Merge pull request #1312 from wazuh/461-conf-files-environment

Add environment for configure wazuh indexer and dashboard files

build-docker-images/wazuh-dashboard/Dockerfile

@@ -26,14 +26,15 @@ RUN chmod 775 /install_wazuh_app.sh
 RUN bash /install_wazuh_app.sh
 
 # Copy and set permissions to config files
-COPY config/opensearch_dashboards.yml $INSTALL_DIR/config/
+RUN cp  $INSTALL_DIR/etc/opensearch_dashboards.yml $INSTALL_DIR/config/opensearch_dashboards.yml
 COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/
 RUN chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml
 
 # Create and set permissions to data directories
 RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
 RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config
 RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs
+RUN mkdir /wazuh-config-mount && chmod -R 775 /wazuh-config-mount
 
 ################################################################################
 # Build stage 1 (the current Wazuh dashboard image):
@@ -108,6 +109,15 @@ COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR
 RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
 RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
 
+# Set $JAVA_HOME
+RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \
+    echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh
+ENV JAVA_HOME=$INSTALL_DIR/jdk
+ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin
+
+# Add k-NN lib directory to library loading path variable
+ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib"
+
 # Set workdir and user
 WORKDIR $INSTALL_DIR
 USER wazuh-dashboard
@@ -116,3 +126,5 @@ USER wazuh-dashboard
 EXPOSE 443
 
 ENTRYPOINT [ "/entrypoint.sh" ]
+
+CMD ["opensearch-dashboards"]

build-docker-images/wazuh-dashboard/config/config.sh

@@ -34,8 +34,8 @@ chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A
 mkdir -p ${CONFIG_DIR}/certs
 
 # Copy Wazuh dashboard certs to install config dir
-cp /wazuh-certificates/demo.dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem
-cp /wazuh-certificates/demo.dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem
+cp /wazuh-certificates/dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem
+cp /wazuh-certificates/dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem
 cp /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem
 
 chmod -R 500 ${CONFIG_DIR}/certs

build-docker-images/wazuh-dashboard/config/config.yml

@@ -1,5 +1,5 @@
 nodes:
   # Wazuh dashboard server nodes
   dashboard:
-    - name: demo.dashboard
-      ip: demo.dashboard
+    - name: dashboard
+      ip: wazuh.dashboard

build-docker-images/wazuh-dashboard/config/entrypoint.sh

@@ -2,6 +2,215 @@
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 
 INSTALL_DIR=/usr/share/wazuh-dashboard
+export OPENSEARCH_DASHBOARDS_HOME=$INSTALL_DIR
+WAZUH_CONFIG_MOUNT=/wazuh-config-mount
+
+opensearch_dashboards_vars=(
+    console.enabled
+    console.proxyConfig
+    console.proxyFilter
+    ops.cGroupOverrides.cpuPath
+    ops.cGroupOverrides.cpuAcctPath
+    cpu.cgroup.path.override
+    cpuacct.cgroup.path.override
+    server.basePath
+    server.customResponseHeaders
+    server.compression.enabled
+    server.compression.referrerWhitelist
+    server.cors
+    server.cors.origin
+    server.defaultRoute
+    server.host
+    server.keepAliveTimeout
+    server.maxPayloadBytes
+    server.name
+    server.port
+    csp.rules
+    csp.strict
+    csp.warnLegacyBrowsers
+    data.search.usageTelemetry.enabled
+    opensearch.customHeaders
+    opensearch.hosts
+    opensearch.logQueries
+    opensearch.memoryCircuitBreaker.enabled
+    opensearch.memoryCircuitBreaker.maxPercentage
+    opensearch.password
+    opensearch.pingTimeout
+    opensearch.requestHeadersWhitelist
+    opensearch.requestHeadersAllowlist
+    opensearch_security.multitenancy.enabled
+    opensearch_security.readonly_mode.roles
+    opensearch.requestTimeout
+    opensearch.shardTimeout
+    opensearch.sniffInterval
+    opensearch.sniffOnConnectionFault
+    opensearch.sniffOnStart
+    opensearch.ssl.alwaysPresentCertificate
+    opensearch.ssl.certificate
+    opensearch.ssl.key
+    opensearch.ssl.keyPassphrase
+    opensearch.ssl.keystore.path
+    opensearch.ssl.keystore.password
+    opensearch.ssl.truststore.path
+    opensearch.ssl.truststore.password
+    opensearch.ssl.verificationMode
+    opensearch.username
+    i18n.locale
+    interpreter.enableInVisualize
+    opensearchDashboards.autocompleteTerminateAfter
+    opensearchDashboards.autocompleteTimeout
+    opensearchDashboards.defaultAppId
+    opensearchDashboards.index
+    logging.dest
+    logging.json
+    logging.quiet
+    logging.rotate.enabled
+    logging.rotate.everyBytes
+    logging.rotate.keepFiles
+    logging.rotate.pollingInterval
+    logging.rotate.usePolling
+    logging.silent
+    logging.useUTC
+    logging.verbose
+    map.includeOpenSearchMapsService
+    map.proxyOpenSearchMapsServiceInMaps
+    map.regionmap
+    map.tilemap.options.attribution
+    map.tilemap.options.maxZoom
+    map.tilemap.options.minZoom
+    map.tilemap.options.subdomains
+    map.tilemap.url
+    monitoring.cluster_alerts.email_notifications.email_address
+    monitoring.enabled
+    monitoring.opensearchDashboards.collection.enabled
+    monitoring.opensearchDashboards.collection.interval
+    monitoring.ui.container.opensearch.enabled
+    monitoring.ui.container.logstash.enabled
+    monitoring.ui.opensearch.password
+    monitoring.ui.opensearch.pingTimeout
+    monitoring.ui.opensearch.hosts
+    monitoring.ui.opensearch.username
+    monitoring.ui.opensearch.logFetchCount
+    monitoring.ui.opensearch.ssl.certificateAuthorities
+    monitoring.ui.opensearch.ssl.verificationMode
+    monitoring.ui.enabled
+    monitoring.ui.max_bucket_size
+    monitoring.ui.min_interval_seconds
+    newsfeed.enabled
+    ops.interval
+    path.data
+    pid.file
+    regionmap
+    security.showInsecureClusterWarning
+    server.rewriteBasePath
+    server.socketTimeout
+    server.customResponseHeaders
+    server.ssl.enabled
+    server.ssl.key
+    server.ssl.keyPassphrase
+    server.ssl.keystore.path
+    server.ssl.keystore.password
+    server.ssl.truststore.path
+    server.ssl.truststore.password
+    server.ssl.cert
+    server.ssl.certificate
+    server.ssl.certificateAuthorities
+    server.ssl.cipherSuites
+    server.ssl.clientAuthentication
+    opensearch.ssl.certificateAuthorities
+    server.ssl.redirectHttpFromPort
+    server.ssl.supportedProtocols
+    server.xsrf.disableProtection
+    server.xsrf.whitelist
+    status.allowAnonymous
+    status.v6ApiFormat
+    tilemap.options.attribution
+    tilemap.options.maxZoom
+    tilemap.options.minZoom
+    tilemap.options.subdomains
+    tilemap.url
+    timeline.enabled
+    vega.enableExternalUrls
+    apm_oss.apmAgentConfigurationIndex
+    apm_oss.indexPattern
+    apm_oss.errorIndices
+    apm_oss.onboardingIndices
+    apm_oss.spanIndices
+    apm_oss.sourcemapIndices
+    apm_oss.transactionIndices
+    apm_oss.metricsIndices
+    telemetry.allowChangingOptInStatus
+    telemetry.enabled
+    telemetry.optIn
+    telemetry.optInStatusUrl
+    telemetry.sendUsageFrom
+    vis_builder.enabled
+    data_source.enabled
+    data_source.encryption.wrappingKeyName
+    data_source.encryption.wrappingKeyNamespace
+    data_source.encryption.wrappingKey
+    data_source.audit.enabled
+    data_source.audit.appender.kind
+    data_source.audit.appender.path
+    data_source.audit.appender.layout.kind
+    data_source.audit.appender.layout.highlight
+    data_source.audit.appender.layout.pattern
+    ml_commons_dashboards.enabled
+    assistant.chat.enabled
+    observability.query_assist.enabled
+    uiSettings.overrides.defaultRoute
+)
+
+print() {
+  echo -e $1
+}
+
+error_and_exit() {
+  echo "Error executing command: '$1'."
+  echo 'Exiting.'
+  exit 1
+}
+
+exec_cmd() {
+  eval $1 > /dev/null 2>&1 || error_and_exit "$1"
+}
+
+exec_cmd_stdout() {
+  eval $1 2>&1 || error_and_exit "$1"
+}
+
+function runOpensearchDashboards {
+    touch $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
+      for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do
+        env_var=$(echo ${opensearch_dashboards_var^^} | tr . _)
+        value=${!env_var}
+        if [[ -n $value ]]; then
+          longoptfile="${opensearch_dashboards_var}: ${value}"
+          if grep -q $opensearch_dashboards_var $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml; then
+            sed -i "/${opensearch_dashboards_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
+          else
+            echo $longoptfile >> $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
+          fi
+        fi
+      done
+
+    umask 0002
+
+    /usr/share/wazuh-dashboard/bin/opensearch-dashboards -c $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml \
+        --cpu.cgroup.path.override=/ \
+        --cpuacct.cgroup.path.override=/
+}
+
+mount_files() {
+  if [ -e $WAZUH_CONFIG_MOUNT/* ]
+  then
+    print "Identified Wazuh cdashboard onfiguration files to mount..."
+    exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $INSTALL_DIR"
+  else
+    print "No Wazuh dashboard configuration files to mount..."
+  fi
+}
+
 DASHBOARD_USERNAME="${DASHBOARD_USERNAME:-kibanaserver}"
 DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}"
 
@@ -17,4 +226,14 @@ echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add o
 
 /wazuh_app_config.sh $WAZUH_UI_REVISION
 
-/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+mount_files
+
+if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then
+    set -- opensearch-dashboards "$@"
+fi
+
+if [ "$1" = "opensearch-dashboards" ]; then
+    runOpensearchDashboards "$@"
+else
+    exec "$@"
+fi

build-docker-images/wazuh-indexer/Dockerfile

@@ -6,20 +6,10 @@ ARG WAZUH_TAG_REVISION
 
 RUN yum install curl-minimal openssl xz tar findutils shadow-utils -y
 
-COPY config/opensearch.yml /
-
 COPY config/config.sh .
 
 COPY config/config.yml /
 
-COPY config/action_groups.yml /
-
-COPY config/internal_users.yml /
-
-COPY config/roles_mapping.yml /
-
-COPY config/roles.yml /
-
 RUN bash config.sh
 
 ################################################################################
@@ -36,6 +26,15 @@ ENV USER="wazuh-indexer" \
     NAME="wazuh-indexer" \
     INSTALL_DIR="/usr/share/wazuh-indexer"
 
+# Set $JAVA_HOME
+RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \
+    echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh
+ENV JAVA_HOME="$INSTALL_DIR/jdk"
+ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin
+
+# Add k-NN lib directory to library loading path variable
+ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib"
+
 RUN yum install curl-minimal shadow-utils findutils hostname -y
 
 RUN getent group $GROUP || groupadd -r -g 1000 $GROUP

build-docker-images/wazuh-indexer/config/config.sh

@@ -117,12 +117,6 @@ cp -pr ${BASE_DIR}/* ${TARGET_DIR}${INSTALLATION_DIR}
 # Copy the security tools
 cp /$CERT_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/
 cp /$PASSWORD_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/
-# Copy Wazuh's config files for the security plugin
-cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
-cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
-cp -pr /action_groups.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
-cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
-cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR}
 # Copy Wazuh indexer's certificates
 cp -pr /wazuh-certificates/demo.indexer.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer.pem
 cp -pr /wazuh-certificates/demo.indexer-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer-key.pem