cookbook 'graylog', '= 1.3.3'
graylog
(23) Versions
1.3.3
-
Follow0
Installs/Configures graylog
cookbook 'graylog', '= 1.3.3', :supermarket
knife supermarket install graylog
knife supermarket download graylog
graylog cookbook
This cookbook sets up Graylog, version >= 0.20.x
(not the old rails graylog).
Including the following support services:
- Elasticsearch
- MongoDB
Quickstart
To quickly setup a working Graylog installation on a single node, do the following:
- Setup application secrets
This is required, as it would leave your Graylog installation insecure. Therefore the cookbook
will fail with an error message if you do not set them!
# Set this to a random string, generated e.g. with "pwgen 96" node['graylog']['server']['server.conf']['password_secret'] = 'CHANGE ME!' # Generate with "echo -n yourpassword | shasum -a 256" node['graylog']['server']['server.conf']['root_password_sha2'] = '...' # This also should be a random string, generated e.g. with "pwgen 96" node['graylog']['web_interface']['web.conf']['application.secret'] = 'CHANGE ME!'
- Add default recipe to your run_list
{ "run_list": [ "recipe[graylog::default]" ] }
Supported Platforms
Currently tested on Ubuntu-14.04 LTS.
Dependencies
- Chef
>= 0.11
- MongoDB cookbook
- Apt cookbook
Notes
Please do not expose the Graylog service directly in production. Instead, you
should use a reverse proxy (e.g. nginx).
This also adds the capability to use SSL to secure your logins.
You can easily setup nginx using the official nginx cookbook.
Here's an example nginx site configuration you can use:
# Upstream to Graylog frontend
proxy_next_upstream error timeout;
upstream graylog_web_interface {
server localhost:9000 fail_timeout=0;
}
# Redirect everything to https
server {
listen 80;
return 301 https://graylog.example.com$request_uri;
}
server {
listen 443 ssl;
# SSL certificate
ssl_certificate /etc/nginx/certs/graylog.example.com.crt;
ssl_certificate_key /etc/nginx/certs/graylog.example.com.key;
location / {
root /usr/share/nginx/html;
proxy_pass_header Date;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host:$server_port;
proxy_redirect off;
proxy_set_header X_FORWARDED_PROTO $scheme;
chunked_transfer_encoding off;
proxy_pass http://graylog_web_interface;
}
}
Attributes
Global attribute:
# Graylog version to use (must be available via the official repositories) node['graylog']['version'] = '1.3'
Graylog server
Attributes to configure Graylog.
The password_secret
and root_password_sha2
attributes NEED to be changed!
# You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters. # Generate one by using for example: pwgen -s 96 node['graylog']['server']['server.conf']['password_secret'] = 'CHANGE ME!' # the default root user is named 'admin' # You MUST specify a hash password for the root user (which you only need to initially set up the # system and in case you lose connectivity to your authentication backend) # This password cannot be changed using the API or via the web interface. # Create one by using for example: "echo -n yourpassword | shasum -a 256" # # For testing purposes (only!) you can use the password "insecure" with the following hash node['graylog']['server']['server.conf']['root_password_sha2'] = '1d92dae504a70fbcae6d3721a55d7eacaf94d3133ea5f0394b7d203d64841110'
This recipe disables multicast to learn about Elasticsearch. This is recommended for production.
# The default unicast host used and configured by this recipe is automatically retrieved from the Elasticsearch attributes # (See below, node['graylog']['elasticsearch']['host'] and node['graylog']['elasticsearch']['port']) node['graylog']['server']['server.conf']['elasticsearch_discovery_zen_ping_multicast_enabled'] = false node['graylog']['server']['server.conf']['elasticsearch_discovery_zen_ping_unicast_hosts'] = '127.0.0.1:1234'
The cookbook accepts every possible configuration option supported by server.conf
node['graylog']['server']['server.conf']['key'] = 'value'
Web-Interface
Configure application secret. You NEED to change this, otherwise your installation will be insecure!
# If you deploy your application to several instances be sure to use the same key!
# Generate for example with: pwgen -s 96
node['graylog']['web_interface']['web.conf']['application.secret'] = 'CHANGE ME!'
Configure timezone
node['graylog']['web_interface']['web.conf']['timezone'] = 'Europe/Berlin'
The cookbook accepts every possible configuration option supported by web.conf:
node['graylog']['web_interface']['web.conf']['key'] = 'value'
Elasticsearch
The elasticsearch
recipe installs Elasticsearch using the official PPA repository.
You can finetune the installation here, although the defaults should "just work".
The settings below are the defaults
# Elasticsearch version to use. Currently 0.90.x and 1.0.x versions are available # See: http://www.elasticsearch.org/blog/apt-and-yum-repositories/ node['graylog']['elasticsearch']['version'] = '0.90' # Assign half of the systems memory to elasticsearch heap (recommended setting) # See: http://support.torch.sh/help/kb/graylog2-server/configuring-and-tuning-elasticsearch-for-graylog2-v0200 node['graylog']['elasticsearch']['heap_size'] = "#{(node['memory']['total'].to_i / 1024 / 2).to_i}m" node['graylog']['elasticsearch']['cluster_name'] = 'graylog2' # Elasticsearch ip:port to use node['graylog']['elasticsearch']['host'] = '127.0.0.1' node['graylog']['elasticsearch']['port'] = 9300
MongoDB
The default
recipe installs MongoDB, using the MongoDB cookbook.
As MongoDB is only used to store small amounts of data, it's usually sufficient to use a small data partition. Therefore, smallfile is enabled by default.
You can override the setting if needed, like so
node['mongodb']['config']['smallfiles'] = false
Recipes
graylog::default
Installs and configures Elasticsearch, MongoDB, Graylog server and The Graylog web-interface.
graylog::elasticsearch
Installs Elasticsearch from the official PPA, and configures it for Graylog use.
graylog::server
Installs and configures Graylog server.
graylog::web
Installs and configures Graylog web-interface.
Contributing
- Fork the repository on Github
- Create a named feature branch (i.e.
add-new-recipe
) - Write your change
- Write tests for your change (if applicable)
- Run the tests, ensuring they all pass
- Submit a Pull Request
License and Authors
Author:: Chris Aumann (me@chr4.org)
Dependent cookbooks
apt >= 0.0.0 |
mongodb >= 0.0.0 |
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
Changelog for Graylog cookbook
1.3.3
- Add support for
graylog2.gzip-filter
andgraylog2.client.accept-any-certificate
web interface attributes
1.3.2
- Include
apt_repository
recipe for easier handling inserver
andweb recipes
1.3.1
- Change default spooling dir to
/var/lib/graylog-server
, according to package default - Update other default settings to match Graylog defaults
1.3.0
- Update default Graylog version to
1.3.0
1.2.1
- Use Elasticsearch
1.7
by default
1.2.0
- Update default Graylog version to
1.2.0
- Use official repositories to install
graylog-server
andgraylog-web
packages - Rename
web_interface
recipe toweb
, to follow package naming - Rename
graylog.conf
attributes toserver.conf
to follow package naming - Rename
graylog-web-interface.conf
attribtues toweb.conf
to follow package naming - Add newly introduced options to attributes
1.1.6
- Update default Graylog version to
1.1.6
1.1.5
- Update default Graylog version to
1.1.5
1.1.4
- Update default Graylog version to
1.1.4
1.1.3
- Update default Graylog version to
1.1.3
1.1.1
- Update default Graylog version to
1.1.1
- Update default elasticsearch version to
1.5
1.0.0
- Update default Graylog version to
1.0.0
- Configuration option and config file changes according to version
1.0.0
Attribute names for configruation files changed:
graylog2.conf -> graylog.conf
graylog2-web-interface.conf -> graylog-web-interface.conf
Node ID default URL changed (Migrate the file manually, if needed)
/etc/graylog2-server-node-id -> /etc/graylog/server/node-id
0.92.3
- Update default Graylog2 version to
0.92.3
0.92.0
- Update default Graylog2 version to
0.92.0
- Update Elasticsearch
1.4
0.91.3
- Update default Graylog2 version to
0.91.3
0.91.1
- Update default Graylog2 version to
0.91.1
0.91.0
- Update default Graylog2 version to
0.91.0
- Update Elasticsearch to
1.3
0.20.6
- Update default Graylog2 version to
0.20.6
- Disable default secrets/passwords and display helpful error message if not set
0.20.3
- Initial release of graylog
- Use default Graylog2 version
0.20.3
Foodcritic Metric
1.3.3 passed this metric
1.3.3 passed this metric