I am in the same boat as well. I would like to have some clarity about the issues raised by Pete as well. It’s just very difficult to tell what part of the cluster the command is setting up on its own and what you have to do manually.
Any guidance would be appreciated. -Abhijit. From: [email protected] [mailto:[email protected]] On Behalf Of Pete Storey Sent: Thursday, May 07, 2015 9:49 AM To: [email protected] Subject: [graylog2] How to setup an HA graylog cluster Trying to setup a graylog cluster on AWS to use for all my logging, but I'm having trouble getting it to work - surely lots of people have this problem but I can't find any docs/forum posts about it! The documentation has bits that talk about various things, and the graylog-ctl should help a lot, but it clearly misses out all sorts of important areas that need sorting! Can anyone help? What I've got is: graylog-web - a web-interface server graylog-a - a "server", pointed to -b as the "master" graylog-b - a "server" as well - the master, and the original server graylog-data-a - a "datanode" graylog-data-b - a "datanode" Problems are as follows: - There's no apparent way to know what's happening with the elasticsearch cluster, except looking at the /system/indices bit. This is OK so long as it's green, but otherwise how are you to know where a problem lies? It seems for example that if I start data-a before data-b, then they don't connect as a cluster and it goes yellow with 6 shards active and 6 unassigned. Restarting data-a then fixes the problem, but it seems that one of them is a master and needs to start first or something? - It was all working OK with just one server node, but then I added a second node (in this case, graylog-a). This screwed everything up, basically. I simply created a new instance, ran the sudo graylog-ctl set-cluster-master x.y.z command, then reconfigure-as-server, and all should have been well you'd think. I realised that although it configures to talk to mongodb on the master server, mongo isn't actually clustered between the servers, so I think there's still a single point of failure here? I added the relevant port to the firewall and initially all was well, but I assume that if graylog-b (the master) goes down, then the whole thing will. Shouldn't the graylog-ctl command handle setting up mongo as a cluster as well, or is it not that easy? - I then wanted to change the way the indices are setup, so I ran the sudo graylog-ctl set-retention --size=5 --indices=15 command on the master node, but it's not really clear whether this needs to be run there, or on the elasticsearch node(s), or everything? I think the config is stored in mongo, but then it's also in the .conf files?? So I ran it on the second server node, and the whole thing exploded. I got some weird error trying to log in, which I think was caused by the graylog.conf file having different root_user names set between the two servers (this is clearly not copied when you do the cluster-master bit at the start). Having fixed that it then still wouldn't load, but a restart of everything seems to have brought it back together. Argh! All quite complex and would be helpful to have a guide that just explained how it might work and what commands to run on what machine/what you need to do manually. In short, its a nice idea to have the clustering setup using the tools, but it's so hard to know what's going on and there's so little actual documentation, it's a bit useless at the moment - yet could be so good no doubt quite easily! thanks Pete -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
