diff --git a/charts/deps/containers/opensearch/Dockerfile b/charts/deps/containers/opensearch/Dockerfile index 3786655..9db39dc 100644 --- a/charts/deps/containers/opensearch/Dockerfile +++ b/charts/deps/containers/opensearch/Dockerfile @@ -1,111 +1,4 @@ -# Copyright OpenSearch Contributors -# SPDX-License-Identifier: Apache-2.0 +FROM opensearchproject/opensearch +RUN chmod -R g+rwX /usr/share/opensearch -# This dockerfile generates an AmazonLinux-based image containing an OpenSearch installation. -# It assumes that the working directory contains these files: an OpenSearch tarball (opensearch.tgz), log4j2.properties, opensearch.yml, opensearch-docker-entrypoint.sh, opensearch-onetime-setup.sh. -# Build arguments: -# VERSION: Required. Used to label the image. -# UID: Optional. Specify the opensearch userid. Defaults to 1000. -# GID: Optional. Specify the opensearch groupid. Defaults to 1000. -# OPENSEARCH_HOME: Optional. Specify the opensearch root directory. Defaults to /usr/share/opensearch. - - -########################### Stage 0 ######################## -FROM amazonlinux:2 AS linux_stage_0 - -ARG UID=1000660000 -ARG GID=1000660000 -ARG TEMP_DIR=/tmp/opensearch -ARG OPENSEARCH_HOME=/usr/share/opensearch -ARG OPENSEARCH_PATH_CONF=$OPENSEARCH_HOME/config -ARG SECURITY_PLUGIN_DIR=$OPENSEARCH_HOME/plugins/opensearch-security -ARG PERFORMANCE_ANALYZER_PLUGIN_CONFIG_DIR=$OPENSEARCH_PATH_CONF/opensearch-performance-analyzer -ARG OS_VERSION=2.5.0 -# Update packages -# Install the tools we need: tar and gzip to unpack the OpenSearch tarball, and shadow-utils to give us `groupadd` and `useradd`. -# Install which to allow running of securityadmin.sh -RUN yum update -y && yum install -y tar gzip shadow-utils which && yum clean all - -# Create an opensearch user, group, and directory -RUN groupadd -g $GID opensearch && \ - adduser -u $UID -g $GID -d $OPENSEARCH_HOME opensearch && \ - mkdir $TEMP_DIR - -RUN mkdir /usr/share/elasticsearch -WORKDIR /usr/share/elasticsearch - -RUN set -eux ; \ - cur_arch="" ; \ - case "$(arch)" in \ - aarch64) cur_arch='arm64' ;; \ - x86_64) cur_arch='x64' ;; \ - *) echo >&2 ; echo >&2 "Unsupported architecture $(arch)" ; echo >&2 ; exit 1 ;; \ - esac ; \ - curl --retry 10 -S -L --output $TEMP_DIR/opensearch.tar.gz https://artifacts.opensearch.org/releases/bundle/opensearch/$OS_VERSION/opensearch-$OS_VERSION-linux-$cur_arch.tar.gz; \ - curl --output $TEMP_DIR/opensearch.pgp https://artifacts.opensearch.org/publickeys/opensearch.pgp; \ - gpg --import $TEMP_DIR/opensearch.pgp; \ - curl --output $TEMP_DIR/opensearch.tar.gz.sig https://artifacts.opensearch.org/releases/bundle/opensearch/$OS_VERSION/opensearch-$OS_VERSION-linux-$cur_arch.tar.gz.sig; \ - gpg --verify $TEMP_DIR/opensearch.tar.gz.sig $TEMP_DIR/opensearch.tar.gz; - -RUN tar --warning=no-timestamp -zxf $TEMP_DIR/opensearch.tar.gz -C $OPENSEARCH_HOME --strip-components=1 && \ - mkdir -p $OPENSEARCH_HOME/data && chown -Rv $UID:$GID $OPENSEARCH_HOME/data && \ - if [[ -d $SECURITY_PLUGIN_DIR ]] ; then chmod -v 750 $SECURITY_PLUGIN_DIR/tools/* ; fi && \ - rm -rf $TEMP_DIR - -COPY config/* $OPENSEARCH_PATH_CONF/ -COPY bin/* $OPENSEARCH_HOME/ -RUN if [[ -d $PERFORMANCE_ANALYZER_PLUGIN_CONFIG_DIR ]] ; then mv $OPENSEARCH_PATH_CONF/performance-analyzer.properties $PERFORMANCE_ANALYZER_PLUGIN_CONFIG_DIR/ ; fi -########################### Stage 1 ######################## -# Copy working directory to the actual release docker images -FROM amazonlinux:2 - -ARG UID=1000660000 -ARG GID=1000660000 -ARG OPENSEARCH_HOME=/usr/share/opensearch -ARG OS_VERSION=2.5.0 - -RUN yum update -y && yum install -y tar gzip shadow-utils which && yum clean all - -# Create an opensearch user, group -RUN groupadd -g $GID opensearch && \ - adduser -u $UID -g $GID -d $OPENSEARCH_HOME opensearch - -# Copy from Stage0 -COPY --from=linux_stage_0 --chown=$UID:$GID $OPENSEARCH_HOME $OPENSEARCH_HOME -WORKDIR $OPENSEARCH_HOME - -# Set $JAVA_HOME -RUN echo "export JAVA_HOME=$OPENSEARCH_HOME/jdk" >> /etc/profile.d/java_home.sh && \ - echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh -ENV JAVA_HOME=$OPENSEARCH_HOME/jdk -ENV PATH=$PATH:$JAVA_HOME/bin:$OPENSEARCH_HOME/bin - -# Add k-NN lib directory to library loading path variable -ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$OPENSEARCH_HOME/plugins/opensearch-knn/lib" - -# Change user -USER $UID - - -# Setup OpenSearch -# Disable security demo installation during image build, and allow user to disable during startup of the container -# Enable security plugin during image build, and allow user to disable during startup of the container -ARG DISABLE_INSTALL_DEMO_CONFIG=true -ARG DISABLE_SECURITY_PLUGIN=false -RUN ./opensearch-onetime-setup.sh - -EXPOSE 9200 9300 9600 9650 - -# Label -LABEL org.label-schema.schema-version="1.0" \ - org.label-schema.name="opensearch" \ - org.label-schema.version="$OS_VERSION" \ - org.label-schema.url="https://opensearch.org" \ - org.label-schema.vcs-url="https://github.com/OpenSearch" \ - org.label-schema.license="Apache-2.0" \ - org.label-schema.vendor="OpenSearch" - -# CMD to run - ENTRYPOINT ["./opensearch-docker-entrypoint.sh"] - CMD ["opensearch"]