Improve versioning of upstream's configuration files

[AlexRuiz7]

Description

To generate the packages, we needed to include some files from upstream (opensearch-build repository). Some of these files have been modified significantly enough to justify keeping them in the wazuh-indexer repository. However, many of these files are minimally modified or not modified at all. For these files, we would have to find an alternative other than versioning them ourselves, as that would mean having to track upstream's changes to them and reconcile their changes with ours on each version.

The best alternative would be to download those files from the appropriate version of OpenSearch during the wazuh-indexer package build process, and then apply whatever modifications are necessary to them (in most cases it's just adding a few lines of code or some renaming). In this way, we benefit from the changes applied from upstream without them conflicting with our own, and without having to perform the versioning of these files.

Most of these files are related to the security plugin.

• distribution/src/config/jvm.prod.options
• distribution/src/config/security/action_groups.yml
• distribution/src/config/security/internal_users.yml
• distribution/src/config/security/roles.yml
• distribution/src/config/security/roles_mapping.yml

Hosting these files are justified due to the amount of changes, but could be taken into account as well:

• distribution/packages/src/common/wazuh-indexer-performance-analyzer.service

[AlexRuiz7]

1. Copies of OpenSearch's files on distribution/src/config/security/ have been removed. Instead, custom files containing Wazuh's configurations only have been created.
   These configurations are appended to the original OpenSearch configuration files during the generation process of wazuh-indexer packages.

2. Differences between jvm.prod.options over jvm.options were redundant. The values were hard coded instead of using the variables defined in distribution/build.gradle. Values were the same. The addition of the JVM options for the performance analyzer are presumably not required anymore, as the plugin includes these during its postinst script, as seen here. As a result, the jvm.prod.options file has been removed due to being useless.
   Update: the PA configurations are applied during the post install scripts of the packages.
   Update: fixed the problem described here.

3. opensearch.prod.yml file is still requires, so was kept.

4. wazuh-indexer-performance-analyzer.service: won't change.
   Related issue: [BUG] wazuh-indexer-performance-analyzer does not work as expected #387

[AlexRuiz7]

Using the packages in https://github.com/wazuh/wazuh-indexer/actions/runs/11913921588, I formed up a cluster. On both nodes (rpm and deb), the packages install, service starts and the content is the one expected.

roles.yml

_meta:
  type: "roles"
  config_version: 2

# Restrict users so they can only view visualization and dashboard on OpenSearchDashboards
kibana_read_only:
  reserved: true

# The security REST API access role is used to assign specific users access to change the security settings through the REST API.
security_rest_api_access:
  reserved: true

security_rest_api_full_access:
  reserved: true
  cluster_permissions:
    - 'restapi:admin/actiongroups'
    - 'restapi:admin/allowlist'
    - 'restapi:admin/config/update'
    - 'restapi:admin/internalusers'
    - 'restapi:admin/nodesdn'
    - 'restapi:admin/roles'
    - 'restapi:admin/rolesmapping'
    - 'restapi:admin/ssl/certs/info'
    - 'restapi:admin/ssl/certs/reload'
    - 'restapi:admin/tenants'

# Allows users to view monitors, destinations and alerts
alerting_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/alerting/alerts/get'
    - 'cluster:admin/opendistro/alerting/destination/get'
    - 'cluster:admin/opendistro/alerting/monitor/get'
    - 'cluster:admin/opendistro/alerting/monitor/search'
    - 'cluster:admin/opensearch/alerting/comments/search'
    - 'cluster:admin/opensearch/alerting/findings/get'
    - 'cluster:admin/opensearch/alerting/remote/indexes/get'
    - 'cluster:admin/opensearch/alerting/workflow/get'
    - 'cluster:admin/opensearch/alerting/workflow_alerts/get'

# Allows users to view and acknowledge alerts
alerting_ack_alerts:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/alerting/alerts/*'
    - 'cluster:admin/opendistro/alerting/chained_alerts/*'
    - 'cluster:admin/opendistro/alerting/workflow_alerts/*'
    - 'cluster:admin/opensearch/alerting/comments/*'

# Allows users to use all alerting functionality
alerting_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster_monitor'
    - 'cluster:admin/opendistro/alerting/*'
    - 'cluster:admin/opensearch/alerting/*'
    - 'cluster:admin/opensearch/notifications/feature/publish'
  index_permissions:
    - index_patterns:
        - '*'
      allowed_actions:
        - 'indices_monitor'
        - 'indices:admin/aliases/get'
        - 'indices:admin/mappings/get'

# Allow users to read Anomaly Detection detectors and results
anomaly_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/ad/detector/info'
    - 'cluster:admin/opendistro/ad/detector/search'
    - 'cluster:admin/opendistro/ad/detectors/get'
    - 'cluster:admin/opendistro/ad/result/search'
    - 'cluster:admin/opendistro/ad/tasks/search'
    - 'cluster:admin/opendistro/ad/detector/validate'
    - 'cluster:admin/opendistro/ad/result/topAnomalies'

# Allows users to use all Anomaly Detection functionality
anomaly_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster_monitor'
    - 'cluster:admin/opendistro/ad/*'
  index_permissions:
    - index_patterns:
        - '*'
      allowed_actions:
        - 'indices:admin/aliases/get'
        - 'indices:admin/mappings/fields/get'
        - 'indices:admin/mappings/fields/get*'
        - 'indices:admin/mappings/get'
        - 'indices:admin/resolve/index'
        - 'indices:data/read/field_caps*'
        - 'indices:data/read/search'
        - 'indices_monitor'

# Allow users to execute read only k-NN actions
knn_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/knn_search_model_action'
    - 'cluster:admin/knn_get_model_action'
    - 'cluster:admin/knn_stats_action'

# Allow users to use all k-NN functionality
knn_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/knn_training_model_action'
    - 'cluster:admin/knn_training_job_router_action'
    - 'cluster:admin/knn_training_job_route_decision_info_action'
    - 'cluster:admin/knn_warmup_action'
    - 'cluster:admin/knn_delete_model_action'
    - 'cluster:admin/knn_remove_model_from_cache_action'
    - 'cluster:admin/knn_update_model_graveyard_action'
    - 'cluster:admin/knn_search_model_action'
    - 'cluster:admin/knn_get_model_action'
    - 'cluster:admin/knn_stats_action'

# Allow users to execute read only ip2geo datasource action
ip2geo_datasource_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/geospatial/datasource/get'

# Allow users to use all ip2geo datasource action
ip2geo_datasource_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/geospatial/datasource/*'

# Allows users to read Notebooks
notebooks_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/notebooks/list'
    - 'cluster:admin/opendistro/notebooks/get'

# Allows users to all Notebooks functionality
notebooks_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/notebooks/create'
    - 'cluster:admin/opendistro/notebooks/update'
    - 'cluster:admin/opendistro/notebooks/delete'
    - 'cluster:admin/opendistro/notebooks/get'
    - 'cluster:admin/opendistro/notebooks/list'

# Allows users to read observability objects
observability_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opensearch/observability/get'

# Allows users to all Observability functionality
observability_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opensearch/observability/create'
    - 'cluster:admin/opensearch/observability/update'
    - 'cluster:admin/opensearch/observability/delete'
    - 'cluster:admin/opensearch/observability/get'

# Allows users to all PPL functionality
ppl_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opensearch/ppl'
  index_permissions:
    - index_patterns:
        - '*'
      allowed_actions:
        - 'indices:admin/mappings/get'
        - 'indices:data/read/search*'
        - 'indices:monitor/settings/get'

# Allows users to read and download Reports
reports_instances_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/reports/instance/list'
    - 'cluster:admin/opendistro/reports/instance/get'
    - 'cluster:admin/opendistro/reports/menu/download'

# Allows users to read and download Reports and Report-definitions
reports_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/reports/definition/get'
    - 'cluster:admin/opendistro/reports/definition/list'
    - 'cluster:admin/opendistro/reports/instance/list'
    - 'cluster:admin/opendistro/reports/instance/get'
    - 'cluster:admin/opendistro/reports/menu/download'

# Allows users to all Reports functionality
reports_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/reports/definition/create'
    - 'cluster:admin/opendistro/reports/definition/update'
    - 'cluster:admin/opendistro/reports/definition/on_demand'
    - 'cluster:admin/opendistro/reports/definition/delete'
    - 'cluster:admin/opendistro/reports/definition/get'
    - 'cluster:admin/opendistro/reports/definition/list'
    - 'cluster:admin/opendistro/reports/instance/list'
    - 'cluster:admin/opendistro/reports/instance/get'
    - 'cluster:admin/opendistro/reports/menu/download'

# Allows users to use all asynchronous-search functionality
asynchronous_search_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/asynchronous_search/*'
  index_permissions:
    - index_patterns:
        - '*'
      allowed_actions:
        - 'indices:data/read/search*'

# Allows users to read stored asynchronous-search results
asynchronous_search_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/asynchronous_search/get'

# Allows user to use all index_management actions - ism policies, rollups, transforms
index_management_full_access:
  reserved: true
  cluster_permissions:
    - "cluster:admin/opendistro/ism/*"
    - "cluster:admin/opendistro/rollup/*"
    - "cluster:admin/opendistro/transform/*"
    - "cluster:admin/opensearch/controlcenter/lron/*"
    - "cluster:admin/opensearch/notifications/channels/get"
    - "cluster:admin/opensearch/notifications/feature/publish"
  index_permissions:
    - index_patterns:
        - '*'
      allowed_actions:
        - 'indices:admin/opensearch/ism/*'

# Allows users to use all cross cluster replication functionality at leader cluster
cross_cluster_replication_leader_full_access:
  reserved: true
  index_permissions:
    - index_patterns:
        - '*'
      allowed_actions:
        - "indices:admin/plugins/replication/index/setup/validate"
        - "indices:data/read/plugins/replication/changes"
        - "indices:data/read/plugins/replication/file_chunk"

# Allows users to use all cross cluster replication functionality at follower cluster
cross_cluster_replication_follower_full_access:
  reserved: true
  cluster_permissions:
    - "cluster:admin/plugins/replication/autofollow/update"
  index_permissions:
    - index_patterns:
        - '*'
      allowed_actions:
        - "indices:admin/plugins/replication/index/setup/validate"
        - "indices:data/write/plugins/replication/changes"
        - "indices:admin/plugins/replication/index/start"
        - "indices:admin/plugins/replication/index/pause"
        - "indices:admin/plugins/replication/index/resume"
        - "indices:admin/plugins/replication/index/stop"
        - "indices:admin/plugins/replication/index/update"
        - "indices:admin/plugins/replication/index/status_check"

# Allows users to use all cross cluster search functionality at remote cluster
cross_cluster_search_remote_full_access:
  reserved: true
  index_permissions:
    - index_patterns:
        - '*'
      allowed_actions:
        - 'indices:admin/shards/search_shards'
        - 'indices:data/read/search'

# Allow users to operate query assistant
query_assistant_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opensearch/ml/config/get'
    - 'cluster:admin/opensearch/ml/execute'
    - 'cluster:admin/opensearch/ml/predict'
    - 'cluster:admin/opensearch/ppl'

# Allow users to read ML stats/models/tasks
ml_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opensearch/ml/config/get'
    - 'cluster:admin/opensearch/ml/connectors/get'
    - 'cluster:admin/opensearch/ml/connectors/search'
    - 'cluster:admin/opensearch/ml/controllers/get'
    - 'cluster:admin/opensearch/ml/memory/conversation/get'
    - 'cluster:admin/opensearch/ml/memory/conversation/interaction/search'
    - 'cluster:admin/opensearch/ml/memory/conversation/list'
    - 'cluster:admin/opensearch/ml/memory/conversation/search'
    - 'cluster:admin/opensearch/ml/memory/interaction/get'
    - 'cluster:admin/opensearch/ml/memory/interaction/list'
    - 'cluster:admin/opensearch/ml/memory/trace/get'
    - 'cluster:admin/opensearch/ml/model_groups/get'
    - 'cluster:admin/opensearch/ml/model_groups/search'
    - 'cluster:admin/opensearch/ml/models/get'
    - 'cluster:admin/opensearch/ml/models/search'
    - 'cluster:admin/opensearch/ml/profile/nodes'
    - 'cluster:admin/opensearch/ml/stats/nodes'
    - 'cluster:admin/opensearch/ml/tasks/get'
    - 'cluster:admin/opensearch/ml/tasks/search'
    - 'cluster:admin/opensearch/ml/tools/get'
    - 'cluster:admin/opensearch/ml/tools/list'

# Allows users to use all ML functionality
ml_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster_monitor'
    - 'cluster:admin/opensearch/ml/*'
  index_permissions:
    - index_patterns:
        - '*'
      allowed_actions:
        - 'indices_monitor'

# Allows users to use all Notifications functionality
notifications_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opensearch/notifications/*'

# Allows users to read Notifications config/channels
notifications_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opensearch/notifications/configs/get'
    - 'cluster:admin/opensearch/notifications/features'
    - 'cluster:admin/opensearch/notifications/channels/get'

# Allows users to use all snapshot management functionality
snapshot_management_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opensearch/snapshot_management/*'
    - 'cluster:admin/opensearch/notifications/feature/publish'
    - 'cluster:admin/repository/*'
    - 'cluster:admin/snapshot/*'

# Allows users to see snapshots, repositories, and snapshot management policies
snapshot_management_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opensearch/snapshot_management/policy/get'
    - 'cluster:admin/opensearch/snapshot_management/policy/search'
    - 'cluster:admin/opensearch/snapshot_management/policy/explain'
    - 'cluster:admin/repository/get'
    - 'cluster:admin/snapshot/get'

# Allows user to use point in time functionality
point_in_time_full_access:
  reserved: true
  index_permissions:
    - index_patterns:
        - '*'
      allowed_actions:
        - 'manage_point_in_time'

# Allows users to see security analytics detectors and others
security_analytics_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opensearch/securityanalytics/alerts/get'
    - 'cluster:admin/opensearch/securityanalytics/correlationAlerts/get'
    - 'cluster:admin/opensearch/securityanalytics/correlations/findings'
    - 'cluster:admin/opensearch/securityanalytics/correlations/list'
    - 'cluster:admin/opensearch/securityanalytics/detector/get'
    - 'cluster:admin/opensearch/securityanalytics/detector/search'
    - 'cluster:admin/opensearch/securityanalytics/findings/get'
    - 'cluster:admin/opensearch/securityanalytics/logtype/search'
    - 'cluster:admin/opensearch/securityanalytics/mapping/get'
    - 'cluster:admin/opensearch/securityanalytics/mapping/view/get'
    - 'cluster:admin/opensearch/securityanalytics/rule/get'
    - 'cluster:admin/opensearch/securityanalytics/rule/search'
    - 'cluster:admin/opensearch/securityanalytics/threatintel/alerts/get'
    - 'cluster:admin/opensearch/securityanalytics/threatintel/iocs/findings/get'
    - 'cluster:admin/opensearch/securityanalytics/threatintel/iocs/list'
    - 'cluster:admin/opensearch/securityanalytics/threatintel/monitors/search'
    - 'cluster:admin/opensearch/securityanalytics/threatintel/sources/get'
    - 'cluster:admin/opensearch/securityanalytics/threatintel/sources/search'

# Allows users to use all security analytics functionality
security_analytics_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opensearch/securityanalytics/alerts/*'
    - 'cluster:admin/opensearch/securityanalytics/connections/*'
    - 'cluster:admin/opensearch/securityanalytics/correlationAlerts/*'
    - 'cluster:admin/opensearch/securityanalytics/correlations/*'
    - 'cluster:admin/opensearch/securityanalytics/detector/*'
    - 'cluster:admin/opensearch/securityanalytics/findings/*'
    - 'cluster:admin/opensearch/securityanalytics/logtype/*'
    - 'cluster:admin/opensearch/securityanalytics/mapping/*'
    - 'cluster:admin/opensearch/securityanalytics/rule/*'
    - 'cluster:admin/opensearch/securityanalytics/threatintel/*'
  index_permissions:
    - index_patterns:
        - '*'
      allowed_actions:
        - 'indices:admin/mapping/put'
        - 'indices:admin/mappings/get'

# Allows users to view and acknowledge alerts
security_analytics_ack_alerts:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opensearch/securityanalytics/alerts/*'
    - 'cluster:admin/opensearch/securityanalytics/correlationAlerts/*'
    - 'cluster:admin/opensearch/securityanalytics/threatintel/alerts/*'

# Allows users to use all Flow Framework functionality
flow_framework_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opensearch/flow_framework/*'
    - 'cluster_monitor'
  index_permissions:
    - index_patterns:
        - '*'
      allowed_actions:
        - 'indices:admin/aliases/get'
        - 'indices:admin/mappings/get'
        - 'indices_monitor'

# Allow users to read flow framework's workflows and their state
flow_framework_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opensearch/flow_framework/workflow/get'
    - 'cluster:admin/opensearch/flow_framework/workflow/search'
    - 'cluster:admin/opensearch/flow_framework/workflow_state/get'
    - 'cluster:admin/opensearch/flow_framework/workflow_state/search'
    - 'cluster:admin/opensearch/flow_framework/workflow_step/get'

# Allows users to use all query insights APIs
query_insights_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opensearch/insights/top_queries/*'
  index_permissions:
    - index_patterns:
        - 'top_queries_by_*'
      allowed_actions:
        - "indices_all"

# Wazuh monitoring and statistics index permissions
manage_wazuh_index:
  reserved: true
  hidden: false
  cluster_permissions: []
  index_permissions:
  - index_patterns:
    - "wazuh-*"
    dls: ""
    fls: []
    masked_fields: []
    allowed_actions:
    - "read"
    - "delete"
    - "manage"
    - "index"
  tenant_permissions: []
  static: false

roles_mapping.yml

---
# In this file users, backendroles and hosts can be mapped to Security roles.
# Permissions for OpenSearch roles are configured in roles.yml

_meta:
  type: "rolesmapping"
  config_version: 2

# Define your roles mapping here

## Demo roles mapping

all_access:
  reserved: false
  backend_roles:
  - "admin"
  description: "Maps admin to all_access"

own_index:
  reserved: false
  users:
  - "*"
  description: "Allow full access to an index named like the username"

logstash:
  reserved: false
  backend_roles:
  - "logstash"

kibana_user:
  reserved: false
  backend_roles:
  - "kibanauser"
  description: "Maps kibanauser to kibana_user"

readall:
  reserved: false
  backend_roles:
  - "readall"

manage_snapshots:
  reserved: false
  backend_roles:
  - "snapshotrestore"

kibana_server:
  reserved: true
  users:
  - "kibanaserver"

# Wazuh monitoring and statistics index permissions
manage_wazuh_index:
  reserved: true
  hidden: false
  backend_roles: []
  hosts: []
  users:
  - "kibanaserver"
  and_backend_roles: []

[AlexRuiz7]

However, the jvm.options does not contain the settings for the PA. I assume these are included when the service starts, which is not the case, as it is failing.

root@node-2:/home/vagrant/scripts# systemctl status wazuh-indexer-performance-analyzer
× wazuh-indexer-performance-analyzer.service - OpenSearch Performance Analyzer
     Loaded: loaded (/lib/systemd/system/wazuh-indexer-performance-analyzer.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Tue 2024-11-19 16:20:41 UTC; 17s ago
    Process: 2742 ExecStart=/usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli (code=exited, status=203/EXEC)
   Main PID: 2742 (code=exited, status=203/EXEC)
        CPU: 2ms

Nov 19 16:20:41 node-2 systemd[1]: wazuh-indexer-performance-analyzer.service: Scheduled restart job, restart counter is at 5.
Nov 19 16:20:41 node-2 systemd[1]: Stopped OpenSearch Performance Analyzer.
Nov 19 16:20:41 node-2 systemd[1]: wazuh-indexer-performance-analyzer.service: Start request repeated too quickly.
Nov 19 16:20:41 node-2 systemd[1]: wazuh-indexer-performance-analyzer.service: Failed with result 'exit-code'.
Nov 19 16:20:41 node-2 systemd[1]: Failed to start OpenSearch Performance Analyzer.

root@node-2:/home/vagrant/scripts# cat /lib/systemd/system/wazuh-indexer-performance-analyzer.service 
[Unit]
Description=OpenSearch Performance Analyzer
PartOf=wazuh-indexer.service

[Service]
ExecStart=/usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli
Restart=on-failure
User=wazuh-indexer
Group=wazuh-indexer
Environment=OPENSEARCH_HOME=/usr/share/wazuh-indexer
Environment=OPENSEARCH_PATH_CONF=/etc/wazuh-indexer/
WorkingDirectory=/usr/share/wazuh-indexer

[Install]
WantedBy=wazuh-indexer.service

This is due to missing exec permissions on this file, only for the DEB package.

deb

-rw-r----- 1 wazuh-indexer wazuh-indexer 1048 Nov 19 13:32 /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli

rpm

[root@node-1 scripts]# ls -l /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli
-rwxr-x---. 1 wazuh-indexer wazuh-indexer 1048 Nov 19 13:31 /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli

The service starts, but the program fails due to opensearch-project/performance-analyzer-rca#545.

[root@node-1 scripts]# systemctl status wazuh-indexer-performance-analyzer
● wazuh-indexer-performance-analyzer.service - OpenSearch Performance Analyzer
     Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer-performance-analyzer.service; enabled; preset: disabled)
     Active: active (running) since Tue 2024-11-19 16:46:09 UTC; 5s ago
   Main PID: 4272 (java)
      Tasks: 16 (limit: 24731)
     Memory: 80.3M
        CPU: 1.256s
     CGroup: /system.slice/wazuh-indexer-performance-analyzer.service
             └─4272 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Xms4m -Xmx64m -XX:+UseSerialGC -Dlog4j.configurationFile=/etc/wazuh-indexer//opensearch-performance-analyzer/log4j2.xml -Xms64M -Xmx64M -XX:>

Nov 19 16:46:09 node-1 systemd[1]: Started OpenSearch Performance Analyzer.
Nov 19 16:46:10 node-1 performance-analyzer-agent-cli[4272]: Exception in thread "main" java.lang.IllegalArgumentException: cannot add context to list
Nov 19 16:46:10 node-1 performance-analyzer-agent-cli[4272]:         at jdk.httpserver/sun.net.httpserver.ContextList.add(ContextList.java:37)
Nov 19 16:46:10 node-1 performance-analyzer-agent-cli[4272]:         at jdk.httpserver/sun.net.httpserver.ServerImpl.createContext(ServerImpl.java:275)
Nov 19 16:46:10 node-1 performance-analyzer-agent-cli[4272]:         at jdk.httpserver/sun.net.httpserver.HttpServerImpl.createContext(HttpServerImpl.java:74)
Nov 19 16:46:10 node-1 performance-analyzer-agent-cli[4272]:         at jdk.httpserver/sun.net.httpserver.HttpServerImpl.createContext(HttpServerImpl.java:39)
Nov 19 16:46:10 node-1 performance-analyzer-agent-cli[4272]:         at org.opensearch.performanceanalyzer.PerformanceAnalyzerApp.createClientServers(PerformanceAnalyzerApp.java:354)
Nov 19 16:46:10 node-1 performance-analyzer-agent-cli[4272]:         at org.opensearch.performanceanalyzer.PerformanceAnalyzerApp.createClientServers(PerformanceAnalyzerApp.java:319)
Nov 19 16:46:10 node-1 performance-analyzer-agent-cli[4272]:         at org.opensearch.performanceanalyzer.PerformanceAnalyzerApp.main(PerformanceAnalyzerApp.java:112)
[root@node-1 scripts]# ls -l /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli

[AlexRuiz7]

Stuff above fixed on 11a6a33.