Rename docker fips image to cloud-ess-fips (#127561)

build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/DockerBase.java

@@ -28,16 +28,17 @@ public enum DockerBase {
         "apk",
         "Dockerfile"
     ),
-    FIPS(
-        "docker.elastic.co/wolfi/chainguard-base-fips:sha256-ebfc3f1d7dba992231747a2e05ad1b859843e81b5e676ad342859d7cf9e425a7@sha256:ebfc3f1d7dba992231747a2e05ad1b859843e81b5e676ad342859d7cf9e425a7",
-        "-fips",
-        "apk",
-        "Dockerfile"
-    ),
     // spotless:on
     // Based on WOLFI above, with more extras. We don't set a base image because
     // we programmatically extend from the wolfi image.
-    CLOUD_ESS(null, "-cloud-ess", "apk", "Dockerfile.cloud-ess"),;
+    CLOUD_ESS(null, "-cloud-ess", "apk", "Dockerfile.cloud-ess"),
+
+    CLOUD_ESS_FIPS(
+        "docker.elastic.co/wolfi/chainguard-base-fips:sha256-ebfc3f1d7dba992231747a2e05ad1b859843e81b5e676ad342859d7cf9e425a7@sha256:ebfc3f1d7dba992231747a2e05ad1b859843e81b5e676ad342859d7cf9e425a7",
+        "-cloud-ess-fips",
+        "apk",
+        "Dockerfile"
+    );
 
     private final String image;
     private final String suffix;

distribution/docker/build.gradle

@@ -314,7 +314,7 @@ void addBuildDockerContextTask(Architecture architecture, DockerBase base, Strin
           filter TransformLog4jConfigFilter
         }
       }
-      if(base == DockerBase.FIPS) {
+      if(base == DockerBase.CLOUD_ESS_FIPS) {
 
         // If we're performing a release build, but `build.id` hasn't been set, we can
         // infer that we're not at the Docker building stage of the build, and therefore
@@ -608,19 +608,19 @@ subprojects { Project subProject ->
     DockerBase base = DockerBase.DEFAULT
     if (subProject.name.contains('ironbank-')) {
       base = DockerBase.IRON_BANK
-    } else if (subProject.name.contains('cloud-ess-')) {
+    } else if (subProject.name.contains('cloud-ess-docker')) {
       base = DockerBase.CLOUD_ESS
     } else if (subProject.name.contains('wolfi-')) {
       base = DockerBase.WOLFI
-    } else if (subProject.name.contains('fips-')) {
-      base = DockerBase.FIPS
+    } else if (subProject.name.contains('cloud-ess-fips-docker')) {
+      base = DockerBase.CLOUD_ESS_FIPS
     }
 
     final String arch = architecture == Architecture.AARCH64 ? '-aarch64' : ''
     final String extension =
       (base == DockerBase.IRON_BANK ? 'ironbank.tar' :
         (base == DockerBase.CLOUD_ESS ? 'cloud-ess.tar' :
-          (base == DockerBase.FIPS ? 'fips.tar' :
+          (base == DockerBase.CLOUD_ESS_FIPS ? 'cloud-ess-fips.tar' :
             (base == DockerBase.WOLFI ? 'wolfi.tar' :
               'docker.tar'))))
     final String artifactName = "elasticsearch${arch}${base.suffix}_test"

distribution/docker/src/docker/Dockerfile

@@ -41,7 +41,7 @@ RUN chmod 0555 /bin/tini
 <% } else { %>
 
 # Install required packages to extract the Elasticsearch distribution
-<% if (docker_base == "wolfi" || docker_base == "fips") { %>
+<% if (docker_base == "wolfi" || docker_base == "cloud_ess_fips") { %>
 RUN <%= retry.loop(package_manager, "export DEBIAN_FRONTEND=noninteractive && ${package_manager} update && ${package_manager} update && ${package_manager} add --no-cache curl") %>
 <% } else { %>
 RUN <%= retry.loop(package_manager, "${package_manager} install -y findutils tar gzip") %>
@@ -115,7 +115,7 @@ RUN sed -i -e 's/ES_DISTRIBUTION_TYPE=tar/ES_DISTRIBUTION_TYPE=docker/' bin/elas
     chmod 0775 bin config config/jvm.options.d data logs plugins && \\
     find config -type f -exec chmod 0664 {} +
 
-<% if (docker_base == "fips") { %>
+<% if (docker_base == "cloud_ess_fips") { %>
 
 # Add plugins infrastructure
 RUN mkdir -p /opt/plugins/archive
@@ -179,7 +179,7 @@ RUN ${package_manager} update --setopt=tsflags=nodocs -y && \\
       nc shadow-utils zip findutils unzip procps-ng && \\
     ${package_manager} clean all
 
-<% } else if (docker_base == "wolfi" || docker_base == "fips") { %>
+<% } else if (docker_base == "wolfi" || docker_base == "cloud_ess_fips") { %>
 RUN <%= retry.loop(package_manager,
           "export DEBIAN_FRONTEND=noninteractive && \n" +
           "      ${package_manager} update && \n" +
@@ -208,7 +208,7 @@ RUN <%= retry.loop(
 <% } %>
 
 
-<% if (docker_base == "wolfi" || docker_base == "fips") { %>
+<% if (docker_base == "wolfi" || docker_base == "cloud_ess_fips") { %>
 RUN groupadd -g 1000 elasticsearch && \
     adduser -G elasticsearch -u 1000 elasticsearch -D --home /usr/share/elasticsearch elasticsearch && \
     adduser elasticsearch root && \
@@ -219,17 +219,17 @@ RUN groupadd -g 1000 elasticsearch && \\
     chown -R 0:0 /usr/share/elasticsearch
 <% } %>
 
-ENV ELASTIC_CONTAINER true
+ENV ELASTIC_CONTAINER=true
 
 WORKDIR /usr/share/elasticsearch
 
 COPY --from=builder --chown=0:0 /usr/share/elasticsearch /usr/share/elasticsearch
-<% if (docker_base != "wolfi" && docker_base != "fips") { %>
+<% if (docker_base != "wolfi" && docker_base != "cloud_ess_fips") { %>
 COPY --from=builder --chown=0:0 /bin/tini /bin/tini
 <% } %>
 
-ENV PATH /usr/share/elasticsearch/bin:\$PATH
-ENV SHELL /bin/bash
+ENV PATH=/usr/share/elasticsearch/bin:\$PATH
+ENV SHELL=/bin/bash
 COPY ${bin_dir}/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
 
 # 1. Sync the user and group permissions of /etc/passwd
@@ -249,7 +249,7 @@ RUN chmod g=u /etc/passwd && \\
     chmod 0775 /usr/share/elasticsearch && \\
     chown elasticsearch bin config config/jvm.options.d data logs plugins
 
-<% if (docker_base == 'wolfi' || docker_base == "fips") { %>
+<% if (docker_base == 'wolfi' || docker_base == "cloud_ess_fips") { %>
 RUN ln -sf /etc/ssl/certs/java/cacerts /usr/share/elasticsearch/jdk/lib/security/cacerts
 <% } else { %>
 RUN ln -sf /etc/pki/ca-trust/extracted/java/cacerts /usr/share/elasticsearch/jdk/lib/security/cacerts
@@ -292,7 +292,7 @@ RUN mkdir /licenses && ln LICENSE.txt /licenses/LICENSE
 COPY LICENSE /licenses/LICENSE.addendum
 <% } %>
 
-<% if (docker_base == "wolfi" || docker_base == "fips") { %>
+<% if (docker_base == "wolfi" || docker_base == "cloud_ess_fips") { %>
 # Our actual entrypoint is `tini`, a minimal but functional init program. It
 # calls the entrypoint we provide, while correctly forwarding signals.
 ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/docker-entrypoint.sh"]
@@ -312,9 +312,9 @@ USER 1000:0
 HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD curl -I -f --max-time 5 http://localhost:9200 || exit 1
 <% } %>
 
-<% if (docker_base == 'fips') { %>
+<% if (docker_base == 'cloud_ess_fips') { %>
 COPY --from=builder --chown=0:0 /opt /opt
-ENV ES_PLUGIN_ARCHIVE_DIR /opt/plugins/archive
+ENV ES_PLUGIN_ARCHIVE_DIR=/opt/plugins/archive
 WORKDIR /usr/share/elasticsearch
 COPY --from=builder --chown=0:0 /fips/libs/*.jar /usr/share/elasticsearch/lib/
 <% } %>

settings.gradle

@@ -70,8 +70,8 @@ List projects = [
   'distribution:docker:ironbank-docker-export',
   'distribution:docker:wolfi-docker-aarch64-export',
   'distribution:docker:wolfi-docker-export',
-  'distribution:docker:fips-docker-export',
-  'distribution:docker:fips-docker-aarch64-export',
+  'distribution:docker:cloud-ess-fips-docker-export',
+  'distribution:docker:cloud-ess-fips-docker-aarch64-export',
   'distribution:packages:aarch64-deb',
   'distribution:packages:deb',
   'distribution:packages:aarch64-rpm',