Agent centralized configuration

[vikman90]

Parent issue:

• Data persistence model redesign wazuh#22887

Description

This MVP issue focuses on developing the "Agent centralized configuration command" use case. The agent will utilize the "command manager" component to receive requests from the manager. Two types of request will be:

• set-group:
  This command should set its group set, and will include one or more groups which the agent belongs to.
• update-group:
  It indicates that the group-related configuration has changed in the manager.

In both cases, the agent will then respond with the following actions:

1. Download the related files from the server.
2. Read them in the order specified by the request and validate them.
3. Once validated, either apply them to all modules or restart the agent.

Functional requirements

1. Command Reception:
   • The agent must be able to receive the configuration related requests from the manager through the "command manager" component.
2. File Download:
   • The agent must download the configuration files listed in the request from the server.
3. File Reading and Validation:
   • The agent must read the configuration files in the specified order.
   • The agent must validate each configuration file to ensure it is error-free.
4. Configuration Application:
   • If validation is successful, the agent must apply the new configuration to all relevant modules.
   • If required, the agent must be able to restart to apply the new configuration fully.

Non-functional requirements

1. Performance:
   The configuration update process should be efficient and not significantly impact the agent’s performance.
2. Reliability:
   The agent must reliably validate and apply configurations without causing errors or downtime.
3. Security:
   The agent must securely download configuration files, ensuring they are not tampered with.
4. Scalability:
   The solution should scale with the number of configuration files and the size of the agent’s environment.

Implementation restrictions

1. Command-Based Implementation:
   This functionality must be implemented as a command within the agent.
2. Configuration Format:
   The configuration will be in YAML format, spread across multiple files (one per agent group).
3. Validation:
   The configuration must be validated before application. The agent should never accept a configuration that produces errors.

Plan

1. Module Integration:
   Integrate with the existing configuration module to handle the reading and validation of YAML files.
   • Design and development of the configuration parser component for the new agent #26
2. Request Format Definition:
   Define the format for the centralized configuration request to ensure compatibility between the manager and the agent.

• SPIKE - Initial Comms API server design wazuh#23395 (comment)

3. Server-Side Implementation:
   Implement the necessary server-side logic to send the update-configuration requests with the appropriate configuration files.
4. Agent-Side Implementation:
   Implement the agent-side logic to:
   • Agent centralized: necessary changes to existing modules #219
     • AgentInfo: persists the information of the group to which the agent belongs.
     • Communicator: is in charge of making requests to the server to download the centralized configuration files.
   • Agent centralized configuration: implement CentralizedConfiguration class #222
     • The commands set-group and update-group are handled by the CentralizedConfiguration module.
   • Change CentralizedConfiguration to be a component instead of a module #239
   • Agent centralized: pass the argument list to the modules to execute commands #234
   • Agent centralized configuration: validate and apply downloaded files #263
5. Testing and Validation:
   • Thoroughly test the entire workflow to ensure reliability, security, and performance.
   • Validate that the agent correctly handles valid and invalid configurations.
   • Ensure seamless integration with the server-side implementation.

Requirement Traceability Matrix

Requirement	Description	Plan part	DRI
Functional 1	Receive update requests	4	@wazuh/devel-agent
Functional 2	Download config files	2, 3, 4	@wazuh/devel-agent , @wazuh/devel-pyserver
Functional 3	Read and validate config	4	@wazuh/devel-agent
Functional 4	Apply the configuration	1, 4	@wazuh/devel-agent-leaders

[aritosteles]

Update

• (2024/08/13): Understanding the issue requeriments. Reviewing related issues, discussing with team issue details and doubts to deliver to management.
• (2024/08/14): Putting this issue on hold to work on the Command Manager issue.

[Nicogp]

(2024/10/02):

• Understanding the issue requeriments.
• Review of last changes introduced in command_handler

(2024/10/03):

• In a first test, I tried to start adding the functionality to the configurationParse module, I discarded the changes.
• As a second approach, I am thinking about creating a new module to manage those commands.

(2024/10/07):

• We coordinated with @jr0me the distribution of tasks
• We made the module structure

(2024/10/08):

• I started to make the changes to save the group to which the agent belongs, for this the AgentInfo and AgentInfoPersistance class will be used.

(2024/10/09):

• I finalized the changes to AgentInfo and AgentInfoPersistance, the changes were manually tested and UT performed for each case

(2024/10/10):

• I started modifications to the httpClient class to support file downloading. So far I have been able to test using http

[jr0me]

Update

Discussed with @Nicogp how to start and distribute the work for this issue. We settled for a first approach with the CentralizedConfiguration being a class in the Modules section of the Agent. It will support the requirements to work with the ModuleManager (namely, implement the interface needed by the ModuleWrapper), and it will be configurable to minimize physical dependencies to other components of the Agent.

Branch is in place as https://github.com/wazuh/wazuh-agent/tree/enhancement/32-agent-centralized-configuration-class-mvp

[jr0me]

Update

Implementing the ExecuteCommand method for the CentralizedConfiguration.

[jr0me]

Update

Implementing setters for the various set-group and update-group handling functions. We want to avoid coupling the centralized configuration to other components like AgentInfo, HttpClient, ConfigurationParser, etc... for this we'll use lambdas as class members that will deal with specifics of each operation without exposing the other classes' details.

[jr0me]

Update (October 10th)

Moving on to implement and test the function to set the file downloader. Adjusted functions to the parallel development led by Nico.