{WiP} Update the installation guide

javimed · javimed · commit 3037f9804896 · 2025-09-25T11:39:05.000-03:00
diff --git a/source/_templates/installations/indexer/common/configure_indexer_nodes.rst b/source/_templates/installations/indexer/common/configure_indexer_nodes.rst
@@ -1,12 +1,11 @@
 .. Copyright (C) 2015, Wazuh, Inc.
 
+#. Edit ``/etc/wazuh-indexer/opensearch.yml`` and replace the following values:
 
-#. Edit the ``/etc/wazuh-indexer/opensearch.yml`` configuration file and replace the following values: 
 
-    
-   #. ``network.host``:  Sets the address of this node for both HTTP and transport traffic. The node will bind to this address and use it as its publish address. Accepts an IP address or a hostname. 
-   
-      Use the same node address set in ``config.yml`` to create the SSL certificates. 
+   #. ``network.host``:  Sets the address of this node for both HTTP and transport traffic. The node will bind to this address and use it as its publish address. Accepts an IP address or a hostname.
+
+      Use the same node address set in ``config.yml`` to create the SSL certificates.
 
    #. ``node.name``: Name of the Wazuh indexer node as defined in the ``config.yml`` file. For example, ``node-1``.
 
@@ -19,15 +18,15 @@
         - "node-2"
         - "node-3"
 
-   #. ``discovery.seed_hosts:`` List of the addresses of the master-eligible nodes. Each element can be either an IP address or a hostname. You may leave this setting commented if you are configuring the Wazuh indexer as a single node. For multi-node configurations, uncomment this setting and set the IP addresses of each master-eligible node. 
+   #. ``discovery.seed_hosts:`` List of the addresses of the master-eligible nodes. Each element can be either an IP address or a hostname. You may leave this setting commented if you are configuring the Wazuh indexer as a single node. For multi-node configurations, uncomment this setting and set the IP addresses of each master-eligible node.
 
        .. code-block:: yaml
 
         discovery.seed_hosts:
           - "10.0.0.1"
           - "10.0.0.2"
           - "10.0.0.3"
-  
+
    #. ``plugins.security.nodes_dn``: List of the Distinguished Names of the certificates of all the Wazuh indexer cluster nodes. Uncomment the lines for ``node-2`` and ``node-3`` and change the common names (CN) and values according to your settings and your ``config.yml`` definitions.
 
       .. code-block:: yaml
diff --git a/source/_templates/installations/indexer/common/deploy_certificates.rst b/source/_templates/installations/indexer/common/deploy_certificates.rst
@@ -1,22 +1,25 @@
 .. Copyright (C) 2015, Wazuh, Inc.
 
+#. Run the following commands, replacing ``<INDEXER_NODE_NAME>`` with the name of the Wazuh indexer node you are configuring as defined in ``config.yml``. For example, ``node-1``. This deploys the SSL certificates to encrypt communications between the Wazuh central components.
 
-#. Run the following commands replacing ``<INDEXER_NODE_NAME>`` with the name of the Wazuh indexer node you are configuring as defined in ``config.yml``. For example, ``node-1``. This deploys the SSL certificates to encrypt communications between the Wazuh central components.
+   .. code-block:: console
+
+      # NODE_NAME=<INDEXER_NODE_NAME>
+
+   .. code-block:: console
+
+      # mkdir /etc/wazuh-indexer/certs
+      # tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem
+      # mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem
+      # mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem
+      # chmod 500 /etc/wazuh-indexer/certs
+      # chmod 400 /etc/wazuh-indexer/certs/*
+      # chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs
+
+#. **Recommended action**: If no other Wazuh components will be installed on this node, run the following command to remove the ``wazuh-certificates.tar`` file.
 
    .. code-block:: console
 
-     # NODE_NAME=<INDEXER_NODE_NAME>
-
-   .. code-block:: console 
-     
-     # mkdir /etc/wazuh-indexer/certs
-     # tar -xf ./wazuh-certificates.tar -C /etc/wazuh-indexer/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./admin.pem ./admin-key.pem ./root-ca.pem
-     # mv -n /etc/wazuh-indexer/certs/$NODE_NAME.pem /etc/wazuh-indexer/certs/indexer.pem
-     # mv -n /etc/wazuh-indexer/certs/$NODE_NAME-key.pem /etc/wazuh-indexer/certs/indexer-key.pem
-     # chmod 500 /etc/wazuh-indexer/certs
-     # chmod 400 /etc/wazuh-indexer/certs/*
-     # chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs
-    
-#. **Recommended action**: If no other Wazuh components are going to be installed on this node, remove the ``wazuh-certificates.tar`` file by running ``rm -f ./wazuh-certificates.tar`` to increase security.
+      # rm -f ./wazuh-certificates.tar
 
 .. End of include file
diff --git a/source/_templates/installations/indexer/common/install-dependencies.rst b/source/_templates/installations/indexer/common/install-dependencies.rst
@@ -1,6 +1,6 @@
 .. Copyright (C) 2015, Wazuh, Inc.
 
-#. Install the following packages if missing:
+#. Run the following command to install the following packages if missing:
 
    .. tabs::
 
diff --git a/source/installation-guide/wazuh-indexer/step-by-step.rst b/source/installation-guide/wazuh-indexer/step-by-step.rst
@@ -1,31 +1,29 @@
 .. Copyright (C) 2015, Wazuh, Inc.
 
 .. meta::
-   :description: Wazuh indexer is a highly scalable full-text search engine. Install the Wazuh indexer in a single-node or multi-node configuration according to your environment needs. 
+   :description: Wazuh indexer is a highly scalable full-text search engine. Install the Wazuh indexer in a single-node or multi-node configuration according to your environment needs.
 
 Installing the Wazuh indexer step by step
 =========================================
 
 Install and configure the Wazuh indexer as a single-node or multi-node cluster following step-by-step instructions. Wazuh indexer is a highly scalable full-text search engine and offers advanced security, alerting, index management, deep performance analysis, and several other features.
 
-The installation process is divided into three stages.  
+The installation process is divided into three stages:
 
-#. Certificates creation
-
-#. Wazuh indexer nodes installation
-
-#. Cluster initialization
+#. `Certificate creation`_
+#. `Wazuh indexer nodes installation`_
+#. `Cluster initialization`_
 
+.. note::
 
-.. note:: You need root user privileges to run all the commands described below.
+   You need root user privileges to run all the commands described below.
 
 .. _certificates_creation:
 
-1. Certificates creation
-------------------------
-.. raw:: html
+Certificate creation
+--------------------
 
-    <div class="accordion-section open">
+Wazuh uses certificates to establish confidentiality and encrypt communications between its central components. Follow these steps to create certificates for the Wazuh central components.
 
 Generating the SSL certificates
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -34,68 +32,65 @@ Generating the SSL certificates
 
    .. code-block:: console
 
-    # curl -sO https://packages.wazuh.com/|WAZUH_CURRENT_MINOR|/wazuh-certs-tool.sh
-    # curl -sO https://packages.wazuh.com/|WAZUH_CURRENT_MINOR|/config.yml
+      # curl -sO https://packages.wazuh.com/|WAZUH_CURRENT_MINOR|/wazuh-certs-tool.sh
+      # curl -sO https://packages.wazuh.com/|WAZUH_CURRENT_MINOR|/config.yml
 
 #. Edit ``./config.yml`` and replace the node names and IP values with the corresponding names and IP addresses. You need to do this for all Wazuh server, Wazuh indexer, and Wazuh dashboard nodes. Add as many node fields as needed.
 
-      .. code-block:: yaml
-
-        nodes:
-          # Wazuh indexer nodes
-          indexer:
-            - name: node-1
-              ip: "<indexer-node-ip>"
-            #- name: node-2
-            #  ip: "<indexer-node-ip>"
-            #- name: node-3
-            #  ip: "<indexer-node-ip>"
-
-          # Wazuh server nodes
-          # If there is more than one Wazuh server
-          # node, each one must have a node_type
-          server:
-            - name: wazuh-1
-              ip: "<wazuh-manager-ip>"
-            #  node_type: master
-            #- name: wazuh-2
-            #  ip: "<wazuh-manager-ip>"
-            #  node_type: worker
-            #- name: wazuh-3
-            #  ip: "<wazuh-manager-ip>"
-            #  node_type: worker
-
-          # Wazuh dashboard nodes
-          dashboard:
-            - name: dashboard
-              ip: "<dashboard-node-ip>"
-
-
-      To learn more about how to create and configure the certificates, see the :doc:`/user-manual/wazuh-indexer-cluster/certificate-deployment` section.
+   .. code-block:: yaml
+      :emphasize-lines: 4-5, 15-16, 27-28
+
+      nodes:
+        # Wazuh indexer nodes
+        indexer:
+          - name: node-1
+            ip: "<indexer-node-ip>"
+          #- name: node-2
+          #  ip: "<indexer-node-ip>"
+          #- name: node-3
+          #  ip: "<indexer-node-ip>"
+
+        # Wazuh server nodes
+        # If there is more than one Wazuh server
+        # node, each one must have a node_type
+        server:
+          - name: wazuh-1
+            ip: "<wazuh-manager-ip>"
+          #  node_type: master
+          #- name: wazuh-2
+          #  ip: "<wazuh-manager-ip>"
+          #  node_type: worker
+          #- name: wazuh-3
+          #  ip: "<wazuh-manager-ip>"
+          #  node_type: worker
+
+        # Wazuh dashboard nodes
+        dashboard:
+          - name: dashboard
+            ip: "<dashboard-node-ip>"
+
+
+   To learn more about how to create and configure the certificates, see the :doc:`/user-manual/wazuh-indexer-cluster/certificate-deployment` section.
 
 #. Run ``./wazuh-certs-tool.sh`` to create the certificates. For a multi-node cluster, these certificates need to be later deployed to all Wazuh instances in your cluster.
 
    .. code-block:: console
 
-     #  bash ./wazuh-certs-tool.sh -A
+      # bash ./wazuh-certs-tool.sh -A
 
 #. Compress all the necessary files.
 
    .. code-block:: console
 
-     # tar -cvf ./wazuh-certificates.tar -C ./wazuh-certificates/ .
-     # rm -rf ./wazuh-certificates
-
+      # tar -cvf ./wazuh-certificates.tar -C ./wazuh-certificates/ .
+      # rm -rf ./wazuh-certificates
 
 #. Copy the ``wazuh-certificates.tar`` file to all the nodes, including the Wazuh indexer, Wazuh server, and Wazuh dashboard nodes. This can be done by using the ``scp`` utility.
 
+Wazuh indexer nodes installation
+--------------------------------
 
-2. Nodes installation
----------------------
-.. raw:: html
-
-    <div class="accordion-section open">
-
+Follow these steps to install and configure a single-node or multi-node Wazuh indexer.
 
 Installing package dependencies
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -147,7 +142,7 @@ Installing the Wazuh indexer
 Configuring the Wazuh indexer
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-  .. include:: /_templates/installations/indexer/common/configure_indexer_nodes.rst
+.. include:: /_templates/installations/indexer/common/configure_indexer_nodes.rst
 
 .. include:: /_templates/installations/common/firewall-ports-note.rst
 
@@ -156,7 +151,7 @@ Deploying certificates
 
 .. note::
 
-   Make sure that a copy of the ``wazuh-certificates.tar`` file, created during the initial configuration step, is placed in your working directory.
+   Make sure that a copy of ``wazuh-certificates.tar``, created in the previous stage of the installation process, is placed in your working directory.
 
 .. include:: /_templates/installations/indexer/common/deploy_certificates.rst
 
@@ -170,38 +165,37 @@ Starting the service
   #. Enable and start the Wazuh indexer service.
 
       .. include:: /_templates/installations/indexer/common/enable_indexer.rst
-    
-Repeat this stage of the installation process for every Wazuh indexer node in your cluster. Then proceed with initializing your single-node or multi-node cluster in the next stage.
+
+Repeat this stage of the installation process for every Wazuh indexer node in your multi-node cluster. Then proceed with initializing your single-node or multi-node cluster in the next stage.
 
 Disable Wazuh updates
 ---------------------
 
 .. include:: /_templates/installations/disable-wazuh-updates.rst
 
-3. Cluster initialization
--------------------------
-.. raw:: html
+Cluster initialization
+----------------------
 
-    <div class="accordion-section open">
+The final stage of installing the Wazuh indexer single-node or multi-node cluster consists of running the security admin script.
 
 #. Run the Wazuh indexer ``indexer-security-init.sh`` script on `any` Wazuh indexer node to load the new certificates information and start the single-node or multi-node cluster.
-    
+
    .. code-block:: console
 
       # /usr/share/wazuh-indexer/bin/indexer-security-init.sh
 
    .. note::
-      
-      You only have to initialize the cluster *once*, there is no need to run this command on every node.
-      
+
+      You only have to initialize the cluster once, there is no need to run this command on every node.
+
 Testing the cluster installation
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-#. Replace ``<WAZUH_INDEXER_IP_ADDRESS>`` and run the following commands to confirm that the installation is successful.
+#. Run the following commands to confirm that the installation is successful. Replace ``<WAZUH_INDEXER_IP_ADDRESS>``  with the IP address of the Wazuh indexer and enter admin as the password when prompted:
 
    .. code-block:: console
 
-      # curl -k -u admin:admin https://<WAZUH_INDEXER_IP_ADDRESS>:9200
+      # curl -k -u admin https://<WAZUH_INDEXER_IP_ADDRESS>:9200
 
    .. code-block:: none
       :class: output accordion-output
@@ -223,15 +217,23 @@ Testing the cluster installation
         "tagline" : "The OpenSearch Project: https://opensearch.org/"
       }
 
-#. Replace ``<WAZUH_INDEXER_IP_ADDRESS>`` and run the following command to check if the single-node or multi-node cluster is working correctly. 
-  
+#. Run the following command to check if the cluster is working correctly. Replace ``<WAZUH_INDEXER_IP_ADDRESS>``  with the IP address of the Wazuh indexer and enter admin as the password when prompted:
+
    .. code-block:: console
 
-      # curl -k -u admin:admin https://<WAZUH_INDEXER_IP_ADDRESS>:9200/_cat/nodes?v
+      # curl -k -u admin https://<WAZUH_INDEXER_IP_ADDRESS>:9200/_cat/nodes?v
+
+   The command produces output similar to the following:
+
+   .. code-block:: none
+      :class: output
+
+      ip              heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles                               cluster_manager name
+      192.168.107.240           19          94   4    0.22    0.21     0.20 dimr      data,ingest,master,remote_cluster_client *               node-1
 
 Next steps
 ----------
 
 The Wazuh indexer is now successfully installed on your single-node or multi-node cluster, and you can proceed with installing the Wazuh server. To perform this action, see the :doc:`../wazuh-server/step-by-step` section.
 
-If you want to uninstall the Wazuh indexer, see :ref:`uninstall_indexer`.
+To uninstall the Wazuh indexer, see :ref:`uninstall_indexer`.
