version 1.38, 2005/05/21 15:35:07
|
version 1.98, 2024/07/06 16:00:22
|
Line 33 http://www.lon-capa.org/
|
Line 33 http://www.lon-capa.org/
|
<target dist='default'>/</target> |
<target dist='default'>/</target> |
<perlscript mode='fg'> |
<perlscript mode='fg'> |
$|=1; |
$|=1; |
|
use strict; |
|
use lib '/home/httpd/lib/perl/'; |
|
use LONCAPA::Configuration; |
|
use LONCAPA::Lond; |
|
use LONCAPA::SSL; |
|
use LONCAPA; |
|
use GDBM_File; |
|
use Storable qw(thaw); |
|
use Term::ReadKey; |
|
use Locale::Country; |
|
|
|
sub get_new_sslkeypass { |
|
my $sslkeypass; |
|
my $flag=0; |
|
# get Password for SSL key |
|
while (!$flag) { |
|
$sslkeypass = &make_passphrase(); |
|
if ($sslkeypass) { |
|
$flag = 1; |
|
} else { |
|
print "Invalid input (a password is required for the SSL key).\n"; |
|
} |
|
} |
|
return $sslkeypass; |
|
} |
|
|
|
sub get_static_config { |
|
# get LCperlvars from loncapa_apache.conf |
|
my $confdir = '/etc/httpd/conf/'; |
|
if ('<DIST />' eq 'sles10' || '<DIST />' eq 'sles11' || '<DIST />' eq 'sles12' || '<DIST />' eq 'sles15' || '<DIST />' eq 'suse10.1' || '<DIST />' eq 'suse10.2' || '<DIST />' eq 'suse10.3' || '<DIST />' eq 'suse11.1' || '<DIST />' eq 'suse11.2' || '<DIST />' eq 'suse11.3' || '<DIST />' eq 'suse11.4' || '<DIST />' eq 'suse12.1' || '<DIST />' eq 'suse12.2' || '<DIST />' eq 'suse12.3' || '<DIST />' eq 'suse13.1' || '<DIST />' eq 'suse13.2' || '<DIST />' eq 'debian5' || '<DIST />' eq 'debian6' || '<DIST />' eq 'ubuntu6' || '<DIST />' eq 'ubuntu8' || '<DIST />' eq 'ubuntu10' || '<DIST />' eq 'ubuntu12' || '<DIST />' eq 'ubuntu14' || '<DIST />' eq 'ubuntu16' || '<DIST />' eq 'ubuntu18' || '<DIST />' eq 'ubuntu20' || '<DIST />' eq 'ubuntu22' || '<DIST />' eq 'ubuntu24' || '<DIST />' eq 'debian10' || '<DIST />' eq 'debian11' || '<DIST />' eq 'debian12') { |
|
$confdir = '/etc/apache2/'; |
|
} |
|
my $filename='loncapa_apache.conf'; |
|
my %LCperlvar; |
|
if (-e "$confdir$filename") { |
|
open(CONFIG,'<'.$confdir.$filename) or die("Can't read $confdir$filename"); |
|
while (my $configline=<CONFIG>) { |
|
if ($configline =~ /^[^\#]?PerlSetVar/) { |
|
my ($unused,$varname,$varvalue)=split(/\s+/,$configline); |
|
chomp($varvalue); |
|
$LCperlvar{$varname}=$varvalue; |
|
} |
|
} |
|
close(CONFIG); |
|
} |
|
return \%LCperlvar; |
|
} |
|
|
|
sub get_domain_config { |
|
my ($dom,$primaryserver,$isprimary,$url,$perlvarref) = @_; |
|
my %confhash; |
|
if ($isprimary) { |
|
if (ref($perlvarref) eq 'HASH') { |
|
my $lonusersdir = $perlvarref->{'lonUsersDir'}; |
|
my $fname = $lonusersdir.'/'.$dom.'/configuration.db'; |
|
if (-e $fname) { |
|
my $dbref=&LONCAPA::locking_hash_tie($fname,&GDBM_READER()); |
|
if (ref($dbref) eq 'HASH') { |
|
foreach my $key (sort(keys(%{$dbref}))) { |
|
my $value = $dbref->{$key}; |
|
if ($value =~ s/^__FROZEN__//) { |
|
$value = thaw(&LONCAPA::unescape($value)); |
|
} else { |
|
$value = &LONCAPA::unescape($value); |
|
} |
|
$confhash{$key} = $value; |
|
} |
|
&LONCAPA::locking_hash_untie($dbref); |
|
} |
|
} |
|
} |
|
} else { |
|
if (open(PIPE,"wget --no-check-certificate '$url?primary=$primaryserver&format=raw' |")) { |
|
my $config = ''; |
|
while (<PIPE>) { |
|
$config .= $_; |
|
} |
|
close(PIPE); |
|
if ($config) { |
|
my @pairs=split(/\&/,$config); |
|
foreach my $item (@pairs) { |
|
my ($key,$value)=split(/=/,$item,2); |
|
my $what = &LONCAPA::unescape($key); |
|
if ($value =~ s/^__FROZEN__//) { |
|
$value = thaw(&LONCAPA::unescape($value)); |
|
} else { |
|
$value = &LONCAPA::unescape($value); |
|
} |
|
$confhash{$what}=$value; |
|
} |
|
} |
|
} |
|
} |
|
return (\%confhash); |
|
} |
|
|
|
sub make_passphrase { |
|
my ($got_passwd,$firstpass,$secondpass,$passwd); |
|
my $maxtries = 10; |
|
my $trial = 0; |
|
while ((!$got_passwd) && ($trial < $maxtries)) { |
|
$firstpass = &get_password('Enter a password for the SSL key (at least 6 characters long)'); |
|
if (length($firstpass) < 6) { |
|
print('Password too short.'."\n". |
|
'Please choose a password with at least six characters.'."\n". |
|
'Please try again.'."\n"); |
|
} elsif (length($firstpass) > 30) { |
|
print('Password too long.'."\n". |
|
'Please choose a password with no more than thirty characters.'."\n". |
|
'Please try again.'."\n"); |
|
} else { |
|
my $pbad=0; |
|
foreach (split(//,$firstpass)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} |
|
if ($pbad) { |
|
print('Password contains invalid characters.'."\n". |
|
'Password must consist of standard ASCII characters.'."\n". |
|
'Please try again.'."\n"); |
|
} else { |
|
$secondpass = &get_password('Enter password a second time'); |
|
if ($firstpass eq $secondpass) { |
|
$got_passwd = 1; |
|
$passwd = $firstpass; |
|
} else { |
|
print('Passwords did not match.'."\n". |
|
'Please try again.'."\n"); |
|
} |
|
} |
|
} |
|
$trial ++; |
|
} |
|
return $passwd; |
|
} |
|
|
|
sub get_password { |
|
my ($prompt) = @_; |
|
local $| = 1; |
|
print $prompt.': '; |
|
my $newpasswd = ''; |
|
ReadMode 'raw'; |
|
my $key; |
|
while(ord($key = ReadKey(0)) != 10) { |
|
if(ord($key) == 127 || ord($key) == 8) { |
|
chop($newpasswd); |
|
print "\b \b"; |
|
} elsif(!ord($key) < 32) { |
|
$newpasswd .= $key; |
|
print '*'; |
|
} |
|
} |
|
ReadMode 'normal'; |
|
print "\n"; |
|
return $newpasswd; |
|
} |
|
|
|
sub send_mail { |
|
my ($hostname,$recipient,$subj,$file) = @_; |
|
my $from = 'www@'.$hostname; |
|
my $certmail = "To: $recipient\n". |
|
"From: $from\n". |
|
"Subject: ".$subj."\n". |
|
"Content-type: text/plain\; charset=UTF-8\n". |
|
"MIME-Version: 1.0\n\n"; |
|
if (open(my $fh,"<$file")) { |
|
while (<$fh>) { |
|
$certmail .= $_; |
|
} |
|
close($fh); |
|
$certmail .= "\n\n"; |
|
if (open(my $mailh, "|/usr/lib/sendmail -oi -t -odb")) { |
|
print $mailh $certmail; |
|
close($mailh); |
|
print "Mail sent ($subj) to $recipient\n"; |
|
} else { |
|
print "Sending mail ($subj) to $recipient failed.\n"; |
|
} |
|
} |
|
return; |
|
} |
|
|
|
sub mail_csr { |
|
my ($types,$lonCluster,$lonHostID,$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarref) = @_; |
|
my ($camail,$flag); |
|
if ($lonCluster eq 'production' || $lonCluster eq 'development') { |
|
$camail = $perlvarref->{'SSLEmail'}; |
|
} else { |
|
$flag=0; |
|
# get Certificate Authority E-mail |
|
while (!$flag) { |
|
print(<<END); |
|
|
|
ENTER EMAIL ADDRESS TO SEND CERTIFICATE SIGNING REQUESTS |
|
END |
|
|
|
my $choice=<>; |
|
chomp($choice); |
|
if ($choice ne '') { |
|
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
|
print(OUT 'Certificate Authority Email Address'."\t".$choice."\n"); |
|
close(OUT); |
|
$camail=$choice; |
|
$flag=1; |
|
} else { |
|
print "Invalid input (an email address is required).\n"; |
|
} |
|
} |
|
} |
|
if ($camail) { |
|
my $subj; |
|
if (($types eq 'both') || ($types = 'host')) { |
|
if (-e "$certsdir/$connectcsr") { |
|
$subj = "Certificate Request ($lonHostID)"; |
|
print(&send_mail($desiredhostname,$camail,$subj,"$certsdir/$connectcsr")); |
|
} |
|
} |
|
if (($types eq 'both') || ($types = 'hostname')) { |
|
if (-e "$certsdir/$replicatecsr") { |
|
$subj = "Certificate Request (internal-$desiredhostname)"; |
|
print(&send_mail($desiredhostname,$camail,$subj,"$certsdir/$replicatecsr")); |
|
} |
|
} |
|
} |
|
} |
|
|
|
sub ssl_info { |
|
print(<<END); |
|
|
|
****** Information about Country, State or Province and City ***** |
|
|
|
A two-letter country code, e.g., US, CA, DE etc. as defined by ISO 3166, |
|
is required. A state or province, and a city are also required. |
|
This locality information is included in two SSL certificates used internally |
|
by LON-CAPA, unless you are running standalone. |
|
|
|
If your server will be part of either the production or development |
|
clusters, then the certificate will need to be signed by the official |
|
LON-CAPA Certificate Authority (CA). If you will be running your own |
|
cluster then the cluster will need to create its own CA. |
|
|
|
END |
|
} |
|
|
|
sub get_country { |
|
my ($desiredhostname) = @_; |
|
# get Country |
|
my ($posscountry,$country); |
|
if ($desiredhostname =~ /\.(edu|com|org)$/) { |
|
$posscountry = 'us'; |
|
} else { |
|
($posscountry) = ($desiredhostname =~ /\.(a-z){2}$/); |
|
} |
|
if ($posscountry) { |
|
my $countrydesc = &Locale::Country::code2country($posscountry); |
|
if ($countrydesc eq '') { |
|
undef($posscountry); |
|
} |
|
} |
|
|
|
my $flag=0; |
|
while (!$flag) { |
|
if ($posscountry) { |
|
$posscountry = uc($posscountry); |
|
print "ENTER TWO-LETTER COUNTRY CODE [$posscountry]:\n"; |
|
} else { |
|
print "ENTER TWO-LETTER COUNTRY CODE:\n"; |
|
} |
|
my $choice=<>; |
|
chomp($choice); |
|
if ($choice ne '') { |
|
if (&Locale::Country::code2country(lc($choice))) { |
|
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
|
print(OUT 'country'."\t".uc($choice)."\n"); |
|
close(OUT); |
|
$country=uc($choice); |
|
$flag=1; |
|
} else { |
|
print "Invalid input -- a valid two letter country code is required\n"; |
|
} |
|
} elsif (($choice eq '') && ($posscountry ne '')) { |
|
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
|
print(OUT 'country'."\t".$posscountry."\n"); |
|
close(OUT); |
|
$country = $posscountry; |
|
$flag = 1; |
|
} else { |
|
print "Invalid input -- a country code is required\n"; |
|
} |
|
} |
|
return $country; |
|
} |
|
|
|
sub get_state { |
|
# get State or Province |
|
my $flag=0; |
|
my $state = ''; |
|
while (!$flag) { |
|
print(<<END); |
|
|
|
ENTER STATE OR PROVINCE NAME: |
|
END |
|
|
|
my $choice=<>; |
|
chomp($choice); |
|
if ($choice ne '') { |
|
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
|
print(OUT 'state'."\t".$choice."\n"); |
|
close(OUT); |
|
$state=$choice; |
|
$flag=1; |
|
} else { |
|
print "Invalid input (a state or province name is required).\n"; |
|
} |
|
} |
|
return $state; |
|
} |
|
|
|
sub get_city { |
|
# get City |
|
my $flag=0; |
|
my $city = ''; |
|
while (!$flag) { |
|
print(<<END); |
|
|
|
ENTER CITY NAME: |
|
END |
|
|
|
my $choice=<>; |
|
chomp($choice); |
|
if ($choice ne '') { |
|
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
|
print(OUT 'city'."\t".$choice."\n"); |
|
close(OUT); |
|
$city=$choice; |
|
$flag=1; |
|
} else { |
|
print "Invalid input (a city is required).\n"; |
|
} |
|
} |
|
return $city; |
|
} |
|
|
|
sub confirm_locality { |
|
my ($domainDescription,$country,$state,$city) = @_; |
|
my $flag = 0; |
|
while (!$flag) { |
|
print(<<END); |
|
|
|
The domain description, country, state and city will be |
|
used in the SSL certificates |
|
|
|
1) Domain Description: $domainDescription |
|
2) Country: $country |
|
3) State or Province: $state |
|
4) City: $city |
|
5) Everything is correct up above |
|
|
|
ENTER A CHOICE OF 1-4 TO CHANGE, otherwise ENTER 5: |
|
END |
|
my $choice=<>; |
|
chomp($choice); |
|
if ($choice == 1) { |
|
print(<<END); |
|
1) Domain Description: $domainDescription |
|
ENTER NEW VALUE |
|
END |
|
my $choice2=<>; |
|
chomp($choice2); |
|
$domainDescription=$choice2; |
|
} elsif ($choice == 2) { |
|
print(<<END); |
|
2) Country: $country |
|
ENTER NEW VALUE (this should be a two-character code, e,g, US, CA, DE) |
|
END |
|
my $choice2=<>; |
|
chomp($choice2); |
|
$country = uc($choice2); |
|
} elsif ($choice == 3) { |
|
print(<<END); |
|
3) State or Province: $state |
|
ENTER NEW VALUE: |
|
END |
|
my $choice2=<>; |
|
chomp($choice2); |
|
$state=$choice2; |
|
} elsif ($choice == 4) { |
|
print(<<END); |
|
4) City: $city |
|
ENTER NEW VALUE: |
|
END |
|
my $choice2=<>; |
|
chomp($choice2); |
|
$city=$choice2; |
|
} elsif ($choice == 5) { |
|
$flag=1; |
|
$state =~ s{/}{ }g; |
|
$city =~ s{/}{ }g; |
|
$domainDescription =~ s{/}{ }g; |
|
} else { |
|
print "Invalid input.\n"; |
|
} |
|
} |
|
return ($domainDescription,$country,$state,$city); |
|
} |
|
|
|
sub make_key { |
|
my ($certsdir,$privkey,$sslkeypass) = @_; |
|
# generate SSL key |
|
if ($certsdir && $privkey) { |
|
if (-f "$certsdir/lonKey.enc") { |
|
my $mode = 0600; |
|
chmod $mode, "$certsdir/lonKey.enc"; |
|
} |
|
open(PIPE,"openssl genrsa -des3 -passout pass:$sslkeypass -out $certsdir/lonKey.enc 2048 2>&1 |"); |
|
close(PIPE); |
|
if (-f "$certsdir/$privkey") { |
|
my $mode = 0600; |
|
chmod $mode, "$certsdir/$privkey"; |
|
} |
|
open(PIPE,"openssl rsa -in $certsdir/lonKey.enc -passin pass:$sslkeypass -out $certsdir/$privkey -outform PEM |"); |
|
close(PIPE); |
|
if (-f "$certsdir/lonKey.enc") { |
|
my $mode = 0400; |
|
chmod $mode, "$certsdir/lonKey.enc"; |
|
} |
|
if (-f "$certsdir/$privkey") { |
|
my $mode = 0400; |
|
chmod $mode, "$certsdir/$privkey"; |
|
} |
|
} else { |
|
print "Key creation failed. Missing one or more of: certificates directory, key name\n"; |
|
} |
|
} |
|
|
|
sub encrypt_key { |
|
my ($certsdir,$privkey,$sslkeypass) = @_; |
|
if ($certsdir && $privkey) { |
|
if ((-f "$certsdir/$privkey") && (!-f "$certsdir/lonKey.enc")) { |
|
open(PIPE,"openssl rsa -des3 -in $certsdir/$privkey -out $certsdir/lonKey.enc |"); |
|
} |
|
} |
|
return; |
|
} |
|
|
|
sub make_host_csr { |
|
my ($certsdir,$sslkeypass,$connectcsr,$connectsubj) = @_; |
|
# generate SSL csr for hostID |
|
if ($certsdir && $connectcsr && $connectsubj) { |
|
open(PIPE,"openssl req -key $certsdir/lonKey.enc -passin pass:$sslkeypass -new -batch -subj \"$connectsubj\" -out $certsdir/$connectcsr |"); |
|
close(PIPE); |
|
} else { |
|
print "Creation of certificate signing request failed. Missing one or more of: certificates directory, CSR name, or locality information.\n"; |
|
} |
|
} |
|
|
|
sub make_hostname_csr { |
|
my ($certsdir,$sslkeypass,$replicatecsr,$replicatesubj) = @_; |
|
# generate SSL csr for internal hostname |
|
if ($certsdir && $replicatecsr && $replicatesubj) { |
|
open(PIPE,"openssl req -key $certsdir/lonKey.enc -passin pass:$sslkeypass -new -batch -subj \"$replicatesubj\" -out $certsdir/$replicatecsr |"); |
|
close(PIPE); |
|
} else { |
|
print "Creation of certificate signing request failed. Missing one or more of: certificates directory, CSR name, or locality information.\n"; |
|
} |
|
} |
|
|
|
sub securesetting { |
|
my (%perlvar) = @_; |
|
my ($securestatus,$securenum); |
|
if (($perlvar{'loncAllowInsecure'}) && ($perlvar{'londAllowInsecure'})) { |
|
$securenum = 4; |
|
$securestatus = 'Allow insecure connections - inbound and outbound'; |
|
} elsif (($perlvar{'loncAllowInsecure'}) && (!$perlvar{'londAllowInsecure'})) { |
|
$securenum = 3; |
|
$securestatus = 'Outbound: allow insecure connections; Inbound: secure only'; |
|
} elsif ((!$perlvar{'loncAllowInsecure'}) && ($perlvar{'londAllowInsecure'})) { |
|
$securenum = 2; |
|
$securestatus = 'Outbound: secure connections only; Inbound: allow insecure'; |
|
} elsif ((!$perlvar{'loncAllowInsecure'}) && (!$perlvar{'londAllowInsecure'})) { |
|
$securenum = 1; |
|
$securestatus = 'Secure connections only - inbound and outbound '; |
|
} |
|
return ($securestatus,$securenum); |
|
} |
|
|
|
sub get_sslnames { |
|
my %sslnames = ( |
|
key => 'lonnetPrivateKey', |
|
host => 'lonnetCertificate', |
|
hostname => 'lonnetHostnameCertificate', |
|
ca => 'lonnetCertificateAuthority', |
|
); |
|
return %sslnames; |
|
} |
|
|
|
sub get_ssldesc { |
|
my %ssldesc = ( |
|
key => 'Private Key', |
|
host => 'Connections Certificate', |
|
hostname => 'Replication Certificate', |
|
ca => 'LON-CAPA CA Certificate', |
|
); |
|
return %ssldesc; |
|
} |
|
|
|
sub get_cert_status { |
|
my ($lonHostID,$hostname,$perlvarstatic) = @_; |
|
my $currcerts = &LONCAPA::SSL::print_certstatus({$lonHostID => $hostname,},'text','install'); |
|
my ($lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,%sslstatus); |
|
my $output = ''; |
|
if ($currcerts eq "$lonHostID:error") { |
|
$output .= "No information available for SSL certificates\n"; |
|
$sslstatus{'key'} = -1; |
|
$sslstatus{'host'} = -1; |
|
$sslstatus{'hostname'} = -1; |
|
$sslstatus{'ca'} = -1; |
|
$lonkeystatus = 'unknown status'; |
|
$lonhostcertstatus = 'unknown status'; |
|
$lonhostnamecertstatus = 'unknown status'; |
|
} else { |
|
my %sslnames = &get_sslnames(); |
|
my %ssldesc = &get_ssldesc(); |
|
my %csr; |
|
my ($lonhost,$info) = split(/\:/,$currcerts,2); |
|
if ($lonhost eq $lonHostID) { |
|
my @items = split(/\&/,$info); |
|
foreach my $item (@items) { |
|
my ($key,$value) = split(/=/,$item,2); |
|
if ($key =~ /^(host(?:|name))\-csr$/) { |
|
$csr{$1} = $value; |
|
} |
|
my @data = split(/,/,$value); |
|
if (grep(/^\Q$key\E$/,keys(%sslnames))) { |
|
my ($checkcsr,$comparecsr); |
|
if (lc($data[0]) eq 'yes') { |
|
$output .= "$ssldesc{$key} ".$perlvarstatic->{$sslnames{$key}}." available with status = $data[1]\n"; |
|
if ($key eq 'key') { |
|
$lonkeystatus = "status: $data[1]"; |
|
if ($data[1] =~ /ok$/) { |
|
$sslstatus{$key} = 1; |
|
} |
|
} else { |
|
my $setstatus; |
|
if (($key eq 'host') || ($key eq 'hostname')) { |
|
if ($data[1] eq 'otherkey') { |
|
$sslstatus{$key} = 4; |
|
$setstatus = 1; |
|
if ($key eq 'host') { |
|
$lonhostcertstatus = "status: created with different key"; |
|
} elsif ($key eq 'hostname') { |
|
$lonhostnamecertstatus = "status: created with different key"; |
|
} |
|
} elsif ($data[1] eq 'nokey') { |
|
$sslstatus{$key} = 5; |
|
$setstatus = 1; |
|
if ($key eq 'host') { |
|
$lonhostcertstatus = "status: created with missing key"; |
|
} elsif ($key eq 'hostname') { |
|
$lonhostnamecertstatus = "status: created with missing key"; |
|
} |
|
} |
|
if ($setstatus) { |
|
$comparecsr = 1; |
|
} |
|
} |
|
unless ($setstatus) { |
|
if ($data[1] eq 'expired') { |
|
$sslstatus{$key} = 2; |
|
} elsif ($data[1] eq 'future') { |
|
$sslstatus{$key} = 3; |
|
} else { |
|
$sslstatus{$key} = 1; |
|
} |
|
if ($key eq 'host') { |
|
$lonhostcertstatus = "status: $data[1]"; |
|
} elsif ($key eq 'hostname') { |
|
$lonhostnamecertstatus = "status: $data[1]"; |
|
} |
|
} |
|
} |
|
} else { |
|
$sslstatus{$key} = 0; |
|
$output .= "$ssldesc{$key} ".$perlvarstatic->{$sslnames{$key}}." not available\n"; |
|
if ($key eq 'key') { |
|
$lonkeystatus = 'still needed'; |
|
} elsif (($key eq 'host') || ($key eq 'hostname')) { |
|
$checkcsr = 1; |
|
} |
|
} |
|
if (($checkcsr) || ($comparecsr)) { |
|
my $csrfile = $perlvarstatic->{$sslnames{$key}}; |
|
$csrfile =~s /\.pem$/.csr/; |
|
my $csrstatus; |
|
if (-e $perlvarstatic->{'lonCertificateDirectory'}."/$csrfile") { |
|
open(PIPE,"openssl req -text -noout -verify -in ".$perlvarstatic->{'lonCertificateDirectory'}."/$csrfile 2>&1 |"); |
|
while(<PIPE>) { |
|
chomp(); |
|
$csrstatus = $_; |
|
last; |
|
} |
|
close(PIPE); |
|
if ((($comparecsr) && ($csr{$key})) || ($checkcsr)) { |
|
$output .= "Certificate signing request for $ssldesc{$key} available with status = $csrstatus\n\n"; |
|
if ($key eq 'host') { |
|
$lonhostcertstatus = 'awaiting signature'; |
|
} else { |
|
$lonhostnamecertstatus = 'awaiting signature'; |
|
} |
|
$sslstatus{$key} = 3; |
|
} |
|
} elsif ($checkcsr) { |
|
$output .= "No certificate signing request available for $ssldesc{$key}\n\n"; |
|
if ($key eq 'host') { |
|
$lonhostcertstatus = 'still needed'; |
|
} else { |
|
$lonhostnamecertstatus = 'still needed'; |
|
} |
|
} |
|
} |
|
} |
|
} |
|
} |
|
} |
|
return ($output,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,\%sslstatus); |
|
} |
|
|
print(<<END); |
print(<<END); |
|
|
|
|
Line 47 $|=1;
|
Line 671 $|=1;
|
********************************************* |
********************************************* |
|
|
END |
END |
sleep(3); |
#sleep(3); |
|
|
</perlscript> |
</perlscript> |
</file> |
</file> |
<file> |
<file> |
<target dist='default'>loncom/hosts.tab</target> |
<target dist='default'>../../loncom/hosts.tab</target> |
<perlscript mode='fg'> |
<perlscript mode='fg'> |
unless (-l "<TARGET />") { |
my $lonCluster; |
print(<<END); |
my $currCluster; |
|
|
|
if (-l "<TARGET />") { |
|
my $currlink = readlink("<TARGET />"); |
|
if ($currlink =~ /^new_(existing|standalone|development|production)_hosts\.tab$/) { |
|
$currCluster = $1; |
|
} |
|
my %clustertypes = ( |
|
production => 'PRODUCTION', |
|
standalone => 'STAND-ALONE', |
|
development => 'DEVELOPMENT', |
|
existing => 'RUNNING YOUR OWN CLUSTER', |
|
); |
|
if (($currCluster) && (exists($clustertypes{$currCluster}))) { |
|
print(<<END); |
|
|
|
The cluster type for this server is currently: $clustertypes{$currCluster} |
|
END |
|
|
|
} |
|
} |
|
|
|
print(<<END); |
|
|
=============================================================================== |
=============================================================================== |
|
|
Which cluster option would you like to have installed? |
Which cluster option would you like to have installed? |
IMPORTANT: to take advantage of the cluster options 1) and 3), |
IMPORTANT: to take advantage of the cluster options 1) and 3), |
you must contact lon-capa\@lon-capa.org. |
you must contact loncapa\@loncapa.org. |
|
|
1) PRODUCTION - you want to eventually connect this machine to the |
1) PRODUCTION - you want to eventually connect this machine to the |
LON-CAPA content sharing network. This setting is for |
LON-CAPA content sharing network. This setting is for |
schools, colleges, and universities, that currently |
schools, colleges, and universities, that currently |
are running - or in the future will run - courses |
are running - or in the future will run - courses. |
2) STAND-ALONE - you want this machine to run in 'stand-alone' mode and |
2) STAND-ALONE - you want this machine to run in 'stand-alone' mode and |
not be connected to other LON-CAPA machines for now |
not be connected to other LON-CAPA machines for now. |
3) DEVELOPMENT - you want to do software (not content!) development with |
3) DEVELOPMENT - you want to do software (not content!) development with |
this workstation and eventually link it with the |
this workstation and eventually link it with the |
workstations of other LON-CAPA software developers. |
workstations of other LON-CAPA software developers. |
4) PRESERVE the existing hosts.tab and domain.tab |
4) RUNNING YOUR OWN CLUSTER - this machine is not in the standard LON-CAPA |
(/home/httpd/lonTabs/hosts.tab and |
clusters and won't be in the future and you want the existing |
/home/httpd/lonTabs/domain.tab) |
hosts.tab and domain.tab files to be left alone. |
|
(This choice is unlikely what you want to select.) |
END |
END |
# Option number 26 will install rawhide_hosts.tab, but |
# Option number 26 will install rawhide_hosts.tab, but |
# the typical user does not want to be part of an intensive |
# the typical user does not want to be part of an intensive |
Line 81 END
|
Line 729 END
|
|
|
# get input |
# get input |
# if valid then process, otherwise loop |
# if valid then process, otherwise loop |
$flag=0; |
my $flag=0; |
while (!$flag) { |
while (!$flag) { |
print "ENTER 1, 2, 3, or 4:\n"; |
print "ENTER 1, 2, 3, or 4:\n"; |
my $choice=<>; |
my $choice=<>; |
Line 97 while (!$flag) {
|
Line 745 while (!$flag) {
|
} |
} |
elsif ($choice==4) { |
elsif ($choice==4) { |
$lonCluster='existing'; $flag=1; |
$lonCluster='existing'; $flag=1; |
if (-e '/home/httpd/lonTabs/hosts.tab') { |
foreach my $file ('hosts.tab','dns_hosts.tab', |
`cp /home/httpd/lonTabs/hosts.tab ../existing_hosts.tab`; |
'domain.tab','dns_domain.tab') { |
} |
if (-e '/home/httpd/lonTabs/'.$file) { |
else { |
`cp /home/httpd/lonTabs/$file ../existing_$file`; |
print <<END; |
} |
There is no existing /home/httpd/lonTabs/hosts.tab |
else { |
|
print <<END; |
|
There is no existing /home/httpd/lonTabs/$file |
END |
END |
die(''); |
die(''); |
} |
} |
if (-e '/home/httpd/lonTabs/domain.tab') { |
|
`cp /home/httpd/lonTabs/domain.tab ../existing_domain.tab`; |
|
} |
|
else { |
|
print <<END; |
|
There is no existing /home/httpd/lonTabs/domain.tab |
|
END |
|
die(''); |
|
} |
} |
} |
} |
elsif ($choice==26) { |
elsif ($choice==26) { |
$lonCluster='rawhide'; $flag=1; |
$lonCluster='rawhide'; $flag=1; |
} |
} |
} |
} |
} |
|
</perlscript> |
</perlscript> |
</file> |
</file> |
<file> |
<file> |
Line 129 END
|
Line 770 END
|
$|=1; |
$|=1; |
my $domainDescription; |
my $domainDescription; |
my $domainTabExtras; |
my $domainTabExtras; |
|
my $primaryLibServer; |
|
my $protocol; |
|
my $intdom; |
|
my $desiredhostname; |
|
my $city; |
|
my $state; |
|
my $country; |
|
my @libservers = (); |
unless (-e "<TARGET />") { |
unless (-e "<TARGET />") { |
print(<<END); |
print(<<END); |
WELCOME TO LON-CAPA! |
WELCOME TO LON-CAPA! |
|
|
If you have questions, please visit http://install.lon-capa.org |
If you have questions, please visit http://install.loncapa.org |
or contact helpdesk\@lon-capa.org. |
or contact helpdesk\@loncapa.org. |
|
|
=============================================================================== |
=============================================================================== |
The following 4 values are needed to configure LON-CAPA: |
The following 10 values are needed to configure LON-CAPA: |
* Machine Role |
* Machine Role |
* LON-CAPA Domain Name |
* LON-CAPA Domain Name |
* LON-CAPA Machine ID Name, and |
* LON-CAPA Machine ID Name |
* System Administration E-mail Address. |
* Server Administration E-mail Address |
|
* LON-CAPA Domain's Primary Library Server Machine ID |
|
* Web Server Protocol |
|
* Internet Domain Name of Your Institution |
|
* Hostname |
|
* City, State, Country for LON-CAPA SSL certificate |
|
* Password for key for creating SSL certificates |
=============================================================================== |
=============================================================================== |
|
|
In addition, a Support E-mail Address can also be included. If |
In addition, a Support E-mail Address can also be included. If |
Line 159 close(OUT);
|
Line 814 close(OUT);
|
**** Machine Role **** |
**** Machine Role **** |
Library server (recommended if first-time installation of LON-CAPA): |
Library server (recommended if first-time installation of LON-CAPA): |
Servers that are repositories of authoritative educational resources. |
Servers that are repositories of authoritative educational resources. |
These servers also provide the construction space by which instructors |
These servers also provide the authoring spaces in which content |
assemble their classroom online material. |
creators (e.g., faculty instructors) create their learning content. |
Access server: |
Access server: |
Servers that load-balance high-traffic delivery of educational resources |
Servers that load-balance high-traffic delivery of educational resources |
over the world-wide web. |
over the world-wide web. |
Line 205 if ($hostname=~/([^\.]*)\.([^\.]*)$/) {
|
Line 860 if ($hostname=~/([^\.]*)\.([^\.]*)$/) {
|
print(<<END); |
print(<<END); |
|
|
**** Domain **** |
**** Domain **** |
[this does NOT need to correspond to internet address domains, |
[This does NOT need to correspond to an internet address domain. |
good examples might be "msu" or "bionet" or "vermontcc", |
Please make this name short AND descriptive of your organization. |
bad examples are "physics" (too general) |
Domain names are close to impossible to change later!!! |
|
Good examples might be "msu" or "bionet" or "vermontcc". |
|
Bad examples are "physics" (too general) |
or "michiganstateuniversity" (too long) |
or "michiganstateuniversity" (too long) |
or "msuedu" (internet domain, just make it "msu") |
or "msuedu" (just make it "msu", or else make it msu.edu) |
or "msuphysics" (only if there is a good reason to limit) |
or "msuphysics" (only if there is a good reason to limit to department |
|
- we don't know of one) |
or "mydomain" (what is that?) |
or "mydomain" (what is that?) |
Please make this name short AND descriptive of your organization. |
Avoid multiple domains at the same institution, even if it means that you |
Note that the domain is very hard to change later. |
have to actually work together with your colleagues. You can still run |
Double-check with the LON-CAPA group at MSU if this domain is |
multiple library servers within the same domain. |
going to be part of the main production cluster, since it needs |
If this domain is eventually going to be part of the main production |
to be unique.] |
cluster, you MUST contact the LON-CAPA group at MSU (loncapa\@loncapa.org) |
|
to have a domain name assigned, and then use it exactly as given. This is |
|
also true for test installs that might eventually turn into production setups. |
|
The short domain name needs to be unique, if your aim is to join a cluster |
|
containing existing domains. Stop now if you have not yet contacted the |
|
MSU LON-CAPA group.] |
END |
END |
|
|
# get domain name |
# get domain name |
Line 237 END
|
Line 900 END
|
my $choice=<>; |
my $choice=<>; |
chomp($choice); |
chomp($choice); |
my $bad_domain_flag=0; |
my $bad_domain_flag=0; |
my @bad_domain_names=('res','raw','userfiles','priv','adm','uploaded'); |
my @bad_domain_names=('res','raw','userfiles','priv','adm','uploaded', |
|
'editupload'); |
foreach my $bad (@bad_domain_names) { |
foreach my $bad (@bad_domain_names) { |
$bad_domain_flag=1 if $choice eq $bad; |
$bad_domain_flag=1 if $choice eq $bad; |
} |
} |
Line 251 END
|
Line 915 END
|
close(OUT); |
close(OUT); |
$lonDefDomain=$choice; |
$lonDefDomain=$choice; |
$flag=1; |
$flag=1; |
} elsif (length($choice)>12) { |
} elsif (length($choice)>35) { |
print "Name too long\n"; |
print "Name too long\n"; |
} elsif (length($choice)<2) { |
} elsif (length($choice)<2) { |
print "Name too short\n"; |
print "Name too short\n"; |
} elsif ($bad_domain_flag) { |
} elsif ($bad_domain_flag) { |
print "Invalid input ('$choice' conflicts with LON-CAPA namespace).\n"; |
print "Invalid input ('$choice' conflicts with LON-CAPA namespace).\n"; |
print "Please try something different than '$choice'\n"; |
print "Please try something different than '$choice'\n"; |
} elsif ($choice!~/\_/ and $choice=~/^\w+$/) { |
} elsif ($choice!~/\_/ and $choice=~/^[\w\-.]+$/) { |
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
print(OUT 'lonDefDomain'."\t".$choice."\n"); |
print(OUT 'lonDefDomain'."\t".$choice."\n"); |
close(OUT); |
close(OUT); |
Line 266 END
|
Line 930 END
|
$r='l'; |
$r='l'; |
$flag=1; |
$flag=1; |
} else { |
} else { |
print "Invalid input (only alphanumeric characters supported).\n"; |
print "Invalid input (only alphanumeric characters, '-', and '.' supported).\n"; |
} |
} |
} |
} |
|
|
|
|
# get domain description |
# get domain description |
# accept if valid, if not valid, tell user and repeat |
# accept if valid, if not valid, tell user and repeat |
$flag=0; |
$flag=0; |
Line 307 if ($lonDefDomain) {
|
Line 970 if ($lonDefDomain) {
|
print(<<END); |
print(<<END); |
|
|
**** Machine ID Name **** |
**** Machine ID Name **** |
[this does NOT need to correspond to internet address names; |
[This does NOT need to correspond to internet address names; |
this name MUST be unique to the whole LON-CAPA network; |
this name MUST be unique to the whole LON-CAPA network; |
we recommend that you use a name based off of your institution; |
we recommend that you use a name based off of your institution. |
good examples: "msul1" or "bioneta2"; |
Good examples: "msul1" or "bioneta2". |
bad examples: "loncapabox" or "studentsinside". |
Bad examples: "loncapabox" or "studentsinside". |
Note that machine names are very hard to change later.] |
Note that machine names are very hard to change later.] |
END |
END |
# get machine name |
# get machine name |
Line 339 END
|
Line 1002 END
|
close(OUT); |
close(OUT); |
$lonHostID=$choice; |
$lonHostID=$choice; |
$flag=1; |
$flag=1; |
} elsif (length($choice)>15) { |
} elsif (length($choice)>45) { |
print "Name too long\n"; |
print "Name too long\n"; |
} elsif (length($choice)<4) { |
} elsif (length($choice)<4) { |
print "Name too short\n"; |
print "Name too short\n"; |
} elsif ($choice!~/\_/ and $choice=~/^\w+$/) { |
} elsif ($choice!~/\_/ and $choice=~/^[\w\-.]+$/) { |
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
print(OUT 'lonHostID'."\t".$choice."\n"); |
print(OUT 'lonHostID'."\t".$choice."\n"); |
close(OUT); |
close(OUT); |
$lonHostID=$choice; |
$lonHostID=$choice; |
$flag=1; |
$flag=1; |
} else { |
} else { |
print "Invalid input (only alphanumeric characters supported).\n"; |
print "Invalid input (only alphanumeric characters, '-', and '.' supported).\n"; |
} |
} |
} |
} |
|
|
|
# get primary library server in domain |
|
if ($lonRole eq 'library') { |
|
if (!grep/^\Q$lonHostID\E$/,@libservers) { |
|
push(@libservers,$lonHostID); |
|
} |
|
if (@libservers == 1) { |
|
$primaryLibServer = $libservers[0]; |
|
} |
|
} |
|
|
|
$flag=0; |
|
while (!$flag) { |
|
print(<<END); |
|
**** Domain's Primary Library Server ID **** |
|
This should be the LON-CAPA machine ID of a library server in your |
|
domain. If you only have a single library server in your domain, then |
|
the Primary Library server ID will be the machine ID of that server. |
|
This server will be where domain data which are not associated with any |
|
specific home library server will be stored (e.g., configurations that |
|
apply to all nodes in the domain). |
|
END |
|
if (defined($primaryLibServer)) { |
|
print(<<END); |
|
ENTER DOMAIN'S PRIMARY LIBRARY SERVER ID [$primaryLibServer]: |
|
END |
|
} elsif (@libservers > 0) { |
|
print(<<END); |
|
ENTER DOMAIN'S PRIMARY LIBRARY SERVER ID [$libservers[0]] |
|
END |
|
} else { |
|
print (<<END); |
|
No library servers could be identified for this domain. If you have already installed LON-CAPA on a different server (designated as a library server) in this domain, please enter the LONCAPA MACHINE ID of that server. If not, you will need to install a LON-CAPA library server. Enter the MACHINE ID of the server you plan to designate as a library server. |
|
END |
|
} |
|
|
|
my $choice=<>; |
|
chomp($choice); |
|
if ($primaryLibServer and $choice=~/^\s*$/) { |
|
$choice=$primaryLibServer; |
|
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
|
print(OUT 'primaryLibServer'."\t".$choice."\n"); |
|
close(OUT); |
|
$flag=1; |
|
} elsif (length($choice)>35) { |
|
print "Name too long\n"; |
|
} elsif (length($choice)<4) { |
|
print "Name too short\n"; |
|
} elsif ($choice!~/\_/ and $choice=~/^[\w\-.]+$/) { |
|
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
|
print(OUT 'primaryLibServer'."\t".$choice."\n"); |
|
close(OUT); |
|
$primaryLibServer=$choice; |
|
$flag=1; |
|
} else { |
|
print "Invalid input (only alphanumeric characters, '-', and '.' supported).\n"; |
|
} |
|
} |
|
|
|
|
# get admin e-mail address |
# get admin e-mail address |
# accept if valid, if not valid, tell user and repeat |
# accept if valid, if not valid, tell user and repeat |
$flag=0; |
$flag=0; |
Line 361 my $lonAdmEMail;
|
Line 1083 my $lonAdmEMail;
|
while (!$flag) { |
while (!$flag) { |
print(<<END); |
print(<<END); |
|
|
**** System Administrator's E-mail **** |
**** Server Administrator's E-mail **** |
E-mail address of the person who will manage this machine |
E-mail address of the person who will manage this machine |
[should be in the form somebody\@somewhere] |
[should be in the form somebody\@somewhere] |
ENTER ADMIN E-MAIL ADDRESS: |
ENTER ADMIN E-MAIL ADDRESS: |
Line 414 END
|
Line 1136 END
|
} |
} |
} |
} |
|
|
|
# get protocol |
|
# accept if valid, if not valid, tell user and repeat |
|
$flag=0; |
|
while (!$flag) { |
|
print(<<END); |
|
|
|
**** Web Server Protocol **** |
|
If you plan to run the Apache server with SSL enabled, |
|
the protocol should be: https; otherwise it should be http. |
|
ENTER WEB SERVER PROTOCOL [http]: |
|
END |
|
|
|
my $choice=<>; |
|
chomp($choice); |
|
if ($choice =~ /^https?$/) { |
|
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
|
print(OUT 'protocol'."\t".$choice."\n"); |
|
close(OUT); |
|
$protocol=$choice; |
|
$flag=1; |
|
} elsif ($choice eq '') { |
|
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
|
print(OUT 'protocol'."\t".'http'."\n"); |
|
close(OUT); |
|
$protocol = 'http'; |
|
$flag = 1; |
|
} else { |
|
print "Invalid input (only http or https allowed).\n"; |
|
} |
|
} |
|
|
|
# get internet domain |
|
# accept if valid, if not valid, tell user and repeat |
|
$flag=0; |
|
while (!$flag) { |
|
print(<<END); |
|
|
|
**** Internet Domain Name of Your Institution **** |
|
|
|
The internet domain name used for servers at your institution |
|
should be provided. This will be similar to: ustate.edu or |
|
topcollege.ac.uk or myhostingcompany.com, i.e., the part of |
|
a server hostname which indicates to which organization the |
|
server belongs. |
|
|
|
ENTER INTERNET DOMAIN NAME: |
|
END |
|
|
|
my $choice=<>; |
|
chomp($choice); |
|
if ($choice =~/[^.]+\.[^.]+/) { |
|
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
|
print(OUT 'internet domain'."\t".$choice."\n"); |
|
close(OUT); |
|
$intdom=$choice; |
|
$flag=1; |
|
} |
|
else { |
|
print "Invalid input (must be at least two levels separated by . - e.g., ustate.edu).\n"; |
|
} |
|
} |
|
|
|
# get hostname |
|
# accept if valid, if not valid, tell user and repeat |
|
$flag=0; |
|
my $posshostname; |
|
if (($hostname =~ /^[A-Za-z0-9\-]+$/) && ($intdom ne '')) { |
|
$posshostname = $hostname.'.'.$intdom; |
|
} |
|
if (($hostname =~ /^[A-Za-z0-9\-]+\.[A-Za-z0-9\-]+/) && |
|
($hostname =~ /^[A-Za-z0-9.\-]+$/)) { |
|
$posshostname = $hostname; |
|
} |
|
while (!$flag) { |
|
print(<<END); |
|
|
|
****** Hostname of the server/VM ***** |
|
|
|
The hostname of the server/VM is required. This will be similar to: |
|
somename.ustate.edu or somename.department.ustate.edu, and would be |
|
the web address which users would point their web browsers at to |
|
access the server. |
|
|
|
END |
|
|
|
if ($posshostname) { |
|
print "ENTER HOSTNAME OF SERVER [$posshostname]:\n"; |
|
} else { |
|
print "ENTER HOSTNAME OF SERVER:\n"; |
|
} |
|
|
|
my $choice=<>; |
|
chomp($choice); |
|
if (($choice =~ /^[A-Za-z0-9\-]+\.[A-Za-z0-9\-]+/) && |
|
($choice =~ /^[A-Za-z0-9.\-]+$/)) { |
|
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
|
print(OUT 'hostname'."\t".$choice."\n"); |
|
close(OUT); |
|
$desiredhostname=$choice; |
|
$flag=1; |
|
} elsif (($choice eq '') && ($posshostname ne '')) { |
|
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
|
print(OUT 'hostname'."\t$posshostname\n"); |
|
close(OUT); |
|
$desiredhostname = $posshostname; |
|
$flag = 1; |
|
} else { |
|
print "Invalid input (only letters, numbers, - and . allowed, with at least one .).\n"; |
|
} |
|
} |
|
|
|
&ssl_info(); |
|
|
|
$country = &get_country($desiredhostname); |
|
|
|
$state = &get_state(); |
|
|
|
$city = &get_city(); |
|
|
|
($domainDescription,$country,$state,$city) = &confirm_locality($domainDescription,$country,$state,$city); |
|
|
|
my $perlstaticref = &get_static_config(); |
|
if (ref($perlstaticref) eq 'HASH') { |
|
my ($certsdir,$privkey,$connectcsr,$replicatecsr); |
|
$certsdir = $perlstaticref->{'lonCertificateDirectory'}; |
|
$privkey = $perlstaticref->{'lonnetPrivateKey'}; |
|
$connectcsr = $perlstaticref->{'lonnetCertificate'}; |
|
$connectcsr =~ s/\.pem$/.csr/; |
|
$replicatecsr = $perlstaticref->{'lonnetHostnameCertificate'}; |
|
$replicatecsr =~ s/\.pem$/.csr/; |
|
|
|
print(<<END); |
|
|
|
****** SSL Certificates ***** |
|
|
|
You need to provide a password to be used for the openssl key which |
|
will be stored in $certsdir, and will be used when creating two |
|
certificate signing requests: $connectcsr and $replicatecsr |
|
|
|
END |
|
|
|
my $sslkeypass = &get_new_sslkeypass(); |
|
|
|
if ($certsdir && $privkey) { |
|
my $connectsubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=$lonHostID/OU=LONCAPA/emailAddress=$lonAdmEMail"; |
|
my $replicatesubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=internal-$desiredhostname/OU=LONCAPA/emailAddress=$lonAdmEMail"; |
|
|
|
# generate SSL key |
|
&make_key($certsdir,$privkey,$sslkeypass); |
|
# generate SSL csr for hostID |
|
&make_host_csr($certsdir,$sslkeypass,$connectcsr,$connectsubj); |
|
# generate SSL csr for internal hostname |
|
&make_hostname_csr($certsdir,$sslkeypass,$replicatecsr,$replicatesubj); |
|
# mail csr files to certificate@lon-capa.org (production or dev clusters). |
|
&mail_csr('both',$lonCluster,$lonHostID,$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlstaticref); |
|
|
|
} else { |
|
print "Could not acquire standard names for SSL Certificate files from loncapa_apache.conf\n"; |
|
} |
|
} else { |
|
print "Could not acquire standard names for SSL Certificate files from loncapa_apache.conf\n"; |
|
} |
|
|
# update loncapa.conf |
# update loncapa.conf |
my $confdir='/etc/httpd/conf/'; |
my $confdir = '/etc/httpd/conf/'; |
#my $confdir=''; |
if ('<DIST />' eq 'sles10' || '<DIST />' eq 'sles11' || '<DIST />' eq 'sles12' || '<DIST />' eq 'sles15' || '<DIST />' eq 'suse10.1' || '<DIST />' eq 'suse10.2' || '<DIST />' eq 'suse10.3' || '<DIST />' eq 'suse11.1' || '<DIST />' eq 'suse11.2' || '<DIST />' eq 'suse11.3' || '<DIST />' eq 'suse11.4' || '<DIST />' eq 'suse12.1' || '<DIST />' eq 'suse12.2' || '<DIST />' eq 'suse12.3' || '<DIST />' eq 'suse13.1' || '<DIST />' eq 'suse13.2' || '<DIST />' eq 'debian5' || '<DIST />' eq 'debian6' || '<DIST />' eq 'ubuntu6' || '<DIST />' eq 'ubuntu8' || '<DIST />' eq 'ubuntu10' || '<DIST />' eq 'ubuntu12' || '<DIST />' eq 'ubuntu14' || '<DIST />' eq 'ubuntu16' || '<DIST />' eq 'ubuntu18' || '<DIST />' eq 'ubuntu20' || '<DIST />' eq 'ubuntu22' || '<DIST />' eq 'ubuntu24' || '<DIST />' eq 'debian10' || '<DIST />' eq 'debian11' || '<DIST />' eq 'debian12') { |
|
$confdir = '/etc/apache2/'; |
|
} |
my $filename='loncapa.conf'; |
my $filename='loncapa.conf'; |
my %perlvar; |
my %perlvar; |
if (-e "$confdir$filename") { |
if (-e "$confdir$filename") { |
Line 448 my %perlvar;
|
Line 1334 my %perlvar;
|
unless ($perlvar{'lonReceipt'} and $perlvar{'lonReceipt'}!~/\{\[\[\[\[/) { |
unless ($perlvar{'lonReceipt'} and $perlvar{'lonReceipt'}!~/\{\[\[\[\[/) { |
my $lonReceipt=''; |
my $lonReceipt=''; |
srand(time ^ $$ ^ unpack "%L*", `ps axww | gzip`); |
srand(time ^ $$ ^ unpack "%L*", `ps axww | gzip`); |
my @alnum=(0..9,a..z); |
my @alnum=(0..9,"a".."z"); |
foreach my $i (1..20) { |
foreach my $i (1..20) { |
$lonReceipt.=$alnum[int(rand(36))]; |
$lonReceipt.=$alnum[int(rand(36))]; |
} |
} |
Line 458 my %perlvar;
|
Line 1344 my %perlvar;
|
die("Cannot output to $confdir$filename\n"); |
die("Cannot output to $confdir$filename\n"); |
foreach my $key (keys %perlvar) { |
foreach my $key (keys %perlvar) { |
my $value=$perlvar{$key}; |
my $value=$perlvar{$key}; |
|
my $line = "PerlSetVar $key $value"; |
|
if ($value eq '') { |
|
$line = '#'.$line; |
|
} |
print(OUT <<END); |
print(OUT <<END); |
PerlSetVar $key $value |
$line |
END |
END |
} |
} |
close(OUT); |
close(OUT); |
Line 467 END
|
Line 1357 END
|
</perlscript> |
</perlscript> |
</file> |
</file> |
<file> |
<file> |
<target dist='default'>/</target> |
<target dist='default'>/etc/httpd/conf/</target> |
|
<target dist='sles10 sles11 sles12 sles15 suse10.1 suse10.2 suse10.3 suse11.1 suse11.2 suse11.3 suse11.4 suse12.1 suse12.2 suse12.3 suse13.1 suse13.2 debian5 debian6 debian10 debian11 debian12 ubuntu6 ubuntu8 ubuntu10 ubuntu12 ubuntu14 ubuntu16 ubuntu18 ubuntu20 ubuntu22 ubuntu24'>/etc/apache2/</target> |
<perlscript mode='fg'> |
<perlscript mode='fg'> |
sub securesetting { |
|
my (%perlvar)=@_; |
|
my $securestatus='unknown'; |
|
my $securenum=''; |
|
if ( $perlvar{'loncAllowInsecure'}&& $perlvar{'londAllowInsecure'}) { |
|
$securestatus='no'; $securenum='4'; |
|
} elsif ( $perlvar{'loncAllowInsecure'}&& !$perlvar{'londAllowInsecure'}) { |
|
$securestatus='lond'; $securenum='3'; |
|
} elsif (!$perlvar{'loncAllowInsecure'}&& $perlvar{'londAllowInsecure'}) { |
|
$securestatus='lonc'; $securenum='2'; |
|
} elsif (!$perlvar{'loncAllowInsecure'}&& !$perlvar{'londAllowInsecure'}) { |
|
$securestatus='yes (lond and lonc)'; $securenum='1'; |
|
} |
|
return ($securestatus,$securenum); |
|
} |
|
# read values from loncapa.conf |
# read values from loncapa.conf |
my $confdir='/etc/httpd/conf/'; |
my $confdir = "<TARGET />"; |
my $filename='loncapa.conf'; |
my $filename='loncapa.conf'; |
my %perlvar; |
my %perlvar; |
my ($securestatus,$securenum); |
|
if (-e "$confdir$filename") { |
if (-e "$confdir$filename") { |
open(CONFIG,'<'.$confdir.$filename) or |
open(CONFIG,'<'.$confdir.$filename) or |
die("Can't read $confdir$filename"); |
die("Can't read $confdir$filename"); |
Line 516 my ($securestatus,$securenum);
|
Line 1391 my ($securestatus,$securenum);
|
unless ($perlvar{'loncAllowInsecure'} and $perlvar{'loncAllowInsecure'}!~/\{\[\[\[\[/) { |
unless ($perlvar{'loncAllowInsecure'} and $perlvar{'loncAllowInsecure'}!~/\{\[\[\[\[/) { |
$perlvar{'loncAllowInsecure'}='1'; |
$perlvar{'loncAllowInsecure'}='1'; |
} |
} |
($securestatus,$securenum)=&securesetting(%perlvar); |
my ($securestatus,$securenum)=&securesetting(%perlvar); |
unless ($perlvar{'lonReceipt'} and $perlvar{'lonReceipt'}!~/\{\[\[\[\[/) { |
unless ($perlvar{'lonReceipt'} and $perlvar{'lonReceipt'}!~/\{\[\[\[\[/) { |
my $lonReceipt=''; |
my $lonReceipt=''; |
srand(time ^ $$ ^ unpack "%L*", `ps axww | gzip`); |
srand(time ^ $$ ^ unpack "%L*", `ps axww | gzip`); |
my @alnum=(0..9,a..z); |
my @alnum=(0..9,"a".."z"); |
foreach my $i (1..20) { |
foreach my $i (1..20) { |
$lonReceipt.=$alnum[int(rand(36))]; |
$lonReceipt.=$alnum[int(rand(36))]; |
} |
} |
$perlvar{'lonReceipt'}=$lonReceipt; |
$perlvar{'lonReceipt'}=$lonReceipt; |
} |
} |
my %perlvarstatic; |
my $perlvarstatic = &get_static_config(); |
if (-e "${confdir}loncapa_apache.conf") { |
|
open(CONFIG,'<'.$confdir.'loncapa_apache.conf') or |
my (@hosts_files, @domain_files); |
die("Can't read ${confdir}loncapa_apache.conf"); |
if ( $lonCluster ne 'existing') { |
while (my $configline=<CONFIG>) { |
push(@domain_files,'../'.$lonCluster.'_domain.tab', |
if ($configline =~ /^[^\#]*PerlSetVar/) { |
'../'.$lonCluster.'_dns_domain.tab'); |
my ($unused,$varname,$varvalue)=split(/\s+/,$configline); |
push(@hosts_files,'../'.$lonCluster.'_hosts.tab', |
chomp($varvalue); |
'../'.$lonCluster.'_dns_hosts.tab'); |
$perlvarstatic{$varname}=$varvalue; |
} |
|
push(@domain_files,'/home/httpd/lonTabs/domain.tab', |
|
'/home/httpd/lonTabs/dns_domain.tab'); |
|
push(@hosts_files,'/home/httpd/lonTabs/hosts.tab', |
|
'/home/httpd/lonTabs/dns_hosts.tab'); |
|
|
|
my @poss_hosts_files = @hosts_files; |
|
if (!$domainDescription) { |
|
foreach my $file (@domain_files) { |
|
open(IN,'<'.$file); |
|
while(my $line = <IN>) { |
|
if ($line =~ /^\Q$perlvar{'lonDefDomain'}\E\:/) { |
|
(undef,$domainDescription,$domainTabExtras)=split(/:/,$line,3); |
|
chomp($domainDescription); |
|
chomp($domainTabExtras); |
|
# the remaining field (primary lib server) is handled later |
|
$domainTabExtras = join(':',(split(/:/,$domainTabExtras))[0..5]); |
|
last; |
|
} |
} |
} |
|
close(IN); |
|
last if ($domainDescription); |
} |
} |
close(CONFIG); |
|
} |
} |
if (!$domainDescription && $lonCluster ne 'existing') { |
|
open(IN,'<../'.$lonCluster.'_domain.tab'); |
if ((!$protocol) || (!$desiredhostname)) { |
while(<IN>) { |
foreach my $file (@hosts_files) { |
if (/^$perlvar{'lonDefDomain'}\:/) { |
open(IN,'<'.$file); |
(undef,$domainDescription,$domainTabExtras)=split(/:/,$_,3); |
while(my $line = <IN>) { |
chomp($domainDescription); |
if ($line =~ /^\Q$perlvar{'lonHostID'}\E:\Q$perlvar{'lonDefDomain'}\E\:(?:access|library)\:([^:]+)\:(https?)/) { |
chomp($domainTabExtras); |
if (!$desiredhostname) { |
last; |
$desiredhostname = $1; |
} |
} |
} |
if (!$protocol) { |
close(IN); |
$protocol = $2; |
|
chomp($protocol); |
|
} |
|
last; |
|
} |
|
} |
|
} |
|
} |
|
|
|
if (!$protocol) { |
|
$protocol = 'http'; |
|
} |
|
|
|
if (!$intdom) { |
|
foreach my $file (@hosts_files) { |
|
open(IN,'<'.$file); |
|
while(my $line = <IN>) { |
|
if ($line =~ /^\Q$perlvar{'lonHostID'}\E:\Q$perlvar{'lonDefDomain'}\E\:(?:access|library)\:[^:]+\:https?\:([^:]+)/) { |
|
$intdom = $1; |
|
chomp($intdom); |
|
last; |
|
} |
|
} |
|
} |
|
} |
|
|
|
my (%hostnames,%protocols); |
|
while(!$primaryLibServer && (@hosts_files || @domain_files)) { |
|
my $file = shift(@domain_files); |
|
open(IN,'<'.$file); |
|
while(my $line = <IN>) { |
|
if ($line =~ /^\Q$perlvar{'lonDefDomain'}\E\:/) { |
|
$primaryLibServer=(split(/:/,$line))[8]; |
|
chomp($primaryLibServer); |
|
} |
|
} |
|
close(IN); |
|
last if ($primaryLibServer); |
|
$file = shift(@hosts_files); |
|
open(IN,'<'.$file); |
|
while(my $line = <IN>) { |
|
if ($line =~ /^([^\:]+)\:\Q$perlvar{'lonDefDomain'}\E\:library\:([^\:]+)/) { |
|
push(@libservers,$1); |
|
$hostnames{$1} = $2; |
|
} |
|
} |
|
# make list unique |
|
@libservers = keys(%{{ map { $_ => 1 } (@libservers) }}); |
|
close(IN); |
|
if (@libservers == 1) { |
|
$primaryLibServer = $libservers[0]; |
|
} |
} |
} |
if (!$domainDescription) { |
|
open(IN,'</home/httpd/lonTabs/domain.tab'); |
# get hostname of primaryLibServer |
while(<IN>) { |
my ($primary_hostname,$primary_protocol); |
if (/^$perlvar{'lonDefDomain'}\:/) { |
if ($primaryLibServer) { |
(undef,$domainDescription,$domainTabExtras)=split(/:/,$_,3); |
if ($hostnames{$primaryLibServer}) { |
chomp($domainDescription); |
$primary_hostname = $hostnames{$primaryLibServer}; |
chomp($domainTabExtras); |
$primary_protocol = $protocols{$primaryLibServer}; |
last; |
} else { |
} |
foreach my $file (@poss_hosts_files) { |
} |
open(IN,'<'.$file); |
close(IN); |
while (my $line = <IN>) { |
|
if ($line =~ /^([^\:]+)\:\Q$perlvar{'lonDefDomain'}\E\:library\:([^\:]+):(https?)/) { |
|
if ($1 eq $primaryLibServer) { |
|
$primary_hostname = $2; |
|
$primary_protocol = $3; |
|
last; |
|
} |
|
} |
|
} |
|
close(IN); |
|
last if ($primary_hostname); |
|
} |
|
} |
} |
} |
|
|
# implement editing logic below, interactively |
# implement editing logic below, interactively |
# update loncapa.conf until 8 is entered |
# update loncapa.conf until 18 is entered |
|
|
$flag=0; |
my $flag=0; |
|
|
|
# |
|
# Changes to 5, 6, and 14 not supported if configuration.db set on primary library server. |
|
# (requires either this machine to be primary library server or for LON-CAPA and Apache |
|
# to be running on primary library server). |
|
# |
|
|
|
my ($isprimary,$domconf,$url,$gotdomconf,$adminmail,$supportmail,$connectssl,%setbygui); |
|
if ($primaryLibServer eq $perlvar{'lonHostID'}) { |
|
$isprimary = 1; |
|
} else { |
|
unless ($primary_protocol eq 'https') { |
|
$primary_protocol = 'http'; |
|
} |
|
$url = $primary_protocol.'://'.$primary_hostname.'/cgi-bin/listdomconfig.pl'; |
|
} |
|
|
|
my %sslnames = &get_sslnames(); |
|
my %ssldesc = &get_ssldesc(); |
|
|
|
my $domconf = &get_domain_config($perlvar{'lonDefDomain'},$primaryLibServer,$isprimary, |
|
$url,$perlvarstatic); |
|
if (ref($domconf)) { |
|
$gotdomconf = 1; |
|
if (ref($domconf->{'contacts'}) eq 'HASH') { |
|
if (exists($domconf->{'contacts'}->{'adminemail'})) { |
|
$adminmail = $domconf->{'contacts'}->{'adminemail'}; |
|
} |
|
if (exists($domconf->{'contacts'}->{'supportemail'})) { |
|
$supportmail = $domconf->{'contacts'}->{'supportemail'}; |
|
} |
|
} |
|
if (ref($domconf->{'ssl'}) eq 'HASH') { |
|
foreach my $connect ('connto','connfrom') { |
|
if (ref($domconf->{'ssl'}->{$connect}) eq 'HASH') { |
|
my ($sslreq,$sslnoreq,$currsetting); |
|
my %contypes; |
|
foreach my $type ('dom','intdom','other') { |
|
my $key; |
|
if ($domconf->{'ssl'}->{'connect'}->{$type} eq 'req') { |
|
$key = 'yes'; |
|
} else { |
|
$key = 'no'; |
|
} |
|
if ($type eq 'dom') { |
|
$contypes{$key} .= ' own domain,'; |
|
} elsif ($type eq 'intdom') { |
|
$contypes{$key} .= ' own institution,'; |
|
} elsif ($type eq 'other') { |
|
$contypes{$key} .= ' other domains,'; |
|
} |
|
} |
|
foreach my $key (sort(keys(%contypes))) { |
|
$contypes{$key} =~ s/^\s//; |
|
$contypes{$key} =~ s/,$//; |
|
if ($key eq 'yes') { |
|
$currsetting .= ' Yes ('.$contypes{$key}.'),'; |
|
} elsif ($key eq 'no') { |
|
$currsetting .= ' No ('.$contypes{$key}.')'; |
|
} |
|
$currsetting =~ s/,$//; |
|
} |
|
if ($currsetting ne '') { |
|
$connectssl = $sslnames{$connect}.' -- '.$currsetting.' | '; |
|
} |
|
} |
|
} |
|
$connectssl =~ s/\s\|\s$//; |
|
} |
|
} |
|
if ($connectssl) { |
|
$setbygui{'securestatus'} = 1; |
|
$securestatus = 'Set by domain configuration via web GUI. Currently: '.$connectssl; |
|
} |
|
if ($adminmail) { |
|
$adminmail = 'Set by domain configuration via web GUI. Currently: '.$adminmail; |
|
$setbygui{'lonAdmEMail'} = 1; |
|
} else { |
|
$adminmail = $perlvar{'lonAdmEMail'}; |
|
} |
|
if ($supportmail) { |
|
$supportmail = 'Set by domain configuration via web GUI. Currently: '.$supportmail; |
|
$setbygui{'lonSupportEMail'} = 1; |
|
} else { |
|
$supportmail = $perlvar{'lonSupportEMail'}; |
|
} |
|
|
|
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
|
my ($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
|
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
|
print $certinfo; |
|
my %sslstatus; |
|
if (ref($sslref) eq 'HASH') { |
|
%sslstatus = %{$sslref}; |
|
} |
|
|
while (!$flag) { |
while (!$flag) { |
print(<<END); |
print(<<END); |
Line 577 This is now the current configuration of
|
Line 1629 This is now the current configuration of
|
1) Domain Name: $perlvar{'lonDefDomain'} |
1) Domain Name: $perlvar{'lonDefDomain'} |
2) Domain Description: $domainDescription |
2) Domain Description: $domainDescription |
3) Machine Name: $perlvar{'lonHostID'} |
3) Machine Name: $perlvar{'lonHostID'} |
4) System Administrator's E-mail Address: $perlvar{'lonAdmEMail'} |
4) ID of primary library server for domain: $primaryLibServer |
5) Support E-mail Address: $perlvar{'lonSupportEMail'} |
5) Server Administrator's E-mail Address: $adminmail |
6) Role: $perlvar{'lonRole'} |
6) Support E-mail Address: $supportmail |
7) Cache Expiration Time: $perlvar{'lonExpire'} |
7) Web Server Protocol (http or https): $protocol |
8) Server Load: $perlvar{'lonLoadLim'} |
8) Internet Domain Name: $intdom |
9) User Load: $perlvar{'lonUserLoadLim'} |
9) Hostname: $desiredhostname |
10) Allow only secure connections: $securestatus |
10) Role: $perlvar{'lonRole'} |
11) Everything is correct up above |
11) Cache Expiration Time: $perlvar{'lonExpire'} (seconds) |
|
12) Server Load: $perlvar{'lonLoadLim'} |
|
13) User Load: $perlvar{'lonUserLoadLim'} |
|
14) LON-CAPA "internal" connections: $securestatus |
|
15) Private Key for SSL: $lonkeystatus |
|
16) SSL Certificate for LON-CAPA server connections: $lonhostcertstatus |
|
17) SSL Certificate for Content Replication: $lonhostnamecertstatus |
|
18) Everything is correct up above |
END |
END |
|
|
my $error=''; |
my @error; |
foreach my $v ($perlvar{'lonDefDomain'},$perlvar{'lonHostID'}) { |
foreach my $v ($perlvar{'lonDefDomain'},$perlvar{'lonHostID'}) { |
if (length($v)>16) { $error.="\nName $v too long"; } |
if (length($v)>35) { push(@error,"Name $v too long"); } |
if (length($v)<2) { $error.="\nName $v too short"; } |
if (length($v)<2) { push(@error,"Name $v too short"); } |
if ($v=~/capa/i) { $error.="\nName $v contains 'capa'"; } |
if ($v=~/capa/i) { |
foreach my $bad ('res','raw','userfiles','priv','adm','uploaded') { |
if ($v!~/^oucapa\d+$/ && |
$error.="\nName $v reserved." if $v eq $bad; |
($v!~/^capa\d+$/ && $perlvar{'lonDefDomain'} eq 'uwsp')) { |
|
push(@error,"Name $v contains 'capa'"); |
|
} |
|
} |
|
foreach my $bad ('res','raw','userfiles','priv','adm','uploaded', |
|
'editupload') { |
|
push(@error,"\nName $v reserved.") if $v eq $bad; |
} |
} |
if ($v=~/\W/) { $error.="\nName $v contains special characters"; } |
if ($v=~/[^\w\-.]/) { push(@error,"Name $v contains special characters"); } |
} |
} |
if ($domainDescription!~/^[\w\s]+$/) { |
if ($domainDescription =~ /^\s*$/) { |
$error.="\nDomain Description contains special characters"; |
push(@error,"Domain Description is blank."); |
|
} elsif ($domainDescription!~/^[\(\)\-\w\s,]+$/) { |
|
push(@error,"Domain Description contains special characters."); |
} |
} |
foreach my $v ($perlvar{'lonExpire'},$perlvar{'lonLoadLim'}) { |
foreach my $v ($perlvar{'lonExpire'},$perlvar{'lonLoadLim'}) { |
unless ($v=~/^[\d+\.]+$/) { $error.="\nNumber expected instead of $v"; } |
unless ($v=~/^[\d+\.]+$/) { push(@error,"Number expected instead of $v"); } |
} |
} |
unless (($perlvar{'lonRole'} eq 'library') || ($perlvar{'lonRole'} eq 'access')) { |
unless (($perlvar{'lonRole'} eq 'library') || ($perlvar{'lonRole'} eq 'access')) { |
$error.="\nInvalid Role"; |
push(@error,"Invalid Role"); |
|
} |
|
|
|
unless (($protocol eq 'http') || ($protocol eq 'https')) { |
|
push(@error,"Invalid Protocol (must be http or https"); |
|
} |
|
|
|
if (!defined($intdom)) { |
|
push(@error,"No internet domain name designated. Enter something like ustate.edu"); |
|
} elsif ($intdom !~ /[^.]+\.\w{2,6}$/) { |
|
push(@error,"Invalid Internet domain name (must be at least two levels separated by . - e.g., ustate.edu"); |
|
} |
|
|
|
if (!defined($primaryLibServer)) { |
|
if (@libservers > 0) { |
|
push(@error,"No primary library server ID designated. Choose from: ".join(',',sort(@libservers))); |
|
} else { |
|
push(@error,"No library servers in this domain (including current server)"); |
|
} |
|
} else { |
|
if (length($primaryLibServer)>35) { push(@error,"Primary Library Server ID: $primaryLibServer too long"); } |
|
if (length($primaryLibServer)<2) { push(@error,"Primary Library Server ID: $primaryLibServer too short"); } |
|
if ($primaryLibServer =~/capa/i) { |
|
if ($primaryLibServer!~/^oucapa\d+$/ && |
|
($primaryLibServer!~/^capa\d+$/ && $perlvar{'lonDefDomain'} eq 'uwsp')) { |
|
push(@error,"Primary library server ID $primaryLibServer contains 'capa'") |
|
} |
|
} |
|
foreach my $bad ('res','raw','userfiles','priv','adm','uploaded', |
|
'editupload') { |
|
push(@error,"Primary library server ID $primaryLibServer reserved.") if $primaryLibServer eq $bad; |
|
} |
|
if ($primaryLibServer=~/[^\w\-.]/) { push(@error,"Primary library server ID $primaryLibServer contains special characters"); } |
} |
} |
if ($error) { print "\n*** ERRORS: $error\n"; } |
|
|
|
|
my ($certsdir,$privkey,$connectcsr,$replicatecsr); |
|
$certsdir = $perlvarstatic->{'lonCertificateDirectory'}; |
|
$privkey = $perlvarstatic->{'lonnetPrivateKey'}; |
|
$connectcsr = $perlvarstatic->{'lonnetCertificate'}; |
|
$connectcsr =~ s/\.pem$/.csr/; |
|
$replicatecsr = $perlvarstatic->{'lonnetHostnameCertificate'}; |
|
$replicatecsr =~ s/\.pem$/.csr/; |
|
|
|
if (@error) { print "\n*** ERRORS: \n\t".join("\n\t",@error)."\n"; } |
print(<<END); |
print(<<END); |
ENTER A CHOICE OF 1-10 TO CHANGE, otherwise ENTER 11: |
ENTER A CHOICE OF 1-17 TO CHANGE, otherwise ENTER 18: |
END |
END |
my $choice=<>; |
my $choice=<>; |
chomp($choice); |
chomp($choice); |
Line 648 END
|
Line 1757 END
|
} |
} |
elsif ($choice==4) { |
elsif ($choice==4) { |
print(<<END); |
print(<<END); |
4) System Administrator's E-mail Address: $perlvar{'lonAdmEMail'} |
4) ID of primary library server for domain: $primaryLibServer |
ENTER NEW VALUE: |
ENTER NEW VALUE (this will be the LON-CAPA Machine ID of a library server in |
|
your domain; it cannot contain any of '_' '-' '.' or ':'. |
|
This server will be where domain data which are not |
|
associated with any specific home library server |
|
will be stored (e.g., e-mail broadcast by Domain Coordinators |
|
to users in the domain). |
END |
END |
my $choice2=<>; |
my $choice2=<>; |
chomp($choice2); |
chomp($choice2); |
$perlvar{'lonAdmEMail'}=$choice2; |
$primaryLibServer=$choice2; |
} |
} |
elsif ($choice==5) { |
elsif ($choice==5) { |
|
if ($setbygui{'lonAdmEMail'}) { |
|
print(<<END); |
|
5) Server Administrator's E-mail Address: $adminmail |
|
Use the web GUI (as domain coordinator) to make changes after completing the UPDATE. |
|
END |
|
} else { |
|
print(<<END); |
|
5) Server Administrator's E-mail Address: $perlvar{'lonAdmEMail'} |
|
ENTER NEW VALUE: |
|
END |
|
my $choice2=<>; |
|
chomp($choice2); |
|
$perlvar{'lonAdmEMail'}=$choice2; |
|
$adminmail=$perlvar{'lonAdmEMail'}; |
|
} |
|
} |
|
elsif ($choice==6) { |
|
if ($setbygui{'lonSupportEMail'}) { |
|
print(<<END); |
|
6) Support E-mail Address: $supportmail |
|
Use the web GUI (as domain coordinator) to make changes after completing the UPDATE. |
|
END |
|
} else { |
|
print(<<END); |
|
6) Support E-mail Address: $perlvar{'lonSupportEMail'} |
|
ENTER NEW VALUE: |
|
END |
|
my $choice2=<>; |
|
chomp($choice2); |
|
$perlvar{'lonSupportEMail'}=$choice2; |
|
$supportmail=$perlvar{'lonSupportEMail'}; |
|
} |
|
} |
|
elsif ($choice==7) { |
|
print(<<END); |
|
7) Server Protocol (http or https): |
|
ENTER NEW VALUE: (this should be either 'http' or 'https' |
|
if in doubt set to 'http'): |
|
END |
|
my $choice2=<>; |
|
chomp($choice2); |
|
$protocol=$choice2; |
|
} |
|
elsif ($choice==8) { |
|
print(<<END); |
|
8) Internet Domain Name of Institution |
|
ENTER NEW VALUE: |
|
|
|
END |
|
my $choice2=<>; |
|
chomp($choice2); |
|
$intdom=$choice2; |
|
} |
|
elsif ($choice==9) { |
print(<<END); |
print(<<END); |
5) Support E-mail Address: $perlvar{'lonSupportEMail'} |
9) Hostname of Server/VM |
ENTER NEW VALUE: |
ENTER NEW VALUE: |
|
|
END |
END |
my $choice2=<>; |
my $choice2=<>; |
chomp($choice2); |
chomp($choice2); |
$perlvar{'lonSupportEMail'}=$choice2; |
$desiredhostname=$choice2; |
} |
} |
elsif ($choice==6) { |
|
|
elsif ($choice==10) { |
print(<<END); |
print(<<END); |
6) Role: $perlvar{'lonRole'} |
10) Role: $perlvar{'lonRole'} |
ENTER NEW VALUE (this should be either 'access' or 'library' |
ENTER NEW VALUE (this should be either 'access' or 'library' |
if in doubt select 'library'): |
if in doubt select 'library'): |
END |
END |
Line 674 END
|
Line 1844 END
|
chomp($choice2); |
chomp($choice2); |
$perlvar{'lonRole'}=$choice2; |
$perlvar{'lonRole'}=$choice2; |
} |
} |
elsif ($choice==7) { |
elsif ($choice==11) { |
print(<<END); |
print(<<END); |
7) Cache Expiration Time: $perlvar{'lonExpire'} |
11) Cache Expiration Time: $perlvar{'lonExpire'} |
ENTER NEW VALUE (in seconds, 86400 is a reasonable value): |
ENTER NEW VALUE (in seconds, 86400 is a reasonable value): |
END |
END |
my $choice2=<>; |
my $choice2=<>; |
chomp($choice2); |
chomp($choice2); |
$perlvar{'lonExpire'}=$choice2; |
$perlvar{'lonExpire'}=$choice2; |
} |
} |
elsif ($choice==8) { |
elsif ($choice==12) { |
print(<<END); |
print(<<END); |
8) Server Load: $perlvar{'lonLoadLim'} |
12) Server Load: $perlvar{'lonLoadLim'} |
ENTER NEW VALUE: |
ENTER NEW VALUE: |
END |
END |
my $choice2=<>; |
my $choice2=<>; |
chomp($choice2); |
chomp($choice2); |
$perlvar{'lonLoadLim'}=$choice2; |
$perlvar{'lonLoadLim'}=$choice2; |
} |
} |
elsif ($choice==9) { |
elsif ($choice==13) { |
print(<<END); |
print(<<END); |
9) User Load: $perlvar{'lonUserLoadLim'} |
13) User Load: $perlvar{'lonUserLoadLim'} |
Numer of users that can login before machine is 'overloaded' |
Numer of users that can login before machine is 'overloaded' |
ENTER NEW VALUE (integer value, 0 means there is no limit): |
ENTER NEW VALUE (integer value, 0 means there is no limit): |
END |
END |
Line 702 END
|
Line 1872 END
|
chomp($choice2); |
chomp($choice2); |
$perlvar{'lonUserLoadLim'}=$choice2; |
$perlvar{'lonUserLoadLim'}=$choice2; |
} |
} |
elsif ($choice==10) { |
elsif ($choice==14) { |
print(<<END); |
if ($setbygui{'securestatus'}) { |
10) Allow only secure connections: $securestatus |
print(<<END); |
|
14) Allow only secure connections: $securestatus |
|
Use the web GUI (as domain coordinator) to make changes after completing the UPDATE. |
|
END |
|
} else { |
|
print(<<END); |
|
14) Allow only secure connections: $securestatus |
The Lon-CAPA communication daemons lonc and lond can be configured to |
The Lon-CAPA communication daemons lonc and lond can be configured to |
allow only secure connections by default. |
allow only secure connections by default. |
|
|
Line 716 POSSIBLE CHOICES:
|
Line 1892 POSSIBLE CHOICES:
|
3) allow insecure connections to this machine but only allow connections |
3) allow insecure connections to this machine but only allow connections |
to machines that support secure connections |
to machines that support secure connections |
4) allow insecure connections |
4) allow insecure connections |
ENTER NEW VALUE (currenly $securenum): |
ENTER NEW VALUE (currently $securenum): |
END |
END |
my $choice2=<>; |
my $choice2=<>; |
chomp($choice2); |
chomp($choice2); |
if ($choice2 eq '1') { |
if ($choice2 eq '1') { |
$perlvar{'loncAllowInsecure'}=0;$perlvar{'londAllowInsecure'}=0; |
$perlvar{'loncAllowInsecure'}=0;$perlvar{'londAllowInsecure'}=0; |
} elsif ($choice2 eq '2') { |
} elsif ($choice2 eq '2') { |
$perlvar{'loncAllowInsecure'}=0;$perlvar{'londAllowInsecure'}=1; |
$perlvar{'loncAllowInsecure'}=0;$perlvar{'londAllowInsecure'}=1; |
} elsif ($choice2 eq '3') { |
} elsif ($choice2 eq '3') { |
$perlvar{'loncAllowInsecure'}=1;$perlvar{'londAllowInsecure'}=0; |
$perlvar{'loncAllowInsecure'}=1;$perlvar{'londAllowInsecure'}=0; |
} elsif ($choice2 eq '4') { |
} elsif ($choice2 eq '4') { |
$perlvar{'loncAllowInsecure'}=1;$perlvar{'londAllowInsecure'}=1; |
$perlvar{'loncAllowInsecure'}=1;$perlvar{'londAllowInsecure'}=1; |
|
} |
|
($securestatus,$securenum)=&securesetting(%perlvar); |
} |
} |
($securestatus,$securenum)=&securesetting(%perlvar); |
} elsif ($choice==15) { |
} |
if ($sslstatus{'key'} == 1) { |
elsif (($choice==11) && (!$error)) { |
print(<<END); |
|
15) Private Key for SSL: $lonkeystatus |
|
|
|
POSSIBLE CHOICES: |
|
1) overwrite existing key |
|
2) make no change |
|
ENTER NEW VALUE |
|
END |
|
my $choice2=<>; |
|
chomp($choice2); |
|
if ($choice2 eq '1') { |
|
my $sslkeypass = &get_new_sslkeypass(); |
|
&make_key($certsdir,$privkey,$sslkeypass); |
|
} |
|
} elsif ($sslstatus{'key'} == 0) { |
|
print(<<END); |
|
15) Private Key for SSL: $lonkeystatus |
|
END |
|
my $sslkeypass = &get_new_sslkeypass(); |
|
&make_key($certsdir,$privkey,$sslkeypass); |
|
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
|
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
|
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
|
if (ref($sslref) eq 'HASH') { |
|
%sslstatus = %{$sslref}; |
|
} |
|
} |
|
} elsif ($choice==16) { |
|
if (($sslstatus{'host'} == 1) || ($sslstatus{'host'} == 2) || ($sslstatus{'host'} == 3)) { |
|
print(<<END); |
|
16) SSL Certificate for LON-CAPA server connections: $lonhostcertstatus |
|
|
|
POSSIBLE CHOICES: |
|
1) create new certificate signing request with new key |
|
2) create new certificate signing request with existing key |
|
3) resend current certificate signing request |
|
4) make no change |
|
ENTER NEW VALUE |
|
END |
|
|
|
my $choice2=<>; |
|
chomp($choice2); |
|
if (($choice2 eq '1') || ($choice2 eq '2')) { |
|
&ssl_info(); |
|
my $country = &get_country($desiredhostname); |
|
my $state = &get_state(); |
|
my $city = &get_city(); |
|
my $connectsubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=$perlvar{'lonHostID'}/OU=LONCAPA/emailAddress=$adminmail"; |
|
($domainDescription,$country,$state,$city) = &confirm_locality($domainDescription,$country,$state,$city); |
|
my $sslkeypass; |
|
if ($choice2 eq '1') { |
|
$sslkeypass = &get_new_sslkeypass(); |
|
&make_key($certsdir,$privkey,$sslkeypass); |
|
} elsif ($choice2 eq '2') { |
|
$sslkeypass = &get_password('Enter existing password for SSL key'); |
|
&encrypt_key($certsdir,$privkey,$sslkeypass); |
|
} |
|
&make_host_csr($certsdir,$sslkeypass,$connectcsr,$connectsubj); |
|
&mail_csr('host',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
|
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
|
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
|
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
|
if (ref($sslref) eq 'HASH') { |
|
%sslstatus = %{$sslref}; |
|
} |
|
} elsif ($choice2 eq '3') { |
|
if (-e "$certsdir/$connectcsr") { |
|
&mail_csr('host',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
|
} |
|
} |
|
} elsif (($sslstatus{'host'} == 0) || ($sslstatus{'host'} == 4) || ($sslstatus{'host'} == 5)) { |
|
my $sslkeypass; |
|
if ($sslstatus{'key'} == 1) { |
|
print(<<END); |
|
16) SSL Certificate for LON-CAPA server connections: $lonhostcertstatus |
|
|
|
POSSIBLE CHOICES: |
|
1) create new certificate signing request with new key |
|
2) create new certificate signing request with existing key |
|
3) make no change |
|
ENTER NEW VALUE |
|
END |
|
my $choice2=<>; |
|
chomp($choice2); |
|
if ($choice2 eq '1') { |
|
$sslkeypass = &get_new_sslkeypass(); |
|
&make_key($certsdir,$privkey,$sslkeypass); |
|
} elsif ($choice2 eq '2') { |
|
$sslkeypass = &get_password('Enter existing password for SSL key'); |
|
&encrypt_key($certsdir,$privkey,$sslkeypass); |
|
} |
|
} else { |
|
print(<<END); |
|
16) SSL Certificate for LON-CAPA server connections: $lonhostcertstatus |
|
END |
|
$sslkeypass = &get_new_sslkeypass(); |
|
} |
|
&ssl_info(); |
|
my $country = &get_country($desiredhostname); |
|
my $state = &get_state(); |
|
my $city = &get_city(); |
|
my $connectsubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=$perlvar{'lonHostID'}/OU=LONCAPA/emailAddress=$adminmail"; |
|
&make_host_csr($certsdir,$sslkeypass,$connectcsr,$connectsubj); |
|
&mail_csr('host',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
|
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
|
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
|
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
|
if (ref($sslref) eq 'HASH') { |
|
%sslstatus = %{$sslref}; |
|
} |
|
} |
|
} elsif ($choice==17) { |
|
if (($sslstatus{'hostname'} == 1) || ($sslstatus{'hostname'} == 2) || ($sslstatus{'hostname'} == 3)) { |
|
print(<<END); |
|
17) SSL Certificate for Content Replication: $lonhostnamecertstatus |
|
|
|
POSSIBLE CHOICES: |
|
1) create new certificate signing request with new key |
|
2) create new certificate signing request with existing key |
|
3) resend current certificate signing request |
|
4) make no change |
|
ENTER NEW VALUE |
|
END |
|
my $choice2=<>; |
|
chomp($choice2); |
|
if (($choice2 eq '1') || ($choice2 eq '2')) { |
|
&ssl_info(); |
|
my $country = &get_country($desiredhostname); |
|
my $state = &get_state(); |
|
my $city = &get_city(); |
|
my $replicatesubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=internal-$desiredhostname/OU=LONCAPA/emailAddress=$adminmail"; |
|
my $sslkeypass; |
|
if ($choice2 eq '1') { |
|
$sslkeypass = &get_new_sslkeypass(); |
|
&make_key($certsdir,$privkey,$sslkeypass); |
|
} elsif ($choice2 eq '2') { |
|
$sslkeypass = &get_password('Enter existing password for SSL key'); |
|
&encrypt_key($certsdir,$privkey,$sslkeypass); |
|
} |
|
&make_hostname_csr($certsdir,$sslkeypass,$replicatecsr,$replicatesubj); |
|
&mail_csr('hostname',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
|
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
|
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
|
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
|
if (ref($sslref) eq 'HASH') { |
|
%sslstatus = %{$sslref}; |
|
} |
|
} elsif ($choice2 eq '3') { |
|
if (-e "$certsdir/$replicatecsr") { |
|
&mail_csr('hostname',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
|
} |
|
} |
|
} elsif (($sslstatus{'hostname'} == 0) || ($sslstatus{'hostname'} == 4) || ($sslstatus{'hostname'} == 5)) { |
|
my $sslkeypass; |
|
if ($sslstatus{'key'} == 1) { |
|
print(<<END); |
|
17) SSL Certificate for Content Replication: $lonhostnamecertstatus |
|
|
|
POSSIBLE CHOICES: |
|
1) create new certificate signing request with new key |
|
2) create new certificate signing request with existing key |
|
3) make no change |
|
ENTER NEW VALUE |
|
END |
|
my $choice2=<>; |
|
chomp($choice2); |
|
if ($choice2 eq '1') { |
|
$sslkeypass = &get_new_sslkeypass(); |
|
&make_key($certsdir,$privkey,$sslkeypass); |
|
} elsif ($choice2 eq '2') { |
|
$sslkeypass = &get_password('Enter existing password for SSL key'); |
|
&encrypt_key($certsdir,$privkey,$sslkeypass); |
|
} |
|
} else { |
|
print(<<END); |
|
17) SSL Certificate for Content Replication: $lonhostnamecertstatus |
|
END |
|
$sslkeypass = &get_new_sslkeypass(); |
|
} |
|
&ssl_info(); |
|
my $country = &get_country($desiredhostname); |
|
my $state = &get_state(); |
|
my $city = &get_city(); |
|
my $replicatesubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=internal-$desiredhostname/OU=LONCAPA/emailAddress=$adminmail"; |
|
&make_hostname_csr($certsdir,$sslkeypass,$replicatecsr,$replicatesubj); |
|
&mail_csr('hostname',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
|
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
|
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
|
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
|
if (ref($sslref) eq 'HASH') { |
|
%sslstatus = %{$sslref}; |
|
} |
|
} |
|
} elsif (($choice==18) && (!@error)) { |
$flag=1; |
$flag=1; |
} |
} else { |
else { |
|
print "Invalid input.\n"; |
print "Invalid input.\n"; |
} |
} |
} |
} |
|
|
open(OUT,">$confdir$filename") or |
open(OUT,">$confdir$filename") or |
die("Cannot output to $confdir$filename\n"); |
die("Cannot output to $confdir$filename\n"); |
foreach my $key (keys %perlvar) { |
foreach my $key (keys %perlvar) { |
my $value=$perlvar{$key}; |
my $value=$perlvar{$key}; |
print(OUT <<END) unless $perlvarstatic{$key}; |
my $line = "PerlSetVar $key $value"; |
PerlSetVar $key $value |
if ($value eq '') { |
|
$line = '#'.$line; |
|
} |
|
print(OUT <<END) unless ($perlvarstatic->{$key}); |
|
$line |
END |
END |
} |
} |
close(OUT); |
close(OUT); |
Line 753 END
|
Line 2128 END
|
<target dist='default'>loncom/hosts.tab</target> |
<target dist='default'>loncom/hosts.tab</target> |
<perlscript mode='fg'> |
<perlscript mode='fg'> |
unless (-l "<TARGET />") { |
unless (-l "<TARGET />") { |
my $hostname=`hostname -f`;chomp($hostname); |
if ($desiredhostname eq '') { |
$date=`date -I`; chomp($date); |
my $hostname=`hostname -f`;chomp($hostname); |
$lonHostID=$perlvar{'lonHostID'}; |
$desiredhostname = $hostname; |
$lonHostID=~s/\W//g; |
} |
$lineexistflag=0; |
my $date=`date -I`; chomp($date); |
$hostidexistflag=0; |
my $lonHostID=$perlvar{'lonHostID'}; |
$line2insert=<<END; |
$lonHostID=~s/[^\w\-.]//g; |
$perlvar{'lonHostID'}:$perlvar{'lonDefDomain'}:$perlvar{'lonRole'}:$hostname |
my $lineexistflag=0; |
|
my $hostidexistflag=0; |
|
my $line2insert=<<END; |
|
$perlvar{'lonHostID'}:$perlvar{'lonDefDomain'}:$perlvar{'lonRole'}:$desiredhostname:$protocol:$intdom |
END |
END |
$domaininsert="$perlvar{'lonDefDomain'}:$domainDescription:$domainTabExtras\n"; |
if (!$domainTabExtras) { |
|
$domainTabExtras=':::::'; |
|
} |
|
my $domaininsert="$perlvar{'lonDefDomain'}:$domainDescription:$domainTabExtras:$primaryLibServer\n"; |
if ($lonCluster eq 'standalone') { |
if ($lonCluster eq 'standalone') { |
open(OUT,'>../'.$lonCluster.'_hosts.tab') or |
open(OUT,'>../'.$lonCluster.'_hosts.tab') or |
die('file generation error'); |
die('file generation error'); |
print(OUT $line2insert); |
print(OUT $line2insert); |
|
print OUT ("^$desiredhostname:$protocol\n"); |
|
close(OUT); |
|
open(OUT,'>../'.$lonCluster.'_dns_hosts.tab') or |
|
die('file generation error'); |
|
print(OUT $line2insert); |
close(OUT); |
close(OUT); |
open(OUT,'>../'.$lonCluster.'_domain.tab') or |
open(OUT,'>../'.$lonCluster.'_domain.tab') or |
die('file generation error'); |
die('file generation error'); |
print(OUT $domaininsert); |
print(OUT $domaininsert); |
close(OUT); |
close(OUT); |
|
open(OUT,'>../'.$lonCluster.'_dns_domain.tab') or |
|
die('file generation error'); |
|
print(OUT $domaininsert); |
|
close(OUT); |
} |
} |
if ($flag==1) { |
if ($flag==1) { |
`rm -f ../hosts.tab`; |
`rm -f ../hosts.tab`; |
open(IN,'<../'.$lonCluster.'_hosts.tab'); |
`rm -f ../dns_hosts.tab`; |
while(<IN>) { |
`ln -s ${lonCluster}_dns_hosts.tab ../dns_hosts.tab`; |
if (/^$line2insert$/) { |
open(IN,'<../'.$lonCluster.'_dns_hosts.tab'); |
|
while(my $line = <IN>) { |
|
if ($line =~ /^\Q$line2insert\E$/) { |
$lineexistflag=1; |
$lineexistflag=1; |
} |
} |
if (/^$lonHostID\:/) { |
if ($line =~ /^\Q$lonHostID\E\:/) { |
$hostidexistflag=1; |
$hostidexistflag=1; |
} |
} |
} |
} |
Line 788 END
|
Line 2180 END
|
if ($hostidexistflag and !$lineexistflag) { |
if ($hostidexistflag and !$lineexistflag) { |
print <<END; |
print <<END; |
WARNING: $lonHostID already exists inside |
WARNING: $lonHostID already exists inside |
loncapa/loncom/${lonCluster}_hosts.tab. The entry inside |
loncapa/loncom/${lonCluster}_dns_hosts.tab. The entry inside |
${lonCluster}_hosts.tab does not match your settings. |
${lonCluster}_dns_hosts.tab does not match your settings. |
The entry inside ${lonCluster}_hosts.tab is being replaced |
An entry inside ${lonCluster}_hosts.tab will be made |
with your new values. |
with your new values. |
END |
END |
`grep -v "$lonHostID:" ../${lonCluster}_hosts.tab > ../new_${lonCluster}_hosts.tab`; |
`grep -v "$lonHostID:" ../${lonCluster}_hosts.tab > ../new_${lonCluster}_hosts.tab`; |
Line 800 END
|
Line 2192 END
|
close(OUT); |
close(OUT); |
`ln -s new_${lonCluster}_hosts.tab ../hosts.tab`; |
`ln -s new_${lonCluster}_hosts.tab ../hosts.tab`; |
# email appropriate message |
# email appropriate message |
`echo "REPLACE:$lonCluster:$lonHostID:$date:$line2insert" | mail -s "REPLACE:$lonCluster:$lonHostID:$date" installrecord\@mail.lon-capa.org`; |
`echo "REPLACE:$lonCluster:$lonHostID:$date:$line2insert" | mail -s "REPLACE:$lonCluster:$lonHostID:$protocol:$intdom:$date" installrecord\@mail.lon-capa.org`; |
} |
} |
elsif ($hostidexistflag and $lineexistflag) { |
elsif ($hostidexistflag and $lineexistflag) { |
print <<END; |
print <<END; |
Entry exists in ${lonCluster}_hosts.tab. |
Entry exists in ${lonCluster}_dns_hosts.tab. Making duplicate entry in ${lonCluster}_hosts.tab |
END |
END |
`ln -s ${lonCluster}_hosts.tab ../hosts.tab`; |
`grep -v "$lonHostID:" ../${lonCluster}_hosts.tab > ../new_${lonCluster}_hosts.tab`; |
|
open(OUT,'>>../new_'.$lonCluster.'_hosts.tab') or |
|
die("cannot open loncom/${lonCluster}_hosts.tab for output\n"); |
|
print(OUT $line2insert); |
|
close(OUT); |
|
`ln -s new_${lonCluster}_hosts.tab ../hosts.tab`; |
# email appropriate message |
# email appropriate message |
`echo "STABLEUPDATE:$lonCluster:$lonHostID:$date:$line2insert" | mail -s "STABLEUPDATE:$lonCluster:$lonHostID:$date" installrecord\@mail.lon-capa.org`; |
`echo "STABLEUPDATE:$lonCluster:$lonHostID:$date:$line2insert" | mail -s "STABLEUPDATE:$lonCluster:$lonHostID:$protocol:$intdom:$date" installrecord\@mail.lon-capa.org`; |
} |
} |
elsif (!$hostidexistflag and !$lineexistflag) { |
elsif (!$hostidexistflag and !$lineexistflag) { |
print <<END; |
print <<END; |
Line 821 END
|
Line 2218 END
|
close(OUT); |
close(OUT); |
`ln -s new_${lonCluster}_hosts.tab ../hosts.tab`; |
`ln -s new_${lonCluster}_hosts.tab ../hosts.tab`; |
# email appropriate message |
# email appropriate message |
`echo "INSERT:$lonCluster:$lonHostID:$date:$line2insert" | mail -s "INSERT:$lonCluster:$lonHostID:$date" installrecord\@mail.lon-capa.org`; |
`echo "INSERT:$lonCluster:$lonHostID:$date:$line2insert" | mail -s "INSERT:$lonCluster:$lonHostID:$protocol:$intdom:$date" installrecord\@mail.lon-capa.org`; |
} |
} |
} |
} |
$lineexistflag=0; |
$lineexistflag=0; |
|
my $domainexistflag=0; |
if ($flag==1) { |
if ($flag==1) { |
`rm -f ../domain.tab`; |
`rm -f ../domain.tab`; |
open(IN,'<../'.$lonCluster.'_domain.tab'); |
`rm -f ../dns_domain.tab`; |
while(<IN>) { |
`ln -s ${lonCluster}_dns_domain.tab ../dns_domain.tab`; |
if (/^$domaininsert$/) { |
open(IN,'<../'.$lonCluster.'_dns_domain.tab'); |
|
while(my $line = <IN>) { |
|
if ($line =~/^\Q$domaininsert\E$/) { |
$lineexistflag=1; |
$lineexistflag=1; |
} |
} |
if (/^$perlvar{'lonDefDomain'}\:/) { |
if ($line =~/^\Q$perlvar{'lonDefDomain'}\E\:/) { |
$domainexistflag=1; |
$domainexistflag=1; |
} |
} |
} |
} |
Line 840 END
|
Line 2240 END
|
if ($domainexistflag and !$lineexistflag) { |
if ($domainexistflag and !$lineexistflag) { |
print <<END; |
print <<END; |
WARNING: $perlvar{'lonDefDomain'} already exists inside |
WARNING: $perlvar{'lonDefDomain'} already exists inside |
loncapa/loncom/${lonCluster}_domain.tab. The entry inside |
loncapa/loncom/${lonCluster}_dns_domain.tab. The entry inside |
${lonCluster}_domain.tab does not match your settings. |
${lonCluster}_dns_domain.tab does not match your settings. |
The entry inside ${lonCluster}_domain.tab is being replaced |
An entry will be made in inside ${lonCluster}_domain.tab |
with your new values. |
with your new values. |
END |
END |
`grep -v "$perlvar{'lonDefDomain'}:" ../${lonCluster}_domain.tab > ../new_${lonCluster}_domain.tab`; |
`grep -v "$perlvar{'lonDefDomain'}:" ../${lonCluster}_domain.tab > ../new_${lonCluster}_domain.tab`; |
Line 852 END
|
Line 2252 END
|
close(OUT); |
close(OUT); |
`ln -s new_${lonCluster}_domain.tab ../domain.tab`; |
`ln -s new_${lonCluster}_domain.tab ../domain.tab`; |
# email appropriate message |
# email appropriate message |
`echo "REPLACEdom:$lonCluster:$lonHostID:$date:$domaninsert" | mail -s "REPLACEdom:$lonCluster:$lonHostID:$date" installrecord\@mail.lon-capa.org`; |
`echo "REPLACEdom:$lonCluster:$lonHostID:$date:$domaininsert" | mail -s "REPLACEdom:$lonCluster:$lonHostID:$date" installrecord\@mail.lon-capa.org`; |
} |
} |
elsif ($domainexistflag and $lineexistflag) { |
elsif ($domainexistflag and $lineexistflag) { |
|
`grep -v "$perlvar{'lonDefDomain'}:" ../${lonCluster}_domain.tab > ../new_${lonCluster}_domain.tab`; |
|
open(OUT,'>>../new_'.$lonCluster.'_domain.tab') or |
|
die("cannot open loncom/${lonCluster}_domain.tab for output\n"); |
|
print(OUT $domaininsert); |
|
close(OUT); |
print <<END; |
print <<END; |
Entry exists in ${lonCluster}_domain.tab. |
Entry exists in ${lonCluster}_dns_domain.tab. Making duplicate entry in ${lonCluster}_domain.tab |
END |
END |
`ln -s ${lonCluster}_domain.tab ../domain.tab`; |
`ln -s new_${lonCluster}_domain.tab ../domain.tab`; |
# email appropriate message |
# email appropriate message |
`echo "STABLEUPDATEdom:$lonCluster:$lonHostID:$date:$domaininsert" | mail -s "STABLEUPDATEdom:$lonCluster:$lonHostID:$date" installrecord\@mail.lon-capa.org`; |
`echo "STABLEUPDATEdom:$lonCluster:$lonHostID:$date:$domaininsert" | mail -s "STABLEUPDATEdom:$lonCluster:$lonHostID:$date" installrecord\@mail.lon-capa.org`; |
} |
} |