root
/
elasticsearch
mirror of https://github.com/elastic/elasticsearch.git
1
0
Fork 0
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Rename docker fips image to cloud-ess-fips (#127561)

This commit is contained in:
Rene Groeschke 2025-04-30 15:56:24 +02:00 committed by GitHub
parent 55fb5f3daf
commit aa309515f8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 27 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/DockerBase.java
View File

@ -28,16 +28,17 @@ public enum DockerBase {
"apk", "apk",
"Dockerfile" "Dockerfile"
), ),
FIPS(
"docker.elastic.co/wolfi/chainguard-base-fips:sha256-ebfc3f1d7dba992231747a2e05ad1b859843e81b5e676ad342859d7cf9e425a7@sha256:ebfc3f1d7dba992231747a2e05ad1b859843e81b5e676ad342859d7cf9e425a7",
"-fips",
"apk",
"Dockerfile"
),
// spotless:on // spotless:on
// Based on WOLFI above, with more extras. We don't set a base image because // Based on WOLFI above, with more extras. We don't set a base image because
// we programmatically extend from the wolfi image. // we programmatically extend from the wolfi image.
CLOUD_ESS(null, "-cloud-ess", "apk", "Dockerfile.cloud-ess"),; CLOUD_ESS(null, "-cloud-ess", "apk", "Dockerfile.cloud-ess"),
CLOUD_ESS_FIPS(
"docker.elastic.co/wolfi/chainguard-base-fips:sha256-ebfc3f1d7dba992231747a2e05ad1b859843e81b5e676ad342859d7cf9e425a7@sha256:ebfc3f1d7dba992231747a2e05ad1b859843e81b5e676ad342859d7cf9e425a7",
"-cloud-ess-fips",
"apk",
"Dockerfile"
);
private final String image; private final String image;
private final String suffix; private final String suffix;

10
distribution/docker/build.gradle
View File

@ -314,7 +314,7 @@ void addBuildDockerContextTask(Architecture architecture, DockerBase base, Strin
filter TransformLog4jConfigFilter filter TransformLog4jConfigFilter
} }
} }
if(base == DockerBase.FIPS) { if(base == DockerBase.CLOUD_ESS_FIPS) {
// If we're performing a release build, but `build.id` hasn't been set, we can // If we're performing a release build, but `build.id` hasn't been set, we can
// infer that we're not at the Docker building stage of the build, and therefore // infer that we're not at the Docker building stage of the build, and therefore
@ -608,19 +608,19 @@ subprojects { Project subProject ->
DockerBase base = DockerBase.DEFAULT DockerBase base = DockerBase.DEFAULT
if (subProject.name.contains('ironbank-')) { if (subProject.name.contains('ironbank-')) {
base = DockerBase.IRON_BANK base = DockerBase.IRON_BANK
} else if (subProject.name.contains('cloud-ess-')) { } else if (subProject.name.contains('cloud-ess-docker')) {
base = DockerBase.CLOUD_ESS base = DockerBase.CLOUD_ESS
} else if (subProject.name.contains('wolfi-')) { } else if (subProject.name.contains('wolfi-')) {
base = DockerBase.WOLFI base = DockerBase.WOLFI
} else if (subProject.name.contains('fips-')) { } else if (subProject.name.contains('cloud-ess-fips-docker')) {
base = DockerBase.FIPS base = DockerBase.CLOUD_ESS_FIPS
} }
final String arch = architecture == Architecture.AARCH64 ? '-aarch64' : '' final String arch = architecture == Architecture.AARCH64 ? '-aarch64' : ''
final String extension = final String extension =
(base == DockerBase.IRON_BANK ? 'ironbank.tar' : (base == DockerBase.IRON_BANK ? 'ironbank.tar' :
(base == DockerBase.CLOUD_ESS ? 'cloud-ess.tar' : (base == DockerBase.CLOUD_ESS ? 'cloud-ess.tar' :
(base == DockerBase.FIPS ? 'fips.tar' : (base == DockerBase.CLOUD_ESS_FIPS ? 'cloud-ess-fips.tar' :
(base == DockerBase.WOLFI ? 'wolfi.tar' : (base == DockerBase.WOLFI ? 'wolfi.tar' :
'docker.tar')))) 'docker.tar'))))
final String artifactName = "elasticsearch${arch}${base.suffix}_test" final String artifactName = "elasticsearch${arch}${base.suffix}_test"

0
distribution/docker/fips-docker-aarch64-export/build.gradle → distribution/docker/cloud-ess-fips-docker-aarch64-export/build.gradle
View File

0
distribution/docker/fips-docker-export/build.gradle → distribution/docker/cloud-ess-fips-docker-export/build.gradle
View File

24
distribution/docker/src/docker/Dockerfile
View File

@ -41,7 +41,7 @@ RUN chmod 0555 /bin/tini
<% } else { %> <% } else { %>
# Install required packages to extract the Elasticsearch distribution # Install required packages to extract the Elasticsearch distribution
<% if (docker_base == "wolfi" || docker_base == "fips") { %> <% if (docker_base == "wolfi" || docker_base == "cloud_ess_fips") { %>
RUN <%= retry.loop(package_manager, "export DEBIAN_FRONTEND=noninteractive && ${package_manager} update && ${package_manager} update && ${package_manager} add --no-cache curl") %> RUN <%= retry.loop(package_manager, "export DEBIAN_FRONTEND=noninteractive && ${package_manager} update && ${package_manager} update && ${package_manager} add --no-cache curl") %>
<% } else { %> <% } else { %>
RUN <%= retry.loop(package_manager, "${package_manager} install -y findutils tar gzip") %> RUN <%= retry.loop(package_manager, "${package_manager} install -y findutils tar gzip") %>
@ -115,7 +115,7 @@ RUN sed -i -e 's/ES_DISTRIBUTION_TYPE=tar/ES_DISTRIBUTION_TYPE=docker/' bin/elas
chmod 0775 bin config config/jvm.options.d data logs plugins && \\ chmod 0775 bin config config/jvm.options.d data logs plugins && \\
find config -type f -exec chmod 0664 {} + find config -type f -exec chmod 0664 {} +
<% if (docker_base == "fips") { %> <% if (docker_base == "cloud_ess_fips") { %>
# Add plugins infrastructure # Add plugins infrastructure
RUN mkdir -p /opt/plugins/archive RUN mkdir -p /opt/plugins/archive
@ -179,7 +179,7 @@ RUN ${package_manager} update --setopt=tsflags=nodocs -y && \\
nc shadow-utils zip findutils unzip procps-ng && \\ nc shadow-utils zip findutils unzip procps-ng && \\
${package_manager} clean all ${package_manager} clean all
<% } else if (docker_base == "wolfi" || docker_base == "fips") { %> <% } else if (docker_base == "wolfi" || docker_base == "cloud_ess_fips") { %>
RUN <%= retry.loop(package_manager, RUN <%= retry.loop(package_manager,
"export DEBIAN_FRONTEND=noninteractive && \n" + "export DEBIAN_FRONTEND=noninteractive && \n" +
" ${package_manager} update && \n" + " ${package_manager} update && \n" +
@ -208,7 +208,7 @@ RUN <%= retry.loop(
<% } %> <% } %>
<% if (docker_base == "wolfi" || docker_base == "fips") { %> <% if (docker_base == "wolfi" || docker_base == "cloud_ess_fips") { %>
RUN groupadd -g 1000 elasticsearch && \ RUN groupadd -g 1000 elasticsearch && \
adduser -G elasticsearch -u 1000 elasticsearch -D --home /usr/share/elasticsearch elasticsearch && \ adduser -G elasticsearch -u 1000 elasticsearch -D --home /usr/share/elasticsearch elasticsearch && \
adduser elasticsearch root && \ adduser elasticsearch root && \
@ -219,17 +219,17 @@ RUN groupadd -g 1000 elasticsearch && \\
chown -R 0:0 /usr/share/elasticsearch chown -R 0:0 /usr/share/elasticsearch
<% } %> <% } %>
ENV ELASTIC_CONTAINER true ENV ELASTIC_CONTAINER=true
WORKDIR /usr/share/elasticsearch WORKDIR /usr/share/elasticsearch
COPY --from=builder --chown=0:0 /usr/share/elasticsearch /usr/share/elasticsearch COPY --from=builder --chown=0:0 /usr/share/elasticsearch /usr/share/elasticsearch
<% if (docker_base != "wolfi" && docker_base != "fips") { %> <% if (docker_base != "wolfi" && docker_base != "cloud_ess_fips") { %>
COPY --from=builder --chown=0:0 /bin/tini /bin/tini COPY --from=builder --chown=0:0 /bin/tini /bin/tini
<% } %> <% } %>
ENV PATH /usr/share/elasticsearch/bin:\$PATH ENV PATH=/usr/share/elasticsearch/bin:\$PATH
ENV SHELL /bin/bash ENV SHELL=/bin/bash
COPY ${bin_dir}/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh COPY ${bin_dir}/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
# 1. Sync the user and group permissions of /etc/passwd # 1. Sync the user and group permissions of /etc/passwd
@ -249,7 +249,7 @@ RUN chmod g=u /etc/passwd && \\
chmod 0775 /usr/share/elasticsearch && \\ chmod 0775 /usr/share/elasticsearch && \\
chown elasticsearch bin config config/jvm.options.d data logs plugins chown elasticsearch bin config config/jvm.options.d data logs plugins
<% if (docker_base == 'wolfi' || docker_base == "fips") { %> <% if (docker_base == 'wolfi' || docker_base == "cloud_ess_fips") { %>
RUN ln -sf /etc/ssl/certs/java/cacerts /usr/share/elasticsearch/jdk/lib/security/cacerts RUN ln -sf /etc/ssl/certs/java/cacerts /usr/share/elasticsearch/jdk/lib/security/cacerts
<% } else { %> <% } else { %>
RUN ln -sf /etc/pki/ca-trust/extracted/java/cacerts /usr/share/elasticsearch/jdk/lib/security/cacerts RUN ln -sf /etc/pki/ca-trust/extracted/java/cacerts /usr/share/elasticsearch/jdk/lib/security/cacerts
@ -292,7 +292,7 @@ RUN mkdir /licenses && ln LICENSE.txt /licenses/LICENSE
COPY LICENSE /licenses/LICENSE.addendum COPY LICENSE /licenses/LICENSE.addendum
<% } %> <% } %>
<% if (docker_base == "wolfi" || docker_base == "fips") { %> <% if (docker_base == "wolfi" || docker_base == "cloud_ess_fips") { %>
# Our actual entrypoint is `tini`, a minimal but functional init program. It # Our actual entrypoint is `tini`, a minimal but functional init program. It
# calls the entrypoint we provide, while correctly forwarding signals. # calls the entrypoint we provide, while correctly forwarding signals.
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/docker-entrypoint.sh"] ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/docker-entrypoint.sh"]
@ -312,9 +312,9 @@ USER 1000:0
HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD curl -I -f --max-time 5 http://localhost:9200 || exit 1 HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD curl -I -f --max-time 5 http://localhost:9200 || exit 1
<% } %> <% } %>
<% if (docker_base == 'fips') { %> <% if (docker_base == 'cloud_ess_fips') { %>
COPY --from=builder --chown=0:0 /opt /opt COPY --from=builder --chown=0:0 /opt /opt
ENV ES_PLUGIN_ARCHIVE_DIR /opt/plugins/archive ENV ES_PLUGIN_ARCHIVE_DIR=/opt/plugins/archive
WORKDIR /usr/share/elasticsearch WORKDIR /usr/share/elasticsearch
COPY --from=builder --chown=0:0 /fips/libs/*.jar /usr/share/elasticsearch/lib/ COPY --from=builder --chown=0:0 /fips/libs/*.jar /usr/share/elasticsearch/lib/
<% } %> <% } %>

4
settings.gradle
View File

@ -70,8 +70,8 @@ List projects = [
'distribution:docker:ironbank-docker-export', 'distribution:docker:ironbank-docker-export',
'distribution:docker:wolfi-docker-aarch64-export', 'distribution:docker:wolfi-docker-aarch64-export',
'distribution:docker:wolfi-docker-export', 'distribution:docker:wolfi-docker-export',
'distribution:docker:fips-docker-export', 'distribution:docker:cloud-ess-fips-docker-export',
'distribution:docker:fips-docker-aarch64-export', 'distribution:docker:cloud-ess-fips-docker-aarch64-export',
'distribution:packages:aarch64-deb', 'distribution:packages:aarch64-deb',
'distribution:packages:deb', 'distribution:packages:deb',
'distribution:packages:aarch64-rpm', 'distribution:packages:aarch64-rpm',