Open AlexRuiz7 opened 1 week ago
jvm.options
diffhttps://www.diffchecker.com/DKDFpu2N/
internal_users.yml
diffhttps://www.diffchecker.com/lXVpvDV0/
internal_users - Diffchecker.pdf
/etc/init.d/wazuh-indexer
This file does not exist in 4.8.0, and is included in 4.9.0, like in upstream.
```
#!/usr/bin/env bash
#
# wazuh-indexer
#
# chkconfig: 2345 80 20
# description: Starts and stops a single wazuh-indexer instance on this system
#
### BEGIN INIT INFO
# Provides: OpenSearch
# Required-Start: $network $named
# Required-Stop: $network $named
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: This service manages the wazuh-indexer daemon
# Description: OpenSearch is a very scalable, schema-free and high-performance search solution supporting multi-tenancy and near realtime search.
### END INIT INFO
set -e -o pipefail
#
# init.d / servicectl compatibility (openSUSE)
#
if [ -f /etc/rc.status ]; then
. /etc/rc.status
rc_reset
fi
#
# Source function library.
#
if [ -f /etc/rc.d/init.d/functions ]; then
. /etc/rc.d/init.d/functions
fi
# Sets the default values for wazuh-indexer variables used in this script
OPENSEARCH_HOME="/usr/share/wazuh-indexer"
MAX_OPEN_FILES=65535
MAX_MAP_COUNT=262144
OPENSEARCH_PATH_CONF="/etc/wazuh-indexer"
PID_DIR="/run/wazuh-indexer"
# Source the default env file
OPENSEARCH_ENV_FILE="/etc/sysconfig/wazuh-indexer"
if [ -f "$OPENSEARCH_ENV_FILE" ]; then
. "$OPENSEARCH_ENV_FILE"
fi
exec="$OPENSEARCH_HOME/bin/opensearch"
prog="wazuh-indexer"
pidfile="$PID_DIR/${prog}.pid"
export OPENSEARCH_JAVA_OPTS
export JAVA_HOME
export OPENSEARCH_PATH_CONF
export OPENSEARCH_STARTUP_SLEEP_TIME
export OPENSEARCH_JAVA_HOME
lockfile=/var/lock/subsys/$prog
if [ ! -x "$exec" ]; then
echo "The wazuh-indexer startup script does not exists or it is not executable, tried: $exec"
exit 1
fi
start() {
[ -x $exec ] || exit 5
if [ -n "$MAX_OPEN_FILES" ]; then
ulimit -n $MAX_OPEN_FILES
fi
if [ -n "$MAX_LOCKED_MEMORY" ]; then
ulimit -l $MAX_LOCKED_MEMORY
fi
if [ -n "$MAX_MAP_COUNT" -a -f /proc/sys/vm/max_map_count ] && [ "$MAX_MAP_COUNT" -gt $(cat /proc/sys/vm/max_map_count) ]; then
sysctl -q -w vm.max_map_count=$MAX_MAP_COUNT
fi
# Ensure that the PID_DIR exists (it is cleaned at OS startup time)
if [ -n "$PID_DIR" ] && [ ! -e "$PID_DIR" ]; then
mkdir -p "$PID_DIR" && chown wazuh-indexer:wazuh-indexer "$PID_DIR"
fi
if [ -n "$pidfile" ] && [ ! -e "$pidfile" ]; then
touch "$pidfile" && chown wazuh-indexer:wazuh-indexer "$pidfile"
fi
cd $OPENSEARCH_HOME
echo -n $"Starting $prog: "
# if not running, start it up here, usually something like "daemon $exec"
daemon --user wazuh-indexer --pidfile $pidfile $exec -p $pidfile -d
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
# stop it here, often "killproc $prog"
killproc -p $pidfile -d 86400 $prog
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
stop
start
}
reload() {
restart
}
force_reload() {
restart
}
rh_status() {
# run checks to determine if the service is running or use generic status
status -p $pidfile $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
restart
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
exit 2
esac
exit $?
```
Debian suggests two ways to avoid this type of issues:
/etc
Reference:
It has been decided that all configuration files must be kept, including the new configuration files from the packages, as independent files.
On an upgrade of the wazuh-indexer
from 4.8 to 4.9, the following files are modified:
yum by default does one of the following:
rpmsave
filerpmnew
filedepending on whether these files are affected by the noreplace
directive on the RPM spec file.
We want to model the packages' behavior to always generate the rpmnew
files.
For Debian packages, we need to simulate the same behavior. The strategy for Debian packages is to name these configuration files as "new", and rename them on the postinst
scripts if there are no such files on the system already.
Description
During the upgrade to wazuh-indexer@4.9.0, there are some configuration files that are modified. Depending on the package manager, it asks for actions from the user (apt) or continues creating backups (yum).
deb
```bash root@server:/home/vagrant# apt-get install wazuh-indexer Reading package lists... Done Building dependency tree... Done Reading state information... Done The following packages will be upgraded: wazuh-indexer 1 upgraded, 0 newly installed, 0 to remove and 207 not upgraded. Need to get 850 MB of archives. After this operation, 26.6 MB of additional disk space will be used. Get:1 https://packages.wazuh.com/4.x/apt stable/main amd64 wazuh-indexer amd64 4.9.0-1 [850 MB] Fetched 850 MB in 1min 10s (12.2 MB/s) (Reading database ... 158706 files and directories currently installed.) Preparing to unpack .../wazuh-indexer_4.9.0-1_amd64.deb ... Running Wazuh Indexer Pre-Installation Script Unpacking wazuh-indexer (4.9.0-1) over (4.8.2-1) ... Setting up wazuh-indexer (4.9.0-1) ... Installing new version of config file /etc/default/wazuh-indexer ... Configuration file '/etc/init.d/wazuh-indexer' ==> Deleted (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** wazuh-indexer (Y/I/N/O/D/Z) [default=N] ? Y Installing new version of config file /etc/init.d/wazuh-indexer ... Configuration file '/etc/wazuh-indexer/jvm.options' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** jvm.options (Y/I/N/O/D/Z) [default=N] ? Y Installing new version of config file /etc/wazuh-indexer/jvm.options ... Installing new version of config file /etc/wazuh-indexer/log4j2.properties ... Installing new version of config file /etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy ... Configuration file '/etc/wazuh-indexer/opensearch-security/internal_users.yml' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** internal_users.yml (Y/I/N/O/D/Z) [default=N] ? N Installing new version of config file /etc/wazuh-indexer/opensearch-security/roles.yml ... Installing new version of config file /etc/wazuh-indexer/opensearch-security/roles_mapping.yml ... Running Wazuh Indexer Post-Installation Script ### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable wazuh-indexer.service ### You can start wazuh-indexer service by executing sudo systemctl start wazuh-indexer.service Scanning processes... Scanning linux images... Running kernel seems to be up-to-date. No services need to be restarted. No containers need to be restarted. No user sessions are running outdated binaries. No VM guests are running outdated hypervisor (qemu) binaries on this host ```
yum
```bash [root@rhel7 vagrant]# yum upgrade wazuh-indexer-4.9.0-1.x86_64.rpm Failed to set locale, defaulting to C Loaded plugins: product-id, search-disabled-repos Examining wazuh-indexer-4.9.0-1.x86_64.rpm: wazuh-indexer-4.9.0-1.x86_64 Marking wazuh-indexer-4.9.0-1.x86_64.rpm as an update to wazuh-indexer-4.8.2-1.x86_64 Resolving Dependencies --> Running transaction check ---> Package wazuh-indexer.x86_64 0:4.8.2-1 will be updated ---> Package wazuh-indexer.x86_64 0:4.9.0-1 will be an update --> Finished Dependency Resolution Dependencies Resolved ================================================================================================================================================================================================ Package Arch Version Repository Size ================================================================================================================================================================================================ Updating: wazuh-indexer x86_64 4.9.0-1 /wazuh-indexer-4.9.0-1.x86_64 1.0 G Transaction Summary ================================================================================================================================================================================================ Upgrade 1 Package Total size: 1.0 G Is this ok [y/d/N]: y Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : wazuh-indexer-4.9.0-1.x86_64 1/2 warning: /etc/wazuh-indexer/jvm.options created as /etc/wazuh-indexer/jvm.options.rpmnew warning: /etc/wazuh-indexer/opensearch-security/internal_users.yml saved as /etc/wazuh-indexer/opensearch-security/internal_users.yml.rpmsave ### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable wazuh-indexer.service ### You can start wazuh-indexer service by executing sudo systemctl start wazuh-indexer.service Cleanup : wazuh-indexer-4.8.2-1.x86_64 2/2 Verifying : wazuh-indexer-4.9.0-1.x86_64 1/2 Verifying : wazuh-indexer-4.8.2-1.x86_64 2/2 Updated: wazuh-indexer.x86_64 0:4.9.0-1 Complete! [root@rhel7 vagrant]# ```
We need to carefully analyze the differences and whenever possible, command apt to use the new files by default, not asking for user input.
Plan
Functional requirements
Proposals to this problem must fit these requirements: