Feat/graylog assert

roles/graylog_datanode/README.md

@@ -53,9 +53,12 @@ graylog_datanode__password_secret: 'Linuxfabrik_GmbH'
 | -------- | ----------- | ------------- |
 | `graylog_datanode__bind_address` | String. The network interface used by the Graylog DataNode to bind all services. | `'127.0.0.1'` |
 | `graylog_datanode__http_port`    | Number. The port where the DataNode REST api is listening. | `8999` |
+| `graylog_datanode__node_search_cache_size` | Cache size for searchable snaphots. This space will be automatically reserved if `graylog_datanode__path_repo` is configured. See [docs.opensearch.org - Supported Units](https://docs.opensearch.org/latest/api-reference/units/) for a list of possible options. | `10gb` |
 | `graylog_datanode__mongodb_uri`  | String. MongoDB connection string. See https://docs.mongodb.com/manual/reference/connection-string/ for details. | `'mongodb://127.0.0.1/graylog'` |
 | `graylog_datanode__opensearch_data_location` | String. Set this OpenSearch folder if you need OpenSearch to be located in a special place. | `/var/lib/graylog-datanode/opensearch/data` |
 | `graylog_datanode__opensearch_heap` | String. Ensure the heap settings are set to half your system memory, up to a max of 31 GB. | 50% of system memory, e.g. 8g |
+| `graylog_datanode__path_repo` | Filesystem paths where searchable snapshots should be stored. | `[]` |
+| `graylog_datanode__service_enabled` | Enables or disables the opensearch service, analogous to ``systemctl enable/disable --now``. | `true` |
 
 Example:
 ```yaml

roles/graylog_datanode/defaults/main.yml

@@ -1,8 +1,10 @@
 graylog_datanode__bind_address: '127.0.0.1'
 graylog_datanode__datanode_http_port: 8999
+graylog_datanode__mongodb_uri: 'mongodb://127.0.0.1/graylog'
+graylog_datanode__node_search_cache_size: '10gb'
 graylog_datanode__opensearch_data_location: '/var/lib/graylog-datanode/opensearch/data'
 graylog_datanode__opensearch_heap: '{{ [((ansible_facts["memtotal_mb"] * 0.5) | int), 31744] | min }}m'
-graylog_datanode__mongodb_uri: 'mongodb://127.0.0.1/graylog'
+graylog_datanode__path_repo: []
 graylog_datanode__service_enabled: true
 
 # ------

roles/graylog_datanode/tasks/main.yml

@@ -1,3 +1,23 @@
+- block:
+
+  - name: 'Validate that graylog_datanode__password_secret length >= 16 characters'
+    ansible.builtin.assert:
+      that:
+        - 'graylog_datanode__password_secret | length >= 16'
+      fail_msg: 'graylog_datanode__password_secret must at least 16 characters'
+      quiet: true
+
+  - name: 'Validate that graylog_datanode__node_search_cache_size follows OpenSearch Bytes format'
+    ansible.builtin.assert:
+      that:
+      -  'graylog_datanode__node_search_cache_size | regex_search("^[0-9]+(b|kb|mb|gb|tb|pb)$")'
+      fail_msg: '"{{ graylog_datanode__node_search_cache_size }}" does not follow OpenSearch Bytes format'
+      quiet: true
+
+  tags:
+    - 'graylog_datanode'
+    - 'graylog_datanode:configure'
+
 - block:
 
   - name: 'Install graylog-datanode'
@@ -60,6 +80,15 @@
       group: 'graylog-datanode'
       mode: 0o755
 
+  - name: 'mkdir -p {{ item }}; chown graylog-datanode:graylog-datanode {{ item }}'
+    ansible.builtin.file:
+      path: '{{ item }}'
+      state: 'directory'
+      owner: 'graylog-datanode'
+      group: 'graylog-datanode'
+      mode: 0o740
+    loop: '{{ graylog_datanode__path_repo }}'
+
   tags:
     - 'graylog_datanode'
     - 'graylog_datanode:configure'

roles/graylog_datanode/templates/etc/graylog/datanode/6.1-datanode.conf.j2

@@ -163,3 +163,8 @@ opensearch_logs_location = /var/log/graylog-datanode/opensearch
 # indexer_jwt_auth_token_expiration_duration = 180s
 
 opensearch_heap = {{ graylog_datanode__opensearch_heap }}
+
+#### Data Tiering Properties
+
+node_search_cache_size = {{ graylog_datanode__node_search_cache_size }}
+path_repo = {{ graylog_datanode__path_repo | join(',') }}

roles/graylog_datanode/templates/etc/graylog/datanode/6.2-datanode.conf.j2

@@ -163,3 +163,8 @@ opensearch_logs_location = /var/log/graylog-datanode/opensearch
 # indexer_jwt_auth_token_expiration_duration = 180s
 
 opensearch_heap = {{ graylog_datanode__opensearch_heap }}
+
+#### Data Tiering Properties
+
+node_search_cache_size = {{ graylog_datanode__node_search_cache_size }}
+path_repo = {{ graylog_datanode__path_repo | join(',') }}

roles/graylog_datanode/templates/etc/graylog/datanode/6.3-datanode.conf.j2

@@ -163,3 +163,8 @@ opensearch_logs_location = /var/log/graylog-datanode/opensearch
 # indexer_jwt_auth_token_expiration_duration = 180s
 
 opensearch_heap = {{ graylog_datanode__opensearch_heap }}
+
+#### Data Tiering Properties
+
+node_search_cache_size = {{ graylog_datanode__node_search_cache_size }}
+path_repo = {{ graylog_datanode__path_repo | join(',') }}

roles/graylog_datanode/templates/etc/graylog/datanode/7.0-datanode.conf.j2

@@ -163,3 +163,8 @@ opensearch_logs_location = /var/log/graylog-datanode/opensearch
 # indexer_jwt_auth_token_expiration_duration = 180s
 
 opensearch_heap = {{ graylog_datanode__opensearch_heap }}
+
+#### Data Tiering Properties
+
+node_search_cache_size = {{ graylog_datanode__node_search_cache_size }}
+path_repo = {{ graylog_datanode__path_repo | join(',') }}

roles/graylog_server/tasks/main.yml

@@ -1,3 +1,16 @@
+- block:
+
+  - name: 'Validate that graylog_server__password_secret length >= 16 characters'
+    ansible.builtin.assert:
+      that:
+        - 'graylog_server__password_secret | length >= 16'
+      fail_msg: 'graylog_server__password_secret must be at least 16 characters'
+      quiet: true
+
+  tags:
+    - 'graylog_server'
+    - 'graylog_server:configure'
+
 - block:
 
   - name: 'Install graylog-server'

roles/graylog_server/templates/etc/graylog/server/6.1-server.conf.j2

@@ -1,5 +1,5 @@
 # {{ ansible_managed }}
-# 2026012102
+# 2026032701
 # 6.1
 ############################
 # GRAYLOG CONFIGURATION FILE
@@ -781,3 +781,9 @@ integrations_scripts_dir = /usr/share/graylog-server/scripts
 #   event-processor-execution-v1
 #   notification-execution-v1
 #job_scheduler_concurrency_limits = event-processor-execution-v1:2,notification-execution-v1:2
+
+##################
+# Privacy settings
+##################
+
+telemetry_enabled = false

roles/graylog_server/templates/etc/graylog/server/6.2-server.conf.j2

@@ -1,5 +1,5 @@
 # {{ ansible_managed }}
-# 2026012102
+# 2026032701
 # 6.2
 ############################
 # GRAYLOG CONFIGURATION FILE
@@ -815,3 +815,9 @@ integrations_scripts_dir = /usr/share/graylog-server/scripts
 #          instability. Proceed with caution.
 # Default: 0
 #search_query_engine_data_lake_jobs_queue_size = 0
+
+##################
+# Privacy settings
+##################
+
+telemetry_enabled = false

roles/graylog_server/templates/etc/graylog/server/6.3-server.conf.j2

@@ -1,5 +1,5 @@
 # {{ ansible_managed }}
-# 2026012102
+# 2026032701
 # 6.3
 ############################
 # GRAYLOG CONFIGURATION FILE
@@ -815,3 +815,9 @@ integrations_scripts_dir = /usr/share/graylog-server/scripts
 #          instability. Proceed with caution.
 # Default: 0
 #search_query_engine_data_lake_jobs_queue_size = 0
+
+##################
+# Privacy settings
+##################
+
+telemetry_enabled = false

roles/graylog_server/templates/etc/graylog/server/7.0-server.conf.j2

@@ -1,5 +1,5 @@
 # {{ ansible_managed }}
-# 2026012102
+# 2026032701
 # 7.0
 ############################
 # GRAYLOG CONFIGURATION FILE
@@ -819,3 +819,9 @@ integrations_scripts_dir = /usr/share/graylog-server/scripts
 #          instability. Proceed with caution.
 # Default: 0
 #search_query_engine_data_lake_jobs_queue_size = 0
+
+##################
+# Privacy settings
+##################
+
+telemetry_enabled = false