api_password="wazuh-wui"
token_command="curl ..."
TOKEN=$(eval "${token_command}")
# As the API is not ready, TOKEN here would be empty
# TOKEN=""
# As TOKEN is empty, the if block is ignored, so the credential change is not executed.
if [[ "${TOKEN}" =~ "Invalid credentials" && "${server_node_types[pos]}" == "worker" ]]; then
api_password=$(tar ...)
token_command="curl ..."
TOKEN=$(eval "${token_command}")
fi
# As TOKEN is empty, the while block is executed, but with the wrong credentials.
# TOKEN gets "Invalid Credentials" as value and the API petition can not be done
while [[ -z "${TOKEN}" && "${attempt}" -lt "${max_attempts}" ]]; do
attempt=$((attempt+1))
common_logger "Attempt $attempt: Checking the Wazuh API to be ready"
sleep "${seconds}"
TOKEN=$(eval "${token_command}")
done
# This petition fails because TOKEN is not valid
wm_error=$(curl -k -s -X GET "https://127.0.0.1:55000/agents/outdated?pretty=true" -H "Authorization: Bearer ${TOKEN}")
[!NOTE]
Notice that, in the mentioned GHA run, one of the worker nodes could get the TOKEN, but the other one couldn't because of the mentioned behavior
This PR changes the order in which these commands are executed:
First, the while loop is executed, checking that the API is ready. In case a worker node is being installed, the TOKEN would have Invalid credentials value. In another case, the TOKEN would be correctly fetched.
Secondly, if the TOKEN has Invalid credentials value, the credentials are changed and the TOKEN is requested again, with the correct credentials, and also, ensuring that the API is ready.
# Wait for the API to be ready
while [[ -z "${TOKEN}" && "${attempt}" -lt "${max_attempts}" ]]; do
attempt=$((attempt+1))
common_logger "Attempt $attempt: Checking the Wazuh API to be ready"
sleep "${seconds}"
TOKEN=$(eval "${token_command}")
done
common_logger "Wazuh API is ready to receive requests."
# Change curl credentials in case the master node has changed the passwords
if [[ "${TOKEN}" =~ "Invalid credentials" && "${server_node_types[pos]}" == "worker" ]]; then
api_password=$(tar ...)
token_command="curl ..."
TOKEN=$(eval "${token_command}")
fi
Description
Related: https://github.com/wazuh/wazuh-installation-assistant/issues/51 Complementary PR of: https://github.com/wazuh/wazuh-installation-assistant/pull/52
The aim of this PR is to change the order of the token API fetch in the
manager_checkService
function. Now, the function will do the following:This PR was originated to fix the following behavior: if the API was not ready to receive requests, the TOKEN variable was empty, and in case the Wazuh manager node was a worker, the credentials were not changed. Then, the TOKEN could not be fetched: https://github.com/wazuh/wazuh-installation-assistant/actions/runs/10832984133/job/30058653961
This PR changes the order in which these commands are executed:
Invalid credentials
value. In another case, the TOKEN would be correctly fetched.Invalid credentials
value, the credentials are changed and the TOKEN is requested again, with the correct credentials, and also, ensuring that the API is ready.Testing
The testing was performed using the GHAs: