Add filebeat install into worker nodes

[vcerenu]

Within the distributed installation of Wazuh Puppet the Filebeat installation was not added within the Wazuh Manager worker nodes:

In the filebeat_oss.pp manifest, it is not contemplated to use another name for the creation of the filebeat.pem certificate than manager-master.pem, since it was only deployed on a single node previously:

  $_certfiles = {
    'manager-master.pem'     => 'filebeat.pem',
    'manager-master-key.pem' => 'filebeat-key.pem',
    'root-ca.pem'    => 'root-ca.pem',
  }

It is necessary to modify the logic so that it takes the certificate created for each node and add the Filebeat installation on the Wazuh manager workers nodes.

[vcerenu]

Deployment Tests;

AIO deployment:

ssl certificate extracted:

Debug: HTTP GET https://ip-172-31-39-0:8140/puppet/v3/file_metadatas/modules/archive/manager-master.pem?recurse=true&max_files=0&links=manage&checksum_type=sha256&source_permissions=ignore&environment=production returned 200 OK

ssl certificate info:

subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = manager-master
notAfter=Dec 17 11:15:12 2033 GMT

Distributed deployment:

Master:

ssl certificate extracted:

Debug: HTTP GET https://ip-172-31-39-0:8140/puppet/v3/file_metadata/modules/archive/manager-master-key.pem?links=manage&checksum_type=sha256&source_permissions=ignore&environment=production returned 200 OK

ssl certificate info:

subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = manager-master
notAfter=Dec 17 11:15:12 2033 GMT

Worker:

ssl certificate extracted:

Debug: HTTP GET https://ip-172-31-39-0:8140/puppet/v3/file_metadata/modules/archive/manager-worker-key.pem?links=manage&checksum_type=sha256&source_permissions=ignore&environment=production returned 200 OK

ssl certificate info:

subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = manager-worker
notAfter=Dec 17 13:45:27 2033 GMT

[vcerenu]

I carried out a deployment test, creating the certificates and installing Filebeat, to test the addition of the master_name and worker_name variable in the Puppet documentation, so the certificates created always contain the same name that filebeat will request when searching for the ssl certificates . commit
Certificate creation:

Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/manager-master-key.pem]/ensure: defined content as '{sha256}389aab6e8217acdab96656702e691cec83c5a8d3a7213d78957b582f1ae446dc' (corrective)
Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/manager-master.pem]/ensure: defined content as '{sha256}38d477cd864e8d7448374b696d74516258dce0e56f71b11b03790ae42b811e78' (corrective)
Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/manager-worker-key.pem]/ensure: defined content as '{sha256}2f4275d5f4301235c6e75bb57691ec99f95e8143ea3efd4f870a54f9b779906f' (corrective)
Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/manager-worker.pem]/ensure: defined content as '{sha256}c13eb3e78678f4f494500d0457aa93851cf5eb55b37a2e221dd326ad2df7ad89' (corrective)

Get certificate during Filebeat install in master node:

Debug: HTTP GET https://ip-172-31-39-0:8140/puppet/v3/file_metadata/modules/archive/manager-master-key.pem?links=manage&checksum_type=sha256&source_permissions=ignore&environment=production returned 200 OK

Get certificate during Filebeat install in worker node:

Debug: HTTP GET https://ip-172-31-39-0:8140/puppet/v3/file_metadata/modules/archive/manager-worker-key.pem?links=manage&checksum_type=sha256&source_permissions=ignore&environment=production returned 200 OK