Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump Wazuh dashboard to OpenSearch Dashboards 2.10.0 #2521

Closed
13 tasks done
rauldpm opened this issue Oct 11, 2023 · 10 comments · Fixed by #2563
Closed
13 tasks done

Bump Wazuh dashboard to OpenSearch Dashboards 2.10.0 #2521

rauldpm opened this issue Oct 11, 2023 · 10 comments · Fixed by #2563
Assignees
Labels
level/task Subtask issue type/change Change requested type/enhancement Enhancement issue

Comments

@rauldpm
Copy link
Member

rauldpm commented Oct 11, 2023

Description

It is necessary to adapt the Wazuh dashboard to version 2.10.0 of OpenSearch Dashboards
Request: https://github.com/wazuh/internal-devel-requests/issues/301

Tasks

Validation

  • The package presents normal operation and without errors

Working branch

@rauldpm rauldpm added level/task Subtask issue type/enhancement Enhancement issue type/change Change requested labels Oct 11, 2023
@wazuhci wazuhci moved this from Triage to Backlog in Release 4.8.0 Oct 11, 2023
@rauldpm rauldpm self-assigned this Oct 16, 2023
@wazuhci wazuhci moved this from Backlog to In progress in Release 4.8.0 Oct 16, 2023
@rauldpm
Copy link
Member Author

rauldpm commented Oct 16, 2023

Update report - Build Base and APP

2023/10/16

  • Bumped Readme to 2.10.0
  • Bumped base to 2.10.0
  • The base cannot be built because the APP cannot be generated
  • Apparently, neither RPM nor DEB make reference to versioned files, due to the large number of files that the OpenSearch Dashboards base introduces, it is not possible to make a manual comparison, it is necessary that the construction of the package itself identifies which files are missing, which ones are present and which are duplicates, but for this it is necessary to build the APP
  • Since the APP cannot be made, this issue goes to Blocked status, the @wazuh/frontend team has been asked about the problem and if it is possible to create a basic APP

2023/10/17

─➤  bash generate_base.sh -r wp2521 --app-url https://packages-dev.wazuh.com/warehouse/test/4.8/ui/dashboard/wazuh-4.8.0-wp2521.zip                                                                           1 ↵
[+] Building 0.5s (12/12) FINISHED 
...
Successfully installed pathfix.py-0.6.2
sed: can't read ./src/plugins/dashboard/target/public/dashboard.chunk.1.js: No such file or directory
# Remove "New to OpenSearch Dashboards" message with link to OpenSearch Dashboards sample data in Dashboard plugin
sed -i 's|external_osdSharedDeps_React_default.a.createElement("p",null,external_osdSharedDeps_React_default.a.createElement(external_osdSharedDeps_OsdI18nReact_\["FormattedMessage"\],{id:"dashboard.listing.createNewDashboard.newToOpenSearchDashboardsDescription",defaultMessage:"New to OpenSearch Dashboards|false\&\&external_osdSharedDeps_React_default.a.createElement("p",null,external_osdSharedDeps_React_default.a.createElement(external_osdSharedDeps_OsdI18nReact_["FormattedMessage"],{id:"dashboard.listing.createNewDashboard.newToOpenSearchDashboardsDescription",defaultMessage:"New to OpenSearch Dashboards|' ./src/plugins/dashboard/target/public/dashboard.chunk.1.js
gzip -c ./src/plugins/dashboard/target/public/dashboard.chunk.1.js > ./src/plugins/dashboard/target/public/dashboard.chunk.1.js.gz
brotli -c ./src/plugins/dashboard/target/public/dashboard.chunk.1.js > ./src/plugins/dashboard/target/public/dashboard.chunk.1.js.br

@wazuhci wazuhci moved this from In progress to Blocked in Release 4.8.0 Oct 16, 2023
@wazuhci wazuhci moved this from Blocked to In progress in Release 4.8.0 Oct 17, 2023
@wazuhci wazuhci moved this from In progress to Blocked in Release 4.8.0 Oct 17, 2023
@wazuhci wazuhci moved this from Blocked to In progress in Release 4.8.0 Oct 17, 2023
@rauldpm
Copy link
Member Author

rauldpm commented Oct 17, 2023

Update report - Build RPM and DEB

@rauldpm
Copy link
Member Author

rauldpm commented Oct 17, 2023

Analysis report - RPM


Install 🟢
[root@centos7 vagrant]# yum localinstall https://packages-dev.wazuh.com/warehouse/test/4.8/rpm/var/wazuh-dashboard-4.8.0-wp2521.x86_64.rpm
Loaded plugins: fastestmirror
wazuh-dashboard-4.8.0-wp2521.x86_64.rpm                                                                                                                                                     | 269 MB  00:00:12     
Examining /var/tmp/yum-root-EwxXS9/wazuh-dashboard-4.8.0-wp2521.x86_64.rpm: wazuh-dashboard-4.8.0-wp2521.x86_64
Marking /var/tmp/yum-root-EwxXS9/wazuh-dashboard-4.8.0-wp2521.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package wazuh-dashboard.x86_64 0:4.8.0-wp2521 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================================================================================================================================
 Package                                         Arch                                   Version                                         Repository                                                            Size
===================================================================================================================================================================================================================
Installing:
 wazuh-dashboard                                 x86_64                                 4.8.0-wp2521                                    /wazuh-dashboard-4.8.0-wp2521.x86_64                                 891 M

Transaction Summary
===================================================================================================================================================================================================================
Install  1 Package

Total size: 891 M
Installed size: 891 M
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wazuh-dashboard-4.8.0-wp2521.x86_64                                                                                                                                                             1/1 
  Verifying  : wazuh-dashboard-4.8.0-wp2521.x86_64                                                                                                                                                             1/1 

Installed:
  wazuh-dashboard.x86_64 0:4.8.0-wp2521                                                                                                                                                                            

Complete!
Certificate copy 🟢
[root@centos7 vagrant]# NODE_NAME=dashboard-1
[root@centos7 vagrant]# mkdir /etc/wazuh-dashboard/certs
[root@centos7 vagrant]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
[root@centos7 vagrant]# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
[root@centos7 vagrant]# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
[root@centos7 vagrant]# chmod 500 /etc/wazuh-dashboard/certs
[root@centos7 vagrant]# chmod 400 /etc/wazuh-dashboard/certs/*
[root@centos7 vagrant]# chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
Start service 🔴
[root@centos7 vagrant]# systemctl daemon-reload
[root@centos7 vagrant]# systemctl enable wazuh-dashboard
Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service to /etc/systemd/system/wazuh-dashboard.service.
[root@centos7 vagrant]# systemctl start wazuh-dashboard
[root@centos7 vagrant]# systemctl status wazuh-dashboard.service 
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Tue 2023-10-17 17:38:02 UTC; 5s ago
  Process: 6830 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE)
 Main PID: 6830 (code=exited, status=1/FAILURE)

Oct 17 17:38:00 centos7 systemd[1]: Started wazuh-dashboard.
Oct 17 17:38:02 centos7 opensearch-dashboards[6830]: {"type":"log","@timestamp":"2023-10-17T17:38:02Z","tags":["info","plugins-service"],"pid":6830,"message":"Plugin \"dataSourceManagement\" has ...dataSource]"}
Oct 17 17:38:02 centos7 opensearch-dashboards[6830]: {"type":"log","@timestamp":"2023-10-17T17:38:02Z","tags":["info","plugins-service"],"pid":6830,"message":"Plugin \"dataSource\" is disabled."}
Oct 17 17:38:02 centos7 opensearch-dashboards[6830]: {"type":"log","@timestamp":"2023-10-17T17:38:02Z","tags":["info","plugins-service"],"pid":6830,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 17 17:38:02 centos7 opensearch-dashboards[6830]: {"type":"log","@timestamp":"2023-10-17T17:38:02Z","tags":["fatal","root"],"pid":6830,"message":"Error: listen EACCES: permission denied 0.0.0.0:443\n    at...
Oct 17 17:38:02 centos7 opensearch-dashboards[6830]: FATAL  Error: listen EACCES: permission denied 0.0.0.0:443
Oct 17 17:38:02 centos7 systemd[1]: wazuh-dashboard.service: main process exited, code=exited, status=1/FAILURE
Oct 17 17:38:02 centos7 systemd[1]: Unit wazuh-dashboard.service entered failed state.
Oct 17 17:38:02 centos7 systemd[1]: wazuh-dashboard.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

Analysis of service error

  • The port 443 is not being used
  • The setcap command is run while the package is created, running this command manually does not fix the permission error, although the user is root
  • The command run by the service shows that the root OpenSearch Dashboards should not be run as root
[root@centos7 vagrant]# /usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml 
OpenSearch Dashboards should not be run as root.  Use --allow-root to continue.
  • After adding the --allow-root option, the Wazuh dashboard service starts normally and the WUI is accessible
[root@centos7 vagrant]# /usr/share/wazuh-dashboard/bin/opensearch-dashboards --allow-root -c /etc/wazuh-dashboard/opensearch_dashboards.yml 
  log   [19:07:07.430] [info][plugins-service] Plugin "dataSourceManagement" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]
  log   [19:07:07.433] [info][plugins-service] Plugin "dataSource" is disabled.
  log   [19:07:07.433] [info][plugins-service] Plugin "visTypeXy" is disabled.
  log   [19:07:07.520] [info][plugins-system] Setting up [47] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,apmOss,savedObjects,reportsDashboards,dashboard,mlCommonsDashboards,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuh,bfetch]
  log   [19:07:07.692] [info][savedobjects-service] Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations...
  log   [19:07:07.709] [info][savedobjects-service] Starting saved objects migrations
  log   [19:07:07.741] [info][plugins-system] Starting [47] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,apmOss,savedObjects,reportsDashboards,dashboard,mlCommonsDashboards,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuh,bfetch]
  log   [19:07:07.892] [info][listening] Server running at https://0.0.0.0:443
  • Although the Wazuh dashboard can run without being killed using the ExecStart directly, the service is killed shortly after the service start is done, even specifying the --allow-root option
  • This happens because the service is configured to run as the wazuh-dashboard user. Changing User=wazuh-dashboard to User=root while also using the --allow-root option prevents the service from failing.
  • This fix is not acceptable as the OpenSearch Dashboard RPM package can be started using the root user without changing the service configuration
  • Applied a fix in order to set the config directory in the /etc/default/wazuh-dashboard file instead of hardcode it in the opensearch-dashboards bin files, following the same procedure as the OpenSearch Dashboard package
  • Both OpenSearch Dashboard and Wazuh dashboard show the same behavior when running the binary directly, It is not clear why the services are being executed differently even though they have the same properties
[root@centos7 vagrant]# /usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml 
OpenSearch Dashboards should not be run as root.  Use --allow-root to continue.
[root@centos7 vagrant]# /usr/share/opensearch-dashboards/bin/opensearch-dashboards -c /etc/opensearch-dashboards/opensearch_dashboards.yml 
OpenSearch Dashboards should not be run as root.  Use --allow-root to continue.
  • It has been detected that the OpenSearch Dashboard service is using the node fallback binary, not the main one, this could justify the lack of permissions to use port 443 despite the setcap command
[root@centos7 vagrant]# /usr/share/wazuh-dashboard/node/fallback/bin/node --version
v14.21.3
[root@centos7 vagrant]# /usr/share/wazuh-dashboard/node/bin/node --version
/usr/share/wazuh-dashboard/node/bin/node: /lib64/libm.so.6: version `GLIBC_2.27' not found (required by /usr/share/wazuh-dashboard/node/bin/node)
/usr/share/wazuh-dashboard/node/bin/node: /lib64/libc.so.6: version `GLIBC_2.25' not found (required by /usr/share/wazuh-dashboard/node/bin/node)
/usr/share/wazuh-dashboard/node/bin/node: /lib64/libc.so.6: version `GLIBC_2.28' not found (required by /usr/share/wazuh-dashboard/node/bin/node)
/usr/share/wazuh-dashboard/node/bin/node: /lib64/libstdc++.so.6: version `CXXABI_1.3.9' not found (required by /usr/share/wazuh-dashboard/node/bin/node)
/usr/share/wazuh-dashboard/node/bin/node: /lib64/libstdc++.so.6: version `GLIBCXX_3.4.20' not found (required by /usr/share/wazuh-dashboard/node/bin/node)
/usr/share/wazuh-dashboard/node/bin/node: /lib64/libstdc++.so.6: version `GLIBCXX_3.4.21' not found (required by /usr/share/wazuh-dashboard/node/bin/node)
  • Running setcap on the fallback binary seems to solve the service problem, this should be added to the SPEC and rules files
setcap 'cap_net_bind_service=+ep' /usr/share/wazuh-dashboard/node/fallback/bin/node

@wazuhci wazuhci moved this from In progress to Blocked in Release 4.8.0 Oct 17, 2023
@wazuhci wazuhci moved this from Blocked to In progress in Release 4.8.0 Oct 19, 2023
@rauldpm
Copy link
Member Author

rauldpm commented Oct 19, 2023

Analysis report - RPM

  • After talking the the team, It has been decided that the process necessary to update GLIBC is too expensive for users, so it is accepted to use Node 14 (fallback) on systems that do not support the main Node (same philosophy as OpenSearch Dashboards)
  • Added setcap to RPM and DEB packages
  • Improved configuration path with default environment variables (Base)
  • Updated S3 packages
Install, certificates, service 🟢
[root@centos7 vagrant]# yum localinstall wazuh-dashboard-4.8.0-wp2521.x86_64.rpm -y
Loaded plugins: fastestmirror
Examining wazuh-dashboard-4.8.0-wp2521.x86_64.rpm: wazuh-dashboard-4.8.0-wp2521.x86_64
Marking wazuh-dashboard-4.8.0-wp2521.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package wazuh-dashboard.x86_64 0:4.8.0-wp2521 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================================================================================================================================
 Package                                         Arch                                   Version                                         Repository                                                            Size
===================================================================================================================================================================================================================
Installing:
 wazuh-dashboard                                 x86_64                                 4.8.0-wp2521                                    /wazuh-dashboard-4.8.0-wp2521.x86_64                                 891 M

Transaction Summary
===================================================================================================================================================================================================================
Install  1 Package

Total size: 891 M
Installed size: 891 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wazuh-dashboard-4.8.0-wp2521.x86_64                                                                                                                                                             1/1 
chmod: cannot access ‘/etc/wazuh-dashboard/opensearch_dashboards.keystore’: No such file or directory
  Verifying  : wazuh-dashboard-4.8.0-wp2521.x86_64                                                                                                                                                             1/1 

Installed:
  wazuh-dashboard.x86_64 0:4.8.0-wp2521                                                                                                                                                                            

Complete!
[root@centos7 vagrant]# nano /etc/wazuh-dashboard/opensearch_dashboards.yml 
[root@centos7 vagrant]# NODE_NAME=dashboard-1
[root@centos7 vagrant]# mkdir /etc/wazuh-dashboard/certs
[root@centos7 vagrant]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
[root@centos7 vagrant]# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
[root@centos7 vagrant]# mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
[root@centos7 vagrant]# chmod 500 /etc/wazuh-dashboard/certs
[root@centos7 vagrant]# chmod 400 /etc/wazuh-dashboard/certs/*
[root@centos7 vagrant]# chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
[root@centos7 vagrant]# systemctl status wazuh-dashboard.service 
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2023-10-19 13:55:42 UTC; 4s ago
 Main PID: 4930 (node)
   CGroup: /system.slice/wazuh-dashboard.service
           └─4930 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist

Oct 19 13:55:42 centos7 systemd[1]: Started wazuh-dashboard.
Oct 19 13:55:44 centos7 opensearch-dashboards[4930]: {"type":"log","@timestamp":"2023-10-19T13:55:44Z","tags":["info","plugins-service"],"pid":4930,"message":"Plugin \"dataSourceManagement\" has ...dataSource]"}
Oct 19 13:55:44 centos7 opensearch-dashboards[4930]: {"type":"log","@timestamp":"2023-10-19T13:55:44Z","tags":["info","plugins-service"],"pid":4930,"message":"Plugin \"dataSource\" is disabled."}
Oct 19 13:55:44 centos7 opensearch-dashboards[4930]: {"type":"log","@timestamp":"2023-10-19T13:55:44Z","tags":["info","plugins-service"],"pid":4930,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 19 13:55:44 centos7 opensearch-dashboards[4930]: {"type":"log","@timestamp":"2023-10-19T13:55:44Z","tags":["info","plugins-system"],"pid":4930,"message":"Setting up [47] plugins: [usageCollec...s,data,home,a
Oct 19 13:55:44 centos7 opensearch-dashboards[4930]: {"type":"log","@timestamp":"2023-10-19T13:55:44Z","tags":["info","savedobjects-service"],"pid":4930,"message":"Waiting until all OpenSearch no...grations..."}
Oct 19 13:55:44 centos7 opensearch-dashboards[4930]: {"type":"log","@timestamp":"2023-10-19T13:55:44Z","tags":["error","opensearch","data"],"pid":4930,"message":"[ResponseError]: Response Error"}
Oct 19 13:55:44 centos7 opensearch-dashboards[4930]: {"type":"log","@timestamp":"2023-10-19T13:55:44Z","tags":["error","savedobjects-service"],"pid":4930,"message":"Unable to retrieve version inf...arch nodes."}
Hint: Some lines were ellipsized, use -l to show in full
  • Received a Wazuh dashboard server is not ready yet message when accessing the WUI
WUI access 🔴

image

  • No error log has been found that can cause this behavior in the Wazuh dashboard, the error logs present are:
Oct 19 13:55:44 centos7 opensearch-dashboards[4930]: {"type":"log","@timestamp":"2023-10-19T13:55:44Z","tags":["error","opensearch","data"],"pid":4930,"message":"[ResponseError]: Response Error"}
Oct 19 13:55:44 centos7 opensearch-dashboards[4930]: {"type":"log","@timestamp":"2023-10-19T13:55:44Z","tags":["error","savedobjects-service"],"pid":4930,"message":"Unable to retrieve version information from OpenSearch nodes."}
  • Found a warning when restarting the service
Oct 19 14:19:47 centos7 opensearch-dashboards[4930]: {"type":"log","@timestamp":"2023-10-19T14:19:47Z","tags":["warning","savedobjects-service"],"pid":4930,"message":"Unable to connect to OpenSearch. Error: Given the configuration, the ConnectionPool was not able to find a usable Connection for this request."}
  • The Wazuh indexer reports this message in the wazuh-cluster.log
[2023-10-19T14:21:59,791][WARN ][o.o.s.a.BackendRegistry  ] [node-1] No 'Authorization' header, send 401 and 'WWW-Authenticate Basic'

  • The wazuhapp.log file does not exist and it should
    • The app is installed
    • The /usr/share/wazuh-dashboard/data/wazuh directory does not exist
    • Reinstalling the APP does not fix it
  • This means that the wazuh.yml file does not exist, which can be the cause of the Wazuh dashboard is not ready message
  • Asked @wazuh/frontend about it
  • After a long investigation, it has been detected that the '/etc/default/wazuh-dashboard' configuration is only used by the service and not by the binaries, so the keystore file was being created in the installation directory instead of the configuration directory
  • Reverting the sed removal in the binaries files, the keystore is generated correctly and the WUI is accessible

image

@rauldpm
Copy link
Member Author

rauldpm commented Oct 20, 2023

Update report


On hold due


  • Improving the SPECS files

@wazuhci wazuhci moved this from In progress to On hold in Release 4.8.0 Oct 20, 2023
@wazuhci wazuhci moved this from On hold to In progress in Release 4.8.0 Oct 20, 2023
@rauldpm
Copy link
Member Author

rauldpm commented Oct 23, 2023

Update report - Build RPM

  • Improved SPEC files in order to reduce the %files list using *
  • Package build successfully, warning about duplicate node binaries (listed twice) no longer appears
  • Package installed successfully
  • The changes of the has not been merged yet Modify the side menu and remove the mlCommonsDashboards plugin on Wazuh dashboard #2540, these changes can introduce new changes in the SPECS files as the base file has been modified -> Changed to Blocked status


  • The pull request has been merged and the code has been pulled
  • The base has been built successfully 🟢
  • The RPM package has been built successfully:green_circle:
  • The package has been installed correctly but the WUI shows an error

image

https://github.com/wazuh/wazuh-dashboard-plugins/blob/d02feb433e0f4e0b20c74794bf836c0ebe29d07d/plugins/main/public/components/settings/miscellaneous/miscellaneous.tsx#L34

window.location.href = getHttp().basePath.prepend('/app/wazuh#/health-check?debug');

@wazuhci wazuhci moved this from In progress to Blocked in Release 4.8.0 Oct 23, 2023
@wazuhci wazuhci moved this from Blocked to On hold in Release 4.8.0 Oct 23, 2023
@wazuhci wazuhci moved this from On hold to In progress in Release 4.8.0 Oct 23, 2023
@rauldpm
Copy link
Member Author

rauldpm commented Oct 24, 2023

Update report - Build APP with latest changes


Analysis report - RPM

  • The RPM package has been installed correctly
  • The WUI is accessible

Detected changes

  • Login logo shows OpenSearch

image

  • The Home bar logo shows the OpenSearch logo

image

  • The dark mode redirects to /app/wazuh instead of /app/wz-home, the same happens when clicking on the Home button

image

  • The dark mode changes the login background

image

Logs - Fresh install (AIO 4.8.0)

  • No error was found in the wazuhapp.log
  • No new error was found in the wazuh-indexer cluster logs
  • Errors found in the Wazuh dashboard log
Oct 24 16:57:17 centos7 opensearch-dashboards[6932]: {"type":"error","@timestamp":"2023-10-24T16:57:17Z","tags":["connection","client","error"],"pid":6932,"level":"error","error":{"message":"140658201536384:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","name":"Error","stack":"Error: 140658201536384:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n","code":"ERR_SSL_SSLV3_ALERT_CERTIFICATE_UNKNOWN"},"message":"140658201536384:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1563:SSL alert number 46\n"}
Oct 24 16:57:07 centos7 opensearch-dashboards[6932]: {"type":"log","@timestamp":"2023-10-24T16:57:07Z","tags":["error","opensearch","data"],"pid":6932,"message":"[ResponseError]: Response Error"}

  • In order to ensure correct operation, it is necessary to incorporate the changes introduced by the APP, for this reason, the issue goes to blocked status

@wazuhci wazuhci moved this from In progress to Blocked in Release 4.8.0 Oct 24, 2023
@wazuhci wazuhci moved this from Blocked to In progress in Release 4.8.0 Oct 25, 2023
@rauldpm
Copy link
Member Author

rauldpm commented Oct 25, 2023

Update report

  • Fixed all logo changes
  • Tested functionality with the latest changes
  • Improved base builder and adapted OpenSearch internal changes

@rauldpm
Copy link
Member Author

rauldpm commented Oct 26, 2023

Analysis report - RPM DEB

Install 4.5.4 Stack
[root@centos7 vagrant]# curl -sO https://packages.wazuh.com/4.5/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
26/10/2023 12:47:31 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.4
26/10/2023 12:47:31 INFO: Verbose logging redirected to /var/log/wazuh-install.log
26/10/2023 12:47:35 INFO: --- Dependencies ---
26/10/2023 12:47:35 INFO: Installing lsof.
26/10/2023 12:47:41 INFO: Wazuh web interface port will be 443.
26/10/2023 12:47:42 INFO: Wazuh repository added.
26/10/2023 12:47:42 INFO: --- Configuration files ---
26/10/2023 12:47:42 INFO: Generating configuration files.
26/10/2023 12:47:42 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
26/10/2023 12:47:42 INFO: --- Wazuh indexer ---
26/10/2023 12:47:42 INFO: Starting Wazuh indexer installation.
26/10/2023 12:48:26 INFO: Wazuh indexer installation finished.
26/10/2023 12:48:26 INFO: Wazuh indexer post-install configuration finished.
26/10/2023 12:48:26 INFO: Starting service wazuh-indexer.
26/10/2023 12:48:33 INFO: wazuh-indexer service started.
26/10/2023 12:48:33 INFO: Initializing Wazuh indexer cluster security settings.
26/10/2023 12:48:43 INFO: Wazuh indexer cluster initialized.
26/10/2023 12:48:43 INFO: --- Wazuh server ---
26/10/2023 12:48:43 INFO: Starting the Wazuh manager installation.
26/10/2023 12:49:05 INFO: Wazuh manager installation finished.
26/10/2023 12:49:05 INFO: Starting service wazuh-manager.
26/10/2023 12:49:19 INFO: wazuh-manager service started.
26/10/2023 12:49:19 INFO: Starting Filebeat installation.
26/10/2023 12:49:22 INFO: Filebeat installation finished.
26/10/2023 12:49:22 INFO: Filebeat post-install configuration finished.
26/10/2023 12:49:22 INFO: Starting service filebeat.
26/10/2023 12:49:22 INFO: filebeat service started.
26/10/2023 12:49:22 INFO: --- Wazuh dashboard ---
26/10/2023 12:49:22 INFO: Starting Wazuh dashboard installation.
26/10/2023 12:50:05 INFO: Wazuh dashboard installation finished.
26/10/2023 12:50:05 INFO: Wazuh dashboard post-install configuration finished.
26/10/2023 12:50:05 INFO: Starting service wazuh-dashboard.
26/10/2023 12:50:05 INFO: wazuh-dashboard service started.
26/10/2023 12:50:19 INFO: Initializing Wazuh dashboard web application.
26/10/2023 12:50:19 INFO: Wazuh dashboard web application initialized.
26/10/2023 12:50:19 INFO: --- Summary ---
26/10/2023 12:50:19 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: KBwK9.Ten?MYHHGu8hs9VgTs*JNWZXSA
26/10/2023 12:50:19 INFO: Installation finished.
Check 4.5.4 Stack
[root@centos7 vagrant]# curl -k -u admin:KBwK9.Ten?MYHHGu8hs9VgTs*JNWZXSA https://localhost:9200/_cat/nodes?v
ip        heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
127.0.0.1           16          95   0    0.04    0.24     0.15 dimr      cluster_manager,data,ingest,remote_cluster_client *               node-1
[root@centos7 vagrant]# curl -k -u admin:KBwK9.Ten?MYHHGu8hs9VgTs*JNWZXSA https://localhost:9200/_cluster/health?pretty
{
  "cluster_name" : "wazuh-cluster",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "discovered_master" : true,
  "discovered_cluster_manager" : true,
  "active_primary_shards" : 7,
  "active_shards" : 7,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}
[root@centos7 vagrant]# curl -k -u admin:KBwK9.Ten?MYHHGu8hs9VgTs*JNWZXSA https://localhost:9200/_cat/shards
.opensearch-observability   0 p STARTED  0    208b 127.0.0.1 node-1
.opendistro_security        0 p STARTED 10    44kb 127.0.0.1 node-1
.kibana_1                   0 p STARTED  4  60.7kb 127.0.0.1 node-1
wazuh-alerts-4.x-2023.10.26 2 p STARTED 71 187.2kb 127.0.0.1 node-1
wazuh-alerts-4.x-2023.10.26 1 p STARTED 68 187.6kb 127.0.0.1 node-1
wazuh-alerts-4.x-2023.10.26 0 p STARTED 71 198.9kb 127.0.0.1 node-1
wazuh-monitoring-2023.43w   0 p STARTED  0    208b 127.0.0.1 node-1
Upgrade to 4.8.0
  • Stop Filebeat and Wazuh dashboard services
[root@centos7 vagrant]# systemctl stop filebeat
[root@centos7 vagrant]# systemctl stop wazuh-dashboard
  • Stop shard allocation
[root@centos7 vagrant]# curl -X PUT "https://localhost:9200/_cluster/settings"  -u admin:KBwK9.Ten?MYHHGu8hs9VgTs*JNWZXSA -k -H 'Content-Type: application/json' -d'
> {
>   "persistent": {
>     "cluster.routing.allocation.enable": "primaries"
>   }
> }
> '
{"acknowledged":true,"persistent":{"cluster":{"routing":{"allocation":{"enable":"primaries"}}}},"transient":{}}
[root@centos7 vagrant]# curl -X POST "https://localhost:9200/_flush/synced" -u admin:KBwK9.Ten?MYHHGu8hs9VgTs*JNWZXSA -k
{"_shards":{"total":7,"successful":7,"failed":0}}
  • Stop Wazuh indexer service and upgrade
[root@centos7 vagrant]# systemctl stop wazuh-indexer
[root@centos7 vagrant]# yum install https://packages-dev.wazuh.com/warehouse/test/4.8/rpm/var/wazuh-indexer-4.8.0-wp2521.x86_64.rpm
Loaded plugins: fastestmirror
wazuh-indexer-4.8.0-wp2521.x86_64.rpm                                                                                                                                                                                                                                                                 | 743 MB  00:00:32     
Examining /var/tmp/yum-root-Dkr1w1/wazuh-indexer-4.8.0-wp2521.x86_64.rpm: wazuh-indexer-4.8.0-wp2520.x86_64
Marking /var/tmp/yum-root-Dkr1w1/wazuh-indexer-4.8.0-wp2521.x86_64.rpm as an update to wazuh-indexer-4.5.4-1.x86_64
Resolving Dependencies
--> Running transaction check
---> Package wazuh-indexer.x86_64 0:4.5.4-1 will be updated
---> Package wazuh-indexer.x86_64 0:4.8.0-wp2520 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================================================================================================================================================================================================================
 Package                                                                   Arch                                                               Version                                                                   Repository                                                                                      Size
=============================================================================================================================================================================================================================================================================================================================
Updating:
 wazuh-indexer                                                             x86_64                                                             4.8.0-wp2520                                                              /wazuh-indexer-4.8.0-wp2521.x86_64                                                             1.0 G

Transaction Summary
=============================================================================================================================================================================================================================================================================================================================
Upgrade  1 Package

Total size: 1.0 G
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : wazuh-indexer-4.8.0-wp2520.x86_64                                                                                                                                                                                                                                                                         1/2 
  Cleanup    : wazuh-indexer-4.5.4-1.x86_64                                                                                                                                                                                                                                                                              2/2 
  Verifying  : wazuh-indexer-4.8.0-wp2520.x86_64                                                                                                                                                                                                                                                                         1/2 
  Verifying  : wazuh-indexer-4.5.4-1.x86_64                                                                                                                                                                                                                                                                              2/2 

Updated:
  wazuh-indexer.x86_64 0:4.8.0-wp2520                                                                                                                                                                                                                                                                                        

Complete!
  • Check Wazuh indexer service and cluster status
[root@centos7 vagrant]# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2023-10-26 12:59:05 UTC; 4s ago
     Docs: https://documentation.wazuh.com
 Main PID: 8326 (java)
   CGroup: /system.slice/wazuh-indexer.service
           └─8326 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionM...

Oct 26 12:58:58 centos7 systemd[1]: Starting Wazuh-indexer...
Oct 26 12:58:59 centos7 systemd-entrypoint[8326]: WARNING: A terminally deprecated method in java.lang.System has been called
Oct 26 12:58:59 centos7 systemd-entrypoint[8326]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Oct 26 12:58:59 centos7 systemd-entrypoint[8326]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Oct 26 12:58:59 centos7 systemd-entrypoint[8326]: WARNING: System::setSecurityManager will be removed in a future release
Oct 26 12:59:00 centos7 systemd-entrypoint[8326]: WARNING: A terminally deprecated method in java.lang.System has been called
Oct 26 12:59:00 centos7 systemd-entrypoint[8326]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Oct 26 12:59:00 centos7 systemd-entrypoint[8326]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Oct 26 12:59:00 centos7 systemd-entrypoint[8326]: WARNING: System::setSecurityManager will be removed in a future release
Oct 26 12:59:05 centos7 systemd[1]: Started Wazuh-indexer.
[root@centos7 vagrant]# curl -k -u admin:KBwK9.Ten?MYHHGu8hs9VgTs*JNWZXSA https://localhost:9200/_cat/nodes?v
ip        heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
127.0.0.1           22          96   3    0.44    0.27     0.18 dimr      cluster_manager,data,ingest,remote_cluster_client *               node-1
[root@centos7 vagrant]# curl -X PUT "https://localhost:9200/_cluster/settings" -u admin:KBwK9.Ten?MYHHGu8hs9VgTs*JNWZXSA -k -H 'Content-Type: application/json' -d'
> {
>   "persistent": {
>     "cluster.routing.allocation.enable": "all"
>   }
> }
> '
{"acknowledged":true,"persistent":{"cluster":{"routing":{"allocation":{"enable":"all"}}}},"transient":{}}
[root@centos7 vagrant]# curl -k -u admin:KBwK9.Ten?MYHHGu8hs9VgTs*JNWZXSA https://localhost:9200/_cat/nodes?v
ip        heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
127.0.0.1           22          96   1    0.37    0.26     0.17 dimr      cluster_manager,data,ingest,remote_cluster_client *               node-1
[root@centos7 vagrant]# curl -k -u admin:KBwK9.Ten?MYHHGu8hs9VgTs*JNWZXSA https://localhost:9200/_cluster/health?pretty
{
  "cluster_name" : "wazuh-cluster",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "discovered_master" : true,
  "discovered_cluster_manager" : true,
  "active_primary_shards" : 9,
  "active_shards" : 9,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}
[root@centos7 vagrant]# curl -k -u admin:KBwK9.Ten?MYHHGu8hs9VgTs*JNWZXSA https://localhost:9200/_cat/shards
.opensearch-observability        0 p STARTED  0    208b 127.0.0.1 node-1
.plugins-ml-config               0 p STARTED  1   3.8kb 127.0.0.1 node-1
.opensearch-sap-log-types-config 0 p STARTED            127.0.0.1 node-1
wazuh-monitoring-2023.43w        0 p STARTED  0    208b 127.0.0.1 node-1
wazuh-alerts-4.x-2023.10.26      0 p STARTED 71 198.9kb 127.0.0.1 node-1
wazuh-alerts-4.x-2023.10.26      1 p STARTED 68 187.6kb 127.0.0.1 node-1
wazuh-alerts-4.x-2023.10.26      2 p STARTED 71 187.2kb 127.0.0.1 node-1
.opendistro_security             0 p STARTED 10    44kb 127.0.0.1 node-1
.kibana_1                        0 p STARTED  4  32.3kb 127.0.0.1 node-1
  • Upgrade Wazuh manager
[root@centos7 vagrant]# yum install https://packages-dev.wazuh.com/warehouse/test/4.8/rpm/var/wazuh-manager-4.8.0-wp2521.x86_64.rpm -y
Loaded plugins: fastestmirror
wazuh-manager-4.8.0-wp2521.x86_64.rpm                                                                                                                                                                                                                                                                 | 165 MB  00:00:07     
Examining /var/tmp/yum-root-Dkr1w1/wazuh-manager-4.8.0-wp2521.x86_64.rpm: wazuh-manager-4.8.0-wp2521.x86_64
Marking /var/tmp/yum-root-Dkr1w1/wazuh-manager-4.8.0-wp2521.x86_64.rpm as an update to wazuh-manager-4.5.4-1.x86_64
Resolving Dependencies
--> Running transaction check
---> Package wazuh-manager.x86_64 0:4.5.4-1 will be updated
---> Package wazuh-manager.x86_64 0:4.8.0-wp2521 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================================================================================================================================================================================================================
 Package                                                                   Arch                                                               Version                                                                   Repository                                                                                      Size
=============================================================================================================================================================================================================================================================================================================================
Updating:
 wazuh-manager                                                             x86_64                                                             4.8.0-wp2521                                                              /wazuh-manager-4.8.0-wp2521.x86_64                                                             602 M

Transaction Summary
=============================================================================================================================================================================================================================================================================================================================
Upgrade  1 Package

Total size: 602 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : wazuh-manager-4.8.0-wp2521.x86_64                                                                                                                                                                                                                                                                         1/2 
warning: /var/ossec/etc/ossec.conf created as /var/ossec/etc/ossec.conf.rpmnew
  Cleanup    : wazuh-manager-4.5.4-1.x86_64                                                                                                                                                                                                                                                                              2/2 
  Verifying  : wazuh-manager-4.8.0-wp2521.x86_64                                                                                                                                                                                                                                                                         1/2 
  Verifying  : wazuh-manager-4.5.4-1.x86_64                                                                                                                                                                                                                                                                              2/2 

Updated:
  wazuh-manager.x86_64 0:4.8.0-wp2521                                                                                                                                                                                                                                                                                        

Complete!
  • Check Wazuh manager status
[root@centos7 vagrant]# systemctl status wazuh-manager.service 
● wazuh-manager.service - Wazuh manager
   Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2023-10-26 13:02:07 UTC; 3min 17s ago
   CGroup: /system.slice/wazuh-manager.service
           ├─9120 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─9160 /var/ossec/bin/wazuh-authd
           ├─9175 /var/ossec/bin/wazuh-db
           ├─9189 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─9192 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─9195 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─9208 /var/ossec/bin/wazuh-execd
           ├─9223 /var/ossec/bin/wazuh-analysisd
           ├─9289 /var/ossec/bin/wazuh-syscheckd
           ├─9305 /var/ossec/bin/wazuh-remoted
           ├─9337 /var/ossec/bin/wazuh-logcollector
           ├─9388 /var/ossec/bin/wazuh-monitord
           └─9437 /var/ossec/bin/wazuh-modulesd

Oct 26 13:01:59 centos7 env[9061]: Started wazuh-db...
Oct 26 13:02:00 centos7 env[9061]: Started wazuh-execd...
Oct 26 13:02:01 centos7 env[9061]: Started wazuh-analysisd...
Oct 26 13:02:01 centos7 env[9061]: Started wazuh-syscheckd...
Oct 26 13:02:02 centos7 env[9061]: Started wazuh-remoted...
Oct 26 13:02:03 centos7 env[9061]: Started wazuh-logcollector...
Oct 26 13:02:04 centos7 env[9061]: Started wazuh-monitord...
Oct 26 13:02:05 centos7 env[9061]: Started wazuh-modulesd...
Oct 26 13:02:07 centos7 env[9061]: Completed.
Oct 26 13:02:07 centos7 systemd[1]: Started Wazuh manager.
  • Upgrade Filebeat
[root@centos7 vagrant]# curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz | sudo tar -xvz -C /usr/share/filebeat/module
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/module.yml
[root@centos7 vagrant]# curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.8.0/extensions/elasticsearch/7.x/wazuh-template.json
[root@centos7 vagrant]# chmod go+r /etc/filebeat/wazuh-template.json
  • Check Filebeat status
[root@centos7 vagrant]# systemctl daemon-reload
[root@centos7 vagrant]# systemctl enable filebeat
[root@centos7 vagrant]# systemctl start filebeat
[root@centos7 vagrant]# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... OK
  version: 7.10.2
  • Upgrade Wazuh dashboard
[root@centos7 vagrant]# yum install https://packages-dev.wazuh.com/warehouse/test/4.8/rpm/var/wazuh-dashboard-4.8.0-wp2521.x86_64.rpm -y
Loaded plugins: fastestmirror
wazuh-dashboard-4.8.0-wp2521.x86_64.rpm                                                                                                                                                                                                                                                               | 268 MB  00:00:12     
Examining /var/tmp/yum-root-Dkr1w1/wazuh-dashboard-4.8.0-wp2521.x86_64.rpm: wazuh-dashboard-4.8.0-wp2521.x86_64
Marking /var/tmp/yum-root-Dkr1w1/wazuh-dashboard-4.8.0-wp2521.x86_64.rpm as an update to wazuh-dashboard-4.5.4-1.x86_64
Resolving Dependencies
--> Running transaction check
---> Package wazuh-dashboard.x86_64 0:4.5.4-1 will be updated
---> Package wazuh-dashboard.x86_64 0:4.8.0-wp2521 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================================================================================================================================================================================================================
 Package                                                                    Arch                                                              Version                                                                  Repository                                                                                       Size
=============================================================================================================================================================================================================================================================================================================================
Updating:
 wazuh-dashboard                                                            x86_64                                                            4.8.0-wp2521                                                             /wazuh-dashboard-4.8.0-wp2521.x86_64                                                            889 M

Transaction Summary
=============================================================================================================================================================================================================================================================================================================================
Upgrade  1 Package

Total size: 889 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : wazuh-dashboard-4.8.0-wp2521.x86_64                                                                                                                                                                                                                                                                       1/2 
warning: /etc/wazuh-dashboard/opensearch_dashboards.yml created as /etc/wazuh-dashboard/opensearch_dashboards.yml.rpmnew
  Cleanup    : wazuh-dashboard-4.5.4-1.x86_64                                                                                                                                                                                                                                                                            2/2 
  Verifying  : wazuh-dashboard-4.8.0-wp2521.x86_64                                                                                                                                                                                                                                                                       1/2 
  Verifying  : wazuh-dashboard-4.5.4-1.x86_64                                                                                                                                                                                                                                                                            2/2 

Updated:
  wazuh-dashboard.x86_64 0:4.8.0-wp2521                                                                                                                                                                                                                                                                                      

Complete!
  • Check Wazuh dashboard status
[root@centos7 vagrant]# systemctl daemon-reload
[root@centos7 vagrant]# systemctl enable wazuh-dashboard
[root@centos7 vagrant]# systemctl start wazuh-dashboard
[root@centos7 vagrant]# systemctl status wazuh-dashboard.service 
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2023-10-26 13:05:16 UTC; 14s ago
 Main PID: 10751 (node)
   CGroup: /system.slice/wazuh-dashboard.service
           └─10751 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist

Oct 26 13:05:19 centos7 opensearch-dashboards[10751]: {"type":"log","@timestamp":"2023-10-26T13:05:19Z","tags":["info","savedobjects-service"],"pid":10751,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
Oct 26 13:05:19 centos7 opensearch-dashboards[10751]: {"type":"log","@timestamp":"2023-10-26T13:05:19Z","tags":["info","savedobjects-service"],"pid":10751,"message":"Starting saved objects migrations"}
Oct 26 13:05:19 centos7 opensearch-dashboards[10751]: {"type":"log","@timestamp":"2023-10-26T13:05:19Z","tags":["info","savedobjects-service"],"pid":10751,"message":"Detected mapping change in \"properties.visualization-visbuilder\""}
Oct 26 13:05:19 centos7 opensearch-dashboards[10751]: {"type":"log","@timestamp":"2023-10-26T13:05:19Z","tags":["info","savedobjects-service"],"pid":10751,"message":"Creating index .kibana_2."}
Oct 26 13:05:19 centos7 opensearch-dashboards[10751]: {"type":"log","@timestamp":"2023-10-26T13:05:19Z","tags":["info","savedobjects-service"],"pid":10751,"message":"Migrating .kibana_1 saved objects to .kibana_2"}
Oct 26 13:05:19 centos7 opensearch-dashboards[10751]: {"type":"log","@timestamp":"2023-10-26T13:05:19Z","tags":["info","savedobjects-service"],"pid":10751,"message":"Pointing alias .kibana to .kibana_2."}
Oct 26 13:05:19 centos7 opensearch-dashboards[10751]: {"type":"log","@timestamp":"2023-10-26T13:05:19Z","tags":["info","savedobjects-service"],"pid":10751,"message":"Finished in 165ms."}
Oct 26 13:05:19 centos7 opensearch-dashboards[10751]: {"type":"log","@timestamp":"2023-10-26T13:05:19Z","tags":["info","plugins-system"],"pid":10751,"message":"Starting [46] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearch...expressions,data,home,ap
Oct 26 13:05:19 centos7 opensearch-dashboards[10751]: {"type":"log","@timestamp":"2023-10-26T13:05:19Z","tags":["listening","info"],"pid":10751,"message":"Server running at https://0.0.0.0:443"}
Oct 26 13:05:19 centos7 opensearch-dashboards[10751]: {"type":"log","@timestamp":"2023-10-26T13:05:19Z","tags":["info","http","server","OpenSearchDashboards"],"pid":10751,"message":"http server running at https://0.0.0.0:443"}
Hint: Some lines were ellipsized, use -l to show in full.
  • WUI is accesible, new WUI observed
  • There are no errors seen in the logs that have not previously appeared in previous versions after the upgrade

Notes

  • The configuration of the Wazuh dashboard changes and is a forced change, due to the RPM management in files different from the original installed, if the original file has been modified, it is not updated in the upgrade process, this creates an error if the configuration is not manually updated (/app/wazuh -> /app/wz-home), suggestions:
    • Add a note in the documentation so that it can be modified manually by users
    • Delegate the modification of the user's file to the upgrade process always
    • Modify the redirection, continue using /app/wazuh, but internally redirect with /app/wz-wazuh

  • It has been decided to work on the first option since a user should not have to manually modify the configuration, changes have been applied and the defaultRoute is modified in both RPM and DEB in the upgrade, whether the user changes the original configuration or not

    • Note: In Debian, if the original file has been modified, the update shows a menu to modify or not the file in question, the change of the defaultRoute is applied whether you choose no or yes since it is necessary for the operation of the new version
  • It has been detected that the AWS resources related to unattended 4.8 were not updated, specifically the config.yml for 3 months, they have been updated with the latest changes and the Test_stack test runs correctly

  • A RPM Stack test passed successfully: https://ci.wazuh.info/job/Test_stack/1055/

  • Launched full Stack test tier: https://ci.wazuh.info/job/Test_stack_tier/97/ 🟢

  • Wazuh installation assistant 🟢

RPM WIA
[root@centos7 unattended_installer]# bash wazuh-install.sh -a
26/10/2023 17:52:24 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
26/10/2023 17:52:24 INFO: Verbose logging redirected to /var/log/wazuh-install.log
26/10/2023 17:52:26 INFO: --- Dependencies ---
26/10/2023 17:52:26 INFO: Installing lsof.
26/10/2023 17:52:30 INFO: Verifying that your system meets the recommended minimum hardware requirements.
26/10/2023 17:52:30 INFO: Wazuh web interface port will be 443.
26/10/2023 17:52:31 INFO: Wazuh development repository added.
26/10/2023 17:52:31 INFO: --- Configuration files ---
26/10/2023 17:52:31 INFO: Generating configuration files.
26/10/2023 17:52:32 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
26/10/2023 17:52:32 INFO: --- Wazuh indexer ---
26/10/2023 17:52:32 INFO: Starting Wazuh indexer installation.
26/10/2023 17:53:42 INFO: Wazuh indexer installation finished.
26/10/2023 17:53:42 INFO: Wazuh indexer post-install configuration finished.
26/10/2023 17:53:42 INFO: Starting service wazuh-indexer.
26/10/2023 17:53:49 INFO: wazuh-indexer service started.
26/10/2023 17:53:49 INFO: Initializing Wazuh indexer cluster security settings.
26/10/2023 17:53:59 INFO: Wazuh indexer cluster initialized.
26/10/2023 17:53:59 INFO: --- Wazuh server ---
26/10/2023 17:53:59 INFO: Starting the Wazuh manager installation.
26/10/2023 17:54:28 INFO: Wazuh manager installation finished.
26/10/2023 17:54:28 INFO: Starting service wazuh-manager.
26/10/2023 17:54:40 INFO: wazuh-manager service started.
26/10/2023 17:54:40 INFO: Starting Filebeat installation.
26/10/2023 17:54:47 INFO: Filebeat installation finished.
26/10/2023 17:54:48 INFO: Filebeat post-install configuration finished.
26/10/2023 17:54:48 INFO: Starting service filebeat.
26/10/2023 17:54:48 INFO: filebeat service started.
26/10/2023 17:54:48 INFO: --- Wazuh dashboard ---
26/10/2023 17:54:49 INFO: Installing chrome.
26/10/2023 17:55:09 INFO: --- Dependencies ---
26/10/2023 17:55:09 INFO: Installing xorg-x11-fonts-100dpi.
26/10/2023 17:55:11 INFO: Installing xorg-x11-fonts-75dpi.
26/10/2023 17:55:12 INFO: Installing xorg-x11-utils.
26/10/2023 17:55:13 INFO: Installing xorg-x11-fonts-cyrillic.
26/10/2023 17:55:14 INFO: Installing xorg-x11-fonts-Type1.
26/10/2023 17:55:15 INFO: Installing xorg-x11-fonts-misc.
26/10/2023 17:55:18 INFO: Starting Wazuh dashboard installation.
26/10/2023 17:56:04 INFO: Wazuh dashboard installation finished.
26/10/2023 17:56:04 INFO: Wazuh dashboard post-install configuration finished.
26/10/2023 17:56:04 INFO: Starting service wazuh-dashboard.
26/10/2023 17:56:04 INFO: wazuh-dashboard service started.
26/10/2023 17:56:06 INFO: Updating the internal users.
26/10/2023 17:56:07 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
26/10/2023 17:56:20 INFO: Initializing Wazuh dashboard web application.
26/10/2023 17:56:21 INFO: Wazuh dashboard web application initialized.
26/10/2023 17:56:21 INFO: --- Summary ---
26/10/2023 17:56:21 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
   User: admin
   Password: Q0ehfBMTM0CYZ.*f6xHqAiIDC0kENxnv
26/10/2023 17:56:21 INFO: Installation finished.
[root@centos7 unattended_installer]# hostname -I
10.0.2.15 192.168.56.4 
[root@centos7 unattended_installer]# curl -k -u admin:Q0ehfBMTM0CYZ.*f6xHqAiIDC0kENxnv https://localhost:9200/_cluster/health?pretty
{
"cluster_name" : "wazuh-cluster",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"discovered_master" : true,
"discovered_cluster_manager" : true,
"active_primary_shards" : 10,
"active_shards" : 10,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}

1

2

DEB WIA
root@debian11:/home/vagrant/wazuh-packages/unattended_installer# bash wazuh-install.sh -a -i
26/10/2023 19:40:31 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
26/10/2023 19:40:31 INFO: Verbose logging redirected to /var/log/wazuh-install.log
26/10/2023 19:40:35 WARNING: Hardware and system checks ignored.
26/10/2023 19:40:35 INFO: Wazuh web interface port will be 443.
26/10/2023 19:40:40 INFO: Wazuh development repository added.
26/10/2023 19:40:40 INFO: --- Configuration files ---
26/10/2023 19:40:40 INFO: Generating configuration files.
26/10/2023 19:40:40 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
26/10/2023 19:40:40 INFO: --- Wazuh indexer ---
26/10/2023 19:40:40 INFO: Starting Wazuh indexer installation.
26/10/2023 19:41:18 INFO: Wazuh indexer installation finished.
26/10/2023 19:41:18 INFO: Wazuh indexer post-install configuration finished.
26/10/2023 19:41:18 INFO: Starting service wazuh-indexer.
26/10/2023 19:41:33 INFO: wazuh-indexer service started.
26/10/2023 19:41:33 INFO: Initializing Wazuh indexer cluster security settings.
26/10/2023 19:41:44 INFO: Wazuh indexer cluster initialized.
26/10/2023 19:41:44 INFO: --- Wazuh server ---
26/10/2023 19:41:44 INFO: Starting the Wazuh manager installation.
26/10/2023 19:42:11 INFO: Wazuh manager installation finished.
26/10/2023 19:42:11 INFO: Starting service wazuh-manager.
26/10/2023 19:42:25 INFO: wazuh-manager service started.
26/10/2023 19:42:25 INFO: Starting Filebeat installation.
26/10/2023 19:42:27 INFO: Filebeat installation finished.
26/10/2023 19:42:29 INFO: Filebeat post-install configuration finished.
26/10/2023 19:42:29 INFO: Starting service filebeat.
26/10/2023 19:42:29 INFO: filebeat service started.
26/10/2023 19:42:29 INFO: --- Wazuh dashboard ---
26/10/2023 19:42:30 INFO: --- Dependencies ----
26/10/2023 19:42:30 INFO: Installing chromium-browser.
26/10/2023 19:42:30 WARNING: Cannot install optional dependency: chromium-browser.
26/10/2023 19:42:30 INFO: Installing libnss3-dev.
26/10/2023 19:42:30 WARNING: Cannot install optional dependency: libnss3-dev.
26/10/2023 19:42:30 INFO: Installing fonts-liberation.
26/10/2023 19:42:30 WARNING: Cannot install optional dependency: fonts-liberation.
26/10/2023 19:42:30 WARNING: Wazuh dashboard dependencies skipped. PDF report generation may not work.
26/10/2023 19:42:30 INFO: Starting Wazuh dashboard installation.
26/10/2023 19:43:12 INFO: Wazuh dashboard installation finished.
26/10/2023 19:43:12 INFO: Wazuh dashboard post-install configuration finished.
26/10/2023 19:43:12 INFO: Starting service wazuh-dashboard.
26/10/2023 19:43:12 INFO: wazuh-dashboard service started.
26/10/2023 19:43:13 INFO: Updating the internal users.
26/10/2023 19:43:17 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
26/10/2023 19:43:45 INFO: Initializing Wazuh dashboard web application.
26/10/2023 19:43:48 INFO: Wazuh dashboard web application initialized.
26/10/2023 19:43:48 INFO: --- Summary ---
26/10/2023 19:43:48 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
   User: admin
   Password: +C.i63rfi1DRpCH2eXULiC5HNVpvwUqt
26/10/2023 19:43:48 INFO: Installation finished.

root@debian11:/home/vagrant/wazuh-packages/unattended_installer# hostname -I
10.0.2.15 192.168.56.44 

root@debian11:/home/vagrant/wazuh-packages/unattended_installer# curl -k -u admin:+C.i63rfi1DRpCH2eXULiC5HNVpvwUqt https://localhost:9200/_cluster/health?pretty
{
"cluster_name" : "wazuh-cluster",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"discovered_master" : true,
"discovered_cluster_manager" : true,
"active_primary_shards" : 9,
"active_shards" : 9,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}

3

4


@rauldpm rauldpm linked a pull request Oct 26, 2023 that will close this issue
8 tasks
@wazuhci wazuhci moved this from In progress to Pending review in Release 4.8.0 Oct 26, 2023
@wazuhci wazuhci moved this from Pending review to In review in Release 4.8.0 Oct 31, 2023
@wazuhci wazuhci moved this from In review to Pending final review in Release 4.8.0 Oct 31, 2023
@wazuhci wazuhci moved this from Pending final review to In final review in Release 4.8.0 Nov 2, 2023
@davidjiglesias
Copy link
Member

LGTM!

@wazuhci wazuhci moved this from In final review to Done in Release 4.8.0 Nov 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
level/task Subtask issue type/change Change requested type/enhancement Enhancement issue
Projects
No open projects
Archived in project
Development

Successfully merging a pull request may close this issue.

2 participants