Indexer package v2 - update to 1.2.4

[okynos]

Hello!

We want to upgrade our indexer package to 1.2.4 version. To achieve that we have to accomplish:

• [x] Download and prepare new 1.2.4 base
  • [x] Remove symbolic links
  • [x] Remove unused files .bat, readme, ...
  • [x] Create /etc, /usr folders to store services
  • [x] Include demo certs and demo configuration
  • [x] Compile Systemd 1.2.4 module with Gradle
  • [x] Pack and upload to warehouse
• [x] Generate new package with produced tools
  • [x] Include securityadmin_wrapper.sh
• [x] Test in officially supported systems.
  • [x] CentOS 7
  • [x] CentOS 8
  • [x] Amazon Linux 2
  • [x] Ubuntu 16.04
  • [x] Ubuntu 18.04
  • [x] Ubuntu 20.04
  • [x] RedHat Enterprise Linux 7
  • [x] RedHat Enterprise Linux 8
• [x] Upload package to pre-release

[okynos]

Hello team,

We have included the following changes:

• eddf9321cadbffeb523fa48f6b237ae903f6be0f, Added securityadmin_wrapper.sh script to launch security admin on indexer installed nodes, we need to include into the package on build procedure.
• 7a438eba4f15370a12394122a7dfe4d756c971b5, We have added the new files of 1.2.4 release also we have updated versions and removed no longer required files.
• cc1effe3f32dfcd164d204e4a61b06f2e2f90459, Same applied to Debian SPECs.

We have generated new V2 packages but they need more development: DEB: https://s3.amazonaws.com/warehouse.wazuh.com/stack/indexer/stable/v2/wazuh-indexer_4.3.0-1_amd64.deb RPM: https://s3.amazonaws.com/warehouse.wazuh.com/stack/indexer/stable/v2/wazuh-indexer-4.3.0-1.x86_64.rpm

[okynos]

Hello team,

We need to compare original SPECs with current developed ones, to achieve that we will link the compared original documents from OpenSearch:

• Postinstall
• Preinstall
• Preremove
• Postremove
• Posttrans

Our scripts:

• Postinstall
• Preinstall
• Preremove
• Postremove
• Posttrans, doesn't exists

We will analyze each section of each script

---

Postinstall

OpenSearch L11-L14 load the default vars Indexer L31-L33 the same.

OpenSearch L16 export OPENSEARCH_PATH_CONF variable Indexer Not used

OpenSearch L53-L56 Indexer L36-L38 Added sysctl service restart to load /usr/lib/sysctl.d/wazuh-indexer.conf

OpenSearch L20-L51, Selection of different actions to take, upgrade and package (makes no sense on Debian specific scripts) Indexer L42, If it is an install perform actions of install, else is an upgrade

OpenSearch L58-L77, Check system command and suggest an action with echo Indexer L80-L104, perform restart of the indexer service

OpenSearch L78-L101, perform a service restart if the variable RESTART_ON_UPGRADE is set. Indexer Done in upgrade step

OpenSearch L103-L118, Perform keystore generation Indexer doesn't perform this action keystore has to be created by user with the required stored credentials.

Indexer L45-L48, set up folders user and group

Indexer L50-L59, Prepare RCA and performance analyzer files

Indexer L63-L69, Include performance ana;yzer options into jvm.options file.

Indexer L73-L77, Configure host file limits.

---

Postremove

OpenSearch L1-L52, Same as postinstall Indexer L26-L54, the same

OpenSearch L54-L105, perform removal of:

• /var/log/opensearch
• /usr/share/opensearch/plugins
• /usr/share/opensearch/bin
• /var/run/opensearch
• /var/lib/opensearch if the folder is empty
• /usr/share/opensearch/config/jvm.options.d only if it is empty
• /usr/chare/opensearch/config only if it is empty Indexer L56-L80, Remove:
• /usr/share/wazuh-indexer
• /run/wazuh-indexer
• /etc/wazuh-indexer Only removed on purge
• /var/log/wazuh-indexer remove only if it is empty
• /var/lib/wazuh-indexer NEVER REMOVED.

OpenSearch L107-L115, Remove User and group Indexer L83-L95, perform the same

---

Preinstall

OpenSearch L1-L23, Same as postinstall Indexer L26-L29, the same

OpenSearch L25-L81, Create User and group if they don't exists in upgrade or install Indexer L31-L67, Create the user and group if they don't exists only on installations.

---

Preremove

Both perform the same action with one detail OpenSearch Include keystore management and restart variable Indexer manage this matter in postinstall upgrade and include service stop on purge (little fix)

---

Posttrans

OpenSearch manage the keystore file, create Indexer doesn't create or manage such file.

By the way we have done this changes today:

• c7fb22238b7ccd8893942cf251bfb3d584ff1c1d we have added to the package and SPECs the securityadmin_wrapper.sh script to perform security configuration easily
• We have fixed a problem with systemd module inside base indexer package.

DEB: https://s3.amazonaws.com/warehouse.wazuh.com/stack/indexer/stable/v2/wazuh-indexer_4.3.0-1_amd64.deb RPM: https://s3.amazonaws.com/warehouse.wazuh.com/stack/indexer/stable/v2/wazuh-indexer-4.3.0-1.x86_64.rpm

[alberpilot]

Postinstall

OpenSearch L11-L14 load the default vars Indexer L31-L33 the same.

Ok.

OpenSearch L16 export OPENSEARCH_PATH_CONF variable Indexer Not used

Let's include it and let's include the code where is used this variable. In those cases where Keystore code is changed, we need to do the same.

OpenSearch L53-L56 Indexer L36-L38 Added sysctl service restart to load /usr/lib/sysctl.d/wazuh-indexer.conf

Ok

OpenSearch L20-L51, Selection of different actions to take, upgrade and package (makes no sense on Debian specific scripts) Indexer L42, If it is an install perform actions of install, else is an upgrade

Ok. (Not related change requested in PR).

OpenSearch L58-L77, Check system command and suggest an action with echo Indexer L80-L104, perform restart of the indexer service

Ok

OpenSearch L78-L101, perform a service restart if the variable RESTART_ON_UPGRADE is set. Indexer Done in upgrade step

Ok

OpenSearch L103-L118, Perform keystore generation Indexer doesn't perform this action keystore has to be created by user with the required stored credentials.

As mentioned before, let's include the same behavior in wazuh-indexer installer.

Indexer L45-L48, set up folders user and group

Ok

Indexer L50-L59, Prepare RCA and performance analyzer files

Ok

Indexer L63-L69, Include performance ana;yzer options into jvm.options file.

Ok

Indexer L73-L77, Configure host file limits.

Ok

Postremove

OpenSearch L1-L52, Same as postinstall Indexer L26-L54, the same

Ok

OpenSearch L54-L105, perform removal of:

/var/log/opensearch /usr/share/opensearch/plugins /usr/share/opensearch/bin /var/run/opensearch /var/lib/opensearch if the folder is empty /usr/share/opensearch/config/jvm.options.d only if it is empty /usr/chare/opensearch/config only if it is empty Indexer L56-L80, Remove: /usr/share/wazuh-indexer /run/wazuh-indexer /etc/wazuh-indexer Only removed on purge /var/log/wazuh-indexer remove only if it is empty /var/lib/wazuh-indexer NEVER REMOVED.

Ok

OpenSearch L107-L115, Remove User and group Indexer L83-L95, perform the same

Ok

Preinstall

OpenSearch L1-L23, Same as postinstall Indexer L26-L29, the same

Ok

OpenSearch L25-L81, Create User and group if they don't exists in upgrade or install Indexer L31-L67, Create the user and group if they don't exists only on installations.

Ok

Preremove

Both perform the same action with one detail OpenSearch Include keystore management and restart variable Indexer manage this matter in postinstall upgrade and include service stop on purge (little fix)

Ok

Posttrans

OpenSearch manage the keystore file, create Indexer doesn't create or manage such file.

Mentioned before.

By the way we have done these changes today:

c7fb222 we have added to the package and SPECs the securityadmin_wrapper.sh script to perform security configuration easily We have fixed a problem with systemd module inside base indexer package. DEB: https://s3.amazonaws.com/warehouse.wazuh.com/stack/indexer/stable/v2/wazuh-indexer_4.3.0-1_amd64.deb RPM: https://s3.amazonaws.com/warehouse.wazuh.com/stack/indexer/stable/v2/wazuh-indexer-4.3.0-1.x86_64.rpm

Nice.

[okynos]

Hello team,

Tasks performed on 3 Feb:

• e6b6ea16f6edba26649cf1b9635e39166c3d6076, Merged poc-indexer into big-product branch
• 1fcd99dd7bc24256a8583498d46a31a8490f3080, Minor PR fix on RPM SPEC header
• 0d74a7510d60abb20346e776f89dc39d82f02ecb, Minor comment fix
• cfb4b3e75f715926c63793915f88628d99a5b4c1, Fix Capital letters in SPECs
• e7e9888c258aaf4f5e9b1ede46a895fba485a98e, Removed CentOS 6 workaround in centOS
• ea35c66cf30d31e143f7478fa63c9c5782d3c48c, Changed the comment in postinstall
• 5950942f438de1d1baf219052b8aaf4981a2bae3, Same
• 2ad2a4d3f73601e0c7374c2eb0155229f3e69147, Removed old indexer folder

Today we have performed some fixes and tests over various systems

Tasks:

• 236c1534f876ff688fb5945b4885e12d8322c35d, Fixed bad variable export into Debian SPECs
• 2f48fc850a3653c295c536eafeca396e602ca70c, Update builder docker to rockylinux, applied fixes of original OpenSearch
• 2e2239f4e1b6daeff1641a86bf182152a8ead0a2, Apply unattended improvements to securityadmin_wrapper.sh script
• 1d8574d4a4432812a96ca32a9e0e4e206f8dae66, Apply fix to manager and agent packages to manage wazuh group among with others.

[okynos]

Hi team,

We have encountered some problems to update CentOS 8 due to the lack of working repositories (vault doesn't seems to work too) We will assume that CentOS 8 and RHEL 8 will work the same way.

We will end up this development merging that into general branch