From eee03c37eef44d03facd69755bec5bd36a8edc6f Mon Sep 17 00:00:00 2001
From: Dawris <dpilar@qindel.com>
Date: Tue, 10 Dec 2024 12:29:32 +0100
Subject: [PATCH] Cambios script.sh y journal-upload.sh

---
 script/journal-upload.sh | 57 ++++++++++++++++++++++++++++++++++++++++
 script/script.sh         | 24 ++++++++++++++---
 2 files changed, 78 insertions(+), 3 deletions(-)
 create mode 100755 script/journal-upload.sh

diff --git a/script/journal-upload.sh b/script/journal-upload.sh
new file mode 100755
index 0000000..5e4bdb9
--- /dev/null
+++ b/script/journal-upload.sh
@@ -0,0 +1,57 @@
+#!/bin/bash
+
+set -e  # Detener el script si ocurre un error
+
+# Verificar que la variable de entorno IP_SERVER esté configurada
+if [[ -z "$IP_SERVER" ]]; then
+  echo "ERROR: La variable de entorno IP_SERVER no está configurada."
+  echo "Por favor, exporta IP_SERVER antes de ejecutar este script."
+  exit 1
+fi
+
+echo "Actualizando paquetes e instalando dependencias..."
+apt-get update
+apt-get -y install \
+  prometheus-node-exporter \
+  systemd-journal-remote
+
+echo "Configurando TLS y copiando certificados..."
+
+# Copiar el certificado de la CA a /etc/ssl/certs/
+cp CA/certs/ca.crt.pem /etc/ssl/certs/
+
+# Crear un enlace simbólico para el certificado de la CA
+ln -sf /etc/ssl/certs/ca.crt.pem /etc/ssl/certs/$(openssl x509 -in /etc/ssl/certs/ca.crt.pem -hash -noout).0
+
+# Copiar los certificados del servidor
+cp CA/certs/ogserver.mytld.crt.pem /etc/ssl/certs/
+cp CA/private/ogserver.mytld.key.nopass.pem /etc/ssl/private/ogserver.mytld.key.pem
+
+# Asegurar permisos en los archivos de certificados
+chmod 600 /etc/ssl/private/ogserver.mytld.key.pem
+chown root:root /etc/ssl/private/ogserver.mytld.key.pem
+
+echo "Configurando systemd-journal-upload..."
+
+# Modificar el archivo de unidad para que el servicio se ejecute como root
+sed -i -e '/DynamicUser/s/.*/DynamicUser=no/' /usr/lib/systemd/system/systemd-journal-upload.service
+sed -i -e '/User/       s/.*/User=root/'      /usr/lib/systemd/system/systemd-journal-upload.service
+
+# Recargar los servicios de systemd para aplicar los cambios
+systemctl daemon-reload
+
+# Configurar el archivo de configuración de systemd-journal-upload
+sed -i -e '/URL/                   s%.*%URL=https://oglog-jrem.mytld:19532%'                          /etc/systemd/journal-upload.conf
+sed -i -e '/ServerKeyFile/         s%.*%ServerKeyFile=/etc/ssl/private/ogserver.mytld.key.pem%'       /etc/systemd/journal-upload.conf
+sed -i -e '/ServerCertificateFile/ s%.*%ServerCertificateFile=/etc/ssl/certs/ogserver.mytld.crt.pem%' /etc/systemd/journal-upload.conf
+sed -i -e '/TrustedCertificateFile/s%.*%TrustedCertificateFile=/etc/ssl/certs/ca.crt.pem%'            /etc/systemd/journal-upload.conf
+
+# Habilitar e iniciar el servicio
+echo "Habilitando y arrancando systemd-journal-upload..."
+systemctl enable --now systemd-journal-upload
+
+# Verificar el estado del servicio
+systemctl status systemd-journal-upload --no-pager
+
+echo "Configuración completada con éxito. Los logs se están enviando al servidor remoto."
+
diff --git a/script/script.sh b/script/script.sh
index 914120b..f62d519 100755
--- a/script/script.sh
+++ b/script/script.sh
@@ -51,7 +51,7 @@ chown opensearch:opensearch /etc/opensearch/{ca.crt.pem,oglog-os.mytld.crt.pem,o
 
 cp CA/certs/oglog-osdb.mytld.crt.pem /etc/opensearch-dashboards/
 cp CA/private/oglog-osdb.mytld.key.nopass.pem /etc/opensearch-dashboards/oglog-osdb.mytld.key.pem
-chown opensearch-dashboards:opensearch-dashboards /etc/opensearch-dashboards/oglog-osdb.mytld.crt.pem /etc/opensearch-dashboards/oglog-osdb.key.pem
+chown opensearch-dashboards:opensearch-dashboards /etc/opensearch-dashboards/oglog-osdb.mytld.crt.pem /etc/opensearch-dashboards/oglog-osdb.mytld.key.pem
 
 sed -i -e '/^plugins.security.ssl.http.pemcert_filepath:/      s/: .*/: oglog-os.mytld.crt.pem/'  /etc/opensearch/opensearch.yml
 sed -i -e '/^plugins.security.ssl.http.pemkey_filepath:/       s/: .*/: oglog-os.mytld.key.pem/'  /etc/opensearch/opensearch.yml
@@ -121,7 +121,17 @@ sed -i -e '/^ARGS/s%"$%--web.config.file=/etc/prometheus/web-config.yml"%' /etc/
 systemctl restart prometheus
 
 # Configurar Journalbeat
-wget https://artifacts.elastic.co/downloads/beats/journalbeat/journalbeat-oss-7.12.1-amd64.deb -P /tmp/
+
+# Verificar si la URL es accesible
+curl -I --connect-timeout 10 --max-time 30 "https://artifacts.elastic.co/downloads/beats/journalbeat/journalbeat-oss-7.12.1-amd64.deb" -o /dev/null -s
+if [[ $? -ne 0 ]]; then
+  echo "ERROR: No se puede resolver la URL. Verifica tu conexión a Internet o la disponibilidad del servidor."
+  exit 1  # Detener el script
+fi
+
+echo "La URL es accesible. Continuando..."
+
+curl --connect-timeout 10 --max-time 60 -L -o /tmp/journalbeat-oss-7.12.1-amd64.deb https://artifacts.elastic.co/downloads/beats/journalbeat/journalbeat-oss-7.12.1-amd64.deb
 dpkg -i /tmp/journalbeat-oss-7.12.1-amd64.deb
 cp CA/certs/oglog-jb.mytld.crt.pem          /etc/journalbeat/
 cp CA/private/oglog-jb.mytld.key.nopass.pem /etc/journalbeat/oglog-jb.mytld.key.pem
@@ -154,7 +164,15 @@ EOF
 systemctl enable --now journalbeat
 
 # Configurar Grafana
-wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor >/etc/apt/keyrings/grafana.gpg
+# Prueba de conexión a la URL de la clave GPG
+echo "Verificando conectividad con https://apt.grafana.com/gpg.key..."
+curl -I --connect-timeout 10 --max-time 30 -s -o /dev/null https://apt.grafana.com/gpg.key
+
+if [[ $? -ne 0 ]]; then
+  echo "ERROR: No se puede conectar a https://apt.grafana.com/gpg.key. Verifica tu conexión a Internet o la disponibilidad del servidor."
+  exit 1
+fi
+curl --connect-timeout 10 --max-time 30 -s https://apt.grafana.com/gpg.key | gpg --dearmor > /etc/apt/keyrings/grafana.gpg
 echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" >/etc/apt/sources.list.d/grafana.list
 apt-get update
 apt-get install --yes grafana