Wazuh dashboard certificate configuration triggers "Not Replacing" message

[rauldpm]

The Wazuh dashboard certificate configuration instructs users to move the dashboard.pem and dashboard-key.pem files using the following commands:

mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem

By default, the config.yml file downloaded and used to create certificates uses the dashboard name reference as the NODE_NAME. This results in a mv command from dashboard.pem to dashboard.pem, which triggers a message indicating that the certificate was not replaced, since the certificate had already been extracted with that name.

root@ip-172-31-4-122:/home/ubuntu# NODE_NAME=dashboard
root@ip-172-31-4-122:/home/ubuntu# mkdir /etc/wazuh-dashboard/certs
tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
chmod 500 /etc/wazuh-dashboard/certs
chmod 400 /etc/wazuh-dashboard/certs/*
chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
mv: not replacing '/etc/wazuh-dashboard/certs/dashboard.pem'
mv: not replacing '/etc/wazuh-dashboard/certs/dashboard-key.pem'

https://documentation-dev.wazuh.com/v4.14.0-rc2/installation-guide/wazuh-dashboard/step-by-step.html

We should review this behavior to determine whether the message can be avoided, or at least add a note to clarify it so that users do not mistake it for an error.

Related: wazuh/wazuh#32715 (comment) (dashboard install)

[Rolly-M]

@rauldpm

I tried running the steps for Installing the Wazuh dashboard following the Step by Step guide and I was able to reproduce the issue

root@ip-172-31-18-209:/home/ubuntu# NODE_NAME=dashboard
root@ip-172-31-18-209:/home/ubuntu# mkdir /etc/wazuh-dashboard/certs
tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
chmod 500 /etc/wazuh-dashboard/certs
chmod 400 /etc/wazuh-dashboard/certs/*
chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
mv: not replacing '/etc/wazuh-dashboard/certs/dashboard.pem'
mv: not replacing '/etc/wazuh-dashboard/certs/dashboard-key.pem'

A possible workaround is to either update the default config.yml file in the repository to use the dashboard naming consistent with the other components (dashboard-1), or alternatively, include a note indicating that if the user has retained the default node names in config.yml, the renaming steps can be safely skipped for the Wazuh dasboard deployment.

[Rolly-M]

I performed the Wazuh dashboard deployment by updating the configuration file with the following changes:

nodes:
  # Wazuh indexer nodes
  indexer:
    - name: node-1
      ip: "172.31.22.201"
    #- name: node-2
    #  ip: "<indexer-node-ip>"
    #- name: node-3
    #  ip: "<indexer-node-ip>"

  # Wazuh server nodes
  # If there is more than one Wazuh server
  # node, each one must have a node_type
  server:
    - name: wazuh-1
      ip: "172.31.22.201"
    #  node_type: master
    #- name: wazuh-2
    #  ip: "<wazuh-manager-ip>"
    #  node_type: worker
    #- name: wazuh-3
    #  ip: "<wazuh-manager-ip>"
    #  node_type: worker

  # Wazuh dashboard nodes
  dashboard:
    - name: dashboard-1
      ip: "172.31.22.201"

Upon executing the certificate configuration steps, the issue was no longer observed.

root@ip-172-31-22-201:/home/ubuntu#
root@ip-172-31-22-201:/home/ubuntu# NODE_NAME=dashboard-1
root@ip-172-31-22-201:/home/ubuntu# mkdir /etc/wazuh-dashboard/certs
tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
chmod 500 /etc/wazuh-dashboard/certs
chmod 400 /etc/wazuh-dashboard/certs/*
chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
root@ip-172-31-22-201:/home/ubuntu#

I recommend implementing this modification in the repository’s config.yml file to ensure a seamless experience for users.

[ace-109]

Hello @rauldpm

I am reassigning this from Rolly. I agree with the earlier test carried out by Rolly, and we will update the config.yml file to prevent this message. The updated file will also match our variable naming convention. Can you advise where to create this issue or which team is applicable, as this file is not under the control of the content team.

The updated file is shown below

nodes:
  # Wazuh indexer nodes
  indexer:
    - name: node-1
      ip: <WAZUH_INDEXER_NODE_IP_ADDRESS>
    #- name: node-2
    #  ip: <WAZUH_INDEXER_NODE_IP_ADDRESS>
    #- name: node-3
    #  ip: <WAZUH_INDEXER_NODE_IP_ADDRESS>


  # Wazuh server nodes
  # If there is more than one Wazuh server
  # node, each one must have a node_type
  server:
    - name: wazuh-1
      ip: <WAZUH_SERVER_NODE_IP_ADDRESS>
    #  node_type: master
    #- name: wazuh-2
    #  ip: <WAZUH_SERVER_NODE_IP_ADDRESS>
    #  node_type: worker
    #- name: wazuh-3
    #  ip: <WAZUH_SERVER_NODE_IP_ADDRESS>
    #  node_type: worker


  # Wazuh dashboard nodes
  dashboard:
    - name: dashboard-1
      ip: <WAZUH_DASHBOARD_IP_ADDRESS>