change docker-compose.yml environments for multinode deployment

build-docker-images/wazuh-dashboard/Dockerfile

@@ -26,7 +26,7 @@ RUN chmod 775 /install_wazuh_app.sh
 RUN bash /install_wazuh_app.sh
 
 # Copy and set permissions to config files
-COPY config/opensearch_dashboards.yml $INSTALL_DIR/config/
+RUN cp  $INSTALL_DIR/etc/opensearch_dashboards.yml $INSTALL_DIR/config/opensearch_dashboards.yml
 COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/
 RUN chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml
 
@@ -34,6 +34,7 @@ RUN chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml
 RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
 RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config
 RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs
+RUN mkdir /wazuh-config-mount && chmod -R 775 /wazuh-config-mount
 
 ################################################################################
 # Build stage 1 (the current Wazuh dashboard image):
@@ -108,6 +109,15 @@ COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR
 RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
 RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
 
+# Set $JAVA_HOME
+RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \
+    echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh
+ENV JAVA_HOME=$INSTALL_DIR/jdk
+ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin
+
+# Add k-NN lib directory to library loading path variable
+ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib"
+
 # Set workdir and user
 WORKDIR $INSTALL_DIR
 USER wazuh-dashboard
@@ -116,3 +126,7 @@ USER wazuh-dashboard
 EXPOSE 443
 
 ENTRYPOINT [ "/entrypoint.sh" ]
+
+CMD ["opensearch-dashboards"]
+
+

build-docker-images/wazuh-dashboard/config/config.sh

@@ -34,8 +34,8 @@ chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A
 mkdir -p ${CONFIG_DIR}/certs
 
 # Copy Wazuh dashboard certs to install config dir
-cp /wazuh-certificates/demo.dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem
+cp /wazuh-certificates/dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem
-cp /wazuh-certificates/demo.dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem
+cp /wazuh-certificates/dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem
 cp /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem
 
 chmod -R 500 ${CONFIG_DIR}/certs

build-docker-images/wazuh-dashboard/config/config.yml

@@ -1,5 +1,5 @@
 nodes:
   # Wazuh dashboard server nodes
   dashboard:
-    - name: demo.dashboard
+    - name: dashboard
-      ip: demo.dashboard
+      ip: wazuh.dashboard

build-docker-images/wazuh-dashboard/config/entrypoint.sh

@@ -2,6 +2,215 @@
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 
 INSTALL_DIR=/usr/share/wazuh-dashboard
+export OPENSEARCH_DASHBOARDS_HOME=$INSTALL_DIR
+WAZUH_CONFIG_MOUNT=/wazuh-config-mount
+
+opensearch_dashboards_vars=(
+    console.enabled
+    console.proxyConfig
+    console.proxyFilter
+    ops.cGroupOverrides.cpuPath
+    ops.cGroupOverrides.cpuAcctPath
+    cpu.cgroup.path.override
+    cpuacct.cgroup.path.override
+    server.basePath
+    server.customResponseHeaders
+    server.compression.enabled
+    server.compression.referrerWhitelist
+    server.cors
+    server.cors.origin
+    server.defaultRoute
+    server.host
+    server.keepAliveTimeout
+    server.maxPayloadBytes
+    server.name
+    server.port
+    csp.rules
+    csp.strict
+    csp.warnLegacyBrowsers
+    data.search.usageTelemetry.enabled
+    opensearch.customHeaders
+    opensearch.hosts
+    opensearch.logQueries
+    opensearch.memoryCircuitBreaker.enabled
+    opensearch.memoryCircuitBreaker.maxPercentage
+    opensearch.password
+    opensearch.pingTimeout
+    opensearch.requestHeadersWhitelist
+    opensearch.requestHeadersAllowlist
+    opensearch_security.multitenancy.enabled
+    opensearch_security.readonly_mode.roles
+    opensearch.requestTimeout
+    opensearch.shardTimeout
+    opensearch.sniffInterval
+    opensearch.sniffOnConnectionFault
+    opensearch.sniffOnStart
+    opensearch.ssl.alwaysPresentCertificate
+    opensearch.ssl.certificate
+    opensearch.ssl.key
+    opensearch.ssl.keyPassphrase
+    opensearch.ssl.keystore.path
+    opensearch.ssl.keystore.password
+    opensearch.ssl.truststore.path
+    opensearch.ssl.truststore.password
+    opensearch.ssl.verificationMode
+    opensearch.username
+    i18n.locale
+    interpreter.enableInVisualize
+    opensearchDashboards.autocompleteTerminateAfter
+    opensearchDashboards.autocompleteTimeout
+    opensearchDashboards.defaultAppId
+    opensearchDashboards.index
+    logging.dest
+    logging.json
+    logging.quiet
+    logging.rotate.enabled
+    logging.rotate.everyBytes
+    logging.rotate.keepFiles
+    logging.rotate.pollingInterval
+    logging.rotate.usePolling
+    logging.silent
+    logging.useUTC
+    logging.verbose
+    map.includeOpenSearchMapsService
+    map.proxyOpenSearchMapsServiceInMaps
+    map.regionmap
+    map.tilemap.options.attribution
+    map.tilemap.options.maxZoom
+    map.tilemap.options.minZoom
+    map.tilemap.options.subdomains
+    map.tilemap.url
+    monitoring.cluster_alerts.email_notifications.email_address
+    monitoring.enabled
+    monitoring.opensearchDashboards.collection.enabled
+    monitoring.opensearchDashboards.collection.interval
+    monitoring.ui.container.opensearch.enabled
+    monitoring.ui.container.logstash.enabled
+    monitoring.ui.opensearch.password
+    monitoring.ui.opensearch.pingTimeout
+    monitoring.ui.opensearch.hosts
+    monitoring.ui.opensearch.username
+    monitoring.ui.opensearch.logFetchCount
+    monitoring.ui.opensearch.ssl.certificateAuthorities
+    monitoring.ui.opensearch.ssl.verificationMode
+    monitoring.ui.enabled
+    monitoring.ui.max_bucket_size
+    monitoring.ui.min_interval_seconds
+    newsfeed.enabled
+    ops.interval
+    path.data
+    pid.file
+    regionmap
+    security.showInsecureClusterWarning
+    server.rewriteBasePath
+    server.socketTimeout
+    server.customResponseHeaders
+    server.ssl.enabled
+    server.ssl.key
+    server.ssl.keyPassphrase
+    server.ssl.keystore.path
+    server.ssl.keystore.password
+    server.ssl.truststore.path
+    server.ssl.truststore.password
+    server.ssl.cert
+    server.ssl.certificate
+    server.ssl.certificateAuthorities
+    server.ssl.cipherSuites
+    server.ssl.clientAuthentication
+    opensearch.ssl.certificateAuthorities
+    server.ssl.redirectHttpFromPort
+    server.ssl.supportedProtocols
+    server.xsrf.disableProtection
+    server.xsrf.whitelist
+    status.allowAnonymous
+    status.v6ApiFormat
+    tilemap.options.attribution
+    tilemap.options.maxZoom
+    tilemap.options.minZoom
+    tilemap.options.subdomains
+    tilemap.url
+    timeline.enabled
+    vega.enableExternalUrls
+    apm_oss.apmAgentConfigurationIndex
+    apm_oss.indexPattern
+    apm_oss.errorIndices
+    apm_oss.onboardingIndices
+    apm_oss.spanIndices
+    apm_oss.sourcemapIndices
+    apm_oss.transactionIndices
+    apm_oss.metricsIndices
+    telemetry.allowChangingOptInStatus
+    telemetry.enabled
+    telemetry.optIn
+    telemetry.optInStatusUrl
+    telemetry.sendUsageFrom
+    vis_builder.enabled
+    data_source.enabled
+    data_source.encryption.wrappingKeyName
+    data_source.encryption.wrappingKeyNamespace
+    data_source.encryption.wrappingKey
+    data_source.audit.enabled
+    data_source.audit.appender.kind
+    data_source.audit.appender.path
+    data_source.audit.appender.layout.kind
+    data_source.audit.appender.layout.highlight
+    data_source.audit.appender.layout.pattern
+    ml_commons_dashboards.enabled
+    assistant.chat.enabled
+    observability.query_assist.enabled
+    uiSettings.overrides.defaultRoute
+)
+
+print() {
+  echo -e $1
+}
+
+error_and_exit() {
+  echo "Error executing command: '$1'."
+  echo 'Exiting.'
+  exit 1
+}
+
+exec_cmd() {
+  eval $1 > /dev/null 2>&1 || error_and_exit "$1"
+}
+
+exec_cmd_stdout() {
+  eval $1 2>&1 || error_and_exit "$1"
+}
+
+function runOpensearchDashboards {
+    touch $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
+      for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do
+        env_var=$(echo ${opensearch_dashboards_var^^} | tr . _)
+        value=${!env_var}
+        if [[ -n $value ]]; then
+          longoptfile="${opensearch_dashboards_var}: ${value}"
+          if grep -q $opensearch_dashboards_var $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml; then
+            sed -i "/${opensearch_dashboards_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
+          else
+            echo $longoptfile >> $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
+          fi
+        fi
+      done
+
+    umask 0002
+
+    /usr/share/wazuh-dashboard/bin/opensearch-dashboards -c $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml \
+        --cpu.cgroup.path.override=/ \
+        --cpuacct.cgroup.path.override=/
+}
+
+mount_files() {
+  if [ -e $WAZUH_CONFIG_MOUNT/* ]
+  then
+    print "Identified Wazuh cdashboard onfiguration files to mount..."
+    exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $INSTALL_DIR"
+  else
+    print "No Wazuh dashboard configuration files to mount..."
+  fi
+}
+
 DASHBOARD_USERNAME="${DASHBOARD_USERNAME:-kibanaserver}"
 DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}"
 
@@ -17,4 +226,14 @@ echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add o
 
 /wazuh_app_config.sh $WAZUH_UI_REVISION
 
-/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+mount_files
+
+if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then
+    set -- opensearch-dashboards "$@"
+fi
+
+if [ "$1" = "opensearch-dashboards" ]; then
+    runOpensearchDashboards "$@"
+else
+    exec "$@"
+fi

build-docker-images/wazuh-dashboard/config/opensearch_dashboards.yml

@@ -1,13 +0,0 @@
-server.host: 0.0.0.0
-server.port: 5601
-opensearch.hosts: https://wazuh.indexer:9200
-opensearch.ssl.verificationMode: none
-opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
-opensearch_security.multitenancy.enabled: false
-opensearch_security.readonly_mode.roles: ["kibana_read_only"]
-server.ssl.enabled: true
-server.ssl.key: "/usr/share/wazuh-dashboard/config/certs/dashboard-key.pem"
-server.ssl.certificate: "/usr/share/wazuh-dashboard/config/certs/dashboard.pem"
-opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/config/certs/root-ca.pem"]
-uiSettings.overrides.defaultRoute: /app/wz-home
-

build-docker-images/wazuh-indexer/Dockerfile

@@ -6,20 +6,10 @@ ARG WAZUH_TAG_REVISION
 
 RUN yum install curl-minimal openssl xz tar findutils shadow-utils -y
 
-COPY config/opensearch.yml /
-
 COPY config/config.sh .
 
 COPY config/config.yml /
 
-COPY config/action_groups.yml /
-
-COPY config/internal_users.yml /
-
-COPY config/roles_mapping.yml /
-
-COPY config/roles.yml /
-
 RUN bash config.sh
 
 ################################################################################
@@ -36,6 +26,16 @@ ENV USER="wazuh-indexer" \
     NAME="wazuh-indexer" \
     INSTALL_DIR="/usr/share/wazuh-indexer"
 
+
+# Set $JAVA_HOME
+RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \
+    echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh
+ENV JAVA_HOME="$INSTALL_DIR/jdk"
+ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin
+
+# Add k-NN lib directory to library loading path variable
+ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib"
+
 RUN yum install curl-minimal shadow-utils findutils hostname -y
 
 RUN getent group $GROUP || groupadd -r -g 1000 $GROUP

build-docker-images/wazuh-indexer/config/config.sh

@@ -117,12 +117,6 @@ cp -pr ${BASE_DIR}/* ${TARGET_DIR}${INSTALLATION_DIR}
 # Copy the security tools
 cp /$CERT_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/
 cp /$PASSWORD_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/
-# Copy Wazuh's config files for the security plugin
-cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
-cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
-cp -pr /action_groups.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
-cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
-cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR}
 # Copy Wazuh indexer's certificates
 cp -pr /wazuh-certificates/demo.indexer.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer.pem
 cp -pr /wazuh-certificates/demo.indexer-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer-key.pem

build-docker-images/wazuh-indexer/config/entrypoint.sh

@@ -7,12 +7,272 @@ umask 0002
 export USER=wazuh-indexer
 export INSTALLATION_DIR=/usr/share/wazuh-indexer
 export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR}
-export JAVA_HOME=${INSTALLATION_DIR}/jdk
-export DISCOVERY=$(grep -oP "(?<=discovery.type: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml)
 export CACERT=$(grep -oP "(?<=plugins.security.ssl.transport.pemtrustedcas_filepath: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml)
 export CERT="${OPENSEARCH_PATH_CONF}/certs/admin.pem"
 export KEY="${OPENSEARCH_PATH_CONF}/certs/admin-key.pem"
 
+opensearch_vars=(
+    cluster.name
+    node.name
+    node.roles
+    path.data
+    path.logs
+    bootstrap.memory_lock
+    network.host
+    http.port
+    transport.port
+    network.bind_host
+    network.publish_host
+    transport.tcp.port
+    compatibility.override_main_response_version
+    http.host
+    http.bind_host
+    http.publish_host
+    http.compression
+    transport.host
+    transport.bind_host
+    transport.publish_host
+    discovery.seed_hosts
+    discovery.seed_providers
+    discovery.type
+    cluster.initial_cluster_manager_nodes
+    cluster.initial_master_nodes
+    node.max_local_storage_nodes
+    gateway.recover_after_nodes
+    gateway.recover_after_data_nodes
+    gateway.expected_data_nodes
+    gateway.recover_after_time
+    plugins.security.nodes_dn
+    plugins.security.nodes_dn_dynamic_config_enabled
+    plugins.security.authcz.admin_dn
+    plugins.security.roles_mapping_resolution
+    plugins.security.dls.mode
+    plugins.security.compliance.salt
+    config.dynamic.http.anonymous_auth_enabled
+    plugins.security.restapi.roles_enabled
+    plugins.security.restapi.password_validation_regex
+    plugins.security.restapi.password_validation_error_message
+    plugins.security.restapi.password_min_length
+    plugins.security.restapi.password_score_based_validation_strength
+    plugins.security.unsupported.restapi.allow_securityconfig_modification
+    plugins.security.authcz.impersonation_dn
+    plugins.security.authcz.rest_impersonation_user
+    plugins.security.allow_default_init_securityindex
+    plugins.security.allow_unsafe_democertificates
+    plugins.security.system_indices.permission.enabled
+    plugins.security.config_index_name
+    plugins.security.cert.oid
+    plugins.security.cert.intercluster_request_evaluator_class
+    plugins.security.enable_snapshot_restore_privilege
+    plugins.security.check_snapshot_restore_write_privileges
+    plugins.security.cache.ttl_minutes
+    plugins.security.protected_indices.enabled
+    plugins.security.protected_indices.roles
+    plugins.security.protected_indices.indices
+    plugins.security.system_indices.enabled
+    plugins.security.system_indices.indices
+    plugins.security.audit.enable_rest
+    plugins.security.audit.enable_transport
+    plugins.security.audit.resolve_bulk_requests
+    plugins.security.audit.config.disabled_categories
+    plugins.security.audit.ignore_requests
+    plugins.security.audit.threadpool.size
+    plugins.security.audit.threadpool.max_queue_len
+    plugins.security.audit.ignore_users
+    plugins.security.audit.type
+    plugins.security.audit.config.http_endpoints
+    plugins.security.audit.config.index
+    plugins.security.audit.config.type
+    plugins.security.audit.config.username
+    plugins.security.audit.config.password
+    plugins.security.audit.config.enable_ssl
+    plugins.security.audit.config.verify_hostnames
+    plugins.security.audit.config.enable_ssl_client_auth
+    plugins.security.audit.config.cert_alias
+    plugins.security.audit.config.pemkey_filepath
+    plugins.security.audit.config.pemkey_content
+    plugins.security.audit.config.pemkey_password
+    plugins.security.audit.config.pemcert_filepath
+    plugins.security.audit.config.pemcert_content
+    plugins.security.audit.config.pemtrustedcas_filepath
+    plugins.security.audit.config.pemtrustedcas_content
+    plugins.security.audit.config.webhook.url
+    plugins.security.audit.config.webhook.format
+    plugins.security.audit.config.webhook.ssl.verify
+    plugins.security.audit.config.webhook.ssl.pemtrustedcas_filepath
+    plugins.security.audit.config.webhook.ssl.pemtrustedcas_content
+    plugins.security.audit.config.log4j.logger_name
+    plugins.security.audit.config.log4j.level
+    opendistro_security.audit.config.disabled_rest_categories
+    opendistro_security.audit.config.disabled_transport_categories
+    plugins.security.ssl.transport.enforce_hostname_verification
+    plugins.security.ssl.transport.resolve_hostname
+    plugins.security.ssl.http.clientauth_mode
+    plugins.security.ssl.http.enabled_ciphers
+    plugins.security.ssl.http.enabled_protocols
+    plugins.security.ssl.transport.enabled_ciphers
+    plugins.security.ssl.transport.enabled_protocols
+    plugins.security.ssl.transport.keystore_type
+    plugins.security.ssl.transport.keystore_filepath
+    plugins.security.ssl.transport.keystore_alias
+    plugins.security.ssl.transport.keystore_password
+    plugins.security.ssl.transport.truststore_type
+    plugins.security.ssl.transport.truststore_filepath
+    plugins.security.ssl.transport.truststore_alias
+    plugins.security.ssl.transport.truststore_password
+    plugins.security.ssl.http.enabled
+    plugins.security.ssl.http.keystore_type
+    plugins.security.ssl.http.keystore_filepath
+    plugins.security.ssl.http.keystore_alias
+    plugins.security.ssl.http.keystore_password
+    plugins.security.ssl.http.truststore_type
+    plugins.security.ssl.http.truststore_filepath
+    plugins.security.ssl.http.truststore_alias
+    plugins.security.ssl.http.truststore_password
+    plugins.security.ssl.transport.enable_openssl_if_available
+    plugins.security.ssl.http.enable_openssl_if_available
+    plugins.security.ssl.transport.pemkey_filepath
+    plugins.security.ssl.transport.pemkey_password
+    plugins.security.ssl.transport.pemcert_filepath
+    plugins.security.ssl.transport.pemtrustedcas_filepath
+    plugins.security.ssl.http.pemkey_filepath
+    plugins.security.ssl.http.pemkey_password
+    plugins.security.ssl.http.pemcert_filepath
+    plugins.security.ssl.http.pemtrustedcas_filepath
+    plugins.security.ssl.transport.enabled
+    plugins.security.ssl.transport.client.pemkey_password
+    plugins.security.ssl.transport.keystore_keypassword
+    plugins.security.ssl.transport.server.keystore_keypassword
+    plugins.sercurity.ssl.transport.server.keystore_alias
+    plugins.sercurity.ssl.transport.client.keystore_alias
+    plugins.sercurity.ssl.transport.server.truststore_alias
+    plugins.sercurity.ssl.transport.client.truststore_alias
+    plugins.security.ssl.client.external_context_id
+    plugins.secuirty.ssl.transport.principal_extractor_class
+    plugins.security.ssl.http.crl.file_path
+    plugins.security.ssl.http.crl.validate
+    plugins.security.ssl.http.crl.prefer_crlfile_over_ocsp
+    plugins.security.ssl.http.crl.check_only_end_entitites
+    plugins.security.ssl.http.crl.disable_ocsp
+    plugins.security.ssl.http.crl.disable_crldp
+    plugins.security.ssl.allow_client_initiated_renegotiation
+    indices.breaker.total.use_real_memory
+    indices.breaker.total.limit
+    indices.breaker.fielddata.limit
+    indices.breaker.fielddata.overhead
+    indices.breaker.request.limit
+    indices.breaker.request.overhead
+    network.breaker.inflight_requests.limit
+    network.breaker.inflight_requests.overhead
+    cluster.routing.allocation.enable
+    cluster.routing.allocation.node_concurrent_incoming_recoveries
+    cluster.routing.allocation.node_concurrent_outgoing_recoveries
+    cluster.routing.allocation.node_concurrent_recoveries
+    cluster.routing.allocation.node_initial_primaries_recoveries
+    cluster.routing.allocation.same_shard.host
+    cluster.routing.rebalance.enable
+    cluster.routing.allocation.allow_rebalance
+    cluster.routing.allocation.cluster_concurrent_rebalance
+    cluster.routing.allocation.balance.shard
+    cluster.routing.allocation.balance.index
+    cluster.routing.allocation.balance.threshold
+    cluster.routing.allocation.balance.prefer_primary
+    cluster.routing.allocation.disk.threshold_enabled
+    cluster.routing.allocation.disk.watermark.low
+    cluster.routing.allocation.disk.watermark.high
+    cluster.routing.allocation.disk.watermark.flood_stage
+    cluster.info.update.interval
+    cluster.routing.allocation.shard_movement_strategy
+    cluster.blocks.read_only
+    cluster.blocks.read_only_allow_delete
+    cluster.max_shards_per_node
+    cluster.persistent_tasks.allocation.enable
+    cluster.persistent_tasks.allocation.recheck_interval
+    cluster.search.request.slowlog.threshold.warn
+    cluster.search.request.slowlog.threshold.info
+    cluster.search.request.slowlog.threshold.debug
+    cluster.search.request.slowlog.threshold.trace
+    cluster.search.request.slowlog.level
+    cluster.fault_detection.leader_check.timeout
+    cluster.fault_detection.follower_check.timeout
+    action.auto_create_index
+    action.destructive_requires_name
+    cluster.default.index.refresh_interval
+    cluster.minimum.index.refresh_interval
+    cluster.indices.close.enable
+    indices.recovery.max_bytes_per_sec
+    indices.recovery.max_concurrent_file_chunks
+    indices.recovery.max_concurrent_operations
+    indices.recovery.max_concurrent_remote_store_streams
+    indices.time_series_index.default_index_merge_policy
+    indices.fielddata.cache.size
+    index.number_of_shards
+    index.number_of_routing_shards
+    index.shard.check_on_startup
+    index.codec
+    index.codec.compression_level
+    index.routing_partition_size
+    index.soft_deletes.retention_lease.period
+    index.load_fixed_bitset_filters_eagerly
+    index.hidden
+    index.merge.policy
+    index.merge_on_flush.enabled
+    index.merge_on_flush.max_full_flush_merge_wait_time
+    index.merge_on_flush.policy
+    index.check_pending_flush.enabled
+    index.number_of_replicas
+    index.auto_expand_replicas
+    index.search.idle.after
+    index.refresh_interval
+    index.max_result_window
+    index.max_inner_result_window
+    index.max_rescore_window
+    index.max_docvalue_fields_search
+    index.max_script_fields
+    index.max_ngram_diff
+    index.max_shingle_diff
+    index.max_refresh_listeners
+    index.analyze.max_token_count
+    index.highlight.max_analyzed_offset
+    index.max_terms_count
+    index.max_regex_length
+    index.query.default_field
+    index.query.max_nested_depth
+    index.routing.allocation.enable
+    index.routing.rebalance.enable
+    index.gc_deletes
+    index.default_pipeline
+    index.final_pipeline
+    index.optimize_doc_id_lookup.fuzzy_set.enabled
+    index.optimize_doc_id_lookup.fuzzy_set.false_positive_probability
+    search.max_buckets
+    search.phase_took_enabled
+    search.allow_expensive_queries
+    search.default_allow_partial_results
+    search.cancel_after_time_interval
+    search.default_search_timeout
+    search.default_keep_alive
+    search.keep_alive_interval
+    search.max_keep_alive
+    search.low_level_cancellation
+    search.max_open_scroll_context
+    search.request_stats_enabled
+    search.highlight.term_vector_multi_value
+    snapshot.max_concurrent_operations
+    cluster.remote_store.translog.buffer_interval
+    remote_store.moving_average_window_size
+    opensearch.notifications.core.allowed_config_types
+    opensearch.notifications.core.email.minimum_header_length
+    opensearch.notifications.core.email.size_limit
+    opensearch.notifications.core.http.connection_timeout
+    opensearch.notifications.core.http.host_deny_list
+    opensearch.notifications.core.http.max_connection_per_route
+    opensearch.notifications.core.http.max_connections
+    opensearch.notifications.core.http.socket_timeout
+    opensearch.notifications.core.tooltip_support
+    opensearch.notifications.general.filter_by_backend_roles
+)
+
 run_as_other_user_if_needed() {
   if [[ "$(id -u)" == "0" ]]; then
     # If running as root, drop to specified UID and run command
@@ -24,6 +284,37 @@ run_as_other_user_if_needed() {
   fi
 }
 
+function buildOpensearchConfig {
+    echo "" >> $OPENSEARCH_PATH_CONF/opensearch.yml
+      for opensearch_var in ${opensearch_vars[*]}; do
+        env_var=$(echo ${opensearch_var^^} | tr . _)
+        value=${!env_var}
+        if [[ -n $value ]]; then
+          if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then
+            lineNum="$(grep -n "$opensearch_var" $OPENSEARCH_PATH_CONF/opensearch.yml | head -n 1 | cut -d: -f1)"
+            sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml
+            charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1)
+          fi
+          while :
+          do
+            case "$charline" in
+              "-"| "#" |" ") sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml;;
+              *) break;;
+            esac
+            charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1)
+          done
+          longoptfile="${opensearch_var}: ${value}"
+          if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then
+            sed -i "/${opensearch_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_PATH_CONF/opensearch.yml
+          else
+            echo $longoptfile >> $OPENSEARCH_PATH_CONF/opensearch.yml
+          fi
+        fi
+      done
+}
+
+buildOpensearchConfig
+
 # Allow user specify custom CMD, maybe bin/opensearch itself
 # for example to directly specify `-E` style parameters for opensearch on k8s
 # or simply to run /bin/bash to check the image
@@ -83,8 +374,7 @@ if [[ "$(id -u)" == "0" ]]; then
   fi
 fi
 
-
+#if [[ "$DISCOVERY_TYPE" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then
-#if [[ "$DISCOVERY" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then
   # run securityadmin.sh for single node with CACERT, CERT and KEY parameter
 #  nohup /securityadmin.sh &
 #  touch "/var/lib/wazuh-indexer/.flag"

multi-node/config/wazuh_dashboard/opensearch_dashboards.yml

@@ -1,12 +0,0 @@
-server.host: 0.0.0.0
-server.port: 5601
-opensearch.hosts: https://wazuh1.indexer:9200
-opensearch.ssl.verificationMode: certificate
-opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
-opensearch_security.multitenancy.enabled: false
-opensearch_security.readonly_mode.roles: ["kibana_read_only"]
-server.ssl.enabled: true
-server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
-server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
-opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
-uiSettings.overrides.defaultRoute: /app/wz-home

multi-node/config/wazuh_indexer/wazuh1.indexer.yml

@@ -1,38 +0,0 @@
-network.host: wazuh1.indexer
-node.name: wazuh1.indexer
-cluster.initial_master_nodes:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-cluster.name: "wazuh-cluster"
-discovery.seed_hosts:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-node.max_local_storage_nodes: "3"
-path.data: /var/lib/wazuh-indexer
-path.logs: /var/log/wazuh-indexer
-plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem
-plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key
-plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key
-plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.http.enabled: true
-plugins.security.ssl.transport.enforce_hostname_verification: false
-plugins.security.ssl.transport.resolve_hostname: false
-plugins.security.authcz.admin_dn:
-- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.check_snapshot_restore_write_privileges: true
-plugins.security.enable_snapshot_restore_privilege: true
-plugins.security.nodes_dn:
-- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.restapi.roles_enabled:
-- "all_access"
-- "security_rest_api_access"
-plugins.security.allow_default_init_securityindex: true
-cluster.routing.allocation.disk.threshold_enabled: false
-compatibility.override_main_response_version: true

multi-node/config/wazuh_indexer/wazuh2.indexer.yml

@@ -1,38 +0,0 @@
-network.host: wazuh2.indexer
-node.name: wazuh2.indexer
-cluster.initial_master_nodes:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-cluster.name: "wazuh-cluster"
-discovery.seed_hosts:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-node.max_local_storage_nodes: "3"
-path.data: /var/lib/wazuh-indexer
-path.logs: /var/log/wazuh-indexer
-plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem
-plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key
-plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key
-plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.http.enabled: true
-plugins.security.ssl.transport.enforce_hostname_verification: false
-plugins.security.ssl.transport.resolve_hostname: false
-plugins.security.authcz.admin_dn:
-- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.check_snapshot_restore_write_privileges: true
-plugins.security.enable_snapshot_restore_privilege: true
-plugins.security.nodes_dn:
-- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.restapi.roles_enabled:
-- "all_access"
-- "security_rest_api_access"
-plugins.security.allow_default_init_securityindex: true
-cluster.routing.allocation.disk.threshold_enabled: false
-compatibility.override_main_response_version: true

multi-node/config/wazuh_indexer/wazuh3.indexer.yml

@@ -1,38 +0,0 @@
-network.host: wazuh3.indexer
-node.name: wazuh3.indexer
-cluster.initial_master_nodes:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-cluster.name: "wazuh-cluster"
-discovery.seed_hosts:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-node.max_local_storage_nodes: "3"
-path.data: /var/lib/wazuh-indexer
-path.logs: /var/log/wazuh-indexer
-plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem
-plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key
-plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key
-plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.http.enabled: true
-plugins.security.ssl.transport.enforce_hostname_verification: false
-plugins.security.ssl.transport.resolve_hostname: false
-plugins.security.authcz.admin_dn:
-- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.check_snapshot_restore_write_privileges: true
-plugins.security.enable_snapshot_restore_privilege: true
-plugins.security.nodes_dn:
-- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.restapi.roles_enabled:
-- "all_access"
-- "security_rest_api_access"
-plugins.security.allow_default_init_securityindex: true
-cluster.routing.allocation.disk.threshold_enabled: false
-compatibility.override_main_response_version: true

multi-node/docker-compose.yml

@@ -87,8 +87,35 @@ services:
     ports:
       - "9200:9200"
     environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
-      - "bootstrap.memory_lock=true"
+      bootstrap.memory_lock: "true"
+      NETWORK_HOST: wazuh1.indexer
+      NODE_NAME: wazuh1.indexer
+      CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
+      CLUSTER_NAME: "wazuh-cluster"
+      DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
+      NODE_MAX_LOCAL_STORAGE_NODES: "3"
+      PATH_DATA: /var/lib/wazuh-indexer
+      PATH_LOGS: /var/log/wazuh-indexer
+      PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem
+      PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key
+      PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
+      PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
+      PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
+      PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+      PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
+      PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
+      PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]'
+      PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
+      PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
+      PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
+      PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
+      CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
+      COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
     ulimits:
       memlock:
         soft: -1
@@ -103,7 +130,8 @@ services:
       - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh1.indexer.pem
       - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
       - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
-      - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
+      # - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh2.indexer:
@@ -111,8 +139,35 @@ services:
     hostname: wazuh2.indexer
     restart: always
     environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
-      - "bootstrap.memory_lock=true"
+      bootstrap.memory_lock: "true"
+      NETWORK_HOST: wazuh2.indexer
+      NODE_NAME: wazuh2.indexer
+      CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
+      CLUSTER_NAME: "wazuh-cluster"
+      DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
+      NODE_MAX_LOCAL_STORAGE_NODES: "3"
+      PATH_DATA: /var/lib/wazuh-indexer
+      PATH_LOGS: /var/log/wazuh-indexer
+      PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem
+      PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key
+      PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
+      PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
+      PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
+      PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+      PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
+      PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
+      PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]'
+      PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
+      PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
+      PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
+      PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
+      CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
+      COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
     ulimits:
       memlock:
         soft: -1
@@ -125,7 +180,8 @@ services:
       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
       - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.key
       - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.pem
-      - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
+      # - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh3.indexer:
@@ -133,8 +189,35 @@ services:
     hostname: wazuh3.indexer
     restart: always
     environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
-      - "bootstrap.memory_lock=true"
+      bootstrap.memory_lock: "true"
+      NETWORK_HOST: wazuh3.indexer
+      NODE_NAME: wazuh3.indexer
+      CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
+      CLUSTER_NAME: "wazuh-cluster"
+      DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
+      NODE_MAX_LOCAL_STORAGE_NODES: "3"
+      PATH_DATA: /var/lib/wazuh-indexer
+      PATH_LOGS: /var/log/wazuh-indexer
+      PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem
+      PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key
+      PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
+      PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
+      PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
+      PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+      PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
+      PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
+      PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]'
+      PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
+      PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
+      PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
+      PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
+      CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
+      COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
     ulimits:
       memlock:
         soft: -1
@@ -147,7 +230,8 @@ services:
       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
       - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.key
       - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.pem
-      - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
+      # - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh.dashboard:
@@ -163,11 +247,24 @@ services:
       - API_PASSWORD=MyS3cr37P450r.*-
       - DASHBOARD_USERNAME=kibanaserver
       - DASHBOARD_PASSWORD=kibanaserver
+      - SERVER_HOST=0.0.0.0
+      - SERVER_PORT=5601
+      - OPENSEARCH_HOSTS=https://wazuh1.indexer:9200
+      - OPENSEARCH_SSL_VERIFICATIONMODE=certificate
+      - OPENSEARCH_REQUESTHEADERSALLOWLIST=["securitytenant","Authorization"]
+      - OPENSEARCH_SECURITY_MULTITENANCY_ENABLED=false
+      - SERVER_SSL_ENABLED=true
+      - OPENSEARCH_SECURITY_READONLY_MODE_ROLES=["kibana_read_only"]
+      - SERVER_SSL_KEY="/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
+      - SERVER_SSL_CERTIFICATE="/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
+      - OPENSEARCH_SSL_CERTIFICATEAUTHORITIES=["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
+      - UISETTINGS_OVERRIDES_DEFAULTROUTE=/app/wz-home
     volumes:
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
-      - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+      #  if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables
+      # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
       - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
       - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
       - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom

single-node/config/wazuh_dashboard/opensearch_dashboards.yml

@@ -1,12 +0,0 @@
-server.host: 0.0.0.0
-server.port: 5601
-opensearch.hosts: https://wazuh.indexer:9200
-opensearch.ssl.verificationMode: certificate
-opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
-opensearch_security.multitenancy.enabled: false
-opensearch_security.readonly_mode.roles: ["kibana_read_only"]
-server.ssl.enabled: true
-server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
-server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
-opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
-uiSettings.overrides.defaultRoute: /app/wz-home

single-node/config/wazuh_indexer/wazuh.indexer.yml

@@ -1,30 +0,0 @@
-network.host: "0.0.0.0"
-node.name: "wazuh.indexer"
-path.data: /var/lib/wazuh-indexer
-path.logs: /var/log/wazuh-indexer
-discovery.type: single-node
-http.port: 9200-9299
-transport.tcp.port: 9300-9399
-compatibility.override_main_response_version: true
-plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
-plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
-plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
-plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
-plugins.security.ssl.http.enabled: true
-plugins.security.ssl.transport.enforce_hostname_verification: false
-plugins.security.ssl.transport.resolve_hostname: false
-plugins.security.authcz.admin_dn:
-- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.check_snapshot_restore_write_privileges: true
-plugins.security.enable_snapshot_restore_privilege: true
-plugins.security.nodes_dn:
-- "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.restapi.roles_enabled:
-- "all_access"
-- "security_rest_api_access"
-plugins.security.system_indices.enabled: true
-plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
-plugins.security.allow_default_init_securityindex: true
-cluster.routing.allocation.disk.threshold_enabled: false

single-node/docker-compose.yml

@@ -53,6 +53,33 @@ services:
       - "9200:9200"
     environment:
       - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      - NETWORK_HOST="0.0.0.0"
+      - NODE_NAME="wazuh.indexer"
+      - CLUSTER_INITIAL_MASTER_NODES="wazuh.indexer"
+      - CLUSTER_NAME="wazuh-cluster"
+      - PATH_DATA=/var/lib/wazuh-indexer
+      - PATH_LOGS=/var/log/wazuh-indexer
+      - HTTP_PORT=9200-9299
+      - TRANSPORT_TCP_PORT=9300-9399
+      - COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION=true
+      - PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
+      - PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.key
+      - PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH=/usr/share/wazuh-indexer/certs/root-ca.pem
+      - PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
+      - PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.key
+      - PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH=/usr/share/wazuh-indexer/certs/root-ca.pem
+      - PLUGINS_SECURITY_SSL_HTTP_ENABLED=true
+      - PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION=false
+      - PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME=false
+      - PLUGINS_SECURITY_AUTHCZ_ADMIN_DN="CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+      - PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES= true
+      - PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE= true
+      - PLUGINS_SECURITY_NODES_DN="CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+      - PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED='["all_access", "security_rest_api_access"]'
+      - PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED=true
+      - PLUGINS_SECURITY_SYSTEM_INDICES_INDICES='[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
+      - PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX=true
+      - CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED=false
     ulimits:
       memlock:
         soft: -1
@@ -67,7 +94,8 @@ services:
       - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
       - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
       - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
-      - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
+      # - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh.dashboard:
@@ -84,12 +112,25 @@ services:
       - DASHBOARD_PASSWORD=kibanaserver
       - API_USERNAME=wazuh-wui
       - API_PASSWORD=MyS3cr37P450r.*-
+      - SERVER_HOST=0.0.0.0
+      - SERVER_PORT=5601
+      - OPENSEARCH_HOSTS=https://wazuh.indexer:9200
+      - OPENSEARCH_SSL_VERIFICATIONMODE=certificate
+      - OPENSEARCH_REQUESTHEADERSALLOWLIST=["securitytenant","Authorization"]
+      - OPENSEARCH_SECURITY_MULTITENANCY_ENABLED=false
+      - SERVER_SSL_ENABLED=true
+      - OPENSEARCH_SECURITY_READONLY_MODE_ROLES=["kibana_read_only"]
+      - SERVER_SSL_KEY="/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
+      - SERVER_SSL_CERTIFICATE="/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
+      - OPENSEARCH_SSL_CERTIFICATEAUTHORITIES=["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
+      - UISETTINGS_OVERRIDES_DEFAULTROUTE=/app/wz-home
     volumes:
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
-      - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+     #  if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables
-      - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
+     # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/wazuh-config-mount/config/opensearch_dashboards.yml
+      - ./config/wazuh_dashboard/wazuh.yml:/wazuh-config-mount/data/wazuh/config/wazuh.yml
       - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
       - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
     depends_on: