In Part 1 we used a script and docker-compose to stand up both our Nexus Repository Manager and an IQ Server with out of the box configurations. In this article we'll dig into how configure your IQ Server as an example of how docker makes it easy to consume and customize stock images.
If you had looked close enough in Part 1 you'd have seen example of how to consume a vendor image. The Nexus Repo image we deployed was actually from our very own Brad Beck's nexus-https image. In the Dockerfile we can see that this is image is based on the Sonatype nexus image but makes some changes that configure inbound SSL..
Brad makes sure the latest openssl library is installed via yum then pulls down a
sudo utility from the
gosu project that we'll use later. Updates the properties file, overlays the entrypoint.sh script, adds the SSL volume and exposes the 8443 port we need for SSL. Given how much has to be done you can see why it is so convenient to use Brad's image along with a setup script to create the volume shares and copy in the SSL cert. That's a whole lot of documentation codified for us.
Thankfully, for the IQ Server we just need to override the config.yml file and instead of using
sed to edit the properties file already in the image, we'll take advantage of the overlay file system and copy a new one in. This allows us to manage the file in source code in a format that we're already familiar with.
In the myiqserver sub folder we can see the Dockerfile we use to accomplish this.
COPY config.yml /opt/sonatype/iq-server/
HEALTHCHECK CMD curl http://localhost:8071/ping
That's not so bad, right? I've provided a
build-iq.sh script just to make it easy to run the build and tag the new docker image. The script shows my crude attempts to make it portable by assigning your username to the docker image namespace, curtyanko in my case, and some basic parameter checking.
docker build -t $DOCKERNAME/demo-iq-server:$1 .
docker tag $DOCKERNAME/demo-iq-server:$1 $DOCKERNAME/demo-iq-server:latest
docker tag $DOCKERNAME/demo-iq-server:latest mycompany.com:5000/$DOCKERNAME/demo-iq-server:$1
docker tag $DOCKERNAME/demo-iq-server:latest mycompany.com:5000/$DOCKERNAME/demo-iq-server:latest
So we build and tag it to the version with docker build, then tag it again as latest. I also create two more tags to prep for being pushed to a private docker registry in our Nexus Repo instance.
Now you can set your baseURL, proxy settings or plug into email or JIRA by making the needed changes to the config.yml file and then running the build-iq.sh script. To get it running, be sure to change the docker-compose file to reference the namespace you're using (replace 'curtyanko') and you should all set to have a custom configured IQ server up and running.
Hopefully this showed the basic patterns involved for extending/customizing existing docker images for your own use. Just add your license and our sample policies and you can get started scanning apps and containers. Going forward, I'd like to evolve this project to put both of these apps behind an Nginx server like this community offering.
Note: As of IQ Server 1.42 the property file has moved and should now be:
COPY config.yml /etx/nexus-iq-server/