Deployment on Azure Kubernet
203 views
Skip to first unread message
Wesney Bolzan Silva
Mar 26, 2023, 6:59:14 PM3/26/23
to Wazuh mailing list
Did Anyone have the experience of deploying Wazuh on Aks? I have tried several ways to built the PV but everyone seams to fail:
File "/var/ossec/framework/python/lib/python3.9/site-packages/sqlalchemy/util/compat.py", line 152, in reraise
raise value.with_traceback(tb)
File "/var/ossec/framework/python/lib/python3.9/site-packages/sqlalchemy/engine/base.py", line 1245, in _execute_context
self.dialect.do_execute(
File "/var/ossec/framework/python/lib/python3.9/site-packages/sqlalchemy/engine/default.py", line 581, in do_execute
cursor.execute(statement, parameters)
sqlalchemy.exc.OperationalError: (sqlite3.OperationalError) database is locked
[SQL:
CREATE TABLE runas_token_blacklist (
nbf_invalid_until INTEGER NOT NULL,
is_valid_until INTEGER NOT NULL,
PRIMARY KEY (nbf_invalid_until),
CONSTRAINT nbf_invalid_until_invalidation_rule UNIQUE (nbf_invalid_until)
)]
(Background on this error at: http://sqlalche.me/e/e3q8)
There was an error configuring the API user
[cont-init.d] 2-manager: exited 0.
[cont-init.d] done.
[services.d] starting services
s6-svscanctl: fatal: unable to control /var/run/s6/services: supervisor not listening
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
s6-svwait: fatal: unable to subscribe to events for /var/run/s6/services/filebeat: No such file or directory
[s6-finish] sending all processes the TERM signal.
File "/var/ossec/framework/python/lib/python3.9/site-packages/sqlalchemy/util/compat.py", line 152, in reraise
raise value.with_traceback(tb)
File "/var/ossec/framework/python/lib/python3.9/site-packages/sqlalchemy/engine/base.py", line 1245, in _execute_context
self.dialect.do_execute(
File "/var/ossec/framework/python/lib/python3.9/site-packages/sqlalchemy/engine/default.py", line 581, in do_execute
cursor.execute(statement, parameters)
sqlalchemy.exc.OperationalError: (sqlite3.OperationalError) database is locked
[SQL:
CREATE TABLE runas_token_blacklist (
nbf_invalid_until INTEGER NOT NULL,
is_valid_until INTEGER NOT NULL,
PRIMARY KEY (nbf_invalid_until),
CONSTRAINT nbf_invalid_until_invalidation_rule UNIQUE (nbf_invalid_until)
)]
(Background on this error at: http://sqlalche.me/e/e3q8)
There was an error configuring the API user
[cont-init.d] 2-manager: exited 0.
[cont-init.d] done.
[services.d] starting services
s6-svscanctl: fatal: unable to control /var/run/s6/services: supervisor not listening
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
s6-svwait: fatal: unable to subscribe to events for /var/run/s6/services/filebeat: No such file or directory
[s6-finish] sending all processes the TERM signal.
Cedrick Foko
Mar 27, 2023, 5:33:21 AM3/27/23
to Wazuh mailing list
Hello Wesney,
Thank you for using Wazuh.
The error message you provided indicates that there is a problem with the database being locked. This could be caused by multiple processes trying to access the same database at the same time.
We recommend checking if there are any other processes running that could be accessing the database and causing the lock.
The "supervisor not listening" error could be related to the fact that s6-overlay copies the services to a different folder. You can investigate on this by running the ps aufx command. If the s6-supervisor is listening to the services under /var/run/s6/services, therefore what you should do this: s6-svc -u /var/run/s6/services/uwsgi and restart the service. This will help to ensure that s6-overlay copies files into the /var/run/s6 directory rather than use symlinks.
Another possible cause could be that you are overriding CMD, which you can’t do anymore. The base image now uses ENTRYPOINT.
We recommend checking if there are any other processes running that could be accessing the database and causing the lock.
The "supervisor not listening" error could be related to the fact that s6-overlay copies the services to a different folder. You can investigate on this by running the ps aufx command. If the s6-supervisor is listening to the services under /var/run/s6/services, therefore what you should do this: s6-svc -u /var/run/s6/services/uwsgi and restart the service. This will help to ensure that s6-overlay copies files into the /var/run/s6 directory rather than use symlinks.
Another possible cause could be that you are overriding CMD, which you can’t do anymore. The base image now uses ENTRYPOINT.
Also, make sure you have Filebeat installed in your instance and running.
I hope you find the information helpful. Please let me know if you have any further questions or concerns! Best Regards.
Wesney Bolzan Silva
Mar 27, 2023, 10:42:33 PM3/27/23
to Wazuh mailing list
Hi Cedrick! Thanks for your message and help.
The problem is that I am trying to use Azure Kubernets Services (AKS), so I do not (theorically) access to image to edit it nor change hosts…. The only thing I did was to map the PV statically and then followed the documentation on https://documentation.wazuh.com/current/deployment-options/deploying-with-kubernetes/kubernetes-deployment.html
Cedrick Foko
Mar 31, 2023, 6:20:15 AM3/31/23
to Wazuh mailing list
Hello Wesney,
Sorry for the late reply.
Kindly share with me the output of the following commands so I can troubleshoot further:
kubectl describe pod "Worker pod"
kubectl logs "Worker pod"
It is possible to deploy AKS in the same way it's done with EKS.
Looking forward to your feedback.
Regards
Maxwell Famoriyo
Nov 27, 2023, 4:19:00 PM11/27/23
to Wazuh | Mailing List
Reply all
Reply to author
Forward
0 new messages