-
Notifications
You must be signed in to change notification settings - Fork 28
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Red Hat Certified Recipe - INT-414 (#20)
* INT-414 Red Hat Certified Recipe. * License headers, help update.
- Loading branch information
1 parent
6e3e225
commit d31fd5f
Showing
11 changed files
with
277 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
.PP | ||
% | ||
.BR NEXUS (1) | ||
Container Image Pages | ||
% Sonatype | ||
% December 15, 2017 | ||
.TH NAME | ||
.PP | ||
nexus \- Nexus Repository Manager container image | ||
.SH DESCRIPTION | ||
.PP | ||
The nexus image provides a containerized packaging of the Nexus Repository Manager. | ||
Nexus Repository Manager is a repository manager with universal support for popular component formats including Maven, Docker, NuGet, npm, PyPi, Bower and more. | ||
.PP | ||
The nexus image is designed to be run by the atomic command with one of these options: | ||
.PP | ||
\fB\fCrun\fR | ||
.PP | ||
Starts the installed container with selected privileges to the host. | ||
.PP | ||
\fB\fCstop\fR | ||
.PP | ||
Stops the installed container | ||
.PP | ||
The container itself consists of: | ||
\- Linux base image | ||
\- Oracle Java JDK | ||
\- Nexus Repository Manager | ||
\- Atomic help file | ||
.PP | ||
Files added to the container during docker build include: /help.1. | ||
.SH USAGE | ||
.PP | ||
To use the nexus container, you can run the atomic command with run, stop, or uninstall options: | ||
.PP | ||
To run the nexus container: | ||
.IP | ||
atomic run nexus | ||
.PP | ||
To stop the nexus container (after it is installed), run: | ||
.IP | ||
atomic stop nexus | ||
.SH LABELS | ||
.PP | ||
The nexus container includes the following LABEL settings: | ||
.PP | ||
That atomic command runs the docker command set in this label: | ||
.PP | ||
\fB\fCRUN=\fR | ||
.IP | ||
LABEL RUN='docker run \-d \-p 8081:8081 \-\-name ${NAME} ${IMAGE}' | ||
.IP | ||
The contents of the RUN label tells an \fB\fCatomic run nexus\fR command to open port 8081 & set the name of the container. | ||
.PP | ||
\fB\fCSTOP=\fR | ||
.IP | ||
LABEL STOP='docker stop ${NAME}' | ||
.PP | ||
\fB\fCName=\fR | ||
.PP | ||
The registry location and name of the image. For example, Name="Nexus Repository Manager". | ||
.PP | ||
\fB\fCVersion=\fR | ||
.PP | ||
The Nexus Repository Manager version from which the container was built. For example, Version="3.6.2\-01". | ||
.PP | ||
When the atomic command runs the nexus container, it reads the command line associated with the selected option | ||
from a LABEL set within the Docker container itself. It then runs that command. The following sections detail | ||
each option and associated LABEL: | ||
.SH SECURITY IMPLICATIONS | ||
.PP | ||
\fB\fC\-d\fR | ||
.PP | ||
Runs continuously as a daemon process in the background |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
% NEXUS(1) Container Image Pages | ||
% Sonatype | ||
% December 15, 2017 | ||
|
||
# NAME | ||
nexus \- Nexus Repository Manager container image | ||
|
||
# DESCRIPTION | ||
The nexus image provides a containerized packaging of the Nexus Repository Manager. | ||
Nexus Repository Manager is a repository manager with universal support for popular component formats including Maven, Docker, NuGet, npm, PyPi, Bower and more. | ||
|
||
The nexus image is designed to be run by the atomic command with one of these options: | ||
|
||
`run` | ||
|
||
Starts the installed container with selected privileges to the host. | ||
|
||
`stop` | ||
|
||
Stops the installed container | ||
|
||
The container itself consists of: | ||
- Linux base image | ||
- Oracle Java JDK | ||
- Nexus Repository Manager | ||
- Atomic help file | ||
|
||
Files added to the container during docker build include: /help.1. | ||
|
||
# USAGE | ||
To use the nexus container, you can run the atomic command with run, stop, or uninstall options: | ||
|
||
To run the nexus container: | ||
|
||
atomic run nexus | ||
|
||
To stop the nexus container (after it is installed), run: | ||
|
||
atomic stop nexus | ||
|
||
# LABELS | ||
The nexus container includes the following LABEL settings: | ||
|
||
That atomic command runs the docker command set in this label: | ||
|
||
`RUN=` | ||
|
||
LABEL RUN='docker run -d -p 8081:8081 --name ${NAME} ${IMAGE}' | ||
|
||
The contents of the RUN label tells an `atomic run nexus` command to open port 8081 & set the name of the container. | ||
|
||
`STOP=` | ||
|
||
LABEL STOP='docker stop ${NAME}' | ||
|
||
`Name=` | ||
|
||
The registry location and name of the image. For example, Name="Nexus Repository Manager". | ||
|
||
`Version=` | ||
|
||
The Nexus Repository Manager version from which the container was built. For example, Version="3.6.2-01". | ||
|
||
When the atomic command runs the nexus container, it reads the command line associated with the selected option | ||
from a LABEL set within the Docker container itself. It then runs that command. The following sections detail | ||
each option and associated LABEL: | ||
|
||
# SECURITY IMPLICATIONS | ||
|
||
`-d` | ||
|
||
Runs continuously as a daemon process in the background |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
Sonatype Nexus (TM) Open Source Version | ||
Copyright (c) 2008-present Sonatype, Inc. | ||
All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions. | ||
|
||
This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0, | ||
which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html. | ||
|
||
Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks | ||
of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the | ||
Eclipse Foundation. All other trademarks are the property of their respective owners. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
#!/bin/sh | ||
# | ||
# Copyright:: Copyright (c) 2017-present Sonatype, Inc. Apache License, Version 2.0. | ||
# | ||
# arbitrary uid recognition at runtime - for OpenShift deployments | ||
USER_ID=$(id -u) | ||
if [[ ${USER_UID} != ${USER_ID} ]]; then | ||
sed "s@${USER_NAME}:x:\${USER_ID}:@${USER_NAME}:x:${USER_ID}:@g" /etc/passwd.template > /etc/passwd | ||
fi | ||
exec "$@" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
#!/bin/sh | ||
# | ||
# Copyright:: Copyright (c) 2017-present Sonatype, Inc. Apache License, Version 2.0. | ||
# | ||
# arbitrary uid recognition at runtime - for OpenShift deployments | ||
sed "s@${USER_NAME}:x:${USER_UID}:@${USER_NAME}:x:\${USER_ID}:@g" /etc/passwd > /etc/passwd.template |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
# | ||
# Cookbook:: nexus_repository_manager | ||
# Recipe:: rhel-docker | ||
# | ||
# Copyright:: Copyright (c) 2017-present Sonatype, Inc. Apache License, Version 2.0. | ||
|
||
include_recipe 'nexus_repository_manager::docker' | ||
|
||
group 'root' do | ||
action :modify | ||
members 'nexus' | ||
append true | ||
end | ||
|
||
directory '/licenses/' do | ||
owner 'root' | ||
group 'root' | ||
mode '755' | ||
action :create | ||
end | ||
|
||
[ 'help.1', 'uid_template.sh', 'uid_entrypoint.sh', 'licenses/LICENSE' ].each do | file | | ||
cookbook_file "/#{file}" do | ||
source "rhel-docker/#{file}" | ||
owner 'root' | ||
group 'root' | ||
mode '755' | ||
end | ||
end | ||
|
||
bash 'uid_template.sh' do | ||
code <<-EOH | ||
/uid_template.sh | ||
EOH | ||
end | ||
|
||
file '/etc/passwd' do | ||
mode '664' | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
# | ||
# Cookbook:: nexus_repository_manager | ||
# | ||
# Copyright:: Copyright (c) 2017-present Sonatype, Inc. Apache License, Version 2.0. | ||
# | ||
|
||
# Permissions test for recipe nexus_repository_manager::rhel-docker | ||
|
||
control 'rhel-docker-perms-test-001' do | ||
title 'Allows nexus user to mutate /etc/password' | ||
describe user('nexus') do | ||
it { should exist } | ||
end | ||
|
||
describe file('/etc/passwd') do | ||
it { should be_allowed('write', by_user: 'nexus') } | ||
end | ||
end | ||
|
||
control 'rhel-docker-perms-test-002' do | ||
title 'Creates a template for passwd' | ||
describe file('/etc/passwd.template') do | ||
it { should exist } | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
# | ||
# Cookbook:: nexus_repository_manager | ||
# | ||
# Copyright:: Copyright (c) 2017-present Sonatype, Inc. Apache License, Version 2.0. | ||
# | ||
|
||
# Red Hat requirements test for recipe nexus_repository_manager::rhel-docker | ||
|
||
control 'rhel-docker-requirements-test-001' do | ||
title 'Includes the required files for Red Hat certification' | ||
describe file('/help.1') do | ||
it { should exist } | ||
end | ||
|
||
describe file('/licenses/LICENSE') do | ||
it { should exist } | ||
end | ||
end |