Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ironbank: move to ubi9 #37017

Merged
merged 3 commits into from
Nov 6, 2023
Merged

ironbank: move to ubi9 #37017

merged 3 commits into from
Nov 6, 2023

Conversation

v1v
Copy link
Member

@v1v v1v commented Nov 2, 2023
edited
Loading

⚠️ when merged then there are some changes required in the Unified Release, there is already an open PR, and a link to this one should be visible within this PR. Backports are also required. This is a chicken/egg, so DRA will fail until changes are in both systems.

#36797 partially changed the ubi version to ubi9 but there were some other changes required in the packaging itself and the base docker images.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Use cases

Screenshots

Logs

@v1v v1v added backport-7.17 Automated backport to the 7.17 branch with mergify backport-v8.10.0 Automated backport with mergify backport-v8.11.0 Automated backport with mergify labels Nov 2, 2023
@v1v v1v self-assigned this Nov 2, 2023
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Nov 2, 2023
@v1v
Copy link
Member Author

v1v commented Nov 2, 2023

/package

@pierrehilbert pierrehilbert added the Team:Elastic-Agent Label for the Agent team label Nov 2, 2023
@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Nov 2, 2023
@elasticmachine
Copy link
Collaborator

elasticmachine commented Nov 2, 2023
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Duration: 181 min 49 sec

❕ Flaky test report

No test was executed to be analysed.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@v1v
Copy link
Member Author

v1v commented Nov 3, 2023

/package

@v1v
Copy link
Member Author

v1v commented Nov 3, 2023
edited
Loading

I managed to reproduce the issue locally:

=> [internal] load metadata for registry.access.redhat.com/ubi9/ubi-minimal:9.2                                                                                                                                                                0.0s
 => [internal] load metadata for docker.io/arm64v8/ubuntu:20.04                                                                                                                                                                                 1.4s
 => CACHED [stage-1  1/12] FROM registry.access.redhat.com/ubi9/ubi-minimal:9.2                                                                                                                                                                 0.0s
 => CACHED [home 1/3] FROM docker.io/arm64v8/ubuntu:20.04@sha256:a80d11b67ef30474bcccab048020ee25aee659c4caaca70794867deba5d392b6                                                                                                               0.0s
 => => resolve docker.io/arm64v8/ubuntu:20.04@sha256:a80d11b67ef30474bcccab048020ee25aee659c4caaca70794867deba5d392b6                                                                                                                           0.0s
 => [internal] load build context                                                                                                                                                                                                               3.3s
 => => transferring context: 173.79MB                                                                                                                                                                                                           3.2s
 => [stage-1  2/12] RUN microdnf -y update &&     microdnf install findutils shadow-utils &&     microdnf clean all                                                                                                                           574.4s
 => => #  Reinstalling:      0 packages                                                                                                                                                                                                             
 => => #  Upgrading:         0 packages                                                                                                                                                                                                             
 => => #  Obsoleting:        0 packages                                                                                                                                                                                                             
 => => #  Removing:          0 packages                                                                                                                                                                                                             
 => => #  Downgrading:       0 packages                                                                                                                                                                                                             
 => => # Is this ok [y/N]:                                                                                                                                                                                                                          
 => [home 2/3] COPY beat /usr/share/filebeat                                                                                                                                                                                                    0.6s
 => [home 3/3] RUN mkdir -p /usr/share/filebeat/data /usr/share/filebeat/logs &&     chown -R root:root /usr/share/filebeat &&     find /usr/share/filebeat -type d -exec chmod 0755 {} ; &&     find /usr/share/filebeat -type f -exec chmod   2.8s

using:

$ PLATFORMS=linux/arm64 PACKAGES=docker mage package

For some reason there is an interactive prompt for a confirmation is this ok [y/N]: while it was not the case when using ubi8

$ docker run --rm -ti registry.access.redhat.com/ubi9/ubi-minimal:9.2  /bin/bash
$ microdnf -y update
$ microdnf install findutils shadow-utils

so changing microdnf install findutils shadow-utils for microdnf -y install findutils shadow-utils fixes the issue for the prompt

@v1v
Copy link
Member Author

v1v commented Nov 3, 2023

/package

@v1v v1v marked this pull request as ready for review November 3, 2023 12:25
@v1v v1v requested review from a team as code owners November 3, 2023 12:25
@v1v v1v mentioned this pull request Nov 3, 2023
Merged
3 tasks
@v1v
Copy link
Member Author

v1v commented Nov 3, 2023

Artifacts have been uploaded to the relevant Google bucket:

image 
$ gsutil ls gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/                                    
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-8.12.0-SNAPSHOT-aarch64.rpm
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-8.12.0-SNAPSHOT-aarch64.rpm.sha512
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-8.12.0-SNAPSHOT-amd64.deb
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-8.12.0-SNAPSHOT-amd64.deb.sha512
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-8.12.0-SNAPSHOT-arm64.deb
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-8.12.0-SNAPSHOT-arm64.deb.sha512
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-8.12.0-SNAPSHOT-darwin-aarch64.tar.gz
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-8.12.0-SNAPSHOT-darwin-aarch64.tar.gz.sha512
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-8.12.0-SNAPSHOT-darwin-x86_64.tar.gz
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-8.12.0-SNAPSHOT-darwin-x86_64.tar.gz.sha512
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-8.12.0-SNAPSHOT-linux-amd64.docker.tar.gz
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-8.12.0-SNAPSHOT-linux-amd64.docker.tar.gz.sha512
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-8.12.0-SNAPSHOT-linux-arm64.docker.tar.gz
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-8.12.0-SNAPSHOT-linux-arm64.docker.tar.gz.sha512
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-8.12.0-SNAPSHOT-linux-arm64.tar.gz
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-8.12.0-SNAPSHOT-linux-arm64.tar.gz.sha512
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-8.12.0-SNAPSHOT-linux-x86_64.tar.gz
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-8.12.0-SNAPSHOT-linux-x86_64.tar.gz.sha512
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-8.12.0-SNAPSHOT-windows-x86_64.zip
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-8.12.0-SNAPSHOT-windows-x86_64.zip.sha512
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-8.12.0-SNAPSHOT-x86_64.rpm
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-8.12.0-SNAPSHOT-x86_64.rpm.sha512
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-ironbank-8.12.0-SNAPSHOT-docker-build-context.tar.gz
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-ironbank-8.12.0-SNAPSHOT-docker-build-context.tar.gz.sha512
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-oss-8.12.0-SNAPSHOT-aarch64.rpm
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-oss-8.12.0-SNAPSHOT-aarch64.rpm.sha512
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-oss-8.12.0-SNAPSHOT-amd64.deb
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-oss-8.12.0-SNAPSHOT-amd64.deb.sha512
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-oss-8.12.0-SNAPSHOT-arm64.deb
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-oss-8.12.0-SNAPSHOT-arm64.deb.sha512
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-oss-8.12.0-SNAPSHOT-darwin-aarch64.tar.gz
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-oss-8.12.0-SNAPSHOT-darwin-aarch64.tar.gz.sha512
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-oss-8.12.0-SNAPSHOT-darwin-x86_64.tar.gz
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-oss-8.12.0-SNAPSHOT-darwin-x86_64.tar.gz.sha512
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-oss-8.12.0-SNAPSHOT-linux-amd64.docker.tar.gz
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-oss-8.12.0-SNAPSHOT-linux-amd64.docker.tar.gz.sha512
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-oss-8.12.0-SNAPSHOT-linux-arm64.docker.tar.gz
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-oss-8.12.0-SNAPSHOT-linux-arm64.docker.tar.gz.sha512
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-oss-8.12.0-SNAPSHOT-linux-arm64.tar.gz
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-oss-8.12.0-SNAPSHOT-linux-arm64.tar.gz.sha512
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-oss-8.12.0-SNAPSHOT-linux-x86_64.tar.gz
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-oss-8.12.0-SNAPSHOT-linux-x86_64.tar.gz.sha512
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-oss-8.12.0-SNAPSHOT-windows-x86_64.zip
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-oss-8.12.0-SNAPSHOT-windows-x86_64.zip.sha512
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-oss-8.12.0-SNAPSHOT-x86_64.rpm
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-oss-8.12.0-SNAPSHOT-x86_64.rpm.sha512
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-ubi9-8.12.0-SNAPSHOT-linux-amd64.docker.tar.gz
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-ubi9-8.12.0-SNAPSHOT-linux-amd64.docker.tar.gz.sha512
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-ubi9-8.12.0-SNAPSHOT-linux-arm64.docker.tar.gz
gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-ubi9-8.12.0-SNAPSHOT-linux-arm64.docker.tar.gz.sha512
$ gsutil cp gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-ubi9-8.12.0-SNAPSHOT-linux-amd64.docker.tar.gz .

Copying gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-ubi9-8.12.0-SNAPSHOT-linux-amd64.docker.tar.gz...
| [1 files][109.2 MiB/109.2 MiB]                                                

$ tar xvzf filebeat-ubi9-8.12.0-SNAPSHOT-linux-amd64.docker.tar.gz
$ grep -R ubi9
./repositories:{"docker.elastic.co/beats/filebeat-ubi9":{"8.12.0-SNAPSHOT":"4321910b89d206d4047a48ad67b1e89ca73b66fd9343dbeb8737ac674c0cf239"}}
...

$ gsutil cp gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-ironbank-8.12.0-SNAPSHOT-docker-build-context.tar.gz .
trarCopying gs://beats-ci-artifacts/beats/pull-requests/pr-37017/filebeat/filebeat-ironbank-8.12.0-SNAPSHOT-docker-build-context.tar.gz...
/ [1 files][  8.8 KiB/  8.8 KiB]                                                
Operation completed over 1 objects/8.8 KiB.         
$ tar xvzf filebeat-ironbank-8.12.0-SNAPSHOT-docker-build-context.tar.gz 
x Dockerfile
x LICENSE
x README.md
x hardening_manifest.yaml
$ grep -R ubi9
./Dockerfile:ARG BASE_IMAGE=redhat/ubi/ubi9
./hardening_manifest.yaml:  BASE_IMAGE: "redhat/ubi/ubi9"

pierrehilbert
pierrehilbert approved these changes Nov 5, 2023
View reviewed changes
Copy link
Collaborator

@pierrehilbert pierrehilbert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thx @v1v

@botelastic botelastic bot added the Team:Automation Label for the Observability productivity team label Nov 5, 2023
@pierrehilbert pierrehilbert merged commit d4630af into main Nov 6, 2023
117 checks passed
@pierrehilbert pierrehilbert deleted the feature/use-ubi9 branch November 6, 2023 08:53
mergify bot pushed a commit that referenced this pull request Nov 6, 2023
@v1v @mergify
ironbank: move to ubi9 (#37017)
35c3b04 
* ironbank: move to ubi9

* packaging: ubi-minimal 9 requires -y to bypass the prompt

---------

Co-authored-by: Pierre HILBERT <[email protected]>
(cherry picked from commit d4630af)

# Conflicts:
#	.ci/packaging.groovy
#	Jenkinsfile
#	dev-tools/packaging/templates/ironbank/auditbeat/Dockerfile
mergify bot pushed a commit that referenced this pull request Nov 6, 2023
@v1v @mergify
ironbank: move to ubi9 (#37017)
0767a73 
* ironbank: move to ubi9

* packaging: ubi-minimal 9 requires -y to bypass the prompt

---------

Co-authored-by: Pierre HILBERT <[email protected]>
(cherry picked from commit d4630af)

# Conflicts:
#	dev-tools/packaging/templates/ironbank/auditbeat/Dockerfile
#	dev-tools/packaging/templates/ironbank/auditbeat/hardening_manifest.yaml
#	dev-tools/packaging/templates/ironbank/filebeat/Dockerfile
#	dev-tools/packaging/templates/ironbank/filebeat/hardening_manifest.yaml
#	dev-tools/packaging/templates/ironbank/heartbeat/Dockerfile
#	dev-tools/packaging/templates/ironbank/heartbeat/hardening_manifest.yaml
#	dev-tools/packaging/templates/ironbank/metricbeat/Dockerfile
#	dev-tools/packaging/templates/ironbank/metricbeat/hardening_manifest.yaml
#	dev-tools/packaging/templates/ironbank/packetbeat/Dockerfile
#	dev-tools/packaging/templates/ironbank/packetbeat/hardening_manifest.yaml
mergify bot pushed a commit that referenced this pull request Nov 6, 2023
@v1v @mergify
ironbank: move to ubi9 (#37017)
95c0f2f 
* ironbank: move to ubi9

* packaging: ubi-minimal 9 requires -y to bypass the prompt

---------

Co-authored-by: Pierre HILBERT <[email protected]>
(cherry picked from commit d4630af)

# Conflicts:
#	dev-tools/packaging/templates/ironbank/auditbeat/Dockerfile
#	dev-tools/packaging/templates/ironbank/auditbeat/hardening_manifest.yaml
#	dev-tools/packaging/templates/ironbank/filebeat/Dockerfile
#	dev-tools/packaging/templates/ironbank/filebeat/hardening_manifest.yaml
#	dev-tools/packaging/templates/ironbank/heartbeat/Dockerfile
#	dev-tools/packaging/templates/ironbank/heartbeat/hardening_manifest.yaml
#	dev-tools/packaging/templates/ironbank/metricbeat/Dockerfile
#	dev-tools/packaging/templates/ironbank/metricbeat/hardening_manifest.yaml
#	dev-tools/packaging/templates/ironbank/packetbeat/Dockerfile
#	dev-tools/packaging/templates/ironbank/packetbeat/hardening_manifest.yaml
This was referenced Nov 6, 2023
Merged
Merged
Merged
v1v pushed a commit that referenced this pull request Nov 6, 2023
@mergify
[7.17](backport #37017) ironbank: move to ubi9 (#37038)
45c4b05
v1v pushed a commit that referenced this pull request Nov 6, 2023
@mergify
[8.10](backport #37017) ironbank: move to ubi9 (#37039)
4696e92
v1v pushed a commit that referenced this pull request Nov 6, 2023
@mergify
[8.11](backport #37017) ironbank: move to ubi9 (#37040)
2ad9058
Scholar-Li pushed a commit to Scholar-Li/beats that referenced this pull request Feb 5, 2024
@v1v @pierrehilbert @Scholar-Li
ironbank: move to ubi9 (elastic#37017)
8c7918f 
* ironbank: move to ubi9

* packaging: ubi-minimal 9 requires -y to bypass the prompt

---------

Co-authored-by: Pierre HILBERT <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pierrehilbert pierrehilbert pierrehilbert approved these changes

@pazone pazone pazone approved these changes

@ycombinator ycombinator Awaiting requested review from ycombinator ycombinator is a code owner automatically assigned from elastic/elastic-agent-data-plane

@belimawr belimawr Awaiting requested review from belimawr belimawr is a code owner automatically assigned from elastic/elastic-agent-data-plane

Assignees

@v1v v1v

Labels
backport-7.17 Automated backport to the 7.17 branch with mergify backport-v8.10.0 Automated backport with mergify backport-v8.11.0 Automated backport with mergify Team:Automation Label for the Observability productivity team Team:Elastic-Agent Label for the Agent team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@v1v @elasticmachine @pierrehilbert @pazone