Merge pull request #333 from wazuh/feature-pristine-elastic

Use official ES image without rebuilding
2025-10-23 04:51:57 +00:00 · 2020-06-19 14:56:23 +02:00
parent 18f5f02153 b90fc8053e
commit b886fd6c4d
11 changed files with 28 additions and 356 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -23,21 +23,24 @@ services:
      - ossec_wodles:/var/ossec/wodles
      - filebeat_etc:/etc/filebeat
      - filebeat_var:/var/lib/filebeat
+
  elasticsearch:
-    build: elasticsearch
+    image: docker.elastic.co/elasticsearch/elasticsearch:7.7.1
    hostname: elasticsearch
    restart: always
    ports:
      - "9200:9200"
    environment:
      - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
-      - ELASTIC_CLUSTER=true
-      - CLUSTER_NODE_MASTER=true
-      - CLUSTER_MASTER_NODE_NAME=es01
+      - bootstrap.memory_lock=true
+      - discovery.type=single-node
    ulimits:
      memlock:
        soft: -1
        hard: -1
+    volumes:
+      - ./elastic_conf/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
+
  kibana:
    build: kibana
    hostname: kibana
@@ -47,6 +50,7 @@ services:
    links:
      - elasticsearch:elasticsearch
      - wazuh:wazuh
+
  nginx:
    image: nginx:stable
    hostname: nginx
--- a/elastic_conf/elasticsearch.yml
+++ b/elastic_conf/elasticsearch.yml
@@ -0,0 +1,3 @@
+cluster.name: wazuh-elastic
+network.host: 0.0.0.0
+
--- a/elasticsearch/Dockerfile
+++ b/elasticsearch/Dockerfile
@@ -1,54 +0,0 @@
-# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
-ARG ELASTIC_VERSION=7.6.2
-FROM docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION}
-ARG S3_PLUGIN_URL="https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-s3/repository-s3-${ELASTIC_VERSION}.zip"
-
-ENV ELASTICSEARCH_URL="http://elasticsearch:9200"
-
-ENV ALERTS_SHARDS="1" \
-    ALERTS_REPLICAS="0"
-
-ENV API_USER="foo" \
-    API_PASS="bar"
-
-ENV XPACK_ML="true" 
-
-ENV ENABLE_CONFIGURE_S3="false"
-
-ARG TEMPLATE_VERSION=v3.12.2
-
-# Elasticearch cluster configuration environment variables
-# If ELASTIC_CLUSTER is set to "true" the following variables will be added to the Elasticsearch configuration
-# CLUSTER_INITIAL_MASTER_NODES set to own node by default.
-ENV ELASTIC_CLUSTER="false" \
-    CLUSTER_NAME="wazuh" \
-    CLUSTER_NODE_MASTER="false" \
-    CLUSTER_NODE_DATA="true" \
-    CLUSTER_NODE_INGEST="true" \
-    CLUSTER_NODE_NAME="wazuh-elasticsearch" \
-    CLUSTER_MASTER_NODE_NAME="master-node" \
-    CLUSTER_MEMORY_LOCK="true" \
-    CLUSTER_DISCOVERY_SERVICE="wazuh-elasticsearch" \
-    CLUSTER_NUMBER_OF_MASTERS="2" \
-    CLUSTER_MAX_NODES="1" \
-    CLUSTER_DELAYED_TIMEOUT="1m" \
-    CLUSTER_INITIAL_MASTER_NODES="wazuh-elasticsearch"
-
-COPY config/entrypoint.sh /entrypoint.sh 
-
-RUN chmod 755 /entrypoint.sh
-
-COPY --chown=elasticsearch:elasticsearch ./config/load_settings.sh ./
-
-RUN chmod +x ./load_settings.sh
-
-RUN ${bin/elasticsearch-plugin install --batch S3_PLUGIN_URL}
-
-COPY config/configure_s3.sh ./config/configure_s3.sh
-RUN chmod 755 ./config/configure_s3.sh
-
-COPY --chown=elasticsearch:elasticsearch ./config/config_cluster.sh ./
-RUN chmod +x ./config_cluster.sh
-
-ENTRYPOINT ["/entrypoint.sh"]
-CMD ["elasticsearch"]
--- a/elasticsearch/config/config_cluster.sh
+++ b/elasticsearch/config/config_cluster.sh
@@ -1,57 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
-
-elastic_config_file="/usr/share/elasticsearch/config/elasticsearch.yml"
-
-remove_single_node_conf(){
-  if grep -Fq "discovery.type" $1; then
-    sed -i '/discovery.type\: /d' $1 
-  fi
-}
-
-remove_cluster_config(){
-  sed -i '/# cluster node/,/# end cluster config/d' $1
-}
-
-# If Elasticsearch cluster is enabled, then set up the elasticsearch.yml
-if [[ $ELASTIC_CLUSTER == "true" && $CLUSTER_NODE_MASTER != "" && $CLUSTER_NODE_DATA != "" && $CLUSTER_NODE_INGEST != "" && $CLUSTER_MASTER_NODE_NAME != "" ]]; then
-  # Remove the old configuration
-  remove_single_node_conf $elastic_config_file
-  remove_cluster_config $elastic_config_file
-
-if [[ $CLUSTER_NODE_MASTER == "true" ]]; then
-# Add the master configuration
-# cluster.initial_master_nodes for bootstrap the cluster
-cat > $elastic_config_file << EOF
-# cluster node
-network.host: 0.0.0.0
-node.name: $CLUSTER_MASTER_NODE_NAME
-node.master: $CLUSTER_NODE_MASTER
-cluster.initial_master_nodes: 
-  - $CLUSTER_MASTER_NODE_NAME
-# end cluster config" 
-EOF
-
-elif [[ $CLUSTER_NODE_NAME != "" ]];then
-# Remove the old configuration
-remove_single_node_conf $elastic_config_file
-remove_cluster_config $elastic_config_file
-
-cat > $elastic_config_file << EOF
-# cluster node
-network.host: 0.0.0.0
-node.name: $CLUSTER_NODE_NAME
-node.master: false
-discovery.seed_hosts: 
-  - $CLUSTER_MASTER_NODE_NAME
-  - $CLUSTER_NODE_NAME
-# end cluster config" 
-EOF
-fi
-# If the cluster is disabled, then set a single-node configuration
-else
-  # Remove the old configuration
-  remove_single_node_conf $elastic_config_file
-  remove_cluster_config $elastic_config_file
-  echo "discovery.type: single-node" >> $elastic_config_file
-fi
--- a/elasticsearch/config/configure_s3.sh
+++ b/elasticsearch/config/configure_s3.sh
@@ -1,77 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
-
-set -e
-
-# Check number of arguments passed to configure_s3.sh. If it is different from 4 or 5, the process will finish with error.
-# param 1: number of arguments passed to configure_s3.sh
-
-function CheckArgs()
-{
-    if [ $1 != 4 ] && [ $1 != 5 ];then
-        echo "Use: configure_s3.sh <Elastic_Server_IP:Port> <Bucket> <Path> <RepositoryName> (By default <current_elasticsearch_major_version> is added to the path and the repository name)"
-        echo "or use: configure_s3.sh <Elastic_Server_IP:Port> <Bucket> <Path> <RepositoryName> <Elasticsearch major version>" 
-        exit 1
-
-    fi
-}
-
-# Create S3 repository from base_path <path>/<elasticsearch_major_version> (if there is no <Elasticsearch major version> argument, current version is added)
-# Repository name would be <RepositoryName>-<elasticsearch_major_version> (if there is no <Elasticsearch major version> argument, current version is added)
-# param 1: <Elastic_Server_IP:Port>
-# param 2: <Bucket>
-# param 3: <Path>
-# param 4: <RepositoryName>
-# param 5: Optional <Elasticsearch major version>
-# output: It will show "acknowledged" if the repository has been successfully created
-
-function CreateRepo()
-{
-
-    elastic_ip_port="$2"
-    bucket_name="$3"
-    path="$4"
-    repository_name="$5"
-
-    if [ $1 == 5 ];then
-        version="$6"
-    else
-        version=`curl -s $elastic_ip_port | grep number | cut -d"\"" -f4 | cut -c1`
-    fi
-
-    if ! [[ "$version" =~ ^[0-9]+$ ]];then
-        echo "Elasticsearch major version must be an integer"
-        exit 1
-    fi
-
-    repository="$repository_name-$version"
-    s3_path="$path/$version"
-
-    curl -X PUT "$elastic_ip_port/_snapshot/$repository" -H 'Content-Type: application/json' -d'
-        {
-            "type": "s3",
-            "settings": {
-            "bucket": "'$bucket_name'",
-            "base_path": "'$s3_path'"
-        }
-    }
-    '
-
-}
-
-# Run functions CheckArgs and CreateRepo
-# param 1: number of arguments passed to configure_s3.sh
-# param 2: <Elastic_Server_IP:Port>
-# param 3: <Bucket>
-# param 4: <Path>
-# param 5: <RepositoryName>
-# param 6: Optional <Elasticsearch major version>
-
-function Main()
-{
-    CheckArgs $1
-
-    CreateRepo $1 $2 $3 $4 $5 $6
-}
-
-Main $# $1 $2 $3 $4 $5
--- a/elasticsearch/config/entrypoint.sh
+++ b/elasticsearch/config/entrypoint.sh
@@ -1,52 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
-
-# For more information https://github.com/elastic/elasticsearch-docker/blob/6.8.0/build/elasticsearch/bin/docker-entrypoint.sh
-
-set -e
-
-# Files created by Elasticsearch should always be group writable too
-umask 0002
-
-run_as_other_user_if_needed() {
-  if [[ "$(id -u)" == "0" ]]; then
-    # If running as root, drop to specified UID and run command
-    exec chroot --userspec=1000 / "${@}"
-  else
-    # Either we are running in Openshift with random uid and are a member of the root group
-    # or with a custom --user
-    exec "${@}"
-  fi
-}
-
-
-#Disabling xpack features
-
-elasticsearch_config_file="/usr/share/elasticsearch/config/elasticsearch.yml"
-if grep -Fq  "#xpack features" "$elasticsearch_config_file";
-then 
-  declare -A CONFIG_MAP=(
-  [xpack.ml.enabled]=$XPACK_ML
-  )
-  for i in "${!CONFIG_MAP[@]}"
-  do
-    if [ "${CONFIG_MAP[$i]}" != "" ]; then
-      sed -i 's/.'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $elasticsearch_config_file
-    fi
-  done
-else
-  echo "
-#xpack features
-xpack.ml.enabled: $XPACK_ML
- " >> $elasticsearch_config_file
-fi
-
-# Run load settings script.
-
-./config_cluster.sh
-
-./load_settings.sh &
-
-# Execute elasticsearch
-
-run_as_other_user_if_needed /usr/share/elasticsearch/bin/elasticsearch 
--- a/elasticsearch/config/load_settings.sh
+++ b/elasticsearch/config/load_settings.sh
@@ -1,103 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
-
-set -e
-
-el_url=${ELASTICSEARCH_URL}
-
-if [ "x${WAZUH_API_URL}" = "x" ]; then
-  wazuh_url="https://wazuh"
-else
-  wazuh_url="${WAZUH_API_URL}"
-fi
-
-if [[ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]]; then
-  auth=""
-else
-  auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
-fi
-
-until curl ${auth} -XGET $el_url; do
-  >&2 echo "Elastic is unavailable - sleeping"
-  sleep 5
-done
-
->&2 echo "Elastic is up - executing command"
-
-if [ $ENABLE_CONFIGURE_S3 ]; then
-  #Wait for Elasticsearch to be ready to create the repository
-  sleep 10
-  IP_PORT="${ELASTICSEARCH_IP}:${ELASTICSEARCH_PORT}"
-
-  if [ "x$S3_PATH" != "x" ]; then 
-
-    if [ "x$S3_ELASTIC_MAJOR" != "x" ]; then 
-      ./config/configure_s3.sh $IP_PORT $S3_BUCKET_NAME $S3_PATH $S3_REPOSITORY_NAME $S3_ELASTIC_MAJOR 
-
-    else
-      ./config/configure_s3.sh $IP_PORT $S3_BUCKET_NAME $S3_PATH $S3_REPOSITORY_NAME 
-
-    fi
-
-  fi
-
-fi
-
-#Insert default templates
-
-API_PASS_Q=`echo "$API_PASS" | tr -d '"'`
-API_USER_Q=`echo "$API_USER" | tr -d '"'`
-API_PASSWORD=`echo -n $API_PASS_Q | base64`
-
-echo "Setting API credentials into Wazuh APP"
-CONFIG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/_doc/1513629884013 ${auth})
-
-if [ "x$CONFIG_CODE" != "x200" ]; then
-  curl -s -XPOST $el_url/.wazuh/_doc/1513629884013 ${auth} -H 'Content-Type: application/json' -d'
-  {
-    "api_user": "'"$API_USER_Q"'",
-    "api_password": "'"$API_PASSWORD"'",
-    "url": "'"$wazuh_url"'",
-    "api_port": "55000",
-    "insecure": "true",
-    "component": "API",
-    "cluster_info": {
-      "manager": "wazuh-manager",
-      "cluster": "Disabled",
-      "status": "disabled"
-    },
-    "extensions": {
-      "oscap": true,
-      "audit": true,
-      "pci": true,
-      "aws": true,
-      "virustotal": true,
-      "gdpr": true,
-      "ciscat": true
-    }
-  }
-  ' > /dev/null
-else
-  echo "Wazuh APP already configured"
-fi
-sleep 5
-
-curl -XPUT "$el_url/_cluster/settings" ${auth} -H 'Content-Type: application/json' -d'
-{
-  "persistent": {
-    "xpack.monitoring.collection.enabled": true
-  }
-}
-'
-
-# Set cluster delayed timeout when node falls
-curl -X PUT "$el_url/_all/_settings" -H 'Content-Type: application/json' -d'
-{
-  "settings": {
-    "index.unassigned.node_left.delayed_timeout": "'"$CLUSTER_DELAYED_TIMEOUT"'"
-  }
-}
-'
-
-
-echo "Elasticsearch is ready."
--- a/kibana/Dockerfile
+++ b/kibana/Dockerfile
@@ -1,8 +1,8 @@
 # Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
-FROM docker.elastic.co/kibana/kibana:7.6.2
+FROM docker.elastic.co/kibana/kibana:7.7.1
 USER kibana
-ARG ELASTIC_VERSION=7.6.2
-ARG WAZUH_VERSION=3.12.2
+ARG ELASTIC_VERSION=7.7.1
+ARG WAZUH_VERSION=3.12.3
 ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"

 WORKDIR /usr/share/kibana
--- a/kibana/config/kibana_settings.sh
+++ b/kibana/config/kibana_settings.sh
@@ -44,7 +44,12 @@ else
  kibana_ip="kibana"
 fi

-while [[ "$(curl -XGET -I  -s -o /dev/null -w ''%{http_code}'' $kibana_ip:5601/status)" != "200" ]]; do
+# Add auth headers if required
+if [ "$ELASTICSEARCH_USERNAME" != "" ] && [ "$ELASTICSEARCH_PASSWORD" != "" ]; then
+    curl_auth="-u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD"
+fi
+
+while [[ "$(curl $curl_auth -XGET -I  -s -o /dev/null -w ''%{http_code}'' $kibana_ip:5601/status)" != "200" ]]; do
  echo "Waiting for Kibana API. Sleeping 5 seconds"
  sleep 5
 done
--- a/kibana/config/wazuh_app_config.sh
+++ b/kibana/config/wazuh_app_config.sh
@@ -6,7 +6,9 @@ wazuh_port="${API_PORT:-55000}"
 api_user="${API_USER:-foo}"
 api_password="${API_PASS:-bar}"

-kibana_config_file="/usr/share/kibana/plugins/wazuh/wazuh.yml"
+kibana_config_file="/usr/share/kibana/optimize/wazuh/config/wazuh.yml"
+mkdir -p /usr/share/kibana/optimize/wazuh/config/
+touch $kibana_config_file

 declare -A CONFIG_MAP=(
  [pattern]=$PATTERN
@@ -53,7 +55,8 @@ grep -q 1513629884013 $kibana_config_file
 _config_exists=$?

 if [[ "x$CONFIG_CODE" != "x200" && $_config_exists -ne 0 ]]; then
-cat << EOF >> $kibana_config_file 
+cat << EOF > $kibana_config_file
+hosts:
  - 1513629884013:
      url: $wazuh_url
      port: $wazuh_port
--- a/wazuh/Dockerfile
+++ b/wazuh/Dockerfile
@@ -1,9 +1,9 @@
 # Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 FROM centos:7

-ARG FILEBEAT_VERSION=7.6.2
-ARG WAZUH_VERSION=3.12.2-1
-ARG TEMPLATE_VERSION="v3.12.2"
+ARG FILEBEAT_VERSION=7.7.1
+ARG WAZUH_VERSION=3.12.3-1
+ARG TEMPLATE_VERSION="v3.12.3"
 ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz"

 ENV API_USER="foo" \