DTT2 - Iteration 3 - Allocation module - Configure VMs created in macStadium with custom password or ssh key

[c-bordon]

It is necessary to modify the default password of the VMs created in macStadium, both ARM and Intel, you can generate a custom password as in the case of Windows, or modify and load the public key so that it can be accessed by private key.

• Update the macOS vagrantfile to port forward on the private IP

[c-bordon]

Update report

After making several changes to the code and carrying out various tests, I encountered the error when trying to change the password of the vagrant user in macOS. For the utilities installed in the box, it is essential to change the password with prompt, which is why This breaks with the design of the module, an attempt will be made to move forward with the configuration of the private and public key for access to these VMs

[c-bordon]

Update report

I continue working on configuring a public key, but at the moment I cannot finish with the desired configuration.
Currently, I am able to load the public key and configure it so that it can be accessed with the private key without the need to load the user's password.
I have to solve it so that the call to the method that loads the public key is executed only the first time the method is called: ssh_copy_id

On the other hand, this configuration works and allows access with a private key, but this does not prevent you from continuing to connect with the default password without the need to use the private key. I will continue working on this point.

cbordon@cbordon-MS-7C88:~/Documents/wazuh/repositorios/wazuh-qa$ python3 deployability/modules/allocation/main.py --provider vagrant --size small --instance-name cbordon-test-ssh --composite-name macos-sonoma-14.4.1-amd64
[2024-05-10 15:31:14] [INFO] ALLOCATOR: Creating instance at /tmp/wazuh-qa
[2024-05-10 15:31:26] [INFO] ALLOCATOR: Using the macStadium Intel server to deploy.
[2024-05-10 15:31:26] [DEBUG] ALLOCATOR: Checking if instance directory exists on remote host
[2024-05-10 15:31:30] [DEBUG] ALLOCATOR: Creating instance directory on remote host
[2024-05-10 15:31:33] [DEBUG] ALLOCATOR: No config provided. Generating from payload
[2024-05-10 15:31:33] [DEBUG] ALLOCATOR: Generating new key pair
[2024-05-10 15:31:41] [DEBUG] ALLOCATOR: Vagrantfile created. Creating instance.
[2024-05-10 15:31:52] [INFO] ALLOCATOR: Instance cbordon-test-ssh-996 created.
[2024-05-10 15:32:41] [INFO] ALLOCATOR: Instance cbordon-test-ssh-996 started.
[2024-05-10 15:32:54] [DEBUG] ALLOCATOR: Setting up SSH key on VM
[2024-05-10 15:32:59] [INFO] ALLOCATOR: Inventory file generated at /tmp/wazuh-qa/cbordon-test-ssh-996/inventory.yml
[2024-05-10 15:33:00] [INFO] ALLOCATOR: SSH connection successful.
[2024-05-10 15:33:12] [DEBUG] ALLOCATOR: Setting up SSH key on VM
[2024-05-10 15:33:17] [INFO] ALLOCATOR: Track file generated at /tmp/wazuh-qa/cbordon-test-ssh-996/track.yml
cbordon@cbordon-MS-7C88:~/Documents/wazuh/repositorios/wazuh-qa$ cat /tmp/wazuh-qa/cbordon-test-ssh-996/inventory.yml
ansible_connection: ssh
ansible_host: 207.254.50.205
ansible_port: 43220
ansible_ssh_common_args: -o StrictHostKeyChecking=no
ansible_ssh_private_key_file: /tmp/wazuh-qa/cbordon-test-ssh-996/instance_key
ansible_user: vagrant
cbordon@cbordon-MS-7C88:~/Documents/wazuh/repositorios/wazuh-qa$ ssh -o StrictHostKeyChecking=no -p 43220 vagrant@207.254.50.205
(vagrant@207.254.50.205) Password:
Last login: Mon Apr 29 10:55:19 2024 from 10.10.0.149
vagrant@macos-14 ~ % vim /etc/ssh/ssh_config
vagrant@macos-14 ~ % sudo vim /etc/ssh/ssh_config
vagrant@macos-14 ~ % sudo launchctl stop com.openssh.sshd

Not privileged to stop service.
vagrant@macos-14 ~ % launchctl stop com.openssh.sshd 

vagrant@macos-14 ~ % launchctl start com.openssh.sshd

vagrant@macos-14 ~ % exit                            
Connection to 207.254.50.205 closed.
cbordon@cbordon-MS-7C88:~/Documents/wazuh/repositorios/wazuh-qa$ ssh -o StrictHostKeyChecking=no -p 43220 vagrant@207.254.50.205
(vagrant@207.254.50.205) Password:
Last login: Fri May 10 11:33:45 2024 from 181.98.50.113
vagrant@macos-14 ~ % sudo vim /etc/ssh/ssh_config        
vagrant@macos-14 ~ % launchctl stop com.openssh.sshd 

vagrant@macos-14 ~ % launchctl start com.openssh.sshd

vagrant@macos-14 ~ % exit
Connection to 207.254.50.205 closed.
cbordon@cbordon-MS-7C88:~/Documents/wazuh/repositorios/wazuh-qa$ ssh -o StrictHostKeyChecking=no -p 43220 vagrant@207.254.50.205
(vagrant@207.254.50.205) Password:
Last login: Fri May 10 11:35:02 2024 from 181.98.50.113
vagrant@macos-14 ~ % 

[c-bordon]

Test macOS Intel with Parallels:

cbordon@cbordon-MS-7C88:~/Documents/wazuh/repositorios/wazuh-qa$ python3 deployability/modules/allocation/main.py --provider vagrant --size small --instance-name cbordon-test --composite-name macos-sonoma-14-amd64
[2024-05-13 09:58:13] [INFO] ALLOCATOR: Creating instance at /tmp/wazuh-qa
[2024-05-13 09:58:25] [INFO] ALLOCATOR: Using the macStadium Intel server to deploy.
[2024-05-13 09:58:25] [DEBUG] ALLOCATOR: Checking if instance directory exists on remote host
[2024-05-13 09:58:27] [DEBUG] ALLOCATOR: Creating instance directory on remote host
[2024-05-13 09:58:29] [DEBUG] ALLOCATOR: No config provided. Generating from payload
[2024-05-13 09:58:29] [DEBUG] ALLOCATOR: Generating new key pair
[2024-05-13 09:58:36] [DEBUG] ALLOCATOR: Vagrantfile created. Creating instance.
[2024-05-13 09:58:46] [INFO] ALLOCATOR: Instance cbordon-test-2728 created.
[2024-05-13 09:59:30] [INFO] ALLOCATOR: Instance cbordon-test-2728 started.
[2024-05-13 09:59:40] [DEBUG] ALLOCATOR: Setting up SSH key on VM
[2024-05-13 09:59:47] [INFO] ALLOCATOR: Inventory file generated at /tmp/wazuh-qa/cbordon-test-2728/inventory.yml
[2024-05-13 09:59:49] [INFO] ALLOCATOR: SSH connection successful.
[2024-05-13 09:59:49] [INFO] ALLOCATOR: Track file generated at /tmp/wazuh-qa/cbordon-test-2728/track.yml
cbordon@cbordon-MS-7C88:~/Documents/wazuh/repositorios/wazuh-qa$ cat /tmp/wazuh-qa/cbordon-test-2728/inventory.yml
ansible_connection: ssh
ansible_host: <public-ip>
ansible_port: 43230
ansible_ssh_common_args: -o StrictHostKeyChecking=no
ansible_ssh_private_key_file: /tmp/wazuh-qa/cbordon-test-2728/instance_key
ansible_user: vagrant
cbordon@cbordon-MS-7C88:~/Documents/wazuh/repositorios/wazuh-qa$ cat /tmp/wazuh-qa/cbordon-test-2728/track.yml
arch: amd64
host_identifier: macstadium
host_instance_dir: /Users/jenkins/testing/cbordon-test-2728
identifier: cbordon-test-2728
instance_dir: /tmp/wazuh-qa/cbordon-test-2728
key_path: /tmp/wazuh-qa/cbordon-test-2728/instance_key
platform: macos
provider: vagrant
ssh_port: 43230

testing connection with ssh_key:

cbordon@cbordon-MS-7C88:~/Documents/wazuh/repositorios/wazuh-qa$ ssh -o StrictHostKeyChecking=no -i /tmp/wazuh-qa/cbordon-test-2728/instance_key -p 43230 vagrant@<public_ip>
Last login: Mon Apr 29 10:55:19 2024 from <private_ip>
vagrant@macos-14 ~ %

testing connection with password:

cbordon@cbordon-MS-7C88:~/Documents/wazuh/repositorios/wazuh-qa$ ssh -o StrictHostKeyChecking=no -p 43230 vagrant@<public_ip>
vagrant@<public_ip>: Permission denied (publickey).

Delete VM:

cbordon@cbordon-MS-7C88:~/Documents/wazuh/repositorios/wazuh-qa$ python3 deployability/modules/allocation/main.py --action delete --track-output /tmp/wazuh-qa/cbordon-test-2728/track.yml 
[2024-05-13 10:04:12] [INFO] ALLOCATOR: Deleting instance from trackfile /tmp/wazuh-qa/cbordon-test-2728/track.yml
[2024-05-13 10:04:14] [DEBUG] ALLOCATOR: Destroying instance cbordon-test-2728
[2024-05-13 10:04:29] [DEBUG] ALLOCATOR: Deleting remote directory /Users/jenkins/testing/cbordon-test-2728
[2024-05-13 10:04:31] [INFO] ALLOCATOR: Instance cbordon-test-2728 deleted.

[c-bordon]

Update report

By carrying out various tests on the different systems I was able to validate different behavior in the different supported versions of Intel.

Despite all having the same configuration, there are different behaviors, example:

macos-sonoma-14-amd64: Expected behavior, only possible to connect with the private key
macos-ventura-13-amd64: Does not behave as we expect, can connect using a private key or password
macos-highsierra-10.13-amd64: It does not behave as expected, the commands executed by the module do not modify the authorized keys file, but if they are later executed outside the module, the registration of the public key is done correctly, We must check if it is due to delays in provisioning or what may be affecting it. Therefore, it does not take the private key and only allows you to connect by password
macos-sierragcc9-10.12-amd64: Same behavior as Ventura
macos-sierracmake-10.12-amd64: Same behavior as high Sierra

It is necessary to continue verifying and adjusting the module to achieve the desired configuration in all the boxes that we support, for this, it is necessary to continue this development in DTT2 due to its complexity. @teddytpc1 @fcaffieri

[c-bordon]

Branch with development: https://github.com/wazuh/wazuh-qa/tree/change/5354-dtt1-iteration-3-allocation-module-configure-vms-created-in-macstadium-with-custom-password-or-ssh-key