Unable to Deploy Wazuh 4.4 through Docker

[blUeBUg200]

Hi Team,

I am trying to deploy Wazuh 4.4 (Single Node) via docker and I ended up with the below error,

failed to deploy a stack: Network dock-wazuh_default Creating Network dock-wazuh_default Created Container dock-wazuh-wazuh.indexer-1 Creating Container dock-wazuh-wazuh.manager-1 Creating Container dock-wazuh-wazuh.manager-1 Created Container dock-wazuh-wazuh.indexer-1 Created Container dock-wazuh-wazuh.dashboard-1 Creating Container dock-wazuh-wazuh.dashboard-1 Created Container dock-wazuh-wazuh.manager-1 Starting Container dock-wazuh-wazuh.indexer-1 Starting Container dock-wazuh-wazuh.manager-1 Started Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "/home/wazuh/config/wazuh_indexer/wazuh.indexer.yml" to rootfs at "/usr/share/wazuh-indexer/opensearch.yml": mount /home/wazuh/config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml (via /proc/self/fd/6), flags: 0x5000: not a directory: unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type

Below are the details of my deployment,

System Specs:

Platform: Proxmox VE : 7.3-6 OS : Proxmox LXC Container - Debian Turnkey Core 17.1-1 Docker version 23.0.1, build a5ee5b1

Volumes:

• All volumes in the docker-compose is pointed to a directory in OS which is a mount point of a NFS volume.

The same setup works completely fine for Wazuh 4.3.10 without any issues. Could someone help to resolve the issue ? Thanks.

Cheers, AK

[javierspn]

I have deployed Wazuh multi node successfully pointing to node mounted NFS shares (same mount for every node). Paste your compose file If you are using one and I will check it out and let you know how I made it work.

In my case it was a permissions issue when mounting the NFS share.

[blUeBUg200]

@javierspn Below is the docker compose file which I use in my existing deployment 4.3.10,

# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
version: '3.7'

services:
  wazuh.manager:
    image: wazuh/wazuh-manager:4.3.10
    hostname: wazuh.manager
    restart: always
    ports:
      - "1514:1514"
      - "1515:1515"
      - "514:514/udp"
      - "55000:55000"
    environment:
      - INDEXER_URL=https://wazuh.indexer:9200
      - INDEXER_USERNAME=username
      - INDEXER_PASSWORD=password
      - FILEBEAT_SSL_VERIFICATION_MODE=full
      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
      - SSL_KEY=/etc/ssl/filebeat.key
      - API_USERNAME=wazuh-wui
      - API_PASSWORD=MyS3cr37P450r.*-
    volumes:
      - /home/wazuh/wazuh_api_configuration:/var/ossec/api/configuration
      - /home/wazuh/wazuh_etc:/var/ossec/etc
      - /home/wazuh/wazuh_logs:/var/ossec/logs
      - /home/wazuh/wazuh_queue:/var/ossec/queue
      - /home/wazuh/wazuh_var_multigroups:/var/ossec/var/multigroups
      - /home/wazuh/wazuh_integrations:/var/ossec/integrations
      - /home/wazuh/wazuh_active_response:/var/ossec/active-response/bin
      - /home/wazuh/wazuh_agentless:/var/ossec/agentless
      - /home/wazuh/wazuh_wodles:/var/ossec/wodles
      - /home/wazuh/filebeat_etc:/etc/filebeat
      - /home/wazuh/filebeat_var:/var/lib/filebeat
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf

  wazuh.indexer:
    image: wazuh/wazuh-indexer:4.3.10
    hostname: wazuh.indexer
    restart: always
    ports:
      - "9200:9200"
    environment:
      - "OPENSEARCH_JAVA_OPTS=-Xms4096m -Xmx4096m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    volumes:
      - /home/wazuh/wazuh-indexer-data:/var/lib/wazuh-indexer
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.key
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml

  wazuh.dashboard:
    image: wazuh/wazuh-dashboard:4.3.10
    hostname: wazuh.dashboard
    restart: always
    ports:
      - 443:5601
    environment:
      - INDEXER_USERNAME=username
      - INDEXER_PASSWORD=password
      - WAZUH_API_URL=https://wazuh.manager
      - API_USERNAME=wazuh-wui
      - API_PASSWORD=MyS3cr37P450r.*-
    volumes:
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
    depends_on:
      - wazuh.indexer
    links:
      - wazuh.indexer:wazuh.indexer
      - wazuh.manager:wazuh.manager

I used the same for the new release and saw the error which I posted earlier in the ticket. There shouldn't be a permission issue as my current version is working without any issue.

[Reaper88]

I'm having the same issue except I have Rocky Linux 8 KVM with Rockylinux 8 docker while using Portainer to manage and I get the same just that file is having issues. /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml

[parfaittolefo]

I have same issue on parrot OS

[blUeBUg200]

Closing this issue as I haven't tested this again with the latest version.