/
start.sh
executable file
·338 lines (313 loc) · 13.2 KB
/
start.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
#!/bin/bash
DEFAULT_GELF_OUTPUT_HOST="localhost"
DEFAULT_GELF_OUTPUT_PORT="12202"
DEFAULT_GELF_OUTPUT_PROTOCOL="tcp"
DEFAULT_GELF_OUTPUT_TLS="true"
DEFAULT_GELF_OUTPUT_TCP_RETRY="0"
DEFAULT_OUTPUT_PLUGIN="gelf"
DEFAULT_KAFKA_BROKER_HOST="localhost"
DEFAULT_KAFKA_BROKER_PORT="9092"
DEFAULT_KAFKA_TOPIC_ID="graylog"
DEFAULT_KAFKA_WORKERS="1"
LOGSTASH_CONFIGURATION_FOLDER="/etc/logstash/conf.d"
LOGSTASH_CONFIGURATION_FILE="/etc/logstash/conf.d/logstash.conf"
LOGSTASH_CONFIGURATION_FILE_TEMPLATE="/opt/logstash.conf"
LOGSTASH_CONFIGURATION_FOLDER_TEMPLATE="/opt/conf.d"
LOGSTASH_CONFIGURATION_FILE_TMP="/tmp/logstash.conf"
LOGSTASH_ROOT="/opt/logstash"
LOGSTASH_USER="logstash"
LOGSTASH_GROUP="logstash"
LOGSTASH_HOME="/var/lib/logstash"
if [ -z "${LS_HEAP_SIZE}" ]; then
LS_HEAP_SIZE="1000m"
fi
LOGSTASH_LOG_FOLDER="/var/log/logstash"
LOGSTASH_LOG_FILE="${LOGSTASH_LOG_FOLDER}/logstash.log"
LOGSTASH_NICE="9"
if [ -z "${LOGSTASH_START_OPTIONS}" ]; then
LOGSTASH_START_OPTIONS=""
fi
download_config() {
local config_url="$1"
local config_dir="$2"
cd "${config_dir}" \
&& curl -Os "${config_url}" \
|| { echo "failed to download config $config_url" ; exit 1 ; }
}
download_tar() {
local config_url="$1"
local config_dir="$2"
pushd "${config_dir}" > /dev/null
curl -SL "${config_url}" \
| tar -xC "${config_dir}" --strip-components=1 \
|| { echo "failed to download tar $config_url" ; exit 1 ; }
popd > /dev/null
}
download_git() {
local config_url="$1"
local config_dir="$2"
pushd "$(dirname ${config_dir})" > /dev/null
git clone "${config_url}" "$(basename ${config_dir})" \
|| { echo "failed to git clone $config_url" ; exit 1 ; }
popd > /dev/null
}
main_config() {
if [ -n "${LOGSTASH_CONFIG_URL}" ] ; then
case "${LOGSTASH_CONFIG_URL}" in
*.conf)
download_config "${LOGSTASH_CONFIG_URL}" "${LOGSTASH_CONFIGURATION_FOLDER}"
;;
*.tar|*.tar.gz|*.tgz|*.tar.bz2|*.tar.xz)
download_tar "${LOGSTASH_CONFIG_URL}" "${LOGSTASH_CONFIGURATION_FOLDER}"
;;
*.git)
download_git "${LOGSTASH_CONFIG_URL}" "${LOGSTASH_CONFIGURATION_FOLDER}"
;;
*)
echo "ERROR no extension file supported for: ${LOGSTASH_CONFIG_URL}"
exit 1
;;
esac
else
if [ "${SKIP_CONFIG}" != "1" ] ; then
logstash_config
fi
fi
}
logstash_config() {
if [ -z "${OUTPUT_PLUGIN}" ] ; then
echo "WARNING no environmnet variable OUTPUT_PLUGIN is define. Use\"${DEFAULT_OUTPUT_PLUGIN}\" by default."
export OUTPUT_PLUGIN="${DEFAULT_OUTPUT_PLUGIN}"
fi
if [ "x$BYPASS" != "x1" ] ; then
if [ "${OUTPUT_PLUGIN}" == "kafka" ] ; then
if [ -z "${KAFKA_BROKER_HOST}" ] ; then
echo "WARNING no environmnet variable KAFKA_BROKER_HOST is define. Use \"${DEFAULT_KAFKA_BROKER_HOST}\" by default."
export KAFKA_BROKER_HOST="${DEFAULT_KAFKA_BROKER_HOST}"
fi
if [ -z "${KAFKA_BROKER_PORT}" ] ; then
echo "WARNING no environmnet variable KAFKA_BROKER_PORT is define. Use \"${DEFAULT_KAFKA_BROKER_PORT}\" by default."
export KAFKA_BROKER_PORT="${DEFAULT_KAFKA_BROKER_PORT}"
fi
if [ -z "${KAFKA_TOPIC_ID}" ] ; then
echo "WARNING no environmnet variable KAFKA_TOPIC_ID is define. Use \"${DEFAULT_KAFKA_TOPIC_ID}\" by default."
export KAFKA_TOPIC_ID="${DEFAULT_KAFKA_TOPIC_ID}"
fi
if [ -z "${KAFKA_WORKERS}" ] ; then
export KAFKA_WORKERS="${DEFAULT_KAFKA_WORKERS}"
fi
elif [ "${OUTPUT_PLUGIN}" == "none" ] ; then
echo "WARNING no OUTPUT_PLUGIN selected."
else
if [ -z "${GELF_OUTPUT_HOST}" ] ; then
echo "WARNING no environmnet variable GELF_OUTPUT_HOST is define. Use \"${DEFAULT_GELF_OUTPUT_HOST}\" by default."
export GELF_OUTPUT_HOST="${DEFAULT_GELF_OUTPUT_HOST}"
fi
if [ -z "${GELF_OUTPUT_PORT}" ] ; then
echo "WARNING no environmnet variable GELF_OUTPUT_PORT is define. Use \"${DEFAULT_GELF_OUTPUT_PORT}\" by default."
export GELF_OUTPUT_PORT="${DEFAULT_GELF_OUTPUT_PORT}"
fi
if [ -z "${GELF_OUTPUT_PROTOCOL}" ] ; then
echo "WARNING no environmnet variable GELF_OUTPUT_PROTOCOL is define. Use \"${DEFAULT_GELF_OUTPUT_PROTOCOL}\" by default."
export GELF_OUTPUT_PROTOCOL="${DEFAULT_GELF_OUTPUT_PROTOCOL}"
fi
if [ -z "${GELF_OUTPUT_TLS}" ] ; then
echo "WARNING no environmnet variable GELF_OUTPUT_TLS is define. Use \"${DEFAULT_GELF_OUTPUT_TLS}\" by default."
export GELF_OUTPUT_TLS="${DEFAULT_GELF_OUTPUT_TLS}"
fi
if [ -z "${GELF_OUTPUT_TCP_RETRY}" ] ; then
echo "WARNING no environmnet variable GELF_OUTPUT_TCP_RETRY is define. Use \"${DEFAULT_GELF_OUTPUT_TCP_RETRY}\" by default."
export GELF_OUTPUT_TCP_RETRY="${DEFAULT_GELF_OUTPUT_TCP_RETRY}"
fi
if [ "${GELF_OUTPUT_PROTOCOL}" == "udp" -a "${GELF_OUTPUT_TLS}" != "false" ] ; then
echo "ERROR UDP protocol does not support TLS encryption method."
exit 1
fi
fi
if [ -z "${GELF_STATIC_FIELDS}" ] ; then
echo "WARNING no environmnet variable GELF_STATIC_FIELDS is define!"
#if [ ! -f ${LOGSTASH_CONFIGURATION_FILE} ] ; then
# echo "ERROR no previous configuration file found, exiting!"
# echo "Please set GELF_STATIC_FIELDS environmnet variable to your container, to generate a configuration file."
# exit 1
#fi
fi
if [ -n "${TIMEZONE}" ] ; then
echo ${TIMEZONE} >/etc/timezone && dpkg-reconfigure --frontend noninteractive tzdata
fi
if [ -n "${GELF_STATIC_FIELDS}" ] ; then
OLDIFS=$IFS
IFS=","
GELF_STATIC_FIELDS_ARRAY=($GELF_STATIC_FIELDS)
IFS=$OLDIFS
for (( i=0; i<${#GELF_STATIC_FIELDS_ARRAY[@]}; i++ ))
do
GELF_STATIC_FIELDS_CONTEXT=$( echo ${GELF_STATIC_FIELDS_ARRAY[$i]}| cut -d ':' -f 1)
GELF_STATIC_FIELDS_VALUE=$( echo ${GELF_STATIC_FIELDS_ARRAY[$i]}| cut -d ':' -f 2-)
field+=(" add_field => [ \"${GELF_STATIC_FIELDS_CONTEXT}\", \"${GELF_STATIC_FIELDS_VALUE}\" ]\\n")
done
fi
if [ "${OUTPUT_PLUGIN}" == "kafka" ] ; then
output+=(" kafka {\\n")
# output+=(" codec => gelf { custom_fields => [ 'testing', 'logstash' ] }\\n")
output+=(" codec => gelf {}\\n")
output+=(" broker_list => \"${KAFKA_BROKER_HOST}:${KAFKA_BROKER_PORT}\"\\n")
output+=(" topic_id => \"${KAFKA_TOPIC_ID}\"\\n")
output+=(" workers => \"${KAFKA_WORKERS}\"\\n")
for VAR in `env`
do
if [[ $VAR =~ ^KAFKA_ && ! $VAR =~ ^KAFKA_HOME \
&& ! $VAR =~ ^KAFKA_TOPIC_ID \
&& ! $VAR =~ ^KAFKA_WORKERS \
&& ! $VAR =~ ^KAFKA_BROKER_HOST \
&& ! $VAR =~ ^KAFKA_BROKER_PORT ]]; then
logstash_kafka_param=`echo "$VAR" | sed -r "s/KAFKA_(.*)=.*/\1/g" | tr '[:upper:]' '[:lower:]'`
env_var=`echo "$VAR" | sed -r "s/(.*)=.*/\1/g"`
output+=(" $logstash_kafka_param => \"${!env_var}\" \\n")
fi
done
output+=(" }\\n")
elif [ "${OUTPUT_PLUGIN}" == "none" ] ; then
touch /tmp/none
else
output+=(" gelf {\\n")
output+=(" host => \"${GELF_OUTPUT_HOST}\"\\n")
output+=(" port => \"${GELF_OUTPUT_PORT}\"\\n")
output+=(" protocol => \"${GELF_OUTPUT_PROTOCOL}\"\\n")
output+=(" tls => \"${GELF_OUTPUT_TLS}\"\\n")
output+=(" tcp_retry => \"${GELF_OUTPUT_TCP_RETRY}\"\\n")
output+=(" }\\n")
fi
fi
if [ "x$DEBUG" == "x1" ] ; then
output_stdout+=(" stdout {\\n")
output_stdout+=(" codec => rubydebug\\n")
output_stdout+=(" }\\n")
elif [ "x$STDOUT" == "x1" -o "x$STDOUT" == "xtrue" ] ; then
output_stdout+=(" stdout {}\n")
fi
if [ -n "${field}" ] ; then
line_field=$(grep -n '#begin of mutate generate configutation' ${LOGSTASH_CONFIGURATION_FILE_TEMPLATE}|awk -F ':' '{print $1}')
sed -i "/#begin of mutate generate configutation/,/#end of mutate generate configutation/d" ${LOGSTASH_CONFIGURATION_FILE_TEMPLATE}
head -n $(($line_field-1)) ${LOGSTASH_CONFIGURATION_FILE_TEMPLATE} > ${LOGSTASH_CONFIGURATION_FILE_TMP}
echo " #begin of mutate generate configutation" >> ${LOGSTASH_CONFIGURATION_FILE_TMP}
echo -e -n "${field[@]}" >> ${LOGSTASH_CONFIGURATION_FILE_TMP}
echo " #end of mutate generate configutation" >> ${LOGSTASH_CONFIGURATION_FILE_TMP}
tail -n +$line_field ${LOGSTASH_CONFIGURATION_FILE_TEMPLATE} >> ${LOGSTASH_CONFIGURATION_FILE_TMP}
cp ${LOGSTASH_CONFIGURATION_FILE_TMP} ${LOGSTASH_CONFIGURATION_FILE_TEMPLATE}
fi
if [ -n "${output}" ] ; then
line_output=$(grep -n '#begin of output gelf generate configuration' ${LOGSTASH_CONFIGURATION_FILE_TEMPLATE}|awk -F ':' '{print $1}')
sed -i "/#begin of output gelf generate configuration/,/#end of output gelf generate configuration/d" ${LOGSTASH_CONFIGURATION_FILE_TEMPLATE}
head -n $(($line_output-1)) ${LOGSTASH_CONFIGURATION_FILE_TEMPLATE} > ${LOGSTASH_CONFIGURATION_FILE_TMP}
echo " #begin of output gelf generate configutation" >> ${LOGSTASH_CONFIGURATION_FILE_TMP}
echo -e -n "${output[@]}" >> ${LOGSTASH_CONFIGURATION_FILE_TMP}
echo " #end of output gelf generate configutation" >> ${LOGSTASH_CONFIGURATION_FILE_TMP}
tail -n +$line_output ${LOGSTASH_CONFIGURATION_FILE_TEMPLATE} >> ${LOGSTASH_CONFIGURATION_FILE_TMP}
cp ${LOGSTASH_CONFIGURATION_FILE_TMP} ${LOGSTASH_CONFIGURATION_FILE_TEMPLATE}
fi
if [ -n "${output_stdout}" ] ; then
line_output_stdout=$(grep -n '#begin of output stdout generate configuration' ${LOGSTASH_CONFIGURATION_FILE_TEMPLATE}|awk -F ':' '{print $1}')
sed -i "/#begin of output stdout generate configuration/,/#end of output stdout generate configuration/d" ${LOGSTASH_CONFIGURATION_FILE_TEMPLATE}
head -n $(($line_output_stdout-1)) ${LOGSTASH_CONFIGURATION_FILE_TEMPLATE} > ${LOGSTASH_CONFIGURATION_FILE_TMP}
echo " #begin of output stdout generate configutation" >> ${LOGSTASH_CONFIGURATION_FILE_TMP}
echo -e -n "${output_stdout[@]}" >> ${LOGSTASH_CONFIGURATION_FILE_TMP}
echo " #end of output stdout generate configutation" >> ${LOGSTASH_CONFIGURATION_FILE_TMP}
tail -n +$line_output_stdout ${LOGSTASH_CONFIGURATION_FILE_TEMPLATE} >> ${LOGSTASH_CONFIGURATION_FILE_TMP}
cp ${LOGSTASH_CONFIGURATION_FILE_TMP} ${LOGSTASH_CONFIGURATION_FILE_TEMPLATE}
fi
if [ "x${KEEP_CONFIG}" == "xtrue" ] ; then
if [ "$(find /etc/logstash/conf.d -maxdepth 1 -type f|wc -l)" == "0" ] ; then
if [ -f ${LOGSTASH_CONFIGURATION_FILE_TEMPLATE} ] ; then
cp ${LOGSTASH_CONFIGURATION_FILE_TEMPLATE} ${LOGSTASH_CONFIGURATION_FILE}
fi
fi
else
cp ${LOGSTASH_CONFIGURATION_FILE_TEMPLATE} ${LOGSTASH_CONFIGURATION_FILE}
if [ -d ${LOGSTASH_CONFIGURATION_FOLDER_TEMPLATE} ] ; then
cp -ar ${LOGSTASH_CONFIGURATION_FOLDER_TEMPLATE}/* ${LOGSTASH_CONFIGURATION_FOLDER}
fi
fi
}
logstash_forwarder_keygen() {
#Generate SSL cert/key for logstash-forwarder
FORWARDER_DIR="/opt/logstash-forwarder"
FORWARDER_KEY="logstash-forwarder.key"
FORWARDER_CRT="logstash-forwarder.crt"
DEFAULT_KEY="logstash.key"
DEFAULT_CRT="logstash.crt"
[ -z ${PUBLIC_HOSTNAME} ] && PUBLIC_HOSTNAME="$(hostname --fqdn)"
if [ ! -f "$FORWARDER_DIR/$FORWARDER_KEY" ]; then
if [ -s "$FORWARDER_DIR/$DEFAULT_KEY" -a -s "$FORWARDER_DIR/$DEFAULT_KEY" ] ; then
cp $FORWARDER_DIR/$DEFAULT_KEY $FORWARDER_DIR/$FORWARDER_KEY
cp $FORWARDER_DIR/$DEFAULT_CRT $FORWARDER_DIR/$FORWARDER_CRT
else
echo "Generating new logstash-forwarder key"
mkdir -p "${FORWARDER_DIR}"
openssl req -x509 -batch -nodes -newkey rsa:4096 \
-keyout "$FORWARDER_DIR/$FORWARDER_KEY" \
-out "$FORWARDER_DIR/$FORWARDER_CRT" \
-subj "/CN=${PUBLIC_HOSTNAME}" >/dev/null 2>/dev/null
fi
else
if [ -s "$FORWARDER_DIR/$DEFAULT_KEY" -a -s "$FORWARDER_DIR/$DEFAULT_KEY" ] ; then
cp -f $FORWARDER_DIR/$DEFAULT_KEY $FORWARDER_DIR/$FORWARDER_KEY
cp -f $FORWARDER_DIR/$DEFAULT_CRT $FORWARDER_DIR/$FORWARDER_CRT
fi
fi
}
kill_logstash () {
kill $(ps ux | grep logstash | grep java | grep agent | awk '{ print $2}')
exit
}
check_logstash () {
# create logstash group
if ! getent group ${LOGSTASH_GROUP} >/dev/null; then
groupadd -r ${LOGSTASH_GROUP}
fi
# create logstash user
if ! getent passwd ${LOGSTASH_USER} >/dev/null; then
useradd -M -r -g ${LOGSTASH_GROUP} -d ${LOGSTASH_HOME} \
-s /usr/sbin/nologin -c "LogStash Service User" ${LOGSTASH_USER}
fi
# chown folder
chown -R ${LOGSTASH_USER}:${LOGSTASH_GROUP} ${LOGSTASH_ROOT}
[ ! -d "${LOGSTASH_LOG_FOLDER}" ] && mkdir ${LOGSTASH_LOG_FOLDER}
chown ${LOGSTASH_USER}:${LOGSTASH_GROUP} ${LOGSTASH_LOG_FOLDER}
[ ! -d "${LOGSTASH_HOME}" ] && mkdir -p ${LOGSTASH_HOME}
chown ${LOGSTASH_USER}:${LOGSTASH_GROUP} ${LOGSTASH_HOME}
}
start_logstash () {
if [ `id -u` -ne 0 ]; then
echo "You need root privileges to run this script"
exit 1
fi
LS_JAVA_OPTIONS="${LS_JAVA_OPTIONS} -Djava.io.tmpdir=${LOGSTASH_HOME}"
HOME=${LOGSTASH_HOME}
export PATH HOME LS_HEAP_SIZE LS_JAVA_OPTS LOGSTASH_USE_GC_LOGGING
program="${LOGSTASH_ROOT}/bin/logstash"
args="agent -f ${LOGSTASH_CONFIGURATION_FOLDER} "
if [ "x$LOG" = "x1" -o "x$LOG" = "xtrue" ] ; then
args+="-l ${LOGSTASH_LOG_FILE} "
fi
if [ "x$DEBUG" = "x1" -o "x$DEBUG" = "xtrue" ] ; then
args+="--debug "
fi
args+="${LOGSTASH_START_OPTIONS}"
if [ "x$CHROOT" = "x1" -o "x$CHROOT" = "xtrue" ] ; then
# Run the program!
nice -n ${LOGSTASH_NICE} chroot --userspec $LOGSTASH_USER:$LOGSTASH_GROUP / sh -c "
cd $LOGSTASH_HOME
exec $program $args" &
else
$program $args &
fi
}
main_config
logstash_forwarder_keygen
[ -x "/etc/init.d/rsyslog" ] && /etc/init.d/rsyslog stop >/dev/null 2>/dev/null
trap kill_logstash SIGINT SIGTERM SIGHUP
check_logstash
start_logstash
pid=$!
wait $pid