Ansible role which installs and configures Graylog log management.
- Ansible 1.6 or higher.
- MongoDB
- Elasticsearch
- Nginx
- Tested on Ubuntu 14.04 and Debian 7
- Copy your ssh key to the target host and make sure you can login passwordless (You need about 4GB ram to run Graylog at least)
- Create a
playbook.ymlfile, containing the following
---
- hosts: all
remote_user: vagrant
sudo: yes
vars:
elasticsearch_version: '1.7'
elasticsearch_cluster_name: 'graylog2'
elasticsearch_gateway_expected_nodes: 1
roles:
- graylog2.graylog- Fetch this role with dependencies
ansible-galaxy install -p . graylog2.graylog - Run the playbook with
ansible-playbook playbook.yml -i "127.0.0.1," - Login to Graylog by opening
http://localhost:9000in your browser, default username and password isadmin
# Basic server settings
is_master: 'true'
password_secret: 2jueVqZpwLLjaWxV # generate with pwgen -s 96 1
root_password_sha2: 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
# Elasticsearch
graylog_elasticsearch_max_docs_per_index: 20000000
graylog_elasticsearch_max_number_of_indices: 20
graylog_elasticsearch_shards: 4
graylog_elasticsearch_replicas: 0
# Basic web interface settings
web_server_uri: http://127.0.0.1:12900
web_secret: 2jueVqZpwLLjaWxV # generate with pwgen -s 96 1Take a look into defaults/main.yml to get an overview of all configuration parameters
- Set up
roles_path = ./rolesinansible.cfg([defaults]block) - Install role and dependencies
ansible-galaxy install graylog2.graylog - Set up playbook (see example below):
# main.yml
---
- hosts: web
sudo: yes
vars:
elasticsearch_cluster_name: 'graylog2'
elasticsearch_timezone: 'UTC'
elasticsearch_version: '1.7'
elasticsearch_discovery_zen_ping_unicast_hosts: '127.0.0.1:9300'
elasticsearch_network_host: ''
elasticsearch_network_bind_host: ''
elasticsearch_network_publish_host: ''
elasticsearch_index_number_of_shards: '4'
elasticsearch_index_number_of_replicas: '0'
elasticsearch_gateway_recover_after_nodes: '1'
elasticsearch_gateway_expected_nodes: '1'
nginx_sites:
graylog:
- listen 80
- server_name graylog
- location / {
proxy_pass http://localhost:9000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_request_headers on;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffers 4 32k;
client_max_body_size 8m;
client_body_buffer_size 128k; }
roles:
- { role: 'graylog2.graylog', tags: 'graylog' }- Run the playbook with
ansible-playbook -i inventory_file main.yml - Login to Graylog by opening
http://<host IP>in your browser, default username and password isadmin
Author: Marius Sturm (marius@graylog.com) and contributors
License: Apache 2.0