Ansible Role - Graylog-Server dockerized

Role to deploy dockerized Graylog-Server on a linux server

Molecule Logs: Short, Full

Tested:

• Debian 12

---

Install

# latest
ansible-galaxy role install git+https://github.com/ansibleguy/sw_graylog

# from galaxy
ansible-galaxy install ansibleguy.sw_graylog

# or to custom role-path
ansible-galaxy install ansibleguy.sw_graylog --roles-path ./roles

# install dependencies
ansible-galaxy install -r requirements.yml

---

Roadmap

• GeoIP download and mapping for easy integration

---

Usage

Config

Minimal example:

graylog:
  domain: 'log.template.ansibleguy.net'
  secret: !vault |
    ...
  pwd:
    graylog: !vault |  # admin
      ...
    opensearch: !vault |  # admin
      ...

Update as needed:

graylog:
  domain: 'log.template.ansibleguy.net'
  aliases: ['syslog.template.ansibleguy.net']
  secret: !vault |
    ...
  pwd:
    graylog: !vault |  # admin
      ...
    opensearch: !vault |  # admin
      ...  

  manage:
    webserver: true  # you could disable the role-managed nginx if you want to self-manage it

  docker_nftables: true  # self-manage firewall; clear docker auto-created rules
  
  settings:  # graylog config file settings; see: https://github.com/Graylog2/graylog2-server/blob/6.0.0/misc/graylog.conf
    inputbuffer_processors: 5
    processbuffer_processors: 5
    outputbuffer_processors: 3

  opensearch:
    ram: '10g'

  backup:  # WARNING: high disk usage
    enable: true
    retention_days: 14

  auto_update:  # auto update containers to latest minor release
    enable: true

You might want to use 'ansible-vault' to encrypt your passwords:

ansible-vault encrypt_string

Execution

Run the playbook:

ansible-playbook -K -D -i inventory/hosts.yml playbook.yml

There are also some useful tags available:

• config
• install
• docker
• webserver
• backup

To debug errors - you can set the 'debug' variable at runtime:

ansible-playbook -K -D -i inventory/hosts.yml playbook.yml -e debug=yes

---

Functionality

• Package installation

  • Ansible dependencies (minimal)
  • Docker server and client
  • Nginx if webserver is managed

• Configuration

  • Default config:

    • Syslog Listeners on 5140 (TCP/UDP)
    • GELF Listeners on 12201 (TCP/UDP)
    • 4GB of RAM for OpenSearch
    • Disk watermark for OpenSearch set to 99%
    • 1GB max size of message journal cache

  • Default opt-ins:

    • Auto-Update Job
    • Managing Webserver => see: THIS Role

  • Default opt-outs:

    • Backup Job (high storage usage)

Info

• Note: this role currently only supports debian-based systems

• Note: Most of the role's functionality can be opted in or out.

  For all available options - see the default-config located in the main defaults-file!

• Warning: Not every setting/variable you provide will be checked for validity. Bad config might break the role!

• Note: The Graylog secret has to be at least 16 characters long!

• Note: The OpenSearch admin password has to meet some complexity criteria:

  • minimum length of 8 characters
  • at least one lowercase character
  • at least one uppercase character
  • at least one digit
  • at least one special character