-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release 4.8.0 - RC 2 - E2E UX tests - Deployment with Puppet #23414
Labels
Comments
Setup Puppet 🟡Instances have been requested in this issue Because puppet server is not available on Amazon Linux 2023, puppetserver was installed on Ubuntu 22. Puppet Master 🟡Installing 🟢:/home/ubuntu# cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.4 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.4 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
:/home/ubuntu# nano /etc/hosts
:/home/ubuntu# cat /etc/hosts
x.x.x.x localhost
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
x.x.x.x puppet puppet-master
/home/ubuntu# apt-get update
/home/ubuntu# wget https://apt.puppet.com/puppet7-release-jammy.deb
/home/ubuntu# dpkg -i puppet7-release-jammy.deb
/home/ubuntu# apt-get install -y puppetserver
/home/ubuntu# ln -s /opt/puppetlabs/bin/puppet /bin
ln -s /opt/puppetlabs/server/bin/puppetserver /bin
Configuration 🟡/home/ubuntu# nano /etc/puppetlabs/puppet/puppet.conf
/home/ubuntu# cat /etc/puppetlabs/puppet/puppet.conf
# This file can be used to override the default puppet settings.
# See the following links for more details on what settings are available:
# - https://puppet.com/docs/puppet/latest/config_important_settings.html
# - https://puppet.com/docs/puppet/latest/config_about_settings.html
# - https://puppet.com/docs/puppet/latest/config_file_main.html
# - https://puppet.com/docs/puppet/latest/configuration.html
[server]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
[main]
server = puppet-master
dns_alt_names = puppet,puppet-master
/home/ubuntu# nano /etc/default/puppetserver
/home/ubuntu# cat /etc/default/puppetserver
###########################################
# Init settings for puppetserver
###########################################
# Location of your Java binary (version 8)
JAVA_BIN="/usr/bin/java"
# Modify this if you'd like to change the memory allocation, enable JMX, etc
JAVA_ARGS="-Xms1g -Xmx1g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"
# Modify this as you would JAVA_ARGS but for non-service related subcommands
JAVA_ARGS_CLI="${JAVA_ARGS_CLI:-}"
# Modify this if you'd like TrapperKeeper specific arguments
TK_ARGS=""
# These normally shouldn't need to be edited if using OS packages
USER="puppet"
GROUP="puppet"
INSTALL_DIR="/opt/puppetlabs/server/apps/puppetserver"
CONFIG="/etc/puppetlabs/puppetserver/conf.d"
# Bootstrap path
BOOTSTRAP_CONFIG="/etc/puppetlabs/puppetserver/services.d/,/opt/puppetlabs/server/apps/puppetserver/config/services.d/"
# SERVICE_STOP_RETRIES can be set here to alter the default stop timeout in
# seconds. For systemd, the shorter of this setting or 'TimeoutStopSec' in
# the systemd.service definition will effectively be the timeout which is used.
SERVICE_STOP_RETRIES=60
# START_TIMEOUT can be set here to alter the default startup timeout in
# seconds. For systemd, the shorter of this setting or 'TimeoutStartSec'
# in the service's systemd.service configuration file will effectively be the
# timeout which is used.
START_TIMEOUT=300
# Maximum number of seconds that can expire for a service reload attempt before
# the result of the attempt is interpreted as a failure.
RELOAD_TIMEOUT=120
Start service 🟢/home/ubuntu# systemctl start puppetserver
systemctl enable puppetserver
systemctl status puppetserver
● puppetserver.service - puppetserver Service
Loaded: loaded (/lib/systemd/system/puppetserver.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2024-05-16 08:58:29 UTC; 1h 29min ago
Main PID: 4234 (java)
Tasks: 49 (limit: 4915)
Memory: 896.3M
CPU: 3min 35.894s
CGroup: /system.slice/puppetserver.service
└─4234 /usr/bin/java -Xms1g -Xmx1g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby>
May 16 08:57:55 ip-x.x.x.x systemd[1]: Starting puppetserver Service...
May 16 08:58:02 ip-x.x.x.x puppetserver[4234]: WARNING: abs already refers to: #'clojure.core/ab>
May 16 08:58:29 ip-x.x.x.x systemd[1]: Started puppetserver Service.
May 16 08:58:29 ip-x.x.x.x systemd[1]: /lib/systemd/system/puppetserver.service:45: Standard out>
May 16 08:58:30 ip-x.x.x.x systemd[1]: /lib/systemd/system/puppetserver.service:45: Standard out>
May 16 08:58:31 ip-x.x.x.x systemd[1]: /lib/systemd/system/puppetserver.service:45: Standard out> AIO - Wazuh-server, Wazuh-indexer and Wazuh-dashboard 🟢Installing 🟢1. Update host file ec2-user]# cat /etc/os-release
NAME="Amazon Linux"
VERSION="2023"
ID="amzn"
ID_LIKE="fedora"
VERSION_ID="2023"
PLATFORM_ID="platform:al2023"
PRETTY_NAME="Amazon Linux 2023.4.20240513"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2023"
HOME_URL="https://aws.amazon.com/linux/amazon-linux-2023/"
DOCUMENTATION_URL="https://docs.aws.amazon.com/linux/"
SUPPORT_URL="https://aws.amazon.com/premiumsupport/"
BUG_REPORT_URL="https://github.com/amazonlinux/amazon-linux-2023"
VENDOR_NAME="AWS"
VENDOR_URL="https://aws.amazon.com/"
SUPPORT_END="2028-03-15"
ec2-user]# nano /etc/hosts
ec2-user]# cat /etc/hosts
x.x.x.x localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost6 localhost6.localdomain6
x.x.x.x puppet puppet-master
ec2-user]# rpm -Uvh https://yum.puppetlabs.com/puppet7-release-amazon-2023.noarch.rpm
ec2-user]# yum install -y puppet-agent
ec2-user]# ln -s /opt/puppetlabs/bin/puppet /bin
Configuration 🟢ec2-user]# nano /etc/puppetlabs/puppet/puppet.conf
ec2-user]# cat /etc/puppetlabs/puppet/puppet.conf
# This file can be used to override the default puppet settings.
# See the following links for more details on what settings are available:
# - https://puppet.com/docs/puppet/latest/config_important_settings.html
# - https://puppet.com/docs/puppet/latest/config_about_settings.html
# - https://puppet.com/docs/puppet/latest/config_file_main.html
# - https://puppet.com/docs/puppet/latest/configuration.html
[main]
server = puppet-master
Start service 🟢ec2-user]# puppet resource service puppet ensure=running enable=true
sudo systemctl status puppet
Notice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running'
service { 'puppet':
ensure => 'running',
enable => 'true',
provider => 'systemd',
}
● puppet.service - Puppet agent
Loaded: loaded (/usr/lib/systemd/system/puppet.service; enabled; preset: disabled)
Active: active (running) since Thu 2024-05-16 09:02:37 UTC; 1h 28min ago
Docs: man:puppet-agent(8)
Main PID: 2295 (puppet)
Tasks: 1 (limit: 4582)
Memory: 102.0M
CPU: 14.857s
CGroup: /system.slice/puppet.service
└─2295 /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/puppet agent --no-daemonize
May 16 10:02:42 ip-x.x.x.x.ec2.internal puppet-agent[7627]: Requesting catalog from puppet-master:81>
May 16 10:02:45 ip-x.x.x.x.ec2.internal puppet-agent[7627]: Catalog compiled by ip-172-31-39-67.ec2.>
May 16 10:02:47 ip-x.x.x.x.ec2.internal puppet-agent[7627]: (/Stage[manager]/Wazuh::Manager/Exec[Gen>
May 16 10:02:47 ip-x.x.x.x.ec2.internal puppet-agent[7627]: (/Stage[manager]/Wazuh::Manager/Exec[Gen>
May 16 10:02:48 ip-x.x.x.x.ec2.internal puppet-agent[7627]: Applied catalog in 2.24 seconds Wazuh-agent 🟢Installing 🟢1. Update host fileec2-user]# cat /etc/os-release
NAME="Amazon Linux"
VERSION="2023"
ID="amzn"
ID_LIKE="fedora"
VERSION_ID="2023"
PLATFORM_ID="platform:al2023"
PRETTY_NAME="Amazon Linux 2023.4.20240416"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2023"
HOME_URL="https://aws.amazon.com/linux/amazon-linux-2023/"
DOCUMENTATION_URL="https://docs.aws.amazon.com/linux/"
SUPPORT_URL="https://aws.amazon.com/premiumsupport/"
BUG_REPORT_URL="https://github.com/amazonlinux/amazon-linux-2023"
VENDOR_NAME="AWS"
VENDOR_URL="https://aws.amazon.com/"
SUPPORT_END="2028-03-15"
ec2-user]# nano /etc/hosts
ec2-user]# cat /etc/hosts
x.x.x.x localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost6 localhost6.localdomain6
x.x.x.x puppet puppet-master
ec2-user]# rpm -Uvh https://yum.puppetlabs.com/puppet7-release-amazon-2023.noarch.rpm
ec2-user]# yum -y install puppet-agent
ec2-user]# ln -s /opt/puppetlabs/bin/puppet /bin
Configuration 🟢ec2-user]# nano /etc/puppetlabs/puppet/puppet.conf
ec2-user]# cat /etc/puppetlabs/puppet/puppet.conf
# This file can be used to override the default puppet settings.
# See the following links for more details on what settings are available:
# - https://puppet.com/docs/puppet/latest/config_important_settings.html
# - https://puppet.com/docs/puppet/latest/config_about_settings.html
# - https://puppet.com/docs/puppet/latest/config_file_main.html
# - https://puppet.com/docs/puppet/latest/configuration.html
[main]
server = puppet-master Start service 🟢ec2-user]# nano /etc/puppetlabs/puppet/puppet.conf
ec2-user]# puppet resource service puppet ensure=running enable=true
sudo systemctl status puppet
Notice: /Service[puppet]/ensure: ensure changed 'stopped' to 'running'
service { 'puppet':
ensure => 'running',
enable => 'true',
provider => 'systemd',
}
● puppet.service - Puppet agent
Loaded: loaded (/usr/lib/systemd/system/puppet.service; enabled; preset: disabled)
Active: active (running) since Thu 2024-05-16 09:11:37 UTC; 1h 22min ago
Docs: man:puppet-agent(8)
Main PID: 2288 (puppet)
Tasks: 1 (limit: 2263)
Memory: 55.9M
CPU: 12.666s
CGroup: /system.slice/puppet.service
└─2288 /opt/puppetlabs/puppet/bin/ruby /opt/puppetlabs/puppet/bin/puppet agent --no-daem>
May 16 10:11:41 ip-x.x.x.x.ec2.internal puppet-agent[5649]: Requesting catalog from puppet-mast>
May 16 10:11:43 ip-x.x.x.x.ec2.internal puppet-agent[5649]: Catalog compiled by ip-x.x.x.x>
May 16 10:11:43 ip-x.x.x.x.ec2.internal puppet-agent[5649]: Applied catalog in 0.32 seconds
|
Generating Puppet Certificates 🟢Wazuh agentec2-user]# puppet agent -t
Wazuh AIOec2-user]# puppet agent -t
Sign Puppet agent certificates:/home/ubuntu# puppetserver ca sign --all Back to Puppet agents: Wazuh agentec2-user]# puppet agent -t
Wazuh AIOec2-user]# puppet agent -t
Signed certificates:/home/ubuntu# puppetserver ca list --all
Signed Certificates:
ip-x.x.x.x.ec2.internal (SHA256) 6E:90:80:8D:E5:A0:B9:ED:62:15:23:F5:E7:90:5E:3A:42:CE:C4:85:1E:D2:68:27:2C:41:AD:B0:6C:67:F2:D5 alt names: ["DNS:puppet", "DNS:puppet-master", "DNS:ip-x.x.x.x.ec2.internal"] authorization extensions: [pp_cli_auth: true]
ip-x.x.x.x.ec2.internal (SHA256) 4A:BA:20:52:11:CD:76:F6:49:84:FD:95:61:61:48:39:8D:3C:AA:77:73:DE:D7:49:FE:4E:39:C3:A8:A1:75:FA alt names: ["DNS:ip-x.x.x.x.ec2.internal"]
ip-x.x.x.x.ec2.internal (SHA256) 98:69:D2:01:83:68:74:F6:82:C3:BE:30:F3:F7:F0:F5:04:86:E5:07:4B:5B:DE:22:47:C2:44:F5:D9:72:AB:CB alt names: ["DNS:ip-x.x.x.x.ec2.internal"]
|
Wazuh Stack Installation 🟢Module installation 🟢:/home/ubuntu# wget https://packages-dev.wazuh.com/pre-release/puppet-module/wazuh-wazuh-4.8.0.tar.gz
:/home/ubuntu# puppet module install wazuh-wazuh-4.8.0.tar.gz
Changes to module after installation 🟢:/home/ubuntu# nano /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/repo.pp
:/home/ubuntu# cat /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/repo.pp
# Copyright (C) 2015, Wazuh Inc.
# Wazuh repository installation
class wazuh::repo (
) {
case $::osfamily {
'Debian' : {
if $::lsbdistcodename =~ /(jessie|wheezy|stretch|precise|trusty|vivid|wily|xenial|yakketi|groovy)/
and ! defined(Package['apt-transport-https']) {
ensure_packages(['apt-transport-https'], {'ensure' => 'present'})
}
# apt-key added by issue #34
apt::key { 'wazuh':
id => '0DCFCA5547B19D2A6099506096B3EE5F29111145',
source => 'https://packages.wazuh.com/key/GPG-KEY-WAZUH',
server => 'pgp.mit.edu'
}
case $::lsbdistcodename {
/(jessie|wheezy|stretch|buster|bullseye|bookworm|sid|precise|trusty|vivid|wily|xenial|yakketi|bionic|focal|groovy|jammy)/: {
apt::source { 'wazuh':
ensure => present,
comment => 'This is the WAZUH Ubuntu repository',
location => 'https://packages-dev.wazuh.com/pre-release/apt',
release => 'unstable',
repos => 'main',
include => {
'src' => false,
'deb' => true,
},
}
}
default: { fail('This ossec module has not been tested on your distribution (or lsb package not installed)') }
}
}
'Linux', 'RedHat', 'Suse' : {
case $::os[name] {
/^(CentOS|RedHat|OracleLinux|Fedora|Amazon|AlmaLinux|Rocky|SLES)$/: {
if ( $::operatingsystemrelease =~ /^5.*/ ) {
$baseurl = 'https://packages-dev.wazuh.com/pre-release/yum/5/'
$gpgkey = 'http://packages.wazuh.com/key/GPG-KEY-WAZUH'
} else {
$baseurl = 'https://packages-dev.wazuh.com/pre-release/yum/'
$gpgkey = 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
}
}
default: { fail('This ossec module has not been tested on your distribution.') }
}
# Set up OSSEC repo
case $::os[name] {
/^(CentOS|RedHat|OracleLinux|Fedora|Amazon|AlmaLinux)$/: {
yumrepo { 'wazuh':
descr => 'WAZUH OSSEC Repository - www.wazuh.com',
enabled => true,
gpgcheck => 1,
gpgkey => $gpgkey,
baseurl => $baseurl
}
}
/^(SLES)$/: {
zypprepo { 'wazuh':
ensure => present,
name => 'WAZUH OSSEC Repository - www.wazuh.com',
enabled => 1,
gpgcheck => 0,
repo_gpgcheck => 0,
pkg_gpgcheck => 0,
gpgkey => $gpgkey,
baseurl => $baseurl
}
}
}
}
}
}
:/home/ubuntu# nano /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/certificates.pp
:/home/ubuntu# cat /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/certificates.pp
# Copyright (C) 2015, Wazuh Inc.
# Wazuh repository installation
class wazuh::certificates (
$wazuh_repository = 'packages-dev.wazuh.com',
$wazuh_version = '4.8',
$indexer_certs = [],
$manager_certs = [],
$manager_master_certs = [],
$manager_worker_certs = [],
$dashboard_certs = []
) {
file { 'Configure Wazuh Certificates config.yml':
owner => 'root',
path => '/tmp/config.yml',
group => 'root',
mode => '0640',
content => template('wazuh/wazuh_config_yml.erb'),
}
file { '/tmp/wazuh-certs-tool.sh':
ensure => file,
source => "https://${wazuh_repository}/${wazuh_version}/wazuh-certs-tool.sh",
owner => 'root',
group => 'root',
mode => '0740',
}
exec { 'Create Wazuh Certificates':
path => '/usr/bin:/bin',
command => 'bash /tmp/wazuh-certs-tool.sh --all',
creates => '/tmp/wazuh-certificates',
require => [
File['/tmp/wazuh-certs-tool.sh'],
File['/tmp/config.yml'],
],
}
file { 'Copy all certificates into module':
ensure => 'directory',
source => '/tmp/wazuh-certificates/',
recurse => 'remote',
path => '/etc/puppetlabs/code/environments/production/modules/archive/files/',
owner => 'root',
group => 'root',
mode => '0755',
}
}
:/home/ubuntu# nano /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/filebeat_oss.pp
:/home/ubuntu# grep packages-dev /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/filebeat_oss.pp
source => "https://packages-dev.wazuh.com/pre-release/filebeat/${$wazuh_filebeat_module}",
:/home/ubuntu# cat /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/filebeat_oss.pp | grep wazuh_extensions_version
$wazuh_extensions_version = 'v4.8.0-beta6',
unless => "curl -s 'https://raw.githubusercontent.com/wazuh/wazuh/${wazuh_extensions_version}/extensions/elasticsearch/7.x/wazuh-template.json' | cmp -s '/etc/filebeat/wazuh-template.json'",
source => "https://raw.githubusercontent.com/wazuh/wazuh/${wazuh_extensions_version}/extensions/elasticsearch/7.x/wazuh-template.json",
Stack definition stack.pp 🟢:/home/ubuntu# nano /etc/puppetlabs/code/environments/production/manifests/stack.pp
:/home/ubuntu# cat /etc/puppetlabs/code/environments/production/manifests/stack.pp
$discovery_type = 'single-node'
stage { 'certificates': }
stage { 'repo': }
stage { 'indexerdeploy': }
stage { 'securityadmin': }
stage { 'dashboard': }
stage { 'manager': }
Stage[certificates] -> Stage[repo] -> Stage[indexerdeploy] -> Stage[securityadmin] -> Stage[manager] >
Exec {
timeout => 0,
}
node "ip-x.x.x.x.ec2.internal" {
class { 'wazuh::certificates':
indexer_certs => [['node-1','127.0.0.1']],
manager_certs => [['master','127.0.0.1']],
dashboard_certs => ['127.0.0.1'],
stage => certificates,
}
}
node "ip-x.x.x.x.ec2.internal" {
class { 'wazuh::repo':
stage => repo,
}
class { 'wazuh::indexer':
stage => indexerdeploy,
}
class { 'wazuh::securityadmin':
stage => securityadmin
}
class { 'wazuh::manager':
stage => manager,
}
class { 'wazuh::filebeat_oss':
stage => manager,
}
class { 'wazuh::dashboard':
stage => dashboard,
}
}
class { 'wazuh::dashboard':
stage => dashboard,
}
}
node "ip-x.x.x.x.ec2.internal" {
class { 'wazuh::repo':
}
class { "wazuh::agent":
wazuh_register_endpoint => "x.x.x.x",
wazuh_reporting_endpoint => "
}
node "ip-x.x.x.x.ec2.internal" {
class { 'wazuh::repo':
}
class { "wazuh::agent":
wazuh_register_endpoint => "x.x.x.x",
wazuh_reporting_endpoint => "x.x.x.x"
}
} Deploy Wazuh 🟢:/home/ubuntu# puppet agent -t In Wazuh-AIO instance: ec2-user]# puppet agent -t In Wazuh-agent instance: ec2-user]# puppet agent -t |
LGTM |
1 similar comment
LGTM |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
End-to-End (E2E) Testing Guideline
Release testing
objective andVery high
priority. Communicate these to the team and QA via the c-release Slack channel.For the conclusions and the issue testing and updates, use the following legend:
Status legend
Issue delivery and completion
review_assignee
field in the project. The reviewer must then review the test steps and results. Ensure that all iteration cycles are completed by May 16, 2024 date (issue must be inPending final review
status) and notify the QA team via Slack using the c-release channel.Deployment requirements
Test description
Test deployment of Wazuh central components via Puppet.
Test deployment of agents via Puppet.
For the deployment, please check details at https://wazuh-team.slack.com/archives/C02A737S5MJ/p1697670733824199?thread_ts=1697634219.368529&cid=C02A737S5MJ
Known issues
Conclusions
Feedback
We value your feedback. Please provide insights on your testing experience.
Reviewers validation
The criteria for completing this task is based on the validation of the conclusions and the test results by all reviewers.
All the checkboxes below must be marked in order to close this issue.
The text was updated successfully, but these errors were encountered: