Merge pull request #1 from wbstack/useBitnamiBase

Use a forked bitnami docker image

.github/workflows/docker.build.yml

@@ -37,11 +37,28 @@ jobs:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build base image
+        uses: docker/[email protected]
+        with:
+          context: ./forked-bitnami-docker
+          file: ./forked-bitnami-docker/Dockerfile
+          platforms: linux/amd64
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,mode=max,dest=/tmp/.buildx-cache
+          tags: bitnami-elasticsearch-fork
+          outputs: |
+            type=oci,dest=/tmp/oci-base-image.tar
+      - name: Extract base image
+        run: |
+          mkdir -p /tmp/oci-base-image
+          tar -xvf /tmp/oci-base-image.tar -C /tmp/oci-base-image
       - name: Build and push
         uses: docker/[email protected]
         with:
           context: .
           file: ./Dockerfile
+          build-contexts: |
+            bitnami-elasticsearch-fork:local=oci-layout:///tmp/oci-base-image:bitnami-elasticsearch-fork
           platforms: linux/amd64
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,mode=max,dest=/tmp/.buildx-cache

Dockerfile

@@ -1,7 +1,7 @@
 ARG ELASTICSEARCH_VERSION=7.10.2
 ARG ELASTICSEARCH_PLUGIN_EXTRA_VERSION=7.10.2-wmf4
 
-FROM bitnami/elasticsearch:${ELASTICSEARCH_VERSION}
+FROM bitnami-elasticsearch-fork:local
 
 WORKDIR /opt/bitnami/elasticsearch
 

forked-bitnami-docker/Dockerfile

@@ -0,0 +1,55 @@
+# Copyright VMware, Inc. with modifications by WMDE
+# SPDX-License-Identifier: APACHE-2.0
+
+FROM docker.io/bitnami/minideb:bullseye
+
+ARG ELASTICSEARCH_PLUGINS
+ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security"
+ARG TARGETARCH
+
+ENV HOME="/" \
+    OS_ARCH="${TARGETARCH:-amd64}" \
+    OS_FLAVOUR="debian-11" \
+    OS_NAME="linux" \
+    PATH="/opt/bitnami/common/bin:/opt/bitnami/java/bin:/opt/bitnami/elasticsearch/bin:$PATH"
+
+COPY prebuildfs /
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+# Install required system packages and dependencies
+RUN install_packages ca-certificates curl libasound2-dev libc6 libfreetype6 libfreetype6-dev libgcc1 procps zlib1g
+ADD --chown=1001:root https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-7.10.2-linux-x86_64.tar.gz /opt/bitnami/
+RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
+    COMPONENTS=( \
+      "yq-4.35.1-0-linux-${OS_ARCH}-debian-11" \
+      "java-17.0.8-7-3-linux-${OS_ARCH}-debian-11" \
+    ) && \
+    for COMPONENT in "${COMPONENTS[@]}"; do \
+      if [ ! -f "${COMPONENT}.tar.gz" ]; then \
+        curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \
+        curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \
+      fi && \
+      sha256sum -c "${COMPONENT}.tar.gz.sha256" && \
+      tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' && \
+      rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \
+    done ; \
+    tar -xzf /opt/bitnami/elasticsearch-oss-7.10.2-linux-x86_64.tar.gz -C /opt/bitnami && \
+    mv /opt/bitnami/elasticsearch-7.10.2 /opt/bitnami/elasticsearch && \
+    rm /opt/bitnami/elasticsearch/config/elasticsearch.yml && \
+    chown -R 1001:root /opt/bitnami/elasticsearch
+RUN apt-get update && apt-get upgrade -y && \
+    apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
+RUN chmod g+rwX /opt/bitnami
+COPY rootfs /
+RUN /opt/bitnami/scripts/elasticsearch/postunpack.sh
+RUN /opt/bitnami/scripts/java/postunpack.sh
+ENV APP_VERSION="7.10.2" \
+    BITNAMI_APP_NAME="elasticsearch" \
+    ES_JAVA_HOME="/opt/bitnami/java" \
+    JAVA_HOME="/opt/bitnami/java" \
+    LD_LIBRARY_PATH="/opt/bitnami/elasticsearch/jdk/lib:/opt/bitnami/elasticsearch/jdk/lib/server:$LD_LIBRARY_PATH"
+
+EXPOSE 9200 9300
+
+USER 1001
+ENTRYPOINT [ "/opt/bitnami/scripts/elasticsearch/entrypoint.sh" ]
+CMD [ "/opt/bitnami/scripts/elasticsearch/run.sh" ]

forked-bitnami-docker/prebuildfs/opt/bitnami/.bitnami_components.json

@@ -0,0 +1,20 @@
+{
+    "elasticsearch": {
+        "arch": "amd64",
+        "distro": "debian-11",
+        "type": "NAMI",
+        "version": "7.17.13-0"
+    },
+    "java": {
+        "arch": "amd64",
+        "distro": "debian-11",
+        "type": "NAMI",
+        "version": "17.0.8-7-3"
+    },
+    "yq": {
+        "arch": "amd64",
+        "distro": "debian-11",
+        "type": "NAMI",
+        "version": "4.35.1-0"
+    }
+}

forked-bitnami-docker/prebuildfs/opt/bitnami/licenses/licenses.txt

@@ -0,0 +1,2 @@
+Bitnami containers ship with software bundles. You can find the licenses under:
+/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt

forked-bitnami-docker/prebuildfs/opt/bitnami/scripts/libbitnami.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+# Copyright VMware, Inc.
+# SPDX-License-Identifier: APACHE-2.0
+#
+# Bitnami custom library
+
+# shellcheck disable=SC1091
+
+# Load Generic Libraries
+. /opt/bitnami/scripts/liblog.sh
+
+# Constants
+BOLD='\033[1m'
+
+# Functions
+
+########################
+# Print the welcome page
+# Globals:
+#   DISABLE_WELCOME_MESSAGE
+#   BITNAMI_APP_NAME
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+print_welcome_page() {
+    if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then
+        if [[ -n "$BITNAMI_APP_NAME" ]]; then
+            print_image_welcome_page
+        fi
+    fi
+}
+
+########################
+# Print the welcome page for a Bitnami Docker image
+# Globals:
+#   BITNAMI_APP_NAME
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+print_image_welcome_page() {
+    local github_url="https://github.com/bitnami/containers"
+
+    log ""
+    log "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}"
+    log "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}"
+    log "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}"
+    log ""
+}
+

forked-bitnami-docker/prebuildfs/opt/bitnami/scripts/libfile.sh

@@ -0,0 +1,141 @@
+#!/bin/bash
+# Copyright VMware, Inc.
+# SPDX-License-Identifier: APACHE-2.0
+#
+# Library for managing files
+
+# shellcheck disable=SC1091
+
+# Load Generic Libraries
+. /opt/bitnami/scripts/libos.sh
+
+# Functions
+
+########################
+# Replace a regex-matching string in a file
+# Arguments:
+#   $1 - filename
+#   $2 - match regex
+#   $3 - substitute regex
+#   $4 - use POSIX regex. Default: true
+# Returns:
+#   None
+#########################
+replace_in_file() {
+    local filename="${1:?filename is required}"
+    local match_regex="${2:?match regex is required}"
+    local substitute_regex="${3:?substitute regex is required}"
+    local posix_regex=${4:-true}
+
+    local result
+
+    # We should avoid using 'sed in-place' substitutions
+    # 1) They are not compatible with files mounted from ConfigMap(s)
+    # 2) We found incompatibility issues with Debian10 and "in-place" substitutions
+    local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues
+    if [[ $posix_regex = true ]]; then
+        result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
+    else
+        result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
+    fi
+    echo "$result" > "$filename"
+}
+
+########################
+# Replace a regex-matching multiline string in a file
+# Arguments:
+#   $1 - filename
+#   $2 - match regex
+#   $3 - substitute regex
+# Returns:
+#   None
+#########################
+replace_in_file_multiline() {
+    local filename="${1:?filename is required}"
+    local match_regex="${2:?match regex is required}"
+    local substitute_regex="${3:?substitute regex is required}"
+
+    local result
+    local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues
+    result="$(perl -pe "BEGIN{undef $/;} s${del}${match_regex}${del}${substitute_regex}${del}sg" "$filename")"
+    echo "$result" > "$filename"
+}
+
+########################
+# Remove a line in a file based on a regex
+# Arguments:
+#   $1 - filename
+#   $2 - match regex
+#   $3 - use POSIX regex. Default: true
+# Returns:
+#   None
+#########################
+remove_in_file() {
+    local filename="${1:?filename is required}"
+    local match_regex="${2:?match regex is required}"
+    local posix_regex=${3:-true}
+    local result
+
+    # We should avoid using 'sed in-place' substitutions
+    # 1) They are not compatible with files mounted from ConfigMap(s)
+    # 2) We found incompatibility issues with Debian10 and "in-place" substitutions
+    if [[ $posix_regex = true ]]; then
+        result="$(sed -E "/$match_regex/d" "$filename")"
+    else
+        result="$(sed "/$match_regex/d" "$filename")"
+    fi
+    echo "$result" > "$filename"
+}
+
+########################
+# Appends text after the last line matching a pattern
+# Arguments:
+#   $1 - file
+#   $2 - match regex
+#   $3 - contents to add
+# Returns:
+#   None
+#########################
+append_file_after_last_match() {
+    local file="${1:?missing file}"
+    local match_regex="${2:?missing pattern}"
+    local value="${3:?missing value}"
+
+    # We read the file in reverse, replace the first match (0,/pattern/s) and then reverse the results again
+    result="$(tac "$file" | sed -E "0,/($match_regex)/s||${value}\n\1|" | tac)"
+    echo "$result" > "$file"
+}
+
+########################
+# Wait until certain entry is present in a log file
+# Arguments:
+#   $1 - entry to look for
+#   $2 - log file
+#   $3 - max retries. Default: 12
+#   $4 - sleep between retries (in seconds). Default: 5
+# Returns:
+#   Boolean
+#########################
+wait_for_log_entry() {
+    local -r entry="${1:-missing entry}"
+    local -r log_file="${2:-missing log file}"
+    local -r retries="${3:-12}"
+    local -r interval_time="${4:-5}"
+    local attempt=0
+
+    check_log_file_for_entry() {
+        if ! grep -qE "$entry" "$log_file"; then
+            debug "Entry \"${entry}\" still not present in ${log_file} (attempt $((++attempt))/${retries})"
+            return 1
+        fi
+    }
+    debug "Checking that ${log_file} log file contains entry \"${entry}\""
+    if retry_while check_log_file_for_entry "$retries" "$interval_time"; then
+        debug "Found entry \"${entry}\" in ${log_file}"
+        true
+    else
+        error "Could not find entry \"${entry}\" in ${log_file} after ${retries} retries"
+        debug_execute cat "$log_file"
+        return 1
+    fi
+}