Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ansibleguy/sw_graylog
Ansible Role to provision dockerized Graylog-Server
https://github.com/ansibleguy/sw_graylog
ansible ansible-role graylog-server graylog2 iac infrastructure-as-code log-analysis logging security
Last synced: 11 days ago
JSON representation
Ansible Role to provision dockerized Graylog-Server
- Host: GitHub
- URL: https://github.com/ansibleguy/sw_graylog
- Owner: ansibleguy
- License: other
- Created: 2024-05-14T14:31:49.000Z (9 months ago)
- Default Branch: latest
- Last Pushed: 2024-10-23T20:16:59.000Z (3 months ago)
- Last Synced: 2024-10-24T07:48:23.707Z (3 months ago)
- Topics: ansible, ansible-role, graylog-server, graylog2, iac, infrastructure-as-code, log-analysis, logging, security
- Language: Jinja
- Homepage:
- Size: 73.2 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE.txt
Awesome Lists containing this project
README
# Ansible Role - Graylog-Server dockerized
Role to deploy dockerized Graylog-Server on a linux server
[](https://github.com/ansibleguy/_meta_cicd/blob/latest/templates/usr/local/bin/cicd/molecule.sh.j2)
[](https://github.com/ansibleguy/_meta_cicd/blob/latest/templates/usr/local/bin/cicd/yamllint.sh.j2)
[](https://github.com/ansibleguy/_meta_cicd/blob/latest/templates/usr/local/bin/cicd/pylint.sh.j2)
[](https://github.com/ansibleguy/_meta_cicd/blob/latest/templates/usr/local/bin/cicd/ansiblelint.sh.j2)
[](https://galaxy.ansible.com/ui/standalone/roles/ansibleguy/sw_graylog)
Molecule Logs: [Short](https://badges.ansibleguy.net/log/molecule_sw_graylog_test_short.log), [Full](https://badges.ansibleguy.net/log/molecule_sw_graylog_test.log)
**Tested:**
* Debian 12
----
## Install
```bash
# latest
ansible-galaxy role install git+https://github.com/ansibleguy/sw_graylog
# from galaxy
ansible-galaxy install ansibleguy.sw_graylog
# or to custom role-path
ansible-galaxy install ansibleguy.sw_graylog --roles-path ./roles
# install dependencies
ansible-galaxy install -r requirements.yml
```
----
## Advertisement
* Need **professional support** using Ansible or Graylog? Contact us:
E-Mail: [[email protected]](mailto:[email protected])
Tel: [+43 3115 40 900 0](tel:+433115409000)
Web: [EN](https://www.o-x-l.com) | [DE](https://www.oxl.at)
Language: German or English
* You want a simple **Ansible GUI**?
Check-out this [Ansible WebUI](https://github.com/ansibleguy/webui)
----
## Roadmap
* GeoIP download and mapping for [easy integration](https://graylog.org/post/how-to-set-up-graylog-geoip-configuration/)
----
## Usage
### Config
Minimal example:
```yaml
graylog:
domain: 'log.template.ansibleguy.net'
secret: !vault |
...
pwd:
graylog: !vault | # admin
...
opensearch: !vault | # admin
...
```
Update as needed:
```yaml
graylog:
domain: 'log.template.ansibleguy.net'
aliases: ['syslog.template.ansibleguy.net']
secret: !vault |
...
pwd:
graylog: !vault | # admin
...
opensearch: !vault | # admin
...
manage:
webserver: true # you could disable the role-managed nginx if you want to self-manage it
docker_nftables: true # self-manage firewall; clear docker auto-created rules
settings: # graylog config file settings; see: https://github.com/Graylog2/graylog2-server/blob/6.0.0/misc/graylog.conf
inputbuffer_processors: 5
processbuffer_processors: 5
outputbuffer_processors: 3
opensearch:
ram: '10g'
backup: # WARNING: high disk usage
enable: true
retention_days: 14
auto_update: # auto update containers to latest minor release
enable: true
```
You might want to use 'ansible-vault' to encrypt your passwords:
```bash
ansible-vault encrypt_string
```
### Execution
Run the playbook:
```bash
ansible-playbook -K -D -i inventory/hosts.yml playbook.yml
```
There are also some useful **tags** available:
* config
* install
* docker
* webserver
* backup
To debug errors - you can set the 'debug' variable at runtime:
```bash
ansible-playbook -K -D -i inventory/hosts.yml playbook.yml -e debug=yes
```
----
## Functionality
* **Package installation**
* Ansible dependencies (_minimal_)
* Docker server and client
* Nginx if webserver is managed
* **Configuration**
* **Default config**:
* Syslog Listeners on 5140 (TCP/UDP)
* GELF Listeners on 12201 (TCP/UDP)
* 4GB of RAM for OpenSearch
* [Disk watermark for OpenSearch](https://opensearch.org/docs/2.2/api-reference/cluster-api/cluster-settings/) set to 99%
* 1GB max size of message journal cache
* **Default opt-ins**:
* Auto-Update Job
* Managing Webserver => see: [THIS Role](https://github.com/ansibleguy/infra_nginx)
* **Default opt-outs**:
* Backup Job (*high storage usage*)
## Info
* **Note:** For more background-info - see: [OXL - Graylog Logserver](https://github.com/O-X-L/logserver-graylog)
* **Note:** this role currently only supports debian-based systems
* **Note:** Most of the role's functionality can be opted in or out.
For all available options - see the default-config located in [the main defaults-file](https://github.com/ansibleguy/sw_graylog/blob/latest/defaults/main/1_main.yml)!
* **Warning:** Not every setting/variable you provide will be checked for validity. Bad config might break the role!
* **Note:** The Graylog `secret` has to be at least 16 characters long!
* **Note:** The OpenSearch admin password has to meet some complexity criteria:
* minimum length of 8 characters
* at least one lowercase character
* at least one uppercase character
* at least one digit
* at least one special character
* **Tip**: You can use the Bash-Alias `log-pki` to create and revoke client-certificates.
**Create**: `log-pki build-client-full nopass`
Find it in: `/var/local/lib/log-pki/issued` and `/var/local/lib/log-pki/private`
**Revoke**: `log-pki revoke `
* **Note**: You can enable TLS for your Log-Inputs using the auto-generated server-certificate: (*path inside the container*)
CA: `/usr/share/graylog/data/ssl/ca.crt`
Public: `/usr/share/graylog/data/ssl/logserver.crt`
Private: `/usr/share/graylog/data/ssl/logserver.key`