From 277d2e9d2d9e0f72b5f814f9e152c396bf18bd97 Mon Sep 17 00:00:00 2001 From: quebim Date: Mon, 21 Oct 2024 18:17:28 -0300 Subject: [PATCH 01/24] Add MVP validation tests bash scripts --- test-tools/scripts/00_check_package_built.sh | 75 +++++++++++ test-tools/scripts/01_check_installation.sh | 113 +++++++++++++++++ test-tools/scripts/02_apply_certificates.sh | 78 ++++++++++++ test-tools/scripts/03_check_service.sh | 46 +++++++ .../scripts/04_cluster_initialization.sh | 74 +++++++++++ test-tools/scripts/05_check_plugins.sh | 79 ++++++++++++ test-tools/scripts/06_check_setup_plugin.sh | 116 ++++++++++++++++++ .../07_check_command_manager_plugin.sh | 82 +++++++++++++ test-tools/scripts/08_check_uninstall.sh | 56 +++++++++ 9 files changed, 719 insertions(+) create mode 100644 test-tools/scripts/00_check_package_built.sh create mode 100644 test-tools/scripts/01_check_installation.sh create mode 100644 test-tools/scripts/02_apply_certificates.sh create mode 100644 test-tools/scripts/03_check_service.sh create mode 100644 test-tools/scripts/04_cluster_initialization.sh create mode 100644 test-tools/scripts/05_check_plugins.sh create mode 100644 test-tools/scripts/06_check_setup_plugin.sh create mode 100644 test-tools/scripts/07_check_command_manager_plugin.sh create mode 100644 test-tools/scripts/08_check_uninstall.sh diff --git a/test-tools/scripts/00_check_package_built.sh b/test-tools/scripts/00_check_package_built.sh new file mode 100644 index 0000000000000..5f09d690f7c35 --- /dev/null +++ b/test-tools/scripts/00_check_package_built.sh @@ -0,0 +1,75 @@ +#!/bin/bash + +## SPDX-License-Identifier: Apache-2.0 +## The OpenSearch Contributors require contributions made to +# this file be licensed under the Apache-2.0 license or a +# compatible open source license. + +# Check if the necessary arguments are provided +if [ "$#" -ne 2 ]; then + echo "Usage: $0 <(Optional)PKG_REVISION>" + echo + echo "Parameters:" + echo " RUN_ID The GHA workflow execution ID." + echo " PKG_VERSION The version of the wazuh-indexer package." + echo " PKG_REVISION (Optional) The revision of the package. Defaults to 'test' if not provided." + echo + echo "Please ensure you have the GITHUB_TOKEN environment variable set to access the GitHub repository." + echo + exit 1 +fi + +RUN_ID=$1 +PKG_VERSION=$2 +PKG_REVISION=${3:-"0"} +REPO="wazuh/wazuh-indexer" +URL="https://api.github.com/repos/$REPO/actions/artifacts" + +# Detect OS and architecture +if [ -f /etc/os-release ]; then + . /etc/os-release + OS=$(echo $NAME | tr '[:upper:]' '[:lower:]') +else + echo "Unsupported OS." + exit 1 +fi + +ARCH=$(uname -m) +# Determine package type +case "$OS" in + "ubuntu" | "debian") + PKG_FORMAT="deb" + [ "$ARCH" == "x86_64" ] && ARCH="amd64" + PKG_NAME="wazuh-indexer_${PKG_VERSION}-${PKG_REVISION}_${ARCH}.${PKG_FORMAT}" + ;; + "centos" | "fedora" | "rhel" | "red hat enterprise linux") + PKG_FORMAT="rpm" + PKG_NAME="wazuh-indexer-${PKG_VERSION}-${PKG_REVISION}.${ARCH}.${PKG_FORMAT}" + ;; + *) + echo "Unsupported OS. ${OS}" + exit 1 + ;; +esac + +# Fetch the list of artifacts +echo "Fetching artifacts list..." +RESPONSE=$(curl -s -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $GITHUB_TOKEN" -H "X-GitHub-Api-Version: 2022-11-28" $URL?name=$PKG_NAME) + +# Check if the curl command was successful +if [ $? -ne 0 ]; then + echo "Error: Failed to fetch artifacts." + exit 1 +fi + +# Check if the artifact from the specified workflow run ID exists +echo "Checking ${PKG_NAME} package is generated for workflow run ${RUN_ID}" +ARTIFACT=$(echo "$RESPONSE" | jq -e ".artifacts[] | select(.workflow_run.id == $RUN_ID)") + +if [ -n "$ARTIFACT" ]; then + ARTIFACT_ID=$(echo "$ARTIFACT" | jq -r '.id') + echo "Wazuh indexer package built successfully." + echo "[ Artifact ID: $ARTIFACT_ID ]" +else + echo "Error: Wazuh indexer package not found." +fi diff --git a/test-tools/scripts/01_check_installation.sh b/test-tools/scripts/01_check_installation.sh new file mode 100644 index 0000000000000..0dbf78edf1e15 --- /dev/null +++ b/test-tools/scripts/01_check_installation.sh @@ -0,0 +1,113 @@ +#!/bin/bash + +# SPDX-License-Identifier: Apache-2.0 +# The OpenSearch Contributors require contributions made to +# this file be licensed under the Apache-2.0 license or a +# compatible open source license. + +# Usage function to display help +usage() { + echo "Usage: $0 <(Optional)PKG_REVISION>" + echo + echo "Parameters:" + echo " ARTIFACT_ID The unique ID of the GHA artifact." + echo " PKG_VERSION The version of the wazuh-indexer package." + echo " PKG_REVISION (Optional) The revision of the package. Defaults to 'test' if not provided." + echo + echo "Please ensure you have the GITHUB_TOKEN environment variable set to access the GitHub repository." + echo + exit 1 +} + +# Check if GITHUB_TOKEN env var is set +if [ -z "$1" ]; then + echo "Error: Environment variable GITHUB_TOKEN is not configured." + usage +fi + +# Check if ARTIFACT_ID is provided +if [ -z "$1" ]; then + echo "Error: ARTIFACT_ID not provided." + usage +fi + +# Check if PKG_VERSION is provided +if [ -z "$2" ]; then + echo "Error: PKG_VERSION not provided." + usage +fi + +ARTIFACT_ID=$1 +PKG_VERSION=$2 +PKG_REVISION=${3:-"0"} +REPO="wazuh/wazuh-indexer" +URL="https://api.github.com/repos/${REPO}/actions/artifacts/${ARTIFACT_ID}/zip" + +# Detect OS and architecture +if [ -f /etc/os-release ]; then + . /etc/os-release + OS=$(echo $NAME | tr '[:upper:]' '[:lower:]') +else + echo "Unsupported OS." + exit 1 +fi + +ARCH=$(uname -m) +# Determine package type +case "$OS" in + "ubuntu" | "debian") + PKG_FORMAT="deb" + [ "$ARCH" == "x86_64" ] && ARCH="amd64" + # Construct package name + PKG_NAME="wazuh-indexer_${PKG_VERSION}-${PKG_REVISION}_${ARCH}.${PKG_FORMAT}" + ;; + "centos" | "fedora" | "rhel" | "red hat enterprise linux") + PKG_FORMAT="rpm" + # Construct package name + PKG_NAME="wazuh-indexer-${PKG_VERSION}-${PKG_REVISION}.${ARCH}.${PKG_FORMAT}" + ;; + *) + echo "Unsupported OS." + exit 1 + ;; +esac + +# Download the package +echo "Downloading wazuh-indexer package from GitHub artifactory..." +echo "(It could take a couple minutes)" +curl -L -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer $GITHUB_TOKEN" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + $URL -o package.zip > /dev/null 2>&1 +if [ $? -ne 0 ]; then + echo "Error downloading package." + exit 1 +fi +echo "Package downloaded successfully" + +# Unzip the package +echo "Decompressing wazuh-indexer package..." +unzip ./package.zip +rm package.zip +if [ $? -ne 0 ]; then + echo "Error unzipping package." + exit 1 +fi +echo "Package decompressed" + +# Install the package +echo "Installing wazuh-indexer package..." +case "$PKG_FORMAT" in + "deb") + sudo dpkg -i $PKG_NAME + ;; + "rpm") + sudo rpm -i $PKG_NAME + ;; +esac +if [ $? -ne 0 ]; then + echo "Error installing package." + exit 1 +fi + +echo "Package installed successfully." diff --git a/test-tools/scripts/02_apply_certificates.sh b/test-tools/scripts/02_apply_certificates.sh new file mode 100644 index 0000000000000..ca13ee6293360 --- /dev/null +++ b/test-tools/scripts/02_apply_certificates.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +# SPDX-License-Identifier: Apache-2.0 +# The OpenSearch Contributors require contributions made to +# this file be licensed under the Apache-2.0 license or a +# compatible open source license. + +# Function to display usage help +usage() { + echo + echo "Usage: $0 <(Optional)CURRENT_NODE_IP> <(Optional)SECOND_NODE_IP>" + echo + echo "Parameters:" + echo " CURRENT_NODE Name of the current node" + echo " SECOND_NODE Name of the second node" + echo " CURRENT_NODE_IP IP address of the current node (optional, defaults to CURRENT_NODE)" + echo " SECOND_NODE_IP IP address of the second node (optional, defaults to SECOND_NODE)" + echo + exit 1 +} + +# Check if at least two arguments are provided +if [ $# -lt 2 ]; then + usage +fi + +# Assigning variables +CURRENT_NODE=$1 +SECOND_NODE=$2 +CURRENT_NODE_IP=${3:-$CURRENT_NODE} +SECOND_NODE_IP=${4:-$SECOND_NODE} +CONFIG_FILE="/etc/wazuh-indexer/opensearch.yml" +BACKUP_FILE="./opensearch.yml.bak" + +# Backup the original config file +echo "Creating a backup of the original config file..." +cp $CONFIG_FILE $BACKUP_FILE + +# Replace values in the config file +echo "Updating configuration..." +sed -i "s/network\.host: \"0\.0\.0\.0\"/network.host: \"${CURRENT_NODE_IP}\"/" $CONFIG_FILE +sed -i "s/node\.name: \"node-1\"/node.name: \"${CURRENT_NODE}\"/" $CONFIG_FILE +sed -i "s/#discovery\.seed_hosts:/discovery.seed_hosts:\n - \"${CURRENT_NODE_IP}\"\n - \"${SECOND_NODE_IP}\"/" $CONFIG_FILE +sed -i "s/cluster\.initial_master_nodes:\n-\"node-1\"/cluster.initial_master_nodes:\n- ${CURRENT_NODE}\n- ${SECOND_NODE}/" $CONFIG_FILE +sed -i ':a;N;$!ba;s/plugins\.security\.nodes_dn:\n- "CN=node-1,OU=Wazuh,O=Wazuh,L=California,C=US"/plugins.security.nodes_dn:\n- "CN='"${CURRENT_NODE}"',OU=Wazuh,O=Wazuh,L=California,C=US"\n- "CN='"${SECOND_NODE}"',OU=Wazuh,O=Wazuh,L=California,C=US"/' $CONFIG_FILE + +if [ $? -eq 0 ]; then + echo "Configuration updated successfully. Backup created at ${BACKUP_FILE}" +else + echo "Error updating configuration." +fi + +# Directory for certificates +CERT_DIR="/etc/wazuh-indexer/certs" + +# Extract certificates +echo "Creating certificates directory and extracting certificates..." +mkdir -p $CERT_DIR +tar -xf ./wazuh-certificates.tar -C $CERT_DIR ./$CURRENT_NODE.pem ./$CURRENT_NODE-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem + +if [ $? -ne 0 ]; then + echo "Error extracting certificates." + exit 1 +fi + +# Move and set permissions for certificates +echo "Moving and setting permissions for certificates..." +mv -n $CERT_DIR/$CURRENT_NODE.pem $CERT_DIR/indexer.pem +mv -n $CERT_DIR/$CURRENT_NODE-key.pem $CERT_DIR/indexer-key.pem +chmod 500 $CERT_DIR +chmod 400 $CERT_DIR/* +chown -R wazuh-indexer:wazuh-indexer $CERT_DIR + +if [ $? -eq 0 ]; then + echo "Certificates configured successfully." +else + echo "Error configuring certificates." +fi diff --git a/test-tools/scripts/03_check_service.sh b/test-tools/scripts/03_check_service.sh new file mode 100644 index 0000000000000..6951f969aa90b --- /dev/null +++ b/test-tools/scripts/03_check_service.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +# SPDX-License-Identifier: Apache-2.0 +# The OpenSearch Contributors require contributions made to +# this file be licensed under the Apache-2.0 license or a +# compatible open source license. + +# Function to check the status of the wazuh-indexer service +check_service_is_running() { + systemctl is-active --quiet wazuh-indexer + if [ $? -eq 0 ]; then + echo "wazuh-indexer service is running." + else + echo "Error: wazuh-indexer service is not running." >&2 + exit 1 + fi +} + +# Start wazuh-indexer service +echo "Starting wazuh-indexer service..." +systemctl daemon-reload +systemctl enable wazuh-indexer +systemctl start wazuh-indexer + +# Check if the service is running +check_service_is_running + +# Stop wazuh-indexer service +echo "Stopping wazuh-indexer service..." +systemctl stop wazuh-indexer + +# Check if the service is stopped +systemctl is-active --quiet wazuh-indexer +if [ $? -ne 0 ]; then + echo "wazuh-indexer service stopped successfully." +else + echo "Error: Failed to stop wazuh-indexer service." >&2 + exit 1 +fi + +# Restart wazuh-indexer service +echo "Restarting wazuh-indexer service..." +systemctl restart wazuh-indexer + +# Check if the service is running after restart +check_service_is_running diff --git a/test-tools/scripts/04_cluster_initialization.sh b/test-tools/scripts/04_cluster_initialization.sh new file mode 100644 index 0000000000000..9a8aa0efd9da8 --- /dev/null +++ b/test-tools/scripts/04_cluster_initialization.sh @@ -0,0 +1,74 @@ +#!/bin/bash + +# SPDX-License-Identifier: Apache-2.0 +# The OpenSearch Contributors require contributions made to +# this file be licensed under the Apache-2.0 license or a +# compatible open source license. + +# Function to display usage help +usage() { + echo + echo "Usage: $0 " + echo + echo "Parameters:" + echo " CLUSTER_IP IP address of the cluster (default: localhost)" + echo " USER Username for authentication (default: admin)" + echo " PASSWORD Password for authentication (default: admin)" + echo + exit 1 +} + +# Check if curl and jq are installed +if ! command -v curl &> /dev/null || ! command -v jq &> /dev/null; then + echo "Error: curl and jq must be installed." + exit 1 +fi + +# Assigning variables +CLUSTER_IP=${1:-"localhost"} +USER=${2:-"admin"} +PASSWORD=${3:-"admin"} + +# Initialize cluster +echo "Initializing wazuh-indexer cluster..." +bash /usr/share/wazuh-indexer/bin/indexer-security-init.sh &> /dev/null + +# Check if the initialization was successful +if [ $? -ne 0 ]; then + echo "Error: Failed to initialize cluster." + exit 1 +fi + +# Check the Wazuh indexer status +echo "Checking cluster status..." +RESPONSE=$(curl -s -k -u $USER:$PASSWORD https://$CLUSTER_IP:9200) + +# Check if the request was successful +if [ $? -ne 0 ]; then + echo "Error: Failed to connect to cluster." + exit 1 +fi + +# Parse and print the response +INDEXER_NAME=$(echo $RESPONSE | jq -r '.name') +CLUSTER_NAME=$(echo $RESPONSE | jq -r '.cluster_name') +VERSION_NUMBER=$(echo $RESPONSE | jq -r '.version.number') + +echo "Indexer Status:" +echo " Node Name: $INDEXER_NAME" +echo " Cluster Name: $CLUSTER_NAME" +echo " Version Number: $VERSION_NUMBER" + +# Verify the Wazuh indexer nodes +echo "Verifying the Wazuh indexer nodes..." +NODES_RESPONSE=$(curl -s -k -u $USER:$PASSWORD https://$CLUSTER_IP:9200/_cat/nodes?v) + +if [ $? -ne 0 ]; then + echo "Error: Failed to retrieve Wazuh indexer nodes." + exit 1 +fi + +echo "Nodes:" +echo "$NODES_RESPONSE" + +echo "Initialization completed successfully." diff --git a/test-tools/scripts/05_check_plugins.sh b/test-tools/scripts/05_check_plugins.sh new file mode 100644 index 0000000000000..653fb0d4b634d --- /dev/null +++ b/test-tools/scripts/05_check_plugins.sh @@ -0,0 +1,79 @@ +#!/bin/bash + +# SPDX-License-Identifier: Apache-2.0 +# The OpenSearch Contributors require contributions made to +# this file be licensed under the Apache-2.0 license or a +# compatible open source license. + +# Function to display usage help +usage() { + echo + echo "Usage: $0 [...]" + echo + echo "Parameters:" + echo " CLUSTER_IP IP address of the cluster (default: localhost)" + echo " USER Username for authentication (default: admin)" + echo " PASSWORD Password for authentication (default: admin)" + echo " NODE_1 Name of the first node" + echo " NODE_2 Name of the second node (add more as needed)" + echo + exit 1 +} + +# Check if curl and jq are installed +if ! command -v curl &> /dev/null || ! command -v jq &> /dev/null; then + echo "Error: curl and jq must be installed." + exit 1 +fi + +# Check if at least four arguments are provided +if [ "$#" -lt 4 ]; then + usage +fi + +# Assigning variables +CLUSTER_IP=${1:-"localhost"} +USER=${2:-"admin"} +PASSWORD=${3:-"admin"} +NODES=${@:4} # List of nodes passed as arguments starting from the 4th + +# Check the installed plugins on each node +REQUIRED_PLUGINS=("wazuh-indexer-command-manager" "wazuh-indexer-setup") +ALL_MISSING_PLUGINS=() + +echo "Checking installed plugins on Wazuh indexer nodes..." + +for NODE in $NODES; do + echo "Checking node $NODE..." + RESPONSE=$(curl -s -k -u $USER:$PASSWORD https://$CLUSTER_IP:9200/_cat/plugins?v | grep $NODE) + + # Check if the request was successful + if [ $? -ne 0 ]; then + echo "Error: Failed to connect to Wazuh indexer." + exit 1 + fi + + MISSING_PLUGINS=() + for PLUGIN in "${REQUIRED_PLUGINS[@]}"; do + if echo "$RESPONSE" | grep -q "$PLUGIN"; then + echo " $PLUGIN is installed on $NODE." + else + MISSING_PLUGINS+=("$PLUGIN") + fi + done + + if [ ${#MISSING_PLUGINS[@]} -ne 0 ]; then + echo "Error: The following required plugins are missing on $NODE:" + for PLUGIN in "${MISSING_PLUGINS[@]}"; do + echo " $PLUGIN" + done + ALL_MISSING_PLUGINS+=("${MISSING_PLUGINS[@]}") + fi +done + +if [ ${#ALL_MISSING_PLUGINS[@]} -ne 0 ]; then + echo "Error: Some nodes are missing required plugins." + exit 1 +fi + +echo "All required plugins are installed on all nodes." diff --git a/test-tools/scripts/06_check_setup_plugin.sh b/test-tools/scripts/06_check_setup_plugin.sh new file mode 100644 index 0000000000000..e631fad6d5b0a --- /dev/null +++ b/test-tools/scripts/06_check_setup_plugin.sh @@ -0,0 +1,116 @@ +#!/bin/bash + +# SPDX-License-Identifier: Apache-2.0 +# The OpenSearch Contributors require contributions made to +# this file be licensed under the Apache-2.0 license or a +# compatible open source license. + +# Function to display usage help +usage() { + echo + echo "Usage: $0 " + echo + echo "Parameters:" + echo " CLUSTER_IP (Optional) IP address of the cluster (default: localhost)" + echo " USER (Optional) Username for authentication (default: admin)" + echo " PASSWORD (Optional) Password for authentication (default: admin)" + echo + exit 1 +} + +# Check if curl and jq are installed +if ! command -v curl &> /dev/null || ! command -v jq &> /dev/null; then + echo "Error: curl and jq must be installed." + exit 1 +fi + +# Assigning variables +CLUSTER_IP=${1:-"localhost"} +USER=${2:-"admin"} +PASSWORD=${3:-"admin"} + +# List of expected items +EXPECTED_TEMPLATES=("vulnerabilities" "fim" "inventory-system" "inventory-packages" "inventory-processes" "alerts" "agent") + +# Fetch the templates +echo "Fetching templates from Wazuh indexer cluster..." +TEMPLATES_RESPONSE=$(curl -s -k -u $USER:$PASSWORD https://$CLUSTER_IP:9200/_cat/templates?v) +# Check if the request was successful +if [ $? -ne 0 ]; then + echo "Error: Failed to fetch templates." + exit 1 +fi + +# Validate the templates +MISSING_TEMPLATES=() +echo "Validating templates..." +for TEMPLATE in "${EXPECTED_TEMPLATES[@]}"; do + if echo "$TEMPLATES_RESPONSE" | grep -q "$TEMPLATE"; then + echo " Template $TEMPLATE is created." + else + MISSING_TEMPLATES+=("$TEMPLATE") + echo " Error: Template $TEMPLATE is missing." + fi +done + +if [ ${#MISSING_TEMPLATES[@]} -ne 0 ]; then + echo "Some templates are missing:" + for TEMPLATE in "${MISSING_TEMPLATES[@]}"; do + echo " $TEMPLATE" + done + exit 1 +fi + +echo "All templates are correctly created." +echo + +# Fetch the indices +echo "Fetching indices from Wazuh indexer cluster..." +INDICES_RESPONSE=$(curl -s -k -u $USER:$PASSWORD https://$CLUSTER_IP:9200/_cat/indices?v) +# Check if the request was successful +if [ $? -ne 0 ]; then + echo "Error: Failed to fetch indices." + exit 1 +fi + +# Fetch the protected indices +echo "Fetching protected indices from Wazuh indexer cluster..." +PROTECTED_RESPONSE=$(curl -s -k -u $USER:$PASSWORD https://$CLUSTER_IP:9200/_cat/indices/.*?v) +# Check if the request was successful +if [ $? -ne 0 ]; then + echo "Error: Failed to fetch indices." + exit 1 +fi + +# Validate index patterns +echo "Validating index patterns..." +INVALID_PATTERNS=() +while read -r line; do + TEMPLATE_NAME=$(echo $line | awk '{print $1}') + INDEX_PATTERN=$(echo $line | awk '{print $2}' | tr -d '[]') + + if [[ $INDEX_PATTERN == .* ]]; then + TO_MATCH=$PROTECTED_RESPONSE + else + TO_MATCH=$INDICES_RESPONSE + fi + + if echo "$TO_MATCH" | grep -q "$INDEX_PATTERN"; then + echo " Index pattern $INDEX_PATTERN is valid for template $TEMPLATE_NAME." + else + INVALID_PATTERNS+=("$INDEX_PATTERN") + echo " Error: Index pattern $INDEX_PATTERN not found in indices for template $TEMPLATE_NAME." + fi + # Check if index pattern ends with '*' + if [[ $INDEX_PATTERN != *\* ]]; then + echo " Warning: Index pattern $INDEX_PATTERN does not end with '*'." + INVALID_PATTERNS+=("$INDEX_PATTERN") + fi +done <<< "$(echo "$TEMPLATES_RESPONSE" | tail -n +2)" # Skip header line + +if [ ${#INVALID_PATTERNS[@]} -ne 0 ]; then + echo "Some index patterns were not found in the indices." + exit 1 +fi + +echo "All index patterns are valid." diff --git a/test-tools/scripts/07_check_command_manager_plugin.sh b/test-tools/scripts/07_check_command_manager_plugin.sh new file mode 100644 index 0000000000000..93fd8d8712a36 --- /dev/null +++ b/test-tools/scripts/07_check_command_manager_plugin.sh @@ -0,0 +1,82 @@ +#!/bin/bash +# SPDX-License-Identifier: Apache-2.0 +# The OpenSearch Contributors require contributions made to +# this file be licensed under the Apache-2.0 license or a +# compatible open source license. + +# Assigning variables +CLUSTER_IP=${1:-"localhost"} +USERNAME=${2:-"admin"} +PASSWORD=${3:-"admin"} + +# Check for curl command +if ! command -v curl &> /dev/null +then + echo "curl command could not be found" + exit +fi + +COMMANDS_INDEX=".commands" +SRC="Engine" +USR="TestUser" +TRG_ID="TestTarget" +ARG="/test/path/fake/args" +BODY="{ + \"source\": \"$SRC\", + \"user\": \"$USR\", + \"target\": { + \"id\": \"$TRG_ID\", + \"type\": \"agent\" + }, + \"action\": { + \"name\": \"restart\", + \"args\": [ + \"$ARG\" + ], + \"version\": \"v4\" + }, + \"timeout\": 30 +}" + +# Send the POST request +RESPONSE=$(curl -s -k -u $USERNAME:$PASSWORD -X POST https://$CLUSTER_IP:9200/_plugins/_command_manager/commands -H 'accept: */*' -H 'Content-Type: application/json' -d "$BODY") + +# Check if the request was successful +if [ $? -ne 0 ]; then + echo "Error: Failed to create command." + exit 1 +fi +echo "Command created successfully." + +# Fetch the indices +echo "Validating .commands index is created..." +INDICES_RESPONSE=$(curl -s -k -u $USERNAME:$PASSWORD https://$CLUSTER_IP:9200/_cat/indices/.*?v) +if [ $? -ne 0 ]; then + echo "Error: Failed to fetch indices." + exit 1 +fi +if echo "$INDICES_RESPONSE" | grep -q "$COMMANDS_INDEX"; then + echo "Index created correctly." +else + echo "Error: Index is not created." + exit 1 +fi + +echo "Validate the command is created" +# Validate the command was created +SEARCH_RESPONSE=$(curl -s -k -u $USERNAME:$PASSWORD https://$CLUSTER_IP:9200/.commands/_search) +# Check if the request was successful +if [ $? -ne 0 ]; then + echo "Error: Failed to search for the command." + exit 1 +fi + +# Extract and validate specific fields +COMMAND_FOUND=$(echo "$SEARCH_RESPONSE" | jq -r '.hits.hits[] | select(._source.command.source == "Engine" and ._source.command.user == "TestUser" and ._source.command.target.id == "TestTarget" and ._source.command.action.args[0] == "/test/path/fake/args")') + +if [ -n "$COMMAND_FOUND" ]; then + echo "Validation successful: The command was created and found in the search results." +else + echo "Error: The command was not found in the search results." + exit 1 +fi diff --git a/test-tools/scripts/08_check_uninstall.sh b/test-tools/scripts/08_check_uninstall.sh new file mode 100644 index 0000000000000..d2462f95ac011 --- /dev/null +++ b/test-tools/scripts/08_check_uninstall.sh @@ -0,0 +1,56 @@ +#!/bin/bash +# SPDX-License-Identifier: Apache-2.0 +# The OpenSearch Contributors require contributions made to +# this file be licensed under the Apache-2.0 license or a +# compatible open source license. + +# Detect package manager +if command -v apt-get &> /dev/null; then + PKG_MANAGER="apt-get" +elif command -v yum &> /dev/null; then + PKG_MANAGER="yum" +else + echo "Unsupported package manager. Please use a system with apt-get or yum." + exit 1 +fi + +# Uninstall Wazuh Indexer +echo "Uninstalling Wazuh Indexer..." +sudo systemctl stop wazuh-indexer > /dev/null 2>&1 +sudo systemctl disable wazuh-indexer > /dev/null 2>&1 + +if [ "$PKG_MANAGER" == "apt-get" ]; then + sudo apt-get remove --purge wazuh-indexer -y > /dev/null 2>&1 +elif [ "$PKG_MANAGER" == "yum" ]; then + sudo yum remove wazuh-indexer -y > /dev/null 2>&1 +fi + +# Validate removal +echo "Validating Wazuh Indexer removal..." + +# Check for remaining files and directories +if [ "$PKG_MANAGER" == "apt-get" ]; then + if dpkg -l | grep wazuh-indexer > /dev/null 2>&1; then + echo "Error: Wazuh Indexer packages still present." + exit 1 + else + echo "Wazuh Indexer packages removed." + fi +elif [ "$PKG_MANAGER" == "yum" ]; then + if rpm -qa | grep wazuh-indexer > /dev/null 2>&1; then + echo "Error: Wazuh Indexer packages still present." + exit 1 + else + echo "Wazuh Indexer packages removed." + fi +fi + +# Check for remaining services +if systemctl list-units --full -all | grep wazuh-indexer.service > /dev/null 2>&1; then + echo "Error: Wazuh Indexer service still present." + exit 1 +else + echo "Wazuh Indexer service removed." +fi + +echo "Wazuh Indexer uninstallation and validation completed successfully." From 11f2d2903770bd4e89bece6946c54356674a7342 Mon Sep 17 00:00:00 2001 From: quebim Date: Tue, 22 Oct 2024 16:53:03 -0300 Subject: [PATCH 02/24] Add validations for generated index-patterns --- test-tools/scripts/02_apply_certificates.sh | 2 +- test-tools/scripts/06_check_setup_plugin.sh | 50 ++++++++++++++------- 2 files changed, 34 insertions(+), 18 deletions(-) diff --git a/test-tools/scripts/02_apply_certificates.sh b/test-tools/scripts/02_apply_certificates.sh index ca13ee6293360..7119b64a00061 100644 --- a/test-tools/scripts/02_apply_certificates.sh +++ b/test-tools/scripts/02_apply_certificates.sh @@ -41,7 +41,7 @@ echo "Updating configuration..." sed -i "s/network\.host: \"0\.0\.0\.0\"/network.host: \"${CURRENT_NODE_IP}\"/" $CONFIG_FILE sed -i "s/node\.name: \"node-1\"/node.name: \"${CURRENT_NODE}\"/" $CONFIG_FILE sed -i "s/#discovery\.seed_hosts:/discovery.seed_hosts:\n - \"${CURRENT_NODE_IP}\"\n - \"${SECOND_NODE_IP}\"/" $CONFIG_FILE -sed -i "s/cluster\.initial_master_nodes:\n-\"node-1\"/cluster.initial_master_nodes:\n- ${CURRENT_NODE}\n- ${SECOND_NODE}/" $CONFIG_FILE +sed -i "/cluster\.initial_master_nodes:/!b;n;c- ${CURRENT_NODE}\n- ${SECOND_NODE}" $CONFIG_FILE sed -i ':a;N;$!ba;s/plugins\.security\.nodes_dn:\n- "CN=node-1,OU=Wazuh,O=Wazuh,L=California,C=US"/plugins.security.nodes_dn:\n- "CN='"${CURRENT_NODE}"',OU=Wazuh,O=Wazuh,L=California,C=US"\n- "CN='"${SECOND_NODE}"',OU=Wazuh,O=Wazuh,L=California,C=US"/' $CONFIG_FILE if [ $? -eq 0 ]; then diff --git a/test-tools/scripts/06_check_setup_plugin.sh b/test-tools/scripts/06_check_setup_plugin.sh index e631fad6d5b0a..3b84e1e8f312b 100644 --- a/test-tools/scripts/06_check_setup_plugin.sh +++ b/test-tools/scripts/06_check_setup_plugin.sh @@ -30,7 +30,8 @@ USER=${2:-"admin"} PASSWORD=${3:-"admin"} # List of expected items -EXPECTED_TEMPLATES=("vulnerabilities" "fim" "inventory-system" "inventory-packages" "inventory-processes" "alerts" "agent") +EXPECTED_TEMPLATES=("index-template-agent" "index-template-alerts" "index-template-fim" "index-template-packages" + "index-template-processes" "index-template-system" "index-template-vulnerabilities") # Fetch the templates echo "Fetching templates from Wazuh indexer cluster..." @@ -46,7 +47,17 @@ MISSING_TEMPLATES=() echo "Validating templates..." for TEMPLATE in "${EXPECTED_TEMPLATES[@]}"; do if echo "$TEMPLATES_RESPONSE" | grep -q "$TEMPLATE"; then - echo " Template $TEMPLATE is created." + # Fetch the template info to check for required fields + TEMPLATE_INFO=$(curl -s -k -u $USER:$PASSWORD https://$CLUSTER_IP:9200/_template/$TEMPLATE) + if ! echo "$TEMPLATE_INFO" | jq -e '.[] | .mappings.properties.agent.properties.id' > /dev/null; then + echo " Error: Template $TEMPLATE is missing required field 'agent.id'." + MISSING_TEMPLATES+=("$TEMPLATE") + elif ! echo "$TEMPLATE_INFO" | jq -e '.[] | .mappings.properties.agent.properties.groups' > /dev/null; then + echo " Error: Template $TEMPLATE is missing required field 'agent.groups'." + MISSING_TEMPLATES+=("$TEMPLATE") + else + echo " Template $TEMPLATE is created correctly." + fi else MISSING_TEMPLATES+=("$TEMPLATE") echo " Error: Template $TEMPLATE is missing." @@ -54,16 +65,16 @@ for TEMPLATE in "${EXPECTED_TEMPLATES[@]}"; do done if [ ${#MISSING_TEMPLATES[@]} -ne 0 ]; then - echo "Some templates are missing:" + echo "Some templates were not created correctly:" for TEMPLATE in "${MISSING_TEMPLATES[@]}"; do echo " $TEMPLATE" done - exit 1 + echo +else + echo "All templates are correctly created." + echo fi -echo "All templates are correctly created." -echo - # Fetch the indices echo "Fetching indices from Wazuh indexer cluster..." INDICES_RESPONSE=$(curl -s -k -u $USER:$PASSWORD https://$CLUSTER_IP:9200/_cat/indices?v) @@ -95,22 +106,27 @@ while read -r line; do TO_MATCH=$INDICES_RESPONSE fi + # Check if index pattern ends with '*' + if [[ $INDEX_PATTERN != *\* ]]; then + echo " Error: Index pattern $INDEX_PATTERN does not end with '*'." + INVALID_PATTERNS+=("$INDEX_PATTERN") + continue + fi + if echo "$TO_MATCH" | grep -q "$INDEX_PATTERN"; then - echo " Index pattern $INDEX_PATTERN is valid for template $TEMPLATE_NAME." + echo " Index pattern $INDEX_PATTERN is valid." else INVALID_PATTERNS+=("$INDEX_PATTERN") echo " Error: Index pattern $INDEX_PATTERN not found in indices for template $TEMPLATE_NAME." fi - # Check if index pattern ends with '*' - if [[ $INDEX_PATTERN != *\* ]]; then - echo " Warning: Index pattern $INDEX_PATTERN does not end with '*'." - INVALID_PATTERNS+=("$INDEX_PATTERN") - fi done <<< "$(echo "$TEMPLATES_RESPONSE" | tail -n +2)" # Skip header line if [ ${#INVALID_PATTERNS[@]} -ne 0 ]; then - echo "Some index patterns were not found in the indices." - exit 1 + echo "Errors on index-patterns detected:" + for PATTERN in "${INVALID_PATTERNS[@]}"; do + echo " $PATTERN" + done + echo +else + echo "Index-patterns validated successfully." fi - -echo "All index patterns are valid." From 5f75f031e9632b669b018ae2b0fdfcfbe827e45a Mon Sep 17 00:00:00 2001 From: quebim Date: Wed, 23 Oct 2024 00:17:54 -0300 Subject: [PATCH 03/24] Update scripts to support debian ARM --- test-tools/scripts/00_check_package_built.sh | 1 + test-tools/scripts/01_check_installation.sh | 1 + 2 files changed, 2 insertions(+) diff --git a/test-tools/scripts/00_check_package_built.sh b/test-tools/scripts/00_check_package_built.sh index 5f09d690f7c35..95b6400e5838c 100644 --- a/test-tools/scripts/00_check_package_built.sh +++ b/test-tools/scripts/00_check_package_built.sh @@ -40,6 +40,7 @@ case "$OS" in "ubuntu" | "debian") PKG_FORMAT="deb" [ "$ARCH" == "x86_64" ] && ARCH="amd64" + [ "$ARCH" == "aarch64" ] && ARCH="arm64" PKG_NAME="wazuh-indexer_${PKG_VERSION}-${PKG_REVISION}_${ARCH}.${PKG_FORMAT}" ;; "centos" | "fedora" | "rhel" | "red hat enterprise linux") diff --git a/test-tools/scripts/01_check_installation.sh b/test-tools/scripts/01_check_installation.sh index 0dbf78edf1e15..338398ae6f434 100644 --- a/test-tools/scripts/01_check_installation.sh +++ b/test-tools/scripts/01_check_installation.sh @@ -58,6 +58,7 @@ case "$OS" in "ubuntu" | "debian") PKG_FORMAT="deb" [ "$ARCH" == "x86_64" ] && ARCH="amd64" + [ "$ARCH" == "aarch64" ] && ARCH="arm64" # Construct package name PKG_NAME="wazuh-indexer_${PKG_VERSION}-${PKG_REVISION}_${ARCH}.${PKG_FORMAT}" ;; From 1dcd7d3bd6c3750e641be6377fb74f64f94acf1a Mon Sep 17 00:00:00 2001 From: quebim Date: Wed, 23 Oct 2024 12:24:50 -0300 Subject: [PATCH 04/24] Update validations scripts to be able to use the generated package name --- test-tools/scripts/00_check_package_built.sh | 93 ++++++++++++-------- test-tools/scripts/01_check_installation.sh | 86 ++++++++++-------- 2 files changed, 107 insertions(+), 72 deletions(-) diff --git a/test-tools/scripts/00_check_package_built.sh b/test-tools/scripts/00_check_package_built.sh index 95b6400e5838c..45d9c16ae8ebf 100644 --- a/test-tools/scripts/00_check_package_built.sh +++ b/test-tools/scripts/00_check_package_built.sh @@ -1,61 +1,82 @@ #!/bin/bash -## SPDX-License-Identifier: Apache-2.0 -## The OpenSearch Contributors require contributions made to +# SPDX-License-Identifier: Apache-2.0 +# The OpenSearch Contributors require contributions made to # this file be licensed under the Apache-2.0 license or a # compatible open source license. +# Default package revision +PKG_REVISION="0" + # Check if the necessary arguments are provided -if [ "$#" -ne 2 ]; then - echo "Usage: $0 <(Optional)PKG_REVISION>" +if [ "$#" -lt 1 ]; then + echo "Usage: $0 [-v ] [-r ] [-n ]" echo echo "Parameters:" echo " RUN_ID The GHA workflow execution ID." - echo " PKG_VERSION The version of the wazuh-indexer package." - echo " PKG_REVISION (Optional) The revision of the package. Defaults to 'test' if not provided." + echo " -v (Optional) The version of the wazuh-indexer package." + echo " -r (Optional) The revision of the package. Defaults to '0' if not provided." + echo " -n (Optional) The package name. If not provided, it will be configured based on version and revision." echo echo "Please ensure you have the GITHUB_TOKEN environment variable set to access the GitHub repository." - echo exit 1 fi RUN_ID=$1 -PKG_VERSION=$2 -PKG_REVISION=${3:-"0"} -REPO="wazuh/wazuh-indexer" -URL="https://api.github.com/repos/$REPO/actions/artifacts" +shift -# Detect OS and architecture -if [ -f /etc/os-release ]; then - . /etc/os-release - OS=$(echo $NAME | tr '[:upper:]' '[:lower:]') -else - echo "Unsupported OS." +while getopts v:r:n: flag +do + case "${flag}" in + v) PKG_VERSION=${OPTARG};; + r) PKG_REVISION=${OPTARG};; + n) PKG_NAME=${OPTARG};; + *) + echo "Usage: $0 [-v ] [-r ] [-n ]" + exit 1 + ;; + esac +done + +# Validate GITHUB_TOKEN environment variable +if [ -z "$GITHUB_TOKEN" ]; then + echo "Please ensure you have the GITHUB_TOKEN environment variable set to access the GitHub repository." exit 1 fi -ARCH=$(uname -m) -# Determine package type -case "$OS" in - "ubuntu" | "debian") - PKG_FORMAT="deb" - [ "$ARCH" == "x86_64" ] && ARCH="amd64" - [ "$ARCH" == "aarch64" ] && ARCH="arm64" - PKG_NAME="wazuh-indexer_${PKG_VERSION}-${PKG_REVISION}_${ARCH}.${PKG_FORMAT}" - ;; - "centos" | "fedora" | "rhel" | "red hat enterprise linux") - PKG_FORMAT="rpm" - PKG_NAME="wazuh-indexer-${PKG_VERSION}-${PKG_REVISION}.${ARCH}.${PKG_FORMAT}" - ;; - *) - echo "Unsupported OS. ${OS}" - exit 1 - ;; -esac +# Ensure either PKG_NAME or both PKG_VERSION and PKG_REVISION are provided +if [ -z "$PKG_NAME" ] && { [ -z "$PKG_VERSION" ] || [ -z "$PKG_REVISION" ]; }; then + echo "Error: Either a package name (-n) or both a version (-v) and revision (-r) must be provided." + exit 1 +fi + +REPO="wazuh/wazuh-indexer" +URL="https://api.github.com/repos/$REPO/actions/artifacts" + +# Determine package type if PKG_NAME is not provided +if [ -z "$PKG_NAME" ]; then + ARCH=$(uname -m) + case "$(uname -n)" in + "ubuntu" | "debian") + PKG_FORMAT="deb" + [ "$ARCH" == "x86_64" ] && ARCH="amd64" + [ "$ARCH" == "aarch64" ] && ARCH="arm64" + PKG_NAME="wazuh-indexer_${PKG_VERSION}-${PKG_REVISION}_${ARCH}.${PKG_FORMAT}" + ;; + "centos" | "fedora" | "rhel" | "red hat enterprise linux") + PKG_FORMAT="rpm" + PKG_NAME="wazuh-indexer-${PKG_VERSION}-${PKG_REVISION}.${ARCH}.${PKG_FORMAT}" + ;; + *) + echo "Unsupported OS. ${OS}" + exit 1 + ;; + esac +fi # Fetch the list of artifacts echo "Fetching artifacts list..." -RESPONSE=$(curl -s -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $GITHUB_TOKEN" -H "X-GitHub-Api-Version: 2022-11-28" $URL?name=$PKG_NAME) +RESPONSE=$(curl -s -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $GITHUB_TOKEN" -H "X-GitHub-Api-Version: 2022-11-28" "$URL?name=$PKG_NAME") # Check if the curl command was successful if [ $? -ne 0 ]; then diff --git a/test-tools/scripts/01_check_installation.sh b/test-tools/scripts/01_check_installation.sh index 338398ae6f434..b30a7208a6d14 100644 --- a/test-tools/scripts/01_check_installation.sh +++ b/test-tools/scripts/01_check_installation.sh @@ -1,5 +1,4 @@ #!/bin/bash - # SPDX-License-Identifier: Apache-2.0 # The OpenSearch Contributors require contributions made to # this file be licensed under the Apache-2.0 license or a @@ -7,39 +6,51 @@ # Usage function to display help usage() { - echo "Usage: $0 <(Optional)PKG_REVISION>" + echo "Usage: $0 [-v ] [-r ] [-n ]" echo echo "Parameters:" echo " ARTIFACT_ID The unique ID of the GHA artifact." - echo " PKG_VERSION The version of the wazuh-indexer package." - echo " PKG_REVISION (Optional) The revision of the package. Defaults to 'test' if not provided." + echo " -v (Optional) The version of the wazuh-indexer package." + echo " -r (Optional) The revision of the package. Defaults to '0' if not provided." + echo " -n (Optional) The package name." echo echo "Please ensure you have the GITHUB_TOKEN environment variable set to access the GitHub repository." - echo exit 1 } -# Check if GITHUB_TOKEN env var is set +# Check if ARTIFACT_ID is provided if [ -z "$1" ]; then - echo "Error: Environment variable GITHUB_TOKEN is not configured." + echo "Error: ARTIFACT_ID not provided." usage fi -# Check if ARTIFACT_ID is provided -if [ -z "$1" ]; then - echo "Error: ARTIFACT_ID not provided." +ARTIFACT_ID=$1 +shift + +while getopts v:r:n: flag +do + case "${flag}" in + v) PKG_VERSION=${OPTARG};; + r) PKG_REVISION=${OPTARG};; + n) PKG_NAME=${OPTARG};; + *) + usage + ;; + esac +done + +# Validate GITHUB_TOKEN environment variable +if [ -z "$GITHUB_TOKEN" ]; then + echo "Error: Environment variable GITHUB_TOKEN is not configured." usage fi -# Check if PKG_VERSION is provided -if [ -z "$2" ]; then - echo "Error: PKG_VERSION not provided." +# Ensure either PKG_NAME or both PKG_VERSION and PKG_REVISION are provided +if [ -z "$PKG_NAME" ] && { [ -z "$PKG_VERSION" ] || [ -z "$PKG_REVISION" ]; }; then + echo "Error: Either a package name (-n) or both a version (-v) and revision (-r) must be provided." usage fi -ARTIFACT_ID=$1 -PKG_VERSION=$2 -PKG_REVISION=${3:-"0"} REPO="wazuh/wazuh-indexer" URL="https://api.github.com/repos/${REPO}/actions/artifacts/${ARTIFACT_ID}/zip" @@ -52,26 +63,26 @@ else exit 1 fi -ARCH=$(uname -m) -# Determine package type -case "$OS" in - "ubuntu" | "debian") - PKG_FORMAT="deb" - [ "$ARCH" == "x86_64" ] && ARCH="amd64" - [ "$ARCH" == "aarch64" ] && ARCH="arm64" - # Construct package name - PKG_NAME="wazuh-indexer_${PKG_VERSION}-${PKG_REVISION}_${ARCH}.${PKG_FORMAT}" - ;; - "centos" | "fedora" | "rhel" | "red hat enterprise linux") - PKG_FORMAT="rpm" - # Construct package name - PKG_NAME="wazuh-indexer-${PKG_VERSION}-${PKG_REVISION}.${ARCH}.${PKG_FORMAT}" - ;; - *) - echo "Unsupported OS." - exit 1 - ;; -esac +# Determine package type if PKG_NAME is not provided +if [ -z "$PKG_NAME" ]; then + ARCH=$(uname -m) + case "$(uname -n)" in + "ubuntu" | "debian") + PKG_FORMAT="deb" + [ "$ARCH" == "x86_64" ] && ARCH="amd64" + [ "$ARCH" == "aarch64" ] && ARCH="arm64" + PKG_NAME="wazuh-indexer_${PKG_VERSION}-${PKG_REVISION}_${ARCH}.${PKG_FORMAT}" + ;; + "centos" | "fedora" | "rhel" | "red hat enterprise linux") + PKG_FORMAT="rpm" + PKG_NAME="wazuh-indexer-${PKG_VERSION}-${PKG_REVISION}.${ARCH}.${PKG_FORMAT}" + ;; + *) + echo "Unsupported OS." + exit 1 + ;; + esac +fi # Download the package echo "Downloading wazuh-indexer package from GitHub artifactory..." @@ -80,6 +91,7 @@ curl -L -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ $URL -o package.zip > /dev/null 2>&1 + if [ $? -ne 0 ]; then echo "Error downloading package." exit 1 @@ -90,6 +102,7 @@ echo "Package downloaded successfully" echo "Decompressing wazuh-indexer package..." unzip ./package.zip rm package.zip + if [ $? -ne 0 ]; then echo "Error unzipping package." exit 1 @@ -106,6 +119,7 @@ case "$PKG_FORMAT" in sudo rpm -i $PKG_NAME ;; esac + if [ $? -ne 0 ]; then echo "Error installing package." exit 1 From 0a535b5b9a31ff012b97450863f03a86fe763667 Mon Sep 17 00:00:00 2001 From: quebim Date: Wed, 23 Oct 2024 14:16:20 -0300 Subject: [PATCH 05/24] Add argument to define certificates path --- test-tools/scripts/01_check_installation.sh | 41 +++++++++------------ test-tools/scripts/02_apply_certificates.sh | 14 ++++--- 2 files changed, 25 insertions(+), 30 deletions(-) diff --git a/test-tools/scripts/01_check_installation.sh b/test-tools/scripts/01_check_installation.sh index b30a7208a6d14..6a4ca36318f42 100644 --- a/test-tools/scripts/01_check_installation.sh +++ b/test-tools/scripts/01_check_installation.sh @@ -54,35 +54,28 @@ fi REPO="wazuh/wazuh-indexer" URL="https://api.github.com/repos/${REPO}/actions/artifacts/${ARTIFACT_ID}/zip" -# Detect OS and architecture -if [ -f /etc/os-release ]; then - . /etc/os-release - OS=$(echo $NAME | tr '[:upper:]' '[:lower:]') -else - echo "Unsupported OS." - exit 1 -fi - # Determine package type if PKG_NAME is not provided -if [ -z "$PKG_NAME" ]; then - ARCH=$(uname -m) - case "$(uname -n)" in - "ubuntu" | "debian") - PKG_FORMAT="deb" +ARCH=$(uname -m) +case "$(uname -n)" in + "ubuntu" | "debian") + PKG_FORMAT="deb" + if [ -z "$PKG_NAME" ]; then [ "$ARCH" == "x86_64" ] && ARCH="amd64" [ "$ARCH" == "aarch64" ] && ARCH="arm64" PKG_NAME="wazuh-indexer_${PKG_VERSION}-${PKG_REVISION}_${ARCH}.${PKG_FORMAT}" - ;; - "centos" | "fedora" | "rhel" | "red hat enterprise linux") - PKG_FORMAT="rpm" + fi + ;; + "centos" | "fedora" | "rhel" | "red hat enterprise linux") + PKG_FORMAT="rpm" + if [ -z "$PKG_NAME" ]; then PKG_NAME="wazuh-indexer-${PKG_VERSION}-${PKG_REVISION}.${ARCH}.${PKG_FORMAT}" - ;; - *) - echo "Unsupported OS." - exit 1 - ;; - esac -fi + fi + ;; + *) + echo "Unsupported OS." + exit 1 + ;; +esac # Download the package echo "Downloading wazuh-indexer package from GitHub artifactory..." diff --git a/test-tools/scripts/02_apply_certificates.sh b/test-tools/scripts/02_apply_certificates.sh index 7119b64a00061..425a9de963178 100644 --- a/test-tools/scripts/02_apply_certificates.sh +++ b/test-tools/scripts/02_apply_certificates.sh @@ -8,9 +8,10 @@ # Function to display usage help usage() { echo - echo "Usage: $0 <(Optional)CURRENT_NODE_IP> <(Optional)SECOND_NODE_IP>" + echo "Usage: $0 <(Optional)CURRENT_NODE_IP> <(Optional)SECOND_NODE_IP>" echo echo "Parameters:" + echo " PATH_TO_CERTS Path to the generated wazuh certificates tar" echo " CURRENT_NODE Name of the current node" echo " SECOND_NODE Name of the second node" echo " CURRENT_NODE_IP IP address of the current node (optional, defaults to CURRENT_NODE)" @@ -25,10 +26,11 @@ if [ $# -lt 2 ]; then fi # Assigning variables -CURRENT_NODE=$1 -SECOND_NODE=$2 -CURRENT_NODE_IP=${3:-$CURRENT_NODE} -SECOND_NODE_IP=${4:-$SECOND_NODE} +PATH_TO_CERTS=$1 +CURRENT_NODE=$2 +SECOND_NODE=$3 +CURRENT_NODE_IP=${4:-$CURRENT_NODE} +SECOND_NODE_IP=${5:-$SECOND_NODE} CONFIG_FILE="/etc/wazuh-indexer/opensearch.yml" BACKUP_FILE="./opensearch.yml.bak" @@ -56,7 +58,7 @@ CERT_DIR="/etc/wazuh-indexer/certs" # Extract certificates echo "Creating certificates directory and extracting certificates..." mkdir -p $CERT_DIR -tar -xf ./wazuh-certificates.tar -C $CERT_DIR ./$CURRENT_NODE.pem ./$CURRENT_NODE-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem +tar -xf $PATH_TO_CERTS -C $CERT_DIR ./$CURRENT_NODE.pem ./$CURRENT_NODE-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem if [ $? -ne 0 ]; then echo "Error extracting certificates." From bfdfc7db6947fec146980592f2ed438eb059f515 Mon Sep 17 00:00:00 2001 From: quebim Date: Wed, 23 Oct 2024 16:08:32 -0300 Subject: [PATCH 06/24] Update OS detection on scripts --- test-tools/scripts/00_check_package_built.sh | 11 ++++++++++- test-tools/scripts/01_check_installation.sh | 11 ++++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/test-tools/scripts/00_check_package_built.sh b/test-tools/scripts/00_check_package_built.sh index 45d9c16ae8ebf..7c6486310f541 100644 --- a/test-tools/scripts/00_check_package_built.sh +++ b/test-tools/scripts/00_check_package_built.sh @@ -53,10 +53,19 @@ fi REPO="wazuh/wazuh-indexer" URL="https://api.github.com/repos/$REPO/actions/artifacts" +# Detect OS and architecture +if [ -f /etc/os-release ]; then + . /etc/os-release + OS=$(echo $NAME | tr '[:upper:]' '[:lower:]') +else + echo "Unsupported OS." + exit 1 +fi + # Determine package type if PKG_NAME is not provided if [ -z "$PKG_NAME" ]; then ARCH=$(uname -m) - case "$(uname -n)" in + case "$OS" in "ubuntu" | "debian") PKG_FORMAT="deb" [ "$ARCH" == "x86_64" ] && ARCH="amd64" diff --git a/test-tools/scripts/01_check_installation.sh b/test-tools/scripts/01_check_installation.sh index 6a4ca36318f42..b9e7af61bef0b 100644 --- a/test-tools/scripts/01_check_installation.sh +++ b/test-tools/scripts/01_check_installation.sh @@ -54,9 +54,18 @@ fi REPO="wazuh/wazuh-indexer" URL="https://api.github.com/repos/${REPO}/actions/artifacts/${ARTIFACT_ID}/zip" +# Detect OS and architecture +if [ -f /etc/os-release ]; then + . /etc/os-release + OS=$(echo $NAME | tr '[:upper:]' '[:lower:]') +else + echo "Unsupported OS." + exit 1 +fi + # Determine package type if PKG_NAME is not provided ARCH=$(uname -m) -case "$(uname -n)" in +case "$OS" in "ubuntu" | "debian") PKG_FORMAT="deb" if [ -z "$PKG_NAME" ]; then From d00e12ce776da205f62035d1b627fbe431f7fe00 Mon Sep 17 00:00:00 2001 From: quebim Date: Wed, 23 Oct 2024 17:35:41 -0300 Subject: [PATCH 07/24] Add dependencies validations --- test-tools/Vagrantfile | 2 +- test-tools/scripts/00_check_package_built.sh | 6 ++++++ test-tools/scripts/01_check_installation.sh | 6 ++++++ test-tools/scripts/02_apply_certificates.sh | 1 + 4 files changed, 14 insertions(+), 1 deletion(-) diff --git a/test-tools/Vagrantfile b/test-tools/Vagrantfile index dbbeb02976274..c7504bedeb62e 100644 --- a/test-tools/Vagrantfile +++ b/test-tools/Vagrantfile @@ -7,7 +7,7 @@ system(" Vagrant.configure("2") do |config| config.vm.define "indexer_1" do |indexer_1| - indexer_1.vm.box = "generic/rhel9" + indexer_1.vm.box = "generic/alma9" indexer_1.vm.synced_folder ".", "/vagrant" indexer_1.vm.network "private_network", ip: "192.168.56.10" indexer_1.vm.hostname = "node-1" diff --git a/test-tools/scripts/00_check_package_built.sh b/test-tools/scripts/00_check_package_built.sh index 7c6486310f541..e0f1c1f85cbb2 100644 --- a/test-tools/scripts/00_check_package_built.sh +++ b/test-tools/scripts/00_check_package_built.sh @@ -22,6 +22,12 @@ if [ "$#" -lt 1 ]; then exit 1 fi +# Check if curl are installed +if ! command -v curl &> /dev/null; then + echo "Error: curl must be installed." + exit 1 +fi + RUN_ID=$1 shift diff --git a/test-tools/scripts/01_check_installation.sh b/test-tools/scripts/01_check_installation.sh index b9e7af61bef0b..9511442214b35 100644 --- a/test-tools/scripts/01_check_installation.sh +++ b/test-tools/scripts/01_check_installation.sh @@ -24,6 +24,12 @@ if [ -z "$1" ]; then usage fi +# Check if curl and unzip are installed +if ! command -v curl &> /dev/null || ! command -v unzip &> /dev/null; then + echo "Error: curl and unzip must be installed." + exit 1 +fi + ARTIFACT_ID=$1 shift diff --git a/test-tools/scripts/02_apply_certificates.sh b/test-tools/scripts/02_apply_certificates.sh index 425a9de963178..952ddf6278921 100644 --- a/test-tools/scripts/02_apply_certificates.sh +++ b/test-tools/scripts/02_apply_certificates.sh @@ -25,6 +25,7 @@ if [ $# -lt 2 ]; then usage fi + # Assigning variables PATH_TO_CERTS=$1 CURRENT_NODE=$2 From 2935bfefb126aeffaaa53d9a0bcd2b50dfd96418 Mon Sep 17 00:00:00 2001 From: quebim Date: Wed, 23 Oct 2024 23:17:10 -0300 Subject: [PATCH 08/24] Add usage description to each script and a simple README --- ...built.sh => 00_search_package_artifact.sh} | 60 +++++++-------- ....sh => 01_download_and_install_package.sh} | 64 ++++++++------- test-tools/scripts/02_apply_certificates.sh | 57 +++++++++----- test-tools/scripts/03_check_service.sh | 46 ----------- .../scripts/03_manage_indexer_service.sh | 77 +++++++++++++++++++ ...ialization.sh => 04_initialize_cluster.sh} | 31 +++++--- ...ns.sh => 05_validate_installed_plugins.sh} | 49 +++++++----- ...k_setup_plugin.sh => 06_validate_setup.sh} | 29 ++++--- ...ugin.sh => 07_validate_command_manager.sh} | 48 ++++++++---- ...k_uninstall.sh => 08_uninstall_indexer.sh} | 18 +++++ test-tools/scripts/README.md | 49 ++++++++++++ 11 files changed, 345 insertions(+), 183 deletions(-) rename test-tools/scripts/{00_check_package_built.sh => 00_search_package_artifact.sh} (67%) rename test-tools/scripts/{01_check_installation.sh => 01_download_and_install_package.sh} (65%) delete mode 100644 test-tools/scripts/03_check_service.sh create mode 100644 test-tools/scripts/03_manage_indexer_service.sh rename test-tools/scripts/{04_cluster_initialization.sh => 04_initialize_cluster.sh} (70%) rename test-tools/scripts/{05_check_plugins.sh => 05_validate_installed_plugins.sh} (61%) rename test-tools/scripts/{06_check_setup_plugin.sh => 06_validate_setup.sh} (85%) rename test-tools/scripts/{07_check_command_manager_plugin.sh => 07_validate_command_manager.sh} (60%) rename test-tools/scripts/{08_check_uninstall.sh => 08_uninstall_indexer.sh} (83%) create mode 100644 test-tools/scripts/README.md diff --git a/test-tools/scripts/00_check_package_built.sh b/test-tools/scripts/00_search_package_artifact.sh similarity index 67% rename from test-tools/scripts/00_check_package_built.sh rename to test-tools/scripts/00_search_package_artifact.sh index e0f1c1f85cbb2..e03b2fb5ffd04 100644 --- a/test-tools/scripts/00_check_package_built.sh +++ b/test-tools/scripts/00_search_package_artifact.sh @@ -8,42 +8,42 @@ # Default package revision PKG_REVISION="0" -# Check if the necessary arguments are provided -if [ "$#" -lt 1 ]; then - echo "Usage: $0 [-v ] [-r ] [-n ]" +# Function to display usage help +usage() { + echo "Usage: $0 --run-id [-v ] [-r ] [-n ]" echo echo "Parameters:" - echo " RUN_ID The GHA workflow execution ID." - echo " -v (Optional) The version of the wazuh-indexer package." - echo " -r (Optional) The revision of the package. Defaults to '0' if not provided." - echo " -n (Optional) The package name. If not provided, it will be configured based on version and revision." + echo " -id, --run-id The GHA workflow execution ID." + echo " -v, --version (Optional) The version of the wazuh-indexer package." + echo " -r, --revision (Optional) The revision of the package. Defaults to '0' if not provided." + echo " -n, --name (Optional) The package name. If not provided, it will be configured based on version and revision." echo echo "Please ensure you have the GITHUB_TOKEN environment variable set to access the GitHub repository." exit 1 -fi - -# Check if curl are installed -if ! command -v curl &> /dev/null; then - echo "Error: curl must be installed." - exit 1 -fi +} -RUN_ID=$1 -shift +# Default package revision +PKG_REVISION="0" -while getopts v:r:n: flag -do - case "${flag}" in - v) PKG_VERSION=${OPTARG};; - r) PKG_REVISION=${OPTARG};; - n) PKG_NAME=${OPTARG};; - *) - echo "Usage: $0 [-v ] [-r ] [-n ]" - exit 1 - ;; +# Parse named parameters +while [[ "$#" -gt 0 ]]; do + case $1 in + --run-id|-id) RUN_ID="$2"; shift ;; + --version|-v) PKG_VERSION="$2"; shift ;; + --revision|-r) PKG_REVISION="$2"; shift ;; + --name|-n) PKG_NAME="$2"; shift ;; + -h|--help) usage ;; + *) echo "Unknown parameter passed: $1"; usage ;; esac + shift done +# Check if RUN_ID is provided +if [ -z "$RUN_ID" ]; then + echo "Error: RUN_ID is required." + usage +fi + # Validate GITHUB_TOKEN environment variable if [ -z "$GITHUB_TOKEN" ]; then echo "Please ensure you have the GITHUB_TOKEN environment variable set to access the GitHub repository." @@ -52,8 +52,8 @@ fi # Ensure either PKG_NAME or both PKG_VERSION and PKG_REVISION are provided if [ -z "$PKG_NAME" ] && { [ -z "$PKG_VERSION" ] || [ -z "$PKG_REVISION" ]; }; then - echo "Error: Either a package name (-n) or both a version (-v) and revision (-r) must be provided." - exit 1 + echo "Error: Either a package name (--name) or both a version (--version) and revision (--revision) must be provided." + usage fi REPO="wazuh/wazuh-indexer" @@ -72,13 +72,13 @@ fi if [ -z "$PKG_NAME" ]; then ARCH=$(uname -m) case "$OS" in - "ubuntu" | "debian") + *ubuntu* | *debian*) PKG_FORMAT="deb" [ "$ARCH" == "x86_64" ] && ARCH="amd64" [ "$ARCH" == "aarch64" ] && ARCH="arm64" PKG_NAME="wazuh-indexer_${PKG_VERSION}-${PKG_REVISION}_${ARCH}.${PKG_FORMAT}" ;; - "centos" | "fedora" | "rhel" | "red hat enterprise linux") + *centos* | *fedora* | *rhel* | *"red hat"* | *alma*) PKG_FORMAT="rpm" PKG_NAME="wazuh-indexer-${PKG_VERSION}-${PKG_REVISION}.${ARCH}.${PKG_FORMAT}" ;; diff --git a/test-tools/scripts/01_check_installation.sh b/test-tools/scripts/01_download_and_install_package.sh similarity index 65% rename from test-tools/scripts/01_check_installation.sh rename to test-tools/scripts/01_download_and_install_package.sh index 9511442214b35..783b50c9e8fd2 100644 --- a/test-tools/scripts/01_check_installation.sh +++ b/test-tools/scripts/01_download_and_install_package.sh @@ -1,59 +1,55 @@ #!/bin/bash + # SPDX-License-Identifier: Apache-2.0 # The OpenSearch Contributors require contributions made to # this file be licensed under the Apache-2.0 license or a # compatible open source license. -# Usage function to display help +# Function to display usage help usage() { - echo "Usage: $0 [-v ] [-r ] [-n ]" + echo "Usage: $0 --artifact-id [-v ] [-r ] [-n ]" echo echo "Parameters:" - echo " ARTIFACT_ID The unique ID of the GHA artifact." - echo " -v (Optional) The version of the wazuh-indexer package." - echo " -r (Optional) The revision of the package. Defaults to '0' if not provided." - echo " -n (Optional) The package name." + echo " -id, --artifact-id The GHA workflow execution ID." + echo " -v, --version (Optional) The version of the wazuh-indexer package." + echo " -r, --revision (Optional) The revision of the package. Defaults to '0' if not provided." + echo " -n, --name (Optional) The package name. If not provided, it will be configured based on version and revision." echo echo "Please ensure you have the GITHUB_TOKEN environment variable set to access the GitHub repository." exit 1 } +# Default package revision +PKG_REVISION="0" + +# Parse named parameters +while [[ "$#" -gt 0 ]]; do + case $1 in + --artifact-id|-id) ARTIFACT_ID="$2"; shift ;; + --version|-v) PKG_VERSION="$2"; shift ;; + --revision|-r) PKG_REVISION="$2"; shift ;; + --name|-n) PKG_NAME="$2"; shift ;; + -h|--help) usage ;; + *) echo "Unknown parameter passed: $1"; usage ;; + esac + shift +done + # Check if ARTIFACT_ID is provided -if [ -z "$1" ]; then - echo "Error: ARTIFACT_ID not provided." +if [ -z "$ARTIFACT_ID" ]; then + echo "Error: ARTIFACT_ID is required." usage fi -# Check if curl and unzip are installed -if ! command -v curl &> /dev/null || ! command -v unzip &> /dev/null; then - echo "Error: curl and unzip must be installed." - exit 1 -fi - -ARTIFACT_ID=$1 -shift - -while getopts v:r:n: flag -do - case "${flag}" in - v) PKG_VERSION=${OPTARG};; - r) PKG_REVISION=${OPTARG};; - n) PKG_NAME=${OPTARG};; - *) - usage - ;; - esac -done - # Validate GITHUB_TOKEN environment variable if [ -z "$GITHUB_TOKEN" ]; then - echo "Error: Environment variable GITHUB_TOKEN is not configured." - usage + echo "Please ensure you have the GITHUB_TOKEN environment variable set to access the GitHub repository." + exit 1 fi # Ensure either PKG_NAME or both PKG_VERSION and PKG_REVISION are provided if [ -z "$PKG_NAME" ] && { [ -z "$PKG_VERSION" ] || [ -z "$PKG_REVISION" ]; }; then - echo "Error: Either a package name (-n) or both a version (-v) and revision (-r) must be provided." + echo "Error: Either a package name (--name) or both a version (--version) and revision (--revision) must be provided." usage fi @@ -72,7 +68,7 @@ fi # Determine package type if PKG_NAME is not provided ARCH=$(uname -m) case "$OS" in - "ubuntu" | "debian") + *ubuntu* | *debian*) PKG_FORMAT="deb" if [ -z "$PKG_NAME" ]; then [ "$ARCH" == "x86_64" ] && ARCH="amd64" @@ -80,7 +76,7 @@ case "$OS" in PKG_NAME="wazuh-indexer_${PKG_VERSION}-${PKG_REVISION}_${ARCH}.${PKG_FORMAT}" fi ;; - "centos" | "fedora" | "rhel" | "red hat enterprise linux") + *centos* | *fedora* | *rhel* | *"red hat"* | *alma*) PKG_FORMAT="rpm" if [ -z "$PKG_NAME" ]; then PKG_NAME="wazuh-indexer-${PKG_VERSION}-${PKG_REVISION}.${ARCH}.${PKG_FORMAT}" diff --git a/test-tools/scripts/02_apply_certificates.sh b/test-tools/scripts/02_apply_certificates.sh index 952ddf6278921..288a6a0c44ae8 100644 --- a/test-tools/scripts/02_apply_certificates.sh +++ b/test-tools/scripts/02_apply_certificates.sh @@ -7,31 +7,41 @@ # Function to display usage help usage() { - echo - echo "Usage: $0 <(Optional)CURRENT_NODE_IP> <(Optional)SECOND_NODE_IP>" + echo "Usage: $0 --path-to-certs --current-node [--second-node ] [--current-node-ip ] [--second-node-ip ]" echo echo "Parameters:" - echo " PATH_TO_CERTS Path to the generated wazuh certificates tar" - echo " CURRENT_NODE Name of the current node" - echo " SECOND_NODE Name of the second node" - echo " CURRENT_NODE_IP IP address of the current node (optional, defaults to CURRENT_NODE)" - echo " SECOND_NODE_IP IP address of the second node (optional, defaults to SECOND_NODE)" + echo " -p, --path-to-certs Path to the generated Wazuh certificates tar" + echo " -c, --current-node Name of the current node" + echo " -s, --second-node (Optional) Name of the second node" + echo " -cip, --current-node-ip (Optional) IP address of the current node. Default: CURRENT_NODE" + echo " -sip, --second-node-ip (Optional) IP address of the second node. Default: SECOND_NODE" echo exit 1 } -# Check if at least two arguments are provided -if [ $# -lt 2 ]; then +# Parse named arguments +while [[ "$#" -gt 0 ]]; do + case $1 in + --path-to-certs|-p) PATH_TO_CERTS="$2"; shift ;; + --current-node|-c) CURRENT_NODE="$2"; shift ;; + --second-node|-s) SECOND_NODE="$2"; shift ;; + --current-node-ip|-cip) CURRENT_NODE_IP="$2"; shift ;; + --second-node-ip|-sip) SECOND_NODE_IP="$2"; shift ;; + -h|--help) usage ;; + *) echo "Unknown parameter passed: $1"; usage ;; + esac + shift +done + +# Validate mandatory arguments +if [ -z "$PATH_TO_CERTS" ] || [ -z "$CURRENT_NODE" ]; then + echo "Error: Missing mandatory parameter." usage fi - -# Assigning variables -PATH_TO_CERTS=$1 -CURRENT_NODE=$2 -SECOND_NODE=$3 -CURRENT_NODE_IP=${4:-$CURRENT_NODE} -SECOND_NODE_IP=${5:-$SECOND_NODE} +# Set default values if optional arguments are not provided +CURRENT_NODE_IP=${CURRENT_NODE_IP:-$CURRENT_NODE} +SECOND_NODE_IP=${SECOND_NODE_IP:-$SECOND_NODE} CONFIG_FILE="/etc/wazuh-indexer/opensearch.yml" BACKUP_FILE="./opensearch.yml.bak" @@ -43,14 +53,22 @@ cp $CONFIG_FILE $BACKUP_FILE echo "Updating configuration..." sed -i "s/network\.host: \"0\.0\.0\.0\"/network.host: \"${CURRENT_NODE_IP}\"/" $CONFIG_FILE sed -i "s/node\.name: \"node-1\"/node.name: \"${CURRENT_NODE}\"/" $CONFIG_FILE -sed -i "s/#discovery\.seed_hosts:/discovery.seed_hosts:\n - \"${CURRENT_NODE_IP}\"\n - \"${SECOND_NODE_IP}\"/" $CONFIG_FILE -sed -i "/cluster\.initial_master_nodes:/!b;n;c- ${CURRENT_NODE}\n- ${SECOND_NODE}" $CONFIG_FILE -sed -i ':a;N;$!ba;s/plugins\.security\.nodes_dn:\n- "CN=node-1,OU=Wazuh,O=Wazuh,L=California,C=US"/plugins.security.nodes_dn:\n- "CN='"${CURRENT_NODE}"',OU=Wazuh,O=Wazuh,L=California,C=US"\n- "CN='"${SECOND_NODE}"',OU=Wazuh,O=Wazuh,L=California,C=US"/' $CONFIG_FILE + +if [ -n "$SECOND_NODE" ]; then + sed -i "s/#discovery\.seed_hosts:/discovery.seed_hosts:\n - \"${CURRENT_NODE_IP}\"\n - \"${SECOND_NODE_IP}\"/" $CONFIG_FILE + sed -i "/cluster\.initial_master_nodes:/!b;n;c- ${CURRENT_NODE}\n- ${SECOND_NODE}" $CONFIG_FILE + sed -i ':a;N;$!ba;s/plugins\.security\.nodes_dn:\n- "CN=node-1,OU=Wazuh,O=Wazuh,L=California,C=US"/plugins.security.nodes_dn:\n- "CN='"${CURRENT_NODE}"',OU=Wazuh,O=Wazuh,L=California,C=US"\n- "CN='"${SECOND_NODE}"',OU=Wazuh,O=Wazuh,L=California,C=US"/' $CONFIG_FILE +else + sed -i "s/#discovery\.seed_hosts:/discovery.seed_hosts:\n - \"${CURRENT_NODE_IP}\"/" $CONFIG_FILE + sed -i "/cluster\.initial_master_nodes:/!b;n;c- ${CURRENT_NODE}" $CONFIG_FILE + sed -i ':a;N;$!ba;s/plugins\.security\.nodes_dn:\n- "CN=node-1,OU=Wazuh,O=Wazuh,L=California,C=US"/plugins.security.nodes_dn:\n- "CN='"${CURRENT_NODE}"',OU=Wazuh,O=Wazuh,L=California,C=US"/' $CONFIG_FILE +fi if [ $? -eq 0 ]; then echo "Configuration updated successfully. Backup created at ${BACKUP_FILE}" else echo "Error updating configuration." + exit 1 fi # Directory for certificates @@ -78,4 +96,5 @@ if [ $? -eq 0 ]; then echo "Certificates configured successfully." else echo "Error configuring certificates." + exit 1 fi diff --git a/test-tools/scripts/03_check_service.sh b/test-tools/scripts/03_check_service.sh deleted file mode 100644 index 6951f969aa90b..0000000000000 --- a/test-tools/scripts/03_check_service.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash - -# SPDX-License-Identifier: Apache-2.0 -# The OpenSearch Contributors require contributions made to -# this file be licensed under the Apache-2.0 license or a -# compatible open source license. - -# Function to check the status of the wazuh-indexer service -check_service_is_running() { - systemctl is-active --quiet wazuh-indexer - if [ $? -eq 0 ]; then - echo "wazuh-indexer service is running." - else - echo "Error: wazuh-indexer service is not running." >&2 - exit 1 - fi -} - -# Start wazuh-indexer service -echo "Starting wazuh-indexer service..." -systemctl daemon-reload -systemctl enable wazuh-indexer -systemctl start wazuh-indexer - -# Check if the service is running -check_service_is_running - -# Stop wazuh-indexer service -echo "Stopping wazuh-indexer service..." -systemctl stop wazuh-indexer - -# Check if the service is stopped -systemctl is-active --quiet wazuh-indexer -if [ $? -ne 0 ]; then - echo "wazuh-indexer service stopped successfully." -else - echo "Error: Failed to stop wazuh-indexer service." >&2 - exit 1 -fi - -# Restart wazuh-indexer service -echo "Restarting wazuh-indexer service..." -systemctl restart wazuh-indexer - -# Check if the service is running after restart -check_service_is_running diff --git a/test-tools/scripts/03_manage_indexer_service.sh b/test-tools/scripts/03_manage_indexer_service.sh new file mode 100644 index 0000000000000..299d23b0d5953 --- /dev/null +++ b/test-tools/scripts/03_manage_indexer_service.sh @@ -0,0 +1,77 @@ +#!/bin/bash + +# SPDX-License-Identifier: Apache-2.0 +# The OpenSearch Contributors require contributions made to +# this file be licensed under the Apache-2.0 license or a +# compatible open source license. + +# Function to check the status of the wazuh-indexer service +check_service_is_running() { + systemctl is-active --quiet wazuh-indexer + if [ $? -eq 0 ]; then + echo "wazuh-indexer service is running." + else + echo "Error: wazuh-indexer service is not running." >&2 + exit 1 + fi +} + +# Function to display usage help +usage() { + echo "Usage: $0 --action " + echo + echo "This script manages the wazuh-indexer service." + echo + echo "Options:" + echo " -a, --action Specify the action to perform: start, stop, or restart." + echo " -h, --help Show this help message and exit." + echo + exit 1 +} + +# Parse named arguments +while [[ "$#" -gt 0 ]]; do + case $1 in + --action|-a) ACTION="$2"; shift ;; + -h|--help) usage ;; + *) echo "Unknown parameter passed: $1"; usage ;; + esac + shift +done + +# Check if ACTION is provided +if [ -z "$ACTION" ]; then + echo "Error: Action is required." + usage +fi + +# Execute the action +case $ACTION in + start) + echo "Starting wazuh-indexer service..." + systemctl daemon-reload + systemctl enable wazuh-indexer + systemctl start wazuh-indexer + check_service_is_running + ;; + stop) + echo "Stopping wazuh-indexer service..." + systemctl stop wazuh-indexer + systemctl is-active --quiet wazuh-indexer + if [ $? -ne 0 ]; then + echo "wazuh-indexer service stopped successfully." + else + echo "Error: Failed to stop wazuh-indexer service." >&2 + exit 1 + fi + ;; + restart) + echo "Restarting wazuh-indexer service..." + systemctl restart wazuh-indexer + check_service_is_running + ;; + *) + echo "Error: Invalid action specified. Use start, stop, or restart." + usage + ;; +esac diff --git a/test-tools/scripts/04_cluster_initialization.sh b/test-tools/scripts/04_initialize_cluster.sh similarity index 70% rename from test-tools/scripts/04_cluster_initialization.sh rename to test-tools/scripts/04_initialize_cluster.sh index 9a8aa0efd9da8..10ae301b791ea 100644 --- a/test-tools/scripts/04_cluster_initialization.sh +++ b/test-tools/scripts/04_initialize_cluster.sh @@ -7,13 +7,12 @@ # Function to display usage help usage() { - echo - echo "Usage: $0 " + echo "Usage: $0 -c -u -p " echo echo "Parameters:" - echo " CLUSTER_IP IP address of the cluster (default: localhost)" - echo " USER Username for authentication (default: admin)" - echo " PASSWORD Password for authentication (default: admin)" + echo " -ip, --cluster-ip (Optional) IP address of the cluster. Default: localhost" + echo " -u, --user (Optional) Username for authentication. Default: admin" + echo " -p, --password (Optional) Password for authentication. Default: admin" echo exit 1 } @@ -24,10 +23,22 @@ if ! command -v curl &> /dev/null || ! command -v jq &> /dev/null; then exit 1 fi -# Assigning variables -CLUSTER_IP=${1:-"localhost"} -USER=${2:-"admin"} -PASSWORD=${3:-"admin"} +# Default values +CLUSTER_IP="localhost" +USER="admin" +PASSWORD="admin" + +# Parse named arguments +while [[ "$#" -gt 0 ]]; do + case $1 in + -ip|--cluster-ip) CLUSTER_IP="$2"; shift ;; + -u|--user) USER="$2"; shift ;; + -p|--password) PASSWORD="$2"; shift ;; + -h|--help) usage ;; + *) echo "Unknown parameter passed: $1"; usage ;; + esac + shift +done # Initialize cluster echo "Initializing wazuh-indexer cluster..." @@ -53,7 +64,6 @@ fi INDEXER_NAME=$(echo $RESPONSE | jq -r '.name') CLUSTER_NAME=$(echo $RESPONSE | jq -r '.cluster_name') VERSION_NUMBER=$(echo $RESPONSE | jq -r '.version.number') - echo "Indexer Status:" echo " Node Name: $INDEXER_NAME" echo " Cluster Name: $CLUSTER_NAME" @@ -70,5 +80,4 @@ fi echo "Nodes:" echo "$NODES_RESPONSE" - echo "Initialization completed successfully." diff --git a/test-tools/scripts/05_check_plugins.sh b/test-tools/scripts/05_validate_installed_plugins.sh similarity index 61% rename from test-tools/scripts/05_check_plugins.sh rename to test-tools/scripts/05_validate_installed_plugins.sh index 653fb0d4b634d..e85f6842ed327 100644 --- a/test-tools/scripts/05_check_plugins.sh +++ b/test-tools/scripts/05_validate_installed_plugins.sh @@ -1,5 +1,4 @@ #!/bin/bash - # SPDX-License-Identifier: Apache-2.0 # The OpenSearch Contributors require contributions made to # this file be licensed under the Apache-2.0 license or a @@ -7,15 +6,13 @@ # Function to display usage help usage() { - echo - echo "Usage: $0 [...]" + echo "Usage: $0 -c -u -p -n -n [...]" echo echo "Parameters:" - echo " CLUSTER_IP IP address of the cluster (default: localhost)" - echo " USER Username for authentication (default: admin)" - echo " PASSWORD Password for authentication (default: admin)" - echo " NODE_1 Name of the first node" - echo " NODE_2 Name of the second node (add more as needed)" + echo " -ip, --cluster-ip IP address of the cluster (default: localhost)" + echo " -u, --user Username for authentication (default: admin)" + echo " -p, --password Password for authentication (default: admin)" + echo " -n, --node Name of the nodes (add as many as needed)" echo exit 1 } @@ -26,33 +23,44 @@ if ! command -v curl &> /dev/null || ! command -v jq &> /dev/null; then exit 1 fi -# Check if at least four arguments are provided -if [ "$#" -lt 4 ]; then +# Default values +CLUSTER_IP="localhost" +USER="admin" +PASSWORD="admin" +NODES=() + +# Parse named arguments +while [[ "$#" -gt 0 ]]; do + case $1 in + -ip|--cluster-ip) CLUSTER_IP="$2"; shift ;; + -u|--user) USER="$2"; shift ;; + -p|--password) PASSWORD="$2"; shift ;; + -n|--node) NODES+=("$2"); shift ;; + -h|--help) usage ;; + *) echo "Unknown parameter passed: $1"; usage ;; + esac + shift +done + +# Check if mandatory arguments are provided +if [ -z "$CLUSTER_IP" ] || [ -z "$USER" ] || [ -z "$PASSWORD" ] || [ ${#NODES[@]} -eq 0 ]; then + echo "Error: Missing mandatory parameter." usage fi -# Assigning variables -CLUSTER_IP=${1:-"localhost"} -USER=${2:-"admin"} -PASSWORD=${3:-"admin"} -NODES=${@:4} # List of nodes passed as arguments starting from the 4th - # Check the installed plugins on each node REQUIRED_PLUGINS=("wazuh-indexer-command-manager" "wazuh-indexer-setup") ALL_MISSING_PLUGINS=() echo "Checking installed plugins on Wazuh indexer nodes..." - -for NODE in $NODES; do +for NODE in "${NODES[@]}"; do echo "Checking node $NODE..." RESPONSE=$(curl -s -k -u $USER:$PASSWORD https://$CLUSTER_IP:9200/_cat/plugins?v | grep $NODE) - # Check if the request was successful if [ $? -ne 0 ]; then echo "Error: Failed to connect to Wazuh indexer." exit 1 fi - MISSING_PLUGINS=() for PLUGIN in "${REQUIRED_PLUGINS[@]}"; do if echo "$RESPONSE" | grep -q "$PLUGIN"; then @@ -61,7 +69,6 @@ for NODE in $NODES; do MISSING_PLUGINS+=("$PLUGIN") fi done - if [ ${#MISSING_PLUGINS[@]} -ne 0 ]; then echo "Error: The following required plugins are missing on $NODE:" for PLUGIN in "${MISSING_PLUGINS[@]}"; do diff --git a/test-tools/scripts/06_check_setup_plugin.sh b/test-tools/scripts/06_validate_setup.sh similarity index 85% rename from test-tools/scripts/06_check_setup_plugin.sh rename to test-tools/scripts/06_validate_setup.sh index 3b84e1e8f312b..d8f9c59efe92c 100644 --- a/test-tools/scripts/06_check_setup_plugin.sh +++ b/test-tools/scripts/06_validate_setup.sh @@ -7,13 +7,12 @@ # Function to display usage help usage() { - echo - echo "Usage: $0 " + echo "Usage: $0 -c -u -p " echo echo "Parameters:" - echo " CLUSTER_IP (Optional) IP address of the cluster (default: localhost)" - echo " USER (Optional) Username for authentication (default: admin)" - echo " PASSWORD (Optional) Password for authentication (default: admin)" + echo " -ip, --cluster-ip (Optional) IP address of the cluster. Default: localhost" + echo " -u, --user (Optional) Username for authentication. Default: admin" + echo " -p, --password (Optional) Password for authentication. Default: admin" echo exit 1 } @@ -24,10 +23,22 @@ if ! command -v curl &> /dev/null || ! command -v jq &> /dev/null; then exit 1 fi -# Assigning variables -CLUSTER_IP=${1:-"localhost"} -USER=${2:-"admin"} -PASSWORD=${3:-"admin"} +# Default values +CLUSTER_IP="localhost" +USER="admin" +PASSWORD="admin" + +# Parse named arguments +while [[ "$#" -gt 0 ]]; do + case $1 in + -ip|--cluster-ip) CLUSTER_IP="$2"; shift ;; + -u|--user) USER="$2"; shift ;; + -p|--password) PASSWORD="$2"; shift ;; + -h|--help) usage ;; + *) echo "Unknown parameter passed: $1"; usage ;; + esac + shift +done # List of expected items EXPECTED_TEMPLATES=("index-template-agent" "index-template-alerts" "index-template-fim" "index-template-packages" diff --git a/test-tools/scripts/07_check_command_manager_plugin.sh b/test-tools/scripts/07_validate_command_manager.sh similarity index 60% rename from test-tools/scripts/07_check_command_manager_plugin.sh rename to test-tools/scripts/07_validate_command_manager.sh index 93fd8d8712a36..0b5c59db81361 100644 --- a/test-tools/scripts/07_check_command_manager_plugin.sh +++ b/test-tools/scripts/07_validate_command_manager.sh @@ -1,21 +1,45 @@ #!/bin/bash + # SPDX-License-Identifier: Apache-2.0 # The OpenSearch Contributors require contributions made to # this file be licensed under the Apache-2.0 license or a # compatible open source license. -# Assigning variables -CLUSTER_IP=${1:-"localhost"} -USERNAME=${2:-"admin"} -PASSWORD=${3:-"admin"} +# Function to display usage help +usage() { + echo "Usage: $0 -c -u -p " + echo + echo "Parameters:" + echo " -ip, --cluster-ip (Optional) IP address of the cluster. Default: localhost" + echo " -u, --user (Optional) Username for authentication. Default: admin" + echo " -p, --password (Optional) Password for authentication. Default: admin" + echo + exit 1 +} -# Check for curl command -if ! command -v curl &> /dev/null -then - echo "curl command could not be found" - exit +# Check if curl and jq are installed +if ! command -v curl &> /dev/null || ! command -v jq &> /dev/null; then + echo "Error: curl and jq must be installed." + exit 1 fi +# Default values +CLUSTER_IP="localhost" +USERNAME="admin" +PASSWORD="admin" + +# Parse named arguments +while [[ "$#" -gt 0 ]]; do + case $1 in + -ip|--cluster-ip) CLUSTER_IP="$2"; shift ;; + -u|--user) USERNAME="$2"; shift ;; + -p|--password) PASSWORD="$2"; shift ;; + -h|--help) usage ;; + *) echo "Unknown parameter passed: $1"; usage ;; + esac + shift +done + COMMANDS_INDEX=".commands" SRC="Engine" USR="TestUser" @@ -71,10 +95,8 @@ if [ $? -ne 0 ]; then exit 1 fi -# Extract and validate specific fields -COMMAND_FOUND=$(echo "$SEARCH_RESPONSE" | jq -r '.hits.hits[] | select(._source.command.source == "Engine" and ._source.command.user == "TestUser" and ._source.command.target.id == "TestTarget" and ._source.command.action.args[0] == "/test/path/fake/args")') - -if [ -n "$COMMAND_FOUND" ]; then +# Check if the command is found in the search results +if echo "$SEARCH_RESPONSE" | grep -q "\"user\":\"$USR\"" && echo "$SEARCH_RESPONSE" | grep -q "\"id\":\"$TRG_ID\""; then echo "Validation successful: The command was created and found in the search results." else echo "Error: The command was not found in the search results." diff --git a/test-tools/scripts/08_check_uninstall.sh b/test-tools/scripts/08_uninstall_indexer.sh similarity index 83% rename from test-tools/scripts/08_check_uninstall.sh rename to test-tools/scripts/08_uninstall_indexer.sh index d2462f95ac011..9e69d6dd055c7 100644 --- a/test-tools/scripts/08_check_uninstall.sh +++ b/test-tools/scripts/08_uninstall_indexer.sh @@ -1,9 +1,27 @@ #!/bin/bash + # SPDX-License-Identifier: Apache-2.0 # The OpenSearch Contributors require contributions made to # this file be licensed under the Apache-2.0 license or a # compatible open source license. +# Function to display usage help +usage() { + echo "Usage: $0 [-h]" + echo + echo "This script uninstalls Wazuh Indexer and validates its removal." + echo + echo "Options:" + echo " -h, --help Show this help message and exit." + echo + exit 1 +} + +# Check for help flag +if [[ "$1" == "-h" || "$1" == "--help" ]]; then + usage +fi + # Detect package manager if command -v apt-get &> /dev/null; then PKG_MANAGER="apt-get" diff --git a/test-tools/scripts/README.md b/test-tools/scripts/README.md new file mode 100644 index 0000000000000..226e3ddbac530 --- /dev/null +++ b/test-tools/scripts/README.md @@ -0,0 +1,49 @@ +# Test utils scripts + +This is a collection of scripts aimed to facilitate the validation of the wazuh-indexer packages generated on GHA. + +Even this scripts can be executed in mostly any linux environment, we expect it to be used alongside the +Vagrant environment defined in the `test-tools` + +### Validation flow + +1. Check the package artifact is generated (run on each node) + ```bash + GITHUB_TOKEN= bash 00_search_package_artifact.sh -id -n + ... + [ Artifact ID: ] + ``` +2. Check package can be downloaded and installed (run on each node) + > Use the ARTIFACT_ID obtained in the previous step + ```bash + GITHUB_TOKEN= bash 01_download_and_install_package.sh -id -n + ``` +3. Check the service can be started` + ```bash + bash 02_apply_certificates.sh -p -c -cip -s -sip + ``` + ```bash + bash 03_manage_indexer_service.sh -a start + ``` + > You can also test `restart` and `stop` +4. Check the cluster can be initialized + ```bash + bash 04_initialize_cluster.sh -ip + ``` +5. Check all the plugins are installed + ```bash + bash 05_validate_installed_plugins.sh -ip -n -n + ``` +6. Check the setup plugin configured the index-patterns correctly + ```bash + bash 06_validate_setup.sh -ip + ``` +7. Check the command manager plugin works correctly + ```bash + bash 07_validate_command_manager.sh -ip + ``` +8. Check wazuh-indexer can be uninstalled + ```bash + bash 08_uninstall_indexer.sh + ``` + From 083692458f91f5e5a1e2a5398d4be3acb0d9b62a Mon Sep 17 00:00:00 2001 From: quebim Date: Thu, 24 Oct 2024 12:33:08 -0300 Subject: [PATCH 09/24] Add dependencies validations --- .../scripts/00_search_package_artifact.sh | 19 +++++++++++++----- .../01_download_and_install_package.sh | 20 +++++++++++++++---- test-tools/scripts/02_apply_certificates.sh | 14 +++++++++++++ test-tools/scripts/04_initialize_cluster.sh | 16 +++++++++++---- .../scripts/05_validate_installed_plugins.sh | 16 +++++++++++---- test-tools/scripts/06_validate_setup.sh | 16 +++++++++++---- .../scripts/07_validate_command_manager.sh | 18 ++++++++++++----- 7 files changed, 93 insertions(+), 26 deletions(-) diff --git a/test-tools/scripts/00_search_package_artifact.sh b/test-tools/scripts/00_search_package_artifact.sh index e03b2fb5ffd04..43b3461233969 100644 --- a/test-tools/scripts/00_search_package_artifact.sh +++ b/test-tools/scripts/00_search_package_artifact.sh @@ -1,10 +1,12 @@ -#!/bin/bash +#!/opt/homebrew/bin/bash # SPDX-License-Identifier: Apache-2.0 # The OpenSearch Contributors require contributions made to # this file be licensed under the Apache-2.0 license or a # compatible open source license. +# Tool dependencies +DEPENDENCIES=(curl jq) # Default package revision PKG_REVISION="0" @@ -18,13 +20,10 @@ usage() { echo " -r, --revision (Optional) The revision of the package. Defaults to '0' if not provided." echo " -n, --name (Optional) The package name. If not provided, it will be configured based on version and revision." echo - echo "Please ensure you have the GITHUB_TOKEN environment variable set to access the GitHub repository." + echo "Please ensure you have the GITHUB_TOKEN environment variable set to access the GitHub repository, and all dependencies installed: [${DEPENDENCIES[@]}]" exit 1 } -# Default package revision -PKG_REVISION="0" - # Parse named parameters while [[ "$#" -gt 0 ]]; do case $1 in @@ -38,6 +37,16 @@ while [[ "$#" -gt 0 ]]; do shift done +# Validate all dependencies are installed +for dep in ${DEPENDENCIES[@]} +do + if ! command -v ${dep} &> /dev/null + then + echo "Error: Dependency '$dep' is not installed. Please install $dep and try again." >&2 + exit 1 + fi +done + # Check if RUN_ID is provided if [ -z "$RUN_ID" ]; then echo "Error: RUN_ID is required." diff --git a/test-tools/scripts/01_download_and_install_package.sh b/test-tools/scripts/01_download_and_install_package.sh index 783b50c9e8fd2..1e41220bb3436 100644 --- a/test-tools/scripts/01_download_and_install_package.sh +++ b/test-tools/scripts/01_download_and_install_package.sh @@ -5,6 +5,11 @@ # this file be licensed under the Apache-2.0 license or a # compatible open source license. +# Tool dependencies +DEPENDENCIES=(curl jq unzip) +# Default package revision +PKG_REVISION="0" + # Function to display usage help usage() { echo "Usage: $0 --artifact-id [-v ] [-r ] [-n ]" @@ -15,13 +20,10 @@ usage() { echo " -r, --revision (Optional) The revision of the package. Defaults to '0' if not provided." echo " -n, --name (Optional) The package name. If not provided, it will be configured based on version and revision." echo - echo "Please ensure you have the GITHUB_TOKEN environment variable set to access the GitHub repository." + echo "Please ensure you have the GITHUB_TOKEN environment variable set to access the GitHub repository, and all dependencies installed: [${DEPENDENCIES[@]}]" exit 1 } -# Default package revision -PKG_REVISION="0" - # Parse named parameters while [[ "$#" -gt 0 ]]; do case $1 in @@ -35,6 +37,16 @@ while [[ "$#" -gt 0 ]]; do shift done +# Validate all dependencies are installed +for dep in ${DEPENDENCIES[@]} +do + if ! command -v ${dep} &> /dev/null + then + echo "Error: Dependency '$dep' is not installed. Please install $dep and try again." >&2 + exit 1 + fi +done + # Check if ARTIFACT_ID is provided if [ -z "$ARTIFACT_ID" ]; then echo "Error: ARTIFACT_ID is required." diff --git a/test-tools/scripts/02_apply_certificates.sh b/test-tools/scripts/02_apply_certificates.sh index 288a6a0c44ae8..3bfc8e6c44a06 100644 --- a/test-tools/scripts/02_apply_certificates.sh +++ b/test-tools/scripts/02_apply_certificates.sh @@ -5,6 +5,9 @@ # this file be licensed under the Apache-2.0 license or a # compatible open source license. +# Tool dependencies +DEPENDENCIES=(tar) + # Function to display usage help usage() { echo "Usage: $0 --path-to-certs --current-node [--second-node ] [--current-node-ip ] [--second-node-ip ]" @@ -16,6 +19,7 @@ usage() { echo " -cip, --current-node-ip (Optional) IP address of the current node. Default: CURRENT_NODE" echo " -sip, --second-node-ip (Optional) IP address of the second node. Default: SECOND_NODE" echo + echo "Please ensure you have all the dependencies installed [${DEPENDENCIES[@]}]" exit 1 } @@ -33,6 +37,16 @@ while [[ "$#" -gt 0 ]]; do shift done +# Validate all dependencies are installed +for dep in ${DEPENDENCIES[@]} +do + if ! command -v ${dep} &> /dev/null + then + echo "Error: Dependency '$dep' is not installed. Please install $dep and try again." >&2 + exit 1 + fi +done + # Validate mandatory arguments if [ -z "$PATH_TO_CERTS" ] || [ -z "$CURRENT_NODE" ]; then echo "Error: Missing mandatory parameter." diff --git a/test-tools/scripts/04_initialize_cluster.sh b/test-tools/scripts/04_initialize_cluster.sh index 10ae301b791ea..fd2cbcc180d31 100644 --- a/test-tools/scripts/04_initialize_cluster.sh +++ b/test-tools/scripts/04_initialize_cluster.sh @@ -5,6 +5,9 @@ # this file be licensed under the Apache-2.0 license or a # compatible open source license. +# Tool dependencies +DEPENDENCIES=(curl jq) + # Function to display usage help usage() { echo "Usage: $0 -c -u -p " @@ -14,14 +17,19 @@ usage() { echo " -u, --user (Optional) Username for authentication. Default: admin" echo " -p, --password (Optional) Password for authentication. Default: admin" echo + echo "Please ensure you have all the dependencies installed [${DEPENDENCIES[@]}]" exit 1 } -# Check if curl and jq are installed -if ! command -v curl &> /dev/null || ! command -v jq &> /dev/null; then - echo "Error: curl and jq must be installed." +# Validate all dependencies are installed +for dep in ${DEPENDENCIES[@]} +do + if ! command -v ${dep} &> /dev/null + then + echo "Error: Dependency '$dep' is not installed. Please install $dep and try again." >&2 exit 1 -fi + fi +done # Default values CLUSTER_IP="localhost" diff --git a/test-tools/scripts/05_validate_installed_plugins.sh b/test-tools/scripts/05_validate_installed_plugins.sh index e85f6842ed327..6cf095e9d355e 100644 --- a/test-tools/scripts/05_validate_installed_plugins.sh +++ b/test-tools/scripts/05_validate_installed_plugins.sh @@ -4,6 +4,9 @@ # this file be licensed under the Apache-2.0 license or a # compatible open source license. +# Tool dependencies +DEPENDENCIES=(curl jq) + # Function to display usage help usage() { echo "Usage: $0 -c -u -p -n -n [...]" @@ -14,14 +17,19 @@ usage() { echo " -p, --password Password for authentication (default: admin)" echo " -n, --node Name of the nodes (add as many as needed)" echo + echo "Please ensure you have all the dependencies installed [${DEPENDENCIES[@]}]" exit 1 } -# Check if curl and jq are installed -if ! command -v curl &> /dev/null || ! command -v jq &> /dev/null; then - echo "Error: curl and jq must be installed." +# Validate all dependencies are installed +for dep in ${DEPENDENCIES[@]} +do + if ! command -v ${dep} &> /dev/null + then + echo "Error: Dependency '$dep' is not installed. Please install $dep and try again." >&2 exit 1 -fi + fi +done # Default values CLUSTER_IP="localhost" diff --git a/test-tools/scripts/06_validate_setup.sh b/test-tools/scripts/06_validate_setup.sh index d8f9c59efe92c..22dfbb116c803 100644 --- a/test-tools/scripts/06_validate_setup.sh +++ b/test-tools/scripts/06_validate_setup.sh @@ -5,6 +5,9 @@ # this file be licensed under the Apache-2.0 license or a # compatible open source license. +# Tool dependencies +DEPENDENCIES=(curl jq) + # Function to display usage help usage() { echo "Usage: $0 -c -u -p " @@ -14,14 +17,19 @@ usage() { echo " -u, --user (Optional) Username for authentication. Default: admin" echo " -p, --password (Optional) Password for authentication. Default: admin" echo + echo "Please ensure you have all the dependencies installed [${DEPENDENCIES[@]}]" exit 1 } -# Check if curl and jq are installed -if ! command -v curl &> /dev/null || ! command -v jq &> /dev/null; then - echo "Error: curl and jq must be installed." +# Validate all dependencies are installed +for dep in ${DEPENDENCIES[@]} +do + if ! command -v ${dep} &> /dev/null + then + echo "Error: Dependency '$dep' is not installed. Please install $dep and try again." >&2 exit 1 -fi + fi +done # Default values CLUSTER_IP="localhost" diff --git a/test-tools/scripts/07_validate_command_manager.sh b/test-tools/scripts/07_validate_command_manager.sh index 0b5c59db81361..4b4979d4f7d0f 100644 --- a/test-tools/scripts/07_validate_command_manager.sh +++ b/test-tools/scripts/07_validate_command_manager.sh @@ -5,6 +5,9 @@ # this file be licensed under the Apache-2.0 license or a # compatible open source license. +# Tool dependencies +DEPENDENCIES=(curl jq) + # Function to display usage help usage() { echo "Usage: $0 -c -u -p " @@ -14,14 +17,19 @@ usage() { echo " -u, --user (Optional) Username for authentication. Default: admin" echo " -p, --password (Optional) Password for authentication. Default: admin" echo + echo "Please ensure you have all the dependencies installed [${DEPENDENCIES[@]}]" exit 1 } -# Check if curl and jq are installed -if ! command -v curl &> /dev/null || ! command -v jq &> /dev/null; then - echo "Error: curl and jq must be installed." +# Validate all dependencies are installed +for dep in ${DEPENDENCIES[@]} +do + if ! command -v ${dep} &> /dev/null + then + echo "Error: Dependency '$dep' is not installed. Please install $dep and try again." >&2 exit 1 -fi + fi +done # Default values CLUSTER_IP="localhost" @@ -96,7 +104,7 @@ if [ $? -ne 0 ]; then fi # Check if the command is found in the search results -if echo "$SEARCH_RESPONSE" | grep -q "\"user\":\"$USR\"" && echo "$SEARCH_RESPONSE" | grep -q "\"id\":\"$TRG_ID\""; then +if echo "$SEARCH_RESPONSE" | grep -q "\"$USR\"" && echo "$SEARCH_RESPONSE" | grep -q "\"$TRG_ID\""; then echo "Validation successful: The command was created and found in the search results." else echo "Error: The command was not found in the search results." From 60f45e169159c6c876ca51e21d8f7548509894e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lex=20Ruiz?= Date: Mon, 28 Oct 2024 12:29:25 +0100 Subject: [PATCH 10/24] Fix typos --- test-tools/README.md | 2 +- test-tools/scripts/01_download_and_install_package.sh | 2 +- test-tools/scripts/README.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test-tools/README.md b/test-tools/README.md index 64dc8c453dba5..3db416533fbba 100644 --- a/test-tools/README.md +++ b/test-tools/README.md @@ -1,6 +1,6 @@ # Basic cluster environment -This is a environment definition with the required configuration to be prepared to freshly install a Wazuh Indexer +This is an environment definition with the required configuration to be prepared to freshly install a Wazuh Indexer cluster with two nodes using Vagrant and Libvirt to provision the Virtual Machines. It also generates the node's required certificates using the `wazuh-certs-tool` and copy them to each node's `home` diff --git a/test-tools/scripts/01_download_and_install_package.sh b/test-tools/scripts/01_download_and_install_package.sh index 1e41220bb3436..5c16e9a1d005c 100644 --- a/test-tools/scripts/01_download_and_install_package.sh +++ b/test-tools/scripts/01_download_and_install_package.sh @@ -102,7 +102,7 @@ esac # Download the package echo "Downloading wazuh-indexer package from GitHub artifactory..." -echo "(It could take a couple minutes)" +echo "(It could take a couple of minutes)" curl -L -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ diff --git a/test-tools/scripts/README.md b/test-tools/scripts/README.md index 226e3ddbac530..f7728cc5ec150 100644 --- a/test-tools/scripts/README.md +++ b/test-tools/scripts/README.md @@ -2,7 +2,7 @@ This is a collection of scripts aimed to facilitate the validation of the wazuh-indexer packages generated on GHA. -Even this scripts can be executed in mostly any linux environment, we expect it to be used alongside the +Even if these scripts can be executed in almost any Linux environment, we expect it to be used alongside the Vagrant environment defined in the `test-tools` ### Validation flow From 4e13c973e7a72826b5749e6ddb56f8357d352af4 Mon Sep 17 00:00:00 2001 From: quebim Date: Mon, 28 Oct 2024 09:07:16 -0300 Subject: [PATCH 11/24] Apply SpellCheck linter recommendations --- .../scripts/00_search_package_artifact.sh | 8 +++---- .../01_download_and_install_package.sh | 15 ++++++------- test-tools/scripts/02_apply_certificates.sh | 18 +++++++++------- .../scripts/03_manage_indexer_service.sh | 3 +-- test-tools/scripts/04_initialize_cluster.sh | 16 +++++++------- .../scripts/05_validate_installed_plugins.sh | 9 ++++---- test-tools/scripts/06_validate_setup.sh | 19 +++++++++-------- .../scripts/07_validate_command_manager.sh | 21 ++++++++++--------- test-tools/scripts/README.md | 2 +- 9 files changed, 58 insertions(+), 53 deletions(-) diff --git a/test-tools/scripts/00_search_package_artifact.sh b/test-tools/scripts/00_search_package_artifact.sh index 43b3461233969..edcc450b8f62f 100644 --- a/test-tools/scripts/00_search_package_artifact.sh +++ b/test-tools/scripts/00_search_package_artifact.sh @@ -20,7 +20,7 @@ usage() { echo " -r, --revision (Optional) The revision of the package. Defaults to '0' if not provided." echo " -n, --name (Optional) The package name. If not provided, it will be configured based on version and revision." echo - echo "Please ensure you have the GITHUB_TOKEN environment variable set to access the GitHub repository, and all dependencies installed: [${DEPENDENCIES[@]}]" + echo "Please ensure you have the GITHUB_TOKEN environment variable set to access the GitHub repository, and all the dependencies installed: " "${DEPENDENCIES[@]}" exit 1 } @@ -38,9 +38,9 @@ while [[ "$#" -gt 0 ]]; do done # Validate all dependencies are installed -for dep in ${DEPENDENCIES[@]} +for dep in "${DEPENDENCIES[@]}" do - if ! command -v ${dep} &> /dev/null + if ! command -v "${dep}" &> /dev/null then echo "Error: Dependency '$dep' is not installed. Please install $dep and try again." >&2 exit 1 @@ -71,7 +71,7 @@ URL="https://api.github.com/repos/$REPO/actions/artifacts" # Detect OS and architecture if [ -f /etc/os-release ]; then . /etc/os-release - OS=$(echo $NAME | tr '[:upper:]' '[:lower:]') + OS=$(echo "$NAME" | tr '[:upper:]' '[:lower:]') else echo "Unsupported OS." exit 1 diff --git a/test-tools/scripts/01_download_and_install_package.sh b/test-tools/scripts/01_download_and_install_package.sh index 5c16e9a1d005c..20e892a2bc862 100644 --- a/test-tools/scripts/01_download_and_install_package.sh +++ b/test-tools/scripts/01_download_and_install_package.sh @@ -20,7 +20,7 @@ usage() { echo " -r, --revision (Optional) The revision of the package. Defaults to '0' if not provided." echo " -n, --name (Optional) The package name. If not provided, it will be configured based on version and revision." echo - echo "Please ensure you have the GITHUB_TOKEN environment variable set to access the GitHub repository, and all dependencies installed: [${DEPENDENCIES[@]}]" + echo "Please ensure you have the GITHUB_TOKEN environment variable set to access the GitHub repository, and all the dependencies installed: " "${DEPENDENCIES[@]}" exit 1 } @@ -38,9 +38,9 @@ while [[ "$#" -gt 0 ]]; do done # Validate all dependencies are installed -for dep in ${DEPENDENCIES[@]} +for dep in "${DEPENDENCIES[@]}" do - if ! command -v ${dep} &> /dev/null + if ! command -v "${dep}" &> /dev/null then echo "Error: Dependency '$dep' is not installed. Please install $dep and try again." >&2 exit 1 @@ -71,7 +71,7 @@ URL="https://api.github.com/repos/${REPO}/actions/artifacts/${ARTIFACT_ID}/zip" # Detect OS and architecture if [ -f /etc/os-release ]; then . /etc/os-release - OS=$(echo $NAME | tr '[:upper:]' '[:lower:]') + OS=$(echo "$NAME" | tr '[:upper:]' '[:lower:]') else echo "Unsupported OS." exit 1 @@ -106,7 +106,7 @@ echo "(It could take a couple of minutes)" curl -L -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - $URL -o package.zip > /dev/null 2>&1 + "$URL" -o package.zip > /dev/null 2>&1 if [ $? -ne 0 ]; then echo "Error downloading package." @@ -129,13 +129,14 @@ echo "Package decompressed" echo "Installing wazuh-indexer package..." case "$PKG_FORMAT" in "deb") - sudo dpkg -i $PKG_NAME + sudo dpkg -i "$PKG_NAME" ;; "rpm") - sudo rpm -i $PKG_NAME + sudo rpm -i "$PKG_NAME" ;; esac +# shellcheck disable=SC2181 if [ $? -ne 0 ]; then echo "Error installing package." exit 1 diff --git a/test-tools/scripts/02_apply_certificates.sh b/test-tools/scripts/02_apply_certificates.sh index 3bfc8e6c44a06..0f2a0420bd3a3 100644 --- a/test-tools/scripts/02_apply_certificates.sh +++ b/test-tools/scripts/02_apply_certificates.sh @@ -19,7 +19,7 @@ usage() { echo " -cip, --current-node-ip (Optional) IP address of the current node. Default: CURRENT_NODE" echo " -sip, --second-node-ip (Optional) IP address of the second node. Default: SECOND_NODE" echo - echo "Please ensure you have all the dependencies installed [${DEPENDENCIES[@]}]" + echo "Please ensure you have all the dependencies installed: " "${DEPENDENCIES[@]}" exit 1 } @@ -38,7 +38,7 @@ while [[ "$#" -gt 0 ]]; do done # Validate all dependencies are installed -for dep in ${DEPENDENCIES[@]} +for dep in "${DEPENDENCIES[@]}" do if ! command -v ${dep} &> /dev/null then @@ -78,6 +78,7 @@ else sed -i ':a;N;$!ba;s/plugins\.security\.nodes_dn:\n- "CN=node-1,OU=Wazuh,O=Wazuh,L=California,C=US"/plugins.security.nodes_dn:\n- "CN='"${CURRENT_NODE}"',OU=Wazuh,O=Wazuh,L=California,C=US"/' $CONFIG_FILE fi +# shellcheck disable=SC2181 if [ $? -eq 0 ]; then echo "Configuration updated successfully. Backup created at ${BACKUP_FILE}" else @@ -91,7 +92,7 @@ CERT_DIR="/etc/wazuh-indexer/certs" # Extract certificates echo "Creating certificates directory and extracting certificates..." mkdir -p $CERT_DIR -tar -xf $PATH_TO_CERTS -C $CERT_DIR ./$CURRENT_NODE.pem ./$CURRENT_NODE-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem +tar -xf "$PATH_TO_CERTS" -C "$CERT_DIR" "./$CURRENT_NODE.pem" "./$CURRENT_NODE-key.pem" ./admin.pem ./admin-key.pem ./root-ca.pem if [ $? -ne 0 ]; then echo "Error extracting certificates." @@ -100,12 +101,13 @@ fi # Move and set permissions for certificates echo "Moving and setting permissions for certificates..." -mv -n $CERT_DIR/$CURRENT_NODE.pem $CERT_DIR/indexer.pem -mv -n $CERT_DIR/$CURRENT_NODE-key.pem $CERT_DIR/indexer-key.pem -chmod 500 $CERT_DIR -chmod 400 $CERT_DIR/* -chown -R wazuh-indexer:wazuh-indexer $CERT_DIR +mv -n "$CERT_DIR/$CURRENT_NODE.pem" "$CERT_DIR/indexer.pem" +mv -n "$CERT_DIR/$CURRENT_NODE-key.pem" "$CERT_DIR/indexer-key.pem" +chmod 500 "$CERT_DIR" +chmod 400 "$CERT_DIR/*" +chown -R wazuh-indexer:wazuh-indexer "$CERT_DIR" +# shellcheck disable=SC2181 if [ $? -eq 0 ]; then echo "Certificates configured successfully." else diff --git a/test-tools/scripts/03_manage_indexer_service.sh b/test-tools/scripts/03_manage_indexer_service.sh index 299d23b0d5953..a1621526f83af 100644 --- a/test-tools/scripts/03_manage_indexer_service.sh +++ b/test-tools/scripts/03_manage_indexer_service.sh @@ -7,8 +7,7 @@ # Function to check the status of the wazuh-indexer service check_service_is_running() { - systemctl is-active --quiet wazuh-indexer - if [ $? -eq 0 ]; then + if ! systemctl is-active --quiet wazuh-indexer ; then echo "wazuh-indexer service is running." else echo "Error: wazuh-indexer service is not running." >&2 diff --git a/test-tools/scripts/04_initialize_cluster.sh b/test-tools/scripts/04_initialize_cluster.sh index fd2cbcc180d31..711830e2ff484 100644 --- a/test-tools/scripts/04_initialize_cluster.sh +++ b/test-tools/scripts/04_initialize_cluster.sh @@ -17,14 +17,14 @@ usage() { echo " -u, --user (Optional) Username for authentication. Default: admin" echo " -p, --password (Optional) Password for authentication. Default: admin" echo - echo "Please ensure you have all the dependencies installed [${DEPENDENCIES[@]}]" + echo "Please ensure you have all the dependencies installed: " "${DEPENDENCIES[@]}" exit 1 } # Validate all dependencies are installed -for dep in ${DEPENDENCIES[@]} +for dep in "${DEPENDENCIES[@]}" do - if ! command -v ${dep} &> /dev/null + if ! command -v "${dep}" &> /dev/null then echo "Error: Dependency '$dep' is not installed. Please install $dep and try again." >&2 exit 1 @@ -60,7 +60,7 @@ fi # Check the Wazuh indexer status echo "Checking cluster status..." -RESPONSE=$(curl -s -k -u $USER:$PASSWORD https://$CLUSTER_IP:9200) +RESPONSE=$(curl -s -k -u "$USER:$PASSWORD" "https://$CLUSTER_IP:9200") # Check if the request was successful if [ $? -ne 0 ]; then @@ -69,9 +69,9 @@ if [ $? -ne 0 ]; then fi # Parse and print the response -INDEXER_NAME=$(echo $RESPONSE | jq -r '.name') -CLUSTER_NAME=$(echo $RESPONSE | jq -r '.cluster_name') -VERSION_NUMBER=$(echo $RESPONSE | jq -r '.version.number') +INDEXER_NAME=$(echo "$RESPONSE" | jq -r '.name') +CLUSTER_NAME=$(echo "$RESPONSE" | jq -r '.cluster_name') +VERSION_NUMBER=$(echo "$RESPONSE" | jq -r '.version.number') echo "Indexer Status:" echo " Node Name: $INDEXER_NAME" echo " Cluster Name: $CLUSTER_NAME" @@ -79,7 +79,7 @@ echo " Version Number: $VERSION_NUMBER" # Verify the Wazuh indexer nodes echo "Verifying the Wazuh indexer nodes..." -NODES_RESPONSE=$(curl -s -k -u $USER:$PASSWORD https://$CLUSTER_IP:9200/_cat/nodes?v) +NODES_RESPONSE=$(curl -s -k -u "$USER:$PASSWORD" "https://$CLUSTER_IP:9200/_cat/nodes?v") if [ $? -ne 0 ]; then echo "Error: Failed to retrieve Wazuh indexer nodes." diff --git a/test-tools/scripts/05_validate_installed_plugins.sh b/test-tools/scripts/05_validate_installed_plugins.sh index 6cf095e9d355e..1e8f638e5b5ef 100644 --- a/test-tools/scripts/05_validate_installed_plugins.sh +++ b/test-tools/scripts/05_validate_installed_plugins.sh @@ -17,14 +17,14 @@ usage() { echo " -p, --password Password for authentication (default: admin)" echo " -n, --node Name of the nodes (add as many as needed)" echo - echo "Please ensure you have all the dependencies installed [${DEPENDENCIES[@]}]" + echo "Please ensure you have all the dependencies installed: " "${DEPENDENCIES[@]}" exit 1 } # Validate all dependencies are installed -for dep in ${DEPENDENCIES[@]} +for dep in "${DEPENDENCIES[@]}" do - if ! command -v ${dep} &> /dev/null + if ! command -v "${dep}" &> /dev/null then echo "Error: Dependency '$dep' is not installed. Please install $dep and try again." >&2 exit 1 @@ -63,8 +63,9 @@ ALL_MISSING_PLUGINS=() echo "Checking installed plugins on Wazuh indexer nodes..." for NODE in "${NODES[@]}"; do echo "Checking node $NODE..." - RESPONSE=$(curl -s -k -u $USER:$PASSWORD https://$CLUSTER_IP:9200/_cat/plugins?v | grep $NODE) + RESPONSE=$(curl -s -k -u "$USER:$PASSWORD" "https://$CLUSTER_IP:9200/_cat/plugins?v" | grep "$NODE") # Check if the request was successful + # shellcheck disable=SC2181 if [ $? -ne 0 ]; then echo "Error: Failed to connect to Wazuh indexer." exit 1 diff --git a/test-tools/scripts/06_validate_setup.sh b/test-tools/scripts/06_validate_setup.sh index 22dfbb116c803..5f35773b69e1c 100644 --- a/test-tools/scripts/06_validate_setup.sh +++ b/test-tools/scripts/06_validate_setup.sh @@ -17,14 +17,14 @@ usage() { echo " -u, --user (Optional) Username for authentication. Default: admin" echo " -p, --password (Optional) Password for authentication. Default: admin" echo - echo "Please ensure you have all the dependencies installed [${DEPENDENCIES[@]}]" + echo "Please ensure you have all the dependencies installed: " "${DEPENDENCIES[@]}" exit 1 } # Validate all dependencies are installed -for dep in ${DEPENDENCIES[@]} +for dep in "${DEPENDENCIES[@]}" do - if ! command -v ${dep} &> /dev/null + if ! command -v "${dep}" &> /dev/null then echo "Error: Dependency '$dep' is not installed. Please install $dep and try again." >&2 exit 1 @@ -54,7 +54,7 @@ EXPECTED_TEMPLATES=("index-template-agent" "index-template-alerts" "index-templa # Fetch the templates echo "Fetching templates from Wazuh indexer cluster..." -TEMPLATES_RESPONSE=$(curl -s -k -u $USER:$PASSWORD https://$CLUSTER_IP:9200/_cat/templates?v) +TEMPLATES_RESPONSE=$(curl -s -k -u "$USER:$PASSWORD" "https://$CLUSTER_IP:9200/_cat/templates?v") # Check if the request was successful if [ $? -ne 0 ]; then echo "Error: Failed to fetch templates." @@ -67,7 +67,7 @@ echo "Validating templates..." for TEMPLATE in "${EXPECTED_TEMPLATES[@]}"; do if echo "$TEMPLATES_RESPONSE" | grep -q "$TEMPLATE"; then # Fetch the template info to check for required fields - TEMPLATE_INFO=$(curl -s -k -u $USER:$PASSWORD https://$CLUSTER_IP:9200/_template/$TEMPLATE) + TEMPLATE_INFO=$(curl -s -k -u "$USER:$PASSWORD" "https://$CLUSTER_IP:9200/_template/$TEMPLATE") if ! echo "$TEMPLATE_INFO" | jq -e '.[] | .mappings.properties.agent.properties.id' > /dev/null; then echo " Error: Template $TEMPLATE is missing required field 'agent.id'." MISSING_TEMPLATES+=("$TEMPLATE") @@ -96,7 +96,7 @@ fi # Fetch the indices echo "Fetching indices from Wazuh indexer cluster..." -INDICES_RESPONSE=$(curl -s -k -u $USER:$PASSWORD https://$CLUSTER_IP:9200/_cat/indices?v) +INDICES_RESPONSE=$(curl -s -k -u "$USER:$PASSWORD" "https://$CLUSTER_IP:9200/_cat/indices?v") # Check if the request was successful if [ $? -ne 0 ]; then echo "Error: Failed to fetch indices." @@ -105,8 +105,9 @@ fi # Fetch the protected indices echo "Fetching protected indices from Wazuh indexer cluster..." -PROTECTED_RESPONSE=$(curl -s -k -u $USER:$PASSWORD https://$CLUSTER_IP:9200/_cat/indices/.*?v) +PROTECTED_RESPONSE=$(curl -s -k -u "$USER:$PASSWORD" "https://$CLUSTER_IP:9200/_cat/indices/.*?v") # Check if the request was successful +# shellcheck disable=SC2181 if [ $? -ne 0 ]; then echo "Error: Failed to fetch indices." exit 1 @@ -116,8 +117,8 @@ fi echo "Validating index patterns..." INVALID_PATTERNS=() while read -r line; do - TEMPLATE_NAME=$(echo $line | awk '{print $1}') - INDEX_PATTERN=$(echo $line | awk '{print $2}' | tr -d '[]') + TEMPLATE_NAME=$(echo "$line" | awk '{print $1}') + INDEX_PATTERN=$(echo "$line" | awk '{print $2}' | tr -d '[]') if [[ $INDEX_PATTERN == .* ]]; then TO_MATCH=$PROTECTED_RESPONSE diff --git a/test-tools/scripts/07_validate_command_manager.sh b/test-tools/scripts/07_validate_command_manager.sh index 4b4979d4f7d0f..f0670f9309a23 100644 --- a/test-tools/scripts/07_validate_command_manager.sh +++ b/test-tools/scripts/07_validate_command_manager.sh @@ -17,14 +17,14 @@ usage() { echo " -u, --user (Optional) Username for authentication. Default: admin" echo " -p, --password (Optional) Password for authentication. Default: admin" echo - echo "Please ensure you have all the dependencies installed [${DEPENDENCIES[@]}]" + echo "Please ensure you have all the dependencies installed: " "${DEPENDENCIES[@]}" exit 1 } # Validate all dependencies are installed -for dep in ${DEPENDENCIES[@]} +for dep in "${DEPENDENCIES[@]}" do - if ! command -v ${dep} &> /dev/null + if ! command -v "${dep}" &> /dev/null then echo "Error: Dependency '$dep' is not installed. Please install $dep and try again." >&2 exit 1 @@ -70,19 +70,19 @@ BODY="{ \"timeout\": 30 }" -# Send the POST request -RESPONSE=$(curl -s -k -u $USERNAME:$PASSWORD -X POST https://$CLUSTER_IP:9200/_plugins/_command_manager/commands -H 'accept: */*' -H 'Content-Type: application/json' -d "$BODY") - -# Check if the request was successful -if [ $? -ne 0 ]; then +# Send the POST request and check it is successful +if ! curl -s -k -u "$USERNAME:$PASSWORD" -X POST "https://$CLUSTER_IP:9200/_plugins/_command_manager/commands" -H 'accept: */*' -H 'Content-Type: application/json' -d "$BODY"; then echo "Error: Failed to create command." exit 1 fi echo "Command created successfully." +# Sleep to avoid the next request to be sent before index is created +sleep .5 # Fetch the indices echo "Validating .commands index is created..." -INDICES_RESPONSE=$(curl -s -k -u $USERNAME:$PASSWORD https://$CLUSTER_IP:9200/_cat/indices/.*?v) +INDICES_RESPONSE=$(curl -s -k -u "$USERNAME:$PASSWORD" "https://$CLUSTER_IP:9200/_cat/indices/.*?v") +# shellcheck disable=SC2181 if [ $? -ne 0 ]; then echo "Error: Failed to fetch indices." exit 1 @@ -96,8 +96,9 @@ fi echo "Validate the command is created" # Validate the command was created -SEARCH_RESPONSE=$(curl -s -k -u $USERNAME:$PASSWORD https://$CLUSTER_IP:9200/.commands/_search) +SEARCH_RESPONSE=$(curl -s -k -u "$USERNAME:$PASSWORD" "https://$CLUSTER_IP:9200/.commands/_search") # Check if the request was successful +# shellcheck disable=SC2181 if [ $? -ne 0 ]; then echo "Error: Failed to search for the command." exit 1 diff --git a/test-tools/scripts/README.md b/test-tools/scripts/README.md index f7728cc5ec150..f0a2e75bd1cf2 100644 --- a/test-tools/scripts/README.md +++ b/test-tools/scripts/README.md @@ -3,7 +3,7 @@ This is a collection of scripts aimed to facilitate the validation of the wazuh-indexer packages generated on GHA. Even if these scripts can be executed in almost any Linux environment, we expect it to be used alongside the -Vagrant environment defined in the `test-tools` +Vagrant environment defined in the `test-tools`, using the scripts inside the VMs to facilitate the validation steps. ### Validation flow From 38d13e0f2db61418ddd67fe553ef8717471631a5 Mon Sep 17 00:00:00 2001 From: quebim Date: Mon, 28 Oct 2024 09:19:57 -0300 Subject: [PATCH 12/24] Skip checks related to SC2181 where the fix is not applicable --- test-tools/scripts/00_search_package_artifact.sh | 1 + test-tools/scripts/01_download_and_install_package.sh | 9 ++++----- test-tools/scripts/02_apply_certificates.sh | 3 +-- test-tools/scripts/04_initialize_cluster.sh | 2 ++ test-tools/scripts/06_validate_setup.sh | 1 + 5 files changed, 9 insertions(+), 7 deletions(-) diff --git a/test-tools/scripts/00_search_package_artifact.sh b/test-tools/scripts/00_search_package_artifact.sh index edcc450b8f62f..c9f401084023c 100644 --- a/test-tools/scripts/00_search_package_artifact.sh +++ b/test-tools/scripts/00_search_package_artifact.sh @@ -103,6 +103,7 @@ echo "Fetching artifacts list..." RESPONSE=$(curl -s -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $GITHUB_TOKEN" -H "X-GitHub-Api-Version: 2022-11-28" "$URL?name=$PKG_NAME") # Check if the curl command was successful +# shellcheck disable=SC2181 if [ $? -ne 0 ]; then echo "Error: Failed to fetch artifacts." exit 1 diff --git a/test-tools/scripts/01_download_and_install_package.sh b/test-tools/scripts/01_download_and_install_package.sh index 20e892a2bc862..57c52aa33400b 100644 --- a/test-tools/scripts/01_download_and_install_package.sh +++ b/test-tools/scripts/01_download_and_install_package.sh @@ -103,12 +103,11 @@ esac # Download the package echo "Downloading wazuh-indexer package from GitHub artifactory..." echo "(It could take a couple of minutes)" -curl -L -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer $GITHUB_TOKEN" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - "$URL" -o package.zip > /dev/null 2>&1 -if [ $? -ne 0 ]; then +if ! curl -L -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer $GITHUB_TOKEN" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + "$URL" -o package.zip > /dev/null 2>&1; then echo "Error downloading package." exit 1 fi diff --git a/test-tools/scripts/02_apply_certificates.sh b/test-tools/scripts/02_apply_certificates.sh index 0f2a0420bd3a3..6024d2d7daffe 100644 --- a/test-tools/scripts/02_apply_certificates.sh +++ b/test-tools/scripts/02_apply_certificates.sh @@ -92,9 +92,8 @@ CERT_DIR="/etc/wazuh-indexer/certs" # Extract certificates echo "Creating certificates directory and extracting certificates..." mkdir -p $CERT_DIR -tar -xf "$PATH_TO_CERTS" -C "$CERT_DIR" "./$CURRENT_NODE.pem" "./$CURRENT_NODE-key.pem" ./admin.pem ./admin-key.pem ./root-ca.pem -if [ $? -ne 0 ]; then +if ! tar -xf "$PATH_TO_CERTS" -C "$CERT_DIR" "./$CURRENT_NODE.pem" "./$CURRENT_NODE-key.pem" ./admin.pem ./admin-key.pem ./root-ca.pem ; then echo "Error extracting certificates." exit 1 fi diff --git a/test-tools/scripts/04_initialize_cluster.sh b/test-tools/scripts/04_initialize_cluster.sh index 711830e2ff484..749207a6f0c84 100644 --- a/test-tools/scripts/04_initialize_cluster.sh +++ b/test-tools/scripts/04_initialize_cluster.sh @@ -63,6 +63,7 @@ echo "Checking cluster status..." RESPONSE=$(curl -s -k -u "$USER:$PASSWORD" "https://$CLUSTER_IP:9200") # Check if the request was successful +# shellcheck disable=SC2181 if [ $? -ne 0 ]; then echo "Error: Failed to connect to cluster." exit 1 @@ -81,6 +82,7 @@ echo " Version Number: $VERSION_NUMBER" echo "Verifying the Wazuh indexer nodes..." NODES_RESPONSE=$(curl -s -k -u "$USER:$PASSWORD" "https://$CLUSTER_IP:9200/_cat/nodes?v") +# shellcheck disable=SC2181 if [ $? -ne 0 ]; then echo "Error: Failed to retrieve Wazuh indexer nodes." exit 1 diff --git a/test-tools/scripts/06_validate_setup.sh b/test-tools/scripts/06_validate_setup.sh index 5f35773b69e1c..5e410ecb6f350 100644 --- a/test-tools/scripts/06_validate_setup.sh +++ b/test-tools/scripts/06_validate_setup.sh @@ -98,6 +98,7 @@ fi echo "Fetching indices from Wazuh indexer cluster..." INDICES_RESPONSE=$(curl -s -k -u "$USER:$PASSWORD" "https://$CLUSTER_IP:9200/_cat/indices?v") # Check if the request was successful +# shellcheck disable=SC2181 if [ $? -ne 0 ]; then echo "Error: Failed to fetch indices." exit 1 From 5a7f8ad7b10c29b9ca556a365a0c32cb094fd4f6 Mon Sep 17 00:00:00 2001 From: quebim Date: Mon, 28 Oct 2024 22:15:34 -0300 Subject: [PATCH 13/24] Remove unnecesary double quotes from certificates generation script --- test-tools/scripts/02_apply_certificates.sh | 12 ++++++------ test-tools/scripts/03_manage_indexer_service.sh | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/test-tools/scripts/02_apply_certificates.sh b/test-tools/scripts/02_apply_certificates.sh index 6024d2d7daffe..3060794379b39 100644 --- a/test-tools/scripts/02_apply_certificates.sh +++ b/test-tools/scripts/02_apply_certificates.sh @@ -93,18 +93,18 @@ CERT_DIR="/etc/wazuh-indexer/certs" echo "Creating certificates directory and extracting certificates..." mkdir -p $CERT_DIR -if ! tar -xf "$PATH_TO_CERTS" -C "$CERT_DIR" "./$CURRENT_NODE.pem" "./$CURRENT_NODE-key.pem" ./admin.pem ./admin-key.pem ./root-ca.pem ; then +if ! tar -xf "$PATH_TO_CERTS" -C "$CERT_DIR" "./$CURRENT_NODE.pem" "./$CURRENT_NODE-key.pem" "./admin.pem" "./admin-key.pem" "./root-ca.pem" ; then echo "Error extracting certificates." exit 1 fi # Move and set permissions for certificates echo "Moving and setting permissions for certificates..." -mv -n "$CERT_DIR/$CURRENT_NODE.pem" "$CERT_DIR/indexer.pem" -mv -n "$CERT_DIR/$CURRENT_NODE-key.pem" "$CERT_DIR/indexer-key.pem" -chmod 500 "$CERT_DIR" -chmod 400 "$CERT_DIR/*" -chown -R wazuh-indexer:wazuh-indexer "$CERT_DIR" +mv -n "$CERT_DIR/$CURRENT_NODE.pem" $CERT_DIR/indexer.pem +mv -n "$CERT_DIR/$CURRENT_NODE-key.pem" $CERT_DIR/indexer-key.pem +chmod 500 $CERT_DIR +chmod 400 $CERT_DIR/* +chown -R wazuh-indexer:wazuh-indexer $CERT_DIR # shellcheck disable=SC2181 if [ $? -eq 0 ]; then diff --git a/test-tools/scripts/03_manage_indexer_service.sh b/test-tools/scripts/03_manage_indexer_service.sh index a1621526f83af..4b9f33a5d35d7 100644 --- a/test-tools/scripts/03_manage_indexer_service.sh +++ b/test-tools/scripts/03_manage_indexer_service.sh @@ -7,7 +7,7 @@ # Function to check the status of the wazuh-indexer service check_service_is_running() { - if ! systemctl is-active --quiet wazuh-indexer ; then + if systemctl is-active --quiet wazuh-indexer ; then echo "wazuh-indexer service is running." else echo "Error: wazuh-indexer service is not running." >&2 From 3e775505f9467ae283644acb6c35bc69b46a0c37 Mon Sep 17 00:00:00 2001 From: quebim Date: Mon, 28 Oct 2024 22:59:33 -0300 Subject: [PATCH 14/24] Update variable quoting --- test-tools/scripts/02_apply_certificates.sh | 10 +++++----- test-tools/scripts/04_initialize_cluster.sh | 1 + 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/test-tools/scripts/02_apply_certificates.sh b/test-tools/scripts/02_apply_certificates.sh index 3060794379b39..ce5f9ac504500 100644 --- a/test-tools/scripts/02_apply_certificates.sh +++ b/test-tools/scripts/02_apply_certificates.sh @@ -100,11 +100,11 @@ fi # Move and set permissions for certificates echo "Moving and setting permissions for certificates..." -mv -n "$CERT_DIR/$CURRENT_NODE.pem" $CERT_DIR/indexer.pem -mv -n "$CERT_DIR/$CURRENT_NODE-key.pem" $CERT_DIR/indexer-key.pem -chmod 500 $CERT_DIR -chmod 400 $CERT_DIR/* -chown -R wazuh-indexer:wazuh-indexer $CERT_DIR +mv -n "$CERT_DIR/$CURRENT_NODE.pem" "$CERT_DIR/indexer.pem" +mv -n "$CERT_DIR/$CURRENT_NODE-key.pem" "$CERT_DIR/indexer-key.pem" +chmod 500 "$CERT_DIR" +chmod 400 "$CERT_DIR"/* +chown -R wazuh-indexer:wazuh-indexer "$CERT_DIR" # shellcheck disable=SC2181 if [ $? -eq 0 ]; then diff --git a/test-tools/scripts/04_initialize_cluster.sh b/test-tools/scripts/04_initialize_cluster.sh index 749207a6f0c84..a242be9050817 100644 --- a/test-tools/scripts/04_initialize_cluster.sh +++ b/test-tools/scripts/04_initialize_cluster.sh @@ -53,6 +53,7 @@ echo "Initializing wazuh-indexer cluster..." bash /usr/share/wazuh-indexer/bin/indexer-security-init.sh &> /dev/null # Check if the initialization was successful +# shellcheck disable=SC2181 if [ $? -ne 0 ]; then echo "Error: Failed to initialize cluster." exit 1 From 256e24220ac6e409c97764b360469d8ccfb28d04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lex=20Ruiz?= Date: Tue, 29 Oct 2024 17:20:52 +0100 Subject: [PATCH 15/24] Provision VMs with dependencies for the testing scripts Copy the scripts to the VMs auto. --- test-tools/Vagrantfile | 20 ++++++++++++++------ test-tools/scripts/README.md | 4 ++++ 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/test-tools/Vagrantfile b/test-tools/Vagrantfile index 093fd8c94b1a0..b922ddc66cf21 100644 --- a/test-tools/Vagrantfile +++ b/test-tools/Vagrantfile @@ -16,13 +16,17 @@ Vagrant.configure("2") do |config| vb.cpus = "4" end indexer_1.vm.provision "shell", inline: <<-SHELL - sudo systemctl stop firewalld - sudo systemctl disable firewalld - sudo yum clean all + systemctl stop firewalld + systemctl disable firewalld + yum clean all + yum install curl jq unzip tar -y # Add node-2 to /etc/hosts - sudo echo "192.168.56.11 node-2" >> /etc/hosts + echo "192.168.56.11 node-2" >> /etc/hosts # Copy generated certificates cp /vagrant/wazuh-certificates.tar /home/vagrant/wazuh-certificates.tar + # Copy test scripts + cp -r /vagrant/scripts /home/vagrant/scripts + chown -R vagrant:vagrant /home/vagrant/scripts SHELL end config.vm.define "indexer_2" do |indexer_2| @@ -35,12 +39,16 @@ Vagrant.configure("2") do |config| vb.cpus = "4" end indexer_2.vm.provision "shell", inline: <<-SHELL - sudo systemctl stop ufw - sudo systemctl disable ufw + systemctl stop ufw + systemctl disable ufw + apt-get install curl jq unzip tar -y # Add node-1 to /etc/hosts echo "192.168.56.10 node-1" >> /etc/hosts # Copy generated certificates cp /vagrant/wazuh-certificates.tar /home/vagrant/wazuh-certificates.tar + # Copy test scripts + cp -r /vagrant/scripts /home/vagrant/scripts + chown -R vagrant:vagrant /home/vagrant/scripts SHELL end end diff --git a/test-tools/scripts/README.md b/test-tools/scripts/README.md index f0a2e75bd1cf2..17ce6dd8676cf 100644 --- a/test-tools/scripts/README.md +++ b/test-tools/scripts/README.md @@ -5,6 +5,10 @@ This is a collection of scripts aimed to facilitate the validation of the wazuh- Even if these scripts can be executed in almost any Linux environment, we expect it to be used alongside the Vagrant environment defined in the `test-tools`, using the scripts inside the VMs to facilitate the validation steps. +## GitHub token requirements + +Create a personal access token for GitHub with at least `read:packages` permissions. + ### Validation flow 1. Check the package artifact is generated (run on each node) From 03a6f53d83fb395a4ef28f17de3da8b07aff8950 Mon Sep 17 00:00:00 2001 From: quebim Date: Tue, 29 Oct 2024 22:11:43 -0300 Subject: [PATCH 16/24] Merge scripts 00 and 01 making it easier to get the package from GHA artifacts Update the tests scripts README --- .../scripts/00_search_package_artifact.sh | 122 ------------------ .../01_download_and_install_package.sh | 43 ++++-- test-tools/scripts/02_apply_certificates.sh | 8 +- test-tools/scripts/README.md | 25 ++-- 4 files changed, 46 insertions(+), 152 deletions(-) delete mode 100644 test-tools/scripts/00_search_package_artifact.sh diff --git a/test-tools/scripts/00_search_package_artifact.sh b/test-tools/scripts/00_search_package_artifact.sh deleted file mode 100644 index c9f401084023c..0000000000000 --- a/test-tools/scripts/00_search_package_artifact.sh +++ /dev/null @@ -1,122 +0,0 @@ -#!/opt/homebrew/bin/bash - -# SPDX-License-Identifier: Apache-2.0 -# The OpenSearch Contributors require contributions made to -# this file be licensed under the Apache-2.0 license or a -# compatible open source license. - -# Tool dependencies -DEPENDENCIES=(curl jq) -# Default package revision -PKG_REVISION="0" - -# Function to display usage help -usage() { - echo "Usage: $0 --run-id [-v ] [-r ] [-n ]" - echo - echo "Parameters:" - echo " -id, --run-id The GHA workflow execution ID." - echo " -v, --version (Optional) The version of the wazuh-indexer package." - echo " -r, --revision (Optional) The revision of the package. Defaults to '0' if not provided." - echo " -n, --name (Optional) The package name. If not provided, it will be configured based on version and revision." - echo - echo "Please ensure you have the GITHUB_TOKEN environment variable set to access the GitHub repository, and all the dependencies installed: " "${DEPENDENCIES[@]}" - exit 1 -} - -# Parse named parameters -while [[ "$#" -gt 0 ]]; do - case $1 in - --run-id|-id) RUN_ID="$2"; shift ;; - --version|-v) PKG_VERSION="$2"; shift ;; - --revision|-r) PKG_REVISION="$2"; shift ;; - --name|-n) PKG_NAME="$2"; shift ;; - -h|--help) usage ;; - *) echo "Unknown parameter passed: $1"; usage ;; - esac - shift -done - -# Validate all dependencies are installed -for dep in "${DEPENDENCIES[@]}" -do - if ! command -v "${dep}" &> /dev/null - then - echo "Error: Dependency '$dep' is not installed. Please install $dep and try again." >&2 - exit 1 - fi -done - -# Check if RUN_ID is provided -if [ -z "$RUN_ID" ]; then - echo "Error: RUN_ID is required." - usage -fi - -# Validate GITHUB_TOKEN environment variable -if [ -z "$GITHUB_TOKEN" ]; then - echo "Please ensure you have the GITHUB_TOKEN environment variable set to access the GitHub repository." - exit 1 -fi - -# Ensure either PKG_NAME or both PKG_VERSION and PKG_REVISION are provided -if [ -z "$PKG_NAME" ] && { [ -z "$PKG_VERSION" ] || [ -z "$PKG_REVISION" ]; }; then - echo "Error: Either a package name (--name) or both a version (--version) and revision (--revision) must be provided." - usage -fi - -REPO="wazuh/wazuh-indexer" -URL="https://api.github.com/repos/$REPO/actions/artifacts" - -# Detect OS and architecture -if [ -f /etc/os-release ]; then - . /etc/os-release - OS=$(echo "$NAME" | tr '[:upper:]' '[:lower:]') -else - echo "Unsupported OS." - exit 1 -fi - -# Determine package type if PKG_NAME is not provided -if [ -z "$PKG_NAME" ]; then - ARCH=$(uname -m) - case "$OS" in - *ubuntu* | *debian*) - PKG_FORMAT="deb" - [ "$ARCH" == "x86_64" ] && ARCH="amd64" - [ "$ARCH" == "aarch64" ] && ARCH="arm64" - PKG_NAME="wazuh-indexer_${PKG_VERSION}-${PKG_REVISION}_${ARCH}.${PKG_FORMAT}" - ;; - *centos* | *fedora* | *rhel* | *"red hat"* | *alma*) - PKG_FORMAT="rpm" - PKG_NAME="wazuh-indexer-${PKG_VERSION}-${PKG_REVISION}.${ARCH}.${PKG_FORMAT}" - ;; - *) - echo "Unsupported OS. ${OS}" - exit 1 - ;; - esac -fi - -# Fetch the list of artifacts -echo "Fetching artifacts list..." -RESPONSE=$(curl -s -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $GITHUB_TOKEN" -H "X-GitHub-Api-Version: 2022-11-28" "$URL?name=$PKG_NAME") - -# Check if the curl command was successful -# shellcheck disable=SC2181 -if [ $? -ne 0 ]; then - echo "Error: Failed to fetch artifacts." - exit 1 -fi - -# Check if the artifact from the specified workflow run ID exists -echo "Checking ${PKG_NAME} package is generated for workflow run ${RUN_ID}" -ARTIFACT=$(echo "$RESPONSE" | jq -e ".artifacts[] | select(.workflow_run.id == $RUN_ID)") - -if [ -n "$ARTIFACT" ]; then - ARTIFACT_ID=$(echo "$ARTIFACT" | jq -r '.id') - echo "Wazuh indexer package built successfully." - echo "[ Artifact ID: $ARTIFACT_ID ]" -else - echo "Error: Wazuh indexer package not found." -fi diff --git a/test-tools/scripts/01_download_and_install_package.sh b/test-tools/scripts/01_download_and_install_package.sh index 57c52aa33400b..334b396501963 100644 --- a/test-tools/scripts/01_download_and_install_package.sh +++ b/test-tools/scripts/01_download_and_install_package.sh @@ -9,13 +9,15 @@ DEPENDENCIES=(curl jq unzip) # Default package revision PKG_REVISION="0" +# Wazuh indexer repository +REPO="wazuh/wazuh-indexer" # Function to display usage help usage() { - echo "Usage: $0 --artifact-id [-v ] [-r ] [-n ]" + echo "Usage: $0 --run-id [-v ] [-r ] [-n ]" echo echo "Parameters:" - echo " -id, --artifact-id The GHA workflow execution ID." + echo " -id, --run-id The GHA workflow execution ID." echo " -v, --version (Optional) The version of the wazuh-indexer package." echo " -r, --revision (Optional) The revision of the package. Defaults to '0' if not provided." echo " -n, --name (Optional) The package name. If not provided, it will be configured based on version and revision." @@ -27,7 +29,7 @@ usage() { # Parse named parameters while [[ "$#" -gt 0 ]]; do case $1 in - --artifact-id|-id) ARTIFACT_ID="$2"; shift ;; + --artifact-id|-id) RUN_ID="$2"; shift ;; --version|-v) PKG_VERSION="$2"; shift ;; --revision|-r) PKG_REVISION="$2"; shift ;; --name|-n) PKG_NAME="$2"; shift ;; @@ -47,9 +49,9 @@ do fi done -# Check if ARTIFACT_ID is provided -if [ -z "$ARTIFACT_ID" ]; then - echo "Error: ARTIFACT_ID is required." +# Check if RUN_ID is provided +if [ -z "$RUN_ID" ]; then + echo "Error: RUN_ID is required." usage fi @@ -65,9 +67,6 @@ if [ -z "$PKG_NAME" ] && { [ -z "$PKG_VERSION" ] || [ -z "$PKG_REVISION" ]; }; t usage fi -REPO="wazuh/wazuh-indexer" -URL="https://api.github.com/repos/${REPO}/actions/artifacts/${ARTIFACT_ID}/zip" - # Detect OS and architecture if [ -f /etc/os-release ]; then . /etc/os-release @@ -100,14 +99,38 @@ case "$OS" in ;; esac +# Fetch the list of artifacts +echo "Fetching artifacts list..." +RUN_URL="https://api.github.com/repos/${REPO}/actions/artifacts" +RESPONSE=$(curl -s -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $GITHUB_TOKEN" -H "X-GitHub-Api-Version: 2022-11-28" "$RUN_URL?name=$PKG_NAME") + +# Check if the curl command was successful +# shellcheck disable=SC2181 +if [ $? -ne 0 ]; then + echo "Error: Failed to fetch artifacts." + exit 1 +fi + +# Check if the artifact from the specified workflow run ID exists +echo "Checking ${PKG_NAME} package is generated for workflow run ${RUN_ID}" +ARTIFACT=$(echo "$RESPONSE" | jq -e ".artifacts[] | select(.workflow_run.id == $RUN_ID)") + +if [ -z "$ARTIFACT" ]; then + echo "Error: Wazuh indexer package not found." +fi + +ARTIFACT_ID=$(echo "$ARTIFACT" | jq -r '.id') +echo "Wazuh indexer artifact detected. Artifact ID: $ARTIFACT_ID" + # Download the package +ARTIFACT_URL="https://api.github.com/repos/${REPO}/actions/artifacts/${ARTIFACT_ID}/zip" echo "Downloading wazuh-indexer package from GitHub artifactory..." echo "(It could take a couple of minutes)" if ! curl -L -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "$URL" -o package.zip > /dev/null 2>&1; then + "$ARTIFACT_URL" -o package.zip > /dev/null 2>&1; then echo "Error downloading package." exit 1 fi diff --git a/test-tools/scripts/02_apply_certificates.sh b/test-tools/scripts/02_apply_certificates.sh index ce5f9ac504500..d7a4b1c74bebe 100644 --- a/test-tools/scripts/02_apply_certificates.sh +++ b/test-tools/scripts/02_apply_certificates.sh @@ -14,9 +14,9 @@ usage() { echo echo "Parameters:" echo " -p, --path-to-certs Path to the generated Wazuh certificates tar" - echo " -c, --current-node Name of the current node" + echo " -n, --current-node Name of the current node" echo " -s, --second-node (Optional) Name of the second node" - echo " -cip, --current-node-ip (Optional) IP address of the current node. Default: CURRENT_NODE" + echo " -nip, --current-node-ip (Optional) IP address of the current node. Default: CURRENT_NODE" echo " -sip, --second-node-ip (Optional) IP address of the second node. Default: SECOND_NODE" echo echo "Please ensure you have all the dependencies installed: " "${DEPENDENCIES[@]}" @@ -27,9 +27,9 @@ usage() { while [[ "$#" -gt 0 ]]; do case $1 in --path-to-certs|-p) PATH_TO_CERTS="$2"; shift ;; - --current-node|-c) CURRENT_NODE="$2"; shift ;; + --current-node|-n) CURRENT_NODE="$2"; shift ;; --second-node|-s) SECOND_NODE="$2"; shift ;; - --current-node-ip|-cip) CURRENT_NODE_IP="$2"; shift ;; + --current-node-ip|-nip) CURRENT_NODE_IP="$2"; shift ;; --second-node-ip|-sip) SECOND_NODE_IP="$2"; shift ;; -h|--help) usage ;; *) echo "Unknown parameter passed: $1"; usage ;; diff --git a/test-tools/scripts/README.md b/test-tools/scripts/README.md index 17ce6dd8676cf..dbbe68592eb2f 100644 --- a/test-tools/scripts/README.md +++ b/test-tools/scripts/README.md @@ -11,42 +11,35 @@ Create a personal access token for GitHub with at least `read:packages` permissi ### Validation flow -1. Check the package artifact is generated (run on each node) - ```bash - GITHUB_TOKEN= bash 00_search_package_artifact.sh -id -n - ... - [ Artifact ID: ] - ``` -2. Check package can be downloaded and installed (run on each node) - > Use the ARTIFACT_ID obtained in the previous step +1. Check the artifact was created and package can be downloaded and installed (run on each node) ```bash - GITHUB_TOKEN= bash 01_download_and_install_package.sh -id -n + GITHUB_TOKEN= bash 01_download_and_install_package.sh -id -n ``` -3. Check the service can be started` +2. Check the service can be started` ```bash - bash 02_apply_certificates.sh -p -c -cip -s -sip + bash 02_apply_certificates.sh -p -n -nip -s -sip ``` ```bash bash 03_manage_indexer_service.sh -a start ``` > You can also test `restart` and `stop` -4. Check the cluster can be initialized +3. Check the cluster can be initialized ```bash bash 04_initialize_cluster.sh -ip ``` -5. Check all the plugins are installed +4. Check all the plugins are installed ```bash bash 05_validate_installed_plugins.sh -ip -n -n ``` -6. Check the setup plugin configured the index-patterns correctly +5. Check the setup plugin configured the index-patterns correctly ```bash bash 06_validate_setup.sh -ip ``` -7. Check the command manager plugin works correctly +6. Check the command manager plugin works correctly ```bash bash 07_validate_command_manager.sh -ip ``` -8. Check wazuh-indexer can be uninstalled +7. Check wazuh-indexer can be uninstalled ```bash bash 08_uninstall_indexer.sh ``` From 474e5ddedf61ddf7df406a138d21d600fd88fc97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lex=20Ruiz?= Date: Wed, 30 Oct 2024 18:42:42 +0100 Subject: [PATCH 17/24] Optimize test scripts --- test-tools/scripts/00_run.sh | 80 ++++++++++++++++++ .../01_download_and_install_package.sh | 84 ++++++++++--------- test-tools/scripts/02_apply_certificates.sh | 1 - test-tools/scripts/04_initialize_cluster.sh | 4 +- .../scripts/05_validate_installed_plugins.sh | 8 +- test-tools/scripts/06_validate_setup.sh | 2 +- .../scripts/07_validate_command_manager.sh | 2 +- test-tools/scripts/README.md | 18 ++-- 8 files changed, 145 insertions(+), 54 deletions(-) create mode 100644 test-tools/scripts/00_run.sh diff --git a/test-tools/scripts/00_run.sh b/test-tools/scripts/00_run.sh new file mode 100644 index 0000000000000..3ae52438e6d85 --- /dev/null +++ b/test-tools/scripts/00_run.sh @@ -0,0 +1,80 @@ +#!/bin/bash + +# Prompt the user for GitHub Token and artifact details securely +if [ -z "$GITHUB_TOKEN" ]; then + read -sp 'Enter GitHub Token: ' GITHUB_TOKEN + echo "" +fi +export GITHUB_TOKEN + +if [ -z "$ARTIFACT_ID" ]; then + read -p 'Enter Artifact ID: ' ARTIFACT_ID +fi +export ARTIFACT_ID + +if [ -z "$ARTIFACT_NAME" ]; then + read -p 'Enter Artifact Name: ' ARTIFACT_NAME +fi +export ARTIFACT_NAME + +# Define environment variables with default values if not provided +export NODE_1=${NODE_1:-"node-1"} +export IP_NODE_1=${IP_NODE_1:-"192.168.56.10"} +export CERTS_PATH=${CERTS_PATH:-"/home/vagrant/wazuh-certificates.tar"} + +# Optional variables for Node 2 +read -p 'Enter Node 2 (optional): ' NODE_2 +read -p 'Enter IP of Node 2 (optional): ' IP_NODE_2 + +# Logging function with timestamps +log() { + echo "$(date +'%Y-%m-%d %H:%M:%S') - $1" +} + +# Function to run a command and check for errors +run_command() { + local cmd=$1 + log "Executing: $cmd" + eval "$cmd" + if [ $? -ne 0 ]; then + log "Error executing: $cmd" + exit 1 + else + log "Successfully executed: $cmd" + fi +} + +# Main execution +log "Starting the script execution" + +run_command "bash 01_download_and_install_package.sh -id $ARTIFACT_ID -n $ARTIFACT_NAME" + +# Apply certificates +if [ -n "$NODE_2" ] && [ -n "$IP_NODE_2" ]; then + run_command "sudo bash 02_apply_certificates.sh -p $CERTS_PATH -n $NODE_1 -nip $IP_NODE_1 -s $NODE_2 -sip $IP_NODE_2" +else + run_command "sudo bash 02_apply_certificates.sh -p $CERTS_PATH -n $NODE_1 -nip $IP_NODE_1" +fi + +# Start indexer service +run_command "sudo bash 03_manage_indexer_service.sh -a start" + +# Initialize cluster (assumes this step doesn't depend on Node 2 presence) +run_command "sudo bash 04_initialize_cluster.sh" + +# Validate installed plugins +if [ -n "$NODE_2" ]; then + run_command "bash 05_validate_installed_plugins.sh -n $NODE_1 -n $NODE_2" +else + run_command "bash 05_validate_installed_plugins.sh -n $NODE_1" +fi + +# Validate setup and command manager +run_command "bash 06_validate_setup.sh" +run_command "bash 07_validate_command_manager.sh" + +# Uninstall indexer +log "Running 08_uninstall_indexer.sh" +run_command "sudo bash 08_uninstall_indexer.sh" + +log "All tasks completed successfully." diff --git a/test-tools/scripts/01_download_and_install_package.sh b/test-tools/scripts/01_download_and_install_package.sh index 334b396501963..d9086931672cb 100644 --- a/test-tools/scripts/01_download_and_install_package.sh +++ b/test-tools/scripts/01_download_and_install_package.sh @@ -99,53 +99,58 @@ case "$OS" in ;; esac -# Fetch the list of artifacts -echo "Fetching artifacts list..." -RUN_URL="https://api.github.com/repos/${REPO}/actions/artifacts" -RESPONSE=$(curl -s -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $GITHUB_TOKEN" -H "X-GitHub-Api-Version: 2022-11-28" "$RUN_URL?name=$PKG_NAME") - -# Check if the curl command was successful -# shellcheck disable=SC2181 -if [ $? -ne 0 ]; then - echo "Error: Failed to fetch artifacts." - exit 1 -fi +# Check if the package is already present +if [ -f "$PKG_NAME" ]; then + echo "Package $PKG_NAME found locally. Reusing existing package." +else + # Fetch the list of artifacts + echo "Fetching artifacts list..." + RUN_URL="https://api.github.com/repos/${REPO}/actions/artifacts" + RESPONSE=$(curl -s -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $GITHUB_TOKEN" -H "X-GitHub-Api-Version: 2022-11-28" "$RUN_URL?name=$PKG_NAME") + + # Check if the curl command was successful + if [ $? -ne 0 ]; then + echo "Error: Failed to fetch artifacts." + exit 1 + fi -# Check if the artifact from the specified workflow run ID exists -echo "Checking ${PKG_NAME} package is generated for workflow run ${RUN_ID}" -ARTIFACT=$(echo "$RESPONSE" | jq -e ".artifacts[] | select(.workflow_run.id == $RUN_ID)") + # Check if the artifact from the specified workflow run ID exists + echo "Checking ${PKG_NAME} package is generated for workflow run ${RUN_ID}" + ARTIFACT=$(echo "$RESPONSE" | jq -e ".artifacts[] | select(.workflow_run.id == $RUN_ID)") -if [ -z "$ARTIFACT" ]; then - echo "Error: Wazuh indexer package not found." -fi + if [ -z "$ARTIFACT" ]; then + echo "Error: Wazuh indexer package not found." + exit 1 + fi -ARTIFACT_ID=$(echo "$ARTIFACT" | jq -r '.id') -echo "Wazuh indexer artifact detected. Artifact ID: $ARTIFACT_ID" + ARTIFACT_ID=$(echo "$ARTIFACT" | jq -r '.id') + echo "Wazuh indexer artifact detected. Artifact ID: $ARTIFACT_ID" -# Download the package -ARTIFACT_URL="https://api.github.com/repos/${REPO}/actions/artifacts/${ARTIFACT_ID}/zip" -echo "Downloading wazuh-indexer package from GitHub artifactory..." -echo "(It could take a couple of minutes)" + # Download the package + ARTIFACT_URL="https://api.github.com/repos/${REPO}/actions/artifacts/${ARTIFACT_ID}/zip" + echo "Downloading wazuh-indexer package from GitHub artifactory..." + echo "(It could take a couple of minutes)" -if ! curl -L -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer $GITHUB_TOKEN" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - "$ARTIFACT_URL" -o package.zip > /dev/null 2>&1; then - echo "Error downloading package." - exit 1 -fi -echo "Package downloaded successfully" + if ! curl -L -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer $GITHUB_TOKEN" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + "$ARTIFACT_URL" -o package.zip > /dev/null 2>&1; then + echo "Error downloading package." + exit 1 + fi + echo "Package downloaded successfully" -# Unzip the package -echo "Decompressing wazuh-indexer package..." -unzip ./package.zip -rm package.zip + # Unzip the package + echo "Decompressing wazuh-indexer package..." + unzip ./package.zip + rm package.zip -if [ $? -ne 0 ]; then - echo "Error unzipping package." - exit 1 + if [ $? -ne 0 ]; then + echo "Error unzipping package." + exit 1 + fi + echo "Package decompressed" fi -echo "Package decompressed" # Install the package echo "Installing wazuh-indexer package..." @@ -158,7 +163,6 @@ case "$PKG_FORMAT" in ;; esac -# shellcheck disable=SC2181 if [ $? -ne 0 ]; then echo "Error installing package." exit 1 diff --git a/test-tools/scripts/02_apply_certificates.sh b/test-tools/scripts/02_apply_certificates.sh index d7a4b1c74bebe..4b3bee57b5dbf 100644 --- a/test-tools/scripts/02_apply_certificates.sh +++ b/test-tools/scripts/02_apply_certificates.sh @@ -65,7 +65,6 @@ cp $CONFIG_FILE $BACKUP_FILE # Replace values in the config file echo "Updating configuration..." -sed -i "s/network\.host: \"0\.0\.0\.0\"/network.host: \"${CURRENT_NODE_IP}\"/" $CONFIG_FILE sed -i "s/node\.name: \"node-1\"/node.name: \"${CURRENT_NODE}\"/" $CONFIG_FILE if [ -n "$SECOND_NODE" ]; then diff --git a/test-tools/scripts/04_initialize_cluster.sh b/test-tools/scripts/04_initialize_cluster.sh index a242be9050817..c43c65ce8f420 100644 --- a/test-tools/scripts/04_initialize_cluster.sh +++ b/test-tools/scripts/04_initialize_cluster.sh @@ -10,7 +10,7 @@ DEPENDENCIES=(curl jq) # Function to display usage help usage() { - echo "Usage: $0 -c -u -p " + echo "Usage: $0 [-ip ] [-u ] [-p ]" echo echo "Parameters:" echo " -ip, --cluster-ip (Optional) IP address of the cluster. Default: localhost" @@ -50,7 +50,7 @@ done # Initialize cluster echo "Initializing wazuh-indexer cluster..." -bash /usr/share/wazuh-indexer/bin/indexer-security-init.sh &> /dev/null +bash /usr/share/wazuh-indexer/bin/indexer-security-init.sh # Check if the initialization was successful # shellcheck disable=SC2181 diff --git a/test-tools/scripts/05_validate_installed_plugins.sh b/test-tools/scripts/05_validate_installed_plugins.sh index 1e8f638e5b5ef..2801598394f25 100644 --- a/test-tools/scripts/05_validate_installed_plugins.sh +++ b/test-tools/scripts/05_validate_installed_plugins.sh @@ -9,12 +9,12 @@ DEPENDENCIES=(curl jq) # Function to display usage help usage() { - echo "Usage: $0 -c -u -p -n -n [...]" + echo "Usage: $0 [-ip -u -p ] -n -n [...]" echo echo "Parameters:" - echo " -ip, --cluster-ip IP address of the cluster (default: localhost)" - echo " -u, --user Username for authentication (default: admin)" - echo " -p, --password Password for authentication (default: admin)" + echo " -ip, --cluster-ip (Optional) IP address of the cluster (default: localhost)" + echo " -u, --user (Optional) Username for authentication (default: admin)" + echo " -p, --password (Optional) Password for authentication (default: admin)" echo " -n, --node Name of the nodes (add as many as needed)" echo echo "Please ensure you have all the dependencies installed: " "${DEPENDENCIES[@]}" diff --git a/test-tools/scripts/06_validate_setup.sh b/test-tools/scripts/06_validate_setup.sh index 5e410ecb6f350..dc9e90688f180 100644 --- a/test-tools/scripts/06_validate_setup.sh +++ b/test-tools/scripts/06_validate_setup.sh @@ -10,7 +10,7 @@ DEPENDENCIES=(curl jq) # Function to display usage help usage() { - echo "Usage: $0 -c -u -p " + echo "Usage: $0 [-ip ] [-u ] [-p ]" echo echo "Parameters:" echo " -ip, --cluster-ip (Optional) IP address of the cluster. Default: localhost" diff --git a/test-tools/scripts/07_validate_command_manager.sh b/test-tools/scripts/07_validate_command_manager.sh index f0670f9309a23..21c5b8b95ec08 100644 --- a/test-tools/scripts/07_validate_command_manager.sh +++ b/test-tools/scripts/07_validate_command_manager.sh @@ -10,7 +10,7 @@ DEPENDENCIES=(curl jq) # Function to display usage help usage() { - echo "Usage: $0 -c -u -p " + echo "Usage: $0 [-ip ] [-u ] [-p ]" echo echo "Parameters:" echo " -ip, --cluster-ip (Optional) IP address of the cluster. Default: localhost" diff --git a/test-tools/scripts/README.md b/test-tools/scripts/README.md index dbbe68592eb2f..ac4e0e8c4ce41 100644 --- a/test-tools/scripts/README.md +++ b/test-tools/scripts/README.md @@ -11,13 +11,21 @@ Create a personal access token for GitHub with at least `read:packages` permissi ### Validation flow +Run all tests at once: + +```console +sudo bash 00_run.sh +``` + +If you prefer, you can run each script individually. + 1. Check the artifact was created and package can be downloaded and installed (run on each node) ```bash GITHUB_TOKEN= bash 01_download_and_install_package.sh -id -n ``` 2. Check the service can be started` ```bash - bash 02_apply_certificates.sh -p -n -nip -s -sip + bash 02_apply_certificates.sh -p -n -nip [-s -sip ] ``` ```bash bash 03_manage_indexer_service.sh -a start @@ -25,19 +33,19 @@ Create a personal access token for GitHub with at least `read:packages` permissi > You can also test `restart` and `stop` 3. Check the cluster can be initialized ```bash - bash 04_initialize_cluster.sh -ip + bash 04_initialize_cluster.sh ``` 4. Check all the plugins are installed ```bash - bash 05_validate_installed_plugins.sh -ip -n -n + bash 05_validate_installed_plugins.sh -n [-n ] ``` 5. Check the setup plugin configured the index-patterns correctly ```bash - bash 06_validate_setup.sh -ip + bash 06_validate_setup.sh ``` 6. Check the command manager plugin works correctly ```bash - bash 07_validate_command_manager.sh -ip + bash 07_validate_command_manager.sh ``` 7. Check wazuh-indexer can be uninstalled ```bash From d176449810aa10de057b3f05f9295b7fc908d7a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lex=20Ruiz?= Date: Thu, 31 Oct 2024 12:36:20 +0100 Subject: [PATCH 18/24] Add sleep after clister initialization --- test-tools/scripts/04_initialize_cluster.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/test-tools/scripts/04_initialize_cluster.sh b/test-tools/scripts/04_initialize_cluster.sh index c43c65ce8f420..62d14ebe8abed 100644 --- a/test-tools/scripts/04_initialize_cluster.sh +++ b/test-tools/scripts/04_initialize_cluster.sh @@ -61,6 +61,7 @@ fi # Check the Wazuh indexer status echo "Checking cluster status..." +sleep 2 RESPONSE=$(curl -s -k -u "$USER:$PASSWORD" "https://$CLUSTER_IP:9200") # Check if the request was successful From 23e86c12d30fbb6831e1c846c6c0fc3dd3801802 Mon Sep 17 00:00:00 2001 From: quebim Date: Thu, 31 Oct 2024 16:43:18 -0300 Subject: [PATCH 19/24] Update README and improve scripts output logs Fix script 00 to work on any node Remove unwanted outputs from executed commands --- test-tools/scripts/00_run.sh | 36 +++++++----- .../01_download_and_install_package.sh | 6 +- .../scripts/03_manage_indexer_service.sh | 6 +- test-tools/scripts/04_initialize_cluster.sh | 2 +- .../scripts/07_validate_command_manager.sh | 4 +- test-tools/scripts/README.md | 58 ++++++++++++++----- 6 files changed, 72 insertions(+), 40 deletions(-) diff --git a/test-tools/scripts/00_run.sh b/test-tools/scripts/00_run.sh index 3ae52438e6d85..0a1ed93846cfc 100644 --- a/test-tools/scripts/00_run.sh +++ b/test-tools/scripts/00_run.sh @@ -2,29 +2,34 @@ # Prompt the user for GitHub Token and artifact details securely if [ -z "$GITHUB_TOKEN" ]; then - read -sp 'Enter GitHub Token: ' GITHUB_TOKEN + read -rsp 'Enter GitHub Token: ' GITHUB_TOKEN echo "" fi export GITHUB_TOKEN -if [ -z "$ARTIFACT_ID" ]; then - read -p 'Enter Artifact ID: ' ARTIFACT_ID +if [ -z "$RUN_ID" ]; then + read -rp 'Enter Action Run ID: ' RUN_ID fi -export ARTIFACT_ID +export RUN_ID if [ -z "$ARTIFACT_NAME" ]; then - read -p 'Enter Artifact Name: ' ARTIFACT_NAME + read -rp 'Enter Artifact Name: ' ARTIFACT_NAME fi export ARTIFACT_NAME # Define environment variables with default values if not provided -export NODE_1=${NODE_1:-"node-1"} -export IP_NODE_1=${IP_NODE_1:-"192.168.56.10"} +read -rp "Enter current node name (default: 'node-1'): " NODE_NAME +export NODE_NAME=${NODE_NAME:-"node-1"} + +IP_ADDRESS=$(ip addr show eth1 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1) +read -rp "Enter IP of current node (default: '$IP_ADDRESS'): " NODE_IP +export NODE_IP=${NODE_IP:-$IP_ADDRESS} + export CERTS_PATH=${CERTS_PATH:-"/home/vagrant/wazuh-certificates.tar"} # Optional variables for Node 2 -read -p 'Enter Node 2 (optional): ' NODE_2 -read -p 'Enter IP of Node 2 (optional): ' IP_NODE_2 +read -rp 'Enter secondary Node name (optional): ' NODE_2 +read -rp 'Enter IP of secondary Node (optional): ' IP_NODE_2 # Logging function with timestamps log() { @@ -35,8 +40,7 @@ log() { run_command() { local cmd=$1 log "Executing: $cmd" - eval "$cmd" - if [ $? -ne 0 ]; then + if ! eval "$cmd > /dev/null 2>&1"; then log "Error executing: $cmd" exit 1 else @@ -47,13 +51,13 @@ run_command() { # Main execution log "Starting the script execution" -run_command "bash 01_download_and_install_package.sh -id $ARTIFACT_ID -n $ARTIFACT_NAME" +run_command "bash 01_download_and_install_package.sh -id $RUN_ID -n $ARTIFACT_NAME" # Apply certificates if [ -n "$NODE_2" ] && [ -n "$IP_NODE_2" ]; then - run_command "sudo bash 02_apply_certificates.sh -p $CERTS_PATH -n $NODE_1 -nip $IP_NODE_1 -s $NODE_2 -sip $IP_NODE_2" + run_command "sudo bash 02_apply_certificates.sh -p $CERTS_PATH -n $NODE_NAME -nip $NODE_IP -s $NODE_2 -sip $IP_NODE_2" else - run_command "sudo bash 02_apply_certificates.sh -p $CERTS_PATH -n $NODE_1 -nip $IP_NODE_1" + run_command "sudo bash 02_apply_certificates.sh -p $CERTS_PATH -n $NODE_NAME -nip $NODE_IP" fi # Start indexer service @@ -64,9 +68,9 @@ run_command "sudo bash 04_initialize_cluster.sh" # Validate installed plugins if [ -n "$NODE_2" ]; then - run_command "bash 05_validate_installed_plugins.sh -n $NODE_1 -n $NODE_2" + run_command "bash 05_validate_installed_plugins.sh -n $NODE_NAME -n $NODE_2" else - run_command "bash 05_validate_installed_plugins.sh -n $NODE_1" + run_command "bash 05_validate_installed_plugins.sh -n $NODE_NAME" fi # Validate setup and command manager diff --git a/test-tools/scripts/01_download_and_install_package.sh b/test-tools/scripts/01_download_and_install_package.sh index d9086931672cb..b57f916ddefda 100644 --- a/test-tools/scripts/01_download_and_install_package.sh +++ b/test-tools/scripts/01_download_and_install_package.sh @@ -145,6 +145,7 @@ else unzip ./package.zip rm package.zip + # shellcheck disable=SC2181 if [ $? -ne 0 ]; then echo "Error unzipping package." exit 1 @@ -156,13 +157,14 @@ fi echo "Installing wazuh-indexer package..." case "$PKG_FORMAT" in "deb") - sudo dpkg -i "$PKG_NAME" + sudo dpkg -i "$PKG_NAME" > /dev/null 2>&1 ;; "rpm") - sudo rpm -i "$PKG_NAME" + sudo rpm -i "$PKG_NAME" > /dev/null 2>&1 ;; esac +# shellcheck disable=SC2181 if [ $? -ne 0 ]; then echo "Error installing package." exit 1 diff --git a/test-tools/scripts/03_manage_indexer_service.sh b/test-tools/scripts/03_manage_indexer_service.sh index 4b9f33a5d35d7..d9100b270c2b1 100644 --- a/test-tools/scripts/03_manage_indexer_service.sh +++ b/test-tools/scripts/03_manage_indexer_service.sh @@ -48,9 +48,9 @@ fi case $ACTION in start) echo "Starting wazuh-indexer service..." - systemctl daemon-reload - systemctl enable wazuh-indexer - systemctl start wazuh-indexer + systemctl daemon-reload > /dev/null 2>&1 + systemctl enable wazuh-indexer > /dev/null 2>&1 + systemctl start wazuh-indexer > /dev/null 2>&1 check_service_is_running ;; stop) diff --git a/test-tools/scripts/04_initialize_cluster.sh b/test-tools/scripts/04_initialize_cluster.sh index 62d14ebe8abed..a7121b7c09d94 100644 --- a/test-tools/scripts/04_initialize_cluster.sh +++ b/test-tools/scripts/04_initialize_cluster.sh @@ -50,7 +50,7 @@ done # Initialize cluster echo "Initializing wazuh-indexer cluster..." -bash /usr/share/wazuh-indexer/bin/indexer-security-init.sh +bash /usr/share/wazuh-indexer/bin/indexer-security-init.sh > /dev/null 2>&1 # Check if the initialization was successful # shellcheck disable=SC2181 diff --git a/test-tools/scripts/07_validate_command_manager.sh b/test-tools/scripts/07_validate_command_manager.sh index 21c5b8b95ec08..202f34c79d98c 100644 --- a/test-tools/scripts/07_validate_command_manager.sh +++ b/test-tools/scripts/07_validate_command_manager.sh @@ -71,13 +71,13 @@ BODY="{ }" # Send the POST request and check it is successful -if ! curl -s -k -u "$USERNAME:$PASSWORD" -X POST "https://$CLUSTER_IP:9200/_plugins/_command_manager/commands" -H 'accept: */*' -H 'Content-Type: application/json' -d "$BODY"; then +if ! curl -s -k -u "$USERNAME:$PASSWORD" -X POST "https://$CLUSTER_IP:9200/_plugins/_command_manager/commands" -H 'accept: */*' -H 'Content-Type: application/json' -d "$BODY" > /dev/null 2>&1; then echo "Error: Failed to create command." exit 1 fi echo "Command created successfully." # Sleep to avoid the next request to be sent before index is created -sleep .5 +sleep 2 # Fetch the indices echo "Validating .commands index is created..." diff --git a/test-tools/scripts/README.md b/test-tools/scripts/README.md index ac4e0e8c4ce41..9305079fe93d8 100644 --- a/test-tools/scripts/README.md +++ b/test-tools/scripts/README.md @@ -1,43 +1,70 @@ # Test utils scripts -This is a collection of scripts aimed to facilitate the validation of the wazuh-indexer packages generated on GHA. +This is a collection of scripts aimed to facilitate the validation of the wazuh-indexer packages generated on the GitHub Action Workflow. Even if these scripts can be executed in almost any Linux environment, we expect it to be used alongside the Vagrant environment defined in the `test-tools`, using the scripts inside the VMs to facilitate the validation steps. -## GitHub token requirements +### GitHub token requirements Create a personal access token for GitHub with at least `read:packages` permissions. -### Validation flow +## Validation flow -Run all tests at once: +The scripts can be used to prepare and validate a single node or multi-node cluster, as required. -```console +### All-at-once + +#### Single node + +Use the `00_run.sh` utility to execute all the scripts automatically +```bash sudo bash 00_run.sh ``` +#### Multi node cluster + +In this case, some steps must be executed manually on the secondary node. +> This section assumes you are using the `node-1` and `node-2` Vagrant VMs + +1. On the `node-2` VM install and prepare the `wazuh-indexer` component + ```bash + GITHUB_TOKEN= bash 01_download_and_install_package.sh -id -n + ``` + ```bash + sudo bash 02_apply_certificates.sh -p ../wazuh-certificates.tar -n node-2 -nip 192.168.56.11 -s node-1 -sip 192.168.56.10 + ``` + ```bash + sudo bash 03_manage_indexer_service.sh -a start + ``` +2. Execute the _all-at-once_ utility + ```bash + sudo bash 00_run.sh + ``` + +### Manual execution + If you prefer, you can run each script individually. -1. Check the artifact was created and package can be downloaded and installed (run on each node) +1. Download and install the `wazuh-indexer` package _(mandatory on each node)_ ```bash GITHUB_TOKEN= bash 01_download_and_install_package.sh -id -n ``` -2. Check the service can be started` +2. Configure and start the service _(mandatory on each node)_ ```bash - bash 02_apply_certificates.sh -p -n -nip [-s -sip ] + sudo bash 02_apply_certificates.sh -p -n -nip ``` ```bash - bash 03_manage_indexer_service.sh -a start + sudo bash 03_manage_indexer_service.sh -a start ``` - > You can also test `restart` and `stop` -3. Check the cluster can be initialized + > With this script you can also `restart` and `stop` the service +3. Initialize the cluster ```bash - bash 04_initialize_cluster.sh + sudo bash 04_initialize_cluster.sh ``` 4. Check all the plugins are installed ```bash - bash 05_validate_installed_plugins.sh -n [-n ] + bash 05_validate_installed_plugins.sh -n ``` 5. Check the setup plugin configured the index-patterns correctly ```bash @@ -47,8 +74,7 @@ If you prefer, you can run each script individually. ```bash bash 07_validate_command_manager.sh ``` -7. Check wazuh-indexer can be uninstalled +7. Uninstall Wazuh indexer ```bash - bash 08_uninstall_indexer.sh + sudo bash 08_uninstall_indexer.sh ``` - From 41914d5dac04400f82bc1d049f1fbd6093c913a2 Mon Sep 17 00:00:00 2001 From: quebim Date: Thu, 31 Oct 2024 17:01:13 -0300 Subject: [PATCH 20/24] Update execution guide on README --- test-tools/scripts/README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/test-tools/scripts/README.md b/test-tools/scripts/README.md index 9305079fe93d8..06d84a44f50d5 100644 --- a/test-tools/scripts/README.md +++ b/test-tools/scripts/README.md @@ -24,7 +24,6 @@ sudo bash 00_run.sh #### Multi node cluster -In this case, some steps must be executed manually on the secondary node. > This section assumes you are using the `node-1` and `node-2` Vagrant VMs 1. On the `node-2` VM install and prepare the `wazuh-indexer` component @@ -37,7 +36,7 @@ In this case, some steps must be executed manually on the secondary node. ```bash sudo bash 03_manage_indexer_service.sh -a start ``` -2. Execute the _all-at-once_ utility +2. On the `node-1` VM execute the _all-at-once_ utility ```bash sudo bash 00_run.sh ``` From 136242fde0269ebc734a7175941e0a8a9fe27001 Mon Sep 17 00:00:00 2001 From: quebim Date: Fri, 1 Nov 2024 10:35:45 -0300 Subject: [PATCH 21/24] Add conditional to remove certs directory if already exists Update default IP detection --- test-tools/scripts/00_run.sh | 5 ++++- test-tools/scripts/02_apply_certificates.sh | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/test-tools/scripts/00_run.sh b/test-tools/scripts/00_run.sh index 0a1ed93846cfc..61307323598db 100644 --- a/test-tools/scripts/00_run.sh +++ b/test-tools/scripts/00_run.sh @@ -21,7 +21,10 @@ export ARTIFACT_NAME read -rp "Enter current node name (default: 'node-1'): " NODE_NAME export NODE_NAME=${NODE_NAME:-"node-1"} -IP_ADDRESS=$(ip addr show eth1 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1) +IP_ADDRESS=$(ip addr show eth1 2>/dev/null | grep 'inet ' | awk '{print $2}' | cut -d/ -f1) +if [ -z "$IP_ADDRESS" ]; then + IP_ADDRESS="127.0.0.1" +fi read -rp "Enter IP of current node (default: '$IP_ADDRESS'): " NODE_IP export NODE_IP=${NODE_IP:-$IP_ADDRESS} diff --git a/test-tools/scripts/02_apply_certificates.sh b/test-tools/scripts/02_apply_certificates.sh index 4b3bee57b5dbf..c754eebf4b10e 100644 --- a/test-tools/scripts/02_apply_certificates.sh +++ b/test-tools/scripts/02_apply_certificates.sh @@ -87,7 +87,10 @@ fi # Directory for certificates CERT_DIR="/etc/wazuh-indexer/certs" - +if [ -d "$CERT_DIR" ]; then + echo "Certificates directory already exists. Removing it..." + rm -rf +fi # Extract certificates echo "Creating certificates directory and extracting certificates..." mkdir -p $CERT_DIR From 1ceef3cc412fed03096a916454442ae66977cb1f Mon Sep 17 00:00:00 2001 From: quebim Date: Fri, 1 Nov 2024 12:12:34 -0300 Subject: [PATCH 22/24] Add sleep to avoid requesting to the API before cluster is initialized --- test-tools/scripts/00_run.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/test-tools/scripts/00_run.sh b/test-tools/scripts/00_run.sh index 61307323598db..1d3f0e1ee71b4 100644 --- a/test-tools/scripts/00_run.sh +++ b/test-tools/scripts/00_run.sh @@ -68,6 +68,7 @@ run_command "sudo bash 03_manage_indexer_service.sh -a start" # Initialize cluster (assumes this step doesn't depend on Node 2 presence) run_command "sudo bash 04_initialize_cluster.sh" +sleep 2 # Validate installed plugins if [ -n "$NODE_2" ]; then From 96fdef398dd693a46e32ec12a8f55a304b3585c6 Mon Sep 17 00:00:00 2001 From: quebim Date: Fri, 1 Nov 2024 13:13:53 -0300 Subject: [PATCH 23/24] Add index force merge for the command_manager plugin index --- test-tools/scripts/07_validate_command_manager.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/test-tools/scripts/07_validate_command_manager.sh b/test-tools/scripts/07_validate_command_manager.sh index 202f34c79d98c..81e9db29e079a 100644 --- a/test-tools/scripts/07_validate_command_manager.sh +++ b/test-tools/scripts/07_validate_command_manager.sh @@ -77,6 +77,7 @@ if ! curl -s -k -u "$USERNAME:$PASSWORD" -X POST "https://$CLUSTER_IP:9200/_plug fi echo "Command created successfully." # Sleep to avoid the next request to be sent before index is created +curl -s -k -u "$USERNAME:$PASSWORD" -X POST "https://$CLUSTER_IP:9200/_forcemerge" -H 'accept: */*' sleep 2 # Fetch the indices From 3684bae84bdb5aa313dc14e06bb2f375a427584b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lex=20Ruiz?= Date: Tue, 5 Nov 2024 17:15:15 +0100 Subject: [PATCH 24/24] Avoid errors due to race conditions --- test-tools/scripts/00_run.sh | 4 ++-- test-tools/scripts/07_validate_command_manager.sh | 1 + test-tools/scripts/08_uninstall_indexer.sh | 1 + 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/test-tools/scripts/00_run.sh b/test-tools/scripts/00_run.sh index 1d3f0e1ee71b4..085cd85b9e86c 100644 --- a/test-tools/scripts/00_run.sh +++ b/test-tools/scripts/00_run.sh @@ -43,7 +43,7 @@ log() { run_command() { local cmd=$1 log "Executing: $cmd" - if ! eval "$cmd > /dev/null 2>&1"; then + if ! eval "$cmd"; then log "Error executing: $cmd" exit 1 else @@ -68,7 +68,7 @@ run_command "sudo bash 03_manage_indexer_service.sh -a start" # Initialize cluster (assumes this step doesn't depend on Node 2 presence) run_command "sudo bash 04_initialize_cluster.sh" -sleep 2 +sleep 10 # Validate installed plugins if [ -n "$NODE_2" ]; then diff --git a/test-tools/scripts/07_validate_command_manager.sh b/test-tools/scripts/07_validate_command_manager.sh index 81e9db29e079a..e96209bd4c8f6 100644 --- a/test-tools/scripts/07_validate_command_manager.sh +++ b/test-tools/scripts/07_validate_command_manager.sh @@ -95,6 +95,7 @@ else exit 1 fi +sleep 5 echo "Validate the command is created" # Validate the command was created SEARCH_RESPONSE=$(curl -s -k -u "$USERNAME:$PASSWORD" "https://$CLUSTER_IP:9200/.commands/_search") diff --git a/test-tools/scripts/08_uninstall_indexer.sh b/test-tools/scripts/08_uninstall_indexer.sh index 9e69d6dd055c7..094c7ca8781b1 100644 --- a/test-tools/scripts/08_uninstall_indexer.sh +++ b/test-tools/scripts/08_uninstall_indexer.sh @@ -42,6 +42,7 @@ if [ "$PKG_MANAGER" == "apt-get" ]; then elif [ "$PKG_MANAGER" == "yum" ]; then sudo yum remove wazuh-indexer -y > /dev/null 2>&1 fi +rm -rf /etc/wazuh-indexer # Validate removal echo "Validating Wazuh Indexer removal..."