Wazuh indexer fork first steps

[gdiazlo]

We want to generate our own flavor of OpenSearch under the wazuh-indexer name.

This will be a fork which will follow closely the OpenSearch development.

We will use this repo to add our required changes, generate our own packages and contribute back to the OpenSearch project.

To do:

• Update repository README and description
• Enable security tools
• Enable Actions
• Enable branch protection
• Fetch latest branch/sync
• Create Wazuh branches, starting with 4.8.0
• Implement Wazuh configuration files

[AlexRuiz7]

The following inherited GitHub Actions have been disabled until we analyze them. We can then decide whether to re-enable:

• poc-checklist.yml
• add-untriaged.yml
• backport.yml
• changelog_verifier.yml
• stalled.yml
• create-documentation-issue.yml
• delete_backport_branch.yml
• gradle-check.yml
• version.yml
• links.yml
• lucene-snapshots.yml
• publish-maven-snapshots.yml
• auto-release.yml

Although some of them look very interesting and promising, they do require adjustments for us to use, as they are configured specially for OpenSearch and use secrets (variables) which obviously are not inherited.

The remaining actions enabled are:

• wrapper.yml
• dependabot_pr.yml
• precommit.yml

[AlexRuiz7]

0867b1b Included Wazuh configuration files from [email protected]:

• stack/indexer/base/files/etc/wazuh-indexer
• unattended_installer/config/indexer/roles

[AlexRuiz7]

There are some changes in the jvm.options file compared with the OpenSearch's version. I've asked the @wazuh/cicd team for explanations about these changes, but we didn't find any real reason.

I've been investigating and found that these changes are related to the OpenSearch Performance Analyzer, and apparently these settings are required for this tool to work, but couldn't find any real documentation about this.

These are the resources consulted:

• Exception while starting Elasticsearch opendistro-for-elasticsearch/performance-analyzer#54
• https://github.com/wazuh/wazuh-saas/issues/4460
• https://forum.opensearch.org/t/enabling-performance-analyzer-kills-es-node/384
• https://opensearch.org/docs/latest/monitoring-your-cluster/pa/index/

[AlexRuiz7]

Branch 4.9.0 was created from branch 2.x, which at the moment is including changes towards 2.10.0.

[AlexRuiz7]

The branch 4.8.0 was renamed to 4.9.0.
Since last time I worked on this, OpenSearch 2.11.0 has been released, so the branch is out of date and needs to be updated.

Check the diff: 896573f...587f224

[AlexRuiz7]

There is also needed to update the configuration files mentioned in the comment #1 (comment) as they have been changed for 4.9.0.

See

• [ISM rollover] Create new role to grant ISM API permissions wazuh-packages#2552

Ensuring the ISM policy is correctly applied in the fork is required.

[AlexRuiz7]

To be continued in:

• Wazuh indexer fork update #54