Try to deploy Wazuh on Azure Kubernetes. #521
Comments
|
You can see this error message on the workers: Exiting: error loading config file: config file ("/etc/filebeat/filebeat.yml") can only be writable by the owner but the permissions are "-rwxrwxrwx" (to fix the permissions use: 'chmod go-w /etc/filebeat/filebeat.yml') All resources were in ReadWriteOnce access. I changed to ReadWriteMany to see if the resultat will be different but nothing changed. |
|
facing the same issue,..got stuck here |
|
You can run: ro will be read-only and rw will be read/write Without seeing how the directory is mounted in your environment, it'd be hard to give possible solves |
|
this issues goes into the discussion part of the project rather than the issue |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
I really need your help on this case. I tried since few weeks to deploy Wazuh 4.5.2 on my Kubernetes clusters from Azure. The instruction are based on AWS solution. I modified the storageclass type, and other details to make the statefulset running as well.
All persistent volumes are bond correctly. My issue is the workers and masters resources. It looks like the SQL db can't be started because something is wrong with the permission.
Workers logs:
2023-11-21T00:36:08.308846658Z find: '/proc/312/task/312/fd/5': No such file or directory 2023-11-21T00:36:08.308881359Z find: '/proc/312/task/312/fdinfo/5': No such file or directory 2023-11-21T00:36:08.309378269Z find: '/proc/312/fd/6': No such file or directory 2023-11-21T00:36:08.309597073Z find: '/proc/312/fdinfo/6': No such file or directory 2023-11-21T00:36:09.225479386Z find: '/proc/313/task/313/fd/5': No such file or directory 2023-11-21T00:36:09.225515086Z find: '/proc/313/task/313/fdinfo/5': No such file or directory 2023-11-21T00:36:09.226018896Z find: '/proc/313/fd/6': No such file or directory 2023-11-21T00:36:09.226232601Z find: '/proc/313/fdinfo/6': No such file or directory 2023-11-21T00:36:09.236587308Z Identified Wazuh configuration files to mount... 2023-11-21T00:36:09.275972695Z '/wazuh-config-mount/etc/ossec.conf' -> '/var/ossec/etc/ossec.conf' 2023-11-21T00:36:09.419224159Z [cont-init.d] 0-wazuh-init: exited 0. 2023-11-21T00:36:09.420445284Z [cont-init.d] 1-config-filebeat: executing... 2023-11-21T00:36:09.422721529Z Customize Elasticsearch ouput IP 2023-11-21T00:36:09.469590966Z Configuring username. 2023-11-21T00:36:09.560291580Z Configuring password. 2023-11-21T00:36:09.694602065Z Configuring SSL verification mode. 2023-11-21T00:36:09.823664346Z Configuring Certificate Authorities. 2023-11-21T00:36:09.918950851Z Configuring SSL Certificate. 2023-11-21T00:36:10.020187975Z Configuring SSL Key. 2023-11-21T00:36:10.133387938Z [cont-init.d] 1-config-filebeat: exited 0. 2023-11-21T00:36:10.134761066Z [cont-init.d] 2-manager: executing... 2023-11-21T00:36:16.365604443Z 2023/11/21 00:36:16 wazuh-modulesd: WARNING: 'update_from_year' option cannot be used for 'nvd' provider. 2023-11-21T00:36:17.731708933Z Starting Wazuh v4.5.2... 2023-11-21T00:36:25.619345861Z Started wazuh- Workers logs: apid... 2023-11-21T00:36:25.703227078Z Started wazuh-csyslogd... 2023-11-21T00:36:25.745422291Z Started wazuh-dbd... 2023-11-21T00:36:25.812633386Z 2023/11/21 00:36:25 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. 2023-11-21T00:36:25.813166097Z Started wazuh-integratord... 2023-11-21T00:36:25.820729242Z Started wazuh-agentlessd... 2023-11-21T00:36:26.857090718Z Started wazuh-authd... 2023-11-21T00:36:36.932414118Z wazuh-db did not start correctly. 2023-11-21T00:36:36.937487322Z [cont-init.d] 2-manager: exited 1. 2023-11-21T00:36:36.938442642Z [cont-init.d] done. 2023-11-21T00:36:36.939452063Z [services.d] starting services 2023-11-21T00:36:36.944463966Z starting Filebeat 2023-11-21T00:36:36.944734172Z [services.d] done. 2023-11-21T00:36:37.012017257Z 2023/11/21 00:36:25 wazuh-csyslogd: INFO: Remote syslog server not configured. Clean exit. 2023-11-21T00:36:37.012066058Z 2023/11/21 00:36:25 wazuh-dbd: INFO: Database not configured. Clean exit. 2023-11-21T00:36:37.012073358Z 2023/11/21 00:36:25 wazuh-integratord: INFO: Remote integrations not configured. Clean exit. 2023-11-21T00:36:37.012078958Z 2023/11/21 00:36:25 wazuh-agentlessd: INFO: Not configured. Exiting. 2023-11-21T00:36:37.012085159Z 2023/11/21 00:36:25 wazuh-authd: INFO: Started (pid: 444). 2023-11-21T00:36:37.012091259Z 2023/11/21 00:36:25 wazuh-authd: INFO: Accepting connections on port 1515. No password required. 2023-11-21T00:36:37.012097459Z 2023/11/21 00:36:25 wazuh-authd: INFO: Setting network timeout to 1.000000 sec. 2023-11-21T00:36:37.012104459Z 2023/11/21 00:36:25 wazuh-authd: ERROR: Unable to bind to socket 'queue/sockets/auth': 'Operation not permitted'. Closing local server. 2023-11-21T00:36:37.012109659Z 2023/11/21 00:36:26 wazuh-db: INFO: Started (pid: 460). 2023-11-21T00:36:37.012114959Z 2023/11/21 00:36:26 wazuh-db: CRITICAL: Unable to bind to socket 'queue/db/wdb': 'Operation not permitted'. Closing local server. **2023-11-21T00:36:37.014736013Z Exiting: error loading config file: config file ("/etc/filebeat/filebeat.yml") can only be writable by the owner but the permissions are "-rwxrwxrwx" (to fix the permissions use: 'chmod go-w /etc/filebeat/filebeat.yml')** 2023-11-21T00:36:37.018646894Z Filebeat exited. code=1 2023-11-21T00:36:37.023196887Z [cont-finish.d] executing container finish scripts... 2023-11-21T00:36:37.023866901Z [cont-finish.d] done. 2023-11-21T00:36:37.024291210Z [s6-finish] waiting for services. 2023-11-21T00:36:37.227740699Z [s6-finish] sending all processes the TERM signal. 2023-11-21T00:36:40.233786406Z [s6-finish] sending all processes the KILL signal and exiting.Masters logs:
023-11-21T00:37:43.787360912Z File "/var/ossec/framework/python/lib/python3.9/site-packages/sqlalchemy/engine/default.py", line 581, in do_execute 2023-11-21T00:37:43.787488812Z cursor.execute(statement, parameters) 2023-11-21T00:37:43.787504312Z sqlalchemy.exc.OperationalError: (sqlite3.OperationalError) database is locked 2023-11-21T00:37:43.787507512Z [SQL: 2023-11-21T00:37:43.787510712Z CREATE TABLE runas_token_blacklist ( 2023-11-21T00:37:43.787513712Z nbf_invalid_until INTEGER NOT NULL, 2023-11-21T00:37:43.787516612Z is_valid_until INTEGER NOT NULL, 2023-11-21T00:37:43.787519512Z PRIMARY KEY (nbf_invalid_until), 2023-11-21T00:37:43.787522512Z CONSTRAINT nbf_invalid_until_invalidation_rule UNIQUE (nbf_invalid_until) 2023-11-21T00:37:43.787525612Z ) 2023-11-21T00:37:43.787528412Z 2023-11-21T00:37:43.787531312Z ] 2023-11-21T00:37:43.787534612Z (Background on this error at: http://sqlalche.me/e/e3q8) 2023-11-21T00:37:43.881461777Z There was an error configuring the API user 2023-11-21T00:37:43.882148778Z [cont-init.d] 2-manager: exited 0. 2023-11-21T00:37:43.882765479Z [cont-init.d] done. 2023-11-21T00:37:43.883503781Z [services.d] starting services 2023-11-21T00:37:43.885050183Z s6-svscanctl: fatal: unable to control /var/run/s6/services: supervisor not listening 2023-11-21T00:37:43.885930785Z [cont-finish.d] executing container finish scripts... 2023-11-21T00:37:43.886295685Z [cont-finish.d] done. 2023-11-21T00:37:43.886541486Z [s6-finish] waiting for services. 2023-11-21T00:37:43.888160689Z s6-svwait: fatal: unable to subscribe to events for /var/run/s6/services/filebeat: No such file or directory 2023-11-21T00:37:44.089257142Z [s6-finish] sending all processes the TERM signal. 2023-11-21T00:37:47.094218920Z [s6-finish] sending all processes the KILL signal and exiting.The text was updated successfully, but these errors were encountered: