From fe3abdb99d918cba84afdb459b310c535133ceea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emilio=20Alvarez=20Pi=C3=B1eiro?= <95703246+emilioalvap@users.noreply.github.com> Date: Wed, 16 Mar 2022 17:39:53 +0100 Subject: [PATCH] [Heartbeat] Unpack beats at build time on docker (#202) * unpack beats at build time on docker * Add comment on heartbeat caps --- dev-tools/packaging/packages.yml | 1 + .../templates/docker/Dockerfile.elastic-agent.tmpl | 14 +++++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/dev-tools/packaging/packages.yml b/dev-tools/packaging/packages.yml index 75696d83b38..bd543a7b9d0 100644 --- a/dev-tools/packaging/packages.yml +++ b/dev-tools/packaging/packages.yml @@ -482,6 +482,7 @@ shared: user: '{{ .BeatName }}' linux_capabilities: '' image_name: '' + beats_install_path: "install" files: 'elastic-agent.yml': source: 'elastic-agent.docker.yml' diff --git a/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl b/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl index f4e31cd3b01..0ed6ea5f0b7 100644 --- a/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl +++ b/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl @@ -32,7 +32,7 @@ FROM {{ .from }} ENV BEAT_SETUID_AS={{ .user }} {{- if contains .from "ubi-minimal" }} -RUN for iter in {1..10}; do microdnf update -y && microdnf install -y findutils shadow-utils && microdnf clean all && exit_code=0 && break || exit_code=$? && echo "microdnf error: retry $iter in 10s" && sleep 10; done; (exit $exit_code) +RUN for iter in {1..10}; do microdnf update -y && microdnf install -y tar gzip findutils shadow-utils && microdnf clean all && exit_code=0 && break || exit_code=$? && echo "microdnf error: retry $iter in 10s" && sleep 10; done; (exit $exit_code) {{- else }} RUN for iter in {1..10}; do \ @@ -181,6 +181,18 @@ RUN mkdir /app RUN chown {{ .user }} /app {{- end }} {{- end }} + +# Unpack beats to default install directory +RUN mkdir -p {{ $beatHome }}/data/{{.BeatName}}-{{ commit_short }}/{{ .beats_install_path }} && \ + for beatPath in {{ $beatHome }}/data/{{.BeatName}}-{{ commit_short }}/downloads/*.tar.gz; do \ + tar xf $beatPath -C {{ $beatHome }}/data/{{.BeatName}}-{{ commit_short }}/{{ .beats_install_path }}; \ + done && \ + chown -R {{ .user }}:{{ .user }} {{ $beatHome }}/data/{{.BeatName}}-{{ commit_short }}/{{ .beats_install_path }} && \ + chown -R root:root {{ $beatHome }}/data/{{.BeatName}}-{{ commit_short }}/{{ .beats_install_path }}/*/*.yml && \ + chmod 0644 {{ $beatHome }}/data/{{.BeatName}}-{{ commit_short }}/{{ .beats_install_path }}/*/*.yml && \ + # heartbeat requires cap_net_raw,cap_setuid to run ICMP checks and change npm user + setcap cap_net_raw,cap_setuid+p {{ $beatHome }}/data/{{.BeatName}}-{{ commit_short }}/{{ .beats_install_path }}/heartbeat-*/heartbeat + USER {{ .user }} {{- if (and (contains .image_name "-complete") (not (contains .from "ubi-minimal"))) }}