I am attempting to deploy a Wazuh docker container in an Ubuntu EC2 instance using the following steps (docker and docker compose are installed).
git -c http.proxy="http://tstark:[email protected]:8888" clone https://github.com/wazuh/wazuh-docker.git -b v4.3.10 --depth=1
docker-compose -f generate-indexer-certs.yml run --rm generator
docker-compose up -d
I a running through a proxy and have created the following service
echo "[Service]" >> /etc/systemd/system/docker.service.d/proxy.conf
echo "Environment="HTTP_PROXY=http://a:b@ip:port"" >> /etc/systemd/system/docker.service.d/proxy.conf
echo "Environment="HTTPS_PROXY=a:b@ip:port"" >> /etc/systemd/system/docker.service.d/proxy.conf
echo "Environment="NO_PROXY=localhost,127.0.0.1,::1"" >> /etc/systemd/system/docker.service.d/proxy.conf
Expected behaviour (based on deployment in a vanilla Ubuntu20 VM)
The output of these commands should be
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 26847 100 26847 0 0 229k 0 --:--:-- --:--:-- --:--:-- 227k
Cert tool exists in Packages bucket
07/12/2022 07:45:30 INFO: Admin certificates created.
07/12/2022 07:45:30 INFO: Wazuh indexer certificates created.
07/12/2022 07:45:30 INFO: Wazuh server certificates created.
07/12/2022 07:45:30 INFO: Wazuh dashboard certificates created.
Moving created certificates to destination directory
changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
Actual behaviour
docker-compose -f generate-indexer-certs.yml run --rm generator
Creating network "single-node_default" with the default driver
Pulling generator (wazuh/wazuh-certs-generator:0.0.1)...
0.0.1: Pulling from wazuh/wazuh-certs-generator
d7bfe07ed847: Pull complete
a6023cfa8265: Pull complete
6135753eefe9: Pull complete
9aaf0dae5d3f: Pull complete
Digest: sha256:6fc929d58d01b789d4a19c5da476c78cc267c0af07d1b22227ccae49acb084dc
Status: Downloaded newer image for wazuh/wazuh-certs-generator:0.0.1
Cert tool does not exist in any bucket
ERROR: certificates were not created
Could anyone please suggest what may be causing this error?
2
Answers
I finally figured this out. Whilst I'd configured Docker to use a proxy, I also needed to add an environment variable in
generate-indexer-certs.yml
to point to the proxyThe container created by generate-indexer-certs.yml runs a script named entrypoint.sh. That script tries to download a tool from https://packages.wazuh.com/4.3/wazuh-certs-tool.sh. When this download fails the error "Cert tool does not exist in any bucket" is printed. Most likely your container does not have functional networking. You’ll need to address that problem.