bimdata.graylog

Panoramica Versioni Approfondimenti

Ansible Role Graylog

=========

This role helps you install and set up Graylog.

It expects that you already have roles for Elasticsearch, MongoDB, Nginx, etc.

Requirements

  • You need an active Elasticsearch cluster and a MongoDB cluster.
  • The servers must be able to connect to https://packages.graylog2.org/.
  • This role has been tested only on Debian 10.x (Buster).

Role Variables

This role aims to keep the same default settings as a manual Graylog installation. All default values are listed in ./defaults/main.yml, which you should review. We try to match the Ansible variable names with those in the Graylog configuration file, adding the prefix graylog_. Check the Graylog documentation for more details about each parameter.

You must set at least two variables:

  • graylog_password_secret: Generate this using: pwgen -N 1 -s 96 or tr -cd '[:alnum:]' < /dev/urandom | fold -w96 | head -n1
  • graylog_root_password_sha2: Generate this with: echo -n your_password | shasum -a 256 (Replace 'your_password' with an actual password!) Alternatively, use Ansible's hash() function: graylog_root_password_sha2: "{{ vault_graylog_root_password | hash('sha256') }}".

This role also supports installing plugins. Plugins must be .jar files, and the servers need internet access to download them. The checksum is optional, similar to the checksum option in the Ansible get_url module.

graylog_plugins:
  - url: https://github.com/graylog-labs/graylog-plugin-metrics-reporter/releases/download/3.0.0/metrics-reporter-prometheus-3.0.0.jar
    checksum: sha256:383eac2135baf248b5a0828a9e305130a2ab863b07afeef30cba00be05fc7cf9

If some plugins need additional configuration in the Graylog main configuration file, use the graylog_custom_config variable. This is a dictionary where keys are option names and values are their settings. For example:

graylog_custom_config:
  metrics_prometheus_enabled: true
  metrics_prometheus_report_interval: 1m
  metrics_prometheus_address: 127.0.0.1:9001
  metrics_prometheus_job_name: graylog

This will add the following at the end of /etc/graylog/server/server.conf:

# Custom configuration for plugins.
metrics_prometheus_enabled = True
metrics_prometheus_report_interval = 1m
metrics_prometheus_address = 127.0.0.1:9001
metrics_prometheus_job_name = graylog

Dependencies

List any other roles from Galaxy that are needed, along with any parameters or variables that may need to be set for these roles.

Example Playbook

- hosts: logs-servers
  gather_facts: True
  become: true
  vars:
    graylog_password_secret: "OMFPRQwk7Pg7i9Apun5xbuK4ICl0cfNUbZ5QblvmHKnKvnpzbjxtgHIoaSiEmi9XVlbqDhI6d8UqErW2wRiS0uapaHRgW4e"
    graylog_root_password_sha2: "4da3376323046a3bb6759f0a3f4ae7100a0567950c53ee42d2e19201baaa6dfc"
    # Ansible can also hash this password and use a vault to store it.
    # graylog_root_password_sha2: "{{ vault_graylog_root_password | hash('sha256') }}"
  roles:
    - role: bimdata.graylog

License

MIT

Author Information

BIMData.io

Informazioni sul progetto

This role installs and configures Graylog.

role graylog log
Installa
ansible-galaxy install bimdata.graylog
GitHub repository
1 stelle
1 fork
0 problemi aperti
Licenza
mit
Download
1.4k
Proprietario