Add elastic-agent-wolfi-complete Docker image
#5475
Conversation
So, we have a Wolfi-based image with Synthetics.
rdner
added
Team:Elastic-Agent-Control-Plane
|
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane) |
There was a problem hiding this comment.
This looks good and I don't see any issues with this PR, except for all the switches of '' to ". That really pollutes this PR and when doing a git show once this is merged it is going to show many line changes that are unrelated to creating wolfi-complete. Could you please split out the ' to " change to its own PR?
|
@blakerouse sorry about that, I'll clean it up. |
|
How'd we test this? Can you create a Synethics private location using the agent container? https://www.elastic.co/guide/en/observability/current/synthetics-settings.html#synthetics-settings-private-locations |
|
This pull request is now in conflicts. Could you fix it? 🙏 |
There was a problem hiding this comment.
Changes looks good to me.
I would test this by packaging and adding it as Synthetics private location as @cmacknz commented out. Steps would be
- Package it up and run the elastic agent with specific flags
- Start the Kibana and add the agent as Private location
- Now you can go the Synthetics App and create both Lightweight and browser monitors to confirm they are running as expected
| {{ $beatHome }}/.synthetics \ | ||
| {{ $beatHome }}/.npm \ | ||
| {{ $beatHome }}/.cache \ | ||
| | xargs -IDIR sh -c 'mkdir -m 0770 -p DIR && chown -R {{ .user }} DIR' |
There was a problem hiding this comment.
If we can keep the permission in sync with the other PR - https://github.com/elastic/beats/pull/40689/files#r1750771988
There was a problem hiding this comment.
Sorry, I have not seen the original comment https://github.com/elastic/beats/pull/40689/files#r1750771988 and thought it was a typo which I "fixed" in elastic/beats@b06f7ce
I think I need more context on how switching permissions 0770 to 0775 reflects removing the agent from the root group. The user created for this container is the owner of the entire directory tree and the last 0 in the bitmask denies access to "other" users and groups. Why should it be "read and execute" instead?
There was a problem hiding this comment.
I think @emilioalvap would be the right person to ask in this case 🙂
rdner
force-pushed
the
elastic-agent-wolfi-complete
branch
from
66880a1
to
e7e69e7
Compare
|
I'll go through the testing steps from #5475 (review) and will update the description of the PR once done. |
|
@vigneshshanmugam @emilioalvap I might need some help here. I've created a browser (muiltistep) monitor with the following script: step('Load the System integration page', async () => {
await page.goto('https://www.elastic.co/docs/current/integrations');
});And I get this error on its execution: And, indeed, I don't see Chromium installation in the original PR for Heartbeat elastic/beats#40689 Unlike the Ubuntu section here https://github.com/elastic/beats/blob/88c84a09ef35f4c5c5548562f7e1b796eec8fe8f/dev-tools/packaging/templates/docker/Dockerfile.tmpl#L217 the new code for Wolfi does not have Chromium. I see that the Heartbeat PR was well-tested (see description) and I wonder how it worked if the same setup with Elastic Agent does not? Can you help me with the missing parts of the installation script? |
|
@rdner Good catch, Indeed we dont have the deps. I was thinking the installation of synthetics would auto-install the playwright browsers but this has been changed recently. We need to fix also on the HB layer. Can you add this to the wolfi image This should install the chromium browser that we need to run the browser monitors. |
|
@vigneshshanmugam if I add this line I get: Looks like we need to install |
|
@rdner My bad, the issue here is that |
|
|
|
@emilioalvap @vigneshshanmugam my bad, in the Dockerfile I switched to the root user before installing synthetics and all the dependencies got installed in a wrong directory. Fixed it in 0f354a7 and everything worked as expected (see the description of this PR). |
|
|
|
mergify
bot
added
the
backport-8.x
So, we have a Wolfi-based image with Synthetics. (cherry picked from commit f8fd7a7)
So, we have a Wolfi-based image with Synthetics. (cherry picked from commit f8fd7a7) Co-authored-by: Denis <[email protected]>
What does this PR do?
The PR adds a new Wolfi-based
elastic-agent-wolfi-completeDocker image that contains Synthetics.Why is it important?
It's useful, for example, if a configured integration is running Heartbeat. It also completes the migration of all images to Wolfi.
How to test this PR locally
Before:
After:
I enrolled an agent running on the new
elastic-agent-wolfi-completeimage with the flags from here https://www.elastic.co/guide/en/observability/current/synthetics-private-location.html#synthetics-private-location-connect:Created a private location in Synthetics:
I created a lightweight monitor (HTTP ping) for https://www.elastic.co/docs/current/integrations and a browser monitor (multistep) for this script:
Both monitors succeeded:
Related issues