A Dockerfile for Sonatype Nexus IQ Server, based on CentOS.
- Runtime Server Configuation
- Persistent Data
- Running
- Product License Installation
- Building the Nexus IQ Server image
- Testing the Dockerfile
- Chef Solo for Runtime and Application
- Project License
Installation of Nexus IQ Server application is to /opt/sonatype/nexus-iq-server.
By default, the IQ Server reads its main configuration file from within the image at /etc/nexus-iq-server/config.yml.
There is an environment variable JAVA_OPTS that is being used to pass JVM arguments to the java command that launches IQ server. The default value is -Djava.util.prefs.userRoot=${SONATYPE_WORK}/javaprefs.
This environment variable can be adjusted at runtime:
$ docker run -d -p 8070:8070 -p 8071:8071 --name nexus-iq-server -e JAVA_OPTS="-Djava.util.prefs.userRoot=/some-other-dir" sonatype/nexus-iq-server
Of particular note, -Djava.util.prefs.userRoot=/some-other-dir can be set to a persistent path, which will maintain
the installed Nexus IQ Server License if the container is restarted.
Further, you can customize parts of the default config.yml settings by using Java system properties defined inside the environment variable.
Example: To customize the HTTP proxy server that IQ Server will use to make outbound requests:
$ docker run -d -p 8070:8070 -p 8071:8071 --name nexus-iq-server -e \
JAVA_OPTS="-Ddw.proxy.hostname=proxy.example.com -Ddw.proxy.port=8888 -Djava.util.prefs.userRoot=/some-other-dir" sonatype/nexus-iq-server
There are two general approaches to handling persistent storage requirements with Docker. See Managing Data in Containers for additional information.
- Use a data volume. Since data volumes are persistent until no containers use them, a volume can be created specifically for this purpose. This is the recommended approach.
$ docker volume create --name sonatype-work
$ docker run -d -p 8070:8070 -p 8071:8071 --name nexus-iq-server -v sonatype-work:/sonatype-work sonatype/nexus-iq-server
- Mount a host directory as the volume. This is not portable, as it relies on the directory existing with correct permissions on the host. However it can be useful in certain situations where this volume needs to be assigned to certain specific underlying storage.
$ mkdir /some/dir/sonatype-work
$ docker run -d -p 8070:8070 -p 8071:8071 --name nexus-iq-server -v /some/dir/sonatype-work:/sonatype-work sonatype/nexus-iq-server
To run with ports 8070 (web UI) and 8071 (admin port) use:
docker run -d -p 8070:8070 -p 8071:8071 --name nexus-iq-server sonatype/nexus-iq-server
or to let docker assign available ports use:
docker run -d -p 8070 -p 8071 --name nexus-iq-server sonatype/nexus-iq-server
To get the assigned port or check if the server is running use:
docker ps --filter "name=nexus-iq-server"
Once running, the IQ Server product license must be installed. This should be done using the user interface.
Default admin credentials are: admin / admin123
The IQ Server product license is stored using Java preferences API. By default, the directory location is already customized by a Java system property to be under the sonatype-work directory so as to survive image restarts.
If customized using JAVA_OPTS, The absolute path to user prefs must point to an already created directory readable by the user account owning the repository manager process.
Under the preferences directory, IQ Server will store the installed license file at a path ./com/sonatype/clm/prefs.xml
To build a docker image from the Dockerfile you can use this command:
docker build --rm=true --tag=sonatype/nexus-iq-server .
The following optional variables can be used when building the image:
- IQ_SERVER_VERSION: Version of Nexus IQ Server
- IQ_SERVER_SHA256: Check hash matches the downloaded IQ Server archive or else fail build. Required if
IQ_SERVER_VERSIONis provided. - JAVA_URL: Download URL for Oracle JDK
- JAVA_SHA256: Check hash matches the downloaded JDK or else fail build. Required if
JAVA_URLis provided. - SONATYPE_WORK: Path to Nexus IQ Server working directory where variable data is stored
The solo.json.erb template file can be used to customize the Nexus IQ Server configuration. The
nexus_iq_server.config property of this Embedded Ruby template will be rendered and then saved as the Nexus IQ
Server's config.yml. See IQ Server Configuration for
more details as to what values are supported.
Here is an example of how to set the proxy, server and baseUrl sections of the config.yml:
:nexus_iq_server => {
:version => ENV['IQ_SERVER_VERSION'],
:checksum => ENV['IQ_SERVER_SHA256'],
:install_dir => ENV['IQ_HOME'],
:config => {
:sonatypeWork => ENV['SONATYPE_WORK'],
:proxy => {
:hostname => '127.0.0.1',
:port => 80,
:username => 'anonymous',
:password => 'guest'
},
:server => {
:applicationConnectors => [
:type => 'https',
:port => 8443,
:keyStorePath => '/path/to/your/keystore/file',
:keyStorePassword => 'yourpassword'
],
:adminConnectors => [
:type => 'https',
:port => 8471,
:keyStorePath => '/path/to/your/keystore/file',
:keyStorePassword => 'yourpassword'
]
},
:baseUrl => 'https://nexus-iq-server.example.com/'
}
}
We are using rspec as test framework. serverspec provides a docker backend (see the method set in the test code)
to run the tests inside the docker container, and abstracts away the difference between distributions in the tests
(e.g. yum, apt,...).
rspec [--backtrace] spec/Dockerfile_spec.rb
Chef Solo is used to build out the runtime and application layers of the Docker image. The Chef cookbook being used is available on GitHub at sonatype/chef-nexus-iq-server.
Unless noted in their header, files in this GitHub repository are licensed under the Apache v2 license