Roll back `rollover + alias` changes from QA team repositories

[rauldpm]

Description

Source issue: https://github.com/wazuh/internal-devel-requests/issues/781

Due to a version change, it is necessary to restore the changes introduced in the Wazuh indexer package for the ISM script

Tasks

[!NOTE] Changes must be analyzed in case something should not be reverted, as style changes ISM was added to the Wazuh indexer package by CICD and the Indexer team Only changes related to the Wazuh indexer package will be done, if the PR changes another component as the Wazuh installation assistant, the team with the component ownership should change it

• [x] ~Revert https://github.com/wazuh/wazuh-packages/pull/2592~
  • Derived to the CICD team as it is related to the offline installation
• [x] Revert https://github.com/wazuh/wazuh-packages/pull/2582
• [x] Revert https://github.com/wazuh/wazuh-packages/pull/2586
• [x] Revert https://github.com/wazuh/wazuh-packages/pull/2590
• [x] Revert https://github.com/wazuh/wazuh-packages/pull/2553
• [x] Revert https://github.com/wazuh/wazuh-packages/pull/2712
• [x] Revert https://github.com/wazuh/wazuh-jenkins/pull/5954
• [x] Revert https://github.com/wazuh/wazuh-jenkins/pull/6089

Validation

• [x] Wazuh indexer package builds correctly
• [x] Wazuh indexer package install and start correctly
• [x] Wazuh indexer logs are free from warnings/errors related to ISM rollover and alias feature
• [x] Wazuh indexer CI processes finish successfully

[rauldpm]

Update report

• Removed files and configuration related to ISM
• Removed wazuh-template from Wazuh indexer package
• Build packages
  • base.log
  • deb.log
  • rpm.log

CentOS 7 test install + health checks

``` [root@centos7 vagrant]# curl -sO https://packages-dev.wazuh.com/4.8/wazuh-certs-tool.sh [root@centos7 vagrant]# curl -sO https://packages-dev.wazuh.com/4.8/config.yml [root@centos7 vagrant]# cat config.yml nodes: # Wazuh indexer nodes indexer: - name: node-1 ip: "192.168.56.4" [root@centos7 vagrant]# bash ./wazuh-certs-tool.sh -A 20/02/2024 18:37:24 INFO: Generating the root certificate. 20/02/2024 18:37:24 INFO: Generating Admin certificates. 20/02/2024 18:37:24 INFO: Admin certificates created. 20/02/2024 18:37:24 INFO: Generating Wazuh indexer certificates. 20/02/2024 18:37:24 INFO: Wazuh indexer certificates created. 20/02/2024 18:37:24 INFO: Generating Filebeat certificates. 20/02/2024 18:37:24 INFO: Generating Wazuh dashboard certificates. [root@centos7 vagrant]# tar -cvf ./wazuh-certificates.tar -C ./wazuh-certificates/ . ./ ./root-ca.key ./root-ca.pem ./admin-key.pem ./admin.pem ./node-1-key.pem ./node-1.pem [root@centos7 vagrant]# yum -y localinstall wazuh-indexer-4.8.0-1.x86_64.rpm Loaded plugins: fastestmirror Examining wazuh-indexer-4.8.0-1.x86_64.rpm: wazuh-indexer-4.8.0-1.x86_64 Marking wazuh-indexer-4.8.0-1.x86_64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package wazuh-indexer.x86_64 0:4.8.0-1 will be installed --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================== Package Arch Version Repository Size ======================================================================================================== Installing: wazuh-indexer x86_64 4.8.0-1 /wazuh-indexer-4.8.0-1.x86_64 1.0 G Transaction Summary ======================================================================================================== Install 1 Package Total size: 1.0 G Installed size: 1.0 G Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : wazuh-indexer-4.8.0-1.x86_64 1/1 Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore Verifying : wazuh-indexer-4.8.0-1.x86_64 1/1 Installed: wazuh-indexer.x86_64 0:4.8.0-1 Complete! [root@centos7 vagrant]# ls -l /usr/share/wazuh-indexer/bin/ total 52 -rwxr-x---. 1 wazuh-indexer wazuh-indexer 6027 Feb 20 16:22 indexer-security-init.sh -rwxr-x---. 1 wazuh-indexer wazuh-indexer 3026 Sep 19 21:11 opensearch -rwxr-x---. 1 wazuh-indexer wazuh-indexer 1086 Sep 19 21:11 opensearch-cli -rwxr-x---. 1 wazuh-indexer wazuh-indexer 5540 Feb 20 16:15 opensearch-env -rwxr-x---. 1 wazuh-indexer wazuh-indexer 1834 Sep 19 21:11 opensearch-env-from-file -rwxr-x---. 1 wazuh-indexer wazuh-indexer 218 Sep 19 21:11 opensearch-keystore -rwxr-x---. 1 wazuh-indexer wazuh-indexer 151 Sep 19 21:11 opensearch-node drwxr-x---. 2 wazuh-indexer wazuh-indexer 78 Feb 20 18:43 opensearch-performance-analyzer -rwxr-x---. 1 wazuh-indexer wazuh-indexer 206 Sep 19 21:11 opensearch-plugin -rwxr-x---. 1 wazuh-indexer wazuh-indexer 144 Sep 19 21:11 opensearch-shard -rwxr-x---. 1 wazuh-indexer wazuh-indexer 207 Sep 19 21:11 opensearch-upgrade -rwxr-x---. 1 wazuh-indexer wazuh-indexer 583 Feb 20 16:15 systemd-entrypoint [root@centos7 vagrant]# ls -l /etc/wazuh-indexer/ total 28 -rw-rw----. 1 wazuh-indexer wazuh-indexer 2729 Feb 20 16:15 jvm.options drwxr-x---. 2 wazuh-indexer wazuh-indexer 6 Feb 20 16:15 jvm.options.d -rw-rw----. 1 wazuh-indexer wazuh-indexer 14808 Feb 20 16:15 log4j2.properties -rw-rw----. 1 wazuh-indexer wazuh-indexer 196 Feb 20 18:43 opensearch.keystore drwxr-x---. 2 wazuh-indexer wazuh-indexer 31 Feb 20 18:43 opensearch-notifications drwxr-x---. 2 wazuh-indexer wazuh-indexer 36 Feb 20 18:43 opensearch-notifications-core drwxr-x---. 2 wazuh-indexer wazuh-indexer 31 Feb 20 18:43 opensearch-observability drwxr-x---. 2 wazuh-indexer wazuh-indexer 263 Feb 20 18:43 opensearch-performance-analyzer drwxr-x---. 2 wazuh-indexer wazuh-indexer 35 Feb 20 18:43 opensearch-reports-scheduler drwxr-x---. 2 wazuh-indexer wazuh-indexer 245 Feb 20 18:43 opensearch-security -rw-rw----. 1 wazuh-indexer wazuh-indexer 2081 Feb 20 16:15 opensearch.yml [root@centos7 vagrant]# NODE_NAME=node-1 [root@centos7 vagrant]# mkdir /etc/wazuh-indexer/certs [root@centos7 vagrant]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem [root@centos7 vagrant]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem [root@centos7 vagrant]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem [root@centos7 vagrant]# chmod 500 /etc/wazuh-indexer/certs [root@centos7 vagrant]# chmod 400 /etc/wazuh-indexer/certs/* [root@centos7 vagrant]# chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs [root@centos7 vagrant]# systemctl daemon-reload [root@centos7 vagrant]# systemctl enable wazuh-indexer Created symlink from /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service to /usr/lib/systemd/system/wazuh-indexer.service. [root@centos7 vagrant]# systemctl start wazuh-indexer [root@centos7 vagrant]# systemctl status wazuh-indexer ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2024-02-20 19:03:53 UTC; 7s ago Docs: https://documentation.wazuh.com Main PID: 3756 (java) CGroup: /system.slice/wazuh-indexer.service └─3756 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cach... Feb 20 19:03:47 centos7 systemd[1]: Starting Wazuh-indexer... Feb 20 19:03:48 centos7 systemd-entrypoint[3756]: WARNING: A terminally deprecated method in java....led Feb 20 19:03:48 centos7 systemd-entrypoint[3756]: WARNING: System::setSecurityManager has been cal...ar) Feb 20 19:03:48 centos7 systemd-entrypoint[3756]: WARNING: Please consider reporting this to the m...rch Feb 20 19:03:48 centos7 systemd-entrypoint[3756]: WARNING: System::setSecurityManager will be remo...ase Feb 20 19:03:48 centos7 systemd-entrypoint[3756]: WARNING: A terminally deprecated method in java....led Feb 20 19:03:48 centos7 systemd-entrypoint[3756]: WARNING: System::setSecurityManager has been cal...ar) Feb 20 19:03:48 centos7 systemd-entrypoint[3756]: WARNING: Please consider reporting this to the m...ity Feb 20 19:03:48 centos7 systemd-entrypoint[3756]: WARNING: System::setSecurityManager will be remo...ase Feb 20 19:03:53 centos7 systemd[1]: Started Wazuh-indexer. Hint: Some lines were ellipsized, use -l to show in full. [root@centos7 vagrant]# /usr/share/wazuh-indexer/bin/indexer-security-init.sh ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success [root@centos7 vagrant]# curl -k -u admin:admin https://localhost:9200 { "name" : "node-1", "cluster_name" : "wazuh-cluster", "cluster_uuid" : "jfigoEFrQi6cRDiGUzqoyQ", "version" : { "number" : "7.10.2", "build_type" : "rpm", "build_hash" : "eee49cb340edc6c4d489bcd9324dda571fc8dc03", "build_date" : "2023-09-20T23:54:29.889267151Z", "build_snapshot" : false, "lucene_version" : "9.7.0", "minimum_wire_compatibility_version" : "7.10.0", "minimum_index_compatibility_version" : "7.0.0" }, "tagline" : "The OpenSearch Project: https://opensearch.org/" } [root@centos7 vagrant]# curl -k -u admin:admin https://localhost:9200/_cat/nodes?v ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles cluster_manager name 10.0.2.15 46 93 1 0.03 0.04 0.05 dimr cluster_manager,data,ingest,remote_cluster_client * node-1 [root@centos7 vagrant]# curl -k -u admin:admin https://localhost:9200/_cluster/health?pretty=true { "cluster_name" : "wazuh-cluster", "status" : "green", "timed_out" : false, "number_of_nodes" : 1, "number_of_data_nodes" : 1, "discovered_master" : true, "discovered_cluster_manager" : true, "active_primary_shards" : 4, "active_shards" : 4, "relocating_shards" : 0, "initializing_shards" : 0, "unassigned_shards" : 0, "delayed_unassigned_shards" : 0, "number_of_pending_tasks" : 0, "number_of_in_flight_fetch" : 0, "task_max_waiting_in_queue_millis" : 0, "active_shards_percent_as_number" : 100.0 } [root@centos7 vagrant]# grep -i -E -R "error|critical|fatal|warning" /var/log/wazuh-indexer/ /var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-20T19:03:51,892][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly. /var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-20T19:03:54,655][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) ``` - Errors appeared in previous versions

Debian 11 test install + health checks

``` root@debian11:/home/vagrant# curl -sO https://packages-dev.wazuh.com/4.8/wazuh-certs-tool.sh root@debian11:/home/vagrant# curl -sO https://packages-dev.wazuh.com/4.8/config.yml root@debian11:/home/vagrant# nano config.yml root@debian11:/home/vagrant# cat config.yml nodes: # Wazuh indexer nodes indexer: - name: node-1 ip: "192.168.56.44" root@debian11:/home/vagrant# bash ./wazuh-certs-tool.sh -A 20/02/2024 19:12:44 INFO: Generating the root certificate. 20/02/2024 19:12:44 INFO: Generating Admin certificates. 20/02/2024 19:12:44 INFO: Admin certificates created. 20/02/2024 19:12:44 INFO: Generating Wazuh indexer certificates. 20/02/2024 19:12:44 INFO: Wazuh indexer certificates created. 20/02/2024 19:12:44 INFO: Generating Filebeat certificates. 20/02/2024 19:12:44 INFO: Generating Wazuh dashboard certificates. root@debian11:/home/vagrant# tar -cvf ./wazuh-certificates.tar -C ./wazuh-certificates/ . ./ ./admin.pem ./admin-key.pem ./root-ca.pem ./root-ca.key ./node-1-key.pem ./node-1.pem root@debian11:/home/vagrant# apt-get -y install ./wazuh-indexer_4.8.0-1_amd64.deb Reading package lists... Done Building dependency tree... Done Reading state information... Done Note, selecting 'wazuh-indexer' instead of './wazuh-indexer_4.8.0-1_amd64.deb' The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/754 MB of archives. After this operation, 1,050 MB of additional disk space will be used. Get:1 /home/vagrant/wazuh-indexer_4.8.0-1_amd64.deb wazuh-indexer amd64 4.8.0-1 [754 MB] Selecting previously unselected package wazuh-indexer. (Reading database ... 68876 files and directories currently installed.) Preparing to unpack .../wazuh-indexer_4.8.0-1_amd64.deb ... Creating wazuh-indexer group... OK Creating wazuh-indexer user... OK Unpacking wazuh-indexer (4.8.0-1) ... Setting up wazuh-indexer (4.8.0-1) ... Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore root@debian11:/home/vagrant# ls -l /usr/share/wazuh-indexer/bin/ total 56 -rwxr-x--- 1 wazuh-indexer wazuh-indexer 6027 Feb 20 18:19 indexer-security-init.sh -rwxr-x--- 1 wazuh-indexer wazuh-indexer 3030 Sep 19 21:11 opensearch -rwxr-x--- 1 wazuh-indexer wazuh-indexer 1090 Sep 19 21:11 opensearch-cli -rwxr-x--- 1 wazuh-indexer wazuh-indexer 5544 Feb 20 18:10 opensearch-env -rwxr-x--- 1 wazuh-indexer wazuh-indexer 1838 Sep 19 21:11 opensearch-env-from-file -rwxr-x--- 1 wazuh-indexer wazuh-indexer 222 Sep 19 21:11 opensearch-keystore -rwxr-x--- 1 wazuh-indexer wazuh-indexer 155 Sep 19 21:11 opensearch-node drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Feb 20 19:13 opensearch-performance-analyzer -rwxr-x--- 1 wazuh-indexer wazuh-indexer 210 Sep 19 21:11 opensearch-plugin -rwxr-x--- 1 wazuh-indexer wazuh-indexer 148 Sep 19 21:11 opensearch-shard -rwxr-x--- 1 wazuh-indexer wazuh-indexer 211 Sep 19 21:11 opensearch-upgrade -rwxr-x--- 1 wazuh-indexer wazuh-indexer 583 Feb 20 18:10 systemd-entrypoint root@debian11:/home/vagrant# ls -l /etc/wazuh-indexer/ total 56 -rw-rw---- 1 wazuh-indexer wazuh-indexer 2937 Feb 20 19:13 jvm.options drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Feb 20 18:10 jvm.options.d -rw-r----- 1 wazuh-indexer wazuh-indexer 14808 Feb 20 18:10 log4j2.properties -rw-rw---- 1 wazuh-indexer wazuh-indexer 196 Feb 20 19:13 opensearch.keystore drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Feb 20 19:13 opensearch-notifications drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Feb 20 19:13 opensearch-notifications-core drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Feb 20 19:13 opensearch-observability drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Feb 20 19:13 opensearch-performance-analyzer drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Feb 20 19:13 opensearch-reports-scheduler drwxr-x--- 2 wazuh-indexer wazuh-indexer 4096 Feb 20 19:13 opensearch-security -rw-rw---- 1 wazuh-indexer wazuh-indexer 2081 Feb 20 18:10 opensearch.yml root@debian11:/home/vagrant# NODE_NAME=node-1 root@debian11:/home/vagrant# mkdir /etc/wazuh-indexer/certs tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem chmod 500 /etc/wazuh-indexer/certs chmod 400 /etc/wazuh-indexer/certs/* chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs root@debian11:/home/vagrant# systemctl daemon-reload systemctl enable wazuh-indexer systemctl start wazuh-indexer Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service. root@debian11:/home/vagrant# systemctl status wazuh-indexer ● wazuh-indexer.service - Wazuh-indexer Loaded: loaded (/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2024-02-20 19:16:36 UTC; 27s ago Docs: https://documentation.wazuh.com Main PID: 8903 (java) Tasks: 64 (limit: 4675) Memory: 1.2G CPU: 14.678s CGroup: /system.slice/wazuh-indexer.service └─8903 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cach> Feb 20 19:16:29 debian11 systemd[1]: Starting Wazuh-indexer... Feb 20 19:16:31 debian11 systemd-entrypoint[8903]: WARNING: A terminally deprecated method in java.lang> Feb 20 19:16:31 debian11 systemd-entrypoint[8903]: WARNING: System::setSecurityManager has been called > Feb 20 19:16:31 debian11 systemd-entrypoint[8903]: WARNING: Please consider reporting this to the maint> Feb 20 19:16:31 debian11 systemd-entrypoint[8903]: WARNING: System::setSecurityManager will be removed > Feb 20 19:16:31 debian11 systemd-entrypoint[8903]: WARNING: A terminally deprecated method in java.lang> Feb 20 19:16:31 debian11 systemd-entrypoint[8903]: WARNING: System::setSecurityManager has been called > Feb 20 19:16:31 debian11 systemd-entrypoint[8903]: WARNING: Please consider reporting this to the maint> Feb 20 19:16:31 debian11 systemd-entrypoint[8903]: WARNING: System::setSecurityManager will be removed > Feb 20 19:16:36 debian11 systemd[1]: Started Wazuh-indexer. root@debian11:/home/vagrant# /usr/share/wazuh-indexer/bin/indexer-security-init.sh ************************************************************************** ** This tool will be deprecated in the next major release of OpenSearch ** ** https://github.com/opensearch-project/security/issues/1755 ** ************************************************************************** Security Admin v7 Will connect to 127.0.0.1:9200 ... done Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" OpenSearch Version: 2.10.0 Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ... Clustername: wazuh-cluster Clusterstate: GREEN Number of nodes: 1 Number of data nodes: 1 .opendistro_security index does not exists, attempt to create it ... done (0-all replicas) Populate config from /etc/wazuh-indexer/opensearch-security/ Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml SUCC: Configuration for 'config' created or updated Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml SUCC: Configuration for 'roles' created or updated Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml SUCC: Configuration for 'rolesmapping' created or updated Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml SUCC: Configuration for 'internalusers' created or updated Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml SUCC: Configuration for 'actiongroups' created or updated Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml SUCC: Configuration for 'tenants' created or updated Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml SUCC: Configuration for 'nodesdn' created or updated Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml SUCC: Configuration for 'whitelist' created or updated Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml SUCC: Configuration for 'audit' created or updated Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml SUCC: Configuration for 'allowlist' created or updated SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null Done with success root@debian11:/home/vagrant# curl -k -u admin:admin https://localhost:9200 { "name" : "node-1", "cluster_name" : "wazuh-cluster", "cluster_uuid" : "J8CoZrpXS6GsBqOVrpYt3w", "version" : { "number" : "7.10.2", "build_type" : "rpm", "build_hash" : "eee49cb340edc6c4d489bcd9324dda571fc8dc03", "build_date" : "2023-09-20T23:54:29.889267151Z", "build_snapshot" : false, "lucene_version" : "9.7.0", "minimum_wire_compatibility_version" : "7.10.0", "minimum_index_compatibility_version" : "7.0.0" }, "tagline" : "The OpenSearch Project: https://opensearch.org/" } root@debian11:/home/vagrant# curl -k -u admin:admin https://localhost:9200/_cat/nodes?v ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles cluster_manager name 10.0.2.15 18 94 6 0.25 0.14 0.06 dimr cluster_manager,data,ingest,remote_cluster_client * node-1 root@debian11:/home/vagrant# curl -k -u admin:admin https://localhost:9200/_cluster/health?pretty=true { "cluster_name" : "wazuh-cluster", "status" : "green", "timed_out" : false, "number_of_nodes" : 1, "number_of_data_nodes" : 1, "discovered_master" : true, "discovered_cluster_manager" : true, "active_primary_shards" : 4, "active_shards" : 4, "relocating_shards" : 0, "initializing_shards" : 0, "unassigned_shards" : 0, "delayed_unassigned_shards" : 0, "number_of_pending_tasks" : 0, "number_of_in_flight_fetch" : 0, "task_max_waiting_in_queue_millis" : 0, "active_shards_percent_as_number" : 100.0 } root@debian11:/home/vagrant# grep -i -E -R "error|critical|fatal|warning" /var/log/wazuh-indexer/ /var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-20T19:16:35,126][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly. /var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-20T19:16:37,098][ERROR][o.o.p.c.o.OSGlobals ] [node-1] Error in static initialization of OSGlobals with exception: java.security.AccessControlException: access denied ("java.io.FilePermission" "/proc/self/task" "read") /var/log/wazuh-indexer/wazuh-cluster.log:[2024-02-20T19:16:37,835][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure no such index [.opendistro_security] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security) ``` - FilePermission error related to https://github.com/wazuh/wazuh-packages/issues/2529 ``` [2024-02-20T19:16:37,098][ERROR][o.o.p.c.o.OSGlobals ] [node-1] Error in static initialization of OSGlobals with exception: java.security.AccessControlException: access denied ("java.io.FilePermission" "/proc/self/task" "read") java.security.AccessControlException: access denied ("java.io.FilePermission" "/proc/self/task" "read") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) ~[?:?] at java.security.AccessController.checkPermission(AccessController.java:1068) ~[?:?] at java.lang.SecurityManager.checkPermission(SecurityManager.java:416) ~[?:?] at java.lang.SecurityManager.checkRead(SecurityManager.java:756) ~[?:?] at java.io.File.normalizedList(File.java:1171) ~[?:?] at java.io.File.listFiles(File.java:1269) ~[?:?] at org.opensearch.performanceanalyzer.commons.os.OSGlobals.enumTids(OSGlobals.java:75) ~[performance-analyzer-commons-1.1.0.jar:?] at org.opensearch.performanceanalyzer.commons.os.OSGlobals.(OSGlobals.java:34) [performance-analyzer-commons-1.1.0.jar:?] at org.opensearch.performanceanalyzer.commons.metrics_generator.linux.LinuxOSMetricsGenerator.getPid(LinuxOSMetricsGenerator.java:36) [performance-analyzer-commons-1.1.0.jar:?] at org.opensearch.performanceanalyzer.commons.jvm.ThreadList.(ThreadList.java:44) [performance-analyzer-commons-1.1.0.jar:?] at org.opensearch.performanceanalyzer.commons.util.ThreadIDUtil.getNativeThreadId(ThreadIDUtil.java:22) [performance-analyzer-commons-1.1.0.jar:?] at org.opensearch.performanceanalyzer.commons.util.ThreadIDUtil.getNativeCurrentThreadId(ThreadIDUtil.java:18) [performance-analyzer-commons-1.1.0.jar:?] at org.opensearch.performanceanalyzer.listener.PerformanceAnalyzerSearchListener.preQueryPhase(PerformanceAnalyzerSearchListener.java:112) [opensearch-performance-analyzer-2.10.0.0.jar:2.10.0.0] at org.opensearch.performanceanalyzer.listener.PerformanceAnalyzerSearchListener.onPreQueryPhase(PerformanceAnalyzerSearchListener.java:46) [opensearch-performance-analyzer-2.10.0.0.jar:2.10.0.0] at org.opensearch.index.shard.SearchOperationListener$CompositeListener.onPreQueryPhase(SearchOperationListener.java:162) [opensearch-2.10.0.jar:2.10.0] at org.opensearch.search.SearchService$SearchOperationListenerExecutor.(SearchService.java:1746) [opensearch-2.10.0.jar:2.10.0] at org.opensearch.search.SearchService$SearchOperationListenerExecutor.(SearchService.java:1735) [opensearch-2.10.0.jar:2.10.0] at org.opensearch.search.SearchService.executeQueryPhase(SearchService.java:596) [opensearch-2.10.0.jar:2.10.0] at org.opensearch.search.SearchService$2.lambda$onResponse$0(SearchService.java:566) [opensearch-2.10.0.jar:2.10.0] at org.opensearch.action.ActionRunnable.lambda$supply$0(ActionRunnable.java:74) [opensearch-2.10.0.jar:2.10.0] at org.opensearch.action.ActionRunnable$2.doRun(ActionRunnable.java:89) [opensearch-2.10.0.jar:2.10.0] at org.opensearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:52) [opensearch-2.10.0.jar:2.10.0] at org.opensearch.threadpool.TaskAwareRunnable.doRun(TaskAwareRunnable.java:78) [opensearch-2.10.0.jar:2.10.0] at org.opensearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:52) [opensearch-2.10.0.jar:2.10.0] at org.opensearch.common.util.concurrent.TimedRunnable.doRun(TimedRunnable.java:59) [opensearch-2.10.0.jar:2.10.0] at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:908) [opensearch-2.10.0.jar:2.10.0] at org.opensearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:52) [opensearch-2.10.0.jar:2.10.0] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) [?:?] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) [?:?] at java.lang.Thread.run(Thread.java:833) [?:?] ```

• Certificate creation output reported at https://github.com/wazuh/wazuh-packages/issues/2837
• AWS ECR resources updated
• CI tests
  • https://ci.wazuh.info/job/Packages_builder_tier/3395
  • https://ci.wazuh.info/job/Packages_builder/186959
  • https://ci.wazuh.info/job/Packages_builder/186958
  • https://ci.wazuh.info/job/Test_stack_tier/116/

[davidjiglesias]

LGTM