search

wazuh / wazuh-kubernetes

Wazuh - Wazuh Kubernetes
https://wazuh.com/
GNU General Public License v2.0
268 stars 164 forks source link

Wazuh with EFS creating errors and giving permission denied issue. #386

Open apeksha73 opened 1 year ago

apeksha73 commented 1 year ago

Hello, I am trying to install wazuh application on EKS cluster. I have followed all the steps in the documentation given. I am using EFS instead of EBS. I am pasting the error logs I am facing with indexer, master and worker pods and also respective yamls. Please let help me to fix this issue, i am working on this from long time trying many other ways but nothing helped.

Screenshot 2023-07-06 at 15 56 43

Indexer container - volume-mount-hack throwing the below error chown: /var/lib/wazuh-indexer: Operation not permitted chown: /var/lib/wazuh-indexer: Operation not permitted

wazuh-manager-master throwing below error [cont-init.d] 0-wazuh-init: exited 1. 2023-07-05T13:14:43.365904033Z [cont-init.d] 1-config-filebeat: executing... 2023-07-05T13:14:43.369691212Z Customize Elasticsearch ouput IP 2023-07-05T13:14:43.396451189Z sed: cannot rename /etc/filebeat/sedkd9Irz: Device or resource busy 2023-07-05T13:14:43.399241781Z [cont-init.d] 1-config-filebeat: exited 4. 2023-07-05T13:14:43.400376673Z [cont-init.d] 2-manager: executing... 2023-07-05T13:14:47.330235380Z Traceback (most recent call last): 2023-07-05T13:14:47.330260107Z File "/var/ossec/framework/scripts/create_user.py", line 72, in <module> 2023-07-05T13:14:47.330351846Z create_rbac_db() 2023-07-05T13:14:47.330361881Z File "/var/ossec/framework/python/lib/python3.9/site-packages/wazuh-4.4.4-py3.9.egg/wazuh/rbac/orm.py", line 2456, in create_rbac_db 2023-07-05T13:14:47.330875763Z chown(_auth_db_file, wazuh_uid(), wazuh_gid()) 2023-07-05T13:14:47.330883067Z File "/var/ossec/framework/python/lib/python3.9/shutil.py", line 1340, in chown 2023-07-05T13:14:47.331237240Z os.chown(path, _user, _group) 2023-07-05T13:14:47.331249737Z PermissionError: [Errno 1] Operation not permitted: '/var/ossec/api/configuration/security/rbac.db' 2023-07-05T13:14:47.436440007Z There was an error configuring the API user 2023-07-05T13:14:47.437559788Z [cont-init.d] 2-manager: exited 0. 2023-07-05T13:14:47.438462695Z [cont-init.d] done. 2023-07-05T13:14:47.439444518Z [services.d] starting services 2023-07-05T13:14:47.444346687Z s6-svscanctl: fatal: unable to control /var/run/s6/services: supervisor not listening 2023-07-05T13:14:47.449577466Z [cont-finish.d] executing container finish scripts... 2023-07-05T13:14:47.450477979Z [cont-finish.d] done. 2023-07-05T13:14:47.452274143Z [s6-finish]

waiting for services.

Wed, Jul 5 2023 3:14:47 pms6-svwait: fatal: unable to subscribe to events for /var/run/s6/services/ossec-logs: No such file or directory 2023-07-05T13:14:47.662522403Z [s6-finish] sending all processes the TERM signal. 2023-07-05T13:14:50.668488829Z [s6-finish] sending all processes the KILL signal and exiting.

I am using the latest version docker images for all 4.4.4

apeksha73 commented 1 year ago

Hello @vcerenu Can you please help me here? I am really looking forward for a solution here