Abhijit, as I said, for full HA graylog-ctl is not the optimal approach. Take a look at this diagram and setup every component through a Chef or Puppet cookbook: http://docs.graylog.org/en/1.0/pages/architecture.html#bigger-production-setup
On 20 May 2015 at 15:02, Abhijit Gaikwad <[email protected]> wrote: > I am in the same boat as well. I would like to have some clarity about > the issues raised by Pete as well. It’s just very difficult to tell what > part of the cluster the command is setting up on its own and what you have > to do manually. > > > > Any guidance would be appreciated. > > > > -Abhijit. > > > > *From:* [email protected] [mailto:[email protected]] *On > Behalf Of *Pete Storey > *Sent:* Thursday, May 07, 2015 9:49 AM > *To:* [email protected] > *Subject:* [graylog2] How to setup an HA graylog cluster > > > > Trying to setup a graylog cluster on AWS to use for all my logging, but > I'm having trouble getting it to work - surely lots of people have this > problem but I can't find any docs/forum posts about it! > > > > The documentation has bits that talk about various things, and the > graylog-ctl should help a lot, but it clearly misses out all sorts of > important areas that need sorting! Can anyone help? > > > > What I've got is: > > > > graylog-web - a web-interface server > > graylog-a - a "server", pointed to -b as the "master" > > graylog-b - a "server" as well - the master, and the original server > > graylog-data-a - a "datanode" > > graylog-data-b - a "datanode" > > > > Problems are as follows: > > > > - There's no apparent way to know what's happening with the elasticsearch > cluster, except looking at the /system/indices bit. This is OK so long as > it's green, but otherwise how are you to know where a problem lies? It > seems for example that if I start data-a before data-b, then they don't > connect as a cluster and it goes yellow with 6 shards active and 6 > unassigned. Restarting data-a then fixes the problem, but it seems that > one of them is a master and needs to start first or something? > > > > - It was all working OK with just one server node, but then I added a > second node (in this case, graylog-a). This screwed everything up, > basically. I simply created a new instance, ran the sudo graylog-ctl > set-cluster-master x.y.z command, then reconfigure-as-server, and all > should have been well you'd think. > > > > I realised that although it configures to talk to mongodb on the master > server, mongo isn't actually clustered between the servers, so I think > there's still a single point of failure here? I added the relevant port to > the firewall and initially all was well, but I assume that if graylog-b > (the master) goes down, then the whole thing will. Shouldn't the > graylog-ctl command handle setting up mongo as a cluster as well, or is it > not that easy? > > > > - I then wanted to change the way the indices are setup, so I ran the sudo > graylog-ctl set-retention --size=5 --indices=15 command on the master node, > but it's not really clear whether this needs to be run there, or on the > elasticsearch node(s), or everything? I think the config is stored in > mongo, but then it's also in the .conf files?? So I ran it on the second > server node, and the whole thing exploded. I got some weird error trying > to log in, which I think was caused by the graylog.conf file having > different root_user names set between the two servers (this is clearly not > copied when you do the cluster-master bit at the start). Having fixed that > it then still wouldn't load, but a restart of everything seems to have > brought it back together. > > > > > > > > Argh! All quite complex and would be helpful to have a guide that just > explained how it might work and what commands to run on what machine/what > you need to do manually. > > > > In short, its a nice idea to have the clustering setup using the tools, > but it's so hard to know what's going on and there's so little actual > documentation, it's a bit useless at the moment - yet could be so good no > doubt quite easily! > > > > thanks > > Pete > > -- > You received this message because you are subscribed to the Google Groups > "graylog2" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "graylog2" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- Developer Tel.: +49 (0)40 609 452 077 Fax.: +49 (0)40 609 452 078 TORCH GmbH - A Graylog Company Steckelhörn 11 20457 Hamburg Germany https://www.graylog.com <https://www.torch.sh/> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 Geschäftsführer: Lennart Koopmann (CEO) -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
