Merge pull request #2049 from wazuh/merge-4.14.1-into-main

Merge 4.14.1 into main
2025-12-10 00:38:27 -06:00 · 2025-10-23 13:01:59 -03:00 · 2025-10-23 13:01:59 -03:00 · 2df9e3a942
commit 2df9e3a942
parent 53a5d1a7e4 152a5476f7
13 changed files with 44 additions and 32 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -28,7 +28,7 @@ All notable changes to this project will be documented in this file.

 ### Changed

- None
+- Wazuh cert tool generator improvements ([#2027](https://github.com/wazuh/wazuh-docker/pull/2027))

 ### Fixed

@ -46,6 +46,8 @@ All notable changes to this project will be documented in this file.

 ### Changed

+- Change filebeat install method ([#2020](https://github.com/wazuh/wazuh-docker/pull/2020))
+- Remove dashboard chat setting ([#2021](https://github.com/wazuh/wazuh-docker/pull/2021))
 - Rollback data source setting ([#1999](https://github.com/wazuh/wazuh-docker/pull/1999))
 - Dashboard settings added ([#1998](https://github.com/wazuh/wazuh-docker/pull/1998))
 - Add filebeat config file in the PERMANENT_DATA_EXCP list ([#1898](https://github.com/wazuh/wazuh-docker/pull/1898))
@ -53,6 +55,7 @@ All notable changes to this project will be documented in this file.

 ### Fixed

+- Change Wazuh indexer directory owner ([#2029](https://github.com/wazuh/wazuh-docker/pull/2029))
 - Double the amount of space consumed in Wazuh Indexer ([#1953](https://github.com/wazuh/wazuh-docker/pull/1953))
 - Fix config directory for opensearch_security plugin work ([#1951](https://github.com/wazuh/wazuh-docker/pull/1951))
 - Update Dockerfile to copy opensearch-security files ([#1928](https://github.com/wazuh/wazuh-docker/pull/1928))
--- a/build-docker-images/build-images.sh
+++ b/build-docker-images/build-images.sh
@ -76,7 +76,7 @@ help() {
    echo
    echo "Usage: $0 [OPTIONS]"
    echo
-    echo "    -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default."
+    echo "    -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc2 or beta1, not used by default."
    echo "    -f, --filebeat-module <ref>  [Optional] Set Filebeat module version. By default ${FILEBEAT_MODULE_VERSION}."
    echo "    -r, --revision <rev>         [Optional] Package revision. By default ${WAZUH_TAG_REVISION}"
    echo "    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, ${WAZUH_IMAGE_VERSION}."
--- a/build-docker-images/wazuh-indexer/Dockerfile
+++ b/build-docker-images/wazuh-indexer/Dockerfile
@ -62,9 +62,10 @@ COPY config/entrypoint.sh /

 COPY config/securityadmin.sh /

-RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh
-
-RUN chown 1000:1000 /*.sh
+RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh && \
+    mkdir -p /usr/share/wazuh-indexer && \
+    chown 1000:1000 /usr/share/wazuh-indexer && \
+    chown 1000:1000 /*.sh

 COPY --from=builder --chown=1000:1000 /usr/share/wazuh-indexer /usr/share/wazuh-indexer
 COPY --from=builder --chown=1000:1000 /etc/wazuh-indexer /usr/share/wazuh-indexer/config
--- a/build-docker-images/wazuh-manager/Dockerfile
+++ b/build-docker-images/wazuh-manager/Dockerfile
@ -8,6 +8,7 @@ ARG WAZUH_TAG_REVISION
 ARG FILEBEAT_TEMPLATE_BRANCH
 ARG FILEBEAT_CHANNEL=filebeat-oss
 ARG FILEBEAT_VERSION=7.10.2
+ARG FILEBEAT_REVISION=2
 ARG WAZUH_FILEBEAT_MODULE
 ARG S6_VERSION="v2.2.0.3"

--- a/build-docker-images/wazuh-manager/config/filebeat_module.sh
+++ b/build-docker-images/wazuh-manager/config/filebeat_module.sh
@ -7,6 +7,5 @@ if [[ -n "${WAZUH_TAG}" ]]; then
  REPOSITORY="packages.wazuh.com/5.x"
 fi

-curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm &&\
-yum install -y ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm && rm -f ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm && \
+yum install filebeat-${FILEBEAT_VERSION}-${FILEBEAT_REVISION} -y && \
 curl -s https://${REPOSITORY}/filebeat/${WAZUH_FILEBEAT_MODULE} | tar -xvz -C /usr/share/filebeat/module
--- a/docs/dev/build-image.md
+++ b/docs/dev/build-image.md
@ -23,7 +23,7 @@ $ build-docker-images/build-images.sh -h

 Usage: build-docker-images/build-images.sh [OPTIONS]

-    -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default.
+    -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc2 or beta1, not used by default.
    -f, --filebeat-module <ref>  [Optional] Set Filebeat module version. By default 0.4.
    -r, --revision <rev>         [Optional] Package revision. By default 1
    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 5.0.0.
--- a/indexer-certs-creator/Dockerfile
+++ b/indexer-certs-creator/Dockerfile
@ -1,7 +1,7 @@
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
-FROM ubuntu:focal
+FROM amazonlinux:2023

-RUN apt-get update && apt-get install openssl curl -y
+RUN yum update -y && yum install openssl curl-minimal -y

 WORKDIR /

--- a/indexer-certs-creator/README.md
+++ b/indexer-certs-creator/README.md
@ -5,5 +5,5 @@ The dockerfile hosted in this directory is used to build the image used to boot
 To create the image, the following command must be executed:

 ```
-$ docker build -t wazuh/wazuh-certs-generator:0.0.2 .
+$ docker build -t wazuh/wazuh-certs-generator:0.0.3 .
 ```
--- a/indexer-certs-creator/config/entrypoint.sh
+++ b/indexer-certs-creator/config/entrypoint.sh
@ -8,29 +8,35 @@
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/5.0/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/
+PACKAGES_URL=https://packages.wazuh.com/$CERT_TOOL_VERSION/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/$CERT_TOOL_VERSION/

-## Check if the cert tool exists in S3 buckets
-CERT_TOOL_PACKAGES=$(curl --silent --head --location --output /dev/null --write-out "%{http_code}" "$PACKAGES_URL$CERT_TOOL")
-CERT_TOOL_PACKAGES_DEV=$(curl --silent --head --location --output /dev/null --write-out "%{http_code}" "$PACKAGES_DEV_URL$CERT_TOOL")
+OUTPUT_FILE="/$CERT_TOOL"

-## If cert tool exists in some bucket, download it, if not exit 1
-if [ "$CERT_TOOL_PACKAGES" = "200" ]; then
-  curl -o $CERT_TOOL $PACKAGES_URL$CERT_TOOL -s
-  echo "The tool to create the certificates exists in the in Packages bucket"
-elif [ "$CERT_TOOL_PACKAGES_DEV" = "200" ]; then
-  curl -o $CERT_TOOL $PACKAGES_DEV_URL$CERT_TOOL -s
-  echo "The tool to create the certificates exists in Packages-dev bucket"
+download_package() {
+    local url=$1
+    echo "Checking $url$CERT_TOOL ..."
+    if curl -fsL "$url$CERT_TOOL" -o "$OUTPUT_FILE"; then
+        echo "Downloaded $CERT_TOOL from $url"
+        return 0
+    else
+        return 1
+    fi
+}
+
+# Try first the prod URL, if it fails try the dev URL
+if download_package "$PACKAGES_URL"; then
+    :
+elif download_package "$PACKAGES_DEV_URL"; then
+    :
 else
-  echo "The tool to create the certificates does not exist in any bucket"
-  echo "ERROR: certificates were not created"
-  exit 1
+    echo "The tool to create the certificates does not exist in any bucket"
+    echo "ERROR: certificates were not created"
+    exit 1
 fi

 cp /config/certs.yml /config.yml
-
-chmod 700 /$CERT_TOOL
+chmod 700 "$OUTPUT_FILE"

 ##############################################################################
 # Creating Cluster certificates
--- a/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml
+++ b/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml
@ -14,4 +14,3 @@ uiSettings.overrides.defaultRoute: /app/wz-home
 opensearch_security.cookie.ttl: 900000
 opensearch_security.session.ttl: 900000
 opensearch_security.session.keepalive: true
-assistant.chat.enabled: true
--- a/multi-node/generate-indexer-certs.yml
+++ b/multi-node/generate-indexer-certs.yml
@ -1,8 +1,10 @@
 # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 services:
  generator:
-    image: wazuh/wazuh-certs-generator:0.0.2
+    image: wazuh/wazuh-certs-generator:0.0.3
    hostname: wazuh-certs-generator
+    environment:
+      - CERT_TOOL_VERSION=4.14
    volumes:
      - ./config/wazuh_indexer_ssl_certs/:/certificates/
      - ./config/certs.yml:/config/certs.yml
--- a/single-node/config/wazuh_dashboard/opensearch_dashboards.yml
+++ b/single-node/config/wazuh_dashboard/opensearch_dashboards.yml
@ -14,4 +14,3 @@ uiSettings.overrides.defaultRoute: /app/wz-home
 opensearch_security.cookie.ttl: 900000
 opensearch_security.session.ttl: 900000
 opensearch_security.session.keepalive: true
-assistant.chat.enabled: true
--- a/single-node/generate-indexer-certs.yml
+++ b/single-node/generate-indexer-certs.yml
@ -1,8 +1,10 @@
 # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 services:
  generator:
-    image: wazuh/wazuh-certs-generator:0.0.2
+    image: wazuh/wazuh-certs-generator:0.0.3
    hostname: wazuh-certs-generator
+    environment:
+      - CERT_TOOL_VERSION=4.14
    volumes:
      - ./config/wazuh_indexer_ssl_certs/:/certificates/
      - ./config/certs.yml:/config/certs.yml