wazuh · AlexRuiz7 · Nov 5, 2024 · Oct 21, 2024 · Oct 22, 2024 · Oct 23, 2024
@@ -7,7 +7,7 @@ system("
 
 Vagrant.configure("2") do |config|
     config.vm.define "indexer_1" do |indexer_1|
-        indexer_1.vm.box = "generic/rhel9"
+        indexer_1.vm.box = "generic/alma9"
         indexer_1.vm.synced_folder ".", "/vagrant"
         indexer_1.vm.network "private_network", ip: "192.168.56.10"
         indexer_1.vm.hostname = "node-1"

diff --git a/test-tools/scripts/00_search_package_artifact.sh b/test-tools/scripts/00_search_package_artifact.sh
@@ -0,0 +1,121 @@
+#!/opt/homebrew/bin/bash
+
+# SPDX-License-Identifier: Apache-2.0
+# The OpenSearch Contributors require contributions made to
+# this file be licensed under the Apache-2.0 license or a
+# compatible open source license.
+
+# Tool dependencies
+DEPENDENCIES=(curl jq)
+# Default package revision
+PKG_REVISION="0"
+
+# Function to display usage help
+usage() {
+    echo "Usage: $0 --run-id <RUN_ID> [-v <PKG_VERSION>] [-r <PKG_REVISION>] [-n <PKG_NAME>]"
+    echo
+    echo "Parameters:"
+    echo "    -id, --run-id     The GHA workflow execution ID."
+    echo "    -v, --version     (Optional) The version of the wazuh-indexer package."
+    echo "    -r, --revision    (Optional) The revision of the package. Defaults to '0' if not provided."
+    echo "    -n, --name        (Optional) The package name. If not provided, it will be configured based on version and revision."
+    echo
+    echo "Please ensure you have the GITHUB_TOKEN environment variable set to access the GitHub repository, and all dependencies installed: [${DEPENDENCIES[@]}]"
+    exit 1
+}
+
+# Parse named parameters
+while [[ "$#" -gt 0 ]]; do
+    case $1 in
+        --run-id|-id) RUN_ID="$2"; shift ;;
+        --version|-v) PKG_VERSION="$2"; shift ;;
+        --revision|-r) PKG_REVISION="$2"; shift ;;
+        --name|-n) PKG_NAME="$2"; shift ;;
+        -h|--help) usage ;;
+        *) echo "Unknown parameter passed: $1"; usage ;;
+    esac
+    shift
+done
+
+# Validate all dependencies are installed
+for dep in ${DEPENDENCIES[@]}
+do
+  if ! command -v  ${dep} &> /dev/null
+  then
+    echo "Error: Dependency '$dep' is not installed. Please install $dep and try again." >&2
+    exit 1
+  fi
+done
+
+# Check if RUN_ID is provided
+if [ -z "$RUN_ID" ]; then
+    echo "Error: RUN_ID is required."
+    usage
+fi
+
+# Validate GITHUB_TOKEN environment variable
+if [ -z "$GITHUB_TOKEN" ]; then
+    echo "Please ensure you have the GITHUB_TOKEN environment variable set to access the GitHub repository."
+    exit 1
+fi
+
+# Ensure either PKG_NAME or both PKG_VERSION and PKG_REVISION are provided
+if [ -z "$PKG_NAME" ] && { [ -z "$PKG_VERSION" ] || [ -z "$PKG_REVISION" ]; }; then
+    echo "Error: Either a package name (--name) or both a version (--version) and revision (--revision) must be provided."
+    usage
+fi
+
+REPO="wazuh/wazuh-indexer"
+URL="https://api.github.com/repos/$REPO/actions/artifacts"
+
+# Detect OS and architecture
+if [ -f /etc/os-release ]; then
+    . /etc/os-release
+    OS=$(echo $NAME | tr '[:upper:]' '[:lower:]')
+else
+    echo "Unsupported OS."
+    exit 1
+fi
+
+# Determine package type if PKG_NAME is not provided
+if [ -z "$PKG_NAME" ]; then
+    ARCH=$(uname -m)
+    case "$OS" in
+        *ubuntu* | *debian*)
+            PKG_FORMAT="deb"
+            [ "$ARCH" == "x86_64" ] && ARCH="amd64"
+            [ "$ARCH" == "aarch64" ] && ARCH="arm64"
+            PKG_NAME="wazuh-indexer_${PKG_VERSION}-${PKG_REVISION}_${ARCH}.${PKG_FORMAT}"
+            ;;
+        *centos* | *fedora* | *rhel* | *"red hat"* | *alma*)
+            PKG_FORMAT="rpm"
+            PKG_NAME="wazuh-indexer-${PKG_VERSION}-${PKG_REVISION}.${ARCH}.${PKG_FORMAT}"
+            ;;
+        *)
+            echo "Unsupported OS. ${OS}"
+            exit 1
+            ;;
+    esac
+fi
+
+# Fetch the list of artifacts
+echo "Fetching artifacts list..."
+RESPONSE=$(curl -s -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $GITHUB_TOKEN" -H "X-GitHub-Api-Version: 2022-11-28" "$URL?name=$PKG_NAME")
+
+# Check if the curl command was successful
+if [ $? -ne 0 ]; then
+    echo "Error: Failed to fetch artifacts."
+    exit 1
+fi
+
+# Check if the artifact from the specified workflow run ID exists
+echo "Checking ${PKG_NAME} package is generated for workflow run ${RUN_ID}"
+ARTIFACT=$(echo "$RESPONSE" | jq -e ".artifacts[] | select(.workflow_run.id == $RUN_ID)")
+
+if [ -n "$ARTIFACT" ]; then
+    ARTIFACT_ID=$(echo "$ARTIFACT" | jq -r '.id')
+    echo "Wazuh indexer package built successfully."
+    echo "[ Artifact ID: $ARTIFACT_ID ]"
+else
+    echo "Error: Wazuh indexer package not found."
+fi
@@ -0,0 +1,144 @@
+#!/bin/bash
+
+# SPDX-License-Identifier: Apache-2.0
+# The OpenSearch Contributors require contributions made to
+# this file be licensed under the Apache-2.0 license or a
+# compatible open source license.
+
+# Tool dependencies
+DEPENDENCIES=(curl jq unzip)
+# Default package revision
+PKG_REVISION="0"
+
+# Function to display usage help
+usage() {
+    echo "Usage: $0 --artifact-id <ARTIFACT_ID> [-v <PKG_VERSION>] [-r <PKG_REVISION>] [-n <PKG_NAME>]"
+    echo
+    echo "Parameters:"
+    echo "    -id, --artifact-id    The GHA workflow execution ID."
+    echo "    -v, --version         (Optional) The version of the wazuh-indexer package."
+    echo "    -r, --revision        (Optional) The revision of the package. Defaults to '0' if not provided."
+    echo "    -n, --name            (Optional) The package name. If not provided, it will be configured based on version and revision."
+    echo
+    echo "Please ensure you have the GITHUB_TOKEN environment variable set to access the GitHub repository, and all dependencies installed: [${DEPENDENCIES[@]}]"
+    exit 1
+}
+
+# Parse named parameters
+while [[ "$#" -gt 0 ]]; do
+    case $1 in
+        --artifact-id|-id) ARTIFACT_ID="$2"; shift ;;
+        --version|-v) PKG_VERSION="$2"; shift ;;
+        --revision|-r) PKG_REVISION="$2"; shift ;;
+        --name|-n) PKG_NAME="$2"; shift ;;
+        -h|--help) usage ;;
+        *) echo "Unknown parameter passed: $1"; usage ;;
+    esac
+    shift
+done
+
+# Validate all dependencies are installed
+for dep in ${DEPENDENCIES[@]}
+do
+  if ! command -v  ${dep} &> /dev/null
+  then
+    echo "Error: Dependency '$dep' is not installed. Please install $dep and try again." >&2
+    exit 1
+  fi
+done
+
+# Check if ARTIFACT_ID is provided
+if [ -z "$ARTIFACT_ID" ]; then
+    echo "Error: ARTIFACT_ID is required."
+    usage
+fi
+
+# Validate GITHUB_TOKEN environment variable
+if [ -z "$GITHUB_TOKEN" ]; then
+    echo "Please ensure you have the GITHUB_TOKEN environment variable set to access the GitHub repository."
+    exit 1
+fi
+
+# Ensure either PKG_NAME or both PKG_VERSION and PKG_REVISION are provided
+if [ -z "$PKG_NAME" ] && { [ -z "$PKG_VERSION" ] || [ -z "$PKG_REVISION" ]; }; then
+    echo "Error: Either a package name (--name) or both a version (--version) and revision (--revision) must be provided."
+    usage
+fi
+
+REPO="wazuh/wazuh-indexer"
+URL="https://api.github.com/repos/${REPO}/actions/artifacts/${ARTIFACT_ID}/zip"
+
+# Detect OS and architecture
+if [ -f /etc/os-release ]; then
+    . /etc/os-release
+    OS=$(echo $NAME | tr '[:upper:]' '[:lower:]')
+else
+    echo "Unsupported OS."
+    exit 1
+fi
+
+# Determine package type if PKG_NAME is not provided
+ARCH=$(uname -m)
+case "$OS" in
+    *ubuntu* | *debian*)
+        PKG_FORMAT="deb"
+        if [ -z "$PKG_NAME" ]; then
+            [ "$ARCH" == "x86_64" ] && ARCH="amd64"
+            [ "$ARCH" == "aarch64" ] && ARCH="arm64"
+            PKG_NAME="wazuh-indexer_${PKG_VERSION}-${PKG_REVISION}_${ARCH}.${PKG_FORMAT}"
+        fi
+        ;;
+    *centos* | *fedora* | *rhel* | *"red hat"* | *alma*)
+        PKG_FORMAT="rpm"
+        if [ -z "$PKG_NAME" ]; then
+            PKG_NAME="wazuh-indexer-${PKG_VERSION}-${PKG_REVISION}.${ARCH}.${PKG_FORMAT}"
+        fi
+        ;;
+    *)
+        echo "Unsupported OS."
+        exit 1
+        ;;
+esac
+
+# Download the package
+echo "Downloading wazuh-indexer package from GitHub artifactory..."
+echo "(It could take a couple minutes)"
+curl -L -H "Accept: application/vnd.github+json" \
+    -H "Authorization: Bearer $GITHUB_TOKEN" \
+    -H "X-GitHub-Api-Version: 2022-11-28" \
+    $URL -o package.zip > /dev/null 2>&1
+
+if [ $? -ne 0 ]; then
+    echo "Error downloading package."
+    exit 1
+fi
+echo "Package downloaded successfully"
+
+# Unzip the package
+echo "Decompressing wazuh-indexer package..."
+unzip ./package.zip
+rm package.zip
+
+if [ $? -ne 0 ]; then
+    echo "Error unzipping package."
+    exit 1
+fi
+echo "Package decompressed"
+
+# Install the package
+echo "Installing wazuh-indexer package..."
+case "$PKG_FORMAT" in
+    "deb")
+        sudo dpkg -i $PKG_NAME
+        ;;
+    "rpm")
+        sudo rpm -i $PKG_NAME
+        ;;
+esac
+
+if [ $? -ne 0 ]; then
+    echo "Error installing package."
+    exit 1
+fi
+
+echo "Package installed successfully."
@@ -0,0 +1,114 @@
+#!/bin/bash
+
+# SPDX-License-Identifier: Apache-2.0
+# The OpenSearch Contributors require contributions made to
+# this file be licensed under the Apache-2.0 license or a
+# compatible open source license.
+
+# Tool dependencies
+DEPENDENCIES=(tar)
+
+# Function to display usage help
+usage() {
+    echo "Usage: $0 --path-to-certs <PATH_TO_CERTS> --current-node <CURRENT_NODE> [--second-node <SECOND_NODE>] [--current-node-ip <CURRENT_NODE_IP>] [--second-node-ip <SECOND_NODE_IP>]"
+    echo
+    echo "Parameters:"
+    echo "    -p, --path-to-certs     Path to the generated Wazuh certificates tar"
+    echo "    -c, --current-node      Name of the current node"
+    echo "    -s, --second-node       (Optional) Name of the second node"
+    echo "    -cip, --current-node-ip (Optional) IP address of the current node. Default: CURRENT_NODE"
+    echo "    -sip, --second-node-ip  (Optional) IP address of the second node. Default: SECOND_NODE"
+    echo
+    echo "Please ensure you have all the dependencies installed [${DEPENDENCIES[@]}]"
+    exit 1
+}
+
+# Parse named arguments
+while [[ "$#" -gt 0 ]]; do
+    case $1 in
+        --path-to-certs|-p) PATH_TO_CERTS="$2"; shift ;;
+        --current-node|-c) CURRENT_NODE="$2"; shift ;;
+        --second-node|-s) SECOND_NODE="$2"; shift ;;
+        --current-node-ip|-cip) CURRENT_NODE_IP="$2"; shift ;;
+        --second-node-ip|-sip) SECOND_NODE_IP="$2"; shift ;;
+        -h|--help) usage ;;
+        *) echo "Unknown parameter passed: $1"; usage ;;
+    esac
+    shift
+done
+
+# Validate all dependencies are installed
+for dep in ${DEPENDENCIES[@]}
+do
+  if ! command -v  ${dep} &> /dev/null
+  then
+    echo "Error: Dependency '$dep' is not installed. Please install $dep and try again." >&2
+    exit 1
+  fi
+done
+
+# Validate mandatory arguments
+if [ -z "$PATH_TO_CERTS" ] || [ -z "$CURRENT_NODE" ]; then
+    echo "Error: Missing mandatory parameter."
+    usage
+fi
+
+# Set default values if optional arguments are not provided
+CURRENT_NODE_IP=${CURRENT_NODE_IP:-$CURRENT_NODE}
+SECOND_NODE_IP=${SECOND_NODE_IP:-$SECOND_NODE}
+CONFIG_FILE="/etc/wazuh-indexer/opensearch.yml"
+BACKUP_FILE="./opensearch.yml.bak"
+
+# Backup the original config file
+echo "Creating a backup of the original config file..."
+cp $CONFIG_FILE $BACKUP_FILE
+
+# Replace values in the config file
+echo "Updating configuration..."
+sed -i "s/network\.host: \"0\.0\.0\.0\"/network.host: \"${CURRENT_NODE_IP}\"/" $CONFIG_FILE
+sed -i "s/node\.name: \"node-1\"/node.name: \"${CURRENT_NODE}\"/" $CONFIG_FILE
+
+if [ -n "$SECOND_NODE" ]; then
+    sed -i "s/#discovery\.seed_hosts:/discovery.seed_hosts:\n  - \"${CURRENT_NODE_IP}\"\n  - \"${SECOND_NODE_IP}\"/" $CONFIG_FILE
+    sed -i "/cluster\.initial_master_nodes:/!b;n;c- ${CURRENT_NODE}\n- ${SECOND_NODE}" $CONFIG_FILE
+    sed -i ':a;N;$!ba;s/plugins\.security\.nodes_dn:\n- "CN=node-1,OU=Wazuh,O=Wazuh,L=California,C=US"/plugins.security.nodes_dn:\n- "CN='"${CURRENT_NODE}"',OU=Wazuh,O=Wazuh,L=California,C=US"\n- "CN='"${SECOND_NODE}"',OU=Wazuh,O=Wazuh,L=California,C=US"/' $CONFIG_FILE
+else
+    sed -i "s/#discovery\.seed_hosts:/discovery.seed_hosts:\n  - \"${CURRENT_NODE_IP}\"/" $CONFIG_FILE
+    sed -i "/cluster\.initial_master_nodes:/!b;n;c- ${CURRENT_NODE}" $CONFIG_FILE
+    sed -i ':a;N;$!ba;s/plugins\.security\.nodes_dn:\n- "CN=node-1,OU=Wazuh,O=Wazuh,L=California,C=US"/plugins.security.nodes_dn:\n- "CN='"${CURRENT_NODE}"',OU=Wazuh,O=Wazuh,L=California,C=US"/' $CONFIG_FILE
+fi
+
+if [ $? -eq 0 ]; then
+    echo "Configuration updated successfully. Backup created at ${BACKUP_FILE}"
+else
+    echo "Error updating configuration."
+    exit 1
+fi
+
+# Directory for certificates
+CERT_DIR="/etc/wazuh-indexer/certs"
+
+# Extract certificates
+echo "Creating certificates directory and extracting certificates..."
+mkdir -p $CERT_DIR
+tar -xf $PATH_TO_CERTS -C $CERT_DIR ./$CURRENT_NODE.pem ./$CURRENT_NODE-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem
+
+if [ $? -ne 0 ]; then
+    echo "Error extracting certificates."
+    exit 1
+fi
+
+# Move and set permissions for certificates
+echo "Moving and setting permissions for certificates..."
+mv -n $CERT_DIR/$CURRENT_NODE.pem $CERT_DIR/indexer.pem
+mv -n $CERT_DIR/$CURRENT_NODE-key.pem $CERT_DIR/indexer-key.pem
+chmod 500 $CERT_DIR
+chmod 400 $CERT_DIR/*
+chown -R wazuh-indexer:wazuh-indexer $CERT_DIR
+
+if [ $? -eq 0 ]; then
+    echo "Certificates configured successfully."
+else
+    echo "Error configuring certificates."
+    exit 1
+fi