Build docker images when building packages

.gitignore

@@ -8,7 +8,7 @@
 /*/fields.yml
 /*/*.template*.json
 **/html_docs
-/*/_meta/kibana.generated
+/**/_meta/kibana.generated
 
 # Files
 .DS_Store

auditbeat/_meta/beat.docker.yml

@@ -0,0 +1,14 @@
+auditbeat.modules:
+
+- module: auditd
+  audit_rules: |
+    -w /etc/passwd -p wa -k identity
+    -a always,exit -F arch=b32 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EPERM -k access
+
+- module: file_integrity
+  paths:
+    - /bin
+    - /usr/bin
+    - /sbin
+    - /usr/sbin
+    - /etc

auditbeat/auditbeat.docker.yml

@@ -0,0 +1,21 @@
+auditbeat.modules:
+
+- module: auditd
+  audit_rules: |
+    -w /etc/passwd -p wa -k identity
+    -a always,exit -F arch=b32 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EPERM -k access
+
+- module: file_integrity
+  paths:
+    - /bin
+    - /usr/bin
+    - /sbin
+    - /usr/sbin
+    - /etc
+processors:
+- add_cloud_metadata: ~
+
+output.elasticsearch:
+  hosts: '${ELASTICSEARCH_HOSTS:elasticsearch:9200}'
+  username: '${ELASTICSEARCH_USERNAME:}'
+  password: '${ELASTICSEARCH_PASSWORD:}'

auditbeat/magefile.go

@@ -208,6 +208,8 @@ func customizePackaging() {
 		case mage.Deb, mage.RPM, mage.DMG:
 			args.Spec.ReplaceFile("/etc/{{.BeatName}}/{{.BeatName}}.yml", shortConfig)
 			args.Spec.ReplaceFile("/etc/{{.BeatName}}/{{.BeatName}}.reference.yml", referenceConfig)
+		case mage.Docker:
+			args.Spec.ExtraVar("user", "root")
 		default:
 			panic(errors.Errorf("unhandled package type: %v", pkgType))
 		}

dev-tools/mage/dockerbuilder.go

@@ -0,0 +1,143 @@
+// Licensed to Elasticsearch B.V. under one or more contributor
+// license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright
+// ownership. Elasticsearch B.V. licenses this file to you under
+// the Apache License, Version 2.0 (the "License"); you may
+// not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package mage
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/magefile/mage/sh"
+
+	"github.com/pkg/errors"
+)
+
+type dockerBuilder struct {
+	PackageSpec
+
+	buildDir string
+	beatDir  string
+}
+
+func newDockerBuilder(spec PackageSpec) (*dockerBuilder, error) {
+	buildDir := filepath.Join(spec.packageDir, "docker-build")
+	beatDir := filepath.Join(buildDir, "beat")
+
+	return &dockerBuilder{
+		PackageSpec: spec,
+		buildDir:    buildDir,
+		beatDir:     beatDir,
+	}, nil
+}
+
+func (b *dockerBuilder) Build() error {
+	if err := os.RemoveAll(b.buildDir); err != nil {
+		return errors.Wrapf(err, "failed to clean existing build directory %s", b.buildDir)
+	}
+
+	if err := b.copyFiles(); err != nil {
+		return err
+	}
+
+	if err := b.prepareBuild(); err != nil {
+		return errors.Wrap(err, "failed to prepare build")
+	}
+
+	tag, err := b.dockerBuild()
+	if err != nil {
+		return errors.Wrap(err, "failed to build docker")
+	}
+
+	if err := b.dockerSave(tag); err != nil {
+		return errors.Wrap(err, "failed to save docker as artifact")
+	}
+
+	return nil
+}
+
+func (b *dockerBuilder) modulesDirs() []string {
+	var modulesd []string
+	for _, f := range b.Files {
+		if f.Modules {
+			modulesd = append(modulesd, f.Target)
+		}
+	}
+	return modulesd
+}
+
+func (b *dockerBuilder) copyFiles() error {
+	for _, f := range b.Files {
+		target := filepath.Join(b.beatDir, f.Target)
+		if err := Copy(f.Source, target); err != nil {
+			return errors.Wrapf(err, "failed to copy from %s to %s", f.Source, target)
+		}
+	}
+	return nil
+}
+
+func (b *dockerBuilder) prepareBuild() error {
+	elasticBeatsDir, err := ElasticBeatsDir()
+	if err != nil {
+		return err
+	}
+	templatesDir := filepath.Join(elasticBeatsDir, "dev-tools/packaging/templates/docker")
+
+	data := map[string]interface{}{
+		"ModulesDirs": b.modulesDirs(),
+	}
+
+	return filepath.Walk(templatesDir, func(path string, info os.FileInfo, _ error) error {
+		if !info.IsDir() {
+			target := strings.TrimSuffix(
+				filepath.Join(b.buildDir, filepath.Base(path)),
+				".tmpl",
+			)
+
+			err = b.ExpandFile(path, target, data)
+			if err != nil {
+				return errors.Wrapf(err, "expanding template '%s' to '%s'", path, target)
+			}
+		}
+		return nil
+	})
+}
+
+func (b *dockerBuilder) dockerBuild() (string, error) {
+	tag := fmt.Sprintf("%s:%s", b.Name, b.Version)
+	if repository, _ := b.ExtraVars["repository"]; repository != "" {
+		tag = fmt.Sprintf("%s/%s", repository, tag)
+	}
+	return tag, sh.Run("docker", "build", "-t", tag, b.buildDir)
+}
+
+func (b *dockerBuilder) dockerSave(tag string) error {
+	// Save the container as artifact
+	outputFile := b.OutputFile
+	if outputFile == "" {
+		outputTar, err := b.Expand(defaultBinaryName + ".docker.tar")
+		if err != nil {
+			return err
+		}
+		outputFile = filepath.Join(distributionsDir, outputTar)
+	}
+	if err := sh.Run("docker", "save", "-o", outputFile, tag); err != nil {
+		return err
+	}
+	return errors.Wrap(CreateSHA512File(outputFile), "failed to create .sha512 file")
+}

dev-tools/mage/pkgtypes.go

@@ -61,6 +61,7 @@ const (
 	Zip
 	TarGz
 	DMG
+	Docker
 )
 
 // OSPackageArgs define a set of package types to build for an operating
@@ -103,6 +104,7 @@ type PackageFile struct {
 	Target   string                  `yaml:"target,omitempty"`    // Target location in package. Relative paths are added to a package specific directory (e.g. metricbeat-7.0.0-linux-x86_64).
 	Mode     os.FileMode             `yaml:"mode,omitempty"`      // Target mode for file. Does not apply when source is a directory.
 	Config   bool                    `yaml:"config"`              // Mark file as config in the package (deb and rpm only).
+	Modules  bool                    `yaml:"modules"`             // Mark directory as directory with modules.
 	Dep      func(PackageSpec) error `yaml:"-" hash:"-" json:"-"` // Dependency to invoke during Evaluate.
 }
 
@@ -165,6 +167,9 @@ var OSArchNames = map[string]map[PackageType]map[string]string{
 			"ppc64le":  "ppc64le",
 			"s390x":    "s390x",
 		},
+		Docker: map[string]string{
+			"amd64": "amd64",
+		},
 	},
 }
 
@@ -204,6 +209,8 @@ func (typ PackageType) String() string {
 		return "tar.gz"
 	case DMG:
 		return "dmg"
+	case Docker:
+		return "docker"
 	default:
 		return "invalid"
 	}
@@ -227,6 +234,8 @@ func (typ *PackageType) UnmarshalText(text []byte) error {
 		*typ = Zip
 	case "dmg":
 		*typ = DMG
+	case "docker":
+		*typ = Docker
 	default:
 		return errors.Errorf("unknown package type: %v", string(text))
 	}
@@ -256,6 +265,8 @@ func (typ PackageType) Build(spec PackageSpec) error {
 		return PackageTarGz(spec)
 	case DMG:
 		return PackageDMG(spec)
+	case Docker:
+		return PackageDocker(spec)
 	default:
 		return errors.Errorf("unknown package type: %v", typ)
 	}
@@ -282,6 +293,14 @@ func (s PackageSpec) ReplaceFile(target string, file PackageFile) {
 	s.Files[target] = file
 }
 
+// ExtraVar adds or replaces a variable to `extra_vars` in package specs.
+func (s *PackageSpec) ExtraVar(key, value string) {
+	if s.ExtraVars == nil {
+		s.ExtraVars = make(map[string]string)
+	}
+	s.ExtraVars[key] = value
+}
+
 // Expand expands a templated string using data from the spec.
 func (s PackageSpec) Expand(in string, args ...map[string]interface{}) (string, error) {
 	return expandTemplate("inline", in, FuncMap,
@@ -823,3 +842,16 @@ func PackageDMG(spec PackageSpec) error {
 
 	return b.Build()
 }
+
+// PackageDocker packages the Beat into a docker image.
+func PackageDocker(spec PackageSpec) error {
+	if err := HaveDocker(); err != nil {
+		return errors.Errorf("docker daemon required to build images: %s", err)
+	}
+
+	b, err := newDockerBuilder(spec)
+	if err != nil {
+		return err
+	}
+	return b.Build()
+}

dev-tools/packaging/packages.yml

@@ -157,6 +157,19 @@ shared:
         template: '{{ elastic_beats_dir }}/dev-tools/packaging/templates/windows/uninstall-service.ps1.tmpl'
         mode: 0755
 
+  - &docker_spec
+    <<: *binary_spec
+    extra_vars:
+      from: 'centos:7'
+      user: '{{ .BeatName }}'
+      repository: 'docker.elastic.co/beats'
+      linux_capabilities: ''
+    files:
+      '{{.BeatName}}.yml':
+        source: '{{.BeatName}}.docker.yml'
+        mode: 0600
+        config: true
+
   #
   # License modifiers for Apache 2.0
   #
@@ -229,6 +242,11 @@ specs:
       spec:
         <<: *deb_rpm_spec
 
+    - os: linux
+      types: [docker]
+      spec:
+        <<: *docker_spec
+
   elastic_beat_without_xpack:
     ###
     # OSS Packages
@@ -268,6 +286,13 @@ specs:
         <<: *apache_license_for_deb_rpm
         name: '{{.BeatName}}-oss'
 
+    - os: linux
+      types: [docker]
+      spec:
+        <<: *docker_spec
+        <<: *apache_license_for_binaries
+        name: '{{.BeatName}}-oss'
+
     ###
     # Elastic Licensed Packages
     ###
@@ -301,6 +326,12 @@ specs:
         <<: *deb_rpm_spec
         <<: *elastic_license_for_deb_rpm
 
+    - os: linux
+      types: [docker]
+      spec:
+        <<: *docker_spec
+        <<: *elastic_license_for_binaries
+
   # Official Beats
   elastic_beat:
     ###
@@ -341,6 +372,13 @@ specs:
         <<: *apache_license_for_deb_rpm
         name: '{{.BeatName}}-oss'
 
+    - os: linux
+      types: [docker]
+      spec:
+        <<: *docker_spec
+        <<: *apache_license_for_binaries
+        name: '{{.BeatName}}-oss'
+
     ###
     # Elastic Licensed Packages
     ###
@@ -385,3 +423,12 @@ specs:
         files:
           /usr/share/{{.BeatName}}/bin/{{.BeatName}}{{.BinaryExt}}:
             source: ../x-pack/{{.BeatName}}/build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}}
+
+    - os: linux
+      types: [docker]
+      spec:
+        <<: *docker_spec
+        <<: *elastic_license_for_binaries
+        files:
+          '{{.BeatName}}{{.BinaryExt}}':
+            source: ../x-pack/{{.BeatName}}/build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}}