--- doc/install/linux/install.pl 2021/12/10 15:31:47 1.45.2.17 +++ doc/install/linux/install.pl 2018/07/11 01:58:41 1.46 @@ -26,8 +26,8 @@ use strict; use File::Copy; use Term::ReadKey; +use Sys::Hostname::FQDN(); use DBI; -use File::Spec; use Cwd(); use File::Basename(); use lib File::Basename::dirname(Cwd::abs_path($0)); @@ -76,7 +76,7 @@ if (!open(LOG,">>loncapa_install.log")) &mt('Stopping execution.')."\n"; exit; } else { - print LOG '$Id: install.pl,v 1.45.2.17 2021/12/10 15:31:47 raeburn Exp $'."\n"; + print LOG '$Id: install.pl,v 1.46 2018/07/11 01:58:41 raeburn Exp $'."\n"; } # @@ -163,20 +163,9 @@ sub get_user_selection { } sub get_distro { - my ($distro,$gotprereqs,$updatecmd,$packagecmd,$installnow,$unknown); + my ($distro,$gotprereqs,$updatecmd,$packagecmd,$installnow); $packagecmd = '/bin/rpm -q LONCAPA-prerequisites '; - if (-e '/etc/oracle-release') { - open(IN,'; - chomp($versionstring); - close(IN); - if ($versionstring =~ /^Oracle Linux Server release (\d+)/) { - my $version = $1; - $distro = 'oracle'.$1; - $updatecmd = 'yum install LONCAPA-prerequisites'; - $installnow = 'yum -y install LONCAPA-prerequisites'; - } - } elsif (-e '/etc/redhat-release') { + if (-e '/etc/redhat-release') { open(IN,'; chomp($versionstring); @@ -206,11 +195,7 @@ sub get_distro { $distro = 'rhes'.$1; $updatecmd = 'yum install LONCAPA-prerequisites'; $installnow = 'yum -y install LONCAPA-prerequisites'; - } elsif ($versionstring =~ /Red Hat Enterprise Linux release (\d+)/) { - $distro = 'rhes'.$1; - $updatecmd = 'dnf install LONCAPA-prerequisites'; - $installnow = 'dnf -y install LONCAPA-prerequisites'; - } elsif ($versionstring =~ /CentOS(?:| Linux| Stream) release (\d+)/) { + } elsif ($versionstring =~ /CentOS(?:| Linux) release (\d+)/) { $distro = 'centos'.$1; $updatecmd = 'yum install LONCAPA-prerequisites'; $installnow = 'yum -y install LONCAPA-prerequisites'; @@ -223,7 +208,6 @@ sub get_distro { } else { print &mt('Unable to interpret [_1] to determine system type.', '/etc/redhat-release')."\n"; - $unknown = 1; } } elsif (-e '/etc/SuSE-release') { open(IN,'; chomp($versionstring); close(IN); + $packagecmd = '/usr/bin/dpkg -l loncapa-prerequisites '; + $updatecmd = 'apt-get install loncapa-prerequisites'; if ($versionstring =~ /^Ubuntu (\d+)\.\d+/i) { $distro = 'ubuntu'.$1; $updatecmd = 'sudo apt-get install loncapa-prerequisites'; } elsif ($versionstring =~ /^Debian\s+GNU\/Linux\s+(\d+)\.\d+/i) { $distro = 'debian'.$1; - $updatecmd = 'apt-get install loncapa-prerequisites'; } elsif (-e '/etc/debian_version') { open(IN,'; @@ -270,15 +254,13 @@ sub get_distro { close(IN); if ($version =~ /^(\d+)\.\d+\.?\d*/) { $distro='debian'.$1; - $updatecmd = 'apt-get install loncapa-prerequisites'; } else { print &mt('Unable to interpret [_1] to determine system type.', '/etc/debian_version')."\n"; - $unknown = 1; } - } - if ($distro ne '') { - $packagecmd = '/usr/bin/dpkg -l loncapa-prerequisites '; + } else { + print &mt('Unable to interpret [_1] to determine system type.', + '/etc/issue')."\n"; } } elsif (-e '/etc/debian_version') { open(IN,') { - chomp(); - if (/^ID="(\w+)"/) { - $id=$1; - } elsif (/^VERSION_ID="([\d\.]+)"/) { - $version=$1; - } - } - close(IN); - if ($id eq 'sles') { - my ($major,$minor) = split(/\./,$version); - if ($major =~ /^\d+$/) { - $distro = $id.$major; - $updatecmd = 'zypper install LONCAPA-prerequisites'; - } - } - } - if ($distro eq '') { - print &mt('Unable to interpret [_1] to determine system type.', - '/etc/os-release')."\n"; - $unknown = 1; - } - } else { - print &mt('Unknown installation: expecting a debian, ubuntu, suse, sles, redhat, fedora, scientific linux, or oracle linux system.')."\n"; } + } else { + print &mt('Unknown installation: expecting a debian, ubuntu, suse, sles, redhat, fedora or scientific linux system.')."\n"; } return ($distro,$packagecmd,$updatecmd,$installnow); } +sub get_hostname { + my $hostname; + print &mt('Enter the hostname of this server, e.g., loncapa.somewhere.edu'."\n"); + my $choice = ; + chomp($choice); + $choice =~ s/(^\s+|\s+$)//g; + if ($choice eq '') { + print &mt("Hostname you entered was either blank or contanied only white space.\n"); + } elsif ($choice =~ /^[\w\.\-]+$/) { + $hostname = $choice; + } else { + print &mt("Hostname you entered was invalid -- a hostname may only contain letters, numbers, - and .\n"); + } + while ($hostname eq '') { + $hostname = &get_hostname(); + } + print "\n"; + return $hostname; +} + sub check_prerequisites { my ($packagecmd,$distro) = @_; my $gotprereqs; @@ -358,61 +331,45 @@ sub check_prerequisites { sub check_locale { my ($distro) = @_; - my ($fh,$langvar,$command,$earlyout); + my ($fh,$langvar,$command); $langvar = 'LANG'; if ($distro =~ /^(ubuntu|debian)/) { if (!open($fh,"= 15)) { - if (!open($fh,"= 18) { if (!open($fh,"= 7) { if (!open($fh,"; chomp(@data); foreach my $item (@data) { @@ -426,13 +383,9 @@ sub check_locale { $command = 'sudo locale-gen en_US.UTF-8'."\n". 'sudo update-locale LANG=en_US.UTF-8'; } elsif ($distro =~ /^(suse|sles)/) { - $command = 'yast language'; - } elsif (-e '/usr/bin/system-config-language') { - $command = 'system-config-language'; - } elsif (-e '/usr/bin/localectl') { - $command = '/usr/bin/localectl set-locale LANG=en_US.UTF-8'; + $command = 'yast language'; } else { - $command = 'No standard command found'; + $command = 'system-config-language'; } } last; @@ -456,9 +409,9 @@ sub check_required { unless ($localecmd eq '') { return ($distro,$gotprereqs,$localecmd); } - my ($mysqlon,$mysqlsetup,$mysqlrestart,$dbh,$has_pass,$mysql_unix_socket,$has_lcdb, - %recommended,$downloadstatus,$filetouse,$production,$testing,$apachefw, - $tostop,$uses_systemctl,$mysql_has_wwwuser); + my ($mysqlon,$mysqlsetup,$mysqlrestart,$dbh,$has_pass,$has_lcdb,%recommended, + $downloadstatus,$filetouse,$production,$testing,$apachefw,$tostop, + $uses_systemctl,$hostname); my $wwwuid = &uid_of_www(); my $wwwgid = getgrnam('www'); if (($wwwuid eq '') || ($wwwgid eq '')) { @@ -467,10 +420,21 @@ sub check_required { unless( -e "/usr/local/sbin/pwauth") { $recommended{'pwauth'} = 1; } + my $hostname = Sys::Hostname::FQDN::fqdn(); + if ($hostname eq '') { + $hostname =&get_hostname(); + } else { + print &mt("Hostname detected: $hostname. Is that correct? ~[Y/n~]"); + if (!&get_user_selection(1)) { + $hostname =&get_hostname(); + } + } + print_and_log(&mt('Hostname is [_1]',$hostname)."\n"); $mysqlon = &check_mysql_running($distro); if ($mysqlon) { - ($mysqlsetup,$has_pass,$dbh,$mysql_has_wwwuser,$mysql_unix_socket) = - &check_mysql_setup($instdir,$dsn,$distro); + my $mysql_has_wwwuser = &check_mysql_wwwuser(); + ($mysqlsetup,$has_pass,$dbh,$mysql_has_wwwuser) = + &check_mysql_setup($instdir,$dsn,$distro,$mysql_has_wwwuser); if ($mysqlsetup eq 'needsrestart') { $mysqlrestart = ''; if ($distro eq 'ubuntu') { @@ -497,13 +461,13 @@ sub check_required { ($recommended{'firewall'},$apachefw) = &chkfirewall($distro); ($recommended{'runlevels'},$tostop,$uses_systemctl) = &chkconfig($distro,$instdir); $recommended{'apache'} = &chkapache($distro,$instdir); + $recommended{'apachessl'} = &chkapachessl($distro,$instdir,$hostname); $recommended{'stopsrvcs'} = &chksrvcs($distro,$tostop); ($recommended{'download'},$downloadstatus,$filetouse,$production,$testing) - = &need_download($distro,$instdir); + = &need_download(); return ($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow, - $mysqlrestart,\%recommended,$dbh,$has_pass,$mysql_unix_socket, - $has_lcdb,$downloadstatus,$filetouse,$production,$testing,$apachefw, - $uses_systemctl); + $mysqlrestart,\%recommended,$dbh,$has_pass,$has_lcdb,$downloadstatus, + $filetouse,$production,$testing,$apachefw,$uses_systemctl,$hostname); } sub check_mysql_running { @@ -529,10 +493,7 @@ sub check_mysql_running { if ($1 >= 19) { $mysqldaemon ='mariadb'; } - if ($1 >= 34) { - $process = 'mariadb'; - } - } elsif ($distro =~ /^(?:centos|rhes|scientific|oracle)(\d+)/) { + } elsif ($distro =~ /^(?:centos|rhes|scientific)(\d+)/) { if ($1 >= 7) { $mysqldaemon ='mariadb'; $process = 'mysqld'; @@ -545,9 +506,6 @@ sub check_mysql_running { $proc_owner = 'mysql'; $process = 'mysqld'; } - if ($1 >= 15) { - $mysqldaemon ='mariadb'; - } } elsif ($distro =~ /^suse(\d+)/) { if ($1 >= 13) { $use_systemctl = 1; @@ -631,12 +589,7 @@ sub chkconfig { $uses_systemctl{'ntp'} = 1; $uses_systemctl{'cups'} = 1; $uses_systemctl{'memcached'} = 1; - if (($name eq 'sles') && ($num >= 15)) { - $daemon{'ntp'} = 'chronyd'; - $daemon{'mysql'} = 'mariadb'; - } else { - $daemon{'ntp'} = 'ntpd'; - } + $daemon{'ntp'} = 'ntpd'; } } } @@ -659,9 +612,6 @@ sub chkconfig { if (($distro =~ /^ubuntu/) && ($version <= 8)) { $daemon{'cups'} = 'cupsys'; } - if (($distro =~ /^ubuntu/) && ($version >= 18)) { - $daemon{'ntp'} = 'chrony'; - } } elsif ($distro =~ /^fedora(\d+)/) { my $version = $1; if ($version >= 15) { @@ -676,10 +626,7 @@ sub chkconfig { if ($version >= 19) { $daemon{'mysql'} = 'mariadb'; } - if ($version >= 26) { - $daemon{'ntp'} = 'chronyd'; - } - } elsif ($distro =~ /^(?:centos|rhes|scientific|oracle)(\d+)/) { + } elsif ($distro =~ /^(?:centos|rhes|scientific)(\d+)/) { my $version = $1; if ($version >= 7) { $uses_systemctl{'ntp'} = 1; @@ -689,9 +636,6 @@ sub chkconfig { $uses_systemctl{'cups'} = 1; $daemon{'mysql'} = 'mariadb'; } - if (($version >= 8) || ($distro eq 'oracle7')) { - $daemon{'ntp'} = 'chronyd'; - } } my $nocheck; if (! -x $checker_bin) { @@ -775,7 +719,7 @@ sub chkconfig { } else { $major = $version; } - if (($major > 10) && ($major <= 13)) { + if ($major > 10) { if (&check_SuSEfirewall2_setup($instdir)) { $needfix{'insserv'} = 1; } @@ -784,52 +728,6 @@ sub chkconfig { return (\%needfix,\%tostop,\%uses_systemctl); } -sub uses_firewalld { - my ($distro) = @_; - my ($inuse,$checkfirewalld,$zone); - if ($distro =~ /^(suse|sles)([\d\.]+)$/) { - if (($1 eq 'sles') && ($2 >= 15)) { - $checkfirewalld = 1; - } - } elsif ($distro =~ /^fedora(\d+)$/) { - if ($1 >= 18) { - $checkfirewalld = 1; - } - } elsif ($distro =~ /^(?:centos|rhes|scientific|oracle)(\d+)/) { - if ($1 >= 7) { - $checkfirewalld = 1; - } - } - if ($checkfirewalld) { - my ($loaded,$active); - if (open(PIPE,"systemctl status firewalld 2>/dev/null |")) { - while () { - chomp(); - if (/^\s*Loaded:\s+(\w+)/) { - $loaded = $1; - } - if (/^\s*Active:\s+(\w+)/) { - $active = $1; - } - } - close(PIPE); - } - if (($loaded eq 'loaded') || ($active eq 'active')) { - $inuse = 1; - my $cmd = 'firewall-cmd --get-default-zone'; - if (open(PIPE,"$cmd |")) { - my $result = ; - chomp($result); - close(PIPE); - if ($result =~ /^\w+$/) { - $zone = $result; - } - } - } - } - return ($inuse,$zone); -} - sub chkfirewall { my ($distro) = @_; my $configfirewall = 1; @@ -838,44 +736,30 @@ sub chkfirewall { https => 443, ); my %activefw; - my ($firewalld,$zone) = &uses_firewalld($distro); - if ($firewalld) { - my %current; - if (open(PIPE,'firewall-cmd --permanent --zone='.$zone.' --list-services |')) { - my $svc = ; - close(PIPE); - chomp($svc); - map { $current{$_} = 1; } (split(/\s+/,$svc)); - } - if ($current{'http'} && $current{'https'}) { - $configfirewall = 0; - } - } else { - if (&firewall_is_active()) { - my $iptables = &get_pathto_iptables(); - if ($iptables eq '') { - print &mt('Firewall not checked as path to iptables not determined.')."\n"; - } else { - my @fwchains = &get_fw_chains($iptables,$distro); - if (@fwchains) { - foreach my $service ('http','https') { - foreach my $fwchain (@fwchains) { - if (&firewall_is_port_open($iptables,$fwchain,$ports{$service})) { - $activefw{$service} = 1; - last; - } + if (&firewall_is_active()) { + my $iptables = &get_pathto_iptables(); + if ($iptables eq '') { + print &mt('Firewall not checked as path to iptables not determined.')."\n"; + } else { + my @fwchains = &get_fw_chains($iptables,$distro); + if (@fwchains) { + foreach my $service ('http','https') { + foreach my $fwchain (@fwchains) { + if (&firewall_is_port_open($iptables,$fwchain,$ports{$service})) { + $activefw{$service} = 1; + last; } } - if ($activefw{'http'}) { - $configfirewall = 0; - } - } else { - print &mt('Firewall not checked as iptables Chains not identified.')."\n"; } + if ($activefw{'http'}) { + $configfirewall = 0; + } + } else { + print &mt('Firewall not checked as iptables Chains not identified.')."\n"; } - } else { - print &mt('Firewall not enabled.')."\n"; } + } else { + print &mt('Firewall not enabled.')."\n"; } return ($configfirewall,\%activefw); } @@ -899,10 +783,10 @@ sub chkapache { } else { my ($configfile,$sitefile); if (($distname eq 'ubuntu') && ($version > 12)) { - $sitefile = '/etc/apache2/sites-available/loncapa.conf'; - $configfile = '/etc/apache2/conf-available/loncapa.conf'; + $sitefile = '/etc/apache2/sites-available/loncapa'; + $configfile = "/etc/apache2/conf-available/loncapa"; } else { - $configfile = '/etc/apache2/sites-available/loncapa'; + $configfile = "/etc/apache2/sites-available/loncapa"; } if (($configfile ne '') && (-e $configfile) && (-e $stdconf)) { if (open(PIPE, "diff --brief $stdconf $configfile |")) { @@ -934,35 +818,16 @@ sub chkapache { } } } - if ((!$fixapache) && ($distname eq 'ubuntu')) { - my $sitestatus = "/etc/apache2/mods-available/status.conf"; - my $stdstatus = "$instdir/debian-ubuntu/status.conf"; - if ((-e $stdstatus) && (-e $sitestatus)) { - if (open(PIPE, "diff --brief $stdstatus $sitestatus |")) { - my $diffres = ; - close(PIPE); - chomp($diffres); - if ($diffres) { - $fixapache = 1; - } - } - } - } - } elsif ($distro =~ /^(suse|sles)([\d\.]+)$/) { - my ($name,$version) = ($1,$2); + } elsif ($distro =~ /^(?:suse|sles)([\d\.]+)$/) { my $apache = 'apache'; - my $conf_file = "$instdir/sles-suse/default-server.conf"; - if ($version >= 10) { + if ($1 >= 10) { $apache = 'apache2'; } - if (($name eq 'sles') && ($version >= 12)) { - $conf_file = "$instdir/sles-suse/apache2.4/default-server.conf"; - } - if (!-e $conf_file) { + if (!-e "$instdir/sles-suse/default-server.conf") { $fixapache = 0; print &mt('Warning: No LON-CAPA Apache configuration file found for installation check.')."\n"; - } elsif (-e "/etc/$apache/default-server.conf") { - if (open(PIPE, "diff --brief $conf_file /etc/$apache/default-server.conf |")) { + } elsif ((-e "/etc/$apache/default-server.conf") && (-e "$instdir/sles-suse/default-server.conf")) { + if (open(PIPE, "diff --brief $instdir/sles-suse/default-server.conf /etc/$apache/default-server.conf |")) { my $diffres = ; close(PIPE); chomp($diffres); @@ -987,8 +852,7 @@ sub chkapache { } } else { my $configfile = 'httpd.conf'; - my $mpmfile = 'mpm.conf'; - if ($distro =~ /^(?:centos|rhes|scientific|oracle)(\d+)$/) { + if ($distro =~ /^(?:centos|rhes|scientific)(\d+)$/) { if ($1 >= 7) { $configfile = 'apache2.4/httpd.conf'; } elsif ($1 > 5) { @@ -996,7 +860,7 @@ sub chkapache { } } elsif ($distro =~ /^fedora(\d+)$/) { if ($1 > 17) { - $configfile = 'apache2.4/httpd.conf'; + $configfile = 'apache2.4/httpd.conf'; } elsif ($1 > 10) { $configfile = 'new/httpd.conf'; } @@ -1014,22 +878,46 @@ sub chkapache { } } } - if (-e "/etc/httpd/conf.modules.d/00-mpm.conf") { - if (!-e "$instdir/centos-rhes-fedora-sl/$mpmfile") { - print &mt('Warning: No LON-CAPA Apache MPM configuration file found for installation check.')."\n"; - } elsif ((-e "/etc/httpd/conf.modules.d/00-mpm.conf") && (-e "$instdir/centos-rhes-fedora-sl/$mpmfile")) { - if (open(PIPE, "diff --brief $instdir/centos-rhes-fedora-sl/$mpmfile /etc/httpd/conf.modules.d/00-mpm.conf |")) { - my $diffres = ; - close(PIPE); - chomp($diffres); - if ($diffres) { - $fixapache = 1; - } + } + return $fixapache; +} + +sub chkapachessl { + my ($distro,$instdir,$hostname) = @_; + my $fixapachessl = 1; + my $stdconf = "$instdir/loncapassl.conf"; + if (!-e $stdconf) { + $fixapachessl = 0; + print &mt('Warning: No LON-CAPA SSL Apache configuration file found for installation check.')."\n"; + } else { + my $sslfile; + if ($distro =~ /^(debian|ubuntu)(\d+)$/) { + $sslfile = '/etc/apache2/sites-available/loncapassl.conf'; + } elsif ($distro =~ /(suse|sles)/) { + $sslfile = '/etc/apache2/vhosts.d/loncapassl.conf'; + } else { + $sslfile = '/etc/httpd/conf.d/loncapassl.conf'; + } + if ((-e $sslfile) && (-e $stdconf)) { + if (open(PIPE, "diff -y -bi --suppress-common-lines $stdconf $sslfile |")) { + my $diffres = ; + close(PIPE); + chomp($diffres); + if ($diffres =~ /^\QServerName internal-{[[[[Hostname]]]]}\E\s+\|\s+\QServerName internal-\E$hostname$/) { + $fixapachessl = 0; + } + } + } + unless ($fixapachessl) { + if ($distro =~ /^(debian|ubuntu)(\d+)$/) { + unless ((-l '/etc/apache2/sites-enabled/loncapassl.conf') && + (readlink('/etc/apache2/sites-enabled/loncapassl.conf') eq '/etc/apache2/sites-available/loncapassl.conf')) { + print_and_log(&mt("Warning, use: 'sudo a2ensite loncapassl.conf' to activate LON-CAPA SSL Apache config\n")); } } } } - return $fixapache; + return $fixapachessl; } sub chksrvcs { @@ -1068,12 +956,12 @@ sub chksrvcs { } sub need_download { - my ($distro,$instdir) = @_; my $needs_download = 1; my ($production,$testing,$stdsizes) = &download_versionslist(); - my ($localcurrent,$localtesting,%tarball,%localsize,%bymodtime, + my ($rootdir,$localcurrent,$localtesting,%tarball,%localsize,%bymodtime, %bysize,$filetouse,$downloadstatus); - if (opendir(my $dir,$instdir)) { + $rootdir = '/root'; + if (opendir(my $dir,"$rootdir")) { my (@lcdownloads,$version); foreach my $file (readdir($dir)) { if ($file =~ /^loncapa\-([\w\-.]+)\.tar\.gz$/) { @@ -1083,14 +971,14 @@ sub need_download { } if (ref($stdsizes) eq 'HASH') { if ($version eq 'current') { - my @stats = stat("$instdir/$file"); + my @stats = stat("$rootdir/$file"); $localcurrent = $stats[7]; if ($localcurrent == $stdsizes->{$production}) { $needs_download = 0; $filetouse = $file; } } elsif ($version eq 'testing') { - my @stats = stat("$instdir/$file"); + my @stats = stat("$rootdir/$file"); $localtesting = $stats[7]; if ($localtesting == $stdsizes->{$testing}) { $needs_download = 0; @@ -1104,7 +992,7 @@ sub need_download { if ($needs_download) { if (@lcdownloads > 0) { foreach my $version (@lcdownloads) { - my @stats = stat("$instdir/$tarball{$version}"); + my @stats = stat("$rootdir/$tarball{$version}"); my $mtime = $stats[9]; $localsize{$version} = $stats[7]; if ($mtime) { @@ -1137,68 +1025,31 @@ sub need_download { my $newest = $sorted[0]; if (ref($bymodtime{$newest}) eq 'ARRAY') { $downloadstatus = - "Latest LON-CAPA source download in $instdir is: ". + "Latest LON-CAPA source download in $rootdir is: ". join(',',@{$bymodtime{$newest}})." (downloaded ". localtime($newest).")\n"; } } else { $downloadstatus = - "The $instdir directory already contains the latest LON-CAPA version:". + "The $rootdir directory already contains the latest LON-CAPA version:". "\n".$filetouse."\n"."which can be used for installation.\n"; } } else { - $downloadstatus = "The $instdir directory does not appear to contain any downloaded LON-CAPA source code files which can be used for installation.\n"; + $downloadstatus = "The $rootdir directory does not appear to contain any downloaded LON-CAPA source code files which can be used for installation.\n"; } } } else { - $downloadstatus = "Could not open $instdir directory to look for existing downloads of LON-CAPA source code.\n"; + $downloadstatus = "Could not open $rootdir directory to look for existing downloads of LON-CAPA source code.\n"; } return ($needs_download,$downloadstatus,$filetouse,$production,$testing); } sub check_mysql_setup { - my ($instdir,$dsn,$distro) = @_; - my ($mysqlsetup,$has_pass,$mysql_unix_socket,$mysql_has_wwwuser); + my ($instdir,$dsn,$distro,$mysql_has_wwwuser) = @_; + my ($mysqlsetup,$has_pass); my $dbh = DBI->connect($dsn,'root','',{'PrintError'=>0}); - my ($mysqlversion,$mysqlsubver,$mysqlname) = &get_mysql_version(); - if (($mysqlname =~ /^MariaDB/i) && ($mysqlversion >= 10.4)) { - if ($dbh) { - my $sth = $dbh->prepare("SELECT Priv FROM mysql.global_priv WHERE (User = 'root' AND Host ='localhost')"); - $sth->execute(); - while (my $priv = $sth->fetchrow_array) { - if ($priv =~ /unix_socket/) { - $mysql_unix_socket = 1; - last; - } - } - $sth->finish(); - if ($mysql_unix_socket) { - print_and_log(&mt('MariaDB using unix_socket for root access from localhost.')."\n"); - $mysqlsetup = 'rootok'; - $mysql_has_wwwuser = &check_mysql_wwwuser($dbh); - return ($mysqlsetup,$has_pass,$dbh,$mysql_has_wwwuser,$mysql_unix_socket); - } - } - } if ($dbh) { - $mysqlsetup = 'noroot'; - if (($mysqlname !~ /^MariaDB/i) && ($mysqlversion >= 5.7)) { - my $sth = $dbh->prepare("SELECT plugin from mysql.user where User='root'"); - $sth->execute(); - while (my $priv = $sth->fetchrow_array) { - if ($priv =~ /auth_socket/) { - $mysql_unix_socket = 1; - last; - } - } - $sth->finish(); - if ($mysql_unix_socket) { - print_and_log(&mt('MySQL using unix_socket for root access from localhost.')."\n"); - $mysqlsetup = 'rootok'; - $mysql_has_wwwuser = &check_mysql_wwwuser($dbh); - return ($mysqlsetup,$has_pass,$dbh,$mysql_has_wwwuser,$mysql_unix_socket); - } - } + $mysqlsetup = 'noroot'; } elsif ($DBI::err =~ /1045/) { $has_pass = 1; } elsif ($distro =~ /^ubuntu(\d+)$/) { @@ -1211,15 +1062,16 @@ sub check_mysql_setup { } close(PIPE); } + unless ($mysql_has_wwwuser) { + $mysql_has_wwwuser = &check_mysql_wwwuser(); + } $dbh = DBI->connect($dsn,'root','',{'PrintError'=>0}); if ($dbh) { $mysqlsetup = 'noroot'; - $mysql_has_wwwuser = &check_mysql_wwwuser($dbh); } elsif ($DBI::err =~ /1045/) { $has_pass = 1; } else { $mysqlsetup = 'needsrestart'; - $mysql_has_wwwuser = &check_mysql_wwwuser(); return ($mysqlsetup,$has_pass,$dbh,$mysql_has_wwwuser); } } @@ -1231,7 +1083,6 @@ sub check_mysql_setup { if ($dbh) { $mysqlsetup = 'rootok'; print_and_log(&mt('Password accepted.')."\n"); - $mysql_has_wwwuser = &check_mysql_wwwuser($dbh); } else { $mysqlsetup = 'rootfail'; print_and_log(&mt('Problem accessing MySQL.')."\n"); @@ -1243,35 +1094,27 @@ sub check_mysql_setup { if ($dbh) { $mysqlsetup = 'rootok'; print_and_log(&mt('Password accepted.')."\n"); - $mysql_has_wwwuser = &check_mysql_wwwuser($dbh); } else { if ($DBI::err =~ /1045/) { print_and_log(&mt('Incorrect password.')."\n"); } - $mysql_has_wwwuser = &check_mysql_wwwuser(); } } } } elsif ($mysqlsetup ne 'noroot') { print_and_log(&mt('Problem accessing MySQL.')."\n"); $mysqlsetup = 'rootfail'; - $mysql_has_wwwuser = &check_mysql_wwwuser(); } return ($mysqlsetup,$has_pass,$dbh,$mysql_has_wwwuser); } sub check_mysql_wwwuser { - my ($dbh) = @_; my $mysql_wwwuser; - if ($dbh) { - $mysql_wwwuser = $dbh->selectrow_array("SELECT COUNT(User) FROM mysql.user WHERE (User = 'www' AND Host ='localhost')"); - } else { - my $dbhn = DBI->connect("DBI:mysql:database=information_schema",'www','localhostkey', - {PrintError => +0}) || return; - if ($dbhn) { - $mysql_wwwuser = 1; - $dbhn->disconnect; - } + my $dbhn = DBI->connect("DBI:mysql:database=information_schema",'www','localhostkey', + {PrintError => +0}) || return; + if ($dbhn) { + $mysql_wwwuser = 1; + $dbhn->disconnect; } return $mysql_wwwuser; } @@ -1307,16 +1150,10 @@ sub get_pathto_iptables { sub firewall_is_active { if (-e '/proc/net/ip_tables_names') { - if (open(PIPE,'cat /proc/net/ip_tables_names |grep filter |')) { - my $status = ; - close(PIPE); - chomp($status); - if ($status eq 'filter') { - return 1; - } - } + return 1; + } else { + return 0; } - return 0; } sub get_fw_chains { @@ -1332,8 +1169,6 @@ sub get_fw_chains { @posschains = ('ufw-user-input','INPUT'); } elsif ($distro =~ /^debian5/) { @posschains = ('INPUT'); - } elsif ($distro =~ /^(suse|sles)(\d+)/) { - @posschains = ('IN_public'); } else { @posschains = ('RH-Firewall-1-INPUT','INPUT'); if (!-e '/etc/sysconfig/iptables') { @@ -1476,11 +1311,12 @@ print " ".&mt('3.')." ".&mt('Set-up the MySQL database.')." ".&mt('4.')." ".&mt('Set-up MySQL permissions.')." ".&mt('5.')." ".&mt('Configure Apache web server.')." -".&mt('6.')." ".&mt('Configure start-up of services.')." -".&mt('7.')." ".&mt('Check firewall settings.')." -".&mt('8.')." ".&mt('Stop services not used by LON-CAPA,')." +".&mt('6.')." ".&mt('Configure SSL for Apache web server.')." +".&mt('7.')." ".&mt('Configure start-up of services.')." +".&mt('8.')." ".&mt('Check firewall settings.')." +".&mt('9.')." ".&mt('Stop services not used by LON-CAPA,')." ".&mt('i.e., services for a print server: [_1] daemon.',"'cups'")." -".&mt('9.')." ".&mt('Download LON-CAPA source code in readiness for installation.')." +".&mt('10.')." ".&mt('Download LON-CAPA source code in readiness for installation.')." ".&mt('Typically, you will run this script only once, when you first install LON-CAPA.')." @@ -1510,30 +1346,31 @@ chomp($instdir); my %callsub; my @actions = ('wwwuser','pwauth','mysql','mysqlperms','apache', - 'runlevels','firewall','stopsrvcs','download'); + 'apachessl','runlevels','firewall','stopsrvcs','download'); my %prompts = &texthash( wwwuser => "Create the 'www' user?", pwauth => 'Install the package LON-CAPA uses to authenticate users?', mysql => 'Set-up the MySQL database?', mysqlperms => 'Set-up MySQL permissions?', apache => 'Configure Apache web server?', + apachessl => 'Configure SSL for Apache web server?', runlevels => 'Set overrides for start-up order of services?', firewall => 'Configure firewall settings for Apache', stopsrvcs => 'Stop extra services not required on a LON-CAPA server?', download => 'Download LON-CAPA source code in readiness for installation?', ); -print "\n".&mt('Checking system status ...')."\n"; +print "\n".&mt('Checking system status ...')."\n\n"; my $dsn = "DBI:mysql:database=mysql"; my ($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow,$mysqlrestart, - $recommended,$dbh,$has_pass,$mysql_unix_socket,$has_lcdb,$downloadstatus, - $filetouse,$production,$testing,$apachefw,$uses_systemctl) = &check_required($instdir,$dsn); + $recommended,$dbh,$has_pass,$has_lcdb,$downloadstatus,$filetouse,$production, + $testing,$apachefw,$uses_systemctl,$hostname) = &check_required($instdir,$dsn); if ($distro eq '') { print "\n".&mt('Linux distribution could not be verified as a supported distribution.')."\n". &mt('The following are supported: [_1].', 'CentOS, RedHat Enterprise, Fedora, Scientific Linux, '. - 'Oracle Linux, openSuSE, SLES, Ubuntu LTS, Debian')."\n\n". + 'openSuSE, SLES, Ubuntu LTS, Debian')."\n\n". &mt('Stopping execution.')."\n"; exit; } @@ -1556,7 +1393,6 @@ if (!$gotprereqs) { &mt('The following command can be used to install the package (and dependencies):')."\n\n". $updatecmd."\n\n"; if ($installnow eq '') { - print &mt('Stopping execution.')."\n"; exit; } else { print &mt('Run command? ~[Y/n~]'); @@ -1571,9 +1407,9 @@ if (!$gotprereqs) { exit; } else { ($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow, - $mysqlrestart,$recommended,$dbh,$has_pass,$mysql_unix_socket, - $has_lcdb,$downloadstatus,$filetouse,$production,$testing,$apachefw, - $uses_systemctl) = &check_required($instdir,$dsn); + $mysqlrestart,$recommended,$dbh,$has_pass,$has_lcdb,$downloadstatus, + $filetouse,$production,$testing,$apachefw,$uses_systemctl) = + &check_required($instdir,$dsn); } } else { print &mt('Failed to run command to install LONCAPA-prerequisites')."\n"; @@ -1627,41 +1463,26 @@ my $lctarball = 'loncapa-current.tar.gz' my $sourcetarball = $lctarball; if ($callsub{'download'}) { my ($production,$testing,$sizes) = &download_versionslist(); - my $homedir = '/root'; - if ($distro =~ /^ubuntu/) { - if ($instdir ne $homedir) { - ($homedir) = ($instdir =~ m{^(.*)/[^/]+$}); - } - } if ($production && $testing) { if ($production ne $testing) { print &mt('Two recent LON-CAPA releases are available: ')."\n". &mt('1.').' '.&mt('A production release - version: [_1].',$production)."\n". &mt('2.').' '.&mt('A testing release - version: [_1].',$testing)."\n\n". - &mt("After download, the tar.gz file will be extracted into $homedir")."\n\n". - &mt("Download the production release into $instdir? ~[Y/n~]"); + &mt('Download the production release? ~[Y/n~]'); if (&get_user_selection(1)) { $sourcetarball = 'loncapa-'.$production.'.tar.gz'; - print "$sourcetarball will be downloaded into $instdir\n"; } else { print "\n".&mt('Download the testing release? ~[Y/n~]'); if (&get_user_selection(1)) { $sourcetarball = 'loncapa-'.$testing.'.tar.gz'; - print "$sourcetarball will be downloaded into $instdir\n"; - } else { - $callsub{'download'} = 0; } } } } elsif ($production) { print &mt('The most recent LON-CAPA release is version: [_1].',$production)."\n". - &mt("After download, the tar.gz file will be extracted into $homedir")."\n\n". - &mt("Download the production release into $instdir? ~[Y/n~]"); + &mt('Download the production release? ~[Y/n~]'); if (&get_user_selection(1)) { $sourcetarball = 'loncapa-'.$production.'.tar.gz'; - print "$sourcetarball will be downloaded into $instdir\n"; - } else { - $callsub{'download'} = 0; } } } elsif ($filetouse ne '') { @@ -1685,8 +1506,7 @@ if ($callsub{'pwauth'}) { if ($callsub{'mysql'}) { if ($dbh) { - &setup_mysql($callsub{'mysqlperms'},$dbh,$has_pass, - $mysql_unix_socket,$has_lcdb,$distro); + &setup_mysql($callsub{'mysqlperms'},$distro,$dbh,$has_pass,$has_lcdb); } else { print &mt('Unable to configure MySQL because access is denied.')."\n"; } @@ -1694,7 +1514,7 @@ if ($callsub{'mysql'}) { &print_and_log(&mt('Skipping configuration of MySQL.')."\n"); if ($callsub{'mysqlperms'}) { if ($dbh) { - &setup_mysql_permissions($dbh,$has_pass,$mysql_unix_socket); + &setup_mysql_permissions($dbh,$has_pass); } else { print &mt('Unable to configure MySQL because access is denied.')."\n"; } @@ -1712,17 +1532,36 @@ if ($dbh) { if ($callsub{'apache'}) { if ($distro =~ /^(suse|sles)/) { - ©_apache2_suseconf($instdir,$distro); + ©_apache2_suseconf($instdir,$hostname); } elsif ($distro =~ /^(debian|ubuntu)/) { - ©_apache2_debconf($instdir,$distro); + ©_apache2_debconf($instdir,$distro,$hostname); } else { - ©_httpd_conf($instdir,$distro); - ©_mpm_conf($instdir,$distro); + ©_httpd_conf($instdir,$distro,$hostname); } } else { print_and_log(&mt('Skipping configuration of Apache web server.')."\n"); } +if ($callsub{'apachessl'}) { + if ($distro =~ /^(suse|sles)/) { + ©_apache_sslconf_file($instdir,'/etc/apache2/vhosts.d',$hostname); + } elsif ($distro =~ /^(debian|ubuntu)/) { + my $apache2_sites_available_dir = '/etc/apache2/sites-available'; + if (©_apache_sslconf_file($instdir,$apache2_sites_available_dir,$hostname)) { + my $apache2_sites_enabled_dir = '/etc/apache2/sites-enabled'; + my $made_symlink = eval { symlink("$apache2_sites_available_dir/loncapassl.conf","$apache2_sites_enabled_dir/loncapassl.conf"); 1 }; + if ($made_symlink) { + print_and_log(&mt('Enabling "[_1]" Apache SSL configuration.','loncapassl.conf')."\n"); + } + } + } else { + ©_apache_sslconf_file($instdir,'/etc/httpd/conf.d',$hostname); + } + print_and_log("\n"); +} else { + print_and_log(&mt('Skipping configuration of SSL for Apache web server.')."\n"); +} + if ($callsub{'runlevels'}) { my $count = 0; if (ref($recommended) eq 'HASH') { @@ -1741,53 +1580,18 @@ if ($callsub{'runlevels'}) { } } } - if ($distro =~ /^(suse|sles)(\d+)/) { - unless(($1 eq 'sles') && ($2 >= 15)) { - &update_SuSEfirewall2_setup($instdir); - } + if ($distro =~ /^(suse|sles)/) { + &update_SuSEfirewall2_setup($instdir); } } else { &print_and_log(&mt('Skipping setting override for start-up order of services.')."\n"); } if ($callsub{'firewall'}) { - my ($firewalld,$zone) = &uses_firewalld($distro); - if ($firewalld) { - my (%current,%added); - if (open(PIPE,"firewall-cmd --permanent --zone=$zone --list-services |")) { - my $svc = ; - close(PIPE); - chomp($svc); - map { $current{$_} = 1; } (split(/\s+/,$svc)); - } - foreach my $service ('http','https') { - unless ($current{$service}) { - if (open(PIPE,"firewall-cmd --permanent --zone=$zone --add-service=$service |")) { - my $result = ; - if ($result =~ /^success/) { - $added{$service} = 1; - } - } - } - } - if (keys(%added) > 0) { - print &mt('Firewall configured to allow access for: [_1].', - join(', ',sort(keys(%added))))."\n"; - system('firewall-cmd --reload'); - } - if ($current{'http'} || $current{'https'}) { - print &mt('Firewall already configured to allow access for:[_1].', - (($current{'http'})? ' http':'').(($current{'https'})? ' https':''))."\n"; - } - unless ($current{'ssh'}) { - print &mt('If you would like to allow access to ssh from outside, use the commands:')."\n". - "firewall-cmd --permanent --zone=$zone --add-service=ssh\n". - "firewall-cmd --reload\n"; - } - } elsif ($distro =~ /^(suse|sles)/) { + if ($distro =~ /^(suse|sles)/) { print &mt('Use [_1] to configure the firewall to allow access for [_2].', 'yast -- Security and Users -> Firewall -> Interfaces', - 'ssh, http, https')."\n"; + 'ssh, http, https')."\n"; } elsif ($distro =~ /^(debian|ubuntu)(\d+)/) { if (($1 eq 'ubuntu') || ($2 > 5)) { print &mt('Use [_1] to configure the firewall to allow access for [_2].', @@ -1804,24 +1608,14 @@ if ($callsub{'firewall'}) { } } } - } elsif ($distro =~ /^(scientific|oracle)/) { + } elsif ($distro =~ /^scientific/) { print &mt('Use [_1] to configure the firewall to allow access for [_2].', 'system-config-firewall-tui -- Customize', 'ssh, http')."\n"; } else { - my $version; - if ($distro =~ /^(redhat|centos)(\d+)$/) { - $version = $1; - } - if ($version > 5) { - print &mt('Use [_1] to configure the firewall to allow access for [_2].', - 'system-config-firewall-tui -- Customize', - 'ssh, http')."\n"; - } else { - print &mt('Use [_1] to configure the firewall to allow access for [_2].', - 'setup -- Firewall configuration -> Customize', - 'ssh, http, https')."\n"; - } + print &mt('Use [_1] to configure the firewall to allow access for [_2].', + 'setup -- Firewall configuration -> Customize', + 'ssh, http, https')."\n"; } } else { &print_and_log(&mt('Skipping Firewall configuration.')."\n"); @@ -1871,86 +1665,32 @@ if ($callsub{'download'}) { } print "\n".&mt('Requested configuration complete.')."\n\n"; +my $apachename; if ($have_tarball && !$updateshown) { my ($lcdir) = ($sourcetarball =~ /^([\w.\-]+)\.tar.gz$/); - if ($lcdir eq 'loncapa-current') { - $lcdir = "loncapa-X.Y.Z (X.Y.Z should correspond to a version number like '2.11.3')"; - } - my ($apachename,$lc_uses_systemctl,$uses_sudo); - if ($distro =~ /^(suse|sles|debian|ubuntu)([\d.]+)/) { - if (($1 eq 'suse') && ($2 < 10)) { - $apachename = 'apache'; - } else { - $apachename = 'apache2'; - } - } else { - $apachename = 'httpd'; - } - if ($distro =~ /^oracle(\d+)$/) { - if ($1 > 6) { - $lc_uses_systemctl = 1; - } - } elsif ($distro =~ /^(?:rhes|centos)(\d+)$/) { - if ($1 > 7) { - $lc_uses_systemctl = 1; - } - } elsif ($distro =~ /^ubuntu(\d+)$/) { - if ($1 > 16) { - $lc_uses_systemctl = 1; - } - $uses_sudo = 1; - } elsif ($distro =~ /^sles(\d+)$/) { - if ($1 > 12) { - $lc_uses_systemctl = 1; - } - } if (!-e '/etc/loncapa-release') { print &mt('If you are now ready to install LON-CAPA, enter the following commands:')."\n\n"; } else { - my $lcstop = '/etc/init.d/loncontrol stop'; - if ($lc_uses_systemctl) { - $lcstop = 'systemctl stop loncontrol'; - } - my $apachestop = "/etc/init.d/$apachename stop"; - if ($uses_systemctl) { - $apachestop = "systemctl stop $apachename"; - } - if ($uses_sudo) { - $lcstop = 'sudo '.$lcstop; - $apachestop = 'sudo '.$apachestop; - } - print &mt('If you are now ready to update LON-CAPA, enter the following commands:'). - "\n\n$lcstop\n$apachestop\n"; - } - my ($extract,$update); - my $homedir = '/root'; - if ($uses_sudo) { - $extract = 'sudo '; - $update = 'sudo '; - if ($instdir ne $homedir) { - ($homedir) = ($instdir =~ m{^(.*)/[^/]+$}); - } - } - $extract .= "tar zxf $sourcetarball --directory $homedir"; - $update .= './UPDATE'; - print "$extract\n". - "cd $homedir/$lcdir\n". - "$update\n"; - if (-e '/etc/loncapa-release') { - my $lcstart = '/etc/init.d/loncontrol start'; - if ($lc_uses_systemctl) { - $lcstart = '/home/httpd/perl/loncontrol start'; - } - my $apachestart = "/etc/init.d/$apachename start"; - if ($uses_systemctl) { - $apachestart = "systemctl start $apachename"; - } - if ($uses_sudo) { - $lcstart = 'sudo '.$lcstart; - $apachestart = 'sudo '.$apachestart; + print &mt('If you are now ready to update LON-CAPA, enter the following commands:')."\n\n". + "/etc/init.d/loncontrol stop\n"; + if ($distro =~ /^(suse|sles|debian|ubuntu)([\d.]+)/) { + if (($1 eq 'suse') && ($2 < 10)) { + $apachename = 'apache'; + } else { + $apachename = 'apache2'; + } + } else { + $apachename = 'httpd'; } - print "$lcstart\n"; - print "$apachestart\n"; + print "/etc/init.d/$apachename stop\n"; + } + print "cd /root\n". + "tar zxf $sourcetarball\n". + "cd $lcdir\n". + "./UPDATE\n"; + if (-e '/etc/loncapa-release') { + print "/etc/init.d/loncontrol start\n"; + print "/etc/init.d/$apachename start\n"; } } exit; @@ -2134,27 +1874,17 @@ sub kill_extra_services { } sub setup_mysql { - my ($setup_mysql_permissions,$dbh,$has_pass,$mysql_unix_socket,$has_lcdb,$distro) = @_; + my ($setup_mysql_permissions,$distro,$dbh,$has_pass,$has_lcdb) = @_; my @mysql_lc_commands; unless ($has_lcdb) { - my $createcmd = 'CREATE DATABASE loncapa'; - if ($distro =~ /^sles(\d+)/) { - if ($1 > 11) { - $createcmd .= ' CHARACTER SET utf8 COLLATE utf8_general_ci'; - } - } elsif ($distro =~ /^ubuntu(\d+)/) { - if ($1 > 16) { - $createcmd .= ' CHARACTER SET latin1 COLLATE latin1_swedish_ci'; - } - } - push(@mysql_lc_commands,$createcmd); + push(@mysql_lc_commands,"CREATE DATABASE loncapa"); } push(@mysql_lc_commands,"USE loncapa"); push(@mysql_lc_commands,qq{ CREATE TABLE IF NOT EXISTS metadata (title TEXT, author TEXT, subject TEXT, url TEXT, keywords TEXT, version TEXT, notes TEXT, abstract TEXT, mime TEXT, language TEXT, creationdate DATETIME, lastrevisiondate DATETIME, owner TEXT, copyright TEXT, domain TEXT, dependencies TEXT, modifyinguser TEXT, authorspace TEXT, lowestgradelevel TEXT, highestgradelevel TEXT, standards TEXT, count INT, course INT, course_list TEXT, goto INT, goto_list TEXT, comefrom INT, comefrom_list TEXT, sequsage INT, sequsage_list TEXT, stdno INT, stdno_list TEXT, avetries FLOAT, avetries_list TEXT, difficulty FLOAT, difficulty_list TEXT, disc FLOAT, disc_list TEXT, clear FLOAT, technical FLOAT, correct FLOAT, helpful FLOAT, depth FLOAT, hostname TEXT, FULLTEXT idx_title (title), FULLTEXT idx_author (author), FULLTEXT idx_subject (subject), FULLTEXT idx_url (url), FULLTEXT idx_keywords (keywords), FULLTEXT idx_version (version), FULLTEXT idx_notes (notes), FULLTEXT idx_abstract (abstract), FULLTEXT idx_mime (mime), FULLTEXT idx_language (language), FULLTEXT idx_owner (owner), FULLTEXT idx_copyright (copyright)) ENGINE=MYISAM }); if ($setup_mysql_permissions) { - &setup_mysql_permissions($dbh,$has_pass,$mysql_unix_socket,@mysql_lc_commands); + &setup_mysql_permissions($dbh,$has_pass,@mysql_lc_commands); } else { print_and_log(&mt('Skipping MySQL permissions setup.')."\n"); if ($dbh) { @@ -2171,14 +1901,11 @@ CREATE TABLE IF NOT EXISTS metadata (tit } sub setup_mysql_permissions { - my ($dbh,$has_pass,$mysql_unix_socket,@mysql_lc_commands) = @_; + my ($dbh,$has_pass,@mysql_lc_commands) = @_; my ($mysqlversion,$mysqlsubver,$mysqlname) = &get_mysql_version(); - my ($usescreate,$usesauth,$is_mariadb,$hasauthcol,@mysql_commands); + my ($usesauth,$hasauthcol,@mysql_commands); if ($mysqlname =~ /^MariaDB/i) { - $is_mariadb = 1; - if ($mysqlversion >= 10.4) { - $usescreate = 1; - } elsif ($mysqlversion >= 10.2) { + if ($mysqlversion >= 10.2) { $usesauth = 1; } elsif ($mysqlversion >= 5.5) { $hasauthcol = 1; @@ -2190,16 +1917,9 @@ sub setup_mysql_permissions { $hasauthcol = 1; } } - if ($usescreate) { - @mysql_commands = ("CREATE USER 'www'\@'localhost' IDENTIFIED BY 'localhostkey'"); - } elsif ($usesauth) { + if ($usesauth) { @mysql_commands = ("INSERT user (Host, User, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www','','','','')", - "FLUSH PRIVILEGES"); - if ($is_mariadb) { - push(@mysql_commands,"ALTER USER 'www'\@'localhost' IDENTIFIED BY 'localhostkey'"); - } else { - push(@mysql_commands,"ALTER USER 'www'\@'localhost' IDENTIFIED WITH mysql_native_password BY 'localhostkey'"); - } + "ALTER USER 'www'\@'localhost' IDENTIFIED WITH mysql_native_password BY 'localhostkey'"); } elsif ($hasauthcol) { @mysql_commands = ("INSERT user (Host, User, Password, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www',password('localhostkey'),'','','','');"); } else { @@ -2213,7 +1933,7 @@ INSERT db (Host,Db,User,Select_priv,Inse INSERT db (Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Grant_priv,References_priv,Index_priv,Alter_priv,Create_tmp_table_priv,Lock_tables_priv) VALUES('localhost','loncapa','www','Y','Y','Y','Y','Y','Y','N','Y','Y','Y','Y','Y')"); } push(@mysql_commands,"DELETE FROM user WHERE host<>'localhost'"); - if (($has_pass) || ($mysql_unix_socket)) { + if ($has_pass) { if ($dbh) { push(@mysql_commands,"FLUSH PRIVILEGES"); if (@mysql_commands) { @@ -2254,7 +1974,7 @@ INSERT db (Host,Db,User,Select_priv,Inse } } if ($got_passwd) { - my (@newpass_cmds) = &new_mysql_rootpasswd($newmysqlpass,$usesauth,$is_mariadb); + my (@newpass_cmds) = &new_mysql_rootpasswd($newmysqlpass,$usesauth); push(@mysql_commands,@newpass_cmds); } else { print_and_log(&mt('Failed to get MySQL root password from user input.')."\n"); @@ -2284,15 +2004,10 @@ INSERT db (Host,Db,User,Select_priv,Inse } sub new_mysql_rootpasswd { - my ($currmysqlpass,$usesauth,$is_mariadb) = @_; + my ($currmysqlpass,$usesauth) = @_; if ($usesauth) { - if ($is_mariadb) { - return ("ALTER USER 'root'\@'localhost' IDENTIFIED BY '$currmysqlpass'", - "FLUSH PRIVILEGES;"); - } else { - return ("ALTER USER 'root'\@'localhost' IDENTIFIED WITH mysql_native_password BY '$currmysqlpass'", - "FLUSH PRIVILEGES;"); - } + return ("ALTER USER 'root'\@'localhost' IDENTIFIED WITH mysql_native_password BY '$currmysqlpass'", + "FLUSH PRIVILEGES;"); } else { return ("SET PASSWORD FOR 'root'\@'localhost'=PASSWORD('$currmysqlpass')", "FLUSH PRIVILEGES;"); @@ -2305,7 +2020,7 @@ sub get_mysql_version { my $info = ; chomp($info); close(PIPE); - ($version,$subversion,$name) = ($info =~ /(\d+\.\d+)\.(\d+)(?:\-?(\w*),|)/); + ($version,$subversion,$name) = ($info =~ /(\d+\.\d+)\.(\d+)\-?(\w*),/); } else { print &mt('Could not determine which version of MySQL is installed.'). "\n"; @@ -2321,9 +2036,9 @@ sub get_mysql_version { ########################################################### sub copy_httpd_conf { - my ($instdir,$distro) = @_; + my ($instdir,$distro,$hostname) = @_; my $configfile = 'httpd.conf'; - if ($distro =~ /^(?:centos|rhes|scientific|oracle)(\d+)$/) { + if ($distro =~ /^(?:centos|rhes|scientific)(\d+)$/) { if ($1 >= 7) { $configfile = 'apache2.4/httpd.conf'; } elsif ($1 > 5) { @@ -2344,48 +2059,45 @@ sub copy_httpd_conf { print_and_log("\n"); } -########################################################### -## -## RHEL/CentOS/Fedora/Scientific Linux -## Copy LON-CAPA mpm.conf to /etc/httpd/conf.modules.d/00-mpm.conf +############################################### ## -## The LON-CAPA mpm.conf enables the prefork MPM module in -## Apache. This is also the default for RHEL/CentOS/Oracle -## Linux 7 and earlier, and Fedora 26 and earlier. For more -## recent versions of those distros, the event MPM is enabled -## by default. After ©_mpm_conf() is run, the prefork MPM -## module will be enabled instead of the event MPM module. +## Copy/Modify loncapassl.conf ## -########################################################### +############################################### -sub copy_mpm_conf { - my ($instdir,$distro) = @_; - my $mpmfile = 'mpm.conf'; - if ((-e "/etc/httpd/conf.modules.d/00-mpm.conf") && - (-e "$instdir/centos-rhes-fedora-sl/$mpmfile")) { - print_and_log(&mt('Copying the LON-CAPA [_1] to [_2].',"'mpm.conf'", - "'/etc/httpd/conf.modules.d/00-mpm.conf'")."\n"); - copy "$instdir/centos-rhes-fedora-sl/$mpmfile","/etc/httpd/conf.modules.d/00-mpm.conf"; - chmod(0644,"/etc/httpd/conf.modules.d/00-mpm.conf"); - print_and_log("\n"); - } else { - my $logfail; - if ($distro =~ /^(?:centos|rhes|scientific|oracle)(\d+)$/) { - if ($1 > 7) { - $logfail = 1; - } - } elsif ($distro =~ /^fedora(\d+)$/) { - if ($1 > 26) { - $logfail = 1; +sub copy_apache_sslconf_file { + my ($instdir,$targetdir,$hostname) = @_; + my ($success,$error); + if (-e "$instdir/loncapassl.conf") { + if (open(my $fh,'<',"$instdir/loncapassl.conf")) { + if (open(my $out,'>',"$targetdir/loncapassl.conf")) { + while (<$fh>) { + if (/^\QServerName internal-\E/) { + chomp(); + s/^(\QServerName internal-\E)(.*)$/$1$hostname\n/; + } + print $out $_; + } + $success = 1; + } else { + $error = "Could not write to $targetdir/loncapassl.conf"; } + } else { + $error = "Could not read from $instdir/loncapassl.conf"; } - if ($logfail) { - print_and_log(&mt('Warning: copying the LON-CAPA [_1] failed because [_2] and/or [_3] are missing.', - $mpmfile,"'$instdir/centos-rhes-fedora-sl/$mpmfile'", - "'/etc/httpd/conf.modules.d/00-mpm.conf'")); - print_and_log("\n"); + } else { + $error = "File to copy from: $instdir/loncapassl.conf does not exist"; + } + if ($success) { + print_and_log(&mt('Successfully copied [_1] to [_2].',"'loncapassl.conf'","'$targetdir/loncapassl.conf'")."\n"); + chmod(0444,"$targetdir/loncapassl.conf"); + } else { + print_and_log(&mt('Failed to copy [_1] to [_2].',"'loncapassl.conf'","'$targetdir/loncapassl.conf'")."\n"); + if ($error) { + print_and_log("$error\n"); } } + return $success; } ######################################################### @@ -2396,7 +2108,7 @@ sub copy_mpm_conf { ######################################################### sub copy_apache2_debconf { - my ($instdir,$distro) = @_; + my ($instdir,$distro,$hostname) = @_; my $apache2_mods_enabled_dir = '/etc/apache2/mods-enabled'; my $apache2_mods_available_dir = '/etc/apache2/mods-available'; foreach my $module ('headers.load','expires.load') { @@ -2408,7 +2120,6 @@ sub copy_apache2_debconf { my $apache2_sites_enabled_dir = '/etc/apache2/sites-enabled'; my $apache2_sites_available_dir = '/etc/apache2/sites-available'; my $defaultconfig = "$apache2_sites_enabled_dir/000-default"; - my $defaultsite = "$apache2_sites_enabled_dir/loncapa.conf"; my ($distname,$version); if ($distro =~ /^(debian|ubuntu)(\d+)$/) { $distname = $1; @@ -2417,182 +2128,35 @@ sub copy_apache2_debconf { if (($distname eq 'ubuntu') && ($version > 12)) { $defaultconfig = "$apache2_sites_enabled_dir/000-default.conf"; } - my ($skipconf,$skipsite,$skipstatus); + if (-l $defaultconfig) { + unlink($defaultconfig); + } if (($distname eq 'ubuntu') && ($version > 12)) { + print_and_log(&mt('Copying loncapa [_1] config file to [_2] and pointing [_3] to it from conf-enabled.',"'apache2'","'/etc/apache2/conf-available'","'loncapa.conf symlink'")."\n"); my $apache2_conf_enabled_dir = '/etc/apache2/conf-enabled'; my $apache2_conf_available_dir = '/etc/apache2/conf-available'; - my $defaultconf = $apache2_conf_enabled_dir.'/loncapa.conf'; - if ((-e "$apache2_conf_available_dir/loncapa") && (-e "$instdir/debian-ubuntu/ubuntu14/loncapa_conf")) { - if (open(PIPE, "diff --brief $apache2_conf_available_dir/loncapa $instdir/debian-ubuntu/ubuntu14/loncapa_conf |")) { - my $diffres = ; - close(PIPE); - chomp($diffres); - if ($diffres) { - copy("$apache2_conf_available_dir/loncapa","$apache2_conf_available_dir/loncapa.conf.original"); - } else { - copy("$apache2_conf_available_dir/loncapa","$apache2_conf_available_dir/loncapa.conf"); - chdir($apache2_conf_enabled_dir); - symlink('../conf-available/loncapa.conf','loncapa.conf'); - chdir($instdir); - } - if (-l $defaultconf) { - my $linkfname = readlink($defaultconf); - if ($linkfname ne '') { - $linkfname = Cwd::abs_path(File::Spec->rel2abs($linkfname,$apache2_conf_enabled_dir)); - } - if ($linkfname eq "$apache2_conf_available_dir/loncapa") { - unlink($defaultconf); - } - } - unlink("$apache2_conf_available_dir/loncapa"); - } - } - if ((-e "$apache2_conf_available_dir/loncapa.conf") && (-e "$instdir/debian-ubuntu/ubuntu14/loncapa_conf")) { - if (open(PIPE, "diff --brief $apache2_conf_available_dir/loncapa.conf $instdir/debian-ubuntu/ubuntu14/loncapa_conf |")) { - my $diffres = ; - close(PIPE); - chomp($diffres); - if ($diffres) { - copy("$apache2_conf_available_dir/loncapa.conf","$apache2_conf_available_dir/loncapa.conf.original"); - } - if (-l $defaultconf) { - my $linkfname = readlink($defaultconf); - if ($linkfname ne '') { - $linkfname = Cwd::abs_path(File::Spec->rel2abs($linkfname,$apache2_conf_enabled_dir)); - } - if ($linkfname eq "$apache2_conf_available_dir/loncapa.conf") { - unless ($diffres) { - $skipconf = 1; - } - } - } - } - } - unless ($skipconf) { - print_and_log(&mt('Copying loncapa [_1] config file to [_2] and pointing [_3] to it from conf-enabled.',"'apache2'","'/etc/apache2/conf-available'","'loncapa.conf symlink'")."\n"); - copy("$instdir/debian-ubuntu/ubuntu14/loncapa_conf","$apache2_conf_available_dir/loncapa.conf"); - chmod(0444,"$apache2_conf_available_dir/loncapa.conf"); - if (-l $defaultconf) { - unlink($defaultconf); - } - chdir($apache2_conf_enabled_dir); - symlink('../conf-available/loncapa.conf','loncapa.conf'); - chdir($instdir); - } - my $stdsite = "$instdir/debian-ubuntu/ubuntu14/loncapa_site"; - if ((-e $stdsite) && (-e "$apache2_sites_available_dir/loncapa")) { - if (open(PIPE, "diff --brief $stdsite $apache2_sites_available_dir/loncapa |")) { - my $diffres = ; - close(PIPE); - chomp($diffres); - if ($diffres) { - copy("$apache2_sites_available_dir/loncapa","$apache2_sites_available_dir/loncapa.conf.original"); - } else { - copy("$apache2_sites_available_dir/loncapa","$apache2_sites_available_dir/loncapa.conf"); - } - if (-l $defaultconfig) { - my $linkfname = readlink($defaultconfig); - if ($linkfname ne '') { - $linkfname = Cwd::abs_path(File::Spec->rel2abs($linkfname,$apache2_sites_enabled_dir)); - } - if ($linkfname eq "$apache2_sites_available_dir/loncapa") { - unlink($defaultconfig); - } - } - unlink("$apache2_sites_available_dir/loncapa"); - } - } - if ((-e $stdsite) && (-e "$apache2_sites_available_dir/loncapa.conf")) { - if (open(PIPE, "diff --brief $stdsite $apache2_sites_available_dir/loncapa.conf |")) { - my $diffres = ; - close(PIPE); - chomp($diffres); - if ($diffres) { - copy("$apache2_sites_available_dir/loncapa.conf","$apache2_sites_available_dir/loncapa.conf.original"); - } - if (-l $defaultsite) { - my $linkfname = readlink($defaultsite); - if ($linkfname ne '') { - $linkfname = Cwd::abs_path(File::Spec->rel2abs($linkfname,$apache2_sites_enabled_dir)); - } - if ($linkfname eq "$apache2_sites_available_dir/loncapa.conf") { - unless ($diffres) { - $skipsite = 1; - } - } - } - } - } - unless ($skipsite) { - print_and_log(&mt('Copying loncapa [_1] site file to [_2] and pointing [_3] to it from sites-enabled.',"'apache2'","'/etc/apache2/sites-available'","'loncapa.conf symlink'")."\n"); - copy("$instdir/debian-ubuntu/ubuntu14/loncapa_site","$apache2_sites_available_dir/loncapa.conf"); - chmod(0444,"$apache2_sites_available_dir/loncapa.conf"); - chdir($apache2_sites_enabled_dir); - symlink('../sites-available/loncapa.conf','loncapa.conf'); - chdir($instdir); - } - if (-l $defaultconfig) { - my $linkfname = readlink($defaultconfig); - if ($linkfname ne '') { - $linkfname = Cwd::abs_path(File::Spec->rel2abs($linkfname,$apache2_sites_enabled_dir)); - } - if ($linkfname eq "$apache2_sites_available_dir/000-default.conf") { - unlink($defaultconfig); - } - } - } else { - if ((-e "$instdir/debian-ubuntu/loncapa") && (-e "$apache2_sites_available_dir/loncapa")) { - if (open(PIPE, "diff --brief $instdir/debian-ubuntu/loncapa $apache2_sites_available_dir/loncapa |")) { - my $diffres = ; - close(PIPE); - chomp($diffres); - if ($diffres) { - copy("$apache2_sites_available_dir/loncapa","$apache2_sites_available_dir/loncapa.original"); - } - if (-l $defaultconfig) { - my $linkfname = readlink($defaultconfig); - if ($linkfname eq "$apache2_sites_available_dir/loncapa") { - unless ($diffres) { - $skipsite = 1; - } - } - } - } - } - unless ($skipsite) { - if (-l $defaultconfig) { - unlink($defaultconfig); - } - print_and_log(&mt('Copying loncapa [_1] config file to [_2] and pointing [_3] to it from sites-enabled.',"'apache2'","'/etc/apache2/sites-available'","'000-default symlink'")."\n"); - if (-e "$instdir/debian-ubuntu/loncapa") { - copy("$instdir/debian-ubuntu/loncapa","$apache2_sites_available_dir/loncapa"); - chmod(0444,"$apache2_sites_available_dir/loncapa"); - symlink("$apache2_sites_available_dir/loncapa","$apache2_sites_enabled_dir/000-default"); - } - } - } - if ($distname eq 'ubuntu') { - my $sitestatus = "$apache2_mods_available_dir/status.conf"; - my $stdstatus = "$instdir/debian-ubuntu/status.conf"; - if ((-e $sitestatus) && (-e $stdstatus)) { - if (open(PIPE, "diff --brief $stdstatus $sitestatus |")) { - my $diffres = ; - close(PIPE); - chomp($diffres); - if ($diffres) { - copy("$apache2_mods_available_dir/status.conf","$apache2_mods_available_dir/status.conf.original"); - } else { - $skipstatus = 1; - } - } - } - unless ($skipstatus) { - if (-e $stdstatus) { - print_and_log(&mt('Copying loncapa [_1] file to [_2],',"'status.conf'","'/etc/apache2/mods-available/status.conf'")."\n"); - copy($stdstatus,$sitestatus); - chmod(0644,$sitestatus); - } + if (-e "$apache2_conf_available_dir/loncapa") { + copy("$apache2_conf_available_dir/loncapa","$apache2_conf_available_dir/loncapa.original"); } + my $defaultconf = $apache2_conf_enabled_dir.'/loncapa.conf'; + copy("$instdir/debian-ubuntu/ubuntu14/loncapa_conf","$apache2_conf_available_dir/loncapa"); + chmod(0444,"$apache2_conf_available_dir/loncapa"); + if (-l $defaultconf) { + unlink($defaultconf); + } + symlink("$apache2_conf_available_dir/loncapa","$defaultconf"); + print_and_log(&mt('Copying loncapa [_1] site file to [_2] and pointing [_3] to it from sites-enabled.',"'apache2'","'/etc/apache2/sites-available'","'000-default.conf symlink'")."\n"); + copy("$instdir/debian-ubuntu/ubuntu14/loncapa_site","$apache2_sites_available_dir/loncapa"); + chmod(0444,"$apache2_sites_available_dir/loncapa"); + symlink("$apache2_sites_available_dir/loncapa","$defaultconfig"); + } else { + print_and_log(&mt('Copying loncapa [_1] config file to [_2] and pointing [_3] to it from sites-enabled.',"'apache2'","'/etc/apache2/sites-available'","'000-default symlink'")."\n"); + if (-e "$apache2_sites_available_dir/loncapa") { + copy("$apache2_sites_available_dir/loncapa","$apache2_sites_available_dir/loncapa.original"); + } + copy("$instdir/debian-ubuntu/loncapa","$apache2_sites_available_dir/loncapa"); + chmod(0444,"$apache2_sites_available_dir/loncapa"); + symlink("$apache2_sites_available_dir/loncapa","$apache2_sites_enabled_dir/000-default"); } print_and_log("\n"); } @@ -2606,19 +2170,14 @@ sub copy_apache2_debconf { ########################################################### sub copy_apache2_suseconf { - my ($instdir,$distro) = @_; - my ($name,$version) = ($distro =~ /^(suse|sles)([\d\.]+)$/); - my $conf_file = "$instdir/sles-suse/default-server.conf"; - if (($name eq 'sles') && ($version >= 12)) { - $conf_file = "$instdir/sles-suse/apache2.4/default-server.conf"; - } + my ($instdir,$hostname) = @_; print_and_log(&mt('Copying the LON-CAPA [_1] to [_2].', "'default-server.conf'", "'/etc/apache2/default-server.conf'")."\n"); if (!-e "/etc/apache2/default-server.conf.original") { copy "/etc/apache2/default-server.conf","/etc/apache2/default-server.conf.original"; } - copy $conf_file,"/etc/apache2/default-server.conf"; + copy "$instdir/sles-suse/default-server.conf","/etc/apache2/default-server.conf"; chmod(0444,"/etc/apache2/default-server.conf"); # Make symlink for conf directory (included in loncapa_apache.conf) my $can_symlink = (eval { symlink('/etc/apache2','/srv/www/conf'); }, $@ eq ''); @@ -2629,7 +2188,7 @@ sub copy_apache2_suseconf { &print_and_log(&mt('Symlink creation failed for [_1] to [_2]. You will need to perform this action from the command line.',"'/srv/www/conf'","'/etc/apache2'")."\n"); } ©_apache2_conf_files($instdir); - ©_sysconfig_apache2_file($instdir,$name,$version); + ©_sysconfig_apache2_file($instdir); print_and_log("\n"); } @@ -2655,16 +2214,12 @@ sub copy_apache2_conf_files { ## ############################################### sub copy_sysconfig_apache2_file { - my ($instdir,$name,$version) = @_; + my ($instdir) = @_; print_and_log(&mt('Copying the LON-CAPA [_1] to [_2].',"'sysconfig/apache2'","'/etc/sysconfig/apache2'")."\n"); if (!-e "/etc/sysconfig/apache2.original") { copy "/etc/sysconfig/apache2","/etc/sysconfig/apache2.original"; } - my $sysconf_file = "$instdir/sles-suse/sysconfig_apache2"; - if (($name eq 'sles') && ($version >= 12)) { - $sysconf_file = "$instdir/sles-suse/apache2.4/sysconfig_apache2"; - } - copy $sysconf_file,"/etc/sysconfig/apache2"; + copy "$instdir/sles-suse/sysconfig_apache2","/etc/sysconfig/apache2"; chmod(0444,"/etc/sysconfig/apache2"); } @@ -2772,47 +2327,31 @@ sub download_loncapa { print_and_log(" ------------------------------------------------------------------------ -".&mt('You seem to have a version of [_1] in [_2]',$lctarball,$instdir)."\n". +".&mt('You seem to have a version of loncapa-current.tar.gz in [_1]',$instdir)."\n". &mt('This copy will be used and a new version will NOT be downloaded.')."\n". &mt('If you wish, you may download a new version by executing:')." -wget http://install.loncapa.org/versions/$lctarball +wget http://install.loncapa.org/versions/loncapa-current.tar.gz ------------------------------------------------------------------------ "); } ## - ## untar loncapa-X.Y.Z.tar.gz + ## untar loncapa.tar.gz ## if ($have_tarball) { - my $homedir = '/root'; - my ($targetdir,$chdircmd,$updatecmd); - if (($distro =~ /^ubuntu/) && ($instdir ne $homedir)) { - ($homedir) = ($instdir =~ m{^(.*)/[^/]+$}); - $updatecmd = 'sudo ./UPDATE'; - } else { - $updatecmd = './UPDATE'; - } print_and_log(&mt('Extracting LON-CAPA source files')."\n"); - if (-e $homedir) { - writelog(`tar zxf $instdir/$lctarball --directory $homedir`); - $targetdir = $homedir; - } else { - writelog(`tar zxf $instdir/$lctarball`); - $targetdir = $instdir; - } - if ($lctarball =~ /^loncapa\-(\d+\.\d+\.\d+(?:|[^.]+))\.tar\.gz$/) { - $chdircmd = "cd $targetdir/loncapa-".$1; - } else { - $chdircmd = "cd $targetdir/loncapa-X.Y.Z (X.Y.Z should correspond to a version number like '2.11.3')"; - } + writelog(`cd ~root; tar zxf $instdir/$lctarball`); print_and_log("\n"); print &mt('LON-CAPA source files extracted.')."\n". - &mt('It remains for you to execute the following commands:'). - "\n$chdircmd\n$updatecmd\n". - &mt('If you have any trouble, please see [_1] and [_2]', - 'http://install.loncapa.org/','http://help.loncapa.org/')."\n"; + &mt('It remains for you to execute the following commands:')." + +cd /root/loncapa-N.N (N.N should correspond to a version number like '0.4') +./UPDATE + +".&mt('If you have any trouble, please see [_1] and [_2]', + 'http://install.loncapa.org/','http://help.loncapa.org/')."\n"; $updateshown = 1; } return ($have_tarball,$updateshown);