diff --git a/roles/graylog_datanode/README.md b/roles/graylog_datanode/README.md index d704a547..76342099 100644 --- a/roles/graylog_datanode/README.md +++ b/roles/graylog_datanode/README.md @@ -78,6 +78,12 @@ graylog_datanode__password_secret: 'Linuxfabrik_GmbH' * Type: String. * Default: `'mongodb://127.0.0.1/graylog'` +`graylog_datanode__node_search_cache_size` + +* Cache size for searchable snaphots. This space will be automatically reserved if `graylog_datanode__path_repo` is configured. See [docs.opensearch.org - Supported Units](https://docs.opensearch.org/latest/api-reference/units/) for a list of possible options. +* Type: String +* Default: `10gb` + `graylog_datanode__opensearch_data_location` * Set this OpenSearch folder if you need OpenSearch to be located in a special place. @@ -90,6 +96,17 @@ graylog_datanode__password_secret: 'Linuxfabrik_GmbH' * Type: String. * Default: 50% of system memory, e.g. `'8g'` +`graylog_datanode__path_repo` + +* Filesystem paths where searchable snapshots should be stored +* Type: List of Strings +* Default: `[]` + +`graylog_datanode__raw` +* Multiline string. Raw content which will be appended to the `datanode.conf` config file. +* Type: String +* Default: unset + `graylog_datanode__service_enabled` * Enables or disables the graylog-datanode service, analogous to `systemctl enable/disable --now`. diff --git a/roles/graylog_datanode/defaults/main.yml b/roles/graylog_datanode/defaults/main.yml index efb7081f..7959e793 100644 --- a/roles/graylog_datanode/defaults/main.yml +++ b/roles/graylog_datanode/defaults/main.yml @@ -1,8 +1,10 @@ graylog_datanode__bind_address: '127.0.0.1' graylog_datanode__datanode_http_port: 8999 +graylog_datanode__mongodb_uri: 'mongodb://127.0.0.1/graylog' +graylog_datanode__node_search_cache_size: '10gb' graylog_datanode__opensearch_data_location: '/var/lib/graylog-datanode/opensearch/data' graylog_datanode__opensearch_heap: '{{ [((ansible_facts["memtotal_mb"] * 0.5) | int), 31744] | min }}m' -graylog_datanode__mongodb_uri: 'mongodb://127.0.0.1/graylog' +graylog_datanode__path_repo: [] graylog_datanode__service_enabled: true # ------ diff --git a/roles/graylog_datanode/tasks/main.yml b/roles/graylog_datanode/tasks/main.yml index 93364490..3ed0ca87 100644 --- a/roles/graylog_datanode/tasks/main.yml +++ b/roles/graylog_datanode/tasks/main.yml @@ -1,3 +1,23 @@ +- block: + + - name: 'Validate that graylog_datanode__password_secret length >= 16 characters' + ansible.builtin.assert: + that: + - 'graylog_datanode__password_secret | length >= 16' + fail_msg: 'graylog_datanode__password_secret must at least 16 characters' + quiet: true + + - name: 'Validate that graylog_datanode__node_search_cache_size follows OpenSearch Bytes format' + ansible.builtin.assert: + that: + - 'graylog_datanode__node_search_cache_size | regex_search("^[0-9]+(b|kb|mb|gb|tb|pb)$")' + fail_msg: '"{{ graylog_datanode__node_search_cache_size }}" does not follow OpenSearch Bytes format' + quiet: true + + tags: + - 'graylog_datanode' + - 'graylog_datanode:configure' + - block: - name: 'Install graylog-datanode' @@ -62,6 +82,15 @@ group: 'graylog-datanode' mode: 0o755 + - name: 'mkdir -p {{ item }}; chown graylog-datanode:graylog-datanode {{ item }}' + ansible.builtin.file: + path: '{{ item }}' + state: 'directory' + owner: 'graylog-datanode' + group: 'graylog-datanode' + mode: 0o740 + loop: '{{ graylog_datanode__path_repo }}' + tags: - 'graylog_datanode' - 'graylog_datanode:configure' diff --git a/roles/graylog_datanode/templates/etc/graylog/datanode/6.1-datanode.conf.j2 b/roles/graylog_datanode/templates/etc/graylog/datanode/6.1-datanode.conf.j2 index e99cb937..3603dcdc 100644 --- a/roles/graylog_datanode/templates/etc/graylog/datanode/6.1-datanode.conf.j2 +++ b/roles/graylog_datanode/templates/etc/graylog/datanode/6.1-datanode.conf.j2 @@ -163,3 +163,13 @@ opensearch_logs_location = /var/log/graylog-datanode/opensearch # indexer_jwt_auth_token_expiration_duration = 180s opensearch_heap = {{ graylog_datanode__opensearch_heap }} + +#### Data Tiering Properties + +node_search_cache_size = {{ graylog_datanode__node_search_cache_size }} +path_repo = {{ graylog_datanode__path_repo | join(',') }} + +{% if graylog_datanode__raw is defined and graylog_datanode__raw | length %} +#### Raw #### +{{ graylog_datanode__raw }} +{% endif %} diff --git a/roles/graylog_datanode/templates/etc/graylog/datanode/6.2-datanode.conf.j2 b/roles/graylog_datanode/templates/etc/graylog/datanode/6.2-datanode.conf.j2 index 21d6e67a..37275f0c 100644 --- a/roles/graylog_datanode/templates/etc/graylog/datanode/6.2-datanode.conf.j2 +++ b/roles/graylog_datanode/templates/etc/graylog/datanode/6.2-datanode.conf.j2 @@ -163,3 +163,13 @@ opensearch_logs_location = /var/log/graylog-datanode/opensearch # indexer_jwt_auth_token_expiration_duration = 180s opensearch_heap = {{ graylog_datanode__opensearch_heap }} + +#### Data Tiering Properties + +node_search_cache_size = {{ graylog_datanode__node_search_cache_size }} +path_repo = {{ graylog_datanode__path_repo | join(',') }} + +{% if graylog_datanode__raw is defined and graylog_datanode__raw | length %} +#### Raw #### +{{ graylog_datanode__raw }} +{% endif %} diff --git a/roles/graylog_datanode/templates/etc/graylog/datanode/6.3-datanode.conf.j2 b/roles/graylog_datanode/templates/etc/graylog/datanode/6.3-datanode.conf.j2 index 1424bde3..18339c90 100644 --- a/roles/graylog_datanode/templates/etc/graylog/datanode/6.3-datanode.conf.j2 +++ b/roles/graylog_datanode/templates/etc/graylog/datanode/6.3-datanode.conf.j2 @@ -163,3 +163,13 @@ opensearch_logs_location = /var/log/graylog-datanode/opensearch # indexer_jwt_auth_token_expiration_duration = 180s opensearch_heap = {{ graylog_datanode__opensearch_heap }} + +#### Data Tiering Properties + +node_search_cache_size = {{ graylog_datanode__node_search_cache_size }} +path_repo = {{ graylog_datanode__path_repo | join(',') }} + +{% if graylog_datanode__raw is defined and graylog_datanode__raw | length %} +#### Raw #### +{{ graylog_datanode__raw }} +{% endif %} diff --git a/roles/graylog_datanode/templates/etc/graylog/datanode/7.0-datanode.conf.j2 b/roles/graylog_datanode/templates/etc/graylog/datanode/7.0-datanode.conf.j2 index 7dd1adf6..b9820742 100644 --- a/roles/graylog_datanode/templates/etc/graylog/datanode/7.0-datanode.conf.j2 +++ b/roles/graylog_datanode/templates/etc/graylog/datanode/7.0-datanode.conf.j2 @@ -163,3 +163,13 @@ opensearch_logs_location = /var/log/graylog-datanode/opensearch # indexer_jwt_auth_token_expiration_duration = 180s opensearch_heap = {{ graylog_datanode__opensearch_heap }} + +#### Data Tiering Properties + +node_search_cache_size = {{ graylog_datanode__node_search_cache_size }} +path_repo = {{ graylog_datanode__path_repo | join(',') }} + +{% if graylog_datanode__raw is defined and graylog_datanode__raw | length %} +#### Raw #### +{{ graylog_datanode__raw }} +{% endif %} diff --git a/roles/graylog_server/tasks/main.yml b/roles/graylog_server/tasks/main.yml index cde9578b..f42f6af3 100644 --- a/roles/graylog_server/tasks/main.yml +++ b/roles/graylog_server/tasks/main.yml @@ -1,3 +1,16 @@ +- block: + + - name: 'Validate that graylog_server__password_secret length >= 16 characters' + ansible.builtin.assert: + that: + - 'graylog_server__password_secret | length >= 16' + fail_msg: 'graylog_server__password_secret must be at least 16 characters' + quiet: true + + tags: + - 'graylog_server' + - 'graylog_server:configure' + - block: - name: 'Install graylog-server' diff --git a/roles/graylog_server/templates/etc/graylog/server/6.1-server.conf.j2 b/roles/graylog_server/templates/etc/graylog/server/6.1-server.conf.j2 index 363453b5..297e607b 100644 --- a/roles/graylog_server/templates/etc/graylog/server/6.1-server.conf.j2 +++ b/roles/graylog_server/templates/etc/graylog/server/6.1-server.conf.j2 @@ -1,5 +1,5 @@ # {{ ansible_managed }} -# 2026012102 +# 2026032701 # 6.1 ############################ # GRAYLOG CONFIGURATION FILE @@ -781,3 +781,9 @@ integrations_scripts_dir = /usr/share/graylog-server/scripts # event-processor-execution-v1 # notification-execution-v1 #job_scheduler_concurrency_limits = event-processor-execution-v1:2,notification-execution-v1:2 + +################## +# Privacy settings +################## + +telemetry_enabled = false diff --git a/roles/graylog_server/templates/etc/graylog/server/6.2-server.conf.j2 b/roles/graylog_server/templates/etc/graylog/server/6.2-server.conf.j2 index a61976a5..3ce0e256 100644 --- a/roles/graylog_server/templates/etc/graylog/server/6.2-server.conf.j2 +++ b/roles/graylog_server/templates/etc/graylog/server/6.2-server.conf.j2 @@ -1,5 +1,5 @@ # {{ ansible_managed }} -# 2026012102 +# 2026032701 # 6.2 ############################ # GRAYLOG CONFIGURATION FILE @@ -815,3 +815,9 @@ integrations_scripts_dir = /usr/share/graylog-server/scripts # instability. Proceed with caution. # Default: 0 #search_query_engine_data_lake_jobs_queue_size = 0 + +################## +# Privacy settings +################## + +telemetry_enabled = false diff --git a/roles/graylog_server/templates/etc/graylog/server/6.3-server.conf.j2 b/roles/graylog_server/templates/etc/graylog/server/6.3-server.conf.j2 index 7ff391eb..bb71f9bc 100644 --- a/roles/graylog_server/templates/etc/graylog/server/6.3-server.conf.j2 +++ b/roles/graylog_server/templates/etc/graylog/server/6.3-server.conf.j2 @@ -1,5 +1,5 @@ # {{ ansible_managed }} -# 2026012102 +# 2026032701 # 6.3 ############################ # GRAYLOG CONFIGURATION FILE @@ -815,3 +815,9 @@ integrations_scripts_dir = /usr/share/graylog-server/scripts # instability. Proceed with caution. # Default: 0 #search_query_engine_data_lake_jobs_queue_size = 0 + +################## +# Privacy settings +################## + +telemetry_enabled = false diff --git a/roles/graylog_server/templates/etc/graylog/server/7.0-server.conf.j2 b/roles/graylog_server/templates/etc/graylog/server/7.0-server.conf.j2 index d1513278..7f4aaeb4 100644 --- a/roles/graylog_server/templates/etc/graylog/server/7.0-server.conf.j2 +++ b/roles/graylog_server/templates/etc/graylog/server/7.0-server.conf.j2 @@ -1,5 +1,5 @@ # {{ ansible_managed }} -# 2026012102 +# 2026032701 # 7.0 ############################ # GRAYLOG CONFIGURATION FILE @@ -819,3 +819,9 @@ integrations_scripts_dir = /usr/share/graylog-server/scripts # instability. Proceed with caution. # Default: 0 #search_query_engine_data_lake_jobs_queue_size = 0 + +################## +# Privacy settings +################## + +telemetry_enabled = false