Working with Audit Store roles

Roles assigned to the nodes determine the functions performed by the node in the cluster. As the cluster grows, the role of the node can be modified to have nodes with dedicated roles.

A node can have one role or multiple roles. A cluster needs at least one node with each role. Hence, roles of the node in a single-node cluster cannot be removed. Similarly, if the node is the last node in the cluster with a particular role, then the role cannot be removed. By default, all the nodes must have the master-eligible, data, and ingest roles:

  • Master-eligible: This is the master-eligible node. It is eligible to be elected as the master node that controls the Audit Store cluster. A minimum of 3 nodes with the master-eligible role are required in the cluster to make the Audit Store cluster stable and resilient.
  • Data: This node holds data and can perform data-related operations. A minimum of 2 nodes with the data role are required in the Audit Store cluster to reduces data loss when a node goes down.
  • Ingest: This node processes logs received before the log is indexed for further storage and processing. A minimum of 2 nodes with the ingest role are required in the Audit Store cluster.

The Audit Store uses the following formula to determine the minimum number of nodes with the Master-eligible role that should be running in the cluster:

Minimum number of running nodes with the Master-eligible role in a cluster = (Total number of nodes with the Master-eligible role in a cluster / 2) + 1

For example, if the cluster has 5 nodes that have the Master-eligible role, then the minimum number of nodes with the Master-eligible role that needs to be running for the cluster to remain functional is 3.

An Audit Store cluster must have a minimum of 3 nodes with the Master-eligible role due to following scenarios:

  • 1 master-eligible node: If the only node is present with the Master-eligible role, then it is elected the Master, by default, because it is the only node with the required Master-eligible role. In this case, if the node becomes unavailable due to some failure, then the cluster becomes unstable as there is no additional node with the Master-eligible role.
  • 2 master-eligible nodes: A cluster where only 2 nodes have the Master-eligible role will both have the Master-eligible role at the minimum to be up and running for the cluster to remain functional. If any one of those nodes becomes unavailable due to some failure, then the minimum condition for the nodes with the Master-eligible role is not met and the cluster becomes unstable.
  • 3 master-eligible nodes and above: In this case, if any one node goes down, then the cluster can still remain functional because this cluster requires two nodes with the Master-eligible role to be running at the minimum, as per the minimum Master-eligible role formula.

For more information about node and roles, refer to https://opensearch.org/docs/2.15/opensearch/cluster/.

Based on the requirements, modify the roles of a node using the following steps.

  1. Log in to the Web UI of the system to change the role.

  2. Click Audit Store > Cluster Management > Overview to open the Audit Store clustering page.

  3. Click Edit Roles.

  4. Select the check box to add a role. Alternatively, clear the check box to remove a role.

  5. Click Update Roles.

  6. Click Dismiss in the message box that appears after the role update.

Last modified January 21, 2025