Wazuh api stops working when worker is incorrectly setup
167 views
Skip to first unread message
ranjit nepal
Apr 11, 2023, 1:23:26 AM4/11/23
to Wazuh mailing list
Hi,
When using wazuh cluster if i have setup my worker incorrectly in anyway( when it is not able to connect to master), all other api functionalities on that node stops. for example, if i have enabled cluster in a wazuh manager and set it up as worker and it is not able to connect to master, i cannot even get authenticate or perform any other api actions.
Is this intentional? I think even if worker is not able to connect to cluster basic api should work in that clusters. currently all my api requests return the same thing.
{
"title": "Wazuh Cluster Error",
"detail": "Worker node is not connected to master",
"remediation": "Check the cluster.log located at WAZUH_HOME/logs/cluster.log file to see if there are connection errors. Restart the `wazuh-manager` service.",
"error": 3023
}
--
Thanks and Regards,
Ranjit
Message has been deleted
Mauro Malara
Apr 11, 2023, 4:13:49 AM4/11/23
to ranjit nepal, Wazuh mailing list
Hi, Ranjit!
TL;DR
There are multiple interdependencies and it becomes complex to use a worker API in isolation as it leads to errors, limitations and problems of many kinds, including security issues.
Is this intentional? I think even if the worker is not able to connect to the cluster basic API should work in that cluster. currently, all my API requests return the same thing.
Yes, it is intentional. Mainly for security, since the API uses a centralized authentication system and also roles, policies, and users (RBAC). This information is stored in the master node. For example, if a worker also had this information (distributed system), there could be a user or role that no longer exists in the master node, giving rise to security problems.
Therefore, even if all workers have APIs, authentication requests are redirected to the master, who knows the permissions for the credentials provided.
In addition, there are many requests that cannot be made to the workers directly since it is the master that centralizes and coordinates the workers.
For example, having the following cluster:
- 1 master node (without agents)
- 1 worker-1 node (with agents 001, 002, 003)
- 1 worker-2 node (with agents 004, 005, 006)
It would not be possible to request the worker-2 node to restart agent 001 because that agent is connected to the worker-1 node.
Therefore, the requests are redirected to the master, who knows which node has certain agents, thus redirecting the request correctly.
Therefore, even if all workers have APIs, authentication requests are redirected to the master, who knows the permissions for the credentials provided.
In addition, there are many requests that cannot be made to the workers directly since it is the master that centralizes and coordinates the workers.
For example, having the following cluster:
- 1 master node (without agents)
- 1 worker-1 node (with agents 001, 002, 003)
- 1 worker-2 node (with agents 004, 005, 006)
It would not be possible to request the worker-2 node to restart agent 001 because that agent is connected to the worker-1 node.
Therefore, the requests are redirected to the master, who knows which node has certain agents, thus redirecting the request correctly.
Finally, you have the possibility to add a Load balancer or configure the agents in Failover mode to automatically distribute the agents to another node in case of failure or high workload.
Regards!
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/CAL1bSyi6GxPQTNF8t0gCr_Uf0yBPgRES1LcajoMw-ugM9DyO8Q%40mail.gmail.com.
 |
|
wazuh.com
mauro....@wazuh.com
mauromalararanjit nepal
Apr 11, 2023, 8:59:09 AM4/11/23
to Mauro Malara, Wazuh mailing list
Thank you so much.
Regards,
Ranjit
Reply all
Reply to author
Forward
0 new messages