26. 03. 2020 Alessandro Valentini NetEye

NetEye Voting-only Node

A common issue in cluster environment is the split brain condition. A split brain occurs when some nodes of the cluster are not able to communicate properly, but instead continue to work like two separate, distinct clusters leading to data or service inconsistency. To prevent this situation a common solution is to introduce the concept of a quorum: only the portion of the cluster which includes half+1 of the nodes can continue to work, while the other portion ceases operating, thus avoiding inconsistencies.

A NetEye cluster requires at least three nodes in order to guarantee resiliency against outages and to avoid downtime during maintenance. In a three nodes installation, the quorum is set to 2 and therefore it is possible to lose one node while still guaranteeing data integrity and NetEye availability.

NetEye clusters involve three main technologies:

  • DRBD provides clustered storage which synchronizes data between nodes, and mounts the partition on the node where the service is running
  • PCS is responsible for running services and moving them between nodes when necessary
  • Elasticsearch provides its own cluster solution and does not rely on PCS and DRBD technologies

Customers often consider three-node installations too expensive for several reasons:

  • Storage costs: all three nodes need to have the same amount of storage to synchronize DRBD resources and Elasticsearch data
  • RAM and CPU: all three nodes may run the same services and therefore they must have same computational power
  • License costs: it requires three full NetEye licenses

A voting-only node is a NetEye node which circumvents the limitations above. This type of node is a standard NetEye machine with several modifications aimed at reducing resource usage and therefore costs. As the name implies, the only purpose of a voting-only node is to provide a quorum for DRBD, PCS and Elasticsearch:

  • DRBD is set up in diskless mode: data are not synchronized on the voting-only node and minimum disk space is required.
  • The machine is configured as a PCS quorum device. A quorum device can join a PCS cluster providing quorum but the node cannot run resources.
  • Elasticsearch is configured as a voting-only master-eligible node: data will not be synchronized, machine-learning jobs cannot be run on it, and data will not be ingested. Elasticsearch is required only in NetEye SIEM clusters.

A voting-only node may run on a virtual machine with 4 vCPU, 8GB RAM and 60GB storage, thus reducing costs in comparison with a physical machine while maintaining cluster reliability.

Note that Elasticsearch as a voting-only master-eligible node is not available with the OSS license.

Alessandro Valentini

Alessandro Valentini

DevOps Engineer at Wuerth Phoenix
DevOps Engineer at Würth Phoenix

Author

Alessandro Valentini

DevOps Engineer at Würth Phoenix

Latest posts by Alessandro Valentini

26. 07. 2024 DevOps
Bonding Configuration While Adding an OpenShift Node
14. 06. 2024 DevOps, NetEye
Automating the Full NetEye Release Procedure
24. 05. 2024 DevOps
OpenShift: How to Check and Reset Ceph Storage in Warning State
01. 12. 2023 Development, DevOps
How to Install Matomo on OpenShift
28. 11. 2023 DevOps
My OpenShift Journey #7: Enabling Persistent Monitoring
See All

Related Content

Tags: , ,

22. 11. 2024 Atlassian, Service Management

Managing Alerts with JSM: Focus on Incident Management – Part 1

Alerts are critical signals that demand immediate attention to minimize disruptions and maintain smooth operations. Proactively managing alerts throughout their lifecycle is key to effective event-driven workflows, incident response, and business continuity. By leveraging alerting tools within Jira Service Management Read More
06. 11. 2024 AI, Log-SIEM, Machine Learning, NetEye

The New NetEye User Guide Search: From POC to Production

Hello everyone! As you may remember, a topic I like to discuss a lot on this blog is the Proof of Concept (POC) about how we could enhance search within our online NetEye User Guide. Well, we're happy to share Read More
24. 10. 2024 Log Management, Log-SIEM

Categories of documents – create more namespaces within an agent’s environment

In the ever-evolving landscape of IT monitoring and management, the ability to efficiently handle multi-dimensional namespaces is crucial. Within NetEye, Log-SIEM (Elastic), provides a comprehensive solution for managing the single namespace dimension with the namespace of a data_stream. This blog Read More
02. 10. 2024 Log Management, Log-SIEM, Machine Learning, NetEye

Perform KNN Classification Using Elasticsearch

Hey everyone! We played around a bit last time with our radar data to build a model that we could train outside Elasticsearch, loading it through Eland and then applying it using an ingest pipeline. But since our data is Read More
11. 09. 2024 Contribution, Development, DevOps

Ansible Development, Part 1: Building an Execution Environment

Right now, at Würth Phoenix, we are investing in automating most of our operations using Ansible. You're probably already familiar with what Ansible does, but to summarize, Ansible is an open-source, command-line IT automation application written in Python. I've talked Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive