Merge pull request #8798 from wazuh/enhancement/idr286-add-deployment-on-docker-rework-4.13.0

ayodeko · web-flow · commit 83120da8b69c · 2025-08-25T09:00:16.000+02:00
Add deployment on docker rework – Wazuh agent
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,6 +14,7 @@ All notable changes to this project will be documented in this file.
 - Added information about filters in the Windows agent to block UNC and mapped drive paths to mitigate *NetNTLMv2* vulnerabilities. ([#8665](https://github.com/wazuh/wazuh-documentation/pull/8665))
 - Added the Wazuh global queries documentation. ([#8722](https://github.com/wazuh/wazuh-documentation/pull/8722))
 - Added `remoted.ctrl_msg_queue_size` internal option and new remoted statistics fields. ([#8769](https://github.com/wazuh/wazuh-documentation/pull/8769))
+- Added Wazuh agent deployment on Docker documentation. ([#8798](https://github.com/wazuh/wazuh-documentation/pull/8798))
 
 ### Changed
 
diff --git a/source/deployment-options/docker/build-docker-images-locally.rst b/source/deployment-options/docker/build-docker-images-locally.rst
@@ -1,12 +1,12 @@
 .. Copyright (C) 2015, Wazuh, Inc.
 
 .. meta::
-   :description: You can modify and build Docker images for the Wazuh central components. Learn more in this section of the documentation.
+   :description: You can modify and build Docker images for the Wazuh central components and the Wazuh agent. Learn more in this section of the documentation.
 
 Build Docker images locally
 ===========================
 
-You can modify and build Docker images for the Wazuh central components (manager, indexer, and dashboard).
+You can modify and build Docker images for the Wazuh central components (manager, indexer, and dashboard) and the Wazuh agent.
 
 #. Clone the `Wazuh Docker repository <https://github.com/wazuh/wazuh-docker>`_ to your system:
 
diff --git a/source/deployment-options/docker/container-usage.rst b/source/deployment-options/docker/container-usage.rst
@@ -14,7 +14,7 @@ Access to services and containers
 This section explains how to interact with your Wazuh deployment by accessing service logs and shell instances of running containers.
 
 #. Access the Wazuh dashboard using the Docker host IP address.
-#. Enroll agents through the standard :doc:`Wazuh agent enrollment </user-manual/agent/agent-enrollment/index>` process. Use the Docker host address as the Wazuh manager address.
+#. Enroll agents through the :ref:`Wazuh agent Docker deployment <agent_deployment_docker>` or the standard :doc:`Wazuh agent enrollment </user-manual/agent/agent-enrollment/index>` process. Use the Docker host address as the Wazuh manager address.
 #. List the containers in the directory where the Wazuh ``docker-compose.yml`` file is located:
 
    .. code-block:: console
@@ -183,6 +183,10 @@ To customize the Wazuh configuration file ``/var/ossec/etc/ossec.conf``, modify
          -  **Manager**: ``wazuh-docker/multi-node/config/wazuh_cluster/wazuh_manager.conf``
          -  **Worker**: ``wazuh-docker/multi-node/config/wazuh_cluster/wazuh_worker.conf``
 
+      .. group-tab:: Wazuh agent container
+
+         ``wazuh-docker/wazuh-agent/config/wazuh-agent-conf``
+
    Save the changes in the configuration files.
 
 #. Restart the stack:
diff --git a/source/deployment-options/docker/index.rst b/source/deployment-options/docker/index.rst
@@ -14,6 +14,7 @@ Wazuh provides official Docker images that you can install to streamline deploym
 -  ``wazuh-manager``
 -  ``wazuh-indexer``
 -  ``wazuh-dashboard``
+-  ``wazuh-agent``
 
 You can find all available Wazuh Docker images on `Docker Hub <https://hub.docker.com/u/wazuh>`__.
 
diff --git a/source/deployment-options/docker/wazuh-container.rst b/source/deployment-options/docker/wazuh-container.rst
@@ -10,13 +10,15 @@ Wazuh consists of a multi-platform Wazuh agent and three central components: the
 
 **Deployment options**
 
-Wazuh supports the deployment of the central components on Docker.
+Wazuh supports the deployment of the central components and agent on Docker.
 
 -  You can deploy `Wazuh central components`_ as a single-node or multi-node stack.
 
    -  **Single-node stack**: Runs one Wazuh manager, indexer, and dashboard node on the Docker host. Supports persistent storage and configurable certificates for secure communications.
    -  **Multi-node stack**: Runs two Wazuh manager nodes (one master, one worker), three indexer nodes, one dashboard, and one nginx node. Includes persistence, secure communication configuration, and high availability.
 
+-  You can deploy a `Wazuh agent`_ container on a Docker host.
+
 Wazuh central components
 ------------------------
 
@@ -94,23 +96,23 @@ You must provide certificates for each node to secure communication between them
 
       .. code-block:: none
 
-         .. code-block:: none
+         config/wazuh_indexer_ssl_certs/root-ca.pem
+         config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem
+         config/wazuh_indexer_ssl_certs/wazuh.indexer.pem
+         config/wazuh_indexer_ssl_certs/admin.pem
+         config/wazuh_indexer_ssl_certs/admin-key.pem
 
-            config/wazuh_indexer_ssl_certs/root-ca.pem
-            config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem
-            config/wazuh_indexer_ssl_certs/wazuh.indexer.pem
-            config/wazuh_indexer_ssl_certs/admin.pem
-            config/wazuh_indexer_ssl_certs/admin-key.pem
+      **Wazuh manager**:
 
-         **Wazuh manager**:
+      .. code-block:: none
 
-         .. code-block:: none
+         config/wazuh_indexer_ssl_certs/root-ca-manager.pem
+         config/wazuh_indexer_ssl_certs/wazuh.manager.pem
+         config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem
 
-            config/wazuh_indexer_ssl_certs/root-ca-manager.pem
-            config/wazuh_indexer_ssl_certs/wazuh.manager.pem
-            config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem
+      **Wazuh dashboard**:
 
-         **Wazuh dashboard**:
+      .. code-block:: none
 
          config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem
          config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem
@@ -245,7 +247,7 @@ Setting a new hash
 
 #. Replace ``<NEW_HASH>`` with your hash values.
 
-   .. tabs::
+   -  ``admin`` user
 
       .. code-block:: yaml
          :emphasize-lines: 4
@@ -259,15 +261,9 @@ Setting a new hash
            - "admin"
            description: "Demo admin user"
 
-            ...
-            admin:
-              hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO"
-              reserved: true
-              backend_roles:
-              - "admin"
-              description: "Demo admin user"
+         ...
 
-            ...
+   -  ``kibanaserver`` user
 
       .. code-block:: yaml
          :emphasize-lines: 4
@@ -279,20 +275,14 @@ Setting a new hash
            reserved: true
            description: "Demo kibanaserver user"
 
-            ...
-            kibanaserver:
-              hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
-              reserved: true
-              description: "Demo kibanaserver user"
-
-            ...
+         ...
 
 Setting the new password
 ........................
 
 #. Open the ``docker-compose.yml`` file. Change all occurrences of the old password with the new one. For example, for a single-node stack:
 
-   .. tabs::
+   -  ``admin`` user
 
       .. code-block:: yaml
          :emphasize-lines: 8, 25
@@ -329,37 +319,7 @@ Setting the new password
                - API_PASSWORD=MyS3cr37P450r.*-
            ...
 
-            ...
-            services:
-              wazuh.manager:
-                ...
-                environment:
-                  - INDEXER_URL=https://wazuh.indexer:9200
-                  - INDEXER_USERNAME=admin
-                  - INDEXER_PASSWORD=SecretPassword
-                  - FILEBEAT_SSL_VERIFICATION_MODE=full
-                  - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
-                  - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
-                  - SSL_KEY=/etc/ssl/filebeat.key
-                  - API_USERNAME=wazuh-wui
-                  - API_PASSWORD=MyS3cr37P450r.*-
-              ...
-              wazuh.indexer:
-                ...
-                environment:
-                  - "OPENSEARCH_JAVA_OPTS=-Xms1024m -Xmx1024m"
-              ...
-              wazuh.dashboard:
-                ...
-                environment:
-                  - INDEXER_USERNAME=admin
-                  - INDEXER_PASSWORD=SecretPassword
-                  - WAZUH_API_URL=https://wazuh.manager
-                  - DASHBOARD_USERNAME=kibanaserver
-                  - DASHBOARD_PASSWORD=kibanaserver
-                  - API_USERNAME=wazuh-wui
-                  - API_PASSWORD=MyS3cr37P450r.*-
-              ...
+   -  ``kibanaserver`` user
 
       .. code-block:: yaml
          :emphasize-lines: 12
@@ -501,3 +461,58 @@ The ``wazuh-wui`` user is the default user for connecting to the Wazuh server AP
       # docker-compose up -d
 
 Refer to :ref:`log in to the Wazuh server API via the command line <api_log_in>` to learn more.
+
+Wazuh agent
+-----------
+
+Running the Wazuh agent in a Docker container provides a lightweight option for integrations and for collecting logs via syslog, without installing the agent directly on a host. However, when deployed this way, the containerized agent cannot directly access or monitor the host system.
+
+.. _agent_deployment_docker:
+
+Deployment
+^^^^^^^^^^
+
+Follow these steps to deploy the Wazuh agent using Docker.
+
+#. Clone the `Wazuh Docker repository <https://github.com/wazuh/wazuh-docker>`_ to your system:
+
+   .. code-block:: console
+
+      # git clone https://github.com/wazuh/wazuh-docker.git -b v|WAZUH_CURRENT_DOCKER|
+
+#. Navigate to the ``wazuh-docker/wazuh-agent/`` directory within your repository:
+
+   .. code-block:: console
+
+      # cd wazuh-docker/wazuh-agent
+
+#. Edit the ``docker-compose.yml`` file. Replace ``<YOUR_WAZUH_MANAGER_IP>`` with the IP address of your Wazuh manager. Locate the environment section for the agent service and update it:
+
+   .. code-block:: yaml
+      :emphasize-lines: 7
+
+      # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+      services:
+        wazuh.agent:
+          image: wazuh/wazuh-agent:|WAZUH_CURRENT_DOCKER|
+          restart: always
+          environment:
+            - WAZUH_MANAGER_SERVER=<WAZUH_MANAGER_IP>
+          volumes:
+            - ./config/wazuh-agent-conf:/wazuh-config-mount/etc/ossec.conf
+
+#. Start the Wazuh agent deployment using ``docker-compose``:
+
+   -  **Background**:
+
+      .. code-block:: console
+
+         # docker-compose up -d
+
+   -  **Foreground**:
+
+      .. code-block:: console
+
+         # docker-compose up
+
+#. Verify from your Wazuh dashboard that the Wazuh agent deployment was successful and visible. Navigate to the **Agent management** > **Summary**, and you should see the Wazuh agent container active on your dashboard.
