--- doc/install/linux/install.pl 2019/02/19 19:14:54 1.51 +++ doc/install/linux/install.pl 2019/12/03 04:55:08 1.61 @@ -77,7 +77,7 @@ if (!open(LOG,">>loncapa_install.log")) &mt('Stopping execution.')."\n"; exit; } else { - print LOG '$Id: install.pl,v 1.51 2019/02/19 19:14:54 raeburn Exp $'."\n"; + print LOG '$Id: install.pl,v 1.61 2019/12/03 04:55:08 raeburn Exp $'."\n"; } # @@ -166,7 +166,18 @@ sub get_user_selection { sub get_distro { my ($distro,$gotprereqs,$updatecmd,$packagecmd,$installnow,$unknown); $packagecmd = '/bin/rpm -q LONCAPA-prerequisites '; - if (-e '/etc/redhat-release') { + if (-e '/etc/oracle-release') { + open(IN,'; + chomp($versionstring); + close(IN); + if ($versionstring =~ /^Oracle Linux Server release (\d+)/) { + my $version = $1; + $distro = 'oracle'.$1; + $updatecmd = 'yum install LONCAPA-prerequisites'; + $installnow = 'yum -y install LONCAPA-prerequisites'; + } + } elsif (-e '/etc/redhat-release') { open(IN,'; chomp($versionstring); @@ -196,6 +207,10 @@ sub get_distro { $distro = 'rhes'.$1; $updatecmd = 'yum install LONCAPA-prerequisites'; $installnow = 'yum -y install LONCAPA-prerequisites'; + } elsif ($versionstring =~ /Red Hat Enterprise Linux release (\d+)/) { + $distro = 'rhes'.$1; + $updatecmd = 'dnf install LONCAPA-prerequisites'; + $installnow = 'dnf -y install LONCAPA-prerequisites'; } elsif ($versionstring =~ /CentOS(?:| Linux) release (\d+)/) { $distro = 'centos'.$1; $updatecmd = 'yum install LONCAPA-prerequisites'; @@ -308,7 +323,7 @@ sub get_distro { $unknown = 1; } } else { - print &mt('Unknown installation: expecting a debian, ubuntu, suse, sles, redhat, fedora or scientific linux system.')."\n"; + print &mt('Unknown installation: expecting a debian, ubuntu, suse, sles, redhat, fedora, scientific linux, or oracle linux system.')."\n"; } } return ($distro,$packagecmd,$updatecmd,$installnow); @@ -436,7 +451,7 @@ sub check_locale { print &mt('Failed to open: [_1], default locale not checked.', '/etc/sysconfig/i18n'); } - } elsif ($distro =~ /^(?:rhes|centos|scientific)(\d+)/) { + } elsif ($distro =~ /^(?:rhes|centos|scientific|oracle)(\d+)/) { if ($1 >= 7) { if (!open($fh,"= 19) { $mysqldaemon ='mariadb'; } - } elsif ($distro =~ /^(?:centos|rhes|scientific)(\d+)/) { + } elsif ($distro =~ /^(?:centos|rhes|scientific|oracle)(\d+)/) { if ($1 >= 7) { $mysqldaemon ='mariadb'; $process = 'mysqld'; @@ -715,6 +734,9 @@ sub chkconfig { if (($distro =~ /^ubuntu/) && ($version <= 8)) { $daemon{'cups'} = 'cupsys'; } + if (($distro =~ /^ubuntu/) && ($version >= 18)) { + $daemon{'ntp'} = 'chrony'; + } } elsif ($distro =~ /^fedora(\d+)/) { my $version = $1; if ($version >= 15) { @@ -729,7 +751,10 @@ sub chkconfig { if ($version >= 19) { $daemon{'mysql'} = 'mariadb'; } - } elsif ($distro =~ /^(?:centos|rhes|scientific)(\d+)/) { + if ($version >= 26) { + $daemon{'ntp'} = 'chronyd'; + } + } elsif ($distro =~ /^(?:centos|rhes|scientific|oracle)(\d+)/) { my $version = $1; if ($version >= 7) { $uses_systemctl{'ntp'} = 1; @@ -739,6 +764,9 @@ sub chkconfig { $uses_systemctl{'cups'} = 1; $daemon{'mysql'} = 'mariadb'; } + if (($version >= 8) || ($distro eq 'oracle7')) { + $daemon{'ntp'} = 'chronyd'; + } } my $nocheck; if (! -x $checker_bin) { @@ -833,7 +861,7 @@ sub chkconfig { sub uses_firewalld { my ($distro) = @_; - my ($inuse, $checkfirewalld); + my ($inuse,$checkfirewalld,$zone); if ($distro =~ /^(suse|sles)([\d\.]+)$/) { if (($1 eq 'sles') && ($2 >= 15)) { $checkfirewalld = 1; @@ -842,7 +870,7 @@ sub uses_firewalld { if ($1 >= 18) { $checkfirewalld = 1; } - } elsif ($distro =~ /^(?:centos|rhes|scientific)(\d+)/) { + } elsif ($distro =~ /^(?:centos|rhes|scientific|oracle)(\d+)/) { if ($1 >= 7) { $checkfirewalld = 1; } @@ -863,9 +891,18 @@ sub uses_firewalld { } if (($loaded eq 'loaded') || ($active eq 'active')) { $inuse = 1; + my $cmd = 'firewall-cmd --get-default-zone'; + if (open(PIPE,"$cmd |")) { + my $result = ; + chomp($result); + close(PIPE); + if ($result =~ /^\w+$/) { + $zone = $result; + } + } } } - return $inuse; + return ($inuse,$zone); } sub chkfirewall { @@ -876,19 +913,20 @@ sub chkfirewall { https => 443, ); my %activefw; - if (&firewall_is_active()) { - if (&uses_firewalld($distro)) { - my %current; - if (open(PIPE,'firewall-cmd --permanent --zone=public --list-services |')) { - my $svc = ; - close(PIPE); - chomp($svc); - map { $current{$_} = 1; } (split(/\s+/,$svc)); - } - if ($current{'http'} && $current{'https'}) { - $configfirewall = 0; - } - } else { + my ($firewalld,$zone) = &uses_firewalld($distro); + if ($firewalld) { + my %current; + if (open(PIPE,'firewall-cmd --permanent --zone='.$zone.' --list-services |')) { + my $svc = ; + close(PIPE); + chomp($svc); + map { $current{$_} = 1; } (split(/\s+/,$svc)); + } + if ($current{'http'} && $current{'https'}) { + $configfirewall = 0; + } + } else { + if (&firewall_is_active()) { my $iptables = &get_pathto_iptables(); if ($iptables eq '') { print &mt('Firewall not checked as path to iptables not determined.')."\n"; @@ -910,9 +948,9 @@ sub chkfirewall { print &mt('Firewall not checked as iptables Chains not identified.')."\n"; } } + } else { + print &mt('Firewall not enabled.')."\n"; } - } else { - print &mt('Firewall not enabled.')."\n"; } return ($configfirewall,\%activefw); } @@ -974,14 +1012,14 @@ sub chkapache { } elsif ($distro =~ /^(suse|sles)([\d\.]+)$/) { my ($name,$version) = ($1,$2); my $apache = 'apache'; - my $conf_file = "$instdir/sles-suse/default-server.conf"; + my $conf_file = "$instdir/sles-suse/default-server.conf"; if ($version >= 10) { $apache = 'apache2'; } if (($name eq 'sles') && ($version >= 12)) { $conf_file = "$instdir/sles-suse/apache2.4/default-server.conf"; } - if (!-e "$conf_file") { + if (!-e $conf_file) { $fixapache = 0; print &mt('Warning: No LON-CAPA Apache configuration file found for installation check.')."\n"; } elsif (-e "/etc/$apache/default-server.conf") { @@ -1010,7 +1048,8 @@ sub chkapache { } } else { my $configfile = 'httpd.conf'; - if ($distro =~ /^(?:centos|rhes|scientific)(\d+)$/) { + my $mpmfile = 'mpm.conf'; + if ($distro =~ /^(?:centos|rhes|scientific|oracle)(\d+)$/) { if ($1 >= 7) { $configfile = 'apache2.4/httpd.conf'; } elsif ($1 > 5) { @@ -1018,7 +1057,7 @@ sub chkapache { } } elsif ($distro =~ /^fedora(\d+)$/) { if ($1 > 17) { - $configfile = 'apache2.4/httpd.conf'; + $configfile = 'apache2.4/httpd.conf'; } elsif ($1 > 10) { $configfile = 'new/httpd.conf'; } @@ -1036,6 +1075,20 @@ sub chkapache { } } } + if (-e "/etc/httpd/conf.modules.d/00-mpm.conf") { + if (!-e "$instdir/centos-rhes-fedora-sl/$mpmfile") { + print &mt('Warning: No LON-CAPA Apache MPM configuration file found for installation check.')."\n"; + } elsif ((-e "/etc/httpd/conf.modules.d/00-mpm.conf") && (-e "$instdir/centos-rhes-fedora-sl/$mpmfile")) { + if (open(PIPE, "diff --brief $instdir/centos-rhes-fedora-sl/$mpmfile /etc/httpd/conf.modules.d/00-mpm.conf |")) { + my $diffres = ; + close(PIPE); + chomp($diffres); + if ($diffres) { + $fixapache = 1; + } + } + } + } } return $fixapache; } @@ -1787,7 +1840,7 @@ if ($distro eq '') { print "\n".&mt('Linux distribution could not be verified as a supported distribution.')."\n". &mt('The following are supported: [_1].', 'CentOS, RedHat Enterprise, Fedora, Scientific Linux, '. - 'openSuSE, SLES, Ubuntu LTS, Debian')."\n\n". + 'Oracle Linux, openSuSE, SLES, Ubuntu LTS, Debian')."\n\n". &mt('Stopping execution.')."\n"; exit; } @@ -1954,6 +2007,7 @@ if ($callsub{'apache'}) { ©_apache2_debconf($instdir,$distro,$hostname); } else { ©_httpd_conf($instdir,$distro,$hostname); + ©_mpm_conf($instdir,$distro); } } else { print_and_log(&mt('Skipping configuration of Apache web server.')."\n"); @@ -2023,9 +2077,10 @@ if ($callsub{'runlevels'}) { } if ($callsub{'firewall'}) { - if (&uses_firewalld($distro)) { + my ($firewalld,$zone) = &uses_firewalld($distro); + if ($firewalld) { my (%current,%added); - if (open(PIPE,'firewall-cmd --permanent --zone=public --list-services |')) { + if (open(PIPE,"firewall-cmd --permanent --zone=$zone --list-services |")) { my $svc = ; close(PIPE); chomp($svc); @@ -2033,7 +2088,7 @@ if ($callsub{'firewall'}) { } foreach my $service ('http','https') { unless ($current{$service}) { - if (open(PIPE,"firewall-cmd --permanent --zone=public --add-service=$service |")) { + if (open(PIPE,"firewall-cmd --permanent --zone=$zone --add-service=$service |")) { my $result = ; if ($result =~ /^success/) { $added{$service} = 1; @@ -2051,7 +2106,7 @@ if ($callsub{'firewall'}) { } unless ($current{'ssh'}) { print &mt('If you would the like to allow access to ssh from outside, use the command[_1].', - 'firewall-cmd --permanent --zone=public --add-service=ssh')."\n"; + "firewall-cmd --permanent --zone=$zone --add-service=ssh")."\n"; } } elsif ($distro =~ /^(suse|sles)/) { print &mt('Use [_1] to configure the firewall to allow access for [_2].', @@ -2073,14 +2128,24 @@ if ($callsub{'firewall'}) { } } } - } elsif ($distro =~ /^scientific/) { + } elsif ($distro =~ /^(scientific|oracle)/) { print &mt('Use [_1] to configure the firewall to allow access for [_2].', 'system-config-firewall-tui -- Customize', 'ssh, http')."\n"; } else { - print &mt('Use [_1] to configure the firewall to allow access for [_2].', - 'setup -- Firewall configuration -> Customize', - 'ssh, http, https')."\n"; + my $version; + if ($distro =~ /^(redhat|centos)(\d+)$/) { + $version = $1; + } + if ($version > 5) { + print &mt('Use [_1] to configure the firewall to allow access for [_2].', + 'system-config-firewall-tui -- Customize', + 'ssh, http')."\n"; + } else { + print &mt('Use [_1] to configure the firewall to allow access for [_2].', + 'setup -- Firewall configuration -> Customize', + 'ssh, http, https')."\n"; + } } } else { &print_and_log(&mt('Skipping Firewall configuration.')."\n"); @@ -2386,9 +2451,9 @@ sub setup_mysql_permissions { if ($usesauth) { @mysql_commands = ("INSERT user (Host, User, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www','','','','')"); if ($is_mariadb) { - push(@mysql_commands,"ALTER USER 'www'\@'localhost' IDENTIFIED BY 'localhostkey'"); + push(@mysql_commands,"ALTER USER 'www'\@'localhost' IDENTIFIED BY 'localhostkey'"); } else { - push(@mysql_commands,"ALTER USER 'www'\@'localhost' IDENTIFIED WITH mysql_native_password BY 'localhostkey'"); + push(@mysql_commands,"ALTER USER 'www'\@'localhost' IDENTIFIED WITH mysql_native_password BY 'localhostkey'"); } } elsif ($hasauthcol) { @mysql_commands = ("INSERT user (Host, User, Password, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www',password('localhostkey'),'','','','');"); @@ -2513,7 +2578,7 @@ sub get_mysql_version { sub copy_httpd_conf { my ($instdir,$distro,$hostname) = @_; my $configfile = 'httpd.conf'; - if ($distro =~ /^(?:centos|rhes|scientific)(\d+)$/) { + if ($distro =~ /^(?:centos|rhes|scientific|oracle)(\d+)$/) { if ($1 >= 7) { $configfile = 'apache2.4/httpd.conf'; } elsif ($1 > 5) { @@ -2534,6 +2599,50 @@ sub copy_httpd_conf { print_and_log("\n"); } +########################################################### +## +## RHEL/CentOS/Fedora/Scientific Linux +## Copy LON-CAPA mpm.conf to /etc/httpd/conf.modules.d/00-mpm.conf +## +## The LON-CAPA mpm.conf enables the prefork MPM module in +## Apache. This is also the default for RHEL/CentOS/Oracle +## Linux 7 and earlier, and Fedora 26 and earlier. For more +## recent versions of those distros, the event MPM is enabled +## by default. After ©_mpm_conf() is run, the prefork MPM +## module will be enabled instead of the event MPM module. +## +########################################################### + +sub copy_mpm_conf { + my ($instdir,$distro) = @_; + my $mpmfile = 'mpm.conf'; + if ((-e "/etc/httpd/conf.modules.d/00-mpm.conf") && + (-e "$instdir/centos-rhes-fedora-sl/$mpmfile")) { + print_and_log(&mt('Copying the LON-CAPA [_1] to [_2].',"'mpm.conf'", + "'/etc/httpd/conf.modules.d/00-mpm.conf'")."\n"); + copy "$instdir/centos-rhes-fedora-sl/$mpmfile","/etc/httpd/conf.modules.d/00-mpm.conf"; + chmod(0644,"/etc/httpd/conf.modules.d/00-mpm.conf"); + print_and_log("\n"); + } else { + my $logfail; + if ($distro =~ /^(?:centos|rhes|scientific|oracle)(\d+)$/) { + if ($1 > 7) { + $logfail = 1; + } + } elsif ($distro =~ /^fedora(\d+)$/) { + if ($1 > 26) { + $logfail = 1; + } + } + if ($logfail) { + print_and_log(&mt('Warning: copying the LON-CAPA [_1] failed because [_2] and/or [_3] are missing.', + $mpmfile,"'$instdir/centos-rhes-fedora-sl/$mpmfile'", + "'/etc/httpd/conf.modules.d/00-mpm.conf'")); + print_and_log("\n"); + } + } +} + ############################################### ## ## Copy loncapassl.conf and sslrewrite.conf @@ -3139,7 +3248,7 @@ sub copy_sysconfig_apache2_file { if (($name eq 'sles') && ($version >= 12)) { $sysconf_file = "$instdir/sles-suse/apache2.4/sysconfig_apache2"; } - copy "$sysconf_file","/etc/sysconfig/apache2"; + copy $sysconf_file,"/etc/sysconfig/apache2"; chmod(0444,"/etc/sysconfig/apache2"); }