How to add new node to graylog by using AMI of other node


(Ganeshbabu Ramamoorthy) #1

Hi All,

We have installed Graylog 2.3.1 version and is running on AWS Instance. Elasticsearch & Mongodb were running in another AWS Instance.

So now we were trying to add new node2 to the Graylog by then we created AMI of the node 1 and using that AMI we are able to create node2 in another VM and below are the changes we did it in the node2,

  • Delete all files from message_journal_dir directory and also deleted the “node_id_file” file

  • set “is_master = false” on Node2

After starting the Node2, we can see 2 nodes in Graylog under http://graylog:9000/system/nodes

The nodes are showing different names and ids but the processing in/out messages are showing the exact same number, also if I click on “Graceful Shutdown” on Node2, it is actually stopping Node1.

Please share your thoughts and correct me if I am doing anything wrong in the setup.

Thanks,
Ganeshbabu R


How to setup multi node in graylog manually
(Jochen) #2

http://docs.graylog.org/en/2.4/pages/configuration/graylog_ctl.html#multi-vm-setup

You’re not supposed to edit any configuration files manually in the OVA/AMI.


(Ganeshbabu Ramamoorthy) #3

Hi @jochen

I forgot to mention I have installed & configured graylog by using tar-ball (manual setup). Graylog was running in AWS EC2 instance and I created an AMI of the running EC2 instance.

Later I used that AMI to create new node in another EC2 instance.

The graylog-ctl script is only available for Virtual machine appliances and not for manual setup using tar-ball.

I want to add new node to graylog by using the manually created AMI of the other EC2 instance.
Let me know your feedback and guide us how to proceed further.

Regards,
Ganeshbabu R


(Jochen) #4

Please refer to http://docs.graylog.org/en/2.4/pages/configuration/multinode_setup.html


(Ganeshbabu Ramamoorthy) #5

Yes this documentation helps me to setup the multi node in graylog manually.

@jochen
Is there is no way to use the manually created AMI in new EC2 instance?

Regards,
Ganeshbabu R


(Jochen) #6

That depends on your custom AMI, but please understand that debugging your custom AMI is outside of what we can do in the free community support.

If you require professional support for your Graylog cluster, please contact us via https://www.graylog.org/contact-sales


(Ganeshbabu Ramamoorthy) #7

Hi All,

I have installed Graylog 2.3.1 in ubuntu 16.04 which is newly created instance in GCP (Google cloud platform), Elasticsearch & Mongo db were running in the same instance. Graylog application was up and running.

Below are the server.conf file changes in Graylog node1,

is_master = true
node_id_file = /etc/graylog/server/node-id
password_secret = yE3tQ931kKvFrLq2gdDbknUoAVIUqntipX2nMbybgftFZqP7fvmfONZ
root_password_sha2 = 1205814f8b6bc49672c4c74e25b497770b1
plugin_dir = /usr/share/graylog-server/plugin
rest_listen_uri = http://10.128.0.9:9000/api/
rest_transport_uri = http://104.198.57.170:9000/api/
web_listen_uri = http://10.128.0.9:9000/
elasticsearch_hosts = http://graylogssl:9200
rotation_strategy = count
elasticsearch_max_docs_per_index = 20000000
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 4
elasticsearch_replicas = 0
elasticsearch_index_prefix = graylog
allow_leading_wildcard_searches = false
allow_highlighting = false
elasticsearch_analyzer = standard
output_batch_size = 500
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 5
outputbuffer_processors = 3
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /var/lib/graylog-server/journal
lb_recognition_period_seconds = 3
mongodb_uri = mongodb://localhost/graylog
mongodb_max_connections = 1000
mongodb_threads_allowed_to_block_multiplier = 5
content_packs_dir = /usr/share/graylog-server/contentpacks
content_packs_auto_load = grok-patterns.json
proxied_requests_thread_pool_size = 32

And now I tried to add new node to Graylog by installing the same version in another newly created GCP instance,

Below are the server.conf file changes in Graylog node2,

is_master = false
node_id_file = /etc/graylog/server/node-id
password_secret = zEZgZX47tNhvexnF5sAtUz6HMYhwohMhxic95a8yxSfKNn9s1kvZhZae
root_password_sha2  = 5814f8b6bc49672c4c74e25b422cdeb4e951
plugin_dir = /usr/share/graylog-server/plugin
rest_listen_uri = http://10.128.0.8:9000/api/
rest_transport_uri = http://35.193.52.100:9000/api/
web_listen_uri = http://10.128.0.8:9000/
elasticsearch_hosts = http://influxubuntu:9200
rotation_strategy = count
elasticsearch_max_docs_per_index = 20000000
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 4
elasticsearch_replicas = 0
elasticsearch_index_prefix = graylog
allow_leading_wildcard_searches = false
allow_highlighting = false
elasticsearch_analyzer = standard
output_batch_size = 500
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 5
outputbuffer_processors = 3
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /var/lib/graylog-server/journal
lb_recognition_period_seconds = 3
mongodb_uri = mongodb://localhost/graylog
mongodb_max_connections = 1000
mongodb_threads_allowed_to_block_multiplier = 5
content_packs_dir = /usr/share/graylog-server/contentpacks
content_packs_auto_load = grok-patterns.json
proxied_requests_thread_pool_size = 32

How to add this new node to my Graylog node1? and it will helps to processing the messages smoothly with any issues

Is there any configuration I missed in the Graylog node2 server.conf file?

Please share your thoughts and correct me If I am wrong in the setup it would be very helpful.

I followed the multi node setup by refering the below link,
http://docs.graylog.org/en/2.4/pages/configuration/multinode_setup.html

Regards,
Ganeshbabu R


(Ganeshbabu Ramamoorthy) #8

Hi @jochen

I understand your point and I spoke to my team hopefully they will reach out graylog sales team soon.

Regards,
Ganeshbabu R


(Ganeshbabu Ramamoorthy) #9

@jochen

Thanks for merging it and do you find anything wrong in my both server.conf files?

Please let me know I will correct it.

Regards,
Ganeshbabu R


(Jochen) #10

You have to use the exact same password_secret for every Graylog node in the cluster, the content of /etc/graylog/server/node-id has to be unique for each Graylog node in the cluster (see node_id_file), every Graylog node has to use the same Elasticsearch cluster (see elasticsearch_hosts), and every Graylog node has to use the same MongoDB database (see mongodb_uri).

All of this is described in the documentation at http://docs.graylog.org/en/2.4/pages/configuration/multinode_setup.html


(Ganeshbabu Ramamoorthy) #11

Thanks for the clarification @jochen

The only thing I missed was mongo url and I have given private IP address instead of public IP address so that’s why my new node was not able to start.

Now everything works fine…


(system) #12

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.