doc/install/linux/install.pl - diff

Return to install.pl CVS log

Up to [LON-CAPA] / doc / install / linux

Diff for /doc/install/linux/install.pl between versions 1.4 and 1.5

version 1.4, 2011/03/21 13:32:44	version 1.5, 2011/03/23 15:01:34
Line 316 sub check_required {	Line 316 sub check_required {
return ($distro,$gotprereqs,$packagecmd,$updatecmd,$installnow);	return ($distro,$gotprereqs,$packagecmd,$updatecmd,$installnow);
}	}
my ($mysqlon,$mysqlsetup,$dbh,$has_pass,$has_lcdb,%recommended,$downloadstatus,	my ($mysqlon,$mysqlsetup,$dbh,$has_pass,$has_lcdb,%recommended,$downloadstatus,
$filetouse,$production,$testing);	$filetouse,$production,$testing,$apachefw,$tostop);
my $wwwuid = &uid_of_www();	my $wwwuid = &uid_of_www();
my $wwwgid = getgrnam('www');	my $wwwgid = getgrnam('www');
if (($wwwuid eq '') \|\| ($wwwgid eq '')) {	if (($wwwuid eq '') \|\| ($wwwgid eq '')) {
Line 344 sub check_required {	Line 344 sub check_required {
$recommended{'mysql'} = 1;	$recommended{'mysql'} = 1;
}	}
}	}
my $tostop;	($recommended{'firewall'},$apachefw) = &chkfirewall($distro);
$recommended{'firewall'} = &chkfirewall($distro);
($recommended{'runlevels'},$tostop) = &chkconfig($distro);	($recommended{'runlevels'},$tostop) = &chkconfig($distro);
$recommended{'apache'} = &chkapache($distro,$instdir);	$recommended{'apache'} = &chkapache($distro,$instdir);
$recommended{'stopsrvcs'} = &chksrvcs($distro,$tostop);	$recommended{'stopsrvcs'} = &chksrvcs($distro,$tostop);
Line 353 sub check_required {	Line 352 sub check_required {
= &need_download();	= &need_download();
return ($distro,$gotprereqs,$packagecmd,$updatecmd,$installnow,	return ($distro,$gotprereqs,$packagecmd,$updatecmd,$installnow,
\%recommended,$dbh,$has_pass,$has_lcdb,$downloadstatus,	\%recommended,$dbh,$has_pass,$has_lcdb,$downloadstatus,
$filetouse,$production,$testing);	$filetouse,$production,$testing,$apachefw);
}	}

sub check_mysql_running {	sub check_mysql_running {
Line 400 sub chkconfig {	Line 399 sub chkconfig {
my $mysqldaemon ='mysqld';	my $mysqldaemon ='mysqld';
my $webserver = 'httpd';	my $webserver = 'httpd';
my $cupsdaemon = 'cups';	my $cupsdaemon = 'cups';
	my $ntpdaemon = 'ntpd';
my @runlevels = qw/3 4 5/;	my @runlevels = qw/3 4 5/;
my @norunlevels = qw/0 1 6/;	my @norunlevels = qw/0 1 6/;
if ($distro =~ /^(suse\|sles)/) {	if ($distro =~ /^(suse\|sles)/) {
Line 416 sub chkconfig {	Line 416 sub chkconfig {
$checker_bin = '/usr/sbin/sysv-rc-conf';	$checker_bin = '/usr/sbin/sysv-rc-conf';
$mysqldaemon = 'mysql';	$mysqldaemon = 'mysql';
$webserver = 'apache2';	$webserver = 'apache2';
	$ntpdaemon = 'ntp';
}	}
if (! -x $checker_bin) {	if (! -x $checker_bin) {
print &mt('Could not check runlevel status for MySQL or Apache.')."\n";	print &mt('Could not check runlevel status for MySQL or Apache.')."\n";
Line 423 sub chkconfig {	Line 424 sub chkconfig {
}	}
my $rlstr = join('',@runlevels);	my $rlstr = join('',@runlevels);
my $nrlstr = join('',@norunlevels);	my $nrlstr = join('',@norunlevels);
foreach my $type ('apache','mysql','cups') {	foreach my $type ('apache','mysql','ntp','cups') {
my $service;	my $service;
if ($type eq 'apache') {	if ($type eq 'apache') {
$service = $webserver;	$service = $webserver;
Line 431 sub chkconfig {	Line 432 sub chkconfig {
$service = $mysqldaemon;	$service = $mysqldaemon;
} elsif ($type eq 'cups') {	} elsif ($type eq 'cups') {
$service = $cupsdaemon;	$service = $cupsdaemon;
	} elsif ($type eq 'ntp') {
	$service = $ntpdaemon;
}	}
my $command = $checker_bin.' --list '.$service;	my $command = $checker_bin.' --list '.$service;
my $results = `$command`;	my $results = `$command`;
Line 448 sub chkconfig {	Line 451 sub chkconfig {
for (my $rl=0; $rl<=6; $rl++) {	for (my $rl=0; $rl<=6; $rl++) {
if ($results =~ /$rl:on/) { $curr_runlevels{$rl}++; }	if ($results =~ /$rl:on/) { $curr_runlevels{$rl}++; }
}	}
if (($type eq 'apache') \|\| ($type eq 'mysql')) {	if (($type eq 'apache') \|\| ($type eq 'mysql') \|\| ($type eq 'ntp')) {
my $warning;	my $warning;
foreach my $rl (@runlevels) {	foreach my $rl (@runlevels) {
if (!exists($curr_runlevels{$rl})) {	if (!exists($curr_runlevels{$rl})) {
Line 464 sub chkconfig {	Line 467 sub chkconfig {
}	}
if ($tofix) {	if ($tofix) {
$needfix{$type} = $tofix;	$needfix{$type} = $tofix;
}	}
}	}
if ($distro =~ /^(suse\|sles)([\d\.]+)$/) {	if ($distro =~ /^(suse\|sles)([\d\.]+)$/) {
my $name = $1;	my $name = $1;
Line 483 sub chkconfig {	Line 486 sub chkconfig {
}	}

sub chkfirewall {	sub chkfirewall {
	my ($distro) = @_;
my $configfirewall = 1;	my $configfirewall = 1;
my %ports = (	my %ports = (
http => 80,	http => 80,
https => 443,	https => 443,
);	);
	my %activefw;
if (&firewall_is_active()) {	if (&firewall_is_active()) {
my $iptables = &get_pathto_iptables();	my $iptables = &get_pathto_iptables();
if ($iptables eq '') {	if ($iptables eq '') {
print &mt('Firewall not checked as path to iptables not determined.')."\n";	print &mt('Firewall not checked as path to iptables not determined.')."\n";
} else {	} else {
my @fwchains = &get_fw_chains($iptables);	my @fwchains = &get_fw_chains($iptables,$distro);
if (@fwchains) {	if (@fwchains) {
my %activefw;
foreach my $service ('http','https') {	foreach my $service ('http','https') {
foreach my $fwchain (@fwchains) {	foreach my $fwchain (@fwchains) {
if (&firewall_is_port_open($iptables,$fwchain,$ports{$service})) {	if (&firewall_is_port_open($iptables,$fwchain,$ports{$service})) {
Line 514 sub chkfirewall {	Line 518 sub chkfirewall {
} else {	} else {
print &mt('Firewall not enabled.')."\n";	print &mt('Firewall not enabled.')."\n";
}	}
return $configfirewall;	return ($configfirewall,\%activefw);
}	}

sub chkapache {	sub chkapache {
Line 561 sub chkapache {	Line 565 sub chkapache {
my $diffres = <PIPE>;	my $diffres = <PIPE>;
close(PIPE);	close(PIPE);
chomp($diffres);	chomp($diffres);
print "Diff is \|\|$diffres\|\|\n";
unless ($diffres) {	unless ($diffres) {
$fixapache = 0;	$fixapache = 0;
}	}
Line 774 sub firewall_is_active {	Line 777 sub firewall_is_active {
}	}

sub get_fw_chains {	sub get_fw_chains {
my ($iptables) = @_;	my ($iptables,$distro) = @_;
my @fw_chains;	my @fw_chains;
my $suse_config = "/etc/sysconfig/SuSEfirewall2";	my $suse_config = "/etc/sysconfig/SuSEfirewall2";
my $ubuntu_config = "/etc/ufw/ufw.conf";	my $ubuntu_config = "/etc/ufw/ufw.conf";
Line 784 sub get_fw_chains {	Line 787 sub get_fw_chains {
my @posschains;	my @posschains;
if (-e $ubuntu_config) {	if (-e $ubuntu_config) {
@posschains = ('ufw-user-input','INPUT');	@posschains = ('ufw-user-input','INPUT');
	} elsif ($distro =~ /^debian5/) {
	@posschains = ('INPUT');
} else {	} else {
@posschains = ('RH-Firewall-1-INPUT','INPUT');	@posschains = ('RH-Firewall-1-INPUT','INPUT');
if (!-e '/etc/sysconfig/iptables') {	if (!-e '/etc/sysconfig/iptables') {
Line 978 print "\n".&mt('Checking system status .	Line 983 print "\n".&mt('Checking system status .
my $dsn = "DBI:mysql:database=mysql";	my $dsn = "DBI:mysql:database=mysql";
my ($distro,$gotprereqs,$packagecmd,$updatecmd,$installnow,$recommended,	my ($distro,$gotprereqs,$packagecmd,$updatecmd,$installnow,$recommended,
$dbh,$has_pass,$has_lcdb,$downloadstatus,$filetouse,$production,	$dbh,$has_pass,$has_lcdb,$downloadstatus,$filetouse,$production,
$testing) = &check_required($instdir,$dsn);	$testing,$apachefw) = &check_required($instdir,$dsn);
if ($distro eq '') {	if ($distro eq '') {
print "\n".&mt('Linux distribution could not be verified as a supported distribution.')."\n".	print "\n".&mt('Linux distribution could not be verified as a supported distribution.')."\n".
&mt('The following are supported: [_1].',	&mt('The following are supported: [_1].',
Line 1008 if (!$gotprereqs) {	Line 1013 if (!$gotprereqs) {
} else {	} else {
($distro,$gotprereqs,$packagecmd,$updatecmd,$installnow,	($distro,$gotprereqs,$packagecmd,$updatecmd,$installnow,
$recommended,$dbh,$has_pass,$has_lcdb,$downloadstatus,	$recommended,$dbh,$has_pass,$has_lcdb,$downloadstatus,
$filetouse) = &check_required($instdir,$dsn);	$filetouse,$production,$testing,$apachefw) =
	&check_required($instdir,$dsn);
}	}
} else {	} else {
print &mt('Failed to run command to install LONCAPA-prequisites')."\n";	print &mt('Failed to run command to install LONCAPA-prequisites')."\n";
Line 1166 if ($callsub{'runlevels'}) {	Line 1172 if ($callsub{'runlevels'}) {

if ($callsub{'firewall'}) {	if ($callsub{'firewall'}) {
if ($distro =~ /^(suse\|sles)/) {	if ($distro =~ /^(suse\|sles)/) {
print &mt('Use [_1].','yast')."\n";	print &mt('Use [_1] to configure the firewall to allow access for [_2].',
} elsif ($distro =~ /^(debian\|ubuntu)/) {	'yast -- Security and Users -> Firewall -> Interfaces',
print &mt('Use [_1].','ufw')."\n";	'ssh, http, https')."\n";
	} elsif ($distro =~ /^(debian\|ubuntu)(\d+)/) {
	if (($1 eq 'ubuntu') \|\| ($2 > 5)) {
	print &mt('Use [_1] to configure the firewall to allow access for [_2].',
	'ufw','ssh, http, https')."\n";
	} else {
	my $fwadded = &get_iptables_rules($distro,$instdir,$apachefw);
	if ($fwadded) {
	print &mt('Enable firewall? ~[Y/n~]');
	my $enable_iptables = &get_user_selection(1);
	if ($enable_iptables) {
	system('/etc/network/if-pre-up.d/iptables');
	print &mt('Firewall enabled using rules defined in [_1].',
	'/etc/iptables.loncapa.rules');
	}
	}
	}
} else {	} else {
print &mt('Use [_1].','setup')."\n";	print &mt('Use [_1] to configure the firewall to allow access for [_2].',
	'setup -- Firewall confiuration -> Customize',
	'ssh, http, https')."\n";
}	}
} else {	} else {
if ($distro =~ /^(suse\|sles)/) {	&print_and_log(&mt('Skipping Firewall configuration.')."\n");
&print_and_log(&mt('Skipping Firewall configuration.')."\n");
}
}	}

if ($callsub{'stopsrvcs'}) {	if ($callsub{'stopsrvcs'}) {
&kill_extra_services($distro,$recommended->{'stopsrvcs'});	&kill_extra_services($distro,$recommended->{'stopsrvcs'});
} else {	} else {
&print_and_log(&mt('Skipping stopping unnecessary services ([_1] and [_2] daemons).',"'cups'","'sendmail'")."\n");	&print_and_log(&mt('Skipping stopping unnecessary service ([_1] daemon).',"'cups'")."\n");
}	}

my ($have_tarball,$updateshown);	my ($have_tarball,$updateshown);
Line 1345 END	Line 1367 END
# Install patched pwauth	# Install patched pwauth
print_and_log(&mt('Copying pwauth to [_1]',' /usr/local/sbin')."\n");	print_and_log(&mt('Copying pwauth to [_1]',' /usr/local/sbin')."\n");
if (copy "$dir/pwauth","/usr/local/sbin/pwauth") {	if (copy "$dir/pwauth","/usr/local/sbin/pwauth") {
if (chmod (06755, "/usr/local/sbin/pwauth")) {	if (chmod(06755, "/usr/local/sbin/pwauth")) {
print_and_log(&mt('[_1] copied successfully',"'pwauth'").	print_and_log(&mt('[_1] copied successfully',"'pwauth'").
"\n");	"\n");
} else {	} else {
Line 1536 sub copy_httpd_conf {	Line 1558 sub copy_httpd_conf {
"'/etc/httpd/conf/httpd.conf'")."\n");	"'/etc/httpd/conf/httpd.conf'")."\n");
copy "/etc/httpd/conf/httpd.conf","/etc/httpd/conf/httpd.conf.original";	copy "/etc/httpd/conf/httpd.conf","/etc/httpd/conf/httpd.conf.original";
copy "$instdir/httpd.conf","/etc/httpd/conf/httpd.conf";	copy "$instdir/httpd.conf","/etc/httpd/conf/httpd.conf";
chmod 0444,"/etc/httpd/conf/httpd.conf";	chmod(0444,"/etc/httpd/conf/httpd.conf");
print_and_log("\n");	print_and_log("\n");
}	}

Line 1581 sub copy_apache2_suseconf {	Line 1603 sub copy_apache2_suseconf {
copy "/etc/apache2/default-server.conf","/etc/apache2/default-server.conf.original";	copy "/etc/apache2/default-server.conf","/etc/apache2/default-server.conf.original";
}	}
copy "$instdir/default-server.conf","/etc/apache2/default-server.conf";	copy "$instdir/default-server.conf","/etc/apache2/default-server.conf";
chmod 0444,"/etc/apache2/default-server.conf";	chmod(0444,"/etc/apache2/default-server.conf");
# Make symlink for conf directory (included in loncapa_apache.conf)	# Make symlink for conf directory (included in loncapa_apache.conf)
my $can_symlink = (eval { symlink('/etc/apache2','/srv/www/conf'); }, $@ eq '');	my $can_symlink = (eval { symlink('/etc/apache2','/srv/www/conf'); }, $@ eq '');
if ($can_symlink) {	if ($can_symlink) {
Line 1608 sub copy_apache2_conf_files {	Line 1630 sub copy_apache2_conf_files {
copy "/etc/apache2/uid.conf","/etc/apache2/uid.conf.original";	copy "/etc/apache2/uid.conf","/etc/apache2/uid.conf.original";
}	}
copy "$instdir/uid.conf","/etc/apache2/uid.conf";	copy "$instdir/uid.conf","/etc/apache2/uid.conf";
chmod 0444,"/etc/apache2/uid.conf";	chmod(0444,"/etc/apache2/uid.conf");
}	}

###############################################	###############################################
Line 1623 sub copy_sysconfig_apache2_file {	Line 1645 sub copy_sysconfig_apache2_file {
copy "/etc/sysconfig/apache2","/etc/sysconfig/apache2.original";	copy "/etc/sysconfig/apache2","/etc/sysconfig/apache2.original";
}	}
copy "$instdir/sysconfig_apache2","/etc/sysconfig/apache2";	copy "$instdir/sysconfig_apache2","/etc/sysconfig/apache2";
chmod 0444,"/etc/sysconfig/apache2";	chmod(0444,"/etc/sysconfig/apache2");
}	}

###############################################	###############################################
Line 1646 sub update_SuSEfirewall2_setup {	Line 1668 sub update_SuSEfirewall2_setup {
copy "/etc/insserv/overrides/SuSEfirewall2_setup","/etc/insserv/overrides/SuSEfirewall2_setup.original"	copy "/etc/insserv/overrides/SuSEfirewall2_setup","/etc/insserv/overrides/SuSEfirewall2_setup.original"
}	}
copy "$instdir/SuSEfirewall2_setup","/etc/insserv/overrides/SuSEfirewall2_setup";	copy "$instdir/SuSEfirewall2_setup","/etc/insserv/overrides/SuSEfirewall2_setup";
chmod 0444,"/etc/insserv/overrides/SuSEfirewall2_setup";	chmod(0444,"/etc/insserv/overrides/SuSEfirewall2_setup");
	}

	sub get_iptables_rules {
	my ($distro,$instdir,$apachefw) = @_;
	my (@fwchains,@ports);
	if (&firewall_is_active()) {
	my $iptables = &get_pathto_iptables();
	if ($iptables ne '') {
	@fwchains = &get_fw_chains($iptables,$distro);
	}
	}
	if (ref($apachefw) eq 'HASH') {
	foreach my $service ('http','https') {
	unless ($apachefw->{$service}) {
	push (@ports,$service);
	}
	}
	} else {
	@ports = ('http','https');
	}
	if (@ports == 0) {
	return;
	}
	my $ask_to_enable;
	if (-e "/etc/iptables.loncapa.rules") {
	if (open(PIPE, "diff --brief $instdir/debian/iptables.loncapa.rules /etc/iptables.loncapa.rules \|")) {
	my $diffres = <PIPE>;
	close(PIPE);
	chomp($diffres);
	if ($diffres) {
	print &mt('Warning: [_1] exists but differs from LON-CAPA supplied file.','/etc/iptables.loncapa.rules')."\n";
	}
	} else {
	print &mt('Error: unable to open [_1] to compare contents with LON-CAPA supplied file.','/etc/iptables.loncapa.rules')."\n";
	}
	} else {
	if (-e "$instdir/debian/iptables.loncapa.rules") {
	copy "$instdir/debian/iptables.loncapa.rules","/etc/iptables.loncapa.rules";
	chmod(0600,"/etc/iptables.loncapa.rules");
	}
	}
	if (-e "/etc/iptables.loncapa.rules") {
	if (-e "/etc/network/if-pre-up.d/iptables") {
	if (open(PIPE, "diff --brief $instdir/debian/iptables /etc/network/if-pre-up/iptables \|")) {
	my $diffres = <PIPE>;
	close(PIPE);
	chomp($diffres);
	if ($diffres) {
	print &mt('Warning: [_1] exists but differs from LON-CAPA supplied file.','/etc/network/if-pre-up.d/iptables')."\n";
	}
	} else {
	print &mt('Error: unable to open [_1] to compare contents with LON-CAPA supplied file.','/etc/network/if-pre-up.d/iptables')."\n";
	}
	} else {
	copy "$instdir/debian/iptables","/etc/network/if-pre-up.d/iptables";
	chmod(0755,"/etc/network/if-pre-up.d/iptables");
	print_and_log(&mt('Installed script "[_1]" to add iptables rules to block all ports except 22, 80, and 443 when network is enabled during boot.','/etc/network/if-pre-up.d/iptables'));
	$ask_to_enable = 1;
	}
	}
	return $ask_to_enable;
}	}

sub download_loncapa {	sub download_loncapa {

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.4
changed lines
	Added in v.1.5