Skip to content

Replace wazuh.yml references to opensearch_dashboards.yml in the installation assistant #545

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
c-bordon merged 4 commits into from
Dec 19, 2025
Merged

Replace wazuh.yml references to opensearch_dashboards.yml in the installation assistant #545

c-bordon merged 4 commits into from
Dec 19, 2025

Conversation

@Enaraque
Copy link
Member

@Enaraque Enaraque commented Dec 19, 2025

Description

The paths referencing wazuh.yml have been replaced with /etc/wazuh-dashboard/opensearch_dashboards.yml in the installation assistant, since in version 5.0 all API hosts–related configuration will be located in this file.

Tests 🧪

These references were used to modify the server host URL. Several tests were performed to ensure that the value is updated correctly.

Execute the sed command in the terminal

Before changing the line:

root@ip-172-31-75-221:/home/ubuntu# cat /etc/wazuh-dashboard/opensearch_dashboards.yml 
server.host: 0.0.0.0
opensearch.hosts: https://127.0.0.1:9200
server.port: 443
opensearch.ssl.verificationMode: certificate
# opensearch.username: kibanaserver
# opensearch.password: "EQt8ch0jq3tLB2YH1d9uJr.8sHY6KmvM"
opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/wazuh-dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wz-home
opensearch_security.cookie.secure: true
# Session expiration settings
opensearch_security.cookie.ttl: 900000
opensearch_security.session.ttl: 900000
opensearch_security.session.keepalive: true

# Define the Wazuh server hosts
wazuh_core.hosts:
  default:
    url: https://localhost
    port: 55000
    username: wazuh-wui
    password: "EQt8ch0jq3tLB2YH1d9uJr.8sHY6KmvM"
    run_as: false

After changing the line:

root@ip-172-31-75-221:/home/ubuntu# sed -i 's,url: https://localhost/,url: https://1.2.3.4/,g' /etc/wazuh-dashboard/opensearch_dashboards.yml
root@ip-172-31-75-221:/home/ubuntu# cat /etc/wazuh-dashboard/opensearch_dashboards.yml 
server.host: 0.0.0.0
opensearch.hosts: https://127.0.0.1:9200
server.port: 443
opensearch.ssl.verificationMode: certificate
# opensearch.username: kibanaserver
# opensearch.password: "EQt8ch0jq3tLB2YH1d9uJr.8sHY6KmvM"
opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/wazuh-dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wz-home
opensearch_security.cookie.secure: true
# Session expiration settings
opensearch_security.cookie.ttl: 900000
opensearch_security.session.ttl: 900000
opensearch_security.session.keepalive: true

# Define the Wazuh server hosts
wazuh_core.hosts:
  default:
    url: https://1.2.3.4
    port: 55000
    username: wazuh-wui
    password: "EQt8ch0jq3tLB2YH1d9uJr.8sHY6KmvM"
    run_as: false
Executing the ia installing an AIO deployment

The line url: https://localhost is successfully replaced with url: https://127.0.0.1

root@ip-172-31-75-221:/home/ubuntu# sudo bash wazuh-install.sh -a -o -v -d local
19/12/2025 12:18:00 WARNING: Tag 'v5.0.0-' does not exist. Using the source branch related to the Wazuh version (5.0.0).
19/12/2025 12:18:00 WARNING: Branch '5.0.0' does not exist. Using the 5.0.0 branch.
19/12/2025 12:18:00 DEBUG: Checking root permissions.
19/12/2025 12:18:00 DEBUG: Checking sudo package.
19/12/2025 12:18:00 INFO: Starting Wazuh installation assistant. Wazuh version: 5.0.0
19/12/2025 12:18:00 INFO: Verbose logging redirected to /var/log/wazuh-install.log
19/12/2025 12:18:00 DEBUG: APT package manager will be used.
19/12/2025 12:18:00 DEBUG: Checking system distribution.
19/12/2025 12:18:00 DEBUG: Detected distribution name: ubuntu
19/12/2025 12:18:00 DEBUG: Detected distribution version: 22
19/12/2025 12:18:00 DEBUG: Installing check dependencies.
Hit:1 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports jammy InRelease
Hit:2 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports jammy-updates InRelease
Hit:3 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports jammy-backports InRelease
Hit:4 http://ports.ubuntu.com/ubuntu-ports jammy-security InRelease
Reading package lists...
19/12/2025 12:18:07 DEBUG: Checking Wazuh installation.
19/12/2025 12:18:07 DEBUG: There are Wazuh remaining files.
19/12/2025 12:18:08 DEBUG: There are Wazuh indexer remaining files.
19/12/2025 12:18:08 DEBUG: There are Wazuh dashboard remaining files.
19/12/2025 12:18:08 INFO: --- Removing existing Wazuh installation ---
19/12/2025 12:18:08 INFO: Removing Wazuh manager.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  wazuh-manager*
0 upgraded, 0 newly installed, 1 to remove and 97 not upgraded.
                                                               After this operation, 1009 MB disk space will be freed.
(Reading database ... 239258 files and directories currently installed.)                                              (Reading database ... 
Removing wazuh-manager (5.0.0-latest) ...
Processing triggers for libc-bin (2.35-0ubuntu3.11) ...
(Reading database ... 215594 files and directories currently installed.)
Purging configuration files for wazuh-manager (5.0.0-latest) ...
19/12/2025 12:18:21 INFO: Wazuh manager removed.
19/12/2025 12:18:21 INFO: Removing Wazuh indexer.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  wazuh-indexer*
0 upgraded, 0 newly installed, 1 to remove and 97 not upgraded.
                                                               After this operation, 1109 MB disk space will be freed.
(Reading database ... 215575 files and directories currently installed.)                                              (Reading database ... 
Removing wazuh-indexer (5.0.0-latest) ...
Running Wazuh Indexer Pre-Removal Script
Stop existing wazuh-indexer.service
(Reading database ... 214560 files and directories currently installed.)
Purging configuration files for wazuh-indexer (5.0.0-latest) ...
dpkg: warning: while removing wazuh-indexer, directory '/var/log/wazuh-indexer' not empty so not removed
dpkg: warning: while removing wazuh-indexer, directory '/var/lib/wazuh-indexer' not empty so not removed
dpkg: warning: while removing wazuh-indexer, directory '/etc/wazuh-indexer/certs' not empty so not removed
19/12/2025 12:18:30 INFO: Wazuh indexer removed.
19/12/2025 12:18:30 INFO: Removing Wazuh dashboard.
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  wazuh-dashboard*
0 upgraded, 0 newly installed, 1 to remove and 97 not upgraded.
                                                               After this operation, 1301 MB disk space will be freed.
(Reading database ... 212100 files and directories currently installed.)                                              (Reading database ... 
Removing wazuh-dashboard (5.0.0-latest) ...
Stopping wazuh-dashboard service... OK
Deleting PID directory... OK
Deleting installation directory... OK
(Reading database ... 105343 files and directories currently installed.)
Purging configuration files for wazuh-dashboard (5.0.0-latest) ...
 OK
dpkg: warning: while removing wazuh-dashboard, directory '/usr/lib/systemd/system' not empty so not removed
19/12/2025 12:18:41 INFO: Wazuh dashboard removed.
19/12/2025 12:18:41 DEBUG: Removing GPG key from system.
19/12/2025 12:18:41 INFO: Wazuh GPG key not found in the system
19/12/2025 12:18:42 INFO: Installation cleaned.
19/12/2025 12:18:42 DEBUG: Checking system architecture.
19/12/2025 12:18:42 DEBUG: System architecture: aarch64
19/12/2025 12:18:42 INFO: Verifying that your system meets the recommended minimum hardware requirements.
19/12/2025 12:18:42 DEBUG: CPU cores detected: 4
19/12/2025 12:18:42 DEBUG: Free RAM memory detected: 7768
19/12/2025 12:18:42 DEBUG: Checking ports availability.
Hit:1 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports jammy InRelease
Hit:2 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports jammy-updates InRelease
Hit:3 http://us-east-1.ec2.ports.ubuntu.com/ubuntu-ports jammy-backports InRelease
Hit:4 http://ports.ubuntu.com/ubuntu-ports jammy-security InRelease
Reading package lists...
19/12/2025 12:18:45 DEBUG: Installing prerequisites dependencies.
19/12/2025 12:18:50 DEBUG: Checking curl tool version.
19/12/2025 12:18:50 DEBUG: Checking if artifact_urls.yml exists locally.
19/12/2025 12:18:50 DEBUG: Checking artifact_urls.yml file format.
19/12/2025 12:18:50 DEBUG: Checking required component is present in artifact_urls.yml file.
19/12/2025 12:18:50 INFO: --- Configuration files ---
19/12/2025 12:18:50 INFO: Generating configuration files.
19/12/2025 12:18:51 DEBUG: Creating Wazuh certificates.
19/12/2025 12:18:51 DEBUG: Reading configuration file.
19/12/2025 12:18:51 DEBUG: Checking if 127.0.0.1 is private.
19/12/2025 12:18:51 DEBUG: Checking if 127.0.0.1 is private.
19/12/2025 12:18:51 DEBUG: Checking if 127.0.0.1 is private.
19/12/2025 12:18:51 INFO: Generating the root certificate.
19/12/2025 12:18:52 INFO: Generating Admin certificates.
19/12/2025 12:18:52 DEBUG: Generating Admin private key.
19/12/2025 12:18:52 DEBUG: Converting Admin private key to PKCS8 format.
19/12/2025 12:18:52 DEBUG: Generating Admin CSR.
19/12/2025 12:18:52 DEBUG: Creating Admin certificate.
19/12/2025 12:18:52 INFO: Generating Wazuh indexer certificates.
19/12/2025 12:18:52 DEBUG: Creating the certificates for wazuh-indexer indexer node.
19/12/2025 12:18:52 DEBUG: Generating certificate configuration.
19/12/2025 12:18:52 DEBUG: Creating the Wazuh indexer tmp key pair.
19/12/2025 12:18:52 DEBUG: Creating the Wazuh indexer certificates.
19/12/2025 12:18:52 INFO: Generating Wazuh server certificates.
19/12/2025 12:18:52 DEBUG: Generating the certificates for wazuh-server server node.
19/12/2025 12:18:52 DEBUG: Generating certificate configuration.
19/12/2025 12:18:52 DEBUG: Creating the Wazuh server tmp key pair.
19/12/2025 12:18:53 DEBUG: Creating the Wazuh server certificates.
19/12/2025 12:18:53 INFO: Generating Wazuh dashboard certificates.
19/12/2025 12:18:53 DEBUG: Generating certificate configuration.
19/12/2025 12:18:53 DEBUG: Creating the Wazuh dashboard tmp key pair.
19/12/2025 12:18:53 DEBUG: Creating the Wazuh dashboard certificates.
19/12/2025 12:18:53 DEBUG: Cleaning certificate files.
19/12/2025 12:18:53 DEBUG: Generating password file.
19/12/2025 12:18:53 DEBUG: Generating random passwords.
19/12/2025 12:18:54 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.
19/12/2025 12:18:54 DEBUG: Extracting Wazuh configuration.
19/12/2025 12:18:54 DEBUG: Reading configuration file.
19/12/2025 12:18:54 DEBUG: Checking if 127.0.0.1 is private.
19/12/2025 12:18:54 DEBUG: Checking if 127.0.0.1 is private.
19/12/2025 12:18:54 DEBUG: Checking if 127.0.0.1 is private.
19/12/2025 12:18:54 INFO: --- Wazuh indexer ---
19/12/2025 12:18:54 INFO: Downloading wazuh_indexer package: wazuh-indexer_5.0.0-latest_arm64.deb
19/12/2025 12:19:17 INFO: wazuh_indexer package downloaded successfully: /home/ubuntu/wazuh-install-packages/wazuh-indexer_5.0.0-latest_arm64.deb
19/12/2025 12:19:17 INFO: Starting Wazuh indexer installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-indexer 0 upgraded, 1 newly installed, 0 to remove and 97 not upgraded. Need to get 0 B/851 MB of archives. After this operation, 1109 MB of additional disk space will be used. Get:1 /home/ubuntu/wazuh-install-packages/wazuh-indexer_5.0.0-latest_arm64.deb wazuh-indexer arm64 5.0.0-latest [ NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1012-aws NEEDRESTART-KEXP: 6.8.0-1044-aws NEEDRESTART-KSTA: 3 NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-manager NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
19/12/2025 12:20:00 DEBUG: Checking Wazuh installation.
19/12/2025 12:20:01 DEBUG: There are Wazuh indexer remaining files.
19/12/2025 12:20:02 INFO: Wazuh indexer installation finished.
19/12/2025 12:20:02 DEBUG: Configuring Wazuh indexer.
19/12/2025 12:20:02 DEBUG: Copying Wazuh indexer certificates.
mkdir: cannot create directory ‘/etc/wazuh-indexer/certs’: File exists
19/12/2025 12:20:02 INFO: Wazuh indexer post-install configuration finished.
19/12/2025 12:20:02 INFO: Starting service wazuh-indexer.
Synchronizing state of wazuh-indexer.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable wazuh-indexer
19/12/2025 12:20:24 INFO: wazuh-indexer service started.
19/12/2025 12:20:24 INFO: Initializing Wazuh indexer cluster security settings.
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 3.3.2
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index does not exists, attempt to create it ... done (0-all replicas)
Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 9 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","actiongroups","config","internalusers"],"updated_config_size":9,"message":null} is 9 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","actiongroups","config","internalusers"]) due to: null
Done with success
19/12/2025 12:20:33 INFO: Wazuh indexer cluster security configuration initialized.
19/12/2025 12:20:33 INFO: Wazuh indexer cluster initialized.
19/12/2025 12:20:33 INFO: --- Wazuh server ---
19/12/2025 12:20:33 INFO: Downloading wazuh_manager package: wazuh-manager_5.0.0-latest_arm64.deb
19/12/2025 12:20:47 INFO: wazuh_manager package downloaded successfully: /home/ubuntu/wazuh-install-packages/wazuh-manager_5.0.0-latest_arm64.deb
19/12/2025 12:20:47 INFO: Starting the Wazuh manager installation.
Reading package lists... Building dependency tree... Reading state information... Suggested packages: expect The following NEW packages will be installed: wazuh-manager 0 upgraded, 1 newly installed, 0 to remove and 97 not upgraded. Need to get 0 B/453 MB of archives. After this operation, 1009 MB of additional disk space will be used. Get:1 /home/ubuntu/wazuh-install-packages/wazuh-manager_5.0.0-latest_arm64.deb wazuh-m NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1012-aws NEEDRESTART-KEXP: 6.8.0-1044-aws NEEDRESTART-KSTA: 3 NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-manager NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
19/12/2025 12:21:58 DEBUG: Checking Wazuh installation.
19/12/2025 12:21:59 DEBUG: There are Wazuh remaining files.
19/12/2025 12:21:59 DEBUG: There are Wazuh indexer remaining files.
19/12/2025 12:22:00 INFO: Wazuh manager installation finished.
19/12/2025 12:22:00 DEBUG: Configuring Wazuh manager.
19/12/2025 12:22:00 DEBUG: Copying Manager certificates.
19/12/2025 12:22:00 DEBUG: Setting provisional Wazuh indexer password.
19/12/2025 12:22:00 INFO: Wazuh manager vulnerability detection configuration finished.
19/12/2025 12:22:00 INFO: Starting service wazuh-manager.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-manager.service → /lib/systemd/system/wazuh-manager.service.
19/12/2025 12:22:11 INFO: wazuh-manager service started.
19/12/2025 12:22:11 INFO: --- Wazuh dashboard ---
19/12/2025 12:22:11 INFO: Downloading wazuh_dashboard package: wazuh-dashboard_5.0.0-latest_arm64.deb
19/12/2025 12:22:18 INFO: wazuh_dashboard package downloaded successfully: /home/ubuntu/wazuh-install-packages/wazuh-dashboard_5.0.0-latest_arm64.deb
19/12/2025 12:22:18 INFO: Starting Wazuh dashboard installation.
Reading package lists... Building dependency tree... Reading state information... The following NEW packages will be installed: wazuh-dashboard 0 upgraded, 1 newly installed, 0 to remove and 97 not upgraded. Need to get 0 B/220 MB of archives. After this operation, 1301 MB of additional disk space will be used. Get:1 /home/ubuntu/wazuh-install-packages/wazuh-dashboard_5.0.0-latest_arm64.deb wazuh-dashboard arm64 5.0.0-la NEEDRESTART-VER: 3.5 NEEDRESTART-KCUR: 6.2.0-1012-aws NEEDRESTART-KEXP: 6.8.0-1044-aws NEEDRESTART-KSTA: 3 NEEDRESTART-SVC: chrony.service NEEDRESTART-SVC: cron.service NEEDRESTART-SVC: dbus.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: irqbalance.service NEEDRESTART-SVC: multipathd.service NEEDRESTART-SVC: networkd-dispatcher.service NEEDRESTART-SVC: packagekit.service NEEDRESTART-SVC: polkit.service NEEDRESTART-SVC: rsyslog.service NEEDRESTART-SVC: [email protected] NEEDRESTART-SVC: ssh.service NEEDRESTART-SVC: systemd-journald.service NEEDRESTART-SVC: systemd-logind.service NEEDRESTART-SVC: systemd-manager NEEDRESTART-SVC: systemd-networkd.service NEEDRESTART-SVC: systemd-resolved.service NEEDRESTART-SVC: systemd-udevd.service NEEDRESTART-SVC: unattended-upgrades.service NEEDRESTART-SVC: [email protected]
19/12/2025 12:25:33 DEBUG: Checking Wazuh installation.
19/12/2025 12:25:34 DEBUG: There are Wazuh remaining files.
19/12/2025 12:25:34 DEBUG: There are Wazuh indexer remaining files.
19/12/2025 12:25:35 DEBUG: There are Wazuh dashboard remaining files.
19/12/2025 12:25:35 INFO: Wazuh dashboard installation finished.
19/12/2025 12:25:35 DEBUG: Configuring Wazuh dashboard.
19/12/2025 12:25:35 DEBUG: Copying Wazuh dashboard certificates.
19/12/2025 12:25:35 DEBUG: Wazuh dashboard certificate setup finished.
19/12/2025 12:25:35 INFO: Wazuh dashboard post-install configuration finished.
19/12/2025 12:25:35 INFO: Starting service wazuh-dashboard.
Created symlink /etc/systemd/system/multi-user.target.wants/wazuh-dashboard.service → /lib/systemd/system/wazuh-dashboard.service.
19/12/2025 12:25:36 INFO: wazuh-dashboard service started.
19/12/2025 12:25:36 DEBUG: Setting Wazuh indexer cluster passwords.
19/12/2025 12:25:36 DEBUG: Checking Wazuh installation.
19/12/2025 12:25:36 DEBUG: There are Wazuh remaining files.
19/12/2025 12:25:37 DEBUG: There are Wazuh indexer remaining files.
19/12/2025 12:25:37 DEBUG: There are Wazuh dashboard remaining files.
19/12/2025 12:25:37 INFO: Updating the internal users.
19/12/2025 12:25:37 DEBUG: Creating password backup.
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 3.3.2
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
19/12/2025 12:25:41 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
19/12/2025 12:25:41 INFO: A backup of the internal users has been saved in the /etc/wazuh-indexer/internalusers-backup folder.
19/12/2025 12:25:42 DEBUG: Generating password hashes.
19/12/2025 12:25:52 DEBUG: Password hashes generated.
19/12/2025 12:25:52 DEBUG: Creating password backup.
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 3.3.2
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Will retrieve '/config' into /etc/wazuh-indexer/backup/config.yml
   SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/backup/config.yml
Will retrieve '/roles' into /etc/wazuh-indexer/backup/roles.yml
   SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/backup/roles.yml
Will retrieve '/rolesmapping' into /etc/wazuh-indexer/backup/roles_mapping.yml
   SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/backup/roles_mapping.yml
Will retrieve '/internalusers' into /etc/wazuh-indexer/backup/internal_users.yml
   SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/backup/internal_users.yml
Will retrieve '/actiongroups' into /etc/wazuh-indexer/backup/action_groups.yml
   SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/backup/action_groups.yml
Will retrieve '/tenants' into /etc/wazuh-indexer/backup/tenants.yml
   SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/backup/tenants.yml
Will retrieve '/nodesdn' into /etc/wazuh-indexer/backup/nodes_dn.yml
   SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/backup/nodes_dn.yml
Will retrieve '/allowlist' into /etc/wazuh-indexer/backup/allowlist.yml
   SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/backup/allowlist.yml
Will retrieve '/audit' into /etc/wazuh-indexer/backup/audit.yml
   SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/backup/audit.yml
19/12/2025 12:25:56 DEBUG: Password backup created in /etc/wazuh-indexer/backup.
19/12/2025 12:25:56 DEBUG: Restarting wazuh-manager service...
19/12/2025 12:26:14 DEBUG: wazuh-manager started.
19/12/2025 12:26:15 DEBUG: Restarting wazuh-dashboard service...
19/12/2025 12:26:16 DEBUG: wazuh-dashboard started.
19/12/2025 12:26:16 DEBUG: Running security admin tool.
19/12/2025 12:26:16 DEBUG: Loading new passwords changes.
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 3.3.2
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /home/ubuntu
Force type: internalusers
Will update '/internalusers' with /etc/wazuh-indexer/backup/internal_users.yml
   SUCC: Configuration for 'internalusers' created or updated
SUCC: Expected 1 config types for node {"updated_config_types":["internalusers"],"updated_config_size":1,"message":null} is 1 (["internalusers"]) due to: null
Done with success
19/12/2025 12:26:18 DEBUG: Passwords changed.
19/12/2025 12:26:18 DEBUG: Changing API passwords.
19/12/2025 12:26:20 INFO: Initializing Wazuh dashboard web application.
19/12/2025 12:26:20 INFO: Wazuh dashboard web application not yet initialized. Waiting...
19/12/2025 12:26:35 INFO: Wazuh dashboard web application not yet initialized. Waiting...
19/12/2025 12:26:51 INFO: Wazuh dashboard web application initialized.
19/12/2025 12:26:51 INFO: --- Summary ---
19/12/2025 12:26:51 INFO: You can access the web interface https://<wazuh-dashboard-ip>:443
    User: admin
    Password: BrvCwyOvJYr3KqV3X?d5HfLBI5h?HM.9
19/12/2025 12:26:51 DEBUG: Removed download packages directory: /home/ubuntu/wazuh-install-packages
19/12/2025 12:26:51 INFO: Installation finished.
root@ip-172-31-75-221:/home/ubuntu# cat /etc/wazuh-dashboard/opensearch_dashboards.yml 
server.host: 0.0.0.0
opensearch.hosts: https://127.0.0.1:9200
server.port: 443
opensearch.ssl.verificationMode: certificate
# opensearch.username: kibanaserver
# opensearch.password: "EQt8ch0jq3tLB2YH1d9uJr.8sHY6KmvM"
opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/wazuh-dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wz-home
opensearch_security.cookie.secure: true
# Session expiration settings
opensearch_security.cookie.ttl: 900000
opensearch_security.session.ttl: 900000
opensearch_security.session.keepalive: true

# Define the Wazuh server hosts
wazuh_core.hosts:
  default:
    url: https://127.0.0.1
    port: 55000
    username: wazuh-wui
    password: "EQt8ch0jq3tLB2YH1d9uJr.8sHY6KmvM"
    run_as: false

@Enaraque
replace wazuh.yml to
b512b4d 
opensearch_dashboards.yml
@Enaraque Enaraque requested a review from a team December 19, 2025 12:34
@Enaraque Enaraque self-assigned this Dec 19, 2025
@Enaraque Enaraque linked an issue Dec 19, 2025 that may be closed by this pull request
Development - DevOps 5.0 adaptation - Change the wazuh.yml references to opensearch_dashboards.yml #538
Closed
1 task
@c-bordon c-bordon merged commit 433cdd0 into main Dec 19, 2025
0 of 2 checks passed
@c-bordon c-bordon deleted the enhancement/538change-the-wazuhyml-references-to-opensearch_dashboardsyml branch December 19, 2025 12:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@teddytpc1 teddytpc1 teddytpc1 approved these changes

@c-bordon c-bordon c-bordon approved these changes

@CarlosALgit CarlosALgit CarlosALgit approved these changes

Assignees

@Enaraque Enaraque

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Development - DevOps 5.0 adaptation - Change the wazuh.yml references to opensearch_dashboards.yml

5 participants

@Enaraque @teddytpc1 @c-bordon @CarlosALgit