This cookbook sets up Graylog2, version >= 0.20.x
(not the old rails graylog2).
Including the following support services:
- Elasticsearch
- MongoDB
To quickly setup a working Graylog2 installation on a single node, do the following:
- Setup application secrets
node['graylog']['server']['graylog2.conf']['password_secret'] = 'CHANGE ME!'
node['graylog']['server']['graylog2.conf']['root_password_sha2'] = '...' # generate with "echo -n yourpassword | shasum -a 256"
node['graylog']['web_interface']['graylog2-web-interface.conf']['application.secret'] = 'CHANGE ME!'
- Add default recipe to your run_list
{
"run_list": [
"recipe[graylog::default]"
]
}
Currently tested on Ubuntu-14.04 LTS.
- Chef
>= 0.11
- MongoDB cookbook
- Ark cookbook
- Apt cookbook
Attributes to adjust installation details (defaults should "just work")
node['graylog']['server']['version'] = '0.20.3' # Version to install
node['graylog']['server']['user'] = 'graylog2' # User graylog2 uses (will be created)
node['graylog']['server']['url'] = 'https://example.com/graylog.tar.gz' # URL to graylog2 tar.gz package (Github is the default)
Attributes to configure Graylog2.
The password_secret
and root_password_sha2
attributes NEED to be changed, otherwise your installation will use the default ones, which is insecure!
# You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
# Generate one by using for example: pwgen -s 96
node['graylog']['server']['graylog2.conf']['password_secret'] = 'CHANGE ME!'
# the default root user is named 'admin'
# You MUST specify a hash password for the root user (which you only need to initially set up the
# system and in case you lose connectivity to your authentication backend)
# This password cannot be changed using the API or via the web interface. If you need to change it,
# modify it in this file.
# Create one by using for example: echo -n yourpassword | shasum -a 256
# and put the resulting hash value into the following line
#
# This cookbook defaults password to 'CHANGEME!'
node['graylog']['server']['graylog2.conf']['root_password_sha2'] = '90aba6bd1562f5af8f912ac3fe00d9ed7387bd84ec32f3da7415f4078da5efb8'
This recipe disables multicast to learn about Elasticsearch. This is recommended for production.
# The default unicast host used and configured by this recipe is automatically retrieved from the Elasticsearch attributes
# (See below, node['graylog']['elasticsearch']['host'] and node['graylog']['elasticsearch']['port'])
node['graylog']['server']['graylog2.conf']['elasticsearch_discovery_zen_ping_multicast_enabled'] = false
node['graylog']['server']['graylog2.conf']['elasticsearch_discovery_zen_ping_unicast_hosts'] = '127.0.0.1:1234'
The cookbook accepts every possible configuration option supported by graylog2.conf:
node['graylog']['server']['graylog2.conf']['key'] = 'value'
Attributes to adjust installation details (defaults should "just work")
node['graylog']['web_interface']['version'] = '0.20.3' # Version to install
node['graylog']['web_interface']['user'] = 'graylog2' # User graylog2 uses (will be created)
node['graylog']['web_interface']['url'] = 'https://example.com/webinterface.tar.gz' # URL to graylog2 tar.gz package (Github is the default)
Configure application secret. You NEED to change this, otherwise your installation will be insecure!
# If you deploy your application to several instances be sure to use the same key!
# Generate for example with: pwgen -s 96
node['graylog']['web_interface']['graylog2-web-interface.conf']['application.secret'] = 'CHANGE ME!'
Configure timezone
node['graylog']['web_interface']['graylog2-web-interface.conf']['timezone'] = 'Europe/Berlin'
The cookbook accepts every possible configuration option supported by graylog2-web-interface.conf:
node['graylog']['web_interface']['graylog2-web-interface.conf']['key'] = 'value'
The elasticsearch
recipe installs Elasticsearch using the official PPA repository.
You can finetune the installation here, although the defaults should "just work".
The settings below are the defaults
# Elasticsearch version to use. Currently 0.90.x and 1.0.x versions are available
# See: http://www.elasticsearch.org/blog/apt-and-yum-repositories/
node['graylog']['elasticsearch']['version'] = '0.90'
# Assign half of the systems memory to elasticsearch heap (recommended setting)
# See: http://support.torch.sh/help/kb/graylog2-server/configuring-and-tuning-elasticsearch-for-graylog2-v0200
node['graylog']['elasticsearch']['heap_size'] = "#{(node['memory']['total'].to_i / 1024 / 2).to_i}m"
node['graylog']['elasticsearch']['cluster_name'] = 'graylog2'
# Elasticsearch ip:port to use
node['graylog']['elasticsearch']['host'] = '127.0.0.1'
node['graylog']['elasticsearch']['port'] = 9300
The default
recipe installs MongoDB, using the MongoDB cookbook.
As MongoDB is only used to store small amounts of data, it's usually sufficient to use a small data partition. Therefore, smallfile is enabled by default. You can override the setting if needed, like so
node['mongodb']['config']['smallfiles'] = false
Installs and configures Elasticsearch, MongoDB, Graylog2 server and The Graylog2 web-interface.
Installs Elasticsearch from the official PPA, and configures it for Graylog2 use.
Installs and configures Graylog2 server.
Installs and configures Graylog2 web-interface.
- Fork the repository on Github
- Create a named feature branch (i.e.
add-new-recipe
) - Write your change
- Write tests for your change (if applicable)
- Run the tests, ensuring they all pass
- Submit a Pull Request
Author:: Chris Aumann ([email protected])