Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

High Availability Wazuh-Opensearch in Kubernetes #491

Open
victorrodriguez1984 opened this issue Oct 19, 2023 · 1 comment
Open

High Availability Wazuh-Opensearch in Kubernetes #491

victorrodriguez1984 opened this issue Oct 19, 2023 · 1 comment

Comments

@victorrodriguez1984
Copy link

victorrodriguez1984 commented Oct 19, 2023
edited
Loading

Version: 4.4.5
Environment: Kubernetes self managed

Hello, I am renewing certs in wazuh kubernetes for opensearch and trying to provide HA to Opensearch from wazuh cluster, URL etc...

Everything works under "demo" domain and custom domain but I am having problem trying to provide HA to Opensearch Cluster.

Therefore I generated a LB service for 9200 and add new Certs with SAN cert domains

Basically Master and Workers are looking only in demo part for a single indexer and HA is not possible only trying to connecto to a wazuh-indexer-0...if this indexer is down all cluster is down.

Master and worker configs:
INDEXER_URL cannot be a List right, then LB is neccesary right?

            - name: INDEXER_URL
              # value: 'https://wazuh-indexer-0.wazuh-indexer:9200' # Default
              value: 'https://indexer.siem.svc.cluster.local:9200'  #LB Service
certificates
            - name: INDEXER_USERNAME
              valueFrom:
                secretKeyRef:
                  name: indexer-cred
                  key: username
            - name: INDEXER_PASSWORD
Opensearch.yaml config:
  opensearch.yml: |-
    cluster.name: ${CLUSTER_NAME}
    node.name: ${NODE_NAME}
    network.host: ${NETWORK_HOST}
    discovery.seed_hosts: 
       - wazuh-indexer-0.wazuh-indexer
       - wazuh-indexer-1.wazuh-indexer
    cluster.initial_master_nodes: 
       - wazuh-indexer-0
       - wazuh-indexer-1
    node.max_local_storage_nodes: "3"
    path.data: /var/lib/wazuh-indexer
    path.logs: /var/log/wazuh-indexer
    plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem
    plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem
    plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
    plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem
    plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem
    plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
    plugins.security.ssl.http.enabled: true
    plugins.security.ssl.transport.enforce_hostname_verification: false
    plugins.security.ssl.transport.resolve_hostname: false
    plugins.security.authcz.admin_dn:
      - CN=admin,O=ISCP,L=Madrid,C=ES
    plugins.security.check_snapshot_restore_write_privileges: true
    plugins.security.enable_snapshot_restore_privilege: true
    plugins.security.nodes_dn:
      - CN=*.wazuh-indexer,O=ISCP,L=Madrid,C=ES
      - CN=*.siem.svc.cluster.local,O=ISCP,L=Madrid,C=ES
      - CN=wazuh-indexer.x-siem.svc.cluster.local,O=ISCP,L=Madrid,C=ES     
    plugins.security.restapi.roles_enabled:
    - "all_access"
    - "security_rest_api_access"
    plugins.security.allow_default_init_securityindex: true
    cluster.routing.allocation.disk.threshold_enabled: false
    compatibility.override_main_response_version: true
Certificate info:
Certificate Information:
Common Name: *.wazuh-indexer
Subject Alternative Names: indexer.x-siem.svc.cluster.local, *.x-siem.svc.cluster.local
Organization: ISCP
Organization Unit: ISCP
Locality: Madrid
State: Spain
Country: ES
Valid From: October 18, 2023
Valid To: October 15, 2033
Issuer: root-ca, ISCP
Key Size: 2048 bit
Serial Number: 534e003402b49288f4ece89aa7d2c0766fa3ace6

Problem:
Master Cannot connect to Elasticsearch
Opensearch "Unkown Certificate"


Does anyone provide HA in Opensearch for Wazuh Kubernetes?
@victorrodriguez1984 victorrodriguez1984 changed the title High Availability Opensearch in Kubernetes High Availability Wazuh-Opensearch in Kubernetes Oct 19, 2023
@victorrodriguez1984
Copy link
Author

Any update or at least doc update providing Opensearch stack High Availability?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@victorrodriguez1984