Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding Debian packaging config files from Opensearch #118

Merged
merged 7 commits into from
Jan 19, 2024
22 changes: 22 additions & 0 deletions distribution/packages/src/deb/debian/control
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# Copyright OpenSearch Contributors
# SPDX-License-Identifier: Apache-2.0
#
# The OpenSearch Contributors require contributions made to
# this file be licensed under the Apache-2.0 license or a
# compatible open source license.

Source: wazuh-indexer
Section: web
Priority: optional
Maintainer: Wazuh Indexer Team <[email protected]>
Build-Depends: debhelper-compat (= 12)
Standards-Version: 4.5.0
Homepage: https://www.wazuh.com/

Package: wazuh-indexer
Architecture: any
Description: Wazuh indexer is a near real-time full-text search and analytics engine that gathers security-related data into one platform.
This Wazuh central component indexes and stores alerts generated by the Wazuh server.
Wazuh indexer can be configured as a single-node or multi-node cluster, providing scalability and high availability.
Documentation can be found at https://documentation.wazuh.com/current/getting-started/components/wazuh-indexer.html

38 changes: 38 additions & 0 deletions distribution/packages/src/deb/debian/copyright
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: wazuh-indexer
Upstream-Contact: [email protected]
Source: https://www.wazuh.com
Files: *
Copyright: OpenSearch Contributors
License: Apache-2.0
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
http://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian systems, the complete text of the Apache License, Version 2
can be found in "/usr/share/common-licenses/Apache-2.0".

Files: debian/*
License: Apache-2.0
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
http://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian systems, the complete text of the Apache License, Version 2
can be found in "/usr/share/common-licenses/Apache-2.0".
78 changes: 78 additions & 0 deletions distribution/packages/src/deb/debian/postinst
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
#!/bin/bash

# Copyright Wazuh Indexer Contributors
# SPDX-License-Identifier: Apache-2.0
#
# The Wazuh Indexer Contributors require contributions made to
# this file be licensed under the Apache-2.0 license or a
# compatible open source license.

# deb wazuh-indexer postinst script

set -e

echo "Running Wazuh Indexer Post-Installation Script"

product_dir=/usr/share/wazuh-indexer
config_dir=/etc/wazuh-indexer
data_dir=/var/lib/wazuh-indexer
log_dir=/var/log/wazuh-indexer
pid_dir=/var/run/wazuh-indexer

# Apply Security Settings
if [ -d ${product_dir}/plugins/opensearch-security ]; then
bash ${product_dir}/plugins/opensearch-security/tools/install_demo_configuration.sh -y -i -s > ${log_dir}/install_demo_configuration.log 2>&1
AlexRuiz7 marked this conversation as resolved.
Show resolved Hide resolved
fi

# Apply PerformanceAnalyzer Settings
chmod a+rw /tmp
if ! grep -q '## Wazuh Indexer Performance Analyzer' ${config_dir}/jvm.options; then
# Add Performance Analyzer settings in ${config_dir}/jvm.options
CLK_TCK=`/usr/bin/getconf CLK_TCK`
echo >> ${config_dir}/jvm.options
echo '## Wazuh Indexer Performance Analyzer' >> ${config_dir}/jvm.options
echo "-Dclk.tck=$CLK_TCK" >> ${config_dir}/jvm.options
echo "-Djdk.attach.allowAttachSelf=true" >> ${config_dir}/jvm.options
echo "-Djava.security.policy=file://${config_dir}/opensearch-performance-analyzer/opensearch_security.policy" >> ${config_dir}/jvm.options
echo "--add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED" >> ${config_dir}/jvm.options
fi
AlexRuiz7 marked this conversation as resolved.
Show resolved Hide resolved

# Set owner
chown -R wazuh-indexer.wazuh-indexer ${product_dir}
chown -R wazuh-indexer.wazuh-indexer ${config_dir}
chown -R wazuh-indexer.wazuh-indexer ${log_dir}
chown -R wazuh-indexer.wazuh-indexer ${data_dir}
chown -R wazuh-indexer.wazuh-indexer ${pid_dir}

# Reload systemctl daemon
if command -v systemctl > /dev/null; then
systemctl daemon-reload
fi

# Reload other configs
if command -v systemctl > /dev/null; then
systemctl restart systemd-sysctl.service || true
fi

if command -v systemd-tmpfiles > /dev/null; then
systemd-tmpfiles --create wazuh-indexer.conf
fi

# Messages
echo "### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd"
echo " sudo systemctl daemon-reload"
echo " sudo systemctl enable wazuh-indexer.service"
echo "### You can start wazuh-indexer service by executing"
echo " sudo systemctl start wazuh-indexer.service"

if [ -d ${product_dir}/plugins/opensearch-security ]; then
echo "### Create wazuh-indexer demo certificates in ${config_dir}/"
echo " See demo certs creation log in ${log_dir}/install_demo_configuration.log"
AlexRuiz7 marked this conversation as resolved.
Show resolved Hide resolved
fi
echo "### Upcoming breaking change in packaging"
echo " In a future release of Wazuh Indexer, we plan to change the permissions associated with access to installed files"
echo " If you are configuring tools that require read access to the Wazuh Indexer configuration files, we recommend you add the user that runs these tools to the 'wazuh-indexer' group"
echo " For more information, see https://github.com/opensearch-project/opensearch-build/pull/4043"
exit 0


31 changes: 31 additions & 0 deletions distribution/packages/src/deb/debian/preinst
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
#!/bin/bash

# Copyright OpenSearch Contributors
# SPDX-License-Identifier: Apache-2.0
#
# The OpenSearch Contributors require contributions made to
# this file be licensed under the Apache-2.0 license or a
# compatible open source license.

# deb wazuh-indexer preinst script

set -e

echo "Running Wazuh Indexer Pre-Installation Script"

# Stop existing service
if command -v systemctl >/dev/null && systemctl is-active wazuh-indexer.service >/dev/null; then
echo "Stop existing wazuh-indexer.service"
systemctl --no-reload stop wazuh-indexer.service
fi
if command -v systemctl >/dev/null && systemctl is-active wazuh-indexer-performance-analyzer.service >/dev/null; then
echo "Stop existing wazuh-indexer-performance-analyzer.service"
systemctl --no-reload stop wazuh-indexer-performance-analyzer.service
fi

# Create user and group if they do not already exist.
getent group wazuh-indexer > /dev/null 2>&1 || groupadd -r wazuh-indexer
getent passwd wazuh-indexer > /dev/null 2>&1 || \
useradd -r -g wazuh-indexer -M -s /sbin/nologin \
-c "wazuh-indexer user/group" wazuh-indexer
exit 0
26 changes: 26 additions & 0 deletions distribution/packages/src/deb/debian/prerm
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
#!/bin/bash

# Copyright OpenSearch Contributors
# SPDX-License-Identifier: Apache-2.0
#
# The OpenSearch Contributors require contributions made to
# this file be licensed under the Apache-2.0 license or a
# compatible open source license.

# deb wazuh-indexer prerm script

set -e

echo "Running Wazuh Indexer Pre-Removal Script"

# Stop existing service
if command -v systemctl >/dev/null && systemctl is-active wazuh-indexer.service >/dev/null; then
echo "Stop existing wazuh-indexer.service"
systemctl --no-reload stop wazuh-indexer.service
fi
if command -v systemctl >/dev/null && systemctl is-active wazuh-indexer-performance-analyzer.service >/dev/null; then
echo "Stop existing wazuh-indexer-performance-analyzer.service"
systemctl --no-reload stop wazuh-indexer-performance-analyzer.service
fi

exit 0
29 changes: 29 additions & 0 deletions distribution/packages/src/deb/debian/rules
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
#!/usr/bin/make -f

# Copyright OpenSearch Contributors
# SPDX-License-Identifier: Apache-2.0
#
# The OpenSearch Contributors require contributions made to
# this file be licensed under the Apache-2.0 license or a
# compatible open source license.

# You must remove unused comment lines for the released package.
#export DH_VERBOSE = 1
#export DEB_BUILD_MAINT_OPTIONS = hardening=+all
#export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic
#export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed

%:
dh $@

override_dh_builddeb:
dh_builddeb -- -Zgzip

override_dh_gencontrol:
dh_gencontrol -- -DLicense=Apache-2.0

#override_dh_auto_install:
# dh_auto_install -- prefix=/usr

#override_dh_install:
# dh_install --list-missing -X.pyc -X.pyo