Bump Wazuh indexer to OpenSearch 2.9.0

[rauldpm]

Description

It is necessary to adapt the Wazuh indexer to version 2.9.0 of OpenSearch Request: https://github.com/wazuh/internal-devel-requests/issues/197

Tasks

• [x] Bump OpenSearch version https://github.com/wazuh/wazuh-packages/blob/4.7.0/stack/indexer/base/builder.sh#L19
• [ ] Build the package locally
  • [x] RPM
  • [ ] DEB
  • [x] Test the packages locally
  • [x] Modify https://github.com/wazuh/wazuh-packages/blob/master/README.md matrix with the new version
  • [ ] Test the package using the Test_stack pipeline
  • [ ] Test the package using the Wazuh installation assistant
  • [ ] Create ECS and ECR resources (base, rpm, deb)

Validation

• [ ] The package presents normal operation and without errors

---

Working branch

• TBD

---

Conclusion

Due to the errors and warnings detected in the bump from OpenSearch, it was decided to stop the bump process and keep 2.8.0 for 4.7.0

[rauldpm]

Update report

• Bumped to 2.9.0
• Base build success
• RPM package fails to be built, the plugins dependencies versions changed, updating it with the base file versions

Plugin dependencies changes

``` RPM build errors: File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-job-scheduler/guava-31.0.1-jre.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/tokenizers-0.19.0.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/api-0.19.0.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/j2objc-annotations-1.3.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/gson-2.9.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/onnxruntime-engine-0.19.0.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/pytorch-model-zoo-0.19.0.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/error_prone_annotations-2.7.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/checker-qual-3.12.0.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/commons-compress-1.21.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/jackson-databind-2.15.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/jackson-annotations-2.15.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/httpcore-nio-4.4.15.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/pytorch-engine-0.19.0.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/onnxruntime_gpu-1.13.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/httpclient-4.5.13.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-ml/guava-31.0.1-jre.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/netty-transport-native-unix-common-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/netty-buffer-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/netty-resolver-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/netty-common-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/bcpkix-jdk15on-1.70.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/guava-30.0-jre.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/netty-handler-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/jackson-databind-2.15.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/jackson-annotations-2.15.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/httpclient-cache-4.5.13.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/zstd-jni-1.5.2-1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/httpcore-nio-4.4.15.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/netty-transport-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/netty-codec-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/commons-cli-1.3.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/netty-codec-http-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/kafka-clients-3.4.0.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/commons-collections-3.2.2.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/httpcore-4.4.15.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/snappy-java-1.1.8.4.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/jaxb-runtime-2.3.4.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/txw2-2.3.4.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/jakarta.annotation-api-1.3.5.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/httpclient-4.5.13.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/bcprov-jdk15on-1.67.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-index-management/httpcore-4.4.15.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-index-management/httpclient-4.5.13.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-alerting/httpcore-nio-4.4.15.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-alerting/httpcore-4.4.15.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-alerting/httpclient-4.5.13.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/j2objc-annotations-1.3.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/error_prone_annotations-2.7.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/checker-qual-3.12.0.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/jackson-databind-2.15.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/jackson-annotations-2.15.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/okio-jvm-2.9.0.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/httpcore-nio-4.4.15.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/commons-io-2.9.0.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/httpclient-4.5.13.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-sql/guava-31.0.1-jre.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/httpcore-nio-4.4.15.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/httpcore-4.4.15.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/httpclient-4.5.13.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-notifications-core/jackson-databind-2.15.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-notifications-core/jackson-annotations-2.15.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-notifications-core/httpcore-4.4.15.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-notifications-core/httpclient-4.5.13.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security-analytics/httpcore-nio-4.4.15.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security-analytics/httpcore-4.4.15.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security-analytics/httpclient-4.5.13.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/jackson-module-paranamer-2.15.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-transport-native-unix-common-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/j2objc-annotations-1.3.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-buffer-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-resolver-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-handler-proxy-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-common-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-handler-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-codec-socks-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/jackson-databind-2.15.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/jackson-annotations-2.15.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-codec-http2-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/bcprov-jdk15on-1.70.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-transport-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-codec-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/netty-codec-http-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/guava-31.1-jre.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/ingest-common/joni-2.1.44.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/opensearch-dashboards/httpcore-nio-4.4.15.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/opensearch-dashboards/httpcore-4.4.15.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/opensearch-dashboards/httpclient-4.5.13.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/transport-netty4/netty-transport-native-unix-common-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/transport-netty4/netty-buffer-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/transport-netty4/netty-resolver-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/transport-netty4/netty-common-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/transport-netty4/netty-handler-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/transport-netty4/netty-transport-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/transport-netty4/netty-codec-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/transport-netty4/netty-codec-http-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/ingest-geoip/jackson-databind-2.15.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/ingest-geoip/jackson-annotations-2.15.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/reindex/httpcore-nio-4.4.15.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/reindex/httpcore-4.4.15.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/reindex/httpclient-4.5.13.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/modules/lang-expression/lucene-expressions-9.6.0.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/tools/upgrade-cli/jackson-core-2.15.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/tools/upgrade-cli/jackson-databind-2.15.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/tools/upgrade-cli/jackson-annotations-2.15.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-misc-9.6.0.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/jackson-core-2.15.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-spatial-extras-9.6.0.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-memory-9.6.0.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-backward-codecs-9.6.0.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-core-9.6.0.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/jackson-dataformat-yaml-2.15.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-spatial3d-9.6.0.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/jackson-dataformat-cbor-2.15.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-suggest-9.6.0.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-grouping-9.6.0.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-sandbox-9.6.0.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-queryparser-9.6.0.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-highlighter-9.6.0.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-join-9.6.0.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/jackson-dataformat-smile-2.15.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-analysis-common-9.6.0.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/lib/lucene-queries-9.6.0.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-transport-native-unix-common-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jackson-core-2.15.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/j2objc-annotations-1.3.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-buffer-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-resolver-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-handler-proxy-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-common-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/bcpkix-jdk15on-1.70.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-handler-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-codec-socks-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jackson-databind-2.15.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jackson-annotations-2.15.1.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-codec-http2-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/bcprov-jdk15on-1.70.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/error_prone_annotations-2.14.0.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/javax.annotation-api-1.3.2.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-transport-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-codec-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/bcutil-jdk15on-1.70.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/netty-codec-http-4.1.91.Final.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/checker-qual-3.29.0.jar File not found: /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-1.x86_64/usr/share/wazuh-indexer/performance-analyzer-rca/lib/guava-31.1-jre.jar ```

[rauldpm]

Update report

• The adaptation of file versions and other changes has continued
• I had to stop working on this issue temporarily due to a problem in the generation of the Wazuh dashboard 4.6.0-rc1 package

[rauldpm]

Update report

• Finished updating version changes
• Package built successfully

Build output :green_circle:

``` ╰─➤ bash build_package.sh -b no -r wp2402 + build + build_name= + file_path= + '[' x86_64 = x86_64 ']' + architecture=x86_64 + build_name=rpm_indexer_builder_x86 + file_path=/wazuh-packages/2402/stack/indexer/rpm/docker/x86_64 + build_rpm rpm_indexer_builder_x86 /wazuh-packages/2402/stack/indexer/rpm/docker/x86_64 + container_name=rpm_indexer_builder_x86 + dockerfile_path=/wazuh-packages/2402/stack/indexer/rpm/docker/x86_64 + cp /wazuh-packages/2402/stack/indexer/rpm/builder.sh /wazuh-packages/2402/stack/indexer/rpm/docker/x86_64 + '[' no == yes ']' + '[' '' ']' ++ cat /wazuh-packages/2402/stack/indexer/rpm/../../../VERSION + version=4.7.0 + basefile=/wazuh-packages/2402/stack/indexer/rpm/output/wazuh-indexer-base-4.7.0-wp2402-linux-x64.tar.xz + test -f /wazuh-packages/2402/stack/indexer/rpm/output/wazuh-indexer-base-4.7.0-wp2402-linux-x64.tar.xz + [[ yes == \y\e\s ]] + docker build -t rpm_indexer_builder_x86 /wazuh-packages/2402/stack/indexer/rpm/docker/x86_64 [+] Building 1.0s (10/10) FINISHED => [internal] load .dockerignore 0.0s => => transferring context: 2B 0.0s => [internal] load build definition from Dockerfile 0.0s => => transferring dockerfile: 463B 0.0s => [internal] load metadata for docker.io/library/rockylinux:8.5 0.9s => [1/5] FROM docker.io/library/rockylinux:8.5@sha256:5fed5497b568bcf7a90a00965987fc099edbcf44b1179a5ef6d4b47758281ca5 0.0s => [internal] load build context 0.0s => => transferring context: 2.08kB 0.0s => CACHED [2/5] RUN yum clean all && yum update -y 0.0s => CACHED [3/5] RUN yum install -y openssh-clients sudo gnupg yum-utils epel-release redhat-rpm-config rpm-devel zlib zlib-devel rpm-build 0.0s => CACHED [4/5] ADD builder.sh /usr/local/bin/builder 0.0s => CACHED [5/5] RUN chmod +x /usr/local/bin/builder 0.0s => exporting to image 0.0s => => exporting layers 0.0s => => writing image sha256:22f8b72fc526e1e077e63968fc7126b9d62fdc995938f5a281da3bf7de69708f 0.0s => => naming to docker.io/library/rpm_indexer_builder_x86 0.0s + volumes='-v /wazuh-packages/2402/stack/indexer/rpm/output/:/tmp:Z' + '[' '' ']' + docker run -t --rm -v /wazuh-packages/2402/stack/indexer/rpm/output/:/tmp:Z -v /wazuh-packages/2402/stack/indexer/rpm/../../..:/root:Z rpm_indexer_builder_x86 x86_64 wp2402 no + set -e + target=wazuh-indexer + architecture=x86_64 + revision=wp2402 + future=no + reference= + directory_base=/usr/share/wazuh-indexer + '[' -z wp2402 ']' + '[' no = yes ']' + '[' '' ']' ++ cat /root/VERSION + version=4.7.0 + build_dir=/build + rpm_build_dir=/build/rpmbuild + file_name=wazuh-indexer-4.7.0-wp2402 + pkg_path=/build/rpmbuild/RPMS/x86_64 + rpm_file=wazuh-indexer-4.7.0-wp2402.x86_64.rpm + mkdir -p /build/rpmbuild/BUILD /build/rpmbuild/BUILDROOT /build/rpmbuild/RPMS /build/rpmbuild/SOURCES /build/rpmbuild/SPECS /build/rpmbuild/SRPMS + pkg_name=wazuh-indexer-4.7.0 + mkdir /build/wazuh-indexer-4.7.0 + '[' '' ']' + cp /root/stack/indexer/rpm/wazuh-indexer.spec /build/rpmbuild/SPECS/wazuh-indexer-4.7.0.spec + cd /build + tar czf /build/rpmbuild/SOURCES/wazuh-indexer-4.7.0.tar.gz wazuh-indexer-4.7.0 + /usr/bin/rpmbuild --define '_topdir /build/rpmbuild' --define '_version 4.7.0' --define '_threads 8' --define '_release wp2402' --define '_localstatedir /usr/share/wazuh-indexer' --target x86_64 -ba /build/rpmbuild/SPECS/wazuh-indexer-4.7.0.spec Building target platforms: x86_64 Building for target x86_64 Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.uEVLeF + umask 022 + cd /build/rpmbuild/BUILD + rm -fr /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64 + getent group wazuh-indexer + groupadd -r wazuh-indexer + id wazuh-indexer + useradd --system --no-create-home --home-dir /usr/share/wazuh-indexer --gid wazuh-indexer --shell /sbin/nologin --comment 'wazuh-indexer user' wazuh-indexer + exit 0 Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.sR63vV + umask 022 + cd /build/rpmbuild/BUILD + '[' /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64 '!=' / ']' + rm -rf /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64 ++ dirname /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64 + mkdir -p /build/rpmbuild/BUILDROOT + mkdir /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64 + mkdir -p /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer + mkdir -p /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/etc + mkdir -p /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/var/log/wazuh-indexer + mkdir -p /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/var/lib/wazuh-indexer + mkdir -p /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/lib + cp /tmp/wazuh-indexer-base-4.7.0-wp2402-linux-x64.tar.xz ./ + tar -xf wazuh-indexer-base-4.7.0-wp2402-linux-x64.tar.xz + rm -f wazuh-indexer-base-4.7.0-wp2402-linux-x64.tar.xz + chown -R wazuh-indexer:wazuh-indexer wazuh-indexer-base/LICENSE.txt wazuh-indexer-base/NOTICE.txt wazuh-indexer-base/VERSION wazuh-indexer-base/bin wazuh-indexer-base/etc wazuh-indexer-base/jdk wazuh-indexer-base/lib wazuh-indexer-base/modules wazuh-indexer-base/performance-analyzer-rca wazuh-indexer-base/plugins wazuh-indexer-base/usr + mv wazuh-indexer-base/etc /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/ + mv wazuh-indexer-base/usr/lib/sysctl.d wazuh-indexer-base/usr/lib/systemd wazuh-indexer-base/usr/lib/tmpfiles.d /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/lib/ + rm -rf 'wazuh-indexer-*/etc' + rm -rf wazuh-indexer-base/usr + cp -pr wazuh-indexer-base/LICENSE.txt wazuh-indexer-base/NOTICE.txt wazuh-indexer-base/VERSION wazuh-indexer-base/bin wazuh-indexer-base/jdk wazuh-indexer-base/lib wazuh-indexer-base/modules wazuh-indexer-base/performance-analyzer-rca wazuh-indexer-base/plugins /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/ + /root/unattended_installer/builder.sh -c + /root/unattended_installer/builder.sh -p + cp /root/unattended_installer/wazuh-certs-tool.sh /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/tools/ + cp /root/unattended_installer/wazuh-passwords-tool.sh /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/tools/ + cp /root/documentation-templates/wazuh/config.yml /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.yml + cp /root/unattended_installer/config/indexer/roles/internal_users.yml /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/etc/wazuh-indexer/opensearch-security + cp /root/unattended_installer/config/indexer/roles/roles.yml /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/etc/wazuh-indexer/opensearch-security + cp /root/unattended_installer/config/indexer/roles/roles_mapping.yml /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/etc/wazuh-indexer/opensearch-security + cp /root/stack/indexer/indexer-security-init.sh /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/bin/ + chmod 750 /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/etc/init.d/wazuh-indexer + /usr/lib/rpm/check-buildroot + /usr/lib/rpm/redhat/brp-ldconfig /sbin/ldconfig: Warning: ignoring configuration file that cannot be opened: /etc/ld.so.conf: No such file or directory + /usr/lib/rpm/brp-compress + /usr/lib/rpm/brp-strip /usr/bin/strip + /usr/lib/rpm/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump + /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip + /usr/lib/rpm/brp-python-bytecompile '' 1 + /usr/lib/rpm/brp-python-hardlink + PYTHON3=/usr/libexec/platform-python + /usr/lib/rpm/redhat/brp-mangle-shebangs mangling shebang in /usr/share/wazuh-indexer/bin/opensearch-env-from-file from /usr/bin/env bash to #!/usr/bin/bash mangling shebang in /usr/share/wazuh-indexer/bin/opensearch-shard from /usr/bin/env bash to #!/usr/bin/bash mangling shebang in /usr/share/wazuh-indexer/bin/opensearch-keystore from /usr/bin/env bash to #!/usr/bin/bash mangling shebang in /usr/share/wazuh-indexer/bin/opensearch-plugin from /usr/bin/env bash to #!/usr/bin/bash mangling shebang in /usr/share/wazuh-indexer/bin/opensearch-env from /usr/bin/env bash to #!/usr/bin/bash mangling shebang in /usr/share/wazuh-indexer/bin/opensearch-cli from /usr/bin/env bash to #!/usr/bin/bash mangling shebang in /usr/share/wazuh-indexer/bin/opensearch-upgrade from /usr/bin/env bash to #!/usr/bin/bash mangling shebang in /usr/share/wazuh-indexer/bin/opensearch from /usr/bin/env bash to #!/usr/bin/bash mangling shebang in /usr/share/wazuh-indexer/bin/opensearch-node from /usr/bin/env bash to #!/usr/bin/bash Processing files: wazuh-indexer-4.7.0-wp2402.x86_64 warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/lib/jspawnhelper warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/javadoc warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jmod warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jpackage warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jrunscript warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jhsdb warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jstat warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jdb warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jdeprscan warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/java warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/rmiregistry warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/javac warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jconsole warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jlink warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jfr warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jinfo warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/serialver warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jps warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jcmd warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/javap warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/keytool warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jstatd warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jstack warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jdeps warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jshell warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jimage warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jmap warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jarsigner warning: Missing build-id in /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64/usr/share/wazuh-indexer/jdk/bin/jar Provides: wazuh-indexer = 4.7.0-wp2402 wazuh-indexer(x86-64) = 4.7.0-wp2402 Requires(interp): /bin/sh /bin/sh /bin/sh /bin/sh /bin/sh Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 Requires(pre): /bin/sh Requires(post): /bin/sh Requires(preun): /bin/sh Requires(postun): /bin/sh Requires(posttrans): /bin/sh Checking for unpackaged file(s): /usr/lib/rpm/check-files /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64 Wrote: /build/rpmbuild/SRPMS/wazuh-indexer-4.7.0-wp2402.src.rpm Wrote: /build/rpmbuild/RPMS/x86_64/wazuh-indexer-4.7.0-wp2402.x86_64.rpm Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.UIAI5l + umask 022 + cd /build/rpmbuild/BUILD + rm -fr /build/rpmbuild/BUILDROOT/wazuh-indexer-4.7.0-wp2402.x86_64 + exit 0 + cd /build/rpmbuild/RPMS/x86_64 + sha512sum wazuh-indexer-4.7.0-wp2402.x86_64.rpm + find /build/rpmbuild/RPMS/x86_64/ -maxdepth 3 -type f -name 'wazuh-indexer-4.7.0-wp2402*' -exec mv '{}' /tmp/ ';' ++ ls -Art /wazuh-packages/2402/stack/indexer/rpm/output ++ tail -n 1 + echo 'Package wazuh-indexer-4.7.0-wp2402.x86_64.rpm.sha512 added to /wazuh-packages/2402/stack/indexer/rpm/output.' Package wazuh-indexer-4.7.0-wp2402.x86_64.rpm.sha512 added to /wazuh-packages/2402/stack/indexer/rpm/output. + return 0 + return 0 + clean 0 + exit_code=0 + rm -rf /wazuh-packages/2402/stack/indexer/rpm/docker/x86_64/builder.sh '/wazuh-packages/2402/stack/indexer/rpm/docker/x86_64/*.tar.gz' '/wazuh-packages/2402/stack/indexer/rpm/docker/x86_64/wazuh-*' + exit 0 ```

• The RPM package has been uploaded to S3
  • https://packages-dev.wazuh.com/warehouse/test/4.7/rpm/var/wazuh-indexer-4.7.0-wp2402.x86_64.rpm
  • https://packages-dev.wazuh.com/warehouse/test/4.7/stack/wazuh-indexer-base-4.7.0-wp2402-linux-x64.tar.xz

Install :green_circle:

``` [root@centos7 vagrant]# nano config.yml [root@centos7 vagrant]# bash ./wazuh-certs-tool.sh -A 09/10/2023 13:35:10 INFO: Admin certificates created. 09/10/2023 13:35:10 INFO: Wazuh indexer certificates created. 09/10/2023 13:35:10 INFO: Wazuh server certificates created. 09/10/2023 13:35:10 INFO: Wazuh dashboard certificates created. [root@centos7 vagrant]# tar -cvf ./wazuh-certificates.tar -C ./wazuh-certificates/ . ./ ./root-ca.key ./root-ca.pem ./admin-key.pem ./admin.pem ./indexer-1-key.pem ./indexer-1.pem ./server-1-key.pem ./server-1.pem ./dashboard-1-key.pem ./dashboard-1.pem [root@centos7 vagrant]# yum localinstall wazuh-indexer-4.7.0-wp2402.x86_64.rpm -y Loaded plugins: fastestmirror Examining wazuh-indexer-4.7.0-wp2402.x86_64.rpm: wazuh-indexer-4.7.0-wp2402.x86_64 Marking wazuh-indexer-4.7.0-wp2402.x86_64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package wazuh-indexer.x86_64 0:4.7.0-wp2402 will be installed --> Finished Dependency Resolution Dependencies Resolved =================================================================================================================================================================================================================== Package Arch Version Repository Size =================================================================================================================================================================================================================== Installing: wazuh-indexer x86_64 4.7.0-wp2402 /wazuh-indexer-4.7.0-wp2402.x86_64 993 M Transaction Summary =================================================================================================================================================================================================================== Install 1 Package Total size: 993 M Installed size: 993 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-indexer-4.7.0-wp2402.x86_64 1/1 Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore Verifying : wazuh-indexer-4.7.0-wp2402.x86_64 1/1 Installed: wazuh-indexer.x86_64 0:4.7.0-wp2402 Complete! ```

Configure certificates, start service and cluster :yellow_circle:

``` root@centos7 vagrant]# NODE_NAME=indexer-1 [root@centos7 vagrant]# mkdir /etc/wazuh-indexer/certs [root@centos7 vagrant]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem [root@centos7 vagrant]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem [root@centos7 vagrant]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem [root@centos7 vagrant]# chmod 500 /etc/wazuh-indexer/certs [root@centos7 vagrant]# chmod 400 /etc/wazuh-indexer/certs/* [root@centos7 vagrant]# chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs ``` ``` [root@centos7 vagrant]# systemctl daemon-reload [root@centos7 vagrant]# systemctl enable wazuh-indexer Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service to /usr/lib/systemd/system/wazuh-indexer.service. [root@centos7 vagrant]# systemctl start wazuh-indexer [root@centos7 vagrant]# ``` ``` [root@centos7 vagrant]# /usr/share/wazuh-indexer/bin/indexer-security-init.sh ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.9.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: YELLOW Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success ``` ``` [root@centos7 vagrant]# curl -k -u admin:admin https://192.168.56.4:9200/_cluster/health?pretty { "cluster_name" : "wazuh-cluster", "status" : "yellow", "timed_out" : false, "number_of_nodes" : 1, "number_of_data_nodes" : 1, "discovered_master" : true, "discovered_cluster_manager" : true, "active_primary_shards" : 5, "active_shards" : 5, "relocating_shards" : 0, "initializing_shards" : 0, "unassigned_shards" : 3, "delayed_unassigned_shards" : 0, "number_of_pending_tasks" : 0, "number_of_in_flight_fetch" : 0, "task_max_waiting_in_queue_millis" : 0, "active_shards_percent_as_number" : 62.5 } ```

Check status and logs :red_circle:

``` [root@centos7 vagrant]# curl -k -u admin:admin https://192.168.56.4:9200 { "name" : "node-1", "cluster_name" : "wazuh-cluster", "cluster_uuid" : "XnMt2rvTTqqdcWd5XbOBpg", "version" : { "number" : "7.10.2", "build_type" : "rpm", "build_hash" : "1164221ee2b8ba3560f0ff492309867beea28433", "build_date" : "2023-07-18T21:23:29.367080729Z", "build_snapshot" : false, "lucene_version" : "9.7.0", "minimum_wire_compatibility_version" : "7.10.0", "minimum_index_compatibility_version" : "7.0.0" }, "tagline" : "The OpenSearch Project: https://opensearch.org/" } [root@centos7 vagrant]# curl -k -u admin:admin https://192.168.56.4:9200/_cat/nodes?v ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles cluster_manager name 10.0.2.15 41 94 6 0.18 0.11 0.07 dimr cluster_manager,data,ingest,remote_cluster_client * node-1 ``` ``` [root@centos7 vagrant]# systemctl status wazuh-indexer ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since Mon 2023-10-09 13:56:19 UTC; 1min 3s ago Docs: https://documentation.wazuh.com Main PID: 4229 (java) CGroup: /system.slice/wazuh-indexer.service └─4229 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=t... Oct 09 13:56:11 centos7 systemd[1]: Starting Wazuh-indexer... Oct 09 13:56:13 centos7 systemd-entrypoint[4229]: WARNING: A terminally deprecated method in java.lang.System has been called Oct 09 13:56:13 centos7 systemd-entrypoint[4229]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.9.0.jar) Oct 09 13:56:13 centos7 systemd-entrypoint[4229]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch Oct 09 13:56:13 centos7 systemd-entrypoint[4229]: WARNING: System::setSecurityManager will be removed in a future release Oct 09 13:56:14 centos7 systemd-entrypoint[4229]: WARNING: A terminally deprecated method in java.lang.System has been called Oct 09 13:56:14 centos7 systemd-entrypoint[4229]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.9.0.jar) Oct 09 13:56:14 centos7 systemd-entrypoint[4229]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security Oct 09 13:56:14 centos7 systemd-entrypoint[4229]: WARNING: System::setSecurityManager will be removed in a future release Oct 09 13:56:19 centos7 systemd[1]: Started Wazuh-indexer. ``` ``` [root@centos7 vagrant]# journalctl -r -u wazuh-indexer.service | grep -i -E "error|critical|fatal|warning" Oct 09 13:56:14 centos7 systemd-entrypoint[4229]: WARNING: System::setSecurityManager will be removed in a future release Oct 09 13:56:14 centos7 systemd-entrypoint[4229]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security Oct 09 13:56:14 centos7 systemd-entrypoint[4229]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.9.0.jar) Oct 09 13:56:14 centos7 systemd-entrypoint[4229]: WARNING: A terminally deprecated method in java.lang.System has been called Oct 09 13:56:13 centos7 systemd-entrypoint[4229]: WARNING: System::setSecurityManager will be removed in a future release Oct 09 13:56:13 centos7 systemd-entrypoint[4229]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch Oct 09 13:56:13 centos7 systemd-entrypoint[4229]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.9.0.jar) Oct 09 13:56:13 centos7 systemd-entrypoint[4229]: WARNING: A terminally deprecated method in java.lang.System has been called ``` ``` [root@centos7 vagrant]# grep -i -E -R "error|critical|fatal|warning" /var/log/wazuh-indexer/ /var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:14,104][INFO ][o.o.n.Node ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1g, -Xmx1g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-8953314851649021949, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true] /var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:17,428][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly. /var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:19,120][ERROR][o.o.s.t.SecurityRequestHandler] [node-1] OpenSearchException[Transport client authentication no longer supported.] /var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:19,121][ERROR][o.o.s.t.SecurityRequestHandler] [node-1] OpenSearchException[Transport client authentication no longer supported.] /var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:20,208][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) /var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:20,208][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) /var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:20,209][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) /var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:20,209][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) /var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:20,209][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) /var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:20,209][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) /var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:20,209][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) /var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:20,209][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) /var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:20,209][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) /var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:20,209][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) /var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:14,104Z", "level": "INFO", "component": "o.o.n.Node", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1g, -Xmx1g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-8953314851649021949, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]" } /var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:17,428Z", "level": "ERROR", "component": "o.o.s.a.s.SinkProvider", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Default endpoint could not be created, auditlog will not work properly." } /var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:19,120Z", "level": "ERROR", "component": "o.o.s.t.SecurityRequestHandler", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "OpenSearchException[Transport client authentication no longer supported.]" } /var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:19,121Z", "level": "ERROR", "component": "o.o.s.t.SecurityRequestHandler", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "OpenSearchException[Transport client authentication no longer supported.]" } /var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:20,208Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "XnMt2rvTTqqdcWd5XbOBpg", "node.id": "K-wb9TX8Sk6ckh56B3NV3w" } /var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:20,208Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "XnMt2rvTTqqdcWd5XbOBpg", "node.id": "K-wb9TX8Sk6ckh56B3NV3w" } /var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:20,209Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "XnMt2rvTTqqdcWd5XbOBpg", "node.id": "K-wb9TX8Sk6ckh56B3NV3w" } /var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:20,209Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "XnMt2rvTTqqdcWd5XbOBpg", "node.id": "K-wb9TX8Sk6ckh56B3NV3w" } /var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:20,209Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "XnMt2rvTTqqdcWd5XbOBpg", "node.id": "K-wb9TX8Sk6ckh56B3NV3w" } /var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:20,209Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "XnMt2rvTTqqdcWd5XbOBpg", "node.id": "K-wb9TX8Sk6ckh56B3NV3w" } /var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:20,209Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "XnMt2rvTTqqdcWd5XbOBpg", "node.id": "K-wb9TX8Sk6ckh56B3NV3w" } /var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:20,209Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "XnMt2rvTTqqdcWd5XbOBpg", "node.id": "K-wb9TX8Sk6ckh56B3NV3w" } /var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:20,209Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "XnMt2rvTTqqdcWd5XbOBpg", "node.id": "K-wb9TX8Sk6ckh56B3NV3w" } /var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2023-10-09T13:56:20,209Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "XnMt2rvTTqqdcWd5XbOBpg", "node.id": "K-wb9TX8Sk6ckh56B3NV3w" } ```

• All error/warning messages have been reported in the following issues:

  • https://github.com/wazuh/wazuh-packages/issues/2509
  • https://github.com/wazuh/wazuh-packages/issues/1511
  • https://github.com/wazuh/wazuh-packages/issues/1968
  • https://github.com/wazuh/wazuh-packages/issues/2139

• The following error is new and requires further investigation to determine the impact of its presence

/var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:19,120][ERROR][o.o.s.t.SecurityRequestHandler] [node-1] OpenSearchException[Transport client authentication no longer supported.]
/var/log/wazuh-indexer/wazuh-cluster.log:[2023-10-09T13:56:19,121][ERROR][o.o.s.t.SecurityRequestHandler] [node-1] OpenSearchException[Transport client authentication no longer supported.]

Uninstall :green_circle:

``` [root@centos7 vagrant]# yum remove wazuh-indexer -y Loaded plugins: fastestmirror Resolving Dependencies --> Running transaction check ---> Package wazuh-indexer.x86_64 0:4.7.0-wp2402 will be erased --> Finished Dependency Resolution Dependencies Resolved =================================================================================================================================================================================================================== Package Arch Version Repository Size =================================================================================================================================================================================================================== Removing: wazuh-indexer x86_64 4.7.0-wp2402 @/wazuh-indexer-4.7.0-wp2402.x86_64 993 M Transaction Summary =================================================================================================================================================================================================================== Remove 1 Package Installed size: 993 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Stopping wazuh-indexer service... OK Erasing : wazuh-indexer-4.7.0-wp2402.x86_64 1/1 Verifying : wazuh-indexer-4.7.0-wp2402.x86_64 1/1 Removed: wazuh-indexer.x86_64 0:4.7.0-wp2402 Complete! [root@centos7 vagrant]# ls -l /etc/wazuh-indexer/ total 4 dr-x------. 2 997 994 105 Oct 9 13:55 certs -rw-rw----. 1 997 994 196 Oct 9 13:51 opensearch.keystore [root@centos7 vagrant]# ls -l /var/lib/wazuh-indexer/ total 20 -rw-r--r--. 1 997 994 5 Oct 9 13:56 batch_metrics_enabled.conf -rw-r--r--. 1 997 994 5 Oct 9 13:56 logging_enabled.conf drwxr-xr-x. 3 997 994 15 Oct 9 13:56 nodes -rw-r--r--. 1 997 994 5 Oct 9 13:56 performance_analyzer_enabled.conf -rw-r--r--. 1 997 994 5 Oct 9 13:56 rca_enabled.conf -rw-r--r--. 1 997 994 5 Oct 9 13:56 thread_contention_monitoring_enabled.conf [root@centos7 vagrant]# ls -l /usr/share/wazuh-indexer ls: cannot access /usr/share/wazuh-indexer: No such file or directory ```

---

• On hold due to https://github.com/wazuh/wazuh/issues/19449

---

• About the error: Transport client authentication no longer supported.
  • https://forum.opensearch.org/t/transport-client-authentication-no-longer-supported-error-when-deploying-cluster-with-security-plugin-enabled/9814

Full error

``` [2023-10-09T20:21:17,527][INFO ][o.o.c.s.MasterService ] [node-1] elected-as-cluster-manager ([1] nodes joined)[{node-1}{vSZR067eQxumKv-mg-RC0g}{vgbirNExSWGOWR1Oh7CaqQ}{10.0.2.15}{10.0.2.15:9300}{dimr}{shard_indexing_pressure_enabled=true} elect leader, _BECOME_CLUSTER_MANAGER_TASK_, _FINISH_ELECTION_], term: 2, version: 26, delta: cluster-manager node changed {previous [], current [{node-1}{vSZR067eQxumKv-mg-RC0g}{vgbirNExSWGOWR1Oh7CaqQ}{10.0.2.15}{10.0.2.15:9300}{d$ [2023-10-09T20:21:17,552][ERROR][o.o.s.t.SecurityRequestHandler] [node-1] OpenSearchException[Transport client authentication no longer supported.] [2023-10-09T20:21:17,555][ERROR][o.o.s.t.SecurityRequestHandler] [node-1] OpenSearchException[Transport client authentication no longer supported.] [2023-10-09T20:21:17,557][WARN ][o.o.d.HandshakingTransportAddressConnector] [node-1] handshake failed for [connectToRemoteMasterNode[[::1]:9300]] org.opensearch.transport.RemoteTransportException: [node-1][[::1]:9300][internal:transport/handshake] Caused by: org.opensearch.OpenSearchException: Transport client authentication no longer supported. at org.opensearch.security.ssl.util.ExceptionUtils.createTransportClientNoLongerSupportedException(ExceptionUtils.java:68) ~[?:?] at org.opensearch.security.transport.SecurityRequestHandler.messageReceivedDecorate(SecurityRequestHandler.java:292) ~[?:?] at org.opensearch.security.ssl.transport.SecuritySSLRequestHandler.messageReceived(SecuritySSLRequestHandler.java:163) ~[?:?] at org.opensearch.security.OpenSearchSecurityPlugin$7$1.messageReceived(OpenSearchSecurityPlugin.java:756) ~[?:?] at org.opensearch.indexmanagement.rollup.interceptor.RollupInterceptor$interceptHandler$1.messageReceived(RollupInterceptor.kt:113) ~[?:?] at org.opensearch.performanceanalyzer.transport.PerformanceAnalyzerTransportRequestHandler.messageReceived(PerformanceAnalyzerTransportRequestHandler.java:43) ~[?:?] at org.opensearch.transport.RequestHandlerRegistry.processMessageReceived(RequestHandlerRegistry.java:106) ~[opensearch-2.9.0.jar:2.9.0] at org.opensearch.transport.InboundHandler.handleRequest(InboundHandler.java:249) ~[opensearch-2.9.0.jar:2.9.0] at org.opensearch.transport.InboundHandler.messageReceived(InboundHandler.java:132) ~[opensearch-2.9.0.jar:2.9.0] at org.opensearch.transport.InboundHandler.inboundMessage(InboundHandler.java:114) ~[opensearch-2.9.0.jar:2.9.0] at org.opensearch.transport.TcpTransport.inboundMessage(TcpTransport.java:769) ~[opensearch-2.9.0.jar:2.9.0] at org.opensearch.transport.InboundPipeline.forwardFragments(InboundPipeline.java:175) ~[opensearch-2.9.0.jar:2.9.0] at org.opensearch.transport.InboundPipeline.doHandleBytes(InboundPipeline.java:150) ~[opensearch-2.9.0.jar:2.9.0] at org.opensearch.transport.InboundPipeline.handleBytes(InboundPipeline.java:115) ~[opensearch-2.9.0.jar:2.9.0] at org.opensearch.transport.netty4.Netty4MessageChannelHandler.channelRead(Netty4MessageChannelHandler.java:94) ~[?:?] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442) ~[?:?] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?] at io.netty.handler.logging.LoggingHandler.channelRead(LoggingHandler.java:280) ~[?:?] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442) ~[?:?] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?] at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) ~[?:?] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[?:?] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?] at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1383) ~[?:?] at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1246) ~[?:?] at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1295) ~[?:?] at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529) ~[?:?] at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468) ~[?:?] at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) ~[?:?] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[?:?] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?] at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) ~[?:?] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) ~[?:?] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?] at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) ~[?:?] at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) ~[?:?] at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788) ~[?:?] at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:689) ~[?:?] at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:652) ~[?:?] at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562) ~[?:?] at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) ~[?:?] at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[?:?] at java.lang.Thread.run(Thread.java:833) [?:?] ```

• This error message appears when starting or restarting the Wazuh indexer service
  • Install Wazuh indexer -> No error
  • Configure certificates
  • Start Wazuh indexer -> Error appears (2 times)
  • Initialize cluster -> No error appears
  • Restart service -> Error appears again (2 times)

[root@centos7 vagrant]# tail -f /var/log/wazuh-indexer/wazuh-cluster.log | grep "Transport client authentication no longer supported"
[2023-10-09T20:20:53,854][ERROR][o.o.s.t.SecurityRequestHandler] [node-1] OpenSearchException[Transport client authentication no longer supported.]
[2023-10-09T20:20:53,857][ERROR][o.o.s.t.SecurityRequestHandler] [node-1] OpenSearchException[Transport client authentication no longer supported.]
Caused by: org.opensearch.OpenSearchException: Transport client authentication no longer supported.
Caused by: org.opensearch.OpenSearchException: Transport client authentication no longer supported.
[2023-10-09T20:21:17,552][ERROR][o.o.s.t.SecurityRequestHandler] [node-1] OpenSearchException[Transport client authentication no longer supported.]
[2023-10-09T20:21:17,555][ERROR][o.o.s.t.SecurityRequestHandler] [node-1] OpenSearchException[Transport client authentication no longer supported.]
Caused by: org.opensearch.OpenSearchException: Transport client authentication no longer supported.
Caused by: org.opensearch.OpenSearchException: Transport client authentication no longer supported

• After reinstalling the Wazuh indexer two times, it was not possible to reproduce the error
• The cluster is in a yellow state, the cause must be investigated

[rauldpm]

Update report

On hold due to https://github.com/wazuh/wazuh-qa/issues/4597 and https://github.com/wazuh/wazuh-qa/issues/4596

---

• Created issue https://github.com/wazuh/wazuh-packages/issues/2514 to report connection error
• Since the error could not be reproduced, the testing and bump process continues.
• Upgrade procedure finished successfully but is marked as :red_circle: due to:
  • Errors in logs
  • Cluster in yellow status
  • Cause: "unassigned_shards" : 3,

Upgrade :red_circle:

- Install Wazuh indexer 4.6.0 :green_circle: ``` [root@centos7 vagrant]# yum install https://packages-dev.wazuh.com/pre-release-4.6.0-backup/pre-release/yum/wazuh-indexer-4.6.0-1.x86_64.rpm Loaded plugins: fastestmirror wazuh-indexer-4.6.0-1.x86_64.rpm | 673 MB 00:00:29 Examining /var/tmp/yum-root-Vta7kL/wazuh-indexer-4.6.0-1.x86_64.rpm: wazuh-indexer-4.6.0-1.x86_64 Marking /var/tmp/yum-root-Vta7kL/wazuh-indexer-4.6.0-1.x86_64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package wazuh-indexer.x86_64 0:4.6.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved =================================================================================================================================================================================================================== Package Arch Version Repository Size =================================================================================================================================================================================================================== Installing: wazuh-indexer x86_64 4.6.0-1 /wazuh-indexer-4.6.0-1.x86_64 930 M Transaction Summary =================================================================================================================================================================================================================== Install 1 Package Total size: 930 M Installed size: 930 M Is this ok [y/d/N]: y Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-indexer-4.6.0-1.x86_64 1/1 Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore Verifying : wazuh-indexer-4.6.0-1.x86_64 1/1 Installed: wazuh-indexer.x86_64 0:4.6.0-1 Complete! ``` - Configure certificates :green_circle: ``` [root@centos7 vagrant]# NODE_NAME=node-1 [root@centos7 vagrant]# mkdir /etc/wazuh-indexer/certs [root@centos7 vagrant]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem [root@centos7 vagrant]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem [root@centos7 vagrant]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem [root@centos7 vagrant]# chmod 500 /etc/wazuh-indexer/certs [root@centos7 vagrant]# chmod 400 /etc/wazuh-indexer/certs/* [root@centos7 vagrant]# chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs ``` - Start and check service :green_circle: ``` [root@centos7 vagrant]# systemctl daemon-reload [root@centos7 vagrant]# systemctl enable wazuh-indexer Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service to /usr/lib/systemd/system/wazuh-indexer.service. [root@centos7 vagrant]# systemctl start wazuh-indexer [root@centos7 vagrant]# systemctl status wazuh-indexer ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2023-10-10 16:49:31 UTC; 15s ago Docs: https://documentation.wazuh.com Main PID: 26043 (java) CGroup: /system.slice/wazuh-indexer.service └─26043 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=... Oct 10 16:49:25 centos7 systemd[1]: Starting Wazuh-indexer... Oct 10 16:49:26 centos7 systemd-entrypoint[26043]: WARNING: A terminally deprecated method in java.lang.System has been called Oct 10 16:49:26 centos7 systemd-entrypoint[26043]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.8.0.jar) Oct 10 16:49:26 centos7 systemd-entrypoint[26043]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch Oct 10 16:49:26 centos7 systemd-entrypoint[26043]: WARNING: System::setSecurityManager will be removed in a future release Oct 10 16:49:27 centos7 systemd-entrypoint[26043]: WARNING: A terminally deprecated method in java.lang.System has been called Oct 10 16:49:27 centos7 systemd-entrypoint[26043]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.8.0.jar) Oct 10 16:49:27 centos7 systemd-entrypoint[26043]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security Oct 10 16:49:27 centos7 systemd-entrypoint[26043]: WARNING: System::setSecurityManager will be removed in a future release Oct 10 16:49:31 centos7 systemd[1]: Started Wazuh-indexer. ``` - Initialize cluster ``` [root@centos7 vagrant]# /usr/share/wazuh-indexer/bin/indexer-security-init.sh ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.8.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success ``` - Check cluster status :green_circle: ``` [root@centos7 vagrant]# curl -k -u admin:admin https://192.168.56.4:9200 { "name" : "node-1", "cluster_name" : "wazuh-cluster", "cluster_uuid" : "yUKHu7beTQifKV2DOtHGqQ", "version" : { "number" : "7.10.2", "build_type" : "rpm", "build_hash" : "db90a415ff2fd428b4f7b3f800a51dc229287cb4", "build_date" : "2023-06-03T06:24:25.112415503Z", "build_snapshot" : false, "lucene_version" : "9.6.0", "minimum_wire_compatibility_version" : "7.10.0", "minimum_index_compatibility_version" : "7.0.0" }, "tagline" : "The OpenSearch Project: https://opensearch.org/" } [root@centos7 vagrant]# curl -k -u admin:admin https://192.168.56.4:9200/_cat/nodes?v ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles cluster_manager name 10.0.2.15 21 94 2 0.24 0.25 0.14 dimr cluster_manager,data,ingest,remote_cluster_client * node-1 [root@centos7 vagrant]# curl -k -u admin:admin https://192.168.56.4:9200/_cluster/health?pretty { "cluster_name" : "wazuh-cluster", "status" : "green", "timed_out" : false, "number_of_nodes" : 1, "number_of_data_nodes" : 1, "discovered_master" : true, "discovered_cluster_manager" : true, "active_primary_shards" : 2, "active_shards" : 2, "relocating_shards" : 0, "initializing_shards" : 0, "unassigned_shards" : 0, "delayed_unassigned_shards" : 0, "number_of_pending_tasks" : 0, "number_of_in_flight_fetch" : 0, "task_max_waiting_in_queue_millis" : 0, "active_shards_percent_as_number" : 100.0 } ``` - Upgrade process start - Disable cluster allocation :green_circle: ``` [root@centos7 vagrant]# curl -X PUT "https://192.168.56.4:9200/_cluster/settings" -u admin:admin -k -H 'Content-Type: application/json' -d' { "persistent": { "cluster.routing.allocation.enable": "primaries" } } ' {"acknowledged":true,"persistent":{"cluster":{"routing":{"allocation":{"enable":"primaries"}}}},"transient":{}} [root@centos7 vagrant]# curl -X POST "https://192.168.56.4:9200/_flush/synced" -u admin:admin -k {"_shards":{"total":2,"successful":2,"failed":0}} ``` - Upgrade to 4.7.0 :green_circle: ``` [root@centos7 vagrant]# yum upgrade wazuh-indexer-4.7.0-wp2402.x86_64.rpm Loaded plugins: fastestmirror Examining wazuh-indexer-4.7.0-wp2402.x86_64.rpm: wazuh-indexer-4.7.0-wp2402.x86_64 Marking wazuh-indexer-4.7.0-wp2402.x86_64.rpm as an update to wazuh-indexer-4.6.0-1.x86_64 Resolving Dependencies --> Running transaction check ---> Package wazuh-indexer.x86_64 0:4.6.0-1 will be updated ---> Package wazuh-indexer.x86_64 0:4.7.0-wp2402 will be an update --> Finished Dependency Resolution Dependencies Resolved =================================================================================================================================================================================================================== Package Arch Version Repository Size =================================================================================================================================================================================================================== Updating: wazuh-indexer x86_64 4.7.0-wp2402 /wazuh-indexer-4.7.0-wp2402.x86_64 993 M Transaction Summary =================================================================================================================================================================================================================== Upgrade 1 Package Total size: 993 M Is this ok [y/d/N]: y Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : wazuh-indexer-4.7.0-wp2402.x86_64 1/2 Cleanup : wazuh-indexer-4.6.0-1.x86_64 2/2 Verifying : wazuh-indexer-4.7.0-wp2402.x86_64 1/2 Verifying : wazuh-indexer-4.6.0-1.x86_64 2/2 Updated: wazuh-indexer.x86_64 0:4.7.0-wp2402 Complete! ``` - Start and check service :yellow_circle: - Service found with error messages but running ``` [root@centos7 vagrant]# systemctl daemon-reload [root@centos7 vagrant]# systemctl enable wazuh-indexer [root@centos7 vagrant]# systemctl start wazuh-indexer [root@centos7 vagrant]# systemctl status wazuh-indexer ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2023-10-10 16:54:23 UTC; 9s ago Docs: https://documentation.wazuh.com Main PID: 26584 (java) CGroup: /system.slice/wazuh-indexer.service └─26584 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=... Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206) Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204) Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242) Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearc...tor.java:282) Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadP...tor.java:245) Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at java.base/java.lang.Thread.run(Thread.java:833) Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: For complete error details, refer to the log at /var/log/wazuh-indexer/wazuh-cluster.log Hint: Some lines were ellipsized, use -l to show in full. ``` - Restore cluster allocation :green_circle: ``` [root@centos7 vagrant]# curl -k -u admin:admin https://192.168.56.4:9200/_cat/nodes?v ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles cluster_manager name 10.0.2.15 26 97 4 0.22 0.23 0.16 dimr cluster_manager,data,ingest,remote_cluster_client * node-1 [root@centos7 vagrant]# curl -X PUT "https://192.168.56.4:9200/_cluster/settings" -u admin:admin -k -H 'Content-Type: application/json' -d' > { > "persistent": { > "cluster.routing.allocation.enable": "all" > } > } > ' {"acknowledged":true,"persistent":{"cluster":{"routing":{"allocation":{"enable":"all"}}}},"transient":{}} [root@centos7 vagrant]# curl -X PUT "https://192.168.56.4:9200/_cluster/settings" -u admin:admin -k -H 'Content-Type: application/json' k -u admin:admin https://192.168.56.4:9200/_cat/nodes?v ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles cluster_manager name 10.0.2.15 27 96 0 0.13 0.20 0.15 dimr cluster_manager,data,ingest,remote_cluster_client * node-1 ``` - Check cluster status :red_circle: - Cluster status: `yellow` - Found unassigned shards ``` [root@centos7 vagrant]# curl -k -u admin:admin https://192.168.56.4:9200 { "name" : "node-1", "cluster_name" : "wazuh-cluster", "cluster_uuid" : "yUKHu7beTQifKV2DOtHGqQ", "version" : { "number" : "7.10.2", "build_type" : "rpm", "build_hash" : "1164221ee2b8ba3560f0ff492309867beea28433", "build_date" : "2023-07-18T21:23:29.367080729Z", "build_snapshot" : false, "lucene_version" : "9.7.0", "minimum_wire_compatibility_version" : "7.10.0", "minimum_index_compatibility_version" : "7.0.0" }, "tagline" : "The OpenSearch Project: https://opensearch.org/" } [root@centos7 vagrant]# curl -k -u admin:admin https://192.168.56.4:9200/_cluster/health?pretty { "cluster_name" : "wazuh-cluster", "status" : "yellow", "timed_out" : false, "number_of_nodes" : 1, "number_of_data_nodes" : 1, "discovered_master" : true, "discovered_cluster_manager" : true, "active_primary_shards" : 5, "active_shards" : 5, "relocating_shards" : 0, "initializing_shards" : 0, "unassigned_shards" : 3, "delayed_unassigned_shards" : 0, "number_of_pending_tasks" : 0, "number_of_in_flight_fetch" : 0, "task_max_waiting_in_queue_millis" : 0, "active_shards_percent_as_number" : 62.5 } ```

• Found multiple errors in the journalctl and /var/log/wazuh-indexer directory
• Moved all error/warning messages to a new comment in order to clean the process

[rauldpm]

Analysis report - error/warning/deprecation messages

• Moved all error/warning logs to a new comment in order to clean the process

journalctl

- Related https://forum.opensearch.org/t/java-lang-illegalargumentexception-index-template-how-critical/15306 ``` Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: For complete error details, refer to the log at /var/log/wazuh-indexer/wazuh-cluster.log Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at java.base/java.lang.Thread.run(Thread.java:833) Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242) Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204) Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206) Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295) Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424) Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874) Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65) Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.cluster.metadata.MetadataIndexTemplateService$4.execute(MetadataIndexTemplateService.java:491) Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: at org.opensearch.cluster.metadata.MetadataIndexTemplateService.addIndexTemplateV2(MetadataIndexTemplateService.java:558) Oct 10 16:54:24 centos7 systemd-entrypoint[26584]: java.lang.IllegalArgumentException: index template [ss4o_metrics_template] has index patterns [ss4o_metrics-*-*] matching patterns from existing templates [ss4o_metric_template] with patterns (ss4o_metric_template => [ss4o_metrics-*-*]) that have the same priority [1], multiple index templates may not match during index creation, please use a different priority ``` Current templates: ``` [root@centos7 vagrant]# curl -k -u admin:admin https://192.168.56.4:9200/_cat/templates ss4o_metric_template [ss4o_metrics-*-*] 1 1 [] ss4o_trace_template [ss4o_traces-*-*] 1 1 [] ``` Apparently, is a bug produced in the upgrade from 2.8.0, explanation here: https://forum.opensearch.org/t/java-lang-illegalargumentexception-index-template-how-critical/15306/16, no issue was opened by OP The error is reported at https://github.com/opensearch-project/observability/issues/1771 and https://github.com/opensearch-project/OpenSearch/issues/8926 --- - Related https://github.com/wazuh/wazuh-packages/issues/2139 ``` Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:103) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:137) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.opensearch.cli.Command.main(Command.java:101) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.opensearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:104) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.opensearch.bootstrap.OpenSearch.execute(OpenSearch.java:171) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.opensearch.bootstrap.OpenSearch.init(OpenSearch.java:180) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.opensearch.bootstrap.Bootstrap.init(Bootstrap.java:404) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.opensearch.bootstrap.Bootstrap.setup(Bootstrap.java:242) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.opensearch.bootstrap.Bootstrap$5.(Bootstrap.java:242) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.opensearch.node.Node.(Node.java:389) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.opensearch.node.Node.(Node.java:416) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1325) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1891) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2028) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2142) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2159) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2205) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.Logger.log(Logger.java:161) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:417) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:483) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:500) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:542) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:311) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:396) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:419) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:202) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:215) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:177) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) Oct 10 13:18:35 centos7 systemd-entrypoint[641]: 2023-10-10 13:18:35,625 main ERROR Could not define attribute view on path "/var/log/wazuh-indexer/wazuh-cluster.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation") ```

wazuh-cluster_deprecation.json

- This config is present in the following files: - `base/files/etc/wazuh-indexer/opensearch.yml:node.max_local_storage_nodes: "3"` - This does not represent a problem with the package functionality right now ``` {"type": "deprecation", "timestamp": "2023-10-09T20:33:49,063Z", "level": "DEPRECATION", "component": "o.o.d.c.s.Settings", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "[node.max_local_storage_nodes] setting was deprecated in OpenSearch and will be removed in a future release! See the breaking changes documentation for the next major version." } ``` --- - This config is present in the following files: - `base/files/etc/wazuh-indexer/opensearch.yml:node.name: "node-1"` - This does not represent a problem with the package functionality right now ``` {"type": "deprecation", "timestamp": "2023-10-09T20:33:50,103Z", "level": "DEPRECATION", "component": "o.o.d.c.s.Settings", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "[cluster.initial_master_nodes] setting was deprecated in OpenSearch and will be removed in a future release! See the breaking changes documentation for the next major version." } ``` --- - No info was found about the following deprecation message, this does not represent a problem with the package functionality right now ``` {"type": "deprecation", "timestamp": "2023-10-09T20:33:51,883Z", "level": "DEPRECATION", "component": "o.o.d.a.m.TransportMainAction", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "overriding main response version number will be removed in a future version" } ``` --- - No info was found about the following deprecation message, this does not represent a problem with the package functionality right now ``` {"type": "deprecation", "timestamp": "2023-10-09T20:33:52,595Z", "level": "DEPRECATION", "component": "o.o.d.c.m.MetadataCreateIndexService", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "index name [.opensearch-observability] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices", "cluster.uuid": "_AuiaZcrRSmWLPxoZPUdmw", "node.id": "sPmtFn6NS8uwX3HDObFSMw" } ``` --- - No info was found about the following deprecation message, this does not represent a problem with the package functionality right now ``` {"type": "deprecation", "timestamp": "2023-10-09T20:34:24,625Z", "level": "DEPRECATION", "component": "o.o.d.c.m.IndexNameExpressionResolver", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "this request accesses system indices: [.opendistro_security], but in a future major version, direct access to system indices will be prevented by default", "cluster.uuid": "_AuiaZcrRSmWLPxoZPUdmw", "node.id": "sPmtFn6NS8uwX3HDObFSMw" } ``` --- - No info was found about the following deprecation message, this does not represent a problem with the package functionality right now ``` {"type": "deprecation", "timestamp": "2023-10-10T16:52:44,135Z", "level": "DEPRECATION", "component": "o.o.d.r.a.a.i.RestSyncedFlushAction", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Synced flush was removed and a normal flush was performed instead. This transition will be removed in a future version.", "cluster.uuid": "yUKHu7beTQifKV2DOtHGqQ", "node.id": "tHwh8BC-SFCTAG6UjPqilw" } ``` --- - No info was found about the following deprecation message, this does not represent a problem with the package functionality right now ``` {"type": "deprecation", "timestamp": "2023-10-10T16:54:33,276Z", "level": "DEPRECATION", "component": "o.o.d.c.m.MetadataCreateIndexService", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "index name [.plugins-ml-config] starts with a dot '.', in the next major version, index names starting with a dot are reserved for hidden indices and system indices", "cluster.uuid": "yUKHu7beTQifKV2DOtHGqQ", "node.id": "tHwh8BC-SFCTAG6UjPqilw" } ``` - All deprecation messages have been reported at https://github.com/wazuh/wazuh-packages/issues/2518

wazuh-cluster_server.json

- Warning found at https://github.com/wazuh/wazuh-packages/issues/1962 and https://github.com/wazuh/wazuh-packages/issues/1582 ``` {"type": "server", "timestamp": "2023-10-10T13:18:39,485Z", "level": "WARN", "component": "o.o.s.c.Salt", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes" } ``` --- - Related https://github.com/wazuh/wazuh-packages/issues/1511 ``` {"type": "server", "timestamp": "2023-10-10T13:18:39,514Z", "level": "ERROR", "component": "o.o.s.a.s.SinkProvider", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Default endpoint could not be created, auditlog will not work properly." } {"type": "server", "timestamp": "2023-10-10T13:18:39,514Z", "level": "WARN", "component": "o.o.s.a.r.AuditMessageRouter", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "No default storage available, audit log may not work properly. Please check configuration." } ``` --- - This warning appears in multiple issues at wazuh-packages and wazuh repositories but it is not reported directly or justification is made about the cause/fix - Related: https://github.com/elastic/elasticsearch/issues/65032 - Reported: https://github.com/wazuh/wazuh-packages/issues/2519 ``` {"type": "server", "timestamp": "2023-10-10T13:18:40,726Z", "level": "WARN", "component": "o.o.g.DanglingIndicesState", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually" } ``` --- - No reports have been found with this warning even in the OpenSearch repository, the message appears among other messages, but it is not the main reported problem. As the message said, it is being ignored. ``` {"type": "server", "timestamp": "2023-10-10T13:18:42,894Z", "level": "WARN", "component": "o.o.p.c.s.h.ConfigOverridesClusterSettingHandler", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Config override setting update called with empty string. Ignoring." } ``` --- - OpenSearch related, reported at https://github.com/opensearch-project/OpenSearch/issues/9061 ``` {"type": "server", "timestamp": "2023-10-10T13:18:42,978Z", "level": "WARN", "component": "o.o.s.SecurityAnalyticsPlugin", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failed to initialize LogType config index and builtin log types", "cluster.uuid": "3C3-Jr4zQECh1G8HArxUDA", "node.id": "HNVmBWmvT8K7cFaNnP8_hg" } ``` --- - OpenSearch related, reported at https://github.com/opensearch-project/OpenSearch/issues/9061 ``` {"type": "server", "timestamp": "2023-10-10T13:18:42,975Z", "level": "ERROR", "component": "o.o.s.u.SecurityAnalyticsException", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Security Analytics error:", "cluster.uuid": "3C3-Jr4zQECh1G8HArxUDA", "node.id": "HNVmBWmvT8K7cFaNnP8_hg" , "stacktrace": ["org.opensearch.ResourceAlreadyExistsException: index [.opensearch-sap-pre-packaged-rules-config/NOz47ECmRj2YLvEdwmVRnA] already exists", "at org.opensearch.cluster.metadata.MetadataCreateIndexService.validateIndexName(MetadataCreateIndexService.java:233) ~[opensearch-2.9.0.jar:2.9.0]", "at org.opensearch.cluster.metadata.MetadataCreateIndexService.validate(MetadataCreateIndexService.java:1300) ~[opensearch-2.9.0.jar:2.9.0]", "at org.opensearch.cluster.metadata.MetadataCreateIndexService.applyCreateIndexRequest(MetadataCreateIndexService.java:404) ~[opensearch-2.9.0.jar:2.9.0]", "at org.opensearch.cluster.metadata.MetadataCreateIndexService.applyCreateIndexRequest(MetadataCreateIndexService.java:459) ~[opensearch-2.9.0.jar:2.9.0]", "at org.opensearch.cluster.metadata.MetadataCreateIndexService$1.execute(MetadataCreateIndexService.java:365) ~[opensearch-2.9.0.jar:2.9.0]", "at org.opensearch.cluster.ClusterStateUpdateTask.execute(ClusterStateUpdateTask.java:65) ~[opensearch-2.9.0.jar:2.9.0]", "at org.opensearch.cluster.service.MasterService.executeTasks(MasterService.java:874) ~[opensearch-2.9.0.jar:2.9.0]", "at org.opensearch.cluster.service.MasterService.calculateTaskOutputs(MasterService.java:424) ~[opensearch-2.9.0.jar:2.9.0]", "at org.opensearch.cluster.service.MasterService.runTasks(MasterService.java:295) ~[opensearch-2.9.0.jar:2.9.0]", "at org.opensearch.cluster.service.MasterService$Batcher.run(MasterService.java:206) ~[opensearch-2.9.0.jar:2.9.0]", "at org.opensearch.cluster.service.TaskBatcher.runIfNotProcessed(TaskBatcher.java:204) ~[opensearch-2.9.0.jar:2.9.0]", "at org.opensearch.cluster.service.TaskBatcher$BatchedTask.run(TaskBatcher.java:242) ~[opensearch-2.9.0.jar:2.9.0]", "at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) ~[opensearch-2.9.0.jar:2.9.0]", "at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:282) ~[opensearch-2.9.0.jar:2.9.0]", "at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:245) ~[opensearch-2.9.0.jar:2.9.0]", "at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) [?:?]", "at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) [?:?]", "at java.lang.Thread.run(Thread.java:833) [?:?]"] } ``` --- - OpenSearch related, reported at https://github.com/opensearch-project/OpenSearch/issues/9061 ``` {"type": "server", "timestamp": "2023-10-10T13:18:42,986Z", "level": "WARN", "component": "o.o.s.SecurityAnalyticsPlugin", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failed initializing prepackaged rules", "cluster.uuid": "3C3-Jr4zQECh1G8HArxUDA", "node.id": "HNVmBWmvT8K7cFaNnP8_hg" , "stacktrace": ["org.opensearch.securityanalytics.util.SecurityAnalyticsException: index [.opensearch-sap-pre-packaged-rules-config/NOz47ECmRj2YLvEdwmVRnA] already exists", "at org.opensearch.securityanalytics.util.SecurityAnalyticsException.wrap(SecurityAnalyticsException.java:51) ~[?:?]", "at org.opensearch.securityanalytics.transport.TransportSearchRuleAction$AsyncSearchRulesAction.lambda$finishHim$0(TransportSearchRuleAction.java:239) ~[?:?]", "at org.opensearch.action.ActionRunnable.lambda$supply$0(ActionRunnable.java:73) [opensearch-2.9.0.jar:2.9.0]", "at org.opensearch.action.ActionRunnable$2.doRun(ActionRunnable.java:88) ~[opensearch-2.9.0.jar:2.9.0]", "at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:908) [opensearch-2.9.0.jar:2.9.0]", "at org.opensearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:52) [opensearch-2.9.0.jar:2.9.0]", "at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) [?:?]", "at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) [?:?]", "at java.lang.Thread.run(Thread.java:833) [?:?]", "Caused by: java.lang.Exception: org.opensearch.ResourceAlreadyExistsException: index [.opensearch-sap-pre-packaged-rules-config/NOz47ECmRj2YLvEdwmVRnA] already exists", "... 9 more"] } ``` --- - Related https://github.com/wazuh/wazuh-packages/issues/1582 ``` {"type": "server", "timestamp": "2023-10-10T13:18:43,939Z", "level": "ERROR", "component": "o.o.s.c.ConfigurationLoaderSecurity7", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)", "cluster.uuid": "3C3-Jr4zQECh1G8HArxUDA", "node.id": "HNVmBWmvT8K7cFaNnP8_hg" } ``` --- - Documentation reference https://opensearch.org/docs/latest/tuning-your-cluster/availability-and-recovery/segment-replication/index/ - No issue references has been found - The message is just a support warning ``` {"type": "server", "timestamp": "2023-10-10T13:51:25,972Z", "level": "WARN", "component": "o.o.c.m.MetadataCreateIndexService", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "Setting replication.type: DOCUMENT will be used for Index until Segment Replication supports System and Hidden indices", "cluster.uuid": "3C3-Jr4zQECh1G8HArxUDA", "node.id": "HNVmBWmvT8K7cFaNnP8_hg" } ``` --- - Probably related https://github.com/opensearch-project/OpenSearch/issues/9061 (unassigned_shards) ``` {"type": "server", "timestamp": "2023-10-10T13:18:42,968Z", "level": "WARN", "component": "o.o.o.i.ObservabilityIndex", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "message: index [.opensearch-observability/6NNSw0wGQsOfyH1F_GIrTg] already exists", "cluster.uuid": "3C3-Jr4zQECh1G8HArxUDA", "node.id": "HNVmBWmvT8K7cFaNnP8_hg" } ``` --- - Probably related https://github.com/opensearch-project/OpenSearch/issues/9061 (unassigned_shards) ``` {"type": "server", "timestamp": "2023-10-10T16:54:23,536Z", "level": "WARN", "component": "o.o.o.i.ObservabilityIndex", "cluster.name": "wazuh-cluster", "node.name": "node-1", "message": "message: index [.opensearch-observability/KFrTocVmT2WELfYOZgKoEg] already exists", "cluster.uuid": "yUKHu7beTQifKV2DOtHGqQ", "node.id": "tHwh8BC-SFCTAG6UjPqilw" } ```

wazuh-cluster.log

- All errors present in this log file are reported previously

[rauldpm]

Analysis report - Unassigned shards in a fresh install

• How to replicate
  • Create certificates
  • Download the Wazuh cert tool and the config.yml file
  • Add the node IP to the config.yml file in the Wazuh indexer node-1 section. Remove the rest of the configuration
  • Create the certificates using the cert tools
  • Install the Wazuh indexer 4.7.0 - 2.9.0 package
  • Copy the certificates following the documentation
  • Start the Wazuh indexer service
  • Initialize the Wazuh indexer cluster -> Should be stated as YELLOW
  • Check cluster health with curl -k -u admin:admin https://IP:9200/_cluster/health?pretty
• Cluster initialization

[root@centos7 vagrant]# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.9.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success

• Health check

[root@centos7 vagrant]# curl -k -u admin:admin https://192.168.56.4:9200/_cluster/health?pretty
{
  "cluster_name" : "wazuh-cluster",
  "status" : "yellow",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "discovered_master" : true,
  "discovered_cluster_manager" : true,
  "active_primary_shards" : 5,
  "active_shards" : 5,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 3,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 62.5
}

• It is possible to see three unassigned shards

---

• A Wazuh indexer 4.6.0 (2.8.0) fresh install shows the cluster in a green state and without unassigned shards

  4.6.0 cluster status - fresh install

  ``` [root@centos7 vagrant]# /usr/share/wazuh-indexer/bin/indexer-security-init.sh ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.8.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success ``` ``` [root@centos7 vagrant]# curl -k -u admin:admin https://192.168.56.4:9200/_cluster/health?pretty { "cluster_name" : "wazuh-cluster", "status" : "green", "timed_out" : false, "number_of_nodes" : 1, "number_of_data_nodes" : 1, "discovered_master" : true, "discovered_cluster_manager" : true, "active_primary_shards" : 2, "active_shards" : 2, "relocating_shards" : 0, "initializing_shards" : 0, "unassigned_shards" : 0, "delayed_unassigned_shards" : 0, "number_of_pending_tasks" : 0, "number_of_in_flight_fetch" : 0, "task_max_waiting_in_queue_millis" : 0, "active_shards_percent_as_number" : 100.0 } ```

---

Testing OpenSearch 2.9.0

• The same behavior has been found in an OpenSearch 2.9.0 fresh install

  OpenSearch 2.9.0 fresh install :red_circle:

  ``` [root@centos7 vagrant]# yum install opensearch-2.9.0-linux-x64.rpm -y Loaded plugins: fastestmirror Examining opensearch-2.9.0-linux-x64.rpm: opensearch-2.9.0-1.x86_64 Marking opensearch-2.9.0-linux-x64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package opensearch.x86_64 0:2.9.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================================================================================================= Package Arch Version Repository Size ============================================================================================================================================================================================================================================= Installing: opensearch x86_64 2.9.0-1 /opensearch-2.9.0-linux-x64 993 M Transaction Summary ============================================================================================================================================================================================================================================= Install 1 Package Total size: 993 M Installed size: 993 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : opensearch-2.9.0-1.x86_64 1/1 ### NOT starting on installation, please execute the following statements to configure opensearch service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable opensearch.service ### You can start opensearch service by executing sudo systemctl start opensearch.service ### Create opensearch demo certificates in /etc/opensearch/ See demo certs creation log in /var/log/opensearch/install_demo_configuration.log Verifying : opensearch-2.9.0-1.x86_64 1/1 Installed: opensearch.x86_64 0:2.9.0-1 Complete! [root@centos7 vagrant]# sudo systemctl start opensearch [root@centos7 vagrant]# sudo systemctl status opensearch ● opensearch.service - OpenSearch Loaded: loaded (/usr/lib/systemd/system/opensearch.service; disabled; vendor preset: disabled) Active: active (running) since Wed 2023-10-11 15:33:17 UTC; 15s ago Docs: https://opensearch.org/ Main PID: 5633 (java) CGroup: /system.slice/opensearch.service └─5633 /usr/share/opensearch/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Dj... Oct 11 15:33:07 centos7 systemd[1]: Starting OpenSearch... Oct 11 15:33:09 centos7 systemd-entrypoint[5633]: WARNING: A terminally deprecated method in java.lang.System has been called Oct 11 15:33:09 centos7 systemd-entrypoint[5633]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/opensearch/lib/opensearch-2.9.0.jar) Oct 11 15:33:09 centos7 systemd-entrypoint[5633]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch Oct 11 15:33:09 centos7 systemd-entrypoint[5633]: WARNING: System::setSecurityManager will be removed in a future release Oct 11 15:33:09 centos7 systemd-entrypoint[5633]: WARNING: A terminally deprecated method in java.lang.System has been called Oct 11 15:33:09 centos7 systemd-entrypoint[5633]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/opensearch/lib/opensearch-2.9.0.jar) Oct 11 15:33:09 centos7 systemd-entrypoint[5633]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security Oct 11 15:33:09 centos7 systemd-entrypoint[5633]: WARNING: System::setSecurityManager will be removed in a future release Oct 11 15:33:17 centos7 systemd[1]: Started OpenSearch. ``` ``` [root@centos7 vagrant]# curl -k -u admin:admin https://localhost:9200/_cluster/health?pretty { "cluster_name" : "opensearch", "status" : "yellow", "timed_out" : false, "number_of_nodes" : 1, "number_of_data_nodes" : 1, "discovered_master" : true, "discovered_cluster_manager" : true, "active_primary_shards" : 5, "active_shards" : 5, "relocating_shards" : 0, "initializing_shards" : 0, "unassigned_shards" : 3, "delayed_unassigned_shards" : 0, "number_of_pending_tasks" : 0, "number_of_in_flight_fetch" : 0, "task_max_waiting_in_queue_millis" : 0, "active_shards_percent_as_number" : 62.5 } [root@centos7 vagrant]# curl -k -u admin:admin https://localhost:9200/_cat/shards .opensearch-observability 0 p STARTED 0 208b 127.0.0.1 centos7 .plugins-ml-config 0 p STARTED 1 3.8kb 127.0.0.1 centos7 .plugins-ml-config 0 r UNASSIGNED .opensearch-sap-pre-packaged-rules-config 0 p STARTED 127.0.0.1 centos7 .opensearch-sap-pre-packaged-rules-config 0 r UNASSIGNED .opensearch-sap-log-types-config 0 p STARTED 127.0.0.1 centos7 .opensearch-sap-log-types-config 0 r UNASSIGNED .opendistro_security 0 p STARTED 10 74.8kb 127.0.0.1 centos7 ```

• Apparently, the unassigned shards are duplicated:

.plugins-ml-config                        0 r UNASSIGNED           
.opensearch-sap-pre-packaged-rules-config 0 r UNASSIGNED            
.opensearch-sap-log-types-config          0 r UNASSIGNED     

• Added a comment in the https://github.com/opensearch-project/OpenSearch/issues/9061#issuecomment-1757988697 issue as the error is not being investigated apparently

---

Testing OpenSearch 2.10.0

• This behavior does not happen in OpenSearch 2.10.0

  OpenSearch 2.10.0 fresh install :green_circle:

  ``` [root@centos7 vagrant]# yum localinstall opensearch-2.10.0-linux-x64.rpm -y Loaded plugins: fastestmirror Examining opensearch-2.10.0-linux-x64.rpm: opensearch-2.10.0-1.x86_64 Marking opensearch-2.10.0-linux-x64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package opensearch.x86_64 0:2.10.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================================================================================================= Package Arch Version Repository Size ============================================================================================================================================================================================================================================= Installing: opensearch x86_64 2.10.0-1 /opensearch-2.10.0-linux-x64 1.0 G Transaction Summary ============================================================================================================================================================================================================================================= Install 1 Package Total size: 1.0 G Installed size: 1.0 G Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : opensearch-2.10.0-1.x86_64 1/1 ### NOT starting on installation, please execute the following statements to configure opensearch service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable opensearch.service ### You can start opensearch service by executing sudo systemctl start opensearch.service ### Create opensearch demo certificates in /etc/opensearch/ See demo certs creation log in /var/log/opensearch/install_demo_configuration.log ### Upcoming breaking change in packaging In a future release of OpenSearch, we plan to change the permissions associated with access to installed files If you are configuring tools that require read access to the OpenSearch configuration files, we recommend you add the user that runs these tools to the 'opensearch' group For more information, see https://github.com/opensearch-project/opensearch-build/pull/4043 Verifying : opensearch-2.10.0-1.x86_64 1/1 Installed: opensearch.x86_64 0:2.10.0-1 Complete! [root@centos7 vagrant]# sudo systemctl start opensearch [root@centos7 vagrant]# systemctl status opensearch ● opensearch.service - OpenSearch Loaded: loaded (/usr/lib/systemd/system/opensearch.service; disabled; vendor preset: disabled) Active: active (running) since Wed 2023-10-11 15:51:34 UTC; 3s ago Docs: https://opensearch.org/ Main PID: 24907 (java) CGroup: /system.slice/opensearch.service └─24907 /usr/share/opensearch/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -D... Oct 11 15:51:25 centos7 systemd[1]: Starting OpenSearch... Oct 11 15:51:26 centos7 systemd-entrypoint[24907]: WARNING: A terminally deprecated method in java.lang.System has been called Oct 11 15:51:26 centos7 systemd-entrypoint[24907]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/opensearch/lib/opensearch-2.10.0.jar) Oct 11 15:51:26 centos7 systemd-entrypoint[24907]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch Oct 11 15:51:26 centos7 systemd-entrypoint[24907]: WARNING: System::setSecurityManager will be removed in a future release Oct 11 15:51:26 centos7 systemd-entrypoint[24907]: WARNING: A terminally deprecated method in java.lang.System has been called Oct 11 15:51:26 centos7 systemd-entrypoint[24907]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/opensearch/lib/opensearch-2.10.0.jar) Oct 11 15:51:26 centos7 systemd-entrypoint[24907]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security Oct 11 15:51:26 centos7 systemd-entrypoint[24907]: WARNING: System::setSecurityManager will be removed in a future release Oct 11 15:51:34 centos7 systemd[1]: Started OpenSearch. ``` ``` [root@centos7 vagrant]# curl -k -u admin:admin https://localhost:9200/_cluster/health?pretty { "cluster_name" : "opensearch", "status" : "green", "timed_out" : false, "number_of_nodes" : 1, "number_of_data_nodes" : 1, "discovered_master" : true, "discovered_cluster_manager" : true, "active_primary_shards" : 4, "active_shards" : 4, "relocating_shards" : 0, "initializing_shards" : 0, "unassigned_shards" : 0, "delayed_unassigned_shards" : 0, "number_of_pending_tasks" : 0, "number_of_in_flight_fetch" : 0, "task_max_waiting_in_queue_millis" : 0, "active_shards_percent_as_number" : 100.0 } [root@centos7 vagrant]# curl -k -u admin:admin https://localhost:9200/_cat/shards .opensearch-observability 0 p STARTED 0 208b 127.0.0.1 centos7 .opensearch-sap-log-types-config 0 p STARTED 127.0.0.1 centos7 .opendistro_security 0 p STARTED 10 75.4kb 127.0.0.1 centos7 ```

[root@centos7 vagrant]# curl -k -u admin:admin https://localhost:9200/_cat/shards
.opensearch-observability        0 p STARTED  0   208b 127.0.0.1 centos7
.opensearch-sap-log-types-config 0 p STARTED           127.0.0.1 centos7
.opendistro_security             0 p STARTED 10 75.4kb 127.0.0.1 centos7

[rauldpm]

Conclusion

Due to the errors and warnings detected in the bump from OpenSearch, it was decided to stop the bump process and keep 2.8.0 for 4.7.0

[davidjiglesias]

LGTM!

[zentavr]

I still have this issue with v4.7.2: https://github.com/wazuh/wazuh-kubernetes/issues/604