Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error when generate-indexer-certs Please help me T_T #733

Closed
SYRTI opened this issue Oct 17, 2022 · 11 comments
Closed

Error when generate-indexer-certs Please help me T_T #733

SYRTI opened this issue Oct 17, 2022 · 11 comments
Assignees
@rauldpm
Labels
community

Comments

@SYRTI
Copy link

SYRTI commented Oct 17, 2022

Cant generate the Certificates with docker-compose -f generate-indexer-certs.yml run --rm generator
because the image image: wazuh/wazuh-certs-generator:0.0.1
seems to point at PACKAGES_URL=https://packages.wazuh.com/4.3/ which throws this message:
Cert tool does not exist in any bucket
ERROR: certificates were not created

I follow this steps

sysctl -w vm.max_map_count=262144
uname -a
curl -sSL https://get.docker.com/ | sh

if we have any error I use
sudo dpkg --configure -a
start docker
systemctl start docker
download binary
curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
test
docker-compose --version
Output:
docker-compose version 1.29.2, build 5becea4c
clone repo
git clone https://github.com/wazuh/wazuh-docker.git -b v4.3.8 --depth=1
Then enter into the single-node directory. All the commands described below are executed within this directory. For additional security, the default password for the Wazuh indexer administrator user can be changed.

docker-compose -f generate-indexer-certs.yml run --rm generator

ERROR HERE!

docker-compose up

ERROR.
image
@maxferrario-msf
Copy link

Same error here:

~/wazuh-docker/single-node$ sudo docker-compose -f generate-indexer-certs.yml run --rm generator
/snap/docker/2285/lib/python3.6/site-packages/paramiko/transport.py:33: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography and will be removed in a future release.
  from cryptography.hazmat.backends import default_backend
Creating network "single-node_default" with the default driver
Pulling generator (wazuh/wazuh-certs-generator:0.0.1)...
0.0.1: Pulling from wazuh/wazuh-certs-generator
d7bfe07ed847: Pull complete
a6023cfa8265: Pull complete
6135753eefe9: Pull complete
9aaf0dae5d3f: Pull complete
Digest: sha256:6fc929d58d01b789d4a19c5da476c78cc267c0af07d1b22227ccae49acb084dc
Status: Downloaded newer image for wazuh/wazuh-certs-generator:0.0.1
Creating single-node_generator_run ... done

Cert tool does not exist in any bucket
ERROR: certificates were not created
ERROR: 1

@rauldpm rauldpm self-assigned this Oct 25, 2022
@rauldpm rauldpm mentioned this issue Oct 25, 2022
Closed
@rauldpm
Copy link
Member

rauldpm commented Oct 25, 2022

Hello @SYRTI

The execution of command git clone https://github.com/wazuh/wazuh-docker.git -b v4.3.8 --depth=1 should leave the repository in an unspecified branch except for the commit referenced, which in the case of tag v4.3.8 should be f42b30b71d4b5713926772a28ee9842291d8b12a, you can check this with the git log command. Is it so in your case?

The file that should be downloaded is the following: https://packages.wazuh.com/4.3/wazuh-certs-tool.sh, can you check that you can download it through curl, wget or access it from the browser itself?

I see that you are performing the deployment inside a virtual machine, by the hostname shown in the terminal, can you check its network configuration in case it is limiting access in some way? What system is it?

Lastly, I also see that the git branch -a command it is showing that the used branch is the master branch, which is a development branch for the 4.5.0 version, this doesn't match the output of the git clone command which does an automatic checkout to the v4.3.8 tag with the commit mentioned above.

Hello @maxferrario-msf

Which branch are you using? Could you give more information and take into consideration the comments made above?

@maxferrario-msf
Copy link

Hi,
@rauldpm I've tried on a different, freshly installed ubuntu 22.04.1 server and the certificate generation worked flawlessly.

In my case this is the output of git branch -a


$ git branch -a
* (no branch)

@rauldpm
Copy link
Member

rauldpm commented Oct 27, 2022

Hello @maxferrario-msf , I'm glad it works on Ubuntu 22, which is the system where you observed the error? Would it be possible for you to share as much information as possible so that we can try to reproduce the problem?

  • Operating system
  • If it is a virtual machine, the virtualization platform used
  • Network configuration, firewall, etc.

And if you still have that system, the direct download of the file fails or is successful?

Regards, Raúl.

@maxferrario-msf
Copy link

Hi @rauldpm ,
unfortunately I installed the new ubuntu server on the same disk where I had unsuccessfully tried before :-|
I was using ubuntu server 22.04.1 as in my last attempt, and the machine was bare metal.
But I do not have more info than this.

@rauldpm
Copy link
Member

rauldpm commented Oct 27, 2022

Hello @maxferrario-msf, I've done some testing on that system, and initially, the deployment was successful, now, as I mentioned earlier, it looks like firewalld may be the reason for this error. After starting the firewalld service, the creation of the certificates has taken a long time to complete, indicating the aforementioned message:

Creating single-node_generator_run ... done
Cert tool does not exist in any bucket
ERROR: certificates were not created
ERROR: 1

This makes sense since due to the firewall it has not been able to obtain the said file.

I will consult with the team about the possibility of adding some type of control or check on connectivity before downloading files.

@rauldpm
Copy link
Member

rauldpm commented Oct 27, 2022

After discussing it with the team, I have opened this issue: #736

@SYRTI
Copy link
Author

SYRTI commented Nov 8, 2022
edited
Loading

Please close this issue. I found the solution.

Maybe you can help me (Again)

I need monitoring a background service (mascv trellix agent in Windows), but don't find the way
image

@rauldpm
Copy link
Member

rauldpm commented Nov 9, 2022

Hello @SYRTI

First, you should identify the logs you want to monitor, after that, you can configure Logcollector to monitor the desired logs.
These links about Logcollector may help you:

You can also create your own decoders and rules to read what you think is convenient from the log. This is the documentation about customs rules and decoders: https://documentation.wazuh.com/current/user-manual/ruleset/custom.html

Since the question is not related to the theme of the issue, it would be convenient for you to open another issue in a more general repository for the theme of the question like the https://github.com/wazuh/wazuh repository, or to create a thread in our Google Group or our Slack channel, where there is the largest community movement for these types of questions.

Regards, Raúl.

@alberpilot
Copy link
Contributor

I proceed to close this issue due to inactivity. Please don't hesitate to re-open if necessary.

@alberpilot alberpilot closed this as not planned Won't fix, can't repro, duplicate, stale Dec 14, 2022
@andyoulovexy
Copy link

systemctl restart docker. everything will ok

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rauldpm rauldpm

Labels
community
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@alberpilot @rauldpm @maxferrario-msf @andyoulovexy @SYRTI