Update to 2020-12-11 20:00

master
Daniel Berteaud 4 years ago
parent 4350ef07f7
commit 4fa6c44ff3
  1. 30
      roles/graylog/defaults/main.yml
  2. 1
      roles/graylog/meta/main.yml
  3. 4
      roles/graylog/tasks/directories.yml
  4. 5
      roles/graylog/tasks/filebeat.yml
  5. 1
      roles/graylog/tasks/main.yml
  6. 4
      roles/graylog/templates/filebeat.yml.j2
  7. 6
      roles/graylog/templates/graylog-server.service.j2
  8. 15
      roles/graylog/templates/log4j2.xml.j2
  9. 4
      roles/graylog/templates/server.conf.j2

@ -1,38 +1,25 @@
--- ---
graylog_version: 3.3.8 graylog_version: 4.0.1
graylog_archive_url: https://downloads.graylog.org/releases/graylog/graylog-{{ graylog_version }}.tgz graylog_archive_url: https://downloads.graylog.org/releases/graylog/graylog-{{ graylog_version }}.tgz
graylog_archive_sha1: 6e2d790251d2fd6483682b9be739752e6825e1fa graylog_archive_sha1: 29ea1884cf67267692abab1d61600e41e3903570
graylog_root_dir: /opt/graylog graylog_root_dir: /opt/graylog
graylog_manage_upgrade: True graylog_manage_upgrade: True
graylog_is_master: True graylog_is_master: True
# Additional libs to download # Additional libs to download
graylog_libs: graylog_libs: {}
log4j-systemd-journal-appender:
version: 2.4.0 graylog_plugins: []
sha1: a23b5c723712bfcf41cc3d962ea383c14b1a4532
url: https://repo1.maven.org/maven2/de/bwaldvogel/log4j-systemd-journal-appender/2.4.0/log4j-systemd-journal-appender-2.4.0.jar
graylog_plugins:
auth-sso:
version: 3.3.0
sha1: 300e41632ea2495f9735c82ad1237a97c015044d
url: https://github.com/Graylog2/graylog-plugin-auth-sso/releases/download/3.3.0/graylog-plugin-auth-sso-3.3.0.jar
dnsresolver:
version: 1.2.0
sha1: b470bd4b39a22574527e01a943a601c10cc2520b
url: https://github.com/graylog-labs/graylog-plugin-dnsresolver/releases/download/1.2.0/graylog-plugin-dnsresolver-1.2.0.jar
# Plugins bundled, which should not be removed # Plugins bundled, which should not be removed
graylog_plugins_core: graylog_plugins_core:
- aws - aws
- collector - collector
- threatintel - threatintel
graylog_plugins_to_install: graylog_plugins_to_install: []
- auth-sso
# A random one will be created is not defined # A random one will be created is not defined
# graylog_pass_secret: # graylog_pass_secret:
# graylog_admin_pass: # graylog_admin_pass:
@ -72,3 +59,6 @@ graylog_tls_versions:
# Mem to allocate to the JVM (Xmx / Xms) # Mem to allocate to the JVM (Xmx / Xms)
graylog_jvm_mem: 2g graylog_jvm_mem: 2g
# Version of the Elasticsearch server
# graylog_es_version: 6

@ -1,5 +1,6 @@
--- ---
dependencies: dependencies:
- role: mkdir
- role: repo_mongodb - role: repo_mongodb
- role: geoipupdate - role: geoipupdate

@ -30,4 +30,8 @@
- dir: archives - dir: archives
mode: 700 mode: 700
- dir: tmp - dir: tmp
- dir: logs
owner: graylog
group: graylog
mode: 700
tags: graylog tags: graylog

@ -0,0 +1,5 @@
---
- name: Deploy filebeat configuration
template: src=filebeat.yml.j2 dest=/etc/filebeat/ansible_inputs.d/graylog.yml
tags: graylog,log

@ -13,3 +13,4 @@
- include: cleanup.yml - include: cleanup.yml
- include: archive_post.yml - include: archive_post.yml
when: graylog_install_mode == 'upgrade' when: graylog_install_mode == 'upgrade'
- include: filebeat.yml

@ -0,0 +1,4 @@
- type: log
enabled: True
paths:
- {{ graylog_root_dir }}/logs/server.log

@ -12,13 +12,13 @@ User=graylog
Group=graylog Group=graylog
LimitNOFILE=64000 LimitNOFILE=64000
ExecStart=/usr/bin/java \ ExecStart=/usr/bin/java \
-Xms{{ graylog_jvm_mem }} -Xmx{{ graylog_jvm_mem }} -XX:NewRatio=1 -server -XX:+ResizeTLAB \ -Xms{{ graylog_jvm_mem }} -Xmx{{ graylog_jvm_mem }} -Djdk.tls.acknowledgeCloseNotify=true \
-XX:NewRatio=1 -server -XX:+ResizeTLAB \
-XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled \ -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled \
-XX:+CMSClassUnloadingEnabled -XX:-OmitStackTraceInFastThrow \ -XX:+CMSClassUnloadingEnabled -XX:-OmitStackTraceInFastThrow \
-cp {{ graylog_root_dir }}/app/graylog.jar{% if graylog_libs.keys() | list | length > 0 %}{% for lib in graylog_libs.keys() | list %}:{{ graylog_root_dir }}/app/lib/{{ lib }}-{{ graylog_libs[lib].version }}.jar{% endfor %} {% endif %} \
-Dlog4j.configurationFile=file://{{ graylog_root_dir }}/etc/log4j2.xml \ -Dlog4j.configurationFile=file://{{ graylog_root_dir }}/etc/log4j2.xml \
-Djava.library.path={{ graylog_root_dir }}/app/lib/sigar \ -Djava.library.path={{ graylog_root_dir }}/app/lib/sigar \
org.graylog2.bootstrap.Main server -f {{ graylog_root_dir }}/etc/server.conf -np -jar {{ graylog_root_dir }}/app/graylog.jar server -f {{ graylog_root_dir }}/etc/server.conf -np
# When a JVM receives a SIGTERM signal it exits with 143. # When a JVM receives a SIGTERM signal it exits with 143.
SuccessExitStatus=143 SuccessExitStatus=143

@ -1,7 +1,13 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<Configuration packages="org.graylog2.log4j,de.bwaldvogel.log4j" shutdownHook="disable"> <Configuration packages="org.graylog2.log4j" shutdownHook="disable">
<Appenders> <Appenders>
<SystemdJournal name="journal" logStacktrace="true" logSource="false" /> <RollingFile name="rolling-file" fileName="{{ graylog_root_dir }}/logs/server.log" filePattern="{{ graylog_root_dir }}/server.log.%i.gz">
<PatternLayout pattern="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX} %-5p [%c{1}] %m%n"/>
<Policies>
<SizeBasedTriggeringPolicy size="50MB"/>
</Policies>
<DefaultRolloverStrategy max="10" fileIndex="min"/>
</RollingFile>
<!-- Internal Graylog log appender. Please do not disable. This makes internal log messages available via REST calls. --> <!-- Internal Graylog log appender. Please do not disable. This makes internal log messages available via REST calls. -->
<Memory name="graylog-internal-logs" bufferSize="500"/> <Memory name="graylog-internal-logs" bufferSize="500"/>
@ -10,8 +16,6 @@
<!-- Application Loggers --> <!-- Application Loggers -->
<Logger name="org.graylog2" level="info"/> <Logger name="org.graylog2" level="info"/>
<Logger name="com.github.joschi.jadconfig" level="warn"/> <Logger name="com.github.joschi.jadconfig" level="warn"/>
<!-- This emits a harmless warning for ActiveDirectory every time which we can't work around :( -->
<Logger name="org.apache.directory.api.ldap.model.message.BindRequestImpl" level="error"/>
<!-- Prevent DEBUG message about Lucene Expressions not found. --> <!-- Prevent DEBUG message about Lucene Expressions not found. -->
<Logger name="org.elasticsearch.script" level="warn"/> <Logger name="org.elasticsearch.script" level="warn"/>
<!-- Disable messages from the version check --> <!-- Disable messages from the version check -->
@ -21,10 +25,11 @@
<!-- Silence Kafka log chatter --> <!-- Silence Kafka log chatter -->
<Logger name="kafka.log.Log" level="warn"/> <Logger name="kafka.log.Log" level="warn"/>
<Logger name="kafka.log.OffsetIndex" level="warn"/> <Logger name="kafka.log.OffsetIndex" level="warn"/>
<Logger name="org.apache.kafka.clients.consumer.ConsumerConfig" level="warn"/>
<!-- Silence useless session validation messages --> <!-- Silence useless session validation messages -->
<Logger name="org.apache.shiro.session.mgt.AbstractValidatingSessionManager" level="warn"/> <Logger name="org.apache.shiro.session.mgt.AbstractValidatingSessionManager" level="warn"/>
<Root level="warn"> <Root level="warn">
<AppenderRef ref="journal"/> <AppenderRef ref="rolling-file"/>
<AppenderRef ref="graylog-internal-logs"/> <AppenderRef ref="graylog-internal-logs"/>
</Root> </Root>
</Loggers> </Loggers>

@ -48,3 +48,7 @@ dns_resolver_enabled = true
{% if graylog_tls_versions | length > 0 %} {% if graylog_tls_versions | length > 0 %}
enabled_tls_protocols = {{ graylog_tls_versions | join(',') }} enabled_tls_protocols = {{ graylog_tls_versions | join(',') }}
{% endif %} {% endif %}
{% if graylog_es_version is defined %}
elasticsearch_version = {{ graylog_es_version }}
{% endif %}

Loading…
Cancel
Save