wazuh-agent conflict with CPUSchedulingPolicy=fifo

[Николай Токарев]

Hello everyone. I need help. There is a running daemon with the CPUSchedulingPolicy=fifo parameter in the configuration file /etc/systemd/system/anycast-healthchecker/override.conf. Everything works fine until I installed wazuh-agent 4.2.5. and made a start. If you restart anycast-healthchecker (systemctl restart anycast-healthchecker), it does not start and an error appears, I apply a screen. To run it, you need to stop wazuh-agent and restart the server.

[Juan Nicolás Asselle]

Hi,

I'm debugging and checking this and I'll be right back with an answer asap.

Regards,

Nico

[Николай Токарев]

will you help me?

понедельник, 4 апреля 2022 г. в 14:24:22 UTC+3, juan.a...@wazuh.com:

[Juan Nicolás Asselle]

Hi,

I tried to replicate it but I couldn't. It takes me a while because the anycast-healthchecker project does not provide OOTB packages and enough documentation. Once rpm package was created I needed to copy and install systemd services files because rpm package does not contain it. Then learn a little bit about the project to configure it in order to run it, but after this, I was not able to replicate your issue.

Could you please provide us with the OS information?

Looking forward to your comments,

Nico

[Николай Токарев]

You can try running MariaDB. There will be the same mistake. I think that the service is not important, the main thing is if it is started with the CPUSchedulingPolicy=filo parameter in the configuration file /etc/systemd/system/..../override.conf. What OS information do you need?

среда, 6 апреля 2022 г. в 14:24:37 UTC+3, juan.a...@wazuh.com:

[Juan Nicolás Asselle]

Your override.conf file content and parameters you are trying to use are read and applied to anycast-healthchecker.service as part of systemd (ref), so yes, it's important to install anycast-healthchecker.service.

By OS information I mean:

• GNU/Linux distribution name and release
• Kernel version
• Systemd version

​

[Николай Токарев]

CentOS Linux release 7.9.2009

3.10.0-1160.25.1.el7.x86_64 #1 SMP Wed Apr 28 21:49:45 UTC 2021 x86_64 x86_64 x86_64 GNU/Linu

systemd 219
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN

среда, 6 апреля 2022 г. в 16:04:03 UTC+3, juan.a...@wazuh.com:

[Juan Nicolás Asselle]

Let me check this again using the same specs and I'll return ASAP

[Juan Nicolás Asselle]

Me again
After setting up the environment, I couldn’t replicate your problem either.
Environment:

[root@centos7 vagrant]# cat /etc/os-release 
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

[root@centos7 vagrant]# uname -a
Linux centos7.localdomain 3.10.0-1160.31.1.el7.x86_64 #1 SMP Thu Jun 10 13:32:12 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
[root@centos7 vagrant]# systemctl --version

systemd 219
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN

[root@centos7 vagrant]# cat /etc/systemd/system/mariadb.service.d/override.conf
[Service]
CPUSchedulingPolicy=fifo

Steps:
1- Start wazuh agent service

[root@centos7 vagrant]# systemctl restart wazuh-agent.service 
[root@centos7 vagrant]# systemctl status wazuh-agent.service 
● wazuh-agent.service - Wazuh agent
   Loaded: loaded (/usr/lib/systemd/system/wazuh-agent.service; disabled; vendor preset: disabled)
   Active: active (running) since Wed 2022-04-06 14:53:26 UTC; 5s ago
  Process: 28673 ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop (code=exited, status=0/SUCCESS)
  Process: 28738 ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/wazuh-agent.service
           ├─28765 /var/ossec/bin/wazuh-execd
           ├─28777 /var/ossec/bin/wazuh-agentd
           ├─28791 /var/ossec/bin/wazuh-syscheckd
           ├─28804 /var/ossec/bin/wazuh-logcollector
           ├─28822 /var/ossec/bin/wazuh-modulesd
           ├─29169 n/a
           └─29171 n/a

Apr 06 14:53:19 centos7.localdomain systemd[1]: Starting Wazuh agent...
Apr 06 14:53:19 centos7.localdomain env[28738]: Starting Wazuh v4.2.6...
Apr 06 14:53:20 centos7.localdomain env[28738]: Started wazuh-execd...
Apr 06 14:53:21 centos7.localdomain env[28738]: Started wazuh-agentd...
Apr 06 14:53:22 centos7.localdomain env[28738]: Started wazuh-syscheckd...
Apr 06 14:53:23 centos7.localdomain env[28738]: Started wazuh-logcollector...
Apr 06 14:53:24 centos7.localdomain env[28738]: Started wazuh-modulesd...
Apr 06 14:53:26 centos7.localdomain env[28738]: Completed.
Apr 06 14:53:26 centos7.localdomain systemd[1]: Started Wazuh agent.

2- Restart mariadb service

[root@centos7 vagrant]# systemctl restart mariadb.service 
[root@centos7 vagrant]# systemctl status mariadb.service 
● mariadb.service - MariaDB database server
   Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/mariadb.service.d
           └─override.conf
   Active: active (running) since Wed 2022-04-06 14:54:58 UTC; 6s ago
  Process: 29250 ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID (code=exited, status=0/SUCCESS)
  Process: 29214 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n (code=exited, status=0/SUCCESS)
 Main PID: 29249 (mysqld_safe)
   CGroup: /system.slice/mariadb.service
           ├─29249 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
           └─29414 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=/v...

Apr 06 14:54:56 centos7.localdomain systemd[1]: Starting MariaDB database server...
Apr 06 14:54:56 centos7.localdomain mariadb-prepare-db-dir[29214]: Database MariaDB is probably initialized in /var/lib/mysql already, nothing is done.
Apr 06 14:54:56 centos7.localdomain mariadb-prepare-db-dir[29214]: If this is not the case, make sure the /var/lib/mysql is empty before running mariadb-prepare-db-dir.
Apr 06 14:54:56 centos7.localdomain mysqld_safe[29249]: 220406 14:54:56 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.
Apr 06 14:54:56 centos7.localdomain mysqld_safe[29249]: 220406 14:54:56 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
Apr 06 14:54:58 centos7.localdomain systemd[1]: Started MariaDB database server.

3- Check that mariadb override config is OK

[root@centos7 vagrant]# systemctl show --property=CPUSchedulingPolicy mariadb.service 
CPUSchedulingPolicy=1

I’m currently investigating more about CPUSchedulingPolicy constraints that maybe are causing the issue in your environment.

​

[Николай Токарев]

mariadb does not write an error after restarting ? try running wazuh-agent first and then mariadb. Could there be a problem in the systemd version?

среда, 6 апреля 2022 г. в 18:06:15 UTC+3, juan.a...@wazuh.com:

[Николай Токарев]

there is no good news.. :(

среда, 6 апреля 2022 г. в 18:18:10 UTC+3, Николай Токарев:

[Николай Токарев]

I checked mariadb, there are no problems. Maybe the problem is specifically in anycast-healthchecker?

среда, 6 апреля 2022 г. в 18:26:20 UTC+3, Николай Токарев:

[Николай Токарев]

any news? :(

среда, 6 апреля 2022 г. в 18:59:32 UTC+3, Николай Токарев: