Change password is failing

14 views
Skip to first unread message

Paul Charran

unread,
Dec 1, 2025, 4:33:01 PM (14 hours ago) Dec 1
to Wazuh | Mailing List
I am trying to call the wazuh-passwords-tool.sh from a python script in my installation pipeline. But the tool keeps failing to work. I chased down the problem to a specific call - eval “JAVA_HOME=/usr/share/wazuh-indexer/jdk/ OPENSEARCH_CONF_DIR=/etc/wazuh-indexer /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -backup /etc/ wazuh-indexer/backup -icl -p 9200 -nhnv -cacert ${capem} -cert ${adminpem} -key ${admin Key} -h ${IP} ${debug}”
Call returns a value of 255 causing the following if statement to call an exit 1. Stopping my build.
The following is an excerpt of the log focused on the problem:

INFO: Updating the internal users.

INFO: passwords_getNetworkHost IP: “0.0.0.0”

<Multiple Stars>

This tool will be deprecated in the next major release of OpenSearch

https://github.com/opensearch-project/security/issues/1755

<Multiple Stars>

Security Admin v7

Will connect to localhost:9200

ERR: Seems there is no OpenSearch running on localhost:9200 – Will exit

cp: cannot stat “/etc/wazuh-indexer/backup/internal_users.yml”

chmod: cannot access ‘/etc/wazuh-indexer/internal-users-backup/internal_users_20251201_141719.yml.bkp

My question is there any way to start Opensearch early"? Or is there a way to make this backup manually so I can bypass this step.

Thank you for your help.

fabio.c...@wazuh.com

unread,
Dec 1, 2025, 5:58:51 PM (12 hours ago) Dec 1
to Wazuh | Mailing List

Hello Paul,

Thanks for reporting this.

To help you best, I need a little more context about your setup. Could you please answer the following questions:

  1. What type of deployment are you using?

  2. What exact command(s) did you run to change the password?

    • Please include the full command line (including any flags), and indicate whether you ran it manually or as part of a custom script / automation pipeline.

  3. At the time you ran the password tool, was the indexer (OpenSearch / Wazuh Indexer) already running and healthy?

    • You can run this to check:
      sudo systemctl status wazuh-indexer

  4. If this is part of a deployment automation/custom script, what is the order of steps?

    • When do you start the indexer service relative to when the password change command runs?

  5. What Wazuh version are you using?

  6. Are you running the script as root?

Reply all
Reply to author
Forward
0 new messages