Hello, I am renewing certs in wazuh kubernetes for opensearch and trying to provide HA to Opensearch from wazuh cluster, URL etc...
Everything works under "demo" domain and custom domain but I am having problem trying to provide HA to Opensearch Cluster.
Therefore I generated a LB service for 9200 and add new Certs with SAN cert domains
Basically Master and Workers are looking only in demo part for a single indexer and HA is not possible only trying to connecto to a wazuh-indexer-0...if this indexer is down all cluster is down.
Master and worker configs:
INDEXER_URL cannot be a List right, then LB is neccesary right?
- name: INDEXER_URL
# value: 'https://wazuh-indexer-0.wazuh-indexer:9200' # Default
value: 'https://indexer.siem.svc.cluster.local:9200' #LB Service
certificates
- name: INDEXER_USERNAME
valueFrom:
secretKeyRef:
name: indexer-cred
key: username
- name: INDEXER_PASSWORD
Opensearch.yaml config:
opensearch.yml: |-
cluster.name: ${CLUSTER_NAME}
node.name: ${NODE_NAME}
network.host: ${NETWORK_HOST}
discovery.seed_hosts:
- wazuh-indexer-0.wazuh-indexer
- wazuh-indexer-1.wazuh-indexer
cluster.initial_master_nodes:
- wazuh-indexer-0
- wazuh-indexer-1
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer
plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem
plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem
plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.authcz.admin_dn:
- CN=admin,O=ISCP,L=Madrid,C=ES
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- CN=*.wazuh-indexer,O=ISCP,L=Madrid,C=ES
- CN=*.siem.svc.cluster.local,O=ISCP,L=Madrid,C=ES
- CN=wazuh-indexer.x-siem.svc.cluster.local,O=ISCP,L=Madrid,C=ES
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
plugins.security.allow_default_init_securityindex: true
cluster.routing.allocation.disk.threshold_enabled: false
compatibility.override_main_response_version: true
Certificate info:
Certificate Information:
Common Name: *.wazuh-indexer
Subject Alternative Names: indexer.x-siem.svc.cluster.local, *.x-siem.svc.cluster.local
Organization: ISCP
Organization Unit: ISCP
Locality: Madrid
State: Spain
Country: ES
Valid From: October 18, 2023
Valid To: October 15, 2033
Issuer: root-ca, ISCP
Key Size: 2048 bit
Serial Number: 534e003402b49288f4ece89aa7d2c0766fa3ace6
Problem:
Master Cannot connect to Elasticsearch
Opensearch "Unkown Certificate"
Does anyone provide HA in Opensearch for Wazuh Kubernetes?
Version: 4.4.5 Environment: Kubernetes self managed
Hello, I am renewing certs in wazuh kubernetes for opensearch and trying to provide HA to Opensearch from wazuh cluster, URL etc...
Everything works under "demo" domain and custom domain but I am having problem trying to provide HA to Opensearch Cluster.
Therefore I generated a LB service for 9200 and add new Certs with SAN cert domains
Basically Master and Workers are looking only in demo part for a single indexer and HA is not possible only trying to connecto to a wazuh-indexer-0...if this indexer is down all cluster is down.
Master and worker configs: INDEXER_URL cannot be a List right, then LB is neccesary right?