4

I setup a Graylog server based on the official Graylog 3 Docker image and added the SSO plugin. In principle it works but I have to configure the SSO headers using the UI after each container start.

I see the options to configure Graylog itself using either a server.conf file or environment variables. But I cannot find any way to configure the plugin upfront to get a final image for automatic deployment.

Is there any way to configure Graylog plugins using special config file entries, prefixed environment variables or separate config files?

Arne Burmeister
  • 20,046
  • 8
  • 53
  • 94

1 Answers1

0

If you create you're own shell script to update files/settings, you can create a new image based on the original (a new Dockerfile), which, when started, will run the script, modify any relevant settings and start the application-server. Even better if you can have the script take inputs which you can supply as environment variables to the docker container.

Rob Evans
  • 2,822
  • 1
  • 9
  • 15
  • The problem is: what files/settings to update. I haven’t found any for the plugins or roles – Arne Burmeister Nov 02 '20 at 13:14
  • seems like you can configure the service via HTTP requests. So it may be possible to use simple curl requests in a script at startup https://github.com/Graylog2/graylog-plugin-auth-sso#development – Rob Evans Nov 02 '20 at 13:35
  • There's an example here: https://docs.graylog.org/en/3.3/pages/installation/docker.html#plugins for the Dockerfile you'd need. Then you just need to add `RUN` to the image you create – Rob Evans Nov 02 '20 at 15:23
  • I have a working Dockerfile adding the plugins based on the official one, that’s not the problem. Using the HTTP API is an option, but the last/worst from my opinion as I would have to start the server, wait for it in another process and use curl afterwards - using supervisors e.g.. Beside that I would need admin authentication for that… You are right, that could work but it is really ugly. I think Graylog hates DevOps. – Arne Burmeister Nov 03 '20 at 06:52
  • Very true - I'd try to understand the codebase - its very small. https://github.com/Graylog2/graylog-plugin-auth-sso/blob/master/src/main/java/org/graylog/plugins/auth/sso/SsoConfigResource.java this looks like a good starting point. I'm not sure if everything is set in memory or read from files. Seems likely you could override any file settings using a bash script or by mounting a server.conf file from your local file system – Rob Evans Nov 03 '20 at 09:24
  • There are no entries in the server.conf file for the plugin. I have a bad feeling Graylog either does not support conf file entries for plugins or none of the plugins use it (it is not only about the SSO plugin). – Arne Burmeister Nov 03 '20 at 12:10