Validate & test packages - Iter. 1

[AlexRuiz7]

Description

We have developed tools to generate packages of wazuh-indexer from a given commit of this repository. In order to verify that these packages are worthy, we need to validate their contents and test them.

Use previous tests as a guideline.

• Release 4.8.0 - Alpha 1 - E2E UX tests - Wazuh Indexer wazuh#20703

Tasks

For assembled RPM and DEB packages generated using our tools, we need to:

• Validate their content. We expect the packages to contain the same amount of files as in previous packages of wazuh-indexer (4.7.0).
• Test the packages' lifecycle. We expect the packages to upgrade, install and uninstall successfully. Moreover, wazuh-indexer must work without errors.

Test requirements and restrictions

During the packages' validation step, download and extract the fork (4.9.0) and pre-fork (4.7.0) packages for the same distribution (deb / rpm), and compare its contents. An example of this procedure can be seen here.

If you find differences in their contents, note them as follows:

• New files represent a Warning.
• Missing files represent a Failure.

It is not required to verify the content of the files themselves, but do check important configuration files as /etc/wazuh-indexer/jvm.options and /etc/wazuh-indexer/opensearch.yml.

For the packages' testing step, download and install the fork (4.9.0) and pre-fork packages (4.7.0) and test that:

• Following the upgrade guide, wazuh-indexer upgrades from 4.7.0 to 4.9.0 successfully, meaning there are no errors in the logs, the service is active, and the cluster is in green state (see the notes below for more information).
• Following the uninstallation guide, wazuh-indexer and all its contents are removed from the system.
• Following the installation guide, wazuh-indexer installs, meaning there are no errors in the logs, the service is active, and the cluster is in green state (see the notes below for more information).
• For the installation, do also check file permissions.

Legend

🟢	Success
🟠	Warning
🔴	Failure

Notes

• logs: /var/log/wazuh-indexer/wazuh-cluster.log
• journalctl: journalctl -xeu wazuh-indexer
• service: systemctl status wazuh-indexer
• cluster state: curl -X PUT "https://<WAZUH_INDEXER_IP>:9200/_cluster/health" -u <username>:<password>
• For the installation, the addition of the Wazuh repository can be skipped. Install the package directly (yum localinstall <path-to-package> or dpkg -i <path-to-package>).

[f-galland]

.deb Package content validation:

Tests were run using pkgdiff:

pkgdiff wazuh-indexer_4.7.1-1_amd64.deb wazuh-indexer_4.9.0_amd64.deb

Dependency changes:

Name	Status	Old Version	New Version
adduser	removed
debconf	removed
procps	removed
libasound2	added		>= 1.0.16
libc6	added		>= 2.9
libfreetype6	added		>= 2.3.5
libx11-6	added
libxext6	added
libxi6	added
libxrender1	added
libxtst6	added
zlib1g	added		>= 1.2.2

Shared library changes:

Name	Status
/usr/share/wazuh-indexer/plugins/opensearch-knn/lib/libgomp.so.1	removed
/usr/share/wazuh-indexer/plugins/opensearch-knn/lib/libopensearchknn_common.so	removed
/usr/share/wazuh-indexer/plugins/opensearch-knn/lib/libopensearchknn_faiss.so	removed
/usr/share/wazuh-indexer/plugins/opensearch-knn/lib/libopensearchknn_nmslib.so	removed

Shell program changes:

Name	Status	Delta	Visual Diff
/usr/share/wazuh-indexer/plugins/opensearch-security/tools/install_demo_configuration.sh	added
/usr/share/wazuh-indexer/bin/indexer-ism-init.sh	added
/usr/share/wazuh-indexer/bin/indexer-init.sh	added
/usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh	removed
/usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-certs-tool.sh	removed

Symbolic Links:

Name	Status
/usr/share/wazuh-indexer/data	added
/usr/share/wazuh-indexer/logs	added

Policy Files:

Name	Status	Delta	Visual Diff
/usr/share/wazuh-indexer/plugins/opensearch-geospatial/plugin-security.policy	added

YAML Files:

Name	Status	Delta	Visual Diff
/usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.yml	removed

Directories:

Name	Status
/usr/share/lintian	added
/usr/share/lintian/overrides	added
/var/run	added
/var/run/wazuh-indexer	added
/usr/share/wazuh-indexer/plugins/opensearch-knn/lib	removed

Archives:

Name	Status	Delta	Visual Diff
/usr/share/wazuh-indexer/plugins/opensearch-sql/spark-2.11.1.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-sql/kotlin-stdlib-jdk8-1.8.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-sql/kotlin-stdlib-jdk7-1.9.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-sql/ipaddress-5.4.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-sql/commons-validator-1.7.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-sql/commons-digester-2.1.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-sql/commons-beanutils-1.9.4.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-sql/aws-java-sdk-emrserverless-1.12.545.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-sql/aws-java-sdk-emr-1.12.545.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-security/scala-java8-compat_3-1.0.2.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-security/passay-1.6.4.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-security/json-base-2.4.3.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-security/google-java-format-1.17.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-security/commons-lang3-3.13.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-security/commons-io-2.13.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-security-analytics/guava-32.0.1-jre.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-security-analytics/google-java-format-1.17.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-neural-search/opensearch-neural-search-2.11.1.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-neural-search/json-20230227.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-neural-search/gson-2.10.1.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-neural-search/commons-text-1.10.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/utils-2.20.19.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/third-party-jackson-core-2.20.19.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/sdk-core-2.20.19.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/regions-2.20.19.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/reactive-streams-1.0.3.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/profiles-2.20.19.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/opensearch-ml-search-processors-2.11.1.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/opensearch-ml-memory-2.11.1.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/metrics-spi-2.20.19.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/json-utils-2.20.19.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/json-path-2.8.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/json-20231013.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/httpcore5-5.2.1.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/http-client-spi-2.20.19.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/eventstream-1.0.1.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/endpoints-spi-2.20.19.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/bcprov-ext-jdk18on-1.75.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/aws-encryption-sdk-java-2.4.1.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/auth-2.20.19.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/asm-9.3.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/apache-client-2.20.19.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/annotations-2.20.19.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/accessors-smart-2.4.9.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-job-scheduler/google-java-format-1.17.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-geospatial/opensearch-geospatial-2.11.1.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-geospatial/ipaddress-5.4.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-geospatial/commons-csv-1.10.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-jdk8-1.8.21.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-jdk7-1.8.21.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/randomcutforest-parkservices-3.8.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-jdk8-1.8.21.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-jdk7-1.8.21.jar	added
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/reactive-streams-1.0.3.jar	added
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/r2dbc-spi-0.9.0.RELEASE.jar	added
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/objenesis-2.6.jar	added
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/mockito-core-2.23.0.jar	added
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jooq-3.16.20.jar	added
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jakarta.xml.bind-api-3.0.0.jar	added
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jakarta.annotation-api-1.3.5.jar	added
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jakarta.activation-2.0.0.jar	added
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/byte-buddy-agent-1.9.0.jar	added
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/byte-buddy-1.9.0.jar	added
/usr/share/wazuh-indexer/lib/zstd-jni-1.5.5-5.jar	added
/usr/share/wazuh-indexer/lib/opensearch-telemetry-2.11.1.jar	added
/usr/share/wazuh-indexer/lib/opensearch-core-2.11.1.jar	added
/usr/share/wazuh-indexer/lib/opensearch-compress-2.11.1.jar	added
/usr/share/wazuh-indexer/lib/opensearch-common-2.11.1.jar	added
/usr/share/wazuh-indexer/lib/jzlib-1.1.3.jar	added
/usr/share/wazuh-indexer/lib/jakarta.annotation-api-1.3.5.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-sql/kotlin-stdlib-jdk7-1.4.30.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-security/zstd-jni-1.5.2-1.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-security/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-security/json-path-2.4.0.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-security/jakarta.annotation-api-1.3.5.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-security/commons-lang-2.4.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/j2objc-annotations-1.3.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-neural-search/opensearch-neural-search-2.8.0.0.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-geospatial/opensearch-geospatial-2.8.0.0.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-jdk8-1.6.0.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-jdk7-1.6.0.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/randomcutforest-parkservices-3.0-rc3.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-jdk8-1.6.10.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-jdk7-1.6.10.jar	removed
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar	removed
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jooq-3.10.8.jar	removed
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/javax.annotation-api-1.3.2.jar	removed
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/j2objc-annotations-1.3.jar	removed
/usr/share/wazuh-indexer/lib/opensearch-core-2.8.0.jar	removed
/usr/share/wazuh-indexer/lib/opensearch-common-2.8.0.jar	removed
/usr/share/wazuh-indexer/lib/hppc-0.8.1.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-security/json-smart-2.4.10.jar	moved	0.001%
/usr/share/wazuh-indexer/plugins/opensearch-ml/json-smart-2.4.10.jar	moved
/usr/share/wazuh-indexer/plugins/opensearch-security/commons-collections-3.2.2.jar	moved	0.01%
/usr/share/wazuh-indexer/plugins/opensearch-sql/commons-collections-3.2.2.jar	moved

Text Files:

Name	Status	Delta	Visual Diff
/usr/share/lintian/overrides/wazuh-indexer	added

Significant files diffs:

/etc/wazuh-indexer/jvm.options

# JDK 20+ Incubating Vector Module for SIMD optimizations;	
# disabling may reduce performance on vector optimized lucene	
20:--add-modules=jdk.incubator.vector	

# HDFS ForkJoinPool.common() support by SecurityManager	
-Djava.util.concurrent.ForkJoinPool.common.threadFactory=org.opensearch.secure_sm.SecuredForkJoinWorkerThreadFactory

[f-galland]

.rpm Packages validation:

Tests were run using pkgdiff:

pkgdiff wazuh-indexer-4.7.1-1.x86_64.rpm wazuh-indexer-4.9.0-1.x86_64.rpm

Shared libraries:

Name	Status	Delta	Visual Diff
/usr/share/wazuh-indexer/plugins/opensearch-knn/lib/libgomp.so.1	removed
/usr/share/wazuh-indexer/plugins/opensearch-knn/lib/libopensearchknn_common.so	removed
/usr/share/wazuh-indexer/plugins/opensearch-knn/lib/libopensearchknn_faiss.so	removed
/usr/share/wazuh-indexer/plugins/opensearch-knn/lib/libopensearchknn_nmslib.so	removed

Shell Programs:

Name	Status	Delta	Visual
Diff
/usr/share/wazuh-indexer/plugins/opensearch-security/tools/install_demo_configuration.sh	added
/usr/share/wazuh-indexer/bin/indexer-ism-init.sh	added
/usr/share/wazuh-indexer/bin/indexer-init.sh	added
/usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh	removed
/usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-certs-tool.sh	removed

Configuration files:

Name	Status	Delta	Visual Diff
/var/lib/wazuh-indexer/performance_analyzer_enabled.conf	added
/var/lib/wazuh-indexer/rca_enabled.conf	added

Symbolic Links:

Name	Status	Delta	Visual Diff
/usr/share/wazuh-indexer/data	added
/usr/share/wazuh-indexer/logs	added

Policy Files:

Name	Status	Delta	Visual Diff
/usr/share/wazuh-indexer/plugins/opensearch-geospatial/plugin-security.policy	added

YAML Files:

Name	Status	Delta	Visual Diff
/usr/share/wazuh-indexer/plugins/opensearch-security/tools/config.yml	removed

Directories:

Name	Status
/var/run	added
/var/run/wazuh-indexer	added
/usr/share/wazuh-indexer/plugins/opensearch-knn/lib	removed

Archives:

Name	Status	Delta	Visual Diff
/usr/share/wazuh-indexer/lib/jakarta.annotation-api-1.3.5.jar	added
/usr/share/wazuh-indexer/lib/jzlib-1.1.3.jar	added
/usr/share/wazuh-indexer/lib/opensearch-common-2.11.1.jar	added
/usr/share/wazuh-indexer/lib/opensearch-compress-2.11.1.jar	added
/usr/share/wazuh-indexer/lib/opensearch-core-2.11.1.jar	added
/usr/share/wazuh-indexer/lib/opensearch-telemetry-2.11.1.jar	added
/usr/share/wazuh-indexer/lib/zstd-jni-1.5.5-5.jar	added
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/byte-buddy-1.9.0.jar	added
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/byte-buddy-agent-1.9.0.jar	added
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jakarta.activation-2.0.0.jar	added
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jakarta.annotation-api-1.3.5.jar	added
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jakarta.xml.bind-api-3.0.0.jar	added
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jooq-3.16.20.jar	added
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/mockito-core-2.23.0.jar	added
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/objenesis-2.6.jar	added
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/r2dbc-spi-0.9.0.RELEASE.jar	added
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/reactive-streams-1.0.3.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-jdk7-1.8.21.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-jdk8-1.8.21.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/randomcutforest-parkservices-3.8.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-jdk7-1.8.21.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-jdk8-1.8.21.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-geospatial/commons-csv-1.10.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-geospatial/ipaddress-5.4.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-geospatial/opensearch-geospatial-2.11.1.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-job-scheduler/google-java-format-1.17.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/accessors-smart-2.4.9.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/annotations-2.20.19.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/apache-client-2.20.19.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/asm-9.3.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/auth-2.20.19.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/aws-encryption-sdk-java-2.4.1.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/bcprov-ext-jdk18on-1.75.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/endpoints-spi-2.20.19.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/eventstream-1.0.1.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/http-client-spi-2.20.19.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/httpcore5-5.2.1.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/json-20231013.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/json-path-2.8.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/json-utils-2.20.19.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/metrics-spi-2.20.19.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/opensearch-ml-memory-2.11.1.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/opensearch-ml-search-processors-2.11.1.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/profiles-2.20.19.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/reactive-streams-1.0.3.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/regions-2.20.19.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/sdk-core-2.20.19.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/third-party-jackson-core-2.20.19.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-ml/utils-2.20.19.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-neural-search/commons-text-1.10.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-neural-search/gson-2.10.1.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-neural-search/json-20230227.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-neural-search/opensearch-neural-search-2.11.1.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-security-analytics/google-java-format-1.17.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-security-analytics/guava-32.0.1-jre.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-security/commons-io-2.13.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-security/commons-lang3-3.13.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-security/google-java-format-1.17.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-security/json-base-2.4.3.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-security/passay-1.6.4.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-security/scala-java8-compat_3-1.0.2.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-sql/aws-java-sdk-emr-1.12.545.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-sql/aws-java-sdk-emrserverless-1.12.545.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-sql/commons-beanutils-1.9.4.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-sql/commons-digester-2.1.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-sql/commons-validator-1.7.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-sql/ipaddress-5.4.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-sql/kotlin-stdlib-jdk7-1.9.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-sql/kotlin-stdlib-jdk8-1.8.0.jar	added
/usr/share/wazuh-indexer/plugins/opensearch-sql/spark-2.11.1.0.jar	added
/usr/share/wazuh-indexer/jdk/lib/jrt-fs.jar	changed	0.001%
/usr/share/wazuh-indexer/plugins/opensearch-security/commons-collections-3.2.2.jar	moved	0%
/usr/share/wazuh-indexer/plugins/opensearch-sql/commons-collections-3.2.2.jar	moved	0%
/usr/share/wazuh-indexer/plugins/opensearch-security/json-smart-2.4.10.jar	moved	0%
/usr/share/wazuh-indexer/plugins/opensearch-ml/json-smart-2.4.10.jar	moved	0%
/usr/share/wazuh-indexer/lib/hppc-0.8.1.jar	removed
/usr/share/wazuh-indexer/lib/opensearch-common-2.8.0.jar	removed
/usr/share/wazuh-indexer/lib/opensearch-core-2.8.0.jar	removed
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/j2objc-annotations-1.3.jar	removed
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/javax.annotation-api-1.3.2.jar	removed
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/jooq-3.10.8.jar	removed
/usr/share/wazuh-indexer/performance-analyzer-rca/lib/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-jdk7-1.6.10.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-alerting/kotlin-stdlib-jdk8-1.6.10.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/randomcutforest-parkservices-3.0-rc3.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-jdk7-1.6.0.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-cross-cluster-replication/kotlin-stdlib-jdk8-1.6.0.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-geospatial/opensearch-geospatial-2.8.0.0.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-neural-search/opensearch-neural-search-2.8.0.0.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/j2objc-annotations-1.3.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-performance-analyzer/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-security/commons-lang-2.4.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-security/jakarta.annotation-api-1.3.5.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-security/json-path-2.4.0.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-security/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-security/zstd-jni-1.5.2-1.jar	removed
/usr/share/wazuh-indexer/plugins/opensearch-sql/kotlin-stdlib-jdk7-1.4.30.jar	removed

[f-galland]

.deb package install:

Errors are thrown during installation on Ubuntu 22.04:

/usr/lib/tmpfiles.d/wazuh-indexer.conf:1: Failed to resolve user 'wazuh-indexer': No such process
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
Processing triggers for man-db (2.10.2-1) ...
needrestart is being skipped since dpkg has failed

Step 2, section on deploying certificates from the step-by-step installation guide fails 🔴

root@pkg-tests-ubuntu2204:~# mkdir /etc/wazuh-indexer/certs  
tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem
mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem
mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem
chmod 500 /etc/wazuh-indexer/certs
chmod 400 /etc/wazuh-indexer/certs/*
chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs
chown: invalid user: ‘wazuh-indexer:wazuh-indexer’

The service cannot be started due to lack of a wazuh-indexer user's credentials:

Jan 08 10:45:41 pkg-tests-ubuntu2204 systemd[34965]: wazuh-indexer.service: Failed to determine user credentials: No such process
Jan 08 10:45:41 pkg-tests-ubuntu2204 systemd[34965]: wazuh-indexer.service: Failed at step USER spawning /usr/share/wazuh-indexer/bin/systemd-entrypoint: No such process

[f-galland]

.rpm package install:

After following the steps of the step-by-step installation guide:

[root@alma8 ~]# rpm -i wazuh-indexer-4.9.0-1.x86_64.rpm 
warning: %post(wazuh-indexer-4.9.0-1.x86_64) scriptlet failed, exit status 255
[/usr/lib/tmpfiles.d/wazuh-indexer.conf:1] Line references path below legacy directory /var/run/, updating /var/run/wazuh-indexer → /run/wazuh-indexer; please update the tmpfiles.d/ drop-in file accordingly.

Wazuh indexer installed service 🟢

[root@alma8 ~]# systemctl status wazuh-indexer
● wazuh-indexer.service - wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2024-01-08 09:52:09 -03; 6s ago
     Docs: https://documentation.wazuh.com
 Main PID: 33388 (java)
    Tasks: 67 (limit: 23148)
   Memory: 1.3G
   CGroup: /system.slice/wazuh-indexer.service
           └─33388 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch >

Jan 08 09:52:01 alma8 systemd[1]: Starting wazuh-indexer...
Jan 08 09:52:02 alma8 systemd-entrypoint[33388]: WARNING: A terminally deprecated method in java.lang.System has been called
Jan 08 09:52:02 alma8 systemd-entrypoint[33388]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opense>
Jan 08 09:52:02 alma8 systemd-entrypoint[33388]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Jan 08 09:52:02 alma8 systemd-entrypoint[33388]: WARNING: System::setSecurityManager will be removed in a future release
Jan 08 09:52:03 alma8 systemd-entrypoint[33388]: WARNING: A terminally deprecated method in java.lang.System has been called
Jan 08 09:52:03 alma8 systemd-entrypoint[33388]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensear>
Jan 08 09:52:03 alma8 systemd-entrypoint[33388]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Jan 08 09:52:03 alma8 systemd-entrypoint[33388]: WARNING: System::setSecurityManager will be removed in a future release
Jan 08 09:52:09 alma8 systemd[1]: Started wazuh-indexer.

Wazuh Indexer templates created 🔴

[root@alma8 ~]# curl -u admin:admin -k https://127.0.0.1:9200/_cat/templates?pretty
ss4o_metrics_template [ss4o_metrics-*-*] 1 1 []
ss4o_traces_template  [ss4o_traces-*-*]  1 1 []

Wazuh indexer configuration 🟢

network.host: "127.0.0.1"
node.name: "node-1"
cluster.initial_master_nodes:
- "node-1"
#- "node-2"
#- "node-3"
cluster.name: "wazuh-cluster"
#discovery.seed_hosts:
#  - "node-1-ip"
#  - "node-2-ip"
#  - "node-3-ip"
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer

plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false

plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=node-1,OU=Wazuh,O=Wazuh,L=California,C=US"
#- "CN=node-2,OU=Wazuh,O=Wazuh,L=California,C=US"
#- "CN=node-3,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"

plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".plugins-ml-model", ".plugins-ml-task", ".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opensearch-notifications-*", ".opensearch-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]

### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true

Wazuh indexer cluster node communication and configuration 🟢

[root@alma8 ~]# curl -u admin:admin -k https://127.0.0.1:9200/_cluster/state/nodes?pretty
{
  "cluster_name" : "wazuh-cluster",
  "cluster_uuid" : "Ahnojj7_SbeTuvhiIpUV5Q",
  "nodes" : {
    "6jzqfpZNSEGBna7qUkWHnQ" : {
      "name" : "node-1",
      "ephemeral_id" : "YfFLp7I7RXK7xkZLQqnb_A",
      "transport_address" : "127.0.0.1:9300",
      "attributes" : {
        "shard_indexing_pressure_enabled" : "true"
      }
    }
  }
}

Wazuh indexer cluster status 🟢

[root@alma8 ~]# curl -k -u admin:admin https://127.0.0.1:9200
{
  "name" : "node-1",
  "cluster_name" : "wazuh-cluster",
  "cluster_uuid" : "Ahnojj7_SbeTuvhiIpUV5Q",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "7fe12a1cf2b73a0e100f91ecc7d987221d91842a",
    "build_date" : "2024-01-04T19:04:53.211432Z",
    "build_snapshot" : false,
    "lucene_version" : "9.7.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}

Wazuh indexer packages uninstallation procedure 🟢

[root@alma8 ~]# yum remove wazuh-indexer
Dependencies resolved.
======================================================================================================================================================================================
 Package                                        Architecture                            Version                                  Repository                                      Size
======================================================================================================================================================================================
Removing:
 wazuh-indexer                                  x86_64                                  4.9.0-1                                  @@commandline                                  980 M

Transaction Summary
======================================================================================================================================================================================
Remove  1 Package

Freed space: 980 M
Is this ok [y/N]: y
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                              1/1 
  Running scriptlet: wazuh-indexer-4.9.0-1.x86_64                                                                                                                                 1/1 
Stop existing wazuh-indexer.service

  Erasing          : wazuh-indexer-4.9.0-1.x86_64                                                                                                                                 1/1 
warning: file /var/run/wazuh-indexer: remove failed: No such file or directory
warning: /var/lib/wazuh-indexer/rca_enabled.conf saved as /var/lib/wazuh-indexer/rca_enabled.conf.rpmsave
warning: /var/lib/wazuh-indexer/performance_analyzer_enabled.conf saved as /var/lib/wazuh-indexer/performance_analyzer_enabled.conf.rpmsave
warning: /etc/wazuh-indexer/opensearch.yml saved as /etc/wazuh-indexer/opensearch.yml.rpmsave

  Running scriptlet: wazuh-indexer-4.9.0-1.x86_64                                                                                                                                 1/1 
  Verifying        : wazuh-indexer-4.9.0-1.x86_64                                                                                                                                 1/1 

Removed:
  wazuh-indexer-4.9.0-1.x86_64                                                                                                                                                        

Complete!

[AlexRuiz7]

Issues than open from this testing:

• wazuh-indexer user does not exist in deb packages #101
• Missing tools and files in packages #102
• RPM uninstallation warnings #103
• Missing folder plugins/opensearch-knn/lib #104
• RPM package warning: legacy directory /var/run #105
• Remove install_demo_configuration.sh from packages #106
• Remove relative symbolic links #107
• Remove /usr/share/lintian folder #108

Current testing iteration of [email protected] packages concluded with errors.
We'll work on these issues and open a new testing iteration.