├── .gitignore ├── .kitchen.yml ├── Berksfile ├── Gemfile ├── Gemfile.lock ├── LICENSE ├── README.md ├── config ├── projects │ ├── graylog-beta.rb │ └── graylog.rb └── software │ ├── authbind.rb │ ├── cacerts.rb │ ├── chef-gem.rb │ ├── elasticsearch.rb │ ├── etcd.rb │ ├── graylog-cookbooks.rb │ ├── graylog-ctl.rb │ ├── graylog-server.rb │ ├── jdk.rb │ ├── mongodb.rb │ ├── nginx.rb │ ├── ohai.rb │ ├── openssl.rb │ ├── pcre.rb │ ├── popt.rb │ ├── post-install.rb │ ├── prepare.rb │ ├── rsync.rb │ └── zlib.rb ├── files ├── data │ └── contentpacks │ │ └── content_pack_appliance.json ├── docker │ ├── docker_environment │ ├── my_init │ └── run_graylogctl ├── graylog-cookbooks │ ├── apt │ │ ├── CHANGELOG.md │ │ ├── README.md │ │ ├── attributes │ │ │ └── default.rb │ │ ├── files │ │ │ └── default │ │ │ │ ├── 15update-stamp │ │ │ │ └── apt-proxy-v2.conf │ │ ├── libraries │ │ │ ├── helpers.rb │ │ │ ├── matchers.rb │ │ │ └── network.rb │ │ ├── metadata.json │ │ ├── providers │ │ │ ├── preference.rb │ │ │ └── repository.rb │ │ ├── recipes │ │ │ ├── cacher-client.rb │ │ │ ├── cacher-ng.rb │ │ │ ├── default.rb │ │ │ └── unattended-upgrades.rb │ │ ├── resources │ │ │ ├── preference.rb │ │ │ └── repository.rb │ │ └── templates │ │ │ ├── debian-6.0 │ │ │ └── acng.conf.erb │ │ │ ├── default │ │ │ ├── 01proxy.erb │ │ │ ├── 10recommends.erb │ │ │ ├── 20auto-upgrades.erb │ │ │ ├── 50unattended-upgrades.erb │ │ │ ├── acng.conf.erb │ │ │ └── unattended-upgrades.seed.erb │ │ │ └── ubuntu-10.04 │ │ │ └── acng.conf.erb │ ├── dna.json │ ├── graylog │ │ ├── attributes │ │ │ └── default.rb │ │ ├── libraries │ │ │ ├── graylog.rb │ │ │ ├── helper.rb │ │ │ └── registry.rb │ │ ├── metadata.rb │ │ ├── recipes │ │ │ ├── authbind.rb │ │ │ ├── bootstrap.rb │ │ │ ├── bootstrap_disable.rb │ │ │ ├── default.rb │ │ │ ├── elasticsearch.rb │ │ │ ├── elasticsearch_disable.rb │ │ │ ├── etcd.rb │ │ │ ├── etcd_disable.rb │ │ │ ├── graylog-server.rb │ │ │ ├── graylog-server_disable.rb │ │ │ ├── mongodb.rb │ │ │ ├── mongodb_disable.rb │ │ │ ├── nginx.rb │ │ │ ├── nginx_disable.rb │ │ │ ├── show_config.rb │ │ │ └── users.rb │ │ └── templates │ │ │ └── default │ │ │ ├── 502.html.erb │ │ │ ├── elasticsearch.yml.erb │ │ │ ├── elasticsearch_log4j2.properties.erb │ │ │ ├── gitconfig.erb │ │ │ ├── graylog.conf.erb │ │ │ ├── log4j2.xml.erb │ │ │ ├── nginx.conf.erb │ │ │ ├── sv-elasticsearch-log-config.erb │ │ │ ├── sv-elasticsearch-log-run.erb │ │ │ ├── sv-elasticsearch-run.erb │ │ │ ├── sv-etcd-log-config.erb │ │ │ ├── sv-etcd-log-run.erb │ │ │ ├── sv-etcd-run.erb │ │ │ ├── sv-graylog-server-log-config.erb │ │ │ ├── sv-graylog-server-log-run.erb │ │ │ ├── sv-graylog-server-run.erb │ │ │ ├── sv-mongodb-log-config.erb │ │ │ ├── sv-mongodb-log-run.erb │ │ │ ├── sv-mongodb-run.erb │ │ │ ├── sv-nginx-log-config.erb │ │ │ ├── sv-nginx-log-run.erb │ │ │ └── sv-nginx-run.erb │ ├── ntp │ │ ├── .gitignore │ │ ├── .kitchen.yml │ │ ├── .rubocop.yml │ │ ├── .travis.yml │ │ ├── Berksfile │ │ ├── CHANGELOG.md │ │ ├── CONTRIBUTING.md │ │ ├── Gemfile │ │ ├── LICENSE │ │ ├── README.md │ │ ├── TESTING.md │ │ ├── attributes │ │ │ └── default.rb │ │ ├── chefignore │ │ ├── files │ │ │ ├── default │ │ │ │ ├── ntp.ini │ │ │ │ ├── ntp.leapseconds │ │ │ │ ├── tests │ │ │ │ │ └── minitest │ │ │ │ │ │ ├── default_test.rb │ │ │ │ │ │ ├── support │ │ │ │ │ │ └── helpers.rb │ │ │ │ │ │ └── undo_test.rb │ │ │ │ └── usr.sbin.ntpd.apparmor │ │ │ └── ubuntu-10 │ │ │ │ └── usr.sbin.ntpd.apparmor │ │ ├── libraries │ │ │ └── ntp_helper.rb │ │ ├── metadata.rb │ │ ├── recipes │ │ │ ├── apparmor.rb │ │ │ ├── default.rb │ │ │ ├── undo.rb │ │ │ └── windows_client.rb │ │ ├── spec │ │ │ ├── spec_helper.rb │ │ │ └── unit │ │ │ │ ├── attributes_spec.rb │ │ │ │ └── recipes │ │ │ │ ├── apparmor_spec.rb │ │ │ │ ├── default_spec.rb │ │ │ │ ├── undo_spec.rb │ │ │ │ └── windows_client_spec.rb │ │ ├── templates │ │ │ └── default │ │ │ │ └── ntp.conf.erb │ │ └── test │ │ │ └── integration │ │ │ ├── default │ │ │ └── bats │ │ │ │ └── verify_installed.bats │ │ │ └── undo │ │ │ └── bats │ │ │ └── verify_not_installed.bats │ ├── runit │ │ ├── README.md │ │ ├── attributes │ │ │ └── default.rb │ │ ├── definitions │ │ │ └── runit_service.rb │ │ ├── files │ │ │ └── default │ │ │ │ ├── graylog-runsvdir.conf │ │ │ │ ├── graylog-runsvdir.service │ │ │ │ └── svloggelfd-0.2.1.tar.gz │ │ ├── metadata.rb │ │ └── recipes │ │ │ ├── default.rb │ │ │ ├── svloggelfd.rb │ │ │ ├── systemd.rb │ │ │ ├── sysvinit.rb │ │ │ └── upstart.rb │ ├── show-config.json │ ├── solo.rb │ └── timezone-ii │ │ ├── .gitignore │ │ ├── .kitchen.yml │ │ ├── .ruby-gemset │ │ ├── .ruby-version │ │ ├── Berksfile │ │ ├── CHANGELOG.md │ │ ├── Gemfile │ │ ├── LICENSE │ │ ├── README.md │ │ ├── Thorfile │ │ ├── Vagrantfile │ │ ├── attributes │ │ └── default.rb │ │ ├── chefignore │ │ ├── files │ │ └── default │ │ │ └── tests │ │ │ └── minitest │ │ │ └── default_test.rb │ │ ├── metadata.rb │ │ ├── recipes │ │ ├── debian.rb │ │ ├── default.rb │ │ ├── fedora.rb │ │ ├── linux-generic.rb │ │ ├── pld.rb │ │ └── rhel.rb │ │ ├── templates │ │ ├── centos │ │ │ └── clock.erb │ │ ├── default │ │ │ └── timezone.conf.erb │ │ ├── pld │ │ │ └── timezone.conf.erb │ │ └── rhel │ │ │ └── clock.erb │ │ └── test │ │ └── kitchen │ │ ├── Kitchenfile │ │ └── cookbooks │ │ └── timezone-ii_test │ │ ├── metadata.rb │ │ └── recipes │ │ └── default.rb ├── graylog-ctl-commands │ ├── backup_etcd.rb │ ├── disable_internal_logging.rb │ ├── enable_all_services.rb │ ├── enforce_ssl.rb │ ├── list_servers.rb │ ├── local_connect.rb │ ├── reconfigure_as_backend.rb │ ├── reconfigure_as_datanode.rb │ ├── reconfigure_as_server.rb │ ├── set_admin_password.rb │ ├── set_admin_username.rb │ ├── set_cluster_master.rb │ ├── set_email_config.rb │ ├── set_external_ip.rb │ ├── set_listen_address.rb │ ├── set_mongodb_password.rb │ ├── set_node_id.rb │ ├── set_server_secret.rb │ └── set_timezone.rb ├── mac_dmg │ └── Resources │ │ ├── background.png │ │ └── icon.png ├── mac_pkg │ └── Resources │ │ ├── background.png │ │ ├── license.html │ │ └── welcome.html └── windows_msi │ └── Resources │ ├── assets │ ├── LICENSE.rtf │ ├── banner_background.bmp │ ├── dialog_background.bmp │ ├── project.ico │ ├── project_16x16.ico │ └── project_32x32.ico │ ├── localization-en-us.wxl.erb │ ├── parameters.wxi.erb │ └── source.wxs ├── omnibus.rb └── package-scripts └── graylog ├── postinst ├── postrm ├── preinst └── prerm /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | *.gem 3 | .bundle 4 | .kitchen/ 5 | .kitchen.local.yml 6 | vendor/bundle 7 | pkg/* 8 | .vagrant 9 | bin/* 10 | files/**/cache/ 11 | vendor/cookbooks 12 | packer/output-virtualbox-iso/ 13 | packer/packer_cache/ 14 | packer/packerrc.sh 15 | -------------------------------------------------------------------------------- /.kitchen.yml: -------------------------------------------------------------------------------- 1 | driver: 2 | name: vagrant 3 | customize: 4 | cpus: 2 5 | memory: 2048 6 | synced_folders: 7 | - ['.', '/home/vagrant/graylog2'] 8 | 9 | provisioner: 10 | require_chef_omnibus: 11.8.0 11 | 12 | platforms: 13 | - name: ubuntu-12.04 14 | run_list: apt::default 15 | - name: ubuntu-11.04 16 | run_list: apt::default 17 | - name: ubuntu-10.04 18 | run_list: apt::default 19 | - name: centos-5.10 20 | - name: centos-6.5 21 | 22 | suites: 23 | - name: default 24 | run_list: omnibus::default 25 | attributes: 26 | omnibus: 27 | build_user: vagrant 28 | build_dir: /home/vagrant/graylog2 29 | install_dir: /opt/graylog2 30 | -------------------------------------------------------------------------------- /Berksfile: -------------------------------------------------------------------------------- 1 | source 'https://api.berkshelf.com' 2 | 3 | # The apt cookbook is required to bring the apt cache up-to-date on Ubuntu 4 | # systems, since the cache can become stale on older boxes. 5 | cookbook 'apt', '~> 2.0' 6 | 7 | cookbook 'omnibus' 8 | 9 | # Uncomment to use the latest version of the Omnibus cookbook from GitHub 10 | # cookbook 'omnibus', github: 'opscode-cookbooks/omnibus' 11 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | # Use Berkshelf for resolving cookbook dependencies 4 | gem 'berkshelf', '~> 3.0' 5 | 6 | # Install omnibus software 7 | gem 'omnibus', '~> 3.2.2' 8 | 9 | # Use Chef's software definitions. It is recommended that you write your own 10 | # software definitions, but you can clone/fork Chef's to get you started. 11 | gem 'omnibus-software', github: 'opscode/omnibus-software', :branch => 'omnibus/3.2-stable' 12 | -------------------------------------------------------------------------------- /Gemfile.lock: -------------------------------------------------------------------------------- 1 | GIT 2 | remote: git://github.com/opscode/omnibus-software.git 3 | revision: 0569437f7952e4470979385501f95797863b54a4 4 | branch: omnibus/3.2-stable 5 | specs: 6 | omnibus-software (3.0.0) 7 | 8 | GEM 9 | remote: https://rubygems.org/ 10 | specs: 11 | addressable (2.3.8) 12 | arr-pm (0.0.10) 13 | cabin (> 0) 14 | backports (3.6.7) 15 | berkshelf (3.3.0) 16 | addressable (~> 2.3.4) 17 | berkshelf-api-client (~> 1.2) 18 | buff-config (~> 1.0) 19 | buff-extensions (~> 1.0) 20 | buff-shell_out (~> 0.1) 21 | celluloid (~> 0.16.0) 22 | celluloid-io (~> 0.16.1) 23 | cleanroom (~> 1.0) 24 | faraday (~> 0.9.0) 25 | httpclient (~> 2.6.0) 26 | minitar (~> 0.5.4) 27 | octokit (~> 3.0) 28 | retryable (~> 2.0) 29 | ridley (~> 4.0) 30 | solve (~> 1.1) 31 | thor (~> 0.19) 32 | berkshelf-api-client (1.3.1) 33 | faraday (~> 0.9.1) 34 | httpclient (~> 2.6.0) 35 | buff-config (1.0.1) 36 | buff-extensions (~> 1.0) 37 | varia_model (~> 0.4) 38 | buff-extensions (1.0.0) 39 | buff-ignore (1.1.1) 40 | buff-ruby_engine (0.1.0) 41 | buff-shell_out (0.2.0) 42 | buff-ruby_engine (~> 0.1.0) 43 | cabin (0.8.0) 44 | celluloid (0.16.0) 45 | timers (~> 4.0.0) 46 | celluloid-io (0.16.2) 47 | celluloid (>= 0.16.0) 48 | nio4r (>= 1.1.0) 49 | chef-sugar (1.3.0) 50 | childprocess (0.5.9) 51 | ffi (~> 1.0, >= 1.0.11) 52 | clamp (0.6.5) 53 | cleanroom (1.0.0) 54 | dep-selector-libgecode (1.0.2) 55 | dep_selector (1.0.3) 56 | dep-selector-libgecode (~> 1.0) 57 | ffi (~> 1.9) 58 | erubis (2.7.0) 59 | faraday (0.9.2) 60 | multipart-post (>= 1.2, < 3) 61 | ffi (1.9.10) 62 | ffi-yajl (1.4.0) 63 | ffi (~> 1.5) 64 | libyajl2 (~> 1.2) 65 | fpm (0.4.42) 66 | arr-pm (~> 0.0.8) 67 | backports (>= 2.6.2) 68 | cabin (>= 0.6.0) 69 | childprocess 70 | clamp (~> 0.6) 71 | ftw (~> 0.0.30) 72 | json (>= 1.7.7) 73 | ftw (0.0.44) 74 | addressable 75 | backports (>= 2.6.2) 76 | cabin (> 0) 77 | http_parser.rb (~> 0.6) 78 | hashie (3.4.3) 79 | hitimes (1.2.3) 80 | http_parser.rb (0.6.0) 81 | httpclient (2.6.0.1) 82 | ipaddress (0.8.2) 83 | json (1.8.3) 84 | libyajl2 (1.2.0) 85 | mime-types (1.25.1) 86 | minitar (0.5.4) 87 | mixlib-authentication (1.3.0) 88 | mixlib-log 89 | mixlib-cli (1.5.0) 90 | mixlib-config (2.2.1) 91 | mixlib-log (1.6.0) 92 | mixlib-shellout (1.6.1) 93 | multipart-post (2.0.0) 94 | nio4r (1.2.0) 95 | octokit (3.8.0) 96 | sawyer (~> 0.6.0, >= 0.5.3) 97 | ohai (7.4.1) 98 | ffi (~> 1.9) 99 | ffi-yajl (~> 1.1) 100 | ipaddress 101 | mime-types (~> 1.16) 102 | mixlib-cli 103 | mixlib-config (~> 2.0) 104 | mixlib-log 105 | mixlib-shellout (~> 1.2) 106 | systemu (~> 2.6.4) 107 | wmi-lite (~> 1.0) 108 | omnibus (3.2.2) 109 | chef-sugar (~> 1.2) 110 | fpm (~> 0.4) 111 | mixlib-shellout (~> 1.4) 112 | ohai (~> 7.2) 113 | thor (~> 0.18) 114 | uber-s3 115 | retryable (2.0.3) 116 | ridley (4.4.1) 117 | addressable 118 | buff-config (~> 1.0) 119 | buff-extensions (~> 1.0) 120 | buff-ignore (~> 1.1) 121 | buff-shell_out (~> 0.1) 122 | celluloid (~> 0.16.0) 123 | celluloid-io (~> 0.16.1) 124 | erubis 125 | faraday (~> 0.9.0) 126 | hashie (>= 2.0.2, < 4.0.0) 127 | httpclient (~> 2.6) 128 | json (>= 1.7.7) 129 | mixlib-authentication (>= 1.3.0) 130 | retryable (~> 2.0) 131 | semverse (~> 1.1) 132 | varia_model (~> 0.4.0) 133 | sawyer (0.6.0) 134 | addressable (~> 2.3.5) 135 | faraday (~> 0.8, < 0.10) 136 | semverse (1.2.1) 137 | solve (1.2.1) 138 | dep_selector (~> 1.0) 139 | semverse (~> 1.1) 140 | systemu (2.6.5) 141 | thor (0.19.1) 142 | timers (4.0.4) 143 | hitimes 144 | uber-s3 (0.2.4) 145 | mime-types (~> 1.17) 146 | varia_model (0.4.1) 147 | buff-extensions (~> 1.0) 148 | hashie (>= 2.0.2, < 4.0.0) 149 | wmi-lite (1.0.0) 150 | 151 | PLATFORMS 152 | ruby 153 | 154 | DEPENDENCIES 155 | berkshelf (~> 3.0) 156 | omnibus (~> 3.2.2) 157 | omnibus-software! 158 | 159 | BUNDLED WITH 160 | 1.11.2 161 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## WARNING 2 | 3 | **This one is deprecated and no longer maintained.** 4 | 5 | The Graylog appliances don't rely on the Omnibus package anymore since Graylog 3.0 6 | 7 | Graylog Omnibus Project 8 | ======================== 9 | This project creates full-stack platform-specific packages for 10 | `Graylog`! 11 | 12 | Download 13 | -------- 14 | You can download pre-build omnibus packages of Graylog [here](https://packages.graylog2.org/appliances/ubuntu). 15 | Those packages are build for _Ubuntu_ 14.04 LTS release. 16 | 17 | Installation 18 | ------------ 19 | 20 | The Omnibus package will create all it needs on the host including users and system services. Install it either as 21 | root or a sudo'ed admin user: 22 | 23 | ```shell 24 | $ sudo dpkg -i graylog_latest.deb 25 | ``` 26 | 27 | Upgrading 28 | --------- 29 | 30 | *WARNING*: The Graylog omnibus package currently does *not* support upgrading from Graylog 1.x to Graylog 2.0.x! 31 | 32 | Usage 33 | ----- 34 | You must have a sane Ruby 1.9+ environment with Bundler installed. Ensure all 35 | the required gems are installed: 36 | 37 | ```shell 38 | $ sudo bundle install --binstubs 39 | ``` 40 | 41 | ### Build 42 | 43 | You create a platform-specific package using the `build project` command: 44 | 45 | ```shell 46 | $ sudo bin/omnibus build graylog 47 | ``` 48 | 49 | Currently we support only Ubuntu 14.04 50 | 51 | ### Clean 52 | 53 | You can clean up all temporary files generated during the build process with 54 | the `clean` command: 55 | 56 | ```shell 57 | $ sudo bin/omnibus clean graylog 58 | ``` 59 | 60 | Adding the `--purge` purge option removes __ALL__ files generated during the 61 | build including the project install directory (`/opt/graylog`) and 62 | the package cache directory (`/var/cache/omnibus/pkg`): 63 | 64 | ```shell 65 | $ sudo bin/omnibus clean graylog --purge 66 | ``` 67 | 68 | ### Help 69 | 70 | Full help for the Omnibus command line interface can be accessed with the 71 | `help` command: 72 | 73 | ```shell 74 | $ bin/omnibus help 75 | ``` 76 | 77 | Further documentation can be found [here](http://docs.graylog.org/en/latest/pages/installation/graylog_ctl.html) 78 | -------------------------------------------------------------------------------- /config/projects/graylog-beta.rb: -------------------------------------------------------------------------------- 1 | name 'graylog' 2 | maintainer 'Marius Sturm' 3 | homepage 'https://graylog.org' 4 | 5 | install_dir '/opt/graylog' 6 | build_version '2.4.0-rc.2' 7 | build_iteration 1 8 | 9 | conflict 'graylog-server' 10 | 11 | override :ruby, version: "2.1.10", 12 | source: { md5: "c212fdeed9534ec7cb9bf13c0bf4d1d5" } 13 | override :'chef-gem', version: "12.6.0" 14 | override :'openssl', version: "1.0.2n", 15 | source: { 16 | url: "https://www.openssl.org/source/openssl-1.0.2n.tar.gz", 17 | md5: "13bdc1b1d1ff39b6fd42a255e74676a4" } 18 | override :'cacerts', version: "2018-01-17", 19 | source: { 20 | url: "https://curl.haxx.se/ca/cacert-2018-01-17.pem", 21 | md5: "df0df092f7590ce0cc636986f1ae084b" } 22 | 23 | dependency "prepare" 24 | dependency "chef-gem" 25 | dependency "runit" 26 | dependency "jdk" 27 | dependency "elasticsearch" 28 | dependency "mongodb" 29 | dependency "nginx" 30 | dependency "etcd" 31 | dependency "graylog-server" 32 | dependency "graylog-ctl" 33 | dependency "graylog-cookbooks" 34 | dependency "post-install" 35 | if linux? 36 | dependency "authbind" 37 | end 38 | 39 | exclude '\.git*' 40 | exclude 'bundler\/git' 41 | 42 | package_user 'root' 43 | package_group 'root' 44 | -------------------------------------------------------------------------------- /config/projects/graylog.rb: -------------------------------------------------------------------------------- 1 | name 'graylog' 2 | maintainer 'Marius Sturm' 3 | homepage 'https://graylog.org' 4 | 5 | install_dir '/opt/graylog' 6 | build_version '2.4.6' 7 | build_iteration 1 8 | 9 | conflict 'graylog-server' 10 | 11 | override :ruby, version: "2.1.10", 12 | source: { md5: "c212fdeed9534ec7cb9bf13c0bf4d1d5" } 13 | override :'chef-gem', version: "12.6.0" 14 | override :'openssl', version: "1.0.2n", 15 | source: { 16 | url: "https://www.openssl.org/source/openssl-1.0.2n.tar.gz", 17 | md5: "13bdc1b1d1ff39b6fd42a255e74676a4" } 18 | override :'cacerts', version: "2018-01-17", 19 | source: { 20 | url: "https://curl.haxx.se/ca/cacert-2018-01-17.pem", 21 | md5: "df0df092f7590ce0cc636986f1ae084b" } 22 | 23 | dependency "prepare" 24 | dependency "chef-gem" 25 | dependency "runit" 26 | dependency "jdk" 27 | dependency "elasticsearch" 28 | dependency "mongodb" 29 | dependency "nginx" 30 | dependency "etcd" 31 | dependency "graylog-server" 32 | dependency "graylog-ctl" 33 | dependency "graylog-cookbooks" 34 | dependency "post-install" 35 | if linux? 36 | dependency "authbind" 37 | end 38 | 39 | exclude '\.git*' 40 | exclude 'bundler\/git' 41 | 42 | package_user 'root' 43 | package_group 'root' 44 | -------------------------------------------------------------------------------- /config/software/authbind.rb: -------------------------------------------------------------------------------- 1 | name "authbind" 2 | default_version "2.1.1" 3 | 4 | version "2.1.1" do 5 | source md5: "ef3cd5eef28519b8daf248e3761dd9bd" 6 | end 7 | 8 | source url: "https://launchpadlibrarian.net/107315154/authbind_#{version}.tar.gz" 9 | 10 | relative_path "authbind-#{version}" 11 | env = with_standard_compiler_flags() 12 | 13 | build do 14 | command "make -j #{workers} prefix=#{install_dir}/embedded", :env => env 15 | command "make install prefix=#{install_dir}/embedded", :env => env 16 | end 17 | -------------------------------------------------------------------------------- /config/software/cacerts.rb: -------------------------------------------------------------------------------- 1 | name "cacerts" 2 | 3 | default_version "2016-04-20" 4 | 5 | source url: "https://curl.haxx.se/ca/cacert-#{version}.pem" 6 | 7 | version "2016-04-20" do 8 | source md5: "782dcde8f5d53b1b9e888fdf113c42b9" 9 | end 10 | 11 | version "2016.01.20" do 12 | source md5: "06629db7f712ff3a75630eccaecc1fe4" 13 | source url: "https://curl.haxx.se/ca/cacert-2016-01-20.pem" 14 | end 15 | 16 | relative_path "cacerts-#{version}" 17 | 18 | build do 19 | mkdir "#{install_dir}/embedded/ssl/certs" 20 | 21 | copy "#{project_dir}/cacert*.pem", "#{install_dir}/embedded/ssl/certs/cacert.pem" 22 | 23 | # Windows does not support symlinks 24 | unless windows? 25 | link "#{install_dir}/embedded/ssl/certs/cacert.pem", "#{install_dir}/embedded/ssl/cert.pem" 26 | 27 | block { File.chmod(0644, "#{install_dir}/embedded/ssl/certs/cacert.pem") } 28 | end 29 | end 30 | -------------------------------------------------------------------------------- /config/software/chef-gem.rb: -------------------------------------------------------------------------------- 1 | name "chef-gem" 2 | default_version "12.6.0" 3 | 4 | dependency "ruby" 5 | dependency "rubygems" 6 | dependency "libffi" 7 | dependency "ohai" 8 | 9 | build do 10 | gem "install net-ssh -n #{install_dir}/embedded/bin --no-rdoc --no-ri -v 2.9.4" 11 | gem "install net-ssh-gateway -n #{install_dir}/embedded/bin --no-rdoc --no-ri -v 1.3.0" 12 | gem "install net-ssh-multi --ignore-dependencies -n #{install_dir}/embedded/bin --no-rdoc --no-ri -v 1.2.1" 13 | gem "install rack -n #{install_dir}/embedded/bin --no-rdoc --no-ri -v 1.6.5" 14 | gem "install chef-config -n #{install_dir}/embedded/bin --no-rdoc --no-ri -v #{version}" 15 | gem "install chef -n #{install_dir}/embedded/bin --no-rdoc --no-ri -v #{version}" 16 | end 17 | -------------------------------------------------------------------------------- /config/software/elasticsearch.rb: -------------------------------------------------------------------------------- 1 | name "elasticsearch" 2 | default_version "5.6.3" 3 | 4 | dependency "jdk" 5 | dependency "runit" 6 | 7 | source url: "https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-#{version}.tar.gz", 8 | md5: "8dd1558d3535705d20a5129cac30ce5a" 9 | 10 | relative_path "elasticsearch-#{version}" 11 | 12 | build do 13 | mkdir "#{install_dir}/elasticsearch" 14 | mkdir "#{install_dir}/elasticsearch/plugins" 15 | delete "#{project_dir}/lib/sigar/*solaris*" 16 | delete "#{project_dir}/lib/sigar/*sparc*" 17 | delete "#{project_dir}/lib/sigar/*freebsd*" 18 | sync "#{project_dir}/", "#{install_dir}/elasticsearch" 19 | end 20 | -------------------------------------------------------------------------------- /config/software/etcd.rb: -------------------------------------------------------------------------------- 1 | name "etcd" 2 | default_version "v3.2.4" 3 | gem_version = "0.3.0" 4 | 5 | dependency "openssl" 6 | dependency "ruby" 7 | dependency "rubygems" 8 | 9 | source :url => "https://github.com/coreos/etcd/releases/download/#{version}/etcd-#{version}-linux-amd64.tar.gz", 10 | :md5 => "d1e92766a20439cc475d46e8024fdf7c" 11 | 12 | relative_path "etcd-#{version}-linux-amd64" 13 | 14 | build do 15 | copy "#{project_dir}/etcdctl", "#{install_dir}/embedded/bin" 16 | copy "#{project_dir}/etcd", "#{install_dir}/embedded/sbin" 17 | 18 | gem "install etcd -n #{install_dir}/embedded/bin --no-rdoc --no-ri -v #{gem_version}" 19 | end 20 | -------------------------------------------------------------------------------- /config/software/graylog-cookbooks.rb: -------------------------------------------------------------------------------- 1 | name "graylog-cookbooks" 2 | 3 | dependency "rsync" 4 | 5 | source :path => File.expand_path("files/graylog-cookbooks", RbConfig::CONFIG['project_root']) 6 | 7 | build do 8 | mkdir "#{install_dir}/embedded/cookbooks" 9 | sync "#{project_dir}/", "#{install_dir}/embedded/cookbooks" 10 | end 11 | -------------------------------------------------------------------------------- /config/software/graylog-ctl.rb: -------------------------------------------------------------------------------- 1 | name "graylog-ctl" 2 | 3 | dependency "rsync" 4 | dependency "omnibus-ctl" 5 | 6 | source :path => File.expand_path("files/graylog-ctl-commands", RbConfig::CONFIG['project_root']) 7 | 8 | build do 9 | block do 10 | open("#{install_dir}/embedded/bin/graylog-ctl", "w") do |file| 11 | file.print <<-EOH 12 | #!/bin/bash 13 | 14 | # Ruby environment if graylog-ctl is called from a Ruby script. 15 | for ruby_env_var in RUBYOPT \\ 16 | BUNDLE_BIN_PATH \\ 17 | BUNDLE_GEMFILE \\ 18 | GEM_PATH \\ 19 | GEM_HOME 20 | do 21 | unset $ruby_env_var 22 | done 23 | 24 | #{install_dir}/embedded/bin/omnibus-ctl graylog #{install_dir}/embedded/service/omnibus-ctl $@ 25 | EOH 26 | end 27 | end 28 | 29 | command "chmod 755 #{install_dir}/embedded/bin/graylog-ctl" 30 | 31 | # additional omnibus-ctl commands 32 | sync "#{project_dir}/", "#{install_dir}/embedded/service/omnibus-ctl/" 33 | end 34 | -------------------------------------------------------------------------------- /config/software/graylog-server.rb: -------------------------------------------------------------------------------- 1 | name "graylog-server" 2 | default_version project.build_version 3 | 4 | dependency "jdk" 5 | dependency "runit" 6 | 7 | if version.include? '-alpha' or version.include? '-beta' or version.include? '-rc' or version.include? 'SNAPSHOT' 8 | source url: "http://packages.graylog2.org/releases/graylog/graylog-#{version}.tgz", 9 | md5: "41175ef13df5a8e8477897c3622eb596" 10 | else 11 | source url: "http://packages.graylog2.org/releases/graylog/graylog-#{version}.tgz", 12 | md5: "fe7e43f13146738e30c67407f7f59325" 13 | end 14 | 15 | whitelist_file "/opt/graylog/server/lib/sigar/*" 16 | relative_path "graylog-#{version}" 17 | 18 | 19 | build do 20 | delete "#{project_dir}/lib/sigar/sigar-*winnt*" 21 | delete "#{project_dir}/lib/sigar/libsigar-*freebsd*" 22 | delete "#{project_dir}/lib/sigar/libsigar-*solaris*" 23 | delete "#{project_dir}/lib/sigar/libsigar-*hpux*" 24 | delete "#{project_dir}/lib/sigar/libsigar-*ppc*" 25 | delete "#{project_dir}/lib/sigar/libsigar-*macosx*" 26 | delete "#{project_dir}/lib/sigar/libsigar-*s390x*" 27 | delete "#{project_dir}/lib/sigar/libsigar-*ia64*" 28 | 29 | mkdir "#{install_dir}/server" 30 | mkdir "#{install_dir}/plugin" 31 | mkdir "#{install_dir}/contentpacks" 32 | sync "#{project_dir}/", "#{install_dir}/server" 33 | sync "#{project_dir}/plugin/", "#{install_dir}/plugin/" 34 | sync "#{project_dir}/data/contentpacks/", "#{install_dir}/contentpacks/" 35 | 36 | delete "#{install_dir}/server/plugin" 37 | delete "#{install_dir}/server/data/contentpacks" 38 | end 39 | -------------------------------------------------------------------------------- /config/software/jdk.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2013-2014 Chef Software, Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | name "jdk" 18 | default_version "8u172" 19 | relative_path "jdk1.8.0_172" 20 | 21 | whitelist_file "jre/bin/javaws" 22 | whitelist_file "jre/bin/policytool" 23 | whitelist_file "jre/lib" 24 | whitelist_file "jre/plugin" 25 | whitelist_file "jre/bin/appletviewer" 26 | 27 | if _64_bit? 28 | source url: "http://download.oracle.com/otn-pub/java/jdk/#{version}-b11/a58eab1ec242421181065cdc37240b08/jdk-#{version}-linux-x64.tar.gz", 29 | md5: "eda2945e8c02b84adbf78f46c37b71c1", 30 | cookie: "gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie", 31 | warning: "By including the JRE, you accept the terms of the Oracle Binary Code License Agreement for the Java SE Platform Products and JavaFX, which can be found at http://www.oracle.com/technetwork/java/javase/terms/license/index.html" 32 | else 33 | raise "Server-jre can only be installed on x86_64 systems." 34 | end 35 | 36 | build do 37 | mkdir "#{install_dir}/embedded/jre" 38 | delete "#{project_dir}/bin/ControlPanel" 39 | sync "#{project_dir}/", "#{install_dir}/embedded/jre" 40 | end 41 | -------------------------------------------------------------------------------- /config/software/mongodb.rb: -------------------------------------------------------------------------------- 1 | name "mongodb" 2 | default_version "3.4.9" 3 | gem_version = "2.4.1" 4 | 5 | dependency "runit" 6 | dependency "ruby" 7 | dependency "rubygems" 8 | 9 | source url: "https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-#{version}.tgz", 10 | md5: "001a6e1a65de8002f565ebb8d54eb9d5" 11 | 12 | relative_path "mongodb-linux-x86_64-#{version}" 13 | 14 | build do 15 | mkdir "#{install_dir}/mongodb" 16 | sync "#{project_dir}/", "#{install_dir}/mongodb" 17 | delete "#{install_dir}/mongodb/bin/mongoreplay" 18 | 19 | gem "install mongo -n #{install_dir}/embedded/bin --no-rdoc --no-ri -v #{gem_version}" 20 | end 21 | -------------------------------------------------------------------------------- /config/software/nginx.rb: -------------------------------------------------------------------------------- 1 | name "nginx" 2 | default_version "1.13.6" 3 | 4 | dependency "pcre" 5 | dependency "openssl" 6 | 7 | source :url => "http://nginx.org/download/nginx-#{version}.tar.gz", 8 | :md5 => "f84d3f782c168bfdfb734700e51a929f" 9 | 10 | relative_path "nginx-#{version}" 11 | 12 | build do 13 | command ["./configure", 14 | "--prefix=#{install_dir}/embedded", 15 | "--conf-path=#{install_dir}/conf/nginx/nginx.conf", 16 | "--http-log-path=/var/log/graylog/nginx/access.log", 17 | "--error-log-path=/var/log/graylog/nginx/error.log", 18 | "--with-http_ssl_module", 19 | "--with-http_stub_status_module", 20 | "--with-ipv6", 21 | "--with-debug", 22 | "--with-ld-opt=-L#{install_dir}/embedded/lib", 23 | "--with-cc-opt=\"-L#{install_dir}/embedded/lib -I#{install_dir}/embedded/include\""].join(" ") 24 | command "make -j #{workers}", :env => {"LD_RUN_PATH" => "#{install_dir}/embedded/lib"} 25 | command "make install" 26 | 27 | command "mkdir -p /var/log/graylog/nginx" 28 | end 29 | -------------------------------------------------------------------------------- /config/software/ohai.rb: -------------------------------------------------------------------------------- 1 | name "ohai" 2 | default_version "8.10.0" 3 | 4 | dependency "ruby" 5 | dependency "rubygems" 6 | dependency "libffi" 7 | 8 | build do 9 | gem "install ffi-yajl -n #{install_dir}/embedded/bin --no-rdoc --no-ri -v 2.3.0" 10 | gem "install mixlib-shellout -n #{install_dir}/embedded/bin --no-rdoc --no-ri -v 2.2.7" 11 | gem "install mixlib-config -n #{install_dir}/embedded/bin --no-rdoc --no-ri -v 2.2.4" 12 | gem "install mixlib-log -n #{install_dir}/embedded/bin --no-rdoc --no-ri -v 1.7.1" 13 | gem "install ohai -n #{install_dir}/embedded/bin --no-rdoc --no-ri -v #{version}" 14 | end 15 | -------------------------------------------------------------------------------- /config/software/openssl.rb: -------------------------------------------------------------------------------- 1 | name "openssl" 2 | 3 | dependency "zlib" 4 | dependency "cacerts" 5 | dependency "libgcc" 6 | dependency "makedepend" 7 | 8 | 9 | default_version "1.0.2k" 10 | 11 | source url: "https://www.openssl.org/source/openssl-#{version}.tar.gz" 12 | 13 | version("1.0.2k") { source md5: "f965fc0bf01bf882b31314b61391ae65" } 14 | 15 | relative_path "openssl-#{version}" 16 | 17 | build do 18 | env = case Ohai['platform'] 19 | when "mac_os_x" 20 | { 21 | "CFLAGS" => "-arch x86_64 -m64 -L#{install_dir}/embedded/lib -I#{install_dir}/embedded/include -I#{install_dir}/embedded/include/ncurses", 22 | "LDFLAGS" => "-arch x86_64 -R#{install_dir}/embedded/lib -L#{install_dir}/embedded/lib -I#{install_dir}/embedded/include -I#{install_dir}/embedded/include/ncurses" 23 | } 24 | when "aix" 25 | { 26 | "CC" => "xlc -q64", 27 | "CXX" => "xlC -q64", 28 | "LD" => "ld -b64", 29 | "CFLAGS" => "-q64 -I#{install_dir}/embedded/include -O", 30 | "CXXFLAGS" => "-q64 -I#{install_dir}/embedded/include -O", 31 | "LDFLAGS" => "-q64 -L#{install_dir}/embedded/lib -Wl,-blibpath:#{install_dir}/embedded/lib:/usr/lib:/lib", 32 | "OBJECT_MODE" => "64", 33 | "AR" => "/usr/bin/ar", 34 | "ARFLAGS" => "-X64 cru", 35 | "M4" => "/opt/freeware/bin/m4", 36 | } 37 | when "solaris2" 38 | { 39 | "CFLAGS" => "-L#{install_dir}/embedded/lib -I#{install_dir}/embedded/include", 40 | "LDFLAGS" => "-R#{install_dir}/embedded/lib -L#{install_dir}/embedded/lib -I#{install_dir}/embedded/include -static-libgcc", 41 | "LD_OPTIONS" => "-R#{install_dir}/embedded/lib" 42 | } 43 | else 44 | { 45 | "CFLAGS" => "-I#{install_dir}/embedded/include", 46 | "LDFLAGS" => "-Wl,-rpath,#{install_dir}/embedded/lib -L#{install_dir}/embedded/lib" 47 | } 48 | end 49 | 50 | common_args = [ 51 | "--prefix=#{install_dir}/embedded", 52 | "--with-zlib-lib=#{install_dir}/embedded/lib", 53 | "--with-zlib-include=#{install_dir}/embedded/include", 54 | "no-idea", 55 | "no-mdc2", 56 | "no-rc5", 57 | "zlib", 58 | "shared", 59 | ].join(" ") 60 | 61 | configure_command = case Ohai['platform'] 62 | when "aix" 63 | ["perl", "./Configure", 64 | "aix64-cc", 65 | common_args, 66 | "-L#{install_dir}/embedded/lib", 67 | "-I#{install_dir}/embedded/include", 68 | "-Wl,-blibpath:#{install_dir}/embedded/lib:/usr/lib:/lib"].join(" ") 69 | when "mac_os_x" 70 | ["./Configure", 71 | "darwin64-x86_64-cc", 72 | common_args, 73 | ].join(" ") 74 | when "smartos" 75 | ["/bin/bash ./Configure", 76 | "solaris64-x86_64-gcc", 77 | common_args, 78 | "-L#{install_dir}/embedded/lib", 79 | "-I#{install_dir}/embedded/include", 80 | "-R#{install_dir}/embedded/lib", 81 | "-static-libgcc"].join(" ") 82 | when "solaris2" 83 | if Config.solaris_compiler == "gcc" 84 | if architecture == "sparc" 85 | ["/bin/sh ./Configure", 86 | "solaris-sparcv9-gcc", 87 | common_args, 88 | "-L#{install_dir}/embedded/lib", 89 | "-I#{install_dir}/embedded/include", 90 | "-R#{install_dir}/embedded/lib", 91 | "-static-libgcc"].join(" ") 92 | else 93 | # This should not require a /bin/sh, but without it we get 94 | # Errno::ENOEXEC: Exec format error 95 | ["/bin/sh ./Configure", 96 | "solaris-x86-gcc", 97 | common_args, 98 | "-L#{install_dir}/embedded/lib", 99 | "-I#{install_dir}/embedded/include", 100 | "-R#{install_dir}/embedded/lib", 101 | "-static-libgcc"].join(" ") 102 | end 103 | else 104 | raise "sorry, we don't support building openssl on non-gcc solaris builds right now." 105 | end 106 | else 107 | ["./config", 108 | common_args, 109 | "disable-gost", # fixes build on linux, but breaks solaris 110 | "-L#{install_dir}/embedded/lib", 111 | "-I#{install_dir}/embedded/include", 112 | "-Wl,-rpath,#{install_dir}/embedded/lib"].join(" ") 113 | end 114 | 115 | # openssl build process uses a `makedepend` tool that we build inside the bundle. 116 | env["PATH"] = "#{install_dir}/embedded/bin" + File::PATH_SEPARATOR + ENV["PATH"] 117 | 118 | # @todo: move into omnibus-ruby 119 | has_gmake = system("gmake --version") 120 | 121 | if has_gmake 122 | env.merge!({'MAKE' => 'gmake'}) 123 | make_binary = 'gmake' 124 | else 125 | make_binary = 'make' 126 | end 127 | 128 | command configure_command, :env => env 129 | command "#{make_binary} depend", :env => env 130 | # make -j N on openssl is not reliable 131 | command "#{make_binary}", :env => env 132 | command "#{make_binary} install", :env => env 133 | end 134 | -------------------------------------------------------------------------------- /config/software/pcre.rb: -------------------------------------------------------------------------------- 1 | name "pcre" 2 | default_version "8.41" 3 | 4 | dependency "libedit" 5 | dependency "ncurses" 6 | 7 | source :url => "ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.41.tar.gz", 8 | :md5 => "2e7896647ee25799cb454fe287ffcd08" 9 | 10 | relative_path "pcre-8.41" 11 | 12 | configure_env = { 13 | "CFLAGS" => "-L#{install_dir}/embedded/lib -I#{install_dir}/embedded/include" 14 | } 15 | 16 | build do 17 | command ["./configure", 18 | "--prefix=#{install_dir}/embedded", 19 | "--enable-pcretest-libedit"].join(" "), :env => configure_env 20 | command("make -j #{max_build_jobs}", 21 | :env => { 22 | "PATH" => "#{install_dir}/embedded/bin:#{ENV["PATH"]}" 23 | }) 24 | command "make install" 25 | end 26 | 27 | -------------------------------------------------------------------------------- /config/software/popt.rb: -------------------------------------------------------------------------------- 1 | name "popt" 2 | default_version "1.16" 3 | 4 | source :url => "ftp://anduin.linuxfromscratch.org/BLFS/popt/popt-1.16.tar.gz", 5 | :md5 => "3743beefa3dd6247a73f8f7a32c14c33" 6 | 7 | relative_path "popt-1.16" 8 | 9 | env = 10 | case Ohai['platform'] 11 | when "solaris2" 12 | { 13 | "LDFLAGS" => "-L#{install_dir}/embedded/lib -I#{install_dir}/embedded/include", 14 | "CFLAGS" => "-L#{install_dir}/embedded/lib -I#{install_dir}/embedded/include", 15 | "LD_RUN_PATH" => "#{install_dir}/embedded/lib" 16 | } 17 | else 18 | { 19 | "LDFLAGS" => "-L#{install_dir}/embedded/lib -I#{install_dir}/embedded/include", 20 | "CFLAGS" => "-L#{install_dir}/embedded/lib -I#{install_dir}/embedded/include", 21 | "LD_RUN_PATH" => "#{install_dir}/embedded/lib" 22 | } 23 | end 24 | 25 | build do 26 | # --disable-nls => Disable localization support. 27 | command "./configure --prefix=#{install_dir}/embedded --disable-nls", :env => env 28 | command "make -j #{max_build_jobs}", :env => env 29 | command "make install" 30 | end 31 | -------------------------------------------------------------------------------- /config/software/post-install.rb: -------------------------------------------------------------------------------- 1 | name "post-install" 2 | 3 | source :path => File.expand_path("files", RbConfig::CONFIG['project_root']) 4 | 5 | build do 6 | mkdir "#{install_dir}/embedded/share/docker" 7 | copy "#{project_dir}/docker/docker_environment", "#{install_dir}/embedded/share/docker/" 8 | copy "#{project_dir}/docker/run_graylogctl", "#{install_dir}/embedded/share/docker/" 9 | copy "#{project_dir}/docker/my_init", "#{install_dir}/embedded/share/docker/" 10 | copy "#{project_dir}/data/contentpacks/content_pack_appliance.json", "#{install_dir}/contentpacks/" 11 | end 12 | -------------------------------------------------------------------------------- /config/software/prepare.rb: -------------------------------------------------------------------------------- 1 | name "prepare" 2 | 3 | build do 4 | mkdir "#{install_dir}/conf" 5 | mkdir "#{install_dir}/embedded/share/graylog" 6 | end 7 | -------------------------------------------------------------------------------- /config/software/rsync.rb: -------------------------------------------------------------------------------- 1 | name "rsync" 2 | default_version "3.1.2" 3 | 4 | dependency "popt" 5 | 6 | version "3.1.2" do 7 | source md5: "0f758d7e000c0f7f7d3792610fad70cb" 8 | end 9 | 10 | source url: "https://rsync.samba.org/ftp/rsync/src/rsync-#{version}.tar.gz" 11 | 12 | relative_path "rsync-#{version}" 13 | env = with_standard_compiler_flags() 14 | 15 | build do 16 | command "./configure" \ 17 | " --prefix=#{install_dir}/embedded" \ 18 | " --disable-iconv", :env => env 19 | 20 | command "make -j #{workers} ", :env => env 21 | command "make install", :env => env 22 | end 23 | -------------------------------------------------------------------------------- /config/software/zlib.rb: -------------------------------------------------------------------------------- 1 | name "zlib" 2 | default_version "1.2.11" 3 | 4 | version "1.2.11" do 5 | source md5: "1c9f62f0778697a09d36121ead88e08e" 6 | end 7 | 8 | source url: "http://zlib.net/zlib-#{version}.tar.gz" 9 | 10 | relative_path "zlib-#{version}" 11 | 12 | # we omit the omnibus path here because it breaks mac_os_x builds by picking up the embedded libtool 13 | # instead of the system libtool which the zlib configure script cannot handle. 14 | #env = with_embedded_path() 15 | env = with_standard_compiler_flags() 16 | # for some reason zlib needs this flag on solaris (cargocult warning?) 17 | env['CFLAGS'] << " -DNO_VIZ" if Ohai['platform'] == 'solaris2' 18 | 19 | build do 20 | command "./configure --prefix=#{install_dir}/embedded", :env => env 21 | command "make -j #{max_build_jobs}", :env => env 22 | command "make -j #{max_build_jobs} install", :env => env 23 | end 24 | -------------------------------------------------------------------------------- /files/docker/docker_environment: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # set ulimits 4 | 5 | ulimit -c 0 6 | ulimit -d unlimited 7 | ulimit -e 0 8 | ulimit -f unlimited 9 | ulimit -l 64 10 | ulimit -m unlimited 11 | # WARNING: increasing the global file descriptor limit increases RAM consumption on startup dramatically 12 | ulimit -n 64000 13 | ulimit -q 819200 14 | ulimit -r 0 15 | ulimit -s 10240 16 | ulimit -t unlimited 17 | ulimit -v unlimited 18 | ulimit -x unlimited 19 | 20 | umask 022 21 | -------------------------------------------------------------------------------- /files/docker/run_graylogctl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | if [ ! -z "$GRAYLOG_PASSWORD" ]; then 5 | graylog-ctl set-admin-password $GRAYLOG_PASSWORD 6 | fi 7 | if [ ! -z "$GRAYLOG_USERNAME" ]; then 8 | graylog-ctl set-admin-username $GRAYLOG_USERNAME 9 | fi 10 | if [ ! -z "$GRAYLOG_TIMEZONE" ]; then 11 | graylog-ctl set-timezone $GRAYLOG_TIMEZONE 12 | fi 13 | if [ ! -z "$GRAYLOG_SMTP_SERVER" ]; then 14 | graylog-ctl set-email-config $GRAYLOG_SMTP_SERVER 15 | fi 16 | if [ ! -z "$GRAYLOG_RETENTION" ]; then 17 | graylog-ctl set-retention $GRAYLOG_RETENTION 18 | fi 19 | if [ ! -z "$GRAYLOG_NODE_ID" ]; then 20 | graylog-ctl set-node-id $GRAYLOG_NODE_ID 21 | fi 22 | if [ ! -z "$GRAYLOG_SERVER_SECRET" ]; then 23 | graylog-ctl set-server-secret $GRAYLOG_SERVER_SECRET 24 | fi 25 | if [ ! -z "$GRAYLOG_MASTER" ]; then 26 | graylog-ctl set-cluster-master $GRAYLOG_MASTER 27 | elif [ ! -z "$GRAYLOG_SERVER" ]; then 28 | graylog-ctl reconfigure-as-backend 29 | else 30 | graylog-ctl local-connect && graylog-ctl reconfigure 31 | fi 32 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/apt/attributes/default.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: apt 3 | # Attributes:: default 4 | # 5 | # Copyright 2009-2013, Chef Software, Inc. 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | default['apt']['cacher-client']['restrict_environment'] = false 21 | default['apt']['cacher_dir'] = '/var/cache/apt-cacher-ng' 22 | default['apt']['cacher_interface'] = nil 23 | default['apt']['cacher_port'] = 3142 24 | default['apt']['cacher_ssl_support'] = false 25 | default['apt']['caching_server'] = false 26 | default['apt']['compiletime'] = false 27 | default['apt']['compile_time_update'] = false 28 | default['apt']['key_proxy'] = '' 29 | default['apt']['cache_bypass'] = {} 30 | default['apt']['periodic_update_min_delay'] = 86_400 31 | default['apt']['launchpad_api_version'] = '1.0' 32 | default['apt']['unattended_upgrades']['enable'] = false 33 | default['apt']['unattended_upgrades']['update_package_lists'] = true 34 | # this needs a good default 35 | codename = node.attribute?('lsb') ? node['lsb']['codename'] : 'notlinux' 36 | default['apt']['unattended_upgrades']['allowed_origins'] = [ 37 | "#{node['platform'].capitalize} #{codename}" 38 | ] 39 | default['apt']['unattended_upgrades']['package_blacklist'] = [] 40 | default['apt']['unattended_upgrades']['auto_fix_interrupted_dpkg'] = false 41 | default['apt']['unattended_upgrades']['minimal_steps'] = false 42 | default['apt']['unattended_upgrades']['install_on_shutdown'] = false 43 | default['apt']['unattended_upgrades']['mail'] = nil 44 | default['apt']['unattended_upgrades']['mail_only_on_error'] = true 45 | default['apt']['unattended_upgrades']['remove_unused_dependencies'] = false 46 | default['apt']['unattended_upgrades']['automatic_reboot'] = false 47 | default['apt']['unattended_upgrades']['automatic_reboot_time'] = 'now' 48 | default['apt']['unattended_upgrades']['dl_limit'] = nil 49 | 50 | default['apt']['confd']['install_recommends'] = true 51 | default['apt']['confd']['install_suggests'] = false 52 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/apt/files/default/15update-stamp: -------------------------------------------------------------------------------- 1 | APT::Update::Post-Invoke-Success {"touch /var/lib/apt/periodic/update-success-stamp 2>/dev/null || true";}; 2 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/apt/files/default/apt-proxy-v2.conf: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | ;; All times are in seconds, but you can add a suffix 3 | ;; for minutes(m), hours(h) or days(d) 4 | 5 | ;; commented out address so apt-proxy will listen on all IPs 6 | ;; address = 127.0.0.1 7 | port = 9999 8 | cache_dir = /var/cache/apt-proxy 9 | 10 | ;; Control files (Packages/Sources/Contents) refresh rate 11 | min_refresh_delay = 1s 12 | complete_clientless_downloads = 1 13 | 14 | ;; Debugging settings. 15 | debug = all:4 db:0 16 | 17 | time = 30 18 | passive_ftp = on 19 | 20 | ;;-------------------------------------------------------------- 21 | ;; Cache housekeeping 22 | 23 | cleanup_freq = 1d 24 | max_age = 120d 25 | max_versions = 3 26 | 27 | ;;--------------------------------------------------------------- 28 | ;; Backend servers 29 | ;; 30 | ;; Place each server in its own [section] 31 | 32 | [ubuntu] 33 | ; Ubuntu archive 34 | backends = 35 | http://us.archive.ubuntu.com/ubuntu 36 | 37 | [ubuntu-security] 38 | ; Ubuntu security updates 39 | backends = http://security.ubuntu.com/ubuntu 40 | 41 | [debian] 42 | ;; Backend servers, in order of preference 43 | backends = 44 | http://debian.osuosl.org/debian/ 45 | 46 | [security] 47 | ;; Debian security archive 48 | backends = 49 | http://security.debian.org/debian-security 50 | http://ftp2.de.debian.org/debian-security 51 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/apt/libraries/helpers.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: apt 3 | # Library:: helpers 4 | # 5 | # Copyright 2013 Chef Software, Inc. 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | module Apt 21 | # Helpers for apt 22 | module Helpers 23 | # Determines if apt is installed on a system. 24 | # 25 | # @return [Boolean] 26 | def apt_installed? 27 | !which('apt-get').nil? 28 | end 29 | 30 | # Determines whether we need to run `apt-get update` 31 | # 32 | # @return [Boolean] 33 | def apt_up_to_date? 34 | if ::File.exist?('/var/lib/apt/periodic/update-success-stamp') && 35 | ::File.mtime('/var/lib/apt/periodic/update-success-stamp') > Time.now - node['apt']['periodic_update_min_delay'] 36 | true 37 | else 38 | false 39 | end 40 | end 41 | 42 | # Finds a command in $PATH 43 | # 44 | # @return [String, nil] 45 | def which(cmd) 46 | ENV['PATH'] = '' if ENV['PATH'].nil? 47 | paths = (ENV['PATH'].split(::File::PATH_SEPARATOR) + %w(/bin /usr/bin /sbin /usr/sbin)) 48 | 49 | paths.each do |path| 50 | possible = File.join(path, cmd) 51 | return possible if File.executable?(possible) 52 | end 53 | 54 | nil 55 | end 56 | end 57 | end 58 | 59 | Chef::Recipe.send(:include, ::Apt::Helpers) 60 | Chef::Resource.send(:include, ::Apt::Helpers) 61 | Chef::Provider.send(:include, ::Apt::Helpers) 62 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/apt/libraries/matchers.rb: -------------------------------------------------------------------------------- 1 | if defined?(ChefSpec) 2 | def add_apt_preference(resource_name) 3 | ChefSpec::Matchers::ResourceMatcher.new(:apt_preference, :add, resource_name) 4 | end 5 | 6 | def remove_apt_preference(resource_name) 7 | ChefSpec::Matchers::ResourceMatcher.new(:apt_preference, :remove, resource_name) 8 | end 9 | 10 | def add_apt_repository(resource_name) 11 | ChefSpec::Matchers::ResourceMatcher.new(:apt_repository, :add, resource_name) 12 | end 13 | 14 | def remove_apt_repository(resource_name) 15 | ChefSpec::Matchers::ResourceMatcher.new(:apt_repository, :remove, resource_name) 16 | end 17 | end 18 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/apt/libraries/network.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: apt 3 | # library:: network 4 | # 5 | # Copyright 2013, Chef Software, Inc. 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | module ::Apt 21 | def interface_ipaddress(host, interface) 22 | if interface 23 | addresses = host['network']['interfaces'][interface]['addresses'] 24 | addresses.select do |ip, data| 25 | return ip if data['family'].eql?('inet') 26 | end 27 | else 28 | return host.ipaddress 29 | end 30 | end 31 | end 32 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/apt/metadata.json: -------------------------------------------------------------------------------- 1 | {"name":"apt","version":"2.9.2","description":"Configures apt and apt services. Ships resources for managing apt repositories","long_description":"","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache 2.0","platforms":{"ubuntu":">= 0.0.0","debian":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{"apt::default":"Runs apt-get update during compile phase and sets up preseed directories","apt::cacher-ng":"Set up an apt-cacher-ng caching proxy","apt::cacher-client":"Client for the apt::cacher-ng caching proxy"}} -------------------------------------------------------------------------------- /files/graylog-cookbooks/apt/providers/preference.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: apt 3 | # Provider:: preference 4 | # 5 | # Copyright 2010-2011, Chef Software, Inc. 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | use_inline_resources if defined?(use_inline_resources) 21 | 22 | def whyrun_supported? 23 | true 24 | end 25 | 26 | # Build preferences.d file contents 27 | def build_pref(package_name, pin, pin_priority) 28 | "Package: #{package_name}\nPin: #{pin}\nPin-Priority: #{pin_priority}\n" 29 | end 30 | 31 | def safe_name(name) 32 | name.tr('.', '_').gsub('*', 'wildcard') 33 | end 34 | 35 | action :add do 36 | preference = build_pref( 37 | new_resource.glob || new_resource.package_name, 38 | new_resource.pin, 39 | new_resource.pin_priority 40 | ) 41 | 42 | directory '/etc/apt/preferences.d' do 43 | owner 'root' 44 | group 'root' 45 | mode 00755 46 | recursive true 47 | action :create 48 | end 49 | 50 | name = safe_name(new_resource.name) 51 | 52 | file "/etc/apt/preferences.d/#{new_resource.name}.pref" do 53 | action :delete 54 | if ::File.exist?("/etc/apt/preferences.d/#{new_resource.name}.pref") 55 | Chef::Log.warn "Replacing #{new_resource.name}.pref with #{name}.pref in /etc/apt/preferences.d/" 56 | end 57 | only_if { name != new_resource.name } 58 | end 59 | 60 | file "/etc/apt/preferences.d/#{new_resource.name}" do 61 | action :delete 62 | if ::File.exist?("/etc/apt/preferences.d/#{new_resource.name}") 63 | Chef::Log.warn "Replacing #{new_resource.name} with #{new_resource.name}.pref in /etc/apt/preferences.d/" 64 | end 65 | end 66 | 67 | file "/etc/apt/preferences.d/#{name}.pref" do 68 | owner 'root' 69 | group 'root' 70 | mode 00644 71 | content preference 72 | action :create 73 | end 74 | end 75 | 76 | action :remove do 77 | name = safe_name(new_resource.name) 78 | if ::File.exist?("/etc/apt/preferences.d/#{name}.pref") 79 | Chef::Log.info "Un-pinning #{name} from /etc/apt/preferences.d/" 80 | file "/etc/apt/preferences.d/#{name}.pref" do 81 | action :delete 82 | end 83 | end 84 | end 85 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/apt/recipes/cacher-client.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: apt 3 | # Recipe:: cacher-client 4 | # 5 | # Copyright 2011-2013 Chef Software, Inc. 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | class ::Chef::Recipe 21 | include ::Apt 22 | end 23 | 24 | # remove Acquire::http::Proxy lines from /etc/apt/apt.conf since we use 01proxy 25 | # these are leftover from preseed installs 26 | execute 'Remove proxy from /etc/apt/apt.conf' do 27 | command "sed --in-place '/^Acquire::http::Proxy/d' /etc/apt/apt.conf" 28 | only_if 'grep Acquire::http::Proxy /etc/apt/apt.conf' 29 | end 30 | 31 | servers = [] 32 | if node['apt'] 33 | if node['apt']['cacher_ipaddress'] 34 | cacher = Chef::Node.new 35 | cacher.default.name = node['apt']['cacher_ipaddress'] 36 | cacher.default.ipaddress = node['apt']['cacher_ipaddress'] 37 | cacher.default.apt.cacher_port = node['apt']['cacher_port'] 38 | cacher.default.apt.cacher_interface = node['apt']['cacher_interface'] 39 | cacher.default.apt.cacher_ssl_support = node['apt']['cacher_ssl_support'] 40 | servers << cacher 41 | elsif node['apt']['caching_server'] 42 | node.override['apt']['compiletime'] = false 43 | servers << node 44 | end 45 | end 46 | 47 | unless Chef::Config[:solo] || servers.length > 0 48 | query = 'apt_caching_server:true' 49 | query += " AND chef_environment:#{node.chef_environment}" if node['apt']['cacher-client']['restrict_environment'] 50 | Chef::Log.debug("apt::cacher-client searching for '#{query}'") 51 | servers += search(:node, query) 52 | end 53 | 54 | if servers.length > 0 55 | Chef::Log.info("apt-cacher-ng server found on #{servers[0]}.") 56 | if servers[0]['apt']['cacher_interface'] 57 | cacher_ipaddress = interface_ipaddress(servers[0], servers[0]['apt']['cacher_interface']) 58 | else 59 | cacher_ipaddress = servers[0].ipaddress 60 | end 61 | t = template '/etc/apt/apt.conf.d/01proxy' do 62 | source '01proxy.erb' 63 | owner 'root' 64 | group 'root' 65 | mode 00644 66 | variables( 67 | proxy: cacher_ipaddress, 68 | port: servers[0]['apt']['cacher_port'], 69 | proxy_ssl: servers[0]['apt']['cacher_ssl_support'], 70 | bypass: node['apt']['cache_bypass'] 71 | ) 72 | action(node['apt']['compiletime'] ? :nothing : :create) 73 | notifies :run, 'execute[apt-get update]', :immediately 74 | end 75 | t.run_action(:create) if node['apt']['compiletime'] 76 | else 77 | Chef::Log.info('No apt-cacher-ng server found.') 78 | file '/etc/apt/apt.conf.d/01proxy' do 79 | action :delete 80 | end 81 | end 82 | 83 | include_recipe 'apt::default' 84 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/apt/recipes/cacher-ng.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: apt 3 | # Recipe:: cacher-ng 4 | # 5 | # Copyright 2008-2013, Chef Software, Inc. 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the 'License'); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an 'AS IS' BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | node.set['apt']['caching_server'] = true 21 | 22 | package 'apt-cacher-ng' do 23 | action :install 24 | end 25 | 26 | directory node['apt']['cacher_dir'] do 27 | owner 'apt-cacher-ng' 28 | group 'apt-cacher-ng' 29 | mode 0755 30 | end 31 | 32 | template '/etc/apt-cacher-ng/acng.conf' do 33 | source 'acng.conf.erb' 34 | owner 'root' 35 | group 'root' 36 | mode 00644 37 | notifies :restart, 'service[apt-cacher-ng]', :immediately 38 | end 39 | 40 | service 'apt-cacher-ng' do 41 | supports restart: true, status: false 42 | action [:enable, :start] 43 | end 44 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/apt/recipes/default.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: apt 3 | # Recipe:: default 4 | # 5 | # Copyright 2008-2013, Chef Software, Inc. 6 | # Copyright 2009, Bryan McLellan 7 | # 8 | # Licensed under the Apache License, Version 2.0 (the 'License'); 9 | # you may not use this file except in compliance with the License. 10 | # You may obtain a copy of the License at 11 | # 12 | # http://www.apache.org/licenses/LICENSE-2.0 13 | # 14 | # Unless required by applicable law or agreed to in writing, software 15 | # distributed under the License is distributed on an 'AS IS' BASIS, 16 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | # See the License for the specific language governing permissions and 18 | # limitations under the License. 19 | # 20 | 21 | # On systems where apt is not installed, the resources in this recipe are not 22 | # executed. However, they _must_ still be present in the resource collection 23 | # or other cookbooks which notify these resources will fail on non-apt-enabled 24 | # systems. 25 | 26 | Chef::Log.debug 'apt is not installed. Apt-specific resources will not be executed.' unless apt_installed? 27 | 28 | first_run_file = File.join(Chef::Config[:file_cache_path], 'apt_compile_time_update_first_run') 29 | 30 | file '/var/lib/apt/periodic/update-success-stamp' do 31 | owner 'root' 32 | group 'root' 33 | only_if { apt_installed? } 34 | action :nothing 35 | end 36 | 37 | # If compile_time_update run apt-get update at compile time 38 | if node['apt']['compile_time_update'] && (!apt_up_to_date? || !::File.exist?(first_run_file)) 39 | e = bash 'apt-get-update at compile time' do 40 | code <<-EOH 41 | apt-get update 42 | touch #{first_run_file} 43 | EOH 44 | ignore_failure true 45 | only_if { apt_installed? } 46 | action :nothing 47 | notifies :touch, 'file[/var/lib/apt/periodic/update-success-stamp]', :immediately 48 | end 49 | e.run_action(:run) 50 | end 51 | 52 | # Updates 'apt-get update' timestamp after each update success 53 | directory '/etc/apt/apt.conf.d' do 54 | recursive true 55 | end 56 | 57 | cookbook_file '/etc/apt/apt.conf.d/15update-stamp' do 58 | source '15update-stamp' 59 | end 60 | 61 | # For other recipes to call to force an update 62 | execute 'apt-get update' do 63 | command 'apt-get update' 64 | ignore_failure true 65 | only_if { apt_installed? } 66 | action :nothing 67 | notifies :touch, 'file[/var/lib/apt/periodic/update-success-stamp]', :immediately 68 | end 69 | 70 | # Automatically remove packages that are no longer needed for dependencies 71 | execute 'apt-get autoremove' do 72 | command 'apt-get -y autoremove' 73 | only_if { apt_installed? } 74 | action :nothing 75 | end 76 | 77 | # Automatically remove .deb files for packages no longer on your system 78 | execute 'apt-get autoclean' do 79 | command 'apt-get -y autoclean' 80 | only_if { apt_installed? } 81 | action :nothing 82 | end 83 | 84 | execute 'apt-get-update-periodic' do 85 | command 'apt-get update' 86 | ignore_failure true 87 | timeout 90 88 | only_if { apt_installed? } 89 | not_if { apt_up_to_date? } 90 | notifies :touch, 'file[/var/lib/apt/periodic/update-success-stamp]', :immediately 91 | end 92 | 93 | %w(/var/cache/local /var/cache/local/preseeding).each do |dirname| 94 | directory dirname do 95 | owner 'root' 96 | group 'root' 97 | mode 00755 98 | action :create 99 | only_if { apt_installed? } 100 | end 101 | end 102 | 103 | template '/etc/apt/apt.conf.d/10recommends' do 104 | owner 'root' 105 | group 'root' 106 | mode '644' 107 | source '10recommends.erb' 108 | end 109 | 110 | package 'apt-transport-https' do 111 | only_if { apt_installed? } 112 | action :install 113 | end 114 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/apt/recipes/unattended-upgrades.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: apt 3 | # Recipe:: unattended-upgrades 4 | # 5 | # Copyright 2014, Chef Software, Inc. 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the 'License'); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an 'AS IS' BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | # On systems where apt is not installed, the resources in this recipe are not 21 | # executed. However, they _must_ still be present in the resource collection 22 | # or other cookbooks which notify these resources will fail on non-apt-enabled 23 | # systems. 24 | # 25 | 26 | package 'unattended-upgrades' do 27 | response_file 'unattended-upgrades.seed.erb' 28 | action :install 29 | end 30 | 31 | package 'bsd-mailx' do 32 | only_if { node['apt']['unattended_upgrades']['mail'] } 33 | end 34 | 35 | template '/etc/apt/apt.conf.d/20auto-upgrades' do 36 | owner 'root' 37 | group 'root' 38 | mode '644' 39 | source '20auto-upgrades.erb' 40 | end 41 | 42 | template '/etc/apt/apt.conf.d/50unattended-upgrades' do 43 | owner 'root' 44 | group 'root' 45 | mode '644' 46 | source '50unattended-upgrades.erb' 47 | end 48 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/apt/resources/preference.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: apt 3 | # Resource:: preference 4 | # 5 | # Copyright 2010-2013, Chef Software, Inc. 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | actions :add, :remove 21 | default_action :add if defined?(default_action) # Chef > 10.8 22 | 23 | # Needed for Chef versions < 0.10.10 24 | def initialize(*args) 25 | super 26 | @action = :add 27 | end 28 | 29 | state_attrs :glob, 30 | :package_name, 31 | :pin, 32 | :pin_priority 33 | 34 | attribute :package_name, kind_of: String, name_attribute: true, regex: [/^([a-z]|[A-Z]|[0-9]|_|-|\.|\*)+$/] 35 | attribute :glob, kind_of: String 36 | attribute :pin, kind_of: String 37 | attribute :pin_priority, kind_of: String 38 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/apt/resources/repository.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: apt 3 | # Resource:: repository 4 | # 5 | # Copyright 2010-2013, Chef Software, Inc. 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | actions :add, :remove 21 | default_action :add if defined?(default_action) # Chef > 10.8 22 | 23 | # Needed for Chef versions < 0.10.10 24 | def initialize(*args) 25 | super 26 | @action = :add 27 | end 28 | 29 | state_attrs :arch, 30 | :cache_rebuild, 31 | :components, 32 | :cookbook, 33 | :deb_src, 34 | :distribution, 35 | :key, 36 | :keyserver, 37 | :key_proxy, 38 | :repo_name, 39 | :trusted, 40 | :uri, 41 | :sensitive 42 | 43 | # name of the repo, used for source.list filename 44 | attribute :repo_name, kind_of: String, name_attribute: true, regex: [/^([a-z]|[A-Z]|[0-9]|_|-|\.)+$/] 45 | attribute :uri, kind_of: String 46 | attribute :distribution, kind_of: String 47 | attribute :components, kind_of: Array, default: [] 48 | attribute :arch, kind_of: String, default: nil 49 | attribute :trusted, kind_of: [TrueClass, FalseClass], default: false 50 | # whether or not to add the repository as a source repo as well 51 | attribute :deb_src, default: false 52 | attribute :keyserver, kind_of: String, default: nil 53 | attribute :key, kind_of: String, default: nil 54 | attribute :key_proxy, kind_of: String, default: node['apt']['key_proxy'] 55 | attribute :cookbook, kind_of: String, default: nil 56 | # trigger cache rebuild 57 | # If not you can trigger in the recipe itself after checking the status of resource.updated{_by_last_action}? 58 | attribute :cache_rebuild, kind_of: [TrueClass, FalseClass], default: true 59 | # Hide content of the source file, don't show output for commands being run, etc. 60 | attribute :sensitive, kind_of: [TrueClass, FalseClass], default: false 61 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/apt/templates/default/01proxy.erb: -------------------------------------------------------------------------------- 1 | Acquire::http::Proxy "http://<%= @proxy %>:<%= @port %>"; 2 | <% if @proxy_ssl %> 3 | Acquire::https::Proxy "http://<%= @proxy %>:<%= @port %>"; 4 | <% else %> 5 | Acquire::https::Proxy "DIRECT"; 6 | <% end %> 7 | <% @bypass.each do |bypass, type| %> 8 | Acquire::<%= type %>::Proxy::<%= bypass %> "DIRECT"; 9 | <% end %> 10 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/apt/templates/default/10recommends.erb: -------------------------------------------------------------------------------- 1 | # Managed by Chef 2 | APT::Install-Recommends "<%= node['apt']['confd']['install_recommends'] ? 1 : 0 %>"; 3 | APT::Install-Suggests "<%= node['apt']['confd']['install_suggests'] ? 1 : 0 %>"; 4 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/apt/templates/default/20auto-upgrades.erb: -------------------------------------------------------------------------------- 1 | APT::Periodic::Update-Package-Lists "<%= node['apt']['unattended_upgrades']['update_package_lists'] ? 1 : 0 %>"; 2 | APT::Periodic::Unattended-Upgrade "<%= node['apt']['unattended_upgrades']['enable'] ? 1 : 0 %>"; 3 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/apt/templates/default/50unattended-upgrades.erb: -------------------------------------------------------------------------------- 1 | // Automatically upgrade packages from these (origin:archive) pairs 2 | Unattended-Upgrade::Allowed-Origins { 3 | <% unless node['apt']['unattended_upgrades']['allowed_origins'].empty? -%> 4 | <% node['apt']['unattended_upgrades']['allowed_origins'].each do |origin| -%> 5 | "<%= origin %>"; 6 | <% end -%> 7 | <% end -%> 8 | }; 9 | 10 | 11 | // List of packages to not update 12 | Unattended-Upgrade::Package-Blacklist { 13 | <% unless node['apt']['unattended_upgrades']['package_blacklist'].empty? -%> 14 | <% node['apt']['unattended_upgrades']['package_blacklist'].each do |package| -%> 15 | "<%= package %>"; 16 | <% end -%> 17 | <% end -%> 18 | }; 19 | 20 | // This option allows you to control if on a unclean dpkg exit 21 | // unattended-upgrades will automatically run 22 | // dpkg --force-confold --configure -a 23 | // The default is true, to ensure updates keep getting installed 24 | Unattended-Upgrade::AutoFixInterruptedDpkg "<%= node['apt']['unattended_upgrades']['auto_fix_interrupted_dpkg'] ? 'true' : 'false' %>"; 25 | 26 | // Split the upgrade into the smallest possible chunks so that 27 | // they can be interrupted with SIGUSR1. This makes the upgrade 28 | // a bit slower but it has the benefit that shutdown while a upgrade 29 | // is running is possible (with a small delay) 30 | Unattended-Upgrade::MinimalSteps "<%= node['apt']['unattended_upgrades']['minimal_steps'] ? 'true' : 'false' %>"; 31 | 32 | // Install all unattended-upgrades when the machine is shuting down 33 | // instead of doing it in the background while the machine is running 34 | // This will (obviously) make shutdown slower 35 | Unattended-Upgrade::InstallOnShutdown "<%= node['apt']['unattended_upgrades']['install_on_shutdown'] ? 'true' : 'false' %>"; 36 | 37 | // Send email to this address for problems or packages upgrades 38 | // If empty or unset then no email is sent, make sure that you 39 | // have a working mail setup on your system. A package that provides 40 | // 'mailx' must be installed. 41 | <% if node['apt']['unattended_upgrades']['mail'] -%> 42 | Unattended-Upgrade::Mail "<%= node['apt']['unattended_upgrades']['mail'] %>"; 43 | <% end -%> 44 | 45 | // Set this value to "true" to get emails only on errors. Default 46 | // is to always send a mail if Unattended-Upgrade::Mail is set 47 | Unattended-Upgrade::MailOnlyOnError "<%= node['apt']['unattended_upgrades']['mail_only_on_error'] ? 'true' : 'false' %>"; 48 | 49 | // Do automatic removal of new unused dependencies after the upgrade 50 | // (equivalent to apt-get autoremove) 51 | Unattended-Upgrade::Remove-Unused-Dependencies "<%= node['apt']['unattended_upgrades']['remove_unused_dependencies'] ? 'true' : 'false' %>"; 52 | 53 | // Automatically reboot *WITHOUT CONFIRMATION* if a 54 | // the file /var/run/reboot-required is found after the upgrade 55 | Unattended-Upgrade::Automatic-Reboot "<%= node['apt']['unattended_upgrades']['automatic_reboot'] ? 'true' : 'false' %>"; 56 | 57 | // If automatic reboot is enabled and needed, reboot at the specific 58 | // time instead of immediately 59 | // Default: "now" 60 | <% if node['apt']['unattended_upgrades']['automatic_reboot'] -%> 61 | Unattended-Upgrade::Automatic-Reboot-Time "<%= node['apt']['unattended_upgrades']['automatic_reboot_time'] %>"; 62 | <% end %> 63 | 64 | // Use apt bandwidth limit feature, this example limits the download 65 | // speed to 70kb/sec 66 | <% if node['apt']['unattended_upgrades']['dl_limit'] -%> 67 | Acquire::http::Dl-Limit "<%= node['apt']['unattended_upgrades']['dl_limit'] %>"; 68 | <% end -%> 69 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/apt/templates/default/unattended-upgrades.seed.erb: -------------------------------------------------------------------------------- 1 | unattended-upgrades unattended-upgrades/enable_auto_updates boolean <%= node['apt']['unattended_upgrades']['enable'] ? 'true' : 'false' %> 2 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/dna.json: -------------------------------------------------------------------------------- 1 | { 2 | "run_list": [ "recipe[apt]", "recipe[graylog]", "recipe[ntp]" ] 3 | } 4 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/libraries/helper.rb: -------------------------------------------------------------------------------- 1 | require 'mixlib/shellout' 2 | 3 | class OmnibusHelper 4 | 5 | def self.should_notify?(service_name) 6 | File.symlink?("/opt/graylog/service/#{service_name}") && service_up?(service_name) 7 | end 8 | 9 | def self.not_listening?(service_name) 10 | File.exists?("/opt/graylog/service/#{service_name}/down") && service_down?(service_name) 11 | end 12 | 13 | def self.service_up?(service_name) 14 | o = Mixlib::ShellOut.new("/opt/graylog/embedded/bin/graylog-ctl status #{service_name}") 15 | o.run_command 16 | o.exitstatus == 0 17 | end 18 | 19 | def self.service_down?(service_name) 20 | o = Mixlib::ShellOut.new("/opt/graylog/embedded/bin/graylog-ctl status #{service_name}") 21 | o.run_command 22 | o.exitstatus == 3 23 | end 24 | 25 | end 26 | 27 | module SingleQuoteHelper 28 | 29 | def single_quote(string) 30 | "'#{string}'" unless string.nil? 31 | end 32 | 33 | end 34 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/libraries/registry.rb: -------------------------------------------------------------------------------- 1 | require 'etcd' 2 | require 'socket' 3 | require 'timeout' 4 | 5 | class GraylogRegistry 6 | attr_reader :node 7 | attr_reader :client 8 | attr_reader :is_master 9 | 10 | def initialize(node) 11 | @node = node 12 | @client = get_connection 13 | end 14 | 15 | def set_master 16 | if @is_master 17 | @client.set('/master', value: node['ipaddress']) 18 | end 19 | end 20 | 21 | def get_master 22 | begin 23 | return @client.get('/master').value 24 | rescue Exception => e 25 | Chef::Log.debug("Can not fetch server list from etcd #{e.message}") 26 | return '127.0.0.1' 27 | end 28 | end 29 | 30 | def add_gl_server(ip) 31 | add_node(ip, 'servers') 32 | end 33 | 34 | def get_gl_servers 35 | servers = get_node_list('servers') 36 | if Graylog['local_connect'] 37 | return ['127.0.0.1'] 38 | elsif servers.empty? 39 | return [@node['ipaddress']] 40 | else 41 | return servers 42 | end 43 | end 44 | 45 | def add_es_node(ip) 46 | add_node(ip, 'elasticsearch') 47 | end 48 | 49 | def get_es_nodes 50 | es_nodes = get_node_list('elasticsearch') 51 | if Graylog['local_connect'] 52 | return ['127.0.0.1'] 53 | elsif es_nodes.empty? 54 | return [@node['ipaddress']] 55 | else 56 | return es_nodes 57 | end 58 | end 59 | 60 | def get_es_host 61 | if Graylog['local_connect'] 62 | return '127.0.0.1' 63 | else 64 | return @node['ipaddress'] 65 | end 66 | end 67 | 68 | private 69 | def get_connection 70 | master = get_master 71 | Etcd.client(host: master, port: 4001) 72 | end 73 | 74 | def get_master 75 | if File.exists?("/etc/graylog/graylog-settings.json") 76 | existing_settings = JSON.parse(File.read("/etc/graylog/graylog-settings.json")) 77 | end 78 | 79 | if existing_settings['master_node'].nil? or 80 | existing_settings['master_node'] == @node['ipaddress'] or 81 | existing_settings['master_node'] == "127.0.0.1" 82 | master = '127.0.0.1' 83 | @is_master = true 84 | else 85 | master = existing_settings['master_node'] 86 | @is_master = false 87 | end 88 | 89 | return master 90 | end 91 | 92 | def add_node(ip, context) 93 | begin 94 | check_connection 95 | @client.set("/#{context}/#{ip}", value: "{\"ip\":\"#{ip}\"}") 96 | rescue Exception => e 97 | Chef::Log.debug("Can not add node #{ip} to directory #{context}") 98 | end 99 | end 100 | 101 | def get_node_list(context) 102 | begin 103 | nodes = [] 104 | @client.get("/#{context}").children.each do |child| 105 | nodes << JSON.parse(child.value)['ip'] 106 | end 107 | return nodes 108 | rescue Exception => e 109 | Chef::Log.debug("Can not fetch node list from etcd #{e.message}") 110 | end 111 | return [] 112 | end 113 | 114 | def check_connection 115 | if not is_port_open?(get_master, 4001) 116 | Chef::Application.fatal!("Can not reach etcd, please check that service is running!") 117 | end 118 | end 119 | 120 | def is_port_open?(ip, port) 121 | begin 122 | Timeout::timeout(30) do 123 | loop { 124 | begin 125 | s = TCPSocket.new(ip, port) 126 | s.close 127 | return true 128 | rescue Errno::ECONNREFUSED, Errno::EHOSTUNREACH 129 | end 130 | Chef::Log.info("Etcd is not running, reconnecting...") 131 | sleep 1 132 | } 133 | end 134 | rescue Timeout::Error 135 | end 136 | 137 | return false 138 | end 139 | end 140 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/metadata.rb: -------------------------------------------------------------------------------- 1 | name "graylog" 2 | maintainer "Marius Sturm" 3 | maintainer_email "hello@torch.sh" 4 | license "Apache 2.0" 5 | description "Install and configure Graylog from Omnibus" 6 | long_description "Install and configure Graylog from Omnibus" 7 | version "0.0.1" 8 | recipe "graylog", "Configures Graylog from Omnibus" 9 | 10 | supports "ubuntu" 11 | 12 | depends "runit" 13 | depends "timezone-ii" 14 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/recipes/authbind.rb: -------------------------------------------------------------------------------- 1 | if platform?("ubuntu", "debian") 2 | directory "/etc/authbind/byport" do 3 | action :create 4 | recursive true 5 | end 6 | 7 | if node['graylog']['authorized_ports'].kind_of?(Array) 8 | node['graylog']['authorized_ports'].each do |authorized_port| 9 | authorized_port = authorized_port.to_s.prepend "!" if authorized_port >= 512 10 | file "/etc/authbind/byport/#{authorized_port}" do 11 | owner node['graylog']['user']['username'] 12 | group node['graylog']['user']['group'] 13 | mode "0550" 14 | action :create 15 | end 16 | end 17 | end 18 | else 19 | Chef::Log.error "Authbind is only available on Ubuntu/Debian systems." 20 | node.override['graylog']['graylog-server']['wrapper'] = nil 21 | end 22 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/recipes/bootstrap.rb: -------------------------------------------------------------------------------- 1 | bootstrap_status_file = "/var/opt/graylog/bootstrapped" 2 | 3 | file bootstrap_status_file do 4 | owner "root" 5 | group "root" 6 | mode "0600" 7 | content "All your bootstraps are belong to Chef" 8 | end 9 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/recipes/bootstrap_disable.rb: -------------------------------------------------------------------------------- 1 | # Nothing to do here 2 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/recipes/default.rb: -------------------------------------------------------------------------------- 1 | require 'openssl' 2 | 3 | ENV['PATH'] = "/opt/graylog/bin:/opt/graylog/embedded/bin:#{ENV['PATH']}" 4 | 5 | directory "/etc/graylog" do 6 | owner "root" 7 | group "root" 8 | mode "0775" 9 | action :nothing 10 | end.run_action(:create) 11 | 12 | Graylog[:node] = node 13 | node.consume_attributes(Graylog.generate_config(node['fqdn'])) 14 | $registry = GraylogRegistry.new(node) 15 | Chef::Mixin::DeepMerge.deep_merge!(Graylog[:custom_attributes], node.override[:graylog]) unless Graylog[:custom_attributes].nil? 16 | 17 | if File.exists?("/var/opt/graylog/bootstrapped") 18 | node.set['graylog']['bootstrap']['enable'] = false 19 | end 20 | 21 | include_recipe "graylog::users" 22 | include_recipe "graylog::authbind" 23 | include_recipe "runit" 24 | include_recipe "runit::svloggelfd" 25 | include_recipe "timezone-ii" 26 | 27 | # Configure Services 28 | [ 29 | "bootstrap", 30 | "etcd", 31 | "elasticsearch", 32 | "mongodb", 33 | "graylog-server", 34 | "nginx", 35 | ].each do |service| 36 | if Graylog.enabled?(service) 37 | include_recipe "graylog::#{service}" 38 | else 39 | include_recipe "graylog::#{service}_disable" 40 | end 41 | end 42 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/recipes/elasticsearch.rb: -------------------------------------------------------------------------------- 1 | es_log_dir = node['graylog']['elasticsearch']['log_directory'] 2 | es_data_dir = node['graylog']['elasticsearch']['data_directory'] 3 | es_user = node['graylog']['user']['username'] 4 | 5 | directory es_log_dir do 6 | owner es_user 7 | mode "0700" 8 | recursive true 9 | end 10 | 11 | directory es_data_dir do 12 | owner es_user 13 | group node['graylog']['user']['group'] 14 | mode "0750" 15 | recursive true 16 | end 17 | 18 | directory "#{node['graylog']['install_directory']}/elasticsearch/config/scripts" do 19 | owner es_user 20 | group node['graylog']['user']['group'] 21 | mode "0750" 22 | recursive true 23 | end 24 | 25 | template "#{node['graylog']['install_directory']}/elasticsearch/config/elasticsearch.yml" do 26 | owner es_user 27 | group node['graylog']['user']['group'] 28 | mode "0644" 29 | variables( 30 | :es_host => $registry.get_es_host, 31 | :es_nodes => $registry.get_es_nodes.map{|x| "#{x}:9300"}.to_s 32 | ) 33 | notifies :restart, 'service[elasticsearch]' 34 | end 35 | 36 | template "#{node['graylog']['install_directory']}/elasticsearch/config/log4j2.properties" do 37 | source "elasticsearch_log4j2.properties.erb" 38 | owner es_user 39 | group node['graylog']['user']['group'] 40 | mode "0644" 41 | notifies :restart, 'service[elasticsearch]' 42 | end 43 | 44 | link "#{node['graylog']['install_directory']}/conf/elasticsearch" do 45 | to "#{node['graylog']['install_directory']}/elasticsearch/config" 46 | end 47 | 48 | es_memory = ENV['ES_MEMORY'] || node['graylog']['elasticsearch']['memory'] || "#{(node.memory.total.to_i * 0.6 ).floor / 1024}m" 49 | runit_service "elasticsearch" do 50 | restart_command "-w 45 restart" 51 | run_restart false 52 | options({ 53 | :log_directory => es_log_dir, 54 | :install_directory => node['graylog']['install_directory'], 55 | :max_memory => es_memory 56 | }.merge(params)) 57 | log_options node['graylog']['logging'].to_hash.merge(node['graylog']['elasticsearch'].to_hash) 58 | end 59 | 60 | if node['graylog']['bootstrap']['enable'] 61 | execute "/opt/graylog/embedded/bin/graylog-ctl start elasticsearch" do 62 | retries 20 63 | end 64 | end 65 | 66 | ruby_block "add node to cluster list" do 67 | block do 68 | $registry.add_es_node(node['ipaddress']) 69 | end 70 | end 71 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/recipes/elasticsearch_disable.rb: -------------------------------------------------------------------------------- 1 | runit_service "elasticsearch" do 2 | action :disable 3 | end 4 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/recipes/etcd.rb: -------------------------------------------------------------------------------- 1 | etcd_log_dir = node['graylog']['etcd']['log_directory'] 2 | etcd_data_dir = node['graylog']['etcd']['data_directory'] 3 | etcd_user = node['graylog']['user']['username'] 4 | 5 | directory etcd_log_dir do 6 | owner etcd_user 7 | mode "0700" 8 | recursive true 9 | end 10 | 11 | directory etcd_data_dir do 12 | owner etcd_user 13 | group node['graylog']['user']['group'] 14 | mode "0750" 15 | recursive true 16 | end 17 | 18 | runit_service "etcd" do 19 | options({ 20 | :log_directory => etcd_log_dir, 21 | :data_directory => etcd_data_dir, 22 | :install_directory => node['graylog']['install_directory'] 23 | }.merge(params)) 24 | log_options node['graylog']['logging'].to_hash.merge(node['graylog']['etcd'].to_hash) 25 | end 26 | 27 | execute "remove unneeded snapshot files" do 28 | command "rm #{File.join(etcd_data_dir, 'member', 'snap', '*')}" 29 | only_if { !Dir.glob(File.join(etcd_data_dir, 'member', 'snap', '*.snap')).empty? } 30 | end 31 | 32 | if node['graylog']['bootstrap']['enable'] 33 | execute "/opt/graylog/embedded/bin/graylog-ctl start etcd" do 34 | retries 20 35 | end 36 | end 37 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/recipes/etcd_disable.rb: -------------------------------------------------------------------------------- 1 | runit_service "etcd" do 2 | action :disable 3 | end 4 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/recipes/graylog-server.rb: -------------------------------------------------------------------------------- 1 | server_log_dir = node['graylog']['graylog-server']['log_directory'] 2 | server_journal_dir = node['graylog']['graylog-server']['journal_directory'] 3 | server_user = node['graylog']['user']['username'] 4 | mongo_login = Graylog.get_mongodb_user 5 | 6 | directory server_log_dir do 7 | owner server_user 8 | mode "0700" 9 | recursive true 10 | end 11 | 12 | directory server_journal_dir do 13 | owner server_user 14 | group node['graylog']['user']['group'] 15 | mode "0750" 16 | recursive true 17 | end 18 | 19 | file node['graylog']['graylog-server']['node_id'] do 20 | content Graylog['node_id'] if Graylog['node_id'] 21 | owner server_user 22 | notifies :restart, 'service[graylog-server]', :delayed 23 | end 24 | 25 | if not Graylog['smtp_server'].empty? 26 | email_enabled = true 27 | else 28 | email_enabled = false 29 | end 30 | 31 | if not Graylog['smtp_user'].empty? and not Graylog['smtp_password'].empty? 32 | email_auth = true 33 | else 34 | email_auth = false 35 | end 36 | 37 | template "#{node['graylog']['install_directory']}/conf/graylog.conf" do 38 | owner server_user 39 | group node['graylog']['user']['group'] 40 | mode "0644" 41 | variables( 42 | :is_master => $registry.is_master.to_s, 43 | :email_enabled => email_enabled, 44 | :email_auth => email_auth, 45 | :es_nodes => $registry.get_es_nodes.map{|x| "#{node['graylog']['graylog-server']['elasticsearch_protocol']}://#{x}:9200"}.join(","), 46 | :es_uri => node['graylog']['graylog-server']['elasticsearch_uri'], 47 | :mongo_server => Graylog['master_node'], 48 | :mongo_login => mongo_login, 49 | :mongo_uri => node['graylog']['mongodb']['uri'], 50 | :web_listen_uri => Graylog['web_listen_uri'] || node['graylog']['graylog-server']['web_listen_uri'], 51 | :rest_listen_uri => Graylog['rest_listen_uri'] || node['graylog']['graylog-server']['rest_listen_uri'] 52 | ) 53 | notifies :restart, 'service[graylog-server]', :delayed 54 | end 55 | 56 | template "#{node['graylog']['install_directory']}/conf/log4j2.xml" do 57 | owner server_user 58 | group node['graylog']['user']['group'] 59 | mode "0644" 60 | end 61 | 62 | server_jar = "graylog-server.jar" 63 | if File.exists? "#{node['graylog']['install_directory']}/server/graylog.jar" 64 | server_jar = "graylog.jar server" 65 | end 66 | 67 | runit_service "graylog-server" do 68 | restart_command "-w 20 force-restart" 69 | run_restart false 70 | options({ 71 | :log_directory => server_log_dir, 72 | :install_directory => node['graylog']['install_directory'], 73 | :server_jar => server_jar, 74 | :max_memory => node['graylog']['graylog-server']['memory'] 75 | }.merge(params)) 76 | log_options node['graylog']['logging'].to_hash.merge(node['graylog']['graylog-server'].to_hash) 77 | ignore_failure true 78 | end 79 | 80 | if node['graylog']['bootstrap']['enable'] 81 | execute "/opt/graylog/embedded/bin/graylog-ctl start graylog-server" do 82 | retries 20 83 | end 84 | end 85 | 86 | ruby_block "add node to server list" do 87 | block do 88 | $registry.set_master 89 | $registry.add_gl_server(node['ipaddress']) 90 | end 91 | retries 15 92 | end 93 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/recipes/graylog-server_disable.rb: -------------------------------------------------------------------------------- 1 | runit_service "graylog-server" do 2 | action :disable 3 | end 4 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/recipes/mongodb.rb: -------------------------------------------------------------------------------- 1 | mongodb_log_dir = node['graylog']['mongodb']['log_directory'] 2 | mongodb_data_dir = node['graylog']['mongodb']['data_directory'] 3 | mongodb_user = node['graylog']['user']['username'] 4 | mongodb_listen = Graylog['local_connect'] ? '127.0.0.1' : '0.0.0.0' 5 | mongodb_login = Graylog.get_mongodb_user 6 | 7 | directory mongodb_log_dir do 8 | owner mongodb_user 9 | mode "0700" 10 | recursive true 11 | end 12 | 13 | directory mongodb_data_dir do 14 | owner mongodb_user 15 | group node['graylog']['user']['group'] 16 | mode "0750" 17 | recursive true 18 | end 19 | 20 | runit_service "mongodb" do 21 | options({ 22 | :log_directory => mongodb_log_dir, 23 | :install_directory => node['graylog']['install_directory'], 24 | :listen_address => mongodb_listen, 25 | :auth => mongodb_login.nil? ? false : true 26 | }.merge(params)) 27 | log_options node['graylog']['logging'].to_hash.merge(node['graylog']['mongodb'].to_hash) 28 | end 29 | 30 | if node['graylog']['bootstrap']['enable'] 31 | execute "/opt/graylog/embedded/bin/graylog-ctl start mongodb" do 32 | retries 20 33 | end 34 | end 35 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/recipes/mongodb_disable.rb: -------------------------------------------------------------------------------- 1 | runit_service "mongodb" do 2 | action :disable 3 | end 4 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/recipes/nginx.rb: -------------------------------------------------------------------------------- 1 | nginx_user = node['graylog']['nginx']['user'] 2 | nginx_log_dir = node['graylog']['nginx']['log_directory'] 3 | nginx_ca_dir = File.join(node['graylog']['install_directory'], "conf", "nginx", "ca") 4 | 5 | ssl_keyfile = File.join(nginx_ca_dir, "graylog.key") 6 | ssl_crtfile = File.join(nginx_ca_dir, "graylog.crt") 7 | ssl_signing_conf = File.join(nginx_ca_dir, "graylog-ssl.conf") 8 | 9 | directory nginx_ca_dir do 10 | owner nginx_user 11 | mode '0700' 12 | recursive true 13 | end 14 | 15 | directory nginx_log_dir do 16 | owner nginx_user 17 | mode "0700" 18 | recursive true 19 | end 20 | 21 | unless File.exists?(ssl_keyfile) && File.exists?(ssl_crtfile) && File.exists?(ssl_signing_conf) 22 | file ssl_keyfile do 23 | owner "root" 24 | group "root" 25 | mode "0644" 26 | content `/opt/graylog/embedded/bin/openssl genrsa 2048` 27 | not_if { File.exists?(ssl_keyfile) } 28 | end 29 | 30 | file ssl_signing_conf do 31 | owner "root" 32 | group "root" 33 | mode "0644" 34 | not_if { File.exists?(ssl_signing_conf) } 35 | content <<-EOH 36 | [ req ] 37 | distinguished_name = req_distinguished_name 38 | prompt = no 39 | 40 | [ req_distinguished_name ] 41 | C = #{node['graylog']['nginx']['ssl_country_name']} 42 | ST = #{node['graylog']['nginx']['ssl_state_name']} 43 | L = #{node['graylog']['nginx']['ssl_locality_name']} 44 | O = #{node['graylog']['nginx']['ssl_company_name']} 45 | OU = #{node['graylog']['nginx']['ssl_organizational_unit_name']} 46 | CN = #{node['graylog']['nginx']['server_name']} 47 | emailAddress = #{node['graylog']['nginx']['ssl_email_address']} 48 | EOH 49 | end 50 | 51 | ruby_block "create crtfile" do 52 | block do 53 | r = Chef::Resource::File.new(ssl_crtfile, run_context) 54 | r.owner "root" 55 | r.group "root" 56 | r.mode "0644" 57 | r.content `/opt/graylog/embedded/bin/openssl req -config '#{ssl_signing_conf}' -new -x509 -nodes -sha1 -days 3650 -key #{ssl_keyfile}` 58 | r.not_if { File.exists?(ssl_crtfile) } 59 | r.run_action(:create) 60 | end 61 | end 62 | end 63 | 64 | node.default['graylog']['nginx']['ssl_certificate'] = ssl_crtfile 65 | node.default['graylog']['nginx']['ssl_certificate_key'] = ssl_keyfile 66 | 67 | template "#{node['graylog']['install_directory']}/conf/nginx/nginx.conf" do 68 | owner node['graylog']['user']['username'] 69 | group node['graylog']['user']['group'] 70 | mode "0644" 71 | notifies :restart, 'service[nginx]' 72 | end 73 | 74 | template "#{node['graylog']['install_directory']}/embedded/html/502.html" do 75 | owner node['graylog']['user']['username'] 76 | group node['graylog']['user']['group'] 77 | mode "0644" 78 | end 79 | 80 | runit_service "nginx" do 81 | options({ 82 | :log_directory => nginx_log_dir, 83 | }.merge(params)) 84 | log_options node['graylog']['logging'].to_hash.merge(node['graylog']['nginx'].to_hash) 85 | end 86 | 87 | if node['graylog']['bootstrap']['enable'] 88 | execute "/opt/graylog/embedded/bin/graylog-ctl start nginx" do 89 | retries 20 90 | end 91 | end 92 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/recipes/nginx_disable.rb: -------------------------------------------------------------------------------- 1 | runit_service "nginx" do 2 | action :disable 3 | end 4 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/recipes/show_config.rb: -------------------------------------------------------------------------------- 1 | Graylog[:node] = node 2 | config = Graylog.generate_config(node['fqdn']) 3 | 4 | puts Chef::JSONCompat.to_json_pretty(config) 5 | return 6 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/recipes/users.rb: -------------------------------------------------------------------------------- 1 | graylog_username = node['graylog']['user']['username'] 2 | graylog_group = node['graylog']['user']['group'] 3 | graylog_home = node['graylog']['user']['home'] 4 | 5 | # Create the group for the Graylog user 6 | group graylog_group do 7 | gid node['graylog']['user']['gid'] 8 | end 9 | 10 | # Create the Graylog user 11 | user graylog_username do 12 | shell node['graylog']['user']['shell'] 13 | home graylog_home 14 | uid node['graylog']['user']['uid'] 15 | gid graylog_group 16 | end 17 | 18 | # create home directory 19 | directory graylog_home do 20 | owner graylog_username 21 | group graylog_group 22 | end 23 | 24 | # Configure Git settings for the Graylog user 25 | template File.join(graylog_home, ".gitconfig") do 26 | source "gitconfig.erb" 27 | owner graylog_username 28 | group graylog_group 29 | mode "0644" 30 | variables(node['graylog']['user'].to_hash) 31 | end 32 | 33 | # create additional directories 34 | directory "#{graylog_home}/data" do 35 | owner graylog_username 36 | group graylog_group 37 | end 38 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/templates/default/502.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Graylog is restarting 5 | 11 | 12 | 13 |
14 |

Graylog is restarting...

15 |

There is no Graylog web application running at the moment, please reload this page in a minute. It can take up to 1-2 minutes until all services are running properly. In case this is a permanent error, check the following: 16 |

21 |
22 | 23 | 24 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/templates/default/elasticsearch_log4j2.properties.erb: -------------------------------------------------------------------------------- 1 | status = error 2 | 3 | # log action execution errors for easier debugging 4 | logger.action.name = org.elasticsearch.action 5 | logger.action.level = debug 6 | 7 | appender.console.type = Console 8 | appender.console.name = console 9 | appender.console.layout.type = PatternLayout 10 | appender.console.layout.pattern = [%-5p][%-25c{1.}] %marker%m%n 11 | 12 | appender.rolling.type = RollingFile 13 | appender.rolling.name = rolling 14 | appender.rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}.log 15 | appender.rolling.layout.type = PatternLayout 16 | appender.rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%.-10000m%n 17 | appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}.log 18 | appender.rolling.policies.type = Policies 19 | appender.rolling.policies.time.type = TimeBasedTriggeringPolicy 20 | appender.rolling.policies.time.interval = 1 21 | appender.rolling.policies.time.modulate = true 22 | 23 | rootLogger.level = info 24 | rootLogger.appenderRef.console.ref = console 25 | rootLogger.appenderRef.rolling.ref = rolling 26 | 27 | appender.deprecation_rolling.type = RollingFile 28 | appender.deprecation_rolling.name = deprecation_rolling 29 | appender.deprecation_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation.log 30 | appender.deprecation_rolling.layout.type = PatternLayout 31 | appender.deprecation_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%.-10000m%n 32 | appender.deprecation_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation-%i.log.gz 33 | appender.deprecation_rolling.policies.type = Policies 34 | appender.deprecation_rolling.policies.size.type = SizeBasedTriggeringPolicy 35 | appender.deprecation_rolling.policies.size.size = 1GB 36 | appender.deprecation_rolling.strategy.type = DefaultRolloverStrategy 37 | appender.deprecation_rolling.strategy.max = 4 38 | 39 | logger.deprecation.name = org.elasticsearch.deprecation 40 | logger.deprecation.level = warn 41 | logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling 42 | logger.deprecation.additivity = false 43 | 44 | appender.index_search_slowlog_rolling.type = RollingFile 45 | appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling 46 | appender.index_search_slowlog_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_index_search_slowlog.log 47 | appender.index_search_slowlog_rolling.layout.type = PatternLayout 48 | appender.index_search_slowlog_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] %marker%.-10000m%n 49 | appender.index_search_slowlog_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_index_search_slowlog-%d{yyyy-MM-dd}.log 50 | appender.index_search_slowlog_rolling.policies.type = Policies 51 | appender.index_search_slowlog_rolling.policies.time.type = TimeBasedTriggeringPolicy 52 | appender.index_search_slowlog_rolling.policies.time.interval = 1 53 | appender.index_search_slowlog_rolling.policies.time.modulate = true 54 | 55 | logger.index_search_slowlog_rolling.name = index.search.slowlog 56 | logger.index_search_slowlog_rolling.level = trace 57 | logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling 58 | logger.index_search_slowlog_rolling.additivity = false 59 | 60 | appender.index_indexing_slowlog_rolling.type = RollingFile 61 | appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling 62 | appender.index_indexing_slowlog_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_index_indexing_slowlog.log 63 | appender.index_indexing_slowlog_rolling.layout.type = PatternLayout 64 | appender.index_indexing_slowlog_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] %marker%.-10000m%n 65 | appender.index_indexing_slowlog_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_index_indexing_slowlog-%d{yyyy-MM-dd}.log 66 | appender.index_indexing_slowlog_rolling.policies.type = Policies 67 | appender.index_indexing_slowlog_rolling.policies.time.type = TimeBasedTriggeringPolicy 68 | appender.index_indexing_slowlog_rolling.policies.time.interval = 1 69 | appender.index_indexing_slowlog_rolling.policies.time.modulate = true 70 | 71 | logger.index_indexing_slowlog.name = index.indexing.slowlog.index 72 | logger.index_indexing_slowlog.level = trace 73 | logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling 74 | logger.index_indexing_slowlog.additivity = false 75 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/templates/default/gitconfig.erb: -------------------------------------------------------------------------------- 1 | # This file is managed by graylog-ctl. Manual changes will be 2 | # erased! To change the contents below, edit /etc/graylog/graylog.rb 3 | # and run `sudo graylog-ctl reconfigure`. 4 | 5 | [user] 6 | name = <%= node['graylog']['user']['git_user_name'] %> 7 | email = <%= node['graylog']['user']['git_user_email'] %> 8 | [core] 9 | autocrlf = input 10 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/templates/default/log4j2.xml.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/templates/default/nginx.conf.erb: -------------------------------------------------------------------------------- 1 | worker_processes 1; 2 | daemon off; 3 | 4 | events { 5 | worker_connections 1024; 6 | } 7 | 8 | http { 9 | include /opt/graylog/conf/nginx/mime.types; 10 | default_type application/octet-stream; 11 | log_format graylog_format 'nginx: $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for" '; 12 | access_log /dev/stdout graylog_format; 13 | 14 | server { 15 | listen 80; 16 | <%- if Graylog['enforce_ssl'] -%> 17 | return 301 https://$host:443$request_uri; 18 | <%- else -%> 19 | location / { 20 | proxy_pass http://localhost:9000; 21 | proxy_http_version 1.1; 22 | proxy_set_header Host $host; 23 | proxy_set_header X-Real-IP $remote_addr; 24 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 25 | <%- if Graylog['external_rest_uri'] -%> 26 | proxy_set_header X-Graylog-Server-URL <%= Graylog['external_rest_uri'] %>; 27 | <%- end -%> 28 | proxy_pass_request_headers on; 29 | proxy_connect_timeout 150; 30 | proxy_send_timeout 100; 31 | proxy_read_timeout 100; 32 | proxy_buffers 4 32k; 33 | client_max_body_size 8m; 34 | client_body_buffer_size 128k; 35 | } 36 | <%- end -%> 37 | error_page 502 /502.html; 38 | location /502.html { 39 | internal; 40 | } 41 | } 42 | 43 | <%- if Graylog['enforce_ssl'] -%> 44 | server { 45 | listen 443; 46 | 47 | ssl on; 48 | ssl_certificate <%= node['graylog']['nginx']['ssl_certificate'] %>; 49 | ssl_certificate_key <%= node['graylog']['nginx']['ssl_certificate_key'] %>; 50 | ssl_session_timeout 5m; 51 | ssl_protocols <%= node['graylog']['nginx']['ssl_protocols'] %>; 52 | ssl_ciphers <%= node['graylog']['nginx']['ssl_ciphers'] %>; 53 | ssl_prefer_server_ciphers on; 54 | 55 | location / { 56 | proxy_pass http://localhost:9000; 57 | proxy_http_version 1.1; 58 | proxy_set_header Host $host; 59 | proxy_set_header X-Real-IP $remote_addr; 60 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 61 | <%- if Graylog['external_rest_uri'] -%> 62 | proxy_set_header X-Graylog-Server-URL <%= Graylog['external_rest_uri'] %>; 63 | <%- else -%> 64 | proxy_set_header X-Graylog-Server-URL https://$host:443/api; 65 | <%- end -%> 66 | proxy_pass_request_headers on; 67 | proxy_connect_timeout 150; 68 | proxy_send_timeout 100; 69 | proxy_read_timeout 100; 70 | proxy_buffers 4 32k; 71 | client_max_body_size 8m; 72 | client_body_buffer_size 128k; 73 | } 74 | 75 | error_page 502 /502.html; 76 | location /502.html { 77 | internal; 78 | } 79 | } 80 | <%- end -%> 81 | } 82 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/templates/default/sv-elasticsearch-log-config.erb: -------------------------------------------------------------------------------- 1 | <%= "s#@svlogd_size" if @svlogd_size %> 2 | <%= "n#@svlogd_num" if @svlogd_num %> 3 | <%= "t#@svlogd_timeout" if @svlogd_timeout %> 4 | <%= "!#@svlogd_filter" if @svlogd_filter %> 5 | <%= "u#@svlogd_udp" if @svlogd_udp %> 6 | <%= "p#@svlogd_prefix" if @svlogd_prefix %> 7 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/templates/default/sv-elasticsearch-log-run.erb: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | exec <%- if Graylog['internal_logging'] -%>/opt/graylog/embedded/bin/svloggelfd -H 127.0.0.1:12201 -s elasticsearch -e | <%- end -%>svlogd -tt <%= @options[:log_directory] %> 3 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/templates/default/sv-elasticsearch-run.erb: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | exec 2>&1 3 | 4 | umask 077 5 | ulimit -n 65536 6 | ulimit -l unlimited 7 | sysctl -w vm.max_map_count=262144 8 | 9 | export ES_HOME=<%= @options[:install_directory] %>/elasticsearch 10 | export ES_JAVA_OPTS=" 11 | -server 12 | -Xms<%= @options[:max_memory] %> -Xmx<%= @options[:max_memory] %> 13 | -Djava.net.preferIPv4Stack=true 14 | -Dlog4j2.disable.jmx=true 15 | -XX:+UseParNewGC 16 | -XX:+UseConcMarkSweepGC 17 | -XX:+CMSParallelRemarkEnabled 18 | -XX:SurvivorRatio=8 19 | -XX:MaxTenuringThreshold=1 20 | -XX:CMSInitiatingOccupancyFraction=75 21 | -XX:+UseCMSInitiatingOccupancyOnly 22 | -XX:+HeapDumpOnOutOfMemoryError" 23 | export JAVA_HOME=<%= @options[:install_directory] %>/embedded/jre 24 | 25 | exec chpst -P -U <%= node['graylog']['user']['username'] %> -u <%= node['graylog']['user']['username'] %> $ES_HOME/bin/elasticsearch 26 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/templates/default/sv-etcd-log-config.erb: -------------------------------------------------------------------------------- 1 | <%= "s#@svlogd_size" if @svlogd_size %> 2 | <%= "n#@svlogd_num" if @svlogd_num %> 3 | <%= "t#@svlogd_timeout" if @svlogd_timeout %> 4 | <%= "!#@svlogd_filter" if @svlogd_filter %> 5 | <%= "u#@svlogd_udp" if @svlogd_udp %> 6 | <%= "p#@svlogd_prefix" if @svlogd_prefix %> 7 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/templates/default/sv-etcd-log-run.erb: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | exec <%- if Graylog['internal_logging'] -%>/opt/graylog/embedded/bin/svloggelfd -H 127.0.0.1:12201 -s etcd -e | <%- end -%>svlogd -tt <%= @options[:log_directory] %> 3 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/templates/default/sv-etcd-run.erb: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | exec 2>&1 3 | 4 | export LC_ALL=C 5 | umask 077 6 | exec chpst -P -U <%= node['graylog']['user']['username'] %> -u <%= node['graylog']['user']['username'] %> <%= @options[:install_directory] %>/embedded/sbin/etcd -advertise-client-urls=http://<%= node['ipaddress'] %>:4001 -listen-client-urls=http://0.0.0.0:2379,http://0.0.0.0:4001 -data-dir=<%= node['graylog']['etcd']['data_directory'] %> 7 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/templates/default/sv-graylog-server-log-config.erb: -------------------------------------------------------------------------------- 1 | <%= "s#@svlogd_size" if @svlogd_size %> 2 | <%= "n#@svlogd_num" if @svlogd_num %> 3 | <%= "t#@svlogd_timeout" if @svlogd_timeout %> 4 | <%= "!#@svlogd_filter" if @svlogd_filter %> 5 | <%= "u#@svlogd_udp" if @svlogd_udp %> 6 | <%= "p#@svlogd_prefix" if @svlogd_prefix %> 7 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/templates/default/sv-graylog-server-log-run.erb: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | exec <%- if Graylog['internal_logging'] -%>/opt/graylog/embedded/bin/svloggelfd -H 127.0.0.1:12201 -s graylog-server -e | <%- end -%>svlogd -tt <%= @options[:log_directory] %> 3 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/templates/default/sv-graylog-server-run.erb: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | exec 2>&1 3 | 4 | umask 077 5 | 6 | if [ -f "/opt/graylog/embedded/share/graylog/installation-source.sh" ]; then 7 | . "/opt/graylog/embedded/share/graylog/installation-source.sh" 8 | fi 9 | 10 | export JAVA_HOME=<%= @options[:install_directory] %>/embedded/jre 11 | export GRAYLOG_SERVER_JAVA_OPTS="-Xms1g -Xmx<%= @options[:max_memory] %> -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow <%= node['graylog']['graylog-server']['java_opts'] %>" 12 | 13 | # check if mongodb is up 14 | timeout 600 bash -c "until curl -s http://127.0.0.1:27017; do sleep 1; done" 15 | exec chpst -P -U <%= node['graylog']['user']['username'] %> -u <%= node['graylog']['user']['username'] %> <%= node['graylog']['graylog-server']['wrapper'] %> $JAVA_HOME/bin/java $GRAYLOG_SERVER_JAVA_OPTS -jar -Dlog4j.configurationFile=file:///opt/graylog/conf/log4j2.xml -Djava.library.path=/opt/graylog/server/lib/sigar/ -Dgraylog2.installation_source=${GRAYLOG_INSTALLATION_SOURCE:=unknown} <%= @options[:install_directory] %>/server/<%= @options[:server_jar] %> -f <%= @options[:install_directory] %>/conf/graylog.conf 16 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/templates/default/sv-mongodb-log-config.erb: -------------------------------------------------------------------------------- 1 | <%= "s#@svlogd_size" if @svlogd_size %> 2 | <%= "n#@svlogd_num" if @svlogd_num %> 3 | <%= "t#@svlogd_timeout" if @svlogd_timeout %> 4 | <%= "!#@svlogd_filter" if @svlogd_filter %> 5 | <%= "u#@svlogd_udp" if @svlogd_udp %> 6 | <%= "p#@svlogd_prefix" if @svlogd_prefix %> 7 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/templates/default/sv-mongodb-log-run.erb: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | exec <%- if Graylog['internal_logging'] -%>/opt/graylog/embedded/bin/svloggelfd -H 127.0.0.1:12201 -s mongodb -e | <%- end -%>svlogd -tt <%= @options[:log_directory] %> 3 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/templates/default/sv-mongodb-run.erb: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | exec 2>&1 3 | 4 | export LC_ALL=C 5 | umask 077 6 | exec chpst -P -U <%= node['graylog']['user']['username'] %> -u <%= node['graylog']['user']['username'] %> <%= @options[:install_directory] %>/mongodb/bin/mongod --dbpath <%= node['graylog']['mongodb']['data_directory'] %> --smallfiles --bind_ip <%= @options[:listen_address] %><% if @options[:auth] %> --auth<% end %> <%= node['graylog']['mongodb']['additional_options'] %> 7 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/templates/default/sv-nginx-log-config.erb: -------------------------------------------------------------------------------- 1 | <%= "s#@svlogd_size" if @svlogd_size %> 2 | <%= "n#@svlogd_num" if @svlogd_num %> 3 | <%= "t#@svlogd_timeout" if @svlogd_timeout %> 4 | <%= "!#@svlogd_filter" if @svlogd_filter %> 5 | <%= "u#@svlogd_udp" if @svlogd_udp %> 6 | <%= "p#@svlogd_prefix" if @svlogd_prefix %> 7 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/templates/default/sv-nginx-log-run.erb: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | exec <%- if Graylog['internal_logging'] -%>/opt/graylog/embedded/bin/svloggelfd -H 127.0.0.1:12201 -s nginx -e | <%- end -%>svlogd -tt <%= @options[:log_directory] %> 3 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/graylog/templates/default/sv-nginx-run.erb: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | exec 2>&1 3 | 4 | export LC_ALL=C 5 | umask 077 6 | exec /opt/graylog/embedded/sbin/nginx -c /opt/graylog/conf/nginx/nginx.conf 7 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | *~ 3 | *# 4 | .#* 5 | \#*# 6 | .*.sw[a-z] 7 | *.un~ 8 | *.tmp 9 | *.bk 10 | *.bkup 11 | .kitchen.local.yml 12 | Berksfile.lock 13 | Gemfile.lock 14 | 15 | .bundle/ 16 | .cache/ 17 | .kitchen/ 18 | .vagrant/ 19 | .vagrant.d/ 20 | bin/ 21 | tmp/ 22 | vendor/ 23 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/.kitchen.yml: -------------------------------------------------------------------------------- 1 | driver_plugin: vagrant 2 | driver_config: 3 | require_chef_omnibus: true 4 | customize: 5 | memory: 1024 6 | 7 | platforms: 8 | - name: ubuntu-12.04 9 | run_list: 10 | - recipe[apt] 11 | - name: ubuntu-10.04 12 | run_list: 13 | - recipe[apt] 14 | - name: centos-6.5 15 | - name: centos-5.10 16 | 17 | suites: 18 | - name: default 19 | run_list: 20 | - recipe[ntp::default] 21 | attributes: 22 | ntp: 23 | sync_clock: true 24 | sync_hw_clock: true 25 | - name: undo 26 | run_list: 27 | - recipe[ntp::undo] 28 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/.rubocop.yml: -------------------------------------------------------------------------------- 1 | AllCops: 2 | Excludes: 3 | - vendor/** 4 | 5 | AlignParameters: 6 | Enabled: false 7 | Encoding: 8 | Enabled: false 9 | HashSyntax: 10 | Enabled: false 11 | LineLength: 12 | Enabled: false 13 | MethodLength: 14 | Max: 30 15 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/.travis.yml: -------------------------------------------------------------------------------- 1 | language: ruby 2 | rvm: 3 | - 1.9.3 4 | - 2.0.0 5 | before_script: 6 | - bundle exec berks install 7 | script: 8 | - bundle exec rubocop 9 | - bundle exec foodcritic -f any --tags ~FC023 . 10 | - bundle exec rspec --color --format progress 11 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/Berksfile: -------------------------------------------------------------------------------- 1 | site :opscode 2 | metadata 3 | 4 | group :integration do 5 | cookbook 'apt', '~> 2.0' 6 | cookbook 'yum', '~> 2.0' 7 | cookbook 'minitest-handler', '~> 0.2' 8 | end 9 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | ntp Cookbook CHANGELOG 2 | ====================== 3 | This file is used to list changes made in each version of the ntp cookbook. 4 | 5 | v1.6.5 (2014-09-25) 6 | ------------------- 7 | - Ensure that ntp version is captured 8 | 9 | v1.6.4 (2014-07-02) 10 | ------------------- 11 | - Leapseconds File Expired, update to 3626380800 12 | - **[COOK-3887](https://tickets.opscode.com/browse/COOK-3887)** - Trivial changes to achieve Gentoo support 13 | - **[COOK-1876](https://tickets.opscode.com/browse/COOK-1876)** - ntp leapfile assumes ntpd >= 4.2.6 syntax 14 | 15 | v1.6.2 (2014-03-19) 16 | ------------------- 17 | - [COOK-4162] - change "No NTP servers specified" message to :debug 18 | 19 | v1.6.0 (2014-02-21) 20 | ------------------- 21 | ### Improvement 22 | - **[COOK-4346](https://tickets.opscode.com/browse/COOK-4346)** - Solaris 11 support for ntp 23 | - **[COOK-4339](https://tickets.opscode.com/browse/COOK-4339)** - Disable Monitoring by Default 24 | - **[COOK-3604](https://tickets.opscode.com/browse/COOK-3604)** - Enable listening on specific interfaces 25 | 26 | ### Bug 27 | - **[COOK-4106](https://tickets.opscode.com/browse/COOK-4106)** - Check for default content in ntp.conf 28 | - **[COOK-4087](https://tickets.opscode.com/browse/COOK-4087)** - quote option in readme 29 | - **[COOK-3797](https://tickets.opscode.com/browse/COOK-3797)** - Cookbook fails to upload due to 1.9.x syntax 30 | - **[COOK-3023](https://tickets.opscode.com/browse/COOK-3023)** - NTP leapseconds file denied by Ubuntu apparmor profile 31 | 32 | 33 | v1.5.4 (2013-12-29) 34 | ------------------- 35 | [COOK-4007]- update to 3612902400 36 | 37 | 38 | v1.5.2 39 | ------ 40 | ### Bug 41 | - **[COOK-3797](https://tickets.opscode.com/browse/COOK-3797)** - Add /spec to Chefignore 42 | 43 | v1.5.0 44 | ------ 45 | ### Improvement 46 | - **[COOK-3651](https://tickets.opscode.com/browse/COOK-3651)** - Refactor and clean up 47 | - **[COOK-3630](https://tickets.opscode.com/browse/COOK-3630)** - Switch NTP cookbook linting from Tailor to Rubocop 48 | - **[COOK-3273](https://tickets.opscode.com/browse/COOK-3273)** - Add tests 49 | 50 | ### New Feature 51 | - **[COOK-3636](https://tickets.opscode.com/browse/COOK-3636)** - Allow ntp cookbook to update clock to ntp servers 52 | 53 | ### Bug 54 | - **[COOK-3410](https://tickets.opscode.com/browse/COOK-3410)** - Remove redundant ntpdate/disable recipes 55 | - **[COOK-1170](https://tickets.opscode.com/browse/COOK-1170)** - Allow redefining NTP servers in a role 56 | 57 | 58 | v1.4.0 59 | ------ 60 | ### Improvement 61 | - **[COOK-3365](https://tickets.opscode.com/browse/COOK-3365)** - Update ntp leapseconds file to version 3597177600 62 | - **[COOK-1674](https://tickets.opscode.com/browse/COOK-1674)** - Add Windows support 63 | 64 | v1.3.2 65 | ------ 66 | - [COOK-2024] - update leapfile for IERS Bulletin C 67 | 68 | v1.3.0 69 | ------ 70 | - [COOK-1404] - add leapfile for handling leap seconds 71 | 72 | v1.2.0 73 | ------ 74 | - [COOK-1184] - Add recipe to disable NTP completely 75 | - [COOK-1298] - Refactor into a reference cookbook for testing 76 | 77 | v1.1.8 78 | ------ 79 | - [COOK-1158] - RHEL family >= 6 has ntpdate package 80 | 81 | v1.1.6 82 | ------ 83 | - Related to changes in COOK-1124, fix group for freebsd and else 84 | 85 | v1.1.4 86 | ------ 87 | - [COOK-1124] - parameterised driftfile and statsdir to be configurable by platform 88 | 89 | v1.1.2 90 | ------ 91 | - [COOK-952] - freebsd support 92 | - [COOK-949] - check for any virtual system not just vmware 93 | 94 | v1.1.0 95 | ------ 96 | - Fixes COOK-376 (use LAN peers, iburst option, LAN restriction attribute) 97 | 98 | v1.0.1 99 | ------ 100 | - Support scientific linux 101 | - Use service name attribute in resource (fixes EL derivatives) 102 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'berkshelf', '~> 2.0' 4 | gem 'chefspec', '~> 2.0' 5 | gem 'foodcritic', '~> 3.0' 6 | gem 'rubocop', '~> 0.23' 7 | 8 | group :integration do 9 | gem 'test-kitchen', '~> 1.2' 10 | gem 'kitchen-vagrant', '~> 0.15' 11 | end 12 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/TESTING.md: -------------------------------------------------------------------------------- 1 | This cookbook uses a variety of testing components: 2 | 3 | - Unit tests: [ChefSpec](https://github.com/acrmp/chefspec) 4 | - Integration tests: [Test Kitchen](https://github.com/opscode/test-kitchen) 5 | - Chef Style lints: [Foodcritic](https://github.com/acrmp/foodcritic) 6 | - Ruby Style lints: [Rubocop](https://github.com/bbatsov/rubocop) 7 | 8 | 9 | Prerequisites 10 | ------------- 11 | To develop on this cookbook, you must have a sane Ruby 1.9+ environment. Given the nature of this installation process (and it's variance across multiple operating systems), we will leave this installation process to the user. 12 | 13 | You must also have `bundler` installed: 14 | 15 | $ gem install bundler 16 | 17 | You must also have Vagrant and VirtualBox installed: 18 | 19 | - [Vagrant](https://vagrantup.com) 20 | - [VirtualBox](https://virtualbox.org) 21 | 22 | Once installed, you must install the `vagrant-berkshelf` plugin: 23 | 24 | $ vagrant plugin install vagrant-berkshelf 25 | 26 | 27 | Development 28 | ----------- 29 | 1. Clone the git repository from GitHub: 30 | 31 | $ git clone git@github.com:opscode-cookbooks/COOKBOOK.git 32 | 33 | 2. Install the dependencies using bundler: 34 | 35 | $ bundle install 36 | 37 | 3. Create a branch for your changes: 38 | 39 | $ git checkout -b my_bug_fix 40 | 41 | 4. Make any changes 42 | 5. Write tests to support those changes. It is highly recommended you write both unit and integration tests. 43 | 6. Run the tests: 44 | 45 | - `bundle exec rspec` 46 | - `bundle exec foodcritic .` 47 | - `bundle exec rubocop` 48 | - `bundle exec kitchen test` 49 | 50 | 7. Assuming the tests pass, open a Pull Request on GitHub 51 | 8. Open a JIRA ticket for this component, linking the JIRA ticket to the Pull Request and visa versa. 52 | 9. Mark the JIRA ticket as "Fix Provided" 53 | 54 | For more information, see [Opscode's Contribution Guidelines](https://wiki.opscode.com/display/chef/How+to+Contribute). 55 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/attributes/default.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: ntp 3 | # Attributes:: default 4 | # 5 | # Author:: Joshua Timberman () 6 | # Author:: Tim Smith () 7 | # Author:: Charles Johnson () 8 | # 9 | # Copyright 2009-2013, Opscode, Inc. 10 | # 11 | # Licensed under the Apache License, Version 2.0 (the "License"); 12 | # you may not use this file except in compliance with the License. 13 | # You may obtain a copy of the License at 14 | # 15 | # http://www.apache.org/licenses/LICENSE-2.0 16 | # 17 | # Unless required by applicable law or agreed to in writing, software 18 | # distributed under the License is distributed on an "AS IS" BASIS, 19 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 | # See the License for the specific language governing permissions and 21 | # limitations under the License. 22 | # 23 | 24 | # default attributes for all platforms 25 | default['ntp']['servers'] = [] # The default recipe sets a list of common NTP servers (COOK-1170) 26 | default['ntp']['peers'] = [] 27 | default['ntp']['restrictions'] = [] 28 | 29 | # internal attributes 30 | default['ntp']['packages'] = %w(ntp ntpdate) 31 | default['ntp']['service'] = 'ntpd' 32 | default['ntp']['varlibdir'] = '/var/lib/ntp' 33 | default['ntp']['driftfile'] = "#{node['ntp']['varlibdir']}/ntp.drift" 34 | default['ntp']['conffile'] = '/etc/ntp.conf' 35 | default['ntp']['statsdir'] = '/var/log/ntpstats/' 36 | default['ntp']['conf_owner'] = 'root' 37 | default['ntp']['conf_group'] = 'root' 38 | default['ntp']['var_owner'] = 'ntp' 39 | default['ntp']['var_group'] = 'ntp' 40 | default['ntp']['leapfile'] = '/etc/ntp.leapseconds' 41 | default['ntp']['sync_clock'] = false 42 | default['ntp']['sync_hw_clock'] = false 43 | default['ntp']['listen'] = nil 44 | default['ntp']['listen_network'] = nil 45 | default['ntp']['apparmor_enabled'] = false 46 | default['ntp']['monitor'] = false 47 | 48 | # overrides on a platform-by-platform basis 49 | case node['platform_family'] 50 | when 'debian' 51 | default['ntp']['service'] = 'ntp' 52 | default['ntp']['apparmor_enabled'] = true if node['platform'] == 'ubuntu' && node['platform_version'].to_f >= 8.04 && File.exists?('/etc/init.d/apparmor') 53 | when 'rhel' 54 | default['ntp']['packages'] = %w(ntp) if node['platform_version'].to_i < 6 55 | when 'windows' 56 | default['ntp']['service'] = 'NTP' 57 | default['ntp']['driftfile'] = 'C:\\NTP\\ntp.drift' 58 | default['ntp']['conffile'] = 'C:\\NTP\\etc\\ntp.conf' 59 | default['ntp']['conf_owner'] = 'Administrators' 60 | default['ntp']['conf_group'] = 'Administrators' 61 | default['ntp']['package_url'] = 'http://www.meinbergglobal.com/download/ntp/windows/ntp-4.2.6p5@london-o-lpv-win32-setup.exe' 62 | default['ntp']['vs_runtime_url'] = 'http://download.microsoft.com/download/1/1/1/1116b75a-9ec3-481a-a3c8-1777b5381140/vcredist_x86.exe' 63 | default['ntp']['vs_runtime_productname'] = 'Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022' 64 | when 'freebsd' 65 | default['ntp']['packages'] = %w(ntp) 66 | default['ntp']['varlibdir'] = '/var/db' 67 | default['ntp']['driftfile'] = "#{node['ntp']['varlibdir']}/ntpd.drift" 68 | default['ntp']['statsdir'] = "#{node['ntp']['varlibdir']}/ntpstats" 69 | default['ntp']['conf_group'] = 'wheel' 70 | default['ntp']['var_group'] = 'wheel' 71 | when 'gentoo' 72 | default['ntp']['packages'] = %w(ntp) 73 | default['ntp']['leapfile'] = "#{node['ntp']['varlibdir']}/ntp.leapseconds" 74 | when 'solaris2' 75 | default['ntp']['packages'] = %w(ntp) 76 | default['ntp']['service'] = 'ntp' 77 | default['ntp']['varlibdir'] = '/var/ntp' 78 | default['ntp']['conffile'] = '/etc/inet/ntp.conf' 79 | default['ntp']['statsdir'] = "#{node['ntp']['varlibdir']}/ntpstats/" 80 | default['ntp']['conf_owner'] = 'root' 81 | default['ntp']['conf_group'] = 'root' 82 | default['ntp']['var_owner'] = 'root' 83 | default['ntp']['var_group'] = 'sys' 84 | default['ntp']['leapfile'] = '/etc/inet/ntp.leap' 85 | end 86 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/chefignore: -------------------------------------------------------------------------------- 1 | # Put files/directories that should be ignored in this file. 2 | # Lines that start with '# ' are comments. 3 | 4 | # gitignore 5 | \.gitignore 6 | 7 | # emacs 8 | *~ 9 | 10 | # vim 11 | *.sw[a-z] 12 | 13 | # subversion 14 | */.svn/* 15 | 16 | # tests 17 | */test/* 18 | \.travis.yml 19 | Rakefile 20 | */spec/* 21 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/files/default/ntp.ini: -------------------------------------------------------------------------------- 1 | [Installer] 2 | InstallDir=C:\NTP 3 | UpgradeMode=Reinstall 4 | Logfile=C:\NTP\install.log 5 | Silent=yes 6 | 7 | [Components] 8 | InstallDocs=yes 9 | InstallTools=yes 10 | InstallOpenSSL=yes 11 | CreateStartMenuEntries=yes 12 | 13 | [Service] 14 | ModifyFirewall=yes 15 | ServiceAccount=@SYSTEM 16 | DisableOthers=yes 17 | AllowBigInitialTimestep=yes 18 | EnableMMTimer=yes 19 | AutoStart=yes 20 | StartAfterInstallation=yes 21 | 22 | [Configuration] 23 | UseConfigFile=C:\NTP\ntp.conf 24 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/files/default/tests/minitest/default_test.rb: -------------------------------------------------------------------------------- 1 | require File.expand_path('../support/helpers', __FILE__) 2 | 3 | describe 'ntp::default' do 4 | include Helpers::Ntp 5 | 6 | it 'starts the NTP daemon' do 7 | service(node['ntp']['service']).must_be_running 8 | service(node['ntp']['service']).must_be_enabled 9 | end 10 | 11 | it 'creates the leapfile' do 12 | file(node['ntp']['leapfile']).must_exist.with(:owner, node['ntp']['conf_owner']).and(:group, node['ntp']['conf_group']) 13 | end 14 | 15 | it 'creates the ntp.conf' do 16 | file(node['ntp']['conffile']).must_exist.with(:owner, node['ntp']['conf_owner']).and(:group, node['ntp']['conf_group']) 17 | 18 | node['ntp']['servers'].each do |s| 19 | file(node['ntp']['conffile']).must_include s 20 | end 21 | end 22 | end 23 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/files/default/tests/minitest/support/helpers.rb: -------------------------------------------------------------------------------- 1 | module Helpers 2 | # Helper modules for NTP cookbook minitest 3 | module Ntp 4 | include MiniTest::Chef::Assertions 5 | include MiniTest::Chef::Context 6 | include MiniTest::Chef::Resources 7 | end 8 | end 9 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/files/default/tests/minitest/undo_test.rb: -------------------------------------------------------------------------------- 1 | require File.expand_path('../support/helpers', __FILE__) 2 | 3 | describe 'ntp::undo' do 4 | include Helpers::Ntp 5 | 6 | it 'disables the NTP daemon' do 7 | service(node['ntp']['service']).wont_be_running 8 | service(node['ntp']['service']).wont_be_enabled 9 | end 10 | 11 | it 'removes the NTP packages' do 12 | node['ntp']['packages'].each do |p| 13 | package(p).wont_be_installed 14 | end 15 | end 16 | end 17 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/files/default/usr.sbin.ntpd.apparmor: -------------------------------------------------------------------------------- 1 | # vim:syntax=apparmor 2 | # 3 | # Maintained by Chef 4 | # 5 | # Updated for Ubuntu by: Jamie Strandboge 6 | # ------------------------------------------------------------------ 7 | # 8 | # Copyright (C) 2002-2005 Novell/SUSE 9 | # Copyright (C) 2009-2012 Canonical Ltd. 10 | # 11 | # This program is free software; you can redistribute it and/or 12 | # modify it under the terms of version 2 of the GNU General Public 13 | # License published by the Free Software Foundation. 14 | # 15 | # ------------------------------------------------------------------ 16 | 17 | #include 18 | #include 19 | /usr/sbin/ntpd { 20 | #include 21 | #include 22 | #include 23 | 24 | capability ipc_lock, 25 | capability net_bind_service, 26 | capability setgid, 27 | capability setuid, 28 | capability sys_chroot, 29 | capability sys_resource, 30 | capability sys_time, 31 | capability sys_nice, 32 | 33 | network inet dgram, 34 | network inet6 dgram, 35 | network inet stream, 36 | network inet6 stream, 37 | 38 | @{PROC}/net/if_inet6 r, 39 | @{PROC}/*/net/if_inet6 r, 40 | @{NTPD_DEVICE} rw, 41 | 42 | /usr/sbin/ntpd rmix, 43 | 44 | /etc/ntp.conf r, 45 | /etc/ntp.conf.dhcp r, 46 | /etc/ntpd.conf r, 47 | /etc/ntpd.conf.tmp r, 48 | /var/lib/ntp/ntp.conf.dhcp r, 49 | 50 | /etc/ntp.leapseconds r, 51 | 52 | /etc/ntp.keys r, 53 | /etc/ntp/** r, 54 | 55 | /etc/ntp.drift rwl, 56 | /etc/ntp.drift.TEMP rwl, 57 | /etc/ntp/drift* rwl, 58 | /var/lib/ntp/*drift rw, 59 | /var/lib/ntp/*drift.TEMP rw, 60 | 61 | /var/log/ntp w, 62 | /var/log/ntp.log w, 63 | /var/log/ntpd w, 64 | /var/log/ntpstats/clockstats* rwl, 65 | /var/log/ntpstats/loopstats* rwl, 66 | /var/log/ntpstats/peerstats* rwl, 67 | /var/log/ntpstats/rawstats* rwl, 68 | /var/log/ntpstats/sysstats* rwl, 69 | 70 | /{,var/}run/ntpd.pid w, 71 | 72 | # samba4 ntp signing socket 73 | /{,var/}run/samba/ntp_signd/socket rw, 74 | 75 | # For use with clocks that report via shared memory (e.g. gpsd), 76 | # you may need to give ntpd access to all of shared memory, though 77 | # this can be considered dangerous. See https://launchpad.net/bugs/722815 78 | # for details. To enable, add this to local/usr.sbin.ntpd: 79 | # capability ipc_owner, 80 | 81 | # Site-specific additions and overrides. See local/README for details. 82 | #include 83 | } 84 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/files/ubuntu-10/usr.sbin.ntpd.apparmor: -------------------------------------------------------------------------------- 1 | # vim:syntax=apparmor 2 | # 3 | # Maintained by Chef 4 | # 5 | # Updated for Ubuntu by: Jamie Strandboge 6 | # ------------------------------------------------------------------ 7 | # 8 | # Copyright (C) 2002-2005 Novell/SUSE 9 | # Copyright (C) 2009-2012 Canonical Ltd. 10 | # 11 | # This program is free software; you can redistribute it and/or 12 | # modify it under the terms of version 2 of the GNU General Public 13 | # License published by the Free Software Foundation. 14 | # 15 | # ------------------------------------------------------------------ 16 | 17 | #include 18 | #include 19 | /usr/sbin/ntpd { 20 | #include 21 | #include 22 | #include 23 | 24 | capability ipc_lock, 25 | capability net_bind_service, 26 | capability setgid, 27 | capability setuid, 28 | capability sys_chroot, 29 | capability sys_resource, 30 | capability sys_time, 31 | capability sys_nice, 32 | 33 | network inet dgram, 34 | network inet6 dgram, 35 | network inet stream, 36 | network inet6 stream, 37 | 38 | @{PROC}/net/if_inet6 r, 39 | @{PROC}/*/net/if_inet6 r, 40 | @{NTPD_DEVICE} rw, 41 | 42 | /usr/sbin/ntpd rmix, 43 | 44 | /etc/ntp.conf r, 45 | /etc/ntp.conf.dhcp r, 46 | /etc/ntpd.conf r, 47 | /etc/ntpd.conf.tmp r, 48 | /var/lib/ntp/ntp.conf.dhcp r, 49 | 50 | /etc/ntp.leapseconds r, 51 | 52 | /etc/ntp.keys r, 53 | /etc/ntp/** r, 54 | 55 | /etc/ntp.drift rwl, 56 | /etc/ntp.drift.TEMP rwl, 57 | /etc/ntp/drift* rwl, 58 | /var/lib/ntp/*drift rw, 59 | /var/lib/ntp/*drift.TEMP rw, 60 | 61 | /var/log/ntp w, 62 | /var/log/ntp.log w, 63 | /var/log/ntpd w, 64 | /var/log/ntpstats/clockstats* rwl, 65 | /var/log/ntpstats/loopstats* rwl, 66 | /var/log/ntpstats/peerstats* rwl, 67 | /var/log/ntpstats/rawstats* rwl, 68 | /var/log/ntpstats/sysstats* rwl, 69 | 70 | /{,var/}run/ntpd.pid w, 71 | 72 | # samba4 ntp signing socket 73 | /{,var/}run/samba/ntp_signd/socket rw, 74 | 75 | # For use with clocks that report via shared memory (e.g. gpsd), 76 | # you may need to give ntpd access to all of shared memory, though 77 | # this can be considered dangerous. See https://launchpad.net/bugs/722815 78 | # for details. To enable, add this to local/usr.sbin.ntpd: 79 | # capability ipc_owner, 80 | } 81 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/libraries/ntp_helper.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Author:: Julian C. Dunn () 3 | # Cookbook Name:: ntp 4 | # Library:: helper 5 | # 6 | # Copyright:: 2014, Chef Software, Inc. 7 | # 8 | # Licensed under the Apache License, Version 2.0 (the "License"); 9 | # you may not use this file except in compliance with the License. 10 | # You may obtain a copy of the License at 11 | # 12 | # http://www.apache.org/licenses/LICENSE-2.0 13 | # 14 | # Unless required by applicable law or agreed to in writing, software 15 | # distributed under the License is distributed on an "AS IS" BASIS, 16 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | # See the License for the specific language governing permissions and 18 | # limitations under the License. 19 | 20 | require 'chef/mixin/shell_out' 21 | 22 | module Opscode 23 | module Ntp 24 | # Helper methods for ntp 25 | module Helper 26 | include Chef::Mixin::ShellOut 27 | 28 | def ntpd_supports_native_leapfiles 29 | ntpd_version = determine_ntpd_version 30 | if ntpd_version 31 | ntpd_version =~ /ntpd.*(\d+\.\d+\.\d+)/ 32 | # Abuse of Gem::Requirement, but it works 33 | Gem::Requirement.new('>= 4.2.6').satisfied_by?(Gem::Version.new(Regexp.last_match(1))) 34 | else 35 | false 36 | end 37 | end 38 | 39 | private 40 | 41 | def determine_ntpd_version 42 | cmd = shell_out!('ntpd --version 2>&1') 43 | cmd.stdout.strip 44 | rescue Errno::ENOENT, Mixlib::ShellOut::ShellCommandFailed 45 | nil 46 | end 47 | end 48 | end 49 | end 50 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/metadata.rb: -------------------------------------------------------------------------------- 1 | name 'ntp' 2 | maintainer 'Opscode, Inc.' 3 | maintainer_email 'cookbooks@opscode.com' 4 | license 'Apache 2.0' 5 | description 'Installs and configures ntp as a client or server' 6 | long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) 7 | version '1.6.5' 8 | 9 | recipe 'ntp', 'Installs and configures ntp either as a server or client' 10 | 11 | %w{ amazon centos debian fedora freebsd gentoo redhat scientific solaris2 oracle ubuntu windows xcp }.each do |os| 12 | supports os 13 | end 14 | 15 | suggests 'windows' 16 | 17 | attribute 'ntp', 18 | :display_name => 'NTP', 19 | :description => 'Hash of NTP attributes', 20 | :type => 'hash' 21 | 22 | attribute 'ntp/servers', 23 | :display_name => 'NTP Servers', 24 | :description => 'Array of servers we should talk to', 25 | :type => 'array', 26 | :default => ['0.pool.ntp.org', '1.pool.ntp.org', '2.pool.ntp.org', '3.pool.ntp.org'], 27 | :required => 'recommended' 28 | 29 | attribute 'ntp/peers', 30 | :display_name => 'NTP Peers', 31 | :description => 'Array of local NTP servers, we should peer with', 32 | :type => 'array', 33 | :default => [], 34 | :required => 'recommended' 35 | 36 | attribute 'ntp/restrictions', 37 | :display_name => 'Restriction lines', 38 | :description => 'Array of restriction lines to apply to NTP servers', 39 | :type => 'array', 40 | :default => [], 41 | :required => 'recommended' 42 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/recipes/apparmor.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: ntp 3 | # Recipe:: apparmor 4 | # Author:: Scott Lampert () 5 | # 6 | # Copyright 2013, Scott Lampert 7 | # 8 | # Licensed under the Apache License, Version 2.0 (the "License"); 9 | # you may not use this file except in compliance with the License. 10 | # You may obtain a copy of the License at 11 | # 12 | # http://www.apache.org/licenses/LICENSE-2.0 13 | # 14 | # Unless required by applicable law or agreed to in writing, software 15 | # distributed under the License is distributed on an "AS IS" BASIS, 16 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | # See the License for the specific language governing permissions and 18 | # limitations under the License. 19 | 20 | service 'apparmor' do 21 | action :nothing 22 | end 23 | 24 | cookbook_file '/etc/apparmor.d/usr.sbin.ntpd' do 25 | source 'usr.sbin.ntpd.apparmor' 26 | owner 'root' 27 | group 'root' 28 | mode '0644' 29 | notifies :restart, 'service[apparmor]' 30 | end 31 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/recipes/default.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: ntp 3 | # Recipe:: default 4 | # Author:: Joshua Timberman () 5 | # Author:: Tim Smith () 6 | # 7 | # Copyright 2009-2013, Opscode, Inc 8 | # 9 | # Licensed under the Apache License, Version 2.0 (the "License"); 10 | # you may not use this file except in compliance with the License. 11 | # You may obtain a copy of the License at 12 | # 13 | # http://www.apache.org/licenses/LICENSE-2.0 14 | # 15 | # Unless required by applicable law or agreed to in writing, software 16 | # distributed under the License is distributed on an "AS IS" BASIS, 17 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | # See the License for the specific language governing permissions and 19 | # limitations under the License. 20 | 21 | if platform_family?('windows') 22 | include_recipe 'ntp::windows_client' 23 | else 24 | 25 | ::Chef::Recipe.send(:include, Opscode::Ntp::Helper) 26 | 27 | node['ntp']['packages'].each do |ntppkg| 28 | package ntppkg 29 | end 30 | 31 | [node['ntp']['varlibdir'], node['ntp']['statsdir']].each do |ntpdir| 32 | directory ntpdir do 33 | owner node['ntp']['var_owner'] 34 | group node['ntp']['var_group'] 35 | mode '0755' 36 | end 37 | end 38 | 39 | cookbook_file node['ntp']['leapfile'] do 40 | owner node['ntp']['conf_owner'] 41 | group node['ntp']['conf_group'] 42 | mode '0644' 43 | source 'ntp.leapseconds' 44 | end 45 | 46 | include_recipe 'ntp::apparmor' if node['ntp']['apparmor_enabled'] 47 | end 48 | 49 | unless node['ntp']['servers'].size > 0 50 | node.default['ntp']['servers'] = [ 51 | '0.pool.ntp.org', 52 | '1.pool.ntp.org', 53 | '2.pool.ntp.org', 54 | '3.pool.ntp.org' 55 | ] 56 | Chef::Log.debug 'No NTP servers specified, using default ntp.org server pools' 57 | end 58 | 59 | if node['ntp']['listen'].nil? && !node['ntp']['listen_network'].nil? 60 | if node['ntp']['listen_network'] == 'primary' 61 | node.set['ntp']['listen'] = node['ipaddress'] 62 | else 63 | require 'ipaddr' 64 | net = IPAddr.new(node['ntp']['listen_network']) 65 | 66 | node['network']['interfaces'].each do |iface, addrs| 67 | addrs['addresses'].each do |ip, params| 68 | addr = IPAddr.new(ip) if params['family'].eql?('inet') || params['family'].eql?('inet6') 69 | node.set['ntp']['listen'] = addr if net.include?(addr) 70 | end 71 | end 72 | end 73 | end 74 | 75 | leapfile_enabled = ntpd_supports_native_leapfiles 76 | 77 | template node['ntp']['conffile'] do 78 | source 'ntp.conf.erb' 79 | owner node['ntp']['conf_owner'] 80 | group node['ntp']['conf_group'] 81 | mode '0644' 82 | notifies :restart, "service[#{node['ntp']['service']}]" 83 | variables( 84 | :ntpd_supports_native_leapfiles => leapfile_enabled 85 | ) 86 | end 87 | 88 | if node['ntp']['sync_clock'] 89 | execute "Stop #{node['ntp']['service']} in preparation for ntpdate" do 90 | command '/bin/true' 91 | action :run 92 | notifies :stop, "service[#{node['ntp']['service']}]", :immediately 93 | end 94 | 95 | execute 'Force sync system clock with ntp server' do 96 | command 'ntpd -q' 97 | action :run 98 | notifies :start, "service[#{node['ntp']['service']}]" 99 | end 100 | end 101 | 102 | if node['ntp']['sync_hw_clock'] && !platform_family?('windows') 103 | execute 'Force sync hardware clock with system clock' do 104 | command 'hwclock --systohc' 105 | action :run 106 | end 107 | end 108 | 109 | service node['ntp']['service'] do 110 | supports :status => true, :restart => true 111 | action [:enable, :start] 112 | end 113 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/recipes/undo.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: ntp 3 | # Recipe:: undo 4 | # Author:: Eric G. Wolfe 5 | # 6 | # Copyright 2012, Eric G. Wolfe 7 | # Copyright 2009-2013, Opscode, Inc 8 | # 9 | # Licensed under the Apache License, Version 2.0 (the "License"); 10 | # you may not use this file except in compliance with the License. 11 | # You may obtain a copy of the License at 12 | # 13 | # http://www.apache.org/licenses/LICENSE-2.0 14 | # 15 | # Unless required by applicable law or agreed to in writing, software 16 | # distributed under the License is distributed on an "AS IS" BASIS, 17 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | # See the License for the specific language governing permissions and 19 | # limitations under the License. 20 | 21 | # Do not continue if trying to run this recipe on Windows 22 | return 'The ntp::undo recipe does not support Windows' if platform_family?('windows') 23 | 24 | service node['ntp']['service'] do 25 | supports :status => true, :restart => true 26 | action [:stop, :disable] 27 | end 28 | 29 | node['ntp']['packages'].each do |ntppkg| 30 | package ntppkg do 31 | action :remove 32 | end 33 | end 34 | 35 | ruby_block 'remove ntp::undo from run list' do 36 | block do 37 | node.run_list.remove('recipe[ntp::undo]') 38 | end 39 | only_if { node.run_list.include?('recipe[ntp::default]') } 40 | end 41 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/recipes/windows_client.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: ntp 3 | # Recipe:: windows_client 4 | # Author:: Tim Smith () 5 | # 6 | # Copyright 2012, Webtrends, Inc 7 | # Copyright 2013, Limelight Networks, Inc 8 | # 9 | # Licensed under the Apache License, Version 2.0 (the "License"); 10 | # you may not use this file except in compliance with the License. 11 | # You may obtain a copy of the License at 12 | # 13 | # http://www.apache.org/licenses/LICENSE-2.0 14 | # 15 | # Unless required by applicable law or agreed to in writing, software 16 | # distributed under the License is distributed on an "AS IS" BASIS, 17 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 | # See the License for the specific language governing permissions and 19 | # limitations under the License. 20 | 21 | # Do not continue if trying to run the Windows recipe on non-Windows platform 22 | return 'The ntp::windows_client recipe only supports Windows' unless platform_family?('windows') 23 | 24 | directory 'C:/NTP/etc' do 25 | inherits true 26 | action :create 27 | recursive true 28 | end 29 | 30 | cookbook_file 'C:/NTP/ntp.ini' do 31 | source 'ntp.ini' 32 | inherits true 33 | action :create 34 | end 35 | 36 | windows_package node['ntp']['vs_runtime_productname'] do 37 | source node['ntp']['vs_runtime_url'] 38 | options '/q' 39 | installer_type :custom 40 | action :install 41 | only_if { node['kernel']['release'].to_f < 6 } 42 | end 43 | 44 | unless File.exists?('C:/NTP/bin/ntpd.exe') 45 | remote_file "#{Chef::Config[:file_cache_path]}/ntpd.exe" do 46 | source node['ntp']['package_url'] 47 | end 48 | 49 | execute 'ntpd_install' do 50 | command "#{Chef::Config[:file_cache_path]}\\ntpd.exe /USEFILE=C:\\NTP\\ntp.ini" 51 | returns [0, 2] 52 | end 53 | end 54 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | require 'chefspec' 2 | require 'berkshelf' 3 | 4 | Berkshelf.ui.mute do 5 | Berkshelf::Berksfile.from_file('Berksfile').install(path: 'vendor/cookbooks/') 6 | end 7 | 8 | RSpec.configure do |c| 9 | c.after(:suite) do 10 | # Berks will infinitely nest vendor/cookbooks/ntp on each rspec run 11 | # https://github.com/RiotGames/berkshelf/issues/828 12 | FileUtils.rm_rf('vendor/') 13 | end 14 | end 15 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/spec/unit/recipes/apparmor_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'ntp::apparmor' do 4 | let(:chef_run) { ChefSpec::ChefRunner.new.converge('recipe[ntp::apparmor]') } 5 | 6 | it 'creates the apparmor file' do 7 | expect(chef_run).to create_cookbook_file '/etc/apparmor.d/usr.sbin.ntpd' 8 | file = chef_run.cookbook_file('/etc/apparmor.d/usr.sbin.ntpd') 9 | expect(file).to be_owned_by('root', 'root') 10 | end 11 | 12 | it 'restarts the apparmor service' do 13 | chef_run.cookbook_file('/etc/apparmor.d/usr.sbin.ntpd').should notify('service[apparmor]', :restart) 14 | end 15 | 16 | end 17 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/spec/unit/recipes/undo_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'ntp::undo' do 4 | let(:chef_run) { ChefSpec::ChefRunner.new.converge('ntp::undo') } 5 | 6 | it 'stops the ntpd service' do 7 | expect(chef_run).to stop_service('ntpd') 8 | end 9 | 10 | it 'sets the ntpd service not to start on boot' do 11 | expect(chef_run).to set_service_to_not_start_on_boot('ntpd') 12 | end 13 | 14 | it 'uninstalls the ntp package' do 15 | expect(chef_run).to remove_package('ntp') 16 | end 17 | 18 | it 'uninstalls the ntpdate package' do 19 | expect(chef_run).to remove_package('ntpdate') 20 | end 21 | end 22 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/spec/unit/recipes/windows_client_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'ntp::windows_client' do 4 | let(:chef_run) { ChefSpec::ChefRunner.new(platform: 'windows', version: '2008R2').converge('ntp::windows_client') } 5 | 6 | it 'creates the c:/NTP/etc directory' do 7 | pending('ChefSpec does not yet understand the inherits attribute in directory resources') 8 | expect(chef_run).to create_directory('C:/NTP/etc') 9 | end 10 | 11 | it 'creates the c:/NTP/ntp.ini file' do 12 | pending('ChefSpec does not yet understand the inherits attribute in cookbook_file resources') 13 | expect(chef_run).to create_file('C:/NTP/ntp.ini') 14 | end 15 | 16 | it 'Fetches the ntpd.exe via remote_file' do 17 | pending('ChefSpec does not yet understand the inherits attribute in cookbook_file resources') 18 | expect(chef_run).to create_remote_file("#{Chef::Config[:file_cache_path]}/ntpd.exe") 19 | end 20 | 21 | it 'Executes the ntpd installer' do 22 | pending('ChefSpec does not yet understand the inherits attribute in cookbook_file resources') 23 | expect(chef_run).to execute_command("#{Chef::Config[:file_cache_path]}\\ntpd.exe /USEFILE=C:\\NTP\\ntp.ini") 24 | end 25 | end 26 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/templates/default/ntp.conf.erb: -------------------------------------------------------------------------------- 1 | # Generated by Chef for <%= node['fqdn'] %> 2 | # Local modifications will be overwritten. 3 | <%# Windows OHAI does not support determining if a host is a guest %> 4 | <% unless node['platform'] == 'windows' -%> 5 | <%# See http://www.vmware.com/vmtn/resources/238 p. 23 for explanation %> 6 | <% if node['virtualization'] and node['virtualization']['role'] == 'guest' -%> 7 | <% -%>tinker panic 0 8 | <% end -%> 9 | <%-%>statsdir <%= node['ntp']['statsdir'] %> 10 | <% if @ntpd_supports_native_leapfiles -%> 11 | <%-%>leapfile <%= node['ntp']['leapfile'] %> 12 | <% end -%> 13 | <% end -%> 14 | driftfile <%= node['ntp']['driftfile'] %> 15 | 16 | statistics loopstats peerstats clockstats 17 | filegen loopstats file loopstats type day enable 18 | filegen peerstats file peerstats type day enable 19 | filegen clockstats file clockstats type day enable 20 | 21 | <%# If the listen attribute is set on the node, then apply it %> 22 | <% unless node['ntp']['listen'].nil? -%> 23 | interface listen <%= node['ntp']['listen'] %> 24 | <%# The service must always listen on localhost %> 25 | <% if node['ntp']['listen'] != "127.0.0.1" -%> 26 | interface listen 127.0.0.1 27 | <% end -%> 28 | <% end -%> 29 | 30 | <% if node['ntp']['monitor'] -%> 31 | enable monitor 32 | <% else -%> 33 | disable monitor 34 | <% end -%> 35 | 36 | <%# If ntp.peers is not empty %> 37 | <% unless node['ntp']['peers'].empty? -%> 38 | <% node['ntp']['peers'].each do |ntppeer| -%> 39 | <%# Don't peer with ourself %> 40 | <% if node['ipaddress'] != ntppeer && node['fqdn'] != ntppeer -%> 41 | <% -%>peer <%= ntppeer %> iburst 42 | <% -%>restrict <%= ntppeer %> nomodify 43 | <% end -%> 44 | <% end -%> 45 | <% end -%> 46 | 47 | <%# Whether this is a client or server, we want upstream servers. %> 48 | <%# We should guard the servers array against deep merge. %> 49 | <%# This should keep authoritative local servers from being included twice. %> 50 | <% ( node['ntp']['servers'] - node['ntp']['peers'] ).each do |ntpserver| -%> 51 | <%# Loop through defined servers, but don't try to upstream ourself %> 52 | <% if node['ipaddress'] != ntpserver and node['fqdn'] != ntpserver -%> 53 | <% -%>server <%= ntpserver %> iburst 54 | <% -%>restrict <%= ntpserver %> nomodify notrap noquery 55 | <% end -%> 56 | <% end -%> 57 | 58 | restrict default kod notrap nomodify nopeer noquery 59 | restrict 127.0.0.1 nomodify 60 | restrict -6 default kod notrap nomodify nopeer noquery 61 | restrict -6 ::1 nomodify 62 | 63 | <%# If this is a server with additional LAN restriction lines, put them here %> 64 | <% unless node['ntp']['restrictions'].empty? -%> 65 | <% node['ntp']['restrictions'].each do |restriction| -%> 66 | <% -%>restrict <%= restriction %> 67 | <% end -%> 68 | <% end -%> 69 | 70 | <%# It is best practice to use a high stratum undisciplined clock, if you have a real CMOS clock %> 71 | <%# Except cases where you have a low stratum server, or a virtualized system without a real CMOS clock %> 72 | <% unless node['platform'] == 'windows' -%> 73 | <% if not node['virtualization'] or node['virtualization']['role'] != 'guest' -%> 74 | <% -%>server 127.127.1.0 # local clock 75 | <% -%>fudge 127.127.1.0 stratum 10 76 | <% end -%> 77 | <% end -%> 78 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/test/integration/default/bats/verify_installed.bats: -------------------------------------------------------------------------------- 1 | @test 'ntp is up and running' { 2 | pgrep ntp 3 | } 4 | 5 | @test 'ntp.conf contains correct servers' { 6 | grep 0.pool.ntp.org /etc/ntp.conf 7 | } 8 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/ntp/test/integration/undo/bats/verify_not_installed.bats: -------------------------------------------------------------------------------- 1 | @test 'ntp is not running' { 2 | run pgrep ntp 3 | [ "$status" -eq 1 ] 4 | } 5 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/runit/attributes/default.rb: -------------------------------------------------------------------------------- 1 | default[:runit][:sv_bin] = "/opt/graylog/embedded/bin/sv" 2 | default[:runit][:chpst_bin] = "/opt/graylog/embedded/bin/chpst" 3 | default[:runit][:service_dir] = "/opt/graylog/service" 4 | default[:runit][:sv_dir] = "/opt/graylog/sv" 5 | default[:runit][:sv_loggelfd_version] = "0.2.1" 6 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/runit/files/default/graylog-runsvdir.conf: -------------------------------------------------------------------------------- 1 | start on runlevel [2345] 2 | stop on shutdown 3 | respawn 4 | post-stop script 5 | # To avoid stomping on runsv's owned by a different runsvdir 6 | # process, kill any runsv process that has been orphaned, and is 7 | # now owned by init (process 1). 8 | pkill -HUP -P 1 runsv$ 9 | end script 10 | exec /opt/graylog/embedded/bin/runsvdir-start 11 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/runit/files/default/graylog-runsvdir.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Graylog Runit supervision process 3 | 4 | [Service] 5 | ExecStart=/opt/graylog/embedded/bin/runsvdir-start 6 | Restart=always 7 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/runit/files/default/svloggelfd-0.2.1.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Graylog2/omnibus-graylog2/b31c35d35267450a748023e064790730cbef3595/files/graylog-cookbooks/runit/files/default/svloggelfd-0.2.1.tar.gz -------------------------------------------------------------------------------- /files/graylog-cookbooks/runit/metadata.rb: -------------------------------------------------------------------------------- 1 | name "runit" 2 | maintainer "Opscode, Inc." 3 | maintainer_email "cookbooks@opscode.com" 4 | license "Apache 2.0" 5 | description "Installs runit and provides runit_service definition" 6 | version "0.14.2" 7 | 8 | recipe "runit", "Installs and configures runit" 9 | 10 | %w{ ubuntu debian gentoo }.each do |os| 11 | supports os 12 | end 13 | 14 | attribute "runit", 15 | :display_name => "Runit", 16 | :description => "Hash of runit attributes", 17 | :type => "hash" 18 | 19 | attribute "runit/sv_bin", 20 | :display_name => "Runit sv bin", 21 | :description => "Location of the sv binary", 22 | :default => "/usr/bin/sv" 23 | 24 | attribute "runit/chpst_bin", 25 | :display_name => "Runit chpst bin", 26 | :description => "Location of the chpst binary", 27 | :default => "/usr/bin/chpst" 28 | 29 | attribute "runit/service_dir", 30 | :display_name => "Runit service directory", 31 | :description => "Symlinks to services managed under runit", 32 | :default => "/etc/service" 33 | 34 | attribute "runit/sv_dir", 35 | :display_name => "Runit sv directory", 36 | :description => "Location of services managed by runit", 37 | :default => "/etc/sv" 38 | 39 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/runit/recipes/default.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: runit 3 | # Recipe:: default 4 | # 5 | # Copyright 2008-2010, Opscode, Inc. 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | case node["platform_family"] 21 | when "debian" 22 | case node["platform"] 23 | when "debian" 24 | include_recipe "runit::sysvinit" 25 | else 26 | include_recipe "runit::upstart" 27 | end 28 | when "rhel" 29 | case node["platform"] 30 | when "amazon", "xenserver" 31 | # TODO: platform_version check for old distro without upstart 32 | include_recipe "runit::upstart" 33 | else 34 | if node['platform_version'] =~ /^5/ 35 | include_recipe "runit::sysvinit" 36 | elsif node['platform_version'] =~ /^6/ 37 | include_recipe "runit::upstart" 38 | elsif node['platform_version'] =~ /^7/ 39 | include_recipe "runit::systemd" 40 | end 41 | end 42 | when "fedora" 43 | # TODO: platform_version check for old distro without upstart 44 | include_recipe "runit::upstart" 45 | else 46 | include_recipe "runit::sysvinit" 47 | end 48 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/runit/recipes/svloggelfd.rb: -------------------------------------------------------------------------------- 1 | cookbook_file File.join(Chef::Config[:file_cache_path], "svloggelfd-#{node[:runit][:sv_loggelfd_version]}.tar.gz") { 2 | source "svloggelfd-#{node[:runit][:sv_loggelfd_version]}.tar.gz" 3 | action :create 4 | } 5 | 6 | execute 'extract svloggelfd' do 7 | command "tar xzvf #{File.join(Chef::Config[:file_cache_path], "svloggelfd-#{node[:runit][:sv_loggelfd_version]}.tar.gz")}" 8 | cwd "/opt/graylog/embedded/bin" 9 | not_if {File.exists?("/opt/graylog/embedded/bin/svloggelfd")} 10 | end 11 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/runit/recipes/systemd.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: runit 3 | # Recipe:: systemd 4 | # 5 | # Copyright 2014 GitLab B.V. 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | link "/etc/systemd/system/default.target.wants/graylog-runsvdir.service" do 21 | to "/opt/graylog/embedded/cookbooks/runit/files/default/graylog-runsvdir.service" 22 | notifies :run, 'execute[systemctl daemon-reload]', :immediately 23 | notifies :run, 'execute[systemctl start graylog-runsvdir]', :immediately 24 | end 25 | 26 | execute "systemctl daemon-reload" do 27 | action :nothing 28 | end 29 | 30 | execute "systemctl start graylog-runsvdir" do 31 | action :nothing 32 | end 33 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/runit/recipes/sysvinit.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: runit 3 | # Recipe:: sysvinit 4 | # 5 | # Copyright 2011, Opscode, Inc. 6 | # Copyright 2014 GitLab.com 7 | # 8 | # Licensed under the Apache License, Version 2.0 (the "License"); 9 | # you may not use this file except in compliance with the License. 10 | # You may obtain a copy of the License at 11 | # 12 | # http://www.apache.org/licenses/LICENSE-2.0 13 | # 14 | # Unless required by applicable law or agreed to in writing, software 15 | # distributed under the License is distributed on an "AS IS" BASIS, 16 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | # See the License for the specific language governing permissions and 18 | # limitations under the License. 19 | # 20 | 21 | # We assume you are sysvinit 22 | svdir_line = 'CS:123456:respawn:/opt/graylog/embedded/bin/runsvdir-start' 23 | execute "echo '#{svdir_line}' >> /etc/inittab" do 24 | not_if "grep '#{svdir_line}' /etc/inittab" 25 | notifies :run, "execute[init q]", :immediately 26 | end 27 | 28 | execute "init q" do 29 | action :nothing 30 | end 31 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/runit/recipes/upstart.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: runit 3 | # Recipe:: default 4 | # 5 | # Copyright 2008-2010, Opscode, Inc. 6 | # Copyright 2014 GitLab.com 7 | # 8 | # Licensed under the Apache License, Version 2.0 (the "License"); 9 | # you may not use this file except in compliance with the License. 10 | # You may obtain a copy of the License at 11 | # 12 | # http://www.apache.org/licenses/LICENSE-2.0 13 | # 14 | # Unless required by applicable law or agreed to in writing, software 15 | # distributed under the License is distributed on an "AS IS" BASIS, 16 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 | # See the License for the specific language governing permissions and 18 | # limitations under the License. 19 | # 20 | 21 | cookbook_file "/etc/init/graylog-runsvdir.conf" do 22 | owner "root" 23 | group "root" 24 | mode "0644" 25 | source "graylog-runsvdir.conf" 26 | end 27 | 28 | # Keep on trying till the job is found :( 29 | execute "initctl status graylog-runsvdir" do 30 | retries 30 31 | end 32 | 33 | # If we are stop/waiting, start 34 | # 35 | # Why, upstart, aren't you idempotent? :( 36 | execute "initctl start graylog-runsvdir" do 37 | only_if "initctl status graylog-runsvdir | grep stop" 38 | retries 30 39 | end 40 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/show-config.json: -------------------------------------------------------------------------------- 1 | { 2 | "run_list": [ "recipe[graylog::show_config]" ] 3 | } 4 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/solo.rb: -------------------------------------------------------------------------------- 1 | CURRENT_PATH = File.expand_path(File.dirname(__FILE__)) 2 | file_cache_path "#{CURRENT_PATH}/cache" 3 | cookbook_path CURRENT_PATH 4 | verbose_logging false 5 | ssl_verify_mode :verify_peer 6 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/timezone-ii/.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | Berksfile.lock 3 | *~ 4 | *# 5 | .#* 6 | \#*# 7 | .*.sw[a-z] 8 | *.un~ 9 | /cookbooks 10 | 11 | # Bundler 12 | Gemfile.lock 13 | bin/* 14 | .bundle/* 15 | 16 | .kitchen/ 17 | .kitchen.local.yml 18 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/timezone-ii/.kitchen.yml: -------------------------------------------------------------------------------- 1 | --- 2 | driver_plugin: vagrant 3 | driver_config: 4 | require_chef_omnibus: true 5 | 6 | platforms: 7 | - name: ubuntu-12.04 8 | driver_config: 9 | box: opscode-ubuntu-12.04 10 | box_url: https://opscode-vm.s3.amazonaws.com/vagrant/opscode_ubuntu-12.04_provisionerless.box 11 | - name: ubuntu-10.04 12 | driver_config: 13 | box: opscode-ubuntu-10.04 14 | box_url: https://opscode-vm.s3.amazonaws.com/vagrant/opscode_ubuntu-10.04_provisionerless.box 15 | - name: centos-6.4 16 | driver_config: 17 | box: opscode-centos-6.4 18 | box_url: https://opscode-vm.s3.amazonaws.com/vagrant/opscode_centos-6.4_provisionerless.box 19 | - name: centos-5.9 20 | driver_config: 21 | box: opscode-centos-5.9 22 | box_url: https://opscode-vm.s3.amazonaws.com/vagrant/opscode_centos-5.9_provisionerless.box 23 | 24 | suites: 25 | - name: default 26 | run_list: ["recipe[minitest-handler]", "recipe[timezone-ii]"] 27 | attributes: {} 28 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/timezone-ii/.ruby-gemset: -------------------------------------------------------------------------------- 1 | chefdev 2 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/timezone-ii/.ruby-version: -------------------------------------------------------------------------------- 1 | ruby-1.9.3-p448 2 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/timezone-ii/Berksfile: -------------------------------------------------------------------------------- 1 | site :opscode 2 | 3 | metadata 4 | 5 | cookbook 'minitest-handler' 6 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/timezone-ii/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # CHANGELOG for timezone-ii 2 | 3 | This file is used to list changes made in each version of timezone-ii. 4 | 5 | ## Work in progress: 6 | 7 | * Added experimental support for PLD (https://www.pld-linux.org; thanks to Elan 8 | Ruusamäe) 9 | * Added support for RHEL/CentOS (thanks to "fraD00r4") 10 | * Complete refresh of test-kitchen setup, including use of Berkshelf (thanks to 11 | Mike Conigliaro) 12 | 13 | ## 0.2.0: 14 | 15 | * Initial release of timezone-ii (as forked from timezone) 16 | * Added support for Fedora 17 | * Configurable paths for localtime data and tzdata tree (just in case someone 18 | wants them...) 19 | * For generic Linux timezone setting, a choice of copying or symlinking timezone 20 | data to localtime (copying is the default, to avoid surprises) 21 | 22 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/timezone-ii/Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'berkshelf' 4 | gem 'test-kitchen', '~> 1.0.0.beta', :group => :integration 5 | gem 'kitchen-vagrant', :group => :integration 6 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/timezone-ii/README.md: -------------------------------------------------------------------------------- 1 | Timezone II 2 | =========== 3 | 4 | The Timezone II cookbook contains recipes for installing the latest tzdata 5 | (a.k.a. IANA or Olson) timezone database and setting the timezone on your 6 | system. It is a fork of the [timezone cookbook by James 7 | Harton.](http://community.opscode.com/cookbooks/timezone) 8 | 9 | Requirements 10 | ------------ 11 | 12 | This cookbook is known to work with: 13 | 14 | * Amazon Linux 15 | * CentOS and RHEL 16 | * Debian 17 | * Fedora 18 | * Gentoo 19 | * PLD Linux 20 | * Ubuntu 21 | 22 | It _should_ work with any OS that uses the IANA/Olson timezone database and 23 | stores local timezone data in /etc/localtime (the only OS I know of that does 24 | _not_ do this is MS Windows). However, some OSs not mentioned above have their 25 | own system utility for setting the timezone, and this may overwrite the changes 26 | made by this cookbook. 27 | 28 | Attributes 29 | ---------- 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 49 | 50 | 51 | 52 | 53 | 54 | 56 | 57 | 58 | 59 | 60 | 61 | 63 | 64 | 65 |
KeyTypeDescriptionDefault
['tz']Stringthe timezone name as defined in tzdataUTC
['timezone']['tzdata_dir']Stringthe path to the root of the tzdata files; the default value is for 48 | most known distributions of Linux/usr/share/zoneinfo
['timezone']['localtime_path']Stringthe path to the file used by the kernel to read the local timezone's 55 | settings; the default works for Linux and other *ix variants/etc/localtime
['timezone']['use_symlink']Booleanwhether to use a symlink into the tzdata tree rather than make a copy 62 | of the appropriate timezone data file (linux-generic recipe only)false
66 | 67 | Usage 68 | ----- 69 | 70 | Set the "tz" attribute to your desired timezone and include the "timezone-ii" 71 | recipe in your node's run list: 72 | 73 | { 74 | "name": "my_node", 75 | "tz": "Africa/Timbuktu", 76 | "run_list": [ 77 | "recipe[timezone-ii]" 78 | ] 79 | } 80 | 81 | ### timezone-ii::default 82 | 83 | The default recipe will first install or upgrade the IANA/Olson 84 | timezone database package for your OS (`timezone-data` on Gentoo, `tzdata` on 85 | all others). Then it will call one of the recipes below according to your 86 | node's platform. 87 | 88 | ### timezone-ii::debian 89 | 90 | This changes the timezone on Debian and Debian-derived systems by: 91 | 92 | 1. writing the value of `tz` to `/etc/timezone`, then 93 | 2. calling `dpkg-reconfigure tzdata`. 94 | 95 | Only the `tz` attribute is used; all others are ignored. 96 | 97 | ### timezone-ii::fedora 98 | 99 | This changes the timezone on Fedora by calling `timedatectl set-timezone` with 100 | the value of `tz`. 101 | 102 | Only the `tz` attribute is used; all others are ignored. 103 | 104 | ### timezone-ii::linux-generic 105 | 106 | This changes the time on all OSs without a more specific recipe. It assumes that 107 | the kernel gets data on the local timezone from `/etc/localtime`. (This is true 108 | for FreeBSD as well as Linux, so "linux-generic" is a bit of a misnomer.) 109 | 110 | What this recipe does: 111 | 112 | 1. verifies that the value of `tz` corresponds with a timezone data file under 113 | the directory specified in `timezone.tzdata_dir` (default: 114 | `/usr/share/zoneinfo`), then 115 | 2. creates a copy of or symbolic link to that data file in the path specified in 116 | `timezone.localtime_path` (default: `/etc/localtime`). 117 | 118 | The truthiness of `timezone.use_symlink` (default: `false`) determines whether a 119 | symlink or a copy is made. 120 | 121 | ### timezone-ii::pld 122 | 123 | This changes the timezone on PLD Linux. It writes the appropriate timezone 124 | configuration file, making use of the `tz` and `timezone.tz_datadir` attributes. 125 | Other attributes are ignored. 126 | 127 | ### timezone-ii::rhel 128 | 129 | This changes the timezone on RedHat Enterprise Linux (RHEL) and CentOS. It 130 | updates the `/etc/sysconfig/clock` file with the value of the `tz` attribute, 131 | then calls `tzdata-update` to change the timezone. All node attributes other 132 | than `tz` are ignored. 133 | 134 | Contributing 135 | ------------ 136 | 1. Fork the [repository on GitHub](https://github.com/L2G/timezone-ii) 137 | 2. Create a named feature branch (like `add_component_x`) 138 | 3. Write your change 139 | 4. If at all possible, write test-kitchen tests for your change and ensure they 140 | all pass 141 | 5. Submit a pull request using GitHub 142 | 143 | Acknowledgements 144 | ---------------- 145 | 146 | Thanks to: 147 | 148 | * James Harton, for launching the timezone cookbook 149 | * Elan Ruusamäe, for PLD support 150 | * Mike Conigliaro, for bringing testing up to date 151 | * "fraD00r4", for RHEL/CentOS support 152 | 153 | 154 | License and Authors 155 | ------------------- 156 | 157 | Copyright © 2010 James Harton 158 | Copyright © 2013 Lawrence Leonard Gilbert 159 | Copyright © 2013 Elan Ruusamäe 160 | Copyright © 2013 fraD00r4 161 | 162 | Licensed under the Apache License, Version 2.0 (the "License"); you may not use 163 | this file except in compliance with the License. You may obtain a copy of the 164 | License at 165 | 166 | http://www.apache.org/licenses/LICENSE-2.0 167 | 168 | Unless required by applicable law or agreed to in writing, software distributed 169 | under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 170 | CONDITIONS OF ANY KIND, either express or implied. See the License for the 171 | specific language governing permissions and limitations under the License. 172 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/timezone-ii/Thorfile: -------------------------------------------------------------------------------- 1 | # encoding: utf-8 2 | 3 | require 'bundler' 4 | require 'bundler/setup' 5 | require 'berkshelf/thor' 6 | 7 | begin 8 | require 'kitchen/thor_tasks' 9 | Kitchen::ThorTasks.new 10 | rescue LoadError 11 | puts ">>>>> Kitchen gem not loaded, omitting tasks" unless ENV['CI'] 12 | end 13 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/timezone-ii/Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | Vagrant.configure("2") do |config| 5 | # All Vagrant configuration is done here. The most common configuration 6 | # options are documented and commented below. For a complete reference, 7 | # please see the online documentation at vagrantup.com. 8 | 9 | config.vm.hostname = "timezone-ii-berkshelf" 10 | 11 | # Every Vagrant virtual environment requires a box to build off of. 12 | config.vm.box = "Berkshelf-CentOS-6.3-x86_64-minimal" 13 | 14 | # The url from where the 'config.vm.box' box will be fetched if it 15 | # doesn't already exist on the user's system. 16 | config.vm.box_url = "https://dl.dropbox.com/u/31081437/Berkshelf-CentOS-6.3-x86_64-minimal.box" 17 | 18 | # Assign this VM to a host-only network IP, allowing you to access it 19 | # via the IP. Host-only networks can talk to the host machine as well as 20 | # any other machines on the same network, but cannot be accessed (through this 21 | # network interface) by any external networks. 22 | config.vm.network :private_network, ip: "33.33.33.10" 23 | 24 | # Create a public network, which generally matched to bridged network. 25 | # Bridged networks make the machine appear as another physical device on 26 | # your network. 27 | 28 | # config.vm.network :public_network 29 | 30 | # Create a forwarded port mapping which allows access to a specific port 31 | # within the machine from a port on the host machine. In the example below, 32 | # accessing "localhost:8080" will access port 80 on the guest machine. 33 | 34 | # Share an additional folder to the guest VM. The first argument is 35 | # the path on the host to the actual folder. The second argument is 36 | # the path on the guest to mount the folder. And the optional third 37 | # argument is a set of non-required options. 38 | # config.vm.synced_folder "../data", "/vagrant_data" 39 | 40 | # Provider-specific configuration so you can fine-tune various 41 | # backing providers for Vagrant. These expose provider-specific options. 42 | # Example for VirtualBox: 43 | # 44 | # config.vm.provider :virtualbox do |vb| 45 | # # Don't boot with headless mode 46 | # vb.gui = true 47 | # 48 | # # Use VBoxManage to customize the VM. For example to change memory: 49 | # vb.customize ["modifyvm", :id, "--memory", "1024"] 50 | # end 51 | # 52 | # View the documentation for the provider you're using for more 53 | # information on available options. 54 | 55 | config.ssh.max_tries = 40 56 | config.ssh.timeout = 120 57 | 58 | # The path to the Berksfile to use with Vagrant Berkshelf 59 | # config.berkshelf.berksfile_path = "./Berksfile" 60 | 61 | # Enabling the Berkshelf plugin. To enable this globally, add this configuration 62 | # option to your ~/.vagrant.d/Vagrantfile file 63 | config.berkshelf.enabled = true 64 | 65 | # An array of symbols representing groups of cookbook described in the Vagrantfile 66 | # to exclusively install and copy to Vagrant's shelf. 67 | # config.berkshelf.only = [] 68 | 69 | # An array of symbols representing groups of cookbook described in the Vagrantfile 70 | # to skip installing and copying to Vagrant's shelf. 71 | # config.berkshelf.except = [] 72 | 73 | config.vm.provision :chef_solo do |chef| 74 | chef.json = { 75 | :mysql => { 76 | :server_root_password => 'rootpass', 77 | :server_debian_password => 'debpass', 78 | :server_repl_password => 'replpass' 79 | } 80 | } 81 | 82 | chef.run_list = [ 83 | "recipe[timezone-ii::default]" 84 | ] 85 | end 86 | end 87 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/timezone-ii/attributes/default.rb: -------------------------------------------------------------------------------- 1 | default.tz = 'UTC' 2 | 3 | # Path to tzdata directory 4 | default.timezone.tzdata_dir = '/usr/share/zoneinfo' 5 | 6 | # Path to file used by kernel for local timezone's data 7 | default.timezone.localtime_path = '/etc/localtime' 8 | 9 | # Whether to use a symlink to tzdata (instead of copying). 10 | # Used only in the linux-default recipe. 11 | default.timezone.use_symlink = false 12 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/timezone-ii/chefignore: -------------------------------------------------------------------------------- 1 | # Put files/directories that should be ignored in this file when uploading 2 | # or sharing to the community site. 3 | # Lines that start with '# ' are comments. 4 | 5 | # OS generated files # 6 | ###################### 7 | .DS_Store 8 | Icon? 9 | nohup.out 10 | ehthumbs.db 11 | Thumbs.db 12 | 13 | # SASS # 14 | ######## 15 | .sass-cache 16 | 17 | # EDITORS # 18 | ########### 19 | \#* 20 | .#* 21 | *~ 22 | *.sw[a-z] 23 | *.bak 24 | REVISION 25 | TAGS* 26 | tmtags 27 | *_flymake.* 28 | *_flymake 29 | *.tmproj 30 | .project 31 | .settings 32 | mkmf.log 33 | 34 | ## COMPILED ## 35 | ############## 36 | a.out 37 | *.o 38 | *.pyc 39 | *.so 40 | *.com 41 | *.class 42 | *.dll 43 | *.exe 44 | */rdoc/ 45 | 46 | # Testing # 47 | ########### 48 | .watchr 49 | .rspec 50 | spec/* 51 | spec/fixtures/* 52 | test/* 53 | features/* 54 | Guardfile 55 | Procfile 56 | 57 | # SCM # 58 | ####### 59 | .git 60 | */.git 61 | .gitignore 62 | .gitmodules 63 | .gitconfig 64 | .gitattributes 65 | .svn 66 | */.bzr/* 67 | */.hg/* 68 | */.svn/* 69 | 70 | # Berkshelf # 71 | ############# 72 | Berksfile 73 | Berksfile.lock 74 | cookbooks/* 75 | tmp 76 | 77 | # Cookbooks # 78 | ############# 79 | CONTRIBUTING 80 | CHANGELOG* 81 | 82 | # Strainer # 83 | ############ 84 | Colanderfile 85 | Strainerfile 86 | .colander 87 | .strainer 88 | 89 | # Vagrant # 90 | ########### 91 | .vagrant 92 | Vagrantfile 93 | 94 | # Travis # 95 | ########## 96 | .travis.yml 97 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/timezone-ii/files/default/tests/minitest/default_test.rb: -------------------------------------------------------------------------------- 1 | require 'minitest/spec' 2 | 3 | class TimezoneIiSpec < MiniTest::Chef::Spec 4 | 5 | describe_recipe 'timezone-ii::default' do 6 | 7 | it 'updates the timezone' do 8 | IO.read('/etc/localtime').must_equal IO.read("/usr/share/zoneinfo/#{node[:tz]}") 9 | end 10 | 11 | end 12 | 13 | end 14 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/timezone-ii/metadata.rb: -------------------------------------------------------------------------------- 1 | name "timezone-ii" 2 | maintainer "Lawrence Leonard Gilbert" 3 | maintainer_email "larry@L2G.to" 4 | license "Apache 2.0" 5 | description "Configure the system timezone on Linux systems" 6 | version "0.2.0" 7 | 8 | replaces "timezone" 9 | 10 | # These are platform versions where this cookbook has been tested at some point 11 | # in time 12 | supports "amazon" 13 | supports "centos" 14 | supports "debian" 15 | supports "fedora" 16 | supports "gentoo" 17 | supports "ubuntu" 18 | supports "pld" 19 | supports "rhel" 20 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/timezone-ii/recipes/debian.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: timezone-ii 3 | # Recipe:: debian 4 | # 5 | # Copyright 2010, James Harton 6 | # Copyright 2013, Lawrence Leonard Gilbert 7 | # 8 | # Apache 2.0 License. 9 | # 10 | 11 | # Set timezone for Debian family: Put the timezone string in plain text in 12 | # /etc/timezone and then re-run the tzdata configuration to pick it up. 13 | 14 | template "/etc/timezone" do 15 | source "timezone.conf.erb" 16 | owner 'root' 17 | group 'root' 18 | mode 0644 19 | notifies :run, 'bash[dpkg-reconfigure tzdata]' 20 | end 21 | 22 | bash 'dpkg-reconfigure tzdata' do 23 | user 'root' 24 | code "/usr/sbin/dpkg-reconfigure -f noninteractive tzdata" 25 | action :nothing 26 | end 27 | 28 | # vim:ts=2:sw=2: 29 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/timezone-ii/recipes/default.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: timezone-ii 3 | # Recipe:: default 4 | # 5 | # Copyright 2010, James Harton 6 | # Copyright 2013, Lawrence Leonard Gilbert 7 | # 8 | # Apache 2.0 License. 9 | # 10 | 11 | node.override.tz = Graylog['timezone'] 12 | 13 | # Make sure the tzdata database is installed. (Arthur David Olson, the computer 14 | # timekeeping field is forever in your debt.) 15 | package value_for_platform_family( 16 | 'gentoo' => 'timezone-data', 17 | 'default' => 'tzdata' 18 | ) do 19 | ignore_failure true 20 | end 21 | 22 | case node.platform_family 23 | when 'debian', 'fedora', 'pld', 'rhel' 24 | include_recipe "timezone-ii::#{node.platform_family}" 25 | 26 | else 27 | if node.os == "linux" 28 | # Load the generic Linux recipe if there's no better known way to change the 29 | # timezone. Log a warning (unless this is known to be the best way on a 30 | # particular platform). 31 | message = "Linux platform '#{node.platform}' is unknown to this recipe; " + 32 | "using generic Linux method" 33 | log message do 34 | level :warn 35 | not_if { %w( centos gentoo rhel ).include? node.platform_family } 36 | end 37 | 38 | include_recipe 'timezone-ii::linux-generic' 39 | 40 | else 41 | message = "Don't know how to configure timezone for " + 42 | "'#{node.platform_family}'!" 43 | log message do 44 | level :error 45 | end 46 | 47 | end # if/else node.os 48 | 49 | end # case node.platform_family 50 | 51 | # vim:ts=2:sw=2: 52 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/timezone-ii/recipes/fedora.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: timezone-ii 3 | # Recipe:: fedora 4 | # 5 | # Copyright 2013, Lawrence Leonard Gilbert 6 | # 7 | # Apache 2.0 License. 8 | # 9 | 10 | # Set timezone for Fedora by using its timedatectl utility. 11 | 12 | bash 'timedatectl set-timezone' do 13 | user 'root' 14 | code "/usr/bin/timedatectl --no-ask-password set-timezone #{node.tz}" 15 | end 16 | 17 | # vim:ts=2:sw=2: 18 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/timezone-ii/recipes/linux-generic.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: timezone-ii 3 | # Recipe:: linux-generic 4 | # 5 | # Copyright 2013, Lawrence Leonard Gilbert 6 | # 7 | # Apache 2.0 License. 8 | # 9 | 10 | # Generic timezone-changing method for Linux that should work for any distro 11 | # without a platform-specific method. 12 | 13 | timezone_data_file = File.join(node.timezone.tzdata_dir, node.tz) 14 | localtime_path = node.timezone.localtime_path 15 | 16 | ruby_block "confirm timezone" do 17 | block { 18 | unless File.exist?(timezone_data_file) 19 | raise "Can't find #{timezone_data_file}!" 20 | end 21 | } 22 | end 23 | 24 | if node.timezone.use_symlink 25 | link localtime_path do 26 | to timezone_data_file 27 | owner 'root' 28 | group 'root' 29 | mode 0644 30 | end 31 | 32 | else 33 | file localtime_path do 34 | content File.open(timezone_data_file, 'rb').read 35 | owner 'root' 36 | group 'root' 37 | mode 0644 38 | not_if { 39 | File.symlink?(localtime_path) and 40 | Chef::Log.error "You must remove symbolic link at #{localtime_path}" + 41 | " or set attribute ['timezone']['use_symlink']=true" 42 | } 43 | end 44 | end # if/else node.timezone.use_symlink 45 | 46 | # vim:ts=2:sw=2: 47 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/timezone-ii/recipes/pld.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: timezone-ii 3 | # Recipe:: pld 4 | # 5 | # Copyright 2010, James Harton 6 | # Copyright 2013, Lawrence Leonard Gilbert 7 | # Copyright 2013, Elan Ruusamäe 8 | # 9 | # Apache 2.0 License. 10 | # 11 | 12 | # Set timezone for PLD family: Put the timezone string in plain text in 13 | # /etc/sysconfig/timezone and then re-run the timezone service to pick it up. 14 | 15 | template "/etc/sysconfig/timezone" do 16 | source "timezone.conf.erb" 17 | owner 'root' 18 | group 'root' 19 | mode 0644 20 | notifies :reload, 'service[timezone]' 21 | end 22 | 23 | service 'timezone' do 24 | action :nothing 25 | end 26 | 27 | # vim:ts=2:sw=2:et 28 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/timezone-ii/recipes/rhel.rb: -------------------------------------------------------------------------------- 1 | # 2 | # Cookbook Name:: timezone-ii 3 | # Recipe:: CentOS 6/RHEL 6/ 4 | # 5 | # Copyright 2013, fraD00r4 6 | # 7 | # Apache 2.0 License. 8 | # 9 | 10 | template "/etc/sysconfig/clock" do 11 | source "clock.erb" 12 | owner 'root' 13 | group 'root' 14 | mode 0644 15 | notifies :run, 'bash[tzdata-update]' 16 | end 17 | 18 | bash 'tzdata-update' do 19 | user 'root' 20 | code "/usr/sbin/tzdata-update" 21 | action :nothing 22 | end 23 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/timezone-ii/templates/centos/clock.erb: -------------------------------------------------------------------------------- 1 | ZONE="<%= node[:tz] %>" 2 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/timezone-ii/templates/default/timezone.conf.erb: -------------------------------------------------------------------------------- 1 | <%= node[:tz] %> 2 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/timezone-ii/templates/pld/timezone.conf.erb: -------------------------------------------------------------------------------- 1 | # Time zone information. 2 | 3 | # Directory containing zone information files. 4 | ZONE_INFO_DIR="<%= node['timezone']['tzdata_dir'] %>" 5 | 6 | # Scheme you would like to use in your system. 7 | ZONE_INFO_SCHEME="posix" 8 | 9 | # Name of the time zone for your system. 10 | TIMEZONE="<%= node[:tz] %>" 11 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/timezone-ii/templates/rhel/clock.erb: -------------------------------------------------------------------------------- 1 | ZONE="<%= node[:tz] %>" 2 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/timezone-ii/test/kitchen/Kitchenfile: -------------------------------------------------------------------------------- 1 | cookbook 'timezone-ii' 2 | 3 | platform 'centos' do 4 | version '5.8' do 5 | box 'opscode-centos-5.8' 6 | box_url 'https://opscode-vm.s3.amazonaws.com/vagrant/opscode_centos-5.8_chef-10.18.2.box' 7 | end 8 | version '6.3' do 9 | box 'opscode-centos-6.3' 10 | box_url 'https://opscode-vm.s3.amazonaws.com/vagrant/opscode_centos-6.3_chef-10.18.2.box' 11 | end 12 | end 13 | 14 | platform 'debian' do 15 | version '6.0.6' do 16 | box 'L2G-debian-6.0.6' 17 | box_url '~/work/GitHub/opscode/bento/L2G-debian-6.0.6.box' 18 | end 19 | end 20 | 21 | platform 'ubuntu' do 22 | version '10.04' do 23 | box 'opscode-ubuntu-10.04' 24 | box_url 'https://opscode-vm.s3.amazonaws.com/vagrant/opscode_ubuntu-10.04_chef-10.18.2.box' 25 | end 26 | version '12.04' do 27 | box 'L2G-ubuntu-12.04' 28 | box_url '~/work/GitHub/opscode/bento/L2G-ubuntu-12.04.box' 29 | #box 'opscode-ubuntu-12.04' 30 | #box_url 'https://opscode-vm.s3.amazonaws.com/vagrant/opscode_ubuntu-12.04_chef-10.18.2.box' 31 | end 32 | end 33 | 34 | platform 'pld' do 35 | box 'pld32-latest' 36 | box_url 'ftp://ftp.pld-linux.org/people/glen/vm/pld32.box' 37 | end 38 | 39 | # vim:ft=ruby: 40 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/timezone-ii/test/kitchen/cookbooks/timezone-ii_test/metadata.rb: -------------------------------------------------------------------------------- 1 | name "timezone-ii_test" 2 | maintainer "Lawrence Leonard Gilbert" 3 | maintainer_email "larry@L2G.to" 4 | license "Apache 2.0" 5 | description "Cookbook for kitchen test" 6 | version "0.0.0" 7 | -------------------------------------------------------------------------------- /files/graylog-cookbooks/timezone-ii/test/kitchen/cookbooks/timezone-ii_test/recipes/default.rb: -------------------------------------------------------------------------------- 1 | node.set[:timezone][:use_symlink] = false 2 | node.set[:tz] = 'Africa/Timbuktu' 3 | include_recipe 'timezone-ii' 4 | -------------------------------------------------------------------------------- /files/graylog-ctl-commands/backup_etcd.rb: -------------------------------------------------------------------------------- 1 | add_command 'backup-etcd', 'Backup cluster informations stored in etcd', 2 do |cmd_name| 2 | require 'time' 3 | 4 | backup_dir = "/var/opt/graylog/backup/etcd/#{Time.now.to_i}" 5 | success = system "/opt/graylog/embedded/bin/etcdctl backup --data-dir /var/opt/graylog/data/etcd --backup-dir #{backup_dir}" 6 | if success 7 | puts "Backup created in #{backup_dir}" 8 | else 9 | puts "Backup failed, make sure etcd is running fine. Current database status:" 10 | system "/opt/graylog/embedded/bin/etcdctl cluster-health" 11 | end 12 | end 13 | -------------------------------------------------------------------------------- /files/graylog-ctl-commands/disable_internal_logging.rb: -------------------------------------------------------------------------------- 1 | add_command 'disable-internal-logging', 'Disable sending logs to Graylog', 2 do |cmd_name| 2 | require 'fileutils' 3 | require 'json' 4 | 5 | existing_settings = Hash.new 6 | if File.exists?("/etc/graylog/graylog-settings.json") 7 | existing_settings = JSON.parse(File.read("/etc/graylog/graylog-settings.json")) 8 | else 9 | FileUtils.mkdir_p("/etc/graylog") 10 | end 11 | 12 | existing_settings['internal_logging'] = false 13 | File.open("/etc/graylog/graylog-settings.json","w") do |settings| 14 | settings.write(JSON.pretty_generate(existing_settings)) 15 | end 16 | puts "This needs a full restart of the appliance to activate!" 17 | end 18 | -------------------------------------------------------------------------------- /files/graylog-ctl-commands/enable_all_services.rb: -------------------------------------------------------------------------------- 1 | add_command 'enable-all-services', 'Reset configuration to run all services on this node', 1 do |cmd_name| 2 | require 'fileutils' 3 | require 'json' 4 | 5 | if true 6 | existing_services ||= Hash.new 7 | if File.exists?("/etc/graylog/graylog-services.json") 8 | existing_services = JSON.parse(File.read("/etc/graylog/graylog-services.json")) 9 | else 10 | FileUtils.mkdir_p("/etc/graylog") 11 | existing_services['etcd'] = Hash.new 12 | existing_services['nginx'] = Hash.new 13 | existing_services['mongodb'] = Hash.new 14 | existing_services['elasticsearch'] = Hash.new 15 | existing_services['graylog_server'] = Hash.new 16 | end 17 | 18 | existing_services['etcd']['enabled'] = true 19 | existing_services['nginx']['enabled'] = true 20 | existing_services['mongodb']['enabled'] = true 21 | existing_services['elasticsearch']['enabled'] = true 22 | existing_services['graylog_server']['enabled'] = true 23 | 24 | File.open("/etc/graylog/graylog-services.json","w") do |services| 25 | services.write(JSON.pretty_generate(existing_services)) 26 | end 27 | 28 | else 29 | puts "Usage: #{cmd_name}" 30 | end 31 | end 32 | -------------------------------------------------------------------------------- /files/graylog-ctl-commands/enforce_ssl.rb: -------------------------------------------------------------------------------- 1 | add_command 'enforce-ssl', 'Limit web interface to SSL access', 2 do |cmd_name| 2 | require 'fileutils' 3 | require 'json' 4 | 5 | existing_settings = Hash.new 6 | if File.exists?("/etc/graylog/graylog-settings.json") 7 | existing_settings = JSON.parse(File.read("/etc/graylog/graylog-settings.json")) 8 | else 9 | FileUtils.mkdir_p("/etc/graylog") 10 | end 11 | 12 | existing_settings['enforce_ssl'] = true 13 | File.open("/etc/graylog/graylog-settings.json","w") do |settings| 14 | settings.write(JSON.pretty_generate(existing_settings)) 15 | end 16 | end 17 | -------------------------------------------------------------------------------- /files/graylog-ctl-commands/list_servers.rb: -------------------------------------------------------------------------------- 1 | add_command 'list-servers', 'List all Graylog servers in your cluster', 2 do |cmd_name| 2 | require 'fileutils' 3 | require 'json' 4 | require 'socket' 5 | require 'timeout' 6 | 7 | existing_settings = Hash.new 8 | if File.exists?("/etc/graylog/graylog-settings.json") 9 | existing_settings = JSON.parse(File.read("/etc/graylog/graylog-settings.json")) 10 | else 11 | exit 1; 12 | end 13 | 14 | master = existing_settings['master_node'] 15 | 16 | begin 17 | Timeout::timeout(1) do 18 | begin 19 | socket = TCPSocket.new(master, 4001) 20 | socket.close 21 | rescue Errno::ECONNREFUSED, Errno::EHOSTUNREACH 22 | puts "Can not connect to etcd on given master node. Make sure master is set correctly." 23 | exit 1 24 | end 25 | end 26 | rescue Timeout::Error 27 | puts "Timeout to connect to given master server. Make sure master is reachable." 28 | end 29 | 30 | system "/opt/graylog/embedded/bin/etcdctl -C #{master}:4001 ls /servers" 31 | end 32 | -------------------------------------------------------------------------------- /files/graylog-ctl-commands/local_connect.rb: -------------------------------------------------------------------------------- 1 | add_command 'local-connect', 'Connect services through localhost', 2 do |cmd_name| 2 | require 'fileutils' 3 | require 'json' 4 | 5 | existing_settings = Hash.new 6 | if File.exists?("/etc/graylog/graylog-settings.json") 7 | existing_settings = JSON.parse(File.read("/etc/graylog/graylog-settings.json")) 8 | else 9 | FileUtils.mkdir_p("/etc/graylog") 10 | end 11 | 12 | existing_settings['local_connect'] = true 13 | File.open("/etc/graylog/graylog-settings.json","w") do |settings| 14 | settings.write(JSON.pretty_generate(existing_settings)) 15 | end 16 | end 17 | -------------------------------------------------------------------------------- /files/graylog-ctl-commands/reconfigure_as_backend.rb: -------------------------------------------------------------------------------- 1 | add_command 'reconfigure-as-backend', 'Run Graylog server and Elasticsearch on this node', 1 do |cmd_name| 2 | require 'fileutils' 3 | require 'json' 4 | 5 | if true 6 | existing_services ||= Hash.new 7 | if File.exists?("/etc/graylog/graylog-services.json") 8 | existing_services = JSON.parse(File.read("/etc/graylog/graylog-services.json")) 9 | else 10 | FileUtils.mkdir_p("/etc/graylog") 11 | existing_services['etcd'] = Hash.new 12 | existing_services['nginx'] = Hash.new 13 | existing_services['mongodb'] = Hash.new 14 | existing_services['elasticsearch'] = Hash.new 15 | existing_services['graylog_server'] = Hash.new 16 | end 17 | 18 | existing_services['etcd']['enabled'] = true 19 | existing_services['nginx']['enabled'] = false 20 | existing_services['mongodb']['enabled'] = true 21 | existing_services['elasticsearch']['enabled'] = true 22 | existing_services['graylog_server']['enabled'] = true 23 | 24 | File.open("/etc/graylog/graylog-services.json","w") do |services| 25 | services.write(JSON.pretty_generate(existing_services)) 26 | end 27 | 28 | reconfigure 29 | else 30 | puts "Usage: #{cmd_name}" 31 | end 32 | end 33 | -------------------------------------------------------------------------------- /files/graylog-ctl-commands/reconfigure_as_datanode.rb: -------------------------------------------------------------------------------- 1 | add_command 'reconfigure-as-datanode', 'Run Elasticsearch on this node only', 1 do |cmd_name| 2 | require 'fileutils' 3 | require 'json' 4 | 5 | if true 6 | existing_services ||= Hash.new 7 | if File.exists?("/etc/graylog/graylog-services.json") 8 | existing_services = JSON.parse(File.read("/etc/graylog/graylog-services.json")) 9 | else 10 | FileUtils.mkdir_p("/etc/graylog") 11 | existing_services['etcd'] = Hash.new 12 | existing_services['nginx'] = Hash.new 13 | existing_services['mongodb'] = Hash.new 14 | existing_services['elasticsearch'] = Hash.new 15 | existing_services['graylog_server'] = Hash.new 16 | end 17 | 18 | existing_services['etcd']['enabled'] = false 19 | existing_services['nginx']['enabled'] = false 20 | existing_services['mongodb']['enabled'] = false 21 | existing_services['elasticsearch']['enabled'] = true 22 | existing_services['graylog_server']['enabled'] = false 23 | 24 | File.open("/etc/graylog/graylog-services.json","w") do |services| 25 | services.write(JSON.pretty_generate(existing_services)) 26 | end 27 | 28 | reconfigure 29 | else 30 | puts "Usage: #{cmd_name}" 31 | end 32 | end 33 | -------------------------------------------------------------------------------- /files/graylog-ctl-commands/reconfigure_as_server.rb: -------------------------------------------------------------------------------- 1 | add_command 'reconfigure-as-server', 'Run Graylog server on this node only', 1 do |cmd_name| 2 | require 'fileutils' 3 | require 'json' 4 | 5 | if true 6 | existing_services ||= Hash.new 7 | if File.exists?("/etc/graylog/graylog-services.json") 8 | existing_services = JSON.parse(File.read("/etc/graylog/graylog-services.json")) 9 | else 10 | FileUtils.mkdir_p("/etc/graylog") 11 | existing_services['etcd'] = Hash.new 12 | existing_services['nginx'] = Hash.new 13 | existing_services['mongodb'] = Hash.new 14 | existing_services['elasticsearch'] = Hash.new 15 | existing_services['graylog_server'] = Hash.new 16 | end 17 | 18 | existing_services['etcd']['enabled'] = true 19 | existing_services['nginx']['enabled'] = true 20 | existing_services['mongodb']['enabled'] = true 21 | existing_services['elasticsearch']['enabled'] = false 22 | existing_services['graylog_server']['enabled'] = true 23 | 24 | File.open("/etc/graylog/graylog-services.json","w") do |services| 25 | services.write(JSON.pretty_generate(existing_services)) 26 | end 27 | 28 | reconfigure 29 | else 30 | puts "Usage: #{cmd_name}" 31 | end 32 | end 33 | -------------------------------------------------------------------------------- /files/graylog-ctl-commands/set_admin_password.rb: -------------------------------------------------------------------------------- 1 | add_command 'set-admin-password', 'Override admin password', 2 do |cmd_name, pwd| 2 | require 'fileutils' 3 | require 'json' 4 | require 'digest/sha2' 5 | 6 | if pwd 7 | existing_secrets ||= Hash.new 8 | if File.exists?("/etc/graylog/graylog-secrets.json") 9 | existing_secrets = JSON.parse(File.read("/etc/graylog/graylog-secrets.json")) 10 | else 11 | FileUtils.mkdir_p("/etc/graylog") 12 | existing_secrets['graylog_server'] = Hash.new 13 | end 14 | 15 | existing_secrets['graylog_server']['admin_password'] = Digest::SHA2.new << pwd 16 | File.open("/etc/graylog/graylog-secrets.json","w") do |secrets| 17 | secrets.write(JSON.pretty_generate(existing_secrets)) 18 | end 19 | else 20 | puts "Usage: #{cmd_name} " 21 | end 22 | end 23 | -------------------------------------------------------------------------------- /files/graylog-ctl-commands/set_admin_username.rb: -------------------------------------------------------------------------------- 1 | add_command 'set-admin-username', 'Set username for administrator', 2 do |cmd_name, username| 2 | require 'fileutils' 3 | require 'json' 4 | 5 | if username 6 | existing_secrets ||= Hash.new 7 | if File.exists?("/etc/graylog/graylog-secrets.json") 8 | existing_secrets = JSON.parse(File.read("/etc/graylog/graylog-secrets.json")) 9 | else 10 | FileUtils.mkdir_p("/etc/graylog") 11 | existing_secrets['graylog_server'] = Hash.new 12 | end 13 | 14 | existing_secrets['graylog_server']['admin_username'] = username 15 | File.open("/etc/graylog/graylog-secrets.json","w") do |secrets| 16 | secrets.write(JSON.pretty_generate(existing_secrets)) 17 | end 18 | else 19 | puts "Usage: #{cmd_name} " 20 | end 21 | end 22 | -------------------------------------------------------------------------------- /files/graylog-ctl-commands/set_cluster_master.rb: -------------------------------------------------------------------------------- 1 | add_command 'set-cluster-master', 'Set IP address of your cluster master server', 2 do |cmd_name, master| 2 | require 'fileutils' 3 | require 'json' 4 | require 'socket' 5 | require 'timeout' 6 | 7 | if master 8 | existing_settings = Hash.new 9 | if File.exists?("/etc/graylog/graylog-settings.json") 10 | existing_settings = JSON.parse(File.read("/etc/graylog/graylog-settings.json")) 11 | else 12 | FileUtils.mkdir_p("/etc/graylog") 13 | end 14 | 15 | begin 16 | Timeout::timeout(1) do 17 | begin 18 | socket = TCPSocket.new(master, 4001) 19 | socket.close 20 | rescue Errno::ECONNREFUSED, Errno::EHOSTUNREACH 21 | puts "Can not connect to etcd on given master node. Make sure you configure the master before" 22 | exit 1 23 | end 24 | end 25 | rescue Timeout::Error 26 | puts "Timeout to connect to given master server. Make sure both servers are in the same network" 27 | end 28 | 29 | existing_settings['master_node'] = master 30 | File.open("/etc/graylog/graylog-settings.json","w") do |settings| 31 | settings.write(JSON.pretty_generate(existing_settings)) 32 | end 33 | else 34 | puts "Usage: #{cmd_name} " 35 | end 36 | end 37 | -------------------------------------------------------------------------------- /files/graylog-ctl-commands/set_email_config.rb: -------------------------------------------------------------------------------- 1 | add_command 'set-email-config', 'Setup email configuration', 2 do |cmd_name, server| 2 | require 'optparse' 3 | require 'fileutils' 4 | require 'json' 5 | require 'socket' 6 | require 'uri' 7 | 8 | options = {} 9 | ::OptionParser.new do |opts| 10 | opts.on("--port PORT", Integer, "SMTP server port") do |value| 11 | options[:port] = value 12 | end 13 | opts.on("--user USER", String, "SMTP user name") do |value| 14 | options[:user] = value 15 | end 16 | opts.on("--password PASSWORD", String, "SMTP password") do |value| 17 | options[:password] = value 18 | end 19 | opts.on("--from-email ADDRESS", String, "Email sender address") do |value| 20 | options[:from] = value 21 | end 22 | opts.on("--web-url URL", String, "Web interface URL, used for backlinks") do |value| 23 | options[:web_url] = value 24 | end 25 | opts.on("--no-tls", "Disable TLS") do |value| 26 | options[:tls] = (not value) 27 | end 28 | opts.on("--no-ssl", "Disable SSL") do |value| 29 | options[:ssl] = (not value) 30 | end 31 | end.parse! 32 | 33 | if server 34 | if server.start_with?('-') 35 | puts "Please provide a SMTP server before any options!" 36 | exit 1 37 | end 38 | 39 | existing_settings = Hash.new 40 | if File.exists?("/etc/graylog/graylog-settings.json") 41 | existing_settings = JSON.parse(File.read("/etc/graylog/graylog-settings.json")) 42 | else 43 | FileUtils.mkdir_p("/etc/graylog") 44 | end 45 | 46 | existing_settings['smtp_server'] = server 47 | existing_settings['smtp_port'] = options[:port] || 587 48 | existing_settings['smtp_user'] = options[:user] || "" 49 | existing_settings['smtp_password'] = options[:password] || "" 50 | existing_settings['smtp_no_tls'] = options[:tls] || false 51 | existing_settings['smtp_no_ssl'] = options[:ssl] || false 52 | existing_settings['smtp_from_email'] = options[:from] || "graylog@#{Socket.gethostname}" 53 | existing_settings['smtp_web_url'] = (URI(options[:web_url] || URI::HTTP.build(:host => Socket.gethostname))).to_s 54 | File.open("/etc/graylog/graylog-settings.json","w") do |settings| 55 | settings.write(JSON.pretty_generate(existing_settings)) 56 | end 57 | else 58 | puts "Usage: #{cmd_name} [--port= --user= --password= --from-email= --web-url= --no-tls --no-ssl]" 59 | end 60 | end 61 | -------------------------------------------------------------------------------- /files/graylog-ctl-commands/set_external_ip.rb: -------------------------------------------------------------------------------- 1 | add_command 'set-external-ip', 'Configure IP under which the Graylog API is reachable from your browsers point of view', 2 do |cmd_name, address| 2 | require 'fileutils' 3 | require 'json' 4 | require 'uri' 5 | 6 | if address 7 | existing_settings = Hash.new 8 | if File.exists?("/etc/graylog/graylog-settings.json") 9 | existing_settings = JSON.parse(File.read("/etc/graylog/graylog-settings.json")) 10 | else 11 | FileUtils.mkdir_p("/etc/graylog") 12 | end 13 | 14 | existing_settings['external_rest_uri'] = URI(address).to_s || false 15 | File.open("/etc/graylog/graylog-settings.json","w") do |settings| 16 | settings.write(JSON.pretty_generate(existing_settings)) 17 | end 18 | else 19 | puts "Usage: #{cmd_name} http://:9000/api" 20 | end 21 | end 22 | -------------------------------------------------------------------------------- /files/graylog-ctl-commands/set_listen_address.rb: -------------------------------------------------------------------------------- 1 | add_command 'set-listen-address', 'Set the IP address on which Graylog\'s API/UI is listening on', 2 do |cmd_name| 2 | require 'optparse' 3 | require 'fileutils' 4 | require 'json' 5 | require 'socket' 6 | require 'uri' 7 | 8 | options = {} 9 | ::OptionParser.new do |opts| 10 | opts.on("--service NAME", String, "Service to set web|rest|transport|endpoint") do |value| 11 | options[:service] = value 12 | end 13 | opts.on("--address ADDRESS", String, "Listen URI, like http://127.0.0.1:9000/api") do |value| 14 | options[:address] = value 15 | end 16 | 17 | opts.banner = "Usage: graylog-ctl set-listen-address [options]" 18 | opts.on("-h", "--help", "Displays help") do 19 | puts opts 20 | exit 21 | end 22 | end.parse! 23 | 24 | if options[:service] && options[:address] 25 | existing_settings = Hash.new 26 | if File.exists?("/etc/graylog/graylog-settings.json") 27 | existing_settings = JSON.parse(File.read("/etc/graylog/graylog-settings.json")) 28 | else 29 | FileUtils.mkdir_p("/etc/graylog") 30 | end 31 | 32 | case options[:service] 33 | when "web" 34 | existing_settings['web_listen_uri'] = URI(options[:address]).to_s || false 35 | when "endpoint" 36 | existing_settings['web_endpoint_uri'] = URI(options[:address]).to_s || false 37 | when "rest" 38 | existing_settings['rest_listen_uri'] = URI(options[:address]).to_s || false 39 | when "transport" 40 | existing_settings['rest_transport_uri'] = URI(options[:address]).to_s || false 41 | end 42 | 43 | File.open("/etc/graylog/graylog-settings.json","w") do |settings| 44 | settings.write(JSON.pretty_generate(existing_settings)) 45 | end 46 | else 47 | puts "Usage: #{cmd_name} --service --address " 48 | exit 49 | end 50 | log("Setting the #{options[:service]} listen address to #{options[:address]}") 51 | end 52 | -------------------------------------------------------------------------------- /files/graylog-ctl-commands/set_mongodb_password.rb: -------------------------------------------------------------------------------- 1 | add_command 'set-mongodb-password', 'Set and activate MongoDB password', 2 do |cmd_name| 2 | require 'optparse' 3 | require 'mongo' 4 | require 'fileutils' 5 | require 'json' 6 | 7 | options = OpenStruct.new 8 | options.admin = false 9 | options.graylog = false 10 | cmd = ::OptionParser.new do |opts| 11 | opts.banner = "Usage: #{cmd_name} --username= --password=" 12 | 13 | opts.on("-u", "--username USERNAME", String, "MongoDB username") { |username| options.username = username } 14 | opts.on("-p", "--password PASSWORD", String, "MongoDB password") { |password| options.password = password } 15 | opts.on("-a", "--admin", "User is the DB admin") { |admin| options.admin = admin } 16 | opts.on("-g", "--graylog", "User should be used for Graylog server") { |gl| options.graylog = gl } 17 | 18 | opts.on_tail("-h", "--help", "Show this message") do 19 | puts opts 20 | exit 21 | end 22 | end 23 | cmd.parse! 24 | if !options.username || !options.password 25 | puts cmd.help 26 | exit 27 | end 28 | 29 | existing_secrets ||= Hash.new 30 | if File.exists?("/etc/graylog/graylog-secrets.json") 31 | existing_secrets = JSON.parse(File.read("/etc/graylog/graylog-secrets.json")) 32 | else 33 | FileUtils.mkdir_p("/etc/graylog") 34 | end 35 | 36 | mongodb_secrets = existing_secrets['mongodb_server'] ||= Hash.new 37 | create_or_update_user(options.username, options.password, options.admin, mongodb_secrets) 38 | 39 | mongodb_secrets[options.username] = { :password => options.password, :is_admin_user => options.admin, :is_graylog_user => options.graylog } 40 | existing_secrets['mongodb_server'] = mongodb_secrets 41 | File.open("/etc/graylog/graylog-secrets.json","w") do |secrets| 42 | secrets.write(JSON.pretty_generate(existing_secrets)) 43 | end 44 | end 45 | 46 | def create_or_update_user(name, password, admin, secrets) 47 | auth_user = find_admin_user(secrets) 48 | auth_password = secrets[auth_user]['password'] if auth_user 49 | database = admin == true ? "admin" : "graylog" 50 | roles = admin == true ? [ Mongo::Auth::Roles::ROOT, Mongo::Auth::Roles::DATABASE_ADMIN_ANY_DATABASE ] : 51 | [ Mongo::Auth::Roles::DATABASE_ADMIN, Mongo::Auth::Roles::READ_WRITE ] 52 | 53 | if !auth_user && !admin 54 | puts "No admin user found, create one before setting up unprivileged users!" 55 | end 56 | 57 | if auth_user && name != auth_user && admin 58 | puts "There is already an admin user. Create an unprivileged user for Graylog server" 59 | exit 60 | end 61 | 62 | existing_graylog_user = find_graylog_user(secrets) 63 | if !admin && !existing_graylog_user.nil? && name != existing_graylog_user 64 | puts "There is already a service user for Graylog. Remove it from /etc/graylog/graylog-secrets.json before setting up a new one" 65 | exit 66 | end 67 | if secrets.length == 0 68 | puts "Seems like this is your first MongoDB user. Run 'sudo graylog-ctl reconfigure' to activate database authentication" 69 | end 70 | 71 | client = Mongo::Client.new([ '127.0.0.1:27017' ], :auth_source => 'admin', :user => auth_user, :password => auth_password, :database => database) 72 | db = client.database 73 | 74 | if db.users.info(name).empty? 75 | puts "Creating MongoDB user " + name 76 | db.users.create(name, :password => password, :roles => roles) 77 | else 78 | puts "Updating MongoDB user " + name 79 | db.users.update(name, :password => password, :roles => roles) 80 | end 81 | end 82 | 83 | def find_admin_user(secrets) 84 | secrets.each_key do |user| 85 | if secrets[user]['is_admin_user'] 86 | return user 87 | end 88 | end 89 | return nil 90 | end 91 | 92 | def find_graylog_user(secrets) 93 | secrets.each_key do |user| 94 | if secrets[user]['is_graylog_user'] 95 | return user 96 | end 97 | end 98 | return nil 99 | end 100 | -------------------------------------------------------------------------------- /files/graylog-ctl-commands/set_node_id.rb: -------------------------------------------------------------------------------- 1 | add_command 'set-node-id', 'Set server node ID', 2 do |cmd_name, node_id| 2 | require 'fileutils' 3 | require 'json' 4 | 5 | if node_id 6 | existing_settings = Hash.new 7 | if File.exists?("/etc/graylog/graylog-settings.json") 8 | existing_settings = JSON.parse(File.read("/etc/graylog/graylog-settings.json")) 9 | else 10 | FileUtils.mkdir_p("/etc/graylog") 11 | end 12 | 13 | existing_settings['node_id'] = node_id 14 | File.open("/etc/graylog/graylog-settings.json","w") do |settings| 15 | settings.write(JSON.pretty_generate(existing_settings)) 16 | end 17 | else 18 | puts "Usage: #{cmd_name} " 19 | end 20 | end 21 | -------------------------------------------------------------------------------- /files/graylog-ctl-commands/set_server_secret.rb: -------------------------------------------------------------------------------- 1 | add_command 'set-server-secret', 'Override server secret token', 2 do |cmd_name, token| 2 | require 'fileutils' 3 | require 'json' 4 | 5 | if token 6 | existing_secrets ||= Hash.new 7 | if File.exists?("/etc/graylog/graylog-secrets.json") 8 | existing_secrets = JSON.parse(File.read("/etc/graylog/graylog-secrets.json")) 9 | else 10 | FileUtils.mkdir_p("/etc/graylog") 11 | existing_secrets['graylog_server'] = Hash.new 12 | end 13 | 14 | existing_secrets['graylog_server']['secret_token'] = token 15 | File.open("/etc/graylog/graylog-secrets.json","w") do |secrets| 16 | secrets.write(JSON.pretty_generate(existing_secrets)) 17 | end 18 | else 19 | puts "Usage: #{cmd_name} " 20 | end 21 | end 22 | -------------------------------------------------------------------------------- /files/graylog-ctl-commands/set_timezone.rb: -------------------------------------------------------------------------------- 1 | add_command 'set-timezone', 'Set timezone your server is in', 2 do |cmd_name, timezone| 2 | require 'fileutils' 3 | require 'json' 4 | 5 | if timezone 6 | if not File.exists?(File.join("/usr/share/zoneinfo", timezone)) 7 | puts "Misspelled or invalid timezone, take a look here: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones" 8 | exit 1 9 | end 10 | 11 | existing_settings = Hash.new 12 | if File.exists?("/etc/graylog/graylog-settings.json") 13 | existing_settings = JSON.parse(File.read("/etc/graylog/graylog-settings.json")) 14 | else 15 | FileUtils.mkdir_p("/etc/graylog") 16 | end 17 | 18 | existing_settings['timezone'] = timezone 19 | File.open("/etc/graylog/graylog-settings.json","w") do |settings| 20 | settings.write(JSON.pretty_generate(existing_settings)) 21 | end 22 | else 23 | puts "Usage: #{cmd_name} " 24 | end 25 | end 26 | -------------------------------------------------------------------------------- /files/mac_dmg/Resources/background.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Graylog2/omnibus-graylog2/b31c35d35267450a748023e064790730cbef3595/files/mac_dmg/Resources/background.png -------------------------------------------------------------------------------- /files/mac_dmg/Resources/icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Graylog2/omnibus-graylog2/b31c35d35267450a748023e064790730cbef3595/files/mac_dmg/Resources/icon.png -------------------------------------------------------------------------------- /files/mac_pkg/Resources/background.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Graylog2/omnibus-graylog2/b31c35d35267450a748023e064790730cbef3595/files/mac_pkg/Resources/background.png -------------------------------------------------------------------------------- /files/mac_pkg/Resources/license.html: -------------------------------------------------------------------------------- 1 | All Rights Reserved 2 | -------------------------------------------------------------------------------- /files/mac_pkg/Resources/welcome.html: -------------------------------------------------------------------------------- 1 | This will install Graylog on your Mac. 2 | 3 | -------------------------------------------------- 4 | 5 | This is a basic welcome message that is generated for every Omnibus project. You should customize this message by editing the file at files/mac_pkg/welcome.html. 6 | 7 | If you are not the developer of Graylog, the presence of this message is likely a bug and should be reported to the creator. 8 | 9 | Thank you for choosing Omnibus! Have a fantastic day! 10 | -------------------------------------------------------------------------------- /files/windows_msi/Resources/assets/LICENSE.rtf: -------------------------------------------------------------------------------- 1 | {\rtf1\ansi\ansicpg1252\cocoartf1265\cocoasubrtf190 2 | {\fonttbl\f0\fmodern\fcharset0 CourierNewPSMT;} 3 | {\colortbl;\red255\green255\blue255;} 4 | \vieww12000\viewh15840\viewkind0 5 | \deftab720 6 | \pard\pardeftab720\qc 7 | 8 | \f0\fs20 \cf0 All Rights Reserved.} -------------------------------------------------------------------------------- /files/windows_msi/Resources/assets/banner_background.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Graylog2/omnibus-graylog2/b31c35d35267450a748023e064790730cbef3595/files/windows_msi/Resources/assets/banner_background.bmp -------------------------------------------------------------------------------- /files/windows_msi/Resources/assets/dialog_background.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Graylog2/omnibus-graylog2/b31c35d35267450a748023e064790730cbef3595/files/windows_msi/Resources/assets/dialog_background.bmp -------------------------------------------------------------------------------- /files/windows_msi/Resources/assets/project.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Graylog2/omnibus-graylog2/b31c35d35267450a748023e064790730cbef3595/files/windows_msi/Resources/assets/project.ico -------------------------------------------------------------------------------- /files/windows_msi/Resources/assets/project_16x16.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Graylog2/omnibus-graylog2/b31c35d35267450a748023e064790730cbef3595/files/windows_msi/Resources/assets/project_16x16.ico -------------------------------------------------------------------------------- /files/windows_msi/Resources/assets/project_32x32.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Graylog2/omnibus-graylog2/b31c35d35267450a748023e064790730cbef3595/files/windows_msi/Resources/assets/project_32x32.ico -------------------------------------------------------------------------------- /files/windows_msi/Resources/localization-en-us.wxl.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 1033 5 | <%= project.friendly_name %> 6 | <%= project.maintainer %> 7 | {\WixUI_Font_Bigger}Welcome to the [ProductName] Setup Wizard 8 | 9 | {\WixUI_Font_Title_White}End-User License Agreement 10 | {\WixUI_Font_Normal_White}Please read the following license agreement carefully 11 | 12 | {\WixUI_Font_Title_White}Destination Folder 13 | {\WixUI_Font_Normal_White}Click Next to install to the default folder or click Change to choose another. 14 | 15 | {\WixUI_Font_Title_White}Installing [ProductName] 16 | 17 | {\WixUI_Font_Title_White}Ready to install [ProductName] 18 | 19 | <%= project.friendly_name %> 20 | 21 | -------------------------------------------------------------------------------- /files/windows_msi/Resources/parameters.wxi.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 6 | " ?> 7 | " ?> 8 | 9 | 10 | -------------------------------------------------------------------------------- /files/windows_msi/Resources/source.wxs: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 11 | 13 | 14 | 18 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | -------------------------------------------------------------------------------- /omnibus.rb: -------------------------------------------------------------------------------- 1 | # 2 | # This file is used to configure the Graylog project. It contains 3 | # some minimal configuration examples for working with Omnibus. For a full list 4 | # of configurable options, please see the documentation for +omnibus/config.rb+. 5 | # 6 | 7 | # Build internally 8 | # ------------------------------ 9 | # By default, Omnibus uses system folders (like +/var+ and +/opt+) to build and 10 | # cache components. If you would to build everything internally, you can 11 | # uncomment the following options. This will prevent the need for root 12 | # permissions in most cases. You will also need to update the Graylog 13 | # project configuration to build at +./local/omnibus/build+ instead of 14 | # ++ 15 | # 16 | # Uncomment this line to change the default base directory to "local" 17 | # ------------------------------------------------------------------- 18 | # base_dir './local' 19 | # 20 | # Alternatively you can tune the individual values 21 | # ------------------------------------------------ 22 | # cache_dir './local/omnibus/cache' 23 | # git_cache_dir './local/omnibus/cache/install_path' 24 | # source_dir './local/omnibus/src' 25 | # build_dir './local/omnibus/build' 26 | # package_dir './local/omnibus/pkg' 27 | # package_tmp './local/omnibus/pkg-tmp' 28 | 29 | # Disable git caching 30 | # ------------------------------ 31 | use_git_caching false 32 | 33 | # Enable S3 asset caching 34 | # ------------------------------ 35 | # use_s3_caching true 36 | # s3_access_key ENV['S3_ACCESS_KEY'] 37 | # s3_secret_key ENV['S3_SECRET_KEY'] 38 | # s3_bucket ENV['S3_BUCKET'] 39 | 40 | # Customize compiler bits 41 | # ------------------------------ 42 | # solaris_compiler 'gcc' 43 | build_retries 1 44 | 45 | # Load additional software 46 | # ------------------------------ 47 | software_gems ['omnibus-software'] 48 | # local_software_dirs ['/path/to/local/software'] 49 | 50 | # Don't append timestamp to project version string 51 | append_timestamp false 52 | -------------------------------------------------------------------------------- /package-scripts/graylog/postinst: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Perform necessary graylog setup steps 4 | # after package is installed. 5 | # 6 | 7 | PROGNAME=$(basename $0) 8 | 9 | function error_exit 10 | { 11 | echo "${PROGNAME}: ${1:-"Unknown Error"}" 1>&2 12 | exit 1 13 | } 14 | 15 | ln -sf /opt/graylog/embedded/bin/graylog-ctl /usr/bin || error_exit "Cannot link graylog-ctl in /usr/bin" 16 | 17 | echo -e "By installing this package, you accept the terms of the Oracle Binary Code License Agreement for the Java SE Platform Products and JavaFX, which can be found at http://www.oracle.com/technetwork/java/javase/terms/license/index.html\n" 18 | echo "Thank you for installing Graylog!" 19 | echo "The next step in the install process is to run:" 20 | echo 21 | echo -e "\033[1msudo graylog-ctl reconfigure\033[0m" 22 | 23 | exit 0 24 | -------------------------------------------------------------------------------- /package-scripts/graylog/postrm: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Perform necessary graylog removal steps 4 | # after package is uninstalled. 5 | # 6 | 7 | cleanup_symlinks() { 8 | binaries="graylog-ctl" 9 | for binary in $binaries; do 10 | rm -f /usr/bin/$binary 11 | done 12 | } 13 | 14 | cleanup_data() { 15 | directories="/etc/graylog /var/opt/graylog /opt/graylog" 16 | for directory in $directories; do 17 | rm -rf $directory 18 | done 19 | } 20 | 21 | case "$1" in 22 | # Remove data files on purge 23 | purge) 24 | cleanup_symlinks 25 | cleanup_data 26 | ;; 27 | 28 | remove) 29 | cleanup_symlinks 30 | ;; 31 | 32 | upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) 33 | ;; 34 | 35 | *) 36 | echo "postrm called with unknown argument \`$1'" >&2 37 | exit 1 38 | ;; 39 | esac 40 | 41 | echo "Graylog has been uninstalled!" 42 | 43 | exit 0 44 | -------------------------------------------------------------------------------- /package-scripts/graylog/preinst: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if dpkg-query -W -f='${Version} ${Status}\n' graylog 2>&1 | egrep -q '^1\.[0-3].*installed'; then 4 | echo "This is not a drop-in replacement. Please consult the updating guide!" 5 | exit 1 6 | fi 7 | 8 | echo "You're about to install Graylog!" 9 | -------------------------------------------------------------------------------- /package-scripts/graylog/prerm: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | exit 0 4 | --------------------------------------------------------------------------------