[英]How can I create a docker container of sonatype/nexus with a default user and password?
My docker-compose is the simple: 我的docker-compose很简单:
version: "3"
services:
nexus:
container_name: nexus
image: sonatype/nexus:2.14.5-02
ports:
- "8081:8081"
...
(some other services)
Right now, I have to start this up and then log in as admin to create a company user. 现在,我必须启动它,然后以管理员身份登录以创建公司用户。 Could I add a custom user by passing a custom config as a volume?
我可以通过将自定义配置作为卷来添加自定义用户吗? If so, what is that config?
如果是这样,那是什么配置? Or is there another way to do this.
还是有另一种方法可以做到这一点。
Note, I also tried creating the container, adding the user, creating an image. 注意,我还尝试创建容器,添加用户,创建图像。 This didn't work, the user disappeared on restart.
这不起作用,用户在重新启动后消失了。
You need to create two xml file security-configuration.xml and security.xml file. 您需要创建两个xml文件security-configuration.xml和security.xml文件。 In security.xml file you can add all your required users.
在security.xml文件中,您可以添加所有必需的用户。 You can check the link for security.xml.
您可以检查security.xml的链接。 Security.xml details
Security.xml详细信息
Create a folder with this two file and use as a volume that folder. 使用这两个文件创建一个文件夹,并将该文件夹用作卷。 Use that volume inside container in /opt/nexus/nexus-data/conf folder.
在/ opt / nexus / nexus-data / conf文件夹中的容器内使用该卷。
Only works with Nexus 2.x (Nexus 3 uses an embedded database OrientDB) : 仅适用于Nexus 2.x(Nexus 3使用嵌入式数据库OrientDB):
Found a solution through some more experimentation. 通过更多的实验找到了解决方案。 To create a custom user on start up for the sonatype/nexus docker image:
要在启动时为sonatype / nexus docker镜像创建自定义用户:
${SONATYPE_WORK}/conf/security.xml
to your local disk. ${SONATYPE_WORK}/conf/security.xml
保存到本地磁盘。 This is necessary because the password needs to be encoded. Create a wrapper shell script for the command in docker-compose.yaml
. 在
docker-compose.yaml
为命令创建包装器外壳脚本。 This will contain at least three steps: 这将至少包含三个步骤:
A. run the nexus app as a background process (this I copied from the parent Dockerfile's CMD and added &
to it) ${JAVA_HOME}/bin/java \\ -Dnexus-work=${SONATYPE_WORK} -Dnexus-webapp-context-path=${CONTEXT_PATH} \\ -Xms${MIN_HEAP} -Xmx${MAX_HEAP} \\ -cp 'conf/:lib/*' \\ ${JAVA_OPTS} \\ org.sonatype.nexus.bootstrap.Launcher ${LAUNCHER_CONF} &
A.运行的Nexus应用程序作为后台进程(这我从父Dockerfile的CMD复制并添加
&
它) ${JAVA_HOME}/bin/java \\ -Dnexus-work=${SONATYPE_WORK} -Dnexus-webapp-context-path=${CONTEXT_PATH} \\ -Xms${MIN_HEAP} -Xmx${MAX_HEAP} \\ -cp 'conf/:lib/*' \\ ${JAVA_OPTS} \\ org.sonatype.nexus.bootstrap.Launcher ${LAUNCHER_CONF} &
B. after the nexus app has started(I added a 5 seconds sleep here for simplicity) copy the saved security.xml
to ${SONATYPE_WORK}/conf/security.xml
. B.在nexus应用程序启动后(为简单起见,我在此处添加了5秒的睡眠时间),将保存的
security.xml
复制到${SONATYPE_WORK}/conf/security.xml
。 This should have been loaded in the docker-compose.yaml to the container ANYWHERE BUT ${SONATYPE_WORK}/conf , this would have crashed the nexus app on startup (I can only speculate why...) 这应该已经在docker-compose.yaml中加载到了容器ANYWHERE BUT $ {SONATYPE_WORK} / conf中 ,这会在启动时使nexus应用程序崩溃(我只能推测为什么...)
C. execute any perpetuous command so the container doesn't exit. C.执行任何永久命令,以使容器不会退出。 An idea is to reattach the nexus app back to the shell.
一个想法是将nexus应用重新安装回外壳。 Also a
tail -f /path/to/something.txt
would work. tail -f /path/to/something.txt
也会起作用。
Now you should be able to run docker-compose up and log in with your custom user on the browser. 现在,您应该能够运行docker-compose并在浏览器上使用您的自定义用户登录。
For reference here are my files: 供参考的是我的文件:
#!/usr/bin/env bash
set -x
${JAVA_HOME}/bin/java \
-Dnexus-work=${SONATYPE_WORK} -Dnexus-webapp-context-path=${CONTEXT_PATH} \
-Xms${MIN_HEAP} -Xmx${MAX_HEAP} \
-cp 'conf/:lib/*' \
${JAVA_OPTS} \
org.sonatype.nexus.bootstrap.Launcher ${LAUNCHER_CONF} &
# here some delay may be necessary, or a function to wait the nexus app to populate ${SONATYPE_WORK}/conf.
sleep 5
cp /nexus-dependencies/security-test.xml ${SONATYPE_WORK}/conf/security.xml
# I'm also copying nexus.xml to customize the Snapshot repository.
cp /nexus-dependencies/nexus.xml ${SONATYPE_WORK}/conf/nexus.xml
tail -f /nexus-dependencies/init-nexus.sh
Note: /nexus-dependencies
is a volume I loaded in docker-compose.yaml . 注意:
/nexus-dependencies
是我在docker-compose.yaml中加载的卷。 This directory contains my version of security.xml
which contains 2 users (company and admin) along with their roles. 该目录包含我的
security.xml
版本,其中包含2个用户(公司和管理员)及其角色。 If a user does not have any roles, it will not be available. 如果用户没有任何角色,则该角色将不可用。
<?xml version="1.0" encoding="UTF-8"?>
<security>
<version>2.0.5</version>
<!-- Users -->
<users>
<!-- The Company User -->
<user>
<id>companyX</id>
<firstName>First</firstName>
<lastName>Last</lastName>
<password>$shiro1$SHA-512$SOME-ENCODED-PASSWORd-COPIED-FROM-A-PREVIOWS-INSTANCE-OF-THIS-IMAGE==</password>
<!-- <password>RF1Dkings</password> -->
<status>active</status>
<email>what@not.com</email>
</user>
<!-- The Admin User -->
<user>
<id>admin</id>
<firstName>Administrator</firstName>
<lastName>User</lastName>
<password>$shiro1$SHA-512$This could just be the custom admin password, or not.</password>
<status>active</status>
<email>changeme@yourcompany.com</email>
</user>
</users>
<!-- Roles -->
<userRoleMappings>
<!-- CompanyX User role mapping -->
<userRoleMapping>
<userId>companyX</userId>
<source>default</source>
<roles>
<role>nx-developer</role>
</roles>
</userRoleMapping>
<!-- End CompanyX User role mapping -->
<!-- Admin User Roles -->
<userRoleMapping>
<userId>admin</userId>
<source>default</source>
<roles>
<role>nx-admin</role>
</roles>
</userRoleMapping>
<!-- End Admin User Roles -->
</userRoleMappings>
</security>
version: "3"
services:
...
nexus:
container_name: nexus
image: sonatype/nexus:2.14.5-02
ports:
- "8081:8081"
volumes:
- ./nexus-dependencies:/nexus-dependencies
command: bash /nexus-dependencies/init.sh
...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.