Merge 4.10.0 into 4.10.1

.github/workflows/Test_installation_assistant.yml

@@ -1,5 +1,5 @@
 run-name: Test installation assistant - ${{ github.run_id }} - ${{ inputs.SYSTEMS }} - Launched by @${{ github.actor }}
-name: Test installation assistant 
+name: Test installation assistant
 
 on:
   pull_request:
@@ -20,10 +20,14 @@ on:
         options:
           - staging
           - pre-release
+      WAZUH_INSTALLATION_ASSISTANT_REFERENCE:
+        description: 'Branch or tag of the wazuh-installation-assistant repository'
+        required: true
+        default: '4.10.1'
       AUTOMATION_REFERENCE:
         description: 'Branch or tag of the wazuh-automation repository'
         required: true
-        default: '4.10.0'
+        default: '4.10.1'
       SYSTEMS:
         description: 'Operating Systems (list of comma-separated quoted strings enclosed in square brackets)'
         required: true
@@ -62,7 +66,7 @@ permissions:
 
 jobs:
   run-test:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     strategy:
       fail-fast: false    # If a job fails, the rest of jobs will not be canceled
       matrix:
@@ -71,10 +75,12 @@ jobs:
     steps:
     - name: Checkout code
       uses: actions/checkout@v4
+      with:
+        ref: ${{ inputs.WAZUH_INSTALLATION_ASSISTANT_REFERENCE }}
 
     - name: View parameters
       run: echo "${{ toJson(inputs) }}"
-    
+
     - name: Set COMPOSITE_NAME variable
       run: |
         case "${{ matrix.system }}" in
@@ -115,7 +121,7 @@ jobs:
 
     - name: Install Ansible
       run: sudo apt-get update && sudo apt install -y python3 && python3 -m pip install --user ansible-core==2.16
-      
+
     - name: Set up AWS credentials
       uses: aws-actions/configure-aws-credentials@v4
       with:
@@ -144,7 +150,7 @@ jobs:
         sed 's/: */=/g' $ALLOCATOR_PATH/inventory.yml > $ALLOCATOR_PATH/inventory_mod.yml
         sed -i 's/-o StrictHostKeyChecking=no/\"-o StrictHostKeyChecking=no\"/g' $ALLOCATOR_PATH/inventory_mod.yml
         source $ALLOCATOR_PATH/inventory_mod.yml
-        
+
         echo "[gha_instance]" > $ALLOCATOR_PATH/inventory
         echo "$ansible_host ansible_port=$ansible_port ansible_user=$ansible_user ansible_ssh_private_key_file=$ansible_ssh_private_key_file ansible_ssh_common_args='$ansible_ssh_common_args'" >> $ALLOCATOR_PATH/inventory
 
@@ -186,13 +192,13 @@ jobs:
         -e "logs_path=$LOGS_PATH" \
         -e "test_name=$TEST_NAME" \
         "${{ inputs.VERBOSITY }}"
-    
+
     - name: Compress Allocator VM directory
       id: compress_allocator_files
       if: always() && steps.allocator_instance.outcome == 'success' && inputs.DESTROY == false
       run: |
         zip -P "${{ secrets.ZIP_ARTIFACTS_PASSWORD }}" -r $ALLOCATOR_PATH.zip $ALLOCATOR_PATH
-      
+
     - name: Upload Allocator VM directory as artifact
       if: always() && steps.compress_allocator_files.outcome == 'success' && inputs.DESTROY == false
       uses: actions/upload-artifact@v4
@@ -203,4 +209,4 @@ jobs:
     - name: Delete allocated VM
       if: always() && steps.allocator_instance.outcome == 'success' && inputs.DESTROY == true
       run: python3 wazuh-automation/deployability/modules/allocation/main.py --action delete --track-output $ALLOCATOR_PATH/track.yml
-      
+

.github/workflows/Test_installation_assistant_distributed.yml

@@ -1,5 +1,5 @@
 run-name: (Distributed) Test installation assistant - ${{ github.run_id }} - ${{ inputs.SYSTEMS }} - Launched by @${{ github.actor }}
-name: (Distributed) Test installation assistant 
+name: (Distributed) Test installation assistant
 
 on:
   pull_request:
@@ -20,10 +20,14 @@ on:
         options:
           - staging
           - pre-release
+      WAZUH_INSTALLATION_ASSISTANT_REFERENCE:
+        description: 'Branch or tag of the wazuh-installation-assistant repository'
+        required: true
+        default: '4.10.1'
       AUTOMATION_REFERENCE:
         description: 'Branch or tag of the wazuh-automation repository'
         required: true
-        default: '4.10.0'
+        default: '4.10.1'
       SYSTEMS:
         description: 'Operating Systems (list of comma-separated quoted strings enclosed in square brackets)'
         required: true
@@ -64,7 +68,7 @@ permissions:
 
 jobs:
   run-test:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     strategy:
       fail-fast: false    # If a job fails, the rest of jobs will not be canceled
       matrix:
@@ -73,10 +77,12 @@ jobs:
     steps:
     - name: Checkout code
       uses: actions/checkout@v4
+      with:
+        ref: ${{ inputs.WAZUH_INSTALLATION_ASSISTANT_REFERENCE }}
 
     - name: View parameters
       run: echo "${{ toJson(inputs) }}"
-    
+
     - name: Set COMPOSITE_NAME variable
       run: |
         case "${{ matrix.system }}" in
@@ -117,7 +123,7 @@ jobs:
 
     - name: Install Ansible
       run: sudo apt-get update && sudo apt install -y python3 && python3 -m pip install --user ansible-core==2.16 && pip install pyyaml && ansible-galaxy collection install community.general
-    
+
     - name: Set up AWS credentials
       uses: aws-actions/configure-aws-credentials@v4
       with:
@@ -152,7 +158,7 @@ jobs:
         echo "[managers]" > $inventory_managers
         echo "[dashboards]" > $inventory_dashboards
         echo "[all:vars]" > $inventory_common
-    
+
         for i in ${!instance_names[@]}; do
           instance_name=${instance_names[$i]}
           # Provision instance in parallel
@@ -178,7 +184,7 @@ jobs:
             if [[ $i -eq 0 ]]; then
               echo "indexer1 ansible_host=$ansible_host private_ip=$private_ip ansible_ssh_private_key_file=$ansible_ssh_private_key_file" >> $inventory_indexers
               echo "master ansible_host=$ansible_host private_ip=$private_ip ansible_ssh_private_key_file=$ansible_ssh_private_key_file manager_type=master instance_type=indexer_manager" >> $inventory_managers
-              
+
               echo "ansible_user=$ansible_user" >> $inventory_common
               echo "ansible_port=$ansible_port" >> $inventory_common
               echo "ansible_ssh_common_args='$ansible_ssh_common_args'" >> $inventory_common
@@ -201,7 +207,7 @@ jobs:
         cat $inventory_managers >> $inventory_file
         cat $inventory_dashboards >> $inventory_file
         cat $inventory_common >> $inventory_file
-    
+
     - name: Execute provision playbook
       run: |
         INSTALL_DEPS=true
@@ -218,14 +224,14 @@ jobs:
         -e "install_python=$INSTALL_PYTHON" \
         -e "install_pip_deps=$INSTALL_PIP_DEPS" \
         "${{ inputs.VERBOSITY }}"
-    
+
     - name: Execute certificates generation playbook
       run: |
         ANSIBLE_STDOUT_CALLBACK=$ANSIBLE_CALLBACK ansible-playbook .github/workflows/ansible-playbooks/distributed_generate_certificates.yml \
         -i $ALLOCATOR_PATH/inventory \
         -e "resources_path=$RESOURCES_PATH" \
         "${{ inputs.VERBOSITY }}"
-    
+
     - name: Copy certificates to nodes
       run: |
         ANSIBLE_STDOUT_CALLBACK=$ANSIBLE_CALLBACK ansible-playbook .github/workflows/ansible-playbooks/distributed_copy_certificates.yml \
@@ -243,7 +249,7 @@ jobs:
         -e "tmp_path=$TMP_PATH" \
         -e "pkg_repository=$PKG_REPOSITORY" \
         "${{ inputs.VERBOSITY }}"
-    
+
     - name: Execute indexer cluster start playbook
       run: |
         INDEXER_ADMIN_PASSWORD="admin"
@@ -253,7 +259,7 @@ jobs:
         -e "tmp_path=$TMP_PATH" \
         -e "pkg_repository=$PKG_REPOSITORY" \
         "${{ inputs.VERBOSITY }}"
-    
+
     - name: Execute server installation playbook
       run: |
         ANSIBLE_STDOUT_CALLBACK=$ANSIBLE_CALLBACK ansible-playbook .github/workflows/ansible-playbooks/distributed_install_wazuh.yml \
@@ -262,7 +268,7 @@ jobs:
         -e "tmp_path=$TMP_PATH" \
         -e "pkg_repository=$PKG_REPOSITORY" \
         "${{ inputs.VERBOSITY }}"
-      
+
     - name: Execute dashboard installation playbook
       run: |
         ANSIBLE_STDOUT_CALLBACK=$ANSIBLE_CALLBACK ansible-playbook .github/workflows/ansible-playbooks/distributed_install_dashboard.yml \
@@ -271,7 +277,7 @@ jobs:
         -e "tmp_path=$TMP_PATH" \
         -e "pkg_repository=$PKG_REPOSITORY" \
         "${{ inputs.VERBOSITY }}"
-    
+
     - name: Execute Python test playbook
       run: |
         ANSIBLE_STDOUT_CALLBACK=$ANSIBLE_CALLBACK ansible-playbook .github/workflows/ansible-playbooks/distributed_tests.yml \
@@ -280,13 +286,13 @@ jobs:
         -e "tmp_path=$TMP_PATH" \
         -e "test_name=$TEST_NAME" \
         "${{ inputs.VERBOSITY }}"
-    
+
     - name: Compress Allocator VM directory
       id: compress_allocator_files
       if: always() && steps.allocator_instance.outcome == 'success' && inputs.DESTROY == false
       run: |
         zip -P "${{ secrets.ZIP_ARTIFACTS_PASSWORD }}" -r $ALLOCATOR_PATH.zip $ALLOCATOR_PATH
-      
+
     - name: Upload Allocator VM directory as artifact
       if: always() && steps.compress_allocator_files.outcome == 'success' && inputs.DESTROY == false
       uses: actions/upload-artifact@v4
@@ -298,13 +304,13 @@ jobs:
       if: always() && steps.allocator_instance.outcome == 'success' && inputs.DESTROY == true
       run: |
         instance_names=($INSTANCE_NAMES)
-    
+
         for i in ${!instance_names[@]}; do
           instance_name=${instance_names[$i]}
           track_file="$ALLOCATOR_PATH/track_${instance_name}.yml"
-    
+
           echo "Deleting instance: $instance_name using track file $track_file"
-    
+
           (
             # Delete instance
             python3 wazuh-automation/deployability/modules/allocation/main.py \

.github/workflows/builder_installation_assistant.yml

@@ -0,0 +1,136 @@
+run-name: Build Installation Assistant ${{ inputs.id }} - Branch ${{ github.ref_name }} - Launched by @${{ github.actor }}
+name: Build Installation Assistant
+
+on:
+  workflow_dispatch:
+    inputs:
+      wazuh_installation_assistant_reference:
+        description: "Branch or tag of the wazuh-installation-assistant repository."
+        required: true
+        default: 4.10.1
+      is_stage:
+        description: "Is stage?"
+        type: boolean
+        default: false
+      checksum:
+        description: "Add checksum"
+        type: boolean
+        default: false
+      id:
+        description: "ID used to identify the workflow uniquely."
+        type: string
+        required: false
+  workflow_call:
+    inputs:
+      wazuh_installation_assistant_reference:
+        description: "Branch or tag of the wazuh-installation-assistant repository."
+        type: string
+        required: true
+        default: 4.10.1
+      is_stage:
+        description: "Is stage?"
+        type: boolean
+        default: false
+      checksum:
+        description: "Add checksum"
+        type: boolean
+        default: false
+      id:
+        type: string
+        required: false
+
+env:
+  S3_BUCKET: ${{ vars.AWS_S3_BUCKET }}
+  S3_REPOSITORY_PATH: "development/wazuh/4.x/secondary/installation-assistant"
+  BUILDER_PATH: "builder.sh"
+  WAZUH_INSTALL_NAME: "wazuh-install"
+  WAZUH_CERT_TOOL_NAME: "wazuh-certs-tool"
+  WAZUH_PASSWORD_TOOL_NAME: "wazuh-passwords-tool"
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  Build_Installation_Assistant:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: View parameters
+        run: echo "${{ toJson(inputs) }}"
+
+      - name: Checkout wazuh-installation-assistant repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.wazuh_installation_assistant_reference }}
+
+      - name: Configure aws credentials
+        uses: aws-actions/configure-aws-credentials@v3
+        with:
+          role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
+          aws-region: us-east-1
+
+      - name: Get short sha and wazuh version
+        run: |
+          COMMIT_SHORT_SHA=$(git rev-parse --short ${{ github.sha }})
+          WAZUH_VERSION=$(grep -oP '(?<=readonly wazuh_version=").*(?=")' ${{github.workspace}}/install_functions/installVariables.sh)
+          echo "WAZUH_VERSION=$WAZUH_VERSION" >> $GITHUB_ENV
+          echo "COMMIT_SHORT_SHA=$COMMIT_SHORT_SHA" >> $GITHUB_ENV
+
+      - name: Change files name for stage build
+        if: ${{ inputs.is_stage == false }}
+        run: |
+          sed -i 's|${{ env.WAZUH_INSTALL_NAME }}.sh|${{ env.WAZUH_INSTALL_NAME }}-${{ env.COMMIT_SHORT_SHA }}.sh|g' "${{ env.BUILDER_PATH }}"
+          sed -i 's|${{ env.WAZUH_CERT_TOOL_NAME }}.sh|${{ env.WAZUH_CERT_TOOL_NAME }}-${{ env.COMMIT_SHORT_SHA }}.sh|g' "${{ env.BUILDER_PATH }}"
+          sed -i 's|${{ env.WAZUH_PASSWORD_TOOL_NAME }}.sh|${{ env.WAZUH_PASSWORD_TOOL_NAME }}-${{ env.COMMIT_SHORT_SHA }}.sh|g' "${{ env.BUILDER_PATH }}"
+
+      - name: Build Installation Assistant packages
+        run: bash builder.sh -i -c -p
+
+      - name: Save files name
+        run: |
+          WAZUH_INSTALL_NAME=$(ls ${{ github.workspace }}/${{ env.WAZUH_INSTALL_NAME }}*.sh | xargs basename)
+          WAZUH_CERT_TOOL_NAME=$(ls ${{ github.workspace }}/${{ env.WAZUH_CERT_TOOL_NAME }}*.sh | xargs basename)
+          WAZUH_PASSWORD_TOOL_NAME=$(ls ${{ github.workspace }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }}*.sh | xargs basename)
+          echo "WAZUH_INSTALL_NAME=$WAZUH_INSTALL_NAME" >> $GITHUB_ENV
+          echo "WAZUH_CERT_TOOL_NAME=$WAZUH_CERT_TOOL_NAME" >> $GITHUB_ENV
+          echo "WAZUH_PASSWORD_TOOL_NAME=$WAZUH_PASSWORD_TOOL_NAME" >> $GITHUB_ENV
+
+      - name: Prepare files
+        run: |
+          mkdir -p ${{ github.workspace }}/${{ env.WAZUH_VERSION }}
+          mv ${{ env.WAZUH_INSTALL_NAME }} ${{ github.workspace }}/${{ env.WAZUH_VERSION }}
+          mv ${{ env.WAZUH_CERT_TOOL_NAME }} ${{ github.workspace }}/${{ env.WAZUH_VERSION }}
+          mv ${{ env.WAZUH_PASSWORD_TOOL_NAME }} ${{ github.workspace }}/${{ env.WAZUH_VERSION }}
+
+      - name: Build packages checksum
+        if: ${{ inputs.checksum == true }}
+        run: |
+          sha512sum ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }} > ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }}.sha512
+          sha512sum ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }} > ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }}.sha512
+          sha512sum ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }} > ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }}.sha512
+
+      - name: Upload files to S3
+        run: |
+          aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }} s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/
+          s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }}"
+          echo "S3 wazuh-install URI: ${s3uri}"
+          aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }} s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/
+          s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }}"
+          echo "S3 wazuh-certs-tool URI: ${s3uri}"
+          aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }} s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/
+          s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }}"
+          echo "S3 wazuh-passwords-tool URI: ${s3uri}"
+
+      - name: Upload checksum files to S3
+        if: ${{ inputs.checksum == true }}
+        run: |
+          aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }}.sha512 s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/
+          s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }}.sha512"
+          echo "S3 sha512 wazuh-install checksum URI: ${s3uri}"
+          aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }}.sha512 s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/
+          s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }}.sha512"
+          echo "S3 sha512 wazuh-certs-tool checksum URI: ${s3uri}"
+          aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }}.sha512 s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/
+          s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }}.sha512"
+          echo "S3 sha512 wazuh-passwords-tool checksum URI: ${s3uri}"