refs #1806 changes script import/export to accept entry parameters, adds openserach.yaml to import openserach datasources

etc/grafana/provisioning/datasources/opensearch.yaml

@@ -0,0 +1,27 @@
+# Configuración de provisioning de datasource OpenSearch
+apiVersion: 1
+datasources:
+  - name: OpenSearch
+    type: grafana-opensearch-datasource
+    uid: opensearch-ds
+    access: proxy
+    url: https://oglog-os.${SUBDOMAIN}:9200
+    basicAuth: true
+    basicAuthUser: admin
+    secureJsonData:
+      basicAuthPassword: ${OPENSEARCH_INITIAL_ADMIN_PASSWORD}
+      tlsCACert: |
+        ${TLS_CA_CERT}}
+      tlsClientCert: |
+        ${TLS_CLIENT_CERT}}
+      tlsClientKey: |
+        ${TLS_CLIENT_KEY}}
+    jsonData:
+      serverName: "oglog-os.${SUBDOMAIN}"
+      tlsAuth: true
+      tlsAuthWithCACert: true
+      timeField: "@timestamp"
+      database: "journalbeat-*"
+      flavor: "OpenSearch"
+      version: 2
+    editable: true

etc/grafana/resources/dashboards/Peticiones_nginx.json

@@ -61,7 +61,7 @@
       {
         "datasource": {
           "type": "grafana-opensearch-datasource",
-          "uid": "cehm2sg07ozcwc"
+          "uid": "opensearch-ds"
         },
         "fieldConfig": {
           "defaults": {
@@ -153,7 +153,7 @@
             ],
             "datasource": {
               "type": "grafana-opensearch-datasource",
-              "uid": "cehm2sg07ozcwc"
+              "uid": "opensearch-ds"
             },
             "format": "table",
             "luceneQueryType": "Metric",

etc/grafana/resources/datasources/datasources.json

@@ -1,36 +1,4 @@
 [
-  {
-    "id": 3,
-    "uid": "cehm2sg07ozcwc",
-    "orgId": 1,
-    "name": "grafana-opensearch-datasource",
-    "type": "grafana-opensearch-datasource",
-    "typeName": "OpenSearch",
-    "typeLogoUrl": "public/plugins/grafana-opensearch-datasource/img/logo.svg",
-    "access": "proxy",
-    "url": "https://oglog-os.${SUBDOMAIN}:9200",
-    "user": "",
-    "database": "",
-    "basicAuth": true,
-    "isDefault": false,
-    "jsonData": {
-      "database": "journalbeat-*",
-      "flavor": "opensearch",
-      "logLevelField": "",
-      "logMessageField": "",
-      "maxConcurrentShardRequests": 5,
-      "pplEnabled": true,
-      "serverName": "oglog-os.${SUBDOMAIN}",
-      "serverless": false,
-      "timeField": "@timestamp",
-      "tlsAuth": true,
-      "tlsAuthWithCACert": false,
-      "tlsSkipVerify": true,
-      "version": "1.0.0",
-      "versionLabel": "OpenSearch (compatibility mode)"
-    },
-    "readOnly": false
-  },
   {
     "id": 2,
     "uid": "dea978mh1bncwf",
@@ -42,7 +10,8 @@
     "access": "proxy",
     "url": "__OGCORE_IP__:3336",
     "user": "root",
-    "database": "",
+    "password": "root",
+    "database": "ogcore",
     "basicAuth": false,
     "isDefault": false,
     "jsonData": {

etc/journalbeat/journalbeat.yml

@@ -8,14 +8,14 @@ setup.template.settings:
   index.number_of_shards: 1
 
 output.elasticsearch:
-  hosts: ["https://oglog-os.{SUBDOMAIN}:9200"]
+  hosts: ["https://oglog-os.${SUBDOMAIN}:9200"]
   username: "admin"
   password: "${OPENSEARCH_INITIAL_ADMIN_PASSWORD}"
   protocol: "https"
   ssl.enabled: true
   ssl.verification_mode: full
   ssl.certificate: "/etc/journalbeat/oglog-jb.{SUBDOMAIN}.crt.pem"
-  ssl.key: "/etc/journalbeat/oglog-jb.{SUBDOMAIN}.key.pem"
+  ssl.key: "/etc/journalbeat/oglog-jb.${SUBDOMAIN}.key.pem"
 
 processors:
   - add_docker_metadata: ~

etc/opensearch/opensearch.yml

@@ -5,8 +5,8 @@ plugins.security.ssl.transport.pemkey_filepath: esnode-key.pem
 plugins.security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
 plugins.security.ssl.transport.enforce_hostname_verification: false
 plugins.security.ssl.http.enabled: true
-plugins.security.ssl.http.pemcert_filepath: oglog-os.{SUBDOMAIN}.crt.pem
+plugins.security.ssl.http.pemcert_filepath: oglog-os.${SUBDOMAIN}.crt.pem
-plugins.security.ssl.http.pemkey_filepath: oglog-os.{SUBDOMAIN}.key.pem
+plugins.security.ssl.http.pemkey_filepath: oglog-os.${SUBDOMAIN}.key.pem
 plugins.security.ssl.http.pemtrustedcas_filepath: ca.crt.pem
 plugins.security.allow_unsafe_democertificates: true
 plugins.security.allow_default_init_securityindex: true

script/export_grafana.sh

@@ -1,7 +1,8 @@
 #!/bin/bash
 
 # Variables
-GRAFANA_URL="https://oglog-graf.mytld:3000"
+#GRAFANA_URL="https://oglog-graf.mytld:3000"
+GRAFANA_URL=$1
 EXPORT_DIR="../etc/grafana/resources"
 TOKEN_FILE="./grafana_token.txt"
 # Comprobar que el token existe

script/import_grafana.sh

@@ -1,7 +1,8 @@
 #!/bin/bash
 
 # Variables
-GRAFANA_URL="https://oglog-graf.mytld:3000"
+#GRAFANA_URL="https://oglog-graf.mytld:3000"
+GRAFANA_URL=$1
 RESOURCE_DIR="../etc/grafana/resources"
 TOKEN_FILE="./grafana_token.txt"
 # Comprobar que el token existe

script/mkcerts.sh

@@ -84,7 +84,8 @@ CA_PASS_FILE="./ca-pass"
 echo "$CERT_PASS" >"$CA_PASS_FILE"
 chmod 0600 "$CA_PASS_FILE"
 openssl genrsa -aes256 -out private/ca.key.pem -passout file:"$CA_PASS_FILE" 4096
-openssl req -config openssl.cnf -key private/ca.key.pem -passin file:"$CA_PASS_FILE" -new -x509 -days 7300 -sha256 -subj "/C=ES/ST=Madrid/L=Madrid/CN=ca.$SUBDOMAIN.mytld" -out certs/ca.crt.pem
+openssl req -config openssl.cnf -key private/ca.key.pem -passin file:"$CA_PASS_FILE" -new -x509 -days 7300 -sha256 -subj "/C=ES/ST=Madrid/L=Madrid/CN=ca.$SUBDOMAIN" -out certs/ca.crt.pem
+
 
 ## Componentes a generar certificados
 # COMPONENTES y su correspondencia:

script/oglog_installer.sh

@@ -120,7 +120,7 @@ rm -f /tmp/filebeat.deb
 
 # Copiar configuraciones desde plantillas locales
 base_dir="$(dirname $(pwd))"
-./mkcerts.sh "$SUBDOMAIN" "$CERT_PASS"
+./mkcerts.sh "$SUBDOMAIN" "$OPENSEARCH_INITIAL_ADMIN_PASSWORD"
 log "Copiando configuraciones desde plantillas locales..."
 files_to_copy=(
   "journalbeat/journalbeat.yml"
@@ -204,6 +204,17 @@ curl -sS --connect-timeout 30 --max-time 120 --retry 3 \
     log "Error: Fallo al descargar el dashboard"
     exit 1
 }
+# Declarar variables para envsubst
+export TLS_CA_CERT=$(cat "$CA_DIR/certs/ca.crt.pem" | sed ':a;N;$!ba;s/\n/\\n/g')
+export TLS_CLIENT_CERT=$(cat "$CA_DIR/certs/$(get_cert_name os).crt.pem" | sed ':a;N;$!ba;s/\n/\\n/g')
+export TLS_CLIENT_KEY=$(cat "$CA_DIR/private/$(get_cert_name os).key.nopass.pem" | sed ':a;N;$!ba;s/\n/\\n/g')
+
+# Copiar configuración adicional para Grafana
+log "Copiando configuración adicional para Grafana..."
+additional_file="grafana/provisioning/datasources/opensearch.yaml"
+src="$base_dir/etc/$additional_file"
+dest="/etc/$additional_file"
+envsubst < "$src" > "$dest"
 
 
 services_to_restart=(
@@ -305,14 +316,18 @@ systemctl is-active journalbeat filebeat opensearch opensearch-dashboards promet
 log "Creando token para Grafana..."
 while IFS= read -r line; do
     log "$line"
-done < <(./setup_grafana_token.sh)
+done < <(./setup_grafana_token.sh "https://oglog-graf.${SUBDOMAIN}:3000" \
+    "/etc/grafana/oglog-graf.${SUBDOMAIN}.crt.pem" \
+    "/etc/grafana/oglog-graf.${SUBDOMAIN}.key.pem")
 
 sed -i "s/__OGCORE_IP__/${OGCORE_IP}/g" ../etc/grafana/resources/datasources/datasources.json 
 
 log "Importando configuracion en Grafana..."
 while IFS= read -r line; do
     log "$line"
-done < <(./import_grafana.sh)
+done < <(./import_grafana.sh "https://oglog-graf.${SUBDOMAIN}:3000")
+
+
 
 
 DURATION=$SECONDS

script/setup_grafana_token.sh

@@ -1,11 +1,14 @@
 #!/bin/bash
 
 # Variables
-GRAFANA_URL="https://oglog-graf.mytld:3000"
+#GRAFANA_URL="https://oglog-graf.mytld:3000"
+GRAFANA_URL=$1
 GRAFANA_USER="admin"
 GRAFANA_PASS="admin"
-CERT="/etc/grafana/oglog-graf.mytld.crt.pem"
+#CERT="/etc/grafana/oglog-graf.mytld.crt.pem"
-KEY="/etc/grafana/oglog-graf.mytld.key.pem"
+CERT=$2
+#KEY="/etc/grafana/oglog-graf.mytld.key.pem"
+KEY=$3
 SA_NAME="dashboard-exporter"
 TOKEN_NAME="dashboard-export-token"
 TOKEN_TTL=3600