Rollback ISM changes in Installation Assistant and OVA

[davidcr01]

Description

Parent issue: https://github.com/wazuh/wazuh-automation/issues/1558 Continuing https://github.com/wazuh/wazuh-indexer/issues/150, we are rolling back the rollover+alias project from the 4.8.0 release, We'll revisit this for the next major release 5.0.0.

Tasks

• [x] Rollback the ISM changes in wazuh-packages for the Installation Assistant: Related PRs:
  • https://github.com/wazuh/wazuh-packages/pull/2713
  • https://github.com/wazuh/wazuh-packages/pull/2584
  • https://github.com/wazuh/wazuh-packages/pull/2592

Also, we will need to revert/adapt this change: https://github.com/wazuh/wazuh-packages/blob/9e47efa36b674a44fea31906a3d7e13610e6726a/ova/provision.sh#L54

Related:

• https://github.com/wazuh/internal-devel-requests/issues/781

[davidcr01]

Update Report

Testing

The installation was performed correctly. The installation used the 4.8.0 pre-release packages:

root@ubuntu22:/home/vagrant# bash wazuh-install.sh -a -i -v
20/02/2024 12:25:39 DEBUG: Checking root permissions.
20/02/2024 12:25:39 DEBUG: Checking sudo package.
20/02/2024 12:25:39 INFO: Starting Wazuh installation assistant. Wazuh version: 4.8.0
20/02/2024 12:25:39 INFO: Verbose logging redirected to /var/log/wazuh-install.log
20/02/2024 12:25:39 DEBUG: APT package manager will be used.
20/02/2024 12:25:39 DEBUG: Checking system distribution.
20/02/2024 12:25:39 DEBUG: Detected distribution name: ubuntu
20/02/2024 12:25:39 DEBUG: Detected distribution version: 22
20/02/2024 12:25:39 DEBUG: Checking Wazuh installation.
20/02/2024 12:25:39 DEBUG: Installing check dependencies.
Hit:1 http://archive.ubuntu.com/ubuntu jammy InRelease
Get:2 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
Get:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [119 kB]
Get:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease [109 kB]
Get:5 http://archive.ubuntu.com/ubuntu jammy/universe amd64 Packages [14.1 MB]
Get:6 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages [1161 kB]
Get:7 http://security.ubuntu.com/ubuntu jammy-security/main Translation-en [213 kB]
Get:8 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 Packages [1401 kB]
Get:9 http://security.ubuntu.com/ubuntu jammy-security/restricted Translation-en [231 kB]
Get:10 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 Packages [842 kB]
Get:11 http://security.ubuntu.com/ubuntu jammy-security/universe Translation-en [161 kB]
Get:12 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 c-n-f Metadata [16.8 kB]
Get:13 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 Packages [37.1 kB]
Get:14 http://security.ubuntu.com/ubuntu jammy-security/multiverse Translation-en [7476 B]
Get:15 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 c-n-f Metadata [260 B]
Get:16 http://archive.ubuntu.com/ubuntu jammy/universe Translation-en [5652 kB]
Get:17 http://archive.ubuntu.com/ubuntu jammy/universe amd64 c-n-f Metadata [286 kB]
Get:18 http://archive.ubuntu.com/ubuntu jammy/multiverse amd64 Packages [217 kB]
Get:19 http://archive.ubuntu.com/ubuntu jammy/multiverse Translation-en [112 kB]
Get:20 http://archive.ubuntu.com/ubuntu jammy/multiverse amd64 c-n-f Metadata [8372 B]
Get:21 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages [1377 kB]
Get:22 http://archive.ubuntu.com/ubuntu jammy-updates/main Translation-en [273 kB]
Get:23 http://archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 Packages [1431 kB]
Get:24 http://archive.ubuntu.com/ubuntu jammy-updates/restricted Translation-en [235 kB]
Get:25 http://archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages [1049 kB]
Get:26 http://archive.ubuntu.com/ubuntu jammy-updates/universe Translation-en [237 kB]
Get:27 http://archive.ubuntu.com/ubuntu jammy-updates/universe amd64 c-n-f Metadata [22.1 kB]
Get:28 http://archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 Packages [42.1 kB]
Get:29 http://archive.ubuntu.com/ubuntu jammy-updates/multiverse Translation-en [10.1 kB]
Get:30 http://archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 c-n-f Metadata [472 B]
Get:31 http://archive.ubuntu.com/ubuntu jammy-backports/main amd64 Packages [41.7 kB]
Get:32 http://archive.ubuntu.com/ubuntu jammy-backports/main Translation-en [10.5 kB]
Get:33 http://archive.ubuntu.com/ubuntu jammy-backports/main amd64 c-n-f Metadata [388 B]
Get:34 http://archive.ubuntu.com/ubuntu jammy-backports/restricted amd64 c-n-f Metadata [116 B]
Get:35 http://archive.ubuntu.com/ubuntu jammy-backports/universe amd64 Packages [24.3 kB]
Get:36 http://archive.ubuntu.com/ubuntu jammy-backports/universe Translation-en [16.5 kB]
Get:37 http://archive.ubuntu.com/ubuntu jammy-backports/universe amd64 c-n-f Metadata [644 B]
Get:38 http://archive.ubuntu.com/ubuntu jammy-backports/multiverse amd64 c-n-f Metadata [116 B]
Fetched 29.5 MB in 16s (1894 kB/s)
Reading package lists...
20/02/2024 12:26:07 DEBUG: Checking system architecture.
20/02/2024 12:26:07 WARNING: Hardware and system checks ignored.
20/02/2024 12:26:07 INFO: Wazuh web interface port will be 443.
20/02/2024 12:26:07 DEBUG: Checking ports availability.
20/02/2024 12:26:08 DEBUG: Installing prerequisites dependencies.
Hit:1 http://archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
Reading package lists...
20/02/2024 12:26:11 INFO: --- Dependencies ----
20/02/2024 12:26:11 INFO: Installing apt-transport-https.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: apt-transport-https 0 upgraded, 1 newly installed, 0 to remove and 23 not upgraded. Need to get 1510 B of archives. After this operation, 170 kB of additional disk space will be used. Get:1 http://archive.ubuntu.com/ubuntu jammy-updates/universe amd64 apt-transport-https all 2.4.11 [1510 B] Fetched 1510 B in 0s (5912 B/s) Selecting previo NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.15.0-92-generic NEEDRESTART-KEXP: 5.15.0-92-generic NEEDRESTART-KSTA: 1
20/02/2024 12:26:16 DEBUG: Checking curl tool version.
20/02/2024 12:26:16 DEBUG: Adding the Wazuh repository.
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: directory '/root/.gnupg' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <support@wazuh.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 http://archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB]
Get:6 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [36.6 kB]
Fetched 53.9 kB in 2s (26.3 kB/s)
Reading package lists...
20/02/2024 12:26:21 INFO: Wazuh development repository added.
20/02/2024 12:26:21 INFO: --- Configuration files ---
20/02/2024 12:26:21 INFO: Generating configuration files.
20/02/2024 12:26:21 DEBUG: Creating Wazuh certificates.
20/02/2024 12:26:21 DEBUG: Reading configuration file.
20/02/2024 12:26:21 DEBUG: Checking if 127.0.0.1 is private.
20/02/2024 12:26:21 DEBUG: Checking if 127.0.0.1 is private.
20/02/2024 12:26:21 DEBUG: Checking if 127.0.0.1 is private.
20/02/2024 12:26:21 INFO: Generating the root certificate.
20/02/2024 12:26:21 INFO: Generating Admin certificates.
20/02/2024 12:26:21 DEBUG: Generating Admin private key.
20/02/2024 12:26:22 DEBUG: Converting Admin private key to PKCS8 format.
20/02/2024 12:26:22 DEBUG: Generating Admin CSR.
20/02/2024 12:26:22 DEBUG: Creating Admin certificate.
20/02/2024 12:26:22 INFO: Generating Wazuh indexer certificates.
20/02/2024 12:26:22 DEBUG: Creating the certificates for wazuh-indexer indexer node.
20/02/2024 12:26:22 DEBUG: Generating certificate configuration.
20/02/2024 12:26:22 DEBUG: Creating the Wazuh indexer tmp key pair.
20/02/2024 12:26:22 DEBUG: Creating the Wazuh indexer certificates.
20/02/2024 12:26:22 INFO: Generating Filebeat certificates.
20/02/2024 12:26:22 DEBUG: Generating the certificates for wazuh-server server node.
20/02/2024 12:26:22 DEBUG: Generating certificate configuration.
20/02/2024 12:26:22 DEBUG: Creating the Wazuh server tmp key pair.
20/02/2024 12:26:22 DEBUG: Creating the Wazuh server certificates.
20/02/2024 12:26:22 INFO: Generating Wazuh dashboard certificates.
20/02/2024 12:26:22 DEBUG: Generating certificate configuration.
20/02/2024 12:26:22 DEBUG: Creating the Wazuh dashboard tmp key pair.
20/02/2024 12:26:22 DEBUG: Creating the Wazuh dashboard certificates.
20/02/2024 12:26:22 DEBUG: Cleaning certificate files.
20/02/2024 12:26:22 DEBUG: Generating password file.
20/02/2024 12:26:22 DEBUG: Generating random passwords.
20/02/2024 12:26:22 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
20/02/2024 12:26:22 DEBUG: Extracting Wazuh configuration.
20/02/2024 12:26:22 DEBUG: Reading configuration file.
20/02/2024 12:26:23 DEBUG: Checking if 127.0.0.1 is private.
20/02/2024 12:26:23 DEBUG: Checking if 127.0.0.1 is private.
20/02/2024 12:26:23 DEBUG: Checking if 127.0.0.1 is private.
20/02/2024 12:26:23 INFO: --- Wazuh indexer ---
20/02/2024 12:26:23 INFO: Starting Wazuh indexer installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 23 not upgraded. Need to get 746 MB of archives. After this operation, 1050 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-indexer amd64 4.8.0-1 [746 MB] Fetched 746 MB in 7min 35s (1637 kB/s) Selecting pr NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.15.0-92-generic NEEDRESTART-KEXP: 5.15.0-92-generic NEEDRESTART-KSTA: 1
20/02/2024 12:34:54 DEBUG: Checking Wazuh installation.
20/02/2024 12:34:55 DEBUG: There are Wazuh indexer remaining files.
20/02/2024 12:34:55 INFO: Wazuh indexer installation finished.
20/02/2024 12:34:55 DEBUG: Configuring Wazuh indexer.
20/02/2024 12:34:55 DEBUG: Copying Wazuh indexer certificates.
20/02/2024 12:34:55 INFO: Wazuh indexer post-install configuration finished.
20/02/2024 12:34:55 INFO: Starting service wazuh-indexer.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
20/02/2024 12:35:18 INFO: wazuh-indexer service started.
20/02/2024 12:35:18 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
20/02/2024 12:35:28 INFO: Wazuh indexer cluster security configuration initialized.
20/02/2024 12:35:28 INFO: Wazuh indexer cluster initialized.
20/02/2024 12:35:28 INFO: --- Wazuh server ---
20/02/2024 12:35:28 INFO: Starting the Wazuh manager installation.
Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 23 not upgraded. Need to get 296 MB of archives. After this operation, 900 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-manager amd64 4.8.0-1 [296 MB] Fetched 296 MB in 1min 50 NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.15.0-92-generic NEEDRESTART-KEXP: 5.15.0-92-generic NEEDRESTART-KSTA: 1
20/02/2024 12:40:21 DEBUG: Checking Wazuh installation.
20/02/2024 12:40:21 DEBUG: There are Wazuh remaining files.
20/02/2024 12:40:21 DEBUG: There are Wazuh indexer remaining files.
20/02/2024 12:40:22 INFO: Wazuh manager installation finished.
20/02/2024 12:40:22 DEBUG: Configuring Wazuh manager.
20/02/2024 12:40:22 DEBUG: Setting provisional Wazuh indexer password.
20/02/2024 12:40:22 INFO: Wazuh manager vulnerability detection configuration finished.
20/02/2024 12:40:22 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
20/02/2024 12:40:46 INFO: wazuh-manager service started.
20/02/2024 12:40:46 INFO: Starting Filebeat installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 23 not upgraded. Need to get 22.1 MB of archives. After this operation, 73.6 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 filebeat amd64 7.10.2 [22.1 MB] Fetched 22.1 MB in 8s (2684 kB/s) Selecting previously unsel NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.15.0-92-generic NEEDRESTART-KEXP: 5.15.0-92-generic NEEDRESTART-KSTA: 1
20/02/2024 12:41:02 DEBUG: Checking Wazuh installation.
20/02/2024 12:41:02 DEBUG: There are Wazuh remaining files.
20/02/2024 12:41:03 DEBUG: There are Wazuh indexer remaining files.
20/02/2024 12:41:03 DEBUG: There are Filebeat remaining files.
20/02/2024 12:41:04 INFO: Filebeat installation finished.
20/02/2024 12:41:04 DEBUG: Configuring Filebeat.
20/02/2024 12:41:04 DEBUG: Filebeat template was download successfully.
wazuh/
wazuh/_meta/
wazuh/_meta/docs.asciidoc
wazuh/_meta/config.yml
wazuh/_meta/fields.yml
wazuh/archives/
wazuh/archives/manifest.yml
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/module.yml
wazuh/alerts/
wazuh/alerts/manifest.yml
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
20/02/2024 12:41:05 DEBUG: Filebeat module was downloaded successfully.
20/02/2024 12:41:05 DEBUG: Copying Filebeat certificates.
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
20/02/2024 12:41:05 INFO: Filebeat post-install configuration finished.
20/02/2024 12:41:05 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
20/02/2024 12:41:07 INFO: filebeat service started.
20/02/2024 12:41:07 INFO: --- Wazuh dashboard ---
20/02/2024 12:41:07 INFO: Starting Wazuh dashboard installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 23 not upgraded. Need to get 186 MB of archives. After this operation, 988 MB of additional disk space will be used. Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-dashboard amd64 4.8.0-1 [186 MB] Fetched 186 MB in 60s (3069 kB/s) Selecting prev NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 5.15.0-92-generic NEEDRESTART-KEXP: 5.15.0-92-generic NEEDRESTART-KSTA: 1
20/02/2024 12:43:03 DEBUG: Checking Wazuh installation.
20/02/2024 12:43:04 DEBUG: There are Wazuh remaining files.
20/02/2024 12:43:04 DEBUG: There are Wazuh indexer remaining files.
20/02/2024 12:43:05 DEBUG: There are Filebeat remaining files.
20/02/2024 12:43:05 DEBUG: There are Wazuh dashboard remaining files.
20/02/2024 12:43:05 INFO: Wazuh dashboard installation finished.
20/02/2024 12:43:05 DEBUG: Configuring Wazuh dashboard.
20/02/2024 12:43:05 DEBUG: Copying Wazuh dashboard certificates.
20/02/2024 12:43:05 DEBUG: Wazuh dashboard certificate setup finished.
20/02/2024 12:43:05 INFO: Wazuh dashboard post-install configuration finished.
20/02/2024 12:43:05 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
20/02/2024 12:43:06 INFO: wazuh-dashboard service started.
20/02/2024 12:43:06 DEBUG: Setting Wazuh indexer cluster passwords.
20/02/2024 12:43:06 DEBUG: Checking Wazuh installation.
20/02/2024 12:43:07 DEBUG: There are Wazuh remaining files.
20/02/2024 12:43:07 DEBUG: There are Wazuh indexer remaining files.
20/02/2024 12:43:08 DEBUG: There are Filebeat remaining files.
20/02/2024 12:43:08 DEBUG: There are Wazuh dashboard remaining files.
20/02/2024 12:43:08 INFO: Updating the internal users.
20/02/2024 12:43:08 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
20/02/2024 12:43:16 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
20/02/2024 12:43:16 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
20/02/2024 12:43:16 DEBUG: The internal users have been updated before changing the passwords.
20/02/2024 12:43:20 DEBUG: Generating password hashes.
20/02/2024 12:43:28 DEBUG: Password hashes generated.
20/02/2024 12:43:28 DEBUG: Creating password backup.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
20/02/2024 12:43:32 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
Successfully updated the keystore
20/02/2024 12:43:32 DEBUG: Restarting filebeat service...
20/02/2024 12:43:33 DEBUG: filebeat started.
20/02/2024 12:43:33 DEBUG: Restarting wazuh-manager service...
20/02/2024 12:43:56 DEBUG: wazuh-manager started.
20/02/2024 12:43:58 DEBUG: Restarting wazuh-dashboard service...
20/02/2024 12:43:59 DEBUG: wazuh-dashboard started.
20/02/2024 12:43:59 DEBUG: Running security admin tool.
20/02/2024 12:43:59 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.10.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/vagrant
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
20/02/2024 12:44:06 DEBUG: Passwords changed.
20/02/2024 12:44:06 DEBUG: Changing API passwords.
20/02/2024 12:44:16 INFO: Initializing Wazuh dashboard web application.
20/02/2024 12:44:17 INFO: Wazuh dashboard web application initialized.
20/02/2024 12:44:17 INFO: --- Summary ---
20/02/2024 12:44:17 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: o2dVF9ylIF.Zjif1r*B2aiwTWi3cPY.T
20/02/2024 12:44:17 DEBUG: Restoring Wazuh repository.
20/02/2024 12:44:17 INFO: Installation finished.

No policies created (expected):

The indices are created but the Wazuh alerts index is in the yellow state:

[davidcr01]

Update Report

The Wazuh index problem was because the templates of the alerts are not updated. This development is in https://github.com/wazuh/wazuh/pull/21968:

• Stop Filebeat.
• Modify the alerts/pipeline.json and archives/pipeline.json files.
• Start Filebeat.
• Restart the Wazuh manager. After performing these steps, the Wazuh alerts index was created successfully and in the green state:

[davidcr01]

Update Report

A bug has been detected in the Offline GHA.

[davidcr01]

Update Report

OVA in local

The OVA was built and tested locally, and it was successfully completed.

The yellow status is expected.

[root@wazuh-server wazuh-user]# curl -k -u admin:admin https://127.0.0.1:9200/
{
  "name" : "node-1",
  "cluster_name" : "wazuh-cluster",
  "cluster_uuid" : "Bfg1hw1vSbmp9Wnu6RfJ4g",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "eee49cb340edc6c4d489bcd9324dda571fc8dc03",
    "build_date" : "2023-09-20T23:54:29.889267151Z",
    "build_snapshot" : false,
    "lucene_version" : "9.7.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}

OVA in Jenkins

The build succeded: https://ci.wazuh.info/job/Packages_Builder_OVA/338/consoleFull