Skip to content

Indexer initialization plugin #425

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
6 of 11 tasks
davidjiglesias opened this issue May 16, 2025 · 0 comments
Open
6 of 11 tasks

Indexer initialization plugin #425

davidjiglesias opened this issue May 16, 2025 · 0 comments
Assignees
@Dwordcito @AlexRuiz7
Labels
level/objective type/enhancement Enhancement issue

Comments

@davidjiglesias
Copy link
Member

davidjiglesias commented May 16, 2025
edited by f-galland
Loading

Description

This issue aims to ensure that the Wazuh Indexer validates and sets up all required components during its initialization phase. This includes the creation and verification of necessary indices, pipelines, and security roles. By doing so, the Indexer avoids startup inconsistencies, reduces integration issues with Wazuh Servers, and simplifies the overall deployment process.

Functional requirements

  1. The Wazuh Indexer must ensure all required components are initialized before accepting indexing requests. These include:
    • Stream indices, mappings, and ingest pipelines.
    • State indices, mappings, and ingest pipelines.
    • Role-Based Access Control (RBAC): Ensure required users exist with minimal necessary permissions.
    • Rollover and alias configuration for stream indices.
  2. The Indexer plugin must use OpenSearch’s plugin and lifecycle APIs to initialize the features listed above during startup.
  3. The Indexer plugin must include error handling that provides clear, actionable, and user-friendly error messages if any component fails to initialize.
  4. The Wazuh Indexer must block ingestion and indexing operations until it confirms that all initialization tasks are complete and successful. This includes rejecting API requests during the unready state.
  5. The plugin must ensure that the process to create and assign custom roles for built-in users is documented thoroughly, including permission scopes.

Non-functional requirements

  • Resilience: The plugin must gracefully handle and retry temporary failures (e.g., index service delays or permission issues), with configurable backoff.
  • Security: The plugin must follow the principle of least privilege when assigning default roles and permissions, and validate RBAC integrity before enabling indexing.
  • Observability: All steps of the initialization process must be clearly logged.
  • Performance: Initialization should complete within a defined timeout (e.g., 60 seconds by default).
  • Maintainability: Initialization logic must be modular and documented, allowing future updates to add support for new index types, roles, or mappings with minimal changes.

Implementation restrictions

  1. This feature will be developed as an OpenSearch plugin.
  2. The plugin must be implemented in Java, following OpenSearch plugin development standards.
  3. The plugin will be included by default in Wazuh Indexer packages and initialized automatically at node startup.

Plan

Spike

Development

Requirements traceability matrix

  • Checkpoint - Review documentation for the initialization plugin
  • Checkpoint - Initialization plugin E2E test

Notes

  • Future work:
  • Technical debt:
  • Missed requirements:
  • Other considerations:
@davidjiglesias davidjiglesias added level/task Task issue type/bug Bug issue labels May 16, 2025
@havidarou havidarou changed the title Indexer initilization plugin Indexer plugin initialization May 16, 2025
@havidarou havidarou changed the title Indexer plugin initialization Indexer initialization plugin May 16, 2025
@havidarou havidarou added type/enhancement Enhancement issue level/objective and removed level/task Task issue type/bug Bug issue labels May 16, 2025
@vikman90 vikman90 added this to Roadmap May 19, 2025
@vikman90 vikman90 moved this to Backlog in Roadmap May 19, 2025
@wazuhci wazuhci moved this to Triage in XDR+SIEM/Release 5.0.0 May 19, 2025
@wazuhci wazuhci moved this from Triage to Backlog in XDR+SIEM/Release 5.0.0 May 20, 2025
@wazuhci wazuhci moved this from Backlog to In progress in XDR+SIEM/Release 5.0.0 May 21, 2025
@wazuhci wazuhci moved this from Backlog to In progress in Roadmap May 23, 2025
@AlexRuiz7 AlexRuiz7 mentioned this issue May 27, 2025
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Dwordcito Dwordcito

@AlexRuiz7 AlexRuiz7

Labels
level/objective type/enhancement Enhancement issue
Projects
Roadmap
Status: In progress
XDR+SIEM/Release 5.0.0
Status: In progress
Milestone
No milestone
Development

No branches or pull requests
4 participants
@havidarou @Dwordcito @AlexRuiz7 @davidjiglesias