From 0770cb1265ed9da5db2beb018dab3ed49aeb9f49 Mon Sep 17 00:00:00 2001
From: lgromero <lgromero@qindel.com>
Date: Fri, 28 Mar 2025 08:30:56 +0100
Subject: [PATCH] refs # refactor installer, adds etc where is configuration
 templates

---
 etc/filebeat/filebeat.yml                     |  29 ++
 etc/grafana/grafana.ini                       |  17 +
 .../provisioning/dashboards/dashboard.yaml    |   8 +
 .../provisioning/datasources/prometheus.yaml  |   8 +
 etc/journalbeat/journalbeat.yml               |  24 +
 .../opensearch_dashboards.yml                 |  13 +
 etc/opensearch/opensearch.yml                 |  10 +
 etc/prometheus/prometheus.yml                 |  13 +
 etc/prometheus/web-config.yml                 |   4 +
 script/journal-upload.sh                      | 109 +++--
 script/script.sh                              | 456 +++++-------------
 11 files changed, 298 insertions(+), 393 deletions(-)
 create mode 100644 etc/filebeat/filebeat.yml
 create mode 100644 etc/grafana/grafana.ini
 create mode 100644 etc/grafana/provisioning/dashboards/dashboard.yaml
 create mode 100644 etc/grafana/provisioning/datasources/prometheus.yaml
 create mode 100644 etc/journalbeat/journalbeat.yml
 create mode 100644 etc/opensearch-dashboards/opensearch_dashboards.yml
 create mode 100644 etc/opensearch/opensearch.yml
 create mode 100644 etc/prometheus/prometheus.yml
 create mode 100644 etc/prometheus/web-config.yml

diff --git a/etc/filebeat/filebeat.yml b/etc/filebeat/filebeat.yml
new file mode 100644
index 0000000..dc6474d
--- /dev/null
+++ b/etc/filebeat/filebeat.yml
@@ -0,0 +1,29 @@
+filebeat.inputs:
+- type: log
+  enabled: true
+  paths:
+    - /var/log/opengnsys.log
+    - /home/*/opengnsys.log
+
+setup.template.settings:
+  index.number_of_shards: 1
+
+output.elasticsearch:
+  hosts: ["https://oglog-os.mytld:9200"]
+  username: "admin"
+  password: "{{OPENSEARCH_INITIAL_ADMIN_PASSWORD}}"
+  protocol: "https"
+  ssl.enabled: true
+  ssl.verification_mode: full
+  ssl.certificate: "/etc/filebeat/ogagent-fb.mytld.crt.pem"
+  ssl.key: "/etc/filebeat/ogagent-fb.mytld.key.pem"
+
+processors:
+  - add_host_metadata:
+      when.not.contains.tags: forwarded
+  - add_cloud_metadata: ~
+  - add_docker_metadata: ~
+  - add_kubernetes_metadata: ~
+
+seccomp.enabled: false
+
diff --git a/etc/grafana/grafana.ini b/etc/grafana/grafana.ini
new file mode 100644
index 0000000..445f32c
--- /dev/null
+++ b/etc/grafana/grafana.ini
@@ -0,0 +1,17 @@
+[server]
+protocol = https
+cert_file = /etc/grafana/oglog-graf.mytld.crt.pem
+cert_key = /etc/grafana/oglog-graf.mytld.key.pem
+
+[analytics]
+reporting_enabled = false
+check_for_updates = false
+check_for_plugin_updates = false
+
+[database]
+type = sqlite3
+path = /var/lib/grafana/grafana.db
+
+[auth]
+disable_login_form = false
+
diff --git a/etc/grafana/provisioning/dashboards/dashboard.yaml b/etc/grafana/provisioning/dashboards/dashboard.yaml
new file mode 100644
index 0000000..1456c5d
--- /dev/null
+++ b/etc/grafana/provisioning/dashboards/dashboard.yaml
@@ -0,0 +1,8 @@
+apiVersion: 1
+providers:
+  - name: 'default'
+    folder: ''
+    type: file
+    options:
+      path: /etc/grafana/dashboards
+
diff --git a/etc/grafana/provisioning/datasources/prometheus.yaml b/etc/grafana/provisioning/datasources/prometheus.yaml
new file mode 100644
index 0000000..5a73546
--- /dev/null
+++ b/etc/grafana/provisioning/datasources/prometheus.yaml
@@ -0,0 +1,8 @@
+apiVersion: 1
+datasources:
+  - name: Prometheus
+    type: prometheus
+    access: proxy
+    url: https://oglog-prom.mytld:9090
+    isDefault: true
+
diff --git a/etc/journalbeat/journalbeat.yml b/etc/journalbeat/journalbeat.yml
new file mode 100644
index 0000000..2ee6e65
--- /dev/null
+++ b/etc/journalbeat/journalbeat.yml
@@ -0,0 +1,24 @@
+journalbeat.inputs:
+- paths:
+  - "/var/log/journal"
+  - "/var/log/journal/remote"
+  seek: cursor
+
+setup.template.settings:
+  index.number_of_shards: 1
+
+output.elasticsearch:
+  hosts: ["https://oglog-os.mytld:9200"]
+  username: "admin"
+  password: "{{OPENSEARCH_INITIAL_ADMIN_PASSWORD}}"
+  protocol: "https"
+  ssl.enabled: true
+  ssl.verification_mode: full
+  ssl.certificate: "/etc/journalbeat/oglog-jb.mytld.crt.pem"
+  ssl.key: "/etc/journalbeat/oglog-jb.mytld.key.pem"
+
+processors:
+  - add_docker_metadata: ~
+
+seccomp.enabled: false
+
diff --git a/etc/opensearch-dashboards/opensearch_dashboards.yml b/etc/opensearch-dashboards/opensearch_dashboards.yml
new file mode 100644
index 0000000..5a833e0
--- /dev/null
+++ b/etc/opensearch-dashboards/opensearch_dashboards.yml
@@ -0,0 +1,13 @@
+server.host: 0.0.0.0
+opensearch.hosts: ["https://oglog-os.mytld:9200"]
+opensearch.username: "admin"
+opensearch.password: "{{OPENSEARCH_INITIAL_ADMIN_PASSWORD}}"
+server.ssl.enabled: true
+server.ssl.certificate: oglog-osdb.mytld.crt.pem
+server.ssl.key: oglog-osdb.mytld.key.pem
+opensearch.ssl.certificate: oglog-osdb.mytld.crt.pem
+opensearch.ssl.key: oglog-osdb.mytld.key.pem
+opensearch.ssl.verificationMode: full
+opensearch.ssl.certificateAuthorities: ["/etc/ssl/certs/ca.crt.pem"]
+opensearch.ssl.alwaysPresentCertificate: true
+
diff --git a/etc/opensearch/opensearch.yml b/etc/opensearch/opensearch.yml
new file mode 100644
index 0000000..89eb979
--- /dev/null
+++ b/etc/opensearch/opensearch.yml
@@ -0,0 +1,10 @@
+network.host: "{{IP_MAQUINA}}"
+plugins.security.ssl.http.pemcert_filepath: oglog-os.mytld.crt.pem
+plugins.security.ssl.http.pemkey_filepath: oglog-os.mytld.key.pem
+plugins.security.ssl.http.pemtrustedcas_filepath: ca.crt.pem
+
+discovery.type: single-node
+compatibility.override_main_response_version: true
+plugins.security.ssl.http.clientauth_mode: REQUIRE
+plugins.security.ssl_cert_reload_enabled: true
+
diff --git a/etc/prometheus/prometheus.yml b/etc/prometheus/prometheus.yml
new file mode 100644
index 0000000..dff0af4
--- /dev/null
+++ b/etc/prometheus/prometheus.yml
@@ -0,0 +1,13 @@
+global:
+  scrape_interval: 15s
+  evaluation_interval: 15s
+
+scrape_configs:
+  - job_name: ogserver
+    static_configs:
+      - targets: ['ogserver.mytld:9100']
+
+  - job_name: ogagent
+    static_configs:
+      - targets: ['ogagent.mytld:9100']
+
diff --git a/etc/prometheus/web-config.yml b/etc/prometheus/web-config.yml
new file mode 100644
index 0000000..334916c
--- /dev/null
+++ b/etc/prometheus/web-config.yml
@@ -0,0 +1,4 @@
+tls_server_config:
+  cert_file: /etc/prometheus/oglog-prom.mytld.crt.pem
+  key_file: /etc/prometheus/oglog-prom.mytld.key.pem
+
diff --git a/script/journal-upload.sh b/script/journal-upload.sh
index 1ce3781..cb8029e 100755
--- a/script/journal-upload.sh
+++ b/script/journal-upload.sh
@@ -1,64 +1,77 @@
 #!/bin/bash
 
-set -e  # Detener el script si ocurre un error
+set -e
 
-# Verificar que la variable de entorno IP_SERVER esté configurada
-if [[ -z "$IP_SERVER" ]]; then
-  echo "ERROR: La variable de entorno IP_SERVER no está configurada."
-  echo "Por favor, exporta IP_SERVER antes de ejecutar este script."
-  exit 1
+LOGFILE="/tmp/ogcore-installer.log"
+exec > >(tee -a "$LOGFILE") 2>&1
+
+log() {
+  echo "$1" | tee -a "$LOGFILE"
+}
+
+log "Inicio instalación ogcore: $(date)"
+
+# Mediciones iniciales
+log "Tamaño inicial del disco:" && df -h /
+log "Carga inicial CPU:" && uptime
+
+# Variables
+IP_SERVER="${IP_SERVER:?La variable IP_SERVER es requerida}"
+NFS_SERVER="ognartefactos.evlt.uma.es"
+LOCAL_MOUNT="/mnt"
+
+# Montar NFS
+if ! mountpoint -q "$LOCAL_MOUNT"; then
+  mkdir -p "$LOCAL_MOUNT"
+  mount -t nfs "$NFS_SERVER:/" "$LOCAL_MOUNT"
 fi
 
-# Ejecutar el script mkcerts.sh
-#bash ./mkcerts.sh
+# Actualizar hosts
+echo "$IP_SERVER oglog-jrem.mytld" >> /etc/hosts
 
-# Actualizar /etc/hosts con los nombres de dominio
-cat >>/etc/hosts <<EOF
-$IP_SERVER oglog-jrem.mytld
-EOF
-
-echo "Actualizando paquetes e instalando dependencias..."
+# Instalar dependencias
 apt-get update
-apt-get -y install \
-  prometheus-node-exporter \
-  systemd-journal-remote
+apt-get install -y prometheus-node-exporter systemd-journal-remote
 
-echo "Configurando TLS y copiando certificados..."
-
-# Copiar el certificado de la CA a /etc/ssl/certs/
-cp CA/certs/ca.crt.pem /etc/ssl/certs/
-
-# Crear un enlace simbólico para el certificado de la CA
-ln -sf /etc/ssl/certs/ca.crt.pem /etc/ssl/certs/$(openssl x509 -in /etc/ssl/certs/ca.crt.pem -hash -noout).0
-
-# Copiar los certificados del servidor
-cp CA/certs/ogserver.mytld.crt.pem /etc/ssl/certs/
-cp CA/private/ogserver.mytld.key.nopass.pem /etc/ssl/private/ogserver.mytld.key.pem
-
-# Asegurar permisos en los archivos de certificados
+# Copiar certificados
+cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/"{ca.crt.pem,ogserver.mytld.crt.pem} /etc/ssl/certs/
+cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/private/ogserver.mytld.key.nopass.pem" /etc/ssl/private/ogserver.mytld.key.pem
 chmod 600 /etc/ssl/private/ogserver.mytld.key.pem
-chown root:root /etc/ssl/private/ogserver.mytld.key.pem
 
-echo "Configurando systemd-journal-upload..."
+# Configuración journal-upload
+sed -i -e '/DynamicUser/s/.*/DynamicUser=no/' \
+       -e '/User/s/.*/User=root/' \
+       /usr/lib/systemd/system/systemd-journal-upload.service
 
-# Modificar el archivo de unidad para que el servicio se ejecute como root
-sed -i -e '/DynamicUser/s/.*/DynamicUser=no/' /usr/lib/systemd/system/systemd-journal-upload.service
-sed -i -e '/User/       s/.*/User=root/'      /usr/lib/systemd/system/systemd-journal-upload.service
-
-# Recargar los servicios de systemd para aplicar los cambios
 systemctl daemon-reload
 
-# Configurar el archivo de configuración de systemd-journal-upload
-sed -i -e '/URL/                   s%.*%URL=https://oglog-jrem.mytld:19532%'                          /etc/systemd/journal-upload.conf
-sed -i -e '/ServerKeyFile/         s%.*%ServerKeyFile=/etc/ssl/private/ogserver.mytld.key.pem%'       /etc/systemd/journal-upload.conf
-sed -i -e '/ServerCertificateFile/ s%.*%ServerCertificateFile=/etc/ssl/certs/ogserver.mytld.crt.pem%' /etc/systemd/journal-upload.conf
-sed -i -e '/TrustedCertificateFile/s%.*%TrustedCertificateFile=/etc/ssl/certs/ca.crt.pem%'            /etc/systemd/journal-upload.conf
+cat >/etc/systemd/journal-upload.conf <<EOF
+[Upload]
+URL=https://oglog-jrem.mytld:19532
+ServerKeyFile=/etc/ssl/private/ogserver.mytld.key.pem
+ServerCertificateFile=/etc/ssl/certs/ogserver.mytld.crt.pem
+TrustedCertificateFile=/etc/ssl/certs/ca.crt.pem
+EOF
 
-# Habilitar e iniciar el servicio
-echo "Habilitando y arrancando systemd-journal-upload..."
-systemctl enable --now systemd-journal-upload
+# Activar servicio robustamente
+reiniciar_servicio() {
+  systemctl restart "$1"
+  log "Esperando que $1 esté activo..."
+  for i in {1..10}; do
+    if systemctl is-active --quiet "$1"; then
+      log "$1 activo."
+      return
+    fi
+    sleep 2
+  done
+  log "ERROR: $1 no arrancó correctamente."
+  exit 1
+}
 
-# Verificar el estado del servicio
-systemctl status systemd-journal-upload --no-pager
+reiniciar_servicio "systemd-journal-upload"
 
-echo "Configuración completada con éxito. Los logs se están enviando al servidor remoto."
+# Mediciones finales
+log "Tamaño final del disco:" && df -h /
+log "Carga final CPU:" && uptime
+
+log "Instalación ogcore finalizada: $(date)"
diff --git a/script/script.sh b/script/script.sh
index 186e938..113cb3e 100755
--- a/script/script.sh
+++ b/script/script.sh
@@ -1,358 +1,124 @@
-
 #!/bin/bash
 
-# Comprobar que las variables de entorno están definidas
-if [[ -z "$IP_MAQUINA" || -z "$OPENSEARCH_INITIAL_ADMIN_PASSWORD" ]]; then
-  echo "ERROR: Las variables de entorno IP_MAQUINA y OPENSEARCH_INITIAL_ADMIN_PASSWORD deben estar definidas."
-  exit 1
+set -e
+
+LOGFILE="/tmp/oglog-install.log"
+exec > >(tee -a "$LOGFILE") 2>&1
+
+log() {
+  echo "$1" | tee -a "$LOGFILE"
+}
+
+log "Inicio de instalación: $(date)"
+
+# Tamaño inicial del disco
+log "Tamaño inicial del disco:"
+df -h / | tee -a "$LOGFILE"
+
+# Carga inicial de CPU
+log "Carga inicial de CPU:"
+uptime | tee -a "$LOGFILE"
+
+# Inicio del cronómetro
+SECONDS=0
+
+# Montar servidor NFS
+NFS_SERVER="ognartefactos.evlt.uma.es"
+NFS_PATH="/"
+LOCAL_MOUNT="/mnt"
+
+if ! mountpoint -q "$LOCAL_MOUNT"; then
+  mkdir -p "$LOCAL_MOUNT"
+  mount -t nfs "$NFS_SERVER:$NFS_PATH" "$LOCAL_MOUNT"
 fi
 
-# Validar la contraseña cumple con los requisitos
-if [[ ${#OPENSEARCH_INITIAL_ADMIN_PASSWORD} -lt 12 ||       ! "$OPENSEARCH_INITIAL_ADMIN_PASSWORD" =~ [A-Z] ||       ! "$OPENSEARCH_INITIAL_ADMIN_PASSWORD" =~ [0-9] ||       ! "$OPENSEARCH_INITIAL_ADMIN_PASSWORD" =~ [^a-zA-Z0-9] ]]; then
-  echo "ERROR: La contraseña OPENSEARCH_INITIAL_ADMIN_PASSWORD no cumple con los requisitos:"
-  echo "- Mínimo 12 caracteres."
-  echo "- Al menos una mayúscula, un número y un carácter especial."
-  exit 1
-fi
-
-# Actualizar /etc/hosts con los nombres de dominio
-cat >>/etc/hosts <<EOF
-$IP_MAQUINA oglog-os.mytld
-$IP_MAQUINA oglog-osdb.mytld
-$IP_MAQUINA oglog-jb.mytld
-$IP_MAQUINA oglog-jrem.mytld
-$IP_MAQUINA oglog-prom.mytld
-$IP_MAQUINA oglog-graf.mytld
-EOF
-
-# Instalar dependencias iniciales
-apt-get update
-apt-get -y install     ca-certificates     gnupg2     lsb-release     systemd-journal-remote
-
-# Ejecutar el script mkcerts.sh
-bash ./mkcerts.sh
-
-# Configuración de certificados SSL en el sistema
-cp CA/certs/ca.crt.pem /etc/ssl/certs/
-ln -s /etc/ssl/certs/ca.crt.pem /etc/ssl/certs/"$(openssl x509 -in /etc/ssl/certs/ca.crt.pem -hash -noout).0"
-
-# Configurar Journalbeat
-
-# Verificar si la URL es accesible
-curl -I --connect-timeout 10 --max-time 30 --retry 5 "https://artifacts.elastic.co/downloads/beats/journalbeat/journalbeat-oss-7.12.1-amd64.deb" -o /dev/null -s
-if [[ $? -ne 0 ]]; then
-  echo "ERROR: No se puede resolver la URL. Verifica tu conexión a Internet o la disponibilidad del servidor."
-  exit 1  # Detener el script
-fi
-
-echo "La URL es accesible. Continuando..."
-
-curl --connect-timeout 10 --max-time 60 -L -o /tmp/journalbeat-oss-7.12.1-amd64.deb https://artifacts.elastic.co/downloads/beats/journalbeat/journalbeat-oss-7.12.1-amd64.deb
-dpkg -i /tmp/journalbeat-oss-7.12.1-amd64.deb
-cp CA/certs/oglog-jb.mytld.crt.pem          /etc/journalbeat/
-cp CA/private/oglog-jb.mytld.key.nopass.pem /etc/journalbeat/oglog-jb.mytld.key.pem
-cat >/etc/journalbeat/journalbeat.yml <<EOF
-journalbeat.inputs:
-- paths:
-  - "/var/log/journal"
-  - "/var/log/journal/remote"
-  seek: cursor
-
-setup.template.settings:
-  index.number_of_shards: 1
-
-output.elasticsearch:
-  hosts: ["oglog-os.mytld:9200"]
-  username: "admin"
-  pipeline: "simple_parse_pipeline"
-  password: "$OPENSEARCH_INITIAL_ADMIN_PASSWORD"
-  protocol: "https"
-  ssl.enabled: true
-  ssl.verification_mode: full
-  ssl.certificate: "/etc/journalbeat/oglog-jb.mytld.crt.pem"
-  ssl.key: "/etc/journalbeat/oglog-jb.mytld.key.pem"
-
-processors:
-  - add_docker_metadata: ~
-
-seccomp.enabled: false
-EOF
-
-systemctl enable --now journalbeat
-
-# Configurar repositorios y llaves para OpenSearch
-curl -o- https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --dearmor --batch --yes -o /usr/share/keyrings/opensearch-keyring
-echo "deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/apt stable main" > /etc/apt/sources.list.d/opensearch-2.x.list
-echo "deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/2.x/apt stable main" > /etc/apt/sources.list.d/opensearch-dashboards-2.x.list
-apt-get update
-apt-get install -y opensearch opensearch-dashboards
-
-# Configurar OpenSearch con los certificados y la IP
-cp CA/certs/ca.crt.pem /etc/opensearch/
-cp CA/certs/oglog-os.mytld.crt.pem /etc/opensearch/
-cp CA/private/oglog-os.mytld.key.nopass.pem /etc/opensearch/oglog-os.mytld.key.pem
-chown opensearch:opensearch /etc/opensearch/{ca.crt.pem,oglog-os.mytld.crt.pem,oglog-os.mytld.key.pem}
-
-cp CA/certs/oglog-osdb.mytld.crt.pem /etc/opensearch-dashboards/
-cp CA/private/oglog-osdb.mytld.key.nopass.pem /etc/opensearch-dashboards/oglog-osdb.mytld.key.pem
-chown opensearch-dashboards:opensearch-dashboards /etc/opensearch-dashboards/oglog-osdb.mytld.crt.pem /etc/opensearch-dashboards/oglog-osdb.mytld.key.pem
-
-sed -i -e '/^plugins.security.ssl.http.pemcert_filepath:/      s/: .*/: oglog-os.mytld.crt.pem/'  /etc/opensearch/opensearch.yml
-sed -i -e '/^plugins.security.ssl.http.pemkey_filepath:/       s/: .*/: oglog-os.mytld.key.pem/'  /etc/opensearch/opensearch.yml
-sed -i -e '/^plugins.security.ssl.http.pemtrustedcas_filepath:/s/: .*/: ca.crt.pem/'              /etc/opensearch/opensearch.yml
-sed -i -e '/^#network.host/                                    s/.*/network.host: '"$IP_MAQUINA"'/' /etc/opensearch/opensearch.yml
-
-cat >>/etc/opensearch/opensearch.yml <<EOF
-
-discovery.type: single-node
-compatibility.override_main_response_version: true
-plugins.security.ssl.http.clientauth_mode: REQUIRE
-plugins.security.ssl_cert_reload_enabled: true
-EOF
-
-# Configurar OpenSearch Dashboards
-cp -a /etc/opensearch-dashboards/opensearch_dashboards.yml /etc/opensearch-dashboards/opensearch_dashboards.yml.dist
-cat >/etc/opensearch-dashboards/opensearch_dashboards.yml <<EOF
-server.host: 0.0.0.0
-opensearch.hosts: ["https://oglog-os.mytld:9200"]
-opensearch.username: "admin"
-opensearch.password: "$OPENSEARCH_INITIAL_ADMIN_PASSWORD"
-server.ssl.enabled: true
-server.ssl.certificate: /etc/opensearch-dashboards/oglog-osdb.mytld.crt.pem
-server.ssl.key: /etc/opensearch-dashboards/oglog-osdb.mytld.key.pem
-opensearch.ssl.certificate: /etc/opensearch-dashboards/oglog-osdb.mytld.crt.pem
-opensearch.ssl.key: /etc/opensearch-dashboards/oglog-osdb.mytld.key.pem
-opensearch.ssl.verificationMode: full
-opensearch.ssl.certificateAuthorities: [ "/etc/ssl/certs/ca.crt.pem" ]
-opensearch.ssl.alwaysPresentCertificate: true
-EOF
-
-# Habilitar servicios de OpenSearch
-systemctl enable --now opensearch.service opensearch-dashboards.service
-
-# Esperar a que OpenSearch esté disponible
-echo "Esperando a que OpenSearch esté disponible..."
-until curl -s --fail \
-    --cert /etc/opensearch/oglog-os.mytld.crt.pem \
-    --key /etc/opensearch/oglog-os.mytld.key.pem \
-    --cacert /etc/opensearch/ca.crt.pem \
-    -u "admin:$OPENSEARCH_INITIAL_ADMIN_PASSWORD" \
-    "https://oglog-os.mytld:9200/_cluster/health"; do
-    sleep 5
+# Comprobar variables de entorno requeridas
+required_env_vars=("IP_MAQUINA" "OPENSEARCH_INITIAL_ADMIN_PASSWORD")
+for var in "${required_env_vars[@]}"; do
+  if [[ -z "${!var}" ]]; then
+    log "ERROR: La variable de entorno $var debe estar definida."
+    exit 1
+  fi
 done
-echo "OpenSearch está disponible."
 
-# Configurar pipeline por defecto
-curl -XPUT "https://oglog-os.mytld:9200/_ingest/pipeline/simple_parse_pipeline" \
-    --cert /etc/opensearch/oglog-os.mytld.crt.pem \
-    --key /etc/opensearch/oglog-os.mytld.key.pem \
-    --cacert /etc/opensearch/ca.crt.pem \
-    -u "admin:$OPENSEARCH_INITIAL_ADMIN_PASSWORD" \
-    -H 'Content-Type: application/json' \
-    -d'
-{
-  "description": "Parse logs to extract http_code and desc, supporting various severity levels",
-  "processors": [
-    {
-      "script": {
-        "if": "ctx.syslog?.identifier != '\''ogboot'\''",
-        "source": "ctx.debug = '\''Skipped: identifier is '\'' + (ctx.syslog?.identifier ?: '\''undefined'\''); ctx.pipeline_stop = true;"
-      }
-    },
-    {
-      "set": {
-        "field": "debug",
-        "value": "Processed: identifier is ogboot"
-      }
-    },
-    {
-      "gsub": {
-        "field": "message",
-        "pattern": "^app\\.[A-Z]+: ",
-        "replacement": "",
-        "ignore_failure": true
-      }
-    },
-    {
-      "json": {
-        "field": "message",
-        "target_field": "parsed_message",
-        "ignore_failure": true
-      }
-    },
-    {
-      "set": {
-        "field": "http_code",
-        "value": "{{parsed_message.http_code}}",
-        "ignore_empty_value": true
-      }
-    },
-    {
-      "set": {
-        "field": "description",
-        "value": "{{parsed_message.desc}}",
-        "ignore_empty_value": true
-      }
-    }
-  ]
-}'
-echo "Pipeline simple_parse_pipeline configurado."
+# Validar la contraseña
+if [[ ${#OPENSEARCH_INITIAL_ADMIN_PASSWORD} -lt 12 || \
+  ! "$OPENSEARCH_INITIAL_ADMIN_PASSWORD" =~ [A-Z] || \
+  ! "$OPENSEARCH_INITIAL_ADMIN_PASSWORD" =~ [0-9] || \
+  ! "$OPENSEARCH_INITIAL_ADMIN_PASSWORD" =~ [^a-zA-Z0-9] ]]; then
+  log "ERROR: La contraseña OPENSEARCH_INITIAL_ADMIN_PASSWORD no cumple los requisitos."
+  exit 1
+fi
 
+# Actualizar /etc/hosts
+cat >> /etc/hosts <<EOF
+$IP_MAQUINA oglog-os.mytld oglog-osdb.mytld oglog-jb.mytld oglog-jrem.mytld oglog-prom.mytld oglog-graf.mytld
+EOF
 
-# Configurar systemd-journal-remote
-cp CA/certs/ca.crt.pem /etc/systemd/
-cp CA/certs/oglog-jrem.mytld.crt.pem /etc/systemd/
-cp CA/private/oglog-jrem.mytld.key.nopass.pem /etc/systemd/oglog-jrem.mytld.key.pem
-chown systemd-journal-remote:systemd-journal-remote /etc/systemd/oglog-jrem.mytld.crt.pem /etc/systemd/oglog-jrem.mytld.key.pem
-install --owner systemd-journal-remote --group systemd-journal-remote --mode 0750 --directory /var/log/journal/remote/
+# Añadir repositorios y claves GPG
+apt-get update
+apt-get install -y apt-transport-https software-properties-common wget curl
+
+# Grafana
+wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | tee /usr/share/keyrings/grafana.gpg > /dev/null
+echo "deb [signed-by=/usr/share/keyrings/grafana.gpg] https://apt.grafana.com stable main" | tee /etc/apt/sources.list.d/grafana.list
+
+# OpenSearch y OpenSearch Dashboards
+curl -fsSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --dearmor | tee /usr/share/keyrings/opensearch-keyring > /dev/null
+echo "deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/apt stable main" | tee /etc/apt/sources.list.d/opensearch.list
+echo "deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/2.x/apt stable main" | tee /etc/apt/sources.list.d/opensearch-dashboards.list
+
+apt-get update
+
+# Consolidar instalación de paquetes
+apt-get install -y ca-certificates gnupg2 lsb-release systemd-journal-remote \
+  prometheus grafana opensearch opensearch-dashboards
+
+# Instalación explícita de Journalbeat
+download_file() {
+  curl --retry 5 --connect-timeout 10 --max-time 60 -fL "$1" -o "$2" || {
+    log "Error descargando $1"
+    exit 1
+  }
+}
+
+JOURNALBEAT_URL="https://artifacts.elastic.co/downloads/beats/journalbeat/journalbeat-oss-7.12.1-amd64.deb"
+download_file "$JOURNALBEAT_URL" "/tmp/journalbeat.deb"
+dpkg -i /tmp/journalbeat.deb
+rm -f /tmp/journalbeat.deb
+
+# Gestión de certificados SSL
+declare -A CERT_SERVICES=(
+  [journalbeat]="oglog-jb.mytld"
+  [opensearch]="oglog-os.mytld"
+  [opensearch-dashboards]="oglog-osdb.mytld"
+  [prometheus]="oglog-prom.mytld"
+  [grafana]="oglog-graf.mytld"
+  [systemd]="oglog-jrem.mytld"
+)
+
+for service in "${!CERT_SERVICES[@]}"; do
+  domain="${CERT_SERVICES[$service]}"
+  cert_dir="/etc/$service"
+
+  mkdir -p "$cert_dir"
+  cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/${domain}.crt.pem" "$cert_dir/"
+  cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/private/${domain}.key.nopass.pem" "$cert_dir/${domain}.key.pem"
+
+  case "$service" in
+    opensearch) chown opensearch: "$cert_dir/"* ;;
+    opensearch-dashboards) chown opensearch-dashboards: "$cert_dir/"* ;;
+    prometheus) chown prometheus: "$cert_dir/"* ;;
+    grafana) chown grafana: "$cert_dir/"* ;;
+    systemd) chown systemd-journal-remote: "$cert_dir/"* ;;
+  esac
+done
+cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/ca.crt.pem" /etc/ssl/certs/
+
+# Configuración de systemd-journal-remote
 sed -i -e '/ServerKeyFile/        s%.*%ServerKeyFile=/etc/systemd/oglog-jrem.mytld.key.pem%'         /etc/systemd/journal-remote.conf
 sed -i -e '/ServerCertificateFile/s%.*%ServerCertificateFile=/etc/systemd/oglog-jrem.mytld.crt.pem%' /etc/systemd/journal-remote.conf
 sed -i -e '/TrustedCertificateFile/s%.*%TrustedCertificateFile=/etc/systemd/ca.crt.pem%'             /etc/systemd/journal-remote.conf
 systemctl enable --now systemd-journal-remote.service
 
-
-# Configurar Prometheus
-apt-get install -y prometheus
-cp CA/certs/oglog-prom.mytld.crt.pem          /etc/prometheus/
-cp CA/private/oglog-prom.mytld.key.nopass.pem /etc/prometheus/oglog-prom.mytld.key.pem
-chown prometheus:prometheus /etc/prometheus/oglog-prom.mytld.crt.pem /etc/prometheus/oglog-prom.mytld.key.pem
-cat >>/etc/prometheus/prometheus.yml <<EOF
-  - job_name: ogserver
-    static_configs:
-      - targets: ['ogserver.mytld:9100']
-
-  - job_name: ogagent
-    static_configs:
-      - targets: ['ogagent.mytld:9100']
-EOF
-
-cat >/etc/prometheus/web-config.yml <<EOF
-tls_server_config:
-  cert_file: /etc/prometheus/oglog-prom.mytld.crt.pem
-  key_file: /etc/prometheus/oglog-prom.mytld.key.pem
-EOF
-
-sed -i -e '/^ARGS/s%"$%--web.config.file=/etc/prometheus/web-config.yml"%' /etc/default/prometheus
-systemctl restart prometheus
-
-# Configurar Grafana
-# Prueba de conexión a la URL de la clave GPG
-echo "Verificando conectividad con https://apt.grafana.com/gpg.key..."
-curl -I --connect-timeout 10 --max-time 30 -s -o /dev/null --retry 5 https://apt.grafana.com/gpg.key
-
-if [[ $? -ne 0 ]]; then
-  echo "ERROR: No se puede conectar a https://apt.grafana.com/gpg.key. Verifica tu conexión a Internet o la disponibilidad del servidor."
-  exit 1
-fi
-curl --connect-timeout 10 --max-time 30 -s https://apt.grafana.com/gpg.key | gpg --dearmor > /etc/apt/keyrings/grafana.gpg
-echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" >/etc/apt/sources.list.d/grafana.list
-apt-get update
-apt-get install --yes grafana
-
-cp CA/certs/oglog-graf.mytld.crt.pem               /etc/grafana/
-cp CA/private/oglog-graf.mytld.key.nopass.pem      /etc/grafana/oglog-graf.mytld.key.pem
-chown grafana:grafana /etc/grafana/oglog-graf.mytld.crt.pem /etc/grafana/oglog-graf.mytld.key.pem
-
-
-# Descargar el dashboard
-echo "Descargando el dashboard"
-mkdir -p /etc/grafana/dashboards
-if curl -o /etc/grafana/dashboards/1860.json --connect-timeout 10 --max-time 30 --retry 5 https://grafana.com/api/dashboards/1860/revisions/37/download; then
-  echo "Dashboard descargado correctamente en /etc/grafana/dashboards/1860.json."
-else
-  echo "Error: No se pudo descargar el dashboard desde https://grafana.com/api/dashboards/1860/revisions/37/download."
-  exit 1
-fi
-
-# Configurar Grafana
-echo "Haciendo copia de seguridad del archivo de configuración original..."
-cp -a /etc/grafana/grafana.ini /etc/grafana/grafana.ini.dist
-
-echo "Configurando Grafana..."
-cat >/etc/grafana/grafana.ini <<EOF
-[server]
-protocol = https
-cert_file = /etc/grafana/oglog-graf.mytld.crt.pem
-cert_key = /etc/grafana/oglog-graf.mytld.key.pem
-
-[analytics]
-reporting_enabled = false
-check_for_updates = false
-check_for_plugin_updates = false
-
-[database]
-type = sqlite3
-path = /var/lib/grafana/grafana.db
-
-[auth]
-disable_login_form = false
-EOF
-
-# Configuración de datasource para Prometheus
-echo "Creando configuración de datasource para Prometheus..."
-mkdir -p /etc/grafana/provisioning/datasources
-cat >/etc/grafana/provisioning/datasources/prometheus.yaml <<EOF
-apiVersion: 1
-datasources:
-  - name: Prometheus
-    type: prometheus
-    access: proxy
-    url: https://oglog-prom.mytld:9090
-    isDefault: true
-EOF
-
-# Configuración de dashboards
-echo "Configurando dashboards..."
-mkdir -p /etc/grafana/provisioning/dashboards
-cat >/etc/grafana/provisioning/dashboards/dashboard.yaml <<EOF
-apiVersion: 1
-providers:
-  - name: 'default'
-    folder: ''
-    type: file
-    options:
-      path: /etc/grafana/dashboards
-EOF
-
-# Habilitar e iniciar el servicio de Grafana
-echo "Habilitando e iniciando Grafana..."
-systemctl enable --now grafana-server
-
-
-# Reiniciar los servicios
-systemctl restart journalbeat
-sleep 5
-sudo systemctl restart filebeat
-sleep 5
-systemctl restart opensearch
-sleep 5
-systemctl restart opensearch-dashboards
-sleep 5
-systemctl restart systemd-journal-remote
-sleep 5
-systemctl restart prometheus
-sleep 5
-systemctl restart grafana-server
-sleep 5
-
-# Verificar el estado de los servicios
-echo "Estado de journalbeat:"
-systemctl status journalbeat --no-pager
-
-echo "Estado de filebeat:"
-systemctl status filebeat --no-pager
-
-echo "Estado de opensearch:"
-systemctl status opensearch --no-pager
-
-echo "Estado de opensearch-dashboards:"
-systemctl status opensearch-dashboards --no-pager
-
-echo "Estado de systemd-journal-remote:"
-systemctl status systemd-journal-remote --no-pager
-
-echo "Estado de prometheus:"
-systemctl status prometheus --no-pager
-
-echo "Estado de grafana-server:"
-systemctl status grafana-server --no-pager
+log "Instalación finalizada: $(date)"