wazuh-docker icon indicating copy to clipboard operation
wazuh-docker copied to clipboard

Published 20 hours ago verified publisher icon wazuh

Multi-Node deploy with multiple servers?

Open Beeez opened this issue 2 years ago • 3 comments

I am a bit confused with the deployment methods for Multi-node. Maybe it is just my understanding how a "node" or "cluster" is being defined, but from the looks of this docker-compose.yml and all of the documentation that goes along with the Multi-Node setup, this essentially will create just a single server/VM/Dockerhost with the dashboard, manager, 3 indexers and nginx, just 6 containers on one host.

The documentation states that this is high availability but if this docker host goes down, everything is down. When I read multi-node or cluster I am imagining 2 or more virtual machines/docker hosts where I can shut one VM down and everything functions off of the secondary, this is high availability to me.

With all that said, is it possible to setup Wazuh in this fashion? And if so, how? I would assume that there would need to be shared storage between the two hosts or some sort of replication?

Would this entire Multi-Node stack need to be deployed on each host, or done through Docker Swarm?

Beeez avatar Feb 16 '23 20:02 Beeez

Hi @Beeez,

The single-node deployment uses only "1 container per service" and the multi-node deployment uses "several containers per service".

High availability (HA) is the elimination of single points of failure to enable applications to continue. With the multi-node deployment, you achieve that at the container level (if the manager2 fails, you still have the manager1).

That said, it is true that if the Docker server goes down, everything is down. To achieve HA at this level you will need to run the multi-node deployment on several servers. For that, you can use Docker Swarm or Kubernetes (https://github.com/wazuh/wazuh-kubernetes).

Finally, I think we should review the nomenclature for the deployments since it is a bit confusing.

jesuslinares avatar Feb 20 '23 10:02 jesuslinares

If running 3 seperate servers as "Multi Node", should each of them be sharing all the same storage?

Beeez avatar Feb 22 '23 13:02 Beeez

Hi @Beeez

Docker itself does not allow you to do what you ask, since each Wazuh indexer container creates its own volume and is not set up to share files with another instance in that way. If you want to have HA at the VM level, I recommend that you deploy with a container orchestrator, such as Kubernetes (https://github.com/wazuh/wazuh-kubernetes) and deploy a Wazuh indexer and Wazuh manager node on each node of the cluster that you have created.

vcerenu avatar Mar 06 '23 13:03 vcerenu