latests changes to the workflow

wazuh · Jan 20, 2025 · 17410b0 · 17410b0
1 parent 704a5e8
commit 17410b0
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 81 deletions.
diff --git a/.github/workflows/ansible_playbooks/ova_generator.yaml b/.github/workflows/ansible_playbooks/ova_generator.yaml
@@ -100,7 +100,7 @@
         chdir: "/tmp/wazuh-virtual-machines/ova/workflow_scripts"
 
     - name: Execute Python script in the VM
-      shell: "vagrant ssh -c 'python3 /tmp/ova_directory/ova_configurer.py --wia_branch {{ wia_branch }} --repository {{ repository }} --debug {{ debug}}'"
+      shell: "vagrant ssh -c 'sudo python3 /tmp/ova_directory/ova_configurer.py --wia_branch {{ wia_branch }} --repository {{ repository }} --debug {{ debug}}'"
       args:
         chdir: "/tmp/wazuh-virtual-machines/ova/workflow_scripts"
 
@@ -120,74 +120,3 @@
 
     - name: Export the VM to OVA
       shell: "vboxmanage export ova_base --output /home/ec2-user/{{ filename_ova }}"
-
-    # Migrate everything below to the Python script
-
-    - name: Set custom hostname
-      command: "hostnamectl set-hostname wazuh-server"
-
-    - name: Build Wazuh installation assistant script
-      command: "bash /tmp/{{ wia_scripts }}/builder.sh {{ builder_args }}"
-
-    - name: Copy Wazuh installation assistant script to tmp dir
-      command: "cp /tmp/{{ wia_scripts }}/wazuh-install.sh /tmp/wazuh-install.sh"
-
-    - name: Run provision script
-      command: "bash provision.sh {{ repository }} {{ debug }}"
-      args:
-        chdir: "{{ ova_path }}/ova"
-      async: 3600
-      poll: 10
-
-    - name: Clean provision files
-      file:
-        path: /var/provision/
-        state: absent
-
-    - name: Clean Wazuh installation assistant resources
-      file:
-        path: /tmp/{{ wia_scripts }}
-        state: absent
-
-    - name: Clean Wazuh installation assistant script
-      file:
-        path: /tmp/wazuh-install.sh
-        state: absent
-
-    - name: Clean Wazuh installation assistant files
-      file:
-        path: /tmp/wazuh-install-files.tar
-        state: absent
-
-    - name: Clean logs
-      shell: |
-        find /var/log/ -type f -exec bash -c 'cat /dev/null > {}' \;
-        find /var/ossec/logs -type f -execdir sh -c 'cat /dev/null > "$1"' _ {} \;
-        find /var/log/wazuh-indexer -type f -execdir sh -c 'cat /dev/null > "$1"' _ {} \;
-        find /var/log/filebeat -type f -execdir sh -c 'cat /dev/null > "$1"' _ {} \;
-        rm -rf /var/log/wazuh-install.log
-
-    - name: Clean history
-      shell: cat /dev/null > ~/.bash_history && history -c
-
-    - name: Clean YUM cache
-      shell: |
-        yum clean all
-        rm -rf /var/cache/yum/*
-
-    - name: Remove AuthorizedKeysCommand from sshd_config
-      lineinfile:
-        path: /etc/ssh/sshd_config
-        regexp: '^#?AuthorizedKeysCommand.*'
-        state: absent
-
-    - name: Remove AuthorizedKeysCommandUser from sshd_config
-      lineinfile:
-        path: /etc/ssh/sshd_config
-        regexp: '^#?AuthorizedKeysCommandUser.*'
-        state: absent
-
-    - name: Restart SSH service
-      service:
-        name: sshd
-        state: restarted
diff --git a/.github/workflows/builder_OVA.yaml b/.github/workflows/builder_OVA.yaml
@@ -215,6 +215,6 @@ jobs:
           s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_PATH }}/${{ env.FILENAME_SHA }}"
           echo "S3 sha512 OVA URI: ${s3uri}"
 
-      - name: Delete allocated VM
-        if: always() && steps.alloc_vm_ami.outcome == 'success' && inputs.destroy == true
-        run: python3 wazuh-automation/deployability/modules/allocation/main.py --action delete --track-output ${{ env.ALLOCATOR_PATH }}/track.yml
+      # - name: Delete allocated VM
+        # if: always() && steps.alloc_vm == 'success' && inputs.destroy == true
+        # run: python3 wazuh-automation/deployability/modules/allocation/main.py --action delete --track-output ${{ env.ALLOCATOR_PATH }}/track.yml
diff --git a/ova/workflow_assets/ova_configurer.py b/ova/workflow_assets/ova_configurer.py
@@ -11,12 +11,9 @@ def set_hostname():
 
 def install_git():
     """"
-    Installs git if it's not installed
+    Installs git
     """
-    try:
-        subprocess.run("git --version", shell=True, check=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
-    except subprocess.CalledProcessError:
-        subprocess.run("sudo yum install git -y", shell=True, check=True)
+    subprocess.run("sudo yum install git -y", shell=True, check=True)
 
 def clone_repositories():
     """
@@ -51,10 +48,68 @@ def build_wazuh_install(repo_path, wia_branch):
 def run_provision_script(repository, debug):
     """
     Runs the provision.sh script
+    
+    Args:
+        repository (str): Production or development repository
+        debug (str): Debug mode
     """
     os.chdir("/home/ec2-user/wazuh-virtual-machines/ova")
     subprocess.run(f"sudo bash provision.sh {repository} {debug}", shell=True, check=True)
+
+
+def create_network_config():
+    """
+    Creates the network configuration file and restarts the systemd-networkd service
+    """
+    config_content = """[Match]
+Name=eth1
+[Network]
+DHCP=ipv4
+"""
+
+    config_path = "/etc/systemd/network/20-eth1.network"
+
+    with open(config_path, "w") as config_file:
+        config_file.write(config_content)
+        subprocess.run("sudo systemctl restart systemd-networkd", shell=True, check=True)
+
+
+def clean():
+    """
+    Cleans the VM after the installation
+    """
+
+    os.remove("/tmp/wazuh-install.sh")
+
+    subprocess.run("sudo rm -rf /home/ec2-user/wazuh-virtual-machines /home/ec2-user/wazuh-installation-assistant", shell=True, check=True)
+
+    log_clean_commands = [
+        "find /var/log/ -type f -exec bash -c 'cat /dev/null > {}' \\;",
+        "find /var/ossec/logs -type f -execdir sh -c 'cat /dev/null > \"$1\"' _ {} \\;",
+        "find /var/log/wazuh-indexer -type f -execdir sh -c 'cat /dev/null > \"$1\"' _ {} \;",
+        "find /var/log/filebeat -type f -execdir sh -c 'cat /dev/null > \"$1\"' _ {} \;",
+        "rm -rf /var/log/wazuh-install.log"
+    ]
+    for command in log_clean_commands:
+        subprocess.run(command, shell=True, check=True)
 
+    subprocess.run("cat /dev/null > ~/.bash_history && history -c", shell=True, check=True)
+
+    yum_clean_commands = [
+        "sudo yum clean all",
+        "sudo rm -rf /var/cache/yum/*"
+    ]
+    for command in yum_clean_commands:
+        subprocess.run(command, shell=True, check=True)
+
+    sshd_config_changes = [
+        (r'^#?AuthorizedKeysCommand.*', ''),
+        (r'^#?AuthorizedKeysCommandUser.*', ''),
+    ]
+    for pattern, replacement in sshd_config_changes:
+        subprocess.run(f"sudo sed -i '/{pattern}/d' /etc/ssh/sshd_config", shell=True, check=True)
+    subprocess.run("sudo systemctl restart sshd", shell=True, check=True)
+
 
 def main():
     """
@@ -71,7 +126,8 @@ def main():
     clone_repositories()
     build_wazuh_install("/home/ec2-user/wazuh-installation-assistant", args.wia_branch)
     run_provision_script(args.repository, args.debug)
-
+    create_network_config()
+    clean()
 
 if __name__ == "__main__":
     main()