-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check support for Wazuh indexer in new version Ubuntu 24.04 #23746
Comments
root@ubuntu24:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 24.04 LTS
Release: 24.04
Codename: noble
Generate certificates:root@ubuntu24:~# curl -sO https://packages-dev.wazuh.com/4.9/wazuh-certs-tool.sh
root@ubuntu24:~# curl -sO https://packages-dev.wazuh.com/4.9/config.yml
root@ubuntu24:~# bash ./wazuh-certs-tool.sh -A
29/05/2024 18:55:40 INFO: Generating the root certificate.
29/05/2024 18:55:40 INFO: Generating Admin certificates.
29/05/2024 18:55:40 INFO: Admin certificates created.
29/05/2024 18:55:40 INFO: Generating Wazuh indexer certificates.
29/05/2024 18:55:40 INFO: Wazuh indexer certificates created.
29/05/2024 18:55:40 INFO: Generating Filebeat certificates.
29/05/2024 18:55:40 INFO: Wazuh Filebeat certificates created.
29/05/2024 18:55:40 INFO: Generating Wazuh dashboard certificates.
29/05/2024 18:55:41 INFO: Wazuh dashboard certificates created.
root@ubuntu24:~# tar -cvf ./wazuh-certificates.tar -C ./wazuh-certificates/ .
rm -rf ./wazuh-certificates
./
./wazuh-1-key.pem
./dashboard-key.pem
./root-ca.key
./node-1-key.pem
./admin.pem
./node-1.pem
./wazuh-1.pem
./dashboard.pem
./root-ca.pem
./admin-key.pem Install package:root@ubuntu24:~# apt install ./wazuh-indexer_4.9.0-0_amd64_5468371.deb
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'wazuh-indexer' instead of './wazuh-indexer_4.9.0-0_amd64_5468371.deb'
The following NEW packages will be installed:
wazuh-indexer
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/850 MB of archives.
After this operation, 1077 MB of additional disk space will be used.
Get:1 /root/wazuh-indexer_4.9.0-0_amd64_5468371.deb wazuh-indexer amd64 4.9.0 [850 MB]
Selecting previously unselected package wazuh-indexer.
(Reading database ... 34394 files and directories currently installed.)
Preparing to unpack .../wazuh-indexer_4.9.0-0_amd64_5468371.deb ...
Running Wazuh Indexer Pre-Installation Script
Unpacking wazuh-indexer (4.9.0) ...
Setting up wazuh-indexer (4.9.0) ...
Running Wazuh Indexer Post-Installation Script
chown: warning: '.' should be ':': ‘wazuh-indexer.wazuh-indexer’
chown: warning: '.' should be ':': ‘wazuh-indexer.wazuh-indexer’
chown: warning: '.' should be ':': ‘wazuh-indexer.wazuh-indexer’
chown: warning: '.' should be ':': ‘wazuh-indexer.wazuh-indexer’
chown: warning: '.' should be ':': ‘wazuh-indexer.wazuh-indexer’
chown: warning: '.' should be ':': ‘wazuh-indexer.wazuh-indexer’
### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable wazuh-indexer.service
### You can start wazuh-indexer service by executing
sudo systemctl start wazuh-indexer.service
Scanning processes...
No services need to be restarted.
No containers need to be restarted.
No user sessions are running outdated binaries.
No VM guests are running outdated hypervisor (qemu) binaries on this host.
N: Download is performed unsandboxed as root as file '/root/wazuh-indexer_4.9.0-0_amd64_5468371.deb' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
A warning lets us know improper usage of the Installing certs and starting service:root@ubuntu24:~# NODE_NAME=node-1
root@ubuntu24:~#
mkdir /etc/wazuh-indexer/certs
tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem
mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem
mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem
chmod 500 /etc/wazuh-indexer/certs
chmod 400 /etc/wazuh-indexer/certs/*
chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs
root@ubuntu24:~# systemctl daemon-reload
systemctl enable wazuh-indexer
systemctl start wazuh-indexer
Synchronizing state of wazuh-indexer.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-indexer
Cluster initialization:root@ubuntu24:~# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success Testing connectivity:root@ubuntu24:~# curl -k -u admin:admin https://127.0.0.1:9200
{
"name" : "node-1",
"cluster_name" : "wazuh-cluster",
"cluster_uuid" : "o-kyrFWERX-4UPLYse9gWQ",
"version" : {
"number" : "7.10.2",
"build_type" : "deb",
"build_hash" : "54683715ff751bea28f809aefa2b312db4d06970",
"build_date" : "2024-05-21T15:03:48.779440Z",
"build_snapshot" : false,
"lucene_version" : "9.10.0",
"minimum_wire_compatibility_version" : "7.10.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "The OpenSearch Project: https://opensearch.org/"
}
root@ubuntu24:~# curl -k -u admin:admin https://127.0.0.1:9200/_cat/nodes?v
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles cluster_manager name
192.168.58.181 42 69 2 0.71 0.51 0.42 dimr cluster_manager,data,ingest,remote_cluster_client * node-1 The cluster is up and running as expected. |
In summary, we don't need to add support for the OS in our GitHub Actions, since the package installs and runs fine on Ubuntu 24.04. |
Related issue wazuh/wazuh-indexer#244 |
Description
As part of the OSs checks issue: #23311 and #23724
The text was updated successfully, but these errors were encountered: