From ec6e4385b1bf9229ae55007ea6bdd0d31ef38d70 Mon Sep 17 00:00:00 2001 From: przemyslaw Date: Mon, 26 Oct 2020 09:19:45 +0100 Subject: [PATCH 1/6] Introduce proper init system (/bin/tini) to Docker container --- .../packaging/templates/docker/Dockerfile.tmpl | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/dev-tools/packaging/templates/docker/Dockerfile.tmpl b/dev-tools/packaging/templates/docker/Dockerfile.tmpl index 8b7eb80745c..f629dffabf1 100644 --- a/dev-tools/packaging/templates/docker/Dockerfile.tmpl +++ b/dev-tools/packaging/templates/docker/Dockerfile.tmpl @@ -60,6 +60,17 @@ LABEL \ ENV ELASTIC_CONTAINER "true" ENV PATH={{ $beatHome }}:$PATH +# Add an init process, check the checksum to make sure it's a match +RUN set -e ; \ + TINI_VERSION='v0.19.0' ; \ + TINI_BIN='tini-amd64' ; \ + curl --retry 8 -S -L -O "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/${TINI_BIN}" ; \ + curl --retry 8 -S -L -O "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/${TINI_BIN}.sha256sum" ; \ + sha256sum -c "${TINI_BIN}.sha256sum" ; \ + rm "${TINI_BIN}.sha256sum" ; \ + mv "${TINI_BIN}" /bin/tini ; \ + chmod +x /bin/tini + COPY docker-entrypoint /usr/local/bin/docker-entrypoint RUN chmod 755 /usr/local/bin/docker-entrypoint @@ -80,5 +91,5 @@ EXPOSE {{ $port }} {{- end }} WORKDIR {{ $beatHome }} -ENTRYPOINT ["/usr/local/bin/docker-entrypoint"] +ENTRYPOINT ["/bin/tini", "--", "/usr/local/bin/docker-entrypoint"] CMD ["-environment", "container"] From 18ed997356a7d884ba52f733d5947e9adda1ead2 Mon Sep 17 00:00:00 2001 From: mieciu Date: Fri, 4 Dec 2020 15:02:36 +0100 Subject: [PATCH 2/6] Add tini to elastic-agent Dockerfile template --- .../templates/docker/Dockerfile.elastic-agent.tmpl | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl b/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl index 7ab87f6f3ec..71b78bc639c 100644 --- a/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl +++ b/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl @@ -66,6 +66,17 @@ LABEL \ ENV ELASTIC_CONTAINER "true" ENV PATH={{ $beatHome }}:$PATH +# Add an init process, check the checksum to make sure it's a match +RUN set -e ; \ + TINI_VERSION='v0.19.0' ; \ + TINI_BIN='tini-amd64' ; \ + curl --retry 8 -S -L -O "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/${TINI_BIN}" ; \ + curl --retry 8 -S -L -O "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/${TINI_BIN}.sha256sum" ; \ + sha256sum -c "${TINI_BIN}.sha256sum" ; \ + rm "${TINI_BIN}.sha256sum" ; \ + mv "${TINI_BIN}" /bin/tini ; \ + chmod +x /bin/tini + COPY docker-entrypoint /usr/local/bin/docker-entrypoint RUN chmod 755 /usr/local/bin/docker-entrypoint @@ -90,4 +101,5 @@ EXPOSE {{ $port }} {{- end }} WORKDIR {{ $beatHome }} -ENTRYPOINT ["/usr/local/bin/docker-entrypoint"] +ENTRYPOINT ["/bin/tini", "--", "/usr/local/bin/docker-entrypoint"] +CMD ["-environment", "container"] From eb72bd0128f0f25587a5a2a4dfad8287ccaa6f1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Przemys=C5=82aw=20Hejman?= Date: Mon, 7 Dec 2020 10:11:56 +0100 Subject: [PATCH 3/6] Hardcode SHA for tini binary by @jsoriano Co-authored-by: Jaime Soriano Pastor --- .../packaging/templates/docker/Dockerfile.elastic-agent.tmpl | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl b/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl index 71b78bc639c..cfda7daaf65 100644 --- a/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl +++ b/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl @@ -70,10 +70,9 @@ ENV PATH={{ $beatHome }}:$PATH RUN set -e ; \ TINI_VERSION='v0.19.0' ; \ TINI_BIN='tini-amd64' ; \ + TINI_SHA256='93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c' curl --retry 8 -S -L -O "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/${TINI_BIN}" ; \ - curl --retry 8 -S -L -O "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/${TINI_BIN}.sha256sum" ; \ - sha256sum -c "${TINI_BIN}.sha256sum" ; \ - rm "${TINI_BIN}.sha256sum" ; \ + echo "${TINI_SHA256} ${TINI_BIN}" | sha256sum -c - ; \ mv "${TINI_BIN}" /bin/tini ; \ chmod +x /bin/tini From 340497dcefebf8fab9ed98fcc1aae137de5ab22f Mon Sep 17 00:00:00 2001 From: mieciu Date: Mon, 7 Dec 2020 10:44:03 +0100 Subject: [PATCH 4/6] Both Dockerfiles with hardcoded SHAs --- .../packaging/templates/docker/Dockerfile.elastic-agent.tmpl | 2 +- dev-tools/packaging/templates/docker/Dockerfile.tmpl | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl b/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl index cfda7daaf65..cfc0ccc8fd2 100644 --- a/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl +++ b/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl @@ -70,7 +70,7 @@ ENV PATH={{ $beatHome }}:$PATH RUN set -e ; \ TINI_VERSION='v0.19.0' ; \ TINI_BIN='tini-amd64' ; \ - TINI_SHA256='93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c' + TINI_SHA256='93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c' ; \ curl --retry 8 -S -L -O "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/${TINI_BIN}" ; \ echo "${TINI_SHA256} ${TINI_BIN}" | sha256sum -c - ; \ mv "${TINI_BIN}" /bin/tini ; \ diff --git a/dev-tools/packaging/templates/docker/Dockerfile.tmpl b/dev-tools/packaging/templates/docker/Dockerfile.tmpl index f629dffabf1..4820eade54b 100644 --- a/dev-tools/packaging/templates/docker/Dockerfile.tmpl +++ b/dev-tools/packaging/templates/docker/Dockerfile.tmpl @@ -64,10 +64,9 @@ ENV PATH={{ $beatHome }}:$PATH RUN set -e ; \ TINI_VERSION='v0.19.0' ; \ TINI_BIN='tini-amd64' ; \ + TINI_SHA256='93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c' ; \ curl --retry 8 -S -L -O "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/${TINI_BIN}" ; \ - curl --retry 8 -S -L -O "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/${TINI_BIN}.sha256sum" ; \ - sha256sum -c "${TINI_BIN}.sha256sum" ; \ - rm "${TINI_BIN}.sha256sum" ; \ + echo "${TINI_SHA256} ${TINI_BIN}" | sha256sum -c - ; \ mv "${TINI_BIN}" /bin/tini ; \ chmod +x /bin/tini From c1c1a4e7effac587276de871113d2a1d31a74a17 Mon Sep 17 00:00:00 2001 From: mieciu Date: Mon, 7 Dec 2020 15:12:23 +0100 Subject: [PATCH 5/6] /bin/tini -> /usr/bin/tini --- .../templates/docker/Dockerfile.elastic-agent.tmpl | 6 +++--- dev-tools/packaging/templates/docker/Dockerfile.tmpl | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl b/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl index cfc0ccc8fd2..057bd5def11 100644 --- a/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl +++ b/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl @@ -73,8 +73,8 @@ RUN set -e ; \ TINI_SHA256='93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c' ; \ curl --retry 8 -S -L -O "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/${TINI_BIN}" ; \ echo "${TINI_SHA256} ${TINI_BIN}" | sha256sum -c - ; \ - mv "${TINI_BIN}" /bin/tini ; \ - chmod +x /bin/tini + mv "${TINI_BIN}" /usr/bin/tini ; \ + chmod +x /usr/bin/tini COPY docker-entrypoint /usr/local/bin/docker-entrypoint RUN chmod 755 /usr/local/bin/docker-entrypoint @@ -100,5 +100,5 @@ EXPOSE {{ $port }} {{- end }} WORKDIR {{ $beatHome }} -ENTRYPOINT ["/bin/tini", "--", "/usr/local/bin/docker-entrypoint"] +ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/docker-entrypoint"] CMD ["-environment", "container"] diff --git a/dev-tools/packaging/templates/docker/Dockerfile.tmpl b/dev-tools/packaging/templates/docker/Dockerfile.tmpl index 4820eade54b..d846956090c 100644 --- a/dev-tools/packaging/templates/docker/Dockerfile.tmpl +++ b/dev-tools/packaging/templates/docker/Dockerfile.tmpl @@ -67,8 +67,8 @@ RUN set -e ; \ TINI_SHA256='93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c' ; \ curl --retry 8 -S -L -O "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/${TINI_BIN}" ; \ echo "${TINI_SHA256} ${TINI_BIN}" | sha256sum -c - ; \ - mv "${TINI_BIN}" /bin/tini ; \ - chmod +x /bin/tini + mv "${TINI_BIN}" /usr/bin/tini ; \ + chmod +x /usr/bin/tini COPY docker-entrypoint /usr/local/bin/docker-entrypoint RUN chmod 755 /usr/local/bin/docker-entrypoint @@ -90,5 +90,5 @@ EXPOSE {{ $port }} {{- end }} WORKDIR {{ $beatHome }} -ENTRYPOINT ["/bin/tini", "--", "/usr/local/bin/docker-entrypoint"] +ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/docker-entrypoint"] CMD ["-environment", "container"] From 1ffd828d3aa2e4c680027333803568bb3ee72280 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Przemys=C5=82aw=20Hejman?= Date: Mon, 7 Dec 2020 16:35:08 +0100 Subject: [PATCH 6/6] Remove CMD from agent image Co-authored-by: Jaime Soriano Pastor --- .../packaging/templates/docker/Dockerfile.elastic-agent.tmpl | 1 - 1 file changed, 1 deletion(-) diff --git a/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl b/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl index 057bd5def11..a78cf36f255 100644 --- a/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl +++ b/dev-tools/packaging/templates/docker/Dockerfile.elastic-agent.tmpl @@ -101,4 +101,3 @@ EXPOSE {{ $port }} WORKDIR {{ $beatHome }} ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/docker-entrypoint"] -CMD ["-environment", "container"]