Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ugrading wazuh-indexer from 4.5 to 4.6 modifies config.yml file #2429

Closed
DFolchA opened this issue Sep 7, 2023 · 5 comments · Fixed by #2463
Closed

Ugrading wazuh-indexer from 4.5 to 4.6 modifies config.yml file #2429

DFolchA opened this issue Sep 7, 2023 · 5 comments · Fixed by #2463
Assignees
@rauldpm
Labels
level/task Subtask issue type/bug Bug issue

Comments

@DFolchA
Copy link
Contributor

DFolchA commented Sep 7, 2023
edited
Loading

Wazuh version Install type Action performed Platform
4.6.0 Indexer Upgrade RPM/DEB

We found during to GitHub action tests that the config.yml file is modified when upgrading wazuh-indexer to 4.6.0:

Comparing opensearch.yml.example file checksum...
Old: ab1ad1f166434f3abac7a751c1e57fba
New: ab1ad1f166434f3abac7a751c1e57fba
opensearch.yml.example - Same checksum.
Comparing action_groups.yml file checksum...
Old: 49915bd12633877031bbbb8755475c57
New: 49915bd12633877031bbbb8755475c57
action_groups.yml - Same checksum.
Comparing audit.yml file checksum...
Old: 708fac768f8535fec7cc8f861ea2f51e
New: 708fac768f8535fec7cc8f861ea2f51e
audit.yml - Same checksum.
Comparing config.yml file checksum...
Old: b9eb7a16aa1969ee394370d3369a9d6b
New: 25c499973687a8fd3eb8b9ceb3da7a68
config.yml - Different checksum.

https://github.com/wazuh/wazuh-packages/actions/runs/6107919844/job/16575883511?pr=2426

Related PR: #2426
@vikman90 vikman90 mentioned this issue Sep 7, 2023
Merged
30 tasks
@vikman90 vikman90 added level/task Subtask issue type/bug Bug issue labels Sep 7, 2023
This was referenced Sep 7, 2023
Merged
Merged
@wazuhci wazuhci moved this to Triage in Release 4.6.0 Sep 13, 2023
@davidjiglesias
Copy link
Member

We have to check why the installer modifies the config file during the upgrade.

@wazuhci wazuhci moved this from Triage to Backlog in Release 4.6.0 Sep 14, 2023
@damarisg damarisg moved this from Backlog to In progress in Release 4.6.0 Sep 15, 2023
@rauldpm
Copy link
Member

rauldpm commented Sep 15, 2023
edited
Loading

Update report

  • The checksum difference is expected as the config.yml file has changed, and the IP values are not surrounded by double commas

image

Installing new version of config file /etc/wazuh-indexer/opensearch-security/config.yml ...
Upgrade from 4.5.2 to 4.6.0 
root@ubuntu22:/home/vagrant# apt install ./wazuh-indexer_4.5.2-1_amd64.deb 
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'wazuh-indexer' instead of './wazuh-indexer_4.5.2-1_amd64.deb'
The following NEW packages will be installed:
  wazuh-indexer
0 upgraded, 1 newly installed, 0 to remove and 142 not upgraded.
Need to get 683 MB of archives.
After this operation, 971 MB of additional disk space will be used.
Get:1 https://packages.wazuh.com/4.x/apt stable/main amd64 wazuh-indexer amd64 4.5.2-1 [683 MB]
Fetched 683 MB in 13s (53.9 MB/s)                                                                                                                                                                                 
Selecting previously unselected package wazuh-indexer.
(Reading database ... 75812 files and directories currently installed.)
Preparing to unpack .../wazuh-indexer_4.5.2-1_amd64.deb ...
Creating wazuh-indexer group... OK
Creating wazuh-indexer user... OK
Unpacking wazuh-indexer (4.5.2-1) ...
Setting up wazuh-indexer (4.5.2-1) ...
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
Scanning processes...                                                                                                                                                                                              
Scanning linux images...                                                                                                                                                                                           

Running kernel seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.
root@ubuntu22:/home/vagrant# sha512sum /usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.yml 
4b76e9fd115c918a65a449742316d020173329cf9f2e029160ed74b89109c4424d4ab4aff28ead53a079cfbd553f0a682cdb26de7f4d62cf4eba46f7a89083a6  /usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.yml
root@ubuntu22:/home/vagrant# cat /usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.yml 
nodes:
  # Wazuh indexer nodes
  indexer:
    - name: node-1
      ip: <indexer-node-ip>
    #- name: node-2
    #  ip: <indexer-node-ip>
    #- name: node-3
    #  ip: <indexer-node-ip>

  # Wazuh server nodes
  # If there is more than one Wazuh server
  # node, each one must have a node_type
  server:
    - name: wazuh-1
      ip: <wazuh-manager-ip>
    #  node_type: master
    #- name: wazuh-2
    #  ip: <wazuh-manager-ip>
    #  node_type: worker
    #- name: wazuh-3
    #  ip: <wazuh-manager-ip>
    #  node_type: worker

  # Wazuh dashboard nodes
  dashboard:
    - name: dashboard
      ip: <dashboard-node-ip>root@ubuntu22:/home/vagrant# 
root@ubuntu22:/home/vagrant# apt install ./wazuh-indexer_4.6.0-1_amd64.deb 
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'wazuh-indexer' instead of './wazuh-indexer_4.6.0-1_amd64.deb'
The following packages will be upgraded:
  wazuh-indexer
1 upgraded, 0 newly installed, 0 to remove and 142 not upgraded.
Need to get 0 B/685 MB of archives.
After this operation, 1,739 kB disk space will be freed.
Get:1 /home/vagrant/wazuh-indexer_4.6.0-1_amd64.deb wazuh-indexer amd64 4.6.0-1 [685 MB]
(Reading database ... 76935 files and directories currently installed.)
Preparing to unpack .../wazuh-indexer_4.6.0-1_amd64.deb ...
Unpacking wazuh-indexer (4.6.0-1) over (4.5.2-1) ...
Setting up wazuh-indexer (4.6.0-1) ...
Installing new version of config file /etc/wazuh-indexer/opensearch-notifications-core/notifications-core.yml ...
Installing new version of config file /etc/wazuh-indexer/opensearch-performance-analyzer/log4j2.xml ...
Installing new version of config file /etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy ...
Installing new version of config file /etc/wazuh-indexer/opensearch-performance-analyzer/rca.conf ...
Installing new version of config file /etc/wazuh-indexer/opensearch-performance-analyzer/rca_cluster_manager.conf ...
Installing new version of config file /etc/wazuh-indexer/opensearch-performance-analyzer/rca_idle_cluster_manager.conf ...
Installing new version of config file /etc/wazuh-indexer/opensearch-security/config.yml ...
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
Scanning processes...                                                                                                                                                                                              
Scanning linux images...                                                                                                                                                                                           

Running kernel seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.
N: Download is performed unsandboxed as root as file '/home/vagrant/wazuh-indexer_4.6.0-1_amd64.deb' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
root@ubuntu22:/home/vagrant# sha512sum /usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.yml 
dba0e4a53a63709a3f39d8916ef29d400108edde5c0c32b5a62922661742711da9d0efe9c17ea73b26cf446954fda6db712d8634ce2e56c710de63fa85fb6aed  /usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.yml
root@ubuntu22:/home/vagrant# cat /usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.yml 
nodes:
  # Wazuh indexer nodes
  indexer:
    - name: node-1
      ip: "<indexer-node-ip>"
    #- name: node-2
    #  ip: "<indexer-node-ip>"
    #- name: node-3
    #  ip: "<indexer-node-ip>"

  # Wazuh server nodes
  # If there is more than one Wazuh server
  # node, each one must have a node_type
  server:
    - name: wazuh-1
      ip: "<wazuh-manager-ip>"
    #  node_type: master
    #- name: wazuh-2
    #  ip: "<wazuh-manager-ip>"
    #  node_type: worker
    #- name: wazuh-3
    #  ip: "<wazuh-manager-ip>"
    #  node_type: worker

  # Wazuh dashboard nodes
  dashboard:
    - name: dashboard
      ip: "<dashboard-node-ip>"root@ubuntu22:/home/vagrant#
  • It is necessary to add the necessary code to allow exceptions when this type of change exists, for this, it is proposed (due to the limitation of shell structures) to add a list that will contain:
    • The name of the file in question
    • List of versions where there is a change
  • This option is rejected because it is not maintainable, it does not allow one version to be differentiated from another
  • The code has been adapted so that the list reflects the SHA value of the config.yml file
  • This is added as a fix, but it is not a solution that is maintainable in the long term since there can be countless changes to the files. This raises the following question:
    • Is it really necessary to maintain a check of checksums? Should this check be replaced by a functionality check?

@rauldpm rauldpm mentioned this issue Sep 15, 2023
Closed
@rauldpm rauldpm linked a pull request Sep 15, 2023 that will close this issue
Added exception list for config.yml checksums in GHA tests #2457
Closed
@rauldpm rauldpm mentioned this issue Sep 15, 2023
Closed
@rauldpm rauldpm linked a pull request Sep 15, 2023 that will close this issue
Added exception list for config.yml checksums in GHA tests #2458
Closed
@wazuhci wazuhci moved this from In progress to Pending review in Release 4.6.0 Sep 15, 2023
@wazuhci wazuhci moved this from Pending review to In review in Release 4.6.0 Sep 15, 2023
@mauromalara
Copy link

LGTM!

Maybe in the future we can those expected SHAs to a "whitelist" file in order to avoid modifying the scripts.

@wazuhci wazuhci moved this from In review to Pending final review in Release 4.6.0 Sep 15, 2023
@rauldpm rauldpm mentioned this issue Sep 18, 2023
Closed
@rauldpm
Copy link
Member

rauldpm commented Sep 18, 2023

Opened issue #2459

@wazuhci wazuhci moved this from Pending final review to In final review in Release 4.6.0 Sep 18, 2023
@rauldpm
Copy link
Member

rauldpm commented Sep 18, 2023
edited
Loading

Update report

  • Due to confusion, the file analyzed was not the correct one, the file that must be analyzed is the one located in /etc/wazuh-indexer/opensearch-security/config.yml and not in /usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.ym
  • Due to the fact that more changes have been detected in other files, this issue will be worked on at Review changes in the Wazuh indexer upgrade #2460
  • An error has been detected in the test itself when making an empty redirect:
echo "# Adding a new line to force changed checksum" >> ${f}
  • This implies that the version 4.5.2 file is never updated with the new line and produces the following error
Processing /etc/wazuh-indexer/opensearch-security/action_groups.yml file...
/home/runner/work/wazuh-packages/wazuh-packages/.github/actions/upgrade-indexer/common.sh: line 81: ${f}: ambiguous redirect
Changed file.
Processing /etc/wazuh-indexer/opensearch-security/allowlist.yml file...
/home/runner/work/wazuh-packages/wazuh-packages/.github/actions/upgrade-indexer/common.sh: line 81: ${f}: ambiguous redirect
Changed file.
/home/runner/work/wazuh-packages/wazuh-packages/.github/actions/upgrade-indexer/common.sh: line 81: ${f}: ambiguous redirect
Processing /etc/wazuh-indexer/opensearch-security/audit.yml file...
Changed file.
/home/runner/work/wazuh-packages/wazuh-packages/.github/actions/upgrade-indexer/common.sh: line 81: ${f}: ambiguous redirect
Processing /etc/wazuh-indexer/opensearch-security/config.yml file...
Changed file.
/home/runner/work/wazuh-packages/wazuh-packages/.github/actions/upgrade-indexer/common.sh: line 81: ${f}: ambiguous redirect
Processing /etc/wazuh-indexer/opensearch-security/internal_users.yml file...
Changed file.
Processing /etc/wazuh-indexer/opensearch-security/nodes_dn.yml file...
/home/runner/work/wazuh-packages/wazuh-packages/.github/actions/upgrade-indexer/common.sh: line 81: ${f}: ambiguous redirect
Changed file.
Processing /etc/wazuh-indexer/opensearch-security/opensearch.yml.example file...
/home/runner/work/wazuh-packages/wazuh-packages/.github/actions/upgrade-indexer/common.sh: line 81: ${f}: ambiguous redirect
Changed file.
/home/runner/work/wazuh-packages/wazuh-packages/.github/actions/upgrade-indexer/common.sh: line 81: ${f}: ambiguous redirect
Processing /etc/wazuh-indexer/opensearch-security/roles.yml file...
Changed file.
/home/runner/work/wazuh-packages/wazuh-packages/.github/actions/upgrade-indexer/common.sh: line 81: ${f}: ambiguous redirect
Processing /etc/wazuh-indexer/opensearch-security/roles_mapping.yml file...
Changed file.
/home/runner/work/wazuh-packages/wazuh-packages/.github/actions/upgrade-indexer/common.sh: line [81](https://github.com/wazuh/wazuh-packages/actions/runs/6107919844/job/16575883511?pr=2426#step:8:82): ${f}: ambiguous redirect
Processing /etc/wazuh-indexer/opensearch-security/tenants.yml file...
Changed file.
/home/runner/work/wazuh-packages/wazuh-packages/.github/actions/upgrade-indexer/common.sh: line 81: ${f}: ambiguous redirect
Processing /etc/wazuh-indexer/opensearch-security/whitelist.yml file...
  • By fixing the variable ${f} with ${file}, the process completes successfully
Upgrade test from 4.5.2 to 4.6.0 
[root@centos7 vagrant]# bash upgrade-indexer.sh "wazuh-indexer-4.6.0-1.x86_64.rpm" "45"
New path detected (/etc).
Installing old version of Wazuh indexer...
[wazuh]
gpgcheck=1
gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-$releasever - Wazuh
baseurl=https://packages.wazuh.com/4.x/yum/
protect=1
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.tedra.es
 * extras: mirror.tedra.es
 * updates: mirror.tedra.es
wazuh                                                                                                                                                                                                                 | 3.4 kB  00:00:00     
Resolving Dependencies
--> Running transaction check
---> Package wazuh-indexer.x86_64 0:4.5.2-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================================================================================================================================
 Package                                                       Arch                                                   Version                                                    Repository                                             Size
=============================================================================================================================================================================================================================================
Installing:
 wazuh-indexer                                                 x86_64                                                 4.5.2-1                                                    wazuh                                                 675 M

Transaction Summary
=============================================================================================================================================================================================================================================
Install  1 Package

Total download size: 675 M
Installed size: 931 M
Downloading packages:
wazuh-indexer-4.5.2-1.x86_64.rpm                                                                                                                                                                                      | 675 MB  00:00:08     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wazuh-indexer-4.5.2-1.x86_64                                                                                                                                                                                              1/1 
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
  Verifying  : wazuh-indexer-4.5.2-1.x86_64                                                                                                                                                                                              1/1 

Installed:
  wazuh-indexer.x86_64 0:4.5.2-1                                                                                                                                                                                                             

Complete!
Processing /etc/wazuh-indexer/opensearch-security/action_groups.yml file...
Changed file.
Processing /etc/wazuh-indexer/opensearch-security/allowlist.yml file...
Changed file.
Processing /etc/wazuh-indexer/opensearch-security/audit.yml file...
Changed file.
Processing /etc/wazuh-indexer/opensearch-security/config.yml file...
Changed file.
Processing /etc/wazuh-indexer/opensearch-security/internal_users.yml file...
Changed file.
Processing /etc/wazuh-indexer/opensearch-security/nodes_dn.yml file...
Changed file.
Processing /etc/wazuh-indexer/opensearch-security/opensearch.yml.example file...
Changed file.
Processing /etc/wazuh-indexer/opensearch-security/roles_mapping.yml file...
Changed file.
Processing /etc/wazuh-indexer/opensearch-security/roles.yml file...
Changed file.
Processing /etc/wazuh-indexer/opensearch-security/tenants.yml file...
Changed file.
Processing /etc/wazuh-indexer/opensearch-security/whitelist.yml file...
Changed file.
Old files...
Key: roles_mapping.yml
Value: 1deff102040f596a229b018dd343ce7c
Key: action_groups.yml
Value: 56c06718658b8482b3b7abdb52518258
Key: internal_users.yml
Value: beda21e0405bbcc4b1cfd9d0d1cad015
Key: config.yml
Value: d75cbb1b7c0e299db6afe067896c069d
Key: nodes_dn.yml
Value: 28225dd9b9d5c8590e2924ee6561be68
Key: opensearch.yml.example
Value: b6624309707a7ac4a6a45c71c292740f
Key: tenants.yml
Value: c7a153b0df3182be5b30bf3f8592105a
Key: allowlist.yml
Value: ca5887d86e22ce83df32101212d42034
Key: roles.yml
Value: c4bc5a893515fe12944d6910a32c53b9
Key: audit.yml
Value: 56c1c1d37c5a868b1c5bb458b890f59b
Key: whitelist.yml
Value: 5c265da3f9bb6845a712b0f5fe2d7d04
Installing new version of Wazuh indexer...
Loaded plugins: fastestmirror
Examining wazuh-indexer-4.6.0-1.x86_64.rpm: wazuh-indexer-4.6.0-1.x86_64
Marking wazuh-indexer-4.6.0-1.x86_64.rpm as an update to wazuh-indexer-4.5.2-1.x86_64
Resolving Dependencies
--> Running transaction check
---> Package wazuh-indexer.x86_64 0:4.5.2-1 will be updated
---> Package wazuh-indexer.x86_64 0:4.6.0-1 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================================================================================================================================
 Package                                                 Arch                                             Version                                              Repository                                                               Size
=============================================================================================================================================================================================================================================
Updating:
 wazuh-indexer                                           x86_64                                           4.6.0-1                                              /wazuh-indexer-4.6.0-1.x86_64                                           930 M

Transaction Summary
=============================================================================================================================================================================================================================================
Upgrade  1 Package

Total size: 930 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : wazuh-indexer-4.6.0-1.x86_64                                                                                                                                                                                              1/2 
warning: /etc/wazuh-indexer/opensearch-security/config.yml created as /etc/wazuh-indexer/opensearch-security/config.yml.rpmnew
  Cleanup    : wazuh-indexer-4.5.2-1.x86_64                                                                                                                                                                                              2/2 
  Verifying  : wazuh-indexer-4.6.0-1.x86_64                                                                                                                                                                                              1/2 
  Verifying  : wazuh-indexer-4.5.2-1.x86_64                                                                                                                                                                                              2/2 

Updated:
  wazuh-indexer.x86_64 0:4.6.0-1                                                                                                                                                                                                             

Complete!
Processing /etc/wazuh-indexer/opensearch-security/action_groups.yml file...
Processing /etc/wazuh-indexer/opensearch-security/allowlist.yml file...
Processing /etc/wazuh-indexer/opensearch-security/audit.yml file...
Processing /etc/wazuh-indexer/opensearch-security/config.yml file...
Processing /etc/wazuh-indexer/opensearch-security/config.yml.rpmnew file...
Processing /etc/wazuh-indexer/opensearch-security/internal_users.yml file...
Processing /etc/wazuh-indexer/opensearch-security/nodes_dn.yml file...
Processing /etc/wazuh-indexer/opensearch-security/opensearch.yml.example file...
Processing /etc/wazuh-indexer/opensearch-security/roles_mapping.yml file...
Processing /etc/wazuh-indexer/opensearch-security/roles.yml file...
Processing /etc/wazuh-indexer/opensearch-security/tenants.yml file...
Processing /etc/wazuh-indexer/opensearch-security/whitelist.yml file...
New files...
Key: roles_mapping.yml
Value: 1deff102040f596a229b018dd343ce7c
Key: action_groups.yml
Value: 56c06718658b8482b3b7abdb52518258
Key: internal_users.yml
Value: beda21e0405bbcc4b1cfd9d0d1cad015
Key: config.yml
Value: d75cbb1b7c0e299db6afe067896c069d
Key: config.yml.rpmnew
Value: 25c499973687a8fd3eb8b9ceb3da7a68
Key: nodes_dn.yml
Value: 28225dd9b9d5c8590e2924ee6561be68
Key: opensearch.yml.example
Value: b6624309707a7ac4a6a45c71c292740f
Key: tenants.yml
Value: c7a153b0df3182be5b30bf3f8592105a
Key: allowlist.yml
Value: ca5887d86e22ce83df32101212d42034
Key: roles.yml
Value: c4bc5a893515fe12944d6910a32c53b9
Key: audit.yml
Value: 56c1c1d37c5a868b1c5bb458b890f59b
Key: whitelist.yml
Value: 5c265da3f9bb6845a712b0f5fe2d7d04
Comparing roles_mapping.yml file checksum...
Old: 1deff102040f596a229b018dd343ce7c
New: 1deff102040f596a229b018dd343ce7c
roles_mapping.yml - Same checksum.
Comparing action_groups.yml file checksum...
Old: 56c06718658b8482b3b7abdb52518258
New: 56c06718658b8482b3b7abdb52518258
action_groups.yml - Same checksum.
Comparing internal_users.yml file checksum...
Old: beda21e0405bbcc4b1cfd9d0d1cad015
New: beda21e0405bbcc4b1cfd9d0d1cad015
internal_users.yml - Same checksum.
Comparing config.yml file checksum...
Old: d75cbb1b7c0e299db6afe067896c069d
New: d75cbb1b7c0e299db6afe067896c069d
config.yml - Same checksum.
Comparing opensearch.yml.example file checksum...
Old: b6624309707a7ac4a6a45c71c292740f
New: b6624309707a7ac4a6a45c71c292740f
opensearch.yml.example - Same checksum.
Comparing nodes_dn.yml file checksum...
Old: 28225dd9b9d5c8590e2924ee6561be68
New: 28225dd9b9d5c8590e2924ee6561be68
nodes_dn.yml - Same checksum.
Comparing tenants.yml file checksum...
Old: c7a153b0df3182be5b30bf3f8592105a
New: c7a153b0df3182be5b30bf3f8592105a
tenants.yml - Same checksum.
Comparing allowlist.yml file checksum...
Old: ca5887d86e22ce83df32101212d42034
New: ca5887d86e22ce83df32101212d42034
allowlist.yml - Same checksum.
Comparing roles.yml file checksum...
Old: c4bc5a893515fe12944d6910a32c53b9
New: c4bc5a893515fe12944d6910a32c53b9
roles.yml - Same checksum.
Comparing audit.yml file checksum...
Old: 56c1c1d37c5a868b1c5bb458b890f59b
New: 56c1c1d37c5a868b1c5bb458b890f59b
audit.yml - Same checksum.
Comparing whitelist.yml file checksum...
Old: 5c265da3f9bb6845a712b0f5fe2d7d04
New: 5c265da3f9bb6845a712b0f5fe2d7d04
whitelist.yml - Same checksum.
Same checksums - Test passed correctly.
  • Note the following message:
warning: /etc/wazuh-indexer/opensearch-security/config.yml created as /etc/wazuh-indexer/opensearch-security/config.yml.rpmnew
  • This message is obtained from what was reported in the issue Review changes in the Wazuh indexer upgrade #2460, since in 2.8.0, the config.yml file has been modified, differentiating it from previous versions.
  • The config.yml file is specified as %config(noreplace), but in the event that the file has not been modified since the installation, it will be updated in the new version, so far, this has not been a problem as the file was the same in previous versions: https://www.cl.cam.ac.uk/~jw35/docs/rpm_config.html

In summary: if a file is not marked as a config file, or if a file has not been altered since installation, then it will be sliently replaced by the version from an update RPM. If a config file has been edited on disk, but is not actually different from one RPM to another then the edited version will be silently left in place. It is only when a config file has been edited and is different from one RPM to the next that what happens depens on the (noreplace) option. If absent, the new file will be installed, and the the old edited version will be renamed with a .rpmsave suffix. If present, the edited version will be left in place, and the new version will be installed with a .rpmnew suffix. I don't know what happens if RPM needs to create an .rpmsave or .rpmnew file and one already exists - at least in some cases it seems that the new file isn't written under these circumstances.

%config(noreplace): Specifies that the following file is a configuration file and therefore should not be overwritten (or replaced) on a package install or update if the file has been modified from the original installation checksum. In the event that there is a change, the file will be created with .rpmnew appended to the end of the filename upon upgrade or install so that the pre-existing or modified file on the target system is not modified. Example: %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf

  • In the case of the test, it finishes successfully since the file has been modified on disk, so it is kept in the upgrade, this leads to the following question
    • Is the test being carried out valid?

@wazuhci wazuhci moved this from In final review to On hold in Release 4.6.0 Sep 18, 2023
@wazuhci wazuhci moved this from On hold to In progress in Release 4.6.0 Sep 18, 2023
@rauldpm rauldpm mentioned this issue Sep 18, 2023
Merged
@wazuhci wazuhci moved this from In progress to Pending review in Release 4.6.0 Sep 18, 2023
@rauldpm rauldpm linked a pull request Sep 18, 2023 that will close this issue
Fixed GHA test for Wazuh indexer upgrade #2463
Merged
@wazuhci wazuhci moved this from Pending review to In final review in Release 4.6.0 Sep 18, 2023
@wazuhci wazuhci moved this from In final review to Done in Release 4.6.0 Sep 18, 2023
@DFolchA DFolchA mentioned this issue Sep 20, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rauldpm rauldpm

Labels
level/task Subtask issue type/bug Bug issue
Projects
No open projects
Release 4.6.0
Status: Done
Milestone
No milestone
6 participants
@vikman90 @rauldpm @DFolchA @mauromalara @davidjiglesias @fcaffieri