Change health check call in AIO unify #1043
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
alberpilot
suggested changes
Dec 9, 2021
Comment on lines
12
to
19
| wazuh_major="4.2" | ||
| wazuh_ver="4.2.5" | ||
| wazuh_rev="1" | ||
| elk_ver="7.10.2" | ||
| elkb_ver="7.12.1" | ||
| od_ver="1.13.2" | ||
| od_rev="1" | ||
| wazuh_kib_plug_rev="1" |
There was a problem hiding this comment.
Suggested change
| wazuh_major="4.2" | |
| wazuh_ver="4.2.5" | |
| wazuh_rev="1" | |
| elk_ver="7.10.2" | |
| elkb_ver="7.12.1" | |
| od_ver="1.13.2" | |
| od_rev="1" | |
| wazuh_kib_plug_rev="1" | |
| wazuh_major="4.2" | |
| wazuh_version="4.2.5" | |
| wazuh_revision="1" | |
| elastic_oss_version="7.10.2" | |
| elastic_basic_version="7.12.1" | |
| opendistro_version="1.13.2" | |
| opendistro_revision="1" | |
| wazuh_kibana_plugin_revision="1" |
Please replace all variable names in all involved files.
Comment on lines
33
to
59
| echo "Usage: $(basename $0) options" | ||
| echo -e " -a, --all-in-one" | ||
| echo -e " All-In-One installation." | ||
| echo -e " -w, --wazuh-server" | ||
| echo -e " Wazuh server installation. It includes Filebeat." | ||
| echo -e " -e, --elasticsearch" | ||
| echo -e " Elasticsearch installation." | ||
| echo -e " -k, --kibana" | ||
| echo -e " Kibana installation." | ||
| echo -e " -c, --create-certificates" | ||
| echo -e " Create certificates from instances.yml file." | ||
| echo -e " -en, --elastic-node-name" | ||
| echo -e " Name of the elastic node, used for distributed installations." | ||
| echo -e " -wn, --wazuh-node-name" | ||
| echo -e " Name of the wazuh node, used for distributed installations." | ||
|
|
||
| echo -e " -wk, --wazuh-key <wazuh-cluster-key>" | ||
| echo -e " Use this option as well as a wazuh_cluster_config.yml configuration file to automatically configure the wazuh cluster when using a multi-node installation." | ||
| echo -e " -v, --verbose" | ||
| echo -e " Shows the complete installation output." | ||
| echo -e " -i, --ignore-health-check" | ||
| echo -e " Ignores the health-check." | ||
| echo -e " -l, --local" | ||
| echo -e " Use local files." | ||
| echo -e " -h, --help" | ||
| echo -e " Shows help." | ||
| echo -e "" |
There was a problem hiding this comment.
This would be the help output desirable:
NAME
wazuh_install.sh - Install and configures the Wazuh components unattended
SYNOPSIS
wazuh_install.sh [OPTION]
DESCRIPTION
wazuh_install.sh is a script that installs and configures the Wazuh components on a single host or multiple host configuration
-a, --all-in-one
All-In-One installation.
-w, --wazuh-server
Wazuh server installation. It includes Filebeat.
-e, --elasticsearch
Elasticsearch installation.
-k, --kibana
Kibana installation.
-c, --create-certificates
Create certificates from previously created instances.yml file. Example: <insert_url_here>
-en, --elastic-node-name
Name of the elastic node, used for distributed installations.
-wn, --wazuh-node-name
Name of the wazuh node, used for distributed installations.
-wk, --wazuh-key <wazuh-cluster-key>
Use this option as well as a wazuh_cluster_config.yml configuration file to automatically configure the wazuh cluster when using a
multi-node installation.
-v, --verbose
Shows the complete installation output.
-i, --ignore-health-check
Ignores the health-check.
-l, --local
Use local files.
-h, --help
Shows help.
There was a problem hiding this comment.
Install
-
System
NAME="CentOS Linux" VERSION="7 (Core)" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="7" PRETTY_NAME="CentOS Linux 7 (Core)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:7" HOME_URL="https://www.centos.org/" BUG_REPORT_URL="https://bugs.centos.org/" CENTOS_MANTISBT_PROJECT="CentOS-7" CENTOS_MANTISBT_PROJECT_VERSION="7" REDHAT_SUPPORT_PRODUCT="centos" REDHAT_SUPPORT_PRODUCT_VERSION="7" -
Install output
[root@centos7 vagrant]# bash wazuh_install.sh -a -l 12/09/2021 17:27:32 INFO: Configuration file found. Creating certificates... 12/09/2021 17:27:32 INFO: Creating the Elasticsearch certificates... 12/09/2021 17:27:32 INFO: Creating Wazuh server certificates... 12/09/2021 17:27:32 INFO: Creating Kibana certificate... 12/09/2021 17:27:32 INFO: Certificates creation finished. They can be found in /vagrant/certs. 12/09/2021 17:27:32 INFO: Starting the installation... 12/09/2021 17:27:32 INFO: Installing all necessary utilities for the installation... 12/09/2021 17:27:33 INFO: Done 12/09/2021 17:27:33 INFO: Adding the Wazuh repository... 12/09/2021 17:27:34 INFO: Done 12/09/2021 17:27:34 INFO: Installing the Wazuh manager... 12/09/2021 17:28:08 INFO: Done 12/09/2021 17:28:24 INFO: Wazuh-manager started 12/09/2021 17:28:24 INFO: Installing Open Distro for Elasticsearch... 12/09/2021 17:29:04 INFO: Done 12/09/2021 17:29:04 INFO: Configuring Elasticsearch... 12/09/2021 17:29:12 INFO: Elasticsearch started 12/09/2021 17:29:12 INFO: Initializing Elasticsearch... 12/09/2021 17:29:21 INFO: Done 12/09/2021 17:29:21 INFO: Installing Filebeat... 12/09/2021 17:29:25 INFO: Filebeat started 12/09/2021 17:29:25 INFO: Done 12/09/2021 17:29:25 INFO: Installing Open Distro for Kibana... 12/09/2021 17:30:17 INFO: Done 12/09/2021 17:30:25 INFO: Kibana started
Error Logs
-
Filebeat
Dec 09 17:31:55 centos7 filebeat[6433]: 2021-12-09T17:31:55.205Z INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":110,"time":{"ms":74}},"total":{"ticks":180,"time":{"ms":97},"value":180},"user":{"ticks":70,"time":{"ms":23}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":10},"info":{"ephemeral_id":"b7e4653e-2b59-42c7-8901-0e9490167dc1","uptime":{"ms":150026}},"memstats":{"gc_next":8354128,"memory_alloc":4331408,"memory_total":18531848,"rss":2613248},"runtime":{"goroutines":23}},"filebeat":{"harvester":{"open_files":1,"running":1}},"libbeat":{"config":{"module":{"running":0}},"output":{"read":{"errors":1}},"pipeline":{"clients":1,"events":{"active":0}}},"registrar":{"states":{"current":1}},"system":{"load":{"1":0.41,"15":0.27,"5":0.55,"norm":{"1":0.205,"15":0.135,"5":0.275}}}}}} -
Kibana
Dec 09 17:36:04 centos7 kibana[6588]: {"type":"error","@timestamp":"2021-12-09T17:36:04Z","tags":["connection","client","error"],"pid":6588,"level":"error","error":{"message":"140162228135808:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n","name":"Error","stack":"Error: 140162228135808:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n"},"message":"140162228135808:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 46\n"} Dec 09 17:35:30 centos7 kibana[6588]: {"type":"log","@timestamp":"2021-12-09T17:35:30Z","tags":["error","elasticsearch","data"],"pid":6588,"message":"[illegal_argument_exception]: request [/_license] contains unrecognized parameter: [accept_enterprise]"} Dec 09 17:35:30 centos7 kibana[6588]: {"type":"log","@timestamp":"2021-12-09T17:35:30Z","tags":["error","elasticsearch","data"],"pid":6588,"message":"[security_exception]: no permissions for [indices:monitor/stats] and User [name=kibanaserver, backend_roles=[], requestedTenant=null]"} Dec 09 17:35:30 centos7 kibana[6588]: {"type":"log","@timestamp":"2021-12-09T17:35:30Z","tags":["error","elasticsearch","data"],"pid":6588,"message":"[security_exception]: no permissions for [indices:admin/mappings/get] and User [name=kibanaserver, backend_roles=[], requestedTenant=null]"} Dec 09 17:30:29 centos7 kibana[6588]: {"type":"log"," Dec 09 17:30:29 centos7 kibana[6588]: {"type":"log","@timestamp":"2021-12-09T17:30:29Z","tags":["error","plugins","wazuh","initialize"],"pid":6588,"message":"Could not check if the index .wazuh exists due to no permissions for create, delete or check"} Dec 09 17:30:29 centos7 kibana[6588]: {"type":"log","@timestamp":"2021-12-09T17:30:29Z","tags":["error","elasticsearch","data"],"pid":6588,"message":"[ResponseError]: Response Error"} Dec 09 17:30:28 centos7 kibana[6588]: {"type":"log","@timestamp":"2021-12-09T17:30:28Z","tags":["warning","config","deprecation"],"pid":6588,"message":"\"server.defaultRoute\" is deprecated and has been replaced by \"uiSettings.overrides.defaultRoute\""}No errors in elasticsearch service and ossec.log
Tests
-
Index
[root@centos7 vagrant]# curl -k -u wazuh:wazuh https://localhost:9200/_cat/indices?s=index green open .kibana_1 icUQ2ghxQi27YtltJAUTug 1 0 8 6 61.3kb 61.3kb green open .opendistro_security W0LteWJwTECiqm12HI2Ucg 1 0 9 0 61.3kb 61.3kb yellow open security-auditlog-2021.12.09 dMR1tEoXSLG4G3WomGBliA 1 1 12 0 241.9kb 241.9kb green open wazuh-alerts-4.x-2021.12.09 ojXgbLaySPmHCEoQzJfAqg 3 0 341 0 638.6kb 638.6kb green open wazuh-monitoring-2021.50w Eib3oJANRl26CM7qqNcLvA 1 0 0 0 208b 208b -
Filebeat test output
[root@centos7 vagrant]# filebeat test output elasticsearch: https://127.0.0.1:9200... parse url... OK connection... parse host... OK dns lookup... OK addresses: 127.0.0.1 dial up... OK TLS... security: server's certificate chain verification is enabled handshake... OK TLS version: TLSv1.3 dial up... OK talk to server... OK version: 7.10.2
- Install 🟢
- Agent connection 🟢
- Agent alerts 🟢
- Kibana log 🟡
- Filebeat log 🟡
- Ossec.log 🟢
- Elasticsearch log 🟢
- Filebeat test 🟢
- Index check 🟢
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
The unattended installation through the AIO option, shows different output when the -i option is specified or not. This is because by not indicating the -i option, 3 health check calls are made instead of just one, this causes three identifiable messages to be displayed when it should be one
Logs example
With -i parameter
Without -i parameter:
Tests
Without -i option. Node the only one
Starting the installation...