search

wazuh / wazuh-puppet

Wazuh - Puppet module
https://wazuh.com
GNU General Public License v2.0
46 stars 133 forks source link

The indexer_network_host parameter of the Securityadmin class has been deleted. #971

Closed Nicogp closed 6 months ago

Nicogp commented 6 months ago

Description

I have confirmed that this PR has removed the 'indexer_network_host' parameter from the 'wazuh::securityadmin' class.

This causes the following failure when trying to deploy wazuh-indexer:

[root@puppet-indexer vagrant]# puppet agent -t
Info: Using environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Notice: Requesting catalog from puppet-master:8140 (192.168.0.200)
Notice: Catalog compiled by puppet-master.fibertel.com.ar
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Class[Wazuh::Securityadmin]: has no parameter named 'indexer_network_host' (file: /etc/puppetlabs/code/environments/production/manifests/stack.pp, line: 51, column: 3) on node puppet-indexer.
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

The test was performed according to the steps in the section Wazuh Puppet module -> Multi Node section: image

vcerenu commented 6 months ago

The indexer_network_host parameter was added:

class wazuh::securityadmin (
  $indexer_init_lockfile = '/var/tmp/indexer-init.lock',
  $indexer_network_host = 'localhost',
) {
  exec { 'Initialize the Opensearch security index':
    path    => ['/usr/bin', '/bin', '/usr/sbin', '/sbin'],
    command => "/usr/share/wazuh-indexer/bin/indexer-security-init.sh -ho ${indexer_network_host} && touch ${indexer_init_lockfile}",
    creates => $indexer_init_lockfile,
    require => Service['wazuh-indexer'],
  }
}

Test with multi node deployment

root@ip-172-31-92-3:~# puppet agent -t
Info: Using environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Notice: Requesting catalog from ip-172-31-83-221:8140 (172.31.83.221)
Notice: Catalog compiled by ip-172-31-83-221.ec2.internal
Info: Caching catalog for ip-172-31-92-3.ec2.internal
Info: Applying configuration version '1712745725'
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/Package[wazuh-indexer]/ensure: created (corrective)
Info: /Stage[indexerdeploy]/Wazuh::Indexer/Package[wazuh-indexer]: Scheduling refresh of Exec[set recusive ownership of /etc/wazuh-indexer]
Info: /Stage[indexerdeploy]/Wazuh::Indexer/Package[wazuh-indexer]: Scheduling refresh of Exec[set recusive ownership of /usr/share/wazuh-indexer]
Info: /Stage[indexerdeploy]/Wazuh::Indexer/Package[wazuh-indexer]: Scheduling refresh of Exec[set recusive ownership of /var/lib/wazuh-indexer]
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/Exec[ensure full path of /etc/wazuh-indexer/certs]/returns: executed successfully (corrective)
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[/etc/wazuh-indexer/certs]/owner: owner changed 'root' to 'wazuh-indexer' (corrective)
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[/etc/wazuh-indexer/certs]/group: group changed 'root' to 'wazuh-indexer' (corrective)
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[/etc/wazuh-indexer/certs]/mode: mode changed '0755' to '0500' (corrective)
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[/etc/wazuh-indexer/certs/indexer-node1.pem]/ensure: defined content as '{sha256}168c003004a291e40a7fea8605513516c4572e031299a31acda0cb5658244a18' (corrective)
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[/etc/wazuh-indexer/certs/indexer-node1-key.pem]/ensure: defined content as '{sha256}035283a53fd95a060d55d71abd8fab5f9f0a31c0f5686b919c78641c1069afc2' (corrective)
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[/etc/wazuh-indexer/certs/root-ca.pem]/ensure: defined content as '{sha256}9449007c584f4ebad7b4f8ad0ca97b7879b657b83906b6cee620ecdfee90d48d' (corrective)
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[/etc/wazuh-indexer/certs/admin.pem]/ensure: defined content as '{sha256}e7caac137218883f5c6850ed792a2170dc6d3fee1e45a7adbfb8f81d6f6b9657' (corrective)
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[/etc/wazuh-indexer/certs/admin-key.pem]/ensure: defined content as '{sha256}05ed07eb4d6f968bd0cb46064d609c19349983ff299270b8acfea83c4aab87cc' (corrective)
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[configuration file]/content: 
--- /etc/wazuh-indexer/opensearch.yml   2024-04-05 11:42:08.000000000 +0000
+++ /tmp/puppet-file20240410-6941-7uzjsj    2024-04-10 10:43:28.943351230 +0000
@@ -1,42 +1,37 @@
-network.host: "0.0.0.0"
-node.name: "node-1"
+network.host: "172.31.92.3"
+node.name: "node1"
 cluster.initial_master_nodes:
-- "node-1"
-#- "node-2"
-#- "node-3"
+- "172.31.92.3"
+- "172.31.94.147"
+- "172.31.80.211"
 cluster.name: "wazuh-cluster"
-#discovery.seed_hosts:
-#  - "node-1-ip"
-#  - "node-2-ip"
-#  - "node-3-ip"
+discovery.seed_hosts:
+- "172.31.92.3"
+- "172.31.94.147"
+- "172.31.80.211"
 node.max_local_storage_nodes: "3"
-path.data: /var/lib/wazuh-indexer
-path.logs: /var/log/wazuh-indexer
-
-plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
-plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
+path.data: "/var/lib/wazuh-indexer"
+path.logs: "/var/log/wazuh-indexer"
+plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/indexer-node1.pem
+plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-node1-key.pem
 plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
+plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/indexer-node1.pem
+plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-node1-key.pem
 plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
 plugins.security.ssl.http.enabled: true
 plugins.security.ssl.transport.enforce_hostname_verification: false
 plugins.security.ssl.transport.resolve_hostname: false
-
 plugins.security.authcz.admin_dn:
 - "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
 plugins.security.check_snapshot_restore_write_privileges: true
 plugins.security.enable_snapshot_restore_privilege: true
 plugins.security.nodes_dn:
-- "CN=node-1,OU=Wazuh,O=Wazuh,L=California,C=US"
-#- "CN=node-2,OU=Wazuh,O=Wazuh,L=California,C=US"
-#- "CN=node-3,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=indexer-node1,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=indexer-node2,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=indexer-node3,OU=Wazuh,O=Wazuh,L=California,C=US"
 plugins.security.restapi.roles_enabled:
 - "all_access"
 - "security_rest_api_access"
-
-plugins.security.system_indices.enabled: true
-plugins.security.system_indices.indices: [".plugins-ml-model", ".plugins-ml-task", ".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opensearch-notifications-*", ".opensearch-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
-
-### Option to allow Filebeat-oss 7.10.2 to work ###
+plugins.security.allow_default_init_securityindex: true
+cluster.routing.allocation.disk.threshold_enabled: false
 compatibility.override_main_response_version: true
\ No newline at end of file

Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[configuration file]/content: 

Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[configuration file]/content: content changed '{sha256}d95d40b8ee093f122d8015d4a267eddbd92ba3e323c70f2ac7ab7d8ff9e584fe' to '{sha256}84f37c54589ca7c02ac7b48a1bf765c38f3bf83a1f0e234e7deacef70c94b913' (corrective)
Info: /Stage[indexerdeploy]/Wazuh::Indexer/File[configuration file]: Scheduling refresh of Service[wazuh-indexer]
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/Exec[set recusive ownership of /etc/wazuh-indexer]: Triggered 'refresh' from 1 event
Info: /Stage[indexerdeploy]/Wazuh::Indexer/Exec[set recusive ownership of /etc/wazuh-indexer]: Scheduling refresh of Service[wazuh-indexer]
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/Exec[set recusive ownership of /usr/share/wazuh-indexer]: Triggered 'refresh' from 1 event
Info: /Stage[indexerdeploy]/Wazuh::Indexer/Exec[set recusive ownership of /usr/share/wazuh-indexer]: Scheduling refresh of Service[wazuh-indexer]
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/Exec[set recusive ownership of /var/lib/wazuh-indexer]: Triggered 'refresh' from 1 event
Info: /Stage[indexerdeploy]/Wazuh::Indexer/Exec[set recusive ownership of /var/lib/wazuh-indexer]: Scheduling refresh of Service[wazuh-indexer]
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/Service[wazuh-indexer]/ensure: ensure changed 'stopped' to 'running' (corrective)
Info: /Stage[indexerdeploy]/Wazuh::Indexer/Service[wazuh-indexer]: Unscheduling refresh on Service[wazuh-indexer]
Notice: /Stage[securityadmin]/Wazuh::Securityadmin/Exec[Initialize the Opensearch security index]/returns: executed successfully (corrective)
Notice: Applied catalog in 118.21 seconds
root@ip-172-31-92-3:~#