-
Notifications
You must be signed in to change notification settings - Fork 332
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docker-compose manager image keeps restarting in 20 sec #747
Comments
Hello @denizciftci-sec Could you tell me which of the two deployments you are using (single_node or multi_node) and what steps did you take for it? I recommend that to deploy an environment with docker you follow the steps in our documentation: https://documentation.wazuh.com/current/deployment-options/docker/wazuh-container.html |
Hi @vcerenu , many thanks for the reply. We went for the single mode deployment and followed the guide except the certification generation part. The generate-indexer-certs.yml is clearly not working so I downloaded the bash script(wazuh-certs-tool.sh) and created/edited config.yml then I generated all certificates manually/successfully and moved them in wazuh_indexer_ssl_certs directory. Certificate generation error: [root@t-ifs-wazuh-srv01 single-node]# docker --version docker ps output: root@wazuh:/# [root@t-ifs-wazuh-srv01 single-node]# docker ps I am not sure is this relevant but I can paste some indications that we have seen so far: root@wazuh:/# service wazuh-manager status root@wazuh:/# /var/ossec/bin/wazuh-apid -f Got this error in wazuh-manager; The part of docker logs output of wazuh-manager (tried to capture events related to apid) The path /etc/filebeat is already mounted |
I see that when you tried to create you had containers up, that means that you should already have the certificates or you have created directories with the names of the certificates. It checks if the internet connection is open for the container that is created for the creation of certificates, which checks that the wazuh-certs-tool.sh file is in our repository. Also, I ask you, are you running on linux? because certificate creation doesn't work on MacOS. |
Hi @vcerenu, many thanks for the reply. There is an internet connection for sure - where we were able to pull the images successfully from the docker repository. Specifically, we are using proxy for docker process via > /etc/systemd/system/docker.service.d/http-proxy.conf I got the following error when I execute it; [root@t-ifs-wazuh-srv01 single-node]# docker-compose -f generate-indexer-certs.yml run --rm generator |
About the containers that I told you, it is referred to this warning:
You must download all the containers that are running, so that it is not taking the certificate files. https://packages.wazuh.com/4.3/ Within those two buckets you access the file that the container has to use to create the certificates, otherwise in the wazuh-docker repository you can check what the container does to create the certificates in the file indexer-certs-creator/config/ entrypoint.sh. |
Hi @vcerenu, I deleted all the containers, volumes and files/folders inside wazuh_indexer_ssl_certs as you recommended. [root@t-ifs-wazuh-srv01 single-node]# vi generate-indexer-certs.yml Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) services: [root@t-ifs-wazuh-srv01 single-node]# docker-compose -f generate-indexer-certs.yml run --rm generator I guess, it connects the relevant paths with 200/OK. [root@t-ifs-wazuh-srv01 single-node]# curl -X HEAD -i https://packages.wazuh.com/4.3/ HTTP/1.1 403 Forbidden [root@t-ifs-wazuh-srv01 single-node]# curl -X HEAD -i https://packages-dev.wazuh.com/4.3/ HTTP/1.1 404 Not Found |
Hello @denizciftci-sec You can check directly with the commands with which we check in the image if the tool exists
Either of these two commands should return
With this you generate the modified image so that it takes the code that you changed and you can launch the certificate generation command again. Let me know how it went when you finished these tasks. |
hi @vcerenu, Only 1 error we are countering at the moment is (also I saw the identical error in the test PC) INFO: Index pattern id in cookie: yes [wazuh-alerts-] I tried to add the templates manually, but still having the error. Am I missing any steps here? curl https://raw.githubusercontent.com/wazuh/wazuh/v4.3.10/extensions/elasticsearch/7.x/wazuh-template.json | curl --noproxy '' -X PUT "https://localhost:9200/_template/wazuh" -H 'Content-Type: application/json' -d @- -u wazuh-wui:xx- -k % Total % Received % Xferd Average Speed Time Time Time Current |
Hello @denizciftci-sec This problem with the I recommend that you enter the Wazuh manager container and execute the following command
If you have any errors, you should check the certificates that have been mounted, to see if they are correct. |
Hi @vcerenu, This is what we see in manager; elasticsearch: https://wazuh.indexer:9200... |
Hi @denizciftci-sec You should check that the certificates that you are mounting to |
Hi @vcerenu, The problem was fixed. I was able to generate the certificates successfully by not chaning the IP address of certs.yml file on my test PC. When I moved the generated certifications to production one, it worked! thanks for the support. But still not able to fix the the container service which generated certificates. |
Hello,
We have a all-in-one docker-compose setup. Completed the installation steps successfully - when the docker-compose is up, we saw wazuh-manager keeps restarting in 15-20 second. Is there a workaround for this problem?
Under the test connections menu:
1513629884013 https://wazuh.manager/ 55000 Offline
The erros on GUI:
[API connection] No API available to connect
[Alerts index pattern] No template found for the selected index-pattern title [wazuh-alerts-*]
Wazuh API Connection Details on GUI:
INFO: No current API selected
INFO: Getting API hosts...
INFO: API hosts found: 1
INFO: Checking API host id [1513629884013]...
INFO: Could not connect to API id [1513629884013]: 3099 - ERROR3099 - Some Wazuh daemons are not ready yet in node "node01" (wazuh-modulesd->failed)
INFO: Removed [navigate] cookie
ERROR: No API available to connect
Check alerts index pattern Errors on GUI:
INFO: Index pattern id in cookie: yes [wazuh-alerts-]
INFO: Getting list of valid index patterns...
INFO: Valid index patterns found: 1
INFO: Found default index pattern with title [wazuh-alerts-]: yes
INFO: Checking the app default pattern exists: id [wazuh-alerts-]...
INFO: Default pattern with id [wazuh-alerts-] exists: yes
ACTION: Default pattern id [wazuh-alerts-] set as default index pattern
INFO: Checking the index pattern id [wazuh-alerts-] exists...
INFO: Index pattern id exists [wazuh-alerts-]: yes
INFO: Index pattern id in cookie: yes [wazuh-alerts-]
INFO: Checking if the index pattern id [wazuh-alerts-] exists...
INFO: Index pattern id [wazuh-alerts-] found: yes title [wazuh-alerts-]
INFO: Checking if exists a template compatible with the index pattern title [wazuh-alerts-]
INFO: Template found for the selected index-pattern title [wazuh-alerts-]: no
ERROR: No template found for the selected index-pattern title [wazuh-alerts-]
INFO: Index pattern id in cookie: [wazuh-alerts-]
INFO: Getting index pattern data [wazuh-alerts-]...
INFO: Index pattern data found: [yes]
INFO: Refreshing index pattern fields: title [wazuh-alerts-], id [wazuh-alerts-]...
ACTION: Refreshed index pattern fields: title [wazuh-alerts-], id [wazuh-alerts-]
The text was updated successfully, but these errors were encountered: