Feat/graylog assert

roles/graylog_datanode/README.md

@@ -78,6 +78,12 @@ graylog_datanode__password_secret: 'Linuxfabrik_GmbH'
 * Type: String.
 * Default: `'mongodb://127.0.0.1/graylog'`
 
+`graylog_datanode__node_search_cache_size`
+
+* Cache size for searchable snaphots. This space will be automatically reserved if `graylog_datanode__path_repo` is configured. See [docs.opensearch.org - Supported Units](https://docs.opensearch.org/latest/api-reference/units/) for a list of possible options. 
+* Type: String
+* Default: `10gb`
+
 `graylog_datanode__opensearch_data_location`
 
 * Set this OpenSearch folder if you need OpenSearch to be located in a special place.
@@ -90,6 +96,17 @@ graylog_datanode__password_secret: 'Linuxfabrik_GmbH'
 * Type: String.
 * Default: 50% of system memory, e.g. `'8g'`
 
+`graylog_datanode__path_repo`
+
+* Filesystem paths where searchable snapshots should be stored
+* Type: List of Strings
+* Default: `[]`
+
+`graylog_datanode__raw`
+* Multiline string. Raw content which will be appended to the `datanode.conf` config file.
+* Type: String
+* Default: unset
+
 `graylog_datanode__service_enabled`
 
 * Enables or disables the graylog-datanode service, analogous to `systemctl enable/disable --now`.

roles/graylog_datanode/defaults/main.yml

@@ -1,8 +1,10 @@
 graylog_datanode__bind_address: '127.0.0.1'
 graylog_datanode__datanode_http_port: 8999
+graylog_datanode__mongodb_uri: 'mongodb://127.0.0.1/graylog'
+graylog_datanode__node_search_cache_size: '10gb'
 graylog_datanode__opensearch_data_location: '/var/lib/graylog-datanode/opensearch/data'
 graylog_datanode__opensearch_heap: '{{ [((ansible_facts["memtotal_mb"] * 0.5) | int), 31744] | min }}m'
-graylog_datanode__mongodb_uri: 'mongodb://127.0.0.1/graylog'
+graylog_datanode__path_repo: []
 graylog_datanode__service_enabled: true
 
 # ------

roles/graylog_datanode/tasks/main.yml

@@ -1,3 +1,23 @@
+- block:
+
+  - name: 'Validate that graylog_datanode__password_secret length >= 16 characters'
+    ansible.builtin.assert:
+      that:
+        - 'graylog_datanode__password_secret | length >= 16'
+      fail_msg: 'graylog_datanode__password_secret must at least 16 characters'
+      quiet: true
+
+  - name: 'Validate that graylog_datanode__node_search_cache_size follows OpenSearch Bytes format'
+    ansible.builtin.assert:
+      that:
+      -  'graylog_datanode__node_search_cache_size | regex_search("^[0-9]+(b|kb|mb|gb|tb|pb)$")'
+      fail_msg: '"{{ graylog_datanode__node_search_cache_size }}" does not follow OpenSearch Bytes format'
+      quiet: true
+
+  tags:
+    - 'graylog_datanode'
+    - 'graylog_datanode:configure'
+
 - block:
 
   - name: 'Install graylog-datanode'
@@ -62,6 +82,15 @@
       group: 'graylog-datanode'
       mode: 0o755
 
+  - name: 'mkdir -p {{ item }}; chown graylog-datanode:graylog-datanode {{ item }}'
+    ansible.builtin.file:
+      path: '{{ item }}'
+      state: 'directory'
+      owner: 'graylog-datanode'
+      group: 'graylog-datanode'
+      mode: 0o740
+    loop: '{{ graylog_datanode__path_repo }}'
+
   tags:
     - 'graylog_datanode'
     - 'graylog_datanode:configure'

roles/graylog_datanode/templates/etc/graylog/datanode/6.1-datanode.conf.j2

@@ -163,3 +163,13 @@ opensearch_logs_location = /var/log/graylog-datanode/opensearch
 # indexer_jwt_auth_token_expiration_duration = 180s
 
 opensearch_heap = {{ graylog_datanode__opensearch_heap }}
+
+#### Data Tiering Properties
+
+node_search_cache_size = {{ graylog_datanode__node_search_cache_size }}
+path_repo = {{ graylog_datanode__path_repo | join(',') }}
+
+{% if graylog_datanode__raw is defined and graylog_datanode__raw | length %}
+#### Raw ####
+{{ graylog_datanode__raw }}
+{% endif %}

roles/graylog_datanode/templates/etc/graylog/datanode/6.2-datanode.conf.j2

@@ -163,3 +163,13 @@ opensearch_logs_location = /var/log/graylog-datanode/opensearch
 # indexer_jwt_auth_token_expiration_duration = 180s
 
 opensearch_heap = {{ graylog_datanode__opensearch_heap }}
+
+#### Data Tiering Properties
+
+node_search_cache_size = {{ graylog_datanode__node_search_cache_size }}
+path_repo = {{ graylog_datanode__path_repo | join(',') }}
+
+{% if graylog_datanode__raw is defined and graylog_datanode__raw | length %}
+#### Raw ####
+{{ graylog_datanode__raw }}
+{% endif %}

roles/graylog_datanode/templates/etc/graylog/datanode/6.3-datanode.conf.j2

@@ -163,3 +163,13 @@ opensearch_logs_location = /var/log/graylog-datanode/opensearch
 # indexer_jwt_auth_token_expiration_duration = 180s
 
 opensearch_heap = {{ graylog_datanode__opensearch_heap }}
+
+#### Data Tiering Properties
+
+node_search_cache_size = {{ graylog_datanode__node_search_cache_size }}
+path_repo = {{ graylog_datanode__path_repo | join(',') }}
+
+{% if graylog_datanode__raw is defined and graylog_datanode__raw | length %}
+#### Raw ####
+{{ graylog_datanode__raw }}
+{% endif %}

roles/graylog_datanode/templates/etc/graylog/datanode/7.0-datanode.conf.j2

@@ -163,3 +163,13 @@ opensearch_logs_location = /var/log/graylog-datanode/opensearch
 # indexer_jwt_auth_token_expiration_duration = 180s
 
 opensearch_heap = {{ graylog_datanode__opensearch_heap }}
+
+#### Data Tiering Properties
+
+node_search_cache_size = {{ graylog_datanode__node_search_cache_size }}
+path_repo = {{ graylog_datanode__path_repo | join(',') }}
+
+{% if graylog_datanode__raw is defined and graylog_datanode__raw | length %}
+#### Raw ####
+{{ graylog_datanode__raw }}
+{% endif %}

roles/graylog_server/tasks/main.yml

@@ -1,3 +1,16 @@
+- block:
+
+  - name: 'Validate that graylog_server__password_secret length >= 16 characters'
+    ansible.builtin.assert:
+      that:
+        - 'graylog_server__password_secret | length >= 16'
+      fail_msg: 'graylog_server__password_secret must be at least 16 characters'
+      quiet: true
+
+  tags:
+    - 'graylog_server'
+    - 'graylog_server:configure'
+
 - block:
 
   - name: 'Install graylog-server'

roles/graylog_server/templates/etc/graylog/server/6.1-server.conf.j2

@@ -1,5 +1,5 @@
 # {{ ansible_managed }}
-# 2026012102
+# 2026032701
 # 6.1
 ############################
 # GRAYLOG CONFIGURATION FILE
@@ -781,3 +781,9 @@ integrations_scripts_dir = /usr/share/graylog-server/scripts
 #   event-processor-execution-v1
 #   notification-execution-v1
 #job_scheduler_concurrency_limits = event-processor-execution-v1:2,notification-execution-v1:2
+
+##################
+# Privacy settings
+##################
+
+telemetry_enabled = false

roles/graylog_server/templates/etc/graylog/server/6.2-server.conf.j2

@@ -1,5 +1,5 @@
 # {{ ansible_managed }}
-# 2026012102
+# 2026032701
 # 6.2
 ############################
 # GRAYLOG CONFIGURATION FILE
@@ -815,3 +815,9 @@ integrations_scripts_dir = /usr/share/graylog-server/scripts
 #          instability. Proceed with caution.
 # Default: 0
 #search_query_engine_data_lake_jobs_queue_size = 0
+
+##################
+# Privacy settings
+##################
+
+telemetry_enabled = false

roles/graylog_server/templates/etc/graylog/server/6.3-server.conf.j2

@@ -1,5 +1,5 @@
 # {{ ansible_managed }}
-# 2026012102
+# 2026032701
 # 6.3
 ############################
 # GRAYLOG CONFIGURATION FILE
@@ -815,3 +815,9 @@ integrations_scripts_dir = /usr/share/graylog-server/scripts
 #          instability. Proceed with caution.
 # Default: 0
 #search_query_engine_data_lake_jobs_queue_size = 0
+
+##################
+# Privacy settings
+##################
+
+telemetry_enabled = false

roles/graylog_server/templates/etc/graylog/server/7.0-server.conf.j2

@@ -1,5 +1,5 @@
 # {{ ansible_managed }}
-# 2026012102
+# 2026032701
 # 7.0
 ############################
 # GRAYLOG CONFIGURATION FILE
@@ -819,3 +819,9 @@ integrations_scripts_dir = /usr/share/graylog-server/scripts
 #          instability. Proceed with caution.
 # Default: 0
 #search_query_engine_data_lake_jobs_queue_size = 0
+
+##################
+# Privacy settings
+##################
+
+telemetry_enabled = false