Graylog in docker with external ES and MONGO


(FelixFV) #1

Hello! Can u help me?
I need example configuration to run graylog in docker container without ES and mongo
I have external cluster ES and MongoDb using with standalone graylog installation
and want to add 2-3 graylog containters to this cluster


(Jan Doberstein) #2

just follow the documentation:

http://docs.graylog.org/en/2.4/pages/installation/docker.html#settings

make the settings with environment variables.


(FelixFV) #3

I try to follow it
load custom config to container
my graylogcluster see new container node, but cant get information about it

nodes

and there is no result when i try to send test messag via netcat

adopted config (another folders into container) from my standalone server:
is_master = false
node_id_file = /usr/share/graylog/data/config/node-id
password_secret = MYWORKINGSTRING
root_password_sha2 = MYWORKINGSTRING
plugin_dir = /usr/share/graylog/plugin
rest_listen_uri = http://0.0.0.0:9000/api/
web_enable = false
web_listen_uri = http://0.0.0.0:9000/
elasticsearch_hosts = http://10.124.128.14:9200
rotation_strategy = count
elasticsearch_max_docs_per_index = 20000000
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 4
elasticsearch_replicas = 0
elasticsearch_index_prefix = graylog
allow_leading_wildcard_searches = false
allow_highlighting = false
elasticsearch_analyzer = standard
output_batch_size = 500
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 5
outputbuffer_processors = 3
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /usr/share/graylog/data/journal
lb_recognition_period_seconds = 3
mongodb_uri = MYWORKINGSTRING
mongodb_max_connections = 1000
mongodb_threads_allowed_to_block_multiplier = 5
proxied_requests_thread_pool_size = 32

help me please


(Jan Doberstein) #4

what is the configuration you tried? How did you started the Docker Graylog?


(FelixFV) #5

docker create --name graylog_1 image_id

then i load conf file to container cp ./config/graylog.conf graylog_1:/usr/share/graylog/data/config/graylog.conf

after that i see new node on “Nodes” page, but without info (as on top screenshot)


(Jan Doberstein) #6

so you did not create some port forwardings when starting the docker container?

All Graylog nodes need to communicate with each other via the REST API. If that is not exposed from the docker host and reachable by the other Graylog Servers you will not get any information of that host.


(FelixFV) #7

sorry
i use some port forward:
version: ‘2’
services:
graylog1:
image: graylog/graylog:2.4.0-1
volumes:
- ./config/graylog.conf:/usr/share/graylog/data/config/graylog.conf
ports:
- 9001:9000
- 514:514
- 51400:51400
- 514:514/udp
- 12201:12201
- 12201:12201/udp

and i change 0.0.0.0 to 127.0.0.1
after that i see some info about new nodes
but this information equal information about another node.
or i need mongodb for container? with external ES cluster


(Jan Doberstein) #8

you need to set rest_listen_uri and rest_transport_uri according to your setup.

Please read the documentation about those two parameters.
http://docs.graylog.org/en/2.4/pages/configuration/server.conf.html#general

Keep in mind that all Graylog nodes need to communicate with each other over the REST-API.

With a proper Network description or image someone from the outside (like user of this board) might be able to help you, but with the given information the above is all I can say.


(FelixFV) #9

in my config file (1st post) it set to
rest_listen_uri = http://0.0.0.0:9000/api/
web_listen_uri = http://0.0.0.0:9000/
i change it to
rest_listen_uri = http://127.0.0.1:9000/api/
web_listen_uri = http://127.0.0.1:9000/

and port forward:

  • 9001:9000 bcs 9000 is busy at this server

(Jan Doberstein) #10

again without knowing how your NETWORK is configured, what IPs are used on what location, it is impossible to give you the right configuration.


(FelixFV) #11

oh sorry
my network is 10.124.128.0/24
standalone graylog (with mongo in replica set):
10.124.128.13
10.124.128.14
fo load balancer i use HAProxy on 10.124.128.12 (and for webui too)

i try to use docker on 10.124.128.20 (port 9000 is busy on this server)

is it possible that info about node dont show because graylog version? on standalone setup i have 2.4.3+2c41897, codename Wildwuchs, but in container 2.4.6+ceaa7e4, codename Wildwuchs


(Jan Doberstein) #12

you should have the same version on all node.

set rest_transport_uri=http://10.124.128.20:9001 at the docker machine that should make it work. Read the comments above this settings in the configuration to understand why.


(FelixFV) #13

ok thanks!
i’ll try it after update


(FelixFV) #14

damn. it was ok
i add new string to haproxy configuration to backend section
and the information appear on my screen
thanks!


(system) #15

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.