diff --git a/roles/graylog/defaults/main.yml b/roles/graylog/defaults/main.yml index 8874365..2c7a07c 100644 --- a/roles/graylog/defaults/main.yml +++ b/roles/graylog/defaults/main.yml @@ -1,38 +1,25 @@ --- -graylog_version: 3.3.8 +graylog_version: 4.0.1 graylog_archive_url: https://downloads.graylog.org/releases/graylog/graylog-{{ graylog_version }}.tgz -graylog_archive_sha1: 6e2d790251d2fd6483682b9be739752e6825e1fa +graylog_archive_sha1: 29ea1884cf67267692abab1d61600e41e3903570 graylog_root_dir: /opt/graylog graylog_manage_upgrade: True graylog_is_master: True # Additional libs to download -graylog_libs: - log4j-systemd-journal-appender: - version: 2.4.0 - sha1: a23b5c723712bfcf41cc3d962ea383c14b1a4532 - url: https://repo1.maven.org/maven2/de/bwaldvogel/log4j-systemd-journal-appender/2.4.0/log4j-systemd-journal-appender-2.4.0.jar - -graylog_plugins: - auth-sso: - version: 3.3.0 - sha1: 300e41632ea2495f9735c82ad1237a97c015044d - url: https://github.com/Graylog2/graylog-plugin-auth-sso/releases/download/3.3.0/graylog-plugin-auth-sso-3.3.0.jar - dnsresolver: - version: 1.2.0 - sha1: b470bd4b39a22574527e01a943a601c10cc2520b - url: https://github.com/graylog-labs/graylog-plugin-dnsresolver/releases/download/1.2.0/graylog-plugin-dnsresolver-1.2.0.jar +graylog_libs: {} + +graylog_plugins: [] # Plugins bundled, which should not be removed graylog_plugins_core: - aws - collector - threatintel -graylog_plugins_to_install: - - auth-sso - +graylog_plugins_to_install: [] + # A random one will be created is not defined # graylog_pass_secret: # graylog_admin_pass: @@ -72,3 +59,6 @@ graylog_tls_versions: # Mem to allocate to the JVM (Xmx / Xms) graylog_jvm_mem: 2g + +# Version of the Elasticsearch server +# graylog_es_version: 6 diff --git a/roles/graylog/meta/main.yml b/roles/graylog/meta/main.yml index 3d532b1..09b0f1d 100644 --- a/roles/graylog/meta/main.yml +++ b/roles/graylog/meta/main.yml @@ -1,5 +1,6 @@ --- dependencies: + - role: mkdir - role: repo_mongodb - role: geoipupdate diff --git a/roles/graylog/tasks/directories.yml b/roles/graylog/tasks/directories.yml index 4c5a37b..8734f12 100644 --- a/roles/graylog/tasks/directories.yml +++ b/roles/graylog/tasks/directories.yml @@ -30,4 +30,8 @@ - dir: archives mode: 700 - dir: tmp + - dir: logs + owner: graylog + group: graylog + mode: 700 tags: graylog diff --git a/roles/graylog/tasks/filebeat.yml b/roles/graylog/tasks/filebeat.yml new file mode 100644 index 0000000..c1c1fee --- /dev/null +++ b/roles/graylog/tasks/filebeat.yml @@ -0,0 +1,5 @@ +--- + +- name: Deploy filebeat configuration + template: src=filebeat.yml.j2 dest=/etc/filebeat/ansible_inputs.d/graylog.yml + tags: graylog,log diff --git a/roles/graylog/tasks/main.yml b/roles/graylog/tasks/main.yml index 1d80c5b..8421709 100644 --- a/roles/graylog/tasks/main.yml +++ b/roles/graylog/tasks/main.yml @@ -13,3 +13,4 @@ - include: cleanup.yml - include: archive_post.yml when: graylog_install_mode == 'upgrade' +- include: filebeat.yml diff --git a/roles/graylog/templates/filebeat.yml.j2 b/roles/graylog/templates/filebeat.yml.j2 new file mode 100644 index 0000000..a70b982 --- /dev/null +++ b/roles/graylog/templates/filebeat.yml.j2 @@ -0,0 +1,4 @@ +- type: log + enabled: True + paths: + - {{ graylog_root_dir }}/logs/server.log diff --git a/roles/graylog/templates/graylog-server.service.j2 b/roles/graylog/templates/graylog-server.service.j2 index 764ffca..06ee0e3 100644 --- a/roles/graylog/templates/graylog-server.service.j2 +++ b/roles/graylog/templates/graylog-server.service.j2 @@ -12,13 +12,13 @@ User=graylog Group=graylog LimitNOFILE=64000 ExecStart=/usr/bin/java \ - -Xms{{ graylog_jvm_mem }} -Xmx{{ graylog_jvm_mem }} -XX:NewRatio=1 -server -XX:+ResizeTLAB \ + -Xms{{ graylog_jvm_mem }} -Xmx{{ graylog_jvm_mem }} -Djdk.tls.acknowledgeCloseNotify=true \ + -XX:NewRatio=1 -server -XX:+ResizeTLAB \ -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled \ -XX:+CMSClassUnloadingEnabled -XX:-OmitStackTraceInFastThrow \ - -cp {{ graylog_root_dir }}/app/graylog.jar{% if graylog_libs.keys() | list | length > 0 %}{% for lib in graylog_libs.keys() | list %}:{{ graylog_root_dir }}/app/lib/{{ lib }}-{{ graylog_libs[lib].version }}.jar{% endfor %} {% endif %} \ -Dlog4j.configurationFile=file://{{ graylog_root_dir }}/etc/log4j2.xml \ -Djava.library.path={{ graylog_root_dir }}/app/lib/sigar \ - org.graylog2.bootstrap.Main server -f {{ graylog_root_dir }}/etc/server.conf -np + -jar {{ graylog_root_dir }}/app/graylog.jar server -f {{ graylog_root_dir }}/etc/server.conf -np # When a JVM receives a SIGTERM signal it exits with 143. SuccessExitStatus=143 diff --git a/roles/graylog/templates/log4j2.xml.j2 b/roles/graylog/templates/log4j2.xml.j2 index 120ba8b..2137cb1 100644 --- a/roles/graylog/templates/log4j2.xml.j2 +++ b/roles/graylog/templates/log4j2.xml.j2 @@ -1,7 +1,13 @@ - + - + + + + + + + @@ -10,8 +16,6 @@ - - @@ -21,10 +25,11 @@ + - + diff --git a/roles/graylog/templates/server.conf.j2 b/roles/graylog/templates/server.conf.j2 index 0d6f2d2..c3de0e7 100644 --- a/roles/graylog/templates/server.conf.j2 +++ b/roles/graylog/templates/server.conf.j2 @@ -48,3 +48,7 @@ dns_resolver_enabled = true {% if graylog_tls_versions | length > 0 %} enabled_tls_protocols = {{ graylog_tls_versions | join(',') }} {% endif %} + +{% if graylog_es_version is defined %} +elasticsearch_version = {{ graylog_es_version }} +{% endif %}