diff --git a/.github/workflows/README.md b/.github/workflows/README.md new file mode 100644 index 0000000..9381003 --- /dev/null +++ b/.github/workflows/README.md @@ -0,0 +1,60 @@ +# Installation assistant workflows + +This repository includes several GitHub Actions workflows. These workflows are designed to automate the testing process for the installation of the Wazuh Installation Assistant in various environments and to build the different tools and scripts. + +## Workflows Overview + +1. `Test_installation_assistant`. +This workflow tests the installation of the Wazuh Installation Assistant in a single-node setup. It triggers on pull requests that modify specific directories or files, and can also be manually dispatched. + +2. `Test_installation_assistant_distributed`. +This workflow is an extension of the Test_installation_assistant workflow, intended for distributed environments. It provisions three instances and simulates a distributed Wazuh deployment across multiple nodes (indexers, managers, and dashboards). + +## Triggering the Workflows +### Automatic Trigger +The workflows tests are triggered automatically when a pull request (PR) is created or updated, affecting the following paths: + +- `cert_tool/` +- `common_functions/` +- `config/` +- `install_functions/` +- `passwords_tool/` +- `tests/` + +### Manual Trigger +The test workflows can be triggered manually via the GitHub interface under the "Actions" tab, using the workflow_dispatch event. When triggered manually, several input parameters are required: + +- **REPOSITORY**: Defines the repository environment (e.g., staging, pre-release). +- **AUTOMATION_REFERENCE**: The branch or tag of the `wazuh-automation` repository, used to clone the Allocation module. +- **SYSTEMS**: A comma-separated list of operating systems to be tested, enclosed in square brackets (e.g., `["CentOS_8", "AmazonLinux_2", "Ubuntu_22", "RHEL8"]`). The available options are: `CentOS_7`, `CentOS_8`, `AmazonLinux_2`, `Ubuntu_16`, `Ubuntu_18`, `Ubuntu_20`, `Ubuntu_22`, `RHEL7`, `RHEL8`. +- **VERBOSITY**: The verbosity level for Ansible playbook execution, with options `-v`, `-vv`, `-vvv`, and `-vvvv`. +- **DESTROY**: Boolean value (true or false) indicating whether to destroy the instances after testing. + +## Workflow Structure +### Jobs + +The tests workflows follow a similar structure with the following key jobs: + +1. **Checkout Code**: The workflow fetches the latest code from the wazuh-automation and wazuh-installation-assistant repositories. + +2. **Set Up Environment**: The operating system is configured based on the selected OS in the SYSTEMS input. The corresponding OS name is stored in the environment variable COMPOSITE_NAME. + +3. **Install Ansible**: Ansible is installed for managing the provisioning of instances and running the necessary playbooks. + +4. **Provisioning Instances**: The distributed workflow allocates AWS instances using the wazuh-automation repository’s allocation module. It provisions indexers, managers, and dashboards across the instances. The instance inventory is dynamically created and used for later playbook executions. + +5. **Ansible Playbooks Execution**: Provision playbooks are executed to prepare the environments for Wazuh components. + +6. **Test Execution**: A Python-based testing framework is executed to verify the successful installation and functionality of the Wazuh components on the allocated instances. + +7. **Destroy Instances (Optional)**: If the `DESTROY` parameter is set to true, the allocated AWS instances are terminated after the tests. If set to false, the instances and their details are saved as artifacts for later analysis. + +### Artifacts +If instances are not destroyed, the workflow compresses the allocated instances' directory and uploads it as an artifact. Also, the artifacts are compressed with a password. Ask @devel-devops teams for this password. An artifact is uploaded per OS selected. +## Notes +- Instance allocation: The `Test_installation_assistant_distributed` workflow provisions three instances by default. The roles are distributed as follows: + - `indexer1`, `indexer2`, `indexer3`: Indexers in the Wazuh cluster. + - `master`, `worker1`, `worker2`: Wazuh managers, where `master` is the main manager, and `worker1` and `worker2` are worker nodes. + - `dashboard`: Wazuh dashboard. + +- Customization: These workflows allow for customization through the various input parameters, making it easy to test different operating systems, verbosity levels, or different versions of the repositories. \ No newline at end of file diff --git a/.github/workflows/Test_installation_assistant.yml b/.github/workflows/Test_installation_assistant.yml index cdc2249..81e5178 100644 --- a/.github/workflows/Test_installation_assistant.yml +++ b/.github/workflows/Test_installation_assistant.yml @@ -1,4 +1,4 @@ -run-name: Test installation assistant - System ${{ inputs.SYSTEM }} - Launched by @${{ github.actor }} +run-name: Test installation assistant - ${{ github.run_id }} - ${{ inputs.SYSTEMS }} - Launched by @${{ github.actor }} name: Test installation assistant on: @@ -20,30 +20,29 @@ on: options: - staging - pre-release + WAZUH_INSTALLATION_ASSISTANT_REFERENCE: + description: 'Branch or tag of the wazuh-installation-assistant repository' + required: true + default: 'main' AUTOMATION_REFERENCE: - description: 'wazuh-automation reference' + description: 'Branch or tag of the wazuh-automation repository' + required: true + default: 'master' + SYSTEMS: + description: 'Operating Systems (list of comma-separated quoted strings enclosed in square brackets)' required: true - default: 'v5.0.0' - SYSTEM: - description: 'Operating System' + default: '["CentOS_8", "AmazonLinux_2", "Ubuntu_22", "RHEL8"]' + type: string + VERBOSITY: + description: 'Verbosity level on playbooks execution' required: true - default: 'CentOS 8' + default: '-v' type: choice options: - - CentOS 7 - - CentOS 8 - - Amazon Linux 2 - - Ubuntu 16 - - Ubuntu 18 - - Ubuntu 20 - - Ubuntu 22 - - RHEL7 - - RHEL8 - DEBUG: - description: 'Debug mode' - required: true - default: false - type: boolean + - -v + - -vv + - -vvv + - -vvvv DESTROY: description: 'Destroy instances after run' required: true @@ -51,12 +50,163 @@ on: type: boolean env: - LABEL: ubuntu-latest + COMPOSITE_NAME: "linux-SUBNAME-amd64" + SESSION_NAME: "Installation-Assistant-Test" + REGION: "us-east-1" + TMP_PATH: "/tmp/test" + LOGS_PATH: "${{ github.workspace }}/assistant_logs" + PKG_REPOSITORY: "${{ inputs.REPOSITORY }}" + TEST_NAME: "test_assistant" + REPOSITORY_URL: "${{ github.server_url }}/${{ github.repository }}.git" + ALLOCATOR_PATH: "/tmp/allocator_instance" + +permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout jobs: - initialize-environment: - runs-on: $LABEL + run-test: + runs-on: ubuntu-22.04 + strategy: + fail-fast: false # If a job fails, the rest of jobs will not be canceled + matrix: + system: ${{ fromJson(inputs.SYSTEMS) }} steps: - - name: Set up Git - uses: actions/checkout@v3 + - name: Checkout code + uses: actions/checkout@v4 + with: + ref: ${{ inputs.WAZUH_INSTALLATION_ASSISTANT_REFERENCE }} + + - name: View parameters + run: echo "${{ toJson(inputs) }}" + + - name: Set COMPOSITE_NAME variable + run: | + case "${{ matrix.system }}" in + "CentOS_7") + SUBNAME="centos-7" + ;; + "CentOS_8") + SUBNAME="centos-8" + ;; + "AmazonLinux_2") + SUBNAME="amazon-2" + ;; + "Ubuntu_16") + SUBNAME="ubuntu-16.04" + ;; + "Ubuntu_18") + SUBNAME="ubuntu-18.04" + ;; + "Ubuntu_20") + SUBNAME="ubuntu-20.04" + ;; + "Ubuntu_22") + SUBNAME="ubuntu-22.04" + ;; + "RHEL7") + SUBNAME="redhat-7" + ;; + "RHEL8") + SUBNAME="redhat-8" + ;; + *) + echo "Invalid SYSTEM selection" >&2 + exit 1 + ;; + esac + COMPOSITE_NAME="${COMPOSITE_NAME/SUBNAME/$SUBNAME}" + echo "COMPOSITE_NAME=$COMPOSITE_NAME" >> $GITHUB_ENV + + - name: Install Ansible + run: sudo apt-get update && sudo apt install -y python3 && python3 -m pip install --user ansible-core==2.16 + + - name: Set up AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_IAM_ROLE }} + role-session-name: ${{ env.SESSION_NAME }} + aws-region: ${{ env.REGION }} + + - name: Checkout wazuh/wazuh-automation repository + uses: actions/checkout@v4 + with: + repository: wazuh/wazuh-automation + ref: ${{ inputs.AUTOMATION_REFERENCE }} + token: ${{ secrets.GH_CLONE_TOKEN }} + path: wazuh-automation + + - name: Install and set allocator requirements + run: pip3 install -r wazuh-automation/deployability/deps/requirements.txt + + - name: Allocate instance test and set SSH variables + id: allocator_instance + run: | + python3 wazuh-automation/deployability/modules/allocation/main.py --action create --provider aws --size large --composite-name ${{ env.COMPOSITE_NAME }} --working-dir $ALLOCATOR_PATH \ + --track-output $ALLOCATOR_PATH/track.yml --inventory-output $ALLOCATOR_PATH/inventory.yml --instance-name gha_${{ github.run_id }}_assistant_test \ + --label-team devops --label-termination-date 1d + + sed 's/: */=/g' $ALLOCATOR_PATH/inventory.yml > $ALLOCATOR_PATH/inventory_mod.yml + sed -i 's/-o StrictHostKeyChecking=no/\"-o StrictHostKeyChecking=no\"/g' $ALLOCATOR_PATH/inventory_mod.yml + source $ALLOCATOR_PATH/inventory_mod.yml + + echo "[gha_instance]" > $ALLOCATOR_PATH/inventory + echo "$ansible_host ansible_port=$ansible_port ansible_user=$ansible_user ansible_ssh_private_key_file=$ansible_ssh_private_key_file ansible_ssh_common_args='$ansible_ssh_common_args'" >> $ALLOCATOR_PATH/inventory + + - name: Execute provision playbook + run: | + INSTALL_DEPS=true + INSTALL_PYTHON=true + INSTALL_PIP_DEPS=true + + ansible-playbook .github/workflows/ansible-playbooks/provision.yml \ + -i $ALLOCATOR_PATH/inventory \ + -l all \ + -e "repository=$REPOSITORY_URL" \ + -e "reference=${{ github.ref_name }}" \ + -e "tmp_path=$TMP_PATH" \ + -e "install_deps=$INSTALL_DEPS" \ + -e "install_python=$INSTALL_PYTHON" \ + -e "install_pip_deps=$INSTALL_PIP_DEPS" \ + "${{ inputs.VERBOSITY }}" + + - name: Execute AIO installation playbook + run: | + ansible-playbook .github/workflows/ansible-playbooks/aio.yml \ + -i $ALLOCATOR_PATH/inventory \ + -l all \ + -e "tmp_path=$TMP_PATH" \ + -e "logs_path=$LOGS_PATH" \ + -e "test_name=$TEST_NAME" \ + -e "pkg_repository=$PKG_REPOSITORY" \ + "${{ inputs.VERBOSITY }}" + + - name: Execute Python test playbook + run: | + TEST_NAME="test_installation_assistant" + ansible-playbook .github/workflows/ansible-playbooks/aio_tests.yml \ + -i $ALLOCATOR_PATH/inventory \ + -l all \ + -e "tmp_path=$TMP_PATH" \ + -e "logs_path=$LOGS_PATH" \ + -e "test_name=$TEST_NAME" \ + "${{ inputs.VERBOSITY }}" + + - name: Compress Allocator VM directory + id: compress_allocator_files + if: always() && steps.allocator_instance.outcome == 'success' && inputs.DESTROY == false + run: | + zip -P "${{ secrets.ZIP_ARTIFACTS_PASSWORD }}" -r $ALLOCATOR_PATH.zip $ALLOCATOR_PATH + + - name: Upload Allocator VM directory as artifact + if: always() && steps.compress_allocator_files.outcome == 'success' && inputs.DESTROY == false + uses: actions/upload-artifact@v4 + with: + name: allocator-instance-${{ matrix.system }} + path: ${{ env.ALLOCATOR_PATH }}.zip + + - name: Delete allocated VM + if: always() && steps.allocator_instance.outcome == 'success' && inputs.DESTROY == true + run: python3 wazuh-automation/deployability/modules/allocation/main.py --action delete --track-output $ALLOCATOR_PATH/track.yml + diff --git a/.github/workflows/Test_installation_assistant_distributed.yml b/.github/workflows/Test_installation_assistant_distributed.yml index 9a4e809..9dd4e2b 100644 --- a/.github/workflows/Test_installation_assistant_distributed.yml +++ b/.github/workflows/Test_installation_assistant_distributed.yml @@ -1,4 +1,4 @@ -run-name: (Distributed) Test installation assistant - Launched by @${{ github.actor }} +run-name: (Distributed) Test installation assistant - ${{ github.run_id }} - ${{ inputs.SYSTEMS }} - Launched by @${{ github.actor }} name: (Distributed) Test installation assistant on: @@ -20,15 +20,29 @@ on: options: - staging - pre-release + WAZUH_INSTALLATION_ASSISTANT_REFERENCE: + description: 'Branch or tag of the wazuh-installation-assistant repository' + required: true + default: 'main' AUTOMATION_REFERENCE: - description: 'wazuh-automation reference' + description: 'Branch or tag of the wazuh-automation repository' required: true - default: 'v5.0.0' - DEBUG: - description: 'Debug mode' + default: 'master' + SYSTEMS: + description: 'Operating Systems (list of comma-separated quoted strings enclosed in square brackets)' required: true - default: false - type: boolean + default: '["CentOS_8", "AmazonLinux_2","Ubuntu_22", "RHEL8"]' + type: string + VERBOSITY: + description: 'Verbosity level on playbooks execution' + required: true + default: '-v' + type: choice + options: + - -v + - -vv + - -vvv + - -vvvv DESTROY: description: 'Destroy instances after run' required: true @@ -36,12 +50,274 @@ on: type: boolean env: - LABEL: ubuntu-latest + COMPOSITE_NAME: "linux-SUBNAME-amd64" + SESSION_NAME: "Installation-Assistant-Test" + REGION: "us-east-1" + TMP_PATH: "/tmp/test" + ANSIBLE_CALLBACK: "yaml" + RESOURCES_PATH: "${{ github.workspace }}" + PKG_REPOSITORY: "${{ inputs.REPOSITORY }}" + TEST_NAME: "test_installation_assistant" + REPOSITORY_URL: "${{ github.server_url }}/${{ github.repository }}.git" + ALLOCATOR_PATH: "/tmp/allocator_instance" + INSTANCE_NAMES: "instance_1 instance_2 instance_3" + +permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout jobs: - initialize-environment: - runs-on: $LABEL + run-test: + runs-on: ubuntu-22.04 + strategy: + fail-fast: false # If a job fails, the rest of jobs will not be canceled + matrix: + system: ${{ github.event_name == 'pull_request' && '["Ubuntu_22"]' || fromJson(inputs.SYSTEMS) }} # If the worklflow is executed by a PR, set the OSs steps: - - name: Set up Git - uses: actions/checkout@v3 + - name: Checkout code + uses: actions/checkout@v4 + with: + ref: ${{ inputs.WAZUH_INSTALLATION_ASSISTANT_REFERENCE }} + + - name: View parameters + run: echo "${{ toJson(inputs) }}" + + - name: Set COMPOSITE_NAME variable + run: | + case "${{ matrix.system }}" in + "CentOS_7") + SUBNAME="centos-7" + ;; + "CentOS_8") + SUBNAME="centos-8" + ;; + "AmazonLinux_2") + SUBNAME="amazon-2" + ;; + "Ubuntu_16") + SUBNAME="ubuntu-16.04" + ;; + "Ubuntu_18") + SUBNAME="ubuntu-18.04" + ;; + "Ubuntu_20") + SUBNAME="ubuntu-20.04" + ;; + "Ubuntu_22") + SUBNAME="ubuntu-22.04" + ;; + "RHEL7") + SUBNAME="redhat-7" + ;; + "RHEL8") + SUBNAME="redhat-8" + ;; + *) + echo "Invalid SYSTEM selection" >&2 + exit 1 + ;; + esac + COMPOSITE_NAME="${COMPOSITE_NAME/SUBNAME/$SUBNAME}" + echo "COMPOSITE_NAME=$COMPOSITE_NAME" >> $GITHUB_ENV + + - name: Install Ansible + run: sudo apt-get update && sudo apt install -y python3 && python3 -m pip install --user ansible-core==2.16 && pip install pyyaml && ansible-galaxy collection install community.general + + - name: Set up AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_IAM_ROLE }} + role-session-name: ${{ env.SESSION_NAME }} + aws-region: ${{ env.REGION }} + + - name: Checkout wazuh/wazuh-automation repository + uses: actions/checkout@v4 + with: + repository: wazuh/wazuh-automation + ref: ${{ inputs.AUTOMATION_REFERENCE }} + token: ${{ secrets.GH_CLONE_TOKEN }} + path: wazuh-automation + + - name: Install and set allocator requirements + run: pip3 install -r wazuh-automation/deployability/deps/requirements.txt + + - name: Allocate instances and create inventory + id: allocator_instance + run: | + instance_names=($INSTANCE_NAMES) + inventory_file="$ALLOCATOR_PATH/inventory" + inventory_indexers="$ALLOCATOR_PATH/inventory_indexers" + inventory_managers="$ALLOCATOR_PATH/inventory_managers" + inventory_dashboards="$ALLOCATOR_PATH/inventory_dashboards" + inventory_common="$ALLOCATOR_PATH/inventory_common" + inventory_file="$ALLOCATOR_PATH/inventory" + + mkdir -p $ALLOCATOR_PATH + echo "[indexers]" > $inventory_indexers + echo "[managers]" > $inventory_managers + echo "[dashboards]" > $inventory_dashboards + echo "[all:vars]" > $inventory_common + + for i in ${!instance_names[@]}; do + instance_name=${instance_names[$i]} + # Provision instance in parallel + ( + python3 wazuh-automation/deployability/modules/allocation/main.py \ + --action create --provider aws --size large \ + --composite-name ${{ env.COMPOSITE_NAME }} \ + --working-dir $ALLOCATOR_PATH --track-output $ALLOCATOR_PATH/track_${instance_name}.yml \ + --inventory-output $ALLOCATOR_PATH/inventory_${instance_name}.yml \ + --instance-name gha_${{ github.run_id }}_${{ env.TEST_NAME }}_${instance_name} --label-team devops --label-termination-date 1d + + instance_id=$(grep '^identifier' $ALLOCATOR_PATH/track_${instance_name}.yml | awk '{print $2}') + private_ip=$(aws ec2 describe-instances \ + --instance-ids $instance_id \ + --query 'Reservations[*].Instances[*].PrivateIpAddress' \ + --output text) + + sed 's/: */=/g' $ALLOCATOR_PATH/inventory_${instance_name}.yml > $ALLOCATOR_PATH/inventory_mod_${instance_name}.yml + sed -i 's/-o StrictHostKeyChecking=no/\"-o StrictHostKeyChecking=no\"/g' $ALLOCATOR_PATH/inventory_mod_${instance_name}.yml + source $ALLOCATOR_PATH/inventory_mod_${instance_name}.yml + + # Add instance to corresponding group + if [[ $i -eq 0 ]]; then + echo "indexer1 ansible_host=$ansible_host private_ip=$private_ip ansible_ssh_private_key_file=$ansible_ssh_private_key_file" >> $inventory_indexers + echo "master ansible_host=$ansible_host private_ip=$private_ip ansible_ssh_private_key_file=$ansible_ssh_private_key_file manager_type=master instance_type=indexer_manager" >> $inventory_managers + + echo "ansible_user=$ansible_user" >> $inventory_common + echo "ansible_port=$ansible_port" >> $inventory_common + echo "ansible_ssh_common_args='$ansible_ssh_common_args'" >> $inventory_common + elif [[ $i -eq 1 ]]; then + echo "indexer2 ansible_host=$ansible_host private_ip=$private_ip ansible_ssh_private_key_file=$ansible_ssh_private_key_file" >> $inventory_indexers + echo "worker1 ansible_host=$ansible_host private_ip=$private_ip ansible_ssh_private_key_file=$ansible_ssh_private_key_file manager_type=worker instance_type=indexer_manager" >> $inventory_managers + else + echo "indexer3 ansible_host=$ansible_host private_ip=$private_ip ansible_ssh_private_key_file=$ansible_ssh_private_key_file" >> $inventory_indexers + echo "worker2 ansible_host=$ansible_host private_ip=$private_ip ansible_ssh_private_key_file=$ansible_ssh_private_key_file manager_type=worker instance_type=indexer_manager_dashboard" >> $inventory_managers + echo "dashboard ansible_host=$ansible_host private_ip=$private_ip ansible_ssh_private_key_file=$ansible_ssh_private_key_file" >> $inventory_dashboards + fi + ) & + done + + # Wait for all provisioning tasks to complete + wait + + # Combine the temporary inventories into one + cat $inventory_indexers > $inventory_file + cat $inventory_managers >> $inventory_file + cat $inventory_dashboards >> $inventory_file + cat $inventory_common >> $inventory_file + + - name: Execute provision playbook + run: | + INSTALL_DEPS=true + INSTALL_PYTHON=true + INSTALL_PIP_DEPS=true + + ANSIBLE_STDOUT_CALLBACK=$ANSIBLE_CALLBACK ansible-playbook .github/workflows/ansible-playbooks/provision.yml \ + -i $ALLOCATOR_PATH/inventory \ + -l indexers \ + -e "repository=$REPOSITORY_URL" \ + -e "reference=${{ github.ref_name }}" \ + -e "tmp_path=$TMP_PATH" \ + -e "install_deps=$INSTALL_DEPS" \ + -e "install_python=$INSTALL_PYTHON" \ + -e "install_pip_deps=$INSTALL_PIP_DEPS" \ + "${{ inputs.VERBOSITY }}" + + - name: Execute certificates generation playbook + run: | + ANSIBLE_STDOUT_CALLBACK=$ANSIBLE_CALLBACK ansible-playbook .github/workflows/ansible-playbooks/distributed_generate_certificates.yml \ + -i $ALLOCATOR_PATH/inventory \ + -e "resources_path=$RESOURCES_PATH" \ + "${{ inputs.VERBOSITY }}" + + - name: Copy certificates to nodes + run: | + ANSIBLE_STDOUT_CALLBACK=$ANSIBLE_CALLBACK ansible-playbook .github/workflows/ansible-playbooks/distributed_copy_certificates.yml \ + -i $ALLOCATOR_PATH/inventory \ + -l indexers \ + -e "tmp_path=$TMP_PATH" \ + -e "resources_path=$RESOURCES_PATH" \ + "${{ inputs.VERBOSITY }}" + + - name: Execute indexer installation playbook + run: | + ANSIBLE_STDOUT_CALLBACK=$ANSIBLE_CALLBACK ansible-playbook .github/workflows/ansible-playbooks/distributed_install_indexer.yml \ + -i $ALLOCATOR_PATH/inventory \ + -l indexers \ + -e "tmp_path=$TMP_PATH" \ + -e "pkg_repository=$PKG_REPOSITORY" \ + "${{ inputs.VERBOSITY }}" + + - name: Execute indexer cluster start playbook + run: | + INDEXER_ADMIN_PASSWORD="admin" + ANSIBLE_STDOUT_CALLBACK=$ANSIBLE_CALLBACK ansible-playbook .github/workflows/ansible-playbooks/distributed_start_indexer_cluster.yml \ + -i $ALLOCATOR_PATH/inventory \ + -l indexers \ + -e "tmp_path=$TMP_PATH" \ + -e "pkg_repository=$PKG_REPOSITORY" \ + "${{ inputs.VERBOSITY }}" + + - name: Execute server installation playbook + run: | + ANSIBLE_STDOUT_CALLBACK=$ANSIBLE_CALLBACK ansible-playbook .github/workflows/ansible-playbooks/distributed_install_wazuh.yml \ + -i $ALLOCATOR_PATH/inventory \ + -l managers \ + -e "tmp_path=$TMP_PATH" \ + -e "pkg_repository=$PKG_REPOSITORY" \ + "${{ inputs.VERBOSITY }}" + + - name: Execute dashboard installation playbook + run: | + ANSIBLE_STDOUT_CALLBACK=$ANSIBLE_CALLBACK ansible-playbook .github/workflows/ansible-playbooks/distributed_install_dashboard.yml \ + -i $ALLOCATOR_PATH/inventory \ + -l dashboards \ + -e "tmp_path=$TMP_PATH" \ + -e "pkg_repository=$PKG_REPOSITORY" \ + "${{ inputs.VERBOSITY }}" + + - name: Execute Python test playbook + run: | + ANSIBLE_STDOUT_CALLBACK=$ANSIBLE_CALLBACK ansible-playbook .github/workflows/ansible-playbooks/distributed_tests.yml \ + -i $ALLOCATOR_PATH/inventory \ + -l managers \ + -e "tmp_path=$TMP_PATH" \ + -e "test_name=$TEST_NAME" \ + "${{ inputs.VERBOSITY }}" + + - name: Compress Allocator VM directory + id: compress_allocator_files + if: always() && steps.allocator_instance.outcome == 'success' && inputs.DESTROY == false + run: | + zip -P "${{ secrets.ZIP_ARTIFACTS_PASSWORD }}" -r $ALLOCATOR_PATH.zip $ALLOCATOR_PATH + + - name: Upload Allocator VM directory as artifact + if: always() && steps.compress_allocator_files.outcome == 'success' && inputs.DESTROY == false + uses: actions/upload-artifact@v4 + with: + name: allocator-instance-${{ matrix.system }} + path: ${{ env.ALLOCATOR_PATH }}.zip + + - name: Delete allocated VMs + if: always() && steps.allocator_instance.outcome == 'success' && inputs.DESTROY == true + run: | + instance_names=($INSTANCE_NAMES) + + for i in ${!instance_names[@]}; do + instance_name=${instance_names[$i]} + track_file="$ALLOCATOR_PATH/track_${instance_name}.yml" + + echo "Deleting instance: $instance_name using track file $track_file" + + ( + # Delete instance + python3 wazuh-automation/deployability/modules/allocation/main.py \ + --action delete --provider aws --track-output $track_file + ) & + done + + # Wait for all deletion tasks to complete + wait + diff --git a/.github/workflows/ansible-playbooks/aio.yml b/.github/workflows/ansible-playbooks/aio.yml new file mode 100644 index 0000000..4acd184 --- /dev/null +++ b/.github/workflows/ansible-playbooks/aio.yml @@ -0,0 +1,17 @@ + + - hosts: all + become: true + + vars: + script_path: "{{ tmp_path }}" + pkg_repository: "{{ pkg_repository }}" + script_name: "wazuh-install.sh" + + tasks: + - name: Test assistant AIO install + command: "bash {{ script_name }} -a -v -d {{ pkg_repository }}" + args: + chdir: "{{ script_path }}" + register: install_results + async: 500 + poll: 5 diff --git a/.github/workflows/ansible-playbooks/aio_tests.yml b/.github/workflows/ansible-playbooks/aio_tests.yml new file mode 100644 index 0000000..4ef8953 --- /dev/null +++ b/.github/workflows/ansible-playbooks/aio_tests.yml @@ -0,0 +1,14 @@ + + - hosts: all + become: true + + vars: + script_path: "{{ tmp_path }}/tests/install" + script_name: "{{ test_name }}.py" + + tasks: + - name: Test AIO install with Installation assistant + command: "python3 -m pytest --tb=long {{ script_name }} -v -m \"wazuh or wazuh_worker or indexer or dashboard\"" + args: + chdir: "{{ script_path }}" + register: test_results diff --git a/.github/workflows/ansible-playbooks/distributed_copy_certificates.yml b/.github/workflows/ansible-playbooks/distributed_copy_certificates.yml new file mode 100644 index 0000000..083b8f4 --- /dev/null +++ b/.github/workflows/ansible-playbooks/distributed_copy_certificates.yml @@ -0,0 +1,12 @@ +--- + - hosts: all + gather_facts: false + tasks: + - name: Copying the wazuh-install-files.tar to the instances + copy: + src: "{{ resources_path }}/wazuh-install-files.tar" + dest: "{{ tmp_path }}/" + force: yes + remote_src: no + become: yes + become_user: root diff --git a/.github/workflows/ansible-playbooks/distributed_generate_certificates.yml b/.github/workflows/ansible-playbooks/distributed_generate_certificates.yml new file mode 100644 index 0000000..6c97240 --- /dev/null +++ b/.github/workflows/ansible-playbooks/distributed_generate_certificates.yml @@ -0,0 +1,27 @@ +--- +- hosts: localhost + become: true + + vars: + resources_path: "{{ resources_path }}" + + tasks: + - name: Create certificates + block: + - name: Rendering wazuh-config file + template: + src: "{{ resources_path }}/.github/workflows/templates/config.j2" + dest: "{{ resources_path }}/config.yml" + mode: "664" + force: yes + + - name: Creating wazuh-install.sh script + shell: "bash {{ resources_path }}/builder.sh -i" + + - name: Creating Certificates + shell: "bash {{ resources_path }}/wazuh-install.sh -g -v" + register: certificates_install + + - name: Give read permissions to wazuh-install-files.tar + shell: "chmod +r {{ resources_path }}/wazuh-install-files.tar" + diff --git a/.github/workflows/ansible-playbooks/distributed_install_dashboard.yml b/.github/workflows/ansible-playbooks/distributed_install_dashboard.yml new file mode 100644 index 0000000..fb04278 --- /dev/null +++ b/.github/workflows/ansible-playbooks/distributed_install_dashboard.yml @@ -0,0 +1,15 @@ +--- +- hosts: all + gather_facts: false + become: true + + vars: + tmp_path: "{{ tmp_path }}" + pkg_repository: "{{ pkg_repository }}" + + tasks: + - name: Install Wazuh dashboard + command: "bash wazuh-install.sh -wd {{ inventory_hostname }} -v -d {{ pkg_repository }}" + args: + chdir: "{{ tmp_path }}" + register: dashboard diff --git a/.github/workflows/ansible-playbooks/distributed_install_indexer.yml b/.github/workflows/ansible-playbooks/distributed_install_indexer.yml new file mode 100644 index 0000000..c5736da --- /dev/null +++ b/.github/workflows/ansible-playbooks/distributed_install_indexer.yml @@ -0,0 +1,14 @@ +--- + - hosts: all + gather_facts: false + become: true + + vars: + tmp_path: "{{ tmp_path }}" + pkg_repository: "{{ pkg_repository }}" + + tasks: + - name: Install Wazuh indexer + command: "bash {{ tmp_path }}/wazuh-install.sh -wi {{ inventory_hostname }} -v -d {{ pkg_repository }}" + register: indexer + diff --git a/.github/workflows/ansible-playbooks/distributed_install_wazuh.yml b/.github/workflows/ansible-playbooks/distributed_install_wazuh.yml new file mode 100644 index 0000000..ac5cfe1 --- /dev/null +++ b/.github/workflows/ansible-playbooks/distributed_install_wazuh.yml @@ -0,0 +1,35 @@ +--- +- hosts: all + gather_facts: false + become: true + + vars: + tmp_path: "{{ tmp_path }}" + master_ip: "{{ hostvars[groups['managers'] | select('match', 'master') | first]['private_ip'] }}" + pkg_repository: "{{ pkg_repository }}" + check_port: 55000 + + tasks: + - name: Install Wazuh server on master + command: "bash {{ tmp_path }}/wazuh-install.sh -ws {{ inventory_hostname }} -v -d {{ pkg_repository }}" + register: wazuh + when: hostvars[inventory_hostname].manager_type == 'master' + + - name: Install Wazuh server on worker nodes + block: + - name: Wait for Wazuh master to be ready on port {{ check_port }} + wait_for: + host: "{{ master_ip }}" + port: "{{ check_port }}" + delay: 30 + timeout: 300 + when: hostvars[inventory_hostname].manager_type == 'worker' + async: 500 + poll: 5 + + - name: Install Wazuh server (Workers) + command: "bash {{ tmp_path }}/wazuh-install.sh -ws {{ inventory_hostname }} -v -d {{ pkg_repository }}" + register: wazuh + when: hostvars[inventory_hostname].manager_type == 'worker' + + diff --git a/.github/workflows/ansible-playbooks/distributed_start_indexer_cluster.yml b/.github/workflows/ansible-playbooks/distributed_start_indexer_cluster.yml new file mode 100644 index 0000000..663a0a2 --- /dev/null +++ b/.github/workflows/ansible-playbooks/distributed_start_indexer_cluster.yml @@ -0,0 +1,17 @@ +--- +- hosts: all + gather_facts: false + become: true + + vars: + tmp_path: "{{ tmp_path }}" + pkg_repository: "{{ pkg_repository }}" + + tasks: + - name: Start Wazuh indexer cluster in just one node + block: + - name: Start Wazuh indexer cluster + command: "bash {{ tmp_path }}/wazuh-install.sh -s -v -d {{ pkg_repository }}" + register: cluster + when: inventory_hostname == ansible_play_hosts[0] + diff --git a/.github/workflows/ansible-playbooks/distributed_tests.yml b/.github/workflows/ansible-playbooks/distributed_tests.yml new file mode 100644 index 0000000..2d4cfbf --- /dev/null +++ b/.github/workflows/ansible-playbooks/distributed_tests.yml @@ -0,0 +1,41 @@ +--- +- hosts: all + gather_facts: false + become: true + + vars: + script_path: "{{ tmp_path }}/tests/install" + script_name: "{{ test_name }}.py" + + tasks: + - name: Execute tests Master + command: "python3 -m pytest --tb=long {{ script_name }} -v -m \"wazuh_cluster\"" + args: + chdir: "{{ script_path }}" + register: test_results_master + when: + - hostvars[inventory_hostname].manager_type == 'master' + + - name: Execute tests Workers + command: "python3 -m pytest --tb=long {{ script_name }} -v -m \"wazuh_worker\"" + args: + chdir: "{{ script_path }}" + register: test_results_worker + when: + - hostvars[inventory_hostname].manager_type == 'worker' + + - name: Execute tests indexer_manager + command: "python3 -m pytest --tb=long {{ script_name }} -v -m \"wazuh or indexer or indexer_cluster\"" + args: + chdir: "{{ script_path }}" + register: test_results_indexer_manager + when: + - hostvars[inventory_hostname].instance_type == 'indexer_manager' + + - name: Execute tests indexer_manager_dashboard + command: "python3 -m pytest --tb=long {{ script_name }} -v -m \"wazuh or indexer or indexer_cluster or dashboard\"" + args: + chdir: "{{ script_path }}" + register: test_results_indexer_manager_dashboard + when: + - hostvars[inventory_hostname].instance_type == 'indexer_manager_dashboard' diff --git a/.github/workflows/ansible-playbooks/provision.yml b/.github/workflows/ansible-playbooks/provision.yml new file mode 100644 index 0000000..4f30d8e --- /dev/null +++ b/.github/workflows/ansible-playbooks/provision.yml @@ -0,0 +1,174 @@ +--- +- hosts: all + become: true + gather_facts: no + vars: + script_path: "{{ tmp_path }}" + script_name: "wazuh-install.sh" + rpm_deps: + - git + - python3 + - python3-pip + - openssl + - tar + apt_deps: + - git + - software-properties-common + - gnupg2 + pip_deps: + - attrs==21.1.0 + - importlib-metadata==4.8.2 + - iniconfig==1.1.1 + - packaging==21.3 + - pluggy==1.0.0 + - py==1.11.0 + - pyparsing==3.0.6 + - toml==0.10.2 + - typing-extensions==4.0.0 + - pytest==6.2.5 + - pyyaml + - requests + - setuptools + - beautifulsoup4 + - urllib3==1.26.6 + + pre_tasks: + - name: Check if the system is CentOS 8 and install Python if necessary + raw: | + if [ -f /etc/centos-release ]; then + if grep -q -i -E "centos.*8" /etc/centos-release; then + if ! command -v python3 &> /dev/null; then + dnf install -y python3 + fi + fi + fi + + - name: Check if the system is Ubuntu 16 and install Python + raw: | + if [ -f /etc/lsb-release ]; then + if grep -q -i -E "ubuntu.*16" /etc/lsb-release; then + add-apt-repository -y ppa:jblgf0/python + apt-get update + apt-get install -y python3.6 python3-apt + update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.6 1 + cd /usr/lib/python3/dist-packages + sudo ln -s apt_inst.cpython-35m-x86_64-linux-gnu.so apt_inst.so + sudo ln -s apt_pkg.cpython-35m-x86_64-linux-gnu.so apt_pkg.so + fi + fi + + tasks: + - name: Gather facts + ansible.builtin.setup: + + - name: Make tmp folder directory + file: + path: "{{ tmp_path }}" + state: directory + + - name: Install main deps block + block: + + # --------------------------------------------------------------------- + + - name: Install required dependencies YUM + ansible.builtin.package: + name: "{{ rpm_deps }}" + state: present + when: ansible_os_family == 'RedHat' + + # --------------------------------------------------------------------- + + - name: Install required dependencies APT + ansible.builtin.package: + name: "{{ apt_deps }}" + state: present + update_cache: yes + when: ansible_os_family == 'Debian' + when: + - install_deps is defined + - install_deps | bool + + - name: Install Python and pip + block: + + # --------------------------------------------------------------------- + # Ubuntu -------------------------------------------------------------- + - name: Set up Python 3.9 on Ubuntu Jammy + block: + - name: Set up Python 3.9 repository + apt_repository: + repo: 'ppa:deadsnakes/ppa' + + - name: Install Python3.9 on Ubuntu Jammy + ansible.builtin.package: + name: + - python3.9 + - python3.9-distutils + state: present + update_cache: yes + + - name: Change Python link Ubuntu Jammy + command: ln -sf /usr/bin/python3.9 /usr/bin/python3 + when: + - ansible_os_family == 'Debian' + - ansible_distribution == "Ubuntu" + - ansible_distribution_release == "jammy" + + - name: Change Python link Ubuntu Xenial + command: ln -sf /usr/local/bin/python3.8 /usr/bin/python3 + when: + - ansible_pkg_mgr == "apt" + - ansible_distribution == "Ubuntu" + - ansible_distribution_release == "xenial" + + # --------------------------------------------------------------------- + # Pip installation ---------------------------------------------------- + + - stat: + path: /usr/bin/pip3 + register: stat_pip3 + when: + - ansible_os_family == 'Debian' + + - name: Install pip Ubuntu\Debian + shell: curl https://bootstrap.pypa.io/get-pip.py | python3 - + when: + - ansible_os_family == 'Debian' + - stat_pip3.stat.exists == False + - ansible_distribution_release not in ['bionic'] + + - name: Install pip Ubuntu Bionic/Xenial + ansible.builtin.package: + name: + - python3-pip + state: present + update_cache: yes + when: + - ansible_os_family == 'Debian' + - ansible_distribution == "Ubuntu" + - ansible_distribution_release in ['bionic'] + + when: + - install_python is defined + - install_python | bool + + # No version specified in pyyaml due to Xenial error. + - name: Install pytest + command: pip3 install {{ item }} + with_items: "{{ pip_deps }}" + when: + - install_pip_deps is defined + - install_pip_deps | bool + + - name: Clone installation assistant git repository + git: + repo: "{{ repository }}" + dest: "{{ tmp_path }}" + version: "{{ reference }}" + depth: 1 + force: true + + - name: Generate Installation assistant + command: "bash {{ tmp_path }}/builder.sh -i" + diff --git a/.github/workflows/builder_installation_assistant.yml b/.github/workflows/builder_installation_assistant.yml index 1a370a8..8d46475 100644 --- a/.github/workflows/builder_installation_assistant.yml +++ b/.github/workflows/builder_installation_assistant.yml @@ -1,10 +1,136 @@ -run-name: Build Installation Assistant - Wazuh installation assistant branch ${{ inputs.WAZUH_INSTALLATION_ASSISTANT_REFERENCE }} - Launched by @${{ github.actor }} +run-name: Build Installation Assistant ${{ inputs.id }} - Branch ${{ github.ref_name }} - Launched by @${{ github.actor }} name: Build Installation Assistant on: workflow_dispatch: inputs: - WAZUH_INSTALLATION_ASSISTANT_REFERENCE: - description: 'Branch or tag of the wazuh-installation-assistant repository where the workflow will be triggered' + wazuh_installation_assistant_reference: + description: "Branch or tag of the wazuh-installation-assistant repository." required: true - default: '5.0.0' \ No newline at end of file + default: main + is_stage: + description: "Is stage?" + type: boolean + default: false + checksum: + description: "Add checksum" + type: boolean + default: false + id: + description: "ID used to identify the workflow uniquely." + type: string + required: false + workflow_call: + inputs: + wazuh_installation_assistant_reference: + description: "Branch or tag of the wazuh-installation-assistant repository." + type: string + required: true + default: main + is_stage: + description: "Is stage?" + type: boolean + default: false + checksum: + description: "Add checksum" + type: boolean + default: false + id: + type: string + required: false + +env: + S3_BUCKET: ${{ vars.AWS_S3_BUCKET }} + S3_REPOSITORY_PATH: "development/wazuh/4.x/secondary/installation-assistant" + BUILDER_PATH: "builder.sh" + WAZUH_INSTALL_NAME: "wazuh-install" + WAZUH_CERT_TOOL_NAME: "wazuh-certs-tool" + WAZUH_PASSWORD_TOOL_NAME: "wazuh-passwords-tool" + +permissions: + id-token: write + contents: read + +jobs: + Build_Installation_Assistant: + runs-on: ubuntu-latest + + steps: + - name: View parameters + run: echo "${{ toJson(inputs) }}" + + - name: Checkout wazuh-installation-assistant repository + uses: actions/checkout@v4 + with: + ref: ${{ inputs.wazuh_installation_assistant_reference }} + + - name: Configure aws credentials + uses: aws-actions/configure-aws-credentials@v3 + with: + role-to-assume: ${{ secrets.AWS_IAM_ROLE }} + aws-region: us-east-1 + + - name: Get short sha and wazuh version + run: | + COMMIT_SHORT_SHA=$(git rev-parse --short ${{ github.sha }}) + WAZUH_VERSION=$(grep -oP '(?<=readonly wazuh_version=").*(?=")' ${{github.workspace}}/install_functions/installVariables.sh) + echo "WAZUH_VERSION=$WAZUH_VERSION" >> $GITHUB_ENV + echo "COMMIT_SHORT_SHA=$COMMIT_SHORT_SHA" >> $GITHUB_ENV + + - name: Change files name for stage build + if: ${{ inputs.is_stage == false }} + run: | + sed -i 's|${{ env.WAZUH_INSTALL_NAME }}.sh|${{ env.WAZUH_INSTALL_NAME }}-${{ env.COMMIT_SHORT_SHA }}.sh|g' "${{ env.BUILDER_PATH }}" + sed -i 's|${{ env.WAZUH_CERT_TOOL_NAME }}.sh|${{ env.WAZUH_CERT_TOOL_NAME }}-${{ env.COMMIT_SHORT_SHA }}.sh|g' "${{ env.BUILDER_PATH }}" + sed -i 's|${{ env.WAZUH_PASSWORD_TOOL_NAME }}.sh|${{ env.WAZUH_PASSWORD_TOOL_NAME }}-${{ env.COMMIT_SHORT_SHA }}.sh|g' "${{ env.BUILDER_PATH }}" + + - name: Build Installation Assistant packages + run: bash builder.sh -i -c -p + + - name: Save files name + run: | + WAZUH_INSTALL_NAME=$(ls ${{ github.workspace }}/${{ env.WAZUH_INSTALL_NAME }}*.sh | xargs basename) + WAZUH_CERT_TOOL_NAME=$(ls ${{ github.workspace }}/${{ env.WAZUH_CERT_TOOL_NAME }}*.sh | xargs basename) + WAZUH_PASSWORD_TOOL_NAME=$(ls ${{ github.workspace }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }}*.sh | xargs basename) + echo "WAZUH_INSTALL_NAME=$WAZUH_INSTALL_NAME" >> $GITHUB_ENV + echo "WAZUH_CERT_TOOL_NAME=$WAZUH_CERT_TOOL_NAME" >> $GITHUB_ENV + echo "WAZUH_PASSWORD_TOOL_NAME=$WAZUH_PASSWORD_TOOL_NAME" >> $GITHUB_ENV + + - name: Prepare files + run: | + mkdir -p ${{ github.workspace }}/${{ env.WAZUH_VERSION }} + mv ${{ env.WAZUH_INSTALL_NAME }} ${{ github.workspace }}/${{ env.WAZUH_VERSION }} + mv ${{ env.WAZUH_CERT_TOOL_NAME }} ${{ github.workspace }}/${{ env.WAZUH_VERSION }} + mv ${{ env.WAZUH_PASSWORD_TOOL_NAME }} ${{ github.workspace }}/${{ env.WAZUH_VERSION }} + + - name: Build packages checksum + if: ${{ inputs.checksum == true }} + run: | + sha512sum ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }} > ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }}.sha512 + sha512sum ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }} > ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }}.sha512 + sha512sum ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }} > ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }}.sha512 + + - name: Upload files to S3 + run: | + aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }} s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/ + s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }}" + echo "S3 wazuh-install URI: ${s3uri}" + aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }} s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/ + s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }}" + echo "S3 wazuh-certs-tool URI: ${s3uri}" + aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }} s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/ + s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }}" + echo "S3 wazuh-passwords-tool URI: ${s3uri}" + + - name: Upload checksum files to S3 + if: ${{ inputs.checksum == true }} + run: | + aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }}.sha512 s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/ + s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }}.sha512" + echo "S3 sha512 wazuh-install checksum URI: ${s3uri}" + aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }}.sha512 s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/ + s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }}.sha512" + echo "S3 sha512 wazuh-certs-tool checksum URI: ${s3uri}" + aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }}.sha512 s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/ + s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }}.sha512" + echo "S3 sha512 wazuh-passwords-tool checksum URI: ${s3uri}" diff --git a/.github/workflows/offline-installation.yml b/.github/workflows/offline-installation.yml index 1d31ec4..3387251 100644 --- a/.github/workflows/offline-installation.yml +++ b/.github/workflows/offline-installation.yml @@ -5,6 +5,11 @@ on: - 'install_functions/wazuh-offline-download.sh' - 'install_functions/wazuh-offline-installation.sh' workflow_dispatch: + inputs: + WAZUH_INSTALLATION_ASSISTANT_REFERENCE: + description: "Branch or tag of the wazuh-installation-assistant repository." + required: true + default: main jobs: Build-wazuh-install-script: @@ -18,9 +23,11 @@ jobs: skip_after_successful_duplicate: 'false' - uses: actions/checkout@v4 + with: + ref: ${{ inputs.WAZUH_INSTALLATION_ASSISTANT_REFERENCE }} - name: Build wazuh-install script and use staging packages - run: bash builder.sh -i -d staging + run: bash builder.sh -i - uses: actions/upload-artifact@v3 with: @@ -33,6 +40,8 @@ jobs: needs: Build-wazuh-install-script steps: - uses: actions/checkout@v4 + with: + ref: ${{ inputs.WAZUH_INSTALLATION_ASSISTANT_REFERENCE }} - uses: actions/download-artifact@v3 with: @@ -49,6 +58,8 @@ jobs: needs: Build-wazuh-install-script steps: - uses: actions/checkout@v4 + with: + ref: ${{ inputs.WAZUH_INSTALLATION_ASSISTANT_REFERENCE }} - uses: actions/download-artifact@v3 with: diff --git a/.github/workflows/templates/config.j2 b/.github/workflows/templates/config.j2 new file mode 100644 index 0000000..44af40b --- /dev/null +++ b/.github/workflows/templates/config.j2 @@ -0,0 +1,18 @@ +nodes: + # Wazuh indexer nodes + indexer: +{% for indexer in groups['indexers'] %} + - name: {{ hostvars[indexer]['inventory_hostname'] }} + ip: "{{ hostvars[indexer]['private_ip'] }}" +{% endfor %} + server: +{% for manager in groups['managers'] %} + - name: {{ hostvars[manager]['inventory_hostname'] }} + ip: "{{ hostvars[manager]['private_ip'] }}" + node_type: "{{ hostvars[manager]['manager_type'] }}" +{% endfor %} + dashboard: +{% for dashboard in groups['dashboards'] %} + - name: {{ hostvars[dashboard]['inventory_hostname'] }} + ip: "{{ hostvars[dashboard]['private_ip'] }}" +{% endfor %} diff --git a/CHANGELOG.md b/CHANGELOG.md index 68d6f7f..e5d9faa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ # Change Log All notable changes to this project will be documented in this file. + ## [5.0.0] ### Added @@ -20,16 +21,70 @@ All notable changes to this project will be documented in this file. - Improved service status and output management in Installation assistant. ([#82](https://github.com/wazuh/wazuh-installation-assistant/pull/82)) - Fixed API password change to match the user in wazuh.yml. ([#81](https://github.com/wazuh/wazuh-installation-assistant/pull/81)) +### Fixed + +- None + +### Deleted + +- None + +## [4.10.2] + +### Added + +- None + +### Changed + +- None + +### Fixed + +- None + +### Deleted + +- None + +## [4.10.1] + +### Added + +- None + +### Changed + +- None + +### Fixed + +- Added architecture information to assistant. ([#92](https://github.com/wazuh/wazuh-installation-assistant/pull/92)) + +### Deleted + +- None + ## [4.10.0] ### Changed +- Add checksum input and update the upload files to S3 steps ([#106](https://github.com/wazuh/wazuh-installation-assistant/pull/106)) +- Deleted the offline_checkDependencies function and unified logic in offline_checkPrerequisites function. ([#99](https://github.com/wazuh/wazuh-installation-assistant/pull/99)) +- Add input for wazuh installation assistant reference in workflows. ([#98](https://github.com/wazuh/wazuh-installation-assistant/pull/98)) +- Create GHA workflow to build Wazuh Installation Assistant files. ([#77](https://github.com/wazuh/wazuh-installation-assistant/pull/77)) +- Installation assistant distributed test rework and migration. ([#60](https://github.com/wazuh/wazuh-installation-assistant/pull/60)) +- Installation assistant test and tier workflow migration ([#46](https://github.com/wazuh/wazuh-installation-assistant/pull/46/)) - Added post-install validations for the Wazuh manager and Filebeat. ([#3059](https://github.com/wazuh/wazuh-packages/pull/3059)) +- Update SECURITY.md file. ([#59](https://github.com/wazuh/wazuh-installation-assistant/pull/59)) ### Fixed +- Changed GitHub Runner version to fix Python error ([#110](https://github.com/wazuh/wazuh-installation-assistant/pull/110)) - Fixed Wazuh API validation ([#29](https://github.com/wazuh/wazuh-installation-assistant/pull/29)) - Fixed token variable empty in Wazuh manager check ([#45](https://github.com/wazuh/wazuh-installation-assistant/pull/45)) +- Fixed manager check in distributed deployment ([#52](https://github.com/wazuh/wazuh-installation-assistant/pull/52)) +- Changed command order execution to get the TOKEN ([#57](https://github.com/wazuh/wazuh-installation-assistant/pull/57)) ## [4.9.1] diff --git a/SECURITY.md b/SECURITY.md index 100f730..4c99eec 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -11,19 +11,15 @@ This policy applies to all open source projects developed, maintained, or hosted ## Reporting Security Vulnerabilities If you believe you've discovered a potential security vulnerability in one of our open source projects, we strongly encourage you to report it to us responsibly. -Please submit your findings as [security advisories](https://github.com/wazuh/wazuh-installation-assistant/security/advisories) under the "Security" tab in the relevant GitHub repository. Alternatively, you may send the details of your findings to security@wazuh.com. +Please submit your findings as security advisories under the "Security" tab in the relevant GitHub repository. Alternatively, you may send the details of your findings to [security@wazuh.com](mailto:security@wazuh.com). ## Vulnerability Disclosure Policy Upon receiving a report of a potential vulnerability, our team will initiate an investigation. If the reported issue is confirmed as a vulnerability, we will take the following steps: 1. Acknowledgment: We will acknowledge the receipt of your vulnerability report and begin our investigation. - 2. Validation: We will validate the issue and work on reproducing it in our environment. - 3. Remediation: We will work on a fix and thoroughly test it - 4. Release & Disclosure: After 90 days from the discovery of the vulnerability, or as soon as a fix is ready and thoroughly tested (whichever comes first), we will release a security update for the affected project. We will also publicly disclose the vulnerability by publishing a CVE (Common Vulnerabilities and Exposures) and acknowledging the discovering party. - 5. Exceptions: In order to preserve the security of the Wazuh community at large, we might extend the disclosure period to allow users to patch their deployments. This 90-day period allows for end-users to update their systems and minimizes the risk of widespread exploitation of the vulnerability. @@ -46,4 +42,4 @@ We ask that all users and contributors respect this policy and the security of o ## Changes to this Security Policy This policy may be revised from time to time. Each version of the policy will be identified at the top of the page by its effective date. -If you have any questions about this Security Policy, please contact us at security@wazuh.com +If you have any questions about this Security Policy, please contact us at [security@wazuh.com](mailto:security@wazuh.com) \ No newline at end of file diff --git a/builder.sh b/builder.sh index 6ab9f6e..1ef03bf 100755 --- a/builder.sh +++ b/builder.sh @@ -34,9 +34,6 @@ function getHelp() { echo -e " -c, --cert-tool" echo -e " Builds the certificate creation tool wazuh-cert-tool.sh" echo -e "" - echo -e " -d [pre-release|staging], --development" - echo -e " Use development repositories. By default it uses the pre-release package repository. If staging is specified, it will use that repository." - echo -e "" echo -e " -p, --password-tool" echo -e " Builds the password creation and modification tool wazuh-password-tool.sh" echo -e "" @@ -48,8 +45,6 @@ function getHelp() { function buildInstaller() { - checkDistDetectURL - output_script_path="${base_path_builder}/wazuh-install.sh" ## Create installer script @@ -67,25 +62,6 @@ function buildInstaller() { # Foundation." >> "${output_script_path}" echo >> "${output_script_path}" - ## Installation variables - if [ -n "${development}" ]; then - echo 'readonly development=1' >> "${output_script_path}" - echo 'readonly repogpg="https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH"' >> "${output_script_path}" - echo 'readonly repobaseurl="https://packages-dev.wazuh.com/'${devrepo}'"' >> "${output_script_path}" - echo 'readonly reporelease="unstable"' >> "${output_script_path}" - echo 'readonly filebeat_wazuh_module="${repobaseurl}/filebeat/wazuh-filebeat-0.4.tar.gz"' >> "${output_script_path}" - echo 'readonly bucket="packages-dev.wazuh.com"' >> "${output_script_path}" - echo 'readonly repository="'"${devrepo}"'"' >> "${output_script_path}" - sed -i 's|v${wazuh_version}|${wazuh_version}|g' "${resources_installer}/installVariables.sh" - else - echo 'readonly repogpg="https://packages.wazuh.com/key/GPG-KEY-WAZUH"' >> "${output_script_path}" - echo 'readonly repobaseurl="https://packages.wazuh.com/4.x"' >> "${output_script_path}" - echo 'readonly reporelease="stable"' >> "${output_script_path}" - echo 'readonly filebeat_wazuh_module="${repobaseurl}/filebeat/wazuh-filebeat-0.4.tar.gz"' >> "${output_script_path}" - echo 'readonly bucket="packages.wazuh.com"' >> "${output_script_path}" - echo 'readonly repository="4.x"' >> "${output_script_path}" - fi - echo >> "${output_script_path}" grep -Ev '^#|^\s*$' ${resources_common}/commonVariables.sh >> "${output_script_path}" grep -Ev '^#|^\s*$' ${resources_installer}/installVariables.sh >> "${output_script_path}" echo >> "${output_script_path}" @@ -116,6 +92,7 @@ function buildInstaller() { done ## dist-detect.sh + checkDistDetectURL echo "function dist_detect() {" >> "${output_script_path}" curl -s "https://raw.githubusercontent.com/wazuh/wazuh/${source_branch}/src/init/dist-detect.sh" | sed '/^#/d' >> "${output_script_path}" echo "}" >> "${output_script_path}" @@ -132,9 +109,6 @@ function buildInstaller() { ## Main function and call to it echo >> "${output_script_path}" echo "main \"\$@\"" >> "${output_script_path}" - - checkFilebeatURL - } function buildPasswordsTool() { @@ -235,19 +209,6 @@ function builder_main() { certTool=1 shift 1 ;; - "-d"|"--development") - development=1 - if [ -n "${2}" ] && [ "${2}" = "staging" ]; then - devrepo="staging" - shift 2 - elif [ -n "${2}" ] && [ "${2}" = "pre-release" ]; then - devrepo="pre-release" - shift 2 - else - devrepo="pre-release" - shift 1 - fi - ;; "-p"|"--password-tool") passwordsTool=1 shift 1 @@ -264,12 +225,6 @@ function builder_main() { if [ -n "${installer}" ]; then buildInstaller chmod 500 ${output_script_path} - if [ -n "${change_filebeat_url}" ]; then - sed -i -E "s|(https.+)master(.+wazuh-template.json)|\1\\$\\{source_branch\\}\2|" "${resources_installer}/installVariables.sh" - fi - if [ -n "${development}" ]; then - sed -i 's|${wazuh_version}|v${wazuh_version}|g' "${resources_installer}/installVariables.sh" - fi fi if [ -n "${passwordsTool}" ]; then @@ -286,7 +241,6 @@ function builder_main() { function checkDistDetectURL() { urls=("https://raw.githubusercontent.com/wazuh/wazuh/${source_branch}/src/init/dist-detect.sh" - "https://raw.githubusercontent.com/wazuh/wazuh/v${source_branch}/src/init/dist-detect.sh" "https://raw.githubusercontent.com/wazuh/wazuh/master/src/init/dist-detect.sh") for url in "${urls[@]}"; do @@ -306,27 +260,4 @@ function checkDistDetectURL() { } -function checkFilebeatURL() { - - # Import variables - eval "$(grep -E "filebeat_wazuh_template=" "${resources_installer}/installVariables.sh")" - new_filebeat_url="https://raw.githubusercontent.com/wazuh/wazuh/master/extensions/elasticsearch/7.x/wazuh-template.json" - - # Get the response of the URL and check it - response=$(curl -I --write-out '%{http_code}' --silent --output /dev/null $filebeat_wazuh_template) - if [ "${response}" != "200" ]; then - response=$(curl -I --write-out '%{http_code}' --silent --output /dev/null $new_filebeat_url) - - # Display error if both URLs do not get the resource - if [ "${response}" != "200" ]; then - echo -e "Error: Could not get the Filebeat Wazuh template. " - # If matches, replace the variable of installVariables to the new one - else - echo -e "Changing Filebeat URL..." - sed -i -E "s|filebeat_wazuh_template=.*|filebeat_wazuh_template=\"${new_filebeat_url}\"|g" "${resources_installer}/installVariables.sh" - change_filebeat_url=1 - fi - fi -} - builder_main "$@" diff --git a/install_functions/checks.sh b/install_functions/checks.sh index bfa48ac..4cf54f5 100644 --- a/install_functions/checks.sh +++ b/install_functions/checks.sh @@ -12,13 +12,22 @@ function checks_arch() { arch=$(uname -m) if [ "${arch}" != "x86_64" ]; then - common_logger -e "Uncompatible system. This script must be run on a 64-bit system." + common_logger -e "Uncompatible system. This script must be run on a 64-bit (x86_64/AMD64) system." exit 1 fi } function checks_arguments() { + # -------------- Repository selection --------------------- + + if [ -n "${development}" ]; then + if [ -z "${AIO}" ] && [ -z "${dashboard}" ] && [ -z "${indexer}" ] && [ -z "${wazuh}" ] && [ -z "${start_indexer_cluster}" ] && [ -z "${download}" ]; then + common_logger -e "The -d|--development option must be used with -a, -ws, -s, -wi, -wd or -dw." + exit 1 + fi + fi + # -------------- Port option validation --------------------- if [ -n "${port_specified}" ]; then @@ -476,6 +485,30 @@ function checks_available_port() { fi } +function checks_filebeatURL() { + # URL uses branch when the source_branch is not a stage branch + if [[ ! "${source_branch}" =~ "-" ]]; then + source_branch="${source_branch#v}" + filebeat_wazuh_template="https://raw.githubusercontent.com/wazuh/wazuh/${source_branch}/extensions/elasticsearch/7.x/wazuh-template.json" + fi + + # URL using master branch + new_filebeat_url="${filebeat_wazuh_template/${source_branch}/master}" + + response=$(curl -I --write-out '%{http_code}' --silent --output /dev/null $filebeat_wazuh_template) + if [ "${response}" != "200" ]; then + response=$(curl -I --write-out '%{http_code}' --silent --output /dev/null $new_filebeat_url) + + # Display error if both URLs do not get the resource + if [ "${response}" != "200" ]; then + common_logger -e "Error: Could not get the Filebeat Wazuh template." + else + common_logger "Using Filebeat template from master branch." + filebeat_wazuh_template="${new_filebeat_url}" + fi + fi +} + function checks_firewall(){ ports_list=("$@") f_ports="" diff --git a/install_functions/installMain.sh b/install_functions/installMain.sh index e8bc14d..7b80503 100755 --- a/install_functions/installMain.sh +++ b/install_functions/installMain.sh @@ -22,6 +22,9 @@ function getHelp() { echo -e " -c, --config-file " echo -e " Path to the configuration file used to generate wazuh-install-files.tar file containing the files that will be needed for installation. By default, the Wazuh installation assistant will search for a file named config.yml in the same path as the script." echo -e "" + echo -e " -d [pre-release|staging], --development" + echo -e " Use development repositories. By default it uses the pre-release package repository. If staging is specified, it will use that repository." + echo -e "" echo -e " -dw, --download-wazuh " echo -e " Download all the packages necessary for offline installation. Type of packages to download for offline installation (rpm, deb)" echo -e "" @@ -101,6 +104,29 @@ function main() { config_file="${2}" shift 2 ;; + "-d"|"--development") + development=1 + if [ -n "${2}" ] && [[ ! "${2}" =~ ^- ]]; then + if [ "${2}" = "pre-release" ] || [ "${2}" = "staging" ]; then + devrepo="${2}" + else + common_logger -e "Error: Invalid value '${2}' after -d|--development. Accepted values are 'pre-release' or 'staging'." + getHelp + exit 1 + fi + shift 2 + else + devrepo="pre-release" + shift 1 + fi + repogpg="https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH" + repobaseurl="https://packages-dev.wazuh.com/${devrepo}" + reporelease="unstable" + filebeat_wazuh_module="${repobaseurl}/filebeat/wazuh-filebeat-0.4.tar.gz" + bucket="packages-dev.wazuh.com" + repository="${devrepo}" + ;; + "-fd"|"--force-install-dashboard") force=1 shift 1 @@ -224,7 +250,7 @@ function main() { exit 0 fi - common_logger "Starting Wazuh installation assistant. Wazuh version: ${wazuh_version}" + common_logger "Starting Wazuh installation assistant. Wazuh version: ${wazuh_version} (x86_64/AMD64)" common_logger "Verbose logging redirected to ${logfile}" # -------------- Uninstall case ------------------------------------ @@ -235,8 +261,17 @@ function main() { check_dist fi + if [ -z "${uninstall}" ] && [ -z "${offline_install}" ]; then + installCommon_installCheckDependencies + elif [ -n "${offline_install}" ]; then + offline_checkPrerequisites "wia_offline_dependencies" "${wia_offline_dependencies[@]}" + fi + common_checkInstalled checks_arguments + if [ -n "${development}" ]; then + checks_filebeatURL + fi if [ -n "${uninstall}" ]; then installCommon_rollBack exit 0 @@ -287,6 +322,7 @@ function main() { if [ -n "${offline_install}" ]; then offline_checkPreinstallation offline_extractFiles + offline_importGPGKey fi if [ -n "${AIO}" ] || [ -n "${indexer}" ] || [ -n "${dashboard}" ] || [ -n "${wazuh}" ]; then diff --git a/install_functions/installVariables.sh b/install_functions/installVariables.sh index 4125e1c..cba9b48 100644 --- a/install_functions/installVariables.sh +++ b/install_functions/installVariables.sh @@ -10,8 +10,15 @@ readonly wazuh_major="5.0" readonly wazuh_version="5.0.0" readonly filebeat_version="7.10.2" -readonly wazuh_install_version="0.1" -readonly source_branch="v${wazuh_version}" +readonly wazuh_install_vesion="0.1" +source_branch="v${wazuh_version}" + +repogpg="https://packages.wazuh.com/key/GPG-KEY-WAZUH" +repobaseurl="https://packages.wazuh.com/4.x" +reporelease="stable" +filebeat_wazuh_module="${repobaseurl}/filebeat/wazuh-filebeat-0.4.tar.gz" +bucket="packages.wazuh.com" +repository="4.x" ## Links and paths to resources readonly resources="https://${bucket}/${wazuh_major}" @@ -64,4 +71,9 @@ readonly indexer_yum_dependencies=( coreutils ) readonly indexer_apt_dependencies=( debconf adduser procps gnupg apt-transport-https ) readonly dashboard_yum_dependencies=( libcap ) readonly dashboard_apt_dependencies=( debhelper tar curl libcap2-bin gnupg apt-transport-https ) +<<<<<<< HEAD +readonly wia_offline_dependencies=( curl tar gnupg openssl lsof ) +wia_dependencies_installed=() +======= assistant_deps_to_install=() +>>>>>>> b2f4e7a0928581ea3ce69f46a7a101bcba2fc708 diff --git a/install_functions/manager.sh b/install_functions/manager.sh index edc7bd5..e20b9dc 100644 --- a/install_functions/manager.sh +++ b/install_functions/manager.sh @@ -44,19 +44,29 @@ function manager_startCluster() { function manager_checkService() { common_logger "Checking Wazuh API connection" - token_command="curl -k -s -X POST -u \"wazuh-wui:wazuh-wui\" https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true -d '{\"user_name\":\"wzread\"}' -H \"content-type:application/json\"" - TOKEN=$(eval "${token_command}") - max_attempts=5 + max_attempts=15 attempt=0 - seconds=3 + seconds=5 + api_password="wazuh-wui" + token_command="curl -k -s -X POST -u \"wazuh-wui:${api_password}\" https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true -d '{\"user_name\":\"wzread\"}' -H \"content-type:application/json\"" + TOKEN=$(eval "${token_command}") + # Wait for the API to be ready while [[ -z "${TOKEN}" && "${attempt}" -lt "${max_attempts}" ]]; do attempt=$((attempt+1)) - common_logger "Attempt $attempt: Trying to get Wazuh API token" + common_logger "Attempt $attempt: Checking the Wazuh API to be ready" sleep "${seconds}" TOKEN=$(eval "${token_command}") done + common_logger "Wazuh API is ready to receive requests." + + # Change curl credentials in case the master node has changed the passwords + if [[ "${TOKEN}" =~ "Invalid credentials" && "${server_node_types[pos]}" == "worker" ]]; then + api_password=$(tar -axf "${tar_file}" wazuh-install-files/wazuh-passwords.txt -O | grep -P "'wazuh-wui'" -A 1 | awk 'NR==2 { print $2 }' | sed "s/'//g") + token_command="curl -k -s -X POST -u \"wazuh-wui:${api_password}\" https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true -d '{\"user_name\":\"wzread\"}' -H \"content-type:application/json\"" + TOKEN=$(eval "${token_command}") + fi if [[ -z "${TOKEN}" ]]; then common_logger -e "Failed to obtain Wazuh API token after $max_attempts attempts." diff --git a/install_functions/wazuh-offline-installation.sh b/install_functions/wazuh-offline-installation.sh index d0769bb..6027b57 100644 --- a/install_functions/wazuh-offline-installation.sh +++ b/install_functions/wazuh-offline-installation.sh @@ -8,33 +8,17 @@ # License (version 2) as published by the FSF - Free Software # Foundation. -# Checks the necessary dependencies for the installation -function offline_checkDependencies() { - - dependencies=( curl tar gnupg openssl lsof ) - - common_logger "Checking installed dependencies for Offline installation." - for dep in "${dependencies[@]}"; do - if [ "${sys_type}" == "yum" ]; then - eval "yum list installed 2>/dev/null | grep -q -E ^"${dep}"\\." - elif [ "${sys_type}" == "apt-get" ]; then - eval "dpkg -l "${dep}" 2>/dev/null | grep -q -E '^ii\s'" - fi - - if [ "${PIPESTATUS[0]}" != 0 ]; then - common_logger -e "${dep} is necessary for the offline installation." - exit 1 - fi - done - common_logger -d "Offline dependencies are installed." - -} - # Checks the necessary packages needed for a Wazuh component function offline_checkPrerequisites(){ - dependencies=("$@") - common_logger "Checking prerequisites for Offline installation." + dependencies=( "${@}" ) + if [ $1 == "wia_offline_dependencies" ]; then + dependencies=( "${@:2}" ) + common_logger "Checking dependencies for Wazuh installation assistant." + else + common_logger "Checking prerequisites for Offline installation." + fi + for dep in "${dependencies[@]}"; do if [ "${sys_type}" == "yum" ]; then eval "yum list installed 2>/dev/null | grep -q -E ^"${dep}"\\." @@ -47,7 +31,11 @@ function offline_checkPrerequisites(){ exit 1 fi done - common_logger -d "Offline prerequisites are installed." + if [ $1 == "wia_offline_dependencies" ]; then + common_logger -d "Dependencies for Wazuh installation assistant are installed." + else + common_logger -d "Prerequisites for Offline installation are installed." + fi } # Checks the necessary files for the installation @@ -101,3 +89,24 @@ function offline_extractFiles() { common_logger -d "Offline files extracted successfully." } + +# Imports the GPG key from the extracted tar file +function offline_importGPGKey() { + + common_logger -d "Importing Wazuh GPG key." + if [ "${sys_type}" == "yum" ]; then + eval "rpm --import ${offline_files_path}/GPG-KEY-WAZUH ${debug}" + if [ "${PIPESTATUS[0]}" != 0 ]; then + common_logger -e "Cannot import Wazuh GPG key" + exit 1 + fi + elif [ "${sys_type}" == "apt-get" ]; then + eval "gpg --import ${offline_files_path}/GPG-KEY-WAZUH ${debug}" + if [ "${PIPESTATUS[0]}" != 0 ]; then + common_logger -e "Cannot import Wazuh GPG key" + exit 1 + fi + eval "chmod 644 ${offline_files_path}/GPG-KEY-WAZUH ${debug}" + fi + +} diff --git a/passwords_tool/passwordsFunctions.sh b/passwords_tool/passwordsFunctions.sh index 78195f6..1528e8b 100644 --- a/passwords_tool/passwordsFunctions.sh +++ b/passwords_tool/passwordsFunctions.sh @@ -47,7 +47,7 @@ function passwords_changePassword() { fi if [ "${nuser}" == "admin" ] || [ -n "${changeall}" ]; then - if [ -n "${filebeat_installed}" ]; then + if [ -n "${filebeat_installed}" ] && [ -z "${dashboard}" ]; then file_username=$(grep "username:" /etc/filebeat/filebeat.yml | awk '{print $2}') file_password=$(grep "password:" /etc/filebeat/filebeat.yml | awk '{print $2}') if [ "$file_username" != "\${username}" ] || [ "$file_password" != "\${password}" ]; then