Closed rauldpm closed 11 months ago
All error/warning messages have been reported in the following issues:
The following error is new and requires further investigation to determine the impact of its presence
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:19,120][ERROR][o.o.s.t.SecurityRequestHandler] [node-1] OpenSearchException[Transport client authentication no longer supported.]
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:19,121][ERROR][o.o.s.t.SecurityRequestHandler] [node-1] OpenSearchException[Transport client authentication no longer supported.]
Transport client authentication no longer supported.
[root@centos7 vagrant]# tail -f /var/log/wazuh-indexer/wazuh-cluster.log | grep "Transport client authentication no longer supported"
[2023-10-09T20:20:53,854][ERROR][o.o.s.t.SecurityRequestHandler] [node-1] OpenSearchException[Transport client authentication no longer supported.]
[2023-10-09T20:20:53,857][ERROR][o.o.s.t.SecurityRequestHandler] [node-1] OpenSearchException[Transport client authentication no longer supported.]
Caused by: org.opensearch.OpenSearchException: Transport client authentication no longer supported.
Caused by: org.opensearch.OpenSearchException: Transport client authentication no longer supported.
[2023-10-09T20:21:17,552][ERROR][o.o.s.t.SecurityRequestHandler] [node-1] OpenSearchException[Transport client authentication no longer supported.]
[2023-10-09T20:21:17,555][ERROR][o.o.s.t.SecurityRequestHandler] [node-1] OpenSearchException[Transport client authentication no longer supported.]
Caused by: org.opensearch.OpenSearchException: Transport client authentication no longer supported.
Caused by: org.opensearch.OpenSearchException: Transport client authentication no longer supported
On hold due to https://github.com/wazuh/wazuh-qa/issues/4597 and https://github.com/wazuh/wazuh-qa/issues/4596
"unassigned_shards" : 3,
journalctl
and /var/log/wazuh-indexer
directoryIP
to the config.yml file in the Wazuh indexer node-1
section. Remove the rest of the configurationcurl -k -u admin:admin https://IP:9200/_cluster/health?pretty
[root@centos7 vagrant]# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.9.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
[root@centos7 vagrant]# curl -k -u admin:admin https://192.168.56.4:9200/_cluster/health?pretty
{
"cluster_name" : "wazuh-cluster",
"status" : "yellow",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"discovered_master" : true,
"discovered_cluster_manager" : true,
"active_primary_shards" : 5,
"active_shards" : 5,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 3,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 62.5
}
A Wazuh indexer 4.6.0 (2.8.0) fresh install shows the cluster in a green state and without unassigned shards
The same behavior has been found in an OpenSearch 2.9.0 fresh install
Apparently, the unassigned shards are duplicated:
.plugins-ml-config 0 r UNASSIGNED
.opensearch-sap-pre-packaged-rules-config 0 r UNASSIGNED
.opensearch-sap-log-types-config 0 r UNASSIGNED
This behavior does not happen in OpenSearch 2.10.0
[root@centos7 vagrant]# curl -k -u admin:admin https://localhost:9200/_cat/shards
.opensearch-observability 0 p STARTED 0 208b 127.0.0.1 centos7
.opensearch-sap-log-types-config 0 p STARTED 127.0.0.1 centos7
.opendistro_security 0 p STARTED 10 75.4kb 127.0.0.1 centos7
Due to the errors and warnings detected in the bump from OpenSearch, it was decided to stop the bump process and keep 2.8.0 for 4.7.0
LGTM!
I still have this issue with v4.7.2: https://github.com/wazuh/wazuh-kubernetes/issues/604
Description
It is necessary to adapt the Wazuh indexer to version 2.9.0 of OpenSearch Request: https://github.com/wazuh/internal-devel-requests/issues/197
Tasks
Validation
Working branch
Conclusion
Due to the errors and warnings detected in the bump from OpenSearch, it was decided to stop the bump process and keep 2.8.0 for 4.7.0