Ansible Role graylog_datanode

This role installs and configures a Graylog Data Node.

Note that this role does NOT let you specify a particular Graylog Data Node version. It simply installs the latest available Graylog Data Node version from the repos configured in the system.

Known Limitations

• To secure your data node(s), you can either upload an existing Certificate Authority (CA) or provision a certificate directly from the Graylog interface. This role does not currently support certificate handling - it assumes that you are using the automatic data node setup.

• This role does not currently support more than one data node.

Mandatory Requirements

Sizing of disks:

• /: at least 4 GB free disk space (create a 8+ GB partition).

• /var: at least 15 GB free disk space (create a 20+ GB partition).

If you use the „Setup Graylog Data Node“ Playbook, the following is automatically done for you:

• Install MongoDB. This can be done using the linuxfabrik.lfops.mongodb role.

• If you’re not using a versioned MongoDB repository, don’t forget to protect MongoDB from being updated with newer minor and major versions. This can be done using the linuxfabrik.lfops.dnf_versionlock role.

• Enable the official Graylog repository. This can be done using the linuxfabrik.lfops.repo_graylog role.

Tags

graylog_datanode

• Installs and configures Graylog Data Node.

• Triggers: graylog-datanode.service restart.

graylog_datanode:configure

• Deploys the config files.

• Triggers: graylog-datanode.service restart.

graylog_datanode:state

• Manages the state of the Graylog Data Node service.

• Triggers: none.

Mandatory Role Variables

graylog_datanode__password_secret

• You MUST set a secret that is used for password encryption and salting. The server refuses to start if this value is not set. The minimum length for password_secret is 16 characters. Use at least 64 characters. If you run multiple Graylog Data Nodes, make sure you use the same password_secret for all of them.

• Type: String.

• Default: none

Example:

# mandatory
graylog_datanode__password_secret: 'Linuxfabrik_GmbH'

Optional Role Variables

graylog_datanode__bind_address

• The network interface used by the Graylog DataNode to bind all services.

• Type: String.

• Default: '127.0.0.1'

graylog_datanode__datanode_http_port

• The port where the DataNode REST api is listening.

• Type: Number.

• Default: 8999

graylog_datanode__mongodb_uri

• MongoDB connection string. See https://docs.mongodb.com/manual/reference/connection-string/ for details.

• Type: String.

• Default: 'mongodb://127.0.0.1/graylog'

graylog_datanode__opensearch_data_location

• Set this OpenSearch folder if you need OpenSearch to be located in a special place.

• Type: String.

• Default: '/var/lib/graylog-datanode/opensearch/data'

graylog_datanode__opensearch_heap

• Ensure the heap settings are set to half your system memory, up to a max of 31 GB.

• Type: String.

• Default: 50% of system memory, e.g. '8g'

graylog_datanode__service_enabled

• Enables or disables the graylog-datanode service, analogous to systemctl enable/disable --now.

• Type: Bool.

• Default: true

Example:

# optional
graylog_datanode__bind_address: '127.0.0.1'
graylog_datanode__datanode_http_port: 8999
graylog_datanode__mongodb_uri: 'mongodb://127.0.0.1/graylog'
graylog_datanode__opensearch_data_location: '/data/opensearch'
graylog_datanode__opensearch_heap: '8g'
graylog_datanode__service_enabled: true

Troubleshooting

Q: /bin/sh: /opt/python-venv/pymongo/bin/python3: No such file or directory

A: You either have to run the whole playbook, or python_venv directly: ansible-playbook --inventory myinv linuxfabrik.lfops.setup_graylog_datanode --tags python_venv

License

The Unlicense

Author Information

Linuxfabrik GmbH, Zurich