Merge pull request #115 from wazuh/feature-cookbooks

Deploy cookbooks

.github/workflows/ci.yml

@@ -0,0 +1,41 @@
+name: Kitchen tests for Wazuh Chef
+
+on:
+  push:
+    branches: 
+      - feature-cookbooks
+  pull_request:
+    branches:
+      - feature-cookbooks
+
+jobs:
+  kitchen-test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        os: [
+          centos-8,
+          ubuntu-2004,
+        ]
+        suite: [
+          wazuh-server,
+          wazuh-server-oss,
+          wazuh-agent,
+          opendistro,
+          elastic-stack
+        ]
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v2
+    - name: Install Chef
+      uses: actionshub/chef-install@main
+    - name: Test ${{ matrix.suite }} cookbook
+      uses: actionshub/test-kitchen@main
+      env:
+        CHEF_LICENSE: accept-no-persist
+        KITCHEN_LOCAL_YAML: kitchen.yml
+      with:
+        suite: ${{ matrix.suite }}
+        os: ${{ matrix.os }}
+        action: test
+

.gitignore

@@ -1,9 +1,50 @@
-.kitchen/*
-./cookbooks/wazuh_agent/.kitchen
-./cookbooks/wazuh_agent/.kitchen/*
-./cookbooks/wazuh_manager/.kitchen
-./cookbooks/wazuh_manager/.kitchen/*
-./cookbooks/wazuh_elastic/.kitchen
-./cookbooks/wazuh_elastic/.kitchen/*
-./cookbooks/wazuh_filebeat/.kitchen
-./cookbooks/wazuh_filebeat/.kitchen/*
+*.rbc
+.config
+InstalledFiles
+lib/bundler/man
+pkg
+test/tmp
+test/version_tmp
+tmp
+_Store
+*~
+*#
+.#*
+\#*#
+*.un~
+*.tmp
+*.bk
+*.bkup
+
+# editor temp files
+.idea
+.*.sw[a-z]
+
+# ruby/bundler files
+.ruby-version
+.ruby-gemset
+.rvmrc
+Gemfile.lock
+.bundle
+*.gem
+coverage
+spec/reports
+
+# YARD / rdoc artifacts
+.yardoc
+_yardoc
+doc/
+rdoc
+
+# chef infra stuff
+Berksfile.lock
+.kitchen
+kitchen.local.yml
+vendor/
+.coverage/
+.zero-knife.rb
+Policyfile.lock.json
+
+# vagrant stuff
+.vagrant/
+.vagrant.d/

Berksfile

@@ -0,0 +1,14 @@
+source 'https://supermarket.chef.io'
+
+metadata 
+
+group 'cookbooks' do
+    cookbook 'elastic-stack', path: 'cookbooks/elastic-stack'
+    cookbook 'opendistro', path: 'cookbooks/opendistro'
+    cookbook 'filebeat', path: 'cookbooks/filebeat'
+    cookbook 'filebeat-oss', path: 'cookbooks/filebeat-oss'
+    cookbook 'wazuh_agent', path: 'cookbooks/wazuh_agent'
+    cookbook 'wazuh_manager', path: 'cookbooks/wazuh_manager'
+end
+
+

CHANGELOG.md

@@ -1,6 +1,16 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## Wazuh Chef v4.0.3_1.11.0
+
+### Added
+- Add feature-cookbooks ([@sergiogp98](https://github.com/sergiogp98)) [PR#115](https://github.com/wazuh/wazuh-chef/pull/115)
+    -  Update to Wazuh version 4.0.3 
+    - Add Opendistro with version 1.11.0
+    - Update Elastic Stack to version 7.9.3
+    - Install Wazuh Kibana plugin 4.0.3_7.9.3 version
+    - Add support for SUSE Linux
+
 ## Wazuh Chef v4.0.1
 
 ### Added

Gemfile

@@ -0,0 +1,16 @@
+source 'https://rubygems.org'
+
+#group :lint do
+#    gem 'rubocop'
+#end
+
+group :kitchen do 
+    gem 'test-kitchen'
+    gem 'kitchen-inspec'
+end
+
+group :drivers do
+    #gem 'kitchen-docker'
+    gem 'kitchen-vagrant'
+    gem 'kitchen-dokken'
+end

README.md

@@ -11,33 +11,41 @@ Deploy the Wazuh platform using Chef cookbooks. Chef recipes are prepared for in
 
 | Wazuh version | Elastic | ODFE   |
 |---------------|---------|--------|
-| v4.0.1        | -       | v1.11.0|
+| v4.0.3        | v7.9.3  | v1.11.0|
 
 ## Dependencies
 
-Every cookbook will install its own required dependencies, *Berksfile* and *metadata.rb* contains all the information about which dependencies will be installed.
+All the dependencies necessary to install cookbooks are listed inside the following files: 
+- *Berksfile*: has defined the cookbooks path for Kitchen tests
+- *metadata.rb*: minimum distributions verions 
+- *Gemfile.rb*: Ruby gems for testing
 
 There is software that must be installed to ensure the correct installation.
 
-- Curl
-- Wget
-- Chef Server Core v12.19.31
+## Chef 
 
-## Cookbooks
+Chef gives plenty of software packages solution depending on how you want to distribute the software. Please
+refer to the [platform overview documentation](https://docs.chef.io/platform_overview/) for further information.
+We recommend using Chef Workstation for testing.
 
-* [Wazuh Agent ](https://github.com/wazuh/wazuh-chef/tree/master/wazuh_agent)
-* [Wazuh Manager and API](https://github.com/wazuh/wazuh-chef/tree/master/wazuh_manager)
-* [Elastic Stack (Elasticsearch, Kibana)](https://github.com/wazuh/wazuh-chef/tree/master/wazuh_elastic)
-* [Filebeat](https://github.com/wazuh/wazuh-chef/tree/master/wazuh_filebeat)
+## Cookbooks
 
-Each cookbook has its README.md
+* [Wazuh Agent](cookbooks/wazuh_agent)
+* [Wazuh Manager](cookbooks/wazuh_manager)
+* [Filebeat](cookbooks/filebeat)
+* [Filebeat OSS](cookbooks/filebeat-oss)
+* [Elastic Stack (Elasticsearch and Kibana)](cookbooks/elastic-stack)
+* [Opendistro (Elasticsearch OSS and Kibana OSS)](cookbooks/opendistro)
 
 ## Roles
 
-You can find predefined roles for a default installation of Wazuh Agent and Manager in the roles folder.
+You can find predefined roles for a default installation of:
 
-- [Wazuh Agent Role](https://github.com/wazuh/wazuh-chef/tree/master/roles/wazuh_agent.json)
-- [Wazuh Manager Role](https://github.com/wazuh/wazuh-chef/tree/master/roles/wazuh_agent.json)
+1. [wazuh_server](roles/wazuh_server.json): Wazuh Manager and Filebeat
+2. [wazhu_server_oss](roles/wazuh_server_oss.json): Wazuh Manager and Filebeat OSS
+3. [wazuh_agent](roles/wazuh_agent.json): Wazuh Agent
+4. [elastic_stack](roles/elastic_stack.json): Elasticsearch and Kibana
+5. [opendistro](roles/opendistro.json): Elasticsearch OSS and Kiban OSS
 
 Check roles README for more information about default attributes and how to customize your installation.
 
@@ -49,13 +57,15 @@ You can clone the repository by running: ```git clone https://github.com/wazuh/w
 
 #### Use through Berkshelf
 
-The easiest way to making use of these cookbooks (especially `wazuh_filebeat` & `wazuh_elastic` until they are published to Supermarket) is by including in your `Berksfile` the desired cookbooks as stated below:
+The easiest way to making use of these cookbooks  is by including in your `Berksfile` the desired cookbooks as stated below:
 
 ```ruby
-cookbook "wazuh_agent", git: "https://github.com/wazuh/wazuh-chef.git",rel: 'cookbooks/wazuh_agent'
-cookbook "wazuh_manager", git: "https://github.com/wazuh/wazuh-chef.git",rel: 'cookbooks/wazuh_manager'
-cookbook 'wazuh_filebeat', github: 'https://github.com/wazuh/wazuh-chef.git', rel: 'cookbooks/wazuh_filebeat'
-cookbook 'wazuh_elastic', github: 'https://github.com/wazuh/wazuh-chef.git', rel: 'cookbooks/wazuh_elastic'
+cookbook "wazuh_agent", git: "https://github.com/wazuh/wazuh-chef.git", rel: 'cookbooks/wazuh_agent'
+cookbook "wazuh_server", git: "https://github.com/wazuh/wazuh-chef.git", rel: 'cookbooks/wazuh_manager'
+cookbook 'opendistro', git: 'https://github.com/wazuh/wazuh-chef.git', rel: 'cookbooks/opendistro'
+cookbook 'elastic-stack', git: 'https://github.com/wazuh/wazuh-chef.git', rel: 'cookbooks/elastic-stack'
+cookbook 'filebeat', git: 'https://github.com/wazuh/wazuh-chef.git', rel: 'cookbooks/filebeat'
+cookbook 'filebeat-oss', git: 'https://github.com/wazuh/wazuh-chef.git', rel: 'cookbooks/filebeat-oss'
 ```
 
 You can specify tags, branches, and revisions. More info on https://docs.chef.io/berkshelf.html
@@ -78,7 +88,6 @@ Example of a configuration file `api_configuration.json` before encryption:
  "htpasswd_user": "<YOUR USER>",
  "htpasswd_passcode": "<YOUR PASSWORD>"
 }
-
 ```
 
 #### Using Data Bags
@@ -118,7 +127,6 @@ After encryption, the previous JSON files will have new fields that describe the
 }
 ```
 
-
 #### Using Chef Vault
 
 Chef Vault provides an easier way to manage Data bags and configure them. To configure it you can follow these steps:
@@ -130,41 +138,24 @@ Chef Vault provides an easier way to manage Data bags and configure them. To con
 ```
 knife vault create wazuh_secrets api '{"id": "api", "htpasswd_user": "user", "htpasswd_passcode": "password"}' -A "username" -C "manager-1"
 ```
+
 Where `-A` defines the workstation users authorized to modify/edit the vault and `-C` defines the nodes that have access to the defined vault.
 
 After that, the vault will be created and synced with the server. The defined nodes will store the required keys to decrypt the vault content and consume it.
 
 You can check Chef Official Documentation about [Chef Vault](https://docs.chef.io/chef_vault.html) for detailed info.
 
-## Use through Berkshelf
-
-The easiest way to making use of these cookbooks (especially `wazuh_filebeat` & `wazuh_elastic` until they are published to Supermarket) is by including in your `Berksfile` something like the below:
-
-```ruby
-cookbook 'wazuh', gitHub: 'wazuh/wazuh-chef', rel: 'wazuh'
-cookbook 'wazuh_filebeat', gitHub: 'wazuh/wazuh-chef', rel: 'wazuh_filebeat'
-cookbook 'wazuh_elastic', gitHub: 'wazuh/wazuh-chef', rel: 'wazuh_elastic'
-```
-
-This will source all three cookbooks housed in this repo from GitHub.
-
 ## Choose to register an agent into a manager or not
 Now we give the possibility to choose to register an agent after being configured and installed in a manager. 
 
-In order to do so, it's only needed to assign the value `yes` to the variable ` default['ossec']['agent_auth']['register'] ` in the attributes file_ ` wazuh-chef/cookbooks/wazuh_agent/attributes/authd.rb `:
-
-```
-default['ossec']['agent_auth']['register'] = 'yes'
-```
-
-To connect an agent with the manager simply modify the `wazuh-chef/roles/wazuh_agent.json` with the desired IP address:
+To connect an agent with the manager simply modify the `wazuh-chef/roles/wazuh_agent.json` with the 
+manager IP address:
 
 ```
-"registration_address": "<YOUR REGISTRATION IP ADDRESS>",
 "address": "<YOUR MANAGER IP ADDRESS>"
 ```
 
-In other case, we just assign a different value which is not `yes`.
+Since Wazuh 4.0, by default, the agent registers automatically against the manager through enrollment. Configuration details can be found on [Enrollment section](https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/client.html#reference-ossec-client).
 
 ## Contribute
 

TESTING.md

@@ -0,0 +1,50 @@
+Test Wazuh Chef cookbooks
+=========================
+
+# Global prerequisistes
+- [Ruby](https://www.ruby-lang.org/es/documentation/installation/)
+- [Chef Workstation](https://downloads.chef.io/products/workstation)
+
+There are two ways of creating a chef environment and tests cookbooks depending on what driver to use:
+- [kitchen-vagrant](https://github.com/test-kitchen/kitchen-vagrant)
+- [kitchen-dokken](https://github.com/test-kitchen/kitchen-dokken)
+
+Kitchen-vagrant
+===============
+
+## Prerequisites
+- Vagrant
+- Virtualbox
+
+## Hot to use?
+First install dependancies: 
+``bundle install``
+
+Then go to ``wazuh-chef/kitchen-vagrant`` folder and execute kitchen commands.
+
+Kitchen dokken
+==============
+
+## Prerequisites
+- Docker
+
+## How to use?
+First install dependancies: 
+``bundle install`` 
+
+Then execute kithcen commands.
+
+Kitchen command
+===============
+
+Kitchen commands To create an environment with Wazuh Chef cookbooks:
+
+1. ``kitchen list``: list all kitchen instances 
+2. ``kitchen create <suite_name>-<platform_name>``: create an instance just with a \<platform_name\> node initialized.
+3. ``kitchen create <suite_name>-<platform_name>``: create an instance with all cookbooks declared
+in \<suite_name\> inside a \<platform_name\> node
+4. ``kitchen verify <suite_name>-<platform_name>``: run tests in the instance specified
+5. ``kitchen destroy <suite_name>-<platform_name>``: destroy in the instance specified
+6. ``kitchen login <suite_name>-<platform_name>``: login in the instance specified
+
+