search

Graylog2 / graylog-ansible-role

Ansible role which installs and configures Graylog
Apache License 2.0
212 stars 127 forks source link

Example Playbooks do not include es_api_basic_auth_username and es_api_basic_auth_password #93

Closed MakeStuffWithAI closed 2 years ago

MakeStuffWithAI commented 6 years ago

The ElasticSearch role from Ansible-Galaxy now requires es_api_basic_auth_username and es_api_basic_auth_password in order to configure Elastic Search.

The playbook.yml example needs to be updated to include these vars Example:

- hosts: "server"
  become: True
  vars:
    #Graylog is compatible with elasticsearch 5.x since version 2.3.0, so ensure to use the right combination for your installation
    #Also use the right branch of the Elasticsearch Ansible role, master supports 5.x.
    es_major_version: "5.x"
    es_version: "5.6.7"
    # Install Elasticsearch via repository or direct package download
    #es_use_repository: False
    #es_custom_package_url: "https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.6.7.rpm"
    es_instance_name: "graylog"
    es_scripts: False
    es_templates: False
    es_version_lock: False
    es_heap_size: "1g"
    **es_api_basic_auth_username: graylog
    es_api_basic_auth_password: somepassword**
    es_config:
      node.name: "graylog"
      cluster.name: "graylog"
      http.port: 9200
      transport.tcp.port: 9300
      network.host: "0.0.0.0"
      node.data: True
      node.master: True

    # Elasticsearch role already installed Java
    graylog_java_install: False

    graylog_install_mongodb: True

    # For Vagrant installations make sure port 9000 is forwarded
    graylog_web_endpoint_uri: "http://localhost:9000/api/"
    # For other setups, use the external IP of the Graylog server
    # graylog_web_endpoint_uri: "http://{{ ansible_host }}:9000/api/"

    nginx_sites:
      graylog:
        - "listen 80"
        - "server_name graylog"
        - |
          location / {
            proxy_pass http://localhost:9000/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass_request_headers on;
            proxy_connect_timeout 150;
            proxy_send_timeout 100;
            proxy_read_timeout 100;
            proxy_buffers 4 32k;
            client_max_body_size 8m;
            client_body_buffer_size 128k;
          }

  roles:
    - role: "Graylog2.graylog-ansible-role"
      tags:
        - "graylog"

Error:

TASK [elastic.elasticsearch : fail when api credentials are not declared when using security] ***
fatal: [default]: FAILED! => {"changed": false, "msg": "Enabling security requires an es_api_basic_auth_username and es_api_basic_auth_password to be provided to allow cluster operations"}
dsever commented 5 years ago

Have the same problem, as far I can see it also installs x-packs

To avoid security x-pack installation add variable like in main playbook: es_xpack_features: [] Dubravko

malcyon commented 2 years ago

The example in our README now specifies es_enable_xpack: False, which also disables this requirement.