Development - DevOps 5.0 adaptation - Remove Filebeat references from the certs tool

[Enaraque]

Description

For version 5.0, Filebeat will no longer be used, so all references to it in the certs tool must be removed:

• Update the log messages related to Filebeat certificate generation. These messages should be updated to reference the Wazuh server instead of Filebeat.
• Update the cert_generateFilebeatCertificates function. This function currently generates certificates for Filebeat. Since the certificates use the server names defined in config.yml, the only required change is to replace Filebeat references with Wazuh server.

References

wazuh-installation-assistant/cert_tool/certFunctions.sh

Lines 167 to 187 in ac52399

	function cert_generateFilebeatcertificates() {
	if [ ${#server_node_names[@]} -gt 0 ]; then
	common_logger "Generating Filebeat certificates."
	for i in "${!server_node_names[@]}"; do
	server_name="${server_node_names[i]}"
	common_logger -d "Generating the certificates for ${server_name} server node."
	j=$((i+1))
	declare -a server_ips=(server_node_ip_"$j"[@])
	cert_generateCertificateconfiguration "${server_name}" "${!server_ips}"
	common_logger -d "Creating the Wazuh server tmp key pair."
	cert_executeAndValidate "openssl req -new -nodes -newkey rsa:2048 -keyout ${cert_tmp_path}/${server_name}-key.pem -out ${cert_tmp_path}/${server_name}.csr -config ${cert_tmp_path}/${server_name}.conf"
	common_logger -d "Creating the Wazuh server certificates."
	cert_executeAndValidate "openssl x509 -req -in ${cert_tmp_path}/${server_name}.csr -CA ${cert_tmp_path}/root-ca.pem -CAkey ${cert_tmp_path}/root-ca.key -CAcreateserial -out ${cert_tmp_path}/${server_name}.pem -extfile ${cert_tmp_path}/${server_name}.conf -extensions v3_req -days 3650"
	done
	else
	return 1
	fi
	}

wazuh-installation-assistant/cert_tool/certMain.sh

Lines 197 to 198 in ac52399

	if cert_generateFilebeatcertificates; then
	common_logger "Wazuh Filebeat certificates created."

wazuh-installation-assistant/cert_tool/certMain.sh

Lines 229 to 233 in ac52399

	if [[ -n "${cserver}" ]]; then
	if [ ${#server_node_names[@]} -gt 0 ]; then
	cert_checkRootCA
	cert_generateFilebeatcertificates
	common_logger "Wazuh Filebeat certificates created."

Tasks

• Certificates must be generated without referencing Filebeat at any point.
• Manager and worker certificates must be generated according to the configuration specified in config.yml.

[Enaraque]

The Filebeat references have been changed to the server ones in the certs tool.

Tests 🧪

The certs tool has been executed in two different ways to test it:

• config.yml file that was used to test the certs tool

   nodes:
     # Wazuh indexer nodes
     indexer:
       - name: node-1
         ip: "127.0.0.1"
   
     # Wazuh server nodes
     server:
       - name: wazuh-1
         ip: "127.0.0.1"
   
     # Wazuh dashboard nodes
     dashboard:
       - name: dashboard
         ip: "127.0.0.1"

• With the -A option to create all the certificates

  Certs creation with the -A option

   $ sudo bash wazuh-certs-tool.sh -A
   04/12/2025 12:41:03 INFO: Verbose logging redirected to /home/henry/work-wazuh/wazuh-repos/wazuh-installation-assistant/wazuh-certificates-tool.log
   04/12/2025 12:41:03 INFO: Generating the root certificate.
   04/12/2025 12:41:04 INFO: Generating Admin certificates.
   04/12/2025 12:41:04 INFO: Admin certificates created.
   04/12/2025 12:41:04 INFO: Generating Wazuh indexer certificates.
   04/12/2025 12:41:04 INFO: Wazuh indexer certificates created.
   04/12/2025 12:41:04 INFO: Generating Wazuh server certificates.
   04/12/2025 12:41:04 INFO: Wazuh server certificates created.
   04/12/2025 12:41:04 INFO: Generating Wazuh dashboard certificates.
   04/12/2025 12:41:05 INFO: Wazuh dashboard certificates created.
  $ ls wazuh-certificates
   admin-key.pem  admin.pem  dashboard-key.pem  dashboard.pem  node-1-key.pem  node-1.pem  root-ca.key  root-ca.pem  wazuh-1-key.pem  wazuh-1.pem
   $ openssl x509 -in wazuh-certificates/wazuh-1.pem -noout -subject
   subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-1

• With the -ws option to generate only the certificates related to the server ones.

  Certs creation with the -ws option

   $ bash wazuh-certs-tool.sh -ws root-ca.pem root-ca.key 
   04/12/2025 12:45:09 INFO: Verbose logging redirected to /home/henry/work-wazuh/wazuh-repos/wazuh-installation-assistant/wazuh-certificates-tool.log
   04/12/2025 12:45:09 INFO: Generating Wazuh server certificates.
   04/12/2025 12:45:09 INFO: Wazuh server certificates created.
   $ ls wazuh-certificates
   root-ca.key  root-ca.pem  wazuh-1-key.pem  wazuh-1.pem
   $ openssl x509 -in wazuh-certificates/wazuh-1.pem -noout -subject
   subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-1

As we can see, all the certificates were created successfully according to the new changes