opengnsys
/
oglog
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

debian-package
Nicolas Arenas 2025-07-11 11:07:43 +02:00
parent 11a4236788
commit 288fc4beb1
8 changed files with 7 additions and 385 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
debian/oglog.config vendored
View File

@ -10,4 +10,4 @@ db_input high opengnsys/oglog_certificateAltNames || true
db_input high opengnsys/oglog_nodeExporterTargets || true
# Lanzar el diálogo con el usuario
db_go
db_go

6
debian/oglog.postinst vendored
View File

@ -248,6 +248,7 @@ create_opensearch_index() {
done
}
<<<<<<< HEAD
configure_prometheus() {
local PROMETHEUS_CONFIG="/etc/prometheus/prometheus.yml"
@ -269,6 +270,8 @@ EOF
done
}
=======
>>>>>>> 0282911 (Initial commit)
restart_services() {
echo "Restarting services..."
systemctl daemon-reload
@ -305,7 +308,10 @@ case $1 in
configure_opensearch_dashboards_certificates
configure_journalbeat_certificates
configure_grafana
<<<<<<< HEAD
configure_prometheus
=======
>>>>>>> 0282911 (Initial commit)
restart_services
sleep 5
echo "Creating OpenSearch index patterns and initial index..."

12
debian/oglog/DEBIAN/config vendored
View File

@ -1,12 +0,0 @@
#!/bin/bash
. /usr/share/debconf/confmodule
# Mostrar las preguntas al usuario en orden deseado
db_input high opengnsys/oglog_opensearchInitialPassword || true
db_input high opengnsys/oglog_ogCoreIp || true
db_input high opengnsys/oglog_ogLogIp || true
db_input high opengnsys/oglog_subdomain || true
db_input high opengnsys/oglog_certificateAltNames || true
# Lanzar el diálogo con el usuario
db_go

13
debian/oglog/DEBIAN/control vendored
View File

@ -1,13 +0,0 @@
Package: oglog
Version: 0.0.1-1
Architecture: amd64
Maintainer: Nicolas Arenas <narenas@qindel.com>
Installed-Size: 1521
Depends: debconf (>= 0.5) | debconf-2.0, opensearch, opensearch-dashboards, grafana, systemd-journal-remote, prometheus, journalbeat
Section: unknown
Priority: optional
Multi-Arch: foreign
Homepage: https://opengnsys.es
Description: auto-generated package by debmake
This Debian binary package was auto-generated by the
debmake(1) command provided by the debmake package.

27
debian/oglog/DEBIAN/md5sums vendored
View File

@ -1,27 +0,0 @@
b21eb22a15f70b9f4effb9c861a151ac opt/opengnsys/oglog/etc/filebeat/filebeat.yml
a1bca00a415f8e6ad671c9fc0e5aa599 opt/opengnsys/oglog/etc/grafana/dashboards/1860.json
fe48324bff332d3008b7ea20ef347c86 opt/opengnsys/oglog/etc/grafana/grafana.ini
5f30e6a73714660772795757730672a0 opt/opengnsys/oglog/etc/grafana/provisioning/alerting/alerts.yaml
6f792b6660385b5205bb88ec72017ff5 opt/opengnsys/oglog/etc/grafana/provisioning/alerting/contactpoint.yaml
e3e158174e4b0c887e3ebf8ab3270998 opt/opengnsys/oglog/etc/grafana/provisioning/dashboards/dashboard.yaml
210879070a80d49bc39325365568cfc2 opt/opengnsys/oglog/etc/grafana/provisioning/datasources/opensearch.yaml
c88702f9f323cb1c5769528af963d926 opt/opengnsys/oglog/etc/grafana/provisioning/datasources/prometheus.yaml
c9948ab4dcf48d6f964b7f5cb5a71b6e opt/opengnsys/oglog/etc/grafana/resources/alerts/alert-rules.json
c74acaaf45ab0129421e574020850d4d opt/opengnsys/oglog/etc/grafana/resources/dashboards/.json
61a25398ebaac88dc31463dcaaed53fc opt/opengnsys/oglog/etc/grafana/resources/dashboards/Estado_actual_de_los_clientes.json
111a7056ca200c19c3dfdc831462c7aa opt/opengnsys/oglog/etc/grafana/resources/dashboards/Node_Exporter_Full.json
83a8a06018e829535d16d477d8c0c1ad opt/opengnsys/oglog/etc/grafana/resources/dashboards/Peticiones_nginx.json
f683ca4a448cc6379d6f7ea0be4905d5 opt/opengnsys/oglog/etc/grafana/resources/dashboards/Traceo_y_comandos.json
d2b04ad33afe5f7817693c09fd028f58 opt/opengnsys/oglog/etc/grafana/resources/dashboards/Uso_de_IPs_de_subred.json
c74acaaf45ab0129421e574020850d4d opt/opengnsys/oglog/etc/grafana/resources/dashboards/null.json
b331b2d52722185ffe696134f2f21574 opt/opengnsys/oglog/etc/grafana/resources/datasources/datasources.json
bb9d630a4043ca40a02fc7d151def533 opt/opengnsys/oglog/etc/journalbeat/journalbeat.yml
6dfcc99992924abe469b3c37a5721a35 opt/opengnsys/oglog/etc/opensearch-dashboards/opensearch_dashboards.yml
f910f0079cac0a6c878001aa8d931cb6 opt/opengnsys/oglog/etc/opensearch-dashboards/saved_searches.ndjson
8265cff9992dbf2c247146a948ddc07b opt/opengnsys/oglog/etc/opensearch/opensearch.yml
9accc84d9ccdaf5dd7bb60ca69301bf1 opt/opengnsys/oglog/etc/opensearch/pipelines.json
91005de9a7933fc879fee2f8602a966e opt/opengnsys/oglog/etc/prometheus/prometheus.yml
b782a19c68d9f34cb55f907eba24bf97 opt/opengnsys/oglog/etc/prometheus/web-config.yml
8be54476ab923c429c20607c575a8878 usr/share/doc/oglog/README.Debian
91bbdf3919c8302a03cba3b728f55bc0 usr/share/doc/oglog/changelog.Debian.gz
26470036a67b744fed35f11a0c96fd2f usr/share/doc/oglog/copyright

299
debian/oglog/DEBIAN/postinst vendored
View File

@ -1,299 +0,0 @@
#!/bin/bash
set -e
. /usr/share/debconf/confmodule
## Load configuration does not matter if we are installing or upgrading
db_get opengnsys/oglog_opensearchInitialPassword
OPENSEARCH_INITIAL_ADMIN_PASSWORD="$RET"
db_get opengnsys/oglog_ogCoreIp
OGCORE_SERVER="$RET"
db_get opengnsys/oglog_ogLogIp
OGLOG_SERVER="$RET"
db_get opengnsys/oglog_subdomain
SUBDOMAIN="$RET"
db_get opengnsys/oglog_certificateAltNames
CERT_ALT_NAMES="$RET"
export OGCORE_SERVER
export OGLOG_SERVER
export SUBDOMAIN
export OPENSEARCH_INITIAL_ADMIN_PASSWORD
## Global variables
SSL_DIR="/opt/opengnsys/oglog/etc/certs"
backup_file() {
local FILE="$1"
if [ -f "$FILE" ]; then
local BACKUP_FILE="${FILE}.bak"
echo "Backing up $FILE to $BACKUP_FILE"
cp "$FILE" "$BACKUP_FILE"
else
echo "File $FILE does not exist, skipping backup."
fi
}
generate_demo_cert() {
local ALTNAMES="$1"
local KEY="$SSL_DIR/server.key"
local CERT="$SSL_DIR/server.crt"
local CN=oglog.local
mkdir -p "$SSL_DIR"
# Crear archivo san.cnf para OpenSSL
cat > "$SSL_DIR/san.cnf" <<EOF
[req]
distinguished_name=req_distinguished_name
x509_extensions=v3_req
prompt=no
[req_distinguished_name]
CN=$CN
[v3_req]
subjectAltName=@alt_names
[alt_names]
EOF
# Inicializar contadores
local dns_i=1
local ip_i=1
IFS=',' read -ra SAN_ENTRIES <<< "$ALTNAMES"
for entry in "${SAN_ENTRIES[@]}"; do
if [[ $entry =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "IP.$ip_i = $entry" >> "$SSL_DIR/san.cnf"
((ip_i++))
elif [[ $entry =~ ^[a-zA-Z0-9.-]+$ ]]; then
echo "DNS.$dns_i = $entry" >> "$SSL_DIR/san.cnf"
((dns_i++))
else
echo "Ignorado (formato inválido): $entry"
fi
done
# Generar certificado
openssl req -x509 -new -nodes -newkey rsa:2048 \
-keyout "$KEY" \
-out "$CERT" \
-days 365 \
-config "$SSL_DIR/san.cnf" \
-extensions v3_req
chmod 0644 "$KEY"
chmod 0644 "$CERT"
echo "Certificado generado con:"
echo " - CN=$CN"
echo " - SANs: $ALTNAMES"
}
update_etc_hosts() {
local CN="oglog.local"
local HOSTS_FILE="/etc/hosts"
# Si CN ya está en /etc/hosts, no hacemos nada
if grep -q "$CN" "$HOSTS_FILE"; then
echo "El CN '$CN' ya está en $HOSTS_FILE, no se requiere actualización."
return
fi
echo "Actualizando $HOSTS_FILE para incluir el CN '$CN'."
# Agregar CN a la entrada de localhost en /etc/hosts
sudo sed -i "/127.0.0.1/s/$/ $CN/" /etc/hosts
}
### Main script execution starts here ###
configure_file() {
SRC_PATH=$1
DEST_PATH=$2
if [ -f "$SRC_PATH" ]; then
DEST_DIR=$(dirname "$DEST_PATH")
mkdir -p "$DEST_DIR"
echo "Configuring $DEST_PATH from $SRC_PATH"
envsubst < "$SRC_PATH" > "$DEST_PATH"
chmod 644 "$DEST_PATH"
chown "$USER":"$GROUP" "$DEST_PATH"
else
echo "Source file $SRC_PATH does not exist, skipping configuration."
fi
}
configure_journal_remote() {
local CONFIG_FILE="/etc/systemd/journal-remote.conf"
local SSL_CERT="$SSL_DIR/server.crt"
local SSL_KEY="$SSL_DIR/server.key"
sed -i "s|^# *ServerCertificateFile=.*|ServerCertificateFile=${SSL_CERT}|" /etc/systemd/journal-remote.conf
sed -i "s|^# *ServerPrivateKeyFile=.*|ServerPrivateKeyFile=${SSL_KEY}|" /etc/systemd/journal-remote.conf
sed -i "s|^# *TrustedCertificateFile=.*|TrustedCertificateFile=all|" /etc/systemd/journal-remote.conf
}
configure_opensearch_certiticates() {
local DEST_CERTS_DIR="/etc/opensearch/certs"
mkdir -p "$DEST_CERTS_DIR"
cp "$SSL_DIR/server.crt" "$DEST_CERTS_DIR/server.crt"
cp "$SSL_DIR/server.key" "$DEST_CERTS_DIR/server.key"
chown opensearch:opensearch "$DEST_CERTS_DIR/server.crt"
chown opensearch:opensearch "$DEST_CERTS_DIR/server.key"
chmod 644 "$DEST_CERTS_DIR/server.crt"
chmod 600 "$DEST_CERTS_DIR/server.key"
}
configure_opensearch_dashboards_certificates() {
local DEST_CERTS_DIR="/etc/opensearch-dashboards/certs"
mkdir -p "$DEST_CERTS_DIR"
cp "$SSL_DIR/server.crt" "$DEST_CERTS_DIR/server.crt"
cp "$SSL_DIR/server.key" "$DEST_CERTS_DIR/server.key"
chown opensearch-dashboards:opensearch-dashboards "$DEST_CERTS_DIR/server.crt"
chown opensearch-dashboards:opensearch-dashboards "$DEST_CERTS_DIR/server.key"
chmod 644 "$DEST_CERTS_DIR/server.crt"
chmod 600 "$DEST_CERTS_DIR/server.key"
}
configure_journalbeat_certificates() {
local DEST_CERTS_DIR="/etc/journalbeat/certs"
mkdir -p "$DEST_CERTS_DIR"
cp "$SSL_DIR/server.crt" "$DEST_CERTS_DIR/server.crt"
cp "$SSL_DIR/server.key" "$DEST_CERTS_DIR/server.key"
chown root:root "$DEST_CERTS_DIR/server.crt"
chown root:root "$DEST_CERTS_DIR/server.key"
chmod 644 "$DEST_CERTS_DIR/server.crt"
chmod 600 "$DEST_CERTS_DIR/server.key"
}
configure_grafana(){
local BASE_DIR="/etc/grafana"
local TMPLATE_BASE_DIR="/opt/opengnsys/oglog/etc/grafana"
local OPENSEARCH_TMPL_FILE="$TMPLATE_BASE_DIR/provisioning/datasources/opensearch.yaml"
local OPENSEARCH_FILE="$BASE_DIR/provisioning/datasources/opensearch.yaml"
# Install OpenSearch datasource plugin if not already installed
if ! grafana-cli plugins ls | grep -q "grafana-opensearch-datasource"; then
echo "Installing OpenSearch datasource plugin for Grafana..."
grafana-cli plugins install grafana-opensearch-datasource
fi
envsubst < "$OPENSEARCH_TMPL_FILE" > "$OPENSEARCH_FILE"
chown grafana:grafana "$OPENSEARCH_FILE"
chmod 644 "$OPENSEARCH_FILE"
echo "Configuring Grafana with OpenSearch datasource at $OPENSEARCH_FILE"
}
create_opensearch_index() {
echo "Creating OpenSearch index patterns and initial index..."
echo "Creating OpenSearch index pattern filebeat-*"
curl --insecure -X POST "https://${OGLOG_SERVER}:9200/.kibana/_doc/index-pattern:filebeat-*" \
--user "admin:$OPENSEARCH_INITIAL_ADMIN_PASSWORD" \
--header 'Content-Type: application/json' \
--data '{
"type": "index-pattern",
"index-pattern": {
"title": "filebeat-*",
"timeFieldName": "@timestamp"
}
}'
echo $?
echo "Creating OpenSearch index pattern for journalbeat-*"
curl --insecure -X POST "https://${OGLOG_SERVER}:9200/.kibana/_doc/index-pattern:journalbeat-*" \
--user "admin:$OPENSEARCH_INITIAL_ADMIN_PASSWORD" \
--header 'Content-Type: application/json' \
--data '{
"type": "index-pattern",
"index-pattern": {
"title": "journalbeat-*",
"timeFieldName": "@timestamp"
}
}'
echo $?
echo "Creating OpenSearch index filebeat-000001"
curl --insecure -X PUT "https://${OGLOG_SERVER}:9200/filebeat-000001" \
--user "admin:$OPENSEARCH_INITIAL_ADMIN_PASSWORD" \
--header 'Content-Type: application/json' \
--data '{
"mappings": {
"properties": {
"@timestamp": { "type": "date" },
"message": { "type": "text" }
}
}
}'
echo $?
echo
## Import ingestion pipelines for opensearch
echo "Importing OpenSearch ingestion pipelines..."
jq -c 'to_entries[]' "/opt/opengnsys/oglog/etc/opensearch/pipelines.json" | while read -r entry
do
name=$(echo "$entry" | jq -r '.key')
body=$(echo "$entry" | jq -c '.value')
echo "Importing pipeline: $name"
curl --insecure -X PUT "https://${OGLOG_SERVER}:9200/_ingest/pipeline/$name" \
--user "admin:$OPENSEARCH_INITIAL_ADMIN_PASSWORD" \
--header "Content-Type: application/json" \
--data "$body"
echo
done
}
restart_services() {
echo "Restarting services..."
systemctl daemon-reload
systemctl restart opensearch
systemctl restart opensearch-dashboards
systemctl restart grafana-server
systemctl restart journalbeat
systemctl restart prometheus
systemctl restart systemd-journal-remote
}
case $1 in
configure)
PREV_VERSION="$2"
if [ -z "$PREV_VERSION" ]; then
# Instalación inicial
echo "No previous version found, running initial configuration."
backup_file "$SSL_DIR/server.key"
backup_file "$SSL_DIR/server.crt"
generate_demo_cert "$CERT_ALT_NAMES"
update_etc_hosts
configure_file "/opt/opengnsys/oglog/etc/grafana/grafana.ini" "/etc/grafana/grafana.ini" grafana grafana
configure_file "/opt/opengnsys/oglog/etc/grafana/provisioning/datasources/prometheus.yaml" "/etc/grafana/provisioning/datasources/prometheus.yaml" grafana grafana
configure_file "/opt/opengnsys/oglog/etc/grafana/provisioning/dashboards/dashboard.yaml" "/etc/grafana/provisioning/dashboards/dashboard.yaml" grafana grafana
configure_file "/opt/opengnsys/oglog/etc/grafana/provisioning/alerting/alerts.yaml" "/etc/grafana/provisioning/alerting/alerts.yaml" grafana grafana
configure_file "/opt/opengnsys/oglog/etc/grafana/provisioning/alerting/contactpoint.yaml" "/etc/grafana/provisioning/alerting/contactpoint.yaml" grafana grafana
configure_file "/opt/opengnsys/oglog/etc/journalbeat/journalbeat.yml" "/etc/journalbeat/journalbeat.yml" root root
configure_file "/opt/opengnsys/oglog/etc/opensearch/opensearch.yml" "/etc/opensearch/opensearch.yml" opensearch opensearch
configure_file "/opt/opengnsys/oglog/etc/opensearch-dashboards/opensearch_dashboards.yml" "/etc/opensearch-dashboards/opensearch_dashboards.yml" opensearch-dashboards opensearch-dashboards
configure_file "/opt/opengenys/oglog/etc/prometheus/prometheus.yml" "/etc/prometheus/prometheus.yml" root root
configure_file "/opt/opengnsys/oglog/etc/prometheus/web-config.yml" "/etc/prometheus/web-config.yml" root root
configure_journal_remote
configure_opensearch_certiticates
configure_opensearch_dashboards_certificates
configure_journalbeat_certificates
configure_grafana
restart_services
sleep 5
echo "Creating OpenSearch index patterns and initial index..."
create_opensearch_index
else
echo "Upgrading from version $PREV_VERSION."
# Perform upgrade actions here if needed
fi
;;
*)
echo "Unknown action: $1"
exit 1
;;
esac

8
debian/oglog/DEBIAN/postrm vendored
View File

@ -1,8 +0,0 @@
#!/bin/sh
set -e
# Automatically added by dh_installdebconf/13.14.1ubuntu5
if [ "$1" = purge ] && [ -e /usr/share/debconf/confmodule ]; then
. /usr/share/debconf/confmodule
db_purge
fi
# End automatically added section

25
debian/oglog/DEBIAN/templates vendored
View File

@ -1,25 +0,0 @@
Template: opengnsys/oglog_certificateAltNames
Type: string
Default: localhost
Description: Introduzca los nombres alternativos del certificado de OpenGNSys Log separados por comas
Template: opengnsys/oglog_opensearchInitialPassword
Type: password
Default: CorrectHorse_BatteryStaple1
Description: Introduzca la contraseña inicial de OpenSearch
Template: opengnsys/oglog_ogCoreIp
Type: string
Default: 127.0.0.1
Description: Introduzca la IP del servidor OpenGNSys Core
Template: opengnsys/oglog_ogLogIp
Type: string
Default: 127.0.0.1
Description: Introduzca la IP del servidor OpenGNSys Log
Template: opengnsys/oglog_subdomain
Type: string
Default: opengnsys
Description: Introduzca el subdominio para OpenGNSys Log