Getting errors while i run this wazuh-agent as a daemoset #150
Replies: 6 comments 5 replies
-
|
share your DS |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
DS ?
Arpit Nigam <https://bratarpit.wixsite.com/resume>
Senior DevSecOps (SRE)
+91 9984534365
…On Tue, 27 Aug 2024 at 12:19 PM, Yuriy ***@***.***> wrote:
share your DS
—
Reply to this email directly, view it on GitHub
<#150 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ASOW4T5TNWT5IDOEPR6VTF3ZTQOOXAVCNFSM6AAAAABNFNWDR6VHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTANBVHE2DMNA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***
.com>
|
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Ds == daemonset |
Beta Was this translation helpful? Give feedback.
-
|
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: wazuh-agent
namespace: wazuh
spec:
selector:
matchLabels:
app: wazuh-agent
template:
metadata:
labels:
app: wazuh-agent
name: wazuh-agent
spec:
hostPID: true
hostIPC: true
containers:
- name: wazuh-agent
image: bratarpit/wazuh-agent:latest
livenessProbe:
httpGet:
path: /healz
port: 5000
initialDelaySeconds: 40
periodSeconds: 10
timeoutSeconds: 10
failureThreshold: 5
ports:
- name: agent-http
containerPort: 5000
protocol: TCP
imagePullPolicy: Always
securityContext:
privileged: true
resources:
limits:
memory: 512Mi
env:
- name: JOIN_MANAGER_MASTER_HOST
value: "wazuh.wazuh.svc.cluster.local"
- name: JOIN_MANAGER_WORKER_HOST
value: "wazuh-workers.wazuh.svc.cluster.local"
- name: JOIN_MANAGER_PROTOCOL
value: "https"
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
#- name: WAZUH_GROUPS
# value: "demo"
- name: JOIN_MANAGER_USER
valueFrom:
secretKeyRef:
name: wazuh-api-cred
key: username
- name: JOIN_MANAGER_PASSWORD
valueFrom:
secretKeyRef:
name: wazuh-api-cred
key: password
- name: JOIN_MANAGER_API_PORT
value: "55000"
- name: JOIN_MANAGER_PORT
value: "1514"
volumeMounts:
- mountPath: /var/run
name: var-run
- mountPath: /host/dev
name: dev
- mountPath: /host/sys
name: sys
readOnly: true
- mountPath: /host/proc
name: proc
readOnly: true
- mountPath: /host/etc
name: etc
readOnly: true
- mountPath: /var/run/docker.sock
name: docker-socket-mount
- mountPath: /host/var/run/docker.sock
name: docker-socket-mount
- mountPath: /host/boot
name: boot
readOnly: true
- mountPath: /host/usr
name: usr
readOnly: true
- mountPath: /host/lib/modules
name: modules
readOnly: true
- mountPath: /host/var/log
name: log
readOnly: true
volumes:
- name: docker-socket-mount
hostPath:
path: /var/run/docker.sock
- name: var-run
hostPath:
path: /var/run
- name: dev
hostPath:
path: /dev
- name: sys
hostPath:
path: /sys
- name: proc
hostPath:
path: /proc
- name: etc
hostPath:
path: /etc
- name: boot
hostPath:
path: /boot
- name: usr
hostPath:
path: /usr
- name: modules
hostPath:
path: /lib/modules
- name: log
hostPath:
path: /var/log
imagePullSecrets:
- name: my-dockerhub-secret
Above is my DS and I am using the image created by the below Dockerfile
only in the repo -
FROM ***@***.***:bce8004f7da6547bc568e92895e1b3a3835e6dba48283fbbf9b3f66c1d166c6d
as builder
COPY requirements.txt /tmp
RUN install_packages python3-pip python3-setuptools python3-dev gcc && \
python3 -m pip wheel -w /tmp/wheel -r /tmp/requirements.txt
FROM ***@***.***
:bce8004f7da6547bc568e92895e1b3a3835e6dba48283fbbf9b3f66c1d166c6d
LABEL ***@***.***"
LABEL description="Wazuh Docker Agent"
ARG AGENT_VERSION="4.7.2-1"
ENV JOIN_MANAGER_MASTER_HOST=""
ENV JOIN_MANAGER_WORKER_HOST=""
ENV VIRUS_TOTAL_KEY=""
ENV JOIN_MANAGER_PROTOCOL="https"
ENV JOIN_MANAGER_USER=""
ENV JOIN_MANAGER_PASSWORD=""
ENV JOIN_MANAGER_API_PORT="55000"
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1
RUN install_packages \
procps curl apt-transport-https gnupg2 inotify-tools python3-docker
python3-setuptools python3-pip && \
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add - && \
echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | tee
/etc/apt/sources.list.d/wazuh.list && \
install_packages wazuh-agent=${AGENT_VERSION} && \
echo "deb https://deb.debian.org/debian-security/ bullseye-security main
contrib non-free" >> /etc/apt/sources.list && \
mkdir -p /usr/share/man/man1 && \
install_packages openjdk-11-jdk
COPY *.py *.jinja2 /var/ossec/
WORKDIR /var/ossec/
COPY --from=builder /tmp/wheel /tmp/wheel
RUN pip3 install --break-system-packages --no-index /tmp/wheel/*.whl && \
chmod +x /var/ossec/deregister_agent.py && \
chmod +x /var/ossec/register_agent.py && \
apt-get clean autoclean && \
apt-get autoremove -y && \
rm -rf /var/lib/{apt,dpkg,cache,log}/ && \
rm -rf /tmp/* /var/tmp/* /var/log/* && \
chown -R wazuh:wazuh /var/ossec/
EXPOSE 5000
ENTRYPOINT ["./register_agent.py"]
I tried to change the register_agent.py but with below -
#!/usr/bin/env python3
import json
import os
import sys
from subprocess import PIPE, Popen # nosec
import psutil
import urllib3
from base64 import b64encode
from healthcheck import HealthCheck
from jinja2 import Template
from loguru import logger
from http.server import BaseHTTPRequestHandler, HTTPServer
import time
from requests.adapters import HTTPAdapter
from urllib3.util.retry import Retry
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
try:
import requests
except ModuleNotFoundError as e:
logger.error("No module 'requests' found. Install: pip install requests")
sys.exit(1)
health = HealthCheck()
class RequestHandler(BaseHTTPRequestHandler):
# def log_message(self, *args):
# raise NotImplementedError("notImplemented() cannot be performed because
...")
# def log_message(self, format, *args):
# logger.info("%s - - [%s] %s\n" %
# (self.client_address[0],
# self.log_date_time_string(),
# format % args))
# def sent_request(self):
# message, status_code, headers = health.run()
# try:
# request_path = str(self.path).replace("\n", " ")
# response_msg = http_codes_serializer(
# response=json.loads(message), status_code=status_code
# )
# logger.info(
# f"GET request. path: {request_path} headers: {headers}, response:
{response_msg}"
# )
# self.send_response(200)
# self.end_headers()
# self.wfile.write(bytes(message, encoding="utf8"))
# except TypeError:
# self.send_response(500)
def json_serialize(record):
subset = {"timestamp": record["time"].timestamp(), "message": record[
"message"]}
return json.dumps(subset)
def get_serialize(message):
serialized = json_serialize(message.record)
print(serialized)
def http_codes_serializer(response, status_code):
msg = json.dumps(response, indent=4, sort_keys=True)
code = f"status: {status_code} - {code_desc(status_code)}"
return f"{json.loads(msg)} {code}"
def create_config_file():
logger.info(f"Create Wazuh agent configuration for node {node_name}")
with open("ossec.jinja2") as file_:
template = Template(file_.read(), autoescape=True)
config = template.render(
join_manager_hostname=join_manager_worker,
join_manager_port=join_manager_port,
virus_total_key=virus_total_key,
)
wazuh_config_file = open("/var/ossec/etc/ossec.conf", "w")
wazuh_config_file.write(f"{config} \n")
wazuh_config_file.close()
open("/var/ossec/etc/local_internal_options.conf", "wb").write(
open("local_internal_options.jinja2", "rb").read()
)
logger.info(
"Configuration has been generated from template, starting Wazuh agent
provisioning"
)
def delete_agent(agt_name):
status_code, response = wazuh_api("get", f"agents?pretty=true&q=name={
agt_name}")
print(response, status_code)
for items in response["data"]["affected_items"]:
print(f"Item {items}")
status_code, response = wazuh_api(
"delete",
f"agents?pretty=true&older_than=0s&agents_list={items['id']}&status=all",
)
msg = json.dumps(response, indent=4, sort_keys=True)
code = f"Status: {status_code} - {code_desc(status_code)}"
logger.error(f"INFO - DELETE AGENT:\n{code}\n{msg}")
status_code, response = wazuh_api(
"delete",
"agents?pretty=true&older_than=21d&agents_list=all&status=never_connected,disconnected"
,
)
for items in response["data"]["affected_items"]:
status_code, response = wazuh_api(
"delete",
f"agents?pretty=true&older_than=0s&agents_list={items['id']}&status=all",
)
msg = json.dumps(response, indent=4, sort_keys=True)
code = f"Status: {status_code} - {code_desc(status_code)}"
logger.error(f"INFO - DELETE AGENT:\n{code}\n{msg}")
def wazuh_api(method, resource, data=None):
code = None
response_json = {}
session = requests.Session()
retry = Retry(connect=int(max_retry_count), backoff_factor=0.5)
adapter = HTTPAdapter(max_retries=retry)
session.mount("https://", adapter)
login_headers = {
"Content-Type": "application/json",
"Authorization": f"Basic {b64encode(auth).decode()}",
}
response = session.get(login_url, headers=login_headers, verify=False) #
nosec
logger.info(
f"Response code {response.status_code} response content {response.content}"
)
token = json.loads(response.content.decode())["data"]["token"]
requests_headers = {
"Content-Type": "application/json",
"Authorization": f"Bearer {token}",
}
url = f"{base_url}/{resource}"
try:
if method.lower() == "post":
response = session.post(
url, headers=requests_headers, data=json.dumps(data), verify=verify
)
elif method.lower() == "put":
response = session.put(
url, headers=requests_headers, data=data, verify=verify
)
elif method.lower() == "delete":
response = session.delete(
url, headers=requests_headers, data=data, verify=verify
)
else:
response = session.get(
url, headers=requests_headers, params=data, verify=verify
)
code = response.status_code
response_json = response.json()
except Exception as exception:
logger.error(f"Error: for resource {resource}, exception {exception}")
return code, response_json
def check_self():
process_name = os.path.basename(__file__)
for proc in psutil.process_iter():
for process in process_name:
if process in proc.name():
return True, "register_agent ok"
health.add_check(check_self)
def code_desc(http_status_code):
return requests.status_codes.codes[http_status_code]
def get_agent_id(agt_name):
status_code, response = wazuh_api(
"get", f"agents?pretty=true&q=name={agt_name}&wait_for_complete=true"
)
logger.debug(f"Response {status_code}: {response}")
for agt_status in response["data"]["affected_items"]:
try:
agn_id = agt_status["id"]
delete_agent(agt_name)
logger.info(f"Found wazuh agent with id {agn_id} try to re-use")
return agn_id
except KeyError as err:
logger.error(f"Got error while trying to get id {err}")
return None
def add_agent_to_group(wazuh_agent_id, agent_group):
status_code, response = wazuh_api(
"put",
f"agents/{wazuh_agent_id}/group/{agent_group}
?pretty=true&wait_for_complete=true",
)
response_msg = http_codes_serializer(response=response, status_code=
status_code)
if status_code == 200 and response["error"] == 0:
logger.info(
f"Wazuh agent id {wazuh_agent_id} has been assigned to group {agent_group}.
Response {response_msg}"
)
return response
else:
logger.error(f"ERROR: Unable to add agent to group {response_msg}, retry")
add_agent_to_group(wazuh_agent_id, agent_group)
def add_agent(agt_name, agt_ip=None):
agt_id = get_agent_id(agt_name)
if agt_ip and agt_id:
agt_data = {
"name": str(agt_name),
"ip": agt_ip,
"id": agt_id,
}
elif agt_id:
agt_data = {"name": str(agt_name), "id": agt_id}
else:
agt_data = {"name": str(agt_name)}
logger.info(f"Try to add agent with data {agt_data}")
status_code, response = wazuh_api(
"post",
"agents/insert",
agt_data,
)
response_msg = http_codes_serializer(response=response, status_code=
status_code)
if status_code == 400:
logger.error(f"During adding Wazuh agent request return {response_msg}")
elif status_code == 200 and response["error"] == 0:
wazuh_agent_id = response["data"]["id"]
wazuh_agent_key = response["data"]["key"]
logger.info(
f"Wazuh agent for node '{node_name}' with ID '{wazuh_agent_id}' has been
added. Response {response_msg}"
)
return wazuh_agent_id, wazuh_agent_key
else:
logger.error(f"Unable to add agent {agt_name}: {response_msg}")
def wazuh_agent_status(agt_name, pretty=None):
if pretty:
status_code, response = wazuh_api(
"get", f"agents?pretty=true&q=name={agt_name}&wait_for_complete=true"
)
else:
status_code, response = wazuh_api(
"get", f"agents?q=name={agt_name}&wait_for_complete=true"
)
response_msg = http_codes_serializer(response=response, status_code=
status_code)
if status_code == 200 and response["error"] == 0:
wazuh_agt_name = None
wazuh_agt_status = None
for items in response["data"]["affected_items"]:
wazuh_agt_name = items["name"]
wazuh_agt_status = items["status"]
logger.info(f"Wazuh agent status: {response_msg}")
return wazuh_agt_name, wazuh_agt_status
else:
logger.error(f"Unable to get Wazuh agent status: {response_msg}")
def wazuh_agent_import_key(wazuh_agent_key):
cmd = "/var/ossec/bin/manage_agents"
std_out, std_err, return_code = execute([cmd, "-i", wazuh_agent_key], "y\n\n
")
if return_code != 0:
msg = std_err.replace("\n", " ")
logger.error(f"Error during importing key: {msg}")
else:
msg = std_out.replace("\n", " ")
logger.info(f"Key has been imported {msg}")
def execute(cmd_list, stdin=None):
process = Popen(
cmd_list,
stdin=PIPE,
stdout=PIPE,
stderr=PIPE,
encoding="utf8",
shell=False, # nosec
)
process_out, process_err = process.communicate(stdin)
return_code = process.returncode
return process_out, process_err, return_code
def restart_wazuh_agent():
cmd = "/var/ossec/bin/wazuh-control"
command_stdout, command_stderr, _ = execute([cmd, "restart"])
restarted = False
for line_output in command_stdout.split(os.linesep):
if "Completed." in line_output:
restarted = True
logger.info("Wazuh agent has been restarted")
break
if not restarted:
logger.error(f"error during restarting Wazuh agent: {command_stderr}")
if __name__ == "__main__":
logger.remove()
logger.add(get_serialize)
protocol = os.environ.get("JOIN_MANAGER_PROTOCOL", default="https")
host = os.environ.get(
"JOIN_MANAGER_MASTER_HOST", default="wazuh.wazuh.svc.cluster.local"
)
user = os.environ.get("JOIN_MANAGER_USER", default="")
password = os.environ.get("JOIN_MANAGER_PASSWORD", default="")
node_name = os.environ.get("NODE_NAME")
port = os.environ.get("JOIN_MANAGER_API_PORT")
join_manager_port = os.environ.get("JOIN_MANAGER_PORT", default=1514)
groups = os.environ.get("WAZUH_GROUPS", default="default")
virus_total_key = os.environ.get("VIRUS_TOTAL_KEY")
join_manager_worker = os.environ.get(
"JOIN_MANAGER_WORKER_HOST", default="wazuh-workers.wazuh.svc.cluster.local"
)
wait_time = os.environ.get("WAZUH_WAIT_TIME", default="10")
max_retry_count = os.environ.get("MAX_RETRY_COUNT", default=10)
if not node_name:
node_name = os.environ.get("HOSTNAME")
login_endpoint = "security/user/authenticate"
base_url = f"{protocol}://{host}:{port}"
login_url = f"{protocol}://{host}:{port}/{login_endpoint}"
auth = f"{user}:{password}".encode()
verify = False
create_config_file()
agent_id, agent_key = add_agent(node_name)
wazuh_agent_import_key(agent_key.encode())
restart_wazuh_agent()
status = True
while status:
agent_name, agent_status = wazuh_agent_status(node_name)
if agent_status == "active":
logger.info(
f"Wazuh agent '{agent_name}' is ready and connected, status - '{agent_status
}......"
)
logger.info(
f"Wazuh Agent {agent_name} has been connected to server {join_manager_worker
}......"
)
status = False
else:
logger.info(
f"Waiting for Wazuh agent {agent_name} become ready current status is {
agent_status}......"
)
time.sleep(int(wait_time))
if groups != "default":
for group in list(groups.split(",")):
add_agent_to_group(agent_id, group)
logger.info("Listening on 0.0.0.0:5000")
server = HTTPServer(("0.0.0.0", 5000), RequestHandler)
server.serve_forever()
Can you help me here how can i successfully run this daemonset without any
issue ?
All indexers, manager, and workers are running on version 4.8.2, latest.
Thanks,
Arpit Nigam <https://bratarpit.wixsite.com/resume>
Senior DevSecOps (SRE)
+91 9984534365
…On Tue, 27 Aug 2024 at 12:34, Yuriy ***@***.***> wrote:
Ds == daemonset
—
Reply to this email directly, view it on GitHub
<#150 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ASOW4T56N4LA5U2KA5KNGCDZTQQIJAVCNFSM6AAAAABNFNWDR6VHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTANBVHE3DAMQ>
.
You are receiving this because you authored the thread.Message ID:
***@***.***
.com>
|
Beta Was this translation helpful? Give feedback.
1 reply
-
|
I dont support custom installation, all changes up to your support. |
Beta Was this translation helpful? Give feedback.
-
|
I had to change because it did not work -
i am using your DS only which is -
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: wazuh-agent
namespace: wazuh
spec:
selector:
matchLabels:
app: wazuh-agent
template:
metadata:
labels:
app: wazuh-agent
name: wazuh-agent
spec:
hostPID: true
hostIPC: true
containers:
- name: wazuh-agent
image: kennyopennix/wazuh-agent:latest
livenessProbe:
httpGet:
path: /healz
port: 5000
initialDelaySeconds: 40
periodSeconds: 10
timeoutSeconds: 10
failureThreshold: 5
ports:
- name: agent-http
containerPort: 5000
protocol: TCP
imagePullPolicy: Always
securityContext:
privileged: true
resources:
limits:
memory: 512Mi
env:
- name: JOIN_MANAGER_MASTER_HOST
value: "wazuh.wazuh.svc.cluster.local"
- name: JOIN_MANAGER_WORKER_HOST
value: "wazuh-workers.wazuh.svc.cluster.local"
- name: JOIN_MANAGER_PROTOCOL
value: "https"
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
#- name: WAZUH_GROUPS
# value: "demo"
- name: JOIN_MANAGER_USER
valueFrom:
secretKeyRef:
name: wazuh-api-cred
key: username
- name: JOIN_MANAGER_PASSWORD
valueFrom:
secretKeyRef:
name: wazuh-api-cred
key: password
- name: JOIN_MANAGER_API_PORT
value: "55000"
- name: JOIN_MANAGER_PORT
value: "1514"
volumeMounts:
- mountPath: /var/run
name: var-run
- mountPath: /host/dev
name: dev
- mountPath: /host/sys
name: sys
readOnly: true
- mountPath: /host/proc
name: proc
readOnly: true
- mountPath: /host/etc
name: etc
readOnly: true
- mountPath: /var/run/docker.sock
name: docker-socket-mount
- mountPath: /host/var/run/docker.sock
name: docker-socket-mount
- mountPath: /host/boot
name: boot
readOnly: true
- mountPath: /host/usr
name: usr
readOnly: true
- mountPath: /host/lib/modules
name: modules
readOnly: true
- mountPath: /host/var/log
name: log
readOnly: true
volumes:
- name: docker-socket-mount
hostPath:
path: /var/run/docker.sock
- name: var-run
hostPath:
path: /var/run
- name: dev
hostPath:
path: /dev
- name: sys
hostPath:
path: /sys
- name: proc
hostPath:
path: /proc
- name: etc
hostPath:
path: /etc
- name: boot
hostPath:
path: /boot
- name: usr
hostPath:
path: /usr
- name: modules
hostPath:
path: /lib/modules
- name: log
hostPath:
path: /var/log
The image mentioned above also gives me this error only with wazuh cluster
in my eks cluster.
Please help,
Thanks,
Arpit Nigam <https://bratarpit.wixsite.com/resume>
Senior DevSecOps (SRE)
+91 9984534365
…On Tue, 27 Aug 2024 at 12:52, Yuriy ***@***.***> wrote:
I dont support custom installation, all changes up to your support.
—
Reply to this email directly, view it on GitHub
<#150 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ASOW4T25LORLKEG5JENELHTZTQSLFAVCNFSM6AAAAABNFNWDR6VHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTANBVHE3TKMQ>
.
You are receiving this because you authored the thread.Message ID:
***@***.***
.com>
|
Beta Was this translation helpful? Give feedback.
1 reply
-
|
it totally depends on your EKS configurations. |
Beta Was this translation helpful? Give feedback.
-
|
Exception occurred during processing of request from ('10.4.30.49', 34216)
│
│ Traceback (most recent call last):
│
│ File "/usr/lib/python3.11/socketserver.py", line 317, in
_handle_request_noblock
││ self.process_request(request, client_address)
││ File "/usr/lib/python3.11/socketserver.py",
line 348, in process_request
││ self.finish_request(request,
client_address)
││ File
"/usr/lib/python3.11/socketserver.py", line 361, in finish_request
││
self.RequestHandlerClass(request, client_address, self)
││ File "/usr/lib/python3.11/socketserver.py", line 755, in __init__
││ self.handle()
││ File "/usr/lib/python3.11/http/server.py", line 432, in
handle
││ self.handle_one_request()
││ File "/usr/lib/python3.11/http/server.py",
line 415, in handle_one_request
││ self.send_error(
││ File
"/usr/lib/python3.11/http/server.py", line 462, in send_error
││
self.log_error("code %d, message %s", code, message)
││ File "/usr/lib/python3.11/http/server.py", line 564, in log_error
││ self.log_message(format, *args)
││ File "/var/ossec/./register_agent.py", line 32, in
log_message
││ raise
NotImplementedError("notImplemented() cannot be performed because ...")
││
NotImplementedError:
notImplemented() cannot be performed because ...
I get the above error traces and the DS pods restarts can you please tell
what would be the reason of it ?
Arpit Nigam <https://bratarpit.wixsite.com/resume>
Senior DevSecOps (SRE)
+91 9984534365
…On Tue, 27 Aug 2024 at 13:01, Yuriy ***@***.***> wrote:
it totally depends on your EKS configurations.
In my tests, i have not any issues for deployment.
P.S: Please follow README
—
Reply to this email directly, view it on GitHub
<#150 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ASOW4TYOBTTVT5YFFJ4JSS3ZTQTOBAVCNFSM6AAAAABNFNWDR6VHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTANBVHE4DMMA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***
.com>
|
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Wrong response from 10.4.30.49. |
Beta Was this translation helpful? Give feedback.
-
|
Okay, it's working now, I removed the liveness probe which was doing a GET
request at /healtz path, which seemed not to be found anywhere.
It's working now.
Thanks
Arpit Nigam <https://bratarpit.wixsite.com/resume>
Senior DevSecOps (SRE)
+91 9984534365
…On Tue, 27 Aug 2024 at 13:11, Yuriy ***@***.***> wrote:
Wrong response from 10.4.30.49.
Check README, check your cluster,events and logs(not agent logs) and etc...
—
Reply to this email directly, view it on GitHub
<#150 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ASOW4TYCTUFVXDJC3HB43DDZTQUSXAVCNFSM6AAAAABNFNWDR6VHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTANBVHE4TKOI>
.
You are receiving this because you authored the thread.Message ID:
***@***.***
.com>
|
Beta Was this translation helpful? Give feedback.
1 reply
-
|
All configuration must be done based on your infrastructure, daemonset in repository just for example! |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
It starts as normal with below logs -
{"timestamp": 1724740887.019875, "message": "Wazuh agent status: {'data': {'affected_items': [{'dateAdd': '2024-08-27T06:41:06+00:00', 'group_config_stat ││ us': 'not synced', 'id': '101', 'ip': '10.4.31.80', 'lastKeepAlive': '2024-08-27T06:41:18+00:00', 'manager': 'wazuh-manager-worker-0', 'mergedSum': 'x', ││ 'name': 'ip-10-4-31-187.ec2.internal', 'node_name': 'wazuh-manager-worker-0', 'os': {'arch': 'x86_64', 'codename': 'bookworm', 'major': '12', 'name': 'De ││ bian GNU/Linux', 'platform': 'debian', 'uname': 'Linux |wazuh-agent-dnlbz |6.1.94 |#1 SMP PREEMPT_DYNAMIC Tue Jul 16 23:44:01 UTC 2024 |x86_64', 'version ││ ': '12'}, 'registerIP': 'any', 'status': 'active', 'status_code': 0, 'version': 'Wazuh v4.7.2'}], 'failed_items': [], 'total_affected_items': 1, 'total_f ││ ailed_items': 0}, 'error': 0, 'message': 'All selected agents information was returned'} status: 200 - None"} ││ {"timestamp": 1724740887.020078, "message": "Wazuh agent 'ip-10-4-31-187.ec2.internal' is ready and connected, status - 'active......"} ││ {"timestamp": 1724740887.020205, "message": "Wazuh Agent ip-10-4-31-187.ec2.internal has been connected to server wazuh-workers.wazuh.svc.cluster.local.. ││ ...."} ││ {"timestamp": 1724740887.020335, "message": "Listening on 0.0.0.0:5000"}Then below I get the error logs -
Exception occurred during processing of request from ('10.4.31.187', 41712) │ │ Traceback (most recent call last): │ │ File "/usr/lib/python3.11/socketserver.py", line 317, in _handle_request_noblock │ │ self.process_request(request, client_address) ││ File "/usr/lib/python3.11/socketserver.py", line 348, in process_request ││ self.finish_request(request, client_address) ││ File "/usr/lib/python3.11/socketserver.py", line 361, in finish_request ││ self.RequestHandlerClass(request, client_address, self) ││ File "/usr/lib/python3.11/socketserver.py", line 755, in __init__ ││ self.handle() ││ File "/usr/lib/python3.11/http/server.py", line 432, in handle ││ self.handle_one_request() ││ File "/usr/lib/python3.11/http/server.py", line 415, in handle_one_request ││ self.send_error( ││ File "/usr/lib/python3.11/http/server.py", line 462, in send_error ││ self.log_error("code %d, message %s", code, message) ││ File "/usr/lib/python3.11/http/server.py", line 564, in log_error ││ self.log_message(format, *args) ││ File "/var/ossec/./register_agent.py", line 32, in log_message ││ raise NotImplementedError("notImplemented() cannot be performed because ...") ││ NotImplementedError: notImplemented() cannot be performed because ...Then the pods restarts and finally get into crashloopbackoff.
I have troubleshooted it various times but nothing helped, please help.
Beta Was this translation helpful? Give feedback.
All reactions