Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump Wazuh indexer to OpenSearch 2.9.0 #2402

Closed
4 of 10 tasks
rauldpm opened this issue Sep 1, 2023 · 9 comments
Closed
4 of 10 tasks

Bump Wazuh indexer to OpenSearch 2.9.0 #2402

rauldpm opened this issue Sep 1, 2023 · 9 comments
Assignees
Labels
level/task Subtask issue type/change Change requested type/enhancement Enhancement issue

Comments

@rauldpm
Copy link
Member

rauldpm commented Sep 1, 2023

Description

It is necessary to adapt the Wazuh indexer to version 2.9.0 of OpenSearch
Request: https://github.com/wazuh/internal-devel-requests/issues/197

Tasks

Validation

  • The package presents normal operation and without errors

Working branch

  • TBD

Conclusion

Due to the errors and warnings detected in the bump from OpenSearch, it was decided to stop the bump process and keep 2.8.0 for 4.7.0

@rauldpm rauldpm added level/task Subtask issue type/enhancement Enhancement issue type/change Change requested labels Sep 1, 2023
@wazuhci wazuhci moved this to Triage in Release 4.7.0 Sep 1, 2023
@wazuhci wazuhci moved this from Triage to Backlog in Release 4.7.0 Sep 4, 2023
@rauldpm rauldpm self-assigned this Oct 5, 2023
@wazuhci wazuhci moved this from Backlog to In progress in Release 4.7.0 Oct 5, 2023
@rauldpm
Copy link
Member Author

rauldpm commented Oct 5, 2023

Update report

  • Bumped to 2.9.0
  • Base build success
  • RPM package fails to be built, the plugins dependencies versions changed, updating it with the base file versions
Plugin dependencies changes
RPM build errors:
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-job-scheduler/guava-31.0.1-jre.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/tokenizers-0.19.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/api-0.19.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/j2objc-annotations-1.3.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/gson-2.9.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/onnxruntime-engine-0.19.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/pytorch-model-zoo-0.19.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/error_prone_annotations-2.7.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/checker-qual-3.12.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/commons-compress-1.21.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/jackson-databind-2.15.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/jackson-annotations-2.15.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/httpcore-nio-4.4.15.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/pytorch-engine-0.19.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/onnxruntime_gpu-1.13.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/httpclient-4.5.13.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/guava-31.0.1-jre.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/netty-transport-native-unix-common-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/netty-buffer-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/netty-resolver-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/netty-common-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/bcpkix-jdk15on-1.70.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/guava-30.0-jre.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/netty-handler-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/jackson-databind-2.15.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/jackson-annotations-2.15.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/httpclient-cache-4.5.13.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/zstd-jni-1.5.2-1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/httpcore-nio-4.4.15.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/netty-transport-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/netty-codec-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/commons-cli-1.3.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/netty-codec-http-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/kafka-clients-3.4.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/commons-collections-3.2.2.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/httpcore-4.4.15.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/snappy-java-1.1.8.4.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/jaxb-runtime-2.3.4.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/txw2-2.3.4.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/jakarta.annotation-api-1.3.5.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/httpclient-4.5.13.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/bcprov-jdk15on-1.67.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-index-management/httpcore-4.4.15.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-index-management/httpclient-4.5.13.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-alerting/httpcore-nio-4.4.15.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-alerting/httpcore-4.4.15.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-alerting/httpclient-4.5.13.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/j2objc-annotations-1.3.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/error_prone_annotations-2.7.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/checker-qual-3.12.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/jackson-databind-2.15.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/jackson-annotations-2.15.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/okio-jvm-2.9.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/httpcore-nio-4.4.15.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/commons-io-2.9.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/httpclient-4.5.13.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/guava-31.0.1-jre.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/httpcore-nio-4.4.15.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/httpcore-4.4.15.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/httpclient-4.5.13.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-notifications-core/jackson-databind-2.15.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-notifications-core/jackson-annotations-2.15.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-notifications-core/httpcore-4.4.15.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-notifications-core/httpclient-4.5.13.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security-analytics/httpcore-nio-4.4.15.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security-analytics/httpcore-4.4.15.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security-analytics/httpclient-4.5.13.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/jackson-module-paranamer-2.15.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-transport-native-unix-common-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/j2objc-annotations-1.3.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-buffer-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-resolver-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-handler-proxy-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-common-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-handler-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-codec-socks-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/jackson-databind-2.15.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/jackson-annotations-2.15.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-codec-http2-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/bcprov-jdk15on-1.70.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-transport-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-codec-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-codec-http-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/guava-31.1-jre.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/ingest-common/joni-2.1.44.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/opensearch-dashboards/httpcore-nio-4.4.15.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/opensearch-dashboards/httpcore-4.4.15.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/opensearch-dashboards/httpclient-4.5.13.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/transport-netty4/netty-transport-native-unix-common-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/transport-netty4/netty-buffer-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/transport-netty4/netty-resolver-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/transport-netty4/netty-common-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/transport-netty4/netty-handler-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/transport-netty4/netty-transport-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/transport-netty4/netty-codec-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/transport-netty4/netty-codec-http-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/ingest-geoip/jackson-databind-2.15.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/ingest-geoip/jackson-annotations-2.15.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/reindex/httpcore-nio-4.4.15.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/reindex/httpcore-4.4.15.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/reindex/httpclient-4.5.13.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/lang-expression/lucene-expressions-9.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/tools/upgrade-cli/jackson-core-2.15.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/tools/upgrade-cli/jackson-databind-2.15.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/tools/upgrade-cli/jackson-annotations-2.15.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-misc-9.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/jackson-core-2.15.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-spatial-extras-9.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-memory-9.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-backward-codecs-9.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-core-9.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/jackson-dataformat-yaml-2.15.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-spatial3d-9.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/jackson-dataformat-cbor-2.15.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-suggest-9.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-grouping-9.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-sandbox-9.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-queryparser-9.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-highlighter-9.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-join-9.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/jackson-dataformat-smile-2.15.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-analysis-common-9.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-queries-9.6.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-transport-native-unix-common-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jackson-core-2.15.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/j2objc-annotations-1.3.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-buffer-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-resolver-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-handler-proxy-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-common-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/bcpkix-jdk15on-1.70.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-handler-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-codec-socks-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jackson-databind-2.15.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jackson-annotations-2.15.1.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-codec-http2-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/bcprov-jdk15on-1.70.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/error_prone_annotations-2.14.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/javax.annotation-api-1.3.2.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-transport-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-codec-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/bcutil-jdk15on-1.70.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-codec-http-4.1.91.Final.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/checker-qual-3.29.0.jar
    File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/guava-31.1-jre.jar

@rauldpm
Copy link
Member Author

rauldpm commented Oct 6, 2023

Update report

  • The adaptation of file versions and other changes has continued
  • I had to stop working on this issue temporarily due to a problem in the generation of the Wazuh dashboard 4.6.0-rc1 package

@rauldpm
Copy link
Member Author

rauldpm commented Oct 9, 2023

Update report

  • Finished updating version changes
  • Package built successfully
Build output 🟢
╰─➤  bash build_package.sh -b no -r wp2402
+ build
+ build_name=
+ file_path=
+ '[' x86_64 = x86_64 ']'
+ architecture=x86_64
+ build_name=rpm_indexer_builder_x86
+ file_path=/wazuh-packages/2402/stack/indexer/rpm/docker/x86_64
+ build_rpm rpm_indexer_builder_x86 /wazuh-packages/2402/stack/indexer/rpm/docker/x86_64
+ container_name=rpm_indexer_builder_x86
+ dockerfile_path=/wazuh-packages/2402/stack/indexer/rpm/docker/x86_64
+ cp /wazuh-packages/2402/stack/indexer/rpm/builder.sh /wazuh-packages/2402/stack/indexer/rpm/docker/x86_64
+ '[' no == yes ']'
+ '[' '' ']'
++ cat /wazuh-packages/2402/stack/indexer/rpm/../../../VERSION
+ version=4.7.0
+ basefile=/wazuh-packages/2402/stack/indexer/rpm/output/wazuh-indexer-base-4.7.0-wp2402-linux-x64.tar.xz
+ test -f /wazuh-packages/2402/stack/indexer/rpm/output/wazuh-indexer-base-4.7.0-wp2402-linux-x64.tar.xz
+ [[ yes == \y\e\s ]]
+ docker build -t rpm_indexer_builder_x86 /wazuh-packages/2402/stack/indexer/rpm/docker/x86_64
[+] Building 1.0s (10/10) FINISHED                                                                                                                                                                                 
 => [internal] load .dockerignore                                                                                                                                                                             0.0s
 => => transferring context: 2B                                                                                                                                                                               0.0s
 => [internal] load build definition from Dockerfile                                                                                                                                                          0.0s
 => => transferring dockerfile: 463B                                                                                                                                                                          0.0s
 => [internal] load metadata for docker.io/library/rockylinux:8.5                                                                                                                                             0.9s
 => [1/5] FROM docker.io/library/rockylinux:8.5@sha256:5fed5497b568bcf7a90a00965987fc099edbcf44b1179a5ef6d4b47758281ca5                                                                                       0.0s
 => [internal] load build context                                                                                                                                                                             0.0s
 => => transferring context: 2.08kB                                                                                                                                                                           0.0s
 => CACHED [2/5] RUN yum clean all && yum update -y                                                                                                                                                           0.0s
 => CACHED [3/5] RUN yum install -y openssh-clients sudo gnupg     yum-utils epel-release redhat-rpm-config rpm-devel     zlib zlib-devel rpm-build                                                           0.0s
 => CACHED [4/5] ADD builder.sh /usr/local/bin/builder                                                                                                                                                        0.0s
 => CACHED [5/5] RUN chmod +x /usr/local/bin/builder                                                                                                                                                          0.0s
 => exporting to image                                                                                                                                                                                        0.0s
 => => exporting layers                                                                                                                                                                                       0.0s
 => => writing image sha256:22f8b72fc526e1e077e63968fc7126b9d62fdc995938f5a281da3bf7de69708f                                                                                                                  0.0s
 => => naming to docker.io/library/rpm_indexer_builder_x86                                                                                                                                                    0.0s
+ volumes='-v /wazuh-packages/2402/stack/indexer/rpm/output/:/tmp:Z'
+ '[' '' ']'
+ docker run -t --rm -v /wazuh-packages/2402/stack/indexer/rpm/output/:/tmp:Z -v /wazuh-packages/2402/stack/indexer/rpm/../../..:/root:Z rpm_indexer_builder_x86 x86_64 wp2402 no
+ set -e
+ target=wazuh-indexer
+ architecture=x86_64
+ revision=wp2402
+ future=no
+ reference=
+ directory_base=/usr/share/wazuh-indexer
+ '[' -z wp2402 ']'
+ '[' no = yes ']'
+ '[' '' ']'
++ cat /root/VERSION
+ version=4.7.0
+ build_dir=/build
+ rpm_build_dir=/build/rpmbuild
+ file_name=wazuh-indexer-4.7.0-wp2402
+ pkg_path=/build/rpmbuild/RPMS/x86_64
+ rpm_file=wazuh-indexer-4.7.0-wp2402.x86_64.rpm
+ mkdir -p /build/rpmbuild/BUILD /build/rpmbuild/BUILDROOT /build/rpmbuild/RPMS /build/rpmbuild/SOURCES /build/rpmbuild/SPECS /build/rpmbuild/SRPMS
+ pkg_name=wazuh-indexer-4.7.0
+ mkdir /build/wazuh-indexer-4.7.0
+ '[' '' ']'
+ cp /root/stack/indexer/rpm/wazuh-indexer.spec /build/rpmbuild/SPECS/wazuh-indexer-4.7.0.spec
+ cd /build
+ tar czf /build/rpmbuild/SOURCES/wazuh-indexer-4.7.0.tar.gz wazuh-indexer-4.7.0
+ /usr/bin/rpmbuild --define '_topdir /build/rpmbuild' --define '_version 4.7.0' --define '_threads 8' --define '_release wp2402' --define '_localstatedir /usr/share/wazuh-indexer' --target x86_64 -ba /build/rpmbuild/SPECS/wazuh-indexer-4.7.0.spec
Building target platforms: x86_64
Building for target x86_64
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.uEVLeF
+ umask 022
+ cd /build/rpmbuild/BUILD
+ rm -fr /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64
+ getent group wazuh-indexer
+ groupadd -r wazuh-indexer
+ id wazuh-indexer
+ useradd --system --no-create-home --home-dir /usr/share/wazuh-indexer --gid wazuh-indexer --shell /sbin/nologin --comment 'wazuh-indexer user' wazuh-indexer
+ exit 0
Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.sR63vV
+ umask 022
+ cd /build/rpmbuild/BUILD
+ '[' /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64 '!=' / ']'
+ rm -rf /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64
++ dirname /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64
+ mkdir -p /build/rpmbuild/BUILDROOT
+ mkdir /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64
+ mkdir -p /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer
+ mkdir -p /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/etc
+ mkdir -p /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/var/log/wazuh-indexer
+ mkdir -p /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/var/lib/wazuh-indexer
+ mkdir -p /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/lib
+ cp /tmp/wazuh-indexer-base-4.7.0-wp2402-linux-x64.tar.xz ./
+ tar -xf wazuh-indexer-base-4.7.0-wp2402-linux-x64.tar.xz
+ rm -f wazuh-indexer-base-4.7.0-wp2402-linux-x64.tar.xz
+ chown -R wazuh-indexer:wazuh-indexer wazuh-indexer-base/LICENSE.txt wazuh-indexer-base/NOTICE.txt wazuh-indexer-base/VERSION wazuh-indexer-base/bin wazuh-indexer-base/etc wazuh-indexer-base/jdk wazuh-indexer-base/lib wazuh-indexer-base/modules wazuh-indexer-base/performance-analyzer-rca wazuh-indexer-base/plugins wazuh-indexer-base/usr
+ mv wazuh-indexer-base/etc /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/
+ mv wazuh-indexer-base/usr/lib/sysctl.d wazuh-indexer-base/usr/lib/systemd wazuh-indexer-base/usr/lib/tmpfiles.d /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/lib/
+ rm -rf 'wazuh-indexer-*/etc'
+ rm -rf wazuh-indexer-base/usr
+ cp -pr wazuh-indexer-base/LICENSE.txt wazuh-indexer-base/NOTICE.txt wazuh-indexer-base/VERSION wazuh-indexer-base/bin wazuh-indexer-base/jdk wazuh-indexer-base/lib wazuh-indexer-base/modules wazuh-indexer-base/performance-analyzer-rca wazuh-indexer-base/plugins /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/
+ /root/unattended_installer/builder.sh -c
+ /root/unattended_installer/builder.sh -p
+ cp /root/unattended_installer/wazuh-certs-tool.sh /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/tools/
+ cp /root/unattended_installer/wazuh-passwords-tool.sh /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/tools/
+ cp /root/documentation-templates/wazuh/config.yml /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.yml
+ cp /root/unattended_installer/config/indexer/roles/internal_users.yml /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/etc/wazuh-indexer/opensearch-security
+ cp /root/unattended_installer/config/indexer/roles/roles.yml /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/etc/wazuh-indexer/opensearch-security
+ cp /root/unattended_installer/config/indexer/roles/roles_mapping.yml /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/etc/wazuh-indexer/opensearch-security
+ cp /root/stack/indexer/indexer-security-init.sh /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/bin/
+ chmod 750 /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/etc/init.d/wazuh-indexer
+ /usr/lib/rpm/check-buildroot
+ /usr/lib/rpm/redhat/brp-ldconfig
/sbin/ldconfig: Warning: ignoring configuration file that cannot be opened: /etc/ld.so.conf: No such file or directory
+ /usr/lib/rpm/brp-compress
+ /usr/lib/rpm/brp-strip /usr/bin/strip
+ /usr/lib/rpm/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump
+ /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip
+ /usr/lib/rpm/brp-python-bytecompile '' 1
+ /usr/lib/rpm/brp-python-hardlink
+ PYTHON3=/usr/libexec/platform-python
+ /usr/lib/rpm/redhat/brp-mangle-shebangs
mangling shebang in /usr/share/wazuh-indexer/bin/opensearch-env-from-file from /usr/bin/env bash to #!/usr/bin/bash
mangling shebang in /usr/share/wazuh-indexer/bin/opensearch-shard from /usr/bin/env bash to #!/usr/bin/bash
mangling shebang in /usr/share/wazuh-indexer/bin/opensearch-keystore from /usr/bin/env bash to #!/usr/bin/bash
mangling shebang in /usr/share/wazuh-indexer/bin/opensearch-plugin from /usr/bin/env bash to #!/usr/bin/bash
mangling shebang in /usr/share/wazuh-indexer/bin/opensearch-env from /usr/bin/env bash to #!/usr/bin/bash
mangling shebang in /usr/share/wazuh-indexer/bin/opensearch-cli from /usr/bin/env bash to #!/usr/bin/bash
mangling shebang in /usr/share/wazuh-indexer/bin/opensearch-upgrade from /usr/bin/env bash to #!/usr/bin/bash
mangling shebang in /usr/share/wazuh-indexer/bin/opensearch from /usr/bin/env bash to #!/usr/bin/bash
mangling shebang in /usr/share/wazuh-indexer/bin/opensearch-node from /usr/bin/env bash to #!/usr/bin/bash
Processing files: wazuh-indexer-4.7.0-wp2402.x86_64
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/lib/jspawnhelper
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/javadoc
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jmod
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jpackage
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jrunscript
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jhsdb
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jstat
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jdb
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jdeprscan
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/java
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/rmiregistry
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/javac
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jconsole
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jlink
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jfr
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jinfo
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/serialver
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jps
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jcmd
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/javap
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/keytool
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jstatd
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jstack
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jdeps
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jshell
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jimage
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jmap
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jarsigner
warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jar
Provides: wazuh-indexer = 4.7.0-wp2402 wazuh-indexer(x86-64) = 4.7.0-wp2402
Requires(interp): /bin/sh /bin/sh /bin/sh /bin/sh /bin/sh
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires(pre): /bin/sh
Requires(post): /bin/sh
Requires(preun): /bin/sh
Requires(postun): /bin/sh
Requires(posttrans): /bin/sh
Checking for unpackaged file(s): /usr/lib/rpm/check-files /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64
Wrote: /build/rpmbuild/SRPMS/wazuh-indexer-4.7.0-wp2402.src.rpm
Wrote: /build/rpmbuild/RPMS/x86_64/wazuh-indexer-4.7.0-wp2402.x86_64.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.UIAI5l
+ umask 022
+ cd /build/rpmbuild/BUILD
+ rm -fr /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64
+ exit 0
+ cd /build/rpmbuild/RPMS/x86_64
+ sha512sum wazuh-indexer-4.7.0-wp2402.x86_64.rpm
+ find /build/rpmbuild/RPMS/x86_64/ -maxdepth 3 -type f -name 'wazuh-indexer-4.7.0-wp2402*' -exec mv '{}' /tmp/ ';'
++ ls -Art /wazuh-packages/2402/stack/indexer/rpm/output
++ tail -n 1
+ echo 'Package wazuh-indexer-4.7.0-wp2402.x86_64.rpm.sha512 added to /wazuh-packages/2402/stack/indexer/rpm/output.'
Package wazuh-indexer-4.7.0-wp2402.x86_64.rpm.sha512 added to /wazuh-packages/2402/stack/indexer/rpm/output.
+ return 0
+ return 0
+ clean 0
+ exit_code=0
+ rm -rf /wazuh-packages/2402/stack/indexer/rpm/docker/x86_64/builder.sh '/wazuh-packages/2402/stack/indexer/rpm/docker/x86_64/*.tar.gz' '/wazuh-packages/2402/stack/indexer/rpm/docker/x86_64/wazuh-*'
+ exit 0
Install 🟢
[root@centos7 vagrant]# nano config.yml 
[root@centos7 vagrant]# bash ./wazuh-certs-tool.sh -A
09/10/2023 13:35:10 INFO: Admin certificates created.
09/10/2023 13:35:10 INFO: Wazuh indexer certificates created.
09/10/2023 13:35:10 INFO: Wazuh server certificates created.
09/10/2023 13:35:10 INFO: Wazuh dashboard certificates created.
[root@centos7 vagrant]# tar -cvf ./wazuh-certificates.tar -C ./wazuh-certificates/ .
./
./root-ca.key
./root-ca.pem
./admin-key.pem
./admin.pem
./indexer-1-key.pem
./indexer-1.pem
./server-1-key.pem
./server-1.pem
./dashboard-1-key.pem
./dashboard-1.pem
[root@centos7 vagrant]# yum localinstall wazuh-indexer-4.7.0-wp2402.x86_64.rpm -y
Loaded plugins: fastestmirror
Examining wazuh-indexer-4.7.0-wp2402.x86_64.rpm: wazuh-indexer-4.7.0-wp2402.x86_64
Marking wazuh-indexer-4.7.0-wp2402.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package wazuh-indexer.x86_64 0:4.7.0-wp2402 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================================================================================================================================
 Package                                        Arch                                    Version                                          Repository                                                           Size
===================================================================================================================================================================================================================
Installing:
 wazuh-indexer                                  x86_64                                  4.7.0-wp2402                                     /wazuh-indexer-4.7.0-wp2402.x86_64                                  993 M

Transaction Summary
===================================================================================================================================================================================================================
Install  1 Package

Total size: 993 M
Installed size: 993 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wazuh-indexer-4.7.0-wp2402.x86_64                                                                                                                                                               1/1 
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
  Verifying  : wazuh-indexer-4.7.0-wp2402.x86_64                                                                                                                                                               1/1 

Installed:
  wazuh-indexer.x86_64 0:4.7.0-wp2402                                                                                                                                                                              

Complete!
Configure certificates, start service and cluster 🟡
root@centos7 vagrant]# NODE_NAME=indexer-1
[root@centos7 vagrant]# mkdir /etc/wazuh-indexer/certs
[root@centos7 vagrant]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem
[root@centos7 vagrant]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem
[root@centos7 vagrant]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem
[root@centos7 vagrant]# chmod 500 /etc/wazuh-indexer/certs
[root@centos7 vagrant]# chmod 400 /etc/wazuh-indexer/certs/*
[root@centos7 vagrant]# chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs
[root@centos7 vagrant]# systemctl daemon-reload
[root@centos7 vagrant]# systemctl enable wazuh-indexer
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service to /usr/lib/systemd/system/wazuh-indexer.service.
[root@centos7 vagrant]# systemctl start wazuh-indexer
[root@centos7 vagrant]#
[root@centos7 vagrant]# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.9.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
[root@centos7 vagrant]# curl -k -u admin:admin https://192.168.56.4:9200/_cluster/health?pretty
{
  "cluster_name" : "wazuh-cluster",
  "status" : "yellow",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "discovered_master" : true,
  "discovered_cluster_manager" : true,
  "active_primary_shards" : 5,
  "active_shards" : 5,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 3,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 62.5
}
Check status and logs 🔴
[root@centos7 vagrant]# curl -k -u admin:admin https://192.168.56.4:9200
{
  "name" : "node-1",
  "cluster_name" : "wazuh-cluster",
  "cluster_uuid" : "XnMt2rvTTqqdcWd5XbOBpg",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "1164221ee2b8ba3560f0ff492309867beea28433",
    "build_date" : "2023-07-18T21:23:29.367080729Z",
    "build_snapshot" : false,
    "lucene_version" : "9.7.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}
[root@centos7 vagrant]# curl -k -u admin:admin https://192.168.56.4:9200/_cat/nodes?v
ip        heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
10.0.2.15           41          94   6    0.18    0.11     0.07 dimr      cluster_manager,data,ingest,remote_cluster_client *               node-1
[root@centos7 vagrant]# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2023-10-09 13:56:19 UTC; 1min 3s ago
     Docs: https://documentation.wazuh.com
 Main PID: 4229 (java)
   CGroup: /system.slice/wazuh-indexer.service
           └─4229 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=t...

Oct 09 13:56:11 centos7 systemd[1]: Starting Wazuh-indexer...
Oct 09 13:56:13 centos7 systemd-entrypoint[4229]: WARNING: A terminally deprecated method in java.lang.System has been called
Oct 09 13:56:13 centos7 systemd-entrypoint[4229]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.9.0.jar)
Oct 09 13:56:13 centos7 systemd-entrypoint[4229]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Oct 09 13:56:13 centos7 systemd-entrypoint[4229]: WARNING: System::setSecurityManager will be removed in a future release
Oct 09 13:56:14 centos7 systemd-entrypoint[4229]: WARNING: A terminally deprecated method in java.lang.System has been called
Oct 09 13:56:14 centos7 systemd-entrypoint[4229]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.9.0.jar)
Oct 09 13:56:14 centos7 systemd-entrypoint[4229]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Oct 09 13:56:14 centos7 systemd-entrypoint[4229]: WARNING: System::setSecurityManager will be removed in a future release
Oct 09 13:56:19 centos7 systemd[1]: Started Wazuh-indexer.
[root@centos7 vagrant]# journalctl -r -u wazuh-indexer.service | grep -i -E "error|critical|fatal|warning"
Oct 09 13:56:14 centos7 systemd-entrypoint[4229]: WARNING: System::setSecurityManager will be removed in a future release
Oct 09 13:56:14 centos7 systemd-entrypoint[4229]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Oct 09 13:56:14 centos7 systemd-entrypoint[4229]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.9.0.jar)
Oct 09 13:56:14 centos7 systemd-entrypoint[4229]: WARNING: A terminally deprecated method in java.lang.System has been called
Oct 09 13:56:13 centos7 systemd-entrypoint[4229]: WARNING: System::setSecurityManager will be removed in a future release
Oct 09 13:56:13 centos7 systemd-entrypoint[4229]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Oct 09 13:56:13 centos7 systemd-entrypoint[4229]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.9.0.jar)
Oct 09 13:56:13 centos7 systemd-entrypoint[4229]: WARNING: A terminally deprecated method in java.lang.System has been called
[root@centos7 vagrant]# grep -i -E -R "error|critical|fatal|warning" /var/log/wazuh-indexer/
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:14,104][INFO ][o.o.n.Node               ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1g, -Xmx1g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-8953314851649021949, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:17,428][ERROR][o.o.s.a.s.SinkProvider   ] [node-1] Default endpoint could not be created, auditlog will not work properly.
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:19,120][ERROR][o.o.s.t.SecurityRequestHandler] [node-1] OpenSearchException[Transport client authentication no longer supported.]
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:19,121][ERROR][o.o.s.t.SecurityRequestHandler] [node-1] OpenSearchException[Transport client authentication no longer supported.]
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:20,208][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:20,208][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:20,209][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:20,209][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:20,209][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:20,209][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:20,209][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:20,209][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:20,209][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:20,209][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:14,104Z", "level": "INFO", "component": "o.o.n.Node", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1g, -Xmx1g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-8953314851649021949, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:17,428Z", "level": "ERROR", "component": "o.o.s.a.s.SinkProvider", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Default endpoint could not be created, auditlog will not work properly." }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:19,120Z", "level": "ERROR", "component": "o.o.s.t.SecurityRequestHandler", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "OpenSearchException[Transport client authentication no longer supported.]" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:19,121Z", "level": "ERROR", "component": "o.o.s.t.SecurityRequestHandler", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "OpenSearchException[Transport client authentication no longer supported.]" }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:20,208Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "XnMt2rvTTqqdcWd5XbOBpg", "node.id": "K-wb9TX8Sk6ckh56B3NV3w"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:20,208Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "XnMt2rvTTqqdcWd5XbOBpg", "node.id": "K-wb9TX8Sk6ckh56B3NV3w"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:20,209Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "XnMt2rvTTqqdcWd5XbOBpg", "node.id": "K-wb9TX8Sk6ckh56B3NV3w"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:20,209Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "XnMt2rvTTqqdcWd5XbOBpg", "node.id": "K-wb9TX8Sk6ckh56B3NV3w"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:20,209Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "XnMt2rvTTqqdcWd5XbOBpg", "node.id": "K-wb9TX8Sk6ckh56B3NV3w"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:20,209Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "XnMt2rvTTqqdcWd5XbOBpg", "node.id": "K-wb9TX8Sk6ckh56B3NV3w"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:20,209Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "XnMt2rvTTqqdcWd5XbOBpg", "node.id": "K-wb9TX8Sk6ckh56B3NV3w"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:20,209Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "XnMt2rvTTqqdcWd5XbOBpg", "node.id": "K-wb9TX8Sk6ckh56B3NV3w"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:20,209Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "XnMt2rvTTqqdcWd5XbOBpg", "node.id": "K-wb9TX8Sk6ckh56B3NV3w"  }
/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:20,209Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "XnMt2rvTTqqdcWd5XbOBpg", "node.id": "K-wb9TX8Sk6ckh56B3NV3w"  }
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:19,120][ERROR][o.o.s.t.SecurityRequestHandler] [node-1] OpenSearchException[Transport client authentication no longer supported.]
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:19,121][ERROR][o.o.s.t.SecurityRequestHandler] [node-1] OpenSearchException[Transport client authentication no longer supported.]
Uninstall 🟢
[root@centos7 vagrant]# yum remove wazuh-indexer -y
Loaded plugins: fastestmirror
Resolving Dependencies
--> Running transaction check
---> Package wazuh-indexer.x86_64 0:4.7.0-wp2402 will be erased
--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================================================================================================================================
 Package                                        Arch                                    Version                                         Repository                                                            Size
===================================================================================================================================================================================================================
Removing:
 wazuh-indexer                                  x86_64                                  4.7.0-wp2402                                    @/wazuh-indexer-4.7.0-wp2402.x86_64                                  993 M

Transaction Summary
===================================================================================================================================================================================================================
Remove  1 Package

Installed size: 993 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Stopping wazuh-indexer service... OK
  Erasing    : wazuh-indexer-4.7.0-wp2402.x86_64                                                                                                                                                               1/1 
  Verifying  : wazuh-indexer-4.7.0-wp2402.x86_64                                                                                                                                                               1/1 

Removed:
  wazuh-indexer.x86_64 0:4.7.0-wp2402                                                                                                                                                                              

Complete!
[root@centos7 vagrant]# ls -l /etc/wazuh-indexer/
total 4
dr-x------. 2 997 994 105 Oct  9 13:55 certs
-rw-rw----. 1 997 994 196 Oct  9 13:51 opensearch.keystore
[root@centos7 vagrant]# ls -l /var/lib/wazuh-indexer/
total 20
-rw-r--r--. 1 997 994  5 Oct  9 13:56 batch_metrics_enabled.conf
-rw-r--r--. 1 997 994  5 Oct  9 13:56 logging_enabled.conf
drwxr-xr-x. 3 997 994 15 Oct  9 13:56 nodes
-rw-r--r--. 1 997 994  5 Oct  9 13:56 performance_analyzer_enabled.conf
-rw-r--r--. 1 997 994  5 Oct  9 13:56 rca_enabled.conf
-rw-r--r--. 1 997 994  5 Oct  9 13:56 thread_contention_monitoring_enabled.conf
[root@centos7 vagrant]# ls -l /usr/share/wazuh-indexer
ls: cannot access /usr/share/wazuh-indexer: No such file or directory


Full error
[2023-10-09T20:21:17,527][INFO ][o.o.c.s.MasterService    ] [node-1] elected-as-cluster-manager ([1] nodes joined)[{node-1}{vSZR067eQxumKv-mg-RC0g}{vgbirNExSWGOWR1Oh7CaqQ}{10.0.2.15}{10.0.2.15:9300}{dimr}{shard_indexing_pressure_enabled=true} elect leader, _BECOME_CLUSTER_MANAGER_TASK_, _FINISH_ELECTION_], term: 2, version: 26, delta: cluster-manager node changed {previous [], current [{node-1}{vSZR067eQxumKv-mg-RC0g}{vgbirNExSWGOWR1Oh7CaqQ}{10.0.2.15}{10.0.2.15:9300}{d$
[2023-10-09T20:21:17,552][ERROR][o.o.s.t.SecurityRequestHandler] [node-1] OpenSearchException[Transport client authentication no longer supported.]
[2023-10-09T20:21:17,555][ERROR][o.o.s.t.SecurityRequestHandler] [node-1] OpenSearchException[Transport client authentication no longer supported.]
[2023-10-09T20:21:17,557][WARN ][o.o.d.HandshakingTransportAddressConnector] [node-1] handshake failed for [connectToRemoteMasterNode[[::1]:9300]]
org.opensearch.transport.RemoteTransportException: [node-1][[::1]:9300][internal:transport/handshake]
Caused by: org.opensearch.OpenSearchException: Transport client authentication no longer supported.
        at org.opensearch.security.ssl.util.ExceptionUtils.createTransportClientNoLongerSupportedException(ExceptionUtils.java:68) ~[?:?]
        at org.opensearch.security.transport.SecurityRequestHandler.messageReceivedDecorate(SecurityRequestHandler.java:292) ~[?:?]
        at org.opensearch.security.ssl.transport.SecuritySSLRequestHandler.messageReceived(SecuritySSLRequestHandler.java:163) ~[?:?]
        at org.opensearch.security.OpenSearchSecurityPlugin$7$1.messageReceived(OpenSearchSecurityPlugin.java:756) ~[?:?]
        at org.opensearch.indexmanagement.rollup.interceptor.RollupInterceptor$interceptHandler$1.messageReceived(RollupInterceptor.kt:113) ~[?:?]
        at org.opensearch.performanceanalyzer.transport.PerformanceAnalyzerTransportRequestHandler.messageReceived(PerformanceAnalyzerTransportRequestHandler.java:43) ~[?:?]
        at org.opensearch.transport.RequestHandlerRegistry.processMessageReceived(RequestHandlerRegistry.java:106) ~[opensearch-2.9.0.jar:2.9.0]
        at org.opensearch.transport.InboundHandler.handleRequest(InboundHandler.java:249) ~[opensearch-2.9.0.jar:2.9.0]
        at org.opensearch.transport.InboundHandler.messageReceived(InboundHandler.java:132) ~[opensearch-2.9.0.jar:2.9.0]
        at org.opensearch.transport.InboundHandler.inboundMessage(InboundHandler.java:114) ~[opensearch-2.9.0.jar:2.9.0]
        at org.opensearch.transport.TcpTransport.inboundMessage(TcpTransport.java:769) ~[opensearch-2.9.0.jar:2.9.0]
        at org.opensearch.transport.InboundPipeline.forwardFragments(InboundPipeline.java:175) ~[opensearch-2.9.0.jar:2.9.0]
        at org.opensearch.transport.InboundPipeline.doHandleBytes(InboundPipeline.java:150) ~[opensearch-2.9.0.jar:2.9.0]
        at org.opensearch.transport.InboundPipeline.handleBytes(InboundPipeline.java:115) ~[opensearch-2.9.0.jar:2.9.0]
        at org.opensearch.transport.netty4.Netty4MessageChannelHandler.channelRead(Netty4MessageChannelHandler.java:94) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?]
        at io.netty.handler.logging.LoggingHandler.channelRead(LoggingHandler.java:280) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?]
        at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?]
        at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1383) ~[?:?]
        at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1246) ~[?:?]
        at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1295) ~[?:?]
        at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529) ~[?:?]
        at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468) ~[?:?]
        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?]
        at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
        at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) ~[?:?]
        at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) ~[?:?]
        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788) ~[?:?]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:689) ~[?:?]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:652) ~[?:?]
        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562) ~[?:?]
        at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) ~[?:?]
        at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[?:?]
        at java.lang.Thread.run(Thread.java:833) [?:?]
  • This error message appears when starting or restarting the Wazuh indexer service
    • Install Wazuh indexer -> No error
    • Configure certificates
    • Start Wazuh indexer -> Error appears (2 times)
    • Initialize cluster -> No error appears
    • Restart service -> Error appears again (2 times)
[root@centos7 vagrant]# tail -f /var/log/wazuh-indexer/wazuh-cluster.log | grep "Transport client authentication no longer supported"
[2023-10-09T20:20:53,854][ERROR][o.o.s.t.SecurityRequestHandler] [node-1] OpenSearchException[Transport client authentication no longer supported.]
[2023-10-09T20:20:53,857][ERROR][o.o.s.t.SecurityRequestHandler] [node-1] OpenSearchException[Transport client authentication no longer supported.]
Caused by: org.opensearch.OpenSearchException: Transport client authentication no longer supported.
Caused by: org.opensearch.OpenSearchException: Transport client authentication no longer supported.
[2023-10-09T20:21:17,552][ERROR][o.o.s.t.SecurityRequestHandler] [node-1] OpenSearchException[Transport client authentication no longer supported.]
[2023-10-09T20:21:17,555][ERROR][o.o.s.t.SecurityRequestHandler] [node-1] OpenSearchException[Transport client authentication no longer supported.]
Caused by: org.opensearch.OpenSearchException: Transport client authentication no longer supported.
Caused by: org.opensearch.OpenSearchException: Transport client authentication no longer supported
  • After reinstalling the Wazuh indexer two times, it was not possible to reproduce the error
  • The cluster is in a yellow state, the cause must be investigated

@wazuhci wazuhci moved this from In progress to On hold in Release 4.7.0 Oct 9, 2023
@wazuhci wazuhci moved this from On hold to In progress in Release 4.7.0 Oct 9, 2023
@rauldpm
Copy link
Member Author

rauldpm commented Oct 10, 2023

Update report

On hold due to wazuh/wazuh-qa#4597 and wazuh/wazuh-qa#4596


  • Created issue Connection error in Wazuh indexer 2.10.0 #2514 to report connection error
  • Since the error could not be reproduced, the testing and bump process continues.
  • Upgrade procedure finished successfully but is marked as 🔴 due to:
    • Errors in logs
    • Cluster in yellow status
      • Cause: "unassigned_shards" : 3,
Upgrade 🔴
  • Install Wazuh indexer 4.6.0 🟢
[root@centos7 vagrant]# yum install https://packages-dev.wazuh.com/pre-release-4.6.0-backup/pre-release/yum/wazuh-indexer-4.6.0-1.x86_64.rpm
Loaded plugins: fastestmirror
wazuh-indexer-4.6.0-1.x86_64.rpm                                                                                                                                                            | 673 MB  00:00:29     
Examining /var/tmp/yum-root-Vta7kL/wazuh-indexer-4.6.0-1.x86_64.rpm: wazuh-indexer-4.6.0-1.x86_64
Marking /var/tmp/yum-root-Vta7kL/wazuh-indexer-4.6.0-1.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package wazuh-indexer.x86_64 0:4.6.0-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================================================================================================================================
 Package                                           Arch                                       Version                                      Repository                                                         Size
===================================================================================================================================================================================================================
Installing:
 wazuh-indexer                                     x86_64                                     4.6.0-1                                      /wazuh-indexer-4.6.0-1.x86_64                                     930 M

Transaction Summary
===================================================================================================================================================================================================================
Install  1 Package

Total size: 930 M
Installed size: 930 M
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wazuh-indexer-4.6.0-1.x86_64                                                                                                                                                                    1/1 
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
  Verifying  : wazuh-indexer-4.6.0-1.x86_64                                                                                                                                                                    1/1 

Installed:
  wazuh-indexer.x86_64 0:4.6.0-1                                                                                                                                                                                   

Complete!
  • Configure certificates 🟢
[root@centos7 vagrant]# NODE_NAME=node-1
[root@centos7 vagrant]# mkdir /etc/wazuh-indexer/certs
[root@centos7 vagrant]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem
[root@centos7 vagrant]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem
[root@centos7 vagrant]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem
[root@centos7 vagrant]# chmod 500 /etc/wazuh-indexer/certs
[root@centos7 vagrant]# chmod 400 /etc/wazuh-indexer/certs/*
[root@centos7 vagrant]# chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs
  • Start and check service 🟢
[root@centos7 vagrant]# systemctl daemon-reload
[root@centos7 vagrant]# systemctl enable wazuh-indexer
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service to /usr/lib/systemd/system/wazuh-indexer.service.
[root@centos7 vagrant]# systemctl start wazuh-indexer
[root@centos7 vagrant]# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2023-10-10 16:49:31 UTC; 15s ago
     Docs: https://documentation.wazuh.com
 Main PID: 26043 (java)
   CGroup: /system.slice/wazuh-indexer.service
           └─26043 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=...

Oct 10 16:49:25 centos7 systemd[1]: Starting Wazuh-indexer...
Oct 10 16:49:26 centos7 systemd-entrypoint[26043]: WARNING: A terminally deprecated method in java.lang.System has been called
Oct 10 16:49:26 centos7 systemd-entrypoint[26043]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.8.0.jar)
Oct 10 16:49:26 centos7 systemd-entrypoint[26043]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Oct 10 16:49:26 centos7 systemd-entrypoint[26043]: WARNING: System::setSecurityManager will be removed in a future release
Oct 10 16:49:27 centos7 systemd-entrypoint[26043]: WARNING: A terminally deprecated method in java.lang.System has been called
Oct 10 16:49:27 centos7 systemd-entrypoint[26043]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.8.0.jar)
Oct 10 16:49:27 centos7 systemd-entrypoint[26043]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Oct 10 16:49:27 centos7 systemd-entrypoint[26043]: WARNING: System::setSecurityManager will be removed in a future release
Oct 10 16:49:31 centos7 systemd[1]: Started Wazuh-indexer.
  • Initialize cluster
[root@centos7 vagrant]# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.8.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
  • Check cluster status 🟢
[root@centos7 vagrant]# curl -k -u admin:admin https://192.168.56.4:9200
{
  "name" : "node-1",
  "cluster_name" : "wazuh-cluster",
  "cluster_uuid" : "yUKHu7beTQifKV2DOtHGqQ",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "db90a415ff2fd428b4f7b3f800a51dc229287cb4",
    "build_date" : "2023-06-03T06:24:25.112415503Z",
    "build_snapshot" : false,
    "lucene_version" : "9.6.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}
[root@centos7 vagrant]# curl -k -u admin:admin https://192.168.56.4:9200/_cat/nodes?v
ip        heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
10.0.2.15           21          94   2    0.24    0.25     0.14 dimr      cluster_manager,data,ingest,remote_cluster_client *               node-1
[root@centos7 vagrant]# curl -k -u admin:admin https://192.168.56.4:9200/_cluster/health?pretty
{
  "cluster_name" : "wazuh-cluster",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "discovered_master" : true,
  "discovered_cluster_manager" : true,
  "active_primary_shards" : 2,
  "active_shards" : 2,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}
  • Upgrade process start
  • Disable cluster allocation 🟢
[root@centos7 vagrant]# curl -X PUT "https://192.168.56.4:9200/_cluster/settings"  -u admin:admin -k -H 'Content-Type: application/json' -d'
{
  "persistent": {
    "cluster.routing.allocation.enable": "primaries"
  }
}
'
{"acknowledged":true,"persistent":{"cluster":{"routing":{"allocation":{"enable":"primaries"}}}},"transient":{}}
[root@centos7 vagrant]# curl -X POST "https://192.168.56.4:9200/_flush/synced" -u admin:admin -k
{"_shards":{"total":2,"successful":2,"failed":0}}
  • Upgrade to 4.7.0 🟢
[root@centos7 vagrant]# yum upgrade wazuh-indexer-4.7.0-wp2402.x86_64.rpm 
Loaded plugins: fastestmirror
Examining wazuh-indexer-4.7.0-wp2402.x86_64.rpm: wazuh-indexer-4.7.0-wp2402.x86_64
Marking wazuh-indexer-4.7.0-wp2402.x86_64.rpm as an update to wazuh-indexer-4.6.0-1.x86_64
Resolving Dependencies
--> Running transaction check
---> Package wazuh-indexer.x86_64 0:4.6.0-1 will be updated
---> Package wazuh-indexer.x86_64 0:4.7.0-wp2402 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================================================================================================================================
 Package                                        Arch                                    Version                                          Repository                                                           Size
===================================================================================================================================================================================================================
Updating:
 wazuh-indexer                                  x86_64                                  4.7.0-wp2402                                     /wazuh-indexer-4.7.0-wp2402.x86_64                                  993 M

Transaction Summary
===================================================================================================================================================================================================================
Upgrade  1 Package

Total size: 993 M
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : wazuh-indexer-4.7.0-wp2402.x86_64                                                                                                                                                               1/2 
  Cleanup    : wazuh-indexer-4.6.0-1.x86_64                                                                                                                                                                    2/2 
  Verifying  : wazuh-indexer-4.7.0-wp2402.x86_64                                                                                                                                                               1/2 
  Verifying  : wazuh-indexer-4.6.0-1.x86_64                                                                                                                                                                    2/2 

Updated:
  wazuh-indexer.x86_64 0:4.7.0-wp2402                                                                                                                                                                              

Complete!
  • Start and check service 🟡
    • Service found with error messages but running
[root@centos7 vagrant]# systemctl daemon-reload
[root@centos7 vagrant]# systemctl enable wazuh-indexer
[root@centos7 vagrant]# systemctl start wazuh-indexer
[root@centos7 vagrant]# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2023-10-10 16:54:23 UTC; 9s ago
     Docs: https://documentation.wazuh.com
 Main PID: 26584 (java)
   CGroup: /system.slice/wazuh-indexer.service
           └─26584 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=...

Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206)
Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204)
Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242)
Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearc...tor.java:282)
Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadP...tor.java:245)
Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at java.base/java.lang.Thread.run(Thread.java:833)
Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: For complete error details, refer to the log at /var/log/wazuh-indexer/wazuh-cluster.log
Hint: Some lines were ellipsized, use -l to show in full.
  • Restore cluster allocation 🟢
[root@centos7 vagrant]# curl -k -u admin:admin https://192.168.56.4:9200/_cat/nodes?v
ip        heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
10.0.2.15           26          97   4    0.22    0.23     0.16 dimr      cluster_manager,data,ingest,remote_cluster_client *               node-1
[root@centos7 vagrant]# curl -X PUT "https://192.168.56.4:9200/_cluster/settings" -u admin:admin -k -H 'Content-Type: application/json' -d'
> {
>   "persistent": {
>     "cluster.routing.allocation.enable": "all"
>   }
> }
> '
{"acknowledged":true,"persistent":{"cluster":{"routing":{"allocation":{"enable":"all"}}}},"transient":{}}
[root@centos7 vagrant]# curl -X PUT "https://192.168.56.4:9200/_cluster/settings" -u admin:admin -k -H 'Content-Type: application/json' k -u admin:admin https://192.168.56.4:9200/_cat/nodes?v
ip        heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
10.0.2.15           27          96   0    0.13    0.20     0.15 dimr      cluster_manager,data,ingest,remote_cluster_client *               node-1
  • Check cluster status 🔴
    • Cluster status: yellow
    • Found unassigned shards
[root@centos7 vagrant]# curl -k -u admin:admin https://192.168.56.4:9200
{
  "name" : "node-1",
  "cluster_name" : "wazuh-cluster",
  "cluster_uuid" : "yUKHu7beTQifKV2DOtHGqQ",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "1164221ee2b8ba3560f0ff492309867beea28433",
    "build_date" : "2023-07-18T21:23:29.367080729Z",
    "build_snapshot" : false,
    "lucene_version" : "9.7.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}
[root@centos7 vagrant]# curl -k -u admin:admin https://192.168.56.4:9200/_cluster/health?pretty
{
  "cluster_name" : "wazuh-cluster",
  "status" : "yellow",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "discovered_master" : true,
  "discovered_cluster_manager" : true,
  "active_primary_shards" : 5,
  "active_shards" : 5,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 3,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 62.5
}
  • Found multiple errors in the journalctl and /var/log/wazuh-indexer directory
  • Moved all error/warning messages to a new comment in order to clean the process

@wazuhci wazuhci moved this from In progress to On hold in Release 4.7.0 Oct 10, 2023
@wazuhci wazuhci moved this from On hold to In progress in Release 4.7.0 Oct 10, 2023
@rauldpm
Copy link
Member Author

rauldpm commented Oct 11, 2023

Analysis report - error/warning/deprecation messages

  • Moved all error/warning logs to a new comment in order to clean the process
journalctl
Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: For complete error details, refer to the log at /var/log/wazuh-indexer/wazuh-cluster.log
Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at java.base/java.lang.Thread.run(Thread.java:833)
Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245)
Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282)
Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849)
Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242)
Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204)
Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206)
Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295)
Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424)
Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874)
Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65)
Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.cluster.metadata.MetadataIndexTemplateService$4.execute(MetadataIndexTemplateService.java:491)
Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.cluster.metadata.MetadataIndexTemplateService.addIndexTemplateV2(MetadataIndexTemplateService.java:558)
Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: java.lang.IllegalArgumentException: index template [ss4o_metrics_template] has index patterns [ss4o_metrics-*-*] matching patterns from existing templates [ss4o_metric_template] with patterns (ss4o_metric_template => [ss4o_metrics-*-*]) that have the same priority [1], multiple index templates may not match during index creation, please use a different priority

Current templates:

[root@centos7 vagrant]# curl -k -u admin:admin https://192.168.56.4:9200/_cat/templates
ss4o_metric_template [ss4o_metrics-*-*] 1 1 []
ss4o_trace_template  [ss4o_traces-*-*]  1 1 []

Apparently, is a bug produced in the upgrade from 2.8.0, explanation here: https://forum.opensearch.org/t/java-lang-illegalargumentexception-index-template-how-critical/15306/16, no issue was opened by OP
The error is reported at opensearch-project/observability#1771 and opensearch-project/OpenSearch#8926


Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:103)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:137)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.opensearch.cli.Command.main(Command.java:101)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.opensearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:104)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.opensearch.bootstrap.OpenSearch.execute(OpenSearch.java:171)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.opensearch.bootstrap.OpenSearch.init(OpenSearch.java:180)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.opensearch.bootstrap.Bootstrap.init(Bootstrap.java:404)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.opensearch.bootstrap.Bootstrap.setup(Bootstrap.java:242)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.opensearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:242)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.opensearch.node.Node.<init>(Node.java:389)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.opensearch.node.Node.<init>(Node.java:416)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1325)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1891)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2028)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2142)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2159)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2205)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.Logger.log(Logger.java:161)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:417)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:483)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:500)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:542)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:311)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:396)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:419)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:202)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:215)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:177)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Oct 10 13:18:35 centos7 systemd-entrypoint[641]: 2023-10-10 13:18:35,625 main ERROR Could not define attribute view on path "/var/log/wazuh-indexer/wazuh-cluster.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
wazuh-cluster_deprecation.json
  • This config is present in the following files:
    • base/files/etc/wazuh-indexer/opensearch.yml:node.max_local_storage_nodes: "3"
  • This does not represent a problem with the package functionality right now
{"type": "deprecation", "timestamp": "2023-10-09T20:33:49,063Z", "level": "DEPRECATION", "component": "o.o.d.c.s.Settings", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "[node.max_local_storage_nodes] setting was deprecated in OpenSearch and will be removed in a future release! See the breaking changes documentation for the next major version." }

  • This config is present in the following files:
    • base/files/etc/wazuh-indexer/opensearch.yml:node.name: "node-1"
  • This does not represent a problem with the package functionality right now
{"type": "deprecation", "timestamp": "2023-10-09T20:33:50,103Z", "level": "DEPRECATION", "component": "o.o.d.c.s.Settings", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "[cluster.initial_master_nodes] setting was deprecated in OpenSearch and will be removed in a future release! See the breaking changes documentation for the next major version." }

  • No info was found about the following deprecation message, this does not represent a problem with the package functionality right now
{"type": "deprecation", "timestamp": "2023-10-09T20:33:51,883Z", "level": "DEPRECATION", "component": "o.o.d.a.m.TransportMainAction", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "overriding main response version number will be removed in a future version" }

  • No info was found about the following deprecation message, this does not represent a problem with the package functionality right now
{"type": "deprecation", "timestamp": "2023-10-09T20:33:52,595Z", "level": "DEPRECATION", "component": "o.o.d.c.m.MetadataCreateIndexService", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "index name [.opensearch-observability] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices", "cluster.uuid": "_AuiaZcrRSmWLPxoZPUdmw", "node.id": "sPmtFn6NS8uwX3HDObFSMw"  }

  • No info was found about the following deprecation message, this does not represent a problem with the package functionality right now
{"type": "deprecation", "timestamp": "2023-10-09T20:34:24,625Z", "level": "DEPRECATION", "component": "o.o.d.c.m.IndexNameExpressionResolver", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "this request accesses system indices: [.opendistro_security], but in a future major version, direct access to system indices will be prevented by default", "cluster.uuid": "_AuiaZcrRSmWLPxoZPUdmw", "node.id": "sPmtFn6NS8uwX3HDObFSMw"  }

  • No info was found about the following deprecation message, this does not represent a problem with the package functionality right now
{"type": "deprecation", "timestamp": "2023-10-10T16:52:44,135Z", "level": "DEPRECATION", "component": "o.o.d.r.a.a.i.RestSyncedFlushAction", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Synced flush was removed and a normal flush was performed instead. This transition will be removed in a future version.", "cluster.uuid": "yUKHu7beTQifKV2DOtHGqQ", "node.id": "tHwh8BC-SFCTAG6UjPqilw"  }

  • No info was found about the following deprecation message, this does not represent a problem with the package functionality right now
{"type": "deprecation", "timestamp": "2023-10-10T16:54:33,276Z", "level": "DEPRECATION", "component": "o.o.d.c.m.MetadataCreateIndexService", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "index name [.plugins-ml-config] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices", "cluster.uuid": "yUKHu7beTQifKV2DOtHGqQ", "node.id": "tHwh8BC-SFCTAG6UjPqilw"  }
wazuh-cluster_server.json
{"type": "server", "timestamp": "2023-10-10T13:18:39,485Z", "level": "WARN", "component": "o.o.s.c.Salt", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes" }

{"type": "server", "timestamp": "2023-10-10T13:18:39,514Z", "level": "ERROR", "component": "o.o.s.a.s.SinkProvider", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Default endpoint could not be created, auditlog will not work properly." }
{"type": "server", "timestamp": "2023-10-10T13:18:39,514Z", "level": "WARN", "component": "o.o.s.a.r.AuditMessageRouter", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "No default storage available, audit log may not work properly. Please check configuration." }

{"type": "server", "timestamp": "2023-10-10T13:18:40,726Z", "level": "WARN", "component": "o.o.g.DanglingIndicesState", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually" }

  • No reports have been found with this warning even in the OpenSearch repository, the message appears among other messages, but it is not the main reported problem. As the message said, it is being ignored.
{"type": "server", "timestamp": "2023-10-10T13:18:42,894Z", "level": "WARN", "component": "o.o.p.c.s.h.ConfigOverridesClusterSettingHandler", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Config override setting update called with empty string. Ignoring." }

{"type": "server", "timestamp": "2023-10-10T13:18:42,978Z", "level": "WARN", "component": "o.o.s.SecurityAnalyticsPlugin", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failed to initialize LogType config index and builtin log types", "cluster.uuid": "3C3-Jr4zQECh1G8HArxUDA", "node.id": "HNVmBWmvT8K7cFaNnP8_hg"  }

{"type": "server", "timestamp": "2023-10-10T13:18:42,975Z", "level": "ERROR", "component": "o.o.s.u.SecurityAnalyticsException", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Security Analytics error:", "cluster.uuid": "3C3-Jr4zQECh1G8HArxUDA", "node.id": "HNVmBWmvT8K7cFaNnP8_hg" , 
"stacktrace": ["org.opensearch.ResourceAlreadyExistsException: index [.opensearch-sap-pre-packaged-rules-config/NOz47ECmRj2YLvEdwmVRnA] already exists",
"at org.opensearch.cluster.metadata.MetadataCreateIndexService.validateIndexName(MetadataCreateIndexService.java:233) ~[opensearch-2.9.0.jar:2.9.0]",
"at org.opensearch.cluster.metadata.MetadataCreateIndexService.validate(MetadataCreateIndexService.java:1300) ~[opensearch-2.9.0.jar:2.9.0]",
"at org.opensearch.cluster.metadata.MetadataCreateIndexService.applyCreateIndexRequest(MetadataCreateIndexService.java:404) ~[opensearch-2.9.0.jar:2.9.0]",
"at org.opensearch.cluster.metadata.MetadataCreateIndexService.applyCreateIndexRequest(MetadataCreateIndexService.java:459) ~[opensearch-2.9.0.jar:2.9.0]",
"at org.opensearch.cluster.metadata.MetadataCreateIndexService$1.execute(MetadataCreateIndexService.java:365) ~[opensearch-2.9.0.jar:2.9.0]",
"at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65) ~[opensearch-2.9.0.jar:2.9.0]",
"at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874) ~[opensearch-2.9.0.jar:2.9.0]",
"at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424) ~[opensearch-2.9.0.jar:2.9.0]",
"at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295) ~[opensearch-2.9.0.jar:2.9.0]",
"at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206) ~[opensearch-2.9.0.jar:2.9.0]",
"at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204) ~[opensearch-2.9.0.jar:2.9.0]",
"at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242) ~[opensearch-2.9.0.jar:2.9.0]",
"at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) ~[opensearch-2.9.0.jar:2.9.0]",
"at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) ~[opensearch-2.9.0.jar:2.9.0]",
"at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) ~[opensearch-2.9.0.jar:2.9.0]",
"at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) [?:?]",
"at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) [?:?]",
"at java.lang.Thread.run(Thread.java:833) [?:?]"] }

{"type": "server", "timestamp": "2023-10-10T13:18:42,986Z", "level": "WARN", "component": "o.o.s.SecurityAnalyticsPlugin", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failed initializing prepackaged rules", "cluster.uuid": "3C3-Jr4zQECh1G8HArxUDA", "node.id": "HNVmBWmvT8K7cFaNnP8_hg" , 
"stacktrace": ["org.opensearch.securityanalytics.util.SecurityAnalyticsException: index [.opensearch-sap-pre-packaged-rules-config/NOz47ECmRj2YLvEdwmVRnA] already exists",
"at org.opensearch.securityanalytics.util.SecurityAnalyticsException.wrap(SecurityAnalyticsException.java:51) ~[?:?]",
"at org.opensearch.securityanalytics.transport.TransportSearchRuleAction$AsyncSearchRulesAction.lambda$finishHim$0(TransportSearchRuleAction.java:239) ~[?:?]",
"at org.opensearch.action.ActionRunnable.lambda$supply$0(ActionRunnable.java:73) [opensearch-2.9.0.jar:2.9.0]",
"at org.opensearch.action.ActionRunnable$2.doRun(ActionRunnable.java:88) ~[opensearch-2.9.0.jar:2.9.0]",
"at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:908) [opensearch-2.9.0.jar:2.9.0]",
"at org.opensearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:52) [opensearch-2.9.0.jar:2.9.0]",
"at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) [?:?]",
"at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) [?:?]",
"at java.lang.Thread.run(Thread.java:833) [?:?]",
"Caused by: java.lang.Exception: org.opensearch.ResourceAlreadyExistsException: index [.opensearch-sap-pre-packaged-rules-config/NOz47ECmRj2YLvEdwmVRnA] already exists",
"... 9 more"] }

{"type": "server", "timestamp": "2023-10-10T13:18:43,939Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "3C3-Jr4zQECh1G8HArxUDA", "node.id": "HNVmBWmvT8K7cFaNnP8_hg"  }

{"type": "server", "timestamp": "2023-10-10T13:51:25,972Z", "level": "WARN", "component": "o.o.c.m.MetadataCreateIndexService", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Setting replication.type: DOCUMENT will be used for Index until Segment Replication supports System and Hidden indices", "cluster.uuid": "3C3-Jr4zQECh1G8HArxUDA", "node.id": "HNVmBWmvT8K7cFaNnP8_hg"  }

{"type": "server", "timestamp": "2023-10-10T13:18:42,968Z", "level": "WARN", "component": "o.o.o.i.ObservabilityIndex", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "message: index [.opensearch-observability/6NNSw0wGQsOfyH1F_GIrTg] already exists", "cluster.uuid": "3C3-Jr4zQECh1G8HArxUDA", "node.id": "HNVmBWmvT8K7cFaNnP8_hg"  }

{"type": "server", "timestamp": "2023-10-10T16:54:23,536Z", "level": "WARN", "component": "o.o.o.i.ObservabilityIndex", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "message: index [.opensearch-observability/KFrTocVmT2WELfYOZgKoEg] already exists", "cluster.uuid": "yUKHu7beTQifKV2DOtHGqQ", "node.id": "tHwh8BC-SFCTAG6UjPqilw"  }
wazuh-cluster.log
  • All errors present in this log file are reported previously

@rauldpm
Copy link
Member Author

rauldpm commented Oct 11, 2023

Analysis report - Unassigned shards in a fresh install

  • How to replicate
    • Create certificates
      • Download the Wazuh cert tool and the config.yml file
      • Add the node IP to the config.yml file in the Wazuh indexer node-1 section. Remove the rest of the configuration
      • Create the certificates using the cert tools
      • Install the Wazuh indexer 4.7.0 - 2.9.0 package
      • Copy the certificates following the documentation
      • Start the Wazuh indexer service
      • Initialize the Wazuh indexer cluster -> Should be stated as YELLOW
      • Check cluster health with curl -k -u admin:admin https://IP:9200/_cluster/health?pretty
  • Cluster initialization
[root@centos7 vagrant]# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.9.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
  • Health check
[root@centos7 vagrant]# curl -k -u admin:admin https://192.168.56.4:9200/_cluster/health?pretty
{
  "cluster_name" : "wazuh-cluster",
  "status" : "yellow",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "discovered_master" : true,
  "discovered_cluster_manager" : true,
  "active_primary_shards" : 5,
  "active_shards" : 5,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 3,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 62.5
}
  • It is possible to see three unassigned shards

  • A Wazuh indexer 4.6.0 (2.8.0) fresh install shows the cluster in a green state and without unassigned shards

    4.6.0 cluster status - fresh install
    [root@centos7 vagrant]# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
    **************************************************************************
    ** This tool will be deprecated in the next major release of OpenSearch **
    ** https://github.com/opensearch-project/security/issues/1755           **
    **************************************************************************
    Security Admin v7
    Will connect to 127.0.0.1:9200 ... done
    Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
    OpenSearch Version: 2.8.0
    Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
    Clustername: wazuh-cluster
    Clusterstate: GREEN
    Number of nodes: 1
    Number of data nodes: 1
    .opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
    Populate config from /etc/wazuh-indexer/opensearch-security/
    Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
       SUCC: Configuration for 'config' created or updated
    Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
       SUCC: Configuration for 'roles' created or updated
    Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
       SUCC: Configuration for 'rolesmapping' created or updated
    Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
       SUCC: Configuration for 'internalusers' created or updated
    Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
       SUCC: Configuration for 'actiongroups' created or updated
    Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
       SUCC: Configuration for 'tenants' created or updated
    Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
       SUCC: Configuration for 'nodesdn' created or updated
    Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
       SUCC: Configuration for 'whitelist' created or updated
    Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
       SUCC: Configuration for 'audit' created or updated
    Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
       SUCC: Configuration for 'allowlist' created or updated
    SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
    Done with success
    
    
    [root@centos7 vagrant]# curl -k -u admin:admin https://192.168.56.4:9200/_cluster/health?pretty
    {
      "cluster_name" : "wazuh-cluster",
      "status" : "green",
      "timed_out" : false,
      "number_of_nodes" : 1,
      "number_of_data_nodes" : 1,
      "discovered_master" : true,
      "discovered_cluster_manager" : true,
      "active_primary_shards" : 2,
      "active_shards" : 2,
      "relocating_shards" : 0,
      "initializing_shards" : 0,
      "unassigned_shards" : 0,
      "delayed_unassigned_shards" : 0,
      "number_of_pending_tasks" : 0,
      "number_of_in_flight_fetch" : 0,
      "task_max_waiting_in_queue_millis" : 0,
      "active_shards_percent_as_number" : 100.0
    }
    
    

Testing OpenSearch 2.9.0

  • The same behavior has been found in an OpenSearch 2.9.0 fresh install

    OpenSearch 2.9.0 fresh install 🔴
    [root@centos7 vagrant]# yum install opensearch-2.9.0-linux-x64.rpm -y
    Loaded plugins: fastestmirror
    Examining opensearch-2.9.0-linux-x64.rpm: opensearch-2.9.0-1.x86_64
    Marking opensearch-2.9.0-linux-x64.rpm to be installed
    Resolving Dependencies
    --> Running transaction check
    ---> Package opensearch.x86_64 0:2.9.0-1 will be installed
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    =============================================================================================================================================================================================================================================
     Package                                                Arch                                               Version                                             Repository                                                               Size
    =============================================================================================================================================================================================================================================
    Installing:
     opensearch                                             x86_64                                             2.9.0-1                                             /opensearch-2.9.0-linux-x64                                             993 M
    
    Transaction Summary
    =============================================================================================================================================================================================================================================
    Install  1 Package
    
    Total size: 993 M
    Installed size: 993 M
    Downloading packages:
    Running transaction check
    Running transaction test
    Transaction test succeeded
    Running transaction
      Installing : opensearch-2.9.0-1.x86_64                                                                                                                                                                                                 1/1 
    ### NOT starting on installation, please execute the following statements to configure opensearch service to start automatically using systemd
     sudo systemctl daemon-reload
     sudo systemctl enable opensearch.service
    ### You can start opensearch service by executing
     sudo systemctl start opensearch.service
    ### Create opensearch demo certificates in /etc/opensearch/
     See demo certs creation log in /var/log/opensearch/install_demo_configuration.log
      Verifying  : opensearch-2.9.0-1.x86_64                                                                                                                                                                                                 1/1 
    
    Installed:
      opensearch.x86_64 0:2.9.0-1                                                                                                                                                                                                                
    
    Complete!
    [root@centos7 vagrant]# sudo systemctl start opensearch
    [root@centos7 vagrant]# sudo systemctl status opensearch
    ● opensearch.service - OpenSearch
       Loaded: loaded (/usr/lib/systemd/system/opensearch.service; disabled; vendor preset: disabled)
       Active: active (running) since Wed 2023-10-11 15:33:17 UTC; 15s ago
         Docs: https://opensearch.org/
     Main PID: 5633 (java)
       CGroup: /system.slice/opensearch.service
               └─5633 /usr/share/opensearch/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Dj...
    
    Oct 11 15:33:07 centos7 systemd[1]: Starting OpenSearch...
    Oct 11 15:33:09 centos7 systemd-entrypoint[5633]: WARNING: A terminally deprecated method in java.lang.System has been called
    Oct 11 15:33:09 centos7 systemd-entrypoint[5633]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/opensearch/lib/opensearch-2.9.0.jar)
    Oct 11 15:33:09 centos7 systemd-entrypoint[5633]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
    Oct 11 15:33:09 centos7 systemd-entrypoint[5633]: WARNING: System::setSecurityManager will be removed in a future release
    Oct 11 15:33:09 centos7 systemd-entrypoint[5633]: WARNING: A terminally deprecated method in java.lang.System has been called
    Oct 11 15:33:09 centos7 systemd-entrypoint[5633]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/opensearch/lib/opensearch-2.9.0.jar)
    Oct 11 15:33:09 centos7 systemd-entrypoint[5633]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
    Oct 11 15:33:09 centos7 systemd-entrypoint[5633]: WARNING: System::setSecurityManager will be removed in a future release
    Oct 11 15:33:17 centos7 systemd[1]: Started OpenSearch.
    
    
    [root@centos7 vagrant]# curl -k -u admin:admin https://localhost:9200/_cluster/health?pretty
    {
      "cluster_name" : "opensearch",
      "status" : "yellow",
      "timed_out" : false,
      "number_of_nodes" : 1,
      "number_of_data_nodes" : 1,
      "discovered_master" : true,
      "discovered_cluster_manager" : true,
      "active_primary_shards" : 5,
      "active_shards" : 5,
      "relocating_shards" : 0,
      "initializing_shards" : 0,
      "unassigned_shards" : 3,
      "delayed_unassigned_shards" : 0,
      "number_of_pending_tasks" : 0,
      "number_of_in_flight_fetch" : 0,
      "task_max_waiting_in_queue_millis" : 0,
      "active_shards_percent_as_number" : 62.5
    }
    [root@centos7 vagrant]# curl -k -u admin:admin https://localhost:9200/_cat/shards
    .opensearch-observability                 0 p STARTED     0   208b 127.0.0.1 centos7
    .plugins-ml-config                        0 p STARTED     1  3.8kb 127.0.0.1 centos7
    .plugins-ml-config                        0 r UNASSIGNED                     
    .opensearch-sap-pre-packaged-rules-config 0 p STARTED              127.0.0.1 centos7
    .opensearch-sap-pre-packaged-rules-config 0 r UNASSIGNED                     
    .opensearch-sap-log-types-config          0 p STARTED              127.0.0.1 centos7
    .opensearch-sap-log-types-config          0 r UNASSIGNED                     
    .opendistro_security                      0 p STARTED    10 74.8kb 127.0.0.1 centos7
    
  • Apparently, the unassigned shards are duplicated:

.plugins-ml-config                        0 r UNASSIGNED           
.opensearch-sap-pre-packaged-rules-config 0 r UNASSIGNED            
.opensearch-sap-log-types-config          0 r UNASSIGNED     

Testing OpenSearch 2.10.0

  • This behavior does not happen in OpenSearch 2.10.0

    OpenSearch 2.10.0 fresh install 🟢
    [root@centos7 vagrant]# yum localinstall opensearch-2.10.0-linux-x64.rpm -y
    Loaded plugins: fastestmirror
    Examining opensearch-2.10.0-linux-x64.rpm: opensearch-2.10.0-1.x86_64
    Marking opensearch-2.10.0-linux-x64.rpm to be installed
    Resolving Dependencies
    --> Running transaction check
    ---> Package opensearch.x86_64 0:2.10.0-1 will be installed
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    =============================================================================================================================================================================================================================================
     Package                                               Arch                                              Version                                               Repository                                                               Size
    =============================================================================================================================================================================================================================================
    Installing:
     opensearch                                            x86_64                                            2.10.0-1                                              /opensearch-2.10.0-linux-x64                                            1.0 G
    
    Transaction Summary
    =============================================================================================================================================================================================================================================
    Install  1 Package
    
    Total size: 1.0 G
    Installed size: 1.0 G
    Downloading packages:
    Running transaction check
    Running transaction test
    Transaction test succeeded
    Running transaction
      Installing : opensearch-2.10.0-1.x86_64                                                                                                                                                                                                1/1 
    ### NOT starting on installation, please execute the following statements to configure opensearch service to start automatically using systemd
     sudo systemctl daemon-reload
     sudo systemctl enable opensearch.service
    ### You can start opensearch service by executing
     sudo systemctl start opensearch.service
    ### Create opensearch demo certificates in /etc/opensearch/
     See demo certs creation log in /var/log/opensearch/install_demo_configuration.log
    ### Upcoming breaking change in packaging
     In a future release of OpenSearch, we plan to change the permissions associated with access to installed files
     If you are configuring tools that require read access to the OpenSearch configuration files, we recommend you add the user that runs these tools to the 'opensearch' group
     For more information, see https://github.com/opensearch-project/opensearch-build/pull/4043
      Verifying  : opensearch-2.10.0-1.x86_64                                                                                                                                                                                                1/1 
    
    Installed:
      opensearch.x86_64 0:2.10.0-1                                                                                                                                                                                                               
    
    Complete!
    [root@centos7 vagrant]# sudo systemctl start opensearch
    [root@centos7 vagrant]# systemctl  status opensearch
    ● opensearch.service - OpenSearch
       Loaded: loaded (/usr/lib/systemd/system/opensearch.service; disabled; vendor preset: disabled)
       Active: active (running) since Wed 2023-10-11 15:51:34 UTC; 3s ago
         Docs: https://opensearch.org/
     Main PID: 24907 (java)
       CGroup: /system.slice/opensearch.service
               └─24907 /usr/share/opensearch/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -D...
    
    Oct 11 15:51:25 centos7 systemd[1]: Starting OpenSearch...
    Oct 11 15:51:26 centos7 systemd-entrypoint[24907]: WARNING: A terminally deprecated method in java.lang.System has been called
    Oct 11 15:51:26 centos7 systemd-entrypoint[24907]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/opensearch/lib/opensearch-2.10.0.jar)
    Oct 11 15:51:26 centos7 systemd-entrypoint[24907]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
    Oct 11 15:51:26 centos7 systemd-entrypoint[24907]: WARNING: System::setSecurityManager will be removed in a future release
    Oct 11 15:51:26 centos7 systemd-entrypoint[24907]: WARNING: A terminally deprecated method in java.lang.System has been called
    Oct 11 15:51:26 centos7 systemd-entrypoint[24907]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/opensearch/lib/opensearch-2.10.0.jar)
    Oct 11 15:51:26 centos7 systemd-entrypoint[24907]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
    Oct 11 15:51:26 centos7 systemd-entrypoint[24907]: WARNING: System::setSecurityManager will be removed in a future release
    Oct 11 15:51:34 centos7 systemd[1]: Started OpenSearch.
    
    
    [root@centos7 vagrant]# curl -k -u admin:admin https://localhost:9200/_cluster/health?pretty
    {
      "cluster_name" : "opensearch",
      "status" : "green",
      "timed_out" : false,
      "number_of_nodes" : 1,
      "number_of_data_nodes" : 1,
      "discovered_master" : true,
      "discovered_cluster_manager" : true,
      "active_primary_shards" : 4,
      "active_shards" : 4,
      "relocating_shards" : 0,
      "initializing_shards" : 0,
      "unassigned_shards" : 0,
      "delayed_unassigned_shards" : 0,
      "number_of_pending_tasks" : 0,
      "number_of_in_flight_fetch" : 0,
      "task_max_waiting_in_queue_millis" : 0,
      "active_shards_percent_as_number" : 100.0
    }
    [root@centos7 vagrant]# curl -k -u admin:admin https://localhost:9200/_cat/shards
    .opensearch-observability        0 p STARTED  0   208b 127.0.0.1 centos7
    .opensearch-sap-log-types-config 0 p STARTED           127.0.0.1 centos7
    .opendistro_security             0 p STARTED 10 75.4kb 127.0.0.1 centos7
    
    
    
[root@centos7 vagrant]# curl -k -u admin:admin https://localhost:9200/_cat/shards
.opensearch-observability        0 p STARTED  0   208b 127.0.0.1 centos7
.opensearch-sap-log-types-config 0 p STARTED           127.0.0.1 centos7
.opendistro_security             0 p STARTED 10 75.4kb 127.0.0.1 centos7

@rauldpm
Copy link
Member Author

rauldpm commented Oct 11, 2023

Conclusion

Due to the errors and warnings detected in the bump from OpenSearch, it was decided to stop the bump process and keep 2.8.0 for 4.7.0

@davidjiglesias
Copy link
Member

LGTM!

@davidjiglesias davidjiglesias closed this as not planned Won't fix, can't repro, duplicate, stale Oct 13, 2023
@wazuhci wazuhci moved this from Pending final review to Done in Release 4.7.0 Oct 13, 2023
@zentavr
Copy link

zentavr commented Feb 28, 2024

I still have this issue with v4.7.2: wazuh/wazuh-kubernetes#604

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
level/task Subtask issue type/change Change requested type/enhancement Enhancement issue
Projects
No open projects
Status: Done
Development

No branches or pull requests

4 participants