agent-upgrade

The agent upgrade module is responsible for carrying out the entire agent upgrade process remotely:

On the manager side, it validates, downloads and/or sends the WPK files to the agents.
On the agent side, it processes the received commands and sends a notification to the manager after an upgrade process has been accomplished.

This configuration section only needs to be defined in order to change the default values.

Options

Note

On the manager side, this module will be always enabled and cannot be deactivated.

Agent side

enabled
notification_wait_start
notification_wait_factor
notification_wait_max
ca_verification

Note

On the agent side, this module can be disabled, and doing so will block remote upgrading of that agent.

chunk_size

Size in KB of the chunk that will be used to send the WPK file.

Default value	512
Allowed values	Any number between 64 and 32768
Required	no

wpk_repository

Repository where the WPK files will be downloaded.

Default value	packages.wazuh.com/4.x/wpk/
Allowed values	Any repository URL that contains the WPK files.
Required	no

max_threads

Maximum number of threads to process upgrades in parallel. Value 0 means the number of CPU cores.

Default value	8
Allowed values	Any number between 0 and 256
Required	no

enabled

Disabling this option will block the agent from upgrading.

Default value	yes
Allowed values	yes, no
Required	no

notification_wait_start

Initial time that the agent will wait to retry sending the upgrade confirmation if the first attempt remains unanswered. Can use second, minute and hour format.

Default value	5m
Allowed values	A positive number that should contain a suffix character indicating a time unit: s (seconds), m (minutes), or h (hours).
Required	no

notification_wait_factor

Time increase factor between successive notifications.

Default value	2.0
Allowed values	Any number greater than 1.0
Required	no

notification_wait_max

Maximum time allowed between successive notifications. Can use second, minute and hour format.

Default value	1h
Allowed values	A positive number that should contain a suffix character indicating a time unit: s (seconds), m (minutes), or h (hours).
Required	no

ca_verification

Configuration block to specify CA certificates to validate WPK files.

enabled	This option enables or disables the WPK validation using the root CA certificate. If this parameter is set to `no` the agent will accept any WPK package coming from the manager.
	Default value	yes
	Allowed values	yes, no
ca_store	Indicates the path to the root CA certificate. The agent needs the certificate with which the WPK was signed in order to be updated.
	Default value	etc/wpk_root.pem
	Allowed values	Path to root CA certificate. It can be referred to a relative path under the ThreatLockDown installation directory or a full path.

Sample Configuration

<!-- On the manager side -->

<agent-upgrade>
  <chunk_size>16384</chunk_size>
  <wpk_repository>packages.wazuh.com/4.x/wpk/</wpk_repository>
  <max_threads>16</max_threads>
</agent-upgrade>

<!-- On the agent side -->
<agent-upgrade>
  <enabled>yes</enabled>
  <notification_wait_start>60s</notification_wait_start>
  <notification_wait_factor>4</notification_wait_factor>
  <notification_wait_max>2h</notification_wait_max>
  <ca_verification>
    <enabled>yes</enabled>
    <ca_store>etc/wpk_root.pem</ca_store>
  </ca_verification>
</agent-upgrade>