UNCLASSIFIED

Commit 833734eb authored by elastic's avatar elastic
Browse files

Update Elasticsearch to 8.1.0

parent 67411db6
Pipeline #713683 failed with stages
in 7 minutes and 56 seconds
......@@ -4,15 +4,38 @@
# Beginning of multi stage Dockerfile
################################################################################
################################################################################
# Build stage 0 `builder`:
# Extract Elasticsearch artifact
################################################################################
ARG BASE_REGISTRY=registry1.dso.mil
ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8
ARG BASE_TAG=8.5
################################################################################
# Build stage 0 `zlib`:
# Compile zlib for the current architecture
################################################################################
FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} AS zlib
RUN for iter in 1 2 3 4 5 6 7 8 9 10; do \
yum install -y curl gcc make tar gzip && \
exit_code=0 && break || \
exit_code=$? && echo "yum error: retry $iter in 10s" && sleep 10; \
done; \
exit $exit_code
WORKDIR /tmp
RUN curl --retry 10 -S -L -o zlib-1.2.8.tar.gz https://github.com/cloudflare/zlib/archive/refs/tags/v1.2.8.tar.gz
RUN echo "7e393976368975446b263ae4143fb404bc33bf3b436e72007700b5b88e5be332cd461cdec42d31a4b6dffdca2368550f01b9fa1165d81c0aa818bbf2b1ac191e zlib-1.2.8.tar.gz" \
| sha512sum --check -
RUN tar xf zlib-1.2.8.tar.gz
WORKDIR /tmp/zlib-1.2.8
RUN ./configure --prefix=/usr/local/cloudflare-zlib && make && make install
################################################################################
# Build stage 1 `builder`:
# Extract Elasticsearch artifact
################################################################################
FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} AS builder
# `tini` is a tiny but valid init for containers. This is used to cleanly
......@@ -23,7 +46,7 @@ RUN chmod 0555 /bin/tini
RUN mkdir /usr/share/elasticsearch
WORKDIR /usr/share/elasticsearch
COPY elasticsearch-7.17.1-linux-x86_64.tar.gz /tmp/elasticsearch.tar.gz
COPY elasticsearch-8.1.0-linux-x86_64.tar.gz /tmp/elasticsearch.tar.gz
RUN tar -zxf /tmp/elasticsearch.tar.gz --strip-components=1
......@@ -52,9 +75,10 @@ RUN sed -i -e 's/ES_DISTRIBUTION_TYPE=tar/ES_DISTRIBUTION_TYPE=docker/' bin/elas
find config -type f -exec chmod 0664 {} +
################################################################################
# Build stage 1 (the actual Elasticsearch image):
# Build stage 2 (the actual Elasticsearch image):
#
# Copy elasticsearch from stage 0
# Copy zlib from stage 2
# Copy elasticsearch from stage 1
# Add entrypoint
################################################################################
......@@ -67,7 +91,6 @@ RUN yum update --setopt=tsflags=nodocs -y && \
RUN groupadd -g 1000 elasticsearch && \
adduser -u 1000 -g 1000 -G 0 -d /usr/share/elasticsearch elasticsearch && \
chmod 0755 /usr/share/elasticsearch && \
chown -R 0:0 /usr/share/elasticsearch
ENV ELASTIC_CONTAINER true
......@@ -76,8 +99,10 @@ WORKDIR /usr/share/elasticsearch
COPY --from=builder --chown=0:0 /usr/share/elasticsearch /usr/share/elasticsearch
COPY --from=builder --chown=0:0 /bin/tini /bin/tini
COPY --from=zlib --chown=0:0 /usr/local/cloudflare-zlib /usr/local/cloudflare-zlib
ENV PATH /usr/share/elasticsearch/bin:$PATH
ENV ES_ZLIB_PATH /usr/local/cloudflare-zlib/lib
COPY scripts/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
......@@ -105,14 +130,14 @@ EXPOSE 9200 9300
RUN mkdir /licenses && cp LICENSE.txt /licenses/LICENSE
COPY LICENSE /licenses/LICENSE.addendum
USER elasticsearch:root
# Our actual entrypoint is `tini`, a minimal but functional init program. It
# calls the entrypoint we provide, while correctly forwarding signals.
ENTRYPOINT ["/bin/tini", "--", "/usr/local/bin/docker-entrypoint.sh"]
# Dummy overridable parameter parsed by entrypoint
CMD ["eswrapper"]
USER elasticsearch:root
HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD curl -I -f --max-time 5 http://localhost:9200 || exit 1
################################################################################
......
......@@ -29,9 +29,9 @@ visiting [Elastic Community](https://www.elastic.co/community).
This software is governed by the [Elastic
License](https://github.com/elastic/elasticsearch/blob/7.17/licenses/ELASTIC-LICENSE-2.0.txt),
License](https://github.com/elastic/elasticsearch/blob/8.1/licenses/ELASTIC-LICENSE-2.0.txt),
and includes the full set of [free
features](https://www.elastic.co/subscriptions).
View the detailed release notes
[here](https://www.elastic.co/guide/en/elasticsearch/reference/7.17/es-release-notes.html).
[here](https://www.elastic.co/guide/en/elasticsearch/reference/8.1/es-release-notes.html).
......@@ -11,7 +11,7 @@ labels:
org.opencontainers.image.title: elasticsearch
org.opencontainers.image.url: https://github.com/elastic/elasticsearch
org.opencontainers.image.vendor: Elastic
org.opencontainers.image.version: 7.17.1
org.opencontainers.image.version: 8.1.0
maintainers:
- email: rory.hunter@elastic.co
name: Rory Hunter
......@@ -26,16 +26,16 @@ maintainers:
username: yalabe.dukuly
name: elastic/elasticsearch/elasticsearch
resources:
- filename: elasticsearch-7.17.1-linux-x86_64.tar.gz
url: https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.1-linux-x86_64.tar.gz
- filename: elasticsearch-8.1.0-linux-x86_64.tar.gz
url: https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.1.0-linux-x86_64.tar.gz
validation:
type: sha512
value: fe2ec941e98713dc9a9c4e54c411d9b63be066ec2b1ca5ec2873d70dabbde7463bc46b8785d2a82e8fcc007d340b47a2964be1637033609ffdc96756e73c6413
value: 12300f213c212b9ecde2e55441ce403af10d3920e07b428fb2ce595b9afcfc9a36a62709448c78f5c3177820d9feb3049c26fad1d7111f8cc09cb3b4308b9238
- filename: tini
url: https://github.com/krallin/tini/releases/download/v0.19.0/tini-amd64
validation:
type: sha256
value: 93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c
tags:
- 7.17.1
- 8.1.0
- latest
......@@ -57,15 +57,15 @@ if [[ -f bin/elasticsearch-users ]]; then
fi
fi
if [[ -n "$ES_LOG_STYLE" ]]; then
case "$ES_LOG_STYLE" in
console)
# This is the default. Nothing to do.
;;
file)
# Overwrite the default config with the stack config
mv /usr/share/elasticsearch/config/log4j2.file.properties /usr/share/elasticsearch/config/log4j2.properties
# Overwrite the default config with the stack config. Do this as a
# copy, not a move, in case the container is restarted.
cp -f /usr/share/elasticsearch/config/log4j2.file.properties /usr/share/elasticsearch/config/log4j2.properties
;;
*)
echo "ERROR: ES_LOG_STYLE set to [$ES_LOG_STYLE]. Expected [console] or [file]" >&2
......@@ -73,6 +73,12 @@ if [[ -n "$ES_LOG_STYLE" ]]; then
esac
fi
if [[ -n "$ENROLLMENT_TOKEN" ]]; then
POSITIONAL_PARAMETERS="--enrollment-token $ENROLLMENT_TOKEN"
else
POSITIONAL_PARAMETERS=""
fi
# Signal forwarding and child reaping is handled by `tini`, which is the
# actual entrypoint of the container
exec /usr/share/elasticsearch/bin/elasticsearch <<<"$KEYSTORE_PASSWORD"
exec /usr/share/elasticsearch/bin/elasticsearch $POSITIONAL_PARAMETERS <<<"$KEYSTORE_PASSWORD"
#!/usr/bin/env bash
set -Eeuo pipefail
# Update "cacerts" bundle to use Ubuntu's CA certificates (and make sure it
# stays up-to-date with changes to Ubuntu's store)
trust extract \
--overwrite \
--format=java-cacerts \
--filter=ca-anchors \
--purpose=server-auth \
/usr/share/elasticsearch/jdk/lib/security/cacerts
......@@ -3,8 +3,8 @@ status = error
######## Server JSON ############################
appender.rolling.type = Console
appender.rolling.name = rolling
appender.rolling.layout.type = ESJsonLayout
appender.rolling.layout.type_name = server
appender.rolling.layout.type = ECSJsonLayout
appender.rolling.layout.dataset = elasticsearch.server
################################################
......@@ -16,16 +16,15 @@ rootLogger.appenderRef.rolling.ref = rolling
######## Deprecation JSON #######################
appender.deprecation_rolling.type = Console
appender.deprecation_rolling.name = deprecation_rolling
appender.deprecation_rolling.layout.type = ESJsonLayout
appender.deprecation_rolling.layout.type_name = deprecation.elasticsearch
appender.deprecation_rolling.layout.esmessagefields=x-opaque-id,key,category,elasticsearch.elastic_product_origin
appender.deprecation_rolling.layout.type = ECSJsonLayout
# Intentionally follows a different pattern to above
appender.deprecation_rolling.layout.dataset = deprecation.elasticsearch
appender.deprecation_rolling.filter.rate_limit.type = RateLimitingFilter
appender.header_warning.type = HeaderWarningAppender
appender.header_warning.name = header_warning
#################################################
#################################################
logger.deprecation.name = org.elasticsearch.deprecation
logger.deprecation.level = WARN
logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling
......@@ -35,9 +34,8 @@ logger.deprecation.additivity = false
######## Search slowlog JSON ####################
appender.index_search_slowlog_rolling.type = Console
appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling
appender.index_search_slowlog_rolling.layout.type = ESJsonLayout
appender.index_search_slowlog_rolling.layout.type_name = index_search_slowlog
appender.index_search_slowlog_rolling.layout.esmessagefields=message,took,took_millis,total_hits,types,stats,search_type,total_shards,source,id
appender.index_search_slowlog_rolling.layout.type = ECSJsonLayout
appender.index_search_slowlog_rolling.layout.dataset = elasticsearch.index_search_slowlog
#################################################
......@@ -50,11 +48,8 @@ logger.index_search_slowlog_rolling.additivity = false
######## Indexing slowlog JSON ##################
appender.index_indexing_slowlog_rolling.type = Console
appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling
appender.index_indexing_slowlog_rolling.layout.type = ESJsonLayout
appender.index_indexing_slowlog_rolling.layout.type_name = index_indexing_slowlog
appender.index_indexing_slowlog_rolling.layout.esmessagefields=message,took,took_millis,doc_type,id,routing,source
#################################################
appender.index_indexing_slowlog_rolling.layout.type = ECSJsonLayout
appender.index_indexing_slowlog_rolling.layout.dataset = elasticsearch.index_indexing_slowlog
#################################################
......@@ -63,12 +58,29 @@ logger.index_indexing_slowlog.level = trace
logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling
logger.index_indexing_slowlog.additivity = false
logger.com_amazonaws.name = com.amazonaws
logger.com_amazonaws.level = warn
logger.com_amazonaws_jmx_SdkMBeanRegistrySupport.name = com.amazonaws.jmx.SdkMBeanRegistrySupport
logger.com_amazonaws_jmx_SdkMBeanRegistrySupport.level = error
logger.com_amazonaws_metrics_AwsSdkMetrics.name = com.amazonaws.metrics.AwsSdkMetrics
logger.com_amazonaws_metrics_AwsSdkMetrics.level = error
logger.com_amazonaws_auth_profile_internal_BasicProfileConfigFileLoader.name = com.amazonaws.auth.profile.internal.BasicProfileConfigFileLoader
logger.com_amazonaws_auth_profile_internal_BasicProfileConfigFileLoader.level = error
logger.com_amazonaws_services_s3_internal_UseArnRegionResolver.name = com.amazonaws.services.s3.internal.UseArnRegionResolver
logger.com_amazonaws_services_s3_internal_UseArnRegionResolver.level = error
appender.audit_rolling.type = Console
appender.audit_rolling.name = audit_rolling
appender.audit_rolling.layout.type = PatternLayout
appender.audit_rolling.layout.pattern = {\
"type":"audit", \
"timestamp":"%d{yyyy-MM-dd'T'HH:mm:ss,SSSZ}"\
%varsNotEmpty{, "cluster.name":"%enc{%map{cluster.name}}{JSON}"}\
%varsNotEmpty{, "cluster.uuid":"%enc{%map{cluster.uuid}}{JSON}"}\
%varsNotEmpty{, "node.name":"%enc{%map{node.name}}{JSON}"}\
%varsNotEmpty{, "node.id":"%enc{%map{node.id}}{JSON}"}\
%varsNotEmpty{, "host.name":"%enc{%map{host.name}}{JSON}"}\
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment