Ansible role to install and configure a Graylog centralized logging server.
Building and improving this Ansible role have been sponsored by my current and previous employers like Cloudpunks GmbH and Proact Deutschland GmbH.
- Requirements
- Default Variables
- graylog_allow_highlighting
- graylog_allow_leading_wildcard_searches
- graylog_async_eventbus_processors
- graylog_command_wrapper
- graylog_default_plugins
- graylog_elasticsearch_hosts
- graylog_enable_enterprise
- graylog_enterprise_legacy
- graylog_enterprise_packages
- graylog_extra_config
- graylog_extra_plugins
- graylog_group
- graylog_http_bind_address
- graylog_http_enable_cors
- graylog_http_enable_gzip
- graylog_http_max_header_size
- graylog_http_publish_uri
- graylog_http_thread_pool_size
- graylog_initial_heap_space
- graylog_inputbuffer_processors
- graylog_inputbuffer_ring_size
- graylog_inputbuffer_wait_strategy
- graylog_is_master
- graylog_logs_path
- graylog_maximum_heap_space
- graylog_message_journal_enabled
- graylog_message_journal_flush_age
- graylog_message_journal_flush_interval
- graylog_message_journal_max_age
- graylog_message_journal_max_size
- graylog_message_journal_segment_age
- graylog_message_journal_segment_size
- graylog_minor_version
- graylog_mongodb_uri
- graylog_mongodb_uris
- graylog_node_id
- graylog_oauth2_allowed_groups
- graylog_oauth2_client_id
- graylog_oauth2_client_secret
- graylog_oauth2_cookie_secret
- graylog_oauth2_download
- graylog_oauth2_enabled
- graylog_oauth2_keycloak_url
- graylog_oauth2_listen_address
- graylog_oauth2_provider
- graylog_oauth2_static_groups
- graylog_oauth2_static_users
- graylog_oauth2_upstream
- graylog_oauth2_version
- graylog_openjdk_version
- graylog_output_batch_size
- graylog_output_fault_count_threshold
- graylog_output_fault_penalty_seconds
- graylog_output_flush_interval
- graylog_outputbuffer_processors
- graylog_password_secret
- graylog_processbuffer_processors
- graylog_processor_wait_strategy
- graylog_ring_size
- graylog_root_email
- graylog_root_password
- graylog_root_timezone
- graylog_root_username
- graylog_server_args
- graylog_server_version
- graylog_standard_legacy
- graylog_standard_packages
- graylog_storage_path
- graylog_transport_email_auth_password
- graylog_transport_email_auth_username
- graylog_transport_email_enabled
- graylog_transport_email_from_email
- graylog_transport_email_hostname
- graylog_transport_email_port
- graylog_transport_email_subject_prefix
- graylog_transport_email_use_auth
- graylog_transport_email_use_ssl
- graylog_transport_email_use_tls
- graylog_transport_email_web_interface_url
- graylog_trusted_proxies
- graylog_user
- http_external_uri
- Discovered Tags
- Dependencies
- License
- Author
- Minimum Ansible version:
2.10
Allow searches to be highlighted
graylog_allow_highlighting: true
Allow searches with leading wildcards
graylog_allow_leading_wildcard_searches: true
Number of threads used exclusively for dispatching internal events
graylog_async_eventbus_processors: 2
Program that will be used to wrap the graylog-server command
graylog_command_wrapper:
List of default plugins to install
graylog_default_plugins:
- name: metrics-reporter-prometheus
url:
https://github.com/graylog-labs/graylog-plugin-metrics-reporter/releases/download/3.0.0/metrics-reporter-prometheus-3.0.0.deb
type: deb
state: present
graylog_default_plugins:
- name: graylog-plugin1
url: https://example.com/graylog-plugin1.jar
type: jar
- name: graylog-plugin2
url: https://example.com/graylog-plugin2.jar
type: jar
state: absent
- name: graylog-plugin3
url: https://example.com/graylog-plugin3-1.0.0.deb
type: deb
state: present
- name: graylog-plugin4
url: https://example.com/graylog-plugin4-1.3.3.deb
type: deb
state: absent
List of Elasticsearch hosts Graylog should connect to
graylog_elasticsearch_hosts:
- http://127.0.0.1:9200
Enable the installation of enterprise plugins
graylog_enable_enterprise: false
Package list for enterprise Graylog server prior v5
graylog_enterprise_legacy:
- graylog-enterprise-integrations-plugins={{ graylog_server_version }}*
- graylog-enterprise-plugins={{ graylog_server_version }}*
Package list for enterprise Graylog server
graylog_enterprise_packages:
- graylog-enterprise={{ graylog_server_version }}*
Free text for of additional config appended to server config
graylog_extra_config:
List of extra plugins to install
graylog_extra_plugins: []
graylog_extra_plugins:
- name: graylog-plugin1
url: https://example.com/graylog-plugin1.jar
type: jar
- name: graylog-plugin2
url: https://example.com/graylog-plugin2.jar
type: jar
state: absent
- name: graylog-plugin3
url: https://example.com/graylog-plugin3-1.0.0.deb
type: deb
state: present
- name: graylog-plugin4
url: https://example.com/graylog-plugin4-1.3.3.deb
type: deb
state: absent
Name of the group owning Elasticsearch
graylog_group: graylog
Network interface used by the Graylog HTTP interface
graylog_http_bind_address: 0.0.0.0:9000
Enable CORS headers for HTTP interface
graylog_http_enable_cors: true
Enable GZIP support for HTTP interface
graylog_http_enable_gzip: true
Maximum size of the HTTP request headers in bytes
graylog_http_max_header_size: 8192
Public URI of Graylog which will be used by the Graylog web interface
graylog_http_publish_uri: http://{{ ansible_default_ipv4.address }}:9000/
Size of the thread pool used exclusively for serving the HTTP interface
graylog_http_thread_pool_size: 16
Represents the initial size of total heap space
graylog_initial_heap_space: 1g
Number of parallel running input buffer processors
graylog_inputbuffer_processors: 2
Input buffer ring size
graylog_inputbuffer_ring_size: 65536
Input buffer wait strategy
graylog_inputbuffer_wait_strategy: blocking
Define if this server acts as a Graylog master node
graylog_is_master: true
Path to the logs directory
graylog_logs_path: /var/log/graylog-server
Represents the maximum size of total heap space
graylog_maximum_heap_space: 1g
Enable the disk based message journal
graylog_message_journal_enabled: true
General flush age for journal messages
graylog_message_journal_flush_age: 1m
Journal flush interval
graylog_message_journal_flush_interval: 1000000
Max age of journal messages before written to elasticsearch
graylog_message_journal_max_age: 12h
Max size of journal messages before written to elasticsearch
graylog_message_journal_max_size: 5gb
Journal segment age
graylog_message_journal_segment_age: 1h
Journal segment size
graylog_message_journal_segment_size: 100m
Minor version used for repo selection
graylog_minor_version: "{{ graylog_server_version.split('.')[0] }}.{{ graylog_server_version.split('.')[1]
}}"
graylog_mongodb_uri: mongodb://localhost:27017/graylog
MongoDB connection string
Node ID for the Graylog server instance
graylog_node_id: '{{ ansible_hostname | to_uuid }}'
List of groups to allow access
graylog_oauth2_allowed_groups: []
graylog_oauth2_allowed_groups:
- /Group1
- /Group2
- /Group3
Client ID for OAuth2 authentication
graylog_oauth2_client_id:
Client secret for OAuth2 authentication
graylog_oauth2_client_secret:
Cookie secret used by OAuth2 proxy
graylog_oauth2_cookie_secret:
graylog_oauth2_download: https://github.com/oauth2-proxy/oauth2-proxy/releases/download/v{{
graylog_oauth2_version }}/oauth2-proxy-v{{ graylog_oauth2_version }}.linux-amd64.tar.gz
URL of the OAuth2 Proxy to download
graylog_oauth2_enabled: false
URL of the Keycloak realm
graylog_oauth2_keycloak_url:
Listem address for the OAuth2 proxy
graylog_oauth2_listen_address: 0.0.0.0:9001
Provider for OAuth2 authentication
graylog_oauth2_provider: keycloak
List of groups assigned to static users
graylog_oauth2_static_groups: []
List of users to allow access
graylog_oauth2_static_users: []
graylog_oauth2_static_users:
- username: username1
password: p455w0rd
- username: username2
password: p455w0rd
- username: username3
password: p455w0rd
Upstream target for the OAuth2 proxy
graylog_oauth2_upstream: http://{{ graylog_http_bind_address }}
Version of the OAuth2 Proxy to download
graylog_oauth2_version: 7.8.1
Version OpenJDK to install
graylog_openjdk_version: 11
Batch size for the Elasticsearch output
graylog_output_batch_size: 500
Output fault count threshold
graylog_output_fault_count_threshold: 5
Output fault penalty seconds
graylog_output_fault_penalty_seconds: 30
Flush interval (in seconds) for the Elasticsearch output
graylog_output_flush_interval: 1
Number of parallel running output buffer processors
graylog_outputbuffer_processors: 3
Secret used to encrypt values and sessions, generate it with "pwgen -N 1 -s 96"
graylog_password_secret:
Number of parallel running process buffer processors
graylog_processbuffer_processors: 5
Wait strategy describing how buffer processors wait on a cursor sequence
graylog_processor_wait_strategy: blocking
Size of internal ring buffers
graylog_ring_size: 65536
Email for the general admin user
graylog_root_email:
Password for the general admin user, got to be sha256 hash
graylog_root_password: 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
Timezone for the general admin user
graylog_root_timezone: UTC
Username for the general admin user
graylog_root_username: admin
Pass some extra args to graylog-server command
graylog_server_args:
Version of Graylog that gets installed
graylog_server_version: 6.1.5
Package list for regular Graylog server prior v5
graylog_standard_legacy:
- graylog-server={{ graylog_server_version }}*
- graylog-integrations-plugins={{ graylog_server_version }}*
Package list for regular Graylog server
graylog_standard_packages:
- graylog-server={{ graylog_server_version }}*
Path to the storage directory
graylog_storage_path: /var/lib/graylog-server
Password for email transport
graylog_transport_email_auth_password:
Username for email transport
graylog_transport_email_auth_username:
Enable email transport
graylog_transport_email_enabled: false
Sender address used for email transport
graylog_transport_email_from_email: [email protected]
Hostname for email transport
graylog_transport_email_hostname: mail.example.com
Port for email transport
graylog_transport_email_port: 587
Subject prefix used for email transport
graylog_transport_email_subject_prefix: '[graylog]'
Use authentication for email transport
graylog_transport_email_use_auth: true
Use SSL (SMTPS) for email transport
graylog_transport_email_use_ssl: false
Use STARTTLS for email transport
graylog_transport_email_use_tls: true
URL used within emails to access the streams
graylog_transport_email_web_interface_url: '{{ http_external_uri }}'
List of trusted proxy IPs or networks
graylog_trusted_proxies: []
Name of the user owning Elasticsearch
graylog_user: graylog
http_external_uri:
http_external_uri: https://graylog.example.com
graylog
oauth2
Apache-2.0