Skip to content

Commit

Permalink
Added certificates generation logic
Browse files Browse the repository at this point in the history
  • Loading branch information
@davidcr01
davidcr01 committed Sep 10, 2024
1 parent 758dda9 commit 8f3711d
Show file tree
Hide file tree
Showing 4 changed files with 95 additions and 134 deletions.
134 changes: 2 additions & 132 deletions .github/workflows/Test_installation_assistant.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,135 +76,5 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4

- name: View parameters
run: echo "${{ toJson(inputs) }}"

- name: Set COMPOSITE_NAME variable
run: |
case "${{ matrix.system }}" in
"CentOS_7")
SUBNAME="centos-7"
;;
"CentOS_8")
SUBNAME="centos-8"
;;
"AmazonLinux_2")
SUBNAME="amazon-2"
;;
"Ubuntu_16")
SUBNAME="ubuntu-16.04"
;;
"Ubuntu_18")
SUBNAME="ubuntu-18.04"
;;
"Ubuntu_20")
SUBNAME="ubuntu-20.04"
;;
"Ubuntu_22")
SUBNAME="ubuntu-22.04"
;;
"RHEL7")
SUBNAME="redhat-7"
;;
"RHEL8")
SUBNAME="redhat-8"
;;
*)
echo "Invalid SYSTEM selection" >&2
exit 1
;;
esac
COMPOSITE_NAME="${COMPOSITE_NAME/SUBNAME/$SUBNAME}"
echo "COMPOSITE_NAME=$COMPOSITE_NAME" >> $GITHUB_ENV
- name: Install Ansible
run: sudo apt-get update && sudo apt install -y python3 && python3 -m pip install --user ansible-core==2.16

- name: Set up AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
role-session-name: ${{ env.SESSION_NAME }}
aws-region: ${{ env.REGION }}

- name: Checkout wazuh/wazuh-automation repository
uses: actions/checkout@v4
with:
repository: wazuh/wazuh-automation
ref: ${{ inputs.AUTOMATION_REFERENCE }}
token: ${{ secrets.GH_CLONE_TOKEN }}
path: wazuh-automation

- name: Install and set allocator requirements
run: pip3 install -r wazuh-automation/deployability/deps/requirements.txt

- name: Allocate instance test and set SSH variables
id: allocator_instance
run: |
python3 wazuh-automation/deployability/modules/allocation/main.py --action create --provider aws --size large --composite-name ${{ env.COMPOSITE_NAME }} --working-dir $ALLOCATOR_PATH \
--track-output $ALLOCATOR_PATH/track.yml --inventory-output $ALLOCATOR_PATH/inventory.yml --instance-name gha_${{ github.run_id }}_assistant_test \
--label-team devops --label-termination-date 1d
sed 's/: */=/g' $ALLOCATOR_PATH/inventory.yml > $ALLOCATOR_PATH/inventory_mod.yml
sed -i 's/-o StrictHostKeyChecking=no/\"-o StrictHostKeyChecking=no\"/g' $ALLOCATOR_PATH/inventory_mod.yml
source $ALLOCATOR_PATH/inventory_mod.yml
echo "[gha_instance]" > $ALLOCATOR_PATH/inventory
echo "$ansible_host ansible_port=$ansible_port ansible_user=$ansible_user ansible_ssh_private_key_file=$ansible_ssh_private_key_file ansible_ssh_common_args='$ansible_ssh_common_args'" >> $ALLOCATOR_PATH/inventory
- name: Execute provision playbook
run: |
INSTALL_DEPS=true
INSTALL_PYTHON=true
INSTALL_PIP_DEPS=true
ansible-playbook .github/workflows/ansible-playbooks/provision.yml \
-i $ALLOCATOR_PATH/inventory \
-l all \
-e "repository=$REPOSITORY_URL" \
-e "reference=${{ inputs.ASSISTANT_REFERENCE }}" \
-e "tmp_path=$TMP_PATH" \
-e "pkg_repository=$PKG_REPOSITORY" \
-e "install_deps=$INSTALL_DEPS" \
-e "install_python=$INSTALL_PYTHON" \
-e "install_pip_deps=$INSTALL_PIP_DEPS" \
"${{ inputs.VERBOSITY }}"
- name: Execute AIO installation playbook
run: |
ansible-playbook .github/workflows/ansible-playbooks/aio.yml \
-i $ALLOCATOR_PATH/inventory \
-l all \
-e "tmp_path=$TMP_PATH" \
-e "logs_path=$LOGS_PATH" \
-e "test_name=$TEST_NAME" \
"${{ inputs.VERBOSITY }}"
- name: Execute Python test playbook
run: |
TEST_NAME="test_installation_assistant"
ansible-playbook .github/workflows/ansible-playbooks/aio_tests.yml \
-i $ALLOCATOR_PATH/inventory \
-l all \
-e "tmp_path=$TMP_PATH" \
-e "logs_path=$LOGS_PATH" \
-e "test_name=$TEST_NAME" \
"${{ inputs.VERBOSITY }}"
- name: Compress Allocator VM directory
id: compress_allocator_files
if: always() && steps.allocator_instance.outcome == 'success' && inputs.DESTROY == false
run: |
zip -P "${{ secrets.ZIP_ARTIFACTS_PASSWORD }}" -r $ALLOCATOR_PATH.zip $ALLOCATOR_PATH
- name: Upload Allocator VM directory as artifact
if: always() && steps.compress_allocator_files.outcome == 'success' && inputs.DESTROY == false
uses: actions/upload-artifact@v4
with:
name: allocator-instance-${{ matrix.system }}
path: ${{ env.ALLOCATOR_PATH }}.zip

- name: Delete allocated VM
if: always() && steps.allocator_instance.outcome == 'success' && inputs.DESTROY == true
run: python3 wazuh-automation/deployability/modules/allocation/main.py --action delete --track-output $ALLOCATOR_PATH/track.yml

- name: See path
run: "ls -l ${{ github.workspace }}; pwd"
17 changes: 15 additions & 2 deletions .github/workflows/Test_installation_assistant_distributed.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -204,8 +204,21 @@ jobs:
cat $inventory_managers >> $inventory_file
cat $inventory_dashboards >> $inventory_file
cat $inventory_common >> $inventory_file

cat $inventory_file

- name: Execute certificates generation playbook
run: |
TEST_NAME="${{ env.TEST_NAME }}_certificates"
TMP_PATH="${{ github.workspace }}"
ansible-playbook .github/workflows/ansible-playbooks/distributed_generate_certificates.yml \
-i $ALLOCATOR_PATH/inventory \
-e "tmp_path=$TMP_PATH" \
-e "logs_path=$LOGS_PATH" \
-e "test_name=$TEST_NAME" \
-e "pkg_repository=$PKG_REPOSITORY" \
"${{ inputs.VERBOSITY }}"
- name: See files
run: ls -l

- name: Delete allocated VMs
if: always() && steps.allocator_instance.outcome == 'success' && inputs.DESTROY == true
Expand Down
60 changes: 60 additions & 0 deletions .github/workflows/ansible-playbooks/distributed_generate_certificates.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
---
- hosts: localhost
become: true

vars:
test_name: "{{ test_name }}"
test_dir: "/{{ test_name }}"
logs_path: "{{ log_folder }}"
tmp_path: "{{ tmp_path }}"
pkg_repository: "{{ pkg_repository }}"

tasks:
- name: Create log directory
file:
path: "{{ test_dir }}"
state: directory

- name: Create log file
file:
dest: "{{ test_dir }}/{{ test_name }}.log"
state: touch

- name: Create certificates
block:
- name: Rendering wazuh-config file
template:
src: "{{ tmp_path }}/.github/workflows/templates/config.j2"
dest: "{{ tmp_path }}/config.yml"
mode: "664"
force: yes
when: split is not defined

- name: See config.yml content
shell: "cat {{ tmp_path }}/config.yml"

- name: Creating wazuh-install.sh script
shell: "bash {{ tmp_path }}/builder.sh -i -d {{ pkg_repository }}"

- name: Creating Certificates
shell: "bash {{ tmp_path }}/wazuh-install.sh -g -v"
register: certificates_install

- name: Give read permissions to wazuh-install-files.tar
shell: "chmod +r {{ tmp_path }}/wazuh-install-files.tar"

always:
- name: Save output certificate build and creation
blockinfile:
marker: ""
path: "{{ test_dir }}/{{ test_name }}.log"
block: |
{{ certificates_install.stderr }}
--------------------------------
{{ certificates_install.stdout }}
- name: Fetch log
fetch:
src: "{{ test_dir }}/{{ test_name }}.log"
dest: "{{ logs_path }}/"
flat: yes
18 changes: 18 additions & 0 deletions .github/workflows/templates/config.j2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
nodes:
# Wazuh indexer nodes
indexer:
{% for indexer in groups['indexers'] %}
- name: {{ hostvars[indexer]['inventory_hostname'] }}
ip: "{{ hostvars[indexer]['private_ip'] }}"
{% endfor %}
server:
{% for manager in groups['managers'] %}
- name: {{ hostvars[manager]['inventory_hostname'] }}
ip: "{{ hostvars[manager]['private_ip'] }}"
node_type: "{{ hostvars[manager]['manager_type'] }}"
{% endfor %}
dashboard:
{% for dashboard in groups['dashboards'] %}
- name: {{ hostvars[dashboard]['inventory_hostname'] }}
ip: "{{ hostvars[dashboard]['private_ip'] }}"
{% endfor %}

0 comments on commit 8f3711d

Please sign in to comment.