huksley/graylog2-install.sh

## graylog2-install.sh
#!/bin/sh
# Graylog version, both server and web-ui
ver=0.11.0
# Elasticsearch version (Currently must be 0.20.4)
elasticver=0.20.4
# Set elasticheap size according to your server RAM available
elasticheap=128

# Make sure system is fully upgraded
apt-get update
apt-get -y upgrade

# proxy magic if you set http_proxy
gemproxy=""
wgetproxy=""
# Retries is needed because elasticsearch-wrappers is not always responsive
wgetopts="-T 20 -t 5"
if [ "$http_proxy" != "" ]; then
        wgetproxy="-Y on"
        gemproxy="--http-proxy $http_proxy"
fi

# prepare graylog

if [ ! -d /opt ]; then
        mkdir -p /opt
fi

cd /opt
if [ ! -d /opt/graylog2-server-$ver ]; then
  if [ ! -f graylog2-server-$ver.tar.gz ]; then
    wget $wgetopts $wgetproxy $wgetopt -O graylog2-server-$ver.tar.gz http://download.graylog2.org/graylog2-server/graylog2-server-$ver.tar.gz
  fi

  tar -xvf graylog2-server-$ver.tar.gz
  rm graylog2-server
  ln -s graylog2-server-$ver graylog2-server
fi

if [ ! -f /opt/graylog2-server/graylog2.conf ]; then
  cp /opt/graylog2-server/graylog2.conf.example /opt/graylog2-server/graylog2.conf
  ln -s /opt/graylog2-server/graylog2.conf /etc/graylog2.conf
fi

sudo cp elasticsearch.yml.example /etc/graylog2-elasticsearch.yml
if [ ! -f /etc/graylog2-elasticsearch.yml ]; then
  cp /opt/graylog2-server/elasticsearch.yml.example /etc/graylog2-elasticsearch.yml
  ln -s /opt/graylog2-server/elasticsearch.yml /etc/graylog2-elasticsearch.yml
fi

# Disable auth
sed -i -e 's|mongodb_useauth = true|mongodb_useauth = false|' /opt/graylog2-server/graylog2.conf
# Fix plugin directory
sed -i -e 's|plugin_dir = plugin|plugin_dir = /opt/graylog2-server/plugin|' /opt/graylog2-server/graylog2.conf
# HTTP enable for last call test
sed -i -e 's|http_enabled = false|http_enabled = true|' /opt/graylog2-server/graylog2.conf

rm /etc/init.d/graylog2-server
cat >>/etc/init.d/graylog2-server <<EOF
#!/bin/sh
#
# graylog2-server:   graylog2 message collector
#
# chkconfig: - 98 02
# description:  This daemon listens for syslog and GELF messages and stores them in mongodb
#
CMD=\$1
NOHUP=\`which nohup\`
JAVA_CMD=/usr/bin/java
GRAYLOG2_SERVER_HOME=/opt/graylog2-server

start() {
    echo "Starting graylog2-server ..."
    \$NOHUP \$JAVA_CMD -jar \$GRAYLOG2_SERVER_HOME/graylog2-server.jar -f /etc/graylog2.conf -p \$GRAYLOG2_SERVER_HOME/graylog2-server.pid > /var/log/graylog2.log 2>&1 &
}

stop() {
        PID=\`cat \$GRAYLOG2_SERVER_HOME/graylog2-server.pid\`
        echo "Stopping graylog2-server (\$PID) ..."
        kill \$PID 2>/dev/null 1>/dev/null
}

restart() {
        echo "Restarting graylog2-server ..."
        stop
    start
}

case "\$CMD" in
    start)
        start
        ;;
    stop)
        stop
        ;;
    restart)
        restart
        ;;
    *)
        echo "Usage \$0 {start|stop|restart}"
    RETVAL=1
esac
EOF
chmod a+x /etc/init.d/graylog2-server
update-rc.d graylog2-server enable

# Install Java 7
apt-get install unzip curl python-software-properties -y
add-apt-repository "deb http://ppa.launchpad.net/webupd8team/java/ubuntu precise main"
apt-get update
echo oracle-java7-installer shared/accepted-oracle-license-v1-1 boolean true | debconf-set-selections
apt-get install oracle-java7-installer oracle-java7-set-default -y

# Install ElasticSearch
wget $wgetopts $wgetproxy https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-$elasticver.tar.gz -O elasticsearch.tar.gz
tar -xvf elasticsearch.tar.gz
mv elasticsearch-* elasticsearch
mv elasticsearch /opt/elasticsearch

wget $wgetopts $wgetproxy -O elasticsearch-servicewrapper.tar.gz http://github.com/elasticsearch/elasticsearch-servicewrapper/tarball/master
tar -xvf elasticsearch-servicewrapper.tar.gz
mv *servicewrapper*/service /opt/elasticsearch/bin/
rm -Rf *servicewrapper*
sudo /opt/elasticsearch/bin/service/elasticsearch install
ln -s `readlink -f /opt/elasticsearch/bin/service/elasticsearch` /usr/bin/elasticsearch_ctl
sed -i -e 's|# cluster.name: elasticsearch|cluster.name: graylog2|' /opt/elasticsearch/config/elasticsearch.yml
sed -i -e "s|ES_HEAP_SIZE=1024|ES_HEAP_SIZE=$elasticheap|" /opt/elasticsearch/bin/service/elasticsearch.conf
sed -u -e "s/set.default.ES_HOME=.*/set.default.ES_HOME=\/opt\/elasticsearch\//g" /opt/elasticsearch/bin/service/elasticsearch.conf
service elasticsearch start
curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'

# mongodb
apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10
echo deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen >> /etc/apt/sources.list
apt-get update
apt-get install -y mongodb-10gen
service mongodb start

# Install latest ruby
wget $wgetopts $wgetproxy -O ruby192.sh https://raw.github.com/deanperry/onelineserver/master/ruby/192.sh
sudo sh ruby192.sh

cd /opt
wget $wgetopts $wgetproxy -O graylog2-web-interface-$ver.tar.gz http://download.graylog2.org/graylog2-web-interface/graylog2-web-interface-$ver.tar.gz
tar -xvf graylog2-web-interface-$ver.tar.gz
ln -s graylog2-web-interface-$ver graylog2-web-interface
useradd graylog2 -d /opt/graylog2-web-interface
chown -R graylog2:graylog2 /opt/graylog2-server*
chown -R graylog2:graylog2 /opt/graylog2-web-interface*
usermod -G sudo graylog2
cd /opt/graylog2-web-interface
gem install $gemproxy bundler --no-ri --no-rdoc
bundle install

# Install apache module
gem install $gemproxy passenger
apt-get -y install apache2 libcurl4-openssl-dev apache2-prefork-dev libapr1-dev libcurl4-openssl-dev apache2-prefork-dev libapr1-dev
echo yes | passenger-install-apache2-module

PASSENGERROOT=`find /usr/local/lib/ruby/gems/1.9.1/gems/passenger-* -maxdepth 0 | tail -n1`
PASSENGERMOD=`find $PASSENGERROOT | grep mod_passenger.so`
cat >>/etc/apache2/apache2.conf <<EOF
LoadModule passenger_module $PASSENGERMOD
PassengerRoot $PASSENGERROOT
PassengerRuby /usr/local/bin/ruby
EOF

service apache2 start
service apache2 restart

cat >/etc/apache2/sites-available/graylog2 <<EOF
<VirtualHost *:80>
ServerName graylog2
ServerAlias graylog2
SetEnv MONGOID_HOST localhost
SetEnv MONGOID_PORT 27017
SetEnv MONGOID_USERNAME
SetEnv MONGOID_PASSWORD
SetEnv MONGOID_DATABASE graylog2
DocumentRoot /opt/graylog2-web-interface/public
<Directory /opt/graylog2-web-interface/public>
        Allow from all
        Options -MultiViews
</Directory>
ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combined
</VirtualHost>
EOF

a2ensite graylog2
cat >/etc/rsyslog.d/graylog2.conf <<EOF
*.*     @127.0.0.1  #udp forwarding
EOF

service graylog2-server start
service rsyslog restart
update-rc.d graylog2-server enable
update-rc.d elasticsearch enable
service apache2 restart
service mongodb start

# Requires http_enabled = true in /etc/graylog2.conf
echo "Adding test message"
curl -XPOST http://127.0.0.1:12202/gelf -d '{"short_message":"Installation complete", "host":"graylog2", "facility": "system"}'
	#!/bin/sh
	# Graylog version, both server and web-ui
	ver=0.11.0
	# Elasticsearch version (Currently must be 0.20.4)
	elasticver=0.20.4
	# Set elasticheap size according to your server RAM available
	elasticheap=128

	# Make sure system is fully upgraded
	apt-get update
	apt-get -y upgrade

	# proxy magic if you set http_proxy
	gemproxy=""
	wgetproxy=""
	# Retries is needed because elasticsearch-wrappers is not always responsive
	wgetopts="-T 20 -t 5"
	if [ "$http_proxy" != "" ]; then
	wgetproxy="-Y on"
	gemproxy="--http-proxy $http_proxy"
	fi

	# prepare graylog

	if [ ! -d /opt ]; then
	mkdir -p /opt
	fi

	cd /opt
	if [ ! -d /opt/graylog2-server-$ver ]; then
	if [ ! -f graylog2-server-$ver.tar.gz ]; then
	wget $wgetopts $wgetproxy $wgetopt -O graylog2-server-$ver.tar.gz http://download.graylog2.org/graylog2-server/graylog2-server-$ver.tar.gz
	fi

	tar -xvf graylog2-server-$ver.tar.gz
	rm graylog2-server
	ln -s graylog2-server-$ver graylog2-server
	fi

	if [ ! -f /opt/graylog2-server/graylog2.conf ]; then
	cp /opt/graylog2-server/graylog2.conf.example /opt/graylog2-server/graylog2.conf
	ln -s /opt/graylog2-server/graylog2.conf /etc/graylog2.conf
	fi

	sudo cp elasticsearch.yml.example /etc/graylog2-elasticsearch.yml
	if [ ! -f /etc/graylog2-elasticsearch.yml ]; then
	cp /opt/graylog2-server/elasticsearch.yml.example /etc/graylog2-elasticsearch.yml
	ln -s /opt/graylog2-server/elasticsearch.yml /etc/graylog2-elasticsearch.yml
	fi

	# Disable auth
	sed -i -e 's\|mongodb_useauth = true\|mongodb_useauth = false\|' /opt/graylog2-server/graylog2.conf
	# Fix plugin directory
	sed -i -e 's\|plugin_dir = plugin\|plugin_dir = /opt/graylog2-server/plugin\|' /opt/graylog2-server/graylog2.conf
	# HTTP enable for last call test
	sed -i -e 's\|http_enabled = false\|http_enabled = true\|' /opt/graylog2-server/graylog2.conf

	rm /etc/init.d/graylog2-server
	cat >>/etc/init.d/graylog2-server <<EOF
	#!/bin/sh
	#
	# graylog2-server: graylog2 message collector
	#
	# chkconfig: - 98 02
	# description: This daemon listens for syslog and GELF messages and stores them in mongodb
	#
	CMD=\$1
	NOHUP=\`which nohup\`
	JAVA_CMD=/usr/bin/java
	GRAYLOG2_SERVER_HOME=/opt/graylog2-server

	start() {
	echo "Starting graylog2-server ..."
	\$NOHUP \$JAVA_CMD -jar \$GRAYLOG2_SERVER_HOME/graylog2-server.jar -f /etc/graylog2.conf -p \$GRAYLOG2_SERVER_HOME/graylog2-server.pid > /var/log/graylog2.log 2>&1 &
	}

	stop() {
	PID=\`cat \$GRAYLOG2_SERVER_HOME/graylog2-server.pid\`
	echo "Stopping graylog2-server (\$PID) ..."
	kill \$PID 2>/dev/null 1>/dev/null
	}

	restart() {
	echo "Restarting graylog2-server ..."
	stop
	start
	}

	case "\$CMD" in
	start)
	start
	;;
	stop)
	stop
	;;
	restart)
	restart
	;;
	*)
	echo "Usage \$0 {start\|stop\|restart}"
	RETVAL=1
	esac
	EOF
	chmod a+x /etc/init.d/graylog2-server
	update-rc.d graylog2-server enable

	# Install Java 7
	apt-get install unzip curl python-software-properties -y
	add-apt-repository "deb http://ppa.launchpad.net/webupd8team/java/ubuntu precise main"
	apt-get update
	echo oracle-java7-installer shared/accepted-oracle-license-v1-1 boolean true \| debconf-set-selections
	apt-get install oracle-java7-installer oracle-java7-set-default -y

	# Install ElasticSearch
	wget $wgetopts $wgetproxy https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-$elasticver.tar.gz -O elasticsearch.tar.gz
	tar -xvf elasticsearch.tar.gz
	mv elasticsearch-* elasticsearch
	mv elasticsearch /opt/elasticsearch

	wget $wgetopts $wgetproxy -O elasticsearch-servicewrapper.tar.gz http://github.com/elasticsearch/elasticsearch-servicewrapper/tarball/master
	tar -xvf elasticsearch-servicewrapper.tar.gz
	mv servicewrapper/service /opt/elasticsearch/bin/
	rm -Rf servicewrapper
	sudo /opt/elasticsearch/bin/service/elasticsearch install
	ln -s `readlink -f /opt/elasticsearch/bin/service/elasticsearch` /usr/bin/elasticsearch_ctl
	sed -i -e 's\|# cluster.name: elasticsearch\|cluster.name: graylog2\|' /opt/elasticsearch/config/elasticsearch.yml
	sed -i -e "s\|ES_HEAP_SIZE=1024\|ES_HEAP_SIZE=$elasticheap\|" /opt/elasticsearch/bin/service/elasticsearch.conf
	sed -u -e "s/set.default.ES_HOME=.*/set.default.ES_HOME=\/opt\/elasticsearch\//g" /opt/elasticsearch/bin/service/elasticsearch.conf
	service elasticsearch start
	curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'

	# mongodb
	apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10
	echo deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen >> /etc/apt/sources.list
	apt-get update
	apt-get install -y mongodb-10gen
	service mongodb start

	# Install latest ruby
	wget $wgetopts $wgetproxy -O ruby192.sh https://raw.github.com/deanperry/onelineserver/master/ruby/192.sh
	sudo sh ruby192.sh

	cd /opt
	wget $wgetopts $wgetproxy -O graylog2-web-interface-$ver.tar.gz http://download.graylog2.org/graylog2-web-interface/graylog2-web-interface-$ver.tar.gz
	tar -xvf graylog2-web-interface-$ver.tar.gz
	ln -s graylog2-web-interface-$ver graylog2-web-interface
	useradd graylog2 -d /opt/graylog2-web-interface
	chown -R graylog2:graylog2 /opt/graylog2-server*
	chown -R graylog2:graylog2 /opt/graylog2-web-interface*
	usermod -G sudo graylog2
	cd /opt/graylog2-web-interface
	gem install $gemproxy bundler --no-ri --no-rdoc
	bundle install

	# Install apache module
	gem install $gemproxy passenger
	apt-get -y install apache2 libcurl4-openssl-dev apache2-prefork-dev libapr1-dev libcurl4-openssl-dev apache2-prefork-dev libapr1-dev
	echo yes \| passenger-install-apache2-module

	PASSENGERROOT=`find /usr/local/lib/ruby/gems/1.9.1/gems/passenger-* -maxdepth 0 \| tail -n1`
	PASSENGERMOD=`find $PASSENGERROOT \| grep mod_passenger.so`
	cat >>/etc/apache2/apache2.conf <<EOF
	LoadModule passenger_module $PASSENGERMOD
	PassengerRoot $PASSENGERROOT
	PassengerRuby /usr/local/bin/ruby
	EOF

	service apache2 start
	service apache2 restart

	cat >/etc/apache2/sites-available/graylog2 <<EOF
	<VirtualHost *:80>
	ServerName graylog2
	ServerAlias graylog2
	SetEnv MONGOID_HOST localhost
	SetEnv MONGOID_PORT 27017
	SetEnv MONGOID_USERNAME
	SetEnv MONGOID_PASSWORD
	SetEnv MONGOID_DATABASE graylog2
	DocumentRoot /opt/graylog2-web-interface/public
	<Directory /opt/graylog2-web-interface/public>
	Allow from all
	Options -MultiViews
	</Directory>
	ErrorLog /var/log/apache2/error.log
	LogLevel warn
	CustomLog /var/log/apache2/access.log combined
	</VirtualHost>
	EOF

	a2ensite graylog2
	cat >/etc/rsyslog.d/graylog2.conf <<EOF
	. @127.0.0.1 #udp forwarding
	EOF

	service graylog2-server start
	service rsyslog restart
	update-rc.d graylog2-server enable
	update-rc.d elasticsearch enable
	service apache2 restart
	service mongodb start

	# Requires http_enabled = true in /etc/graylog2.conf
	echo "Adding test message"
	curl -XPOST http://127.0.0.1:12202/gelf -d '{"short_message":"Installation complete", "host":"graylog2", "facility": "system"}'