-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create WazuhDB endpoint to recalculate agent group hashes #23422
Labels
Comments
TomasTurina
added
type/bug
Something isn't working
module/db
Wazuh DB engine
level/task
labels
May 14, 2024
TomasTurina
changed the title
Create WazuhDB endpoint to recalculate agent groups hash
Create WazuhDB endpoint to recalculate agent group hashes
May 14, 2024
I started working on the issue
Branch: First tests (single node):
|
Test cluster: Set the group_hash of agent 2 to NULL to force continuous synchronization between master and worker:
cluster.log (worker): cluster.log
Recalculation of hashes in the master node:
cluster.log (worker) after recalculation of hashes: cluster.log
|
Added UTs for:
|
4 tasks
12 tasks
12 tasks
Update 15/05/2024
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
A condition was discovered that could lead the cluster to enter an infinite loop to synchronize agent groups information.
When the master node fails to set the
group_hash
column for any agent in theglobal.db
, this column remains empty until a new group modification occurs, which is something that doesn't happen very often. By synchronizing these columns in the cluster, the worker nodes receive the information and recalculate the hashes, producing a different result than the master which has some empty hashes. The master does not synchronize the hashes of empty groups, the worker nodes calculate them and that is why this happens.To fix this bug, it is proposed to implement a new endpoint in WazuhDB that the framework can use to make the manager recalculate all agent group hashes. This way the master will be able to recalculate bad group hashes without having to wait for the agent to change groups.
This new endpoint will be called
recalculate-agent-group-hashes
. It will not receive any parameters, it will simply iterate the list of all agents and recalculate thegroup_hash
for all of them. About thegroup_sync_status
column, it will be set tosynced
ifgroup_hash
doesn't change and tosyncreq
if it does (depending on if it's a worker or master node).The text was updated successfully, but these errors were encountered: