feat: Add Opensearch image

[labrenbe]

Description

Build the OpenSearch image version 3.1.0 from source.

This includes

• Security Plugin built from source
• SBOM generated for OpenSearch and the security plugin
• Source tars
• repository-s3 and opensearch-performance-analyzer plugins

Tested with operator smoke test and helm setup.

Possible future improvements:

• Build the repository-s3 and opensearch-performance-analyzer plugins from source

Part of stackabletech/opensearch-operator#15

Definition of Done Checklist

Note

Not all of these items are applicable to all PRs, the author should update this template to only leave the boxes in that are relevant.

Please make sure all these things are done and tick the boxes

• Changes are OpenShift compatible
• All added packages (via microdnf or otherwise) have a comment on why they are added
• Things not downloaded from Red Hat repositories should be mirrored in the Stackable repository and downloaded from there
• All packages should have (if available) signatures/hashes verified
• Add an entry to the CHANGELOG.md file
• Integration tests ran successfully

TIP: Running integration tests with a new product image

The image can be built and uploaded to the kind cluster with the following commands:

bake --product <product> --image-version <stackable-image-version>
kind load docker-image <image-tagged-with-the-major-version> --name=<name-of-your-test-cluster>

See the output of bake to retrieve the image tag for <image-tagged-with-the-major-version>.

[siegfriedweber]

The following files are missing:

• .github/ISSUE_TEMPLATE/update-product-opensearch.md
• .github/workflows/build_opensearch.yaml
• opensearch/README.md with a short description of the content of the image (e.g. installed plugins)

This image must be added to the following files:

• .github/ISSUE_TEMPLATE/early-pre-release.md
• .github/workflows/preflight.yaml
• .scripts/enumerate-product-versions.py
• .scripts/update_feature_tracker_db.sh
• README.md (badge)

[siegfriedweber]

Please move this entry to the "Unreleased" section, as well as the pull request reference.

[siegfriedweber]

Suggested change

	# syntax=docker/dockerfile:1.10.0@sha256:865e5dd094beca432e8c0a1d5e1c465db5f998dca4e439981029b3b81fb39ed5
	# syntax=docker/dockerfile:1.16.0@sha256:e2dd261f92e4b763d789984f6eab84be66ab4f5f08052316d8eb8f173593acf7

[siegfriedweber]

Add the following line to open_shift_projects:

    "opensearch": {"id": "6880fe690db664aa303d3a28"},

[siegfriedweber]

According to https://docs.opensearch.org/docs/latest/install-and-configure/install-opensearch/index/#java-compatibility, it is only confirmed to be compatible with Java 11, 17 or 21.

[labrenbe]

Fixed in 841b3a0#diff-9fe134b6fa2b847439ee0e20eceef8a336719be11e549f70bbd44ea66046e6e6. opensearch-performance-analyzer also just supports Java 21.

[siegfriedweber]

Suggested change

	# syntax=docker/dockerfile:1.16.0@sha256:e2dd261f92e4b763d789984f6eab84be66ab4f5f08052316d8eb8f173593acf7
	# check=error=true

[siegfriedweber]

Other images have maintainer and vendor labels. Aren't they necessary here?

[siegfriedweber]

Where is the environment variable OPENSEARCH_CONTAINER used? A comment would be good.

[siegfriedweber]

Why don't you use the check-permissions-ownership.sh script? This layer is okay for now but if somebody else add things with other uids/gids, it could grow.

[siegfriedweber]

Suggested change

	FROM stackable/image/java-devel AS security-plugin-builder
	# syntax=docker/dockerfile:1.16.0@sha256:e2dd261f92e4b763d789984f6eab84be66ab4f5f08052316d8eb8f173593acf7
	# check=error=true
	FROM stackable/image/java-devel AS security-plugin-builder