Hey all, I loaded up Graylog/ES/Mongo in docker. I’ve followed the instructions and have had a few hiccups here and there.
I’ve hit a wall though. After what I believe Graylog getting to accept the selfsigned cert I am getting these errors.
ERROR: org.graylog2.bootstrap.ServerBootstrap - Graylog startup failed. Exiting. Exception was:
graylog_1 | java.lang.IllegalStateException: Expected to be healthy after starting. The following services are not running: {FAILED=[JerseyService [FAILED]]}
graylog_1 | at com.google.common.util.concurrent.ServiceManager$ServiceManagerState.checkHealthy(ServiceManager.java:773) ~[graylog.jar:?]
graylog_1 | at com.google.common.util.concurrent.ServiceManager$ServiceManagerState.awaitHealthy(ServiceManager.java:585) ~[graylog.jar:?]
graylog_1 | at com.google.common.util.concurrent.ServiceManager.awaitHealthy(ServiceManager.java:316) ~[graylog.jar:?]
graylog_1 | at org.graylog2.bootstrap.ServerBootstrap.startCommand(ServerBootstrap.java:161) [graylog.jar:?]
graylog_1 | at org.graylog2.bootstrap.CmdLineTool.run(CmdLineTool.java:210) [graylog.jar:?]
graylog_1 | at org.graylog2.bootstrap.Main.main(Main.java:50) [graylog.jar:?]
graylog_1 | Suppressed: com.google.common.util.concurrent.ServiceManager$FailedService: JerseyService [FAILED]
graylog_1 | Caused by: java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48)
graylog_1 | at sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:285) ~[?:1.8.0_265]
graylog_1 | at sun.security.util.DerInputStream.getOID(DerInputStream.java:320) ~[?:1.8.0_265]
graylog_1 | at com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267) ~[sunjce_provider.jar:1.8.0_265]
graylog_1 | at java.security.AlgorithmParameters.init(AlgorithmParameters.java:293) ~[?:1.8.0_265]
graylog_1 | at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:137) ~[?:1.8.0_265]
graylog_1 | at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:119) ~[?:1.8.0_265]
graylog_1 | at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:393) ~[?:1.8.0_265]
graylog_1 | at javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:95) ~[?:1.8.0_265]
graylog_1 | at org.graylog2.shared.security.tls.PemKeyStore.generateKeySpec(PemKeyStore.java:69) ~[graylog.jar:?]
graylog_1 | at org.graylog2.shared.security.tls.PemKeyStore.buildKeyStore(PemKeyStore.java:98) ~[graylog.jar:?]
graylog_1 | at org.graylog2.shared.initializers.JerseyService.buildSslEngineConfigurator(JerseyService.java:349) ~[graylog.jar:?]
graylog_1 | at org.graylog2.shared.initializers.JerseyService.startUpApi(JerseyService.java:173) ~[graylog.jar:?]
graylog_1 | at org.graylog2.shared.initializers.JerseyService.startUp(JerseyService.java:147) ~[graylog.jar:?]
graylog_1 | at com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:62) ~[graylog.jar:?]
graylog_1 | at com.google.common.util.concurrent.Callables$4.run(Callables.java:119) ~[graylog.jar:?]
graylog_1 | at java.lang.Thread.run(Thread.java:748) ~[?:1.8.0_265]
graylog_1 | 2020-10-23 02:39:58,418 INFO : org.graylog2.commands.Server - SIGNAL received. Shutting down.
graylog_1 | 2020-10-23 02:39:58,426 INFO : org.graylog2.system.shutdown.GracefulShutdown - Graceful shutdown initiated.
graylog_1 | 2020-10-23 02:39:58,426 INFO : org.graylog2.system.shutdown.GracefulShutdown - Node status: [Halting [LB:DEAD]]. Waiting <3sec> for possible load balancers to recognize state change.
My YAML
version: '2'
services:
# MongoDB: https://hub.docker.com/_/mongo/
mongodb:
image: mongo:3
#DB in share for persistence
# volumes:
# - /video/graylog/mongodb:/data/db
# Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/6.6/docker.html
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.10
#data folder in share for persistence
# volumes:
# - /video/graylog/elasticsearchdata:/usr/share/elasticsearch/data
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- node.max_local_storage_nodes=4
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
mem_limit: 1g
# Graylog: https://hub.docker.com/r/graylog/graylog/
graylog:
image: graylog/graylog:3.3
#journal and config directories in local NFS share for persistence
volumes:
# Mount local plugin file into Docker container
- /opt/graylog/plugin/graylog-plugin-auth-sso-3.3.0.jar:/usr/share/graylog/plugin/graylog-plugin-auth-sso-3.3.0.jar
- /opt/graylog/plugin/graylog-plugin-splunk-0.4.0.jar:/usr/share/graylog/plugin/graylog-plugin-splunk-0.4.0.jar
- /opt/graylog/server:/usr/share/graylog/server
#Certs
- /opt/graylog/server/conf/ssl/graylog-key.pem:/usr/share/graylog/server/graylog-key.pem
- /opt/graylog/server/conf/ssl/graylog-key.pem:/usr/share/graylog-key.pem
environment:
- "GRAYLOG_SERVER_JAVA_OPTS=-Xms1g -Xmx1g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow -Djavax.net.ssl.trustStore=/opt/graylog/server/conf/ssl/conf/graylog-key.jks -Djavax.net.ssl.trustStorePassword=changeit"
- GRAYLOG_PASSWORD_SECRET=secret
- GRAYLOG_ROOT_PASSWORD_SHA2=<hash>
- GRAYLOG_HTTP_BIND_ADDRESS=0.0.0.0:9000
- GRAYLOG_HTTP_EXTERNAL_URI=https://<domain>:9000/
- GRAYLOG_HTTP_ENABLE_TLS=true
- GRAYLOG_HTTP_TLS_CERT_FILE=/usr/share/graylog/server/graylog-cert.pem
- GRAYLOG_HTTP_TLS_KEY_FILE=/usr/share/graylog/server/graylog-key.pem
- GRAYLOG_HTTP_TLS_KEY_PASSWORD=secret
links:
- mongodb:mongo
- elasticsearch
depends_on:
- mongodb
- elasticsearch
ports:
# Graylog web interface and REST API
- 443:9000
- 9000:9000
# Syslog TCP
- 8514:8514
# Syslog UDP
- 8514:8514/udp
# GELF TCP
- 12201:12201
# GELF UDP
- 12201:12201/udp