pillar.example

# -*- coding: utf-8 -*-
# vim: ft=yaml
---
# Set firewall status to Active or InActive for the main
# firewall service. If you want to disable the firewall,
# set this to 'InActive' and set the overide firewall
# to Active for the individual applications
firewall:
  firewalld:
    status: 'Active'
    default_zone: 'internal'

# Override host options
# Graylog docs http://docs.graylog.org/en/3.0/
graylog:
  lookup:
    password_secret: '0OckXe4bwAQapvaqbzsugG2DRBRpE3yL5p95O189YUp5a6uKHVS43b0YeHnFcvOPHtXBYDHiXnKbn59TA1TvqwrRWs5mwXpt'
    root_password_sha2: 'b721104e76006bdac228561e6a64451c031cacd0befc5605a825546261e02fdf' #default password is Graylog2
    firewall:
      firewalld:
        status: 'Active'
    package:
      latest_tarball: 'graylog-3.1.4.tgz'                       # Name of the release tar file if install type is tarball
      install_type: 'package'                                   # Install type can be package or tarball    
    {% if grains['os_family'] == 'RedHat' %}
      repo_version: '3.1'
      repo_baseurl: 'https://packages.graylog2.org/repo/el/stable/3.1/$basearch/'
      repo_gpgkey: 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-graylog'
      java_pkg_name: 'java-11-openjdk-headless'
    {% elif grains['os_family'] == 'Debian' %}
      repo_version: '3.1'
      repo_baseurl: 'deb https://packages.graylog2.org/repo/debian/ stable 3.1'
      repo_gpgkey: 'https://packages.graylog2.org/repo/debian/pubkey.gpg'
      java_pkg_name: 'openjdk-11-jdk-headless'
    {% endif %}
    graylog:
    {% if grains['os_family'] == 'RedHat' %}
      startup_overrides_path: '/etc/sysconfig/graylog-server'   # Define default location for startup overrides on RHEL systems
    {% elif grains['os_family'] == 'Debian' %}
      startup_overrides_path: '/etc/default/graylog-server'     # Define default location for startup overrides on Debian systems
    {% endif %}
      restart_service_after_state_change: 'true'
      use_redirection: 'false'                                  # Redirect port 80 to port 9000
      base_dir: '/usr/share'                                    # /usr/share is default for package install
      log4j2_log_path: '/var/log/graylog-server'                # Path for log files
      data_dir: '/var/lib//graylog-server'                      # Path for Graylog data
      input_source: ['192.168.2.0/24']                          # Allow network access for sending hosts
      heap_size: '2g'                                           # Graylog HEAP size default is 1g
      root_timezone: 'America/Chicago'                          # Root users timezone default is UTC
      root_email: 'admin@domain.tld'                            # Root users email
      allow_leading_wildcard_searches: 'true'                   # Use a leading wildcard in searches
      allow_highlighting: 'true'                                # Highlight search term in search results
      trusted_proxies: '127.0.0.1/32, 0:0:0:0:0:0:0:1/128'      # Trusted proxies
      use_addon_plugins: 'false'                                # Manage additional Graylog plugins
      addon_plugins: [
                     ]
      http: 
        bind_address: '{{ grains.ipv4[1] }}:9000'               # HTTP bind address defaults to localhost
        publish_uri: 'http://{{ grains.ipv4[1] }}:9000/'        # URI of Graylog which is used to communicate with other Graylog nodes
        external_uri: 'http://{{ grains.ipv4[1] }}:9000/'       # URI which will be used by Graylog to communicate with the Graylog REST API
        enable_cors: 'true'                                     # Enable CORS
        enable_gzip: 'true'                                     # Enable gzip
        thread_pool_size: '16'                                  # Web thread pool size
      elasticsearch:
        hosts: 'http://127.0.0.1:9200'                          # ES hosts Graylog should connect to
        socket_timeout: '60s'                                   # Response wait from an ES server (default 60s)
        max_total_connections: '200'                            # Total connections to ES cluster (default 20)
        max_total_connections_per_route: '20'                   # Total connections per ES node (default 2)
        shards: '2'                                             # Number of shards to use
        replicas: '0'                                           # Number of replicas to use
        index_prefix: 'graylog'                                 # ES index prefix
        template_name: 'graylog-internal'                       # ES template name
      transport_email:
        enabled: 'false'                                        # Enable/Disable email 
        hostname: 'mail.domain.tld'                             # Email server hostname
        port: '465'                                             # Email server port
        use_auth: 'false'                                       # Email use auth
        use_tls: 'false'                                        # Email use TLS
        use_ssl: 'false'                                        # Email use SSL
        auth_username: 'you@domain.tld'                         # Email auth username 
        auth_password: 'secret'                                 # Email auth password
        subject_prefix: '[graylog]'                             # Email subject prefix
        from_email: 'graylog@domain.tld'                        # Email from address
        web_interface_url: 'http://graylog00.domain.tld'        # Email web interface link
      mongodb:                                                  # MongoDB connection string
        uri: 'mongodb://gluser:password@localhost:27017/graylog'