Merge pull request #217 from wazuh/merge-4.11.0-into-4.11.1

Merge 4.11.0 into 4.11.1

Author: c-bordon

CHANGELOG.md

@@ -34,6 +34,10 @@ All notable changes to this project will be documented in this file.
 
 ### Fixed
 
+- Fix Wazuh dashboard errors in OVA. ([#209](https://github.com/wazuh/wazuh-virtual-machines/pull/209))
+- Fixed local build for OVA. ([#208](https://github.com/wazuh/wazuh-virtual-machines/pull/208))
+- Fixed Wazuh Dashboard issues when the AMI boots up. ([#205](https://github.com/wazuh/wazuh-virtual-machines/pull/205))
+- Fix Wazuh dashboard certificate verification failure ([#198](https://github.com/wazuh/wazuh-virtual-machines/pull/198))
 - Fixed Wazuh ASCII art logo display in OVA. ([#192](https://github.com/wazuh/wazuh-virtual-machines/pull/192))
 - Fixed video in grub configuration for the OVA. ([#190](https://github.com/wazuh/wazuh-virtual-machines/pull/190))
 - Changed ssh config file to allow ssh while FIPS is activated. ([#184](https://github.com/wazuh/wazuh-virtual-machines/pull/184))

ami/playbooks/build_ami_packages.yaml

@@ -296,6 +296,12 @@
         enabled: yes
         daemon_reload: yes
 
+    - name: Disable Wazuh Dashboard service
+      systemd:
+        name: wazuh-dashboard
+        enabled: no
+        state: stopped
+
     - name: Change SSH port to 22
       lineinfile:
         path: /etc/ssh/sshd_config

ami/wazuh-ami-customizer.sh

@@ -4,6 +4,10 @@
 # Variables
 logfile="/var/log/wazuh-ami-customizer.log"
 debug="| tee -a ${logfile}"
+
+###########################################
+# Utility Functions
+###########################################
 function logger(){
   now=$(date +'%d/%m/%Y %H:%M:%S')
   mtype="INFO:"
@@ -28,20 +32,26 @@ function logger(){
   printf "%s\n" "${now} ${mtype} ${message}" | tee -a "${logfile}"
 }
 
-logger "Starting Wazuh AMI Customizer"
-
-logger "Stopping SSH service to avoid connections during the configuration"
-
-eval "systemctl stop sshd.service"
+function create_certificates() {
+  logger "Creating certificates"
+  eval "bash /etc/.wazuh-certs-tool.sh -A ${debug}"
+}
 
-logger "Waiting for Wazuh indexer to be ready"
+function systemctl_execution(){
+  eval "systemctl $1 $2 $3"
+}
 
-until $(curl -XGET https://localhost:9200/ -uadmin:admin -k --max-time 120 --silent --output /dev/null); do
-  logger -w "Wazuh indexer is not ready yet, waiting 10 seconds"
-  sleep 10
-done
+###########################################
+# Configuration Functions
+###########################################
 
 function configure_indexer(){
+  logger "Stopping all services"
+  systemctl_execution "stop" "filebeat" "${debug}"
+  systemctl_execution "stop" "wazuh-dashboard" "${debug}"
+  systemctl_execution "stop" "wazuh-manager" "${debug}"
+  systemctl_execution "stop" "wazuh-indexer" "${debug}"
+  eval "sleep 5"
   logger "Configuring Wazuh Indexer"
   eval "rm -f /etc/wazuh-indexer/certs/* ${debug}"
   eval "cp /etc/wazuh-certificates/wazuh-indexer.pem /etc/wazuh-indexer/certs/wazuh-indexer.pem ${debug}"
@@ -52,10 +62,28 @@ function configure_indexer(){
   eval "chmod 500 /etc/wazuh-indexer/certs ${debug}"
   eval "chmod 400 /etc/wazuh-indexer/certs/* ${debug}"
   eval "chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs ${debug}"
-  eval "systemctl restart wazuh-indexer ${debug}"
+  systemctl_execution "start" "wazuh-indexer" "${debug}"
   eval "/usr/share/wazuh-indexer/bin/indexer-security-init.sh ${debug}"
 }
 
+function verify_indexer() {
+  logger "Waiting for Wazuh indexer to be ready"
+  indexer_security_admin_comm="curl -XGET https://localhost:9200/ -uadmin:admin -k --max-time 120 --silent -w \"%{http_code}\" --output /dev/null"
+  http_status=$(eval "${indexer_security_admin_comm}")
+  retries=0
+  max_retries=5
+  while [ "${http_status}" -ne 200 ]; do
+      logger -w "Wazuh indexer is not ready yet, waiting 5 seconds"
+      sleep 5
+      retries=$((retries+1))
+      if [ "${retries}" -eq "${max_retries}" ]; then
+          logger -e "Wazuh indexer is not ready yet, trying to configure it again"
+          configure_indexer
+      fi
+      http_status=$(eval "${indexer_security_admin_comm}")
+  done
+}
+
 function configure_filebeat(){
   logger "Configuring Filebeat"
   eval "rm -f /etc/filebeat/certs/* ${debug}"
@@ -65,14 +93,23 @@ function configure_filebeat(){
   eval "chmod 500 /etc/filebeat/certs ${debug}"
   eval "chmod 400 /etc/filebeat/certs/* ${debug}"
   eval "chown -R root:root /etc/filebeat/certs ${debug}"
-  eval "systemctl restart filebeat ${debug}"
+  systemctl_execution "start" "filebeat" "${debug}"
+}
+
+function verify_filebeat() {
+  logger "Waiting for Filebeat to be ready"
+  if  filebeat test output | grep -q -i -w "ERROR"; then
+    logger -e "Filebeat is not ready yet, trying to configure it again"
+    eval "filebeat test output x ${debug}"
+    configure_filebeat
+  fi
 }
 
 function configure_manager(){
   logger "Configuring Wazuh Manager"
   eval "rm /var/ossec/api/configuration/security/*_key.pem ${debug}"
   eval "rm /var/ossec/api/configuration/ssl/server.* ${debug}"
-  eval "systemctl restart wazuh-manager ${debug}"
+  systemctl_execution "start" "wazuh-manager" "${debug}"
 }
 
 function configure_dashboard(){
@@ -84,9 +121,31 @@ function configure_dashboard(){
   eval "chmod 500 /etc/wazuh-dashboard/certs ${debug}"
   eval "chmod 400 /etc/wazuh-dashboard/certs/* ${debug}"
   eval "chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs ${debug}"
-  eval "systemctl restart wazuh-dashboard ${debug}"
+  systemctl_execution "start" "wazuh-dashboard" "${debug}"
 }
 
+function verify_dashboard() {
+  logger "Waiting for Wazuh dashboard to be ready"
+  dashboard_check_comm="curl -XGET https://localhost:443/status -uadmin:admin -k -w \"%{http_code}\" -s -o /dev/null"
+  http_code=$(eval "${dashboard_check_comm}")
+  retries=0
+  max_dashboard_initialize_retries=20
+  while [ "${http_code}" -ne "200" ];do
+      logger -w "Wazuh dashboard is not ready yet, waiting 15 seconds"
+      retries=$((retries+1))
+      sleep 15
+      if [ "${retries}" -eq "${max_dashboard_initialize_retries}" ]; then
+          logger -e "Wazuh dashboard is not ready yet, trying to configure it again"
+          configure_dashboard
+      fi
+      http_code=$(eval "${dashboard_check_comm}")
+  done
+}
+
+###########################################
+# Cleanup and Finalization Functions
+###########################################
+
 function clean_configuration(){
   logger "Cleaning configuration files"
   eval "rm -rf /etc/wazuh-certificates /etc/.wazuh-certs-tool.sh /etc/config.yml /etc/wazuh-certificates-tool.log /var/log/wazuh-ami-customizer.log"
@@ -100,63 +159,43 @@ function change_passwords(){
   new_password=$(ec2-metadata | grep "instance-id" | cut -d":" -f2 | tr -d " "| awk '{print toupper(substr($0,1,1)) substr($0,2)}')
   eval "sed -i 's/password:.*/password: ${new_password}/g' /etc/.wazuh-install-files/wazuh-passwords.txt ${debug}"
   eval "bash /etc/.wazuh-passwords-tool.sh -a -A -au wazuh -ap wazuh -f /etc/.wazuh-install-files/wazuh-passwords.txt >> /dev/null"
-  eval "systemctl restart wazuh-dashboard ${debug}"
 }
 
 function restart_ssh_service(){
   logger "Starting SSH service"
   eval "systemctl start sshd.service"
 }
 
-logger "Creating certificates"
-eval "bash /etc/.wazuh-certs-tool.sh -A ${debug}"
+###########################################
+# Main
+###########################################
 
-configure_indexer
+logger "Starting Wazuh AMI Customizer"
+
+logger "Stopping SSH service to avoid connections during the configuration"
+eval "systemctl stop sshd.service"
 
 logger "Waiting for Wazuh indexer to be ready"
-indexer_security_admin_comm="curl -XGET https://localhost:9200/ -uadmin:admin -k --max-time 120 --silent -w \"%{http_code}\" --output /dev/null"
-http_status=$(eval "${indexer_security_admin_comm}")
-retries=0
-max_retries=5
-while [ "${http_status}" -ne 200 ]; do
-    logger -w "Wazuh indexer is not ready yet, waiting 5 seconds"
-    sleep 5
-    retries=$((retries+1))
-    if [ "${retries}" -eq "${max_retries}" ]; then
-        logger -e "Wazuh indexer is not ready yet, trying to configure it again"
-        configure_indexer
-    fi
-    http_status=$(eval "${indexer_security_admin_comm}")
+until $(curl -XGET https://localhost:9200/ -uadmin:admin -k --max-time 120 --silent --output /dev/null); do
+  logger -w "Wazuh indexer is not ready yet, waiting 10 seconds"
+  sleep 10
 done
 
-configure_filebeat
+create_certificates
+
+configure_indexer
+verify_indexer
 
-logger "Waiting for Filebeat to be ready"
-if  filebeat test output | grep -q -i -w "ERROR"; then
-  logger -e "Filebeat is not ready yet, trying to configure it again"
-  eval "filebeat test output x ${debug}"
-  configure_filebeat
-fi
+configure_filebeat
+verify_filebeat
 
 configure_manager
 
 configure_dashboard
+verify_dashboard
 
-logger "Waiting for Wazuh dashboard to be ready"
-dashboard_check_comm="curl -XGET https://localhost:443/status -uadmin:admin -k -w \"%{http_code}\" -s -o /dev/null"
-http_code=$(eval "${dashboard_check_comm}")
-retries=0
-max_dashboard_initialize_retries=20
-while [ "${http_code}" -ne "200" ];do
-    logger -w "Wazuh dashboard is not ready yet, waiting 15 seconds"
-    retries=$((retries+1))
-    sleep 15
-    if [ "${retries}" -eq "${max_dashboard_initialize_retries}" ]; then
-        logger -e "Wazuh dashboard is not ready yet, trying to configure it again"
-        configure_dashboard
-    fi
-    http_code=$(eval "${dashboard_check_comm}")
-done
+systemctl_execution "stop" "wazuh-dashboard" "${debug}"
+eval "sleep 5"
 
 change_passwords
 
@@ -165,6 +204,9 @@ until $(curl -XGET https://localhost:9200/ -uadmin:${new_password} -k --max-time
   sleep 10
 done
 
+systemctl_execution "start" "wazuh-dashboard" "${debug}"
+systemctl_execution "enable" "wazuh-dashboard" "${debug}"
+
 restart_ssh_service
 
 clean_configuration

ova/Vagrantfile

@@ -3,8 +3,8 @@
 
 Vagrant.configure("2") do |config|
 
-  config.vm.box_url = "https://packages-dev.wazuh.com/vms/ova/amznlinux-2.box"
-  config.vm.box = "amznlinux-2"
+  config.vm.box_url = "https://packages-dev.wazuh.com/vms/ova/al2023.box"
+  config.vm.box = "al2023"
   config.vm.hostname = "wazuh-server"
   config.vm.provider "virtualbox" do |vb|
     vb.name = "vm_wazuh"
@@ -13,15 +13,15 @@ Vagrant.configure("2") do |config|
   end
 
   config.ssh.username = "wazuh-user"
-  config.ssh.password = "wazuh"
+  #config.ssh.password = "wazuh"
   config.ssh.insert_key = true
 
   # Synced folder configuration
   config.vm.synced_folder ".", "/vagrant", disabled: true
   config.vm.synced_folder ".", "/tmp", type: "rsync", :rsync__exclude => ['output']
 
   # Provision stage
-  config.vm.provision :shell, path: "provision.sh", :args => "#{ENV['PACKAGES_REPOSITORY']} #{ENV['DEBUG']}"
+  config.vm.provision :shell, path: "ova_configurer_caller.sh", :args => "#{ENV['INSTALLATION_ASSISTANT_BRANCH']} #{ENV['WVM_BRANCH']} #{ENV['PACKAGES_REPOSITORY']} #{ENV['DEBUG']}"
 
   # Provision cleanup stage
   config.vm.provision :shell, path: "assets/postProvision.sh", :args => "#{ENV['DEBUG']}"

ova/assets/custom/wazuh-starter/wazuh-starter.service

@@ -0,0 +1,19 @@
+# Wazuh AMI Customizer Service - Used to customize the Wazuh AMI with custom certificates and passwords
+# Copyright (C) 2015, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+#
+
+[Unit]
+Description=Starts Wazuh services in order
+Wants=wazuh-starter.timer
+
+[Service]
+Type=oneshot
+ExecStart=/etc/.wazuh-starter.sh
+
+[Install]
+WantedBy=multi-user.target