Changed API configuration step in offline documentation #7234
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
teddytpc1
previously approved these changes
Apr 29, 2024
javimed
requested changes
Apr 29, 2024
| @@ -444,14 +444,14 @@ Installing the Wazuh dashboard | |||
|
|
|||
| .. include:: /_templates/installations/dashboard/enable_dashboard.rst | |||
|
|
|||
| #. **Only for distributed deployments**: Edit the file ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` and replace the ``url`` value with the IP address or hostname of the Wazuh server master node. | |||
| #. Edit the file ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` and replace the ``url`` value with the IP address or hostname of the Wazuh server master node. | |||
There was a problem hiding this comment.
Suggested change
| #. Edit the file ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` and replace the ``url`` value with the IP address or hostname of the Wazuh server master node. | |
| #. Edit the file ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` and replace the ``url`` value with the IP address or hostname of the Wazuh server master node. |
|
|
||
| .. code-block:: yaml | ||
| :emphasize-lines: 3 | ||
|
|
||
| hosts: | ||
| - default: | ||
| url: https://localhost | ||
| url: https://<wazuh_server_ip> |
There was a problem hiding this comment.
Suggested change
| url: https://<wazuh_server_ip> | |
| url: https://<WAZUH_SERVER_IP_ADDRESS> |
There was a problem hiding this comment.
We use uppercase and underscores for placeholders.
| @@ -463,7 +463,7 @@ Installing the Wazuh dashboard | |||
|
|
|||
| #. Access the web interface. | |||
|
|
|||
| - URL: *https://<wazuh_server_ip>* | |||
| - URL: *https://<wazuh_dashboard_ip>* | |||
There was a problem hiding this comment.
Suggested change
| - URL: *https://<wazuh_dashboard_ip>* | |
| - URL: *https://<WAZUH_DASHBOARD_IP_ADDRESS>* |
| @@ -99,20 +99,20 @@ Starting the Wazuh dashboard service | |||
| .. include:: /_templates/installations/dashboard/enable_dashboard.rst | |||
|
|
|||
|
|
|||
| **Only for distributed deployments** | |||
|
|
|||
| @@ -99,20 +99,20 @@ Starting the Wazuh dashboard service | |||
| .. include:: /_templates/installations/dashboard/enable_dashboard.rst | |||
|
|
|||
|
|
|||
| **Only for distributed deployments** | |||
|
|
|||
|
|
|||
| @@ -99,20 +99,20 @@ Starting the Wazuh dashboard service | |||
| .. include:: /_templates/installations/dashboard/enable_dashboard.rst | |||
|
|
|||
|
|
|||
| run_as: false | ||
| hosts: | ||
| - default: | ||
| url: https://<wazuh_server_ip> |
There was a problem hiding this comment.
Suggested change
| url: https://<wazuh_server_ip> | |
| url: https://<WAZUH_SERVER_IP_ADDRESS> |
|
Changes of Show log[root@ip-172-31-36-140 ec2-user]# bash wazuh-install.sh -dw rpm
30/04/2024 16:29:19 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
30/04/2024 16:29:19 INFO: Verbose logging redirected to /var/log/wazuh-install.log
30/04/2024 16:29:22 INFO: Verifying that your system meets the recommended minimum hardware requirements.
30/04/2024 16:29:28 INFO: --- Download Packages ---
30/04/2024 16:29:28 INFO: Starting Wazuh packages download.
30/04/2024 16:29:28 INFO: Downloading Wazuh rpm packages for x86_64.
30/04/2024 16:29:33 INFO: The manager package was downloaded.
30/04/2024 16:29:34 INFO: The filebeat package was downloaded.
30/04/2024 16:29:44 INFO: The indexer package was downloaded.
30/04/2024 16:29:49 INFO: The dashboard package was downloaded.
30/04/2024 16:29:49 INFO: The packages are in wazuh-offline/wazuh-packages
30/04/2024 16:29:49 INFO: Downloading configuration files and assets.
30/04/2024 16:29:49 INFO: The resource https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH was downloaded.
30/04/2024 16:29:50 INFO: The resource https://packages-dev.wazuh.com/4.8/tpl/wazuh/filebeat/filebeat.yml was downloaded.
30/04/2024 16:29:50 INFO: The resource https://raw.githubusercontent.com/wazuh/wazuh/4.8.0/extensions/elasticsearch/7.x/wazuh-template.json was downloaded.
30/04/2024 16:29:50 INFO: The resource https://packages-dev.wazuh.com/pre-release/filebeat/wazuh-filebeat-0.4.tar.gz was downloaded.
30/04/2024 16:29:50 INFO: The configuration files and assets are in wazuh-offline.tar.gz
30/04/2024 16:31:01 INFO: You can follow the installation guide here https://documentation.wazuh.com/current/deployment-options/offline-installation.html
[root@ip-172-31-36-140 ec2-user]# curl -sO https://packages-dev.wazuh.com/4.8/config.yml
[root@ip-172-31-36-140 ec2-user]# nano config.yml
[root@ip-172-31-36-140 ec2-user]# curl -sO https://packages-dev.wazuh.com/4.8/wazuh-certs-tool.sh
[root@ip-172-31-36-140 ec2-user]# bash wazuh-certs-tool.sh --all
30/04/2024 16:32:42 INFO: Generating the root certificate.
30/04/2024 16:32:42 INFO: Generating Admin certificates.
30/04/2024 16:32:42 INFO: Admin certificates created.
30/04/2024 16:32:42 INFO: Generating Wazuh indexer certificates.
30/04/2024 16:32:43 INFO: Wazuh indexer certificates created.
30/04/2024 16:32:43 INFO: Generating Filebeat certificates.
30/04/2024 16:32:43 INFO: Wazuh Filebeat certificates created.
30/04/2024 16:32:43 INFO: Generating Wazuh dashboard certificates.
30/04/2024 16:32:43 INFO: Wazuh dashboard certificates created.
[root@ip-172-31-36-140 ec2-user]# tar xf wazuh-offline.tar.gz
[root@ip-172-31-36-140 ec2-user]# rpm --import ./wazuh-offline/wazuh-files/GPG-KEY-WAZUH
[root@ip-172-31-36-140 ec2-user]# rpm -ivh ./wazuh-offline/wazuh-packages/wazuh-indexer*.rpm
Preparing... ################################# [100%]
Updating / installing...
1:wazuh-indexer-4.8.0-1 ################################# [100%]
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
[root@ip-172-31-36-140 ec2-user]# NODE_NAME=node-1
[root@ip-172-31-36-140 ec2-user]# mkdir /etc/wazuh-indexer/certs
[root@ip-172-31-36-140 ec2-user]# mv -n wazuh-certificates/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem
[root@ip-172-31-36-140 ec2-user]# mv -n wazuh-certificates/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem
[root@ip-172-31-36-140 ec2-user]# mv wazuh-certificates/admin-key.pem /etc/wazuh-indexer/certs/
[root@ip-172-31-36-140 ec2-user]# mv wazuh-certificates/admin.pem /etc/wazuh-indexer/certs/
[root@ip-172-31-36-140 ec2-user]# cp wazuh-certificates/root-ca.pem /etc/wazuh-indexer/certs/
[root@ip-172-31-36-140 ec2-user]# chmod 500 /etc/wazuh-indexer/certs
[root@ip-172-31-36-140 ec2-user]# chmod 400 /etc/wazuh-indexer/certs/*
[root@ip-172-31-36-140 ec2-user]# chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs
[root@ip-172-31-36-140 ec2-user]# nano /etc/wazuh-indexer/opensearch.yml
[root@ip-172-31-36-140 ec2-user]# systemctl daemon-reload
[root@ip-172-31-36-140 ec2-user]# systemctl enable wazuh-indexer
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service to /usr/lib/systemd/system/wazuh-indexer.service.
[root@ip-172-31-36-140 ec2-user]# systemctl start wazuh-indexer
[root@ip-172-31-36-140 ec2-user]# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
[root@ip-172-31-36-140 ec2-user]# curl -XGET https://127.0.0.1:9200 -u admin:admin -k
{
"name" : "node-1",
"cluster_name" : "wazuh-cluster",
"cluster_uuid" : "hiJYvQy-R02Jk9jZn76R-Q",
"version" : {
"number" : "7.10.2",
"build_type" : "rpm",
"build_hash" : "eee49cb340edc6c4d489bcd9324dda571fc8dc03",
"build_date" : "2023-09-20T23:54:29.889267151Z",
"build_snapshot" : false,
"lucene_version" : "9.7.0",
"minimum_wire_compatibility_version" : "7.10.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "The OpenSearch Project: https://opensearch.org/"
}
[root@ip-172-31-36-140 ec2-user]# curl -XGET https://localhost:9200 -u admin:admin -k
{
"name" : "node-1",
"cluster_name" : "wazuh-cluster",
"cluster_uuid" : "hiJYvQy-R02Jk9jZn76R-Q",
"version" : {
"number" : "7.10.2",
"build_type" : "rpm",
"build_hash" : "eee49cb340edc6c4d489bcd9324dda571fc8dc03",
"build_date" : "2023-09-20T23:54:29.889267151Z",
"build_snapshot" : false,
"lucene_version" : "9.7.0",
"minimum_wire_compatibility_version" : "7.10.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "The OpenSearch Project: https://opensearch.org/"
}
[root@ip-172-31-36-140 ec2-user]# rpm --import ./wazuh-offline/wazuh-files/GPG-KEY-WAZUH
[root@ip-172-31-36-140 ec2-user]# rpm -ivh ./wazuh-offline/wazuh-packages/wazuh-manager*.rpm
Preparing... ################################# [100%]
Updating / installing...
1:wazuh-manager-4.8.0-1 ################################# [100%]
[root@ip-172-31-36-140 ec2-user]# /var/ossec/bin/wazuh-keystore -f indexer ^C password -v admin
[root@ip-172-31-36-140 ec2-user]# /var/ossec/bin/wazuh-keystore -f indexer -k username -v admin
[root@ip-172-31-36-140 ec2-user]# /var/ossec/bin/wazuh-keystore -f indexer -k password -v admin
[root@ip-172-31-36-140 ec2-user]# systemctl daemon-reload
[root@ip-172-31-36-140 ec2-user]# systemctl enable wazuh-manager
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-manager.service to /usr/lib/systemd/system/wazuh-manager.service.
[root@ip-172-31-36-140 ec2-user]# systemctl start wazuh-manager
[root@ip-172-31-36-140 ec2-user]# rpm -ivh ./wazuh-offline/wazuh-packages/filebeat*.rpm
Preparing... ################################# [100%]
Updating / installing...
1:filebeat-7.10.2-1 ################################# [100%]
[root@ip-172-31-36-140 ec2-user]# cp ./wazuh-offline/wazuh-files/filebeat.yml /etc/filebeat/ &&\
> cp ./wazuh-offline/wazuh-files/wazuh-template.json /etc/filebeat/ &&\
> chmod go+r /etc/filebeat/wazuh-template.json
cp: overwrite ‘/etc/filebeat/filebeat.yml’? y
[root@ip-172-31-36-140 ec2-user]# nano /etc/filebeat/filebeat.yml
[root@ip-172-31-36-140 ec2-user]# filebeat keystore create
Created filebeat keystore
[root@ip-172-31-36-140 ec2-user]# echo admin | filebeat keystore add username --stdin --force
Successfully updated the keystore
[root@ip-172-31-36-140 ec2-user]# echo admin | filebeat keystore add password --stdin --force
Successfully updated the keystore
[root@ip-172-31-36-140 ec2-user]# tar -xzf ./wazuh-offline/wazuh-files/wazuh-filebeat-0.4.tar.gz -C /usr/share/filebeat/module
[root@ip-172-31-36-140 ec2-user]# NODE_NAME=wazuh-1
[root@ip-172-31-36-140 ec2-user]# mkdir /etc/filebeat/certs
[root@ip-172-31-36-140 ec2-user]# mv -n wazuh-certificates/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem
[root@ip-172-31-36-140 ec2-user]# mv -n wazuh-certificates/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem
[root@ip-172-31-36-140 ec2-user]# cp wazuh-certificates/root-ca.pem /etc/filebeat/certs/
[root@ip-172-31-36-140 ec2-user]# chmod 500 /etc/filebeat/certs
[root@ip-172-31-36-140 ec2-user]# chmod 400 /etc/filebeat/certs/*
[root@ip-172-31-36-140 ec2-user]# chown -R root:root /etc/filebeat/certs
[root@ip-172-31-36-140 ec2-user]# systemctl daemon-reload
[root@ip-172-31-36-140 ec2-user]# systemctl enable filebeat
Created symlink from /etc/systemd/system/multi-user.target.wants/filebeat.service to /usr/lib/systemd/system/filebeat.service.
[root@ip-172-31-36-140 ec2-user]# systemctl start filebeat
[root@ip-172-31-36-140 ec2-user]# filebeat test output
elasticsearch: https://127.0.0.1:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 127.0.0.1
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2
[root@ip-172-31-36-140 ec2-user]# rpm --import ./wazuh-offline/wazuh-files/GPG-KEY-WAZUH
[root@ip-172-31-36-140 ec2-user]# rpm -ivh ./wazuh-offline/wazuh-packages/wazuh-dashboard*.rpm
Preparing... ################################# [100%]
Updating / installing...
1:wazuh-dashboard-4.8.0-1 ################################# [100%]
[root@ip-172-31-36-140 ec2-user]# NODE_NAME=dashboard
[root@ip-172-31-36-140 ec2-user]# mkdir /etc/wazuh-dashboard/certs
[root@ip-172-31-36-140 ec2-user]# mv -n wazuh-certificates/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
[root@ip-172-31-36-140 ec2-user]# mv -n wazuh-certificates/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
[root@ip-172-31-36-140 ec2-user]# cp wazuh-certificates/root-ca.pem /etc/wazuh-dashboard/certs/
[root@ip-172-31-36-140 ec2-user]# chmod 500 /etc/wazuh-dashboard/certs
[root@ip-172-31-36-140 ec2-user]# chmod 400 /etc/wazuh-dashboard/certs/*
[root@ip-172-31-36-140 ec2-user]# chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
[root@ip-172-31-36-140 ec2-user]# nano /etc/wazuh-dashboard/opensearch_dashboards.yml
[root@ip-172-31-36-140 ec2-user]# systemctl daemon-reload
[root@ip-172-31-36-140 ec2-user]# systemctl enable wazuh-dashboard
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service to /etc/systemd/system/wazuh-dashboard.service.
[root@ip-172-31-36-140 ec2-user]# systemctl start wazuh-dashboard
[root@ip-172-31-36-140 ec2-user]# nano /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
[root@ip-172-31-36-140 ec2-user]# curl -u wazuh-wui:wazuh-wui -k -X GET "https://127.0.0.1:55000/security/user/authenticate?raw=true"
eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNzE0NDk1Nzk3LCJleHAiOjE3MTQ0OTY2OTcsInN1YiI6IndhenVoLXd1aSIsInJ1bl9hcyI6ZmFsc2UsInJiYWNfcm9sZXMiOlsxXSwicmJhY19tb2RlIjoid2hpdGUifQ.AG6kZBmP79GsYbbszxRq0TDWVSu7iLoyZ3GApQ6Unjsc1_NMEBmRpvYRLLH5hYDZmXydd2iV3MpXktwncBXmOcX9Ad1WWVyCVIth8V_G46rriPAP56lQ06Rmi57ZqEeqFCssH0bj1mu61LeYMnGxeg5SkF7kQNTKjuH8mWwujRLuGZSF[root@ip-172-31-36-140 ec2-user]#
|
javimed
approved these changes
Apr 30, 2024
teddytpc1
approved these changes
May 2, 2024
javimed
deleted the
change/7225-change-api-configuration-step-in-offline-documentation
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Closes: #7225
The aim of this to change the
localhostvalue of the/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.ymlfile of the Wazuh offline documentation and the Step-by-step documentation of the Wazuh dashboard installation.This change is done because we do not support the
localhostvalue in that file due to wazuh/wazuh-packages#2771. This also implies to remove theOnly for distributed deploymentsnote.Also, I flxed a typo in the Offline documentation.
Checks
Docs building
Code formatting and web optimization
redirects.jsscript if necessary (check this guide).Writing style
codefont for Bash commands, file names, REST paths, and code.