Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The "Deploy a new agent" section misleads users with an all-in-one deployment #5138

Closed
s-ocando opened this issue Jan 18, 2023 · 4 comments · Fixed by #5166, #5172 or #5173
Closed

The "Deploy a new agent" section misleads users with an all-in-one deployment #5138

s-ocando opened this issue Jan 18, 2023 · 4 comments · Fixed by #5166, #5172 or #5173
Assignees
@Machi3mfl @chantal-kelm
Labels
type/bug Bug issue

Comments

@s-ocando
Copy link
Contributor

Wazuh Rev
4.4.0-beta1 01

Description

The "Deploy a new agent" section misleads users with an all-in-one deployment.

In the Wazuh server address section, the default value is manager:0.0.0.0 but only the word manager is shown. This does not invite the user to take any action. Nevertheless, for all-in-one deployments, it's necessary to introduce the server address as the app is not able to automatically retrieve it from the wazuh.yml configuration file.

In the resulting command, we see WAZUH_MANAGER='0.0.0.0' which will clearly fail to register the agent.

Using an all-in-one deployment is a very common case and we should make it clear to the users that they must enter their Wazuh server address. Also, consider adding an easy way to store the Wazuh server address, see #4718 for more details.

agents
@s-ocando s-ocando added the type/bug Bug issue label Jan 18, 2023
@s-ocando s-ocando changed the title The "Deploy a new agent" section misleads users with an all-in-one deployment. The "Deploy a new agent" section misleads users with an all-in-one deployment Jan 18, 2023
@gdiazlo
Copy link
Member

gdiazlo commented Jan 19, 2023

This problem is related to the way Wazuh manages these addresses internally. We're going to disable this feature, as there is no general solution for it.

@gdiazlo gdiazlo moved this from Triage to Todo in Release 4.4.0 Jan 19, 2023
@chantal-kelm
Copy link
Member

chantal-kelm commented Jan 19, 2023
edited
Loading

Things to take into account in case of disabling this feature and show again an input.

For example about the protocol, these would be the 3 use cases that were defined in the meeting with api at the time and based on what the issue was developed. One of the use cases would be dismissed which is the case where the user chooses from the select an IP and based on what he chooses the protocol is UDP or TCP. Of the use cases that were defined at the time, only the TCP ones will work.

In case we want UDP to also work then we would have to add logic and the use cases would change.

Current use cases:

The first use case we would have to decide whether to keep it that way or not?

First use case:

  • When the client has the IP address configured, in the server address field you will see that IP address and the protocol will be TCP.

Second use case:

  • The user can type an IP and in that case the protocol will be TCP.

Third use case:

(this case would be dismissed because there is no longer a select, and as soon as the user puts an IP manually enters the case mentioned above (the second case). So in the two cases that we would have the protocol running would always be TCP.
In case we also want the UDP case to work, then we should make a logic that verifies that when the user manually enters an IP it does not enter in case 2 but we should verify what type of protocol the user has configured because otherwise the protocol will be set to TCP and in case the user has configured the protocol in UDP when using the command it will give an error.

  • In case the user has not configured the IP address then a selector will be shown in the server address where the manager and the cluster will be shown, the user can choose one and based on the one he chooses, the protocol will be TCP or UDP as appropriate.

@chantal-kelm
Copy link
Member

chantal-kelm commented Jan 20, 2023
edited
Loading

In a meeting with @gdiazlo we determined the use cases that the issue would address, which are the following:

  • When the client has the IP address configured then in the server address field you will see that IP address and the protocol will be TCP.

Screenshot from 2022-11-03 09-56-51

  • When the user has no IP address configured then the protocol is always TCP unless in the ossec is UDP

@gdiazlo gdiazlo moved this from Todo to In Progress in Release 4.4.0 Jan 24, 2023
@Machi3mfl Machi3mfl self-assigned this Jan 24, 2023
@Machi3mfl Machi3mfl mentioned this issue Jan 25, 2023
Merged
6 tasks
@Machi3mfl Machi3mfl linked a pull request Jan 25, 2023 that will close this issue
Added server address and wazuh protocol definition in Deploy agent section #5166
Merged
6 tasks
@Machi3mfl Machi3mfl moved this from In Progress to In Review in Release 4.4.0 Jan 25, 2023
@Machi3mfl
Copy link
Member

Hi, I leave the definitive solution scope and test cases.
The issue is resolved in #5166

Scope

Protocol cases

  1. When the only available Protocol is UDP, the WAZUH_PROTOCOL param in the command will show UDP.
  • On Manager and Cluster mode.
  1. When the Protocol available exists TCP, the WAZUH_PROTOCOL param in the command will be TCP (the param is hidden, and TCP is the default value)
  • On Manager and Cluster mode.

Server address input cases

  1. When the user has filled the enrollment.dns field in Management > Configuration. The server address input must be filled by default with this value.

Annotation

The protocol and server address input are independent.
The command protocol param defined depends on only the remote configuration defined in the ossec.conf file.

Test cases evidence

Protocol cases

When the protocol is UDP (Cluster mode)

  1. Check the remote config in Management > Configuration > Global configuration > Remote Tab
  2. Go to Deploy Agent
  3. Complete the OS options.
  4. The WAZUH_PROTOCOL param must show UDP
Kazam_screencast_00005.mp4

When the protocol is TCP (Cluster mode)

  1. Check the remote config in Management > Configuration > Global configuration > Remote Tab
  2. Go to Deploy Agent
  3. Complete the OS options.
  4. The WAZUH_PROTOCOL param must be hidden (when is not defined the protocol is TCP)
Kazam_screencast_00006.mp4

When the protocol is UDP (Manager mode)

  1. Check the remote config in Management > Configuration > Global configuration > Remote Tab
  2. Go to Deploy Agent
  3. Complete the OS options.
  4. The WAZUH_PROTOCOL param must show UDP
Kazam_screencast_00008.mp4

When the protocol is TCP (Manager mode)

  1. Check the remote config in Management > Configuration > Global configuration > Remote Tab
  2. Go to Deploy Agent
  3. Complete the OS options.
  4. The WAZUH_PROTOCOL param must be hidden (when is not defined the protocol is TCP)
Kazam_screencast_00007.mp4

This was linked to pull requests Jan 27, 2023
[Backport 4.4-7.16] Added server address and wazuh protocol definition in Deploy agent section #5172
Merged
[Backport 4.4-2.4-wzd] Added server address and wazuh protocol definition in Deploy agent section #5173
Merged
@gdiazlo gdiazlo moved this from In Review to Done in Release 4.4.0 Jan 27, 2023
@gdiazlo gdiazlo closed this as completed Jan 27, 2023
@Tostti Tostti mentioned this issue Jan 27, 2023
Closed
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Machi3mfl Machi3mfl

@chantal-kelm chantal-kelm

Labels
type/bug Bug issue
Projects
No open projects
Release 4.4.0
Status: Done
Milestone
No milestone
4 participants
@gdiazlo @Machi3mfl @s-ocando @chantal-kelm