One of the core components to a Graylog installation in MongoDB. Quite possibly the worst database ever to grace the planet :)

Hopefully, from a Graylog prospective, MongoDB will disappear from the solution soon.

Anyway, from an architecture prospective, we want to use a highly available Graylog deployment aka Graylog HA. Of which, there is little documentation about. So from a technical prospective you’ve got:

• Incoming log traffic load-balancer
• Multiple Graylog servers
• Multiple MongoDB nodes (also Graylog servers)
• Multiple ElasticSearch nodes

In our case, we chose to use:

• A NetScaler to listen on UDP 514 and also host the SSL certificate.
  • The NetScaler will also do a API call against the Graylog servers to verify health.
  • The NetScaler will then pass the traffic to the active Graylog server on the active input thats listening on UDP 5140.
• The two Graylog servers will be part of a MongoDB cluster, and then a third VM will be used as a MongoDB witness server.
• Three servers will be used a ElasticSearch nodes.

From a configuration management prospective, we wanted to leverage Puppet to do the installation of the MongoDB cluster.

The puppet manifests we used are:

• Puppetlabs/Java
• Puppetlabs/MongoDB

class encore_rp::profile::mongopeer {
file {['/data', '/data/db']:
	ensure => 'directory',
	}

#install Java JRE
	class { 'java':
		distribution => 'jre',
	}

class {'::mongodb::client': }

class {'::mongodb::server':
    ensure    => present,
		auth      => false,
		port      => 27018,
		bind_ip   => $::ipaddress,
		replset   => 'graylog',
						  }
mongodb_replset { 'graylog':
    ensure  => present,
		initialize_host => 'node1.domain.local',
		    members => ['node1.domain.local:27018', 'node2.domain.local:27018', 'node3.domain.local:27018']
				  }
mongodb::db { 'graylog':
  user          => 'graylog',
	  password_hash => 'hashed password',
		}

}

Tags: Graylog, HA, linux, MongoDB, Puppet