Ansible role to install and configure a Graylog centralized logging server.
Building and improving this Ansible role have been sponsored by my current and previous employers like Cloudpunks GmbH and Proact Deutschland GmbH.
- Requirements
- Default Variables
- graylog_allow_highlighting
- graylog_allow_leading_wildcard_searches
- graylog_async_eventbus_processors
- graylog_command_wrapper
- graylog_default_plugins
- graylog_elasticsearch_hosts
- graylog_enable_enterprise
- graylog_enterprise_packages
- graylog_extra_config
- graylog_extra_plugins
- graylog_group
- graylog_http_bind_address
- graylog_http_enable_cors
- graylog_http_enable_gzip
- graylog_http_max_header_size
- graylog_http_publish_uri
- graylog_http_thread_pool_size
- graylog_initial_heap_space
- graylog_inputbuffer_processors
- graylog_inputbuffer_ring_size
- graylog_inputbuffer_wait_strategy
- graylog_is_master
- graylog_java_opts
- graylog_logs_path
- graylog_maximum_heap_space
- graylog_message_journal_enabled
- graylog_message_journal_flush_age
- graylog_message_journal_flush_interval
- graylog_message_journal_max_age
- graylog_message_journal_max_size
- graylog_message_journal_segment_age
- graylog_message_journal_segment_size
- graylog_minor_version
- graylog_mongodb_uri
- graylog_mongodb_uris
- graylog_node_id
- graylog_oauth2_allowed_groups
- graylog_oauth2_arch
- graylog_oauth2_client_id
- graylog_oauth2_client_secret
- graylog_oauth2_cookie_secret
- graylog_oauth2_download
- graylog_oauth2_enabled
- graylog_oauth2_keycloak_url
- graylog_oauth2_listen_address
- graylog_oauth2_provider
- graylog_oauth2_static_groups
- graylog_oauth2_static_users
- graylog_oauth2_upstream
- graylog_oauth2_version
- graylog_openjdk_version
- graylog_output_batch_size
- graylog_output_fault_count_threshold
- graylog_output_fault_penalty_seconds
- graylog_output_flush_interval
- graylog_outputbuffer_processors
- graylog_password_secret
- graylog_processbuffer_processors
- graylog_processor_wait_strategy
- graylog_ring_size
- graylog_root_email
- graylog_root_password
- graylog_root_timezone
- graylog_root_username
- graylog_server_args
- graylog_server_version
- graylog_standard_packages
- graylog_storage_path
- graylog_transport_email_auth_password
- graylog_transport_email_auth_username
- graylog_transport_email_enabled
- graylog_transport_email_from_email
- graylog_transport_email_hostname
- graylog_transport_email_port
- graylog_transport_email_subject_prefix
- graylog_transport_email_use_auth
- graylog_transport_email_use_ssl
- graylog_transport_email_use_tls
- graylog_transport_email_web_interface_url
- graylog_trusted_proxies
- graylog_user
- http_external_uri
- Discovered Tags
- Dependencies
- License
- Author
- Minimum Ansible version:
2.10
Allow searches to be highlighted
graylog_allow_highlighting: trueAllow searches with leading wildcards
graylog_allow_leading_wildcard_searches: trueNumber of threads used exclusively for dispatching internal events
graylog_async_eventbus_processors: 2Program that will be used to wrap the graylog-server command
graylog_command_wrapper:List of default plugins to install
graylog_default_plugins: []graylog_default_plugins:
- name: graylog-plugin1
url: https://example.com/graylog-plugin1.jar
type: jar
- name: graylog-plugin2
url: https://example.com/graylog-plugin2.jar
type: jar
state: absent
- name: graylog-plugin3
url: https://example.com/graylog-plugin3-1.0.0.deb
type: deb
state: present
- name: graylog-plugin4
url: https://example.com/graylog-plugin4-1.3.3.deb
type: deb
state: absentList of Elasticsearch hosts Graylog should connect to
graylog_elasticsearch_hosts:
- http://localhost:9200Enable the installation of enterprise plugins
graylog_enable_enterprise: falsePackage list for enterprise Graylog server
graylog_enterprise_packages:
- graylog-enterprise={{ graylog_server_version }}*
- "{{ 'graylog-enterprise-integrations-plugins=' + graylog_server_version + '*' if graylog_server_version is version('5.0.0', '<') else omit }}"
- "{{ 'graylog-enterprise-plugins=' + graylog_server_version + '*' if graylog_server_version is version('5.0.0', '<') else omit }}"Free text for of additional config appended to server config
graylog_extra_config:List of extra plugins to install
graylog_extra_plugins: []graylog_extra_plugins:
- name: graylog-plugin1
url: https://example.com/graylog-plugin1.jar
type: jar
- name: graylog-plugin2
url: https://example.com/graylog-plugin2.jar
type: jar
state: absent
- name: graylog-plugin3
url: https://example.com/graylog-plugin3-1.0.0.deb
type: deb
state: present
- name: graylog-plugin4
url: https://example.com/graylog-plugin4-1.3.3.deb
type: deb
state: absentName of the group owning Elasticsearch
graylog_group: graylogNetwork interface used by the Graylog HTTP interface
graylog_http_bind_address: 0.0.0.0:9000Enable CORS headers for HTTP interface
graylog_http_enable_cors: trueEnable GZIP support for HTTP interface
graylog_http_enable_gzip: trueMaximum size of the HTTP request headers in bytes
graylog_http_max_header_size: 8192Public URI of Graylog which will be used by the Graylog web interface
graylog_http_publish_uri: http://{{ ansible_default_ipv4.address }}:9000/Size of the thread pool used exclusively for serving the HTTP interface
graylog_http_thread_pool_size: 16Represents the initial size of total heap space
graylog_initial_heap_space: 1gNumber of parallel running input buffer processors
graylog_inputbuffer_processors: 2Input buffer ring size
graylog_inputbuffer_ring_size: 65536Input buffer wait strategy
graylog_inputbuffer_wait_strategy: blockingDefine if this server acts as a Graylog master node
graylog_is_master: trueJava options used by Graylog service
graylog_java_opts: -server -XX:+UseG1GC -XX:-OmitStackTraceInFastThrow -Djdk.tls.acknowledgeCloseNotify=true -Dlog4j2.formatMsgNoLookups=truePath to the logs directory
graylog_logs_path: /var/log/graylog-serverRepresents the maximum size of total heap space
graylog_maximum_heap_space: 1gEnable the disk based message journal
graylog_message_journal_enabled: trueGeneral flush age for journal messages
graylog_message_journal_flush_age: 1mJournal flush interval
graylog_message_journal_flush_interval: 1000000Max age of journal messages before written to elasticsearch
graylog_message_journal_max_age: 12hMax size of journal messages before written to elasticsearch
graylog_message_journal_max_size: 5gbJournal segment age
graylog_message_journal_segment_age: 1hJournal segment size
graylog_message_journal_segment_size: 100mMinor version used for repo selection
graylog_minor_version: "{{ graylog_server_version.split('.')[0] }}.{{ graylog_server_version.split('.')[1] }}"graylog_mongodb_uri: mongodb://localhost:27017/graylogMongoDB connection string
Node ID for the Graylog server instance
graylog_node_id: '{{ ansible_hostname | to_uuid }}'List of groups to allow access
graylog_oauth2_allowed_groups: []graylog_oauth2_allowed_groups:
- /Group1
- /Group2
- /Group3Target system architecture of the binary
graylog_oauth2_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' or ansible_architecture == 'arm64' else 'amd64' }}"Client ID for OAuth2 authentication
graylog_oauth2_client_id:Client secret for OAuth2 authentication
graylog_oauth2_client_secret:Cookie secret used by OAuth2 proxy
graylog_oauth2_cookie_secret:graylog_oauth2_download: https://github.com/oauth2-proxy/oauth2-proxy/releases/download/v{{ graylog_oauth2_version }}/oauth2-proxy-v{{ graylog_oauth2_version }}.linux-{{ graylog_oauth2_arch }}.tar.gzURL of the OAuth2 Proxy to download
graylog_oauth2_enabled: falseURL of the Keycloak realm
graylog_oauth2_keycloak_url:Listem address for the OAuth2 proxy
graylog_oauth2_listen_address: 0.0.0.0:9001Provider for OAuth2 authentication
graylog_oauth2_provider: keycloakList of groups assigned to static users
graylog_oauth2_static_groups: []List of users to allow access
graylog_oauth2_static_users: []graylog_oauth2_static_users:
- username: username1
password: p455w0rd
- username: username2
password: p455w0rd
- username: username3
password: p455w0rdUpstream target for the OAuth2 proxy
graylog_oauth2_upstream: http://{{ graylog_http_bind_address }}Version of the OAuth2 Proxy to download
graylog_oauth2_version: 7.15.2Version OpenJDK to install
graylog_openjdk_version: 21Batch size for the Elasticsearch output
graylog_output_batch_size: 500Output fault count threshold
graylog_output_fault_count_threshold: 5Output fault penalty seconds
graylog_output_fault_penalty_seconds: 30Flush interval (in seconds) for the Elasticsearch output
graylog_output_flush_interval: 1Number of parallel running output buffer processors
graylog_outputbuffer_processors: 3Secret used to encrypt values and sessions, generate it with "pwgen -N 1 -s 96"
graylog_password_secret:Number of parallel running process buffer processors
graylog_processbuffer_processors: 5Wait strategy describing how buffer processors wait on a cursor sequence
graylog_processor_wait_strategy: blockingSize of internal ring buffers
graylog_ring_size: 65536Email for the general admin user
graylog_root_email:Password for the general admin user, got to be sha256 hash
graylog_root_password: 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918Timezone for the general admin user
graylog_root_timezone: UTCUsername for the general admin user
graylog_root_username: adminPass some extra args to graylog-server command
graylog_server_args:Version of Graylog that gets installed
graylog_server_version: 7.1.3Package list for regular Graylog server
graylog_standard_packages:
- graylog-server={{ graylog_server_version }}*
- "{{ 'graylog-integrations-plugins=' + graylog_server_version + '*' if graylog_server_version is version('5.0.0', '<') else omit }}"Path to the storage directory
graylog_storage_path: /var/lib/graylog-serverPassword for email transport
graylog_transport_email_auth_password:Username for email transport
graylog_transport_email_auth_username:Enable email transport
graylog_transport_email_enabled: falseSender address used for email transport
graylog_transport_email_from_email: graylog@example.comHostname for email transport
graylog_transport_email_hostname: mail.example.comPort for email transport
graylog_transport_email_port: 587Subject prefix used for email transport
graylog_transport_email_subject_prefix: '[graylog]'Use authentication for email transport
graylog_transport_email_use_auth: trueUse SSL (SMTPS) for email transport
graylog_transport_email_use_ssl: falseUse STARTTLS for email transport
graylog_transport_email_use_tls: trueURL used within emails to access the streams
graylog_transport_email_web_interface_url: http://{{ ansible_default_ipv4.address }}:9000/List of trusted proxy IPs or networks
graylog_trusted_proxies: []Name of the user owning Elasticsearch
graylog_user: grayloghttp_external_uri: http://{{ ansible_default_ipv4.address }}:9000/http_external_uri: https://graylog.example.comgraylog
oauth2
Apache-2.0