doc/install/linux/install.pl - diff

Return to install.pl CVS log

Up to [LON-CAPA] / doc / install / linux

Diff for /doc/install/linux/install.pl between versions 1.45.2.1 and 1.46

version 1.45.2.1, 2019/02/16 16:19:11	version 1.46, 2018/07/11 01:58:41
Line 26	Line 26
use strict;	use strict;
use File::Copy;	use File::Copy;
use Term::ReadKey;	use Term::ReadKey;
	use Sys::Hostname::FQDN();
use DBI;	use DBI;
use Cwd();	use Cwd();
use File::Basename();	use File::Basename();
Line 162 sub get_user_selection {	Line 163 sub get_user_selection {
}	}

sub get_distro {	sub get_distro {
my ($distro,$gotprereqs,$updatecmd,$packagecmd,$installnow,$unknown);	my ($distro,$gotprereqs,$updatecmd,$packagecmd,$installnow);
$packagecmd = '/bin/rpm -q LONCAPA-prerequisites ';	$packagecmd = '/bin/rpm -q LONCAPA-prerequisites ';
if (-e '/etc/redhat-release') {	if (-e '/etc/redhat-release') {
open(IN,'</etc/redhat-release');	open(IN,'</etc/redhat-release');
Line 207 sub get_distro {	Line 208 sub get_distro {
} else {	} else {
print &mt('Unable to interpret [_1] to determine system type.',	print &mt('Unable to interpret [_1] to determine system type.',
'/etc/redhat-release')."\n";	'/etc/redhat-release')."\n";
$unknown = 1;
}	}
} elsif (-e '/etc/SuSE-release') {	} elsif (-e '/etc/SuSE-release') {
open(IN,'</etc/SuSE-release');	open(IN,'</etc/SuSE-release');
Line 234 sub get_distro {	Line 234 sub get_distro {
} else {	} else {
print &mt('Unable to interpret [_1] to determine system type.',	print &mt('Unable to interpret [_1] to determine system type.',
'/etc/SuSE-release')."\n";	'/etc/SuSE-release')."\n";
$unknown = 1;
}	}
} elsif (-e '/etc/issue') {	} elsif (-e '/etc/issue') {
open(IN,'</etc/issue');	open(IN,'</etc/issue');
my $versionstring=<IN>;	my $versionstring=<IN>;
chomp($versionstring);	chomp($versionstring);
close(IN);	close(IN);
	$packagecmd = '/usr/bin/dpkg -l loncapa-prerequisites ';
	$updatecmd = 'apt-get install loncapa-prerequisites';
if ($versionstring =~ /^Ubuntu (\d+)\.\d+/i) {	if ($versionstring =~ /^Ubuntu (\d+)\.\d+/i) {
$distro = 'ubuntu'.$1;	$distro = 'ubuntu'.$1;
$updatecmd = 'sudo apt-get install loncapa-prerequisites';	$updatecmd = 'sudo apt-get install loncapa-prerequisites';
} elsif ($versionstring =~ /^Debian\s+GNU\/Linux\s+(\d+)\.\d+/i) {	} elsif ($versionstring =~ /^Debian\s+GNU\/Linux\s+(\d+)\.\d+/i) {
$distro = 'debian'.$1;	$distro = 'debian'.$1;
$updatecmd = 'apt-get install loncapa-prerequisites';
} elsif (-e '/etc/debian_version') {	} elsif (-e '/etc/debian_version') {
open(IN,'</etc/debian_version');	open(IN,'</etc/debian_version');
my $version=<IN>;	my $version=<IN>;
Line 254 sub get_distro {	Line 254 sub get_distro {
close(IN);	close(IN);
if ($version =~ /^(\d+)\.\d+\.?\d*/) {	if ($version =~ /^(\d+)\.\d+\.?\d*/) {
$distro='debian'.$1;	$distro='debian'.$1;
$updatecmd = 'apt-get install loncapa-prerequisites';
} else {	} else {
print &mt('Unable to interpret [_1] to determine system type.',	print &mt('Unable to interpret [_1] to determine system type.',
'/etc/debian_version')."\n";	'/etc/debian_version')."\n";
$unknown = 1;
}	}
}	} else {
if ($distro ne '') {	print &mt('Unable to interpret [_1] to determine system type.',
$packagecmd = '/usr/bin/dpkg -l loncapa-prerequisites ';	'/etc/issue')."\n";
}	}
} elsif (-e '/etc/debian_version') {	} elsif (-e '/etc/debian_version') {
open(IN,'</etc/debian_version');	open(IN,'</etc/debian_version');
Line 276 sub get_distro {	Line 274 sub get_distro {
} else {	} else {
print &mt('Unable to interpret [_1] to determine system type.',	print &mt('Unable to interpret [_1] to determine system type.',
'/etc/debian_version')."\n";	'/etc/debian_version')."\n";
$unknown = 1;
}
}
if (($distro eq '') && (!$unknown)) {
if (-e '/etc/os-release') {
if (open(IN,'<','/etc/os-release')) {
my ($id,$version);
while(<IN>) {
chomp();
if (/^ID="(\w+)"/) {
$id=$1;
} elsif (/^VERSION_ID="([\d\.]+)"/) {
$version=$1;
}
}
close(IN);
if ($id eq 'sles') {
my ($major,$minor) = split(/\./,$version);
if ($major =~ /^\d+$/) {
$distro = $id.$major;
$updatecmd = 'zypper install LONCAPA-prerequisites';
}
}
}
if ($distro eq '') {
print &mt('Unable to interpret [_1] to determine system type.',
'/etc/os-release')."\n";
$unknown = 1;
}
} else {
print &mt('Unknown installation: expecting a debian, ubuntu, suse, sles, redhat, fedora or scientific linux system.')."\n";
}	}
	} else {
	print &mt('Unknown installation: expecting a debian, ubuntu, suse, sles, redhat, fedora or scientific linux system.')."\n";
}	}
return ($distro,$packagecmd,$updatecmd,$installnow);	return ($distro,$packagecmd,$updatecmd,$installnow);
}	}

	sub get_hostname {
	my $hostname;
	print &mt('Enter the hostname of this server, e.g., loncapa.somewhere.edu'."\n");
	my $choice = <STDIN>;
	chomp($choice);
	$choice =~ s/(^\s+\|\s+$)//g;
	if ($choice eq '') {
	print &mt("Hostname you entered was either blank or contanied only white space.\n");
	} elsif ($choice =~ /^[\w\.\-]+$/) {
	$hostname = $choice;
	} else {
	print &mt("Hostname you entered was invalid -- a hostname may only contain letters, numbers, - and .\n");
	}
	while ($hostname eq '') {
	$hostname = &get_hostname();
	}
	print "\n";
	return $hostname;
	}

sub check_prerequisites {	sub check_prerequisites {
my ($packagecmd,$distro) = @_;	my ($packagecmd,$distro) = @_;
my $gotprereqs;	my $gotprereqs;
Line 349 sub check_locale {	Line 338 sub check_locale {
print &mt('Failed to open: [_1], default locale not checked.',	print &mt('Failed to open: [_1], default locale not checked.',
'/etc/default/locale');	'/etc/default/locale');
}	}
} elsif ($distro =~ /^(suse\|sles)(\d+)/) {	} elsif ($distro =~ /^(suse\|sles)/) {
if (($1 eq 'sles') && ($2 >= 15)) {	if (!open($fh,"</etc/sysconfig/language")) {
if (!open($fh,"</etc/locale.conf")) {	print &mt('Failed to open: [_1], default locale not checked.',
print &mt('Failed to open: [_1], default locale not checked.',	'/etc/sysconfig/language');
'/etc/locale.conf');
}
} else {
if (!open($fh,"</etc/sysconfig/language")) {
print &mt('Failed to open: [_1], default locale not checked.',
'/etc/sysconfig/language');
}
$langvar = 'RC_LANG';
}	}
	$langvar = 'RC_LANG';
} elsif ($distro =~ /^fedora(\d+)/) {	} elsif ($distro =~ /^fedora(\d+)/) {
if ($1 >= 18) {	if ($1 >= 18) {
if (!open($fh,"</etc/locale.conf")) {	if (!open($fh,"</etc/locale.conf")) {
Line 428 sub check_required {	Line 410 sub check_required {
return ($distro,$gotprereqs,$localecmd);	return ($distro,$gotprereqs,$localecmd);
}	}
my ($mysqlon,$mysqlsetup,$mysqlrestart,$dbh,$has_pass,$has_lcdb,%recommended,	my ($mysqlon,$mysqlsetup,$mysqlrestart,$dbh,$has_pass,$has_lcdb,%recommended,
$downloadstatus,$filetouse,$production,$testing,$apachefw,$tostop,$uses_systemctl);	$downloadstatus,$filetouse,$production,$testing,$apachefw,$tostop,
	$uses_systemctl,$hostname);
my $wwwuid = &uid_of_www();	my $wwwuid = &uid_of_www();
my $wwwgid = getgrnam('www');	my $wwwgid = getgrnam('www');
if (($wwwuid eq '') \|\| ($wwwgid eq '')) {	if (($wwwuid eq '') \|\| ($wwwgid eq '')) {
Line 437 sub check_required {	Line 420 sub check_required {
unless( -e "/usr/local/sbin/pwauth") {	unless( -e "/usr/local/sbin/pwauth") {
$recommended{'pwauth'} = 1;	$recommended{'pwauth'} = 1;
}	}
	my $hostname = Sys::Hostname::FQDN::fqdn();
	if ($hostname eq '') {
	$hostname =&get_hostname();
	} else {
	print &mt("Hostname detected: $hostname. Is that correct? ~[Y/n~]");
	if (!&get_user_selection(1)) {
	$hostname =&get_hostname();
	}
	}
	print_and_log(&mt('Hostname is [_1]',$hostname)."\n");
$mysqlon = &check_mysql_running($distro);	$mysqlon = &check_mysql_running($distro);
if ($mysqlon) {	if ($mysqlon) {
my $mysql_has_wwwuser = &check_mysql_wwwuser();	my $mysql_has_wwwuser = &check_mysql_wwwuser();
Line 468 sub check_required {	Line 461 sub check_required {
($recommended{'firewall'},$apachefw) = &chkfirewall($distro);	($recommended{'firewall'},$apachefw) = &chkfirewall($distro);
($recommended{'runlevels'},$tostop,$uses_systemctl) = &chkconfig($distro,$instdir);	($recommended{'runlevels'},$tostop,$uses_systemctl) = &chkconfig($distro,$instdir);
$recommended{'apache'} = &chkapache($distro,$instdir);	$recommended{'apache'} = &chkapache($distro,$instdir);
	$recommended{'apachessl'} = &chkapachessl($distro,$instdir,$hostname);
$recommended{'stopsrvcs'} = &chksrvcs($distro,$tostop);	$recommended{'stopsrvcs'} = &chksrvcs($distro,$tostop);
($recommended{'download'},$downloadstatus,$filetouse,$production,$testing)	($recommended{'download'},$downloadstatus,$filetouse,$production,$testing)
= &need_download();	= &need_download();
return ($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow,	return ($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow,
$mysqlrestart,\%recommended,$dbh,$has_pass,$has_lcdb,$downloadstatus,	$mysqlrestart,\%recommended,$dbh,$has_pass,$has_lcdb,$downloadstatus,
$filetouse,$production,$testing,$apachefw,$uses_systemctl);	$filetouse,$production,$testing,$apachefw,$uses_systemctl,$hostname);
}	}

sub check_mysql_running {	sub check_mysql_running {
Line 512 sub check_mysql_running {	Line 506 sub check_mysql_running {
$proc_owner = 'mysql';	$proc_owner = 'mysql';
$process = 'mysqld';	$process = 'mysqld';
}	}
if ($1 >= 15) {
$mysqldaemon ='mariadb';
}
} elsif ($distro =~ /^suse(\d+)/) {	} elsif ($distro =~ /^suse(\d+)/) {
if ($1 >= 13) {	if ($1 >= 13) {
$use_systemctl = 1;	$use_systemctl = 1;
Line 598 sub chkconfig {	Line 589 sub chkconfig {
$uses_systemctl{'ntp'} = 1;	$uses_systemctl{'ntp'} = 1;
$uses_systemctl{'cups'} = 1;	$uses_systemctl{'cups'} = 1;
$uses_systemctl{'memcached'} = 1;	$uses_systemctl{'memcached'} = 1;
if (($name eq 'sles') && ($num >= 15)) {	$daemon{'ntp'} = 'ntpd';
$daemon{'ntp'} = 'chronyd';
$daemon{'mysql'} = 'mariadb';
} else {
$daemon{'ntp'} = 'ntpd';
}
}	}
}	}
}	}
Line 733 sub chkconfig {	Line 719 sub chkconfig {
} else {	} else {
$major = $version;	$major = $version;
}	}
if (($major > 10) && ($major <= 13)) {	if ($major > 10) {
if (&check_SuSEfirewall2_setup($instdir)) {	if (&check_SuSEfirewall2_setup($instdir)) {
$needfix{'insserv'} = 1;	$needfix{'insserv'} = 1;
}	}
Line 742 sub chkconfig {	Line 728 sub chkconfig {
return (\%needfix,\%tostop,\%uses_systemctl);	return (\%needfix,\%tostop,\%uses_systemctl);
}	}

sub uses_firewalld {
my ($distro) = @_;
my ($inuse, $checkfirewalld);
if ($distro =~ /^(suse\|sles)([\d\.]+)$/) {
if (($1 eq 'sles') && ($2 >= 15)) {
$checkfirewalld = 1;
}
} elsif ($distro =~ /^fedora(\d+)$/) {
if ($1 >= 18) {
$checkfirewalld = 1;
}
} elsif ($distro =~ /^(?:centos\|rhes\|scientific)(\d+)/) {
if ($1 >= 7) {
$checkfirewalld = 1;
}
}
if ($checkfirewalld) {
my ($loaded,$active);
if (open(PIPE,"systemctl status firewalld \|")) {
while (<PIPE>) {
chomp();
if (/^\s*Loaded:\s+(\w+)/) {
$loaded = $1;
}
if (/^\s*Active\s+(\w+)/) {
$active = $1;
}
}
close(PIPE);
}
if (($loaded eq 'loaded') \|\| ($active eq 'active')) {
$inuse = 1;
}
}
return $inuse;
}

sub chkfirewall {	sub chkfirewall {
my ($distro) = @_;	my ($distro) = @_;
my $configfirewall = 1;	my $configfirewall = 1;
Line 788 sub chkfirewall {	Line 737 sub chkfirewall {
);	);
my %activefw;	my %activefw;
if (&firewall_is_active()) {	if (&firewall_is_active()) {
if (&uses_firewalld($distro)) {	my $iptables = &get_pathto_iptables();
my %current;	if ($iptables eq '') {
if (open(PIPE,'firewall-cmd --permanent --zone=public --list-services \|')) {	print &mt('Firewall not checked as path to iptables not determined.')."\n";
my $svc = <PIPE>;
close(PIPE);
chomp($svc);
map { $current{$_} = 1; } (split(/\s+/,$svc));
}
if ($current{'http'} && $current{'https'}) {
$configfirewall = 0;
}
} else {	} else {
my $iptables = &get_pathto_iptables();	my @fwchains = &get_fw_chains($iptables,$distro);
if ($iptables eq '') {	if (@fwchains) {
print &mt('Firewall not checked as path to iptables not determined.')."\n";	foreach my $service ('http','https') {
} else {	foreach my $fwchain (@fwchains) {
my @fwchains = &get_fw_chains($iptables,$distro);	if (&firewall_is_port_open($iptables,$fwchain,$ports{$service})) {
if (@fwchains) {	$activefw{$service} = 1;
foreach my $service ('http','https') {	last;
foreach my $fwchain (@fwchains) {
if (&firewall_is_port_open($iptables,$fwchain,$ports{$service})) {
$activefw{$service} = 1;
last;
}
}	}
}	}
if ($activefw{'http'}) {
$configfirewall = 0;
}
} else {
print &mt('Firewall not checked as iptables Chains not identified.')."\n";
}	}
	if ($activefw{'http'}) {
	$configfirewall = 0;
	}
	} else {
	print &mt('Firewall not checked as iptables Chains not identified.')."\n";
}	}
}	}
} else {	} else {
Line 882 sub chkapache {	Line 818 sub chkapache {
}	}
}	}
}	}
} elsif ($distro =~ /^(suse\|sles)([\d\.]+)$/) {	} elsif ($distro =~ /^(?:suse\|sles)([\d\.]+)$/) {
my ($name,$version) = ($1,$2);
my $apache = 'apache';	my $apache = 'apache';
my $conf_file = "$instdir/sles-suse/default-server.conf";	if ($1 >= 10) {
if ($version >= 10) {
$apache = 'apache2';	$apache = 'apache2';
}	}
if (($name eq 'sles') && ($version >= 12)) {	if (!-e "$instdir/sles-suse/default-server.conf") {
$conf_file = "$instdir/sles-suse/apache2.4/default-server.conf";
}
if (!-e $conf_file) {
$fixapache = 0;	$fixapache = 0;
print &mt('Warning: No LON-CAPA Apache configuration file found for installation check.')."\n";	print &mt('Warning: No LON-CAPA Apache configuration file found for installation check.')."\n";
} elsif (-e "/etc/$apache/default-server.conf") {	} elsif ((-e "/etc/$apache/default-server.conf") && (-e "$instdir/sles-suse/default-server.conf")) {
if (open(PIPE, "diff --brief $conf_file /etc/$apache/default-server.conf \|")) {	if (open(PIPE, "diff --brief $instdir/sles-suse/default-server.conf /etc/$apache/default-server.conf \|")) {
my $diffres = <PIPE>;	my $diffres = <PIPE>;
close(PIPE);	close(PIPE);
chomp($diffres);	chomp($diffres);
Line 951 sub chkapache {	Line 882 sub chkapache {
return $fixapache;	return $fixapache;
}	}

	sub chkapachessl {
	my ($distro,$instdir,$hostname) = @_;
	my $fixapachessl = 1;
	my $stdconf = "$instdir/loncapassl.conf";
	if (!-e $stdconf) {
	$fixapachessl = 0;
	print &mt('Warning: No LON-CAPA SSL Apache configuration file found for installation check.')."\n";
	} else {
	my $sslfile;
	if ($distro =~ /^(debian\|ubuntu)(\d+)$/) {
	$sslfile = '/etc/apache2/sites-available/loncapassl.conf';
	} elsif ($distro =~ /(suse\|sles)/) {
	$sslfile = '/etc/apache2/vhosts.d/loncapassl.conf';
	} else {
	$sslfile = '/etc/httpd/conf.d/loncapassl.conf';
	}
	if ((-e $sslfile) && (-e $stdconf)) {
	if (open(PIPE, "diff -y -bi --suppress-common-lines $stdconf $sslfile \|")) {
	my $diffres = <PIPE>;
	close(PIPE);
	chomp($diffres);
	if ($diffres =~ /^\QServerName internal-{[[[[Hostname]]]]}\E\s+\\|\s+\QServerName internal-\E$hostname$/) {
	$fixapachessl = 0;
	}
	}
	}
	unless ($fixapachessl) {
	if ($distro =~ /^(debian\|ubuntu)(\d+)$/) {
	unless ((-l '/etc/apache2/sites-enabled/loncapassl.conf') &&
	(readlink('/etc/apache2/sites-enabled/loncapassl.conf') eq '/etc/apache2/sites-available/loncapassl.conf')) {
	print_and_log(&mt("Warning, use: 'sudo a2ensite loncapassl.conf' to activate LON-CAPA SSL Apache config\n"));
	}
	}
	}
	}
	return $fixapachessl;
	}

sub chksrvcs {	sub chksrvcs {
my ($distro,$tostop) = @_;	my ($distro,$tostop) = @_;
my %stopsrvcs;	my %stopsrvcs;
Line 1181 sub get_pathto_iptables {	Line 1150 sub get_pathto_iptables {

sub firewall_is_active {	sub firewall_is_active {
if (-e '/proc/net/ip_tables_names') {	if (-e '/proc/net/ip_tables_names') {
if (open(PIPE,'cat /proc/net/ip_tables_names \|grep filter \|')) {	return 1;
my $status = <PIPE>;	} else {
close(PIPE);	return 0;
chomp($status);
if ($status eq 'filter') {
return 1;
}
}
}	}
return 0;
}	}

sub get_fw_chains {	sub get_fw_chains {
Line 1206 sub get_fw_chains {	Line 1169 sub get_fw_chains {
@posschains = ('ufw-user-input','INPUT');	@posschains = ('ufw-user-input','INPUT');
} elsif ($distro =~ /^debian5/) {	} elsif ($distro =~ /^debian5/) {
@posschains = ('INPUT');	@posschains = ('INPUT');
} elsif ($distro =~ /^(suse\|sles)(\d+)/) {
@posschains = ('IN_public');
} else {	} else {
@posschains = ('RH-Firewall-1-INPUT','INPUT');	@posschains = ('RH-Firewall-1-INPUT','INPUT');
if (!-e '/etc/sysconfig/iptables') {	if (!-e '/etc/sysconfig/iptables') {
Line 1350 print "	Line 1311 print "
".&mt('3.')." ".&mt('Set-up the MySQL database.')."	".&mt('3.')." ".&mt('Set-up the MySQL database.')."
".&mt('4.')." ".&mt('Set-up MySQL permissions.')."	".&mt('4.')." ".&mt('Set-up MySQL permissions.')."
".&mt('5.')." ".&mt('Configure Apache web server.')."	".&mt('5.')." ".&mt('Configure Apache web server.')."
".&mt('6.')." ".&mt('Configure start-up of services.')."	".&mt('6.')." ".&mt('Configure SSL for Apache web server.')."
".&mt('7.')." ".&mt('Check firewall settings.')."	".&mt('7.')." ".&mt('Configure start-up of services.')."
".&mt('8.')." ".&mt('Stop services not used by LON-CAPA,')."	".&mt('8.')." ".&mt('Check firewall settings.')."
	".&mt('9.')." ".&mt('Stop services not used by LON-CAPA,')."
".&mt('i.e., services for a print server: [_1] daemon.',"'cups'")."	".&mt('i.e., services for a print server: [_1] daemon.',"'cups'")."
".&mt('9.')." ".&mt('Download LON-CAPA source code in readiness for installation.')."	".&mt('10.')." ".&mt('Download LON-CAPA source code in readiness for installation.')."

".&mt('Typically, you will run this script only once, when you first install LON-CAPA.')."	".&mt('Typically, you will run this script only once, when you first install LON-CAPA.')."

Line 1384 chomp($instdir);	Line 1346 chomp($instdir);

my %callsub;	my %callsub;
my @actions = ('wwwuser','pwauth','mysql','mysqlperms','apache',	my @actions = ('wwwuser','pwauth','mysql','mysqlperms','apache',
'runlevels','firewall','stopsrvcs','download');	'apachessl','runlevels','firewall','stopsrvcs','download');
my %prompts = &texthash(	my %prompts = &texthash(
wwwuser => "Create the 'www' user?",	wwwuser => "Create the 'www' user?",
pwauth => 'Install the package LON-CAPA uses to authenticate users?',	pwauth => 'Install the package LON-CAPA uses to authenticate users?',
mysql => 'Set-up the MySQL database?',	mysql => 'Set-up the MySQL database?',
mysqlperms => 'Set-up MySQL permissions?',	mysqlperms => 'Set-up MySQL permissions?',
apache => 'Configure Apache web server?',	apache => 'Configure Apache web server?',
	apachessl => 'Configure SSL for Apache web server?',
runlevels => 'Set overrides for start-up order of services?',	runlevels => 'Set overrides for start-up order of services?',
firewall => 'Configure firewall settings for Apache',	firewall => 'Configure firewall settings for Apache',
stopsrvcs => 'Stop extra services not required on a LON-CAPA server?',	stopsrvcs => 'Stop extra services not required on a LON-CAPA server?',
download => 'Download LON-CAPA source code in readiness for installation?',	download => 'Download LON-CAPA source code in readiness for installation?',
);	);

print "\n".&mt('Checking system status ...')."\n";	print "\n".&mt('Checking system status ...')."\n\n";

my $dsn = "DBI:mysql:database=mysql";	my $dsn = "DBI:mysql:database=mysql";
my ($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow,$mysqlrestart,	my ($distro,$gotprereqs,$localecmd,$packagecmd,$updatecmd,$installnow,$mysqlrestart,
$recommended,$dbh,$has_pass,$has_lcdb,$downloadstatus,$filetouse,$production,	$recommended,$dbh,$has_pass,$has_lcdb,$downloadstatus,$filetouse,$production,
$testing,$apachefw,$uses_systemctl) = &check_required($instdir,$dsn);	$testing,$apachefw,$uses_systemctl,$hostname) = &check_required($instdir,$dsn);
if ($distro eq '') {	if ($distro eq '') {
print "\n".&mt('Linux distribution could not be verified as a supported distribution.')."\n".	print "\n".&mt('Linux distribution could not be verified as a supported distribution.')."\n".
&mt('The following are supported: [_1].',	&mt('The following are supported: [_1].',
Line 1430 if (!$gotprereqs) {	Line 1393 if (!$gotprereqs) {
&mt('The following command can be used to install the package (and dependencies):')."\n\n".	&mt('The following command can be used to install the package (and dependencies):')."\n\n".
$updatecmd."\n\n";	$updatecmd."\n\n";
if ($installnow eq '') {	if ($installnow eq '') {
print &mt('Stopping execution.')."\n";
exit;	exit;
} else {	} else {
print &mt('Run command? ~[Y/n~]');	print &mt('Run command? ~[Y/n~]');
Line 1570 if ($dbh) {	Line 1532 if ($dbh) {

if ($callsub{'apache'}) {	if ($callsub{'apache'}) {
if ($distro =~ /^(suse\|sles)/) {	if ($distro =~ /^(suse\|sles)/) {
&copy_apache2_suseconf($instdir,$distro);	&copy_apache2_suseconf($instdir,$hostname);
} elsif ($distro =~ /^(debian\|ubuntu)/) {	} elsif ($distro =~ /^(debian\|ubuntu)/) {
&copy_apache2_debconf($instdir,$distro);	&copy_apache2_debconf($instdir,$distro,$hostname);
} else {	} else {
&copy_httpd_conf($instdir,$distro);	&copy_httpd_conf($instdir,$distro,$hostname);
}	}
} else {	} else {
print_and_log(&mt('Skipping configuration of Apache web server.')."\n");	print_and_log(&mt('Skipping configuration of Apache web server.')."\n");
}	}

	if ($callsub{'apachessl'}) {
	if ($distro =~ /^(suse\|sles)/) {
	&copy_apache_sslconf_file($instdir,'/etc/apache2/vhosts.d',$hostname);
	} elsif ($distro =~ /^(debian\|ubuntu)/) {
	my $apache2_sites_available_dir = '/etc/apache2/sites-available';
	if (&copy_apache_sslconf_file($instdir,$apache2_sites_available_dir,$hostname)) {
	my $apache2_sites_enabled_dir = '/etc/apache2/sites-enabled';
	my $made_symlink = eval { symlink("$apache2_sites_available_dir/loncapassl.conf","$apache2_sites_enabled_dir/loncapassl.conf"); 1 };
	if ($made_symlink) {
	print_and_log(&mt('Enabling "[_1]" Apache SSL configuration.','loncapassl.conf')."\n");
	}
	}
	} else {
	&copy_apache_sslconf_file($instdir,'/etc/httpd/conf.d',$hostname);
	}
	print_and_log("\n");
	} else {
	print_and_log(&mt('Skipping configuration of SSL for Apache web server.')."\n");
	}

if ($callsub{'runlevels'}) {	if ($callsub{'runlevels'}) {
my $count = 0;	my $count = 0;
if (ref($recommended) eq 'HASH') {	if (ref($recommended) eq 'HASH') {
Line 1598 if ($callsub{'runlevels'}) {	Line 1580 if ($callsub{'runlevels'}) {
}	}
}	}
}	}
if ($distro =~ /^(suse\|sles)(\d+)/) {	if ($distro =~ /^(suse\|sles)/) {
unless(($1 eq 'sles') && ($2 >= 15)) {	&update_SuSEfirewall2_setup($instdir);
&update_SuSEfirewall2_setup($instdir);
}
}	}
} else {	} else {
&print_and_log(&mt('Skipping setting override for start-up order of services.')."\n");	&print_and_log(&mt('Skipping setting override for start-up order of services.')."\n");
}	}

if ($callsub{'firewall'}) {	if ($callsub{'firewall'}) {
if (&uses_firewalld($distro)) {	if ($distro =~ /^(suse\|sles)/) {
my (%current,%added);
if (open(PIPE,'firewall-cmd --permanent --zone=public --list-services \|')) {
my $svc = <PIPE>;
close(PIPE);
chomp($svc);
map { $current{$_} = 1; } (split(/\s+/,$svc));
}
foreach my $service ('http','https') {
unless ($current{$service}) {
if (open(PIPE,"firewall-cmd --permanent --zone=public --add-service=$service \|")) {
my $result = <PIPE>;
if ($result =~ /^success/) {
$added{$service} = 1;
}
}
}
}
if (keys(%added) > 0) {
print &mt('Firewall configured to allow access for: [_1].',
join(', ',sort(keys(%added))))."\n";
}
if ($current{'http'} \|\| $current{'https'}) {
print &mt('Firewall already configured to allow access for:[_1].',
(($current{'http'})? ' http':'').(($current{'https'})? ' https':''))."\n";
}
unless ($current{'ssh'}) {
print &mt('If you would the like to allow access to ssh from outside, use the command[_1].',
'firewall-cmd --permanent --zone=public --add-service=ssh')."\n";
}
} elsif ($distro =~ /^(suse\|sles)/) {
print &mt('Use [_1] to configure the firewall to allow access for [_2].',	print &mt('Use [_1] to configure the firewall to allow access for [_2].',
'yast -- Security and Users -> Firewall -> Interfaces',	'yast -- Security and Users -> Firewall -> Interfaces',
'ssh, http, https')."\n";	'ssh, http, https')."\n";
} elsif ($distro =~ /^(debian\|ubuntu)(\d+)/) {	} elsif ($distro =~ /^(debian\|ubuntu)(\d+)/) {
if (($1 eq 'ubuntu') \|\| ($2 > 5)) {	if (($1 eq 'ubuntu') \|\| ($2 > 5)) {
print &mt('Use [_1] to configure the firewall to allow access for [_2].',	print &mt('Use [_1] to configure the firewall to allow access for [_2].',
Line 1969 sub setup_mysql_permissions {	Line 1919 sub setup_mysql_permissions {
}	}
if ($usesauth) {	if ($usesauth) {
@mysql_commands = ("INSERT user (Host, User, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www','','','','')",	@mysql_commands = ("INSERT user (Host, User, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www','','','','')",
"ALTER USER 'www'\@'localhost' IDENTIFIED BY 'localhostkey'");	"ALTER USER 'www'\@'localhost' IDENTIFIED WITH mysql_native_password BY 'localhostkey'");
} elsif ($hasauthcol) {	} elsif ($hasauthcol) {
@mysql_commands = ("INSERT user (Host, User, Password, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www',password('localhostkey'),'','','','');");	@mysql_commands = ("INSERT user (Host, User, Password, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www',password('localhostkey'),'','','','');");
} else {	} else {
Line 2056 INSERT db (Host,Db,User,Select_priv,Inse	Line 2006 INSERT db (Host,Db,User,Select_priv,Inse
sub new_mysql_rootpasswd {	sub new_mysql_rootpasswd {
my ($currmysqlpass,$usesauth) = @_;	my ($currmysqlpass,$usesauth) = @_;
if ($usesauth) {	if ($usesauth) {
return ("ALTER USER 'root'\@'localhost' IDENTIFIED BY '$currmysqlpass'",	return ("ALTER USER 'root'\@'localhost' IDENTIFIED WITH mysql_native_password BY '$currmysqlpass'",
"FLUSH PRIVILEGES;");	"FLUSH PRIVILEGES;");
} else {	} else {
return ("SET PASSWORD FOR 'root'\@'localhost'=PASSWORD('$currmysqlpass')",	return ("SET PASSWORD FOR 'root'\@'localhost'=PASSWORD('$currmysqlpass')",
Line 2086 sub get_mysql_version {	Line 2036 sub get_mysql_version {
###########################################################	###########################################################

sub copy_httpd_conf {	sub copy_httpd_conf {
my ($instdir,$distro) = @_;	my ($instdir,$distro,$hostname) = @_;
my $configfile = 'httpd.conf';	my $configfile = 'httpd.conf';
if ($distro =~ /^(?:centos\|rhes\|scientific)(\d+)$/) {	if ($distro =~ /^(?:centos\|rhes\|scientific)(\d+)$/) {
if ($1 >= 7) {	if ($1 >= 7) {
Line 2109 sub copy_httpd_conf {	Line 2059 sub copy_httpd_conf {
print_and_log("\n");	print_and_log("\n");
}	}

	###############################################
	##
	## Copy/Modify loncapassl.conf
	##
	###############################################

	sub copy_apache_sslconf_file {
	my ($instdir,$targetdir,$hostname) = @_;
	my ($success,$error);
	if (-e "$instdir/loncapassl.conf") {
	if (open(my $fh,'<',"$instdir/loncapassl.conf")) {
	if (open(my $out,'>',"$targetdir/loncapassl.conf")) {
	while (<$fh>) {
	if (/^\QServerName internal-\E/) {
	chomp();
	s/^(\QServerName internal-\E)(.*)$/$1$hostname\n/;
	}
	print $out $_;
	}
	$success = 1;
	} else {
	$error = "Could not write to $targetdir/loncapassl.conf";
	}
	} else {
	$error = "Could not read from $instdir/loncapassl.conf";
	}
	} else {
	$error = "File to copy from: $instdir/loncapassl.conf does not exist";
	}
	if ($success) {
	print_and_log(&mt('Successfully copied [_1] to [_2].',"'loncapassl.conf'","'$targetdir/loncapassl.conf'")."\n");
	chmod(0444,"$targetdir/loncapassl.conf");
	} else {
	print_and_log(&mt('Failed to copy [_1] to [_2].',"'loncapassl.conf'","'$targetdir/loncapassl.conf'")."\n");
	if ($error) {
	print_and_log("$error\n");
	}
	}
	return $success;
	}

#########################################################	#########################################################
##	##
## Ubuntu/Debian -- copy our loncapa configuration file to	## Ubuntu/Debian -- copy our loncapa configuration file to
Line 2117 sub copy_httpd_conf {	Line 2108 sub copy_httpd_conf {
#########################################################	#########################################################

sub copy_apache2_debconf {	sub copy_apache2_debconf {
my ($instdir,$distro) = @_;	my ($instdir,$distro,$hostname) = @_;
my $apache2_mods_enabled_dir = '/etc/apache2/mods-enabled';	my $apache2_mods_enabled_dir = '/etc/apache2/mods-enabled';
my $apache2_mods_available_dir = '/etc/apache2/mods-available';	my $apache2_mods_available_dir = '/etc/apache2/mods-available';
foreach my $module ('headers.load','expires.load') {	foreach my $module ('headers.load','expires.load') {
Line 2179 sub copy_apache2_debconf {	Line 2170 sub copy_apache2_debconf {
###########################################################	###########################################################

sub copy_apache2_suseconf {	sub copy_apache2_suseconf {
my ($instdir,$distro) = @_;	my ($instdir,$hostname) = @_;
my ($name,$version) = ($distro =~ /^(suse\|sles)([\d\.]+)$/);
my $conf_file = "$instdir/sles-suse/default-server.conf";
if (($name eq 'sles') && ($version >= 12)) {
$conf_file = "$instdir/sles-suse/apache2.4/default-server.conf";
}
print_and_log(&mt('Copying the LON-CAPA [_1] to [_2].',	print_and_log(&mt('Copying the LON-CAPA [_1] to [_2].',
"'default-server.conf'",	"'default-server.conf'",
"'/etc/apache2/default-server.conf'")."\n");	"'/etc/apache2/default-server.conf'")."\n");
if (!-e "/etc/apache2/default-server.conf.original") {	if (!-e "/etc/apache2/default-server.conf.original") {
copy "/etc/apache2/default-server.conf","/etc/apache2/default-server.conf.original";	copy "/etc/apache2/default-server.conf","/etc/apache2/default-server.conf.original";
}	}
copy $conf_file,"/etc/apache2/default-server.conf";	copy "$instdir/sles-suse/default-server.conf","/etc/apache2/default-server.conf";
chmod(0444,"/etc/apache2/default-server.conf");	chmod(0444,"/etc/apache2/default-server.conf");
# Make symlink for conf directory (included in loncapa_apache.conf)	# Make symlink for conf directory (included in loncapa_apache.conf)
my $can_symlink = (eval { symlink('/etc/apache2','/srv/www/conf'); }, $@ eq '');	my $can_symlink = (eval { symlink('/etc/apache2','/srv/www/conf'); }, $@ eq '');
Line 2202 sub copy_apache2_suseconf {	Line 2188 sub copy_apache2_suseconf {
&print_and_log(&mt('Symlink creation failed for [_1] to [_2]. You will need to perform this action from the command line.',"'/srv/www/conf'","'/etc/apache2'")."\n");	&print_and_log(&mt('Symlink creation failed for [_1] to [_2]. You will need to perform this action from the command line.',"'/srv/www/conf'","'/etc/apache2'")."\n");
}	}
&copy_apache2_conf_files($instdir);	&copy_apache2_conf_files($instdir);
&copy_sysconfig_apache2_file($instdir,$name,$version);	&copy_sysconfig_apache2_file($instdir);
print_and_log("\n");	print_and_log("\n");
}	}

Line 2228 sub copy_apache2_conf_files {	Line 2214 sub copy_apache2_conf_files {
##	##
###############################################	###############################################
sub copy_sysconfig_apache2_file {	sub copy_sysconfig_apache2_file {
my ($instdir,$name,$version) = @_;	my ($instdir) = @_;
print_and_log(&mt('Copying the LON-CAPA [_1] to [_2].',"'sysconfig/apache2'","'/etc/sysconfig/apache2'")."\n");	print_and_log(&mt('Copying the LON-CAPA [_1] to [_2].',"'sysconfig/apache2'","'/etc/sysconfig/apache2'")."\n");
if (!-e "/etc/sysconfig/apache2.original") {	if (!-e "/etc/sysconfig/apache2.original") {
copy "/etc/sysconfig/apache2","/etc/sysconfig/apache2.original";	copy "/etc/sysconfig/apache2","/etc/sysconfig/apache2.original";
}	}
my $sysconf_file = "$instdir/sles-suse/sysconfig_apache2";	copy "$instdir/sles-suse/sysconfig_apache2","/etc/sysconfig/apache2";
if (($name eq 'sles') && ($version >= 12)) {
$sysconf_file = "$instdir/sles-suse/apache2.4/sysconfig_apache2";
}
copy $sysconf_file,"/etc/sysconfig/apache2";
chmod(0444,"/etc/sysconfig/apache2");	chmod(0444,"/etc/sysconfig/apache2");
}	}

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.45.2.1
changed lines
	Added in v.1.46