Release 4.8.0 - Beta 4 - E2E UX tests - Deployment with Puppet

[davidjiglesias]

End-to-End (E2E) Testing Guideline

• Documentation: Always consult the development documentation for the current stage tag at this link. Be careful because some of the description steps might refer to a current version in production, always navigate using the current development documention for the stage under test. Also, visit the following pre-release package guide to understand how to modify certain links and urls for the correct testing of the development packages.
• Test Requirements: Ensure your test comprehensively includes a full stack and agent/s deployment as per the Deployment requirements, detailing the machine OS, installed version, and revision.
• Deployment Options: While deployments can be local (using VMs, Vagrant, etc) or on the aws-dev account, opt for local deployments when feasible. For AWS access, coordinate with the DevOps team through this link.
• External Accounts: If tests require third-party accounts (e.g., GitHub, Azure, AWS, GCP), request the necessary access through the DevOps team here.
• Alerts: Every test should generate a minimum of one end-to-end alert, from the agent to the dashboard, irrespective of test type.
• Multi-node Testing: For multi-node wazuh-manager tests, ensure agents are connected to both workers and the master node.
• Package Verification: Use the pre-release package that matches the current TAG you're testing. Confirm its version and revision.
• Filebeat Errors: If you encounter errors with Filebeat during testing, refer to this Slack discussion for insights and resolutions.
• Known Issues: Familiarize yourself with previously reported issues in the Known Issues section. This helps in identifying already recognized errors during testing.
• Reporting New Issues: Any new errors discovered during testing that aren't listed under Known Issues should be reported. Assign the issue to the corresponding team (QA if unsure), add the Release testing objective and Very high priority. Communicate these to the team and QA via the c-release Slack channel.
• Test Conduct: It's imperative to be thorough in your testing, offering enough detail for reviewers. Incomplete tests might necessitate a redo.
• Documentation Feedback: Encountering documentation gaps, unclear guidelines, or anything that disrupts the testing or UX? Open an issue, especially if it's not listed under Known Issues. Please answer the feedback section, this is a mandatory step.
• Format: If this is your first time doing this, refer to the format (but not necessarily the content, as it may vary) of previous E2E tests, here you have an example https://github.com/wazuh/wazuh/issues/13994.
• Status and completion: Change the issue status within your team project accordingly. Once you finish testing and write the conclusions, move it to Pending review and notify the @wazuh/devel-devops team via Slack using the c-release channel. Beware that the reviewers might request additional information or task repetitions.
• For reviewers: Please move the issue to Pending final review and notify via Slack using the same thread if everything is ok, otherwise, perform an issue update with the requested changes and move it to On hold, increase the review_cycles in the team project by one and notify the issue assignee via Slack using the same thread.

For the conclusions and the issue testing and updates, use the following legend:

Status legend

• 🟢 All checks passed
• 🟡 Found a known issue
• 🔴 Found a new error

Issue delivery and completion

• Initial delivery: The issue's assignee must complete the testing and deliver the results by Mar 14, 2024 and notify the @wazuh/devel-devops team via Slack using the c-release channel
• Review: The @wazuh/devel-devops team will assign a reviewer and add it to the review_assignee field in the project. The reviewer must then review the test steps and results. Ensure that all iteration cycles are completed by Mar 15, 2024 date (issue must be in Pending final review status) and notify the QA team via Slack using the c-release channel.
• Auditor: The QA team must audit, validate the results, and close the issue by Mar 16, 2024.

Deployment requirements

Component	Installation	Type	OS
Indexer	Deployment with Puppet	Single node	Amazon Linux 2023 x86_64
Server	Deployment with Puppet	Single node	Amazon Linux 2023 x86_64
Dashboard	Deployment with Puppet	-	Amazon Linux 2023 x86_64
Agent	Deployment with Puppet	-	Amazon Linux 2023 x86_64

Test description

Test deployment of Wazuh central components via Puppet. Test deployment of agents via Puppet.

For the deployment, please check details at https://wazuh-team.slack.com/archives/C02A737S5MJ/p1697670733824199?thread_ts=1697634219.368529&cid=C02A737S5MJ

Known issues

• https://github.com/wazuh/wazuh-puppet/issues/461
• https://github.com/wazuh/wazuh-puppet/issues/470
• https://github.com/wazuh/wazuh-documentation/issues/7027
• https://github.com/wazuh/wazuh-puppet/issues/940
• https://github.com/wazuh/wazuh-dashboard-plugins/issues/6312

Conclusions

Status	Test	Failure type	Notes
:yellow_circle:	Set up Puppet	The puppet installation failed with Amazon Linux 2023.	Known issue: https://github.com/wazuh/wazuh-puppet/issues/940
:yellow_circle:	Set up Puppet	Unclear instructions in Puppet deployment	Known issue: https://github.com/wazuh/wazuh-documentation/issues/7027
:green_circle:	Generating Puppet Certificates
:green_circle:	Wazuh Stack Installation
:red_circle:	Wazuh Dashboard	Error index pattern	New issue: https://github.com/wazuh/wazuh-puppet/issues/963

Feedback

We value your feedback. Please provide insights on your testing experience.

• Was the testing guideline clear? Were there any ambiguities?
  • Yes it was clear
• Did you face any challenges not covered by the guideline?
  • No
• Suggestions for improvement:
  • In the initial guide it appears to be done with Amazon Linux 2023, which is a known issue that cannot be installed on that OS. As a suggestion, change the operating system until the problem is resolved.

Reviewers validation

The criteria for completing this task is based on the validation of the conclusions and the test results by all reviewers.

All the checkboxes below must be marked in order to close this issue.

• [ ] @davidjiglesias
• [ ] @wazuh/devel-devops

[santipadilla]

Environment Setup 🟢

Puppet master 🟢

```console [root@master-puppet vagrant]# cat /etc/*release Amazon Linux release 2023.3.20240304 (Amazon Linux) NAME="Amazon Linux" VERSION="2023" ID="amzn" ID_LIKE="fedora" VERSION_ID="2023" PLATFORM_ID="platform:al2023" PRETTY_NAME="Amazon Linux 2023.3.20240304" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2023" HOME_URL="https://aws.amazon.com/linux/amazon-linux-2023/" DOCUMENTATION_URL="https://docs.aws.amazon.com/linux/" SUPPORT_URL="https://aws.amazon.com/premiumsupport/" BUG_REPORT_URL="https://github.com/amazonlinux/amazon-linux-2023" VENDOR_NAME="AWS" VENDOR_URL="https://aws.amazon.com/" SUPPORT_END="2028-03-15" Amazon Linux release 2023.3.20240304 (Amazon Linux) ``` ```console [root@master-puppet vagrant]# uname -r 6.1.79-99.164.amzn2023.x86_64 ``` ```console [root@master-puppet vagrant]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS sda 8:0 0 25G 0 disk ├─sda1 8:1 0 25G 0 part / ├─sda127 259:0 0 1M 0 part └─sda128 259:1 0 10M 0 part /boot/efi sr0 11:0 1 1024M 0 rom ``` ```console [root@master-puppet vagrant]# free -g total used free shared buff/cache available Mem: 1 0 1 0 0 1 Swap: 0 0 0 ``` ```console [root@master-puppet vagrant]# lscpu Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Address sizes: 39 bits physical, 48 bits virtual Byte Order: Little Endian CPU(s): 2 On-line CPU(s) list: 0,1 Vendor ID: GenuineIntel Model name: Intel(R) Core(TM) i7-10750H CPU @ 2.60GHz CPU family: 6 Model: 165 Thread(s) per core: 1 Core(s) per socket: 2 Socket(s): 1 Stepping: 2 BogoMIPS: 5184.00 Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clf lush mmx fxsr sse sse2 ht syscall nx rdtscp lm constant_tsc rep_good nopl x topology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq ssse3 cx16 pcid sse 4_1 sse4_2 x2apic movbe popcnt aes xsave avx rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single pti fsgsbase bmi1 avx2 bmi2 invpcid rdseed clf lushopt md_clear flush_l1d arch_capabilities Virtualization features: Hypervisor vendor: KVM Virtualization type: full Caches (sum of all): L1d: 64 KiB (2 instances) L1i: 64 KiB (2 instances) L2: 512 KiB (2 instances) L3: 24 MiB (2 instances) NUMA: NUMA node(s): 1 NUMA node0 CPU(s): 0,1 Vulnerabilities: Gather data sampling: Unknown: Dependent on hypervisor status Itlb multihit: KVM: Mitigation: VMX unsupported L1tf: Mitigation; PTE Inversion Mds: Mitigation; Clear CPU buffers; SMT Host state unknown Meltdown: Mitigation; PTI Mmio stale data: Mitigation; Clear CPU buffers; SMT Host state unknown Retbleed: Vulnerable Spec rstack overflow: Not affected Spec store bypass: Vulnerable Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization Spectre v2: Mitigation; Retpolines, STIBP disabled, RSB filling, PBRSB-eIBRS Not affect ed Srbds: Unknown: Dependent on hypervisor status Tsx async abort: Not affected ```

Puppet agent 🟢

```console [root@agent-puppet vagrant]# cat /etc/*release Amazon Linux release 2023.3.20240304 (Amazon Linux) NAME="Amazon Linux" VERSION="2023" ID="amzn" ID_LIKE="fedora" VERSION_ID="2023" PLATFORM_ID="platform:al2023" PRETTY_NAME="Amazon Linux 2023.3.20240304" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2023" HOME_URL="https://aws.amazon.com/linux/amazon-linux-2023/" DOCUMENTATION_URL="https://docs.aws.amazon.com/linux/" SUPPORT_URL="https://aws.amazon.com/premiumsupport/" BUG_REPORT_URL="https://github.com/amazonlinux/amazon-linux-2023" VENDOR_NAME="AWS" VENDOR_URL="https://aws.amazon.com/" SUPPORT_END="2028-03-15" Amazon Linux release 2023.3.20240304 (Amazon Linux) ``` ```console [root@agent-puppet vagrant]# uname -r 6.1.79-99.164.amzn2023.x86_64 ``` ```console [root@agent-puppet vagrant]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS sda 8:0 0 25G 0 disk ├─sda1 8:1 0 25G 0 part / ├─sda127 259:0 0 1M 0 part └─sda128 259:1 0 10M 0 part /boot/efi sr0 11:0 1 1024M 0 rom ``` ```console [root@agent-puppet vagrant]# free -g total used free shared buff/cache available Mem: 1 0 1 0 0 1 Swap: 0 0 0 ``` ```console [root@agent-puppet vagrant]# lscpu Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Address sizes: 39 bits physical, 48 bits virtual Byte Order: Little Endian CPU(s): 1 On-line CPU(s) list: 0 Vendor ID: GenuineIntel Model name: Intel(R) Core(TM) i7-10750H CPU @ 2.60GHz CPU family: 6 Model: 165 Thread(s) per core: 1 Core(s) per socket: 1 Socket(s): 1 Stepping: 2 BogoMIPS: 5184.00 Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clfl ush mmx fxsr sse sse2 ht syscall nx rdtscp lm constant_tsc rep_good nopl xto pology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq monitor ssse3 cx16 pci d sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single pti fsgsbase bmi1 avx2 bmi2 invpcid rdseed clflushopt md_clear flush_l1d arch_capabilities Virtualization features: Hypervisor vendor: KVM Virtualization type: full Caches (sum of all): L1d: 32 KiB (1 instance) L1i: 32 KiB (1 instance) L2: 256 KiB (1 instance) L3: 12 MiB (1 instance) NUMA: NUMA node(s): 1 NUMA node0 CPU(s): 0 Vulnerabilities: Gather data sampling: Unknown: Dependent on hypervisor status Itlb multihit: KVM: Mitigation: VMX unsupported L1tf: Mitigation; PTE Inversion Mds: Mitigation; Clear CPU buffers; SMT Host state unknown Meltdown: Mitigation; PTI Mmio stale data: Mitigation; Clear CPU buffers; SMT Host state unknown Retbleed: Vulnerable Spec rstack overflow: Not affected Spec store bypass: Vulnerable Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization Spectre v2: Mitigation; Retpolines, STIBP disabled, RSB filling, PBRSB-eIBRS Not affecte d Srbds: Unknown: Dependent on hypervisor status Tsx async abort: Not affected ```

[santipadilla]

Puppet Set up :yellow_circle:

Installing Puppet master :yellow_circle:

1. Update host file ```console [root@master-puppet vagrant]# vi /etc/hosts [root@master-puppet vagrant]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost6 localhost6.localdomain6 172.31.1.30 puppet puppet-master 172.31.1.31 puppet-agent ``` 2. Install puppet ```console [root@master-puppet vagrant]# yum update Last metadata expiration check: 0:09:16 ago on Wed Mar 13 09:50:43 2024. Dependencies resolved. Nothing to do. Complete! ``` ```console [root@master-puppet vagrant]# sudo rpm -Uvh https://yum.puppet.com/puppet7-release-el-8.noarch.rpm Retrieving https://yum.puppet.com/puppet7-release-el-8.noarch.rpm warning: /var/tmp/rpm-tmp.gLCe5k: Header V4 RSA/SHA512 Signature, key ID 9e61ef26: NOKEY Verifying... ################################# [100%] Preparing... ################################# [100%] Updating / installing... 1:puppet7-release-7.0.0-16.el8 ################################# [100%] ``` ```console [root@master-puppet vagrant]# yum -y install puppetserver Puppet 7 Repository el 8 - x86_64 25 MB/s | 19 MB 00:00 Last metadata expiration check: 0:00:02 ago on Wed Mar 13 10:01:43 2024. Error: Problem: conflicting requests - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.0.0-1.el8.noarch - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.0.1-1.el8.noarch - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.0.2-1.el8.noarch - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.0.3-1.el8.noarch - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.1.0-1.el8.noarch - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.1.2-1.el8.noarch - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.11.0-1.el8.noarch - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.12.0-1.el8.noarch - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.13.0-1.el8.noarch - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.14.0-1.el8.noarch - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.15.0-1.el8.noarch - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.16.0-1.el8.noarch - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.2.0-1.el8.noarch - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.2.1-1.el8.noarch - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.3.0-1.el8.noarch - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.4.0-1.el8.noarch - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.4.1-1.el8.noarch - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.4.2-1.el8.noarch - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.5.0-1.el8.noarch - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.6.0-1.el8.noarch - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.6.1-1.el8.noarch - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.7.0-1.el8.noarch - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.8.0-1.el8.noarch - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.9.0-1.el8.noarch - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.9.1-1.el8.noarch - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.9.2-1.el8.noarch - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.9.3-1.el8.noarch - nothing provides java-1.8.0-openjdk-headless needed by puppetserver-7.9.5-1.el8.noarch (try to add '--skip-broken' to skip uninstallable packages) ```

[santipadilla]

:yellow_circle: The puppet installation failed with Amazon Linux 2023.

This is a known issue:

• https://github.com/wazuh/wazuh-puppet/issues/940.

Due to this, the installation will be done on Amazon Linux 2.

Approved by: @juliamagan

[santipadilla]

Set up Puppet :yellow_circle:

Master

Installing :green_circle:

1. Update host file ```console [root@puppet-master vagrant]# cat /etc/*release NAME="Amazon Linux" VERSION="2" ID="amzn" ID_LIKE="centos rhel fedora" VERSION_ID="2" PRETTY_NAME="Amazon Linux 2" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2" HOME_URL="https://amazonlinux.com/" SUPPORT_END="2025-06-30" Amazon Linux release 2 (Karoo) ``` ```console [root@puppet-master vagrant]# vi /etc/hosts [root@puppet-master vagrant]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost6 localhost6.localdomain6 172.16.1.30 puppet puppet-master 172.16.1.31 puppet-agent 172.16.1.32 puppet-indexer 172.16.1.33 puppet-dashboard 172.16.1.34 puppet-server ``` 2. Install puppet ```console [root@puppet-master vagrant]# rpm -Uvh https://yum.puppet.com/puppet7-release-el-7.noarch.rpm Retrieving https://yum.puppet.com/puppet7-release-el-7.noarch.rpm warning: /var/tmp/rpm-tmp.pGdEMc: Header V4 RSA/SHA512 Signature, key ID 9e61ef26: NOKEY Preparing... ################################# [100%] Updating / installing... 1:puppet7-release-7.0.0-16.el7 ################################# [100%] [root@puppet-master vagrant]# yum -y install puppetserver Loaded plugins: langpacks, priorities, update-motd Resolving Dependencies --> Running transaction check ---> Package puppetserver.noarch 0:7.16.0-1.el7 will be installed --> Processing Dependency: puppet-agent >= 6.16.0 for package: puppetserver-7.16.0-1.el7.noarch --> Processing Dependency: java-1.8.0-openjdk-headless for package: puppetserver-7.16.0-1.el7.noarch --> Processing Dependency: tzdata-java for package: puppetserver-7.16.0-1.el7.noarch --> Running transaction check ---> Package java-1.8.0-openjdk-headless.x86_64 1:1.8.0.402.b06-1.amzn2.0.1 will be installed --> Processing Dependency: copy-jdk-configs >= 3.3 for package: 1:java-1.8.0-openjdk-headless-1.8.0.402.b06-1.amzn2.0.1.x86_64 --> Processing Dependency: cups-libs(x86-64) for package: 1:java-1.8.0-openjdk-headless-1.8.0.402.b06-1.amzn2.0.1.x86_64 --> Processing Dependency: jpackage-utils for package: 1:java-1.8.0-openjdk-headless-1.8.0.402.b06-1.amzn2.0.1.x86_64 --> Processing Dependency: lksctp-tools(x86-64) for package: 1:java-1.8.0-openjdk-headless-1.8.0.402.b06-1.amzn2.0.1.x86_64 --> Processing Dependency: log4j-cve-2021-44228-cve-mitigations for package: 1:java-1.8.0-openjdk-headless-1.8.0.402.b06-1.amzn2.0.1.x86_64 --> Processing Dependency: pcsc-lite-libs(x86-64) for package: 1:java-1.8.0-openjdk-headless-1.8.0.402.b06-1.amzn2.0.1.x86_64 ---> Package puppet-agent.x86_64 0:7.29.1-1.el7 will be installed ---> Package tzdata-java.noarch 0:2024a-1.amzn2.0.1 will be installed --> Running transaction check ---> Package copy-jdk-configs.noarch 0:3.3-10.amzn2 will be installed ---> Package cups-libs.x86_64 1:1.6.3-51.amzn2.0.4 will be installed --> Processing Dependency: libavahi-client.so.3()(64bit) for package: 1:cups-libs-1.6.3-51.amzn2.0.4.x86_64 --> Processing Dependency: libavahi-common.so.3()(64bit) for package: 1:cups-libs-1.6.3-51.amzn2.0.4.x86_64 ---> Package javapackages-tools.noarch 0:3.4.1-11.amzn2 will be installed --> Processing Dependency: python-javapackages = 3.4.1-11.amzn2 for package: javapackages-tools-3.4.1-11.amzn2.noarch --> Processing Dependency: libxslt for package: javapackages-tools-3.4.1-11.amzn2.noarch ---> Package lksctp-tools.x86_64 0:1.0.17-2.amzn2.0.2 will be installed ---> Package log4j-cve-2021-44228-hotpatch.noarch 0:1.3-7.amzn2 will be installed ---> Package pcsc-lite-libs.x86_64 0:1.8.8-7.amzn2 will be installed --> Running transaction check ---> Package avahi-libs.x86_64 0:0.6.31-20.amzn2.0.5 will be installed ---> Package libxslt.x86_64 0:1.1.28-6.amzn2 will be installed ---> Package python-javapackages.noarch 0:3.4.1-11.amzn2 will be installed --> Processing Dependency: python-lxml for package: python-javapackages-3.4.1-11.amzn2.noarch --> Running transaction check ---> Package python-lxml.x86_64 0:3.2.1-4.amzn2.0.5 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================================================================ Package Arch Version Repository Size ============================================================================================================================================================================================================ Installing: puppetserver noarch 7.16.0-1.el7 puppet7 73 M Installing for dependencies: avahi-libs x86_64 0.6.31-20.amzn2.0.5 amzn2-core 62 k copy-jdk-configs noarch 3.3-10.amzn2 amzn2-core 21 k cups-libs x86_64 1:1.6.3-51.amzn2.0.4 amzn2-core 357 k java-1.8.0-openjdk-headless x86_64 1:1.8.0.402.b06-1.amzn2.0.1 amzn2-core 33 M javapackages-tools noarch 3.4.1-11.amzn2 amzn2-core 73 k libxslt x86_64 1.1.28-6.amzn2 amzn2-core 240 k lksctp-tools x86_64 1.0.17-2.amzn2.0.2 amzn2-core 88 k log4j-cve-2021-44228-hotpatch noarch 1.3-7.amzn2 amzn2-core 139 k pcsc-lite-libs x86_64 1.8.8-7.amzn2 amzn2-core 35 k puppet-agent x86_64 7.29.1-1.el7 puppet7 22 M python-javapackages noarch 3.4.1-11.amzn2 amzn2-core 31 k python-lxml x86_64 3.2.1-4.amzn2.0.5 amzn2-core 1.0 M tzdata-java noarch 2024a-1.amzn2.0.1 amzn2-core 185 k Transaction Summary ============================================================================================================================================================================================================ Install 1 Package (+13 Dependent packages) Total download size: 130 M Installed size: 211 M Downloading packages: (1/14): copy-jdk-configs-3.3-10.amzn2.noarch.rpm | 21 kB 00:00:00 (2/14): avahi-libs-0.6.31-20.amzn2.0.5.x86_64.rpm | 62 kB 00:00:00 (3/14): cups-libs-1.6.3-51.amzn2.0.4.x86_64.rpm | 357 kB 00:00:00 (4/14): javapackages-tools-3.4.1-11.amzn2.noarch.rpm | 73 kB 00:00:00 (5/14): libxslt-1.1.28-6.amzn2.x86_64.rpm | 240 kB 00:00:00 (6/14): lksctp-tools-1.0.17-2.amzn2.0.2.x86_64.rpm | 88 kB 00:00:00 (7/14): log4j-cve-2021-44228-hotpatch-1.3-7.amzn2.noarch.rpm | 139 kB 00:00:00 (8/14): pcsc-lite-libs-1.8.8-7.amzn2.x86_64.rpm | 35 kB 00:00:00 (9/14): python-javapackages-3.4.1-11.amzn2.noarch.rpm | 31 kB 00:00:00 (10/14): python-lxml-3.2.1-4.amzn2.0.5.x86_64.rpm | 1.0 MB 00:00:00 (11/14): java-1.8.0-openjdk-headless-1.8.0.402.b06-1.amzn2.0.1.x86_64.rpm | 33 MB 00:00:00 (12/14): tzdata-java-2024a-1.amzn2.0.1.noarch.rpm | 185 kB 00:00:00 warning: /var/cache/yum/x86_64/2/puppet7/packages/puppet-agent-7.29.1-1.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 9e61ef26: NOKEY ] 29 MB/s | 77 MB 00:00:01 ETA Public key for puppet-agent-7.29.1-1.el7.x86_64.rpm is not installed (13/14): puppet-agent-7.29.1-1.el7.x86_64.rpm | 22 MB 00:00:01 (14/14): puppetserver-7.16.0-1.el7.noarch.rpm | 73 MB 00:00:01 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Total 26 MB/s | 130 MB 00:00:04 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-2025-04-06-puppet7-release Importing GPG key 0x9E61EF26: Userid : "Puppet, Inc. Release Key (Puppet, Inc. Release Key) " Fingerprint: d681 1ed3 adee b844 1af5 aa8f 4528 b6cd 9e61 ef26 Package : puppet7-release-7.0.0-16.el7.noarch (installed) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-2025-04-06-puppet7-release Running transaction check Running transaction test Transaction test succeeded Running transaction Warning: RPMDB altered outside of yum. Installing : tzdata-java-2024a-1.amzn2.0.1.noarch 1/14 Installing : libxslt-1.1.28-6.amzn2.x86_64 2/14 Installing : python-lxml-3.2.1-4.amzn2.0.5.x86_64 3/14 Installing : python-javapackages-3.4.1-11.amzn2.noarch 4/14 Installing : javapackages-tools-3.4.1-11.amzn2.noarch 5/14 Installing : copy-jdk-configs-3.3-10.amzn2.noarch 6/14 Installing : avahi-libs-0.6.31-20.amzn2.0.5.x86_64 7/14 Installing : 1:cups-libs-1.6.3-51.amzn2.0.4.x86_64 8/14 Installing : pcsc-lite-libs-1.8.8-7.amzn2.x86_64 9/14 Installing : lksctp-tools-1.0.17-2.amzn2.0.2.x86_64 10/14 Installing : puppet-agent-7.29.1-1.el7.x86_64 11/14 Installing : log4j-cve-2021-44228-hotpatch-1.3-7.amzn2.noarch 12/14 Created symlink from /etc/systemd/system/multi-user.target.wants/log4j-cve-2021-44228-hotpatch.service to /usr/lib/systemd/system/log4j-cve-2021-44228-hotpatch.service. Installing : 1:java-1.8.0-openjdk-headless-1.8.0.402.b06-1.amzn2.0.1.x86_64 13/14 Installing : puppetserver-7.16.0-1.el7.noarch 14/14 usermod: no changes Verifying : 1:java-1.8.0-openjdk-headless-1.8.0.402.b06-1.amzn2.0.1.x86_64 1/14 Verifying : log4j-cve-2021-44228-hotpatch-1.3-7.amzn2.noarch 2/14 Verifying : puppet-agent-7.29.1-1.el7.x86_64 3/14 Verifying : python-lxml-3.2.1-4.amzn2.0.5.x86_64 4/14 Verifying : lksctp-tools-1.0.17-2.amzn2.0.2.x86_64 5/14 Verifying : puppetserver-7.16.0-1.el7.noarch 6/14 Verifying : libxslt-1.1.28-6.amzn2.x86_64 7/14 Verifying : 1:cups-libs-1.6.3-51.amzn2.0.4.x86_64 8/14 Verifying : pcsc-lite-libs-1.8.8-7.amzn2.x86_64 9/14 Verifying : avahi-libs-0.6.31-20.amzn2.0.5.x86_64 10/14 Verifying : copy-jdk-configs-3.3-10.amzn2.noarch 11/14 Verifying : tzdata-java-2024a-1.amzn2.0.1.noarch 12/14 Verifying : python-javapackages-3.4.1-11.amzn2.noarch 13/14 Verifying : javapackages-tools-3.4.1-11.amzn2.noarch 14/14 Installed: puppetserver.noarch 0:7.16.0-1.el7 Dependency Installed: avahi-libs.x86_64 0:0.6.31-20.amzn2.0.5 copy-jdk-configs.noarch 0:3.3-10.amzn2 cups-libs.x86_64 1:1.6.3-51.amzn2.0.4 java-1.8.0-openjdk-headless.x86_64 1:1.8.0.402.b06-1.amzn2.0.1 javapackages-tools.noarch 0:3.4.1-11.amzn2 libxslt.x86_64 0:1.1.28-6.amzn2 lksctp-tools.x86_64 0:1.0.17-2.amzn2.0.2 log4j-cve-2021-44228-hotpatch.noarch 0:1.3-7.amzn2 pcsc-lite-libs.x86_64 0:1.8.8-7.amzn2 puppet-agent.x86_64 0:7.29.1-1.el7 python-javapackages.noarch 0:3.4.1-11.amzn2 python-lxml.x86_64 0:3.2.1-4.amzn2.0.5 tzdata-java.noarch 0:2024a-1.amzn2.0.1 Complete! ``` ```console [root@puppet-master vagrant]# ln -s /opt/puppetlabs/bin/puppet /bin [root@puppet-master vagrant]# ln -s /opt/puppetlabs/server/bin/puppetserver /bin ```

Configuration :green_circle:

```console [root@puppet-master vagrant]# nano /etc/puppetlabs/puppet/puppet.conf [root@puppet-master vagrant]# cat /etc/puppetlabs/puppet/puppet.conf # This file can be used to override the default puppet settings. # See the following links for more details on what settings are available: # - https://puppet.com/docs/puppet/latest/config_important_settings.html # - https://puppet.com/docs/puppet/latest/config_about_settings.html # - https://puppet.com/docs/puppet/latest/config_file_main.html # - https://puppet.com/docs/puppet/latest/configuration.html [server] vardir = /opt/puppetlabs/server/data/puppetserver logdir = /var/log/puppetlabs/puppetserver rundir = /var/run/puppetlabs/puppetserver pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid codedir = /etc/puppetlabs/code [main] server = puppet-master dns_alt_names = puppet,puppet-master ``` ```console [root@puppet-master vagrant]# nano /etc/sysconfig/puppetserver [root@puppet-master vagrant]# cat /etc/sysconfig/puppetserver ########################################### # Init settings for puppetserver ########################################### # Location of your Java binary (version 8) JAVA_BIN="/usr/bin/java" # Modify this if you'd like to change the memory allocation, enable JMX, etc JAVA_ARGS="-Xms512m -Xmx512m -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger" # Modify this as you would JAVA_ARGS but for non-service related subcommands JAVA_ARGS_CLI="${JAVA_ARGS_CLI:-}" # Modify this if you'd like TrapperKeeper specific arguments TK_ARGS="" # These normally shouldn't need to be edited if using OS packages USER="puppet" GROUP="puppet" INSTALL_DIR="/opt/puppetlabs/server/apps/puppetserver" CONFIG="/etc/puppetlabs/puppetserver/conf.d" # Bootstrap path BOOTSTRAP_CONFIG="/etc/puppetlabs/puppetserver/services.d/,/opt/puppetlabs/server/apps/puppetserver/config/services.d/" # SERVICE_STOP_RETRIES can be set here to alter the default stop timeout in # seconds. For systemd, the shorter of this setting or 'TimeoutStopSec' in # the systemd.service definition will effectively be the timeout which is used. SERVICE_STOP_RETRIES=60 # START_TIMEOUT can be set here to alter the default startup timeout in # seconds. For systemd, the shorter of this setting or 'TimeoutStartSec' # in the service's systemd.service configuration file will effectively be the # timeout which is used. START_TIMEOUT=300 # Maximum number of seconds that can expire for a service reload attempt before # the result of the attempt is interpreted as a failure. RELOAD_TIMEOUT=120 ```

Start service :green_circle:

```console [root@puppet-master vagrant]# systemctl start puppetserver [root@puppet-master vagrant]# systemctl enable puppetserver Created symlink from /etc/systemd/system/multi-user.target.wants/puppetserver.service to /usr/lib/systemd/system/puppetserver.service. [root@puppet-master vagrant]# systemctl status puppetserver ● puppetserver.service - puppetserver Service Loaded: loaded (/usr/lib/systemd/system/puppetserver.service; enabled; vendor preset: disabled) Active: active (running) since mié 2024-03-13 13:38:14 UTC; 1min 8s ago Main PID: 12327 (java) CGroup: /system.slice/puppetserver.service ├─12327 /usr/bin/java -Xms512m -Xmx512m -Djruby.logger.class=com.puppetlabs.jruby... └─12680 /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/server/data/puppetserver/... mar 13 13:37:56 puppet-master systemd[1]: Starting puppetserver Service... mar 13 13:37:59 puppet-master puppetserver[12302]: WARNING: abs already refers to: #'cloju...bs mar 13 13:38:14 puppet-master systemd[1]: Started puppetserver Service. Hint: Some lines were ellipsized, use -l to show in full. ```

Agent

Installing :green_circle:

1. Update host file ```console [root@puppet-agent vagrant]# vi /etc/hosts [root@puppet-agent vagrant]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost6 localhost6.localdomain6 172.16.1.30 puppet puppet-master 172.16.1.31 puppet-agent 172.16.1.32 puppet-indexer 172.16.1.33 puppet-dashboard 172.16.1.34 puppet-server ``` 2. Install puppet ```console [root@puppet-agent vagrant]# rpm -Uvh https://yum.puppet.com/puppet7-release-el-7.noarch.rpm Retrieving https://yum.puppet.com/puppet7-release-el-7.noarch.rpm warning: /var/tmp/rpm-tmp.TGtC7M: Header V4 RSA/SHA512 Signature, key ID 9e61ef26: NOKEY Preparing... ################################# [100%] Updating / installing... 1:puppet7-release-7.0.0-16.el7 ################################# [100%] [root@puppet-agent vagrant]# [root@puppet-agent vagrant]# [root@puppet-agent vagrant]# yum install -y puppet-agent Loaded plugins: langpacks, priorities, update-motd amzn2-core | 3.6 kB 00:00:00 puppet7 | 2.5 kB 00:00:00 puppet7/x86_64/primary_db | 249 kB 00:00:00 Resolving Dependencies --> Running transaction check ---> Package puppet-agent.x86_64 0:7.29.1-1.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================================== Package Arch Version Repository Size ========================================================================================================== Installing: puppet-agent x86_64 7.29.1-1.el7 puppet7 22 M Transaction Summary ========================================================================================================== Install 1 Package Total download size: 22 M Installed size: 22 M Downloading packages: warning: /var/cache/yum/x86_64/2/puppet7/packages/puppet-agent-7.29.1-1.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 9e61ef26: NOKEY Public key for puppet-agent-7.29.1-1.el7.x86_64.rpm is not installed puppet-agent-7.29.1-1.el7.x86_64.rpm | 22 MB 00:00:00 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-2025-04-06-puppet7-release Importing GPG key 0x9E61EF26: Userid : "Puppet, Inc. Release Key (Puppet, Inc. Release Key) " Fingerprint: d681 1ed3 adee b844 1af5 aa8f 4528 b6cd 9e61 ef26 Package : puppet7-release-7.0.0-16.el7.noarch (installed) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-2025-04-06-puppet7-release Running transaction check Running transaction test Transaction test succeeded Running transaction Warning: RPMDB altered outside of yum. Installing : puppet-agent-7.29.1-1.el7.x86_64 1/1 Verifying : puppet-agent-7.29.1-1.el7.x86_64 1/1 Installed: puppet-agent.x86_64 0:7.29.1-1.el7 Complete! ``` ```console [root@puppet-agent vagrant]# ln -s /opt/puppetlabs/bin/puppet /bin ```

Configuration :green_circle:

```console [root@puppet-agent vagrant]# nano /etc/puppetlabs/puppet/puppet.conf [root@puppet-agent vagrant]# cat /etc/puppetlabs/puppet/puppet.conf # This file can be used to override the default puppet settings. # See the following links for more details on what settings are available: # - https://puppet.com/docs/puppet/latest/config_important_settings.html # - https://puppet.com/docs/puppet/latest/config_about_settings.html # - https://puppet.com/docs/puppet/latest/config_file_main.html # - https://puppet.com/docs/puppet/latest/configuration.html # [main] server = puppet-master ```

Start service :green_circle:

```console [root@puppet-agent vagrant]# puppet resource service puppet ensure=running enable=true Notice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running' service { 'puppet': ensure => 'running', enable => 'true', provider => 'systemd', } [root@puppet-agent vagrant]# sudo systemctl status puppet ● puppet.service - Puppet agent Loaded: loaded (/usr/lib/systemd/system/puppet.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2024-03-13 15:19:19 UTC; 15s ago Docs: man:puppet-agent(8) Main PID: 4475 (puppet) CGroup: /system.slice/puppet.service └─4475 /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/puppet agent --no-daemoniz... Mar 13 15:19:19 puppet-agent systemd[1]: Started Puppet agent. Mar 13 15:19:20 puppet-agent puppet-agent[4475]: Starting Puppet client version 7.29.1 ```

Server

Installing :green_circle:

1. Update host file ```console [root@puppet-server vagrant]# vi /etc/hosts [root@puppet-server vagrant]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost6 localhost6.localdomain6 172.16.1.30 puppet puppet-master 172.16.1.31 puppet-agent 172.16.1.32 puppet-indexer 172.16.1.33 puppet-dashboard 172.16.1.34 puppet-server ``` 2. Install puppet ```console [root@puppet-server vagrant]# rpm -Uvh https://yum.puppet.com/puppet7-release-el-7.noarch.rpm Retrieving https://yum.puppet.com/puppet7-release-el-7.noarch.rpm warning: /var/tmp/rpm-tmp.yoBcdP: Header V4 RSA/SHA512 Signature, key ID 9e61ef26: NOKEY Preparing... ################################# [100%] package puppet7-release-7.0.0-16.el7.noarch is already installed [root@puppet-server vagrant]# yum -y install puppet-agent Loaded plugins: langpacks, priorities, update-motd puppet7 | 2.5 kB 00:00:00 puppet7/x86_64/primary_db | 249 kB 00:00:00 Resolving Dependencies --> Running transaction check ---> Package puppet-agent.x86_64 0:7.29.1-1.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================================================================ Package Arch Version Repository Size ============================================================================================================================================================================================================ Installing: puppet-agent x86_64 7.29.1-1.el7 puppet7 22 M Transaction Summary ============================================================================================================================================================================================================ Install 1 Package Total download size: 22 M Installed size: 22 M Downloading packages: warning: /var/cache/yum/x86_64/2/puppet7/packages/puppet-agent-7.29.1-1.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 9e61ef26: NOKEY==================== ] 0.0 B/s | 20 MB --:--:-- ETA Public key for puppet-agent-7.29.1-1.el7.x86_64.rpm is not installed puppet-agent-7.29.1-1.el7.x86_64.rpm | 22 MB 00:00:00 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-2025-04-06-puppet7-release Importing GPG key 0x9E61EF26: Userid : "Puppet, Inc. Release Key (Puppet, Inc. Release Key) " Fingerprint: d681 1ed3 adee b844 1af5 aa8f 4528 b6cd 9e61 ef26 Package : puppet7-release-7.0.0-16.el7.noarch (installed) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-2025-04-06-puppet7-release Running transaction check Running transaction test Transaction test succeeded Running transaction Warning: RPMDB altered outside of yum. Installing : puppet-agent-7.29.1-1.el7.x86_64 1/1 Verifying : puppet-agent-7.29.1-1.el7.x86_64 1/1 Installed: puppet-agent.x86_64 0:7.29.1-1.el7 Complete! ``` ```console [root@puppet-server vagrant]# ln -s /opt/puppetlabs/bin/puppet /bin ```

Configuration :green_circle:

```console [root@puppet-server vagrant]# nano /etc/puppetlabs/puppet/puppet.conf [root@puppet-server vagrant]# cat /etc/puppetlabs/puppet/puppet.conf # This file can be used to override the default puppet settings. # See the following links for more details on what settings are available: # - https://puppet.com/docs/puppet/latest/config_important_settings.html # - https://puppet.com/docs/puppet/latest/config_about_settings.html # - https://puppet.com/docs/puppet/latest/config_file_main.html # - https://puppet.com/docs/puppet/latest/configuration.html # [main] server = puppet-master ```

Start service :green_circle:

```console [root@puppet-server vagrant]# puppet resource service puppet ensure=running enable=true Notice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running' service { 'puppet': ensure => 'running', enable => 'true', provider => 'systemd', } [root@puppet-server vagrant]# systemctl status puppet ● puppet.service - Puppet agent Loaded: loaded (/usr/lib/systemd/system/puppet.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2024-03-13 15:44:05 UTC; 7s ago Docs: man:puppet-agent(8) Main PID: 4281 (puppet) CGroup: /system.slice/puppet.service └─4281 /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/puppet agent --no-daemoniz... Mar 13 15:44:05 puppet-server systemd[1]: Started Puppet agent. Mar 13 15:44:06 puppet-server puppet-agent[4281]: Starting Puppet client version 7.29.1 ```

Dashboard

Installing :green_circle:

1. Update host file ```console [root@puppet-dashboard vagrant]# nano /etc/hosts [root@puppet-dashboard vagrant]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost6 localhost6.localdomain6 172.16.1.30 puppet puppet-master 172.16.1.31 puppet-agent 172.16.1.32 puppet-indexer 172.16.1.33 puppet-dashboard 172.16.1.34 puppet-server ``` 2. Install puppet ```console [root@puppet-dashboard vagrant]# rpm -Uvh https://yum.puppet.com/puppet7-release-el-7.noarch.rpm Loaded plugins: langpacks, priorities, update-motd Resolving Dependencies --> Running transaction check ---> Package puppet-agent.x86_64 0:7.29.1-1.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================================================================ Package Arch Version Repository Size ============================================================================================================================================================================================================ Installing: puppet-agent x86_64 7.29.1-1.el7 puppet7 22 M Transaction Summary ============================================================================================================================================================================================================ Install 1 Package Total download size: 22 M Installed size: 22 M Downloading packages: warning: /var/cache/yum/x86_64/2/puppet7/packages/puppet-agent-7.29.1-1.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 9e61ef26: NOKEY======================= ] 0.0 B/s | 21 MB --:--:-- ETA Public key for puppet-agent-7.29.1-1.el7.x86_64.rpm is not installed puppet-agent-7.29.1-1.el7.x86_64.rpm | 22 MB 00:00:00 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-2025-04-06-puppet7-release Importing GPG key 0x9E61EF26: Userid : "Puppet, Inc. Release Key (Puppet, Inc. Release Key) " Fingerprint: d681 1ed3 adee b844 1af5 aa8f 4528 b6cd 9e61 ef26 Package : puppet7-release-7.0.0-16.el7.noarch (installed) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-2025-04-06-puppet7-release Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : puppet-agent-7.29.1-1.el7.x86_64 1/1 Verifying : puppet-agent-7.29.1-1.el7.x86_64 1/1 Installed: puppet-agent.x86_64 0:7.29.1-1.el7 Complete! ``` ```console [root@puppet-dashboard vagrant]# ln -s /opt/puppetlabs/bin/puppet /bin ```

Configuration :green_circle:

```console [root@puppet-dashboard vagrant]# nano /etc/puppetlabs/puppet/puppet.conf [root@puppet-dashboard vagrant]# cat /etc/puppetlabs/puppet/puppet.conf # This file can be used to override the default puppet settings. # See the following links for more details on what settings are available: # - https://puppet.com/docs/puppet/latest/config_important_settings.html # - https://puppet.com/docs/puppet/latest/config_about_settings.html # - https://puppet.com/docs/puppet/latest/config_file_main.html # - https://puppet.com/docs/puppet/latest/configuration.html # [main] server = puppet-master ```

Start service :green_circle:

```console [root@puppet-dashboard vagrant]# puppet resource service puppet ensure=running enable=true Notice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running' service { 'puppet': ensure => 'running', enable => 'true', provider => 'systemd', } [root@puppet-dashboard vagrant]# systemctl status puppet ● puppet.service - Puppet agent Loaded: loaded (/usr/lib/systemd/system/puppet.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2024-03-13 16:06:55 UTC; 8s ago Docs: man:puppet-agent(8) Main PID: 5233 (puppet) CGroup: /system.slice/puppet.service └─5233 /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/puppet agent --no-daemoniz... Mar 13 16:06:55 puppet-dashboard systemd[1]: Started Puppet agent. Mar 13 16:06:55 puppet-dashboard puppet-agent[5233]: Starting Puppet client version 7.29.1 ```

Indexer

Installing :green_circle:

1. Update host file ```console [root@puppet-indexer vagrant]# nano /etc/hosts [root@puppet-indexer vagrant]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost6 localhost6.localdomain6 172.16.1.30 puppet puppet-master 172.16.1.31 puppet-agent 172.16.1.32 puppet-indexer 172.16.1.33 puppet-dashboard 172.16.1.34 puppet-server ``` 2. Install puppet ```console [root@puppet-indexer vagrant]# rpm -Uvh https://yum.puppet.com/puppet7-release-el-7.noarch.rpm Retrieving https://yum.puppet.com/puppet7-release-el-7.noarch.rpm warning: /var/tmp/rpm-tmp.hkwk3m: Header V4 RSA/SHA512 Signature, key ID 9e61ef26: NOKEY Preparing... ################################# [100%] Updating / installing... 1:puppet7-release-7.0.0-16.el7 ################################# [100%] [root@puppet-indexer vagrant]# [root@puppet-indexer vagrant]# [root@puppet-indexer vagrant]# yum -y install puppet-agent Loaded plugins: langpacks, priorities, update-motd puppet7 | 2.5 kB 00:00:00 puppet7/x86_64/primary_db | 249 kB 00:00:00 Resolving Dependencies --> Running transaction check ---> Package puppet-agent.x86_64 0:7.29.1-1.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================================== Package Arch Version Repository Size ========================================================================================================== Installing: puppet-agent x86_64 7.29.1-1.el7 puppet7 22 M Transaction Summary ========================================================================================================== Install 1 Package Total download size: 22 M Installed size: 22 M Downloading packages: warning: /var/cache/yum/x86_64/2/puppet7/packages/puppet-agent-7.29.1-1.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 9e61ef26: NOKEY Public key for puppet-agent-7.29.1-1.el7.x86_64.rpm is not installed puppet-agent-7.29.1-1.el7.x86_64.rpm | 22 MB 00:00:00 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-2025-04-06-puppet7-release Importing GPG key 0x9E61EF26: Userid : "Puppet, Inc. Release Key (Puppet, Inc. Release Key) " Fingerprint: d681 1ed3 adee b844 1af5 aa8f 4528 b6cd 9e61 ef26 Package : puppet7-release-7.0.0-16.el7.noarch (installed) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-2025-04-06-puppet7-release Running transaction check Running transaction test Transaction test succeeded Running transaction Warning: RPMDB altered outside of yum. Installing : puppet-agent-7.29.1-1.el7.x86_64 1/1 Verifying : puppet-agent-7.29.1-1.el7.x86_64 1/1 Installed: puppet-agent.x86_64 0:7.29.1-1.el7 Complete! ``` ```console [root@puppet-indexer vagrant]# ln -s /opt/puppetlabs/bin/puppet /bin ```

Configuration :green_circle:

```console [root@puppet-indexer vagrant]# nano /etc/puppetlabs/puppet/puppet.conf [root@puppet-indexer vagrant]# cat /etc/puppetlabs/puppet/puppet.conf # This file can be used to override the default puppet settings. # See the following links for more details on what settings are available: # - https://puppet.com/docs/puppet/latest/config_important_settings.html # - https://puppet.com/docs/puppet/latest/config_about_settings.html # - https://puppet.com/docs/puppet/latest/config_file_main.html # - https://puppet.com/docs/puppet/latest/configuration.html # [main] server = puppet-master ```

Start service :green_circle:

```console [root@puppet-indexer vagrant]# puppet resource service puppet ensure=running enable=true Notice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running' service { 'puppet': ensure => 'running', enable => 'true', provider => 'systemd', } [root@puppet-indexer vagrant]# systemctl status puppet ● puppet.service - Puppet agent Loaded: loaded (/usr/lib/systemd/system/puppet.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2024-03-13 16:15:40 UTC; 7s ago Docs: man:puppet-agent(8) Main PID: 4252 (puppet) CGroup: /system.slice/puppet.service └─4252 /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/puppet agent --no-daemoniz... Mar 13 16:15:40 puppet-indexer systemd[1]: Started Puppet agent. Mar 13 16:15:41 puppet-indexer puppet-agent[4252]: Starting Puppet client version 7.29.1 ```

---

New

Known issue

• https://github.com/wazuh/wazuh-documentation/issues/7027

[santipadilla]

Generating Puppet Certificates :green_circle:

Wazuh agent

```console [root@puppet-agent vagrant]# puppet agent -t Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for puppet-agent.home Info: Certificate Request fingerprint (SHA256): 25:BF:96:04:B5:09:4C:CB:0E:2F:AB:BA:0B:C1:F4:EE:93:4B:C9:F8:E5:A9:C3:3C:14:98:41:6F:13:83:CD:5E Info: Certificate for puppet-agent.home has not been signed yet Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (puppet-agent.home). Exiting now because the waitforcert setting is set to 0. ```

Wazuh dashboard

```console [root@puppet-dashboard vagrant]# puppet agent -t Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for puppet-dashboard.home Info: Certificate Request fingerprint (SHA256): C1:2C:04:C6:48:EA:27:41:5F:99:35:A6:FA:DD:E3:77:7D:DA:56:64:FD:E1:35:92:62:CC:6A:2A:21:5D:3D:45 Info: Certificate for puppet-dashboard.home has not been signed yet Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (puppet-dashboard.home). Exiting now because the waitforcert setting is set to 0. ```

Wazuh server

```console [root@puppet-server vagrant]# puppet agent -t Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for puppet-server.home Info: Certificate Request fingerprint (SHA256): 75:6A:57:18:DF:D0:F8:D6:E1:DE:93:DC:20:A6:15:D2:C7:AC:33:40:13:E0:98:8C:A0:40:CD:6C:8B:36:E0:8E Info: Certificate for puppet-server.home has not been signed yet Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (puppet-server.home). Exiting now because the waitforcert setting is set to 0. ```

Wazuh indexer

```console [root@puppet-indexer vagrant]# puppet agent -t Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for puppet-indexer.home Info: Certificate Request fingerprint (SHA256): 01:8B:1C:11:AF:F8:13:0B:D3:53:C6:88:E4:04:19:16:8D:11:64:4F:FC:CF:FF:26:3C:A3:FA:8F:BF:BD:E9:67 Info: Certificate for puppet-indexer.home has not been signed yet Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (puppet-indexer.home). Exiting now because the waitforcert setting is set to 0. ```

Sign Puppet agent certificates

```console [root@puppet-master vagrant]# puppetserver ca list Requested Certificates: puppet-agent.home (SHA256) 25:BF:96:04:B5:09:4C:CB:0E:2F:AB:BA:0B:C1:F4:EE:93:4B:C9:F8:E5:A9:C3:3C:14:98:41:6F:13:83:CD:5E puppet-server.home (SHA256) 75:6A:57:18:DF:D0:F8:D6:E1:DE:93:DC:20:A6:15:D2:C7:AC:33:40:13:E0:98:8C:A0:40:CD:6C:8B:36:E0:8E puppet-dashboard.home (SHA256) C1:2C:04:C6:48:EA:27:41:5F:99:35:A6:FA:DD:E3:77:7D:DA:56:64:FD:E1:35:92:62:CC:6A:2A:21:5D:3D:45 puppet-indexer.home (SHA256) 01:8B:1C:11:AF:F8:13:0B:D3:53:C6:88:E4:04:19:16:8D:11:64:4F:FC:CF:FF:26:3C:A3:FA:8F:BF:BD:E9:67 [root@puppet-master vagrant]# puppetserver ca sign --all Successfully signed certificate request for puppet-agent.home Successfully signed certificate request for puppet-server.home Successfully signed certificate request for puppet-dashboard.home Successfully signed certificate request for puppet-indexer.home ```

Back to Puppet agents:

Wazuh agent

```console [root@puppet-agent vagrant]# puppet agent -t Info: Using environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Notice: Requesting catalog from puppet-master:8140 (172.16.1.30) Notice: Catalog compiled by puppet-master.home Info: Caching catalog for puppet-agent.home Info: Applying configuration version '1710347824' Notice: Applied catalog in 0.01 seconds ```

Wazuh dashboard

```console [root@puppet-dashboard vagrant]# puppet agent -t Info: Using environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Notice: Requesting catalog from puppet-master:8140 (172.16.1.30) Notice: Catalog compiled by puppet-master.home Info: Caching catalog for puppet-dashboard.home Info: Applying configuration version '1710348227' Notice: Applied catalog in 0.01 seconds ```

Wazuh server

```console [root@puppet-server vagrant]# puppet agent -t Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for puppet-server.home Info: Certificate Request fingerprint (SHA256): 75:6A:57:18:DF:D0:F8:D6:E1:DE:93:DC:20:A6:15:D2:C7:AC:33:40:13:E0:98:8C:A0:40:CD:6C:8B:36:E0:8E Info: Downloaded certificate for puppet-server.home from https://puppet-master:8140/puppet-ca/v1 Info: Using environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Notice: Requesting catalog from puppet-master:8140 (172.16.1.30) Notice: Catalog compiled by puppet-master.home Info: Caching catalog for puppet-server.home Info: Applying configuration version '1710347630' Notice: Applied catalog in 0.01 seconds ```

Wazuh indexer

```console [root@puppet-indexer vagrant]# puppet agent -t Info: Using environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Notice: Requesting catalog from puppet-master:8140 (172.16.1.30) Notice: Catalog compiled by puppet-master.home Info: Caching catalog for puppet-indexer.home Info: Applying configuration version '1710348413' Notice: Applied catalog in 0.01 seconds ```

[santipadilla]

Wazuh Stack Installation :green_circle:

:green_circle: Module installation

```console [root@puppet-master vagrant]# wget https://packages-dev.wazuh.com/pre-release/puppet-module/wazuh-wazuh-4.8.0.tar.gz --2024-03-14 14:06:34-- https://packages-dev.wazuh.com/pre-release/puppet-module/wazuh-wazuh-4.8.0.tar.gz Resolving packages-dev.wazuh.com (packages-dev.wazuh.com)... 52.84.66.65, 52.84.66.126, 52.84.66.124, ... Connecting to packages-dev.wazuh.com (packages-dev.wazuh.com)|52.84.66.65|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 59386 (58K) [application/x-tar] Saving to: ‘wazuh-wazuh-4.8.0.tar.gz’ 100%[==================================================================================================================================================================>] 59,386 356KB/s in 0.2s 2024-03-14 14:06:35 (356 KB/s) - ‘wazuh-wazuh-4.8.0.tar.gz’ saved [59386/59386] [root@puppet-master vagrant]# ls wazuh-wazuh-4.8.0.tar.gz [root@puppet-master vagrant]# puppet module install wazuh-wazuh-4.8.0.tar.gz Notice: Preparing to install into /etc/puppetlabs/code/environments/production/modules ... Notice: Downloading from https://forgeapi.puppet.com ... Notice: Installing -- do not interrupt ... /etc/puppetlabs/code/environments/production/modules └─┬ wazuh-wazuh (v4.8.0) ├── puppet-archive (v6.1.2) ├── puppet-nodejs (v7.0.1) ├── puppet-selinux (v3.4.1) ├── puppet-zypprepo (v4.0.1) ├── puppetlabs-apt (v7.7.1) ├─┬ puppetlabs-concat (v6.4.0) │ └── puppetlabs-translate (v2.2.0) ├── puppetlabs-firewall (v2.8.1) ├─┬ puppetlabs-powershell (v4.1.0) │ └── puppetlabs-pwshlib (v1.1.1) └── puppetlabs-stdlib (v6.6.0) ```

:green_circle: Changes to module after installation

```console [root@puppet-master vagrant]# nano /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/repo.pp [root@puppet-master vagrant]# cat /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/repo.pp # Copyright (C) 2015, Wazuh Inc. # Wazuh repository installation class wazuh::repo ( ) { case $::osfamily { 'Debian' : { if $::lsbdistcodename =~ /(jessie|wheezy|stretch|precise|trusty|vivid|wily|xenial|yakketi|groovy)/ and ! defined(Package['apt-transport-https']) { ensure_packages(['apt-transport-https'], {'ensure' => 'present'}) } # apt-key added by issue #34 apt::key { 'wazuh': id => '0DCFCA5547B19D2A6099506096B3EE5F29111145', source => 'https://packages.wazuh.com/key/GPG-KEY-WAZUH', server => 'pgp.mit.edu' } case $::lsbdistcodename { /(jessie|wheezy|stretch|buster|bullseye|bookworm|sid|precise|trusty|vivid|wily|xenial|yakketi|bionic|focal|groovy|jammy)/: { apt::source { 'wazuh': ensure => present, comment => 'This is the WAZUH Ubuntu repository', location => 'https://packages-dev.wazuh.com/pre-release/apt', release => 'unstable', repos => 'main', include => { 'src' => false, 'deb' => true, }, } } default: { fail('This ossec module has not been tested on your distribution (or lsb package not installed)') } } } 'Linux', 'RedHat', 'Suse' : { case $::os[name] { /^(CentOS|RedHat|OracleLinux|Fedora|Amazon|AlmaLinux|Rocky|SLES)$/: { if ( $::operatingsystemrelease =~ /^5.*/ ) { $baseurl = 'https://packages-dev.wazuh.com/pre-release/yum/5/' $gpgkey = 'http://packages.wazuh.com/key/GPG-KEY-WAZUH' } else { $baseurl = 'https://packages-dev.wazuh.com/pre-release/yum/' $gpgkey = 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' } } default: { fail('This ossec module has not been tested on your distribution.') } } # Set up OSSEC repo case $::os[name] { /^(CentOS|RedHat|OracleLinux|Fedora|Amazon|AlmaLinux)$/: { yumrepo { 'wazuh': descr => 'WAZUH OSSEC Repository - www.wazuh.com', enabled => true, gpgcheck => 1, gpgkey => $gpgkey, baseurl => $baseurl } } /^(SLES)$/: { zypprepo { 'wazuh': ensure => present, name => 'WAZUH OSSEC Repository - www.wazuh.com', enabled => 1, gpgcheck => 0, repo_gpgcheck => 0, pkg_gpgcheck => 0, gpgkey => $gpgkey, baseurl => $baseurl } } } } } } [root@puppet-master vagrant]# nano /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/certificates.pp [root@puppet-master vagrant]# cat /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/certificates.pp # Copyright (C) 2015, Wazuh Inc. # Wazuh repository installation class wazuh::certificates ( $wazuh_repository = 'packages-dev.wazuh.com', $wazuh_version = '4.8', $indexer_certs = [], $manager_certs = [], $manager_master_certs = [], $manager_worker_certs = [], $dashboard_certs = [] ) { file { 'Configure Wazuh Certificates config.yml': owner => 'root', path => '/tmp/config.yml', group => 'root', mode => '0640', content => template('wazuh/wazuh_config_yml.erb'), } file { '/tmp/wazuh-certs-tool.sh': ensure => file, source => "https://${wazuh_repository}/${wazuh_version}/wazuh-certs-tool.sh", owner => 'root', group => 'root', mode => '0740', } exec { 'Create Wazuh Certificates': path => '/usr/bin:/bin', command => 'bash /tmp/wazuh-certs-tool.sh --all', creates => '/tmp/wazuh-certificates', require => [ File['/tmp/wazuh-certs-tool.sh'], File['/tmp/config.yml'], ], } file { 'Copy all certificates into module': ensure => 'directory', source => '/tmp/wazuh-certificates/', recurse => 'remote', path => '/etc/puppetlabs/code/environments/production/modules/archive/files/', owner => 'root', group => 'root', mode => '0755', } } [root@puppet-master vagrant]# nano /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/filebeat_oss.pp [root@puppet-master vagrant]# grep packages-dev /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/filebeat_oss.pp source => "https://packages-dev.wazuh.com/pre-release/filebeat/${$wazuh_filebeat_module}", [root@puppet-master vagrant]# grep wazuh_extensions_version /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/filebeat_oss.pp $wazuh_extensions_version = 'v4.8.0-beta4', unless => "curl -s 'https://raw.githubusercontent.com/wazuh/wazuh/${wazuh_extensions_version}/extensions/elasticsearch/7.x/wazuh-template.json' | cmp -s '/etc/filebeat/wazuh-template.json'", source => "https://raw.githubusercontent.com/wazuh/wazuh/${wazuh_extensions_version}/extensions/elasticsearch/7.x/wazuh-template.json", ```

:green_circle: Stack definition stack.pp

```console [root@puppet-master vagrant]# nano /etc/puppetlabs/code/environments/production/manifests/stack.pp [root@puppet-master vagrant]# [root@puppet-master vagrant]# cat /etc/puppetlabs/code/environments/production/manifests/stack.pp $puppetmaster = '172.16.1.30' $indexerhost = '172.16.1.32' $serverhost = '172.16.1.34' $dashboardhost = '172.16.1.33' $indexer_node1_name = 'node1' $master_name = 'master' $indexer_cluster_size = '1' $indexer_discovery_hosts = [$indexerhost] $indexer_cluster_initial_master_nodes = [$indexerhost] $indexer_cluster_CN = [$indexer_node1_name] # Define stage for order execution stage { 'certificates': } stage { 'repo': } stage { 'indexerdeploy': } stage { 'securityadmin': } stage { 'dashboard': } stage { 'manager': } Stage[certificates] -> Stage[repo] -> Stage[indexerdeploy] -> Stage[securityadmin] -> Stage[manager] -> Stage[dashboard] Exec { timeout => 0, } node "puppet-master.home" { class { 'wazuh::certificates': indexer_certs => [["$indexer_node1_name","$indexerhost" ]], manager_master_certs => [["$master_name","$serverhost"]], dashboard_certs => ["$dashboardhost"], stage => certificates } class { 'wazuh::repo': stage => repo } } node "puppet-indexer.home" { class { 'wazuh::repo': stage => repo } class { 'wazuh::indexer': indexer_node_name => "$indexer_node1_name", indexer_network_host => "$indexerhost", indexer_node_max_local_storage_nodes => "$indexer_cluster_size", indexer_discovery_hosts => $indexer_discovery_hosts, indexer_cluster_initial_master_nodes => $indexer_cluster_initial_master_nodes, indexer_cluster_CN => $indexer_cluster_CN, stage => indexerdeploy } class { 'wazuh::securityadmin': indexer_network_host => "$indexerhost", stage => securityadmin } } node "puppet-server.home" { class { 'wazuh::repo': stage => repo } class { 'wazuh::manager': ossec_cluster_name => 'wazuh-cluster', ossec_cluster_node_name => 'wazuh-master', ossec_cluster_node_type => 'master', ossec_cluster_key => '01234567890123456789012345678912', ossec_cluster_bind_addr => "$serverhost", ossec_cluster_nodes => ["$serverhost"], ossec_cluster_disabled => 'no', stage => manager } class { 'wazuh::filebeat_oss': filebeat_oss_indexer_ip => "$indexerhost", wazuh_node_name => "$master_name", stage => manager } } node "puppet-dashboard.home" { class { 'wazuh::repo': stage => repo, } class { 'wazuh::dashboard': indexer_server_ip => "$indexerhost", manager_api_host => "$serverhost", stage => dashboard } } node "puppet-agent.home" { class { 'wazuh::repo': } class { "wazuh::agent": wazuh_register_endpoint => "$serverhost", wazuh_reporting_endpoint => "$serverhost" } } ```

:green_circle: Puppet master - Create certificates

```console [root@puppet-master vagrant]# puppet agent -t Info: Using environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Loading facts Notice: Requesting catalog from puppet-master:8140 (172.16.1.30) Notice: Catalog compiled by puppet-master.home Info: Caching catalog for puppet-master.home Info: Applying configuration version '1710415670' Notice: /Stage[certificates]/Wazuh::Certificates/File[Configure Wazuh Certificates config.yml]/content: --- /tmp/config.yml 2024-03-14 11:11:52.333563377 +0000 +++ /tmp/puppet-file20240314-31412-cx6ysj 2024-03-14 11:27:50.954971735 +0000 @@ -1,10 +1,11 @@ nodes: indexer: - - name: indexer-node-1 - ip: 127.0.0.1 + - name: indexer-node1 + ip: 172.16.1.32 server: - name: manager-master - ip: 127.0.0.1 + ip: 172.16.1.34 + node_type: master dashboard: - name: dashboard - ip: 127.0.0.1 + ip: 172.16.1.33 Notice: /Stage[certificates]/Wazuh::Certificates/File[Configure Wazuh Certificates config.yml]/content: content changed '{sha256}081fb42f8c670649d09c5f8aecf0eebdd06c7e7a673d2e41c7fd5c44fbd8bab4' to '{sha256}a45566a877cfb6ffec4050ad6ea8615b694675af1aeae955392cf9ab14e14932' Notice: /Stage[certificates]/Wazuh::Certificates/File[Configure Wazuh Certificates config.yml]/mode: mode changed '0600' to '0640' (corrective) Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/admin-key.pem]/ensure: defined content as '{sha256}3365d1372f5d9fc372a84465b9e91949febbe9cba3978082d9794462ff0ab110' Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/admin.pem]/ensure: defined content as '{sha256}3c4e6f8f3aef82b18a03e538d8bbc14e000cd950739aa460bd2ffc8f9dcdd037' Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/dashboard-key.pem]/ensure: defined content as '{sha256}7fc48f27cea0755a5cd66532477dcec962fa9aacecee1b217fabc68b2c5cf839' Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/dashboard.pem]/ensure: defined content as '{sha256}3bfcb4da596dc84076d50fdb5d21361ac6b172d3a7197555b5b51d1e00c567d9' Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/indexer-node-1-key.pem]/ensure: defined content as '{sha256}91ca5ea6d4e345a5d18403a51e51259b718245dae5ea20689ebd2c3fa1f0dab6' Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/indexer-node-1.pem]/ensure: defined content as '{sha256}cc666350647b0982cc8039dffcc8782bdca7c58cc4f0bf47ff8d38718bf53546' Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/manager-master-key.pem]/ensure: defined content as '{sha256}95cfedb0c4091aa6a6fa2a6f3662ac305d89d88051486a4cf37354a0192c72a4' Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/manager-master.pem]/ensure: defined content as '{sha256}7be89c4fecd03a75154893d2164cc6dbbcdaa2889c6ed2110b8dfcc1da747b3f' Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/root-ca.key]/ensure: defined content as '{sha256}83d991b18fc5188536e328224cc8f1a03c91d3e996fd3d4b8eabb8052e715ce7' Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/root-ca.pem]/ensure: defined content as '{sha256}d75bb634eed4ade2b77e021aa7c4d723eb832fc5e2e8432356bdc2bcba3ea9c0' Notice: Applied catalog in 0.82 seconds ```

:green_circle: Wazuh server

```console [root@puppet-server vagrant]# puppet agent -t Info: Using environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Loading facts Notice: Requesting catalog from puppet-master:8140 (172.16.1.30) Notice: Catalog compiled by puppet-master.home Info: Caching catalog for puppet-server.home Info: Applying configuration version '1710415840' Notice: /Stage[manager]/Wazuh::Manager/Exec[Generate the wazuh-keystore (username)]/returns: executed successfully (corrective) Notice: /Stage[manager]/Wazuh::Manager/Exec[Generate the wazuh-keystore (password)]/returns: executed successfully (corrective) Notice: /Stage[manager]/Wazuh::Filebeat_oss/File[/etc/filebeat/certs/filebeat.pem]/ensure: defined content as '{sha256}7be89c4fecd03a75154893d2164cc6dbbcdaa2889c6ed2110b8dfcc1da747b3f' Notice: /Stage[manager]/Wazuh::Filebeat_oss/File[/etc/filebeat/certs/filebeat-key.pem]/ensure: defined content as '{sha256}95cfedb0c4091aa6a6fa2a6f3662ac305d89d88051486a4cf37354a0192c72a4' Notice: /Stage[manager]/Wazuh::Filebeat_oss/File[/etc/filebeat/certs/root-ca.pem]/ensure: defined content as '{sha256}d75bb634eed4ade2b77e021aa7c4d723eb832fc5e2e8432356bdc2bcba3ea9c0' Notice: /Stage[manager]/Wazuh::Filebeat_oss/Service[filebeat]/ensure: ensure changed 'stopped' to 'running' (corrective) Info: /Stage[manager]/Wazuh::Filebeat_oss/Service[filebeat]: Unscheduling refresh on Service[filebeat] Notice: Applied catalog in 0.80 seconds [root@puppet-server vagrant]# systemctl status wazuh-manager ● wazuh-manager.service - Wazuh manager Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled) Active: active (running) since jue 2024-03-14 12:38:18 UTC; 5min ago Process: 2685 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS) CGroup: /system.slice/wazuh-manager.service ├─3175 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py ├─3177 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py ├─3181 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py ├─3185 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py ├─3253 /var/ossec/bin/wazuh-authd ├─3540 /var/ossec/bin/wazuh-db ├─3745 /var/ossec/bin/wazuh-execd ├─3984 /var/ossec/bin/wazuh-analysisd ├─3996 /var/ossec/bin/wazuh-syscheckd ├─4179 /var/ossec/bin/wazuh-remoted ├─4265 /var/ossec/bin/wazuh-logcollector ├─4289 /var/ossec/bin/wazuh-monitord ├─4345 /var/ossec/bin/wazuh-modulesd ├─4827 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clust... ├─4881 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clust... └─4882 /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh_clust... mar 14 12:38:11 puppet-server env[2685]: Started wazuh-syscheckd... mar 14 12:38:12 puppet-server env[2685]: Started wazuh-remoted... mar 14 12:38:13 puppet-server env[2685]: Started wazuh-logcollector... mar 14 12:38:14 puppet-server env[2685]: Started wazuh-monitord... mar 14 12:38:14 puppet-server env[2685]: 2024/03/14 12:38:14 wazuh-modulesd:router: INFO: Loade...le. mar 14 12:38:14 puppet-server env[2685]: 2024/03/14 12:38:14 wazuh-modulesd:content_manager: IN...le. mar 14 12:38:15 puppet-server env[2685]: Started wazuh-modulesd... mar 14 12:38:16 puppet-server env[2685]: Started wazuh-clusterd... mar 14 12:38:18 puppet-server env[2685]: Completed. mar 14 12:38:18 puppet-server systemd[1]: Started Wazuh manager. ```

:green_circle: Wazuh indexer

```console [root@puppet-indexer vagrant]# puppet agent -t Info: Using environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Loading facts Notice: Requesting catalog from puppet-master:8140 (172.16.1.30) Notice: Catalog compiled by puppet-master.home Info: Caching catalog for puppet-indexer.home Info: Applying configuration version '1710416455' Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[/etc/wazuh-indexer/certs/indexer-node1.pem]/ensure: defined content as '{sha256}cc666350647b0982cc8039dffcc8782bdca7c58cc4f0bf47ff8d38718bf53546' Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[/etc/wazuh-indexer/certs/indexer-node1-key.pem]/ensure: defined content as '{sha256}91ca5ea6d4e345a5d18403a51e51259b718245dae5ea20689ebd2c3fa1f0dab6' Notice: /Stage[indexerdeploy]/Wazuh::Indexer/Service[wazuh-indexer]/ensure: ensure changed 'stopped' to 'running' Info: /Stage[indexerdeploy]/Wazuh::Indexer/Service[wazuh-indexer]: Unscheduling refresh on Service[wazuh-indexer] Notice: /Stage[securityadmin]/Wazuh::Securityadmin/Exec[Initialize the Opensearch security index in Wazuh indexer]/returns: executed successfully Notice: Applied catalog in 13.64 seconds [root@puppet-indexer vagrant]# systemctl status wazuh-indexer ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since jue 2024-03-14 11:41:05 UTC; 1h 3min ago Docs: https://documentation.wazuh.com Main PID: 5311 (java) CGroup: /system.slice/wazuh-indexer.service └─5311 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.c... mar 14 11:40:55 puppet-indexer systemd[1]: Starting Wazuh-indexer... mar 14 11:40:57 puppet-indexer systemd-entrypoint[5311]: WARNING: A terminally deprecated method...ed mar 14 11:40:57 puppet-indexer systemd-entrypoint[5311]: WARNING: System::setSecurityManager has...r) mar 14 11:40:57 puppet-indexer systemd-entrypoint[5311]: WARNING: Please consider reporting this...ch mar 14 11:40:57 puppet-indexer systemd-entrypoint[5311]: WARNING: System::setSecurityManager wil...se mar 14 11:40:57 puppet-indexer systemd-entrypoint[5311]: WARNING: A terminally deprecated method...ed mar 14 11:40:57 puppet-indexer systemd-entrypoint[5311]: WARNING: System::setSecurityManager has...r) mar 14 11:40:57 puppet-indexer systemd-entrypoint[5311]: WARNING: Please consider reporting this...ty mar 14 11:40:57 puppet-indexer systemd-entrypoint[5311]: WARNING: System::setSecurityManager wil...se mar 14 11:41:05 puppet-indexer systemd[1]: Started Wazuh-indexer. ```

:green_circle: Wazuh dashboard

```console [root@puppet-dashboard vagrant]# puppet agent -t Info: Using environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Loading facts Notice: Requesting catalog from puppet-master:8140 (172.16.1.30) Notice: Catalog compiled by puppet-master.home Info: Caching catalog for puppet-dashboard.home Info: Applying configuration version '1710416659' Notice: Applied catalog in 0.24 seconds [root@puppet-dashboard vagrant]# systemctl status wazuh-dashboard ● wazuh-dashboard.service - wazuh-dashboard Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled) Active: active (running) since jue 2024-03-14 12:45:32 UTC; 44s ago Main PID: 1940 (node) CGroup: /system.slice/wazuh-dashboard.service └─1940 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-head... mar 14 12:45:36 puppet-dashboard opensearch-dashboards[1940]: {"type":"log","@timestamp":"2024-0...} mar 14 12:45:36 puppet-dashboard opensearch-dashboards[1940]: {"type":"log","@timestamp":"2024-0...} mar 14 12:45:36 puppet-dashboard opensearch-dashboards[1940]: {"type":"log","@timestamp":"2024-0...a mar 14 12:45:36 puppet-dashboard opensearch-dashboards[1940]: {"type":"log","@timestamp":"2024-0...} mar 14 12:45:36 puppet-dashboard opensearch-dashboards[1940]: {"type":"log","@timestamp":"2024-0...} mar 14 12:45:36 puppet-dashboard opensearch-dashboards[1940]: {"type":"log","@timestamp":"2024-0...} mar 14 12:45:39 puppet-dashboard opensearch-dashboards[1940]: {"type":"log","@timestamp":"2024-0...} mar 14 12:45:39 puppet-dashboard opensearch-dashboards[1940]: {"type":"log","@timestamp":"2024-0...m mar 14 12:45:40 puppet-dashboard opensearch-dashboards[1940]: {"type":"log","@timestamp":"2024-0...} mar 14 12:45:40 puppet-dashboard opensearch-dashboards[1940]: {"type":"log","@timestamp":"2024-0...} ```

:green_circle: Wazuh agent

```console [root@puppet-agent vagrant]# puppet agent -t Info: Using environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Loading facts Notice: Requesting catalog from puppet-master:8140 (172.16.1.30) Notice: Catalog compiled by puppet-master.home Info: Caching catalog for puppet-agent.home Info: Applying configuration version '1710419927' Notice: /Stage[main]/Wazuh::Agent/Exec[agent-auth-linux]/returns: executed successfully (corrective) Info: /Stage[main]/Wazuh::Agent/Exec[agent-auth-linux]: Scheduling refresh of Service[wazuh-agent] Notice: /Stage[main]/Wazuh::Agent/Service[wazuh-agent]/ensure: ensure changed 'stopped' to 'running' Info: /Stage[main]/Wazuh::Agent/Service[wazuh-agent]: Unscheduling refresh on Service[wazuh-agent] Notice: Applied catalog in 7.42 seconds [root@puppet-agent vagrant]# systemctl status wazuh-agent ● wazuh-agent.service - Wazuh agent Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; enabled; vendor preset: disabled) Active: active (running) since jue 2024-03-14 12:38:55 UTC; 37s ago CGroup: /system.slice/wazuh-agent.service ├─380 /var/ossec/bin/wazuh-execd ├─393 /var/ossec/bin/wazuh-agentd ├─409 /var/ossec/bin/wazuh-syscheckd ├─423 /var/ossec/bin/wazuh-logcollector └─442 /var/ossec/bin/wazuh-modulesd mar 14 12:38:48 puppet-agent systemd[1]: Starting Wazuh agent... mar 14 12:38:48 puppet-agent env[32240]: Starting Wazuh v4.8.0... mar 14 12:38:49 puppet-agent env[32240]: Started wazuh-execd... mar 14 12:38:50 puppet-agent env[32240]: Started wazuh-agentd... mar 14 12:38:51 puppet-agent env[32240]: Started wazuh-syscheckd... mar 14 12:38:52 puppet-agent env[32240]: Started wazuh-logcollector... mar 14 12:38:53 puppet-agent env[32240]: Started wazuh-modulesd... mar 14 12:38:55 puppet-agent env[32240]: Completed. mar 14 12:38:55 puppet-agent systemd[1]: Started Wazuh agent. ```

[santipadilla]

Wazuh Dashboard :red_circle:

---

New

New issue

• https://github.com/wazuh/wazuh-puppet/issues/963

[teddytpc1]

@santipadilla please open a new issue for this. I think this was resolved for 4.8.0-beta1 and we should not have this issue in the Puppet deployment. Also, I did not see this error in another test.

[santipadilla]

@teddytpc1 Done!

• https://github.com/wazuh/wazuh-puppet/issues/963

Thank you!

[juliamagan]

LGTM