Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move ".wazuh-version" information to a registry file #1467

Closed
jesusgn90 opened this issue May 23, 2019 · 3 comments
Closed

Move ".wazuh-version" information to a registry file #1467

jesusgn90 opened this issue May 23, 2019 · 3 comments
Assignees
@juankaromo
Labels
back-end Thins related to the server side type/enhancement Enhancement issue
Milestone
25th week sprint

Comments

@jesusgn90
Copy link
Contributor

Hi team,

The .wazuh-version is a useless index right now. Every index in Elasticsearch implies shards, replicas, and a few other things that might generate errors.

Description

The information stored in .wazuh-version must be replaced with a non-indexed solution.

Proposal

Create a registry file as Filebeat does. This index just let us now the installation date and the last Kibana restart time. That information can be written to a registry file. Other data in that index is about the version, revision, and all that information can be parsed from our package.json so there is no need for having a document in an internal index.

Other changes

  • Remove all logic related to the index creation, reindex or any other Elasticsearch related logic.
@jesusgn90 jesusgn90 added type/enhancement Enhancement issue back-end Thins related to the server side elasticsearch labels May 23, 2019
@jesusgn90 jesusgn90 added this to the 23th week sprint milestone Jun 3, 2019
@juankaromo juankaromo mentioned this issue Jun 5, 2019
Merged
@juankaromo
Copy link
Contributor

Update 05/06 7bd4577

registry file will be placed on the server root directory.

Initialize.js

First of all checkWazuhVersionIndex has been changed by checkWazuhVersionRegistry. In this function, the first step is to delete .wazuh-index from Elasticsearch if exists (wzWrapper.deleteWazuhVersionIndex()).

After we check if registry already exists with fs.existsSync(wazuhVersion), when WazuhVersion is the path of registry file.

If it doesn't exist, we are going to create it in saveConfiguration existing method. On it, instead of creating an index, we create a file with the same configuration that we inserted before on the .wazuh-index:

fs.writeFileSync(wazuhVersion, JSON.stringify(configuration), (err) => {
   if (err) {
     throw new Error(err);
   }       
 });

Once created, we update the field lastRestart:

let source = JSON.parse(fs.readFileSync(wazuhVersion, 'utf8'));
source.lastRestart = new Date().toISOString(); // Registry exists so we update the lastRestarted date only

Wazuh-elastic

We have removed '/elastic/timestamp' and '/elastic/setup' endpoint from the elastic API because don't make sense here anymore. Instead, the endpoints have been relocated to Wazuh-api.

And the getters methods on it have been replaced from await this.wzWrapper.getWazuhVersionIndexAsSearch() to a simple file reader.

Now the files check-timestamp, settings, and health-checks make its requests to '/api/XXX'

Elastic wrapper

All these methods have been removed from this wrapper cause them don't make sense:

createWazuhVersionIndex()
insertWazuhVersionConfiguration()
getWazuhVersionIndex()
updateWazuhVersionIndexLastRestart()
getWazuhVersionIndexAsSearch()

Instead the method deleteWazuhVersionIndex() has been added for deelting the index when exists (an upgrade e.g.)

Configurations

wazuh-version.shards and wazuh-version.replicas have been removed from the configuration files.

@juankaromo
Copy link
Contributor

juankaromo commented Jun 19, 2019
edited
Loading

Update 19/06

Changes

  • .wazuh-version is deprecated and must disappear.
  • Its role is taken by wazuh-version.json server file.
  • The transition must be automatic and not generate errors.

Tests in a Production enviroment

Test Expected behavior Result
New installation Check that .wazuh-version doesn't exists and create wazuh-version.json` file pass
Update Delete that .wazuh-version if exists and create wazuh-version.json file pass
Restart lastRestart filed in wazuh-version.json must be updated pass
File is OK created The props are read from app successfully pass
File is OK created but doesn't have read permissions The props are not read from the app and show error pass
File is NOT created App shows error pass

App on a fail file scenario
image

File in OK scenario

{"name":"Wazuh App","app-version":"3.10.0","revision":"0516","installationDate":"2019-06-18T16:06:11.594Z","lastRestart":"2019-06-18T16:19:06.012Z"}

@juankaromo
Copy link
Contributor

Production error pointing

I've been getting this error when installing the app in production from the package and updating the .wazuh-version index to the log file:

image

As the calls have changed from /elastic/timestamp to /api/timestamp it was strange to me that calls were still being made to the previous route.

In the end it was because the bundles generated had not been updated. I proceed to erase them and launch Kibana again to regenerate them.

rm -rf /usr/share/kibana/optimize/bundles
systemctl restart kibana

Now everything works properly.

@jesusgn90 jesusgn90 mentioned this issue Aug 19, 2019
Closed
@juankaromo juankaromo mentioned this issue Aug 23, 2019
Closed
26 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@juankaromo juankaromo

Labels
back-end Thins related to the server side type/enhancement Enhancement issue
Projects
None yet
Milestone
25th week sprint
Development

No branches or pull requests
2 participants
@jesusgn90 @juankaromo