From 08bf5ab96198a5ae289b480202b3e175a98aac9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Thu, 19 Sep 2024 13:25:23 +0200 Subject: [PATCH 1/9] Migrated repository selection to assistant script --- builder.sh | 38 --------------------------- install_functions/installMain.sh | 23 ++++++++++++++++ install_functions/installVariables.sh | 9 ++++++- 3 files changed, 31 insertions(+), 39 deletions(-) diff --git a/builder.sh b/builder.sh index c07aec0..67b3010 100755 --- a/builder.sh +++ b/builder.sh @@ -65,28 +65,6 @@ function buildInstaller() { # Foundation." >> "${output_script_path}" echo >> "${output_script_path}" - ## Installation variables - if [ -n "${development}" ]; then - echo 'readonly development=1' >> "${output_script_path}" - echo 'readonly repogpg="https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH"' >> "${output_script_path}" - echo 'readonly repobaseurl="https://packages-dev.wazuh.com/'${devrepo}'"' >> "${output_script_path}" - echo 'readonly reporelease="unstable"' >> "${output_script_path}" - echo 'readonly filebeat_wazuh_module="${repobaseurl}/filebeat/wazuh-filebeat-0.4.tar.gz"' >> "${output_script_path}" - echo 'readonly bucket="packages-dev.wazuh.com"' >> "${output_script_path}" - echo 'readonly repository="'"${devrepo}"'"' >> "${output_script_path}" - if [[ ! $(grep -E "source_branch=" "${resources_installer}/installVariables.sh" | sed -E 's/.*source_branch="([^"]+)"/\1/') =~ "-" ]]; then - sed -i 's|v${wazuh_version}|${wazuh_version}|g' "${resources_installer}/installVariables.sh" - pre_release_tag=1 - fi - else - echo 'readonly repogpg="https://packages.wazuh.com/key/GPG-KEY-WAZUH"' >> "${output_script_path}" - echo 'readonly repobaseurl="https://packages.wazuh.com/4.x"' >> "${output_script_path}" - echo 'readonly reporelease="stable"' >> "${output_script_path}" - echo 'readonly filebeat_wazuh_module="${repobaseurl}/filebeat/wazuh-filebeat-0.4.tar.gz"' >> "${output_script_path}" - echo 'readonly bucket="packages.wazuh.com"' >> "${output_script_path}" - echo 'readonly repository="4.x"' >> "${output_script_path}" - fi - echo >> "${output_script_path}" checkFilebeatURL grep -Ev '^#|^\s*$' ${resources_common}/commonVariables.sh >> "${output_script_path}" grep -Ev '^#|^\s*$' ${resources_installer}/installVariables.sh >> "${output_script_path}" @@ -235,19 +213,6 @@ function builder_main() { certTool=1 shift 1 ;; - "-d"|"--development") - development=1 - if [ -n "${2}" ] && [ "${2}" = "staging" ]; then - devrepo="staging" - shift 2 - elif [ -n "${2}" ] && [ "${2}" = "pre-release" ]; then - devrepo="pre-release" - shift 2 - else - devrepo="pre-release" - shift 1 - fi - ;; "-p"|"--password-tool") passwordsTool=1 shift 1 @@ -267,9 +232,6 @@ function builder_main() { if [ -n "${change_filebeat_url}" ]; then sed -i -E "s|(https.+)master(.+wazuh-template.json)|\1\\$\\{source_branch\\}\2|" "${resources_installer}/installVariables.sh" fi - if [[ -n "${development}" && -n "${pre_release_tag}" ]]; then - sed -i 's|${wazuh_version}|v${wazuh_version}|g' "${resources_installer}/installVariables.sh" - fi fi if [ -n "${passwordsTool}" ]; then diff --git a/install_functions/installMain.sh b/install_functions/installMain.sh index c10dff0..1663256 100755 --- a/install_functions/installMain.sh +++ b/install_functions/installMain.sh @@ -22,6 +22,9 @@ function getHelp() { echo -e " -c, --config-file " echo -e " Path to the configuration file used to generate wazuh-install-files.tar file containing the files that will be needed for installation. By default, the Wazuh installation assistant will search for a file named config.yml in the same path as the script." echo -e "" + echo -e " -d [pre-release|staging], --development" + echo -e " Use development repositories. By default it uses the pre-release package repository. If staging is specified, it will use that repository." + echo -e "" echo -e " -dw, --download-wazuh " echo -e " Download all the packages necessary for offline installation. Type of packages to download for offline installation (rpm, deb)" echo -e "" @@ -98,6 +101,26 @@ function main() { config_file="${2}" shift 2 ;; + "-d"|"--development") + development=1 + devrepo="pre-release" + if [ -n "${2}" ] && [ "${2}" = "staging" ]; then + devrepo="staging" + shift 2 + fi + repogpg="https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH" + repobaseurl="https://packages-dev.wazuh.com/'${devrepo}'" + reporelease="unstable" + filebeat_wazuh_module="${repobaseurl}/filebeat/wazuh-filebeat-0.4.tar.gz" + bucket="packages-dev.wazuh.com" + repository="'"${devrepo}"'" + + if [[ ! "${source_branch}" =~ "-" ]]; then + source_branch="${source_branch#v}" + fi + + ;; + "-fd"|"--force-install-dashboard") force=1 shift 1 diff --git a/install_functions/installVariables.sh b/install_functions/installVariables.sh index 19626c1..2427ca4 100644 --- a/install_functions/installVariables.sh +++ b/install_functions/installVariables.sh @@ -11,7 +11,14 @@ readonly wazuh_major="4.10" readonly wazuh_version="4.10.0" readonly filebeat_version="7.10.2" readonly wazuh_install_vesion="0.1" -readonly source_branch="v${wazuh_version}" +source_branch="v${wazuh_version}" + +repogpg="https://packages.wazuh.com/key/GPG-KEY-WAZUH" +repobaseurl="https://packages.wazuh.com/4.x" +reporelease="stable" +filebeat_wazuh_module="${repobaseurl}/filebeat/wazuh-filebeat-0.4.tar.gz" +bucket="packages.wazuh.com" +repository="4.x" ## Links and paths to resources readonly resources="https://${bucket}/${wazuh_major}" From aa24083930ea54251ba2e20e78c88bbec7227068 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Thu, 19 Sep 2024 16:15:21 +0200 Subject: [PATCH 2/9] Improved repository selection --- builder.sh | 33 -------------------------------- install_functions/checks.sh | 33 ++++++++++++++++++++++++++++++++ install_functions/installMain.sh | 27 ++++++++++++++++---------- 3 files changed, 50 insertions(+), 43 deletions(-) diff --git a/builder.sh b/builder.sh index 67b3010..6b551bd 100755 --- a/builder.sh +++ b/builder.sh @@ -34,9 +34,6 @@ function getHelp() { echo -e " -c, --cert-tool" echo -e " Builds the certificate creation tool wazuh-cert-tool.sh" echo -e "" - echo -e " -d [pre-release|staging], --development" - echo -e " Use development repositories. By default it uses the pre-release package repository. If staging is specified, it will use that repository." - echo -e "" echo -e " -p, --password-tool" echo -e " Builds the password creation and modification tool wazuh-password-tool.sh" echo -e "" @@ -65,7 +62,6 @@ function buildInstaller() { # Foundation." >> "${output_script_path}" echo >> "${output_script_path}" - checkFilebeatURL grep -Ev '^#|^\s*$' ${resources_common}/commonVariables.sh >> "${output_script_path}" grep -Ev '^#|^\s*$' ${resources_installer}/installVariables.sh >> "${output_script_path}" echo >> "${output_script_path}" @@ -229,9 +225,6 @@ function builder_main() { if [ -n "${installer}" ]; then buildInstaller chmod 500 ${output_script_path} - if [ -n "${change_filebeat_url}" ]; then - sed -i -E "s|(https.+)master(.+wazuh-template.json)|\1\\$\\{source_branch\\}\2|" "${resources_installer}/installVariables.sh" - fi fi if [ -n "${passwordsTool}" ]; then @@ -267,30 +260,4 @@ function checkDistDetectURL() { } -function checkFilebeatURL() { - - # Import variables - eval "$(grep -E "wazuh_version=" "${resources_installer}/installVariables.sh")" - eval "$(grep -E "source_branch=" "${resources_installer}/installVariables.sh" | sed 's/source_branch=/install_variables_source_branch=/')" - eval "$(grep -E "filebeat_wazuh_template=" "${resources_installer}/installVariables.sh" | sed "s/\${source_branch}/$install_variables_source_branch/")" - - new_filebeat_url="https://raw.githubusercontent.com/wazuh/wazuh/master/extensions/elasticsearch/7.x/wazuh-template.json" - - # Get the response of the URL and check it - response=$(curl -I --write-out '%{http_code}' --silent --output /dev/null $filebeat_wazuh_template) - if [ "${response}" != "200" ]; then - response=$(curl -I --write-out '%{http_code}' --silent --output /dev/null $new_filebeat_url) - - # Display error if both URLs do not get the resource - if [ "${response}" != "200" ]; then - echo -e "Error: Could not get the Filebeat Wazuh template. " - # If matches, replace the variable of installVariables to the new one - else - echo -e "Changing Filebeat URL..." - sed -i -E "s|filebeat_wazuh_template=.*|filebeat_wazuh_template=\"${new_filebeat_url}\"|g" "${resources_installer}/installVariables.sh" - change_filebeat_url=1 - fi - fi -} - builder_main "$@" diff --git a/install_functions/checks.sh b/install_functions/checks.sh index 0d42d2a..fb003a2 100644 --- a/install_functions/checks.sh +++ b/install_functions/checks.sh @@ -19,6 +19,15 @@ function checks_arch() { function checks_arguments() { + # -------------- Repository selection --------------------- + + if [ -n "${development}" ]; then + if [ -z "${AIO}" ] && [ -z "${dashboard}" ] && [ -z "${indexer}" ] && [ -z "${wazuh}" ] && [ -z "${start_indexer_cluster}" ] && [ -z "${download}" ]; then + common_logger -e "The -d|--development option must be used with -a, -ws, -s, -wi, -wd or -dw." + exit 1 + fi + fi + # -------------- Port option validation --------------------- if [ -n "${port_specified}" ]; then @@ -444,6 +453,30 @@ function checks_available_port() { fi } +function checks_filebeatURL() { + # URL uses branch when the source_branch is not a stage branch + if [[ ! "${source_branch}" =~ "-" ]]; then + source_branch="${source_branch#v}" + filebeat_wazuh_template="https://raw.githubusercontent.com/wazuh/wazuh/${source_branch}/extensions/elasticsearch/7.x/wazuh-template.json" + fi + + # URL using master branch + new_filebeat_url="${filebeat_wazuh_template/${source_branch}/master}" + + response=$(curl -I --write-out '%{http_code}' --silent --output /dev/null $filebeat_wazuh_template) + if [ "${response}" != "200" ]; then + response=$(curl -I --write-out '%{http_code}' --silent --output /dev/null $new_filebeat_url) + + # Display error if both URLs do not get the resource + if [ "${response}" != "200" ]; then + common_logger -e "Error: Could not get the Filebeat Wazuh template." + else + common_logger "Using Filebeat template from master branch." + filebeat_wazuh_template="${new_filebeat_url}" + fi + fi +} + function checks_firewall(){ ports_list=("$@") f_ports="" diff --git a/install_functions/installMain.sh b/install_functions/installMain.sh index 1663256..95cbc12 100755 --- a/install_functions/installMain.sh +++ b/install_functions/installMain.sh @@ -103,22 +103,26 @@ function main() { ;; "-d"|"--development") development=1 - devrepo="pre-release" - if [ -n "${2}" ] && [ "${2}" = "staging" ]; then - devrepo="staging" + if [ -n "${2}" ] && [[ ! "${2}" =~ ^- ]]; then + if [ "${2}" = "pre-release" ] || [ "${2}" = "staging" ]; then + devrepo="${2}" + else + common_logger -e "Error: Invalid value '${2}' after -d|--development. Accepted values are 'pre-release' or 'staging'." + getHelp + exit 1 + fi shift 2 + else + devrepo="pre-release" + shift 1 fi repogpg="https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH" - repobaseurl="https://packages-dev.wazuh.com/'${devrepo}'" + repobaseurl="https://packages-dev.wazuh.com/${devrepo}" reporelease="unstable" filebeat_wazuh_module="${repobaseurl}/filebeat/wazuh-filebeat-0.4.tar.gz" bucket="packages-dev.wazuh.com" - repository="'"${devrepo}"'" - - if [[ ! "${source_branch}" =~ "-" ]]; then - source_branch="${source_branch#v}" - fi - + repository="${devrepo}" + shift 1 ;; "-fd"|"--force-install-dashboard") @@ -259,6 +263,9 @@ function main() { common_checkInstalled checks_arguments + if [ -n "${development}" ]; then + checks_filebeatURL + fi if [ -n "${uninstall}" ]; then installCommon_rollBack exit 0 From 6b1d9050faa2ae634c47608bf0178e394517e9d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Thu, 19 Sep 2024 16:15:45 +0200 Subject: [PATCH 3/9] Improved repository selection --- install_functions/installMain.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/install_functions/installMain.sh b/install_functions/installMain.sh index 95cbc12..ee75812 100755 --- a/install_functions/installMain.sh +++ b/install_functions/installMain.sh @@ -122,7 +122,6 @@ function main() { filebeat_wazuh_module="${repobaseurl}/filebeat/wazuh-filebeat-0.4.tar.gz" bucket="packages-dev.wazuh.com" repository="${devrepo}" - shift 1 ;; "-fd"|"--force-install-dashboard") From 09a5abe27ca58f1c5282edca8f33c04f2878e675 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Fri, 20 Sep 2024 14:57:20 +0200 Subject: [PATCH 4/9] Adapted GHAs with the repository selection migration --- .github/workflows/Test_installation_assistant.yml | 2 +- .../workflows/Test_installation_assistant_distributed.yml | 6 ++++-- .github/workflows/ansible-playbooks/aio.yml | 3 ++- .../ansible-playbooks/distributed_generate_certificates.yml | 3 +-- .../ansible-playbooks/distributed_install_dashboard.yml | 3 ++- .../ansible-playbooks/distributed_install_indexer.yml | 3 ++- .../ansible-playbooks/distributed_install_wazuh.yml | 5 +++-- .../ansible-playbooks/distributed_start_indexer_cluster.yml | 3 ++- .github/workflows/ansible-playbooks/provision.yml | 6 +----- .github/workflows/offline-installation.yml | 2 +- 10 files changed, 19 insertions(+), 17 deletions(-) diff --git a/.github/workflows/Test_installation_assistant.yml b/.github/workflows/Test_installation_assistant.yml index 23c9041..2c95bf5 100644 --- a/.github/workflows/Test_installation_assistant.yml +++ b/.github/workflows/Test_installation_assistant.yml @@ -160,7 +160,6 @@ jobs: -e "repository=$REPOSITORY_URL" \ -e "reference=${{ github.ref_name }}" \ -e "tmp_path=$TMP_PATH" \ - -e "pkg_repository=$PKG_REPOSITORY" \ -e "install_deps=$INSTALL_DEPS" \ -e "install_python=$INSTALL_PYTHON" \ -e "install_pip_deps=$INSTALL_PIP_DEPS" \ @@ -174,6 +173,7 @@ jobs: -e "tmp_path=$TMP_PATH" \ -e "logs_path=$LOGS_PATH" \ -e "test_name=$TEST_NAME" \ + -e "pkg_repository=$PKG_REPOSITORY" \ "${{ inputs.VERBOSITY }}" - name: Execute Python test playbook diff --git a/.github/workflows/Test_installation_assistant_distributed.yml b/.github/workflows/Test_installation_assistant_distributed.yml index 9170169..f18a749 100644 --- a/.github/workflows/Test_installation_assistant_distributed.yml +++ b/.github/workflows/Test_installation_assistant_distributed.yml @@ -214,7 +214,6 @@ jobs: -e "repository=$REPOSITORY_URL" \ -e "reference=${{ github.ref_name }}" \ -e "tmp_path=$TMP_PATH" \ - -e "pkg_repository=$PKG_REPOSITORY" \ -e "install_deps=$INSTALL_DEPS" \ -e "install_python=$INSTALL_PYTHON" \ -e "install_pip_deps=$INSTALL_PIP_DEPS" \ @@ -225,7 +224,6 @@ jobs: ANSIBLE_STDOUT_CALLBACK=$ANSIBLE_CALLBACK ansible-playbook .github/workflows/ansible-playbooks/distributed_generate_certificates.yml \ -i $ALLOCATOR_PATH/inventory \ -e "resources_path=$RESOURCES_PATH" \ - -e "pkg_repository=$PKG_REPOSITORY" \ "${{ inputs.VERBOSITY }}" - name: Copy certificates to nodes @@ -243,6 +241,7 @@ jobs: -i $ALLOCATOR_PATH/inventory \ -l indexers \ -e "tmp_path=$TMP_PATH" \ + -e "pkg_repository=$PKG_REPOSITORY" \ "${{ inputs.VERBOSITY }}" - name: Execute indexer cluster start playbook @@ -252,6 +251,7 @@ jobs: -i $ALLOCATOR_PATH/inventory \ -l indexers \ -e "tmp_path=$TMP_PATH" \ + -e "pkg_repository=$PKG_REPOSITORY" \ "${{ inputs.VERBOSITY }}" - name: Execute server installation playbook @@ -260,6 +260,7 @@ jobs: -i $ALLOCATOR_PATH/inventory \ -l managers \ -e "tmp_path=$TMP_PATH" \ + -e "pkg_repository=$PKG_REPOSITORY" \ "${{ inputs.VERBOSITY }}" - name: Execute dashboard installation playbook @@ -268,6 +269,7 @@ jobs: -i $ALLOCATOR_PATH/inventory \ -l dashboards \ -e "tmp_path=$TMP_PATH" \ + -e "pkg_repository=$PKG_REPOSITORY" \ "${{ inputs.VERBOSITY }}" - name: Execute Python test playbook diff --git a/.github/workflows/ansible-playbooks/aio.yml b/.github/workflows/ansible-playbooks/aio.yml index 1ab2b12..4acd184 100644 --- a/.github/workflows/ansible-playbooks/aio.yml +++ b/.github/workflows/ansible-playbooks/aio.yml @@ -4,11 +4,12 @@ vars: script_path: "{{ tmp_path }}" + pkg_repository: "{{ pkg_repository }}" script_name: "wazuh-install.sh" tasks: - name: Test assistant AIO install - command: "bash {{ script_name }} -a -v" + command: "bash {{ script_name }} -a -v -d {{ pkg_repository }}" args: chdir: "{{ script_path }}" register: install_results diff --git a/.github/workflows/ansible-playbooks/distributed_generate_certificates.yml b/.github/workflows/ansible-playbooks/distributed_generate_certificates.yml index 0bfeb88..6c97240 100644 --- a/.github/workflows/ansible-playbooks/distributed_generate_certificates.yml +++ b/.github/workflows/ansible-playbooks/distributed_generate_certificates.yml @@ -4,7 +4,6 @@ vars: resources_path: "{{ resources_path }}" - pkg_repository: "{{ pkg_repository }}" tasks: - name: Create certificates @@ -17,7 +16,7 @@ force: yes - name: Creating wazuh-install.sh script - shell: "bash {{ resources_path }}/builder.sh -i -d {{ pkg_repository }}" + shell: "bash {{ resources_path }}/builder.sh -i" - name: Creating Certificates shell: "bash {{ resources_path }}/wazuh-install.sh -g -v" diff --git a/.github/workflows/ansible-playbooks/distributed_install_dashboard.yml b/.github/workflows/ansible-playbooks/distributed_install_dashboard.yml index 539bad4..fb04278 100644 --- a/.github/workflows/ansible-playbooks/distributed_install_dashboard.yml +++ b/.github/workflows/ansible-playbooks/distributed_install_dashboard.yml @@ -5,10 +5,11 @@ vars: tmp_path: "{{ tmp_path }}" + pkg_repository: "{{ pkg_repository }}" tasks: - name: Install Wazuh dashboard - command: "bash wazuh-install.sh -wd {{ inventory_hostname }} -v" + command: "bash wazuh-install.sh -wd {{ inventory_hostname }} -v -d {{ pkg_repository }}" args: chdir: "{{ tmp_path }}" register: dashboard diff --git a/.github/workflows/ansible-playbooks/distributed_install_indexer.yml b/.github/workflows/ansible-playbooks/distributed_install_indexer.yml index 57d385e..c5736da 100644 --- a/.github/workflows/ansible-playbooks/distributed_install_indexer.yml +++ b/.github/workflows/ansible-playbooks/distributed_install_indexer.yml @@ -5,9 +5,10 @@ vars: tmp_path: "{{ tmp_path }}" + pkg_repository: "{{ pkg_repository }}" tasks: - name: Install Wazuh indexer - command: "bash {{ tmp_path }}/wazuh-install.sh -wi {{ inventory_hostname }} -v" + command: "bash {{ tmp_path }}/wazuh-install.sh -wi {{ inventory_hostname }} -v -d {{ pkg_repository }}" register: indexer diff --git a/.github/workflows/ansible-playbooks/distributed_install_wazuh.yml b/.github/workflows/ansible-playbooks/distributed_install_wazuh.yml index a128a19..ac5cfe1 100644 --- a/.github/workflows/ansible-playbooks/distributed_install_wazuh.yml +++ b/.github/workflows/ansible-playbooks/distributed_install_wazuh.yml @@ -6,11 +6,12 @@ vars: tmp_path: "{{ tmp_path }}" master_ip: "{{ hostvars[groups['managers'] | select('match', 'master') | first]['private_ip'] }}" + pkg_repository: "{{ pkg_repository }}" check_port: 55000 tasks: - name: Install Wazuh server on master - command: "bash {{ tmp_path }}/wazuh-install.sh -ws {{ inventory_hostname }} -v" + command: "bash {{ tmp_path }}/wazuh-install.sh -ws {{ inventory_hostname }} -v -d {{ pkg_repository }}" register: wazuh when: hostvars[inventory_hostname].manager_type == 'master' @@ -27,7 +28,7 @@ poll: 5 - name: Install Wazuh server (Workers) - command: "bash {{ tmp_path }}/wazuh-install.sh -ws {{ inventory_hostname }} -v" + command: "bash {{ tmp_path }}/wazuh-install.sh -ws {{ inventory_hostname }} -v -d {{ pkg_repository }}" register: wazuh when: hostvars[inventory_hostname].manager_type == 'worker' diff --git a/.github/workflows/ansible-playbooks/distributed_start_indexer_cluster.yml b/.github/workflows/ansible-playbooks/distributed_start_indexer_cluster.yml index 37d8cbb..663a0a2 100644 --- a/.github/workflows/ansible-playbooks/distributed_start_indexer_cluster.yml +++ b/.github/workflows/ansible-playbooks/distributed_start_indexer_cluster.yml @@ -5,12 +5,13 @@ vars: tmp_path: "{{ tmp_path }}" + pkg_repository: "{{ pkg_repository }}" tasks: - name: Start Wazuh indexer cluster in just one node block: - name: Start Wazuh indexer cluster - command: "bash {{ tmp_path }}/wazuh-install.sh -s -v" + command: "bash {{ tmp_path }}/wazuh-install.sh -s -v -d {{ pkg_repository }}" register: cluster when: inventory_hostname == ansible_play_hosts[0] diff --git a/.github/workflows/ansible-playbooks/provision.yml b/.github/workflows/ansible-playbooks/provision.yml index 63ef0da..4f30d8e 100644 --- a/.github/workflows/ansible-playbooks/provision.yml +++ b/.github/workflows/ansible-playbooks/provision.yml @@ -170,9 +170,5 @@ force: true - name: Generate Installation assistant - command: "bash {{ tmp_path }}/builder.sh -i -d" + command: "bash {{ tmp_path }}/builder.sh -i" - - name: Change pre-release repository to selected one - command: "sed -i 's|pre-release|{{ pkg_repository }}|g' {{ script_name }}" - args: - chdir: "{{ script_path }}" diff --git a/.github/workflows/offline-installation.yml b/.github/workflows/offline-installation.yml index 1d31ec4..ec8b986 100644 --- a/.github/workflows/offline-installation.yml +++ b/.github/workflows/offline-installation.yml @@ -20,7 +20,7 @@ jobs: - uses: actions/checkout@v4 - name: Build wazuh-install script and use staging packages - run: bash builder.sh -i -d staging + run: bash builder.sh -i - uses: actions/upload-artifact@v3 with: From 0894dddd53add001c7003085887798f5c19f0c07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Fri, 20 Sep 2024 16:30:50 +0200 Subject: [PATCH 5/9] Modified assistant reference for testing --- install_functions/installVariables.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install_functions/installVariables.sh b/install_functions/installVariables.sh index 2427ca4..a42f2fd 100644 --- a/install_functions/installVariables.sh +++ b/install_functions/installVariables.sh @@ -7,8 +7,8 @@ # Foundation. ## Package vars -readonly wazuh_major="4.10" -readonly wazuh_version="4.10.0" +readonly wazuh_major="4.9" +readonly wazuh_version="4.9.0" readonly filebeat_version="7.10.2" readonly wazuh_install_vesion="0.1" source_branch="v${wazuh_version}" From a27a96941568b9fe650a97e1259ba9a154057e18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Fri, 20 Sep 2024 16:47:43 +0200 Subject: [PATCH 6/9] Added #57 changes for testing --- install_functions/manager.sh | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/install_functions/manager.sh b/install_functions/manager.sh index 6c7c429..e20b9dc 100644 --- a/install_functions/manager.sh +++ b/install_functions/manager.sh @@ -44,10 +44,23 @@ function manager_startCluster() { function manager_checkService() { common_logger "Checking Wazuh API connection" + + max_attempts=15 + attempt=0 + seconds=5 api_password="wazuh-wui" token_command="curl -k -s -X POST -u \"wazuh-wui:${api_password}\" https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true -d '{\"user_name\":\"wzread\"}' -H \"content-type:application/json\"" TOKEN=$(eval "${token_command}") + # Wait for the API to be ready + while [[ -z "${TOKEN}" && "${attempt}" -lt "${max_attempts}" ]]; do + attempt=$((attempt+1)) + common_logger "Attempt $attempt: Checking the Wazuh API to be ready" + sleep "${seconds}" + TOKEN=$(eval "${token_command}") + done + common_logger "Wazuh API is ready to receive requests." + # Change curl credentials in case the master node has changed the passwords if [[ "${TOKEN}" =~ "Invalid credentials" && "${server_node_types[pos]}" == "worker" ]]; then api_password=$(tar -axf "${tar_file}" wazuh-install-files/wazuh-passwords.txt -O | grep -P "'wazuh-wui'" -A 1 | awk 'NR==2 { print $2 }' | sed "s/'//g") @@ -55,17 +68,6 @@ function manager_checkService() { TOKEN=$(eval "${token_command}") fi - max_attempts=15 - attempt=0 - seconds=5 - - while [[ -z "${TOKEN}" && "${attempt}" -lt "${max_attempts}" ]]; do - attempt=$((attempt+1)) - common_logger "Attempt $attempt: Trying to get Wazuh API token" - sleep "${seconds}" - TOKEN=$(eval "${token_command}") - done - if [[ -z "${TOKEN}" ]]; then common_logger -e "Failed to obtain Wazuh API token after $max_attempts attempts." installCommon_rollBack From dc2013493af5ed85ec34d777765c93920f152cd3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Anguita=20L=C3=B3pez?= Date: Tue, 10 Sep 2024 09:40:31 +0200 Subject: [PATCH 7/9] added gpg key import in offline installation --- install_functions/installMain.sh | 1 + .../wazuh-offline-installation.sh | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/install_functions/installMain.sh b/install_functions/installMain.sh index ee75812..bc5a8a8 100755 --- a/install_functions/installMain.sh +++ b/install_functions/installMain.sh @@ -319,6 +319,7 @@ function main() { if [ -n "${offline_install}" ]; then offline_checkPreinstallation offline_extractFiles + offline_importGPGKey fi if [ -n "${AIO}" ] || [ -n "${indexer}" ] || [ -n "${dashboard}" ] || [ -n "${wazuh}" ]; then diff --git a/install_functions/wazuh-offline-installation.sh b/install_functions/wazuh-offline-installation.sh index dab1f82..ece9a4f 100644 --- a/install_functions/wazuh-offline-installation.sh +++ b/install_functions/wazuh-offline-installation.sh @@ -101,3 +101,21 @@ function offline_extractFiles() { common_logger -d "Offline files extracted successfully." } + +# Imports the GPG key from the extracted tar file +function offline_importGPGKey() { + if [ "${sys_type}" == "yum" ]; then + eval "rpm --import ${offline_files_path}/GPG-KEY-WAZUH ${debug}" + if [ "${PIPESTATUS[0]}" != 0 ]; then + common_logger -e "Cannot import Wazuh GPG key" + exit 1 + fi + elif [ "${sys_type}" == "apt-get" ]; then + eval "gpg --no-default-keyring --keyring gnupg-ring:${offline_files_path}/GPG-KEY-WAZUH --import - ${debug}" + if [ "${PIPESTATUS[0]}" != 0 ]; then + common_logger -e "Cannot import Wazuh GPG key" + exit 1 + fi + eval "chmod 644 ${offline_files_path}/GPG-KEY-WAZUH ${debug}" + fi +} From 282f706601aad62776f09a09f932a3edf8d15afa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Anguita=20L=C3=B3pez?= Date: Tue, 10 Sep 2024 12:59:53 +0200 Subject: [PATCH 8/9] change import gpg command --- install_functions/wazuh-offline-installation.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/install_functions/wazuh-offline-installation.sh b/install_functions/wazuh-offline-installation.sh index ece9a4f..5892202 100644 --- a/install_functions/wazuh-offline-installation.sh +++ b/install_functions/wazuh-offline-installation.sh @@ -104,6 +104,8 @@ function offline_extractFiles() { # Imports the GPG key from the extracted tar file function offline_importGPGKey() { + + common_logger -d "Importing Wazuh GPG key." if [ "${sys_type}" == "yum" ]; then eval "rpm --import ${offline_files_path}/GPG-KEY-WAZUH ${debug}" if [ "${PIPESTATUS[0]}" != 0 ]; then @@ -111,11 +113,12 @@ function offline_importGPGKey() { exit 1 fi elif [ "${sys_type}" == "apt-get" ]; then - eval "gpg --no-default-keyring --keyring gnupg-ring:${offline_files_path}/GPG-KEY-WAZUH --import - ${debug}" + eval "gpg --import ${offline_files_path}/GPG-KEY-WAZUH ${debug}" if [ "${PIPESTATUS[0]}" != 0 ]; then common_logger -e "Cannot import Wazuh GPG key" exit 1 fi eval "chmod 644 ${offline_files_path}/GPG-KEY-WAZUH ${debug}" fi + } From dc9d9fc5d34462c838d7f2b9c9ccf02a8f17508f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Tue, 24 Sep 2024 09:01:19 +0200 Subject: [PATCH 9/9] Reverted changes for testing --- install_functions/installVariables.sh | 4 ++-- install_functions/manager.sh | 24 +++++++++++------------- 2 files changed, 13 insertions(+), 15 deletions(-) diff --git a/install_functions/installVariables.sh b/install_functions/installVariables.sh index a42f2fd..2427ca4 100644 --- a/install_functions/installVariables.sh +++ b/install_functions/installVariables.sh @@ -7,8 +7,8 @@ # Foundation. ## Package vars -readonly wazuh_major="4.9" -readonly wazuh_version="4.9.0" +readonly wazuh_major="4.10" +readonly wazuh_version="4.10.0" readonly filebeat_version="7.10.2" readonly wazuh_install_vesion="0.1" source_branch="v${wazuh_version}" diff --git a/install_functions/manager.sh b/install_functions/manager.sh index e20b9dc..6c7c429 100644 --- a/install_functions/manager.sh +++ b/install_functions/manager.sh @@ -44,23 +44,10 @@ function manager_startCluster() { function manager_checkService() { common_logger "Checking Wazuh API connection" - - max_attempts=15 - attempt=0 - seconds=5 api_password="wazuh-wui" token_command="curl -k -s -X POST -u \"wazuh-wui:${api_password}\" https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true -d '{\"user_name\":\"wzread\"}' -H \"content-type:application/json\"" TOKEN=$(eval "${token_command}") - # Wait for the API to be ready - while [[ -z "${TOKEN}" && "${attempt}" -lt "${max_attempts}" ]]; do - attempt=$((attempt+1)) - common_logger "Attempt $attempt: Checking the Wazuh API to be ready" - sleep "${seconds}" - TOKEN=$(eval "${token_command}") - done - common_logger "Wazuh API is ready to receive requests." - # Change curl credentials in case the master node has changed the passwords if [[ "${TOKEN}" =~ "Invalid credentials" && "${server_node_types[pos]}" == "worker" ]]; then api_password=$(tar -axf "${tar_file}" wazuh-install-files/wazuh-passwords.txt -O | grep -P "'wazuh-wui'" -A 1 | awk 'NR==2 { print $2 }' | sed "s/'//g") @@ -68,6 +55,17 @@ function manager_checkService() { TOKEN=$(eval "${token_command}") fi + max_attempts=15 + attempt=0 + seconds=5 + + while [[ -z "${TOKEN}" && "${attempt}" -lt "${max_attempts}" ]]; do + attempt=$((attempt+1)) + common_logger "Attempt $attempt: Trying to get Wazuh API token" + sleep "${seconds}" + TOKEN=$(eval "${token_command}") + done + if [[ -z "${TOKEN}" ]]; then common_logger -e "Failed to obtain Wazuh API token after $max_attempts attempts." installCommon_rollBack