search

wazuh / wazuh-indexer

Wazuh indexer, the Wazuh search engine
https://opensearch.org/docs/latest/opensearch/index/
Apache License 2.0
6 stars 16 forks source link

[BUG] `wazuh-indexer` service takes ownership of `/run` #284

Open AlexRuiz7 opened 3 days ago

AlexRuiz7 commented 3 days ago

Description

Related issue: https://github.com/wazuh/wazuh-dashboard/issues/222

During the testing of v4.9.0-alpha1, it was noticed that the wazuh-indexer service takes the ownership of the /run root folder, impeding the installation of Wazuh Dashboard (if it is installed in the same machine).

During a brief investigation of the issue, we noticed that the storage of the wazuh-indexer PID file is inconsistent, storing it on /run/wazuh-indexer and /var/run/wazuh-indexer. The standard nowadays is to use /var/run, instead of /run.

However, this does not explain the ownership change on the /run folder. This may be caused by the _localstatedir variable being undefined on wazuh-indexer.rpm.spec.

https://github.com/wazuh/wazuh-indexer/blob/19980880e12ad6460b8270798b52eca7e3236f2a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec#L29

Additional info

16 results - 14 files

wazuh-indexer/distribution/packages/src/common/env/wazuh-indexer:
  16: #PID_DIR=/run/wazuh-indexer

wazuh-indexer/distribution/packages/src/common/scripts/postrm:
  75:     if [ -d /run/wazuh-indexer ]; then
  77:         rm -rf /run/wazuh-indexer

wazuh-indexer/distribution/packages/src/common/systemd/wazuh-indexer.conf:
  1: d    /run/wazuh-indexer   0750 wazuh-indexer wazuh-indexer - -

wazuh-indexer/distribution/packages/src/common/systemd/wazuh-indexer.service:
  14: Environment=PID_DIR=/run/wazuh-indexer

wazuh-indexer/distribution/packages/src/deb/debmake_install.sh:
  27: pid_dir="/run/${name}"

wazuh-indexer/distribution/packages/src/deb/debian/postinst:
  20: pid_dir=/var/run/wazuh-indexer

wazuh-indexer/distribution/packages/src/deb/init.d/wazuh-indexer:
  56: PID_DIR="/var/run/$NAME"

wazuh-indexer/distribution/packages/src/rpm/wazuh-indexer.cicd.spec:
  168: if [[ -d /run/systemd/system ]] ; then

wazuh-indexer/distribution/packages/src/rpm/wazuh-indexer.rpm.spec:
  29: %define pid_dir %{_localstatedir}/run/%{name}

wazuh-indexer/distribution/packages/src/rpm/init.d/wazuh-indexer:
  42: PID_DIR="/run/wazuh-indexer"

wazuh-indexer/docker/prod/Dockerfile:
  65:     mkdir -p /run/wazuh-indexer && chown 1000:1000 /run/wazuh-indexer && \

wazuh-indexer/docker/prod/config/config.sh:
  13: export PID_DIR=/run/${NAME}

wazuh-indexer/qa/os/src/test/java/org/opensearch/packaging/util/Cleanup.java:
  59:         "/var/run/opensearch",

wazuh-indexer/qa/os/src/test/java/org/opensearch/packaging/util/Installation.java:
  117:             Paths.get("/var/run/opensearch"),

References:

f-galland commented 2 days ago

With regards to the /var/run and /run issue, it looks like /var/run is a symbolic link to /run, at least in redhat based distros.

[root@rhel8 ~]# cat /etc/os-release 
NAME="Red Hat Enterprise Linux"
VERSION="8.10 (Ootpa)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="8.10"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Red Hat Enterprise Linux 8.10 (Ootpa)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:8::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8"
REDHAT_BUGZILLA_PRODUCT_VERSION=8.10
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.10"
[root@rhel8 ~]# ls -lsah /var/ | grep run
   0 lrwxrwxrwx.  1 root root   11 Dec 19  2023 lock -> ../run/lock
   0 lrwxrwxrwx.  1 root root    6 Dec 19  2023 run -> ../run
[root@alma ~]# cat /etc/os-release 
NAME="AlmaLinux"
VERSION="8.10 (Cerulean Leopard)"
ID="almalinux"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.10"
PLATFORM_ID="platform:el8"
PRETTY_NAME="AlmaLinux 8.10 (Cerulean Leopard)"
ANSI_COLOR="0;34"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:almalinux:almalinux:8::baseos"
HOME_URL="https://almalinux.org/"
DOCUMENTATION_URL="https://wiki.almalinux.org/"
BUG_REPORT_URL="https://bugs.almalinux.org/"

ALMALINUX_MANTISBT_PROJECT="AlmaLinux-8"
ALMALINUX_MANTISBT_PROJECT_VERSION="8.10"
REDHAT_SUPPORT_PRODUCT="AlmaLinux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.10"
SUPPORT_END=2029-06-01
[root@alma ~]# ls -lsah /var | grep run
   0 lrwxrwxrwx  1 root root   11 Jun 27 23:10 lock -> ../run/lock
   0 lrwxrwxrwx  1 root root    6 Jun 27 23:10 run -> ../run

I'm still trying to pin the ownership issue, which seems to only happen on RPM based.