Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create /var/lib/wazuh-indexer/tmp directory before using it in RPM upgrades #722

Merged
merged 1 commit into from
Feb 27, 2025
Merged

Create /var/lib/wazuh-indexer/tmp directory before using it in RPM upgrades #722

merged 1 commit into from
Feb 27, 2025

Conversation

f-galland
Copy link
Member

Description

This PR modifies the RPM packages spec to create the /var/lib/wazuh-indexer/tmp directory before using it on upgrades.

Related Issues

Closes #721

Check List

  • Functionality includes testing.
  • API changes companion pull request created, if applicable.
  • Public documentation issue/PR created, if applicable.

@f-galland f-galland self-assigned this Feb 27, 2025
@f-galland f-galland marked this pull request as ready for review February 27, 2025 17:37
@f-galland f-galland linked an issue Feb 27, 2025 that may be closed by this pull request
[BUG] Upgrade to 4.11.0 fails with: /var/lib/wazuh-indexer/tmp/wazuh-indexer.restart: No such file or directory #721
Open
@f-galland
Copy link
Member Author

Upgrading a running 4.10.1 Wazuh Indexer cluster now works after the fix in this PR:

Install 4.10.1

[root@alma9 ~]# bash wazuh-install.sh -a
27/02/2025 19:35:09 INFO: Starting Wazuh installation assistant. Wazuh version: 4.10.1 (x86_64/AMD64)
27/02/2025 19:35:09 INFO: Verbose logging redirected to /var/log/wazuh-install.log
27/02/2025 19:35:09 INFO: The recommended systems are: Red Hat Enterprise Linux 7, 8, 9; CentOS 7, 8; Amazon Linux 2; Ubuntu 16.04, 18.04, 20.04, 22.04.
27/02/2025 19:35:09 WARNING: The current system does not match with the list of recommended systems. The installation may not work properly.
27/02/2025 19:35:09 INFO: --- Dependencies ---
27/02/2025 19:35:09 INFO: Installing tar.
27/02/2025 19:35:11 INFO: Verifying that your system meets the recommended minimum hardware requirements.
27/02/2025 19:35:11 INFO: Wazuh web interface port will be 443.
27/02/2025 19:35:11 INFO: --- Dependencies ---
27/02/2025 19:35:11 INFO: Installing lsof.
27/02/2025 19:35:14 INFO: Wazuh repository added.
27/02/2025 19:35:14 INFO: --- Configuration files ---
27/02/2025 19:35:14 INFO: Generating configuration files.
27/02/2025 19:35:14 INFO: Generating the root certificate.
27/02/2025 19:35:14 INFO: Generating Admin certificates.
27/02/2025 19:35:14 INFO: Generating Wazuh indexer certificates.
27/02/2025 19:35:14 INFO: Generating Filebeat certificates.
27/02/2025 19:35:14 INFO: Generating Wazuh dashboard certificates.
27/02/2025 19:35:14 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
27/02/2025 19:35:14 INFO: --- Wazuh indexer ---
27/02/2025 19:35:14 INFO: Starting Wazuh indexer installation.
27/02/2025 19:36:20 INFO: Wazuh indexer installation finished.
27/02/2025 19:36:20 INFO: Wazuh indexer post-install configuration finished.
27/02/2025 19:36:20 INFO: Starting service wazuh-indexer.
27/02/2025 19:36:29 INFO: wazuh-indexer service started.
27/02/2025 19:36:29 INFO: Initializing Wazuh indexer cluster security settings.
27/02/2025 19:36:31 INFO: Wazuh indexer cluster security configuration initialized.
27/02/2025 19:36:31 INFO: Wazuh indexer cluster initialized.
27/02/2025 19:36:31 INFO: --- Wazuh server ---
27/02/2025 19:36:31 INFO: Starting the Wazuh manager installation.
27/02/2025 19:37:07 INFO: Wazuh manager installation finished.
27/02/2025 19:37:07 INFO: Wazuh manager vulnerability detection configuration finished.
27/02/2025 19:37:07 INFO: Starting service wazuh-manager.
27/02/2025 19:37:16 INFO: wazuh-manager service started.
27/02/2025 19:37:16 INFO: Starting Filebeat installation.
27/02/2025 19:37:19 INFO: Filebeat installation finished.
27/02/2025 19:37:20 INFO: Filebeat post-install configuration finished.
27/02/2025 19:37:20 INFO: Starting service filebeat.
27/02/2025 19:37:20 INFO: filebeat service started.
27/02/2025 19:37:20 INFO: --- Wazuh dashboard ---
27/02/2025 19:37:20 INFO: Starting Wazuh dashboard installation.
27/02/2025 19:37:57 INFO: Wazuh dashboard installation finished.
27/02/2025 19:37:57 INFO: Wazuh dashboard post-install configuration finished.
27/02/2025 19:37:57 INFO: Starting service wazuh-dashboard.
27/02/2025 19:37:58 INFO: wazuh-dashboard service started.
27/02/2025 19:37:58 INFO: Updating the internal users.
27/02/2025 19:37:59 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
27/02/2025 19:38:06 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.
27/02/2025 19:38:32 INFO: Initializing Wazuh dashboard web application.
27/02/2025 19:38:33 INFO: Wazuh dashboard web application initialized.
27/02/2025 19:38:33 INFO: --- Summary ---
27/02/2025 19:38:33 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: kaaOR.c098QwMq.4AYwiPSebuJdh50hP
27/02/2025 19:38:33 INFO: --- Dependencies ---
27/02/2025 19:38:33 INFO: Removing tar.
27/02/2025 19:38:33 INFO: Removing lsof.
27/02/2025 19:38:33 INFO: Installation finished.

Check service is running

[root@alma9 ~]# yum list installed wazuh-indexer
Installed Packages
wazuh-indexer.x86_64                                                                          4.10.1-1                                                                          @wazuh
[root@alma9 ~]# systemctl status wazuh-indexer --no-pager
● wazuh-indexer.service - wazuh-indexer
     Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled)
    Drop-In: /run/systemd/system/service.d
             └─zzz-lxc-service.conf
     Active: active (running) since Thu 2025-02-27 19:36:29 UTC; 2min 26s ago
       Docs: https://documentation.wazuh.com
   Main PID: 26631 (java)
      Tasks: 148 (limit: 200974)
     Memory: 1.5G
        CPU: 43.330s
     CGroup: /system.slice/wazuh-indexer.service
             └─26631 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouc…

Feb 27 19:36:22 alma9 systemd-entrypoint[26631]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-index…h-2.16.0.jar)
Feb 27 19:36:22 alma9 systemd-entrypoint[26631]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Feb 27 19:36:22 alma9 systemd-entrypoint[26631]: WARNING: System::setSecurityManager will be removed in a future release
Feb 27 19:36:22 alma9 systemd-entrypoint[26631]: Feb 27, 2025 7:36:22 PM sun.util.locale.provider.LocaleProviderAdapter <clinit>
Feb 27 19:36:22 alma9 systemd-entrypoint[26631]: WARNING: COMPAT locale provider will be removed in a future release
Feb 27 19:36:22 alma9 systemd-entrypoint[26631]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 27 19:36:22 alma9 systemd-entrypoint[26631]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer…h-2.16.0.jar)
Feb 27 19:36:22 alma9 systemd-entrypoint[26631]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Feb 27 19:36:22 alma9 systemd-entrypoint[26631]: WARNING: System::setSecurityManager will be removed in a future release
Feb 27 19:36:29 alma9 systemd[1]: Started wazuh-indexer.
Hint: Some lines were ellipsized, use -l to show in full.

Run the upgrade with the fix

[root@alma9 ~]# yum install ./wazuh-indexer-4.11.1-0.x86_64.rpm 
Last metadata expiration check: 0:03:55 ago on Thu Feb 27 19:35:15 2025.
Dependencies resolved.
======================================================================================================================================================================================
 Package                                        Architecture                            Version                                   Repository                                     Size
======================================================================================================================================================================================
Upgrading:
 wazuh-indexer                                  x86_64                                  4.11.1-0                                  @commandline                                  831 M

Transaction Summary
======================================================================================================================================================================================
Upgrade  1 Package

Total size: 831 M
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                              1/1 
  Running scriptlet: wazuh-indexer-4.11.1-0.x86_64                                                                                                                                1/2 
Stop existing wazuh-indexer.service

  Upgrading        : wazuh-indexer-4.11.1-0.x86_64                                                                                                                                1/2 
  Running scriptlet: wazuh-indexer-4.11.1-0.x86_64                                                                                                                                1/2 
Restarting wazuh-indexer service...

  Running scriptlet: wazuh-indexer-4.10.1-1.x86_64                                                                                                                                2/2 
Stop existing wazuh-indexer.service

  Cleanup          : wazuh-indexer-4.10.1-1.x86_64                                                                                                                                2/2 
  Running scriptlet: wazuh-indexer-4.10.1-1.x86_64                                                                                                                                2/2 
  Verifying        : wazuh-indexer-4.11.1-0.x86_64                                                                                                                                1/2 
  Verifying        : wazuh-indexer-4.10.1-1.x86_64                                                                                                                                2/2 

Upgraded:
  wazuh-indexer-4.11.1-0.x86_64                                                                                                                                                       

Complete!

Start and check the status of the service

[root@alma9 ~]# systemctl start wazuh-indexer
[root@alma9 ~]# systemctl status wazuh-indexer --no-pager
● wazuh-indexer.service - wazuh-indexer
     Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled)
    Drop-In: /run/systemd/system/service.d
             └─zzz-lxc-service.conf
     Active: active (running) since Thu 2025-02-27 19:40:27 UTC; 8s ago
       Docs: https://documentation.wazuh.com
   Main PID: 35279 (java)
      Tasks: 121 (limit: 200974)
     Memory: 1.4G
        CPU: 33.797s
     CGroup: /system.slice/wazuh-indexer.service
             └─35279 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouc…

Feb 27 19:40:20 alma9 systemd-entrypoint[35279]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-index…h-2.16.0.jar)
Feb 27 19:40:20 alma9 systemd-entrypoint[35279]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Feb 27 19:40:20 alma9 systemd-entrypoint[35279]: WARNING: System::setSecurityManager will be removed in a future release
Feb 27 19:40:21 alma9 systemd-entrypoint[35279]: Feb 27, 2025 7:40:21 PM sun.util.locale.provider.LocaleProviderAdapter <clinit>
Feb 27 19:40:21 alma9 systemd-entrypoint[35279]: WARNING: COMPAT locale provider will be removed in a future release
Feb 27 19:40:21 alma9 systemd-entrypoint[35279]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 27 19:40:21 alma9 systemd-entrypoint[35279]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer…h-2.16.0.jar)
Feb 27 19:40:21 alma9 systemd-entrypoint[35279]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Feb 27 19:40:21 alma9 systemd-entrypoint[35279]: WARNING: System::setSecurityManager will be removed in a future release
Feb 27 19:40:27 alma9 systemd[1]: Started wazuh-indexer.
Hint: Some lines were ellipsized, use -l to show in full.

@f-galland
Copy link
Member Author

DEB packages are unaffected

Install 4.10.1

root@ubuntu:~# bash wazuh-install.sh --wazuh-indexer node-1
27/02/2025 20:27:25 INFO: Starting Wazuh installation assistant. Wazuh version: 4.10.1 (x86_64/AMD64)
27/02/2025 20:27:25 INFO: Verbose logging redirected to /var/log/wazuh-install.log
27/02/2025 20:27:28 INFO: --- Dependencies ----
27/02/2025 20:27:28 INFO: Installing gawk.
27/02/2025 20:27:30 INFO: Verifying that your system meets the recommended minimum hardware requirements.
27/02/2025 20:27:33 INFO: --- Dependencies ----
27/02/2025 20:27:33 INFO: Installing gnupg.
27/02/2025 20:27:37 INFO: Installing apt-transport-https.
27/02/2025 20:27:39 INFO: Wazuh repository added.
27/02/2025 20:27:40 INFO: --- Wazuh indexer ---
27/02/2025 20:27:40 INFO: Starting Wazuh indexer installation.
27/02/2025 20:28:34 INFO: Wazuh indexer installation finished.
27/02/2025 20:28:34 INFO: Wazuh indexer post-install configuration finished.
27/02/2025 20:28:34 INFO: Starting service wazuh-indexer.
27/02/2025 20:28:43 INFO: wazuh-indexer service started.
27/02/2025 20:28:43 INFO: Initializing Wazuh indexer cluster security settings.
27/02/2025 20:28:44 INFO: Wazuh indexer cluster initialized.
27/02/2025 20:28:44 INFO: --- Dependencies ----
27/02/2025 20:28:44 INFO: Removing gawk.
27/02/2025 20:28:45 INFO: Installation finished.

Check service is running

root@ubuntu:~# /usr/share/wazuh-indexer/bin/indexer-security-init.sh 
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.16.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-indexer-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","actiongroups","config","internalusers"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","actiongroups","config","internalusers"]) due to: null
Done with success


root@ubuntu:~# curl -sku "admin":"admin" https://localhost:9200
{
  "name" : "node-1",
  "cluster_name" : "wazuh-indexer-cluster",
  "cluster_uuid" : "MlFLD84dTXemMpC_XY3JxA",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "deb",
    "build_hash" : "7149046c7c9c64aa43e437826af0b8b0dcabd730",
    "build_date" : "2025-01-15T11:04:30.997631Z",
    "build_snapshot" : false,
    "lucene_version" : "9.11.1",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}

Run the upgrade

root@ubuntu:~# apt install ./wazuh-indexer_4.11.1-0_amd64.deb 
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'wazuh-indexer' instead of './wazuh-indexer_4.11.1-0_amd64.deb'
The following packages were automatically installed and are no longer required:
  libmpfr6 libsigsegv2
Use 'apt autoremove' to remove them.
The following packages will be upgraded:
  wazuh-indexer
1 upgraded, 0 newly installed, 0 to remove and 6 not upgraded.
Need to get 0 B/870 MB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 /root/wazuh-indexer_4.11.1-0_amd64.deb wazuh-indexer amd64 4.11.1-0 [870 MB]
(Reading database ... 17918 files and directories currently installed.)
Preparing to unpack .../wazuh-indexer_4.11.1-0_amd64.deb ...
Running Wazuh Indexer Pre-Installation Script
Stop existing wazuh-indexer.service
Unpacking wazuh-indexer (4.11.1-0) over (4.10.1-1) ...
Setting up wazuh-indexer (4.11.1-0) ...
Running Wazuh Indexer Post-Installation Script
Restarting wazuh-indexer service...

Start and check the status of the service

root@ubuntu:~# systemctl status wazuh-indexer
● wazuh-indexer.service - wazuh-indexer
     Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2025-02-27 20:31:16 UTC; 11s ago
       Docs: https://documentation.wazuh.com
   Main PID: 5353 (java)
      Tasks: 106 (limit: 37682)
     Memory: 1.3G
        CPU: 29.344s
     CGroup: /system.slice/wazuh-indexer.service
             └─5353 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch>

Feb 27 20:31:10 ubuntu systemd-entrypoint[5353]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opense>
Feb 27 20:31:10 ubuntu systemd-entrypoint[5353]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Feb 27 20:31:10 ubuntu systemd-entrypoint[5353]: WARNING: System::setSecurityManager will be removed in a future release
Feb 27 20:31:10 ubuntu systemd-entrypoint[5353]: Feb 27, 2025 8:31:10 PM sun.util.locale.provider.LocaleProviderAdapter <clinit>
Feb 27 20:31:10 ubuntu systemd-entrypoint[5353]: WARNING: COMPAT locale provider will be removed in a future release
Feb 27 20:31:10 ubuntu systemd-entrypoint[5353]: WARNING: A terminally deprecated method in java.lang.System has been called
Feb 27 20:31:10 ubuntu systemd-entrypoint[5353]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensear>
Feb 27 20:31:10 ubuntu systemd-entrypoint[5353]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Feb 27 20:31:10 ubuntu systemd-entrypoint[5353]: WARNING: System::setSecurityManager will be removed in a future release
Feb 27 20:31:16 ubuntu systemd[1]: Started wazuh-indexer.

root@ubuntu:~# curl -sku "admin":"admin" https://localhost:9200
{
  "name" : "node-1",
  "cluster_name" : "wazuh-indexer-cluster",
  "cluster_uuid" : "MlFLD84dTXemMpC_XY3JxA",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "deb",
    "build_hash" : "f90370642e442367a67548fe1207dbad474cce10",
    "build_date" : "2025-02-27T17:44:10.758678Z",
    "build_snapshot" : false,
    "lucene_version" : "9.11.1",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}

mcasas993
mcasas993 approved these changes Feb 27, 2025
View reviewed changes
Copy link
Member

@mcasas993 mcasas993 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@f-galland f-galland merged commit a5bc37f into 4.11.1 Feb 27, 2025
9 checks passed
@f-galland f-galland deleted the 721-fix-upgrades branch February 27, 2025 20:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mcasas993 mcasas993 mcasas993 approved these changes

Assignees

@f-galland f-galland

Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@f-galland @mcasas993