wazuh-packages
wazuh-packages copied to clipboard
Published
20 hours ago •
wazuh
wazuh
Error message when installing indexer in RHEL 9
| Wazuh version | Install type | Action performed | Platform |
|---|---|---|---|
| 4.3.4 | indexer | Install/Upgrade/Remove | OS version |
When installing Wazuh indexer in RHEL 9 the following message appears:
Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory
This message also appears when installing Opensearch, and seems to be related to increasing the entropy of the system.
As mentioned here https://lkml.org/lkml/2022/6/20/925 the read_wakeup_threshold file is removed. It doesn't make any change to the system anymore.
Removed after 5.4 Kernel patch from 20 Jun and 4.14 from 23 Jun
More info https://lkml.org/lkml/2022/6/23/1151
To keep track it also happens in OpenSearch 2.0.1 package
# yum install ./opensearch-2.0.1-linux-x64.rpm
Last metadata expiration check: 0:13:53 ago on Fri 01 Jul 2022 11:14:00 AM UTC.
Dependencies resolved.
======================================================================================================================
Package Architecture Version Repository Size
======================================================================================================================
Installing:
opensearch x86_64 2.0.1-1 @commandline 395 M
Transaction Summary
======================================================================================================================
Install 1 Package
Total size: 395 M
Installed size: 642 M
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: opensearch-2.0.1-1.x86_64 1/1
Installing : opensearch-2.0.1-1.x86_64 1/1
Running scriptlet: opensearch-2.0.1-1.x86_64 1/1
/usr/lib/tmpfiles.d/opensearch.conf:1: Line references path below legacy directory /var/run/, updating /var/run/opensearch → /run/opensearch; please update the tmpfiles.d/ drop-in file accordingly.
### NOT starting on installation, please execute the following statements to configure opensearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable opensearch.service
### You can start opensearch service by executing
sudo systemctl start opensearch.service
### Create opensearch demo certificates in /etc/opensearch/
See demo certs creation log in /var/log/opensearch/install_demo_configuration.log
/usr/lib/tmpfiles.d/opensearch.conf:1: Line references path below legacy directory /var/run/, updating /var/run/opensearch → /run/opensearch; please update the tmpfiles.d/ drop-in file accordingly.
Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory
Verifying : opensearch-2.0.1-1.x86_64 1/1
Installed products updated.
Installed:
opensearch-2.0.1-1.x86_64
Complete!
It doesn't seem to be related to the SPEC. It appears to be related to how the RPM is built by rpmbuild and Java specific based project.
Maybe we have to take a look at brp-java-repack-jars rpmbuild function.
Possible solutions:
- Build specific RPM for RHEL 9 systems
- Remove
brp-java-repack-jarsfunction from rpm build (Need research). - Include a dummy
read_wakeup_threshold
Conclusion: It's out of our scope and any possible fix will be a workaround.
# yum install https://artifacts.opensearch.org/releases/bundle/opensearch/2.1.0/opensearch-2.1.0-linux-x64.rpm
Extra Packages for Enterprise Linux 9 - x86_64 4.4 MB/s | 8.3 MB 00:01
Last metadata expiration check: 0:00:02 ago on Mon 11 Jul 2022 09:10:27 AM UTC.
opensearch-2.1.0-linux-x64.rpm 62 MB/s | 395 MB 00:06
Dependencies resolved.
======================================================================================================================
Package Architecture Version Repository Size
======================================================================================================================
Installing:
opensearch x86_64 2.1.0-1 @commandline 395 M
Transaction Summary
======================================================================================================================
Install 1 Package
Total size: 395 M
Installed size: 642 M
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: opensearch-2.1.0-1.x86_64 1/1
Installing : opensearch-2.1.0-1.x86_64 1/1
Running scriptlet: opensearch-2.1.0-1.x86_64 1/1
/usr/lib/tmpfiles.d/opensearch.conf:1: Line references path below legacy directory /var/run/, updating /var/run/opensearch → /run/opensearch; please update the tmpfiles.d/ drop-in file accordingly.
### NOT starting on installation, please execute the following statements to configure opensearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable opensearch.service
### You can start opensearch service by executing
sudo systemctl start opensearch.service
### Create opensearch demo certificates in /etc/opensearch/
See demo certs creation log in /var/log/opensearch/install_demo_configuration.log
/usr/lib/tmpfiles.d/opensearch.conf:1: Line references path below legacy directory /var/run/, updating /var/run/opensearch → /run/opensearch; please update the tmpfiles.d/ drop-in file accordingly.
Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory
Verifying : opensearch-2.1.0-1.x86_64 1/1
Installed products updated.
Installed:
opensearch-2.1.0-1.x86_64
Complete!
Opensearch versions test
The same error has been tested for using the latest Opensearch versions, and it hasn't been fixed.
Opensearch 2.4.1
[root@redhat9 vagrant]# yum install https://artifacts.opensearch.org/releases/bundle/opensearch/2.4.1/opensearch-2.4.1-linux-x64.rpm
Last metadata expiration check: 0:04:33 ago on Wed 15 Feb 2023 03:29:48 PM UTC.
opensearch-2.4.1-linux-x64.rpm 4.0 MB/s | 497 MB 02:05
Dependencies resolved.
===================================================================================================================================================================================================================
Package Architecture Version Repository Size
===================================================================================================================================================================================================================
Installing:
opensearch x86_64 2.4.1-1 @commandline 497 M
Transaction Summary
===================================================================================================================================================================================================================
Install 1 Package
Total size: 497 M
Installed size: 747 M
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: opensearch-2.4.1-1.x86_64 1/1
Installing : opensearch-2.4.1-1.x86_64 1/1
Running scriptlet: opensearch-2.4.1-1.x86_64 1/1
/usr/lib/tmpfiles.d/opensearch.conf:1: Line references path below legacy directory /var/run/, updating /var/run/opensearch → /run/opensearch; please update the tmpfiles.d/ drop-in file accordingly.
### NOT starting on installation, please execute the following statements to configure opensearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable opensearch.service
### You can start opensearch service by executing
sudo systemctl start opensearch.service
### Create opensearch demo certificates in /etc/opensearch/
See demo certs creation log in /var/log/opensearch/install_demo_configuration.log
/usr/lib/tmpfiles.d/elasticsearch.conf:1: Line references path below legacy directory /var/run/, updating /var/run/elasticsearch → /run/elasticsearch; please update the tmpfiles.d/ drop-in file accordingly.
/usr/lib/tmpfiles.d/opensearch.conf:1: Line references path below legacy directory /var/run/, updating /var/run/opensearch → /run/opensearch; please update the tmpfiles.d/ drop-in file accordingly.
Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory
Verifying : opensearch-2.4.1-1.x86_64 1/1
Installed products updated.
Installed:
opensearch-2.4.1-1.x86_64
Complete!
Opensearch 2.5.0
[root@redhat9 vagrant]# yum install https://artifacts.opensearch.org/releases/bundle/opensearch/2.5.0/opensearch-2.5.0-linux-x64.rpm
Last metadata expiration check: 0:08:35 ago on Wed 15 Feb 2023 03:29:48 PM UTC.
opensearch-2.5.0-linux-x64.rpm 3.1 MB/s | 689 MB 03:42
Dependencies resolved.
===================================================================================================================================================================================================================
Package Architecture Version Repository Size
===================================================================================================================================================================================================================
Installing:
opensearch x86_64 2.5.0-1 @commandline 689 M
Transaction Summary
===================================================================================================================================================================================================================
Install 1 Package
Total size: 689 M
Installed size: 946 M
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: opensearch-2.5.0-1.x86_64 1/1
Installing : opensearch-2.5.0-1.x86_64 1/1
Running scriptlet: opensearch-2.5.0-1.x86_64 1/1
/usr/lib/tmpfiles.d/opensearch.conf:1: Line references path below legacy directory /var/run/, updating /var/run/opensearch → /run/opensearch; please update the tmpfiles.d/ drop-in file accordingly.
### NOT starting on installation, please execute the following statements to configure opensearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable opensearch.service
### You can start opensearch service by executing
sudo systemctl start opensearch.service
### Create opensearch demo certificates in /etc/opensearch/
See demo certs creation log in /var/log/opensearch/install_demo_configuration.log
/usr/lib/tmpfiles.d/elasticsearch.conf:1: Line references path below legacy directory /var/run/, updating /var/run/elasticsearch → /run/elasticsearch; please update the tmpfiles.d/ drop-in file accordingly.
/usr/lib/tmpfiles.d/opensearch.conf:1: Line references path below legacy directory /var/run/, updating /var/run/opensearch → /run/opensearch; please update the tmpfiles.d/ drop-in file accordingly.
Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory
Verifying : opensearch-2.5.0-1.x86_64 1/1
Installed products updated.
Installed:
opensearch-2.5.0-1.x86_64
Complete!
[root@redhat9 vagrant]#
It also happens on RHEL 9 derived systems, like CentOS 9 Stream:
[root@centos9stream vagrant]# yum install https://artifacts.opensearch.org/releases/bundle/opensearch/2.4.1/opensearch-2.4.1-linux-x64.rpm
CentOS Stream 9 - BaseOS 1.5 kB/s | 8.8 kB 00:05
CentOS Stream 9 - AppStream 19 kB/s | 9.0 kB 00:00
CentOS Stream 9 - Extras packages 18 kB/s | 9.6 kB 00:00
CentOS Stream 9 - Extras packages 9.6 kB/s | 10 kB 00:01
Extra Packages for Enterprise Linux 9 - x86_64 14 kB/s | 23 kB 00:01
Extra Packages for Enterprise Linux 9 - x86_64 1.6 MB/s | 14 MB 00:08
Extra Packages for Enterprise Linux 9 - Next - x86_64 39 kB/s | 23 kB 00:00
Extra Packages for Enterprise Linux 9 - Next - x86_64 693 kB/s | 1.2 MB 00:01
Last metadata expiration check: 0:00:01 ago on Wed 15 Feb 2023 03:57:25 PM UTC.
opensearch-2.4.1-linux-x64.rpm 3.4 MB/s | 497 MB 02:24
Dependencies resolved.
===================================================================================================================================================================================================================
Package Architecture Version Repository Size
===================================================================================================================================================================================================================
Installing:
opensearch x86_64 2.4.1-1 @commandline 497 M
Transaction Summary
===================================================================================================================================================================================================================
Install 1 Package
Total size: 497 M
Installed size: 747 M
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: opensearch-2.4.1-1.x86_64 1/1
Installing : opensearch-2.4.1-1.x86_64 1/1
Running scriptlet: opensearch-2.4.1-1.x86_64 1/1
/usr/lib/tmpfiles.d/opensearch.conf:1: Line references path below legacy directory /var/run/, updating /var/run/opensearch → /run/opensearch; please update the tmpfiles.d/ drop-in file accordingly.
### NOT starting on installation, please execute the following statements to configure opensearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable opensearch.service
### You can start opensearch service by executing
sudo systemctl start opensearch.service
### Create opensearch demo certificates in /etc/opensearch/
See demo certs creation log in /var/log/opensearch/install_demo_configuration.log
/usr/lib/tmpfiles.d/opensearch.conf:1: Line references path below legacy directory /var/run/, updating /var/run/opensearch → /run/opensearch; please update the tmpfiles.d/ drop-in file accordingly.
Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory
Verifying : opensearch-2.4.1-1.x86_64 1/1
Installed:
opensearch-2.4.1-1.x86_64
Complete!
[root@centos9stream vagrant]#
Update: investigation
Some tests have been done which have clarified where the error may be coming from. First, by introducing some debugging output on the post-install script, the last code executed in the installation that depends directly on us. All debugging output is seen before the error appears, so no line of code inside the SPECS is directly creating the error:
[vagrant@redhat9 output]$ sudo \rpm -i ./wazuh-indexer-4.5.0-1.x86_64.rpm
^CStarting the post installation script...
+ export OPENSEARCH_PATH_CONF=/etc/wazuh-indexer
+ OPENSEARCH_PATH_CONF=/etc/wazuh-indexer
+ '[' 1 = 1 ']'
+ echo 'wazuh-indexer hard nproc 4096'
+ echo 'wazuh-indexer soft nproc 4096'
+ echo 'wazuh-indexer hard nofile 65535'
+ echo 'wazuh-indexer soft nofile 65535'
+ command -v systemctl
+ echo 'Reloading systemd-sysctl...'
Reloading systemd-sysctl...
+ systemctl restart systemd-sysctl
+ echo 'systemd-sysctl reloaded.'
systemd-sysctl reloaded.
+ [[ -d /run/systemd/system ]]
+ rm -f /etc/init.d/wazuh-indexer
+ '[' 1 = 2 ']'
+ set +ex
Post installation script finished.
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory
After that, some runs were done using the verbose arguments of rpm which pointed the error to executable /usr/lib/systemd/systemd-sysctl:
D: %transfiletriggerin(systemd-250-6.el9_0.x86_64): execv(/bin/sh) pid 5333
D: Plugin: calling hook scriptlet_fork_post in selinux plugin
D: setexecfilecon: (/bin/sh, rpm_script_t)
+ test -d /run/systemd/system
+ /usr/lib/systemd/systemd-sysctl
Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory
D: %transfiletriggerin(systemd-250-6.el9_0.x86_64): waitpid(5333) rc 5333 status 0
D: %transfiletriggerin(systemd-250-6.el9_0.x86_64): scriptlet start
fdio: 2 writes, 382 total bytes in 0.000023 secs
The error coming from executable /usr/lib/systemd/systemd-sysctl is easily verified by calling it in the same way, which confirms it is the problem:
[root@redhat9 output]# /usr/lib/systemd/systemd-sysctl
Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory
[root@redhat9 output]#
This direct call to service systemd-sysctl doesn't come from our code, as the only mention of the service in the post-install function happens before and gives no error:
+ set -ex
+ export OPENSEARCH_PATH_CONF=/etc/wazuh-indexer
+ OPENSEARCH_PATH_CONF=/etc/wazuh-indexer
+ '[' 1 = 1 ']'
+ echo 'wazuh-indexer hard nproc 4096'
+ echo 'wazuh-indexer soft nproc 4096'
+ echo 'wazuh-indexer hard nofile 65535'
+ echo 'wazuh-indexer soft nofile 65535'
+ command -v systemctl
+ echo 'Reloading systemd-sysctl...'
Reloading systemd-sysctl...
+ systemctl restart systemd-sysctl
+ echo 'systemd-sysctl reloaded.'
systemd-sysctl reloaded.
+ [[ -d /run/systemd/system ]]
+ rm -f /etc/init.d/wazuh-indexer
+ '[' 1 = 2 ']'
+ set +ex
Post installation script finished.
The manual pages for this service don't really give any insight as of why should it be called by certain rpm version on the install of a certain package.
Mentions of systemd-sysctl on the Opensearch source code:
Mentions of system-sysctl on the rpm source code:
File brp-java-repack-jars doesn't have any reference to systemd-sysctl either.
Update:investigation
Script posttrans was missed in the previous commentaries, but it has been verified as finishing before the error appears, as can be seen in this log after adding some debugging output:
[root@redhat9 vagrant]# rpm -i wazuh-indexer-4.5.0-1.x86_64.rpm
Starting posttrans script
Created opensearch keystore in /etc/wazuh-indexer/opensearch.keystore
Finished posttrans script
Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory
[root@redhat9 vagrant]#
There seem to be two changes that have created the error.
- In the newer versions(RedHat 9),
systemd-sysctlhas the error, but in previous ones, it doesn't:
[root@redhat7 vagrant]# /usr/lib/systemd/systemd-sysctl
[root@redhat7 vagrant]#
- It also appears on previous versions of rpm, service
systemd-sysctlisn't directly called:
Starting posttrans script
+ export OPENSEARCH_PATH_CONF=/etc/wazuh-indexer
+ OPENSEARCH_PATH_CONF=/etc/wazuh-indexer
+ '[' -f /usr/share/wazuh-indexer/wazuh-indexer.restart ']'
+ '[' '!' -f /etc/wazuh-indexer/opensearch.keystore ']'
+ chown wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/opensearch.keystore
+ chmod 660 /etc/wazuh-indexer/opensearch.keystore
+ /usr/share/wazuh-indexer/bin/opensearch-keystore has-passwd --silent
+ /usr/share/wazuh-indexer/bin/opensearch-keystore upgrade
+ echo 'Finished posttrans script'
Finished posttrans script
D: %posttrans(wazuh-indexer-4.5.0-1.x86_64): waitpid(3015) rc 3015 status 0
D: closed db index /var/lib/rpm/Sha1header
D: closed db index /var/lib/rpm/Sigmd5
D: closed db index /var/lib/rpm/Installtid
D: closed db index /var/lib/rpm/Dirnames
D: closed db index /var/lib/rpm/Triggername
D: closed db index /var/lib/rpm/Obsoletename
D: closed db index /var/lib/rpm/Conflictname
D: closed db index /var/lib/rpm/Providename
D: closed db index /var/lib/rpm/Requirename
D: closed db index /var/lib/rpm/Group
D: closed db index /var/lib/rpm/Basenames
D: closed db index /var/lib/rpm/Name
D: closed db index /var/lib/rpm/Packages
D: closed db environment /var/lib/rpm
[root@redhat7 output]#
[root@redhat7 output]# rpm --version
RPM version 4.11.3
[root@redhat7 output]#
It has also been tested whether this error is fixed in the new version of rpm, 4.17, which is already supported by Fedora 36. The installation doesn't give the error, but because executable systemd-sysctl does not fail, but it is called by the rpm installer.
D: %transfiletriggerin(systemd-250.9-1.fc36.x86_64): waitpid(3212) rc 3212 status 0
D: %transfiletriggerin(systemd-250.9-1.fc36.x86_64): scriptlet start
D: %transfiletriggerin(systemd-250.9-1.fc36.x86_64): execv(/bin/sh) pid 3214
D: Plugin: calling hook scriptlet_fork_post in selinux plugin
D: setexecfilecon: (/bin/sh, rpm_script_t)
+ test -d /run/systemd/system
+ /usr/lib/systemd/systemd-sysctl
D: %transfiletriggerin(systemd-250.9-1.fc36.x86_64): waitpid(3214) rc 3214 status 0
D: %transfiletriggerin(systemd-250.9-1.fc36.x86_64): scriptlet start
[root@fedora36 vagrant2]# /usr/lib/systemd/systemd-sysctl
[root@fedora36 vagrant2]#
On the other hand, Fedora 36 does have version 6 of the Linux kernel, so it seems it is there where the error has been solved, probably by creating file read_wakeup_threshold again.
- Red Hat 7(no error):
[root@redhat7 output]# uname -srm
Linux 3.10.0-1160.el7.x86_64 x86_64
[root@redhat7 output]#
- Red Hat 9:
[root@redhat9 vagrant]# uname -srm
Linux 5.14.0-162.6.1.el9_1.x86_64 x86_64
[root@redhat9 vagrant]#
- Fedora 36 (no error):
[root@fedora36 vagrant2]# uname -srm
Linux 6.1.6-100.fc36.x86_64 x86_64
[root@fedora36 vagrant2]#
Update: Investigation on the solution of Fedora 36
Kernel discarded
As seen before, it doesn't seem to have to do with the version of rpm, but with the failing of systemd-sysctl. This doesn't come from the kernel, although it is a posterior version, as file read_wakeup_threshold hasn't been added again after https://github.com/torvalds/linux/commit/c95ea0c69ffda19381c116db2be23c7e654dac98, which can be seen by the missing of the file in Fedora 36, as well as the source code for the version, https://github.com/torvalds/linux/blob/830b3c68c1fb1e9176028d02ef86f3cf76aa2476/drivers/char/random.c.
- Red Hat 7(no error):
[root@redhat7 output]# uname -srm
Linux 3.10.0-1160.el7.x86_64 x86_64
[root@redhat7 output]# find / | grep read_wakeup_threshold
/proc/sys/kernel/random/read_wakeup_threshold
[root@redhat7 output]#
- Red Hat 9:
[root@redhat9 vagrant]# uname -srm
Linux 5.14.0-162.6.1.el9_1.x86_64 x86_64
[root@redhat9 vagrant]# find / | grep read_wakeup_threshold
[root@redhat9 vagrant]#
- Fedora 36(no error):
[root@fedora36 vagrant2]# uname -srm
Linux 6.1.6-100.fc36.x86_64 x86_64
[root@fedora36 vagrant2]# find / | grep read_wakeup_threshold
[root@fedora36 vagrant2]#
Systemd discarded
The option that the error is solved in Fedora 36 by the version of systemd is also discarded, as both Red Hat 9 and Fedora 36 use the same version.
- Red Hat 9:
[root@redhat9 vagrant]# systemctl --version
systemd 250 (250-12.el9_1)
+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS -FIDO2 +IDN2 -IDN -IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY +P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified
[root@redhat9 vagrant]#
- Fedora 36(no error):
[root@fedora36 vagrant2]# systemctl --version
systemd 250 (v250.9-1.fc36)
+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN -IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified
[root@fedora36 vagrant2]#
Sysctl configuration file 50-random.conf
After talking with @jnasselle, he has discovered where the failing configuration is defined, in file 50-random.conf. It is present in both Red Hat 7 and Red Hat 9. The origin of this file is not clear, but it is not introduced by the Wazuh indexer package. This file in Red Hat 9 has configurations not supported by the kernel, read_wakeup_threshold, so when systemd-sysctl tries to read all configurations, it gives this error. The error appears when installing our package because very probably the configurations are re-read after creating /etc/sysctl.d/wazuh-indexer.conf.
- Red Hat 7(no error):
[root@redhat7 output]# ls /etc/sysctl.d/
50-random.conf 99-sysctl.conf
[root@redhat7 output]# cat /etc/sysctl.d/50-random.conf
kernel.random.read_wakeup_threshold = 64
kernel.random.write_wakeup_threshold = 3072
[root@redhat7 output]#
- Red Hat 9:
root@redhat9 vagrant]# ls /etc/sysctl.d
50-random.conf 99-sysctl.conf
[root@redhat9 vagrant]# cat /etc/sysctl.d/50-random.conf
kernel.random.read_wakeup_threshold = 64
kernel.random.write_wakeup_threshold = 3072
[root@redhat9 vagrant]# /usr/lib/systemd/systemd-sysctl
Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory
[root@redhat9 vagrant]# mv /etc/sysctl.d/50-random.conf /etc/sysctl.d/50-random.conf.save
[root@redhat9 vagrant]# /usr/lib/systemd/systemd-sysctl
[root@redhat9 vagrant]#
- Fedora 36:
[root@fedora36 vagrant2]# ls /etc/sysctl.d/
99-sysctl.conf
[root@fedora36 vagrant2]#
Summary
The failing configuration is defined in file 50-random.conf. It is present in both Red Hat 7 and Red Hat 9. The origin of this file is not clear, but it is not introduced by the Wazuh indexer package. This file in Red Hat 9 has configurations not supported by the kernel, read_wakeup_threshold, so when systemd-sysctl tries to read all configurations, it gives the error. The error appears when installing our package because the configurations are read after creating /etc/sysctl.d/wazuh-indexer.conf.
Being an external file, we do not really have an option to stop this error from happening.
OpenSearch dashboard 2.6.0 test
The error has been replicated in the installation of the OpenSearch dashboard version 2.6.0:
[root@redhat9 vagrant]# rpm -i opensearch-2.6.0-linux-x64.rpm
warning: opensearch-2.6.0-linux-x64.rpm: Header V4 RSA/SHA512 Signature, key ID 9310d3fc: NOKEY
/usr/lib/tmpfiles.d/opensearch.conf:1: Line references path below legacy directory /var/run/, updating /var/run/opensearch → /run/opensearch; please update the tmpfiles.d/ drop-in file accordingly.
### NOT starting on installation, please execute the following statements to configure opensearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable opensearch.service
### You can start opensearch service by executing
sudo systemctl start opensearch.service
### Create opensearch demo certificates in /etc/opensearch/
See demo certs creation log in /var/log/opensearch/install_demo_configuration.log
/usr/lib/tmpfiles.d/opensearch.conf:1: Line references path below legacy directory /var/run/, updating /var/run/opensearch → /run/opensearch; please update the tmpfiles.d/ drop-in file accordingly.
Couldn't write '64' to 'kernel/random/read_wakeup_threshold', ignoring: No such file or directory
[root@redhat9 vagrant]#