Check support for Wazuh indexer in new version Ubuntu 24.04

[mjcr99]

Description

As part of the OSs checks issue: #23311 and #23724

Agent support	Agent tier	Central components support	OS type
Yes	1	Yes	Major

• If we need to add support for the central components, add support for the new OS to the GitHub Actions package builder.
• If we need to add support for the central components, smoke test that the package works, including installation and upgrade.

[f-galland]

• I brought up an Ubuntu 24.04 environment using lxd as there is no vagrant box available yet.

root@ubuntu24:~# lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 24.04 LTS
Release:	24.04
Codename:	noble

• Then I downloaded the latest GitHub Actions' generated artifact for the Wazuh Indexer.

• After that, I proceeded to follow the step by step installation instructions.

Generate certificates:

root@ubuntu24:~# curl -sO https://packages-dev.wazuh.com/4.9/wazuh-certs-tool.sh
root@ubuntu24:~# curl -sO https://packages-dev.wazuh.com/4.9/config.yml


root@ubuntu24:~# bash ./wazuh-certs-tool.sh -A
29/05/2024 18:55:40 INFO: Generating the root certificate.
29/05/2024 18:55:40 INFO: Generating Admin certificates.
29/05/2024 18:55:40 INFO: Admin certificates created.
29/05/2024 18:55:40 INFO: Generating Wazuh indexer certificates.
29/05/2024 18:55:40 INFO: Wazuh indexer certificates created.
29/05/2024 18:55:40 INFO: Generating Filebeat certificates.
29/05/2024 18:55:40 INFO: Wazuh Filebeat certificates created.
29/05/2024 18:55:40 INFO: Generating Wazuh dashboard certificates.
29/05/2024 18:55:41 INFO: Wazuh dashboard certificates created.
root@ubuntu24:~# tar -cvf ./wazuh-certificates.tar -C ./wazuh-certificates/ .

rm -rf ./wazuh-certificates
./
./wazuh-1-key.pem
./dashboard-key.pem
./root-ca.key
./node-1-key.pem
./admin.pem
./node-1.pem
./wazuh-1.pem
./dashboard.pem
./root-ca.pem
./admin-key.pem

Install package:

root@ubuntu24:~# apt install ./wazuh-indexer_4.9.0-0_amd64_5468371.deb 
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'wazuh-indexer' instead of './wazuh-indexer_4.9.0-0_amd64_5468371.deb'
The following NEW packages will be installed:
  wazuh-indexer
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/850 MB of archives.
After this operation, 1077 MB of additional disk space will be used.
Get:1 /root/wazuh-indexer_4.9.0-0_amd64_5468371.deb wazuh-indexer amd64 4.9.0 [850 MB]
Selecting previously unselected package wazuh-indexer.
(Reading database ... 34394 files and directories currently installed.)
Preparing to unpack .../wazuh-indexer_4.9.0-0_amd64_5468371.deb ...
Running Wazuh Indexer Pre-Installation Script
Unpacking wazuh-indexer (4.9.0) ...
Setting up wazuh-indexer (4.9.0) ...
Running Wazuh Indexer Post-Installation Script
chown: warning: '.' should be ':': ‘wazuh-indexer.wazuh-indexer’
chown: warning: '.' should be ':': ‘wazuh-indexer.wazuh-indexer’
chown: warning: '.' should be ':': ‘wazuh-indexer.wazuh-indexer’
chown: warning: '.' should be ':': ‘wazuh-indexer.wazuh-indexer’
chown: warning: '.' should be ':': ‘wazuh-indexer.wazuh-indexer’
chown: warning: '.' should be ':': ‘wazuh-indexer.wazuh-indexer’
### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd
 sudo systemctl daemon-reload
 sudo systemctl enable wazuh-indexer.service
### You can start wazuh-indexer service by executing
 sudo systemctl start wazuh-indexer.service
Scanning processes...                                                                                                                                                                 

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.
N: Download is performed unsandboxed as root as file '/root/wazuh-indexer_4.9.0-0_amd64_5468371.deb' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)

A warning lets us know improper usage of the chown command was made in the post installation script, which I will open an issue about shortly.

Installing certs and starting service:

root@ubuntu24:~# NODE_NAME=node-1
root@ubuntu24:~# 

mkdir /etc/wazuh-indexer/certs                               

tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem

mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem

mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem

chmod 500 /etc/wazuh-indexer/certs

chmod 400 /etc/wazuh-indexer/certs/*

chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs
root@ubuntu24:~# systemctl daemon-reload

systemctl enable wazuh-indexer

systemctl start wazuh-indexer
Synchronizing state of wazuh-indexer.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-indexer

Cluster initialization:

root@ubuntu24:~# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.13.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success

Testing connectivity:

root@ubuntu24:~# curl -k -u admin:admin https://127.0.0.1:9200
{
  "name" : "node-1",
  "cluster_name" : "wazuh-cluster",
  "cluster_uuid" : "o-kyrFWERX-4UPLYse9gWQ",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "deb",
    "build_hash" : "54683715ff751bea28f809aefa2b312db4d06970",
    "build_date" : "2024-05-21T15:03:48.779440Z",
    "build_snapshot" : false,
    "lucene_version" : "9.10.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}
root@ubuntu24:~# curl -k -u admin:admin https://127.0.0.1:9200/_cat/nodes?v
ip             heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                                        cluster_manager name
192.168.58.181           42          69   2    0.71    0.51     0.42 dimr      cluster_manager,data,ingest,remote_cluster_client *               node-1

The cluster is up and running as expected.

[f-galland]

In summary, we don't need to add support for the OS in our GitHub Actions, since the package installs and runs fine on Ubuntu 24.04.

[AlexRuiz7]

Related issue wazuh/wazuh-indexer#244