Two-node graylog+elasticsearch failover cluster

dunhillers · April 27, 2021, 10:11am

Hi, I have deployed graylog+elastic on two servers (Centos 7.8). The goal: to create a failover cluster of two nodes with support for index replication. So that if one of the nodes falls, the indexes continue to be written on the second node and the indexes are replicated.
Build: Logs from 12 third-party servers are written by syslog to the Indexes of elastic server #1 and replicated to server #2.
My problem: When server # 1, which is the master, is unavailable, elastic disappears on the second one and the indexes in graylog become unavailable and new messages are not written until node #1 is restored. (it turns out that the bundle is not fault-tolerant ).
Please help me to solve this problem.

show me your ready-made configs with fault-tolerant settings. If necessary, I can show my configs .yum .conf

Christian_Dahlqvist · April 27, 2021, 10:17am

You can not build a highly available cluster with just 2 nodes. You will need to add a third node, even if this is a master-only node that does not hold data. That would give you the 3 master-eligible nodes required in order to be able to cope with one node going down.

DavidTurner · April 27, 2021, 10:53am

Linking the reference manual pages on this subject, noting particularly:

Because it’s not resilient to failures, we do not recommend deploying a two-node cluster in production.

dunhillers · April 27, 2021, 11:18am

Thank you for your reply friends. It turns out that a bundle of two nodes can only survive the fall of the secondary node (Datanode), but if the first node with the master role falls, then the second node does not become the master, do I understand you correctly? In the opposite direction, it will work, if the secondary node falls, we will not lose the indexes, only the performance will decrease?

dunhillers · April 27, 2021, 11:24am

Thank you David, I read this guide! But it remains unclear to me when exactly we lose the Indexes.. When we lose the first node with the master, or in both cases, will automatically assign the secondary node with the Data node role, the master role when the primary node is not available.

Christian_Dahlqvist · April 27, 2021, 11:29am

Yes, that is correct. If you lose your only master node you will lose the data and need to recreate the cluster and restore from snapshot using the snapshot/restore API. I would recommend making both your nodes master eligible and adding a small master only node.

system · May 25, 2021, 11:29am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.