Make Wazuh Agent able to register and report to different IPs #136
Conversation
manifests/agent.pp
Outdated
| @@ -53,8 +53,8 @@ | |||
|
|
|||
| # Server configuration | |||
|
|
|||
| $ossec_ip = $wazuh::params_agent::ossec_ip, | |||
| $ossec_hostname = $wazuh::params_agent::ossec_hostname, | |||
| $ossec_registration_ip = $wazuh::params_agent::ossec_registration_ip, | |||
There was a problem hiding this comment.
Why are we postfixing the parameter name with_ip? Wazuh supports both an IP or a domain name.
We could name those parameters wazuh_master_endpoint and wazuh_workers_enpoint.
There was a problem hiding this comment.
You are right! Domains can also be specified and this naming could confuse users.
I like the naming you propose for cluster but I think it could be confusing for non-cluster configurations, as you would have to declare master and worker endpoint for same IP/domain and user that are not familiar with cluster could be confused in my opinion.
Something like: wazuh_register_endpoint and wazuh_reporting_endpoint comes to my mind in a quick approach
There was a problem hiding this comment.
We don't need to declare both wazuh_master_endpoint and wazuh_workers_enpoint if we bring back double <address> in the ossec.conf file:
<%- if @wazuh_register_endpoint then -%>
<address><%= @wazuh_master_endpoint %></address>
<%- end -%>
<%- if @wazuh_reporting_endpoint then -%>
<address><%= @wazuh_workers_enpoint %></address>
<%- end -%>
The Wazuh agent takes the last one as I wrote in #110 (comment).
But it conflicts with my suggestion of setting 127.0.0.1 as a default value for both 😄 If a user of the Puppet modules sets a value for wazuh_master_endpoint, but not for wazuh_workers_endpoint, he would end up with his agents reporting to 127.0.0.1.
I agree with your naming suggestion and I think setting 127.0.0.1 as a default value might cause issues, so lets keep undef! 🎉
There was a problem hiding this comment.
That's exactly what I tried to point out, I think this way users have more flexibility and they could even register agents without configuring them to do it later or in with other tool.
Anyway, we are really happy about this kind of discussion since it helps us to understand the user's needs and make the code better.
Feel free to comment anytime, feedback is always welcome!
manifests/agent.pp
Outdated
| if ( ( $ossec_ip == undef ) and ( $ossec_hostname == undef ) and ( $ossec_address == undef ) ) { | ||
| fail('must pass either $ossec_ip or $ossec_hostname or $ossec_address to Class[\'wazuh::agent\'].') | ||
| if (($manage_client_keys == 'yes')){ | ||
| if ( ( $ossec_registration_ip == undef ) or ( $ossec_reporting_ip == undef ) ) { |
There was a problem hiding this comment.
Here, we have a or, but if we look below, this class cannot work without a value for ossec_registration_ip.
We should change the condition or adapt the code below.
There was a problem hiding this comment.
Oh, you are completely right, I will fix it.
Thanks for reporting!
manifests/params_agent.pp
Outdated
| $ossec_ip = 'YOUR_MANAGER_IP' | ||
| $ossec_hostname = undef | ||
| $ossec_address = undef | ||
| $ossec_registration_ip = undef |
There was a problem hiding this comment.
Could we set '127.0.0.0' as a default value?
When building an AWS IAM that will be used in multiple environments, you want to install the Wazuh agent without registering it. In the AMI build, you cannot set the final master/worker nodes endpoints because they change from one environment to another.
Setting a default value like '127.0.0.0' will simplify the code that installs the Wazuh agent without registering it.
There was a problem hiding this comment.
I declared them to be undef to make sure users consciously set them to avoid misconfigurations, but as you stated maybe configure it to 127.0.0.0 would be a good idea, I will think about it.
I take the chance to mention that I implemented a variable to configure if the Agent will atempt to auto-register or not: $manage_client_keys
You can check it at:
wazuh-puppet/manifests/params_agent.pp
Line 15 in a172a11
Thanks again for contributing!
|
Hi team, After reviewing the recommendations of @JPLachance , I modified the PR: Changes
Best regards! Jose |
Hi team,
This PR fixes #110 , there are two new parameters
$ossec_registration_ipwhich is used by authd to register the Agent and$ossec_reporting_ipwhich will establish to which IP will the agent report.The parameters
$ossec_ipand$ossec_hostnamehave been deprecated in favor of the new ones.Best regards,
Jose