Graylog in Docker - Certificate Broken

Hello … i need help to get my previously working graylog docker environment working again.

The issue is that the graylog server does not start as of certificate issues.

1. Describe your incident:
I was trying to make graylog running in a docker environment work with csf.
To do so i was trying to set up a specific network in the docker-compose.yml.

As all attempts failed i reversed my docker-compose.yml to the one that was working previously … see below.

However now i do not get the graylog server operational anymore.

The issue is that it can not connect to the datanode container runnining opensearch.
And the datanode container fails because some certificate is not matching anymore.

Here is the error message:

Datanode Error:

graylog-datanode-1 | 2023-11-22T02:35:03.247Z WARN [OpensearchNodeHeartbeat] Opensearch REST api of process 97 unavailable. Cause: Host name ‘cf4d733584d8’ does not match the certificate subject provided by the peer (CN=bf327a655a8f)

GrayLog Error:

2023-11-22 02:50:31,243 ERROR: org.graylog2.storage.versionprobe.VersionProbe - Unable to retrieve version from Elasticsearch node: Hostname cf4d733584d8 not verified:
graylog-graylog-1 | certificate: sha256/A8XL28JvgU5ctfUYhJKX8xA6IiyB5LqFpBHvaOz/aNA=
graylog-graylog-1 | DN: CN=bf327a655a8f
graylog-graylog-1 | subjectAltNames: [127.0.0.1, 0:0:0:0:0:0:0:1, 192.168.0.3, localhost, bf327a655a8f, 0:0:0:0:0:0:0:1]. - Hostname cf4d733584d8 not verified:
graylog-graylog-1 | certificate: sha256/A8XL28JvgU5ctfUYhJKX8xA6IiyB5LqFpBHvaOz/aNA=
graylog-graylog-1 | DN: CN=bf327a655a8f
graylog-graylog-1 | subjectAltNames: [127.0.0.1, 0:0:0:0:0:0:0:1, 192.168.0.3, localhost, bf327a655a8f, 0:0:0:0:0:0:0:1].
graylog-graylog-1 | 2023-11-22 02:50:31,245 INFO : org.graylog2.storage.versionprobe.VersionProbe - OpenSearch/Elasticsearch is not available. Retry #206

I know that i had to setup a certificate the very first time i ran graylog.
However i do not get to that web ui interface anymore to change the certificate.

2. Describe your environment:

  • OS Information:
    Ubuntu 20.04 with docker.

Here is my current docker-compose.yml

======

version: “3.8”

services:
mongodb:
image: “mongo:5.0”
volumes:
- “mongodb_data:/data/db”
restart: “on-failure”

datanode:
image: “${DATANODE_IMAGE:-graylog/graylog-datanode:5.2}”
environment:
GRAYLOG_DATANODE_NODE_ID_FILE: “/var/lib/graylog-datanode/node-id”
GRAYLOG_DATANODE_PASSWORD_SECRET: “uiZ31neZO0rZGe6GyAnh6AMpFkkxCxOYxFYiuKidVl4Wmfit561SeB6H9eR4TXoMq3yFMOYSZP0kKLxkE1ESNS9DhKXFcYD”
GRAYLOG_DATANODE_ROOT_PASSWORD_SHA2: “5ae7e2f0d47e5311db55f45ba7fbd7846bd7cb03e7a606a617aeda7eddad2a5”
GRAYLOG_DATANODE_MONGODB_URI: “mongodb://mongodb:27017/graylog”
ulimits:
memlock:
hard: -1
soft: -1
nofile:
soft: 65536
hard: 65536
ports:
- “8999:8999/tcp” # DataNode API
- “9201:9200/tcp”
- “9301:9300/tcp”
volumes:
- “graylog-datanode:/var/lib/graylog-datanode”
restart: “on-failure”

graylog:
hostname: “server”
image: “${GRAYLOG_IMAGE:-graylog/graylog:5.2}”
depends_on:
mongodb:
condition: “service_started”
entrypoint: “/usr/bin/tini – /docker-entrypoint.sh”
environment:
GRAYLOG_NODE_ID_FILE: “/usr/share/graylog/data/data/node-id”
GRAYLOG_PASSWORD_SECRET: “uiZ31neZO0rZGe6GyAnh6AMpFkkxCxOYxFYiuKidVl4Wmfit561SeB6H9eR4TXoMq3yFMOYSZP0kKLxkE1ESNS9DhKXFcYD”
GRAYLOG_ROOT_PASSWORD_SHA2: “5ae7e2f0d47e5311db55f45ba7fbd7846bd7cb03e7a606a617aeda7eddad2a5”
GRAYLOG_HTTP_BIND_ADDRESS: “0.0.0.0:9001”
GRAYLOG_HTTP_EXTERNAL_URI: “http://XXXXXXX:9001/
GRAYLOG_MONGODB_URI: “mongodb://mongodb:27017/graylog”
Graylog Central (peer support) Mail Settings
GRAYLOG_TRANSPORT_EMAIL_PROTOCOL: “smtp”
GRAYLOG_TRANSPORT_EMAIL_WEB_INTERFACE_URL: “XXXXXXXX:9001/”
GRAYLOG_TRANSPORT_EMAIL_HOSTNAME: “XXXXXXX”
GRAYLOG_TRANSPORT_EMAIL_ENABLED: “true”
GRAYLOG_TRANSPORT_EMAIL_PORT: “465”
GRAYLOG_TRANSPORT_EMAIL_USE_AUTH: “true”
GRAYLOG_TRANSPORT_EMAIL_AUTH_USERNAME: “XXXXXXXXX”
GRAYLOG_TRANSPORT_EMAIL_AUTH_PASSWORD: “XXXXXX”
GRAYLOG_TRANSPORT_EMAIL_USE_TLS: “false”
GRAYLOG_TRANSPORT_EMAIL_USE_SSL: “true”
GRAYLOG_TRANSPORT_FROM_EMAIL: “XXXXXXXXX”
GRAYLOG_TRANSPORT_SUBJECT_PREFIX: “[graylog]”
ports:
- “5045:5044/tcp” # Beats
- “5141:5140/udp” # Syslog
- “5141:5140/tcp” # Syslog
- “5556:5555/tcp” # RAW TCP
- “5556:5555/udp” # RAW TCP
- “9001:9001/tcp” # Server API
- “12201:12201/tcp” # GELF TCP
- “12201:12201/udp” # GELF UDP
#- “10000:10000/tcp” # Custom TCP port
#- “10000:10000/udp” # Custom UDP port
- “13301:13301/tcp” # Forwarder data
- “13302:13302/tcp” # Forwarder config
volumes:
- “graylog_data:/usr/share/graylog/data/data”
- “graylog_journal:/usr/share/graylog/data/journal”
restart: “on-failure”

volumes:
mongodb_data:
graylog-datanode:
graylog_data:
graylog_journal:

I am answering my own question:

The easiest solution to solve that issue is to add a hostname to the datanode in the docker-compose.yml file of the name that was previously created dynamically and is expected by the certificate.

This solves the issue and graylog is working again.

Nevertheless it would still be interesting to know how to replace the certificate once graylog does not fire up again.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.