Cherry-pick #21213 to 7.x: Stop running agent container as root by default

[jsoriano]

Cherry-pick of PR #21213 to 7.x branch. Original message:

What does this PR do?

Stop running Elastic Agent as root by default on docker image. When root user or other privileges are required, they will need to be explicitly configured at run time. This already happens now, except for the root user.
Provided Kubernetes manifests already use security context to run as user 0.

Why is it important?

Using USER root in docker images is not a very good practice, and is not allowed in some certification processes (see #20996).

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

• Confirm that this is not related to [Elastic-agent] Sometimes backend processes are not started #21120. (Confirmed by using a file lock to synchronize check and run methods of the install operations).

Related issues

• Part of Support running Auditbeat and Elastic Agent docker images without root #20996.
• Related to Improve support of Beats on Kubernetes restricted environments #19600.

[elasticmachine]

Pinging @elastic/ingest-management (Team:Ingest Management)

[elasticmachine]

Pinging @elastic/integrations-platforms (Team:Platforms)

[elasticmachine]

💔 Tests Failed

Expand to view the summary

Build stats

• Build Cause: [Pull request #21292 opened]

• Start Time: 2020-09-24T11:52:25.598+0000

• Duration: 85 min 49 sec

Test stats 🧪

Test	Results
Failed	2
Passed	17322
Skipped	1772
Total	19096

Test errors

Expand to view the tests failures

• Name: Build and Test / Libbeat / Libbeat oss / TestOutputReload – pipeline

  • Age: 1
  • Duration: 34.45
  • Error Details: Failed

• Name: Build and Test / Libbeat / Libbeat oss / TestOutputReload/network_client – pipeline

  • Age: 1
  • Duration: 18.8
  • Error Details: Failed

Steps errors

Expand to view the steps failures

• Name: Mage build test

  • Description: mage build test

  • Duration: 8 min 51 sec

  • Start Time: 2020-09-24T12:20:09.125+0000

  • log

• Name: Notifies GitHub of the status of a Pull Request

  • Description: script returned exit code 1

  • Duration: 0 min 1 sec

  • Start Time: 2020-09-24T12:28:11.449+0000

  • log

• Name: Mage build test

  • Description: mage build test

  • Duration: 5 min 50 sec

  • Start Time: 2020-09-24T12:20:09.650+0000

  • log

• Name: Notifies GitHub of the status of a Pull Request

  • Description: script returned exit code 1

  • Duration: 0 min 1 sec

  • Start Time: 2020-09-24T12:25:06.513+0000

  • log

Log output

Expand to view the last 100 lines of log output

[2020-09-24T13:16:15.715Z] [Google Cloud Storage Plugin] Downloading: Beats/beats/PR-21292-1/source/source.tgz to local path: /var/lib/jenkins/workspace/Beats_beats_PR-21292/source.tgz
[2020-09-24T13:16:27.377Z] + tar --version
[2020-09-24T13:16:27.692Z] + tar -xpf source.tgz
[2020-09-24T13:16:40.297Z] + rm source.tgz
[2020-09-24T13:16:40.322Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats
[2020-09-24T13:16:40.372Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Lint
[2020-09-24T13:16:40.534Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Winlogbeat-oss
[2020-09-24T13:16:40.699Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Elastic-Agent-x-pack
[2020-09-24T13:16:40.868Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Auditbeat-crosscompile
[2020-09-24T13:16:41.040Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/dockerlogbeat
[2020-09-24T13:16:41.206Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Generators-Metricbeat-Linux
[2020-09-24T13:16:41.370Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Journalbeat
[2020-09-24T13:16:41.535Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Libbeat-oss
[2020-09-24T13:16:41.700Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Functionbeat-x-pack
[2020-09-24T13:16:41.864Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Packetbeat-Linux
[2020-09-24T13:16:42.032Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Elastic-Agent-x-pack-Windows
[2020-09-24T13:16:42.200Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Filebeat-oss
[2020-09-24T13:16:42.364Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Metricbeat-OSS-Unit-tests
[2020-09-24T13:16:42.525Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Heartbeat-Windows
[2020-09-24T13:16:42.690Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Heartbeat-oss
[2020-09-24T13:16:42.855Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Auditbeat-oss-Windows
[2020-09-24T13:16:43.028Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Metricbeat-crosscompile
[2020-09-24T13:16:43.202Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Winlogbeat-Windows-x-pack
[2020-09-24T13:16:43.367Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Auditbeat-x-pack-Windows
[2020-09-24T13:16:43.534Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Auditbeat-x-pack
[2020-09-24T13:16:43.707Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Filebeat-x-pack-Windows
[2020-09-24T13:16:43.871Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Functionbeat-Windows
[2020-09-24T13:16:44.035Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Packetbeat-Windows
[2020-09-24T13:16:44.202Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Auditbeat-oss-Linux
[2020-09-24T13:16:44.368Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Libbeat-x-pack
[2020-09-24T13:16:44.536Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Filebeat-Windows
[2020-09-24T13:16:44.715Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Winlogbeat-Windows
[2020-09-24T13:16:44.885Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Metricbeat-x-pack-Windows
[2020-09-24T13:16:45.053Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Metricbeat-Windows
[2020-09-24T13:16:45.229Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Generators-Beat-Linux
[2020-09-24T13:16:45.400Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Elastic-Agent-Mac-OS-X
[2020-09-24T13:16:45.567Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Metricbeat-OSS-Go-Integration-tests
[2020-09-24T13:16:45.731Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Filebeat-x-pack-Mac-OS-X
[2020-09-24T13:16:45.896Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Heartbeat-Mac-OS-X
[2020-09-24T13:16:46.062Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Auditbeat-x-pack-Mac-OS-X
[2020-09-24T13:16:46.231Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Filebeat-Mac-OS-X
[2020-09-24T13:16:46.400Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Auditbeat-oss-Mac-OS-X
[2020-09-24T13:16:46.700Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Metricbeat-OSS-Python-Integration-tests
[2020-09-24T13:16:46.867Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Generators-Metricbeat-Mac-OS-X
[2020-09-24T13:16:47.031Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Filebeat-x-pack
[2020-09-24T13:16:47.197Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Functionbeat-Mac-OS-X-x-pack
[2020-09-24T13:16:47.364Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Metricbeat-x-pack-Mac-OS-X
[2020-09-24T13:16:47.535Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Packetbeat-Mac-OS-X
[2020-09-24T13:16:47.699Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Generators-Beat-Mac-OS-X
[2020-09-24T13:16:47.866Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Metricbeat-Mac-OS-X
[2020-09-24T13:16:48.033Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Metricbeat-x-pack
[2020-09-24T13:16:48.556Z] + cat
[2020-09-24T13:16:48.556Z] + /usr/local/bin/runbld ./runbld-script --job-name elastic+beats+pull-request
[2020-09-24T13:16:48.556Z] Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF8
[2020-09-24T13:16:56.698Z] runbld>>> runbld started
[2020-09-24T13:16:56.698Z] runbld>>> 1.6.12/f45d832f2ba0aa2722ab4ec1fda8ad140f027f8b
[2020-09-24T13:16:57.641Z] runbld>>> The following profiles matched the job 'elastic+beats+pull-request' in order of occurrence in the config (last value wins).
[2020-09-24T13:16:57.641Z] runbld>>> Matches in the system config:
[2020-09-24T13:16:57.641Z] runbld>>> - Matched ^elastic\+beats
[2020-09-24T13:16:57.641Z] runbld>>> - Matched ^elastic\+beats\+pull-request
[2020-09-24T13:16:59.020Z] runbld>>> Debug logging enabled.
[2020-09-24T13:16:59.020Z] runbld>>> Storing result
[2020-09-24T13:16:59.280Z] runbld>>> Store result: created {:total 2, :successful 2, :failed 0} 1
[2020-09-24T13:16:59.280Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1597739501209/t/20200924131658-4C5DCE24
[2020-09-24T13:16:59.280Z] runbld>>> Adding system facts.
[2020-09-24T13:17:00.666Z] runbld>>> Adding vcs info for the latest commit:  b856ecdb15712e12d40b7e8e482d72789bb31b18
[2020-09-24T13:17:00.666Z] runbld>>> >>>>>>>>>>>> SCRIPT EXECUTION BEGIN >>>>>>>>>>>>
[2020-09-24T13:17:00.666Z] runbld>>> Adding /usr/lib/jvm/java-8-openjdk-amd64/bin to the path.
[2020-09-24T13:17:00.666Z] Processing JUnit reports with runbld...
[2020-09-24T13:17:00.666Z] + echo 'Processing JUnit reports with runbld...'
[2020-09-24T13:17:00.926Z] runbld>>> <<<<<<<<<<<< SCRIPT EXECUTION END <<<<<<<<<<<<
[2020-09-24T13:17:00.926Z] runbld>>> DURATION: 61ms
[2020-09-24T13:17:00.926Z] runbld>>> STDOUT: 40 bytes
[2020-09-24T13:17:00.926Z] runbld>>> STDERR: 49 bytes
[2020-09-24T13:17:00.926Z] runbld>>> WRAPPED PROCESS: SUCCESS (0)
[2020-09-24T13:17:00.926Z] runbld>>> Searching for build metadata in /var/lib/jenkins/workspace/Beats_beats_PR-21292
[2020-09-24T13:17:02.310Z] runbld>>> Storing build metadata: 
[2020-09-24T13:17:02.310Z] runbld>>> Adding test report.
[2020-09-24T13:17:02.310Z] runbld>>> Searching for junit test output files with the pattern: TEST-.*\.xml$ in: /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats
[2020-09-24T13:17:02.880Z] runbld>>> Found 135 test output files
[2020-09-24T13:17:03.452Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-activemq.xml
[2020-09-24T13:17:03.452Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-openmetrics.xml
[2020-09-24T13:17:03.452Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-istio.xml
[2020-09-24T13:17:03.452Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-iis.xml
[2020-09-24T13:17:03.452Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-tomcat.xml
[2020-09-24T13:17:04.841Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Metricbeat-OSS-Go-Integration-tests/metricbeat/build/TEST-go-integration-graphite.xml
[2020-09-24T13:17:04.841Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-21292/src/github.com/elastic/beats/Metricbeat-OSS-Go-Integration-tests/metricbeat/build/TEST-go-integration-windows.xml
[2020-09-24T13:17:06.759Z] runbld>>> Test output logs contained: Errors: 0 Failures: 2 Tests: 18941 Skipped: 1512
[2020-09-24T13:17:06.760Z] runbld>>> Storing result
[2020-09-24T13:17:06.760Z] runbld>>> FAILURES: 2
[2020-09-24T13:17:07.329Z] runbld>>> Store result: updated {:total 2, :successful 2, :failed 0} 2
[2020-09-24T13:17:07.329Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1597739501209/t/20200924131658-4C5DCE24
[2020-09-24T13:17:07.589Z] runbld>>> Email notification disabled by environment variable.
[2020-09-24T13:17:07.589Z] runbld>>> Slack notification disabled by environment variable.
[2020-09-24T13:17:13.456Z] Running on Jenkins in /var/lib/jenkins/workspace/Beats_beats_PR-21292
[2020-09-24T13:17:13.792Z] [INFO] getVaultSecret: Getting secrets
[2020-09-24T13:17:13.898Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2020-09-24T13:17:15.103Z] + chmod 755 generate-build-data.sh
[2020-09-24T13:17:15.103Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-21292/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-21292/runs/1 FAILURE 5089223
[2020-09-24T13:17:15.103Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-21292/runs/1/steps/?limit=10000 -o steps-info.json