Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8…

[gaddamas]

Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 #2746

Descriptions of the changes in this PR:
Update base image to CentOS 8

Motivation

(Explain: why you're making that change, what is the problem you're trying to solve)
Fix security vulnerabilities.

Changes

(Describe: what changes you have made)

Master Issue: #

---

In order to uphold a high standard for quality for code contributions, Apache BookKeeper runs various precommit
checks for pull requests. A pull request can only be merged when it passes precommit checks.

---

Be sure to do all of the following to help us incorporate your contribution
quickly and easily:

If this PR is a BookKeeper Proposal (BP):

• Make sure the PR title is formatted like:
  <BP-#>: Description of bookkeeper proposal
e.g. BP-1: 64 bits ledger is support
• Attach the master issue link in the description of this PR.
• Attach the google doc link if the BP is written in Google Doc.

Otherwise:

• Make sure the PR title is formatted like:
  <Issue #>: Description of pull request
e.g. Issue 123: Description ...
• Make sure tests pass via mvn clean apache-rat:check install spotbugs:check.
• Replace <Issue #> in the title with the actual Issue number.

---

[eolivelli]

+1

[gaddamas]

Failure on integration test:
[ERROR] Failed to execute goal on project metadata-stores-etcd: Could not resolve dependencies for project org.apache.bookkeeper.metadata.drivers:metadata-stores-etcd:jar:4.15.0-SNAPSHOT: The following artifacts could not be resolved: org.apache.bookkeeper:bookkeeper-server:jar:4.15.0-SNAPSHOT, org.apache.bookkeeper:bookkeeper-common:jar:tests:4.15.0-SNAPSHOT, org.apache.bookkeeper:bookkeeper-server:jar:tests:4.15.0-SNAPSHOT: org.apache.bookkeeper:bookkeeper-server:jar:4.15.0-SNAPSHOT was not found in https://repository.apache.org/snapshots during a previous attempt. This failure was cached in the local repository and resolution is not reattempted until the update interval of apache.snapshots has elapsed or updates are forced -> [Help 1]

https://repository.apache.org/content/groups/snapshots/org/apache/bookkeeper/metadata/drivers/metadata-stores-etcd/

[eolivelli]

I have restarted the job

@lhotari can you please take a look to this patch ?

[eolivelli]

@gaddamas the patch is good to go.
We need another reviewer to validate the patch before merging it.

@sijie @fpj @merlimat @Ghatage PTAL

[eolivelli]

@gaddamas did you try locally the new image ?

[gaddamas]

@gaddamas did you try locally the new image ?

I am testing it, will not be merging until my local testing is complete.

[eolivelli]

Thinking more about this change....
In Pulsar we switched the docker images to Ubuntu because it seems to be updated more promptly in case of security vulnerabilities.

Can we hold on in merging this patch ?
I will start a discussion on the dev@bookkeeper.apache.org mailing list

cc @lhotari you may be interesting in following this work

[eolivelli]

This is the link to my email to dev@
https://lists.apache.org/thread.html/r2956a44b8d0e7f8c3fdd25e466f5058e658bac4bbc1d212cef7cf550%40%3Cdev.bookkeeper.apache.org%3E

[dlg99]

@eolivelli @gaddamas @lhotari It's been awhile. What's the consensus on the base image?

[StevenLuMT]

lgtm

[StevenLuMT]

fix old workflow,please see #3455 for detail

[shoothzj]

Now we have migrated to ubuntu, close this PR