Adapt agent package generation workflows with VPN and allocator module

[jotacarma90]

Related Issue
Wazuh packages redesign tier 1 - Stage 2 - Migrate and adapt Wazuh subsystem repositories

Description

This issue is to work on the packet generation workflows that need the Wazuh VPN and the use of the allocator module for special machines (arm and macOS/windows signatures).
After migrating those workflows, for security reasons, to the private repo in this issue: https://github.com/wazuh/wazuh-agent-packages/issues/1
This issue is going to be used to reference the PRs in the private repo that introduce the necessary steps to have the packages complete.

Tasks

• Wazuh agent Windows sign tool - https://github.com/wazuh/wazuh-agent-packages/pull/8
• Wazuh agent macOS sign tool arm64 and intel64 - https://github.com/wazuh/wazuh-agent-packages/pull/9
• Wazuh agent ARM architecture - https://github.com/wazuh/wazuh-agent-packages/pull/10

Blocked by

Connection problems with the environment.

• DTT1 - Iteration 3 - Allocation module - Update Host for macOS Intel with the new macStadium host wazuh-qa#5226
• https://github.com/wazuh/internal-devel-requests/issues/1054
• https://github.com/wazuh/internal-devel-requests/issues/1004

[jotacarma90]

Update 10/04/2024

• I have been reading and analyzing the allocator module documentation:
• Working on the code for package generation workflows that need special machines.
• Added the steps to install and connect the VPN.
• Added the steps to download, install and configure the allocator module (Pending some steps)
• Follow up thread: https://wazuh-team.slack.com/archives/C06Q9QHP0QP/p1712597177934839

[jotacarma90]

Update 16/04/2024

• Working with the Linux ARM package generation script.
• List of available machines: https://github.com/wazuh/wazuh-qa/blob/4495-dtt1-release/deployability/modules/allocation/static/specs/os.yml
• Analyzing necessary parameters and how to work with the machine through SSH.
• Thread with more info: https://wazuh-team.slack.com/archives/C038AR25C8N/p1712920106416719
• Trying to get the allocator module to work locally.

[MarcelKemp]

Status

In progress

Because we are working on the unlocked parts of both Linux ARM and macOS ARM (unsigned).

Still blocked

Please note that it is still blocked due to lack of provisioning of Windows machine (with certificates to sign), intel64 macOS machine and macOS machine to sign the package:

• DTT1 - Iteration 3 - Allocation module - Update Host for macOS Intel with the new macStadium host wazuh-qa#5226
• https://github.com/wazuh/internal-devel-requests/issues/1054
• https://github.com/wazuh/internal-devel-requests/issues/1004

[jotacarma90]

Update 17/04/2024

Thread with comments: https://wazuh-team.slack.com/archives/C06Q9QHP0QP/p1713349465431879
New testing in local with allocator module.
New changes upload to branch 22839-signing-packages with new flow of the ARM agents workflow.
Waiting permissions: https://github.com/wazuh/internal-devel-requests/issues/1060
Blocked by issue: https://github.com/wazuh/wazuh-agent-packages/issues/1

[mjcr99]

Updates:

(30/04/2024): Implemented allocator usage in arm packages build workflow.
(02/05/2024): Fixed missing steps, workflow working properly, pending open PR.
(03/05/2024): Opened PR and tested different cases.
(06/05/2024): Applied requested changes by the team.

[jotacarma90]

Update 06/05/2024

I continue testing workflows related to Windows and macOS:

• Windows:

  • Tested the machine with the ssh server where we are going to generate and sign the packages. Issue comment: https://github.com/wazuh/internal-devel-requests/issues/1103#issuecomment-2096087823
  • Waiting for the machine to be available in the allocator to launch the generation workflows.
  • Workflows updated with the use of ssh, pending testing.

• macOS:

  • arm64:

    • Waiting for the machine to be available in the allocator.
    • Multiple problems running workflows, connection problems, macStadium busy, etc. Example.
    • Fixed problem with secrets needed for signing. Thread:
    • Continued to debug problems.

  • intel64:

    • Testing compilation on macos-highsierra-10.13.6-amd64 box, but multiple dependencies need to be installed.
    • Waiting for the macos-sierragcc9-10.12.6-amd64 box, which has what is needed for compilation.
    • Encountered some unstable connection problems.

[jotacarma90]

Update 07/05/2024

• Solving compiler problems and different machines for macOS intel64 and macOS.
• Investigating connection issues and different options.

[jotacarma90]

Update 08/05/2024

• I'm still debugging and fixing bugs in the package generation scripts.
• The Windows machine is now available for testing.
• There are still some instability problems with the VPN that make testing very difficult.

[jotacarma90]

Update 09/05/2024

• I continue to try to finish the workflows and test them correctly.
• Windows package generation is finished correctly.
• Windows PR ready for review: https://github.com/wazuh/wazuh-agent-packages/pull/8
• macOS intel64 I have been able to complete the compile phase on the intel machine, for signing, as we use an ARM machine, we - have issues with busy machines.
• We continue to have VPN instability issues.