Merge pull request #1246 from wazuh/1240-base-generation

Base indexer generation procedure

stack/indexer/base/builder.sh

@@ -0,0 +1,69 @@
+#!/bin/bash
+
+# Wazuh-indexer base builder
+# Copyright (C) 2022, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+set -e
+
+version="${1}"
+reference="${2}"
+BASE_DIR=/tmp/output/wazuh-indexer-base
+
+# -----------------------------------------------------------------------------
+
+# Including files
+if [ "${reference}" ];then
+    curl -sL https://github.com/wazuh/wazuh-packages/tarball/"${reference}" | tar xz
+    cp -r ./wazuh*/* /root/
+fi
+
+# -----------------------------------------------------------------------------
+
+mkdir -p /tmp/output
+cd /tmp/output
+
+curl -sL https://artifacts.opensearch.org/releases/bundle/opensearch/"${version}"/opensearch-"${version}"-linux-x64.tar.gz | tar xz
+
+# Remove unnecessary files and set up configuration
+mv opensearch-"${version}" "${BASE_DIR}"
+cd "${BASE_DIR}"
+find -type l -exec rm -rf {} \;
+find -name "*.bat" -exec rm -rf {} \;
+rm -rf README.md manifest.yml opensearch-tar-install.sh logs
+sed -i 's|OPENSEARCH_DISTRIBUTION_TYPE=tar|OPENSEARCH_DISTRIBUTION_TYPE=rpm|g' bin/opensearch-env
+cp -r /root/stack/indexer/base/files/systemd-entrypoint bin/
+cp -r /root/stack/indexer/base/files/etc ./
+cp -r /root/stack/indexer/base/files/usr ./
+cp -r ./config/log4j2.properties ./etc/wazuh-indexer/
+cp -r ./config/opensearch-reports-scheduler ./etc/wazuh-indexer/
+cp -r ./config/opensearch-observability ./etc/wazuh-indexer/
+cp -r ./config/jvm.options.d ./etc/wazuh-indexer/
+rm -rf ./config
+rm -rf ./plugins/opensearch-security/tools/install_demo_configuration.sh
+
+# -----------------------------------------------------------------------------
+
+# Compile systemD module
+git clone https://github.com/opensearch-project/OpenSearch.git --branch="${version}" --depth=1
+cd OpenSearch/modules/systemd
+export JAVA_HOME=/etc/alternatives/java_sdk_11
+../../gradlew build || true
+mkdir -p "${BASE_DIR}"/modules/systemd
+cp build/distributions/systemd-"${version}"-SNAPSHOT.jar "${BASE_DIR}"/modules/systemd/systemd-"${version}".jar
+cp build/resources/test/plugin-security.policy "${BASE_DIR}"/modules/systemd/
+cp build/generated-resources/plugin-descriptor.properties "${BASE_DIR}"/modules/systemd/
+sed -i 's|-SNAPSHOT||g' "${BASE_DIR}"/modules/systemd/plugin-descriptor.properties
+cd "${BASE_DIR}"
+rm -rf OpenSearch
+
+# -----------------------------------------------------------------------------
+
+# Base output
+cd /tmp/output
+tar -Jcvf wazuh-indexer-base-$(cat /root/VERSION)-linux-x64.tar.xz wazuh-indexer-base 
+rm -rf "${BASE_DIR}"

stack/indexer/base/docker/Dockerfile

@@ -0,0 +1,15 @@
+FROM rockylinux:8.5
+
+# Install all the necessary tools
+RUN yum clean all && yum update -y
+RUN yum install -y \
+    findutils \
+    git \
+    java-11-openjdk-devel
+
+# Add the script
+ADD builder.sh /usr/local/bin/builder
+RUN chmod +x /usr/local/bin/builder
+
+# Set the entrypoint
+ENTRYPOINT ["/usr/local/bin/builder"]

stack/indexer/base/files/etc/init.d/wazuh-indexer

@@ -0,0 +1,162 @@
+#!/bin/bash
+#
+# wazuh-indexer <summary>
+#
+# chkconfig:   2345 80 20
+# description: Starts and stops a single wazuh-indexer instance on this system
+#
+
+### BEGIN INIT INFO
+# Provides: Wazuh-indexer
+# Required-Start: $network $named
+# Required-Stop: $network $named
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: This service manages the wazuh-indexer daemon
+# Description: Wazuh-indexer is a very scalable, schema-free and high-performance search solution supporting multi-tenancy and near realtime search.
+### END INIT INFO
+
+#
+# init.d / servicectl compatibility (openSUSE)
+#
+if [ -f /etc/rc.status ]; then
+    . /etc/rc.status
+    rc_reset
+fi
+
+#
+# Source function library.
+#
+if [ -f /etc/rc.d/init.d/functions ]; then
+    . /etc/rc.d/init.d/functions
+fi
+
+# Sets the default values for wazuh-indexer variables used in this script
+OPENSEARCH_HOME="/usr/share/wazuh-indexer"
+MAX_OPEN_FILES=65535
+MAX_MAP_COUNT=262144
+OPENSEARCH_PATH_CONF="/etc/wazuh-indexer"
+
+PID_DIR="/run/wazuh-indexer"
+
+# Source the default env file
+WI_ENV_FILE="/etc/sysconfig/wazuh-indexer"
+if [ -f "$WI_ENV_FILE" ]; then
+    . "$WI_ENV_FILE"
+fi
+
+exec="$OPENSEARCH_HOME/bin/opensearch"
+prog="wazuh-indexer"
+pidfile="$PID_DIR/${prog}.pid"
+
+export WI_JAVA_OPTS
+export JAVA_HOME
+export OPENSEARCH_PATH_CONF
+export WI_STARTUP_SLEEP_TIME
+
+lockfile=/var/lock/subsys/$prog
+
+if [ ! -x "$exec" ]; then
+    echo "The wazuh-indexer startup script does not exists or it is not executable, tried: $exec"
+    exit 1
+fi
+
+start() {
+    [ -x $exec ] || exit 5
+
+    if [ -n "$MAX_OPEN_FILES" ]; then
+        ulimit -n $MAX_OPEN_FILES
+    fi
+    if [ -n "$MAX_LOCKED_MEMORY" ]; then
+        ulimit -l $MAX_LOCKED_MEMORY
+    fi
+    if [ -n "$MAX_MAP_COUNT" -a -f /proc/sys/vm/max_map_count ] && [ "$MAX_MAP_COUNT" -gt $(cat /proc/sys/vm/max_map_count) ]; then
+        sysctl -q -w vm.max_map_count=$MAX_MAP_COUNT
+    fi
+
+    # Ensure that the PID_DIR exists (it is cleaned at OS startup time)
+    if [ -n "$PID_DIR" ] && [ ! -e "$PID_DIR" ]; then
+        mkdir -p "$PID_DIR" && chown wazuh-indexer:wazuh-indexer "$PID_DIR"
+    fi
+    if [ -n "$pidfile" ] && [ ! -e "$pidfile" ]; then
+        touch "$pidfile" && chown wazuh-indexer:wazuh-indexer "$pidfile"
+    fi
+
+    cd $OPENSEARCH_HOME
+    echo -n $"Starting $prog: "
+    # if not running, start it up here, usually something like "daemon $exec"
+    if command -v systemctl; then
+        daemon --user wazuh-indexer --pidfile $pidfile $exec -p $pidfile -d
+    else
+        runuser wazuh-indexer --shell="/bin/bash" --command="$exec -p $pidfile -d"
+    fi
+    retval=$?
+    echo
+    [ $retval -eq 0 ] && touch $lockfile > /dev/null 2>&1
+    return $retval
+}
+
+stop() {
+    echo -n $"Stopping $prog: "
+    # stop it here, often "killproc $prog"
+    killproc -p $pidfile -d 86400 $prog
+    retval=$?
+    echo
+    [ $retval -eq 0 ] && rm -f $lockfile
+    return $retval
+}
+
+restart() {
+    stop
+    start
+}
+
+reload() {
+    restart
+}
+
+force_reload() {
+    restart
+}
+
+rh_status() {
+    # run checks to determine if the service is running or use generic status
+    status -p $pidfile $prog
+}
+
+rh_status_q() {
+    rh_status >/dev/null 2>&1
+}
+
+
+case "$1" in
+    start)
+        rh_status_q && exit 0
+        $1
+        ;;
+    stop)
+        rh_status_q || exit 0
+        $1
+        ;;
+    restart)
+        $1
+        ;;
+    reload)
+        rh_status_q || exit 7
+        $1
+        ;;
+    force-reload)
+        force_reload
+        ;;
+    status)
+        rh_status
+        ;;
+    condrestart|try-restart)
+        rh_status_q || exit 0
+        restart
+        ;;
+    *)
+        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
+        exit 2
+esac
+exit $?

stack/indexer/base/files/etc/sysconfig/wazuh-indexer

@@ -0,0 +1,52 @@
+################################
+# Wazuh-indexer
+################################
+
+# Wazuh-indexer home directory
+#OPENSEARCH_HOME=/usr/share/wazuh-indexer
+
+# Wazuh-indexer Java path
+#JAVA_HOME=
+
+# Wazuh-indexer configuration directory
+# Note: this setting will be shared with command-line tools
+OPENSEARCH_PATH_CONF=/etc/wazuh-indexer
+
+# Wazuh-indexer PID directory
+#PID_DIR=/run/wazuh-indexer
+
+# Additional Java OPTS
+#WI_JAVA_OPTS=
+
+# Configure restart on package upgrade (true, every other setting will lead to not restarting)
+#RESTART_ON_UPGRADE=true
+
+################################
+# Wazuh-indexer service
+################################
+
+# SysV init.d
+#
+# The number of seconds to wait before checking if Wazuh-indexer started successfully as a daemon process
+WI_STARTUP_SLEEP_TIME=5
+
+################################
+# System properties
+################################
+
+# Specifies the maximum file descriptor number that can be opened by this process
+# When using Systemd, this setting is ignored and the LimitNOFILE defined in
+# /usr/lib/systemd/system/wazuh-indexer.service takes precedence
+#MAX_OPEN_FILES=65535
+
+# The maximum number of bytes of memory that may be locked into RAM
+# Set to "unlimited" if you use the 'bootstrap.memory_lock: true' option
+# in opensearch.yml.
+# When using systemd, LimitMEMLOCK must be set in a unit file such as
+# /etc/systemd/system/wazuh-indexer.service.d/override.conf.
+#MAX_LOCKED_MEMORY=unlimited
+
+# Maximum number of VMA (Virtual Memory Areas) a process can own
+# When using Systemd, this setting is ignored and the 'vm.max_map_count'
+# property is set at boot time in /usr/lib/sysctl.d/wazuh-indexer.conf
+#MAX_MAP_COUNT=262144

stack/indexer/base/files/etc/wazuh-indexer/jvm.options

@@ -0,0 +1,78 @@
+## JVM configuration
+
+################################################################
+## IMPORTANT: JVM heap size
+################################################################
+##
+## You should always set the min and max JVM heap
+## size to the same value. For example, to set
+## the heap to 4 GB, set:
+##
+## -Xms4g
+## -Xmx4g
+##
+## See https://opensearch.org/docs/opensearch/install/important-settings/
+## for more information
+##
+################################################################
+
+# Xms represents the initial size of total heap space
+# Xmx represents the maximum size of total heap space
+
+-Xms1g
+-Xmx1g
+
+################################################################
+## Expert settings
+################################################################
+##
+## All settings below this section are considered
+## expert settings. Don't tamper with them unless
+## you understand what you are doing
+##
+################################################################
+
+## GC configuration
+8-13:-XX:+UseConcMarkSweepGC
+8-13:-XX:CMSInitiatingOccupancyFraction=75
+8-13:-XX:+UseCMSInitiatingOccupancyOnly
+
+## G1GC Configuration
+# NOTE: G1 GC is only supported on JDK version 10 or later
+# to use G1GC, uncomment the next two lines and update the version on the
+# following three lines to your version of the JDK
+# 10-13:-XX:-UseConcMarkSweepGC
+# 10-13:-XX:-UseCMSInitiatingOccupancyOnly
+14-:-XX:+UseG1GC
+14-:-XX:G1ReservePercent=25
+14-:-XX:InitiatingHeapOccupancyPercent=30
+
+## JVM temporary directory
+-Djava.io.tmpdir=${OPENSEARCH_TMPDIR}
+
+## heap dumps
+
+# generate a heap dump when an allocation from the Java heap fails
+# heap dumps are created in the working directory of the JVM
+-XX:+HeapDumpOnOutOfMemoryError
+
+# specify an alternative path for heap dumps; ensure the directory exists and
+# has sufficient space
+-XX:HeapDumpPath=data
+
+# specify an alternative path for JVM fatal error logs
+-XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log
+
+## JDK 8 GC logging
+8:-XX:+PrintGCDetails
+8:-XX:+PrintGCDateStamps
+8:-XX:+PrintTenuringDistribution
+8:-XX:+PrintGCApplicationStoppedTime
+8:-Xloggc:/var/log/wazuh-indexer/gc.log
+8:-XX:+UseGCLogFileRotation
+8:-XX:NumberOfGCLogFiles=32
+8:-XX:GCLogFileSize=64m
+
+# JDK 9+ GC logging
+9-:-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m
+