125 lines
4.4 KiB
Bash
125 lines
4.4 KiB
Bash
#!/bin/bash
|
|
|
|
set -e
|
|
|
|
LOGFILE="/tmp/oglog-install.log"
|
|
exec > >(tee -a "$LOGFILE") 2>&1
|
|
|
|
log() {
|
|
echo "$1" | tee -a "$LOGFILE"
|
|
}
|
|
|
|
log "Inicio de instalación: $(date)"
|
|
|
|
# Tamaño inicial del disco
|
|
log "Tamaño inicial del disco:"
|
|
df -h / | tee -a "$LOGFILE"
|
|
|
|
# Carga inicial de CPU
|
|
log "Carga inicial de CPU:"
|
|
uptime | tee -a "$LOGFILE"
|
|
|
|
# Inicio del cronómetro
|
|
SECONDS=0
|
|
|
|
# Montar servidor NFS
|
|
NFS_SERVER="ognartefactos.evlt.uma.es"
|
|
NFS_PATH="/"
|
|
LOCAL_MOUNT="/mnt"
|
|
|
|
if ! mountpoint -q "$LOCAL_MOUNT"; then
|
|
mkdir -p "$LOCAL_MOUNT"
|
|
mount -t nfs "$NFS_SERVER:$NFS_PATH" "$LOCAL_MOUNT"
|
|
fi
|
|
|
|
# Comprobar variables de entorno requeridas
|
|
required_env_vars=("IP_MAQUINA" "OPENSEARCH_INITIAL_ADMIN_PASSWORD")
|
|
for var in "${required_env_vars[@]}"; do
|
|
if [[ -z "${!var}" ]]; then
|
|
log "ERROR: La variable de entorno $var debe estar definida."
|
|
exit 1
|
|
fi
|
|
done
|
|
|
|
# Validar la contraseña
|
|
if [[ ${#OPENSEARCH_INITIAL_ADMIN_PASSWORD} -lt 12 || \
|
|
! "$OPENSEARCH_INITIAL_ADMIN_PASSWORD" =~ [A-Z] || \
|
|
! "$OPENSEARCH_INITIAL_ADMIN_PASSWORD" =~ [0-9] || \
|
|
! "$OPENSEARCH_INITIAL_ADMIN_PASSWORD" =~ [^a-zA-Z0-9] ]]; then
|
|
log "ERROR: La contraseña OPENSEARCH_INITIAL_ADMIN_PASSWORD no cumple los requisitos."
|
|
exit 1
|
|
fi
|
|
|
|
# Actualizar /etc/hosts
|
|
cat >> /etc/hosts <<EOF
|
|
$IP_MAQUINA oglog-os.mytld oglog-osdb.mytld oglog-jb.mytld oglog-jrem.mytld oglog-prom.mytld oglog-graf.mytld
|
|
EOF
|
|
|
|
# Añadir repositorios y claves GPG
|
|
apt-get update
|
|
apt-get install -y apt-transport-https software-properties-common wget curl
|
|
|
|
# Grafana
|
|
wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | tee /usr/share/keyrings/grafana.gpg > /dev/null
|
|
echo "deb [signed-by=/usr/share/keyrings/grafana.gpg] https://apt.grafana.com stable main" | tee /etc/apt/sources.list.d/grafana.list
|
|
|
|
# OpenSearch y OpenSearch Dashboards
|
|
curl -fsSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --dearmor | tee /usr/share/keyrings/opensearch-keyring > /dev/null
|
|
echo "deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/apt stable main" | tee /etc/apt/sources.list.d/opensearch.list
|
|
echo "deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/2.x/apt stable main" | tee /etc/apt/sources.list.d/opensearch-dashboards.list
|
|
|
|
apt-get update
|
|
|
|
# Consolidar instalación de paquetes
|
|
apt-get install -y ca-certificates gnupg2 lsb-release systemd-journal-remote \
|
|
prometheus grafana opensearch opensearch-dashboards
|
|
|
|
# Instalación explícita de Journalbeat
|
|
download_file() {
|
|
curl --retry 5 --connect-timeout 10 --max-time 60 -fL "$1" -o "$2" || {
|
|
log "Error descargando $1"
|
|
exit 1
|
|
}
|
|
}
|
|
|
|
JOURNALBEAT_URL="https://artifacts.elastic.co/downloads/beats/journalbeat/journalbeat-oss-7.12.1-amd64.deb"
|
|
download_file "$JOURNALBEAT_URL" "/tmp/journalbeat.deb"
|
|
dpkg -i /tmp/journalbeat.deb
|
|
rm -f /tmp/journalbeat.deb
|
|
|
|
# Gestión de certificados SSL
|
|
declare -A CERT_SERVICES=(
|
|
[journalbeat]="oglog-jb.mytld"
|
|
[opensearch]="oglog-os.mytld"
|
|
[opensearch-dashboards]="oglog-osdb.mytld"
|
|
[prometheus]="oglog-prom.mytld"
|
|
[grafana]="oglog-graf.mytld"
|
|
[systemd]="oglog-jrem.mytld"
|
|
)
|
|
|
|
for service in "${!CERT_SERVICES[@]}"; do
|
|
domain="${CERT_SERVICES[$service]}"
|
|
cert_dir="/etc/$service"
|
|
|
|
mkdir -p "$cert_dir"
|
|
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/${domain}.crt.pem" "$cert_dir/"
|
|
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/private/${domain}.key.nopass.pem" "$cert_dir/${domain}.key.pem"
|
|
|
|
case "$service" in
|
|
opensearch) chown opensearch: "$cert_dir/"* ;;
|
|
opensearch-dashboards) chown opensearch-dashboards: "$cert_dir/"* ;;
|
|
prometheus) chown prometheus: "$cert_dir/"* ;;
|
|
grafana) chown grafana: "$cert_dir/"* ;;
|
|
systemd) chown systemd-journal-remote: "$cert_dir/"* ;;
|
|
esac
|
|
done
|
|
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/ca.crt.pem" /etc/ssl/certs/
|
|
|
|
# Configuración de systemd-journal-remote
|
|
sed -i -e '/ServerKeyFile/ s%.*%ServerKeyFile=/etc/systemd/oglog-jrem.mytld.key.pem%' /etc/systemd/journal-remote.conf
|
|
sed -i -e '/ServerCertificateFile/s%.*%ServerCertificateFile=/etc/systemd/oglog-jrem.mytld.crt.pem%' /etc/systemd/journal-remote.conf
|
|
sed -i -e '/TrustedCertificateFile/s%.*%TrustedCertificateFile=/etc/systemd/ca.crt.pem%' /etc/systemd/journal-remote.conf
|
|
systemctl enable --now systemd-journal-remote.service
|
|
|
|
log "Instalación finalizada: $(date)"
|