Review the behavior of the Wazuh dashboard logs with init.d

Open c-bordon opened this issue 3 years ago • 4 comments

Description

Unexpected behavior was detected in the RPM package when manipulating the service with init.d

By default, Wazuh dashboard logs are thrown to str.out, what happens when you start the service with init.d is that the logs are constantly thrown to the console:

[root@centos7-1 ~]# service wazuh-dashboard start
wazuh-dashboard started
[root@centos7-1 ~]#   log   [16:20:24.797] [info][plugins-service] Plugin "visTypeXy" is disabled.
  log   [16:20:24.940] [info][plugins-system] Setting up [42] plugins: [alertingDashboards,usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,console,apmOss,management,indexPatternManagement,advancedSettings,savedObjects,reportsDashboards,securityDashboards,indexManagementDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,timeline,visTypeTable,visTypeMarkdown,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,charts,visTypeVislib,visTypeTagcloud,visTypeTimeseries,visTypeMetric,discover,wazuh,savedObjectsManagement,bfetch]
  log   [16:20:25.201] [info][savedobjects-service] Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations...
  log   [16:20:25.291] [error][data][opensearch] [ResponseError]: Response Error
  log   [16:20:25.297] [error][savedobjects-service] Unable to retrieve version information from OpenSearch nodes.
  log   [16:20:28.061] [info][savedobjects-service] Starting saved objects migrations
  log   [16:20:28.154] [info][plugins-system] Starting [42] plugins: [alertingDashboards,usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,console,apmOss,management,indexPatternManagement,advancedSettings,savedObjects,reportsDashboards,securityDashboards,indexManagementDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,timeline,visTypeTable,visTypeMarkdown,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,charts,visTypeVislib,visTypeTagcloud,visTypeTimeseries,visTypeMetric,discover,wazuh,savedObjectsManagement,bfetch]
  log   [16:20:28.378] [info][listening] Server running at https://0.0.0.0:443
  log   [16:20:28.472] [info][server][OpenSearchDashboards][http] http server running at https://0.0.0.0:443

[root@centos7-1 ~]#   log   [15:47:02.745] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:05.260] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:07.776] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:10.318] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:12.836] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:15.334] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:17.847] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:20.335] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:22.863] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:25.353] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:27.885] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:30.375] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:32.894] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:35.392] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:37.916] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:40.455] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:42.959] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:45.470] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:47.966] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:50.478] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:52.984] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:55.482] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:47:58.011] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:48:00.516] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:48:03.016] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:48:05.525] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:48:08.016] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:48:10.544] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:48:13.056] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:48:15.566] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200
  log   [15:48:18.070] [error][data][opensearch] [ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200

An issue in Red Hat 9 with init.d and Wazuh indexer:

[root@redhat-9 ~]# service wazuh-indexer start
Starting wazuh-indexer: /bin/systemctl
/etc/init.d/wazuh-indexer: line 89: daemon: command not found

Tasks

Wazuh dashboard

[x] Investigate how OpenSearch dashboard 2.3.0 handles startup via different methods (service, systemctl)
[x] Apply the necessary changes so that the output of the service is not shown on the terminal when performing an action with systemctl/service
[x] Validate changes

Wazuh indexer

[x] Review service startup behavior with init.d for Wazuh indexer on Red Hat 9
[x] Investigate why the daemon command is not present on this system
[x] Find an alternative that is functional on all RPM systems
[x] Validate changes

Validation

Wazuh dashboard

[x] The Wazuh dashboard package builds successfully
[x] The Wazuh dashboard package is installed correctly
[x] The wazuh-dashboard service starts/stop/restart successfully
- [x] systemctl
- [x] service
- [x] systemctl and service
[x] The Wazuh dashboard output is not displayed by the terminal.

Wazuh indexer

[x] The Wazuh indexer package builds successfully
[x] The Wazuh indexer package is installed correctly
[x] The wazuh-indexer service starts/stop/restart successfully on Red Hat 9

Oct 11 '22 17:10 c-bordon

Update report - Wazuh dashboard

A call has been made with @c-bordon to analyze the issue, after analysis, the issue has been edited to incorporate new tasks and validations.
Investigated Wazuh server package behavior for the 4.4.0 version
When using the service command, it was automatically redirected to systemctl.

[root@redhat9 vagrant]# service wazuh-manager stop
Redirecting to /bin/systemctl stop wazuh-manager.service

This behavior differs from the Wazuh dashboard package, in Red Hat 9, it indicates that the service has started and immediately shows output by the terminal, however, in Red Hat 7, the service is started via systemctl and no log output is observed.

[root@redhat9 vagrant]# service wazuh-dashboard start
wazuh-dashboard started
[root@redhat9 vagrant]#   log   [19:03:01.643] [info][plugins-service] Plugin "visTypeXy" is disabled.

[root@redhat7 vagrant]# service wazuh-dashboard start
Starting wazuh-dashboard (via systemctl):                  [  OK  ]

In Red Hat 9 there is a change regarding init.d, for the Red Hat system if statement that is incorporated into the Wazuh dashboard base package, a reference is made to the /etc/rc.d/init.d/functions script, this script exists in Red Hat 7 and 8 but not in Red Hat 9.

https://github.com/wazuh/wazuh-packages/blob/da21a806dc8667626cfc52a8b76a8e570dd84eea/stack/dashboard/base/files/etc/services/wazuh-dashboard#L10

[root@redhat9 vagrant]# ls -l /etc/rc.d/init.d/functions
ls: cannot access '/etc/rc.d/init.d/functions': No such file or directory

[root@redhat8 vagrant]# ls -l /etc/rc.d/init.d/functions 
-rw-r--r--. 1 root root 18434 Feb 15  2021 /etc/rc.d/init.d/functions

[root@redhat7 vagrant]# ls -l /etc/rc.d/init.d/functions 
-rw-r--r--. 1 root root 18281 May 22  2020 /etc/rc.d/init.d/functions

Installing OpenSearch Dashboard on Red Hat 7 and Red Hat 9

https://opensearch.org/docs/2.3/dashboards/install/rpm/

Red Hat 9 install test

[root@redhat9 vagrant]# wget https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/2.3.0/opensearch-dashboards-2.3.0-linux-x64.rpm
--2022-10-17 19:32:49--  https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/2.3.0/opensearch-dashboards-2.3.0-linux-x64.rpm
Resolving artifacts.opensearch.org (artifacts.opensearch.org)... 18.67.240.6, 18.67.240.49, 18.67.240.45, ...
Connecting to artifacts.opensearch.org (artifacts.opensearch.org)|18.67.240.6|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 197339708 (188M) [application/octet-stream]
Saving to: ‘opensearch-dashboards-2.3.0-linux-x64.rpm’

opensearch-dashboards-2.3 100%[=====================================>] 188.20M  78.6MB/s    in 2.4s    

2022-10-17 19:32:51 (78.6 MB/s) - ‘opensearch-dashboards-2.3.0-linux-x64.rpm’ saved [197339708/197339708]

[root@redhat9 vagrant]# yum localinstall opensearch-dashboards-2.3.0-linux-x64.rpm -y
Updating Subscription Management repositories.

This system is registered with an entitlement server, but is not receiving updates. You can use subscription-manager to assign subscriptions.

Last metadata expiration check: 1:50:39 ago on Mon 17 Oct 2022 05:42:40 PM UTC.
Dependencies resolved.
========================================================================================================
 Package                          Architecture      Version               Repository               Size
========================================================================================================
Installing:
 opensearch-dashboards            x86_64            2.3.0-1               @commandline            188 M

Transaction Summary
========================================================================================================
Install  1 Package

Total size: 188 M
Installed size: 782 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                1/1 
  Running scriptlet: opensearch-dashboards-2.3.0-1.x86_64                                           1/1 
  Installing       : opensearch-dashboards-2.3.0-1.x86_64                                           1/1 
  Running scriptlet: opensearch-dashboards-2.3.0-1.x86_64                                           1/1 
/usr/lib/tmpfiles.d/opensearch-dashboards.conf:1: Line references path below legacy directory /var/run/, updating /var/run/opensearch-dashboards → /run/opensearch-dashboards; please update the tmpfiles.d/ drop-in file accordingly.
### NOT starting on installation, please execute the following statements to configure opensearch service to start automatically using systemd
 sudo systemctl daemon-reload
 sudo systemctl enable opensearch-dashboards.service
### You can start opensearch-dashboards service by executing
 sudo systemctl start opensearch-dashboards.service

/usr/lib/tmpfiles.d/opensearch-dashboards.conf:1: Line references path below legacy directory /var/run/, updating /var/run/opensearch-dashboards → /run/opensearch-dashboards; please update the tmpfiles.d/ drop-in file accordingly.
/usr/lib/tmpfiles.d/opensearch.conf:1: Line references path below legacy directory /var/run/, updating /var/run/opensearch → /run/opensearch; please update the tmpfiles.d/ drop-in file accordingly.

  Verifying        : opensearch-dashboards-2.3.0-1.x86_64                                           1/1 
Installed products updated.

Installed:
  opensearch-dashboards-2.3.0-1.x86_64                                                                  

Complete!
[root@redhat9 vagrant]# systemctl status opensearch-dashboards
○ opensearch-dashboards.service - "OpenSearch Dashboards"
     Loaded: loaded (/usr/lib/systemd/system/opensearch-dashboards.service; disabled; vendor preset: di>
     Active: inactive (dead)
[root@redhat9 vagrant]# service opensearch-dashboards status
env: ‘/etc/init.d/opensearch-dashboards’: Permission denied
[root@redhat9 vagrant]# service opensearch-dashboards start
env: ‘/etc/init.d/opensearch-dashboards’: Permission denied
[root@redhat9 vagrant]# ls -l /etc/init.d/opensearch-dashboards 
-rw-r--r--. 1 root root 4174 Sep  9 00:05 /etc/init.d/opensearch-dashboards
[root@redhat9 vagrant]# systemctl start opensearch-dashboards.service 
[root@redhat9 vagrant]# systemctl status opensearch-dashboards.service 
● opensearch-dashboards.service - "OpenSearch Dashboards"
     Loaded: loaded (/usr/lib/systemd/system/opensearch-dashboards.service; disabled; vendor preset: disabled)
     Active: active (running) since Mon 2022-10-17 19:38:48 UTC; 1s ago
   Main PID: 1894 (node)
      Tasks: 11 (limit: 23585)
     Memory: 118.6M
        CPU: 1.988s
     CGroup: /system.slice/opensearch-dashboards.service
             └─1894 /usr/share/opensearch-dashboards/bin/../node/bin/node /usr/share/opensearch-dashboards/bin/../src/cli/dist

Oct 17 19:38:48 redhat9 systemd[1]: Started "OpenSearch Dashboards".
[root@redhat9 ~]$ service opensearch-dashboards status
env: ‘/etc/init.d/opensearch-dashboards’: Permission denied
[root@redhat9 ~]$ service opensearch-dashboards start
env: ‘/etc/init.d/opensearch-dashboards’: Permission denied
[root@redhat9 vagrant]# systemctl status opensearch-dashboards.service 
● opensearch-dashboards.service - "OpenSearch Dashboards"
     Loaded: loaded (/usr/lib/systemd/system/opensearch-dashboards.service; disabled; vendor preset: disabled)
     Active: active (running) since Mon 2022-10-17 19:49:48 UTC; 6s ago
   Main PID: 2190 (node)
      Tasks: 11 (limit: 23585)
     Memory: 150.3M
        CPU: 3.307s
     CGroup: /system.slice/opensearch-dashboards.service
             └─2190 /usr/share/opensearch-dashboards/bin/../node/bin/node /usr/share/opensearch-dashboards/bin/../src/cli/dist

Red Hat 7 install test

[root@redhat7 vagrant]# wget https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/2.3.0/opensearch-dashboards-2.3.0-linux-x64.rpm
--2022-10-17 19:33:01--  https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/2.3.0/opensearch-dashboards-2.3.0-linux-x64.rpm
Resolving artifacts.opensearch.org (artifacts.opensearch.org)... 18.67.240.45, 18.67.240.49, 18.67.240.13, ...
Connecting to artifacts.opensearch.org (artifacts.opensearch.org)|18.67.240.45|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 197339708 (188M) [application/octet-stream]
Saving to: ‘opensearch-dashboards-2.3.0-linux-x64.rpm’

100%[==============================================================>] 197,339,708 87.1MB/s   in 2.2s   

2022-10-17 19:33:03 (87.1 MB/s) - ‘opensearch-dashboards-2.3.0-linux-x64.rpm’ saved [197339708/197339708]

[root@redhat7 vagrant]# yum localinstall opensearch-dashboards-2.3.0-linux-x64.rpm -y
Loaded plugins: product-id, search-disabled-repos
Examining opensearch-dashboards-2.3.0-linux-x64.rpm: opensearch-dashboards-2.3.0-1.x86_64
Marking opensearch-dashboards-2.3.0-linux-x64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package opensearch-dashboards.x86_64 0:2.3.0-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================
 Package                    Arch        Version       Repository                                   Size
========================================================================================================
Installing:
 opensearch-dashboards      x86_64      2.3.0-1       /opensearch-dashboards-2.3.0-linux-x64      782 M

Transaction Summary
========================================================================================================
Install  1 Package

Total size: 782 M
Installed size: 782 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
  Installing : opensearch-dashboards-2.3.0-1.x86_64                                                 1/1 
### NOT starting on installation, please execute the following statements to configure opensearch service to start automatically using systemd
 sudo systemctl daemon-reload
 sudo systemctl enable opensearch-dashboards.service
### You can start opensearch-dashboards service by executing
 sudo systemctl start opensearch-dashboards.service
  Verifying  : opensearch-dashboards-2.3.0-1.x86_64                                                 1/1 

Installed:
  opensearch-dashboards.x86_64 0:2.3.0-1                                                                

Complete!
[root@redhat7 vagrant]# systemctl status opensearch-dashboards
● opensearch-dashboards.service - "OpenSearch Dashboards"
   Loaded: loaded (/usr/lib/systemd/system/opensearch-dashboards.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
[root@redhat7 vagrant]# service opensearch-dashboards status
env: /etc/init.d/opensearch-dashboards: Permission denied
[root@redhat7 vagrant]# systemctl start opensearch-dashboards.service 
[root@redhat7 vagrant]# systemctl status opensearch-dashboards.service 
● opensearch-dashboards.service - "OpenSearch Dashboards"
   Loaded: loaded (/usr/lib/systemd/system/opensearch-dashboards.service; disabled; vendor preset: disabled)
   Active: active (running) since Mon 2022-10-17 19:51:12 UTC; 5s ago
 Main PID: 3946 (node)
   CGroup: /system.slice/opensearch-dashboards.service
           └─3946 /usr/share/opensearch-dashboards/bin/../node/bin/node /usr/share/opensearch-dashboards/bin/../src/cli/dist

Oct 17 19:51:12 redhat7 systemd[1]: Started "OpenSearch Dashboards".
Oct 17 19:51:15 redhat7 opensearch-dashboards[3946]: {"type":"log","@timestamp":"2022-10-17T19:51:15Z","tags":["info","plugins-service"],"pid":3946,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 17 19:51:15 redhat7 opensearch-dashboards[3946]: {"type":"log","@timestamp":"2022-10-17T19:51:15Z","tags":["info","plugins-service"],"pid":3946,"message":"Plugin \"wizard\" is disabled."}
Oct 17 19:51:15 redhat7 opensearch-dashboards[3946]: {"type":"log","@timestamp":"2022-10-17T19:51:15Z","tags":["warning","config","deprecation"],"pid":3946,"message":"\"opensearch.requestHeadersW...Allowlist\""}
Oct 17 19:51:15 redhat7 opensearch-dashboards[3946]: {"type":"log","@timestamp":"2022-10-17T19:51:15Z","tags":["info","plugins-system"],"pid":3946,"message":"Setting up [46] plugins: [alertingDas...beddable,expr
Oct 17 19:51:15 redhat7 opensearch-dashboards[3946]: {"type":"log","@timestamp":"2022-10-17T19:51:15Z","tags":["info","savedobjects-service"],"pid":3946,"message":"Waiting until all OpenSearch no...grations..."}
Oct 17 19:51:15 redhat7 opensearch-dashboards[3946]: {"type":"log","@timestamp":"2022-10-17T19:51:15Z","tags":["error","opensearch","data"],"pid":3946,"message":"[ConnectionError]: connect ECONNR....0.0.1:9200"}
Oct 17 19:51:15 redhat7 opensearch-dashboards[3946]: {"type":"log","@timestamp":"2022-10-17T19:51:15Z","tags":["error","savedobjects-service"],"pid":3946,"message":"Unable to retrieve version inf...arch nodes."}
Oct 17 19:51:18 redhat7 opensearch-dashboards[3946]: {"type":"log","@timestamp":"2022-10-17T19:51:18Z","tags":["error","opensearch","data"],"pid":3946,"message":"[ConnectionError]: connect ECONNR....0.0.1:9200"}
Hint: Some lines were ellipsized, use -l to show in full.
[root@redhat7 vagrant]# service opensearch-dashboards status
env: /etc/init.d/opensearch-dashboards: Permission denied
[root@redhat7 vagrant]# service opensearch-dashboards stop
env: /etc/init.d/opensearch-dashboards: Permission denied
[root@redhat7 vagrant]# ls -l /etc/init.d/opensearch-dashboards 
-rw-r--r--. 1 root root 4174 Sep  9 00:05 /etc/init.d/opensearch-dashboards

After granting execute permissions to /etc/init.d/opensearch-dashboards file, it is possible to start the opensearch-dashboards service without the logs being displayed by the terminal.

[root@redhat9 vagrant]# chmod +x /etc/init.d/opensearch-dashboards 
[root@redhat9 vagrant]# /etc/init.d/opensearch-dashboards status
opensearch-dashboards is not running
[root@redhat9 vagrant]# service opensearch-dashboards status
opensearch-dashboards is not running
[root@redhat9 vagrant]# service opensearch-dashboards start
opensearch-dashboards started
[root@redhat9 vagrant]#

In Red Hat 7 the same result is obtained, only that the service command indicates that it has been done via systemctl

[root@redhat7 vagrant]# chmod +x /etc/init.d/opensearch-dashboards 
[root@redhat7 vagrant]# service opensearch-dashboards status
opensearch-dashboards is not running
[root@redhat7 vagrant]# service opensearch-dashboards start
Starting opensearch-dashboards (via systemctl):            [  OK  ]
[root@redhat7 vagrant]#

This is because, in Red Hat 7, the functions script says so.

[root@redhat7 vagrant]# grep "via" /etc/rc.d/init.d/functions 
        s=$"Starting $prog (via systemctl): "
        s=$"Stopping $prog (via systemctl): "
        s=$"Reloading $prog configuration (via systemctl): "
        s=$"Restarting $prog (via systemctl):

The reported error also occurs on CentOS 9 Stream.
The error could be reproduced by commenting the line https://github.com/wazuh/wazuh-packages/blob/da21a806dc8667626cfc52a8b76a8e570dd84eea/stack/dashboard/base/files/etc/services/wazuh-dashboard#L10

Oct 17 '22 17:10 rauldpm

Update report - Wazuh dashboard

Analyzing the OpenSearch Dashboard source code, it has been found that the service redirects the output to /var/log/opensearch-dashboards/opensearch-dashboards.std[err|out]

https://github.com/opensearch-project/OpenSearch-Dashboards/blob/caf668e73304bac890f41c37cd6c3a41257cd289/src/dev/build/tasks/os_packages/service_templates/sysv/etc/init.d/opensearch-dashboards#L70

chroot --userspec "$user":"$group" "$chroot" sh -c "
cd \"$chdir\"
exec \"$program\"
" >> /var/log/opensearch-dashboards/opensearch-dashboards.stdout 2>> /var/log/opensearch-dashboards/opensearch-dashboards.stderr &

The Wazuh dashboard service, on the other hand, does not redirect any log:

https://github.com/wazuh/wazuh-packages/blob/6f91723e8ee42d6f4698ea84e3a3f276008cf29b/stack/dashboard/base/files/etc/services/wazuh-dashboard#L60

args=-c\\\ /etc/wazuh-dashboard/opensearch_dashboards.yml
...
chroot --userspec "$user":"$group" "$chroot" sh -c "cd \"$chdir\";exec \"$program\" $args" &

By adding the redirection in the Wazuh dashboard service, the reported error has stopped showing and can be consulted in the indicated log file.

The reported error has been reproduced in a Wazuh dashboard package using the OVA v4.3.9 since no log redirection has been done in any version of the Wazuh dashboard package.

[root@wazuh-server wazuh-user]# cat /usr/share/wazuh-dashboard/VERSION 
4.3.9
[root@wazuh-server wazuh-user]# service wazuh-dashboard start
wazuh-dashboard started
[root@wazuh-server wazuh-user]#   log   [17:15:25.416] [info][plugins-service] Plugin "visTypeXy" is disabled.

[root@wazuh-server wazuh-user]#   log   [17:15:25.566] [info][plugins-system] Setting up [42] plugins: [alertingDashboards,usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,console,apmOss,management,indexPatternManagement,advancedSettings,savedObjects,securityDashboards,reportsDashboards,indexManagementDashboards,dashboard,visualizations,visTypeTable,visTypeVega,visTypeTimeline,timeline,visTypeMarkdown,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,bfetch,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,wazuh,savedObjectsManagement]

[root@wazuh-server wazuh-user]#   log   [17:15:25.786] [info][savedobjects-service] Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations...
  log   [17:15:25.821] [info][savedobjects-service] Starting saved objects migrations
  log   [17:15:25.869] [info][plugins-system] Starting [42] plugins: [alertingDashboards,usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,console,apmOss,management,indexPatternManagement,advancedSettings,savedObjects,securityDashboards,reportsDashboards,indexManagementDashboards,dashboard,visualizations,visTypeTable,visTypeVega,visTypeTimeline,timeline,visTypeMarkdown,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,bfetch,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,wazuh,savedObjectsManagement]
  log   [17:15:26.088] [info][listening] Server running at https://0.0.0.0:443
  log   [17:15:26.175] [info][server][OpenSearchDashboards][http] http server running at https://0.0.0.0:443

Different behavior was found in Red Hat 9 and Red Hat 7 for the same OpenSearch Dashboard package, in Red Hat 9, when starting the opensearch-dashboards service, logs were written to /var/log/opensearch-dashboards, however, in Red Hat 7, this behavior has not been reproduced despite using the same service code (where log redirection is specified)

Regarding the message displayed by Wazuh server when starting the service using the service command, the definition has been found in the /sbin/service file

[root@redhat9 vagrant]# grep "Redirecting" /sbin/service 
    echo $"Redirecting to /bin/systemctl ${ACTION} ${SERVICE_MANGLED}${OPTIONS:+ }${OPTIONS}" >&2

In this file, the following conditional is accessed when the wazuh-manager service is started:

elif [[ $ACTION =~ ^(start|stop|restart|try-restart|reload|reload-or-restart|try-reload-or-restart|force-reload|status|condrestart)$ ]]; then
    SERVICE_MANGLED=$(/usr/bin/systemd-escape --mangle "${SERVICE}")
    echo $"Redirecting to /bin/systemctl ${ACTION} ${SERVICE_MANGLED}${OPTIONS:+ }${OPTIONS}" >&2
    exec /bin/systemctl "${ACTION}" "${SERVICE_MANGLED}" ${OPTIONS}

Instead, for the opensearch-dashboards and wazuh-dashboard service, the first conditional is accessed:

if [ -f "${SERVICEDIR}/${SERVICE}" ]; then
    # LSB daemons that dies abnormally in systemd looks alive in systemd's eyes due to RemainAfterExit=yes
    # lets reap them before next start
    if [ "${ACTION}" = 'start' ] && \
            [ "$(systemctl show -p ActiveState "${SERVICE}".service --value)" = 'active' ] && \
            [ "$(systemctl show -p SubState "${SERVICE}".service --value)" = 'exited' ]; then
        /bin/systemctl stop "${SERVICE}".service
    fi

    # Workaround to be able to "stop" network.service when it's in inactive state using service instead of systemctl
    # Useful for manual testing of network 
    if [ "${SERVICE}" = 'network' ] && [ "${ACTION}" = 'stop' ] && \
            [ "$(systemctl show -p ActiveState network.service --value)" = 'inactive' ] && \
            [ "$(systemctl show -p SourcePath network.service --value)" = '/etc/rc.d/init.d/network' ]; then
        export SYSTEMCTL_SKIP_REDIRECT=1
    fi

    env -i PATH="$PATH" TERM="$TERM" SYSTEMCTL_IGNORE_DEPENDENCIES="${SYSTEMCTL_IGNORE_DEPENDENCIES}" SYSTEMCTL_SKIP_REDIRECT="${SYSTEMCTL_SKIP_REDIRECT}" "${SERVICEDIR}/${SERVICE}" "${ACTION}" ${OPTIONS}

This is because the "${SERVICEDIR}/${SERVICE}" conditional gets the following values:

OpenSearch Dashboards: /etc/init.d/opensearch-dashboards
Wazuh server: /etc/init.d/wazuh-manager
Wazuh dashboard: /etc/init.d/wazuh-dashboard

[root@redhat9 vagrant]# ls -l /etc/init.d/wazuh-manager
ls: cannot access '/etc/init.d/wazuh-manager': No such file or directory
[root@redhat9 vagrant]# ls -l /etc/init.d/opensearch-dashboards
-rwxr-xr-x. 1 root root 4179 Oct 18 17:47 /etc/init.d/opensearch-dashboards
[root@redhat9 vagrant]# ls -l /etc/init.d/wazuh-dashboard
-rwxr-x---. 1 wazuh-dashboard wazuh-dashboard 3682 Oct 17 17:26 /etc/init.d/wazuh-dashboard

After performing some tests, if the /etc/init.d/wazuh-dashboard service is renamed, when starting the service using the service command, a redirection to systemctl is made (third if), fixing the reported error.

Thus, the following solutions are proposed:

[ ] Redirect logs, just like OpenSearch Dashboards do.
- This solution would fulfill the requirement to keep the package as faithful as possible to the original code
- The main problem lies in the logs rotation, OpenSearch Dashboard does not manage log redirection natively, so the entire log would be stored in a single file
[ ] Do not redirect logs (keep current package)
- Since the problem has been reproduced in the OpenSearch Dashboard package by not redirecting the logs, we could say that it is an inherited problem due to poor log and service management
[x] Force the use of systemctl every time the service command is used, as is done with the wazuh-manager service (implies removing the service from init.d)

These options should be discussed with the team as they have a major impact on the future of the package.

Update report - Wazuh dashboard

The Amazon Linux 2 system is not affected by the bug reported in CentOS and Red Hat systems.
The proposed fix on removing the service from init.d works, as it natively redirects to systemctl.

A different problem has been found using the service command, when starting the service a message is received that it has started but when checking the status it is reported that it is stopped.

Amazon Linux 2

Install

[root@amazonlinux2 vagrant]# cat /etc/os-release 
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
[root@amazonlinux2 vagrant]# yum localinstall wazuh-dashboard-4.4.0-1.x86_64.rpm -y
Loaded plugins: dkms-build-requires, langpacks,
              : priorities, update-motd
Examining wazuh-dashboard-4.4.0-1.x86_64.rpm: wazuh-dashboard-4.4.0-1.x86_64
Marking wazuh-dashboard-4.4.0-1.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package wazuh-dashboard.x86_64 0:4.4.0-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==================================================
 Package
   Arch   Version
            Repository                       Size
==================================================
Installing:
 wazuh-dashboard
   x86_64 4.4.0-1
            /wazuh-dashboard-4.4.0-1.x86_64 709 M

Transaction Summary
==================================================
Install  1 Package

Total size: 709 M
Installed size: 709 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wazuh-dashboard-4.4.0-1.x86_   1/1 
  Verifying  : wazuh-dashboard-4.4.0-1.x86_   1/1 

Installed:
  wazuh-dashboard.x86_64 0:4.4.0-1                

Complete!

Using the service command without the service file rename (no error reproduced)

[root@amazonlinux2 vagrant]# ls -l /etc/init.d/wazuh-dashboard 
-rwxr-x--- 1 wazuh-dashboard wazuh-dashboard 3682 Oct 17 17:26 /etc/init.d/wazuh-dashboard
[root@amazonlinux2 vagrant]# service wazuh-dashboard start
Starting wazuh-dashboard (via systemctl):                  [  OK  ]
[root@amazonlinux2 vagrant]# service wazuh-dashboard status
wazuh-dashboard is not running
[root@amazonlinux2 vagrant]#

Using the service command with the service file rename

[root@amazonlinux2 vagrant]# mv /etc/init.d/wazuh-dashboard /etc/init.d/wazuh-dashboard.save
[root@amazonlinux2 vagrant]# service wazuh-dashboard start
Redirecting to /bin/systemctl start wazuh-dashboard.service
[root@amazonlinux2 vagrant]# service wazuh-dashboard status
Redirecting to /bin/systemctl status wazuh-dashboard.service
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2022-10-19 12:30:01 UTC; 4min 19s ago
  Process: 5823 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE)
 Main PID: 5823 (code=exited, status=1/FAILURE)

Oct 19 12:29:57 amazonlinux2 systemd[1]: Started wazuh-dashboard.
Oct 19 12:29:57 amazonlinux2 systemd[1]: Starting wazuh-dashboard...
Oct 19 12:30:01 amazonlinux2 opensearch-dashboards[5823]: {"type":"log","@timestamp":"2022-10-19T12:30:01Z","tags":["info","plugins-service"],"pid":5823,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 19 12:30:01 amazonlinux2 opensearch-dashboards[5823]: {"type":"log","@timestamp":"2022-10-19T12:30:01Z","tags":["info","plugins-service"],"pid":5823,"message":"Plugin \"wizard\" is disabled."}
Oct 19 12:30:01 amazonlinux2 opensearch-dashboards[5823]: {"type":"log","@timestamp":"2022-10-19T12:30:01Z","tags":["warning","config","deprecation"],"pid":5823,"message":"\"opensearch.requestHea...Allowlist\""}
Oct 19 12:30:01 amazonlinux2 opensearch-dashboards[5823]: {"type":"log","@timestamp":"2022-10-19T12:30:01Z","tags":["fatal","root"],"pid":5823,"message":"Error: ENOENT: no such file or directory,... (/usr/share/
Oct 19 12:30:01 amazonlinux2 opensearch-dashboards[5823]: FATAL  Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem'
Oct 19 12:30:01 amazonlinux2 systemd[1]: wazuh-dashboard.service: main process exited, code=exited, status=1/FAILURE
Oct 19 12:30:01 amazonlinux2 systemd[1]: Unit wazuh-dashboard.service entered failed state.
Oct 19 12:30:01 amazonlinux2 systemd[1]: wazuh-dashboard.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

Same behavior occurs on Fedora when using the service command.

Fedora 34

[root@fedora34 vagrant]# cat /etc/os-release 
NAME=Fedora
VERSION="34 (Cloud Edition)"
ID=fedora
VERSION_ID=34
VERSION_CODENAME=""
PLATFORM_ID="platform:f34"
PRETTY_NAME="Fedora 34 (Cloud Edition)"
ANSI_COLOR="0;38;2;60;110;180"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:34"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/34/system-administrators-guide/"
SUPPORT_URL="https://fedoraproject.org/wiki/Communicating_and_getting_help"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=34
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=34
PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
VARIANT="Cloud Edition"
VARIANT_ID=cloud
[root@fedora34 vagrant]# yum localinstall wazuh-dashboard-4.4.0-1.x86_64.rpm -y
Fedora 34 openh264 (From Cisco) - x86_64                                1.9 kB/s | 2.5 kB     00:01    
Fedora Modular 34 - x86_64                                              2.1 MB/s | 4.9 MB     00:02    
Fedora Modular 34 - x86_64 - Updates                                    2.9 MB/s | 4.7 MB     00:01    
Fedora 34 - x86_64 - Updates                                            6.8 MB/s |  34 MB     00:05    
Fedora 34 - x86_64                                                      7.4 MB/s |  74 MB     00:09    
Dependencies resolved.
========================================================================================================
 Package                      Architecture        Version               Repository                 Size
========================================================================================================
Installing:
 wazuh-dashboard              x86_64              4.4.0-1               @commandline              172 M

Transaction Summary
========================================================================================================
Install  1 Package

Total size: 172 M
Installed size: 709 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                1/1 
  Running scriptlet: wazuh-dashboard-4.4.0-1.x86_64                                                 1/1 
  Installing       : wazuh-dashboard-4.4.0-1.x86_64                                                 1/1 
  Running scriptlet: wazuh-dashboard-4.4.0-1.x86_64                                                 1/1 
  Verifying        : wazuh-dashboard-4.4.0-1.x86_64                                                 1/1 

Installed:
  wazuh-dashboard-4.4.0-1.x86_64                                                                        

Complete!
[root@fedora34 vagrant]# service wazuh-dashboard start
Starting wazuh-dashboard (via systemctl):                  [  OK  ]
[root@fedora34 vagrant]# service wazuh-dashboard status
wazuh-dashboard is not running
[root@fedora34 vagrant]# systemctl status wazuh-dashboard
× wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled)
     Active: failed (Result: exit-code) since Wed 2022-10-19 13:00:35 UTC; 1min 12s ago
    Process: 3057 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE)
   Main PID: 3057 (code=exited, status=1/FAILURE)
        CPU: 3.302s

Oct 19 13:00:32 fedora34 systemd[1]: Started wazuh-dashboard.
Oct 19 13:00:35 fedora34 opensearch-dashboards[3057]: {"type":"log","@timestamp":"2022-10-19T13:00:35Z","tags":["info","plugins-service"],"pid":3057,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 19 13:00:35 fedora34 opensearch-dashboards[3057]: {"type":"log","@timestamp":"2022-10-19T13:00:35Z","tags":["info","plugins-service"],"pid":3057,"message":"Plugin \"wizard\" is disabled."}
Oct 19 13:00:35 fedora34 opensearch-dashboards[3057]: {"type":"log","@timestamp":"2022-10-19T13:00:35Z","tags":["warning","config","deprecation"],"pid":3057,"message":"\"opensearch.requestHeadersWhitelist\" is >
Oct 19 13:00:35 fedora34 opensearch-dashboards[3057]: {"type":"log","@timestamp":"2022-10-19T13:00:35Z","tags":["fatal","root"],"pid":3057,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-d>
Oct 19 13:00:35 fedora34 opensearch-dashboards[3057]:  FATAL  Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem'
Oct 19 13:00:35 fedora34 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE
Oct 19 13:00:35 fedora34 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'.
Oct 19 13:00:35 fedora34 systemd[1]: wazuh-dashboard.service: Consumed 3.302s CPU time.
[root@fedora34 vagrant]# mv /etc/init.d/wazuh-dashboard /etc/init.d/wazuh-dashboard.save
[root@fedora34 vagrant]# service wazuh-dashboard start
Redirecting to /bin/systemctl start wazuh-dashboard.service
[root@fedora34 vagrant]# service wazuh-dashboard status
Redirecting to /bin/systemctl status wazuh-dashboard.service
× wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled)
     Active: failed (Result: exit-code) since Wed 2022-10-19 13:02:30 UTC; 6s ago
    Process: 3101 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE)
   Main PID: 3101 (code=exited, status=1/FAILURE)
        CPU: 2.905s

Oct 19 13:02:27 fedora34 systemd[1]: Started wazuh-dashboard.
Oct 19 13:02:30 fedora34 opensearch-dashboards[3101]: {"type":"log","@timestamp":"2022-10-19T13:02:30Z","tags":["info","plugins-service"],"pid":3101,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 19 13:02:30 fedora34 opensearch-dashboards[3101]: {"type":"log","@timestamp":"2022-10-19T13:02:30Z","tags":["info","plugins-service"],"pid":3101,"message":"Plugin \"wizard\" is disabled."}
Oct 19 13:02:30 fedora34 opensearch-dashboards[3101]: {"type":"log","@timestamp":"2022-10-19T13:02:30Z","tags":["warning","config","deprecation"],"pid":3101,"message":"\"opensearch.requestHeadersWhitelist\" is >
Oct 19 13:02:30 fedora34 opensearch-dashboards[3101]: {"type":"log","@timestamp":"2022-10-19T13:02:30Z","tags":["fatal","root"],"pid":3101,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-d>
Oct 19 13:02:30 fedora34 opensearch-dashboards[3101]:  FATAL  Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem'
Oct 19 13:02:30 fedora34 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE
Oct 19 13:02:30 fedora34 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'.
Oct 19 13:02:30 fedora34 systemd[1]: wazuh-dashboard.service: Consumed 2.905s CPU time.

In Fedora 36 the same reported behavior is observed as in Red Hat 9 and CentOS 9 Stream systems, when starting the service using the service command the log is shown by terminal.

When renaming the service, the proposed fix corrects the problem by redirecting it to systemctl.

Fedora 36

[root@fedora36 vagrant]# cat /etc/os-release 
NAME="Fedora Linux"
VERSION="36 (Thirty Six)"
ID=fedora
VERSION_ID=36
VERSION_CODENAME=""
PLATFORM_ID="platform:f36"
PRETTY_NAME="Fedora Linux 36 (Thirty Six)"
ANSI_COLOR="0;38;2;60;110;180"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:36"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f36/system-administrators-guide/"
SUPPORT_URL="https://ask.fedoraproject.org/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=36
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=36
PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
[root@fedora36 vagrant]# yum localinstall wazuh-dashboard-4.4.0-1.x86_64.rpm -y
Fedora 36 - x86_64                                                       32 kB/s |  20 kB     00:00    
Fedora 36 openh264 (From Cisco) - x86_64                                1.9 kB/s | 989  B     00:00    
Fedora 36 openh264 (From Cisco) - x86_64                                2.1 kB/s | 2.5 kB     00:01    
Fedora Modular 36 - x86_64                                               38 kB/s |  20 kB     00:00    
Fedora 36 - x86_64 - Updates                                             72 kB/s |  18 kB     00:00    
Fedora 36 - x86_64 - Updates                                            9.1 MB/s |  25 MB     00:02    
Fedora Modular 36 - x86_64 - Updates                                     36 kB/s |  18 kB     00:00    
Fedora Modular 36 - x86_64 - Updates                                    1.4 MB/s | 1.8 MB     00:01    
Dependencies resolved.
========================================================================================================
 Package                      Architecture        Version               Repository                 Size
========================================================================================================
Installing:
 wazuh-dashboard              x86_64              4.4.0-1               @commandline              172 M

Transaction Summary
========================================================================================================
Install  1 Package

Total size: 172 M
Installed size: 709 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                1/1 
  Running scriptlet: wazuh-dashboard-4.4.0-1.x86_64                                                 1/1 
  Installing       : wazuh-dashboard-4.4.0-1.x86_64                                                 1/1 
  Running scriptlet: wazuh-dashboard-4.4.0-1.x86_64                                                 1/1 
  Verifying        : wazuh-dashboard-4.4.0-1.x86_64                                                 1/1 

Installed:
  wazuh-dashboard-4.4.0-1.x86_64                                                                        

Complete!
[root@fedora36 vagrant]# service wazuh-dashboard start
wazuh-dashboard started
[root@fedora36 vagrant]# service wazuh-dashboard status  log   [13:03:30.796] [info][plugins-service] Plugin "visTypeXy" is disabled.
  log   [13:03:30.807] [info][plugins-service] Plugin "wizard" is disabled.
  log   [13:03:30.845] [warning][config][deprecation] "opensearch.requestHeadersWhitelist" is deprecated and has been replaced by "opensearch.requestHeadersAllowlist"
  log   [13:03:30.849] [fatal][root] Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem'
    at Object.openSync (fs.js:498:3)
    at readFileSync (fs.js:394:35)
    at readFile (/usr/share/wazuh-dashboard/src/core/server/http/ssl_config.js:181:31)
    at new SslConfig (/usr/share/wazuh-dashboard/src/core/server/http/ssl_config.js:131:18)
    at new HttpConfig (/usr/share/wazuh-dashboard/src/core/server/http/http_config.js:175:16)
    at MapSubscriber.project (/usr/share/wazuh-dashboard/src/core/server/http/http_service.js:61:177)
    at MapSubscriber._next (/usr/share/wazuh-dashboard/node_modules/rxjs/internal/operators/map.js:49:35)
    at MapSubscriber.Subscriber.next (/usr/share/wazuh-dashboard/node_modules/rxjs/internal/Subscriber.js:66:18)
    at CombineLatestSubscriber.notifyNext (/usr/share/wazuh-dashboard/node_modules/rxjs/internal/observable/combineLatest.js:97:34)
    at InnerSubscriber._next (/usr/share/wazuh-dashboard/node_modules/rxjs/internal/InnerSubscriber.js:28:21)
    at InnerSubscriber.Subscriber.next (/usr/share/wazuh-dashboard/node_modules/rxjs/internal/Subscriber.js:66:18)
    at MapSubscriber._next (/usr/share/wazuh-dashboard/node_modules/rxjs/internal/operators/map.js:55:26)
    at MapSubscriber.Subscriber.next (/usr/share/wazuh-dashboard/node_modules/rxjs/internal/Subscriber.js:66:18)
    at DistinctUntilChangedSubscriber._next (/usr/share/wazuh-dashboard/node_modules/rxjs/internal/operators/distinctUntilChanged.js:69:30)
    at DistinctUntilChangedSubscriber.Subscriber.next (/usr/share/wazuh-dashboard/node_modules/rxjs/internal/Subscriber.js:66:18)
    at MapSubscriber._next (/usr/share/wazuh-dashboard/node_modules/rxjs/internal/operators/map.js:55:26) {
  errno: -2,
  syscall: 'open',
  code: 'ENOENT',
  path: '/etc/wazuh-dashboard/certs/dashboard-key.pem'
}

 FATAL  Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem'

^C
[root@fedora36 vagrant]# service wazuh-dashboard stop
[root@fedora36 vagrant]# mv /etc/init.d/wazuh-dashboard /etc/init.d/wazuh-dashboard.save
[root@fedora36 vagrant]# service wazuh-dashboard start
Redirecting to /bin/systemctl start wazuh-dashboard.service
[root@fedora36 vagrant]# service wazuh-dashboard status
Redirecting to /bin/systemctl status wazuh-dashboard.service
× wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled)
     Active: failed (Result: exit-code) since Wed 2022-10-19 13:04:59 UTC; 1s ago
    Process: 3025 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE)
   Main PID: 3025 (code=exited, status=1/FAILURE)
        CPU: 2.915s

Oct 19 13:04:56 fedora36.localdomain systemd[1]: Started wazuh-dashboard.service - wazuh-dashboard.
Oct 19 13:04:59 fedora36.localdomain opensearch-dashboards[3025]: {"type":"log","@timestamp":"2022-10-19T13:04:59Z","tags":["info","plugins-service"],"pid":3025,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 19 13:04:59 fedora36.localdomain opensearch-dashboards[3025]: {"type":"log","@timestamp":"2022-10-19T13:04:59Z","tags":["info","plugins-service"],"pid":3025,"message":"Plugin \"wizard\" is disabled."}
Oct 19 13:04:59 fedora36.localdomain opensearch-dashboards[3025]: {"type":"log","@timestamp":"2022-10-19T13:04:59Z","tags":["warning","config","deprecation"],"pid":3025,"message":"\"opensearch.requestHeadersWhi>
Oct 19 13:04:59 fedora36.localdomain opensearch-dashboards[3025]: {"type":"log","@timestamp":"2022-10-19T13:04:59Z","tags":["fatal","root"],"pid":3025,"message":"Error: ENOENT: no such file or directory, open '>
Oct 19 13:04:59 fedora36.localdomain opensearch-dashboards[3025]:  FATAL  Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem'
Oct 19 13:04:59 fedora36.localdomain systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE
Oct 19 13:04:59 fedora36.localdomain systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'.
Oct 19 13:04:59 fedora36.localdomain systemd[1]: wazuh-dashboard.service: Consumed 2.915s CPU time.

The reported bug has not been reproduced on Debian systems:

Ubuntu 16 Xenial Xerus

root@ubuntu16:/home/vagrant# cat /etc/os-release 
NAME="Ubuntu"
VERSION="16.04.7 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.7 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial
root@ubuntu16:/home/vagrant# apt install ./wazuh-dashboard_4.4.0-1_amd64.deb
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Note, selecting 'wazuh-dashboard' instead of './wazuh-dashboard_4.4.0-1_amd64.deb'
The following NEW packages will be installed:
  wazuh-dashboard
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/147 MB of archives.
After this operation, 780 MB of additional disk space will be used.
Get:1 /home/vagrant/wazuh-dashboard_4.4.0-1_amd64.deb wazuh-dashboard amd64 4.4.0-1 [147 MB]
Selecting previously unselected package wazuh-dashboard.
(Reading database ... 54424 files and directories currently installed.)
Preparing to unpack .../wazuh-dashboard_4.4.0-1_amd64.deb ...
Creating wazuh-dashboard group... OK
Creating wazuh-dashboard user... OK
Unpacking wazuh-dashboard (4.4.0-1) ...
Setting up wazuh-dashboard (4.4.0-1) ...
root@ubuntu16:/home/vagrant# service wazuh-dashboard start
root@ubuntu16:/home/vagrant# service wazuh-dashboard status
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Wed 2022-10-19 12:32:29 UTC; 2s ago
  Process: 2412 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE)
 Main PID: 2412 (code=exited, status=1/FAILURE)

Oct 19 12:32:25 ubuntu16 systemd[1]: Started wazuh-dashboard.
Oct 19 12:32:29 ubuntu16 opensearch-dashboards[2412]: {"type":"log","@timestamp":"2022-10-19T12:32:29Z","tags":["info","plugins-service"],"pid":2412,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 19 12:32:29 ubuntu16 opensearch-dashboards[2412]: {"type":"log","@timestamp":"2022-10-19T12:32:29Z","tags":["info","plugins-service"],"pid":2412,"message":"Plugin \"wizard\" is disabled."}
Oct 19 12:32:29 ubuntu16 opensearch-dashboards[2412]: {"type":"log","@timestamp":"2022-10-19T12:32:29Z","tags":["warning","config","deprecation"],"pid":2412,"message":"\"opensearch.requestHeadersWhitelist\" is d
Oct 19 12:32:29 ubuntu16 opensearch-dashboards[2412]: {"type":"log","@timestamp":"2022-10-19T12:32:29Z","tags":["fatal","root"],"pid":2412,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-da
Oct 19 12:32:29 ubuntu16 opensearch-dashboards[2412]:  FATAL  Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem'
Oct 19 12:32:29 ubuntu16 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE
Oct 19 12:32:29 ubuntu16 systemd[1]: wazuh-dashboard.service: Unit entered failed state.
Oct 19 12:32:29 ubuntu16 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'.

Ubuntu 18 Bionic Beaver

root@ubuntu18:/home/vagrant# cat /etc/os-release 
NAME="Ubuntu"
VERSION="18.04.6 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.6 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic
root@ubuntu18:/home/vagrant# apt install ./wazuh-dashboard_4.4.0-1_amd64.deb 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Note, selecting 'wazuh-dashboard' instead of './wazuh-dashboard_4.4.0-1_amd64.deb'
The following NEW packages will be installed:
  wazuh-dashboard
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/147 MB of archives.
After this operation, 780 MB of additional disk space will be used.
Get:1 /home/vagrant/wazuh-dashboard_4.4.0-1_amd64.deb wazuh-dashboard amd64 4.4.0-1 [147 MB]
Selecting previously unselected package wazuh-dashboard.
(Reading database ... 105957 files and directories currently installed.)
Preparing to unpack .../wazuh-dashboard_4.4.0-1_amd64.deb ...
Creating wazuh-dashboard group... OK
Creating wazuh-dashboard user... OK
Unpacking wazuh-dashboard (4.4.0-1) ...
Setting up wazuh-dashboard (4.4.0-1) ...
root@ubuntu18:/home/vagrant# service wazuh-dashboard start
root@ubuntu18:/home/vagrant# service wazuh-dashboard status
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Wed 2022-10-19 12:30:18 UTC; 1min 38s ago
  Process: 2617 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE)
 Main PID: 2617 (code=exited, status=1/FAILURE)

Oct 19 12:30:14 ubuntu18 systemd[1]: Started wazuh-dashboard.
Oct 19 12:30:18 ubuntu18 opensearch-dashboards[2617]: {"type":"log","@timestamp":"2022-10-19T12:30:18Z","tags":["info","plugins-service"],"pid":2617,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 19 12:30:18 ubuntu18 opensearch-dashboards[2617]: {"type":"log","@timestamp":"2022-10-19T12:30:18Z","tags":["info","plugins-service"],"pid":2617,"message":"Plugin \"wizard\" is disabled."}
Oct 19 12:30:18 ubuntu18 opensearch-dashboards[2617]: {"type":"log","@timestamp":"2022-10-19T12:30:18Z","tags":["warning","config","deprecation"],"pid":2617,"message":"\"opensearch.requestHeadersWhitelist\" is d
Oct 19 12:30:18 ubuntu18 opensearch-dashboards[2617]: {"type":"log","@timestamp":"2022-10-19T12:30:18Z","tags":["fatal","root"],"pid":2617,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-da
Oct 19 12:30:18 ubuntu18 opensearch-dashboards[2617]:  FATAL  Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem'
Oct 19 12:30:18 ubuntu18 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE
Oct 19 12:30:18 ubuntu18 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'.

Ubuntu 20 Focal Fossa

root@ubuntu20:/home/vagrant# cat /etc/os-release 
NAME="Ubuntu"
VERSION="20.04.4 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.4 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
root@ubuntu20:/home/vagrant# apt install ./wazuh-dashboard_4.4.0-1_amd64.deb
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Note, selecting 'wazuh-dashboard' instead of './wazuh-dashboard_4.4.0-1_amd64.deb'
The following NEW packages will be installed:
  wazuh-dashboard
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/147 MB of archives.
After this operation, 780 MB of additional disk space will be used.
Get:1 /home/vagrant/wazuh-dashboard_4.4.0-1_amd64.deb wazuh-dashboard amd64 4.4.0-1 [147 MB]
Selecting previously unselected package wazuh-dashboard.
(Reading database ... 111328 files and directories currently installed.)
Preparing to unpack .../wazuh-dashboard_4.4.0-1_amd64.deb ...
Creating wazuh-dashboard group... OK
Creating wazuh-dashboard user... OK
Unpacking wazuh-dashboard (4.4.0-1) ...
Setting up wazuh-dashboard (4.4.0-1) ...
root@ubuntu20:/home/vagrant# service wazuh-dashboard start
root@ubuntu20:/home/vagrant# service wazuh-dashboard status
● wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Wed 2022-10-19 12:33:21 UTC; 3s ago
    Process: 2174 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE)
   Main PID: 2174 (code=exited, status=1/FAILURE)

Oct 19 12:33:17 ubuntu20 systemd[1]: Started wazuh-dashboard.
Oct 19 12:33:20 ubuntu20 opensearch-dashboards[2174]: {"type":"log","@timestamp":"2022-10-19T12:33:20Z","tags":["info","plugins-service"],"pid":2174,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 19 12:33:20 ubuntu20 opensearch-dashboards[2174]: {"type":"log","@timestamp":"2022-10-19T12:33:20Z","tags":["info","plugins-service"],"pid":2174,"message":"Plugin \"wizard\" is disabled."}
Oct 19 12:33:21 ubuntu20 opensearch-dashboards[2174]: {"type":"log","@timestamp":"2022-10-19T12:33:21Z","tags":["warning","config","deprecation"],"pid":2174,"message":"\"opensearch.requestHeadersWhitelist\" is >
Oct 19 12:33:21 ubuntu20 opensearch-dashboards[2174]: {"type":"log","@timestamp":"2022-10-19T12:33:21Z","tags":["fatal","root"],"pid":2174,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-d>
Oct 19 12:33:21 ubuntu20 opensearch-dashboards[2174]:  FATAL  Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem'
Oct 19 12:33:21 ubuntu20 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE
Oct 19 12:33:21 ubuntu20 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'.

Ubuntu 22 Jammy Jellyfish

root@ubuntu22:/home/vagrant# apt install ./wazuh-dashboard_4.4.0-1_amd64.deb
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'wazuh-dashboard' instead of './wazuh-dashboard_4.4.0-1_amd64.deb'
The following NEW packages will be installed:
  wazuh-dashboard
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/147 MB of archives.
After this operation, 780 MB of additional disk space will be used.
Get:1 /home/vagrant/wazuh-dashboard_4.4.0-1_amd64.deb wazuh-dashboard amd64 4.4.0-1 [147 MB]
Selecting previously unselected package wazuh-dashboard.
(Reading database ... 75032 files and directories currently installed.)
Preparing to unpack .../wazuh-dashboard_4.4.0-1_amd64.deb ...
Creating wazuh-dashboard group... OK
Creating wazuh-dashboard user... OK
Unpacking wazuh-dashboard (4.4.0-1) ...
Setting up wazuh-dashboard (4.4.0-1) ...
Scanning processes...                              
Scanning linux images...                           

Running kernel seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor
 (qemu) binaries on this host.
N: Download is performed unsandboxed as root as file '/home/vagrant/wazuh-dashboard_4.4.0-1_amd64.deb' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
root@ubuntu22:/home/vagrant# service wazuh-dashboard start
root@ubuntu22:/home/vagrant# service wazuh-dashboard status
× wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Wed 2022-10-19 12:35:00 UTC; 2s ago
    Process: 2047 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE)
   Main PID: 2047 (code=exited, status=1/FAILURE)
        CPU: 3.101s

Oct 19 12:34:56 ubuntu22 systemd[1]: Started wazuh-dashboard.
Oct 19 12:35:00 ubuntu22 opensearch-dashboards[2047]: {"type":"log","@timestamp":"2022-10-19T12:35:00Z","tags":["info","plugins-service"],"pid":2047,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 19 12:35:00 ubuntu22 opensearch-dashboards[2047]: {"type":"log","@timestamp":"2022-10-19T12:35:00Z","tags":["info","plugins-service"],"pid":2047,"message":"Plugin \"wizard\" is disabled."}
Oct 19 12:35:00 ubuntu22 opensearch-dashboards[2047]: {"type":"log","@timestamp":"2022-10-19T12:35:00Z","tags":["warning","config","deprecation"],"pid":2047,"message":"\"opensearch.requestHeadersWhitelist\" is >
Oct 19 12:35:00 ubuntu22 opensearch-dashboards[2047]: {"type":"log","@timestamp":"2022-10-19T12:35:00Z","tags":["fatal","root"],"pid":2047,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-d>
Oct 19 12:35:00 ubuntu22 opensearch-dashboards[2047]:  FATAL  Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem'
Oct 19 12:35:00 ubuntu22 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE
Oct 19 12:35:00 ubuntu22 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'.
Oct 19 12:35:00 ubuntu22 systemd[1]: wazuh-dashboard.service: Consumed 3.101s CPU time.

Debian 11 Bullseye

root@debian11:/home/vagrant# cat /etc/os-release 
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
root@debian11:/home/vagrant# apt install ./wazuh-dashboard_4.4.0-1_amd64.deb 
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'wazuh-dashboard' instead of './wazuh-dashboard_4.4.0-1_amd64.deb'
The following NEW packages will be installed:
  wazuh-dashboard
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/147 MB of archives.
After this operation, 780 MB of additional disk space will be used.
Get:1 /home/vagrant/wazuh-dashboard_4.4.0-1_amd64.deb wazuh-dashboard amd64 4.4.0-1 [147 MB]
Selecting previously unselected package wazuh-dashboard.
(Reading database ... 68814 files and directories currently installed.)
Preparing to unpack .../wazuh-dashboard_4.4.0-1_amd64.deb ...
Creating wazuh-dashboard group... OK
Creating wazuh-dashboard user... OK
Unpacking wazuh-dashboard (4.4.0-1) ...
Setting up wazuh-dashboard (4.4.0-1) ...
root@debian11:/home/vagrant# service wazuh-dashboard start
root@debian11:/home/vagrant# service wazuh-dashboard status
● wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Wed 2022-10-19 12:58:34 UTC; 8s ago
    Process: 1984 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE)
   Main PID: 1984 (code=exited, status=1/FAILURE)
        CPU: 3.255s

Oct 19 12:58:30 debian11 systemd[1]: Started wazuh-dashboard.
Oct 19 12:58:34 debian11 opensearch-dashboards[1984]: {"type":"log","@timestamp":"2022-10-19T12:58:34Z","tags":["info","plugins-service"],"pid":1984,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 19 12:58:34 debian11 opensearch-dashboards[1984]: {"type":"log","@timestamp":"2022-10-19T12:58:34Z","tags":["info","plugins-service"],"pid":1984,"message":"Plugin \"wizard\" is disabled."}
Oct 19 12:58:34 debian11 opensearch-dashboards[1984]: {"type":"log","@timestamp":"2022-10-19T12:58:34Z","tags":["warning","config","deprecation"],"pid":1984,"message":"\"opensearch.requestHeadersWhitelist\" is >
Oct 19 12:58:34 debian11 opensearch-dashboards[1984]: {"type":"log","@timestamp":"2022-10-19T12:58:34Z","tags":["fatal","root"],"pid":1984,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-d>
Oct 19 12:58:34 debian11 opensearch-dashboards[1984]:  FATAL  Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem'
Oct 19 12:58:34 debian11 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE
Oct 19 12:58:34 debian11 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'.
Oct 19 12:58:34 debian11 systemd[1]: wazuh-dashboard.service: Consumed 3.255s CPU time.

After discussing the proposed options with the team, it has been decided to apply solution number 3, which consists of removing the init.d service from RPM systems so that the native redirection to systemctl can be carried out.

After removing the service file from the RPM SPEC file, the generated package does not reproduce the problem and the use of the service command redirects to systemctl.

Red Hat 7 with fix

[root@redhat7 vagrant]# cat /etc/os-release 
NAME="Red Hat Enterprise Linux Server"
VERSION="7.9 (Maipo)"
ID="rhel"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="7.9"
PRETTY_NAME="Red Hat Enterprise Linux Server 7.9 (Maipo)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:7.9:GA:server"
HOME_URL="https://www.redhat.com/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 7"
REDHAT_BUGZILLA_PRODUCT_VERSION=7.9
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="7.9"
[root@redhat7 vagrant]# yum localinstall wazuh-dashboard-4.4.0-1.x86_64.rpm -y
Loaded plugins: product-id, search-disabled-repos
Examining wazuh-dashboard-4.4.0-1.x86_64.rpm: wazuh-dashboard-4.4.0-1.x86_64
Marking wazuh-dashboard-4.4.0-1.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package wazuh-dashboard.x86_64 0:4.4.0-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================
 Package                 Arch           Version           Repository                               Size
========================================================================================================
Installing:
 wazuh-dashboard         x86_64         4.4.0-1           /wazuh-dashboard-4.4.0-1.x86_64         709 M

Transaction Summary
========================================================================================================
Install  1 Package

Total size: 709 M
Installed size: 709 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wazuh-dashboard-4.4.0-1.x86_64                                                       1/1 
  Verifying  : wazuh-dashboard-4.4.0-1.x86_64                                                       1/1 
epel/x86_64/metalink                                                             |  29 kB  00:00:00     
epel/x86_64                                                                      | 4.7 kB  00:00:00     
epel/x86_64/group_gz                                                             |  97 kB  00:00:00     
epel/x86_64/updateinfo                                                           | 1.0 MB  00:00:00     
epel/x86_64/primary_db                                                           | 7.0 MB  00:00:00     

Installed:
  wazuh-dashboard.x86_64 0:4.4.0-1                                                                      

Complete!
[root@redhat7 vagrant]# ls -l /etc/init.d/
total 44
-rw-r--r--. 1 root root 18281 May 22  2020 functions
-rwxr-xr-x. 1 root root  4569 May 22  2020 netconsole
-rwxr-xr-x. 1 root root  7928 May 22  2020 network
-rw-r--r--. 1 root root  1160 May 12  2020 README
-rwxr-xr-x. 1 root root  2437 Oct 19  2017 rhnsd
[root@redhat7 vagrant]# service wazuh-dashboard start
Redirecting to /bin/systemctl start wazuh-dashboard.service
[root@redhat7 vagrant]# service wazuh-dashboard status
Redirecting to /bin/systemctl status wazuh-dashboard.service
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2022-10-19 13:51:20 UTC; 16s ago
  Process: 3976 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE)
 Main PID: 3976 (code=exited, status=1/FAILURE)

Oct 19 13:51:15 redhat7 systemd[1]: Started wazuh-dashboard.
Oct 19 13:51:20 redhat7 opensearch-dashboards[3976]: {"type":"log","@timestamp":"2022-10-19T13:51:20Z","tags":["info","plugins-service"],"pid":3976,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 19 13:51:20 redhat7 opensearch-dashboards[3976]: {"type":"log","@timestamp":"2022-10-19T13:51:20Z","tags":["info","plugins-service"],"pid":3976,"message":"Plugin \"wizard\" is disabled."}
Oct 19 13:51:20 redhat7 opensearch-dashboards[3976]: {"type":"log","@timestamp":"2022-10-19T13:51:20Z","tags":["warning","config","deprecation"],"pid":3976,"message":"\"opensearch.requestHeadersW...Allowlist\""}
Oct 19 13:51:20 redhat7 opensearch-dashboards[3976]: {"type":"log","@timestamp":"2022-10-19T13:51:20Z","tags":["fatal","root"],"pid":3976,"message":"Error: ENOENT: no such file or directory, open... (/usr/share/
Oct 19 13:51:20 redhat7 opensearch-dashboards[3976]: FATAL  Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem'
Oct 19 13:51:20 redhat7 systemd[1]: wazuh-dashboard.service: main process exited, code=exited, status=1/FAILURE
Oct 19 13:51:20 redhat7 systemd[1]: Unit wazuh-dashboard.service entered failed state.
Oct 19 13:51:20 redhat7 systemd[1]: wazuh-dashboard.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
[root@redhat7 vagrant]#

Red Hat 9 with fix

[root@redhat9 vagrant]# cat /etc/os-release 
NAME="Red Hat Enterprise Linux"
VERSION="9.0 (Plow)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="9.0"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Red Hat Enterprise Linux 9.0 (Plow)"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/red_hat_enterprise_linux/9/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_BUGZILLA_PRODUCT_VERSION=9.0
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.0"
[root@redhat9 vagrant]# yum localinstall wazuh-dashboard-4.4.0-1.x86_64.rpm -y
Extra Packages for Enterprise Linux 9 - x86_64                           11 MB/s |  11 MB     00:00    
Last metadata expiration check: 0:00:02 ago on Wed 19 Oct 2022 01:49:21 PM UTC.
Dependencies resolved.
========================================================================================================
 Package                      Architecture        Version               Repository                 Size
========================================================================================================
Installing:
 wazuh-dashboard              x86_64              4.4.0-1               @commandline              172 M

Transaction Summary
========================================================================================================
Install  1 Package

Total size: 172 M
Installed size: 709 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                1/1 
  Running scriptlet: wazuh-dashboard-4.4.0-1.x86_64                                                 1/1 
  Installing       : wazuh-dashboard-4.4.0-1.x86_64                                                 1/1 
  Running scriptlet: wazuh-dashboard-4.4.0-1.x86_64                                                 1/1 
  Verifying        : wazuh-dashboard-4.4.0-1.x86_64                                                 1/1 
Installed products updated.

Installed:
  wazuh-dashboard-4.4.0-1.x86_64                                                                        

Complete!
[root@redhat9 vagrant]# ls -l /etc/init.d
ls: cannot access '/etc/init.d': No such file or directory
[root@redhat9 vagrant]# service wazuh-dashboard start
Redirecting to /bin/systemctl start wazuh-dashboard.service
[root@redhat9 vagrant]# service wazuh-dashboard status
Redirecting to /bin/systemctl status wazuh-dashboard.service
× wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled)
     Active: failed (Result: exit-code) since Wed 2022-10-19 13:51:29 UTC; 58s ago
    Process: 4472 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE)
   Main PID: 4472 (code=exited, status=1/FAILURE)
        CPU: 3.747s

Oct 19 13:51:24 redhat9 systemd[1]: Started wazuh-dashboard.
Oct 19 13:51:29 redhat9 opensearch-dashboards[4472]: {"type":"log","@timestamp":"2022-10-19T13:51:29Z","tags":["info","plugins-service"],"pid":4472,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 19 13:51:29 redhat9 opensearch-dashboards[4472]: {"type":"log","@timestamp":"2022-10-19T13:51:29Z","tags":["info","plugins-service"],"pid":4472,"message":"Plugin \"wizard\" is disabled."}
Oct 19 13:51:29 redhat9 opensearch-dashboards[4472]: {"type":"log","@timestamp":"2022-10-19T13:51:29Z","tags":["warning","config","deprecation"],"pid":4472,"message":"\"opensearch.requestHeadersWhitelist\" is d>
Oct 19 13:51:29 redhat9 opensearch-dashboards[4472]: {"type":"log","@timestamp":"2022-10-19T13:51:29Z","tags":["fatal","root"],"pid":4472,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-da>
Oct 19 13:51:29 redhat9 opensearch-dashboards[4472]:  FATAL  Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem'
Oct 19 13:51:29 redhat9 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE
Oct 19 13:51:29 redhat9 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'.
Oct 19 13:51:29 redhat9 systemd[1]: wazuh-dashboard.service: Consumed 3.747s CPU time.
[root@redhat9 vagrant]#

Package construction using the Packages_builder pipeline ends with SUCCESS status: https://devel.ci.wazuh.info/view/Packages/job/Packages_builder/8845/

The package generated with the modifications made in the SPEC file, performs all the actions through systemctl when used with the service command, the reported behavior is not observed.

Red Hat 9 Jenkins package install test

[root@redhat9 vagrant]# cat /etc/os-release 
NAME="Red Hat Enterprise Linux"
VERSION="9.0 (Plow)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="9.0"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Red Hat Enterprise Linux 9.0 (Plow)"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/red_hat_enterprise_linux/9/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_BUGZILLA_PRODUCT_VERSION=9.0
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.0"
[root@redhat9 vagrant]# wget https://packages-dev.wazuh.com/warehouse/test/4.4/rpm/wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm
--2022-10-19 15:16:35--  https://packages-dev.wazuh.com/warehouse/test/4.4/rpm/wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm
Resolving packages-dev.wazuh.com (packages-dev.wazuh.com)... 52.84.66.124, 52.84.66.65, 52.84.66.126, ...
Connecting to packages-dev.wazuh.com (packages-dev.wazuh.com)|52.84.66.124|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 180722644 (172M) [binary/octet-stream]
Saving to: ‘wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm’

wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm             100%[=====================================================================================================================>] 172.35M  22.7MB/s    in 8.6s    

2022-10-19 15:16:44 (20.0 MB/s) - ‘wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm’ saved [180722644/180722644]

[root@redhat9 vagrant]# yum localinstall wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm -y
Extra Packages for Enterprise Linux 9 - x86_64                                                                                                                                     2.1 MB/s |  11 MB     00:05    
Last metadata expiration check: 0:00:05 ago on Wed 19 Oct 2022 03:16:56 PM UTC.
Dependencies resolved.
===================================================================================================================================================================================================================
 Package                                               Architecture                                 Version                                               Repository                                          Size
===================================================================================================================================================================================================================
Installing:
 wazuh-dashboard                                       x86_64                                       4.4.0-wp.1880                                         @commandline                                       172 M

Transaction Summary
===================================================================================================================================================================================================================
Install  1 Package

Total size: 172 M
Installed size: 709 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                                           1/1 
  Running scriptlet: wazuh-dashboard-4.4.0-wp.1880.x86_64                                                                                                                                                      1/1 
  Installing       : wazuh-dashboard-4.4.0-wp.1880.x86_64                                                                                                                                                      1/1 
  Running scriptlet: wazuh-dashboard-4.4.0-wp.1880.x86_64                                                                                                                                                      1/1 
  Verifying        : wazuh-dashboard-4.4.0-wp.1880.x86_64                                                                                                                                                      1/1 
Installed products updated.

Installed:
  wazuh-dashboard-4.4.0-wp.1880.x86_64                                                                                                                                                                             

Complete!
[root@redhat9 vagrant]# service wazuh-dashboard status
Redirecting to /bin/systemctl status wazuh-dashboard.service
○ wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled)
     Active: inactive (dead)
[root@redhat9 vagrant]# service wazuh-dashboard start
Redirecting to /bin/systemctl start wazuh-dashboard.service
[root@redhat9 vagrant]# service wazuh-dashboard status
Redirecting to /bin/systemctl status wazuh-dashboard.service
× wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled)
     Active: failed (Result: exit-code) since Wed 2022-10-19 15:18:39 UTC; 4s ago
    Process: 4434 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE)
   Main PID: 4434 (code=exited, status=1/FAILURE)
        CPU: 3.624s

Oct 19 15:18:35 redhat9 systemd[1]: Started wazuh-dashboard.
Oct 19 15:18:39 redhat9 opensearch-dashboards[4434]: {"type":"log","@timestamp":"2022-10-19T15:18:39Z","tags":["info","plugins-service"],"pid":4434,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 19 15:18:39 redhat9 opensearch-dashboards[4434]: {"type":"log","@timestamp":"2022-10-19T15:18:39Z","tags":["info","plugins-service"],"pid":4434,"message":"Plugin \"wizard\" is disabled."}
Oct 19 15:18:39 redhat9 opensearch-dashboards[4434]: {"type":"log","@timestamp":"2022-10-19T15:18:39Z","tags":["warning","config","deprecation"],"pid":4434,"message":"\"opensearch.requestHeadersWhitelist\" is d>
Oct 19 15:18:39 redhat9 opensearch-dashboards[4434]: {"type":"log","@timestamp":"2022-10-19T15:18:39Z","tags":["fatal","root"],"pid":4434,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-da>
Oct 19 15:18:39 redhat9 opensearch-dashboards[4434]:  FATAL  Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem'
Oct 19 15:18:39 redhat9 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE
Oct 19 15:18:39 redhat9 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'.
Oct 19 15:18:39 redhat9 systemd[1]: wazuh-dashboard.service: Consumed 3.624s CPU time.
[root@redhat9 vagrant]# service wazuh-dashboard restart
Redirecting to /bin/systemctl restart wazuh-dashboard.service
[root@redhat9 vagrant]# service wazuh-dashboard status
Redirecting to /bin/systemctl status wazuh-dashboard.service
× wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled)
     Active: failed (Result: exit-code) since Wed 2022-10-19 15:18:55 UTC; 5s ago
    Process: 4460 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE)
   Main PID: 4460 (code=exited, status=1/FAILURE)
        CPU: 3.300s

Oct 19 15:18:52 redhat9 systemd[1]: Started wazuh-dashboard.
Oct 19 15:18:55 redhat9 opensearch-dashboards[4460]: {"type":"log","@timestamp":"2022-10-19T15:18:55Z","tags":["info","plugins-service"],"pid":4460,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 19 15:18:55 redhat9 opensearch-dashboards[4460]: {"type":"log","@timestamp":"2022-10-19T15:18:55Z","tags":["info","plugins-service"],"pid":4460,"message":"Plugin \"wizard\" is disabled."}
Oct 19 15:18:55 redhat9 opensearch-dashboards[4460]: {"type":"log","@timestamp":"2022-10-19T15:18:55Z","tags":["warning","config","deprecation"],"pid":4460,"message":"\"opensearch.requestHeadersWhitelist\" is d>
Oct 19 15:18:55 redhat9 opensearch-dashboards[4460]: {"type":"log","@timestamp":"2022-10-19T15:18:55Z","tags":["fatal","root"],"pid":4460,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-da>
Oct 19 15:18:55 redhat9 opensearch-dashboards[4460]:  FATAL  Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem'
Oct 19 15:18:55 redhat9 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE
Oct 19 15:18:55 redhat9 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'.
Oct 19 15:18:55 redhat9 systemd[1]: wazuh-dashboard.service: Consumed 3.300s CPU time.
[root@redhat9 vagrant]# systemctl stop wazuh-dashboard
[root@redhat9 vagrant]# systemctl start wazuh-dashboard
[root@redhat9 vagrant]# systemctl status wazuh-dashboard
× wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled)
     Active: failed (Result: exit-code) since Wed 2022-10-19 15:19:25 UTC; 1s ago
    Process: 4485 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE)
   Main PID: 4485 (code=exited, status=1/FAILURE)
        CPU: 3.402s

Oct 19 15:19:22 redhat9 systemd[1]: Started wazuh-dashboard.
Oct 19 15:19:25 redhat9 opensearch-dashboards[4485]: {"type":"log","@timestamp":"2022-10-19T15:19:25Z","tags":["info","plugins-service"],"pid":4485,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 19 15:19:25 redhat9 opensearch-dashboards[4485]: {"type":"log","@timestamp":"2022-10-19T15:19:25Z","tags":["info","plugins-service"],"pid":4485,"message":"Plugin \"wizard\" is disabled."}
Oct 19 15:19:25 redhat9 opensearch-dashboards[4485]: {"type":"log","@timestamp":"2022-10-19T15:19:25Z","tags":["warning","config","deprecation"],"pid":4485,"message":"\"opensearch.requestHeadersWhitelist\" is d>
Oct 19 15:19:25 redhat9 opensearch-dashboards[4485]: {"type":"log","@timestamp":"2022-10-19T15:19:25Z","tags":["fatal","root"],"pid":4485,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-da>
Oct 19 15:19:25 redhat9 opensearch-dashboards[4485]:  FATAL  Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem'
Oct 19 15:19:25 redhat9 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE
Oct 19 15:19:25 redhat9 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'.
Oct 19 15:19:25 redhat9 systemd[1]: wazuh-dashboard.service: Consumed 3.402s CPU time.
[root@redhat9 vagrant]#

An error was found in the Test_install_stack pipeline, which does not get the package since it looks for the path: warehouse/test/4.4/rpm/var/wazuh-indexer-4.4.0-wp.1880.x86_64.rpm when it should be warehouse/test/4.4/rpm/wazuh-indexer-4.4.0-wp.1880.x86_64.rpm
This is because the Wazuh server and Wazuh agent packages are generated in the installation folder (/var or /opt), while the Wazuh indexer and Wazuh dashboard use /usr/share, so they are not created in that folder.
- https://github.com/wazuh/wazuh-jenkins/blob/4.4/src/org/wazuh/Pkg.groovy#L607-L622

case CSystem.CENTOS:
case CSystem.CENTOS_5:
   if(target == TARGET.INDEXER || target == TARGET.DASHBOARD || debug == "yes"){
      path = "rpm"
   }else{
      path = "rpm/${shortInstallation}"
   }
break
break
case CSystem.DEBIAN:
   if(target == TARGET.INDEXER || target == TARGET.DASHBOARD || debug == "yes"){
      path = "deb"
   }else{
      path = "deb/${shortInstallation}"
   }
break

In the case of the stack test, the package type is not taken into account and only the system type is checked, so it has been necessary to add an if statement for the Wazuh dashboard and Wazuh indexer in the following code:
- https://github.com/wazuh/wazuh-jenkins/blob/4.4/vars/s3Helper.groovy#L499-L501

if(target_system == 'rpm' || target_system == 'rpm5' || target_system == 'deb'){
  result += install_path + '/'
}

The tests have failed because the ECR image for building the base packages has not been updated after the pull request https://github.com/wazuh/wazuh-packages/pull/1890/ merge, generating packages with invalid permissions. Stopped until the images are updated.
The base images have been updated and new packages have been generated:
- https://devel.ci.wazuh.info/view/Packages/job/Packages_builder/8850/
The package generation fails due to an error with the base file:

19:30:13  Removing queryWorkbenchDashboards...
19:30:13  Plugin removal complete
19:30:13  Removing anomalyDetectionDashboards...
19:30:13  Plugin removal complete
19:30:13  Removing observabilityDashboards...
19:30:13  Plugin removal complete
19:30:13  Building target platforms: x86_64
19:30:13  Building for target x86_64
19:30:13  Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.pr84NL
19:30:13  + umask 022
19:30:13  + cd /build/rpmbuild/BUILD
19:30:13  + cp /tmp/wazuh-dashboard-base-4.4.0-wp.1880-linux-x64.tar.xz ./
19:30:13  + groupadd wazuh-dashboard
19:30:13  + useradd -g wazuh-dashboard wazuh-dashboard
19:30:13  + exit 0
19:30:13  Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.Wmtv0K
19:30:13  + umask 022
19:30:13  + cd /build/rpmbuild/BUILD
19:30:13  + tar -xf wazuh-dashboard-base-4.4.0-wp.1880-linux-x64.tar.xz
19:30:13  xz: (stdin): Compressed data is corrupt
19:30:13  tar: Child returned status 1
19:30:13  tar: Error is not recoverable: exiting now
19:30:13  error: Bad exit status from /var/tmp/rpm-tmp.Wmtv0K (%build)
19:30:13  RPM build errors:
19:30:13      Bad exit status from /var/tmp/rpm-tmp.Wmtv0K (%build)

The failure seems to have been punctual, when performing a pipeline retry the package has been generated correctly:
- https://devel.ci.wazuh.info/view/Packages/job/Packages_builder/8851/
Installation tests for Amazon Linux 2, Red Hat 7, Red Hat 8, Red Hat 9, CentOS 7 and CentOS 8 have been launched again:

System	Build	Result	Artifacts
CentOS 7	https://devel.ci.wazuh.info/view/Tests/job/Test_install_stack/527/	:green_circle:	archive_CentOS7.zip
CentOS 8	https://devel.ci.wazuh.info/view/Tests/job/Test_install_stack/528/	:green_circle:	archive_CentOS8.zip
Red Hat 7	https://devel.ci.wazuh.info/view/Tests/job/Test_install_stack/529/	:green_circle:	archive_RedHat7.zip
Red Hat 8	https://devel.ci.wazuh.info/view/Tests/job/Test_install_stack/530/	:green_circle:	archive_RedHat8.zip
Red Hat 9	https://devel.ci.wazuh.info/view/Tests/job/Test_install_stack/531/	:green_circle:	archive_RedHat9.zip
Amazon Linux 2	https://devel.ci.wazuh.info/view/Tests/job/Test_install_stack/532/	:green_circle:	archive_AmazonLinux2.zip

Wazuh installation assistant

Modified script to use custom packages

All in One install - Red Hat 9

[root@redhat9 vagrant]# bash wazuh-install.sh -a
19/10/2022 20:00:34 INFO: Starting Wazuh installation assistant. Wazuh version: 4.4.0
19/10/2022 20:00:34 INFO: Verbose logging redirected to /var/log/wazuh-install.log
19/10/2022 20:00:41 INFO: Wazuh development repository added.
19/10/2022 20:00:41 INFO: --- Configuration files ---
19/10/2022 20:00:41 INFO: Generating configuration files.
19/10/2022 20:00:44 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
19/10/2022 20:00:45 INFO: --- Wazuh indexer ---
19/10/2022 20:00:45 INFO: Starting Wazuh indexer installation.
--2022-10-19 20:00:45--  https://packages-dev.wazuh.com/warehouse/test/4.4/rpm/wazuh-indexer-4.4.0-wp.1880.x86_64.rpm
Resolving packages-dev.wazuh.com (packages-dev.wazuh.com)... 52.84.66.16, 52.84.66.65, 52.84.66.126, ...
Connecting to packages-dev.wazuh.com (packages-dev.wazuh.com)|52.84.66.16|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 416023164 (397M) [binary/octet-stream]
Saving to: ‘wazuh-indexer-4.4.0-wp.1880.x86_64.rpm.2’

wazuh-indexer-4.4.0-wp.18 100%[=====================================>] 396.75M  91.3MB/s    in 4.6s    

2022-10-19 20:00:50 (85.7 MB/s) - ‘wazuh-indexer-4.4.0-wp.1880.x86_64.rpm.2’ saved [416023164/416023164]

19/10/2022 20:01:28 INFO: Wazuh indexer installation finished.
19/10/2022 20:01:28 INFO: Wazuh indexer post-install configuration finished.
19/10/2022 20:01:28 INFO: Starting service wazuh-indexer.
19/10/2022 20:01:38 INFO: wazuh-indexer service started.
19/10/2022 20:01:38 INFO: Initializing Wazuh indexer cluster security settings.
19/10/2022 20:01:48 INFO: Wazuh indexer cluster initialized.
19/10/2022 20:01:48 INFO: --- Wazuh server ---
19/10/2022 20:01:48 INFO: Starting the Wazuh manager installation.
--2022-10-19 20:01:48--  https://packages-dev.wazuh.com/warehouse/test/4.4/rpm/var/wazuh-manager-4.4.0-wp.1880.x86_64.rpm
Resolving packages-dev.wazuh.com (packages-dev.wazuh.com)... 52.84.66.65, 52.84.66.16, 52.84.66.124, ...
Connecting to packages-dev.wazuh.com (packages-dev.wazuh.com)|52.84.66.65|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 121968089 (116M) [binary/octet-stream]
Saving to: ‘wazuh-manager-4.4.0-wp.1880.x86_64.rpm’

wazuh-manager-4.4.0-wp.18 100%[=====================================>] 116.32M  24.2MB/s    in 5.9s    

2022-10-19 20:01:55 (19.8 MB/s) - ‘wazuh-manager-4.4.0-wp.1880.x86_64.rpm’ saved [121968089/121968089]

19/10/2022 20:02:18 INFO: Wazuh manager installation finished.
19/10/2022 20:02:18 INFO: Starting service wazuh-manager.
19/10/2022 20:02:30 INFO: wazuh-manager service started.
19/10/2022 20:02:30 INFO: Starting Filebeat installation.
19/10/2022 20:02:36 INFO: Filebeat installation finished.
19/10/2022 20:02:37 INFO: Filebeat post-install configuration finished.
19/10/2022 20:02:37 INFO: Starting service filebeat.
19/10/2022 20:02:37 INFO: filebeat service started.
19/10/2022 20:02:37 INFO: --- Wazuh dashboard ---
19/10/2022 20:02:37 INFO: Starting Wazuh dashboard installation.
--2022-10-19 20:02:37--  https://packages-dev.wazuh.com/warehouse/test/4.4/rpm/wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm
Resolving packages-dev.wazuh.com (packages-dev.wazuh.com)... 52.84.66.16, 52.84.66.65, 52.84.66.124, ...
Connecting to packages-dev.wazuh.com (packages-dev.wazuh.com)|52.84.66.16|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 180719416 (172M) [binary/octet-stream]
Saving to: ‘wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm’

wazuh-dashboard-4.4.0-wp. 100%[=====================================>] 172.35M  24.6MB/s    in 8.1s    

2022-10-19 20:02:46 (21.3 MB/s) - ‘wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm’ saved [180719416/180719416]

19/10/2022 20:03:36 INFO: Wazuh dashboard installation finished.
19/10/2022 20:03:36 INFO: Wazuh dashboard post-install configuration finished.
19/10/2022 20:03:36 INFO: Starting service wazuh-dashboard.
19/10/2022 20:03:36 INFO: wazuh-dashboard service started.
19/10/2022 20:03:56 INFO: Initializing Wazuh dashboard web application.
19/10/2022 20:03:56 INFO: Wazuh dashboard web application initialized.
19/10/2022 20:03:56 INFO: --- Summary ---
19/10/2022 20:03:56 INFO: You can access the web interface https://<wazuh-dashboard-ip>
    User: admin
    Password: BsBp.65tQfW9alGqcw?7Mk49*u?.p?IU
19/10/2022 20:03:56 INFO: Installation finished.
[root@redhat9 vagrant]# curl -k -u admin:BsBp.65tQfW9alGqcw?7Mk49*u?.p?IU https://127.0.0.1:9200
{
  "name" : "node-1",
  "cluster_name" : "wazuh-cluster",
  "cluster_uuid" : "GEj1lyLHTfudW-a6ArJc9g",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "6f6e84ebc54af31a976f53af36a5c69d474a5140",
    "build_date" : "2022-09-09T00:07:12.137133581Z",
    "build_snapshot" : false,
    "lucene_version" : "9.3.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}
[root@redhat9 vagrant]# service wazuh-dashboard status
Redirecting to /bin/systemctl status wazuh-dashboard.service
● wazuh-dashboard.service - wazuh-dashboard
     Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)
     Active: active (running) since Wed 2022-10-19 20:03:45 UTC; 3min 54s ago
   Main PID: 9486 (node)
      Tasks: 11 (limit: 29537)
     Memory: 134.8M
        CPU: 5.281s
     CGroup: /system.slice/wazuh-dashboard.service
             └─9486 /usr/share/wazuh-dashboard/bin/../node/bin/node --no-warnings --max-http-header-siz>

Oct 19 20:03:49 redhat9 opensearch-dashboards[9486]: {"type":"log","@timestamp":"2022-10-19T20:03:49Z",>
Oct 19 20:03:49 redhat9 opensearch-dashboards[9486]: {"type":"log","@timestamp":"2022-10-19T20:03:49Z",>
Oct 19 20:03:49 redhat9 opensearch-dashboards[9486]: {"type":"log","@timestamp":"2022-10-19T20:03:49Z",>
Oct 19 20:03:49 redhat9 opensearch-dashboards[9486]: {"type":"log","@timestamp":"2022-10-19T20:03:49Z",>
Oct 19 20:03:49 redhat9 opensearch-dashboards[9486]: {"type":"log","@timestamp":"2022-10-19T20:03:49Z",>
Oct 19 20:03:50 redhat9 opensearch-dashboards[9486]: {"type":"log","@timestamp":"2022-10-19T20:03:50Z",>
Oct 19 20:03:50 redhat9 opensearch-dashboards[9486]: {"type":"log","@timestamp":"2022-10-19T20:03:50Z",>
Oct 19 20:03:50 redhat9 opensearch-dashboards[9486]: {"type":"log","@timestamp":"2022-10-19T20:03:50Z",>
Oct 19 20:03:50 redhat9 opensearch-dashboards[9486]: {"type":"log","@timestamp":"2022-10-19T20:03:50Z",>
Oct 19 20:03:56 redhat9 opensearch-dashboards[9486]: {"type":"response","@timestamp":"2022-10-19T20:03:>
[root@redhat9 vagrant]#

Update report - Wazuh indexer

Package https://packages-dev.wazuh.com/warehouse/test/4.4/rpm/wazuh-indexer-4.4.0-wp.1880.x86_64.rpm has been installed on Red Hat 7 and Red Hat 9 with different results when using init.d.
As can be seen in the following outputs, in Red Hat 7 the use of init.d does not present any problem (the wazuh-indexer service fails due to certificates), however, in Red Hat 9 there is a more complex error with init.d.
- service X status: No redirection, error in the service command itself.
- service X start: Redirection to systemctl is made and it fails by the daemon command.

Red Hat 7

[root@redhat7 vagrant]# cat /etc/os-release 
NAME="Red Hat Enterprise Linux Server"
VERSION="7.9 (Maipo)"
ID="rhel"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="7.9"
PRETTY_NAME="Red Hat Enterprise Linux Server 7.9 (Maipo)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:7.9:GA:server"
HOME_URL="https://www.redhat.com/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 7"
REDHAT_BUGZILLA_PRODUCT_VERSION=7.9
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="7.9"
[root@redhat7 vagrant]# wget https://packages-dev.wazuh.com/warehouse/test/4.4/rpm/wazuh-indexer-4.4.0-wp.1880.x86_64.rpm
--2022-10-19 20:29:30--  https://packages-dev.wazuh.com/warehouse/test/4.4/rpm/wazuh-indexer-4.4.0-wp.1880.x86_64.rpm
Resolving packages-dev.wazuh.com (packages-dev.wazuh.com)... 52.84.66.16, 52.84.66.124, 52.84.66.126, ...
Connecting to packages-dev.wazuh.com (packages-dev.wazuh.com)|52.84.66.16|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 416023164 (397M) [binary/octet-stream]
Saving to: ‘wazuh-indexer-4.4.0-wp.1880.x86_64.rpm’

100%[==============================================================>] 416,023,164  106MB/s   in 3.8s   

2022-10-19 20:29:34 (104 MB/s) - ‘wazuh-indexer-4.4.0-wp.1880.x86_64.rpm’ saved [416023164/416023164]

[root@redhat7 vagrant]# yum localinstall wazuh-indexer-4.4.0-wp.1880.x86_64.rpm -y
Loaded plugins: product-id, search-disabled-repos
Examining wazuh-indexer-4.4.0-wp.1880.x86_64.rpm: wazuh-indexer-4.4.0-wp.1880.x86_64
Marking wazuh-indexer-4.4.0-wp.1880.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package wazuh-indexer.x86_64 0:4.4.0-wp.1880 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================
Package             Arch         Version               Repository                                 Size
========================================================================================================
Installing:
wazuh-indexer       x86_64       4.4.0-wp.1880         /wazuh-indexer-4.4.0-wp.1880.x86_64       644 M

Transaction Summary
========================================================================================================
Install  1 Package

Total size: 644 M
Installed size: 644 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wazuh-indexer-4.4.0-wp.1880.x86_64                                                   1/1 
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
  Verifying  : wazuh-indexer-4.4.0-wp.1880.x86_64                                                   1/1 
epel/x86_64/metalink                                                             |  31 kB  00:00:00     
epel/x86_64                                                                      | 4.7 kB  00:00:00     
epel/x86_64/group_gz                                                             |  97 kB  00:00:00     
epel/x86_64/updateinfo                                                           | 1.0 MB  00:00:00     
epel/x86_64/primary_db                                                           | 7.0 MB  00:00:00     

Installed:
  wazuh-indexer.x86_64 0:4.4.0-wp.1880                                                                  

Complete!
[root@redhat7 vagrant]# service wazuh-indexer status
● wazuh-indexer.service - Wazuh-indexer
  Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; disabled; vendor preset: disabled)
  Active: inactive (dead)
    Docs: https://documentation.wazuh.com
[root@redhat7 vagrant]# service wazuh-indexer start
Starting wazuh-indexer (via systemctl):  Job for wazuh-indexer.service failed because the control process exited with error code. See "systemctl status wazuh-indexer.service" and "journalctl -xe" for details.
                                                          [FAILED]
[root@redhat7 vagrant]# service wazuh-indexer status
● wazuh-indexer.service - Wazuh-indexer
  Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; disabled; vendor preset: disabled)
  Active: failed (Result: exit-code) since Wed 2022-10-19 20:46:14 UTC; 6s ago
    Docs: https://documentation.wazuh.com
  Process: 3997 ExecStart=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet (code=exited, status=1/FAILURE)
Main PID: 3997 (code=exited, status=1/FAILURE)

Oct 19 20:46:14 redhat7 systemd-entrypoint[3997]: at org.opensearch.cli.EnvironmentAwareCommand.ex...04)
Oct 19 20:46:14 redhat7 systemd-entrypoint[3997]: at org.opensearch.cli.Command.mainWithoutErrorHa...38)
Oct 19 20:46:14 redhat7 systemd-entrypoint[3997]: at org.opensearch.cli.Command.main(Command.java:101)
Oct 19 20:46:14 redhat7 systemd-entrypoint[3997]: at org.opensearch.bootstrap.OpenSearch.main(Open...37)
Oct 19 20:46:14 redhat7 systemd-entrypoint[3997]: at org.opensearch.bootstrap.OpenSearch.main(Open...03)
Oct 19 20:46:14 redhat7 systemd-entrypoint[3997]: For complete error details, refer to the log at ...log
Oct 19 20:46:14 redhat7 systemd[1]: wazuh-indexer.service: main process exited, code=exited, stat...LURE
Oct 19 20:46:14 redhat7 systemd[1]: Failed to start Wazuh-indexer.
Oct 19 20:46:14 redhat7 systemd[1]: Unit wazuh-indexer.service entered failed state.
Oct 19 20:46:14 redhat7 systemd[1]: wazuh-indexer.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
[root@redhat7 vagrant]#

Red Hat 9

[root@redhat9 vagrant]# cat /etc/os-release 
NAME="Red Hat Enterprise Linux"
VERSION="9.0 (Plow)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="9.0"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Red Hat Enterprise Linux 9.0 (Plow)"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/red_hat_enterprise_linux/9/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_BUGZILLA_PRODUCT_VERSION=9.0
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.0"
[root@redhat9 vagrant]# wget https://packages-dev.wazuh.com/warehouse/test/4.4/rpm/wazuh-indexer-4.4.0-wp.1880.x86_64.rpm
--2022-10-19 20:30:22--  https://packages-dev.wazuh.com/warehouse/test/4.4/rpm/wazuh-indexer-4.4.0-wp.1880.x86_64.rpm
Resolving packages-dev.wazuh.com (packages-dev.wazuh.com)... 52.84.66.126, 52.84.66.16, 52.84.66.65, ...
Connecting to packages-dev.wazuh.com (packages-dev.wazuh.com)|52.84.66.126|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 416023164 (397M) [binary/octet-stream]
Saving to: ‘wazuh-indexer-4.4.0-wp.1880.x86_64.rpm.1’

wazuh-indexer-4.4.0-wp.18 100%[=====================================>] 396.75M   107MB/s    in 3.8s    

2022-10-19 20:30:26 (104 MB/s) - ‘wazuh-indexer-4.4.0-wp.1880.x86_64.rpm.1’ saved [416023164/416023164]

[root@redhat9 vagrant]# yum localinstall wazuh-indexer-4.4.0-wp.1880.x86_64.rpm -y
Extra Packages for Enterprise Linux 9 - x86_64                           10 MB/s |  11 MB     00:01    
Last metadata expiration check: 0:00:02 ago on Wed 19 Oct 2022 08:30:35 PM UTC.
Dependencies resolved.
========================================================================================================
Package                   Architecture       Version                    Repository                Size
========================================================================================================
Installing:
wazuh-indexer             x86_64             4.4.0-wp.1880              @commandline             397 M

Transaction Summary
========================================================================================================
Install  1 Package

Total size: 397 M
Installed size: 644 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                1/1 
  Running scriptlet: wazuh-indexer-4.4.0-wp.1880.x86_64                                             1/1 
  Installing       : wazuh-indexer-4.4.0-wp.1880.x86_64                                             1/1 
  Running scriptlet: wazuh-indexer-4.4.0-wp.1880.x86_64                                             1/1 
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore

Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory

  Verifying        : wazuh-indexer-4.4.0-wp.1880.x86_64                                             1/1 
Installed products updated.

Installed:
  wazuh-indexer-4.4.0-wp.1880.x86_64                                                                    

Complete!
[root@redhat9 vagrant]# service wazuh-indexer status
/etc/init.d/wazuh-indexer: line 124: status: command not found
[root@redhat9 vagrant]# service wazuh-indexer start
Starting wazuh-indexer: /bin/systemctl
/etc/init.d/wazuh-indexer: line 89: daemon: command not found

[root@redhat9 vagrant]# service wazuh-indexer status
/etc/init.d/wazuh-indexer: line 124: status: command not found
[root@redhat9 vagrant]# systemctl status wazuh-indexer
○ wazuh-indexer.service - Wazuh-indexer
    Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; disabled; vendor preset: disabled)
    Active: inactive (dead)
      Docs: https://documentation.wazuh.com
[root@redhat9 vagrant]#

Analyzing the service file of Wazuh indexer, it is observed that it fails in line 124 and 89

https://github.com/wazuh/wazuh-packages/blob/39db588c25039209a25adba05272a677c50b315f/stack/indexer/base/files/etc/init.d/wazuh-indexer#L89

https://github.com/wazuh/wazuh-packages/blob/39db588c25039209a25adba05272a677c50b315f/stack/indexer/base/files/etc/init.d/wazuh-indexer#L124

The installation of OpenSearch 2.3.0 produces the same result, so the error reported is derived from the OpenSearch code

OpenSearch 2.3.0 install

[root@redhat9 vagrant]# yum localinstall opensearch-2.3.0-linux-x64.rpm -y
Last metadata expiration check: 0:26:45 ago on Wed 19 Oct 2022 08:30:35 PM UTC.
Dependencies resolved.
========================================================================================================
Package                  Architecture         Version                 Repository                  Size
========================================================================================================
Installing:
opensearch               x86_64               2.3.0-1                 @commandline               397 M

Transaction Summary
========================================================================================================
Install  1 Package

Total size: 397 M
Installed size: 644 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                1/1 
  Running scriptlet: opensearch-2.3.0-1.x86_64                                                      1/1 
  Installing       : opensearch-2.3.0-1.x86_64                                                      1/1 
  Running scriptlet: opensearch-2.3.0-1.x86_64                                                      1/1 
/usr/lib/tmpfiles.d/opensearch.conf:1: Line references path below legacy directory /var/run/, updating /var/run/opensearch → /run/opensearch; please update the tmpfiles.d/ drop-in file accordingly.
### NOT starting on installation, please execute the following statements to configure opensearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable opensearch.service
### You can start opensearch service by executing
sudo systemctl start opensearch.service
### Create opensearch demo certificates in /etc/opensearch/
See demo certs creation log in /var/log/opensearch/install_demo_configuration.log

/usr/lib/tmpfiles.d/opensearch.conf:1: Line references path below legacy directory /var/run/, updating /var/run/opensearch → /run/opensearch; please update the tmpfiles.d/ drop-in file accordingly.

Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory

  Verifying        : opensearch-2.3.0-1.x86_64                                                      1/1 
Installed products updated.

Installed:
  opensearch-2.3.0-1.x86_64                                                                             

Complete!
[root@redhat9 vagrant]# ls -l /etc/init.d/opensearch 
-rw-r--r--. 1 root root 3599 Sep  9 00:11 /etc/init.d/opensearch
[root@redhat9 vagrant]# service opensearch status
env: ‘/etc/init.d/opensearch’: Permission denied
[root@redhat9 vagrant]# chmod +x /etc/init.d/opensearch 
[root@redhat9 vagrant]# service opensearch status
/etc/init.d/opensearch: line 123: status: command not found
[root@redhat9 vagrant]# service opensearch start
Starting opensearch: /etc/init.d/opensearch: line 91: daemon: command not found
[root@redhat9 vagrant]#

After applying the fix proposed for Wazuh dashboard (remove the service file from init.d), redirection to systemctl is performed. No error found.

OpenSearch 2.3.0 without init.d service file

[root@redhat9 vagrant]# mv /etc/init.d/opensearch /etc/init.d/opensearch.save
[root@redhat9 vagrant]# service opensearch status
Redirecting to /bin/systemctl status opensearch.service
○ opensearch.service - OpenSearch
    Loaded: loaded (/usr/lib/systemd/system/opensearch.service; disabled; vendor preset: disabled)
    Active: inactive (dead)
      Docs: https://opensearch.org/
[root@redhat9 vagrant]# service opensearch start
Redirecting to /bin/systemctl start opensearch.service
[root@redhat9 vagrant]# service opensearch status
Redirecting to /bin/systemctl status opensearch.service
● opensearch.service - OpenSearch
    Loaded: loaded (/usr/lib/systemd/system/opensearch.service; disabled; vendor preset: disabled)
    Active: active (running) since Wed 2022-10-19 21:00:10 UTC; 3s ago
      Docs: https://opensearch.org/
  Main PID: 4920 (java)
      Tasks: 66 (limit: 29537)
    Memory: 1.2G
        CPU: 16.912s
    CGroup: /system.slice/opensearch.service
            └─4920 /usr/share/opensearch/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.t>

Oct 19 20:59:59 redhat9 systemd[1]: Starting OpenSearch...
Oct 19 21:00:00 redhat9 systemd-entrypoint[4920]: WARNING: A terminally deprecated method in java.lang.>
Oct 19 21:00:00 redhat9 systemd-entrypoint[4920]: WARNING: System::setSecurityManager has been called b>
Oct 19 21:00:00 redhat9 systemd-entrypoint[4920]: WARNING: Please consider reporting this to the mainta>
Oct 19 21:00:00 redhat9 systemd-entrypoint[4920]: WARNING: System::setSecurityManager will be removed i>
Oct 19 21:00:01 redhat9 systemd-entrypoint[4920]: WARNING: A terminally deprecated method in java.lang.>
Oct 19 21:00:01 redhat9 systemd-entrypoint[4920]: WARNING: System::setSecurityManager has been called b>
Oct 19 21:00:01 redhat9 systemd-entrypoint[4920]: WARNING: Please consider reporting this to the mainta>
Oct 19 21:00:01 redhat9 systemd-entrypoint[4920]: WARNING: System::setSecurityManager will be removed i>
Oct 19 21:00:10 redhat9 systemd[1]: Started OpenSearch.
[root@redhat9 vagrant]#

Wazuh indexer without init.d service file

[root@redhat9 vagrant]# mv /etc/init.d/wazuh-indexer /etc/init.d/wazuh-indexer.save
[root@redhat9 vagrant]# service wazuh-indexer status
Redirecting to /bin/systemctl status wazuh-indexer.service
○ wazuh-indexer.service - Wazuh-indexer
    Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; disabled; vendor preset: disabled)
    Active: inactive (dead)
      Docs: https://documentation.wazuh.com
[root@redhat9 vagrant]# service wazuh-indexer start
Redirecting to /bin/systemctl start wazuh-indexer.service
Job for wazuh-indexer.service failed because the control process exited with error code.
See "systemctl status wazuh-indexer.service" and "journalctl -xeu wazuh-indexer.service" for details.
[root@redhat9 vagrant]# service wazuh-indexer status
Redirecting to /bin/systemctl status wazuh-indexer.service
× wazuh-indexer.service - Wazuh-indexer
    Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; disabled; vendor preset: disabled)
    Active: failed (Result: exit-code) since Wed 2022-10-19 21:02:10 UTC; 4s ago
      Docs: https://documentation.wazuh.com
    Process: 5242 ExecStart=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer>
  Main PID: 5242 (code=exited, status=1/FAILURE)
        CPU: 5.376s

Oct 19 21:02:10 redhat9 systemd-entrypoint[5242]:         at org.opensearch.cli.EnvironmentAwareCommand>
Oct 19 21:02:10 redhat9 systemd-entrypoint[5242]:         at org.opensearch.cli.Command.mainWithoutErro>
Oct 19 21:02:10 redhat9 systemd-entrypoint[5242]:         at org.opensearch.cli.Command.main(Command.ja>
Oct 19 21:02:10 redhat9 systemd-entrypoint[5242]:         at org.opensearch.bootstrap.OpenSearch.main(O>
Oct 19 21:02:10 redhat9 systemd-entrypoint[5242]:         at org.opensearch.bootstrap.OpenSearch.main(O>
Oct 19 21:02:10 redhat9 systemd-entrypoint[5242]: For complete error details, refer to the log at /var/>
Oct 19 21:02:10 redhat9 systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/F>
Oct 19 21:02:10 redhat9 systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
Oct 19 21:02:10 redhat9 systemd[1]: Failed to start Wazuh-indexer.
Oct 19 21:02:10 redhat9 systemd[1]: wazuh-indexer.service: Consumed 5.376s CPU time.
[root@redhat9 vagrant]#

Failed due to certificates

Oct 19 '22 12:10 rauldpm

Update report - Wazuh dashboard

Another possible solution has been found, which consists of hosting the file /etc/rc.d/init.d/functions and /etc/init.d/functions (they have the same content) so that they are installed on the system if these do not exist.
This produces the following problem: It is a system file that is maintained by the system and not us.
A test has been carried out on the systems: Red Hat 7, Red Hat 8, Red Hat 9, CentOS 7, CentOS 8, and Amazon Linux 2, replacing these files with the content provided by the Red Hat 7 system
All systems have been able to use the Wazuh indexer and Wazuh dashboard service through the service command, performing the native redirection to systemctl.
This option is discarded since we must not maintain or modify system files, this implies that the current solution adopted forces users to use the package through systemctl and the corresponding binary in systems that do not have systemctl or service

Test removing the service on Red Hat 9, same as the Wazuh server

Wazuh dashboard 4.4.0: https://devel.ci.wazuh.info/view/Packages/job/Packages_builder/8861/
Wazuh indexer 4.4.0: https://devel.ci.wazuh.info/view/Packages/job/Packages_builder/8863/

Wazuh dashboard install 4.4.0

Red Hat 7

[root@redhat7 vagrant]# ls -l /etc/init.d/
total 44
-rw-r--r--. 1 root root 18281 May 22  2020 functions
-rwxr-xr-x. 1 root root  4569 May 22  2020 netconsole
-rwxr-xr-x. 1 root root  7928 May 22  2020 network
-rw-r--r--. 1 root root  1160 May 12  2020 README
-rwxr-xr-x. 1 root root  2437 Oct 19  2017 rhnsd
[root@redhat7 vagrant]# yum localinstall wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm -y
Loaded plugins: product-id, search-disabled-repos
Examining wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm: wazuh-dashboard-4.4.0-wp.1880.x86_64
Marking wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package wazuh-dashboard.x86_64 0:4.4.0-wp.1880 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================
Package              Arch        Version              Repository                                  Size
========================================================================================================
Installing:
wazuh-dashboard      x86_64      4.4.0-wp.1880        /wazuh-dashboard-4.4.0-wp.1880.x86_64      709 M

Transaction Summary
========================================================================================================
Install  1 Package

Total size: 709 M
Installed size: 709 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wazuh-dashboard-4.4.0-wp.1880.x86_64                                                 1/1 
  Verifying  : wazuh-dashboard-4.4.0-wp.1880.x86_64                                                 1/1 
epel/x86_64/metalink                                                             |  31 kB  00:00:00     
epel/x86_64                                                                      | 4.7 kB  00:00:00     
epel/x86_64/group_gz                                                             |  97 kB  00:00:00     
epel/x86_64/updateinfo                                                           | 1.0 MB  00:00:00     
epel/x86_64/primary_db                                                           | 7.0 MB  00:00:00     

Installed:
  wazuh-dashboard.x86_64 0:4.4.0-wp.1880                                                                

Complete!
[root@redhat7 vagrant]# ls -l /etc/init.d/
total 48
-rw-r--r--. 1 root            root            18281 May 22  2020 functions
-rwxr-xr-x. 1 root            root             4569 May 22  2020 netconsole
-rwxr-xr-x. 1 root            root             7928 May 22  2020 network
-rw-r--r--. 1 root            root             1160 May 12  2020 README
-rwxr-xr-x. 1 root            root             2437 Oct 19  2017 rhnsd
-rwxr-x---. 1 wazuh-dashboard wazuh-dashboard  3682 Oct 20 15:07 wazuh-dashboard
[root@redhat7 vagrant]# service wazuh-dashboard status
wazuh-dashboard is not running
[root@redhat7 vagrant]# service wazuh-dashboard start
Starting wazuh-dashboard (via systemctl):                  [  OK  ]
[root@redhat7 vagrant]# service wazuh-dashboard status
wazuh-dashboard is not running
[root@redhat7 vagrant]# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
  Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled)
  Active: failed (Result: exit-code) since Thu 2022-10-20 15:25:28 UTC; 5s ago
  Process: 3973 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE)
Main PID: 3973 (code=exited, status=1/FAILURE)

Oct 20 15:25:24 redhat7 systemd[1]: Started wazuh-dashboard.
Oct 20 15:25:28 redhat7 opensearch-dashboards[3973]: {"type":"log","@timestamp":"2022-10-20T15:25:28Z","tags":["info","plugins-service"],"pid":3973,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 20 15:25:28 redhat7 opensearch-dashboards[3973]: {"type":"log","@timestamp":"2022-10-20T15:25:28Z","tags":["info","plugins-service"],"pid":3973,"message":"Plugin \"wizard\" is disabled."}
Oct 20 15:25:28 redhat7 opensearch-dashboards[3973]: {"type":"log","@timestamp":"2022-10-20T15:25:28Z","tags":["warning","config","deprecation"],"pid":3973,"message":"\"opensearch.requestHeadersW...Allowlist\""}
Oct 20 15:25:28 redhat7 opensearch-dashboards[3973]: {"type":"log","@timestamp":"2022-10-20T15:25:28Z","tags":["fatal","root"],"pid":3973,"message":"Error: ENOENT: no such file or directory, open... (/usr/share/
Oct 20 15:25:28 redhat7 opensearch-dashboards[3973]: FATAL  Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem'
Oct 20 15:25:28 redhat7 systemd[1]: wazuh-dashboard.service: main process exited, code=exited, status=1/FAILURE
Oct 20 15:25:28 redhat7 systemd[1]: Unit wazuh-dashboard.service entered failed state.
Oct 20 15:25:28 redhat7 systemd[1]: wazuh-dashboard.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
[root@redhat7 vagrant]#

Red Hat 9

[root@redhat9 vagrant]# ls -l /etc/init.d/
ls: cannot access '/etc/init.d/': No such file or directory
[root@redhat9 vagrant]# yum localinstall wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm -y
Extra Packages for Enterprise Linux 9 - x86_64                          6.1 MB/s |  11 MB     00:01    
Last metadata expiration check: 0:00:02 ago on Thu 20 Oct 2022 03:23:14 PM UTC.
Dependencies resolved.
========================================================================================================
Package                    Architecture      Version                     Repository               Size
========================================================================================================
Installing:
wazuh-dashboard            x86_64            4.4.0-wp.1880               @commandline            172 M

Transaction Summary
========================================================================================================
Install  1 Package

Total size: 172 M
Installed size: 709 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                1/1 
  Running scriptlet: wazuh-dashboard-4.4.0-wp.1880.x86_64                                           1/1 
  Installing       : wazuh-dashboard-4.4.0-wp.1880.x86_64                                           1/1 
  Running scriptlet: wazuh-dashboard-4.4.0-wp.1880.x86_64                                           1/1 
  Verifying        : wazuh-dashboard-4.4.0-wp.1880.x86_64                                           1/1 
Installed products updated.

Installed:
  wazuh-dashboard-4.4.0-wp.1880.x86_64                                                                  

Complete!
[root@redhat9 vagrant]# ls -l /etc/init.d/
total 0
[root@redhat9 vagrant]# service wazuh-dashboard status
Redirecting to /bin/systemctl status wazuh-dashboard.service
○ wazuh-dashboard.service - wazuh-dashboard
    Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled)
    Active: inactive (dead)
[root@redhat9 vagrant]# service wazuh-dashboard start
Redirecting to /bin/systemctl start wazuh-dashboard.service
[root@redhat9 vagrant]# service wazuh-dashboard status
Redirecting to /bin/systemctl status wazuh-dashboard.service
× wazuh-dashboard.service - wazuh-dashboard
    Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled)
    Active: failed (Result: exit-code) since Thu 2022-10-20 15:24:48 UTC; 141ms ago
    Process: 4459 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE)
  Main PID: 4459 (code=exited, status=1/FAILURE)
        CPU: 3.273s

Oct 20 15:24:44 redhat9 systemd[1]: Started wazuh-dashboard.
Oct 20 15:24:48 redhat9 opensearch-dashboards[4459]: {"type":"log","@timestamp":"2022-10-20T15:24:48Z","tags":["info","plugins-service"],"pid":4459,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 20 15:24:48 redhat9 opensearch-dashboards[4459]: {"type":"log","@timestamp":"2022-10-20T15:24:48Z","tags":["info","plugins-service"],"pid":4459,"message":"Plugin \"wizard\" is disabled."}
Oct 20 15:24:48 redhat9 opensearch-dashboards[4459]: {"type":"log","@timestamp":"2022-10-20T15:24:48Z","tags":["warning","config","deprecation"],"pid":4459,"message":"\"opensearch.requestHeadersWhitelist\" is d>
Oct 20 15:24:48 redhat9 opensearch-dashboards[4459]: {"type":"log","@timestamp":"2022-10-20T15:24:48Z","tags":["fatal","root"],"pid":4459,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-da>
Oct 20 15:24:48 redhat9 opensearch-dashboards[4459]:  FATAL  Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem'
Oct 20 15:24:48 redhat9 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE
Oct 20 15:24:48 redhat9 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'.
Oct 20 15:24:48 redhat9 systemd[1]: wazuh-dashboard.service: Consumed 3.273s CPU time.
[root@redhat9 vagrant]#

Wazuh dashboard upgrade 4.3.9 -> 4.4.0

Red Hat 7

[root@redhat7 vagrant]# ls -l /etc/init.d/
total 44
-rw-r--r--. 1 root root 18281 May 22  2020 functions
-rwxr-xr-x. 1 root root  4569 May 22  2020 netconsole
-rwxr-xr-x. 1 root root  7928 May 22  2020 network
-rw-r--r--. 1 root root  1160 May 12  2020 README
-rwxr-xr-x. 1 root root  2437 Oct 19  2017 rhnsd
[root@redhat7 vagrant]# yum localinstall wazuh-dashboard-4.3.9-1.x86_64.rpm -y
Loaded plugins: product-id, search-disabled-repos
Examining wazuh-dashboard-4.3.9-1.x86_64.rpm: wazuh-dashboard-4.3.9-1.x86_64
Marking wazuh-dashboard-4.3.9-1.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package wazuh-dashboard.x86_64 0:4.3.9-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================
Package                 Arch           Version           Repository                               Size
========================================================================================================
Installing:
wazuh-dashboard         x86_64         4.3.9-1           /wazuh-dashboard-4.3.9-1.x86_64         589 M

Transaction Summary
========================================================================================================
Install  1 Package

Total size: 589 M
Installed size: 589 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wazuh-dashboard-4.3.9-1.x86_64                                                       1/1 
  Verifying  : wazuh-dashboard-4.3.9-1.x86_64                                                       1/1 
epel/x86_64/metalink                                                             |  31 kB  00:00:00     
epel/x86_64                                                                      | 4.7 kB  00:00:00     
epel/x86_64/group_gz                                                             |  97 kB  00:00:00     
epel/x86_64/updateinfo                                                           | 1.0 MB  00:00:00     
epel/x86_64/primary_db                                                           | 7.0 MB  00:00:00     

Installed:
  wazuh-dashboard.x86_64 0:4.3.9-1                                                                      

Complete!
[root@redhat7 vagrant]# ls -l /etc/init.d/
total 48
-rw-r--r--. 1 root            root            18281 May 22  2020 functions
-rwxr-xr-x. 1 root            root             4569 May 22  2020 netconsole
-rwxr-xr-x. 1 root            root             7928 May 22  2020 network
-rw-r--r--. 1 root            root             1160 May 12  2020 README
-rwxr-xr-x. 1 root            root             2437 Oct 19  2017 rhnsd
-rwxr-x---. 1 wazuh-dashboard wazuh-dashboard  3599 Oct  6 18:35 wazuh-dashboard
[root@redhat7 vagrant]# yum localinstall wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm -y
Loaded plugins: product-id, search-disabled-repos
Examining wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm: wazuh-dashboard-4.4.0-wp.1880.x86_64
Marking wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm as an update to wazuh-dashboard-4.3.9-1.x86_64
Resolving Dependencies
--> Running transaction check
---> Package wazuh-dashboard.x86_64 0:4.3.9-1 will be updated
---> Package wazuh-dashboard.x86_64 0:4.4.0-wp.1880 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================
Package              Arch        Version              Repository                                  Size
========================================================================================================
Updating:
wazuh-dashboard      x86_64      4.4.0-wp.1880        /wazuh-dashboard-4.4.0-wp.1880.x86_64      709 M

Transaction Summary
========================================================================================================
Upgrade  1 Package

Total size: 709 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : wazuh-dashboard-4.4.0-wp.1880.x86_64                                                 1/2 
  Cleanup    : wazuh-dashboard-4.3.9-1.x86_64                                                       2/2 
  Verifying  : wazuh-dashboard-4.4.0-wp.1880.x86_64                                                 1/2 
  Verifying  : wazuh-dashboard-4.3.9-1.x86_64                                                       2/2 

Updated:
  wazuh-dashboard.x86_64 0:4.4.0-wp.1880                                                                

Complete!
[root@redhat7 vagrant]# ls -l /etc/init.d/
total 48
-rw-r--r--. 1 root            root            18281 May 22  2020 functions
-rwxr-xr-x. 1 root            root             4569 May 22  2020 netconsole
-rwxr-xr-x. 1 root            root             7928 May 22  2020 network
-rw-r--r--. 1 root            root             1160 May 12  2020 README
-rwxr-xr-x. 1 root            root             2437 Oct 19  2017 rhnsd
-rwxr-x---. 1 wazuh-dashboard wazuh-dashboard  3682 Oct 20 15:07 wazuh-dashboard
[root@redhat7 vagrant]# service wazuh-dashboard status
wazuh-dashboard is not running
[root@redhat7 vagrant]# service wazuh-dashboard start
Starting wazuh-dashboard (via systemctl):                  [  OK  ]
[root@redhat7 vagrant]# service wazuh-dashboard status
wazuh-dashboard is not running
[root@redhat7 vagrant]# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
  Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled)
  Active: failed (Result: exit-code) since Thu 2022-10-20 15:20:29 UTC; 11s ago
  Process: 4087 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE)
Main PID: 4087 (code=exited, status=1/FAILURE)

Oct 20 15:20:25 redhat7 systemd[1]: Started wazuh-dashboard.
Oct 20 15:20:29 redhat7 opensearch-dashboards[4087]: {"type":"log","@timestamp":"2022-10-20T15:20:29Z","tags":["info","plugins-service"],"pid":4087,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 20 15:20:29 redhat7 opensearch-dashboards[4087]: {"type":"log","@timestamp":"2022-10-20T15:20:29Z","tags":["info","plugins-service"],"pid":4087,"message":"Plugin \"wizard\" is disabled."}
Oct 20 15:20:29 redhat7 opensearch-dashboards[4087]: {"type":"log","@timestamp":"2022-10-20T15:20:29Z","tags":["warning","config","deprecation"],"pid":4087,"message":"\"opensearch.requestHeadersW...Allowlist\""}
Oct 20 15:20:29 redhat7 opensearch-dashboards[4087]: {"type":"log","@timestamp":"2022-10-20T15:20:29Z","tags":["fatal","root"],"pid":4087,"message":"Error: ENOENT: no such file or directory, open... (/usr/share/
Oct 20 15:20:29 redhat7 opensearch-dashboards[4087]: FATAL  Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem'
Oct 20 15:20:29 redhat7 systemd[1]: wazuh-dashboard.service: main process exited, code=exited, status=1/FAILURE
Oct 20 15:20:29 redhat7 systemd[1]: Unit wazuh-dashboard.service entered failed state.
Oct 20 15:20:29 redhat7 systemd[1]: wazuh-dashboard.service failed.
Hint: Some lines were ellipsized, use -l to

Red Hat 9

[root@redhat9 vagrant]# ls -l /etc/init.d/
ls: cannot access '/etc/init.d/': No such file or directory
[root@redhat9 vagrant]# yum localinstall wazuh-dashboard-4.3.9-1.x86_64.rpm -y
Extra Packages for Enterprise Linux 9 - x86_64                          7.6 MB/s |  11 MB     00:01    
Last metadata expiration check: 0:00:02 ago on Thu 20 Oct 2022 03:17:26 PM UTC.
Dependencies resolved.
========================================================================================================
Package                      Architecture        Version               Repository                 Size
========================================================================================================
Installing:
wazuh-dashboard              x86_64              4.3.9-1               @commandline              151 M

Transaction Summary
========================================================================================================
Install  1 Package

Total size: 151 M
Installed size: 589 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                1/1 
  Running scriptlet: wazuh-dashboard-4.3.9-1.x86_64                                                 1/1 
  Installing       : wazuh-dashboard-4.3.9-1.x86_64                                                 1/1 
  Running scriptlet: wazuh-dashboard-4.3.9-1.x86_64                                                 1/1 
  Verifying        : wazuh-dashboard-4.3.9-1.x86_64                                                 1/1 
Installed products updated.

Installed:
  wazuh-dashboard-4.3.9-1.x86_64                                                                        

Complete!
[root@redhat9 vagrant]# ls -l /etc/init.d/
total 4
-rwxr-x---. 1 wazuh-dashboard wazuh-dashboard 3599 Oct  6 18:35 wazuh-dashboard
[root@redhat9 vagrant]# yum localinstall wazuh-dashboard-4.4.0-wp.1880.x86_64.rpm -y
Last metadata expiration check: 0:01:15 ago on Thu 20 Oct 2022 03:17:26 PM UTC.
Dependencies resolved.
========================================================================================================
Package                    Architecture      Version                     Repository               Size
========================================================================================================
Upgrading:
wazuh-dashboard            x86_64            4.4.0-wp.1880               @commandline            172 M

Transaction Summary
========================================================================================================
Upgrade  1 Package

Total size: 172 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                1/1 
  Running scriptlet: wazuh-dashboard-4.4.0-wp.1880.x86_64                                           1/2 
  Upgrading        : wazuh-dashboard-4.4.0-wp.1880.x86_64                                           1/2 
  Running scriptlet: wazuh-dashboard-4.4.0-wp.1880.x86_64                                           1/2 
  Running scriptlet: wazuh-dashboard-4.3.9-1.x86_64                                                 2/2 
  Cleanup          : wazuh-dashboard-4.3.9-1.x86_64                                                 2/2 
  Running scriptlet: wazuh-dashboard-4.3.9-1.x86_64                                                 2/2 
  Running scriptlet: wazuh-dashboard-4.4.0-wp.1880.x86_64                                           2/2 
  Running scriptlet: wazuh-dashboard-4.3.9-1.x86_64                                                 2/2 
  Verifying        : wazuh-dashboard-4.4.0-wp.1880.x86_64                                           1/2 
  Verifying        : wazuh-dashboard-4.3.9-1.x86_64                                                 2/2 
Installed products updated.

Upgraded:
  wazuh-dashboard-4.4.0-wp.1880.x86_64                                                                  

Complete!
[root@redhat9 vagrant]# ls -l /etc/init.d/
total 0
[root@redhat9 vagrant]# service wazuh-dashboard status
Redirecting to /bin/systemctl status wazuh-dashboard.service
○ wazuh-dashboard.service - wazuh-dashboard
    Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled)
    Active: inactive (dead)
[root@redhat9 vagrant]# service wazuh-dashboard start
Redirecting to /bin/systemctl start wazuh-dashboard.service
[root@redhat9 vagrant]# service wazuh-dashboard status
Redirecting to /bin/systemctl status wazuh-dashboard.service
× wazuh-dashboard.service - wazuh-dashboard
    Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; disabled; vendor preset: disabled)
    Active: failed (Result: exit-code) since Thu 2022-10-20 15:21:31 UTC; 104ms ago
    Process: 4584 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml (code=exited, status=1/FAILURE)
  Main PID: 4584 (code=exited, status=1/FAILURE)
        CPU: 3.455s

Oct 20 15:21:27 redhat9 systemd[1]: Started wazuh-dashboard.
Oct 20 15:21:31 redhat9 opensearch-dashboards[4584]: {"type":"log","@timestamp":"2022-10-20T15:21:31Z","tags":["info","plugins-service"],"pid":4584,"message":"Plugin \"visTypeXy\" is disabled."}
Oct 20 15:21:31 redhat9 opensearch-dashboards[4584]: {"type":"log","@timestamp":"2022-10-20T15:21:31Z","tags":["info","plugins-service"],"pid":4584,"message":"Plugin \"wizard\" is disabled."}
Oct 20 15:21:31 redhat9 opensearch-dashboards[4584]: {"type":"log","@timestamp":"2022-10-20T15:21:31Z","tags":["warning","config","deprecation"],"pid":4584,"message":"\"opensearch.requestHeadersWhitelist\" is d>
Oct 20 15:21:31 redhat9 opensearch-dashboards[4584]: {"type":"log","@timestamp":"2022-10-20T15:21:31Z","tags":["fatal","root"],"pid":4584,"message":"Error: ENOENT: no such file or directory, open '/etc/wazuh-da>
Oct 20 15:21:31 redhat9 opensearch-dashboards[4584]:  FATAL  Error: ENOENT: no such file or directory, open '/etc/wazuh-dashboard/certs/dashboard-key.pem'
Oct 20 15:21:31 redhat9 systemd[1]: wazuh-dashboard.service: Main process exited, code=exited, status=1/FAILURE
Oct 20 15:21:31 redhat9 systemd[1]: wazuh-dashboard.service: Failed with result 'exit-code'.
Oct 20 15:21:31 redhat9 systemd[1]: wazuh-dashboard.service: Consumed 3.455s CPU time.
[root@redhat9 vagrant]#

Wazuh indexer install 4.4.0

Red Hat 7

[root@redhat7 vagrant]# ls -l /etc/init.d/
total 44
-rw-r--r--. 1 root root 18281 May 22  2020 functions
-rwxr-xr-x. 1 root root  4569 May 22  2020 netconsole
-rwxr-xr-x. 1 root root  7928 May 22  2020 network
-rw-r--r--. 1 root root  1160 May 12  2020 README
-rwxr-xr-x. 1 root root  2437 Oct 19  2017 rhnsd
[root@redhat7 vagrant]# yum localinstall wazuh-indexer-4.4.0-wp.1880.x86_64.rpm -y
Loaded plugins: product-id, search-disabled-repos
Examining wazuh-indexer-4.4.0-wp.1880.x86_64.rpm: wazuh-indexer-4.4.0-wp.1880.x86_64
Marking wazuh-indexer-4.4.0-wp.1880.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package wazuh-indexer.x86_64 0:4.4.0-wp.1880 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================
Package             Arch         Version               Repository                                 Size
========================================================================================================
Installing:
wazuh-indexer       x86_64       4.4.0-wp.1880         /wazuh-indexer-4.4.0-wp.1880.x86_64       644 M

Transaction Summary
========================================================================================================
Install  1 Package

Total size: 644 M
Installed size: 644 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wazuh-indexer-4.4.0-wp.1880.x86_64                                                   1/1 
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
  Verifying  : wazuh-indexer-4.4.0-wp.1880.x86_64                                                   1/1 
epel/x86_64/metalink                                                             |  31 kB  00:00:00     
epel/x86_64                                                                      | 4.7 kB  00:00:00     
epel/x86_64/group_gz                                                             |  97 kB  00:00:00     
epel/x86_64/updateinfo                                                           | 1.0 MB  00:00:00     
epel/x86_64/primary_db                                                           | 7.0 MB  00:00:00     

Installed:
  wazuh-indexer.x86_64 0:4.4.0-wp.1880                                                                  

Complete!
[root@redhat7 vagrant]# ls -l /etc/init.d/
total 48
-rw-r--r--. 1 root          root          18281 May 22  2020 functions
-rwxr-xr-x. 1 root          root           4569 May 22  2020 netconsole
-rwxr-xr-x. 1 root          root           7928 May 22  2020 network
-rw-r--r--. 1 root          root           1160 May 12  2020 README
-rwxr-xr-x. 1 root          root           2437 Oct 19  2017 rhnsd
-rw-r--r--. 1 wazuh-indexer wazuh-indexer  3703 Oct 20 15:38 wazuh-indexer
[root@redhat7 vagrant]# service wazuh-indexer status
env: /etc/init.d/wazuh-indexer: Permission denied
[root@redhat7 vagrant]# chmod +x /etc/init.d/wazuh-indexer 
[root@redhat7 vagrant]# service wazuh-indexer status
● wazuh-indexer.service - Wazuh-indexer
  Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; disabled; vendor preset: disabled)
  Active: inactive (dead)
    Docs: https://documentation.wazuh.com
[root@redhat7 vagrant]# service wazuh-indexer start
Starting wazuh-indexer (via systemctl):  Job for wazuh-indexer.service failed because the control process exited with error code. See "systemctl status wazuh-indexer.service" and "journalctl -xe" for details.
                                                          [FAILED]
[root@redhat7 vagrant]# service wazuh-indexer status
● wazuh-indexer.service - Wazuh-indexer
  Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; disabled; vendor preset: disabled)
  Active: failed (Result: exit-code) since Thu 2022-10-20 15:47:13 UTC; 9s ago
    Docs: https://documentation.wazuh.com
  Process: 4023 ExecStart=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet (code=exited, status=1/FAILURE)
Main PID: 4023 (code=exited, status=1/FAILURE)

Oct 20 15:47:13 redhat7 systemd-entrypoint[4023]: at org.opensearch.cli.EnvironmentAwareCommand.ex...04)
Oct 20 15:47:13 redhat7 systemd-entrypoint[4023]: at org.opensearch.cli.Command.mainWithoutErrorHa...38)
Oct 20 15:47:13 redhat7 systemd-entrypoint[4023]: at org.opensearch.cli.Command.main(Command.java:101)
Oct 20 15:47:13 redhat7 systemd-entrypoint[4023]: at org.opensearch.bootstrap.OpenSearch.main(Open...37)
Oct 20 15:47:13 redhat7 systemd-entrypoint[4023]: at org.opensearch.bootstrap.OpenSearch.main(Open...03)
Oct 20 15:47:13 redhat7 systemd-entrypoint[4023]: For complete error details, refer to the log at ...log
Oct 20 15:47:13 redhat7 systemd[1]: wazuh-indexer.service: main process exited, code=exited, stat...LURE
Oct 20 15:47:13 redhat7 systemd[1]: Failed to start Wazuh-indexer.
Oct 20 15:47:13 redhat7 systemd[1]: Unit wazuh-indexer.service entered failed state.
Oct 20 15:47:13 redhat7 systemd[1]: wazuh-indexer.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
[root@redhat7 vagrant]#

Red Hat 9

[root@redhat9 vagrant]# ls -l /etc/init.d
ls: cannot access '/etc/init.d': No such file or directory
[root@redhat9 vagrant]# yum localinstall wazuh-indexer-4.4.0-wp.1880.x86_64.rpm -y
Extra Packages for Enterprise Linux 9 - x86_64                          8.9 MB/s |  11 MB     00:01    
Last metadata expiration check: 0:00:02 ago on Thu 20 Oct 2022 03:46:18 PM UTC.
Dependencies resolved.
========================================================================================================
Package                   Architecture       Version                    Repository                Size
========================================================================================================
Installing:
wazuh-indexer             x86_64             4.4.0-wp.1880              @commandline             397 M

Transaction Summary
========================================================================================================
Install  1 Package

Total size: 397 M
Installed size: 644 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                1/1 
  Running scriptlet: wazuh-indexer-4.4.0-wp.1880.x86_64                                             1/1 
  Installing       : wazuh-indexer-4.4.0-wp.1880.x86_64                                             1/1 
  Running scriptlet: wazuh-indexer-4.4.0-wp.1880.x86_64                                             1/1 
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore

Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory

  Verifying        : wazuh-indexer-4.4.0-wp.1880.x86_64                                             1/1 
Installed products updated.

Installed:
  wazuh-indexer-4.4.0-wp.1880.x86_64                                                                    

Complete!
[root@redhat9 vagrant]# ls -l /etc/init.d/
total 0
[root@redhat9 vagrant]# service wazuh-indexer status
Redirecting to /bin/systemctl status wazuh-indexer.service
○ wazuh-indexer.service - Wazuh-indexer
    Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; disabled; vendor preset: disabled)
    Active: inactive (dead)
      Docs: https://documentation.wazuh.com
[root@redhat9 vagrant]# service wazuh-indexer start
Redirecting to /bin/systemctl start wazuh-indexer.service
Job for wazuh-indexer.service failed because the control process exited with error code.
See "systemctl status wazuh-indexer.service" and "journalctl -xeu wazuh-indexer.service" for details.
[root@redhat9 vagrant]# service wazuh-indexer status
Redirecting to /bin/systemctl status wazuh-indexer.service
× wazuh-indexer.service - Wazuh-indexer
    Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; disabled; vendor preset: disabled)
    Active: failed (Result: exit-code) since Thu 2022-10-20 15:47:57 UTC; 1s ago
      Docs: https://documentation.wazuh.com
    Process: 4479 ExecStart=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet (code=exited, status=1/FAILURE)
  Main PID: 4479 (code=exited, status=1/FAILURE)
        CPU: 5.223s

Oct 20 15:47:57 redhat9 systemd-entrypoint[4479]:         at org.opensearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:104)
Oct 20 15:47:57 redhat9 systemd-entrypoint[4479]:         at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138)
Oct 20 15:47:57 redhat9 systemd-entrypoint[4479]:         at org.opensearch.cli.Command.main(Command.java:101)
Oct 20 15:47:57 redhat9 systemd-entrypoint[4479]:         at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:137)
Oct 20 15:47:57 redhat9 systemd-entrypoint[4479]:         at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:103)
Oct 20 15:47:57 redhat9 systemd-entrypoint[4479]: For complete error details, refer to the log at /var/log/wazuh-indexer/wazuh-cluster.log
Oct 20 15:47:57 redhat9 systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/FAILURE
Oct 20 15:47:57 redhat9 systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
Oct 20 15:47:57 redhat9 systemd[1]: Failed to start Wazuh-indexer.
Oct 20 15:47:57 redhat9 systemd[1]: wazuh-indexer.service: Consumed 5.223s CPU time.
[root@redhat9 vagrant]#

Wazuh indexer upgrade 4.3.9 -> 4.4.0

Red Hat 7

[root@redhat7 vagrant]# ls -l /etc/init.d/
total 44
-rw-r--r--. 1 root root 18281 May 22  2020 functions
-rwxr-xr-x. 1 root root  4569 May 22  2020 netconsole
-rwxr-xr-x. 1 root root  7928 May 22  2020 network
-rw-r--r--. 1 root root  1160 May 12  2020 README
-rwxr-xr-x. 1 root root  2437 Oct 19  2017 rhnsd
[root@redhat7 vagrant]# yum localinstall wazuh-indexer-4.3
wazuh-indexer-4.3.9-1.x86_64.rpm
[root@redhat7 vagrant]# yum localinstall wazuh-indexer-4.3.9-1.x86_64.rpm -y
Loaded plugins: product-id, search-disabled-repos
Examining wazuh-indexer-4.3.9-1.x86_64.rpm: wazuh-indexer-4.3.9-1.x86_64
Marking wazuh-indexer-4.3.9-1.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package wazuh-indexer.x86_64 0:4.3.9-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================
Package                Arch            Version            Repository                              Size
========================================================================================================
Installing:
wazuh-indexer          x86_64          4.3.9-1            /wazuh-indexer-4.3.9-1.x86_64          614 M

Transaction Summary
========================================================================================================
Install  1 Package

Total size: 614 M
Installed size: 614 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : wazuh-indexer-4.3.9-1.x86_64                                                         1/1 
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
  Verifying  : wazuh-indexer-4.3.9-1.x86_64                                                         1/1 
epel/x86_64/metalink                                                             |  31 kB  00:00:00     
epel/x86_64                                                                      | 4.7 kB  00:00:00     
epel/x86_64/group_gz                                                             |  97 kB  00:00:00     
epel/x86_64/updateinfo                                                           | 1.0 MB  00:00:00     
epel/x86_64/primary_db                                                           | 7.0 MB  00:00:00     

Installed:
  wazuh-indexer.x86_64 0:4.3.9-1                                                                        

Complete!
[root@redhat7 vagrant]# ls -l /etc/init.d/
total 48
-rw-r--r--. 1 root root 18281 May 22  2020 functions
-rwxr-xr-x. 1 root root  4569 May 22  2020 netconsole
-rwxr-xr-x. 1 root root  7928 May 22  2020 network
-rw-r--r--. 1 root root  1160 May 12  2020 README
-rwxr-xr-x. 1 root root  2437 Oct 19  2017 rhnsd
-rwxr-x---. 1 root root  3703 Oct  6 14:28 wazuh-indexer
[root@redhat7 vagrant]# yum localinstall wazuh-indexer-4.4.0-wp.1880.x86_64.rpm -y
Loaded plugins: product-id, search-disabled-repos
Examining wazuh-indexer-4.4.0-wp.1880.x86_64.rpm: wazuh-indexer-4.4.0-wp.1880.x86_64
Marking wazuh-indexer-4.4.0-wp.1880.x86_64.rpm as an update to wazuh-indexer-4.3.9-1.x86_64
Resolving Dependencies
--> Running transaction check
---> Package wazuh-indexer.x86_64 0:4.3.9-1 will be updated
---> Package wazuh-indexer.x86_64 0:4.4.0-wp.1880 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================
Package             Arch         Version               Repository                                 Size
========================================================================================================
Updating:
wazuh-indexer       x86_64       4.4.0-wp.1880         /wazuh-indexer-4.4.0-wp.1880.x86_64       644 M

Transaction Summary
========================================================================================================
Upgrade  1 Package

Total size: 644 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : wazuh-indexer-4.4.0-wp.1880.x86_64                                                   1/2 
  Cleanup    : wazuh-indexer-4.3.9-1.x86_64                                                         2/2 
  Verifying  : wazuh-indexer-4.4.0-wp.1880.x86_64                                                   1/2 
  Verifying  : wazuh-indexer-4.3.9-1.x86_64                                                         2/2 

Updated:
  wazuh-indexer.x86_64 0:4.4.0-wp.1880                                                                  

Complete!
[root@redhat7 vagrant]# ls -l /etc/init.d/
total 48
-rw-r--r--. 1 root          root          18281 May 22  2020 functions
-rwxr-xr-x. 1 root          root           4569 May 22  2020 netconsole
-rwxr-xr-x. 1 root          root           7928 May 22  2020 network
-rw-r--r--. 1 root          root           1160 May 12  2020 README
-rwxr-xr-x. 1 root          root           2437 Oct 19  2017 rhnsd
-rw-r--r--. 1 wazuh-indexer wazuh-indexer  3703 Oct 20 15:38 wazuh-indexer
[root@redhat7 vagrant]# service wazuh-indexer status
env: /etc/init.d/wazuh-indexer: Permission denied
[root@redhat7 vagrant]# chmod +x /etc/init.d/wazuh-indexer 
[root@redhat7 vagrant]# service wazuh-indexer status
● wazuh-indexer.service - Wazuh-indexer
  Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; disabled; vendor preset: disabled)
  Active: inactive (dead)
    Docs: https://documentation.wazuh.com
[root@redhat7 vagrant]# service wazuh-indexer start
Starting wazuh-indexer (via systemctl):  Job for wazuh-indexer.service failed because the control process exited with error code. See "systemctl status wazuh-indexer.service" and "journalctl -xe" for details.
                                                          [FAILED]
[root@redhat7 vagrant]# service wazuh-indexer status
● wazuh-indexer.service - Wazuh-indexer
  Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; disabled; vendor preset: disabled)
  Active: failed (Result: exit-code) since Thu 2022-10-20 15:53:15 UTC; 4s ago
    Docs: https://documentation.wazuh.com
  Process: 4197 ExecStart=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet (code=exited, status=1/FAILURE)
Main PID: 4197 (code=exited, status=1/FAILURE)

Oct 20 15:53:14 redhat7 systemd-entrypoint[4197]: at org.opensearch.cli.EnvironmentAwareCommand.ex...04)
Oct 20 15:53:14 redhat7 systemd-entrypoint[4197]: at org.opensearch.cli.Command.mainWithoutErrorHa...38)
Oct 20 15:53:14 redhat7 systemd-entrypoint[4197]: at org.opensearch.cli.Command.main(Command.java:101)
Oct 20 15:53:14 redhat7 systemd-entrypoint[4197]: at org.opensearch.bootstrap.OpenSearch.main(Open...37)
Oct 20 15:53:14 redhat7 systemd-entrypoint[4197]: at org.opensearch.bootstrap.OpenSearch.main(Open...03)
Oct 20 15:53:14 redhat7 systemd-entrypoint[4197]: For complete error details, refer to the log at ...log
Oct 20 15:53:15 redhat7 systemd[1]: wazuh-indexer.service: main process exited, code=exited, stat...LURE
Oct 20 15:53:15 redhat7 systemd[1]: Failed to start Wazuh-indexer.
Oct 20 15:53:15 redhat7 systemd[1]: Unit wazuh-indexer.service entered failed state.
Oct 20 15:53:15 redhat7 systemd[1]: wazuh-indexer.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
[root@redhat7 vagrant]# yum remove wazuh-indexer.x86_64 -y
Loaded plugins: product-id, search-disabled-repos
Resolving Dependencies
--> Running transaction check
---> Package wazuh-indexer.x86_64 0:4.4.0-wp.1880 will be erased
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================
Package             Arch         Version              Repository                                  Size
========================================================================================================
Removing:
wazuh-indexer       x86_64       4.4.0-wp.1880        @/wazuh-indexer-4.4.0-wp.1880.x86_64       644 M

Transaction Summary
========================================================================================================
Remove  1 Package

Installed size: 644 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Stopping wazuh-indexer service... OK
  Erasing    : wazuh-indexer-4.4.0-wp.1880.x86_64                                                   1/1 
  Verifying  : wazuh-indexer-4.4.0-wp.1880.x86_64                                                   1/1 

Removed:
  wazuh-indexer.x86_64 0:4.4.0-wp.1880                                                                  

Complete!
[root@redhat7 vagrant]# ls -l /etc/init.d/
total 44
-rw-r--r--. 1 root root 18281 May 22  2020 functions
-rwxr-xr-x. 1 root root  4569 May 22  2020 netconsole
-rwxr-xr-x. 1 root root  7928 May 22  2020 network
-rw-r--r--. 1 root root  1160 May 12  2020 README
-rwxr-xr-x. 1 root root  2437 Oct 19  2017 rhnsd
[root@redhat7 vagrant]#

Red Hat 9

[root@redhat9 vagrant]# ls -l /etc/init.d/
ls: cannot access '/etc/init.d/': No such file or directory
[root@redhat9 vagrant]# yum localinstall wazuh-indexer-4.3.9-1.x86_64.rpm -y
Extra Packages for Enterprise Linux 9 - x86_64                          6.2 MB/s |  11 MB     00:01    
Last metadata expiration check: 0:00:02 ago on Thu 20 Oct 2022 03:51:06 PM UTC.
Dependencies resolved.
========================================================================================================
Package                    Architecture        Version                 Repository                 Size
========================================================================================================
Installing:
wazuh-indexer              x86_64              4.3.9-1                 @commandline              361 M

Transaction Summary
========================================================================================================
Install  1 Package

Total size: 361 M
Installed size: 614 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                1/1 
  Running scriptlet: wazuh-indexer-4.3.9-1.x86_64                                                   1/1 
  Installing       : wazuh-indexer-4.3.9-1.x86_64                                                   1/1 
  Running scriptlet: wazuh-indexer-4.3.9-1.x86_64                                                   1/1 
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore

Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory

  Verifying        : wazuh-indexer-4.3.9-1.x86_64                                                   1/1 
Installed products updated.

Installed:
  wazuh-indexer-4.3.9-1.x86_64                                                                          

Complete!
[root@redhat9 vagrant]# ls -l /etc/init.d/
total 4
-rwxr-x---. 1 root root 3703 Oct  6 14:28 wazuh-indexer
[root@redhat9 vagrant]# yum localinstall wazuh-indexer-4.4.0-wp.1880.x86_64.rpm -y
Last metadata expiration check: 0:00:51 ago on Thu 20 Oct 2022 03:51:06 PM UTC.
Dependencies resolved.
========================================================================================================
Package                   Architecture       Version                    Repository                Size
========================================================================================================
Upgrading:
wazuh-indexer             x86_64             4.4.0-wp.1880              @commandline             397 M

Transaction Summary
========================================================================================================
Upgrade  1 Package

Total size: 397 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                1/1 
  Running scriptlet: wazuh-indexer-4.4.0-wp.1880.x86_64                                             1/2 
  Upgrading        : wazuh-indexer-4.4.0-wp.1880.x86_64                                             1/2 
  Running scriptlet: wazuh-indexer-4.4.0-wp.1880.x86_64                                             1/2 
  Running scriptlet: wazuh-indexer-4.3.9-1.x86_64                                                   2/2 
  Cleanup          : wazuh-indexer-4.3.9-1.x86_64                                                   2/2 
  Running scriptlet: wazuh-indexer-4.3.9-1.x86_64                                                   2/2 
  Running scriptlet: wazuh-indexer-4.4.0-wp.1880.x86_64                                             2/2 
  Running scriptlet: wazuh-indexer-4.3.9-1.x86_64                                                   2/2 
Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory

  Verifying        : wazuh-indexer-4.4.0-wp.1880.x86_64                                             1/2 
  Verifying        : wazuh-indexer-4.3.9-1.x86_64                                                   2/2 
Installed products updated.

Upgraded:
  wazuh-indexer-4.4.0-wp.1880.x86_64                                                                    

Complete!
[root@redhat9 vagrant]# ls -l /etc/init.d/
total 0
[root@redhat9 vagrant]# service wazuh-indexer status
Redirecting to /bin/systemctl status wazuh-indexer.service
○ wazuh-indexer.service - Wazuh-indexer
    Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; disabled; vendor preset: disabled)
    Active: inactive (dead)
      Docs: https://documentation.wazuh.com
[root@redhat9 vagrant]# service wazuh-indexer start
Redirecting to /bin/systemctl start wazuh-indexer.service
Job for wazuh-indexer.service failed because the control process exited with an error code.
See "systemctl status wazuh-indexer.service" and "journalctl -xeu wazuh-indexer.service" for details.
[root@redhat9 vagrant]#

Wazuh dashboard and Wazuh indexer stack tests

System	Build	Result	Artifacts
CentOS 7	https://devel.ci.wazuh.info/view/Tests/job/Test_install_stack/546/console	:green_circle:	archive_CentOS7.zip
CentOS 8	https://devel.ci.wazuh.info/view/Tests/job/Test_install_stack/547/console	:green_circle:	archive_CentOS8.zip
Red Hat 7	https://devel.ci.wazuh.info/view/Tests/job/Test_install_stack/548/console	:green_circle:	archive_RedHat7.zip
Red Hat 8	https://devel.ci.wazuh.info/view/Tests/job/Test_install_stack/549/console	:green_circle:	archive_RedHat8.zip
Red Hat 9	https://devel.ci.wazuh.info/view/Tests/job/Test_install_stack/550/console	:green_circle:	archive_RedHat9.zip
Amazon Linux 2	https://devel.ci.wazuh.info/view/Tests/job/Test_install_stack/551/console	:green_circle:	archive_AmazonLinux2.zip

About CentOS 9 Stream and Fedora 36

A different behavior has been found for the Wazuh server regarding the init.d service.
In the proposed fix for the Wazuh dashboard and Wazuh indexer, the value of NAME and VERSION of the /etc/os-release file is checked, so if NAME contains the value Red Hat Enterprise Linux and VERSION contains the value 9 or higher, the service in init.d is removed. This is the behavior that is performed in the Wazuh server SPEC file, so it is expected that the Wazuh indexer and Wazuh dashboard do not remove the init.d service on CentOS 9 Stream and Fedora 36 systems, however, Wazuh server does not install the file in the init.d directory and the cause of this has not been found in the Wazuh server SPEC file.
In any case, CentOS 9 Stream and Fedora 36 are not systems on the recommended list, so they cannot be taken into account explicitly. If these systems were to be part of the list of recommended systems at some point, it would suffice to add in the conditional what is necessary for it to match according to the /etc/os-release file.

Oct 20 '22 14:10 rauldpm

Update report

After an investigation of the problem in CentOS 9 Stream and Fedora 36, the following has been discovered:

The behavior of the Wazuh dashboard and Wazuh indexer is the same as the Wazuh server
- CentOS 7: init.d services are created in /etc/rc.d/init.d
- CentOS 9 Stream: init.d services are created in /etc/rc.d/init.d
- Red Hat 7: init.d services are created in /etc/rc.d/init.d
- Red Hat 9: init.d services are not created in /etc/rc.d/init.d

This behavior of the Wazuh dashboard and Wazuh indexer differs from OpenSearch and OpenSearch dashboards, which in CentOS 9 Stream and Red Hat 9 install the init.d service in /etc/init.d, this is because these systems have left to actively use init.d in favor of systemd and that directory is no longer a link to /etc/rc.d/init.d, thus presenting the errors reported in this issue.

That said since such systems are not on the recommended list, no further action is required for such behavior in the CentOS 9 Stream and Fedora 36 systems with the Wazuh server install process.

The changes requested in the pull requests have been worked on.

Oct 21 '22 16:10 rauldpm

wazuh-packages
wazuh-packages copied to clipboard

Review the behavior of the Wazuh dashboard logs with init.d

Description

Tasks

Wazuh dashboard

Wazuh indexer

Validation

Wazuh dashboard

Wazuh indexer

Update report - Wazuh dashboard

Installing OpenSearch Dashboard on Red Hat 7 and Red Hat 9

Update report - Wazuh dashboard

Recommended systems tests with the third solution

Update report - Wazuh dashboard

Wazuh installation assistant

Update report - Wazuh indexer

Update report - Wazuh dashboard

Test removing the service on Red Hat 9, same as the Wazuh server

Wazuh dashboard and Wazuh indexer stack tests

About CentOS 9 Stream and Fedora 36

Update report

wazuh-packages wazuh-packages copied to clipboard

Review the behavior of the Wazuh dashboard logs with init.d

Description

Tasks

Wazuh dashboard

Wazuh indexer

Validation

Wazuh dashboard

Wazuh indexer

Update report - Wazuh dashboard

Installing OpenSearch Dashboard on Red Hat 7 and Red Hat 9

Update report - Wazuh dashboard

Recommended systems tests with the third solution

Update report - Wazuh dashboard

Wazuh installation assistant

Update report - Wazuh indexer

Update report - Wazuh dashboard

Test removing the service on Red Hat 9, same as the Wazuh server

Wazuh dashboard and Wazuh indexer stack tests

About CentOS 9 Stream and Fedora 36

Update report

wazuh-packages
wazuh-packages copied to clipboard