Adapt ova to new unattended with wazuh-dashboard and wazuh-indexer

[rauldpm]

Related issue
Related to #1263

Description

This PR adapts the OVA to the latest unattended changes using wazuh-dashboard and wazuh-indexer

Logs example

Build without debug

-> % bash generate_ova.sh -r dev
Version to build: 4.3.0 with development repository
==> default: VM not created. Moving on...
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'centos/7'...
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'centos/7' version '2004.01' is up to date...
==> default: Setting the name of the VM: vm_wazuh
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
    default: Adapter 1: nat
==> default: Forwarding ports...
    default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 127.0.0.1:2222
    default: SSH username: vagrant
    default: SSH auth method: private key
    default: 
    default: Vagrant insecure key detected. Vagrant will automatically replace
    default: this with a newly generated keypair for better security.
    default: 
    default: Inserting generated public key within guest...
    default: Removing insecure key from the guest if it's present...
    default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
    default: No guest additions were detected on the base box for this VM! Guest
    default: additions are required for forwarded ports, shared folders, host only
    default: networking, and more. If SSH fails on this machine, please install
    default: the guest additions and repackage the box to continue.
    default: 
    default: This is not an error message; everything may continue to work properly,
    default: in which case you may ignore this message.
==> default: Setting hostname...
==> default: Rsyncing folder: /wazuh-packages/1264_adapt-ova-dashboard_4.3/ova/ => /tmp
==> default:   - Exclude: [".vagrant/", "output"]
==> default: Running provisioner: shell...
    default: Running: /tmp/vagrant-shell20220309-32707-1thvex8.sh
    default: Using dev packages
    default: Upgrading the system. This may take a while ...
    default: Adding user wazuh-user to group wheel
    default: 09/03/2022 13:41:12 INFO: Starting Wazuh installation assistant. Wazuh version: 4.3.0
    default: 09/03/2022 13:41:15 INFO: --- Configuration files ---
    default: 09/03/2022 13:41:15 INFO: Generating configuration files.
    default: 09/03/2022 13:41:15 INFO: Created /tmp/unattended_installer/wazuh-install-files.tar. Contains Wazuh cluster key, certificates, and passwords necessary for installation.
    default: 09/03/2022 13:41:19 INFO: --- Dependencies ----
    default: 09/03/2022 13:41:19 INFO: Installing unzip.
    default: 09/03/2022 13:41:27 INFO: Installing wget.
    default: 09/03/2022 13:41:29 INFO: --- Wazuh indexer ---
    default: 09/03/2022 13:41:29 INFO: Starting Wazuh indexer installation.
    default: 09/03/2022 13:42:38 INFO: Wazuh indexer installation finished.
    default: 09/03/2022 13:42:38 INFO: Wazuh indexer post-install configuration finished.
    default: 09/03/2022 13:42:38 INFO: Starting service wazuh-indexer.
    default: 09/03/2022 13:42:46 INFO: Wazuh-indexer service started.
    default: 09/03/2022 13:42:46 INFO: Initializing Wazuh indexer cluster security settings.
    default: 09/03/2022 13:42:51 INFO: Wazuh indexer cluster initialized.
    default: 09/03/2022 13:42:51 INFO: --- Wazuh server ---
    default: 09/03/2022 13:42:51 INFO: Starting the Wazuh manager installation.
    default: 09/03/2022 13:43:27 INFO: Wazuh manager installation finished.
    default: 09/03/2022 13:43:27 INFO: Starting service wazuh-manager.
    default: 09/03/2022 13:43:36 INFO: Wazuh-manager service started.
    default: 09/03/2022 13:43:36 INFO: Starting Filebeat installation.
    default: 09/03/2022 13:43:41 INFO: Filebeat installation finished.
    default: 09/03/2022 13:43:44 INFO: Filebeat post-install configuration finished.
    default: 09/03/2022 13:43:44 INFO: Starting service filebeat.
    default: 09/03/2022 13:43:44 INFO: Filebeat service started.
    default: 09/03/2022 13:43:44 INFO: --- Wazuh dashboard ---
    default: 09/03/2022 13:43:44 INFO: Starting Wazuh dashboard installation.
    default: 09/03/2022 13:45:01 INFO: Wazuh dashboard installation finished.
    default: 09/03/2022 13:45:01 INFO: Wazuh dashboard post-install configuration finished.
    default: 09/03/2022 13:45:01 INFO: Starting service wazuh-dashboard.
    default: 09/03/2022 13:45:01 INFO: Wazuh-dashboard service started.
    default: 09/03/2022 13:45:15 INFO: Starting Wazuh dashboard.
    default: 09/03/2022 13:45:28 INFO: Wazuh dashboard started.
    default: 09/03/2022 13:45:28 INFO: --- Summary ---
    default: 09/03/2022 13:45:28 INFO: You can access the web interface https://<wazuh-dashboard-ip>.
    default:     User: admin
    default:     Password: admin
    default: 09/03/2022 13:45:28 INFO: Installation finished.
    default: 09/03/2022 13:45:28 INFO: The certificates and passwords used are stored in /tmp/unattended_installer/wazuh-install-files.tar.
    default: Loaded plugins: fastestmirror
    default: Cleaning repos: base extras updates wazuh
    default: Cleaning up list of fastest mirrors
==> default: Running provisioner: shell...
    default: Running: /tmp/vagrant-shell20220309-32707-axsyw6.sh
    default: Created symlink from /etc/systemd/system/multi-user.target.wants/removeVagrant.service to /etc/systemd/system/removeVagrant.service.
==> default: Saving VM state and suspending execution...
Exporting ova
0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
Successfully exported 1 machine(s).
==> default: Discarding saved state of VM...
==> default: Destroying VM and associated drives...
wazuh-4.3.0.ovf
wazuh-4.3.0-disk001.vmdk
Setting up ova for VMware ESXi
Standarizing OVA
Setting OVA to default
wazuh-4.3.0.ovf
wazuh-4.3.0-disk001.vmdk
OVF extracted
mv: '/wazuh-packages/1264_adapt-ova-dashboard_4.3/ova/new-ova/wazuh-4.3.0.ovf' and '/wazuh-packages/1264_adapt-ova-dashboard_4.3/ova/new-ova/wazuh-4.3.0.ovf' are the same file
mv: cannot make `stat' at '/wazuh-packages/1264_adapt-ova-dashboard_4.3/ova/new-ova/*.mf': The file does not exists
Files renamed
OVF Version changed
OVF Size changed
Manifest changed
wazuh-4.3.0.ovf
wazuh-4.3.0-disk-1.vmdk
wazuh-4.3.0.mf
New OVA created
Cleaned temporary directory
Process finished
==> default: VM not created. Moving on...

Build with debug

ova_debug.log

Tests

• ssh wazuh-user login success
• ssh root login fails (expected)
• Agent tcp/udp connecction success
• manager has alerts from agent success
• UI: Access success (admin:admin)
• UI: Discover see agent alerts
• Passwords check (user==password)
• No vagrant related found
• Wazuh repository is set to produccion after install. Fixed in b2724c6
• no error fatal warning critical found in wazuh-manager service
• no error fatal warning critical found in wazuh-dashboard service
• no error fatal warning critical found in filebeat service
• Found warnings in wazuh-indexer service ⚠️ Same errors found in unattended install without ova

[root@wazuh-manager wazuh-user]# journalctl -r -u wazuh-manager.service | grep -i -E "error|fatal|warning|critical"
[root@wazuh-manager wazuh-user]# journalctl -r -u wazuh-dashboard.service | grep -i -E "error|fatal|warning|critical"
[root@wazuh-manager wazuh-user]# journalctl -r -u wazuh-filebeat.service | grep -i -E "error|fatal|warning|critical"
[root@wazuh-manager wazuh-user]# journalctl -r -u wazuh-indexer.service | grep -i -E "error|fatal|warning|critical"
Mar 09 14:02:32 wazuh-manager systemd-entrypoint[726]: WARNING: All illegal access operations will be denied in a future release
Mar 09 14:02:32 wazuh-manager systemd-entrypoint[726]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
Mar 09 14:02:32 wazuh-manager systemd-entrypoint[726]: WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema
Mar 09 14:02:32 wazuh-manager systemd-entrypoint[726]: WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-runtime-1.7.4.jar) to field java.lang.Throwable.cause
Mar 09 14:02:32 wazuh-manager systemd-entrypoint[726]: WARNING: An illegal reflective access operation has occurred

[root@wazuh-manager wazuh-user]# curl -k -u admin:admin https://localhost:9200/_cat/indices?s=index
green  open .kibana_1                    sdHfDBhOSlGV7VHndbcoAQ 1 0   5 1  34.2kb  34.2kb
green  open .opendistro_security         u7QIZO-LT_CEOF2phSzqdQ 1 0   9 8  92.6kb  92.6kb
yellow open security-auditlog-2022.03.09 Pc9OEEFLTYKPaVdtgHDoSw 1 1  35 0 106.7kb 106.7kb
green  open wazuh-alerts-4.x-2022.03.09  v73z9IRUQ3aeIVtGTFWIMA 3 0 435 0   1.1mb   1.1mb
green  open wazuh-monitoring-2022.10w    pC62wV6SRWG3s6ZyZXO1wQ 1 0   1 0  15.9kb  15.9kb
green  open wazuh-statistics-2022.10w    lfzOkdKWRxm1p3csskYhFA 2 0   8 0 105.6kb 105.6kb

[root@wazuh-manager wazuh-user]# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2

---

• Build the package in any supported platform
  • Linux
• Package installation (VirtualBox)
• Change added to CHANGELOG.md

• Tests for Linux RPM
  • Build the package for x86_64

Regards, Raúl.

[DFolchA]

LGTM

[alberpilot]

LGTM