Official arm64 image support?

[alessiodam]

I would like to know if it was possible of making the wazuh/wazuh docker image also available for arm64, the main point is to get it working on a pi at home.

[aswath-betaflux]

Same Ask from me aswell. Since we are running on ARM based bode it will be great to include support for ARM.

I was trying to build by cloning but lot of packages has hardcoded to 64 bit in the docker build process.

Wish Team wazuh provide us both X86 and Arm based docker images.

[alessiodam]

Yeah hoped too :)

[alessiodam]

Any updates for the arm version?

[jeankhawand]

Well I tried to get it working there are two key packages which I didn't find for arm indexer and dashboard but for the manager it's possible to port it for arm
@vcerenu @tkbstudios please check #950

[alessiodam]

I approved the changes but I know it won't make it mergable lol thanks man I will finally be able to host it on a Pi 4/5 👍

[Hussienfahmy]

Is there any updates on the packages or any workaround to work fully on arm?

[collse]

I am also highly interested on arm to run on Oracle cloud builds fail - mainly due to filebeat but filebeat arm builds seem to exist

[code2319]

can someone help with #950 ?

❯ ./build-images.sh
ERROR [wazuh.manager  4/15] RUN curl -L -O https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-manager/wazuh-manager_4.8.0-1_arm64.deb &&  1.3s
------
 > [wazuh.manager  4/15] RUN curl -L -O https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-manager/wazuh-manager_4.8.0-1_arm64.deb &&    dpkg -i wazuh-manager_4.8.0-1_arm64.deb && rm -f wazuh-manager_4.8.0-1_arm64.deb:
0.271   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
0.271                                  Dload  Upload   Total   Spent    Left  Speed
100   336    0   336    0     0    333      0 --:--:--  0:00:01 --:--:--   333
1.296 dpkg-deb: error: 'wazuh-manager_4.8.0-1_arm64.deb' is not a Debian format archive
1.299 dpkg: error processing archive wazuh-manager_4.8.0-1_arm64.deb (--install):
1.299  dpkg-deb --control subprocess returned error exit status 2
1.310 Errors were encountered while processing:
1.310  wazuh-manager_4.8.0-1_arm64.deb
------
failed to solve: process "/bin/sh -c curl -L -O https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-manager/wazuh-manager_${WAZUH_VERSION}-${WAZUH_TAG_REVISION}_${TARGETARCH}.deb &&    dpkg -i wazuh-manager_${WAZUH_VERSION}-${WAZUH_TAG_REVISION}_${TARGETARCH}.deb && rm -f wazuh-manager_${WAZUH_VERSION}-${WAZUH_TAG_REVISION}_${TARGETARCH}.deb" did not complete successfully: exit code: 1

❯ cat wazuh-manager_4.8.0-1_arm64.deb 
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>4.x/apt/pool/main/w/wazuh-manager/wazuh-manager_4.8.0-1_arm64.deb</Key><RequestId>PQQKZ3J2JJ5C7PAB</RequestId><HostId>krT/G5gBx/LD+Mz</HostId></Error>

[Drag-NDrop]

Hoping for this to happen as well

[fidesachates]

Adding my support

[Callan-Breare]

Still running 4.5.6 with the ELK stack on arm. Would love for an official image for arm

[riOwnage]

+1! bought an rpi 5 mainly for this.

[wirr00]

I'd also like to state my interest. I'd like to run wazuh on an arm64 kubernetes cluster.

[totalinfra]

I would really like to be able to install it on my arm servers. I think a lot of people are migrating to the Arm platform, it is essential that the main applications today work on this architecture.

I'm waiting too.

[a-ml]

Hello all,

If I run the wazuh-docker on MacBook Pro M1 I'm able to have the application running, but if using a Ubuntu 22.04 VM Arm64 with docker installed and trying to run the same docker-compose I receive the error below:

$ sudo docker compose -f docker-compose.yml up
WARN[0000] /opt/projects/cybersmb/core/wazuh/single-node/docker-compose.yml: `version` is obsolete
[+] Running 4/0
 ✔ Container single-node-wazuh.manager-1                                                                                                                          Recreated0.0s
 ! wazuh.manager The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested   0.0s
 ✔ Container single-node-wazuh.dashboard-1                                                                                                                        Recreated0.0s
 ! wazuh.dashboard The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested 0.0s
Attaching to wazuh.dashboard-1, wazuh.indexer-1, wazuh.manager-1
wazuh.manager-1    | exec /init: exec format error
Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "/opt/projects/cybersmb/core/wazuh/single-node/config/wazuh_indexer_ssl_certs/admin.pem" to rootfs at "/usr/share/wazuh-indexer/certs/admin.pem": mount /opt/projects/cybersmb/core/wazuh/single-node/config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem (via /proc/self/fd/6), flags: 0x5000: not a directory: unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type

Any hint to solve this issue? Or is this Ubuntu related?

[pmharris77]

Hello all,

If I run the wazuh-docker on MacBook Pro M1 I'm able to have the application running, but if using a Ubuntu 22.04 VM Arm64 with docker installed and trying to run the same docker-compose I receive the error below:

$ sudo docker compose -f docker-compose.yml up

WARN[0000] /opt/projects/cybersmb/core/wazuh/single-node/docker-compose.yml: `version` is obsolete

[+] Running 4/0

 ✔ Container single-node-wazuh.manager-1                                                                                                                          Recreated0.0s

 ! wazuh.manager The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested   0.0s

 ✔ Container single-node-wazuh.dashboard-1                                                                                                                        Recreated0.0s

 ! wazuh.dashboard The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested 0.0s

Attaching to wazuh.dashboard-1, wazuh.indexer-1, wazuh.manager-1

wazuh.manager-1    | exec /init: exec format error

Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "/opt/projects/cybersmb/core/wazuh/single-node/config/wazuh_indexer_ssl_certs/admin.pem" to rootfs at "/usr/share/wazuh-indexer/certs/admin.pem": mount /opt/projects/cybersmb/core/wazuh/single-node/config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem (via /proc/self/fd/6), flags: 0x5000: not a directory: unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type

Any hint to solve this issue? Or is this Ubuntu related?

You are trying to run Wazuh on an arm64 CPU, which it does not yet support, as per this issue. This is the error you get when running docker images built for incompatible CPU architectures.

You will have to wait for official docker images for arm64 from Wazuh, as it appears they currently don't have arm64 packages built for the indexer and dashboard.

[kalingth]

Hello,

I’ve built some images with ARM64 support in my personal repository and on Docker Hub. Feel free to create pull requests or integrate these features into the main repository. I needed to upload the images to my Docker Hub as well to get an overview of vulnerabilities through Scout. These images are running on an ARM64 server I have on Oracle OCI without any apparent issues.

Repo: https://github.com/kalingth/wazuh-docker-builder
Dockerhub: https://hub.docker.com/r/kalingth

[pmharris77]

Hello,

I’ve built some images with ARM64 support in my personal repository and on Docker Hub. Feel free to create pull requests or integrate these features into the main repository. I needed to upload the images to my Docker Hub as well to get an overview of vulnerabilities through Scout. These images are running on an ARM64 server I have on Oracle OCI without any apparent issues.

Repo: https://github.com/kalingth/wazuh-docker-builder
Dockerhub: https://hub.docker.com/r/kalingth

Amazing, thanks @kalingth ! I'll try these out!

Out of curiosity, I see you've changed the base image to debian and are simply using apt-get to download the packages. How does this work given the Wazuh webpage says they don't have debian packages built for arm64 for indexer, dashboard or filebeat?

https://documentation.wazuh.com/current/installation-guide/packages-list.html

Also, the CI pipelines you have seem to be trying to build for both arm64 and amd64. Do they definitely work for amd64, too, as the Dockerfile for the wazuh-manager seems to be hardcoded to pull the s6-overlay for arm64 only?

[kalingth]

Hello, @pmharris77

I switched the base image to Debian 12 due to the stability of the distribution and because I prefer using it on servers over Ubuntu. It was mainly a personal choice.

Indeed, no distribution officially supports ARM64 architecture, but the real incompatibility lies in the binaries built for each package. Generally, I install packages based on AMD64 (x86_64). For Wazuh Indexer, I delete the Java binaries and download the version compatible with the architecture. For Wazuh Dashboards, I delete the NodeJS binaries and download the version compatible with the architecture.

In the end, the issue is not with the jar packages or NodeJS libraries but with the binaries pre-included in the pre-built Wazuh packages.

Additionally, I managed to resolve a significant number of vulnerabilities associated with the pre-included versions of NodeJS and Java in the package.

[kalingth]

Sure...

I stopped being lazy and submitted an official pull request with the practical changes that will enable the build in the official repo. =D

#1467

[pmharris77]

Hello, @pmharris77

I switched the base image to Debian 12 due to the stability of the distribution and because I prefer using it on servers over Ubuntu. It was mainly a personal choice.

Indeed, no distribution officially supports ARM64 architecture, but the real incompatibility lies in the binaries built for each package. Generally, I install packages based on AMD64 (x86_64). For Wazuh Indexer, I delete the Java binaries and download the version compatible with the architecture. For Wazuh Dashboards, I delete the NodeJS binaries and download the version compatible with the architecture.

In the end, the issue is not with the jar packages or NodeJS libraries but with the binaries pre-included in the pre-built Wazuh packages.

Additionally, I managed to resolve a significant number of vulnerabilities associated with the pre-included versions of NodeJS and Java in the package.

Ah, I see, thanks for explaining. I will take a look at the PR to understand the changes more.

One thing I noticed is that the Dockerfile for the wazuh-manager seems to be hardcoded to pull the s6-overlay for amd64 only, but I notice you haven't changed this to be arch-dependent in the PR? How does this work with arm64?

[kalingth]

Meeeh

I forgot about this package =P
I have already added a hotfix to download this package based on the architecture as well.

Thank you for the observation õ/