Skip to content

Commit

Permalink
Some cleanup
Browse files Browse the repository at this point in the history
  • Loading branch information
breskeby committed Dec 4, 2024
1 parent 2a3467d commit 30cfd03
Show file tree
Hide file tree
Showing 4 changed files with 6 additions and 16 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,9 @@ public enum DockerBase {
// Based on WOLFI above, with more extras. We don't set a base image because
// we programmatically extend from the wolfi image.
CLOUD_ESS(null, "-cloud-ess", "apk"),

// Based on WOLFI above, we programmatically extend from the wolfi image.
FIPS(null, "-fips", "apk");


private final String image;
private final String suffix;
private final String packageManager;
Expand Down
10 changes: 4 additions & 6 deletions distribution/docker/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -113,8 +113,8 @@ dependencies {
filebeat_x86_64 "beats:filebeat:${VersionProperties.elasticsearch}:linux-x86_64@tar.gz"
metricbeat_aarch64 "beats:metricbeat:${VersionProperties.elasticsearch}:linux-arm64@tar.gz"
metricbeat_x86_64 "beats:metricbeat:${VersionProperties.elasticsearch}:linux-x86_64@tar.gz"
fips "org.bouncycastle:bctls-fips:1.0.17"
fips "org.bouncycastle:bc-fips:1.0.2.4"
fips "org.bouncycastle:bctls-fips:1.0.19"
fips "org.bouncycastle:bc-fips:1.0.2.5"
}

ext.expansions = { Architecture architecture, DockerBase base ->
Expand Down Expand Up @@ -570,19 +570,17 @@ void addBuildCloudDockerImageTasks(Architecture architecture) {
}

// fips
//String javaSecurityFilename = buildParams.runtimeJavaDetails.get().toLowerCase().contains('oracle') ? 'fips_java_oracle.security' : 'fips_java.security'
String javaSecurityFilename = 'fips_java.security'
String javaSecurityFilename = buildParams.runtimeJavaDetails.get().toLowerCase().contains('oracle') ? 'fips_java_oracle.security' : 'fips_java.security'
//String javaSecurityFilename = 'fips_java.security'
File fipsResourcesDir = new File(project.buildDir, 'fips-resources')
File fipsSecurity = new File(fipsResourcesDir, javaSecurityFilename)
File fipsPolicy = new File(fipsResourcesDir, 'fips_java.policy')
//File fipsTrustStore = new File(fipsResourcesDir, 'cacerts.bcfks')

TaskProvider<ExportElasticsearchBuildResourcesTask> fipsResourcesTask = tasks.register('fipsResources', ExportElasticsearchBuildResourcesTask)
fipsResourcesTask.configure {
outputDir = fipsResourcesDir
copy javaSecurityFilename
copy 'fips_java.policy'
// copy 'cacerts.bcfks'
}

for (final Architecture architecture : Architecture.values()) {
Expand Down
4 changes: 2 additions & 2 deletions distribution/docker/src/docker/Dockerfile.fips
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,8 @@ RUN cp node1/node1.crt config
RUN cp node1/node1.key config

WORKDIR /usr/share/elasticsearch/config
# Add policies for FIPS
RUN cat <<EOF > elasticsearch.yml
# Add fips specific configuration
RUN cat <<EOF >> elasticsearch.yml
xpack.security.fips_mode.enabled: true
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
Expand Down
6 changes: 0 additions & 6 deletions distribution/docker/src/docker/config/elasticsearch.yml
Original file line number Diff line number Diff line change
@@ -1,8 +1,2 @@
cluster.name: "docker-cluster"
network.host: 0.0.0.0
#xpack.security.fips_mode.enabled: true
#xpack.security.autoconfiguration.enabled: false
## xpack.security.fips_mode.required_providers: ["BCFIPS"]
#xpack.security.fips_mode.required_providers: ["BCFIPS", "BCJSSE"]
#xpack.security.authc.password_hashing.algorithm: "pbkdf2_stretch"
## xpack.security.transport.ssl.enabled: true

0 comments on commit 30cfd03

Please sign in to comment.