Changing Indexer password failure in Docker Wazuh Multi-node Deployment #1477
Assignees
Labels
Comments
2 tasks
|
I performed a first test and was unable to reproduce the error. I will use the same passwords that the user used in the test. Tests: deploymentroot@ubuntu-jammy:~# git clone https://github.com/wazuh/wazuh-docker.git -b v4.9.0-beta1
Cloning into 'wazuh-docker'...
remote: Enumerating objects: 13369, done.
remote: Counting objects: 100% (689/689), done.
remote: Compressing objects: 100% (387/387), done.
remote: Total 13369 (delta 329), reused 607 (delta 276), pack-reused 12680
Receiving objects: 100% (13369/13369), 314.57 MiB | 8.04 MiB/s, done.
Resolving deltas: 100% (6954/6954), done.
Note: switching to '28c051a05ef7ac67e19fadfb82be08930bfc8f9c'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -c with the switch command. Example:
git switch -c <new-branch-name>
Or undo this operation with:
git switch -
Turn off this advice by setting config variable advice.detachedHead to false
root@ubuntu-jammy:~# cd wazuh-docker/single-node/
root@ubuntu-jammy:~/wazuh-docker/single-node# docker-compose -f generate-indexer-certs.yml run --rm generator
[+] Running 1/0
⠿ Network single-node_default Created 0.1s
[+] Running 5/5
⠿ generator Pulled 11.5s
⠿ 17d0386c2fff Pull complete 7.4s
⠿ 7ce91ec7d1d3 Pull complete 9.3s
⠿ 5249716d429c Pull complete 9.3s
⠿ d7003467fd14 Pull complete 9.3s
The tool to create the certificates exists in the in Packages bucket
08/08/2024 11:02:34 INFO: Generating the root certificate.
08/08/2024 11:02:34 INFO: Generating Admin certificates.
08/08/2024 11:02:34 INFO: Admin certificates created.
08/08/2024 11:02:34 INFO: Generating Wazuh indexer certificates.
08/08/2024 11:02:35 INFO: Wazuh indexer certificates created.
08/08/2024 11:02:35 INFO: Generating Filebeat certificates.
08/08/2024 11:02:35 INFO: Wazuh Filebeat certificates created.
08/08/2024 11:02:35 INFO: Generating Wazuh dashboard certificates.
08/08/2024 11:02:35 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
root@ubuntu-jammy:~/wazuh-docker/single-node# docker-compose up -d
[+] Running 44/44
⠿ wazuh.manager Pulled 226.1s
⠿ ba43d5d56185 Pull complete 111.2s
⠿ ce78ef2d8693 Pull complete 113.7s
⠿ 8f11a8a98953 Pull complete 114.2s
⠿ e8a3a72a23ec Pull complete 115.1s
⠿ 81089b5067fc Pull complete 116.0s
⠿ 95210270ba23 Pull complete 116.9s
⠿ 287b6eb56b6c Pull complete 118.3s
⠿ ac419f894e2f Pull complete 223.2s
⠿ f5c3daca13de Pull complete 223.3s
⠿ 4197f1d50027 Pull complete 223.3s
⠿ 7b09e8bf9083 Pull complete 223.4s
⠿ 9224c3aa3ecc Pull complete 223.5s
⠿ 5349adf2f552 Pull complete 223.5s
⠿ 848432260453 Pull complete 223.5s
⠿ 912a4211d224 Pull complete 223.8s
⠿ wazuh.indexer Pulled 479.8s
⠿ cb6230c89c15 Pull complete 17.6s
⠿ b8b2e6b51e29 Pull complete 34.5s
⠿ 7ecd67faa1ec Pull complete 34.6s
⠿ 27f71a7a924a Pull complete 34.6s
⠿ 963f7e3d9dc4 Pull complete 34.6s
⠿ 4a26759d76d1 Pull complete 34.6s
⠿ 68513ab6de48 Pull complete 34.6s
⠿ 43952e368a76 Pull complete 34.6s
⠿ d66abcf5cc8f Pull complete 34.6s
⠿ e20b885bf5fb Pull complete 465.2s
⠿ 992346db928a Pull complete 465.2s
⠿ 997fd811bcdd Pull complete 465.2s
⠿ 4f4fb700ef54 Pull complete 465.2s
⠿ 96729bd48b6e Pull complete 476.6s
⠿ dd821f5b7e8b Pull complete 477.0s
⠿ wazuh.dashboard Pulled 132.9s
⠿ 9e11cbd57864 Pull complete 44.7s
⠿ 5929a6fb50b0 Pull complete 44.8s
⠿ 3afc6809987a Pull complete 45.4s
⠿ a9e622c67453 Pull complete 46.2s
⠿ ae820394aadc Pull complete 47.0s
⠿ 420e712c0ec9 Pull complete 47.9s
⠿ 94f0814cc1ae Pull complete 48.6s
⠿ 67ce18b2b504 Pull complete 49.4s
⠿ 1a79139ef13e Pull complete 130.5s
⠿ 5bd822352d2d Pull complete 130.5s
⠿ 7bf5e37a0a36 Pull complete 130.6s
[+] Running 17/17
⠿ Volume "single-node_wazuh_queue" Created 0.1s
⠿ Volume "single-node_filebeat_var" Created 0.2s
⠿ Volume "single-node_wazuh-dashboard-custom" Created 0.1s
⠿ Volume "single-node_wazuh_var_multigroups" Created 0.2s
⠿ Volume "single-node_filebeat_etc" Created 0.2s
⠿ Volume "single-node_wazuh-dashboard-config" Created 0.1s
⠿ Volume "single-node_wazuh_logs" Created 0.1s
⠿ Volume "single-node_wazuh_active_response" Created 0.1s
⠿ Volume "single-node_wazuh_agentless" Created 0.1s
⠿ Volume "single-node_wazuh-indexer-data" Created 0.1s
⠿ Volume "single-node_wazuh_api_configuration" Created 0.1s
⠿ Volume "single-node_wazuh_integrations" Created 0.0s
⠿ Volume "single-node_wazuh_etc" Created 0.1s
⠿ Volume "single-node_wazuh_wodles" Created 0.1s
⠿ Container single-node-wazuh.indexer-1 Started 2.0s
⠿ Container single-node-wazuh.manager-1 Started 2.1s
⠿ Container single-node-wazuh.dashboard-1 Startedaccess with
Changed the passwordroot@ubuntu-jammy:~/wazuh-docker/single-node# docker-compose down
[+] Running 4/4
⠿ Container single-node-wazuh.dashboard-1 Removed 10.4s
⠿ Container single-node-wazuh.manager-1 Removed 4.1s
⠿ Container single-node-wazuh.indexer-1 Removed 0.3s
⠿ Network single-node_default Removed 0.3s
root@ubuntu-jammy:~/wazuh-docker/single-node# docker run --rm -ti wazuh/wazuh-indexer:4.9.0 bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh
Unable to find image 'wazuh/wazuh-indexer:4.9.0' locally
docker: Error response from daemon: manifest for wazuh/wazuh-indexer:4.9.0 not found: manifest unknown: manifest unknown.
See 'docker run --help'.
root@ubuntu-jammy:~/wazuh-docker/single-node# ^C
root@ubuntu-jammy:~/wazuh-docker/single-node# docker run --rm -ti wazuh/wazuh-indexer:4.9.0-beta1 bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
[Password:]
$2y$12$pwS17o/yzKPqvdNc//wZ1Ox4dR0hcknc1iLU2YkC/DANWpDFj3MZ.
root@ubuntu-jammy:~/wazuh-docker/single-node# docker run --rm -ti wazuh/wazuh-indexer:4.9.0-beta1 bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
[Password:]
$2y$12$fPRFvsI4R4D/reA11IulvuYtJT4l9YzkD2MjoTPtMxxeXuQTvEZGC
root@ubuntu-jammy:~/wazuh-docker/single-node# vim config/wazuh_indexer/internal_users.yml
root@ubuntu-jammy:~/wazuh-docker/single-node# vim config/wazuh_indexer/internal_users.yml
root@ubuntu-jammy:~/wazuh-docker/single-node# vim config/wazuh_indexer/internal_users.yml
root@ubuntu-jammy:~/wazuh-docker/single-node# vim docker-compose.yml
root@ubuntu-jammy:~/wazuh-docker/single-node# docker-compose up -d
[+] Running 4/4
⠿ Network single-node_default Created 0.1s
⠿ Container single-node-wazuh.indexer-1 Started 0.2s
⠿ Container single-node-wazuh.manager-1 Started 0.3s
⠿ Container single-node-wazuh.dashboard-1 Started 0.5s
root@ubuntu-jammy:~/wazuh-docker/single-node# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3eb822803010 wazuh/wazuh-dashboard:4.9.0-beta1 "/entrypoint.sh" 10 seconds ago Up 9 seconds 443/tcp, 0.0.0.0:443->5601/tcp, :::443->5601/tcp single-node-wazuh.dashboard-1
854cc09a9576 wazuh/wazuh-manager:4.9.0-beta1 "/init" 10 seconds ago Up 9 seconds 0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp single-node-wazuh.manager-1
8c09b2c96c67 wazuh/wazuh-indexer:4.9.0-beta1 "/entrypoint.sh open…" 10 seconds ago Up 10 seconds 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp single-node-wazuh.indexer-1
root@ubuntu-jammy:~/wazuh-docker/single-node# docker exec -it single-node-wazuh.indexer-1 bash
bash-5.2$ export INSTALLATION_DIR=/usr/share/wazuh-indexer
CACERT=$INSTALLATION_DIR/certs/root-ca.pem
KEY=$INSTALLATION_DIR/certs/admin-key.pem
CERT=$INSTALLATION_DIR/certs/admin.pem
export JAVA_HOME=/usr/share/wazuh-indexer/jdk
bash-5.2$ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/opensearch-security/ -nhnv -cacert $CACERT -cert $CERT -key $KEY -p 9200 -icl
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: opensearch
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /usr/share/wazuh-indexer/opensearch-security/
Will update '/config' with /usr/share/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /usr/share/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /usr/share/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /usr/share/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /usr/share/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /usr/share/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /usr/share/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /usr/share/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /usr/share/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /usr/share/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
bash-5.2$ exit
exitnew passwordsroot@ubuntu-jammy:~/wazuh-docker/single-node# grep -iE "(admin|kibanaserver):" -A1 config/wazuh_indexer/internal_users.yml
admin:
hash: "$2y$12$pwS17o/yzKPqvdNc//wZ1Ox4dR0hcknc1iLU2YkC/DANWpDFj3MZ."
--
kibanaserver:
hash: "$2y$12$fPRFvsI4R4D/reA11IulvuYtJT4l9YzkD2MjoTPtMxxeXuQTvEZGC"
root@ubuntu-jammy:~/wazuh-docker/single-node# grep -iE "(INDEXER|DASHBOARD)_PASSWORD" docker-compose.yml
- INDEXER_PASSWORD=TestingAdmin
- INDEXER_PASSWORD=TestingAdmin
- DASHBOARD_PASSWORD=TestingKibanaServeraccess correctly
|
New test with the same passwordsroot@ubuntu-jammy:~/wazuh-docker/single-node# docker-compose down
[+] Running 4/4
⠿ Container single-node-wazuh.dashboard-1 Removed 10.3s
⠿ Container single-node-wazuh.manager-1 Removed 3.9s
⠿ Container single-node-wazuh.indexer-1 Removed 0.3s
⠿ Network single-node_default Removed 0.8s
root@ubuntu-jammy:~/wazuh-docker/single-node# docker run --rm -ti wazuh/wazuh-indexer:4.9.0 bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh
Unable to find image 'wazuh/wazuh-indexer:4.9.0' locally
docker: Error response from daemon: manifest for wazuh/wazuh-indexer:4.9.0 not found: manifest unknown: manifest unknown.
See 'docker run --help'.
root@ubuntu-jammy:~/wazuh-docker/single-node# docker run --rm -ti wazuh/wazuh-indexer:4.9.0-beta1 bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
[Password:]
$2y$12$z/OYDhSWAXWS/22G5.G4H.dOvYapwkckg0Tso5QgurQEVHKOZ8Aly
root@ubuntu-jammy:~/wazuh-docker/single-node# docker run --rm -ti wazuh/wazuh-indexer:4.9.0-beta1 bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
[Password:]
$2y$12$bmuMnn1N70xuPb5LUF8.Y.SHGcrARqzmtHgO9qsWbtuWbkN4uhA/i
root@ubuntu-jammy:~/wazuh-docker/single-node# vim config/wazuh_indexer/internal_users.yml
root@ubuntu-jammy:~/wazuh-docker/single-node# vim config/wazuh_indexer/internal_users.yml
root@ubuntu-jammy:~/wazuh-docker/single-node# vim docker-compose.yml
root@ubuntu-jammy:~/wazuh-docker/single-node# docker-compose up -d
[+] Running 4/4
⠿ Network single-node_default Created 0.1s
⠿ Container single-node-wazuh.manager-1 Started 0.3s
⠿ Container single-node-wazuh.indexer-1 Started 0.2s
⠿ Container single-node-wazuh.dashboard-1 Started 0.5s
root@ubuntu-jammy:~/wazuh-docker/single-node# docker exec -it single-node-wazuh.indexer-1 bash
bash-5.2$ export INSTALLATION_DIR=/usr/share/wazuh-indexer
CACERT=$INSTALLATION_DIR/certs/root-ca.pem
KEY=$INSTALLATION_DIR/certs/admin-key.pem
CERT=$INSTALLATION_DIR/certs/admin.pem
export JAVA_HOME=/usr/share/wazuh-indexer/jdk
bash-5.2$ bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/opensearch-security/ -nhnv -cacert $CACERT -cert $CERT -key $KEY -p 9200 -icl
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to localhost:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: opensearch
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /usr/share/wazuh-indexer/opensearch-security/
Will update '/config' with /usr/share/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /usr/share/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /usr/share/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /usr/share/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /usr/share/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /usr/share/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /usr/share/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /usr/share/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /usr/share/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /usr/share/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
bash-5.2$ exit
exit
root@ubuntu-jammy:~/wazuh-docker/single-node# grep -iE "(INDEXER|DASHBOARD)_PASSWORD" docker-compose.yml
- INDEXER_PASSWORD=SuperSecretPassword
- INDEXER_PASSWORD=SuperSecretPassword
- DASHBOARD_PASSWORD=kibanaserver
root@ubuntu-jammy:~/wazuh-docker/single-node# grep -iE "(admin|kibanaserver):" -A1 config/wazuh_indexer/internal_users.yml
admin:
hash: "$2y$12$z/OYDhSWAXWS/22G5.G4H.dOvYapwkckg0Tso5QgurQEVHKOZ8Aly"
--
kibanaserver:
hash: "$2y$12$bmuMnn1N70xuPb5LUF8.Y.SHGcrARqzmtHgO9qsWbtuWbkN4uhA/i"
|
Update reportI was unable to reproduce the error. I tried a few variants to force the error but could not do it in the same way as in the test. Following the steps indicated in the documentation, the password change worked correctly. What caught my attention in what was indicated in the test is that the password for the kibanaserver user was left at the default |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Hi team, while performing the E2E docker deployment test in wazuh/wazuh#25017
I have found that changing only the indexer password let the dashboard inaccessible reporting the following error in the interface:
The exact followed steps to find this situation are reported in this comment wazuh/wazuh#25017 (comment)
The text was updated successfully, but these errors were encountered: