Multi Node Setup + SSO


(Stephan Krinetzki) #1

Dear Community,

I’m trying to setup a three node Graylog-Server Cluster with a 7 node Elasticsearch Cluster. My Setup has 3 Nodes MongoDB + Graylog-Server and 7 Nodes with Elasticsearch. Every Graylog node is behind an apache proxy (in the futur there will be a F5 load balancer at the front)

At the moment, Graylog is reachable over our first graylog node.

What are the steps to set up a multi node?
I tried the following

With this configuration, my first node works with local accounts, but not with SSO. But the headers are sent, as i checked via tcpdump.

The second node is unreachable in this setup.

Any ideas, what i did wrong and how to fix it?


(Jan Doberstein) #2

he @SKrinetzki

you would have on all Graylog Servers set your rest_listen_uri to 0.0.0.0:9000/api and your web_listen_uri to 0.0.0.0:9000.

See http://docs.graylog.org/en/2.4/pages/configuration/server.conf.html#general

To be saved, the rest_transport_uri on each node should be set to one IP where the node is reachable for others. Because this is used by other nodes to communicate with each other. If the communication should be done via HTTPS, including the keys and certs for rest and web listen at the same time.

Then you would have one Proxy that is the frontend for all nodes with a configuration like you can see in the docs ( http://docs.graylog.org/en/2.4/pages/configuration/web_interface.html#apache-httpd-2-x ). The important part is to make the X-Graylog-Server-URL "https://graylog.example.org/api/" setting to your load balancers URL.

When the SSO Plugin comes into play, this Plugin needs to be present on all Graylog Nodes. The Proxy (your Apache) then needs to ensure some kind of authentication and send the header to Graylog with each request ( http://docs.graylog.org/en/2.4/pages/users_and_roles/external_auth.html#single-sign-on ).

Does this make it more clear?

Jan


(Stephan Krinetzki) #3

Hello @jan

Thanks for the clarification. I was on the right track, but not at the goal. It makes sense now. Thank you so far.

Stephan


(system) #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.