Add another node to cluster
Sergio
I currently have a 3-node Wazuh cluster with the following architecture:
VM1
- Wazuh Manager
- Wazuh Indexer
- Wazuh Dashboard
VM2
- Wazuh Worker
- Wazuh Indexer
VM3
- Wazuh Worker
- Wazuh Indexer
My goal is to add an additional node to the cluster using the same architecture. However, I am not sure about the best approach or how the synchronization and data distribution would work in this scenario.
At the moment, I have around 1.5 TB of indexes on each node. My current configuration uses 3 shards and 1 replica.
Would it be possible to clone one of the existing worker VMs, change the corresponding IP address, and then enroll it into the cluster?
Alternatively, if I create the new machine from scratch, would the existing index data from the current 3 nodes be automatically replicated to the new node?
I would appreciate your recommendations on the best and safest way to expand the cluster.
Md. Nazmur Sakib
Hi Sergio,
Wazuh components are easily scalable. You can easily add more Wazuh Manager or indexer nodes to the existing deployment. Check these documents for reference.
Adding new Wazuh indexer nodes
Adding new Wazuh server nodesDeploy a Wazuh manager and an indexer in a new server and add it to the existing cluster following the above document. Once the new indexer node connects to the existing indexer cluster. It will share the data with the new indexer node to balance the load. For the Wazuh manager, once the new node is added to the manager cluster, it will share the agent information, custom rules, decoders, etc information, with the new Wazuh manager node.
Let me know if you need any further help on this.