diff --git a/script/script.sh b/script/script.sh index 113cb3e..6d032a6 100755 --- a/script/script.sh +++ b/script/script.sh @@ -52,73 +52,130 @@ fi # Actualizar /etc/hosts cat >> /etc/hosts < /dev/null -echo "deb [signed-by=/usr/share/keyrings/grafana.gpg] https://apt.grafana.com stable main" | tee /etc/apt/sources.list.d/grafana.list - -# OpenSearch y OpenSearch Dashboards -curl -fsSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --dearmor | tee /usr/share/keyrings/opensearch-keyring > /dev/null -echo "deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/apt stable main" | tee /etc/apt/sources.list.d/opensearch.list -echo "deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/2.x/apt stable main" | tee /etc/apt/sources.list.d/opensearch-dashboards.list - -apt-get update - -# Consolidar instalación de paquetes -apt-get install -y ca-certificates gnupg2 lsb-release systemd-journal-remote \ - prometheus grafana opensearch opensearch-dashboards - -# Instalación explícita de Journalbeat -download_file() { - curl --retry 5 --connect-timeout 10 --max-time 60 -fL "$1" -o "$2" || { - log "Error descargando $1" - exit 1 - } -} +apt-get install -y apt-transport-https software-properties-common wget curl ca-certificates gnupg2 lsb-release systemd-journal-remote prometheus grafana opensearch opensearch-dashboards +# Instalación Journalbeat y Filebeat JOURNALBEAT_URL="https://artifacts.elastic.co/downloads/beats/journalbeat/journalbeat-oss-7.12.1-amd64.deb" -download_file "$JOURNALBEAT_URL" "/tmp/journalbeat.deb" +FILEBEAT_URL="https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-oss-7.12.1-amd64.deb" + +curl -L "$JOURNALBEAT_URL" -o /tmp/journalbeat.deb dpkg -i /tmp/journalbeat.deb rm -f /tmp/journalbeat.deb -# Gestión de certificados SSL -declare -A CERT_SERVICES=( - [journalbeat]="oglog-jb.mytld" - [opensearch]="oglog-os.mytld" - [opensearch-dashboards]="oglog-osdb.mytld" - [prometheus]="oglog-prom.mytld" - [grafana]="oglog-graf.mytld" - [systemd]="oglog-jrem.mytld" +curl -L "$FILEBEAT_URL" -o /tmp/filebeat.deb +dpkg -i /tmp/filebeat.deb +rm -f /tmp/filebeat.deb + +# Copiar configuraciones desde plantillas locales +base_dir="$(dirname $(pwd))" + +files_to_copy=( + "journalbeat/journalbeat.yml" + "filebeat/filebeat.yml" + "opensearch/opensearch.yml" + "opensearch-dashboards/opensearch_dashboards.yml" + "prometheus/prometheus.yml" + "prometheus/web-config.yml" + "grafana/grafana.ini" + "grafana/provisioning/datasources/prometheus.yaml" + "grafana/provisioning/dashboards/dashboard.yaml" ) -for service in "${!CERT_SERVICES[@]}"; do - domain="${CERT_SERVICES[$service]}" - cert_dir="/etc/$service" - - mkdir -p "$cert_dir" - cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/${domain}.crt.pem" "$cert_dir/" - cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/private/${domain}.key.nopass.pem" "$cert_dir/${domain}.key.pem" - - case "$service" in - opensearch) chown opensearch: "$cert_dir/"* ;; - opensearch-dashboards) chown opensearch-dashboards: "$cert_dir/"* ;; - prometheus) chown prometheus: "$cert_dir/"* ;; - grafana) chown grafana: "$cert_dir/"* ;; - systemd) chown systemd-journal-remote: "$cert_dir/"* ;; - esac +for file in "${files_to_copy[@]}"; do + src="$base_dir/etc/$file" + dest="/etc/$file" + mkdir -p "$(dirname "$dest")" + cp "$src" "$dest" + sed -i \ + -e "s/{{IP_MAQUINA}}/$IP_MAQUINA/g" \ + -e "s/{{OPENSEARCH_INITIAL_ADMIN_PASSWORD}}/$OPENSEARCH_INITIAL_ADMIN_PASSWORD/g" "$dest" done -cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/ca.crt.pem" /etc/ssl/certs/ -# Configuración de systemd-journal-remote -sed -i -e '/ServerKeyFile/ s%.*%ServerKeyFile=/etc/systemd/oglog-jrem.mytld.key.pem%' /etc/systemd/journal-remote.conf +chown -R grafana:grafana /etc/grafana/provisioning + +# Copiar certificados específicos +cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/ca.crt.pem" /etc/opensearch/ +cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/oglog-os.mytld.crt.pem" /etc/opensearch/ +cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/private/oglog-os.mytld.key.nopass.pem" /etc/opensearch/oglog-os.mytld.key.pem + +cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/oglog-osdb.mytld.crt.pem" /etc/opensearch-dashboards/ +cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/private/oglog-osdb.mytld.key.nopass.pem" /etc/opensearch-dashboards/oglog-osdb.mytld.key.pem + +cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/ca.crt.pem" /etc/systemd/ +cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/oglog-jrem.mytld.crt.pem" /etc/systemd/ +cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/private/oglog-jrem.mytld.key.nopass.pem" /etc/systemd/oglog-jrem.mytld.key.pem + +cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/oglog-prom.mytld.crt.pem" /etc/prometheus/ +cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/private/oglog-prom.mytld.key.nopass.pem" /etc/prometheus/oglog-prom.mytld.key.pem + +cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/oglog-graf.mytld.crt.pem" /etc/grafana/ +cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/private/oglog-graf.mytld.key.nopass.pem" /etc/grafana/oglog-graf.mytld.key.pem + +cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/oglog-jb.mytld.crt.pem" /etc/journalbeat/ +cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/private/oglog-jb.mytld.key.nopass.pem" /etc/journalbeat/oglog-jb.mytld.key.pem + +cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/ogagent-fb.mytld.crt.pem" /etc/filebeat/ +cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/private/ogagent-fb.mytld.key.nopass.pem" /etc/filebeat/ogagent-fb.mytld.key.pem + +cp CA/certs/ca.crt.pem /etc/ssl/certs/ +ln -s /etc/ssl/certs/ca.crt.pem /etc/ssl/certs/"$(openssl x509 -in /etc/ssl/certs/ca.crt.pem -hash -noout).0" + + +# Permisos específicos +chown opensearch:opensearch /etc/opensearch/* +chown opensearch-dashboards:opensearch-dashboards /etc/opensearch-dashboards/* +chown systemd-journal-remote:systemd-journal-remote /etc/systemd/oglog-jrem.mytld.* +chown prometheus:prometheus /etc/prometheus/oglog-prom.mytld.* +chown grafana:grafana /etc/grafana/oglog-graf.mytld.* + +install -d -o systemd-journal-remote -g systemd-journal-remote -m 0750 /var/log/journal/remote +sed -i -e '/ServerKeyFile/ s%.*%ServerKeyFile=/etc/systemd/oglog-jrem.mytld.key.pem%' /etc/systemd/journal-remote.conf sed -i -e '/ServerCertificateFile/s%.*%ServerCertificateFile=/etc/systemd/oglog-jrem.mytld.crt.pem%' /etc/systemd/journal-remote.conf -sed -i -e '/TrustedCertificateFile/s%.*%TrustedCertificateFile=/etc/systemd/ca.crt.pem%' /etc/systemd/journal-remote.conf -systemctl enable --now systemd-journal-remote.service +sed -i -e '/TrustedCertificateFile/s%.*%TrustedCertificateFile=/etc/systemd/ca.crt.pem%' /etc/systemd/journal-remote.conf +sed -i -e '/^ARGS/s%"$% --web.config.file=/etc/prometheus/web-config.yml"%' /etc/default/prometheus + +log "Descargando dashboard de Grafana..." +mkdir -p /etc/grafana/dashboards +curl -sS --connect-timeout 30 --max-time 120 --retry 3 \ + -o /etc/grafana/dashboards/1860.json \ + https://grafana.com/api/dashboards/1860/revisions/37/download || { + log "Error: Fallo al descargar el dashboard" + exit 1 +} + + +services_to_restart=( + journalbeat + filebeat + opensearch + opensearch-dashboards + systemd-journal-remote + prometheus + grafana-server +) + +for service in "${services_to_restart[@]}"; do + log "Reiniciando $service..." + systemctl restart "$service" + sleep 5 +done + +# Después de los reinicios +log "Verificación final de servicios:" +systemctl is-active journalbeat filebeat opensearch opensearch-dashboards prometheus grafana-server + +DURATION=$SECONDS + +log "Tiempo total: $((DURATION / 60)) minutos y $((DURATION % 60)) segundos" log "Instalación finalizada: $(date)"