Kibana & Wazuh 4.0 Docker, API integration problem
164 views
Skip to first unread message
joh nte
Nov 4, 2020, 7:13:29 AM11/4/20
to Wazuh mailing list
Hi
I'm using a custom docker installation of wazuh 3.12 and i've made a copy of the host to make some test upgrading it to Wazuh 4.0.
The docker-build process complete without errors, all the update dockers are up and running but Wazuh give me the error "Could not select any API entry".
In the /usr/share/kibana/optimize/wazuh/config/wazuh.yml file, the configuration is right, username and password are from the precedent version (but i've tried using the default ones too), everithing seems ok but it seems there's no communication between Kibana and Wazuh, even with the port 55000 is open.
How's the new integration work? Are there some other file to be configured?
Manuel E. Gutiérrez
Nov 4, 2020, 7:28:04 AM11/4/20
to Wazuh mailing list
Hi there!
Hope this helps!
In 4.0 the default user/password for kibana is wazuh-wui/wazuh-wui.
Now the user can not be customized from the file config, you'll need to create it with a script like this:
Now the user can not be customized from the file config, you'll need to create it with a script like this:
https://gist.github.com/xr09/222fd2a374d1b6319f33ffdae3ebdefe
I'll duplicate here the comment on the Gist:
I'll duplicate here the comment on the Gist:
Download to /var/ossec/framework/scripts/create_user.py:
wget https://gist.github.com/xr09/222fd2a374d1b6319f33ffdae3ebdefe/raw/ae61649efb68aee7981f7042d613f2b8249d1499/create_user.py -O /var/ossec/framework/scripts/create_user.py
Execute with the python interpreter bundled with Wazuh:
/var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/create_user.py --username bilbo --password ".S3cur3Pa55w0rd*-"
The passsword must comply with requirements (8+ length, uppercase, lowercase, specials chars) or it will fail.
Hope this helps!
joh nte
Nov 5, 2020, 6:21:08 AM11/5/20
to Wazuh mailing list
Hi
more in-depth analysis showed us that it is not an authentication or login-related problem, but it is wazuh that does not start; Here's the errors in the log part:
more in-depth analysis showed us that it is not an authentication or login-related problem, but it is wazuh that does not start; Here's the errors in the log part:
2020/11/05 10:50:36 wazuh-modulesd: WARNING: Debian Wheezy is no longer supported.
What could be the cause of the error? And the remedy?
Also, we use a custom docker installation, is the migration part necessary? or is it just for OpenDistro?
2020/11/05 10:50:36 wazuh-modulesd: WARNING: Debian Jessie is no longer supported.
2020/11/05 10:50:36 wazuh-modulesd: INFO: (5586): No feeds specified for 'redhat' provider. Enabling all the available ones.
2020/11/05 10:50:36 wazuh-modulesd: INFO: 'update_from_year' option at module 'vulnerability-detector' is deprecated. Use 'os' instead.
Traceback (most recent call last):
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 2276, in _wrap_pool_connect
return fn()
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/base.py", line 363, in connect
return _ConnectionFairy._checkout(self)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/base.py", line 760, in _checkout
fairy = _ConnectionRecord.checkout(pool)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/base.py", line 492, in checkout
rec = pool._do_get()
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/impl.py", line 238, in _do_get
return self._create_connection()
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/base.py", line 308, in _create_connection
return _ConnectionRecord(self)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/base.py", line 437, in __init__
self.__connect(first_connect_check=True)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/base.py", line 639, in __connect
connection = pool._invoke_creator(self)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/engine/strategies.py", line 114, in connect
return dialect.connect(*cargs, **cparams)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/engine/default.py", line 482, in connect
return self.dbapi.connect(*cargs, **cparams)
sqlite3.OperationalError: unable to open database file
2020/11/05 10:50:36 wazuh-modulesd: INFO: (5586): No feeds specified for 'redhat' provider. Enabling all the available ones.
2020/11/05 10:50:36 wazuh-modulesd: INFO: 'update_from_year' option at module 'vulnerability-detector' is deprecated. Use 'os' instead.
Traceback (most recent call last):
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 2276, in _wrap_pool_connect
return fn()
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/base.py", line 363, in connect
return _ConnectionFairy._checkout(self)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/base.py", line 760, in _checkout
fairy = _ConnectionRecord.checkout(pool)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/base.py", line 492, in checkout
rec = pool._do_get()
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/impl.py", line 238, in _do_get
return self._create_connection()
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/base.py", line 308, in _create_connection
return _ConnectionRecord(self)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/base.py", line 437, in __init__
self.__connect(first_connect_check=True)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/base.py", line 639, in __connect
connection = pool._invoke_creator(self)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/engine/strategies.py", line 114, in connect
return dialect.connect(*cargs, **cparams)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/engine/default.py", line 482, in connect
return self.dbapi.connect(*cargs, **cparams)
sqlite3.OperationalError: unable to open database file
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/var/ossec/framework/scripts/wazuh-clusterd.py", line 18, in <module>
from wazuh.core.cluster import __version__, __author__, __ossec_name__, __licence__, master, local_server, worker
File "/var/ossec/framework/python/lib/python3.8/site-packages/wazuh-4.0.0-py3.8.egg/wazuh/core/cluster/master.py", line 20, in <module>
from wazuh.core.cluster.dapi import dapi
File "/var/ossec/framework/python/lib/python3.8/site-packages/wazuh-4.0.0-py3.8.egg/wazuh/core/cluster/dapi/dapi.py", line 24, in <module>
from wazuh import agent
File "/var/ossec/framework/python/lib/python3.8/site-packages/wazuh-4.0.0-py3.8.egg/wazuh/agent.py", line 19, in <module>
from wazuh.rbac.decorators import expose_resources
File "/var/ossec/framework/python/lib/python3.8/site-packages/wazuh-4.0.0-py3.8.egg/wazuh/rbac/decorators.py", line 18, in <module>
from wazuh.rbac.orm import RolesManager, PoliciesManager, AuthenticationManager, RulesManager
File "/var/ossec/framework/python/lib/python3.8/site-packages/wazuh-4.0.0-py3.8.egg/wazuh/rbac/orm.py", line 2409, in <module>
_Base.metadata.create_all(_engine)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/sql/schema.py", line 4315, in create_all
bind._run_visitor(
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 2048, in _run_visitor
with self._optional_conn_ctx_manager(connection) as conn:
File "/var/ossec/framework/python/lib/python3.8/contextlib.py", line 113, in __enter__
return next(self.gen)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 2040, in _optional_conn_ctx_manager
with self._contextual_connect() as conn:
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 2242, in _contextual_connect
self._wrap_pool_connect(self.pool.connect, None),
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 2279, in _wrap_pool_connect
Connection._handle_dbapi_exception_noconnection(
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 1547, in _handle_dbapi_exception_noconnection
util.raise_from_cause(sqlalchemy_exception, exc_info)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/util/compat.py", line 398, in raise_from_cause
reraise(type(exception), exception, tb=exc_tb, cause=cause)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/util/compat.py", line 152, in reraise
raise value.with_traceback(tb)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 2276, in _wrap_pool_connect
return fn()
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/base.py", line 363, in connect
return _ConnectionFairy._checkout(self)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/base.py", line 760, in _checkout
fairy = _ConnectionRecord.checkout(pool)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/base.py", line 492, in checkout
rec = pool._do_get()
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/impl.py", line 238, in _do_get
return self._create_connection()
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/base.py", line 308, in _create_connection
return _ConnectionRecord(self)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/base.py", line 437, in __init__
self.__connect(first_connect_check=True)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/base.py", line 639, in __connect
connection = pool._invoke_creator(self)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/engine/strategies.py", line 114, in connect
return dialect.connect(*cargs, **cparams)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/engine/default.py", line 482, in connect
return self.dbapi.connect(*cargs, **cparams)
sqlalchemy.exc.OperationalError: (sqlite3.OperationalError) unable to open database file
(Background on this error at: http://sqlalche.me/e/e3q8)
wazuh-clusterd: Configuration error. Exiting
File "/var/ossec/framework/scripts/wazuh-clusterd.py", line 18, in <module>
from wazuh.core.cluster import __version__, __author__, __ossec_name__, __licence__, master, local_server, worker
File "/var/ossec/framework/python/lib/python3.8/site-packages/wazuh-4.0.0-py3.8.egg/wazuh/core/cluster/master.py", line 20, in <module>
from wazuh.core.cluster.dapi import dapi
File "/var/ossec/framework/python/lib/python3.8/site-packages/wazuh-4.0.0-py3.8.egg/wazuh/core/cluster/dapi/dapi.py", line 24, in <module>
from wazuh import agent
File "/var/ossec/framework/python/lib/python3.8/site-packages/wazuh-4.0.0-py3.8.egg/wazuh/agent.py", line 19, in <module>
from wazuh.rbac.decorators import expose_resources
File "/var/ossec/framework/python/lib/python3.8/site-packages/wazuh-4.0.0-py3.8.egg/wazuh/rbac/decorators.py", line 18, in <module>
from wazuh.rbac.orm import RolesManager, PoliciesManager, AuthenticationManager, RulesManager
File "/var/ossec/framework/python/lib/python3.8/site-packages/wazuh-4.0.0-py3.8.egg/wazuh/rbac/orm.py", line 2409, in <module>
_Base.metadata.create_all(_engine)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/sql/schema.py", line 4315, in create_all
bind._run_visitor(
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 2048, in _run_visitor
with self._optional_conn_ctx_manager(connection) as conn:
File "/var/ossec/framework/python/lib/python3.8/contextlib.py", line 113, in __enter__
return next(self.gen)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 2040, in _optional_conn_ctx_manager
with self._contextual_connect() as conn:
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 2242, in _contextual_connect
self._wrap_pool_connect(self.pool.connect, None),
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 2279, in _wrap_pool_connect
Connection._handle_dbapi_exception_noconnection(
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 1547, in _handle_dbapi_exception_noconnection
util.raise_from_cause(sqlalchemy_exception, exc_info)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/util/compat.py", line 398, in raise_from_cause
reraise(type(exception), exception, tb=exc_tb, cause=cause)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/util/compat.py", line 152, in reraise
raise value.with_traceback(tb)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 2276, in _wrap_pool_connect
return fn()
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/base.py", line 363, in connect
return _ConnectionFairy._checkout(self)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/base.py", line 760, in _checkout
fairy = _ConnectionRecord.checkout(pool)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/base.py", line 492, in checkout
rec = pool._do_get()
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/impl.py", line 238, in _do_get
return self._create_connection()
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/base.py", line 308, in _create_connection
return _ConnectionRecord(self)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/base.py", line 437, in __init__
self.__connect(first_connect_check=True)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/pool/base.py", line 639, in __connect
connection = pool._invoke_creator(self)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/engine/strategies.py", line 114, in connect
return dialect.connect(*cargs, **cparams)
File "/var/ossec/framework/python/lib/python3.8/site-packages/sqlalchemy/engine/default.py", line 482, in connect
return self.dbapi.connect(*cargs, **cparams)
sqlalchemy.exc.OperationalError: (sqlite3.OperationalError) unable to open database file
(Background on this error at: http://sqlalche.me/e/e3q8)
wazuh-clusterd: Configuration error. Exiting
What could be the cause of the error? And the remedy?
Also, we use a custom docker installation, is the migration part necessary? or is it just for OpenDistro?
Manuel E. Gutiérrez
Nov 5, 2020, 7:33:53 AM11/5/20
to Wazuh mailing list
Hello,
Looks like you're using some deprecated options but those are just printing a warning, the real issue seems to be when accessing one of the internal databases. You can check our offical Docker images for 4.0: https://github.com/wazuh/wazuh-docker
The migration is to upgrade from 3.x to 4.0, so far we've released images for OpenDistro compatibility, the xpack variants are still pending.
Looks like you're using some deprecated options but those are just printing a warning, the real issue seems to be when accessing one of the internal databases. You can check our offical Docker images for 4.0: https://github.com/wazuh/wazuh-docker
The migration is to upgrade from 3.x to 4.0, so far we've released images for OpenDistro compatibility, the xpack variants are still pending.
joh nte
Nov 6, 2020, 6:19:30 AM11/6/20
to Wazuh mailing list
For the deprecated options, there's no problem, i will fix everithing once wazuh will be up..
For the other things, i've tried rebuil everithing doing the migration part too, but the errors still the same.
so do you advise me to wait for the xpack?
For the other things, i've tried rebuil everithing doing the migration part too, but the errors still the same.
so do you advise me to wait for the xpack?
joh nte
Nov 9, 2020, 10:17:51 AM11/9/20
to Wazuh mailing list
I've retried and the results still the same.
Wazuh closes after some problems reported in the previous log.
Anyone facing the same issue? What do you advise me to do?
Wazuh closes after some problems reported in the previous log.
Anyone facing the same issue? What do you advise me to do?
Are there any news regarding the xpack variant? a date? so I give it a try
joh nte
Nov 23, 2020, 10:41:26 AM11/23/20
to Wazuh mailing list
I'm still having this problem..
Please can someone help me?
Please can someone help me?
Reply all
Reply to author
Forward
0 new messages