From 8a853a0d5a15dadc93c9cd31300221100d3ab3f3 Mon Sep 17 00:00:00 2001 From: Andrea Campi Date: Sun, 10 Jul 2022 17:15:44 +0200 Subject: [PATCH 1/6] Added postgresql support --- .gitignore | 6 +++ Dockerfile.rh.postgresql.centos | 91 +++++++++++++++++++++++++++++++++ config/nexus-store.properties | 5 ++ config/nexus.properties | 6 +++ docker-compose.postgresql.yml | 60 ++++++++++++++++++++++ 5 files changed, 168 insertions(+) create mode 100644 Dockerfile.rh.postgresql.centos create mode 100644 config/nexus-store.properties create mode 100644 config/nexus.properties create mode 100644 docker-compose.postgresql.yml diff --git a/.gitignore b/.gitignore index 28af5c23..6666298d 100644 --- a/.gitignore +++ b/.gitignore @@ -23,3 +23,9 @@ target/ atlassian-ide-plugin.xml dependency-reduced-pom.xml out + +#License file +*.lic +*.crt +*.key +*.pfx diff --git a/Dockerfile.rh.postgresql.centos b/Dockerfile.rh.postgresql.centos new file mode 100644 index 00000000..25209047 --- /dev/null +++ b/Dockerfile.rh.postgresql.centos @@ -0,0 +1,91 @@ +# Copyright (c) 2016-present Sonatype, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM centos:centos7 + +LABEL name="Nexus Repository Manager" \ + maintainer="Sonatype " \ + vendor=Sonatype \ + version="3.40.1-01" \ + release="3.40.1" \ + url="https://sonatype.com" \ + summary="The Nexus Repository Manager server \ + with universal support for popular component formats." \ + description="The Nexus Repository Manager server \ + with universal support for popular component formats." \ + run="docker run -d --name NAME \ + -p 8081:8081 \ + IMAGE" \ + stop="docker stop NAME" \ + com.sonatype.license="Apache License, Version 2.0" \ + com.sonatype.name="Nexus Repository Manager base image" \ + io.k8s.description="The Nexus Repository Manager server \ + with universal support for popular component formats." \ + io.k8s.display-name="Nexus Repository Manager" \ + io.openshift.expose-services="8081:8081" \ + io.openshift.tags="Sonatype,Nexus,Repository Manager" + +ARG NEXUS_VERSION=3.40.1-01 +ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz +ARG NEXUS_DOWNLOAD_SHA256_HASH=97f4e847e5c2ba714b09456f9fb5f449c7e89b2f0a2b8c175f36cc31f345774e + +# configure nexus runtime +ENV SONATYPE_DIR=/opt/sonatype +ENV NEXUS_HOME=${SONATYPE_DIR}/nexus \ + NEXUS_DATA=/nexus-data \ + NEXUS_CONTEXT='' \ + SONATYPE_WORK=${SONATYPE_DIR}/sonatype-work \ + DOCKER_TYPE='rh-docker' + +ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION="release-0.5.20220111-153152.2b86c3a" +ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL="https://github.com/sonatype/chef-nexus-repository-manager/releases/download/${NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION}/chef-nexus-repository-manager.tar.gz" + + +ADD solo.json.erb /var/chef/solo.json.erb + + +# Install using chef-solo +RUN curl -L https://omnitruck.chef.io/install.sh | bash -s -- -v 14.12.9 \ + && /opt/chef/embedded/bin/erb /var/chef/solo.json.erb > /var/chef/solo.json \ + && chef-solo \ + --node_name nexus_repository_red_hat_docker_build \ + --recipe-url ${NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL} \ + --json-attributes /var/chef/solo.json \ + && rpm -qa *chef* | xargs rpm -e \ + && rpm --rebuilddb \ + && rm -rf /etc/chef \ + && rm -rf /opt/chefdk \ + && rm -rf /var/cache/yum \ + && rm -rf /var/chef + +#Configure Nexus +# +RUN mkdir ${NEXUS_DATA}/etc/fabric +ADD config/nexus.properties ${NEXUS_DATA}/etc/nexus.properties +ADD config/nexus-store.properties ${NEXUS_DATA}/etc/fabric/nexus-store.properties +RUN chown nexus:nexus -R ${NEXUS_DATA}/etc/fabric ${NEXUS_DATA}/etc/nexus.properties +#Add license +ARG LICENSE +ADD ${LICENSE} ${NEXUS_DATA}/license.lic + +VOLUME ${NEXUS_DATA} + +EXPOSE 8081 + +USER nexus + +ENV INSTALL4J_ADD_VM_PARAMS="-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs" + +ENTRYPOINT ["/uid_entrypoint.sh"] +CMD ["sh", "-c", "${SONATYPE_DIR}/start-nexus-repository-manager.sh"] diff --git a/config/nexus-store.properties b/config/nexus-store.properties new file mode 100644 index 00000000..d06f2fa3 --- /dev/null +++ b/config/nexus-store.properties @@ -0,0 +1,5 @@ +username=nexus3 +password=REDACTED +name=nexus +type=jdbc +jdbcUrl=jdbc\:postgresql\://postgresql\:5432/nexus3 diff --git a/config/nexus.properties b/config/nexus.properties new file mode 100644 index 00000000..d920e9b3 --- /dev/null +++ b/config/nexus.properties @@ -0,0 +1,6 @@ +nexus.datastore.enabled=true +nexus.licenseFile=${NEXUS_DATA}/license.lic +nexus.datastore.enabledi=true +nexus.datastore.nexus.jdbcUrl=jdbc\:postgresql\://postgresql\:5432/nexus3 +nexus.datastore.nexus.username=nexus3 +nexus.datastore.nexus.password=REDACTED diff --git a/docker-compose.postgresql.yml b/docker-compose.postgresql.yml new file mode 100644 index 00000000..ace0fc37 --- /dev/null +++ b/docker-compose.postgresql.yml @@ -0,0 +1,60 @@ +version: "3" +services: + + # Artifact storage + nexus: + container_name: nexus + environment: + VIRTUAL_HOST: "nexus-new.fields.local" + VIRTUAL_PORT: "8081" + build: + context: . + dockerfile: Dockerfile.rh.postgresql.centos + args: + LICENSE: sonatype-repository-manager-trial.lic + ports: + - "8081" + + restart: always + stop_grace_period: 2m + volumes: + - nexus-data:/nexus-data + depends_on: + - postgres + + adminer: + image: adminer + container_name: adminer + restart: always + environment: + VIRTUAL_HOST: "aep-fi-docker.fields.local" + VIRTUAL_PORT: "8080" + ADMINER_DEFAULT_SERVER: postgresql + ports: + - "8080" + depends_on: + - postgres + + # PostgreSQL Database + postgres: + image: postgres:latest + container_name: postgresql + restart: always + ports: + - "5432" + environment: + POSTGRES_USER: nexus3 + POSTGRES_PASSWORD: REDACTED + POSTGRES_DB: nexus3 + volumes: + - pgdata:/var/lib/postgresql/data + +volumes: + nexus-data: + pgdata: + dhparam: + +networks: + default: + external: + name: nginx-proxy From ffb9e9fc227d6377b0713e5bb9cbb9a958f886c2 Mon Sep 17 00:00:00 2001 From: Andrea Campi Date: Sun, 10 Jul 2022 17:35:43 +0200 Subject: [PATCH 2/6] added nginx-proxy configuration --- docker-compose.postgresql.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/docker-compose.postgresql.yml b/docker-compose.postgresql.yml index ace0fc37..11283031 100644 --- a/docker-compose.postgresql.yml +++ b/docker-compose.postgresql.yml @@ -1,6 +1,24 @@ version: "3" services: + # HTTPS proxy + nginx-proxy: + image: nginxproxy/nginx-proxy:alpine + container_name: nginx-proxy + restart: always + ports: + - "80:80" + - "443:443" + volumes: + # Keep the dhparams (Should generate on the first run) + - dhparam:/etc/nginx/dhparam + # Push the certs to nginx + - /var/run/docker.sock:/tmp/docker.sock:ro + - ./etc_nginx_certs:/etc/nginx/certs + - ./var_log_nginx:/var/log/nginx + + depends_on: + - nexus # Artifact storage nexus: container_name: nexus From 31132b1a165f5ff915a206c922d1ddf197bbf980 Mon Sep 17 00:00:00 2001 From: Andrea Campi Date: Sun, 10 Jul 2022 18:34:51 +0200 Subject: [PATCH 3/6] Added docker-compose variable for DB --- Dockerfile.rh.postgresql.centos | 19 ++++++++++++++++++- README.md | 15 ++++++++++++--- config/nexus-store.properties | 6 +++--- config/nexus.properties | 6 +++--- docker-compose.postgresql.yml | 3 +++ 5 files changed, 39 insertions(+), 10 deletions(-) diff --git a/Dockerfile.rh.postgresql.centos b/Dockerfile.rh.postgresql.centos index 25209047..830f8630 100644 --- a/Dockerfile.rh.postgresql.centos +++ b/Dockerfile.rh.postgresql.centos @@ -71,10 +71,27 @@ RUN curl -L https://omnitruck.chef.io/install.sh | bash -s -- -v 14.12.9 \ #Configure Nexus # + +ARG POSTGRES_USER +ARG POSTGRES_PASSWORD +ARG POSTGRES_DB RUN mkdir ${NEXUS_DATA}/etc/fabric + ADD config/nexus.properties ${NEXUS_DATA}/etc/nexus.properties + +RUN sed -i 's/POSTGRES_USER/${POSTGRES_USER}/g' ${NEXUS_DATA}/etc/nexus.properties +RUN sed -i 's/POSTGRES_PASSWORD/${POSTGRES_PASSWORD}/g' ${NEXUS_DATA}/etc/nexus.properties +RUN sed -i 's/POSTGRES_DB/${POSTGRES_DB}/g' ${NEXUS_DATA}/etc/nexus.properties + ADD config/nexus-store.properties ${NEXUS_DATA}/etc/fabric/nexus-store.properties -RUN chown nexus:nexus -R ${NEXUS_DATA}/etc/fabric ${NEXUS_DATA}/etc/nexus.properties + +RUN sed -i 's/POSTGRES_USER/${POSTGRES_USER}/g' ${NEXUS_DATA}/etc/fabric/nexus-store.properties +RUN sed -i 's/POSTGRES_PASSWORD/${POSTGRES_PASSWORD}/g' ${NEXUS_DATA}/etc/fabric/nexus-store.properties +RUN sed -i 's/POSTGRES_DB/${POSTGRES_DB}/g' ${NEXUS_DATA}/etc/fabric/nexus-store.properties + +RUN chown nexus:nexus -R ${NEXUS_DATA}/etc/fabric ${NEXUS_DATA}/etc/fabric/nexus-store.properties + + #Add license ARG LICENSE ADD ${LICENSE} ${NEXUS_DATA}/license.lic diff --git a/README.md b/README.md index c6d4be24..9098d4bf 100644 --- a/README.md +++ b/README.md @@ -91,9 +91,9 @@ We are using `rspec` as the test framework. `serverspec` provides a docker backe A Red Hat certified container image can be created using [Dockerfile.rh.ubi](https://github.com/sonatype/docker-nexus3/blob/master/Dockerfile.rh.ubi) which is built to be compliant with Red Hat certification. The image includes additional meta data to comform with Kubernetes and OpenShift standards, a directory with the licenses applicable to the software and a man file for help on how to use the software. It also uses an ENTRYPOINT -script the ensure the running user has access to the appropriate permissions for OpenShift 'restricted' SCC. +script the ensure the running user has access to the appropriate permissions for OpenShift 'restricted' SCC. -The Red Hat certified container image is available from the +The Red Hat certified container image is available from the [Red Hat Container Catalog](https://access.redhat.com/containers/#/registry.connect.redhat.com/sonatype/nexus-repository-manager) and qualified accounts can pull it from registry.connect.redhat.com. @@ -133,7 +133,7 @@ process, which runs as UID 200. Of particular note, `-Djava.util.prefs.userRoot=/some-other-dir` can be set to a persistent path, which will maintain the installed Nexus Repository License if the container is restarted. - + Be sure to check the [memory requirements](https://help.sonatype.com/display/NXRM3/System+Requirements#SystemRequirements-MemoryRequirements) when deciding how much heap and direct memory to allocate. * Another environment variable can be used to control the Nexus Context Path @@ -169,6 +169,15 @@ for additional information. $ mkdir /some/dir/nexus-data && chown -R 200 /some/dir/nexus-data $ docker run -d -p 8081:8081 --name nexus -v /some/dir/nexus-data:/nexus-data sonatype/nexus3 ``` +### PostgreSQL support +Licence key is mandatory + +copy it in sonatype-repository-manager-trial.lic + ``` +docker-compose -f docker-compose.postgresql.yml up + ``` +Docker compose use Dockerfile.rh.postgresql.centos + ## Getting Help diff --git a/config/nexus-store.properties b/config/nexus-store.properties index d06f2fa3..ff39928c 100644 --- a/config/nexus-store.properties +++ b/config/nexus-store.properties @@ -1,5 +1,5 @@ -username=nexus3 -password=REDACTED +username=POSTGRES_USER +password=POSTGRES_PASSWORD name=nexus type=jdbc -jdbcUrl=jdbc\:postgresql\://postgresql\:5432/nexus3 +jdbcUrl=jdbc\:postgresql\://postgresql\:5432/POSTGRES_DB diff --git a/config/nexus.properties b/config/nexus.properties index d920e9b3..a4329045 100644 --- a/config/nexus.properties +++ b/config/nexus.properties @@ -1,6 +1,6 @@ nexus.datastore.enabled=true nexus.licenseFile=${NEXUS_DATA}/license.lic nexus.datastore.enabledi=true -nexus.datastore.nexus.jdbcUrl=jdbc\:postgresql\://postgresql\:5432/nexus3 -nexus.datastore.nexus.username=nexus3 -nexus.datastore.nexus.password=REDACTED +nexus.datastore.nexus.jdbcUrl=jdbc\:postgresql\://postgresql\:5432/POSTGRES_DB +nexus.datastore.nexus.username=POSTGRES_USER +nexus.datastore.nexus.password=POSTGRES_PASSWORD diff --git a/docker-compose.postgresql.yml b/docker-compose.postgresql.yml index 11283031..7845b336 100644 --- a/docker-compose.postgresql.yml +++ b/docker-compose.postgresql.yml @@ -30,6 +30,9 @@ services: dockerfile: Dockerfile.rh.postgresql.centos args: LICENSE: sonatype-repository-manager-trial.lic + POSTGRES_USER: nexus3 + POSTGRES_PASSWORD: REDACTED + POSTGRES_DB: nexus3 ports: - "8081" From 8be85ea7cd38a405cd9698738ab1aac930d5f53e Mon Sep 17 00:00:00 2001 From: Andrea Campi Date: Sun, 10 Jul 2022 18:43:49 +0200 Subject: [PATCH 4/6] correction quotes --- Dockerfile.rh.postgresql.centos | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile.rh.postgresql.centos b/Dockerfile.rh.postgresql.centos index 830f8630..ca39a118 100644 --- a/Dockerfile.rh.postgresql.centos +++ b/Dockerfile.rh.postgresql.centos @@ -79,15 +79,15 @@ RUN mkdir ${NEXUS_DATA}/etc/fabric ADD config/nexus.properties ${NEXUS_DATA}/etc/nexus.properties -RUN sed -i 's/POSTGRES_USER/${POSTGRES_USER}/g' ${NEXUS_DATA}/etc/nexus.properties -RUN sed -i 's/POSTGRES_PASSWORD/${POSTGRES_PASSWORD}/g' ${NEXUS_DATA}/etc/nexus.properties -RUN sed -i 's/POSTGRES_DB/${POSTGRES_DB}/g' ${NEXUS_DATA}/etc/nexus.properties +RUN sed -i "s/POSTGRES_USER/${POSTGRES_USER}/g" ${NEXUS_DATA}/etc/nexus.properties +RUN sed -i "s/POSTGRES_PASSWORD/${POSTGRES_PASSWORD}/g" ${NEXUS_DATA}/etc/nexus.properties +RUN sed -i "s/POSTGRES_DB/${POSTGRES_DB}/g" ${NEXUS_DATA}/etc/nexus.properties ADD config/nexus-store.properties ${NEXUS_DATA}/etc/fabric/nexus-store.properties -RUN sed -i 's/POSTGRES_USER/${POSTGRES_USER}/g' ${NEXUS_DATA}/etc/fabric/nexus-store.properties -RUN sed -i 's/POSTGRES_PASSWORD/${POSTGRES_PASSWORD}/g' ${NEXUS_DATA}/etc/fabric/nexus-store.properties -RUN sed -i 's/POSTGRES_DB/${POSTGRES_DB}/g' ${NEXUS_DATA}/etc/fabric/nexus-store.properties +RUN sed -i "s/POSTGRES_USER/${POSTGRES_USER}/g" ${NEXUS_DATA}/etc/fabric/nexus-store.properties +RUN sed -i "s/POSTGRES_PASSWORD/${POSTGRES_PASSWORD}/g" ${NEXUS_DATA}/etc/fabric/nexus-store.properties +RUN sed -i "s/POSTGRES_DB/${POSTGRES_DB}/g" ${NEXUS_DATA}/etc/fabric/nexus-store.properties RUN chown nexus:nexus -R ${NEXUS_DATA}/etc/fabric ${NEXUS_DATA}/etc/fabric/nexus-store.properties From 51213b64a98b7152865d945847ec5f23d7a84917 Mon Sep 17 00:00:00 2001 From: Andrea Campi Date: Sun, 10 Jul 2022 18:50:15 +0200 Subject: [PATCH 5/6] final release --- README.md | 4 +++- docker-compose.postgresql.yml | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9098d4bf..3cd05bae 100644 --- a/README.md +++ b/README.md @@ -172,10 +172,12 @@ for additional information. ### PostgreSQL support Licence key is mandatory -copy it in sonatype-repository-manager-trial.lic +configure database and licence variable + ``` docker-compose -f docker-compose.postgresql.yml up ``` + Docker compose use Dockerfile.rh.postgresql.centos diff --git a/docker-compose.postgresql.yml b/docker-compose.postgresql.yml index 7845b336..9b9ce035 100644 --- a/docker-compose.postgresql.yml +++ b/docker-compose.postgresql.yml @@ -48,7 +48,7 @@ services: container_name: adminer restart: always environment: - VIRTUAL_HOST: "aep-fi-docker.fields.local" + VIRTUAL_HOST: "adminer.fields.local" VIRTUAL_PORT: "8080" ADMINER_DEFAULT_SERVER: postgresql ports: From e4e7825a40b883b058b4c24733594786cb727421 Mon Sep 17 00:00:00 2001 From: Andrea Campi Date: Mon, 18 Jul 2022 11:09:07 +0200 Subject: [PATCH 6/6] Increase upload limit --- docker-compose.postgresql.yml | 1 + etc_nginx_conf.d/client_max_body_size.conf | 1 + 2 files changed, 2 insertions(+) create mode 100644 etc_nginx_conf.d/client_max_body_size.conf diff --git a/docker-compose.postgresql.yml b/docker-compose.postgresql.yml index 9b9ce035..e9e606e1 100644 --- a/docker-compose.postgresql.yml +++ b/docker-compose.postgresql.yml @@ -16,6 +16,7 @@ services: - /var/run/docker.sock:/tmp/docker.sock:ro - ./etc_nginx_certs:/etc/nginx/certs - ./var_log_nginx:/var/log/nginx + - ./etc_nginx_conf.d/client_max_body_size.conf:/etc/nginx/conf.d/client_max_body_size.conf:ro depends_on: - nexus diff --git a/etc_nginx_conf.d/client_max_body_size.conf b/etc_nginx_conf.d/client_max_body_size.conf new file mode 100644 index 00000000..6e855aa0 --- /dev/null +++ b/etc_nginx_conf.d/client_max_body_size.conf @@ -0,0 +1 @@ +client_max_body_size 150m;