Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to Deploy Wazuh 4.4 through Docker #804

Open
blUeBUg200 opened this issue Apr 2, 2023 · 3 comments
Open

Unable to Deploy Wazuh 4.4 through Docker #804

blUeBUg200 opened this issue Apr 2, 2023 · 3 comments

Comments

@blUeBUg200
Copy link

blUeBUg200 commented Apr 2, 2023
edited

Hi Team,

I am trying to deploy Wazuh 4.4 (Single Node) via docker and I ended up with the below error,

failed to deploy a stack: Network dock-wazuh_default Creating Network dock-wazuh_default Created Container dock-wazuh-wazuh.indexer-1 Creating Container dock-wazuh-wazuh.manager-1 Creating Container dock-wazuh-wazuh.manager-1 Created Container dock-wazuh-wazuh.indexer-1 Created Container dock-wazuh-wazuh.dashboard-1 Creating Container dock-wazuh-wazuh.dashboard-1 Created Container dock-wazuh-wazuh.manager-1 Starting Container dock-wazuh-wazuh.indexer-1 Starting Container dock-wazuh-wazuh.manager-1 Started Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "/home/wazuh/config/wazuh_indexer/wazuh.indexer.yml" to rootfs at "/usr/share/wazuh-indexer/opensearch.yml": mount /home/wazuh/config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml (via /proc/self/fd/6), flags: 0x5000: not a directory: unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type

Below are the details of my deployment,

System Specs:
image

Platform:
Proxmox VE : 7.3-6
OS : Proxmox LXC Container - Debian Turnkey Core 17.1-1
Docker version 23.0.1, build a5ee5b1

Volumes:

  • All volumes in the docker-compose is pointed to a directory in OS which is a mount point of a NFS volume.

The same setup works completely fine for Wazuh 4.3.10 without any issues. Could someone help to resolve the issue ? Thanks.

Cheers,
AK
@javierspn
Copy link

javierspn commented Apr 14, 2023
edited

I have deployed Wazuh multi node successfully pointing to node mounted NFS shares (same mount for every node). Paste your compose file If you are using one and I will check it out and let you know how I made it work.

In my case it was a permissions issue when mounting the NFS share.

@blUeBUg200
Copy link
Author

@javierspn Below is the docker compose file which I use in my existing deployment 4.3.10,

# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
version: '3.7'

services:
  wazuh.manager:
    image: wazuh/wazuh-manager:4.3.10
    hostname: wazuh.manager
    restart: always
    ports:
      - "1514:1514"
      - "1515:1515"
      - "514:514/udp"
      - "55000:55000"
    environment:
      - INDEXER_URL=https://wazuh.indexer:9200
      - INDEXER_USERNAME=username
      - INDEXER_PASSWORD=password
      - FILEBEAT_SSL_VERIFICATION_MODE=full
      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
      - SSL_KEY=/etc/ssl/filebeat.key
      - API_USERNAME=wazuh-wui
      - API_PASSWORD=MyS3cr37P450r.*-
    volumes:
      - /home/wazuh/wazuh_api_configuration:/var/ossec/api/configuration
      - /home/wazuh/wazuh_etc:/var/ossec/etc
      - /home/wazuh/wazuh_logs:/var/ossec/logs
      - /home/wazuh/wazuh_queue:/var/ossec/queue
      - /home/wazuh/wazuh_var_multigroups:/var/ossec/var/multigroups
      - /home/wazuh/wazuh_integrations:/var/ossec/integrations
      - /home/wazuh/wazuh_active_response:/var/ossec/active-response/bin
      - /home/wazuh/wazuh_agentless:/var/ossec/agentless
      - /home/wazuh/wazuh_wodles:/var/ossec/wodles
      - /home/wazuh/filebeat_etc:/etc/filebeat
      - /home/wazuh/filebeat_var:/var/lib/filebeat
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf

  wazuh.indexer:
    image: wazuh/wazuh-indexer:4.3.10
    hostname: wazuh.indexer
    restart: always
    ports:
      - "9200:9200"
    environment:
      - "OPENSEARCH_JAVA_OPTS=-Xms4096m -Xmx4096m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    volumes:
      - /home/wazuh/wazuh-indexer-data:/var/lib/wazuh-indexer
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.key
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml

  wazuh.dashboard:
    image: wazuh/wazuh-dashboard:4.3.10
    hostname: wazuh.dashboard
    restart: always
    ports:
      - 443:5601
    environment:
      - INDEXER_USERNAME=username
      - INDEXER_PASSWORD=password
      - WAZUH_API_URL=https://wazuh.manager
      - API_USERNAME=wazuh-wui
      - API_PASSWORD=MyS3cr37P450r.*-
    volumes:
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
      - /home/wazuh/wazuh-docker/single-node/config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
    depends_on:
      - wazuh.indexer
    links:
      - wazuh.indexer:wazuh.indexer
      - wazuh.manager:wazuh.manager

I used the same for the new release and saw the error which I posted earlier in the ticket. There shouldn't be a permission issue as my current version is working without any issue.

@Reaper88
Copy link

Reaper88 commented Jul 9, 2023

I'm having the same issue except I have Rocky Linux 8 KVM with Rockylinux 8 docker while using Portainer to manage and I get the same just that file is having issues.
/home/wazuh/wazuh-docker/single-node/config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Reaper88 @javierspn @blUeBUg200