182 lines
6.4 KiB
Bash
182 lines
6.4 KiB
Bash
#!/bin/bash
|
|
|
|
set -e
|
|
|
|
LOGFILE="/tmp/oglog-install.log"
|
|
exec > >(tee -a "$LOGFILE") 2>&1
|
|
|
|
log() {
|
|
echo "$1" | tee -a "$LOGFILE"
|
|
}
|
|
|
|
log "Inicio de instalación: $(date)"
|
|
|
|
# Tamaño inicial del disco
|
|
log "Tamaño inicial del disco:"
|
|
df -h / | tee -a "$LOGFILE"
|
|
|
|
# Carga inicial de CPU
|
|
log "Carga inicial de CPU:"
|
|
uptime | tee -a "$LOGFILE"
|
|
|
|
# Inicio del cronómetro
|
|
SECONDS=0
|
|
|
|
# Montar servidor NFS
|
|
NFS_SERVER="ognartefactos.evlt.uma.es"
|
|
NFS_PATH="/"
|
|
LOCAL_MOUNT="/mnt"
|
|
|
|
if ! mountpoint -q "$LOCAL_MOUNT"; then
|
|
mkdir -p "$LOCAL_MOUNT"
|
|
mount -t nfs "$NFS_SERVER:$NFS_PATH" "$LOCAL_MOUNT"
|
|
fi
|
|
|
|
# Comprobar variables de entorno requeridas
|
|
required_env_vars=("IP_MAQUINA" "OPENSEARCH_INITIAL_ADMIN_PASSWORD")
|
|
for var in "${required_env_vars[@]}"; do
|
|
if [[ -z "${!var}" ]]; then
|
|
log "ERROR: La variable de entorno $var debe estar definida."
|
|
exit 1
|
|
fi
|
|
done
|
|
|
|
# Validar la contraseña
|
|
if [[ ${#OPENSEARCH_INITIAL_ADMIN_PASSWORD} -lt 12 || \
|
|
! "$OPENSEARCH_INITIAL_ADMIN_PASSWORD" =~ [A-Z] || \
|
|
! "$OPENSEARCH_INITIAL_ADMIN_PASSWORD" =~ [0-9] || \
|
|
! "$OPENSEARCH_INITIAL_ADMIN_PASSWORD" =~ [^a-zA-Z0-9] ]]; then
|
|
log "ERROR: La contraseña OPENSEARCH_INITIAL_ADMIN_PASSWORD no cumple los requisitos."
|
|
exit 1
|
|
fi
|
|
|
|
# Actualizar /etc/hosts
|
|
cat >> /etc/hosts <<EOF
|
|
$IP_MAQUINA oglog-os.mytld
|
|
$IP_MAQUINA oglog-osdb.mytld
|
|
$IP_MAQUINA oglog-jb.mytld
|
|
$IP_MAQUINA oglog-jrem.mytld
|
|
$IP_MAQUINA oglog-prom.mytld
|
|
$IP_MAQUINA oglog-graf.mytld
|
|
EOF
|
|
|
|
# Instalación de paquetes necesarios
|
|
apt-get update
|
|
apt-get install -y apt-transport-https software-properties-common wget curl ca-certificates gnupg2 lsb-release systemd-journal-remote prometheus grafana opensearch opensearch-dashboards
|
|
|
|
# Instalación Journalbeat y Filebeat
|
|
JOURNALBEAT_URL="https://artifacts.elastic.co/downloads/beats/journalbeat/journalbeat-oss-7.12.1-amd64.deb"
|
|
FILEBEAT_URL="https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-oss-7.12.1-amd64.deb"
|
|
|
|
curl -L "$JOURNALBEAT_URL" -o /tmp/journalbeat.deb
|
|
dpkg -i /tmp/journalbeat.deb
|
|
rm -f /tmp/journalbeat.deb
|
|
|
|
curl -L "$FILEBEAT_URL" -o /tmp/filebeat.deb
|
|
dpkg -i /tmp/filebeat.deb
|
|
rm -f /tmp/filebeat.deb
|
|
|
|
# Copiar configuraciones desde plantillas locales
|
|
base_dir="$(dirname $(pwd))"
|
|
|
|
files_to_copy=(
|
|
"journalbeat/journalbeat.yml"
|
|
"filebeat/filebeat.yml"
|
|
"opensearch/opensearch.yml"
|
|
"opensearch-dashboards/opensearch_dashboards.yml"
|
|
"prometheus/prometheus.yml"
|
|
"prometheus/web-config.yml"
|
|
"grafana/grafana.ini"
|
|
"grafana/provisioning/datasources/prometheus.yaml"
|
|
"grafana/provisioning/dashboards/dashboard.yaml"
|
|
)
|
|
|
|
for file in "${files_to_copy[@]}"; do
|
|
src="$base_dir/etc/$file"
|
|
dest="/etc/$file"
|
|
mkdir -p "$(dirname "$dest")"
|
|
cp "$src" "$dest"
|
|
sed -i \
|
|
-e "s/{{IP_MAQUINA}}/$IP_MAQUINA/g" \
|
|
-e "s/{{OPENSEARCH_INITIAL_ADMIN_PASSWORD}}/$OPENSEARCH_INITIAL_ADMIN_PASSWORD/g" "$dest"
|
|
done
|
|
|
|
chown -R grafana:grafana /etc/grafana/provisioning
|
|
|
|
# Copiar certificados específicos
|
|
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/ca.crt.pem" /etc/opensearch/
|
|
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/oglog-os.mytld.crt.pem" /etc/opensearch/
|
|
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/private/oglog-os.mytld.key.nopass.pem" /etc/opensearch/oglog-os.mytld.key.pem
|
|
|
|
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/oglog-osdb.mytld.crt.pem" /etc/opensearch-dashboards/
|
|
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/private/oglog-osdb.mytld.key.nopass.pem" /etc/opensearch-dashboards/oglog-osdb.mytld.key.pem
|
|
|
|
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/ca.crt.pem" /etc/systemd/
|
|
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/oglog-jrem.mytld.crt.pem" /etc/systemd/
|
|
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/private/oglog-jrem.mytld.key.nopass.pem" /etc/systemd/oglog-jrem.mytld.key.pem
|
|
|
|
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/oglog-prom.mytld.crt.pem" /etc/prometheus/
|
|
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/private/oglog-prom.mytld.key.nopass.pem" /etc/prometheus/oglog-prom.mytld.key.pem
|
|
|
|
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/oglog-graf.mytld.crt.pem" /etc/grafana/
|
|
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/private/oglog-graf.mytld.key.nopass.pem" /etc/grafana/oglog-graf.mytld.key.pem
|
|
|
|
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/oglog-jb.mytld.crt.pem" /etc/journalbeat/
|
|
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/private/oglog-jb.mytld.key.nopass.pem" /etc/journalbeat/oglog-jb.mytld.key.pem
|
|
|
|
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/certs/ogagent-fb.mytld.crt.pem" /etc/filebeat/
|
|
cp "$LOCAL_MOUNT/srv/artefactos/oglog/CA/private/ogagent-fb.mytld.key.nopass.pem" /etc/filebeat/ogagent-fb.mytld.key.pem
|
|
|
|
cp CA/certs/ca.crt.pem /etc/ssl/certs/
|
|
ln -s /etc/ssl/certs/ca.crt.pem /etc/ssl/certs/"$(openssl x509 -in /etc/ssl/certs/ca.crt.pem -hash -noout).0"
|
|
|
|
|
|
# Permisos específicos
|
|
chown opensearch:opensearch /etc/opensearch/*
|
|
chown opensearch-dashboards:opensearch-dashboards /etc/opensearch-dashboards/*
|
|
chown systemd-journal-remote:systemd-journal-remote /etc/systemd/oglog-jrem.mytld.*
|
|
chown prometheus:prometheus /etc/prometheus/oglog-prom.mytld.*
|
|
chown grafana:grafana /etc/grafana/oglog-graf.mytld.*
|
|
|
|
install -d -o systemd-journal-remote -g systemd-journal-remote -m 0750 /var/log/journal/remote
|
|
sed -i -e '/ServerKeyFile/ s%.*%ServerKeyFile=/etc/systemd/oglog-jrem.mytld.key.pem%' /etc/systemd/journal-remote.conf
|
|
sed -i -e '/ServerCertificateFile/s%.*%ServerCertificateFile=/etc/systemd/oglog-jrem.mytld.crt.pem%' /etc/systemd/journal-remote.conf
|
|
sed -i -e '/TrustedCertificateFile/s%.*%TrustedCertificateFile=/etc/systemd/ca.crt.pem%' /etc/systemd/journal-remote.conf
|
|
sed -i -e '/^ARGS/s%"$% --web.config.file=/etc/prometheus/web-config.yml"%' /etc/default/prometheus
|
|
|
|
|
|
log "Descargando dashboard de Grafana..."
|
|
mkdir -p /etc/grafana/dashboards
|
|
curl -sS --connect-timeout 30 --max-time 120 --retry 3 \
|
|
-o /etc/grafana/dashboards/1860.json \
|
|
https://grafana.com/api/dashboards/1860/revisions/37/download || {
|
|
log "Error: Fallo al descargar el dashboard"
|
|
exit 1
|
|
}
|
|
|
|
|
|
services_to_restart=(
|
|
journalbeat
|
|
filebeat
|
|
opensearch
|
|
opensearch-dashboards
|
|
systemd-journal-remote
|
|
prometheus
|
|
grafana-server
|
|
)
|
|
|
|
for service in "${services_to_restart[@]}"; do
|
|
log "Reiniciando $service..."
|
|
systemctl restart "$service"
|
|
sleep 5
|
|
done
|
|
|
|
# Después de los reinicios
|
|
log "Verificación final de servicios:"
|
|
systemctl is-active journalbeat filebeat opensearch opensearch-dashboards prometheus grafana-server
|
|
|
|
DURATION=$SECONDS
|
|
|
|
log "Tiempo total: $((DURATION / 60)) minutos y $((DURATION % 60)) segundos"
|
|
log "Instalación finalizada: $(date)"
|