Diff for /doc/loncapafiles/updatequery.piml between versions 1.58 and 1.93

version 1.58, 2007/05/22 23:16:47 version 1.93, 2020/01/04 18:03:16
Line 33  http://www.lon-capa.org/ Line 33  http://www.lon-capa.org/
 <target dist='default'>/</target>  <target dist='default'>/</target>
 <perlscript mode='fg'>  <perlscript mode='fg'>
 $|=1;  $|=1;
   use strict;
   use lib '/home/httpd/lib/perl/';
   use LONCAPA::Configuration;
   use LONCAPA::Lond;
   use LONCAPA::SSL;
   use LONCAPA;
   use GDBM_File;
   use Storable qw(thaw);
   use Term::ReadKey;
   use Locale::Country;
   
   sub get_new_sslkeypass {
       my $sslkeypass;
       my $flag=0;
   # get Password for SSL key
       while (!$flag) {
           $sslkeypass = &make_passphrase();
           if ($sslkeypass) {
               $flag = 1;
           } else {
               print "Invalid input (a password is required for the SSL key).\n";
           }
       }
       return $sslkeypass;
   }
   
   sub get_static_config {
   # get LCperlvars from loncapa_apache.conf
       my $confdir = '/etc/httpd/conf/';
       if ('<DIST />' eq 'sles10' || '<DIST />' eq 'sles11' || '<DIST />' eq 'sles12' || '<DIST />' eq 'sles15' || '<DIST />' eq 'suse10.1' || '<DIST />' eq 'suse10.2' || '<DIST />' eq 'suse10.3' || '<DIST />' eq 'suse11.1' || '<DIST />' eq 'suse11.2' || '<DIST />' eq 'suse11.3' || '<DIST />' eq 'suse11.4' || '<DIST />' eq 'suse12.1' || '<DIST />' eq 'suse12.2' || '<DIST />' eq 'suse12.3' || '<DIST />' eq 'suse13.1' || '<DIST />' eq 'suse13.2' || '<DIST />' eq 'debian5' || '<DIST />' eq 'debian6' || '<DIST />' eq 'ubuntu6' || '<DIST />' eq 'ubuntu8' || '<DIST />' eq 'ubuntu10' || '<DIST />' eq 'ubuntu12' || '<DIST />' eq 'ubuntu14' || '<DIST />' eq 'ubuntu16' || '<DIST />' eq 'ubuntu18' || '<DIST />' eq 'ubuntu20') {
           $confdir = '/etc/apache2/';
       }
       my $filename='loncapa_apache.conf';
       my %LCperlvar;
       if (-e "$confdir$filename") {
           open(CONFIG,'&lt;'.$confdir.$filename) or die("Can't read $confdir$filename");
           while (my $configline=&lt;CONFIG&gt;) {
               if ($configline =~ /^[^\#]?PerlSetVar/) {
                   my ($unused,$varname,$varvalue)=split(/\s+/,$configline);
                   chomp($varvalue);
                   $LCperlvar{$varname}=$varvalue;
               }
           }
           close(CONFIG);
       }
       return \%LCperlvar;
   }
   
   sub get_domain_config {
       my ($dom,$primaryserver,$isprimary,$url,$perlvarref) = @_;
       my %confhash;
       if ($isprimary) {
           if (ref($perlvarref) eq 'HASH') {
               my $lonusersdir = $perlvarref-&gt;{'lonUsersDir'};
               my $fname = $lonusersdir.'/'.$dom.'/configuration.db';
               if (-e $fname) {
                   my $dbref=&LONCAPA::locking_hash_tie($fname,&GDBM_READER());
                   if (ref($dbref) eq 'HASH') {
                       foreach my $key (sort(keys(%{$dbref}))) {
                           my $value = $dbref->{$key};
                           if ($value =~ s/^__FROZEN__//) {
                               $value = thaw(&LONCAPA::unescape($value));
                           } else {
                               $value = &LONCAPA::unescape($value);
                           }
                           $confhash{$key} = $value;
                       }
                       &LONCAPA::locking_hash_untie($dbref);
                   }
               }
           }
       } else {
           if (open(PIPE,"wget --no-check-certificate '$url?primary=$primaryserver&format=raw' |")) {
               my $config = '';
               while (&lt;PIPE&gt;) {
                   $config .= $_;
               }
               close(PIPE);
               if ($config) {
                   my @pairs=split(/\&/,$config);
                   foreach my $item (@pairs) {
                       my ($key,$value)=split(/=/,$item,2);
                       my $what = &LONCAPA::unescape($key);
                       if ($value =~ s/^__FROZEN__//) {
                           $value = thaw(&LONCAPA::unescape($value));
                       } else {
                           $value = &LONCAPA::unescape($value); 
                       }
                       $confhash{$what}=$value;
                   }
               }
           }
       }
       return (\%confhash);
   }
   
   sub make_passphrase {
       my ($got_passwd,$firstpass,$secondpass,$passwd);
       my $maxtries = 10;
       my $trial = 0;
       while ((!$got_passwd) && ($trial &lt; $maxtries)) {
           $firstpass = &get_password('Enter a password for the SSL key (at least 6 characters long)');
           if (length($firstpass) &lt; 6) {
               print('Password too short.'."\n".
                 'Please choose a password with at least six characters.'."\n".
                 'Please try again.'."\n");
           } elsif (length($firstpass) &gt; 30) {
               print('Password too long.'."\n".
                     'Please choose a password with no more than thirty characters.'."\n".
                     'Please try again.'."\n");
           } else {
               my $pbad=0;
               foreach (split(//,$firstpass)) {if ((ord($_)&lt;32)||(ord($_)&gt;126)){$pbad=1;}}
               if ($pbad) {
                   print('Password contains invalid characters.'."\n".
                         'Password must consist of standard ASCII characters.'."\n".
                         'Please try again.'."\n");
               } else {
                   $secondpass = &get_password('Enter password a second time');
                   if ($firstpass eq $secondpass) {
                       $got_passwd = 1;
                       $passwd = $firstpass;
                   } else {
                       print('Passwords did not match.'."\n".
                             'Please try again.'."\n");
                   }
               }
           }
           $trial ++;
       }
       return $passwd;
   }
   
   sub get_password {
       my ($prompt) = @_;
       local $| = 1;
       print $prompt.': ';
       my $newpasswd = '';
       ReadMode 'raw';
       my $key;
       while(ord($key = ReadKey(0)) != 10) {
           if(ord($key) == 127 || ord($key) == 8) {
               chop($newpasswd);
               print "\b \b";
           } elsif(!ord($key) &lt; 32) {
               $newpasswd .= $key;
               print '*';
           }
       }
       ReadMode 'normal';
       print "\n";
       return $newpasswd;
   }
   
   sub send_mail {
       my ($hostname,$recipient,$subj,$file) = @_;
       my $from = 'www@'.$hostname;
       my $certmail = "To: $recipient\n".
                      "From: $from\n".
                      "Subject: ".$subj."\n".
                      "Content-type: text/plain\; charset=UTF-8\n".
                      "MIME-Version: 1.0\n\n";
       if (open(my $fh,"&lt;$file")) {
           while (&lt;$fh&gt;) {
               $certmail .= $_;
           }
           close($fh);
           $certmail .= "\n\n";
           if (open(my $mailh, "|/usr/lib/sendmail -oi -t -odb")) {
               print $mailh $certmail;
               close($mailh);
               print "Mail sent ($subj) to $recipient\n";
           } else {
               print "Sending mail ($subj) to $recipient failed.\n";
           }
       }
       return;
   }
   
   sub mail_csr {
       my ($types,$lonCluster,$lonHostID,$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarref) = @_;
       my ($camail,$flag);
       if ($lonCluster eq 'production' || $lonCluster eq 'development') {
           $camail = $perlvarref-&gt;{'SSLEmail'};
       } else {
           $flag=0;
   # get Certificate Authority E-mail
           while (!$flag) {
               print(&lt;&lt;END);
   
   ENTER EMAIL ADDRESS TO SEND CERTIFICATE SIGNING REQUESTS
   END
   
               my $choice=&lt;&gt;;
               chomp($choice);
               if ($choice ne '') {
                   open(OUT,'&gt;&gt;/tmp/loncapa_updatequery.out');
                   print(OUT 'Certificate Authority Email Address'."\t".$choice."\n");
                   close(OUT);
                   $camail=$choice;
                   $flag=1;
               } else {
                   print "Invalid input (an email address is required).\n";
               }
           }
       }
       if ($camail) {
           my $subj;
           if (($types eq 'both') || ($types = 'host')) {
               if (-e "$certsdir/$connectcsr") {
                   $subj = "Certificate Request ($lonHostID)";
                   print(&send_mail($desiredhostname,$camail,$subj,"$certsdir/$connectcsr"));
               }
           }
           if (($types eq 'both') || ($types = 'hostname')) {
               if (-e "$certsdir/$replicatecsr") {
                   $subj = "Certificate Request (internal-$desiredhostname)";
                   print(&send_mail($desiredhostname,$camail,$subj,"$certsdir/$replicatecsr"));
               }
           }
       }
   }
   
   sub ssl_info {
       print(&lt;&lt;END);
   
   ****** Information about Country, State or Province and City *****
   
   A two-letter country code, e.g., US, CA, DE etc. as defined by ISO 3166,
   is required. A state or province, and a city are also required.
   This locality information is included in two SSL certificates used internally
   by LON-CAPA, unless you are running standalone.
   
   If your server will be part of either the production or development
   clusters, then the certificate will need to be signed by the official
   LON-CAPA Certificate Authority (CA).  If you will be running your own
   cluster then the cluster will need to create its own CA.
   
   END
   }
   
   sub get_country {
       my ($desiredhostname) = @_;
   # get Country
       my ($posscountry,$country);
       if ($desiredhostname =~ /\.(edu|com|org)$/) {
           $posscountry = 'us';
       } else {
           ($posscountry) = ($desiredhostname =~ /\.(a-z){2}$/);
       }
       if ($posscountry) {
           my $countrydesc = &Locale::Country::code2country($posscountry);
           if ($countrydesc eq '') {
               undef($posscountry);
           }
       }
   
       my $flag=0;
       while (!$flag) {
           if ($posscountry) {
               $posscountry = uc($posscountry);
               print "ENTER TWO-LETTER COUNTRY CODE [$posscountry]:\n";
           } else {
               print "ENTER TWO-LETTER COUNTRY CODE:\n";
           }
           my $choice=&lt;&gt;;
           chomp($choice);
           if ($choice ne '') {
               if (&Locale::Country::code2country(lc($choice))) {
                   open(OUT,'&gt;&gt;/tmp/loncapa_updatequery.out');
                   print(OUT 'country'."\t".uc($choice)."\n");
                   close(OUT);
                   $country=uc($choice);
                   $flag=1;
               } else {
                   print "Invalid input -- a valid two letter country code is required\n";
               }
           } elsif (($choice eq '') && ($posscountry ne '')) {
               open(OUT,'&gt;&gt;/tmp/loncapa_updatequery.out');
               print(OUT 'country'."\t".$posscountry."\n");
               close(OUT);
               $country = $posscountry;
               $flag = 1;
           } else {
               print "Invalid input -- a country code is required\n";
           }
       }
       return $country;
   }
   
   sub get_state {
   # get State or Province
       my $flag=0;
       my $state = '';
       while (!$flag) {
           print(&lt;&lt;END);
   
   ENTER STATE OR PROVINCE NAME:
   END
   
           my $choice=&lt;&gt;;
           chomp($choice);
           if ($choice ne '') {
               open(OUT,'&gt;&gt;/tmp/loncapa_updatequery.out');
               print(OUT 'state'."\t".$choice."\n");
               close(OUT);
               $state=$choice;
               $flag=1;
           } else {
               print "Invalid input (a state or province name is required).\n";
           }
       }
       return $state;
   }
   
   sub get_city {
   # get City
       my $flag=0;
       my $city = '';
       while (!$flag) {
           print(&lt;&lt;END);
   
   ENTER CITY NAME:
   END
   
           my $choice=&lt;&gt;;
           chomp($choice);
           if ($choice ne '') {
               open(OUT,'&gt;&gt;/tmp/loncapa_updatequery.out');
               print(OUT 'city'."\t".$choice."\n");
               close(OUT);
               $city=$choice;
               $flag=1;
           } else {
               print "Invalid input (a city is required).\n";
           }
       }
       return $city;
   }
   
   sub confirm_locality {
       my ($domainDescription,$country,$state,$city) = @_;
       my $flag = 0;
       while (!$flag) {
           print(&lt;&lt;END);
   
   The domain description, country, state and city will be
   used in the SSL certificates
   
   1) Domain Description: $domainDescription
   2) Country: $country
   3) State or Province: $state
   4) City: $city
   5) Everything is correct up above
   
   ENTER A CHOICE OF 1-4 TO CHANGE, otherwise ENTER 5:
   END
           my $choice=&lt;&gt;;
           chomp($choice);
           if ($choice == 1) {
               print(&lt;&lt;END);
   1) Domain Description: $domainDescription
   ENTER NEW VALUE
   END
               my $choice2=&lt;&gt;;
               chomp($choice2);
               $domainDescription=$choice2;
           } elsif ($choice == 2) {
               print(&lt;&lt;END);
   2) Country: $country
   ENTER NEW VALUE (this should be a two-character code, e,g, US, CA, DE)
   END
               my $choice2=&lt;&gt;;
               chomp($choice2);
               $country = uc($choice2);
           } elsif ($choice == 3) {
               print(&lt;&lt;END);
   3) State or Province: $state
   ENTER NEW VALUE:
   END
               my $choice2=&lt;&gt;;
               chomp($choice2);
               $state=$choice2;
           } elsif ($choice == 4) {
               print(&lt;&lt;END);
   4) City: $city
   ENTER NEW VALUE:
   END
               my $choice2=&lt;&gt;;
               chomp($choice2);
               $city=$choice2;
           } elsif ($choice == 5) {
               $flag=1;
               $state =~ s{/}{ }g;
               $city =~ s{/}{ }g;
               $domainDescription =~ s{/}{ }g;
           } else {
               print "Invalid input.\n";
           }
       }
       return ($domainDescription,$country,$state,$city);
   }
   
   sub make_key {
       my ($certsdir,$privkey,$sslkeypass) = @_;
   # generate SSL key
       if ($certsdir && $privkey) {
           if (-f "$certsdir/lonKey.enc") {
               my $mode = 0600;
               chmod $mode, "$certsdir/lonKey.enc";
           }
           open(PIPE,"openssl genrsa -des3 -passout pass:$sslkeypass -out $certsdir/lonKey.enc 2048 2&gt;&1 |");
           close(PIPE);
           if (-f "$certsdir/$privkey") {
               my $mode = 0600;
               chmod $mode, "$certsdir/$privkey";
           }
           open(PIPE,"openssl rsa -in $certsdir/lonKey.enc -passin pass:$sslkeypass -out $certsdir/$privkey -outform PEM |");
           close(PIPE);
           if (-f "$certsdir/lonKey.enc") {
               my $mode = 0400;
               chmod $mode, "$certsdir/lonKey.enc";
           }
           if (-f "$certsdir/$privkey") {
               my $mode = 0400;
               chmod $mode, "$certsdir/$privkey";
           }
       } else {
           print "Key creation failed.  Missing one or more of: certificates directory, key name\n";
       }
   }
   
   sub encrypt_key {
       my ($certsdir,$privkey,$sslkeypass) = @_;
       if ($certsdir && $privkey) { 
           if ((-f "$certsdir/$privkey") && (!-f "$certsdir/lonKey.enc")) {
               open(PIPE,"openssl rsa -des3 -in $certsdir/$privkey -out $certsdir/lonKey.enc |");
           }
       }
       return; 
   }
   
   sub make_host_csr {
       my ($certsdir,$sslkeypass,$connectcsr,$connectsubj) = @_;
   # generate SSL csr for hostID
       if ($certsdir && $connectcsr && $connectsubj) {
           open(PIPE,"openssl req -key $certsdir/lonKey.enc -passin pass:$sslkeypass -new -batch -subj \"$connectsubj\" -out $certsdir/$connectcsr |");
           close(PIPE);
       } else {
           print "Creation of certificate signing request failed.  Missing one or more of: certificates directory, CSR name, or locality information.\n";
       }
   }
   
   sub make_hostname_csr {
       my ($certsdir,$sslkeypass,$replicatecsr,$replicatesubj) = @_;
   # generate SSL csr for internal hostname
       if ($certsdir && $replicatecsr && $replicatesubj) {
           open(PIPE,"openssl req -key $certsdir/lonKey.enc -passin pass:$sslkeypass -new -batch -subj \"$replicatesubj\" -out $certsdir/$replicatecsr |");
           close(PIPE);
       } else {
           print "Creation of certificate signing request failed.  Missing one or more of: certificates directory, CSR name, or locality information.\n";
       }
   }
   
   sub securesetting {
       my (%perlvar) = @_;
       my ($securestatus,$securenum);
       if (($perlvar{'loncAllowInsecure'}) && ($perlvar{'londAllowInsecure'})) {
           $securenum = 4;
           $securestatus = 'Allow insecure connections - inbound and outbound';
       } elsif (($perlvar{'loncAllowInsecure'}) && (!$perlvar{'londAllowInsecure'})) {
           $securenum = 3;
           $securestatus = 'Outbound: allow insecure connections; Inbound: secure only';
       } elsif ((!$perlvar{'loncAllowInsecure'}) && ($perlvar{'londAllowInsecure'})) {
           $securenum = 2;
           $securestatus = 'Outbound: secure connections only; Inbound: allow insecure';
       } elsif ((!$perlvar{'loncAllowInsecure'}) && (!$perlvar{'londAllowInsecure'})) {
           $securenum = 1;
           $securestatus = 'Secure connections only - inbound and outbound ';
       }
       return ($securestatus,$securenum);
   }
   
   sub get_sslnames {
       my %sslnames = (
                         key      =&gt; 'lonnetPrivateKey',
                         host     =&gt; 'lonnetCertificate',
                         hostname =&gt; 'lonnetHostnameCertificate',
                         ca       =&gt; 'lonnetCertificateAuthority',
                      );
       return %sslnames;
   }
   
   sub get_ssldesc {
       my %ssldesc = (
                       key      =&gt; 'Private Key',
                       host     =&gt; 'Connections Certificate',
                       hostname =&gt; 'Replication Certificate',
                       ca       =&gt; 'LON-CAPA CA Certificate',
                     );
       return %ssldesc;
   }
   
   sub get_cert_status {
       my ($lonHostID,$hostname,$perlvarstatic) = @_;
       my $currcerts = &LONCAPA::SSL::print_certstatus({$lonHostID =&gt; $hostname,},'text','install');
       my ($lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,%sslstatus);
       my $output = '';
       if ($currcerts eq "$lonHostID:error") {
           $output .= "No information available for SSL certificates\n";
           $sslstatus{'key'} = -1;
           $sslstatus{'host'} = -1;
           $sslstatus{'hostname'} = -1;
           $sslstatus{'ca'} = -1;
           $lonkeystatus = 'unknown status';
           $lonhostcertstatus = 'unknown status';
           $lonhostnamecertstatus = 'unknown status';
       } else {
           my %sslnames = &get_sslnames();
           my %ssldesc = &get_ssldesc();
           my %csr;
           my ($lonhost,$info) = split(/\:/,$currcerts,2);
           if ($lonhost eq $lonHostID) {
               my @items = split(/\&/,$info);
               foreach my $item (@items) {
                   my ($key,$value) = split(/=/,$item,2);
                   if ($key =~ /^(host(?:|name))\-csr$/) {
                       $csr{$1} = $value;
                   }
                   my @data = split(/,/,$value);
                   if (grep(/^\Q$key\E$/,keys(%sslnames))) {
                       my ($checkcsr,$comparecsr);
                       if (lc($data[0]) eq 'yes') {
                           $output .= "$ssldesc{$key} ".$perlvarstatic-&gt;{$sslnames{$key}}." available with status = $data[1]\n";
                           if ($key eq 'key') {
                               $lonkeystatus = "status: $data[1]";
                               if ($data[1] =~ /ok$/) {
                                   $sslstatus{$key} = 1;
                               }
                           } else {
                               my $setstatus;
                               if (($key eq 'host') || ($key eq 'hostname')) { 
                                   if ($data[1] eq 'otherkey') {
                                       $sslstatus{$key} = 4;
                                       $setstatus = 1;
                                       if ($key eq 'host') {
                                           $lonhostcertstatus = "status: created with different key";
                                       } elsif ($key eq 'hostname') {
                                           $lonhostnamecertstatus = "status: created with different key"; 
                                       }
                                   } elsif ($data[1] eq 'nokey') {
                                       $sslstatus{$key} = 5;
                                       $setstatus = 1;
                                       if ($key eq 'host') {
                                           $lonhostcertstatus = "status: created with missing key";
                                       } elsif ($key eq 'hostname') {
                                           $lonhostnamecertstatus = "status: created with missing key";
                                       }
                                   }
                                   if ($setstatus) {
                                       $comparecsr = 1;
                                   }
                               }
                               unless ($setstatus) {
                                   if ($data[1] eq 'expired') {
                                       $sslstatus{$key} = 2;
                                   } elsif ($data[1] eq 'future') {
                                       $sslstatus{$key} = 3;
                                   } else {
                                       $sslstatus{$key} = 1;
                                   }
                                   if ($key eq 'host') {
                                       $lonhostcertstatus = "status: $data[1]";
                                   } elsif ($key eq 'hostname') {
                                       $lonhostnamecertstatus = "status: $data[1]";
                                   }
                               }
                           }
                       } else {
                           $sslstatus{$key} = 0;
                           $output .= "$ssldesc{$key} ".$perlvarstatic-&gt;{$sslnames{$key}}." not available\n";
                           if ($key eq 'key') {
                               $lonkeystatus = 'still needed';
                           } elsif (($key eq 'host') || ($key eq 'hostname')) {
                               $checkcsr = 1;
                           }
                       }
                       if (($checkcsr) || ($comparecsr)) {
                           my $csrfile = $perlvarstatic-&gt;{$sslnames{$key}};
                           $csrfile =~s /\.pem$/.csr/;
                           my $csrstatus;
                           if (-e $perlvarstatic-&gt;{'lonCertificateDirectory'}."/$csrfile") {
                               open(PIPE,"openssl req -text -noout -verify -in ".$perlvarstatic-&gt;{'lonCertificateDirectory'}."/$csrfile 2&gt;&1 |");
                               while(&lt;PIPE&gt;) {
                                   chomp();
                                   $csrstatus = $_;
                                   last;
                               }
                               close(PIPE);
                               if ((($comparecsr) && ($csr{$key})) || ($checkcsr)) {
                                   $output .= "Certificate signing request for $ssldesc{$key} available with status = $csrstatus\n\n";
                                   if ($key eq 'host') {
                                       $lonhostcertstatus = 'awaiting signature';
                                   } else {
                                       $lonhostnamecertstatus = 'awaiting signature';
                                   }
                                   $sslstatus{$key} = 3;
                               }
                           } elsif ($checkcsr) {
                               $output .= "No certificate signing request available for $ssldesc{$key}\n\n";
                               if ($key eq 'host') {
                                   $lonhostcertstatus = 'still needed';
                               } else {
                                   $lonhostnamecertstatus = 'still needed';
                               }
                           }
                       }
                   }
               }
           }
       }
       return ($output,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,\%sslstatus);
   }
   
   print(&lt;&lt;END);    print(&lt;&lt;END);
   
   
Line 48  $|=1; Line 672  $|=1;
   
 END  END
 #sleep(3);  #sleep(3);
   
 </perlscript>  </perlscript>
 </file>  </file>
 <file>  <file>
 <target dist='default'>loncom/hosts.tab</target>  <target dist='default'>../../loncom/hosts.tab</target>
 <perlscript mode='fg'>  <perlscript mode='fg'>
 unless (-l "<TARGET />") {  my $lonCluster;
   print(&lt;&lt;END);  my $currCluster;
   
   if (-l "<TARGET />") {
     my $currlink = readlink("<TARGET />");
     if ($currlink =~ /^new_(existing|standalone|development|production)_hosts\.tab$/) {
         $currCluster = $1;
     }
     my %clustertypes = (
                          production  =&gt; 'PRODUCTION',
                          standalone  =&gt; 'STAND-ALONE',
                          development =&gt; 'DEVELOPMENT',
                          existing    =&gt; 'RUNNING YOUR OWN CLUSTER',
                        );
     if (($currCluster) && (exists($clustertypes{$currCluster}))) {
         print(&lt;&lt;END);
   
   The cluster type for this server is currently: $clustertypes{$currCluster}
   END
   
     }
   }
   
   print(&lt;&lt;END);
   
 ===============================================================================  ===============================================================================
   
 Which cluster option would you like to have installed?  Which cluster option would you like to have installed?
 IMPORTANT: to take advantage of the cluster options 1) and 3),  IMPORTANT: to take advantage of the cluster options 1) and 3),
 you must contact lon-capa\@lon-capa.org.  you must contact loncapa\@loncapa.org.
   
 1) PRODUCTION - you want to eventually connect this machine to the  1) PRODUCTION - you want to eventually connect this machine to the
                 LON-CAPA content sharing network. This setting is for                  LON-CAPA content sharing network. This setting is for
                 schools, colleges, and universities, that currently                  schools, colleges, and universities, that currently
                 are running - or in the future will run - courses                  are running - or in the future will run - courses.
 2) STAND-ALONE - you want this machine to run in 'stand-alone' mode and  2) STAND-ALONE - you want this machine to run in 'stand-alone' mode and
                  not be connected to other LON-CAPA machines for now                   not be connected to other LON-CAPA machines for now.
 3) DEVELOPMENT - you want to do software (not content!) development with  3) DEVELOPMENT - you want to do software (not content!) development with
                  this workstation and eventually link it with the                   this workstation and eventually link it with the
                  workstations of other LON-CAPA software developers.                   workstations of other LON-CAPA software developers.
Line 81  END Line 729  END
   
 # get input  # get input
 # if valid then process, otherwise loop  # if valid then process, otherwise loop
 $flag=0;  my $flag=0;
 while (!$flag) {  while (!$flag) {
   print "ENTER 1, 2, 3, or 4:\n";    print "ENTER 1, 2, 3, or 4:\n";
   my $choice=&lt;&gt;;    my $choice=&lt;&gt;;
Line 114  END Line 762  END
     $lonCluster='rawhide'; $flag=1;      $lonCluster='rawhide'; $flag=1;
   }    }
 }  }
 }  
 </perlscript>  </perlscript>
 </file>  </file>
 <file>  <file>
Line 124  $|=1; Line 771  $|=1;
 my $domainDescription;  my $domainDescription;
 my $domainTabExtras;  my $domainTabExtras;
 my $primaryLibServer;  my $primaryLibServer;
   my $protocol;
   my $intdom;
   my $desiredhostname;
   my $city;
   my $state;
   my $country;
 my @libservers = ();  my @libservers = ();
 unless (-e "<TARGET />") {  unless (-e "<TARGET />") {
   print(&lt;&lt;END);    print(&lt;&lt;END);
            WELCOME TO LON-CAPA!             WELCOME TO LON-CAPA!
   
 If you have questions, please visit http://install.lon-capa.org  If you have questions, please visit http://install.loncapa.org
 or contact helpdesk\@lon-capa.org.  or contact helpdesk\@loncapa.org.
   
 ===============================================================================  ===============================================================================
 The following 4 values are needed to configure LON-CAPA:  The following 10 values are needed to configure LON-CAPA:
 * Machine Role  * Machine Role
 * LON-CAPA Domain Name  * LON-CAPA Domain Name
 * LON-CAPA Machine ID Name, and  * LON-CAPA Machine ID Name
 * Server Administration E-mail Address.  * Server Administration E-mail Address
   * LON-CAPA Domain's Primary Library Server Machine ID
   * Web Server Protocol
   * Internet Domain Name of Your Institution
   * Hostname
   * City, State, Country for LON-CAPA SSL certificate 
   * Password for key for creating SSL certificates
 ===============================================================================  ===============================================================================
   
 In addition, a Support E-mail Address can also be included. If  In addition, a Support E-mail Address can also be included. If
Line 155  close(OUT); Line 814  close(OUT);
 **** Machine Role ****  **** Machine Role ****
 Library server (recommended if first-time installation of LON-CAPA):  Library server (recommended if first-time installation of LON-CAPA):
    Servers that are repositories of authoritative educational resources.     Servers that are repositories of authoritative educational resources.
    These servers also provide the construction space by which instructors     These servers also provide the authoring spaces in which content
    assemble their classroom online material.     creators (e.g., faculty instructors) create their learning content.
 Access server:  Access server:
    Servers that load-balance high-traffic delivery of educational resources     Servers that load-balance high-traffic delivery of educational resources
    over the world-wide web.     over the world-wide web.
Line 201  if ($hostname=~/([^\.]*)\.([^\.]*)$/) { Line 860  if ($hostname=~/([^\.]*)\.([^\.]*)$/) {
   print(&lt;&lt;END);    print(&lt;&lt;END);
   
 **** Domain ****  **** Domain ****
 [This does NOT need to correspond to internet address domains.  [This does NOT need to correspond to an internet address domain.
  Please make this name short AND descriptive of your organization.   Please make this name short AND descriptive of your organization.
  Domain names are close to impossible to change later!!!   Domain names are close to impossible to change later!!!
  Good examples might be "msu" or "bionet" or "vermontcc".   Good examples might be "msu" or "bionet" or "vermontcc".
  Bad examples are "physics" (too general)   Bad examples are "physics" (too general)
    or "michiganstateuniversity" (too long)     or "michiganstateuniversity" (too long)
    or "msuedu" (internet domain, just make it "msu")     or "msuedu" (just make it "msu", or else make it msu.edu)
    or "msuphysics" (only if there is a good reason to limit to department     or "msuphysics" (only if there is a good reason to limit to department
                     - we don't know of one)                      - we don't know of one)
    or "mydomain" (what is that?)     or "mydomain" (what is that?)
Line 215  if ($hostname=~/([^\.]*)\.([^\.]*)$/) { Line 874  if ($hostname=~/([^\.]*)\.([^\.]*)$/) {
  have to actually work together with your colleagues. You can still run   have to actually work together with your colleagues. You can still run
  multiple library servers within the same domain.   multiple library servers within the same domain.
  If this domain is eventually going to be part of the main production   If this domain is eventually going to be part of the main production
  cluster, you MUST contact the LON-CAPA group at MSU (loncapa@loncapa.org)   cluster, you MUST contact the LON-CAPA group at MSU (loncapa\@loncapa.org)
  to have a domain name assigned, and then use it exactly as given. This is   to have a domain name assigned, and then use it exactly as given. This is
  also true for test installs that might eventually turn into production setups.   also true for test installs that might eventually turn into production setups.
  Stop now if you didn't do so.]   The short domain name needs to be unique, if your aim is to join a cluster 
    containing existing domains. Stop now if you have not yet contacted the 
    MSU LON-CAPA group.] 
 END  END
   
 # get domain name  # get domain name
Line 254  END Line 915  END
     close(OUT);      close(OUT);
     $lonDefDomain=$choice;      $lonDefDomain=$choice;
     $flag=1;      $flag=1;
   } elsif (length($choice)>35) {    } elsif (length($choice)&gt;35) {
     print "Name too long\n";      print "Name too long\n";
   } elsif (length($choice)<2) {    } elsif (length($choice)&lt;2) {
     print "Name too short\n";      print "Name too short\n";
   } elsif ($bad_domain_flag) {    } elsif ($bad_domain_flag) {
     print "Invalid input ('$choice' conflicts with LON-CAPA namespace).\n";      print "Invalid input ('$choice' conflicts with LON-CAPA namespace).\n";
Line 273  END Line 934  END
   }    }
 }  }
   
   
 # get domain description  # get domain description
 # accept if valid, if not valid, tell user and repeat  # accept if valid, if not valid, tell user and repeat
 $flag=0;  $flag=0;
Line 342  END Line 1002  END
     close(OUT);      close(OUT);
     $lonHostID=$choice;      $lonHostID=$choice;
     $flag=1;      $flag=1;
   } elsif (length($choice)>45) {    } elsif (length($choice)&gt;45) {
     print "Name too long\n";      print "Name too long\n";
   } elsif (length($choice)<4) {    } elsif (length($choice)&lt;4) {
     print "Name too short\n";      print "Name too short\n";
   } elsif ($choice!~/\_/ and $choice=~/^[\w\-.]+$/) {    } elsif ($choice!~/\_/ and $choice=~/^[\w\-.]+$/) {
     open(OUT,'&gt;&gt;/tmp/loncapa_updatequery.out');      open(OUT,'&gt;&gt;/tmp/loncapa_updatequery.out');
Line 366  if ($lonRole eq 'library') { Line 1026  if ($lonRole eq 'library') {
         $primaryLibServer = $libservers[0];          $primaryLibServer = $libservers[0];
     }      }
 }  }
   
   $flag=0;
 while (!$flag) {  while (!$flag) {
   print(&lt;&lt;END);    print(&lt;&lt;END);
 **** Domain's Primary Library Server ID ****  **** Domain's Primary Library Server ID ****
Line 373  This should be the LON-CAPA machine ID o Line 1035  This should be the LON-CAPA machine ID o
 domain.  If you only have a single library server in your domain, then  domain.  If you only have a single library server in your domain, then
 the Primary Library server ID will be the machine ID of that server.   the Primary Library server ID will be the machine ID of that server. 
 This server will be where domain data which are not associated with any  This server will be where domain data which are not associated with any
 specific home library server will be stored (e.g., e-mail broadcast by  specific home library server will be stored (e.g., configurations that
 administrators to users in the domain).  apply to all nodes in the domain).
 END  END
     if (defined($primaryLibServer)) {      if (defined($primaryLibServer)) {
         print(&lt;&lt;END);          print(&lt;&lt;END);
 ENTER DOMAIN'S PRIMARY LIBRARY SERVER ID [$primaryLibServer]:  ENTER DOMAIN'S PRIMARY LIBRARY SERVER ID [$primaryLibServer]:
 END  END
     } elsif (@libservers > 0) {      } elsif (@libservers &gt; 0) {
         print(&lt;&lt;END);          print(&lt;&lt;END);
 ENTER DOMAIN'S PRIMARY LIBRARY SERVER ID [$libservers[0]]  ENTER DOMAIN'S PRIMARY LIBRARY SERVER ID [$libservers[0]]
 END  END
Line 398  END Line 1060  END
         print(OUT 'primaryLibServer'."\t".$choice."\n");          print(OUT 'primaryLibServer'."\t".$choice."\n");
         close(OUT);          close(OUT);
         $flag=1;          $flag=1;
     } elsif (length($choice)>35) {      } elsif (length($choice)&gt;35) {
         print "Name too long\n";          print "Name too long\n";
     } elsif (length($choice)<4) {      } elsif (length($choice)&lt;4) {
         print "Name too short\n";          print "Name too short\n";
     } elsif ($choice!~/\_/ and $choice=~/^[\w\-.]+$/) {      } elsif ($choice!~/\_/ and $choice=~/^[\w\-.]+$/) {
         open(OUT,'&gt;&gt;/tmp/loncapa_updatequery.out');          open(OUT,'&gt;&gt;/tmp/loncapa_updatequery.out');
Line 421  my $lonAdmEMail; Line 1083  my $lonAdmEMail;
 while (!$flag) {  while (!$flag) {
   print(&lt;&lt;END);    print(&lt;&lt;END);
   
 **** Server Administrators E-mail ****  **** Server Administrator's E-mail ****
 E-mail address of the person who will manage this machine  E-mail address of the person who will manage this machine
 [should be in the form somebody\@somewhere]  [should be in the form somebody\@somewhere]
 ENTER ADMIN E-MAIL ADDRESS:  ENTER ADMIN E-MAIL ADDRESS:
Line 474  END Line 1136  END
   }    }
 }  }
   
   # get protocol
   # accept if valid, if not valid, tell user and repeat
   $flag=0;
   while (!$flag) {
     print(&lt;&lt;END);
   
   ****  Web Server Protocol ****
   If you plan to run the Apache server with SSL enabled, 
   the protocol should be: https; otherwise it should be http.
   ENTER WEB SERVER PROTOCOL [http]:
   END
   
     my $choice=&lt;&gt;;
     chomp($choice);
     if ($choice =~ /^https?$/) {
       open(OUT,'&gt;&gt;/tmp/loncapa_updatequery.out');
       print(OUT 'protocol'."\t".$choice."\n");
       close(OUT);
       $protocol=$choice;
       $flag=1;
     } elsif ($choice eq '') {
       open(OUT,'&gt;&gt;/tmp/loncapa_updatequery.out');
       print(OUT 'protocol'."\t".'http'."\n");
       close(OUT);
       $protocol = 'http';
       $flag = 1;
     } else {
       print "Invalid input (only http or https allowed).\n";
     }
   }
   
   # get internet domain
   # accept if valid, if not valid, tell user and repeat
   $flag=0;
   while (!$flag) {
     print(&lt;&lt;END);
   
   ****  Internet Domain Name of Your Institution ****
   
   The internet domain name used for servers at your institution 
   should be provided.  This will be similar to: ustate.edu or
   topcollege.ac.uk or myhostingcompany.com, i.e., the part of
   a server hostname which indicates to which organization the 
   server belongs.
   
   ENTER INTERNET DOMAIN NAME:
   END
   
     my $choice=&lt;&gt;;
     chomp($choice);
     if ($choice =~/[^.]+\.[^.]+/) {
       open(OUT,'&gt;&gt;/tmp/loncapa_updatequery.out');
       print(OUT 'internet domain'."\t".$choice."\n");
       close(OUT);
       $intdom=$choice;
       $flag=1;
     }
     else {
       print "Invalid input (must be at least two levels separated by .  - e.g., ustate.edu).\n";
     }
   }
   
   # get hostname
   # accept if valid, if not valid, tell user and repeat
   $flag=0;
   my $posshostname;
   if (($hostname =~ /^[A-Za-z0-9\-]+$/) && ($intdom ne '')) {
       $posshostname = $hostname.'.'.$intdom;
   } 
   if (($hostname =~ /^[A-Za-z0-9\-]+\.[A-Za-z0-9\-]+/) &&
       ($hostname =~ /^[A-Za-z0-9.\-]+$/)) {
       $posshostname = $hostname;
   }
   while (!$flag) {
     print(&lt;&lt;END);
   
   ****** Hostname of the server/VM *****
   
   The hostname of the server/VM is required. This will be similar to:
   somename.ustate.edu or somename.department.ustate.edu, and would be
   the web address which users would point their web browsers at to
   access the server.
   
   END
   
   if ($posshostname) {
       print "ENTER HOSTNAME OF SERVER [$posshostname]:\n";
   } else {
       print "ENTER HOSTNAME OF SERVER:\n";
   }
   
     my $choice=&lt;&gt;;
     chomp($choice);
     if (($choice =~ /^[A-Za-z0-9\-]+\.[A-Za-z0-9\-]+/) &&
         ($choice =~ /^[A-Za-z0-9.\-]+$/)) {
       open(OUT,'&gt;&gt;/tmp/loncapa_updatequery.out');
       print(OUT 'hostname'."\t".$choice."\n");
       close(OUT);
       $desiredhostname=$choice;
       $flag=1;
     } elsif (($choice eq '') && ($posshostname ne '')) {
       open(OUT,'&gt;&gt;/tmp/loncapa_updatequery.out');
       print(OUT 'hostname'."\t$posshostname\n");
       close(OUT);
       $desiredhostname = $posshostname;
       $flag = 1;
     } else {
       print "Invalid input (only letters, numbers, - and . allowed, with at least one .).\n";
     }
   }
   
   &ssl_info();
   
   $country = &get_country($desiredhostname);
   
   $state = &get_state();
   
   $city = &get_city();
   
   ($domainDescription,$country,$state,$city) = &confirm_locality($domainDescription,$country,$state,$city);
   
   my $perlstaticref = &get_static_config();
   if (ref($perlstaticref) eq 'HASH') {
     my ($certsdir,$privkey,$connectcsr,$replicatecsr);
     $certsdir = $perlstaticref-&gt;{'lonCertificateDirectory'};
     $privkey = $perlstaticref-&gt;{'lonnetPrivateKey'};
     $connectcsr = $perlstaticref-&gt;{'lonnetCertificate'};
     $connectcsr =~ s/\.pem$/.csr/;
     $replicatecsr = $perlstaticref-&gt;{'lonnetHostnameCertificate'};
     $replicatecsr =~ s/\.pem$/.csr/;
   
     print(&lt;&lt;END);
   
   ****** SSL Certificates *****
   
   You need to provide a password to be used for the openssl key which
   will be stored in $certsdir, and will be used when creating two
   certificate signing requests: $connectcsr and $replicatecsr
   
   END
   
     my $sslkeypass = &get_new_sslkeypass();
   
     if ($certsdir && $privkey) {
       my $connectsubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=$lonHostID/OU=LONCAPA/emailAddress=$lonAdmEMail";
       my $replicatesubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=internal-$desiredhostname/OU=LONCAPA/emailAddress=$lonAdmEMail";
   
   # generate SSL key
       &make_key($certsdir,$privkey,$sslkeypass);
   # generate SSL csr for hostID
       &make_host_csr($certsdir,$sslkeypass,$connectcsr,$connectsubj);
   # generate SSL csr for internal hostname
       &make_hostname_csr($certsdir,$sslkeypass,$replicatecsr,$replicatesubj);
   # mail csr files to certificate@lon-capa.org (production or dev clusters).
       &mail_csr('both',$lonCluster,$lonHostID,$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlstaticref);
   
       } else {
           print "Could not acquire standard names for SSL Certificate files from loncapa_apache.conf\n";
       }
   } else {
       print "Could not acquire standard names for SSL Certificate files from loncapa_apache.conf\n";
   }
   
 # update loncapa.conf  # update loncapa.conf
 my $confdir = '/etc/httpd/conf/';  my $confdir = '/etc/httpd/conf/';
 if ('<DIST />' eq 'sles10' || '<DIST />' eq 'suse10.1' || '<DIST />' eq 'suse10.2') {  if ('<DIST />' eq 'sles10' || '<DIST />' eq 'sles11' || '<DIST />' eq 'sles12' || '<DIST />' eq 'sles15' || '<DIST />' eq 'suse10.1' || '<DIST />' eq 'suse10.2' || '<DIST />' eq 'suse10.3' || '<DIST />' eq 'suse11.1' || '<DIST />' eq 'suse11.2' || '<DIST />' eq 'suse11.3' || '<DIST />' eq 'suse11.4' || '<DIST />' eq 'suse12.1' || '<DIST />' eq 'suse12.2' || '<DIST />' eq 'suse12.3' || '<DIST />' eq 'suse13.1' || '<DIST />' eq 'suse13.2' || '<DIST />' eq 'debian5' || '<DIST />' eq 'debian6' || '<DIST />' eq 'ubuntu6' || '<DIST />' eq 'ubuntu8' || '<DIST />' eq 'ubuntu10' || '<DIST />' eq 'ubuntu12' || '<DIST />' eq 'ubuntu14' || '<DIST />' eq 'ubuntu16' || '<DIST />' eq 'ubuntu18' || '<DIST />' eq 'ubuntu20') {
      $confdir = '/etc/apache2/';       $confdir = '/etc/apache2/';
 }     }   
 my $filename='loncapa.conf';  my $filename='loncapa.conf';
Line 510  my %perlvar; Line 1334  my %perlvar;
     unless ($perlvar{'lonReceipt'} and $perlvar{'lonReceipt'}!~/\{\[\[\[\[/) {      unless ($perlvar{'lonReceipt'} and $perlvar{'lonReceipt'}!~/\{\[\[\[\[/) {
        my $lonReceipt='';         my $lonReceipt='';
        srand(time ^ $$ ^ unpack "%L*", `ps axww | gzip`);         srand(time ^ $$ ^ unpack "%L*", `ps axww | gzip`);
        my @alnum=(0..9,a..z);         my @alnum=(0..9,"a".."z");
        foreach my $i (1..20) {         foreach my $i (1..20) {
  $lonReceipt.=$alnum[int(rand(36))];   $lonReceipt.=$alnum[int(rand(36))];
        }         }
Line 534  END Line 1358  END
 </file>  </file>
 <file>  <file>
 <target dist='default'>/etc/httpd/conf/</target>  <target dist='default'>/etc/httpd/conf/</target>
 <target dist='sles10 suse10.1 suse10.2'>/etc/apache2/</target>  <target dist='sles10 sles11 sles12 sles15 suse10.1 suse10.2 suse10.3 suse11.1 suse11.2 suse11.3 suse11.4 suse12.1 suse12.2 suse12.3 suse13.1 suse13.2 debian5 debian6 ubuntu6 ubuntu8 ubuntu10 ubuntu12 ubuntu14 ubuntu16 ubuntu18 ubuntu20'>/etc/apache2/</target>
 <perlscript mode='fg'>  <perlscript mode='fg'>
 sub securesetting {  
     my (%perlvar)=@_;  
     my $securestatus='unknown';  
     my $securenum='';  
     if      ( $perlvar{'loncAllowInsecure'}&&  $perlvar{'londAllowInsecure'}) {  
  $securestatus='no';                  $securenum='4';  
     } elsif ( $perlvar{'loncAllowInsecure'}&& !$perlvar{'londAllowInsecure'}) {  
  $securestatus='lond';                $securenum='3';  
     } elsif (!$perlvar{'loncAllowInsecure'}&&  $perlvar{'londAllowInsecure'}) {  
  $securestatus='lonc';                $securenum='2';  
     } elsif (!$perlvar{'loncAllowInsecure'}&& !$perlvar{'londAllowInsecure'}) {  
  $securestatus='yes (lond and lonc)'; $securenum='1';  
     }  
     return ($securestatus,$securenum);  
 }  
 # read values from loncapa.conf  # read values from loncapa.conf
 my $confdir = "<TARGET />";  my $confdir = "<TARGET />";
 my $filename='loncapa.conf';  my $filename='loncapa.conf';
 my %perlvar;  my %perlvar;
 my ($securestatus,$securenum);  
     if (-e "$confdir$filename") {      if (-e "$confdir$filename") {
  open(CONFIG,'&lt;'.$confdir.$filename) or    open(CONFIG,'&lt;'.$confdir.$filename) or 
           die("Can't read $confdir$filename");            die("Can't read $confdir$filename");
Line 583  my ($securestatus,$securenum); Line 1391  my ($securestatus,$securenum);
     unless ($perlvar{'loncAllowInsecure'} and $perlvar{'loncAllowInsecure'}!~/\{\[\[\[\[/) {      unless ($perlvar{'loncAllowInsecure'} and $perlvar{'loncAllowInsecure'}!~/\{\[\[\[\[/) {
        $perlvar{'loncAllowInsecure'}='1';         $perlvar{'loncAllowInsecure'}='1';
     }      }
     ($securestatus,$securenum)=&securesetting(%perlvar);      my ($securestatus,$securenum)=&securesetting(%perlvar);
     unless ($perlvar{'lonReceipt'} and $perlvar{'lonReceipt'}!~/\{\[\[\[\[/) {      unless ($perlvar{'lonReceipt'} and $perlvar{'lonReceipt'}!~/\{\[\[\[\[/) {
        my $lonReceipt='';         my $lonReceipt='';
        srand(time ^ $$ ^ unpack "%L*", `ps axww | gzip`);         srand(time ^ $$ ^ unpack "%L*", `ps axww | gzip`);
        my @alnum=(0..9,a..z);         my @alnum=(0..9,"a".."z");
        foreach my $i (1..20) {         foreach my $i (1..20) {
  $lonReceipt.=$alnum[int(rand(36))];   $lonReceipt.=$alnum[int(rand(36))];
        }         }
        $perlvar{'lonReceipt'}=$lonReceipt;         $perlvar{'lonReceipt'}=$lonReceipt;
     }      }
 my %perlvarstatic;      my $perlvarstatic = &get_static_config();
     if (-e "${confdir}loncapa_apache.conf") {  
  open(CONFIG,'&lt;'.$confdir.'loncapa_apache.conf') or   
           die("Can't read ${confdir}loncapa_apache.conf");  
  while (my $configline=&lt;CONFIG&gt;) {  
     if ($configline =~ /^[^\#]*PerlSetVar/) {  
  my ($unused,$varname,$varvalue)=split(/\s+/,$configline);  
  chomp($varvalue);  
  $perlvarstatic{$varname}=$varvalue;  
     }  
  }  
  close(CONFIG);  
     }  
   
     my (@hosts_files, @domain_files);      my (@hosts_files, @domain_files);
     if ( $lonCluster ne 'existing') {      if ( $lonCluster ne 'existing') {
Line 619  my %perlvarstatic; Line 1415  my %perlvarstatic;
     push(@hosts_files,'/home/httpd/lonTabs/hosts.tab',      push(@hosts_files,'/home/httpd/lonTabs/hosts.tab',
          '/home/httpd/lonTabs/dns_hosts.tab');           '/home/httpd/lonTabs/dns_hosts.tab');
   
       my @poss_hosts_files = @hosts_files;
     if (!$domainDescription) {      if (!$domainDescription) {
  foreach my $file (@domain_files) {   foreach my $file (@domain_files) {
     open(IN,'&lt;'.$file);      open(IN,'&lt;'.$file);
Line 627  my %perlvarstatic; Line 1424  my %perlvarstatic;
     (undef,$domainDescription,$domainTabExtras)=split(/:/,$line,3);      (undef,$domainDescription,$domainTabExtras)=split(/:/,$line,3);
     chomp($domainDescription);      chomp($domainDescription);
     chomp($domainTabExtras);      chomp($domainTabExtras);
     # the remianing field (primary lib server) is handled later      # the remaining field (primary lib server) is handled later
     $domainTabExtras = join(':',(split(/:/,$domainTabExtras))[0..5]);      $domainTabExtras = join(':',(split(/:/,$domainTabExtras))[0..5]);
     last;      last;
  }   }
Line 637  my %perlvarstatic; Line 1434  my %perlvarstatic;
  }   }
     }      }
   
     while(!$primaryLibServ && (@hosts_file || @domain_files)) {      if ((!$protocol) || (!$desiredhostname)) {
           foreach my $file (@hosts_files) {
               open(IN,'&lt;'.$file);
               while(my $line = &lt;IN&gt;) {
                   if ($line =~ /^\Q$perlvar{'lonHostID'}\E:\Q$perlvar{'lonDefDomain'}\E\:(?:access|library)\:([^:]+)\:(https?)/) {
                       if (!$desiredhostname) {
                           $desiredhostname = $1;
                       }
                       if (!$protocol) { 
                           $protocol = $2;
                           chomp($protocol);
                       }
                       last;
                   }
               }
           }
       }
   
       if (!$protocol) {
           $protocol = 'http';
       }
   
       if (!$intdom) {
           foreach my $file (@hosts_files) {
               open(IN,'&lt;'.$file);
               while(my $line = &lt;IN&gt;) {
                   if ($line =~ /^\Q$perlvar{'lonHostID'}\E:\Q$perlvar{'lonDefDomain'}\E\:(?:access|library)\:[^:]+\:https?\:([^:]+)/) {
                       $intdom = $1;
                       chomp($intdom);
                       last;
                   }
               }
           }
       }
   
       my (%hostnames,%protocols);
       while(!$primaryLibServer && (@hosts_files || @domain_files)) {
  my $file = shift(@domain_files);   my $file = shift(@domain_files);
         open(IN,'&lt;'.$file);          open(IN,'&lt;'.$file);
         while(my $line = &lt;IN&gt;) {          while(my $line = &lt;IN&gt;) {
Line 651  my %perlvarstatic; Line 1484  my %perlvarstatic;
  $file = shift(@hosts_files);   $file = shift(@hosts_files);
  open(IN,'&lt;'.$file);   open(IN,'&lt;'.$file);
  while(my $line = &lt;IN&gt;) {   while(my $line = &lt;IN&gt;) {
     if ($line =~ /^([^\:]+)\:\Q$perlvar{'lonDefDomain'}\E\:library\:/) {      if ($line =~ /^([^\:]+)\:\Q$perlvar{'lonDefDomain'}\E\:library\:([^\:]+)/) {
  push(@libservers,$1);   push(@libservers,$1);
                   $hostnames{$1} = $2;
     }      }
  }   }
  # make list unique   # make list unique
  @libservers = keys(%{{ map { $_ => 1 } (@libservers) }});   @libservers = keys(%{{ map { $_ =&gt; 1 } (@libservers) }});
  close(IN);   close(IN);
  if (@libservers == 1) {   if (@libservers == 1) {
     $primaryLibServer = $libservers[0];      $primaryLibServer = $libservers[0];
  }   }
     }      }
   
   # get hostname of primaryLibServer
       my ($primary_hostname,$primary_protocol);
       if ($primaryLibServer) {
           if ($hostnames{$primaryLibServer}) {
               $primary_hostname = $hostnames{$primaryLibServer};
               $primary_protocol = $protocols{$primaryLibServer};
           } else {
               foreach my $file (@poss_hosts_files) {
                   open(IN,'&lt;'.$file);
                   while (my $line = &lt;IN&gt;) {
                       if ($line =~ /^([^\:]+)\:\Q$perlvar{'lonDefDomain'}\E\:library\:([^\:]+):(https?)/) {
                           if ($1 eq $primaryLibServer) {
                               $primary_hostname = $2;
                               $primary_protocol = $3;
                               last;
                           }
                       }
                   }
                   close(IN);
                   last if ($primary_hostname);
               }
           }
       }
         
 # implement editing logic below, interactively  # implement editing logic below, interactively
 # update loncapa.conf until 12 is entered  # update loncapa.conf until 18 is entered
   
 $flag=0;  my $flag=0;
   
   #
   # Changes to 5, 6, and 14 not supported if configuration.db set on primary library server.
   # (requires either this machine to be primary library server or for LON-CAPA and Apache
   # to be running on primary library server).
   #
   
   my ($isprimary,$domconf,$url,$gotdomconf,$adminmail,$supportmail,$connectssl,%setbygui);
   if ($primaryLibServer eq $perlvar{'lonHostID'}) {
       $isprimary = 1;
   } else {
       unless ($primary_protocol eq 'https') {
           $primary_protocol = 'http';
       } 
       $url = $primary_protocol.'://'.$primary_hostname.'/cgi-bin/listdomconfig.pl';
   }
   
   my %sslnames = &get_sslnames();
   my %ssldesc = &get_ssldesc();
   
   my $domconf = &get_domain_config($perlvar{'lonDefDomain'},$primaryLibServer,$isprimary,
                                    $url,$perlvarstatic);
   if (ref($domconf)) {
       $gotdomconf = 1;
       if (ref($domconf-&gt;{'contacts'}) eq 'HASH') {
           if (exists($domconf-&gt;{'contacts'}-&gt;{'adminemail'})) {
               $adminmail = $domconf-&gt;{'contacts'}-&gt;{'adminemail'};
           }
           if (exists($domconf->{'contacts'}->{'supportemail'})) {
               $supportmail = $domconf-&gt;{'contacts'}-&gt;{'supportemail'};
           }
       }
       if (ref($domconf-&gt;{'ssl'}) eq 'HASH') {
           foreach my $connect ('connto','connfrom') { 
               if (ref($domconf-&gt;{'ssl'}-&gt;{$connect}) eq 'HASH') {       
                   my ($sslreq,$sslnoreq,$currsetting);
                   my %contypes; 
                   foreach my $type ('dom','intdom','other') {
                       my $key;
                       if ($domconf-&gt;{'ssl'}-&gt;{'connect'}-&gt;{$type} eq 'req') {
                           $key = 'yes';
                       } else {
                           $key = 'no';
                       }
                       if ($type eq 'dom') {
                           $contypes{$key} .= ' own domain,';
                       } elsif ($type eq 'intdom') {
                           $contypes{$key} .= ' own institution,';
                       } elsif ($type eq 'other') { 
                           $contypes{$key} .= ' other domains,';
                       }
                   }
                   foreach my $key (sort(keys(%contypes))) {
                       $contypes{$key} =~ s/^\s//;
                       $contypes{$key} =~ s/,$//;
                       if ($key eq 'yes') {
                           $currsetting .= ' Yes ('.$contypes{$key}.'),';
                       } elsif ($key eq 'no') {
                           $currsetting .= ' No ('.$contypes{$key}.')';
                       }
                       $currsetting =~ s/,$//;
                   }
                   if ($currsetting ne '') {
                       $connectssl = $sslnames{$connect}.' -- '.$currsetting.' | '; 
                   }
               }
           }
           $connectssl =~ s/\s\|\s$//; 
       }
   }
   if ($connectssl) {
       $setbygui{'securestatus'} = 1;
       $securestatus = 'Set by domain configuration via web GUI. Currently: '.$connectssl; 
   }
   if ($adminmail) {
       $adminmail = 'Set by domain configuration via web GUI. Currently: '.$adminmail;
       $setbygui{'lonAdmEMail'} = 1;
   } else {
       $adminmail = $perlvar{'lonAdmEMail'};
   }
   if ($supportmail) {
       $supportmail = 'Set by domain configuration via web GUI. Currently: '.$supportmail;
       $setbygui{'lonSupportEMail'} = 1;
   } else {
       $supportmail = $perlvar{'lonSupportEMail'};
   }
   
   print "\nRetrieving status information for SSL key and certificates ...\n\n";
   my ($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = 
       &get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic);
   print $certinfo;
   my %sslstatus;
   if (ref($sslref) eq 'HASH') {
       %sslstatus = %{$sslref};
   }
   
 while (!$flag) {  while (!$flag) {
   print(&lt;&lt;END);    print(&lt;&lt;END);
Line 677  This is now the current configuration of Line 1630  This is now the current configuration of
  2) Domain Description: $domainDescription   2) Domain Description: $domainDescription
  3) Machine Name: $perlvar{'lonHostID'}   3) Machine Name: $perlvar{'lonHostID'}
  4) ID of primary library server for domain: $primaryLibServer   4) ID of primary library server for domain: $primaryLibServer
  5) Server Administrator's E-mail Address: $perlvar{'lonAdmEMail'}   5) Server Administrator's E-mail Address: $adminmail
  6) Support E-mail Address: $perlvar{'lonSupportEMail'}   6) Support E-mail Address: $supportmail
  7) Role: $perlvar{'lonRole'}   7) Web Server Protocol (http or https): $protocol 
  8) Cache Expiration Time: $perlvar{'lonExpire'}   8) Internet Domain Name: $intdom 
  9) Server Load: $perlvar{'lonLoadLim'}   9) Hostname: $desiredhostname
 10) User Load: $perlvar{'lonUserLoadLim'}  10) Role: $perlvar{'lonRole'}
 11) Allow only secure connections: $securestatus   11) Cache Expiration Time: $perlvar{'lonExpire'} (seconds)
 12) Everything is correct up above  12) Server Load: $perlvar{'lonLoadLim'}
   13) User Load: $perlvar{'lonUserLoadLim'}
   14) LON-CAPA "internal" connections: $securestatus
   15) Private Key for SSL: $lonkeystatus
   16) SSL Certificate for LON-CAPA server connections: $lonhostcertstatus
   17) SSL Certificate for Content Replication: $lonhostnamecertstatus
   18) Everything is correct up above
 END  END
   
 my @error;  my @error;
 foreach my $v ($perlvar{'lonDefDomain'},$perlvar{'lonHostID'}) {  foreach my $v ($perlvar{'lonDefDomain'},$perlvar{'lonHostID'}) {
    if (length($v)>35) { $error.="\nName $v too long"; }     if (length($v)&gt;35) { push(@error,"Name $v too long"); }
    if (length($v)<2) { $error.="\nName $v too short"; }     if (length($v)&lt;2) { push(@error,"Name $v too short"); }
    if ($v=~/capa/i) {     if ($v=~/capa/i) {
  if ($v!~/^oucapa\d+$/ &&    if ($v!~/^oucapa\d+$/ && 
     ($v!~/^capa\d+$/ && $perlvar{'lonDefDomain'} eq 'uwsp')) {      ($v!~/^capa\d+$/ && $perlvar{'lonDefDomain'} eq 'uwsp')) {
Line 715  unless (($perlvar{'lonRole'} eq 'library Line 1674  unless (($perlvar{'lonRole'} eq 'library
    push(@error,"Invalid Role");     push(@error,"Invalid Role");
 }  }
   
   unless (($protocol eq 'http') || ($protocol eq 'https')) {
      push(@error,"Invalid Protocol (must be http or https");
   }
   
   if (!defined($intdom)) { 
      push(@error,"No internet domain name designated. Enter something like ustate.edu"); 
   } elsif ($intdom !~ /[^.]+\.\w{2,6}$/) {
      push(@error,"Invalid Internet domain name (must be at least two levels separated by .  - e.g., ustate.edu");
   }
   
 if (!defined($primaryLibServer)) {  if (!defined($primaryLibServer)) {
    if (@libservers > 0) {     if (@libservers &gt; 0) {
        push(@error,"No primary library server ID designated. Choose from: ".join(',',sort(@libservers)));         push(@error,"No primary library server ID designated. Choose from: ".join(',',sort(@libservers)));
    } else {     } else {
        push(@error,"No library servers in this domain (including current server)");         push(@error,"No library servers in this domain (including current server)");
    }     }
 } else {  } else {
    if (length($primaryLibServer)>35) { push(@error,"Primary Library Server ID:  $primaryLibServer too long"); }     if (length($primaryLibServer)&gt;35) { push(@error,"Primary Library Server ID:  $primaryLibServer too long"); }
    if (length($primaryLibServer)<2) { push(@error,"Primary Library Server ID:  $primaryLibServer too short"); }     if (length($primaryLibServer)&lt;2) { push(@error,"Primary Library Server ID:  $primaryLibServer too short"); }
    if ($primaryLibServer =~/capa/i) {     if ($primaryLibServer =~/capa/i) {
         if ($primaryLibServer!~/^oucapa\d+$/ &&          if ($primaryLibServer!~/^oucapa\d+$/ &&
             ($primaryLibServer!~/^capa\d+$/ && $perlvar{'lonDefDomain'} eq 'uwsp')) {              ($primaryLibServer!~/^capa\d+$/ && $perlvar{'lonDefDomain'} eq 'uwsp')) {
Line 738  if (!defined($primaryLibServer)) { Line 1707  if (!defined($primaryLibServer)) {
 }  }
   
   
   my ($certsdir,$privkey,$connectcsr,$replicatecsr);
   $certsdir = $perlvarstatic-&gt;{'lonCertificateDirectory'};
   $privkey = $perlvarstatic-&gt;{'lonnetPrivateKey'};
   $connectcsr = $perlvarstatic-&gt;{'lonnetCertificate'};
   $connectcsr =~ s/\.pem$/.csr/;
   $replicatecsr = $perlvarstatic-&gt;{'lonnetHostnameCertificate'};
   $replicatecsr =~ s/\.pem$/.csr/;
   
 if (@error) { print "\n*** ERRORS: \n\t".join("\n\t",@error)."\n"; }  if (@error) { print "\n*** ERRORS: \n\t".join("\n\t",@error)."\n"; }
   print(&lt;&lt;END);    print(&lt;&lt;END);
 ENTER A CHOICE OF 1-11 TO CHANGE, otherwise ENTER 12:  ENTER A CHOICE OF 1-17 TO CHANGE, otherwise ENTER 18:
 END  END
 my $choice=&lt;&gt;;  my $choice=&lt;&gt;;
 chomp($choice);  chomp($choice);
Line 793  END Line 1770  END
     $primaryLibServer=$choice2;      $primaryLibServer=$choice2;
   }    }
   elsif ($choice==5) {    elsif ($choice==5) {
   print(&lt;&lt;END);      if ($setbygui{'lonAdmEMail'}) {
         print(&lt;&lt;END);
   5) Server Administrator's E-mail Address: $adminmail
   Use the web GUI (as domain coordinator) to make changes after completing the UPDATE.
   END
       } else {
         print(&lt;&lt;END);
 5) Server Administrator's E-mail Address: $perlvar{'lonAdmEMail'}  5) Server Administrator's E-mail Address: $perlvar{'lonAdmEMail'}
 ENTER NEW VALUE:  ENTER NEW VALUE:
 END  END
         my $choice2=&lt;&gt;;
         chomp($choice2);
         $perlvar{'lonAdmEMail'}=$choice2;
         $adminmail=$perlvar{'lonAdmEMail'};
       }
     }
     elsif ($choice==6) {
       if ($setbygui{'lonSupportEMail'}) {
         print(&lt;&lt;END);
   6) Support E-mail Address: $supportmail
   Use the web GUI (as domain coordinator) to make changes after completing the UPDATE.
   END
       } else {    
         print(&lt;&lt;END);
   6) Support E-mail Address: $perlvar{'lonSupportEMail'}
   ENTER NEW VALUE:
   END
         my $choice2=&lt;&gt;;
         chomp($choice2);
         $perlvar{'lonSupportEMail'}=$choice2;
         $supportmail=$perlvar{'lonSupportEMail'};
       }
     }
     elsif ($choice==7) {
     print(&lt;&lt;END);
   7) Server Protocol (http or https): 
   ENTER NEW VALUE: (this should be either 'http' or 'https'
                    if in doubt set to 'http'):
   END
     my $choice2=&lt;&gt;;      my $choice2=&lt;&gt;;
     chomp($choice2);      chomp($choice2);
     $perlvar{'lonAdmEMail'}=$choice2;      $protocol=$choice2;
   }    }
   elsif ($choice==6) {    elsif ($choice==8) {
   print(&lt;&lt;END);    print(&lt;&lt;END);
 6) Support E-mail Address: $perlvar{'lonSupportEMail'}  8) Internet Domain Name of Institution
   ENTER NEW VALUE: 
   
   END
       my $choice2=&lt;&gt;;
       chomp($choice2);
       $intdom=$choice2;
     }
     elsif ($choice==9) {
     print(&lt;&lt;END);
   9) Hostname of Server/VM
 ENTER NEW VALUE:  ENTER NEW VALUE:
   
 END  END
     my $choice2=&lt;&gt;;      my $choice2=&lt;&gt;;
     chomp($choice2);      chomp($choice2);
     $perlvar{'lonSupportEMail'}=$choice2;      $desiredhostname=$choice2;
   }    }
   elsif ($choice==7) {  
     elsif ($choice==10) {
   print(&lt;&lt;END);    print(&lt;&lt;END);
 7) Role: $perlvar{'lonRole'}  10) Role: $perlvar{'lonRole'}
 ENTER NEW VALUE (this should be either 'access' or 'library'   ENTER NEW VALUE (this should be either 'access' or 'library' 
                  if in doubt select 'library'):                   if in doubt select 'library'):
 END  END
Line 820  END Line 1844  END
     chomp($choice2);      chomp($choice2);
     $perlvar{'lonRole'}=$choice2;      $perlvar{'lonRole'}=$choice2;
   }    }
   elsif ($choice==8) {    elsif ($choice==11) {
   print(&lt;&lt;END);    print(&lt;&lt;END);
 8) Cache Expiration Time: $perlvar{'lonExpire'}  11) Cache Expiration Time: $perlvar{'lonExpire'}
 ENTER NEW VALUE (in seconds, 86400 is a reasonable value):  ENTER NEW VALUE (in seconds, 86400 is a reasonable value):
 END  END
     my $choice2=&lt;&gt;;      my $choice2=&lt;&gt;;
     chomp($choice2);      chomp($choice2);
     $perlvar{'lonExpire'}=$choice2;      $perlvar{'lonExpire'}=$choice2;
   }    }
   elsif ($choice==9) {    elsif ($choice==12) {
   print(&lt;&lt;END);    print(&lt;&lt;END);
 9) Server Load: $perlvar{'lonLoadLim'}  12) Server Load: $perlvar{'lonLoadLim'}
 ENTER NEW VALUE:  ENTER NEW VALUE:
 END  END
     my $choice2=&lt;&gt;;      my $choice2=&lt;&gt;;
     chomp($choice2);      chomp($choice2);
     $perlvar{'lonLoadLim'}=$choice2;      $perlvar{'lonLoadLim'}=$choice2;
   }    }
   elsif ($choice==10) {    elsif ($choice==13) {
   print(&lt;&lt;END);    print(&lt;&lt;END);
 10) User Load: $perlvar{'lonUserLoadLim'}  13) User Load: $perlvar{'lonUserLoadLim'}
 Numer of users that can login before machine is 'overloaded'  Numer of users that can login before machine is 'overloaded'
 ENTER NEW VALUE (integer value, 0 means there is no limit):  ENTER NEW VALUE (integer value, 0 means there is no limit):
 END  END
Line 848  END Line 1872  END
     chomp($choice2);      chomp($choice2);
     $perlvar{'lonUserLoadLim'}=$choice2;      $perlvar{'lonUserLoadLim'}=$choice2;
   }    }
   elsif ($choice==11) {    elsif ($choice==14) {
   print(&lt;&lt;END);      if ($setbygui{'securestatus'}) {
 11) Allow only secure connections: $securestatus         print(&lt;&lt;END);
   14) Allow only secure connections: $securestatus
   Use the web GUI (as domain coordinator) to make changes after completing the UPDATE.
   END
       } else {
         print(&lt;&lt;END);
   14) Allow only secure connections: $securestatus 
 The Lon-CAPA communication daemons lonc and lond can be configured to  The Lon-CAPA communication daemons lonc and lond can be configured to
 allow only secure connections by default.  allow only secure connections by default.
   
Line 862  POSSIBLE CHOICES: Line 1892  POSSIBLE CHOICES:
 3) allow insecure connections to this machine but only allow connections  3) allow insecure connections to this machine but only allow connections
     to machines that support secure connections      to machines that support secure connections
 4) allow insecure connections  4) allow insecure connections
 ENTER NEW VALUE (currenly $securenum):  ENTER NEW VALUE (currently $securenum):
 END  END
     my $choice2=&lt;&gt;;        my $choice2=&lt;&gt;;
     chomp($choice2);        chomp($choice2);
     if      ($choice2 eq '1') {        if      ($choice2 eq '1') {
  $perlvar{'loncAllowInsecure'}=0;$perlvar{'londAllowInsecure'}=0;    $perlvar{'loncAllowInsecure'}=0;$perlvar{'londAllowInsecure'}=0;
     } elsif ($choice2 eq '2') {        } elsif ($choice2 eq '2') {
  $perlvar{'loncAllowInsecure'}=0;$perlvar{'londAllowInsecure'}=1;    $perlvar{'loncAllowInsecure'}=0;$perlvar{'londAllowInsecure'}=1;
     } elsif ($choice2 eq '3') {        } elsif ($choice2 eq '3') {
  $perlvar{'loncAllowInsecure'}=1;$perlvar{'londAllowInsecure'}=0;    $perlvar{'loncAllowInsecure'}=1;$perlvar{'londAllowInsecure'}=0;
     } elsif ($choice2 eq '4') {        } elsif ($choice2 eq '4') {
  $perlvar{'loncAllowInsecure'}=1;$perlvar{'londAllowInsecure'}=1;    $perlvar{'loncAllowInsecure'}=1;$perlvar{'londAllowInsecure'}=1;
         }
         ($securestatus,$securenum)=&securesetting(%perlvar);
     }      }
     ($securestatus,$securenum)=&securesetting(%perlvar);    } elsif ($choice==15) {
   }        if ($sslstatus{'key'} == 1) {
   elsif (($choice==12) && (!$error)) {            print(&lt;&lt;END);
   15) Private Key for SSL: $lonkeystatus
   
   POSSIBLE CHOICES:
   1) overwrite existing key
   2) make no change
   ENTER NEW VALUE
   END
             my $choice2=&lt;&gt;;
             chomp($choice2);
             if ($choice2 eq '1') {
                 my $sslkeypass = &get_new_sslkeypass();
                 &make_key($certsdir,$privkey,$sslkeypass);
             }
         } elsif ($sslstatus{'key'} == 0) {
             print(&lt;&lt;END);
   15) Private Key for SSL: $lonkeystatus
   END
             my $sslkeypass = &get_new_sslkeypass();
             &make_key($certsdir,$privkey,$sslkeypass);
             print "\nRetrieving status information for SSL key and certificates ...\n\n";
             ($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) =
                &get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic);
             if (ref($sslref) eq 'HASH') {
                 %sslstatus = %{$sslref};
             }
         }
     } elsif ($choice==16) {
         if (($sslstatus{'host'} == 1) || ($sslstatus{'host'} == 2) || ($sslstatus{'host'} == 3)) {
             print(&lt;&lt;END);
   16) SSL Certificate for LON-CAPA server connections: $lonhostcertstatus
   
   POSSIBLE CHOICES:
   1) create new certificate signing request with new key
   2) create new certificate signing request with existing key
   3) resend current certificate signing request
   4) make no change
   ENTER NEW VALUE
   END
   
             my $choice2=&lt;&gt;;
             chomp($choice2);
             if (($choice2 eq '1') || ($choice2 eq '2')) {
                 &ssl_info();
                 my $country = &get_country($desiredhostname);
                 my $state = &get_state();
                 my $city = &get_city();
                 my $connectsubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=$perlvar{'lonHostID'}/OU=LONCAPA/emailAddress=$adminmail";
                 ($domainDescription,$country,$state,$city) = &confirm_locality($domainDescription,$country,$state,$city);
                 my $sslkeypass;
                 if ($choice2 eq '1') {
                     $sslkeypass = &get_new_sslkeypass();
                     &make_key($certsdir,$privkey,$sslkeypass);
                 } elsif ($choice2 eq '2') {
                     $sslkeypass = &get_password('Enter existing password for SSL key');
                     &encrypt_key($certsdir,$privkey,$sslkeypass);
                 }
                 &make_host_csr($certsdir,$sslkeypass,$connectcsr,$connectsubj);
                 &mail_csr('host',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic);
                 print "\nRetrieving status information for SSL key and certificates ...\n\n";
                 ($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) =
                     &get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic);
                 if (ref($sslref) eq 'HASH') {
                     %sslstatus = %{$sslref};
                 }
             } elsif ($choice2 eq '3') {
                 if (-e "$certsdir/$connectcsr") {
                     &mail_csr('host',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic);
                 }
             }
         } elsif (($sslstatus{'host'} == 0) || ($sslstatus{'host'} == 4) || ($sslstatus{'host'} == 5)) {
             my $sslkeypass;
             if ($sslstatus{'key'} == 1) {
                 print(&lt;&lt;END);
   16) SSL Certificate for LON-CAPA server connections: $lonhostcertstatus
   
   POSSIBLE CHOICES:
   1) create new certificate signing request with new key
   2) create new certificate signing request with existing key
   3) make no change
   ENTER NEW VALUE
   END
                 my $choice2=&lt;&gt;;
                 chomp($choice2);
                 if ($choice2 eq '1') {
                     $sslkeypass = &get_new_sslkeypass();
                     &make_key($certsdir,$privkey,$sslkeypass);
                 } elsif ($choice2 eq '2') {
                     $sslkeypass = &get_password('Enter existing password for SSL key');
                     &encrypt_key($certsdir,$privkey,$sslkeypass);
                 }
             } else {
                 print(&lt;&lt;END);
   16) SSL Certificate for LON-CAPA server connections: $lonhostcertstatus
   END
                 $sslkeypass = &get_new_sslkeypass();
             }
             &ssl_info();
             my $country = &get_country($desiredhostname);
             my $state = &get_state();
             my $city = &get_city();
             my $connectsubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=$perlvar{'lonHostID'}/OU=LONCAPA/emailAddress=$adminmail";
             &make_host_csr($certsdir,$sslkeypass,$connectcsr,$connectsubj);
             &mail_csr('host',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic);
             print "\nRetrieving status information for SSL key and certificates ...\n\n";
             ($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) =
                 &get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic);
             if (ref($sslref) eq 'HASH') {
                 %sslstatus = %{$sslref};
             }
         }
     } elsif ($choice==17) {
         if (($sslstatus{'hostname'} == 1) || ($sslstatus{'hostname'} == 2) || ($sslstatus{'hostname'} == 3)) {
             print(&lt;&lt;END);
   17) SSL Certificate for Content Replication: $lonhostnamecertstatus
   
   POSSIBLE CHOICES:
   1) create new certificate signing request with new key
   2) create new certificate signing request with existing key
   3) resend current certificate signing request
   4) make no change
   ENTER NEW VALUE
   END
             my $choice2=&lt;&gt;;
             chomp($choice2);
             if (($choice2 eq '1') || ($choice2 eq '2')) {
                 &ssl_info();
                 my $country = &get_country($desiredhostname);
                 my $state = &get_state();
                 my $city = &get_city();
                 my $replicatesubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=internal-$desiredhostname/OU=LONCAPA/emailAddress=$adminmail";
                 my $sslkeypass;
                 if ($choice2 eq '1') {
                     $sslkeypass = &get_new_sslkeypass();
                     &make_key($certsdir,$privkey,$sslkeypass);
                 } elsif ($choice2 eq '2') {
                     $sslkeypass = &get_password('Enter existing password for SSL key');
                     &encrypt_key($certsdir,$privkey,$sslkeypass);
                 }
                 &make_hostname_csr($certsdir,$sslkeypass,$replicatecsr,$replicatesubj);
                 &mail_csr('hostname',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic);
                 print "\nRetrieving status information for SSL key and certificates ...\n\n";
                 ($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) =
                     &get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic);
                 if (ref($sslref) eq 'HASH') {
                     %sslstatus = %{$sslref};
                 }
             } elsif ($choice2 eq '3') {
                 if (-e "$certsdir/$replicatecsr") {
                     &mail_csr('hostname',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic);
                 }
             }
         } elsif (($sslstatus{'hostname'} == 0) || ($sslstatus{'hostname'} == 4) || ($sslstatus{'hostname'} == 5)) {
             my $sslkeypass;
             if ($sslstatus{'key'} == 1) {
                 print(&lt;&lt;END);
   17) SSL Certificate for Content Replication: $lonhostnamecertstatus
   
   POSSIBLE CHOICES:
   1) create new certificate signing request with new key
   2) create new certificate signing request with existing key
   3) make no change
   ENTER NEW VALUE
   END
                 my $choice2=&lt;&gt;;
                 chomp($choice2);
                 if ($choice2 eq '1') {
                     $sslkeypass = &get_new_sslkeypass();
                     &make_key($certsdir,$privkey,$sslkeypass);
                 } elsif ($choice2 eq '2') {
                     $sslkeypass = &get_password('Enter existing password for SSL key');
                     &encrypt_key($certsdir,$privkey,$sslkeypass);
                 }
             } else {
                 print(&lt;&lt;END);
   17) SSL Certificate for Content Replication: $lonhostnamecertstatus
   END
                 $sslkeypass = &get_new_sslkeypass();
             }
             &ssl_info();
             my $country = &get_country($desiredhostname);
             my $state = &get_state();
             my $city = &get_city();
             my $replicatesubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=internal-$desiredhostname/OU=LONCAPA/emailAddress=$adminmail";
             &make_hostname_csr($certsdir,$sslkeypass,$replicatecsr,$replicatesubj);
             &mail_csr('hostname',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic);
             print "\nRetrieving status information for SSL key and certificates ...\n\n";
             ($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) =
                 &get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic);
             if (ref($sslref) eq 'HASH') {
                 %sslstatus = %{$sslref};
             }
         }
     } elsif (($choice==18) && (!@error)) {
     $flag=1;      $flag=1;
   }    } else {
   else {  
     print "Invalid input.\n";      print "Invalid input.\n";
   }    }
 }  }
   
     open(OUT,"&gt;$confdir$filename") or      open(OUT,"&gt;$confdir$filename") or
       die("Cannot output to $confdir$filename\n");        die("Cannot output to $confdir$filename\n");
     foreach my $key (keys %perlvar) {      foreach my $key (keys %perlvar) {
Line 892  END Line 2117  END
       if ($value eq '') {        if ($value eq '') {
           $line = '#'.$line;            $line = '#'.$line;
       }        }
       print(OUT &lt;&lt;END) unless $perlvarstatic{$key};        print(OUT &lt;&lt;END) unless ($perlvarstatic-&gt;{$key});
 $line  $line
 END  END
     }      }
Line 903  END Line 2128  END
 <target dist='default'>loncom/hosts.tab</target>  <target dist='default'>loncom/hosts.tab</target>
 <perlscript mode='fg'>  <perlscript mode='fg'>
 unless (-l "<TARGET />") {  unless (-l "<TARGET />") {
   my $hostname=`hostname -f`;chomp($hostname);    if ($desiredhostname eq '') { 
   $date=`date -I`; chomp($date);        my $hostname=`hostname -f`;chomp($hostname);
   $lonHostID=$perlvar{'lonHostID'};        $desiredhostname = $hostname;
     }
     my $date=`date -I`; chomp($date);
     my $lonHostID=$perlvar{'lonHostID'};
   $lonHostID=~s/[^\w\-.]//g;    $lonHostID=~s/[^\w\-.]//g;
   $lineexistflag=0;    my $lineexistflag=0;
   $hostidexistflag=0;    my $hostidexistflag=0;
   $line2insert=&lt;&lt;END;    my $line2insert=&lt;&lt;END;
 $perlvar{'lonHostID'}:$perlvar{'lonDefDomain'}:$perlvar{'lonRole'}:$hostname  $perlvar{'lonHostID'}:$perlvar{'lonDefDomain'}:$perlvar{'lonRole'}:$desiredhostname:$protocol:$intdom
 END  END
   if (!$domainTabExtras) {    if (!$domainTabExtras) {
  $domainTabExtras=':::::';   $domainTabExtras=':::::';
   }    }
   $domaininsert="$perlvar{'lonDefDomain'}:$domainDescription:$domainTabExtras:$primaryLibServer\n";    my $domaininsert="$perlvar{'lonDefDomain'}:$domainDescription:$domainTabExtras:$primaryLibServer\n";
   if ($lonCluster eq 'standalone') {    if ($lonCluster eq 'standalone') {
     open(OUT,'&gt;../'.$lonCluster.'_hosts.tab') or      open(OUT,'&gt;../'.$lonCluster.'_hosts.tab') or
       die('file generation error');        die('file generation error');
       print(OUT $line2insert);        print(OUT $line2insert);
       print OUT ("^$hostname\n");        print OUT ("^$desiredhostname:$protocol\n");
     close(OUT);      close(OUT);
     open(OUT,'&gt;../'.$lonCluster.'_dns_hosts.tab') or      open(OUT,'&gt;../'.$lonCluster.'_dns_hosts.tab') or
       die('file generation error');        die('file generation error');
Line 964  END Line 2192  END
        close(OUT);         close(OUT);
       `ln -s new_${lonCluster}_hosts.tab ../hosts.tab`;        `ln -s new_${lonCluster}_hosts.tab ../hosts.tab`;
       # email appropriate message        # email appropriate message
       `echo "REPLACE:$lonCluster:$lonHostID:$date:$line2insert" | mail -s "REPLACE:$lonCluster:$lonHostID:$date" installrecord\@mail.lon-capa.org`;        `echo "REPLACE:$lonCluster:$lonHostID:$date:$line2insert" | mail -s "REPLACE:$lonCluster:$lonHostID:$protocol:$intdom:$date" installrecord\@mail.lon-capa.org`;
     }      }
     elsif ($hostidexistflag and $lineexistflag) {      elsif ($hostidexistflag and $lineexistflag) {
       print &lt;&lt;END;        print &lt;&lt;END;
Line 977  END Line 2205  END
        close(OUT);         close(OUT);
       `ln -s new_${lonCluster}_hosts.tab ../hosts.tab`;        `ln -s new_${lonCluster}_hosts.tab ../hosts.tab`;
       # email appropriate message        # email appropriate message
       `echo "STABLEUPDATE:$lonCluster:$lonHostID:$date:$line2insert" | mail -s "STABLEUPDATE:$lonCluster:$lonHostID:$date" installrecord\@mail.lon-capa.org`;        `echo "STABLEUPDATE:$lonCluster:$lonHostID:$date:$line2insert" | mail -s "STABLEUPDATE:$lonCluster:$lonHostID:$protocol:$intdom:$date" installrecord\@mail.lon-capa.org`;
     }      }
     elsif (!$hostidexistflag and !$lineexistflag) {      elsif (!$hostidexistflag and !$lineexistflag) {
       print &lt;&lt;END;        print &lt;&lt;END;
Line 990  END Line 2218  END
        close(OUT);         close(OUT);
       `ln -s new_${lonCluster}_hosts.tab ../hosts.tab`;        `ln -s new_${lonCluster}_hosts.tab ../hosts.tab`;
       # email appropriate message        # email appropriate message
       `echo "INSERT:$lonCluster:$lonHostID:$date:$line2insert" | mail -s "INSERT:$lonCluster:$lonHostID:$date" installrecord\@mail.lon-capa.org`;        `echo "INSERT:$lonCluster:$lonHostID:$date:$line2insert" | mail -s "INSERT:$lonCluster:$lonHostID:$protocol:$intdom:$date" installrecord\@mail.lon-capa.org`;
     }      }
   }    }
   $lineexistflag=0;    $lineexistflag=0;
     my $domainexistflag=0;
   if ($flag==1) {    if ($flag==1) {
     `rm -f ../domain.tab`;      `rm -f ../domain.tab`;
     `rm -f ../dns_domain.tab`;      `rm -f ../dns_domain.tab`;
Line 1023  END Line 2252  END
        close(OUT);         close(OUT);
       `ln -s new_${lonCluster}_domain.tab ../domain.tab`;        `ln -s new_${lonCluster}_domain.tab ../domain.tab`;
       # email appropriate message        # email appropriate message
       `echo "REPLACEdom:$lonCluster:$lonHostID:$date:$domaninsert" | mail -s "REPLACEdom:$lonCluster:$lonHostID:$date" installrecord\@mail.lon-capa.org`;        `echo "REPLACEdom:$lonCluster:$lonHostID:$date:$domaininsert" | mail -s "REPLACEdom:$lonCluster:$lonHostID:$date" installrecord\@mail.lon-capa.org`;
     }      }
     elsif ($domainexistflag and $lineexistflag) {      elsif ($domainexistflag and $lineexistflag) {
       `grep -v "$perlvar{'lonDefDomain'}:" ../${lonCluster}_domain.tab &gt; ../new_${lonCluster}_domain.tab`;        `grep -v "$perlvar{'lonDefDomain'}:" ../${lonCluster}_domain.tab &gt; ../new_${lonCluster}_domain.tab`;

Removed from v.1.58  
changed lines
  Added in v.1.93


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>