Validate & test packages - Iter. 1

[AlexRuiz7]

Description

We have developed tools to generate packages of wazuh-indexer from a given commit of this repository. In order to verify that these packages are worthy, we need to validate their contents and test them.

Use previous tests as a guideline.

• https://github.com/wazuh/wazuh/issues/20703

Tasks

For assembled RPM and DEB packages generated using our tools, we need to:

• [x] Validate their content. We expect the packages to contain the same amount of files as in previous packages of wazuh-indexer (4.7.0).
• [x] Test the packages' lifecycle. We expect the packages to upgrade, install and uninstall successfully. Moreover, wazuh-indexer must work without errors.

Test requirements and restrictions

During the packages' validation step, download and extract the fork (4.9.0) and pre-fork (4.7.0) packages for the same distribution (deb / rpm), and compare its contents. An example of this procedure can be seen here.

If you find differences in their contents, note them as follows:

• New files represent a Warning.
• Missing files represent a Failure.

It is not required to verify the content of the files themselves, but do check important configuration files as /etc/wazuh-indexer/jvm.options and /etc/wazuh-indexer/opensearch.yml.

For the packages' testing step, download and install the fork (4.9.0) and pre-fork packages (4.7.0) and test that:

• Following the upgrade guide, wazuh-indexer upgrades from 4.7.0 to 4.9.0 successfully, meaning there are no errors in the logs, the service is active, and the cluster is in green state (see the notes below for more information).
• Following the uninstallation guide, wazuh-indexer and all its contents are removed from the system.
• Following the installation guide, wazuh-indexer installs, meaning there are no errors in the logs, the service is active, and the cluster is in green state (see the notes below for more information).
• For the installation, do also check file permissions.

Legend

🟢	Success
🟠	Warning
🔴	Failure

Notes

• logs: /var/log/wazuh-indexer/wazuh-cluster.log
• journalctl: journalctl -xeu wazuh-indexer
• service: systemctl status wazuh-indexer
• cluster state: curl -X PUT "https://<WAZUH_INDEXER_IP>:9200/_cluster/health" -u <username>:<password>
• For the installation, the addition of the Wazuh repository can be skipped. Install the package directly (yum localinstall <path-to-package> or dpkg -i <path-to-package>).

[f-galland]

.deb Package content validation:

Tests were run using pkgdiff:

pkgdiff wazuh-indexer_4.7.1-1_amd64.deb wazuh-indexer_4.9.0_amd64.deb

Dependency changes:

| Name | Status | Old Version | New Version | |--------|---------|---------------|----------------| |adduser|removed||| |debconf|removed||| |procps|removed||| libasound2 |added ||>= 1.0.16| libc6 |added ||>= 2.9| libfreetype6 |added ||>= 2.3.5| libx11-6 |added ||| libxext6 |added ||| libxi6 |added ||| libxrender1 |added ||| libxtst6 |added ||| zlib1g |added ||>= 1.2.2|

Shared library changes:

|Name |Status | |-----|-------| |/usr/share/wazuh-indexer/plugins/opensearch-knn/lib/libgomp.so.1 |removed | |/usr/share/wazuh-indexer/plugins/opensearch-knn/lib/libopensearchknn_common.so |removed | |/usr/share/wazuh-indexer/plugins/opensearch-knn/lib/libopensearchknn_faiss.so |removed | |/usr/share/wazuh-indexer/plugins/opensearch-knn/lib/libopensearchknn_nmslib.so |removed |

Shell program changes:

|Name |Status |Delta |Visual Diff| |-----|-------|------|-----------| |/usr/share/wazuh-indexer/plugins/opensearch-security/tools/install_demo_configuration.sh |added ||| |/usr/share/wazuh-indexer/bin/indexer-ism-init.sh |added ||| |/usr/share/wazuh-indexer/bin/indexer-init.sh |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-certs-tool.sh |removed |||

Symbolic Links:

|Name |Status| |-----|------| |/usr/share/wazuh-indexer/data |added| |/usr/share/wazuh-indexer/logs |added |

Policy Files:

|Name |Status |Delta |Visual Diff| |-----|-------|------|------| |/usr/share/wazuh-indexer/plugins/opensearch-geospatial/plugin-security.policy |added |||

YAML Files:

|Name |Status |Delta |Visual Diff| |-----|-------|------|------| |/usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.yml |removed |||

Directories:

|Name |Status| |-----|------| |/usr/share/lintian |added| |/usr/share/lintian/overrides |added| |/var/run |added| |/var/run/wazuh-indexer |added| |/usr/share/wazuh-indexer/plugins/opensearch-knn/lib |removed|

Archives:

|Name |Status |Delta |Visual Diff| |-----|-------|------|------| |/usr/share/wazuh-indexer/plugins/opensearch-sql/spark-2.11.1.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-sql/kotlin-stdlib-jdk8-1.8.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-sql/kotlin-stdlib-jdk7-1.9.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-sql/ipaddress-5.4.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-sql/commons-validator-1.7.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-sql/commons-digester-2.1.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-sql/commons-beanutils-1.9.4.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-sql/aws-java-sdk-emrserverless-1.12.545.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-sql/aws-java-sdk-emr-1.12.545.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-security/scala-java8-compat_3-1.0.2.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-security/passay-1.6.4.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-security/json-base-2.4.3.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-security/google-java-format-1.17.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-security/commons-lang3-3.13.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-security/commons-io-2.13.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-security-analytics/guava-32.0.1-jre.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-security-analytics/google-java-format-1.17.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-neural-search/opensearch-neural-search-2.11.1.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-neural-search/json-20230227.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-neural-search/gson-2.10.1.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-neural-search/commons-text-1.10.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/utils-2.20.19.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/third-party-jackson-core-2.20.19.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/sdk-core-2.20.19.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/regions-2.20.19.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/reactive-streams-1.0.3.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/profiles-2.20.19.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/opensearch-ml-search-processors-2.11.1.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/opensearch-ml-memory-2.11.1.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/metrics-spi-2.20.19.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/json-utils-2.20.19.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/json-path-2.8.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/json-20231013.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/httpcore5-5.2.1.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/http-client-spi-2.20.19.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/eventstream-1.0.1.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/endpoints-spi-2.20.19.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/bcprov-ext-jdk18on-1.75.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/aws-encryption-sdk-java-2.4.1.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/auth-2.20.19.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/asm-9.3.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/apache-client-2.20.19.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/annotations-2.20.19.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/accessors-smart-2.4.9.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-job-scheduler/google-java-format-1.17.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-geospatial/opensearch-geospatial-2.11.1.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-geospatial/ipaddress-5.4.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-geospatial/commons-csv-1.10.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-jdk8-1.8.21.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-jdk7-1.8.21.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/randomcutforest-parkservices-3.8.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-jdk8-1.8.21.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-jdk7-1.8.21.jar |added ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/reactive-streams-1.0.3.jar |added ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/r2dbc-spi-0.9.0.RELEASE.jar |added ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/objenesis-2.6.jar |added ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/mockito-core-2.23.0.jar |added ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jooq-3.16.20.jar |added ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jakarta.xml.bind-api-3.0.0.jar |added ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jakarta.annotation-api-1.3.5.jar |added ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jakarta.activation-2.0.0.jar |added ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/byte-buddy-agent-1.9.0.jar |added ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/byte-buddy-1.9.0.jar |added ||| |/usr/share/wazuh-indexer/lib/zstd-jni-1.5.5-5.jar |added ||| |/usr/share/wazuh-indexer/lib/opensearch-telemetry-2.11.1.jar |added ||| |/usr/share/wazuh-indexer/lib/opensearch-core-2.11.1.jar |added ||| |/usr/share/wazuh-indexer/lib/opensearch-compress-2.11.1.jar |added ||| |/usr/share/wazuh-indexer/lib/opensearch-common-2.11.1.jar |added ||| |/usr/share/wazuh-indexer/lib/jzlib-1.1.3.jar |added ||| |/usr/share/wazuh-indexer/lib/jakarta.annotation-api-1.3.5.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-sql/kotlin-stdlib-jdk7-1.4.30.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-security/zstd-jni-1.5.2-1.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-security/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-security/json-path-2.4.0.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-security/jakarta.annotation-api-1.3.5.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-security/commons-lang-2.4.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/j2objc-annotations-1.3.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-neural-search/opensearch-neural-search-2.8.0.0.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-geospatial/opensearch-geospatial-2.8.0.0.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-jdk8-1.6.0.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-jdk7-1.6.0.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/randomcutforest-parkservices-3.0-rc3.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-jdk8-1.6.10.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-jdk7-1.6.10.jar |removed ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar |removed ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jooq-3.10.8.jar |removed ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/javax.annotation-api-1.3.2.jar |removed ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/j2objc-annotations-1.3.jar |removed ||| |/usr/share/wazuh-indexer/lib/opensearch-core-2.8.0.jar |removed ||| |/usr/share/wazuh-indexer/lib/opensearch-common-2.8.0.jar |removed ||| |/usr/share/wazuh-indexer/lib/hppc-0.8.1.jar |removed || |/usr/share/wazuh-indexer/plugins/opensearch-security/json-smart-2.4.10.jar |moved |0.001% || |/usr/share/wazuh-indexer/plugins/opensearch-ml/json-smart-2.4.10.jar|moved|| |/usr/share/wazuh-indexer/plugins/opensearch-security/commons-collections-3.2.2.jar |moved |0.01% || |/usr/share/wazuh-indexer/plugins/opensearch-sql/commons-collections-3.2.2.jar|moved||

Text Files:

|Name |Status |Delta |Visual Diff| |-----|-------|------|------| |/usr/share/lintian/overrides/wazuh-indexer |added ||

Significant files diffs:

### /etc/wazuh-indexer/jvm.options ``` # JDK 20+ Incubating Vector Module for SIMD optimizations; # disabling may reduce performance on vector optimized lucene 20:--add-modules=jdk.incubator.vector # HDFS ForkJoinPool.common() support by SecurityManager -Djava.util.concurrent.ForkJoinPool.common.threadFactory=org.opensearch.secure_sm.SecuredForkJoinWorkerThreadFactory ```

[f-galland]

.rpm Packages validation:

Tests were run using pkgdiff:

pkgdiff wazuh-indexer-4.7.1-1.x86_64.rpm wazuh-indexer-4.9.0-1.x86_64.rpm

Shared libraries:

|Name |Status |Delta |Visual Diff| |-----|-------|------|------| |/usr/share/wazuh-indexer/plugins/opensearch-knn/lib/libgomp.so.1 |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-knn/lib/libopensearchknn_common.so |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-knn/lib/libopensearchknn_faiss.so |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-knn/lib/libopensearchknn_nmslib.so |removed |||

Shell Programs:

|Name |Status |Delta |Visual| |-----|-------|------|------| |Diff| |/usr/share/wazuh-indexer/plugins/opensearch-security/tools/install_demo_configuration.sh |added ||| |/usr/share/wazuh-indexer/bin/indexer-ism-init.sh |added ||| |/usr/share/wazuh-indexer/bin/indexer-init.sh |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-certs-tool.sh |removed |||

Configuration files:

|Name |Status |Delta |Visual Diff| |-----|-------|------|------| |/var/lib/wazuh-indexer/performance_analyzer_enabled.conf |added ||| |/var/lib/wazuh-indexer/rca_enabled.conf |added |||

Symbolic Links:

|Name |Status |Delta |Visual Diff| |-----|-------|------|------| |/usr/share/wazuh-indexer/data |added ||| |/usr/share/wazuh-indexer/logs |added |||

Policy Files:

|Name |Status |Delta |Visual Diff| |-----|-------|------|------| |/usr/share/wazuh-indexer/plugins/opensearch-geospatial/plugin-security.policy |added |||

YAML Files:

|Name |Status |Delta |Visual Diff| |-----|-------|------|------| |/usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.yml |removed |||

Directories:

|Name |Status| |-----|------| |/var/run |added| |/var/run/wazuh-indexer |added| |/usr/share/wazuh-indexer/plugins/opensearch-knn/lib |removed|

Archives:

|Name |Status |Delta |Visual Diff| |-----|-------|------|------| |/usr/share/wazuh-indexer/lib/jakarta.annotation-api-1.3.5.jar |added ||| |/usr/share/wazuh-indexer/lib/jzlib-1.1.3.jar |added ||| |/usr/share/wazuh-indexer/lib/opensearch-common-2.11.1.jar |added ||| |/usr/share/wazuh-indexer/lib/opensearch-compress-2.11.1.jar |added ||| |/usr/share/wazuh-indexer/lib/opensearch-core-2.11.1.jar |added ||| |/usr/share/wazuh-indexer/lib/opensearch-telemetry-2.11.1.jar |added ||| |/usr/share/wazuh-indexer/lib/zstd-jni-1.5.5-5.jar |added ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/byte-buddy-1.9.0.jar |added ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/byte-buddy-agent-1.9.0.jar |added ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jakarta.activation-2.0.0.jar |added ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jakarta.annotation-api-1.3.5.jar |added ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jakarta.xml.bind-api-3.0.0.jar |added ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jooq-3.16.20.jar |added ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/mockito-core-2.23.0.jar |added ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/objenesis-2.6.jar |added ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/r2dbc-spi-0.9.0.RELEASE.jar |added ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/reactive-streams-1.0.3.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-jdk7-1.8.21.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-jdk8-1.8.21.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/randomcutforest-parkservices-3.8.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-jdk7-1.8.21.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-jdk8-1.8.21.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-geospatial/commons-csv-1.10.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-geospatial/ipaddress-5.4.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-geospatial/opensearch-geospatial-2.11.1.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-job-scheduler/google-java-format-1.17.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/accessors-smart-2.4.9.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/annotations-2.20.19.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/apache-client-2.20.19.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/asm-9.3.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/auth-2.20.19.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/aws-encryption-sdk-java-2.4.1.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/bcprov-ext-jdk18on-1.75.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/endpoints-spi-2.20.19.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/eventstream-1.0.1.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/http-client-spi-2.20.19.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/httpcore5-5.2.1.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/json-20231013.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/json-path-2.8.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/json-utils-2.20.19.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/metrics-spi-2.20.19.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/opensearch-ml-memory-2.11.1.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/opensearch-ml-search-processors-2.11.1.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/profiles-2.20.19.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/reactive-streams-1.0.3.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/regions-2.20.19.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/sdk-core-2.20.19.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/third-party-jackson-core-2.20.19.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-ml/utils-2.20.19.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-neural-search/commons-text-1.10.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-neural-search/gson-2.10.1.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-neural-search/json-20230227.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-neural-search/opensearch-neural-search-2.11.1.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-security-analytics/google-java-format-1.17.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-security-analytics/guava-32.0.1-jre.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-security/commons-io-2.13.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-security/commons-lang3-3.13.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-security/google-java-format-1.17.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-security/json-base-2.4.3.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-security/passay-1.6.4.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-security/scala-java8-compat_3-1.0.2.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-sql/aws-java-sdk-emr-1.12.545.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-sql/aws-java-sdk-emrserverless-1.12.545.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-sql/commons-beanutils-1.9.4.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-sql/commons-digester-2.1.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-sql/commons-validator-1.7.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-sql/ipaddress-5.4.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-sql/kotlin-stdlib-jdk7-1.9.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-sql/kotlin-stdlib-jdk8-1.8.0.jar |added ||| |/usr/share/wazuh-indexer/plugins/opensearch-sql/spark-2.11.1.0.jar |added ||| |/usr/share/wazuh-indexer/jdk/lib/jrt-fs.jar |changed |0.001% || |/usr/share/wazuh-indexer/plugins/opensearch-security/commons-collections-3.2.2.jar |moved |0% || |/usr/share/wazuh-indexer/plugins/opensearch-sql/commons-collections-3.2.2.jar |moved |0% || |/usr/share/wazuh-indexer/plugins/opensearch-security/json-smart-2.4.10.jar |moved |0% || |/usr/share/wazuh-indexer/plugins/opensearch-ml/json-smart-2.4.10.jar |moved |0% || |/usr/share/wazuh-indexer/lib/hppc-0.8.1.jar |removed ||| |/usr/share/wazuh-indexer/lib/opensearch-common-2.8.0.jar |removed ||| |/usr/share/wazuh-indexer/lib/opensearch-core-2.8.0.jar |removed ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/j2objc-annotations-1.3.jar |removed ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/javax.annotation-api-1.3.2.jar |removed ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jooq-3.10.8.jar |removed ||| |/usr/share/wazuh-indexer/performance-analyzer-rca/lib/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-jdk7-1.6.10.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-jdk8-1.6.10.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/randomcutforest-parkservices-3.0-rc3.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-jdk7-1.6.0.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-jdk8-1.6.0.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-geospatial/opensearch-geospatial-2.8.0.0.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-neural-search/opensearch-neural-search-2.8.0.0.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/j2objc-annotations-1.3.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-security/commons-lang-2.4.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-security/jakarta.annotation-api-1.3.5.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-security/json-path-2.4.0.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-security/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-security/zstd-jni-1.5.2-1.jar |removed ||| |/usr/share/wazuh-indexer/plugins/opensearch-sql/kotlin-stdlib-jdk7-1.4.30.jar |removed |||

[f-galland]

.deb package install:

Errors are thrown during installation on Ubuntu 22.04:

/usr/lib/tmpfiles.d/wazuh-indexer.conf:1: Failed to resolve user 'wazuh-indexer': No such process
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
Processing triggers for man-db (2.10.2-1) ...
needrestart is being skipped since dpkg has failed

Step 2, section on deploying certificates from the step-by-step installation guide fails 🔴

root@pkg-tests-ubuntu2204:~# mkdir /etc/wazuh-indexer/certs  
tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem
mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem
mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem
chmod 500 /etc/wazuh-indexer/certs
chmod 400 /etc/wazuh-indexer/certs/*
chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs
chown: invalid user: ‘wazuh-indexer:wazuh-indexer’

The service cannot be started due to lack of a wazuh-indexer user's credentials:

Jan 08 10:45:41 pkg-tests-ubuntu2204 systemd[34965]: wazuh-indexer.service: Failed to determine user credentials: No such process
Jan 08 10:45:41 pkg-tests-ubuntu2204 systemd[34965]: wazuh-indexer.service: Failed at step USER spawning /usr/share/wazuh-indexer/bin/systemd-entrypoint: No such process

[f-galland]

.rpm package install:

After following the steps of the step-by-step installation guide:

[root@alma8 ~]# rpm -i wazuh-indexer-4.9.0-1.x86_64.rpm 
warning: %post(wazuh-indexer-4.9.0-1.x86_64) scriptlet failed, exit status 255
[/usr/lib/tmpfiles.d/wazuh-indexer.conf:1] Line references path below legacy directory /var/run/, updating /var/run/wazuh-indexer → /run/wazuh-indexer; please update the tmpfiles.d/ drop-in file accordingly.

Wazuh indexer installed service 🟢

[root@alma8 ~]# systemctl status wazuh-indexer
● wazuh-indexer.service - wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2024-01-08 09:52:09 -03; 6s ago
     Docs: https://documentation.wazuh.com
 Main PID: 33388 (java)
    Tasks: 67 (limit: 23148)
   Memory: 1.3G
   CGroup: /system.slice/wazuh-indexer.service
           └─33388 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch >

Jan 08 09:52:01 alma8 systemd[1]: Starting wazuh-indexer...
Jan 08 09:52:02 alma8 systemd-entrypoint[33388]: WARNING: A terminally deprecated method in java.lang.System has been called
Jan 08 09:52:02 alma8 systemd-entrypoint[33388]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opense>
Jan 08 09:52:02 alma8 systemd-entrypoint[33388]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Jan 08 09:52:02 alma8 systemd-entrypoint[33388]: WARNING: System::setSecurityManager will be removed in a future release
Jan 08 09:52:03 alma8 systemd-entrypoint[33388]: WARNING: A terminally deprecated method in java.lang.System has been called
Jan 08 09:52:03 alma8 systemd-entrypoint[33388]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensear>
Jan 08 09:52:03 alma8 systemd-entrypoint[33388]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Jan 08 09:52:03 alma8 systemd-entrypoint[33388]: WARNING: System::setSecurityManager will be removed in a future release
Jan 08 09:52:09 alma8 systemd[1]: Started wazuh-indexer.

Wazuh Indexer templates created 🔴

[root@alma8 ~]# curl -u admin:admin -k https://127.0.0.1:9200/_cat/templates?pretty
ss4o_metrics_template [ss4o_metrics-*-*] 1 1 []
ss4o_traces_template  [ss4o_traces-*-*]  1 1 []

Wazuh indexer configuration 🟢

network.host: "127.0.0.1"
node.name: "node-1"
cluster.initial_master_nodes:
- "node-1"
#- "node-2"
#- "node-3"
cluster.name: "wazuh-cluster"
#discovery.seed_hosts:
#  - "node-1-ip"
#  - "node-2-ip"
#  - "node-3-ip"
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer

plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false

plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=node-1,OU=Wazuh,O=Wazuh,L=California,C=US"
#- "CN=node-2,OU=Wazuh,O=Wazuh,L=California,C=US"
#- "CN=node-3,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"

plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".plugins-ml-model", ".plugins-ml-task", ".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opensearch-notifications-*", ".opensearch-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]

### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true

Wazuh indexer cluster node communication and configuration 🟢

[root@alma8 ~]# curl -u admin:admin -k https://127.0.0.1:9200/_cluster/state/nodes?pretty
{
  "cluster_name" : "wazuh-cluster",
  "cluster_uuid" : "Ahnojj7_SbeTuvhiIpUV5Q",
  "nodes" : {
    "6jzqfpZNSEGBna7qUkWHnQ" : {
      "name" : "node-1",
      "ephemeral_id" : "YfFLp7I7RXK7xkZLQqnb_A",
      "transport_address" : "127.0.0.1:9300",
      "attributes" : {
        "shard_indexing_pressure_enabled" : "true"
      }
    }
  }
}

Wazuh indexer cluster status 🟢

[root@alma8 ~]# curl -k -u admin:admin https://127.0.0.1:9200
{
  "name" : "node-1",
  "cluster_name" : "wazuh-cluster",
  "cluster_uuid" : "Ahnojj7_SbeTuvhiIpUV5Q",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "7fe12a1cf2b73a0e100f91ecc7d987221d91842a",
    "build_date" : "2024-01-04T19:04:53.211432Z",
    "build_snapshot" : false,
    "lucene_version" : "9.7.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}

Wazuh indexer packages uninstallation procedure 🟢

[root@alma8 ~]# yum remove wazuh-indexer
Dependencies resolved.
======================================================================================================================================================================================
 Package                                        Architecture                            Version                                  Repository                                      Size
======================================================================================================================================================================================
Removing:
 wazuh-indexer                                  x86_64                                  4.9.0-1                                  @@commandline                                  980 M

Transaction Summary
======================================================================================================================================================================================
Remove  1 Package

Freed space: 980 M
Is this ok [y/N]: y
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                              1/1 
  Running scriptlet: wazuh-indexer-4.9.0-1.x86_64                                                                                                                                 1/1 
Stop existing wazuh-indexer.service

  Erasing          : wazuh-indexer-4.9.0-1.x86_64                                                                                                                                 1/1 
warning: file /var/run/wazuh-indexer: remove failed: No such file or directory
warning: /var/lib/wazuh-indexer/rca_enabled.conf saved as /var/lib/wazuh-indexer/rca_enabled.conf.rpmsave
warning: /var/lib/wazuh-indexer/performance_analyzer_enabled.conf saved as /var/lib/wazuh-indexer/performance_analyzer_enabled.conf.rpmsave
warning: /etc/wazuh-indexer/opensearch.yml saved as /etc/wazuh-indexer/opensearch.yml.rpmsave

  Running scriptlet: wazuh-indexer-4.9.0-1.x86_64                                                                                                                                 1/1 
  Verifying        : wazuh-indexer-4.9.0-1.x86_64                                                                                                                                 1/1 

Removed:
  wazuh-indexer-4.9.0-1.x86_64                                                                                                                                                        

Complete!

[AlexRuiz7]

Issues than open from this testing:

• https://github.com/wazuh/wazuh-indexer/issues/101
• https://github.com/wazuh/wazuh-indexer/issues/102
• https://github.com/wazuh/wazuh-indexer/issues/103
• https://github.com/wazuh/wazuh-indexer/issues/104
• https://github.com/wazuh/wazuh-indexer/issues/105
• https://github.com/wazuh/wazuh-indexer/issues/106
• https://github.com/wazuh/wazuh-indexer/issues/107
• https://github.com/wazuh/wazuh-indexer/issues/108

Current testing iteration of wazuh-indexer@4.9.0 packages concluded with errors. We'll work on these issues and open a new testing iteration.