opencti icon indicating copy to clipboard operation
opencti copied to clipboard

Published 20 hours ago verified publisher icon OpenCTI-Platform

Multiple Startup errors with migration from 5.2.4 to 5.3.7

Open smclinden opened this issue 2 years ago • 1 comments

Description

Environment

  1. Ubuntu 18.04
  2. OpenCTI 5.3.7
  3. OpenCTI client: frontend
  4. Other environment details:

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Untar and configure the distribution
  2. Build According to Instructions (separate ES and RabbitMQ server
  3. See below

Expected Output

OpenCTI should start

Actual Output

Persisted queries are enabled and are using an unbounded cache. Your server is vulnerable to denial of service attacks via memory exhaustion. Set `cache: "bounded"` or `persistedQuer
ies: false` in your ApolloServer constructor, or see https://go.apollo.dev/s/cache-backends for other alternatives.

{"category":"APP","level":"info","message":"[OPENCTI] Starting platform","timestamp":"2022-08-11T19:59:31.155Z","version":"5.3.7"}
{"category":"APP","level":"info","message":"[OPENCTI] Checking dependencies statuses","timestamp":"2022-08-11T19:59:31.157Z","version":"5.3.7"}
{"category":"APP","level":"info","message":"[SEARCH ENGINE] Elasticsearch (7.15.0) client selected / runtime sorting enabled","timestamp":"2022-08-11T19:59:31.185Z","version":"5.3.7"
}
{"category":"APP","level":"info","message":"[CHECK] Search engine is alive","timestamp":"2022-08-11T19:59:31.186Z","version":"5.3.7"}
{"category":"APP","level":"info","message":"[CHECK] Minio is alive","timestamp":"2022-08-11T19:59:31.198Z","version":"5.3.7"}
{"category":"APP","level":"info","message":"[CHECK] RabbitMQ is alive","timestamp":"2022-08-11T19:59:31.263Z","version":"5.3.7"}
{"category":"APP","level":"info","message":"[CHECK] Redis is alive","timestamp":"2022-08-11T19:59:31.270Z","version":"5.3.7"}
{"category":"APP","level":"info","message":"[CHECK] Python3 is available","timestamp":"2022-08-11T19:59:31.621Z","version":"5.3.7"}
{"category":"APP","level":"info","message":"[OPENCTI-MODULE] Initializing cache manager","timestamp":"2022-08-11T19:59:31.622Z","version":"5.3.7"}
{"category":"APP","level":"info","message":"[REDIS] Redis 'Pubsub subscriber' client ready","timestamp":"2022-08-11T19:59:32.706Z","version":"5.3.7"}
{"category":"APP","level":"info","message":"[OPENCTI-MODULE] Cache manager initialized","timestamp":"2022-08-11T19:59:32.707Z","version":"5.3.7"}
{"category":"APP","level":"info","message":"[REDIS] Redis 'Client context' client ready","timestamp":"2022-08-11T19:59:32.711Z","version":"5.3.7"}
{"category":"APP","level":"info","message":"[INIT] Starting platform initialization","timestamp":"2022-08-11T19:59:32.713Z","version":"5.3.7"}
{"category":"APP","level":"info","message":"[INIT] Existing platform detected, initialization...","timestamp":"2022-08-11T19:59:32.759Z","version":"5.3.7"}
{"category":"APP","level":"info","message":"[INIT] admin user initialized","timestamp":"2022-08-11T19:59:35.345Z","version":"5.3.7"}
{"category":"APP","level":"info","message":"[MIGRATION] Read 18 migrations from the database","timestamp":"2022-08-11T19:59:40.921Z","version":"5.3.7"}
{"category":"APP","level":"info","message":"[MIGRATION] 6 migrations will be executed","timestamp":"2022-08-11T19:59:40.922Z","version":"5.3.7"}
{"category":"APP","level":"info","message":"[MIGRATION] Cleaning located-at relationships between Sectors and Locations","timestamp":"2022-08-11T19:59:40.923Z","version":"5.3.7"}
{"category":"APP","level":"info","message":"[MIGRATION] Cleaning located-at relationships between Sectors and Locations done in 189 ms","timestamp":"2022-08-11T19:59:41.112Z","versio
n":"5.3.7"}
{"category":"APP","level":"info","message":"[MIGRATION] Saving current configuration, 1650287551439-remove_sector_locations.js","timestamp":"2022-08-11T19:59:42.198Z","version":"5.3.
7"}
{"category":"APP","level":"info","message":"[MIGRATION] Starting 1651939301056-workflow_rename.js","timestamp":"2022-08-11T19:59:42.199Z","version":"5.3.7"}
{"category":"APP","level":"info","message":"[MIGRATION] 1651939301056-workflow_rename.js finished","timestamp":"2022-08-11T20:00:56.843Z","version":"5.3.7"}
{"category":"APP","level":"info","message":"[MIGRATION] Saving current configuration, 1651939301056-workflow_rename.js","timestamp":"2022-08-11T20:00:57.397Z","version":"5.3.7"}
{"category":"APP","level":"info","message":"[MIGRATION] Starting 1652114181368-entities_rename.js","timestamp":"2022-08-11T20:00:57.397Z","version":"5.3.7"}
{"category":"APP","level":"info","message":"[MIGRATION] Renaming entity X-OpenCTI-Cryptographic-Key","timestamp":"2022-08-11T20:00:57.398Z","version":"5.3.7"}
{"category":"APP","level":"info","message":"[MIGRATION] Renaming entity X-OpenCTI-Cryptocurrency-Wallet","timestamp":"2022-08-11T20:00:57.406Z","version":"5.3.7"}
{"category":"APP","level":"info","message":"[MIGRATION] Renaming entity X-OpenCTI-Hostname","timestamp":"2022-08-11T20:01:06.518Z","version":"5.3.7"}
{"category":"APP","error":{"context":{"category":"technical","error":{"meta":{"body":{"batches":1,"deleted":0,"failures":[{"cause":{"index":"opencti_stix_cyber_observables","index_uu
id":"Jv2In_VxS_WfJhBKvBE1lg","reason":"[ed05a5a3-6c9f-4e44-9bc2-a620c3742827]: version conflict, required seqNo [3802330], primary term [7]. current document has seqNo [11667612] and
 primary term [17]","shard":"0","type":"version_conflict_engine_exception"},"id":"ed05a5a3-6c9f-4e44-9bc2-a620c3742827","index":"opencti_stix_cyber_observables","status":409,"type":"
_doc"},{"cause":{"index":"opencti_stix_cyber_observables","index_uuid":"Jv2In_VxS_WfJhBKvBE1lg","reason":"[b379aa5f-61a5-4654-88cc-37b9b0181068]: version conflict, required seqNo [38
02517], primary term [7]....

Additional information

Screenshots (optional)

opencti.txt

smclinden avatar Aug 11 '22 20:08 smclinden

Hi @smclinden , do you think its possible to have a snapshot of your elasticsearch opencti indices? Thanks

richard-julien avatar Aug 12 '22 07:08 richard-julien

Yes I can do that. But two other things appear not to be working. First, the default admin account appears to be contiually logging in. I have hundreds of lines like the following:

{"auth":{"email":"[email protected]","ip":"10.223.130.132","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource
":{"provider":"Bearer"},"timestamp":"2022-08-15T13:43:39.835Z","version":"5.3.7"}

Second, LDAP authentication has broken since the upgrade. Here is the config (unchanged from prior instances):

    "ldap": {

    "strategy": "LdapStrategy",

        "config": {

      "url": "ldap://dc01.org.com:389",

      "bindDN": "cn=srv-itsecops,ou=Service Accounts,ou=EnterpriseGroups,dc=org,dc=com",

      "bindCredentials": "**********",

      "searchBase": "dc=org,dc=com",

      "searchFilter": "(&(objectCategory=Person)(sAMAccountName={{username}})(memberOf=CN=ITSecurity-OPS,OU=AutoManagedGroups,OU=EnterpriseGroups,DC=org,DC=com))",

      "accountAttribute": "name",

          "mailAttrubute": "userPrincipalName"    

    }

    },

smclinden avatar Aug 15 '22 15:08 smclinden 

curl -X GET "localhost:9200/_cat/indices/my-index-*?v=true&s=index&pretty"
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size

smclinden avatar Aug 15 '22 15:08 smclinden

HI @smclinden , i find the problem for the migration and push a fix for the next version. (Was due to elastic timeout system on update by query)

If you finally managed to move to 5.3.7 and have some issues please open other tickets to not mix every subject here.

richard-julien avatar Aug 15 '22 15:08 richard-julien