Wazuh on Openstack

130 views
Skip to first unread message

Isabella Mancini

unread,
Dec 9, 2024, 11:53:44 PM12/9/24
to Wazuh | Mailing List
Hi, im going through the step-by-step installation guide for Wazuh. I currently have two VM's on Openstack with two IP's on each instance (floating IP's and regular IP's).

Im installing the indexer, so when I go to the opensearch.yml and config.yml files, which IP should I be using for both of them? 

I'm asking because after I type in this command "/usr/share/wazuh-indexer/bin/indexer-security-init.sh" I get this error: "Device "x.x.x.x " does not exist.
ERROR: network host not valid, check /etc/wazuh-indexer/opensearch.yml"

Should I be using the floating IP's in both files? Or should I use a wildcard (0.0.0.0) in placement of the IP's?

Thank you
 

Bony V John

unread,
Dec 10, 2024, 12:26:55 AM12/10/24
to Wazuh | Mailing List
Hi Isabella,

Which IP Address to Use?

Regular IP vs. Floating IP:

  1. Regular IPs: These are internal/private IPs used for communication between instances within the same OpenStack network.
  2. Floating IPs: These are public IPs that allow external access to the instances.

For internal communication (e.g., between Wazuh components like the manager, indexer, and dashboard), use regular/private IPs. Floating/public IPs are typically not necessary unless external access is required. Use the private IP addresses for the network.host setting in opensearch.yml to enable secure communication within the private network.

Use of Wildcard 0.0.0.0:

The wildcard 0.0.0.0 binds the service to all available network interfaces on the instance. This should only be used if you intend for the service to be accessible from any network interface.

Recommended: -

Use Static Private IPs:

Before installing Wazuh services, ensure that the private IPs are static for those instances. Otherwise, after rebooting, the IP may change, causing communication issues between Wazuh services.

The error "Device 'x.x.x.x' does not exist" indicates that the IP specified in the configuration file is not recognized as a valid network interface on the VM.

Check the IPs of Your VM:

  1. Run ip a or ifconfig on your VM to list all network interfaces and confirm the private IP addresses available.

  2. Update opensearch.yml:
    In /etc/wazuh-indexer/opensearch.yml, set:

    network.host: <Private IP>

    Or, to bind to all network interfaces (less secure but sometimes necessary during testing):

    network.host: 0.0.0.0

  3. Update config.yml: Ensure the appropriate IPs are also referenced in the config.yml file, if needed.

  4. Restart the Indexer: After making changes, restart the Wazuh Indexer service:

            systemctl restart wazuh-indexer

Verify Connectivity: Test whether the components can communicate using telnet or curl on the specified IP and port. For example:
curl http://<IP>:9200


For more details, you can refer to the Wazuh documentation for better understanding and installation guidance.

Let me know if you have any further questions!

Best regards,

Isabella Mancini

unread,
Dec 10, 2024, 10:57:40 PM12/10/24
to Wazuh | Mailing List
Thank you for the detailed response.

I decided to uninstall the indexer and install it again on the same instance. I'm using the private IP in the config file. When going through the step-by-step install again, Im adding the wazuh repo and did an apt-get update, but when I did that I got these warnings:

W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/wazuh.list:1 and /etc/apt/sources.list.d/wazuh.list:2
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/wazuh.list:1 and /etc/apt/sources.list.d/wazuh.list:2
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/wazuh.list:1 and /etc/apt/sources.list.d/wazuh.list:2
W: Target CNF (main/cnf/Commands-amd64) is configured multiple times in /etc/apt/sources.list.d/wazuh.list:1 and /etc/apt/sources.list.d/wazuh.list:2
W: Target CNF (main/cnf/Commands-all) is configured multiple times in /etc/apt/sources.list.d/wazuh.list:1 and /etc/apt/sources.list.d/wazuh.list:2
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/wazuh.list:1 and /etc/apt/sources.list.d/wazuh.list:2
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/wazuh.list:1 and /etc/apt/sources.list.d/wazuh.list:2
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/wazuh.list:1 and /etc/apt/sources.list.d/wazuh.list:2
W: Target CNF (main/cnf/Commands-amd64) is configured multiple times in /etc/apt/sources.list.d/wazuh.list:1 and /etc/apt/sources.list.d/wazuh.list:2
W: Target CNF (main/cnf/Commands-all) is configured multiple times in /etc/apt/sources.list.d/wazuh.list:1 and /etc/apt/sources.list.d/wazuh.list:2

Should I be concerned with this? Could this affect anything? I think I saw this last time I was installing this too.

Bony V John

unread,
Dec 10, 2024, 11:26:48 PM12/10/24
to Wazuh | Mailing List
Hi Isabella,

The logs indicate that the Wazuh repository is listed multiple times in your /etc/apt/sources.list.d/wazuh.list file. This duplication can cause issues with package management. Please follow the steps below to troubleshoot and resolve this issue:

Steps to Fix:

  1. Inspect the Wazuh Repository File:
    Open the file /etc/apt/sources.list.d/wazuh.list to check for duplicate entries:

    sudo nano /etc/apt/sources.list.d/wazuh.list

  2. Remove Duplicate Lines:
    Identify and remove any duplicate lines. Ensure only one line remains:

    Save the changes and exit.

  3. Update the Package List:
    Refresh the package list and check for errors by running:

    sudo apt update

  4. Verify the Fix:
    After running sudo apt update, the warnings should no longer appear.

    If the issue persists, there might be another file causing the duplication. Check all files in the /etc/apt/sources.list.d/ directory:

    ls /etc/apt/sources.list.d/

    Look for other files containing Wazuh repository entries and ensure there are no duplicates.

Installing Wazuh Services:

If you’re new to Wazuh, I recommend starting with the assistance-based installation for an easier deployment experience. Once familiar, you can try the step-by-step installation, which provides deeper insights into Wazuh components and their configurations.

I hope this helps! Please let me know if you have any other questions or need further assistance.

Regards,

Bony V John

unread,
Dec 12, 2024, 10:43:04 PM12/12/24
to Wazuh | Mailing List
Hi Isabella,

I hope the above issue has been resolved. Please let me know if you have any further questions related to this.  

Regards,
Reply all
Reply to author
Forward
0 new messages