Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Puppet MVP - Adapting to the new installation mode #1221

Open
3 tasks
vcerenu opened this issue Jan 23, 2025 · 3 comments
Open
3 tasks

Puppet MVP - Adapting to the new installation mode #1221

vcerenu opened this issue Jan 23, 2025 · 3 comments
Assignees
@vcerenu
Labels
level/subtask Subtask issue type/enhancement Enhacement or new feature

Comments

@vcerenu
Copy link
Member

vcerenu commented Jan 23, 2025

Description

Due to the lack of apt and yum repositories for deploying Wazuh in 5.0.0, it is necessary to adapt the current resource used for installing packages in Puppet agents.

Currently, the installation is done as follows:

# install package
  package { '$package_name':
    ensure => $version_install,
    name   => $package_name,
  }

It is necessary to create a class or function that generates the same result as the previous resource, downloading the packages from a URL and installing them locally.
It is necessary to investigate whether this is possible while maintaining the idempotence that Puppet requires in each of its resources.

Tasks

  • Investigate the possibility of generating a class or function that allows the package to be installed manually with idempotency.
  • Generate the installation class, which will work with any DEB or RPM package of each of the components.
  • Verify that it works correctly and that it does not generate unnecessary executions when the purpose of the class has been achieved.
@vcerenu vcerenu mentioned this issue Jan 23, 2025
Open
@vcerenu vcerenu added the level/subtask Subtask issue label Jan 23, 2025
@vcerenu vcerenu self-assigned this Jan 27, 2025
@teddytpc1 teddytpc1 changed the title MVP - Adapting to the new installation mode Puppet MVP - Adapting to the new installation mode Jan 27, 2025
@wazuhci wazuhci moved this to Backlog in XDR+SIEM/Release 5.0.0 Jan 27, 2025
@teddytpc1 teddytpc1 added level/task Task issue type/enhancement Enhacement or new feature level/subtask Subtask issue and removed level/subtask Subtask issue type/enhancement Enhacement or new feature level/task Task issue labels Jan 27, 2025
@wazuhci wazuhci moved this from Backlog to In progress in XDR+SIEM/Release 5.0.0 Jan 28, 2025
@vcerenu
Copy link
Member Author

vcerenu commented Jan 28, 2025

Update

I've been doing several tests on this change, modifying the installation process so that it can take the URL of the file that we will download from S3 and from there install each of the packages.

I had generated a new class so that I can install each of the components, but the same class cannot be used multiple times, so I used a defined resource, which allows the same code to be instantiated multiple times:

define wazuh::install_product (
  String $package_name,
  String $wazuh_version = '4.9.2',
  String $destination = '/tmp/packages_url.txt',
  String $rpm_based = 'RedHat|Suse|Amazon|OracleLinux|AlmaLinux|Rocky',
  String $deb_based = 'Debian|Ubuntu|Mint|Kali|Raspbian',
  String $download_dir = '/tmp',
) {
  # Determine the package type (rpm or deb) based on the OS family.
  if $facts['os']['family'] =~ Regexp($rpm_based) {
    $package_type = 'rpm'
    $check_command = "/bin/rpm -q ${package_name}" # Command to check if the package is installed (RPM)
  } elsif $facts['os']['family'] =~ Regexp($deb_based) {
    $package_type = 'deb'
    $check_command = "/usr/bin/dpkg-query -l ${package_name} | grep '^ii'" # Command to check if the package is installed (DEB)
  } else {
    fail("Unsupported OS family: ${facts['os']['family']}") # Fail if the OS family is not supported
  }

  # Determine the package architecture.
  $package_arch = $facts['os']['architecture'] ? {
    'x86_64' => 'amd64',
    default  => $facts['os']['architecture'],
  }

  # Construct the package filename.
  $package_pattern = "${package_name}-${wazuh_version}-${package_arch}.${package_type}"

  # Find the package URL in the downloaded file.
  exec { "filter_and_extract_${package_name}__${title}":
    command   => "/usr/bin/sed -n '/^${package_pattern}:/p' ${destination} | /usr/bin/awk -F': ' '{print \$2}' > ${destination}.bak && mv ${destination}.bak ${destination}",
    path      => ['/usr/sbin', '/usr/bin', '/sbin', '/bin', '/usr/local/sbin', '/usr/local/bin'],
    logoutput => true,
  }

  if $destination {
    exec { "download_file_from_url_${package_name}__${title}":
      command   => "tr -d '\r' < ${destination} | xargs /usr/bin/curl -o '${download_dir}/${package_pattern}'",
      path      => ['/usr/sbin', '/usr/bin', '/sbin', '/bin', '/usr/local/sbin', '/usr/local/bin'],
      logoutput => true,
    }

    # Determine the install command based on the package type.
    $install_command = $package_type ? {
      'rpm' => "/bin/rpm -ivh ${download_dir}/${package_pattern}",
      'deb' => "dpkg -i ${download_dir}/${package_pattern} || apt-get install -f -y",
    }

    notify { "Command to install: ${install_command}": }

    # Install the package.
    exec { "install_${package_pattern}":
      command   => $install_command,
      path      => ['/usr/sbin', '/usr/bin', '/sbin', '/bin', '/usr/local/sbin', '/usr/local/bin'],
      onlyif    => "dpkg-deb --info ${download_dir}/${package_pattern}",
      unless    => $check_command, # Only install if the package is not already installed
      logoutput => true,
    }

    # Remove the downloaded package file.
    file { "${download_dir}/${package_pattern}":
      ensure => absent,
      force  => true,
    }
  } else {
    warning("URL for ${package_pattern} not found in ${destination}")
  }
}

Once the resource was generated, I was testing the functioning of the code and the definition of each of the steps has to contain different names in each of the different instances of the resource, so I was modifying the title of each of the actions so that I don't have the problem of having repeated titles because it generates errors of the following type:

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Evaluation Error: Error while evaluating a Resource Statement, Duplicate declaration: Exec[download_file_from_url] is already declared at (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/install_product.pp, line: 48); cannot redeclare (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/install_product.pp, line: 48) (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/install_product.pp, line: 48, column: 5) (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/manager.pp, line: 10) on node ip-172-31-47-161.ec2.internal

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Evaluation Error: Error while evaluating a Resource Statement, Duplicate declaration: Notify[Extracted package URL: /tmp/packages_url.txt] is already declared at (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/install_product.pp, line: 47); cannot redeclare (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/install_product.pp, line: 47) (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/install_product.pp, line: 47, column: 3) (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/manager.pp, line: 10) on node ip-172-31-47-161.ec2.internal

These errors were generated because the defined resource generates resource execution titles equal to when I instantiate them from the wazuh::manager class, so I had to find ways to differentiate these titles.

I also had to create a separate class that allows me to download the file from URLs since I cannot generate the same file multiple times, so in the first place there was a class that downloads the file:

class wazuh::package_list (
$prod_url = 'https://devops-wazuh-artifacts-pub.s3.us-west-1.amazonaws.com/devops-overhaul/packages_url.txt',
$destination = '/tmp/packages_url.txt',
) {
exec { 'download_packages_url_from_url':
command => "/usr/bin/curl --fail --location -o ${destination} ${prod_url}",
path => ['/usr/sbin', '/usr/bin', '/sbin', '/bin', '/usr/local/sbin', '/usr/local/bin'],
creates => $destination, # is created when the file does not exist
unless => "test -f ${destination}", # not executed if file exists.
logoutput => true,
}
}

After this I have to re-verify the extraction of the URL of each component to install, without making any modifications to the file, since this same file must be used in each of the executions of the classes that install the components and the file would only be deleted at the end of all the work, since I cannot call the class that downloads this file several times again.

@vcerenu
Copy link
Member Author

vcerenu commented Jan 29, 2025

Update

I have made some changes to the defined resource install_product, which allowed me to perform the installation of Wazuh indexer within the Puppet agent server, obtaining the URL of the file that is downloaded from the prodiuct_list class that I talked about earlier:

# Defined type to install Wazuh components from custom URLs
# @param package_name Name of the Wazuh component (e.g., 'wazuh-manager')
# @param wazuh_version Version of the component to install (e.g., '4.9.2')
define wazuh::install_product (
  String $package_name,
  String $wazuh_version = '4.9.2',
) {

  # Determine package provider based on OS family
  $provider = $facts['os']['family'] ? {
    'Debian' => 'dpkg',  # Correct provider name for .deb packages
    'RedHat' => 'rpm',   # Keep rpm for RedHat
    default  => fail("Unsupported OS family: ${facts['os']['family']}"),
  }

  # Determine package format (deb/rpm) based on OS family
  $compatibility = $facts['os']['family'] ? {
    'Debian' => 'deb',
    'RedHat' => 'rpm',
    default  => fail("Unsupported OS family: ${facts['os']['family']}"),
  }

  # Normalize architecture naming conventions
  $architecture = $facts['os']['architecture'] ? {
    'x86_64'  => 'amd64',   # Convert x86_64 to amd64
    'aarch64' => 'arm64',   # Convert aarch64 to arm64
    default   => $facts['os']['architecture'],
  }

  # Generate package identifier key
  $key = "${package_name}-${wazuh_version}-${architecture}.${compatibility}"

  # Download specific package using extracted URL
  exec { "download_${key}":
    command => "sh -c 'url=\$(grep -F '${key}:' /tmp/packages_url.txt | tr -d \"\\r\" | cut -d \" \" -f2); curl -o /tmp/${key} \$url'",
    unless  => "test -f /tmp/${key} && dpkg -I /tmp/${key} >/dev/null 2>&1",
    path    => ['/usr/bin', '/bin', '/sbin'],
    timeout => 600,
    require => [
      Exec['download_packages_url_from_url'],
    ],
  }

  # Install the package using correct provider
  package { $package_name:
    ensure   => installed,
    provider => $provider,  # Now using validated provider names
    source   => "/tmp/${key}",
    require  => Exec["download_${key}"],
  }
}

Each of the steps that are executed within the defined resource must maintain a dependency on each of the actions that they really need as a dependency, otherwise the execution is done in a disordered way.
This problem became more visible when I modified the wazuh::indexer class, which required modifying the installation method, but which in turn required adding more explicitly the dependency in the execution of the installation so that it does not try to modify the configuration files before it tries to install the package:, so I was able to have a modified version of the previous class with the current adaptations:

# Copyright (C) 2015, Wazuh Inc.
# Setup for Wazuh Indexer
class wazuh::indexer (
  # opensearch.yml configuration
  $indexer_network_host = '0.0.0.0',
  $indexer_cluster_name = 'wazuh-cluster',
  $indexer_node_name = 'node-1',
  $indexer_node_max_local_storage_nodes = '1',
  $indexer_service = 'wazuh-indexer',
  $indexer_package = 'wazuh-indexer',
  $indexer_version = '4.9.2',
  $indexer_fileuser = 'wazuh-indexer',
  $indexer_filegroup = 'wazuh-indexer',

  $indexer_path_data = '/var/lib/wazuh-indexer',
  $indexer_path_logs = '/var/log/wazuh-indexer',
  $indexer_path_certs = '/etc/wazuh-indexer/certs',
  $indexer_security_init_lockfile = '/var/tmp/indexer-security-init.lock',
  $full_indexer_reinstall = false, # Change to true when whant a full reinstall of Wazuh indexer

  $indexer_ip = 'localhost',
  $indexer_port = '9200',
  $indexer_discovery_hosts = [], # Empty array for single-node configuration
  $indexer_cluster_initial_master_nodes = ['node-1'],
  $indexer_cluster_CN = ['node-1'],

  # JVM options
  $jvm_options_memory = '1g',
) {
  wazuh::install_product { 'Wazuh indexer':
    package_name  => $indexer_package,
    wazuh_version => $indexer_version,
  }

  exec { "ensure full path of ${indexer_path_certs}":
    path    => '/usr/bin:/bin',
    command => "mkdir -p ${indexer_path_certs}",
    creates => $indexer_path_certs,
    require => Wazuh::Install_product['Wazuh indexer'],
  }
  -> file { $indexer_path_certs:
    ensure  => directory,
    owner   => $indexer_fileuser,
    group   => $indexer_filegroup,
    mode    => '0500',
    require => Wazuh::Install_product['Wazuh indexer'],
  }

  [
   "indexer-$indexer_node_name.pem",
   "indexer-$indexer_node_name-key.pem",
   'root-ca.pem',
   'admin.pem',
   'admin-key.pem',
  ].each |String $certfile| {
    file { "${indexer_path_certs}/${certfile}":
      ensure  => file,
      owner   => $indexer_fileuser,
      group   => $indexer_filegroup,
      mode    => '0400',
      replace => true,
      recurse => remote,
      source  => "puppet:///modules/archive/${certfile}",
      require => Wazuh::Install_product['Wazuh indexer'],
    }
  }

  $opensearch_parameters = [
    "network.host: ${indexer_network_host}",
    "node.name: ${indexer_node_name}",
    "plugins.security.ssl.http.pemcert_filepath: ${indexer_path_certs}/indexer-${indexer_node_name}.pem",
    "plugins.security.ssl.http.pemkey_filepath: ${indexer_path_certs}/indexer-${indexer_node_name}-key.pem",
    "plugins.security.ssl.http.pemtrustedcas_filepath: ${indexer_path_certs}/root-ca.pem",
    "plugins.security.ssl.transport.pemcert_filepath: ${indexer_path_certs}/indexer-${indexer_node_name}.pem",
    "plugins.security.ssl.transport.pemkey_filepath: ${indexer_path_certs}/indexer-${indexer_node_name}-key.pem",
    "plugins.security.ssl.transport.pemtrustedcas_filepath: ${indexer_path_certs}/root-ca.pem",
  ]

  $opensearch_parameters.each |$update| {
    $parts = split($update, ': ')
    $key = $parts[0]
    $value = $parts[1]

    augeas { "yaml_config_${key}":
      lens    => 'Yaml.lns',
      incl    => '/etc/wazuh-indexer/opensearch.yml',
      changes => "set ${key} '${value}'",
      onlyif  => "get ${key} != '${value}'",
      require => [
        File['/etc/wazuh-indexer/opensearch.yml'],
        Package['wazuh-indexer']
      ],
      notify  => Service['wazuh-indexer'],
    }
  }

  file { '/etc/wazuh-indexer/opensearch.yml':
    ensure  => file,
    require => [
      Wazuh::Install_product['Wazuh indexer']
    ],
  }

  file_line { 'Insert line initial size of total heap space':
    path    => '/etc/wazuh-indexer/jvm.options',
    line    => "-Xms${jvm_options_memory}",
    match   => '^-Xms',
    notify  => Service['wazuh-indexer'],
    require => Wazuh::Install_product['Wazuh indexer'],
  }

  file_line { 'Insert line maximum size of total heap space':
    path    => '/etc/wazuh-indexer/jvm.options',
    line    => "-Xmx${jvm_options_memory}",
    match   => '^-Xmx',
    notify  => Service['wazuh-indexer'],
    require => Wazuh::Install_product['Wazuh indexer'],
  }

  service { 'wazuh-indexer':
    ensure  => running,
    enable  => true,
    name    => $indexer_service,
    require => Wazuh::Install_product['Wazuh indexer'],
  }

  file_line { "Insert line limits nofile for ${indexer_fileuser}":
    path   => '/etc/security/limits.conf',
    line   => "${indexer_fileuser} - nofile  65535",
    match  => "^${indexer_fileuser} - nofile\s",
    notify => Service['wazuh-indexer'],
    require => Wazuh::Install_product['Wazuh indexer'],
  }
  file_line { "Insert line limits memlock for ${indexer_fileuser}":
    path   => '/etc/security/limits.conf',
    line   => "${indexer_fileuser} - memlock unlimited",
    match  => "^${indexer_fileuser} - memlock\s",
    notify => Service['wazuh-indexer'],
    require => Wazuh::Install_product['Wazuh indexer'],
  }

  # TODO: this should be done by the package itself and not by puppet at all
  [
    '/etc/wazuh-indexer',
    '/usr/share/wazuh-indexer',
    '/var/lib/wazuh-indexer',
  ].each |String $file| {
    exec { "set recusive ownership of ${file}":
      path        => '/usr/bin:/bin',
      command     => "chown ${indexer_fileuser}:${indexer_filegroup} -R ${file}",
      refreshonly => true,  # only run when package is installed or updated
      notify      => Service['wazuh-indexer'],
      require => Wazuh::Install_product['Wazuh indexer'],
    }
  }

  if $full_indexer_reinstall {
    file { $indexer_security_init_lockfile:
      ensure  => absent,
      before  => Exec['Initialize the Opensearch security index in Wazuh indexer'],
    }
  }
}

Wazuh indexer could be installed, but the problem now is the customization of the configuration file, something I am doing with the augeas tools, but I am having problems to get it to recognize the /etc/wazuh-indexer/opensearch.yml file:

Debug: Augeas[yaml_config_network.host](provider=augeas): Opening augeas with root /, lens path , flags 64
Debug: Augeas[yaml_config_network.host](provider=augeas): Augeas version 1.14.1 is installed
Warning: Augeas[yaml_config_network.host](provider=augeas): Loading failed for one or more files, see debug for /augeas//error output
Debug: Augeas[yaml_config_network.host](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error = parse_failed
Debug: Augeas[yaml_config_network.host](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/pos = 0
Debug: Augeas[yaml_config_network.host](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/line = 1
Debug: Augeas[yaml_config_network.host](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/char = 0
Debug: Augeas[yaml_config_network.host](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/lens = /opt/puppetlabs/puppet/share/augeas/lenses/dist/yaml.aug:78.10-.78:
Debug: Augeas[yaml_config_network.host](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/message = Get did not match entire input
Debug: Augeas[yaml_config_network.host](provider=augeas): Will attempt to save and only run if files changed
Debug: Augeas[yaml_config_network.host](provider=augeas): sending command 'set' with params ["/files/etc/wazuh-indexer/opensearch.yml/network.host", "0.0.0.0"]
Debug: Augeas[yaml_config_network.host](provider=augeas): Closed the augeas connection
Error: /Stage[indexerdeploy]/Wazuh::Indexer/Augeas[yaml_config_network.host]: Could not evaluate: Save failed, see debug output for details
Debug: Augeas[yaml_config_node.name](provider=augeas): Opening augeas with root /, lens path , flags 64
Debug: Augeas[yaml_config_node.name](provider=augeas): Augeas version 1.14.1 is installed
Warning: Augeas[yaml_config_node.name](provider=augeas): Loading failed for one or more files, see debug for /augeas//error output
Debug: Augeas[yaml_config_node.name](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error = parse_failed
Debug: Augeas[yaml_config_node.name](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/pos = 0
Debug: Augeas[yaml_config_node.name](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/line = 1
Debug: Augeas[yaml_config_node.name](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/char = 0
Debug: Augeas[yaml_config_node.name](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/lens = /opt/puppetlabs/puppet/share/augeas/lenses/dist/yaml.aug:78.10-.78:
Debug: Augeas[yaml_config_node.name](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/message = Get did not match entire input
Debug: Augeas[yaml_config_node.name](provider=augeas): Will attempt to save and only run if files changed
Debug: Augeas[yaml_config_node.name](provider=augeas): sending command 'set' with params ["/files/etc/wazuh-indexer/opensearch.yml/node.name", "node-1"]
Debug: Augeas[yaml_config_node.name](provider=augeas): Closed the augeas connection
Error: /Stage[indexerdeploy]/Wazuh::Indexer/Augeas[yaml_config_node.name]: Could not evaluate: Save failed, see debug output for details
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath](provider=augeas): Opening augeas with root /, lens path , flags 64
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath](provider=augeas): Augeas version 1.14.1 is installed
Warning: Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath](provider=augeas): Loading failed for one or more files, see debug for /augeas//error output
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error = parse_failed
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/pos = 0
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/line = 1
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/char = 0
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/lens = /opt/puppetlabs/puppet/share/augeas/lenses/dist/yaml.aug:78.10-.78:
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/message = Get did not match entire input
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath](provider=augeas): Will attempt to save and only run if files changed
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath](provider=augeas): sending command 'set' with params ["/files/etc/wazuh-indexer/opensearch.yml/plugins.security.ssl.http.pemcert_filepath", "/etc/wazuh-indexer/certs/indexer-node-1.pem"]
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath](provider=augeas): Closed the augeas connection
Error: /Stage[indexerdeploy]/Wazuh::Indexer/Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath]: Could not evaluate: Save failed, see debug output for details
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath](provider=augeas): Opening augeas with root /, lens path , flags 64
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath](provider=augeas): Augeas version 1.14.1 is installed
Warning: Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath](provider=augeas): Loading failed for one or more files, see debug for /augeas//error output
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error = parse_failed
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/pos = 0
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/line = 1
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/char = 0
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/lens = /opt/puppetlabs/puppet/share/augeas/lenses/dist/yaml.aug:78.10-.78:
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/message = Get did not match entire input
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath](provider=augeas): Will attempt to save and only run if files changed
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath](provider=augeas): sending command 'set' with params ["/files/etc/wazuh-indexer/opensearch.yml/plugins.security.ssl.http.pemkey_filepath", "/etc/wazuh-indexer/certs/indexer-node-1-key.pem"]
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath](provider=augeas): Closed the augeas connection
Error: /Stage[indexerdeploy]/Wazuh::Indexer/Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath]: Could not evaluate: Save failed, see debug output for details
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath](provider=augeas): Opening augeas with root /, lens path , flags 64
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath](provider=augeas): Augeas version 1.14.1 is installed
Warning: Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath](provider=augeas): Loading failed for one or more files, see debug for /augeas//error output
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error = parse_failed
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/pos = 0
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/line = 1
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/char = 0
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/lens = /opt/puppetlabs/puppet/share/augeas/lenses/dist/yaml.aug:78.10-.78:
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/message = Get did not match entire input
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath](provider=augeas): Will attempt to save and only run if files changed
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath](provider=augeas): sending command 'set' with params ["/files/etc/wazuh-indexer/opensearch.yml/plugins.security.ssl.http.pemtrustedcas_filepath", "/etc/wazuh-indexer/certs/root-ca.pem"]
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath](provider=augeas): Closed the augeas connection
Error: /Stage[indexerdeploy]/Wazuh::Indexer/Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath]: Could not evaluate: Save failed, see debug output for details
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath](provider=augeas): Opening augeas with root /, lens path , flags 64
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath](provider=augeas): Augeas version 1.14.1 is installed
Warning: Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath](provider=augeas): Loading failed for one or more files, see debug for /augeas//error output
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error = parse_failed
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/pos = 0
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/line = 1
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/char = 0
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/lens = /opt/puppetlabs/puppet/share/augeas/lenses/dist/yaml.aug:78.10-.78:
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/message = Get did not match entire input
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath](provider=augeas): Will attempt to save and only run if files changed
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath](provider=augeas): sending command 'set' with params ["/files/etc/wazuh-indexer/opensearch.yml/plugins.security.ssl.transport.pemcert_filepath", "/etc/wazuh-indexer/certs/indexer-node-1.pem"]
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath](provider=augeas): Closed the augeas connection
Error: /Stage[indexerdeploy]/Wazuh::Indexer/Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath]: Could not evaluate: Save failed, see debug output for details
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath](provider=augeas): Opening augeas with root /, lens path , flags 64
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath](provider=augeas): Augeas version 1.14.1 is installed
Warning: Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath](provider=augeas): Loading failed for one or more files, see debug for /augeas//error output
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error = parse_failed
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/pos = 0
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/line = 1
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/char = 0
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/lens = /opt/puppetlabs/puppet/share/augeas/lenses/dist/yaml.aug:78.10-.78:
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/message = Get did not match entire input
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath](provider=augeas): Will attempt to save and only run if files changed
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath](provider=augeas): sending command 'set' with params ["/files/etc/wazuh-indexer/opensearch.yml/plugins.security.ssl.transport.pemkey_filepath", "/etc/wazuh-indexer/certs/indexer-node-1-key.pem"]
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath](provider=augeas): Closed the augeas connection
Error: /Stage[indexerdeploy]/Wazuh::Indexer/Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath]: Could not evaluate: Save failed, see debug output for details
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath](provider=augeas): Opening augeas with root /, lens path , flags 64
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath](provider=augeas): Augeas version 1.14.1 is installed
Warning: Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath](provider=augeas): Loading failed for one or more files, see debug for /augeas//error output
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error = parse_failed
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/pos = 0
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/line = 1
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/char = 0
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/lens = /opt/puppetlabs/puppet/share/augeas/lenses/dist/yaml.aug:78.10-.78:
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/message = Get did not match entire input
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath](provider=augeas): Will attempt to save and only run if files changed
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath](provider=augeas): sending command 'set' with params ["/files/etc/wazuh-indexer/opensearch.yml/plugins.security.ssl.transport.pemtrustedcas_filepath", "/etc/wazuh-indexer/certs/root-ca.pem"]
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath](provider=augeas): Closed the augeas connection
Error: /Stage[indexerdeploy]/Wazuh::Indexer/Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath]: Could not evaluate: Save failed, see debug output for details
Debug: /Stage[indexerdeploy]/Wazuh::Indexer/Exec[set recusive ownership of /etc/wazuh-indexer]: 'chown wazuh-indexer:wazuh-indexer -R /etc/wazuh-indexer' won't be executed because of failed check 'refreshonly'
Debug: /Stage[indexerdeploy]/Wazuh::Indexer/Exec[set recusive ownership of /usr/share/wazuh-indexer]: 'chown wazuh-indexer:wazuh-indexer -R /usr/share/wazuh-indexer' won't be executed because of failed check 'refreshonly'
Debug: /Stage[indexerdeploy]/Wazuh::Indexer/Exec[set recusive ownership of /var/lib/wazuh-indexer]: 'chown wazuh-indexer:wazuh-indexer -R /var/lib/wazuh-indexer' won't be executed because of failed check 'refreshonly'
Notice: /Service[wazuh-indexer]: Dependency Augeas[yaml_config_network.host] has failures: true
Notice: /Service[wazuh-indexer]: Dependency Augeas[yaml_config_node.name] has failures: true
Notice: /Service[wazuh-indexer]: Dependency Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath] has failures: true
Notice: /Service[wazuh-indexer]: Dependency Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath] has failures: true
Notice: /Service[wazuh-indexer]: Dependency Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath] has failures: true
Notice: /Service[wazuh-indexer]: Dependency Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath] has failures: true
Notice: /Service[wazuh-indexer]: Dependency Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath] has failures: true
Notice: /Service[wazuh-indexer]: Dependency Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath] has failures: true

@vcerenu
Copy link
Member Author

vcerenu commented Jan 30, 2025
edited
Loading

Update

I have been testing the customization of configuration files. Due to problems with the use of augeas to perform these steps, apparently due to the lack of compliance in the Yaml format of the opensearch.yml file I am using, I decided to use a more compatible and simple implementation, with which I was able to deploy Wazuh indexer without problems:

# Copyright (C) 2015, Wazuh Inc.
# Setup for Wazuh Indexer
class wazuh::indexer (
  # opensearch.yml configuration
  $indexer_network_host = '0.0.0.0',
  $indexer_cluster_name = 'wazuh-cluster',
  $indexer_node_name = 'node-1',
  $indexer_node_max_local_storage_nodes = '1',
  $indexer_service = 'wazuh-indexer',
  $indexer_package = 'wazuh-indexer',
  $indexer_version = '4.9.2',
  $indexer_fileuser = 'wazuh-indexer',
  $indexer_filegroup = 'wazuh-indexer',

  $indexer_path_data = '/var/lib/wazuh-indexer',
  $indexer_path_logs = '/var/log/wazuh-indexer',
  $indexer_path_certs = '/etc/wazuh-indexer/certs',
  $indexer_security_init_lockfile = '/var/tmp/indexer-security-init.lock',
  $full_indexer_reinstall = false, # Change to true when whant a full reinstall of Wazuh indexer

  $indexer_ip = 'localhost',
  $indexer_port = '9200',
  $indexer_discovery_hosts = [], # Empty array for single-node configuration
  $indexer_cluster_initial_master_nodes = ['node-1'],
  $indexer_cluster_CN = ['node-1'],

  # JVM options
  $jvm_options_memory = '1g',
) {
  wazuh::install_product { 'Wazuh indexer':
    package_name  => $indexer_package,
    wazuh_version => $indexer_version,
  }

  exec { "ensure full path of ${indexer_path_certs}":
    path    => '/usr/bin:/bin',
    command => "mkdir -p ${indexer_path_certs}",
    creates => $indexer_path_certs,
    require => Wazuh::Install_product['Wazuh indexer'],
  }
  -> file { $indexer_path_certs:
    ensure  => directory,
    owner   => $indexer_fileuser,
    group   => $indexer_filegroup,
    mode    => '0500',
    require => Wazuh::Install_product['Wazuh indexer'],
  }

  [
   "indexer-$indexer_node_name.pem",
   "indexer-$indexer_node_name-key.pem",
   'root-ca.pem',
   'admin.pem',
   'admin-key.pem',
  ].each |String $certfile| {
    file { "${indexer_path_certs}/${certfile}":
      ensure  => file,
      owner   => $indexer_fileuser,
      group   => $indexer_filegroup,
      mode    => '0400',
      replace => true,
      recurse => remote,
      source  => "puppet:///modules/archive/${certfile}",
      require => Wazuh::Install_product['Wazuh indexer'],
    }
  }

  $config = {
    'network.host'                                          => $indexer_network_host,
    'node.name'                                             => $indexer_node_name,
    'plugins.security.ssl.http.pemcert_filepath'            => "${indexer_path_certs}/indexer-${indexer_node_name}.pem",
    'plugins.security.ssl.http.pemkey_filepath'             => "${indexer_path_certs}/indexer-${indexer_node_name}-key.pem",
    'plugins.security.ssl.http.pemtrustedcas_filepath'      => "${indexer_path_certs}/root-ca.pem",
    'plugins.security.ssl.transport.pemcert_filepath'       => "${indexer_path_certs}/indexer-${indexer_node_name}.pem",
    'plugins.security.ssl.transport.pemkey_filepath'        => "${indexer_path_certs}/indexer-${indexer_node_name}-key.pem",
    'plugins.security.ssl.transport.pemtrustedcas_filepath' => "${indexer_path_certs}/root-ca.pem"
  }

  $config.each |$key, $value| {
    file_line { "opensearch_${key}":
      path    => '/etc/wazuh-indexer/opensearch.yml',
      line    => "${key}: \"${value}\"",
      match   => "^${key}:",
      notify  => Service['wazuh-indexer'],
      require => [
        File['/etc/wazuh-indexer/opensearch.yml'],
        Wazuh::Install_product['Wazuh indexer']
      ],
    }
  }

  file { '/etc/wazuh-indexer/opensearch.yml':
    ensure  => file,
    require => [
      Wazuh::Install_product['Wazuh indexer']
    ],
  }

  service { 'wazuh-indexer':
    ensure  => running,
    enable  => true,
    name    => $indexer_service,
    require => Wazuh::Install_product['Wazuh indexer'],
  }

  file_line { "Insert line limits nofile for ${indexer_fileuser}":
    path   => '/etc/security/limits.conf',
    line   => "${indexer_fileuser} - nofile  65535",
    match  => "^${indexer_fileuser} - nofile\s",
    notify => Service['wazuh-indexer'],
    require => Wazuh::Install_product['Wazuh indexer'],
  }
  file_line { "Insert line limits memlock for ${indexer_fileuser}":
    path   => '/etc/security/limits.conf',
    line   => "${indexer_fileuser} - memlock unlimited",
    match  => "^${indexer_fileuser} - memlock\s",
    notify => Service['wazuh-indexer'],
    require => Wazuh::Install_product['Wazuh indexer'],
  }

  if $full_indexer_reinstall {
    file { $indexer_security_init_lockfile:
      ensure  => absent,
      before  => Exec['Initialize the Opensearch security index in Wazuh indexer'],
    }
  }
}

Tests

Wazuh indexer install and configuration:

root@ip-172-31-47-161:~/wazuh-puppet# puppet agent -t
Info: Using environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Warning: Fact value '#!/bin/sh

# Copyright (C) 2015, Wazuh Inc.
# Created by Wazuh, Inc. <[email protected]>.
# This program is a free software; you can redistribute it and/or modify it under the terms of GPLv2

Notice: Requesting catalog from ip-172-31-47-161:8140 (172.31.47.161)
Notice: Catalog compiled by ip-172-31-47-161.ec2.internal
Info: Caching catalog for ip-172-31-47-161.ec2.internal
Info: Applying configuration version '1738237112'
Notice: /Stage[certificates]/Wazuh::Certificates/File[Configure Wazuh Certificates config.yml]/ensure: defined content as '{sha256}081fb42f8c670649d09c5f8aecf0eebdd06c7e7a673d2e41c7fd5c44fbd8bab4'
Notice: /Stage[certificates]/Wazuh::Certificates/File[/tmp/wazuh-certs-tool.sh]/ensure: defined content as '{mtime}2024-08-20 13:09:41 UTC'
Notice: /Stage[certificates]/Wazuh::Certificates/Exec[Create Wazuh Certificates]/returns: executed successfully
Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/admin-key.pem]/ensure: defined content as '{sha256}9d83cb89054a1d78f70bedcbc5659ae86360439cb5e1cb653ee24b4cf7ecd2cf'
Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/admin.pem]/ensure: defined content as '{sha256}255a297287012f32e8ff2c146271555dfea6b007110f6cbd39d3e7163e7cb5da'
Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/dashboard-key.pem]/ensure: defined content as '{sha256}59aa465bd0cfa1e64068ec3d15a4d636e1668d050d1251bbb84bdd35d933506b'
Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/dashboard.pem]/ensure: defined content as '{sha256}568173af6c8b9bf6c92b8936e28b39141bc0049366a500b70ca3a1a0e75065d5'
Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/indexer-node-1-key.pem]/ensure: defined content as '{sha256}03a13bfac2711be3f6f081ef1410764289b5a9884f08ca007a90f1f3624302ba'
Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/indexer-node-1.pem]/ensure: defined content as '{sha256}6cb5e40b0747b52c63705f7aad54d02703d5f6944ae58d44595ee6302d0c976d'
Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/manager-master-key.pem]/ensure: defined content as '{sha256}ebf86763aee8c971c112e8dd6d6fa7f4d3258383daa314c02e1efe56589c8a65'
Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/manager-master.pem]/ensure: defined content as '{sha256}daf017e9195d2b4624e55c5b550897b6d354dcc5a938296199f59c309c65fb33'
Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/root-ca.key]/ensure: defined content as '{sha256}d60652a046ff9dd4b83ad0ff799938732cc200db1d583ce190e5e696ed9de08b'
Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/root-ca.pem]/ensure: defined content as '{sha256}bea2f3d429c64c8a87a6fe7d169f43e3bce9680850552617916ba6dd4fe4cfd3'
Notice: /Stage[url]/Wazuh::Package_list/Exec[download_packages_url_from_url]/returns:   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
Notice: /Stage[url]/Wazuh::Package_list/Exec[download_packages_url_from_url]/returns:                                  Dload  Upload   Total   Spent    Left  Speed
100  1342  100  1342    0     0   4067      0 --:--:-- --:--:-- --:--:--  4079eturns:
Notice: /Stage[url]/Wazuh::Package_list/Exec[download_packages_url_from_url]/returns: executed successfully
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/Wazuh::Install_product[Wazuh indexer]/Exec[download_wazuh-indexer-4.9.2-amd64.deb]/returns: executed successfully
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/Wazuh::Install_product[Wazuh indexer]/Package[wazuh-indexer]/ensure: created
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/Exec[ensure full path of /etc/wazuh-indexer/certs]/returns: executed successfully
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[/etc/wazuh-indexer/certs]/owner: owner changed 'root' to 'wazuh-indexer'
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[/etc/wazuh-indexer/certs]/group: group changed 'root' to 'wazuh-indexer'
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[/etc/wazuh-indexer/certs]/mode: mode changed '0755' to '0500'
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[/etc/wazuh-indexer/certs/indexer-node-1.pem]/ensure: defined content as '{sha256}6cb5e40b0747b52c63705f7aad54d02703d5f6944ae58d44595ee6302d0c976d'
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[/etc/wazuh-indexer/certs/indexer-node-1-key.pem]/ensure: defined content as '{sha256}03a13bfac2711be3f6f081ef1410764289b5a9884f08ca007a90f1f3624302ba'
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[/etc/wazuh-indexer/certs/root-ca.pem]/ensure: defined content as '{sha256}bea2f3d429c64c8a87a6fe7d169f43e3bce9680850552617916ba6dd4fe4cfd3'
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[/etc/wazuh-indexer/certs/admin.pem]/ensure: defined content as '{sha256}255a297287012f32e8ff2c146271555dfea6b007110f6cbd39d3e7163e7cb5da'
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[/etc/wazuh-indexer/certs/admin-key.pem]/ensure: defined content as '{sha256}9d83cb89054a1d78f70bedcbc5659ae86360439cb5e1cb653ee24b4cf7ecd2cf'
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[opensearch_plugins.security.ssl.http.pemcert_filepath]/ensure: created
Info: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[opensearch_plugins.security.ssl.http.pemcert_filepath]: Scheduling refresh of Service[wazuh-indexer]
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[opensearch_plugins.security.ssl.http.pemkey_filepath]/ensure: created
Info: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[opensearch_plugins.security.ssl.http.pemkey_filepath]: Scheduling refresh of Service[wazuh-indexer]
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[opensearch_plugins.security.ssl.http.pemtrustedcas_filepath]/ensure: created
Info: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[opensearch_plugins.security.ssl.http.pemtrustedcas_filepath]: Scheduling refresh of Service[wazuh-indexer]
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[opensearch_plugins.security.ssl.transport.pemcert_filepath]/ensure: created
Info: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[opensearch_plugins.security.ssl.transport.pemcert_filepath]: Scheduling refresh of Service[wazuh-indexer]
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[opensearch_plugins.security.ssl.transport.pemkey_filepath]/ensure: created
Info: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[opensearch_plugins.security.ssl.transport.pemkey_filepath]: Scheduling refresh of Service[wazuh-indexer]
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[opensearch_plugins.security.ssl.transport.pemtrustedcas_filepath]/ensure: created
Info: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[opensearch_plugins.security.ssl.transport.pemtrustedcas_filepath]: Scheduling refresh of Service[wazuh-indexer]
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[Insert line limits nofile for wazuh-indexer]/ensure: created
Info: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[Insert line limits nofile for wazuh-indexer]: Scheduling refresh of Service[wazuh-indexer]
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[Insert line limits memlock for wazuh-indexer]/ensure: created
Info: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[Insert line limits memlock for wazuh-indexer]: Scheduling refresh of Service[wazuh-indexer]
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/Service[wazuh-indexer]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[indexerdeploy]/Wazuh::Indexer/Service[wazuh-indexer]: Unscheduling refresh on Service[wazuh-indexer]
Notice: /Stage[securityadmin]/Wazuh::Securityadmin/Exec[Initialize the Opensearch security index in Wazuh indexer]/returns: executed successfully
Notice: Applied catalog in 119.56 seconds

I performed re-execution tests and it maintains idempotence in execution

root@ip-172-31-47-161:~/wazuh-puppet# puppet agent -t
Info: Using environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Warning: Fact value '#!/bin/sh

# Copyright (C) 2015, Wazuh Inc.
# Created by Wazuh, Inc. <[email protected]>.
# This program is a free software; you can redistribute it and/or modify it under the terms of GPLv2

Notice: Requesting catalog from ip-172-31-47-161:8140 (172.31.47.161)
Notice: Catalog compiled by ip-172-31-47-161.ec2.internal
Info: Caching catalog for ip-172-31-47-161.ec2.internal
Info: Applying configuration version '1738238057'
Notice: Applied catalog in 0.98 seconds
root@ip-172-31-47-161:~/wazuh-puppet#

@wazuhci wazuhci moved this from In progress to On hold in XDR+SIEM/Release 5.0.0 Feb 3, 2025
@wazuhci wazuhci moved this from On hold to In progress in XDR+SIEM/Release 5.0.0 Feb 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vcerenu vcerenu

Labels
level/subtask Subtask issue type/enhancement Enhacement or new feature
Projects
XDR+SIEM/Release 5.0.0
Status: In progress
Milestone
No milestone
Development

No branches or pull requests
2 participants
@teddytpc1 @vcerenu