From fc1ece705e92028b33c1c0d15ee53ce0e764cf88 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 7 Jun 2024 05:44:14 -0300 Subject: [PATCH 1/9] Add the build of Wazuh cert tool image to build image process --- build-docker-images/build-images.sh | 1 + .../cert-tool-image}/Dockerfile | 5 +++-- .../cert-tool-image}/config/entrypoint.sh | 0 indexer-certs-creator/README.md | 9 --------- multi-node/generate-indexer-certs.yml | 5 +++-- single-node/generate-indexer-certs.yml | 5 +++-- 6 files changed, 10 insertions(+), 15 deletions(-) rename {indexer-certs-creator => build-docker-images/cert-tool-image}/Dockerfile (67%) rename {indexer-certs-creator => build-docker-images/cert-tool-image}/config/entrypoint.sh (100%) delete mode 100644 indexer-certs-creator/README.md diff --git a/build-docker-images/build-images.sh b/build-docker-images/build-images.sh index 583eeaa9e..6acdb2d38 100755 --- a/build-docker-images/build-images.sh +++ b/build-docker-images/build-images.sh @@ -71,6 +71,7 @@ build() { echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> .env docker-compose -f build-docker-images/build-images.yml --env-file .env build --no-cache + docker build -t wazuh/wazuh-cert-tool:$WAZUH_IMAGE_VERSION build-docker-images/cert-tool-image/ return 0 } diff --git a/indexer-certs-creator/Dockerfile b/build-docker-images/cert-tool-image/Dockerfile similarity index 67% rename from indexer-certs-creator/Dockerfile rename to build-docker-images/cert-tool-image/Dockerfile index 58b2583ff..92c3cbaca 100644 --- a/indexer-certs-creator/Dockerfile +++ b/build-docker-images/cert-tool-image/Dockerfile @@ -1,7 +1,8 @@ # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2) -FROM ubuntu:focal +FROM amazonlinux:2023 -RUN apt-get update && apt-get install openssl curl -y +RUN yum install curl-minimal openssl -y &&\ +yum clean all WORKDIR / diff --git a/indexer-certs-creator/config/entrypoint.sh b/build-docker-images/cert-tool-image/config/entrypoint.sh similarity index 100% rename from indexer-certs-creator/config/entrypoint.sh rename to build-docker-images/cert-tool-image/config/entrypoint.sh diff --git a/indexer-certs-creator/README.md b/indexer-certs-creator/README.md deleted file mode 100644 index b7dbc565e..000000000 --- a/indexer-certs-creator/README.md +++ /dev/null @@ -1,9 +0,0 @@ -# Certificate creation image build - -The dockerfile hosted in this directory is used to build the image used to boot Wazuh's single node and multi node stacks. - -To create the image, the following command must be executed: - -``` -$ docker build -t wazuh/wazuh-certs-generator:0.0.1 . -``` diff --git a/multi-node/generate-indexer-certs.yml b/multi-node/generate-indexer-certs.yml index dbf2b079e..a118f0be7 100644 --- a/multi-node/generate-indexer-certs.yml +++ b/multi-node/generate-indexer-certs.yml @@ -3,8 +3,9 @@ version: '3' services: generator: - image: wazuh/wazuh-certs-generator:0.0.2 - hostname: wazuh-certs-generator + image: wazuh/wazuh-cert-tool:4.7.5 + hostname: wazuh-cert-tool + container_name: wazuh-cert-tool volumes: - ./config/wazuh_indexer_ssl_certs/:/certificates/ - ./config/certs.yml:/config/certs.yml \ No newline at end of file diff --git a/single-node/generate-indexer-certs.yml b/single-node/generate-indexer-certs.yml index 3e0eb6fd7..efcd8d87b 100644 --- a/single-node/generate-indexer-certs.yml +++ b/single-node/generate-indexer-certs.yml @@ -3,8 +3,9 @@ version: '3' services: generator: - image: wazuh/wazuh-certs-generator:0.0.2 - hostname: wazuh-certs-generator + image: wazuh/wazuh-cert-tool:5.0.0 + hostname: wazuh-cert-tool + container_name: wazuh-cert-tool volumes: - ./config/wazuh_indexer_ssl_certs/:/certificates/ - ./config/certs.yml:/config/certs.yml From 1f32d2a358900308305711e0d899c280600e77b1 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 7 Jun 2024 07:42:13 -0300 Subject: [PATCH 2/9] Modify yaml script name generator --- multi-node/{generate-indexer-certs.yml => generate-certs.yml} | 0 single-node/{generate-indexer-certs.yml => generate-certs.yml} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename multi-node/{generate-indexer-certs.yml => generate-certs.yml} (100%) rename single-node/{generate-indexer-certs.yml => generate-certs.yml} (100%) diff --git a/multi-node/generate-indexer-certs.yml b/multi-node/generate-certs.yml similarity index 100% rename from multi-node/generate-indexer-certs.yml rename to multi-node/generate-certs.yml diff --git a/single-node/generate-indexer-certs.yml b/single-node/generate-certs.yml similarity index 100% rename from single-node/generate-indexer-certs.yml rename to single-node/generate-certs.yml From 6d63befeb7ddc181c70c2b3446a033e4fe9e99cd Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 7 Jun 2024 07:57:03 -0300 Subject: [PATCH 3/9] Modify yaml script name generator --- multi-node/generate-certs.yml | 2 +- single-node/generate-certs.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/multi-node/generate-certs.yml b/multi-node/generate-certs.yml index a118f0be7..f67aea04d 100644 --- a/multi-node/generate-certs.yml +++ b/multi-node/generate-certs.yml @@ -8,4 +8,4 @@ services: container_name: wazuh-cert-tool volumes: - ./config/wazuh_indexer_ssl_certs/:/certificates/ - - ./config/certs.yml:/config/certs.yml \ No newline at end of file + - ./config/certs.yml:/config/certs.yml diff --git a/single-node/generate-certs.yml b/single-node/generate-certs.yml index efcd8d87b..6826ed7d4 100644 --- a/single-node/generate-certs.yml +++ b/single-node/generate-certs.yml @@ -9,3 +9,4 @@ services: volumes: - ./config/wazuh_indexer_ssl_certs/:/certificates/ - ./config/certs.yml:/config/certs.yml + From 450a59a7c8c9335d9ce243a9fd270bc11b66e10b Mon Sep 17 00:00:00 2001 From: vcerenu Date: Mon, 10 Jun 2024 07:11:20 -0300 Subject: [PATCH 4/9] Change the name dir to Wazuh cert tool Dockerfile --- .../{cert-tool-image => wazuh-cert-tool}/Dockerfile | 0 .../{cert-tool-image => wazuh-cert-tool}/config/entrypoint.sh | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename build-docker-images/{cert-tool-image => wazuh-cert-tool}/Dockerfile (100%) rename build-docker-images/{cert-tool-image => wazuh-cert-tool}/config/entrypoint.sh (100%) diff --git a/build-docker-images/cert-tool-image/Dockerfile b/build-docker-images/wazuh-cert-tool/Dockerfile similarity index 100% rename from build-docker-images/cert-tool-image/Dockerfile rename to build-docker-images/wazuh-cert-tool/Dockerfile diff --git a/build-docker-images/cert-tool-image/config/entrypoint.sh b/build-docker-images/wazuh-cert-tool/config/entrypoint.sh similarity index 100% rename from build-docker-images/cert-tool-image/config/entrypoint.sh rename to build-docker-images/wazuh-cert-tool/config/entrypoint.sh From aed100447116b3813ef58599b508a58b622f46a4 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Mon, 10 Jun 2024 07:13:09 -0300 Subject: [PATCH 5/9] Change the generator script in multi node deployment --- multi-node/generate-certs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/multi-node/generate-certs.yml b/multi-node/generate-certs.yml index f67aea04d..efcd8d87b 100644 --- a/multi-node/generate-certs.yml +++ b/multi-node/generate-certs.yml @@ -3,7 +3,7 @@ version: '3' services: generator: - image: wazuh/wazuh-cert-tool:4.7.5 + image: wazuh/wazuh-cert-tool:5.0.0 hostname: wazuh-cert-tool container_name: wazuh-cert-tool volumes: From 1e6f93b20adda833688d4c321ba4edc3f33e5d89 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Tue, 11 Jun 2024 09:46:53 -0300 Subject: [PATCH 6/9] Correct the name of the certificate generator script --- .github/workflows/push.yml | 4 ++-- README.md | 4 ++-- multi-node/Migration-to-Wazuh-4.4.md | 2 +- multi-node/README.md | 2 +- single-node/README.md | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 0444cba7a..c528dceda 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -89,7 +89,7 @@ jobs: - name: Create single node certficates - run: docker-compose -f single-node/generate-indexer-certs.yml run --rm generator + run: docker-compose -f single-node/generate-certs.yml run --rm generator - name: Start single node stack run: docker-compose -f single-node/docker-compose.yml up -d @@ -220,7 +220,7 @@ jobs: rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar - name: Create multi node certficates - run: docker-compose -f multi-node/generate-indexer-certs.yml run --rm generator + run: docker-compose -f multi-node/generate-certs.yml run --rm generator - name: Start multi node stack run: docker-compose -f multi-node/docker-compose.yml up -d diff --git a/README.md b/README.md index ce949de33..34290fc21 100644 --- a/README.md +++ b/README.md @@ -154,7 +154,7 @@ WAZUH_MONITORING_REPLICAS=0 ## │   │   └── wazuh_indexer_ssl_certs │   │   └── certs.yml │   ├── docker-compose.yml - │   ├── generate-indexer-certs.yml + │   ├── generate-certs.yml │   ├── Migration-to-Wazuh-4.3.md │   └── volume-migrator.sh ├── README.md @@ -181,7 +181,7 @@ WAZUH_MONITORING_REPLICAS=0 ## │   │   ├── wazuh.manager-key.pem │   │   └── wazuh.manager.pem │   ├── docker-compose.yml - │   ├── generate-indexer-certs.yml + │   ├── generate-certs.yml │   └── README.md └── VERSION diff --git a/multi-node/Migration-to-Wazuh-4.4.md b/multi-node/Migration-to-Wazuh-4.4.md index 3ff10a844..817dc961e 100644 --- a/multi-node/Migration-to-Wazuh-4.4.md +++ b/multi-node/Migration-to-Wazuh-4.4.md @@ -354,7 +354,7 @@ docker container run --rm -it \ ``` git checkout 4.4 cd multi-node -docker-compose -f generate-indexer-certs.yml run --rm generator +docker-compose -f generate-certs.yml run --rm generator docker-compose up -d ``` diff --git a/multi-node/README.md b/multi-node/README.md index c1e8b9986..64273eb8c 100644 --- a/multi-node/README.md +++ b/multi-node/README.md @@ -8,7 +8,7 @@ $ sysctl -w vm.max_map_count=262144 ``` 2) Run the certificate creation script: ``` -$ docker-compose -f generate-indexer-certs.yml run --rm generator +$ docker-compose -f generate-certs.yml run --rm generator ``` 3) Start the environment with docker-compose: diff --git a/single-node/README.md b/single-node/README.md index efd303c71..ba1be707a 100644 --- a/single-node/README.md +++ b/single-node/README.md @@ -8,7 +8,7 @@ $ sysctl -w vm.max_map_count=262144 ``` 2) Run the certificate creation script: ``` -$ docker-compose -f generate-indexer-certs.yml run --rm generator +$ docker-compose -f generate-certs.yml run --rm generator ``` 3) Start the environment with docker-compose: From fda4a171f4cf015ba3391e86a4fbacbddbebb2da Mon Sep 17 00:00:00 2001 From: vcerenu Date: Tue, 11 Jun 2024 10:14:19 -0300 Subject: [PATCH 7/9] Add save and load process for Wazuh Cert Tool image --- .github/workflows/push.yml | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index c528dceda..902c64fbd 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -22,6 +22,7 @@ jobs: docker save wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar docker save wazuh/wazuh-indexer:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar docker save wazuh/wazuh-dashboard:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar + docker save wazuh/wazuh-cert-tool:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-cert-tool.tar - name: Temporarily save Wazuh manager Docker image uses: actions/upload-artifact@v3 @@ -44,6 +45,13 @@ jobs: path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar retention-days: 1 + - name: Temporarily save Wazuh Cert Tool Docker image + uses: actions/upload-artifact@v3 + with: + name: docker-artifact-cert-tool + path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-cert-tool.tar + retention-days: 1 + - name: Install Goss uses: e1himself/goss-installation-action@v1.0.3 with: @@ -81,11 +89,18 @@ jobs: with: name: docker-artifact-dashboard + - name: Retrieve saved Wazuh Cert Tool Docker image + uses: actions/download-artifact@v3 + with: + name: docker-artifact-dashboard + - name: Docker load run: | docker load --input ./wazuh-indexer.tar docker load --input ./wazuh-dashboard.tar docker load --input ./wazuh-manager.tar + docker load --input ./wazuh-cert-tool.tar + rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar - name: Create single node certficates @@ -212,11 +227,17 @@ jobs: with: name: docker-artifact-indexer + - name: Retrieve saved Wazuh Cert Tool Docker image + uses: actions/download-artifact@v3 + with: + name: docker-artifact-dashboard + - name: Docker load run: | - docker load --input ./wazuh-manager.tar docker load --input ./wazuh-indexer.tar docker load --input ./wazuh-dashboard.tar + docker load --input ./wazuh-manager.tar + docker load --input ./wazuh-cert-tool.tar rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar - name: Create multi node certficates From cf3eb610812b649996527a3bc68dee288e8a4415 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Tue, 11 Jun 2024 10:16:22 -0300 Subject: [PATCH 8/9] Add save and load process for Wazuh Cert Tool image --- .github/workflows/push.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 902c64fbd..42669888c 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -92,7 +92,7 @@ jobs: - name: Retrieve saved Wazuh Cert Tool Docker image uses: actions/download-artifact@v3 with: - name: docker-artifact-dashboard + name: docker-artifact-cert-tool - name: Docker load run: | @@ -230,7 +230,7 @@ jobs: - name: Retrieve saved Wazuh Cert Tool Docker image uses: actions/download-artifact@v3 with: - name: docker-artifact-dashboard + name: docker-artifact-cert-tool - name: Docker load run: | From 36e716033202ac22dd9b3c27103d0e26e496e593 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Tue, 11 Jun 2024 10:19:50 -0300 Subject: [PATCH 9/9] Add save and load process for Wazuh Cert Tool image --- .github/workflows/push.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 42669888c..18a71dd2b 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -100,7 +100,7 @@ jobs: docker load --input ./wazuh-dashboard.tar docker load --input ./wazuh-manager.tar docker load --input ./wazuh-cert-tool.tar - rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar + rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-cert-tool.tar - name: Create single node certficates @@ -238,7 +238,7 @@ jobs: docker load --input ./wazuh-dashboard.tar docker load --input ./wazuh-manager.tar docker load --input ./wazuh-cert-tool.tar - rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar + rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-cert-tool.tar - name: Create multi node certficates run: docker-compose -f multi-node/generate-certs.yml run --rm generator