bastian/deploy_home
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b4ebc4bad7c9ab18e0cca15783e4e28fdee38a96
deploy_home/ansible/roles/podman/tasks/containers/debyltech/graylog.yml
Bastian de Byl d10cd49cf0 refactor: use variables for graylog stack image versions 
Move hardcoded image versions to variables defined in main.yml for
easier version management in one place.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-28 12:35:51 -05:00

173 lines
4.8 KiB
YAML
Raw Blame History

---
# Graylog Logging Stack
# Deploys MongoDB, OpenSearch, and Graylog
# System prerequisite: OpenSearch requires increased virtual memory
- name: set vm.max_map_count for OpenSearch
become: true
ansible.posix.sysctl:
name: vm.max_map_count
value: '262144'
state: present
sysctl_set: true
tags: graylog
# Create directory structure
- name: create graylog host directory volumes
become: true
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: "{{ podman_subuid.stdout }}"
group: "{{ podman_subuid.stdout }}"
mode: '0755'
notify: restorecon podman
loop:
- "{{ graylog_path }}/mongo"
- "{{ graylog_path }}/opensearch"
- "{{ graylog_path }}/graylog/data"
- "{{ graylog_path }}/graylog/data/config"
tags: graylog
# OpenSearch runs as UID 1000 inside the container
- name: unshare chown the opensearch data volume
become: true
become_user: "{{ podman_user }}"
changed_when: false
ansible.builtin.command: |
podman unshare chown -R 1000:1000 {{ graylog_path }}/opensearch
tags: graylog
# Graylog runs as UID 1100 inside the container
- name: unshare chown the graylog data volume
become: true
become_user: "{{ podman_user }}"
changed_when: false
ansible.builtin.command: |
podman unshare chown -R 1100:1100 {{ graylog_path }}/graylog
tags: graylog
# Graylog requires minimal config file
- name: create graylog.conf
become: true
ansible.builtin.copy:
dest: "{{ graylog_path }}/graylog/data/config/graylog.conf"
content: |
is_leader = true
data_dir = /usr/share/graylog/data
node_id_file = /usr/share/graylog/data/node-id
mode: '0644'
tags: graylog
- name: fix graylog.conf ownership
become: true
become_user: "{{ podman_user }}"
changed_when: false
ansible.builtin.command: |
podman unshare chown 1100:1100 {{ graylog_path }}/graylog/data/config/graylog.conf
tags: graylog
- name: flush handlers
ansible.builtin.meta: flush_handlers
tags: graylog
# MongoDB container
- import_tasks: podman/podman-check.yml
vars:
container_name: graylog-mongo
container_image: "{{ mongo_image }}"
tags: graylog
- name: create graylog-mongo container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: graylog-mongo
image: "{{ mongo_image }}"
state: started
restart_policy: on-failure:3
log_driver: journald
volumes:
- "{{ graylog_path }}/mongo:/data/db:Z"
ports:
- "127.0.0.1:27017:27017/tcp"
tags: graylog
- name: create systemd startup job for graylog-mongo
include_tasks: podman/systemd-generate.yml
vars:
container_name: graylog-mongo
tags: graylog
# OpenSearch container
- import_tasks: podman/podman-check.yml
vars:
container_name: graylog-opensearch
container_image: "{{ opensearch_image }}"
tags: graylog
- name: create graylog-opensearch container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: graylog-opensearch
image: "{{ opensearch_image }}"
state: started
restart_policy: on-failure:3
log_driver: journald
env:
discovery.type: single-node
DISABLE_SECURITY_PLUGIN: "true"
OPENSEARCH_JAVA_OPTS: "-Xms512m -Xmx512m"
volumes:
- "{{ graylog_path }}/opensearch:/usr/share/opensearch/data:z"
ports:
- "127.0.0.1:9200:9200/tcp"
tags: graylog
- name: create systemd startup job for graylog-opensearch
include_tasks: podman/systemd-generate.yml
vars:
container_name: graylog-opensearch
tags: graylog
# Graylog container
- import_tasks: podman/podman-check.yml
vars:
container_name: graylog
container_image: "{{ image }}"
tags: graylog
# Graylog uses host network to reach MongoDB/OpenSearch on 127.0.0.1
# Binds to: 9000 (web UI), 12202 (GELF HTTP input proxied via Caddy)
- name: create graylog container
become: true
become_user: "{{ podman_user }}"
containers.podman.podman_container:
name: graylog
image: "{{ image }}"
state: started
restart_policy: on-failure:3
log_driver: journald
network: host
env:
GRAYLOG_PASSWORD_SECRET: "{{ graylog_password_secret }}"
GRAYLOG_ROOT_PASSWORD_SHA2: "{{ graylog_root_password_sha2 }}"
GRAYLOG_HTTP_EXTERNAL_URI: "https://{{ logs_server_name }}/"
GRAYLOG_HTTP_BIND_ADDRESS: "0.0.0.0:9000"
GRAYLOG_ELASTICSEARCH_HOSTS: "http://127.0.0.1:9200"
GRAYLOG_MONGODB_URI: "mongodb://127.0.0.1:27017/graylog"
volumes:
- "{{ graylog_path }}/graylog/data:/usr/share/graylog/data:z"
- "{{ geoip_path }}/{{ geoip_database_edition }}.mmdb:/etc/graylog/server/GeoLite2-City.mmdb:ro"
requires:
- graylog-mongo
- graylog-opensearch
tags: graylog
- name: create systemd startup job for graylog
include_tasks: podman/systemd-generate.yml
vars:
container_name: graylog
tags: graylog
Reference in New Issue View Git Blame Copy Permalink