Cert tool image versioning #1256
Assignees
Labels
Comments
vcerenu
added
type/enhancement
level/epic
|
Added certificate creation image creation inside Wazuh Docker image build:
The base operating system of the image has been modified, in line with the other Docker images of the Wazuh components: # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
FROM amazonlinux:2023
RUN yum install curl-minimal openssl -y &&\
yum clean all
WORKDIR /
COPY config/entrypoint.sh /
RUN chmod 700 /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]A local image building test was performed and completed successfully: $ build-docker-images/build-images.sh
Building wazuh.manager
[+] Building 178.9s (27/27) FINISHED
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 2.28kB 0.0s
=> [internal] load metadata for docker.io/library/ubuntu:focal 2.9s
=> [auth] library/ubuntu:pull token for registry-1.docker.io 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [ 1/20] FROM docker.io/library/ubuntu:focal@sha256:0b897358ff6624825fb50d20ffb605ab0eaea77ced0adb8c6a4b756513dec6fc 3.4s
=> => resolve docker.io/library/ubuntu:focal@sha256:0b897358ff6624825fb50d20ffb605ab0eaea77ced0adb8c6a4b756513dec6fc 0.0s
=> => sha256:0b897358ff6624825fb50d20ffb605ab0eaea77ced0adb8c6a4b756513dec6fc 1.13kB / 1.13kB 0.0s
=> => sha256:d86db849e59626d94f768c679aba441163c996caf7a3426f44924d0239ffe03f 424B / 424B 0.0s
=> => sha256:5f5250218d28ad6612bf653eced407165dd6475a4daf9210b299fed991e172e9 2.30kB / 2.30kB 0.0s
=> => sha256:9ea8908f47652b59b8055316d9c0e16b365e2b5cee15d3efcb79e2957e3e7cad 27.51MB / 27.51MB 2.3s
=> => extracting sha256:9ea8908f47652b59b8055316d9c0e16b365e2b5cee15d3efcb79e2957e3e7cad 1.0s
=> [internal] load build context 0.0s
=> => transferring context: 26.57kB 0.0s
=> [16/20] ADD https://raw.githubusercontent.com/wazuh/wazuh/v4.7.5/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat 0.0s
=> [ 2/20] RUN rm /bin/sh && ln -s /bin/bash /bin/sh 0.3s
=> [ 3/20] RUN apt-get update && apt install curl apt-transport-https lsb-release gnupg -y 86.4s
=> [ 4/20] COPY config/check_repository.sh / 0.1s
=> [ 5/20] RUN chmod 775 /check_repository.sh 0.3s
=> [ 6/20] RUN source /check_repository.sh 1.3s
=> [ 7/20] RUN apt-get update && apt-get install wazuh-manager=4.7.5-1 69.7s
=> [ 8/20] COPY config/filebeat_module.sh / 0.0s
=> [ 9/20] RUN chmod 775 /filebeat_module.sh 0.2s
=> [10/20] RUN source /filebeat_module.sh 8.3s
=> [11/20] RUN curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/v2.2.0.3/s6-overlay-amd64.tar.gz -o /tmp/s6-overlay-amd64.tar.gz && tar xzf /tmp/s6-o 1.7s
=> [12/20] COPY config/etc/ /etc/ 0.0s
=> [13/20] COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py 0.0s
=> [14/20] COPY config/filebeat.yml /etc/filebeat/ 0.0s
=> [15/20] RUN chmod go-w /etc/filebeat/filebeat.yml 0.2s
=> [16/20] ADD https://raw.githubusercontent.com/wazuh/wazuh/v4.7.5/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat 0.1s
=> [17/20] RUN chmod go-w /etc/filebeat/wazuh-template.json 0.3s
=> [18/20] COPY config/permanent_data.env config/permanent_data.sh / 0.0s
=> [19/20] RUN chmod 755 /permanent_data.sh && sync && /permanent_data.sh && sync && rm /permanent_data.sh 0.5s
=> [20/20] RUN mkdir -p /var/ossec/var/multigroups && chown root:wazuh /var/ossec/var/multigroups && chmod 770 /var/ossec/var/multigroups && mkdir -p /var/ossec/agentless && chown 0.3s
=> exporting to image 2.6s
=> => exporting layers 2.6s
=> => writing image sha256:22343514f4943e48c7fd6789c15c7f2655e415c03bed5d37b0b742c7da28560e 0.0s
=> => naming to docker.io/wazuh/wazuh-manager:4.7.5 0.0s
Building wazuh.indexer
[+] Building 116.1s (27/27) FINISHED
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 2.38kB 0.0s
=> [internal] load metadata for docker.io/library/ubuntu:focal 0.8s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 20.71kB 0.0s
=> CACHED [builder 1/9] FROM docker.io/library/ubuntu:focal@sha256:0b897358ff6624825fb50d20ffb605ab0eaea77ced0adb8c6a4b756513dec6fc 0.0s
=> [stage-1 2/14] RUN getent group wazuh-indexer || groupadd -r -g 1000 wazuh-indexer 0.3s
=> [builder 2/9] RUN apt-get update -y && apt-get install curl openssl xz-utils -y 15.8s
=> [stage-1 3/14] RUN useradd --system --uid 1000 --no-create-home --home-dir /usr/share/wazuh-indexer --gid wazuh-indexer --shell /sbi 0.4s
=> [stage-1 4/14] WORKDIR /usr/share/wazuh-indexer 0.0s
=> [stage-1 5/14] COPY config/entrypoint.sh / 0.0s
=> [stage-1 6/14] COPY config/securityadmin.sh / 0.0s
=> [stage-1 7/14] RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh 0.3s
=> [stage-1 8/14] RUN chown 1000:1000 /*.sh 0.3s
=> [builder 3/9] COPY config/opensearch.yml / 0.0s
=> [builder 4/9] COPY config/config.sh . 0.0s
=> [builder 5/9] COPY config/config.yml / 0.0s
=> [builder 6/9] COPY config/internal_users.yml / 0.0s
=> [builder 7/9] COPY config/roles_mapping.yml / 0.0s
=> [builder 8/9] COPY config/roles.yml / 0.0s
=> [builder 9/9] RUN bash config.sh 88.3s
=> [stage-1 9/14] COPY --from=builder --chown=1000:1000 /debian/wazuh-indexer/usr/share/wazuh-indexer /usr/share/wazuh-indexer 2.2s
=> [stage-1 10/14] COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/systemd /usr/lib/systemd 0.0s
=> [stage-1 11/14] COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/sysctl.d /usr/lib/sysctl.d 0.0s
=> [stage-1 12/14] COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/tmpfiles.d /usr/lib/tmpfiles.d 0.0s
=> [stage-1 13/14] RUN chown -R 1000:1000 /usr/share/wazuh-indexer 3.7s
=> [stage-1 14/14] RUN mkdir -p /var/lib/wazuh-indexer && chown 1000:1000 /var/lib/wazuh-indexer && mkdir -p /usr/share/wazuh-indexer/logs && chown 1000:1000 /usr/share/wazuh-indexer/logs && 0.4s
=> exporting to image 2.6s
=> => exporting layers 2.6s
=> => writing image sha256:1416302e9dcf3c8d4b2932c1985c7edd0bb3d11339c3e29fb040c442e6a43660 0.0s
=> => naming to docker.io/wazuh/wazuh-indexer:4.7.5 0.0s
Building wazuh.dashboard
[+] Building 210.9s (34/34) FINISHED
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 3.56kB 0.0s
=> [internal] load metadata for docker.io/library/ubuntu:focal 1.5s
=> [auth] library/ubuntu:pull token for registry-1.docker.io 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 13.53kB 0.0s
=> CACHED [stage-1 1/12] FROM docker.io/library/ubuntu:focal@sha256:0b897358ff6624825fb50d20ffb605ab0eaea77ced0adb8c6a4b756513dec6fc 0.0s
=> [builder 2/17] RUN apt-get update && apt install curl libcap2-bin xz-utils -y 120.8s
=> [stage-1 2/12] RUN getent group wazuh-dashboard || groupadd -r -g 1000 wazuh-dashboard 0.4s
=> [stage-1 3/12] RUN useradd --system --uid 1000 --no-create-home --home-dir /usr/share/wazuh-dashboard --gid wazuh-dashboard --shell 0.3s
=> [stage-1 4/12] COPY config/entrypoint.sh / 0.0s
=> [stage-1 5/12] COPY config/wazuh_app_config.sh / 0.0s
=> [stage-1 6/12] RUN chmod 700 /entrypoint.sh 0.3s
=> [stage-1 7/12] RUN chmod 700 /wazuh_app_config.sh 0.3s
=> [stage-1 8/12] RUN chown 1000:1000 /*.sh 0.3s
=> [builder 3/17] RUN mkdir -p /usr/share/wazuh-dashboard 0.3s
=> [builder 4/17] COPY config/dl_base.sh . 0.1s
=> [builder 5/17] RUN bash dl_base.sh 26.0s
=> [builder 6/17] COPY config/config.sh . 0.1s
=> [builder 7/17] COPY config/config.yml / 0.1s
=> [builder 8/17] RUN bash config.sh 1.5s
=> [builder 9/17] COPY config/install_wazuh_app.sh / 0.1s
=> [builder 10/17] RUN chmod 775 /install_wazuh_app.sh 0.3s
=> [builder 11/17] RUN bash /install_wazuh_app.sh 9.7s
=> [builder 12/17] COPY config/opensearch_dashboards.yml /usr/share/wazuh-dashboard/config/ 0.0s
=> [builder 13/17] COPY config/wazuh.yml /usr/share/wazuh-dashboard/data/wazuh/config/ 0.0s
=> [builder 14/17] RUN chown 101:101 /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml && chmod 664 /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml 0.4s
=> [builder 15/17] RUN mkdir -p /usr/share/wazuh-dashboard/data/wazuh && chown -R 101:101 /usr/share/wazuh-dashboard/data/wazuh && chmod -R 775 /usr/share/wazuh-dashboard/data/wazuh 0.6s
=> [builder 16/17] RUN mkdir -p /usr/share/wazuh-dashboard/data/wazuh/config && chown -R 101:101 /usr/share/wazuh-dashboard/data/wazuh/config && chmod -R 775 /usr/share/wazuh-dashboard/data/wazuh/ 0.4s
=> [builder 17/17] RUN mkdir -p /usr/share/wazuh-dashboard/data/wazuh/logs && chown -R 101:101 /usr/share/wazuh-dashboard/data/wazuh/logs && chmod -R 775 /usr/share/wazuh-dashboard/data/wazuh/logs 0.3s
=> [stage-1 9/12] COPY --from=builder --chown=1000:1000 /usr/share/wazuh-dashboard /usr/share/wazuh-dashboard 14.7s
=> [stage-1 10/12] RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom 0.3s
=> [stage-1 11/12] RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom 0.3s
=> [stage-1 12/12] WORKDIR /usr/share/wazuh-dashboard 0.0s
=> exporting to image 7.0s
=> => exporting layers 7.0s
=> => writing image sha256:6cd251cb0e7633c1b462331ba4421880dc0d73d3ed72b4882ab2e7faeb0642ae 0.0s
=> => naming to docker.io/wazuh/wazuh-dashboard:4.7.5 0.0s
[+] Building 26.7s (10/10) FINISHED
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 282B 0.0s
=> [internal] load metadata for docker.io/library/amazonlinux:2023 2.5s
=> [auth] library/amazonlinux:pull token for registry-1.docker.io 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [1/5] FROM docker.io/library/amazonlinux:2023@sha256:0d172f83b07323d8a8a08ea2242b7d64eb676f013eba269a158f229ce062a24f 6.9s
=> => resolve docker.io/library/amazonlinux:2023@sha256:0d172f83b07323d8a8a08ea2242b7d64eb676f013eba269a158f229ce062a24f 0.0s
=> => sha256:f6175f9c503b77e6cec852666a7133ed71ff16fd23342bcc58c01fa48948b06f 52.32MB / 52.32MB 4.5s
=> => sha256:0d172f83b07323d8a8a08ea2242b7d64eb676f013eba269a158f229ce062a24f 547B / 547B 0.0s
=> => sha256:130e2b842304783d910b17355968b433b99ad6a8eb2ecd0fcc31c6b995c9f110 529B / 529B 0.0s
=> => sha256:fdd3227580370bd99109cb6f8a7c327f59dc5c9d81dfc3c78279c4e7d905d14d 1.48kB / 1.48kB 0.0s
=> => extracting sha256:f6175f9c503b77e6cec852666a7133ed71ff16fd23342bcc58c01fa48948b06f 2.3s
=> [internal] load build context 0.0s
=> => transferring context: 2.46kB 0.0s
=> [2/5] RUN yum install curl-minimal openssl -y &&yum clean all 16.7s
=> [3/5] COPY config/entrypoint.sh / 0.1s
=> [4/5] RUN chmod 700 /entrypoint.sh 0.3s
=> exporting to image 0.1s
=> => exporting layers 0.1s
=> => writing image sha256:e3d05a198ac11ea4a770815bf8d33f1284b253c31d8af313b7a9bb6f3ce6e3fc 0.0s
=> => naming to docker.io/wazuh/wazuh-cert-tool:4.7.5 0.0s
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
wazuh/wazuh-cert-tool 4.7.5 e3d05a198ac1 55 minutes ago 149MB
wazuh/wazuh-dashboard 4.7.5 6cd251cb0e76 55 minutes ago 1.01GB
wazuh/wazuh-indexer 4.7.5 1416302e9dcf 59 minutes ago 2.02GB
wazuh/wazuh-manager 4.7.5 22343514f494 About an hour ago 874MB
$ |
|
The certificate creation script was modified and a test was performed: $ cat generate-certs.yml
# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
version: '3'
services:
generator:
image: wazuh/wazuh-cert-tool:4.7.5
hostname: wazuh-cert-tool
container_name: wazuh-cert-tool
volumes:
- ./config/wazuh_indexer_ssl_certs/:/certificates/
- ./config/certs.yml:/config/certs.yml
$ docker-compose -f generate-certs.yml run --rm generator
Creating network "single-node_default" with the default driver
Creating single-node_generator_run ... done
The tool to create the certificates exists in the in Packages bucket
07/06/2024 10:58:35 INFO: Admin certificates created.
07/06/2024 10:58:35 INFO: Wazuh indexer certificates created.
07/06/2024 10:58:35 INFO: Wazuh server certificates created.
07/06/2024 10:58:35 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
$# ls -ltr
total 48
-r-------- 1 vcerenu vcerenu 1204 jun 7 07:58 root-ca.pem
-r-------- 1 vcerenu vcerenu 1704 jun 7 07:58 root-ca.key
-r-------- 1 vcerenu vcerenu 1119 jun 7 07:58 admin.pem
-r-------- 1 vcerenu vcerenu 1704 jun 7 07:58 admin-key.pem
-r-------- 1 vcerenu vcerenu 1298 jun 7 07:58 wazuh.manager.pem
-r-------- 1 vcerenu vcerenu 1708 jun 7 07:58 wazuh.manager-key.pem
-r-------- 1 vcerenu vcerenu 1298 jun 7 07:58 wazuh.indexer.pem
-r-------- 1 vcerenu vcerenu 1704 jun 7 07:58 wazuh.indexer-key.pem
-r-------- 1 vcerenu vcerenu 1302 jun 7 07:58 wazuh.dashboard.pem
-r-------- 1 vcerenu vcerenu 1704 jun 7 07:58 wazuh.dashboard-key.pem
-r-------- 1 systemd-resolve systemd-journal 1204 jun 7 07:58 root-ca-manager.pem
-r-------- 1 systemd-resolve systemd-journal 1704 jun 7 07:58 root-ca-manager.keyDeploy single node stack: $ docker-compose up -d
Creating volume "single-node_wazuh_api_configuration" with default driver
Creating volume "single-node_wazuh_etc" with default driver
Creating volume "single-node_wazuh_logs" with default driver
Creating volume "single-node_wazuh_queue" with default driver
Creating volume "single-node_wazuh_var_multigroups" with default driver
Creating volume "single-node_wazuh_integrations" with default driver
Creating volume "single-node_wazuh_active_response" with default driver
Creating volume "single-node_wazuh_agentless" with default driver
Creating volume "single-node_wazuh_wodles" with default driver
Creating volume "single-node_filebeat_etc" with default driver
Creating volume "single-node_filebeat_var" with default driver
Creating volume "single-node_wazuh-indexer-data" with default driver
Creating volume "single-node_wazuh-dashboard-config" with default driver
Creating volume "single-node_wazuh-dashboard-custom" with default driver
Creating single-node_wazuh.manager_1 ... done
Creating single-node_wazuh.indexer_1 ... done
Creating single-node_wazuh.dashboard_1 ... done
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
abe68e477168 wazuh/wazuh-dashboard:4.7.5 "/entrypoint.sh" About a minute ago Up About a minute 443/tcp, 0.0.0.0:443->5601/tcp, :::443->5601/tcp single-node_wazuh.dashboard_1
582470eb3110 wazuh/wazuh-indexer:4.7.5 "/entrypoint.sh open…" About a minute ago Up About a minute 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp single-node_wazuh.indexer_1
d47217f66b56 wazuh/wazuh-manager:4.7.5 "/init" About a minute ago Up About a minute 0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp single-node_wazuh.manager_1
$ curl -XGET "https://0.0.0.0:9200/_cluster/health?pretty=true" -u admin:SecretPassword -k -s
{
"cluster_name" : "opensearch",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"discovered_master" : true,
"discovered_cluster_manager" : true,
"active_primary_shards" : 6,
"active_shards" : 6,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
$ curl -XGET --silent https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I -s
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
osd-name: wazuh.dashboard
x-frame-options: sameorigin
cache-control: private, no-cache, no-store, must-revalidate
set-cookie: security_authentication=Fe26.2**8d0edf7f2b9d0b82fce6709ca7bd60d6246ef7f56962e5aea857888f420cd849*1i1EQwZ0wkR1mHtQP0H2hw*-VUADlUQqqG7Xb2Lr_zqbkgDy0X2fVSOOJ46YBQpBzCPxaPOc4yB3xjN8cMlelELwjJ5EH1_JBQK3-syGq9FNriZ13U6S5H2_za9Rrk0ViMBVZzmtrqX72OeWZ0L8k6uAEoCYl2HBknuLjoK_OoqtvwGktXuAwb3UGCyZ9Isq_PWTgEjmnhwXChZdtSgjz1w**92b02179e3f5ba6b3b6f7f100e3d3415bfe67b3fd9698d88ae4c67728c8aaf41*kk8hI6E6jlBEtpaWejMp9XDBoWMmyVGHqpT6_Ey7EFo; HttpOnly; Path=/
content-length: 92350
vary: accept-encoding
accept-ranges: bytes
Date: Fri, 07 Jun 2024 11:13:57 GMT
Connection: keep-alive
Keep-Alive: timeout=120
$ TOKEN=$(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
$ curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer $TOKEN"
{
"data": {
"affected_items": [
{
"wazuh-agentlessd": "stopped",
"wazuh-analysisd": "running",
"wazuh-authd": "running",
"wazuh-csyslogd": "stopped",
"wazuh-dbd": "stopped",
"wazuh-monitord": "running",
"wazuh-execd": "running",
"wazuh-integratord": "stopped",
"wazuh-logcollector": "running",
"wazuh-maild": "stopped",
"wazuh-remoted": "running",
"wazuh-reportd": "stopped",
"wazuh-syscheckd": "running",
"wazuh-clusterd": "stopped",
"wazuh-modulesd": "running",
"wazuh-db": "running",
"wazuh-apid": "running"
}
],
"total_affected_items": 1,
"total_failed_items": 0,
"failed_items": []
},
"message": "Processes status was successfully read",
"error": 0
}
$ docker exec single-node_wazuh.manager_1 sh -c 'filebeat test output'
elasticsearch: https://wazuh.indexer:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 172.20.0.2
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2
$ Deploy multi node stack: $ docker-compose -f generate-certs.yml run --rm generator
Creating network "multi-node_default" with the default driver
Creating multi-node_generator_run ... done
The tool to create the certificates exists in the in Packages bucket
07/06/2024 11:26:32 INFO: Admin certificates created.
07/06/2024 11:26:32 INFO: Wazuh indexer certificates created.
07/06/2024 11:26:33 INFO: Wazuh server certificates created.
07/06/2024 11:26:33 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
$ docker-compose up -d
Creating network "multi-node_default" with the default driver
Creating volume "multi-node_master-wazuh-api-configuration" with default driver
Creating volume "multi-node_master-wazuh-etc" with default driver
Creating volume "multi-node_master-wazuh-logs" with default driver
Creating volume "multi-node_master-wazuh-queue" with default driver
Creating volume "multi-node_master-wazuh-var-multigroups" with default driver
Creating volume "multi-node_master-wazuh-integrations" with default driver
Creating volume "multi-node_master-wazuh-active-response" with default driver
Creating volume "multi-node_master-wazuh-agentless" with default driver
Creating volume "multi-node_master-wazuh-wodles" with default driver
Creating volume "multi-node_master-filebeat-etc" with default driver
Creating volume "multi-node_master-filebeat-var" with default driver
Creating volume "multi-node_worker-wazuh-api-configuration" with default driver
Creating volume "multi-node_worker-wazuh-etc" with default driver
Creating volume "multi-node_worker-wazuh-logs" with default driver
Creating volume "multi-node_worker-wazuh-queue" with default driver
Creating volume "multi-node_worker-wazuh-var-multigroups" with default driver
Creating volume "multi-node_worker-wazuh-integrations" with default driver
Creating volume "multi-node_worker-wazuh-active-response" with default driver
Creating volume "multi-node_worker-wazuh-agentless" with default driver
Creating volume "multi-node_worker-wazuh-wodles" with default driver
Creating volume "multi-node_worker-filebeat-etc" with default driver
Creating volume "multi-node_worker-filebeat-var" with default driver
Creating volume "multi-node_wazuh-indexer-data-1" with default driver
Creating volume "multi-node_wazuh-indexer-data-2" with default driver
Creating volume "multi-node_wazuh-indexer-data-3" with default driver
Creating volume "multi-node_wazuh-dashboard-config" with default driver
Creating volume "multi-node_wazuh-dashboard-custom" with default driver
Creating multi-node_wazuh.master_1 ... done
Creating multi-node_wazuh3.indexer_1 ... done
Creating multi-node_wazuh1.indexer_1 ... done
Creating multi-node_wazuh.worker_1 ... done
Creating multi-node_wazuh2.indexer_1 ... done
Creating multi-node_wazuh.dashboard_1 ... done
Creating multi-node_nginx_1 ... done
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cce5b43a6d88 nginx:stable "/docker-entrypoint.…" About a minute ago Up About a minute 80/tcp, 0.0.0.0:1514->1514/tcp, :::1514->1514/tcp multi-node_nginx_1
1cf004d2e188 wazuh/wazuh-dashboard:4.7.5 "/entrypoint.sh" About a minute ago Up About a minute 443/tcp, 0.0.0.0:443->5601/tcp, :::443->5601/tcp multi-node_wazuh.dashboard_1
6beb625d0f71 wazuh/wazuh-indexer:4.7.5 "/entrypoint.sh open…" About a minute ago Up About a minute 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp multi-node_wazuh1.indexer_1
41022023e4df wazuh/wazuh-manager:4.7.5 "/init" About a minute ago Up About a minute 1514-1516/tcp, 514/udp, 55000/tcp multi-node_wazuh.worker_1
2c404677fd00 wazuh/wazuh-indexer:4.7.5 "/entrypoint.sh open…" About a minute ago Up About a minute 9200/tcp multi-node_wazuh2.indexer_1
fcbc378c426b wazuh/wazuh-indexer:4.7.5 "/entrypoint.sh open…" About a minute ago Up About a minute 9200/tcp multi-node_wazuh3.indexer_1
cb879b61ea62 wazuh/wazuh-manager:4.7.5 "/init" About a minute ago Up About a minute 1514/tcp, 0.0.0.0:1515->1515/tcp, :::1515->1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 1516/tcp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp multi-node_wazuh.master_1
$ curl -XGET "https://0.0.0.0:9200/_cluster/health?pretty=true" -u admin:SecretPassword -k -s
{
"cluster_name" : "wazuh-cluster",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 3,
"number_of_data_nodes" : 3,
"discovered_master" : true,
"discovered_cluster_manager" : true,
"active_primary_shards" : 7,
"active_shards" : 15,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
$ curl -XGET --silent https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I -s
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
osd-name: wazuh.dashboard
x-frame-options: sameorigin
cache-control: private, no-cache, no-store, must-revalidate
set-cookie: security_authentication=Fe26.2**d1de0331d629af21082284b787897331fa4bffe6bb63febf12d05c5e88528dea*YZWJvO0pLMuWeYDmFmu5cA*fc-sJPgxQEeRQXpnujE7JgK1TUaBQcG0EFJcJ2o4umNHMmwT85UJKkGaKkWKsUBETLiIovDY8MpWEGS_6rZi4wyWnh6hTf-gqLDvKGBTcRi7Zp-iJRW2Q62V2cOhnD5sIlrJ0giULBHyLAjVNMUZKN7OCNi_mb80rJOAl92-wYMbFGzejAe2Bf3PMy_qWBLc**5c087a31182ae407f629fd2244a6c9a34445ea64757639a0ae2cbef58f17eade*bxqvgvl3ytIBswf0gjicUclfUUGxWbavN_pxTwWeHhg; HttpOnly; Path=/
content-length: 92350
vary: accept-encoding
accept-ranges: bytes
Date: Fri, 07 Jun 2024 11:31:38 GMT
Connection: keep-alive
Keep-Alive: timeout=120
$ TOKEN=$(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
$ curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer $TOKEN"
{
"data": {
"affected_items": [
{
"wazuh-agentlessd": "stopped",
"wazuh-analysisd": "running",
"wazuh-authd": "running",
"wazuh-csyslogd": "stopped",
"wazuh-dbd": "stopped",
"wazuh-monitord": "running",
"wazuh-execd": "running",
"wazuh-integratord": "stopped",
"wazuh-logcollector": "running",
"wazuh-maild": "stopped",
"wazuh-remoted": "running",
"wazuh-reportd": "stopped",
"wazuh-syscheckd": "running",
"wazuh-clusterd": "running",
"wazuh-modulesd": "running",
"wazuh-db": "running",
"wazuh-apid": "running"
}
],
"total_affected_items": 1,
"total_failed_items": 0,
"failed_items": []
},
"message": "Processes status was successfully read",
"error": 0
$ docker exec multi-node_wazuh.master_1 sh -c 'filebeat test output'
elasticsearch: https://wazuh1.indexer:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 172.24.0.5
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2
$ docker exec multi-node_wazuh.worker_1 sh -c 'filebeat test output'
elasticsearch: https://wazuh1.indexer:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 172.24.0.5
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2
$ |
|
Image pushed by release process job:
|
This was referenced Jun 10, 2024
7 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Due to the need to make changes to the Cert tool image referring to different versions of Wazuh, it is necessary to version the wazuh/wazuh-certs-generator image together with each new release of Wazuh.
We are currently using the same image for all releases and we have needed to modify it for the upcoming version v4.8.0, so we think it is necessary that we can have a versioning to be able to apply changes to the image and not affect previous versions of Wazuh.
We are currently using the same image for all releases and we have needed to modify it for the upcoming version v4.8.0, so we think it is necessary that we can have a versioning to be able to apply changes to the image and not affect previous versions of Wazuh
Tasks
The text was updated successfully, but these errors were encountered: