Merge branch 'feature-lint-kibana'

wazuh · Dec 9, 2020 · 44d5cf2 · 44d5cf2
2 parents 506e7d0 + c2413b0
commit 44d5cf2
Show file tree

Hide file tree

Showing 2 changed files with 73 additions and 30 deletions.
diff --git a/lib/facter/kibana_plugin_wazuh.rb b/lib/facter/kibana_plugin_wazuh.rb
@@ -0,0 +1,17 @@
+require 'json'
+require 'puppet'
+require 'puppet/util/execution'
+
+
+Facter.add('kibana_plugin_wazuh') do
+  setcode do
+    # move this to hiera
+    wazuh_package_path = '/usr/share/kibana/plugins/wazuh/package.json'
+
+    if File.exist?(wazuh_package_path)
+      f = File.read(wazuh_package_path)
+      kibana_plugin_wazuh = JSON.parse(f)
+      kibana_plugin_wazuh
+    end
+  end
+end
diff --git a/manifests/kibana.pp b/manifests/kibana.pp
@@ -4,39 +4,61 @@
   $kibana_package = 'kibana',
   $kibana_service = 'kibana',
   $kibana_version = '7.9.3',
-  $kibana_app_version = '4.0.3_7.9.3',
+  $kibana_wazuh_version = '4.0.3',
   $kibana_elasticsearch_ip = 'localhost',
   $kibana_elasticsearch_port = '9200',
 
   $kibana_server_port = '5601',
   $kibana_server_host = '0.0.0.0',
   $kibana_elasticsearch_server_hosts ="http://${kibana_elasticsearch_ip}:${kibana_elasticsearch_port}",
+
+  # app variables
+  $kibana_app_url = "https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana-${kibana_app_version}-1.zip",
+  $kibana_app_version = "${kibana_wazuh_version}_${$kibana_version}",
+  $kibana_app_reinstall = false,
+  $kibana_app_node_options = '--no-warnings --max-old-space-size=2048 --max-http-header-size=65536',
+
+  # user/group kibana processes run as
+  $kibana_user = 'kibana',
+  $kibana_group = 'kibana',
+
   $kibana_wazuh_api_credentials = [ {
                                       'id'       => 'default',
                                       'url'      => 'http://localhost',
                                       'port'     => '55000',
-                                      'username'     => 'wazuh',
+                                      'user'     => 'wazuh',
                                       'password' => 'wazuh',
                                     },
-                                  ]
+                                  ],
+
+  # kibana paths
+  $kibana_path_home = '/usr/share/kibana',
+  $kibana_path_config = '/etc/kibana',
 ) {
 
   # install package
-  package { 'Installing Kibana...':
+  package { $kibana_package:
     ensure => $kibana_version,
     name   => $kibana_package,
   }
 
+  file { ["${kibana_path_home}/optimize", "${kibana_path_home}/plugins"]:
+    recurse => true,
+    owner   => $kibana_user,
+    group   => $kibana_group,
+    require => Package[$kibana_package],
+  }
+
   file { 'Configure kibana.yml':
-    owner   => 'kibana',
-    path    => '/etc/kibana/kibana.yml',
-    group   => 'kibana',
+    path    => "${kibana_path_config}/kibana.yml",
+    owner   => $kibana_user,
+    group   => $kibana_group,
     mode    => '0644',
     notify  => Service[$kibana_service],
     content => template('wazuh/kibana_yml.erb'),
   }
 
-  service { 'kibana':
+  service { $kibana_service:
     ensure     => running,
     enable     => true,
     hasrestart => true,
@@ -49,40 +71,44 @@
     try_sleep => 3,
   }
 
-  file {'Removing old Wazuh Kibana Plugin...':
-    ensure  => absent,
-    path    => '/usr/share/kibana/plugins/wazuh',
-    recurse => true,
-    purge   => true,
-    force   => true,
-    notify  => Service[$kibana_service]
-  }
-
-  exec {'Installing Wazuh App...':
-    path    => '/usr/bin',
-    command => "sudo -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-${kibana_app_version}.zip",
-    creates => '/usr/share/kibana/plugins/wazuh/package.json',
-    notify  => Service[$kibana_service],
+  exec {'kibana-plugin install':
+    path        => '/usr/bin',
+    command     => "sudo -u ${kibana_user} ${kibana_path_home}/bin/kibana-plugin install \"${kibana_app_url}\"",
+    environment => ["NODE_OPTIONS=\"${kibana_app_node_options}\""],
+    creates     => "${kibana_path_home}/plugins/wazuh/package.json",
+    notify      => Service[$kibana_service],
+    require     => File["${kibana_path_home}/optimize"],
   }
 
   exec {'Removing .wazuh index...':
     path    => '/usr/bin',
     command => "curl -s -XDELETE -sL -I 'http://${kibana_elasticsearch_ip}:${kibana_elasticsearch_port}/.wazuh' -o /dev/null",
+    onlyif  => "curl -s -XGET -sLf -I 'http://${kibana_elasticsearch_ip}:${kibana_elasticsearch_port}/.wazuh' -o /dev/null",
     notify  => Service[$kibana_service],
   }
 
-  file { '/usr/share/kibana/plugins/wazuh/wazuh.yml':
-    owner   => 'kibana',
-    group   => 'kibana',
+  file { "${kibana_path_home}/plugins/wazuh/wazuh.yml":
+    owner   => $kibana_user,
+    group   => $kibana_group,
     mode    => '0644',
     content => template('wazuh/wazuh_yml.erb'),
-    notify  => Service[$kibana_service]
+    notify  => Service[$kibana_service],
+    require => Exec['kibana-plugin install'],
   }
-  exec { 'Verify Kibana folders owner':
-    path    => '/usr/bin:/bin',
-    command => "chown -R kibana:kibana /usr/share/kibana/optimize\
-             && chown -R kibana:kibana /usr/share/kibana/plugins",
 
+
+  if ($facts['kibana_plugin_wazuh'] != undef and
+      $facts['kibana_plugin_wazuh']['version'] != $kibana_wazuh_version) or ($kibana_app_reinstall == true) {
+
+    file {'Removing old Wazuh Kibana Plugin...':
+      ensure  => absent,
+      path    => "${kibana_path_home}/plugins/wazuh",
+      recurse => true,
+      purge   => true,
+      force   => true,
+      notify  => Service[$kibana_service],
+      before  => Exec['kibana-plugin install'],
+    }
   }
 
 }