Stop crossbuilding using Debian 8 #34921
Conversation
The GPG keys are expired and we should start building for the more recent version of Debian.
rdner
added
Team:Elastic-Agent-Data-Plane
rdner
requested review from
ycombinator and
faec
and removed request for
a team
|
Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane) |
botelastic
bot
added
needs_team
|
|
| // Use an older version of libc to gain greater OS compatibility. | ||
| // Debian 8 uses glibc 2.19. | ||
| tagSuffix = "main-debian8" | ||
| tagSuffix = "main-debian10" |
There was a problem hiding this comment.
Looks like the main reason for using the older Debian was to build with an older version of libc. Perhaps we could use a newer version of Debian but also downgrade glibc to 2.19 (not sure if this is possible)? If possible, I think the downgrade would happen somewhere in https://github.com/elastic/golang-crossbuild/blob/main/go/base/Dockerfile.tmpl.
There was a problem hiding this comment.
If this works #34922 I'm going to close this PR. The risk is high, as you mentioned.
There was a problem hiding this comment.
according to our support matrix https://www.elastic.co/support/matrix we don't support Debian < 10 since 8.4, however 7.17 still on Debian 8,9,10.
So, I think we can actually merge this to main and 8.7 but we cannot backport it to 7.17.
There was a problem hiding this comment.
cc @andrewkroh , I recall you mentioned something in the past about backward compatibility, do you happen to know whether this PR could cause any issues? Or the underline problem was already solved?
There was a problem hiding this comment.
This PR did cause similar problems. I detailed it in #34938 (comment) and I fixed the Packetbeat build. I added tests such that we now have tests in place that check that {File,Audit,Packet,Metric}beat are all compatible with glibc version shipped with RHEL 7.
💚 Build Succeeded
Expand to view the summary
Build stats
❕ Flaky test reportNo test was executed to be analysed. 🤖 GitHub commentsExpand to view the GitHub comments
To re-run your PR in the CI, just comment with:
|
|
I'll try a safer option first #34922 |
|
Sorry for extra pings everyone, I changed base on a wrong PR. |
|
I tried to use the archived repositories for Debian 8 in #34922 but didn't succeed – the dependencies cannot be resolved for the packages we need. The only option left for us is to manually find these packages for all required architectures and make a custom image for our CI. I'm not sure it's worth the trouble. I think we should just switch to Debian 10 for both 8.x and 7.17. For 8.7 there is no impact, the Beats support matrix already says that we support Debian >= 10 starting with 8.4. But our 7.17 version still claims support for Debian >= 8. – which we cannot guarantee after switching 7.17 to Debian 10 because of libc compatibility issues in the past. Debian 8 was released in April 2015 and its end of life was scheduled to be in June 2022. It's actually surprising that the repositories were available for so long after reaching the end of life. Debian 10 was released in July 2019 and its end of life is scheduled on June 30th, 2024.
|
rdner
requested review from
cmacknz and
joshdover
and removed request for
belimawr
The GPG keys are expired and we should start building for the more recent version of Debian. (cherry picked from commit 5e71fe7)
The GPG keys are expired and we should start building for the more recent version of Debian. (cherry picked from commit 5e71fe7)
@rdner I see some Debian 8 check marks on the matrix. I'm was looking at the impact of this in #34938 (comment) and we have a problem because some Beats won't run.
|
|
@andrewkroh thanks for pointing this out. copying @jlind23 also. Unfortunately I think the Metricbeat you highlight above may be erroneous. At 8.0 we removed Debian 8 from the matrix. This should have applied to Metricbeat also. Even though I am struggling to find the email trail for this, I'm certain Metricbeat would have been a part of that decision. |
|
@rdner & @pierrehilbert if we can't make this work for 7.17 we can drop support for it in the next 7.17 release and I will make that obvious in a foot note. |
|
@nimarezainia @pierrehilbert backporting #34939 into 7.17 should solve it for now. However, I saw some issues with Packetbeat running on a new version of libc here #34943 (8.x versions) Not sure how we're going to resolve it and whether it's an issue for 7.17 as well. Thanks @andrewkroh for bringing more context and for the fix! |
|
@rdner so are you saying that 7.17 is good on Debian 8? |
|
@nimarezainia I believe so. It's unclear with Packetbeat at the moment but it should be okay. It's good for now but we should schedule a switch to Debian 10 in near future. Perhaps 7.18? |
Check the minimum required glibc on cross-build artifacts. This is a precautionary check to ensure binaries are aligned the current OS support matrix (https://www.elastic.co/support/matrix). Relates #34938 * {packetbeat,x-pack/packetbeat} Use debian9 crossbuild image for linux/386 because the change in elastic/beats##34921 broke support for older operating systems. * Fix golangci-lint warnings pkg.go:230:6: func `updateWithDarwinUniversal` is unused (unused) various: non-wrapping format verb for fmt.Errorf. Use `%w` to format errors (errorlint) import of package `github.com/pkg/errors` is blocked (gomodguard)
|
@rdner 7.18?? :-) |
|
@nimarezainia I mean I have no idea if we're going to release another minor 7.x, we just need to plan this drop at some point in the future, I suppose you'd know better when is the best time :) |
The GPG keys are expired and we should start building for the more recent version of Debian.
Check the minimum required glibc on cross-build artifacts. This is a precautionary check to ensure binaries are aligned the current OS support matrix (https://www.elastic.co/support/matrix). Relates #34938 * {packetbeat,x-pack/packetbeat} Use debian9 crossbuild image for linux/386 because the change in elastic/beats##34921 broke support for older operating systems. * Fix golangci-lint warnings pkg.go:230:6: func `updateWithDarwinUniversal` is unused (unused) various: non-wrapping format verb for fmt.Errorf. Use `%w` to format errors (errorlint) import of package `github.com/pkg/errors` is blocked (gomodguard)
What does this PR do?
The GPG keys are expired and the main repository has been moved to the archive. We should start building for the more recent version of Debian.
According to our support matrix https://www.elastic.co/support/matrix we don't support Debian < 10 since 8.4.
Why is it important?
We cannot build snapshots right now:
https://internal-ci.elastic.co/job/elastic+unified-release+master+snapshot-multijob-7.17/361/display/redirect
How to test locally
In Filebeat run: