opengnsys
/
oglog
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
oglog/debian/oglog.postinst

300 lines
10 KiB
Bash
Raw Blame History

#!/bin/bash
set -e
. /usr/share/debconf/confmodule
## Load configuration does not matter if we are installing or upgrading
db_get opengnsys/oglog_opensearchInitialPassword
OPENSEARCH_INITIAL_ADMIN_PASSWORD="$RET"
db_get opengnsys/oglog_ogCoreIp
OGCORE_SERVER="$RET"
db_get opengnsys/oglog_ogLogIp
OGLOG_SERVER="$RET"
db_get opengnsys/oglog_subdomain
SUBDOMAIN="$RET"
db_get opengnsys/oglog_certificateAltNames
CERT_ALT_NAMES="$RET"
export OGCORE_SERVER
export OGLOG_SERVER
export SUBDOMAIN
export OPENSEARCH_INITIAL_ADMIN_PASSWORD
## Global variables
SSL_DIR="/opt/opengnsys/oglog/etc/certs"
backup_file() {
local FILE="$1"
if [ -f "$FILE" ]; then
local BACKUP_FILE="${FILE}.bak"
echo "Backing up $FILE to $BACKUP_FILE"
cp "$FILE" "$BACKUP_FILE"
else
echo "File $FILE does not exist, skipping backup."
fi
}
generate_demo_cert() {
local ALTNAMES="$1"
local KEY="$SSL_DIR/server.key"
local CERT="$SSL_DIR/server.crt"
local CN=oglog.local
mkdir -p "$SSL_DIR"
# Crear archivo san.cnf para OpenSSL
cat > "$SSL_DIR/san.cnf" <<EOF
[req]
distinguished_name=req_distinguished_name
x509_extensions=v3_req
prompt=no
[req_distinguished_name]
CN=$CN
[v3_req]
subjectAltName=@alt_names
[alt_names]
EOF
# Inicializar contadores
local dns_i=1
local ip_i=1
IFS=',' read -ra SAN_ENTRIES <<< "$ALTNAMES"
for entry in "${SAN_ENTRIES[@]}"; do
if [[ $entry =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "IP.$ip_i = $entry" >> "$SSL_DIR/san.cnf"
((ip_i++))
elif [[ $entry =~ ^[a-zA-Z0-9.-]+$ ]]; then
echo "DNS.$dns_i = $entry" >> "$SSL_DIR/san.cnf"
((dns_i++))
else
echo "Ignorado (formato inválido): $entry"
fi
done
# Generar certificado
openssl req -x509 -new -nodes -newkey rsa:2048 \
-keyout "$KEY" \
-out "$CERT" \
-days 365 \
-config "$SSL_DIR/san.cnf" \
-extensions v3_req
chmod 0644 "$KEY"
chmod 0644 "$CERT"
echo "Certificado generado con:"
echo " - CN=$CN"
echo " - SANs: $ALTNAMES"
}
update_etc_hosts() {
local CN="oglog.local"
local HOSTS_FILE="/etc/hosts"
# Si CN ya está en /etc/hosts, no hacemos nada
if grep -q "$CN" "$HOSTS_FILE"; then
echo "El CN '$CN' ya está en $HOSTS_FILE, no se requiere actualización."
return
fi
echo "Actualizando $HOSTS_FILE para incluir el CN '$CN'."
# Agregar CN a la entrada de localhost en /etc/hosts
sudo sed -i "/127.0.0.1/s/$/ $CN/" /etc/hosts
}
### Main script execution starts here ###
configure_file() {
SRC_PATH=$1
DEST_PATH=$2
if [ -f "$SRC_PATH" ]; then
DEST_DIR=$(dirname "$DEST_PATH")
mkdir -p "$DEST_DIR"
echo "Configuring $DEST_PATH from $SRC_PATH"
envsubst < "$SRC_PATH" > "$DEST_PATH"
chmod 644 "$DEST_PATH"
chown "$USER":"$GROUP" "$DEST_PATH"
else
echo "Source file $SRC_PATH does not exist, skipping configuration."
fi
}
configure_journal_remote() {
local CONFIG_FILE="/etc/systemd/journal-remote.conf"
local SSL_CERT="$SSL_DIR/server.crt"
local SSL_KEY="$SSL_DIR/server.key"
sed -i "s|^# *ServerCertificateFile=.*|ServerCertificateFile=${SSL_CERT}|" /etc/systemd/journal-remote.conf
sed -i "s|^# *ServerPrivateKeyFile=.*|ServerPrivateKeyFile=${SSL_KEY}|" /etc/systemd/journal-remote.conf
sed -i "s|^# *TrustedCertificateFile=.*|TrustedCertificateFile=all|" /etc/systemd/journal-remote.conf
}
configure_opensearch_certiticates() {
local DEST_CERTS_DIR="/etc/opensearch/certs"
mkdir -p "$DEST_CERTS_DIR"
cp "$SSL_DIR/server.crt" "$DEST_CERTS_DIR/server.crt"
cp "$SSL_DIR/server.key" "$DEST_CERTS_DIR/server.key"
chown opensearch:opensearch "$DEST_CERTS_DIR/server.crt"
chown opensearch:opensearch "$DEST_CERTS_DIR/server.key"
chmod 644 "$DEST_CERTS_DIR/server.crt"
chmod 600 "$DEST_CERTS_DIR/server.key"
}
configure_opensearch_dashboards_certificates() {
local DEST_CERTS_DIR="/etc/opensearch-dashboards/certs"
mkdir -p "$DEST_CERTS_DIR"
cp "$SSL_DIR/server.crt" "$DEST_CERTS_DIR/server.crt"
cp "$SSL_DIR/server.key" "$DEST_CERTS_DIR/server.key"
chown opensearch-dashboards:opensearch-dashboards "$DEST_CERTS_DIR/server.crt"
chown opensearch-dashboards:opensearch-dashboards "$DEST_CERTS_DIR/server.key"
chmod 644 "$DEST_CERTS_DIR/server.crt"
chmod 600 "$DEST_CERTS_DIR/server.key"
}
configure_journalbeat_certificates() {
local DEST_CERTS_DIR="/etc/journalbeat/certs"
mkdir -p "$DEST_CERTS_DIR"
cp "$SSL_DIR/server.crt" "$DEST_CERTS_DIR/server.crt"
cp "$SSL_DIR/server.key" "$DEST_CERTS_DIR/server.key"
chown root:root "$DEST_CERTS_DIR/server.crt"
chown root:root "$DEST_CERTS_DIR/server.key"
chmod 644 "$DEST_CERTS_DIR/server.crt"
chmod 600 "$DEST_CERTS_DIR/server.key"
}
configure_grafana(){
local BASE_DIR="/etc/grafana"
local TMPLATE_BASE_DIR="/opt/opengnsys/oglog/etc/grafana"
local OPENSEARCH_TMPL_FILE="$TMPLATE_BASE_DIR/provisioning/datasources/opensearch.yaml"
local OPENSEARCH_FILE="$BASE_DIR/provisioning/datasources/opensearch.yaml"
# Install OpenSearch datasource plugin if not already installed
if ! grafana-cli plugins ls | grep -q "grafana-opensearch-datasource"; then
echo "Installing OpenSearch datasource plugin for Grafana..."
grafana-cli plugins install grafana-opensearch-datasource
fi
envsubst < "$OPENSEARCH_TMPL_FILE" > "$OPENSEARCH_FILE"
chown grafana:grafana "$OPENSEARCH_FILE"
chmod 644 "$OPENSEARCH_FILE"
echo "Configuring Grafana with OpenSearch datasource at $OPENSEARCH_FILE"
}
create_opensearch_index() {
echo "Creating OpenSearch index patterns and initial index..."
echo "Creating OpenSearch index pattern filebeat-*"
curl --insecure -X POST "https://${OGLOG_SERVER}:9200/.kibana/_doc/index-pattern:filebeat-*" \
--user "admin:$OPENSEARCH_INITIAL_ADMIN_PASSWORD" \
--header 'Content-Type: application/json' \
--data '{
"type": "index-pattern",
"index-pattern": {
"title": "filebeat-*",
"timeFieldName": "@timestamp"
}
}'
echo $?
echo "Creating OpenSearch index pattern for journalbeat-*"
curl --insecure -X POST "https://${OGLOG_SERVER}:9200/.kibana/_doc/index-pattern:journalbeat-*" \
--user "admin:$OPENSEARCH_INITIAL_ADMIN_PASSWORD" \
--header 'Content-Type: application/json' \
--data '{
"type": "index-pattern",
"index-pattern": {
"title": "journalbeat-*",
"timeFieldName": "@timestamp"
}
}'
echo $?
echo "Creating OpenSearch index filebeat-000001"
curl --insecure -X PUT "https://${OGLOG_SERVER}:9200/filebeat-000001" \
--user "admin:$OPENSEARCH_INITIAL_ADMIN_PASSWORD" \
--header 'Content-Type: application/json' \
--data '{
"mappings": {
"properties": {
"@timestamp": { "type": "date" },
"message": { "type": "text" }
}
}
}'
echo $?
echo
## Import ingestion pipelines for opensearch
echo "Importing OpenSearch ingestion pipelines..."
jq -c 'to_entries[]' "/opt/opengnsys/oglog/etc/opensearch/pipelines.json" | while read -r entry
do
name=$(echo "$entry" | jq -r '.key')
body=$(echo "$entry" | jq -c '.value')
echo "Importing pipeline: $name"
curl --insecure -X PUT "https://${OGLOG_SERVER}:9200/_ingest/pipeline/$name" \
--user "admin:$OPENSEARCH_INITIAL_ADMIN_PASSWORD" \
--header "Content-Type: application/json" \
--data "$body"
echo
done
}
restart_services() {
echo "Restarting services..."
systemctl daemon-reload
systemctl restart opensearch
systemctl restart opensearch-dashboards
systemctl restart grafana-server
systemctl restart journalbeat
systemctl restart prometheus
systemctl restart systemd-journal-remote
}
case $1 in
configure)
PREV_VERSION="$2"
if [ -z "$PREV_VERSION" ]; then
# Instalación inicial
echo "No previous version found, running initial configuration."
backup_file "$SSL_DIR/server.key"
backup_file "$SSL_DIR/server.crt"
generate_demo_cert "$CERT_ALT_NAMES"
update_etc_hosts
configure_file "/opt/opengnsys/oglog/etc/grafana/grafana.ini" "/etc/grafana/grafana.ini" grafana grafana
configure_file "/opt/opengnsys/oglog/etc/grafana/provisioning/datasources/prometheus.yaml" "/etc/grafana/provisioning/datasources/prometheus.yaml" grafana grafana
configure_file "/opt/opengnsys/oglog/etc/grafana/provisioning/dashboards/dashboard.yaml" "/etc/grafana/provisioning/dashboards/dashboard.yaml" grafana grafana
configure_file "/opt/opengnsys/oglog/etc/grafana/provisioning/alerting/alerts.yaml" "/etc/grafana/provisioning/alerting/alerts.yaml" grafana grafana
configure_file "/opt/opengnsys/oglog/etc/grafana/provisioning/alerting/contactpoint.yaml" "/etc/grafana/provisioning/alerting/contactpoint.yaml" grafana grafana
configure_file "/opt/opengnsys/oglog/etc/journalbeat/journalbeat.yml" "/etc/journalbeat/journalbeat.yml" root root
configure_file "/opt/opengnsys/oglog/etc/opensearch/opensearch.yml" "/etc/opensearch/opensearch.yml" opensearch opensearch
configure_file "/opt/opengnsys/oglog/etc/opensearch-dashboards/opensearch_dashboards.yml" "/etc/opensearch-dashboards/opensearch_dashboards.yml" opensearch-dashboards opensearch-dashboards
configure_file "/opt/opengenys/oglog/etc/prometheus/prometheus.yml" "/etc/prometheus/prometheus.yml" root root
configure_file "/opt/opengnsys/oglog/etc/prometheus/web-config.yml" "/etc/prometheus/web-config.yml" root root
configure_journal_remote
configure_opensearch_certiticates
configure_opensearch_dashboards_certificates
configure_journalbeat_certificates
configure_grafana
restart_services
sleep 5
echo "Creating OpenSearch index patterns and initial index..."
create_opensearch_index
else
echo "Upgrading from version $PREV_VERSION."
# Perform upgrade actions here if needed
fi
;;
*)
echo "Unknown action: $1"
exit 1
;;
esac
Reference in New Issue View Git Blame Copy Permalink