diff --git a/.github/workflows/Test_installation_assistant.yml b/.github/workflows/Test_installation_assistant.yml index 6393629..23c9041 100644 --- a/.github/workflows/Test_installation_assistant.yml +++ b/.github/workflows/Test_installation_assistant.yml @@ -1,4 +1,4 @@ -run-name: Test installation assistant - System ${{ inputs.SYSTEM }} - Launched by @${{ github.actor }} +run-name: Test installation assistant - ${{ github.run_id }} - ${{ inputs.SYSTEMS }} - Launched by @${{ github.actor }} name: Test installation assistant on: @@ -21,29 +21,24 @@ on: - staging - pre-release AUTOMATION_REFERENCE: - description: 'wazuh-automation reference' + description: 'Branch or tag of the wazuh-automation repository' required: true - default: 'v4.10.0' - SYSTEM: - description: 'Operating System' + default: '4.10.0' + SYSTEMS: + description: 'Operating Systems (list of comma-separated quoted strings enclosed in square brackets)' required: true - default: 'CentOS 8' + default: '["CentOS_8", "AmazonLinux_2", "Ubuntu_22", "RHEL8"]' + type: string + VERBOSITY: + description: 'Verbosity level on playbooks execution' + required: true + default: '-v' type: choice options: - - CentOS 7 - - CentOS 8 - - Amazon Linux 2 - - Ubuntu 16 - - Ubuntu 18 - - Ubuntu 20 - - Ubuntu 22 - - RHEL7 - - RHEL8 - DEBUG: - description: 'Debug mode' - required: true - default: false - type: boolean + - -v + - -vv + - -vvv + - -vvvv DESTROY: description: 'Destroy instances after run' required: true @@ -51,12 +46,161 @@ on: type: boolean env: - LABEL: ubuntu-latest + COMPOSITE_NAME: "linux-SUBNAME-amd64" + SESSION_NAME: "Installation-Assistant-Test" + REGION: "us-east-1" + TMP_PATH: "/tmp/test" + LOGS_PATH: "${{ github.workspace }}/assistant_logs" + PKG_REPOSITORY: "${{ inputs.REPOSITORY }}" + TEST_NAME: "test_assistant" + REPOSITORY_URL: "${{ github.server_url }}/${{ github.repository }}.git" + ALLOCATOR_PATH: "/tmp/allocator_instance" + +permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout jobs: - initialize-environment: - runs-on: $LABEL + run-test: + runs-on: ubuntu-latest + strategy: + fail-fast: false # If a job fails, the rest of jobs will not be canceled + matrix: + system: ${{ fromJson(inputs.SYSTEMS) }} steps: - - name: Set up Git - uses: actions/checkout@v3 + - name: Checkout code + uses: actions/checkout@v4 + + - name: View parameters + run: echo "${{ toJson(inputs) }}" + + - name: Set COMPOSITE_NAME variable + run: | + case "${{ matrix.system }}" in + "CentOS_7") + SUBNAME="centos-7" + ;; + "CentOS_8") + SUBNAME="centos-8" + ;; + "AmazonLinux_2") + SUBNAME="amazon-2" + ;; + "Ubuntu_16") + SUBNAME="ubuntu-16.04" + ;; + "Ubuntu_18") + SUBNAME="ubuntu-18.04" + ;; + "Ubuntu_20") + SUBNAME="ubuntu-20.04" + ;; + "Ubuntu_22") + SUBNAME="ubuntu-22.04" + ;; + "RHEL7") + SUBNAME="redhat-7" + ;; + "RHEL8") + SUBNAME="redhat-8" + ;; + *) + echo "Invalid SYSTEM selection" >&2 + exit 1 + ;; + esac + COMPOSITE_NAME="${COMPOSITE_NAME/SUBNAME/$SUBNAME}" + echo "COMPOSITE_NAME=$COMPOSITE_NAME" >> $GITHUB_ENV + + - name: Install Ansible + run: sudo apt-get update && sudo apt install -y python3 && python3 -m pip install --user ansible-core==2.16 + + - name: Set up AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_IAM_ROLE }} + role-session-name: ${{ env.SESSION_NAME }} + aws-region: ${{ env.REGION }} + + - name: Checkout wazuh/wazuh-automation repository + uses: actions/checkout@v4 + with: + repository: wazuh/wazuh-automation + ref: ${{ inputs.AUTOMATION_REFERENCE }} + token: ${{ secrets.GH_CLONE_TOKEN }} + path: wazuh-automation + + - name: Install and set allocator requirements + run: pip3 install -r wazuh-automation/deployability/deps/requirements.txt + + - name: Allocate instance test and set SSH variables + id: allocator_instance + run: | + python3 wazuh-automation/deployability/modules/allocation/main.py --action create --provider aws --size large --composite-name ${{ env.COMPOSITE_NAME }} --working-dir $ALLOCATOR_PATH \ + --track-output $ALLOCATOR_PATH/track.yml --inventory-output $ALLOCATOR_PATH/inventory.yml --instance-name gha_${{ github.run_id }}_assistant_test \ + --label-team devops --label-termination-date 1d + + sed 's/: */=/g' $ALLOCATOR_PATH/inventory.yml > $ALLOCATOR_PATH/inventory_mod.yml + sed -i 's/-o StrictHostKeyChecking=no/\"-o StrictHostKeyChecking=no\"/g' $ALLOCATOR_PATH/inventory_mod.yml + source $ALLOCATOR_PATH/inventory_mod.yml + + echo "[gha_instance]" > $ALLOCATOR_PATH/inventory + echo "$ansible_host ansible_port=$ansible_port ansible_user=$ansible_user ansible_ssh_private_key_file=$ansible_ssh_private_key_file ansible_ssh_common_args='$ansible_ssh_common_args'" >> $ALLOCATOR_PATH/inventory + + - name: Execute provision playbook + run: | + INSTALL_DEPS=true + INSTALL_PYTHON=true + INSTALL_PIP_DEPS=true + + ansible-playbook .github/workflows/ansible-playbooks/provision.yml \ + -i $ALLOCATOR_PATH/inventory \ + -l all \ + -e "repository=$REPOSITORY_URL" \ + -e "reference=${{ github.ref_name }}" \ + -e "tmp_path=$TMP_PATH" \ + -e "pkg_repository=$PKG_REPOSITORY" \ + -e "install_deps=$INSTALL_DEPS" \ + -e "install_python=$INSTALL_PYTHON" \ + -e "install_pip_deps=$INSTALL_PIP_DEPS" \ + "${{ inputs.VERBOSITY }}" + + - name: Execute AIO installation playbook + run: | + ansible-playbook .github/workflows/ansible-playbooks/aio.yml \ + -i $ALLOCATOR_PATH/inventory \ + -l all \ + -e "tmp_path=$TMP_PATH" \ + -e "logs_path=$LOGS_PATH" \ + -e "test_name=$TEST_NAME" \ + "${{ inputs.VERBOSITY }}" + + - name: Execute Python test playbook + run: | + TEST_NAME="test_installation_assistant" + ansible-playbook .github/workflows/ansible-playbooks/aio_tests.yml \ + -i $ALLOCATOR_PATH/inventory \ + -l all \ + -e "tmp_path=$TMP_PATH" \ + -e "logs_path=$LOGS_PATH" \ + -e "test_name=$TEST_NAME" \ + "${{ inputs.VERBOSITY }}" + + - name: Compress Allocator VM directory + id: compress_allocator_files + if: always() && steps.allocator_instance.outcome == 'success' && inputs.DESTROY == false + run: | + zip -P "${{ secrets.ZIP_ARTIFACTS_PASSWORD }}" -r $ALLOCATOR_PATH.zip $ALLOCATOR_PATH + + - name: Upload Allocator VM directory as artifact + if: always() && steps.compress_allocator_files.outcome == 'success' && inputs.DESTROY == false + uses: actions/upload-artifact@v4 + with: + name: allocator-instance-${{ matrix.system }} + path: ${{ env.ALLOCATOR_PATH }}.zip + + - name: Delete allocated VM + if: always() && steps.allocator_instance.outcome == 'success' && inputs.DESTROY == true + run: python3 wazuh-automation/deployability/modules/allocation/main.py --action delete --track-output $ALLOCATOR_PATH/track.yml + diff --git a/.github/workflows/Test_installation_assistant_tier.yml b/.github/workflows/Test_installation_assistant_tier.yml deleted file mode 100644 index 32170b0..0000000 --- a/.github/workflows/Test_installation_assistant_tier.yml +++ /dev/null @@ -1,84 +0,0 @@ -run-name: (Tier) Test installation assistant - Launched by @${{ github.actor }} -name: (Tier) Test installation assistant - -on: - workflow_dispatch: - inputs: - REPOSITORY: - description: 'Repository environment' - required: true - default: 'pre-release' - type: choice - options: - - staging - - pre-release - AUTOMATION_REFERENCE: - description: 'wazuh-automation reference' - required: true - default: 'v4.10.0' - CentOS_7: - description: 'CentOS 7' - required: true - default: false - type: boolean - CentOS_8: - description: 'CentOS 8' - required: true - default: true - type: boolean - Amazon_Linux_2: - description: 'Amazon Linux 2' - required: true - default: false - type: boolean - Ubuntu_16: - description: 'Ubuntu 16' - required: true - default: false - type: boolean - Ubuntu_18: - description: 'Ubuntu 18' - required: true - default: false - type: boolean - Ubuntu_20: - description: 'Ubuntu 20' - required: true - default: false - type: boolean - Ubuntu_22: - description: 'Ubuntu 22' - required: true - default: false - type: boolean - RHEL_7: - description: 'RHEL 7' - required: true - default: false - type: boolean - RHEL_8: - description: 'RHEL 8' - required: true - default: false - type: boolean - DEBUG: - description: 'Debug mode' - required: true - default: false - type: boolean - DESTROY: - description: 'Destroy instances after run' - required: true - default: true - type: boolean - -env: - LABEL: ubuntu-latest - -jobs: - launch-tests: - runs-on: $LABEL - - steps: - - name: Set up Git - uses: actions/checkout@v3 diff --git a/.github/workflows/ansible-playbooks/aio.yml b/.github/workflows/ansible-playbooks/aio.yml new file mode 100644 index 0000000..1ab2b12 --- /dev/null +++ b/.github/workflows/ansible-playbooks/aio.yml @@ -0,0 +1,16 @@ + + - hosts: all + become: true + + vars: + script_path: "{{ tmp_path }}" + script_name: "wazuh-install.sh" + + tasks: + - name: Test assistant AIO install + command: "bash {{ script_name }} -a -v" + args: + chdir: "{{ script_path }}" + register: install_results + async: 500 + poll: 5 diff --git a/.github/workflows/ansible-playbooks/aio_tests.yml b/.github/workflows/ansible-playbooks/aio_tests.yml new file mode 100644 index 0000000..4ef8953 --- /dev/null +++ b/.github/workflows/ansible-playbooks/aio_tests.yml @@ -0,0 +1,14 @@ + + - hosts: all + become: true + + vars: + script_path: "{{ tmp_path }}/tests/install" + script_name: "{{ test_name }}.py" + + tasks: + - name: Test AIO install with Installation assistant + command: "python3 -m pytest --tb=long {{ script_name }} -v -m \"wazuh or wazuh_worker or indexer or dashboard\"" + args: + chdir: "{{ script_path }}" + register: test_results diff --git a/.github/workflows/ansible-playbooks/provision.yml b/.github/workflows/ansible-playbooks/provision.yml new file mode 100644 index 0000000..63ef0da --- /dev/null +++ b/.github/workflows/ansible-playbooks/provision.yml @@ -0,0 +1,178 @@ +--- +- hosts: all + become: true + gather_facts: no + vars: + script_path: "{{ tmp_path }}" + script_name: "wazuh-install.sh" + rpm_deps: + - git + - python3 + - python3-pip + - openssl + - tar + apt_deps: + - git + - software-properties-common + - gnupg2 + pip_deps: + - attrs==21.1.0 + - importlib-metadata==4.8.2 + - iniconfig==1.1.1 + - packaging==21.3 + - pluggy==1.0.0 + - py==1.11.0 + - pyparsing==3.0.6 + - toml==0.10.2 + - typing-extensions==4.0.0 + - pytest==6.2.5 + - pyyaml + - requests + - setuptools + - beautifulsoup4 + - urllib3==1.26.6 + + pre_tasks: + - name: Check if the system is CentOS 8 and install Python if necessary + raw: | + if [ -f /etc/centos-release ]; then + if grep -q -i -E "centos.*8" /etc/centos-release; then + if ! command -v python3 &> /dev/null; then + dnf install -y python3 + fi + fi + fi + + - name: Check if the system is Ubuntu 16 and install Python + raw: | + if [ -f /etc/lsb-release ]; then + if grep -q -i -E "ubuntu.*16" /etc/lsb-release; then + add-apt-repository -y ppa:jblgf0/python + apt-get update + apt-get install -y python3.6 python3-apt + update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.6 1 + cd /usr/lib/python3/dist-packages + sudo ln -s apt_inst.cpython-35m-x86_64-linux-gnu.so apt_inst.so + sudo ln -s apt_pkg.cpython-35m-x86_64-linux-gnu.so apt_pkg.so + fi + fi + + tasks: + - name: Gather facts + ansible.builtin.setup: + + - name: Make tmp folder directory + file: + path: "{{ tmp_path }}" + state: directory + + - name: Install main deps block + block: + + # --------------------------------------------------------------------- + + - name: Install required dependencies YUM + ansible.builtin.package: + name: "{{ rpm_deps }}" + state: present + when: ansible_os_family == 'RedHat' + + # --------------------------------------------------------------------- + + - name: Install required dependencies APT + ansible.builtin.package: + name: "{{ apt_deps }}" + state: present + update_cache: yes + when: ansible_os_family == 'Debian' + when: + - install_deps is defined + - install_deps | bool + + - name: Install Python and pip + block: + + # --------------------------------------------------------------------- + # Ubuntu -------------------------------------------------------------- + - name: Set up Python 3.9 on Ubuntu Jammy + block: + - name: Set up Python 3.9 repository + apt_repository: + repo: 'ppa:deadsnakes/ppa' + + - name: Install Python3.9 on Ubuntu Jammy + ansible.builtin.package: + name: + - python3.9 + - python3.9-distutils + state: present + update_cache: yes + + - name: Change Python link Ubuntu Jammy + command: ln -sf /usr/bin/python3.9 /usr/bin/python3 + when: + - ansible_os_family == 'Debian' + - ansible_distribution == "Ubuntu" + - ansible_distribution_release == "jammy" + + - name: Change Python link Ubuntu Xenial + command: ln -sf /usr/local/bin/python3.8 /usr/bin/python3 + when: + - ansible_pkg_mgr == "apt" + - ansible_distribution == "Ubuntu" + - ansible_distribution_release == "xenial" + + # --------------------------------------------------------------------- + # Pip installation ---------------------------------------------------- + + - stat: + path: /usr/bin/pip3 + register: stat_pip3 + when: + - ansible_os_family == 'Debian' + + - name: Install pip Ubuntu\Debian + shell: curl https://bootstrap.pypa.io/get-pip.py | python3 - + when: + - ansible_os_family == 'Debian' + - stat_pip3.stat.exists == False + - ansible_distribution_release not in ['bionic'] + + - name: Install pip Ubuntu Bionic/Xenial + ansible.builtin.package: + name: + - python3-pip + state: present + update_cache: yes + when: + - ansible_os_family == 'Debian' + - ansible_distribution == "Ubuntu" + - ansible_distribution_release in ['bionic'] + + when: + - install_python is defined + - install_python | bool + + # No version specified in pyyaml due to Xenial error. + - name: Install pytest + command: pip3 install {{ item }} + with_items: "{{ pip_deps }}" + when: + - install_pip_deps is defined + - install_pip_deps | bool + + - name: Clone installation assistant git repository + git: + repo: "{{ repository }}" + dest: "{{ tmp_path }}" + version: "{{ reference }}" + depth: 1 + force: true + + - name: Generate Installation assistant + command: "bash {{ tmp_path }}/builder.sh -i -d" + + - name: Change pre-release repository to selected one + command: "sed -i 's|pre-release|{{ pkg_repository }}|g' {{ script_name }}" + args: + chdir: "{{ script_path }}" diff --git a/CHANGELOG.md b/CHANGELOG.md index 29bbe89..9b2a39f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ All notable changes to this project will be documented in this file. ### Changed +- Installation assistant test and tier workflow migration ([#46](https://github.com/wazuh/wazuh-installation-assistant/pull/46/)) - Added post-install validations for the Wazuh manager and Filebeat. ([#3059](https://github.com/wazuh/wazuh-packages/pull/3059)) - Update SECURITY.md file. ([#59](https://github.com/wazuh/wazuh-installation-assistant/pull/59))