[BUG] FIPS demo installer CLI causes significant increase in image sizeΒ #20520
Description
Describe the bug
We've upgraded to Opensearch 3.4 from 2.19. Post upgrade we've observed that there is a SIGNIFICANT INCREASE in our image size.
After diving into our docker image, we came to realize that the major contributor for this increase is fips-demo-installer-cli
Listing contents of '/usr/share/opensearch/lib/tools':
============================================================
TYPE SIZE NAME
---- ---- ----
dir 52.8M fips-demo-installer-cli
dir 23.2K keystore-cli
dir 11.3M plugin-cli
============================================================
Total size of '/usr/share/opensearch/lib/tools': 64.2M
Upon expanding this directory, we saw a lot more .jar files that has been introduced
Listing contents of '/usr/share/opensearch/lib/tools/fips-demo-installer-cli':
============================================================
TYPE SIZE NAME
---- ---- ----
file 173.1K HdrHistogram-2.2.2.jar
file 448.5K RoaringBitmap-1.3.0.jar
file 8.2M bc-fips-2.1.2.jar
file 36.5K fips-demo-installer-cli-3.4.0.jar
file 583.8K jackson-core-2.18.2.jar
file 69.0K jackson-dataformat-cbor-2.18.2.jar
file 94.6K jackson-dataformat-smile-2.18.2.jar
file 54.3K jackson-dataformat-yaml-2.18.2.jar
file 24.5K jakarta.annotation-api-1.3.5.jar
file 7.2K java-version-checker-3.4.0.jar
file 1.9M jna-5.16.0.jar
file 623.5K joda-time-2.12.7.jar
file 76.3K jopt-simple-5.0.4.jar
file 779.0K jts-core-1.15.0.jar
file 70.3K jzlib-1.1.3.jar
file 310.0K log4j-api-2.21.0.jar
file 1.8M log4j-core-2.21.0.jar
file 30.2K log4j-jul-2.21.0.jar
file 1.7M lucene-analysis-common-10.3.2.jar
file 816.9K lucene-backward-codecs-10.3.2.jar
file 4.4M lucene-core-10.3.2.jar
file 94.4K lucene-grouping-10.3.2.jar
file 273.5K lucene-highlighter-10.3.2.jar
file 175.3K lucene-join-10.3.2.jar
file 63.6K lucene-memory-10.3.2.jar
file 133.5K lucene-misc-10.3.2.jar
file 509.3K lucene-queries-10.3.2.jar
file 415.5K lucene-queryparser-10.3.2.jar
file 366.5K lucene-sandbox-10.3.2.jar
file 237.9K lucene-spatial-extras-10.3.2.jar
file 322.1K lucene-spatial3d-10.3.2.jar
file 238.0K lucene-suggest-10.3.2.jar
file 16.2M opensearch-3.4.0.jar
file 27.6K opensearch-agent-policy-3.4.0.jar
file 18.0K opensearch-cli-3.4.0.jar
file 149.2K opensearch-common-3.4.0.jar
file 8.0K opensearch-compress-3.4.0.jar
file 360.2K opensearch-core-3.4.0.jar
file 46.0K opensearch-geo-3.4.0.jar
file 6.7K opensearch-secure-sm-3.4.0.jar
file 14.3K opensearch-task-commons-3.4.0.jar
file 31.9K opensearch-telemetry-3.4.0.jar
file 40.3K opensearch-x-content-3.4.0.jar
file 407.9K picocli-4.7.7.jar
file 1.8M protobuf-java-3.25.8.jar
file 11.4K reactive-streams-1.0.4.jar
file 1.8M reactor-core-3.8.0.jar
file 326.4K snakeyaml-2.1.jar
file 200.0K spatial4j-0.7.jar
file 79.7K t-digest-3.3.jar
file 6.5M zstd-jni-1.5.6-1.jar
============================================================
Total size of '/usr/share/opensearch/lib/tools/fips-demo-installer-cli': 52.8M
Based on the documentation https://docs.opensearch.org/latest/security/configuration/fips/, it looks like that it has been introduced in order to adhere with some US Government standards.
But our organizational standards need us to keep the docker image size as minimal as possible.
I was wondering if it is okay to remove the fips-demo-installer-cli directory or not?
Can this tool be externally used without really having to maintain the cli inside the image?
Related component
Plugins
To Reproduce
- Create opensearch docker image by installing opensearch 3.4 rpm
- ls
/usr/share/opensearch/lib/toolsdirectory and compute the subdir size - Is
fips-demo-installer-clireally required ?
Expected behavior
Until 2.19.3, there was no fips-demo-installer-cli directory present.
Additional Details
Plugins
NA
Screenshots
NA
Host/Environment (please complete the following information):
- OS: Rocky 9 Linux
- Version: 3.4
Additional context
NA