4.4 branch update with changes applied in 4.3

manifests/dashboard.pp

@@ -4,8 +4,6 @@
   $dashboard_package = 'wazuh-dashboard',
   $dashboard_service = 'wazuh-dashboard',
   $dashboard_version = '4.4.0',
-  $dashboard_user = 'admin',
-  $dashboard_password = 'admin',
   $indexer_server_ip = 'localhost',
   $indexer_server_port = '9200',
   $dashboard_path_certs = '/etc/wazuh-dashboard/certs',
@@ -14,27 +12,24 @@
 
   $dashboard_server_port = '443',
   $dashboard_server_host = '0.0.0.0',
-  $dashboard_server_hosts = "https://${indexer_server_ip}:${indexer_server_port}",
+  $indexer_server_host = "https://${indexer_server_ip}:${indexer_server_port}",
   $dashboard_wazuh_api_credentials = [
     {
       'id'       => 'default',
       'url'      => 'https://localhost',
       'port'     => '55000',
-      'user'     => 'foo',
-      'password' => 'bar',
+      'user'     => 'wazuh-wui',
+      'password' => 'wazuh-wui',
     },
   ],
-
-  $manage_repos = false, # Change to true when manager is not present.
 ) {
-  if $manage_repos {
-    include wazuh::repo
 
-    if $::osfamily == 'Debian' {
-      Class['wazuh::repo'] -> Class['apt::update'] -> Package['wazuh-dashboard']
-    } else {
-      Class['wazuh::repo'] -> Package['wazuh-dashboard']
-    }
+  include wazuh::repo
+
+  if $::osfamily == 'Debian' {
+    Class['wazuh::repo'] -> Class['apt::update'] -> Package['wazuh-dashboard']
+  } else {
+    Class['wazuh::repo'] -> Package['wazuh-dashboard']
   }
 
   # assign version according to the package manager
@@ -84,19 +79,13 @@
   }
 
   # TODO: Fully manage the opensearch_dashboards.yml and a template file resource
-  file_line { 'Setting host for wazuh-dashboard':
-    path    => '/etc/wazuh-dashboard/opensearch_dashboards.yml',
-    line    => "server.host: ${dashboard_server_host}",
-    match   => "^server.host:\s",
-    require => Package['wazuh-dashboard'],
-    notify  => Service['wazuh-dashboard'],
-  }
-  file_line { 'Setting port for wazuh-dashboard':
-    path    => '/etc/wazuh-dashboard/opensearch_dashboards.yml',
-    line    => "server.port: ${dashboard_server_port}",
-    match   => "^server.port:\s",
+  file { '/etc/wazuh-dashboard/opensearch_dashboards.yml':
+    owner   => 'wazuh-dashboard',
+    group   => 'wazuh-dashboard',
+    mode    => '0640',
+    content => template('wazuh/opensearch_dashboards_yml.erb'),
     require => Package['wazuh-dashboard'],
-    notify  => Service['wazuh-dashboard'],
+    notify  => Service['wazuh-dashboard']
   }
 
   service { 'wazuh-dashboard':
@@ -105,4 +94,18 @@
     hasrestart => true,
     name       => $dashboard_service,
   }
+
+  exec {'Waiting for Wazuh dashboard...':
+    require => Service[$dashboard_service],
+    command => "sleep 15 ",
+    path => "/usr/bin:/bin",
+  }
+
+  file { '/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml':
+    owner   => 'wazuh-dashboard',
+    group   => 'wazuh-dashboard',
+    mode    => '0600',
+    content => template('wazuh/wazuh_yml.erb'),
+    require => Package['wazuh-dashboard']
+  }
 }

manifests/filebeat_oss.pp

@@ -47,7 +47,8 @@
   # TODO: Include file into the wazuh/wazuh-puppet project or use file { checksum => '..' } for this instead of the exec construct.
   exec { 'cleanup /etc/filebeat/wazuh-template.json':
     command => '/bin/rm /etc/filebeat/wazuh-template.json',
-    unless  => "/bin/cmp -s '/etc/filebeat/wazuh-template.json' <(curl -s https://raw.githubusercontent.com/wazuh/wazuh/${wazuh_extensions_version}/extensions/elasticsearch/7.x/wazuh-template.json)",
+    onlyif  => '/bin/test -f /etc/filebeat/wazuh-template.json',
+    unless  => "/bin/curl -s 'https://raw.githubusercontent.com/wazuh/wazuh/${wazuh_extensions_version}/extensions/elasticsearch/7.x/wazuh-template.json' | /bin/cmp -s '/etc/filebeat/wazuh-template.json'",
   }
   -> file { '/etc/filebeat/wazuh-template.json':
     owner   => 'root',
@@ -113,4 +114,4 @@
     name    => $filebeat_oss_service,
     require => Package['filebeat'],
   }
-}
+}

manifests/indexer.pp

@@ -2,6 +2,7 @@
 # Setup for Wazuh Indexer
 class wazuh::indexer (
   # opensearch.yml configuration
+  $indexer_network_host = '0.0.0.0',
   $indexer_cluster_name = 'wazuh-cluster',
   $indexer_node_name = 'node-1',
   $indexer_node_max_local_storage_nodes = '1',
@@ -20,18 +21,14 @@
   $indexer_discovery_hosts = [], # Empty array for single-node configuration
   $indexer_cluster_initial_master_nodes = ['node-1'],
 
-  $manage_repos = false, # Change to true when manager is not present.
-
   # JVM options
   $jvm_options_memory = '1g',
 ) {
-  if $manage_repos {
-    include wazuh::repo
-    if $facts['os']['family'] == 'Debian' {
-      Class['wazuh::repo'] -> Class['apt::update'] -> Package['wazuh-indexer']
-    } else {
-      Class['wazuh::repo'] -> Package['wazuh-indexer']
-    }
+  include wazuh::repo
+  if $facts['os']['family'] == 'Debian' {
+    Class['wazuh::repo'] -> Class['apt::update'] -> Package['wazuh-indexer']
+  } else {
+    Class['wazuh::repo'] -> Package['wazuh-indexer']
   }
 
   # install package

templates/opensearch_dashboards_yml.erb

@@ -0,0 +1,14 @@
+server.host: <%= @dashboard_server_host %>
+server.port: <%= @dashboard_server_port %>
+opensearch.hosts: <%= @indexer_server_host %>
+opensearch.ssl.verificationMode: certificate
+#opensearch.username:
+#opensearch.password:
+opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
+opensearch_security.multitenancy.enabled: false
+opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+server.ssl.enabled: true
+server.ssl.key: "/etc/wazuh-dashboard/certs/dashboard-key.pem"
+server.ssl.certificate: "/etc/wazuh-dashboard/certs/dashboard.pem"
+opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
+uiSettings.overrides.defaultRoute: /app/wazuh

templates/wazuh_api_yml.erb

@@ -17,7 +17,6 @@ https:
 # Values for API log level: disabled, info, warning, error, debug, debug2 (each level includes the previous level).
 logs:
   level: <%= @wazuh_api_logs_level %>
-  format: <%= @wazuh_api_logs_format %>
 # Cross-origin resource sharing: https://github.com/aio-libs/aiohttp-cors#usage
 cors:
   enabled: <%= @wazuh_api_cors_enabled %>
@@ -39,14 +38,10 @@ drop_privileges: <%= @wazuh_api_drop_privileges %>
 # Enable features under development
 experimental_features: <%= @wazuh_api_experimental_features %>
 # Enable remote commands
-upload_configuration:
-  remote_commands:
-    localfile:
-      allow: <%= @remote_commands_localfile %>
-      exceptions: <%= @remote_commands_localfile_exceptions %>
-    wodle_command:
-      allow: <%= @remote_commands_wodle %>
-      exceptions: <%= @remote_commands_wodle_exceptions %>
-  limits:
-    eps:
-      allow: <%= @limits_eps %>
+remote_commands:
+  localfile:
+    enabled: <%= @remote_commands_localfile %>
+    exceptions: <%= @remote_commands_localfile_exceptions %>
+  wodle_command:
+    enabled: <%= @remote_commands_wodle %>
+    exceptions: <%= @remote_commands_wodle_exceptions %>

templates/wazuh_indexer_yml.erb

@@ -1,4 +1,4 @@
-network.host: "0.0.0.0"
+network.host: "<%= @indexer_network_host %>"
 node.name: "<%= @indexer_node_name %>"
 cluster.initial_master_nodes:
 <% @indexer_cluster_initial_master_nodes.each do |node| -%>

templates/wazuh_yml.erb

@@ -124,7 +124,7 @@
 #     user: <user>
 #     password: <password>
 hosts:
-<% @kibana_wazuh_api_credentials.each do |api_profile| -%>
+<% @dashboard_wazuh_api_credentials.each do |api_profile| -%>
   - <%= api_profile['id'] %>:
       url: <%= api_profile['url'] %>
       port: <%= api_profile['port'] %>