diff --git a/.github/workflows/Test_installation_assistant.yml b/.github/workflows/Test_installation_assistant.yml index 23c9041..2c95bf5 100644 --- a/.github/workflows/Test_installation_assistant.yml +++ b/.github/workflows/Test_installation_assistant.yml @@ -160,7 +160,6 @@ jobs: -e "repository=$REPOSITORY_URL" \ -e "reference=${{ github.ref_name }}" \ -e "tmp_path=$TMP_PATH" \ - -e "pkg_repository=$PKG_REPOSITORY" \ -e "install_deps=$INSTALL_DEPS" \ -e "install_python=$INSTALL_PYTHON" \ -e "install_pip_deps=$INSTALL_PIP_DEPS" \ @@ -174,6 +173,7 @@ jobs: -e "tmp_path=$TMP_PATH" \ -e "logs_path=$LOGS_PATH" \ -e "test_name=$TEST_NAME" \ + -e "pkg_repository=$PKG_REPOSITORY" \ "${{ inputs.VERBOSITY }}" - name: Execute Python test playbook diff --git a/.github/workflows/Test_installation_assistant_distributed.yml b/.github/workflows/Test_installation_assistant_distributed.yml index 9170169..f18a749 100644 --- a/.github/workflows/Test_installation_assistant_distributed.yml +++ b/.github/workflows/Test_installation_assistant_distributed.yml @@ -214,7 +214,6 @@ jobs: -e "repository=$REPOSITORY_URL" \ -e "reference=${{ github.ref_name }}" \ -e "tmp_path=$TMP_PATH" \ - -e "pkg_repository=$PKG_REPOSITORY" \ -e "install_deps=$INSTALL_DEPS" \ -e "install_python=$INSTALL_PYTHON" \ -e "install_pip_deps=$INSTALL_PIP_DEPS" \ @@ -225,7 +224,6 @@ jobs: ANSIBLE_STDOUT_CALLBACK=$ANSIBLE_CALLBACK ansible-playbook .github/workflows/ansible-playbooks/distributed_generate_certificates.yml \ -i $ALLOCATOR_PATH/inventory \ -e "resources_path=$RESOURCES_PATH" \ - -e "pkg_repository=$PKG_REPOSITORY" \ "${{ inputs.VERBOSITY }}" - name: Copy certificates to nodes @@ -243,6 +241,7 @@ jobs: -i $ALLOCATOR_PATH/inventory \ -l indexers \ -e "tmp_path=$TMP_PATH" \ + -e "pkg_repository=$PKG_REPOSITORY" \ "${{ inputs.VERBOSITY }}" - name: Execute indexer cluster start playbook @@ -252,6 +251,7 @@ jobs: -i $ALLOCATOR_PATH/inventory \ -l indexers \ -e "tmp_path=$TMP_PATH" \ + -e "pkg_repository=$PKG_REPOSITORY" \ "${{ inputs.VERBOSITY }}" - name: Execute server installation playbook @@ -260,6 +260,7 @@ jobs: -i $ALLOCATOR_PATH/inventory \ -l managers \ -e "tmp_path=$TMP_PATH" \ + -e "pkg_repository=$PKG_REPOSITORY" \ "${{ inputs.VERBOSITY }}" - name: Execute dashboard installation playbook @@ -268,6 +269,7 @@ jobs: -i $ALLOCATOR_PATH/inventory \ -l dashboards \ -e "tmp_path=$TMP_PATH" \ + -e "pkg_repository=$PKG_REPOSITORY" \ "${{ inputs.VERBOSITY }}" - name: Execute Python test playbook diff --git a/.github/workflows/ansible-playbooks/aio.yml b/.github/workflows/ansible-playbooks/aio.yml index 1ab2b12..4acd184 100644 --- a/.github/workflows/ansible-playbooks/aio.yml +++ b/.github/workflows/ansible-playbooks/aio.yml @@ -4,11 +4,12 @@ vars: script_path: "{{ tmp_path }}" + pkg_repository: "{{ pkg_repository }}" script_name: "wazuh-install.sh" tasks: - name: Test assistant AIO install - command: "bash {{ script_name }} -a -v" + command: "bash {{ script_name }} -a -v -d {{ pkg_repository }}" args: chdir: "{{ script_path }}" register: install_results diff --git a/.github/workflows/ansible-playbooks/distributed_generate_certificates.yml b/.github/workflows/ansible-playbooks/distributed_generate_certificates.yml index 0bfeb88..6c97240 100644 --- a/.github/workflows/ansible-playbooks/distributed_generate_certificates.yml +++ b/.github/workflows/ansible-playbooks/distributed_generate_certificates.yml @@ -4,7 +4,6 @@ vars: resources_path: "{{ resources_path }}" - pkg_repository: "{{ pkg_repository }}" tasks: - name: Create certificates @@ -17,7 +16,7 @@ force: yes - name: Creating wazuh-install.sh script - shell: "bash {{ resources_path }}/builder.sh -i -d {{ pkg_repository }}" + shell: "bash {{ resources_path }}/builder.sh -i" - name: Creating Certificates shell: "bash {{ resources_path }}/wazuh-install.sh -g -v" diff --git a/.github/workflows/ansible-playbooks/distributed_install_dashboard.yml b/.github/workflows/ansible-playbooks/distributed_install_dashboard.yml index 539bad4..fb04278 100644 --- a/.github/workflows/ansible-playbooks/distributed_install_dashboard.yml +++ b/.github/workflows/ansible-playbooks/distributed_install_dashboard.yml @@ -5,10 +5,11 @@ vars: tmp_path: "{{ tmp_path }}" + pkg_repository: "{{ pkg_repository }}" tasks: - name: Install Wazuh dashboard - command: "bash wazuh-install.sh -wd {{ inventory_hostname }} -v" + command: "bash wazuh-install.sh -wd {{ inventory_hostname }} -v -d {{ pkg_repository }}" args: chdir: "{{ tmp_path }}" register: dashboard diff --git a/.github/workflows/ansible-playbooks/distributed_install_indexer.yml b/.github/workflows/ansible-playbooks/distributed_install_indexer.yml index 57d385e..c5736da 100644 --- a/.github/workflows/ansible-playbooks/distributed_install_indexer.yml +++ b/.github/workflows/ansible-playbooks/distributed_install_indexer.yml @@ -5,9 +5,10 @@ vars: tmp_path: "{{ tmp_path }}" + pkg_repository: "{{ pkg_repository }}" tasks: - name: Install Wazuh indexer - command: "bash {{ tmp_path }}/wazuh-install.sh -wi {{ inventory_hostname }} -v" + command: "bash {{ tmp_path }}/wazuh-install.sh -wi {{ inventory_hostname }} -v -d {{ pkg_repository }}" register: indexer diff --git a/.github/workflows/ansible-playbooks/distributed_install_wazuh.yml b/.github/workflows/ansible-playbooks/distributed_install_wazuh.yml index a128a19..ac5cfe1 100644 --- a/.github/workflows/ansible-playbooks/distributed_install_wazuh.yml +++ b/.github/workflows/ansible-playbooks/distributed_install_wazuh.yml @@ -6,11 +6,12 @@ vars: tmp_path: "{{ tmp_path }}" master_ip: "{{ hostvars[groups['managers'] | select('match', 'master') | first]['private_ip'] }}" + pkg_repository: "{{ pkg_repository }}" check_port: 55000 tasks: - name: Install Wazuh server on master - command: "bash {{ tmp_path }}/wazuh-install.sh -ws {{ inventory_hostname }} -v" + command: "bash {{ tmp_path }}/wazuh-install.sh -ws {{ inventory_hostname }} -v -d {{ pkg_repository }}" register: wazuh when: hostvars[inventory_hostname].manager_type == 'master' @@ -27,7 +28,7 @@ poll: 5 - name: Install Wazuh server (Workers) - command: "bash {{ tmp_path }}/wazuh-install.sh -ws {{ inventory_hostname }} -v" + command: "bash {{ tmp_path }}/wazuh-install.sh -ws {{ inventory_hostname }} -v -d {{ pkg_repository }}" register: wazuh when: hostvars[inventory_hostname].manager_type == 'worker' diff --git a/.github/workflows/ansible-playbooks/distributed_start_indexer_cluster.yml b/.github/workflows/ansible-playbooks/distributed_start_indexer_cluster.yml index 37d8cbb..663a0a2 100644 --- a/.github/workflows/ansible-playbooks/distributed_start_indexer_cluster.yml +++ b/.github/workflows/ansible-playbooks/distributed_start_indexer_cluster.yml @@ -5,12 +5,13 @@ vars: tmp_path: "{{ tmp_path }}" + pkg_repository: "{{ pkg_repository }}" tasks: - name: Start Wazuh indexer cluster in just one node block: - name: Start Wazuh indexer cluster - command: "bash {{ tmp_path }}/wazuh-install.sh -s -v" + command: "bash {{ tmp_path }}/wazuh-install.sh -s -v -d {{ pkg_repository }}" register: cluster when: inventory_hostname == ansible_play_hosts[0] diff --git a/.github/workflows/ansible-playbooks/provision.yml b/.github/workflows/ansible-playbooks/provision.yml index 63ef0da..4f30d8e 100644 --- a/.github/workflows/ansible-playbooks/provision.yml +++ b/.github/workflows/ansible-playbooks/provision.yml @@ -170,9 +170,5 @@ force: true - name: Generate Installation assistant - command: "bash {{ tmp_path }}/builder.sh -i -d" + command: "bash {{ tmp_path }}/builder.sh -i" - - name: Change pre-release repository to selected one - command: "sed -i 's|pre-release|{{ pkg_repository }}|g' {{ script_name }}" - args: - chdir: "{{ script_path }}" diff --git a/.github/workflows/offline-installation.yml b/.github/workflows/offline-installation.yml index 1d31ec4..ec8b986 100644 --- a/.github/workflows/offline-installation.yml +++ b/.github/workflows/offline-installation.yml @@ -20,7 +20,7 @@ jobs: - uses: actions/checkout@v4 - name: Build wazuh-install script and use staging packages - run: bash builder.sh -i -d staging + run: bash builder.sh -i - uses: actions/upload-artifact@v3 with: diff --git a/builder.sh b/builder.sh index c07aec0..6b551bd 100755 --- a/builder.sh +++ b/builder.sh @@ -34,9 +34,6 @@ function getHelp() { echo -e " -c, --cert-tool" echo -e " Builds the certificate creation tool wazuh-cert-tool.sh" echo -e "" - echo -e " -d [pre-release|staging], --development" - echo -e " Use development repositories. By default it uses the pre-release package repository. If staging is specified, it will use that repository." - echo -e "" echo -e " -p, --password-tool" echo -e " Builds the password creation and modification tool wazuh-password-tool.sh" echo -e "" @@ -65,29 +62,6 @@ function buildInstaller() { # Foundation." >> "${output_script_path}" echo >> "${output_script_path}" - ## Installation variables - if [ -n "${development}" ]; then - echo 'readonly development=1' >> "${output_script_path}" - echo 'readonly repogpg="https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH"' >> "${output_script_path}" - echo 'readonly repobaseurl="https://packages-dev.wazuh.com/'${devrepo}'"' >> "${output_script_path}" - echo 'readonly reporelease="unstable"' >> "${output_script_path}" - echo 'readonly filebeat_wazuh_module="${repobaseurl}/filebeat/wazuh-filebeat-0.4.tar.gz"' >> "${output_script_path}" - echo 'readonly bucket="packages-dev.wazuh.com"' >> "${output_script_path}" - echo 'readonly repository="'"${devrepo}"'"' >> "${output_script_path}" - if [[ ! $(grep -E "source_branch=" "${resources_installer}/installVariables.sh" | sed -E 's/.*source_branch="([^"]+)"/\1/') =~ "-" ]]; then - sed -i 's|v${wazuh_version}|${wazuh_version}|g' "${resources_installer}/installVariables.sh" - pre_release_tag=1 - fi - else - echo 'readonly repogpg="https://packages.wazuh.com/key/GPG-KEY-WAZUH"' >> "${output_script_path}" - echo 'readonly repobaseurl="https://packages.wazuh.com/4.x"' >> "${output_script_path}" - echo 'readonly reporelease="stable"' >> "${output_script_path}" - echo 'readonly filebeat_wazuh_module="${repobaseurl}/filebeat/wazuh-filebeat-0.4.tar.gz"' >> "${output_script_path}" - echo 'readonly bucket="packages.wazuh.com"' >> "${output_script_path}" - echo 'readonly repository="4.x"' >> "${output_script_path}" - fi - echo >> "${output_script_path}" - checkFilebeatURL grep -Ev '^#|^\s*$' ${resources_common}/commonVariables.sh >> "${output_script_path}" grep -Ev '^#|^\s*$' ${resources_installer}/installVariables.sh >> "${output_script_path}" echo >> "${output_script_path}" @@ -235,19 +209,6 @@ function builder_main() { certTool=1 shift 1 ;; - "-d"|"--development") - development=1 - if [ -n "${2}" ] && [ "${2}" = "staging" ]; then - devrepo="staging" - shift 2 - elif [ -n "${2}" ] && [ "${2}" = "pre-release" ]; then - devrepo="pre-release" - shift 2 - else - devrepo="pre-release" - shift 1 - fi - ;; "-p"|"--password-tool") passwordsTool=1 shift 1 @@ -264,12 +225,6 @@ function builder_main() { if [ -n "${installer}" ]; then buildInstaller chmod 500 ${output_script_path} - if [ -n "${change_filebeat_url}" ]; then - sed -i -E "s|(https.+)master(.+wazuh-template.json)|\1\\$\\{source_branch\\}\2|" "${resources_installer}/installVariables.sh" - fi - if [[ -n "${development}" && -n "${pre_release_tag}" ]]; then - sed -i 's|${wazuh_version}|v${wazuh_version}|g' "${resources_installer}/installVariables.sh" - fi fi if [ -n "${passwordsTool}" ]; then @@ -305,30 +260,4 @@ function checkDistDetectURL() { } -function checkFilebeatURL() { - - # Import variables - eval "$(grep -E "wazuh_version=" "${resources_installer}/installVariables.sh")" - eval "$(grep -E "source_branch=" "${resources_installer}/installVariables.sh" | sed 's/source_branch=/install_variables_source_branch=/')" - eval "$(grep -E "filebeat_wazuh_template=" "${resources_installer}/installVariables.sh" | sed "s/\${source_branch}/$install_variables_source_branch/")" - - new_filebeat_url="https://raw.githubusercontent.com/wazuh/wazuh/master/extensions/elasticsearch/7.x/wazuh-template.json" - - # Get the response of the URL and check it - response=$(curl -I --write-out '%{http_code}' --silent --output /dev/null $filebeat_wazuh_template) - if [ "${response}" != "200" ]; then - response=$(curl -I --write-out '%{http_code}' --silent --output /dev/null $new_filebeat_url) - - # Display error if both URLs do not get the resource - if [ "${response}" != "200" ]; then - echo -e "Error: Could not get the Filebeat Wazuh template. " - # If matches, replace the variable of installVariables to the new one - else - echo -e "Changing Filebeat URL..." - sed -i -E "s|filebeat_wazuh_template=.*|filebeat_wazuh_template=\"${new_filebeat_url}\"|g" "${resources_installer}/installVariables.sh" - change_filebeat_url=1 - fi - fi -} - builder_main "$@" diff --git a/install_functions/checks.sh b/install_functions/checks.sh index 0d42d2a..fb003a2 100644 --- a/install_functions/checks.sh +++ b/install_functions/checks.sh @@ -19,6 +19,15 @@ function checks_arch() { function checks_arguments() { + # -------------- Repository selection --------------------- + + if [ -n "${development}" ]; then + if [ -z "${AIO}" ] && [ -z "${dashboard}" ] && [ -z "${indexer}" ] && [ -z "${wazuh}" ] && [ -z "${start_indexer_cluster}" ] && [ -z "${download}" ]; then + common_logger -e "The -d|--development option must be used with -a, -ws, -s, -wi, -wd or -dw." + exit 1 + fi + fi + # -------------- Port option validation --------------------- if [ -n "${port_specified}" ]; then @@ -444,6 +453,30 @@ function checks_available_port() { fi } +function checks_filebeatURL() { + # URL uses branch when the source_branch is not a stage branch + if [[ ! "${source_branch}" =~ "-" ]]; then + source_branch="${source_branch#v}" + filebeat_wazuh_template="https://raw.githubusercontent.com/wazuh/wazuh/${source_branch}/extensions/elasticsearch/7.x/wazuh-template.json" + fi + + # URL using master branch + new_filebeat_url="${filebeat_wazuh_template/${source_branch}/master}" + + response=$(curl -I --write-out '%{http_code}' --silent --output /dev/null $filebeat_wazuh_template) + if [ "${response}" != "200" ]; then + response=$(curl -I --write-out '%{http_code}' --silent --output /dev/null $new_filebeat_url) + + # Display error if both URLs do not get the resource + if [ "${response}" != "200" ]; then + common_logger -e "Error: Could not get the Filebeat Wazuh template." + else + common_logger "Using Filebeat template from master branch." + filebeat_wazuh_template="${new_filebeat_url}" + fi + fi +} + function checks_firewall(){ ports_list=("$@") f_ports="" diff --git a/install_functions/installMain.sh b/install_functions/installMain.sh index cfcb092..bc5a8a8 100755 --- a/install_functions/installMain.sh +++ b/install_functions/installMain.sh @@ -22,6 +22,9 @@ function getHelp() { echo -e " -c, --config-file " echo -e " Path to the configuration file used to generate wazuh-install-files.tar file containing the files that will be needed for installation. By default, the Wazuh installation assistant will search for a file named config.yml in the same path as the script." echo -e "" + echo -e " -d [pre-release|staging], --development" + echo -e " Use development repositories. By default it uses the pre-release package repository. If staging is specified, it will use that repository." + echo -e "" echo -e " -dw, --download-wazuh " echo -e " Download all the packages necessary for offline installation. Type of packages to download for offline installation (rpm, deb)" echo -e "" @@ -98,6 +101,29 @@ function main() { config_file="${2}" shift 2 ;; + "-d"|"--development") + development=1 + if [ -n "${2}" ] && [[ ! "${2}" =~ ^- ]]; then + if [ "${2}" = "pre-release" ] || [ "${2}" = "staging" ]; then + devrepo="${2}" + else + common_logger -e "Error: Invalid value '${2}' after -d|--development. Accepted values are 'pre-release' or 'staging'." + getHelp + exit 1 + fi + shift 2 + else + devrepo="pre-release" + shift 1 + fi + repogpg="https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH" + repobaseurl="https://packages-dev.wazuh.com/${devrepo}" + reporelease="unstable" + filebeat_wazuh_module="${repobaseurl}/filebeat/wazuh-filebeat-0.4.tar.gz" + bucket="packages-dev.wazuh.com" + repository="${devrepo}" + ;; + "-fd"|"--force-install-dashboard") force=1 shift 1 @@ -236,6 +262,9 @@ function main() { common_checkInstalled checks_arguments + if [ -n "${development}" ]; then + checks_filebeatURL + fi if [ -n "${uninstall}" ]; then installCommon_rollBack exit 0 diff --git a/install_functions/installVariables.sh b/install_functions/installVariables.sh index 19626c1..2427ca4 100644 --- a/install_functions/installVariables.sh +++ b/install_functions/installVariables.sh @@ -11,7 +11,14 @@ readonly wazuh_major="4.10" readonly wazuh_version="4.10.0" readonly filebeat_version="7.10.2" readonly wazuh_install_vesion="0.1" -readonly source_branch="v${wazuh_version}" +source_branch="v${wazuh_version}" + +repogpg="https://packages.wazuh.com/key/GPG-KEY-WAZUH" +repobaseurl="https://packages.wazuh.com/4.x" +reporelease="stable" +filebeat_wazuh_module="${repobaseurl}/filebeat/wazuh-filebeat-0.4.tar.gz" +bucket="packages.wazuh.com" +repository="4.x" ## Links and paths to resources readonly resources="https://${bucket}/${wazuh_major}"