Skip to content

Commit

Permalink
Add tools to assemble DEB packages (#96)
Browse files Browse the repository at this point in the history
* Add tools to assemble DEB packages

* Move wazuh-indexer-performance-analyzer.service to common

* Enable assembly of DEB packages

* Enable full set of plugins

* Actually skip tar assembly

* Add installation of dependencies for DEB assembly

* Install dependencies using sudo

* Format files

* Refactor assemble script
  • Loading branch information
AlexRuiz7 committed Aug 20, 2024
1 parent 6204201 commit 7544de4
Show file tree
Hide file tree
Showing 9 changed files with 439 additions and 186 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ jobs:
exclude:
# skip arm64 until we have arm runners
- architecture: arm64
- distribution: [tar, deb] # Exclude deb assembly until it's implemented
- distribution: tar

uses: ./.github/workflows/r_assemble.yml
with:
Expand Down
6 changes: 5 additions & 1 deletion .github/workflows/r_assemble.yml
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,11 @@ jobs:
name: ${{ inputs.min }}
path: artifacts/dist

- name: Provision
if: ${{ inputs.distribution == 'deb' }}
run: |
sudo bash scripts/provision.sh
- name: Run `assemble.sh`
run: |
bash scripts/assemble.sh -v ${{ vars.OPENSEARCH_VERSION }} -p linux -a ${{ inputs.architecture }} -d ${{ inputs.distribution }}
Expand All @@ -55,4 +60,3 @@ jobs:
name: ${{ inputs.name }}
path: artifacts/dist/${{ steps.get_name.outputs.name }}
if-no-files-found: error

19 changes: 19 additions & 0 deletions distribution/packages/src/deb/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# Copyright OpenSearch Contributors
# SPDX-License-Identifier: Apache-2.0
#
# The OpenSearch Contributors require contributions made to
# this file be licensed under the Apache-2.0 license or a
# compatible open source license.

# deb opensearch Makefile

all: install

install:
./debmake_install.sh $(CURDIR)

clean: ;

distclean: clean

.PHONY: all clean distclean install
46 changes: 46 additions & 0 deletions distribution/packages/src/deb/debmake_install.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
#!/bin/bash

# Copyright OpenSearch Contributors
# SPDX-License-Identifier: Apache-2.0
#
# The OpenSearch Contributors require contributions made to
# this file be licensed under the Apache-2.0 license or a
# compatible open source license.

# debmake opensearch install script

set -ex

if [ -z "$1" ]; then
echo "Missing curdir path"
exit 1
fi

curdir=$1
product_dir=/usr/share/wazuh-indexer
# config_dir=/etc/wazuh-indexer
data_dir=/var/lib/wazuh-indexer
log_dir=/var/log/wazuh-indexer
pid_dir=/var/run/wazuh-indexer
buildroot=${curdir}/debian/wazuh-indexer

# Create necessary directories
mkdir -p "${buildroot}"
mkdir -p "${buildroot}${pid_dir}"
mkdir -p "${buildroot}${product_dir}/plugins"

# Install directories/files
cp -a "${curdir}"/etc "${curdir}"/usr "${curdir}"/var "${buildroot}"/
chmod -c 0755 "${buildroot}${product_dir}"/bin/*
if [ -d "${buildroot}${product_dir}"/plugins/opensearch-security ]; then
chmod -c 0755 "${buildroot}${product_dir}"/plugins/opensearch-security/tools/*
fi

# Symlinks (do not symlink config dir as security demo installer has dependency, if no presense it will switch to rpm/deb mode)
ln -s ${data_dir} "${buildroot}${product_dir}/data"
ln -s ${log_dir} "${buildroot}${product_dir}/logs"

# Change Permissions
chmod -Rf a+rX,u+w,g-w,o-w "${buildroot}"/*

exit 0
2 changes: 1 addition & 1 deletion docker/README.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Frontend development environments
# Indexer development environments

Install [Docker Desktop][docker-desktop] as per its instructions, available for Windows, Mac
and Linux (Ubuntu, Debian & Fedora).
Expand Down
184 changes: 142 additions & 42 deletions scripts/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@

The packages' generation process consists on 2 steps:

* **Build**: compiles the Java application and bundles it into a package.
* **Assembly**: uses the package from the previous step and inflates it with plugins and
configuration files, ready for production deployment.
- **Build**: compiles the Java application and bundles it into a package.
- **Assembly**: uses the package from the previous step and inflates it with plugins and
configuration files, ready for production deployment.

We usually generate the packages using GitHub Actions, however, the process is designed to
be independent enough for maximum portability. GitHub Actions provides infrastructure, while
Expand All @@ -27,7 +27,6 @@ act -j build -W .github/workflows/build.yml --artifact-server-path ./artifacts
[Build slim packages/build] 🏁 Job succeeded
```


#### Running in Docker

Within the [Docker environment](../docker):
Expand All @@ -38,60 +37,162 @@ bash scripts/build.sh -v 2.11.0 -s false -p linux -a {x64|arm64} -d {rpm|deb|tar

The generated package is sent to `artifacts/`


## Assemble

<!--
<!--
### TAR
### DEB
-->

### DEB

The script will:

- Extract the deb package using `ar` and `tar` tools.

> By default, `ar` and `tar` tools expect the package to be in `wazuh-indexer/artifacts/tmp/deb`. The script takes care of creating the required folder structure, copying also the min package and the Makefile.
Current folder loadout at this stage:

```
artifacts/
|-- dist
| |-- wazuh-indexer-min_4.9.0_amd64.deb
`-- tmp
`-- deb
|-- Makefile
|-- data.tar.gz
|-- debmake_install.sh
|-- etc
|-- usr
|-- var
`-- wazuh-indexer-min_4.9.0_amd64.deb
```

`usr`, `etc` and `var` folders contain `wazuh-indexer` files, extracted from `wazuh-indexer-min-*.deb`.
`Makefile` and the `debmake_install` are copied over from `wazuh-indexer/distribution/packages/src/deb`.
The `wazuh-indexer-performance-analyzer.service` file is also copied from the same folder. It is a dependency of the SPEC file.

- Install the plugins using the `opensearch-plugin` CLI tool.
- Set up configuration files.

> Included in `min-package`. Default files are overwritten.
- Bundle a DEB file with `debmake` and the `Makefile`.

> `debmake` and other dependencies can be installed using the provision.sh script. The
> script is invoked by the GitHub Workflow.
Current folder loadout at this stage:

```
artifacts/
|-- artifact_name.txt
|-- dist
| |-- wazuh-indexer-min_4.9.0_amd64.deb
| `-- wazuh-indexer_4.9.0_amd64.deb
`-- tmp
`-- deb
|-- Makefile
|-- data.tar.gz
|-- debmake_install.sh
|-- etc
|-- usr
|-- var
`-- wazuh-indexer-min_4.9.0_amd64.deb
```

### Running in Act

```console
act -j assemble -W .github/workflows/build.yml --artifact-server-path ./artifacts --matrix distribution:deb --matrix architecture:x64 --var OPENSEARCH_VERSION=2.11.0

[Build slim packages/build] 🏁 Job succeeded
```

#### Running in Docker

Pre-requisites:

- Current directory: `wazuh-indexer/`
- Existing deb package in `wazuh-indexer/artifacts/dist/deb`, as a result of the _Build_ stage.

```console
MIN_PKG_PATH="./artifacts"
docker run --rm \
-v ./scripts/:/home/wazuh-indexer/scripts \
-v $MIN_PKG_PATH:/home/wazuh-indexer/artifacts \
-v ./distribution/packages/src:/home/wazuh-indexer/distribution/packages/src \
-w /home/wazuh-indexer \
-it ubuntu:jammy /bin/bash

# https://github.com/opensearch-project/opensearch-build/blob/2.11.1/docker/ci/dockerfiles/current/build.ubuntu2004.opensearch.x64.arm64.dockerfile

# Install necessary packages
apt-get update -y && apt-get upgrade -y && apt-get install -y curl build-essential curl &&
apt-get install -y debmake debhelper-compat &&
apt-get install -y libxrender1 libxtst6 libasound2 libxi6 libgconf-2-4 &&
apt-get install -y libatk1.0-0 libatk-bridge2.0-0 libcups2 libdrm2 libatspi2.0-dev libxcomposite-dev libxdamage1 libxfixes3 libxfixes-dev libxrandr2 libgbm-dev libxkbcommon-x11-0 libpangocairo-1.0-0 libcairo2 libcairo2-dev libnss3 libnspr4 libnspr4-dev freeglut3 &&
apt-get clean -y

# Install aptly and required changes to debmake
# Remove lintian for now due to it takes nearly 20 minutes for OpenSearch as well as nearly an hour for OpenSearch-Dashboards during debmake
curl -o- https://www.aptly.info/pubkey.txt | apt-key add - &&
echo "deb http://repo.aptly.info/ squeeze main" | tee -a /etc/apt/sources.list.d/aptly.list &&
apt-get update -y && apt-get install -y aptly && apt-get clean -y &&
dpkg -r lintian

bash scripts/assemble.sh -v 2.11.0 -p linux -a x64 -d deb
```

### RPM

The `assemble.sh` script will use the output from the `build.sh` script and use it as a
base to bundle together a final package containing the plugins, the production configuration
The `assemble.sh` script will use the output from the `build.sh` script and use it as a
base to bundle together a final package containing the plugins, the production configuration
and the service files.

The script will:

- Extract the rpm package using `rpm2cpio` and `cpio` tools.

> By default, `rpm2cpio` and `cpio` tools expect the package to be in `wazuh-indexer/artifacts/tmp/rpm`. The script takes care of creating the required folder structure, copying also the min package and the SPEC file.
Current folder loadout at this stage:
```
/rpm/$ARCH
/etc
/usr
/var
wazuh-indexer-min-*.rpm
wazuh-indexer.rpm.spec
```
`usr`, `etc` and `var` folders contain `wazuh-indexer` files, extracted from `wazuh-indexer-min-*.rpm`.
`wazuh-indexer.rpm.spec` is copied over from `wazuh-indexer/distribution/packages/src/rpm/wazuh-indexer.rpm.spec`.
The `wazuh-indexer-performance-analyzer.service` file is also copied from the same folder. It is a dependency of the SPEC file.

> By default, `rpm2cpio` and `cpio` tools expect the package to be in `wazuh-indexer/artifacts/tmp/rpm`. The script takes care of creating the required folder structure, copying also the min package and the SPEC file.
Current folder loadout at this stage:

```
/rpm/$ARCH
/etc
/usr
/var
wazuh-indexer-min-*.rpm
wazuh-indexer.rpm.spec
```

`usr`, `etc` and `var` folders contain `wazuh-indexer` files, extracted from `wazuh-indexer-min-*.rpm`.
`wazuh-indexer.rpm.spec` is copied over from `wazuh-indexer/distribution/packages/src/rpm/wazuh-indexer.rpm.spec`.
The `wazuh-indexer-performance-analyzer.service` file is also copied from the same folder. It is a dependency of the SPEC file.

- Install the plugins using the `opensearch-plugin` CLI tool.
- Set up configuration files.

> Included in `min-package`. Default files are overwritten.
> Included in `min-package`. Default files are overwritten.
- Bundle an RPM file with `rpmbuild` and the SPEC file `wazuh-indexer.rpm.spec`.
- `rpmbuild` is part of the `rpm` OS package.

> `rpmbuild` is invoked from `wazuh-indexer/artifacts/tmp/rpm`. It creates the {BUILD,RPMS,SOURCES,SRPMS,SPECS,TMP} folders and applies the rules in the SPEC file. If successful, `rpmbuild` will generate the package in the `RPMS/` folder. The script will copy it to `wazuh-indexer/artifacts/dist` and clean: remove the `tmp\` folder and its contents.
- `rpmbuild` is part of the `rpm` OS package.

Current folder loadout at this stage:
```
/rpm/$ARCH
/{BUILD,RPMS,SOURCES,SRPMS,SPECS,TMP}
/etc
/usr
/var
wazuh-indexer-min-*.rpm
wazuh-indexer.rpm.spec
```
> `rpmbuild` is invoked from `wazuh-indexer/artifacts/tmp/rpm`. It creates the {BUILD,RPMS,SOURCES,SRPMS,SPECS,TMP} folders and applies the rules in the SPEC file. If successful, `rpmbuild` will generate the package in the `RPMS/` folder. The script will copy it to `wazuh-indexer/artifacts/dist` and clean: remove the `tmp\` folder and its contents.
Current folder loadout at this stage:

```
/rpm/$ARCH
/{BUILD,RPMS,SOURCES,SRPMS,SPECS,TMP}
/etc
/usr
/var
wazuh-indexer-min-*.rpm
wazuh-indexer.rpm.spec
```

### Running in Act

Expand All @@ -105,8 +206,8 @@ act -j assemble -W .github/workflows/build.yml --artifact-server-path ./artifact

Pre-requisites:

* Current directory: `wazuh-indexer/`
* Existing rpm package in `wazuh-indexer/artifacts/dist/rpm`, as a result of the _Build_ stage.
- Current directory: `wazuh-indexer/`
- Existing rpm package in `wazuh-indexer/artifacts/dist/rpm`, as a result of the _Build_ stage.

```console
MIN_PKG_PATH="./artifacts"
Expand All @@ -121,4 +222,3 @@ apt-get update
apt-get install -y rpm2cpio rpm cpio
bash scripts/assemble.sh -v 2.11.0 -p linux -a x64 -d rpm
```

Loading

0 comments on commit 7544de4

Please sign in to comment.