Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error when installing the Wazuh Dashboard using the Installation Assistant #2111

Closed
verdx opened this issue Feb 28, 2023 · 8 comments · Fixed by #2117 or #2118
Closed

Error when installing the Wazuh Dashboard using the Installation Assistant #2111

verdx opened this issue Feb 28, 2023 · 8 comments · Fixed by #2117 or #2118
Assignees
@verdx
Labels
component: dashboard component: installation-assistant type/bug Bug issue

Comments

@verdx
Copy link
Contributor

verdx commented Feb 28, 2023

Wazuh version Install type Action performed Platform
4.5.0 dashboard Install Red Hat Linux Enterprise 8(and probably more)

When installing the Wazuh dashboard using the installation assistant on Red Hat 8, it stops with two errors:

28/02/2023 17:39:26 ERROR: The Wazuh API user wazuh does not exist
28/02/2023 17:39:26 ERROR: The Wazuh API user wazuh-wui does not exist

It has been also reproduced in a community question. It may have something to do with the merge of PR #1806, as it was explained by @miguelfdez99 in Slack that the error appeared when testing the PR.

For now, it has just appeared on Red Hat 8 using the all in one installation of the installation assistant, more testing is needed, especially to see if it happens on 4.4.0
@verdx verdx self-assigned this Feb 28, 2023
@verdx
Copy link
Contributor Author

verdx commented Mar 1, 2023
edited
Loading

Update: investigation

🟢 4.4.0 All-in-one, RHEL 8, 4GB 2 cores

The first test done using 4.4.0 has not given any problem. In this case, the machine had 4GB and 2 cores, as recommended, which it didn't have in the previous test:

4.4.0 passsed test logs on Red Hat 8 
[root@redhat8 vagrant]# bash wazuh-install.sh -a -v
01/03/2023 08:54:29 INFO: Starting Wazuh installation assistant. Wazuh version: 4.4.0
01/03/2023 08:54:29 INFO: Verbose logging redirected to /var/log/wazuh-install.log
01/03/2023 08:54:41 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
01/03/2023 08:54:42 INFO: Wazuh development repository added.
01/03/2023 08:54:42 INFO: --- Configuration files ---
01/03/2023 08:54:42 INFO: Generating configuration files.
01/03/2023 08:54:42 DEBUG: Creating the root certificate.
Generating a RSA private key
...........................................+++++
.....+++++
writing new private key to '/tmp/wazuh-certificates//root-ca.key'
-----
Generating RSA private key, 2048 bit long modulus (2 primes)
.......................+++++
.....................+++++
e is 65537 (0x010001)
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
Getting CA Private Key
01/03/2023 08:54:42 DEBUG: Creating the Wazuh indexer certificates.
Ignoring -days; not generating a certificate
Generating a RSA private key
....................................................................................................................+++++
...............................+++++
writing new private key to '/tmp/wazuh-certificates//wazuh-indexer-key.pem'
-----
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
Getting CA Private Key
01/03/2023 08:54:43 DEBUG: Creating the Wazuh server certificates.
Ignoring -days; not generating a certificate
Generating a RSA private key
................+++++
................+++++
writing new private key to '/tmp/wazuh-certificates//wazuh-server-key.pem'
-----
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
Getting CA Private Key
01/03/2023 08:54:43 DEBUG: Creating the Wazuh dashboard certificates.
Ignoring -days; not generating a certificate
Generating a RSA private key
.....................+++++
.............................................................................................................+++++
writing new private key to '/tmp/wazuh-certificates//wazuh-dashboard-key.pem'
-----
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
Getting CA Private Key
01/03/2023 08:54:43 DEBUG: Generating random passwords.
01/03/2023 08:54:43 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
01/03/2023 08:54:43 INFO: --- Wazuh indexer ---
01/03/2023 08:54:43 INFO: Starting Wazuh indexer installation.
Extra Packages for Enterprise Linux 8 - x86_64  3.0 MB/s |  14 MB     00:04    
EL-8 - Wazuh                                    2.7 MB/s |  12 MB     00:04    
Last metadata expiration check: 0:00:06 ago on Wed 01 Mar 2023 08:54:55 AM UTC.
Dependencies resolved.
================================================================================
 Package                Architecture    Version            Repository      Size
================================================================================
Installing:
 wazuh-indexer          x86_64          4.4.0-1            wazuh          497 M

Transaction Summary
================================================================================
Install  1 Package

Total download size: 497 M
Installed size: 747 M
Downloading Packages:
wazuh-indexer-4.4.0-1.x86_64.rpm                5.6 MB/s | 497 MB     01:28    
--------------------------------------------------------------------------------
Total                                           5.6 MB/s | 497 MB     01:28     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Running scriptlet: wazuh-indexer-4.4.0-1.x86_64                           1/1 
  Installing       : wazuh-indexer-4.4.0-1.x86_64                           1/1 
  Running scriptlet: wazuh-indexer-4.4.0-1.x86_64                           1/1 
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore

  Verifying        : wazuh-indexer-4.4.0-1.x86_64                           1/1 
Installed products updated.

Installed:
  wazuh-indexer-4.4.0-1.x86_64                                                  

Complete!
01/03/2023 08:57:36 INFO: Wazuh indexer installation finished.
01/03/2023 08:57:36 DEBUG: Configuring Wazuh indexer.
01/03/2023 08:57:36 INFO: Wazuh indexer post-install configuration finished.
01/03/2023 08:57:36 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
01/03/2023 08:57:56 INFO: wazuh-indexer service started.
01/03/2023 08:57:56 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.4.1
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
01/03/2023 08:58:06 INFO: Wazuh indexer cluster initialized.
01/03/2023 08:58:06 INFO: --- Wazuh server ---
01/03/2023 08:58:06 INFO: Starting the Wazuh manager installation.
Last metadata expiration check: 0:03:13 ago on Wed 01 Mar 2023 08:54:55 AM UTC.
Dependencies resolved.
================================================================================
 Package                Architecture    Version            Repository      Size
================================================================================
Installing:
 wazuh-manager          x86_64          4.4.0-1            wazuh          117 M

Transaction Summary
================================================================================
Install  1 Package

Total download size: 117 M
Installed size: 444 M
Downloading Packages:
wazuh-manager-4.4.0-1.x86_64.rpm                4.0 MB/s | 117 MB     00:28    
--------------------------------------------------------------------------------
Total                                           4.0 MB/s | 117 MB     00:28     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Running scriptlet: wazuh-manager-4.4.0-1.x86_64                           1/1 
  Installing       : wazuh-manager-4.4.0-1.x86_64                           1/1 
  Running scriptlet: wazuh-manager-4.4.0-1.x86_64                           1/1 
  Verifying        : wazuh-manager-4.4.0-1.x86_64                           1/1 
Installed products updated.

Installed:
  wazuh-manager-4.4.0-1.x86_64                                                  

Complete!
01/03/2023 09:00:05 INFO: Wazuh manager installation finished.
01/03/2023 09:00:05 INFO: Starting service wazuh-manager.
Synchronizing state of wazuh-manager.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-manager
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service.
01/03/2023 09:00:24 INFO: wazuh-manager service started.
01/03/2023 09:00:24 INFO: Starting Filebeat installation.

Installed:
  filebeat-7.10.2-1.x86_64                                                      

01/03/2023 09:00:40 INFO: Filebeat installation finished.
wazuh/
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/manifest.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/manifest.yml
wazuh/_meta/
wazuh/_meta/config.yml
wazuh/_meta/fields.yml
wazuh/_meta/docs.asciidoc
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
01/03/2023 09:00:42 INFO: Filebeat post-install configuration finished.
01/03/2023 09:00:42 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service.
01/03/2023 09:00:43 INFO: filebeat service started.
01/03/2023 09:00:43 INFO: --- Wazuh dashboard ---
01/03/2023 09:00:43 INFO: Starting Wazuh dashboard installation.
Last metadata expiration check: 0:05:49 ago on Wed 01 Mar 2023 08:54:55 AM UTC.
Dependencies resolved.
================================================================================
 Package                  Architecture    Version          Repository      Size
================================================================================
Installing:
 wazuh-dashboard          x86_64          4.4.0-1          wazuh          257 M

Transaction Summary
================================================================================
Install  1 Package

Total download size: 257 M
Installed size: 1.1 G
Downloading Packages:
wazuh-dashboard-4.4.0-1.x86_64.rpm              7.6 MB/s | 257 MB     00:33    
--------------------------------------------------------------------------------
Total                                           7.6 MB/s | 257 MB     00:33     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Running scriptlet: wazuh-dashboard-4.4.0-1.x86_64                         1/1 
  Installing       : wazuh-dashboard-4.4.0-1.x86_64                         1/1 
  Running scriptlet: wazuh-dashboard-4.4.0-1.x86_64                         1/1 
  Verifying        : wazuh-dashboard-4.4.0-1.x86_64                         1/1 
Installed products updated.

Installed:
  wazuh-dashboard-4.4.0-1.x86_64                                                

Complete!
01/03/2023 09:03:50 INFO: Wazuh dashboard installation finished.
01/03/2023 09:03:50 DEBUG: Wazuh dashboard certificate setup finished.
01/03/2023 09:03:50 INFO: Wazuh dashboard post-install configuration finished.
01/03/2023 09:03:50 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
01/03/2023 09:03:51 INFO: wazuh-dashboard service started.
01/03/2023 09:03:51 DEBUG: Setting Wazuh indexer cluster passwords.
01/03/2023 09:04:04 DEBUG: Generating password hashes.
01/03/2023 09:04:16 DEBUG: Password hashes generated.
01/03/2023 09:04:16 DEBUG: Creating password backup.
mkdir: cannot create directory ‘/etc/wazuh-indexer/backup’: File exists
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.4.1
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
01/03/2023 09:04:29 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
Successfully updated the keystore
01/03/2023 09:04:31 DEBUG: filebeat started.
01/03/2023 09:04:34 DEBUG: wazuh-dashboard started.
01/03/2023 09:04:34 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.4.1
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/vagrant
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
01/03/2023 09:04:39 DEBUG: Passwords changed.
01/03/2023 09:04:49 INFO: Initializing Wazuh dashboard web application.
01/03/2023 09:05:02 INFO: Wazuh dashboard web application initialized.
01/03/2023 09:05:02 INFO: --- Summary ---
01/03/2023 09:05:02 INFO: You can access the web interface https://<wazuh-dashboard-ip>
    User: admin
    Password: 1x79uuuyQ8BrJhuVaY+Llda*xewpu3EP
01/03/2023 09:05:02 INFO: Installation finished.

🔴 4.4.0, All-in-one, RHEL 8 1GB 1 core

Another test using 4.4.0, also Red Hat 8, but with less capabilities than recommended(1GB and 1 core) has given the error:

4.4.0 failed test logs on Red Hat 8 
[root@redhat8 vagrant]# bash wazuh-install.sh -a -i -v
01/03/2023 09:55:47 INFO: Starting Wazuh installation assistant. Wazuh version: 4.4.0
01/03/2023 09:55:47 INFO: Verbose logging redirected to /var/log/wazuh-install.log
01/03/2023 09:55:55 WARNING: Hardware and system checks ignored.
01/03/2023 09:55:59 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
01/03/2023 09:56:01 INFO: Wazuh development repository added.
01/03/2023 09:56:01 INFO: --- Configuration files ---
01/03/2023 09:56:01 INFO: Generating configuration files.
01/03/2023 09:56:01 DEBUG: Creating the root certificate.
Generating a RSA private key
...............................+++++
.........+++++
writing new private key to '/tmp/wazuh-certificates//root-ca.key'
-----
Generating RSA private key, 2048 bit long modulus (2 primes)
.........................................+++++
.................................+++++
e is 65537 (0x010001)
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
Getting CA Private Key
01/03/2023 09:56:01 DEBUG: Creating the Wazuh indexer certificates.
Ignoring -days; not generating a certificate
Generating a RSA private key
..........+++++
................+++++
writing new private key to '/tmp/wazuh-certificates//wazuh-indexer-key.pem'
-----
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
Getting CA Private Key
+ '[' -n -e ']'
+ '[' -n -e ']'
+ case ${1} in
+ mtype=ERROR:
+ shift 1
+ '[' -n 'The Wazuh API user wazuh-wui does not exist' ']'
+ case ${1} in
+ message='The Wazuh API user wazuh-wui does not exist'
+ shift 1
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ tee -a /var/log/wazuh-install.log
+ printf '%s\n' '01/03/2023 10:53:14 ERROR: The Wazuh API user wazuh-wui does not exist'
01/03/2023 10:53:14 ERROR: The Wazuh API user wazuh-wui does not exist
+ set +ex
01/03/2023 10:53:14 DEBUG: Generating password hashes.
01/03/2023 10:53:30 DEBUG: Password hashes generated.
01/03/2023 10:53:31 DEBUG: Creating password backup.
mkdir: cannot create directory ‘/etc/wazuh-indexer/backup’: File exists
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
ERR: An unexpected ConnectionClosedException occured: Connection is closed
Trace:
org.apache.http.ConnectionClosedException: Connection is closed
	at org.opensearch.client.RestClient.extractAndWrapCause(RestClient.java:941)
	at org.opensearch.client.RestClient.performRequest(RestClient.java:332)
	at org.opensearch.client.RestClient.performRequest(RestClient.java:320)
	at org.opensearch.security.tools.SecurityAdmin.execute(SecurityAdmin.java:462)
	at org.opensearch.security.tools.SecurityAdmin.main(SecurityAdmin.java:159)
Caused by: org.apache.http.ConnectionClosedException: Connection is closed
	at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.endOfInput(HttpAsyncRequestExecutor.java:356)
	at org.apache.http.impl.nio.DefaultNHttpClientConnection.consumeInput(DefaultNHttpClientConnection.java:261)
	at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:87)
	at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:40)
	at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:121)
	at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162)
	at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337)
	at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315)
	at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276)
	at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104)
	at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:591)
	at java.base/java.lang.Thread.run(Thread.java:833)


01/03/2023 10:54:11 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
Successfully updated the keystore
01/03/2023 10:54:25 DEBUG: filebeat started.
01/03/2023 10:55:06 DEBUG: wazuh-dashboard started.
01/03/2023 10:55:07 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.4.1
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/vagrant
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
01/03/2023 10:55:34 DEBUG: Passwords changed.
01/03/2023 10:55:34 ERROR: User  is not registered in Wazuh API
01/03/2023 10:55:34 INFO: --- Removing existing Wazuh installation ---
01/03/2023 10:55:34 INFO: Removing Wazuh manager.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  wazuh-manager*
0 upgraded, 0 newly installed, 1 to remove and 46 not upgraded.
                                                               After this operation, 467 MB disk space will be freed.
(Reading database ... 182550 files and directories currently installed.)                                             (Reading database ... 
Removing wazuh-manager (4.4.0-1) ...
(Reading database ... 163832 files and directories currently installed.)
Purging configuration files for wazuh-manager (4.4.0-1) ...
01/03/2023 10:57:31 INFO: Wazuh manager removed.
01/03/2023 10:57:31 INFO: Removing Wazuh indexer.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  wazuh-indexer*
0 upgraded, 0 newly installed, 1 to remove and 46 not upgraded.
                                                               After this operation, 778 MB disk space will be freed.
(Reading database ... 163812 files and directories currently installed.)                                             (Reading database ... 
Removing wazuh-indexer (4.4.0-1) ...
Stopping wazuh-indexer service... OK
(Reading database ... 162736 files and directories currently installed.)
Purging configuration files for wazuh-indexer (4.4.0-1) ...
Deleting configuration directory... OK
dpkg: warning: while removing wazuh-indexer, directory '/usr/lib/systemd/system' not empty so not removed
dpkg: warning: while removing wazuh-indexer, directory '/var/lib/wazuh-indexer' not empty so not removed
dpkg: warning: while removing wazuh-indexer, directory '/var/log/wazuh-indexer' not empty so not removed
01/03/2023 10:57:52 INFO: Wazuh indexer removed.
01/03/2023 10:57:52 INFO: Removing Wazuh indexer.
Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package wazuh-indexer
01/03/2023 10:57:52 INFO: Wazuh indexer removed.
01/03/2023 10:57:52 INFO: Removing Filebeat.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  filebeat*
0 upgraded, 0 newly installed, 1 to remove and 46 not upgraded.
                                                               After this operation, 73.6 MB disk space will be freed.
(Reading database ... 162697 files and directories currently installed.)                                              (Reading database ... 
Removing filebeat (7.10.2) ...
(Reading database ... 162405 files and directories currently installed.)
Purging configuration files for filebeat (7.10.2) ...
dpkg: warning: while removing filebeat, directory '/etc/filebeat' not empty so not removed
dpkg: warning: while removing filebeat, directory '/usr/share/filebeat/module' not empty so not removed
01/03/2023 10:57:55 INFO: Filebeat removed.
01/03/2023 10:57:55 INFO: Removing Wazuh dashboard.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  wazuh-dashboard*
0 upgraded, 0 newly installed, 1 to remove and 46 not upgraded.
                                                               After this operation, 1,125 MB disk space will be freed.
(Reading database ... 162378 files and directories currently installed.)                                               (Reading database ... 
Removing wazuh-dashboard (4.4.0-1) ...
Stopping wazuh-dashboard service... OK
Deleting PID directory... OK
Deleting installation directory... OK
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
(Reading database ... 75657 files and directories currently installed.)
Purging configuration files for wazuh-dashboard (4.4.0-1) ...
 OK
01/03/2023 10:58:07 INFO: Wazuh dashboard removed.
01/03/2023 10:58:07 INFO: Installation cleaned.

🔴 4.4.0, All-in-one, Ubuntu 22 1GB 1 core

It has also been replicated in an Ubuntu 22, also with 1GB and 1 core:

4.4.0 failed test logs in Ubuntu22 
root@ubuntu22:/home/vagrant# bash wazuh-install.sh  -a -i -o -v
01/03/2023 10:43:08 INFO: Starting Wazuh installation assistant. Wazuh version: 4.4.0
01/03/2023 10:43:08 INFO: Verbose logging redirected to /var/log/wazuh-install.log
01/03/2023 10:43:09 INFO: --- Removing existing Wazuh installation ---
01/03/2023 10:43:09 INFO: Removing Wazuh indexer.
Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package wazuh-indexer
01/03/2023 10:43:10 INFO: Wazuh indexer removed.
01/03/2023 10:43:10 INFO: Wazuh GPG key was not found in the system
01/03/2023 10:43:10 INFO: Installation cleaned.
01/03/2023 10:43:10 WARNING: Hardware and system checks ignored.
Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease
Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease
Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease
Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease
Reading package lists...
01/03/2023 10:43:17 DEBUG: Adding the Wazuh repository.
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease
Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease
Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease
Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease
Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB]
Get:6 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [26.6 kB]
Fetched 43.8 kB in 2s (26.7 kB/s)
Reading package lists...
01/03/2023 10:43:22 INFO: Wazuh development repository added.
01/03/2023 10:43:22 INFO: --- Configuration files ---
01/03/2023 10:43:22 INFO: Generating configuration files.
01/03/2023 10:43:23 DEBUG: Creating the root certificate.
...........+...+.............+.....+...+.........+..........+......+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+......+...........+.............+........+...+....+..+.+..+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.............+.........+......+.+..............+....+..+......+...+......+.+............+........+......................+.....+......+.......+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.............+....+..+.+.....+....+...+......+..............+...+.......+...+.........+.....+.+.....+...+.+........+.......+.........+...............+..+.......+..+...+...+..........+.....+....+......+..+.+......+.....+.+...+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.+...+.....+......+....+......+..+..........+............+...........+....+.....+.+.....+.......+...+..............+.+.....+................+...+........+.........+...+.+..+....+.....+....+......+...+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..................+.+........+....+......+......+...+...........................+......+...+......+......+.....+...+....+............+.....+.+.....+............+...............+.+......+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
01/03/2023 10:43:24 DEBUG: Creating the Wazuh indexer certificates.
Ignoring -days without -x509; not generating a certificate
...+.+........+......+.+.....+...+....+.....+......+.......+..............+...+.+..+.........+....+......+........+.+..+.......+..+.+...+...........+...+.......+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+....+...............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+......+...+.....+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.......+.+.........+......+..+....+......+...+..+............+......+......+....+..+.......+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+..+.+..+.......+..+....+..+.............+..+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+................+.................+......+......+.............+..+.+...+.................+...+....+...+.....+..........+........+.........+...............+.......+...........+.........+.+.....+.......+.....+......+.+......+.........+........+.+............+..+...+...+....+..+...+.......+.........+.................+....+..................+...........+......+...............+.+..+.+.....+....+...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
01/03/2023 10:43:24 DEBUG: Creating the Wazuh server certificates.
Ignoring -days without -x509; not generating a certificate
....+......+..+.......+.....+...+.............+..+.........+..........+......+...+..+.......+..+......+....+.....+.+.....+.......+..+...+.+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+....+...+..+......+...+....+...+..+............+.+...+.....+............+.........+.+.........+...+..+.+..............+...+...+....+...+......+.....+.+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+...+...+....+.........+......+...+..+...+.+.....+...........................+.......+...........+......+.+...+...............+......+......+...+.........+...........+......+.........+.+......+..+...+....+...........+...+.......+..+.+...........+.............+...+..+...+.......+......+..............+...+....+........+.......+...+..+.........+......+...+...+..................+.......+.....+...+..........+.....+.+........+.+.....+.......+............+...+...+...........+...+.+.........+..+....+..+...............+............+............+...+.+......+...+........+.........+.............+...............+..+..........+.........+..+...+.+...+......+.....+......+.+..+.+.....+....+...+.....+....+......+...+...............+..+.........+......+...+.........+......+....+..+..................+.+.........+..+......+...+.......+........+......+...+..........+...........+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
....+.........+............+..+......+....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.+...+...............+.........+...........+.+...+......+..+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+..+.+......+...+...+...+............+.........+...+...+..+...+...+.....................+.+..............+....+............+..+...+............+.+.....+.+......+.....+....+.....+...+......+..........+.....+......+....+..+.........+....+..+....+...+...+...+.........+...+..+...............+...+...+.......+.....+..................+......+....+...........+...+......+....+...+...............+...+.....+......+.............+..+.+.........+...+......+.....+......+.+............+.....+.............+.....+.......+.....................+..+...+.......+....................+.......+.....+.+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
01/03/2023 10:43:25 DEBUG: Creating the Wazuh dashboard certificates.
Ignoring -days without -x509; not generating a certificate
..+.....+.........+..........+.....+...+...+.+...+...+...+......+...+...+.........+.....+......+...+......+.+............+..+....+..+...+......+...+.+..+....+...+........+.......+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+....+...........+.+.....+.+..+.............+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+.......+..+.+..............+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.....+...+.......+..+......+.+...+......+.....+......+....+..+.........+....+..+....+......+...+..+.......+..+.+..+.+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+......+..........+........+.+.........+.....+............+...+.+............+...+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..............+...+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
01/03/2023 10:43:25 DEBUG: Generating random passwords.
01/03/2023 10:43:26 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
01/03/2023 10:43:26 INFO: --- Wazuh indexer ---
01/03/2023 10:43:26 INFO: Starting Wazuh indexer installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  wazuh-indexer
0 upgraded, 1 newly installed, 0 to remove and 46 not upgraded.
                                                               Need to get 0 B/501 MB of archives.
                                                                                                  After this operation, 778 MB of additional disk space will be used.
                                                                                                                                                                     Selecting previously unselected package wazuh-indexer.
(Reading database ... 75648 files and directories currently installed.)
Preparing to unpack .../wazuh-indexer_4.4.0-1_amd64.deb ...
Creating wazuh-indexer group... OK
Creating wazuh-indexer user... OK
Unpacking wazuh-indexer (4.4.0-1) ...
Setting up wazuh-indexer (4.4.0-1) ...
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-58-generic
NEEDRESTART-KEXP: 5.15.0-58-generic
NEEDRESTART-KSTA: 1
NEEDRESTART-SVC: filebeat.service
01/03/2023 10:44:25 INFO: Wazuh indexer installation finished.
01/03/2023 10:44:25 DEBUG: Configuring Wazuh indexer.
01/03/2023 10:44:25 INFO: Wazuh indexer post-install configuration finished.
01/03/2023 10:44:25 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
01/03/2023 10:45:22 INFO: wazuh-indexer service started.
01/03/2023 10:45:22 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.4.1
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
01/03/2023 10:45:48 INFO: Wazuh indexer cluster initialized.
01/03/2023 10:45:48 INFO: --- Wazuh server ---
01/03/2023 10:45:48 INFO: Starting the Wazuh manager installation.
Reading package lists...
Building dependency tree...
Reading state information...
Suggested packages:
  expect
The following NEW packages will be installed:
  wazuh-manager
0 upgraded, 1 newly installed, 0 to remove and 46 not upgraded.
Need to get 122 MB of archives.
After this operation, 467 MB of additional disk space will be used.
Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-manager amd64 4.4.0-1 [122 MB]
Fetched 122 MB in 23s (5,381 kB/s)
                                  Selecting previously unselected package wazuh-manager.
(Reading database ... 76763 files and directories currently installed.)
Preparing to unpack .../wazuh-manager_4.4.0-1_amd64.deb ...
Unpacking wazuh-manager (4.4.0-1) ...
Setting up wazuh-manager (4.4.0-1) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-58-generic
NEEDRESTART-KEXP: 5.15.0-58-generic
NEEDRESTART-KSTA: 1
NEEDRESTART-SVC: filebeat.service
01/03/2023 10:47:35 INFO: Wazuh manager installation finished.
01/03/2023 10:47:35 INFO: Starting service wazuh-manager.
Synchronizing state of wazuh-manager.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-manager
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
01/03/2023 10:48:15 INFO: wazuh-manager service started.
01/03/2023 10:48:15 INFO: Starting Filebeat installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  filebeat
0 upgraded, 1 newly installed, 0 to remove and 46 not upgraded.
                                                               Need to get 0 B/22.1 MB of archives.
                                                                                                   After this operation, 73.6 MB of additional disk space will be used.
                                                                                                                                                                       Selecting previously unselected package filebeat.
(Reading database ... 95501 files and directories currently installed.)
Preparing to unpack .../filebeat_7.10.2_amd64.deb ...
Unpacking filebeat (7.10.2) ...
Setting up filebeat (7.10.2) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-58-generic
NEEDRESTART-KEXP: 5.15.0-58-generic
NEEDRESTART-KSTA: 1
NEEDRESTART-SVC: filebeat.service
01/03/2023 10:49:23 INFO: Filebeat installation finished.
wazuh/
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/manifest.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/manifest.yml
wazuh/_meta/
wazuh/_meta/config.yml
wazuh/_meta/fields.yml
wazuh/_meta/docs.asciidoc
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
01/03/2023 10:49:32 INFO: Filebeat post-install configuration finished.
01/03/2023 10:49:32 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
01/03/2023 10:49:38 INFO: filebeat service started.
01/03/2023 10:49:38 INFO: --- Wazuh dashboard ---
01/03/2023 10:49:38 INFO: Starting Wazuh dashboard installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  wazuh-dashboard
0 upgraded, 1 newly installed, 0 to remove and 46 not upgraded.
Need to get 213 MB of archives.
After this operation, 1,125 MB of additional disk space will be used.
Get:1 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 wazuh-dashboard amd64 4.4.0-1 [213 MB]
Fetched 213 MB in 42s (5,064 kB/s)
                                  Selecting previously unselected package wazuh-dashboard.
(Reading database ... 95820 files and directories currently installed.)
Preparing to unpack .../wazuh-dashboard_4.4.0-1_amd64.deb ...
Creating wazuh-dashboard group... OK
Creating wazuh-dashboard user... OK
Unpacking wazuh-dashboard (4.4.0-1) ...
Setting up wazuh-dashboard (4.4.0-1) ...
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-58-generic
NEEDRESTART-KEXP: 5.15.0-58-generic
NEEDRESTART-KSTA: 1
NEEDRESTART-SVC: filebeat.service
01/03/2023 10:52:38 INFO: Wazuh dashboard installation finished.
01/03/2023 10:52:39 DEBUG: Wazuh dashboard certificate setup finished.
01/03/2023 10:52:39 INFO: Wazuh dashboard post-install configuration finished.
01/03/2023 10:52:39 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
01/03/2023 10:52:41 INFO: wazuh-dashboard service started.
01/03/2023 10:52:41 DEBUG: Setting Wazuh indexer cluster passwords.
+ for j in "${!fileapiusers[@]}"
+ supported=false
+ '[' false = false ']'
+ '[' -n 'wazuh-indexer/unstable,now 4.4.0-1 amd64 [installed]' ']'
+ common_logger -e 'The Wazuh API user wazuh does not exist'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='01/03/2023 10:53:14'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -e ']'
+ '[' -n -e ']'
+ case ${1} in
+ mtype=ERROR:
+ shift 1
+ '[' -n 'The Wazuh API user wazuh does not exist' ']'
+ case ${1} in
+ message='The Wazuh API user wazuh does not exist'
+ shift 1
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ tee -a /var/log/wazuh-install.log
+ printf '%s\n' '01/03/2023 10:53:14 ERROR: The Wazuh API user wazuh does not exist'
01/03/2023 10:53:14 ERROR: The Wazuh API user wazuh does not exist
+ for j in "${!fileapiusers[@]}"
+ supported=false
+ '[' false = false ']'
+ '[' -n 'wazuh-indexer/unstable,now 4.4.0-1 amd64 [installed]' ']'
+ common_logger -e 'The Wazuh API user wazuh-wui does not exist'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='01/03/2023 10:53:14'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -e ']'
+ '[' -n -e ']'
+ case ${1} in
+ mtype=ERROR:
+ shift 1
+ '[' -n 'The Wazuh API user wazuh-wui does not exist' ']'
+ case ${1} in
+ message='The Wazuh API user wazuh-wui does not exist'
+ shift 1
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ tee -a /var/log/wazuh-install.log
+ printf '%s\n' '01/03/2023 10:53:14 ERROR: The Wazuh API user wazuh-wui does not exist'
01/03/2023 10:53:14 ERROR: The Wazuh API user wazuh-wui does not exist
+ set +ex
01/03/2023 10:53:14 DEBUG: Generating password hashes.
01/03/2023 10:53:30 DEBUG: Password hashes generated.
01/03/2023 10:53:31 DEBUG: Creating password backup.
mkdir: cannot create directory ‘/etc/wazuh-indexer/backup’: File exists
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
ERR: An unexpected ConnectionClosedException occured: Connection is closed
Trace:
org.apache.http.ConnectionClosedException: Connection is closed
	at org.opensearch.client.RestClient.extractAndWrapCause(RestClient.java:941)
	at org.opensearch.client.RestClient.performRequest(RestClient.java:332)
	at org.opensearch.client.RestClient.performRequest(RestClient.java:320)
	at org.opensearch.security.tools.SecurityAdmin.execute(SecurityAdmin.java:462)
	at org.opensearch.security.tools.SecurityAdmin.main(SecurityAdmin.java:159)
Caused by: org.apache.http.ConnectionClosedException: Connection is closed
	at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.endOfInput(HttpAsyncRequestExecutor.java:356)
	at org.apache.http.impl.nio.DefaultNHttpClientConnection.consumeInput(DefaultNHttpClientConnection.java:261)
	at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:87)
	at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:40)
	at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:121)
	at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162)
	at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337)
	at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315)
	at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276)
	at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104)
	at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:591)
	at java.base/java.lang.Thread.run(Thread.java:833)


01/03/2023 10:54:11 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
Successfully updated the keystore
01/03/2023 10:54:25 DEBUG: filebeat started.
01/03/2023 10:55:06 DEBUG: wazuh-dashboard started.
01/03/2023 10:55:07 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.4.1
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/vagrant
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
01/03/2023 10:55:34 DEBUG: Passwords changed.
01/03/2023 10:55:34 ERROR: User  is not registered in Wazuh API
01/03/2023 10:55:34 INFO: --- Removing existing Wazuh installation ---
01/03/2023 10:55:34 INFO: Removing Wazuh manager.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  wazuh-manager*
0 upgraded, 0 newly installed, 1 to remove and 46 not upgraded.
                                                               After this operation, 467 MB disk space will be freed.
(Reading database ... 182550 files and directories currently installed.)                                             (Reading database ... 
Removing wazuh-manager (4.4.0-1) ...
(Reading database ... 163832 files and directories currently installed.)
Purging configuration files for wazuh-manager (4.4.0-1) ...
01/03/2023 10:57:31 INFO: Wazuh manager removed.
01/03/2023 10:57:31 INFO: Removing Wazuh indexer.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  wazuh-indexer*
0 upgraded, 0 newly installed, 1 to remove and 46 not upgraded.
                                                               After this operation, 778 MB disk space will be freed.
(Reading database ... 163812 files and directories currently installed.)                                             (Reading database ... 
Removing wazuh-indexer (4.4.0-1) ...
Stopping wazuh-indexer service... OK
(Reading database ... 162736 files and directories currently installed.)
Purging configuration files for wazuh-indexer (4.4.0-1) ...
Deleting configuration directory... OK
dpkg: warning: while removing wazuh-indexer, directory '/usr/lib/systemd/system' not empty so not removed
dpkg: warning: while removing wazuh-indexer, directory '/var/lib/wazuh-indexer' not empty so not removed
dpkg: warning: while removing wazuh-indexer, directory '/var/log/wazuh-indexer' not empty so not removed
01/03/2023 10:57:52 INFO: Wazuh indexer removed.
01/03/2023 10:57:52 INFO: Removing Wazuh indexer.
Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package wazuh-indexer
01/03/2023 10:57:52 INFO: Wazuh indexer removed.
01/03/2023 10:57:52 INFO: Removing Filebeat.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  filebeat*
0 upgraded, 0 newly installed, 1 to remove and 46 not upgraded.
                                                               After this operation, 73.6 MB disk space will be freed.
(Reading database ... 162697 files and directories currently installed.)                                              (Reading database ... 
Removing filebeat (7.10.2) ...
(Reading database ... 162405 files and directories currently installed.)
Purging configuration files for filebeat (7.10.2) ...
dpkg: warning: while removing filebeat, directory '/etc/filebeat' not empty so not removed
dpkg: warning: while removing filebeat, directory '/usr/share/filebeat/module' not empty so not removed
01/03/2023 10:57:55 INFO: Filebeat removed.
01/03/2023 10:57:55 INFO: Removing Wazuh dashboard.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  wazuh-dashboard*
0 upgraded, 0 newly installed, 1 to remove and 46 not upgraded.
                                                               After this operation, 1,125 MB disk space will be freed.
(Reading database ... 162378 files and directories currently installed.)                                               (Reading database ... 
Removing wazuh-dashboard (4.4.0-1) ...
Stopping wazuh-dashboard service... OK
Deleting PID directory... OK
Deleting installation directory... OK
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
(Reading database ... 75657 files and directories currently installed.)
Purging configuration files for wazuh-dashboard (4.4.0-1) ...
 OK
01/03/2023 10:58:07 INFO: Wazuh dashboard removed.
01/03/2023 10:58:07 INFO: Installation cleaned.

🟢 4.4.0, Dashboard node, Ubuntu 22 1GB 1 core

When a dashboard node is especifically installed instead of an all-in-one the error is not replicated, as variable changeall is not set inside the script, and the checks were the error si checked for aren't run:

4.4.0 passed test, no AIO 
root@ubuntu22:/home/vagrant# bash wazuh-install.sh --wazuh-dashboard wazuh-dashboard -i
01/03/2023 11:05:43 INFO: Starting Wazuh installation assistant. Wazuh version: 4.4.0
01/03/2023 11:05:43 INFO: Verbose logging redirected to /var/log/wazuh-install.log
01/03/2023 11:05:44 WARNING: Hardware and system checks ignored.
01/03/2023 11:05:58 INFO: Wazuh development repository added.
wazuh-dashboard
01/03/2023 11:05:59 INFO: --- Wazuh dashboard ----
01/03/2023 11:05:59 INFO: Starting Wazuh dashboard installation.
01/03/2023 11:07:38 INFO: Wazuh dashboard installation finished.
01/03/2023 11:07:38 INFO: Wazuh dashboard post-install configuration finished.
01/03/2023 11:07:38 INFO: Starting service wazuh-dashboard.
01/03/2023 11:07:40 INFO: wazuh-dashboard service started.
01/03/2023 11:08:45 INFO: Initializing Wazuh dashboard web application.
01/03/2023 11:10:45 ERROR: Cannot connect to Wazuh dashboard.
01/03/2023 11:10:45 ERROR: Failed to connect with wazuh-indexer. Connection refused.
01/03/2023 11:10:45 INFO: If you want to install Wazuh dashboard without waiting for the Wazuh indexer cluster, use the -fd option
01/03/2023 11:10:45 INFO: --- Removing existing Wazuh installation ---
01/03/2023 11:10:45 INFO: Removing Wazuh dashboard.
01/03/2023 11:11:01 INFO: Wazuh dashboard removed.
01/03/2023 11:11:01 INFO: Installation cleaned. Check the /var/log/wazuh-install.log file to learn more about the issue.

🟢 4.3.10 All-in-one, RHEL 8, 4GB 2cores

4.3.10 succesful test 
[root@redhat8 vagrant]# bash wazuh-install.sh -a -v -o
01/03/2023 11:51:11 INFO: Starting Wazuh installation assistant. Wazuh version: 4.3.10
01/03/2023 11:51:11 INFO: Verbose logging redirected to /var/log/wazuh-install.log
01/03/2023 11:51:15 INFO: --- Removing existing Wazuh installation ---
01/03/2023 11:51:15 INFO: Wazuh GPG key not found in the system
01/03/2023 11:51:15 INFO: Installation cleaned.
01/03/2023 11:51:20 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
01/03/2023 11:51:21 INFO: Wazuh development repository added.
01/03/2023 11:51:21 INFO: --- Configuration files ---
01/03/2023 11:51:21 INFO: Generating configuration files.
01/03/2023 11:51:21 DEBUG: Creating the root certificate.
Generating a RSA private key
.............+++++
...............................................................+++++
writing new private key to '/tmp/wazuh-certificates//root-ca.key'
-----
Generating RSA private key, 2048 bit long modulus (2 primes)
...............................................+++++
..............................................................................................................................................................................................................................................+++++
e is 65537 (0x010001)
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
Getting CA Private Key
01/03/2023 11:51:21 DEBUG: Creating the Wazuh indexer certificates.
Ignoring -days; not generating a certificate
Generating a RSA private key
..............+++++
...............................................................................+++++
writing new private key to '/tmp/wazuh-certificates//wazuh-indexer-key.pem'
-----
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
Getting CA Private Key
01/03/2023 11:51:22 DEBUG: Creating the Wazuh server certificates.
Ignoring -days; not generating a certificate
Generating a RSA private key
....................+++++
...............+++++
writing new private key to '/tmp/wazuh-certificates//wazuh-server-key.pem'
-----
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
Getting CA Private Key
01/03/2023 11:51:22 DEBUG: Creating the Wazuh dashboard certificates.
Ignoring -days; not generating a certificate
Generating a RSA private key
............................................+++++
........................+++++
writing new private key to '/tmp/wazuh-certificates//wazuh-dashboard-key.pem'
-----
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
Getting CA Private Key
01/03/2023 11:51:22 DEBUG: Generating random passwords.
01/03/2023 11:51:22 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
01/03/2023 11:51:22 INFO: --- Wazuh indexer ---
01/03/2023 11:51:22 INFO: Starting Wazuh indexer installation.
EL-8 - Wazuh                                    3.7 kB/s | 3.4 kB     00:00    
Dependencies resolved.
================================================================================
 Package                Architecture    Version            Repository      Size
================================================================================
Installing:
 wazuh-indexer          x86_64          4.3.10-1           wazuh          361 M

Transaction Summary
================================================================================
Install  1 Package

Total download size: 361 M
Installed size: 614 M
Downloading Packages:
wazuh-indexer-4.3.10-1.x86_64.rpm               5.0 MB/s | 361 MB     01:12    
--------------------------------------------------------------------------------
Total                                           5.0 MB/s | 361 MB     01:12     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Running scriptlet: wazuh-indexer-4.3.10-1.x86_64                          1/1 
  Installing       : wazuh-indexer-4.3.10-1.x86_64                          1/1 
  Running scriptlet: wazuh-indexer-4.3.10-1.x86_64                          1/1 
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore

  Verifying        : wazuh-indexer-4.3.10-1.x86_64                          1/1 
Installed products updated.

Installed:
  wazuh-indexer-4.3.10-1.x86_64                                                 

Complete!
01/03/2023 11:53:32 INFO: Wazuh indexer installation finished.
01/03/2023 11:53:32 DEBUG: Configuring Wazuh indexer.
01/03/2023 11:53:32 INFO: Wazuh indexer post-install configuration finished.
01/03/2023 11:53:32 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
01/03/2023 11:53:48 INFO: wazuh-indexer service started.
01/03/2023 11:53:48 INFO: Initializing Wazuh indexer cluster security settings.
Security Admin v7
Will connect to 127.0.0.1:9300 ... done
Connected as CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US
OpenSearch Version: 1.2.4
OpenSearch Security Version: 1.2.4.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/
Will update '_doc/config' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '_doc/roles' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '_doc/rolesmapping' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '_doc/internalusers' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '_doc/actiongroups' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '_doc/tenants' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '_doc/nodesdn' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '_doc/whitelist' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '_doc/audit' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Done with success
01/03/2023 11:54:02 INFO: Wazuh indexer cluster initialized.
01/03/2023 11:54:02 INFO: --- Wazuh server ---
01/03/2023 11:54:02 INFO: Starting the Wazuh manager installation.
Last metadata expiration check: 0:02:39 ago on Wed 01 Mar 2023 11:51:24 AM UTC.
Dependencies resolved.
================================================================================
 Package                Architecture    Version            Repository      Size
================================================================================
Installing:
 wazuh-manager          x86_64          4.3.10-1           wazuh          115 M

Transaction Summary
================================================================================
Install  1 Package

Total download size: 115 M
Installed size: 438 M
Downloading Packages:
wazuh-manager-4.3.10-1.x86_64.rpm               3.2 MB/s | 115 MB     00:35    
--------------------------------------------------------------------------------
Total                                           3.2 MB/s | 115 MB     00:35     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Running scriptlet: wazuh-manager-4.3.10-1.x86_64                          1/1 
  Installing       : wazuh-manager-4.3.10-1.x86_64                          1/1 
  Running scriptlet: wazuh-manager-4.3.10-1.x86_64                          1/1 
  Verifying        : wazuh-manager-4.3.10-1.x86_64                          1/1 
Installed products updated.

Installed:
  wazuh-manager-4.3.10-1.x86_64                                                 

Complete!
01/03/2023 11:56:17 INFO: Wazuh manager installation finished.
01/03/2023 11:56:17 INFO: Starting service wazuh-manager.
Synchronizing state of wazuh-manager.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-manager
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service.
01/03/2023 11:56:46 INFO: wazuh-manager service started.
01/03/2023 11:56:46 INFO: Starting Filebeat installation.

Installed:
  filebeat-7.10.2-1.x86_64                                                      

01/03/2023 11:57:15 INFO: Filebeat installation finished.
wazuh/
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/manifest.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/manifest.yml
wazuh/_meta/
wazuh/_meta/config.yml
wazuh/_meta/fields.yml
wazuh/_meta/docs.asciidoc
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
01/03/2023 11:57:20 INFO: Filebeat post-install configuration finished.
01/03/2023 11:57:20 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service.
01/03/2023 11:57:21 INFO: filebeat service started.
01/03/2023 11:57:21 INFO: --- Wazuh dashboard ---
01/03/2023 11:57:21 INFO: Starting Wazuh dashboard installation.
Last metadata expiration check: 0:05:58 ago on Wed 01 Mar 2023 11:51:24 AM UTC.
Dependencies resolved.
================================================================================
 Package                 Architecture   Version             Repository     Size
================================================================================
Installing:
 wazuh-dashboard         x86_64         4.3.10-1            wazuh         150 M

Transaction Summary
================================================================================
Install  1 Package

Total download size: 150 M
Installed size: 587 M
Downloading Packages:
wazuh-dashboard-4.3.10-1.x86_64.rpm             4.8 MB/s | 150 MB     00:31    
--------------------------------------------------------------------------------
Total                                           4.8 MB/s | 150 MB     00:31     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Running scriptlet: wazuh-dashboard-4.3.10-1.x86_64                        1/1 
  Installing       : wazuh-dashboard-4.3.10-1.x86_64                        1/1 
  Running scriptlet: wazuh-dashboard-4.3.10-1.x86_64                        1/1 
  Verifying        : wazuh-dashboard-4.3.10-1.x86_64                        1/1 
Installed products updated.

Installed:
  wazuh-dashboard-4.3.10-1.x86_64                                               

Complete!
01/03/2023 12:01:28 INFO: Wazuh dashboard installation finished.
01/03/2023 12:01:29 DEBUG: Wazuh dashboard certificate setup finished.
01/03/2023 12:01:29 INFO: Wazuh dashboard post-install configuration finished.
01/03/2023 12:01:29 INFO: Starting service wazuh-dashboard.
Synchronizing state of wazuh-dashboard.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-dashboard
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
01/03/2023 12:01:30 INFO: wazuh-dashboard service started.
01/03/2023 12:01:30 DEBUG: Setting Wazuh indexer cluster passwords.
01/03/2023 12:02:02 DEBUG: Creating password backup.
Security Admin v7
Will connect to 127.0.0.1:9300 ... done
Connected as CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US
OpenSearch Version: 1.2.4
OpenSearch Security Version: 1.2.4.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '_doc/config' into /usr/share/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /usr/share/wazuh-indexer/backup/config.yml
Will retrieve '_doc/roles' into /usr/share/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /usr/share/wazuh-indexer/backup/roles.yml
Will retrieve '_doc/rolesmapping' into /usr/share/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /usr/share/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '_doc/internalusers' into /usr/share/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /usr/share/wazuh-indexer/backup/internal_users.yml
Will retrieve '_doc/actiongroups' into /usr/share/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /usr/share/wazuh-indexer/backup/action_groups.yml
Will retrieve '_doc/tenants' into /usr/share/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /usr/share/wazuh-indexer/backup/tenants.yml
Will retrieve '_doc/nodesdn' into /usr/share/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /usr/share/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '_doc/whitelist' into /usr/share/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /usr/share/wazuh-indexer/backup/whitelist.yml
Will retrieve '_doc/audit' into /usr/share/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /usr/share/wazuh-indexer/backup/audit.yml
01/03/2023 12:02:34 DEBUG: Password backup created in /usr/share/wazuh-indexer/backup.
01/03/2023 12:02:34 DEBUG: Generating password hashes.
01/03/2023 12:02:40 DEBUG: Password hashes generated.
Successfully updated the keystore
01/03/2023 12:02:42 DEBUG: filebeat started.
01/03/2023 12:02:44 DEBUG: wazuh-dashboard started.
01/03/2023 12:02:44 DEBUG: Loading new passwords changes.
Security Admin v7
Will connect to 127.0.0.1:9300 ... done
Connected as CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US
OpenSearch Version: 1.2.4
OpenSearch Security Version: 1.2.4.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/
Will update '_doc/config' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '_doc/roles' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '_doc/rolesmapping' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '_doc/internalusers' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '_doc/actiongroups' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '_doc/tenants' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '_doc/nodesdn' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '_doc/whitelist' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '_doc/audit' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Done with success
01/03/2023 12:02:56 DEBUG: Passwords changed.
01/03/2023 12:03:09 INFO: Initializing Wazuh dashboard web application.
01/03/2023 12:03:09 INFO: Wazuh dashboard web application initialized.
01/03/2023 12:03:09 INFO: --- Summary ---
01/03/2023 12:03:09 INFO: You can access the web interface https://<wazuh-dashboard-ip>
    User: admin
    Password: t+?CI?Bon?l6dZUO?4xTt6KZdlTe+WwE
01/03/2023 12:03:10 INFO: Installation finished.
[root@redhat8 vagrant]#

🔴 4.3.10, All-in-one, Ubuntu 22, 1GB 1 core

4.3.10 failed test in ubuntu 22 
root@ubuntu22:/home/vagrant# bash wazuh-install.sh -a -v -o -i
01/03/2023 11:51:57 INFO: Starting Wazuh installation assistant. Wazuh version: 4.3.10
01/03/2023 11:51:57 INFO: Verbose logging redirected to /var/log/wazuh-install.log
01/03/2023 11:51:58 INFO: --- Removing existing Wazuh installation ---
01/03/2023 11:51:58 INFO: Wazuh GPG key not found in the system
01/03/2023 11:51:58 INFO: Installation cleaned.
01/03/2023 11:51:58 WARNING: Hardware and system checks ignored.

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease
Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease
Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease
Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease
Reading package lists...
Building dependency tree...
Reading state information...
46 packages can be upgraded. Run 'apt list --upgradable' to see them.
01/03/2023 11:52:04 DEBUG: Adding the Wazuh repository.
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
OK
deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main
Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease
Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease
Hit:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease
Hit:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease
Get:5 https://packages-dev.wazuh.com/pre-release/apt unstable InRelease [17.3 kB]
Get:6 https://packages-dev.wazuh.com/pre-release/apt unstable/main amd64 Packages [26.6 kB]
Fetched 43.8 kB in 2s (24.7 kB/s)
Reading package lists...
W: https://packages-dev.wazuh.com/pre-release/apt/dists/unstable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
01/03/2023 11:52:09 INFO: Wazuh development repository added.
01/03/2023 11:52:09 INFO: --- Configuration files ---
01/03/2023 11:52:09 INFO: Generating configuration files.
01/03/2023 11:52:09 DEBUG: Creating the root certificate.
.+......+..+...+.........+.........+.......+.....+..........+..+.......+...........+.............+..+...+.+...+.................+...+......+.+...+.....+......+..........+..+.......+............+...+.....+...+...+................+......+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+.....+.+..+.+............+..+..........+...+.....+...+....+........+...+....+............+...+.....+...+.......+...............+..+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.........+....+........+....+...........+...+.......+...+......+...+..+...+.+......+.........+..............+......+............+.......+..+...+.+......+.....+......+..........+...+.....+......+....+.....+.......+...+.....+....+...........+....+..+................+..+.......+.........+..............+...+.........+....+......+.....+...+...+.........+.+........+.+...+......+..+...+.......+.....+....+.....+.............+.....+...+.........+.+..+.+......+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
....+.+......+..+.+.........+......+......+.....+...+...+...+.......+.........+.....+.............+...+..............+...+.+.................+...+.+...+...+..............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+......+..+.......+.....+.+..+.......+..+................+..+...+..........+..+.......+.........+.....+....+..+...+......+.+.....+.+...+.....+....+...+..+................+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+...+..+.........+.+..+......+.+.....+.+............+..+.+..............+.+........+......+......+....+.........+...............+.....+.+...+.................+.+.........+...+.....+.......+...+........+...+.........+.+..+.............+..+...+.+......+...+.........+..+.+...+...........+.........+.+...............+...+..+.........+....+..+.............+..+................+..+...+...+....+......+.....+.......+..+.+.........+........+...+.+.........+..+...+....+.....+.......+........+.......+......+...+..+..........+..+................+..+...+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
01/03/2023 11:52:10 DEBUG: Creating the Wazuh indexer certificates.
Ignoring -days without -x509; not generating a certificate
........+...+..+.+.........+..+...+...+....+........+...+.......+...+........+..........+.....+.+...+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+......+.....+......+.............+......+...+...+........+.........+..........+..+.+.....+....+.....+.+........+.......+..+.......+........+.+............+...+......+......+..+......+.......+..+.......+...+...+..+...+...+.......+.....+.......+..+.+.....+....+...+..+...+...+..........+..+.+...........+...+................+..+....+.....+.............+..+...............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.....+....+...+...+.........+.....+.+...........+...+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+..+..........+...+.....+.......+........+...+......+......+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+........+...+...+....+...........+.+...+...+..+............+......+...+.+...+........+...+.+...+......+.....+.......+.....+.........+..................+............+.+..+............+........................+.+...........+.........+.+..+............+...+...+.......+............+.....+...+................+..+..........+..+...+.............+.....+.......+.....+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
01/03/2023 11:52:11 DEBUG: Creating the Wazuh server certificates.
Ignoring -days without -x509; not generating a certificate
.+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..............+......+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+..................+...........................+...+.........+......+......+.+...+..+...................+..................+...+........+.........+......+.........+...+....+.....+.+..+...+.......+..+.........+....+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
...............+....+..+....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+........+...+...+....+......+......+....................+.+..+..........+...+...+.....+......+....+......+.........+.........+.....+...+...+....+...+..+......+...................+..+.+........+.+...+..+.........+....+.....+.+......+.........+..+...............+....+...+..+..........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+..+.......+...+........+......+....+......+......+...............+..+.......+...+......+..+............+...+....+.........+.........+........+...+....+...+........+......+..........+........+..........+...+........+......+......+.........+......+...+.......+..+......+.+...+.....+......+.+.........+............+.....+...+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
01/03/2023 11:52:12 DEBUG: Creating the Wazuh dashboard certificates.
Ignoring -days without -x509; not generating a certificate
...+...+..+.......+...+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+....+..+.......+...........+.......+.....+...+......+...+.......+........+.+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+..+....+.........+...+...+......+........+..................+...+....+............+.....+.+...+..+....+........+...+...+......+....+.........+..+..................+..........+...+..+.+......+........+......+............+....+...............+...........+...+..........+......+.........+......+...+...........+....+..+....+......+........+.+..+.........+.+..+.......+...+......+.............................+.+.........+...+.....+..........+..............+...+.+.........+..+.........+..........+..+.........+.+...+......+.....+...+.............+..+...+....+.....+.........+......+.........+....+..+.+..+.......+...+...+.....+...+................+........+...+...+...............+.+.....................+..+......+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
..+......+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+...+.........+.....+...+.+.....+.........+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+......+.........................+...+......+...+...........+.......+........+.+..............+......+.+........+.+...+.....+.......+......+.....+.......+......+....................+.+...+.....+......+......+...+......+.......+.....+...+......+.........+.+.........+.....+............+.........+.............+...+..+.+.....+.......+...+......+.........+.....................+...+...+........+......+..........+...+.....+...+....+...........+...+.+...+..+.+........+.......+.....+............+......+.......+.....+............+...+.......+.....+...............+.+.....+....+...+..+............+......+..........+.....+....+...+......+.....................+...........+.......+.....+..........+.....+............+.+...+............+........+......+....+..+.............+..+....+..............+....+............+.....+.+..+.......+......+...+.....+...............+...............+.......+..+...+.........+.............+........+...+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
01/03/2023 11:52:14 DEBUG: Generating random passwords.
01/03/2023 11:52:15 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
01/03/2023 11:52:15 INFO: --- Wazuh indexer ---
01/03/2023 11:52:15 INFO: Starting Wazuh indexer installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  wazuh-indexer
0 upgraded, 1 newly installed, 0 to remove and 46 not upgraded.
                                                               Need to get 0 B/357 MB of archives.
                                                                                                  After this operation, 639 MB of additional disk space will be used.
                                                                                                                                                                     Selecting previously unselected package wazuh-indexer.
(Reading database ... 75648 files and directories currently installed.)
Preparing to unpack .../wazuh-indexer_4.3.10-1_amd64.deb ...
Creating wazuh-indexer group... OK
Creating wazuh-indexer user... OK
Unpacking wazuh-indexer (4.3.10-1) ...
Setting up wazuh-indexer (4.3.10-1) ...
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-58-generic
NEEDRESTART-KEXP: 5.15.0-58-generic
NEEDRESTART-KSTA: 1
NEEDRESTART-SVC: filebeat.service
01/03/2023 11:53:10 INFO: Wazuh indexer installation finished.
01/03/2023 11:53:10 DEBUG: Configuring Wazuh indexer.
01/03/2023 11:53:10 INFO: Wazuh indexer post-install configuration finished.
01/03/2023 11:53:10 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
01/03/2023 11:54:09 INFO: wazuh-indexer service started.
01/03/2023 11:54:09 INFO: Initializing Wazuh indexer cluster security settings.
Security Admin v7
Will connect to 127.0.0.1:9300 ... done
Connected as CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US
OpenSearch Version: 1.2.4
OpenSearch Security Version: 1.2.4.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/
Will update '_doc/config' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '_doc/roles' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '_doc/rolesmapping' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '_doc/internalusers' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '_doc/actiongroups' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '_doc/tenants' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '_doc/nodesdn' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '_doc/whitelist' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '_doc/audit' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Done with success
01/03/2023 11:54:47 INFO: Wazuh indexer cluster initialized.
01/03/2023 11:54:47 INFO: --- Wazuh server ---
01/03/2023 11:54:47 INFO: Starting the Wazuh manager installation.
Reading package lists...
Building dependency tree...
Reading state information...
Suggested packages:
  expect
The following NEW packages will be installed:
  wazuh-manager
0 upgraded, 1 newly installed, 0 to remove and 47 not upgraded.
                                                               Need to get 0 B/120 MB of archives.
                                                                                                  After this operation, 460 MB of additional disk space will be used.
                                                                                                                                                                     Selecting previously unselected package wazuh-manager.
(Reading database ... 76593 files and directories currently installed.)
Preparing to unpack .../wazuh-manager_4.3.10-1_amd64.deb ...
Unpacking wazuh-manager (4.3.10-1) ...
Setting up wazuh-manager (4.3.10-1) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-58-generic
NEEDRESTART-KEXP: 5.15.0-58-generic
NEEDRESTART-KSTA: 1
NEEDRESTART-SVC: filebeat.service
01/03/2023 11:56:32 INFO: Wazuh manager installation finished.
01/03/2023 11:56:32 INFO: Starting service wazuh-manager.
Synchronizing state of wazuh-manager.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-manager
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
01/03/2023 11:57:23 INFO: wazuh-manager service started.
01/03/2023 11:57:24 INFO: Starting Filebeat installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  filebeat
0 upgraded, 1 newly installed, 0 to remove and 48 not upgraded.
                                                               Need to get 0 B/22.1 MB of archives.
                                                                                                   After this operation, 73.6 MB of additional disk space will be used.
                                                                                                                                                                       Selecting previously unselected package filebeat.
(Reading database ... 95284 files and directories currently installed.)
Preparing to unpack .../filebeat_7.10.2_amd64.deb ...
Unpacking filebeat (7.10.2) ...
Setting up filebeat (7.10.2) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-58-generic
NEEDRESTART-KEXP: 5.15.0-58-generic
NEEDRESTART-KSTA: 1
NEEDRESTART-SVC: filebeat.service
01/03/2023 12:00:09 INFO: Filebeat installation finished.
wazuh/
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/manifest.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/manifest.yml
wazuh/_meta/
wazuh/_meta/config.yml
wazuh/_meta/fields.yml
wazuh/_meta/docs.asciidoc
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
01/03/2023 12:00:36 INFO: Filebeat post-install configuration finished.
01/03/2023 12:00:37 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
01/03/2023 12:00:41 INFO: filebeat service started.
01/03/2023 12:00:41 INFO: --- Wazuh dashboard ---
01/03/2023 12:00:42 INFO: Starting Wazuh dashboard installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  wazuh-dashboard
0 upgraded, 1 newly installed, 0 to remove and 48 not upgraded.
                                                               Need to get 0 B/130 MB of archives.
                                                                                                  After this operation, 635 MB of additional disk space will be used.
                                                                                                                                                                     Selecting previously unselected package wazuh-dashboard.
(Reading database ... 95603 files and directories currently installed.)
Preparing to unpack .../wazuh-dashboard_4.3.10-1_amd64.deb ...
Creating wazuh-dashboard group... OK
Creating wazuh-dashboard user... OK
Unpacking wazuh-dashboard (4.3.10-1) ...
Setting up wazuh-dashboard (4.3.10-1) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-58-generic
NEEDRESTART-KEXP: 5.15.0-58-generic
NEEDRESTART-KSTA: 1
NEEDRESTART-SVC: filebeat.service
01/03/2023 12:04:03 INFO: Wazuh dashboard installation finished.
01/03/2023 12:04:03 DEBUG: Wazuh dashboard certificate setup finished.
01/03/2023 12:04:03 INFO: Wazuh dashboard post-install configuration finished.
01/03/2023 12:04:03 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
01/03/2023 12:04:06 INFO: wazuh-dashboard service started.
01/03/2023 12:04:06 DEBUG: Setting Wazuh indexer cluster passwords.
01/03/2023 12:04:53 ERROR: The Wazuh API user wazuh does not exist
01/03/2023 12:04:53 ERROR: The Wazuh API user wazuh-wui does not exist
01/03/2023 12:04:53 DEBUG: Creating password backup.
Security Admin v7
Will connect to 127.0.0.1:9300 ... done
ERR: Cannot connect to OpenSearch. Please refer to opensearch logfile for more information
Trace:
NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{MY-nNkKMRg65dAV3Dj07bA}{127.0.0.1}{127.0.0.1:9300}]]
	at org.opensearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClientNodesService.java:381)
	at org.opensearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.java:272)
	at org.opensearch.client.transport.TransportProxyClient.execute(TransportProxyClient.java:79)
	at org.opensearch.client.transport.TransportClient.doExecute(TransportClient.java:484)
	at org.opensearch.client.support.AbstractClient.execute(AbstractClient.java:433)
	at org.opensearch.client.support.AbstractClient.execute(AbstractClient.java:419)
	at org.opensearch.security.tools.SecurityAdmin.execute(SecurityAdmin.java:524)
	at org.opensearch.security.tools.SecurityAdmin.main(SecurityAdmin.java:157)


01/03/2023 12:06:01 DEBUG: Password backup created in /usr/share/wazuh-indexer/backup.
01/03/2023 12:06:01 DEBUG: Generating password hashes.
01/03/2023 12:06:20 DEBUG: Password hashes generated.
Successfully updated the keystore
01/03/2023 12:06:37 DEBUG: filebeat started.
01/03/2023 12:06:55 DEBUG: wazuh-dashboard started.
01/03/2023 12:06:55 DEBUG: Loading new passwords changes.
cp: cannot stat '/usr/share/wazuh-indexer/backup/*': No such file or directory
Security Admin v7
Will connect to 127.0.0.1:9300 ... done
ERR: Cannot connect to OpenSearch. Please refer to opensearch logfile for more information
Trace:
NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{fpaBe_DESqqlUYxbUTFS8g}{127.0.0.1}{127.0.0.1:9300}]]
	at org.opensearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClientNodesService.java:381)
	at org.opensearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.java:272)
	at org.opensearch.client.transport.TransportProxyClient.execute(TransportProxyClient.java:79)
	at org.opensearch.client.transport.TransportClient.doExecute(TransportClient.java:484)
	at org.opensearch.client.support.AbstractClient.execute(AbstractClient.java:433)
	at org.opensearch.client.support.AbstractClient.execute(AbstractClient.java:419)
	at org.opensearch.security.tools.SecurityAdmin.execute(SecurityAdmin.java:524)
	at org.opensearch.security.tools.SecurityAdmin.main(SecurityAdmin.java:157)


01/03/2023 12:07:46 DEBUG: Passwords changed.
01/03/2023 12:07:46 ERROR: User  is not registered in Wazuh API
01/03/2023 12:07:46 INFO: --- Removing existing Wazuh installation ---
01/03/2023 12:07:46 INFO: Removing Wazuh manager.

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  wazuh-manager*
0 upgraded, 0 newly installed, 1 to remove and 46 not upgraded.
After this operation, 460 MB disk space will be freed.
(Reading database ... 154136 files and directories currently installed.)... 
Removing wazuh-manager (4.3.10-1) ...
(Reading database ... 135463 files and directories currently installed.)
Purging configuration files for wazuh-manager (4.3.10-1) ...
01/03/2023 12:09:11 INFO: Wazuh manager removed.
01/03/2023 12:09:11 INFO: Removing Wazuh indexer.

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  wazuh-indexer*
0 upgraded, 0 newly installed, 1 to remove and 46 not upgraded.
After this operation, 639 MB disk space will be freed.
(Reading database ... 135445 files and directories currently installed.)... 
Removing wazuh-indexer (4.3.10-1) ...
Stopping wazuh-indexer service... OK
(Reading database ... 134513 files and directories currently installed.)
Purging configuration files for wazuh-indexer (4.3.10-1) ...
Deleting configuration directory... OK
dpkg: warning: while removing wazuh-indexer, directory '/usr/lib/systemd/system' not empty so not removed
dpkg: warning: while removing wazuh-indexer, directory '/var/lib/wazuh-indexer' not empty so not removed
dpkg: warning: while removing wazuh-indexer, directory '/var/log/wazuh-indexer' not empty so not removed
01/03/2023 12:09:37 INFO: Wazuh indexer removed.
01/03/2023 12:09:37 INFO: Removing Filebeat.

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  filebeat*
0 upgraded, 0 newly installed, 1 to remove and 46 not upgraded.
After this operation, 73.6 MB disk space will be freed.
(Reading database ... 134500 files and directories currently installed.) ... 
Removing filebeat (7.10.2) ...
(Reading database ... 134208 files and directories currently installed.)
Purging configuration files for filebeat (7.10.2) ...
dpkg: warning: while removing filebeat, directory '/etc/filebeat' not empty so not removed
dpkg: warning: while removing filebeat, directory '/usr/share/filebeat/module' not empty so not removed
01/03/2023 12:09:40 INFO: Filebeat removed.
01/03/2023 12:09:40 INFO: Removing Wazuh dashboard.

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  wazuh-dashboard*
0 upgraded, 0 newly installed, 1 to remove and 46 not upgraded.
After this operation, 635 MB disk space will be freed.
(Reading database ... 134181 files and directories currently installed.)... 
Removing wazuh-dashboard (4.3.10-1) ...
Stopping wazuh-dashboard service... OK
Deleting PID directory... OK
Deleting installation directory... OK
(Reading database ... 75657 files and directories currently installed.)
Purging configuration files for wazuh-dashboard (4.3.10-1) ...
 OK
01/03/2023 12:10:02 INFO: Wazuh dashboard removed.
01/03/2023 12:10:03 INFO: Installation cleaned.
root@ubuntu22:/home/vagrant#

Comparison of the function where the error is in successful and failed runs

Succesful run 
+ for j in "${!fileapiusers[@]}"
+ supported=false
+ for i in "${!api_users[@]}"
+ [[ wazuh == \w\a\z\u\h ]]
+ passwords_checkPassword 'hD5nhU6Pu9QWojUCmANnNbc6uqK6uJ*P'
+ echo 'hD5nhU6Pu9QWojUCmANnNbc6uqK6uJ*P'
+ grep -q '[A-Z]'
+ echo 'hD5nhU6Pu9QWojUCmANnNbc6uqK6uJ*P'
+ grep -q '[a-z]'
+ echo 'hD5nhU6Pu9QWojUCmANnNbc6uqK6uJ*P'
+ grep -q '[0-9]'
+ echo 'hD5nhU6Pu9QWojUCmANnNbc6uqK6uJ*P'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ api_passwords[i]='hD5nhU6Pu9QWojUCmANnNbc6uqK6uJ*P'
+ supported=true
+ for i in "${!api_users[@]}"
+ [[ wazuh-wui == \w\a\z\u\h ]]
+ '[' true = false ']'
+ for j in "${!fileapiusers[@]}"
+ supported=false
+ for i in "${!api_users[@]}"
+ [[ wazuh == \w\a\z\u\h\-\w\u\i ]]
+ for i in "${!api_users[@]}"
+ [[ wazuh-wui == \w\a\z\u\h\-\w\u\i ]]
+ passwords_checkPassword 'ruO3AlFH+odX3?O9p0MnRn.0.01R?ZqE'
+ echo 'ruO3AlFH+odX3?O9p0MnRn.0.01R?ZqE'
+ grep -q '[A-Z]'
+ echo 'ruO3AlFH+odX3?O9p0MnRn.0.01R?ZqE'
+ grep -q '[a-z]'
+ echo 'ruO3AlFH+odX3?O9p0MnRn.0.01R?ZqE'
+ grep -q '[0-9]'
+ echo 'ruO3AlFH+odX3?O9p0MnRn.0.01R?ZqE'
+ grep -q '[.*+?-]'
+ '[' 32 -lt 8 ']'
+ '[' 32 -gt 64 ']'
+ api_passwords[i]='ruO3AlFH+odX3?O9p0MnRn.0.01R?ZqE'
+ supported=true
+ '[' true = false ']'
+ set +ex
Failed run 
+ for j in "${!fileapiusers[@]}"
+ supported=false
+ '[' false = false ']'
+ '[' -n 'wazuh-indexer/unstable,now 4.4.0-1 amd64 [installed]' ']'
+ common_logger -e 'The Wazuh API user wazuh does not exist'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='01/03/2023 10:53:14'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -e ']'
+ '[' -n -e ']'
+ case ${1} in
+ mtype=ERROR:
+ shift 1
+ '[' -n 'The Wazuh API user wazuh does not exist' ']'
+ case ${1} in
+ message='The Wazuh API user wazuh does not exist'
+ shift 1
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ tee -a /var/log/wazuh-install.log
+ printf '%s\n' '01/03/2023 10:53:14 ERROR: The Wazuh API user wazuh does not exist'
01/03/2023 10:53:14 ERROR: The Wazuh API user wazuh does not exist
+ for j in "${!fileapiusers[@]}"
+ supported=false
+ '[' false = false ']'
+ '[' -n 'wazuh-indexer/unstable,now 4.4.0-1 amd64 [installed]' ']'
+ common_logger -e 'The Wazuh API user wazuh-wui does not exist'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='01/03/2023 10:53:14'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -e ']'
+ '[' -n -e ']'
+ case ${1} in
+ mtype=ERROR:
+ shift 1
+ '[' -n 'The Wazuh API user wazuh-wui does not exist' ']'
+ case ${1} in
+ message='The Wazuh API user wazuh-wui does not exist'
+ shift 1
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ tee -a /var/log/wazuh-install.log
+ printf '%s\n' '01/03/2023 10:53:14 ERROR: The Wazuh API user wazuh-wui does not exist'
01/03/2023 10:53:14 ERROR: The Wazuh API user wazuh-wui does not exist

@verdx
Copy link
Contributor Author

verdx commented Mar 1, 2023

Update: investigation and solution

Test with more verbose in Ubuntu 22, 1GB 1 core

+ passwords_getApiToken
++ curl -s -u wazuh:wazuh -k -X GET 'https://localhost:55000/security/user/authenticate?raw=true'
+ TOKEN_API='{"title": "Wazuh Internal Error", "detail": "Timeout executing API request", "dapi_errors": {"node01": {"error": "Timeout executing API request", "logfile": "WAZUH_HOME/logs/api.log"}}, "error": 3021}'
+ [[ {"title": "Wazuh Internal Error", "detail": "Timeout executing API request", "dapi_errors": {"node01": {"error": "Timeout executing API request", "logfile": "WAZUH_HOME/logs/api.log"}}, "error": 3021} =~ Invalid credentials ]]
+ passwords_getApiUsers
+ mapfile -t api_users
++ grep username
++ awk '-F: ' '{print $2}'
++ curl -s -k -X GET -H 'Authorization: Bearer {"title": "Wazuh Internal Error", "detail": "Timeout executing API request", "dapi_errors": {"node01": {"error": "Timeout executing API request", "logfile": "WAZUH_HOME/logs/api.log"}}, "error": 3021}' -H 'Content-Type: application/json' 'https://localhost:55000/security/users?pretty=true'
++ sed -e 's/[\'\''",]//g'
+ passwords_getApiIds

Investigation

The error has been followed until function passwords_getApiToken, where the API Token is retrieved. Because of some yet unknown reason, that will probably be another error that is not being caught, related to the capabilities of the host, the retrieval of the token gives a Timeout error. This error is not caught inside the function, only the error for Invalid credentials is , and so the variable TOKEN_API gets set to the error output, which cascades the error along the password change.

Solution

The solution consists on applying the same type of changes done by @davidcr01 in PR #2063, and improve the catching of errors in curl, not only in this specific function, but generally in all the files related to the unattended that weren't changed in the mentioned PR.

@verdx
Copy link
Contributor Author

verdx commented Mar 2, 2023

Update: testing

🟢 4.5.0 All-in-one, RHEL 8, 4GB 2cores

4.5.0 all-in-one test passed 
[root@redhat8 vagrant]# bash wazuh-install.sh -a -v -o
02/03/2023 09:45:02 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.0
02/03/2023 09:45:02 INFO: Verbose logging redirected to /var/log/wazuh-install.log
02/03/2023 09:45:16 INFO: --- Removing existing Wazuh installation ---
02/03/2023 09:45:16 INFO: Removing Wazuh manager.
Dependencies resolved.
================================================================================
 Package                Architecture    Version           Repository       Size
================================================================================
Removing:
 wazuh-manager          x86_64          4.3.10-1          @wazuh          438 M

Transaction Summary
================================================================================
Remove  1 Package

Freed space: 438 M
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Running scriptlet: wazuh-manager-4.3.10-1.x86_64                          1/1 
  Erasing          : wazuh-manager-4.3.10-1.x86_64                          1/1 
warning: /var/ossec/etc/ossec.conf saved as /var/ossec/etc/ossec.conf.rpmsave

  Running scriptlet: wazuh-manager-4.3.10-1.x86_64                          1/1 
  Verifying        : wazuh-manager-4.3.10-1.x86_64                          1/1 
Installed products updated.

Removed:
  wazuh-manager-4.3.10-1.x86_64                                                 

Complete!
02/03/2023 09:45:54 INFO: Wazuh manager removed.
02/03/2023 09:45:54 INFO: Removing Wazuh indexer.
Dependencies resolved.
================================================================================
 Package                Architecture    Version           Repository       Size
================================================================================
Removing:
 wazuh-indexer          x86_64          4.3.10-1          @wazuh          614 M

Transaction Summary
================================================================================
Remove  1 Package

Freed space: 614 M
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Running scriptlet: wazuh-indexer-4.3.10-1.x86_64                          1/1 
Stopping wazuh-indexer service... OK

  Erasing          : wazuh-indexer-4.3.10-1.x86_64                          1/1 
warning: /etc/wazuh-indexer/opensearch.yml saved as /etc/wazuh-indexer/opensearch.yml.rpmsave
warning: /etc/wazuh-indexer/jvm.options saved as /etc/wazuh-indexer/jvm.options.rpmsave

  Running scriptlet: wazuh-indexer-4.3.10-1.x86_64                          1/1 
  Verifying        : wazuh-indexer-4.3.10-1.x86_64                          1/1 
Installed products updated.

Removed:
  wazuh-indexer-4.3.10-1.x86_64                                                 

Complete!
02/03/2023 09:45:57 INFO: Wazuh indexer removed.
02/03/2023 09:45:57 INFO: Removing Filebeat.
Dependencies resolved.
================================================================================
 Package            Architecture     Version             Repository        Size
================================================================================
Removing:
 filebeat           x86_64           7.10.2-1            @wazuh            70 M

Transaction Summary
================================================================================
Remove  1 Package

Freed space: 70 M
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Erasing          : filebeat-7.10.2-1.x86_64                               1/1 
warning: /etc/filebeat/filebeat.yml saved as /etc/filebeat/filebeat.yml.rpmsave

  Running scriptlet: filebeat-7.10.2-1.x86_64                               1/1 
  Verifying        : filebeat-7.10.2-1.x86_64                               1/1 
Installed products updated.

Removed:
  filebeat-7.10.2-1.x86_64                                                      

Complete!
02/03/2023 09:45:59 INFO: Filebeat removed.
02/03/2023 09:45:59 INFO: Removing Wazuh dashboard.
Dependencies resolved.
================================================================================
 Package                 Architecture   Version            Repository      Size
================================================================================
Removing:
 wazuh-dashboard         x86_64         4.3.10-1           @wazuh         587 M

Transaction Summary
================================================================================
Remove  1 Package

Freed space: 587 M
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Running scriptlet: wazuh-dashboard-4.3.10-1.x86_64                        1/1 
Stopping wazuh-dashboard service...
  Erasing          : wazuh-dashboard-4.3.10-1.x86_64                        1/1 
warning: /etc/wazuh-dashboard/opensearch_dashboards.yml saved as /etc/wazuh-dashboard/opensearch_dashboards.yml.rpmsave

  Running scriptlet: wazuh-dashboard-4.3.10-1.x86_64                        1/1 
  Verifying        : wazuh-dashboard-4.3.10-1.x86_64                        1/1 
Installed products updated.

Removed:
  wazuh-dashboard-4.3.10-1.x86_64                                               

Complete!
02/03/2023 09:46:16 INFO: Wazuh dashboard removed.
02/03/2023 09:46:16 INFO: Installation cleaned.
02/03/2023 09:46:38 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/pre-release/yum/
protect=1
02/03/2023 09:46:44 INFO: Wazuh development repository added.
02/03/2023 09:46:44 INFO: --- Configuration files ---
02/03/2023 09:46:44 INFO: Generating configuration files.
02/03/2023 09:46:44 DEBUG: Creating the root certificate.
Generating a RSA private key
...................+++++
................+++++
writing new private key to '/tmp/wazuh-certificates//root-ca.key'
-----
Generating RSA private key, 2048 bit long modulus (2 primes)
......................................................................................................................................................+++++
.......................................................................................................................................+++++
e is 65537 (0x010001)
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
Getting CA Private Key
02/03/2023 09:46:45 DEBUG: Creating the Wazuh indexer certificates.
Ignoring -days; not generating a certificate
Generating a RSA private key
...........+++++
.........................................................+++++
writing new private key to '/tmp/wazuh-certificates//wazuh-indexer-key.pem'
-----
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
Getting CA Private Key
02/03/2023 09:46:45 DEBUG: Creating the Wazuh server certificates.
Ignoring -days; not generating a certificate
Generating a RSA private key
.+++++
..+++++
writing new private key to '/tmp/wazuh-certificates//wazuh-server-key.pem'
-----
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
Getting CA Private Key
02/03/2023 09:46:45 DEBUG: Creating the Wazuh dashboard certificates.
Ignoring -days; not generating a certificate
Generating a RSA private key
............................+++++
...................+++++
writing new private key to '/tmp/wazuh-certificates//wazuh-dashboard-key.pem'
-----
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
Getting CA Private Key
02/03/2023 09:46:45 DEBUG: Generating random passwords.
02/03/2023 09:46:45 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
02/03/2023 09:46:46 INFO: --- Wazuh indexer ---
02/03/2023 09:46:46 INFO: Starting Wazuh indexer installation.
EL-8 - Wazuh                                    2.8 kB/s | 3.4 kB     00:01    
Last metadata expiration check: 0:00:04 ago on Thu 02 Mar 2023 09:46:30 AM UTC.
No match for argument: wazuh-indexer-4.5.0
Error: Unable to find a match: wazuh-indexer-4.5.0
02/03/2023 09:46:56 ERROR: Wazuh indexer installation failed.
02/03/2023 09:46:56 INFO: --- Removing existing Wazuh installation ---
02/03/2023 09:46:56 INFO: Installation cleaned.
[root@redhat8 vagrant]# rm -rf wazuh-install*
[root@redhat8 vagrant]# bash wazuh-install.sh -a -o -v
02/03/2023 09:48:06 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.0
02/03/2023 09:48:06 INFO: Verbose logging redirected to /var/log/wazuh-install.log
02/03/2023 09:48:20 INFO: --- Removing existing Wazuh installation ---
02/03/2023 09:48:20 INFO: Wazuh GPG key not found in the system
02/03/2023 09:48:21 INFO: Installation cleaned.
02/03/2023 09:48:24 DEBUG: Adding the Wazuh repository.
[wazuh]
gpgcheck=1
gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-${releasever} - Wazuh
baseurl=https://packages-dev.wazuh.com/staging/yum/
protect=1
02/03/2023 09:48:25 INFO: Wazuh development repository added.
02/03/2023 09:48:25 INFO: --- Configuration files ---
02/03/2023 09:48:25 INFO: Generating configuration files.
02/03/2023 09:48:26 DEBUG: Creating the root certificate.
Generating a RSA private key
........+++++
............................................................................+++++
writing new private key to '/tmp/wazuh-certificates//root-ca.key'
-----
Generating RSA private key, 2048 bit long modulus (2 primes)
...............................+++++
.........................+++++
e is 65537 (0x010001)
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
Getting CA Private Key
02/03/2023 09:48:26 DEBUG: Creating the Wazuh indexer certificates.
Ignoring -days; not generating a certificate
Generating a RSA private key
..........................................................................................................+++++
..........+++++
writing new private key to '/tmp/wazuh-certificates//wazuh-indexer-key.pem'
-----
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
Getting CA Private Key
02/03/2023 09:48:26 DEBUG: Creating the Wazuh server certificates.
Ignoring -days; not generating a certificate
Generating a RSA private key
.............+++++
..+++++
writing new private key to '/tmp/wazuh-certificates//wazuh-server-key.pem'
-----
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
Getting CA Private Key
02/03/2023 09:48:27 DEBUG: Creating the Wazuh dashboard certificates.
Ignoring -days; not generating a certificate
Generating a RSA private key
.................................................+++++
....................+++++
writing new private key to '/tmp/wazuh-certificates//wazuh-dashboard-key.pem'
-----
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
Getting CA Private Key
02/03/2023 09:48:27 DEBUG: Generating random passwords.
02/03/2023 09:48:27 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
02/03/2023 09:48:27 INFO: --- Wazuh indexer ---
02/03/2023 09:48:27 INFO: Starting Wazuh indexer installation.
EL-8 - Wazuh                                    1.5 MB/s | 6.8 MB     00:04    
Last metadata expiration check: 0:00:04 ago on Thu 02 Mar 2023 09:48:31 AM UTC.
Dependencies resolved.
================================================================================
 Package               Architecture   Version               Repository     Size
================================================================================
Installing:
 wazuh-indexer         x86_64         4.5.0-40500           wazuh         497 M

Transaction Summary
================================================================================
Install  1 Package

Total download size: 497 M
Installed size: 747 M
Downloading Packages:
wazuh-indexer-4.5.0-40500.x86_64.rpm            4.0 MB/s | 497 MB     02:04    
--------------------------------------------------------------------------------
Total                                           4.0 MB/s | 497 MB     02:04     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Running scriptlet: wazuh-indexer-4.5.0-40500.x86_64                       1/1 
  Installing       : wazuh-indexer-4.5.0-40500.x86_64                       1/1 
  Running scriptlet: wazuh-indexer-4.5.0-40500.x86_64                       1/1 
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore

  Verifying        : wazuh-indexer-4.5.0-40500.x86_64                       1/1 
Installed products updated.

Installed:
  wazuh-indexer-4.5.0-40500.x86_64                                              

Complete!
02/03/2023 09:51:48 INFO: Wazuh indexer installation finished.
02/03/2023 09:51:48 DEBUG: Configuring Wazuh indexer.
02/03/2023 09:51:48 INFO: Wazuh indexer post-install configuration finished.
02/03/2023 09:51:48 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
02/03/2023 09:52:13 INFO: wazuh-indexer service started.
02/03/2023 09:52:13 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.4.1
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
02/03/2023 09:52:23 INFO: Wazuh indexer cluster initialized.
02/03/2023 09:52:23 INFO: --- Wazuh server ---
02/03/2023 09:52:23 INFO: Starting the Wazuh manager installation.
Last metadata expiration check: 0:03:56 ago on Thu 02 Mar 2023 09:48:31 AM UTC.
Dependencies resolved.
================================================================================
 Package               Architecture   Version               Repository     Size
================================================================================
Installing:
 wazuh-manager         x86_64         4.5.0-40500           wazuh         117 M

Transaction Summary
================================================================================
Install  1 Package

Total download size: 117 M
Installed size: 444 M
Downloading Packages:
wazuh-manager-4.5.0-40500.x86_64.rpm            4.1 MB/s | 117 MB     00:28    
--------------------------------------------------------------------------------
Total                                           4.1 MB/s | 117 MB     00:28     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Running scriptlet: wazuh-manager-4.5.0-40500.x86_64                       1/1 
  Installing       : wazuh-manager-4.5.0-40500.x86_64                       1/1 
  Running scriptlet: wazuh-manager-4.5.0-40500.x86_64                       1/1 
  Verifying        : wazuh-manager-4.5.0-40500.x86_64                       1/1 
Installed products updated.

Installed:
  wazuh-manager-4.5.0-40500.x86_64                                              

Complete!
02/03/2023 09:54:20 INFO: Wazuh manager installation finished.
02/03/2023 09:54:20 INFO: Starting service wazuh-manager.
Synchronizing state of wazuh-manager.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-manager
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service.
02/03/2023 09:54:39 INFO: wazuh-manager service started.
02/03/2023 09:54:39 INFO: Starting Filebeat installation.

Installed:
  filebeat-7.10.2-1.x86_64                                                      

02/03/2023 09:54:56 INFO: Filebeat installation finished.
wazuh/
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/manifest.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/manifest.yml
wazuh/_meta/
wazuh/_meta/config.yml
wazuh/_meta/fields.yml
wazuh/_meta/docs.asciidoc
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
02/03/2023 09:54:58 INFO: Filebeat post-install configuration finished.
02/03/2023 09:54:58 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service.
02/03/2023 09:54:59 INFO: filebeat service started.
02/03/2023 09:54:59 INFO: --- Wazuh dashboard ---
02/03/2023 09:54:59 INFO: Starting Wazuh dashboard installation.
Last metadata expiration check: 0:06:29 ago on Thu 02 Mar 2023 09:48:31 AM UTC.
Dependencies resolved.
================================================================================
 Package                 Architecture   Version             Repository     Size
================================================================================
Installing:
 wazuh-dashboard         x86_64         4.5.0-40500         wazuh         327 M

Transaction Summary
================================================================================
Install  1 Package

Total download size: 327 M
Installed size: 1.1 G
Downloading Packages:
wazuh-dashboard-4.5.0-40500.x86_64.rpm          4.6 MB/s | 327 MB     01:10    
--------------------------------------------------------------------------------
Total                                           4.6 MB/s | 327 MB     01:10     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Running scriptlet: wazuh-dashboard-4.5.0-40500.x86_64                     1/1 
  Installing       : wazuh-dashboard-4.5.0-40500.x86_64                     1/1 
  Running scriptlet: wazuh-dashboard-4.5.0-40500.x86_64                     1/1 
  Verifying        : wazuh-dashboard-4.5.0-40500.x86_64                     1/1 
Installed products updated.

Installed:
  wazuh-dashboard-4.5.0-40500.x86_64                                            

Complete!
02/03/2023 09:59:01 INFO: Wazuh dashboard installation finished.
02/03/2023 09:59:01 DEBUG: Wazuh dashboard certificate setup finished.
02/03/2023 09:59:01 INFO: Wazuh dashboard post-install configuration finished.
02/03/2023 09:59:01 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
02/03/2023 09:59:02 INFO: wazuh-dashboard service started.
02/03/2023 09:59:02 DEBUG: Setting Wazuh indexer cluster passwords.
02/03/2023 09:59:25 DEBUG: Generating password hashes.
02/03/2023 09:59:37 DEBUG: Password hashes generated.
02/03/2023 09:59:38 DEBUG: Creating password backup.
mkdir: cannot create directory ‘/etc/wazuh-indexer/backup’: File exists
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.4.1
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
02/03/2023 09:59:55 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
Successfully updated the keystore
02/03/2023 09:59:59 DEBUG: filebeat started.
02/03/2023 10:00:11 DEBUG: wazuh-dashboard started.
02/03/2023 10:00:11 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.4.1
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/vagrant
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
02/03/2023 10:00:16 DEBUG: Passwords changed.
02/03/2023 10:00:29 INFO: Initializing Wazuh dashboard web application.
02/03/2023 10:00:31 INFO: Wazuh dashboard web application initialized.
02/03/2023 10:00:31 INFO: --- Summary ---
02/03/2023 10:00:31 INFO: You can access the web interface https://<wazuh-dashboard-ip>
    User: admin
    Password: WHmhG5?aUot0vJhgO+yEtH*lU3iYy+.b
02/03/2023 10:00:31 INFO: Installation finished.
[root@redhat8 vagrant]#

🟢 4.3.10, Step-by-step, RHEL 8, 1GB 1 core

The step by step installation has been tested in the step by step but the error is not replicated

4.3.10 successful step by step test 
[root@redhat8 vagrant]# curl -sO https://packages.wazuh.com/4.3/wazuh-certs-tool.sh
[root@redhat8 vagrant]# curl -sO https://packages.wazuh.com/4.3/config.yml
[root@redhat8 vagrant]# vim config.yml 
[root@redhat8 vagrant]# bash ./wazuh-certs-tool.sh -A
02/03/2023 10:17:28 INFO: Admin certificates created.
02/03/2023 10:17:29 INFO: Wazuh indexer certificates created.
02/03/2023 10:17:29 INFO: Wazuh server certificates created.
02/03/2023 10:17:29 INFO: Wazuh dashboard certificates created.
[root@redhat8 vagrant]# tar -cvf ./wazuh-certificates.tar -C ./wazuh-certificates/ .
./
./root-ca.key
./root-ca.pem
./admin-key.pem
./admin.pem
./wazuh-indexer-key.pem
./wazuh-indexer.pem
./wazuh-server-key.pem
./wazuh-server.pem
./wazuh-dashboard-key.pem
./wazuh-dashboard.pem
[root@redhat8 vagrant]# rm -rf ./wazuh-certificates
[root@redhat8 vagrant]# yum install coreutils
Extra Packages for Enterprise Linux 8 - x86_64                                                                                                                                     2.4 MB/s |  14 MB     00:05    
Last metadata expiration check: 0:00:07 ago on Thu 02 Mar 2023 10:18:01 AM UTC.
Package coreutils-8.30-13.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@redhat8 vagrant]# rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
[root@redhat8 vagrant]# echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo
[wazuh]
gpgcheck=1
gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-$releasever - Wazuh
baseurl=https://packages.wazuh.com/4.x/yum/
protect=1
[root@redhat8 vagrant]# yum -y install wazuh-indexer
EL-8 - Wazuh                                                                                                                                                                       2.5 MB/s |  12 MB     00:04    
Last metadata expiration check: 0:00:07 ago on Thu 02 Mar 2023 10:19:02 AM UTC.
Dependencies resolved.
===================================================================================================================================================================================================================
 Package                                                 Architecture                                     Version                                            Repository                                       Size
===================================================================================================================================================================================================================
Installing:
 wazuh-indexer                                           x86_64                                           4.3.10-1                                           wazuh                                           361 M

Transaction Summary
===================================================================================================================================================================================================================
Install  1 Package

Total download size: 361 M
Installed size: 614 M
Downloading Packages:
wazuh-indexer-4.3.10-1.x86_64.rpm                                                                                                                                                  5.6 MB/s | 361 MB     01:04    
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                              5.6 MB/s | 361 MB     01:04     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                                           1/1 
  Running scriptlet: wazuh-indexer-4.3.10-1.x86_64                                                                                                                                                             1/1 
  Installing       : wazuh-indexer-4.3.10-1.x86_64                                                                                                                                                             1/1 
  Running scriptlet: wazuh-indexer-4.3.10-1.x86_64                                                                                                                                                             1/1 
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore

  Verifying        : wazuh-indexer-4.3.10-1.x86_64                                                                                                                                                             1/1 
Installed products updated.

Installed:
  wazuh-indexer-4.3.10-1.x86_64                                                                                                                                                                                    

Complete!
[root@redhat8 vagrant]# vim /etc/wazuh-indexer/opensearch
[root@redhat8 vagrant]# vim /etc/wazuh-indexer/opensearch.
opensearch.keystore  opensearch.yml       
[root@redhat8 vagrant]# vim /etc/wazuh-indexer/opensearch.yml 
[root@redhat8 vagrant]# NODE_NAME=wazuh-indexer
[root@redhat8 vagrant]# mkdir /etc/wazuh-indexer/certs
[root@redhat8 vagrant]# tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem
[root@redhat8 vagrant]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem
[root@redhat8 vagrant]# mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem
[root@redhat8 vagrant]# chmod 500 /etc/wazuh-indexer/certs
[root@redhat8 vagrant]# chmod 400 /etc/wazuh-indexer/certs/*
[root@redhat8 vagrant]# chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs
[root@redhat8 vagrant]# systemctl daemon-reload
[root@redhat8 vagrant]# systemctl enable wazuh-indexer
Synchronizing state of wazuh-indexer.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /usr/lib/systemd/system/wazuh-indexer.service.
[root@redhat8 vagrant]# systemctl start wazuh-indexer
Job for wazuh-indexer.service failed because a timeout was exceeded.
See "systemctl status wazuh-indexer.service" and "journalctl -xe" for details.
[root@redhat8 vagrant]# vim /etc/wazuh-indexer/jvm.options
[root@redhat8 vagrant]# systemctl start wazuh-indexer
Job for wazuh-indexer.service failed because a timeout was exceeded.
See "systemctl status wazuh-indexer.service" and "journalctl -xe" for details.
[root@redhat8 vagrant]# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: failed (Result: timeout) since Thu 2023-03-02 10:28:47 UTC; 1min 16s ago
     Docs: https://documentation.wazuh.com
  Process: 5287 ExecStart=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet (code=exited, status=143)
 Main PID: 5287 (code=exited, status=143)

Mar 02 10:27:31 redhat8 systemd[1]: Starting Wazuh-indexer...
Mar 02 10:28:46 redhat8 systemd[1]: wazuh-indexer.service: start operation timed out. Terminating.
Mar 02 10:28:47 redhat8 systemd[1]: wazuh-indexer.service: Failed with result 'timeout'.
Mar 02 10:28:47 redhat8 systemd[1]: Failed to start Wazuh-indexer.
[root@redhat8 vagrant]# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
Security Admin v7
Will connect to 127.0.0.1:9300
ERR: Seems there is no OpenSearch running on 127.0.0.1:9300 - Will exit
[root@redhat8 vagrant]# yum -y install wazuh-manager
Last metadata expiration check: 0:05:19 ago on Thu 02 Mar 2023 10:26:23 AM UTC.
Dependencies resolved.
===================================================================================================================================================================================================================
 Package                                                 Architecture                                     Version                                            Repository                                       Size
===================================================================================================================================================================================================================
Installing:
 wazuh-manager                                           x86_64                                           4.3.10-1                                           wazuh                                           115 M

Transaction Summary
===================================================================================================================================================================================================================
Install  1 Package

Total download size: 115 M
Installed size: 438 M
Downloading Packages:
wazuh-manager-4.3.10-1.x86_64.rpm                                                                                                                                                  5.1 MB/s | 115 MB     00:22    
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                              5.1 MB/s | 115 MB     00:22     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                                           1/1 
  Running scriptlet: wazuh-manager-4.3.10-1.x86_64                                                                                                                                                             1/1 
  Installing       : wazuh-manager-4.3.10-1.x86_64                                                                                                                                                             1/1 
  Running scriptlet: wazuh-manager-4.3.10-1.x86_64                                                                                                                                                             1/1 
  Verifying        : wazuh-manager-4.3.10-1.x86_64                                                                                                                                                             1/1 
Installed products updated.

Installed:
  wazuh-manager-4.3.10-1.x86_64                                                                                                                                                                                    

Complete!
[root@redhat8 vagrant]# systemctl daemon-reload
[root@redhat8 vagrant]# systemctl enable wazuh-manager
Synchronizing state of wazuh-manager.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable wazuh-manager
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /usr/lib/systemd/system/wazuh-manager.service.
[root@redhat8 vagrant]# systemctl start wazuh-manager
[root@redhat8 vagrant]# systemctl status wazuh-manager
● wazuh-manager.service - Wazuh manager
   Loaded: loaded (/usr/lib/systemd/system/wazuh-manager.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2023-03-02 10:34:51 UTC; 2min 23s ago
  Process: 6484 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
    Tasks: 104 (limit: 4914)
   Memory: 450.2M
   CGroup: /system.slice/wazuh-manager.service
           ├─6540 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─6581 /var/ossec/bin/wazuh-authd
           ├─6598 /var/ossec/bin/wazuh-db
           ├─6622 /var/ossec/bin/wazuh-execd
           ├─6625 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─6628 /var/ossec/framework/python/bin/python3 /var/ossec/api/scripts/wazuh-apid.py
           ├─6644 /var/ossec/bin/wazuh-analysisd
           ├─6658 /var/ossec/bin/wazuh-syscheckd
           ├─6695 /var/ossec/bin/wazuh-remoted
           ├─6721 /var/ossec/bin/wazuh-logcollector
           ├─6741 /var/ossec/bin/wazuh-monitord
           └─6762 /var/ossec/bin/wazuh-modulesd

[root@redhat8 vagrant]# yum -y install filebeat
Last metadata expiration check: 0:11:01 ago on Thu 02 Mar 2023 10:26:23 AM UTC.
Dependencies resolved.
===================================================================================================================================================================================================================
 Package                                             Architecture                                      Version                                              Repository                                        Size
===================================================================================================================================================================================================================
Installing:
 filebeat                                            x86_64                                            7.10.2-1                                             wazuh                                             21 M

Transaction Summary
===================================================================================================================================================================================================================
Install  1 Package

Total download size: 21 M
Installed size: 70 M
Downloading Packages:
filebeat-oss-7.10.2-x86_64.rpm                                                                                                                                                     4.3 MB/s |  21 MB     00:04    
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                              4.2 MB/s |  21 MB     00:04     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                                           1/1 
  Installing       : filebeat-7.10.2-1.x86_64                                                                                                                                                                  1/1 
  Running scriptlet: filebeat-7.10.2-1.x86_64                                                                                                                                                                  1/1 
  Verifying        : filebeat-7.10.2-1.x86_64                                                                                                                                                                  1/1 
Installed products updated.

Installed:
  filebeat-7.10.2-1.x86_64                                                                                                                                                                                         

Complete!
[root@redhat8 vagrant]# curl -so /etc/filebeat/filebeat.yml https://packages.wazuh.com/4.3/tpl/wazuh/filebeat/filebeat.yml
[root@redhat8 vagrant]# vim /etc/filebeat/filebeat.yml 
[root@redhat8 vagrant]# filebeat keystore create
Created filebeat keystore
[root@redhat8 vagrant]# echo admin | filebeat keystore add username --stdin --force
Successfully updated the keystore
[root@redhat8 vagrant]# echo admin | filebeat keystore add password --stdin --force
Successfully updated the keystore
[root@redhat8 vagrant]# curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json
[root@redhat8 vagrant]# chmod go+r /etc/filebeat/wazuh-template.json
[root@redhat8 vagrant]# curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz | tar -xvz -C /usr/share/filebeat/module
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/manifest.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/manifest.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/module.yml
[root@redhat8 vagrant]# NODE_NAME=wazuh-server
[root@redhat8 vagrant]# mkdir /etc/filebeat/certs
[root@redhat8 vagrant]# tar -xf ./wazuh-certificates.tar -C /etc/filebeat/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
[root@redhat8 vagrant]# mv -n /etc/filebeat/certs/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem
[root@redhat8 vagrant]# mv -n /etc/filebeat/certs/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem
[root@redhat8 vagrant]# chmod 500 /etc/filebeat/certs
[root@redhat8 vagrant]# chmod 400 /etc/filebeat/certs/*
[root@redhat8 vagrant]# chown -R root:root /etc/filebeat/certs
[root@redhat8 vagrant]# systemctl daemon-reload
[root@redhat8 vagrant]# systemctl enable filebeat
Synchronizing state of filebeat.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /usr/lib/systemd/system/filebeat.service.
[root@redhat8 vagrant]# systemctl start filebeat
[root@redhat8 vagrant]# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... ERROR dial tcp 127.0.0.1:9200: connect: connection refused
[root@redhat8 vagrant]# systemctl restart wazuh-indexer
[root@redhat8 vagrant]# systemctl start wazuh-indexer
[root@redhat8 vagrant]# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... ERROR 503 Service Unavailable: OpenSearch Security not initialized.
[root@redhat8 vagrant]# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
Security Admin v7
Will connect to 127.0.0.1:9300 ... done
ERR: Cannot connect to OpenSearch. Please refer to opensearch logfile for more information
Trace:
NoNodeAvailableException[None of the configured nodes were available: [{wazuh-indexer}{51qXWRzeQNiXIxS3amBMFA}{85nr052hRAO5fNOQoWh3aw}{127.0.0.1}{127.0.0.1:9300}{dimr}{shard_indexing_pressure_enabled=true}]]; nested: NodeDisconnectedException[[wazuh-indexer][127.0.0.1:9300][cluster:admin/opendistro_security/whoami] disconnected];
	at org.opensearch.client.transport.TransportClientNodesService$RetryListener.onFailure(TransportClientNodesService.java:323)
	at org.opensearch.action.ActionListenerResponseHandler.handleException(ActionListenerResponseHandler.java:72)
	at org.opensearch.transport.TransportService$ContextRestoreResponseHandler.handleException(TransportService.java:1357)
	at org.opensearch.transport.TransportService$9.run(TransportService.java:1214)
	at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:733)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630)
	at java.base/java.lang.Thread.run(Thread.java:832)
Caused by: NodeDisconnectedException[[wazuh-indexer][127.0.0.1:9300][cluster:admin/opendistro_security/whoami] disconnected]


[root@redhat8 vagrant]# vim /etc/wazuh-indexer/opensearch.yml 
[root@redhat8 vagrant]# systemctl restart wazuh-indexer
[root@redhat8 vagrant]# /usr/share/wazuh-indexer/bin/indexer-security-init.sh
Security Admin v7
Will connect to 127.0.0.1:9300 ... done
Connected as CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US
OpenSearch Version: 1.2.4
OpenSearch Security Version: 1.2.4.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/
Will update '_doc/config' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '_doc/roles' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '_doc/rolesmapping' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '_doc/internalusers' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '_doc/actiongroups' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '_doc/tenants' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '_doc/nodesdn' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '_doc/whitelist' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '_doc/audit' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Done with success
[root@redhat8 vagrant]# curl -k -u admin:admin https://127.0.0.1:9200
{
  "name" : "wazuh-indexer",
  "cluster_name" : "wazuh-cluster",
  "cluster_uuid" : "vEJ40mGRREuB6kuY2eUSuQ",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "e505b10357c03ae8d26d675172402f2f2144ef0f",
    "build_date" : "2022-01-14T03:38:06.881862Z",
    "build_snapshot" : false,
    "lucene_version" : "8.10.1",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}
[root@redhat8 vagrant]# curl -k -u admin:admin https://127.0.0.1:9200/_cat/nodes?v
ip        heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
127.0.0.1           21          92   4    0.20    0.82     0.74 dimr      *      wazuh-indexer
[root@redhat8 vagrant]# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.10.2
[root@redhat8 vagrant]# TOKEN=$(curl -u admin:admin -k -X GET "https://localhost:55000/security/user/authenticate?raw=true")
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    59  100    59    0     0      3      0  0:00:19  0:00:15  0:00:04     8
[root@redhat8 vagrant]# echo $TOKEN
{"title": "Unauthorized", "detail": "Invalid credentials"}
[root@redhat8 vagrant]# tar tvf wazuh-certificates.tar 
drwxr--r-- root/root         0 2023-03-02 10:17 ./
-rwxr--r-- root/root      1704 2023-03-02 10:17 ./root-ca.key
-rwxr--r-- root/root      1204 2023-03-02 10:17 ./root-ca.pem
-rwxr--r-- root/root      1704 2023-03-02 10:17 ./admin-key.pem
-rwxr--r-- root/root      1119 2023-03-02 10:17 ./admin.pem
-rwxr--r-- root/root      1704 2023-03-02 10:17 ./wazuh-indexer-key.pem
-rwxr--r-- root/root      1245 2023-03-02 10:17 ./wazuh-indexer.pem
-rwxr--r-- root/root      1704 2023-03-02 10:17 ./wazuh-server-key.pem
-rwxr--r-- root/root      1241 2023-03-02 10:17 ./wazuh-server.pem
-rwxr--r-- root/root      1704 2023-03-02 10:17 ./wazuh-dashboard-key.pem
-rwxr--r-- root/root      1245 2023-03-02 10:17 ./wazuh-dashboard.pem
[root@redhat8 vagrant]# TOKEN=$(curl -u wazuh:wazuh -k -X GET "https://localhost:55000/security/user/authenticate?raw=true")
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0     63      0  0:00:06  0:00:06 --:--:--    63
[root@redhat8 vagrant]# echo $TOKEN
eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjc3NzU0ODg3LCJleHAiOjE2Nzc3NTU3ODcsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AUhnpfCTO_fepS_tOsZ233nnrF687EKEe4PA90j4u4aER6rFar-FuzeUPVvW4jrKCA-oICSXo3CBsLP4SS7jE8MHASVlKMB9bTaSzCsHxj3gq9UtjWPGcDZK3_kq_aDyZvaRl9zf8hmrtYApZ9PkMmyYmtK9DpFl7JjF_OCjX9H9mzZH
[root@redhat8 vagrant]#

🔴 4.5.0 All-in-one, Ubuntu 22, 1GB 1cores

In version 4.5.0, where the solution seen in previous commentaries has already been implemented, the error keeps appearing, which means the curl still doesn't pick up correctly the error.

4.5.0 all-in-one test failed 
root@ubuntu22:/home/vagrant# bash wazuh-install.sh -a -i -o -v
02/03/2023 10:08:58 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.0
02/03/2023 10:08:58 INFO: Verbose logging redirected to /var/log/wazuh-install.log
Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease
Get:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease [119 kB]
Get:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease [107 kB]
Get:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease [110 kB]
Get:5 https://mirrors.edge.kernel.org/ubuntu jammy-updates/main amd64 Packages [938 kB]
Get:6 https://mirrors.edge.kernel.org/ubuntu jammy-updates/universe amd64 Packages [874 kB]
Fetched 2,149 kB in 2s (918 kB/s)
Reading package lists...
02/03/2023 10:09:08 INFO: --- Removing existing Wazuh installation ---
02/03/2023 10:09:08 INFO: Wazuh GPG key not found in the system
02/03/2023 10:09:09 INFO: Installation cleaned.
02/03/2023 10:09:09 WARNING: Hardware and system checks ignored.
Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease
Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease
Get:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease [107 kB]
Get:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease [110 kB]
Fetched 217 kB in 1s (210 kB/s)
Reading package lists...
02/03/2023 10:09:13 DEBUG: Adding the Wazuh repository.
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/staging/apt/ unstable main
Hit:1 https://mirrors.edge.kernel.org/ubuntu jammy InRelease
Hit:2 https://mirrors.edge.kernel.org/ubuntu jammy-updates InRelease
Get:3 https://mirrors.edge.kernel.org/ubuntu jammy-backports InRelease [107 kB]
Get:4 https://mirrors.edge.kernel.org/ubuntu jammy-security InRelease [110 kB]
Get:5 https://packages-dev.wazuh.com/staging/apt unstable InRelease [15.7 kB]
Get:6 https://packages-dev.wazuh.com/staging/apt unstable/main amd64 Packages [16.5 kB]
Fetched 249 kB in 2s (126 kB/s)
Reading package lists...
02/03/2023 10:09:18 INFO: Wazuh development repository added.
02/03/2023 10:09:18 INFO: --- Configuration files ---
02/03/2023 10:09:18 INFO: Generating configuration files.
02/03/2023 10:09:18 DEBUG: Creating the root certificate.
.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*............+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+....+...+..+.......+.....+..........+...+...+........+.+.....+.+...+.....+.........+.+......+......+.....+.........+......+.......+..+...+.+...........+.........+....+...+..+...+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
...+..+...+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+...+.+..+............+......+....+..+.+........+..........+......+...............+...+...+...+.....+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
02/03/2023 10:09:19 DEBUG: Creating the Wazuh indexer certificates.
Ignoring -days without -x509; not generating a certificate
..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+..+...+....+..+....+.....+.......+.....+...+.+...+...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.........+.................+.+.....+.......+.....+...+....+......+...+..+...+....+..+...+.+.........+...........+.+......+........+.........+.......+......+..+.+.....+.+......+..+..................+.......+..+...+............+....+..+...+....+...+..+...+...+...............+.........+.............+.........+......+............+...+...+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
....+...+..+....+..+....+...+......+.....+.+...+...........+..........+..............+...........................+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+.....+...+....+......+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..........+...+..+...+....+.....+...+............+.+......+......+..+...+.........+....+..............+...+...+.........+...+...+.+.....................+..+......................+......+.....+.........+.+...............+..+......+......+.+.........+...........+.........+....+..+....+...........+.......+......+..+....+...+.....+............+.+..+..........+...........+....+...+.....+...+...................+........+...+....+.....+..........+.....+......+.+.....+....+........................+..+......+.........+.+..+.+..+....+.....+.........+................+........+.............+...+..+.......+..+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
02/03/2023 10:09:19 DEBUG: Creating the Wazuh server certificates.
Ignoring -days without -x509; not generating a certificate
.+.....+...+.+...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+................+.....+....+..+....+.....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+......+..+.........+.+..+......+.+......+..+............+...+......+.+.....+....+..+..........+.....+.......+..+.........+.+..............+.+.....+...+.+.....................+.....+.............+...+............+.....+.......+...+........+...+.........+...+....+.....+.+..................+..+...+................+......+.....+...+...................+..+....+.....+............+...+....+......+...........+.+..+......+.+...+........+....+...+..+......+..........+...+..+.........+...+.+..+...+....+......+......+......+..+.+..............+...+.........+.........+..........+..+...+....+...+...+..+.........+......+...+....+...+............+...........+.+.....+.+........+.+...+...+..+..........+......+.....+.........+...+.........+......+.............+..+...+.+.....+...............+.+...+.....................+......+.....+.......+..+...+.+.........+........+..................+.......+........+.+.........+..+...+.......+.....+..........+...+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
02/03/2023 10:09:20 DEBUG: Creating the Wazuh dashboard certificates.
Ignoring -days without -x509; not generating a certificate
...+..+...+......+....+......+......+...+......+...........+.+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+....+..+...............+....+..+...+.........+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+......+.+......+.....+....+........+.+...........+.+.........+...+.......................+.........+.+..+.+..+.......+......+..+..........+...+..+....+........+.......+........+......+....+..+.........+......+.+...+..+...+....+.................+..........+......+.....+...+.....................+...+.+.....+....+.....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.....+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+...+.......+...+........+....+...+...+..+......+.........+.......+......+..+.+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+...................+.....+................+.....+.......+.....+.+...........+.............+...............+..+......+.......+........+.......+.....+.......+...........+...+......+..................+.+.....+.+...+............+.....+......+.......+..+..........+.....+...+.+..+............+.+.........+...........+.........+......+....+..+.+..+......+......+................+...+...........+...+.+.....+..........+..+.............+..............+.+.....+...............+.+...+..+.............+...+.....+....+...+.....+......+....+...+..+.......+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
Certificate request self-signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
02/03/2023 10:09:21 DEBUG: Generating random passwords.
02/03/2023 10:09:21 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
02/03/2023 10:09:22 INFO: --- Wazuh indexer ---
02/03/2023 10:09:22 INFO: Starting Wazuh indexer installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  wazuh-indexer
0 upgraded, 1 newly installed, 0 to remove and 46 not upgraded.
                                                               Need to get 0 B/501 MB of archives.
                                                                                                  After this operation, 778 MB of additional disk space will be used.
                                                                                                                                                                     Selecting previously unselected package wazuh-indexer.
(Reading database ... 75648 files and directories currently installed.)
Preparing to unpack .../wazuh-indexer_4.5.0-40500_amd64.deb ...
Creating wazuh-indexer group... OK
Creating wazuh-indexer user... OK
Unpacking wazuh-indexer (4.5.0-40500) ...
Setting up wazuh-indexer (4.5.0-40500) ...
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-58-generic
NEEDRESTART-KEXP: 5.15.0-58-generic
NEEDRESTART-KSTA: 1
02/03/2023 10:10:26 INFO: Wazuh indexer installation finished.
02/03/2023 10:10:26 DEBUG: Configuring Wazuh indexer.
02/03/2023 10:10:26 INFO: Wazuh indexer post-install configuration finished.
02/03/2023 10:10:26 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
02/03/2023 10:11:23 INFO: wazuh-indexer service started.
02/03/2023 10:11:24 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.4.1
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
02/03/2023 10:11:52 INFO: Wazuh indexer cluster initialized.
02/03/2023 10:11:52 INFO: --- Wazuh server ---
02/03/2023 10:11:52 INFO: Starting the Wazuh manager installation.
Reading package lists...
Building dependency tree...
Reading state information...
Suggested packages:
  expect
The following NEW packages will be installed:
  wazuh-manager
0 upgraded, 1 newly installed, 0 to remove and 47 not upgraded.
Need to get 122 MB of archives.
After this operation, 468 MB of additional disk space will be used.
Get:1 https://packages-dev.wazuh.com/staging/apt unstable/main amd64 wazuh-manager amd64 4.5.0-40500 [122 MB]
Fetched 122 MB in 21s (5,700 kB/s)
                                  Selecting previously unselected package wazuh-manager.
(Reading database ... 76763 files and directories currently installed.)
Preparing to unpack .../wazuh-manager_4.5.0-40500_amd64.deb ...
Unpacking wazuh-manager (4.5.0-40500) ...
Setting up wazuh-manager (4.5.0-40500) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-58-generic
NEEDRESTART-KEXP: 5.15.0-58-generic
NEEDRESTART-KSTA: 1
02/03/2023 10:13:40 INFO: Wazuh manager installation finished.
02/03/2023 10:13:40 INFO: Starting service wazuh-manager.
Synchronizing state of wazuh-manager.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-manager
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
02/03/2023 10:14:31 INFO: wazuh-manager service started.
02/03/2023 10:14:32 INFO: Starting Filebeat installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  filebeat
0 upgraded, 1 newly installed, 0 to remove and 48 not upgraded.
                                                               Need to get 0 B/22.1 MB of archives.
                                                                                                   After this operation, 73.6 MB of additional disk space will be used.
                                                                                                                                                                       Selecting previously unselected package filebeat.
(Reading database ... 95505 files and directories currently installed.)
Preparing to unpack .../filebeat_7.10.2_amd64.deb ...
Unpacking filebeat (7.10.2) ...
Setting up filebeat (7.10.2) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-58-generic
NEEDRESTART-KEXP: 5.15.0-58-generic
NEEDRESTART-KSTA: 1
02/03/2023 10:17:07 INFO: Filebeat installation finished.
wazuh/
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/manifest.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/manifest.yml
wazuh/_meta/
wazuh/_meta/config.yml
wazuh/_meta/fields.yml
wazuh/_meta/docs.asciidoc
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
02/03/2023 10:17:28 INFO: Filebeat post-install configuration finished.
02/03/2023 10:17:28 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
02/03/2023 10:17:34 INFO: filebeat service started.
02/03/2023 10:17:34 INFO: --- Wazuh dashboard ---
02/03/2023 10:17:35 INFO: Starting Wazuh dashboard installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  wazuh-dashboard
0 upgraded, 1 newly installed, 0 to remove and 48 not upgraded.
Need to get 213 MB of archives.
After this operation, 1,125 MB of additional disk space will be used.
Get:1 https://packages-dev.wazuh.com/staging/apt unstable/main amd64 wazuh-dashboard amd64 4.5.0-40500 [213 MB]
Fetched 213 MB in 45s (4,764 kB/s)
                                  Selecting previously unselected package wazuh-dashboard.
(Reading database ... 95824 files and directories currently installed.)
Preparing to unpack .../wazuh-dashboard_4.5.0-40500_amd64.deb ...
Creating wazuh-dashboard group... OK
Creating wazuh-dashboard user... OK
Unpacking wazuh-dashboard (4.5.0-40500) ...
Setting up wazuh-dashboard (4.5.0-40500) ...
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 5.15.0-58-generic
NEEDRESTART-KEXP: 5.15.0-58-generic
NEEDRESTART-KSTA: 1
02/03/2023 10:25:12 INFO: Wazuh dashboard installation finished.
02/03/2023 10:25:13 DEBUG: Wazuh dashboard certificate setup finished.
02/03/2023 10:25:13 INFO: Wazuh dashboard post-install configuration finished.
02/03/2023 10:25:13 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
02/03/2023 10:25:18 INFO: wazuh-dashboard service started.
02/03/2023 10:25:18 DEBUG: Setting Wazuh indexer cluster passwords.
02/03/2023 10:29:47 ERROR: The Wazuh API user wazuh does not exist
02/03/2023 10:29:47 ERROR: The Wazuh API user wazuh-wui does not exist
02/03/2023 10:29:47 DEBUG: Generating password hashes.
02/03/2023 10:29:59 DEBUG: Password hashes generated.
02/03/2023 10:30:00 DEBUG: Creating password backup.
mkdir: cannot create directory ‘/etc/wazuh-indexer/backup’: File exists
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.4.1
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
02/03/2023 10:30:24 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
Successfully updated the keystore
02/03/2023 10:30:35 DEBUG: filebeat started.
02/03/2023 10:30:45 DEBUG: wazuh-dashboard started.
02/03/2023 10:30:45 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.4.1
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/vagrant
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
02/03/2023 10:31:13 DEBUG: Passwords changed.
02/03/2023 10:31:13 ERROR: User  is not registered in Wazuh API
02/03/2023 10:31:13 INFO: --- Removing existing Wazuh installation ---
02/03/2023 10:31:13 INFO: Removing Wazuh manager.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  wazuh-manager*
0 upgraded, 0 newly installed, 1 to remove and 46 not upgraded.
                                                               After this operation, 468 MB disk space will be freed.
(Reading database ... 182615 files and directories currently installed.)                                             (Reading database ... 
Removing wazuh-manager (4.5.0-40500) ...
(Reading database ... 163893 files and directories currently installed.)
Purging configuration files for wazuh-manager (4.5.0-40500) ...
02/03/2023 10:33:20 INFO: Wazuh manager removed.
02/03/2023 10:33:21 INFO: Removing Wazuh indexer.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  wazuh-indexer*
0 upgraded, 0 newly installed, 1 to remove and 46 not upgraded.
                                                               After this operation, 778 MB disk space will be freed.
(Reading database ... 163873 files and directories currently installed.)                                             (Reading database ... 
Removing wazuh-indexer (4.5.0-40500) ...
Stopping wazuh-indexer service... OK
(Reading database ... 162797 files and directories currently installed.)
Purging configuration files for wazuh-indexer (4.5.0-40500) ...
Deleting configuration directory... OK
dpkg: warning: while removing wazuh-indexer, directory '/usr/lib/systemd/system' not empty so not removed
dpkg: warning: while removing wazuh-indexer, directory '/var/lib/wazuh-indexer' not empty so not removed
dpkg: warning: while removing wazuh-indexer, directory '/var/log/wazuh-indexer' not empty so not removed
02/03/2023 10:33:48 INFO: Wazuh indexer removed.
02/03/2023 10:33:48 INFO: Removing Filebeat.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  filebeat*
0 upgraded, 0 newly installed, 1 to remove and 46 not upgraded.
                                                               After this operation, 73.6 MB disk space will be freed.
(Reading database ... 162758 files and directories currently installed.)                                              (Reading database ... 
Removing filebeat (7.10.2) ...
(Reading database ... 162466 files and directories currently installed.)
Purging configuration files for filebeat (7.10.2) ...
dpkg: warning: while removing filebeat, directory '/etc/filebeat' not empty so not removed
dpkg: warning: while removing filebeat, directory '/usr/share/filebeat/module' not empty so not removed
02/03/2023 10:33:50 INFO: Filebeat removed.
02/03/2023 10:33:50 INFO: Removing Wazuh dashboard.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  wazuh-dashboard*
0 upgraded, 0 newly installed, 1 to remove and 46 not upgraded.
                                                               After this operation, 1,125 MB disk space will be freed.
(Reading database ... 162439 files and directories currently installed.)                                               (Reading database ... 
Removing wazuh-dashboard (4.5.0-40500) ...
Stopping wazuh-dashboard service... OK
Deleting PID directory... OK
Deleting installation directory... OK
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
(Reading database ... 75657 files and directories currently installed.)
Purging configuration files for wazuh-dashboard (4.5.0-40500) ...
 OK
02/03/2023 10:34:27 INFO: Wazuh dashboard removed.
02/03/2023 10:34:28 INFO: Installation cleaned.

@verdx
Copy link
Contributor Author

verdx commented Mar 2, 2023
edited
Loading

Update: solutions

The changes in the curl calls throughout the script still don't fix the error, as seen in the last test, because the curl works correctly, although it doesn't give the token. It exits with exit code 0, but the output is:

{"title": "Wazuh Internal Error", "detail": "Timeout executing API request", "dapi_errors": {"node01": {"error": "Timeout executing API request", "logfile": "WAZUH_HOME/logs/api.log"}}, "error": 3021}

The next solution is to create a retry structure, as it seems it is a timing error because of the fact that the step by step installation doesn't have this problem. When tried, this hipothesis has been proven, as, in the second retry, the token is correctly downloaded:

root@ubuntu22:/home/vagrant# bash wazuh-install.sh -a -i -o 
02/03/2023 12:52:00 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.0
02/03/2023 12:52:00 INFO: Verbose logging redirected to /var/log/wazuh-install.log
02/03/2023 12:52:10 INFO: --- Removing existing Wazuh installation ---
02/03/2023 12:52:10 INFO: Wazuh GPG key not found in the system
02/03/2023 12:52:10 INFO: Installation cleaned.
02/03/2023 12:52:10 WARNING: Hardware and system checks ignored.
02/03/2023 12:52:20 INFO: Wazuh development repository added.
02/03/2023 12:52:20 INFO: --- Configuration files ---
02/03/2023 12:52:20 INFO: Generating configuration files.
02/03/2023 12:52:22 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
02/03/2023 12:52:22 INFO: --- Wazuh indexer ---
02/03/2023 12:52:22 INFO: Starting Wazuh indexer installation.
02/03/2023 12:53:25 INFO: Wazuh indexer installation finished.
02/03/2023 12:53:25 INFO: Wazuh indexer post-install configuration finished.
02/03/2023 12:53:25 INFO: Starting service wazuh-indexer.
02/03/2023 12:54:30 INFO: wazuh-indexer service started.
02/03/2023 12:54:30 INFO: Initializing Wazuh indexer cluster security settings.
02/03/2023 12:54:58 INFO: Wazuh indexer cluster initialized.
02/03/2023 12:54:58 INFO: --- Wazuh server ---
02/03/2023 12:54:58 INFO: Starting the Wazuh manager installation.
02/03/2023 12:56:21 INFO: Wazuh manager installation finished.
02/03/2023 12:56:21 INFO: Starting service wazuh-manager.
02/03/2023 12:57:04 INFO: wazuh-manager service started.
02/03/2023 12:57:05 INFO: Starting Filebeat installation.
02/03/2023 12:59:03 INFO: Filebeat installation finished.
02/03/2023 12:59:14 INFO: Filebeat post-install configuration finished.
02/03/2023 12:59:14 INFO: Starting service filebeat.
02/03/2023 12:59:19 INFO: filebeat service started.
02/03/2023 12:59:19 INFO: --- Wazuh dashboard ---
02/03/2023 12:59:19 INFO: Starting Wazuh dashboard installation.
02/03/2023 13:01:51 INFO: Wazuh dashboard installation finished.
02/03/2023 13:01:52 INFO: Wazuh dashboard post-install configuration finished.
02/03/2023 13:01:52 INFO: Starting service wazuh-dashboard.
02/03/2023 13:01:55 INFO: wazuh-dashboard service started.
+ retries=0
+ max_internal_error_retries=5
++ common_curl -s -u wazuh:wazuh -k -X POST 'https://localhost:55000/security/user/authenticate?raw=true' --max-time 300 --retry 5 --retry-delay 5
++ '[' -n 0 ']'
++ eval 'curl -s' -u wazuh:wazuh -k -X POST 'https://localhost:55000/security/user/authenticate?raw=true' --max-time 300 --retry 5 --retry-delay '5 --retry-connrefused'
+++ curl -s -u wazuh:wazuh -k -X POST 'https://localhost:55000/security/user/authenticate?raw=true' --max-time 300 --retry 5 --retry-delay 5 --retry-connrefused
++ e_code=0
++ return 0
+ TOKEN_API='{"title": "Wazuh Internal Error", "detail": "Timeout executing API request", "dapi_errors": {"node01": {"error": "Timeout executing API request", "logfile": "WAZUH_HOME/logs/api.log"}}, "error": 3021}
eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjc3NzYyMTYwLCJleHAiOjE2Nzc3NjMwNjAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AaBiTad19JI7MviPKFLgMcAvdDzIURrJT2Ta10XW50ErBECc6F5mp2OoVb9sdEsG5lSJSVVhtqtfhFX6NHzyUZjBAZxPMjB6imFFlmW1eOr2aXEt1kYrZtrKhb_8ioaB7Houq6X9t4toQxPeAWaI8lNrxit7rODeoXDGw6qtzs8HXENJ'
+ [[ {"title": "Wazuh Internal Error", "detail": "Timeout executing API request", "dapi_errors": {"node01": {"error": "Timeout executing API request", "logfile": "WAZUH_HOME/logs/api.log"}}, "error": 3021}
eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjc3NzYyMTYwLCJleHAiOjE2Nzc3NjMwNjAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AaBiTad19JI7MviPKFLgMcAvdDzIURrJT2Ta10XW50ErBECc6F5mp2OoVb9sdEsG5lSJSVVhtqtfhFX6NHzyUZjBAZxPMjB6imFFlmW1eOr2aXEt1kYrZtrKhb_8ioaB7Houq6X9t4toQxPeAWaI8lNrxit7rODeoXDGw6qtzs8HXENJ =~ Wazuh Internal Error ]]
+ '[' 0 -lt 5 ']'
++ common_curl -s -u wazuh:wazuh -k -X POST 'https://localhost:55000/security/user/authenticate?raw=true' --max-time 300 --retry 5 --retry-delay 5
++ '[' -n 0 ']'
++ eval 'curl -s' -u wazuh:wazuh -k -X POST 'https://localhost:55000/security/user/authenticate?raw=true' --max-time 300 --retry 5 --retry-delay '5 --retry-connrefused'
+++ curl -s -u wazuh:wazuh -k -X POST 'https://localhost:55000/security/user/authenticate?raw=true' --max-time 300 --retry 5 --retry-delay 5 --retry-connrefused
++ e_code=0
++ return 0
+ TOKEN_API=eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjc3NzYyMTcyLCJleHAiOjE2Nzc3NjMwNzIsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AG8_6NjBREaXJYIbekrRLEcLoBtKzQYfzgBNdexhwqfqx0R2vEqC8YU7AVLxpuwRe2pl98nhosr6FUmDYaWrUlS8ABD0ILEXtyN82zeWaInEIqpt-VUflwM5lXFrVnEEJujsABuSMme-vcnYQeNA9gBOsFpqzF_y8dXby0mKx8LZ7T9I
+ retries=1
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjc3NzYyMTcyLCJleHAiOjE2Nzc3NjMwNzIsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AG8_6NjBREaXJYIbekrRLEcLoBtKzQYfzgBNdexhwqfqx0R2vEqC8YU7AVLxpuwRe2pl98nhosr6FUmDYaWrUlS8ABD0ILEXtyN82zeWaInEIqpt-VUflwM5lXFrVnEEJujsABuSMme-vcnYQeNA9gBOsFpqzF_y8dXby0mKx8LZ7T9I =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjc3NzYyMTcyLCJleHAiOjE2Nzc3NjMwNzIsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AG8_6NjBREaXJYIbekrRLEcLoBtKzQYfzgBNdexhwqfqx0R2vEqC8YU7AVLxpuwRe2pl98nhosr6FUmDYaWrUlS8ABD0ILEXtyN82zeWaInEIqpt-VUflwM5lXFrVnEEJujsABuSMme-vcnYQeNA9gBOsFpqzF_y8dXby0mKx8LZ7T9I =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjc3NzYyMTcyLCJleHAiOjE2Nzc3NjMwNzIsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AG8_6NjBREaXJYIbekrRLEcLoBtKzQYfzgBNdexhwqfqx0R2vEqC8YU7AVLxpuwRe2pl98nhosr6FUmDYaWrUlS8ABD0ILEXtyN82zeWaInEIqpt-VUflwM5lXFrVnEEJujsABuSMme-vcnYQeNA9gBOsFpqzF_y8dXby0mKx8LZ7T9I =~ Invalid credentials ]]
+ set +ex
+ retries=0
+ max_internal_error_retries=5
++ common_curl -s -u 'wazuh:WgwhZOtnGKYUD5?ZHPlEZsa6E43rZJ5q' -k -X POST 'https://localhost:55000/security/user/authenticate?raw=true' --max-time 300 --retry 5 --retry-delay 5
++ '[' -n 0 ']'
++ eval 'curl -s' -u 'wazuh:WgwhZOtnGKYUD5?ZHPlEZsa6E43rZJ5q' -k -X POST 'https://localhost:55000/security/user/authenticate?raw=true' --max-time 300 --retry 5 --retry-delay '5 --retry-connrefused'
+++ curl -s -u 'wazuh:WgwhZOtnGKYUD5?ZHPlEZsa6E43rZJ5q' -k -X POST 'https://localhost:55000/security/user/authenticate?raw=true' --max-time 300 --retry 5 --retry-delay 5 --retry-connrefused
++ e_code=0
++ return 0
+ TOKEN_API=eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjc3NzYyMzgwLCJleHAiOjE2Nzc3NjMyODAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AZoTcmFInnvtbaUzj8FFDpXYUmkJs9i4JT1dif-pje478owfJpDqKLGmJuBtH7AIKrPtS1yYU7iaW15H2UsMb4sYATA42jt78kYTGLJGJXcDrRkZe9HxovOommvns4vOxmSdneZdaBW0ebTTusOt_go2zWmYde36iqif_BU9qrssmd0_
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjc3NzYyMzgwLCJleHAiOjE2Nzc3NjMyODAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AZoTcmFInnvtbaUzj8FFDpXYUmkJs9i4JT1dif-pje478owfJpDqKLGmJuBtH7AIKrPtS1yYU7iaW15H2UsMb4sYATA42jt78kYTGLJGJXcDrRkZe9HxovOommvns4vOxmSdneZdaBW0ebTTusOt_go2zWmYde36iqif_BU9qrssmd0_ =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjc3NzYyMzgwLCJleHAiOjE2Nzc3NjMyODAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AZoTcmFInnvtbaUzj8FFDpXYUmkJs9i4JT1dif-pje478owfJpDqKLGmJuBtH7AIKrPtS1yYU7iaW15H2UsMb4sYATA42jt78kYTGLJGJXcDrRkZe9HxovOommvns4vOxmSdneZdaBW0ebTTusOt_go2zWmYde36iqif_BU9qrssmd0_ =~ Wazuh Internal Error ]]
+ [[ eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjc3NzYyMzgwLCJleHAiOjE2Nzc3NjMyODAsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AZoTcmFInnvtbaUzj8FFDpXYUmkJs9i4JT1dif-pje478owfJpDqKLGmJuBtH7AIKrPtS1yYU7iaW15H2UsMb4sYATA42jt78kYTGLJGJXcDrRkZe9HxovOommvns4vOxmSdneZdaBW0ebTTusOt_go2zWmYde36iqif_BU9qrssmd0_ =~ Invalid credentials ]]
+ set +ex
02/03/2023 13:06:28 INFO: Initializing Wazuh dashboard web application.
02/03/2023 13:06:28 ERROR: Cannot connect to Wazuh dashboard.
02/03/2023 13:06:28 INFO: --- Removing existing Wazuh installation ---
02/03/2023 13:06:28 INFO: Removing Wazuh manager.
02/03/2023 13:08:36 INFO: Wazuh manager removed.
02/03/2023 13:08:36 INFO: Removing Wazuh indexer.
02/03/2023 13:08:54 INFO: Wazuh indexer removed.
02/03/2023 13:08:54 INFO: Removing Filebeat.
02/03/2023 13:08:56 INFO: Filebeat removed.
02/03/2023 13:08:57 INFO: Removing Wazuh dashboard.
02/03/2023 13:09:25 INFO: Wazuh dashboard removed.
02/03/2023 13:09:26 INFO: Installation cleaned.

After this error is removed, another error appears, which probably has the same base cause:

02/03/2023 13:06:28 ERROR: Cannot connect to Wazuh dashboard.

This error not always appears, as seen in the following test using the same machine, where the installation finished succesfully:

root@ubuntu20:/home/vagrant# bash wazuh-install.sh -a -i -o -v
02/03/2023 15:48:02 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.0
02/03/2023 15:48:02 INFO: Verbose logging redirected to /var/log/wazuh-install.log
Get:1 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Hit:2 http://us.archive.ubuntu.com/ubuntu focal InRelease
Get:3 http://us.archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu focal-backports InRelease [108 kB]
Get:5 http://security.ubuntu.com/ubuntu focal-security/main amd64 c-n-f Metadata [12.2 kB]
Get:6 http://us.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages [2,418 kB]
Get:7 http://us.archive.ubuntu.com/ubuntu focal-updates/main i386 Packages [793 kB]
Get:8 http://us.archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages [1,033 kB]
Get:9 http://us.archive.ubuntu.com/ubuntu focal-updates/universe i386 Packages [716 kB]
Get:10 http://us.archive.ubuntu.com/ubuntu focal-updates/universe amd64 c-n-f Metadata [23.7 kB]
Fetched 5,333 kB in 3s (1,927 kB/s)
Reading package lists...
02/03/2023 15:48:24 INFO: --- Removing existing Wazuh installation ---
02/03/2023 15:48:24 INFO: Wazuh GPG key not found in the system
02/03/2023 15:48:24 INFO: Installation cleaned.
02/03/2023 15:48:24 WARNING: Hardware and system checks ignored.
Hit:1 http://security.ubuntu.com/ubuntu focal-security InRelease
Hit:2 http://us.archive.ubuntu.com/ubuntu focal InRelease
Hit:3 http://us.archive.ubuntu.com/ubuntu focal-updates InRelease
Get:4 http://us.archive.ubuntu.com/ubuntu focal-backports InRelease [108 kB]
Fetched 108 kB in 1s (111 kB/s)
Reading package lists...
02/03/2023 15:48:31 DEBUG: Adding the Wazuh repository.
gpg: keyring '/usr/share/keyrings/wazuh.gpg' created
gpg: key 96B3EE5F29111145: public key "Wazuh.com (Wazuh Signing Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages-dev.wazuh.com/staging/apt/ unstable main
Hit:1 http://us.archive.ubuntu.com/ubuntu focal InRelease
Hit:2 http://security.ubuntu.com/ubuntu focal-security InRelease
Hit:3 http://us.archive.ubuntu.com/ubuntu focal-updates InRelease
Get:4 http://us.archive.ubuntu.com/ubuntu focal-backports InRelease [108 kB]
Get:5 https://packages-dev.wazuh.com/staging/apt unstable InRelease [15.7 kB]
Get:6 https://packages-dev.wazuh.com/staging/apt unstable/main i386 Packages [5,532 B]
Get:7 https://packages-dev.wazuh.com/staging/apt unstable/main amd64 Packages [16.5 kB]
Fetched 146 kB in 2s (74.4 kB/s)
Reading package lists...
02/03/2023 15:48:41 INFO: Wazuh development repository added.
02/03/2023 15:48:41 INFO: --- Configuration files ---
02/03/2023 15:48:41 INFO: Generating configuration files.
02/03/2023 15:48:41 DEBUG: Creating the root certificate.
Generating a RSA private key
.................+++++
..................................................+++++
writing new private key to '/tmp/wazuh-certificates//root-ca.key'
-----
Generating RSA private key, 2048 bit long modulus (2 primes)
........................+++++
......+++++
e is 65537 (0x010001)
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = admin
Getting CA Private Key
02/03/2023 15:48:41 DEBUG: Creating the Wazuh indexer certificates.
Ignoring -days; not generating a certificate
Generating a RSA private key
....+++++
.+++++
writing new private key to '/tmp/wazuh-certificates//wazuh-indexer-key.pem'
-----
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-indexer
Getting CA Private Key
02/03/2023 15:48:41 DEBUG: Creating the Wazuh server certificates.
Ignoring -days; not generating a certificate
Generating a RSA private key
.....................................................+++++
..+++++
writing new private key to '/tmp/wazuh-certificates//wazuh-server-key.pem'
-----
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-server
Getting CA Private Key
02/03/2023 15:48:42 DEBUG: Creating the Wazuh dashboard certificates.
Ignoring -days; not generating a certificate
Generating a RSA private key
..............................................+++++
............+++++
writing new private key to '/tmp/wazuh-certificates//wazuh-dashboard-key.pem'
-----
Signature ok
subject=C = US, L = California, O = Wazuh, OU = Wazuh, CN = wazuh-dashboard
Getting CA Private Key
02/03/2023 15:48:42 DEBUG: Generating random passwords.
02/03/2023 15:48:42 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
02/03/2023 15:48:42 INFO: --- Wazuh indexer ---
02/03/2023 15:48:42 INFO: Starting Wazuh indexer installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  wazuh-indexer
0 upgraded, 1 newly installed, 0 to remove and 41 not upgraded.
                                                               Need to get 0 B/501 MB of archives.
                                                                                                  After this operation, 778 MB of additional disk space will be used.
                                                                                                                                                                     Selecting previously unselected package wazuh-indexer.
(Reading database ... 111813 files and directories currently installed.)
Preparing to unpack .../wazuh-indexer_4.5.0-40500_amd64.deb ...
Creating wazuh-indexer group... OK
Creating wazuh-indexer user... OK
Unpacking wazuh-indexer (4.5.0-40500) ...
Setting up wazuh-indexer (4.5.0-40500) ...
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
Processing triggers for systemd (245.4-4ubuntu3.19) ...
Processing triggers for libc-bin (2.31-0ubuntu9.9) ...
02/03/2023 15:49:51 INFO: Wazuh indexer installation finished.
02/03/2023 15:49:51 DEBUG: Configuring Wazuh indexer.
02/03/2023 15:49:51 INFO: Wazuh indexer post-install configuration finished.
02/03/2023 15:49:51 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-indexer
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-indexer.service → /lib/systemd/system/wazuh-indexer.service.
02/03/2023 15:50:16 INFO: wazuh-indexer service started.
02/03/2023 15:50:16 INFO: Initializing Wazuh indexer cluster security settings.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.4.1
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml 
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml 
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","internalusers","actiongroups","config"]) due to: null
Done with success
02/03/2023 15:50:27 INFO: Wazuh indexer cluster initialized.
02/03/2023 15:50:27 INFO: --- Wazuh server ---
02/03/2023 15:50:27 INFO: Starting the Wazuh manager installation.
Reading package lists...
Building dependency tree...
Reading state information...
Suggested packages:
  expect
The following NEW packages will be installed:
  wazuh-manager
0 upgraded, 1 newly installed, 0 to remove and 42 not upgraded.
                                                               Need to get 0 B/122 MB of archives.
                                                                                                  After this operation, 468 MB of additional disk space will be used.
                                                                                                                                                                     Selecting previously unselected package wazuh-manager.
(Reading database ... 112928 files and directories currently installed.)
Preparing to unpack .../wazuh-manager_4.5.0-40500_amd64.deb ...
Unpacking wazuh-manager (4.5.0-40500) ...
Setting up wazuh-manager (4.5.0-40500) ...
Processing triggers for systemd (245.4-4ubuntu3.19) ...
02/03/2023 15:51:35 INFO: Wazuh manager installation finished.
02/03/2023 15:51:35 INFO: Starting service wazuh-manager.
Synchronizing state of wazuh-manager.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-manager
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
02/03/2023 15:51:53 INFO: wazuh-manager service started.
02/03/2023 15:51:53 INFO: Starting Filebeat installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  filebeat
0 upgraded, 1 newly installed, 0 to remove and 43 not upgraded.
                                                               Need to get 0 B/22.1 MB of archives.
                                                                                                   After this operation, 73.6 MB of additional disk space will be used.
                                                                                                                                                                       Selecting previously unselected package filebeat.
(Reading database ... 131670 files and directories currently installed.)
Preparing to unpack .../filebeat_7.10.2_amd64.deb ...
Unpacking filebeat (7.10.2) ...
Setting up filebeat (7.10.2) ...
Processing triggers for systemd (245.4-4ubuntu3.19) ...
02/03/2023 15:52:07 INFO: Filebeat installation finished.
wazuh/
wazuh/module.yml
wazuh/archives/
wazuh/archives/config/
wazuh/archives/config/archives.yml
wazuh/archives/ingest/
wazuh/archives/ingest/pipeline.json
wazuh/archives/manifest.yml
wazuh/alerts/
wazuh/alerts/config/
wazuh/alerts/config/alerts.yml
wazuh/alerts/ingest/
wazuh/alerts/ingest/pipeline.json
wazuh/alerts/manifest.yml
wazuh/_meta/
wazuh/_meta/config.yml
wazuh/_meta/fields.yml
wazuh/_meta/docs.asciidoc
Created filebeat keystore
Successfully updated the keystore
Successfully updated the keystore
02/03/2023 15:52:08 INFO: Filebeat post-install configuration finished.
02/03/2023 15:52:08 INFO: Starting service filebeat.
Synchronizing state of filebeat.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable filebeat
Created symlink /etc/systemd/system/multi-user.target.wants/filebeat.service → /lib/systemd/system/filebeat.service.
02/03/2023 15:52:10 INFO: filebeat service started.
02/03/2023 15:52:10 INFO: --- Wazuh dashboard ---
02/03/2023 15:52:10 INFO: Starting Wazuh dashboard installation.
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  wazuh-dashboard
0 upgraded, 1 newly installed, 0 to remove and 43 not upgraded.
                                                               Need to get 0 B/213 MB of archives.
                                                                                                  After this operation, 1,125 MB of additional disk space will be used.
                                                                                                                                                                       Selecting previously unselected package wazuh-dashboard.
(Reading database ... 131989 files and directories currently installed.)
Preparing to unpack .../wazuh-dashboard_4.5.0-40500_amd64.deb ...
Creating wazuh-dashboard group... OK
Creating wazuh-dashboard user... OK
Unpacking wazuh-dashboard (4.5.0-40500) ...
Setting up wazuh-dashboard (4.5.0-40500) ...
Processing triggers for libc-bin (2.31-0ubuntu9.9) ...
02/03/2023 15:53:34 INFO: Wazuh dashboard installation finished.
02/03/2023 15:53:34 DEBUG: Wazuh dashboard certificate setup finished.
02/03/2023 15:53:34 INFO: Wazuh dashboard post-install configuration finished.
02/03/2023 15:53:34 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /etc/systemd/system/wazuh-dashboard.service.
02/03/2023 15:53:35 INFO: wazuh-dashboard service started.
02/03/2023 15:53:35 DEBUG: Setting Wazuh indexer cluster passwords.
02/03/2023 15:53:39 DEBUG: Generating password hashes.
02/03/2023 15:53:52 DEBUG: Password hashes generated.
02/03/2023 15:53:52 DEBUG: Creating password backup.
mkdir: cannot create directory ‘/etc/wazuh-indexer/backup’: File exists
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.4.1
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml 
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml 
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml 
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml 
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/whitelist' into /etc/wazuh-indexer/backup/whitelist.yml 
   SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/backup/whitelist.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml 
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml 
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
02/03/2023 15:53:58 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
Successfully updated the keystore
02/03/2023 15:54:00 DEBUG: filebeat started.
02/03/2023 15:54:02 DEBUG: wazuh-dashboard started.
02/03/2023 15:54:02 DEBUG: Loading new passwords changes.
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.4.1
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/vagrant
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
02/03/2023 15:54:10 DEBUG: Passwords changed.
+ common_logger 'Initializing Wazuh dashboard web application.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='02/03/2023 15:54:19'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n 'Initializing Wazuh dashboard web application.' ']'
+ '[' -n 'Initializing Wazuh dashboard web application.' ']'
+ case ${1} in
+ message='Initializing Wazuh dashboard web application.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '02/03/2023 15:54:19 INFO: Initializing Wazuh dashboard web application.'
+ tee -a /var/log/wazuh-install.log
02/03/2023 15:54:19 INFO: Initializing Wazuh dashboard web application.
+ installCommon_getPass admin
+ for i in "${!users[@]}"
+ '[' admin == admin ']'
+ u_pass='P*2uEUr7NQJAHLvluDVGy7zgQyey11Da'
+ for i in "${!users[@]}"
+ '[' kibanaserver == admin ']'
+ for i in "${!users[@]}"
+ '[' kibanaro == admin ']'
+ for i in "${!users[@]}"
+ '[' logstash == admin ']'
+ for i in "${!users[@]}"
+ '[' readall == admin ']'
+ for i in "${!users[@]}"
+ '[' snapshotrestore == admin ']'
++ common_curl -XGET https://localhost/status '-uadmin:P*2uEUr7NQJAHLvluDVGy7zgQyey11Da' -k -w '%{http_code}' -s -o /dev/null --max-time 300 --retry 12 --retry-delay 10 --fail
++ '[' -n 0 ']'
++ eval 'curl -XGET' https://localhost/status '-uadmin:P*2uEUr7NQJAHLvluDVGy7zgQyey11Da' -k -w '%{http_code}' -s -o /dev/null --max-time 300 --retry 12 --retry-delay 10 '--fail --retry-connrefused'
+++ curl -XGET https://localhost/status '-uadmin:P*2uEUr7NQJAHLvluDVGy7zgQyey11Da' -k -w '%{http_code}' -s -o /dev/null --max-time 300 --retry 12 --retry-delay 10 --fail --retry-connrefused
++ e_code=0
++ return 0
+ '[' 200 -ne 200 ']'
+ set +ex
02/03/2023 15:54:30 INFO: Wazuh dashboard web application initialized.
02/03/2023 15:54:30 INFO: --- Summary ---
02/03/2023 15:54:30 INFO: You can access the web interface https://<wazuh-dashboard-ip>
    User: admin
    Password: P*2uEUr7NQJAHLvluDVGy7zgQyey11Da
02/03/2023 15:54:30 INFO: Installation finished.

The execution of the function where the error appears is the following:

02/03/2023 16:05:01 INFO: Initializing Wazuh dashboard web application.
+ installCommon_getPass admin
+ for i in "${!users[@]}"
+ '[' admin == admin ']'
+ u_pass='z23fRagfVJEe35c1gd8Wwqsx8V06HX?P'
+ for i in "${!users[@]}"
+ '[' kibanaserver == admin ']'
+ for i in "${!users[@]}"
+ '[' kibanaro == admin ']'
+ for i in "${!users[@]}"
+ '[' logstash == admin ']'
+ for i in "${!users[@]}"
+ '[' readall == admin ']'
+ for i in "${!users[@]}"
+ '[' snapshotrestore == admin ']'
++ common_curl -XGET https://localhost/status '-uadmin:z23fRagfVJEe35c1gd8Wwqsx8V06HX?P' -k -w '%{http_code}' -s -o /dev/null --max-time 300 --retry 12 --retry-delay 10 --fail
++ '[' -n 0 ']'
++ eval 'curl -XGET' https://localhost/status '-uadmin:z23fRagfVJEe35c1gd8Wwqsx8V06HX?P' -k -w '%{http_code}' -s -o /dev/null --max-time 300 --retry 12 --retry-delay 10 '--fail --retry-connrefused'
+++ curl -XGET https://localhost/status '-uadmin:z23fRagfVJEe35c1gd8Wwqsx8V06HX?P' -k -w '%{http_code}' -s -o /dev/null --max-time 300 --retry 12 --retry-delay 10 --fail --retry-connrefused
++ e_code=35
++ return 35
+ '[' 000 -ne 200 ']'
+ common_logger -e 'Cannot connect to Wazuh dashboard.'

After some tests with the script stopped it seems it is a timing problem,as at one point, the curl started working.

In a different test, where the script was also stopped, the curl doesn't work at all, but all the rest of the tests done to the installation give the impression everything is correct:

root@ubuntu20:/home/vagrant# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2023-03-02 16:45:07 UTC; 15min ago
   Main PID: 224501 (node)
      Tasks: 11 (limit: 4612)
     Memory: 164.7M
     CGroup: /system.slice/wazuh-dashboard.service
             └─224501 /usr/share/wazuh-dashboard/bin/../node/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/bin/>

Mar 02 16:58:59 ubuntu20 opensearch-dashboards[224501]: {"type":"response","@timestamp":"2023-03-02T16:58:58Z","tags":[],"pid":224501,"method":"get","statusCode":401,"req":>
Mar 02 16:59:05 ubuntu20 opensearch-dashboards[224501]: {"type":"response","@timestamp":"2023-03-02T16:59:05Z","tags":[],"pid":224501,"method":"get","statusCode":200,"req":>
Mar 02 16:59:07 ubuntu20 opensearch-dashboards[224501]: {"type":"response","@timestamp":"2023-03-02T16:59:07Z","tags":[],"pid":224501,"method":"get","statusCode":200,"req":>
Mar 02 16:59:08 ubuntu20 opensearch-dashboards[224501]: {"type":"response","@timestamp":"2023-03-02T16:59:08Z","tags":[],"pid":224501,"method":"get","statusCode":200,"req":>
root@ubuntu20:/home/vagrant# filebeat test output
elasticsearch: https://127.0.0.1:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... OK
  version: 7.10.2
root@ubuntu20:/home/vagrant# tar -O -xf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt | grep -C2 wazuh
  indexer_password: '+.5z*aWXPMbjTJa2qSYR8gpQGI6q8FPF'

# Password for wazuh API user
  api_username: 'wazuh'
  api_password: 'YtR.lZP?xp0xVlYU.ILfbngRgW61w2gn'

# Password for wazuh-wui API user
  api_username: 'wazuh-wui'
  api_password: 'O0i43AnNDzH6++y4ujgszCy1pIRutAhg'

root@ubuntu20:/home/vagrant# TOKEN=$(curl -u wazuh:YtR.lZP?xp0xVlYU.ILfbngRgW61w2gn -k -X GET "https://localhost:55000/security/user/authenticate?raw=true")
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   398  100   398    0     0    480      0 --:--:-- --:--:-- --:--:--   479
root@ubuntu20:/home/vagrant# echo $TOKEN
eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjc3Nzc2NTI0LCJleHAiOjE2Nzc3Nzc0MjQsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.AUScu8fHHspUoCWg8f9iFYL4tTGxB6dW1LtAyI968-5jVrZcTkifQ42jVadJnwvau4BjBdRrA8CtvV-DnoySoTC0AcztVcg4nFC384QpjrIS1MHkvHRybztFIpJiNKFRL7IecClxc6TshaAoD_ub64h8MqWMoz-3seeFmNr3cE7VUHWd
root@ubuntu20:/home/vagrant# curl -k -X GET "https://localhost:55000/" -H "Authorization: Bearer $TOKEN"
{"data": {"title": "Wazuh API REST", "api_version": "4.5.0", "revision": 40500, "license_name": "GPL 2.0", "license_url": "https://github.com/wazuh/wazuh/blob/4.3/LICENSE", "hostname": "ubuntu20", "timestamp": "2023-03-02T17:02:22Z"}, "error": 0}

@verdx verdx mentioned this issue Mar 2, 2023
Closed
@verdx verdx linked a pull request Mar 3, 2023 that will close this issue
Fix the errors in the dashboard for the AIO installation #2114
Closed
@verdx
Copy link
Contributor Author

verdx commented Mar 6, 2023
edited
Loading

Update

The solution now done for the error in function dashboard_initializeAIO has not yet been solved, as, because of how that specific curl works, when wrapped in the common_curl it is not giving back the correct http code, which should be the only output. With the code previous to any changes. This is an error in the common_curl function, as it doesn't work the exact same way than using a curl. For the normal output it does return correctly, and the exit code is the same, but when used with -w %"{http_code}\n" that code is not recoverable. Probably the best solution would be a modification of the common_curl function so it does return correctly the http code.

With the current changes, this is the output of the installation:

root@ubuntu22:/home/vagrant# bash wazuh-install.sh -a -i
06/03/2023 16:06:23 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.0
06/03/2023 16:06:23 INFO: Verbose logging redirected to /var/log/wazuh-install.log
06/03/2023 16:06:33 WARNING: Hardware and system checks ignored.
06/03/2023 16:06:42 INFO: Wazuh development repository added.
06/03/2023 16:06:42 INFO: --- Configuration files ---
06/03/2023 16:06:42 INFO: Generating configuration files.
06/03/2023 16:06:45 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
06/03/2023 16:06:45 INFO: --- Wazuh indexer ---
06/03/2023 16:06:45 INFO: Starting Wazuh indexer installation.
06/03/2023 16:07:44 INFO: Wazuh indexer installation finished.
06/03/2023 16:07:44 INFO: Wazuh indexer post-install configuration finished.
06/03/2023 16:07:44 INFO: Starting service wazuh-indexer.
06/03/2023 16:08:34 INFO: wazuh-indexer service started.
06/03/2023 16:08:34 INFO: Initializing Wazuh indexer cluster security settings.
06/03/2023 16:08:59 INFO: Wazuh indexer cluster initialized.
06/03/2023 16:08:59 INFO: --- Wazuh server ---
06/03/2023 16:08:59 INFO: Starting the Wazuh manager installation.
06/03/2023 16:10:52 INFO: Wazuh manager installation finished.
06/03/2023 16:10:52 INFO: Starting service wazuh-manager.
06/03/2023 16:11:27 INFO: wazuh-manager service started.
06/03/2023 16:11:27 INFO: Starting Filebeat installation.
06/03/2023 16:12:41 INFO: Filebeat installation finished.
06/03/2023 16:12:57 INFO: Filebeat post-install configuration finished.
06/03/2023 16:12:57 INFO: Starting service filebeat.
06/03/2023 16:13:01 INFO: filebeat service started.
06/03/2023 16:13:01 INFO: --- Wazuh dashboard ---
06/03/2023 16:13:01 INFO: Starting Wazuh dashboard installation.
06/03/2023 16:16:19 INFO: Wazuh dashboard installation finished.
06/03/2023 16:16:20 INFO: Wazuh dashboard post-install configuration finished.
06/03/2023 16:16:20 INFO: Starting service wazuh-dashboard.
06/03/2023 16:16:23 INFO: wazuh-dashboard service started.
+ common_logger 'Initializing Wazuh dashboard web application.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='06/03/2023 16:19:25'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n 'Initializing Wazuh dashboard web application.' ']'
+ '[' -n 'Initializing Wazuh dashboard web application.' ']'
+ case ${1} in
+ message='Initializing Wazuh dashboard web application.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ tee -a /var/log/wazuh-install.log
+ printf '%s\n' '06/03/2023 16:19:25 INFO: Initializing Wazuh dashboard web application.'
06/03/2023 16:19:25 INFO: Initializing Wazuh dashboard web application.
+ installCommon_getPass admin
+ for i in "${!users[@]}"
+ '[' admin == admin ']'
+ u_pass='ijF2L*MMg2c+mOetOsHK85HnTG518DOM'
+ for i in "${!users[@]}"
+ '[' kibanaserver == admin ']'
+ for i in "${!users[@]}"
+ '[' kibanaro == admin ']'
+ for i in "${!users[@]}"
+ '[' logstash == admin ']'
+ for i in "${!users[@]}"
+ '[' readall == admin ']'
+ for i in "${!users[@]}"
+ '[' snapshotrestore == admin ']'
+ echo 'Before curl'
Before curl
++ common_curl -XGET https://localhost/status '-uadmin:ijF2L*MMg2c+mOetOsHK85HnTG518DOM' -k -w '%{http_code}' -s -o /dev/null --max-time 300 --retry 12 --retry-delay 10 --fail
++ '[' -n 0 ']'
++ eval 'curl -XGET' https://localhost/status '-uadmin:ijF2L*MMg2c+mOetOsHK85HnTG518DOM' -k -w '%{http_code}' -s -o /dev/null --max-time 300 --retry 12 --retry-delay 10 '--fail --retry-connrefused'
+++ curl -XGET https://localhost/status '-uadmin:ijF2L*MMg2c+mOetOsHK85HnTG518DOM' -k -w '%{http_code}' -s -o /dev/null --max-time 300 --retry 12 --retry-delay 10 --fail --retry-connrefused
++ e_code=7
++ return 7
+ e_code=000

Another problem right now is that the script doesn't exit as it should, with the rollBack, it just stops executing at that point.

@verdx
Copy link
Contributor Author

verdx commented Mar 7, 2023
edited
Loading

Update

After more tests, it has been discovered the problem didn't come from function common_curl, but from the way the arguments were passed, without escaping the double-quotes used inside. Once the double-quotes have been escaped, with the command http_code="$(common_curl -XGET https://localhost/status -uadmin:\"${u_pass}\" -k -w %\"{http_code}\" -s -o /dev/null --max-time 300 --retry 12 --retry-delay 10 --fail)", there is no problem getting the http_code` so that the retries are useful, as seen in this run:

Complete installation 
[root@centos7 vagrant]# bash wazuh-install.sh -a -i -o
07/03/2023 09:57:43 INFO: Starting Wazuh installation assistant. Wazuh version: 4.5.0
07/03/2023 09:57:43 INFO: Verbose logging redirected to /var/log/wazuh-install.log
07/03/2023 09:57:51 INFO: --- Removing existing Wazuh installation ---
07/03/2023 09:57:51 INFO: Wazuh GPG key not found in the system
07/03/2023 09:57:51 INFO: Installation cleaned.
07/03/2023 09:57:51 WARNING: Hardware and system checks ignored.
07/03/2023 09:57:54 INFO: Wazuh development repository added.
07/03/2023 09:57:54 INFO: --- Configuration files ---
07/03/2023 09:57:54 INFO: Generating configuration files.
07/03/2023 09:57:56 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
07/03/2023 09:57:56 INFO: --- Wazuh indexer ---
07/03/2023 09:57:56 INFO: Starting Wazuh indexer installation.
07/03/2023 09:59:51 INFO: Wazuh indexer installation finished.
07/03/2023 09:59:51 INFO: Wazuh indexer post-install configuration finished.
07/03/2023 09:59:51 INFO: Starting service wazuh-indexer.
07/03/2023 10:00:09 INFO: wazuh-indexer service started.
07/03/2023 10:00:09 INFO: Initializing Wazuh indexer cluster security settings.
07/03/2023 10:00:19 INFO: Wazuh indexer cluster initialized.
07/03/2023 10:00:19 INFO: --- Wazuh server ---
07/03/2023 10:00:19 INFO: Starting the Wazuh manager installation.
07/03/2023 10:01:17 INFO: Wazuh manager installation finished.
07/03/2023 10:01:17 INFO: Starting service wazuh-manager.
07/03/2023 10:01:34 INFO: wazuh-manager service started.
07/03/2023 10:01:34 INFO: Starting Filebeat installation.
07/03/2023 10:01:44 INFO: Filebeat installation finished.
07/03/2023 10:01:46 INFO: Filebeat post-install configuration finished.
07/03/2023 10:01:46 INFO: Starting service filebeat.
07/03/2023 10:01:47 INFO: filebeat service started.
07/03/2023 10:01:47 INFO: --- Wazuh dashboard ---
07/03/2023 10:01:47 INFO: Starting Wazuh dashboard installation.
07/03/2023 10:04:13 INFO: Wazuh dashboard installation finished.
07/03/2023 10:04:13 INFO: Wazuh dashboard post-install configuration finished.
07/03/2023 10:04:13 INFO: Starting service wazuh-dashboard.
07/03/2023 10:04:14 INFO: wazuh-dashboard service started.
+ common_logger 'Initializing Wazuh dashboard web application.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='07/03/2023 10:04:47'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n 'Initializing Wazuh dashboard web application.' ']'
+ '[' -n 'Initializing Wazuh dashboard web application.' ']'
+ case ${1} in
+ message='Initializing Wazuh dashboard web application.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ tee -a /var/log/wazuh-install.log
+ printf '%s\n' '07/03/2023 10:04:47 INFO: Initializing Wazuh dashboard web application.'
07/03/2023 10:04:47 INFO: Initializing Wazuh dashboard web application.
+ installCommon_getPass admin
+ for i in '"${!users[@]}"'
+ '[' admin == admin ']'
+ u_pass='HDtWEt5rgvte*?BxsS+kVaSaxePYLtEt'
+ for i in '"${!users[@]}"'
+ '[' kibanaserver == admin ']'
+ for i in '"${!users[@]}"'
+ '[' kibanaro == admin ']'
+ for i in '"${!users[@]}"'
+ '[' logstash == admin ']'
+ for i in '"${!users[@]}"'
+ '[' readall == admin ']'
+ for i in '"${!users[@]}"'
+ '[' snapshotrestore == admin ']'
++ common_curl -XGET https://localhost/status '-uadmin:"HDtWEt5rgvte*?BxsS+kVaSaxePYLtEt"' -k -w '%"{http_code}"' -s -o /dev/null --max-time 300 --retry 12 --retry-delay 10 --fail
++ '[' -n '' ']'
++ retries=0
++ eval 'curl -XGET' https://localhost/status '-uadmin:"HDtWEt5rgvte*?BxsS+kVaSaxePYLtEt"' -k -w '%"{http_code}"' -s -o /dev/null --max-time 300 --retry 12 --retry-delay 10 --fail
+++ curl -XGET https://localhost/status '-uadmin:HDtWEt5rgvte*?BxsS+kVaSaxePYLtEt' -k -w '%{http_code}' -s -o /dev/null --max-time 300 --retry 12 --retry-delay 10 --fail
++ e_code=0
++ '[' 0 -eq 7 ']'
++ return 0
+ e_code=200
+ echo 200
200
+ retries=0
+ max_dashboard_initialize_retries=5
+ read -p 'Press enter to continue'
Press enter to continue
+ '[' 200 -ne 200 ']'
+ '[' 200 -eq 200 ']'
+ common_logger 'Wazuh dashboard web application initialized.'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='07/03/2023 10:07:22'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n 'Wazuh dashboard web application initialized.' ']'
+ '[' -n 'Wazuh dashboard web application initialized.' ']'
+ case ${1} in
+ message='Wazuh dashboard web application initialized.'
+ shift 1
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' 0 -eq 0 ']'
+ '[' -z '' ']'
+ printf '%s\n' '07/03/2023 10:07:22 INFO: Wazuh dashboard web application initialized.'
+ tee -a /var/log/wazuh-install.log
07/03/2023 10:07:22 INFO: Wazuh dashboard web application initialized.
+ common_logger -nl '--- Summary ---'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='07/03/2023 10:07:22'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -nl ']'
+ '[' -n -nl ']'
+ case ${1} in
+ nolog=1
+ shift 1
+ '[' -n '--- Summary ---' ']'
+ case ${1} in
+ message='--- Summary ---'
+ shift 1
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' 0 -eq 0 ']'
+ '[' -z 1 ']'
+ printf '%b\n' '07/03/2023 10:07:22 INFO: --- Summary ---'
07/03/2023 10:07:22 INFO: --- Summary ---
+ common_logger -nl 'You can access the web interface https://<wazuh-dashboard-ip>\n    User: admin\n    Password: HDtWEt5rgvte*?BxsS+kVaSaxePYLtEt'
++ date '+%d/%m/%Y %H:%M:%S'
+ now='07/03/2023 10:07:22'
+ mtype=INFO:
+ debugLogger=
+ nolog=
+ '[' -n -nl ']'
+ '[' -n -nl ']'
+ case ${1} in
+ nolog=1
+ shift 1
+ '[' -n 'You can access the web interface https://<wazuh-dashboard-ip>\n    User: admin\n    Password: HDtWEt5rgvte*?BxsS+kVaSaxePYLtEt' ']'
+ case ${1} in
+ message='You can access the web interface https://<wazuh-dashboard-ip>\n    User: admin\n    Password: HDtWEt5rgvte*?BxsS+kVaSaxePYLtEt'
+ shift 1
+ '[' -n '' ']'
+ '[' -z '' ']'
+ '[' 0 -eq 0 ']'
+ '[' -z 1 ']'
+ printf '%b\n' '07/03/2023 10:07:22 INFO: You can access the web interface https://<wazuh-dashboard-ip>\n    User: admin\n    Password: HDtWEt5rgvte*?BxsS+kVaSaxePYLtEt'
07/03/2023 10:07:22 INFO: You can access the web interface https://<wazuh-dashboard-ip>
    User: admin
    Password: HDtWEt5rgvte*?BxsS+kVaSaxePYLtEt
+ set +ex
07/03/2023 10:07:22 INFO: Installation finished.

++ common_curl -XGET https://localhost/status '-uadmin:"HDtWEt5rgvte*?BxsS+kVaSaxePYLtEt"' -k -w '%"{http_code}"' -s -o /dev/null --max-time 300 --retry 12 --retry-delay 10 --fail
++ '[' -n '' ']'
++ retries=0
++ eval 'curl -XGET' https://localhost/status '-uadmin:"HDtWEt5rgvte*?BxsS+kVaSaxePYLtEt"' -k -w '%"{http_code}"' -s -o /dev/null --max-time 300 --retry 12 --retry-delay 10 --fail
+++ curl -XGET https://localhost/status '-uadmin:HDtWEt5rgvte*?BxsS+kVaSaxePYLtEt' -k -w '%{http_code}' -s -o /dev/null --max-time 300 --retry 12 --retry-delay 10 --fail
++ e_code=0
++ '[' 0 -eq 7 ']'
++ return 0
+ e_code=200
+ echo 200
200
+ retries=0
+ max_dashboard_initialize_retries=5
+ read -p 'Press enter to continue'
Press enter to continue
+ '[' 200 -ne 200 ']'
+ '[' 200 -eq 200 ']'
+ common_logger 'Wazuh dashboard web application initialized.'

Testing

The new code has been tested successfully in the following systems, using less memory than the recommended to force it:

  • Ubuntu 20
  • Ubuntu 22
  • CentOS 7
  • CentOS 8
  • Amazon Linux 2

@DFolchA DFolchA mentioned this issue Mar 7, 2023
Closed
@verdx
Copy link
Contributor Author

verdx commented Mar 7, 2023
edited
Loading

After being related to issue #2115, the priority of this issue has changed to Urgent and the base branch has been changed to 4.4, so a new Pull Request has been created: https://github.com/wazuh/wazuh-packages/pull/2117/checks

@verdx verdx mentioned this issue Mar 7, 2023
Merged
@verdx verdx linked a pull request Mar 7, 2023 that will close this issue
Fix the errors in the dashboard for the AIO installation #2117
Merged
@verdx verdx mentioned this issue Mar 7, 2023
Merged
@verdx verdx linked a pull request Mar 7, 2023 that will close this issue
Fix the errors in the dashboard for the AIO installation #2118
Merged
@verdx
Copy link
Contributor Author

verdx commented Mar 7, 2023

After a meeting with @snaow , the base branch has been changed again to production, 4.3.10, so a new PR has been created, #2118, to adapt the changes. It is being tested right now, the tests are on the PR.

@verdx verdx removed a link to a pull request Mar 9, 2023
Fix the errors in the dashboard for the AIO installation #2114
Closed
@snaow snaow closed this as completed Mar 28, 2023
@vikman90 vikman90 added type/bug Bug issue and removed type: bug labels Jun 19, 2023
@mighty-services mighty-services mentioned this issue Dec 14, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@verdx verdx

Labels
component: dashboard component: installation-assistant type/bug Bug issue
Projects
None yet
Milestone
No milestone
3 participants
@snaow @vikman90 @verdx