feat(9,4):update files for Nexus application image

2019-08-05 20:33:05 -04:00 · 2019-08-05 20:33:05 -04:00 · 411e81e8a8
commit 411e81e8a8
parent ac6169db7b
8 changed files with 94 additions and 240 deletions
--- a/nexus3/Dockerfile
+++ b/nexus3/Dockerfile
@ -12,95 +12,68 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-FROM       registry.access.redhat.com/rhel7:7.6
+FROM registry.access.redhat.com/ubi8/ubi
 MAINTAINER Red Hat Training
 # Atomic Labels
 LABEL name="Nexus Repository Manager" \
-      vendor="Sonatype" \
+      vendor=Sonatype \
-      version="3.6.0-02" \
+      version="3.18.0-01" \
-      release="3.6.0" \
+      release="3.18.0" \
      url="https://sonatype.com" \
      summary="The Nexus Repository Manager server \
          with universal support for popular component formats." \
      description="The Nexus Repository Manager server \
          with universal support for popular component formats." \
      run="docker run -d --name NAME \
          -p 8081:8081 \
          IMAGE" \
-      stop="docker stop NAME"
+      stop="docker stop NAME" \
-
+      com.sonatype.license="Apache License, Version 2.0" \
-# OpenShift Labels
+      com.sonatype.name="Nexus Repository Manager base image" \
-LABEL io.k8s.description="The Nexus Repository Manager server \
+      io.k8s.description="The Nexus Repository Manager server \
          with universal support for popular component formats." \
      io.k8s.display-name="Nexus Repository Manager" \
      io.openshift.expose-services="8081:8081" \
-io.openshift.tags="Sonatype,Nexus,Repository Manager"
+      io.openshift.tags="Sonatype,Nexus,Repository Manager"
 LABEL com.sonatype.license="Apache License, Version 2.0"
 COPY help.1 uid_entrypoint /
 COPY licenses /licenses
-RUN rpm --rebuilddb && \
+ARG NEXUS_VERSION=3.18.0-01
-  yum install -y \
+ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz
-  curl tar createrepo java-1.8.0-openjdk-devel \
+ARG NEXUS_DOWNLOAD_SHA256_HASH=e1d9d84d8b169b2f6c735e7db35e3310cf9e242da12b4af83da4e3618acfc99e
  && yum clean all
-
+# configure nexus runtime
 # Install Nexus
 ENV SONATYPE_DIR=/opt/sonatype
-ENV NEXUS_DATA=/nexus-data \
+ENV NEXUS_HOME=${SONATYPE_DIR}/nexus \
-    NEXUS_HOME=${SONATYPE_DIR}/nexus \
+    NEXUS_DATA=/nexus-data \
    NEXUS_VERSION=3.6.0-02 \
    SONATYPE_WORK=${SONATYPE_DIR}/sonatype-work \
    NEXUS_CONTEXT='' \
-    USER_NAME=nexus \
+    SONATYPE_WORK=${SONATYPE_DIR}/sonatype-work \
-    USER_UID=200
+    DOCKER_TYPE='rh-docker'
-# Install Nexus and Configure Nexus Runtime Environment
+ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION="release-0.5.20190212-155606.d1afdfe"
-RUN mkdir -p ${NEXUS_HOME} && \
+ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL="https://github.com/sonatype/chef-nexus-repository-manager/releases/download/${NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION}/chef-nexus-repository-manager.tar.gz"
-    curl --fail --silent --location --retry 3 \
+
-      http://content.example.com/ocp3.6/x86_64/installers/nexus-${NEXUS_VERSION}-unix.tar.gz \
+ADD solo.json.erb /var/chef/solo.json.erb
-      | gunzip \
+
-      | tar x -C ${NEXUS_HOME} --strip-components=1 nexus-${NEXUS_VERSION} && \
+# Install using chef-solo
-    chown -R root:root ${NEXUS_HOME} && \
+# Chef version locked to avoid needing to accept the EULA on behalf of whomever builds the image
-    \
+RUN yum install -y --disableplugin=subscription-manager hostname procps \
-    sed \
+    && curl -L https://www.getchef.com/chef/install.sh | bash -s -- -v 14.12.9 \
-      -e '/^nexus-context/ s:$:${NEXUS_CONTEXT}:' \
+    && /opt/chef/embedded/bin/erb /var/chef/solo.json.erb > /var/chef/solo.json \
-      -i ${NEXUS_HOME}/etc/nexus-default.properties && \
+    && chef-solo \
-    \
+       --recipe-url ${NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL} \
-    useradd -l -u ${USER_UID} -r -g 0 -m -d ${NEXUS_DATA} -s /sbin/no-login \
+       --json-attributes /var/chef/solo.json \
-            -c "${USER_NAME} application user" ${USER_NAME} && \
+    && rpm -qa *chef* | xargs rpm -e \
-            mkdir -p ${NEXUS_DATA}/etc ${NEXUS_DATA}/log ${NEXUS_DATA}/tmp ${SONATYPE_WORK} && \
+    && rm -rf /etc/chef \
-            ln -s ${NEXUS_DATA} ${SONATYPE_WORK}/nexus3 && \
+    && rm -rf /opt/chefdk \
-            chown -R ${USER_NAME}:0 ${NEXUS_DATA} && \
+    && rm -rf /var/cache/yum \
-            chmod -R g+rw ${NEXUS_DATA} /etc/passwd && \
+    && rm -rf /var/chef \
-            chmod ug+x /uid_entrypoint && \
+    && yum clean all
            find ${NEXUS_DATA} -type d -exec chmod g+x {} +
 VOLUME ${NEXUS_DATA}
 #Configure probes scripts
 COPY probes/liveness.sh /usr/local/bin/liveness.sh
 COPY probes/readiness.sh /usr/local/bin/readiness.sh
 RUN chmod 775 /usr/local/bin/liveness.sh && \
    chmod 775 /usr/local/bin/readiness.sh
 # arbitrary uid recognition at runtime - for OpenShift deployments
 RUN sed "s@${USER_NAME}:x:${USER_UID}:@${USER_NAME}:x:\${USER_ID}:@g" /etc/passwd > /etc/passwd.template
 # Supply non variable to USER command ${USER_NAME}
 USER 200
 WORKDIR ${NEXUS_HOME}
 ENV JAVA_MAX_MEM=1200m \
    JAVA_MIN_MEM=1200m
 EXPOSE 8081
 USER nexus
-ENTRYPOINT [ "/uid_entrypoint" ]
+ENV INSTALL4J_ADD_VM_PARAMS="-Xms1200m -Xmx1200m -XX:MaxDirectMemorySize=2g -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs"
 CMD ["bin/nexus", "run"]
 ENTRYPOINT ["/uid_entrypoint.sh"]
 CMD ["sh", "-c", "${SONATYPE_DIR}/start-nexus-repository-manager.sh"]
--- a/nexus3/etc/training.repo
+++ b/nexus3/etc/training.repo
@ -1,54 +0,0 @@
 [rhel-7-dvd]
 baseurl = http://content.example.com/rhel7.6/x86_64/dvd
 enabled = true
 gpgcheck = false
 name = Remote classroom copy of RHEL DVD
 [rhel-server-rhscl-7-rpms]
 baseurl = http://content.example.com/ocp4.0/x86_64/rhelrhscl
 enabled = true
 gpgcheck = false
 name = Remote classroom copy of RHSCL
 [rhel-7-server-datapath-rpms]
 baseurl = http://content.example.com/ocp4.0/x86_64/rheladditional/rhel-7-fast-datapath-rpms
 enabled = true
 gpgcheck = false
 name = Remote classroom copy of RHEL 7.6 Datapath Packages
 [rhel-7-server-ansible-26]
 baseurl = http://content.example.com/ocp4.0/x86_64/rheladditional/rhel-7-server-ansible-2.6-rpms
 enabled = true
 gpgcheck = false
 name = Remote classroom copy of RHEL 7.6 Ansible Packages
 [rhel-7-server-extras-rpms]
 baseurl = http://content.example.com/ocp4.0/x86_64/rheladditional/rhel-7-server-extras-rpms
 enabled = true
 gpgcheck = false
 name = Remote classroom copy of RHEL 7.6 Extra Packages
 [rhel-7-server-common-rpms]
 baseurl = http://content.example.com/ocp4.0/x86_64/rheladditional/rhel-7-server-rh-common-rpms
 enabled = true
 gpgcheck = false
 name = Remote classroom copy of RHEL 7.6 Common Packages
 [rhel-7-server-supplementary]
 baseurl = http://content.example.com/ocp4.0/x86_64/rhelsupplementary
 enabled = true
 gpgcheck = false
 name = Remote classroom copy of RHEL 7.6 Supplementary Packages
 [rhel-7-server-optional-rpms]
 baseurl = http://content.example.com/ocp4.0/x86_64/rhelopt
 enabled = true
 gpgcheck = false
 name = Remote classroom copy of RHEL 7.6 Optional Packages
 [rhel-7-server-updates]
 baseurl = http://content.example.com/ocp4.0/x86_64/rhelupdates
 enabled = true
 gpgcheck = false
 name = Remote classroom copy of RHEL 7.6 Updates
--- a/nexus3/help.1
+++ b/nexus3/help.1
@ -1,75 +0,0 @@
 .PP
 % 
 .BR NEXUS (1) 
 Container Image Pages
 % Sonatype
 % November 21, 2016
 .TH NAME
 .PP
 nexus \- Nexus Repository Manager container image
 .SH DESCRIPTION
 .PP
 The nexus image provides a containerized packaging of the Nexus Repository Manager.
 Nexus Repository Manager is a repository manager with universal support for popular component formats including Maven, Docker, NuGet, npm, PyPi, Bower and more.
 .PP
 The nexus image is designed to be run by the atomic command with one of these options:
 .PP
 \fB\fCrun\fR
 .PP
 Starts the installed container with selected privileges to the host.
 .PP
 \fB\fCstop\fR
 .PP
 Stops the installed container
 .PP
 The container itself consists of:
    \- Linux base image
    \- Oracle Java JDK
    \- Nexus Repository Manager
    \- Atomic help file
 .PP
 Files added to the container during docker build include: /help.1.
 .SH USAGE
 .PP
 To use the nexus container, you can run the atomic command with run, stop, or uninstall options:
 .PP
 To run the nexus container:
 .IP
 atomic run nexus
 .PP
 To stop the nexus container (after it is installed), run:
 .IP
 atomic stop nexus
 .SH LABELS
 .PP
 The nexus container includes the following LABEL settings:
 .PP
 That atomic command runs the docker command set in this label:
 .PP
 \fB\fCRUN=\fR
 .IP
 LABEL RUN='docker run \-d \-p 8081:8081 \-\-name ${NAME} ${IMAGE}'
 .IP
 The contents of the RUN label tells an \fB\fCatomic run nexus\fR command to open port 8081 & set the name of the container.
 .PP
 \fB\fCSTOP=\fR
 .IP
 LABEL STOP='docker stop ${NAME}'
 .PP
 \fB\fCName=\fR
 .PP
 The registry location and name of the image. For example, Name="Nexus Repository Manager".
 .PP
 \fB\fCVersion=\fR
 .PP
 The Nexus Repository Manager version from which the container was built. For example, Version="3.0.2\-02".
 .PP
 When the atomic command runs the nexus container, it reads the command line associated with the selected option
 from a LABEL set within the Docker container itself. It then runs that command. The following sections detail
 each option and associated LABEL:
 .SH SECURITY IMPLICATIONS
 .PP
 \fB\fC\-d\fR
 .PP
 Runs continuously as a daemon process in the background
--- a/nexus3/licenses/LICENSE
+++ b/nexus3/licenses/LICENSE
@ -1,10 +0,0 @@
 Sonatype Nexus (TM) Open Source Version
 Copyright (c) 2008-present Sonatype, Inc.
 All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
 This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
 which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
 Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
 of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
 Eclipse Foundation. All other trademarks are the property of their respective owners.
--- a/nexus3/probes/liveness.sh
+++ b/nexus3/probes/liveness.sh
@ -1,13 +0,0 @@
 #!/bin/sh
 curl -siu admin:admin123 http://localhost:8081/service/metrics/healthcheck | grep healthy | grep true
 RESPONSE=$?
 if [ "$RESPONSE" = "0" ] ; then
  echo "******** liveness is Alive ********"
  exit 0;
 else
  echo "******** liveness is Dead ********"
  exit 1;
 fi
--- a/nexus3/probes/readiness.sh
+++ b/nexus3/probes/readiness.sh
@ -1,13 +0,0 @@
 #!/bin/sh
 curl -siu admin:admin123 http://localhost:8081/service/metrics/ping | grep pong
 RESPONSE=$?
 if [ "$RESPONSE" = "0" ] ; then
  echo "******** readiness is Alive ********"
  exit 0;
 else
  echo "******** readiness is Dead ********"
  exit 1;
 fi
--- a/nexus3/solo.json.erb
+++ b/nexus3/solo.json.erb
@ -0,0 +1,52 @@
 // Copyright (c) 2016-present Sonatype, Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 <%=
 require 'json'
 raise RuntimeError, 'environment variable DOCKER_TYPE is required' if ENV['DOCKER_TYPE'].nil? || ENV['DOCKER_TYPE'].empty?
 raise RuntimeError, 'environment variable SONATYPE_DIR is required' if ENV['SONATYPE_DIR'].nil? || ENV['SONATYPE_DIR'].empty?
 raise RuntimeError, 'environment variable NEXUS_HOME is required' if ENV['NEXUS_HOME'].nil? || ENV['NEXUS_HOME'].empty?
 raise RuntimeError, 'environment variable NEXUS_DATA is required' if ENV['NEXUS_DATA'].nil? || ENV['NEXUS_DATA'].empty?
 {
  :run_list => [ "recipe[nexus_repository_manager::#{ENV['DOCKER_TYPE']}]" ],
  :java => {
    :install_flavor => 'openjdk',
    :accept_license_agreement => true
  },
  :nexus_repository_manager => {
    :version => ENV['NEXUS_VERSION'],
    :nexus_download_url => ENV['NEXUS_DOWNLOAD_URL'],
    :nexus_download_sha256 => ENV['NEXUS_DOWNLOAD_SHA256_HASH'],
    :sonatype => {
      :path => ENV['SONATYPE_DIR'],
    },
    :sonatype_work => {
      :path => ENV['SONATYPE_DIR'] + '/sonatype-work'
    },
    :nexus_home => {
      :path => ENV['SONATYPE_DIR'] + '/nexus'
    },
    :nexus_data => {
      :path => ENV['NEXUS_DATA']
    },
    :properties => {
      # Set the context_path to the NEXUS_CONTEXT environment variable
      # that may be passed into the docker run command.
      :context_path => "/${NEXUS_CONTEXT}"
    }
  }
 }.to_json
 %>
--- a/nexus3/uid_entrypoint
+++ b/nexus3/uid_entrypoint
@ -1,6 +0,0 @@
 #!/bin/sh
 USER_ID=$(id -u)
 if [ ${USER_UID} != ${USER_ID} ]; then
    sed "s@${USER_NAME}:x:\${USER_ID}:@${USER_NAME}:x:${USER_ID}:@g" /etc/passwd.template > /etc/passwd
 fi
 exec "$@"