Add Wazuh indexer cluster configuration

2025-11-03 21:43:15 +00:00 · 2022-02-04 17:37:58 -03:00
parent d0476d3f35
commit efed32f997
23 changed files with 484 additions and 416 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,7 +3,7 @@ version: '3.7'

 services:
  wazuh:
-    image: wazuh/wazuh-odfe:4.2.5
+    image: wazuh/wazuh-odfe:4.3.0
    hostname: wazuh-manager
    restart: always
    ports:
@@ -30,7 +30,7 @@ services:
      - filebeat_var:/var/lib/filebeat

  wazuh-indexer:
-    image: wazuh-indexer
+    image: test-indexer
    hostname: node1
    restart: always
    ports:
@@ -39,7 +39,8 @@ services:
      - discovery.type=single-node
      - cluster.name=wazuh-cluster
      - network.host=0.0.0.0
-      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
+      - plugins.security.allow_default_init_securityindex=true
+      - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
      - bootstrap.memory_lock=true
    ulimits:
      memlock:
--- a/generate-indexer-certs.yml
+++ b/generate-indexer-certs.yml
@@ -3,8 +3,8 @@ version: '3'

 services:
  generator:
-    image: certs_creator #wazuh/opendistro-certs-generator:0.1
+    image: wazuh/opendistro-certs-generator:0.1
    hostname: opendistro-certs-generator
    volumes:
-      - ./production_cluster/wazuh_indexer_ssl_certs/certs.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.yml
+      - ./production_cluster/wazuh_indexer_ssl_certs/certs.yml:/usr/src/config/myconf.yml
      - ./production_cluster/wazuh_indexer_ssl_certs/:/usr/src/certs/out/ 
--- a/production-cluster.yml
+++ b/production-cluster.yml
@@ -73,8 +73,9 @@ services:
    ports:
      - "9700:9700"
    environment:
-      - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
+      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
      - "NODE_TYPE=master"
+      - "bootstrap.memory_lock=true"
    ulimits:
      memlock:
        soft: -1
@@ -97,8 +98,9 @@ services:
    hostname: wazuh-indexer-2
    restart: always
    environment:
-      - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
+      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
      - "NODE_TYPE=worker"
+      - "bootstrap.memory_lock=true"
    ulimits:
      memlock:
        soft: -1
@@ -119,8 +121,9 @@ services:
    hostname: wazuh-indexer-3
    restart: always
    environment:
-      - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
+      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
      - "NODE_TYPE=worker"
+      - "bootstrap.memory_lock=true"
    ulimits:
      memlock:
        soft: -1
--- a/production_cluster/kibana_ssl/cert.pem
+++ b/production_cluster/kibana_ssl/cert.pem
@@ -1,21 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIDazCCAlOgAwIBAgIUaIlPP3pCoqvkHYK4/3ATalS/l4MwDQYJKoZIhvcNAQEL
-BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
-GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMjAxMjgxODE1MDRaFw0yMzAx
-MjgxODE1MDRaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
-HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDtxUl6m3HlUPeTIXQu+BVCOiscwtVXTlSaIlOhz/cu
-Py5ptLRMHdO1vTIawPag9Y1bLaLpkPuGSVUIXFhhfvc20OlQ0HaHMVu+zA6B+pV0
-uZTg4HAX7NJhGMh9qv1APtoeTx7wbG48f6+udV2bbay4a/+jQ8wkYeeTcRNSs7cz
-zN30ToPUul/41ekROqvCwl7ss7BF0V/9V2ZgMnwdix7ogEZckYEvDkDccud+cF+f
-CRBABKlueFL5C2+d5AkhQef8BqzjnwsRSlWSRulfcU4G0pkmVG+v59PnGaOuKVs/
-g6zOfvCmb3nKSMmJJs5sJfEN0JD1Xir6nJlEQMukRBKZAgMBAAGjUzBRMB0GA1Ud
-DgQWBBRH3Gak7M/uyi4SvAv8sd3oX3uHADAfBgNVHSMEGDAWgBRH3Gak7M/uyi4S
-vAv8sd3oX3uHADAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBv
-1wBbjz5JSBU9UfJh5IPxTudOTtHQgU1N55M8Qz0cNBpc6dtyL/+xc85UoTKo9BEH
-ZluycPDyFeIjEyvCTLTdJLkRY4gqKGgnI9JtR4nOGLjX2le1o78uL6aayYTHaQVF
-Q/5K7q+JOwDXu4haBupKl43fZSFQhMQOpsKt9+PHymBXSxP35FrLNVG+UQcQNiwT
-2u9Vm0K36TEmTc+eeVPo6L2bTqhWbURSJpsnMXEGssIUVuzHu2iPjsJpf6rW93DD
-ZI41gjPBBuDrOPxuNQ5M9wz5j9Ckv3CHBXwg868qUAklv6tj+7bovbngof67HL4W
-GzUBqvUWcjo4dV/ZkA1Z
-----END CERTIFICATE-----
--- a/production_cluster/kibana_ssl/key.pem
+++ b/production_cluster/kibana_ssl/key.pem
@@ -1,28 +0,0 @@
-----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDtxUl6m3HlUPeT
-IXQu+BVCOiscwtVXTlSaIlOhz/cuPy5ptLRMHdO1vTIawPag9Y1bLaLpkPuGSVUI
-XFhhfvc20OlQ0HaHMVu+zA6B+pV0uZTg4HAX7NJhGMh9qv1APtoeTx7wbG48f6+u
-dV2bbay4a/+jQ8wkYeeTcRNSs7czzN30ToPUul/41ekROqvCwl7ss7BF0V/9V2Zg
-Mnwdix7ogEZckYEvDkDccud+cF+fCRBABKlueFL5C2+d5AkhQef8BqzjnwsRSlWS
-RulfcU4G0pkmVG+v59PnGaOuKVs/g6zOfvCmb3nKSMmJJs5sJfEN0JD1Xir6nJlE
-QMukRBKZAgMBAAECggEANp+sUc6ES/pd5h85YdD8kUprvR/Fg1krdn2MWRA96RH6
-x64L/bCcgpQEfsD15+SBpQDG/IGiRydxsYoFg+B3StCTyU0a7dQZD6wxaQr4auh3
-m3H0TorJiiT3amdt5uSJl4z1vqYqbRuocJvl9V8s3vFwuUFKFNGpMeY4WjePTwbA
-SoVvXHsatA6QPNfIYJXIdWD5DdPMIABWuFThm/hDfq1n57DsKQa3/pvyj4tMqKw9
-K0cgVJWqCFqAlza7WErn9NDvGOZxJqzmgAbjnj9l18VRHp1uzKn0oZBM50zuvykU
-HpEoe+GCktNy8PhDx3w60gxftKgFilgRyHvVNYwAAQKBgQD/IghMwhWTrNlzxj20
-oQ2NwUnPNJjsu0ZklAAp4axekipu3kI5bNyoBBBTg1uJwHnfLOJxmCPuCBzvqcA+
-kr8jUH7DuKAHEdDyt6rGAyAnLHKI9+WRztXJqBwhk/CmHoxM/cT5sdEog3Z8WAes
-sm7IPnI1J/0BevrcmDDwrot2AQKBgQDulCY3lZgpWj9PSKzkwxBYMGwVDKYwin38
-NY4a/jf+PzIXVrZSeLDmSgkNqgvsHCnjrzfI6dC+wG3wjblgM4ocAM3C6eG8Obnp
-Bv+llfDGsndO9VO0oLeycyPkukrVBnG90KL+FEdJleLMb8Zcw8f8xF09lks5gmSX
-ZEfv4mKMmQKBgQC9Csp7lZPHSFwXnNw76tnQH1hBYAev4VPXUpKMddryd/tZCvam
-9jLJi7lNKBe7ihLDes6OvNxik0BdlLoNo05dLFfBThvFIT5hmhW/grFgVV7IfmZs
-E4X1VcsCVkwJyrjKk35QRaFlE4PHvrJxFAVh+mNFX8voPOeEbIBW1f4gAQKBgBK1
-NUX4igT8GajK5xvNG/P+YAtKgaGeyoBDZtBBDPz30aK43vUal6yHM6yJoAO0tagv
-7izoAMFkb3qEcnvTrsnBWmElW9kZobVfIh7G4imChw5++EBatezdUHw4C3Qm3DZp
-LM7Fok1n3m/vd9uAUqdEcpdIuL9atS6V43oxA09JAoGBALO0H5n/jQxfzS1FzAR8
-ywA093adt4v84C8BsVj/nsMk56mqTquWtAuEgur7sWk2sBosb9qKsN0VmWG8h4nk
-aV/nJopx77c8GAWzyiJ5W34mhS0LiTfax8L0FBx79eis+/lXr2bujgNJkGE7JHOu
-zNDYtcVvKModj/du4hXIKExr
-----END PRIVATE KEY-----
--- a/production_cluster/nginx/ssl/cert.pem
+++ b/production_cluster/nginx/ssl/cert.pem
@@ -1,21 +0,0 @@
-----BEGIN CERTIFICATE-----
-MIIDazCCAlOgAwIBAgIUKLi6nm5vryQ/9xCQOJsSZpsxT5MwDQYJKoZIhvcNAQEL
-BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
-GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMjAxMjcxOTQ3MDhaFw0yMzAx
-MjcxOTQ3MDhaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
-HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCbp1+YDLidHAF/7qfVN8kLixNgclux6FNcupmSo7om
-gtS42zAfimDvlukhRTL/keV4yis2WwhLq/CP/FGvPVoSLnqXUx9oyW4X7zCHastq
-dHj62wI+SgcbqTZidTqFdPt4WnJ17UauUuBGLqeDZALwUD2l45aYPPj6N+LjjdBW
-Ag2Q6g3iWJM2uAY3Qu5IHf8yngkGWuFsKYleyGSdRWzSr6OUKsDj0ZljD3fKhWB1
-5+KFL/n9uRoHGrT/1O1FJFxUzX7PCO+6c16NN9tO1BP4dwiP+u8kORiiVoJ7xWlU
-BJd88rfIV1Rds94nBGAl1H9eJMEe0dbdFCQEzhPf0KB3AgMBAAGjUzBRMB0GA1Ud
-DgQWBBTRbzcDxJ1bHGdtqtvYUAGAV1xFGzAfBgNVHSMEGDAWgBTRbzcDxJ1bHGdt
-qtvYUAGAV1xFGzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBr
-uuCdm/zj5BfGD6Dg3V0nPOHeHv4b4UN4husPFRSb0YanZWTHpENfrbhRFknM9Ut1
-k6ces6c0m9UvDJQtIGkXQM57EXe2PYbDhPeP3GWvc1ymQoPoHwPmKtnrd2vTV0ni
-MxAkr2BwX9Az0NrEef0ccAgyYXm+JBnQK4ZxTln4bBkK6+aZ34w9lGUSql33pdk4
-v9wySOffEOkaCFqXH6xZ1P4pJqcydaM75JXMuMg8DteSixARjuI5Ce6cyiki1Yte
-nK8GqZC8lsM/s8ag3dHq0FT9gP0VGonKATqdknGa5bxCo/NolUhcyPgYPiTpz4s9
-w8668jDUM62W84lvKa6P
-----END CERTIFICATE-----
--- a/production_cluster/nginx/ssl/key.pem
+++ b/production_cluster/nginx/ssl/key.pem
@@ -1,28 +0,0 @@
-----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCbp1+YDLidHAF/
-7qfVN8kLixNgclux6FNcupmSo7omgtS42zAfimDvlukhRTL/keV4yis2WwhLq/CP
-/FGvPVoSLnqXUx9oyW4X7zCHastqdHj62wI+SgcbqTZidTqFdPt4WnJ17UauUuBG
-LqeDZALwUD2l45aYPPj6N+LjjdBWAg2Q6g3iWJM2uAY3Qu5IHf8yngkGWuFsKYle
-yGSdRWzSr6OUKsDj0ZljD3fKhWB15+KFL/n9uRoHGrT/1O1FJFxUzX7PCO+6c16N
-N9tO1BP4dwiP+u8kORiiVoJ7xWlUBJd88rfIV1Rds94nBGAl1H9eJMEe0dbdFCQE
-zhPf0KB3AgMBAAECggEAFJRvnjHoYtVmGV0bkaRbj4wm1rSoDQCzrOn7DhlZrmfT
-6lEIrtLj+CmSz1RP5tyKY4sPZZNpqF+mYdMxlaLd+tNsX/+cgoVHaiC04OKs3Hlj
-2X8Fb+jnwa+AwknPn/+UlBgZVCA4HSpV/tGCUmvxu4ZQcFOEAMLnBGZJOF7ysbxE
-9Q08spPjQQgYfScS9pRhKRj8PG+qepifpMAg4GtiT9u70r2DC+IbxmE15MUtA/qM
-vqHhGLaH3LiuEI0sBEvU95mgQAGaScDiJR1uQ7VrRHQJlxYnxoNywe+8cvpi+qjK
-E3NvQpI0NP1/BroDMP2je2FYedWipolR9vNpRK5FyQKBgQDLnI1jqMyl86xMzePi
-G7gp/9IAi+5xwCs4o8THmozi3ktn0ma5hlg2RjP19tdslr39I47L9RMPnis+SYIE
-Qzdol+wV0VhQmBt7yot+EnPgPqz1zxhGmeji+wImGgV+1acBV++YaDYimI8Ux1uG
-Z4faczDrhpAG8TaECr5PCcieFQKBgQDDs/MzI0hVs+xzgLlcTrA7jgZnCVxtAVBa
-NAEN0tJ1AC2lL5nYlcfd0x2ebRmluRCGmS8HfZ/3lTTARTE+HED/Vf2C0svStSwx
-aDEu9zFYgxCI5ZYzwxcubvlpoEUaLS9jJPAiW/rSuImAinA3hDDq92VJwcr4qFu0
-WrB7iMlzWwKBgQCwkEZvmI42jnLoe1ZU2dK+4O87uByCmbEhQaq/qH7psPjUxDh+
-Q0i1b/VZIr+2k5WXMUGADjqEPZWkQtwzVBJ1aeC5Hrulz/FtTLvgDKJdYBxeYELd
-3lN8mUxIvCHt1donqRjFIgFnyMGytBnjGF5PibpvU1YMHxo2MJbNNV+57QKBgQCo
-nly2O/kwNqVNY6TSHs6Dkbx8fLlRBmfIQLSDx5kjzDKH+DqTPYKG40bK4O/PNWRC
-xKubxabV+I4J99QU0t1B40JZvOx3MTjRnRd7gurWe578hOxkzvwjOuTVGI1Rn4sL
-3qC0yhGUDAIVabKEcvZ/DQgNg9cxZkYVYGpdFh+UrwKBgGGb0yr7dBuvzVaJ5fLj
-ITwJr6kqD41JVd0MKpGzIDGubMaGTtdc6N6GjIyNzgJAQ9VDv0l45BUYfjKtNp90
-al8RIfH0xUdPGHT/7JBgyEWZqBF88dC9Kn4JVfKzoaQK89a2RM554MxKuQOKw2Yr
-q6EnyW8xKHg3z06lzZeFF51C
-----END PRIVATE KEY-----
--- a/production_cluster/wazuh-indexer/opensearch-node1.yml
+++ b/production_cluster/wazuh-indexer/opensearch-node1.yml
@@ -1,8 +1,14 @@
 network.host: wazuh-indexer
 node.name: wazuh-indexer
-cluster.initial_master_nodes: wazuh-indexer,wazuh-indexer-2,wazuh-indexer-3
+cluster.initial_master_nodes:
+        - wazuh-indexer
+        - wazuh-indexer-2
+        - wazuh-indexer-3
 cluster.name: "wazuh-cluster"
-discovery.seed_hosts: wazuh-indexer,wazuh-indexer-2,wazuh-indexer-3
+discovery.seed_hosts:
+        - wazuh-indexer
+        - wazuh-indexer-2
+        - wazuh-indexer-3
 http.port: 9700-9799
 transport.tcp.port: 9800-9899
 node.max_local_storage_nodes: "3"
@@ -36,5 +42,7 @@ plugins.security.nodes_dn:
 plugins.security.restapi.roles_enabled:
 - "all_access"
 - "security_rest_api_access"
-plugins.security.system_indices.enabled: true
-plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
+plugins.security.allow_default_init_securityindex: true
+cluster.routing.allocation.disk.threshold_enabled: false
+opendistro_security.audit.config.disabled_rest_categories: NONE
+opendistro_security.audit.config.disabled_transport_categories: NONE
--- a/production_cluster/wazuh-indexer/opensearch-node2
+++ b/production_cluster/wazuh-indexer/opensearch-node2
@@ -1,40 +0,0 @@
-network.host: wazuh-indexer-2
-node.name: wazuh-indexer-2
-cluster.initial_master_nodes: wazuh-indexer,wazuh-indexer-2,wazuh-indexer-3
-cluster.name: "wazuh-cluster"
-discovery.seed_hosts: wazuh-indexer,wazuh-indexer-2,wazuh-indexer-3
-http.port: 9700-9799
-transport.tcp.port: 9800-9899
-node.max_local_storage_nodes: "3"
-path.data: /var/lib/wazuh-indexer
-path.logs: /var/log/wazuh-indexer
-###############################################################################
-#                                                                             #
-#         WARNING: Insecure demo certificates set up in this file.            #
-#                  Please change on production cluster!                       #
-#                                                                             #
-###############################################################################
-plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-2.pem
-plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-2.key
-plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-2.pem
-plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/wazuh-indexer-2.key
-plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
-plugins.security.ssl.http.enabled: true
-plugins.security.ssl.transport.enforce_hostname_verification: false
-plugins.security.ssl.transport.resolve_hostname: false
-plugins.security.audit.type: internal_opensearch
-plugins.security.authcz.admin_dn:
- 'CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-plugins.security.check_snapshot_restore_write_privileges: true
-plugins.security.enable_snapshot_restore_privilege: true
-plugins.security.nodes_dn:
- 'CN=wazuh-indexer,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
- 'CN=wazuh-indexer-2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
- 'CN=wazuh-indexer-3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
- 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
-plugins.security.system_indices.enabled: true
-plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
--- a/production_cluster/wazuh-indexer/opensearch-node2.yml
+++ b/production_cluster/wazuh-indexer/opensearch-node2.yml
@@ -1,8 +1,14 @@
 network.host: wazuh-indexer-2
 node.name: wazuh-indexer-2
-cluster.initial_master_nodes: wazuh-indexer,wazuh-indexer-2,wazuh-indexer-3
+cluster.initial_master_nodes:
+        - wazuh-indexer
+        - wazuh-indexer-2
+        - wazuh-indexer-3
 cluster.name: "wazuh-cluster"
-discovery.seed_hosts: wazuh-indexer,wazuh-indexer-2,wazuh-indexer-3
+discovery.seed_hosts:
+        - wazuh-indexer
+        - wazuh-indexer-2
+        - wazuh-indexer-3
 http.port: 9700-9799
 transport.tcp.port: 9800-9899
 node.max_local_storage_nodes: "3"
@@ -36,5 +42,7 @@ plugins.security.nodes_dn:
 plugins.security.restapi.roles_enabled:
 - "all_access"
 - "security_rest_api_access"
-plugins.security.system_indices.enabled: true
-plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
+plugins.security.allow_default_init_securityindex: true
+cluster.routing.allocation.disk.threshold_enabled: false
+opendistro_security.audit.config.disabled_rest_categories: NONE
+opendistro_security.audit.config.disabled_transport_categories: NONE
--- a/production_cluster/wazuh-indexer/opensearch-node3.yml
+++ b/production_cluster/wazuh-indexer/opensearch-node3.yml
@@ -1,8 +1,14 @@
 network.host: wazuh-indexer-3
 node.name: wazuh-indexer-3
-cluster.initial_master_nodes: wazuh-indexer,wazuh-indexer-2,wazuh-indexer-3
+cluster.initial_master_nodes:
+        - wazuh-indexer
+        - wazuh-indexer-2
+        - wazuh-indexer-3
 cluster.name: "wazuh-cluster"
-discovery.seed_hosts: wazuh-indexer,wazuh-indexer-2,wazuh-indexer-3
+discovery.seed_hosts:
+        - wazuh-indexer
+        - wazuh-indexer-2
+        - wazuh-indexer-3
 http.port: 9700-9799
 transport.tcp.port: 9800-9899
 node.max_local_storage_nodes: "3"
@@ -36,5 +42,7 @@ plugins.security.nodes_dn:
 plugins.security.restapi.roles_enabled:
 - "all_access"
 - "security_rest_api_access"
-plugins.security.system_indices.enabled: true
-plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
+plugins.security.allow_default_init_securityindex: true
+cluster.routing.allocation.disk.threshold_enabled: false
+opendistro_security.audit.config.disabled_rest_categories: NONE
+opendistro_security.audit.config.disabled_transport_categories: NONE
--- a/test-cluster.yml.yml
+++ b/test-cluster.yml.yml
@@ -0,0 +1,209 @@
+# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2)
+version: '3.7'
+
+services:
+  wazuh-master:
+    image: wazuh/wazuh-odfe:4.3.0
+    hostname: wazuh-master
+    restart: always
+    ports:
+      - "1515:1515"
+      - "514:514/udp"
+      - "55000:55000"
+    environment:
+      - ELASTICSEARCH_URL=https://wazuh-indexer:9700
+      - ELASTIC_USERNAME=admin
+      - ELASTIC_PASSWORD=admin
+      - FILEBEAT_SSL_VERIFICATION_MODE=full
+      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
+      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
+      - SSL_KEY=/etc/ssl/filebeat.key
+      - API_USERNAME=acme-user
+      - API_PASSWORD=MyS3cr37P450r.*-
+    volumes:
+      - ossec-api-configuration:/var/ossec/api/configuration
+      - ossec-etc:/var/ossec/etc
+      - ossec-logs:/var/ossec/logs
+      - ossec-queue:/var/ossec/queue
+      - ossec-var-multigroups:/var/ossec/var/multigroups
+      - ossec-integrations:/var/ossec/integrations
+      - ossec-active-response:/var/ossec/active-response/bin
+      - ossec-agentless:/var/ossec/agentless
+      - ossec-wodles:/var/ossec/wodles
+      - filebeat-etc:/etc/filebeat
+      - filebeat-var:/var/lib/filebeat
+      - ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/etc/ssl/root-ca.pem
+      - ./production_cluster/wazuh_indexer_ssl_certs/filebeat.pem:/etc/ssl/filebeat.pem
+      - ./production_cluster/wazuh_indexer_ssl_certs/filebeat.key:/etc/ssl/filebeat.key
+      - ./production_cluster/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
+
+  wazuh-worker:
+    image: wazuh/wazuh-odfe:4.3.0
+    hostname: wazuh-worker
+    restart: always
+    environment:
+      - ELASTICSEARCH_URL=https://wazuh-indexer:9700
+      - ELASTIC_USERNAME=admin
+      - ELASTIC_PASSWORD=admin
+      - FILEBEAT_SSL_VERIFICATION_MODE=full
+      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
+      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
+      - SSL_KEY=/etc/ssl/filebeat.key
+    volumes:
+      - worker-ossec-api-configuration:/var/ossec/api/configuration
+      - worker-ossec-etc:/var/ossec/etc
+      - worker-ossec-logs:/var/ossec/logs
+      - worker-ossec-queue:/var/ossec/queue
+      - worker-ossec-var-multigroups:/var/ossec/var/multigroups
+      - worker-ossec-integrations:/var/ossec/integrations
+      - worker-ossec-active-response:/var/ossec/active-response/bin
+      - worker-ossec-agentless:/var/ossec/agentless
+      - worker-ossec-wodles:/var/ossec/wodles
+      - worker-filebeat-etc:/etc/filebeat
+      - worker-filebeat-var:/var/lib/filebeat
+      - ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/etc/ssl/root-ca.pem
+      - ./production_cluster/wazuh_indexer_ssl_certs/filebeat.pem:/etc/ssl/filebeat.pem
+      - ./production_cluster/wazuh_indexer_ssl_certs/filebeat.key:/etc/ssl/filebeat.key
+      - ./production_cluster/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
+
+  wazuh-indexer:
+    image: test-indexer
+    hostname: wazuh-indexer
+    restart: always
+    ports:
+      - "9700:9700"
+    environment:
+      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      - "bootstrap.memory_lock=true"
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+    volumes:
+      - wazuh-indexer-data-1:/var/lib/wazuh-indexer
+      - ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/etc/wazuh-indexer/certs/root-ca.pem
+      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh-indexer.key:/etc/wazuh-indexer/certs/wazuh-indexer.key
+      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh-indexer.pem:/etc/wazuh-indexer/certs/wazuh-indexer.pem
+      - ./production_cluster/wazuh_indexer_ssl_certs/admin.pem:/etc/wazuh-indexer/certs/admin.pem
+      - ./production_cluster/wazuh_indexer_ssl_certs/admin.key:/etc/wazuh-indexer/certs/admin-key.pem
+      - ./production_cluster/wazuh-indexer/opensearch-node1.yml:/etc/wazuh-indexer/opensearch.yml
+      - ./production_cluster/wazuh-indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml
+
+  wazuh-indexer-2:
+    image: test-indexer
+    hostname: wazuh-indexer-2
+    restart: always
+    environment:
+      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      - "bootstrap.memory_lock=true"
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+    volumes:
+      - wazuh-indexer-data-2:/var/lib/wazuh-indexer
+      - ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/etc/wazuh-indexer/certs/root-ca.pem
+      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh-indexer-2.key:/etc/wazuh-indexer/certs/wazuh-indexer-2.key
+      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh-indexer-2.pem:/etc/wazuh-indexer/certs/wazuh-indexer-2.pem
+      - ./production_cluster/wazuh-indexer/opensearch-node2.yml:/etc/wazuh-indexer/opensearch.yml
+      - ./production_cluster/wazuh-indexer/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
+  
+  wazuh-indexer-3:
+    image: test-indexer
+    hostname: wazuh-indexer-3
+    restart: always
+    environment:
+      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      - "bootstrap.memory_lock=true"
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+    volumes:
+      - wazuh-indexer-data-3:/var/lib/wazuh-indexer
+      - ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/etc/wazuh-indexer/certs/root-ca.pem
+      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh-indexer-3.key:/etc/wazuh-indexer/certs/wazuh-indexer-3.key
+      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh-indexer-3.pem:/etc/wazuh-indexer/certs/wazuh-indexer-3.pem
+      - ./production_cluster/wazuh-indexer/opensearch-node3.yml:/etc/wazuh-indexer/opensearch.yml
+      - ./production_cluster/wazuh-indexer/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
+ 
+  kibana:
+    image: wazuh/wazuh-dashboard:4.3.0
+    hostname: kibana
+    restart: always
+    ports:
+      - 5601:5601
+    environment:
+      - ELASTICSEARCH_USERNAME=admin
+      - ELASTICSEARCH_PASSWORD=admin
+      - SERVER_SSL_ENABLED=true
+      - SERVER_SSL_CERTIFICATE=/etc/wazuh-dashboard/certs/cert.pem
+      - SERVER_SSL_KEY=/etc/wazuh-dashboard/certs/key.pem
+      - WAZUH_API_URL="https://wazuh-master"
+      - API_USERNAME=acme-user
+      - API_PASSWORD=MyS3cr37P450r.*-
+    volumes:
+      - ./production_cluster/wazuh_dashboard_ssl/cert.pem:/etc/wazuh-dashboard/certs/cert.pem
+      - ./production_cluster/wazuh_dashboard_ssl/key.pem:/etc/wazuh-dashboard/certs/key.pem
+
+    depends_on:
+      - wazuh-indexer
+    links:
+      - wazuh-indexer:wazuh-indexer
+      - wazuh-master:wazuh-master
+
+  nginx:
+    image: nginx:stable
+    hostname: nginx
+    restart: always
+    ports:
+      - "80:80"
+      - "443:443"
+      - "1514:1514"
+    depends_on:
+      - wazuh-master
+      - wazuh-worker
+      - kibana
+    links:
+      - wazuh-master:wazuh-master
+      - wazuh-worker:wazuh-worker
+      - kibana:kibana
+    volumes:
+      - ./production_cluster/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+      - ./production_cluster/nginx/ssl:/etc/nginx/ssl:ro
+
+volumes:
+  ossec-api-configuration:
+  ossec-etc:
+  ossec-logs:
+  ossec-queue:
+  ossec-var-multigroups:
+  ossec-integrations:
+  ossec-active-response:
+  ossec-agentless:
+  ossec-wodles:
+  filebeat-etc:
+  filebeat-var:
+  worker-ossec-api-configuration:
+  worker-ossec-etc:
+  worker-ossec-logs:
+  worker-ossec-queue:
+  worker-ossec-var-multigroups:
+  worker-ossec-integrations:
+  worker-ossec-active-response:
+  worker-ossec-agentless:
+  worker-ossec-wodles:
+  worker-filebeat-etc:
+  worker-filebeat-var:
+  wazuh-indexer-data-1:
+  wazuh-indexer-data-2:
+  wazuh-indexer-data-3:
--- a/wazuh-dashboard/config/entrypoint.sh
+++ b/wazuh-dashboard/config/entrypoint.sh
@@ -5,7 +5,7 @@
 # Start Wazuh dashboard
 ##############################################################################

-sed -i 's/<wazuh-indexer-ip>:9700/wazuh-indexer:9700/' /etc/wazuh-dashboard/dashboard.yml
+sed -i 's/localhost:9700/wazuh-indexer:9700/' /etc/wazuh-dashboard/dashboard.yml
 sed -i 's/<wazuh-dashboard-ip>/0.0.0.0/' /etc/wazuh-dashboard/dashboard.yml
 sed -i '/logging.dest:/d' /etc/wazuh-dashboard/dashboard.yml

--- a/wazuh-dashboard/config/entrypoint_prueba.sh
+++ b/wazuh-dashboard/config/entrypoint_prueba.sh
@@ -1,59 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
-
-set -e
-
-##############################################################################
-# Waiting for indexer
-##############################################################################
-
-if [ "x${ELASTICSEARCH_URL}" == "x" ]; then
-  if [[ ${ENABLED_SECURITY} == "false" ]]; then
-    export el_url="http://elasticsearch:9200"
-  else
-    export el_url="https://elasticsearch:9200"
-  fi
-else
-  export el_url="${ELASTICSEARCH_URL}"
-fi
-
-if [[ ${ENABLED_SECURITY} == "false" || "x${ELASTICSEARCH_USERNAME}" == "x" || "x${ELASTICSEARCH_PASSWORD}" == "x" ]]; then
-  auth=""
-  # remove security plugin from kibana if elasticsearch is not using it either
-  /usr/share/kibana/bin/kibana-plugin remove opendistro_security
-else
-  export auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} -k"
-fi
-
-until curl -XGET $el_url ${auth}; do
-  >&2 echo "Elastic is unavailable - sleeping"
-  sleep 5
-done
-
-sleep 2
-
->&2 echo "Elasticsearch is up."
-
-
-##############################################################################
-# Waiting for wazuh alerts template
-##############################################################################
-
-strlen=0
-
-while [[ $strlen -eq 0 ]]
-do
-  template=$(curl ${auth} $el_url/_cat/templates/wazuh -s)
-  strlen=${#template}
-  >&2 echo "Wazuh alerts template not loaded - sleeping."
-  sleep 2
-done
-
-chown wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs/*
-
-sleep 5
-
-./wazuh_app_config.sh
-
-
-while true; do sleep 1000; done
--- a/wazuh-dashboard/config/wazuh-dashboard.yml
+++ b/wazuh-dashboard/config/wazuh-dashboard.yml
@@ -1,14 +0,0 @@
-server.host: 0.0.0.0
-server.port: 443
-opensearch.hosts: https://localhost:9700
-opensearch.ssl.verificationMode: certificate
-opensearch.username: kibanaserver
-opensearch.password: kibanaserver
-opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
-opensearch_security.multitenancy.enabled: false
-opensearch_security.readonly_mode.roles: ["kibana_read_only"]
-server.ssl.enabled: true
-server.ssl.key: "/etc/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
-server.ssl.certificate: "/etc/wazuh-dashboard/certs/wazuh-dashboard.pem"
-opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
-logging.dest: "/var/log/wazuh-dashboard/wazuh-dashboard.log"
--- a/wazuh-indexer/Dockerfile_new
+++ b/wazuh-indexer/Dockerfile_new
@@ -1,8 +1,8 @@
-FROM centos:7 AS builder
+FROM ubuntu:focal AS builder

 ENV tini_bin="tini-amd64"

-RUN yum install initscripts curl -y
+RUN apt-get update -y && apt-get install curl -y

 RUN curl --retry 8 -S -L -O https://github.com/krallin/tini/releases/download/v0.19.0/${tini_bin}
 RUN curl --retry 8 -S -L -O https://github.com/krallin/tini/releases/download/v0.19.0/${tini_bin}.sha256sum
@@ -19,8 +19,10 @@ RUN sha256sum -c ${tini_bin}.sha256sum && \
 #RUN chmod 0775 config config/jvm.options.d data logs
 #COPY config/opensearch.yml config/log4j2.properties config/
 #RUN chmod 0660 config/opensearch.yml config/log4j2.properties
-COPY config/config.sh .
-RUN bash config.sh
+COPY config/unattended_installer.tar.gz /
+COPY config/config2.sh .
+RUN tar -xzvf /unattended_installer.tar.gz
+RUN bash config2.sh

 ################################################################################
 # Build stage 1 (the actual OpenSearch image):
@@ -28,15 +30,48 @@ RUN bash config.sh
 # Copy opensearch from stage 0
 # Add entrypoint
 ################################################################################
-FROM alpine
+FROM ubuntu:focal
+
 ENV USER="wazuh-indexer" \
    GROUP="wazuh-indexer" \
    NAME="wazuh-indexer" \
    INSTALL_DIR="/usr/share/wazuh-indexer"
-RUN addgroup --system --gid 1000 $GROUP && \
-    adduser -u 1000 -G $GROUP -D -h $INSTALL_DIR $USER && \
-    chmod 0775 $INSTALL_DIR
-    #chown -R 1000:0 $INSTALL_DIR
+
+RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
+
+RUN useradd --system \
+            --uid 1000 \
+            --no-create-home \
+            --home-dir $INSTALL_DIR \
+            --gid $GROUP \
+            --shell /sbin/nologin \
+            --comment "$USER user" \
+            $USER
+
 WORKDIR $INSTALL_DIR
-COPY --from=builder --chown=1000:0 /usr/share/wazuh-indexer /usr/share/wazuh-indexer
+
+COPY config/entrypoint_OS.sh /
+
+RUN chmod 700 /entrypoint_OS.sh
+
+COPY --from=builder --chown=1000:1000 /debian/wazuh-indexer/usr/share/wazuh-indexer /usr/share/wazuh-indexer
 COPY --from=builder --chown=0:0 /tini /tini
+COPY --from=builder --chown=0:0 /debian/wazuh-indexer/etc/init.d/wazuh-indexer /etc/init.d/wazuh-indexer
+COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/systemd /usr/lib/systemd
+COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/sysctl.d /usr/lib/sysctl.d
+COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/tmpfiles.d /usr/lib/tmpfiles.d
+COPY --from=builder --chown=1000:10000 /debian/wazuh-indexer/etc/wazuh-indexer /etc/wazuh-indexer
+
+RUN mkdir -p /var/lib/wazuh-indexer && chown 1000:1000 /var/lib/wazuh-indexer && \
+    mkdir -p /usr/share/wazuh-indexer/logs && chown 1000:1000 /usr/share/wazuh-indexer/logs && \
+    mkdir -p /run/wazuh-indexer && chown 1000:1000 /run/wazuh-indexer && \
+    mkdir -p /var/log/wazuh-indexer && chown 1000:1000 /var/log/wazuh-indexer
+
+# Services ports
+EXPOSE 9700
+
+#ENTRYPOINT [ "/entrypoint.sh" ]
+
+ENTRYPOINT ["/tini", "--", "/entrypoint_OS.sh"]
+# Dummy overridable parameter parsed by entrypoint
+CMD ["opensearchwrapper"]
--- a/wazuh-indexer/config/config.sh
+++ b/wazuh-indexer/config/config.sh
@@ -26,44 +26,46 @@ if ! id $USER &> /dev/null; then
 fi

 # Create directories
-mkdir -p ${RPM_BUILD_ROOT}${INSTALL_DIR}
-mkdir -p ${RPM_BUILD_ROOT}/etc
-mkdir -p ${RPM_BUILD_ROOT}${LOG_DIR}
-mkdir -p ${RPM_BUILD_ROOT}${LIB_DIR}
-mkdir -p ${RPM_BUILD_ROOT}${SYS_DIR}
+mkdir -p ${INSTALL_DIR}
+mkdir -p /etc
+mkdir -p ${LOG_DIR}
+mkdir -p ${LIB_DIR}
+mkdir -p ${SYS_DIR}

 # Download required sources
 curl -kOL https://s3.amazonaws.com/warehouse.wazuh.com/stack/indexer/wazuh-indexer-base-linux-x64.tar.gz
 tar -xzf wazuh-indexer-*.tar.gz && rm -f wazuh-indexer-*.tar.gz
 chown -R ${USER}:${GROUP} wazuh-indexer-*/*

-# Copy base files into RPM_BUILD_ROOT directory
-mv wazuh-indexer-*/etc/ ${RPM_BUILD_ROOT}/etc/
-cp -r wazuh-indexer-*${SYS_DIR}/* ${RPM_BUILD_ROOT}${SYS_DIR}/
-rm -rf wazuh-indexer-*/etc
-rm -rf wazuh-indexer-*/usr
-cp -pr wazuh-indexer-*/* ${RPM_BUILD_ROOT}${INSTALL_DIR}/
+# Copy base files into directories
+cp -rf wazuh-indexer-*/etc/wazuh.indexer /etc/
+cp -rf wazuh-indexer-*/etc/init.d/* /etc/init.d/
+cp -rf wazuh-indexer-*/etc/sysconfig/* /etc/sysconfig/
+cp -rf wazuh-indexer-*${SYS_DIR}/* ${SYS_DIR}/
+#rm -rf wazuh-indexer-*/etc
+#rm -rf wazuh-indexer-*/usr
+cp -pr wazuh-indexer-*/* ${INSTALL_DIR}/

 # Download demo certificates
 curl -kOL https://s3.amazonaws.com/warehouse.wazuh.com/stack/demo-certs.tar.gz
 tar xzf demo-certs.tar.gz && rm -f demo-certs.tar.gz
 chown -R ${USER}:${GROUP} certs
-mkdir -p ${RPM_BUILD_ROOT}${CONFIG_DIR}/certs/
-cp certs/admin.pem ${RPM_BUILD_ROOT}${CONFIG_DIR}/certs/
-cp certs/admin-key.pem ${RPM_BUILD_ROOT}${CONFIG_DIR}/certs/
-cp certs/demo-indexer.pem ${RPM_BUILD_ROOT}${CONFIG_DIR}/certs/
-cp certs/demo-indexer-key.pem ${RPM_BUILD_ROOT}${CONFIG_DIR}/certs/
-cp certs/root-ca.pem ${RPM_BUILD_ROOT}${CONFIG_DIR}/certs/
+mkdir -p ${CONFIG_DIR}/certs/
+cp certs/admin.pem ${CONFIG_DIR}/certs/
+cp certs/admin-key.pem ${CONFIG_DIR}/certs/
+cp certs/demo-indexer.pem ${CONFIG_DIR}/certs/
+cp certs/demo-indexer-key.pem ${CONFIG_DIR}/certs/
+cp certs/root-ca.pem ${CONFIG_DIR}/certs/

-#cp ${REPO_DIR}/install_functions/wazuh-cert-tool.sh ${RPM_BUILD_ROOT}${INSTALL_DIR}/plugins/opensearch-security/tools/
-#cp ${REPO_DIR}/install_functions/wazuh-passwords-tool.sh ${RPM_BUILD_ROOT}${INSTALL_DIR}/plugins/opensearch-security/tools/
-#cp ${REPO_DIR}/config/opensearch/certificate/config_aio.yml ${RPM_BUILD_ROOT}${INSTALL_DIR}/plugins/opensearch-security/tools/config.yml
+#cp ${REPO_DIR}/install_functions/wazuh-cert-tool.sh ${INSTALL_DIR}/plugins/opensearch-security/tools/
+#cp ${REPO_DIR}/install_functions/wazuh-passwords-tool.sh ${INSTALL_DIR}/plugins/opensearch-security/tools/
+#cp ${REPO_DIR}/config/opensearch/certificate/config_aio.yml ${INSTALL_DIR}/plugins/opensearch-security/tools/config.yml

-#cp ${REPO_DIR}/config/opensearch/roles/internal_users.yml ${RPM_BUILD_ROOT}${INSTALL_DIR}/plugins/opensearch-security/securityconfig/
-#cp ${REPO_DIR}/config/opensearch/roles/roles.yml ${RPM_BUILD_ROOT}${INSTALL_DIR}/plugins/opensearch-security/securityconfig/
-#cp ${REPO_DIR}/config/opensearch/roles/roles_mapping.yml ${RPM_BUILD_ROOT}${INSTALL_DIR}/plugins/opensearch-security/securityconfig/
+#cp ${REPO_DIR}/config/opensearch/roles/internal_users.yml ${INSTALL_DIR}/plugins/opensearch-security/securityconfig/
+#cp ${REPO_DIR}/config/opensearch/roles/roles.yml ${INSTALL_DIR}/plugins/opensearch-security/securityconfig/
+#cp ${REPO_DIR}/config/opensearch/roles/roles_mapping.yml ${INSTALL_DIR}/plugins/opensearch-security/securityconfig/

-#chmod 0660 "/etc/sysconfig/${NAME}" && chown root:${GROUP} "/etc/sysconfig/${NAME}"
+chmod 0660 "/etc/sysconfig/${NAME}" && chown root:${GROUP} "/etc/sysconfig/${NAME}"
 chmod 400 ${CONFIG_DIR}/certs/admin.pem && chown ${USER}:${GROUP} ${CONFIG_DIR}/certs/admin.pem
 chmod 400 ${CONFIG_DIR}/certs/admin-key.pem && chown ${USER}:${GROUP} ${CONFIG_DIR}/certs/admin-key.pem
 chmod 400 ${CONFIG_DIR}/certs/demo-indexer.pem && chown ${USER}:${GROUP} ${CONFIG_DIR}/certs/demo-indexer.pem
--- a/wazuh-indexer/config/config2.sh
+++ b/wazuh-indexer/config/config2.sh
@@ -0,0 +1,53 @@
+# This has to be exported to make some magic below work.
+export DH_OPTIONS
+
+export NAME=wazuh-indexer
+export TARGET_DIR=${CURDIR}/debian/${NAME}
+
+# Package build options
+export USER=${NAME}
+export GROUP=${NAME}
+export CONFIG_DIR=/etc/${NAME}
+export LOG_DIR=/var/log/${NAME}
+export LIB_DIR=/var/lib/${NAME}
+export PID_DIR=/run/${NAME}
+export INSTALLATION_DIR=/usr/share/${NAME}
+export BASE_DIR=${NAME}-*
+export INDEXER_FILE=wazuh-indexer-base-linux-x64.tar.gz
+export REPO_DIR=/unattended_installer
+
+
+rm -rf ${INSTALLATION_DIR}/
+
+curl -o ${INDEXER_FILE} https://s3.amazonaws.com/warehouse.wazuh.com/indexer/${INDEXER_FILE}
+tar -zvxf ${INDEXER_FILE}
+
+# copy to target
+mkdir -p ${TARGET_DIR}${INSTALLATION_DIR}
+mkdir -p ${TARGET_DIR}${CONFIG_DIR}
+mkdir -p ${TARGET_DIR}${LIB_DIR}
+mkdir -p ${TARGET_DIR}${LOG_DIR}
+mkdir -p ${TARGET_DIR}/etc/init.d
+mkdir -p ${TARGET_DIR}/etc/default
+mkdir -p ${TARGET_DIR}/usr/lib/tmpfiles.d
+mkdir -p ${TARGET_DIR}/usr/lib/sysctl.d
+mkdir -p ${TARGET_DIR}/usr/lib/systemd/system
+# Move configuration files for wazuh-indexer
+mv -f ${BASE_DIR}/etc/init.d/${NAME} ${TARGET_DIR}/etc/init.d/${NAME}
+mv -f ${BASE_DIR}/etc/wazuh-indexer/* ${TARGET_DIR}${CONFIG_DIR}
+mv -f ${BASE_DIR}/etc/sysconfig/${NAME} ${TARGET_DIR}/etc/default/
+mv -f ${BASE_DIR}/usr/lib/tmpfiles.d/* ${TARGET_DIR}/usr/lib/tmpfiles.d/
+mv -f ${BASE_DIR}/usr/lib/sysctl.d/* ${TARGET_DIR}/usr/lib/sysctl.d/
+mv -f ${BASE_DIR}/usr/lib/systemd/system/* ${TARGET_DIR}/usr/lib/systemd/system/
+rm -rf ${BASE_DIR}/etc
+rm -rf ${BASE_DIR}/usr
+# Copy installation files to final location
+cp -pr ${BASE_DIR}/* ${TARGET_DIR}${INSTALLATION_DIR}
+# Copy the security tools
+cp ${REPO_DIR}/install_functions/wazuh-cert-tool.sh ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/
+cp ${REPO_DIR}/install_functions/wazuh-passwords-tool.sh ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/
+cp ${REPO_DIR}/config/opensearch/certificate/config_aio.yml ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/config.yml
+# Copy Wazuh's config files for the security plugin
+cp -pr ${REPO_DIR}/config/opensearch/roles/roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/securityconfig/
+cp -pr ${REPO_DIR}/config/opensearch/roles/roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/securityconfig/
+cp -pr ${REPO_DIR}/config/opensearch/roles/internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/securityconfig/
--- a/wazuh-indexer/config/entrypoint.sh
+++ b/wazuh-indexer/config/entrypoint.sh
@@ -6,16 +6,18 @@
 ##############################################################################

 export USER=wazuh-indexer
-export OPENSEARCH_PATH_CONF=/etc/wazuh-indexer 
 export INSTALLATION_DIR=/usr/share/wazuh-indexer
+export OPENSEARCH_PATH_CONF=/etc/wazuh-indexer 
 export JAVA_HOME=${INSTALLATION_DIR}/jdk
 export FILE=${INSTALLATION_DIR}/start

+sed -i '/path.logs:/d' /etc/wazuh-indexer/opensearch.yml
+
 if [ -f $FILE ] 
  then 
    echo "second or more start"
  else 
-    if [ $NODE_TYPE == "worker" ] 
+    if [ "$NODE_TYPE" == "worker" ]
      then
        echo "node_type start"
        echo $NODE_TYPE
@@ -31,21 +33,18 @@ if [ -f $FILE ]
        echo "node_type start"
        echo $NODE_TYPE
        echo "node_type end"
-        service wazuh-indexer start
-        sleep 5
-        service wazuh-indexer status
-        sleep 55
-        /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig -icl -p 9800 -cd /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -h $HOSTNAME
+        runuser wazuh-indexer --shell="/bin/bash" --command="/usr/share/wazuh-indexer/bin/opensearch -p /run/wazuh-indexer/wazuh-indexer.pid -d"
+        sleep 60
+        bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig -icl -p 9800 -cd /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -h $HOSTNAME
+        tail -100f /usr/share/wazuh-indexer/logs/wazuh-cluster.log
        touch $FILE
    fi  
 fi



-sed -i '/path.logs:/d' /etc/wazuh-indexer/opensearch.yml
+#sed -i '/path.logs:/d' /etc/wazuh-indexer/opensearch.yml

-service wazuh-indexer stop
-service wazuh-indexer start
 #CLK_TK=`getconf CLK_TCK` runuser ${USER} --shell="/bin/bash" --command="${INSTALLATION_DIR}/bin/opensearch"

 if [ -f /var/log/wazuh-indexer/wazuh-cluster.log ]
--- a/wazuh-indexer/config/entrypoint_OS.sh
+++ b/wazuh-indexer/config/entrypoint_OS.sh
@@ -0,0 +1,89 @@
+#!/usr/bin/env bash
+set -e
+
+# Files created by Elasticsearch should always be group writable too
+umask 0002
+
+export USER=wazuh-indexer
+export INSTALLATION_DIR=/usr/share/wazuh-indexer
+export OPENSEARCH_PATH_CONF=/etc/wazuh-indexer
+export JAVA_HOME=${INSTALLATION_DIR}/jdk
+export FILE=${INSTALLATION_DIR}/start
+
+run_as_other_user_if_needed() {
+  if [[ "$(id -u)" == "0" ]]; then
+    # If running as root, drop to specified UID and run command
+    exec chroot --userspec=1000:0 / "${@}"
+  else
+    # Either we are running in Openshift with random uid and are a member of the root group
+    # or with a custom --user
+    exec "${@}"
+  fi
+}
+
+# Allow user specify custom CMD, maybe bin/opensearch itself
+# for example to directly specify `-E` style parameters for opensearch on k8s
+# or simply to run /bin/bash to check the image
+if [[ "$1" != "opensearchwrapper" ]]; then
+  if [[ "$(id -u)" == "0" && $(basename "$1") == "opensearch" ]]; then
+    # centos:7 chroot doesn't have the `--skip-chdir` option and
+    # changes our CWD.
+    # Rewrite CMD args to replace $1 with `opensearch` explicitly,
+    # so that we are backwards compatible with the docs
+    # from the previous Elasticsearch versions<6
+    # and configuration option D:
+    # https://www.elastic.co/guide/en/elasticsearch/reference/5.6/docker.html#_d_override_the_image_8217_s_default_ulink_url_https_docs_docker_com_engine_reference_run_cmd_default_command_or_options_cmd_ulink
+    # Without this, user could specify `opensearch -E x.y=z` but
+    # `bin/opensearch -E x.y=z` would not work.
+    set -- "opensearch" "${@:2}"
+    # Use chroot to switch to UID 1000 / GID 0
+    exec chroot --userspec=1000:0 / "$@"
+  else
+    # User probably wants to run something else, like /bin/bash, with another uid forced (Openshift?)
+    exec "$@"
+  fi
+fi
+
+# Allow environment variables to be set by creating a file with the
+# contents, and setting an environment variable with the suffix _FILE to
+# point to it. This can be used to provide secrets to a container, without
+# the values being specified explicitly when running the container.
+#
+# This is also sourced in opensearch-env, and is only needed here
+# as well because we use ELASTIC_PASSWORD below. Sourcing this script
+# is idempotent.
+source /usr/share/wazuh-indexer/bin/opensearch-env-from-file
+
+if [[ -f bin/opensearch-users ]]; then
+  # Check for the ELASTIC_PASSWORD environment variable to set the
+  # bootstrap password for Security.
+  #
+  # This is only required for the first node in a cluster with Security
+  # enabled, but we have no way of knowing which node we are yet. We'll just
+  # honor the variable if it's present.
+  if [[ -n "$ELASTIC_PASSWORD" ]]; then
+    [[ -f /usr/share/wazuh-indexer/config/opensearch.keystore ]] || (run_as_other_user_if_needed opensearch-keystore create)
+    if ! (run_as_other_user_if_needed opensearch-keystore has-passwd --silent) ; then
+      # keystore is unencrypted
+      if ! (run_as_other_user_if_needed opensearch-keystore list | grep -q '^bootstrap.password$'); then
+        (run_as_other_user_if_needed echo "$ELASTIC_PASSWORD" | opensearch-keystore add -x 'bootstrap.password')
+      fi
+    else
+      # keystore requires password
+      if ! (run_as_other_user_if_needed echo "$KEYSTORE_PASSWORD" \
+          | opensearch-keystore list | grep -q '^bootstrap.password$') ; then
+        COMMANDS="$(printf "%s\n%s" "$KEYSTORE_PASSWORD" "$ELASTIC_PASSWORD")"
+        (run_as_other_user_if_needed echo "$COMMANDS" | opensearch-keystore add -x 'bootstrap.password')
+      fi
+    fi
+  fi
+fi
+
+if [[ "$(id -u)" == "0" ]]; then
+  # If requested and running as root, mutate the ownership of bind-mounts
+  if [[ -n "$TAKE_FILE_OWNERSHIP" ]]; then
+    chown -R 1000:0 /usr/share/wazuh-indexer/{data,logs}
+  fi
+fi
+
+run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD"
--- a/wazuh-indexer/config/entrypoint_odfe.sh
+++ b/wazuh-indexer/config/entrypoint_odfe.sh
@@ -1,103 +0,0 @@
-#!/bin/bash
-set -e
-
-# Files created by OpenDistroForElasticsearch should always be group writable too
-umask 0002
-
-run_as_other_user_if_needed() {
-    if [[ "$(id -u)" == "0" ]]; then
-        # If running as root, drop to specified UID and run command
-        exec chroot --userspec=1000 / "${@}"
-    else
-        # Either we are running in Openshift with random uid and are a member of the root group
-        # or with a custom --user
-        exec "${@}"
-    fi
-}
-
-# Allow user specify custom CMD, maybe bin/elasticsearch itself
-# for example to directly specify `-E` style parameters for elasticsearch on k8s
-# or simply to run /bin/bash to check the image
-if [[ "$1" != "eswrapper" ]]; then
-    if [[ "$(id -u)" == "0" && $(basename "$1") == "elasticsearch" ]]; then
-        # centos:7 chroot doesn't have the `--skip-chdir` option and
-        # changes our CWD.
-        # Rewrite CMD args to replace $1 with `elasticsearch` explicitly,
-        # so that we are backwards compatible with the docs
-        # from the previous Elasticsearch versions<6
-        # and configuration option D:
-        # https://www.elastic.co/guide/en/elasticsearch/reference/5.6/docker.html#_d_override_the_image_8217_s_default_ulink_url_https_docs_docker_com_engine_reference_run_cmd_default_command_or_options_cmd_ulink
-        # Without this, user could specify `elasticsearch -E x.y=z` but
-        # `bin/elasticsearch -E x.y=z` would not work.
-        set -- "elasticsearch" "${@:2}"
-        # Use chroot to switch to UID 1000
-        exec chroot --userspec=1000 / "$@"
-    else
-        # User probably wants to run something else, like /bin/bash, with another uid forced (Openshift?)
-        exec "$@"
-    fi
-fi
-
-# Parse Docker env vars to customize Elasticsearch
-#
-# e.g. Setting the env var cluster.name=testcluster
-#
-# will cause Elasticsearch to be invoked with -Ecluster.name=testcluster
-#
-# see https://www.elastic.co/guide/en/elasticsearch/reference/current/settings.html#_setting_default_settings
-
-declare -a es_opts
-
-while IFS='=' read -r envvar_key envvar_value
-do
-    # Elasticsearch settings need to have at least two dot separated lowercase
-    # words, e.g. `cluster.name`, except for `processors` which we handle
-    # specially
-    if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ || "$envvar_key" == "processors" ]]; then
-        if [[ ! -z $envvar_value ]]; then
-          es_opt="-E${envvar_key}=${envvar_value}"
-          es_opts+=("${es_opt}")
-        fi
-    fi
-done < <(env)
-
-# The virtual file /proc/self/cgroup should list the current cgroup
-# membership. For each hierarchy, you can follow the cgroup path from
-# this file to the cgroup filesystem (usually /sys/fs/cgroup/) and
-# introspect the statistics for the cgroup for the given
-# hierarchy. Alas, Docker breaks this by mounting the container
-# statistics at the root while leaving the cgroup paths as the actual
-# paths. Therefore, Elasticsearch provides a mechanism to override
-# reading the cgroup path from /proc/self/cgroup and instead uses the
-# cgroup path defined the JVM system property
-# es.cgroups.hierarchy.override. Therefore, we set this value here so
-# that cgroup statistics are available for the container this process
-# will run in.
-export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS"
-
-if [[ "$(id -u)" == "0" ]]; then
-    # If requested and running as root, mutate the ownership of bind-mounts
-    if [[ -n "$TAKE_FILE_OWNERSHIP" ]]; then
-        chown -R 1000:0 /usr/share/elasticsearch/{data,logs}
-    fi
-fi
-
-if [[ -d "/usr/share/elasticsearch/plugins/opendistro_security" && "$DISABLE_INSTALL_DEMO_CONFIG" != "true" ]]; then
-    # Install Demo certifactes for Security Plugin and update the elasticsearch.yml
-    # file to use those certificates.
-    /usr/share/elasticsearch/plugins/opendistro_security/tools/install_demo_configuration.sh -y -i -s
-fi
-
-if [[ -d "/usr/share/elasticsearch/plugins/opendistro-performance-analyzer" ]]; then
-    CLK_TCK=`/usr/bin/getconf CLK_TCK`
-    ES_JAVA_OPTS="-Dclk.tck=$CLK_TCK -Djdk.attach.allowAttachSelf=true $ES_JAVA_OPTS"
-    if [[ -d "/usr/share/elasticsearch/performance-analyzer-rca" ]]; then
-        ES_JAVA_OPTS="-Djava.security.policy=file:///usr/share/elasticsearch/performance-analyzer-rca/pa_config/es_security.policy $ES_JAVA_OPTS"
-        /usr/bin/supervisord -c /usr/share/elasticsearch/performance-analyzer-rca/pa_config/supervisord.conf
-    else
-        ES_JAVA_OPTS="-Djava.security.policy=file:///usr/share/elasticsearch/plugins/opendistro-performance-analyzer/pa_config/es_security.policy $ES_JAVA_OPTS"
-        /usr/bin/supervisord -c /usr/share/elasticsearch/plugins/opendistro-performance-analyzer/pa_config/supervisord.conf
-    fi
-fi
-
-run_as_other_user_if_needed /usr/share/elasticsearch/bin/elasticsearch "${es_opts[@]}"
--- a/wazuh-indexer/config/tarball.sh
+++ b/wazuh-indexer/config/tarball.sh
@@ -1,33 +0,0 @@
-export NAME=wazuh-indexer
-export VERSION=4.3.0
-export RELEASE=1
-export USER=$NAME
-export GROUP=$NAME
-export CONFIG_DIR=/etc/$NAME
-export LOG_DIR=/var/log/$NAME
-export LIB_DIR=/var/lib/$NAME
-export SYS_DIR=/usr/lib
-export INSTALL_DIR=/usr/share/$NAME
-export REPO_DIR=/root/unattended_installer
-
-mkdir -p ${INSTALL_DIR}
-mkdir -p /etc
-mkdir -p ${LOG_DIR}
-mkdir -p ${LIB_DIR}
-mkdir -p ${SYS_DIR}
-
-curl -kOL https://artifacts.opensearch.org/releases/bundle/opensearch/1.2.4/opensearch-${1}-linux-x64.tar.gz
-tar zxf opensearch-${1}-linux-x64.tar.gz && rm -f opensearch-${1}.tar.gz
-chown -R ${USER}:${GROUP} opensearch-${1}/*
-mkdir -p /etc/wazuh-indexer && chown -R ${USER}:${GROUP} /etc/wazuh-indexer && cp opensearch-${1}/config/* /etc/wazuh-indexer/
-#etc/init.d directory not found
-#etc/sysconfig directory not found
-#usr directory not found
-cp -pr opensearch-*/LICENSE.txt ${RPM_BUILD_ROOT}${INSTALL_DIR}/
-cp -pr opensearch-*/NOTICE.txt ${RPM_BUILD_ROOT}${INSTALL_DIR}/
-cp -pr opensearch-*/jdk ${RPM_BUILD_ROOT}${INSTALL_DIR}/
-cp -pr opensearch-*/plugins ${RPM_BUILD_ROOT}${INSTALL_DIR}/
-cp -pr opensearch-*/performance-analyzer-rca ${RPM_BUILD_ROOT}${INSTALL_DIR}/
-cp -pr opensearch-*/modules ${RPM_BUILD_ROOT}${INSTALL_DIR}/
-cp -pr opensearch-*/lib ${RPM_BUILD_ROOT}${INSTALL_DIR}/
-cp -pr opensearch-*/bin ${RPM_BUILD_ROOT}${INSTALL_DIR}/
--- a/wazuh-indexer/config/unattended_installer.tar.gz
+++ b/wazuh-indexer/config/unattended_installer.tar.gz