Skip to content

Commit

Permalink
Manage certs option
Browse files Browse the repository at this point in the history 
Adds an option to let the user configure the certificates himself.
  • Loading branch information
@le-ya @poloz-lab
le-ya authored and poloz-lab committed Nov 12, 2024
1 parent 1601c38 commit 41502c1
Show file tree
Hide file tree
Showing 3 changed files with 87 additions and 80 deletions.
53 changes: 28 additions & 25 deletions manifests/dashboard.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
},
],

$manage_certs = true,
$use_system_ca = false,
) {

Expand All @@ -50,32 +51,34 @@
name => $dashboard_package,
}

exec { "ensure full path of ${dashboard_path_certs}":
path => '/usr/bin:/bin',
command => "mkdir -p ${dashboard_path_certs}",
creates => $dashboard_path_certs,
require => Package['wazuh-dashboard'],
}
-> file { $dashboard_path_certs:
ensure => directory,
owner => $dashboard_fileuser,
group => $dashboard_filegroup,
mode => '0500',
}
if $manage_certs {
exec { "ensure full path of ${dashboard_path_certs}":
path => '/usr/bin:/bin',
command => "mkdir -p ${dashboard_path_certs}",
creates => $dashboard_path_certs,
require => Package['wazuh-dashboard'],
}
-> file { $dashboard_path_certs:
ensure => directory,
owner => $dashboard_fileuser,
group => $dashboard_filegroup,
mode => '0500',
}

[
'dashboard.pem',
'dashboard-key.pem',
'root-ca.pem',
].each |String $certfile| {
file { "${dashboard_path_certs}/${certfile}":
ensure => file,
owner => $dashboard_fileuser,
group => $dashboard_filegroup,
mode => '0400',
replace => true,
recurse => remote,
source => "puppet:///modules/archive/${certfile}",
[
'dashboard.pem',
'dashboard-key.pem',
'root-ca.pem',
].each |String $certfile| {
file { "${dashboard_path_certs}/${certfile}":
ensure => file,
owner => $dashboard_fileuser,
group => $dashboard_filegroup,
mode => '0400',
replace => true,
recurse => remote,
source => "puppet:///modules/archive/${certfile}",
}
}
}

Expand Down
55 changes: 29 additions & 26 deletions manifests/filebeat_oss.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
$filebeat_filegroup = 'root',
$filebeat_path_certs = '/etc/filebeat/certs',

$manage_certs = true,
$use_system_ca = false,
) {

Expand Down Expand Up @@ -75,33 +76,35 @@
require => Package['filebeat'],
}

exec { "ensure full path of ${filebeat_path_certs}":
path => '/usr/bin:/bin',
command => "mkdir -p ${filebeat_path_certs}",
creates => $filebeat_path_certs,
require => Package['filebeat'],
}
-> file { $filebeat_path_certs:
ensure => directory,
owner => $filebeat_fileuser,
group => $filebeat_filegroup,
mode => '0500',
}
if $manage_certs {
exec { "ensure full path of ${filebeat_path_certs}":
path => '/usr/bin:/bin',
command => "mkdir -p ${filebeat_path_certs}",
creates => $filebeat_path_certs,
require => Package['filebeat'],
}
-> file { $filebeat_path_certs:
ensure => directory,
owner => $filebeat_fileuser,
group => $filebeat_filegroup,
mode => '0500',
}

$_certfiles = {
"manager-${wazuh_node_name}.pem" => 'filebeat.pem',
"manager-${wazuh_node_name}-key.pem" => 'filebeat-key.pem',
'root-ca.pem' => 'root-ca.pem',
}
$_certfiles.each |String $certfile_source, String $certfile_target| {
file { "${filebeat_path_certs}/${certfile_target}":
ensure => file,
owner => $filebeat_fileuser,
group => $filebeat_filegroup,
mode => '0400',
replace => true,
recurse => remote,
source => "puppet:///modules/archive/${certfile_source}",
$_certfiles = {
"manager-${wazuh_node_name}.pem" => 'filebeat.pem',
"manager-${wazuh_node_name}-key.pem" => 'filebeat-key.pem',
'root-ca.pem' => 'root-ca.pem',
}
$_certfiles.each |String $certfile_source, String $certfile_target| {
file { "${filebeat_path_certs}/${certfile_target}":
ensure => file,
owner => $filebeat_fileuser,
group => $filebeat_filegroup,
mode => '0400',
replace => true,
recurse => remote,
source => "puppet:///modules/archive/${certfile_source}",
}
}
}

Expand Down
59 changes: 30 additions & 29 deletions manifests/indexer.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
$indexer_discovery_hosts = [], # Empty array for single-node configuration
$indexer_cluster_initial_master_nodes = ['node-1'],
$indexer_cluster_CN = ['node-1'],
$manage_certs = true,

# JVM options
$jvm_options_memory = '1g',
Expand All @@ -44,39 +45,39 @@
name => $indexer_package,
}

exec { "ensure full path of ${indexer_path_certs}":
path => '/usr/bin:/bin',
command => "mkdir -p ${indexer_path_certs}",
creates => $indexer_path_certs,
require => Package['wazuh-indexer'],
}
-> file { $indexer_path_certs:
ensure => directory,
owner => $indexer_fileuser,
group => $indexer_filegroup,
mode => '0500',
}
if $manage_certs {
exec { "ensure full path of ${indexer_path_certs}":
path => '/usr/bin:/bin',
command => "mkdir -p ${indexer_path_certs}",
creates => $indexer_path_certs,
require => Package['wazuh-indexer'],
}
-> file { $indexer_path_certs:
ensure => directory,
owner => $indexer_fileuser,
group => $indexer_filegroup,
mode => '0500',
}

[
"indexer-$indexer_node_name.pem",
"indexer-$indexer_node_name-key.pem",
'root-ca.pem',
'admin.pem',
'admin-key.pem',
].each |String $certfile| {
file { "${indexer_path_certs}/${certfile}":
ensure => file,
owner => $indexer_fileuser,
group => $indexer_filegroup,
mode => '0400',
replace => true,
recurse => remote,
source => "puppet:///modules/archive/${certfile}",
[
"indexer-$indexer_node_name.pem",
"indexer-$indexer_node_name-key.pem",
'root-ca.pem',
'admin.pem',
'admin-key.pem',
].each |String $certfile| {
file { "${indexer_path_certs}/${certfile}":
ensure => file,
owner => $indexer_fileuser,
group => $indexer_filegroup,
mode => '0400',
replace => true,
recurse => remote,
source => "puppet:///modules/archive/${certfile}",
}
}
}



file { 'configuration file':
path => '/etc/wazuh-indexer/opensearch.yml',
content => template('wazuh/wazuh_indexer_yml.erb'),
Expand Down

0 comments on commit 41502c1

Please sign in to comment.