Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSearch modifies log files permissions #2139

Closed
rauldpm opened this issue Mar 23, 2023 · 18 comments · May be fixed by #2366
Closed

OpenSearch modifies log files permissions #2139

rauldpm opened this issue Mar 23, 2023 · 18 comments · May be fixed by #2366
Assignees
@AlexRuiz7
Labels
component: indexer level/task Subtask issue qa_known Issues that are already known by the QA team to-be-solved-in-fork type/bug Bug issue

Comments

@rauldpm
Copy link
Member

rauldpm commented Mar 23, 2023
edited by AlexRuiz7

Description

ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh-cluster.log" got access denied
Full log 

Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: ERROR StatusConsoleListener Could not define attribute view on path "/var/log/wazuh-indexer/wazuh-cluster.log" got access denied
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:181)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:216)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:203)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:421)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:398)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:300)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:683)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:641)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:624)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:560)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.core.Logger.log(Logger.java:163)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2168)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2122)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2105)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:1991)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1854)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1288)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.opensearch.node.Node.<init>(Node.java:428)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.opensearch.node.Node.<init>(Node.java:401)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.opensearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:242)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.opensearch.bootstrap.Bootstrap.setup(Bootstrap.java:242)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.opensearch.bootstrap.Bootstrap.init(Bootstrap.java:404)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.opensearch.bootstrap.OpenSearch.init(OpenSearch.java:180)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.opensearch.bootstrap.OpenSearch.execute(OpenSearch.java:171)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.opensearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:104)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.opensearch.cli.Command.main(Command.java:101)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:137)
Apr 10 09:34:58 rhel7.localdomain systemd-entrypoint[1024]: at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:103)


Dec 07 16:01:17 wazuh-server systemd-entrypoint[997]: 2022-12-07 16:01:17,690 main ERROR Could not define attribute view on path "/var/log/wazuh-indexer/wazuh-cluster.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
  • Tests have been carried out on both OpenSearch 2.4.1 and OpenSearch 2.6.0 (latest version) and both present the same behavior, this can be reproduced as follows:
Steps to reproduce the error
  1. Install an AIO deployment in a VM
  2. Check file permissions (640)
  3. Shutdown VM
  4. Initialize the VM, access it, and check that the file permissions have not changed
  5. Shutdown VM, change host date (+1 day)
  6. Start VM and access it
  7. Check that the file permissions have changed (640 -> 644)
  • The tests carried out in OpenSearch following this procedure are the following:
OpenSearch 2.4.1
  • OpenSearch 2.4.1 install 
    [root@centos7 vagrant]# yum localinstall opensearch-2.4.1-linux-x64.rpm 
Loaded plugins: fastestmirror
Examining opensearch-2.4.1-linux-x64.rpm: opensearch-2.4.1-1.x86_64
Marking opensearch-2.4.1-linux-x64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package opensearch.x86_64 0:2.4.1-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===============================================================================================================================================================================================================================================================================
 Package                                                        Arch                                                       Version                                                       Repository                                                                       Size
===============================================================================================================================================================================================================================================================================
Installing:
 opensearch                                                     x86_64                                                     2.4.1-1                                                       /opensearch-2.4.1-linux-x64                                                     747 M

Transaction Summary
===============================================================================================================================================================================================================================================================================
Install  1 Package

Total size: 747 M
Installed size: 747 M
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : opensearch-2.4.1-1.x86_64                                                                                                                                                                                                                                   1/1 
### NOT starting on installation, please execute the following statements to configure opensearch service to start automatically using systemd
 sudo systemctl daemon-reload
 sudo systemctl enable opensearch.service
### You can start opensearch service by executing
 sudo systemctl start opensearch.service
### Create opensearch demo certificates in /etc/opensearch/
 See demo certs creation log in /var/log/opensearch/install_demo_configuration.log
  Verifying  : opensearch-2.4.1-1.x86_64                                                                                                                                                                                                                                   1/1 

Installed:
  opensearch.x86_64 0:2.4.1-1                                                                                                                                                                                                                                                  

Complete!
  • Service start and files permissions 
    [root@centos7 vagrant]# ls -l /var/log/opensearch/
total 4
-rw-r--r--. 1 opensearch opensearch 1691 Mar 23 16:05 install_demo_configuration.log
[root@centos7 vagrant]# systemctl start opensearch
[root@centos7 vagrant]# systemctl status opensearch
● opensearch.service - OpenSearch
  Loaded: loaded (/usr/lib/systemd/system/opensearch.service; disabled; vendor preset: disabled)
  Active: active (running) since Thu 2023-03-23 16:06:19 UTC; 9s ago
    Docs: https://opensearch.org/
Main PID: 3463 (java)
  CGroup: /system.slice/opensearch.service
          └─3463 /usr/share/opensearch/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceI...

Mar 23 16:06:08 centos7 systemd[1]: Starting OpenSearch...
Mar 23 16:06:09 centos7 systemd-entrypoint[3463]: WARNING: A terminally deprecated method in java.lang.System has been called
Mar 23 16:06:09 centos7 systemd-entrypoint[3463]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/opensearch/lib/opensearch-2.4.1.jar)
Mar 23 16:06:09 centos7 systemd-entrypoint[3463]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Mar 23 16:06:09 centos7 systemd-entrypoint[3463]: WARNING: System::setSecurityManager will be removed in a future release
Mar 23 16:06:10 centos7 systemd-entrypoint[3463]: WARNING: A terminally deprecated method in java.lang.System has been called
Mar 23 16:06:10 centos7 systemd-entrypoint[3463]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/opensearch/lib/opensearch-2.4.1.jar)
Mar 23 16:06:10 centos7 systemd-entrypoint[3463]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Mar 23 16:06:10 centos7 systemd-entrypoint[3463]: WARNING: System::setSecurityManager will be removed in a future release
Mar 23 16:06:19 centos7 systemd[1]: Started OpenSearch.
[root@centos7 vagrant]# ls -l /var/log/opensearch/
total 284
-rw-r--r--. 1 opensearch opensearch 37822 Mar 23 16:06 gc.log
-rw-r--r--. 1 opensearch opensearch  2006 Mar 23 16:06 gc.log.00
-rw-r--r--. 1 opensearch opensearch  1691 Mar 23 16:05 install_demo_configuration.log
-rw-r-----. 1 opensearch opensearch   369 Mar 23 16:06 opensearch_deprecation.json
-rw-r-----. 1 opensearch opensearch   252 Mar 23 16:06 opensearch_deprecation.log
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:06 opensearch_index_indexing_slowlog.json
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:06 opensearch_index_indexing_slowlog.log
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:06 opensearch_index_search_slowlog.json
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:06 opensearch_index_search_slowlog.log
-rw-r-----. 1 opensearch opensearch 33878 Mar 23 16:06 opensearch.log
-rw-r-----. 1 opensearch opensearch 65792 Mar 23 16:06 opensearch_server.json
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:06 opensearch_task_detailslog.json
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:06 opensearch_task_detailslog.log
[root@centos7 vagrant]# shutdown now
Connection to 127.0.0.1 closed by remote host.
  • Files permissions after reboot (Service not enabled) 
    [vagrant@centos7 ~]$ sudo su
[root@centos7 vagrant]# systemctl status opensearch
● opensearch.service - OpenSearch
  Loaded: loaded (/usr/lib/systemd/system/opensearch.service; disabled; vendor preset: disabled)
  Active: inactive (dead)
    Docs: https://opensearch.org/
[root@centos7 vagrant]# ls -l /var/log/opensearch/
total 160
-rw-r--r--. 1 opensearch opensearch 40129 Mar 23 16:06 gc.log
-rw-r--r--. 1 opensearch opensearch  2006 Mar 23 16:06 gc.log.00
-rw-r--r--. 1 opensearch opensearch  1691 Mar 23 16:05 install_demo_configuration.log
-rw-r-----. 1 opensearch opensearch   369 Mar 23 16:06 opensearch_deprecation.json
-rw-r-----. 1 opensearch opensearch   252 Mar 23 16:06 opensearch_deprecation.log
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:06 opensearch_index_indexing_slowlog.json
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:06 opensearch_index_indexing_slowlog.log
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:06 opensearch_index_search_slowlog.json
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:06 opensearch_index_search_slowlog.log
-rw-r-----. 1 opensearch opensearch 34578 Mar 23 16:06 opensearch.log
-rw-r-----. 1 opensearch opensearch 68007 Mar 23 16:06 opensearch_server.json
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:06 opensearch_task_detailslog.json
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:06 opensearch_task_detailslog.log
[root@centos7 vagrant]# systemctl start opensearch
[root@centos7 vagrant]# ls -l /var/log/opensearch/
total 352
-rw-r--r--. 1 opensearch opensearch  35583 Mar 23 16:08 gc.log
-rw-r--r--. 1 opensearch opensearch   2006 Mar 23 16:06 gc.log.00
-rw-r--r--. 1 opensearch opensearch  40129 Mar 23 16:06 gc.log.01
-rw-r--r--. 1 opensearch opensearch   2006 Mar 23 16:08 gc.log.02
-rw-r--r--. 1 opensearch opensearch   1691 Mar 23 16:05 install_demo_configuration.log
-rw-r-----. 1 opensearch opensearch    738 Mar 23 16:08 opensearch_deprecation.json
-rw-r-----. 1 opensearch opensearch    504 Mar 23 16:08 opensearch_deprecation.log
-rw-r-----. 1 opensearch opensearch      0 Mar 23 16:06 opensearch_index_indexing_slowlog.json
-rw-r-----. 1 opensearch opensearch      0 Mar 23 16:06 opensearch_index_indexing_slowlog.log
-rw-r-----. 1 opensearch opensearch      0 Mar 23 16:06 opensearch_index_search_slowlog.json
-rw-r-----. 1 opensearch opensearch      0 Mar 23 16:06 opensearch_index_search_slowlog.log
-rw-r-----. 1 opensearch opensearch  65197 Mar 23 16:08 opensearch.log
-rw-r-----. 1 opensearch opensearch 126066 Mar 23 16:08 opensearch_server.json
-rw-r-----. 1 opensearch opensearch      0 Mar 23 16:06 opensearch_task_detailslog.json
-rw-r-----. 1 opensearch opensearch      0 Mar 23 16:06 opensearch_task_detailslog.log
[root@centos7 vagrant]# shutdown now
Connection to 127.0.0.1 closed by remote host.
  • Service enabled before system reboot with date change 
    vagrant@centos7 ~]$ sudo su
[root@centos7 vagrant]# ls -l /var/log/opensearch/
total 320
-rw-r--r--. 1 opensearch opensearch 37608 Mar 23 16:11 gc.log
-rw-r--r--. 1 opensearch opensearch  2006 Mar 23 16:06 gc.log.00
-rw-r--r--. 1 opensearch opensearch 40129 Mar 23 16:06 gc.log.01
-rw-r--r--. 1 opensearch opensearch  2006 Mar 23 16:08 gc.log.02
-rw-r--r--. 1 opensearch opensearch 37715 Mar 23 16:08 gc.log.03
-rw-r--r--. 1 opensearch opensearch  2006 Mar 23 16:10 gc.log.04
-rw-r--r--. 1 opensearch opensearch 42955 Mar 23 16:11 gc.log.05
-rw-r--r--. 1 opensearch opensearch  1982 Mar 24  2023 gc.log.06
-rw-r--r--. 1 opensearch opensearch  1691 Mar 23 16:05 install_demo_configuration.log
-rw-r--r--. 1 opensearch opensearch 18325 Mar 24  2023 opensearch-2023-03-23-1.json.gz
-rw-r--r--. 1 opensearch opensearch 12521 Mar 24  2023 opensearch-2023-03-23-1.log.gz
-rw-r-----. 1 opensearch opensearch  1476 Mar 24  2023 opensearch_deprecation.json
-rw-r-----. 1 opensearch opensearch  1008 Mar 24  2023 opensearch_deprecation.log
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:06 opensearch_index_indexing_slowlog.json
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:06 opensearch_index_indexing_slowlog.log
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:06 opensearch_index_search_slowlog.json
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:06 opensearch_index_search_slowlog.log
-rw-r--r--. 1 opensearch opensearch 30618 Mar 23 16:11 opensearch.log
-rw-r--r--. 1 opensearch opensearch 58058 Mar 23 16:11 opensearch_server.json
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:06 opensearch_task_detailslog.json
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:06 opensearch_task_detailslog.log
[root@centos7 vagrant]# journalctl -r -u opensearch.service | grep ERROR
Mar 24 17:11:06 centos7 systemd-entrypoint[365]: 2023-03-24 17:11:06,206 main ERROR Could not define attribute view on path "/var/log/opensearch/opensearch.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Mar 24 17:11:06 centos7 systemd-entrypoint[365]: 2023-03-24 17:11:06,191 main ERROR Could not define attribute view on path "/var/log/opensearch/opensearch_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation") java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
[root@centos7 vagrant]# /usr/share/opensearch/bin/opensearch -V
WARNING: A terminally deprecated method in java.lang.System has been called
WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/opensearch/lib/opensearch-2.4.1.jar)
WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
WARNING: System::setSecurityManager will be removed in a future release
Version: 2.4.1, Build: rpm/f2f809ea280ffba217451da894a5899f1cec02ab/2022-12-12T22:17:31.255181151Z, JVM: 17.0.5
OpenSearch 2.6.0
  • OpenSearch 2.6.0 install and enable service 
    [root@centos7 vagrant]# yum localinstall opensearch-2.6.0-linux-x64.rpm -y
Loaded plugins: fastestmirror
Examining opensearch-2.6.0-linux-x64.rpm: opensearch-2.6.0-1.x86_64
Marking opensearch-2.6.0-linux-x64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package opensearch.x86_64 0:2.6.0-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===============================================================================================================================================================================================================================================================================
Package                                                        Arch                                                       Version                                                       Repository                                                                       Size
===============================================================================================================================================================================================================================================================================
Installing:
opensearch                                                     x86_64                                                     2.6.0-1                                                       /opensearch-2.6.0-linux-x64                                                     931 M

Transaction Summary
===============================================================================================================================================================================================================================================================================
Install  1 Package

Total size: 931 M
Installed size: 931 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : opensearch-2.6.0-1.x86_64 [########################                                                                                                                                                                                                       ] 1  Installing : opensearch-2.6.0-1.x86_64 [##########################                                                                                                                                                                                                     ] 1  Installing : opensearch-2.6.0-1.x86_64 [############################                                                                                                                                                                                                   ] 1  Installing : opensearch-2.6.0-1.x86_64                                                                                          1/1 
### NOT starting on installation, please execute the following statements to configure opensearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable opensearch.service
### You can start opensearch service by executing
sudo systemctl start opensearch.service
### Create opensearch demo certificates in /etc/opensearch/
See demo certs creation log in /var/log/opensearch/install_demo_configuration.log
  Verifying  : opensearch-2.6.0-1.x86_64                                                                                          1/1 

Installed:
  opensearch.x86_64 0:2.6.0-1                                                                                                         

Complete!
[root@centos7 vagrant]# systemctl enable opensearch
Created symlink from /etc/systemd/system/multi-user.target.wants/opensearch.service to /usr/lib/systemd/system/opensearch.service.
[root@centos7 vagrant]# systemctl status opensearch
● opensearch.service - OpenSearch
  Loaded: loaded (/usr/lib/systemd/system/opensearch.service; enabled; vendor preset: disabled)
  Active: inactive (dead)
    Docs: https://opensearch.org/
  • Service start and files permissions 
    [root@centos7 vagrant]# ls -l /var/log/opensearch/
total 4
-rw-r--r--. 1 opensearch opensearch 1691 Mar 23 16:45 install_demo_configuration.log
[root@centos7 vagrant]# systemctl start opensearch
[root@centos7 vagrant]# ls -l /var/log/opensearch/
total 288
-rw-r--r--. 1 opensearch opensearch 39466 Mar 23 16:46 gc.log
-rw-r--r--. 1 opensearch opensearch  2007 Mar 23 16:46 gc.log.00
-rw-r--r--. 1 opensearch opensearch  1691 Mar 23 16:45 install_demo_configuration.log
-rw-r-----. 1 opensearch opensearch   832 Mar 23 16:46 opensearch_deprecation.json
-rw-r-----. 1 opensearch opensearch   511 Mar 23 16:46 opensearch_deprecation.log
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:46 opensearch_index_indexing_slowlog.json
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:46 opensearch_index_indexing_slowlog.log
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:46 opensearch_index_search_slowlog.json
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:46 opensearch_index_search_slowlog.log
-rw-r-----. 1 opensearch opensearch 38029 Mar 23 16:46 opensearch.log
-rw-r-----. 1 opensearch opensearch 75482 Mar 23 16:46 opensearch_server.json
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:46 opensearch_task_detailslog.json
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:46 opensearch_task_detailslog.log
[root@centos7 vagrant]# shutdown now
Connection to 127.0.0.1 closed by remote host.
  • Service enabled before system reboot with date change 
    [vagrant@centos7 ~]$ sudo su
[root@centos7 vagrant]# ls -l /var/log/opensearch/
total 360
-rw-r--r--. 1 opensearch opensearch 44912 Mar 23 16:49 gc.log
-rw-r--r--. 1 opensearch opensearch  2007 Mar 23 16:46 gc.log.00
-rw-r--r--. 1 opensearch opensearch 42816 Mar 23 16:47 gc.log.01
-rw-r--r--. 1 opensearch opensearch  1983 Mar 23 16:47 gc.log.02
-rw-r--r--. 1 opensearch opensearch 42019 Mar 23 16:48 gc.log.03
-rw-r--r--. 1 opensearch opensearch  1983 Mar 24  2023 gc.log.04
-rw-r--r--. 1 opensearch opensearch  1691 Mar 23 16:45 install_demo_configuration.log
-rw-r--r--. 1 opensearch opensearch 13616 Mar 24  2023 opensearch-2023-03-23-1.json.gz
-rw-r--r--. 1 opensearch opensearch 12522 Mar 24  2023 opensearch-2023-03-23-1.log.gz
-rw-r-----. 1 opensearch opensearch  1570 Mar 24  2023 opensearch_deprecation.json
-rw-r-----. 1 opensearch opensearch  1015 Mar 24  2023 opensearch_deprecation.log
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:46 opensearch_index_indexing_slowlog.json
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:46 opensearch_index_indexing_slowlog.log
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:46 opensearch_index_search_slowlog.json
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:46 opensearch_index_search_slowlog.log
-rw-r--r--. 1 opensearch opensearch 43079 Mar 23 16:48 opensearch.log
-rw-r--r--. 1 opensearch opensearch 73723 Mar 23 16:48 opensearch_server.json
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:46 opensearch_task_detailslog.json
-rw-r-----. 1 opensearch opensearch     0 Mar 23 16:46 opensearch_task_detailslog.log
[root@centos7 vagrant]# /usr/share/opensearch/bin/opensearch -V
WARNING: A terminally deprecated method in java.lang.System has been called
WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/opensearch/lib/opensearch-2.6.0.jar)
WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
WARNING: System::setSecurityManager will be removed in a future release
Version: 2.6.0, Build: rpm/7203a5af21a8a009aece1474446b437a3c674db6/2023-02-24T18:57:09.290618503Z, JVM: 17.0.6
@vikman90 vikman90 added type/bug Bug issue and removed type: bug labels Jun 14, 2023
@vcerenu vcerenu mentioned this issue Aug 16, 2023
Closed
2 tasks
@damarisg damarisg mentioned this issue Aug 16, 2023
Closed
@AlexRuiz7
Copy link
Member

Log4j handles the rotation of logs. The files are created using the permission inherited by the user running the process. In this case, systemd. The permissions are calculated using the umask.

The unit file /usr/lib/systemd/system/wazuh-indexer.service has to use umask=0027 in order to create the files with 640 permissions.

Mask Files (requested permissions 666)
027 640 (rw-r-----)

A brief testing has proven that the umask directive makes log4j use the correct permissions to create the log files, solving the error without further changes. We should include this in our systemd unit file to solve the issue.

@c-bordon
Copy link
Member

Update report

I did some tests with the proposed change here in the file:

/usr/lib/systemd/system/wazuh-indexer.service

[Unit]
Description=Wazuh-indexer
Documentation=https://documentation.wazuh.com
Wants=network-online.target
After=network-online.target

[Service]
Type=notify
RuntimeDirectory=wazuh-indexer
PrivateTmp=yes
Environment=OPENSEARCH_HOME=/usr/share/wazuh-indexer
Environment=OPENSEARCH_PATH_CONF=/etc/wazuh-indexer
Environment=PID_DIR=/run/wazuh-indexer
Environment=OPENSEARCH_SD_NOTIFY=true
EnvironmentFile=-/etc/sysconfig/wazuh-indexer

WorkingDirectory=/usr/share/wazuh-indexer

User=wazuh-indexer
Group=wazuh-indexer
UMask=0027

...

I built a package with this change and performed the tests as indicated in the issue header and I was able to validate that the permissions were not modified after rotating the logs, they remained at 0640

[root@centos7-1 ~]# ls -la /var/log/wazuh-indexer/
total 236
drwxr-x---.  2 wazuh-indexer wazuh-indexer  4096 Aug 18 11:26 .
drwxr-xr-x. 11 root          root           4096 Aug 18 11:29 ..
-rw-r-----.  1 wazuh-indexer wazuh-indexer 45922 Aug 18 11:32 gc.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer  2012 Aug 18 11:26 gc.log.00
-rw-r-----.  1 wazuh-indexer wazuh-indexer  2358 Aug 18 11:31 wazuh-cluster_deprecation.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer  1374 Aug 18 11:31 wazuh-cluster_deprecation.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer     0 Aug 18 11:26 wazuh-cluster_index_indexing_slowlog.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer     0 Aug 18 11:26 wazuh-cluster_index_indexing_slowlog.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer     0 Aug 18 11:26 wazuh-cluster_index_search_slowlog.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer     0 Aug 18 11:26 wazuh-cluster_index_search_slowlog.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer 40036 Aug 18 11:31 wazuh-cluster.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer 85085 Aug 18 11:31 wazuh-cluster_server.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer     0 Aug 18 11:26 wazuh-cluster_task_detailslog.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer     0 Aug 18 11:26 wazuh-cluster_task_detailslog.log
[root@centos7-1 ~]# date
Fri Aug 18 11:34:16 UTC 2023

[root@centos7-1 ~]# poweroff
Connection to 127.0.0.1 closed by remote host.
cbordon@cbordon-MS-7C88:~/Documents/wazuh/local-test/vagrant-tests/centos/7$ vagrant up && vagrant ssh
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Checking if box 'centos/7' version '2004.01' is up to date...
==> default: Clearing any previously set forwarded ports...
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
    default: Adapter 1: nat
    default: Adapter 2: hostonly
==> default: Forwarding ports...
    default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 127.0.0.1:2222
    default: SSH username: vagrant
    default: SSH auth method: private key
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
    default: No guest additions were detected on the base box for this VM! Guest
    default: additions are required for forwarded ports, shared folders, host only
    default: networking, and more. If SSH fails on this machine, please install
    default: the guest additions and repackage the box to continue.
    default: 
    default: This is not an error message; everything may continue to work properly,
    default: in which case you may ignore this message.
==> default: Setting hostname...
==> default: Configuring and enabling network interfaces...
==> default: Rsyncing folder: /home/cbordon/Documents/wazuh/local-test/vagrant-tests/centos/7/ => /vagrant
==> default: Machine already provisioned. Run `vagrant provision` or use the `--provision`
==> default: flag to force provisioning. Provisioners marked to run always will still run.
Last login: Fri Aug 18 11:05:30 2023 from 10.0.2.2
[vagrant@centos7-1 ~]$ sudo su -
Last login: Fri Aug 18 11:22:39 UTC 2023 on pts/0
[root@centos7-1 ~]# ls -la /var/log/wazuh-indexer/
total 432
drwxr-x---.  2 wazuh-indexer wazuh-indexer   4096 Aug 18 11:34 .
drwxr-xr-x. 11 root          root            4096 Aug 18 11:34 ..
-rw-r-----.  1 wazuh-indexer wazuh-indexer  30174 Aug 18 11:35 gc.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer   2012 Aug 18 11:26 gc.log.00
-rw-r-----.  1 wazuh-indexer wazuh-indexer  53312 Aug 18 11:34 gc.log.01
-rw-r-----.  1 wazuh-indexer wazuh-indexer   2012 Aug 18 11:34 gc.log.02
-rw-r-----.  1 wazuh-indexer wazuh-indexer   3803 Aug 18 11:34 wazuh-cluster_deprecation.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer   2249 Aug 18 11:34 wazuh-cluster_deprecation.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer      0 Aug 18 11:26 wazuh-cluster_index_indexing_slowlog.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer      0 Aug 18 11:26 wazuh-cluster_index_indexing_slowlog.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer      0 Aug 18 11:26 wazuh-cluster_index_search_slowlog.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer      0 Aug 18 11:26 wazuh-cluster_index_search_slowlog.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer  66481 Aug 18 11:35 wazuh-cluster.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer 135747 Aug 18 11:35 wazuh-cluster_server.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer      0 Aug 18 11:26 wazuh-cluster_task_detailslog.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer      0 Aug 18 11:26 wazuh-cluster_task_detailslog.log
[root@centos7-1 ~]# date
Fri Aug 18 11:35:05 UTC 2023
[root@centos7-1 ~]# poweroff
cbordon@cbordon-MS-7C88:~/Documents/wazuh/local-test/vagrant-tests/centos/7$ date
sáb 19 ago 2023 08:37:26 -03
Last login: Fri Aug 18 11:35:01 UTC 2023 on pts/0
[root@centos7-1 ~]# ls -la /var/log/wazuh-indexer/
total 276
drwxr-x---.  2 wazuh-indexer wazuh-indexer  4096 Aug 19  2023 .
drwxr-xr-x. 11 root          root           4096 Aug 19  2023 ..
-rw-r-----.  1 wazuh-indexer wazuh-indexer 30336 Aug 18 11:38 gc.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer  2012 Aug 18 11:26 gc.log.00
-rw-r-----.  1 wazuh-indexer wazuh-indexer 53312 Aug 18 11:34 gc.log.01
-rw-r-----.  1 wazuh-indexer wazuh-indexer  2012 Aug 18 11:34 gc.log.02
-rw-r-----.  1 wazuh-indexer wazuh-indexer 31769 Aug 18 11:35 gc.log.03
-rw-r-----.  1 wazuh-indexer wazuh-indexer  2012 Aug 19  2023 gc.log.04
-rw-r-----.  1 wazuh-indexer wazuh-indexer 15078 Aug 19  2023 wazuh-cluster-2023-08-18-1.json.gz
-rw-r-----.  1 wazuh-indexer wazuh-indexer 13656 Aug 19  2023 wazuh-cluster-2023-08-18-1.log.gz
-rw-r-----.  1 wazuh-indexer wazuh-indexer  5248 Aug 18 11:38 wazuh-cluster_deprecation.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer  3124 Aug 18 11:38 wazuh-cluster_deprecation.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer     0 Aug 18 11:26 wazuh-cluster_index_indexing_slowlog.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer     0 Aug 18 11:26 wazuh-cluster_index_indexing_slowlog.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer     0 Aug 18 11:26 wazuh-cluster_index_search_slowlog.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer     0 Aug 18 11:26 wazuh-cluster_index_search_slowlog.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer 29515 Aug 18 11:38 wazuh-cluster.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer 58354 Aug 18 11:38 wazuh-cluster_server.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer     0 Aug 18 11:26 wazuh-cluster_task_detailslog.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer     0 Aug 18 11:26 wazuh-cluster_task_detailslog.log
[root@centos7-1 ~]# date
Fri Aug 18 11:38:17 UTC 2023

@gdiazlo gdiazlo added the level/task Subtask issue label Aug 21, 2023
@c-bordon c-bordon mentioned this issue Aug 22, 2023
Open
30 tasks
@c-bordon c-bordon linked a pull request Aug 22, 2023 that will close this issue
Added umask to wazuh-indexer.service #2366
Open
30 tasks
@c-bordon
Copy link
Member

Update report:

I was validating the logs after the correction. However, now the file permissions are correct, the error in the logs continues to appear at each VM restart. I am analyzing what type of permission can fail, possibly the user, and I continue investigating.

[root@centos7-1 ~]# ls -la /var/log/wazuh-indexer/
total 736
drwxr-x---.  2 wazuh-indexer wazuh-indexer   4096 Aug 23  2023 .
drwxr-xr-x. 11 root          root            4096 Aug 23  2023 ..
-rw-r-----.  1 wazuh-indexer wazuh-indexer  97072 Aug 22 20:41 gc.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer   2012 Aug 22 17:52 gc.log.00
-rw-r-----.  1 wazuh-indexer wazuh-indexer  50667 Aug 22 17:58 gc.log.01
-rw-r-----.  1 wazuh-indexer wazuh-indexer   2012 Aug 22 17:58 gc.log.02
-rw-r-----.  1 wazuh-indexer wazuh-indexer  39777 Aug 22 17:59 gc.log.03
-rw-r-----.  1 wazuh-indexer wazuh-indexer   2012 Aug 23  2023 gc.log.04
-rw-r-----.  1 wazuh-indexer wazuh-indexer 120095 Aug 22 19:25 gc.log.05
-rw-r-----.  1 wazuh-indexer wazuh-indexer   2012 Aug 23  2023 gc.log.06
-rw-r-----.  1 wazuh-indexer wazuh-indexer  97911 Aug 22 19:57 gc.log.07
-rw-r--r--.  1 root          root            2012 Aug 22 19:56 gc.log.08
-rw-r--r--.  1 root          root            2333 Aug 22 19:56 gc.log.09
-rw-r-----.  1 wazuh-indexer wazuh-indexer   2012 Aug 22 19:57 gc.log.10
-rw-r-----.  1 wazuh-indexer wazuh-indexer  35022 Aug 22 19:58 gc.log.11
-rw-r-----.  1 wazuh-indexer wazuh-indexer   2012 Aug 23  2023 gc.log.12
-rw-r-----.  1 wazuh-indexer wazuh-indexer  14448 Aug 23  2023 wazuh-cluster-2023-08-22-1.json.gz
-rw-r-----.  1 wazuh-indexer wazuh-indexer  13061 Aug 23  2023 wazuh-cluster-2023-08-22-1.log.gz
-rw-r-----.  1 wazuh-indexer wazuh-indexer   7624 Aug 23  2023 wazuh-cluster-2023-08-22-2.json.gz
-rw-r-----.  1 wazuh-indexer wazuh-indexer   7083 Aug 23  2023 wazuh-cluster-2023-08-22-2.log.gz
-rw-r-----.  1 wazuh-indexer wazuh-indexer  13587 Aug 23  2023 wazuh-cluster-2023-08-22-3.json.gz
-rw-r-----.  1 wazuh-indexer wazuh-indexer   8375 Aug 23  2023 wazuh-cluster-2023-08-22-3.log.gz
-rw-r-----.  1 wazuh-indexer wazuh-indexer  11375 Aug 22 20:00 wazuh-cluster_deprecation.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer   6713 Aug 22 20:00 wazuh-cluster_deprecation.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer      0 Aug 22 17:52 wazuh-cluster_index_indexing_slowlog.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer      0 Aug 22 17:52 wazuh-cluster_index_indexing_slowlog.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer      0 Aug 22 17:52 wazuh-cluster_index_search_slowlog.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer      0 Aug 22 17:52 wazuh-cluster_index_search_slowlog.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer  32269 Aug 22 20:40 wazuh-cluster.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer  65654 Aug 22 20:40 wazuh-cluster_server.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer      0 Aug 22 17:52 wazuh-cluster_task_detailslog.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer      0 Aug 22 17:52 wazuh-cluster_task_detailslog.log


[root@centos7-1 ~]# journalctl | grep -i wazuh-indexer
Aug 23 19:59:49 centos7-1 systemd[1]: Configuration file /usr/lib/systemd/system/wazuh-indexer.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
Aug 23 19:59:52 centos7-1 systemd[1]: Starting Wazuh-indexer...
Aug 23 19:59:54 centos7-1 systemd-entrypoint[795]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.6.0.jar)
Aug 23 19:59:55 centos7-1 systemd-entrypoint[795]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.6.0.jar)
Aug 23 19:59:55 centos7-1 systemd-entrypoint[795]: 2023-08-23 19:59:55,867 main ERROR Could not define attribute view on path "/var/log/wazuh-indexer/wazuh-cluster_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation") java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Aug 23 19:59:55 centos7-1 systemd-entrypoint[795]: 2023-08-23 19:59:55,887 main ERROR Could not define attribute view on path "/var/log/wazuh-indexer/wazuh-cluster.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Aug 22 20:00:08 centos7-1 systemd[1]: Started Wazuh-indexer.

@AlexRuiz7 AlexRuiz7 mentioned this issue Aug 22, 2023
Closed
3 tasks
@c-bordon
Copy link
Member

Update report:

Make a change by adding more extensive permissions by giving read and write permissions to others. Still giving the same error in journalctl

[root@centos7-1 ~]# ls -la /var/log/wazuh-indexer/
total 272
drwxr-x---.  2 wazuh-indexer wazuh-indexer  4096 Aug 24  2023 .
drwxr-xr-x. 11 root          root           4096 Aug 24  2023 ..
-rw-rw-rw-.  1 wazuh-indexer wazuh-indexer 32735 Aug 23 13:10 gc.log
-rw-rw-rw-.  1 wazuh-indexer wazuh-indexer  2012 Aug 23 13:02 gc.log.00
-rw-rw-rw-.  1 wazuh-indexer wazuh-indexer 48585 Aug 23 13:08 gc.log.01
-rw-rw-rw-.  1 wazuh-indexer wazuh-indexer  2012 Aug 23 13:08 gc.log.02
-rw-rw-rw-.  1 wazuh-indexer wazuh-indexer 35886 Aug 23 13:09 gc.log.03
-rw-rw-rw-.  1 wazuh-indexer wazuh-indexer  2012 Aug 24  2023 gc.log.04
-rw-rw-rw-.  1 wazuh-indexer wazuh-indexer 14386 Aug 24  2023 wazuh-cluster-2023-08-23-1.json.gz
-rw-rw-rw-.  1 wazuh-indexer wazuh-indexer 13056 Aug 24  2023 wazuh-cluster-2023-08-23-1.log.gz
-rw-r-----.  1 wazuh-indexer wazuh-indexer  5696 Aug 23 13:10 wazuh-cluster_deprecation.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer  3365 Aug 23 13:10 wazuh-cluster_deprecation.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer     0 Aug 23 13:02 wazuh-cluster_index_indexing_slowlog.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer     0 Aug 23 13:02 wazuh-cluster_index_indexing_slowlog.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer     0 Aug 23 13:02 wazuh-cluster_index_search_slowlog.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer     0 Aug 23 13:02 wazuh-cluster_index_search_slowlog.log
-rw-rw-rw-.  1 wazuh-indexer wazuh-indexer 29367 Aug 23 13:10 wazuh-cluster.log
-rw-rw-rw-.  1 wazuh-indexer wazuh-indexer 57798 Aug 23 13:10 wazuh-cluster_server.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer     0 Aug 23 13:02 wazuh-cluster_task_detailslog.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer     0 Aug 23 13:02 wazuh-cluster_task_detailslog.log
[root@centos7-1 ~]# journalctl | grep -i wazuh-indexer
Aug 24 13:10:02 centos7-1 systemd[1]: Configuration file /usr/lib/systemd/system/wazuh-indexer.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
Aug 24 13:10:03 centos7-1 systemd[1]: Starting Wazuh-indexer...
Aug 24 13:10:05 centos7-1 systemd-entrypoint[736]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.6.0.jar)
Aug 24 13:10:06 centos7-1 systemd-entrypoint[736]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.6.0.jar)
Aug 24 13:10:06 centos7-1 systemd-entrypoint[736]: 2023-08-24 13:10:06,400 main ERROR Could not define attribute view on path "/var/log/wazuh-indexer/wazuh-cluster_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation") java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Aug 24 13:10:06 centos7-1 systemd-entrypoint[736]: 2023-08-24 13:10:06,407 main ERROR Could not define attribute view on path "/var/log/wazuh-indexer/wazuh-cluster.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Aug 23 13:10:18 centos7-1 systemd[1]: Started Wazuh-indexer.

@AlexRuiz7
Copy link
Member

AlexRuiz7 commented Aug 24, 2023
edited

Troubleshooting

I installed Wazuh 4.5 using the installed in a RHEL 7 VM.

Post-install logs

Here's the output of journalctl -xeu wazuh-indexer post installation:

Aug 24 10:53:41 rhel7.localdomain systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has begun starting up.
Aug 24 10:53:43 rhel7.localdomain systemd-entrypoint[4644]: WARNING: A terminally deprecated method in java.lang.System has been called
Aug 24 10:53:43 rhel7.localdomain systemd-entrypoint[4644]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer
Aug 24 10:53:43 rhel7.localdomain systemd-entrypoint[4644]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Aug 24 10:53:43 rhel7.localdomain systemd-entrypoint[4644]: WARNING: System::setSecurityManager will be removed in a future release
Aug 24 10:53:44 rhel7.localdomain systemd-entrypoint[4644]: WARNING: A terminally deprecated method in java.lang.System has been called
Aug 24 10:53:44 rhel7.localdomain systemd-entrypoint[4644]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/l
Aug 24 10:53:44 rhel7.localdomain systemd-entrypoint[4644]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Aug 24 10:53:44 rhel7.localdomain systemd-entrypoint[4644]: WARNING: System::setSecurityManager will be removed in a future release
Aug 24 10:53:50 rhel7.localdomain systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has finished starting up.
-- 
-- The start-up result is done.

Post install file permissions

Log files permissions:

[root@rhel7 vagrant]# ls -la /var/log/wazuh-indexer/
total 288
drwxr-x---.  2 wazuh-indexer wazuh-indexer   4096 Aug 24 10:53 .
drwxr-xr-x. 11 root          root            4096 Aug 24 10:56 ..
-rw-r--r--.  1 wazuh-indexer wazuh-indexer 112657 Aug 24 11:28 gc.log
-rw-r--r--.  1 wazuh-indexer wazuh-indexer   2016 Aug 24 10:53 gc.log.00
-rw-r-----.  1 wazuh-indexer wazuh-indexer  44684 Aug 24 11:26 wazuh-cluster.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer   2358 Aug 24 10:59 wazuh-cluster_deprecation.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer   1374 Aug 24 10:59 wazuh-cluster_deprecation.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer      0 Aug 24 10:53 wazuh-cluster_index_indexing_slowlog.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer      0 Aug 24 10:53 wazuh-cluster_index_indexing_slowlog.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer      0 Aug 24 10:53 wazuh-cluster_index_search_slowlog.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer      0 Aug 24 10:53 wazuh-cluster_index_search_slowlog.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer  94865 Aug 24 11:26 wazuh-cluster_server.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer      0 Aug 24 10:53 wazuh-cluster_task_detailslog.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer      0 Aug 24 10:53 wazuh-cluster_task_detailslog.log

Rebooted the VM and file permissions are the same. No errors in the logs.
I tried to force the rotation of logs:

Disable sync with host time and date

VBoxManage setextradata <Virtual Machine Name> "VBoxInternal/Devices/VMMDev/0/Config/GetHostTimeDisabled" "1"

Change date (+1 day)

[root@rhel7 vagrant]# timedatectl set-ntp 0
[root@rhel7 vagrant]# date
Thu Aug 24 12:04:17 UTC 2023
[root@rhel7 vagrant]# timedatectl set-time "2023-08-25 14:20:00"
[root@rhel7 vagrant]# date
Fri Aug 25 14:20:06 UTC 2023

-- Unit wazuh-indexer.service has begun starting up.
Aug 25 15:04:26 rhel7.localdomain systemd-entrypoint[1021]: WARNING: A terminally deprecated method in java.lang.System has been called
Aug 25 15:04:26 rhel7.localdomain systemd-entrypoint[1021]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.6.0.ja
Aug 25 15:04:26 rhel7.localdomain systemd-entrypoint[1021]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Aug 25 15:04:26 rhel7.localdomain systemd-entrypoint[1021]: WARNING: System::setSecurityManager will be removed in a future release
Aug 25 15:04:27 rhel7.localdomain systemd-entrypoint[1021]: WARNING: A terminally deprecated method in java.lang.System has been called
Aug 25 15:04:27 rhel7.localdomain systemd-entrypoint[1021]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.6.0.jar)
Aug 25 15:04:27 rhel7.localdomain systemd-entrypoint[1021]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Aug 25 15:04:27 rhel7.localdomain systemd-entrypoint[1021]: WARNING: System::setSecurityManager will be removed in a future release
Aug 25 15:04:35 rhel7.localdomain systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has finished starting up.
-- 
-- The start-up result is done.
[root@rhel7 vagrant]# ls -l /var/log/wazuh-indexer/
total 580
-rw-r--r--. 1 wazuh-indexer wazuh-indexer  59096 Aug 25 15:10 gc.log
-rw-r--r--. 1 wazuh-indexer wazuh-indexer   2016 Aug 24 10:53 gc.log.00
-rw-r--r--. 1 wazuh-indexer wazuh-indexer 122662 Aug 24 11:39 gc.log.01
-rw-r--r--. 1 wazuh-indexer wazuh-indexer   2016 Aug 24 11:39 gc.log.02
-rw-r--r--. 1 wazuh-indexer wazuh-indexer 112560 Aug 24 12:25 gc.log.03
-rw-r--r--. 1 wazuh-indexer wazuh-indexer   2016 Aug 24 13:00 gc.log.04
-rw-r--r--. 1 wazuh-indexer wazuh-indexer  52278 Aug 25 15:04 gc.log.05
-rw-r--r--. 1 wazuh-indexer wazuh-indexer   2016 Aug 25 15:04 gc.log.06
-rw-r--r--. 1 wazuh-indexer wazuh-indexer  22014 Aug 25 15:04 wazuh-cluster-2023-08-24-1.json.gz
-rw-r--r--. 1 wazuh-indexer wazuh-indexer  19215 Aug 25 15:04 wazuh-cluster-2023-08-24-1.log.gz
-rw-r-----. 1 wazuh-indexer wazuh-indexer  32082 Aug 25 15:09 wazuh-cluster.log
-rw-r-----. 1 wazuh-indexer wazuh-indexer   8037 Aug 25 15:04 wazuh-cluster_deprecation.json
-rw-r-----. 1 wazuh-indexer wazuh-indexer   4722 Aug 25 15:04 wazuh-cluster_deprecation.log
-rw-r-----. 1 wazuh-indexer wazuh-indexer      0 Aug 24 10:53 wazuh-cluster_index_indexing_slowlog.json
-rw-r-----. 1 wazuh-indexer wazuh-indexer      0 Aug 24 10:53 wazuh-cluster_index_indexing_slowlog.log
-rw-r-----. 1 wazuh-indexer wazuh-indexer      0 Aug 24 10:53 wazuh-cluster_index_search_slowlog.json
-rw-r-----. 1 wazuh-indexer wazuh-indexer      0 Aug 24 10:53 wazuh-cluster_index_search_slowlog.log
-rw-r-----. 1 wazuh-indexer wazuh-indexer  65799 Aug 25 15:09 wazuh-cluster_server.json
-rw-r-----. 1 wazuh-indexer wazuh-indexer      0 Aug 24 10:53 wazuh-cluster_task_detailslog.json
-rw-r-----. 1 wazuh-indexer wazuh-indexer      0 Aug 24 10:53 wazuh-cluster_task_detailslog.log

@AlexRuiz7
Copy link
Member

AlexRuiz7 commented Aug 24, 2023
edited

We were able to replicate in Ubuntu 2204 and CentOS 7, but not on Red Hat 7.

@c-bordon
Copy link
Member

c-bordon commented Aug 24, 2023
edited

Update report

I've been trying to replicate the same tests Alex did on a RHEL 7 vagrant box and I didn't get the same results. That is, install a Wazuh 4.5.0 package, and edit the wazuh-indexer.service file by adding the umask, restarting the service, updating the date by advancing it to the next day, and restart the host, and the log with the error appears in the journalctl:

[root@redhat-7 ~]# ls -la /var/log/wazuh-indexer/
total 500
drwxr-x---.  2 wazuh-indexer wazuh-indexer   4096 Aug 24 14:36 .
drwxr-xr-x. 11 root          root            4096 Aug 24 14:31 ..
-rw-r--r--.  1 wazuh-indexer wazuh-indexer  46587 Aug 24 14:38 gc.log
-rw-r--r--.  1 wazuh-indexer wazuh-indexer   2007 Aug 24 14:27 gc.log.00
-rw-r--r--.  1 wazuh-indexer wazuh-indexer  65587 Aug 24 14:36 gc.log.01
-rw-r--r--.  1 wazuh-indexer wazuh-indexer   2007 Aug 24 14:36 gc.log.02
-rw-r--r--.  1 wazuh-indexer wazuh-indexer  30533 Aug 24 14:36 gc.log.03
-rw-r--r--.  1 wazuh-indexer wazuh-indexer   2007 Aug 24 14:36 gc.log.04
-rw-r-----.  1 wazuh-indexer wazuh-indexer   5248 Aug 24 14:36 wazuh-cluster_deprecation.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer   3124 Aug 24 14:36 wazuh-cluster_deprecation.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer      0 Aug 24 14:27 wazuh-cluster_index_indexing_slowlog.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer      0 Aug 24 14:27 wazuh-cluster_index_indexing_slowlog.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer      0 Aug 24 14:27 wazuh-cluster_index_search_slowlog.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer      0 Aug 24 14:27 wazuh-cluster_index_search_slowlog.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer  95532 Aug 24 14:37 wazuh-cluster.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer 190395 Aug 24 14:37 wazuh-cluster_server.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer      0 Aug 24 14:27 wazuh-cluster_task_detailslog.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer      0 Aug 24 14:27 wazuh-cluster_task_detailslog.log
[root@redhat-7 ~]# poweroff
Connection to 127.0.0.1 closed by remote host.

[vagrant@redhat-7 ~]$ sudo su -
Last login: Thu Aug 24 14:24:54 UTC 2023 on pts/0
[root@redhat-7 ~]# ls -la /var/log/wazuh-indexer/
total 360
drwxr-x---.  2 wazuh-indexer wazuh-indexer  4096 Aug 25 14:39 .
drwxr-xr-x. 11 root          root           4096 Aug 25 14:39 ..
-rw-r--r--.  1 wazuh-indexer wazuh-indexer 39875 Aug 25 14:40 gc.log
-rw-r--r--.  1 wazuh-indexer wazuh-indexer  2007 Aug 24 14:27 gc.log.00
-rw-r--r--.  1 wazuh-indexer wazuh-indexer 65587 Aug 24 14:36 gc.log.01
-rw-r--r--.  1 wazuh-indexer wazuh-indexer  2007 Aug 24 14:36 gc.log.02
-rw-r--r--.  1 wazuh-indexer wazuh-indexer 30533 Aug 24 14:36 gc.log.03
-rw-r--r--.  1 wazuh-indexer wazuh-indexer  2007 Aug 24 14:36 gc.log.04
-rw-r--r--.  1 wazuh-indexer wazuh-indexer 47313 Aug 24 14:38 gc.log.05
-rw-r--r--.  1 wazuh-indexer wazuh-indexer  2007 Aug 25 14:39 gc.log.06
-rw-r--r--.  1 wazuh-indexer wazuh-indexer 20313 Aug 25 14:39 wazuh-cluster-2023-08-24-1.json.gz
-rw-r--r--.  1 wazuh-indexer wazuh-indexer 14612 Aug 25 14:39 wazuh-cluster-2023-08-24-1.log.gz
-rw-r-----.  1 wazuh-indexer wazuh-indexer  7141 Aug 25 14:39 wazuh-cluster_deprecation.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer  4240 Aug 25 14:39 wazuh-cluster_deprecation.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer     0 Aug 24 14:27 wazuh-cluster_index_indexing_slowlog.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer     0 Aug 24 14:27 wazuh-cluster_index_indexing_slowlog.log
-rw-r-----.  1 wazuh-indexer wazuh-indexer     0 Aug 24 14:27 wazuh-cluster_index_search_slowlog.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer     0 Aug 24 14:27 wazuh-cluster_index_search_slowlog.log
-rw-r--r--.  1 wazuh-indexer wazuh-indexer 32592 Aug 25 14:39 wazuh-cluster.log
-rw-r--r--.  1 wazuh-indexer wazuh-indexer 65409 Aug 25 14:39 wazuh-cluster_server.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer     0 Aug 24 14:27 wazuh-cluster_task_detailslog.json
-rw-r-----.  1 wazuh-indexer wazuh-indexer     0 Aug 24 14:27 wazuh-cluster_task_detailslog.log
[root@redhat-7 ~]# journalctl | grep -i wazuh-indexer
Aug 25 14:39:11 redhat-7 systemd[1]: Configuration file /usr/lib/systemd/system/wazuh-indexer.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
Aug 25 14:39:11 redhat-7 systemd[1]: [/usr/lib/systemd/system/wazuh-indexer.service:21] Unknown lvalue 'Umask' in section 'Service'
Aug 25 14:39:15 redhat-7 systemd[1]: Starting Wazuh-indexer...
Aug 25 14:39:17 redhat-7 systemd-entrypoint[1121]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.6.0.jar)
Aug 25 14:39:18 redhat-7 systemd-entrypoint[1121]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.6.0.jar)
Aug 25 14:39:18 redhat-7 systemd-entrypoint[1121]: 2023-08-25 14:39:18,862 main ERROR Could not define attribute view on path "/var/log/wazuh-indexer/wazuh-cluster_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation") java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Aug 25 14:39:18 redhat-7 systemd-entrypoint[1121]: 2023-08-25 14:39:18,881 main ERROR Could not define attribute view on path "/var/log/wazuh-indexer/wazuh-cluster.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Aug 25 14:39:29 redhat-7 systemd[1]: Started Wazuh-indexer.

[root@redhat-7 ~]# cat /usr/lib/systemd/system/wazuh-indexer.service 
[Unit]
Description=Wazuh-indexer
Documentation=https://documentation.wazuh.com
Wants=network-online.target
After=network-online.target

[Service]
Type=notify
RuntimeDirectory=wazuh-indexer
PrivateTmp=yes
Environment=OPENSEARCH_HOME=/usr/share/wazuh-indexer
Environment=OPENSEARCH_PATH_CONF=/etc/wazuh-indexer
Environment=PID_DIR=/run/wazuh-indexer
Environment=OPENSEARCH_SD_NOTIFY=true
EnvironmentFile=-/etc/sysconfig/wazuh-indexer

WorkingDirectory=/usr/share/wazuh-indexer

User=wazuh-indexer
Group=wazuh-indexer
Umask=0027
 

...

@c-bordon
Copy link
Member

Update report

I've been doing some additional testing and research but can't find any possible changes to the code. I continue to investigate

@AlexRuiz7 AlexRuiz7 self-assigned this Aug 28, 2023
@AlexRuiz7
Copy link
Member

AlexRuiz7 commented Aug 28, 2023
edited

I've found out that this problem is also present in OpenSearch 2.6.0

Aug 28 12:00:46 ubuntu2204.localdomain systemd[1]: Started OpenSearch.
░░ Subject: A start job for unit opensearch.service has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ A start job for unit opensearch.service has finished successfully.
░░ 
░░ The job identifier is 120.
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]: 2023-08-29 14:22:59,217 opensearch[ubuntu2204.localdomain][scheduler][T#1] ERROR Could not define attribute view on path "/var/log/opensearch/opensearch_server.json" got access denied ("java.lang.RuntimePermission" "accessUserInformation") java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:177)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:215)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:202)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:419)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:396)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:311)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:542)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:500)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:483)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:417)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.Logger.log(Logger.java:161)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2205)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2159)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2142)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2017)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1983)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1320)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.opensearch.jobscheduler.sweeper.JobSweeper.lambda$initBackgroundSweep$10(JobSweeper.java:294)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.opensearch.threadpool.Scheduler$ReschedulingRunnable.doRun(Scheduler.java:239)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:806)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.opensearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:52)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at java.base/java.lang.Thread.run(Thread.java:833)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]: 2023-08-29 14:22:59,222 opensearch[ubuntu2204.localdomain][scheduler][T#1] ERROR Could not define attribute view on path "/var/log/opensearch/opensearch.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.checkWriteExtended(UnixFileAttributeViews.java:195)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:264)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.util.FileUtils.defineFilePosixAttributeView(FileUtils.java:177)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.appender.FileManager.defineAttributeView(FileManager.java:215)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.appender.FileManager.createOutputStream(FileManager.java:202)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.createFileAfterRollover(RollingFileManager.java:419)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.rollover(RollingFileManager.java:396)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.appender.rolling.RollingFileManager.checkRollover(RollingFileManager.java:308)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.appender.RollingFileAppender.append(RollingFileAppender.java:311)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.config.AppenderControl.tryCallAppender(AppenderControl.java:161)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.config.AppenderControl.callAppender0(AppenderControl.java:134)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.config.AppenderControl.callAppenderPreventRecursion(AppenderControl.java:125)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.config.AppenderControl.callAppender(AppenderControl.java:89)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.config.LoggerConfig.callAppenders(LoggerConfig.java:542)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.config.LoggerConfig.processLogEvent(LoggerConfig.java:500)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:483)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.config.LoggerConfig.log(LoggerConfig.java:417)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.config.AwaitCompletionReliabilityStrategy.log(AwaitCompletionReliabilityStrategy.java:82)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.core.Logger.log(Logger.java:161)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.spi.AbstractLogger.tryLogMessage(AbstractLogger.java:2205)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.spi.AbstractLogger.logMessageTrackRecursion(AbstractLogger.java:2159)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.spi.AbstractLogger.logMessageSafely(AbstractLogger.java:2142)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.spi.AbstractLogger.logMessage(AbstractLogger.java:2017)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.spi.AbstractLogger.logIfEnabled(AbstractLogger.java:1983)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.apache.logging.log4j.spi.AbstractLogger.info(AbstractLogger.java:1320)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.opensearch.jobscheduler.sweeper.JobSweeper.lambda$initBackgroundSweep$10(JobSweeper.java:294)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.opensearch.threadpool.Scheduler$ReschedulingRunnable.doRun(Scheduler.java:239)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:806)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at org.opensearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:52)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Aug 29 14:22:59 ubuntu2204.localdomain systemd-entrypoint[661]:         at java.base/java.lang.Thread.run(Thread.java:833)

I did the following:

  1. Installed OpenSearch 2.6.0 DEB / x64 architecture package
  2. Halted the VM
  3. Disabled VM time synchronization
  4. Booted and logged in into the VM
  5. Disabled ntp date synchronization
  6. Changed the time to +1 day
  7. Waited a few minutes
  8. Checked logs rotation was executed (ls -la /var/log/opensearch)
  9. Checked OpenSearch logs (journalctl -xeu opensearch)

I know this was stated in the first post in this issue. Just clarifying this matter.

In my opinion, we should open an issue in OpenSearch's repo.

@c-bordon
Copy link
Member

c-bordon commented Aug 28, 2023
edited

Update report

I also did a test with OpenSearch 2.9.0 and the result is the same:

[root@redhat-7 ~]# ls -la /var/log/opensearch/
total 524
drwxr-sr-x.  2 opensearch opensearch   4096 Aug 28 13:37 .
drwxr-xr-x. 11 root       root         4096 Aug 28 13:44 ..
-rw-r--r--.  1 opensearch opensearch 143656 Aug 28 13:49 gc.log
-rw-r--r--.  1 opensearch opensearch   2006 Aug 28 13:37 gc.log.00
-rw-r--r--.  1 opensearch opensearch   1693 Aug 28 13:37 install_demo_configuration.log
-rw-r-----.  1 opensearch opensearch    834 Aug 28 13:37 opensearch_deprecation.json
-rw-r-----.  1 opensearch opensearch    513 Aug 28 13:37 opensearch_deprecation.log
-rw-r-----.  1 opensearch opensearch      0 Aug 28 13:37 opensearch_index_indexing_slowlog.json
-rw-r-----.  1 opensearch opensearch      0 Aug 28 13:37 opensearch_index_indexing_slowlog.log
-rw-r-----.  1 opensearch opensearch      0 Aug 28 13:37 opensearch_index_search_slowlog.json
-rw-r-----.  1 opensearch opensearch      0 Aug 28 13:37 opensearch_index_search_slowlog.log
-rw-r-----.  1 opensearch opensearch  50722 Aug 28 13:47 opensearch.log
-rw-r-----.  1 opensearch opensearch 104571 Aug 28 13:47 opensearch_server.json
-rw-r-----.  1 opensearch opensearch      0 Aug 28 13:37 opensearch_task_detailslog.json
-rw-r-----.  1 opensearch opensearch      0 Aug 28 13:37 opensearch_task_detailslog.log
[root@redhat-7 ~]# journalctl | grep -i opensearch.log
[root@redhat-7 ~]# poweroff


[vagrant@redhat-7 ~]$ sudo su -
Last login: Mon Aug 28 13:34:03 UTC 2023 on pts/0
[root@redhat-7 ~]# journalctl | grep -i opensearch.log
Aug 29 13:50:36 redhat-7 systemd-entrypoint[688]: 2023-08-29 13:50:36,540 main ERROR Could not define attribute view on path "/var/log/opensearch/opensearch.log" got access denied ("java.lang.RuntimePermission" "accessUserInformation") java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessUserInformation")
[root@redhat-7 ~]# ls -la /var/log/opensearch/
total 412
drwxr-sr-x.  2 opensearch opensearch   4096 Aug 29 13:50 .
drwxr-xr-x. 11 root       root         4096 Aug 29 13:50 ..
-rw-r--r--.  1 opensearch opensearch  39712 Aug 29 13:51 gc.log
-rw-r--r--.  1 opensearch opensearch   2006 Aug 28 13:37 gc.log.00
-rw-r--r--.  1 opensearch opensearch 146505 Aug 28 13:50 gc.log.01
-rw-r--r--.  1 opensearch opensearch   2006 Aug 29 13:50 gc.log.02
-rw-r--r--.  1 opensearch opensearch   1693 Aug 28 13:37 install_demo_configuration.log
-rw-r--r--.  1 opensearch opensearch   9178 Aug 29 13:50 opensearch-2023-08-28-1.json.gz
-rw-r--r--.  1 opensearch opensearch   8390 Aug 29 13:50 opensearch-2023-08-28-1.log.gz
-rw-r-----.  1 opensearch opensearch   1204 Aug 29 13:50 opensearch_deprecation.json
-rw-r-----.  1 opensearch opensearch    766 Aug 29 13:50 opensearch_deprecation.log
-rw-r-----.  1 opensearch opensearch      0 Aug 28 13:37 opensearch_index_indexing_slowlog.json
-rw-r-----.  1 opensearch opensearch      0 Aug 28 13:37 opensearch_index_indexing_slowlog.log
-rw-r-----.  1 opensearch opensearch      0 Aug 28 13:37 opensearch_index_search_slowlog.json
-rw-r-----.  1 opensearch opensearch      0 Aug 28 13:37 opensearch_index_search_slowlog.log
-rw-r--r--.  1 opensearch opensearch  46201 Aug 29 13:50 opensearch.log
-rw-r--r--.  1 opensearch opensearch  84227 Aug 29 13:50 opensearch_server.json
-rw-r-----.  1 opensearch opensearch      0 Aug 28 13:37 opensearch_task_detailslog.json
-rw-r-----.  1 opensearch opensearch      0 Aug 28 13:37 opensearch_task_detailslog.log

[root@redhat-7 ~]# yum info opensearch
Loaded plugins: product-id, search-disabled-repos
Installed Packages
Name        : opensearch
Arch        : x86_64
Version     : 2.9.0
Release     : 1
Size        : 993 M
Repo        : installed
From repo   : /opensearch-2.9.0-linux-x64
Summary     : An open source distributed and RESTful search engine
URL         : https://opensearch.org/
License     : Apache-2.0
Description : OpenSearch makes it easy to ingest, search, visualize, and analyze your data
            : For more information, see: https://opensearch.org/

@teddytpc1
Copy link
Member

This issue will be solved with the fork unless we find a solution before.

@Deblintrake09 Deblintrake09 mentioned this issue Aug 28, 2023
Closed
10 tasks
@AlexRuiz7
Copy link
Member

This is an active issue from OpenSearch which we have failed to solve or troubleshoot after weeks. We don't have the capacity in the indexer team to solve inherited bugs like this one yet. I'd rather notify OpenSearch of this bug and encourage them to solve it.

@AlexRuiz7
Copy link
Member

Issue created: opensearch-project/OpenSearch#9609

@rauldpm rauldpm mentioned this issue Aug 29, 2023
Closed
7 tasks
@davidjiglesias davidjiglesias added the qa_known Issues that are already known by the QA team label Aug 29, 2023
@davidjiglesias davidjiglesias mentioned this issue Sep 7, 2023
Closed
10 tasks
@rauldpm rauldpm mentioned this issue Oct 10, 2023
Closed
10 tasks
@davidjiglesias davidjiglesias mentioned this issue Oct 16, 2023
Closed
2 tasks
@davidjiglesias davidjiglesias mentioned this issue Nov 3, 2023
Closed
2 tasks
@davidjiglesias davidjiglesias mentioned this issue Nov 13, 2023
Closed
2 tasks
@davidjiglesias davidjiglesias mentioned this issue Nov 28, 2023
Closed
2 tasks
@davidjiglesias davidjiglesias mentioned this issue Dec 11, 2023
Closed
2 tasks
@rauldpm rauldpm mentioned this issue Dec 13, 2023
Closed
@vcerenu vcerenu mentioned this issue Dec 28, 2023
Closed
8 tasks
@AlexRuiz7 AlexRuiz7 removed their assignment Jan 8, 2024
@davidjiglesias davidjiglesias mentioned this issue Jan 11, 2024
Closed
2 tasks
@AlexRuiz7 AlexRuiz7 mentioned this issue Jan 29, 2024
Closed
2 tasks
@davidjiglesias davidjiglesias mentioned this issue Feb 6, 2024
Closed
2 tasks
@AlexRuiz7
Copy link
Member

AlexRuiz7 commented Feb 19, 2024
edited

OpenSearch's team replies they are unable to reproduce the problem. We provided more information and are waiting for a response.

opensearch-project/OpenSearch#9609 (comment)

@davidjiglesias davidjiglesias mentioned this issue Feb 26, 2024
Closed
2 tasks
@davidjiglesias davidjiglesias mentioned this issue Mar 12, 2024
Closed
2 tasks
@davidjiglesias davidjiglesias mentioned this issue Apr 8, 2024
Closed
2 tasks
@AlexRuiz7 AlexRuiz7 mentioned this issue Apr 10, 2024
Closed
2 tasks
@AlexRuiz7
Copy link
Member

AlexRuiz7 commented Apr 11, 2024
edited

I applied the fix proposed in https://forum.opensearch.org/t/systemd-entrypoint-defaultdispatcher-worker-error-could-not-define-attribute-view-on-path-var-log-opensearch-opensearch-server-json/15514/3, and the errors are not showing anymore. The wazuh-indexer service is up and running fine.

The fix consists on adding the code below to /etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy.

grant {
  permission java.lang.RuntimePermission "accessUserInformation";
};

[root@rhel7 vagrant]# journalctl --no-pager  -xeu wazuh-indexer
-- Logs begin at Thu 2024-04-11 11:00:16 UTC, end at Thu 2024-04-11 11:01:01 UTC. --
Apr 11 11:00:25 rhel7.localdomain systemd[1]: Starting Wazuh-indexer...
-- Subject: Unit wazuh-indexer.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has begun starting up.
Apr 11 11:00:27 rhel7.localdomain systemd-entrypoint[1015]: WARNING: A terminally deprecated method in java.lang.System has been called
Apr 11 11:00:27 rhel7.localdomain systemd-entrypoint[1015]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Apr 11 11:00:27 rhel7.localdomain systemd-entrypoint[1015]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Apr 11 11:00:27 rhel7.localdomain systemd-entrypoint[1015]: WARNING: System::setSecurityManager will be removed in a future release
Apr 11 11:00:28 rhel7.localdomain systemd-entrypoint[1015]: WARNING: A terminally deprecated method in java.lang.System has been called
Apr 11 11:00:28 rhel7.localdomain systemd-entrypoint[1015]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.10.0.jar)
Apr 11 11:00:28 rhel7.localdomain systemd-entrypoint[1015]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Apr 11 11:00:28 rhel7.localdomain systemd-entrypoint[1015]: WARNING: System::setSecurityManager will be removed in a future release
Apr 11 11:00:36 rhel7.localdomain systemd[1]: Started Wazuh-indexer.
-- Subject: Unit wazuh-indexer.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit wazuh-indexer.service has finished starting up.
-- 
-- The start-up result is done.

We'll keep revisiting this until we are completely sure that the error doesn't happen again.

@AlexRuiz7
Copy link
Member

Update 2024.04.12

Error didn't happen again.

Last login: Thu Apr 11 11:00:51 2024 from 192.168.121.1
[vagrant@rhel7 ~]$ sudo su
[root@rhel7 vagrant]# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2024-04-12 10:47:49 UTC; 2min 48s ago
     Docs: https://documentation.wazuh.com
 Main PID: 1020 (java)
   CGroup: /system.slice/wazuh-indexer.service
           └─1020 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+Al...

Apr 12 10:47:38 rhel7.localdomain systemd[1]: Starting Wazuh-indexer...
Apr 12 10:47:40 rhel7.localdomain systemd-entrypoint[1020]: WARNING: A terminally deprecated method in java.lang.System has been called
Apr 12 10:47:40 rhel7.localdomain systemd-entrypoint[1020]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/u...0.0.jar)
Apr 12 10:47:40 rhel7.localdomain systemd-entrypoint[1020]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Apr 12 10:47:40 rhel7.localdomain systemd-entrypoint[1020]: WARNING: System::setSecurityManager will be removed in a future release
Apr 12 10:47:41 rhel7.localdomain systemd-entrypoint[1020]: WARNING: A terminally deprecated method in java.lang.System has been called
Apr 12 10:47:41 rhel7.localdomain systemd-entrypoint[1020]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr...0.0.jar)
Apr 12 10:47:41 rhel7.localdomain systemd-entrypoint[1020]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Apr 12 10:47:41 rhel7.localdomain systemd-entrypoint[1020]: WARNING: System::setSecurityManager will be removed in a future release
Apr 12 10:47:49 rhel7.localdomain systemd[1]: Started Wazuh-indexer.
Hint: Some lines were ellipsized, use -l to show in full.

@AlexRuiz7
Copy link
Member

Update 2024.04.15

No errors.

[root@rhel7 vagrant]# systemctl status wazuh-indexer
● wazuh-indexer.service - Wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2024-04-15 10:21:49 UTC; 17s ago
     Docs: https://documentation.wazuh.com
 Main PID: 1014 (java)
   CGroup: /system.slice/wazuh-indexer.service
           └─1014 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -...

Apr 15 10:21:38 rhel7.localdomain systemd[1]: Starting Wazuh-indexer...
Apr 15 10:21:39 rhel7.localdomain systemd-entrypoint[1014]: WARNING: A terminally deprecated method in java.lang.System has been called
Apr 15 10:21:39 rhel7.localdomain systemd-entrypoint[1014]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-ind...2.10.0.jar)
Apr 15 10:21:39 rhel7.localdomain systemd-entrypoint[1014]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Apr 15 10:21:39 rhel7.localdomain systemd-entrypoint[1014]: WARNING: System::setSecurityManager will be removed in a future release
Apr 15 10:21:40 rhel7.localdomain systemd-entrypoint[1014]: WARNING: A terminally deprecated method in java.lang.System has been called
Apr 15 10:21:40 rhel7.localdomain systemd-entrypoint[1014]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-index...2.10.0.jar)
Apr 15 10:21:40 rhel7.localdomain systemd-entrypoint[1014]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Apr 15 10:21:40 rhel7.localdomain systemd-entrypoint[1014]: WARNING: System::setSecurityManager will be removed in a future release
Apr 15 10:21:49 rhel7.localdomain systemd[1]: Started Wazuh-indexer.

@AlexRuiz7 AlexRuiz7 mentioned this issue Apr 15, 2024
Closed
@AlexRuiz7 AlexRuiz7 self-assigned this Apr 15, 2024
@AlexRuiz7
Copy link
Member

Closed in favor of wazuh/wazuh-indexer#205.

@davidjiglesias davidjiglesias mentioned this issue Apr 22, 2024
Closed
2 tasks
@davidjiglesias davidjiglesias mentioned this issue May 3, 2024
Closed
2 tasks
@davidjiglesias davidjiglesias mentioned this issue May 14, 2024
Closed
2 tasks
@damarisg damarisg mentioned this issue May 23, 2024
Closed
2 tasks
@davidjiglesias davidjiglesias mentioned this issue May 28, 2024
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AlexRuiz7 AlexRuiz7

Labels
component: indexer level/task Subtask issue qa_known Issues that are already known by the QA team to-be-solved-in-fork type/bug Bug issue
Projects
Release 4.9.0
Status: Done
Milestone
No milestone
7 participants
@gdiazlo @vikman90 @rauldpm @AlexRuiz7 @teddytpc1 @davidjiglesias @c-bordon