A problem has been encountered when performing a 4.8.0 AIO deployment in Debian 12, not being able to create an ISM policy
WIA install output
```
oot@debian12agent:/home/vagrant# curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && sudo bash ./wazuh-install.sh -a -i
18/01/2024 14:29:02 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
18/01/2024 14:29:02 INFO: Verbose logging redirected to /var/log/wazuh-install.log
18/01/2024 14:29:04 INFO: --- Dependencies ----
18/01/2024 14:29:04 INFO: Installing gawk.
18/01/2024 14:29:06 WARNING: Hardware and system checks ignored.
18/01/2024 14:29:06 INFO: Wazuh web interface port will be 443.
18/01/2024 14:29:07 INFO: --- Dependencies ----
18/01/2024 14:29:07 INFO: Installing apt-transport-https.
18/01/2024 14:29:08 INFO: Installing software-properties-common.
18/01/2024 14:29:13 INFO: Installing gnupg.
18/01/2024 14:29:17 INFO: Wazuh development repository added.
18/01/2024 14:29:17 INFO: --- Configuration files ---
18/01/2024 14:29:17 INFO: Generating configuration files.
18/01/2024 14:29:18 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
18/01/2024 14:29:18 INFO: --- Wazuh indexer ---
18/01/2024 14:29:18 INFO: Starting Wazuh indexer installation.
18/01/2024 14:30:22 INFO: Wazuh indexer installation finished.
18/01/2024 14:30:22 INFO: Wazuh indexer post-install configuration finished.
18/01/2024 14:30:22 INFO: Starting service wazuh-indexer.
18/01/2024 14:30:30 INFO: wazuh-indexer service started.
18/01/2024 14:30:30 INFO: Initializing Wazuh indexer cluster security settings.
18/01/2024 14:33:05 WARNING: The Wazuh indexer cluster ISM policy could not be created.
18/01/2024 14:33:05 INFO: Wazuh indexer cluster initialized.
18/01/2024 14:33:05 INFO: --- Wazuh server ---
18/01/2024 14:33:05 INFO: Starting the Wazuh manager installation.
18/01/2024 14:34:04 INFO: Wazuh manager installation finished.
18/01/2024 14:34:04 INFO: Starting service wazuh-manager.
18/01/2024 14:34:19 INFO: wazuh-manager service started.
18/01/2024 14:34:19 INFO: Starting Filebeat installation.
18/01/2024 14:34:24 INFO: Filebeat installation finished.
18/01/2024 14:34:25 INFO: Filebeat post-install configuration finished.
18/01/2024 14:34:25 INFO: Starting service filebeat.
18/01/2024 14:34:25 INFO: filebeat service started.
18/01/2024 14:34:25 INFO: --- Wazuh dashboard ---
18/01/2024 14:34:25 INFO: Starting Wazuh dashboard installation.
18/01/2024 14:34:51 INFO: Wazuh dashboard installation finished.
18/01/2024 14:34:51 INFO: Wazuh dashboard post-install configuration finished.
18/01/2024 14:34:51 INFO: Starting service wazuh-dashboard.
18/01/2024 14:34:51 INFO: wazuh-dashboard service started.
18/01/2024 14:34:52 INFO: Updating the internal users.
18/01/2024 14:34:52 ERROR: The backup could not be created
```
When observing the logs of the Wazuh indexer cluster, the following error is found
Wazuh indexer cluster error
```
1-18T14:30:30,871][ERROR][o.o.p.c.o.OSGlobals ] [node-1] Error in static initialization of OSGlobals with exception: java.security.AccessControlException: access denied ("java.io.FilePermission" "/p>
java.security.AccessControlException: access denied ("java.io.FilePermission" "/proc/self/task" "read")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) ~[?:?]
at java.security.AccessController.checkPermission(AccessController.java:1068) ~[?:?]
at java.lang.SecurityManager.checkPermission(SecurityManager.java:416) ~[?:?]
at java.lang.SecurityManager.checkRead(SecurityManager.java:756) ~[?:?]
at java.io.File.normalizedList(File.java:1171) ~[?:?]
at java.io.File.listFiles(File.java:1269) ~[?:?]
at org.opensearch.performanceanalyzer.commons.os.OSGlobals.enumTids(OSGlobals.java:75) ~[performance-analyzer-commons-1.1.0.jar:?]
at org.opensearch.performanceanalyzer.commons.os.OSGlobals.(OSGlobals.java:34) [performance-analyzer-commons-1.1.0.jar:?]
at org.opensearch.performanceanalyzer.commons.metrics_generator.linux.LinuxOSMetricsGenerator.getPid(LinuxOSMetricsGenerator.java:36) [performance-analyzer-commons-1.1.0.jar:?]
at org.opensearch.performanceanalyzer.commons.jvm.ThreadList.(ThreadList.java:44) [performance-analyzer-commons-1.1.0.jar:?]
at org.opensearch.performanceanalyzer.commons.util.ThreadIDUtil.getNativeThreadId(ThreadIDUtil.java:22) [performance-analyzer-commons-1.1.0.jar:?]
at org.opensearch.performanceanalyzer.commons.util.ThreadIDUtil.getNativeCurrentThreadId(ThreadIDUtil.java:18) [performance-analyzer-commons-1.1.0.jar:?]
at org.opensearch.performanceanalyzer.listener.PerformanceAnalyzerSearchListener.preQueryPhase(PerformanceAnalyzerSearchListener.java:112) [opensearch-performance-analyzer-2.10.0.0.jar:2.10.0.0]
at org.opensearch.performanceanalyzer.listener.PerformanceAnalyzerSearchListener.onPreQueryPhase(PerformanceAnalyzerSearchListener.java:46) [opensearch-performance-analyzer-2.10.0.0.jar:2.10.0.0]
at org.opensearch.index.shard.SearchOperationListener$CompositeListener.onPreQueryPhase(SearchOperationListener.java:162) [opensearch-2.10.0.jar:2.10.0]
at org.opensearch.search.SearchService$SearchOperationListenerExecutor.(SearchService.java:1746) [opensearch-2.10.0.jar:2.10.0]
at org.opensearch.search.SearchService$SearchOperationListenerExecutor.(SearchService.java:1735) [opensearch-2.10.0.jar:2.10.0]
at org.opensearch.search.SearchService.executeQueryPhase(SearchService.java:596) [opensearch-2.10.0.jar:2.10.0]
at org.opensearch.search.SearchService$2.lambda$onResponse$0(SearchService.java:566) [opensearch-2.10.0.jar:2.10.0]
at org.opensearch.action.ActionRunnable.lambda$supply$0(ActionRunnable.java:74) [opensearch-2.10.0.jar:2.10.0]
at org.opensearch.action.ActionRunnable$2.doRun(ActionRunnable.java:89) [opensearch-2.10.0.jar:2.10.0]
at org.opensearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:52) [opensearch-2.10.0.jar:2.10.0]
at org.opensearch.threadpool.TaskAwareRunnable.doRun(TaskAwareRunnable.java:78) [opensearch-2.10.0.jar:2.10.0]
at org.opensearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:52) [opensearch-2.10.0.jar:2.10.0]
at org.opensearch.common.util.concurrent.TimedRunnable.doRun(TimedRunnable.java:59) [opensearch-2.10.0.jar:2.10.0]
at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:908) [opensearch-2.10.0.jar:2.10.0]
at org.opensearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:52) [opensearch-2.10.0.jar:2.10.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) [?:?]
at java.lang.Thread.run(Thread.java:833) [?:?]
```
Looking at the WIA log, the error appears to come from the ISM script
WIA log error
```
18/01/2024 14:30:30 INFO: wazuh-indexer service started.
18/01/2024 14:30:30 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
ERR: An unexpected ConnectException occured: Connection refused
Trace:
java.net.ConnectException: Connection refused
at org.opensearch.client.RestClient.extractAndWrapCause(RestClient.java:954)
at org.opensearch.client.RestClient.performRequest(RestClient.java:333)
at org.opensearch.client.RestClient.performRequest(RestClient.java:321)
at org.opensearch.security.tools.SecurityAdmin.execute(SecurityAdmin.java:573)
at org.opensearch.security.tools.SecurityAdmin.main(SecurityAdmin.java:163)
Caused by: java.net.ConnectException: Connection refused
at java.base/sun.nio.ch.Net.pollConnect(Native Method)
at java.base/sun.nio.ch.Net.pollConnectNow(Net.java:672)
at java.base/sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:946)
at org.apache.http.impl.nio.reactor.DefaultConnectingIOReactor.processEvent(DefaultConnectingIOReactor.java:174)
at org.apache.http.impl.nio.reactor.DefaultConnectingIOReactor.processEvents(DefaultConnectingIOReactor.java:148)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor.execute(AbstractMultiworkerIOReactor.java:351)
at org.apache.http.impl.nio.conn.PoolingNHttpClientConnectionManager.execute(PoolingNHttpClientConnectionManager.java:221)
at org.apache.http.impl.nio.client.CloseableHttpAsyncClientBase$1.run(CloseableHttpAsyncClientBase.java:64)
at java.base/java.lang.Thread.run(Thread.java:833)
Will create 'wazuh' index template
ERROR: 'wazuh' template creation failed
Will create 'ism_history_indices' index template
ERROR: 'ism_history_indices' template creation failed
Will disable replicas for 'plugins.index_state_management.history' indices
ERROR: cluster's settings update failed
Will create index templates to configure the alias
ERROR: 'wazuh-alerts' template creation failed
ERROR: 'wazuh-archives' template creation failed
ERROR: Indexer ISM initialization failed. Check /tmp/wazuh-indexer/ism-init.log for more information.
```
Description
Source issue: https://github.com/wazuh/wazuh/issues/21339
A problem has been encountered when performing a 4.8.0 AIO deployment in Debian 12, not being able to create an ISM policy
WIA install output
``` oot@debian12agent:/home/vagrant# curl -sO https://packages-dev.wazuh.com/4.8/wazuh-install.sh && sudo bash ./wazuh-install.sh -a -i 18/01/2024 14:29:02 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0 18/01/2024 14:29:02 INFO: Verbose logging redirected to /var/log/wazuh-install.log 18/01/2024 14:29:04 INFO: --- Dependencies ---- 18/01/2024 14:29:04 INFO: Installing gawk. 18/01/2024 14:29:06 WARNING: Hardware and system checks ignored. 18/01/2024 14:29:06 INFO: Wazuh web interface port will be 443. 18/01/2024 14:29:07 INFO: --- Dependencies ---- 18/01/2024 14:29:07 INFO: Installing apt-transport-https. 18/01/2024 14:29:08 INFO: Installing software-properties-common. 18/01/2024 14:29:13 INFO: Installing gnupg. 18/01/2024 14:29:17 INFO: Wazuh development repository added. 18/01/2024 14:29:17 INFO: --- Configuration files --- 18/01/2024 14:29:17 INFO: Generating configuration files. 18/01/2024 14:29:18 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation. 18/01/2024 14:29:18 INFO: --- Wazuh indexer --- 18/01/2024 14:29:18 INFO: Starting Wazuh indexer installation. 18/01/2024 14:30:22 INFO: Wazuh indexer installation finished. 18/01/2024 14:30:22 INFO: Wazuh indexer post-install configuration finished. 18/01/2024 14:30:22 INFO: Starting service wazuh-indexer. 18/01/2024 14:30:30 INFO: wazuh-indexer service started. 18/01/2024 14:30:30 INFO: Initializing Wazuh indexer cluster security settings. 18/01/2024 14:33:05 WARNING: The Wazuh indexer cluster ISM policy could not be created. 18/01/2024 14:33:05 INFO: Wazuh indexer cluster initialized. 18/01/2024 14:33:05 INFO: --- Wazuh server --- 18/01/2024 14:33:05 INFO: Starting the Wazuh manager installation. 18/01/2024 14:34:04 INFO: Wazuh manager installation finished. 18/01/2024 14:34:04 INFO: Starting service wazuh-manager. 18/01/2024 14:34:19 INFO: wazuh-manager service started. 18/01/2024 14:34:19 INFO: Starting Filebeat installation. 18/01/2024 14:34:24 INFO: Filebeat installation finished. 18/01/2024 14:34:25 INFO: Filebeat post-install configuration finished. 18/01/2024 14:34:25 INFO: Starting service filebeat. 18/01/2024 14:34:25 INFO: filebeat service started. 18/01/2024 14:34:25 INFO: --- Wazuh dashboard --- 18/01/2024 14:34:25 INFO: Starting Wazuh dashboard installation. 18/01/2024 14:34:51 INFO: Wazuh dashboard installation finished. 18/01/2024 14:34:51 INFO: Wazuh dashboard post-install configuration finished. 18/01/2024 14:34:51 INFO: Starting service wazuh-dashboard. 18/01/2024 14:34:51 INFO: wazuh-dashboard service started. 18/01/2024 14:34:52 INFO: Updating the internal users. 18/01/2024 14:34:52 ERROR: The backup could not be created ```Wazuh indexer cluster error
``` 1-18T14:30:30,871][ERROR][o.o.p.c.o.OSGlobals ] [node-1] Error in static initialization of OSGlobals with exception: java.security.AccessControlException: access denied ("java.io.FilePermission" "/p> java.security.AccessControlException: access denied ("java.io.FilePermission" "/proc/self/task" "read") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) ~[?:?] at java.security.AccessController.checkPermission(AccessController.java:1068) ~[?:?] at java.lang.SecurityManager.checkPermission(SecurityManager.java:416) ~[?:?] at java.lang.SecurityManager.checkRead(SecurityManager.java:756) ~[?:?] at java.io.File.normalizedList(File.java:1171) ~[?:?] at java.io.File.listFiles(File.java:1269) ~[?:?] at org.opensearch.performanceanalyzer.commons.os.OSGlobals.enumTids(OSGlobals.java:75) ~[performance-analyzer-commons-1.1.0.jar:?] at org.opensearch.performanceanalyzer.commons.os.OSGlobals.WIA log error
``` 18/01/2024 14:30:30 INFO: wazuh-indexer service started. 18/01/2024 14:30:30 INFO: Initializing Wazuh indexer cluster security settings. ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done ERR: An unexpected ConnectException occured: Connection refused Trace: java.net.ConnectException: Connection refused at org.opensearch.client.RestClient.extractAndWrapCause(RestClient.java:954) at org.opensearch.client.RestClient.performRequest(RestClient.java:333) at org.opensearch.client.RestClient.performRequest(RestClient.java:321) at org.opensearch.security.tools.SecurityAdmin.execute(SecurityAdmin.java:573) at org.opensearch.security.tools.SecurityAdmin.main(SecurityAdmin.java:163) Caused by: java.net.ConnectException: Connection refused at java.base/sun.nio.ch.Net.pollConnect(Native Method) at java.base/sun.nio.ch.Net.pollConnectNow(Net.java:672) at java.base/sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:946) at org.apache.http.impl.nio.reactor.DefaultConnectingIOReactor.processEvent(DefaultConnectingIOReactor.java:174) at org.apache.http.impl.nio.reactor.DefaultConnectingIOReactor.processEvents(DefaultConnectingIOReactor.java:148) at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor.execute(AbstractMultiworkerIOReactor.java:351) at org.apache.http.impl.nio.conn.PoolingNHttpClientConnectionManager.execute(PoolingNHttpClientConnectionManager.java:221) at org.apache.http.impl.nio.client.CloseableHttpAsyncClientBase$1.run(CloseableHttpAsyncClientBase.java:64) at java.base/java.lang.Thread.run(Thread.java:833) Will create 'wazuh' index template ERROR: 'wazuh' template creation failed Will create 'ism_history_indices' index template ERROR: 'ism_history_indices' template creation failed Will disable replicas for 'plugins.index_state_management.history' indices ERROR: cluster's settings update failed Will create index templates to configure the alias ERROR: 'wazuh-alerts' template creation failed ERROR: 'wazuh-archives' template creation failed ERROR: Indexer ISM initialization failed. Check /tmp/wazuh-indexer/ism-init.log for more information. ```Resource
WIA logs: wazuh-install.log
Wazuh indexer logs: wazuh-indexer-logs.tar.gz
System info
- Vagrant box: `debian/bookworm64` ``` root@debian12agent:/home/vagrant# cat /etc/os-release PRETTY_NAME="Debian GNU/Linux 12 (bookworm)" NAME="Debian GNU/Linux" VERSION_ID="12" VERSION="12 (bookworm)" VERSION_CODENAME=bookworm ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/" ```Task