wazuh-packages icon indicating copy to clipboard operation
wazuh-packages copied to clipboard

Published 20 hours ago verified publisher icon wazuh

`apt remove --purge` command does not remove `/var/lib/wazuh-indexer` directory

Open rauldpm opened this issue 2 years ago • 2 comments

Wazuh version Install type Action performed Platform
4.3.4 Wazuh indexer Remove Ubuntu Focal

When uninstalling the Wazuh indexer 4.3.4 package, I have noticed that certain files are not removed even using --purge option.

root@ubuntu20:/home/vagrant# apt remove --purge wazuh-indexer 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages will be REMOVED:
  wazuh-indexer*
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
After this operation, 639 MB disk space will be freed.
Do you want to continue? [Y/n] Y
(Reading database ... 112273 files and directories currently installed.)
Removing wazuh-indexer (4.3.4-1) ...
Stopping wazuh-indexer service... OK
(Reading database ... 111340 files and directories currently installed.)
Purging configuration files for wazuh-indexer (4.3.4-1) ...
Deleting configuration directory... OK
dpkg: warning: while removing wazuh-indexer, directory '/usr/lib/systemd/system' not empty so not removed
dpkg: warning: while removing wazuh-indexer, directory '/var/lib/wazuh-indexer' not empty so not removed
Processing triggers for systemd (245.4-4ubuntu3.15) ...
root@ubuntu20:/home/vagrant# ls -l /var/lib/wazuh-indexer/
total 12
-rw-r--r-- 1 112 122 6 Jun  9 20:58 batch_metrics_enabled.conf
-rw-r--r-- 1 112 122 5 Jun  9 20:58 performance_analyzer_enabled.conf
-rw-r--r-- 1 112 122 5 Jun  9 20:58 rca_enabled.conf

rauldpm avatar Jun 09 '22 21:06 rauldpm

As we discussed the mentioned behavior is the recommended by the package maintainer guidelines. The folders and files created by the software (Not the package) shouldn't be managed by the package. ElasticSearch and OpenSearch apply the same procedure.

(Tested Opensearch on RPM environment, not DEB)

# ls -lah /var/lib/elasticsearch/
total 12K
drwxr-s---  3 elasticsearch elasticsearch 4.0K Jul  4 12:40 .
drwxr-xr-x 40 root          root          4.0K Jul  4 12:38 ..
drwxr-sr-x  3 elasticsearch elasticsearch 4.0K Jul  4 12:40 nodes

# apt purge elasticsearch-oss
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages will be REMOVED:
  elasticsearch-oss*
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
After this operation, 420 MB disk space will be freed.
Do you want to continue? [Y/n] y
(Reading database ... 63959 files and directories currently installed.)
Removing elasticsearch-oss (7.10.2) ...
Stopping elasticsearch service... OK
Deleting log directory... OK
(Reading database ... 63245 files and directories currently installed.)
Purging configuration files for elasticsearch-oss (7.10.2) ...
dpkg: warning: while removing elasticsearch-oss, directory '/var/lib/elasticsearch' not empty so not removed
dpkg: warning: while removing elasticsearch-oss, directory '/usr/lib/systemd/system' not empty so not removed
Processing triggers for systemd (245.4-4ubuntu3.13) ...

# ls -lah /var/lib/elasticsearch/
total 12K
drwxr-s---  3  112  120 4.0K Jul  4 12:40 .
drwxr-xr-x 40 root root 4.0K Jul  4 12:38 ..
drwxr-sr-x  3  112  120 4.0K Jul  4 12:40 nodes

okynos avatar Jul 04 '22 12:07 okynos

To be solved in the fork.

alberpilot avatar Jul 11 '22 09:07 alberpilot

Blocked by https://github.com/wazuh/wazuh-indexer/issues/4

gdiazlo avatar Aug 22 '23 08:08 gdiazlo

I agree with what was mentioned here.

This is how the package managers work. There is nothing we can do aside from deleting these folders manually.

AlexRuiz7 avatar Jan 30 '24 18:01 AlexRuiz7