Install the Graylog APT repository and install Data Node
wget https://packages.graylog2.org/repo/packages/graylog-7.0-repository_latest.deb && \
dpkg -i graylog-7.0-repository_latest.deb && \
apt update && \
apt install graylog-datanodeEnsure the system vm.max_map_count setting is set to at least 262144.
cat /proc/sys/vm/max_map_countIf the set value is lower than it should be, correct it by overriding the system value in a new sysctl config file.
echo "vm.max_map_count = 262144" >> /etc/sysctl.d/99-graylog-datanode.confUse this small script to generate a passphrase, install it to the Data Node config, and show it on the CLI for you to store for later use.
NOTE: If this this Node will be added to an existing Graylog Cluster SKIP this step and use the password_secret that's being used by the existing Cluster!
GLPW=$(openssl rand -hex 32 | tee /dev/tty) && \
sed -i "/^password_secret/s/$/ $GLPW/" /etc/graylog/datanode/datanode.confSet the heap size the DB service is allowed to use. This should be half the total memory of the server, up to 31GB.
echo "opensearch_heap = 8g" >> /etc/graylog/datanode/datanode.confConfigure the mongodb_uri variable to where ever your MongoDB instance is. In my case, it's on the server that runs the actual Graylog server.
NOTE: MongoDB should not be run on a Data Node host server. It should be run on either one of a Graylog Server host -OR- a dedicated host.
NOTE: Use this guide to enable MongoDB authentication if not already enabled - the Cluster will be talking over the network now, secure it.
mongodb_uri = mongodb://graylog-1.int.example.com:27017/graylogEnable the new Data Node service
systemctl enable --now graylog-datanode.service