--- doc/install/linux/install.pl 2020/05/03 00:48:28 1.45.2.7 +++ doc/install/linux/install.pl 2018/07/11 01:58:41 1.46 @@ -26,6 +26,7 @@ use strict; use File::Copy; use Term::ReadKey; +use Sys::Hostname::FQDN(); use DBI; use Cwd(); use File::Basename(); @@ -75,7 +76,7 @@ if (!open(LOG,">>loncapa_install.log")) &mt('Stopping execution.')."\n"; exit; } else { - print LOG '$Id: install.pl,v 1.45.2.7 2020/05/03 00:48:28 raeburn Exp $'."\n"; + print LOG '$Id: install.pl,v 1.46 2018/07/11 01:58:41 raeburn Exp $'."\n"; } # @@ -162,20 +163,9 @@ sub get_user_selection { } sub get_distro { - my ($distro,$gotprereqs,$updatecmd,$packagecmd,$installnow,$unknown); + my ($distro,$gotprereqs,$updatecmd,$packagecmd,$installnow); $packagecmd = '/bin/rpm -q LONCAPA-prerequisites '; - if (-e '/etc/oracle-release') { - open(IN,'; - chomp($versionstring); - close(IN); - if ($versionstring =~ /^Oracle Linux Server release (\d+)/) { - my $version = $1; - $distro = 'oracle'.$1; - $updatecmd = 'yum install LONCAPA-prerequisites'; - $installnow = 'yum -y install LONCAPA-prerequisites'; - } - } elsif (-e '/etc/redhat-release') { + if (-e '/etc/redhat-release') { open(IN,'; chomp($versionstring); @@ -205,10 +195,6 @@ sub get_distro { $distro = 'rhes'.$1; $updatecmd = 'yum install LONCAPA-prerequisites'; $installnow = 'yum -y install LONCAPA-prerequisites'; - } elsif ($versionstring =~ /Red Hat Enterprise Linux release (\d+)/) { - $distro = 'rhes'.$1; - $updatecmd = 'dnf install LONCAPA-prerequisites'; - $installnow = 'dnf -y install LONCAPA-prerequisites'; } elsif ($versionstring =~ /CentOS(?:| Linux) release (\d+)/) { $distro = 'centos'.$1; $updatecmd = 'yum install LONCAPA-prerequisites'; @@ -222,7 +208,6 @@ sub get_distro { } else { print &mt('Unable to interpret [_1] to determine system type.', '/etc/redhat-release')."\n"; - $unknown = 1; } } elsif (-e '/etc/SuSE-release') { open(IN,'; chomp($versionstring); close(IN); + $packagecmd = '/usr/bin/dpkg -l loncapa-prerequisites '; + $updatecmd = 'apt-get install loncapa-prerequisites'; if ($versionstring =~ /^Ubuntu (\d+)\.\d+/i) { $distro = 'ubuntu'.$1; $updatecmd = 'sudo apt-get install loncapa-prerequisites'; } elsif ($versionstring =~ /^Debian\s+GNU\/Linux\s+(\d+)\.\d+/i) { $distro = 'debian'.$1; - $updatecmd = 'apt-get install loncapa-prerequisites'; } elsif (-e '/etc/debian_version') { open(IN,'; @@ -269,15 +254,13 @@ sub get_distro { close(IN); if ($version =~ /^(\d+)\.\d+\.?\d*/) { $distro='debian'.$1; - $updatecmd = 'apt-get install loncapa-prerequisites'; } else { print &mt('Unable to interpret [_1] to determine system type.', '/etc/debian_version')."\n"; - $unknown = 1; } - } - if ($distro ne '') { - $packagecmd = '/usr/bin/dpkg -l loncapa-prerequisites '; + } else { + print &mt('Unable to interpret [_1] to determine system type.', + '/etc/issue')."\n"; } } elsif (-e '/etc/debian_version') { open(IN,') { - chomp(); - if (/^ID="(\w+)"/) { - $id=$1; - } elsif (/^VERSION_ID="([\d\.]+)"/) { - $version=$1; - } - } - close(IN); - if ($id eq 'sles') { - my ($major,$minor) = split(/\./,$version); - if ($major =~ /^\d+$/) { - $distro = $id.$major; - $updatecmd = 'zypper install LONCAPA-prerequisites'; - } - } - } - if ($distro eq '') { - print &mt('Unable to interpret [_1] to determine system type.', - '/etc/os-release')."\n"; - $unknown = 1; - } - } else { - print &mt('Unknown installation: expecting a debian, ubuntu, suse, sles, redhat, fedora, scientific linux, or oracle linux system.')."\n"; } + } else { + print &mt('Unknown installation: expecting a debian, ubuntu, suse, sles, redhat, fedora or scientific linux system.')."\n"; } return ($distro,$packagecmd,$updatecmd,$installnow); } +sub get_hostname { + my $hostname; + print &mt('Enter the hostname of this server, e.g., loncapa.somewhere.edu'."\n"); + my $choice = ; + chomp($choice); + $choice =~ s/(^\s+|\s+$)//g; + if ($choice eq '') { + print &mt("Hostname you entered was either blank or contanied only white space.\n"); + } elsif ($choice =~ /^[\w\.\-]+$/) { + $hostname = $choice; + } else { + print &mt("Hostname you entered was invalid -- a hostname may only contain letters, numbers, - and .\n"); + } + while ($hostname eq '') { + $hostname = &get_hostname(); + } + print "\n"; + return $hostname; +} + sub check_prerequisites { my ($packagecmd,$distro) = @_; my $gotprereqs; @@ -357,61 +331,45 @@ sub check_prerequisites { sub check_locale { my ($distro) = @_; - my ($fh,$langvar,$command,$earlyout); + my ($fh,$langvar,$command); $langvar = 'LANG'; if ($distro =~ /^(ubuntu|debian)/) { if (!open($fh,"= 15)) { - if (!open($fh,"= 18) { if (!open($fh,"= 7) { if (!open($fh,"; chomp(@data); foreach my $item (@data) { @@ -425,13 +383,9 @@ sub check_locale { $command = 'sudo locale-gen en_US.UTF-8'."\n". 'sudo update-locale LANG=en_US.UTF-8'; } elsif ($distro =~ /^(suse|sles)/) { - $command = 'yast language'; - } elsif (-e '/usr/bin/system-config-language') { - $command = 'system-config-language'; - } elsif (-e '/usr/bin/localectl') { - $command = '/usr/bin/localectl set-locale LANG=en_US.UTF-8'; + $command = 'yast language'; } else { - $command = 'No standard command found'; + $command = 'system-config-language'; } } last; @@ -456,7 +410,8 @@ sub check_required { return ($distro,$gotprereqs,$localecmd); } my ($mysqlon,$mysqlsetup,$mysqlrestart,$dbh,$has_pass,$has_lcdb,%recommended, - $downloadstatus,$filetouse,$production,$testing,$apachefw,$tostop,$uses_systemctl); + $downloadstatus,$filetouse,$production,$testing,$apachefw,$tostop, + $uses_systemctl,$hostname); my $wwwuid = &uid_of_www(); my $wwwgid = getgrnam('www'); if (($wwwuid eq '') || ($wwwgid eq '')) { @@ -465,6 +420,16 @@ sub check_required { unless( -e "/usr/local/sbin/pwauth") { $recommended{'pwauth'} = 1; } + my $hostname = Sys::Hostname::FQDN::fqdn(); + if ($hostname eq '') { + $hostname =&get_hostname(); + } else { + print &mt("Hostname detected: $hostname. Is that correct? ~[Y/n~]"); + if (!&get_user_selection(1)) { + $hostname =&get_hostname(); + } + } + print_and_log(&mt('Hostname is [_1]',$hostname)."\n"); $mysqlon = &check_mysql_running($distro); if ($mysqlon) { my $mysql_has_wwwuser = &check_mysql_wwwuser(); @@ -496,12 +461,13 @@ sub check_required { ($recommended{'firewall'},$apachefw) = &chkfirewall($distro); ($recommended{'runlevels'},$tostop,$uses_systemctl) = &chkconfig($distro,$instdir); $recommended{'apache'} = &chkapache($distro,$instdir); + $recommended{'apachessl'} = &chkapachessl($distro,$instdir,$hostname); $recommended{'stopsrvcs'} = &chksrvcs($distro,$tostop); ($recommended{'download'},$downloadstatus,$filetouse,$production,$testing) = &need_download(); return ($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow, $mysqlrestart,\%recommended,$dbh,$has_pass,$has_lcdb,$downloadstatus, - $filetouse,$production,$testing,$apachefw,$uses_systemctl); + $filetouse,$production,$testing,$apachefw,$uses_systemctl,$hostname); } sub check_mysql_running { @@ -527,7 +493,7 @@ sub check_mysql_running { if ($1 >= 19) { $mysqldaemon ='mariadb'; } - } elsif ($distro =~ /^(?:centos|rhes|scientific|oracle)(\d+)/) { + } elsif ($distro =~ /^(?:centos|rhes|scientific)(\d+)/) { if ($1 >= 7) { $mysqldaemon ='mariadb'; $process = 'mysqld'; @@ -540,9 +506,6 @@ sub check_mysql_running { $proc_owner = 'mysql'; $process = 'mysqld'; } - if ($1 >= 15) { - $mysqldaemon ='mariadb'; - } } elsif ($distro =~ /^suse(\d+)/) { if ($1 >= 13) { $use_systemctl = 1; @@ -626,12 +589,7 @@ sub chkconfig { $uses_systemctl{'ntp'} = 1; $uses_systemctl{'cups'} = 1; $uses_systemctl{'memcached'} = 1; - if (($name eq 'sles') && ($num >= 15)) { - $daemon{'ntp'} = 'chronyd'; - $daemon{'mysql'} = 'mariadb'; - } else { - $daemon{'ntp'} = 'ntpd'; - } + $daemon{'ntp'} = 'ntpd'; } } } @@ -654,9 +612,6 @@ sub chkconfig { if (($distro =~ /^ubuntu/) && ($version <= 8)) { $daemon{'cups'} = 'cupsys'; } - if (($distro =~ /^ubuntu/) && ($version >= 18)) { - $daemon{'ntp'} = 'chrony'; - } } elsif ($distro =~ /^fedora(\d+)/) { my $version = $1; if ($version >= 15) { @@ -671,10 +626,7 @@ sub chkconfig { if ($version >= 19) { $daemon{'mysql'} = 'mariadb'; } - if ($version >= 26) { - $daemon{'ntp'} = 'chronyd'; - } - } elsif ($distro =~ /^(?:centos|rhes|scientific|oracle)(\d+)/) { + } elsif ($distro =~ /^(?:centos|rhes|scientific)(\d+)/) { my $version = $1; if ($version >= 7) { $uses_systemctl{'ntp'} = 1; @@ -684,9 +636,6 @@ sub chkconfig { $uses_systemctl{'cups'} = 1; $daemon{'mysql'} = 'mariadb'; } - if (($version >= 8) || ($distro eq 'oracle7')) { - $daemon{'ntp'} = 'chronyd'; - } } my $nocheck; if (! -x $checker_bin) { @@ -770,7 +719,7 @@ sub chkconfig { } else { $major = $version; } - if (($major > 10) && ($major <= 13)) { + if ($major > 10) { if (&check_SuSEfirewall2_setup($instdir)) { $needfix{'insserv'} = 1; } @@ -779,52 +728,6 @@ sub chkconfig { return (\%needfix,\%tostop,\%uses_systemctl); } -sub uses_firewalld { - my ($distro) = @_; - my ($inuse,$checkfirewalld,$zone); - if ($distro =~ /^(suse|sles)([\d\.]+)$/) { - if (($1 eq 'sles') && ($2 >= 15)) { - $checkfirewalld = 1; - } - } elsif ($distro =~ /^fedora(\d+)$/) { - if ($1 >= 18) { - $checkfirewalld = 1; - } - } elsif ($distro =~ /^(?:centos|rhes|scientific|oracle)(\d+)/) { - if ($1 >= 7) { - $checkfirewalld = 1; - } - } - if ($checkfirewalld) { - my ($loaded,$active); - if (open(PIPE,"systemctl status firewalld |")) { - while () { - chomp(); - if (/^\s*Loaded:\s+(\w+)/) { - $loaded = $1; - } - if (/^\s*Active\s+(\w+)/) { - $active = $1; - } - } - close(PIPE); - } - if (($loaded eq 'loaded') || ($active eq 'active')) { - $inuse = 1; - my $cmd = 'firewall-cmd --get-default-zone'; - if (open(PIPE,"$cmd |")) { - my $result = ; - chomp($result); - close(PIPE); - if ($result =~ /^\w+$/) { - $zone = $result; - } - } - } - } - return ($inuse,$zone); -} - sub chkfirewall { my ($distro) = @_; my $configfirewall = 1; @@ -833,44 +736,30 @@ sub chkfirewall { https => 443, ); my %activefw; - my ($firewalld,$zone) = &uses_firewalld($distro); - if ($firewalld) { - my %current; - if (open(PIPE,'firewall-cmd --permanent --zone='.$zone.' --list-services |')) { - my $svc = ; - close(PIPE); - chomp($svc); - map { $current{$_} = 1; } (split(/\s+/,$svc)); - } - if ($current{'http'} && $current{'https'}) { - $configfirewall = 0; - } - } else { - if (&firewall_is_active()) { - my $iptables = &get_pathto_iptables(); - if ($iptables eq '') { - print &mt('Firewall not checked as path to iptables not determined.')."\n"; - } else { - my @fwchains = &get_fw_chains($iptables,$distro); - if (@fwchains) { - foreach my $service ('http','https') { - foreach my $fwchain (@fwchains) { - if (&firewall_is_port_open($iptables,$fwchain,$ports{$service})) { - $activefw{$service} = 1; - last; - } + if (&firewall_is_active()) { + my $iptables = &get_pathto_iptables(); + if ($iptables eq '') { + print &mt('Firewall not checked as path to iptables not determined.')."\n"; + } else { + my @fwchains = &get_fw_chains($iptables,$distro); + if (@fwchains) { + foreach my $service ('http','https') { + foreach my $fwchain (@fwchains) { + if (&firewall_is_port_open($iptables,$fwchain,$ports{$service})) { + $activefw{$service} = 1; + last; } } - if ($activefw{'http'}) { - $configfirewall = 0; - } - } else { - print &mt('Firewall not checked as iptables Chains not identified.')."\n"; } + if ($activefw{'http'}) { + $configfirewall = 0; + } + } else { + print &mt('Firewall not checked as iptables Chains not identified.')."\n"; } - } else { - print &mt('Firewall not enabled.')."\n"; } + } else { + print &mt('Firewall not enabled.')."\n"; } return ($configfirewall,\%activefw); } @@ -929,35 +818,16 @@ sub chkapache { } } } - if ((!$fixapache) && ($distname eq 'ubuntu')) { - my $sitestatus = "/etc/apache2/mods-available/status.conf"; - my $stdstatus = "$instdir/debian-ubuntu/status.conf"; - if ((-e $stdstatus) && (-e $sitestatus)) { - if (open(PIPE, "diff --brief $stdstatus $sitestatus |")) { - my $diffres = ; - close(PIPE); - chomp($diffres); - if ($diffres) { - $fixapache = 1; - } - } - } - } - } elsif ($distro =~ /^(suse|sles)([\d\.]+)$/) { - my ($name,$version) = ($1,$2); + } elsif ($distro =~ /^(?:suse|sles)([\d\.]+)$/) { my $apache = 'apache'; - my $conf_file = "$instdir/sles-suse/default-server.conf"; - if ($version >= 10) { + if ($1 >= 10) { $apache = 'apache2'; } - if (($name eq 'sles') && ($version >= 12)) { - $conf_file = "$instdir/sles-suse/apache2.4/default-server.conf"; - } - if (!-e $conf_file) { + if (!-e "$instdir/sles-suse/default-server.conf") { $fixapache = 0; print &mt('Warning: No LON-CAPA Apache configuration file found for installation check.')."\n"; - } elsif (-e "/etc/$apache/default-server.conf") { - if (open(PIPE, "diff --brief $conf_file /etc/$apache/default-server.conf |")) { + } elsif ((-e "/etc/$apache/default-server.conf") && (-e "$instdir/sles-suse/default-server.conf")) { + if (open(PIPE, "diff --brief $instdir/sles-suse/default-server.conf /etc/$apache/default-server.conf |")) { my $diffres = ; close(PIPE); chomp($diffres); @@ -982,8 +852,7 @@ sub chkapache { } } else { my $configfile = 'httpd.conf'; - my $mpmfile = 'mpm.conf'; - if ($distro =~ /^(?:centos|rhes|scientific|oracle)(\d+)$/) { + if ($distro =~ /^(?:centos|rhes|scientific)(\d+)$/) { if ($1 >= 7) { $configfile = 'apache2.4/httpd.conf'; } elsif ($1 > 5) { @@ -991,7 +860,7 @@ sub chkapache { } } elsif ($distro =~ /^fedora(\d+)$/) { if ($1 > 17) { - $configfile = 'apache2.4/httpd.conf'; + $configfile = 'apache2.4/httpd.conf'; } elsif ($1 > 10) { $configfile = 'new/httpd.conf'; } @@ -1009,22 +878,46 @@ sub chkapache { } } } - if (-e "/etc/httpd/conf.modules.d/00-mpm.conf") { - if (!-e "$instdir/centos-rhes-fedora-sl/$mpmfile") { - print &mt('Warning: No LON-CAPA Apache MPM configuration file found for installation check.')."\n"; - } elsif ((-e "/etc/httpd/conf.modules.d/00-mpm.conf") && (-e "$instdir/centos-rhes-fedora-sl/$mpmfile")) { - if (open(PIPE, "diff --brief $instdir/centos-rhes-fedora-sl/$mpmfile /etc/httpd/conf.modules.d/00-mpm.conf |")) { - my $diffres = ; - close(PIPE); - chomp($diffres); - if ($diffres) { - $fixapache = 1; - } + } + return $fixapache; +} + +sub chkapachessl { + my ($distro,$instdir,$hostname) = @_; + my $fixapachessl = 1; + my $stdconf = "$instdir/loncapassl.conf"; + if (!-e $stdconf) { + $fixapachessl = 0; + print &mt('Warning: No LON-CAPA SSL Apache configuration file found for installation check.')."\n"; + } else { + my $sslfile; + if ($distro =~ /^(debian|ubuntu)(\d+)$/) { + $sslfile = '/etc/apache2/sites-available/loncapassl.conf'; + } elsif ($distro =~ /(suse|sles)/) { + $sslfile = '/etc/apache2/vhosts.d/loncapassl.conf'; + } else { + $sslfile = '/etc/httpd/conf.d/loncapassl.conf'; + } + if ((-e $sslfile) && (-e $stdconf)) { + if (open(PIPE, "diff -y -bi --suppress-common-lines $stdconf $sslfile |")) { + my $diffres = ; + close(PIPE); + chomp($diffres); + if ($diffres =~ /^\QServerName internal-{[[[[Hostname]]]]}\E\s+\|\s+\QServerName internal-\E$hostname$/) { + $fixapachessl = 0; + } + } + } + unless ($fixapachessl) { + if ($distro =~ /^(debian|ubuntu)(\d+)$/) { + unless ((-l '/etc/apache2/sites-enabled/loncapassl.conf') && + (readlink('/etc/apache2/sites-enabled/loncapassl.conf') eq '/etc/apache2/sites-available/loncapassl.conf')) { + print_and_log(&mt("Warning, use: 'sudo a2ensite loncapassl.conf' to activate LON-CAPA SSL Apache config\n")); } } } } - return $fixapache; + return $fixapachessl; } sub chksrvcs { @@ -1257,16 +1150,10 @@ sub get_pathto_iptables { sub firewall_is_active { if (-e '/proc/net/ip_tables_names') { - if (open(PIPE,'cat /proc/net/ip_tables_names |grep filter |')) { - my $status = ; - close(PIPE); - chomp($status); - if ($status eq 'filter') { - return 1; - } - } + return 1; + } else { + return 0; } - return 0; } sub get_fw_chains { @@ -1282,8 +1169,6 @@ sub get_fw_chains { @posschains = ('ufw-user-input','INPUT'); } elsif ($distro =~ /^debian5/) { @posschains = ('INPUT'); - } elsif ($distro =~ /^(suse|sles)(\d+)/) { - @posschains = ('IN_public'); } else { @posschains = ('RH-Firewall-1-INPUT','INPUT'); if (!-e '/etc/sysconfig/iptables') { @@ -1426,11 +1311,12 @@ print " ".&mt('3.')." ".&mt('Set-up the MySQL database.')." ".&mt('4.')." ".&mt('Set-up MySQL permissions.')." ".&mt('5.')." ".&mt('Configure Apache web server.')." -".&mt('6.')." ".&mt('Configure start-up of services.')." -".&mt('7.')." ".&mt('Check firewall settings.')." -".&mt('8.')." ".&mt('Stop services not used by LON-CAPA,')." +".&mt('6.')." ".&mt('Configure SSL for Apache web server.')." +".&mt('7.')." ".&mt('Configure start-up of services.')." +".&mt('8.')." ".&mt('Check firewall settings.')." +".&mt('9.')." ".&mt('Stop services not used by LON-CAPA,')." ".&mt('i.e., services for a print server: [_1] daemon.',"'cups'")." -".&mt('9.')." ".&mt('Download LON-CAPA source code in readiness for installation.')." +".&mt('10.')." ".&mt('Download LON-CAPA source code in readiness for installation.')." ".&mt('Typically, you will run this script only once, when you first install LON-CAPA.')." @@ -1460,30 +1346,31 @@ chomp($instdir); my %callsub; my @actions = ('wwwuser','pwauth','mysql','mysqlperms','apache', - 'runlevels','firewall','stopsrvcs','download'); + 'apachessl','runlevels','firewall','stopsrvcs','download'); my %prompts = &texthash( wwwuser => "Create the 'www' user?", pwauth => 'Install the package LON-CAPA uses to authenticate users?', mysql => 'Set-up the MySQL database?', mysqlperms => 'Set-up MySQL permissions?', apache => 'Configure Apache web server?', + apachessl => 'Configure SSL for Apache web server?', runlevels => 'Set overrides for start-up order of services?', firewall => 'Configure firewall settings for Apache', stopsrvcs => 'Stop extra services not required on a LON-CAPA server?', download => 'Download LON-CAPA source code in readiness for installation?', ); -print "\n".&mt('Checking system status ...')."\n"; +print "\n".&mt('Checking system status ...')."\n\n"; my $dsn = "DBI:mysql:database=mysql"; my ($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow,$mysqlrestart, $recommended,$dbh,$has_pass,$has_lcdb,$downloadstatus,$filetouse,$production, - $testing,$apachefw,$uses_systemctl) = &check_required($instdir,$dsn); + $testing,$apachefw,$uses_systemctl,$hostname) = &check_required($instdir,$dsn); if ($distro eq '') { print "\n".&mt('Linux distribution could not be verified as a supported distribution.')."\n". &mt('The following are supported: [_1].', 'CentOS, RedHat Enterprise, Fedora, Scientific Linux, '. - 'Oracle Linux, openSuSE, SLES, Ubuntu LTS, Debian')."\n\n". + 'openSuSE, SLES, Ubuntu LTS, Debian')."\n\n". &mt('Stopping execution.')."\n"; exit; } @@ -1506,7 +1393,6 @@ if (!$gotprereqs) { &mt('The following command can be used to install the package (and dependencies):')."\n\n". $updatecmd."\n\n"; if ($installnow eq '') { - print &mt('Stopping execution.')."\n"; exit; } else { print &mt('Run command? ~[Y/n~]'); @@ -1646,17 +1532,36 @@ if ($dbh) { if ($callsub{'apache'}) { if ($distro =~ /^(suse|sles)/) { - ©_apache2_suseconf($instdir,$distro); + ©_apache2_suseconf($instdir,$hostname); } elsif ($distro =~ /^(debian|ubuntu)/) { - ©_apache2_debconf($instdir,$distro); + ©_apache2_debconf($instdir,$distro,$hostname); } else { - ©_httpd_conf($instdir,$distro); - ©_mpm_conf($instdir,$distro); + ©_httpd_conf($instdir,$distro,$hostname); } } else { print_and_log(&mt('Skipping configuration of Apache web server.')."\n"); } +if ($callsub{'apachessl'}) { + if ($distro =~ /^(suse|sles)/) { + ©_apache_sslconf_file($instdir,'/etc/apache2/vhosts.d',$hostname); + } elsif ($distro =~ /^(debian|ubuntu)/) { + my $apache2_sites_available_dir = '/etc/apache2/sites-available'; + if (©_apache_sslconf_file($instdir,$apache2_sites_available_dir,$hostname)) { + my $apache2_sites_enabled_dir = '/etc/apache2/sites-enabled'; + my $made_symlink = eval { symlink("$apache2_sites_available_dir/loncapassl.conf","$apache2_sites_enabled_dir/loncapassl.conf"); 1 }; + if ($made_symlink) { + print_and_log(&mt('Enabling "[_1]" Apache SSL configuration.','loncapassl.conf')."\n"); + } + } + } else { + ©_apache_sslconf_file($instdir,'/etc/httpd/conf.d',$hostname); + } + print_and_log("\n"); +} else { + print_and_log(&mt('Skipping configuration of SSL for Apache web server.')."\n"); +} + if ($callsub{'runlevels'}) { my $count = 0; if (ref($recommended) eq 'HASH') { @@ -1675,51 +1580,18 @@ if ($callsub{'runlevels'}) { } } } - if ($distro =~ /^(suse|sles)(\d+)/) { - unless(($1 eq 'sles') && ($2 >= 15)) { - &update_SuSEfirewall2_setup($instdir); - } + if ($distro =~ /^(suse|sles)/) { + &update_SuSEfirewall2_setup($instdir); } } else { &print_and_log(&mt('Skipping setting override for start-up order of services.')."\n"); } if ($callsub{'firewall'}) { - my ($firewalld,$zone) = &uses_firewalld($distro); - if ($firewalld) { - my (%current,%added); - if (open(PIPE,"firewall-cmd --permanent --zone=$zone --list-services |")) { - my $svc = ; - close(PIPE); - chomp($svc); - map { $current{$_} = 1; } (split(/\s+/,$svc)); - } - foreach my $service ('http','https') { - unless ($current{$service}) { - if (open(PIPE,"firewall-cmd --permanent --zone=$zone --add-service=$service |")) { - my $result = ; - if ($result =~ /^success/) { - $added{$service} = 1; - } - } - } - } - if (keys(%added) > 0) { - print &mt('Firewall configured to allow access for: [_1].', - join(', ',sort(keys(%added))))."\n"; - } - if ($current{'http'} || $current{'https'}) { - print &mt('Firewall already configured to allow access for:[_1].', - (($current{'http'})? ' http':'').(($current{'https'})? ' https':''))."\n"; - } - unless ($current{'ssh'}) { - print &mt('If you would the like to allow access to ssh from outside, use the command[_1].', - "firewall-cmd --permanent --zone=$zone --add-service=ssh")."\n"; - } - } elsif ($distro =~ /^(suse|sles)/) { + if ($distro =~ /^(suse|sles)/) { print &mt('Use [_1] to configure the firewall to allow access for [_2].', 'yast -- Security and Users -> Firewall -> Interfaces', - 'ssh, http, https')."\n"; + 'ssh, http, https')."\n"; } elsif ($distro =~ /^(debian|ubuntu)(\d+)/) { if (($1 eq 'ubuntu') || ($2 > 5)) { print &mt('Use [_1] to configure the firewall to allow access for [_2].', @@ -1736,24 +1608,14 @@ if ($callsub{'firewall'}) { } } } - } elsif ($distro =~ /^(scientific|oracle)/) { + } elsif ($distro =~ /^scientific/) { print &mt('Use [_1] to configure the firewall to allow access for [_2].', 'system-config-firewall-tui -- Customize', 'ssh, http')."\n"; } else { - my $version; - if ($distro =~ /^(redhat|centos)(\d+)$/) { - $version = $1; - } - if ($version > 5) { - print &mt('Use [_1] to configure the firewall to allow access for [_2].', - 'system-config-firewall-tui -- Customize', - 'ssh, http')."\n"; - } else { - print &mt('Use [_1] to configure the firewall to allow access for [_2].', - 'setup -- Firewall configuration -> Customize', - 'ssh, http, https')."\n"; - } + print &mt('Use [_1] to configure the firewall to allow access for [_2].', + 'setup -- Firewall configuration -> Customize', + 'ssh, http, https')."\n"; } } else { &print_and_log(&mt('Skipping Firewall configuration.')."\n"); @@ -2041,9 +1903,8 @@ CREATE TABLE IF NOT EXISTS metadata (tit sub setup_mysql_permissions { my ($dbh,$has_pass,@mysql_lc_commands) = @_; my ($mysqlversion,$mysqlsubver,$mysqlname) = &get_mysql_version(); - my ($usesauth,$is_mariadb,$hasauthcol,@mysql_commands); + my ($usesauth,$hasauthcol,@mysql_commands); if ($mysqlname =~ /^MariaDB/i) { - $is_mariadb = 1; if ($mysqlversion >= 10.2) { $usesauth = 1; } elsif ($mysqlversion >= 5.5) { @@ -2057,12 +1918,8 @@ sub setup_mysql_permissions { } } if ($usesauth) { - @mysql_commands = ("INSERT user (Host, User, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www','','','','')"); - if ($is_mariadb) { - push(@mysql_commands,"ALTER USER 'www'\@'localhost' IDENTIFIED BY 'localhostkey'"); - } else { - push(@mysql_commands,"ALTER USER 'www'\@'localhost' IDENTIFIED WITH mysql_native_password BY 'localhostkey'"); - } + @mysql_commands = ("INSERT user (Host, User, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www','','','','')", + "ALTER USER 'www'\@'localhost' IDENTIFIED WITH mysql_native_password BY 'localhostkey'"); } elsif ($hasauthcol) { @mysql_commands = ("INSERT user (Host, User, Password, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www',password('localhostkey'),'','','','');"); } else { @@ -2117,7 +1974,7 @@ INSERT db (Host,Db,User,Select_priv,Inse } } if ($got_passwd) { - my (@newpass_cmds) = &new_mysql_rootpasswd($newmysqlpass,$usesauth,$is_mariadb); + my (@newpass_cmds) = &new_mysql_rootpasswd($newmysqlpass,$usesauth); push(@mysql_commands,@newpass_cmds); } else { print_and_log(&mt('Failed to get MySQL root password from user input.')."\n"); @@ -2147,15 +2004,10 @@ INSERT db (Host,Db,User,Select_priv,Inse } sub new_mysql_rootpasswd { - my ($currmysqlpass,$usesauth,$is_mariadb) = @_; + my ($currmysqlpass,$usesauth) = @_; if ($usesauth) { - if ($is_mariadb) { - return ("ALTER USER 'root'\@'localhost' IDENTIFIED BY '$currmysqlpass'", - "FLUSH PRIVILEGES;"); - } else { - return ("ALTER USER 'root'\@'localhost' IDENTIFIED WITH mysql_native_password BY '$currmysqlpass'", - "FLUSH PRIVILEGES;"); - } + return ("ALTER USER 'root'\@'localhost' IDENTIFIED WITH mysql_native_password BY '$currmysqlpass'", + "FLUSH PRIVILEGES;"); } else { return ("SET PASSWORD FOR 'root'\@'localhost'=PASSWORD('$currmysqlpass')", "FLUSH PRIVILEGES;"); @@ -2168,7 +2020,7 @@ sub get_mysql_version { my $info = ; chomp($info); close(PIPE); - ($version,$subversion,$name) = ($info =~ /(\d+\.\d+)\.(\d+)(?:\-?(\w*),|)/); + ($version,$subversion,$name) = ($info =~ /(\d+\.\d+)\.(\d+)\-?(\w*),/); } else { print &mt('Could not determine which version of MySQL is installed.'). "\n"; @@ -2184,9 +2036,9 @@ sub get_mysql_version { ########################################################### sub copy_httpd_conf { - my ($instdir,$distro) = @_; + my ($instdir,$distro,$hostname) = @_; my $configfile = 'httpd.conf'; - if ($distro =~ /^(?:centos|rhes|scientific|oracle)(\d+)$/) { + if ($distro =~ /^(?:centos|rhes|scientific)(\d+)$/) { if ($1 >= 7) { $configfile = 'apache2.4/httpd.conf'; } elsif ($1 > 5) { @@ -2207,48 +2059,45 @@ sub copy_httpd_conf { print_and_log("\n"); } -########################################################### -## -## RHEL/CentOS/Fedora/Scientific Linux -## Copy LON-CAPA mpm.conf to /etc/httpd/conf.modules.d/00-mpm.conf +############################################### ## -## The LON-CAPA mpm.conf enables the prefork MPM module in -## Apache. This is also the default for RHEL/CentOS/Oracle -## Linux 7 and earlier, and Fedora 26 and earlier. For more -## recent versions of those distros, the event MPM is enabled -## by default. After ©_mpm_conf() is run, the prefork MPM -## module will be enabled instead of the event MPM module. +## Copy/Modify loncapassl.conf ## -########################################################### +############################################### -sub copy_mpm_conf { - my ($instdir,$distro) = @_; - my $mpmfile = 'mpm.conf'; - if ((-e "/etc/httpd/conf.modules.d/00-mpm.conf") && - (-e "$instdir/centos-rhes-fedora-sl/$mpmfile")) { - print_and_log(&mt('Copying the LON-CAPA [_1] to [_2].',"'mpm.conf'", - "'/etc/httpd/conf.modules.d/00-mpm.conf'")."\n"); - copy "$instdir/centos-rhes-fedora-sl/$mpmfile","/etc/httpd/conf.modules.d/00-mpm.conf"; - chmod(0644,"/etc/httpd/conf.modules.d/00-mpm.conf"); - print_and_log("\n"); - } else { - my $logfail; - if ($distro =~ /^(?:centos|rhes|scientific|oracle)(\d+)$/) { - if ($1 > 7) { - $logfail = 1; - } - } elsif ($distro =~ /^fedora(\d+)$/) { - if ($1 > 26) { - $logfail = 1; +sub copy_apache_sslconf_file { + my ($instdir,$targetdir,$hostname) = @_; + my ($success,$error); + if (-e "$instdir/loncapassl.conf") { + if (open(my $fh,'<',"$instdir/loncapassl.conf")) { + if (open(my $out,'>',"$targetdir/loncapassl.conf")) { + while (<$fh>) { + if (/^\QServerName internal-\E/) { + chomp(); + s/^(\QServerName internal-\E)(.*)$/$1$hostname\n/; + } + print $out $_; + } + $success = 1; + } else { + $error = "Could not write to $targetdir/loncapassl.conf"; } + } else { + $error = "Could not read from $instdir/loncapassl.conf"; } - if ($logfail) { - print_and_log(&mt('Warning: copying the LON-CAPA [_1] failed because [_2] and/or [_3] are missing.', - $mpmfile,"'$instdir/centos-rhes-fedora-sl/$mpmfile'", - "'/etc/httpd/conf.modules.d/00-mpm.conf'")); - print_and_log("\n"); + } else { + $error = "File to copy from: $instdir/loncapassl.conf does not exist"; + } + if ($success) { + print_and_log(&mt('Successfully copied [_1] to [_2].',"'loncapassl.conf'","'$targetdir/loncapassl.conf'")."\n"); + chmod(0444,"$targetdir/loncapassl.conf"); + } else { + print_and_log(&mt('Failed to copy [_1] to [_2].',"'loncapassl.conf'","'$targetdir/loncapassl.conf'")."\n"); + if ($error) { + print_and_log("$error\n"); } } + return $success; } ######################################################### @@ -2259,7 +2108,7 @@ sub copy_mpm_conf { ######################################################### sub copy_apache2_debconf { - my ($instdir,$distro) = @_; + my ($instdir,$distro,$hostname) = @_; my $apache2_mods_enabled_dir = '/etc/apache2/mods-enabled'; my $apache2_mods_available_dir = '/etc/apache2/mods-available'; foreach my $module ('headers.load','expires.load') { @@ -2279,116 +2128,35 @@ sub copy_apache2_debconf { if (($distname eq 'ubuntu') && ($version > 12)) { $defaultconfig = "$apache2_sites_enabled_dir/000-default.conf"; } - my ($skipconf,$skipsite,$skipstatus); + if (-l $defaultconfig) { + unlink($defaultconfig); + } if (($distname eq 'ubuntu') && ($version > 12)) { + print_and_log(&mt('Copying loncapa [_1] config file to [_2] and pointing [_3] to it from conf-enabled.',"'apache2'","'/etc/apache2/conf-available'","'loncapa.conf symlink'")."\n"); my $apache2_conf_enabled_dir = '/etc/apache2/conf-enabled'; my $apache2_conf_available_dir = '/etc/apache2/conf-available'; - my $defaultconf = $apache2_conf_enabled_dir.'/loncapa.conf'; - if ((-e "$apache2_conf_available_dir/loncapa") && (-e "$instdir/debian-ubuntu/ubuntu14/loncapa_conf")) { - if (open(PIPE, "diff --brief $apache2_conf_available_dir/loncapa $instdir/debian-ubuntu/ubuntu14/loncapa_conf" |")) { - my $diffres = ; - close(PIPE); - chomp($diffres); - if ($diffres) { - copy("$apache2_conf_available_dir/loncapa","$apache2_conf_available_dir/loncapa.original"); - } - if (-l $defaultconf) { - my $linkfname = readlink($defaultconf); - if ($linkfname eq "$apache2_conf_available_dir/loncapa") { - unless ($diffres) { - $skipconf = 1; - } - } - } - } - } - unless ($skipconf) { - print_and_log(&mt('Copying loncapa [_1] config file to [_2] and pointing [_3] to it from conf-enabled.',"'apache2'","'/etc/apache2/conf-available'","'loncapa.conf symlink'")."\n"); - copy("$instdir/debian-ubuntu/ubuntu14/loncapa_conf","$apache2_conf_available_dir/loncapa"); - chmod(0444,"$apache2_conf_available_dir/loncapa"); - if (-l $defaultconf) { - unlink($defaultconf); - } - symlink("$apache2_conf_available_dir/loncapa","$defaultconf"); - } - my $stdsite = "$instdir/debian-ubuntu/ubuntu14/loncapa_site"; - if ((-e $stdsite) && (-e "$apache2_sites_available_dir/loncapa")) { - if (open(PIPE, "diff --brief $stdsite $apache2_sites_available_dir/loncapa |")) { - my $diffres = ; - close(PIPE); - chomp($diffres); - if ($diffres) { - copy("$apache2_sites_available_dir/loncapa","$apache2_sites_available_dir/loncapa.original"); - } - if (-l $defaultconfig) { - my $linkfname = readlink($defaultconfig); - if ($linkfname eq "$apache2_sites_available_dir/loncapa") { - unless ($diffres) { - $skipsite = 1; - } - } - } - } - } - unless ($skipsite) { - print_and_log(&mt('Copying loncapa [_1] site file to [_2] and pointing [_3] to it from sites-enabled.',"'apache2'","'/etc/apache2/sites-available'","'000-default.conf symlink'")."\n"); - copy("$instdir/debian-ubuntu/ubuntu14/loncapa_site","$apache2_sites_available_dir/loncapa"); - chmod(0444,"$apache2_sites_available_dir/loncapa"); - symlink("$apache2_sites_available_dir/loncapa","$defaultconfig"); - } - } else { - if ((-e "$instdir/debian-ubuntu/loncapa") && (-e "$apache2_sites_available_dir/loncapa")) { - if (open(PIPE, "diff --brief $instdir/debian-ubuntu/loncapa $apache2_sites_available_dir/loncapa |")) { - my $diffres = ; - close(PIPE); - chomp($diffres); - if ($diffres) { - copy("$apache2_sites_available_dir/loncapa","$apache2_sites_available_dir/loncapa.original"); - } - if (-l $defaultconfig) { - my $linkfname = readlink($defaultconfig); - if ($linkfname eq "$apache2_sites_available_dir/loncapa") { - unless ($diffres) { - $skipsite = 1; - } - } - } - } - } - unless ($skipsite) { - if (-l $defaultconfig) { - unlink($defaultconfig); - } - print_and_log(&mt('Copying loncapa [_1] config file to [_2] and pointing [_3] to it from sites-enabled.',"'apache2'","'/etc/apache2/sites-available'","'000-default symlink'")."\n"); - if (-e "$instdir/debian-ubuntu/loncapa") { - copy("$instdir/debian-ubuntu/loncapa","$apache2_sites_available_dir/loncapa"); - chmod(0444,"$apache2_sites_available_dir/loncapa"); - symlink("$apache2_sites_available_dir/loncapa","$apache2_sites_enabled_dir/000-default"); - } - } - } - if ($distname eq 'ubuntu') { - my $sitestatus = "$apache2_mods_available_dir/status.conf"; - my $stdstatus = "$instdir/debian-ubuntu/status.conf"; - if ((-e $sitestatus) && (-e $stdstatus)) { - if (open(PIPE, "diff --brief $stdstatus $sitestatus |")) { - my $diffres = ; - close(PIPE); - chomp($diffres); - if ($diffres) { - copy("$apache2_mods_available_dir/status.conf","$apache2_mods_available_dir/status.conf.original"); - } else { - $skipstatus = 1; - } - } - } - unless ($skipstatus) { - if (-e $stdstatus) { - print_and_log(&mt('Copying loncapa [_1] file to [_2],',"'status.conf'","'/etc/apache2/mods-available/status.conf'")."\n"); - copy($stdstatus,$sitestatus); - chmod(0644,$sitestatus); - } + if (-e "$apache2_conf_available_dir/loncapa") { + copy("$apache2_conf_available_dir/loncapa","$apache2_conf_available_dir/loncapa.original"); } + my $defaultconf = $apache2_conf_enabled_dir.'/loncapa.conf'; + copy("$instdir/debian-ubuntu/ubuntu14/loncapa_conf","$apache2_conf_available_dir/loncapa"); + chmod(0444,"$apache2_conf_available_dir/loncapa"); + if (-l $defaultconf) { + unlink($defaultconf); + } + symlink("$apache2_conf_available_dir/loncapa","$defaultconf"); + print_and_log(&mt('Copying loncapa [_1] site file to [_2] and pointing [_3] to it from sites-enabled.',"'apache2'","'/etc/apache2/sites-available'","'000-default.conf symlink'")."\n"); + copy("$instdir/debian-ubuntu/ubuntu14/loncapa_site","$apache2_sites_available_dir/loncapa"); + chmod(0444,"$apache2_sites_available_dir/loncapa"); + symlink("$apache2_sites_available_dir/loncapa","$defaultconfig"); + } else { + print_and_log(&mt('Copying loncapa [_1] config file to [_2] and pointing [_3] to it from sites-enabled.',"'apache2'","'/etc/apache2/sites-available'","'000-default symlink'")."\n"); + if (-e "$apache2_sites_available_dir/loncapa") { + copy("$apache2_sites_available_dir/loncapa","$apache2_sites_available_dir/loncapa.original"); + } + copy("$instdir/debian-ubuntu/loncapa","$apache2_sites_available_dir/loncapa"); + chmod(0444,"$apache2_sites_available_dir/loncapa"); + symlink("$apache2_sites_available_dir/loncapa","$apache2_sites_enabled_dir/000-default"); } print_and_log("\n"); } @@ -2402,19 +2170,14 @@ sub copy_apache2_debconf { ########################################################### sub copy_apache2_suseconf { - my ($instdir,$distro) = @_; - my ($name,$version) = ($distro =~ /^(suse|sles)([\d\.]+)$/); - my $conf_file = "$instdir/sles-suse/default-server.conf"; - if (($name eq 'sles') && ($version >= 12)) { - $conf_file = "$instdir/sles-suse/apache2.4/default-server.conf"; - } + my ($instdir,$hostname) = @_; print_and_log(&mt('Copying the LON-CAPA [_1] to [_2].', "'default-server.conf'", "'/etc/apache2/default-server.conf'")."\n"); if (!-e "/etc/apache2/default-server.conf.original") { copy "/etc/apache2/default-server.conf","/etc/apache2/default-server.conf.original"; } - copy $conf_file,"/etc/apache2/default-server.conf"; + copy "$instdir/sles-suse/default-server.conf","/etc/apache2/default-server.conf"; chmod(0444,"/etc/apache2/default-server.conf"); # Make symlink for conf directory (included in loncapa_apache.conf) my $can_symlink = (eval { symlink('/etc/apache2','/srv/www/conf'); }, $@ eq ''); @@ -2425,7 +2188,7 @@ sub copy_apache2_suseconf { &print_and_log(&mt('Symlink creation failed for [_1] to [_2]. You will need to perform this action from the command line.',"'/srv/www/conf'","'/etc/apache2'")."\n"); } ©_apache2_conf_files($instdir); - ©_sysconfig_apache2_file($instdir,$name,$version); + ©_sysconfig_apache2_file($instdir); print_and_log("\n"); } @@ -2451,16 +2214,12 @@ sub copy_apache2_conf_files { ## ############################################### sub copy_sysconfig_apache2_file { - my ($instdir,$name,$version) = @_; + my ($instdir) = @_; print_and_log(&mt('Copying the LON-CAPA [_1] to [_2].',"'sysconfig/apache2'","'/etc/sysconfig/apache2'")."\n"); if (!-e "/etc/sysconfig/apache2.original") { copy "/etc/sysconfig/apache2","/etc/sysconfig/apache2.original"; } - my $sysconf_file = "$instdir/sles-suse/sysconfig_apache2"; - if (($name eq 'sles') && ($version >= 12)) { - $sysconf_file = "$instdir/sles-suse/apache2.4/sysconfig_apache2"; - } - copy $sysconf_file,"/etc/sysconfig/apache2"; + copy "$instdir/sles-suse/sysconfig_apache2","/etc/sysconfig/apache2"; chmod(0444,"/etc/sysconfig/apache2"); } @@ -2588,7 +2347,7 @@ wget http://install.loncapa.org/versions print &mt('LON-CAPA source files extracted.')."\n". &mt('It remains for you to execute the following commands:')." -cd /root/loncapa-X.Y.Z (X.Y.Z should correspond to a version number like '2.11.3') +cd /root/loncapa-N.N (N.N should correspond to a version number like '0.4') ./UPDATE ".&mt('If you have any trouble, please see [_1] and [_2]',