4.4 branch update with changes applied in 4.3 #581
Conversation
manifests/dashboard.pp
Outdated
| exec {'Waiting for Wazuh dashboard...': | ||
| require => Service[$dashboard_service], | ||
| command => "sleep 15 ", | ||
| path => "/usr/bin:/bin", | ||
| } |
There was a problem hiding this comment.
What reason have this sleep here?
It was fully removed in 4.3 with 19ec46a
There was a problem hiding this comment.
The reason for this sleep is because the file /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml is created on the first start of Wazuh dashboard, so we must give it a delay time to make sure that the step file { '/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml': can be executed successfully
There was a problem hiding this comment.
😅 ok what you want is that the file is manged before the service starts i think. Because you mange the content of the file. Else you will create a loop were puppet changes the file and when the dashboard starts it overrides it again.
I will add a suggestion in a second to this pull request. So you can see what i mean. See here: #581 (comment)
https://puppet.com/docs/puppet/7/lang_relationships.html#lang_rel_metaparameters
https://puppet.com/docs/puppet/7/types/exec.html#exec-description
manifests/filebeat_oss.pp
Outdated
| exec { 'cleanup /etc/filebeat/wazuh-template.json': | ||
| command => '/bin/rm /etc/filebeat/wazuh-template.json', | ||
| onlyif => '/usr/bin/test -e /etc/filebeat/wazuh-template.json', | ||
| unless => "/bin/cmp -s '/etc/filebeat/wazuh-template.json' <(curl -s https://raw.githubusercontent.com/wazuh/wazuh/${wazuh_extensions_version}/extensions/elasticsearch/7.x/wazuh-template.json)", | ||
| } |
manifests/filebeat_oss.pp
Outdated
| command => '/bin/tar -xzvf /root/wazuh-filebeat-0.2.tar.gz -C /usr/share/filebeat/module', | ||
| notify => Service[$filebeat_oss_service], | ||
| require => Package[$filebeat_oss_package] | ||
| archive { "/tmp/${$wazuh_filebeat_module}": |
There was a problem hiding this comment.
| archive { "/tmp/${$wazuh_filebeat_module}": | |
| archive { "/tmp/${wazuh_filebeat_module}": |
manifests/filebeat_oss.pp
Outdated
| require => Package[$filebeat_oss_package] | ||
| archive { "/tmp/${$wazuh_filebeat_module}": | ||
| ensure => present, | ||
| source => "https://packages.wazuh.com/4.x/filebeat/${$wazuh_filebeat_module}", |
There was a problem hiding this comment.
| source => "https://packages.wazuh.com/4.x/filebeat/${$wazuh_filebeat_module}", | |
| source => "https://packages.wazuh.com/4.x/filebeat/${wazuh_filebeat_module}", |
LGTM Co-authored-by: cruelsmith <[email protected]>
LGTM Co-authored-by: cruelsmith <[email protected]>
|
Aha sry for the comments. Now i see that this one is a testing branch for #566 to get it working inside the 4.4 branch. |
manifests/dashboard.pp
Outdated
|
|
||
| exec {'Waiting for Wazuh dashboard...': | ||
| require => Service[$dashboard_service], | ||
| command => "sleep 15 ", | ||
| path => "/usr/bin:/bin", | ||
| } | ||
|
|
||
| file { '/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml': | ||
| owner => 'wazuh-dashboard', | ||
| group => 'wazuh-dashboard', | ||
| mode => '0600', | ||
| content => template('wazuh/wazuh_yml.erb'), | ||
| require => Package['wazuh-dashboard'] | ||
| } |
There was a problem hiding this comment.
| exec {'Waiting for Wazuh dashboard...': | |
| require => Service[$dashboard_service], | |
| command => "sleep 15 ", | |
| path => "/usr/bin:/bin", | |
| } | |
| file { '/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml': | |
| owner => 'wazuh-dashboard', | |
| group => 'wazuh-dashboard', | |
| mode => '0600', | |
| content => template('wazuh/wazuh_yml.erb'), | |
| require => Package['wazuh-dashboard'] | |
| } | |
| file { '/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml': | |
| owner => 'wazuh-dashboard', | |
| group => 'wazuh-dashboard', | |
| mode => '0600', | |
| content => template('wazuh/wazuh_yml.erb'), | |
| require => Package['wazuh-dashboard'], | |
| notify => Service['wazuh-dashboard'], | |
| } |
There was a problem hiding this comment.
It is not possible to apply this suggestion because this file is not created with the installation of the package, for this reason, the first solution was to apply a delay to give time for this file to be created.
Now we have taken a new approach, first we create the directories and then the file, in this way the file is maintained and works correctly, without the need to wait for a delay:
wazuh-puppet/manifests/dashboard.pp
Lines 102 to 119 in dd7060b
manifests/dashboard.pp
Outdated
|
|
||
| $manage_repos = false, # Change to true when manager is not present. | ||
| ) { | ||
| if $manage_repos { | ||
| include wazuh::repo | ||
|
|
||
| if $::osfamily == 'Debian' { | ||
| Class['wazuh::repo'] -> Class['apt::update'] -> Package['wazuh-dashboard'] | ||
| } else { | ||
| Class['wazuh::repo'] -> Package['wazuh-dashboard'] | ||
| } | ||
| include wazuh::repo | ||
|
|
||
| if $::osfamily == 'Debian' { | ||
| Class['wazuh::repo'] -> Class['apt::update'] -> Package['wazuh-dashboard'] | ||
| } else { | ||
| Class['wazuh::repo'] -> Package['wazuh-dashboard'] | ||
| } |
There was a problem hiding this comment.
Please do not remove the possibility to disable the repo management. This feature is requested by the community for the case where they want to use there own repo mirror instead of the default repo.
When you want and need you can set the default of manage_repos to true.
It was set to false to be backward compatible with the state before the PR #529.
An update of the 4.4 branch is made with the changes applied in 4.3 and changes proposed by the community were made.
Templates were added for modifying the indexer and dashboard configuration files
Tested in Centos 8, Ubuntu 20.04 and Debian Bullseye
Centos 8:
Ubuntu Focal:
Debian Bullseye:
Se realizaron pruebas de instalación de los componentes individuales con exito, con la excepción de que la instalación de Wazuh dashboard depende de la instalación de Wazuh indexer para su funcionamiento, por lo que se agrego como dependencia. Esto se deberia poder resolver con esta issue: #463