Adding Filebeat module and adapted Elasticsearch IP #144

rshad · 2019-08-08T13:16:01Z

Hi all!

Resolution for #145

This PR includes the corresponding changes to add Filebeat module to Wazuh installation using Puppet. We also adapted Elasticsearch IP so to not be assigned as localhost due to proven errors we got during the installation.

Filebeat module installation

wazuh-puppet/manifests/filebeat.pp

Lines 38 to 51 in 1301d40

    
           exec { 'Installing filebeat module ... Downloading package': 
        
            path    => '/usr/bin', 
        
            command => "curl -o /root/${$wazuh_module_filebeat_module} https://packages-dev.wazuh.com/3.x/filebeat/${$wazuh_module_filebeat_module}", 
        
           } 
        
           exec { 'Unpackaging ...': 
        
             command => "/bin/tar -xzvf /root/wazuh-filebeat-0.1.tar.gz -C /usr/share/filebeat/module", 
        
             notify  => Service['filebeat'] 
        
           } 
        
           file { '/usr/share/filebeat/module/wazuh': 
        
             ensure => 'directory', 
        
             mode   => '0755', 
        
           }

Adapting Elasticsearch IP in [Filebeat, Elasticsearch and Kibana] manifests

wazuh-puppet/manifests/filebeat.pp

Line 4 in 1301d40

$filebeat_elasticsearch_ip = '<YOUR_ELASTICSEARCH_IP>',

wazuh-puppet/manifests/elasticsearch.pp

Line 20 in 1301d40

$elasticsearch_ip = '<YOUR_ELASTICSEARCH_IP>',

wazuh-puppet/manifests/kibana.pp

Line 9 in 1301d40

$kibana_elasticsearch_ip = '<YOUR_ELASTICSEARCH_IP>',

Kind regards,

Rshad

manifests/elasticsearch.pp

manifests/filebeat.pp

manifests/kibana.pp

jm404

Hi @rshad ,

Please review the changes requested!

Thanks

CHANGELOG.md

jm404 · 2019-08-09T06:42:01Z

manifests/filebeat.pp

@@ -10,8 +10,11 @@
  $filebeat_version = '7.2.0',
  $wazuh_app_version = '3.9.4_7.2.0',
  $wazuh_extensions_version = 'v3.9.4',
+  $wazuh_module_filebeat_module = 'wazuh-filebeat-0.1.tar.gz',


Lets change this to wazuh_filebeat_module I think it clearer

jm404 · 2019-08-09T06:42:28Z

manifests/filebeat.pp

@@ -32,10 +35,23 @@
    notify  => Service['filebeat']
  }

+  exec { 'Installing filebeat module ... Downloading package':
+   path    => '/usr/bin',
+   command => "curl -o /root/${$wazuh_module_filebeat_module} https://packages-dev.wazuh.com/3.x/filebeat/${$wazuh_module_filebeat_module}",


Also changing here for wazuh_filebeat_module

jm404

Hi @rshad please have a look at the little changes.

Thanks!

jm404

LGTM!

rshad added 6 commits August 7, 2019 13:23

added the installation of filebeat module

561fea3

fixes for filebeat.pp manifest

8ab9558

improved filebeat.pp and corrected the the installation flow ..

3191ecc

fixes to filebeat.pp

72ac040

replacing wget by curl

f07524f

adapted kibana

0d3f6ea

rshad changed the base branch from master to 3.9.4_7.2.0 August 8, 2019 13:16

jm404 self-requested a review August 8, 2019 13:21

jm404 added the enhancement label Aug 8, 2019

Updated CHANGELOG.md

6101730