graylog #13

Description

Installs the Graylog log management system. Connections to elasticsearch and mongodb are required for a fully functioning system. https://www.graylog.org/


Overview

The charm installs Graylog using the snap package.
The charm must be related to elasticsearch and mongodb in order to be a fully functioning installation.
Also note Graylog doesn't support all versions of elasticsearch see the documentation for more details.

Usage

juju deploy cs:~graylog-charmers/graylog
juju run-action graylog/X show-admin-password
juju show-action-output

Graylog requires MongoDB to run and Elasticsearch to be useful.

juju deploy cs:mongodb
juju relate graylog:mongodb mongodb:database
juju deploy cs:~elasticsearch-charmers/elasticsearch
juju relate graylog:elasticsearch elasticsearch:client

You can then browse to http://ip-address:9000 and log in as admin with the password matching the hash specified, also admin in the example.

Reverseproxy Relation

Graylog supports advertising its web and api ports to an application acting as a reverseproxy using the http relation.
The port of the webUI is exposed over the relation as is the port for both the webUI and API in the all_services variable of the relation.
More details on using this are in the reverseproxy instructions for the Apache2 charm.

Scale out Usage

The MongoDB and Elasticsearch applications can both be scaled to clusters and Graylog will adapt to using the cluster.
The Graylog charm does not yet support clustering of multiple units.

Configuration

The administrator password is by default a random value so 'show-admin-password' action must be run for admin access to the installation.

Depending on the Elasticsearch charm used the cluster name may not be passed in the relation in which case it the elasticsearch_cluster_name config option should be set.

Configuration

index_shards
(int) Number of Elasticsearch shards used per index in this index set. Set this to '0' to let the charm automatically calculate based on how many Elasticsearch units.
2
nagios_servicegroups
(string) A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup.
snap_proxy
(string) HTTP/HTTPS web proxy for Snappy to use when accessing the snap store.
index_rotation_msg_count
(int) When rotation strategy is "msg_count", maximum number of documents in an index before it gets rotated
20000000
index_retention_count
(int) Maximum number of indices to keep before deleting the oldest ones
6
nagios_context
(string) Used by the nrpe-external-master subordinate charm. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-myservice-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
juju
index_rotation_strategy
(string) Type of rotation strategy ("time" based, "size" based, no. messages "msg_count").
time
web_listen_uri
(string) The uri the web interface will be available at.
http://0.0.0.0:9000/
index_rotation_period
(string) When rotation strategy is "time" based, rotation period (ISO8601 Duration) - How long an index gets written to before it is rotated.
P7D
index_rotation_size
(int) When rotation strategy is "size" based, maximum size of an index before it gets rotated. Defaults to 1073741824 (1GB).
1073741824
elasticsearch_cluster_name
(string) If the elastic search cluster name is not passed in the relation set it here.
log_inputs
(string) YAML-formatted list of log inputs. First input gets passed through relations. Any input not defined here will be removed unless it is prefixed with "Custom" in the title.
- name: Beats Input type: Beats bind_address: 0.0.0.0 bind_port: 5044
index_replicas
(int) Number of Elasticsearch replicas used per index in this index set.