-
Notifications
You must be signed in to change notification settings - Fork 331
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to Deploy Wazuh 4.4 through Docker #804
Comments
I have deployed Wazuh multi node successfully pointing to node mounted NFS shares (same mount for every node). Paste your compose file If you are using one and I will check it out and let you know how I made it work. In my case it was a permissions issue when mounting the NFS share. |
@javierspn Below is the docker compose file which I use in my existing deployment 4.3.10, # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
version: '3.7'
services:
wazuh.manager:
image: wazuh/wazuh-manager:4.3.10
hostname: wazuh.manager
restart: always
ports:
- "1514:1514"
- "1515:1515"
- "514:514/udp"
- "55000:55000"
environment:
- INDEXER_URL=https://wazuh.indexer:9200
- INDEXER_USERNAME=username
- INDEXER_PASSWORD=password
- FILEBEAT_SSL_VERIFICATION_MODE=full
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
- SSL_CERTIFICATE=/etc/ssl/filebeat.pem
- SSL_KEY=/etc/ssl/filebeat.key
- API_USERNAME=wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*-
volumes:
- /home/wazuh/wazuh_api_configuration:/var/ossec/api/configuration
- /home/wazuh/wazuh_etc:/var/ossec/etc
- /home/wazuh/wazuh_logs:/var/ossec/logs
- /home/wazuh/wazuh_queue:/var/ossec/queue
- /home/wazuh/wazuh_var_multigroups:/var/ossec/var/multigroups
- /home/wazuh/wazuh_integrations:/var/ossec/integrations
- /home/wazuh/wazuh_active_response:/var/ossec/active-response/bin
- /home/wazuh/wazuh_agentless:/var/ossec/agentless
- /home/wazuh/wazuh_wodles:/var/ossec/wodles
- /home/wazuh/filebeat_etc:/etc/filebeat
- /home/wazuh/filebeat_var:/var/lib/filebeat
- /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
- /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem
- /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key
- /home/wazuh/wazuh-docker/single-node/config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
wazuh.indexer:
image: wazuh/wazuh-indexer:4.3.10
hostname: wazuh.indexer
restart: always
ports:
- "9200:9200"
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms4096m -Xmx4096m"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- /home/wazuh/wazuh-indexer-data:/var/lib/wazuh-indexer
- /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
- /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.key
- /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem
- /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem
- /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem
- /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml
- /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml
wazuh.dashboard:
image: wazuh/wazuh-dashboard:4.3.10
hostname: wazuh.dashboard
restart: always
ports:
- 443:5601
environment:
- INDEXER_USERNAME=username
- INDEXER_PASSWORD=password
- WAZUH_API_URL=https://wazuh.manager
- API_USERNAME=wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*-
volumes:
- /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
- /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
- /home/wazuh/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
- /home/wazuh/wazuh-docker/single-node/config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
- /home/wazuh/wazuh-docker/single-node/config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
depends_on:
- wazuh.indexer
links:
- wazuh.indexer:wazuh.indexer
- wazuh.manager:wazuh.manager I used the same for the new release and saw the error which I posted earlier in the ticket. There shouldn't be a permission issue as my current version is working without any issue. |
I'm having the same issue except I have Rocky Linux 8 KVM with Rockylinux 8 docker while using Portainer to manage and I get the same just that file is having issues. |
Hi Team,
I am trying to deploy Wazuh 4.4 (Single Node) via docker and I ended up with the below error,
failed to deploy a stack: Network dock-wazuh_default Creating Network dock-wazuh_default Created Container dock-wazuh-wazuh.indexer-1 Creating Container dock-wazuh-wazuh.manager-1 Creating Container dock-wazuh-wazuh.manager-1 Created Container dock-wazuh-wazuh.indexer-1 Created Container dock-wazuh-wazuh.dashboard-1 Creating Container dock-wazuh-wazuh.dashboard-1 Created Container dock-wazuh-wazuh.manager-1 Starting Container dock-wazuh-wazuh.indexer-1 Starting Container dock-wazuh-wazuh.manager-1 Started Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "/home/wazuh/config/wazuh_indexer/wazuh.indexer.yml" to rootfs at "/usr/share/wazuh-indexer/opensearch.yml": mount /home/wazuh/config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml (via /proc/self/fd/6), flags: 0x5000: not a directory: unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type
Below are the details of my deployment,
System Specs:
Platform:
Proxmox VE : 7.3-6
OS : Proxmox LXC Container - Debian Turnkey Core 17.1-1
Docker version 23.0.1, build a5ee5b1
Volumes:
The same setup works completely fine for Wazuh 4.3.10 without any issues. Could someone help to resolve the issue ? Thanks.
Cheers,
AK
The text was updated successfully, but these errors were encountered: