Merge pull request #23 from marcispauls/master

updated nexus to 3.17.0
Accenture · Jul 1, 2019 · dd12540 · dd12540
2 parents 67357b9 + 539596d
commit dd12540
Show file tree

Hide file tree

Showing 6 changed files with 139 additions and 125 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM sonatype/nexus3:3.12.1
+FROM sonatype/nexus3:3.17.0
 
 
 ENV LDAP_ENABLED=true \
@@ -24,50 +24,63 @@ ENV LDAP_ENABLED=true \
     LDAP_USER_BASE_DN=ou=people \
     LDAP_USER_REAL_NAME_ATTRIBUTE=cn \
     LDAP_GROUP_MEMBER_FORMAT='${dn}' \
-    NEXUS_CREATE_CUSTOM_ROLES=false
+    NEXUS_CREATE_CUSTOM_ROLES=false \
+    NEXUS_JMX_PASSWORD=adopnexusjmx \
+    DOCKERIZE_VERSION=v0.6.1
 
 USER root
 
-# Install groovy
-RUN yum install -y zip unzip
-RUN yum install -y which
+RUN yum install -y epel-release
+
+RUN yum install -y \
+    yum-plugin-fastestmirror-1.1.31-50.el7 \
+    yum-utils-1.1.31-50.el7 \
+    yum-plugin-ovl-1.1.31-50.el7 \
+    systemd-libs-219-62.el7_6.6 \
+    systemd-219-62.el7_6.6 \
+    gnupg2-2.0.22-5.el7_5 \
+    bind-license-9.9.4-74.el7_6.1Z \
+    zip \
+    unzip \
+    which \
+    jq
+
 RUN curl -s get.sdkman.io | bash
 RUN source "$HOME/.sdkman/bin/sdkman-init.sh"
-RUN yes | /bin/bash -l -c "sdk install groovy 2.4.15"
+RUN yes | /bin/bash -l -c "sdk install groovy 2.4.17"
 
-ENV PATH="/root/.sdkman/candidates/groovy/2.4.15/bin:${PATH}"
+RUN curl -Ls https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz | tar -C /usr/local/bin -xz
+
+ENV PATH="/root/.sdkman/candidates/groovy/2.4.17/bin:${PATH}"
 RUN export PATH
 
 COPY resources/nexus.sh /usr/local/bin/
 COPY resources/provision.sh /usr/local/bin/
 COPY resources/ /resources/
 COPY resources/conf/grapeConfig.xml /root/.groovy/
 
-RUN yum update -y yum-plugin-fastestmirror-1.1.31-50.el7 \
-    yum-utils-1.1.31-50.el7 \
-    yum-plugin-ovl-1.1.31-50.el7 \
-    systemd-libs-219-62.el7_6.2 \
-    systemd-219-62.el7_6.2 \
-    gnupg2-2.0.22-5.el7_5 \
-    bind-license-9.9.4-72.el7
-
-RUN grape install org.sonatype.nexus nexus-rest-client 3.6.0-02 \
-    && grape install org.sonatype.nexus nexus-rest-jackson2 3.6.0-02 \
-    && grape install org.sonatype.nexus nexus-script 3.6.0-02 \
-    && grape install org.jboss.spec.javax.servlet jboss-servlet-api_3.1_spec 1.0.0.Final \
-    && grape install com.fasterxml.jackson.core jackson-core 2.8.6 \
-    && grape install com.fasterxml.jackson.core jackson-databind 2.8.6 \
-    && grape install com.fasterxml.jackson.core jackson-annotations 2.8.6 \
-    && grape install com.fasterxml.jackson.jaxrs jackson-jaxrs-json-provider 2.8.6 \
-    && grape install org.jboss.spec.javax.ws.rs jboss-jaxrs-api_2.0_spec 1.0.1.Beta1 \
-    && grape install org.jboss.spec.javax.annotation jboss-annotations-api_1.2_spec 1.0.0.Final \
-    && grape install javax.activation activation 1.1.1 \
+RUN grape install org.jboss.spec.javax.ws.rs jboss-jaxrs-api_2.0_spec 1.0.1.Final \
+    && grape install org.jboss.spec.javax.servlet jboss-servlet-api_3.1_spec 1.0.2.Final \
+    && grape install org.jboss.spec.javax.annotation jboss-annotations-api_1.2_spec 1.0.2.Final \
+    && grape install javax.activation activation 1.1 \
+    && grape install net.jcip jcip-annotations 1.0 \
+    && grape install org.jboss.logging jboss-logging-annotations 2.2.0.Final \
+    && grape install org.jboss.logging jboss-logging-processor 2.2.0.Final \
+    && grape install com.sun.xml.bind jaxb-impl 2.3.2 \
+    && grape install org.apache.james apache-mime4j 0.6.1 \
+    && grape install org.sonatype.nexus nexus-rest-client 3.17.0-01 \
+    && grape install org.sonatype.nexus nexus-rest-jackson2 3.17.0-01 \
+    && grape install org.sonatype.nexus nexus-script 3.17.0-01 \
+    && grape install com.fasterxml.jackson.core jackson-core 2.9.2 \
+    && grape install com.fasterxml.jackson.core jackson-databind 2.9.2 \
+    && grape install com.fasterxml.jackson.core jackson-annotations 2.9.2 \
+    && grape install com.fasterxml.jackson.jaxrs jackson-jaxrs-json-provider 2.9.2 \
+    && grape install javax.activation activation 1.1 \
     && grape install net.jcip jcip-annotations 1.0 \
-    && grape install org.jboss.logging jboss-logging-annotations 2.0.1.Final \
-    && grape install org.jboss.logging jboss-logging-processor 2.0.1.Final \
-    && grape install com.sun.xml.bind jaxb-impl 2.2.7 \
-    && grape install com.sun.mail javax.mail 1.5.6 \
-    && grape install org.apache.james apache-mime4j 0.6
+    && grape install org.jboss.logging jboss-logging-annotations 2.2.0.Final \
+    && grape install org.jboss.logging jboss-logging-processor 2.2.0.Final \
+    && grape install com.sun.xml.bind jaxb-impl 2.3.2 \
+    && grape install com.sun.mail javax.mail 1.6.1
 
 RUN chmod u+x /usr/local/bin/nexus.sh && chmod u+x /usr/local/bin/provision.sh
 

diff --git a/README.md b/README.md
@@ -1,9 +1,9 @@
 #Supported tags and respective Dockerfile links
 
-- [`0.2.0` (*0.2.0/Dockerfile*)](https://github.com/Accenture/adop-nexus/blob/master/Dockerfile.md)
+- [`3.17.0` (*3.17.0/Dockerfile*)](https://github.com/Accenture/adop-nexus/blob/master/Dockerfile)
 
 # What is adop-nexus?
-We have upgarded the nexus version to 3.7.1 and hence this image will enable the features of the latest version. To read more please cclick on the link -> https://books.sonatype.com/nexus-book/3.0/reference/ 
+We have upgraded the nexus3 version to 3.17.0 and hence this image will enable the features of the latest version. To read more please cclick on the link -> https://books.sonatype.com/nexus-book/3.0/reference/ 
 
 ![logo](http://blog.sonatype.com/wp-content/uploads/2010/01/nexus-small.png)
 
@@ -103,14 +103,28 @@ Additionally, the image reads the following LDAP environment variables if you wa
  * `USER_AGENT`, if set, you can enable Basic Authentication. [How do I enable WWW-Authenticate headers for content 401 responses]
  (https://support.sonatype.com/hc/en-us/articles/213465078-How-do-I-enable-WWW-Authenticate-headers-for-content-401-responses)
 
+ # JMX Monitoring
+It is possible to leverage JMX monitoring of Nexus if so desired. This requires launching Nexus with several JVM options
+wrapped into an env variable INSTALL4J_ADD_VM_PARAMS (https://github.com/sonatype/docker-nexus3/blob/master/README.md#notes)
+Basic authentication is supported.
+
+Default password is adopnexusjmx. This can be changed using an environment variable NEXUS_JMX_PASSWORD.
+
+Example launch with JMX with auth enabled:
+
+      $ docker run -d -p 8081:8081 \
+         --name nexus \
+         -e NEXUS_JMX_PASSWORD="topsecret" \
+         -e INSTALL4J_ADD_VM_PARAMS="-Xms1200m -Xmx1200m -XX:MaxDirectMemorySize=2g -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=15666 -Dcom.sun.management.jmxremote.rmi.port=15666 -Dcom.sun.management.jmxremote.local.only=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.password.file=/resources/jmxremote.password -Dcom.sun.management.jmxremote.ssl=false -Djava.rmi.server.hostname=localhost" \
+         accenture/adop-nexus
 
 # License
 Please view [licence information](LICENCE.md) for the software contained on this image.
 
 #Supported Docker versions
 
-This image is officially supported on Docker version 1.9.1.
-Support for older versions (down to 1.6) is provided on a best-effort basis.
+This image is officially supported on Docker version 18.09.4.
+Support for older versions (down to 1.9) is provided on a best-effort basis.
 
 # User feedback
 

diff --git a/resources/conf/addUpdatescript.groovy b/resources/conf/addUpdatescript.groovy
diff --git a/resources/jmxremote.password.tmpl b/resources/jmxremote.password.tmpl
@@ -0,0 +1 @@
+monitorRole  {{ .Env.NEXUS_JMX_PASSWORD }}
diff --git a/resources/nexus.sh b/resources/nexus.sh
@@ -18,13 +18,12 @@ fi
 chown nexus:nexus "${NEXUS_DATA}"
 chown -R nexus:nexus $(ls ${NEXUS_DATA} | awk -v NEXUS_DATA="${NEXUS_DATA}/" '{if($1 != "blobs"){ print NEXUS_DATA$1 }}')
 
-if [ ! -f ${NEXUS_DATA}/current_local_password ]; then
-  echo admin123 > ${NEXUS_DATA}/current_local_password
-fi
+# Dockerizing jmxpassword file
+dockerize -template /resources/jmxremote.password.tmpl:/resources/jmxremote.password
+chown -R nexus:nexus /resources && chmod 600 /resources/jmxremote.password
 
 echo "Executing provision.sh"
 nohup /usr/local/bin/provision.sh &
 
 # Start nexus as the nexus user
 su -c "${SONATYPE_DIR}/start-nexus-repository-manager.sh" -s /bin/sh nexus
-
diff --git a/resources/provision.sh b/resources/provision.sh
@@ -6,15 +6,6 @@
 # fail if anything errors
 set -e
 
-username=admin
-
-if [ -f ${NEXUS_DATA}/current_local_password ]; then
-  password=$(<${NEXUS_DATA}/current_local_password)
-else
-  echo "[ERR] File ${NEXUS_DATA}/current_local_password doesn't exist. This file contain your current local password."
-  exit 1
-fi
-
 nexus_host=http://localhost:8081/$NEXUS_CONTEXT
 
 pretty_sleep() {
@@ -32,67 +23,117 @@ echo "* Waiting for the Nexus3 to become available - this can take a few minutes
 TOOL_SLEEP_TIME=30
 until [[ $(curl -I -s -u "${username}":"${password}" localhost:8081/${NEXUS_CONTEXT}/|head -n 1|cut -d$' ' -f2) == 200 ]]; do pretty_sleep ${TOOL_SLEEP_TIME} Nexus3; done
 
+username=admin
+
+if [ -f ${NEXUS_DATA}/admin.password ]; then
+  password=$(<${NEXUS_DATA}/admin.password)
+else
+  echo "[ERR] File ${NEXUS_DATA}/admin.password doesn't exist. This file contain your current local password."
+  exit 1
+fi
+
 function addAndRunScript() {
   name=$1
   file=$2
   eval args="${3:-false}"
-  classPath=$(find /root/.groovy/grapes -name *.jar)
-  groovy -cp $(echo $classPath | sed 's/ /:/g') -Dgroovy.grape.report.downloads=true resources/conf/addUpdatescript.groovy -u "$username" -p "$password" -n "$name" -f "$file" -h "$nexus_host"
+  content=$(</$file)
+  jq -n -c --arg name "$name" --arg content "$content" '{name: $name, content: $content, type: "groovy"}' | curl -v -X POST -u "${username}":"${password}" --header "Content-Type: application/json" "$nexus_host/service/rest/v1/script" -d@-
   printf "\nPublished $file as $name\n\n"
-  curl -v -X POST -u $username:$password --header "Content-Type: text/plain" "$nexus_host/service/rest/v1/script/$name/run" -d "$args"
+  curl -v -X POST -u "${username}":"${password}" --header "Content-Type: text/plain" "$nexus_host/service/rest/v1/script/$name/run" -d "$args"
   printf "\nSuccessfully executed $name script\n\n\n"
 }
 
 printf "Provisioning Integration API Scripts Starting \n\n"
 printf "Publishing and executing on $nexus_host \n"
 
-
 if [ -n "${NEXUS_BASE_URL}" ]
   then
-  # Add base url - requests timeout if incorrect
-  baseUrlArg="{\"base_url\":\"${NEXUS_BASE_URL}\"}"
-  addAndRunScript baseUrl resources/conf/setup_base_url.groovy "\${baseUrlArg}"
   echo "$(date) - Base URL: ${NEXUS_BASE_URL}"
+  # Add base url - requests timeout if incorrect
+  baseUrlArg=$(jq -n -c --arg value "${NEXUS_BASE_URL}" '{base_url: $value}')
+  addAndRunScript baseUrl resources/conf/setup_base_url.groovy "\$baseUrlArg"
 fi
 
 if [ -n "${USER_AGENT}" ]
   then
   echo "$(date) - User Agent: ${USER_AGENT}"
-  userAgentArg="{\"user_agent\":\"${USER_AGENT}\"}"
-  addAndRunScript userAgent resources/conf/setup_user_agent.groovy "\${userAgentArg}"
+  userAgentArg=$(jq -n -c --arg value "${USER_AGENT}" '{user_agent: $value}')
+  addAndRunScript userAgent resources/conf/setup_user_agent.groovy "\$userAgentArg"
 fi
 
 # Update Remote proxy configuration
 if [[ -n "${NEXUS_PROXY_HOST}" ]] && [[ -n "${NEXUS_PROXY_PORT}" ]]
   then
   echo "$(date) - Proxy Host: ${NEXUS_PROXY_HOST}"
   echo "$(date) - Proxy Port: ${NEXUS_PROXY_PORT}"
-  remoteProxyArg="{\"with_http_proxy\":\"true\",\"http_proxy_host\":\"${NEXUS_PROXY_HOST}\",\"http_proxy_port\":\"${NEXUS_PROXY_PORT}\"}"	
+  remoteProxyArg=$(jq -n -c --arg host "${NEXUS_PROXY_HOST}" --arg port "${NEXUS_PROXY_PORT}" '{with_http_proxy: "true", http_proxy_host: $host, http_proxy_port: $port}')
   addAndRunScript remoteProxy resources/conf/setup_http_proxy.groovy "\${remoteProxyArg}"
 fi
 
-# LDAP parameters when LDAP is enabled
-LDAP_USER_GROUP_CONFIG="{\"name\":\"$LDAP_NAME\",\"map_groups_as_roles\":\"$LDAP_MAP_GROUP_AS_ROLES\",\"protocol\":\"$LDAP_AUTH_PROTOCOL\",\"host\":\"$LDAP_URL\",\"port\":\"$LDAP_PORT\",\"searchBase\":\"$LDAP_SEARCH_BASE\",\"auth\":\"$LDAP_AUTH_SCHEME\",\"systemPassword\":\"$LDAP_BIND_PASSWORD\",\"systemUsername\":\"$LDAP_BIND_DN\",\"emailAddressAttribute\":\"$LDAP_USER_EMAIL_ATTRIBUTE\",\"ldapGroupsAsRoles\":\"$LDAP_GROUPS_AS_ROLES\",\"groupBaseDn\":\"$LDAP_GROUP_BASE_DN\",\"groupIdAttribute\":\"$LDAP_GROUP_ID_ATTRIBUTE\",\"groupMemberAttribute\":\"$LDAP_GROUP_MEMBER_ATTRIBUTE\",\"groupMemberFormat\":\"$LDAP_GROUP_MEMBER_FORMAT\",\"groupObjectClass\":\"$LDAP_GROUP_OBJECT_CLASS\",\"userIdAttribute\":\"$LDAP_USER_ID_ATTRIBUTE\",\"userPasswordAttribute\":\"$LDAP_USER_PASSWORD_ATTRIBUTE\",\"userObjectClass\":\"$LDAP_USER_OBJECT_CLASS\",\"userBaseDn\":\"$LDAP_USER_BASE_DN\",\"userRealNameAttribute\":\"$LDAP_USER_REAL_NAME_ATTRIBUTE\"}"
-
 if [ "${LDAP_ENABLED}" = "true" ]
   then
-    addAndRunScript ldapConfig resources/conf/ldapconfig.groovy "\${LDAP_USER_GROUP_CONFIG}"
+  echo "$(date) - Enabling LDAP"
+
+  # LDAP parameters when LDAP is enabled
+  LDAP_USER_GROUP_CONFIG=$( \
+    jq -n -c \
+    --arg name "${LDAP_NAME}" \
+    --arg map_groups_as_roles "${LDAP_MAP_GROUP_AS_ROLES}" \
+    --arg protocol "${LDAP_AUTH_PROTOCOL}" \
+    --arg host "${LDAP_URL}" \
+    --arg port "${LDAP_PORT}" \
+    --arg searchBase "${LDAP_SEARCH_BASE}" \
+    --arg auth "${LDAP_AUTH_SCHEME}" \
+    --arg systemPassword "${LDAP_BIND_PASSWORD}" \
+    --arg systemUsername "${LDAP_BIND_DN}" \
+    --arg emailAddressAttribute "${LDAP_USER_EMAIL_ATTRIBUTE}" \
+    --arg ldapGroupsAsRoles "${LDAP_GROUPS_AS_ROLES}" \
+    --arg groupBaseDn "${LDAP_GROUP_BASE_DN}" \
+    --arg groupIdAttribute "${LDAP_GROUP_ID_ATTRIBUTE}" \
+    --arg groupMemberAttribute "${LDAP_GROUP_MEMBER_ATTRIBUTE}" \
+    --arg groupMemberFormat "${LDAP_GROUP_MEMBER_FORMAT}" \
+    --arg groupObjectClass "${LDAP_GROUP_OBJECT_CLASS}" \
+    --arg userIdAttribute "${LDAP_USER_ID_ATTRIBUTE}" \
+    --arg userPasswordAttribute "${LDAP_USER_PASSWORD_ATTRIBUTE}" \
+    --arg userObjectClass "${LDAP_USER_OBJECT_CLASS}" \
+    --arg userBaseDn "${LDAP_USER_BASE_DN}" \
+    --arg userRealNameAttribute "${LDAP_USER_REAL_NAME_ATTRIBUTE}" \
+    '{name: $name, map_groups_as_roles: $map_groups_as_roles, protocol: $protocol, host: $host, port: $port, searchBase: $searchBase, auth: $auth, systemPassword: $systemPassword, systemUsername: $systemUsername, emailAddressAttribute: $emailAddressAttribute, ldapGroupsAsRoles: $ldapGroupsAsRoles, groupBaseDn: $groupBaseDn, groupIdAttribute: $groupIdAttribute, groupMemberAttribute: $groupMemberAttribute, groupMemberFormat: $groupMemberFormat, groupObjectClass: $groupObjectClass, userIdAttribute: $userIdAttribute, userPasswordAttribute: $userPasswordAttribute, userObjectClass: $userObjectClass, userBaseDn: $userBaseDn, userRealNameAttribute: $userRealNameAttribute}' \
+  )
+
+  addAndRunScript ldapConfig resources/conf/ldapconfig.groovy "\${LDAP_USER_GROUP_CONFIG}"
+
   if [[ "${NEXUS_CREATE_CUSTOM_ROLES}" == "true" ]];
     then
     echo "$(date) - Creating custom roles and mappings..."
     if [ -n "${NEXUS_CUSTOM_DEPLOY_ROLE}" ]
       then
-      NEXUS_DEPLOY_ROLE_CONFIG="{\"id\":\"$NEXUS_CUSTOM_DEPLOY_ROLE\",\"name\":\"$NEXUS_CUSTOM_DEPLOY_ROLE\",\"description\":\"Deployment_Role\",\"privileges\":"[\"nx-ldap-all\",\"nx-roles-all\"]",\"roles\":"[\"nx-admin\"]"}"
+      NEXUS_DEPLOY_ROLE_CONFIG=$( \
+        jq -n -c \
+        --arg id "${NEXUS_CUSTOM_DEPLOY_ROLE}" \
+        --arg name "${NEXUS_CUSTOM_DEPLOY_ROLE}" \
+        '{id: $id, name: $name, description: "Deployment_Role", privileges: ["nx-ldap-all", "nx-roles-all"], roles: ["nx-admin"]}' \
+      )
       addAndRunScript insertRole resources/conf/insertrole.groovy "\${NEXUS_DEPLOY_ROLE_CONFIG}"
     fi
     if [ -n "${NEXUS_CUSTOM_DEV_ROLE}" ]
       then
-      NEXUS_DEVELOP_ROLE_CONFIG="{\"id\":\"$NEXUS_CUSTOM_DEV_ROLE\",\"name\":\"$NEXUS_CUSTOM_DEV_ROLE\",\"description\":\"Developer_Role\",\"privileges\":"[\"nx-roles-update\",\"nx-ldap-update\"]",\"roles\":"[\"nx-admin\",\"nx-anonymous\"]"}"
+      NEXUS_DEVELOP_ROLE_CONFIG=$( \
+        jq -n -c \
+        --arg id "${NEXUS_CUSTOM_DEV_ROLE}" \
+        --arg name "${NEXUS_CUSTOM_DEV_ROLE}" \
+        '{id: $id, name: $name, description: "Developer_Role", privileges: ["nx-roles-update", "nx-ldap-update"], roles: ["nx-admin", "nx-anonymous"]}' \
+      )
       addAndRunScript insertRole resources/conf/insertrole.groovy "\${NEXUS_DEVELOP_ROLE_CONFIG}"
     fi
     if [ -n "${NEXUS_CUSTOM_ADMIN_ROLE}" ]
       then
-      NEXUS_ADMIN_ROLE_CONFIG="{\"id\":\"$NEXUS_CUSTOM_ADMIN_ROLE\",\"name\":\"$NEXUS_CUSTOM_ADMIN_ROLE\",\"description\":\"Adminstration_Role\",\"privileges\":"[\"nx-all\"]",\"roles\":"[\"nx-admin\"]"}"
+      NEXUS_ADMIN_ROLE_CONFIG=$( \
+        jq -n -c \
+        --arg id "${NEXUS_CUSTOM_ADMIN_ROLE}" \
+        --arg name "${NEXUS_CUSTOM_ADMIN_ROLE}" \
+        '{id: $id, name: $name, description: "Adminstration_Role", privileges: ["nx-all"], roles: ["nx-admin"]}' \
+      )
       addAndRunScript insertRole resources/conf/insertrole.groovy "\${NEXUS_ADMIN_ROLE_CONFIG}"
     fi
   fi
@@ -107,10 +148,13 @@ grep -qF "$Property" "$File" || echo "$Property" | tee --append "$File"
 # Update the admin password if new password is set
 if [ -n "${NEXUS_ADMIN_PASSWORD}" ]
   then
-  NEXUS_PASSWORD="{\"new_password\":\"$NEXUS_ADMIN_PASSWORD\"}"
+  NEXUS_PASSWORD=$( \
+    jq -n -c \
+    --arg value "${NEXUS_ADMIN_PASSWORD}" \
+    '{new_password: $value}' \
+  )
   addAndRunScript updatePassword resources/conf/update_admin_password.groovy "\${NEXUS_PASSWORD}"
-  echo ${NEXUS_ADMIN_PASSWORD} > ${NEXUS_DATA}/current_local_password
+  echo ${NEXUS_ADMIN_PASSWORD} > ${NEXUS_DATA}/admin.password
 fi
 
-
 printf "\nProvisioning Scripts Completed\n\n"