Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wazuh-apid blindly killing pid (found in wazuh-apid.pid) after a sudden reboot #22608

Closed
haata opened this issue Mar 19, 2024 · 6 comments · Fixed by #23222, wazuh/qa-integration-framework#154, wazuh/wazuh-packages#2944 or wazuh/wazuh-documentation#7296 · May be fixed by wazuh/wazuh-qa#5351
Closed

wazuh-apid blindly killing pid (found in wazuh-apid.pid) after a sudden reboot #22608

haata opened this issue Mar 19, 2024 · 6 comments · Fixed by #23222, wazuh/qa-integration-framework#154, wazuh/wazuh-packages#2944 or wazuh/wazuh-documentation#7296 · May be fixed by wazuh/wazuh-qa#5351
Assignees
@GGP1
Labels
level/task reporter/community type/bug Something isn't working

Comments

@haata
Copy link

haata commented Mar 19, 2024

wazuh-manager v4.7.2 (rpm) Amazon Linux 2

I'm having an issue with wazuh v4.7.2, after a sudden reboot, when wazuh-manager restarts it's killing processes not owned by wazuh blindly

Feb 25 19:44:19 cdvx env: Starting Wazuh v4.7.2...
Feb 25 19:44:20 cdvx env: wazuh-apid: Process 8499 not used by Wazuh, removing...
Feb 25 19:44:21 cdvx env: wazuh-apid: Orphan child process 8634 was terminated.
Feb 25 19:44:21 cdvx env: wazuh-apid: Non existent process 8640, removing from /var/ossec/var/run...
Feb 25 19:44:21 cdvx env: wazuh-apid: Non existent process 8643, removing from /var/ossec/var/run...
Feb 25 19:44:21 cdvx systemd: da-controller-procmgr.service: main process exited, code=killed, status=9/KILL
Feb 25 19:44:21 cdvx env: wazuh-apid: Orphan child process 8634 was terminated.
Feb 25 19:44:21 cdvx env: wazuh-apid: Non existent process 8640, removing from /var/ossec/var/run...
Feb 25 19:44:21 cdvx env: wazuh-apid: Non existent process 8643, removing from /var/ossec/var/run...
Feb 25 19:44:21 cdvx env: wazuh-apid: Orphan child process 8634 was terminated.
Feb 25 19:44:21 cdvx env: wazuh-apid: Non existent process 8640, removing from /var/ossec/var/run...
Feb 25 19:44:21 cdvx env: wazuh-apid: Non existent process 8643, removing from /var/ossec/var/run...
Feb 25 19:44:21 cdvx env: Started wazuh-apid...

In this case it's a process owned by systemd (da-controller-procmgr.service which has pid 8634; I verified this from a different log file), which makes this all the more confusing.

it looks like https://github.com/wazuh/wazuh/blob/master/api/scripts/wazuh-apid.py#L355 is to blame as it's just reading the pids from previously started wazuh processes and blindly trying to kill them.

Any recommendations on how to work around this?
My suggestion would be for https://github.com/wazuh/wazuh/blob/master/framework/wazuh/core/utils.py#L43 (clean_pid_files) to try a bit harder to make sure the daemon name matches the process name before attempting to kill it.
@Selutario Selutario added type/bug Something isn't working level/task labels Mar 26, 2024
@GGP1 GGP1 self-assigned this May 2, 2024
@GGP1 GGP1 mentioned this issue May 2, 2024
Merged
@GGP1
Copy link
Member

GGP1 commented May 2, 2024

Update

Modified the method in charge of cleaning up methods to validate that the process belonged to the Wazuh daemon before killing it. In case the process was from other service, it just removes the file from the folder to avoid it happening again.

@GGP1 GGP1 linked a pull request May 2, 2024 that will close this issue
Fix framework processes cleanup #23222
Merged
@GGP1 GGP1 mentioned this issue May 2, 2024
Merged
@GGP1 GGP1 linked a pull request May 2, 2024 that will close this issue
Update API script path wazuh/qa-integration-framework#154
Merged
@GGP1
Copy link
Member

GGP1 commented May 7, 2024

Update

Added the wazuh_apid.py file to the files check list, created a package for the branch and executed an upgrade to verify that there were no errors.

@GGP1 GGP1 linked a pull request May 8, 2024 that will close this issue
Update API script file name wazuh/wazuh-qa#5351
Open
@GGP1 GGP1 mentioned this issue May 8, 2024
Merged
This was linked to pull requests May 8, 2024
Update API script file name wazuh/wazuh-packages#2944
Merged
Update API script file name wazuh/wazuh-documentation#7296
Merged
@GGP1
Copy link
Member

GGP1 commented May 8, 2024

Update

Made some modifications in the wazuh-qa, wazuh-packages and wazuh-documentation repositories to update the name of the API script and re-launched the failed checks to generate the packages with the changes.

@GGP1
Copy link
Member

GGP1 commented May 16, 2024

Update

Resolved conflicts in the linux upgrade check files.

@GGP1
Copy link
Member

GGP1 commented May 17, 2024

Update

Generated packages and ran the upgrade tests for each one of the linux distros required.

@GGP1
Copy link
Member

GGP1 commented May 20, 2024

Update

Applied suggested changes to some files in the Jenkins repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@GGP1 GGP1

Labels
level/task reporter/community type/bug Something isn't working
Projects
Release 4.9.0
Status: Done
Milestone
No milestone
4 participants
@haata @vikman90 @Selutario @GGP1