graylog #20

Description

Installs the Graylog log management system. Connections to elasticsearch and mongodb are required for a fully functioning system. https://www.graylog.org/


Overview

The charm installs Graylog using the snap package.
The charm must be related to elasticsearch and mongodb in order to be a fully functioning installation.
Also note Graylog doesn't support all versions of elasticsearch see the documentation for more details.

Usage

juju deploy cs:~graylog-charmers/graylog
juju run-action graylog/X show-admin-password
juju show-action-output

Graylog requires MongoDB to run and Elasticsearch to be useful.

juju deploy cs:mongodb
juju relate graylog:mongodb mongodb:database
juju deploy cs:~elasticsearch-charmers/elasticsearch
juju relate graylog:elasticsearch elasticsearch:client

You can then browse to http://ip-address:9000 and log in as the user "admin".
The password is by default a random value so 'juju run-action --wait graylog/X show-admin-password' must be run for admin access to the installation.

Reverseproxy Relation

Graylog supports advertising its web and api ports to an application acting as a reverseproxy using the http relation.
The port of the webUI is exposed over the relation as is the port for both the webUI and API in the all_services variable of the relation.
More details on using this are in the reverseproxy instructions for the Apache2 charm.

For example, you could use the following as a graylog vhost template for the apache2 charm.
Note that you'll need to update the GRAYLOG_UNIT_IP in the template below to match the IP of your graylog/X unit.

$ cat graylog-vhost.tmpl
<Location "/">
    RequestHeader set X-Graylog-Server-URL "http://{{servername}}/api/"
    ProxyPass http://GRAYLOG_UNIT_IP:9000/
    ProxyPassReverse http://GRAYLOG_UNIT_IP:9000/
</Location>

<Location "/api/">
    ProxyPass http://GRAYLOG_UNIT_IP:9001/api/
    ProxyPassReverse http://GRAYLOG_UNIT_IP:9001/api/
</Location>

Now deploy and configure apache2 as your graylog reverse proxy:

juju deploy apache2
juju config apache2 "enable_modules='headers proxy_html proxy_http'"
juju config apache2 "vhost_http_template=$(base64 < graylog-vhost.tmpl)"
juju expose apache2
juju relate apache2:reverseproxy graylog:website

Visit http://[apache2-public-ip] to access the Graylog interface.

Scale out Usage

The MongoDB and Elasticsearch applications can both be scaled to clusters and Graylog will adapt to using the cluster.
The Graylog charm does not yet support clustering of multiple units.

Configuration

The administrator password is by default a random value so 'juju run-action --wait graylog/X show-admin-password' must be run for admin access to the installation.

Depending on the Elasticsearch charm used the cluster name may not be passed in the relation in which case it the elasticsearch_cluster_name config option should be set.

Configuration

index_shards
(int) Number of Elasticsearch shards used per index in this index set. Set this to '0' to let the charm automatically calculate based on how many Elasticsearch units.
2
nagios_servicegroups
(string) A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup.
nagios_uncommitted_crit
(int) Number of journaled uncommitted messages that will generate a nagios CRITICAL alert
100
web_listen_uri
(string) The uri the web interface will be available at.
http://0.0.0.0:9000/
index_rotation_msg_count
(int) When rotation strategy is "msg_count", maximum number of documents in an index before it gets rotated
20000000
index_retention_count
(int) Maximum number of indices to keep before deleting the oldest ones
6
nagios_context
(string) Used by the nrpe-external-master subordinate charm. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-myservice-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
juju
index_rotation_strategy
(string) Type of rotation strategy ("time" based, "size" based, no. messages "msg_count").
time
rest_transport_uri
(string) If set, this will be promoted in the cluster discovery APIs. You will need to define this, if your Graylog server is running behind a HTTP proxy that is rewriting the scheme, host name or URI. This must not contain a wildcard address (0.0.0.0). Usually takes the form http://192.168.1.1:9001/api/.
snap_proxy
(string) HTTP/HTTPS web proxy for Snappy to use when accessing the snap store.
snap_proxy_url
(string) The address of a Snap Store Proxy to use for snaps e.g. http://snap-proxy.example.com
index_rotation_period
(string) When rotation strategy is "time" based, rotation period (ISO8601 Duration) - How long an index gets written to before it is rotated.
P7D
index_rotation_size
(int) When rotation strategy is "size" based, maximum size of an index before it gets rotated. Defaults to 1073741824 (1GB).
1073741824
snapd_refresh
(string) How often snapd handles updates for installed snaps. The default (an empty string) is 4x per day. Set to "max" to check once per month based on the charm deployment date. You may also set a custom string as described in the 'refresh.timer' section here: https://forum.snapcraft.io/t/system-options/87
beats_port
(int) TCP port for Beats input when relation is joined
5044
elasticsearch_cluster_name
(string) If the elastic search cluster name is not passed in the relation set it here.
nagios_uncommitted_warn
(int) Number of journaled uncommitted messages that will generate a nagios WARN
log_inputs
(string) YAML-formatted list of log inputs. First input gets passed through relations. Any input not defined here will be removed unless it is prefixed with "Custom" in the title.
index_replicas
(int) Number of Elasticsearch replicas used per index in this index set.