deploys graylog

.idea/.gitignore

@@ -0,0 +1,8 @@
+# Default ignored files
+/shelf/
+/workspace.xml
+# Editor-based HTTP Client requests
+/httpRequests/
+# Datasource local storage ignored files
+/dataSources/
+/dataSources.local.xml

.idea/graylog.iml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="WEB_MODULE" version="4">
+  <component name="NewModuleRootManager">
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>

.idea/modules.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/graylog.iml" filepath="$PROJECT_DIR$/.idea/graylog.iml" />
+    </modules>
+  </component>
+</project>

.idea/php.xml

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="PhpStanOptionsConfiguration">
+    <option name="transferred" value="true" />
+  </component>
+  <component name="PsalmOptionsConfiguration">
+    <option name="transferred" value="true" />
+  </component>
+</project>

.idea/vcs.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="" vcs="Git" />
+  </component>
+</project>

app-name/.env

@@ -1 +0,0 @@
-RANDOM=value

app-name/compose.yml

@@ -1,4 +0,0 @@
-services:
-  app:
-
-  database:

graylog/.env

@@ -0,0 +1,14 @@
+# You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
+# Generate one by using for example: pwgen -N 1 -s 96
+# ATTENTION: This value must be the same on all Graylog nodes in the cluster.
+# Changing this value after installation will render all user sessions and encrypted values in the database invalid. (e.g. encrypted access tokens)
+GRAYLOG_PASSWORD_SECRET="j3rzQ5PtN7G0cSwbeZ3kOKYKEdAxe1mAkCpAT4P8x3EVyvh3ne36yEbUCWHj1UXc"
+
+# You MUST specify a hash password for the root user (which you only need to initially set up the
+# system and in case you lose connectivity to your authentication backend)
+# This password cannot be changed using the API or via the web interface. If you need to change it,
+# modify it in this file.
+# Create one by using for example: echo -n yourpassword | shasum -a 256
+# and put the resulting hash value into the following line
+# CHANGE THIS!
+GRAYLOG_ROOT_PASSWORD_SHA2="5bc4d00447024a72da02976443b4a4b88d1656b545d2bef70ceed61a70f68fa1"

graylog/compose.yml

@@ -0,0 +1,95 @@
+services:
+  # MongoDB: https://hub.docker.com/_/mongo/
+  mongodb:
+    image: "mongo:6.0"
+    restart: "on-failure"
+    networks:
+      - graylog
+    volumes:
+      - "mongodb_data:/data/db"
+      - "mongodb_config:/data/configdb"
+
+  # For DataNode setup, graylog starts with a preflight UI, this is a change from just using OpenSearch/Elasticsearch.
+  # Please take a look at the README at the top of this repo or the regular docs for more info.
+  # Graylog Data Node: https://hub.docker.com/r/graylog/graylog-datanode
+
+  # ⚠️ Make sure this is set on the host before starting:
+  # echo "vm.max_map_count=262144" | sudo tee -a /etc/sysctl.conf
+  # sudo sysctl -p
+  datanode:
+    image: "${DATANODE_IMAGE:-graylog/graylog-datanode:6.3}"
+    hostname: "datanode"
+    environment:
+      GRAYLOG_DATANODE_NODE_ID_FILE: "/var/lib/graylog-datanode/node-id"
+      # GRAYLOG_DATANODE_PASSWORD_SECRET and GRAYLOG_PASSWORD_SECRET MUST be the same value
+      GRAYLOG_DATANODE_PASSWORD_SECRET: "${GRAYLOG_PASSWORD_SECRET:?Please configure GRAYLOG_PASSWORD_SECRET in the .env file}"
+      GRAYLOG_DATANODE_MONGODB_URI: "mongodb://mongodb:27017/graylog"
+    ulimits:
+      memlock:
+        hard: -1
+        soft: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+    ports:
+      - "8999:8999/tcp"   # DataNode API
+      - "9200:9200/tcp"
+      - "9300:9300/tcp"
+    networks:
+      - graylog
+    volumes:
+      - "graylog-datanode:/var/lib/graylog-datanode"
+    restart: "on-failure"
+
+  # Graylog: https://hub.docker.com/r/graylog/graylog-enterprise
+  graylog:
+    hostname: "server"
+    image: "${GRAYLOG_IMAGE:-graylog/graylog:6.3}"
+    depends_on:
+      mongodb:
+        condition: "service_started"
+      datanode:
+        condition: "service_started"
+    entrypoint: "/usr/bin/tini --  /docker-entrypoint.sh"
+    environment:
+      GRAYLOG_NODE_ID_FILE: "/usr/share/graylog/data/data/node-id"
+      # GRAYLOG_DATANODE_PASSWORD_SECRET and GRAYLOG_PASSWORD_SECRET MUST be the same value
+      GRAYLOG_PASSWORD_SECRET: "${GRAYLOG_PASSWORD_SECRET:?Please configure GRAYLOG_PASSWORD_SECRET in the .env file}"
+      GRAYLOG_ROOT_PASSWORD_SHA2: "${GRAYLOG_ROOT_PASSWORD_SHA2:?Please configure GRAYLOG_ROOT_PASSWORD_SHA2 in the .env file}"
+      GRAYLOG_HTTP_BIND_ADDRESS: "0.0.0.0:9000"
+      GRAYLOG_HTTP_EXTERNAL_URI: "http://localhost:9000/"
+      GRAYLOG_MONGODB_URI: "mongodb://mongodb:27017/graylog"
+    ports:
+      - "5044:5044/tcp"   # Beats
+      - "5140:5140/udp"   # Syslog
+      - "5140:5140/tcp"   # Syslog
+      - "5555:5555/tcp"   # RAW TCP
+      - "5555:5555/udp"   # RAW UDP
+      - "9000:9000/tcp"   # Server API
+      - "12201:12201/tcp" # GELF TCP
+      - "12201:12201/udp" # GELF UDP
+      - "12202:12202/tcp" # GELF TCP
+      - "12202:12202/udp" # GELF UDP
+      - "12203:12203/tcp" # GELF TCP
+      - "12203:12203/udp" # GELF UDP
+      - "12204:12204/tcp" # GELF TCP
+      - "12204:12204/udp" # GELF UDP
+      #- "10000:10000/tcp" # Custom TCP port
+      #- "10000:10000/udp" # Custom UDP port
+      - "13301:13301/tcp" # Forwarder data
+      - "13302:13302/tcp" # Forwarder config
+    networks:
+      - graylog
+    volumes:
+      - "graylog_data:/usr/share/graylog/data/data"
+    restart: "on-failure"
+
+networks:
+  graylog:
+    driver: "bridge"
+
+volumes:
+  mongodb_data:
+  mongodb_config:
+  graylog-datanode:
+  graylog_data:

hosts.yml

@@ -1,7 +1,13 @@
 all:
   children:
-    server:
+    servers:
       hosts:
-        app-name:
+        zabbix:
-          ansible_host: 192.168.1.x
+          ansible_host: 192.168.1.197
           ansible_user: ansible
+
+    forwarders:
+      hosts:
+        webproxy:
+          ansible_host: 192.168.1.10
+          ansible_user: brock

main.yml

@@ -1,9 +1,10 @@
-- name: Template Ansible project
+- name: Deploy Graylog
-  hosts: servers
+  hosts: all
   become: true
 
   vars:
-    app_name: "zabbix"
+    app_name: "graylog"
+    forwarder_app_name: "graylog-forwarder"
     docker_users:
       - "{{ ansible_user }}"
       - brock
@@ -21,52 +22,55 @@
     - name: geerlingguy.docker
 
   tasks:
-    - name: Install packages
+    - name: Install Server
-      ansible.builtin.package:
+      when: inventory_hostname in groups["servers"]
-        name:
+      block:
-          - nfs-common
+        - name: Install packages
-          - python3-docker
+          ansible.builtin.package:
-        state: present
+            name:
-      tags: vpn
+              - nfs-common
+              - python3-docker
+            state: present
+          tags: vpn
 
-    - name: Mount an NFS volume
+        - name: Mount an NFS volume
-      ansible.posix.mount:
+          ansible.posix.mount:
-        src: 192.168.1.200:/mnt/data-02/share/web
+            src: 192.168.1.200:/mnt/data-02/share/web
-        path: /mnt/share
+            path: /mnt/share
-        opts: "rw,sync,hard,nfsvers=3"
+            opts: "rw,sync,hard,nfsvers=3"
-        state: mounted
+            state: mounted
-        fstype: nfs
+            fstype: nfs
-      tags: mount-nfs
+          tags: mount-nfs
 
-    - name: Create /opt/stacks
+        - name: Create /opt/stacks
-      ansible.builtin.file:
+          ansible.builtin.file:
-        path: "/opt/stacks"
+            path: "/opt/stacks"
-        state: directory
+            state: directory
-        owner: "{{ ansible_user }}"
+            owner: "{{ ansible_user }}"
-        group: docker
+            group: docker
-        mode: '0775'
+            mode: '0775'
 
-    - name: "Create /opt/stacks/{{ app_name }}"
+        - name: "Create /opt/stacks/{{ app_name }}"
-      ansible.builtin.file:
+          ansible.builtin.file:
-        path: "/opt/stacks/{{ app_name }}"
+            path: "/opt/stacks/{{ app_name }}"
-        state: directory
+            state: directory
-        owner: "{{ ansible_user }}"
+            owner: "{{ ansible_user }}"
-        group: docker
+            group: docker
-        mode: '0775'
+            mode: '0775'
 
-    - name: Copy compose stack
+        - name: Copy compose stack
-      ansible.builtin.copy:
+          ansible.builtin.copy:
-        src: "./{{ app_name }}/"
+            src: "./{{ app_name }}/"
-        dest: "/opt/stacks/{{ app_name }}"
+            dest: "/opt/stacks/{{ app_name }}"
-        owner: "{{ ansible_user }}"
+            owner: "{{ ansible_user }}"
-        mode: '0755'
+            mode: '0755'
-      tags: update-config
+          tags: update-config
 
-    - name: "Start {{ app_name }}"
+        - name: "Start {{ app_name }}"
-      community.docker.docker_compose_v2:
+          community.docker.docker_compose_v2:
-        project_src: "/opt/stacks/{{ app_name }}"
+            project_src: "/opt/stacks/{{ app_name }}"
-        recreate: always
+            recreate: always
-        pull: always
+            pull: always
-      tags:
+          tags:
-        - update-config
+            - update-config
-        - redeploy
+            - redeploy