MVP - Puppet - Adapting to the new installation mode

[vcerenu]

Description

Due to the lack of APT and YUM repositories for deploying Wazuh in 5.0.0, it is necessary to adapt the current resource for installing packages in Puppet agents.

Currently, the installation is done as follows:

# install package
  package { '$package_name':
    ensure => $version_install,
    name   => $package_name,
  }

It is necessary to create a class or function that generates the same result as the previous resource, downloading the packages from a URL and installing them locally.
It is necessary to investigate whether this is possible while maintaining the idempotence that Puppet requires in each of its resources.

Tasks

• Investigate the possibility of generating a class or function that allows the package to be installed manually with idempotency.
• Generate the installation class, which will work with any DEB or RPM package of each of the components.
• Verify that it works correctly and that it does not generate unnecessary executions when the purpose of the class has been achieved.

[vcerenu]

Update

I've been doing several tests on this change, modifying the installation process so that it can take the URL of the file that we will download from S3 and from there install each of the packages.

I had generated a new class so that I can install each of the components, but the same class cannot be used multiple times, so I used a defined resource, which allows the same code to be instantiated multiple times:

define wazuh::install_product (
  String $package_name,
  String $wazuh_version = '4.9.2',
  String $destination = '/tmp/packages_url.txt',
  String $rpm_based = 'RedHat|Suse|Amazon|OracleLinux|AlmaLinux|Rocky',
  String $deb_based = 'Debian|Ubuntu|Mint|Kali|Raspbian',
  String $download_dir = '/tmp',
) {
  # Determine the package type (rpm or deb) based on the OS family.
  if $facts['os']['family'] =~ Regexp($rpm_based) {
    $package_type = 'rpm'
    $check_command = "/bin/rpm -q ${package_name}" # Command to check if the package is installed (RPM)
  } elsif $facts['os']['family'] =~ Regexp($deb_based) {
    $package_type = 'deb'
    $check_command = "/usr/bin/dpkg-query -l ${package_name} | grep '^ii'" # Command to check if the package is installed (DEB)
  } else {
    fail("Unsupported OS family: ${facts['os']['family']}") # Fail if the OS family is not supported
  }

  # Determine the package architecture.
  $package_arch = $facts['os']['architecture'] ? {
    'x86_64' => 'amd64',
    default  => $facts['os']['architecture'],
  }

  # Construct the package filename.
  $package_pattern = "${package_name}-${wazuh_version}-${package_arch}.${package_type}"

  # Find the package URL in the downloaded file.
  exec { "filter_and_extract_${package_name}__${title}":
    command   => "/usr/bin/sed -n '/^${package_pattern}:/p' ${destination} | /usr/bin/awk -F': ' '{print \$2}' > ${destination}.bak && mv ${destination}.bak ${destination}",
    path      => ['/usr/sbin', '/usr/bin', '/sbin', '/bin', '/usr/local/sbin', '/usr/local/bin'],
    logoutput => true,
  }

  if $destination {
    exec { "download_file_from_url_${package_name}__${title}":
      command   => "tr -d '\r' < ${destination} | xargs /usr/bin/curl -o '${download_dir}/${package_pattern}'",
      path      => ['/usr/sbin', '/usr/bin', '/sbin', '/bin', '/usr/local/sbin', '/usr/local/bin'],
      logoutput => true,
    }

    # Determine the install command based on the package type.
    $install_command = $package_type ? {
      'rpm' => "/bin/rpm -ivh ${download_dir}/${package_pattern}",
      'deb' => "dpkg -i ${download_dir}/${package_pattern} || apt-get install -f -y",
    }

    notify { "Command to install: ${install_command}": }

    # Install the package.
    exec { "install_${package_pattern}":
      command   => $install_command,
      path      => ['/usr/sbin', '/usr/bin', '/sbin', '/bin', '/usr/local/sbin', '/usr/local/bin'],
      onlyif    => "dpkg-deb --info ${download_dir}/${package_pattern}",
      unless    => $check_command, # Only install if the package is not already installed
      logoutput => true,
    }

    # Remove the downloaded package file.
    file { "${download_dir}/${package_pattern}":
      ensure => absent,
      force  => true,
    }
  } else {
    warning("URL for ${package_pattern} not found in ${destination}")
  }
}

Once the resource was generated, I was testing the functioning of the code and the definition of each of the steps has to contain different names in each of the different instances of the resource, so I was modifying the title of each of the actions so that I don't have the problem of having repeated titles because it generates errors of the following type:

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Evaluation Error: Error while evaluating a Resource Statement, Duplicate declaration: Exec[download_file_from_url] is already declared at (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/install_product.pp, line: 48); cannot redeclare (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/install_product.pp, line: 48) (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/install_product.pp, line: 48, column: 5) (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/manager.pp, line: 10) on node ip-172-31-47-161.ec2.internal

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Evaluation Error: Error while evaluating a Resource Statement, Duplicate declaration: Notify[Extracted package URL: /tmp/packages_url.txt] is already declared at (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/install_product.pp, line: 47); cannot redeclare (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/install_product.pp, line: 47) (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/install_product.pp, line: 47, column: 3) (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/manager.pp, line: 10) on node ip-172-31-47-161.ec2.internal

These errors were generated because the defined resource generates resource execution titles equal to when I instantiate them from the wazuh::manager class, so I had to find ways to differentiate these titles.

I also had to create a separate class that allows me to download the file from URLs since I cannot generate the same file multiple times, so in the first place there was a class that downloads the file:

class wazuh::package_list (
$prod_url = 'https://devops-wazuh-artifacts-pub.s3.us-west-1.amazonaws.com/devops-overhaul/packages_url.txt',
$destination = '/tmp/packages_url.txt',
) {
exec { 'download_packages_url_from_url':
command => "/usr/bin/curl --fail --location -o ${destination} ${prod_url}",
path => ['/usr/sbin', '/usr/bin', '/sbin', '/bin', '/usr/local/sbin', '/usr/local/bin'],
creates => $destination, # is created when the file does not exist
unless => "test -f ${destination}", # not executed if file exists.
logoutput => true,
}
}

After this I have to re-verify the extraction of the URL of each component to install, without making any modifications to the file, since this same file must be used in each of the executions of the classes that install the components and the file would only be deleted at the end of all the work, since I cannot call the class that downloads this file several times again.

[vcerenu]

Update

I have made some changes to the defined resource install_product, which allowed me to perform the installation of Wazuh indexer within the Puppet agent server, obtaining the URL of the file that is downloaded from the prodiuct_list class that I talked about earlier:

# Defined type to install Wazuh components from custom URLs
# @param package_name Name of the Wazuh component (e.g., 'wazuh-manager')
# @param wazuh_version Version of the component to install (e.g., '4.9.2')
define wazuh::install_product (
  String $package_name,
  String $wazuh_version = '4.9.2',
) {

  # Determine package provider based on OS family
  $provider = $facts['os']['family'] ? {
    'Debian' => 'dpkg',  # Correct provider name for .deb packages
    'RedHat' => 'rpm',   # Keep rpm for RedHat
    default  => fail("Unsupported OS family: ${facts['os']['family']}"),
  }

  # Determine package format (deb/rpm) based on OS family
  $compatibility = $facts['os']['family'] ? {
    'Debian' => 'deb',
    'RedHat' => 'rpm',
    default  => fail("Unsupported OS family: ${facts['os']['family']}"),
  }

  # Normalize architecture naming conventions
  $architecture = $facts['os']['architecture'] ? {
    'x86_64'  => 'amd64',   # Convert x86_64 to amd64
    'aarch64' => 'arm64',   # Convert aarch64 to arm64
    default   => $facts['os']['architecture'],
  }

  # Generate package identifier key
  $key = "${package_name}-${wazuh_version}-${architecture}.${compatibility}"

  # Download specific package using extracted URL
  exec { "download_${key}":
    command => "sh -c 'url=\$(grep -F '${key}:' /tmp/packages_url.txt | tr -d \"\\r\" | cut -d \" \" -f2); curl -o /tmp/${key} \$url'",
    unless  => "test -f /tmp/${key} && dpkg -I /tmp/${key} >/dev/null 2>&1",
    path    => ['/usr/bin', '/bin', '/sbin'],
    timeout => 600,
    require => [
      Exec['download_packages_url_from_url'],
    ],
  }

  # Install the package using correct provider
  package { $package_name:
    ensure   => installed,
    provider => $provider,  # Now using validated provider names
    source   => "/tmp/${key}",
    require  => Exec["download_${key}"],
  }
}

Each of the steps that are executed within the defined resource must maintain a dependency on each of the actions that they really need as a dependency, otherwise the execution is done in a disordered way.
This problem became more visible when I modified the wazuh::indexer class, which required modifying the installation method, but which in turn required adding more explicitly the dependency in the execution of the installation so that it does not try to modify the configuration files before it tries to install the package:, so I was able to have a modified version of the previous class with the current adaptations:

# Copyright (C) 2015, Wazuh Inc.
# Setup for Wazuh Indexer
class wazuh::indexer (
  # opensearch.yml configuration
  $indexer_network_host = '0.0.0.0',
  $indexer_cluster_name = 'wazuh-cluster',
  $indexer_node_name = 'node-1',
  $indexer_node_max_local_storage_nodes = '1',
  $indexer_service = 'wazuh-indexer',
  $indexer_package = 'wazuh-indexer',
  $indexer_version = '4.9.2',
  $indexer_fileuser = 'wazuh-indexer',
  $indexer_filegroup = 'wazuh-indexer',

  $indexer_path_data = '/var/lib/wazuh-indexer',
  $indexer_path_logs = '/var/log/wazuh-indexer',
  $indexer_path_certs = '/etc/wazuh-indexer/certs',
  $indexer_security_init_lockfile = '/var/tmp/indexer-security-init.lock',
  $full_indexer_reinstall = false, # Change to true when whant a full reinstall of Wazuh indexer

  $indexer_ip = 'localhost',
  $indexer_port = '9200',
  $indexer_discovery_hosts = [], # Empty array for single-node configuration
  $indexer_cluster_initial_master_nodes = ['node-1'],
  $indexer_cluster_CN = ['node-1'],

  # JVM options
  $jvm_options_memory = '1g',
) {
  wazuh::install_product { 'Wazuh indexer':
    package_name  => $indexer_package,
    wazuh_version => $indexer_version,
  }

  exec { "ensure full path of ${indexer_path_certs}":
    path    => '/usr/bin:/bin',
    command => "mkdir -p ${indexer_path_certs}",
    creates => $indexer_path_certs,
    require => Wazuh::Install_product['Wazuh indexer'],
  }
  -> file { $indexer_path_certs:
    ensure  => directory,
    owner   => $indexer_fileuser,
    group   => $indexer_filegroup,
    mode    => '0500',
    require => Wazuh::Install_product['Wazuh indexer'],
  }

  [
   "indexer-$indexer_node_name.pem",
   "indexer-$indexer_node_name-key.pem",
   'root-ca.pem',
   'admin.pem',
   'admin-key.pem',
  ].each |String $certfile| {
    file { "${indexer_path_certs}/${certfile}":
      ensure  => file,
      owner   => $indexer_fileuser,
      group   => $indexer_filegroup,
      mode    => '0400',
      replace => true,
      recurse => remote,
      source  => "puppet:///modules/archive/${certfile}",
      require => Wazuh::Install_product['Wazuh indexer'],
    }
  }

  $opensearch_parameters = [
    "network.host: ${indexer_network_host}",
    "node.name: ${indexer_node_name}",
    "plugins.security.ssl.http.pemcert_filepath: ${indexer_path_certs}/indexer-${indexer_node_name}.pem",
    "plugins.security.ssl.http.pemkey_filepath: ${indexer_path_certs}/indexer-${indexer_node_name}-key.pem",
    "plugins.security.ssl.http.pemtrustedcas_filepath: ${indexer_path_certs}/root-ca.pem",
    "plugins.security.ssl.transport.pemcert_filepath: ${indexer_path_certs}/indexer-${indexer_node_name}.pem",
    "plugins.security.ssl.transport.pemkey_filepath: ${indexer_path_certs}/indexer-${indexer_node_name}-key.pem",
    "plugins.security.ssl.transport.pemtrustedcas_filepath: ${indexer_path_certs}/root-ca.pem",
  ]

  $opensearch_parameters.each |$update| {
    $parts = split($update, ': ')
    $key = $parts[0]
    $value = $parts[1]

    augeas { "yaml_config_${key}":
      lens    => 'Yaml.lns',
      incl    => '/etc/wazuh-indexer/opensearch.yml',
      changes => "set ${key} '${value}'",
      onlyif  => "get ${key} != '${value}'",
      require => [
        File['/etc/wazuh-indexer/opensearch.yml'],
        Package['wazuh-indexer']
      ],
      notify  => Service['wazuh-indexer'],
    }
  }

  file { '/etc/wazuh-indexer/opensearch.yml':
    ensure  => file,
    require => [
      Wazuh::Install_product['Wazuh indexer']
    ],
  }

  file_line { 'Insert line initial size of total heap space':
    path    => '/etc/wazuh-indexer/jvm.options',
    line    => "-Xms${jvm_options_memory}",
    match   => '^-Xms',
    notify  => Service['wazuh-indexer'],
    require => Wazuh::Install_product['Wazuh indexer'],
  }

  file_line { 'Insert line maximum size of total heap space':
    path    => '/etc/wazuh-indexer/jvm.options',
    line    => "-Xmx${jvm_options_memory}",
    match   => '^-Xmx',
    notify  => Service['wazuh-indexer'],
    require => Wazuh::Install_product['Wazuh indexer'],
  }

  service { 'wazuh-indexer':
    ensure  => running,
    enable  => true,
    name    => $indexer_service,
    require => Wazuh::Install_product['Wazuh indexer'],
  }

  file_line { "Insert line limits nofile for ${indexer_fileuser}":
    path   => '/etc/security/limits.conf',
    line   => "${indexer_fileuser} - nofile  65535",
    match  => "^${indexer_fileuser} - nofile\s",
    notify => Service['wazuh-indexer'],
    require => Wazuh::Install_product['Wazuh indexer'],
  }
  file_line { "Insert line limits memlock for ${indexer_fileuser}":
    path   => '/etc/security/limits.conf',
    line   => "${indexer_fileuser} - memlock unlimited",
    match  => "^${indexer_fileuser} - memlock\s",
    notify => Service['wazuh-indexer'],
    require => Wazuh::Install_product['Wazuh indexer'],
  }

  # TODO: this should be done by the package itself and not by puppet at all
  [
    '/etc/wazuh-indexer',
    '/usr/share/wazuh-indexer',
    '/var/lib/wazuh-indexer',
  ].each |String $file| {
    exec { "set recusive ownership of ${file}":
      path        => '/usr/bin:/bin',
      command     => "chown ${indexer_fileuser}:${indexer_filegroup} -R ${file}",
      refreshonly => true,  # only run when package is installed or updated
      notify      => Service['wazuh-indexer'],
      require => Wazuh::Install_product['Wazuh indexer'],
    }
  }

  if $full_indexer_reinstall {
    file { $indexer_security_init_lockfile:
      ensure  => absent,
      before  => Exec['Initialize the Opensearch security index in Wazuh indexer'],
    }
  }
}

Wazuh indexer could be installed, but the problem now is the customization of the configuration file, something I am doing with the augeas tools, but I am having problems to get it to recognize the /etc/wazuh-indexer/opensearch.yml file:

Debug: Augeas[yaml_config_network.host](provider=augeas): Opening augeas with root /, lens path , flags 64
Debug: Augeas[yaml_config_network.host](provider=augeas): Augeas version 1.14.1 is installed
Warning: Augeas[yaml_config_network.host](provider=augeas): Loading failed for one or more files, see debug for /augeas//error output
Debug: Augeas[yaml_config_network.host](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error = parse_failed
Debug: Augeas[yaml_config_network.host](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/pos = 0
Debug: Augeas[yaml_config_network.host](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/line = 1
Debug: Augeas[yaml_config_network.host](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/char = 0
Debug: Augeas[yaml_config_network.host](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/lens = /opt/puppetlabs/puppet/share/augeas/lenses/dist/yaml.aug:78.10-.78:
Debug: Augeas[yaml_config_network.host](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/message = Get did not match entire input
Debug: Augeas[yaml_config_network.host](provider=augeas): Will attempt to save and only run if files changed
Debug: Augeas[yaml_config_network.host](provider=augeas): sending command 'set' with params ["/files/etc/wazuh-indexer/opensearch.yml/network.host", "0.0.0.0"]
Debug: Augeas[yaml_config_network.host](provider=augeas): Closed the augeas connection
Error: /Stage[indexerdeploy]/Wazuh::Indexer/Augeas[yaml_config_network.host]: Could not evaluate: Save failed, see debug output for details
Debug: Augeas[yaml_config_node.name](provider=augeas): Opening augeas with root /, lens path , flags 64
Debug: Augeas[yaml_config_node.name](provider=augeas): Augeas version 1.14.1 is installed
Warning: Augeas[yaml_config_node.name](provider=augeas): Loading failed for one or more files, see debug for /augeas//error output
Debug: Augeas[yaml_config_node.name](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error = parse_failed
Debug: Augeas[yaml_config_node.name](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/pos = 0
Debug: Augeas[yaml_config_node.name](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/line = 1
Debug: Augeas[yaml_config_node.name](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/char = 0
Debug: Augeas[yaml_config_node.name](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/lens = /opt/puppetlabs/puppet/share/augeas/lenses/dist/yaml.aug:78.10-.78:
Debug: Augeas[yaml_config_node.name](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/message = Get did not match entire input
Debug: Augeas[yaml_config_node.name](provider=augeas): Will attempt to save and only run if files changed
Debug: Augeas[yaml_config_node.name](provider=augeas): sending command 'set' with params ["/files/etc/wazuh-indexer/opensearch.yml/node.name", "node-1"]
Debug: Augeas[yaml_config_node.name](provider=augeas): Closed the augeas connection
Error: /Stage[indexerdeploy]/Wazuh::Indexer/Augeas[yaml_config_node.name]: Could not evaluate: Save failed, see debug output for details
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath](provider=augeas): Opening augeas with root /, lens path , flags 64
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath](provider=augeas): Augeas version 1.14.1 is installed
Warning: Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath](provider=augeas): Loading failed for one or more files, see debug for /augeas//error output
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error = parse_failed
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/pos = 0
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/line = 1
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/char = 0
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/lens = /opt/puppetlabs/puppet/share/augeas/lenses/dist/yaml.aug:78.10-.78:
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/message = Get did not match entire input
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath](provider=augeas): Will attempt to save and only run if files changed
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath](provider=augeas): sending command 'set' with params ["/files/etc/wazuh-indexer/opensearch.yml/plugins.security.ssl.http.pemcert_filepath", "/etc/wazuh-indexer/certs/indexer-node-1.pem"]
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath](provider=augeas): Closed the augeas connection
Error: /Stage[indexerdeploy]/Wazuh::Indexer/Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath]: Could not evaluate: Save failed, see debug output for details
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath](provider=augeas): Opening augeas with root /, lens path , flags 64
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath](provider=augeas): Augeas version 1.14.1 is installed
Warning: Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath](provider=augeas): Loading failed for one or more files, see debug for /augeas//error output
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error = parse_failed
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/pos = 0
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/line = 1
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/char = 0
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/lens = /opt/puppetlabs/puppet/share/augeas/lenses/dist/yaml.aug:78.10-.78:
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/message = Get did not match entire input
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath](provider=augeas): Will attempt to save and only run if files changed
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath](provider=augeas): sending command 'set' with params ["/files/etc/wazuh-indexer/opensearch.yml/plugins.security.ssl.http.pemkey_filepath", "/etc/wazuh-indexer/certs/indexer-node-1-key.pem"]
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath](provider=augeas): Closed the augeas connection
Error: /Stage[indexerdeploy]/Wazuh::Indexer/Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath]: Could not evaluate: Save failed, see debug output for details
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath](provider=augeas): Opening augeas with root /, lens path , flags 64
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath](provider=augeas): Augeas version 1.14.1 is installed
Warning: Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath](provider=augeas): Loading failed for one or more files, see debug for /augeas//error output
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error = parse_failed
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/pos = 0
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/line = 1
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/char = 0
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/lens = /opt/puppetlabs/puppet/share/augeas/lenses/dist/yaml.aug:78.10-.78:
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/message = Get did not match entire input
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath](provider=augeas): Will attempt to save and only run if files changed
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath](provider=augeas): sending command 'set' with params ["/files/etc/wazuh-indexer/opensearch.yml/plugins.security.ssl.http.pemtrustedcas_filepath", "/etc/wazuh-indexer/certs/root-ca.pem"]
Debug: Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath](provider=augeas): Closed the augeas connection
Error: /Stage[indexerdeploy]/Wazuh::Indexer/Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath]: Could not evaluate: Save failed, see debug output for details
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath](provider=augeas): Opening augeas with root /, lens path , flags 64
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath](provider=augeas): Augeas version 1.14.1 is installed
Warning: Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath](provider=augeas): Loading failed for one or more files, see debug for /augeas//error output
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error = parse_failed
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/pos = 0
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/line = 1
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/char = 0
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/lens = /opt/puppetlabs/puppet/share/augeas/lenses/dist/yaml.aug:78.10-.78:
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/message = Get did not match entire input
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath](provider=augeas): Will attempt to save and only run if files changed
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath](provider=augeas): sending command 'set' with params ["/files/etc/wazuh-indexer/opensearch.yml/plugins.security.ssl.transport.pemcert_filepath", "/etc/wazuh-indexer/certs/indexer-node-1.pem"]
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath](provider=augeas): Closed the augeas connection
Error: /Stage[indexerdeploy]/Wazuh::Indexer/Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath]: Could not evaluate: Save failed, see debug output for details
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath](provider=augeas): Opening augeas with root /, lens path , flags 64
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath](provider=augeas): Augeas version 1.14.1 is installed
Warning: Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath](provider=augeas): Loading failed for one or more files, see debug for /augeas//error output
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error = parse_failed
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/pos = 0
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/line = 1
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/char = 0
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/lens = /opt/puppetlabs/puppet/share/augeas/lenses/dist/yaml.aug:78.10-.78:
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/message = Get did not match entire input
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath](provider=augeas): Will attempt to save and only run if files changed
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath](provider=augeas): sending command 'set' with params ["/files/etc/wazuh-indexer/opensearch.yml/plugins.security.ssl.transport.pemkey_filepath", "/etc/wazuh-indexer/certs/indexer-node-1-key.pem"]
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath](provider=augeas): Closed the augeas connection
Error: /Stage[indexerdeploy]/Wazuh::Indexer/Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath]: Could not evaluate: Save failed, see debug output for details
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath](provider=augeas): Opening augeas with root /, lens path , flags 64
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath](provider=augeas): Augeas version 1.14.1 is installed
Warning: Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath](provider=augeas): Loading failed for one or more files, see debug for /augeas//error output
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error = parse_failed
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/pos = 0
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/line = 1
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/char = 0
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/lens = /opt/puppetlabs/puppet/share/augeas/lenses/dist/yaml.aug:78.10-.78:
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath](provider=augeas): /augeas/files/etc/wazuh-indexer/opensearch.yml/error/message = Get did not match entire input
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath](provider=augeas): Will attempt to save and only run if files changed
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath](provider=augeas): sending command 'set' with params ["/files/etc/wazuh-indexer/opensearch.yml/plugins.security.ssl.transport.pemtrustedcas_filepath", "/etc/wazuh-indexer/certs/root-ca.pem"]
Debug: Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath](provider=augeas): Closed the augeas connection
Error: /Stage[indexerdeploy]/Wazuh::Indexer/Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath]: Could not evaluate: Save failed, see debug output for details
Debug: /Stage[indexerdeploy]/Wazuh::Indexer/Exec[set recusive ownership of /etc/wazuh-indexer]: 'chown wazuh-indexer:wazuh-indexer -R /etc/wazuh-indexer' won't be executed because of failed check 'refreshonly'
Debug: /Stage[indexerdeploy]/Wazuh::Indexer/Exec[set recusive ownership of /usr/share/wazuh-indexer]: 'chown wazuh-indexer:wazuh-indexer -R /usr/share/wazuh-indexer' won't be executed because of failed check 'refreshonly'
Debug: /Stage[indexerdeploy]/Wazuh::Indexer/Exec[set recusive ownership of /var/lib/wazuh-indexer]: 'chown wazuh-indexer:wazuh-indexer -R /var/lib/wazuh-indexer' won't be executed because of failed check 'refreshonly'
Notice: /Service[wazuh-indexer]: Dependency Augeas[yaml_config_network.host] has failures: true
Notice: /Service[wazuh-indexer]: Dependency Augeas[yaml_config_node.name] has failures: true
Notice: /Service[wazuh-indexer]: Dependency Augeas[yaml_config_plugins.security.ssl.http.pemcert_filepath] has failures: true
Notice: /Service[wazuh-indexer]: Dependency Augeas[yaml_config_plugins.security.ssl.http.pemkey_filepath] has failures: true
Notice: /Service[wazuh-indexer]: Dependency Augeas[yaml_config_plugins.security.ssl.http.pemtrustedcas_filepath] has failures: true
Notice: /Service[wazuh-indexer]: Dependency Augeas[yaml_config_plugins.security.ssl.transport.pemcert_filepath] has failures: true
Notice: /Service[wazuh-indexer]: Dependency Augeas[yaml_config_plugins.security.ssl.transport.pemkey_filepath] has failures: true
Notice: /Service[wazuh-indexer]: Dependency Augeas[yaml_config_plugins.security.ssl.transport.pemtrustedcas_filepath] has failures: true

[vcerenu]

Update

I have been testing the customization of configuration files. Due to problems with the use of augeas to perform these steps, apparently due to the lack of compliance in the Yaml format of the opensearch.yml file I am using, I decided to use a more compatible and simple implementation, with which I was able to deploy Wazuh indexer without problems:

# Copyright (C) 2015, Wazuh Inc.
# Setup for Wazuh Indexer
class wazuh::indexer (
  # opensearch.yml configuration
  $indexer_network_host = '0.0.0.0',
  $indexer_cluster_name = 'wazuh-cluster',
  $indexer_node_name = 'node-1',
  $indexer_node_max_local_storage_nodes = '1',
  $indexer_service = 'wazuh-indexer',
  $indexer_package = 'wazuh-indexer',
  $indexer_version = '4.9.2',
  $indexer_fileuser = 'wazuh-indexer',
  $indexer_filegroup = 'wazuh-indexer',

  $indexer_path_data = '/var/lib/wazuh-indexer',
  $indexer_path_logs = '/var/log/wazuh-indexer',
  $indexer_path_certs = '/etc/wazuh-indexer/certs',
  $indexer_security_init_lockfile = '/var/tmp/indexer-security-init.lock',
  $full_indexer_reinstall = false, # Change to true when whant a full reinstall of Wazuh indexer

  $indexer_ip = 'localhost',
  $indexer_port = '9200',
  $indexer_discovery_hosts = [], # Empty array for single-node configuration
  $indexer_cluster_initial_master_nodes = ['node-1'],
  $indexer_cluster_CN = ['node-1'],

  # JVM options
  $jvm_options_memory = '1g',
) {
  wazuh::install_product { 'Wazuh indexer':
    package_name  => $indexer_package,
    wazuh_version => $indexer_version,
  }

  exec { "ensure full path of ${indexer_path_certs}":
    path    => '/usr/bin:/bin',
    command => "mkdir -p ${indexer_path_certs}",
    creates => $indexer_path_certs,
    require => Wazuh::Install_product['Wazuh indexer'],
  }
  -> file { $indexer_path_certs:
    ensure  => directory,
    owner   => $indexer_fileuser,
    group   => $indexer_filegroup,
    mode    => '0500',
    require => Wazuh::Install_product['Wazuh indexer'],
  }

  [
   "indexer-$indexer_node_name.pem",
   "indexer-$indexer_node_name-key.pem",
   'root-ca.pem',
   'admin.pem',
   'admin-key.pem',
  ].each |String $certfile| {
    file { "${indexer_path_certs}/${certfile}":
      ensure  => file,
      owner   => $indexer_fileuser,
      group   => $indexer_filegroup,
      mode    => '0400',
      replace => true,
      recurse => remote,
      source  => "puppet:///modules/archive/${certfile}",
      require => Wazuh::Install_product['Wazuh indexer'],
    }
  }

  $config = {
    'network.host'                                          => $indexer_network_host,
    'node.name'                                             => $indexer_node_name,
    'plugins.security.ssl.http.pemcert_filepath'            => "${indexer_path_certs}/indexer-${indexer_node_name}.pem",
    'plugins.security.ssl.http.pemkey_filepath'             => "${indexer_path_certs}/indexer-${indexer_node_name}-key.pem",
    'plugins.security.ssl.http.pemtrustedcas_filepath'      => "${indexer_path_certs}/root-ca.pem",
    'plugins.security.ssl.transport.pemcert_filepath'       => "${indexer_path_certs}/indexer-${indexer_node_name}.pem",
    'plugins.security.ssl.transport.pemkey_filepath'        => "${indexer_path_certs}/indexer-${indexer_node_name}-key.pem",
    'plugins.security.ssl.transport.pemtrustedcas_filepath' => "${indexer_path_certs}/root-ca.pem"
  }

  $config.each |$key, $value| {
    file_line { "opensearch_${key}":
      path    => '/etc/wazuh-indexer/opensearch.yml',
      line    => "${key}: \"${value}\"",
      match   => "^${key}:",
      notify  => Service['wazuh-indexer'],
      require => [
        File['/etc/wazuh-indexer/opensearch.yml'],
        Wazuh::Install_product['Wazuh indexer']
      ],
    }
  }

  file { '/etc/wazuh-indexer/opensearch.yml':
    ensure  => file,
    require => [
      Wazuh::Install_product['Wazuh indexer']
    ],
  }

  service { 'wazuh-indexer':
    ensure  => running,
    enable  => true,
    name    => $indexer_service,
    require => Wazuh::Install_product['Wazuh indexer'],
  }

  file_line { "Insert line limits nofile for ${indexer_fileuser}":
    path   => '/etc/security/limits.conf',
    line   => "${indexer_fileuser} - nofile  65535",
    match  => "^${indexer_fileuser} - nofile\s",
    notify => Service['wazuh-indexer'],
    require => Wazuh::Install_product['Wazuh indexer'],
  }
  file_line { "Insert line limits memlock for ${indexer_fileuser}":
    path   => '/etc/security/limits.conf',
    line   => "${indexer_fileuser} - memlock unlimited",
    match  => "^${indexer_fileuser} - memlock\s",
    notify => Service['wazuh-indexer'],
    require => Wazuh::Install_product['Wazuh indexer'],
  }

  if $full_indexer_reinstall {
    file { $indexer_security_init_lockfile:
      ensure  => absent,
      before  => Exec['Initialize the Opensearch security index in Wazuh indexer'],
    }
  }
}

Tests

Wazuh indexer install and configuration:

root@ip-172-31-47-161:~/wazuh-puppet# puppet agent -t
Info: Using environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Warning: Fact value '#!/bin/sh

# Copyright (C) 2015, Wazuh Inc.
# Created by Wazuh, Inc. <[email protected]>.
# This program is a free software; you can redistribute it and/or modify it under the terms of GPLv2

Notice: Requesting catalog from ip-172-31-47-161:8140 (172.31.47.161)
Notice: Catalog compiled by ip-172-31-47-161.ec2.internal
Info: Caching catalog for ip-172-31-47-161.ec2.internal
Info: Applying configuration version '1738237112'
Notice: /Stage[certificates]/Wazuh::Certificates/File[Configure Wazuh Certificates config.yml]/ensure: defined content as '{sha256}081fb42f8c670649d09c5f8aecf0eebdd06c7e7a673d2e41c7fd5c44fbd8bab4'
Notice: /Stage[certificates]/Wazuh::Certificates/File[/tmp/wazuh-certs-tool.sh]/ensure: defined content as '{mtime}2024-08-20 13:09:41 UTC'
Notice: /Stage[certificates]/Wazuh::Certificates/Exec[Create Wazuh Certificates]/returns: executed successfully
Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/admin-key.pem]/ensure: defined content as '{sha256}9d83cb89054a1d78f70bedcbc5659ae86360439cb5e1cb653ee24b4cf7ecd2cf'
Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/admin.pem]/ensure: defined content as '{sha256}255a297287012f32e8ff2c146271555dfea6b007110f6cbd39d3e7163e7cb5da'
Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/dashboard-key.pem]/ensure: defined content as '{sha256}59aa465bd0cfa1e64068ec3d15a4d636e1668d050d1251bbb84bdd35d933506b'
Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/dashboard.pem]/ensure: defined content as '{sha256}568173af6c8b9bf6c92b8936e28b39141bc0049366a500b70ca3a1a0e75065d5'
Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/indexer-node-1-key.pem]/ensure: defined content as '{sha256}03a13bfac2711be3f6f081ef1410764289b5a9884f08ca007a90f1f3624302ba'
Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/indexer-node-1.pem]/ensure: defined content as '{sha256}6cb5e40b0747b52c63705f7aad54d02703d5f6944ae58d44595ee6302d0c976d'
Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/manager-master-key.pem]/ensure: defined content as '{sha256}ebf86763aee8c971c112e8dd6d6fa7f4d3258383daa314c02e1efe56589c8a65'
Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/manager-master.pem]/ensure: defined content as '{sha256}daf017e9195d2b4624e55c5b550897b6d354dcc5a938296199f59c309c65fb33'
Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/root-ca.key]/ensure: defined content as '{sha256}d60652a046ff9dd4b83ad0ff799938732cc200db1d583ce190e5e696ed9de08b'
Notice: /Stage[certificates]/Wazuh::Certificates/File[/etc/puppetlabs/code/environments/production/modules/archive/files/root-ca.pem]/ensure: defined content as '{sha256}bea2f3d429c64c8a87a6fe7d169f43e3bce9680850552617916ba6dd4fe4cfd3'
Notice: /Stage[url]/Wazuh::Package_list/Exec[download_packages_url_from_url]/returns:   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
Notice: /Stage[url]/Wazuh::Package_list/Exec[download_packages_url_from_url]/returns:                                  Dload  Upload   Total   Spent    Left  Speed
100  1342  100  1342    0     0   4067      0 --:--:-- --:--:-- --:--:--  4079eturns:
Notice: /Stage[url]/Wazuh::Package_list/Exec[download_packages_url_from_url]/returns: executed successfully
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/Wazuh::Install_product[Wazuh indexer]/Exec[download_wazuh-indexer-4.9.2-amd64.deb]/returns: executed successfully
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/Wazuh::Install_product[Wazuh indexer]/Package[wazuh-indexer]/ensure: created
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/Exec[ensure full path of /etc/wazuh-indexer/certs]/returns: executed successfully
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[/etc/wazuh-indexer/certs]/owner: owner changed 'root' to 'wazuh-indexer'
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[/etc/wazuh-indexer/certs]/group: group changed 'root' to 'wazuh-indexer'
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[/etc/wazuh-indexer/certs]/mode: mode changed '0755' to '0500'
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[/etc/wazuh-indexer/certs/indexer-node-1.pem]/ensure: defined content as '{sha256}6cb5e40b0747b52c63705f7aad54d02703d5f6944ae58d44595ee6302d0c976d'
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[/etc/wazuh-indexer/certs/indexer-node-1-key.pem]/ensure: defined content as '{sha256}03a13bfac2711be3f6f081ef1410764289b5a9884f08ca007a90f1f3624302ba'
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[/etc/wazuh-indexer/certs/root-ca.pem]/ensure: defined content as '{sha256}bea2f3d429c64c8a87a6fe7d169f43e3bce9680850552617916ba6dd4fe4cfd3'
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[/etc/wazuh-indexer/certs/admin.pem]/ensure: defined content as '{sha256}255a297287012f32e8ff2c146271555dfea6b007110f6cbd39d3e7163e7cb5da'
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File[/etc/wazuh-indexer/certs/admin-key.pem]/ensure: defined content as '{sha256}9d83cb89054a1d78f70bedcbc5659ae86360439cb5e1cb653ee24b4cf7ecd2cf'
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[opensearch_plugins.security.ssl.http.pemcert_filepath]/ensure: created
Info: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[opensearch_plugins.security.ssl.http.pemcert_filepath]: Scheduling refresh of Service[wazuh-indexer]
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[opensearch_plugins.security.ssl.http.pemkey_filepath]/ensure: created
Info: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[opensearch_plugins.security.ssl.http.pemkey_filepath]: Scheduling refresh of Service[wazuh-indexer]
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[opensearch_plugins.security.ssl.http.pemtrustedcas_filepath]/ensure: created
Info: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[opensearch_plugins.security.ssl.http.pemtrustedcas_filepath]: Scheduling refresh of Service[wazuh-indexer]
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[opensearch_plugins.security.ssl.transport.pemcert_filepath]/ensure: created
Info: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[opensearch_plugins.security.ssl.transport.pemcert_filepath]: Scheduling refresh of Service[wazuh-indexer]
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[opensearch_plugins.security.ssl.transport.pemkey_filepath]/ensure: created
Info: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[opensearch_plugins.security.ssl.transport.pemkey_filepath]: Scheduling refresh of Service[wazuh-indexer]
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[opensearch_plugins.security.ssl.transport.pemtrustedcas_filepath]/ensure: created
Info: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[opensearch_plugins.security.ssl.transport.pemtrustedcas_filepath]: Scheduling refresh of Service[wazuh-indexer]
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[Insert line limits nofile for wazuh-indexer]/ensure: created
Info: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[Insert line limits nofile for wazuh-indexer]: Scheduling refresh of Service[wazuh-indexer]
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[Insert line limits memlock for wazuh-indexer]/ensure: created
Info: /Stage[indexerdeploy]/Wazuh::Indexer/File_line[Insert line limits memlock for wazuh-indexer]: Scheduling refresh of Service[wazuh-indexer]
Notice: /Stage[indexerdeploy]/Wazuh::Indexer/Service[wazuh-indexer]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[indexerdeploy]/Wazuh::Indexer/Service[wazuh-indexer]: Unscheduling refresh on Service[wazuh-indexer]
Notice: /Stage[securityadmin]/Wazuh::Securityadmin/Exec[Initialize the Opensearch security index in Wazuh indexer]/returns: executed successfully
Notice: Applied catalog in 119.56 seconds

I performed re-execution tests and it maintains idempotence in execution

root@ip-172-31-47-161:~/wazuh-puppet# puppet agent -t
Info: Using environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Warning: Fact value '#!/bin/sh

# Copyright (C) 2015, Wazuh Inc.
# Created by Wazuh, Inc. <[email protected]>.
# This program is a free software; you can redistribute it and/or modify it under the terms of GPLv2

Notice: Requesting catalog from ip-172-31-47-161:8140 (172.31.47.161)
Notice: Catalog compiled by ip-172-31-47-161.ec2.internal
Info: Caching catalog for ip-172-31-47-161.ec2.internal
Info: Applying configuration version '1738238057'
Notice: Applied catalog in 0.98 seconds
root@ip-172-31-47-161:~/wazuh-puppet#

[vcerenu]

Update

I've been checking the installation of the Wazuh server 5.0.0 package.

Some tasks appeared that I added in addition to the installation of the package itself:

• Adaptation of Wazuh Cert Tool for 5.0.0, which should not contain the parameter referring to what type of node it is.
• Creation of new certificates used in Wazuh Server, which will not be included in Wazuh Cert Tool and require an additional step after the installation and before the start of the services.
• Add the transfer of certificates for Wazuh Server, which are created with the wazuh::certificates class and transferred with the Archives module. This step was contemplated in the installation of Filebeat but must be migrated to this new class since we do not use this tool.

The installation of the Wazuh Server package worked correctly with the use of the define wazuh::install_package resource, it was verified that once installed it does not try to install the package again, so it maintains the idempotency.
Modules or dependencies are being analyzed for the configuration of the wazuh-server.yml file, which correctly respects the indentation of the yaml:

standard:root@ip-172-31-47-161:~# yamllint /etc/wazuh-server/wazuh-server.yml
/etc/wazuh-server/wazuh-server.yml
1:1 warning missing document start "---" (document-start)

root@ip-172-31-47-161:~#

[vcerenu]

Update

I've been working with the wazuh::server class, which installs the Wazuh server package and first copies and creates the necessary certificates:

# Copyright (C) 2015, Wazuh Inc.
# Main Wazuh server config
#
class wazuh::server (
String $server_version = '4.9.2',
String $server_package = 'wazuh-server',
String $server_node_name = 'node-1',
String $server_path_certs = '/etc/wazuh-server/certs',
String $server_fileuser = 'wazuh-server',
String $server_filegroup = 'wazuh-server',
) {
# Install Wazuh Manager
wazuh::install_product { 'Wazuh server':
package_name => $server_package,
wazuh_version => $server_version,
 }

 [
 "server-${server_node_name}.pem",
 "server-${server_node_name}-key.pem",
 'root-ca.pem',
 'admin.pem',
 'admin-key.pem',
 ].each |String $certfile| {
 file { "${server_path_certs}/${certfile}":
 ensure => file,
 owner => $server_fileuser,
 group => $server_filegroup,
 mode => '0400',
 replace => true,
 resource => remote,
 source => "puppet:///modules/archive/${certfile}",
 require => [
 Wazuh::Install_product['Wazuh server']
 ]
 }
 }

 # Generate private key
 exec { 'generate-private-key':
 command => "openssl ecparam -name secp256k1 -genkey -noout -out ${server_path_certs}/private-key.pem",
 creates => "${server_path_certs}/private-key.pem",
 path => ['/usr/bin', '/bin', '/usr/sbin', '/sbin'],
 require => Wazuh::Install_product['Wazuh server'],
 }

 # Generate public key
 exec { 'generate-public-key':
 command => "openssl ec -in ${server_path_certs}/private-key.pem -pubout -out ${server_path_certs}/public-key.pem",
 creates => "${server_path_certs}/public-key.pem",
 path => ['/usr/bin', '/bin', '/usr/sbin', '/sbin'],
 require => Exec['generate-private-key'],
 }

 # Set ownership for private key
 file { "${server_path_certs}/private-key.pem":
 owner => $server_fileuser,
 group => $server_filegroup,
 require => Exec['generate-private-key'],
 }

 # Set ownership for public key
 file { "${server_path_certs}/public-key.pem":
 owner => $server_fileuser,
 group => $server_filegroup,
 require => Exec['generate-public-key'],
 }

 # Manage the service
 service { 'wazuh-manager':
 ensure => running,
 enable => true,
 }
}

This process is generating an error during execution:

Error: Could not set 'file' on ensure: No such file or directory - A directory component in /etc/wazuh-server/certs/server-node-1.pem20250210-16010-150z95v.lock does not exist or is a dangling symbolic link (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/server.pp, line: 25)
Error: Could not set 'file' on ensure: No such file or directory - A directory component in /etc/wazuh-server/certs/server-node-1.pem20250210-16010-150z95v.lock does not exist or is a dangling symbolic link (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/server.pp, line: 25)
Wrapped exception:
No such file or directory - A directory component in /etc/wazuh-server/certs/server-node-1.pem20250210-16010-150z95v.lock does not exist or is a dangling symbolic link
Error: /Stage[server]/Wazuh::Server/File[/etc/wazuh-server/certs/server-node-1.pem]/ensure: change from 'absent' to 'file' failed: Could not set 'file' on ensure: No such file or directory - A directory component in /etc/wazuh-server/certs/server-node-1.pem20250210-16010-150z95v.lock does not exist or is a dangling symbolic link (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/server.pp, line: 25)
Error: Could not set 'file' on ensure: No such file or directory - A directory component in /etc/wazuh-server/certs/server-node-1-key.pem20250210-16010-17n3xir.lock does not exist or is a dangling symbolic link (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/server.pp, line: 25)
Error: Could not set 'file' on ensure: No such file or directory - A directory component in /etc/wazuh-server/certs/server-node-1-key.pem20250210-16010-17n3xir.lock does not exist or is a dangling symbolic link (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/server.pp, line: 25)
Wrapped exception:
No such file or directory - A directory component in /etc/wazuh-server/certs/server-node-1-key.pem20250210-16010-17n3xir.lock does not exist or is a dangling symbolic link
Error: /Stage[server]/Wazuh::Server/File[/etc/wazuh-server/certs/server-node-1-key.pem]/ensure: change from 'absent' to 'file' failed: Could not set 'file' on ensure: No such file or directory - A directory component in /etc/wazuh-server/certs/server-node-1-key.pem20250210-16010-17n3xir.lock does not exist or is a dangling symbolic link (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/server.pp, line: 25)
Error: Could not set 'file' on ensure: No such file or directory - A directory component in /etc/wazuh-server/certs/root-ca.pem20250210-16010-1kjtckj.lock does not exist or is a dangling symbolic link (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/server.pp, line: 25)
Error: Could not set 'file' on ensure: No such file or directory - A directory component in /etc/wazuh-server/certs/root-ca.pem20250210-16010-1kjtckj.lock does not exist or is a dangling symbolic link (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/server.pp, line: 25)
Wrapped exception:
No such file or directory - A directory component in /etc/wazuh-server/certs/root-ca.pem20250210-16010-1kjtckj.lock does not exist or is a dangling symbolic link
Error: /Stage[server]/Wazuh::Server/File[/etc/wazuh-server/certs/root-ca.pem]/ensure: change from 'absent' to 'file' failed: Could not set 'file' on ensure: No such file or directory - A directory component in /etc/wazuh-server/certs/root-ca.pem20250210-16010-1kjtckj.lock does not exist or is a dangling symbolic link (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/server.pp, line: 25)
Error: Could not set 'file' on ensure: No such file or directory - A directory component in /etc/wazuh-server/certs/admin.pem20250210-16010-dcjbd9.lock does not exist or is a dangling symbolic link (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/server.pp, line: 25)
Error: Could not set 'file' on ensure: No such file or directory - A directory component in /etc/wazuh-server/certs/admin.pem20250210-16010-dcjbd9.lock does not exist or is a dangling symbolic link (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/server.pp, line: 25)
Wrapped exception:
No such file or directory - A directory component in /etc/wazuh-server/certs/admin.pem20250210-16010-dcjbd9.lock does not exist or is a dangling symbolic link
Error: /Stage[server]/Wazuh::Server/File[/etc/wazuh-server/certs/admin.pem]/ensure: change from 'absent' to 'file' failed: Could not set 'file' on ensure: No such file or directory - A directory component in /etc/wazuh-server/certs/admin.pem20250210-16010-dcjbd9.lock does not exist or is a dangling symbolic link (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/server.pp, line: 25)
Error: Could not set 'file' on ensure: No such file or directory - A directory component in /etc/wazuh-server/certs/admin-key.pem20250210-16010-1kxxtcr.lock does not exist or is a dangling symbolic link (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/server.pp, line: 25)
Error: Could not set 'file' on ensure: No such file or directory - A directory component in /etc/wazuh-server/certs/admin-key.pem20250210-16010-1kxxtcr.lock does not exist or is a dangling symbolic link (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/server.pp, line: 25)
Wrapped exception:
No such file or directory - A directory component in /etc/wazuh-server/certs/admin-key.pem20250210-16010-1kxxtcr.lock does not exist or is a dangling symbolic link
Error: /Stage[server]/Wazuh::Server/File[/etc/wazuh-server/certs/admin-key.pem]/ensure: change from 'absent' to 'file' failed: Could not set 'file' on ensure: No such file or directory - A directory component in /etc/wazuh-server/certs/admin-key.pem20250210-16010-1kxxtcr.lock does not exist or is a dangling symbolic link (file: /etc/puppetlabs/code/environments/production/modules/wazuh/manifests/server.pp, line: 25)
Notice: /Stage[server]/Wazuh::Server/Exec[generate-private-key]/returns: ecparam: Can't open "/etc/wazuh-server/certs/private-key.pem" for writing, No such file or directory
Error: 'openssl ecparam -name secp256k1 -genkey -noout -out /etc/wazuh-server/certs/private-key.pem' returned 1 instead of one of [0]
Error: /Stage[server]/Wazuh::Server/Exec[generate-private-key]/returns: change from 'notrun' to ['0'] failed: 'openssl ecparam -name secp256k1 -genkey -noout -out /etc/wazuh-server/certs/private-key.pem' returned 1 instead of one of [0] (corrective)

These errors are being generated because the installation is not being executed correctly before the certificates are copied, since the /etc/wazuh-server/certs directory is not installed correctly.
I am checking if there is any dependency that is not being taken into account when starting the copy or if the wazuh::install_product resource is not correctly notifying the installation or the package is not being installed correctly.

[vcerenu]

Update

I'm encountering several problems with configuring YAML files.

There are few options to edit files with certain formats in Puppet and almost all of them are used only for creating files from scratch, so editing them becomes complicated, taking into account that Puppet does not allow manipulating dependencies in the agent and requires using Puppet resources itself, so the options are very limited.

Today I was reviewing the operation of Augeas for this case, which shows some information about its use for these cases, but this functionality was removed from the module since after several changes in the YAML standard they have stopped supporting the Yaml lens in Augeas, so I continue to verify what other option we have for this case.

[vcerenu]

Update

He continuado revisando la instalación de Wazuh dashboard con la nueva clase.
Este paso se realizó correctamente, sin contemplar customizaciones ya que no corresponde a esta issue

Notice: /Stage[dashboard]/Wazuh::Dashboard/Wazuh::Install_product[Wazuh dashboard]/Exec[download_wazuh-dashboard-4.9.2-amd64.deb]/returns: executed successfully (corrective)
Notice: /Stage[dashboard]/Wazuh::Dashboard/Wazuh::Install_product[Wazuh dashboard]/Package[wazuh-dashboard]/ensure: created
Notice: /Stage[dashboard]/Wazuh::Dashboard/Exec[ensure full path of /etc/wazuh-dashboard/certs]/returns: executed successfully
Notice: /Stage[dashboard]/Wazuh::Dashboard/File[/etc/wazuh-dashboard/certs]/owner: owner changed 'root' to 'wazuh-dashboard'
Notice: /Stage[dashboard]/Wazuh::Dashboard/File[/etc/wazuh-dashboard/certs]/group: group changed 'root' to 'wazuh-dashboard'
Notice: /Stage[dashboard]/Wazuh::Dashboard/File[/etc/wazuh-dashboard/certs]/mode: mode changed '0755' to '0500'
Notice: /Stage[dashboard]/Wazuh::Dashboard/File[/etc/wazuh-dashboard/certs/dashboard.pem]/ensure: defined content as '{sha256}18ae11b3159cc548ca1fc815c3e6d96bb212e3e992232b5a85610782cb3a4106'
Notice: /Stage[dashboard]/Wazuh::Dashboard/File[/etc/wazuh-dashboard/certs/dashboard-key.pem]/ensure: defined content as '{sha256}aa35bcaec2ed3500b7cd9ff7084ad230ee537aa71de8ce24fd3a106ac3115bdb'
Notice: /Stage[dashboard]/Wazuh::Dashboard/File[/etc/wazuh-dashboard/certs/root-ca.pem]/ensure: defined content as '{sha256}028fe425d8a6b195b8d43bc486ec7fb099b54645c72a892875039000e6409fe0'
Notice: /Stage[dashboard]/Wazuh::Dashboard/File[/etc/wazuh-dashboard/opensearch_dashboards.yml]/content:
--- /etc/wazuh-dashboard/opensearch_dashboards.yml      2023-05-05 12:31:50.000000000 +0000
+++ /tmp/puppet-file20250212-30875-js5lt1       2025-02-12 20:08:29.330328696 +0000
@@ -2,20 +2,13 @@
 server.port: 443
 opensearch.hosts: https://localhost:9200
 opensearch.ssl.verificationMode: certificate
-#opensearch.username:
-#opensearch.password:
-opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
+opensearch.username: kibanaserver
+opensearch.password: kibanaserver
+opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
 opensearch_security.multitenancy.enabled: false
 opensearch_security.readonly_mode.roles: ["kibana_read_only"]
 server.ssl.enabled: true
 server.ssl.key: "/etc/wazuh-dashboard/certs/dashboard-key.pem"
 server.ssl.certificate: "/etc/wazuh-dashboard/certs/dashboard.pem"
 opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
-uiSettings.overrides.defaultRoute: /app/home
-wazuh_core.hosts:
-  manager:
-    url: 'https://localhost'
-    port: 55000
-    username: wazuh-wui
-    password: wazuh-wui
-    run_as: false
+uiSettings.overrides.defaultRoute: /app/wz-home

Notice: /Stage[dashboard]/Wazuh::Dashboard/File[/etc/wazuh-dashboard/opensearch_dashboards.yml]/content: content changed '{sha256}7cc400085a6782d98fc8e48156e2744308d0b63b8cc0a36bb05f368c500e28e3' to '{sha256}74ff59a251cbd87e132b8e88826b954f1b0f331dc53550e92a6bb73dc01b8918'
Info: /Stage[dashboard]/Wazuh::Dashboard/File[/etc/wazuh-dashboard/opensearch_dashboards.yml]: Scheduling refresh of Service[wazuh-dashboard]
Notice: /Stage[dashboard]/Wazuh::Dashboard/File[/usr/share/wazuh-dashboard/data/wazuh/]/ensure: created
Notice: /Stage[dashboard]/Wazuh::Dashboard/File[/usr/share/wazuh-dashboard/data/wazuh/config]/ensure: created
Notice: /Stage[dashboard]/Wazuh::Dashboard/File[/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml]/ensure: defined content as '{sha256}3a9783f9c7ecfdee95b0c829af68499e2f6c43a5fb04d031493819ae4dcd6fc7'
Info: /Stage[dashboard]/Wazuh::Dashboard/File[/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml]: Scheduling refresh of Service[wazuh-dashboard]
Notice: /Stage[dashboard]/Wazuh::Dashboard/Service[wazuh-dashboard]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[dashboard]/Wazuh::Dashboard/Service[wazuh-dashboard]: Unscheduling refresh on Service[wazuh-dashboard]
Notice: Applied catalog in 52.04 seconds
root@ip-172-31-47-161:~/wazuh-puppet# cat /etc/wazuh-server/wazuh-server.yml
server:
  nodes:
    - master
  node:
    name: node-1
    type: master
    ssl:
      key: /etc/wazuh-server/certs/server-node-1-key.pem
      cert: /etc/wazuh-server/certs/server-node-1.pem
      ca: /etc/wazuh-server/certs/root-ca.pem
  jwt:
    private_key: /etc/wazuh-server/certs/private-key.pem
    public_key: /etc/wazuh-server/certs/public-key.pem
indexer:
  hosts:
    - host: localhost
      port: 9200
  username: admin
  password: admin
  ssl:
    use_ssl: true
    key: /etc/wazuh-server/certs/server-node-1-key.pem
    certificate: /etc/wazuh-server/certs/server-node-1.pem
    certificate_authorities:
      - /etc/wazuh-server/certs/root-ca.pem
communications_api:
  host: localhost
  port: 27000
  ssl:
    key: /etc/wazuh-server/certs/server-node-1-key.pem
    cert: /etc/wazuh-server/certs/server-node-1.pem
    use_ca: false
    ca: /etc/wazuh-server/certs/root-ca.pem
management_api:
  host:
    - localhost
    - ::1
  port: 55000
  ssl:
    key: /etc/wazuh-server/certs/server-node-1-key.pem
    cert: /etc/wazuh-server/certs/server-node-1.pem
    use_ca: false
    ca: /etc/wazuh-server/certs/root-ca.pem

With this result, we continue with the investigation regarding the creation of a Puppet module from scratch to implement the changes made.

[vcerenu]

Update

I have been creating the Puppet Wazuh module again, which will contain the new changes and remove references to old classes that we used and are not going to continue doing so, in addition to all the templates that we have and are not going to need.

$ tree
.
├── CHANGELOG.md
├── data
│   └── common.yaml
├── examples
├── files
├── Gemfile
├── Gemfile.lock
├── hiera.yaml
├── manifests
│   ├── dashboard.pp
│   ├── indexer.pp
│   ├── init.pp
│   ├── install_package.pp
│   └── server.pp
├── metadata.json
├── Rakefile
├── README.md
├── spec
│   ├── classes
│   │   ├── dashboard_spec.rb
│   │   ├── indexer_spec.rb
│   │   ├── install_package_spec.rb
│   │   ├── server_spec.rb
│   │   └── wazuh_spec.rb
│   ├── default_facts.yml
│   ├── defines
│   │   └── install_package_spec.rb
│   └── spec_helper.rb
├── tasks
├── templates
└── update_report.txt

[vcerenu]

I am making several changes to the new Puppet module created for this Spilke, which include several checks necessary to maintain the idempotence of the module.

In the case of manual download of the packages, it is necessary to add a check that allows us to idempotently download this installer and then install it. These steps require several dependencies, such as the dependency of the download step on the step where we download the package file, but in turn the download of the package has to depend on the verification of the installation of the package, because if we do not verify this before downloading, then the execution of the Puppet plan would download this file all the time, generating problems for the user. We had thought about checking if the file already existed, but this would not allow us to delete the temporary files after the installation, and we cannot depend on the file because if we have a problem in the download and the file is generated corrupt, it is necessary to download it again, so the dependency of the file would not be correct.

I am analyzing this type of dependencies within the defined resource install_package, which is also generating some errors re-executing

[vcerenu]

Update

I've been working on the idempotency of the created classes, so that they don't generate incorrect actions after correctly installing the components:

root@ip-172-31-47-161:~# puppet agent -t
Info: Using environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Notice: Requesting catalog from ip-172-31-47-161:8140 (172.31.47.161)
Notice: Catalog compiled by ip-172-31-47-161.ec2.internal
Info: Caching catalog for ip-172-31-47-161.ec2.internal
Info: Applying configuration version '1740655770'
Notice: /Stage[manager]/Wazuh::Server/Service[wazuh-server]/ensure: ensure changed 'stopped' to 'running' (corrective)
Info: /Stage[manager]/Wazuh::Server/Service[wazuh-server]: Unscheduling refresh on Service[wazuh-server]
Notice: /Stage[dashboard]/Wazuh::Dashboard/Service[wazuh-dashboard]/ensure: ensure changed 'stopped' to 'running' (corrective)
Info: /Stage[dashboard]/Wazuh::Dashboard/Service[wazuh-dashboard]: Unscheduling refresh on Service[wazuh-dashboard]
Notice: Applied catalog in 3.77 seconds
root@ip-172-31-47-161:~#

The actions carried out correspond to restarting the Wazuh server service, which is still It does not start correctly because I have not generated a procedure for updating data in the wazuh_server.yml file and the dashboard still does not start correctly due to the previous failure.