diff --git a/.github/playbooks/aio-wazuh.yml b/.github/playbooks/aio-wazuh.yml index d9f7e0d4a..c5911580e 100644 --- a/.github/playbooks/aio-wazuh.yml +++ b/.github/playbooks/aio-wazuh.yml @@ -1,38 +1,42 @@ - name: Generate certificates prior to converging - hosts: localhost + hosts: aio become: true become_user: root roles: # 1. Check packages - role: ../../roles/wazuh/check-packages become: no - delegate_to: localhost + delegate_to: aio run_once: true # 2. Generate certificates - role: ../../roles/wazuh/wazuh-indexer vars: generate_certs: true perform_installation: false - instances: - node1: - name: wazuh-es01 # Important: must be equal to indexer_node_name. - ip: "127.0.0.1" # When unzipping, the node will search for its node name folder to get the cert. - role: indexer - node3: - name: wazuh-mgr01 - ip: "127.0.0.1" - role: wazuh - node5: - name: wazuh-dash01 - ip: "127.0.0.1" - role: dashboard + macos_localhost: false + vars: + # wazuh_endpoint_list: "{{ groups['aio'] }}" + instances: + node1: + name: wazuh-es01 # Important: must be equal to indexer_node_name. + ip: "127.0.0.1" # When unzipping, the node will search for its node name folder to get the cert. + role: indexer + node3: + name: wazuh-mgr01 + ip: "127.0.0.1" + role: wazuh + node5: + name: wazuh-dash01 + ip: "127.0.0.1" + role: dashboard pre_tasks: - name: overview of cert configuration debug: - var: wazuh_endpoint_list + # var: wazuh_endpoint_list + var: instances - name: Converge - hosts: localhost + hosts: aio become: true become_user: root roles: diff --git a/.github/playbooks/distributed-wazuh.yml b/.github/playbooks/distributed-wazuh.yml new file mode 100644 index 000000000..ecce68244 --- /dev/null +++ b/.github/playbooks/distributed-wazuh.yml @@ -0,0 +1,177 @@ +--- +# Certificates generation +- hosts: wi1 + roles: + # Check packages + - role: ../../roles/wazuh/check-packages + become: no + delegate_to: localhost + run_once: true + # Generate certificates + - role: ../../roles/wazuh/wazuh-indexer + vars: + generate_certs: true + perform_installation: false + become: true + become_user: root + vars: + indexer_node_master: true + instances: + node1: + name: node-1 + ip: "{{ hostvars.wi1.private_ip }}" + role: indexer + node2: + name: node-2 + ip: "{{ hostvars.wi2.private_ip }}" + role: indexer + node3: + name: node-3 + ip: "{{ hostvars.wi3.private_ip }}" + role: indexer + node4: + name: node-4 + ip: "{{ hostvars.manager.private_ip }}" + role: wazuh + node_type: master + node5: + name: node-5 + ip: "{{ hostvars.worker.private_ip }}" + role: wazuh + node_type: worker + node6: + name: node-6 + ip: "{{ hostvars.dashboard.private_ip }}" + role: dashboard + macos_localhost: false + tags: + - generate-certs + +# Wazuh indexer cluster +- hosts: wi_cluster + strategy: free + roles: + - role: ../../roles/wazuh/wazuh-indexer + indexer_network_host: "{{ private_ip }}" + become: yes + become_user: root + vars: + indexer_cluster_nodes: + - "{{ hostvars.wi1.private_ip }}" + - "{{ hostvars.wi2.private_ip }}" + - "{{ hostvars.wi3.private_ip }}" + indexer_discovery_nodes: + - "{{ hostvars.wi1.private_ip }}" + - "{{ hostvars.wi2.private_ip }}" + - "{{ hostvars.wi3.private_ip }}" + indexer_node_master: true + instances: + node1: + name: node-1 # Important: must be equal to indexer_node_name. + ip: "{{ hostvars.wi1.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert. + role: indexer + node2: + name: node-2 + ip: "{{ hostvars.wi2.private_ip }}" + role: indexer + node3: + name: node-3 + ip: "{{ hostvars.wi3.private_ip }}" + role: indexer + node4: + name: node-4 + ip: "{{ hostvars.manager.private_ip }}" + role: wazuh + node_type: master + node5: + name: node-5 + ip: "{{ hostvars.worker.private_ip }}" + role: wazuh + node_type: worker + node6: + name: node-6 + ip: "{{ hostvars.dashboard.private_ip }}" + role: dashboard + +# Wazuh cluster +- hosts: manager + roles: + - role: "../../roles/wazuh/ansible-wazuh-manager" + - role: "../../roles/wazuh/ansible-filebeat-oss" + become: yes + become_user: root + vars: + filebeat_node_name: node-4 + wazuh_manager_config: + connection: + - type: 'secure' + port: '1514' + protocol: 'tcp' + queue_size: 131072 + api: + https: 'yes' + cluster: + disable: 'no' + node_name: 'master' + node_type: 'master' + key: 'c98b62a9b6169ac5f67dae55ae4a9088' + nodes: + - "{{ hostvars.manager.private_ip }}" + hidden: 'no' + wazuh_api_users: + - username: custom-user + password: SecretPassword1! + filebeat_output_indexer_hosts: + - "{{ hostvars.wi1.private_ip }}" + - "{{ hostvars.wi2.private_ip }}" + - "{{ hostvars.wi3.private_ip }}" + +- hosts: worker + roles: + - role: "../../roles/wazuh/ansible-wazuh-manager" + - role: "../../roles/wazuh/ansible-filebeat-oss" + become: yes + become_user: root + vars: + filebeat_node_name: node-5 + wazuh_manager_config: + connection: + - type: 'secure' + port: '1514' + protocol: 'tcp' + queue_size: 131072 + api: + https: 'yes' + cluster: + disable: 'no' + node_name: 'worker_01' + node_type: 'worker' + key: 'c98b62a9b6169ac5f67dae55ae4a9088' + nodes: + - "{{ hostvars.manager.private_ip }}" + hidden: 'no' + filebeat_output_indexer_hosts: + - "{{ hostvars.wi1.private_ip }}" + - "{{ hostvars.wi2.private_ip }}" + - "{{ hostvars.wi3.private_ip }}" + +# Wazuh dashboard node +- hosts: dashboard + roles: + - role: "../../roles/wazuh/wazuh-dashboard" + become: yes + become_user: root + vars: + indexer_network_host: "{{ hostvars.wi1.private_ip }}" + indexer_cluster_nodes: + - "{{ hostvars.wi1.private_ip }}" + - "{{ hostvars.wi2.private_ip }}" + - "{{ hostvars.wi3.private_ip }}" + dashboard_node_name: node-6 + wazuh_api_credentials: + - id: default + url: https://{{ hostvars.manager.private_ip }} + port: 55000 + username: custom-user + password: SecretPassword1! + ansible_shell_allow_world_readable_temp: true diff --git a/.github/playbooks/single-wazuh.yml b/.github/playbooks/single-wazuh.yml deleted file mode 100644 index 164b19a98..000000000 --- a/.github/playbooks/single-wazuh.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -- name: ConvergeCerts - hosts: localhost - roles: - - role: ../../roles/wazuh/check-packages - become: no - delegate_to: localhost - run_once: true - - role: ../../roles/wazuh/wazuh-indexer - perform_installation: false - vars: - instances: - node1: - name: node-1 # Important: must be equal to indexer_node_name. - ip: 127.0.0.1 - role: indexer - tags: - - generate-certs -- name: ConvergeInstall - hosts: localhost - roles: - # Managers - - role: ../../roles/wazuh/ansible-wazuh-manager - vars: - - role: ../../roles/wazuh/ansible-filebeat-oss - vars: - filebeat_output_indexer_hosts: - - "indexer_centos7:9200" - pre_tasks: - - name: (converge) fix missing packages in cloud images - apt: - name: - - unzip - - gpg-agent - state: present - update_cache: yes - when: ansible_distribution == "Ubuntu" \ No newline at end of file diff --git a/.github/workflows/aio.yml b/.github/workflows/aio.yml new file mode 100644 index 000000000..e7dc2b6dc --- /dev/null +++ b/.github/workflows/aio.yml @@ -0,0 +1,214 @@ +--- +name: AIO-Single-Instance-Test +on: + workflow_dispatch: + inputs: + AUTOMATION_REFERENCE: + description: 'Branch or tag of the wazuh-automation repository' + required: true + default: 'master' + SYSTEMS: + description: 'Operating Systems (list of comma-separated quoted strings enclosed in square brackets)' + required: true + default: '["CentOS_8", "AmazonLinux_2", "Ubuntu_22", "RHEL8"]' + type: string + VERBOSITY: + description: 'Verbosity level on playbooks execution' + required: true + default: '-v' + type: choice + options: + - -v + - -vv + - -vvv + - -vvvv + pull_request: + release: +env: + COMPOSITE_NAME: "linux-SUBNAME-amd64" + ALLOCATOR_PATH: "/tmp/allocator_instance" +permissions: + id-token: write # JWT + contents: read # actions/checkout +jobs: + setup-runner: + name: Setup runner + runs-on: ubuntu-latest + steps: + - name: Display workflow inputs + run: echo "${{ toJson(inputs) }}" + - name: Compute outputs + id: compute-outputs + run: | + # Set SYSTEMS_LIST + if [ "${{ inputs.SYSTEMS }}" != "null" && "${{ inputs.SYSTEMS }}" != "" ]; then + SYSTEMS_LIST=${{ inputs.SYSTEMS }} + else + SYSTEMS_LIST='["CentOS_8", "AmazonLinux_2", "Ubuntu_22", "RHEL8"]' + fi + echo "SYSTEMS_JSON=$(echo $SYSTEMS_LIST | jq -c '.')" >> $GITHUB_OUTPUT + echo "Systems JSON: $SYSTEMS_JSON" + + # Set WAZUH_TEMPLATE_BRANCH + if [ "${{ github.event_name }}" == "pull_request" ]; then + WAZUH_TEMPLATE_BRANCH=${{ github.base_ref }} + else + WAZUH_TEMPLATE_BRANCH=${{ github.ref }} + # Remove refs/heads/ or refs/tags/ from the branch name + WAZUH_TEMPLATE_BRANCH=${WAZUH_TEMPLATE_BRANCH#refs/heads/} + WAZUH_TEMPLATE_BRANCH=${WAZUH_TEMPLATE_BRANCH#refs/tags/} + fi + echo "WAZUH_TEMPLATE_BRANCH=$WAZUH_TEMPLATE_BRANCH" >> $GITHUB_OUTPUT + + # Set VERBOSITY + if [ "${{ inputs.VERBOSITY }}" != "null" && "${{ inputs.VERBOSITY }}" != "" ]; then + VERBOSITY=${{ inputs.VERBOSITY }} + else + VERBOSITY='-v' + fi + echo "VERBOSITY=$VERBOSITY" >> $GITHUB_OUTPUT + echo "Verbosity level: $VERBOSITY" + outputs: + SYSTEMS_JSON: ${{ steps.compute-outputs.outputs.SYSTEMS_JSON }} + VERBOSITY: ${{ steps.compute-outputs.outputs.VERBOSITY }} + WAZUH_TEMPLATE_BRANCH: ${{ steps.compute-outputs.outputs.WAZUH_TEMPLATE_BRANCH }} + start-runner: + name: Start EC2 instance using allocator and run ansible playbook + runs-on: ubuntu-latest + needs: setup-runner + strategy: + fail-fast: false # all jobs will run even if one fails + matrix: + system: ${{ fromJson(needs.setup-runner.outputs.SYSTEMS_JSON) }} + steps: + - name: Configure AWS credentials (assume role) + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_IAM_ROLE }} + role-session-name: + aws-region: us-east-1 + - name: Checkout wazuh/wazuh-automation repository + uses: actions/checkout@v4 + with: + repository: wazuh/wazuh-automation + ref: ${{ inputs.AUTOMATION_REFERENCE }} + token: ${{ secrets.GH_CLONE_TOKEN }} + path: wazuh-automation/ + - name: Install python and create virtual environment + run: | + sudo apt-get update + sudo apt-get install -y python3 python3-venv + python3 -m pip install --upgrade pip + python3 -m venv venv + source venv/bin/activate + - name: Install and set allocator requirements + run: | + pip install -r wazuh-automation/deployability/deps/requirements.txt + pip install ansible-core==2.16 + ansible-galaxy collection install community.general + ansible-galaxy collection install community.docker + - name: Set COMPOSITE_NAME variable + run: | + case "${{ matrix.system }}" in + "CentOS_7") + SUBNAME="centos-7" + ;; + "CentOS_8") + SUBNAME="centos-8" + ;; + "AmazonLinux_2") + SUBNAME="amazon-2" + ;; + "Ubuntu_16") + SUBNAME="ubuntu-16.04" + ;; + "Ubuntu_18") + SUBNAME="ubuntu-18.04" + ;; + "Ubuntu_20") + SUBNAME="ubuntu-20.04" + ;; + "Ubuntu_22") + SUBNAME="ubuntu-22.04" + ;; + "RHEL7") + SUBNAME="redhat-7" + ;; + "RHEL8") + SUBNAME="redhat-8" + ;; + *) + echo "Invalid SYSTEM selection" >&2 + exit 1 + ;; + esac + COMPOSITE_NAME="${COMPOSITE_NAME/SUBNAME/$SUBNAME}" + echo "COMPOSITE_NAME=$COMPOSITE_NAME" >> $GITHUB_ENV + - name: Allocate EC2 instance + id: allocator_instance + run: | + python3 wazuh-automation/deployability/modules/allocation/main.py --action create --provider aws --size large --composite-name ${{ env.COMPOSITE_NAME }} --working-dir $ALLOCATOR_PATH \ + --track-output $ALLOCATOR_PATH/track.yml --inventory-output $ALLOCATOR_PATH/inventory.yml --instance-name gha_ansible_${{ matrix.system }}_${{ github.run_id }} \ + --label-team devops --label-termination-date 1d + sed 's/: */=/g' $ALLOCATOR_PATH/inventory.yml > $ALLOCATOR_PATH/inventory_mod.yml + sed -i 's/-o StrictHostKeyChecking=no/\"-o StrictHostKeyChecking=no\"/g' $ALLOCATOR_PATH/inventory_mod.yml + source $ALLOCATOR_PATH/inventory_mod.yml + echo "[aio]" > $ALLOCATOR_PATH/inventory + echo "$ansible_host ansible_port=$ansible_port ansible_user=$ansible_user ansible_ssh_private_key_file=$ansible_ssh_private_key_file ansible_ssh_common_args='$ansible_ssh_common_args'" >> $ALLOCATOR_PATH/inventory + echo "[aio:vars]" >> $ALLOCATOR_PATH/inventory + echo "wazuh_template_branch=${{ needs.setup-runner.outputs.WAZUH_TEMPLATE_BRANCH }}" >> $ALLOCATOR_PATH/inventory + + - name: Save ALLOCATOR_PATH directory as artifact + uses: actions/upload-artifact@v4 + with: + name: allocator-instance-${{ matrix.system }}-${{ github.run_id }} + path: ${{ env.ALLOCATOR_PATH }} + - name: Check out the codebase. + uses: actions/checkout@v4 + - name: Ansible Playbook run Wazuh AIO Single instance + run: | + ansible-playbook ./.github/playbooks/aio-wazuh.yml \ + -i $ALLOCATOR_PATH/inventory \ + -l all \ + ${{ needs.setup-runner.outputs.VERBOSITY }} + stop-runner: + name: Stop allocated EC2 instance + needs: + - setup-runner + - start-runner + runs-on: ubuntu-latest + strategy: + fail-fast: false # all jobs will run even if one fails + matrix: + system: ${{ fromJson(needs.setup-runner.outputs.SYSTEMS_JSON) }} + if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v3 + with: + role-to-assume: ${{ secrets.AWS_IAM_ROLE }} + aws-region: us-east-1 + - name: Checkout wazuh/wazuh-automation repository + uses: actions/checkout@v4 + with: + repository: wazuh/wazuh-automation + ref: ${{ inputs.AUTOMATION_REFERENCE }} + token: ${{ secrets.GH_CLONE_TOKEN }} + path: wazuh-automation/ + - name: Install python and create virtual environment + run: | + sudo apt-get update + sudo apt-get install -y python3 python3-venv + python3 -m pip install --upgrade pip + python3 -m venv venv + source venv/bin/activate + - name: Install and set allocator requirements + run: | + pip install -r wazuh-automation/deployability/deps/requirements.txt + - name: Download the allocator artifact + uses: actions/download-artifact@v4 + with: + name: allocator-instance-${{ matrix.system }}-${{ github.run_id }} + path: ${{ env.ALLOCATOR_PATH }} + - name: Delete allocated EC2 instance + run: python3 wazuh-automation/deployability/modules/allocation/main.py --action delete --track-output $ALLOCATOR_PATH/track.yml diff --git a/.github/workflows/al_aio.yml b/.github/workflows/al_aio.yml deleted file mode 100644 index cd121303c..000000000 --- a/.github/workflows/al_aio.yml +++ /dev/null @@ -1,67 +0,0 @@ ---- -name: AIO-AL-Single-Instance -on: [pull_request, workflow_dispatch, release] -jobs: - start-runner: - name: Start self-hosted EC2 runner - runs-on: ubuntu-latest - outputs: - label: ${{ steps.start-ec2-runner.outputs.label }} - ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }} - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ secrets.AWS_REGION }} - - name: Start EC2 runner - id: start-ec2-runner - uses: machulav/ec2-github-runner@v2 - with: - mode: start - github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} - ec2-image-id: ${{ secrets.AL2_AMI_ID }} - ec2-instance-type: t3a.large - subnet-id: ${{ secrets.SUBNET_ID }} - security-group-id: ${{ secrets.SG_ID }} - aws-resource-tags: > # optional, requires additional permissions - [ - {"Key": "Name", "Value": "wazuh-ansible-gh-runner-aio"}, - {"Key": "GitHubRepository", "Value": "${{ github.repository }}"}, - {"Key": "team", "Value": "CICD"}, - {"Key": "termination_date", "Value": "2022-12-31 21:00:00"} - ] - install-aio-single-instance: - name: Installs AIO single instance - needs: start-runner # required to start the main job when the runner is ready - runs-on: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - - name: Ansible Playbook run Wazuh AIO Single instance - run: ansible-playbook ./.github/playbooks/aio-wazuh.yml - env: - PY_COLORS: '1' - ANSIBLE_FORCE_COLOR: '1' - stop-runner: - name: Stop self-hosted EC2 runner - needs: - - start-runner # required to get output from the start-runner job - - install-aio-single-instance # required to wait when the main job is done - runs-on: ubuntu-latest - if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ secrets.AWS_REGION }} - - name: Stop EC2 runner - uses: machulav/ec2-github-runner@v2 - with: - mode: stop - github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} - label: ${{ needs.start-runner.outputs.label }} - ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }} \ No newline at end of file diff --git a/.github/workflows/al_wazuh.yml b/.github/workflows/al_wazuh.yml deleted file mode 100644 index 8200e866b..000000000 --- a/.github/workflows/al_wazuh.yml +++ /dev/null @@ -1,67 +0,0 @@ ---- -name: Wazuh-AL-Single-Instance -on: [pull_request, workflow_dispatch, release] -jobs: - start-runner: - name: Start self-hosted EC2 runner - runs-on: ubuntu-latest - outputs: - label: ${{ steps.start-ec2-runner.outputs.label }} - ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }} - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ secrets.AWS_REGION }} - - name: Start EC2 runner - id: start-ec2-runner - uses: machulav/ec2-github-runner@v2 - with: - mode: start - github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} - ec2-image-id: ${{ secrets.AL2_AMI_ID }} - ec2-instance-type: t3.small - subnet-id: ${{ secrets.SUBNET_ID }} - security-group-id: ${{ secrets.SG_ID }} - aws-resource-tags: > # optional, requires additional permissions - [ - {"Key": "Name", "Value": "wazuh-ansible-gh-runner-wazuh"}, - {"Key": "GitHubRepository", "Value": "${{ github.repository }}"}, - {"Key": "team", "Value": "CICD"}, - {"Key": "termination_date", "Value": "2022-12-31 21:00:00"} - ] - install-wazuh-single-instance: - name: Installs Wazuh server single instance - needs: start-runner # required to start the main job when the runner is ready - runs-on: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - - name: Ansible Playbook run Wazuh Single instance - run: ansible-playbook ./.github/playbooks/single-wazuh.yml - env: - PY_COLORS: '1' - ANSIBLE_FORCE_COLOR: '1' - stop-runner: - name: Stop self-hosted EC2 runner - needs: - - start-runner # required to get output from the start-runner job - - install-wazuh-single-instance # required to wait when the main job is done - runs-on: ubuntu-latest - if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ secrets.AWS_REGION }} - - name: Stop EC2 runner - uses: machulav/ec2-github-runner@v2 - with: - mode: stop - github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} - label: ${{ needs.start-runner.outputs.label }} - ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }} \ No newline at end of file diff --git a/.github/workflows/centos_aio.yml b/.github/workflows/centos_aio.yml deleted file mode 100644 index 0d03a1684..000000000 --- a/.github/workflows/centos_aio.yml +++ /dev/null @@ -1,76 +0,0 @@ ---- -name: AIO-CentOS-Single-Instance -on: [pull_request, workflow_dispatch, release] -jobs: - start-runner: - name: Start self-hosted EC2 runner - runs-on: ubuntu-latest - outputs: - label: ${{ steps.start-ec2-runner.outputs.label }} - ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }} - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ secrets.AWS_REGION }} - - name: Start EC2 runner - id: start-ec2-runner - uses: machulav/ec2-github-runner@v2 - with: - mode: start - github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} - ec2-image-id: ${{ secrets.CENTOS8_AMI_ID }} - ec2-instance-type: t3a.large - subnet-id: ${{ secrets.SUBNET_ID }} - security-group-id: ${{ secrets.SG_ID }} - aws-resource-tags: > # optional, requires additional permissions - [ - {"Key": "Name", "Value": "wazuh-ansible-gh-runner-aio"}, - {"Key": "GitHubRepository", "Value": "${{ github.repository }}"}, - {"Key": "team", "Value": "CICD"}, - {"Key": "termination_date", "Value": "2022-12-31 21:00:00"} - ] - install-aio-single-instance: - name: Installs AIO single instance - needs: start-runner # required to start the main job when the runner is ready - runs-on: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - - name: Hack to get setup-python to work on act. See act issue 251 - run: | - if [ ! -f "/etc/lsb-release" ] ; then - echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release - fi - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - name: Ansible Playbook run Wazuh AIO Single instance - run: ansible-playbook ./.github/playbooks/aio-wazuh.yml - env: - PY_COLORS: '1' - ANSIBLE_FORCE_COLOR: '1' - stop-runner: - name: Stop self-hosted EC2 runner - needs: - - start-runner # required to get output from the start-runner job - - install-aio-single-instance # required to wait when the main job is done - runs-on: ubuntu-latest - if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ secrets.AWS_REGION }} - - name: Stop EC2 runner - uses: machulav/ec2-github-runner@v2 - with: - mode: stop - github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} - label: ${{ needs.start-runner.outputs.label }} - ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }} \ No newline at end of file diff --git a/.github/workflows/centos_wazuh.yml b/.github/workflows/centos_wazuh.yml deleted file mode 100644 index 17e90e397..000000000 --- a/.github/workflows/centos_wazuh.yml +++ /dev/null @@ -1,76 +0,0 @@ ---- -name: Wazuh-CentOS-Single-Instance -on: [pull_request, workflow_dispatch, release] -jobs: - start-runner: - name: Start self-hosted EC2 runner - runs-on: ubuntu-latest - outputs: - label: ${{ steps.start-ec2-runner.outputs.label }} - ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }} - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ secrets.AWS_REGION }} - - name: Start EC2 runner - id: start-ec2-runner - uses: machulav/ec2-github-runner@v2 - with: - mode: start - github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} - ec2-image-id: ${{ secrets.CENTOS8_AMI_ID }} - ec2-instance-type: t3.small - subnet-id: ${{ secrets.SUBNET_ID }} - security-group-id: ${{ secrets.SG_ID }} - aws-resource-tags: > # optional, requires additional permissions - [ - {"Key": "Name", "Value": "wazuh-ansible-gh-runner-wazuh"}, - {"Key": "GitHubRepository", "Value": "${{ github.repository }}"}, - {"Key": "team", "Value": "CICD"}, - {"Key": "termination_date", "Value": "2022-12-31 21:00:00"} - ] - install-wazuh-single-instance: - name: Installs Wazuh server single instance - needs: start-runner # required to start the main job when the runner is ready - runs-on: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - - name: Hack to get setup-python to work on act. See act issue 251 - run: | - if [ ! -f "/etc/lsb-release" ] ; then - echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release - fi - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - name: Ansible Playbook run Wazuh Single instance - run: ansible-playbook ./.github/playbooks/single-wazuh.yml - env: - PY_COLORS: '1' - ANSIBLE_FORCE_COLOR: '1' - stop-runner: - name: Stop self-hosted EC2 runner - needs: - - start-runner # required to get output from the start-runner job - - install-wazuh-single-instance # required to wait when the main job is done - runs-on: ubuntu-latest - if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ secrets.AWS_REGION }} - - name: Stop EC2 runner - uses: machulav/ec2-github-runner@v2 - with: - mode: stop - github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} - label: ${{ needs.start-runner.outputs.label }} - ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }} \ No newline at end of file diff --git a/.github/workflows/distributed.yml b/.github/workflows/distributed.yml new file mode 100644 index 000000000..26feafeb7 --- /dev/null +++ b/.github/workflows/distributed.yml @@ -0,0 +1,311 @@ +--- +name: Distributed-Wazuh-Test +on: + workflow_dispatch: + inputs: + AUTOMATION_REFERENCE: + description: 'Branch or tag of the wazuh-automation repository' + required: true + default: 'master' + SYSTEMS: + description: 'Operating Systems (list of comma-separated quoted strings enclosed in square brackets)' + required: true + default: '["CentOS_8", "AmazonLinux_2", "Ubuntu_22", "RHEL8"]' + type: string + VERBOSITY: + description: 'Verbosity level on playbooks execution' + required: true + default: '-v' + type: choice + options: + - -v + - -vv + - -vvv + - -vvvv + pull_request: + release: +env: + COMPOSITE_NAME: "linux-SUBNAME-amd64" + ALLOCATOR_PATH: "/tmp/allocator_instance" + INSTANCE_NAMES: "wi1 wi2 wi3 dashboard manager worker" +permissions: + id-token: write # JWT + contents: read # actions/checkout +jobs: + setup-runner: + name: Setup runner + runs-on: ubuntu-latest + steps: + - name: Display workflow inputs + run: echo "${{ toJson(inputs) }}" + - name: Compute outputs + id: compute-outputs + run: | + # Set SYSTEMS_LIST + if [ "${{ inputs.SYSTEMS }}" != "null" && "${{ inputs.SYSTEMS }}" != "" ]; then + SYSTEMS_LIST=${{ inputs.SYSTEMS }} + else + SYSTEMS_LIST='["CentOS_8", "AmazonLinux_2", "Ubuntu_22", "RHEL8"]' + fi + echo "SYSTEMS_JSON=$(echo $SYSTEMS_LIST | jq -c '.')" >> $GITHUB_OUTPUT + echo "Systems JSON: $SYSTEMS_JSON" + + # Set WAZUH_TEMPLATE_BRANCH + if [ "${{ github.event_name }}" == "pull_request" ]; then + WAZUH_TEMPLATE_BRANCH=${{ github.base_ref }} + else + WAZUH_TEMPLATE_BRANCH=${{ github.ref }} + # Remove refs/heads/ or refs/tags/ from the branch name + WAZUH_TEMPLATE_BRANCH=${WAZUH_TEMPLATE_BRANCH#refs/heads/} + WAZUH_TEMPLATE_BRANCH=${WAZUH_TEMPLATE_BRANCH#refs/tags/} + fi + echo "WAZUH_TEMPLATE_BRANCH=$WAZUH_TEMPLATE_BRANCH" >> $GITHUB_OUTPUT + + # Set VERBOSITY + if [ "${{ inputs.VERBOSITY }}" != "null" && "${{ inputs.VERBOSITY }}" != "" ]; then + VERBOSITY=${{ inputs.VERBOSITY }} + else + VERBOSITY='-v' + fi + echo "VERBOSITY=$VERBOSITY" >> $GITHUB_OUTPUT + echo "Verbosity level: $VERBOSITY" + - name: Configure AWS credentials (assume role) + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_IAM_ROLE }} + role-session-name: + aws-region: us-east-1 + - name: Create common SSH key pair in the ALLOCATOR_PATH + id: create-ssh-key + run: | + mkdir -p $ALLOCATOR_PATH + key_name=gha_ansible_key_$(date +%s) + private_key_file=$ALLOCATOR_PATH/${key_name} + aws ec2 create-key-pair --key-name ${key_name} > key_pair_output.json + jq -r '.KeyMaterial' key_pair_output.json > ${private_key_file} + + # Set PRIVATE_KEY_PATH output + echo "PRIVATE_KEY_PATH=${private_key_file}" >> $GITHUB_OUTPUT + - name: Upload artifact (ALLOCATOR_PATH directory) + uses: actions/upload-artifact@v4 + with: + name: allocator-instance-ssh-${{ github.run_id }} + path: ${{ env.ALLOCATOR_PATH }} + outputs: + SYSTEMS_JSON: ${{ steps.compute-outputs.outputs.SYSTEMS_JSON }} + VERBOSITY: ${{ steps.compute-outputs.outputs.VERBOSITY }} + PRIVATE_KEY_PATH: ${{ steps.create-ssh-key.outputs.PRIVATE_KEY_PATH }} + WAZUH_TEMPLATE_BRANCH: ${{ steps.compute-outputs.outputs.WAZUH_TEMPLATE_BRANCH }} + start-runner: + name: Provision instance cluster + runs-on: ubuntu-latest + needs: setup-runner + strategy: + fail-fast: false # all jobs will run even if one fails + matrix: + system: ${{ fromJson(needs.setup-runner.outputs.SYSTEMS_JSON) }} + steps: + - name: Configure AWS credentials (assume role) + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_IAM_ROLE }} + role-session-name: + aws-region: us-east-1 + - name: Checkout wazuh/wazuh-automation repository + uses: actions/checkout@v4 + with: + repository: wazuh/wazuh-automation + ref: ${{ inputs.AUTOMATION_REFERENCE }} + token: ${{ secrets.GH_CLONE_TOKEN }} + path: wazuh-automation/ + - name: Download the (SSH) artifact + uses: actions/download-artifact@v4 + with: + name: allocator-instance-ssh-${{ github.run_id }} + path: ${{ env.ALLOCATOR_PATH }} + - name: Install python and create virtual environment + run: | + sudo apt-get update + sudo apt-get install -y python3 python3-venv + python3 -m pip install --upgrade pip + python3 -m venv venv + source venv/bin/activate + - name: Install and set allocator requirements + run: | + pip install -r wazuh-automation/deployability/deps/requirements.txt + pip install ansible-core==2.16 + ansible-galaxy collection install community.general + ansible-galaxy collection install community.docker + - name: Set COMPOSITE_NAME variable + run: | + case "${{ matrix.system }}" in + "CentOS_7") + SUBNAME="centos-7" + ;; + "CentOS_8") + SUBNAME="centos-8" + ;; + "AmazonLinux_2") + SUBNAME="amazon-2" + ;; + "Ubuntu_16") + SUBNAME="ubuntu-16.04" + ;; + "Ubuntu_18") + SUBNAME="ubuntu-18.04" + ;; + "Ubuntu_20") + SUBNAME="ubuntu-20.04" + ;; + "Ubuntu_22") + SUBNAME="ubuntu-22.04" + ;; + "RHEL7") + SUBNAME="redhat-7" + ;; + "RHEL8") + SUBNAME="redhat-8" + ;; + *) + echo "Invalid SYSTEM selection" >&2 + exit 1 + ;; + esac + COMPOSITE_NAME="${COMPOSITE_NAME/SUBNAME/$SUBNAME}" + echo "COMPOSITE_NAME=$COMPOSITE_NAME" >> $GITHUB_ENV + - name: Allocate cluster of EC2 instances + id: allocator_instance + run: | + instance_names=($INSTANCE_NAMES) + inventory_file="$ALLOCATOR_PATH/inventory_all" + ssh_key_path=${{ needs.setup-runner.outputs.PRIVATE_KEY_PATH }} + + for i in ${!instance_names[@]}; do + instance_name=${instance_names[$i]} + # Provision instance in parallel + ( + python3 wazuh-automation/deployability/modules/allocation/main.py \ + --action create --provider aws --size large \ + --composite-name ${{ env.COMPOSITE_NAME }} \ + --working-dir $ALLOCATOR_PATH --track-output $ALLOCATOR_PATH/track_${instance_name}.yml \ + --inventory-output $ALLOCATOR_PATH/inventory_${instance_name}.yml \ + --ssh-key "$ssh_key_path" \ + --instance-name gha_ansible_${{ matrix.system }}_${instance_name}_${{ github.run_id }} --label-team devops --label-termination-date 1d + + instance_id=$(grep '^identifier' $ALLOCATOR_PATH/track_${instance_name}.yml | awk '{print $2}') + private_ip=$(aws ec2 describe-instances \ + --instance-ids $instance_id \ + --query 'Reservations[*].Instances[*].PrivateIpAddress' \ + --output text) + + sed 's/: */=/g' $ALLOCATOR_PATH/inventory_${instance_name}.yml > $ALLOCATOR_PATH/inventory_mod_${instance_name}.yml + sed -i 's/-o StrictHostKeyChecking=no/\"-o StrictHostKeyChecking=no\"/g' $ALLOCATOR_PATH/inventory_mod_${instance_name}.yml + source $ALLOCATOR_PATH/inventory_mod_${instance_name}.yml + + # Add instance to corresponding group + if [[ $i -eq 0 ]]; then + echo "wi1 ansible_host=$ansible_host private_ip=$private_ip indexer_node_name=node-1 ansible_ssh_user=$ansible_user ansible_ssh_common_args='$ansible_ssh_common_args'" >> $inventory_file + elif [[ $i -eq 1 ]]; then + echo "wi2 ansible_host=$ansible_host private_ip=$private_ip indexer_node_name=node-2 ansible_ssh_user=$ansible_user ansible_ssh_common_args='$ansible_ssh_common_args'" >> $inventory_file + elif [[ $i -eq 2 ]]; then + echo "wi3 ansible_host=$ansible_host private_ip=$private_ip indexer_node_name=node-3 ansible_ssh_user=$ansible_user ansible_ssh_common_args='$ansible_ssh_common_args'" >> $inventory_file + elif [[ $i -eq 3 ]]; then + echo "dashboard ansible_host=$ansible_host private_ip=$private_ip ansible_ssh_user=$ansible_user ansible_ssh_common_args='$ansible_ssh_common_args'" >> $inventory_file + elif [[ $i -eq 4 ]]; then + echo "manager ansible_host=$ansible_host private_ip=$private_ip ansible_ssh_user=$ansible_user ansible_ssh_common_args='$ansible_ssh_common_args'" >> $inventory_file + elif [[ $i -eq 5 ]]; then + echo "worker ansible_host=$ansible_host private_ip=$private_ip ansible_ssh_user=$ansible_user ansible_ssh_common_args='$ansible_ssh_common_args'" >> $inventory_file + fi + ) & + done + + # Wait for all provisioning tasks to complete + wait + + echo "" >> $inventory_file # blank line to separate groups + echo "[wi_cluster]" >> $inventory_file + echo "wi1" >> $inventory_file + echo "wi2" >> $inventory_file + echo "wi3" >> $inventory_file + + echo "" >> $inventory_file + echo "[all:vars]" >> $inventory_file + echo "ansible_port=2200" >> $inventory_file + echo "ansible_ssh_private_key_file=${ssh_key_path}" >> $inventory_file + echo "ansible_ssh_extra_args='-o StrictHostKeyChecking=no'" >> $inventory_file + echo "wazuh_template_branch=${{ needs.setup-runner.outputs.WAZUH_TEMPLATE_BRANCH }}" >> $inventory_file + - name: Save ALLOCATOR_PATH directory as artifact + uses: actions/upload-artifact@v4 + with: + name: allocator-instance-${{ matrix.system }}-${{ github.run_id }} + path: ${{ env.ALLOCATOR_PATH }} + - name: Check out the codebase. + uses: actions/checkout@v4 + - name: Set SSH key permissions + run: chmod 0600 ${{ needs.setup-runner.outputs.PRIVATE_KEY_PATH }} + - name: Ansible Playbook run Wazuh Distributed Production Ready + run: | + ansible-playbook ./.github/playbooks/distributed-wazuh.yml -b -K \ + -i $ALLOCATOR_PATH/inventory_all \ + -l all \ + ${{ needs.setup-runner.outputs.VERBOSITY }} + stop-runner: + name: Terminate instance cluster + needs: + - setup-runner + - start-runner + runs-on: ubuntu-latest + strategy: + fail-fast: false # all jobs will run even if one fails + matrix: + system: ${{ fromJson(needs.setup-runner.outputs.SYSTEMS_JSON) }} + if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v3 + with: + role-to-assume: ${{ secrets.AWS_IAM_ROLE }} + aws-region: us-east-1 + - name: Checkout wazuh/wazuh-automation repository + uses: actions/checkout@v4 + with: + repository: wazuh/wazuh-automation + ref: ${{ inputs.AUTOMATION_REFERENCE }} + token: ${{ secrets.GH_CLONE_TOKEN }} + path: wazuh-automation/ + - name: Install python and create virtual environment + run: | + sudo apt-get update + sudo apt-get install -y python3 python3-venv + python3 -m pip install --upgrade pip + python3 -m venv venv + source venv/bin/activate + - name: Install and set allocator requirements + run: | + pip install -r wazuh-automation/deployability/deps/requirements.txt + - name: Download the allocator artifact + uses: actions/download-artifact@v4 + with: + name: allocator-instance-${{ matrix.system }}-${{ github.run_id }} + path: ${{ env.ALLOCATOR_PATH }} + - name: Delete allocated EC2 instance + run: | + instance_names=($INSTANCE_NAMES) + for i in ${!instance_names[@]}; do + instance_name=${instance_names[$i]} + track_file="$ALLOCATOR_PATH/track_${instance_name}.yml" + echo "Deleting instance: $instance_name using track file $track_file" + ( + + # create instance_dir (in track output file) if it does not exist [to avoid errors] + instance_dir=$(grep '^instance_dir' $track_file | awk '{print $2}') + if [ ! -d "$instance_dir" ]; then + mkdir -p "$instance_dir" + date > "$instance_dir/date.txt" + fi + + # Delete instance + python3 wazuh-automation/deployability/modules/allocation/main.py \ + --action delete --provider aws --track-output $track_file + ) & + done diff --git a/.github/workflows/ubuntu_aio.yml b/.github/workflows/ubuntu_aio.yml deleted file mode 100644 index 05eb37787..000000000 --- a/.github/workflows/ubuntu_aio.yml +++ /dev/null @@ -1,76 +0,0 @@ ---- -name: AIO-Ubuntu-Single-Instance -on: [pull_request, workflow_dispatch, release] -jobs: - start-runner: - name: Start self-hosted EC2 runner - runs-on: ubuntu-latest - outputs: - label: ${{ steps.start-ec2-runner.outputs.label }} - ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }} - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ secrets.AWS_REGION }} - - name: Start EC2 runner - id: start-ec2-runner - uses: machulav/ec2-github-runner@v2 - with: - mode: start - github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} - ec2-image-id: ${{ secrets.UBUNTU2204_AMI_ID }} - ec2-instance-type: t3a.large - subnet-id: ${{ secrets.SUBNET_ID }} - security-group-id: ${{ secrets.SG_ID }} - aws-resource-tags: > # optional, requires additional permissions - [ - {"Key": "Name", "Value": "wazuh-ansible-gh-runner-aio"}, - {"Key": "GitHubRepository", "Value": "${{ github.repository }}"}, - {"Key": "team", "Value": "CICD"}, - {"Key": "termination_date", "Value": "2022-12-31 21:00:00"} - ] - install-aio-single-instance: - name: Installs AIO single instance - needs: start-runner # required to start the main job when the runner is ready - runs-on: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - - name: Hack to get setup-python to work on act. See act issue 251 - run: | - if [ ! -f "/etc/lsb-release" ] ; then - echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release - fi - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - name: Ansible Playbook run Wazuh AIO Single instance - run: ansible-playbook ./.github/playbooks/aio-wazuh.yml - env: - PY_COLORS: '1' - ANSIBLE_FORCE_COLOR: '1' - stop-runner: - name: Stop self-hosted EC2 runner - needs: - - start-runner # required to get output from the start-runner job - - install-aio-single-instance # required to wait when the main job is done - runs-on: ubuntu-latest - if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ secrets.AWS_REGION }} - - name: Stop EC2 runner - uses: machulav/ec2-github-runner@v2 - with: - mode: stop - github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} - label: ${{ needs.start-runner.outputs.label }} - ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }} \ No newline at end of file diff --git a/.github/workflows/ubuntu_wazuh.yml b/.github/workflows/ubuntu_wazuh.yml deleted file mode 100644 index 64db955ef..000000000 --- a/.github/workflows/ubuntu_wazuh.yml +++ /dev/null @@ -1,76 +0,0 @@ ---- -name: Wazuh-Ubuntu-Single-Instance -on: [pull_request, workflow_dispatch, release] -jobs: - start-runner: - name: Start self-hosted EC2 runner - runs-on: ubuntu-latest - outputs: - label: ${{ steps.start-ec2-runner.outputs.label }} - ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }} - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ secrets.AWS_REGION }} - - name: Start EC2 runner - id: start-ec2-runner - uses: machulav/ec2-github-runner@v2 - with: - mode: start - github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} - ec2-image-id: ${{ secrets.UBUNTU2204_AMI_ID }} - ec2-instance-type: t3.small - subnet-id: ${{ secrets.SUBNET_ID }} - security-group-id: ${{ secrets.SG_ID }} - aws-resource-tags: > # optional, requires additional permissions - [ - {"Key": "Name", "Value": "wazuh-ansible-gh-runner-wazuh"}, - {"Key": "GitHubRepository", "Value": "${{ github.repository }}"}, - {"Key": "team", "Value": "CICD"}, - {"Key": "termination_date", "Value": "2022-12-31 21:00:00"} - ] - install-wazuh-single-instance: - name: Installs Wazuh server single instance - needs: start-runner # required to start the main job when the runner is ready - runs-on: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - - name: Hack to get setup-python to work on act. See act issue 251 - run: | - if [ ! -f "/etc/lsb-release" ] ; then - echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release - fi - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - name: Ansible Playbook run Wazuh Single instance - run: ansible-playbook ./.github/playbooks/single-wazuh.yml - env: - PY_COLORS: '1' - ANSIBLE_FORCE_COLOR: '1' - stop-runner: - name: Stop self-hosted EC2 runner - needs: - - start-runner # required to get output from the start-runner job - - install-wazuh-single-instance # required to wait when the main job is done - runs-on: ubuntu-latest - if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ secrets.AWS_REGION }} - - name: Stop EC2 runner - uses: machulav/ec2-github-runner@v2 - with: - mode: stop - github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} - label: ${{ needs.start-runner.outputs.label }} - ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }} \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index e1a20b22d..6b927c900 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file. ### Added - Update to [Wazuh v5.0.0](https://github.com/wazuh/wazuh/blob/v5.0.0/CHANGELOG.md#500) +- Enhance PR check workflows (All-in-one and Distributed) ([#1449](https://github.com/wazuh/wazuh-ansible/pull/1457)) \- (Workflows) ## [v4.10.2] diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml index 4d2327118..479d340d9 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/Debian.yml @@ -1,10 +1,10 @@ --- - name: Update apt-get repo and cache - apt: + apt: update_cache: yes force_apt_get: yes cache_valid_time: 3600 - + - name: Debian/Ubuntu | Install ca-certificates and gnupg apt: name: @@ -30,7 +30,7 @@ set -o pipefail curl -s {{ wazuh_agent_config.repo.gpg }} | apt-key add - args: - warn: false + # warn: false executable: /bin/bash changed_when: false when: diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml index 347d52033..fdbfddeea 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml @@ -18,7 +18,7 @@ set -o pipefail curl -s {{ wazuh_manager_config.repo.gpg }} | apt-key add - args: - warn: false + # warn: false executable: /bin/bash changed_when: false when: diff --git a/roles/wazuh/check-packages/tasks/main.yml b/roles/wazuh/check-packages/tasks/main.yml index bbee623b5..467657dab 100644 --- a/roles/wazuh/check-packages/tasks/main.yml +++ b/roles/wazuh/check-packages/tasks/main.yml @@ -3,7 +3,7 @@ shell: | ./check_packages.sh {{ wazuh_version }} args: - warn: false + # warn: false executable: /bin/bash chdir: "{{ role_path }}/scripts/" delegate_to: localhost