Migrating volumes from Wazuh Standalone to Dockerized Wazuh
248 views
Skip to first unread message
Pedro Henrique
Aug 26, 2024, 1:14:50 AM8/26/24
to wa...@googlegroups.com
Hello. I have a standalone Wazuh in my machine (single node) and I want to switch into docker. I have followed the official documentation but im getting stuck in how to share volumes between then. I have been trying lot of differents ways to migrate my wazuh standalone data to docker.
I only changed Manager Wazuh docker, and this is the configuration:
When running it, manager says that couldn't access global and agents DB and exits. Is there a file permission? If so, what is that?
Thanks
Awwal Ishiaku
Aug 26, 2024, 3:22:17 AM8/26/24
to Wazuh | Mailing List
Hi Pedro,
Note that not all the configuration files are in the /wazuh-config-mount/ directory in the Docker container.
You can find some of them in the /var/ossec/ directory in the container.
Follow the guide for restoring Wazuh server files and tweak the steps to copy the files to the correct directories or volumes.
Here is a list of volumes created for a single-node docker deployment:
$ docker volume ls
DRIVER VOLUME NAME
local single-node_filebeat_etc
local single-node_filebeat_var
local single-node_wazuh-dashboard-config
local single-node_wazuh-dashboard-custom
local single-node_wazuh-indexer-data
local single-node_wazuh_active_response
local single-node_wazuh_agentless
local single-node_wazuh_api_configuration
local single-node_wazuh_etc
local single-node_wazuh_integrations
local single-node_wazuh_logs
local single-node_wazuh_queue
local single-node_wazuh_var_multigroups
local single-node_wazuh_wodles
DRIVER VOLUME NAME
local single-node_filebeat_etc
local single-node_filebeat_var
local single-node_wazuh-dashboard-config
local single-node_wazuh-dashboard-custom
local single-node_wazuh-indexer-data
local single-node_wazuh_active_response
local single-node_wazuh_agentless
local single-node_wazuh_api_configuration
local single-node_wazuh_etc
local single-node_wazuh_integrations
local single-node_wazuh_logs
local single-node_wazuh_queue
local single-node_wazuh_var_multigroups
local single-node_wazuh_wodles
Copy all files into their respective volumes.
For example, you should restore all files in the var/ossec/etc directory into the single-node_wazuh_etc volume.
Files from the var/ossec/queue/ directory should go into the single-node_wazuh_queue volume.
And so on and so forth.
You can run docker inspect --format '{{json .Mounts}}' single-node_wazuh.manager_1 | jq to see what directory each volume is mounted in the container. You can also see the location of the volume on your host machine.
You can run docker inspect --format '{{json .Mounts}}' single-node_wazuh.manager_1 | jq to see what directory each volume is mounted in the container. You can also see the location of the volume on your host machine.
Note: install jq if you don't already have it to format the output.
See example output from a single-node deployment below
$ docker inspect --format '{{json .Mounts}}' single-node_wazuh.manager_1 | jq
[
{
"Type": "volume",
"Name": "single-node_wazuh_wodles",
"Source": "/var/lib/docker/volumes/single-node_wazuh_wodles/_data",
"Destination": "/var/ossec/wodles",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
},
{
"Type": "volume",
"Name": "single-node_filebeat_etc",
"Source": "/var/lib/docker/volumes/single-node_filebeat_etc/_data",
"Destination": "/etc/filebeat",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
},
{
"Type": "volume",
"Name": "single-node_wazuh_api_configuration",
"Source": "/var/lib/docker/volumes/single-node_wazuh_api_configuration/_data",
"Destination": "/var/ossec/api/configuration",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
},
{
"Type": "volume",
"Name": "single-node_wazuh_logs",
"Source": "/var/lib/docker/volumes/single-node_wazuh_logs/_data",
"Destination": "/var/ossec/logs",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
},
{
"Type": "volume",
"Name": "single-node_wazuh_var_multigroups",
"Source": "/var/lib/docker/volumes/single-node_wazuh_var_multigroups/_data",
"Destination": "/var/ossec/var/multigroups",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
},
{
"Type": "volume",
"Name": "single-node_filebeat_var",
"Source": "/var/lib/docker/volumes/single-node_filebeat_var/_data",
"Destination": "/var/lib/filebeat",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
},
{
"Type": "volume",
"Name": "single-node_wazuh_agentless",
"Source": "/var/lib/docker/volumes/single-node_wazuh_agentless/_data",
"Destination": "/var/ossec/agentless",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
},
{
"Type": "bind",
"Source": "/home/user1/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.manager.pem",
"Destination": "/etc/ssl/filebeat.pem",
"Mode": "rw",
"RW": true,
"Propagation": "rprivate"
},
{
"Type": "bind",
"Source": "/home/user1/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem",
"Destination": "/etc/ssl/filebeat.key",
"Mode": "rw",
"RW": true,
"Propagation": "rprivate"
},
{
"Type": "volume",
"Name": "single-node_wazuh_active_response",
"Source": "/var/lib/docker/volumes/single-node_wazuh_active_response/_data",
"Destination": "/var/ossec/active-response/bin",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
},
{
"Type": "bind",
"Source": "/home/user1/wazuh-docker/single-node/config/wazuh_cluster/wazuh_manager.conf",
"Destination": "/wazuh-config-mount/etc/ossec.conf",
"Mode": "rw",
"RW": true,
"Propagation": "rprivate"
},
{
"Type": "volume",
"Name": "single-node_wazuh_queue",
"Source": "/var/lib/docker/volumes/single-node_wazuh_queue/_data",
"Destination": "/var/ossec/queue",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
},
{
"Type": "volume",
"Name": "single-node_wazuh_integrations",
"Source": "/var/lib/docker/volumes/single-node_wazuh_integrations/_data",
"Destination": "/var/ossec/integrations",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
},
{
"Type": "volume",
"Name": "single-node_wazuh_etc",
"Source": "/var/lib/docker/volumes/single-node_wazuh_etc/_data",
"Destination": "/var/ossec/etc",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
},
{
"Type": "bind",
"Source": "/home/user1/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/root-ca-manager.pem",
"Destination": "/etc/ssl/root-ca.pem",
"Mode": "rw",
"RW": true,
"Propagation": "rprivate"
}
]
[
{
"Type": "volume",
"Name": "single-node_wazuh_wodles",
"Source": "/var/lib/docker/volumes/single-node_wazuh_wodles/_data",
"Destination": "/var/ossec/wodles",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
},
{
"Type": "volume",
"Name": "single-node_filebeat_etc",
"Source": "/var/lib/docker/volumes/single-node_filebeat_etc/_data",
"Destination": "/etc/filebeat",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
},
{
"Type": "volume",
"Name": "single-node_wazuh_api_configuration",
"Source": "/var/lib/docker/volumes/single-node_wazuh_api_configuration/_data",
"Destination": "/var/ossec/api/configuration",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
},
{
"Type": "volume",
"Name": "single-node_wazuh_logs",
"Source": "/var/lib/docker/volumes/single-node_wazuh_logs/_data",
"Destination": "/var/ossec/logs",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
},
{
"Type": "volume",
"Name": "single-node_wazuh_var_multigroups",
"Source": "/var/lib/docker/volumes/single-node_wazuh_var_multigroups/_data",
"Destination": "/var/ossec/var/multigroups",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
},
{
"Type": "volume",
"Name": "single-node_filebeat_var",
"Source": "/var/lib/docker/volumes/single-node_filebeat_var/_data",
"Destination": "/var/lib/filebeat",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
},
{
"Type": "volume",
"Name": "single-node_wazuh_agentless",
"Source": "/var/lib/docker/volumes/single-node_wazuh_agentless/_data",
"Destination": "/var/ossec/agentless",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
},
{
"Type": "bind",
"Source": "/home/user1/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.manager.pem",
"Destination": "/etc/ssl/filebeat.pem",
"Mode": "rw",
"RW": true,
"Propagation": "rprivate"
},
{
"Type": "bind",
"Source": "/home/user1/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem",
"Destination": "/etc/ssl/filebeat.key",
"Mode": "rw",
"RW": true,
"Propagation": "rprivate"
},
{
"Type": "volume",
"Name": "single-node_wazuh_active_response",
"Source": "/var/lib/docker/volumes/single-node_wazuh_active_response/_data",
"Destination": "/var/ossec/active-response/bin",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
},
{
"Type": "bind",
"Source": "/home/user1/wazuh-docker/single-node/config/wazuh_cluster/wazuh_manager.conf",
"Destination": "/wazuh-config-mount/etc/ossec.conf",
"Mode": "rw",
"RW": true,
"Propagation": "rprivate"
},
{
"Type": "volume",
"Name": "single-node_wazuh_queue",
"Source": "/var/lib/docker/volumes/single-node_wazuh_queue/_data",
"Destination": "/var/ossec/queue",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
},
{
"Type": "volume",
"Name": "single-node_wazuh_integrations",
"Source": "/var/lib/docker/volumes/single-node_wazuh_integrations/_data",
"Destination": "/var/ossec/integrations",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
},
{
"Type": "volume",
"Name": "single-node_wazuh_etc",
"Source": "/var/lib/docker/volumes/single-node_wazuh_etc/_data",
"Destination": "/var/ossec/etc",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
},
{
"Type": "bind",
"Source": "/home/user1/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/root-ca-manager.pem",
"Destination": "/etc/ssl/root-ca.pem",
"Mode": "rw",
"RW": true,
"Propagation": "rprivate"
}
]
Regards.
Reply all
Reply to author
Forward
0 new messages