#!/bin/bash set -e LOGFILE="/tmp/oglog-install.log" exec > >(tee -a "$LOGFILE") 2>&1 log() { echo "$1" | tee -a "$LOGFILE" } log "Inicio de instalación: $(date)" # Tamaño inicial del disco log "Tamaño inicial del disco:" df -h / | tee -a "$LOGFILE" # Carga inicial de CPU log "Carga inicial de CPU:" uptime | tee -a "$LOGFILE" # Inicio del cronómetro SECONDS=0 # Montar servidor NFS NFS_SERVER="ognartefactos.evlt.uma.es" NFS_PATH="/" LOCAL_MOUNT="/mnt" if ! mountpoint -q "$LOCAL_MOUNT"; then mkdir -p "$LOCAL_MOUNT" mount -t nfs "$NFS_SERVER:$NFS_PATH" "$LOCAL_MOUNT" fi # Comprobar variables de entorno requeridas required_env_vars=("IP_MAQUINA" "OPENSEARCH_INITIAL_ADMIN_PASSWORD") for var in "${required_env_vars[@]}"; do if [[ -z "${!var}" ]]; then log "ERROR: La variable de entorno $var debe estar definida." exit 1 fi done # Validar la contraseña if [[ ${#OPENSEARCH_INITIAL_ADMIN_PASSWORD} -lt 12 || \ ! "$OPENSEARCH_INITIAL_ADMIN_PASSWORD" =~ [A-Z] || \ ! "$OPENSEARCH_INITIAL_ADMIN_PASSWORD" =~ [0-9] || \ ! "$OPENSEARCH_INITIAL_ADMIN_PASSWORD" =~ [^a-zA-Z0-9] ]]; then log "ERROR: La contraseña OPENSEARCH_INITIAL_ADMIN_PASSWORD no cumple los requisitos." exit 1 fi # Actualizar /etc/hosts cat >> /etc/hosts < /dev/null echo "deb [signed-by=/usr/share/keyrings/grafana.gpg] https://apt.grafana.com stable main" | tee /etc/apt/sources.list.d/grafana.list # OpenSearch y OpenSearch Dashboards curl -fsSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --dearmor | tee /usr/share/keyrings/opensearch-keyring > /dev/null echo "deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/apt stable main" | tee /etc/apt/sources.list.d/opensearch.list echo "deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/2.x/apt stable main" | tee /etc/apt/sources.list.d/opensearch-dashboards.list apt-get update # Consolidar instalación de paquetes apt-get install -y ca-certificates gnupg2 lsb-release systemd-journal-remote \ prometheus grafana opensearch opensearch-dashboards # Instalación explícita de Journalbeat download_file() { curl --retry 5 --connect-timeout 10 --max-time 60 -fL "$1" -o "$2" || { log "Error descargando $1" exit 1 } } JOURNALBEAT_URL="https://artifacts.elastic.co/downloads/beats/journalbeat/journalbeat-oss-7.12.1-amd64.deb" download_file "$JOURNALBEAT_URL" "/tmp/journalbeat.deb" dpkg -i /tmp/journalbeat.deb rm -f /tmp/journalbeat.deb # Gestión de certificados SSL declare -A CERT_SERVICES=( [journalbeat]="oglog-jb.mytld" [opensearch]="oglog-os.mytld" [opensearch-dashboards]="oglog-osdb.mytld" [prometheus]="oglog-prom.mytld" [grafana]="oglog-graf.mytld" [systemd]="oglog-jrem.mytld" ) for service in "${!CERT_SERVICES[@]}"; do domain="${CERT_SERVICES[$service]}" cert_dir="/etc/$service" mkdir -p "$cert_dir" cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/${domain}.crt.pem" "$cert_dir/" cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/private/${domain}.key.nopass.pem" "$cert_dir/${domain}.key.pem" case "$service" in opensearch) chown opensearch: "$cert_dir/"* ;; opensearch-dashboards) chown opensearch-dashboards: "$cert_dir/"* ;; prometheus) chown prometheus: "$cert_dir/"* ;; grafana) chown grafana: "$cert_dir/"* ;; systemd) chown systemd-journal-remote: "$cert_dir/"* ;; esac done cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/ca.crt.pem" /etc/ssl/certs/ # Configuración de systemd-journal-remote sed -i -e '/ServerKeyFile/ s%.*%ServerKeyFile=/etc/systemd/oglog-jrem.mytld.key.pem%' /etc/systemd/journal-remote.conf sed -i -e '/ServerCertificateFile/s%.*%ServerCertificateFile=/etc/systemd/oglog-jrem.mytld.crt.pem%' /etc/systemd/journal-remote.conf sed -i -e '/TrustedCertificateFile/s%.*%TrustedCertificateFile=/etc/systemd/ca.crt.pem%' /etc/systemd/journal-remote.conf systemctl enable --now systemd-journal-remote.service log "Instalación finalizada: $(date)"