Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed Restart Wazuh indexer with security confirmation #1512

Open
fabianvagi91 opened this issue Jan 17, 2025 · 0 comments
Open

Failed Restart Wazuh indexer with security confirmation #1512

fabianvagi91 opened this issue Jan 17, 2025 · 0 comments

Comments

@fabianvagi91
Copy link

I am currently working on my wazuh cluster installation (https://documentation.wazuh.com/current/deployment-options/deploying-with-ansible/guide/install-wazuh-cluster.html)
And when i run the script ansible-playbook wazuh-production-ready.yml -b -K i have the following error

``TASK [../roles/wazuh/wazuh-indexer : Restart Wazuh indexer with security configuration] *****************************************************************
task path/etc/ansible/roles/wazuh-ansible/roles/wazuh/wazuh-indexer/tasks/security_actions.yml:36
fatal: [wi1]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "daemon_reexec": false,
            "daemon_reload": false,
            "enabled": null,
            "force": null,
            "masked": null,
            "name": "wazuh-indexer",
            "no_block": false,
            "scope": "system",
            "state": "restarted"
        }
    },
    "msg": "Unable to restart service wazuh-indexer: Job for wazuh-indexer.service failed because the control process exited with error code.\nSee \"systemctl status wazuh-indexer.service\" and \"journalctl -xeu wazuh-indexer.service\" for details.\n"
}

PLAY RECAP **********************************************************************************************************************************************
wi1                        : ok=21   changed=4    unreachable=0    failed=1    skipped=48   rescued=0    ignored=0

this is my host file

wi1 ansible_host=10.0.0.6 ansible_user=fabian  private_ip=10.0.0.6 indexer_node_name=node-1
dashboard  ansible_host=10.0.0.6 ansible_user=fabian  private_ip=10.0.0.6
manager ansible_host=10.0.0.6 ansible_user=fabian  private_ip=10.0.0.6
worker  ansible_host=10.0.0.6 ansible_user=fabian  private_ip=10.0.0.6

[wi_cluster]
wi1

[all:vars]
ansible_ssh_user=fabian
ansible_ssh_private_key_file=/home/fabian/.ssh/id_rsa
ansible_ssh_extra_args='-o StrictHostKeyChecking=no'

And my opensearch configuration:

network.host: 10.0.0.6
node.name: node-1
cluster.initial_master_nodes:
  - 10.0.0.6

discovery.seed_hosts:
  - 10.0.0.6

cluster.name: wazuh

http.port: 9200-9299
transport.tcp.port: 9300-9399
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer


###############################################################################
#                                                                             #
#         WARNING: Demo certificates set up in this file.                     #
#                  Please change on production cluster!                       #
#                                                                             #
###############################################################################

plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/node-1.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/node-1-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/node-1.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/node-1-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false

plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=node-1,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=node-2,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=node-3,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=node-4,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=node-5,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=node-6,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"

plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-a>

### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@fabianvagi91