Menu
I'm triyng to install sonatype-nexus using docker and want to share docker /opt/sonatype-work nexus repo with host machine (linux ubuntu 14.04) /opt/nexus.
my dockerfile:
FROM centos:6
MAINTAINER Marcel Birkner <[email protected]>
USER root
# Update the system
RUN yum -y update; \
yum clean all
##########################################################
# Install Java JDK, SSH and other useful cmdline utilities
##########################################################
RUN yum -y install java-1.7.0-openjdk-devel \
which \
telnet \
unzip \
openssh-server \
sudo \
openssh-clients \
iputils \
iproute \
httpd-tools \
wget \
tar; \
yum clean all
ENV JAVA_HOME /usr/lib/jvm/jre
##########################################################
# Install Nexus
##########################################################
RUN mkdir -p /opt/sonatype-nexus /opt/sonatype-work
RUN wget -O /tmp/nexus-latest-bundle.tar.gz http://www.sonatype.org/downloads/nexus-latest-bundle.tar.gz
RUN tar xzvf /tmp/nexus-latest-bundle.tar.gz -C /opt/sonatype-nexus --strip-components=1
RUN useradd --user-group --system --home-dir /opt/sonatype-nexus nexus
ADD nexus.xml /opt/sonatype-work/nexus/conf/nexus.xml
RUN chown -R nexus:nexus /opt/sonatype-work /opt/sonatype-nexus
ENV NEXUS_WEBAPP_CONTEXT_PATH /nexus
RUN echo "#!/bin/bash" > /opt/start-nexus.sh
RUN echo "su -c \"/opt/sonatype-nexus/bin/nexus console\" - nexus" >> /opt/start-nexus.sh
RUN chmod +x /opt/start-nexus.sh
VOLUME /opt/sonatype-work
CMD ["/opt/start-nexus.sh"]
EXPOSE 8081
when i build this image (build succeed) :
docker build -t sonatype/nexus .
then i run it by this command:
docker run -d -p 8081:8081 --name nexus -v /opt/nexus:/opt/sonatype-work sonatype/nexus
it started and stopped immediately
Error showed (docker logs nexus):
nexus_1 | jvm 1 | Caused by: java.nio.file.AccessDeniedException: /opt/sonatype-work/nexus
nexus_1 | jvm 1 | at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84) ~[na:1.7.0_99]
nexus_1 | jvm 1 | at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102) ~[na:1.7.0_99]
nexus_1 | jvm 1 | at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107) ~[na:1.7.0_99]
nexus_1 | jvm 1 | at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:383) ~[na:1.7.0_99]
nexus_1 | jvm 1 | at java.nio.file.Files.createDirectory(Files.java:630) ~[na:1.7.0_99]
nexus_1 | jvm 1 | at java.nio.file.Files.createAndCheckIsDirectory(Files.java:734) ~[na:1.7.0_99]
nexus_1 | jvm 1 | at java.nio.file.Files.createDirectories(Files.java:720) ~[na:1.7.0_99]
nexus_1 | jvm 1 | at org.sonatype.nexus.util.file.DirSupport.mkdir(DirSupport.java:146) ~[na:na]
nexus_1 | jvm 1 | at org.sonatype.nexus.util.file.DirSupport.mkdir(DirSupport.java:162) ~[na:na]
nexus_1 | jvm 1 | at org.sonatype.nexus.webapp.WebappBootstrap.contextInitialized(WebappBootstrap.java:115) ~[na:na]
nexus_1 | jvm 1 | ... 16 common frames omitted
nexus_1 | wrapper | <-- Wrapper Stopped
and if i removed VOLUME /opt/sonatype-nexus from dockerfile it works fine.
do you have any idea what might caused this problem? and how to fix it?
520
Nexus Repository provides universal support for all major build tools. Store and distribute Maven/Java, npm, NuGet, Helm, Docker, p2, OBR, APT, Go, R, Conan components and more.
If you bind-mount a host directory in a container, the files and directories in the host directory take precedence and are mounted over the files already present inside the container's image. In other words, they "mask" what's underneath in the container.
Bind-mounts keep their permissions of the directory that's present on the host, and if no directory is present on the host, Docker creates it, using root:root as owner.
Looking at the useradd nexus in your Dockerfile, I suspect that start-nexus.sh runs nexus with that user, so it may not have permissions on the bind-mounted directory (which is owned by root). You can fix this by chowning the directory to the numeric uid/gid of nexus inside the container.
To get the uid / gid of that user, start the container interactively;
docker run -it --rm sonatype/nexus bash
And inside that shell request the uid/gid:
id nexus
Which gives you something like:
uid=123(nexus) gid=456(nexus) groups=456(nexus)
Now exit the container (exit), and chown the directory on the host, using the uid/gid;
sudo chown -R 123:456 /opt/nexus
Some things I noticed
It looks like you're building your own custom version of the sonatype nexus image, but use the same name as the official image (sonatype/nexus). I'd recommend not doing that, and giving it your own name (e.g. mycompany/nexus); this prevents confusion, and also prevents your own
image to be overwritten with the official image if someone runs docker pull sonatype/nexus.
Is there any reason for not using the official image? In general it's recommended to use the official images, as they are maintained by the maintainers of the software (sonatype in this case), so should give you an up-to-date (and maintained) version of the software; https://hub.docker.com/r/sonatype/nexus/
192
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
