From 9e22a4497c22262f2cff3068122121a9c2865d17 Mon Sep 17 00:00:00 2001 From: Jesus Garcia Date: Mon, 20 Jan 2025 10:45:54 -0500 Subject: [PATCH] TEMP Commit: Implement files and changes in versions to test the changes --- .github/playbooks/aio-wazuh.yml | 46 +-- .github/playbooks/distributed-wazuh.yml | 177 ++++++++++ .github/workflows/aio.yml | 214 ++++++++++++ .github/workflows/distributed.yml | 311 ++++++++++++++++++ .../ansible-filebeat-oss/defaults/main.yml | 2 +- .../ansible-wazuh-agent/defaults/main.yml | 2 +- .../ansible-wazuh-manager/defaults/main.yml | 2 +- roles/wazuh/check-packages/defaults/main.yml | 2 +- .../check-packages/files/packages_uri.txt | 12 +- .../check-packages/scripts/check_packages.sh | 3 +- roles/wazuh/vars/repo_pre-release.yml | 14 +- roles/wazuh/vars/repo_vars.yml | 2 +- roles/wazuh/wazuh-dashboard/defaults/main.yml | 4 +- roles/wazuh/wazuh-dashboard/vars/debian.yml | 2 +- roles/wazuh/wazuh-indexer/defaults/main.yml | 2 +- 15 files changed, 751 insertions(+), 44 deletions(-) create mode 100644 .github/playbooks/distributed-wazuh.yml create mode 100644 .github/workflows/aio.yml create mode 100644 .github/workflows/distributed.yml diff --git a/.github/playbooks/aio-wazuh.yml b/.github/playbooks/aio-wazuh.yml index d9f7e0d4a..7963a9273 100644 --- a/.github/playbooks/aio-wazuh.yml +++ b/.github/playbooks/aio-wazuh.yml @@ -1,38 +1,42 @@ - name: Generate certificates prior to converging - hosts: localhost + hosts: aio become: true become_user: root roles: - # 1. Check packages - - role: ../../roles/wazuh/check-packages - become: no - delegate_to: localhost - run_once: true + # # 1. Check packages + # - role: ../../roles/wazuh/check-packages + # become: no + # delegate_to: aio + # run_once: true # 2. Generate certificates - role: ../../roles/wazuh/wazuh-indexer vars: generate_certs: true perform_installation: false - instances: - node1: - name: wazuh-es01 # Important: must be equal to indexer_node_name. - ip: "127.0.0.1" # When unzipping, the node will search for its node name folder to get the cert. - role: indexer - node3: - name: wazuh-mgr01 - ip: "127.0.0.1" - role: wazuh - node5: - name: wazuh-dash01 - ip: "127.0.0.1" - role: dashboard + macos_localhost: false + vars: + # wazuh_endpoint_list: "{{ groups['aio'] }}" + instances: + node1: + name: wazuh-es01 # Important: must be equal to indexer_node_name. + ip: "127.0.0.1" # When unzipping, the node will search for its node name folder to get the cert. + role: indexer + node3: + name: wazuh-mgr01 + ip: "127.0.0.1" + role: wazuh + node5: + name: wazuh-dash01 + ip: "127.0.0.1" + role: dashboard pre_tasks: - name: overview of cert configuration debug: - var: wazuh_endpoint_list + # var: wazuh_endpoint_list + var: instances - name: Converge - hosts: localhost + hosts: aio become: true become_user: root roles: diff --git a/.github/playbooks/distributed-wazuh.yml b/.github/playbooks/distributed-wazuh.yml new file mode 100644 index 000000000..b8324ecaf --- /dev/null +++ b/.github/playbooks/distributed-wazuh.yml @@ -0,0 +1,177 @@ +--- +# Certificates generation +- hosts: wi1 + roles: + # # Check packages + # - role: ../../roles/wazuh/check-packages + # become: no + # delegate_to: localhost + # run_once: true + # # Generate certificates + - role: ../../roles/wazuh/wazuh-indexer + vars: + generate_certs: true + perform_installation: false + become: true + become_user: root + vars: + indexer_node_master: true + instances: + node1: + name: node-1 + ip: "{{ hostvars.wi1.private_ip }}" + role: indexer + node2: + name: node-2 + ip: "{{ hostvars.wi2.private_ip }}" + role: indexer + node3: + name: node-3 + ip: "{{ hostvars.wi3.private_ip }}" + role: indexer + node4: + name: node-4 + ip: "{{ hostvars.manager.private_ip }}" + role: wazuh + node_type: master + node5: + name: node-5 + ip: "{{ hostvars.worker.private_ip }}" + role: wazuh + node_type: worker + node6: + name: node-6 + ip: "{{ hostvars.dashboard.private_ip }}" + role: dashboard + macos_localhost: false + tags: + - generate-certs + +# Wazuh indexer cluster +- hosts: wi_cluster + strategy: free + roles: + - role: ../../roles/wazuh/wazuh-indexer + indexer_network_host: "{{ private_ip }}" + become: yes + become_user: root + vars: + indexer_cluster_nodes: + - "{{ hostvars.wi1.private_ip }}" + - "{{ hostvars.wi2.private_ip }}" + - "{{ hostvars.wi3.private_ip }}" + indexer_discovery_nodes: + - "{{ hostvars.wi1.private_ip }}" + - "{{ hostvars.wi2.private_ip }}" + - "{{ hostvars.wi3.private_ip }}" + indexer_node_master: true + instances: + node1: + name: node-1 # Important: must be equal to indexer_node_name. + ip: "{{ hostvars.wi1.private_ip }}" # When unzipping, the node will search for its node name folder to get the cert. + role: indexer + node2: + name: node-2 + ip: "{{ hostvars.wi2.private_ip }}" + role: indexer + node3: + name: node-3 + ip: "{{ hostvars.wi3.private_ip }}" + role: indexer + node4: + name: node-4 + ip: "{{ hostvars.manager.private_ip }}" + role: wazuh + node_type: master + node5: + name: node-5 + ip: "{{ hostvars.worker.private_ip }}" + role: wazuh + node_type: worker + node6: + name: node-6 + ip: "{{ hostvars.dashboard.private_ip }}" + role: dashboard + +# Wazuh cluster +- hosts: manager + roles: + - role: "../../roles/wazuh/ansible-wazuh-manager" + - role: "../../roles/wazuh/ansible-filebeat-oss" + become: yes + become_user: root + vars: + filebeat_node_name: node-4 + wazuh_manager_config: + connection: + - type: 'secure' + port: '1514' + protocol: 'tcp' + queue_size: 131072 + api: + https: 'yes' + cluster: + disable: 'no' + node_name: 'master' + node_type: 'master' + key: 'c98b62a9b6169ac5f67dae55ae4a9088' + nodes: + - "{{ hostvars.manager.private_ip }}" + hidden: 'no' + wazuh_api_users: + - username: custom-user + password: SecretPassword1! + filebeat_output_indexer_hosts: + - "{{ hostvars.wi1.private_ip }}" + - "{{ hostvars.wi2.private_ip }}" + - "{{ hostvars.wi3.private_ip }}" + +- hosts: worker + roles: + - role: "../../roles/wazuh/ansible-wazuh-manager" + - role: "../../roles/wazuh/ansible-filebeat-oss" + become: yes + become_user: root + vars: + filebeat_node_name: node-5 + wazuh_manager_config: + connection: + - type: 'secure' + port: '1514' + protocol: 'tcp' + queue_size: 131072 + api: + https: 'yes' + cluster: + disable: 'no' + node_name: 'worker_01' + node_type: 'worker' + key: 'c98b62a9b6169ac5f67dae55ae4a9088' + nodes: + - "{{ hostvars.manager.private_ip }}" + hidden: 'no' + filebeat_output_indexer_hosts: + - "{{ hostvars.wi1.private_ip }}" + - "{{ hostvars.wi2.private_ip }}" + - "{{ hostvars.wi3.private_ip }}" + +# Wazuh dashboard node +- hosts: dashboard + roles: + - role: "../../roles/wazuh/wazuh-dashboard" + become: yes + become_user: root + vars: + indexer_network_host: "{{ hostvars.wi1.private_ip }}" + indexer_cluster_nodes: + - "{{ hostvars.wi1.private_ip }}" + - "{{ hostvars.wi2.private_ip }}" + - "{{ hostvars.wi3.private_ip }}" + dashboard_node_name: node-6 + wazuh_api_credentials: + - id: default + url: https://{{ hostvars.manager.private_ip }} + port: 55000 + username: custom-user + password: SecretPassword1! + ansible_shell_allow_world_readable_temp: true diff --git a/.github/workflows/aio.yml b/.github/workflows/aio.yml new file mode 100644 index 000000000..fe966e235 --- /dev/null +++ b/.github/workflows/aio.yml @@ -0,0 +1,214 @@ +--- +name: AIO-Single-Instance-Test +on: + workflow_dispatch: + inputs: + AUTOMATION_REFERENCE: + description: 'Branch or tag of the wazuh-automation repository' + required: true + default: 'master' + SYSTEMS: + description: 'Operating Systems (list of comma-separated quoted strings enclosed in square brackets)' + required: true + default: '["CentOS_8", "AmazonLinux_2", "Ubuntu_22", "RHEL8"]' + type: string + VERBOSITY: + description: 'Verbosity level on playbooks execution' + required: true + default: '-v' + type: choice + options: + - -v + - -vv + - -vvv + - -vvvv + pull_request: + release: +env: + COMPOSITE_NAME: "linux-SUBNAME-arm64" + ALLOCATOR_PATH: "/tmp/allocator_instance" +permissions: + id-token: write # JWT + contents: read # actions/checkout +jobs: + setup-runner: + name: Setup runner + runs-on: ubuntu-latest + steps: + - name: Display workflow inputs + run: echo "${{ toJson(inputs) }}" + - name: Compute outputs + id: compute-outputs + run: | + # Set SYSTEMS_LIST + if [ "${{ inputs.SYSTEMS }}" != "null" && "${{ inputs.SYSTEMS }}" != "" ]; then + SYSTEMS_LIST=${{ inputs.SYSTEMS }} + else + SYSTEMS_LIST='["CentOS_8", "AmazonLinux_2", "Ubuntu_22", "RHEL8"]' + fi + echo "SYSTEMS_JSON=$(echo $SYSTEMS_LIST | jq -c '.')" >> $GITHUB_OUTPUT + echo "Systems JSON: $SYSTEMS_JSON" + + # Set WAZUH_TEMPLATE_BRANCH + if [ "${{ github.event_name }}" == "pull_request" ]; then + WAZUH_TEMPLATE_BRANCH=${{ github.base_ref }} + else + WAZUH_TEMPLATE_BRANCH=${{ github.ref }} + # Remove refs/heads/ or refs/tags/ from the branch name + WAZUH_TEMPLATE_BRANCH=${WAZUH_TEMPLATE_BRANCH#refs/heads/} + WAZUH_TEMPLATE_BRANCH=${WAZUH_TEMPLATE_BRANCH#refs/tags/} + fi + echo "WAZUH_TEMPLATE_BRANCH=$WAZUH_TEMPLATE_BRANCH" >> $GITHUB_OUTPUT + + # Set VERBOSITY + if [ "${{ inputs.VERBOSITY }}" != "null" && "${{ inputs.VERBOSITY }}" != "" ]; then + VERBOSITY=${{ inputs.VERBOSITY }} + else + VERBOSITY='-v' + fi + echo "VERBOSITY=$VERBOSITY" >> $GITHUB_OUTPUT + echo "Verbosity level: $VERBOSITY" + outputs: + SYSTEMS_JSON: ${{ steps.compute-outputs.outputs.SYSTEMS_JSON }} + VERBOSITY: ${{ steps.compute-outputs.outputs.VERBOSITY }} + WAZUH_TEMPLATE_BRANCH: ${{ steps.compute-outputs.outputs.WAZUH_TEMPLATE_BRANCH }} + start-runner: + name: Start EC2 instance using allocator and run ansible playbook + runs-on: ubuntu-latest + needs: setup-runner + strategy: + fail-fast: false # all jobs will run even if one fails + matrix: + system: ${{ fromJson(needs.setup-runner.outputs.SYSTEMS_JSON) }} + steps: + - name: Configure AWS credentials (assume role) + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_IAM_ROLE }} + role-session-name: + aws-region: us-east-1 + - name: Checkout wazuh/wazuh-automation repository + uses: actions/checkout@v4 + with: + repository: wazuh/wazuh-automation + ref: ${{ inputs.AUTOMATION_REFERENCE }} + token: ${{ secrets.GH_CLONE_TOKEN }} + path: wazuh-automation/ + - name: Install python and create virtual environment + run: | + sudo apt-get update + sudo apt-get install -y python3 python3-venv + python3 -m pip install --upgrade pip + python3 -m venv venv + source venv/bin/activate + - name: Install and set allocator requirements + run: | + pip install -r wazuh-automation/deployability/deps/requirements.txt + pip install ansible-core==2.16 + ansible-galaxy collection install community.general + ansible-galaxy collection install community.docker + - name: Set COMPOSITE_NAME variable + run: | + case "${{ matrix.system }}" in + "CentOS_7") + SUBNAME="centos-7" + ;; + "CentOS_8") + SUBNAME="centos-8" + ;; + "AmazonLinux_2") + SUBNAME="amazon-2" + ;; + "Ubuntu_16") + SUBNAME="ubuntu-16.04" + ;; + "Ubuntu_18") + SUBNAME="ubuntu-18.04" + ;; + "Ubuntu_20") + SUBNAME="ubuntu-20.04" + ;; + "Ubuntu_22") + SUBNAME="ubuntu-22.04" + ;; + "RHEL7") + SUBNAME="redhat-7" + ;; + "RHEL8") + SUBNAME="redhat-8" + ;; + *) + echo "Invalid SYSTEM selection" >&2 + exit 1 + ;; + esac + COMPOSITE_NAME="${COMPOSITE_NAME/SUBNAME/$SUBNAME}" + echo "COMPOSITE_NAME=$COMPOSITE_NAME" >> $GITHUB_ENV + - name: Allocate EC2 instance + id: allocator_instance + run: | + python3 wazuh-automation/deployability/modules/allocation/main.py --action create --provider aws --size large --composite-name ${{ env.COMPOSITE_NAME }} --working-dir $ALLOCATOR_PATH \ + --track-output $ALLOCATOR_PATH/track.yml --inventory-output $ALLOCATOR_PATH/inventory.yml --instance-name gha_ansible_${{ matrix.system }}_${{ github.run_id }} \ + --label-team devops --label-termination-date 1d + sed 's/: */=/g' $ALLOCATOR_PATH/inventory.yml > $ALLOCATOR_PATH/inventory_mod.yml + sed -i 's/-o StrictHostKeyChecking=no/\"-o StrictHostKeyChecking=no\"/g' $ALLOCATOR_PATH/inventory_mod.yml + source $ALLOCATOR_PATH/inventory_mod.yml + echo "[aio]" > $ALLOCATOR_PATH/inventory + echo "$ansible_host ansible_port=$ansible_port ansible_user=$ansible_user ansible_ssh_private_key_file=$ansible_ssh_private_key_file ansible_ssh_common_args='$ansible_ssh_common_args'" >> $ALLOCATOR_PATH/inventory + echo "[aio:vars]" >> $ALLOCATOR_PATH/inventory + echo "wazuh_template_branch=${{ needs.setup-runner.outputs.WAZUH_TEMPLATE_BRANCH }}" >> $ALLOCATOR_PATH/inventory + + - name: Save ALLOCATOR_PATH directory as artifact + uses: actions/upload-artifact@v4 + with: + name: allocator-instance-${{ matrix.system }}-${{ github.run_id }} + path: ${{ env.ALLOCATOR_PATH }} + - name: Check out the codebase. + uses: actions/checkout@v4 + - name: Ansible Playbook run Wazuh AIO Single instance + run: | + ansible-playbook ./.github/playbooks/aio-wazuh.yml \ + -i $ALLOCATOR_PATH/inventory \ + -l all \ + ${{ needs.setup-runner.outputs.VERBOSITY }} + stop-runner: + name: Stop allocated EC2 instance + needs: + - setup-runner + - start-runner + runs-on: ubuntu-latest + strategy: + fail-fast: false # all jobs will run even if one fails + matrix: + system: ${{ fromJson(needs.setup-runner.outputs.SYSTEMS_JSON) }} + if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_IAM_ROLE }} + aws-region: us-east-1 + - name: Checkout wazuh/wazuh-automation repository + uses: actions/checkout@v4 + with: + repository: wazuh/wazuh-automation + ref: ${{ inputs.AUTOMATION_REFERENCE }} + token: ${{ secrets.GH_CLONE_TOKEN }} + path: wazuh-automation/ + - name: Install python and create virtual environment + run: | + sudo apt-get update + sudo apt-get install -y python3 python3-venv + python3 -m pip install --upgrade pip + python3 -m venv venv + source venv/bin/activate + - name: Install and set allocator requirements + run: | + pip install -r wazuh-automation/deployability/deps/requirements.txt + - name: Download the allocator artifact + uses: actions/download-artifact@v4 + with: + name: allocator-instance-${{ matrix.system }}-${{ github.run_id }} + path: ${{ env.ALLOCATOR_PATH }} + - name: Delete allocated EC2 instance + run: python3 wazuh-automation/deployability/modules/allocation/main.py --action delete --track-output $ALLOCATOR_PATH/track.yml diff --git a/.github/workflows/distributed.yml b/.github/workflows/distributed.yml new file mode 100644 index 000000000..989cf9096 --- /dev/null +++ b/.github/workflows/distributed.yml @@ -0,0 +1,311 @@ +--- +name: Distributed-Wazuh-Test +on: + workflow_dispatch: + inputs: + AUTOMATION_REFERENCE: + description: 'Branch or tag of the wazuh-automation repository' + required: true + default: 'master' + SYSTEMS: + description: 'Operating Systems (list of comma-separated quoted strings enclosed in square brackets)' + required: true + default: '["CentOS_8", "AmazonLinux_2", "Ubuntu_22", "RHEL8"]' + type: string + VERBOSITY: + description: 'Verbosity level on playbooks execution' + required: true + default: '-v' + type: choice + options: + - -v + - -vv + - -vvv + - -vvvv + pull_request: + release: +env: + COMPOSITE_NAME: "linux-SUBNAME-arm64" + ALLOCATOR_PATH: "/tmp/allocator_instance" + INSTANCE_NAMES: "wi1 wi2 wi3 dashboard manager worker" +permissions: + id-token: write # JWT + contents: read # actions/checkout +jobs: + setup-runner: + name: Setup runner + runs-on: ubuntu-latest + steps: + - name: Display workflow inputs + run: echo "${{ toJson(inputs) }}" + - name: Compute outputs + id: compute-outputs + run: | + # Set SYSTEMS_LIST + if [ "${{ inputs.SYSTEMS }}" != "null" && "${{ inputs.SYSTEMS }}" != "" ]; then + SYSTEMS_LIST=${{ inputs.SYSTEMS }} + else + SYSTEMS_LIST='["CentOS_8", "AmazonLinux_2", "Ubuntu_22", "RHEL8"]' + fi + echo "SYSTEMS_JSON=$(echo $SYSTEMS_LIST | jq -c '.')" >> $GITHUB_OUTPUT + echo "Systems JSON: $SYSTEMS_JSON" + + # Set WAZUH_TEMPLATE_BRANCH + if [ "${{ github.event_name }}" == "pull_request" ]; then + WAZUH_TEMPLATE_BRANCH=${{ github.base_ref }} + else + WAZUH_TEMPLATE_BRANCH=${{ github.ref }} + # Remove refs/heads/ or refs/tags/ from the branch name + WAZUH_TEMPLATE_BRANCH=${WAZUH_TEMPLATE_BRANCH#refs/heads/} + WAZUH_TEMPLATE_BRANCH=${WAZUH_TEMPLATE_BRANCH#refs/tags/} + fi + echo "WAZUH_TEMPLATE_BRANCH=$WAZUH_TEMPLATE_BRANCH" >> $GITHUB_OUTPUT + + # Set VERBOSITY + if [ "${{ inputs.VERBOSITY }}" != "null" && "${{ inputs.VERBOSITY }}" != "" ]; then + VERBOSITY=${{ inputs.VERBOSITY }} + else + VERBOSITY='-v' + fi + echo "VERBOSITY=$VERBOSITY" >> $GITHUB_OUTPUT + echo "Verbosity level: $VERBOSITY" + - name: Configure AWS credentials (assume role) + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_IAM_ROLE }} + role-session-name: + aws-region: us-east-1 + - name: Create common SSH key pair in the ALLOCATOR_PATH + id: create-ssh-key + run: | + mkdir -p $ALLOCATOR_PATH + key_name=gha_ansible_key_$(date +%s) + private_key_file=$ALLOCATOR_PATH/${key_name} + aws ec2 create-key-pair --key-name ${key_name} > key_pair_output.json + jq -r '.KeyMaterial' key_pair_output.json > ${private_key_file} + + # Set PRIVATE_KEY_PATH output + echo "PRIVATE_KEY_PATH=${private_key_file}" >> $GITHUB_OUTPUT + - name: Upload artifact (ALLOCATOR_PATH directory) + uses: actions/upload-artifact@v4 + with: + name: allocator-instance-ssh-${{ github.run_id }} + path: ${{ env.ALLOCATOR_PATH }} + outputs: + SYSTEMS_JSON: ${{ steps.compute-outputs.outputs.SYSTEMS_JSON }} + VERBOSITY: ${{ steps.compute-outputs.outputs.VERBOSITY }} + PRIVATE_KEY_PATH: ${{ steps.create-ssh-key.outputs.PRIVATE_KEY_PATH }} + WAZUH_TEMPLATE_BRANCH: ${{ steps.compute-outputs.outputs.WAZUH_TEMPLATE_BRANCH }} + start-runner: + name: Provision instance cluster + runs-on: ubuntu-latest + needs: setup-runner + strategy: + fail-fast: false # all jobs will run even if one fails + matrix: + system: ${{ fromJson(needs.setup-runner.outputs.SYSTEMS_JSON) }} + steps: + - name: Configure AWS credentials (assume role) + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_IAM_ROLE }} + role-session-name: + aws-region: us-east-1 + - name: Checkout wazuh/wazuh-automation repository + uses: actions/checkout@v4 + with: + repository: wazuh/wazuh-automation + ref: ${{ inputs.AUTOMATION_REFERENCE }} + token: ${{ secrets.GH_CLONE_TOKEN }} + path: wazuh-automation/ + - name: Download the (SSH) artifact + uses: actions/download-artifact@v4 + with: + name: allocator-instance-ssh-${{ github.run_id }} + path: ${{ env.ALLOCATOR_PATH }} + - name: Install python and create virtual environment + run: | + sudo apt-get update + sudo apt-get install -y python3 python3-venv + python3 -m pip install --upgrade pip + python3 -m venv venv + source venv/bin/activate + - name: Install and set allocator requirements + run: | + pip install -r wazuh-automation/deployability/deps/requirements.txt + pip install ansible-core==2.16 + ansible-galaxy collection install community.general + ansible-galaxy collection install community.docker + - name: Set COMPOSITE_NAME variable + run: | + case "${{ matrix.system }}" in + "CentOS_7") + SUBNAME="centos-7" + ;; + "CentOS_8") + SUBNAME="centos-8" + ;; + "AmazonLinux_2") + SUBNAME="amazon-2" + ;; + "Ubuntu_16") + SUBNAME="ubuntu-16.04" + ;; + "Ubuntu_18") + SUBNAME="ubuntu-18.04" + ;; + "Ubuntu_20") + SUBNAME="ubuntu-20.04" + ;; + "Ubuntu_22") + SUBNAME="ubuntu-22.04" + ;; + "RHEL7") + SUBNAME="redhat-7" + ;; + "RHEL8") + SUBNAME="redhat-8" + ;; + *) + echo "Invalid SYSTEM selection" >&2 + exit 1 + ;; + esac + COMPOSITE_NAME="${COMPOSITE_NAME/SUBNAME/$SUBNAME}" + echo "COMPOSITE_NAME=$COMPOSITE_NAME" >> $GITHUB_ENV + - name: Allocate cluster of EC2 instances + id: allocator_instance + run: | + instance_names=($INSTANCE_NAMES) + inventory_file="$ALLOCATOR_PATH/inventory_all" + ssh_key_path=${{ needs.setup-runner.outputs.PRIVATE_KEY_PATH }} + + for i in ${!instance_names[@]}; do + instance_name=${instance_names[$i]} + # Provision instance in parallel + ( + python3 wazuh-automation/deployability/modules/allocation/main.py \ + --action create --provider aws --size large \ + --composite-name ${{ env.COMPOSITE_NAME }} \ + --working-dir $ALLOCATOR_PATH --track-output $ALLOCATOR_PATH/track_${instance_name}.yml \ + --inventory-output $ALLOCATOR_PATH/inventory_${instance_name}.yml \ + --ssh-key "$ssh_key_path" \ + --instance-name gha_ansible_${{ matrix.system }}_${instance_name}_${{ github.run_id }} --label-team devops --label-termination-date 1d + + instance_id=$(grep '^identifier' $ALLOCATOR_PATH/track_${instance_name}.yml | awk '{print $2}') + private_ip=$(aws ec2 describe-instances \ + --instance-ids $instance_id \ + --query 'Reservations[*].Instances[*].PrivateIpAddress' \ + --output text) + + sed 's/: */=/g' $ALLOCATOR_PATH/inventory_${instance_name}.yml > $ALLOCATOR_PATH/inventory_mod_${instance_name}.yml + sed -i 's/-o StrictHostKeyChecking=no/\"-o StrictHostKeyChecking=no\"/g' $ALLOCATOR_PATH/inventory_mod_${instance_name}.yml + source $ALLOCATOR_PATH/inventory_mod_${instance_name}.yml + + # Add instance to corresponding group + if [[ $i -eq 0 ]]; then + echo "wi1 ansible_host=$ansible_host private_ip=$private_ip indexer_node_name=node-1 ansible_ssh_user=$ansible_user ansible_ssh_common_args='$ansible_ssh_common_args'" >> $inventory_file + elif [[ $i -eq 1 ]]; then + echo "wi2 ansible_host=$ansible_host private_ip=$private_ip indexer_node_name=node-2 ansible_ssh_user=$ansible_user ansible_ssh_common_args='$ansible_ssh_common_args'" >> $inventory_file + elif [[ $i -eq 2 ]]; then + echo "wi3 ansible_host=$ansible_host private_ip=$private_ip indexer_node_name=node-3 ansible_ssh_user=$ansible_user ansible_ssh_common_args='$ansible_ssh_common_args'" >> $inventory_file + elif [[ $i -eq 3 ]]; then + echo "dashboard ansible_host=$ansible_host private_ip=$private_ip ansible_ssh_user=$ansible_user ansible_ssh_common_args='$ansible_ssh_common_args'" >> $inventory_file + elif [[ $i -eq 4 ]]; then + echo "manager ansible_host=$ansible_host private_ip=$private_ip ansible_ssh_user=$ansible_user ansible_ssh_common_args='$ansible_ssh_common_args'" >> $inventory_file + elif [[ $i -eq 5 ]]; then + echo "worker ansible_host=$ansible_host private_ip=$private_ip ansible_ssh_user=$ansible_user ansible_ssh_common_args='$ansible_ssh_common_args'" >> $inventory_file + fi + ) & + done + + # Wait for all provisioning tasks to complete + wait + + echo "" >> $inventory_file # blank line to separate groups + echo "[wi_cluster]" >> $inventory_file + echo "wi1" >> $inventory_file + echo "wi2" >> $inventory_file + echo "wi3" >> $inventory_file + + echo "" >> $inventory_file + echo "[all:vars]" >> $inventory_file + echo "ansible_port=2200" >> $inventory_file + echo "ansible_ssh_private_key_file=${ssh_key_path}" >> $inventory_file + echo "ansible_ssh_extra_args='-o StrictHostKeyChecking=no'" >> $inventory_file + echo "wazuh_template_branch=${{ needs.setup-runner.outputs.WAZUH_TEMPLATE_BRANCH }}" >> $inventory_file + - name: Save ALLOCATOR_PATH directory as artifact + uses: actions/upload-artifact@v4 + with: + name: allocator-instance-${{ matrix.system }}-${{ github.run_id }} + path: ${{ env.ALLOCATOR_PATH }} + - name: Check out the codebase. + uses: actions/checkout@v4 + - name: Set SSH key permissions + run: chmod 0600 ${{ needs.setup-runner.outputs.PRIVATE_KEY_PATH }} + - name: Ansible Playbook run Wazuh Distributed Production Ready + run: | + ansible-playbook ./.github/playbooks/distributed-wazuh.yml -b -K \ + -i $ALLOCATOR_PATH/inventory_all \ + -l all \ + ${{ needs.setup-runner.outputs.VERBOSITY }} + stop-runner: + name: Terminate instance cluster + needs: + - setup-runner + - start-runner + runs-on: ubuntu-latest + strategy: + fail-fast: false # all jobs will run even if one fails + matrix: + system: ${{ fromJson(needs.setup-runner.outputs.SYSTEMS_JSON) }} + if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_IAM_ROLE }} + aws-region: us-east-1 + - name: Checkout wazuh/wazuh-automation repository + uses: actions/checkout@v4 + with: + repository: wazuh/wazuh-automation + ref: ${{ inputs.AUTOMATION_REFERENCE }} + token: ${{ secrets.GH_CLONE_TOKEN }} + path: wazuh-automation/ + - name: Install python and create virtual environment + run: | + sudo apt-get update + sudo apt-get install -y python3 python3-venv + python3 -m pip install --upgrade pip + python3 -m venv venv + source venv/bin/activate + - name: Install and set allocator requirements + run: | + pip install -r wazuh-automation/deployability/deps/requirements.txt + - name: Download the allocator artifact + uses: actions/download-artifact@v4 + with: + name: allocator-instance-${{ matrix.system }}-${{ github.run_id }} + path: ${{ env.ALLOCATOR_PATH }} + - name: Delete allocated EC2 instance + run: | + instance_names=($INSTANCE_NAMES) + for i in ${!instance_names[@]}; do + instance_name=${instance_names[$i]} + track_file="$ALLOCATOR_PATH/track_${instance_name}.yml" + echo "Deleting instance: $instance_name using track file $track_file" + ( + + # create instance_dir (in track output file) if it does not exist [to avoid errors] + instance_dir=$(grep '^instance_dir' $track_file | awk '{print $2}') + if [ ! -d "$instance_dir" ]; then + mkdir -p "$instance_dir" + date > "$instance_dir/date.txt" + fi + + # Delete instance + python3 wazuh-automation/deployability/modules/allocation/main.py \ + --action delete --provider aws --track-output $track_file + ) & + done diff --git a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml index 5f2645a90..499ab5d07 100644 --- a/roles/wazuh/ansible-filebeat-oss/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat-oss/defaults/main.yml @@ -1,7 +1,7 @@ --- filebeat_version: 7.10.2 -wazuh_template_branch: v4.10.3 +wazuh_template_branch: v4.12.0 filebeat_node_name: node-1 diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml index 7a512ba9e..7b6e4023d 100644 --- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_agent_version: 4.10.3 +wazuh_agent_version: 4.10.1 # Custom packages installation diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml index 026ee2298..3dc16b9fa 100644 --- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml @@ -1,5 +1,5 @@ --- -wazuh_manager_version: 4.10.3 +wazuh_manager_version: 4.10.1 wazuh_manager_fqdn: "wazuh-server" wazuh_manager_package_state: present diff --git a/roles/wazuh/check-packages/defaults/main.yml b/roles/wazuh/check-packages/defaults/main.yml index 165133610..2a574cb40 100644 --- a/roles/wazuh/check-packages/defaults/main.yml +++ b/roles/wazuh/check-packages/defaults/main.yml @@ -1,2 +1,2 @@ --- -wazuh_version: 4.10.3 +wazuh_version: 4.12.0 diff --git a/roles/wazuh/check-packages/files/packages_uri.txt b/roles/wazuh/check-packages/files/packages_uri.txt index bd59e004c..2b00ea2fa 100644 --- a/roles/wazuh/check-packages/files/packages_uri.txt +++ b/roles/wazuh/check-packages/files/packages_uri.txt @@ -1,6 +1,6 @@ -yum/wazuh-manager-VERSION-1.x86_64.rpm -apt/pool/main/w/wazuh-manager/wazuh-manager_VERSION-1_amd64.deb -yum/wazuh-dashboard-VERSION-1.x86_64.rpm -yum/wazuh-indexer-VERSION-1.x86_64.rpm -apt/pool/main/w/wazuh-agent/wazuh-agent_VERSION-1_amd64.deb -yum/wazuh-agent-VERSION-1.x86_64.rpm \ No newline at end of file +yum/wazuh-manager-VERSION-707.aarch64.rpm +apt/pool/main/w/wazuh-manager/wazuh-manager_VERSION-707_arm64.deb +yum/wazuh-dashboard-VERSION-707.aarch64.rpm +yum/wazuh-indexer-VERSION-707.aarch64.rpm +apt/pool/main/w/wazuh-agent/wazuh-agent_VERSION-707_arm64.deb +yum/wazuh-agent-VERSION-707.aarch64.rpm \ No newline at end of file diff --git a/roles/wazuh/check-packages/scripts/check_packages.sh b/roles/wazuh/check-packages/scripts/check_packages.sh index 20c620478..575f4fc18 100755 --- a/roles/wazuh/check-packages/scripts/check_packages.sh +++ b/roles/wazuh/check-packages/scripts/check_packages.sh @@ -12,7 +12,8 @@ checkPackages(){ PACKAGES_URL=https://packages.wazuh.com/4.x/ elif [ $1 == "pre-release" ]; then echo "pre-release" - PACKAGES_URL=https://packages-dev.wazuh.com/pre-release/ + # PACKAGES_URL=https://packages-dev.wazuh.com/pre-release/ + PACKAGES_URL=https://packages-dev.wazuh.com/idr1887/pre-release/ elif [ $1 == "staging" ]; then echo "staging" PACKAGES_URL=https://packages-dev.wazuh.com/staging/ diff --git a/roles/wazuh/vars/repo_pre-release.yml b/roles/wazuh/vars/repo_pre-release.yml index 922f32c3d..d426de188 100644 --- a/roles/wazuh/vars/repo_pre-release.yml +++ b/roles/wazuh/vars/repo_pre-release.yml @@ -1,18 +1,18 @@ wazuh_repo: keyring_path: '/usr/share/keyrings/wazuh.gpg' - apt: 'deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main' - yum: 'https://packages-dev.wazuh.com/pre-release/yum/' + apt: 'deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/idr1887/pre-release/apt/ unstable main' + yum: 'https://packages-dev.wazuh.com/idr1887/pre-release/yum/' gpg: 'https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH' path: '/tmp/WAZUH-GPG-KEY' -wazuh_winagent_config_url: "https://packages-dev.wazuh.com/pre-release/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi" +wazuh_winagent_config_url: "https://packages-dev.wazuh.com/idr1887/pre-release/windows/wazuh-agent-{{ wazuh_agent_version }}-1.msi" wazuh_winagent_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.msi" -wazuh_winagent_sha512_url: "https://packages-dev.wazuh.com/pre-release/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512" -filebeat_module_package_url: https://packages-dev.wazuh.com/pre-release/filebeat +wazuh_winagent_sha512_url: "https://packages-dev.wazuh.com/idr1887/pre-release/checksums/wazuh/{{ wazuh_agent_version }}/wazuh-agent-{{ wazuh_agent_version }}-1.msi.sha512" +filebeat_module_package_url: https://packages-dev.wazuh.com/idr1887/pre-release/filebeat wazuh_macos_intel_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.intel64.pkg" wazuh_macos_arm_package_name: "wazuh-agent-{{ wazuh_agent_version }}-1.arm64.pkg" -wazuh_macos_intel_package_url: "https://packages-dev.wazuh.com/pre-release/{{ wazuh_macos_intel_package_name }}" -wazuh_macos_arm_package_url: "https://packages-dev.wazuh.com/pre-release/macos/{{ wazuh_macos_arm_package_name }}" +wazuh_macos_intel_package_url: "https://packages-dev.wazuh.com/idr1887/pre-release/{{ wazuh_macos_intel_package_name }}" +wazuh_macos_arm_package_url: "https://packages-dev.wazuh.com/idr1887/pre-release/macos/{{ wazuh_macos_arm_package_name }}" certs_gen_tool_version: "4.10" diff --git a/roles/wazuh/vars/repo_vars.yml b/roles/wazuh/vars/repo_vars.yml index 53157764f..9b24b43c5 100644 --- a/roles/wazuh/vars/repo_vars.yml +++ b/roles/wazuh/vars/repo_vars.yml @@ -1 +1 @@ -packages_repository: production \ No newline at end of file +packages_repository: pre-release \ No newline at end of file diff --git a/roles/wazuh/wazuh-dashboard/defaults/main.yml b/roles/wazuh/wazuh-dashboard/defaults/main.yml index b6506cb46..9b7d4e9ab 100644 --- a/roles/wazuh/wazuh-dashboard/defaults/main.yml +++ b/roles/wazuh/wazuh-dashboard/defaults/main.yml @@ -8,12 +8,12 @@ dashboard_node_name: node-1 dashboard_server_host: "0.0.0.0" dashboard_server_port: "443" dashboard_server_name: "dashboard" -wazuh_version: 4.10.3 +wazuh_version: 4.10.1 indexer_cluster_nodes: - 127.0.0.1 # The Wazuh dashboard package repository -dashboard_version: "4.10.3" +dashboard_version: "4.10.1" # API credentials wazuh_api_credentials: diff --git a/roles/wazuh/wazuh-dashboard/vars/debian.yml b/roles/wazuh/wazuh-dashboard/vars/debian.yml index 54e83bb62..cd7c14b47 100644 --- a/roles/wazuh/wazuh-dashboard/vars/debian.yml +++ b/roles/wazuh/wazuh-dashboard/vars/debian.yml @@ -1,2 +1,2 @@ --- -dashboard_version: 4.10.3 +dashboard_version: 4.10.1 diff --git a/roles/wazuh/wazuh-indexer/defaults/main.yml b/roles/wazuh/wazuh-indexer/defaults/main.yml index 8c0743963..dde6d76d5 100644 --- a/roles/wazuh/wazuh-indexer/defaults/main.yml +++ b/roles/wazuh/wazuh-indexer/defaults/main.yml @@ -1,6 +1,6 @@ --- # Cluster Settings -indexer_version: 4.10.3 +indexer_version: 4.10.1 single_node: false indexer_node_name: node-1