Graylog in Docker - Certificate Broken

webboty · November 22, 2023, 2:51am

Hello … i need help to get my previously working graylog docker environment working again.

The issue is that the graylog server does not start as of certificate issues.

1. Describe your incident:
I was trying to make graylog running in a docker environment work with csf.
To do so i was trying to set up a specific network in the docker-compose.yml.

As all attempts failed i reversed my docker-compose.yml to the one that was working previously … see below.

However now i do not get the graylog server operational anymore.

The issue is that it can not connect to the datanode container runnining opensearch.
And the datanode container fails because some certificate is not matching anymore.

Here is the error message:

Datanode Error:

graylog-datanode-1 | 2023-11-22T02:35:03.247Z WARN [OpensearchNodeHeartbeat] Opensearch REST api of process 97 unavailable. Cause: Host name ‘cf4d733584d8’ does not match the certificate subject provided by the peer (CN=bf327a655a8f)

GrayLog Error:

2023-11-22 02:50:31,243 ERROR: org.graylog2.storage.versionprobe.VersionProbe - Unable to retrieve version from Elasticsearch node: Hostname cf4d733584d8 not verified:
graylog-graylog-1 | certificate: sha256/A8XL28JvgU5ctfUYhJKX8xA6IiyB5LqFpBHvaOz/aNA=
graylog-graylog-1 | DN: CN=bf327a655a8f
graylog-graylog-1 | subjectAltNames: [127.0.0.1, 0:0:0:0:0:0:0:1, 192.168.0.3, localhost, bf327a655a8f, 0:0:0:0:0:0:0:1]. - Hostname cf4d733584d8 not verified:
graylog-graylog-1 | certificate: sha256/A8XL28JvgU5ctfUYhJKX8xA6IiyB5LqFpBHvaOz/aNA=
graylog-graylog-1 | DN: CN=bf327a655a8f
graylog-graylog-1 | subjectAltNames: [127.0.0.1, 0:0:0:0:0:0:0:1, 192.168.0.3, localhost, bf327a655a8f, 0:0:0:0:0:0:0:1].
graylog-graylog-1 | 2023-11-22 02:50:31,245 INFO : org.graylog2.storage.versionprobe.VersionProbe - OpenSearch/Elasticsearch is not available. Retry #206

I know that i had to setup a certificate the very first time i ran graylog.
However i do not get to that web ui interface anymore to change the certificate.

2. Describe your environment:

OS Information:
Ubuntu 20.04 with docker.

Here is my current docker-compose.yml

======

version: “3.8”

services:
mongodb:
image: “mongo:5.0”
volumes:
- “mongodb_data:/data/db”
restart: “on-failure”

datanode:
image: “${DATANODE_IMAGE:-graylog/graylog-datanode:5.2}”
environment:
GRAYLOG_DATANODE_NODE_ID_FILE: “/var/lib/graylog-datanode/node-id”
GRAYLOG_DATANODE_PASSWORD_SECRET: “uiZ31neZO0rZGe6GyAnh6AMpFkkxCxOYxFYiuKidVl4Wmfit561SeB6H9eR4TXoMq3yFMOYSZP0kKLxkE1ESNS9DhKXFcYD”
GRAYLOG_DATANODE_ROOT_PASSWORD_SHA2: “5ae7e2f0d47e5311db55f45ba7fbd7846bd7cb03e7a606a617aeda7eddad2a5”
GRAYLOG_DATANODE_MONGODB_URI: “mongodb://mongodb:27017/graylog”
ulimits:
memlock:
hard: -1
soft: -1
nofile:
soft: 65536
hard: 65536
ports:
- “8999:8999/tcp” # DataNode API
- “9201:9200/tcp”
- “9301:9300/tcp”
volumes:
- “graylog-datanode:/var/lib/graylog-datanode”
restart: “on-failure”

graylog:
hostname: “server”
image: “${GRAYLOG_IMAGE:-graylog/graylog:5.2}”
depends_on:
mongodb:
condition: “service_started”
entrypoint: “/usr/bin/tini – /docker-entrypoint.sh”
environment:
GRAYLOG_NODE_ID_FILE: “/usr/share/graylog/data/data/node-id”
GRAYLOG_PASSWORD_SECRET: “uiZ31neZO0rZGe6GyAnh6AMpFkkxCxOYxFYiuKidVl4Wmfit561SeB6H9eR4TXoMq3yFMOYSZP0kKLxkE1ESNS9DhKXFcYD”
GRAYLOG_ROOT_PASSWORD_SHA2: “5ae7e2f0d47e5311db55f45ba7fbd7846bd7cb03e7a606a617aeda7eddad2a5”
GRAYLOG_HTTP_BIND_ADDRESS: “0.0.0.0:9001”
GRAYLOG_HTTP_EXTERNAL_URI: “http://XXXXXXX:9001/”
GRAYLOG_MONGODB_URI: “mongodb://mongodb:27017/graylog”
Graylog Central (peer support) Mail Settings
GRAYLOG_TRANSPORT_EMAIL_PROTOCOL: “smtp”
GRAYLOG_TRANSPORT_EMAIL_WEB_INTERFACE_URL: “XXXXXXXX:9001/”
GRAYLOG_TRANSPORT_EMAIL_HOSTNAME: “XXXXXXX”
GRAYLOG_TRANSPORT_EMAIL_ENABLED: “true”
GRAYLOG_TRANSPORT_EMAIL_PORT: “465”
GRAYLOG_TRANSPORT_EMAIL_USE_AUTH: “true”
GRAYLOG_TRANSPORT_EMAIL_AUTH_USERNAME: “XXXXXXXXX”
GRAYLOG_TRANSPORT_EMAIL_AUTH_PASSWORD: “XXXXXX”
GRAYLOG_TRANSPORT_EMAIL_USE_TLS: “false”
GRAYLOG_TRANSPORT_EMAIL_USE_SSL: “true”
GRAYLOG_TRANSPORT_FROM_EMAIL: “XXXXXXXXX”
GRAYLOG_TRANSPORT_SUBJECT_PREFIX: “[graylog]”
ports:
- “5045:5044/tcp” # Beats
- “5141:5140/udp” # Syslog
- “5141:5140/tcp” # Syslog
- “5556:5555/tcp” # RAW TCP
- “5556:5555/udp” # RAW TCP
- “9001:9001/tcp” # Server API
- “12201:12201/tcp” # GELF TCP
- “12201:12201/udp” # GELF UDP
#- “10000:10000/tcp” # Custom TCP port
#- “10000:10000/udp” # Custom UDP port
- “13301:13301/tcp” # Forwarder data
- “13302:13302/tcp” # Forwarder config
volumes:
- “graylog_data:/usr/share/graylog/data/data”
- “graylog_journal:/usr/share/graylog/data/journal”
restart: “on-failure”

volumes:
mongodb_data:
graylog-datanode:
graylog_data:
graylog_journal:

webboty · November 22, 2023, 11:52am

I am answering my own question:

The easiest solution to solve that issue is to add a hostname to the datanode in the docker-compose.yml file of the name that was previously created dynamically and is expected by the certificate.

This solves the issue and graylog is working again.

Nevertheless it would still be interesting to know how to replace the certificate once graylog does not fire up again.

system · December 6, 2023, 11:52am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Input failed to start after https Graylog Central (peer support)	13	1275	March 26, 2020
Graylog 3.3.9 enabling TLS, inputs no longer starting Graylog Central (peer support)	2	582	January 5, 2021
Odd thing happen after enable https Graylog Central (peer support)	9	1422	November 6, 2019
Issue with Docker and SSL Graylog Central (peer support)	2	2817	August 14, 2018
Graylog in HTTPS mode with Docker-Compose Graylog Central (peer support)	3	2834	February 27, 2020

Graylog in Docker - Certificate Broken

Datanode Error:

GrayLog Error:

Related Topics