I’m curious if there’s any means to install a fail-over setup.
My goal is High availability, but I don’t have enough to run a full cluster. Is it possible to use two standalone graylog server installations connected together? In the event the primary goes down, the secondary takes over. But when the primary returns, it can still access logs stored on the secondary.
You can run a HA setup, run a load balancer to direct logs to the two graylog servers. Only issue is your really need 3 servers in a MongoDB replica set. If you can put MongoDB on a VM it won’t use much resources.
Do I absolutely NEED three? I’m wanting essentially two master servers where one acts as a failover.
I was hoping there was a way to do this without replica sets, but I’m not really finding a solution. Am I going about this wrong? I just wanted a simple failover setup, but I’m wondering if that’s possible without three servers.
How are you planning to deploy the elasticsearch cluster? Are you planning on having a separate ES cluster or will it be deployed on the same box as Graylog? Maybe if you can give details about your entire setup that can help us give you better information.
Clusters can be configured in a multitude of ways but generally speaking, you will require a minimum of 3 servers for ES then, depending on how you want to deploy Mongo, you will require 1 or 3 instances for it. Mongo can run on the same nodes you run Graylog on or on its own server. If you want HA for Graylog you need to make sure all GL nodes can access Mongo at any time.
My idea was to have two graylog/mongo/ES boxes with an HAproxy in front of it. In the event the primary server fails, the second one would pick up and carry on. Once the primary comes back online, it would take over and the secondary would return to being on standby.
The idea was for these two servers to each be the single package (Graylog, Mongo, & ES) and just take over if the other fails. I’m starting to see that was maybe a bit short sighted on my part, but I am still new to this and I was trying to accomplish this with as minimal a setup as I could manage.
Graylog really isn’t setup to be deployed like that AFAIK. You run into a few problems with data storage as well, unless you are deploying some kind of shared storage in the backend.
I don’t know how your nix skills are but that could be an option. As an interesting thought exercise, one could maybe deploy some shared storage and use corosync to deploy clustered services http://clusterlabs.org/.
Well, that’s unfortunate. But I appreciate the help. I suppose I’m going to have to either have them stand alone with the HAproxy redirecting should the primary fail, or setup a proper multi-node cluster.
Which then leads me to the question: is it possible to make a sort of pseudo cold standby?
What I mean is, if I setup two nodes and the master node goes down, would the second node continue operating as normal?
with Graylog you will not create a cold stand-by - that is not the way Graylog is designed to work. You would create a two server setup with both servers under 50% load so one can handle all if needed.
Hi @KO1984.
Thanks for bring up this subject and other’s advices.
One question for you.
What is the network scope of failover ?
Failover between LAN subnets in one data center or WAN subnets that across regional data centers.
This is all in one environment. No distance between nodes. Same LAN, same WAN, just two separate servers. If the Datacenter fails entirely, I have bigger problems than my graylog going down.
What I’ve got working now is I have two standalone instances configured to recognize each other as nodes. The Replica set in Mongodb is configured with an added arbiter. And the ElasticSearch cluster should work (though I haven’t yet gotten the cluster config to work).
My current problem is getting Mongodb to start with the replica set by default, but I think that’s outside the scope of this thread (and likely the entire forum).