我想使用docker安装sonatype-nexus,并希望与主机(linux ubuntu 14.04)/opt/sonatype-work共享docker /opt/nexus nexus repo。
我的dockerfile:
FROM centos:6
MAINTAINER Marcel Birkner <marcel.birkner@codecentric.de>
USER root
# Update the system
RUN yum -y update; \
yum clean all
##########################################################
# Install Java JDK, SSH and other useful cmdline utilities
##########################################################
RUN yum -y install java-1.7.0-openjdk-devel \
which \
telnet \
unzip \
openssh-server \
sudo \
openssh-clients \
iputils \
iproute \
httpd-tools \
wget \
tar; \
yum clean all
ENV JAVA_HOME /usr/lib/jvm/jre
##########################################################
# Install Nexus
##########################################################
RUN mkdir -p /opt/sonatype-nexus /opt/sonatype-work
RUN wget -O /tmp/nexus-latest-bundle.tar.gz http://www.sonatype.org/downloads/nexus-latest-bundle.tar.gz
RUN tar xzvf /tmp/nexus-latest-bundle.tar.gz -C /opt/sonatype-nexus --strip-components=1
RUN useradd --user-group --system --home-dir /opt/sonatype-nexus nexus
ADD nexus.xml /opt/sonatype-work/nexus/conf/nexus.xml
RUN chown -R nexus:nexus /opt/sonatype-work /opt/sonatype-nexus
ENV NEXUS_WEBAPP_CONTEXT_PATH /nexus
RUN echo "#!/bin/bash" > /opt/start-nexus.sh
RUN echo "su -c \"/opt/sonatype-nexus/bin/nexus console\" - nexus" >> /opt/start-nexus.sh
RUN chmod +x /opt/start-nexus.sh
VOLUME /opt/sonatype-work
CMD ["/opt/start-nexus.sh"]
EXPOSE 8081
当我构建此图像时(构建成功):
docker build -t sonatype/nexus .
然后我通过这个命令运行它:
docker run -d -p 8081:8081 --name nexus -v /opt/nexus:/opt/sonatype-work sonatype/nexus
它立即启动并停止
错误显示(docker logs nexus):
nexus_1 | jvm 1 | Caused by: java.nio.file.AccessDeniedException: /opt/sonatype-work/nexus
nexus_1 | jvm 1 | at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84) ~[na:1.7.0_99]
nexus_1 | jvm 1 | at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102) ~[na:1.7.0_99]
nexus_1 | jvm 1 | at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107) ~[na:1.7.0_99]
nexus_1 | jvm 1 | at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:383) ~[na:1.7.0_99]
nexus_1 | jvm 1 | at java.nio.file.Files.createDirectory(Files.java:630) ~[na:1.7.0_99]
nexus_1 | jvm 1 | at java.nio.file.Files.createAndCheckIsDirectory(Files.java:734) ~[na:1.7.0_99]
nexus_1 | jvm 1 | at java.nio.file.Files.createDirectories(Files.java:720) ~[na:1.7.0_99]
nexus_1 | jvm 1 | at org.sonatype.nexus.util.file.DirSupport.mkdir(DirSupport.java:146) ~[na:na]
nexus_1 | jvm 1 | at org.sonatype.nexus.util.file.DirSupport.mkdir(DirSupport.java:162) ~[na:na]
nexus_1 | jvm 1 | at org.sonatype.nexus.webapp.WebappBootstrap.contextInitialized(WebappBootstrap.java:115) ~[na:na]
nexus_1 | jvm 1 | ... 16 common frames omitted
nexus_1 | wrapper | <-- Wrapper Stopped
如果我从dockerfile中删除VOLUME /opt/sonatype-nexus,它可以正常工作。
答案 0 :(得分:7)
If you bind-mount a host directory in a container, the files and directories in the host directory take precedence and are mounted over the files already present inside the container's image. In other words, they "mask" what's underneath in the container.
Bind-mounts keep their permissions of the directory that's present on the host, and if no directory is present on the host, Docker creates it, using root:root as owner.
Looking at the useradd nexus in your Dockerfile, I suspect that start-nexus.sh runs nexus with that user, so it may not have permissions on the bind-mounted directory (which is owned by root). You can fix this by chowning the directory to the numeric uid/gid of nexus inside the container.
To get the uid / gid of that user, start the container interactively;
docker run -it --rm sonatype/nexus bash
And inside that shell request the uid/gid:
id nexus
Which gives you something like:
uid=123(nexus) gid=456(nexus) groups=456(nexus)
Now exit the container (exit), and chown the directory on the host, using the uid/gid;
sudo chown -R 123:456 /opt/nexus
Some things I noticed
It looks like you're building your own custom version of the sonatype nexus image, but use the same name as the official image (sonatype/nexus). I'd recommend not doing that, and giving it your own name (e.g. mycompany/nexus); this prevents confusion, and also prevents your own
image to be overwritten with the official image if someone runs docker pull sonatype/nexus.
Is there any reason for not using the official image? In general it's recommended to use the official images, as they are maintained by the maintainers of the software (sonatype in this case), so should give you an up-to-date (and maintained) version of the software; https://hub.docker.com/r/sonatype/nexus/
答案 1 :(得分:0)
提防selinux
运行setenforce 0,如果有帮助,请考虑通过设置将其永久禁用
SELINUX=disabled
在
/etc/sysconfig/selinux
配置文件。