Rename docker fips image to cloud-ess-fips (#127561)

2025-04-30 15:56:24 +02:00 · 2025-04-30 15:56:24 +02:00 · aa309515f8
parent 55fb5f3daf
commit aa309515f8
6 changed files with 27 additions and 26 deletions
--- a/build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/DockerBase.java
+++ b/build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/DockerBase.java
@ -28,16 +28,17 @@ public enum DockerBase {
        "apk",
        "Dockerfile"
    ),
-    FIPS(
-        "docker.elastic.co/wolfi/chainguard-base-fips:sha256-ebfc3f1d7dba992231747a2e05ad1b859843e81b5e676ad342859d7cf9e425a7@sha256:ebfc3f1d7dba992231747a2e05ad1b859843e81b5e676ad342859d7cf9e425a7",
-        "-fips",
-        "apk",
-        "Dockerfile"
-    ),
    // spotless:on
    // Based on WOLFI above, with more extras. We don't set a base image because
    // we programmatically extend from the wolfi image.
-    CLOUD_ESS(null, "-cloud-ess", "apk", "Dockerfile.cloud-ess"),;
+    CLOUD_ESS(null, "-cloud-ess", "apk", "Dockerfile.cloud-ess"),
+
+    CLOUD_ESS_FIPS(
+        "docker.elastic.co/wolfi/chainguard-base-fips:sha256-ebfc3f1d7dba992231747a2e05ad1b859843e81b5e676ad342859d7cf9e425a7@sha256:ebfc3f1d7dba992231747a2e05ad1b859843e81b5e676ad342859d7cf9e425a7",
+        "-cloud-ess-fips",
+        "apk",
+        "Dockerfile"
+    );

    private final String image;
    private final String suffix;
--- a/distribution/docker/build.gradle
+++ b/distribution/docker/build.gradle
@ -314,7 +314,7 @@ void addBuildDockerContextTask(Architecture architecture, DockerBase base, Strin
          filter TransformLog4jConfigFilter
        }
      }
-      if(base == DockerBase.FIPS) {
+      if(base == DockerBase.CLOUD_ESS_FIPS) {

        // If we're performing a release build, but `build.id` hasn't been set, we can
        // infer that we're not at the Docker building stage of the build, and therefore
@ -608,19 +608,19 @@ subprojects { Project subProject ->
    DockerBase base = DockerBase.DEFAULT
    if (subProject.name.contains('ironbank-')) {
      base = DockerBase.IRON_BANK
-    } else if (subProject.name.contains('cloud-ess-')) {
+    } else if (subProject.name.contains('cloud-ess-docker')) {
      base = DockerBase.CLOUD_ESS
    } else if (subProject.name.contains('wolfi-')) {
      base = DockerBase.WOLFI
-    } else if (subProject.name.contains('fips-')) {
-      base = DockerBase.FIPS
+    } else if (subProject.name.contains('cloud-ess-fips-docker')) {
+      base = DockerBase.CLOUD_ESS_FIPS
    }

    final String arch = architecture == Architecture.AARCH64 ? '-aarch64' : ''
    final String extension =
      (base == DockerBase.IRON_BANK ? 'ironbank.tar' :
        (base == DockerBase.CLOUD_ESS ? 'cloud-ess.tar' :
-          (base == DockerBase.FIPS ? 'fips.tar' :
+          (base == DockerBase.CLOUD_ESS_FIPS ? 'cloud-ess-fips.tar' :
            (base == DockerBase.WOLFI ? 'wolfi.tar' :
              'docker.tar'))))
    final String artifactName = "elasticsearch${arch}${base.suffix}_test"
--- a/distribution/docker/cloud-ess-fips-docker-aarch64-export/build.gradle
+++ b/distribution/docker/cloud-ess-fips-docker-aarch64-export/build.gradle
--- a/distribution/docker/cloud-ess-fips-docker-export/build.gradle
+++ b/distribution/docker/cloud-ess-fips-docker-export/build.gradle
--- a/distribution/docker/src/docker/Dockerfile
+++ b/distribution/docker/src/docker/Dockerfile
@ -41,7 +41,7 @@ RUN chmod 0555 /bin/tini
 <% } else { %>

 # Install required packages to extract the Elasticsearch distribution
-<% if (docker_base == "wolfi" || docker_base == "fips") { %>
+<% if (docker_base == "wolfi" || docker_base == "cloud_ess_fips") { %>
 RUN <%= retry.loop(package_manager, "export DEBIAN_FRONTEND=noninteractive && ${package_manager} update && ${package_manager} update && ${package_manager} add --no-cache curl") %>
 <% } else { %>
 RUN <%= retry.loop(package_manager, "${package_manager} install -y findutils tar gzip") %>
@ -115,7 +115,7 @@ RUN sed -i -e 's/ES_DISTRIBUTION_TYPE=tar/ES_DISTRIBUTION_TYPE=docker/' bin/elas
    chmod 0775 bin config config/jvm.options.d data logs plugins && \\
    find config -type f -exec chmod 0664 {} +

-<% if (docker_base == "fips") { %>
+<% if (docker_base == "cloud_ess_fips") { %>

 # Add plugins infrastructure
 RUN mkdir -p /opt/plugins/archive
@ -179,7 +179,7 @@ RUN ${package_manager} update --setopt=tsflags=nodocs -y && \\
      nc shadow-utils zip findutils unzip procps-ng && \\
    ${package_manager} clean all

-<% } else if (docker_base == "wolfi" || docker_base == "fips") { %>
+<% } else if (docker_base == "wolfi" || docker_base == "cloud_ess_fips") { %>
 RUN <%= retry.loop(package_manager,
          "export DEBIAN_FRONTEND=noninteractive && \n" +
          "      ${package_manager} update && \n" +
@ -208,7 +208,7 @@ RUN <%= retry.loop(
 <% } %>


-<% if (docker_base == "wolfi" || docker_base == "fips") { %>
+<% if (docker_base == "wolfi" || docker_base == "cloud_ess_fips") { %>
 RUN groupadd -g 1000 elasticsearch && \
    adduser -G elasticsearch -u 1000 elasticsearch -D --home /usr/share/elasticsearch elasticsearch && \
    adduser elasticsearch root && \
@ -219,17 +219,17 @@ RUN groupadd -g 1000 elasticsearch && \\
    chown -R 0:0 /usr/share/elasticsearch
 <% } %>

-ENV ELASTIC_CONTAINER true
+ENV ELASTIC_CONTAINER=true

 WORKDIR /usr/share/elasticsearch

 COPY --from=builder --chown=0:0 /usr/share/elasticsearch /usr/share/elasticsearch
-<% if (docker_base != "wolfi" && docker_base != "fips") { %>
+<% if (docker_base != "wolfi" && docker_base != "cloud_ess_fips") { %>
 COPY --from=builder --chown=0:0 /bin/tini /bin/tini
 <% } %>

-ENV PATH /usr/share/elasticsearch/bin:\$PATH
-ENV SHELL /bin/bash
+ENV PATH=/usr/share/elasticsearch/bin:\$PATH
+ENV SHELL=/bin/bash
 COPY ${bin_dir}/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh

 # 1. Sync the user and group permissions of /etc/passwd
@ -249,7 +249,7 @@ RUN chmod g=u /etc/passwd && \\
    chmod 0775 /usr/share/elasticsearch && \\
    chown elasticsearch bin config config/jvm.options.d data logs plugins

-<% if (docker_base == 'wolfi' || docker_base == "fips") { %>
+<% if (docker_base == 'wolfi' || docker_base == "cloud_ess_fips") { %>
 RUN ln -sf /etc/ssl/certs/java/cacerts /usr/share/elasticsearch/jdk/lib/security/cacerts
 <% } else { %>
 RUN ln -sf /etc/pki/ca-trust/extracted/java/cacerts /usr/share/elasticsearch/jdk/lib/security/cacerts
@ -292,7 +292,7 @@ RUN mkdir /licenses && ln LICENSE.txt /licenses/LICENSE
 COPY LICENSE /licenses/LICENSE.addendum
 <% } %>

-<% if (docker_base == "wolfi" || docker_base == "fips") { %>
+<% if (docker_base == "wolfi" || docker_base == "cloud_ess_fips") { %>
 # Our actual entrypoint is `tini`, a minimal but functional init program. It
 # calls the entrypoint we provide, while correctly forwarding signals.
 ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/docker-entrypoint.sh"]
@ -312,9 +312,9 @@ USER 1000:0
 HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD curl -I -f --max-time 5 http://localhost:9200 || exit 1
 <% } %>

-<% if (docker_base == 'fips') { %>
+<% if (docker_base == 'cloud_ess_fips') { %>
 COPY --from=builder --chown=0:0 /opt /opt
-ENV ES_PLUGIN_ARCHIVE_DIR /opt/plugins/archive
+ENV ES_PLUGIN_ARCHIVE_DIR=/opt/plugins/archive
 WORKDIR /usr/share/elasticsearch
 COPY --from=builder --chown=0:0 /fips/libs/*.jar /usr/share/elasticsearch/lib/
 <% } %>
--- a/settings.gradle
+++ b/settings.gradle
@ -70,8 +70,8 @@ List projects = [
  'distribution:docker:ironbank-docker-export',
  'distribution:docker:wolfi-docker-aarch64-export',
  'distribution:docker:wolfi-docker-export',
-  'distribution:docker:fips-docker-export',
-  'distribution:docker:fips-docker-aarch64-export',
+  'distribution:docker:cloud-ess-fips-docker-export',
+  'distribution:docker:cloud-ess-fips-docker-aarch64-export',
  'distribution:packages:aarch64-deb',
  'distribution:packages:deb',
  'distribution:packages:aarch64-rpm',