[7.x] [elasticsearch] use bash for readiness script (#1458)

[jmlrt]

Backports the following commits to 7.x:

• [elasticsearch] use bash for readiness script ([elasticsearch] use bash for readiness script #1458)

[jmlrt]

Tests are still failing because we can't download the goss binary from GitHub inside the Ubuntu based Elasticsearch Docker image:

elasticsearch@elasticsearch-master-0:~$ curl -L "https://github.com/aelsabbahy/goss/releases/download/v0.3.6/goss-linux-amd64" -o goss
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (77) error setting certificate verify locations:
  CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs

It seems that's because the ca-certificates package is missing in the Docker image. cc @elastic/infra-release @elastic/es-delivery

[pugnascotia]

We don't install ca-certificates for Elasticsearch, though we do copy in a file from ca-certificates-java. You can use apt-get to install ca-certificates though, e.g.

RUN set -eux ; \
    export DEBIAN_FRONTEND=noninteractive ; \
    apt-get update ; \
    apt-get install -y ca-certificates ; \
    apt-get clean ; \
    rm -rf /var/lib/apt/lists/*

[jmlrt]

We don't install ca-certificates for Elasticsearch, though we do copy in a file from ca-certificates-java. You can use apt-get to install ca-certificates though, e.g.

RUN set -eux ; \
    export DEBIAN_FRONTEND=noninteractive ; \
    apt-get update ; \
    apt-get install -y ca-certificates ; \
    apt-get clean ; \
    rm -rf /var/lib/apt/lists/*

Unfortunately that's not possible for Elasticsearch chart tests as we need to run tests in an already running container from the unmodified Elasticsearch image which means we also can't exec as root in the running pod to install the package.

[jmlrt]

PR for workaround => #1460

[pugnascotia]

Well...we could add the package in, but 7.16.0 has already been cut so that's not going to help you. It could be added for 7.16.1 I guess.

[jmlrt]

Well...we could add the package in, but 7.16.0 has already been cut so that's not going to help you. It could be added for 7.16.1 I guess.

#1460 should do the trick for helm-charts tests, I don't know if there is other use cases outside of helm-charts tests that could require having to run curl with HTTPS inside the containers. I may roll back #1460 later id you're adding back the ca-certificate package in 7.16.1 but can live with it if you don't think that's worth adding it back.

[jmlrt]

Merging like this for now as tests are already failing anyway and it will need #1460 backport in addition of this PR to fix them.