Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add elastic-agent-wolfi-complete Docker image #5475

Merged
merged 10 commits into from
Sep 11, 2024
Merged

Add elastic-agent-wolfi-complete Docker image #5475

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
cec25d6
Add `elastic-agent-wolfi-complete` Docker image
rdner Sep 9, 2024
6c3e73b
Rollback quote changes
rdner Sep 10, 2024
e7e69e7
Rollback extra changes in formatting
rdner Sep 10, 2024
6d9ad70
Update Node version for Ubuntu
rdner Sep 10, 2024
c5f27e2
Merge branch 'main' into elastic-agent-wolfi-complete
rdner Sep 10, 2024
dddf774
Fix the Node version for Ubuntu
rdner Sep 10, 2024
db04f2e
Merge branch 'main' into elastic-agent-wolfi-complete
rdner Sep 10, 2024
0d4733b
Add installation line for Chromium
rdner Sep 11, 2024
a032bb2
Merge branch 'main' into elastic-agent-wolfi-complete
rdner Sep 11, 2024
0f354a7
Fix the wrong user while installing dependencies
rdner Sep 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 12 additions & 6 deletions dev-tools/mage/dockervariants.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,13 @@ import (
)

const (
undefined = "undefined"
basic = "basic"
ubi = "ubi"
wolfi = "wolfi"
complete = "complete"
cloud = "cloud"
undefined = "undefined"
basic = "basic"
ubi = "ubi"
wolfi = "wolfi"
complete = "complete"
wolfiComplete = "wolfi-complete"
cloud = "cloud"
)

// DockerVariant defines the docker variant to build.
Expand All @@ -27,6 +28,7 @@ const (
Basic
UBI
Wolfi
WolfiComplete
Complete
Cloud
)
Expand All @@ -42,6 +44,8 @@ func (typ DockerVariant) String() string {
return ubi
case Wolfi:
return wolfi
case WolfiComplete:
return wolfiComplete
case Complete:
return complete
case Cloud:
Expand All @@ -67,6 +71,8 @@ func (typ *DockerVariant) UnmarshalText(text []byte) error {
*typ = UBI
case wolfi:
*typ = Wolfi
case wolfiComplete:
*typ = WolfiComplete
case complete:
*typ = Complete
case cloud:
Expand Down
28 changes: 28 additions & 0 deletions dev-tools/packaging/packages.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -296,6 +296,10 @@ shared:
<<: *agent_docker_spec
docker_variant: 'complete'

- &agent_docker_wolfi_complete_spec
<<: *agent_docker_spec
docker_variant: 'wolfi-complete'

# Deb/RPM spec for community beats.
- &deb_rpm_spec
<<: *common
Expand Down Expand Up @@ -908,6 +912,18 @@ specs:
files:
'{{.BeatName}}{{.BinaryExt}}':
source: ./build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}}
- os: linux
arch: amd64
types: [docker]
spec:
<<: *docker_wolfi_spec
<<: *docker_builder_spec
<<: *agent_docker_wolfi_complete_spec
<<: *docker_elastic_spec
<<: *elastic_license_for_binaries
files:
'{{.BeatName}}{{.BinaryExt}}':
source: ./build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}}
- os: linux
arch: arm64
types: [docker]
Expand All @@ -920,6 +936,18 @@ specs:
files:
'{{.BeatName}}{{.BinaryExt}}':
source: ./build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}}
- os: linux
arch: arm64
types: [docker]
spec:
<<: *docker_wolfi_arm_spec
<<: *docker_builder_arm_spec
<<: *agent_docker_wolfi_complete_spec
<<: *docker_elastic_spec
<<: *elastic_license_for_binaries
files:
'{{.BeatName}}{{.BinaryExt}}':
source: ./build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}}
- os: linux
arch: amd64
types: [docker]
Expand Down
34 changes: 31 additions & 3 deletions dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@ LABEL \
license="{{ .License }}" \
description="{{ .BeatDescription }}"

ENV ELASTIC_CONTAINER "true"
ENV ELASTIC_CONTAINER="true"
ENV PATH={{ $beatHome }}:$PATH
ENV GODEBUG="madvdontneed=1"

Expand Down Expand Up @@ -192,7 +192,7 @@ RUN echo \
ENV ELASTIC_SYNTHETICS_CAPABLE=true
ENV ELASTIC_AGENT_COMPLETE=true
ENV TZ=UTC
ENV NODE_VERSION=18.20.3
ENV NODE_VERSION=18.20.4-r0
ENV PATH="$NODE_PATH/node/bin:$PATH"
# Install the latest version of @elastic/synthetics forcefully ignoring the previously
# cached node_modules, heartbeat then calls the global executable to run test suites
Expand Down Expand Up @@ -239,8 +239,36 @@ RUN for iter in {1..10}; do \
(exit $exit_code)
{{- end }}

USER {{ .user }}
{{- if (and (eq .Variant "wolfi-complete") (contains .from "wolfi")) }}
USER root
# Install required dependencies from wolfi repository
RUN for iter in {1..10}; do \
apk update && \
apk add --no-interactive --no-progress --no-cache nodejs-18=18.20.4-r0 npm=10.8.3-r0 glib dbus-glib libatk-1.0 \
libatk-bridge-2.0 cups-libs libxcomposite libxdamage libxrandr libxkbcommon pango alsa-lib \
font-opensans fontconfig gtk icu-data-full libnss mesa font-noto-cjk font-noto-emoji && \
exit_code=0 && break || exit_code=$? && echo "apk error: retry $iter in 10s" && sleep 10; \
done; \
(exit $exit_code)

# Setup synthetics env vars
ENV ELASTIC_SYNTHETICS_CAPABLE=true
ENV TZ=UTC
ENV NPM_CONFIG_PREFIX={{ $beatHome }}/.npm
ENV PATH="$NPM_CONFIG_PREFIX/bin:$PATH"

RUN echo \
$NPM_CONFIG_PREFIX \
{{ $beatHome }}/.config \
{{ $beatHome }}/.synthetics \
{{ $beatHome }}/.npm \
{{ $beatHome }}/.cache \
| xargs -IDIR sh -c 'mkdir -m 0770 -p DIR && chown -R {{ .user }} DIR'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we can keep the permission in sync with the other PR - https://github.com/elastic/beats/pull/40689/files#r1750771988

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I have not seen the original comment https://github.com/elastic/beats/pull/40689/files#r1750771988 and thought it was a typo which I "fixed" in elastic/beats@b06f7ce

I think I need more context on how switching permissions 0770 to 0775 reflects removing the agent from the root group. The user created for this container is the owner of the entire directory tree and the last 0 in the bitmask denies access to "other" users and groups. Why should it be "read and execute" instead?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think @emilioalvap would be the right person to ask in this case 🙂


RUN (npm i -g --loglevel verbose --production --engine-strict @elastic/synthetics@stack_release || sh -c 'tail -n +1 ${NPM_CONFIG_PREFIX}/_logs/* && exit 1')
{{- end }}

USER {{ .user }}

{{- range $i, $port := .ExposePorts }}
EXPOSE {{ $port }}
Expand Down