refs #1718 add all other componentes in installer
parent
0770cb1265
commit
7a295580eb
163
script/script.sh
163
script/script.sh
|
|
@ -52,73 +52,130 @@ fi
|
|||
|
||||
# Actualizar /etc/hosts
|
||||
cat >> /etc/hosts <<EOF
|
||||
$IP_MAQUINA oglog-os.mytld oglog-osdb.mytld oglog-jb.mytld oglog-jrem.mytld oglog-prom.mytld oglog-graf.mytld
|
||||
$IP_MAQUINA oglog-os.mytld
|
||||
$IP_MAQUINA oglog-osdb.mytld
|
||||
$IP_MAQUINA oglog-jb.mytld
|
||||
$IP_MAQUINA oglog-jrem.mytld
|
||||
$IP_MAQUINA oglog-prom.mytld
|
||||
$IP_MAQUINA oglog-graf.mytld
|
||||
EOF
|
||||
|
||||
# Añadir repositorios y claves GPG
|
||||
# Instalación de paquetes necesarios
|
||||
apt-get update
|
||||
apt-get install -y apt-transport-https software-properties-common wget curl
|
||||
|
||||
# Grafana
|
||||
wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | tee /usr/share/keyrings/grafana.gpg > /dev/null
|
||||
echo "deb [signed-by=/usr/share/keyrings/grafana.gpg] https://apt.grafana.com stable main" | tee /etc/apt/sources.list.d/grafana.list
|
||||
|
||||
# OpenSearch y OpenSearch Dashboards
|
||||
curl -fsSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --dearmor | tee /usr/share/keyrings/opensearch-keyring > /dev/null
|
||||
echo "deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/apt stable main" | tee /etc/apt/sources.list.d/opensearch.list
|
||||
echo "deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/2.x/apt stable main" | tee /etc/apt/sources.list.d/opensearch-dashboards.list
|
||||
|
||||
apt-get update
|
||||
|
||||
# Consolidar instalación de paquetes
|
||||
apt-get install -y ca-certificates gnupg2 lsb-release systemd-journal-remote \
|
||||
prometheus grafana opensearch opensearch-dashboards
|
||||
|
||||
# Instalación explícita de Journalbeat
|
||||
download_file() {
|
||||
curl --retry 5 --connect-timeout 10 --max-time 60 -fL "$1" -o "$2" || {
|
||||
log "Error descargando $1"
|
||||
exit 1
|
||||
}
|
||||
}
|
||||
apt-get install -y apt-transport-https software-properties-common wget curl ca-certificates gnupg2 lsb-release systemd-journal-remote prometheus grafana opensearch opensearch-dashboards
|
||||
|
||||
# Instalación Journalbeat y Filebeat
|
||||
JOURNALBEAT_URL="https://artifacts.elastic.co/downloads/beats/journalbeat/journalbeat-oss-7.12.1-amd64.deb"
|
||||
download_file "$JOURNALBEAT_URL" "/tmp/journalbeat.deb"
|
||||
FILEBEAT_URL="https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-oss-7.12.1-amd64.deb"
|
||||
|
||||
curl -L "$JOURNALBEAT_URL" -o /tmp/journalbeat.deb
|
||||
dpkg -i /tmp/journalbeat.deb
|
||||
rm -f /tmp/journalbeat.deb
|
||||
|
||||
# Gestión de certificados SSL
|
||||
declare -A CERT_SERVICES=(
|
||||
[journalbeat]="oglog-jb.mytld"
|
||||
[opensearch]="oglog-os.mytld"
|
||||
[opensearch-dashboards]="oglog-osdb.mytld"
|
||||
[prometheus]="oglog-prom.mytld"
|
||||
[grafana]="oglog-graf.mytld"
|
||||
[systemd]="oglog-jrem.mytld"
|
||||
curl -L "$FILEBEAT_URL" -o /tmp/filebeat.deb
|
||||
dpkg -i /tmp/filebeat.deb
|
||||
rm -f /tmp/filebeat.deb
|
||||
|
||||
# Copiar configuraciones desde plantillas locales
|
||||
base_dir="$(dirname $(pwd))"
|
||||
|
||||
files_to_copy=(
|
||||
"journalbeat/journalbeat.yml"
|
||||
"filebeat/filebeat.yml"
|
||||
"opensearch/opensearch.yml"
|
||||
"opensearch-dashboards/opensearch_dashboards.yml"
|
||||
"prometheus/prometheus.yml"
|
||||
"prometheus/web-config.yml"
|
||||
"grafana/grafana.ini"
|
||||
"grafana/provisioning/datasources/prometheus.yaml"
|
||||
"grafana/provisioning/dashboards/dashboard.yaml"
|
||||
)
|
||||
|
||||
for service in "${!CERT_SERVICES[@]}"; do
|
||||
domain="${CERT_SERVICES[$service]}"
|
||||
cert_dir="/etc/$service"
|
||||
|
||||
mkdir -p "$cert_dir"
|
||||
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/${domain}.crt.pem" "$cert_dir/"
|
||||
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/private/${domain}.key.nopass.pem" "$cert_dir/${domain}.key.pem"
|
||||
|
||||
case "$service" in
|
||||
opensearch) chown opensearch: "$cert_dir/"* ;;
|
||||
opensearch-dashboards) chown opensearch-dashboards: "$cert_dir/"* ;;
|
||||
prometheus) chown prometheus: "$cert_dir/"* ;;
|
||||
grafana) chown grafana: "$cert_dir/"* ;;
|
||||
systemd) chown systemd-journal-remote: "$cert_dir/"* ;;
|
||||
esac
|
||||
for file in "${files_to_copy[@]}"; do
|
||||
src="$base_dir/etc/$file"
|
||||
dest="/etc/$file"
|
||||
mkdir -p "$(dirname "$dest")"
|
||||
cp "$src" "$dest"
|
||||
sed -i \
|
||||
-e "s/{{IP_MAQUINA}}/$IP_MAQUINA/g" \
|
||||
-e "s/{{OPENSEARCH_INITIAL_ADMIN_PASSWORD}}/$OPENSEARCH_INITIAL_ADMIN_PASSWORD/g" "$dest"
|
||||
done
|
||||
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/ca.crt.pem" /etc/ssl/certs/
|
||||
|
||||
# Configuración de systemd-journal-remote
|
||||
chown -R grafana:grafana /etc/grafana/provisioning
|
||||
|
||||
# Copiar certificados específicos
|
||||
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/ca.crt.pem" /etc/opensearch/
|
||||
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/oglog-os.mytld.crt.pem" /etc/opensearch/
|
||||
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/private/oglog-os.mytld.key.nopass.pem" /etc/opensearch/oglog-os.mytld.key.pem
|
||||
|
||||
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/oglog-osdb.mytld.crt.pem" /etc/opensearch-dashboards/
|
||||
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/private/oglog-osdb.mytld.key.nopass.pem" /etc/opensearch-dashboards/oglog-osdb.mytld.key.pem
|
||||
|
||||
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/ca.crt.pem" /etc/systemd/
|
||||
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/oglog-jrem.mytld.crt.pem" /etc/systemd/
|
||||
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/private/oglog-jrem.mytld.key.nopass.pem" /etc/systemd/oglog-jrem.mytld.key.pem
|
||||
|
||||
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/oglog-prom.mytld.crt.pem" /etc/prometheus/
|
||||
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/private/oglog-prom.mytld.key.nopass.pem" /etc/prometheus/oglog-prom.mytld.key.pem
|
||||
|
||||
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/oglog-graf.mytld.crt.pem" /etc/grafana/
|
||||
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/private/oglog-graf.mytld.key.nopass.pem" /etc/grafana/oglog-graf.mytld.key.pem
|
||||
|
||||
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/oglog-jb.mytld.crt.pem" /etc/journalbeat/
|
||||
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/private/oglog-jb.mytld.key.nopass.pem" /etc/journalbeat/oglog-jb.mytld.key.pem
|
||||
|
||||
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/ogagent-fb.mytld.crt.pem" /etc/filebeat/
|
||||
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/private/ogagent-fb.mytld.key.nopass.pem" /etc/filebeat/ogagent-fb.mytld.key.pem
|
||||
|
||||
cp CA/certs/ca.crt.pem /etc/ssl/certs/
|
||||
ln -s /etc/ssl/certs/ca.crt.pem /etc/ssl/certs/"$(openssl x509 -in /etc/ssl/certs/ca.crt.pem -hash -noout).0"
|
||||
|
||||
|
||||
# Permisos específicos
|
||||
chown opensearch:opensearch /etc/opensearch/*
|
||||
chown opensearch-dashboards:opensearch-dashboards /etc/opensearch-dashboards/*
|
||||
chown systemd-journal-remote:systemd-journal-remote /etc/systemd/oglog-jrem.mytld.*
|
||||
chown prometheus:prometheus /etc/prometheus/oglog-prom.mytld.*
|
||||
chown grafana:grafana /etc/grafana/oglog-graf.mytld.*
|
||||
|
||||
install -d -o systemd-journal-remote -g systemd-journal-remote -m 0750 /var/log/journal/remote
|
||||
sed -i -e '/ServerKeyFile/ s%.*%ServerKeyFile=/etc/systemd/oglog-jrem.mytld.key.pem%' /etc/systemd/journal-remote.conf
|
||||
sed -i -e '/ServerCertificateFile/s%.*%ServerCertificateFile=/etc/systemd/oglog-jrem.mytld.crt.pem%' /etc/systemd/journal-remote.conf
|
||||
sed -i -e '/TrustedCertificateFile/s%.*%TrustedCertificateFile=/etc/systemd/ca.crt.pem%' /etc/systemd/journal-remote.conf
|
||||
systemctl enable --now systemd-journal-remote.service
|
||||
sed -i -e '/^ARGS/s%"$% --web.config.file=/etc/prometheus/web-config.yml"%' /etc/default/prometheus
|
||||
|
||||
|
||||
log "Descargando dashboard de Grafana..."
|
||||
mkdir -p /etc/grafana/dashboards
|
||||
curl -sS --connect-timeout 30 --max-time 120 --retry 3 \
|
||||
-o /etc/grafana/dashboards/1860.json \
|
||||
https://grafana.com/api/dashboards/1860/revisions/37/download || {
|
||||
log "Error: Fallo al descargar el dashboard"
|
||||
exit 1
|
||||
}
|
||||
|
||||
|
||||
services_to_restart=(
|
||||
journalbeat
|
||||
filebeat
|
||||
opensearch
|
||||
opensearch-dashboards
|
||||
systemd-journal-remote
|
||||
prometheus
|
||||
grafana-server
|
||||
)
|
||||
|
||||
for service in "${services_to_restart[@]}"; do
|
||||
log "Reiniciando $service..."
|
||||
systemctl restart "$service"
|
||||
sleep 5
|
||||
done
|
||||
|
||||
# Después de los reinicios
|
||||
log "Verificación final de servicios:"
|
||||
systemctl is-active journalbeat filebeat opensearch opensearch-dashboards prometheus grafana-server
|
||||
|
||||
DURATION=$SECONDS
|
||||
|
||||
log "Tiempo total: $((DURATION / 60)) minutos y $((DURATION % 60)) segundos"
|
||||
log "Instalación finalizada: $(date)"
|
||||
|
|
|
|||
Loading…
Reference in New Issue