How to Automate Graylog Server Installation using Puppet in Debian

How to Automate Graylog Server Installation using Puppet in Debian

Do you want to know how to automate Graylog server installation using Puppet in Debian? Then you’ve come to the right place. 

You can use this particular tool to analyze the logs and generate alerts. We will start with a brief introduction to the Graylog server. Then, we will see how Puppet can help in installing the Graylog server on Debian.

What is a Graylog server?

Graylog is an open-source and free tool for managing and aggregating logs. Tracking and analyzing the logs can generate alerts through the Graylog server. A fantastic feature of this tool is that it can analyze structured and unstructured data. The following are the major components of the Graylog server:

  • MongoDB: stores data and configurations.
  • Graylog server: A web server that can visualize the logs through the browser.
  • Elasticsearch: you can use it to analyze logs.
  • Java/OpenJDK: The runtime environment for Elasticsearch.

The role of Puppet

Developed by Puppet Labs back in 2005, the Puppet tool helps in automating the installation of node components. It is also used to configure, manage and deploy the Graylog server.

Now we will go over the steps to install the Graylog server. And there are four steps to do so:

  • Installation and configuration of the Puppet.
  • Installation of required modules for the Puppet.
  • Installation of Graylog server.
  • Firewall settings and accessing the Graylog web interface.

How to Automate Graylog Server Installation using Puppet in Debian

Before we get to the core of this topic, we must first understand how to install and configure the Puppet tool. 

Installation and configuration of Puppet

The first step of automate Graylog server installation using Puppet is to install Puppet. This will involve the installation of the Puppet server and the agent nodes attached to it. Note that in order for Graylog’s latest version server to work, you must install a version of Puppet that’s compatible with your system (i.e., Puppet >= 6.21.0 < 8.0.0). 

Installation of Puppet

As this guide covers automate Graylog server installation using Puppet, we won’t provide the installation and configuration of Puppet due to space constraints. For CentOS 8, you can refer to the following, and similarly, for CentOS 7, see here

Confirm the connectivity

Once you’re done configuring and installing the Puppet client, you may now confirm its connectivity with this command:

$sudo /opt/puppetlabs/bin/puppet agent –t

Installation of the required Puppet module

Now, we will install the module of the Puppet needed.

Install the Graylog Puppet module

You can install the Graylog module using the following command:

$ sudo /opt/puppetlabs/bin/puppet module install graylog/graylog

Furthermore, we need to install other modules as well. To install the Puppet APT module, input this command:

$sudo /opt/puppetlabs/bin/puppet module install puppetlabs-apt --version <version-number>

You can also install Puppet’s standard library module using this:

$sudo /opt/puppetlabs/bin/puppet module install puppetlabs-stdlib --version <version-number>

Installation of Puppet MongoDB module

You can install the MongoDB module using the following command:

$ sudo /opt/puppetlabs/bin/puppet module install puppet-mongodb

Installation of Java module

Finally, you will need to install the Java module using the following command:

$ sudo /opt/puppetlabs/bin/puppet module install puppetlabs-java

Installation of Elasticsearch module

Use the following command to install Elasticsearch:

$ sudo /opt/puppetlabs/bin/puppet module install puppet-elasticsearch

Verifying the list of installed modules

After installing the previous modules, you can now check the list of installed Puppet modules using this command:

$ sudo /opt/puppetlabs/bin/puppet module list --environment production

You should see the following output:

list of installed Puppet modules

Installation of Graylog server module

After installing the modules, we will create a manifest file. With it, we will manage MongoDB, Elasticsearch, and Graylog server on a single node. Follow the steps below.

Create manifest file

Using your favorite editor, create a file as follows:

$sudo vim /etc/puppetlabs/code/environments/production/manifests/init.pp

In the file, replace the line password_secret with pwgen with this:

$ pwgen -N 1 -s 96

For the admin password, type the following command:

$ echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1

Adding the repository

While applying the manifest for MongoDB, you may get an error for Debian or Ubuntu users. To resolve this error, add the repository using the following command:

$wget -qO - | sudo apt-key add -
$echo "deb buster/mongodb-org/4.4 main"|sudo tee /etc/apt/sources.list.d/mongodb-org.list
$sudo apt update

Edit the manifest file

Now edit the manifest as follows:

class { 'mongodb::globals':
manage_package_repo => false,
manage_package      => true,
class { 'mongodb::server':
bind_ip => [''],
ensure     => 'present',
restart    => true,
class { 'mongodb::client':

Run the manifest on the agent

Finally, run the manifest on the agent using the following command:

$sudo /opt/puppetlabs/bin/puppet agent –t

Verifying that elastic search is running

Verify that Elasticsearch is running using the following command:

$ curl -X GET localhost:9200

Here, 9200 is the port where the elastic search is running. 

Accessing the Graylog interface

We will now add the firewall rules and then access the Graylog from the browser.

Add firewall rules

You will need to allow port 9200 through the firewall. Run the following command on your Terminal for this purpose:

For Firewall:

$sudo firewall-cmd --add-port=9000/tcp --permanent
$sudo firewall-cmd --reload

For UFW:

$sudo ufw allow 9000/tcp

Access the Graylog web interface

Now, you can access the Graylog web interface by pointing your browser to the following URL:


Provide the login credentials. And after once the installation is successful, you should see the following screen:

Provide the login credentials

Now, you can create dashboards to visualize the logs on Graylog GUI.

In this article, we discussed how to automate Graylog server installation using Puppet on Debian. It is a free and open-source tool used to analyze logs and generate alerts. Lastly, we have discussed the four significant steps for the installation of this tool.

If this guide helped you, please share it.

Related Posts