diff --git a/environments/common/images/es-jdk-patch/Dockerfile b/environments/common/images/es-jdk-patch/Dockerfile deleted file mode 100644 index 53344970..00000000 --- a/environments/common/images/es-jdk-patch/Dockerfile +++ /dev/null @@ -1,8 +0,0 @@ -ARG BASE_IMAGE -FROM ${BASE_IMAGE} - -ARG ES_VERSION -USER root -COPY patch-es-jdk.sh /tmp/patch-es-jdk.sh -RUN chmod +x /tmp/patch-es-jdk.sh && ES_VERSION=${ES_VERSION} /tmp/patch-es-jdk.sh && rm -f /tmp/patch-es-jdk.sh -USER elasticsearch diff --git a/environments/common/images/es-jdk-patch/patch-es-jdk.sh b/environments/common/images/es-jdk-patch/patch-es-jdk.sh deleted file mode 100755 index 58822abb..00000000 --- a/environments/common/images/es-jdk-patch/patch-es-jdk.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/sh -# ES 7.15.1-7.17.6 and 8.0.x-8.4.x bundle JDK 17.0.0/17.0.1/17.0.2 or JDK 18, which have cgroup v2 -# bug JDK-8287073: CgroupV2Subsystem.getInstance() NPEs before UseContainerSupport is checked. -# Fixed in JDK 17.0.5+ (backport JDK-8288308) and JDK 19+. -# We replace the bundled JDK: Corretto 17.0.5 for JDK-17 builds, Corretto 19.0.0 for JDK-18 builds. -# -# Usage: -# ES_VERSION=7.16.0 ./patch-es-jdk.sh # patch the JDK in /usr/share/elasticsearch/jdk -# ES_VERSION=7.16.0 ./patch-es-jdk.sh --check # exit 0 if patching is needed, 1 otherwise -set -e - -MAJOR=$(echo "$ES_VERSION" | cut -d. -f1) -MINOR=$(echo "$ES_VERSION" | cut -d. -f2) -PATCH=$(echo "$ES_VERSION" | cut -d. -f3) - -CORRETTO_VERSION="" -if [ "$MAJOR" -eq 7 ] && [ "$MINOR" -eq 15 ] && [ "$PATCH" -ge 1 ]; then - CORRETTO_VERSION="17.0.5.8.1" -elif [ "$MAJOR" -eq 7 ] && [ "$MINOR" -eq 16 ]; then - CORRETTO_VERSION="17.0.5.8.1" -elif [ "$MAJOR" -eq 7 ] && [ "$MINOR" -eq 17 ] && [ "$PATCH" -le 2 ]; then - CORRETTO_VERSION="17.0.5.8.1" -elif [ "$MAJOR" -eq 7 ] && [ "$MINOR" -eq 17 ] && [ "$PATCH" -le 6 ]; then - CORRETTO_VERSION="19.0.0.36.1" -elif [ "$MAJOR" -eq 8 ] && [ "$MINOR" -le 1 ]; then - CORRETTO_VERSION="17.0.5.8.1" -elif [ "$MAJOR" -eq 8 ] && [ "$MINOR" -le 4 ]; then - CORRETTO_VERSION="19.0.0.36.1" -fi - -if [ "$1" = "--check" ]; then - [ -n "$CORRETTO_VERSION" ] - exit $? -fi - -if [ -n "$CORRETTO_VERSION" ]; then - ARCH=$(uname -m | sed 's/x86_64/x64/' | sed 's/arm64/aarch64/') - echo "Replacing buggy bundled JDK with Corretto $CORRETTO_VERSION for ES $ES_VERSION (arch: $ARCH)" - curl -fsSLk "https://corretto.aws/downloads/resources/${CORRETTO_VERSION}/amazon-corretto-${CORRETTO_VERSION}-linux-${ARCH}.tar.gz" -o /tmp/jdk.tar.gz - rm -rf /usr/share/elasticsearch/jdk - mkdir -p /usr/share/elasticsearch/jdk - tar xzf /tmp/jdk.tar.gz -C /usr/share/elasticsearch/jdk --strip-components=1 - rm /tmp/jdk.tar.gz -fi diff --git a/environments/eck-ror/kind-cluster/ror/base/es.yml b/environments/eck-ror/kind-cluster/ror/base/es.yml index a4333475..aa213b12 100644 --- a/environments/eck-ror/kind-cluster/ror/base/es.yml +++ b/environments/eck-ror/kind-cluster/ror/base/es.yml @@ -18,12 +18,8 @@ spec: runAsUser: 0 runAsGroup: 0 env: - # For ROR_ES_VERSION >= 1.64.0 - name: I_UNDERSTAND_AND_ACCEPT_ES_PATCHING value: "yes" - # For ROR_ES_VERSION < 1.64.0 - - name: I_UNDERSTAND_IMPLICATION_OF_ES_PATCHING - value: "yes" - name: INTERNAL_USR_PASS valueFrom: secretKeyRef: diff --git a/environments/eck-ror/start.sh b/environments/eck-ror/start.sh index 034b9243..022915bb 100755 --- a/environments/eck-ror/start.sh +++ b/environments/eck-ror/start.sh @@ -123,43 +123,12 @@ if [[ -z $ES_VERSION || -z $KBN_VERSION ]]; then show_help fi -PATCH_SCRIPT_DIR="../common/images/es-jdk-patch" - -ES_IMAGE="${ROR_ES_REPO}:${ES_VERSION}-ror-${ROR_ES_VERSION}" -KBN_IMAGE="${ROR_KBN_REPO}:${KBN_VERSION}-ror-${ROR_KBN_VERSION}" - -patch_es_image_if_needed() { - if ES_VERSION="$ES_VERSION" "$PATCH_SCRIPT_DIR/patch-es-jdk.sh" --check; then - echo "ES $ES_VERSION bundles a JDK with cgroup v2 bug (JDK-8287073). Building patched image..." - docker build \ - --build-arg BASE_IMAGE="$ES_IMAGE" \ - --build-arg ES_VERSION="$ES_VERSION" \ - -t "$ES_IMAGE" \ - "$PATCH_SCRIPT_DIR" - echo "Patched ES image built successfully: $ES_IMAGE" - fi -} - -preload_images_into_kind() { - echo "Pre-loading ROR images into Kind cluster to avoid Docker Hub rate limits..." - docker pull "$ES_IMAGE" || { echo "Failed to pull ES image: $ES_IMAGE"; exit 1; } - kind load docker-image "$ES_IMAGE" --name eck-ror || { echo "Failed to load ES image into KinD cluster."; exit 1; } - echo "ES image loaded into KinD cluster: $ES_IMAGE" - - docker pull "$KBN_IMAGE" || { echo "Failed to pull Kibana image: $KBN_IMAGE"; exit 1; } - kind load docker-image "$KBN_IMAGE" --name eck-ror || { echo "Failed to load Kibana image into KinD cluster."; exit 1; } - echo "Kibana image loaded into KinD cluster: $KBN_IMAGE" -} - echo "CONFIGURING K8S CLUSTER ..." kind create cluster --name eck-ror --config kind-cluster/kind-cluster-config.yml docker exec eck-ror-control-plane /bin/bash -c "sysctl -w vm.max_map_count=262144" docker exec eck-ror-worker /bin/bash -c "sysctl -w vm.max_map_count=262144" docker exec eck-ror-worker2 /bin/bash -c "sysctl -w vm.max_map_count=262144" -patch_es_image_if_needed -preload_images_into_kind - echo "CONFIGURING ECK $ECK_VERSION ..." diff --git a/environments/elk-ror/base.docker-compose.yml b/environments/elk-ror/base.docker-compose.yml index bd3be094..4802bd87 100644 --- a/environments/elk-ror/base.docker-compose.yml +++ b/environments/elk-ror/base.docker-compose.yml @@ -5,7 +5,9 @@ services: context: . dockerfile: images/es/Dockerfile args: - ES_PATCHED_IMAGE: $ES_PATCHED_IMAGE + ROR_ES_REPO: $ROR_ES_REPO + ES_VERSION: $ES_VERSION + ROR_ES_VERSION: $ROR_ES_VERSION ports: - "9200:9200" - "5005:5005" diff --git a/environments/elk-ror/images/es/Dockerfile b/environments/elk-ror/images/es/Dockerfile index 17819644..ba34096a 100644 --- a/environments/elk-ror/images/es/Dockerfile +++ b/environments/elk-ror/images/es/Dockerfile @@ -1,6 +1,8 @@ -ARG ES_PATCHED_IMAGE +ARG ROR_ES_REPO +ARG ES_VERSION +ARG ROR_ES_VERSION -FROM ${ES_PATCHED_IMAGE} +FROM ${ROR_ES_REPO}:${ES_VERSION}-ror-${ROR_ES_VERSION} USER elasticsearch @@ -12,8 +14,5 @@ COPY certs/elasticsearch.crt /usr/share/elasticsearch/config/elasticsearch.crt COPY certs/elasticsearch.csr /usr/share/elasticsearch/config/elasticsearch.csr COPY certs/elasticsearch.key /usr/share/elasticsearch/config/elasticsearch.key -# For ROR_ES_VERSION >= 1.64.0 ENV I_UNDERSTAND_AND_ACCEPT_ES_PATCHING yes -# For ROR_ES_VERSION < 1.64.0 -ENV I_UNDERSTAND_IMPLICATION_OF_ES_PATCHING yes USER root diff --git a/environments/elk-ror/start.sh b/environments/elk-ror/start.sh index 967c1878..32888a95 100755 --- a/environments/elk-ror/start.sh +++ b/environments/elk-ror/start.sh @@ -116,13 +116,14 @@ if [[ -z $ES_VERSION || -z $KBN_VERSION ]]; then show_help fi -echo "Building JDK-patched ES base image ..." -export ES_PATCHED_IMAGE="es-ror-patched:${ES_VERSION}" -docker build \ - --build-arg BASE_IMAGE="${ROR_ES_REPO}:${ES_VERSION}-ror-${ROR_ES_VERSION}" \ - --build-arg ES_VERSION="$ES_VERSION" \ - -t "$ES_PATCHED_IMAGE" \ - ../common/images/es-jdk-patch/ +ROR_ES_IMAGE="${ROR_ES_REPO}:${ES_VERSION}-ror-${ROR_ES_VERSION}" +ROR_KBN_IMAGE="${ROR_KBN_REPO}:${KBN_VERSION}-ror-${ROR_KBN_VERSION}" + +echo "Pre-pulling ES image $ROR_ES_IMAGE ..." +docker pull "$ROR_ES_IMAGE" || { echo "Failed to pull ES image: $ROR_ES_IMAGE"; exit 1; } + +echo "Pre-pulling Kibana image $ROR_KBN_IMAGE ..." +docker pull "$ROR_KBN_IMAGE" || { echo "Failed to pull Kibana image: $ROR_KBN_IMAGE"; exit 1; } echo "Bootstrapping the docker-based environment ..." echo "Cluster type: $CLUSTER_TYPE"