{ + :run_list => [ "recipe[nexus_repository_manager::#{ENV['DOCKER_TYPE']}]" ], + :java => { + :install_flavor => 'openjdk', + :accept_license_agreement => true + }, + :nexus_repository_manager => { + :version => ENV['NEXUS_VERSION'], + :nexus_download_url => ENV['NEXUS_DOWNLOAD_URL'], + :nexus_download_sha256 => ENV['NEXUS_DOWNLOAD_SHA256_HASH'], + :sonatype => { + :path => ENV['SONATYPE_DIR'], + }, + :sonatype_work => { + :path => ENV['SONATYPE_DIR'] + '/sonatype-work' + }, + :nexus_home => { + :path => ENV['SONATYPE_DIR'] + '/nexus' + }, + :nexus_data => { + :path => ENV['NEXUS_DATA'] + }, + :properties => { + # Set the context_path to the NEXUS_CONTEXT environment variable + # that may be passed into the docker run command. + :context_path => "/${NEXUS_CONTEXT}" + } + } +}.to_json +%> From 411e81e8a80281aba2bb167abed453ac6367d7f1 Mon Sep 17 00:00:00 2001 From: Dan K Date: Mon, 5 Aug 2019 20:33:05 -0400 Subject: [PATCH 4/4] feat(9,4):update files for Nexus application image --- nexus3/Dockerfile | 111 ++++++++++++++----------------------- nexus3/etc/training.repo | 54 ------------------ nexus3/help.1 | 75 ------------------------- nexus3/licenses/LICENSE | 10 ---- nexus3/probes/liveness.sh | 13 ----- nexus3/probes/readiness.sh | 13 ----- nexus3/solo.json.erb | 52 +++++++++++++++++ nexus3/uid_entrypoint | 6 -- 8 files changed, 94 insertions(+), 240 deletions(-) delete mode 100644 nexus3/etc/training.repo delete mode 100644 nexus3/help.1 delete mode 100644 nexus3/licenses/LICENSE delete mode 100644 nexus3/probes/liveness.sh delete mode 100644 nexus3/probes/readiness.sh create mode 100644 nexus3/solo.json.erb delete mode 100644 nexus3/uid_entrypoint diff --git a/nexus3/Dockerfile b/nexus3/Dockerfile index 0493f34..5fc8586 100644 --- a/nexus3/Dockerfile +++ b/nexus3/Dockerfile @@ -12,95 +12,68 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM registry.access.redhat.com/rhel7:7.6 -MAINTAINER Red Hat Training +FROM registry.access.redhat.com/ubi8/ubi - -# Atomic Labels LABEL name="Nexus Repository Manager" \ - vendor="Sonatype" \ - version="3.6.0-02" \ - release="3.6.0" \ + vendor=Sonatype \ + version="3.18.0-01" \ + release="3.18.0" \ url="https://sonatype.com" \ summary="The Nexus Repository Manager server \ with universal support for popular component formats." \ + description="The Nexus Repository Manager server \ + with universal support for popular component formats." \ run="docker run -d --name NAME \ -p 8081:8081 \ IMAGE" \ - stop="docker stop NAME" - -# OpenShift Labels -LABEL io.k8s.description="The Nexus Repository Manager server \ + stop="docker stop NAME" \ + com.sonatype.license="Apache License, Version 2.0" \ + com.sonatype.name="Nexus Repository Manager base image" \ + io.k8s.description="The Nexus Repository Manager server \ with universal support for popular component formats." \ io.k8s.display-name="Nexus Repository Manager" \ io.openshift.expose-services="8081:8081" \ -io.openshift.tags="Sonatype,Nexus,Repository Manager" - -LABEL com.sonatype.license="Apache License, Version 2.0" - -COPY help.1 uid_entrypoint / - -COPY licenses /licenses + io.openshift.tags="Sonatype,Nexus,Repository Manager" -RUN rpm --rebuilddb && \ - yum install -y \ - curl tar createrepo java-1.8.0-openjdk-devel \ - && yum clean all +ARG NEXUS_VERSION=3.18.0-01 +ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz +ARG NEXUS_DOWNLOAD_SHA256_HASH=e1d9d84d8b169b2f6c735e7db35e3310cf9e242da12b4af83da4e3618acfc99e - -# Install Nexus +# configure nexus runtime ENV SONATYPE_DIR=/opt/sonatype -ENV NEXUS_DATA=/nexus-data \ - NEXUS_HOME=${SONATYPE_DIR}/nexus \ - NEXUS_VERSION=3.6.0-02 \ - SONATYPE_WORK=${SONATYPE_DIR}/sonatype-work \ +ENV NEXUS_HOME=${SONATYPE_DIR}/nexus \ + NEXUS_DATA=/nexus-data \ NEXUS_CONTEXT='' \ - USER_NAME=nexus \ - USER_UID=200 + SONATYPE_WORK=${SONATYPE_DIR}/sonatype-work \ + DOCKER_TYPE='rh-docker' -# Install Nexus and Configure Nexus Runtime Environment -RUN mkdir -p ${NEXUS_HOME} && \ - curl --fail --silent --location --retry 3 \ - http://content.example.com/ocp3.6/x86_64/installers/nexus-${NEXUS_VERSION}-unix.tar.gz \ - | gunzip \ - | tar x -C ${NEXUS_HOME} --strip-components=1 nexus-${NEXUS_VERSION} && \ - chown -R root:root ${NEXUS_HOME} && \ - \ - sed \ - -e '/^nexus-context/ s:$:${NEXUS_CONTEXT}:' \ - -i ${NEXUS_HOME}/etc/nexus-default.properties && \ - \ - useradd -l -u ${USER_UID} -r -g 0 -m -d ${NEXUS_DATA} -s /sbin/no-login \ - -c "${USER_NAME} application user" ${USER_NAME} && \ - mkdir -p ${NEXUS_DATA}/etc ${NEXUS_DATA}/log ${NEXUS_DATA}/tmp ${SONATYPE_WORK} && \ - ln -s ${NEXUS_DATA} ${SONATYPE_WORK}/nexus3 && \ - chown -R ${USER_NAME}:0 ${NEXUS_DATA} && \ - chmod -R g+rw ${NEXUS_DATA} /etc/passwd && \ - chmod ug+x /uid_entrypoint && \ - find ${NEXUS_DATA} -type d -exec chmod g+x {} + +ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION="release-0.5.20190212-155606.d1afdfe" +ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL="https://github.com/sonatype/chef-nexus-repository-manager/releases/download/${NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION}/chef-nexus-repository-manager.tar.gz" + +ADD solo.json.erb /var/chef/solo.json.erb + +# Install using chef-solo +# Chef version locked to avoid needing to accept the EULA on behalf of whomever builds the image +RUN yum install -y --disableplugin=subscription-manager hostname procps \ + && curl -L https://www.getchef.com/chef/install.sh | bash -s -- -v 14.12.9 \ + && /opt/chef/embedded/bin/erb /var/chef/solo.json.erb > /var/chef/solo.json \ + && chef-solo \ + --recipe-url ${NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL} \ + --json-attributes /var/chef/solo.json \ + && rpm -qa *chef* | xargs rpm -e \ + && rm -rf /etc/chef \ + && rm -rf /opt/chefdk \ + && rm -rf /var/cache/yum \ + && rm -rf /var/chef \ + && yum clean all VOLUME ${NEXUS_DATA} -#Configure probes scripts -COPY probes/liveness.sh /usr/local/bin/liveness.sh -COPY probes/readiness.sh /usr/local/bin/readiness.sh - -RUN chmod 775 /usr/local/bin/liveness.sh && \ - chmod 775 /usr/local/bin/readiness.sh - -# arbitrary uid recognition at runtime - for OpenShift deployments -RUN sed "s@${USER_NAME}:x:${USER_UID}:@${USER_NAME}:x:\${USER_ID}:@g" /etc/passwd > /etc/passwd.template - -# Supply non variable to USER command ${USER_NAME} -USER 200 -WORKDIR ${NEXUS_HOME} - -ENV JAVA_MAX_MEM=1200m \ - JAVA_MIN_MEM=1200m - EXPOSE 8081 +USER nexus -ENTRYPOINT [ "/uid_entrypoint" ] -CMD ["bin/nexus", "run"] +ENV INSTALL4J_ADD_VM_PARAMS="-Xms1200m -Xmx1200m -XX:MaxDirectMemorySize=2g -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs" +ENTRYPOINT ["/uid_entrypoint.sh"] +CMD ["sh", "-c", "${SONATYPE_DIR}/start-nexus-repository-manager.sh"] diff --git a/nexus3/etc/training.repo b/nexus3/etc/training.repo deleted file mode 100644 index 18e48ef..0000000 --- a/nexus3/etc/training.repo +++ /dev/null @@ -1,54 +0,0 @@ -[rhel-7-dvd] -baseurl = http://content.example.com/rhel7.6/x86_64/dvd -enabled = true -gpgcheck = false -name = Remote classroom copy of RHEL DVD - -[rhel-server-rhscl-7-rpms] -baseurl = http://content.example.com/ocp4.0/x86_64/rhelrhscl -enabled = true -gpgcheck = false -name = Remote classroom copy of RHSCL - -[rhel-7-server-datapath-rpms] -baseurl = http://content.example.com/ocp4.0/x86_64/rheladditional/rhel-7-fast-datapath-rpms -enabled = true -gpgcheck = false -name = Remote classroom copy of RHEL 7.6 Datapath Packages - -[rhel-7-server-ansible-26] -baseurl = http://content.example.com/ocp4.0/x86_64/rheladditional/rhel-7-server-ansible-2.6-rpms -enabled = true -gpgcheck = false -name = Remote classroom copy of RHEL 7.6 Ansible Packages - -[rhel-7-server-extras-rpms] -baseurl = http://content.example.com/ocp4.0/x86_64/rheladditional/rhel-7-server-extras-rpms -enabled = true -gpgcheck = false -name = Remote classroom copy of RHEL 7.6 Extra Packages - -[rhel-7-server-common-rpms] -baseurl = http://content.example.com/ocp4.0/x86_64/rheladditional/rhel-7-server-rh-common-rpms -enabled = true -gpgcheck = false -name = Remote classroom copy of RHEL 7.6 Common Packages - -[rhel-7-server-supplementary] -baseurl = http://content.example.com/ocp4.0/x86_64/rhelsupplementary -enabled = true -gpgcheck = false -name = Remote classroom copy of RHEL 7.6 Supplementary Packages - -[rhel-7-server-optional-rpms] -baseurl = http://content.example.com/ocp4.0/x86_64/rhelopt -enabled = true -gpgcheck = false -name = Remote classroom copy of RHEL 7.6 Optional Packages - -[rhel-7-server-updates] -baseurl = http://content.example.com/ocp4.0/x86_64/rhelupdates -enabled = true -gpgcheck = false -name = Remote classroom copy of RHEL 7.6 Updates - diff --git a/nexus3/help.1 b/nexus3/help.1 deleted file mode 100644 index b74db88..0000000 --- a/nexus3/help.1 +++ /dev/null @@ -1,75 +0,0 @@ -.PP -% -.BR NEXUS (1) -Container Image Pages -% Sonatype -% November 21, 2016 -.TH NAME -.PP -nexus \- Nexus Repository Manager container image -.SH DESCRIPTION -.PP -The nexus image provides a containerized packaging of the Nexus Repository Manager. -Nexus Repository Manager is a repository manager with universal support for popular component formats including Maven, Docker, NuGet, npm, PyPi, Bower and more. -.PP -The nexus image is designed to be run by the atomic command with one of these options: -.PP -\fB\fCrun\fR -.PP -Starts the installed container with selected privileges to the host. -.PP -\fB\fCstop\fR -.PP -Stops the installed container -.PP -The container itself consists of: - \- Linux base image - \- Oracle Java JDK - \- Nexus Repository Manager - \- Atomic help file -.PP -Files added to the container during docker build include: /help.1. -.SH USAGE -.PP -To use the nexus container, you can run the atomic command with run, stop, or uninstall options: -.PP -To run the nexus container: -.IP -atomic run nexus -.PP -To stop the nexus container (after it is installed), run: -.IP -atomic stop nexus -.SH LABELS -.PP -The nexus container includes the following LABEL settings: -.PP -That atomic command runs the docker command set in this label: -.PP -\fB\fCRUN=\fR -.IP -LABEL RUN='docker run \-d \-p 8081:8081 \-\-name ${NAME} ${IMAGE}' -.IP -The contents of the RUN label tells an \fB\fCatomic run nexus\fR command to open port 8081 & set the name of the container. -.PP -\fB\fCSTOP=\fR -.IP -LABEL STOP='docker stop ${NAME}' -.PP -\fB\fCName=\fR -.PP -The registry location and name of the image. For example, Name="Nexus Repository Manager". -.PP -\fB\fCVersion=\fR -.PP -The Nexus Repository Manager version from which the container was built. For example, Version="3.0.2\-02". -.PP -When the atomic command runs the nexus container, it reads the command line associated with the selected option -from a LABEL set within the Docker container itself. It then runs that command. The following sections detail -each option and associated LABEL: -.SH SECURITY IMPLICATIONS -.PP -\fB\fC\-d\fR -.PP -Runs continuously as a daemon process in the background - diff --git a/nexus3/licenses/LICENSE b/nexus3/licenses/LICENSE deleted file mode 100644 index 6ddf595..0000000 --- a/nexus3/licenses/LICENSE +++ /dev/null @@ -1,10 +0,0 @@ -Sonatype Nexus (TM) Open Source Version -Copyright (c) 2008-present Sonatype, Inc. -All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions. - -This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0, -which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html. - -Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks -of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the -Eclipse Foundation. All other trademarks are the property of their respective owners. diff --git a/nexus3/probes/liveness.sh b/nexus3/probes/liveness.sh deleted file mode 100644 index 8ae9cf5..0000000 --- a/nexus3/probes/liveness.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh - -curl -siu admin:admin123 http://localhost:8081/service/metrics/healthcheck | grep healthy | grep true -RESPONSE=$? - -if [ "$RESPONSE" = "0" ] ; then - echo "******** liveness is Alive ********" - exit 0; -else - echo "******** liveness is Dead ********" - exit 1; -fi - diff --git a/nexus3/probes/readiness.sh b/nexus3/probes/readiness.sh deleted file mode 100644 index cd59e66..0000000 --- a/nexus3/probes/readiness.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh - -curl -siu admin:admin123 http://localhost:8081/service/metrics/ping | grep pong -RESPONSE=$? - -if [ "$RESPONSE" = "0" ] ; then - echo "******** readiness is Alive ********" - exit 0; -else - echo "******** readiness is Dead ********" - exit 1; -fi - diff --git a/nexus3/solo.json.erb b/nexus3/solo.json.erb new file mode 100644 index 0000000..ebe57e6 --- /dev/null +++ b/nexus3/solo.json.erb @@ -0,0 +1,52 @@ +// Copyright (c) 2016-present Sonatype, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +<%= +require 'json' + +raise RuntimeError, 'environment variable DOCKER_TYPE is required' if ENV['DOCKER_TYPE'].nil? || ENV['DOCKER_TYPE'].empty? +raise RuntimeError, 'environment variable SONATYPE_DIR is required' if ENV['SONATYPE_DIR'].nil? || ENV['SONATYPE_DIR'].empty? +raise RuntimeError, 'environment variable NEXUS_HOME is required' if ENV['NEXUS_HOME'].nil? || ENV['NEXUS_HOME'].empty? +raise RuntimeError, 'environment variable NEXUS_DATA is required' if ENV['NEXUS_DATA'].nil? || ENV['NEXUS_DATA'].empty? + +{ + :run_list => [ "recipe[nexus_repository_manager::#{ENV['DOCKER_TYPE']}]" ], + :java => { + :install_flavor => 'openjdk', + :accept_license_agreement => true + }, + :nexus_repository_manager => { + :version => ENV['NEXUS_VERSION'], + :nexus_download_url => ENV['NEXUS_DOWNLOAD_URL'], + :nexus_download_sha256 => ENV['NEXUS_DOWNLOAD_SHA256_HASH'], + :sonatype => { + :path => ENV['SONATYPE_DIR'], + }, + :sonatype_work => { + :path => ENV['SONATYPE_DIR'] + '/sonatype-work' + }, + :nexus_home => { + :path => ENV['SONATYPE_DIR'] + '/nexus' + }, + :nexus_data => { + :path => ENV['NEXUS_DATA'] + }, + :properties => { + # Set the context_path to the NEXUS_CONTEXT environment variable + # that may be passed into the docker run command. + :context_path => "/${NEXUS_CONTEXT}" + } + } +}.to_json +%> diff --git a/nexus3/uid_entrypoint b/nexus3/uid_entrypoint deleted file mode 100644 index 02c2913..0000000 --- a/nexus3/uid_entrypoint +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -USER_ID=$(id -u) -if [ ${USER_UID} != ${USER_ID} ]; then - sed "s@${USER_NAME}:x:\${USER_ID}:@${USER_NAME}:x:${USER_ID}:@g" /etc/passwd.template > /etc/passwd -fi -exec "$@"