Ansible Role linuxfabrik.lfops.graylog_datanode

This role installs and configures a Graylog Data Node.

Note that this role does NOT let you specify a particular Graylog Data Node version. It simply installs the latest available Graylog Data Node version from the repos configured in the system.

Available since LFOps 3.0.0.

Known Limitations

• To secure your data node(s), you can either upload an existing Certificate Authority (CA) or provision a certificate directly from the Graylog interface. This role does not currently support certificate handling - it assumes that you are using the automatic data node setup.
• This role does not currently support more than one data node.

Dependent Roles

Any LFOps playbook that installs this role runs these for you. Optional ones can be disabled via the playbook's skip variables.

• MongoDB must be installed (role: linuxfabrik.lfops.mongodb).
• The official Graylog repository must be enabled (role: linuxfabrik.lfops.repo_graylog).

Requirements

• Size the disks before running the role:

  • /: at least 4 GB free disk space (create a 8+ GB partition).
  • /var: at least 15 GB free disk space (create a 20+ GB partition).

Manual steps:

• If you're not using a versioned MongoDB repository, protect MongoDB from being updated with newer minor and major versions by running the dnf_versionlock playbook (role: linuxfabrik.lfops.dnf_versionlock).

Tags

graylog_datanode

• Installs and configures Graylog Data Node.
• Triggers: graylog-datanode.service restart.

graylog_datanode:configure

• Deploys the config files.
• Triggers: graylog-datanode.service restart.

graylog_datanode:state

• Manages the state of the Graylog Data Node service.
• Triggers: none.

Mandatory Role Variables

graylog_datanode__password_secret

• You MUST set a secret that is used for password encryption and salting. The server refuses to start if this value is not set. The minimum length for password_secret is 16 characters. Use at least 64 characters. If you run multiple Graylog Data Nodes, make sure you use the same password_secret for all of them.
• Type: String.
• Default: none

Example:

# mandatory
graylog_datanode__password_secret: 'Linuxfabrik_GmbH'

Optional Role Variables

graylog_datanode__bind_address

• The network interface used by the Graylog DataNode to bind all services.
• Type: String.
• Default: '127.0.0.1'

graylog_datanode__datanode_http_port

• The port where the DataNode REST api is listening.
• Type: Number.
• Default: 8999

graylog_datanode__mongodb_uri

• MongoDB connection string. See https://docs.mongodb.com/manual/reference/connection-string/ for details.
• Type: String.
• Default: 'mongodb://127.0.0.1/graylog'

graylog_datanode__node_search_cache_size

• Size of disk-based cache for searchable snaphots. This space will be automatically reserved if graylog_datanode__path_repos is configured. See docs.opensearch.org - Supported Units for a list of possible options. This setting is only applied when graylog_datanode__path_repos contains at least one path.
• Type: String.
• Default: 10gb

graylog_datanode__opensearch_data_location

• Set this OpenSearch folder if you need OpenSearch to be located in a special place.
• Type: String.
• Default: '/var/lib/graylog-datanode/opensearch/data'

graylog_datanode__opensearch_heap

• Ensure the heap settings are set to half your system memory, up to a max of 31 GB.
• Type: String.
• Default: 50% of system memory, e.g. '8g'

graylog_datanode__path_repos

• Filesystem paths where searchable snapshots should be stored.
• Type: List of Strings.
• Default: []

graylog_datanode__raw

• Multiline string. Raw content which will be appended to the datanode.conf config file. Note that the config file uses the Java properties format and not YAML.
• Type: String.
• Default: unset

graylog_datanode__service_enabled

• Enables or disables the graylog-datanode service, analogous to systemctl enable/disable --now.
• Type: Bool.
• Default: true

Example:

# optional
graylog_datanode__bind_address: '127.0.0.1'
graylog_datanode__datanode_http_port: 8999
graylog_datanode__mongodb_uri: 'mongodb://127.0.0.1/graylog'
graylog_datanode__node_search_cache_size: '5gb'
graylog_datanode__opensearch_data_location: '/data/opensearch'
graylog_datanode__opensearch_heap: '8g'
graylog_datanode__path_repos:
  - '/mnt/backups/graylog-datanode/backup'
graylog_datanode__raw: |-
  insecure_startup = false
graylog_datanode__service_enabled: true

Troubleshooting

Q: /bin/sh: /opt/python-venv/pymongo/bin/python3: No such file or directory

A: You either have to run the whole playbook, or python_venv directly: ansible-playbook --inventory myinv linuxfabrik.lfops.setup_graylog_datanode --tags python_venv

License

The Unlicense

Author Information

Linuxfabrik GmbH, Zurich