diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 7107b4197c1..f78c89226f4 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -17,6 +17,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff] - Drop support for Debian 10 and upgrade statically linked glibc from 2.28 to 2.31 {pull}41402[41402] - Fix metrics not being ingested, due to "Limit of total fields [10000] has been exceeded while adding new fields [...]". The total fields limit has been increased to 12500. No significant performance impact on Elasticsearch is anticipated. {pull}41640[41640] - Set default kafka version to 2.1.0 in kafka output and filebeat. {pull}41662[41662] +- Replace default Ubuntu-based images with UBI-minimal-based ones {pull}42150[42150] *Auditbeat* diff --git a/dev-tools/packaging/packages.yml b/dev-tools/packaging/packages.yml index 1391368cf0b..15dd3c32709 100644 --- a/dev-tools/packaging/packages.yml +++ b/dev-tools/packaging/packages.yml @@ -159,7 +159,7 @@ shared: - &docker_spec <<: *binary_spec extra_vars: - from: '--platform=linux/amd64 ubuntu:24.04' + from: '--platform=linux/amd64 docker.elastic.co/ubi9/ubi-minimal' buildFrom: '--platform=linux/amd64 cgr.dev/chainguard/wolfi-base' user: '{{ .BeatName }}' linux_capabilities: '' @@ -172,18 +172,8 @@ shared: - &docker_arm_spec <<: *docker_spec extra_vars: - from: '--platform=linux/arm64 ubuntu:24.04' - buildFrom: '--platform=linux/arm64 cgr.dev/chainguard/wolfi-base' - - - &docker_ubi_spec - extra_vars: - image_name: '{{.BeatName}}-ubi' - from: '--platform=linux/amd64 docker.elastic.co/ubi9/ubi-minimal' - - - &docker_arm_ubi_spec - extra_vars: - image_name: '{{.BeatName}}-ubi' from: '--platform=linux/arm64 docker.elastic.co/ubi9/ubi-minimal' + buildFrom: '--platform=linux/arm64 cgr.dev/chainguard/wolfi-base' - &docker_wolfi_spec extra_vars: @@ -405,15 +395,6 @@ specs: <<: *elastic_docker_spec <<: *elastic_license_for_binaries - - os: linux - arch: amd64 - types: [docker] - spec: - <<: *docker_spec - <<: *docker_ubi_spec - <<: *elastic_docker_spec - <<: *elastic_license_for_binaries - - os: linux arch: amd64 types: [docker] @@ -431,15 +412,6 @@ specs: <<: *elastic_docker_spec <<: *elastic_license_for_binaries - - os: linux - arch: arm64 - types: [docker] - spec: - <<: *docker_arm_spec - <<: *docker_arm_ubi_spec - <<: *elastic_docker_spec - <<: *elastic_license_for_binaries - - os: linux arch: arm64 types: [docker] @@ -536,18 +508,6 @@ specs: '{{.BeatName}}{{.BinaryExt}}': source: ./{{.XPackDir}}/{{.BeatName}}/build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}} - - os: linux - arch: amd64 - types: [docker] - spec: - <<: *docker_spec - <<: *docker_ubi_spec - <<: *elastic_docker_spec - <<: *elastic_license_for_binaries - files: - '{{.BeatName}}{{.BinaryExt}}': - source: ./{{.XPackDir}}/{{.BeatName}}/build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}} - - os: linux arch: amd64 types: [docker] @@ -571,18 +531,6 @@ specs: '{{.BeatName}}{{.BinaryExt}}': source: ./{{.XPackDir}}/{{.BeatName}}/build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}} - - os: linux - arch: arm64 - types: [docker] - spec: - <<: *docker_arm_spec - <<: *docker_arm_ubi_spec - <<: *elastic_docker_spec - <<: *elastic_license_for_binaries - files: - '{{.BeatName}}{{.BinaryExt}}': - source: ./{{.XPackDir}}/{{.BeatName}}/build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}} - - os: linux arch: arm64 types: [docker] diff --git a/dev-tools/packaging/templates/docker/Dockerfile.tmpl b/dev-tools/packaging/templates/docker/Dockerfile.tmpl index d5696e9fa0e..85ee13e57de 100644 --- a/dev-tools/packaging/templates/docker/Dockerfile.tmpl +++ b/dev-tools/packaging/templates/docker/Dockerfile.tmpl @@ -49,25 +49,14 @@ RUN for iter in {1..10}; do \ {{- if contains .from "ubi-minimal" }} RUN for iter in {1..10}; do \ microdnf -y update && \ - microdnf -y install findutils shadow-utils && \ + microdnf -y install findutils shadow-utils ca-certificates \ + gawk libcap xz tar && \ microdnf clean all && \ exit_code=0 && break || exit_code=$? && echo "microdnf error: retry $iter in 10s" && sleep 10; \ done; \ (exit $exit_code) {{- end }} -{{- if contains .from "ubuntu" }} -RUN touch /var/mail/ubuntu && chown ubuntu /var/mail/ubuntu && userdel -r ubuntu - -RUN for iter in {1..10}; do \ - apt-get update -y && \ - DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends --yes ca-certificates curl gawk libcap2-bin xz-utils && \ - apt-get clean all && \ - exit_code=0 && break || exit_code=$? && echo "apt-get error: retry $iter in 10s" && sleep 10; \ - done; \ - (exit $exit_code) -{{- end }} - LABEL \ org.label-schema.build-date="{{ date }}" \ org.label-schema.schema-version="1.0" \ @@ -166,7 +155,7 @@ USER {{ .user }} RUN (npm i -g --loglevel verbose --production --engine-strict @elastic/synthetics@stack_release || sh -c 'tail -n +1 ${NPM_CONFIG_PREFIX}/_logs/* && exit 1') {{- end }} -{{- if (and (eq .BeatName "heartbeat") (contains .from "ubuntu")) }} +{{- if (and (eq .BeatName "heartbeat") (contains .from "ubi-minimal")) }} USER root ENV NODE_PATH={{ $beatHome }}/.node RUN echo \ @@ -217,12 +206,23 @@ USER root # We don't use npx playwright install-deps because that could pull a newer version # Install additional fonts as well RUN for iter in {1..10}; do \ - apt-get update -y && \ - $NODE_PATH/node/lib/node_modules/@elastic/synthetics/node_modules/.bin/playwright install-deps chromium && \ - DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends --yes \ - fonts-noto \ - fonts-noto-cjk && \ - exit_code=0 && break || exit_code=$? && echo "apt-get error: retry $iter in 10s" && sleep 10; \ + microdnf -y update && \ + microdnf -y install fontconfig freetype cairo glib2 gtk3 pango xorg-x11-fonts-misc xorg-x11-fonts-Type1 \ + at-spi2-atk atk at-spi2-core alsa-lib cups-libs dbus-libs libdrm mesa-libEGL mesa-libgbm nspr nss libX11 \ + libX11-xcb libxcb libXcomposite libXdamage libXext libXfixes libXrandr libxkbcommon libxshmfence glib2 \ + dbus-glib libicu mesa-libGL unzip -y && \ + mkdir -p /usr/share/fonts/google-noto && \ + curl -LO https://noto-website-2.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip && \ + unzip NotoSansCJKjp-hinted.zip -d /usr/share/fonts/google-noto && \ + rm -f NotoSansCJKjp-hinted.zip && \ + microdnf -y remove unzip && \ + curl -LO https://github.com/googlefonts/noto-fonts/raw/main/hinted/ttf/NotoSans/NotoSans-Regular.ttf && \ + mv NotoSans-Regular.ttf /usr/share/fonts/google-noto && \ + curl -LO https://github.com/googlefonts/noto-emoji/raw/main/fonts/NotoColorEmoji.ttf && \ + mv NotoColorEmoji.ttf /usr/share/fonts/google-noto && \ + fc-cache -fv && \ + microdnf clean all && \ + exit_code=0 && break || exit_code=$? && echo "microdnf error: retry $iter in 10s" && sleep 10; \ done; \ (exit $exit_code) {{- end }}