Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adapt repository to deploy Wazuh 4.4.0 #853

Closed
teddytpc1 opened this issue Oct 21, 2022 · 7 comments · Fixed by #854
Closed

Adapt repository to deploy Wazuh 4.4.0 #853

teddytpc1 opened this issue Oct 21, 2022 · 7 comments · Fixed by #854

Comments

@teddytpc1
Copy link
Member

The repository needs to be adapted to deploy Wazuh 4.4.0 using branch 4.4.
The required change so far is to set /etc/wazuh-indexer/opensearch-security to the variable indexer_sec_plugin_conf_path for the indexer role.

@teddytpc1
Copy link
Member Author

teddytpc1 commented Oct 21, 2022

Issue

After changing the variable the pipeline failed with the following error when running the securityadmin script:

09:51:55  Security Admin v7
09:51:55  Will connect to 10.0.2.96:9300 ... done
09:51:55  ERR: An unexpected RuntimeException occured: error while performing request
09:51:55  Trace:
09:51:55  java.lang.RuntimeException: error while performing request
09:51:55  	at org.opensearch.client.RestClient.extractAndWrapCause(RestClient.java:963)
09:51:55  	at org.opensearch.client.RestClient.performRequest(RestClient.java:332)
09:51:55  	at org.opensearch.client.RestClient.performRequest(RestClient.java:320)
09:51:55  	at org.opensearch.security.tools.SecurityAdmin.execute(SecurityAdmin.java:462)
09:51:55  	at org.opensearch.security.tools.SecurityAdmin.main(SecurityAdmin.java:159)
09:51:55  Caused by: org.apache.http.ProtocolException: Not a valid protocol version: This is not an HTTP port

Related issue from Opensearch Project

The error will be investigated. Related issue in Opensearch Project:

Solution

I reviewed this along with @c-bordon and he told me that the port for 4.4 should be 9200 instead of 9300. Then tested it manually and it worked. So, the change was pushed to the branch.

@teddytpc1 teddytpc1 linked a pull request Oct 21, 2022 that will close this issue
@teddytpc1
Copy link
Member Author

The package for the Windows Agent failed to build. I will wait until the issue is resolved to continue.

@teddytpc1
Copy link
Member Author

I was able to build de Win Agent package and I'm currently testing the Demo deploy pipeline.

@teddytpc1
Copy link
Member Author

The Wazuh dashboard service failed. It shows the following errors:

● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since lun 2022-10-24 16:39:23 UTC; 2h 8min ago
  Process: 18343 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=13)
 Main PID: 18343 (code=exited, status=13)

oct 24 16:39:23 ip-10-0-0-158.us-west-1.compute.internal systemd[1]: Stopped wazuh-dashboard.
oct 24 16:39:23 ip-10-0-0-158.us-west-1.compute.internal systemd[1]: Started wazuh-dashboard.
oct 24 16:39:23 ip-10-0-0-158.us-west-1.compute.internal opensearch-dashboards[18343]: OpenSSL configuration error:
oct 24 16:39:23 ip-10-0-0-158.us-west-1.compute.internal opensearch-dashboards[18343]: 140122067044224:error:0200100D:system library:fopen:Permission denied:../deps/openssl/openssl/crypto/bio/bss_file.c:69:fopen('/etc/ssl/openssl.cnf','rb')
oct 24 16:39:23 ip-10-0-0-158.us-west-1.compute.internal opensearch-dashboards[18343]: 140122067044224:error:2006D002:BIO routines:BIO_new_file:system lib:../deps/openssl/openssl/crypto/bio/bss_file.c:78:
oct 24 16:39:23 ip-10-0-0-158.us-west-1.compute.internal opensearch-dashboards[18343]: 140122067044224:error:0E078002:configuration file routines:def_load:system lib:../deps/openssl/openssl/crypto/conf/conf_def.c:170:
oct 24 16:39:23 ip-10-0-0-158.us-west-1.compute.internal systemd[1]: wazuh-dashboard.service: main process exited, code=exited, status=13/n/a
oct 24 16:39:23 ip-10-0-0-158.us-west-1.compute.internal systemd[1]: Unit wazuh-dashboard.service entered failed state.
oct 24 16:39:23 ip-10-0-0-158.us-west-1.compute.internal systemd[1]: wazuh-dashboard.service failed.

I will check with the team to check if it is a known error related to any change in the package.

@teddytpc1
Copy link
Member Author

teddytpc1 commented Oct 26, 2022

After running some tests I found out that the wazuh-dashboard service fails after some post-installation tasks. I will perform additional tests to identify what task is the one that makes the service fail.

@teddytpc1
Copy link
Member Author

I've deployed the Demo environment manually several times in order to determine what task is causing the issue, but I didn't find the one yet.
The Dashboard error is the following:

-- The start-up result is done.
oct 27 19:16:16 ip-10-0-0-9.us-west-1.compute.internal opensearch-dashboards[15658]: OpenSSL configuration error:
oct 27 19:16:16 ip-10-0-0-9.us-west-1.compute.internal opensearch-dashboards[15658]: 139945692362624:error:0200100D:system library:fopen:Permission denied:../deps/openssl/openssl/crypto/bio/bss_file.c:69:fopen('/etc/ssl/openssl.cnf','rb')
oct 27 19:16:16 ip-10-0-0-9.us-west-1.compute.internal opensearch-dashboards[15658]: 139945692362624:error:2006D002:BIO routines:BIO_new_file:system lib:../deps/openssl/openssl/crypto/bio/bss_file.c:78:
oct 27 19:16:16 ip-10-0-0-9.us-west-1.compute.internal opensearch-dashboards[15658]: 139945692362624:error:0E078002:configuration file routines:def_load:system lib:../deps/openssl/openssl/crypto/conf/conf_def.c:170:
oct 27 19:16:16 ip-10-0-0-9.us-west-1.compute.internal systemd[1]: wazuh-dashboard.service: main process exited, code=exited, status=13/n/a
oct 27 19:16:16 ip-10-0-0-9.us-west-1.compute.internal systemd[1]: Unit wazuh-dashboard.service entered failed state.
oct 27 19:16:16 ip-10-0-0-9.us-west-1.compute.internal systemd[1]: wazuh-dashboard.service failed.

I have tried removing these tasks:

  - name: Verify if deploy is using Dashboard
    package_facts:
      manager: "auto"
    when: inventory_hostname in groups['dashboard']

  - name: Enable wazuh-dashboard service
    systemd:
      enabled: yes
      name: wazuh-dashboard
    when: inventory_hostname in groups['dashboard']

And:

  - name: Install htpasswd
    yum:
      name: httpd-tools-2.4.33-2.amzn2.0.2.x86_64
      state: present
    when:
      - ansible_distribution|lower != "amazon"

  - name: Install htpasswd in Amazon Linux
    yum:
      name: httpd-tools-2.4.33-2.amzn2.0.2.x86_64
      state: present
    when:
      - ansible_distribution|lower == "amazon"

But the error persists.
I'm deploying a new environment to make additional validations.

@teddytpc1
Copy link
Member Author

The demo deployment is still failing but the wazuh-ansible tasks are working fine. The PR will be submitted for review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant