Mounting volume from host to docker image of nexus


#1

Hello good people!
I’ve got maybe a silly question but I’m novice in Nexus.

The idea to run NXRM in docker container and mount a volume to in with nexus-configuration and data for case that if container dies for some reason I can just run new one and my config and artifacts will be OK.

My approach:
Host CentOS 7 + Docker
NXRM in sonatype\nexus3:latest

Problem:
When I’m trying to use something like this:

docker run -d -p 8081:8081 --name MyNexus -v /my-nexus-data:/nexus-data/ sonatype/nexus3:latest

I’ve got this error:
OpenJDK 64-Bit Server VM warning: Cannot open file …/sonatype-work/nexus3/log/jvm.log due to Permission denied

Warning: Cannot open log file: …/sonatype-work/nexus3/log/jvm.log
Warning: Forcing option -XX:LogFile=/tmp/jvm.log
File does not exist: /nexus-data/cache/cache.lock
Unable to update instance pid: /nexus-data/instances/instance.properties (Permission denied)
Exception in thread “Thread-2” java.lang.SecurityException: Could not lock User prefs. Lock file access denied.
at java.util.prefs.FileSystemPreferences.checkLockFile0ErrorCode(FileSystemPreferences.java:937)
at java.util.prefs.FileSystemPreferences.lockFile(FileSystemPreferences.java:925)
at java.util.prefs.FileSystemPreferences.sync(FileSystemPreferences.java:729)
at java.util.prefs.FileSystemPreferences.flush(FileSystemPreferences.java:824)
at java.util.prefs.FileSystemPreferences.syncWorld(FileSystemPreferences.java:464)
at java.util.prefs.FileSystemPreferences.access$1200(FileSystemPreferences.java:50)
at java.util.prefs.FileSystemPreferences$4$1.run(FileSystemPreferences.java:442)

It’s clear enough to understand that the main problem is in permission. But even if I try to run this using root mode I have the same error. Google provide some suggestion on the same problem but they don’t help me.

chmod 200:200 or even 777:777 for host folder give zero results.

Host folder contains main nexus-configuration with blolbs, db, and so on.

Maybe I use the wrong approach for this?

Will be glad for any advise.


#2

The problem was solved by 1 command on the Host:

setenforce 0

After that docker run command with all parameters works perfectly fine.

But it’s not secure and not reccomended

Other thing to keep in mind that you can this without setenforce 0 and just keep it in default state (setenforce 1)

This issue was fixed in docker. So you can use docker run command with -z or -Z key.

Example:

docker run -d -p 8081:8081 --name my-nexus -v /my-nexus-data:/nexus-data:Z sonatype/nexus3:latest

or

docker run -d -p 8081:8081 --name my-nexus -v /my-nexus-data:/nexus-data:z sonatype/nexus3:latest

This will label the content inside the container with the exact MCS label that the container will run with, basically it runs chcon -Rt svirt_sandbox_file_t -l s0:c1,c2 /my-nexus-data where s0:c1,c2 differs for each container.