diff --git a/roles/graylog_datanode/README.md b/roles/graylog_datanode/README.md index 7c381f9e3..eef8f940a 100644 --- a/roles/graylog_datanode/README.md +++ b/roles/graylog_datanode/README.md @@ -53,9 +53,12 @@ graylog_datanode__password_secret: 'Linuxfabrik_GmbH' | -------- | ----------- | ------------- | | `graylog_datanode__bind_address` | String. The network interface used by the Graylog DataNode to bind all services. | `'127.0.0.1'` | | `graylog_datanode__http_port` | Number. The port where the DataNode REST api is listening. | `8999` | +| `graylog_datanode__node_search_cache_size` | Cache size for searchable snaphots. This space will be automatically reserved if `graylog_datanode__path_repo` is configured. See [docs.opensearch.org - Supported Units](https://docs.opensearch.org/latest/api-reference/units/) for a list of possible options. | `10gb` | | `graylog_datanode__mongodb_uri` | String. MongoDB connection string. See https://docs.mongodb.com/manual/reference/connection-string/ for details. | `'mongodb://127.0.0.1/graylog'` | | `graylog_datanode__opensearch_data_location` | String. Set this OpenSearch folder if you need OpenSearch to be located in a special place. | `/var/lib/graylog-datanode/opensearch/data` | | `graylog_datanode__opensearch_heap` | String. Ensure the heap settings are set to half your system memory, up to a max of 31 GB. | 50% of system memory, e.g. 8g | +| `graylog_datanode__path_repo` | Filesystem paths where searchable snapshots should be stored. | `[]` | +| `graylog_datanode__service_enabled` | Enables or disables the opensearch service, analogous to ``systemctl enable/disable --now``. | `true` | Example: ```yaml diff --git a/roles/graylog_datanode/defaults/main.yml b/roles/graylog_datanode/defaults/main.yml index efb7081f6..7959e793a 100644 --- a/roles/graylog_datanode/defaults/main.yml +++ b/roles/graylog_datanode/defaults/main.yml @@ -1,8 +1,10 @@ graylog_datanode__bind_address: '127.0.0.1' graylog_datanode__datanode_http_port: 8999 +graylog_datanode__mongodb_uri: 'mongodb://127.0.0.1/graylog' +graylog_datanode__node_search_cache_size: '10gb' graylog_datanode__opensearch_data_location: '/var/lib/graylog-datanode/opensearch/data' graylog_datanode__opensearch_heap: '{{ [((ansible_facts["memtotal_mb"] * 0.5) | int), 31744] | min }}m' -graylog_datanode__mongodb_uri: 'mongodb://127.0.0.1/graylog' +graylog_datanode__path_repo: [] graylog_datanode__service_enabled: true # ------ diff --git a/roles/graylog_datanode/tasks/main.yml b/roles/graylog_datanode/tasks/main.yml index fb353ecde..caa59b5af 100644 --- a/roles/graylog_datanode/tasks/main.yml +++ b/roles/graylog_datanode/tasks/main.yml @@ -1,3 +1,23 @@ +- block: + + - name: 'Validate that graylog_datanode__password_secret length >= 16 characters' + ansible.builtin.assert: + that: + - 'graylog_datanode__password_secret | length >= 16' + fail_msg: 'graylog_datanode__password_secret must at least 16 characters' + quiet: true + + - name: 'Validate that graylog_datanode__node_search_cache_size follows OpenSearch Bytes format' + ansible.builtin.assert: + that: + - 'graylog_datanode__node_search_cache_size | regex_search("^[0-9]+(b|kb|mb|gb|tb|pb)$")' + fail_msg: '"{{ graylog_datanode__node_search_cache_size }}" does not follow OpenSearch Bytes format' + quiet: true + + tags: + - 'graylog_datanode' + - 'graylog_datanode:configure' + - block: - name: 'Install graylog-datanode' @@ -60,6 +80,15 @@ group: 'graylog-datanode' mode: 0o755 + - name: 'mkdir -p {{ item }}; chown graylog-datanode:graylog-datanode {{ item }}' + ansible.builtin.file: + path: '{{ item }}' + state: 'directory' + owner: 'graylog-datanode' + group: 'graylog-datanode' + mode: 0o740 + loop: '{{ graylog_datanode__path_repo }}' + tags: - 'graylog_datanode' - 'graylog_datanode:configure' diff --git a/roles/graylog_datanode/templates/etc/graylog/datanode/6.1-datanode.conf.j2 b/roles/graylog_datanode/templates/etc/graylog/datanode/6.1-datanode.conf.j2 index e99cb9371..a4190828c 100644 --- a/roles/graylog_datanode/templates/etc/graylog/datanode/6.1-datanode.conf.j2 +++ b/roles/graylog_datanode/templates/etc/graylog/datanode/6.1-datanode.conf.j2 @@ -163,3 +163,8 @@ opensearch_logs_location = /var/log/graylog-datanode/opensearch # indexer_jwt_auth_token_expiration_duration = 180s opensearch_heap = {{ graylog_datanode__opensearch_heap }} + +#### Data Tiering Properties + +node_search_cache_size = {{ graylog_datanode__node_search_cache_size }} +path_repo = {{ graylog_datanode__path_repo | join(',') }} diff --git a/roles/graylog_datanode/templates/etc/graylog/datanode/6.2-datanode.conf.j2 b/roles/graylog_datanode/templates/etc/graylog/datanode/6.2-datanode.conf.j2 index 21d6e67ab..5432efa1e 100644 --- a/roles/graylog_datanode/templates/etc/graylog/datanode/6.2-datanode.conf.j2 +++ b/roles/graylog_datanode/templates/etc/graylog/datanode/6.2-datanode.conf.j2 @@ -163,3 +163,8 @@ opensearch_logs_location = /var/log/graylog-datanode/opensearch # indexer_jwt_auth_token_expiration_duration = 180s opensearch_heap = {{ graylog_datanode__opensearch_heap }} + +#### Data Tiering Properties + +node_search_cache_size = {{ graylog_datanode__node_search_cache_size }} +path_repo = {{ graylog_datanode__path_repo | join(',') }} diff --git a/roles/graylog_datanode/templates/etc/graylog/datanode/6.3-datanode.conf.j2 b/roles/graylog_datanode/templates/etc/graylog/datanode/6.3-datanode.conf.j2 index 1424bde31..24c4be2d6 100644 --- a/roles/graylog_datanode/templates/etc/graylog/datanode/6.3-datanode.conf.j2 +++ b/roles/graylog_datanode/templates/etc/graylog/datanode/6.3-datanode.conf.j2 @@ -163,3 +163,8 @@ opensearch_logs_location = /var/log/graylog-datanode/opensearch # indexer_jwt_auth_token_expiration_duration = 180s opensearch_heap = {{ graylog_datanode__opensearch_heap }} + +#### Data Tiering Properties + +node_search_cache_size = {{ graylog_datanode__node_search_cache_size }} +path_repo = {{ graylog_datanode__path_repo | join(',') }} diff --git a/roles/graylog_datanode/templates/etc/graylog/datanode/7.0-datanode.conf.j2 b/roles/graylog_datanode/templates/etc/graylog/datanode/7.0-datanode.conf.j2 index 7dd1adf6c..ccdfa9072 100644 --- a/roles/graylog_datanode/templates/etc/graylog/datanode/7.0-datanode.conf.j2 +++ b/roles/graylog_datanode/templates/etc/graylog/datanode/7.0-datanode.conf.j2 @@ -163,3 +163,8 @@ opensearch_logs_location = /var/log/graylog-datanode/opensearch # indexer_jwt_auth_token_expiration_duration = 180s opensearch_heap = {{ graylog_datanode__opensearch_heap }} + +#### Data Tiering Properties + +node_search_cache_size = {{ graylog_datanode__node_search_cache_size }} +path_repo = {{ graylog_datanode__path_repo | join(',') }} diff --git a/roles/graylog_server/tasks/main.yml b/roles/graylog_server/tasks/main.yml index c97605877..64926111c 100644 --- a/roles/graylog_server/tasks/main.yml +++ b/roles/graylog_server/tasks/main.yml @@ -1,3 +1,16 @@ +- block: + + - name: 'Validate that graylog_server__password_secret length >= 16 characters' + ansible.builtin.assert: + that: + - 'graylog_server__password_secret | length >= 16' + fail_msg: 'graylog_server__password_secret must be at least 16 characters' + quiet: true + + tags: + - 'graylog_server' + - 'graylog_server:configure' + - block: - name: 'Install graylog-server' diff --git a/roles/graylog_server/templates/etc/graylog/server/6.1-server.conf.j2 b/roles/graylog_server/templates/etc/graylog/server/6.1-server.conf.j2 index 363453b5f..297e607b8 100644 --- a/roles/graylog_server/templates/etc/graylog/server/6.1-server.conf.j2 +++ b/roles/graylog_server/templates/etc/graylog/server/6.1-server.conf.j2 @@ -1,5 +1,5 @@ # {{ ansible_managed }} -# 2026012102 +# 2026032701 # 6.1 ############################ # GRAYLOG CONFIGURATION FILE @@ -781,3 +781,9 @@ integrations_scripts_dir = /usr/share/graylog-server/scripts # event-processor-execution-v1 # notification-execution-v1 #job_scheduler_concurrency_limits = event-processor-execution-v1:2,notification-execution-v1:2 + +################## +# Privacy settings +################## + +telemetry_enabled = false diff --git a/roles/graylog_server/templates/etc/graylog/server/6.2-server.conf.j2 b/roles/graylog_server/templates/etc/graylog/server/6.2-server.conf.j2 index a61976a5f..3ce0e2563 100644 --- a/roles/graylog_server/templates/etc/graylog/server/6.2-server.conf.j2 +++ b/roles/graylog_server/templates/etc/graylog/server/6.2-server.conf.j2 @@ -1,5 +1,5 @@ # {{ ansible_managed }} -# 2026012102 +# 2026032701 # 6.2 ############################ # GRAYLOG CONFIGURATION FILE @@ -815,3 +815,9 @@ integrations_scripts_dir = /usr/share/graylog-server/scripts # instability. Proceed with caution. # Default: 0 #search_query_engine_data_lake_jobs_queue_size = 0 + +################## +# Privacy settings +################## + +telemetry_enabled = false diff --git a/roles/graylog_server/templates/etc/graylog/server/6.3-server.conf.j2 b/roles/graylog_server/templates/etc/graylog/server/6.3-server.conf.j2 index 7ff391eb1..bb71f9bc9 100644 --- a/roles/graylog_server/templates/etc/graylog/server/6.3-server.conf.j2 +++ b/roles/graylog_server/templates/etc/graylog/server/6.3-server.conf.j2 @@ -1,5 +1,5 @@ # {{ ansible_managed }} -# 2026012102 +# 2026032701 # 6.3 ############################ # GRAYLOG CONFIGURATION FILE @@ -815,3 +815,9 @@ integrations_scripts_dir = /usr/share/graylog-server/scripts # instability. Proceed with caution. # Default: 0 #search_query_engine_data_lake_jobs_queue_size = 0 + +################## +# Privacy settings +################## + +telemetry_enabled = false diff --git a/roles/graylog_server/templates/etc/graylog/server/7.0-server.conf.j2 b/roles/graylog_server/templates/etc/graylog/server/7.0-server.conf.j2 index d15132781..7f4aaeb45 100644 --- a/roles/graylog_server/templates/etc/graylog/server/7.0-server.conf.j2 +++ b/roles/graylog_server/templates/etc/graylog/server/7.0-server.conf.j2 @@ -1,5 +1,5 @@ # {{ ansible_managed }} -# 2026012102 +# 2026032701 # 7.0 ############################ # GRAYLOG CONFIGURATION FILE @@ -819,3 +819,9 @@ integrations_scripts_dir = /usr/share/graylog-server/scripts # instability. Proceed with caution. # Default: 0 #search_query_engine_data_lake_jobs_queue_size = 0 + +################## +# Privacy settings +################## + +telemetry_enabled = false