Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

4.4 branch update with changes applied in 4.3 #581

Merged
merged 10 commits into from
Sep 29, 2022
Merged

4.4 branch update with changes applied in 4.3 #581

merged 10 commits into from
Sep 29, 2022

Conversation

c-bordon
Copy link
Member

An update of the 4.4 branch is made with the changes applied in 4.3 and changes proposed by the community were made.

Templates were added for modifying the indexer and dashboard configuration files

Tested in Centos 8, Ubuntu 20.04 and Debian Bullseye

Centos 8:

Info: Computing checksum on file /var/ossec/etc/ossec.conf
Info: /Stage[main]/Wazuh::Manager/Concat[manager_ossec.conf]/File[/var/ossec/etc/ossec.conf]: Filebucketed /var/ossec/etc/ossec.conf to puppet with sum 21195b241a56d0e4e1d880aa78f6370f11f47cb0a05aafd115a736116d9dd920
Notice: /Stage[main]/Wazuh::Manager/Concat[manager_ossec.conf]/File[/var/ossec/etc/ossec.conf]/content: content changed '{sha256}21195b241a56d0e4e1d880aa78f6370f11f47cb0a05aafd115a736116d9dd920' to '{sha256}830eddb28adff841f71154faa50a4d8765bed5b8ac65e07ff145e32a29ca5e4e'
Notice: /Stage[main]/Wazuh::Manager/Concat[manager_ossec.conf]/File[/var/ossec/etc/ossec.conf]/mode: mode changed '0660' to '0640'
Info: Concat[manager_ossec.conf]: Scheduling refresh of Service[wazuh-manager]
Notice: /Stage[main]/Wazuh::Manager/Service[wazuh-manager]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Wazuh::Manager/Service[wazuh-manager]: Unscheduling refresh on Service[wazuh-manager]
Notice: Applied catalog in 333.60 seconds
[root@centos8 ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:10:dd:87 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic noprefixroute eth0
       valid_lft 85691sec preferred_lft 85691sec
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:dc:3f:3e brd ff:ff:ff:ff:ff:ff
    inet 192.168.56.249/24 brd 192.168.56.255 scope global dynamic noprefixroute eth1
       valid_lft 491sec preferred_lft 491sec

Screenshot_20220921_093813

Ubuntu Focal:

Info: Computing checksum on file /var/ossec/etc/ossec.conf
Info: /Stage[main]/Wazuh::Manager/Concat[manager_ossec.conf]/File[/var/ossec/etc/ossec.conf]: Filebucketed /var/ossec/etc/ossec.conf to puppet with sum ee0f9497a37493de0c660315e5eab40745fedc338cc41043cf87d3ad1bd0a52f
Notice: /Stage[main]/Wazuh::Manager/Concat[manager_ossec.conf]/File[/var/ossec/etc/ossec.conf]/content: content changed '{sha256}ee0f9497a37493de0c660315e5eab40745fedc338cc41043cf87d3ad1bd0a52f' to '{sha256}429ac352b2f2e2d638e8eedee0ec7ba0327d37d0b9309927a9569251e74d128f'
Notice: /Stage[main]/Wazuh::Manager/Concat[manager_ossec.conf]/File[/var/ossec/etc/ossec.conf]/mode: mode changed '0660' to '0640'
Info: Concat[manager_ossec.conf]: Scheduling refresh of Service[wazuh-manager]
Notice: /Stage[main]/Wazuh::Manager/Service[wazuh-manager]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Wazuh::Manager/Service[wazuh-manager]: Unscheduling refresh on Service[wazuh-manager]
Notice: Applied catalog in 270.64 seconds
root@ubuntu-focal-2:~# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 02:2e:89:e3:fa:23 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic enp0s3
       valid_lft 85782sec preferred_lft 85782sec
    inet6 fe80::2e:89ff:fee3:fa23/64 scope link 
       valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:45:1c:b9 brd ff:ff:ff:ff:ff:ff
    inet 192.168.56.248/24 brd 192.168.56.255 scope global dynamic enp0s8
       valid_lft 583sec preferred_lft 583sec
    inet6 fe80::a00:27ff:fe45:1cb9/64 scope link 
       valid_lft forever preferred_lft forever

Screenshot_20220921_093857

Debian Bullseye:

Info: Computing checksum on file /var/ossec/etc/ossec.conf
Info: /Stage[main]/Wazuh::Manager/Concat[manager_ossec.conf]/File[/var/ossec/etc/ossec.conf]: Filebucketed /var/ossec/etc/ossec.conf to puppet with sum 93bace2f0400fa1102ca7bf5897877bed28b508a1048ad66c090fb9e9d3e2fd1
Notice: /Stage[main]/Wazuh::Manager/Concat[manager_ossec.conf]/File[/var/ossec/etc/ossec.conf]/content: content changed '{sha256}93bace2f0400fa1102ca7bf5897877bed28b508a1048ad66c090fb9e9d3e2fd1' to '{sha256}429ac352b2f2e2d638e8eedee0ec7ba0327d37d0b9309927a9569251e74d128f'
Notice: /Stage[main]/Wazuh::Manager/Concat[manager_ossec.conf]/File[/var/ossec/etc/ossec.conf]/mode: mode changed '0660' to '0640'
Info: Concat[manager_ossec.conf]: Scheduling refresh of Service[wazuh-manager]
Notice: /Stage[main]/Wazuh::Manager/Service[wazuh-manager]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Wazuh::Manager/Service[wazuh-manager]: Unscheduling refresh on Service[wazuh-manager]
Notice: Applied catalog in 253.47 seconds
root@Debian-Bullseye:~# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:8d:c0:4d brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic eth0
       valid_lft 85787sec preferred_lft 85787sec
    inet6 fe80::a00:27ff:fe8d:c04d/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:38:7b:10 brd ff:ff:ff:ff:ff:ff
    altname enp0s8
    inet 192.168.56.252/24 brd 192.168.56.255 scope global dynamic eth1
       valid_lft 492sec preferred_lft 492sec
    inet6 fe80::a00:27ff:fe38:7b10/64 scope link 
       valid_lft forever preferred_lft forever

Screenshot_20220921_093936

Se realizaron pruebas de instalación de los componentes individuales con exito, con la excepción de que la instalación de Wazuh dashboard depende de la instalación de Wazuh indexer para su funcionamiento, por lo que se agrego como dependencia. Esto se deberia poder resolver con esta issue: #463

@c-bordon c-bordon self-assigned this Sep 21, 2022
cruelsmith
cruelsmith reviewed Sep 21, 2022
View reviewed changes
manifests/dashboard.pp Outdated
Comment on lines 98 to 102
exec {'Waiting for Wazuh dashboard...':
require => Service[$dashboard_service],
command => "sleep 15 ",
path => "/usr/bin:/bin",
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What reason have this sleep here?

It was fully removed in 4.3 with 19ec46a

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The reason for this sleep is because the file /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml is created on the first start of Wazuh dashboard, so we must give it a delay time to make sure that the step file { '/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml': can be executed successfully

Copy link
Contributor

@cruelsmith cruelsmith Sep 21, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

😅 ok what you want is that the file is manged before the service starts i think. Because you mange the content of the file. Else you will create a loop were puppet changes the file and when the dashboard starts it overrides it again.

I will add a suggestion in a second to this pull request. So you can see what i mean. See here: #581 (comment)

https://puppet.com/docs/puppet/7/lang_relationships.html#lang_rel_metaparameters
https://puppet.com/docs/puppet/7/types/exec.html#exec-description

manifests/filebeat_oss.pp Outdated
Comment on lines 48 to 52
exec { 'cleanup /etc/filebeat/wazuh-template.json':
command => '/bin/rm /etc/filebeat/wazuh-template.json',
onlyif => '/usr/bin/test -e /etc/filebeat/wazuh-template.json',
unless => "/bin/cmp -s '/etc/filebeat/wazuh-template.json' <(curl -s https://raw.githubusercontent.com/wazuh/wazuh/${wazuh_extensions_version}/extensions/elasticsearch/7.x/wazuh-template.json)",
}
Copy link
Contributor

@cruelsmith cruelsmith Sep 21, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is still broken in 4.3. We still wait for the merge of #551 or #543 to fix it.

manifests/filebeat_oss.pp Outdated
command => '/bin/tar -xzvf /root/wazuh-filebeat-0.2.tar.gz -C /usr/share/filebeat/module',
notify => Service[$filebeat_oss_service],
require => Package[$filebeat_oss_package]
archive { "/tmp/${$wazuh_filebeat_module}":
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
archive { "/tmp/${$wazuh_filebeat_module}":
archive { "/tmp/${wazuh_filebeat_module}":

manifests/filebeat_oss.pp Outdated
require => Package[$filebeat_oss_package]
archive { "/tmp/${$wazuh_filebeat_module}":
ensure => present,
source => "https://packages.wazuh.com/4.x/filebeat/${$wazuh_filebeat_module}",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
source => "https://packages.wazuh.com/4.x/filebeat/${$wazuh_filebeat_module}",
source => "https://packages.wazuh.com/4.x/filebeat/${wazuh_filebeat_module}",

cruelsmith
cruelsmith reviewed Sep 21, 2022
View reviewed changes
manifests/dashboard.pp Outdated Show resolved Hide resolved
manifests/dashboard.pp Outdated Show resolved Hide resolved
@cruelsmith
Copy link
Contributor

Aha sry for the comments. Now i see that this one is a testing branch for #566 to get it working inside the 4.4 branch.

cruelsmith
cruelsmith reviewed Sep 21, 2022
View reviewed changes
manifests/dashboard.pp Outdated
Comment on lines 97 to 110

exec {'Waiting for Wazuh dashboard...':
require => Service[$dashboard_service],
command => "sleep 15 ",
path => "/usr/bin:/bin",
}

file { '/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml':
owner => 'wazuh-dashboard',
group => 'wazuh-dashboard',
mode => '0600',
content => template('wazuh/wazuh_yml.erb'),
require => Package['wazuh-dashboard']
}
Copy link
Contributor

@cruelsmith cruelsmith Sep 21, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
exec {'Waiting for Wazuh dashboard...':
require => Service[$dashboard_service],
command => "sleep 15 ",
path => "/usr/bin:/bin",
}
file { '/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml':
owner => 'wazuh-dashboard',
group => 'wazuh-dashboard',
mode => '0600',
content => template('wazuh/wazuh_yml.erb'),
require => Package['wazuh-dashboard']
}
file { '/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml':
owner => 'wazuh-dashboard',
group => 'wazuh-dashboard',
mode => '0600',
content => template('wazuh/wazuh_yml.erb'),
require => Package['wazuh-dashboard'],
notify => Service['wazuh-dashboard'],
}

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is not possible to apply this suggestion because this file is not created with the installation of the package, for this reason, the first solution was to apply a delay to give time for this file to be created.

Now we have taken a new approach, first we create the directories and then the file, in this way the file is maintained and works correctly, without the need to wait for a delay:

wazuh-puppet/manifests/dashboard.pp

Lines 102 to 119 in dd7060b

file { ['/usr/share/wazuh-dashboard/data/wazuh/',
'/usr/share/wazuh-dashboard/data/wazuh/config/']:
ensure => 'directory',
owner => 'wazuh-dashboard',
group => 'wazuh-dashboard',
mode => '0600',
require => Package['wazuh-dashboard'],
notify => Service['wazuh-dashboard'],
}
file { '/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml':
owner => 'wazuh-dashboard',
group => 'wazuh-dashboard',
mode => '0600',
content => template('wazuh/wazuh_yml.erb'),
require => Package['wazuh-dashboard'],
notify => Service['wazuh-dashboard'],
}

cruelsmith
cruelsmith reviewed Sep 22, 2022
View reviewed changes
manifests/dashboard.pp Outdated
Comment on lines 27 to 33

$manage_repos = false, # Change to true when manager is not present.
) {
if $manage_repos {
include wazuh::repo

if $::osfamily == 'Debian' {
Class['wazuh::repo'] -> Class['apt::update'] -> Package['wazuh-dashboard']
} else {
Class['wazuh::repo'] -> Package['wazuh-dashboard']
}
include wazuh::repo

if $::osfamily == 'Debian' {
Class['wazuh::repo'] -> Class['apt::update'] -> Package['wazuh-dashboard']
} else {
Class['wazuh::repo'] -> Package['wazuh-dashboard']
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please do not remove the possibility to disable the repo management. This feature is requested by the community for the case where they want to use there own repo mirror instead of the default repo.
When you want and need you can set the default of manage_repos to true.

It was set to false to be backward compatible with the state before the PR #529.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done: dd7060b

vcerenu
vcerenu approved these changes Sep 27, 2022
View reviewed changes
Copy link
Member

@vcerenu vcerenu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@alberpilot alberpilot merged commit d21823b into 4.4 Sep 29, 2022
@alberpilot alberpilot deleted the 566-FixDashboardVariables-to4.4 branch September 29, 2022 13:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cruelsmith cruelsmith cruelsmith left review comments

@vcerenu vcerenu vcerenu approved these changes

@teddytpc1 teddytpc1 teddytpc1 approved these changes

@alberpilot alberpilot alberpilot approved these changes

@okynos okynos Awaiting requested review from okynos

Assignees

@c-bordon c-bordon

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@c-bordon @cruelsmith @alberpilot @teddytpc1 @vcerenu