From ea395d3e176d386bd7effa97da46bdcadde790b2 Mon Sep 17 00:00:00 2001 From: Rory Hunter Date: Mon, 18 Jan 2021 16:14:45 +0000 Subject: [PATCH] Update ironbank build with latest docker context (#67504) The file `download.json` is replaced by `hardening_manifest.yaml`, which includes various pieces of information about the Iron Bank build. --- distribution/docker/build.gradle | 2 +- distribution/docker/src/docker/Dockerfile | 4 +- .../docker/src/docker/iron_bank/Jenkinsfile | 2 - .../docker/src/docker/iron_bank/download.json | 16 ------ .../docker/iron_bank/hardening_manifest.yaml | 53 +++++++++++++++++++ .../packaging/test/DockerTests.java | 4 +- 6 files changed, 60 insertions(+), 21 deletions(-) delete mode 100644 distribution/docker/src/docker/iron_bank/Jenkinsfile delete mode 100644 distribution/docker/src/docker/iron_bank/download.json create mode 100644 distribution/docker/src/docker/iron_bank/hardening_manifest.yaml diff --git a/distribution/docker/build.gradle b/distribution/docker/build.gradle index dffceeaeecbac..74e5238961e33 100644 --- a/distribution/docker/build.gradle +++ b/distribution/docker/build.gradle @@ -57,7 +57,7 @@ ext.expansions = { Architecture architecture, boolean oss, DockerBase base, bool buildArgs = """ ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082 ARG BASE_IMAGE=redhat/ubi/ubi8 -ARG BASE_TAG=8.2 +ARG BASE_TAG=8.3 """ } diff --git a/distribution/docker/src/docker/Dockerfile b/distribution/docker/src/docker/Dockerfile index 9c425e02df2af..6a957c383079f 100644 --- a/distribution/docker/src/docker/Dockerfile +++ b/distribution/docker/src/docker/Dockerfile @@ -337,6 +337,7 @@ RUN chmod g=u /etc/passwd && \\ EXPOSE 9200 9300 +<% if (docker_base != 'iron_bank') { %> LABEL org.label-schema.build-date="${build_date}" \\ org.label-schema.license="${license}" \\ org.label-schema.name="Elasticsearch" \\ @@ -356,8 +357,9 @@ LABEL org.label-schema.build-date="${build_date}" \\ org.opencontainers.image.url="https://www.elastic.co/products/elasticsearch" \\ org.opencontainers.image.vendor="Elastic" \\ org.opencontainers.image.version="${version}" +<% } %> -<% if (docker_base == 'ubi' || docker_base == 'iron_bank') { %> +<% if (docker_base == 'ubi') { %> LABEL name="Elasticsearch" \\ maintainer="infra@elastic.co" \\ vendor="Elastic" \\ diff --git a/distribution/docker/src/docker/iron_bank/Jenkinsfile b/distribution/docker/src/docker/iron_bank/Jenkinsfile deleted file mode 100644 index 7422f1f7a2a9c..0000000000000 --- a/distribution/docker/src/docker/iron_bank/Jenkinsfile +++ /dev/null @@ -1,2 +0,0 @@ -@Library('DCCSCR@master') _ -dccscrPipeline(version: '${version}') diff --git a/distribution/docker/src/docker/iron_bank/download.json b/distribution/docker/src/docker/iron_bank/download.json deleted file mode 100644 index 9e739be8b2ceb..0000000000000 --- a/distribution/docker/src/docker/iron_bank/download.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "resources": [ - { - "url": "/elasticsearch-${version}-linux-x86_64.tar.gz", - "filename": "elasticsearch-${version}-linux-x86_64.tar.gz" - }, - { - "url": "https://github.com/krallin/tini/releases/download/v0.19.0/tini-amd64", - "filename": "tini", - "validation": { - "type": "sha256", - "value": "93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c" - } - } - ] -} diff --git a/distribution/docker/src/docker/iron_bank/hardening_manifest.yaml b/distribution/docker/src/docker/iron_bank/hardening_manifest.yaml new file mode 100644 index 0000000000000..dcedfe700fefc --- /dev/null +++ b/distribution/docker/src/docker/iron_bank/hardening_manifest.yaml @@ -0,0 +1,53 @@ +--- +apiVersion: 1 + +# The repository name in registry1, excluding /ironbank/ +name: "elastic/elasticsearch/elasticsearch" + +# List of tags to push for the repository in registry1 +# The most specific version should be the first tag and will be shown +# on ironbank.dsop.io +tags: +- "${version}" +- "latest" + +# Build args passed to Dockerfile ARGs +args: + BASE_IMAGE: "redhat/ubi/ubi8" + BASE_TAG: "8.3" + +# Docker image labels +labels: + org.opencontainers.image.title: "elasticsearch" + # Human-readable description of the software packaged in the image + org.opencontainers.image.description: "You know, for search." + # License(s) under which contained software is distributed + org.opencontainers.image.licenses: "${license}" + # URL to find more information on the image + org.opencontainers.image.url: "https://github.com/elastic/elasticsearch" + # Name of the distributing entity, organization or individual + org.opencontainers.image.vendor: "Elastic" + org.opencontainers.image.version: "${version}" + # Keywords to help with search (ex. "cicd,gitops,golang") + mil.dso.ironbank.image.keywords: "search,elastic,elasticsearch,java" + # This value can be "opensource" or "commercial" + mil.dso.ironbank.image.type: "commercial" + # Product the image belongs to for grouping multiple images + mil.dso.ironbank.product.name: "elasticsearch" + +# List of resources to make available to the offline build context +resources: + - filename: "elasticsearch-${version}-linux-x86_64.tar.gz" + url: "/elasticsearch-${version}-linux-x86_64.tar.gz" + - filename: "tini" + url: "https://github.com/krallin/tini/releases/download/v0.19.0/tini-amd64" + validation: + type: "sha256" + value: "93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c" + +# List of project maintainers +maintainers: + - name: "Nassim Kammah" + email: "nassim.kammah@elastic.co" + - name: "Rory Hunter" + email: "rory.hunter@elastic.co" diff --git a/qa/os/src/test/java/org/elasticsearch/packaging/test/DockerTests.java b/qa/os/src/test/java/org/elasticsearch/packaging/test/DockerTests.java index 5712b568c5839..5d7f3fb259b35 100644 --- a/qa/os/src/test/java/org/elasticsearch/packaging/test/DockerTests.java +++ b/qa/os/src/test/java/org/elasticsearch/packaging/test/DockerTests.java @@ -104,7 +104,9 @@ public void teardownTest() { /** * Checks that the Docker image can be run, and that it passes various checks. */ - public void test010Install() { + public void test010Install() throws Exception { + // Wait for the container to come up, because we assert the state of some files that Elasticsearch creates on startup. + waitForElasticsearch(installation); verifyContainerInstallation(installation, distribution()); }