Revert "Use Cloudflare's zlib in Docker images (#81245)"

This reverts commit 6582acf.

distribution/docker/build.gradle

@@ -16,8 +16,6 @@ apply plugin: 'elasticsearch.test.fixtures'
 apply plugin: 'elasticsearch.internal-distribution-download'
 apply plugin: 'elasticsearch.rest-resources'
 
-ext.cloudflareZlibVersion = '1.2.8'
-
 String buildId = providers.systemProperty('build.id').forUseAtConfigurationTime().getOrNull()
 boolean useLocalArtifacts = buildId != null && buildId.isBlank() == false
 
@@ -36,15 +34,6 @@ repositories {
     content { includeGroup 'krallin' }
   }
 
-  ivy {
-    url 'https://github.com/'
-    patternLayout {
-      artifact '/[organisation]/[module]/archive/refs/tags/v[revision].[ext]'
-    }
-    metadataSources { artifact() }
-    content { includeGroup 'cloudflare' }
-  }
-
   // Cloud builds bundle some beats
   ivy {
     if (useLocalArtifacts) {
@@ -74,7 +63,6 @@ configurations {
   nonRepositoryPlugins
   filebeat
   metricbeat
-  cloudflareZlib
 }
 
 String beatsArch = Architecture.current() == Architecture.AARCH64 ? 'arm64' : 'x86_64'
@@ -89,7 +77,6 @@ dependencies {
   nonRepositoryPlugins project(path: ':plugins', configuration: 'nonRepositoryPlugins')
   filebeat "beats:filebeat:${VersionProperties.elasticsearch}:${beatsArch}@tar.gz"
   metricbeat "beats:metricbeat:${VersionProperties.elasticsearch}:${beatsArch}@tar.gz"
-  cloudflareZlib "cloudflare:zlib:${cloudflareZlibVersion}@tar.gz"
 }
 
 ext.expansions = { Architecture architecture, DockerBase base ->
@@ -113,8 +100,7 @@ ext.expansions = { Architecture architecture, DockerBase base ->
     'docker_base'        : base.name().toLowerCase(),
     'version'            : VersionProperties.elasticsearch,
     'major_minor_version': "${major}.${minor}",
-    'retry'              : ShellRetry,
-    'zlib_version'       : cloudflareZlibVersion
+    'retry'              : ShellRetry
   ]
 }
 
@@ -276,7 +262,6 @@ void addBuildDockerContextTask(Architecture architecture, DockerBase base) {
         boolean includeBeats = VersionProperties.isElasticsearchSnapshot() == true || buildId != null
 
         from configurations.repositoryPlugins
-
         if (includeBeats) {
           from configurations.filebeat
           from configurations.metricbeat
@@ -307,10 +292,7 @@ void addTransformDockerContextTask(Architecture architecture, DockerBase base) {
     from(tarTree("${project.buildDir}/distributions/${archiveName}.tar.gz")) {
       eachFile { FileCopyDetails details ->
         if (details.name.equals("Dockerfile")) {
-          filter { String filename ->
-            String result = filename.replaceAll('^RUN curl.*artifacts-no-kpi.*$', "COPY ${distributionName} /tmp/elasticsearch.tar.gz")
-            return result.replaceAll('^RUN curl.*cloudflare/zlib.*$', "COPY zlib-${cloudflareZlibVersion}.tar.gz /tmp")
-          }
+          filter { it.replaceAll('^RUN curl.*artifacts-no-kpi.*$', "COPY ${distributionName} /tmp/elasticsearch.tar.gz") }
         }
       }
     }
@@ -323,8 +305,6 @@ void addTransformDockerContextTask(Architecture architecture, DockerBase base) {
       from configurations.dockerSource
     }
 
-    from configurations.cloudflareZlib
-
     if (base == DockerBase.IRON_BANK) {
       from (configurations.tini) {
         rename { _ -> 'tini' }

distribution/docker/src/docker/Dockerfile

@@ -20,51 +20,28 @@
 */ %>
 
 <% if (docker_base == 'iron_bank') { %>
-ARG BASE_REGISTRY=registry1.dso.mil
-ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8
-ARG BASE_TAG=8.4
-<% } %>
-
-################################################################################
-# Build stage 0 `zlib`:
-# Compile zlib for the current architecture
-################################################################################
-
-FROM ${base_image} AS zlib
-
-<% if (docker_base == 'default' || docker_base == 'cloud') { %>
-RUN <%= retry.loop(package_manager, "${package_manager} update && DEBIAN_FRONTEND=noninteractive ${package_manager} install -y curl gcc make") %>
-<% } else { %>
-RUN <%= retry.loop(package_manager, "${package_manager} install -y curl gcc make tar gzip") %>
-<% } %>
-
-<%
-// Fetch the zlib source.  Keep this command on one line - it is replaced
-// with a `COPY` during local builds.
-%>
-WORKDIR /tmp
-RUN curl --retry 10 -S -L -o zlib-${zlib_version}.tar.gz https://github.com/cloudflare/zlib/archive/refs/tags/v${zlib_version}.tar.gz
-RUN echo "7e393976368975446b263ae4143fb404bc33bf3b436e72007700b5b88e5be332cd461cdec42d31a4b6dffdca2368550f01b9fa1165d81c0aa818bbf2b1ac191e zlib-${zlib_version}.tar.gz" \\
-      | sha512sum --check -
-RUN tar xf zlib-${zlib_version}.tar.gz
-
-WORKDIR /tmp/zlib-${zlib_version}
-RUN ./configure --prefix=/usr/local/cloudflare-zlib && make && make install
-
 ################################################################################
-# Build stage 1 `builder`:
+# Build stage 0 `builder`:
 # Extract Elasticsearch artifact
 ################################################################################
 
+ARG BASE_REGISTRY=registry1.dso.mil
+ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8
+ARG BASE_TAG=8.4
+
 FROM ${base_image} AS builder
 
-<% if (docker_base == 'iron_bank') { %>
 # `tini` is a tiny but valid init for containers. This is used to cleanly
 # control how ES and any child processes are shut down.
 COPY tini /bin/tini
 RUN chmod 0555 /bin/tini
 
 <% } else { %>
+################################################################################
+# Build stage 0 `builder`:
+# Extract Elasticsearch artifact
+################################################################################
+FROM ${base_image} AS builder
 
 # Install required packages to extract the Elasticsearch distribution
 <% if (docker_base == 'default' || docker_base == 'cloud') { %>
@@ -161,10 +138,9 @@ RUN chmod -R 0555 /opt/plugins
 <% } %>
 
 ################################################################################
-# Build stage 2 (the actual Elasticsearch image):
+# Build stage 1 (the actual Elasticsearch image):
 #
-# Copy zlib from stage 2
-# Copy elasticsearch from stage 1
+# Copy elasticsearch from stage 0
 # Add entrypoint
 ################################################################################
 
@@ -223,7 +199,6 @@ WORKDIR /usr/share/elasticsearch
 COPY --from=builder --chown=0:0 /usr/share/elasticsearch /usr/share/elasticsearch
 
 COPY --from=builder --chown=0:0 /bin/tini /bin/tini
-COPY --from=zlib --chown=0:0 /usr/local/cloudflare-zlib /usr/local/cloudflare-zlib
 
 <% if (docker_base == 'default' || docker_base == 'cloud') { %>
 COPY --from=builder --chown=0:0 /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts
@@ -234,7 +209,6 @@ COPY --from=builder --chown=0:0 /opt /opt
 <% } %>
 
 ENV PATH /usr/share/elasticsearch/bin:\$PATH
-ENV ES_ZLIB_PATH /usr/local/cloudflare-zlib/lib
 
 COPY ${bin_dir}/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
 

distribution/src/bin/elasticsearch

@@ -37,14 +37,6 @@ if [ -z "$LIBFFI_TMPDIR" ]; then
   export LIBFFI_TMPDIR
 fi
 
-if [ -n "$ES_ZLIB_PATH" ]; then
-  if [ ! -d "$ES_ZLIB_PATH" ]; then
-    echo "zlib path specified in ES_ZLIB_PATH does not exist or is not a directory: $ES_ZLIB_PATH" >&2
-    exit 1
-  fi
-  export LD_LIBRARY_PATH="$ES_ZLIB_PATH:$LD_LIBRARY_PATH"
-fi
-
 # get keystore password before setting java options to avoid
 # conflicting GC configurations for the keystore tools
 unset KEYSTORE_PASSWORD

qa/os/src/test/java/org/elasticsearch/packaging/test/DockerTests.java

@@ -18,7 +18,6 @@
 import org.elasticsearch.packaging.util.Shell;
 import org.elasticsearch.packaging.util.Shell.Result;
 import org.elasticsearch.packaging.util.docker.DockerRun;
-import org.elasticsearch.packaging.util.docker.DockerShell;
 import org.elasticsearch.packaging.util.docker.MockServer;
 import org.hamcrest.Matcher;
 import org.junit.After;
@@ -398,22 +397,6 @@ public void test050BasicApiTests() throws Exception {
         ServerUtils.runElasticsearchTests();
     }
 
-    /**
-     * Check that the JDK uses the Cloudflare zlib, instead of the default one.
-     */
-    public void test060JavaUsesCloudflareZlib() throws Exception {
-        waitForElasticsearch(installation);
-
-        // Since the Docker image before 8.0 runs as `root`, not `elasticsearch`, it's
-        // necessary to specify the user when we run `docker exec` in order to successfully
-        // run `pmap`. Surprisingly, running this as `root` in the container doesn't work.
-        // The `pmap` command also doesn't work if we don't specify the group.
-        ((DockerShell) sh).setUser("elasticsearch:root");
-        final String output = sh.run("bash -c 'pmap -p $(pidof java)'").stdout;
-
-        assertThat("Expected java to be using cloudflare-zlib", output, containsString("cloudflare-zlib"));
-    }
-
     /**
      * Check that the default config can be overridden using a bind mount, and that env vars are respected
      */

qa/os/src/test/java/org/elasticsearch/packaging/util/docker/DockerShell.java

@@ -17,14 +17,6 @@
  * Extends {@link Shell} so that executed commands happen in the currently running Docker container.
  */
 public class DockerShell extends Shell {
-    private String user = null;
-
-    @Override
-    public void reset() {
-        super.reset();
-        this.user = null;
-    }
-
     @Override
     protected String[] getScriptCommand(String script) {
         assert Docker.containerId != null;
@@ -34,11 +26,6 @@ protected String[] getScriptCommand(String script) {
         cmd.add("exec");
         cmd.add("--tty");
 
-        if (this.user != null) {
-            cmd.add("--user");
-            cmd.add(user);
-        }
-
         env.forEach((key, value) -> cmd.add("--env " + key + "=\"" + value + "\""));
 
         cmd.add(Docker.containerId);
@@ -77,12 +64,4 @@ public Result run(String script) {
             throw e;
         }
     }
-
-    /**
-     * Sets the user to run `docker exec` with.
-     * @param user the user specification, e.g. `user`, `uid`, `user:group`, `uid:gid`.
-     */
-    public void setUser(String user) {
-        this.user = user;
-    }
 }