Add Azure wodle files to persistence excepction #1401
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Wazuh Docker pipeline | |
on: [pull_request] | |
jobs: | |
build-docker-images: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Install docker-compose | |
run: | | |
curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose | |
chmod +x /usr/local/bin/docker-compose | |
- name: Build Wazuh images | |
run: build-docker-images/build-images.sh | |
- name: Create enviroment variables | |
run: cat .env > $GITHUB_ENV | |
- name: Create backup Docker images | |
run: | | |
mkdir -p /home/runner/work/wazuh-docker/wazuh-docker/docker-images/ | |
docker save wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar | |
docker save wazuh/wazuh-indexer:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar | |
docker save wazuh/wazuh-dashboard:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar | |
- name: Temporarily save Wazuh manager Docker image | |
uses: actions/upload-artifact@v3 | |
with: | |
name: docker-artifact-manager | |
path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar | |
retention-days: 1 | |
- name: Temporarily save Wazuh indexer Docker image | |
uses: actions/upload-artifact@v3 | |
with: | |
name: docker-artifact-indexer | |
path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar | |
retention-days: 1 | |
- name: Temporarily save Wazuh dashboard Docker image | |
uses: actions/upload-artifact@v3 | |
with: | |
name: docker-artifact-dashboard | |
path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar | |
retention-days: 1 | |
- name: Install Goss | |
uses: e1himself/[email protected] | |
with: | |
version: v0.3.16 | |
- name: Execute Goss tests (wazuh-manager) | |
run: dgoss run wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}} | |
env: | |
GOSS_SLEEP: 30 | |
GOSS_FILE: .github/.goss.yaml | |
check-single-node: | |
runs-on: ubuntu-latest | |
needs: build-docker-images | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Install docker-compose | |
run: | | |
curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose | |
chmod +x /usr/local/bin/docker-compose | |
- name: Create enviroment variables | |
run: cat .env > $GITHUB_ENV | |
- name: Retrieve saved Wazuh indexer Docker image | |
uses: actions/download-artifact@v3 | |
with: | |
name: docker-artifact-indexer | |
- name: Retrieve saved Wazuh manager Docker image | |
uses: actions/download-artifact@v3 | |
with: | |
name: docker-artifact-manager | |
- name: Retrieve saved Wazuh dashboard Docker image | |
uses: actions/download-artifact@v3 | |
with: | |
name: docker-artifact-dashboard | |
- name: Docker load | |
run: | | |
docker load --input ./wazuh-indexer.tar | |
docker load --input ./wazuh-dashboard.tar | |
docker load --input ./wazuh-manager.tar | |
- name: Create single node certficates | |
run: docker-compose -f single-node/generate-indexer-certs.yml run --rm generator | |
- name: Start single node stack | |
run: docker-compose -f single-node/docker-compose.yml up -d | |
- name: Check Wazuh indexer start | |
run: | | |
sleep 60 | |
status_green="`curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`" | |
if [[ $status_green -eq 1 ]]; then | |
curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | |
else | |
curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | |
exit 1 | |
fi | |
status_index="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | wc -l`" | |
status_index_green="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | grep "green" | wc -l`" | |
if [[ $status_index_green -eq $status_index ]]; then | |
curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | |
else | |
curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | |
exit 1 | |
fi | |
- name: Check Wazuh indexer nodes | |
run: | | |
nodes="`curl -XGET "https://0.0.0.0:9200/_cat/nodes" -u admin:SecretPassword -k -s | grep -E "indexer" | wc -l`" | |
if [[ $nodes -eq 1 ]]; then | |
echo "Wazuh indexer nodes: ${nodes}" | |
else | |
echo "Wazuh indexer nodes: ${nodes}" | |
exit 1 | |
fi | |
- name: Check documents into wazuh-alerts index | |
run: | | |
sleep 120 | |
docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`" | |
if [[ $docs -gt 0 ]]; then | |
echo "wazuh-alerts index documents: ${docs}" | |
else | |
echo "wazuh-alerts index documents: ${docs}" | |
exit 1 | |
fi | |
- name: Check Wazuh templates | |
run: | | |
qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics" | wc -l`" | |
templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics"`" | |
if [[ $qty_templates -gt 3 ]]; then | |
echo "wazuh templates:" | |
echo "${templates}" | |
else | |
echo "wazuh templates:" | |
echo "${templates}" | |
exit 1 | |
fi | |
- name: Check Wazuh manager start | |
run: | | |
services="`curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | grep running | wc -l`" | |
if [[ $services -gt 9 ]]; then | |
echo "Wazuh Manager Services: ${services}" | |
echo "OK" | |
else | |
echo "Wazuh indexer nodes: ${nodes}" | |
curl -k -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | |
exit 1 | |
fi | |
env: | |
TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true") | |
- name: Check filebeat output | |
run: ./.github/single-node-filebeat-check.sh | |
- name: Check Wazuh dashboard service URL | |
run: | | |
status=$(curl -XGET --silent https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I -s | grep -E "^HTTP" | awk '{print $2}') | |
if [[ $status -eq 200 ]]; then | |
echo "Wazuh dashboard status: ${status}" | |
else | |
echo "Wazuh dashboard status: ${status}" | |
exit 1 | |
fi | |
- name: Check errors in ossec.log | |
run: ./.github/single-node-log-check.sh | |
check-multi-node: | |
runs-on: ubuntu-latest | |
needs: build-docker-images | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Install docker-compose | |
run: | | |
curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose | |
chmod +x /usr/local/bin/docker-compose | |
- name: Create enviroment variables | |
run: cat .env > $GITHUB_ENV | |
- name: free disk space | |
run: | | |
sudo swapoff -a | |
sudo rm -f /swapfile | |
sudo apt clean | |
docker rmi $(docker image ls -aq) | |
df -h | |
- name: Retrieve saved Wazuh dashboard Docker image | |
uses: actions/download-artifact@v3 | |
with: | |
name: docker-artifact-dashboard | |
- name: Retrieve saved Wazuh manager Docker image | |
uses: actions/download-artifact@v3 | |
with: | |
name: docker-artifact-manager | |
- name: Retrieve saved Wazuh indexer Docker image | |
uses: actions/download-artifact@v3 | |
with: | |
name: docker-artifact-indexer | |
- name: Docker load | |
run: | | |
docker load --input ./wazuh-manager.tar | |
docker load --input ./wazuh-indexer.tar | |
docker load --input ./wazuh-dashboard.tar | |
rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar | |
- name: Create multi node certficates | |
run: docker-compose -f multi-node/generate-indexer-certs.yml run --rm generator | |
- name: Start multi node stack | |
run: docker-compose -f multi-node/docker-compose.yml up -d | |
- name: Check Wazuh indexer start | |
run: | | |
until [[ `curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l` -eq 1 ]] | |
do | |
echo 'Waiting for Wazuh indexer start' | |
free -m | |
df -h | |
sleep 120 | |
done | |
status_green="`curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`" | |
if [[ $status_green -eq 1 ]]; then | |
curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | |
else | |
curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | |
exit 1 | |
fi | |
status_index="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | wc -l`" | |
status_index_green="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | grep -E "green" | wc -l`" | |
if [[ $status_index_green -eq $status_index ]]; then | |
curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | |
else | |
curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | |
exit 1 | |
fi | |
- name: Check Wazuh indexer nodes | |
run: | | |
nodes="`curl -XGET "https://0.0.0.0:9200/_cat/nodes" -u admin:SecretPassword -k -s | grep -E "indexer" | wc -l`" | |
if [[ $nodes -eq 3 ]]; then | |
echo "Wazuh indexer nodes: ${nodes}" | |
else | |
echo "Wazuh indexer nodes: ${nodes}" | |
exit 1 | |
fi | |
- name: Check documents into wazuh-alerts index | |
run: | | |
until [[ $(``curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"``) -gt 0 ]] | |
do | |
echo 'Waiting for Wazuh indexer events' | |
free -m | |
df -h | |
sleep 10 | |
done | |
docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`" | |
if [[ $docs -gt 0 ]]; then | |
echo "wazuh-alerts index documents: ${docs}" | |
else | |
echo "wazuh-alerts index documents: ${docs}" | |
exit 1 | |
fi | |
- name: Check Wazuh templates | |
run: | | |
qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh" | wc -l`" | |
templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh"`" | |
if [[ $qty_templates -gt 3 ]]; then | |
echo "wazuh templates:" | |
echo "${templates}" | |
else | |
echo "wazuh templates:" | |
echo "${templates}" | |
exit 1 | |
fi | |
- name: Check Wazuh manager start | |
run: | | |
services="`curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | grep running | wc -l`" | |
if [[ $services -gt 10 ]]; then | |
echo "Wazuh Manager Services: ${services}" | |
echo "OK" | |
else | |
echo "Wazuh indexer nodes: ${nodes}" | |
curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | |
exit 1 | |
fi | |
nodes=$(curl -k -s -X GET "https://0.0.0.0:55000/cluster/nodes" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r ".data.affected_items[].name" | wc -l) | |
if [[ $nodes -eq 2 ]]; then | |
echo "Wazuh manager nodes: ${nodes}" | |
else | |
echo "Wazuh manager nodes: ${nodes}" | |
exit 1 | |
fi | |
env: | |
TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true") | |
- name: Check filebeat output | |
run: ./.github/multi-node-filebeat-check.sh | |
- name: Check Wazuh dashboard service URL | |
run: | | |
status=$(curl -XGET --silent https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I | grep -E "^HTTP" | awk '{print $2}') | |
if [[ $status -eq 200 ]]; then | |
echo "Wazuh dashboard status: ${status}" | |
else | |
echo "Wazuh dashboard status: ${status}" | |
exit 1 | |
fi | |
- name: Check errors in ossec.log | |
run: ./.github/multi-node-log-check.sh |