Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • use-filebeat-rpm
2 results
Compare
Name Last commit Last update
defaults
handlers
meta
tasks
templates
README.md
README.md

Ansible role for graylog sidecars

Ansible role to install and configure graylog sidecars on Debian / Ubuntu / RedHat.

Default variables

# Unique node id. Default uses '/etc/machine-id'
graylog_sidecar_node_id: 'file:/etc/machine-id'

# Sidecar repository urls based on OS family
sidecar_repo_urls:
  "RedHat": "https://packages.graylog2.org/repo/packages/graylog-sidecar-repository-1-5.noarch.rpm"
  "Debian": "https://packages.graylog2.org/repo/packages/graylog-sidecar-repository_1-5_all.deb"

# Whether to install filebeat (default: true)
install_filebeat: true

# Filebeat repository urls based on OS family
filebeat_repo_urls:
  "RedHat": "https://artifacts.elastic.co/packages/oss-8.x/yum"
  "Debian": "https://artifacts.elastic.co/packages/oss-8.x/apt"

Variables required by the user

# API URL for graylog server
graylog_sidecar_server_url:

# SECRET: token to be used for sidecars
graylog_sidecar_server_api_token:

Node Certificates

For node certificates to be generated you will need to create an additional host group named sidecar-ca with a single host, that stores the CA certificate that should be used for client certificate generation.

The CA file must be available at: /etc/graylog/sidecar/sidecar-ca.pem The CA file's key must be available at: /etc/graylog/sidecar/sidecar-ca.key

The location of the files can be configured via variable. The name of the files however must be as specified. The following variables are available in regard to the node certificates.

# Whether to generate node certificates (default: true)
generate_node_certs: true

# The local directory where certs are stored before being uploaded
tmp_cert_dir: "/tmp/graylog-sidecar-certs"

# The path where the CA certificate and key should be fetched from
# the remote machine specified in the 'sidecar-ca' host group
gl_sidecar_ca_path: "/etc/graylog/sidecar"

# The directory where client certs should be stored at
sidecar_cert_dir: "/etc/graylog/sidecar"

# The time in days the client certificates will be valid
cert_valid_days: 1095

# The passphrase used for the CA file
sidecar_ca_passphrase:

SAN config

To configure the SANs that will be added to the node certificates the following options are available. The FQDN and short name of the node will always be added. The settings below only apply to IP SAN entries.

# Control the IP family to use
use_ipv4: true
use_ipv6: true

# If set to true, the IP of the default route interface will be used
use_default: true

# If set to true, the IP of the provided interface name will be used
use_interface_ip: false
iface_name: ""