Test distribution packages

[AlexRuiz7]

Description

In this issue, we'll be testing the packages generated with the tools included in opensearch-project/opensearch-build#71.

The objective is to test the building mechanism and check if we can provide the same operating system compatibility as OpenSearch.

Attach the testing results (evidence) and the reproducibility (Vagrantfile, commands, ...) of the test below.

OS	Version
RHEL/CentOS	7/8
Rocky Linux/AlmaLinux	8
Ubuntu	16.04/18.04/20.04
Windows Server	2019

Tests

During the tests, follow the installation instructions from OpenSearch for the given operating system (package type).

• Test RPM package in RHEL/CentOS 7/8
• Test RPM package in Rocky Linux/AlmaLinux 8
• Test DEB package in Ubuntu 16.04/18.04/20.04
• Test TAR (Windows) package in Windows Server 2019
• Test TAR (Linux) package in any of the supported operating systems*

*This test can be performed in Docker or locally, while others are preferred in VMs.

[AlexRuiz7]

CentOS 8 (rpm) 🟢

Tested by @yenienserrano

Vagrantfile

Vagrant.configure("2") do |config|
    config.vm.box = "bento/centos-8"
    config.vm.network "private_network", ip: "192.168.56.18"
    config.vm.provider "virtualbox" do |vb|
        #   # Display the VirtualBox GUI when booting the machine
        #   vb.gui = true
        #
          # Customize the amount of memory on the VM:
          vb.memory = "8096"
          vb.cpus = 4
   end
end

Opensearch

Install Opensearch as the documentation says

Wazuh dashboard

Installed the package

yum install wazuh-dashboard-4.4.0-2.x86_64.rpm

Modified the configuration file in /etc/wazuh-dashboard/opensearch-dashsboards.yml to match the environment:

server.host: "0.0.0.0"
opensearch.hosts: ["https://localhost:9200"]
opensearch.ssl.verificationMode: none
opensearch.username: "kibanaserver"
opensearch.password: "kibanaserver"
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
opensearch_security.readonly_mode.roles: ["kibana_read_only"]

# Use this setting if you are running opensearch-dashboards without https
opensearch_security.cookie.secure: false

Started using: systemctl start wazuh-dashboard

Run the imposter and configure it in the wazuh.yml to test that the app works.

Screenshots

After testing the environment, we tried uninstalling the package with yum remove wazuh-dashboard

[AlexRuiz7]

node:14.20.04 - dev environment (deb / tar) 🟢

Started the environment with security enabled to use a full indexer instead of a snapshot. The environments are available in the docker/ folder (using opensearch-project/opensearch-build#71 branch).

bash dev.sh security up

Entered the container as root (package is already in the container's mounted volume)

docker exec -u root -ti <containerId> /bin/bash

deb

Installed the package.

dpkg -i wazuh-dashboard_4.6.0-2_amd64.deb

Modified the configuration file in /etc/wazuh-dashboard/opensearch-dashsboards.yml to match the environment:

server.host: 0.0.0.0
server.port: 5601
opensearch.hosts: https://indexer:9200
opensearch.ssl.verificationMode: none
opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
#server.ssl.enabled: true
#server.ssl.key: "/etc/wazuh-dashboard/certs/dashboard-key.pem"
#server.ssl.certificate: "/etc/wazuh-dashboard/certs/dashboard.pem"
#opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wazuh

opensearchDashboards.branding:
  useExpandedHeader: false

Started using the binary. systemctl can't be used as this is Docker, but the package installs still.

/usr/share/wazuh-dashboard/bin/opensearch-dashboards "-c /etc/wazuh-dashboard/opensearch_dashboards.yml"

tar

Decompressed the package.

tar -zxvf wazuh-dashboard-4.6.0-2-linux-x64.tar.gz
cd wazuh-dashboard-4.6.0-2-linux-x64

Modified the configuration file in config/opensearch-dashsboards.yml to match the environment:

server.host: 0.0.0.0
server.port: 5601
opensearch.hosts: https://indexer:9200
opensearch.ssl.verificationMode: none
opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
#server.ssl.enabled: true
#server.ssl.key: "/etc/wazuh-dashboard/certs/dashboard-key.pem"
#server.ssl.certificate: "/etc/wazuh-dashboard/certs/dashboard.pem"
#opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wazuh

opensearchDashboards.branding:
  useExpandedHeader: false

opensearch.username: "admin" # Default username on the docker image
opensearch.password: "admin" # Default password on the docker image

Started using the binary.

./bin/opensearch-dashboards

[Tostti]

Ubuntu 18.04 (deb) 🟢

Vagrantfile

Vagrant.configure("2") do |config|
  config.vm.box = "bento/ubuntu-18.04"
  config.vm.synced_folder '.', '/vagrant', disabled: true
  config.vm.network "public_network"
  config.vm.provider "virtualbox" do |vb|
     vb.memory = "8192"
     vb.cpus = "4"
  end
end

Wazuh Indexer

Installed Wazuh Indexer 4.4.0 following the documentation

Wazuh Server

Installed Wazuh Server 4.4.0 following the documentation

Wazuh Dashboard

Installed Wazuh dashboard 4.4.0 using the deb package generated with the new tools

root@vagrant:/home/vagrant# dpkg -i wazuh-dashboard_4.4.0-1_amd64.deb
Selecting previously unselected package wazuh-dashboard.
(Reading database ... 53630 files and directories currently installed.)
Preparing to unpack wazuh-dashboard_4.4.0-1_amd64.deb ...
Creating wazuh-dashboard group... OK
Creating wazuh-dashboard user... OK
Unpacking wazuh-dashboard (4.4.0-1) ...
Setting up wazuh-dashboard (4.4.0-1) ...
Processing triggers for libc-bin (2.27-3ubuntu1.6) ...

Configured, deployed the certificates, and started the dashboard following the documentation

root@vagrant:/home/vagrant# nano /etc/wazuh-dashboard/opensearch_dashboards.yml
root@vagrant:/home/vagrant# cat /etc/wazuh-dashboard/opensearch_dashboards.yml
server.host: 0.0.0.0
server.port: 443
opensearch.hosts: https://192.168.0.116:9200
opensearch.ssl.verificationMode: certificate
opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/dashboard-key.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wazuh

opensearchDashboards.branding:
  useExpandedHeader: false
root@vagrant:/home/vagrant# NODE_NAME=dashboard
root@vagrant:/home/vagrant# mkdir /etc/wazuh-dashboard/certs
root@vagrant:/home/vagrant# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
root@vagrant:/home/vagrant# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
root@vagrant:/home/vagrant# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
root@vagrant:/home/vagrant# chmod 500 /etc/wazuh-dashboard/certs
root@vagrant:/home/vagrant# chmod 400 /etc/wazuh-dashboard/certs/*
root@vagrant:/home/vagrant# chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
root@vagrant:/home/vagrant# systemctl daemon-reload
root@vagrant:/home/vagrant# systemctl enable wazuh-dashboard
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
root@vagrant:/home/vagrant# systemctl start wazuh-dashboard

Tested the dashboard accessing through the web browser

[Tostti]

rockylinux 8 (rpm) 🟢

Vagrantfile

Vagrant.configure("2") do |config|
  config.vm.box = "bento/rockylinux-8"
  config.vm.synced_folder '.', '/vagrant', disabled: true
  config.vm.network "public_network"
   config.vm.provider "virtualbox" do |vb|
     vb.memory = "8192"
     vb.cpus = 4
   end
end

Wazuh Indexer

Installed Wazuh Indexer 4.4.0 following the documentation

Wazuh Server

Installed Wazuh Server 4.4.0 following the documentation

Wazuh Dashboard

Installed Wazuh dashboard 4.4.0 using the rpm package generated with the new tools

[root@localhost vagrant]# yum localinstall wazuh-dashboard-4.4.0-1.x86_64.rpm
Last metadata expiration check: 0:02:19 ago on Wed Jul  5 14:25:29 2023.
Dependencies resolved.
=================================================================================================================================================================================================================
 Package                                                Architecture                                  Version                                          Repository                                           Size
=================================================================================================================================================================================================================
Installing:
 wazuh-dashboard                                        x86_64                                        4.4.0-1                                          @commandline                                        321 M

Transaction Summary
=================================================================================================================================================================================================================
Install  1 Package

Total size: 321 M
Installed size: 1.1 G
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                                         1/1
  Running scriptlet: wazuh-dashboard-4.4.0-1.x86_64                                                                                                                                                          1/1
  Installing       : wazuh-dashboard-4.4.0-1.x86_64                                                                                                                                                          1/1
  Running scriptlet: wazuh-dashboard-4.4.0-1.x86_64                                                                                                                                                          1/1
  Verifying        : wazuh-dashboard-4.4.0-1.x86_64                                                                                                                                                          1/1

Installed:
  wazuh-dashboard-4.4.0-1.x86_64

Complete!

Configured, deployed the certificates, and started the dashboard following the documentation

[root@localhost vagrant]# nano /etc/wazuh-dashboard/opensearch_dashboards.yml
[root@localhost vagrant]# cat /etc/wazuh-dashboard/opensearch_dashboards.yml
server.host: 0.0.0.0
server.port: 443
opensearch.hosts: https://192.168.0.91:9200
opensearch.ssl.verificationMode: certificate
opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/dashboard-key.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wazuh

opensearchDashboards.branding:
  useExpandedHeader: false
[root@localhost vagrant]# NODE_NAME=dashboard
[root@localhost vagrant]# mkdir /etc/wazuh-dashboard/certs
[root@localhost vagrant]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
[root@localhost vagrant]# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
[root@localhost vagrant]# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
[root@localhost vagrant]# chmod 500 /etc/wazuh-dashboard/certs
[root@localhost vagrant]# chmod 400 /etc/wazuh-dashboard/certs/*
[root@localhost vagrant]# chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
[root@localhost vagrant]# systemctl daemon-reload
[root@localhost vagrant]# systemctl enable wazuh-dashboard
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
[root@localhost vagrant]# systemctl start wazuh-dashboard

Tested the dashboard accessing through the web browser

[Desvelao]

Ubuntu 16.04 (deb) 🟢

Vagrantfile

# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config|
 config.vm.box = "bento/ubuntu-16.04"
 config.vm.hostname = "ubuntu16.04"
 config.vm.network "private_network", ip: "192.168.56.9"
 config.vm.provider "virtualbox" do |pmv|
   pmv.memory = 4082
   pmv.cpus = 2
   pmv.name = "Ubuntu16.04"
   pmv.customize [ "modifyvm", :id, "--uartmode1", "disconnected" ]
 end
end

Operating system information

root@ubuntu16:/vagrant# cat /etc/os-release 
NAME="Ubuntu"
VERSION="16.04.7 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.7 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial

Remove package

root@ubuntu16:/home/vagrant# dpkg -r wazuh-dashboard
(Reading database ... 123493 files and directories currently installed.)
Removing wazuh-dashboard (4.4.0-1) ...
Stopping wazuh-dashboard service... OK
Deleting installation directory... OK
Processing triggers for libc-bin (2.23-0ubuntu11.3) ...

Reinstall package

root@ubuntu16:/home/vagrant# dpkg -i /vagrant/wazuh-dashboard_4.4.0-1_amd64.deb
Selecting previously unselected package wazuh-dashboard.
(Reading database ... 36764 files and directories currently installed.)
Preparing to unpack .../wazuh-dashboard_4.4.0-1_amd64.deb ...
Unpacking wazuh-dashboard (4.4.0-1) ...
Setting up wazuh-dashboard (4.4.0-1) ...
Processing triggers for libc-bin (2.23-0ubuntu11.3) ...

[Desvelao]

Bonus - Ubuntu 22.04 (deb) 🟢

Vagrantfile

# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config|
 config.vm.box = "bento/ubuntu-22.04"
 config.vm.hostname = "ubuntu-2204"
 config.vm.network "private_network", ip: "192.168.56.9"
 config.vm.provider "virtualbox" do |pmv|
   pmv.memory = 4092
   pmv.cpus = 2
   pmv.name = "Ubuntu22.04"
   pmv.customize [ "modifyvm", :id, "--uartmode1", "disconnected" ]
 end
end

Operating system information

root@ubuntu-2204:/home/vagrant# cat /etc/os-release 
PRETTY_NAME="Ubuntu 22.04.2 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.2 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

Remove package:

root@ubuntu-2204:/home/vagrant# dpkg -r wazuh-dashboard
(Reading database ... 131206 files and directories currently installed.)
Removing wazuh-dashboard (4.4.0-1) ...
Stopping wazuh-dashboard service... OK
Deleting PID directory... OK
Deleting installation directory... OK
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...

Reinstalling package:

root@ubuntu-2204:/home/vagrant# dpkg -i /vagrant/wazuh-dashboard_4.4.0-1_amd64.deb
Selecting previously unselected package wazuh-dashboard.
(Reading database ... 44477 files and directories currently installed.)
Preparing to unpack .../wazuh-dashboard_4.4.0-1_amd64.deb ...
Unpacking wazuh-dashboard (4.4.0-1) ...
Setting up wazuh-dashboard (4.4.0-1) ...
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...

[AlexRuiz7]

We drop Windows Server support as we encountered several issues to generate the packages, requires a builder and Wazuh didn't offer Windows support in previous versions.