Empty opendistroforelasticsearch package

232 views
Skip to first unread message

Ransford Hewitt

unread,
Dec 6, 2021, 10:36:33 AM12/6/21
to Wazuh mailing list
Hi,

New to the Wazuh and to the community. Trying to do a PoC for a distributed deployment but notice that I was getting file not found errors.

# bash elastic-stack-installation.sh -i -e -c -n master_node_1 -d
[...]
elastic-stack-installation.sh: line 267: /etc/elasticsearch/elasticsearch.yml: No such file or directory

Thant's when I realize that elasticsearch wasn't being installed, further investigation reveal that the package had no files.

[...]
Length: 3311 (3.2K) [application/x-rpm]
Saving to: ‘opendistroforelasticsearch-1.13.2-linux-x64.rpm’

opendistroforelasticsearch-1.13.2- 100%[==============================================================>]   3.23K  --.-KB/s    in 0s

2021-12-06 10:09:08 (106 MB/s) - ‘opendistroforelasticsearch-1.13.2-linux-x64.rpm’ saved [3311/3311]

$ rpm -qlp opendistroforelasticsearch-1.13.2-linux-x64.rpm
(contains no files)

Any idea where I can get this RPM?

Thanks.

Camila Salome Romero

unread,
Dec 6, 2021, 3:03:47 PM12/6/21
to Wazuh mailing list

HI Ransford!
In order to help you, could you tell me if you use this official documentation?:
https://documentation.wazuh.com/current/installation-guide/open-distro/distributed-deployment/step-by-step-installation/elasticsearch-cluster/elasticsearch-single-node-cluster.html#elasticsearch-single-node-cluster

In case the answer was no, could you send me the guide do you used or the steps that you followed?

Regards, Camila!

Ransford Hewitt

unread,
Dec 6, 2021, 8:49:35 PM12/6/21
to Camila Salome Romero, Wazuh mailing list
Hi Camila,

Thanks for your response. I am taking guidance from the official documentation for unattended installation.


Ransford 

Sent from my iPhone

On Dec 6, 2021, at 7:38 PM, Camila Salome Romero <camila...@wazuh.com> wrote:


--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/36db5212-c0d5-49bd-ad22-0fa7a755c247n%40googlegroups.com.

Camila Salome Romero

unread,
Dec 7, 2021, 1:33:25 PM12/7/21
to Wazuh mailing list
Hi Ransfor!

If you run this command you can obtain a list of all available Open Distro for Elasticsearch versions:        

        sudo yum list opendistroforelasticsearch --showduplicates

Example:
Captura de pantalla de 2021-12-07 14-42-51.png
If you see line 234-239 you can note that the version that the script elastic-stack-installation.sh try to install is 1.13.2-1 so you need to run:

        sudo yum install opendistroforelasticsearch-1.13.2

and this command automatically chooses the appropriate architecture (x64 or ARM64) depending on the system you’re using.
and finally, run the below command to start the service:

        sudo systemctl start elasticsearch.service

To check the status of the service:          

        systemctl status elasticsearch.service

You can obtain more information in the official documentation https://opendistro.github.io/for-elasticsearch-docs/docs/install/rpm/

But before you try to execute manual installation I would like to reproduce your error:

  •         Could you tell me which system operative do you have?
  •         Could you run this command?
    •                 systemctl status elasticsearch.service
    •                 journalctl -xe
    •                 cat /var/log/elasticsearch/elastic_cluster.log

Regards, Camila!

ransfor...@gmail.com

unread,
Dec 7, 2021, 3:24:11 PM12/7/21
to Camila Salome Romero, Wazuh mailing list

Hi Camila,

 

The package seems to be defective, no files included.

 

[root@wazuh2-server ~]# yum list opendistroforelasticsearch --showduplicates

Last metadata expiration check: 0:44:46 ago on Tue 07 Dec 2021 02:31:31 PM EST.

Installed Packages

opendistroforelasticsearch.x86_64                                             1.13.2-1                                              @wazuh

Available Packages

opendistroforelasticsearch.noarch                                             1.10.1-1                                              wazuh

opendistroforelasticsearch.noarch                                             1.11.0-1                                              wazuh

opendistroforelasticsearch.noarch                                             1.12.0-1                                              wazuh

opendistroforelasticsearch.x86_64                                             1.13.2-1                                              wazuh

 

[root@wazuh2-server ~]# yum install -y opendistroforelasticsearch-1.13.2

Last metadata expiration check: 0:47:52 ago on Tue 07 Dec 2021 02:31:31 PM EST.

Dependencies resolved.

==========================================================================================================================================

Package                                        Architecture               Version                        Repository                 Size

==========================================================================================================================================

Installing:

opendistroforelasticsearch                     x86_64                     1.13.2-1                       wazuh                     3.2 k

 

Transaction Summary

==========================================================================================================================================

Install  1 Package

 

Total download size: 3.2 k

Installed size: 0

Downloading Packages:

opendistroforelasticsearch-1.13.2-linux-x64.rpm                                                            55 kB/s | 3.2 kB     00:00

------------------------------------------------------------------------------------------------------------------------------------------

Total                                                                                                      53 kB/s | 3.2 kB     00:00

Running transaction check

Transaction check succeeded.

Running transaction test

Transaction test succeeded.

Running transaction

  Preparing        :                                                                                                                  1/1

  Installing       : opendistroforelasticsearch-1.13.2-1.x86_64                                                                       1/1

  Verifying        : opendistroforelasticsearch-1.13.2-1.x86_64                                                                       1/1

 

Installed:

  opendistroforelasticsearch-1.13.2-1.x86_64

 

Complete!

 

[root@wazuh2-server ~]# rpm -q opendistroforelasticsearch

opendistroforelasticsearch-1.13.2-1.x86_64

[root@wazuh2-server ~]# rpm -ql opendistroforelasticsearch

(contains no files)

 

Thanks.

 

Ransford

 

From: wa...@googlegroups.com <wa...@googlegroups.com> On Behalf Of Camila Salome Romero
Sent: December 7, 2021 1:33 PM
To: Wazuh mailing list <wa...@googlegroups.com>
Subject: Re: Empty opendistroforelasticsearch package

 

Hi Ransfor!

If you run this command you can obtain a list of all available Open Distro for Elasticsearch versions:        

        sudo yum list opendistroforelasticsearch --showduplicates

Example:

--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/skR5VAX9ePw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/83623b0f-5422-4449-afbb-aaa3a77e47d7n%40googlegroups.com.

image001.png

ransfor...@gmail.com

unread,
Dec 7, 2021, 3:36:08 PM12/7/21
to Camila Salome Romero, Wazuh mailing list

Hi Camila,

 

Should I be using the oss version instead?

 

[root@wazuh2-server ~]# yum list elasticsearch* -C

Last metadata expiration check: 1:02:23 ago on Tue 07 Dec 2021 02:31:31 PM EST.

Installed Packages

elasticsearch-oss.x86_64                                                  7.10.2-1                                                  @wazuh

 

Thanks.

 

Ranssford

 

From: wa...@googlegroups.com <wa...@googlegroups.com> On Behalf Of Camila Salome Romero
Sent: December 7, 2021 1:33 PM
To: Wazuh mailing list <wa...@googlegroups.com>
Subject: Re: Empty opendistroforelasticsearch package

 

Hi Ransfor!



If you run this command you can obtain a list of all available Open Distro for Elasticsearch versions:        

        sudo yum list opendistroforelasticsearch --showduplicates

Example:

--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/skR5VAX9ePw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/83623b0f-5422-4449-afbb-aaa3a77e47d7n%40googlegroups.com.

image001.png

ransfor...@gmail.com

unread,
Dec 7, 2021, 3:48:23 PM12/7/21
to Camila Salome Romero, Wazuh mailing list

Hi Camila,

 

Please ignore, I can see that yum install opendistroforelasticsearch download instead elasticsearch-oss. I delete a bunch of packages related to elastic* and reinstall it is ok. Thanks for you help.

 

[root@wazuh2-server ~]# yum install -y opendistroforelasticsearch

Last metadata expiration check: 1:06:44 ago on Tue 07 Dec 2021 02:31:31 PM EST.

Dependencies resolved.

==========================================================================================================================================

Package                                           Architecture             Version                         Repository               Size

==========================================================================================================================================

Installing:

opendistroforelasticsearch                        x86_64                   1.13.2-1                        wazuh                   3.2 k

Installing dependencies:

elasticsearch-oss                                 x86_64                   7.10.2-1                        wazuh                   220 M

opendistro-alerting                               noarch                   1.13.1.0-1                      wazuh                    13 M

opendistro-anomaly-detection                      noarch                   1.13.0.0-1                      wazuh                   8.7 M

opendistro-asynchronous-search                    noarch                   1.13.0.1-1                      wazuh                   166 k

opendistro-index-management                       noarch                   1.13.2.0-1                      wazuh                   6.9 M

opendistro-job-scheduler                          noarch                   1.13.0.0-1                      wazuh                   955 k

opendistro-knn                                    noarch                   1.13.0.0-1                      wazuh                   2.7 M

opendistro-performance-analyzer                   noarch                   1.13.0.0-1                      wazuh                    62 M

opendistro-reports-scheduler                      noarch                   1.13.0.0-1                      wazuh                   5.2 M

opendistro-security                               noarch                   1.13.1.0-1                      wazuh                    38 M

opendistro-sql                                    noarch                   1.13.2.0-1                      wazuh                    15 M

 

Transaction Summary

==========================================================================================================================================

Install  12 Packages

 

Total size: 373 M

Total download size: 3.2 k

Installed size: 569 M

Downloading Packages:

[SKIPPED] elasticsearch-oss-7.10.2-x86_64.rpm: Already downloaded

 

Ransford

image001.png

Camila Salome Romero

unread,
Dec 9, 2021, 7:03:33 AM12/9/21
to Wazuh mailing list
Hi Ransford!

Sorry for the late response. I am glad to hear that your problem was resolved.
If you need anything else you can post a new message and we are glad to serve you.

Regards, Camila!

ransfor...@gmail.com

unread,
Dec 9, 2021, 7:20:32 AM12/9/21
to Camila Salome Romero, Wazuh mailing list

Thanks again for your help.

 

Ransford

Reply all
Reply to author
Forward
0 new messages