Merge pull request #586 from wazuh/new-packages-release-dashboard

Wazuh dashboard image updates
2025-10-23 16:14:15 +00:00 · 2022-03-17 17:07:18 +01:00
parent aed910737d f0fd00bd7f
commit 6ed22a1323
5 changed files with 53 additions and 33 deletions
--- a/production-cluster.yml
+++ b/production-cluster.yml
@@ -146,10 +146,10 @@ services:
      - API_USERNAME=acme-user
      - API_PASSWORD=MyS3cr37P450r.*-
    volumes:
-      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/etc/wazuh-dashboard/certs/wazuh-dashboard.pem
-      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/etc/wazuh-dashboard/certs/wazuh-dashboard-key.pem
-      - ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/etc/wazuh-dashboard/certs/root-ca.pem
-      - ./production_cluster/wazuh_dashboard/opensearch_dashboards.yml:/etc/wazuh-dashboard/opensearch_dashboards.yml
+      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
+      - ./production_cluster/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
+      - ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
+      - ./production_cluster/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/opensearch_dashboards.yml
      - ./production_cluster/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
    depends_on:
      - wazuh1.indexer
--- a/production_cluster/wazuh_dashboard/opensearch_dashboards.yml
+++ b/production_cluster/wazuh_dashboard/opensearch_dashboards.yml
@@ -6,7 +6,7 @@ opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
 opensearch_security.multitenancy.enabled: false
 opensearch_security.readonly_mode.roles: ["kibana_read_only"]
 server.ssl.enabled: true
-server.ssl.key: "/etc/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
-server.ssl.certificate: "/etc/wazuh-dashboard/certs/wazuh-dashboard.pem"
-opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
+server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
+server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
+opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
 uiSettings.overrides.defaultRoute: /app/wazuh?security_tenant=global
--- a/wazuh-dashboard/Dockerfile
+++ b/wazuh-dashboard/Dockerfile
@@ -1,31 +1,53 @@
 # Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
 FROM ubuntu:focal AS builder

-ARG WAZUH_VERSION=4.3.0-1
+ARG WAZUH_VERSION=4.3.0
+ARG INSTALL_DIR=/usr/share/wazuh-dashboard

 # Update and install dependencies
-RUN apt-get update && apt install curl libcap2-bin -y
+RUN apt-get update && apt install curl libcap2-bin xz-utils -y

-#Download and install Wazuh Dashboard
-RUN curl https://packages-dev.wazuh.com/pre-release/apt/pool/main/w/wazuh-dashboard/wazuh-dashboard_${WAZUH_VERSION}_amd64.deb --output wazuh-dashboard_${WAZUH_VERSION}_amd64.deb && \
-    dpkg -i wazuh-dashboard_${WAZUH_VERSION}_amd64.deb && \
-    apt-get clean -y && rm -rf wazuh-dashboard_${WAZUH_VERSION}_amd64.deb
+# Create Install dir
+RUN mkdir -p $INSTALL_DIR

+# Download and extract Wazuh dashboard base
+RUN curl -o wazuh-dashboard-base.tar.xz https://packages.wazuh.com/stack/dashboard/base/wazuh-dashboard-base-$WAZUH_VERSION-linux-x64.tar.xz && \
+    tar -xf wazuh-dashboard-base.tar.xz --directory  $INSTALL_DIR --strip-components=1

-COPY config/opensearch_dashboards.yml /etc/wazuh-dashboard/
+# Download and extract demo certificates
+RUN curl -O https://packages.wazuh.com/stack/demo-certs.tar.gz && \
+    tar -xf demo-certs.tar.gz && rm -f demo-certs.tar.gz

-COPY config/wazuh.yml /usr/share/wazuh-dashboard/data/wazuh/config/
+# Create certs dir
+RUN mkdir -p $INSTALL_DIR/config/certs

-RUN chown 101:101 /etc/wazuh-dashboard/opensearch_dashboards.yml && chmod 664 /etc/wazuh-dashboard/opensearch_dashboards.yml
+# Copy Wazuh dashboard demo certs to install config dir
+RUN cp certs/demo-dashboard.pem $INSTALL_DIR/config/certs/demo-dashboard.pem && \ 
+    cp certs/demo-dashboard-key.pem $INSTALL_DIR/config/certs/demo-dashboard-key.pem && \
+    cp certs/root-ca.pem $INSTALL_DIR/config/certs/root-ca.pem

-RUN mkdir -p /usr/share/wazuh-dashboard/data/wazuh && chown -R 101:101 /usr/share/wazuh-dashboard/data/wazuh && chmod -R 775 /usr/share/wazuh-dashboard/data/wazuh
+RUN chmod 640 $INSTALL_DIR/config/certs/*

-RUN mkdir -p /usr/share/wazuh-dashboard/data/wazuh/config && chown -R 101:101 /usr/share/wazuh-dashboard/data/wazuh/config && chmod -R 775 /usr/share/wazuh-dashboard/data/wazuh/config
+# Create and configure Wazuh dashboard keystore
+RUN $INSTALL_DIR/bin/opensearch-dashboards-keystore create --allow-root && \
+    echo kibanaserver | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.username --stdin --allow-root && \
+    echo kibanaserver | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.password --stdin --allow-root

-RUN mkdir -p /usr/share/wazuh-dashboard/data/wazuh/logs && chown -R 101:101 /usr/share/wazuh-dashboard/data/wazuh/logs && chmod -R 775 /usr/share/wazuh-dashboard/data/wazuh/logs
+# Install Wazuh App 
+RUN $INSTALL_DIR/bin/opensearch-dashboards-plugin install https://packages.wazuh.com/4.x/ui/dashboard/wazuh-$WAZUH_VERSION.zip --allow-root
+
+# Copy and set permissions to config files
+COPY config/opensearch_dashboards.yml $INSTALL_DIR/config/
+COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/
+RUN chown 101:101 $INSTALL_DIR/config/opensearch_dashboards.yml && chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml
+
+# Create and set permissions to data directories
+RUN mkdir -p $INSTALL_DIR/data/wazuh && chown -R 101:101 $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
+RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chown -R 101:101 $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config
+RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chown -R 101:101 $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs

 ################################################################################
-# Build stage 1 (the actual Wazuh dashboard image):
+# Build stage 1 (the current Wazuh dashboard image):
 #
 # Copy wazuh-dashboard from stage 0
 # Add entrypoint
@@ -33,13 +55,14 @@ RUN mkdir -p /usr/share/wazuh-dashboard/data/wazuh/logs && chown -R 101:101 /usr
 ################################################################################
 FROM ubuntu:focal

+# Set environment variables
 ENV USER="wazuh-dashboard" \
    GROUP="wazuh-dashboard" \
    NAME="wazuh-dashboard" \
    INSTALL_DIR="/usr/share/wazuh-dashboard"

+# Create wazuh-dashboard user and group
 RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
-
 RUN useradd --system \
            --uid 1000 \
            --no-create-home \
@@ -49,21 +72,18 @@ RUN useradd --system \
            --comment "$USER user" \
            $USER

+# Copy and set permissions to scripts
 COPY config/entrypoint.sh /
-
 COPY config/wazuh_app_config.sh /
-
 RUN chmod 700 /entrypoint.sh
-
 RUN chmod 700 /wazuh_app_config.sh
-
 RUN chown 1000:1000 /*.sh

-COPY --from=builder --chown=1000:1000 /usr/share/wazuh-dashboard /usr/share/wazuh-dashboard
-COPY --from=builder --chown=1000:1000 /run/wazuh-dashboard /run/wazuh-dashboard
-COPY --from=builder --chown=1000:1000 /etc/wazuh-dashboard /etc/wazuh-dashboard
+# Copy Install dir from builder to current image
+COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR

-WORKDIR /usr/share/wazuh-dashboard/
+# Set workdir and user
+WORKDIR $INSTALL_DIR
 USER wazuh-dashboard

 # Services ports
--- a/wazuh-dashboard/config/entrypoint.sh
+++ b/wazuh-dashboard/config/entrypoint.sh
@@ -7,4 +7,4 @@

 /wazuh_app_config.sh

-/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml
+/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
--- a/wazuh-dashboard/config/opensearch_dashboards.yml
+++ b/wazuh-dashboard/config/opensearch_dashboards.yml
@@ -7,8 +7,8 @@ opensearch_security.multitenancy.enabled: true
 opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
 opensearch_security.readonly_mode.roles: ["kibana_read_only"]
 server.ssl.enabled: true
-server.ssl.key: "/etc/wazuh-dashboard/certs/demo-dashboard-key.pem"
-server.ssl.certificate: "/etc/wazuh-dashboard/certs/demo-dashboard.pem"
-opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
+server.ssl.key: "/usr/share/wazuh-dashboard/config/certs/demo-dashboard-key.pem"
+server.ssl.certificate: "/usr/share/wazuh-dashboard/config/certs/demo-dashboard.pem"
+opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/config/certs/root-ca.pem"]
 uiSettings.overrides.defaultRoute: /app/wazuh?security_tenant=global