Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Roll back rollover + alias changes from QA team repositories #2834

Closed
12 tasks done
rauldpm opened this issue Feb 20, 2024 · 2 comments · Fixed by #2838
Closed
12 tasks done

Roll back rollover + alias changes from QA team repositories #2834

rauldpm opened this issue Feb 20, 2024 · 2 comments · Fixed by #2838
Assignees
@rauldpm
Labels
level/task Subtask issue type/change Change requested

Comments

@rauldpm
Copy link
Member

rauldpm commented Feb 20, 2024
edited
Loading

Description

Source issue: https://github.com/wazuh/internal-devel-requests/issues/781

Due to a version change, it is necessary to restore the changes introduced in the Wazuh indexer package for the ISM script

Tasks

Note

Changes must be analyzed in case something should not be reverted, as style changes
ISM was added to the Wazuh indexer package by CICD and the Indexer team
Only changes related to the Wazuh indexer package will be done, if the PR changes another component as the Wazuh installation assistant, the team with the component ownership should change it

Validation

  • Wazuh indexer package builds correctly
  • Wazuh indexer package install and start correctly
  • Wazuh indexer logs are free from warnings/errors related to ISM rollover and alias feature
  • Wazuh indexer CI processes finish successfully
@rauldpm rauldpm added level/task Subtask issue type/change Change requested labels Feb 20, 2024
@rauldpm rauldpm self-assigned this Feb 20, 2024
@rauldpm
Copy link
Member Author

rauldpm commented Feb 20, 2024
edited
Loading

Update report

  • Removed files and configuration related to ISM
  • Removed wazuh-template from Wazuh indexer package
  • Build packages
CentOS 7 test install + health checks 
[root@centos7 vagrant]# curl -sO https://packages-dev.wazuh.com/4.8/wazuh-certs-tool.sh
[root@centos7 vagrant]# curl -sO https://packages-dev.wazuh.com/4.8/config.yml
[root@centos7 vagrant]# cat config.yml 
nodes:
  # Wazuh indexer nodes
  indexer:
    - name: node-1
      ip: "192.168.56.4"
[root@centos7 vagrant]# bash ./wazuh-certs-tool.sh -A
20/02/2024 18:37:24 INFO: Generating the root certificate.
20/02/2024 18:37:24 INFO: Generating Admin certificates.
20/02/2024 18:37:24 INFO: Admin certificates created.
20/02/2024 18:37:24 INFO: Generating Wazuh indexer certificates.
20/02/2024 18:37:24 INFO: Wazuh indexer certificates created.
20/02/2024 18:37:24 INFO: Generating Filebeat certificates.
20/02/2024 18:37:24 INFO: Generating Wazuh dashboard certificates.
[root@centos7 vagrant]# tar -cvf ./wazuh-certificates.tar -C ./wazuh-certificates/ .
./
./root-ca.key
./root-ca.pem
./admin-key.pem
./admin.pem
./node-1-key.pem
./node-1.pem
[root@centos7 vagrant]# yum -y localinstall wazuh-indexer-4.8.0-1.x86_64.rpm 
Loaded plugins: fastestmirror
Examining wazuh-indexer-4.8.0-1.x86_64.rpm: wazuh-indexer-4.8.0-1.x86_64
Marking wazuh-indexer-4.8.0-1.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package wazuh-indexer.x86_64 0:4.8.0-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================
 Package                Arch            Version            Repository                              Size
========================================================================================================
Installing:
 wazuh-indexer          x86_64          4.8.0-1            /wazuh-indexer-4.8.0-1.x86_64          1.0 G

Transaction Summary
========================================================================================================
Install  1 Package

Total size: 1.0 G
Installed size: 1.0 G
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wazuh-indexer-4.8.0-1.x86_64                                                         1/1 
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
  Verifying  : wazuh-indexer-4.8.0-1.x86_64                                                         1/1 

Installed:
  wazuh-indexer.x86_64 0:4.8.0-1                                                                        

Complete!
[root@centos7 vagrant]# ls -l /usr/share/wazuh-indexer/bin/
total 52
-rwxr-x---. 1 wazuh-indexer wazuh-indexer 6027 Feb 20 16:22 indexer-security-init.sh
-rwxr-x---. 1 wazuh-indexer wazuh-indexer 3026 Sep 19 21:11 opensearch
-rwxr-x---. 1 wazuh-indexer wazuh-indexer 1086 Sep 19 21:11 opensearch-cli
-rwxr-x---. 1 wazuh-indexer wazuh-indexer 5540 Feb 20 16:15 opensearch-env
-rwxr-x---. 1 wazuh-indexer wazuh-indexer 1834 Sep 19 21:11 opensearch-env-from-file
-rwxr-x---. 1 wazuh-indexer wazuh-indexer  218 Sep 19 21:11 opensearch-keystore
-rwxr-x---. 1 wazuh-indexer wazuh-indexer  151 Sep 19 21:11 opensearch-node
drwxr-x---. 2 wazuh-indexer wazuh-indexer   78 Feb 20 18:43 opensearch-performance-analyzer
-rwxr-x---. 1 wazuh-indexer wazuh-indexer  206 Sep 19 21:11 opensearch-plugin
-rwxr-x---. 1 wazuh-indexer wazuh-indexer  144 Sep 19 21:11 opensearch-shard
-rwxr-x---. 1 wazuh-indexer wazuh-indexer  207 Sep 19 21:11 opensearch-upgrade
-rwxr-x---. 1 wazuh-indexer wazuh-indexer  583 Feb 20 16:15 systemd-entrypoint
[root@centos7 vagrant]# ls -l /etc/wazuh-indexer/
total 28
-rw-rw----. 1 wazuh-indexer wazuh-indexer  2729 Feb 20 16:15 jvm.options
drwxr-x---. 2 wazuh-indexer wazuh-indexer     6 Feb 20 16:15 jvm.options.d
-rw-rw----. 1 wazuh-indexer wazuh-indexer 14808 Feb 20 16:15 log4j2.properties
-rw-rw----. 1 wazuh-indexer wazuh-indexer   196 Feb 20 18:43 opensearch.keystore
drwxr-x---. 2 wazuh-indexer wazuh-indexer    31 Feb 20 18:43 opensearch-notifications
drwxr-x---. 2 wazuh-indexer wazuh-indexer    36 Feb 20 18:43 opensearch-notifications-core
drwxr-x---. 2 wazuh-indexer wazuh-indexer    31 Feb 20 18:43 opensearch-observability
drwxr-x---. 2 wazuh-indexer wazuh-indexer   263 Feb 20 18:43 opensearch-performance-analyzer
drwxr-x---. 2 wazuh-indexer wazuh-indexer    35 Feb 20 18:43 opensearch-reports-scheduler
drwxr-x---. 2 wazuh-indexer wazuh-indexer   245 Feb 20 18:43 opensearch-security
-rw-rw----. 1 wazuh-indexer wazuh-indexer  2081 Feb 20 16:15 opensearch.yml
[root@centos7 vagrant]# NODE_NAME=node-1
[root@centos7 vagrant]# mkdir /etc/wazuh-indexer/certs
[root@centos7 vagrant]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem
[root@centos7 vagrant]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem
[root@centos7 vagrant]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem
[root@centos7 vagrant]# chmod 500 /etc/wazuh-indexer/certs
[root@centos7 vagrant]# chmod 400 /etc/wazuh-indexer/certs/*
[root@centos7 vagrant]# chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs
[root@centos7 vagrant]# systemctl daemon-reload
[root@centos7 vagrant]# systemctl enable wazuh-indexer
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service to /usr/lib/systemd/system/wazuh-indexer.service.
[root@centos7 vagrant]# systemctl start wazuh-indexer
[root@centos7 vagrant]# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2024-02-20 19:03:53 UTC; 7s ago
     Docs: https://documentation.wazuh.com
 Main PID: 3756 (java)
   CGroup: /system.slice/wazuh-indexer.service
           └─3756 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cach...

Feb 20 19:03:47 centos7 systemd[1]: Starting Wazuh-indexer...
Feb 20 19:03:48 centos7 systemd-entrypoint[3756]: WARNING: A terminally deprecated method in java....led
Feb 20 19:03:48 centos7 systemd-entrypoint[3756]: WARNING: System::setSecurityManager has been cal...ar)
Feb 20 19:03:48 centos7 systemd-entrypoint[3756]: WARNING: Please consider reporting this to the m...rch
Feb 20 19:03:48 centos7 systemd-entrypoint[3756]: WARNING: System::setSecurityManager will be remo...ase
Feb 20 19:03:48 centos7 systemd-entrypoint[3756]: WARNING: A terminally deprecated method in java....led
Feb 20 19:03:48 centos7 systemd-entrypoint[3756]: WARNING: System::setSecurityManager has been cal...ar)
Feb 20 19:03:48 centos7 systemd-entrypoint[3756]: WARNING: Please consider reporting this to the m...ity
Feb 20 19:03:48 centos7 systemd-entrypoint[3756]: WARNING: System::setSecurityManager will be remo...ase
Feb 20 19:03:53 centos7 systemd[1]: Started Wazuh-indexer.
Hint: Some lines were ellipsized, use -l to show in full.
[root@centos7 vagrant]# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
[root@centos7 vagrant]# curl -k -u admin:admin https://localhost:9200
{
  "name" : "node-1",
  "cluster_name" : "wazuh-cluster",
  "cluster_uuid" : "jfigoEFrQi6cRDiGUzqoyQ",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "eee49cb340edc6c4d489bcd9324dda571fc8dc03",
    "build_date" : "2023-09-20T23:54:29.889267151Z",
    "build_snapshot" : false,
    "lucene_version" : "9.7.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}
[root@centos7 vagrant]# curl -k -u admin:admin https://localhost:9200/_cat/nodes?v
ip        heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
10.0.2.15           46          93   1    0.03    0.04     0.05 dimr      cluster_manager,data,ingest,remote_cluster_client *               node-1
[root@centos7 vagrant]# curl -k -u admin:admin https://localhost:9200/_cluster/health?pretty=true
{
  "cluster_name" : "wazuh-cluster",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "discovered_master" : true,
  "discovered_cluster_manager" : true,
  "active_primary_shards" : 4,
  "active_shards" : 4,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}


[root@centos7 vagrant]# grep -i -E -R "error|critical|fatal|warning" /var/log/wazuh-indexer/
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-20T19:03:51,892][ERROR][o.o.s.a.s.SinkProvider   ] [node-1] Default endpoint could not be created, auditlog will not work properly.
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-20T19:03:54,655][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
  • Errors appeared in previous versions
Debian 11 test install + health checks 
root@debian11:/home/vagrant# curl -sO https://packages-dev.wazuh.com/4.8/wazuh-certs-tool.sh
root@debian11:/home/vagrant# curl -sO https://packages-dev.wazuh.com/4.8/config.yml
root@debian11:/home/vagrant# nano config.yml 
root@debian11:/home/vagrant# cat config.yml 
nodes:
  # Wazuh indexer nodes
  indexer:
    - name: node-1
      ip: "192.168.56.44"
root@debian11:/home/vagrant# bash ./wazuh-certs-tool.sh -A
20/02/2024 19:12:44 INFO: Generating the root certificate.
20/02/2024 19:12:44 INFO: Generating Admin certificates.
20/02/2024 19:12:44 INFO: Admin certificates created.
20/02/2024 19:12:44 INFO: Generating Wazuh indexer certificates.
20/02/2024 19:12:44 INFO: Wazuh indexer certificates created.
20/02/2024 19:12:44 INFO: Generating Filebeat certificates.
20/02/2024 19:12:44 INFO: Generating Wazuh dashboard certificates.
root@debian11:/home/vagrant# tar -cvf ./wazuh-certificates.tar -C ./wazuh-certificates/ .
./
./admin.pem
./admin-key.pem
./root-ca.pem
./root-ca.key
./node-1-key.pem
./node-1.pem
root@debian11:/home/vagrant# apt-get -y install ./wazuh-indexer_4.8.0-1_amd64.deb
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'wazuh-indexer' instead of './wazuh-indexer_4.8.0-1_amd64.deb'
The following NEW packages will be installed:
  wazuh-indexer
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/754 MB of archives.
After this operation, 1,050 MB of additional disk space will be used.
Get:1 /home/vagrant/wazuh-indexer_4.8.0-1_amd64.deb wazuh-indexer amd64 4.8.0-1 [754 MB]
Selecting previously unselected package wazuh-indexer.
(Reading database ... 68876 files and directories currently installed.)
Preparing to unpack .../wazuh-indexer_4.8.0-1_amd64.deb ...
Creating wazuh-indexer group... OK
Creating wazuh-indexer user... OK
Unpacking wazuh-indexer (4.8.0-1) ...
Setting up wazuh-indexer (4.8.0-1) ...
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
root@debian11:/home/vagrant# ls -l /usr/share/wazuh-indexer/bin/
total 56
-rwxr-x--- 1 wazuh-indexer wazuh-indexer 6027 Feb 20 18:19 indexer-security-init.sh
-rwxr-x--- 1 wazuh-indexer wazuh-indexer 3030 Sep 19 21:11 opensearch
-rwxr-x--- 1 wazuh-indexer wazuh-indexer 1090 Sep 19 21:11 opensearch-cli
-rwxr-x--- 1 wazuh-indexer wazuh-indexer 5544 Feb 20 18:10 opensearch-env
-rwxr-x--- 1 wazuh-indexer wazuh-indexer 1838 Sep 19 21:11 opensearch-env-from-file
-rwxr-x--- 1 wazuh-indexer wazuh-indexer  222 Sep 19 21:11 opensearch-keystore
-rwxr-x--- 1 wazuh-indexer wazuh-indexer  155 Sep 19 21:11 opensearch-node
drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Feb 20 19:13 opensearch-performance-analyzer
-rwxr-x--- 1 wazuh-indexer wazuh-indexer  210 Sep 19 21:11 opensearch-plugin
-rwxr-x--- 1 wazuh-indexer wazuh-indexer  148 Sep 19 21:11 opensearch-shard
-rwxr-x--- 1 wazuh-indexer wazuh-indexer  211 Sep 19 21:11 opensearch-upgrade
-rwxr-x--- 1 wazuh-indexer wazuh-indexer  583 Feb 20 18:10 systemd-entrypoint
root@debian11:/home/vagrant# ls -l /etc/wazuh-indexer/
total 56
-rw-rw---- 1 wazuh-indexer wazuh-indexer  2937 Feb 20 19:13 jvm.options
drwxr-x--- 2 wazuh-indexer wazuh-indexer  4096 Feb 20 18:10 jvm.options.d
-rw-r----- 1 wazuh-indexer wazuh-indexer 14808 Feb 20 18:10 log4j2.properties
-rw-rw---- 1 wazuh-indexer wazuh-indexer   196 Feb 20 19:13 opensearch.keystore
drwxr-x--- 2 wazuh-indexer wazuh-indexer  4096 Feb 20 19:13 opensearch-notifications
drwxr-x--- 2 wazuh-indexer wazuh-indexer  4096 Feb 20 19:13 opensearch-notifications-core
drwxr-x--- 2 wazuh-indexer wazuh-indexer  4096 Feb 20 19:13 opensearch-observability
drwxr-x--- 2 wazuh-indexer wazuh-indexer  4096 Feb 20 19:13 opensearch-performance-analyzer
drwxr-x--- 2 wazuh-indexer wazuh-indexer  4096 Feb 20 19:13 opensearch-reports-scheduler
drwxr-x--- 2 wazuh-indexer wazuh-indexer  4096 Feb 20 19:13 opensearch-security
-rw-rw---- 1 wazuh-indexer wazuh-indexer  2081 Feb 20 18:10 opensearch.yml
root@debian11:/home/vagrant# NODE_NAME=node-1
root@debian11:/home/vagrant# mkdir /etc/wazuh-indexer/certs
tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem
mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem
mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem
chmod 500 /etc/wazuh-indexer/certs
chmod 400 /etc/wazuh-indexer/certs/*
chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs
root@debian11:/home/vagrant# systemctl daemon-reload
systemctl enable wazuh-indexer
systemctl start wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
root@debian11:/home/vagrant# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
     Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2024-02-20 19:16:36 UTC; 27s ago
       Docs: https://documentation.wazuh.com
   Main PID: 8903 (java)
      Tasks: 64 (limit: 4675)
     Memory: 1.2G
        CPU: 14.678s
     CGroup: /system.slice/wazuh-indexer.service
             └─8903 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cach>

Feb 20 19:16:29 debian11 systemd[1]: Starting Wazuh-indexer...
Feb 20 19:16:31 debian11 systemd-entrypoint[8903]: WARNING: A terminally deprecated method in java.lang>
Feb 20 19:16:31 debian11 systemd-entrypoint[8903]: WARNING: System::setSecurityManager has been called >
Feb 20 19:16:31 debian11 systemd-entrypoint[8903]: WARNING: Please consider reporting this to the maint>
Feb 20 19:16:31 debian11 systemd-entrypoint[8903]: WARNING: System::setSecurityManager will be removed >
Feb 20 19:16:31 debian11 systemd-entrypoint[8903]: WARNING: A terminally deprecated method in java.lang>
Feb 20 19:16:31 debian11 systemd-entrypoint[8903]: WARNING: System::setSecurityManager has been called >
Feb 20 19:16:31 debian11 systemd-entrypoint[8903]: WARNING: Please consider reporting this to the maint>
Feb 20 19:16:31 debian11 systemd-entrypoint[8903]: WARNING: System::setSecurityManager will be removed >
Feb 20 19:16:36 debian11 systemd[1]: Started Wazuh-indexer.
root@debian11:/home/vagrant# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
root@debian11:/home/vagrant# curl -k -u admin:admin https://localhost:9200
{
  "name" : "node-1",
  "cluster_name" : "wazuh-cluster",
  "cluster_uuid" : "J8CoZrpXS6GsBqOVrpYt3w",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "eee49cb340edc6c4d489bcd9324dda571fc8dc03",
    "build_date" : "2023-09-20T23:54:29.889267151Z",
    "build_snapshot" : false,
    "lucene_version" : "9.7.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}
root@debian11:/home/vagrant# curl -k -u admin:admin https://localhost:9200/_cat/nodes?v
ip        heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
10.0.2.15           18          94   6    0.25    0.14     0.06 dimr      cluster_manager,data,ingest,remote_cluster_client *               node-1
root@debian11:/home/vagrant# curl -k -u admin:admin https://localhost:9200/_cluster/health?pretty=true
{
  "cluster_name" : "wazuh-cluster",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "discovered_master" : true,
  "discovered_cluster_manager" : true,
  "active_primary_shards" : 4,
  "active_shards" : 4,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}

root@debian11:/home/vagrant# grep -i -E -R "error|critical|fatal|warning" /var/log/wazuh-indexer/
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-20T19:16:35,126][ERROR][o.o.s.a.s.SinkProvider   ] [node-1] Default endpoint could not be created, auditlog will not work properly.
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-20T19:16:37,098][ERROR][o.o.p.c.o.OSGlobals      ] [node-1] Error in static initialization of OSGlobals with exception: java.security.AccessControlException: access denied ("java.io.FilePermission" "/proc/self/task" "read")
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-20T19:16:37,835][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)

[2024-02-20T19:16:37,098][ERROR][o.o.p.c.o.OSGlobals      ] [node-1] Error in static initialization of OSGlobals with exception: java.security.AccessControlException: access denied ("java.io.FilePermission" "/proc/self/task" "read")
java.security.AccessControlException: access denied ("java.io.FilePermission" "/proc/self/task" "read")
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) ~[?:?]
        at java.security.AccessController.checkPermission(AccessController.java:1068) ~[?:?]
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:416) ~[?:?]
        at java.lang.SecurityManager.checkRead(SecurityManager.java:756) ~[?:?]
        at java.io.File.normalizedList(File.java:1171) ~[?:?]
        at java.io.File.listFiles(File.java:1269) ~[?:?]
        at org.opensearch.performanceanalyzer.commons.os.OSGlobals.enumTids(OSGlobals.java:75) ~[performance-analyzer-commons-1.1.0.jar:?]
        at org.opensearch.performanceanalyzer.commons.os.OSGlobals.<clinit>(OSGlobals.java:34) [performance-analyzer-commons-1.1.0.jar:?]
        at org.opensearch.performanceanalyzer.commons.metrics_generator.linux.LinuxOSMetricsGenerator.getPid(LinuxOSMetricsGenerator.java:36) [performance-analyzer-commons-1.1.0.jar:?]
        at org.opensearch.performanceanalyzer.commons.jvm.ThreadList.<clinit>(ThreadList.java:44) [performance-analyzer-commons-1.1.0.jar:?]
        at org.opensearch.performanceanalyzer.commons.util.ThreadIDUtil.getNativeThreadId(ThreadIDUtil.java:22) [performance-analyzer-commons-1.1.0.jar:?]
        at org.opensearch.performanceanalyzer.commons.util.ThreadIDUtil.getNativeCurrentThreadId(ThreadIDUtil.java:18) [performance-analyzer-commons-1.1.0.jar:?]
        at org.opensearch.performanceanalyzer.listener.PerformanceAnalyzerSearchListener.preQueryPhase(PerformanceAnalyzerSearchListener.java:112) [opensearch-performance-analyzer-2.10.0.0.jar:2.10.0.0]
        at org.opensearch.performanceanalyzer.listener.PerformanceAnalyzerSearchListener.onPreQueryPhase(PerformanceAnalyzerSearchListener.java:46) [opensearch-performance-analyzer-2.10.0.0.jar:2.10.0.0]
        at org.opensearch.index.shard.SearchOperationListener$CompositeListener.onPreQueryPhase(SearchOperationListener.java:162) [opensearch-2.10.0.jar:2.10.0]
        at org.opensearch.search.SearchService$SearchOperationListenerExecutor.<init>(SearchService.java:1746) [opensearch-2.10.0.jar:2.10.0]
        at org.opensearch.search.SearchService$SearchOperationListenerExecutor.<init>(SearchService.java:1735) [opensearch-2.10.0.jar:2.10.0]
        at org.opensearch.search.SearchService.executeQueryPhase(SearchService.java:596) [opensearch-2.10.0.jar:2.10.0]
        at org.opensearch.search.SearchService$2.lambda$onResponse$0(SearchService.java:566) [opensearch-2.10.0.jar:2.10.0]
        at org.opensearch.action.ActionRunnable.lambda$supply$0(ActionRunnable.java:74) [opensearch-2.10.0.jar:2.10.0]
        at org.opensearch.action.ActionRunnable$2.doRun(ActionRunnable.java:89) [opensearch-2.10.0.jar:2.10.0]
        at org.opensearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:52) [opensearch-2.10.0.jar:2.10.0]
        at org.opensearch.threadpool.TaskAwareRunnable.doRun(TaskAwareRunnable.java:78) [opensearch-2.10.0.jar:2.10.0]
        at org.opensearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:52) [opensearch-2.10.0.jar:2.10.0]
        at org.opensearch.common.util.concurrent.TimedRunnable.doRun(TimedRunnable.java:59) [opensearch-2.10.0.jar:2.10.0]
        at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:908) [opensearch-2.10.0.jar:2.10.0]
        at org.opensearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:52) [opensearch-2.10.0.jar:2.10.0]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) [?:?]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) [?:?]
        at java.lang.Thread.run(Thread.java:833) [?:?]

This was referenced Feb 20, 2024
Closed
Merged
@rauldpm rauldpm linked a pull request Feb 20, 2024 that will close this issue
Remove ISM changes from Wazuh indexer #2838
Merged
5 tasks
@rauldpm rauldpm changed the title Roll back ISM rollover + alias feature in Wazuh indexer Rollback ISM rollover + alias feature in Wazuh indexer Feb 20, 2024
@AlexRuiz7 AlexRuiz7 changed the title Rollback ISM rollover + alias feature in Wazuh indexer Roll back rollover + alias changes from QA team repositories Feb 21, 2024
@davidjiglesias
Copy link
Member

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rauldpm rauldpm

Labels
level/task Subtask issue type/change Change requested
Projects
No open projects
Release 4.8.0
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove ISM changes from Wazuh indexer wazuh/wazuh-packages
2 participants
@rauldpm @davidjiglesias