From 166c87e77336acb93468c53aaa2e4b56c46bb6fd Mon Sep 17 00:00:00 2001 From: Guillaume Leroy Date: Fri, 7 Jan 2022 14:10:57 +0100 Subject: [PATCH] add NEXUS_ADMIN_INIT_PASSWORD env var --- CONTRIBUTORS.md | 1 + Dockerfile | 15 +++++++++++---- Dockerfile.rh.centos | 13 +++++++++++-- Dockerfile.rh.el | 13 +++++++++++-- Dockerfile.rh.ubi | 13 +++++++++++-- README.md | 2 ++ entrypoint.sh | 15 +++++++++++++++ 7 files changed, 62 insertions(+), 10 deletions(-) create mode 100644 entrypoint.sh diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index cea96504..c4e34b7a 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -34,5 +34,6 @@ External contributors: * [@bestlong](https://github.com/bestlong/) (Yu-Lung Shao (Allen)) * [@jperville](https://github.com/jperville/) (Julien Pervillé) +* [@leroyguillaume](https://github.com/leroyguillaume) (Guillaume Leroy) ![Possibly You!](http://i.imgur.com/A3eScYul.jpg) \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index a79b0783..7bd07f47 100644 --- a/Dockerfile +++ b/Dockerfile @@ -39,6 +39,7 @@ LABEL name="Nexus Repository Manager" \ ARG NEXUS_VERSION=3.37.3-02 ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz ARG NEXUS_DOWNLOAD_SHA256_HASH=c1db431908c5a76b44015c555d6ef4517abf0a86844faffee0f5d6c62359312d +ARG SHIRO_VERSION=1.8.0 # configure nexus runtime ENV SONATYPE_DIR=/opt/sonatype @@ -46,7 +47,8 @@ ENV NEXUS_HOME=${SONATYPE_DIR}/nexus \ NEXUS_DATA=/nexus-data \ NEXUS_CONTEXT='' \ SONATYPE_WORK=${SONATYPE_DIR}/sonatype-work \ - DOCKER_TYPE='3x-docker' + DOCKER_TYPE='3x-docker' \ + SHIRO_CLI_JAR=/opt/shiro-tools-hasher-${SHIRO_VERSION}-cli.jar ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION="release-0.5.20210628-162332.70a6cb6" ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL="https://github.com/sonatype/chef-nexus-repository-manager/releases/download/${NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION}/chef-nexus-repository-manager.tar.gz" @@ -68,10 +70,15 @@ RUN yum install -y --disableplugin=subscription-manager hostname procps \ && rm -rf /var/chef \ && yum clean all -# download and install openjdk 8 +# download and install openjdk 8 and shiro cli RUN curl -O https://vault.centos.org/8.3.2011/AppStream/x86_64/os/Packages/java-1.8.0-openjdk-headless-1.8.0.282.b08-2.el8_3.x86_64.rpm \ && yum localinstall -y --disableplugin=subscription-manager java-1.8.0-openjdk-headless-1.8.0.282.b08-2.el8_3.x86_64.rpm \ - && rm -rf java-1.8.0-openjdk-headless-1.8.0.282.b08-2.el8_3.x86_64.rpm + && rm -rf java-1.8.0-openjdk-headless-1.8.0.282.b08-2.el8_3.x86_64.rpm \ + && curl -L https://repo1.maven.org/maven2/org/apache/shiro/tools/shiro-tools-hasher/${SHIRO_VERSION}/shiro-tools-hasher-${SHIRO_VERSION}-cli.jar > ${SHIRO_CLI_JAR} + +# copy entrypoint script +COPY entrypoint.sh ${SONATYPE_DIR}/entrypoint.sh +RUN chmod 0755 ${SONATYPE_DIR}/entrypoint.sh VOLUME ${NEXUS_DATA} @@ -80,4 +87,4 @@ USER nexus ENV INSTALL4J_ADD_VM_PARAMS="-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs" -CMD ["sh", "-c", "${SONATYPE_DIR}/start-nexus-repository-manager.sh"] +CMD ["sh", "-c", "${SONATYPE_DIR}/entrypoint.sh"] diff --git a/Dockerfile.rh.centos b/Dockerfile.rh.centos index a8616b77..8596c27c 100644 --- a/Dockerfile.rh.centos +++ b/Dockerfile.rh.centos @@ -39,6 +39,7 @@ LABEL name="Nexus Repository Manager" \ ARG NEXUS_VERSION=3.37.3-02 ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz ARG NEXUS_DOWNLOAD_SHA256_HASH=c1db431908c5a76b44015c555d6ef4517abf0a86844faffee0f5d6c62359312d +ARG SHIRO_VERSION=1.8.0 # configure nexus runtime ENV SONATYPE_DIR=/opt/sonatype @@ -46,7 +47,8 @@ ENV NEXUS_HOME=${SONATYPE_DIR}/nexus \ NEXUS_DATA=/nexus-data \ NEXUS_CONTEXT='' \ SONATYPE_WORK=${SONATYPE_DIR}/sonatype-work \ - DOCKER_TYPE='rh-docker' + DOCKER_TYPE='rh-docker' \ + SHIRO_CLI_JAR=/opt/shiro-tools-hasher-${SHIRO_VERSION}-cli.jar ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION="release-0.5.20190212-155606.d1afdfe" ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL="https://github.com/sonatype/chef-nexus-repository-manager/releases/download/${NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION}/chef-nexus-repository-manager.tar.gz" @@ -67,6 +69,13 @@ RUN curl -L https://omnitruck.chef.io/install.sh | bash \ && rm -rf /var/cache/yum \ && rm -rf /var/chef +# download and install shiro cli +RUN curl -L https://repo1.maven.org/maven2/org/apache/shiro/tools/shiro-tools-hasher/${SHIRO_VERSION}/shiro-tools-hasher-${SHIRO_VERSION}-cli.jar > ${SHIRO_CLI_JAR} + +# copy entrypoint script +COPY entrypoint.sh ${SONATYPE_DIR}/entrypoint.sh +RUN chmod 0755 ${SONATYPE_DIR}/entrypoint.sh + VOLUME ${NEXUS_DATA} EXPOSE 8081 @@ -75,4 +84,4 @@ USER nexus ENV INSTALL4J_ADD_VM_PARAMS="-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs" ENTRYPOINT ["/uid_entrypoint.sh"] -CMD ["sh", "-c", "${SONATYPE_DIR}/start-nexus-repository-manager.sh"] +CMD ["sh", "-c", "${SONATYPE_DIR}/entrypoint.sh"] diff --git a/Dockerfile.rh.el b/Dockerfile.rh.el index 4ac47ea9..2cf2b8f1 100644 --- a/Dockerfile.rh.el +++ b/Dockerfile.rh.el @@ -39,6 +39,7 @@ LABEL name="Nexus Repository Manager" \ ARG NEXUS_VERSION=3.37.3-02 ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz ARG NEXUS_DOWNLOAD_SHA256_HASH=c1db431908c5a76b44015c555d6ef4517abf0a86844faffee0f5d6c62359312d +ARG SHIRO_VERSION=1.8.0 # configure nexus runtime ENV SONATYPE_DIR=/opt/sonatype @@ -46,7 +47,8 @@ ENV NEXUS_HOME=${SONATYPE_DIR}/nexus \ NEXUS_DATA=/nexus-data \ NEXUS_CONTEXT='' \ SONATYPE_WORK=${SONATYPE_DIR}/sonatype-work \ - DOCKER_TYPE='rh-docker' + DOCKER_TYPE='rh-docker' \ + SHIRO_CLI_JAR=/opt/shiro-tools-hasher-${SHIRO_VERSION}-cli.jar ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION="release-0.5.20190212-155606.d1afdfe" ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL="https://github.com/sonatype/chef-nexus-repository-manager/releases/download/${NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION}/chef-nexus-repository-manager.tar.gz" @@ -67,6 +69,13 @@ RUN curl -L https://omnitruck.chef.io/install.sh | bash \ && rm -rf /var/cache/yum \ && rm -rf /var/chef +# download and install shiro cli +RUN curl -L https://repo1.maven.org/maven2/org/apache/shiro/tools/shiro-tools-hasher/${SHIRO_VERSION}/shiro-tools-hasher-${SHIRO_VERSION}-cli.jar > ${SHIRO_CLI_JAR} + +# copy entrypoint script +COPY entrypoint.sh ${SONATYPE_DIR}/entrypoint.sh +RUN chmod 0755 ${SONATYPE_DIR}/entrypoint.sh + VOLUME ${NEXUS_DATA} EXPOSE 8081 @@ -75,4 +84,4 @@ USER nexus ENV INSTALL4J_ADD_VM_PARAMS="-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs" ENTRYPOINT ["/uid_entrypoint.sh"] -CMD ["sh", "-c", "${SONATYPE_DIR}/start-nexus-repository-manager.sh"] +CMD ["sh", "-c", "${SONATYPE_DIR}/entrypoint.sh"] diff --git a/Dockerfile.rh.ubi b/Dockerfile.rh.ubi index 6c016f4d..32b7bf44 100644 --- a/Dockerfile.rh.ubi +++ b/Dockerfile.rh.ubi @@ -39,6 +39,7 @@ LABEL name="Nexus Repository Manager" \ ARG NEXUS_VERSION=3.37.3-02 ARG NEXUS_DOWNLOAD_URL=https://download.sonatype.com/nexus/3/nexus-${NEXUS_VERSION}-unix.tar.gz ARG NEXUS_DOWNLOAD_SHA256_HASH=c1db431908c5a76b44015c555d6ef4517abf0a86844faffee0f5d6c62359312d +ARG SHIRO_VERSION=1.8.0 # configure nexus runtime ENV SONATYPE_DIR=/opt/sonatype @@ -46,7 +47,8 @@ ENV NEXUS_HOME=${SONATYPE_DIR}/nexus \ NEXUS_DATA=/nexus-data \ NEXUS_CONTEXT='' \ SONATYPE_WORK=${SONATYPE_DIR}/sonatype-work \ - DOCKER_TYPE='rh-docker' + DOCKER_TYPE='rh-docker' \ + SHIRO_CLI_JAR=/opt/shiro-tools-hasher-${SHIRO_VERSION}-cli.jar ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION="release-0.5.20190212-155606.d1afdfe" ARG NEXUS_REPOSITORY_MANAGER_COOKBOOK_URL="https://github.com/sonatype/chef-nexus-repository-manager/releases/download/${NEXUS_REPOSITORY_MANAGER_COOKBOOK_VERSION}/chef-nexus-repository-manager.tar.gz" @@ -68,6 +70,13 @@ RUN curl -L https://omnitruck.chef.io/install.sh | bash -s -- -v 14.12.9 \ && rm -rf /var/chef \ && yum clean all +# download and install shiro cli +RUN curl -L https://repo1.maven.org/maven2/org/apache/shiro/tools/shiro-tools-hasher/${SHIRO_VERSION}/shiro-tools-hasher-${SHIRO_VERSION}-cli.jar > ${SHIRO_CLI_JAR} + +# copy entrypoint script +COPY entrypoint.sh ${SONATYPE_DIR}/entrypoint.sh +RUN chmod 0755 ${SONATYPE_DIR}/entrypoint.sh + VOLUME ${NEXUS_DATA} EXPOSE 8081 @@ -76,4 +85,4 @@ USER nexus ENV INSTALL4J_ADD_VM_PARAMS="-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs" ENTRYPOINT ["/uid_entrypoint.sh"] -CMD ["sh", "-c", "${SONATYPE_DIR}/start-nexus-repository-manager.sh"] +CMD ["sh", "-c", "${SONATYPE_DIR}/entrypoint.sh"] diff --git a/README.md b/README.md index ff37eda0..1b000a4d 100644 --- a/README.md +++ b/README.md @@ -146,6 +146,8 @@ process, which runs as UID 200. $ docker run -d -p 8081:8081 --name nexus -e NEXUS_CONTEXT=nexus sonatype/nexus3 ``` +* You can set admin initial password by using `NEXUS_ADMIN_INIT_PASSWORD` environment variable + ### Persistent Data There are two general approaches to handling persistent storage requirements diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 00000000..bc0204d9 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +if [ -z "${NEXUS_ADMIN_INIT_PASSWORD}" ] || [ -d "${SONATYPE_WORK}/nexus3/db/security" ]; then + ${SONATYPE_DIR}/start-nexus-repository-manager.sh +else + SHIRO_PASSWORD=$(java -jar "${SHIRO_CLI_JAR}" -a SHA-512 -f shiro1 "${NEXUS_ADMIN_INIT_PASSWORD}") + "${SONATYPE_DIR}/start-nexus-repository-manager.sh" & + while ! curl -f localhost:8081 > /dev/null 2>&1; do + sleep 1 + done + NEXUS_PID=$(ps aux | grep nexus | grep -v grep | awk '{print $2}') + kill $NEXUS_PID + java -jar ${SONATYPE_DIR}/nexus/lib/support/nexus-orient-console.jar "connect plocal:${SONATYPE_WORK}/nexus3/db/security admin admin; update user SET password=\"${SHIRO_PASSWORD}\", status=\"active\" UPSERT WHERE id=\"admin\"" + "${SONATYPE_DIR}/start-nexus-repository-manager.sh" +fi