This repository has been archived by the owner on Aug 2, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 176
/
Dockerfile.j2
214 lines (172 loc) · 8.26 KB
/
Dockerfile.j2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
# Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
# Description:
# Dockerfile for building the docker image for open distro for elasticsearch
#
# This file was generated from the template at templates/Dockerfile.j2
################################################################################
# This Dockerfile was generated from the template at templates/Dockerfile.j2
#
# Beginning of multi stage Dockerfile
################################################################################
{% set tarball = 'elasticsearch-oss-%s-linux-x86_64.tar.gz' % elastic_version -%}
{% if artifacts_dir %}
{% set artifact_repo_url = 'file:///%s' % artifacts_dir -%}
{% endif %}
################################################################################
# Build stage 0 `prep_es_files`:
# Extract elasticsearch artifact
# Install required plugins
# Set gid=0 and make group perms==owner perms
################################################################################
FROM centos:7 AS prep_es_files
RUN date && echo OD_VERSION {{version_tag}} ES_VERSION {{elastic_version}}
ENV PATH /usr/share/elasticsearch/bin:$PATH
## Old methods, save here for possible revert
#RUN curl -s https://download.java.net/java/GA/jdk12.0.2/e482c34c86bd4bf8b56c0b35558996b9/10/GPL/openjdk-12.0.2_linux-x64_bin.tar.gz | tar -C /opt -zxf -
#ENV JAVA_HOME /opt/jdk-12.0.2
RUN yum -y update \
&& yum -y groupinstall "Development Tools" \
&& yum install -y unzip glibc.x86_64 cmake \
&& yum clean all
RUN groupadd -g 1000 elasticsearch && \
adduser -u 1000 -g 1000 -d /usr/share/elasticsearch elasticsearch
USER 1000
{% if artifacts_dir %}
COPY --chown=1000:0 {{ '%s/' % artifacts_dir }} {{ artifacts_dir }}
{% endif %}
RUN rm -rf /tmp/plugins && mkdir /tmp/plugins
ADD plugins /tmp/plugins/
################################################################################
# Set WORKDIR here
WORKDIR /usr/share/elasticsearch
# Download and extract defined ES version.
RUN curl -fsSL {{ elastic_artifacts_url }}/{{ tarball }} | \
tar zx --strip-components=1
RUN set -ex && for esdirs in config data logs; do \
mkdir -p "$esdirs"; \
done
## Related to jdk version in docker, use the bundled one instead of jdk 12 here
USER 0
RUN cp -rp /usr/share/elasticsearch/jdk /opt/jdk
ENV JAVA_HOME /opt/jdk
ENV PATH $PATH:$JAVA_HOME/bin
RUN java -version && echo CURR_DIR && pwd
# Compile the C-library for kNN
USER 1000
RUN set -ex; \
export KNN_VERSION=`git ls-remote --tags "https://github.com/opendistro-for-elasticsearch/k-NN" v* | grep $(echo {{version_tag}} | sed -E "s/.[0-9]+$//g") | grep -oh "v[0-9.]*" | sort | tail -n 1` \
&& git ls-remote --tags https://github.com/opendistro-for-elasticsearch/k-NN.git v* \
&& echo KNN_VERSION $KNN_VERSION \
&& git clone --recursive --branch $KNN_VERSION https://github.com/opendistro-for-elasticsearch/k-NN.git /usr/share/elasticsearch/k-NN \
&& cd /usr/share/elasticsearch/k-NN/jni \
&& sed -i 's/-march=native/-march=x86-64/g' external/nmslib/similarity_search/CMakeLists.txt \
&& cmake . \
&& make \
&& mkdir /tmp/jni/ && cp release/*.so /tmp/jni/ && ls -ltr /tmp/jni/ \
&& rm -rf /usr/share/elasticsearch/k-NN
# Bust cache for wgets
ENV BUST_CACHE {{ bust_cache }}
# Install the required modules
#RUN for plugin_path in {{ plugin_url_paths }}; do \
RUN for plugin_path in `cat /tmp/plugins/plugins_elasticsearch.list`; do \
elasticsearch-plugin install --batch file:/tmp/plugins/$plugin_path; \
done
# Pull performance analyzer agent(RCA) from the plugin directory out into ESHOME and make the agent executable.
RUN perf_dir=`ls -p plugins/ | grep performance`; \
rca_dir=`ls -p plugins/$perf_dir | grep rca/`; \
perf_rca_dir=plugins/$perf_dir$rca_dir; \
echo perf_rca_dir $perf_rca_dir; \
if [ -d "$perf_rca_dir" ]; then \
mv -v $perf_rca_dir ./ && \
chmod 755 performance-analyzer-rca/pa_bin/performance-analyzer-agent; fi
# Make the certificate installer script executable. This script has to be executed before ES is started.
RUN security=`ls -p plugins/ | grep security` && \
if [ ! -z "$security" ]; then chmod +x plugins/$security/tools/install_demo_configuration.sh; echo "Security plugin installed"; \
else echo "Security plugin is not yet installed"; fi
COPY --chown=1000:0 elasticsearch.yml log4j2.properties config/
USER 0
# Set gid to 0 for opendistroforelasticsearch and make group permission similar to that of user
RUN chown -R elasticsearch:0 . && \
chmod -R g=u /usr/share/elasticsearch
RUN pfa=`ls -p plugins/ | grep performance` && \
if [ ! -z "$pfa" ]; then chmod 755 plugins/$pfa/pa_bin/performance-analyzer-agent; echo "Performance Analyzer plugin installed"; \
else echo "Performace Analyzer plugin is not yet installed"; fi
RUN chmod -R 755 /dev/shm
################################################################################
# Build stage 1 (the actual opendistroforelasticsearch image):
# Copy opendistroforelasticsearch from stage 0
# Add entrypoint
################################################################################
FROM centos:7
ENV ELASTIC_CONTAINER true
RUN \
rpm --rebuilddb && yum clean all && \
yum install -y epel-release && \
yum update -y && \
yum install -y \
iproute \
python-setuptools \
hostname \
inotify-tools \
yum-utils \
which \
jq \
rsync && \
yum clean all && \
easy_install supervisor
RUN yum update -y && \
yum install -y nc unzip wget which && \
yum clean all
COPY CENTOS_LICENSING.txt /root
##COPY --from=prep_es_files --chown=1000:0 /opt/jdk-12.0.2 /opt/jdk-12.0.2
COPY --from=prep_es_files --chown=1000:0 /opt/jdk /opt/jdk
ENV JAVA_HOME /opt/jdk
ENV PATH $PATH:$JAVA_HOME/bin
RUN java -version
# Replace OpenJDK's built-in CA certificate keystore with the one from the OS
# vendor. The latter is superior in several ways.
##RUN ln -sf /etc/pki/ca-trust/extracted/java/cacerts /opt/jdk-12.0.2/lib/security/cacerts
RUN ln -sf /etc/pki/ca-trust/extracted/java/cacerts $JAVA_HOME/lib/security/cacerts
RUN mkdir /usr/share/elasticsearch && \
groupadd -g 1000 elasticsearch && \
adduser -u 1000 -g 1000 -G 0 -d /usr/share/elasticsearch elasticsearch && \
chmod 0775 /usr/share/elasticsearch && \
chgrp 0 /usr/share/elasticsearch
RUN mkdir -p /usr/share/supervisor/performance_analyzer/ && \
chown 1000 /usr/share/supervisor/performance_analyzer
WORKDIR /usr/share/elasticsearch
COPY --from=prep_es_files --chown=1000:0 /usr/share/elasticsearch /usr/share/elasticsearch
COPY --from=prep_es_files /tmp/jni/libKNNIndex*.so /usr/lib
ENV PATH /usr/share/elasticsearch/bin:$PATH
ADD --chown=1000:0 bin/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
# Openshift overrides USER and uses ones with randomly uid>1024 and gid=0
# Allow ENTRYPOINT (and ES) to run even with a different user
RUN chgrp 0 /usr/local/bin/docker-entrypoint.sh && \
chmod g=u /etc/passwd && \
chmod 0775 /usr/local/bin/docker-entrypoint.sh
EXPOSE 9200 9300 9600 9650
LABEL org.label-schema.schema-version="1.0" \
org.label-schema.name="opendistroforelasticsearch" \
org.label-schema.version="{{ version_tag }}" \
org.label-schema.url="https://opendistro.github.io" \
org.label-schema.vcs-url="https://github.com/opendistro-for-elasticsearch/opendistro-build" \
org.label-schema.license="Apache-2.0" \
org.label-schema.vendor="Amazon" \
org.label-schema.build-date="{{ build_date }}"
ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
# Dummy overridable parameter parsed by entrypoint
CMD ["eswrapper"]
################################################################################
# End of multi-stage Dockerfile
################################################################################