[BUG] wazuh-indexer service takes ownership of /run

[AlexRuiz7]

Description

Related issue: wazuh/wazuh-dashboard#222

During the testing of v4.9.0-alpha1, it was noticed that the wazuh-indexer service takes the ownership of the /run root folder, impeding the installation of Wazuh Dashboard (if it is installed in the same machine).

During a brief investigation of the issue, we noticed that the storage of the wazuh-indexer PID file is inconsistent, storing it on /run/wazuh-indexer and /var/run/wazuh-indexer. The standard nowadays is to use /run, instead of /var/run.

However, this does not explain the ownership change on the /run folder. This may be caused by the _localstatedir variable being undefined on wazuh-indexer.rpm.spec.

wazuh-indexer/distribution/packages/src/rpm/wazuh-indexer.rpm.spec

Line 29 in 1998088

%define pid_dir %{_localstatedir}/run/%{name}

Additional info

16 results - 14 files

wazuh-indexer/distribution/packages/src/common/env/wazuh-indexer:
  16: #PID_DIR=/run/wazuh-indexer

wazuh-indexer/distribution/packages/src/common/scripts/postrm:
  75:     if [ -d /run/wazuh-indexer ]; then
  77:         rm -rf /run/wazuh-indexer

wazuh-indexer/distribution/packages/src/common/systemd/wazuh-indexer.conf:
  1: d    /run/wazuh-indexer   0750 wazuh-indexer wazuh-indexer - -

wazuh-indexer/distribution/packages/src/common/systemd/wazuh-indexer.service:
  14: Environment=PID_DIR=/run/wazuh-indexer

wazuh-indexer/distribution/packages/src/deb/debmake_install.sh:
  27: pid_dir="/run/${name}"

wazuh-indexer/distribution/packages/src/deb/debian/postinst:
  20: pid_dir=/var/run/wazuh-indexer

wazuh-indexer/distribution/packages/src/deb/init.d/wazuh-indexer:
  56: PID_DIR="/var/run/$NAME"

wazuh-indexer/distribution/packages/src/rpm/wazuh-indexer.cicd.spec:
  168: if [[ -d /run/systemd/system ]] ; then

wazuh-indexer/distribution/packages/src/rpm/wazuh-indexer.rpm.spec:
  29: %define pid_dir %{_localstatedir}/run/%{name}

wazuh-indexer/distribution/packages/src/rpm/init.d/wazuh-indexer:
  42: PID_DIR="/run/wazuh-indexer"

wazuh-indexer/docker/prod/Dockerfile:
  65:     mkdir -p /run/wazuh-indexer && chown 1000:1000 /run/wazuh-indexer && \

wazuh-indexer/docker/prod/config/config.sh:
  13: export PID_DIR=/run/${NAME}

wazuh-indexer/qa/os/src/test/java/org/opensearch/packaging/util/Cleanup.java:
  59:         "/var/run/opensearch",

wazuh-indexer/qa/os/src/test/java/org/opensearch/packaging/util/Installation.java:
  117:             Paths.get("/var/run/opensearch"),

References:

• https://docs.fedoraproject.org/en-US/packaging-guidelines/RPMMacros/
• https://stackoverflow.com/questions/5173636/must-my-pidfile-be-located-in-var-run
• [Enhancement] RPM update pid file localtion in tmpfiles.d setup opensearch-project/opensearch-build#2098

[f-galland]

With regards to the /var/run and /run issue, it looks like /var/run is a symbolic link to /run, at least in redhat based distros.

[root@rhel8 ~]# cat /etc/os-release 
NAME="Red Hat Enterprise Linux"
VERSION="8.10 (Ootpa)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="8.10"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Red Hat Enterprise Linux 8.10 (Ootpa)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:8::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8"
REDHAT_BUGZILLA_PRODUCT_VERSION=8.10
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.10"
[root@rhel8 ~]# ls -lsah /var/ | grep run
   0 lrwxrwxrwx.  1 root root   11 Dec 19  2023 lock -> ../run/lock
   0 lrwxrwxrwx.  1 root root    6 Dec 19  2023 run -> ../run

[root@alma ~]# cat /etc/os-release 
NAME="AlmaLinux"
VERSION="8.10 (Cerulean Leopard)"
ID="almalinux"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.10"
PLATFORM_ID="platform:el8"
PRETTY_NAME="AlmaLinux 8.10 (Cerulean Leopard)"
ANSI_COLOR="0;34"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:almalinux:almalinux:8::baseos"
HOME_URL="https://almalinux.org/"
DOCUMENTATION_URL="https://wiki.almalinux.org/"
BUG_REPORT_URL="https://bugs.almalinux.org/"

ALMALINUX_MANTISBT_PROJECT="AlmaLinux-8"
ALMALINUX_MANTISBT_PROJECT_VERSION="8.10"
REDHAT_SUPPORT_PRODUCT="AlmaLinux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.10"
SUPPORT_END=2029-06-01
[root@alma ~]# ls -lsah /var | grep run
   0 lrwxrwxrwx  1 root root   11 Jun 27 23:10 lock -> ../run/lock
   0 lrwxrwxrwx  1 root root    6 Jun 27 23:10 run -> ../run

I'm still trying to pin the ownership issue, which seems to only happen on RPM based.

[AlexRuiz7]

We decided to use /run instead of /var/run to get rid of the warnings seen in #286. This change represents a fork from OpenSearch's service files. Reading opensearch-project/opensearch-build#2098, we understand they will eventually follow this path too.

Latest build workflow: https://github.com/wazuh/wazuh-indexer/actions/runs/9759538401