Puppet Class: wazuh::filebeat_oss
- Defined in:
- manifests/filebeat_oss.pp
Overview
Copyright © 2015, Wazuh Inc. Setup for Filebeat_oss
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 |
# File 'manifests/filebeat_oss.pp', line 3
class wazuh::filebeat_oss (
$filebeat_oss_indexer_ip = '127.0.0.1',
$filebeat_oss_indexer_port = '9200',
$indexer_server_ip = "\"${filebeat_oss_indexer_ip}:${filebeat_oss_indexer_port}\"",
$filebeat_oss_archives = false,
$filebeat_oss_package = 'filebeat',
$filebeat_oss_service = 'filebeat',
$filebeat_oss_elastic_user = 'admin',
$filebeat_oss_elastic_password = 'admin',
$filebeat_oss_version = '7.10.2',
$wazuh_app_version = '4.8.0_7.10.2',
$wazuh_extensions_version = 'v4.8.0',
$wazuh_filebeat_module = 'wazuh-filebeat-0.4.tar.gz',
$wazuh_node_name = 'master',
$filebeat_fileuser = 'root',
$filebeat_filegroup = 'root',
$filebeat_path_certs = '/etc/filebeat/certs',
) {
package { 'filebeat':
ensure => $filebeat_oss_version,
name => $filebeat_oss_package,
}
file { '/etc/filebeat/filebeat.yml':
owner => 'root',
group => 'root',
mode => '0640',
notify => Service['filebeat'], ## Restarts the service
content => template('wazuh/filebeat_oss_yml.erb'),
require => Package['filebeat'],
}
# work around:
# Use cmp to compare the content of local and remote file. When they differ than rm the file to get it recreated by the file resource.
# Needed since GitHub can only ETAG and result in changes of the mtime everytime.
# TODO: Include file into the wazuh/wazuh-puppet project or use file { checksum => '..' } for this instead of the exec construct.
exec { 'cleanup /etc/filebeat/wazuh-template.json':
path => ['/usr/bin', '/bin', '/usr/sbin', '/sbin'],
command => 'rm -f /etc/filebeat/wazuh-template.json',
onlyif => 'test -f /etc/filebeat/wazuh-template.json',
unless => "curl -s 'https://raw.githubusercontent.com/wazuh/wazuh/${wazuh_extensions_version}/extensions/elasticsearch/7.x/wazuh-template.json' | cmp -s '/etc/filebeat/wazuh-template.json'",
}
-> file { '/etc/filebeat/wazuh-template.json':
owner => 'root',
group => 'root',
mode => '0440',
replace => false, # only copy content when file not exist
source => "https://raw.githubusercontent.com/wazuh/wazuh/${wazuh_extensions_version}/extensions/elasticsearch/7.x/wazuh-template.json",
notify => Service['filebeat'],
require => Package['filebeat'],
}
archive { "/tmp/${$wazuh_filebeat_module}":
ensure => present,
source => "https://packages.wazuh.com/4.x/filebeat/${$wazuh_filebeat_module}",
extract => true,
extract_path => '/usr/share/filebeat/module',
creates => '/usr/share/filebeat/module/wazuh',
cleanup => true,
notify => Service['filebeat'],
require => Package['filebeat'],
}
file { '/usr/share/filebeat/module/wazuh':
ensure => 'directory',
mode => '0755',
require => Package['filebeat'],
}
exec { "ensure full path of ${filebeat_path_certs}":
path => '/usr/bin:/bin',
command => "mkdir -p ${filebeat_path_certs}",
creates => $filebeat_path_certs,
require => Package['filebeat'],
}
-> file { $filebeat_path_certs:
ensure => directory,
owner => $filebeat_fileuser,
group => $filebeat_filegroup,
mode => '0500',
}
$_certfiles = {
"manager-${wazuh_node_name}.pem" => 'filebeat.pem',
"manager-${wazuh_node_name}-key.pem" => 'filebeat-key.pem',
'root-ca.pem' => 'root-ca.pem',
}
$_certfiles.each |String $certfile_source, String $certfile_target| {
file { "${filebeat_path_certs}/${certfile_target}":
ensure => file,
owner => $filebeat_fileuser,
group => $filebeat_filegroup,
mode => '0400',
replace => true,
recurse => remote,
source => "puppet:///modules/archive/${certfile_source}",
}
}
service { 'filebeat':
ensure => running,
enable => true,
name => $filebeat_oss_service,
require => Package['filebeat'],
}
}
|