From 5b1b913efafa3822763af407ac41175f669afc05 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Fern=C3=A1ndez?= Date: Wed, 9 Feb 2022 12:10:13 +0100 Subject: [PATCH] Added restart file to perform restart --- stack/indexer/deb/debian/postinst | 161 ++++++++++++++++-------------- stack/indexer/deb/debian/preinst | 21 ++++ stack/indexer/deb/debian/prerm | 2 +- 3 files changed, 107 insertions(+), 77 deletions(-) diff --git a/stack/indexer/deb/debian/postinst b/stack/indexer/deb/debian/postinst index b7d821b6d5..a79c02d281 100644 --- a/stack/indexer/deb/debian/postinst +++ b/stack/indexer/deb/debian/postinst @@ -39,83 +39,92 @@ if command -v systemctl > /dev/null 2>&1; then systemctl restart systemd-sysctl.service > /dev/null 2>&1 || true fi -# The codeblock below is using the fact that postinst script is called with the most-recently configured version. -# In other words, a fresh installed will be called like "postinst configure" with no previous version ($2 is null) -if [ -z "$2" ]; then - # If $2 is null, this is an install - - # Setting owner and group - chown -R ${USER}:${GROUP} ${CONFIG_DIR} - chown -R ${USER}:${GROUP} ${INSTALLATION_DIR} - chown -R ${USER}:${GROUP} ${LOG_DIR} - - # Prepare the RCA reader process for execution - mkdir -p "/var/lib/wazuh-indexer" - echo 'true' > ${LIB_DIR}/performance_analyzer_enabled.conf - echo 'true' > ${LIB_DIR}/rca_enabled.conf - # This is needed by the performance-analyzer service - echo 'false' > ${LIB_DIR}/batch_metrics_enabled.conf - chown ${USER}:${GROUP} ${LIB_DIR}/performance_analyzer_enabled.conf - chown ${USER}:${GROUP} ${LIB_DIR}/rca_enabled.conf - chown ${USER}:${GROUP} ${LIB_DIR}/batch_metrics_enabled.conf - chown ${USER}:${GROUP} ${LIB_DIR} - - # --------------------------------------------------------------------------- - - # Setting performance analyzer options - CLK_TCK=$(getconf CLK_TCK) - echo >> /etc/wazuh-indexer/jvm.options - echo '## OpenDistro Performance Analyzer' >> /etc/wazuh-indexer/jvm.options - echo "-Dclk.tck=$CLK_TCK" >> /etc/wazuh-indexer/jvm.options - echo "-Djdk.attach.allowAttachSelf=true" >> /etc/wazuh-indexer/jvm.options - echo "-Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opendistro-performance-analyzer/pa_config/es_security.policy" >> /etc/wazuh-indexer/jvm.options - - # --------------------------------------------------------------------------- - - # Setting Indexer default configuration - echo "${USER} hard nproc 4096" >> /etc/security/limits.conf - echo "${USER} soft nproc 4096" >> /etc/security/limits.conf - echo "${USER} hard nofile 65535" >> /etc/security/limits.conf - echo "${USER} soft nofile 65535" >> /etc/security/limits.conf - -else - # Otherwise it is an upgrade - echo -n "Restarting wazuh-indexer service..." - if command -v systemctl > /dev/null 2>&1 && systemctl is-active --quiet wazuh-indexer > /dev/null 2>&1; then - systemctl daemon-reload > /dev/null 2>&1 - systemctl restart wazuh-indexer.service > /dev/null 2>&1 - - # Check for SysV - elif command -v service > /dev/null 2>&1; then - service wazuh-indexer restart > /dev/null 2>&1 - - elif [ -x /etc/init.d/wazuh-indexer ]; then - if command -v invoke-rc.d >/dev/null; then - invoke-rc.d wazuh-indexer restart > /dev/null 2>&1 +case "$1" in + configure) + # The codeblock below is using the fact that postinst script is called with the most-recently configured version. + # In other words, a fresh installed will be called like "postinst configure" with no previous version ($2 is null) + if [ -z "$2" ]; then + # If $2 is null, this is an install + + # Setting owner and group + chown -R ${USER}:${GROUP} ${CONFIG_DIR} + chown -R ${USER}:${GROUP} ${INSTALLATION_DIR} + chown -R ${USER}:${GROUP} ${LOG_DIR} + + # Prepare the RCA reader process for execution + mkdir -p "/var/lib/wazuh-indexer" + echo 'true' > ${LIB_DIR}/performance_analyzer_enabled.conf + echo 'true' > ${LIB_DIR}/rca_enabled.conf + # This is needed by the performance-analyzer service + echo 'false' > ${LIB_DIR}/batch_metrics_enabled.conf + chown ${USER}:${GROUP} ${LIB_DIR}/performance_analyzer_enabled.conf + chown ${USER}:${GROUP} ${LIB_DIR}/rca_enabled.conf + chown ${USER}:${GROUP} ${LIB_DIR}/batch_metrics_enabled.conf + chown ${USER}:${GROUP} ${LIB_DIR} + + # --------------------------------------------------------------------------- + + # Setting performance analyzer options + CLK_TCK=$(getconf CLK_TCK) + echo >> /etc/wazuh-indexer/jvm.options + echo '## OpenDistro Performance Analyzer' >> /etc/wazuh-indexer/jvm.options + echo "-Dclk.tck=$CLK_TCK" >> /etc/wazuh-indexer/jvm.options + echo "-Djdk.attach.allowAttachSelf=true" >> /etc/wazuh-indexer/jvm.options + echo "-Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opendistro-performance-analyzer/pa_config/es_security.policy" >> /etc/wazuh-indexer/jvm.options + + # --------------------------------------------------------------------------- + + # Setting Indexer default configuration + echo "${USER} hard nproc 4096" >> /etc/security/limits.conf + echo "${USER} soft nproc 4096" >> /etc/security/limits.conf + echo "${USER} hard nofile 65535" >> /etc/security/limits.conf + echo "${USER} soft nofile 65535" >> /etc/security/limits.conf + + else # Otherwise it is an upgrade + if [ -f "${INSTALLATION_DIR}/${NAME}.restart" ]; then + echo -n "Restarting wazuh-indexer service..." + rm -f "${INSTALLATION_DIR}/${NAME}.restart" + if command -v systemctl > /dev/null 2>&1; then + systemctl daemon-reload > /dev/null 2>&1 + systemctl restart wazuh-indexer.service > /dev/null 2>&1 + # Check for SysV + elif command -v service > /dev/null 2>&1; then + service wazuh-indexer restart > /dev/null 2>&1 + + elif [ -x /etc/init.d/wazuh-indexer ]; then + if command -v invoke-rc.d >/dev/null; then + invoke-rc.d wazuh-indexer restart > /dev/null 2>&1 + else + /etc/init.d/wazuh-indexer restart > /dev/null 2>&1 + fi + elif [ -x /etc/rc.d/init.d/wazuh-indexer ]; then + /etc/rc.d/init.d/wazuh-indexer restart > /dev/null 2>&1 + fi + echo " OK" + fi + fi + + if [ ! -f "${CONFIG_DIR}"/opensearch.keystore ]; then + "${INSTALLATION_DIR}"/bin/opensearch-keystore create + chown "${USER}:${GROUP}" "${CONFIG_DIR}"/opensearch.keystore + chmod 660 "${CONFIG_DIR}"/opensearch.keystore + md5sum "${CONFIG_DIR}"/opensearch.keystore > "${CONFIG_DIR}"/.opensearch.keystore.initial_md5sum else - /etc/init.d/wazuh-indexer restart > /dev/null 2>&1 + if "${INSTALLATION_DIR}"/bin/opensearch-keystore has-passwd --silent ; then + echo "### Warning: unable to upgrade encrypted keystore" 1>&2 + echo " Please run opensearch-keystore upgrade and enter password" 1>&2 + else + "${INSTALLATION_DIR}"/bin/opensearch-keystore upgrade + fi fi + ;; - # Older Suse linux distributions do not ship with systemd - # but do not have an /etc/init.d/ directory - # this tries to stop the wazuh-indexer service on these - # as well without failing this script - elif [ -x /etc/rc.d/init.d/wazuh-indexer ]; then - /etc/rc.d/init.d/wazuh-indexer restart > /dev/null 2>&1 - fi - echo " OK" -fi + abort-upgrade|abort-remove|abort-deconfigure) + + ;; -if [ ! -f "${CONFIG_DIR}"/opensearch.keystore ]; then - "${INSTALLATION_DIR}"/bin/opensearch-keystore create - chown "${USER}:${GROUP}" "${CONFIG_DIR}"/opensearch.keystore - chmod 660 "${CONFIG_DIR}"/opensearch.keystore - md5sum "${CONFIG_DIR}"/opensearch.keystore > "${CONFIG_DIR}"/.opensearch.keystore.initial_md5sum -else - if "${INSTALLATION_DIR}"/bin/opensearch-keystore has-passwd --silent ; then - echo "### Warning: unable to upgrade encrypted keystore" 1>&2 - echo " Please run opensearch-keystore upgrade and enter password" 1>&2 - else - "${INSTALLATION_DIR}"/bin/opensearch-keystore upgrade - fi -fi \ No newline at end of file + *) + echo "pre remove script called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac \ No newline at end of file diff --git a/stack/indexer/deb/debian/preinst b/stack/indexer/deb/debian/preinst index a71d8b7b4b..6fa96c372f 100644 --- a/stack/indexer/deb/debian/preinst +++ b/stack/indexer/deb/debian/preinst @@ -11,6 +11,7 @@ set -e export NAME=wazuh-indexer export CONFIG_DIR="/etc/${NAME}" +export INSTALLATION_DIR="/usr/share/${NAME}" # # This script is executed in the pre-installation phase @@ -59,6 +60,26 @@ case "$1" in ;; upgrade) + # Stop the services to upgrade + if command -v systemctl > /dev/null 2>&1 && systemctl > /dev/null 2>&1 && systemctl is-active --quiet "${NAME}" > /dev/null 2>&1; then + systemctl stop "${NAME}".service > /dev/null 2>&1 + touch "${INSTALLATION_DIR}/${NAME}.restart" + # Check for SysV + elif command -v service > /dev/null 2>&1 && service "${NAME}" status 2>/dev/null | grep "running" > /dev/null 2>&1; then + service "${NAME}" stop > /dev/null 2>&1 + touch "${INSTALLATION_DIR}/${NAME}.restart" + elif [ -x /etc/init.d/wazuh-indexer ]; then + if command -v invoke-rc.d >/dev/null; then + invoke-rc.d wazuh-indexer stop > /dev/null 2>&1 + touch "${INSTALLATION_DIR}/${NAME}.restart" + else + /etc/init.d/wazuh-indexer stop > /dev/null 2>&1 + touch "${INSTALLATION_DIR}/${NAME}.restart" + fi + elif [ -x /etc/rc.d/init.d/wazuh-indexer ] ; then + /etc/rc.d/init.d/wazuh-indexer stop > /dev/null 2>&1 + touch "${INSTALLATION_DIR}/${NAME}.restart" + fi ;; abort-deconfigure|abort-upgrade|abort-remove) diff --git a/stack/indexer/deb/debian/prerm b/stack/indexer/deb/debian/prerm index 870100a0fd..8004e9a316 100644 --- a/stack/indexer/deb/debian/prerm +++ b/stack/indexer/deb/debian/prerm @@ -36,7 +36,7 @@ case "$1" in REMOVE_SERVICE=true ;; - deconfigure|failed-upgrade) + upgrade|deconfigure|failed-upgrade) ;; *)