Update the OVA with the Wazuh Indexer and Dashboard changes

[c-bordon]

It is necessary to update the OVA considering the implementation of Wazuh Indexer and Wazuh Dashboard

[c-bordon]

I was making the first changes in the OVA construction process and I found several problems in the unattended, the first one is the following:

17/02/2022 16:12:04 INFO: Wazuh-dashboard service started. 
17/02/2022 16:12:04 INFO: Starting Wazuh dashboard (this may take a while). 
17/02/2022 16:12:56 ERROR: Cannot connect to Wazuh dashboard. 
17/02/2022 16:12:56 INFO: Cleaning the installation. 
17/02/2022 16:12:56 WARNING: Removing the Wazuh manager.

[root@wazuh-manager unattended_installer]# curl -XGET https://localhost/status -uadmin:${u_pass} -k -w %{http_code} -s -o /dev/null
401[root@wazuh-manager unattended_installer]# curl -XGET https://localhost/status -uadmin:${u_pass} -k -w %{http_code} -s -o /dev/null
401[root@wazuh-manager unattended_installer]# curl -XGET https://localhost/status -uadmin:${u_pass} -k -w %{http_code} -s -o /dev/null
401[root@wazuh-manager unattended_installer]# curl -XGET https://localhost/status -uadmin:${u_pass} -k -w %{http_code} -s -o /dev/null
401[root@wazuh-manager unattended_installer]# curl -XGET https://localhost/status -uadmin:${u_pass} -k -w %{http_code}  -o /dev/null  
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    78  100    78    0     0    843      0 --:--:-- --:--:-- --:--:--   847
401[root@wazuh-manager unattended_installer]# curl -XGET https://localhost/status -uadmin:${u_pass} -k -w %{http_code}
{"statusCode":401,"error":"Unauthorized","message":"Authentication Exception"}401[root@wazuh-manager unattended_installer]# curl -XGET https://localhost/status -uadmin:admin -k -w %{http_code} -s -o /dev/null          
200[root@wazuh-manager unattended_installer]# curl -XGET https://localhost/status -uadmin:admin -k -w %{http_code} -s -o /dev/null

In the dashboard logs you could see that it threw a 401 error in the status query, this is because the admin user was given a different password than admin, that's why it failed, with that correction the installation advanced but it fails at another point in which I continue to investigate:

    default: 17/02/2022 20:12:04 INFO: Wazuh-dashboard service started.
    default: 17/02/2022 20:12:04 INFO: Starting Wazuh dashboard (this may take a while).
    default: 17/02/2022 20:12:16 INFO: Wazuh dashboard started.
    default: 17/02/2022 20:12:16 INFO: You can access the web interface https://<wazuh-dashboard-host-ip>. The credentials are admin:AEeMtOCJ2pAHmPwkG6jkyThcf2oX31FR
    default: 17/02/2022 20:12:16 DEBUG: The Wazuh repository set to production.
    default: 17/02/2022 20:12:16 INFO: Installation finished. You can find in /tmp/unattended_installer/configurations.tar all the certificates created, as well as password_file.yml, with the passwords for all users and config.yml, with the nodes of all of the components and their ips.
    default: /tmp/unattended_installer/wazuh_install.sh: line 1: 13872 Killed                  spin
    default: Failed to stop wazuh-installer.service: Unit wazuh-installer.service not loaded.
The SSH command responded with a non-zero exit status. Vagrant
assumes that this means the command failed. The output for this command
should be in the log above. Please read the output to determine what
went wrong.

[rauldpm]

Update report

• Investigated new unattended
• Adapted ova to new unattended
• OVA package generated successfully
• OVA testing
• wazuh-indexer shows error related to indexer.pem. Investigating.

wazuh-indexer cluster log

[root@wazuh-manager wazuh-user]# journalctl -r -u wazuh-indexer.service | grep -i -E "error|fatal|critical|warning"
Mar 08 21:51:08 wazuh-manager systemd-entrypoint[729]: For complete error details, refer to the log at /var/log/wazuh-indexer/wazuh-cluster.log
Mar 08 21:51:08 wazuh-manager systemd-entrypoint[729]: at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138)

/var/log/wazuh-indexer/wazuh-cluster.log:

Caused by: org.opensearch.OpenSearchException: Unable to read /etc/wazuh-indexer/certs/indexer.pem (/etc/wazuh-indexer/certs/indexer.pem). Please make sure this files exists and is readable regarding to permissions. Property: plugins.se$
        at org.opensearch.security.ssl.DefaultSecurityKeyStore.checkPath(DefaultSecurityKeyStore.java:952) ~[?:?]
        at org.opensearch.security.ssl.DefaultSecurityKeyStore.resolve(DefaultSecurityKeyStore.java:237) ~[?:?]
        at org.opensearch.security.ssl.DefaultSecurityKeyStore.initTransportSSLConfig(DefaultSecurityKeyStore.java:396) ~[?:?]
        at org.opensearch.security.ssl.DefaultSecurityKeyStore.initSSLConfig(DefaultSecurityKeyStore.java:258) ~[?:?]
        at org.opensearch.security.ssl.DefaultSecurityKeyStore.<init>(DefaultSecurityKeyStore.java:179) ~[?:?]
        at org.opensearch.security.ssl.OpenSearchSecuritySSLPlugin.<init>(OpenSearchSecuritySSLPlugin.java:218) ~[?:?]
        at org.opensearch.security.OpenSearchSecurityPlugin.<init>(OpenSearchSecurityPlugin.java:252) ~[?:?]
        at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
        at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:64) ~[?:?]
        at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
        at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
        at java.lang.reflect.Constructor.newInstance(Constructor.java:481) ~[?:?]
        at org.opensearch.plugins.PluginsService.loadPlugin(PluginsService.java:781) ~[opensearch-1.2.4.jar:1.2.4]
        at org.opensearch.plugins.PluginsService.loadBundle(PluginsService.java:726) ~[opensearch-1.2.4.jar:1.2.4]
        at org.opensearch.plugins.PluginsService.loadBundles(PluginsService.java:528) ~[opensearch-1.2.4.jar:1.2.4]
        at org.opensearch.plugins.PluginsService.<init>(PluginsService.java:194) ~[opensearch-1.2.4.jar:1.2.4]
        at org.opensearch.node.Node.<init>(Node.java:396) ~[opensearch-1.2.4.jar:1.2.4]
        at org.opensearch.node.Node.<init>(Node.java:319) ~[opensearch-1.2.4.jar:1.2.4]
        at org.opensearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:242) ~[opensearch-1.2.4.jar:1.2.4]
        at org.opensearch.bootstrap.Bootstrap.setup(Bootstrap.java:242) ~[opensearch-1.2.4.jar:1.2.4]
        at org.opensearch.bootstrap.Bootstrap.init(Bootstrap.java:412) ~[opensearch-1.2.4.jar:1.2.4]
        at org.opensearch.bootstrap.OpenSearch.init(OpenSearch.java:178) ~[opensearch-1.2.4.jar:1.2.4]

• Maybe related to

eval "tar -xf ${tar_file} -C ${indexer_cert_path} ./${name}.pem  && mv ${indexer_cert_path}${name}.pem ${indexer_cert_path}indexer.pem ${debug}"

mv: '/etc/wazuh-indexer/certs/indexer.pem' and '/etc/wazuh-indexer/certs/indexer.pem' are the same file
mv: '/etc/wazuh-indexer/certs/indexer-key.pem' and '/etc/wazuh-indexer/certs/indexer-key.pem' are the same file
mv: '/etc/wazuh-dashboard/certs/dashboard.pem' and '/etc/wazuh-dashboard/certs/dashboard.pem' are the same file
mv: '/etc/wazuh-dashboard/certs/dashboard-key.pem' and '/etc/wazuh-dashboard/certs/dashboard-key.pem' are the same file

[rauldpm]

Update report

• Ova errors related to unattended install
• Warnings related to unattended install (opendistro)
• Tested ova -> Opened PR
• Worked in ova and ami jenkins builders
• OVA and AMI adapted. Build success. Testing ok
• Waiting Folder for tar file in Unnattended installer #1319 to be merged to adapt changes in AMI and create PR in wazuh-jenkins

[rauldpm]

Update report

• Updated AMI with changes about password file directory in tar file
• Created PR