Merge pull request #581 from wazuh/566-FixDashboardVariables-to4.4

4.4 branch update with changes applied in 4.3
wazuh · Sep 29, 2022 · d21823b · d21823b
2 parents 02bcf5e + dd7060b
commit d21823b
Show file tree

Hide file tree

Showing 7 changed files with 57 additions and 34 deletions.
diff --git a/manifests/dashboard.pp b/manifests/dashboard.pp
@@ -4,8 +4,6 @@
  $dashboard_package = 'wazuh-dashboard',
  $dashboard_service = 'wazuh-dashboard',
  $dashboard_version = '4.4.0',
- $dashboard_user = 'admin',
- $dashboard_password = 'admin',
  $indexer_server_ip = 'localhost',
  $indexer_server_port = '9200',
  $dashboard_path_certs = '/etc/wazuh-dashboard/certs',
@@ -14,19 +12,20 @@
 
  $dashboard_server_port = '443',
  $dashboard_server_host = '0.0.0.0',
- $dashboard_server_hosts = "https://${indexer_server_ip}:${indexer_server_port}",
+ $indexer_server_host = "https://${indexer_server_ip}:${indexer_server_port}",
  $dashboard_wazuh_api_credentials = [
  {
  'id' => 'default',
  'url' => 'https://localhost',
  'port' => '55000',
- 'user' => 'foo',
- 'password' => 'bar',
+ 'user' => 'wazuh-wui',
+ 'password' => 'wazuh-wui',
  },
  ],
 
  $manage_repos = false, # Change to true when manager is not present.
 ) {
+
  if $manage_repos {
  include wazuh::repo
 
@@ -84,19 +83,13 @@
  }
 
  # TODO: Fully manage the opensearch_dashboards.yml and a template file resource
- file_line { 'Setting host for wazuh-dashboard':
- path => '/etc/wazuh-dashboard/opensearch_dashboards.yml',
- line => "server.host: ${dashboard_server_host}",
- match => "^server.host:\s",
+ file { '/etc/wazuh-dashboard/opensearch_dashboards.yml':
+ owner => 'wazuh-dashboard',
+ group => 'wazuh-dashboard',
+ mode => '0640',
+ content => template('wazuh/opensearch_dashboards_yml.erb'),
  require => Package['wazuh-dashboard'],
- notify => Service['wazuh-dashboard'],
- }
- file_line { 'Setting port for wazuh-dashboard':
- path => '/etc/wazuh-dashboard/opensearch_dashboards.yml',
- line => "server.port: ${dashboard_server_port}",
- match => "^server.port:\s",
- require => Package['wazuh-dashboard'],
- notify => Service['wazuh-dashboard'],
+ notify => Service['wazuh-dashboard']
  }
 
  service { 'wazuh-dashboard':
@@ -105,4 +98,23 @@
  hasrestart => true,
  name => $dashboard_service,
  }
+
+ file { ['/usr/share/wazuh-dashboard/data/wazuh/',
+ '/usr/share/wazuh-dashboard/data/wazuh/config/']:
+ ensure => 'directory',
+ owner => 'wazuh-dashboard',
+ group => 'wazuh-dashboard',
+ mode => '0600',
+ require => Package['wazuh-dashboard'],
+ notify => Service['wazuh-dashboard'],
+ }
+
+ file { '/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml':
+ owner => 'wazuh-dashboard',
+ group => 'wazuh-dashboard',
+ mode => '0600',
+ content => template('wazuh/wazuh_yml.erb'),
+ require => Package['wazuh-dashboard'],
+ notify => Service['wazuh-dashboard'],
+ }
 }
diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp
@@ -47,7 +47,8 @@
  # TODO: Include file into the wazuh/wazuh-puppet project or use file { checksum => '..' } for this instead of the exec construct.
  exec { 'cleanup /etc/filebeat/wazuh-template.json':
  command => '/bin/rm /etc/filebeat/wazuh-template.json',
- unless => "/bin/cmp -s '/etc/filebeat/wazuh-template.json' <(curl -s https://raw.githubusercontent.com/wazuh/wazuh/${wazuh_extensions_version}/extensions/elasticsearch/7.x/wazuh-template.json)",
+ onlyif => '/bin/test -f /etc/filebeat/wazuh-template.json',
+ unless => "/bin/curl -s 'https://raw.githubusercontent.com/wazuh/wazuh/${wazuh_extensions_version}/extensions/elasticsearch/7.x/wazuh-template.json' | /bin/cmp -s '/etc/filebeat/wazuh-template.json'",
  }
  -> file { '/etc/filebeat/wazuh-template.json':
  owner => 'root',
@@ -113,4 +114,4 @@
  name => $filebeat_oss_service,
  require => Package['filebeat'],
  }
-}
+}
diff --git a/manifests/indexer.pp b/manifests/indexer.pp
@@ -2,6 +2,7 @@
 # Setup for Wazuh Indexer
 class wazuh::indexer (
  # opensearch.yml configuration
+ $indexer_network_host = '0.0.0.0',
  $indexer_cluster_name = 'wazuh-cluster',
  $indexer_node_name = 'node-1',
  $indexer_node_max_local_storage_nodes = '1',
@@ -21,7 +22,7 @@
  $indexer_cluster_initial_master_nodes = ['node-1'],
 
  $manage_repos = false, # Change to true when manager is not present.
-
+ 
  # JVM options
  $jvm_options_memory = '1g',
 ) {

diff --git a/templates/opensearch_dashboards_yml.erb b/templates/opensearch_dashboards_yml.erb
@@ -0,0 +1,14 @@
+server.host: <%= @dashboard_server_host %>
+server.port: <%= @dashboard_server_port %>
+opensearch.hosts: <%= @indexer_server_host %>
+opensearch.ssl.verificationMode: certificate
+#opensearch.username:
+#opensearch.password:
+opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
+opensearch_security.multitenancy.enabled: false
+opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+server.ssl.enabled: true
+server.ssl.key: "/etc/wazuh-dashboard/certs/dashboard-key.pem"
+server.ssl.certificate: "/etc/wazuh-dashboard/certs/dashboard.pem"
+opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
+uiSettings.overrides.defaultRoute: /app/wazuh
diff --git a/templates/wazuh_api_yml.erb b/templates/wazuh_api_yml.erb
@@ -17,7 +17,6 @@ https:
 # Values for API log level: disabled, info, warning, error, debug, debug2 (each level includes the previous level).
 logs:
  level: <%= @wazuh_api_logs_level %>
- format: <%= @wazuh_api_logs_format %>
 # Cross-origin resource sharing: https://github.com/aio-libs/aiohttp-cors#usage
 cors:
  enabled: <%= @wazuh_api_cors_enabled %>
@@ -39,14 +38,10 @@ drop_privileges: <%= @wazuh_api_drop_privileges %>
 # Enable features under development
 experimental_features: <%= @wazuh_api_experimental_features %>
 # Enable remote commands
-upload_configuration:
- remote_commands:
- localfile:
- allow: <%= @remote_commands_localfile %>
- exceptions: <%= @remote_commands_localfile_exceptions %>
- wodle_command:
- allow: <%= @remote_commands_wodle %>
- exceptions: <%= @remote_commands_wodle_exceptions %>
- limits:
- eps:
- allow: <%= @limits_eps %>
+remote_commands:
+ localfile:
+ enabled: <%= @remote_commands_localfile %>
+ exceptions: <%= @remote_commands_localfile_exceptions %>
+ wodle_command:
+ enabled: <%= @remote_commands_wodle %>
+ exceptions: <%= @remote_commands_wodle_exceptions %>
diff --git a/templates/wazuh_indexer_yml.erb b/templates/wazuh_indexer_yml.erb
@@ -1,4 +1,4 @@
-network.host: "0.0.0.0"
+network.host: "<%= @indexer_network_host %>"
 node.name: "<%= @indexer_node_name %>"
 cluster.initial_master_nodes:
 <% @indexer_cluster_initial_master_nodes.each do |node| -%>

diff --git a/templates/wazuh_yml.erb b/templates/wazuh_yml.erb
@@ -124,7 +124,7 @@
 # user: <user>
 # password: <password>
 hosts:
-<% @kibana_wazuh_api_credentials.each do |api_profile| -%>
+<% @dashboard_wazuh_api_credentials.each do |api_profile| -%>
  - <%= api_profile['id'] %>:
  url: <%= api_profile['url'] %>
  port: <%= api_profile['port'] %>