search

wazuh / wazuh-indexer

Wazuh indexer, the Wazuh search engine
https://opensearch.org/docs/latest/opensearch/index/
Apache License 2.0
11 stars 19 forks source link

Warnings about modified files during wazuh-indexer upgrade to 4.9.1 RC3 E2E UX test #450

Closed thony4uu closed 1 month ago

thony4uu commented 1 month ago
Component Installation Type OS
Indexer Step by step Single node Ubuntu 24.04 x86_64

Hello Team,

Durring the testing of https://github.com/wazuh/wazuh/issues/26187 at the point of verifying configuration files weren't modified on the Wazuh indexer node, I got the warning output below:

root@ip-172-31-44-8:/home/ubuntu# for file in \
    /etc/wazuh-indexer/opensearch-security/config.yml \
    /etc/wazuh-indexer/jvm.options \
    /etc/wazuh-indexer/opensearch.yml \
    /etc/wazuh-indexer/opensearch-security/internal_users.yml \
    /etc/wazuh-indexer/opensearch-security/roles_mapping.yml \
    /etc/wazuh-indexer/opensearch-security/roles.yml \
    /etc/wazuh-dashboard/opensearch_dashboards.yml \
    /etc/default/wazuh-dashboard \
    /etc/wazuh-dashboard/opensearch_dashboards.keystore; do
    grep -q "# This file should not be modified during the upgrade." "$file" && echo "PASSED: The phrase keeps appearing in: $file. The file has not been modified" || echo "FAILED: Missing phrase in $file. The file could have been modified"
done
PASSED: The phrase keeps appearing in: /etc/wazuh-indexer/opensearch-security/config.yml. The file has not been modified
PASSED: The phrase keeps appearing in: /etc/wazuh-indexer/jvm.options. The file has not been modified
PASSED: The phrase keeps appearing in: /etc/wazuh-indexer/opensearch.yml. The file has not been modified
PASSED: The phrase keeps appearing in: /etc/wazuh-indexer/opensearch-security/internal_users.yml. The file has not been modified
PASSED: The phrase keeps appearing in: /etc/wazuh-indexer/opensearch-security/roles_mapping.yml. The file has not been modified
FAILED: Missing phrase in /etc/wazuh-indexer/opensearch-security/roles.yml. The file could have been modified
PASSED: The phrase keeps appearing in: /etc/wazuh-dashboard/opensearch_dashboards.yml. The file has not been modified
PASSED: The phrase keeps appearing in: /etc/default/wazuh-dashboard. The file has not been modified
PASSED: The phrase keeps appearing in: /etc/wazuh-dashboard/opensearch_dashboards.keystore. The file has not been modified
rauldpm commented 1 month ago

Note

The Debian package does not ask to overwrite the configuration files https://github.com/wazuh/wazuh/issues/26187#issuecomment-2400424339, based on https://github.com/wazuh/wazuh-indexer/pull/410#issuecomment-2360681116, the package should have asked to overwrite it or not

In the release test, those files are modified before the upgrade adding a comment to each file

oot@ip-172-31-44-8:/home/ubuntu# apt-get install wazuh-indexer
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages will be upgraded:
  wazuh-indexer
1 upgraded, 0 newly installed, 0 to remove and 128 not upgraded.
Need to get 850 MB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-indexer amd64 4.9.1-1 [850 MB]
Fetched 850 MB in 19s (43.9 MB/s)
(Reading database ... 226131 files and directories currently installed.)
Preparing to unpack .../wazuh-indexer_4.9.1-1_amd64.deb ...
Running Wazuh Indexer Pre-Removal Script
Running Wazuh Indexer Pre-Installation Script
Unpacking wazuh-indexer (4.9.1-1) over (4.9.0-1) ...
Setting up wazuh-indexer (4.9.1-1) ...
Running Wazuh Indexer Post-Installation Script
### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd
 sudo systemctl daemon-reload
 sudo systemctl enable wazuh-indexer.service
### You can start wazuh-indexer service by executing
 sudo systemctl start wazuh-indexer.service
Scanning processes...
Scanning candidates...
Scanning linux images...
Pending kernel upgrade!
Running kernel version:
6.8.0-1008-aws
Diagnostics:
The currently running kernel version is not the expected kernel version 6.8.0-1016-aws.
Restarting the system to load the new kernel will not be handled automatically, so you should consider rebooting.
Restarting services...
Service restarts being deferred:
/etc/needrestart/restart.d/dbus.service
systemctl restart getty@tty1.service
systemctl restart networkd-dispatcher.service
systemctl restart serial-getty@ttyS0.service
systemctl restart systemd-logind.service
systemctl restart unattended-upgrades.service
No containers need to be restarted.
User sessions running outdated binaries:
ubuntu @ session #109: gpg-agent[6360]
ubuntu @ session #133: sshd[62416,62513], su[62526]
ubuntu @ user manager service: systemd[4981]
No VM guests are running outdated hypervisor (qemu) binaries on this host.
root@ip-172-31-44-8:/home/ubuntu# systemctl daemon-reload
AlexRuiz7 commented 1 month ago

The roles.yml file was not modified on the initial deployment with the test line, causing the test to fail. The roles.yml file was not modified by the upgrade of wazuh-indexer.

image

The test passes if the test line is added before the upgrade, as for the rest of files.

root@ubuntu2204:/home/vagrant# for file in \
    /etc/wazuh-indexer/opensearch-security/roles.yml; do
    if [ -f "$file" ]; then
        echo -e "\n# This file should not be modified during the upgrade." | sudo tee -a "$file"
    else
        echo "File $file does not exist, skipping."
    fi
done

# This file should not be modified during the upgrade.
root@ubuntu2204:/home/vagrant# tail /etc/wazuh-indexer/opensearch-security/roles.yml
    masked_fields: []
    allowed_actions:
    - "read"
    - "delete"
    - "manage"
    - "index"
  tenant_permissions: []
  static: false

# This file should not be modified during the upgrade.
root@ubuntu2204:/home/vagrant# apt-get install wazuh-indexer
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages will be upgraded:
  wazuh-indexer
1 upgraded, 0 newly installed, 0 to remove and 165 not upgraded.
Need to get 850 MB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-indexer amd64 4.9.1-1 [850 MB]
Fetched 748 MB in 29s (25.6 MB/s)                                                                                                                                                              
(Reading database ... 203441 files and directories currently installed.)
Preparing to unpack .../wazuh-indexer_4.9.1-1_amd64.deb ...
Running Wazuh Indexer Pre-Removal Script
Running Wazuh Indexer Pre-Installation Script
Unpacking wazuh-indexer (4.9.1-1) over (4.9.0-1) ...
Setting up wazuh-indexer (4.9.1-1) ...
Running Wazuh Indexer Post-Installation Script
### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd
 sudo systemctl daemon-reload
 sudo systemctl enable wazuh-indexer.service
### You can start wazuh-indexer service by executing
 sudo systemctl start wazuh-indexer.service
Scanning processes...                                                                                                                                                                           
Scanning linux images...                                                                                                                                                                        

Running kernel seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.
root@ubuntu2204:/home/vagrant# for file in \
    /etc/wazuh-indexer/opensearch-security/config.yml \
    /etc/wazuh-indexer/jvm.options \
    /etc/wazuh-indexer/opensearch.yml \
    /etc/wazuh-indexer/opensearch-security/internal_users.yml \
    /etc/wazuh-indexer/opensearch-security/roles_mapping.yml \
    /etc/wazuh-indexer/opensearch-security/roles.yml \
    /etc/wazuh-dashboard/opensearch_dashboards.yml \
    /etc/default/wazuh-dashboard \
    /etc/wazuh-dashboard/opensearch_dashboards.keystore; do
    grep -q "# This file should not be modified during the upgrade." "$file" && echo "PASSED: The phrase keeps appearing in: $file. The file has not been modified" || echo "FAILED: Missing phrase in $file. The file could have been modified"
done
PASSED: The phrase keeps appearing in: /etc/wazuh-indexer/opensearch-security/config.yml. The file has not been modified
PASSED: The phrase keeps appearing in: /etc/wazuh-indexer/jvm.options. The file has not been modified
PASSED: The phrase keeps appearing in: /etc/wazuh-indexer/opensearch.yml. The file has not been modified
PASSED: The phrase keeps appearing in: /etc/wazuh-indexer/opensearch-security/internal_users.yml. The file has not been modified
PASSED: The phrase keeps appearing in: /etc/wazuh-indexer/opensearch-security/roles_mapping.yml. The file has not been modified
PASSED: The phrase keeps appearing in: /etc/wazuh-indexer/opensearch-security/roles.yml. The file has not been modified
PASSED: The phrase keeps appearing in: /etc/wazuh-dashboard/opensearch_dashboards.yml. The file has not been modified
PASSED: The phrase keeps appearing in: /etc/default/wazuh-dashboard. The file has not been modified
PASSED: The phrase keeps appearing in: /etc/wazuh-dashboard/opensearch_dashboards.keystore. The file has not been modified