This cookbook sets up Graylog, version >= 0.20.x (not the old rails graylog).
Including the following support services:
- Elasticsearch
- MongoDB
To quickly setup a working Graylog installation on a single node, do the following:
- Setup application secrets
This is required, as it would leave your Graylog installation insecure. Therefore the cookbook will fail with an error message if you do not set them!
# Set this to a random string, generated e.g. with "pwgen 96"
node['graylog']['server']['server.conf']['password_secret'] = 'CHANGE ME!'
# Generate with "echo -n yourpassword | shasum -a 256"
node['graylog']['server']['server.conf']['root_password_sha2'] = '...'
# This also should be a random string, generated e.g. with "pwgen 96"
node['graylog']['web_interface']['web.conf']['application.secret'] = 'CHANGE ME!'- Add default recipe to your run_list
{
"run_list": [
"recipe[graylog::default]"
]
}Currently tested on Ubuntu-14.04 LTS.
- Chef
>= 0.11 - MongoDB cookbook
- Apt cookbook
Please do not expose the Graylog service directly in production. Instead, you should use a reverse proxy (e.g. nginx). This also adds the capability to use SSL to secure your logins.
You can easily setup nginx using the official nginx cookbook. Here's an example nginx site configuration you can use:
# Upstream to Graylog frontend
proxy_next_upstream error timeout;
upstream graylog_web_interface {
server localhost:9000 fail_timeout=0;
}
# Redirect everything to https
server {
listen 80;
return 301 https://graylog.example.com$request_uri;
}
server {
listen 443 ssl;
# SSL certificate
ssl_certificate /etc/nginx/certs/graylog.example.com.crt;
ssl_certificate_key /etc/nginx/certs/graylog.example.com.key;
location / {
root /usr/share/nginx/html;
proxy_pass_header Date;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host:$server_port;
proxy_redirect off;
proxy_set_header X_FORWARDED_PROTO $scheme;
chunked_transfer_encoding off;
proxy_pass http://graylog_web_interface;
}
}
Global attribute:
# Graylog version to use (must be available via the official repositories)
node['graylog']['version'] = '1.3'Attributes to configure Graylog.
The password_secret and root_password_sha2 attributes NEED to be changed!
# You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
# Generate one by using for example: pwgen -s 96
node['graylog']['server']['server.conf']['password_secret'] = 'CHANGE ME!'
# the default root user is named 'admin'
# You MUST specify a hash password for the root user (which you only need to initially set up the
# system and in case you lose connectivity to your authentication backend)
# This password cannot be changed using the API or via the web interface.
# Create one by using for example: "echo -n yourpassword | shasum -a 256"
#
# For testing purposes (only!) you can use the password "insecure" with the following hash
node['graylog']['server']['server.conf']['root_password_sha2'] = '1d92dae504a70fbcae6d3721a55d7eacaf94d3133ea5f0394b7d203d64841110'This recipe disables multicast to learn about Elasticsearch. This is recommended for production.
# The default unicast host used and configured by this recipe is automatically retrieved from the Elasticsearch attributes
# (See below, node['graylog']['elasticsearch']['host'] and node['graylog']['elasticsearch']['port'])
node['graylog']['server']['server.conf']['elasticsearch_discovery_zen_ping_multicast_enabled'] = false
node['graylog']['server']['server.conf']['elasticsearch_discovery_zen_ping_unicast_hosts'] = '127.0.0.1:1234'The cookbook accepts every possible configuration option supported by server.conf
node['graylog']['server']['server.conf']['key'] = 'value'Configure application secret. You NEED to change this, otherwise your installation will be insecure!
# If you deploy your application to several instances be sure to use the same key!
# Generate for example with: pwgen -s 96
node['graylog']['web_interface']['web.conf']['application.secret'] = 'CHANGE ME!'
Configure timezone
node['graylog']['web_interface']['web.conf']['timezone'] = 'Europe/Berlin'The cookbook accepts every possible configuration option supported by web.conf:
node['graylog']['web_interface']['web.conf']['key'] = 'value'The elasticsearch recipe installs Elasticsearch using the official PPA repository.
You can finetune the installation here, although the defaults should "just work".
The settings below are the defaults
# Elasticsearch version to use. Currently 0.90.x and 1.0.x versions are available
# See: http://www.elasticsearch.org/blog/apt-and-yum-repositories/
node['graylog']['elasticsearch']['version'] = '0.90'
# Assign half of the systems memory to elasticsearch heap (recommended setting)
# See: http://support.torch.sh/help/kb/graylog2-server/configuring-and-tuning-elasticsearch-for-graylog2-v0200
node['graylog']['elasticsearch']['heap_size'] = "#{(node['memory']['total'].to_i / 1024 / 2).to_i}m"
node['graylog']['elasticsearch']['cluster_name'] = 'graylog2'
# Elasticsearch ip:port to use
node['graylog']['elasticsearch']['host'] = '127.0.0.1'
node['graylog']['elasticsearch']['port'] = 9300The default recipe installs MongoDB, using the MongoDB cookbook.
As MongoDB is only used to store small amounts of data, it's usually sufficient to use a small data partition. Therefore, smallfile is enabled by default. You can override the setting if needed, like so
node['mongodb']['config']['smallfiles'] = falseInstalls and configures Elasticsearch, MongoDB, Graylog server and The Graylog web-interface.
Installs Elasticsearch from the official PPA, and configures it for Graylog use.
Installs and configures Graylog server.
Installs and configures Graylog web-interface.
- Fork the repository on Github
- Create a named feature branch (i.e.
add-new-recipe) - Write your change
- Write tests for your change (if applicable)
- Run the tests, ensuring they all pass
- Submit a Pull Request
Author:: Chris Aumann ([email protected])