Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wazuh-dashboard failing to authenticate with kibanaserver user after upgrade to v4.3.5 #279

Closed
Zaulao opened this issue Jun 30, 2022 · 4 comments
Closed

wazuh-dashboard failing to authenticate with kibanaserver user after upgrade to v4.3.5 #279

Zaulao opened this issue Jun 30, 2022 · 4 comments
Assignees
@teddytpc1

Comments

@Zaulao
Copy link

Zaulao commented Jun 30, 2022
edited
Loading

Overall

After upgrading all images from v4.3.4 to v4.3.5, the dashboard is not able to authenticate within the wazuh-indexer using the custom credentials created for the kibanaserver user.

Logs from wazuh-dashboard pod:
{"type":"log","@timestamp":"2022-06-30T20:23:22Z","tags":["error","opensearch","data"],"pid":43,"message":"[ResponseError]: Response Error"}

Logs from wazuh-indexer-0 pod:
[2022-06-30T20:24:24,893][WARN ][o.o.s.a.BackendRegistry ] [wazuh-indexer-0] Authentication finally failed for kibanaserver from <dashboard_ip>:37240

They're both using the same internal_users and secrets files since v4.3.3. After rolling back the wazuh-dashboard image to v4.3.4, the authentication works again.

Additional information

After noticing the error, I deleted all configmaps and secrets in order to start the new deploy with a brand new configuration environment.

To debug the problem, I executed a cURL from the wazuh-manager-master-0 pod using the same kibanaserver user and password configurated in the secrets file and the response was OK:
image

I also retrieved all the environment variables present in the wazuh-dashboard pod related to the dashboard and the user and password were present:
image

The issue persisted until I rollback the wazuh-dashboard image.

Procedure used to change the kibanaserver password

First updated the dashboard-cred secrets file. Then, used a simple wazuh-indexer v4.3.3 pod to generate the new password hash through the tool provided by opensearch located in plugins/opensearch-security/tools/hash.sh. With the new hash, I updated the repository's internal_users file.

Upgrade process

I'm using the image wazuh/wazuh-dashboard:4.3.5 , my upgrade procedure was to simply change the image tag from 4.3.4 to 4.3.5 on wazuh/wazuh-dashboard, wazuh/wazuh-indexer and both wazuh/wazuh-manager. Than I reapply all the files using kustomize. This processes worked fine for the upgrade from v4.3.3 to v4.3.4
@artazar
Copy link

artazar commented Jul 1, 2022

Seems related: #248

@teddytpc1 teddytpc1 self-assigned this Jul 1, 2022
@teddytpc1
Copy link
Member

Hi @Zaulao.
Thanks for reporting this issue.
We have created the following PR to correct this behavior. The cause was that some old changes were introduced to the Dockerfile and the dashboard keystore was being created during the image build. We have also added a change in the entrypoint.sh to overwrite the keystore in case it is already created. This will be useful when the DASHBOARD_PASSWORD is updated.
Once is merged, we will push the Wazuh dashboard image again to Docker Hub.

@teddytpc1
Copy link
Member

@Zaulao the image is already pushed to Docker Hub.

@Zaulao
Copy link
Author

Zaulao commented Jul 1, 2022

@teddytpc1 Just tested it, it's working fine now. You can close the issue, Thank you!

Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@teddytpc1 teddytpc1

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@artazar @Zaulao @teddytpc1