From 441569f1bf984be2cad6840375911d97e5bca056 Mon Sep 17 00:00:00 2001
From: vcerenu <victor.erenu@wazuh.com>
Date: Wed, 17 Apr 2024 11:19:23 -0300
Subject: [PATCH] new builder for opensearch-dashboards.yml

---
 .../wazuh-dashboard/Dockerfile                |   4 +-
 .../wazuh-dashboard/config/entrypoint.sh      | 106 +++++++++++-------
 single-node/docker-compose.yml                |   9 +-
 3 files changed, 70 insertions(+), 49 deletions(-)

diff --git a/build-docker-images/wazuh-dashboard/Dockerfile b/build-docker-images/wazuh-dashboard/Dockerfile
index 4928c896..f61ec035 100644
--- a/build-docker-images/wazuh-dashboard/Dockerfile
+++ b/build-docker-images/wazuh-dashboard/Dockerfile
@@ -26,9 +26,9 @@ RUN chmod 775 /install_wazuh_app.sh
 RUN bash /install_wazuh_app.sh
 
 # Copy and set permissions to config files
-# RUN cp  $INSTALL_DIR/etc/opensearch_dashboards.yml $INSTALL_DIR/config/opensearch_dashboards.yml
+RUN cp  $INSTALL_DIR/etc/opensearch_dashboards.yml $INSTALL_DIR/config/opensearch_dashboards.yml
 COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/
-# RUN chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml
+RUN chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml
 
 # Create and set permissions to data directories
 RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
diff --git a/build-docker-images/wazuh-dashboard/config/entrypoint.sh b/build-docker-images/wazuh-dashboard/config/entrypoint.sh
index 098a6880..a8bdf91a 100644
--- a/build-docker-images/wazuh-dashboard/config/entrypoint.sh
+++ b/build-docker-images/wazuh-dashboard/config/entrypoint.sh
@@ -2,29 +2,9 @@
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 
 INSTALL_DIR=/usr/share/wazuh-dashboard
+export OPENSEARCH_DASHBOARDS_HOME=$INSTALL_DIR
 WAZUH_CONFIG_MOUNT=/wazuh-config-mount
 
-exec_cmd_stdout() {
-  eval $1 2>&1 || error_and_exit "$1"
-}
-
-DASHBOARD_USERNAME="${DASHBOARD_USERNAME:-kibanaserver}"
-DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}"
-
-# Create and configure Wazuh dashboard keystore
-
-yes | $INSTALL_DIR/bin/opensearch-dashboards-keystore create --allow-root && \
-echo $DASHBOARD_USERNAME | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.username --stdin --allow-root && \
-echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.password --stdin --allow-root
-
-##############################################################################
-# Start Wazuh dashboard
-##############################################################################
-
-/wazuh_app_config.sh $WAZUH_UI_REVISION
-
-export OPENSEARCH_DASHBOARDS_HOME=/usr/share/wazuh-dashboard
-
 opensearch_dashboards_vars=(
     console.enabled
     console.proxyConfig
@@ -67,7 +47,6 @@ opensearch_dashboards_vars=(
     opensearch.sniffOnStart
     opensearch.ssl.alwaysPresentCertificate
     opensearch.ssl.certificate
-    opensearch.ssl.certificateAuthorities
     opensearch.ssl.key
     opensearch.ssl.keyPassphrase
     opensearch.ssl.keystore.path
@@ -138,6 +117,7 @@ opensearch_dashboards_vars=(
     server.ssl.certificateAuthorities
     server.ssl.cipherSuites
     server.ssl.clientAuthentication
+    opensearch.ssl.certificateAuthorities
     server.ssl.redirectHttpFromPort
     server.ssl.supportedProtocols
     server.xsrf.disableProtection
@@ -180,27 +160,45 @@ opensearch_dashboards_vars=(
     observability.query_assist.enabled
     uiSettings.overrides.defaultRoute
 )
-function runOpensearchDashboards {
-    longopts=()
-    if [ ! -f $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml ]; then
-        touch $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
-        for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do
-            # 'opensearch.hosts' -> 'OPENSEARCH_URL'
-            env_var=$(echo ${opensearch_dashboards_var^^} | tr . _)
-            # Indirectly lookup env var values via the name of the var.
-            # REF: http://tldp.org/LDP/abs/html/bashver2.html#EX78
-            value=${!env_var}
-            if [[ -n $value ]]; then
-                longopt="--${opensearch_dashboards_var}=${value}"
-                longoptfile="--${opensearch_dashboards_var}: ${value}"
-                longopts+=("${longopt}")
-                echo $longoptfile | sed 's/--//' >> $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
-                cat $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
-            fi
-        done
-    fi
 
-    /usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+print() {
+  echo -e $1
+}
+
+error_and_exit() {
+  echo "Error executing command: '$1'."
+  echo 'Exiting.'
+  exit 1
+}
+
+exec_cmd() {
+  eval $1 > /dev/null 2>&1 || error_and_exit "$1"
+}
+
+exec_cmd_stdout() {
+  eval $1 2>&1 || error_and_exit "$1"
+}
+
+function runOpensearchDashboards {
+    touch $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
+      for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do
+        env_var=$(echo ${opensearch_dashboards_var^^} | tr . _)
+        value=${!env_var}
+        if [[ -n $value ]]; then
+          longoptfile="${opensearch_dashboards_var}: ${value}"
+          if grep -q $opensearch_dashboards_var $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml; then
+            sed -i "/${opensearch_dashboards_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
+          else
+            echo $longoptfile >> $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
+          fi
+        fi
+      done
+
+    umask 0002
+
+    /usr/share/wazuh-dashboard/bin/opensearch-dashboards -c $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml \
+        --cpu.cgroup.path.override=/ \
+        --cpuacct.cgroup.path.override=/
 }
 
 mount_files() {
@@ -213,7 +211,29 @@ mount_files() {
   fi
 }
 
+DASHBOARD_USERNAME="${DASHBOARD_USERNAME:-kibanaserver}"
+DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}"
+
+# Create and configure Wazuh dashboard keystore
+
+yes | $INSTALL_DIR/bin/opensearch-dashboards-keystore create --allow-root && \
+echo $DASHBOARD_USERNAME | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.username --stdin --allow-root && \
+echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.password --stdin --allow-root
+
+##############################################################################
+# Start Wazuh dashboard
+##############################################################################
+
+/wazuh_app_config.sh $WAZUH_UI_REVISION
+
 mount_files
 
-runOpensearchDashboards
+if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then
+    set -- opensearch-dashboards "$@"
+fi
 
+if [ "$1" = "opensearch-dashboards" ]; then
+    runOpensearchDashboards "$@"
+else
+    exec "$@"
+fi
\ No newline at end of file
diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml
index 7ed57326..6eaaf11c 100644
--- a/single-node/docker-compose.yml
+++ b/single-node/docker-compose.yml
@@ -67,7 +67,7 @@ services:
       - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
       - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
       - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
-      - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+       - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh.dashboard:
@@ -88,19 +88,20 @@ services:
       - SERVER_PORT=5601
       - OPENSEARCH_HOSTS=https://wazuh.indexer:9200
       - OPENSEARCH_SSL_VERIFICATIONMODE=certificate
-      - OPENSEARCH_REQUESTHEADERSWHITELIST=["securitytenant","Authorization"]
+      - OPENSEARCH_REQUESTHEADERSALLOWLIST=["securitytenant","Authorization"]
       - OPENSEARCH_SECURITY_MULTITENANCY_ENABLED=false
       - SERVER_SSL_ENABLED=true
       - OPENSEARCH_SECURITY_READONLY_MODE_ROLES=["kibana_read_only"]
       - SERVER_SSL_KEY="/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
       - SERVER_SSL_CERTIFICATE="/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
-      - SERVER_SSL_CERTIFICATEAUTHORITIES=["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
+      - OPENSEARCH_SSL_CERTIFICATEAUTHORITIES=["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
       - UISETTINGS_OVERRIDES_DEFAULTROUTE=/app/wz-home
     volumes:
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
-      - ./config/wazuh_dashboard/opensearch_dashboards.yml:/wazuh-config-mount/config/opensearch_dashboards.yml
+     #  if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the
+     # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/wazuh-config-mount/config/opensearch_dashboards.yml
       - ./config/wazuh_dashboard/wazuh.yml:/wazuh-config-mount/data/wazuh/config/wazuh.yml
       - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
       - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom