Uninstall and reinstall has issue with openbistro
766 views
Skip to first unread message
Manish Pansiniya
Nov 19, 2021, 8:31:26 AM11/19/21
to Wazuh mailing list
Hi Support
I have uninstalled the wazuh and installing it again using unattended installation but it fail to install openbistro. Following is the error log
----------------------
Basedir: /usr/share/elasticsearch
This script maybe require your root password for 'sudo' privileges
Unable to determine Elasticsearch config directory. Quit.
dpkg: error processing package opendistro-security (--configure):
installed opendistro-security package post-installation script subprocess returned error exit status 255
dpkg: dependency problems prevent configuration of opendistroforelasticsearch:
opendistroforelasticsearch depends on opendistro-security (>= 1.13.1.0); however:
Package opendistro-security is not configured yet.
opendistroforelasticsearch depends on opendistro-security (<< 1.13.3.0); however:
Package opendistro-security is not configured yet.
dpkg: error processing package opendistroforelasticsearch (--configure):
dependency problems - leaving unconfigured
Errors were encountered while processing:
opendistro-security
opendistroforelasticsearch
E: Sub-process /usr/bin/dpkg returned an error code (1)
-----------
Any input on what is wrong with the installation.
mayte...@wazuh.com
Nov 22, 2021, 3:28:55 AM11/22/21
to Wazuh mailing list
Hi Manish Pansiniya,
Sorry for the late response.
When running the unattended script, you could use the following arguments. They can be useful to help us debug or fix the problem.
- Use -o to overwrite in case something remains after uninstalling
- Use -v to show the complete installation output and display a detailed description of the problem
Share the output with us if the issue persists.
Please keep us updated.
Best regards,
Mayte Ariza
Manish Pansiniya
Nov 22, 2021, 7:54:14 AM11/22/21
to mayte...@wazuh.com, Wazuh mailing list
Below is the log
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
wazuh-manager*
0 upgraded, 0 newly installed, 1 to remove and 14 not upgraded.
After this operation, 447 MB disk space will be freed.
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 142357 files and directories currently installed.)
Removing wazuh-manager (4.2.5-1) ...
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 123825 files and directories currently installed.)
Purging configuration files for wazuh-manager (4.2.5-1) ...
Processing triggers for systemd (245.4-4ubuntu3.13) ...
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
Reading package lists...
Building dependency tree...
Reading state information...
Package 'elasticsearch' is not installed, so not removed
The following packages will be REMOVED:
opendistro-alerting* opendistro-anomaly-detection*
opendistro-asynchronous-search* opendistro-index-management*
opendistro-job-scheduler* opendistro-knn* opendistro-knnlib*
opendistro-performance-analyzer* opendistro-reports-scheduler*
opendistro-security* opendistro-sql* opendistroforelasticsearch*
0 upgraded, 0 newly installed, 12 to remove and 14 not upgraded.
After this operation, 179 MB disk space will be freed.
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 123807 files and directories currently installed.)
Removing opendistroforelasticsearch (1.13.2-1) ...
Removing opendistro-alerting (1.13.1.0-1) ...
Removing opendistro-anomaly-detection (1.13.0.0-1) ...
Removing opendistro-asynchronous-search (1.13.0.1-1) ...
Removing opendistro-index-management (1.13.2.0-1) ...
Removing opendistro-job-scheduler (1.13.0.0-1) ...
Removing opendistro-knn (1.13.0.0-1) ...
Removing opendistro-knnlib (1.13.0.0) ...
Removing opendistro-performance-analyzer (1.13.0.0-1) ...
ES_HOME is /usr/share/elasticsearch
Removing opendistro-reports-scheduler (1.13.0.0-1) ...
Removing opendistro-security (1.13.1.0-1) ...
Removing opendistro-sql (1.13.2.0-1) ...
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 123422 files and directories currently installed.)
Purging configuration files for opendistro-performance-analyzer (1.13.0.0-1) ...
ES_HOME is /usr/share/elasticsearch
Warning: apt-key output should not be parsed (stdout is not a terminal)
OK
deb https://packages.wazuh.com/4.x/apt/ stable main
Hit:4 https://packages.wazuh.com/4.x/apt stable InRelease
Get:5 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Ign:6 https://pkg.duosecurity.com/Ubuntu trusty InRelease
Get:7 http://deb.debian.org/debian stretch-backports InRelease [91.8 kB]
Err:7 http://deb.debian.org/debian stretch-backports InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9
Hit:8 https://esm.ubuntu.com/cis/ubuntu focal InRelease
Hit:9 https://pkg.duosecurity.com/Ubuntu trusty Release
Reading package lists...
W: GPG error: http://deb.debian.org/debian stretch-backports InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9
E: The repository 'http://deb.debian.org/debian stretch-backports InRelease' is not signed.
Get:1 http://deb.debian.org/debian stretch-backports InRelease [91.8 kB]
Hit:5 https://packages.wazuh.com/4.x/apt stable InRelease
Err:1 http://deb.debian.org/debian stretch-backports InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9
Get:6 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Ign:7 https://pkg.duosecurity.com/Ubuntu trusty InRelease
Hit:8 https://pkg.duosecurity.com/Ubuntu trusty Release
Hit:10 https://esm.ubuntu.com/cis/ubuntu focal InRelease
Reading package lists...
W: GPG error: http://deb.debian.org/debian stretch-backports InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9
E: The repository 'http://deb.debian.org/debian stretch-backports InRelease' is not signed.
Reading package lists...
Building dependency tree...
Reading state information...
libcap2-bin is already the newest version (1:2.32-1).
unzip is already the newest version (6.0-25ubuntu1).
wget is already the newest version (1.20.3-1ubuntu1).
curl is already the newest version (7.68.0-1ubuntu2.7).
apt-transport-https is already the newest version (2.0.6).
0 upgraded, 0 newly installed, 0 to remove and 14 not upgraded.
Reading package lists...
Building dependency tree...
Reading state information...
Suggested packages:
expect
The following NEW packages will be installed:
wazuh-manager
0 upgraded, 1 newly installed, 0 to remove and 14 not upgraded.
Need to get 0 B/116 MB of archives.
After this operation, 447 MB of additional disk space will be used.
Selecting previously unselected package wazuh-manager.
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 123423 files and directories currently installed.)
Preparing to unpack .../wazuh-manager_4.2.5-1_amd64.deb ...
Unpacking wazuh-manager (4.2.5-1) ...
Setting up wazuh-manager (4.2.5-1) ...
Processing triggers for systemd (245.4-4ubuntu3.13) ...
Synchronizing state of wazuh-manager.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-manager
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
Reading package lists...
Building dependency tree...
Reading state information...
elasticsearch-oss is already the newest version (7.10.2).
The following additional packages will be installed:
opendistro-alerting opendistro-anomaly-detection
opendistro-asynchronous-search opendistro-index-management
opendistro-job-scheduler opendistro-knn opendistro-knnlib
opendistro-performance-analyzer opendistro-reports-scheduler
opendistro-security opendistro-sql
The following NEW packages will be installed:
opendistro-alerting opendistro-anomaly-detection
opendistro-asynchronous-search opendistro-index-management
opendistro-job-scheduler opendistro-knn opendistro-knnlib
opendistro-performance-analyzer opendistro-reports-scheduler
opendistro-security opendistro-sql opendistroforelasticsearch
0 upgraded, 12 newly installed, 0 to remove and 14 not upgraded.
Need to get 0 B/161 MB of archives.
After this operation, 179 MB of additional disk space will be used.
Selecting previously unselected package opendistro-alerting.
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 141973 files and directories currently installed.)
Preparing to unpack .../00-opendistro-alerting_1.13.1.0-1_all.deb ...
Unpacking opendistro-alerting (1.13.1.0-1) ...
Selecting previously unselected package opendistro-anomaly-detection.
Preparing to unpack .../01-opendistro-anomaly-detection_1.13.0.0-1_all.deb ...
Unpacking opendistro-anomaly-detection (1.13.0.0-1) ...
Selecting previously unselected package opendistro-asynchronous-search.
Preparing to unpack .../02-opendistro-asynchronous-search_1.13.0.1-1_all.deb ...
Unpacking opendistro-asynchronous-search (1.13.0.1-1) ...
Selecting previously unselected package opendistro-index-management.
Preparing to unpack .../03-opendistro-index-management_1.13.2.0-1_all.deb ...
Unpacking opendistro-index-management (1.13.2.0-1) ...
Selecting previously unselected package opendistro-job-scheduler.
Preparing to unpack .../04-opendistro-job-scheduler_1.13.0.0-1_all.deb ...
Unpacking opendistro-job-scheduler (1.13.0.0-1) ...
Selecting previously unselected package opendistro-knnlib.
Preparing to unpack .../05-opendistro-knnlib_1.13.0.0_amd64.deb ...
Unpacking opendistro-knnlib (1.13.0.0) ...
Selecting previously unselected package opendistro-knn.
Preparing to unpack .../06-opendistro-knn_1.13.0.0-1_all.deb ...
Unpacking opendistro-knn (1.13.0.0-1) ...
Selecting previously unselected package opendistro-performance-analyzer.
Preparing to unpack .../07-opendistro-performance-analyzer_1.13.0.0-1_all.deb ...
Unpacking opendistro-performance-analyzer (1.13.0.0-1) ...
Selecting previously unselected package opendistro-reports-scheduler.
Preparing to unpack .../08-opendistro-reports-scheduler_1.13.0.0-1_all.deb ...
Unpacking opendistro-reports-scheduler (1.13.0.0-1) ...
Selecting previously unselected package opendistro-security.
Preparing to unpack .../09-opendistro-security_1.13.1.0-1_all.deb ...
Unpacking opendistro-security (1.13.1.0-1) ...
Selecting previously unselected package opendistro-sql.
Preparing to unpack .../10-opendistro-sql_1.13.2.0-1_all.deb ...
Unpacking opendistro-sql (1.13.2.0-1) ...
Selecting previously unselected package opendistroforelasticsearch.
Preparing to unpack .../11-opendistroforelasticsearch_1.13.2-1_amd64.deb ...
Unpacking opendistroforelasticsearch (1.13.2-1) ...
Setting up opendistro-job-scheduler (1.13.0.0-1) ...
Setting up opendistro-reports-scheduler (1.13.0.0-1) ...
Setting up opendistro-sql (1.13.2.0-1) ...
Setting up opendistro-knnlib (1.13.0.0) ...
Setting up opendistro-security (1.13.1.0-1) ...
OpenDistro for Elasticsearch Security Demo Installer
** Warning: Do not use on production or public reachable systems **
Basedir: /usr/share/elasticsearch
This script maybe require your root password for 'sudo' privileges
Unable to determine Elasticsearch config directory. Quit.
dpkg: error processing package opendistro-security (--configure):
installed opendistro-security package post-installation script subprocess returned error exit status 255
Setting up opendistro-knn (1.13.0.0-1) ...
Setting up opendistro-asynchronous-search (1.13.0.1-1) ...
Setting up opendistro-alerting (1.13.1.0-1) ...
Setting up opendistro-anomaly-detection (1.13.0.0-1) ...
Setting up opendistro-asynchronous-search (1.13.0.1-1) ...
Setting up opendistro-alerting (1.13.1.0-1) ...
Setting up opendistro-anomaly-detection (1.13.0.0-1) ...
dpkg: dependency problems prevent configuration of opendistroforelasticsearch:
opendistroforelasticsearch depends on opendistro-security (>= 1.13.1.0); however:
Package opendistro-security is not configured yet.
opendistroforelasticsearch depends on opendistro-security (<< 1.13.3.0); however:
Package opendistro-security is not configured yet.
dpkg: error processing package opendistroforelasticsearch (--configure):
dependency problems - leaving unconfigured
Setting up opendistro-index-management (1.13.2.0-1) ...
Setting up opendistro-performance-analyzer (1.13.0.0-1) ...
grep: /etc/elasticsearch/jvm.options: No such file or directory
/var/lib/dpkg/info/opendistro-performance-analyzer.postinst: line 28: /etc/elasticsearch/jvm.options: No such file or directory
dpkg: error processing package opendistro-performance-analyzer (--configure):
installed opendistro-performance-analyzer package post-installation script subprocess returned error exit status 1
Setting up opendistro-performance-analyzer (1.13.0.0-1) ...
grep: /etc/elasticsearch/jvm.options: No such file or directory
/var/lib/dpkg/info/opendistro-performance-analyzer.postinst: line 28: /etc/elasticsearch/jvm.options: No such file or directory
dpkg: error processing package opendistro-performance-analyzer (--configure):
installed opendistro-performance-analyzer package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
opendistro-security
opendistroforelasticsearch
opendistro-performance-analyzer
E: Sub-process /usr/bin/dpkg returned an error code (1)
mkdir: cannot create directory '/etc/elasticsearch/certs': No such file or directory
/root/unattended-installation.sh: line 287: cd: /etc/elasticsearch/certs: No such file or directory
cp: target '/etc/elasticsearch/certs/' is not a directory
cp: cannot create regular file '/etc/elasticsearch/certs/': No such file or directory
cp: target '/etc/elasticsearch/certs/' is not a directory
sed: can't read /etc/elasticsearch/jvm.options: No such file or directory
sed: can't read /etc/elasticsearch/jvm.options: No such file or directory
/root/unattended-installation.sh: line 319: /usr/share/elasticsearch/bin/elasticsearch-plugin: No such file or directory
Synchronizing state of elasticsearch.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable elasticsearch
Job for elasticsearch.service failed because the control process exited with error code.
See "systemctl status elasticsearch.service" and "journalctl -xe" for details.
/root/unattended-installation.sh: line 287: cd: /etc/elasticsearch/certs: No such file or directory
cp: target '/etc/elasticsearch/certs/' is not a directory
cp: cannot create regular file '/etc/elasticsearch/certs/': No such file or directory
cp: target '/etc/elasticsearch/certs/' is not a directory
sed: can't read /etc/elasticsearch/jvm.options: No such file or directory
sed: can't read /etc/elasticsearch/jvm.options: No such file or directory
/root/unattended-installation.sh: line 319: /usr/share/elasticsearch/bin/elasticsearch-plugin: No such file or directory
Synchronizing state of elasticsearch.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable elasticsearch
Job for elasticsearch.service failed because the control process exited with error code.
See "systemctl status elasticsearch.service" and "journalctl -xe" for details.
systemctl status elasticsearch.service output
Nov 22 23:09:43 CMLog systemd[1]: Starting Elasticsearch...
Nov 22 23:09:43 CMLog systemd[928335]: elasticsearch.service: Failed to execute command: No such file or directory
Nov 22 23:09:43 CMLog systemd[928335]: elasticsearch.service: Failed at step EXEC spawning /usr/share/elasticsearch/bin/systemd-entrypoint: No such file or directory
Nov 22 23:09:43 CMLog systemd[1]: elasticsearch.service: Main process exited, code=exited, status=203/EXEC
Nov 22 23:09:43 CMLog systemd[1]: elasticsearch.service: Failed with result 'exit-code'.
Nov 22 23:09:43 CMLog systemd[1]: Failed to start Elasticsearch.
journalctl -xe
sticsearch.performanceanalyzer.reader.ReaderMetricsProcessor - Error reading file '/usr/share/elasticsearch/data/batch_metrics_enabled.conf': java.nio.file.NoSuchFileException: /usr/share/elasticsearch/data/batch_metrics_enabled.conf
sticsearch.performanceanalyzer.reader.ReaderMetricsProcessor - Error reading file '/usr/share/elasticsearch/data/batch_metrics_enabled.conf': java.nio.file.NoSuchFileException: /usr/share/elasticsearch/data/batch_metrics_enabled.conf
been provided with a single statement batch execution. This may be due to accidental API misuse
been provided with a single statement batch execution. This may be due to accidental API misuse
been provided with a single statement batch execution. This may be due to accidental API misuse
been provided with a single statement batch execution. This may be due to accidental API misuse
been provided with a single statement batch execution. This may be due to accidental API misuse
been provided with a single statement batch execution. This may be due to accidental API misuse
sticsearch.performanceanalyzer.reader.ReaderMetricsProcessor - Error reading file '/usr/share/elasticsearch/data/batch_metrics_enabled.conf': java.nio.file.NoSuchFileException: /usr/share/elasticsearch/data/batch_metrics_enabled.conf
sticsearch.performanceanalyzer.reader.ReaderMetricsProcessor - Error reading file '/usr/share/elasticsearch/data/batch_metrics_enabled.conf': java.nio.file.NoSuchFileException: /usr/share/elasticsearch/data/batch_metrics_enabled.conf
been provided with a single statement batch execution. This may be due to accidental API misuse
been provided with a single statement batch execution. This may be due to accidental API misuse
been provided with a single statement batch execution. This may be due to accidental API misuse
been provided with a single statement batch execution. This may be due to accidental API misuse
been provided with a single statement batch execution. This may be due to accidental API misuse
been provided with a single statement batch execution. This may be due to accidental API misuse
sticsearch.performanceanalyzer.reader.ReaderMetricsProcessor - Error reading file '/usr/share/elasticsearch/data/batch_metrics_enabled.conf': java.nio.file.NoSuchFileException: /usr/share/elasticsearch/data/batch_metrics_enabled.conf
let me know if you can find anything
Manish
--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/TO1tS5E60Zk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/7fa1b4d8-5cc3-4dfb-84ba-aeb7d0383184n%40googlegroups.com.
mayte...@wazuh.com
Nov 22, 2021, 10:05:53 AM11/22/21
to Wazuh mailing list
Hi Manish Pansiniya,
I have been discussing it with the team and they said that this issue may be caused due to some Elasticsearch packages not being completely removed before reinstalling.
Could you try running the following commands before reinstalling?:
sudo apt-get remove --purge elasticsearch*
sudo apt-get remove --purge opendistro*
I hope it helps.
Please keep us updated.
Best regards,
Mayte Ariza
Manish Pansiniya
Nov 23, 2021, 2:30:32 AM11/23/21
to mayte...@wazuh.com, Wazuh mailing list
Hi Mayte
Great. Thanks for the update. It is working after I run your command with the following as well as checked all directory which needs removal and it worked!! Thanks a lot :)
apt-get remove wazuh-managerapt-get remove --purge wazuh-managerapt-get remove filebeatapt-get remove --purge filebeatapt-get remove --auto-remove opendistroforelasticsearchapt-get remove opendistroforelasticsearch-kibanaapt-get remove --purge opendistroforelasticsearch-kibanarm /var/lib/elasticsearchapt-get remove elasticsearchapt-get remove --purge elasticsearchapt-get remove kibanaapt-get remove --purge kibana
sudo apt-get remove --purge elasticsearch*sudo apt-get remove --purge opendistro*
Kind Regards,
| Manish Pansiniya | |
| Founder & Director | |
| IntelliPro Solutions Pvt Ltd | |
| p: | 91 79 40095674 m: 91 9898912298 |
| w: | www.iprospl.com e: man...@iprospl.com |
   | |
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/ade91a48-5552-4ac6-bd30-db4a8c4c68a7n%40googlegroups.com.
mayte...@wazuh.com
Nov 23, 2021, 3:10:45 AM11/23/21
to Wazuh mailing list
Hi Manish Pansiniya,
I am glad you managed to solve the issue!
Do not hesitate to contact us again if you have any questions.
Best regards,
Mayte Ariza
Reply all
Reply to author
Forward
0 new messages