mirror of
https://github.com/wazuh/wazuh-docker.git
synced 2025-12-10 00:38:27 -06:00
new builder for opensearch-dashboards.yml
This commit is contained in:
vcerenu
parent
816f822876
commit
441569f1bf
@ -26,9 +26,9 @@ RUN chmod 775 /install_wazuh_app.sh
|
||||
RUN bash /install_wazuh_app.sh
|
||||
|
||||
# Copy and set permissions to config files
|
||||
# RUN cp $INSTALL_DIR/etc/opensearch_dashboards.yml $INSTALL_DIR/config/opensearch_dashboards.yml
|
||||
RUN cp $INSTALL_DIR/etc/opensearch_dashboards.yml $INSTALL_DIR/config/opensearch_dashboards.yml
|
||||
COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/
|
||||
# RUN chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml
|
||||
RUN chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml
|
||||
|
||||
# Create and set permissions to data directories
|
||||
RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
|
||||
|
||||
@ -2,29 +2,9 @@
|
||||
# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
|
||||
|
||||
INSTALL_DIR=/usr/share/wazuh-dashboard
|
||||
export OPENSEARCH_DASHBOARDS_HOME=$INSTALL_DIR
|
||||
WAZUH_CONFIG_MOUNT=/wazuh-config-mount
|
||||
|
||||
exec_cmd_stdout() {
|
||||
eval $1 2>&1 || error_and_exit "$1"
|
||||
}
|
||||
|
||||
DASHBOARD_USERNAME="${DASHBOARD_USERNAME:-kibanaserver}"
|
||||
DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}"
|
||||
|
||||
# Create and configure Wazuh dashboard keystore
|
||||
|
||||
yes | $INSTALL_DIR/bin/opensearch-dashboards-keystore create --allow-root && \
|
||||
echo $DASHBOARD_USERNAME | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.username --stdin --allow-root && \
|
||||
echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.password --stdin --allow-root
|
||||
|
||||
##############################################################################
|
||||
# Start Wazuh dashboard
|
||||
##############################################################################
|
||||
|
||||
/wazuh_app_config.sh $WAZUH_UI_REVISION
|
||||
|
||||
export OPENSEARCH_DASHBOARDS_HOME=/usr/share/wazuh-dashboard
|
||||
|
||||
opensearch_dashboards_vars=(
|
||||
console.enabled
|
||||
console.proxyConfig
|
||||
@ -67,7 +47,6 @@ opensearch_dashboards_vars=(
|
||||
opensearch.sniffOnStart
|
||||
opensearch.ssl.alwaysPresentCertificate
|
||||
opensearch.ssl.certificate
|
||||
opensearch.ssl.certificateAuthorities
|
||||
opensearch.ssl.key
|
||||
opensearch.ssl.keyPassphrase
|
||||
opensearch.ssl.keystore.path
|
||||
@ -138,6 +117,7 @@ opensearch_dashboards_vars=(
|
||||
server.ssl.certificateAuthorities
|
||||
server.ssl.cipherSuites
|
||||
server.ssl.clientAuthentication
|
||||
opensearch.ssl.certificateAuthorities
|
||||
server.ssl.redirectHttpFromPort
|
||||
server.ssl.supportedProtocols
|
||||
server.xsrf.disableProtection
|
||||
@ -180,27 +160,45 @@ opensearch_dashboards_vars=(
|
||||
observability.query_assist.enabled
|
||||
uiSettings.overrides.defaultRoute
|
||||
)
|
||||
function runOpensearchDashboards {
|
||||
longopts=()
|
||||
if [ ! -f $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml ]; then
|
||||
touch $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
|
||||
for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do
|
||||
# 'opensearch.hosts' -> 'OPENSEARCH_URL'
|
||||
env_var=$(echo ${opensearch_dashboards_var^^} | tr . _)
|
||||
# Indirectly lookup env var values via the name of the var.
|
||||
# REF: http://tldp.org/LDP/abs/html/bashver2.html#EX78
|
||||
value=${!env_var}
|
||||
if [[ -n $value ]]; then
|
||||
longopt="--${opensearch_dashboards_var}=${value}"
|
||||
longoptfile="--${opensearch_dashboards_var}: ${value}"
|
||||
longopts+=("${longopt}")
|
||||
echo $longoptfile | sed 's/--//' >> $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
|
||||
cat $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
|
||||
print() {
|
||||
echo -e $1
|
||||
}
|
||||
|
||||
error_and_exit() {
|
||||
echo "Error executing command: '$1'."
|
||||
echo 'Exiting.'
|
||||
exit 1
|
||||
}
|
||||
|
||||
exec_cmd() {
|
||||
eval $1 > /dev/null 2>&1 || error_and_exit "$1"
|
||||
}
|
||||
|
||||
exec_cmd_stdout() {
|
||||
eval $1 2>&1 || error_and_exit "$1"
|
||||
}
|
||||
|
||||
function runOpensearchDashboards {
|
||||
touch $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
|
||||
for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do
|
||||
env_var=$(echo ${opensearch_dashboards_var^^} | tr . _)
|
||||
value=${!env_var}
|
||||
if [[ -n $value ]]; then
|
||||
longoptfile="${opensearch_dashboards_var}: ${value}"
|
||||
if grep -q $opensearch_dashboards_var $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml; then
|
||||
sed -i "/${opensearch_dashboards_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
|
||||
else
|
||||
echo $longoptfile >> $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
umask 0002
|
||||
|
||||
/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml \
|
||||
--cpu.cgroup.path.override=/ \
|
||||
--cpuacct.cgroup.path.override=/
|
||||
}
|
||||
|
||||
mount_files() {
|
||||
@ -213,7 +211,29 @@ mount_files() {
|
||||
fi
|
||||
}
|
||||
|
||||
DASHBOARD_USERNAME="${DASHBOARD_USERNAME:-kibanaserver}"
|
||||
DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}"
|
||||
|
||||
# Create and configure Wazuh dashboard keystore
|
||||
|
||||
yes | $INSTALL_DIR/bin/opensearch-dashboards-keystore create --allow-root && \
|
||||
echo $DASHBOARD_USERNAME | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.username --stdin --allow-root && \
|
||||
echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.password --stdin --allow-root
|
||||
|
||||
##############################################################################
|
||||
# Start Wazuh dashboard
|
||||
##############################################################################
|
||||
|
||||
/wazuh_app_config.sh $WAZUH_UI_REVISION
|
||||
|
||||
mount_files
|
||||
|
||||
runOpensearchDashboards
|
||||
if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then
|
||||
set -- opensearch-dashboards "$@"
|
||||
fi
|
||||
|
||||
if [ "$1" = "opensearch-dashboards" ]; then
|
||||
runOpensearchDashboards "$@"
|
||||
else
|
||||
exec "$@"
|
||||
fi
|
||||
@ -67,7 +67,7 @@ services:
|
||||
- ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
|
||||
- ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
|
||||
- ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
|
||||
- ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
|
||||
- ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
|
||||
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
|
||||
|
||||
wazuh.dashboard:
|
||||
@ -88,19 +88,20 @@ services:
|
||||
- SERVER_PORT=5601
|
||||
- OPENSEARCH_HOSTS=https://wazuh.indexer:9200
|
||||
- OPENSEARCH_SSL_VERIFICATIONMODE=certificate
|
||||
- OPENSEARCH_REQUESTHEADERSWHITELIST=["securitytenant","Authorization"]
|
||||
- OPENSEARCH_REQUESTHEADERSALLOWLIST=["securitytenant","Authorization"]
|
||||
- OPENSEARCH_SECURITY_MULTITENANCY_ENABLED=false
|
||||
- SERVER_SSL_ENABLED=true
|
||||
- OPENSEARCH_SECURITY_READONLY_MODE_ROLES=["kibana_read_only"]
|
||||
- SERVER_SSL_KEY="/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
|
||||
- SERVER_SSL_CERTIFICATE="/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
|
||||
- SERVER_SSL_CERTIFICATEAUTHORITIES=["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
|
||||
- OPENSEARCH_SSL_CERTIFICATEAUTHORITIES=["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
|
||||
- UISETTINGS_OVERRIDES_DEFAULTROUTE=/app/wz-home
|
||||
volumes:
|
||||
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
|
||||
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
|
||||
- ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
|
||||
- ./config/wazuh_dashboard/opensearch_dashboards.yml:/wazuh-config-mount/config/opensearch_dashboards.yml
|
||||
# if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the
|
||||
# - ./config/wazuh_dashboard/opensearch_dashboards.yml:/wazuh-config-mount/config/opensearch_dashboards.yml
|
||||
- ./config/wazuh_dashboard/wazuh.yml:/wazuh-config-mount/data/wazuh/config/wazuh.yml
|
||||
- wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
|
||||
- wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user