-
Notifications
You must be signed in to change notification settings - Fork 416
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SPIKE - Wazuh Docker #1624
Comments
DescriptionI've been looking into separating the Dockerfiles from the Docker images of each of the components of the Wazuh stack. By making a few changes it is possible to generate them. The deployment has been tested and works without problems: Wazuh manager$ docker build -t wazuh/wazuh-manager:4.9.2 .
[+] Building 145.1s (24/24) FINISHED
=> [internal] load build definition from Dockerfile 0.1s
=> => transferring dockerfile: 2.42kB 0.0s
=> [internal] load metadata for docker.io/library/amazonlinux:2023 3.1s
=> [auth] library/amazonlinux:pull token for registry-1.docker.io 0.0s
=> [internal] load .dockerignore 0.1s
=> => transferring context: 2B 0.0s
=> [14/17] ADD https://raw.githubusercontent.com/wazuh/wazuh/v4.9.2/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat 0.0s
=> [ 1/17] FROM docker.io/library/amazonlinux:2023@sha256:6c2c3bb2ce484e8496c83bd672a62528406b96c74594b195f70dc3d7b420c296 14.3s
=> => resolve docker.io/library/amazonlinux:2023@sha256:6c2c3bb2ce484e8496c83bd672a62528406b96c74594b195f70dc3d7b420c296 0.1s
=> => sha256:6c2c3bb2ce484e8496c83bd672a62528406b96c74594b195f70dc3d7b420c296 2.38kB / 2.38kB 0.0s
=> => sha256:896212a6eb4bac05279a901518ced7b04623652be4aed944e5a3f63fed0ec981 1.02kB / 1.02kB 0.0s
=> => sha256:77424cbe957ca5d9b174abd840881380567113c8e42acebdb0bd698b5dcdf166 575B / 575B 0.0s
=> => sha256:46453255c2f610c1cb9c8197635e6d542bbd326425a9898df0de76e5bb566461 52.38MB / 52.38MB 3.3s
=> => extracting sha256:46453255c2f610c1cb9c8197635e6d542bbd326425a9898df0de76e5bb566461 10.7s
=> [internal] load build context 0.1s
=> => transferring context: 27.79kB 0.0s
=> [ 2/17] RUN rm /bin/sh && ln -s /bin/bash /bin/sh 1.6s
=> [ 3/17] RUN yum install curl-minimal xz gnupg tar gzip openssl findutils procps -y && yum clean all 17.3s
=> [ 4/17] COPY config/check_repository.sh / 0.2s
=> [ 5/17] COPY config/filebeat_module.sh / 0.1s
=> [ 6/17] COPY config/permanent_data.env config/permanent_data.sh / 0.1s
=> [ 7/17] RUN chmod 775 /check_repository.sh 0.4s
=> [ 8/17] RUN source /check_repository.sh 1.4s
=> [ 9/17] RUN yum install wazuh-manager-4.9.2-1 -y && yum clean all && chmod 775 /filebeat_module.sh && source /filebeat_module.sh && rm /filebeat_module.sh & 96.3s
=> [10/17] COPY config/etc/ /etc/ 0.1s
=> [11/17] COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py 0.2s
=> [12/17] COPY config/filebeat.yml /etc/filebeat/ 0.1s
=> [13/17] RUN chmod go-w /etc/filebeat/filebeat.yml 0.5s
=> [14/17] ADD https://raw.githubusercontent.com/wazuh/wazuh/v4.9.2/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat 0.1s
=> [15/17] RUN chmod go-w /etc/filebeat/wazuh-template.json 0.4s
=> [16/17] RUN mkdir -p /var/ossec/var/multigroups && chown root:wazuh /var/ossec/var/multigroups && chmod 770 /var/ossec/var/multigroups && mkdir -p /var/ossec/age 1.5s
=> [17/17] RUN rm /etc/yum.repos.d/wazuh.repo 0.5s
=> exporting to image 6.3s
=> => exporting layers 6.2s
=> => writing image sha256:2e96d7e9c374afcb8b3b07d3aa0b9ba76a62d860dfe93569eda2bb2ae2d1b96e 0.0s
=> => naming to docker.io/wazuh/wazuh-manager:4.9.2 Wazuh indexer$ docker build -t wazuh/wazuh-indexer:4.9.2 .
[+] Building 118.6s (33/33) FINISHED
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 2.77kB 0.0s
=> [internal] load metadata for docker.io/library/amazonlinux:2023 0.8s
=> [internal] load .dockerignore 0.1s
=> => transferring context: 2B 0.0s
=> CACHED [builder 1/13] FROM docker.io/library/amazonlinux:2023@sha256:6c2c3bb2ce484e8496c83bd672a62528406b96c74594b195f70dc3d7b420c296 0.0s
=> [internal] load build context 0.1s
=> => transferring context: 19.34kB 0.0s
=> [stage-1 2/16] RUN yum install curl-minimal shadow-utils findutils hostname -y 22.6s
=> [builder 2/13] RUN yum install curl-minimal openssl xz tar findutils shadow-utils -y 13.3s
=> [builder 3/13] COPY config/check_repository.sh / 0.2s
=> [builder 4/13] RUN chmod 775 /check_repository.sh && source /check_repository.sh 1.1s
=> [builder 5/13] RUN yum install wazuh-indexer-4.9.2-1 -y && yum clean all 77.1s
=> [stage-1 3/16] RUN getent group wazuh-indexer || groupadd -r -g 1000 wazuh-indexer 0.6s
=> [stage-1 4/16] RUN useradd --system --uid 1000 --no-create-home --home-dir /usr/share/wazuh-indexer --gid wazuh-indexer 1.9s
=> [stage-1 5/16] WORKDIR /usr/share/wazuh-indexer 0.4s
=> [stage-1 6/16] COPY config/entrypoint.sh / 0.3s
=> [stage-1 7/16] COPY config/securityadmin.sh / 0.3s
=> [stage-1 8/16] RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh 1.1s
=> [stage-1 9/16] RUN chown 1000:1000 /*.sh 1.1s
=> [builder 6/13] COPY config/opensearch.yml / 0.1s
=> [builder 7/13] COPY config/config.sh . 0.1s
=> [builder 8/13] COPY config/config.yml / 0.1s
=> [builder 9/13] COPY config/action_groups.yml / 0.1s
=> [builder 10/13] COPY config/internal_users.yml / 0.1s
=> [builder 11/13] COPY config/roles_mapping.yml / 0.1s
=> [builder 12/13] COPY config/roles.yml / 0.1s
=> [builder 13/13] RUN bash config.sh 4.2s
=> [stage-1 10/16] COPY --from=builder --chown=1000:1000 /usr/share/wazuh-indexer /usr/share/wazuh-indexer 2.5s
=> [stage-1 11/16] COPY --from=builder --chown=1000:1000 /etc/wazuh-indexer /usr/share/wazuh-indexer 0.1s
=> [stage-1 12/16] COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/systemd /usr/lib/systemd 0.1s
=> [stage-1 13/16] COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/sysctl.d /usr/lib/sysctl.d 0.2s
=> [stage-1 14/16] COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/tmpfiles.d /usr/lib/tmpfiles.d 0.2s
=> [stage-1 15/16] RUN chown -R 1000:1000 /usr/share/wazuh-indexer 7.7s
=> [stage-1 16/16] RUN mkdir -p /var/lib/wazuh-indexer && chown 1000:1000 /var/lib/wazuh-indexer && mkdir -p /usr/share/wazuh-indexer/logs && chown 1000:1000 /usr/share/waz 0.6s
=> exporting to image 5.0s
=> => exporting layers 5.0s
=> => writing image sha256:a110f44fbd70f5af2ba38be179269803a65f378cb7b44625fc8e3f4b6b4c91c6 0.0s
=> => naming to docker.io/wazuh/wazuh-indexer:4.9.2 Wazuh dashboard$ docker build -t wazuh/wazuh-dashboard:4.9.2 .
[+] Building 147.4s (30/30) FINISHED
=> [internal] load build definition from Dockerfile 0.1s
=> => transferring dockerfile: 3.23kB 0.0s
=> [internal] load metadata for docker.io/library/amazonlinux:2023 1.7s
=> [auth] library/amazonlinux:pull token for registry-1.docker.io 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load build context 0.1s
=> => transferring context: 10.19kB 0.0s
=> CACHED [builder 1/12] FROM docker.io/library/amazonlinux:2023@sha256:6c2c3bb2ce484e8496c83bd672a62528406b96c74594b195f70dc3d7b420c296 0.0s
=> [stage-1 2/13] RUN yum install shadow-utils -y 21.8s
=> [builder 2/12] RUN yum install curl-minimal libcap openssl -y 10.5s
=> [builder 3/12] COPY config/check_repository.sh / 0.2s
=> [builder 4/12] RUN chmod 775 /check_repository.sh && source /check_repository.sh 1.1s
=> [builder 5/12] RUN yum install wazuh-dashboard-4.9.2-1 -y && yum clean all 66.5s
=> [stage-1 3/13] RUN getent group wazuh-dashboard || groupadd -r -g 1000 wazuh-dashboard 0.7s
=> [stage-1 4/13] RUN useradd --system --uid 1000 --no-create-home --home-dir /usr/share/wazuh-dashboard --gid wazuh-dashboard 0.5s
=> [stage-1 5/13] COPY config/entrypoint.sh / 0.1s
=> [stage-1 6/13] COPY config/wazuh_app_config.sh / 0.1s
=> [stage-1 7/13] RUN chmod 700 /entrypoint.sh 0.7s
=> [stage-1 8/13] RUN chmod 700 /wazuh_app_config.sh 0.8s
=> [stage-1 9/13] RUN chown 1000:1000 /*.sh 0.8s
=> [builder 6/12] RUN mkdir -p /usr/share/wazuh-dashboard/data/wazuh && chmod -R 775 /usr/share/wazuh-dashboard/data/wazuh 0.4s
=> [builder 7/12] RUN mkdir -p /usr/share/wazuh-dashboard/data/wazuh/config && chmod -R 775 /usr/share/wazuh-dashboard/data/wazuh/config 0.4s
=> [builder 8/12] RUN mkdir -p /usr/share/wazuh-dashboard/data/wazuh/logs && chmod -R 775 /usr/share/wazuh-dashboard/data/wazuh/logs 0.4s
=> [builder 9/12] COPY config/wazuh.yml /usr/share/wazuh-dashboard/data/wazuh/config/ 0.1s
=> [builder 10/12] COPY config/config.sh . 0.1s
=> [builder 11/12] COPY config/config.yml / 0.1s
=> [builder 12/12] RUN bash config.sh 2.8s
=> [stage-1 10/13] COPY --from=builder --chown=1000:1000 /usr/share/wazuh-dashboard /usr/share/wazuh-dashboard 42.4s
=> [stage-1 11/13] RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom 0.4s
=> [stage-1 12/13] RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom 0.4s
=> [stage-1 13/13] WORKDIR /usr/share/wazuh-dashboard 0.1s
=> exporting to image 8.7s
=> => exporting layers 8.7s
=> => writing image sha256:f1ef95f13668c0f7a7bb4a102d46f3682277b1f6114e9dfbadc87013af4f611b 0.0s
=> => naming to docker.io/wazuh/wazuh-dashboard:4.9.2 Regarding the details of the spike, I have doubts regarding the modification of the build of the images, which require several changes and in many cases, adding functionalities that are not currently contemplated and that are necessary to be able to deploy the integrations that Wazuh currently has developed. |
I've been looking at the options we have with AWS ECR, both with a public and private repository. What permissions are required for its use, pushing images to use and I'm looking at which options are best for Kubernetes tests, since a private repository can be accessed from EKS. |
By performing several tests, it is possible to use private ECR registries in AWS. To use a private ECR repository in any VM where we are performing a test, it is necessary to have AWS cli installed, which we have in the VMs where we execute the GHA workflows, configure the keys of a user or assume a role with the necessary permissions and then we can run the docker login command to obtain the login credentials of the private ECR registry. After obtaining the login credentials, we can do without the login in AWS cli. Login in ECR: $ aws ecr get-login-password --region us-west-1 | docker login --username AWS --password-stdin <account-id>.dkr.ecr.<region>.amazonaws.com
WARNING! Your password will be stored unencrypted in /home/vcerenu/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credential-stores
Login Succeeded docker-compose.yml and deploying with images hosted in the ECR private registry: $ cat docker-compose.yml
# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
services:
wazuh.manager:
image: <account-id>.dkr.ecr.<region>.amazonaws.com/wazuh/wazuh-manager:4.9.2
hostname: wazuh.manager
restart: always
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 655360
hard: 655360
ports:
- "1514:1514"
- "1515:1515"
- "514:514/udp"
- "55000:55000"
environment:
- INDEXER_URL=https://wazuh.indexer:9200
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- FILEBEAT_SSL_VERIFICATION_MODE=full
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
- SSL_CERTIFICATE=/etc/ssl/filebeat.pem
- SSL_KEY=/etc/ssl/filebeat.key
- API_USERNAME=wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*-
volumes:
- wazuh_api_configuration:/var/ossec/api/configuration
- wazuh_etc:/var/ossec/etc
- wazuh_logs:/var/ossec/logs
- wazuh_queue:/var/ossec/queue
- wazuh_var_multigroups:/var/ossec/var/multigroups
- wazuh_integrations:/var/ossec/integrations
- wazuh_active_response:/var/ossec/active-response/bin
- wazuh_agentless:/var/ossec/agentless
- wazuh_wodles:/var/ossec/wodles
- filebeat_etc:/etc/filebeat
- filebeat_var:/var/lib/filebeat
- ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
- ./config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem
- ./config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key
- ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
wazuh.indexer:
image: <account-id>.dkr.ecr.<region>.amazonaws.com/wazuh/wazuh-indexer:4.9.2
hostname: wazuh.indexer
restart: always
ports:
- "9200:9200"
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- wazuh-indexer-data:/var/lib/wazuh-indexer
- ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
- ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key
- ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
- ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
- ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
- ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
wazuh.dashboard:
image: <account-id>.dkr.ecr.<region>.amazonaws.com/wazuh/wazuh-dashboard:4.9.2
hostname: wazuh.dashboard
restart: always
ports:
- 443:5601
environment:
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- WAZUH_API_URL=https://wazuh.manager
- DASHBOARD_USERNAME=kibanaserver
- DASHBOARD_PASSWORD=kibanaserver
- API_USERNAME=wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*-
volumes:
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
- ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
- ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
- ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
- wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
- wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
depends_on:
- wazuh.indexer
links:
- wazuh.indexer:wazuh.indexer
- wazuh.manager:wazuh.manager
volumes:
wazuh_api_configuration:
wazuh_etc:
wazuh_logs:
wazuh_queue:
wazuh_var_multigroups:
wazuh_integrations:
wazuh_active_response:
wazuh_agentless:
wazuh_wodles:
filebeat_etc:
filebeat_var:
wazuh-indexer-data:
wazuh-dashboard-config:
wazuh-dashboard-custom:
$ docker compose up -d
[+] Running 47/35
✔ wazuh.manager Pulled 193.9s
✔ wazuh.indexer Pulled 254.2s
✔ wazuh.dashboard Pulled 306.6s
[+] Running 18/18
✔ Network single-node_default Created 0.3s
✔ Volume "single-node_filebeat_var" Created 0.0s
✔ Volume "single-node_wazuh_var_multigroups" Created 0.0s
✔ Volume "single-node_filebeat_etc" Created 0.0s
✔ Volume "single-node_wazuh_wodles" Created 0.0s
✔ Volume "single-node_wazuh-dashboard-config" Created 0.0s
✔ Volume "single-node_wazuh_active_response" Created 0.0s
✔ Volume "single-node_wazuh_logs" Created 0.0s
✔ Volume "single-node_wazuh-indexer-data" Created 0.0s
✔ Volume "single-node_wazuh_api_configuration" Created 0.0s
✔ Volume "single-node_wazuh_queue" Created 0.0s
✔ Volume "single-node_wazuh_integrations" Created 0.0s
✔ Volume "single-node_wazuh_agentless" Created 0.0s
✔ Volume "single-node_wazuh-dashboard-custom" Created 0.0s
✔ Volume "single-node_wazuh_etc" Created 0.0s
✔ Container single-node-wazuh.manager-1 Started 3.3s
✔ Container single-node-wazuh.indexer-1 Started 3.0s
✔ Container single-node-wazuh.dashboard-1 Started 1.9s
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c1a8543bd2fa <account-id>.dkr.ecr.<region>.amazonaws.com/wazuh/wazuh-dashboard:4.9.2 "/entrypoint.sh" 8 seconds ago Up 5 seconds 443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp single-node-wazuh.dashboard-1
f58aa0cdee35 <account-id>.dkr.ecr.<region>.amazonaws.com/wazuh/wazuh-indexer:4.9.2 "/entrypoint.sh open…" 10 seconds ago Up 6 seconds 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp single-node-wazuh.indexer-1
2ab0d8ec5dd3 <account-id>.dkr.ecr.<region>.amazonaws.com/wazuh/wazuh-manager:4.9.2 "/init" 10 seconds ago Up 6 seconds 0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp single-node-wazuh.manager-1
$ I also performed tests on EKS with the private ECR repository and, without needing to add permissions after creating the cluster with eksctl, I was able to deploy without problems.. |
Reviewing previous tasks that we had pending for these changes, there was the issue of adapting the deployments by Docker Compose from v1 to v2, which I was investigating and we only have one line that generates a warning:
When we run with Docker Compose v2 we have the following message:
By removing this line from the yaml files with which we run tasks, we stop generating errors. We have a community PR, which makes changes to the single-node/docker-compose.yml and multi-node/docker-compose.yml files: #1595 These changes are correct, but there are some more changes missing, regarding the yaml files for creating Wazuh Docker images and creating certificates in the deployment. I will modify these in the next PR: #1632 These changes remain pending to be applied during the tasks after SPIKE. I have performed a test of creating images and deploying them on a single node and on multiple nodes, removing the tag and modifying the use of the ~/wazuh-docker$ build-docker-images/build-images.sh
[+] Building 540.7s (81/81) FINISHED docker:default
=> [wazuh.manager internal] load build definition from Dockerfile 0.1s
=> => transferring dockerfile: 2.38kB 0.0s
=> [wazuh.indexer internal] load build definition from Dockerfile 0.1s
=> => transferring dockerfile: 3.00kB 0.0s
=> [wazuh.dashboard internal] load metadata for docker.io/library/amazonlinux:2023 3.7s
=> [wazuh.indexer internal] load .dockerignore 0.1s
=> => transferring context: 2B 0.0s
=> [wazuh.manager internal] load .dockerignore 0.1s
=> => transferring context: 2B 0.0s
=> CACHED [wazuh.manager 14/17] ADD https://raw.githubusercontent.com/wazuh/wazuh/v4.9.2/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat 0.6s
=> [wazuh.manager internal] load build context 0.2s
=> => transferring context: 836B 0.0s
=> CACHED [wazuh.dashboard builder 1/12] FROM docker.io/library/amazonlinux:2023@sha256:5cb6ab1a1a13f33425b6c660a45f06298e204a22df1f9eeefe69cda3735d9757 0.0s
=> [wazuh.indexer internal] load build context 0.1s
=> => transferring context: 229B 0.0s
=> [wazuh.indexer stage-1 2/17] RUN echo "export JAVA_HOME=/usr/share/wazuh-indexer/jdk" >> /etc/profile.d/java_home.sh && echo "export PATH=$PATH:$JAVA_HOME/bin" >> /etc/ 0.9s
=> [wazuh.indexer builder 2/8] RUN yum install curl-minimal openssl xz tar findutils shadow-utils -y 25.2s
=> [wazuh.manager 2/17] RUN rm /bin/sh && ln -s /bin/bash /bin/sh 0.9s
=> [wazuh.manager 3/17] RUN yum install curl-minimal xz gnupg tar gzip openssl findutils procps -y && yum clean all 24.2s
=> [wazuh.indexer stage-1 3/17] RUN yum install curl-minimal shadow-utils findutils hostname -y 22.7s
=> [wazuh.indexer stage-1 4/17] RUN getent group wazuh-indexer || groupadd -r -g 1000 wazuh-indexer 0.7s
=> [wazuh.indexer stage-1 5/17] RUN useradd --system --uid 1000 --no-create-home --home-dir /usr/share/wazuh-indexer --gid wazu 1.1s
=> [wazuh.manager 4/17] COPY config/check_repository.sh / 0.4s
=> [wazuh.indexer builder 3/8] COPY config/check_repository.sh / 0.4s
=> [wazuh.indexer stage-1 6/17] WORKDIR /usr/share/wazuh-indexer 0.3s
=> [wazuh.manager 5/17] COPY config/filebeat_module.sh / 0.3s
=> [wazuh.indexer builder 4/8] RUN chmod 775 /check_repository.sh && source /check_repository.sh 2.0s
=> [wazuh.indexer stage-1 7/17] COPY config/entrypoint.sh / 0.3s
=> [wazuh.manager 6/17] COPY config/permanent_data.env config/permanent_data.sh / 0.3s
=> [wazuh.indexer stage-1 8/17] COPY config/securityadmin.sh / 0.2s
=> [wazuh.manager 7/17] RUN chmod 775 /check_repository.sh 0.6s
=> [wazuh.indexer stage-1 9/17] RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh 0.6s
=> [wazuh.manager 8/17] RUN source /check_repository.sh 1.3s
=> [wazuh.indexer stage-1 10/17] RUN chown 1000:1000 /*.sh 0.6s
=> [wazuh.indexer builder 5/8] RUN yum install wazuh-indexer-4.9.2-1 -y && yum clean all 209.2s
=> [wazuh.manager 9/17] RUN yum install wazuh-manager-4.9.2-1 -y && yum clean all && chmod 775 /filebeat_module.sh && source /filebeat_module.sh && rm /fileb 205.1s
=> [wazuh.manager 10/17] COPY config/etc/ /etc/ 0.3s
=> [wazuh.manager 11/17] COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py 0.2s
=> [wazuh.manager 12/17] COPY config/filebeat.yml /etc/filebeat/ 0.2s
=> [wazuh.manager 13/17] RUN chmod go-w /etc/filebeat/filebeat.yml 0.7s
=> [wazuh.manager 14/17] ADD https://raw.githubusercontent.com/wazuh/wazuh/v4.9.2/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat 0.2s
=> [wazuh.manager 15/17] RUN chmod go-w /etc/filebeat/wazuh-template.json 1.3s
=> [wazuh.manager 16/17] RUN mkdir -p /var/ossec/var/multigroups && chown root:wazuh /var/ossec/var/multigroups && chmod 770 /var/ossec/var/multigroups && mkdir -p 2.3s
=> [wazuh.indexer builder 6/8] COPY config/config.sh . 0.3s
=> [wazuh.indexer builder 7/8] COPY config/config.yml / 0.2s
=> [wazuh.indexer builder 8/8] RUN bash config.sh 7.7s
=> [wazuh.manager 17/17] RUN rm /etc/yum.repos.d/wazuh.repo 0.6s
=> [wazuh.manager] exporting to image 51.7s
=> => exporting layers 51.6s
=> => writing image sha256:f92db999a394d25ecd05c0e7faab44965ea7e855d1ffba4b7f41f99f4766d40f 0.0s
=> => naming to docker.io/wazuh/wazuh-manager:4.9.2 0.0s
=> [wazuh.indexer stage-1 11/17] COPY --from=builder --chown=1000:1000 /usr/share/wazuh-indexer /usr/share/wazuh-indexer 12.6s
=> [wazuh.indexer stage-1 12/17] COPY --from=builder --chown=1000:1000 /etc/wazuh-indexer /usr/share/wazuh-indexer 0.2s
=> [wazuh.indexer stage-1 13/17] COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/systemd /usr/lib/systemd 0.2s
=> [wazuh.indexer stage-1 14/17] COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/sysctl.d /usr/lib/sysctl.d 0.2s
=> [wazuh.indexer stage-1 15/17] COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/tmpfiles.d /usr/lib/tmpfiles.d 0.2s
=> [wazuh.indexer stage-1 16/17] RUN chown -R 1000:1000 /usr/share/wazuh-indexer 16.5s
=> [wazuh.indexer stage-1 17/17] RUN mkdir -p /var/lib/wazuh-indexer && chown 1000:1000 /var/lib/wazuh-indexer && mkdir -p /usr/share/wazuh-indexer/logs && chown 1000:1000 0.7s
=> [wazuh.indexer] exporting to image 10.2s
=> => exporting layers 10.1s
=> => writing image sha256:7f875d89f1b9656495d4677171152b228977e8b2dabf3b7515973e98609c1a78 0.0s
=> => naming to docker.io/wazuh/wazuh-indexer:4.9.2 0.0s
=> [wazuh.manager] resolving provenance for metadata file 0.1s
=> [wazuh.indexer] resolving provenance for metadata file 0.0s
=> [wazuh.dashboard internal] load build definition from Dockerfile 0.1s
=> => transferring dockerfile: 3.25kB 0.0s
=> [wazuh.dashboard internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [wazuh.dashboard internal] load build context 0.1s
=> => transferring context: 268B 0.0s
=> [wazuh.dashboard builder 2/12] RUN yum install curl-minimal libcap openssl -y 19.7s
=> [wazuh.dashboard stage-1 2/14] RUN yum install shadow-utils -y 19.9s
=> [wazuh.dashboard builder 3/12] COPY config/check_repository.sh / 0.3s
=> [wazuh.dashboard stage-1 3/14] RUN getent group wazuh-dashboard || groupadd -r -g 1000 wazuh-dashboard 0.6s
=> [wazuh.dashboard builder 4/12] RUN chmod 775 /check_repository.sh && source /check_repository.sh 1.8s
=> [wazuh.dashboard stage-1 4/14] RUN useradd --system --uid 1000 --no-create-home --home-dir /usr/share/wazuh-dashboard --gid 0.5s
=> [wazuh.dashboard stage-1 5/14] COPY config/entrypoint.sh / 0.1s
=> [wazuh.dashboard stage-1 6/14] COPY config/wazuh_app_config.sh / 0.1s
=> [wazuh.dashboard stage-1 7/14] RUN chmod 700 /entrypoint.sh 0.5s
=> [wazuh.dashboard stage-1 8/14] RUN chmod 700 /wazuh_app_config.sh 0.6s
=> [wazuh.dashboard builder 5/12] RUN yum install wazuh-dashboard-4.9.2-1 -y && yum clean all 100.6s
=> [wazuh.dashboard stage-1 9/14] RUN chown 1000:1000 /*.sh 0.6s
=> [wazuh.dashboard builder 6/12] RUN mkdir -p /usr/share/wazuh-dashboard/data/wazuh && chmod -R 775 /usr/share/wazuh-dashboard/data/wazuh 0.4s
=> [wazuh.dashboard builder 7/12] RUN mkdir -p /usr/share/wazuh-dashboard/data/wazuh/config && chmod -R 775 /usr/share/wazuh-dashboard/data/wazuh/config 0.4s
=> [wazuh.dashboard builder 8/12] RUN mkdir -p /usr/share/wazuh-dashboard/data/wazuh/logs && chmod -R 775 /usr/share/wazuh-dashboard/data/wazuh/logs 0.5s
=> [wazuh.dashboard builder 9/12] COPY config/wazuh.yml /usr/share/wazuh-dashboard/data/wazuh/config/ 0.1s
=> [wazuh.dashboard builder 10/12] COPY config/config.sh . 0.1s
=> [wazuh.dashboard builder 11/12] COPY config/config.yml / 0.2s
=> [wazuh.dashboard builder 12/12] RUN bash config.sh 3.9s
=> [wazuh.dashboard stage-1 10/14] COPY --from=builder --chown=1000:1000 /usr/share/wazuh-dashboard /usr/share/wazuh-dashboard 45.0s
=> [wazuh.dashboard stage-1 11/14] RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom 0.4s
=> [wazuh.dashboard stage-1 12/14] RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom 0.6s
=> [wazuh.dashboard stage-1 13/14] RUN echo "export JAVA_HOME=/usr/share/wazuh-dashboard/jdk" >> /etc/profile.d/java_home.sh && echo "export PATH=$PATH:$JAVA_HOME/bin" >> / 0.5s
=> [wazuh.dashboard stage-1 14/14] WORKDIR /usr/share/wazuh-dashboard 0.1s
=> [wazuh.dashboard] exporting to image 58.4s
=> => exporting layers 58.3s
=> => writing image sha256:9dc69122ad5ce14cfdb397a1258c419b691078d2538583f1f1b65a805980b38f 0.0s
=> => naming to docker.io/wazuh/wazuh-dashboard:4.9.2 0.0s
=> [wazuh.dashboard] resolving provenance for metadata file 0.1s
[+] Building 23.2s (9/9) FINISHED
=> [internal] load build definition from Dockerfile 0.1s
=> => transferring dockerfile: 282B 0.0s
=> [internal] load metadata for docker.io/library/amazonlinux:2023 0.9s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> CACHED [1/5] FROM docker.io/library/amazonlinux:2023@sha256:5cb6ab1a1a13f33425b6c660a45f06298e204a22df1f9eeefe69cda3735d9757 0.0s
=> [internal] load build context 0.1s
=> => transferring context: 2.49kB 0.0s
=> [2/5] RUN yum install curl-minimal openssl -y &&yum clean all 21.2s
=> [3/5] COPY config/entrypoint.sh / 0.2s
=> [4/5] RUN chmod 700 /entrypoint.sh 0.5s
=> exporting to image 0.2s
=> => exporting layers 0.2s
=> => writing image sha256:ad4a24682edcc7019b845b4789c9066448dffbd550aa4c89014c7ba286791754 0.0s
=> => naming to docker.io/wazuh/wazuh-cert-tool:4.9.2 0.0s
~/wazuh-docker$ cd single-node/
~/wazuh-docker$ docker compose -f single-node/generate-certs.yml run --rm generator
[+] Creating 1/1
✔ Network single-node_default Created 0.2s
The tool to create the certificates exists in Packages-dev bucket
03/12/2024 13:06:27 INFO: Generating the root certificate.
03/12/2024 13:06:27 INFO: Generating Admin certificates.
03/12/2024 13:06:27 INFO: Admin certificates created.
03/12/2024 13:06:27 INFO: Generating Wazuh indexer certificates.
03/12/2024 13:06:28 INFO: Wazuh indexer certificates created.
03/12/2024 13:06:28 INFO: Generating Filebeat certificates.
03/12/2024 13:06:28 INFO: Wazuh Filebeat certificates created.
03/12/2024 13:06:28 INFO: Generating Wazuh dashboard certificates.
03/12/2024 13:06:28 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
~/wazuh-docker/single-node$ docker compose up -d
[+] Running 18/18
✔ Network single-node_default Created 0.2s
✔ Volume "single-node_filebeat_etc" Created 0.0s
✔ Volume "single-node_wazuh-dashboard-custom" Created 0.0s
✔ Volume "single-node_wazuh_logs" Created 0.0s
✔ Volume "single-node_filebeat_var" Created 0.0s
✔ Volume "single-node_wazuh_agentless" Created 0.0s
✔ Volume "single-node_wazuh_integrations" Created 0.0s
✔ Volume "single-node_wazuh-dashboard-config" Created 0.0s
✔ Volume "single-node_wazuh_active_response" Created 0.0s
✔ Volume "single-node_wazuh-indexer-data" Created 0.0s
✔ Volume "single-node_wazuh_api_configuration" Created 0.0s
✔ Volume "single-node_wazuh_etc" Created 0.0s
✔ Volume "single-node_wazuh_queue" Created 0.0s
✔ Volume "single-node_wazuh_var_multigroups" Created 0.0s
✔ Volume "single-node_wazuh_wodles" Created 0.0s
✔ Container single-node-wazuh.manager-1 Started 1.4s
✔ Container single-node-wazuh.indexer-1 Started 1.2s
✔ Container single-node-wazuh.dashboard-1 Started 1.9s
~/wazuh-docker/single-node$ docker compose ps
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
single-node-wazuh.dashboard-1 wazuh/wazuh-dashboard:4.9.2 "/entrypoint.sh open…" wazuh.dashboard 8 minutes ago Up 8 minutes 443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp
single-node-wazuh.indexer-1 wazuh/wazuh-indexer:4.9.2 "/entrypoint.sh open…" wazuh.indexer 8 minutes ago Up 8 minutes 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp
single-node-wazuh.manager-1 wazuh/wazuh-manager:4.9.2 "/init" wazuh.manager 8 minutes ago Up 8 minutes 0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp
~/wazuh-docker/single-node$ docker compose down -v
[+] Running 18/18
✔ Container single-node-wazuh.dashboard-1 Removed 11.3s
✔ Container single-node-wazuh.indexer-1 Removed 0.8s
✔ Container single-node-wazuh.manager-1 Removed 4.3s
✔ Volume single-node_wazuh-dashboard-custom Removed 0.0s
✔ Volume single-node_wazuh_wodles Removed 0.1s
✔ Volume single-node_filebeat_var Removed 0.0s
✔ Volume single-node_wazuh_integrations Removed 0.0s
✔ Volume single-node_filebeat_etc Removed 0.1s
✔ Volume single-node_wazuh-indexer-data Removed 0.0s
✔ Volume single-node_wazuh_active_response Removed 0.1s
✔ Volume single-node_wazuh-dashboard-config Removed 0.0s
✔ Volume single-node_wazuh_etc Removed 0.0s
✔ Volume single-node_wazuh_logs Removed 0.1s
✔ Volume single-node_wazuh_agentless Removed 0.1s
✔ Volume single-node_wazuh_queue Removed 0.7s
✔ Volume single-node_wazuh_var_multigroups Removed 0.1s
✔ Volume single-node_wazuh_api_configuration Removed 0.2s
✔ Network single-node_default Removed 0.6s
~/wazuh-docker/single-node$ cd ..
~/wazuh-docker$ cd multi-node/
~/wazuh-docker/multi-node$ docker compose -f generate-certs.yml run --rm generator
[+] Creating 1/1
✔ Network multi-node_default Created 0.2s
The tool to create the certificates exists in Packages-dev bucket
03/12/2024 13:18:49 INFO: Generating the root certificate.
03/12/2024 13:18:49 INFO: Generating Admin certificates.
03/12/2024 13:18:50 INFO: Admin certificates created.
03/12/2024 13:18:50 INFO: Generating Wazuh indexer certificates.
03/12/2024 13:18:50 INFO: Wazuh indexer certificates created.
03/12/2024 13:18:50 INFO: Generating Filebeat certificates.
03/12/2024 13:18:51 INFO: Wazuh Filebeat certificates created.
03/12/2024 13:18:51 INFO: Generating Wazuh dashboard certificates.
03/12/2024 13:18:51 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
~/wazuh-docker/multi-node$ docker compose up -d
[+] Running 8/8
✔ nginx Pulled 24.9s
✔ bc0965b23a04 Pull complete 16.3s
✔ af38aa266166 Pull complete 20.2s
✔ 53a8d9cbfd8a Pull complete 20.3s
✔ 61f8f240c02d Pull complete 20.3s
✔ 6aec90d25585 Pull complete 20.4s
✔ 209e8c8a5c7e Pull complete 20.5s
✔ 97fc0bab11f2 Pull complete 20.6s
[+] Running 34/34
✔ Volume "multi-node_worker-wazuh-integrations" Created 0.0s
✔ Volume "multi-node_wazuh-dashboard-config" Created 0.0s
✔ Volume "multi-node_master-wazuh-logs" Created 0.0s
✔ Volume "multi-node_master-wazuh-active-response" Created 0.0s
✔ Volume "multi-node_master-filebeat-var" Created 0.0s
✔ Volume "multi-node_worker-filebeat-etc" Created 0.0s
✔ Volume "multi-node_wazuh-dashboard-custom" Created 0.0s
✔ Volume "multi-node_worker-wazuh-wodles" Created 0.0s
✔ Volume "multi-node_worker-wazuh-api-configuration" Created 0.0s
✔ Volume "multi-node_master-wazuh-queue" Created 0.0s
✔ Volume "multi-node_wazuh-indexer-data-1" Created 0.0s
✔ Volume "multi-node_worker-wazuh-queue" Created 0.0s
✔ Volume "multi-node_worker-wazuh-agentless" Created 0.0s
✔ Volume "multi-node_wazuh-indexer-data-2" Created 0.0s
✔ Volume "multi-node_worker-wazuh-logs" Created 0.0s
✔ Volume "multi-node_wazuh-indexer-data-3" Created 0.0s
✔ Volume "multi-node_master-wazuh-api-configuration" Created 0.0s
✔ Volume "multi-node_worker-wazuh-etc" Created 0.0s
✔ Volume "multi-node_master-filebeat-etc" Created 0.0s
✔ Volume "multi-node_worker-wazuh-active-response" Created 0.0s
✔ Volume "multi-node_worker-wazuh-var-multigroups" Created 0.0s
✔ Volume "multi-node_master-wazuh-agentless" Created 0.0s
✔ Volume "multi-node_master-wazuh-integrations" Created 0.0s
✔ Volume "multi-node_master-wazuh-etc" Created 0.0s
✔ Volume "multi-node_worker-filebeat-var" Created 0.0s
✔ Volume "multi-node_master-wazuh-var-multigroups" Created 0.0s
✔ Volume "multi-node_master-wazuh-wodles" Created 0.0s
✔ Container multi-node-wazuh.worker-1 Started 2.8s
✔ Container multi-node-wazuh3.indexer-1 Started 2.8s
✔ Container multi-node-wazuh2.indexer-1 Started 2.9s
✔ Container multi-node-wazuh.master-1 Started 3.2s
✔ Container multi-node-wazuh1.indexer-1 Started 3.1s
✔ Container multi-node-wazuh.dashboard-1 Started 3.0s
✔ Container multi-node-nginx-1 Started 4.3s
~/wazuh-docker/multi-node$ docker compose ps
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
multi-node-nginx-1 nginx:stable "/docker-entrypoint.…" nginx About a minute ago Up About a minute 80/tcp, 0.0.0.0:1514->1514/tcp, :::1514->1514/tcp
multi-node-wazuh.dashboard-1 wazuh/wazuh-dashboard:4.9.2 "/entrypoint.sh open…" wazuh.dashboard About a minute ago Up About a minute 443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp
multi-node-wazuh.master-1 wazuh/wazuh-manager:4.9.2 "/init" wazuh.master About a minute ago Up About a minute 1514/tcp, 0.0.0.0:1515->1515/tcp, :::1515->1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 1516/tcp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp
multi-node-wazuh.worker-1 wazuh/wazuh-manager:4.9.2 "/init" wazuh.worker About a minute ago Up About a minute 1514-1516/tcp, 514/udp, 55000/tcp
multi-node-wazuh1.indexer-1 wazuh/wazuh-indexer:4.9.2 "/entrypoint.sh open…" wazuh1.indexer About a minute ago Up About a minute 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp
multi-node-wazuh2.indexer-1 wazuh/wazuh-indexer:4.9.2 "/entrypoint.sh open…" wazuh2.indexer About a minute ago Up About a minute 9200/tcp
multi-node-wazuh3.indexer-1 wazuh/wazuh-indexer:4.9.2 "/entrypoint.sh open…" wazuh3.indexer About a minute ago Up About a minute 9200/tcp
~/wazuh-docker/multi-node$ docker compose down -v
[+] Running 35/35
✔ Container multi-node-nginx-1 Removed 6.7s
✔ Container multi-node-wazuh2.indexer-1 Removed 6.8s
✔ Container multi-node-wazuh3.indexer-1 Removed 6.8s
✔ Container multi-node-wazuh.dashboard-1 Removed 12.7s
✔ Container multi-node-wazuh.worker-1 Removed 7.6s
✔ Container multi-node-wazuh.master-1 Removed 5.0s
✔ Container multi-node-wazuh1.indexer-1 Removed 1.3s
✔ Volume multi-node_worker-wazuh-agentless Removed 0.0s
✔ Volume multi-node_worker-filebeat-var Removed 0.3s
✔ Volume multi-node_master-wazuh-var-multigroups Removed 0.3s
✔ Volume multi-node_worker-wazuh-logs Removed 0.4s
✔ Volume multi-node_master-wazuh-wodles Removed 0.3s
✔ Volume multi-node_wazuh-dashboard-custom Removed 0.2s
✔ Volume multi-node_master-wazuh-etc Removed 0.3s
✔ Volume multi-node_master-wazuh-logs Removed 0.4s
✔ Volume multi-node_master-wazuh-queue Removed 0.1s
✔ Volume multi-node_worker-wazuh-api-configuration Removed 0.4s
✔ Volume multi-node_worker-wazuh-etc Removed 0.4s
✔ Volume multi-node_worker-wazuh-integrations Removed 0.3s
✔ Volume multi-node_wazuh-indexer-data-2 Removed 0.3s
✔ Volume multi-node_worker-wazuh-queue Removed 0.3s
✔ Volume multi-node_worker-wazuh-wodles Removed 0.0s
✔ Volume multi-node_wazuh-indexer-data-1 Removed 0.4s
✔ Volume multi-node_wazuh-dashboard-config Removed 0.2s
✔ Volume multi-node_master-filebeat-var Removed 0.2s
✔ Volume multi-node_master-wazuh-api-configuration Removed 0.1s
✔ Volume multi-node_master-filebeat-etc Removed 0.3s
✔ Volume multi-node_master-wazuh-active-response Removed 0.3s
✔ Volume multi-node_worker-wazuh-var-multigroups Removed 0.2s
✔ Volume multi-node_master-wazuh-agentless Removed 0.3s
✔ Volume multi-node_wazuh-indexer-data-3 Removed 0.2s
✔ Volume multi-node_master-wazuh-integrations Removed 0.2s
✔ Volume multi-node_worker-filebeat-etc Removed 0.3s
✔ Volume multi-node_worker-wazuh-active-response Removed 0.1s
✔ Network multi-node_default Removed 0.4s
~/wazuh-docker/multi-node$ |
Conclusion
This point requires a better understanding of the Wazuh 5.0.0 deployment, which is not yet finished, so this test is blocked.
An image creation test was performed, directly using the Dockerfiles of each of the images, leaving aside the docker-compose.yml file that is currently executed to generate the images. With this test we know that we can migrate each of the directories found within the build-docker-images/ directory to a separate repository in order to assign each responsible team the creation of its own Docker image.
I have been performing tests with AWS ECR and it seems to me to be the best solution to have private and secure development images, since both to push and pull images we only need to copy the Docker login credentials to the server where we perform the test. The use of these images hosted in ECR cannot be used directly (authentication is needed), although the name of the image registry is always the same, so it can be added in the tests.
The deployment of Wazuh with Docker images is currently possible if we move the respective code for the creation of images to each repository. Regarding out-of-the-box usage,, the image should allow us to set parameters from the deployment and the image to use them to make replacements (with sed or whatever we define) in the configuration files. Only the minimum necessary for communication between components will be parameterized (everything related to IPs/DNS).
Development packages will be obtained with a signed URL that the image building workflow has to generate. We expect that there will be a latest package for each version for each component so that we do not have to go looking for a fixed name when building a development image. Each development image that is uploaded must be uploaded with the commit in the tag and also as $VERSION-latest. Additionally, the workflow must allow entering the commit of each package of each component to build development images that are not the latest. In the case of pre-release and production images, it must be defined with the QA team to see how they are going to implement it:
We currently have tests for all Wazuh components with Docker. We should use the latest tag for testing and the workflow should allow entering the image commit for each component in case it is required to test with specific images.
This step can be solved by removing the documentation regarding the installation of Docker and referring to the use of the official Docker documentation. In our documentation we would maintain the prerequisites and Docker versions that we will support in our deployment.
It was determined that the multi-node deployment will be maintained for 5.0.0, so we will maintain the current deployment that we have.
I have carried out tests for building images on ARM and I have been able to do it with buildx. This process requires an adaptation of the Dockerfile so that the package search works correctly for each type of architecture, because in the case of installation by repository, the package manager itself is responsible for confirming the architecture, but when we have to install from a link, we have to use some global variables that buildx provides to be able to choose which package to install with. It should be noted that within this Review process we must also modify several parameters used in the docker-compose.yml deployment file, which include adaptations for the latest versions of docker compose, parameters that were not used previously and that would generate a more orderly deployment and adaptations to the new images, but these changes will be reviewed when we have the test images. |
UpdateI have performed a multiarch build test of Wazuh manager. I had to adjust some lines of it so that it takes care of searching for the correct packages for the build. In the test I used version 4.9.2 of Wazuh and excluded Filebeat 7.10.2 since it does not have an ARM version uploaded in the same repository where we get the x86 version: Dockerfile: # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
FROM amazonlinux:2023
RUN rm /bin/sh && ln -s /bin/bash /bin/sh
ARG WAZUH_VERSION=4.9.2
ARG WAZUH_TAG_REVISION=1
ARG FILEBEAT_TEMPLATE_BRANCH=v4.9.2
ARG FILEBEAT_CHANNEL=filebeat-oss
ARG FILEBEAT_VERSION=7.10.2
ARG WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.4.tar.gz
ARG S6_VERSION="v2.2.0.3"
ARG TARGETARCH
RUN yum install curl-minimal xz gnupg tar gzip openssl findutils procps -y &&\
yum clean all
COPY config/check_repository.sh /
COPY config/filebeat_module.sh /
COPY config/permanent_data.env config/permanent_data.sh /
RUN chmod 775 /check_repository.sh
RUN source /check_repository.sh
RUN yum install wazuh-manager-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
yum clean all
RUN curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-${TARGETARCH/arm64/aarch64}.tar.gz \
-o /tmp/s6-overlay-${TARGETARCH/arm64/aarch64}.tar.gz && \
tar xzf /tmp/s6-overlay-${TARGETARCH/arm64/aarch64}.tar.gz -C / --exclude="./bin" && \
tar xzf /tmp/s6-overlay-${TARGETARCH/arm64/aarch64}.tar.gz -C /usr ./bin && \
rm /tmp/s6-overlay-${TARGETARCH/arm64/aarch64}.tar.gz
COPY config/etc/ /etc/
COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py
COPY config/filebeat.yml /etc/filebeat/
RUN chmod go-w /etc/filebeat/filebeat.yml
ADD https://raw.githubusercontent.com/wazuh/wazuh/$FILEBEAT_TEMPLATE_BRANCH/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat
RUN chmod go-w /etc/filebeat/wazuh-template.json
# Prepare permanent data
# Sync calls are due to https://github.com/docker/docker/issues/9547
#Make mount directories for keep permissions
RUN mkdir -p /var/ossec/var/multigroups && \
chown root:wazuh /var/ossec/var/multigroups && \
chmod 770 /var/ossec/var/multigroups && \
mkdir -p /var/ossec/agentless && \
chown root:wazuh /var/ossec/agentless && \
chmod 770 /var/ossec/agentless && \
mkdir -p /var/ossec/active-response/bin && \
chown root:wazuh /var/ossec/active-response/bin && \
chmod 770 /var/ossec/active-response/bin && \
chmod 755 /permanent_data.sh && \
sync && /permanent_data.sh && \
sync && rm /permanent_data.sh
RUN rm /etc/yum.repos.d/wazuh.repo
# Services ports
EXPOSE 55000/tcp 1514/tcp 1515/tcp 514/udp 1516/tcp
ENTRYPOINT [ "/init" ] Build and push: $ docker buildx build . --platform linux/amd64,linux/arm64 --tag merecu/wazuh-manager:4.9.2 --push
[+] Building 593.7s (45/45) FINISHED
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 2.44kB 0.0s
=> [linux/arm64 internal] load metadata for docker.io/library/amazonlinux:2023 0.9s
=> [linux/amd64 internal] load metadata for docker.io/library/amazonlinux:2023 1.0s
=> [internal] load .dockerignore 0.1s
=> => transferring context: 2B 0.0s
=> [linux/amd64 15/18] ADD https://raw.githubusercontent.com/wazuh/wazuh/v4.9.2/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat 0.1s
=> [internal] load build context 0.0s
=> => transferring context: 836B 0.0s
=> [linux/amd64 1/18] FROM docker.io/library/amazonlinux:2023@sha256:5cb6ab1a1a13f33425b6c660a45f06298e204a22df1f9eeefe69cda3735d9757 0.1s
=> => resolve docker.io/library/amazonlinux:2023@sha256:5cb6ab1a1a13f33425b6c660a45f06298e204a22df1f9eeefe69cda3735d9757 0.1s
=> [linux/arm64 1/18] FROM docker.io/library/amazonlinux:2023@sha256:5cb6ab1a1a13f33425b6c660a45f06298e204a22df1f9eeefe69cda3735d9757 0.1s
=> => resolve docker.io/library/amazonlinux:2023@sha256:5cb6ab1a1a13f33425b6c660a45f06298e204a22df1f9eeefe69cda3735d9757 0.1s
=> CACHED [linux/amd64 2/18] RUN rm /bin/sh && ln -s /bin/bash /bin/sh 0.0s
=> CACHED [linux/amd64 3/18] RUN yum install curl-minimal xz gnupg tar gzip openssl findutils procps -y && yum clean all 0.0s
=> CACHED [linux/amd64 4/18] COPY config/check_repository.sh / 0.0s
=> CACHED [linux/amd64 5/18] COPY config/filebeat_module.sh / 0.0s
=> CACHED [linux/amd64 6/18] COPY config/permanent_data.env config/permanent_data.sh / 0.0s
=> CACHED [linux/amd64 7/18] RUN chmod 775 /check_repository.sh 0.0s
=> CACHED [linux/amd64 8/18] RUN source /check_repository.sh 0.0s
=> CACHED [linux/amd64 9/18] RUN yum install wazuh-manager-4.9.2-1 -y && yum clean all 0.0s
=> CACHED [linux/amd64 10/18] RUN curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/v2.2.0.3/s6-overlay-amd64.tar.gz -o /tmp/s6-overla 0.0s
=> CACHED [linux/amd64 11/18] COPY config/etc/ /etc/ 0.0s
=> CACHED [linux/amd64 12/18] COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py 0.0s
=> CACHED [linux/amd64 13/18] COPY config/filebeat.yml /etc/filebeat/ 0.0s
=> CACHED [linux/amd64 14/18] RUN chmod go-w /etc/filebeat/filebeat.yml 0.0s
=> CACHED [linux/amd64 15/18] ADD https://raw.githubusercontent.com/wazuh/wazuh/v4.9.2/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat 0.0s
=> CACHED [linux/amd64 16/18] RUN chmod go-w /etc/filebeat/wazuh-template.json 0.0s
=> CACHED [linux/amd64 17/18] RUN mkdir -p /var/ossec/var/multigroups && chown root:wazuh /var/ossec/var/multigroups && chmod 770 /var/ossec/var/multigroups && mkdi 0.0s
=> CACHED [linux/amd64 18/18] RUN rm /etc/yum.repos.d/wazuh.repo 0.0s
=> CACHED [linux/arm64 2/18] RUN rm /bin/sh && ln -s /bin/bash /bin/sh 0.0s
=> CACHED [linux/arm64 3/18] RUN yum install curl-minimal xz gnupg tar gzip openssl findutils procps -y && yum clean all 0.0s
=> CACHED [linux/arm64 4/18] COPY config/check_repository.sh / 0.0s
=> CACHED [linux/arm64 5/18] COPY config/filebeat_module.sh / 0.0s
=> CACHED [linux/arm64 6/18] COPY config/permanent_data.env config/permanent_data.sh / 0.0s
=> CACHED [linux/arm64 7/18] RUN chmod 775 /check_repository.sh 0.0s
=> CACHED [linux/arm64 8/18] RUN source /check_repository.sh 0.0s
=> CACHED [linux/arm64 9/18] RUN yum install wazuh-manager-4.9.2-1 -y && yum clean all 0.0s
=> CACHED [linux/arm64 10/18] RUN curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/v2.2.0.3/s6-overlay-aarch64.tar.gz -o /tmp/s6-over 0.0s
=> CACHED [linux/arm64 11/18] COPY config/etc/ /etc/ 0.0s
=> CACHED [linux/arm64 12/18] COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py 0.0s
=> CACHED [linux/arm64 13/18] COPY config/filebeat.yml /etc/filebeat/ 0.0s
=> CACHED [linux/arm64 14/18] RUN chmod go-w /etc/filebeat/filebeat.yml 0.0s
=> CACHED [linux/arm64 15/18] ADD https://raw.githubusercontent.com/wazuh/wazuh/v4.9.2/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat 0.0s
=> CACHED [linux/arm64 16/18] RUN chmod go-w /etc/filebeat/wazuh-template.json 0.0s
=> CACHED [linux/arm64 17/18] RUN mkdir -p /var/ossec/var/multigroups && chown root:wazuh /var/ossec/var/multigroups && chmod 770 /var/ossec/var/multigroups && mkdi 0.0s
=> CACHED [linux/arm64 18/18] RUN rm /etc/yum.repos.d/wazuh.repo 0.0s
=> exporting to image 592.3s
=> => exporting layers 38.9s
=> => exporting manifest sha256:42fde07fedeed9e6fa23f298cb64c62941657cf33ea2556009a402390f8be29e 0.0s
=> => exporting config sha256:803e89b0ab5b44b6a760ed69af310d3d64ea6c28a184057f9f45510fea008249 0.0s
=> => exporting manifest sha256:0c6d632b368679cd326cda74cffe8251c3c1855aaf443979d4e357c2749ec2e3 0.0s
=> => exporting config sha256:2a829989003395d888a27404f7425c06ed5cce31fcc3680f3f91ad3cea680462 0.0s
=> => exporting manifest list sha256:2d3e77a3778c51e7cfe4b70b151450ef288d6dbc7d94b4d21b4caf37aa6305b0 0.0s
=> => pushing layers 550.3s
=> => pushing manifest for docker.io/merecu/wazuh-manager:4.9.2@sha256:2d3e77a3778c51e7cfe4b70b151450ef288d6dbc7d94b4d21b4caf37aa6305b0 2.9s
=> [auth] merecu/wazuh-manager:pull,push token for registry-1.docker.io 0.0s
=> [auth] merecu/wazuh-manager:pull,push token for registry-1.docker.io Image description in Docker Hub: |
UpdateWe need to develop a plan with all the items from the analysis. The plan must be ordered and each task must have an Owner and the teams involved. |
UpdateAccording to the spike performed, I have determined a series of general tasks that we must perform for the correct update of the wazuh-docker repository and its respective documentation: Steps:
|
UpdateThe process of assigning environment variables that was developed for the Wazuh dashboard and Wazuh indexer images must be migrated to customize the new configuration file that Wazuh manager will have, which will allow us not to depend on mounting a configuration file in the container. |
Description
As part of the DevOps overhaul objective we need to conduct research, analyze alternatives, and design how to implement the following changes.
Implementation restrictions
Plan
The text was updated successfully, but these errors were encountered: