Merge pull request #113 from wazuh/merge-4.10.0-into-4.10.1

Merge 4.10.0 into 4.10.1
wazuh · Oct 17, 2024 · 8bf006e · 8bf006e
2 parents 99f78c3 + 7aa178b
commit 8bf006e
Show file tree

Hide file tree

Showing 9 changed files with 210 additions and 57 deletions.
diff --git a/.github/workflows/Test_installation_assistant.yml b/.github/workflows/Test_installation_assistant.yml
@@ -1,5 +1,5 @@
 run-name: Test installation assistant - ${{ github.run_id }} - ${{ inputs.SYSTEMS }} - Launched by @${{ github.actor }}
-name: Test installation assistant 
+name: Test installation assistant
 
 on:
  pull_request:
@@ -20,6 +20,10 @@ on:
  options:
  - staging
  - pre-release
+ WAZUH_INSTALLATION_ASSISTANT_REFERENCE:
+ description: 'Branch or tag of the wazuh-installation-assistant repository'
+ required: true
+ default: '4.10.1'
  AUTOMATION_REFERENCE:
  description: 'Branch or tag of the wazuh-automation repository'
  required: true
@@ -62,7 +66,7 @@ permissions:
 
 jobs:
  run-test:
- runs-on: ubuntu-latest
+ runs-on: ubuntu-22.04
  strategy:
  fail-fast: false # If a job fails, the rest of jobs will not be canceled
  matrix:
@@ -71,10 +75,12 @@ jobs:
  steps:
  - name: Checkout code
  uses: actions/checkout@v4
+ with:
+ ref: ${{ inputs.WAZUH_INSTALLATION_ASSISTANT_REFERENCE }}
 
  - name: View parameters
  run: echo "${{ toJson(inputs) }}"
- 
+
  - name: Set COMPOSITE_NAME variable
  run: |
  case "${{ matrix.system }}" in
@@ -115,7 +121,7 @@ jobs:
 
  - name: Install Ansible
  run: sudo apt-get update && sudo apt install -y python3 && python3 -m pip install --user ansible-core==2.16
- 
+
  - name: Set up AWS credentials
  uses: aws-actions/configure-aws-credentials@v4
  with:
@@ -144,7 +150,7 @@ jobs:
  sed 's/: */=/g' $ALLOCATOR_PATH/inventory.yml > $ALLOCATOR_PATH/inventory_mod.yml
  sed -i 's/-o StrictHostKeyChecking=no/\"-o StrictHostKeyChecking=no\"/g' $ALLOCATOR_PATH/inventory_mod.yml
  source $ALLOCATOR_PATH/inventory_mod.yml
- 
+
  echo "[gha_instance]" > $ALLOCATOR_PATH/inventory
  echo "$ansible_host ansible_port=$ansible_port ansible_user=$ansible_user ansible_ssh_private_key_file=$ansible_ssh_private_key_file ansible_ssh_common_args='$ansible_ssh_common_args'" >> $ALLOCATOR_PATH/inventory
 
@@ -186,13 +192,13 @@ jobs:
  -e "logs_path=$LOGS_PATH" \
  -e "test_name=$TEST_NAME" \
  "${{ inputs.VERBOSITY }}"
- 
+
  - name: Compress Allocator VM directory
  id: compress_allocator_files
  if: always() && steps.allocator_instance.outcome == 'success' && inputs.DESTROY == false
  run: |
  zip -P "${{ secrets.ZIP_ARTIFACTS_PASSWORD }}" -r $ALLOCATOR_PATH.zip $ALLOCATOR_PATH
- 
+
  - name: Upload Allocator VM directory as artifact
  if: always() && steps.compress_allocator_files.outcome == 'success' && inputs.DESTROY == false
  uses: actions/upload-artifact@v4
@@ -203,4 +209,4 @@ jobs:
  - name: Delete allocated VM
  if: always() && steps.allocator_instance.outcome == 'success' && inputs.DESTROY == true
  run: python3 wazuh-automation/deployability/modules/allocation/main.py --action delete --track-output $ALLOCATOR_PATH/track.yml
- 
+
diff --git a/.github/workflows/Test_installation_assistant_distributed.yml b/.github/workflows/Test_installation_assistant_distributed.yml
@@ -1,5 +1,5 @@
 run-name: (Distributed) Test installation assistant - ${{ github.run_id }} - ${{ inputs.SYSTEMS }} - Launched by @${{ github.actor }}
-name: (Distributed) Test installation assistant 
+name: (Distributed) Test installation assistant
 
 on:
  pull_request:
@@ -20,6 +20,10 @@ on:
  options:
  - staging
  - pre-release
+ WAZUH_INSTALLATION_ASSISTANT_REFERENCE:
+ description: 'Branch or tag of the wazuh-installation-assistant repository'
+ required: true
+ default: '4.10.1'
  AUTOMATION_REFERENCE:
  description: 'Branch or tag of the wazuh-automation repository'
  required: true
@@ -64,7 +68,7 @@ permissions:
 
 jobs:
  run-test:
- runs-on: ubuntu-latest
+ runs-on: ubuntu-22.04
  strategy:
  fail-fast: false # If a job fails, the rest of jobs will not be canceled
  matrix:
@@ -73,10 +77,12 @@ jobs:
  steps:
  - name: Checkout code
  uses: actions/checkout@v4
+ with:
+ ref: ${{ inputs.WAZUH_INSTALLATION_ASSISTANT_REFERENCE }}
 
  - name: View parameters
  run: echo "${{ toJson(inputs) }}"
- 
+
  - name: Set COMPOSITE_NAME variable
  run: |
  case "${{ matrix.system }}" in
@@ -117,7 +123,7 @@ jobs:
 
  - name: Install Ansible
  run: sudo apt-get update && sudo apt install -y python3 && python3 -m pip install --user ansible-core==2.16 && pip install pyyaml && ansible-galaxy collection install community.general
- 
+
  - name: Set up AWS credentials
  uses: aws-actions/configure-aws-credentials@v4
  with:
@@ -152,7 +158,7 @@ jobs:
  echo "[managers]" > $inventory_managers
  echo "[dashboards]" > $inventory_dashboards
  echo "[all:vars]" > $inventory_common
- 
+
  for i in ${!instance_names[@]}; do
  instance_name=${instance_names[$i]}
  # Provision instance in parallel
@@ -178,7 +184,7 @@ jobs:
  if [[ $i -eq 0 ]]; then
  echo "indexer1 ansible_host=$ansible_host private_ip=$private_ip ansible_ssh_private_key_file=$ansible_ssh_private_key_file" >> $inventory_indexers
  echo "master ansible_host=$ansible_host private_ip=$private_ip ansible_ssh_private_key_file=$ansible_ssh_private_key_file manager_type=master instance_type=indexer_manager" >> $inventory_managers
- 
+
  echo "ansible_user=$ansible_user" >> $inventory_common
  echo "ansible_port=$ansible_port" >> $inventory_common
  echo "ansible_ssh_common_args='$ansible_ssh_common_args'" >> $inventory_common
@@ -201,7 +207,7 @@ jobs:
  cat $inventory_managers >> $inventory_file
  cat $inventory_dashboards >> $inventory_file
  cat $inventory_common >> $inventory_file
- 
+
  - name: Execute provision playbook
  run: |
  INSTALL_DEPS=true
@@ -218,14 +224,14 @@ jobs:
  -e "install_python=$INSTALL_PYTHON" \
  -e "install_pip_deps=$INSTALL_PIP_DEPS" \
  "${{ inputs.VERBOSITY }}"
- 
+
  - name: Execute certificates generation playbook
  run: |
  ANSIBLE_STDOUT_CALLBACK=$ANSIBLE_CALLBACK ansible-playbook .github/workflows/ansible-playbooks/distributed_generate_certificates.yml \
  -i $ALLOCATOR_PATH/inventory \
  -e "resources_path=$RESOURCES_PATH" \
  "${{ inputs.VERBOSITY }}"
- 
+
  - name: Copy certificates to nodes
  run: |
  ANSIBLE_STDOUT_CALLBACK=$ANSIBLE_CALLBACK ansible-playbook .github/workflows/ansible-playbooks/distributed_copy_certificates.yml \
@@ -243,7 +249,7 @@ jobs:
  -e "tmp_path=$TMP_PATH" \
  -e "pkg_repository=$PKG_REPOSITORY" \
  "${{ inputs.VERBOSITY }}"
- 
+
  - name: Execute indexer cluster start playbook
  run: |
  INDEXER_ADMIN_PASSWORD="admin"
@@ -253,7 +259,7 @@ jobs:
  -e "tmp_path=$TMP_PATH" \
  -e "pkg_repository=$PKG_REPOSITORY" \
  "${{ inputs.VERBOSITY }}"
- 
+
  - name: Execute server installation playbook
  run: |
  ANSIBLE_STDOUT_CALLBACK=$ANSIBLE_CALLBACK ansible-playbook .github/workflows/ansible-playbooks/distributed_install_wazuh.yml \
@@ -262,7 +268,7 @@ jobs:
  -e "tmp_path=$TMP_PATH" \
  -e "pkg_repository=$PKG_REPOSITORY" \
  "${{ inputs.VERBOSITY }}"
- 
+
  - name: Execute dashboard installation playbook
  run: |
  ANSIBLE_STDOUT_CALLBACK=$ANSIBLE_CALLBACK ansible-playbook .github/workflows/ansible-playbooks/distributed_install_dashboard.yml \
@@ -271,7 +277,7 @@ jobs:
  -e "tmp_path=$TMP_PATH" \
  -e "pkg_repository=$PKG_REPOSITORY" \
  "${{ inputs.VERBOSITY }}"
- 
+
  - name: Execute Python test playbook
  run: |
  ANSIBLE_STDOUT_CALLBACK=$ANSIBLE_CALLBACK ansible-playbook .github/workflows/ansible-playbooks/distributed_tests.yml \
@@ -280,13 +286,13 @@ jobs:
  -e "tmp_path=$TMP_PATH" \
  -e "test_name=$TEST_NAME" \
  "${{ inputs.VERBOSITY }}"
- 
+
  - name: Compress Allocator VM directory
  id: compress_allocator_files
  if: always() && steps.allocator_instance.outcome == 'success' && inputs.DESTROY == false
  run: |
  zip -P "${{ secrets.ZIP_ARTIFACTS_PASSWORD }}" -r $ALLOCATOR_PATH.zip $ALLOCATOR_PATH
- 
+
  - name: Upload Allocator VM directory as artifact
  if: always() && steps.compress_allocator_files.outcome == 'success' && inputs.DESTROY == false
  uses: actions/upload-artifact@v4
@@ -298,13 +304,13 @@ jobs:
  if: always() && steps.allocator_instance.outcome == 'success' && inputs.DESTROY == true
  run: |
  instance_names=($INSTANCE_NAMES)
- 
+
  for i in ${!instance_names[@]}; do
  instance_name=${instance_names[$i]}
  track_file="$ALLOCATOR_PATH/track_${instance_name}.yml"
- 
+
  echo "Deleting instance: $instance_name using track file $track_file"
- 
+
  (
  # Delete instance
  python3 wazuh-automation/deployability/modules/allocation/main.py \

diff --git a/.github/workflows/builder_installation_assistant.yml b/.github/workflows/builder_installation_assistant.yml
@@ -0,0 +1,136 @@
+run-name: Build Installation Assistant ${{ inputs.id }} - Branch ${{ github.ref_name }} - Launched by @${{ github.actor }}
+name: Build Installation Assistant
+
+on:
+ workflow_dispatch:
+ inputs:
+ wazuh_installation_assistant_reference:
+ description: "Branch or tag of the wazuh-installation-assistant repository."
+ required: true
+ default: 4.10.1
+ is_stage:
+ description: "Is stage?"
+ type: boolean
+ default: false
+ checksum:
+ description: "Add checksum"
+ type: boolean
+ default: false
+ id:
+ description: "ID used to identify the workflow uniquely."
+ type: string
+ required: false
+ workflow_call:
+ inputs:
+ wazuh_installation_assistant_reference:
+ description: "Branch or tag of the wazuh-installation-assistant repository."
+ type: string
+ required: true
+ default: 4.10.1
+ is_stage:
+ description: "Is stage?"
+ type: boolean
+ default: false
+ checksum:
+ description: "Add checksum"
+ type: boolean
+ default: false
+ id:
+ type: string
+ required: false
+
+env:
+ S3_BUCKET: ${{ vars.AWS_S3_BUCKET }}
+ S3_REPOSITORY_PATH: "development/wazuh/4.x/secondary/installation-assistant"
+ BUILDER_PATH: "builder.sh"
+ WAZUH_INSTALL_NAME: "wazuh-install"
+ WAZUH_CERT_TOOL_NAME: "wazuh-certs-tool"
+ WAZUH_PASSWORD_TOOL_NAME: "wazuh-passwords-tool"
+
+permissions:
+ id-token: write
+ contents: read
+
+jobs:
+ Build_Installation_Assistant:
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: View parameters
+ run: echo "${{ toJson(inputs) }}"
+
+ - name: Checkout wazuh-installation-assistant repository
+ uses: actions/checkout@v4
+ with:
+ ref: ${{ inputs.wazuh_installation_assistant_reference }}
+
+ - name: Configure aws credentials
+ uses: aws-actions/configure-aws-credentials@v3
+ with:
+ role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
+ aws-region: us-east-1
+
+ - name: Get short sha and wazuh version
+ run: |
+ COMMIT_SHORT_SHA=$(git rev-parse --short ${{ github.sha }})
+ WAZUH_VERSION=$(grep -oP '(?<=readonly wazuh_version=").*(?=")' ${{github.workspace}}/install_functions/installVariables.sh)
+ echo "WAZUH_VERSION=$WAZUH_VERSION" >> $GITHUB_ENV
+ echo "COMMIT_SHORT_SHA=$COMMIT_SHORT_SHA" >> $GITHUB_ENV
+
+ - name: Change files name for stage build
+ if: ${{ inputs.is_stage == false }}
+ run: |
+ sed -i 's|${{ env.WAZUH_INSTALL_NAME }}.sh|${{ env.WAZUH_INSTALL_NAME }}-${{ env.COMMIT_SHORT_SHA }}.sh|g' "${{ env.BUILDER_PATH }}"
+ sed -i 's|${{ env.WAZUH_CERT_TOOL_NAME }}.sh|${{ env.WAZUH_CERT_TOOL_NAME }}-${{ env.COMMIT_SHORT_SHA }}.sh|g' "${{ env.BUILDER_PATH }}"
+ sed -i 's|${{ env.WAZUH_PASSWORD_TOOL_NAME }}.sh|${{ env.WAZUH_PASSWORD_TOOL_NAME }}-${{ env.COMMIT_SHORT_SHA }}.sh|g' "${{ env.BUILDER_PATH }}"
+
+ - name: Build Installation Assistant packages
+ run: bash builder.sh -i -c -p
+
+ - name: Save files name
+ run: |
+ WAZUH_INSTALL_NAME=$(ls ${{ github.workspace }}/${{ env.WAZUH_INSTALL_NAME }}*.sh | xargs basename)
+ WAZUH_CERT_TOOL_NAME=$(ls ${{ github.workspace }}/${{ env.WAZUH_CERT_TOOL_NAME }}*.sh | xargs basename)
+ WAZUH_PASSWORD_TOOL_NAME=$(ls ${{ github.workspace }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }}*.sh | xargs basename)
+ echo "WAZUH_INSTALL_NAME=$WAZUH_INSTALL_NAME" >> $GITHUB_ENV
+ echo "WAZUH_CERT_TOOL_NAME=$WAZUH_CERT_TOOL_NAME" >> $GITHUB_ENV
+ echo "WAZUH_PASSWORD_TOOL_NAME=$WAZUH_PASSWORD_TOOL_NAME" >> $GITHUB_ENV
+
+ - name: Prepare files
+ run: |
+ mkdir -p ${{ github.workspace }}/${{ env.WAZUH_VERSION }}
+ mv ${{ env.WAZUH_INSTALL_NAME }} ${{ github.workspace }}/${{ env.WAZUH_VERSION }}
+ mv ${{ env.WAZUH_CERT_TOOL_NAME }} ${{ github.workspace }}/${{ env.WAZUH_VERSION }}
+ mv ${{ env.WAZUH_PASSWORD_TOOL_NAME }} ${{ github.workspace }}/${{ env.WAZUH_VERSION }}
+
+ - name: Build packages checksum
+ if: ${{ inputs.checksum == true }}
+ run: |
+ sha512sum ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }} > ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }}.sha512
+ sha512sum ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }} > ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }}.sha512
+ sha512sum ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }} > ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }}.sha512
+
+ - name: Upload files to S3
+ run: |
+ aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }} s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/
+ s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }}"
+ echo "S3 wazuh-install URI: ${s3uri}"
+ aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }} s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/
+ s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }}"
+ echo "S3 wazuh-certs-tool URI: ${s3uri}"
+ aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }} s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/
+ s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }}"
+ echo "S3 wazuh-passwords-tool URI: ${s3uri}"
+
+ - name: Upload checksum files to S3
+ if: ${{ inputs.checksum == true }}
+ run: |
+ aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }}.sha512 s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/
+ s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }}.sha512"
+ echo "S3 sha512 wazuh-install checksum URI: ${s3uri}"
+ aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }}.sha512 s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/
+ s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }}.sha512"
+ echo "S3 sha512 wazuh-certs-tool checksum URI: ${s3uri}"
+ aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }}.sha512 s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/
+ s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }}.sha512"
+ echo "S3 sha512 wazuh-passwords-tool checksum URI: ${s3uri}"