Add unattended installation

[sergiogp98]

Hi team,

This issue try to add to types of environments following this two unattended installation methods described in the documentation:

• [x] All-in-one

• [x] Distributed

  All-in-one

One node with:

• Wazuh server, including the Wazuh manager as a single-node cluster and the Wazuh API.
• Elastic Stack, including Open Distro for Elasticsearch as a single-node cluster, Filebeat, and Kibana, including the Wazuh Kibana plugin.

Distributed

Five nodes:

• Three Open Distro Elasticsearch nodes and one of them with Kibana and its respective Wazuh Kibana plugin
• Two Wazuh server nodes: master and worker

SG

[sergiogp98]

Update

All-in-one

• Add Wazuh version
• Add Log file for checking installation process

Image: functional all-in-one installation

Distributed

• Having some problem with Kibana

[sergiogp98]

Update

Distributed

• Kibana errors:

1. Permission denied: privilege 443 port is not linked to Kibana socket
2. chown: cannot access '/usr/share/kibana/optimize': No such file or directory

[sergiogp98]

Update

• Kibana errors: error when linking 443 port to Kibana socket. Modification of elastic-stack-installation.sh for debuging:

eval "setcap cap_net_bind_service=+ep /usr/share/kibana/node/bin/node"
if [ "$?" != 0 ]; then 
    echo "Error: setcap 443 port"
else
    echo "Success: setcap 443 port"
fi

[sergiogp98]

Update

Description: check installation process in distributed environment

• Enabled port after creating stack:

• UI functional interface

• Wazuh cluster nodes information

• Elasticsearch cluster health

[root@ip-10-0-1-101 ~]# curl -XGET https://10.0.1.101:9200/_cluster/health?pretty -k -u admin:admin
{
  "cluster_name" : "elastic_cluster",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 3,
  "number_of_data_nodes" : 3,
  "active_primary_shards" : 6,
  "active_shards" : 13,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}

[sergiogp98]

Update

1. Add _initializekibana.sh script to force link 443 port to kibana socket:

#!/bin/bash

echo "Linking 443 port to Kibana socket..."
setcap 'cap_net_bind_service=+ep' /usr/share/kibana/node/bin/node
echo "Starting kibana service..."
systemctl daemon-reload
systemctl enable kibana.service
systemctl restart kibana.service
echo "Initializing Kibana (this may take a while)"
until [[ "$(curl -XGET https://{{kibana_ip}}/status -I -uadmin:admin -k -s --max-time 300 | grep "200 OK")" ]]; do
    sleep 10
done
conf="$(awk '{sub("url: https://localhost", "url: https://{{wazuh_master_ip}}")}1' /usr/share/kibana/data/wazuh/config/wazuh.yml)"
echo "${conf}" > /usr/share/kibana/data/wazuh/config/wazuh.yml  
echo "You can access the web interface https://{{kibana_ip}}. The credentials are admin:admin"  

Varialbes between {} are formatted as as Mustache templates (see documentation) with variables declared in template.yml

2. Bump to Wazuh v4.1.1