From a1fe9824f0c3f283b867337708d2cc2fe7ae2925 Mon Sep 17 00:00:00 2001 From: ayodeko Date: Tue, 14 Jan 2025 13:32:45 +0100 Subject: [PATCH 1/2] Update Wazuh indexer and Wazuh indexer cluster content structure. --- source/_static/js/redirects.js | 6 + source/user-manual/index.rst | 2 +- .../add-wazuh-indexer-nodes.rst} | 255 ++---------------- .../certificate-deployment.rst | 150 +++++++++++ .../cluster-management.rst | 66 +++++ .../index-lifecycle-management.rst} | 2 +- .../wazuh-indexer-cluster/index.rst | 22 ++ .../wazuh-indexer-cluster-tuning.rst | 146 ++++++++++ source/user-manual/wazuh-indexer/index.rst | 1 - .../wazuh-indexer/wazuh-indexer-tuning.rst | 134 +-------- 10 files changed, 411 insertions(+), 373 deletions(-) rename source/user-manual/{wazuh-indexer-cluster.rst => wazuh-indexer-cluster/add-wazuh-indexer-nodes.rst} (74%) create mode 100644 source/user-manual/wazuh-indexer-cluster/certificate-deployment.rst create mode 100644 source/user-manual/wazuh-indexer-cluster/cluster-management.rst rename source/user-manual/{wazuh-indexer/index-life-management.rst => wazuh-indexer-cluster/index-lifecycle-management.rst} (99%) create mode 100644 source/user-manual/wazuh-indexer-cluster/index.rst create mode 100644 source/user-manual/wazuh-indexer-cluster/wazuh-indexer-cluster-tuning.rst diff --git a/source/_static/js/redirects.js b/source/_static/js/redirects.js index eaf22d242e..16b484280b 100644 --- a/source/_static/js/redirects.js +++ b/source/_static/js/redirects.js @@ -73,6 +73,12 @@ newUrls['4.10'] = [ '/user-manual/capabilities/vulnerability-detection/troubleshooting.html', '/user-manual/capabilities/vulnerability-detection/FAQ.html', '/user-manual/capabilities/vulnerability-detection/known-issues.html', + '/user-manual/wazuh-indexer-cluster/index.html', + '/user-manual/wazuh-indexer-cluster/certificate-deployment.html', + '/user-manual/wazuh-indexer-cluster/add-wazuh-indexer-nodes.html', + '/user-manual/wazuh-indexer-cluster/index-lifecycle-management.html', + '/user-manual/wazuh-indexer-cluster/wazuh-indexer-cluster-tuning.html', + '/user-manual/wazuh-indexer-cluster/cluster-management.html', ] /* *** RELEASE 4.9 ****/ diff --git a/source/user-manual/index.rst b/source/user-manual/index.rst index c572a142cd..c387252d73 100644 --- a/source/user-manual/index.rst +++ b/source/user-manual/index.rst @@ -17,7 +17,7 @@ Welcome to the Wazuh user manual. Use it as your reference library once your bas wazuh-server-cluster api/index wazuh-indexer/index - wazuh-indexer-cluster + wazuh-indexer-cluster/index wazuh-dashboard/index agent/index ruleset/index diff --git a/source/user-manual/wazuh-indexer-cluster.rst b/source/user-manual/wazuh-indexer-cluster/add-wazuh-indexer-nodes.rst similarity index 74% rename from source/user-manual/wazuh-indexer-cluster.rst rename to source/user-manual/wazuh-indexer-cluster/add-wazuh-indexer-nodes.rst index 7576082f07..dfa6caed51 100644 --- a/source/user-manual/wazuh-indexer-cluster.rst +++ b/source/user-manual/wazuh-indexer-cluster/add-wazuh-indexer-nodes.rst @@ -1,168 +1,10 @@ -.. Copyright (C) 2015, Wazuh, Inc. +.. Copyright (C) 2015, Wazuh, Inc. .. meta:: - :description: This section provides information about the Wazuh indexer cluster. - -Wazuh indexer cluster -===================== - -This section provides the following information about the Wazuh indexer cluster: - -.. contents:: - :local: - :depth: 1 - :backlinks: none - -.. _certificates_deployment: - -Certificates deployment ------------------------ - -Wazuh uses certificates to establish trust and confidentiality between its central components - the Wazuh indexer, the Wazuh dashboard, and Filebeat. Certificates are deployed for new installation of Wazuh or during upscaling of Wazuh central components. The required certificates are: - -- **Root CA certificate**: The root CA (Certificate Authority) certificate acts as the foundation of trust for a security ecosystem. It is used to authenticate the identity of all nodes within the system and to sign other certificates, thereby establishing a chain of trust. -- **Node certificates**: Node certificates uniquely identify each node within the Wazuh cluster. They are used to encrypt and authenticate communications between the nodes. - - Each node certificate must include either the IP address or the DNS name of the node. This is important for the verification process during communications, ensuring that the data is indeed being sent to and received from trusted nodes. These certificates, signed by the root CA, ensure that any communication between the nodes is trusted and verified through this central authority. - -- **Admin certificate**: The admin certificate is a client certificate with special privileges. The Wazuh indexer uses it to perform management and security-related tasks such as initializing and managing the Wazuh indexer cluster, creating, modifying, and deleting users, as well as managing roles and permissions. It also helps ensure that only authorized commands are executed within the cluster. - -You can deploy certificates using two methods: - -.. contents:: - :local: - :depth: 1 - :backlinks: none - -Using the ``wazuh-certs-tool.sh`` script (default method) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The ``wazuh-certs-tool.sh`` script simplifies certificate generation for Wazuh central components and creates all the certificates required for installation. You need to create or edit the configuration file ``config.yml``. This file references the node details like node types and IP addresses or DNS names which are used to generate certificates for each of the nodes specified in it. A template could be downloaded from `our repository `__. These certificates are created with the following additional information: - -- ``C``: US -- ``L``: California -- ``O``: Wazuh -- ``OU``: Wazuh -- ``CN``: Name of the node - -Generating Wazuh indexer certificates -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Follow the steps below to create Wazuh indexer certificates using the ``wazuh-certs-tool.sh`` script: - -#. Run the command below to download the `wazuh-certs-tool.sh `__ script in your installation directory: - - .. code-block:: console - - # wget https://packages.wazuh.com/|WAZUH_CURRENT_MINOR|/wazuh-certs-tool.sh - -#. Create a ``config.yml`` file with the following content. We specify only the details regarding the Wazuh indexer nodes as we are focusing on creating certificates for the Wazuh indexer. - - .. code-block:: yaml - :emphasize-lines: 5 - - nodes: - # Wazuh indexer nodes - indexer: - - name: node-1 - ip: "" - #- name: node-2 - # ip: "" - #- name: node-3 - # ip: "" - - Where: - - - ``name`` represents a unique node name. You can choose any. - - ``ip`` represents the IP address or DNS name of the node. - -#. Run the script to create the Wazuh indexer certificates: - - .. code-block:: console - - # bash wazuh-certs-tool.sh -A - - After deploying the certificates, a directory ``wazuh-certificates`` will be created in the installation directory with the following content: - - .. code-block:: none - - wazuh-certificates/ - ├── admin-key.pem - ├── admin.pem - ├── root-ca.key - ├── root-ca.pem - ├── node-1-key.pem - └── node-1.pem - - The files in this directory are as follows: - - - ``root-ca.pem`` and ``root-ca.key``: These files represent the root Certificate Authority (CA). The ``.pem`` file contains the public certificate, while the ``.key`` file holds the private key used for signing other certificates. - - .. note:: - - If you are deploying a complete Wazuh infrastructure and deploying certificates for the first time you need to conserve the root CA certificate. This will be used to create and sign certificates for the Wazuh server and Wazuh dashboard nodes. - - - ``admin.pem`` and ``admin-key.pem``: These files contain the public and private keys used by the Wazuh indexer to perform management and security-related tasks such as initializing the Wazuh indexer cluster, creating and managing users and roles. - - ``node-1.pem`` and ``node-1-key.pem``: The ``node-1.pem`` file contains the public key, which is distributed and trusted by other Wazuh components to authenticate the indexer node. Conversely, the ``node-1-key.pem`` file holds the private key, which is kept securely on the Wazuh indexer and used for authentication and encryption in communication with other Wazuh components. - - In a clustered environment comprising two or more Wazuh indexer nodes, unique pairs of public and private keys are generated for each node. These keys are specific to the node and are identified by the names defined in the ``name`` field of the ``config.yml`` file. These key pairs must then be transferred to their corresponding nodes. - -#. Once the certificates are created, you need to rename and move the Wazuh indexer certificate to the appropriate Wazuh indexer nodes respectively. You need to place them in the default directory ``/etc/wazuh-indexer/certs/`` as referenced in the file ``/etc/wazuh-indexer/opensearch.yml``. You should create the directory if it doesn’t exist. - - .. code-block:: console - - # mv /path/to/node-1-key.pem /etc/wazuh-indexer/certs/indexer-key.pem - # mv /path/to/node-1.pem /etc/wazuh-indexer/certs/indexer.pem - -Generating Wazuh indexer certificates using the pre-existing root CA -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Wazuh also gives the ability to create and sign the admin and node(s) certificates using a pre-existing root CA. It avoids having to recreate certificates for all the nodes. - -.. note:: - - You need to use a pre-existing root CA to create Wazuh indexer certificates: - - - If you already have a root CA after generating certificates for the :ref:`Wazuh server ` or :doc:`Wazuh dashboard ` nodes. - - If you need to re-install a Wazuh indexer node or add a new node to your Wazuh indexer cluster. - -#. Create a ``config.yml`` file. You must specify the details for only the Wazuh indexer node(s) you want to create certificates for, depending on the cases described in the note above. -#. Run the command below to create Wazuh indexer certificates from the ``config.yml`` file using the pre-existing root CA keys: - - .. code-block:: console - - # bash wazuh-certs-tool.sh -wi /path/to/root-ca.pem /path/to/root-ca.key - - Where: - - - The flag ``-wi`` indicates we are creating Wazuh indexer certificates. - - The file ``/path/to/root-ca.pem`` contains the root CA certificate. - - The file ``/path/to/root-ca.key`` contains the root CA key. - - After deploying the certificates, a directory ``wazuh-certificates`` will be created in the installation directory with content similar to the one below: - - .. code-block:: none - - wazuh-certificates/ - ├── admin-key.pem - ├── admin.pem - ├── node-1-key.pem - └── node-1.pem - -#. Once the certificates are created, you need to rename and move the Wazuh indexer certificate to the appropriate Wazuh indexer nodes respectively. You need to place them in the default directory ``/etc/wazuh-indexer/certs/`` as referenced in the file ``/etc/wazuh-indexer/opensearch.yml``. You should create the directory if it doesn’t exist. - - .. code-block:: console - - # mv /path/to/node-1-key.pem /etc/wazuh-indexer/certs/indexer-key.pem - # mv /path/to/node-1.pem /etc/wazuh-indexer/certs/indexer.pem - -Using custom certificates -^^^^^^^^^^^^^^^^^^^^^^^^^ - -Custom certificates can be created using tools like OpenSSL. You must create the root CA, node, and admin certificates described above. - + :description: This section covers adding Wazuh indexer nodes to increase capacity and resilience. + Adding Wazuh indexer nodes --------------------------- +========================== Adding a new node to the Wazuh indexer cluster can enhance the capacity and resilience of the security monitoring infrastructure. @@ -185,12 +27,12 @@ If you are unsure which method aligns with your infrastructure, we recommend rev You need root user privileges to execute the commands below. Certificates creation -^^^^^^^^^^^^^^^^^^^^^ +--------------------- Perform the outlined steps on your existing Wazuh indexer node to generate the certificates required for secure communication among the Wazuh central components. All-in-one deployment -~~~~~~~~~~~~~~~~~~~~~ +^^^^^^^^^^^^^^^^^^^^^ We recommend creating entirely new certificates for your Wazuh indexer nodes. Perform the following steps to create new certificates. @@ -240,7 +82,7 @@ We recommend creating entirely new certificates for your Wazuh indexer nodes. Pe This will copy the certificates to the home directory of the logged-in user on the target system. You can change this to specify a path to your installation directory. Distributed deployment -~~~~~~~~~~~~~~~~~~~~~~ +^^^^^^^^^^^^^^^^^^^^^^ We recommend you utilize pre-existing root CA keys to generate certificates for new nodes. @@ -337,12 +179,12 @@ Perform the steps below on one indexer node only. This will copy the certificates to the home directory of the logged-in user on the target system. You can change this to specify a path to your installation directory. Configuring existing components to connect with the new node -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +------------------------------------------------------------ In this section, we configure the Wazuh components of your existing deployment to connect and communicate with the new Wazuh indexer node. All-in-one deployment -~~~~~~~~~~~~~~~~~~~~~ +^^^^^^^^^^^^^^^^^^^^^ #. Create a file, ``env_variables.sh``, in the ``/root`` directory of the existing node where you define your environment variables as follows: @@ -465,7 +307,7 @@ All-in-one deployment # service wazuh-dashboard restart Distributed deployment -~~~~~~~~~~~~~~~~~~~~~~ +^^^^^^^^^^^^^^^^^^^^^^ #. Edit the indexer configuration file at ``/etc/wazuh-indexer/opensearch.yml`` to include the new node(s) as follows. Uncomment or add more lines, according to your ``/root/config.yml`` definitions. Create the ``discovery.seed_hosts`` section if it doesn’t exist: @@ -608,7 +450,7 @@ Distributed deployment # service wazuh-dashboard restart Wazuh indexer node(s) installation -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +---------------------------------- Once the certificates have been created and copied to the new node(s), you can now proceed with installing the Wazuh indexer node. Follow the steps below to install the new Wazuh indexer node(s). @@ -690,7 +532,7 @@ Once the certificates have been created and copied to the new node(s), you can n # apt-get -y install wazuh-indexer Configuring the Wazuh indexer -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Edit the ``/etc/wazuh-indexer/opensearch.yml`` configuration file and replace the following values: @@ -724,7 +566,7 @@ Edit the ``/etc/wazuh-indexer/opensearch.yml`` configuration file and replace th - "CN=,OU=Wazuh,O=Wazuh,L=California,C=US" Deploying certificates -~~~~~~~~~~~~~~~~~~~~~~ +^^^^^^^^^^^^^^^^^^^^^^ Execute the following commands in the directory where the ``wazuh-certificates.tar`` file was copied to, replacing ```` with the name of the Wazuh indexer node you are configuring as defined in ``/root/config``.yml. For example, ``node-1``. This deploys the SSL certificates to encrypt communications between the Wazuh central components: @@ -749,7 +591,7 @@ Execute the following commands in the directory where the ``wazuh-certificates.t # rm -f ./wazuh-certificates.tar Starting the service -~~~~~~~~~~~~~~~~~~~~ +^^^^^^^^^^^^^^^^^^^^ Run the following commands to start the Wazuh indexer service: @@ -780,7 +622,7 @@ Run the following commands to start the Wazuh indexer service: # service wazuh-indexer start Cluster initialization -^^^^^^^^^^^^^^^^^^^^^^ +---------------------- #. Run the Wazuh indexer ``indexer-security-init.sh`` script on any Wazuh indexer node to load the new certificate information and start the cluster: @@ -834,7 +676,7 @@ Cluster initialization version: 7.10.2 Testing the cluster -^^^^^^^^^^^^^^^^^^^ +------------------- After completing the above steps, you can proceed to test your cluster and ensure that the indexer node has been successfully added. There are two possible methods to do this: @@ -844,7 +686,7 @@ After completing the above steps, you can proceed to test your cluster and ensur :backlinks: none Using the securityadmin script -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The ``securityadmin`` script helps configure and manage the security settings of OpenSearch. The script lets you load, backup, restore, and migrate the security configuration files to the Wazuh indexer cluster. @@ -900,7 +742,7 @@ The output should be similar to the one below. It should show the number of Wazu Done with success Using the Wazuh indexer API -~~~~~~~~~~~~~~~~~~~~~~~~~~~ +^^^^^^^^^^^^^^^^^^^^^^^^^^^ You can also get information about the number of nodes in the cluster by using the Wazuh indexer API. @@ -949,64 +791,3 @@ You can access the Wazuh dashboard with your credentials. After the above steps are completed, your new node(s) will now be part of your cluster and your infrastructure distributed. -Cluster management ------------------- - -Using the Wazuh indexer API -^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Perform the following cluster management queries on the Wazuh dashboard console by navigating to **Indexer management** > **Dev Tools**. - -- Check the general Wazuh indexer cluster health: - - .. code-block:: none - - GET _cluster/health - -- To check cluster health based on awareness attribute, use the following: - - .. code-block:: none - - GET _cluster/health?level=awareness_attributes - -- To check the cluster health based on a specific index, use the following: - - .. code-block:: none - - GET _cluster/health/ - -- List all Wazuh indexer nodes and their roles: - - .. code-block:: none - - GET _cat/nodes - -- Check the Wazuh indexer node where an index is stored: - - .. code-block:: none - - GET _cat/shards/wazuh-alerts-*?v - -- Check ISM policy for an index pattern: - - .. code-block:: none - - GET _opendistro/_ism/explain/wazuh-alerts-* - -- Check statistics about the Wazuh indexer cluster: - - .. code-block:: none - - GET _cluster/stats/nodes/* - -- Check storage allocation. This can be used to determine if the Wazuh indexer node is full. If the indexer node is full, implement the :doc:`index lifecycle management ` to free up old indices. - - .. code-block:: none - - GET _cat/allocation?v&s=node - -- Check Wazuh indexer node attributes: - - .. code-block:: none - - GET _cat/nodeattrs?v&h=node,attr,value diff --git a/source/user-manual/wazuh-indexer-cluster/certificate-deployment.rst b/source/user-manual/wazuh-indexer-cluster/certificate-deployment.rst new file mode 100644 index 0000000000..d9973aca05 --- /dev/null +++ b/source/user-manual/wazuh-indexer-cluster/certificate-deployment.rst @@ -0,0 +1,150 @@ +.. Copyright (C) 2015, Wazuh, Inc. + +.. meta:: + :description:: This section covers deploying certificates to secure communication between Wazuh components. + +Certificates deployment +======================= + +Wazuh uses certificates to establish trust and confidentiality between its central components - the Wazuh indexer, the Wazuh dashboard, and Filebeat. Certificates are deployed for new installation of Wazuh or during upscaling of Wazuh central components. The required certificates are: + +- **Root CA certificate**: The root CA (Certificate Authority) certificate acts as the foundation of trust for a security ecosystem. It is used to authenticate the identity of all nodes within the system and to sign other certificates, thereby establishing a chain of trust. +- **Node certificates**: Node certificates uniquely identify each node within the Wazuh cluster. They are used to encrypt and authenticate communications between the nodes. + + Each node certificate must include either the IP address or the DNS name of the node. This is important for the verification process during communications, ensuring that the data is indeed being sent to and received from trusted nodes. These certificates, signed by the root CA, ensure that any communication between the nodes is trusted and verified through this central authority. + +- **Admin certificate**: The admin certificate is a client certificate with special privileges. The Wazuh indexer uses it to perform management and security-related tasks such as initializing and managing the Wazuh indexer cluster, creating, modifying, and deleting users, as well as managing roles and permissions. It also helps ensure that only authorized commands are executed within the cluster. + +You can deploy certificates using two methods: + +.. contents:: + :local: + :depth: 1 + :backlinks: none + +Using the ``wazuh-certs-tool.sh`` script (default method) +--------------------------------------------------------- + +The ``wazuh-certs-tool.sh`` script simplifies certificate generation for Wazuh central components and creates all the certificates required for installation. You need to create or edit the configuration file ``config.yml``. This file references the node details like node types and IP addresses or DNS names which are used to generate certificates for each of the nodes specified in it. A template could be downloaded from `our repository `__. These certificates are created with the following additional information: + +- ``C``: US +- ``L``: California +- ``O``: Wazuh +- ``OU``: Wazuh +- ``CN``: Name of the node + +Generating Wazuh indexer certificates +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Follow the steps below to create Wazuh indexer certificates using the ``wazuh-certs-tool.sh`` script: + +#. Run the command below to download the `wazuh-certs-tool.sh `__ script in your installation directory: + + .. code-block:: console + + # wget https://packages.wazuh.com/|WAZUH_CURRENT_MINOR|/wazuh-certs-tool.sh + +#. Create a ``config.yml`` file with the following content. We specify only the details regarding the Wazuh indexer nodes as we are focusing on creating certificates for the Wazuh indexer. + + .. code-block:: yaml + :emphasize-lines: 5 + + nodes: + # Wazuh indexer nodes + indexer: + - name: node-1 + ip: "" + #- name: node-2 + # ip: "" + #- name: node-3 + # ip: "" + + Where: + + - ``name`` represents a unique node name. You can choose any. + - ``ip`` represents the IP address or DNS name of the node. + +#. Run the script to create the Wazuh indexer certificates: + + .. code-block:: console + + # bash wazuh-certs-tool.sh -A + + After deploying the certificates, a directory ``wazuh-certificates`` will be created in the installation directory with the following content: + + .. code-block:: none + + wazuh-certificates/ + ├── admin-key.pem + ├── admin.pem + ├── root-ca.key + ├── root-ca.pem + ├── node-1-key.pem + └── node-1.pem + + The files in this directory are as follows: + + - ``root-ca.pem`` and ``root-ca.key``: These files represent the root Certificate Authority (CA). The ``.pem`` file contains the public certificate, while the ``.key`` file holds the private key used for signing other certificates. + + .. note:: + + If you are deploying a complete Wazuh infrastructure and deploying certificates for the first time you need to conserve the root CA certificate. This will be used to create and sign certificates for the Wazuh server and Wazuh dashboard nodes. + + - ``admin.pem`` and ``admin-key.pem``: These files contain the public and private keys used by the Wazuh indexer to perform management and security-related tasks such as initializing the Wazuh indexer cluster, creating and managing users and roles. + - ``node-1.pem`` and ``node-1-key.pem``: The ``node-1.pem`` file contains the public key, which is distributed and trusted by other Wazuh components to authenticate the indexer node. Conversely, the ``node-1-key.pem`` file holds the private key, which is kept securely on the Wazuh indexer and used for authentication and encryption in communication with other Wazuh components. + + In a clustered environment comprising two or more Wazuh indexer nodes, unique pairs of public and private keys are generated for each node. These keys are specific to the node and are identified by the names defined in the ``name`` field of the ``config.yml`` file. These key pairs must then be transferred to their corresponding nodes. + +#. Once the certificates are created, you need to rename and move the Wazuh indexer certificate to the appropriate Wazuh indexer nodes respectively. You need to place them in the default directory ``/etc/wazuh-indexer/certs/`` as referenced in the file ``/etc/wazuh-indexer/opensearch.yml``. You should create the directory if it doesn’t exist. + + .. code-block:: console + + # mv /path/to/node-1-key.pem /etc/wazuh-indexer/certs/indexer-key.pem + # mv /path/to/node-1.pem /etc/wazuh-indexer/certs/indexer.pem + +Generating Wazuh indexer certificates using the pre-existing root CA +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Wazuh also gives the ability to create and sign the admin and node(s) certificates using a pre-existing root CA. It avoids having to recreate certificates for all the nodes. + +.. note:: + + You need to use a pre-existing root CA to create Wazuh indexer certificates: + + - If you already have a root CA after generating certificates for the :ref:`Wazuh server ` or :doc:`Wazuh dashboard ` nodes. + - If you need to re-install a Wazuh indexer node or add a new node to your Wazuh indexer cluster. + +#. Create a ``config.yml`` file. You must specify the details for only the Wazuh indexer node(s) you want to create certificates for, depending on the cases described in the note above. +#. Run the command below to create Wazuh indexer certificates from the ``config.yml`` file using the pre-existing root CA keys: + + .. code-block:: console + + # bash wazuh-certs-tool.sh -wi /path/to/root-ca.pem /path/to/root-ca.key + + Where: + + - The flag ``-wi`` indicates we are creating Wazuh indexer certificates. + - The file ``/path/to/root-ca.pem`` contains the root CA certificate. + - The file ``/path/to/root-ca.key`` contains the root CA key. + + After deploying the certificates, a directory ``wazuh-certificates`` will be created in the installation directory with content similar to the one below: + + .. code-block:: none + + wazuh-certificates/ + ├── admin-key.pem + ├── admin.pem + ├── node-1-key.pem + └── node-1.pem + +#. Once the certificates are created, you need to rename and move the Wazuh indexer certificate to the appropriate Wazuh indexer nodes respectively. You need to place them in the default directory ``/etc/wazuh-indexer/certs/`` as referenced in the file ``/etc/wazuh-indexer/opensearch.yml``. You should create the directory if it doesn’t exist. + + .. code-block:: console + + # mv /path/to/node-1-key.pem /etc/wazuh-indexer/certs/indexer-key.pem + # mv /path/to/node-1.pem /etc/wazuh-indexer/certs/indexer.pem + +Using custom certificates +------------------------- + +Custom certificates can be created using tools like OpenSSL. You must create the root CA, node, and admin certificates described above. diff --git a/source/user-manual/wazuh-indexer-cluster/cluster-management.rst b/source/user-manual/wazuh-indexer-cluster/cluster-management.rst new file mode 100644 index 0000000000..0b34838c5c --- /dev/null +++ b/source/user-manual/wazuh-indexer-cluster/cluster-management.rst @@ -0,0 +1,66 @@ +.. Copyright (C) 2015, Wazuh, Inc. + +.. meta:: + :description: This section covers cluster management including health checks and node details. + +Cluster management +================== + +Using the Wazuh indexer API +--------------------------- + +Perform the following cluster management queries on the Wazuh dashboard console by navigating to **Indexer management** > **Dev Tools**. + +- Check the general Wazuh indexer cluster health: + + .. code-block:: none + + GET _cluster/health + +- To check cluster health based on awareness attribute, use the following: + + .. code-block:: none + + GET _cluster/health?level=awareness_attributes + +- To check the cluster health based on a specific index, use the following: + + .. code-block:: none + + GET _cluster/health/ + +- List all Wazuh indexer nodes and their roles: + + .. code-block:: none + + GET _cat/nodes + +- Check the Wazuh indexer node where an index is stored: + + .. code-block:: none + + GET _cat/shards/wazuh-alerts-*?v + +- Check ISM policy for an index pattern: + + .. code-block:: none + + GET _opendistro/_ism/explain/wazuh-alerts-* + +- Check statistics about the Wazuh indexer cluster: + + .. code-block:: none + + GET _cluster/stats/nodes/* + +- Check storage allocation. This can be used to determine if the Wazuh indexer node is full. If the indexer node is full, implement the :doc:`index lifecycle management ` to free up old indices. + + .. code-block:: none + + GET _cat/allocation?v&s=node + +- Check Wazuh indexer node attributes: + + .. code-block:: none + + GET _cat/nodeattrs?v&h=node,attr,value diff --git a/source/user-manual/wazuh-indexer/index-life-management.rst b/source/user-manual/wazuh-indexer-cluster/index-lifecycle-management.rst similarity index 99% rename from source/user-manual/wazuh-indexer/index-life-management.rst rename to source/user-manual/wazuh-indexer-cluster/index-lifecycle-management.rst index 21e1cc6244..0b117a5959 100644 --- a/source/user-manual/wazuh-indexer/index-life-management.rst +++ b/source/user-manual/wazuh-indexer-cluster/index-lifecycle-management.rst @@ -1,4 +1,4 @@ -.. Copyright (C) 2015, Wazuh, Inc. +.. Copyright (C) 2015, Wazuh, Inc. .. meta:: :description: Learn how to define index management policies in this section of the documentation. diff --git a/source/user-manual/wazuh-indexer-cluster/index.rst b/source/user-manual/wazuh-indexer-cluster/index.rst new file mode 100644 index 0000000000..bf88b880f5 --- /dev/null +++ b/source/user-manual/wazuh-indexer-cluster/index.rst @@ -0,0 +1,22 @@ +.. Copyright (C) 2015, Wazuh, Inc. + +.. meta:: + :description: This section provides information about the Wazuh indexer cluster. + +Wazuh indexer cluster +===================== + +The Wazuh indexer cluster consists of multiple Wazuh indexer nodes. + +Deploying the Wazuh indexer as a cluster helps to provide horizontal scalability, high availability, and improved performance. + +.. topic:: Contents + + .. toctree:: + :titlesonly: + + certificate-deployment + add-wazuh-indexer-nodes + wazuh-indexer-cluster-tuning + index-lifecycle-management + cluster-management \ No newline at end of file diff --git a/source/user-manual/wazuh-indexer-cluster/wazuh-indexer-cluster-tuning.rst b/source/user-manual/wazuh-indexer-cluster/wazuh-indexer-cluster-tuning.rst new file mode 100644 index 0000000000..6dc497d10a --- /dev/null +++ b/source/user-manual/wazuh-indexer-cluster/wazuh-indexer-cluster-tuning.rst @@ -0,0 +1,146 @@ +.. Copyright (C) 2015, Wazuh, Inc. + +.. meta:: + :description: Learn how to change settings to optimize the Wazuh indexer cluster performance in this section of the documentation. + +Wazuh indexer cluster tuning +============================ + +This guide shows how to change settings to optimize the Wazuh indexer cluster performance. To change the Wazuh indexer password, see the :doc:`Password management ` section. + +.. contents:: + :local: + :depth: 1 + :backlinks: none + +Configure shard allocation awareness or forced awareness +-------------------------------------------------------- + +This is most applicable in cases where the Wazuh indexer nodes are spread across geographically dispersed zones. + +To configure awareness, add zone attributes to the ``/etc/wazuh-indexer/opensearch.yml`` file on the Wazuh indexer nodes for the different zones. + +For example: You have two zones named zone A and B. You will add the following configuration to the ``/etc/wazuh-indexer/opensearch.yml`` file on each Wazuh indexer node in zone A and B respectively: + +.. code-block:: yaml + + node.attr.zone: zoneA + +.. code-block:: yaml + + node.attr.zone: zoneB + +Allocation awareness is best used if storage on the Wazuh indexer nodes in zone A and zone B is less than 50% utilized. This allows for adequate storage capacity to allocate replicas in the zone. + +Forced awareness is an option if Wazuh indexer nodes in both zone A and B lack sufficient capacity to store all primary and replica shards. This ensures that if there's a zone failure, the Wazuh indexer won't overwhelm your remaining zone, preventing your cluster from being locked due to storage shortage. + +Choosing allocation awareness or forced awareness depends on how much space you have in each zone to balance your primary and replica shards. + +Shard allocation awareness +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Shard allocation awareness attempts to spread primary and replica shards across multiple zones. It is used to allocate a replica shard to a zone different from its primary zone. + +In the event of node failure within a zone, you can be rest assured that your replica shards are distributed among your remaining zones. This enhances fault tolerance, safeguarding your data against zone failures and individual node failures. + +To configure shard allocation awareness, update the cluster settings: + +.. code-block:: none + + PUT _cluster/settings + { + "persistent": { + "cluster.routing.allocation.awareness.attributes": "zone" + } + } + +You can either use ``persistent`` or ``transient`` settings. We recommend using the ``persistent`` setting because it persists through a cluster reboot. The ``transient`` setting does not persist through a cluster reboot. + +.. note:: + + If only one zone is available (such as after zone failures), the Wazuh indexer allocates replica shards to the only remaining zone. + +Forced awareness +^^^^^^^^^^^^^^^^^ + +Using the forced awareness implies that primary and replica shards are never allocated to the same zone. + +To configure forced awareness, specify all the possible values for your zone attributes: + +.. code-block:: none + :emphasize-lines: 5 + + PUT _cluster/settings + { + "persistent": { + "cluster.routing.allocation.awareness.attributes": "zone", + "cluster.routing.allocation.awareness.force.zone.values":["zoneA", "zoneB"] + } + } + +In case there are other zones, add the other zones to the ``cluster.routing.allocation.awareness.force.zone.values`` field. + +.. warning:: + + If a node fails, forced awareness does not allocate the replicas to another node in the same zone. Instead, the cluster enters a yellow state and only allocates the replicas when nodes in the other zone(s) come online. + +Allocation filtering +^^^^^^^^^^^^^^^^^^^^^ + +This allows a node to be excluded from shard allocation. A common use case is when you want to decommission a node within a zone. + +To move shards off a node before decommissioning it, create a filter that excludes the node using its IP address. This will move all shards allocated to that node before it is shut down. You can also use a wildcard ``*`` in a situation where there are more than one node within an IP range to be decommissioned. + +.. code-block:: none + :emphasize-lines: 4 + + PUT _cluster/settings + { + "persistent": { + "cluster.routing.allocation.exclude._ip": "192.168.0.*" + } + } + +Set node attributes for each node in a cluster +---------------------------------------------- + +By default, each Wazuh indexer node is a master-eligible, data, ingest, and coordinating node. Deciding on the number of nodes, assigning node types, and choosing the hardware for each node type depends on your use case. + +Cluster manager nodes +^^^^^^^^^^^^^^^^^^^^^ + +Cluster manager nodes manage all cluster-wide configurations and modifications, including adding, removing, and allocating shards to nodes, as well as generating and deleting indices and fields. + +A distributed consensus technique is used to elect a single cluster-manager node from among the cluster-manager eligible nodes. This cluster-manager node is reelected in the event that the incumbent node fails. + +You can specify that a Wazuh indexer node is the cluster manager node, even though this is already done by default. + +Set a Wazuh indexer node role to ``cluster_manager`` by adding the following configuration to the ``/etc/wazuh-indexer/opensearch.yml`` file: + +.. code-block:: yaml + + node.roles: [ cluster_manager ] + +Data nodes +^^^^^^^^^^ + +The data node is responsible for storing and searching data. It performs all data related operations (indexing, searching, aggregating) on local shards. These are the worker nodes of your Wazuh indexer cluster and need more disk space than any other node type. + +Set a Wazuh indexer node role as a data node by adding the following configuration to the ``/etc/wazuh-indexer/opensearch.yml`` file: + +.. code-block:: yaml + + node.roles: [ data, ingest ] + +As you add data nodes it is important to keep them balanced between zones. For example, if you have three zones, add a data node for each zone. We recommend using storage and RAM-heavy nodes. + +Coordinating nodes +^^^^^^^^^^^^^^^^^^ + +The coordinating node delegates client requests to the shards on the data nodes, collects and aggregates the results into one final result, and sends it back to the Wazuh dashboard. + +Every node is a coordinating node by default, however to make a node a dedicated coordinating node, set ``node.roles`` to an empty list: + +.. code-block:: yaml + + node.roles: [] diff --git a/source/user-manual/wazuh-indexer/index.rst b/source/user-manual/wazuh-indexer/index.rst index 11591bbc26..8f723e3c02 100644 --- a/source/user-manual/wazuh-indexer/index.rst +++ b/source/user-manual/wazuh-indexer/index.rst @@ -19,6 +19,5 @@ The Wazuh indexer can be configured as a single-node or multi-node cluster, prov wazuh-indexer-indices re-indexing - index-life-management wazuh-indexer-tuning migrating-wazuh-indices diff --git a/source/user-manual/wazuh-indexer/wazuh-indexer-tuning.rst b/source/user-manual/wazuh-indexer/wazuh-indexer-tuning.rst index 892958cca9..88117c608a 100644 --- a/source/user-manual/wazuh-indexer/wazuh-indexer-tuning.rst +++ b/source/user-manual/wazuh-indexer/wazuh-indexer-tuning.rst @@ -1,7 +1,7 @@ .. Copyright (C) 2015, Wazuh, Inc. .. meta:: - :description: Learn how to change settings to optimize the Wazuh indexer performance in this section of te documentation. + :description: Learn how to change settings to optimize the Wazuh indexer performance in this section of the documentation. Wazuh indexer tuning ==================== @@ -242,135 +242,3 @@ The number of replicas can be changed dynamically using the Wazuh indexer API. I } } }' - -Configure shard allocation awareness or forced awareness --------------------------------------------------------- - -This is most applicable in cases where the Wazuh indexer nodes are spread across geographically dispersed zones. - -To configure awareness, add zone attributes to the ``/etc/wazuh-indexer/opensearch.yml`` file on the Wazuh indexer nodes for the different zones. - -For example: You have two zones named zone A and B. You will add the following configuration to the ``/etc/wazuh-indexer/opensearch.yml`` file on each Wazuh indexer node in zone A and B respectively: - -.. code-block:: yaml - - node.attr.zone: zoneA - -.. code-block:: yaml - - node.attr.zone: zoneB - -Allocation awareness is best used if storage on the Wazuh indexer nodes in zone A and zone B is less than 50% utilized. This allows for adequate storage capacity to allocate replicas in the zone. - -Forced awareness is an option if Wazuh indexer nodes in both zone A and B lack sufficient capacity to store all primary and replica shards. This ensures that if there's a zone failure, the Wazuh indexer won't overwhelm your remaining zone, preventing your cluster from being locked due to storage shortage. - -Choosing allocation awareness or forced awareness depends on how much space you have in each zone to balance your primary and replica shards. - -Shard allocation awareness -^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Shard allocation awareness attempts to spread primary and replica shards across multiple zones. It is used to allocate a replica shard to a zone different from its primary zone. - -In the event of node failure within a zone, you can be rest assured that your replica shards are distributed among your remaining zones. This enhances fault tolerance, safeguarding your data against zone failures and individual node failures. - -To configure shard allocation awareness, update the cluster settings: - -.. code-block:: none - - PUT _cluster/settings - { - "persistent": { - "cluster.routing.allocation.awareness.attributes": "zone" - } - } - -You can either use ``persistent`` or ``transient`` settings. We recommend using the ``persistent`` setting because it persists through a cluster reboot. The ``transient`` setting does not persist through a cluster reboot. - -.. note:: - - If only one zone is available (such as after zone failures), the Wazuh indexer allocates replica shards to the only remaining zone. - -Forced awareness -^^^^^^^^^^^^^^^^^ - -Using the forced awareness implies that primary and replica shards are never allocated to the same zone. - -To configure forced awareness, specify all the possible values for your zone attributes: - -.. code-block:: none - :emphasize-lines: 5 - - PUT _cluster/settings - { - "persistent": { - "cluster.routing.allocation.awareness.attributes": "zone", - "cluster.routing.allocation.awareness.force.zone.values":["zoneA", "zoneB"] - } - } - -In case there are other zones, add the other zones to the ``cluster.routing.allocation.awareness.force.zone.values`` field. - -.. warning:: - - If a node fails, forced awareness does not allocate the replicas to another node in the same zone. Instead, the cluster enters a yellow state and only allocates the replicas when nodes in the other zone(s) come online. - -Allocation filtering -^^^^^^^^^^^^^^^^^^^^^ - -This allows a node to be excluded from shard allocation. A common use case is when you want to decommission a node within a zone. - -To move shards off a node before decommissioning it, create a filter that excludes the node using its IP address. This will move all shards allocated to that node before it is shut down. You can also use a wildcard ``*`` in a situation where there are more than one node within an IP range to be decommissioned. - -.. code-block:: none - :emphasize-lines: 4 - - PUT _cluster/settings - { - "persistent": { - "cluster.routing.allocation.exclude._ip": "192.168.0.*" - } - } - -Set node attributes for each node in a cluster ----------------------------------------------- - -By default, each Wazuh indexer node is a master-eligible, data, ingest, and coordinating node. Deciding on the number of nodes, assigning node types, and choosing the hardware for each node type depends on your use case. - -Cluster manager nodes -^^^^^^^^^^^^^^^^^^^^^ - -Cluster manager nodes manage all cluster-wide configurations and modifications, including adding, removing, and allocating shards to nodes, as well as generating and deleting indices and fields. - -A distributed consensus technique is used to elect a single cluster-manager node from among the cluster-manager eligible nodes. This cluster-manager node is reelected in the event that the incumbent node fails. - -You can specify that a Wazuh indexer node is the cluster manager node, even though this is already done by default. - -Set a Wazuh indexer node role to ``cluster_manager`` by adding the following configuration to the ``/etc/wazuh-indexer/opensearch.yml`` file: - -.. code-block:: yaml - - node.roles: [ cluster_manager ] - -Data nodes -^^^^^^^^^^ - -The data node is responsible for storing and searching data. It performs all data related operations (indexing, searching, aggregating) on local shards. These are the worker nodes of your Wazuh indexer cluster and need more disk space than any other node type. - -Set a Wazuh indexer node role as a data node by adding the following configuration to the ``/etc/wazuh-indexer/opensearch.yml`` file: - -.. code-block:: yaml - - node.roles: [ data, ingest ] - -As you add data nodes it is important to keep them balanced between zones. For example, if you have three zones, add a data node for each zone. We recommend using storage and RAM-heavy nodes. - -Coordinating nodes -^^^^^^^^^^^^^^^^^^ - -The coordinating node delegates client requests to the shards on the data nodes, collects and aggregates the results into one final result, and sends it back to the Wazuh dashboard. - -Every node is a coordinating node by default, however to make a node a dedicated coordinating node, set ``node.roles`` to an empty list: - -.. code-block:: yaml - - node.roles: [] From 7be7c7a9d553450db61573c986330cfa3ef26fdc Mon Sep 17 00:00:00 2001 From: Javier Medeot Date: Tue, 14 Jan 2025 12:01:18 -0300 Subject: [PATCH 2/2] Add changes from review --- source/_static/js/redirects.js | 47 +++++++++++++++++++ .../your-environment/settings.rst | 2 +- .../wazuh-indexer/step-by-step.rst | 2 +- .../add-wazuh-indexer-nodes.rst | 2 +- .../certificate-deployment.rst | 2 +- .../cluster-management.rst | 4 +- .../index-lifecycle-management.rst | 2 +- .../wazuh-indexer-cluster/index.rst | 22 ++++----- .../wazuh-indexer-cluster-tuning.rst | 2 +- source/user-manual/wazuh-server-cluster.rst | 2 +- 10 files changed, 66 insertions(+), 21 deletions(-) diff --git a/source/_static/js/redirects.js b/source/_static/js/redirects.js index 16b484280b..15db779cf0 100644 --- a/source/_static/js/redirects.js +++ b/source/_static/js/redirects.js @@ -66,6 +66,46 @@ removedUrls['x.y'] = [ /* *** RELEASE 4.10 ****/ +/* Redirections from 4.9 to 4.10 */ + +redirections.push( + { + 'target': ['4.9=>4.10', '4.10=>4.9'], + '4.9': '/user-manual/wazuh-indexer-cluster.html', + '4.10': '/user-manual/wazuh-indexer-cluster/index.html', + }, + { + 'target': ['4.9=>4.10', '4.10=>4.9'], + '4.9': '/user-manual/wazuh-indexer-cluster.html#certificates-deployment', + '4.10': '/user-manual/wazuh-indexer-cluster/certificate-deployment.html', + }, + { + 'target': ['4.9=>4.10', '4.10=>4.9'], + '4.9': '/user-manual/wazuh-indexer-cluster.html#adding-wazuh-indexer-nodes', + '4.10': '/user-manual/wazuh-indexer-cluster/add-wazuh-indexer-nodes.html', + }, + { + 'target': ['4.9=>4.10', '4.10=>4.9'], + '4.9': '/user-manual/wazuh-indexer-cluster.html#cluster-management', + '4.10': '/user-manual/wazuh-indexer-cluster/cluster-management.html', + }, + { + 'target': ['4.9=>4.10', '4.10=>4.9'], + '4.9': '/user-manual/wazuh-indexer/index-life-management.html', + '4.10': '/user-manual/wazuh-indexer-cluster/index-lifecycle-management.html', + }, + { + 'target': ['4.9=>4.10', '4.10=>4.9'], + '4.9': '/user-manual/wazuh-indexer/wazuh-indexer-tuning.html#configure-shard-allocation-awareness-or-forced-awareness', + '4.10': '/user-manual/wazuh-indexer-cluster/wazuh-indexer-cluster-tuning.html#configure-shard-allocation-awareness-or-forced-awareness', + }, + { + 'target': ['4.9=>4.10', '4.10=>4.9'], + '4.9': '/user-manual/wazuh-indexer/wazuh-indexer-tuning.html#set-node-attributes-for-each-node-in-a-cluster', + '4.10': '/user-manual/wazuh-indexer-cluster/wazuh-indexer-cluster-tuning.html#set-node-attributes-for-each-node-in-a-cluster', + }, +); + /* Pages added in 4.10 */ newUrls['4.10'] = [ '/release-notes/release-4-10-0.html', @@ -81,6 +121,13 @@ newUrls['4.10'] = [ '/user-manual/wazuh-indexer-cluster/cluster-management.html', ] +/* Pages no longer available in 4.10 */ + +removedUrls['4.10'] = [ + '/user-manual/wazuh-indexer-cluster.html', + '/user-manual/wazuh-indexer/index-life-management.html', +]; + /* *** RELEASE 4.9 ****/ /* Redirections from 4.8 to 4.9 */ diff --git a/source/cloud-service/your-environment/settings.rst b/source/cloud-service/your-environment/settings.rst index 79b4952e44..aa14a7e334 100644 --- a/source/cloud-service/your-environment/settings.rst +++ b/source/cloud-service/your-environment/settings.rst @@ -37,7 +37,7 @@ Two settings define the behavior of the indexed data: Data remains indexed until either the indexed data retention or the indexed data capacity is reached. In other words, once either of the settings' values is reached, data rotation will occur (removing the oldest data) until the settings' conditions are met. -To configure index management policies, see :doc:`Index life management ` documentation. +To configure index management policies, see :doc:`/user-manual/wazuh-indexer-cluster/index-lifecycle-management` documentation. .. _cloud_settings_archive_data: diff --git a/source/installation-guide/wazuh-indexer/step-by-step.rst b/source/installation-guide/wazuh-indexer/step-by-step.rst index 66597db5ee..38421a3f46 100644 --- a/source/installation-guide/wazuh-indexer/step-by-step.rst +++ b/source/installation-guide/wazuh-indexer/step-by-step.rst @@ -71,7 +71,7 @@ Generating the SSL certificates ip: "" - To learn more about how to create and configure the certificates, see the :ref:`certificates_deployment` section. + To learn more about how to create and configure the certificates, see the :doc:`/user-manual/wazuh-indexer-cluster/certificate-deployment` section. #. Run ``./wazuh-certs-tool.sh`` to create the certificates. For a multi-node cluster, these certificates need to be later deployed to all Wazuh instances in your cluster. diff --git a/source/user-manual/wazuh-indexer-cluster/add-wazuh-indexer-nodes.rst b/source/user-manual/wazuh-indexer-cluster/add-wazuh-indexer-nodes.rst index dfa6caed51..197a8b5dc6 100644 --- a/source/user-manual/wazuh-indexer-cluster/add-wazuh-indexer-nodes.rst +++ b/source/user-manual/wazuh-indexer-cluster/add-wazuh-indexer-nodes.rst @@ -1,4 +1,4 @@ -.. Copyright (C) 2015, Wazuh, Inc. +.. Copyright (C) 2015, Wazuh, Inc. .. meta:: :description: This section covers adding Wazuh indexer nodes to increase capacity and resilience. diff --git a/source/user-manual/wazuh-indexer-cluster/certificate-deployment.rst b/source/user-manual/wazuh-indexer-cluster/certificate-deployment.rst index d9973aca05..900d5a4e84 100644 --- a/source/user-manual/wazuh-indexer-cluster/certificate-deployment.rst +++ b/source/user-manual/wazuh-indexer-cluster/certificate-deployment.rst @@ -1,4 +1,4 @@ -.. Copyright (C) 2015, Wazuh, Inc. +.. Copyright (C) 2015, Wazuh, Inc. .. meta:: :description:: This section covers deploying certificates to secure communication between Wazuh components. diff --git a/source/user-manual/wazuh-indexer-cluster/cluster-management.rst b/source/user-manual/wazuh-indexer-cluster/cluster-management.rst index 0b34838c5c..d654f2ac7e 100644 --- a/source/user-manual/wazuh-indexer-cluster/cluster-management.rst +++ b/source/user-manual/wazuh-indexer-cluster/cluster-management.rst @@ -1,4 +1,4 @@ -.. Copyright (C) 2015, Wazuh, Inc. +.. Copyright (C) 2015, Wazuh, Inc. .. meta:: :description: This section covers cluster management including health checks and node details. @@ -53,7 +53,7 @@ Perform the following cluster management queries on the Wazuh dashboard console GET _cluster/stats/nodes/* -- Check storage allocation. This can be used to determine if the Wazuh indexer node is full. If the indexer node is full, implement the :doc:`index lifecycle management ` to free up old indices. +- Check storage allocation. This can be used to determine if the Wazuh indexer node is full. If the indexer node is full, implement the :doc:`index lifecycle management ` to free up old indices. .. code-block:: none diff --git a/source/user-manual/wazuh-indexer-cluster/index-lifecycle-management.rst b/source/user-manual/wazuh-indexer-cluster/index-lifecycle-management.rst index 0b117a5959..21e1cc6244 100644 --- a/source/user-manual/wazuh-indexer-cluster/index-lifecycle-management.rst +++ b/source/user-manual/wazuh-indexer-cluster/index-lifecycle-management.rst @@ -1,4 +1,4 @@ -.. Copyright (C) 2015, Wazuh, Inc. +.. Copyright (C) 2015, Wazuh, Inc. .. meta:: :description: Learn how to define index management policies in this section of the documentation. diff --git a/source/user-manual/wazuh-indexer-cluster/index.rst b/source/user-manual/wazuh-indexer-cluster/index.rst index bf88b880f5..b4f9847fca 100644 --- a/source/user-manual/wazuh-indexer-cluster/index.rst +++ b/source/user-manual/wazuh-indexer-cluster/index.rst @@ -1,4 +1,4 @@ -.. Copyright (C) 2015, Wazuh, Inc. +.. Copyright (C) 2015, Wazuh, Inc. .. meta:: :description: This section provides information about the Wazuh indexer cluster. @@ -6,17 +6,15 @@ Wazuh indexer cluster ===================== -The Wazuh indexer cluster consists of multiple Wazuh indexer nodes. +The Wazuh indexer cluster consists of multiple Wazuh indexer nodes. Deploying the Wazuh indexer as a cluster helps to provide horizontal scalability, high availability, and improved performance. -Deploying the Wazuh indexer as a cluster helps to provide horizontal scalability, high availability, and improved performance. +This section provides the following information about the Wazuh indexer cluster: -.. topic:: Contents +.. toctree:: + :titlesonly: - .. toctree:: - :titlesonly: - - certificate-deployment - add-wazuh-indexer-nodes - wazuh-indexer-cluster-tuning - index-lifecycle-management - cluster-management \ No newline at end of file + certificate-deployment + add-wazuh-indexer-nodes + wazuh-indexer-cluster-tuning + index-lifecycle-management + cluster-management \ No newline at end of file diff --git a/source/user-manual/wazuh-indexer-cluster/wazuh-indexer-cluster-tuning.rst b/source/user-manual/wazuh-indexer-cluster/wazuh-indexer-cluster-tuning.rst index 6dc497d10a..b11c90a8ca 100644 --- a/source/user-manual/wazuh-indexer-cluster/wazuh-indexer-cluster-tuning.rst +++ b/source/user-manual/wazuh-indexer-cluster/wazuh-indexer-cluster-tuning.rst @@ -1,4 +1,4 @@ -.. Copyright (C) 2015, Wazuh, Inc. +.. Copyright (C) 2015, Wazuh, Inc. .. meta:: :description: Learn how to change settings to optimize the Wazuh indexer cluster performance in this section of the documentation. diff --git a/source/user-manual/wazuh-server-cluster.rst b/source/user-manual/wazuh-server-cluster.rst index 363dde8606..207c13c19b 100644 --- a/source/user-manual/wazuh-server-cluster.rst +++ b/source/user-manual/wazuh-server-cluster.rst @@ -292,7 +292,7 @@ Wazuh also gives the ability to create and sign the admin and node(s) certificat You need to use a pre-existing root CA to create Wazuh server certificates: - - If you already have a root CA after generating certificates for the :ref:`Wazuh indexer ` or :doc:`Wazuh dashboard ` nodes. + - If you already have a root CA after generating certificates for the :doc:`Wazuh indexer ` or :doc:`Wazuh dashboard ` nodes. - If you need to re-install a Wazuh server node or add a new node to your Wazuh server cluster. #. Create a ``config.yml`` file. You must specify the details for only the Wazuh server node(s) you want to create certificates for, depending on the cases described in the note above.