[LON-CAPA-cvs] cvs: doc(version_2_11_X) /install/linux install.pl
raeburn
raeburn at source.lon-capa.org
Sat Feb 16 11:19:11 EST 2019
raeburn Sat Feb 16 16:19:11 2019 EDT
Modified files: (Branch: version_2_11_X)
/doc/install/linux install.pl
Log:
- For 2.11
Backport 1.49 (modified).
-------------- next part --------------
Index: doc/install/linux/install.pl
diff -u doc/install/linux/install.pl:1.45 doc/install/linux/install.pl:1.45.2.1
--- doc/install/linux/install.pl:1.45 Wed Jun 20 12:12:39 2018
+++ doc/install/linux/install.pl Sat Feb 16 16:19:11 2019
@@ -75,7 +75,7 @@
&mt('Stopping execution.')."\n";
exit;
} else {
- print LOG '$Id: install.pl,v 1.45 2018/06/20 12:12:39 raeburn Exp $'."\n";
+ print LOG '$Id: install.pl,v 1.45.2.1 2019/02/16 16:19:11 raeburn Exp $'."\n";
}
#
@@ -162,7 +162,7 @@
}
sub get_distro {
- my ($distro,$gotprereqs,$updatecmd,$packagecmd,$installnow);
+ my ($distro,$gotprereqs,$updatecmd,$packagecmd,$installnow,$unknown);
$packagecmd = '/bin/rpm -q LONCAPA-prerequisites ';
if (-e '/etc/redhat-release') {
open(IN,'</etc/redhat-release');
@@ -207,6 +207,7 @@
} else {
print &mt('Unable to interpret [_1] to determine system type.',
'/etc/redhat-release')."\n";
+ $unknown = 1;
}
} elsif (-e '/etc/SuSE-release') {
open(IN,'</etc/SuSE-release');
@@ -233,19 +234,19 @@
} else {
print &mt('Unable to interpret [_1] to determine system type.',
'/etc/SuSE-release')."\n";
+ $unknown = 1;
}
} elsif (-e '/etc/issue') {
open(IN,'</etc/issue');
my $versionstring=<IN>;
chomp($versionstring);
close(IN);
- $packagecmd = '/usr/bin/dpkg -l loncapa-prerequisites ';
- $updatecmd = 'apt-get install loncapa-prerequisites';
if ($versionstring =~ /^Ubuntu (\d+)\.\d+/i) {
$distro = 'ubuntu'.$1;
$updatecmd = 'sudo apt-get install loncapa-prerequisites';
} elsif ($versionstring =~ /^Debian\s+GNU\/Linux\s+(\d+)\.\d+/i) {
$distro = 'debian'.$1;
+ $updatecmd = 'apt-get install loncapa-prerequisites';
} elsif (-e '/etc/debian_version') {
open(IN,'</etc/debian_version');
my $version=<IN>;
@@ -253,13 +254,15 @@
close(IN);
if ($version =~ /^(\d+)\.\d+\.?\d*/) {
$distro='debian'.$1;
+ $updatecmd = 'apt-get install loncapa-prerequisites';
} else {
print &mt('Unable to interpret [_1] to determine system type.',
'/etc/debian_version')."\n";
+ $unknown = 1;
}
- } else {
- print &mt('Unable to interpret [_1] to determine system type.',
- '/etc/issue')."\n";
+ }
+ if ($distro ne '') {
+ $packagecmd = '/usr/bin/dpkg -l loncapa-prerequisites ';
}
} elsif (-e '/etc/debian_version') {
open(IN,'</etc/debian_version');
@@ -273,9 +276,38 @@
} else {
print &mt('Unable to interpret [_1] to determine system type.',
'/etc/debian_version')."\n";
+ $unknown = 1;
+ }
+ }
+ if (($distro eq '') && (!$unknown)) {
+ if (-e '/etc/os-release') {
+ if (open(IN,'<','/etc/os-release')) {
+ my ($id,$version);
+ while(<IN>) {
+ chomp();
+ if (/^ID="(\w+)"/) {
+ $id=$1;
+ } elsif (/^VERSION_ID="([\d\.]+)"/) {
+ $version=$1;
+ }
+ }
+ close(IN);
+ if ($id eq 'sles') {
+ my ($major,$minor) = split(/\./,$version);
+ if ($major =~ /^\d+$/) {
+ $distro = $id.$major;
+ $updatecmd = 'zypper install LONCAPA-prerequisites';
+ }
+ }
+ }
+ if ($distro eq '') {
+ print &mt('Unable to interpret [_1] to determine system type.',
+ '/etc/os-release')."\n";
+ $unknown = 1;
+ }
+ } else {
+ print &mt('Unknown installation: expecting a debian, ubuntu, suse, sles, redhat, fedora or scientific linux system.')."\n";
}
- } else {
- print &mt('Unknown installation: expecting a debian, ubuntu, suse, sles, redhat, fedora or scientific linux system.')."\n";
}
return ($distro,$packagecmd,$updatecmd,$installnow);
}
@@ -317,12 +349,19 @@
print &mt('Failed to open: [_1], default locale not checked.',
'/etc/default/locale');
}
- } elsif ($distro =~ /^(suse|sles)/) {
- if (!open($fh,"</etc/sysconfig/language")) {
- print &mt('Failed to open: [_1], default locale not checked.',
- '/etc/sysconfig/language');
+ } elsif ($distro =~ /^(suse|sles)(\d+)/) {
+ if (($1 eq 'sles') && ($2 >= 15)) {
+ if (!open($fh,"</etc/locale.conf")) {
+ print &mt('Failed to open: [_1], default locale not checked.',
+ '/etc/locale.conf');
+ }
+ } else {
+ if (!open($fh,"</etc/sysconfig/language")) {
+ print &mt('Failed to open: [_1], default locale not checked.',
+ '/etc/sysconfig/language');
+ }
+ $langvar = 'RC_LANG';
}
- $langvar = 'RC_LANG';
} elsif ($distro =~ /^fedora(\d+)/) {
if ($1 >= 18) {
if (!open($fh,"</etc/locale.conf")) {
@@ -473,6 +512,9 @@
$proc_owner = 'mysql';
$process = 'mysqld';
}
+ if ($1 >= 15) {
+ $mysqldaemon ='mariadb';
+ }
} elsif ($distro =~ /^suse(\d+)/) {
if ($1 >= 13) {
$use_systemctl = 1;
@@ -556,7 +598,12 @@
$uses_systemctl{'ntp'} = 1;
$uses_systemctl{'cups'} = 1;
$uses_systemctl{'memcached'} = 1;
- $daemon{'ntp'} = 'ntpd';
+ if (($name eq 'sles') && ($num >= 15)) {
+ $daemon{'ntp'} = 'chronyd';
+ $daemon{'mysql'} = 'mariadb';
+ } else {
+ $daemon{'ntp'} = 'ntpd';
+ }
}
}
}
@@ -686,7 +733,7 @@
} else {
$major = $version;
}
- if ($major > 10) {
+ if (($major > 10) && ($major <= 13)) {
if (&check_SuSEfirewall2_setup($instdir)) {
$needfix{'insserv'} = 1;
}
@@ -695,6 +742,43 @@
return (\%needfix,\%tostop,\%uses_systemctl);
}
+sub uses_firewalld {
+ my ($distro) = @_;
+ my ($inuse, $checkfirewalld);
+ if ($distro =~ /^(suse|sles)([\d\.]+)$/) {
+ if (($1 eq 'sles') && ($2 >= 15)) {
+ $checkfirewalld = 1;
+ }
+ } elsif ($distro =~ /^fedora(\d+)$/) {
+ if ($1 >= 18) {
+ $checkfirewalld = 1;
+ }
+ } elsif ($distro =~ /^(?:centos|rhes|scientific)(\d+)/) {
+ if ($1 >= 7) {
+ $checkfirewalld = 1;
+ }
+ }
+ if ($checkfirewalld) {
+ my ($loaded,$active);
+ if (open(PIPE,"systemctl status firewalld |")) {
+ while (<PIPE>) {
+ chomp();
+ if (/^\s*Loaded:\s+(\w+)/) {
+ $loaded = $1;
+ }
+ if (/^\s*Active\s+(\w+)/) {
+ $active = $1;
+ }
+ }
+ close(PIPE);
+ }
+ if (($loaded eq 'loaded') || ($active eq 'active')) {
+ $inuse = 1;
+ }
+ }
+ return $inuse;
+}
+
sub chkfirewall {
my ($distro) = @_;
my $configfirewall = 1;
@@ -704,25 +788,38 @@
);
my %activefw;
if (&firewall_is_active()) {
- my $iptables = &get_pathto_iptables();
- if ($iptables eq '') {
- print &mt('Firewall not checked as path to iptables not determined.')."\n";
+ if (&uses_firewalld($distro)) {
+ my %current;
+ if (open(PIPE,'firewall-cmd --permanent --zone=public --list-services |')) {
+ my $svc = <PIPE>;
+ close(PIPE);
+ chomp($svc);
+ map { $current{$_} = 1; } (split(/\s+/,$svc));
+ }
+ if ($current{'http'} && $current{'https'}) {
+ $configfirewall = 0;
+ }
} else {
- my @fwchains = &get_fw_chains($iptables,$distro);
- if (@fwchains) {
- foreach my $service ('http','https') {
- foreach my $fwchain (@fwchains) {
- if (&firewall_is_port_open($iptables,$fwchain,$ports{$service})) {
- $activefw{$service} = 1;
- last;
+ my $iptables = &get_pathto_iptables();
+ if ($iptables eq '') {
+ print &mt('Firewall not checked as path to iptables not determined.')."\n";
+ } else {
+ my @fwchains = &get_fw_chains($iptables,$distro);
+ if (@fwchains) {
+ foreach my $service ('http','https') {
+ foreach my $fwchain (@fwchains) {
+ if (&firewall_is_port_open($iptables,$fwchain,$ports{$service})) {
+ $activefw{$service} = 1;
+ last;
+ }
}
}
+ if ($activefw{'http'}) {
+ $configfirewall = 0;
+ }
+ } else {
+ print &mt('Firewall not checked as iptables Chains not identified.')."\n";
}
- if ($activefw{'http'}) {
- $configfirewall = 0;
- }
- } else {
- print &mt('Firewall not checked as iptables Chains not identified.')."\n";
}
}
} else {
@@ -785,16 +882,21 @@
}
}
}
- } elsif ($distro =~ /^(?:suse|sles)([\d\.]+)$/) {
+ } elsif ($distro =~ /^(suse|sles)([\d\.]+)$/) {
+ my ($name,$version) = ($1,$2);
my $apache = 'apache';
- if ($1 >= 10) {
+ my $conf_file = "$instdir/sles-suse/default-server.conf";
+ if ($version >= 10) {
$apache = 'apache2';
}
- if (!-e "$instdir/sles-suse/default-server.conf") {
+ if (($name eq 'sles') && ($version >= 12)) {
+ $conf_file = "$instdir/sles-suse/apache2.4/default-server.conf";
+ }
+ if (!-e $conf_file) {
$fixapache = 0;
print &mt('Warning: No LON-CAPA Apache configuration file found for installation check.')."\n";
- } elsif ((-e "/etc/$apache/default-server.conf") && (-e "$instdir/sles-suse/default-server.conf")) {
- if (open(PIPE, "diff --brief $instdir/sles-suse/default-server.conf /etc/$apache/default-server.conf |")) {
+ } elsif (-e "/etc/$apache/default-server.conf") {
+ if (open(PIPE, "diff --brief $conf_file /etc/$apache/default-server.conf |")) {
my $diffres = <PIPE>;
close(PIPE);
chomp($diffres);
@@ -1079,10 +1181,16 @@
sub firewall_is_active {
if (-e '/proc/net/ip_tables_names') {
- return 1;
- } else {
- return 0;
+ if (open(PIPE,'cat /proc/net/ip_tables_names |grep filter |')) {
+ my $status = <PIPE>;
+ close(PIPE);
+ chomp($status);
+ if ($status eq 'filter') {
+ return 1;
+ }
+ }
}
+ return 0;
}
sub get_fw_chains {
@@ -1098,6 +1206,8 @@
@posschains = ('ufw-user-input','INPUT');
} elsif ($distro =~ /^debian5/) {
@posschains = ('INPUT');
+ } elsif ($distro =~ /^(suse|sles)(\d+)/) {
+ @posschains = ('IN_public');
} else {
@posschains = ('RH-Firewall-1-INPUT','INPUT');
if (!-e '/etc/sysconfig/iptables') {
@@ -1460,7 +1570,7 @@
if ($callsub{'apache'}) {
if ($distro =~ /^(suse|sles)/) {
- ©_apache2_suseconf($instdir);
+ ©_apache2_suseconf($instdir,$distro);
} elsif ($distro =~ /^(debian|ubuntu)/) {
©_apache2_debconf($instdir,$distro);
} else {
@@ -1488,18 +1598,50 @@
}
}
}
- if ($distro =~ /^(suse|sles)/) {
- &update_SuSEfirewall2_setup($instdir);
+ if ($distro =~ /^(suse|sles)(\d+)/) {
+ unless(($1 eq 'sles') && ($2 >= 15)) {
+ &update_SuSEfirewall2_setup($instdir);
+ }
}
} else {
&print_and_log(&mt('Skipping setting override for start-up order of services.')."\n");
}
if ($callsub{'firewall'}) {
- if ($distro =~ /^(suse|sles)/) {
+ if (&uses_firewalld($distro)) {
+ my (%current,%added);
+ if (open(PIPE,'firewall-cmd --permanent --zone=public --list-services |')) {
+ my $svc = <PIPE>;
+ close(PIPE);
+ chomp($svc);
+ map { $current{$_} = 1; } (split(/\s+/,$svc));
+ }
+ foreach my $service ('http','https') {
+ unless ($current{$service}) {
+ if (open(PIPE,"firewall-cmd --permanent --zone=public --add-service=$service |")) {
+ my $result = <PIPE>;
+ if ($result =~ /^success/) {
+ $added{$service} = 1;
+ }
+ }
+ }
+ }
+ if (keys(%added) > 0) {
+ print &mt('Firewall configured to allow access for: [_1].',
+ join(', ',sort(keys(%added))))."\n";
+ }
+ if ($current{'http'} || $current{'https'}) {
+ print &mt('Firewall already configured to allow access for:[_1].',
+ (($current{'http'})? ' http':'').(($current{'https'})? ' https':''))."\n";
+ }
+ unless ($current{'ssh'}) {
+ print &mt('If you would the like to allow access to ssh from outside, use the command[_1].',
+ 'firewall-cmd --permanent --zone=public --add-service=ssh')."\n";
+ }
+ } elsif ($distro =~ /^(suse|sles)/) {
print &mt('Use [_1] to configure the firewall to allow access for [_2].',
'yast -- Security and Users -> Firewall -> Interfaces',
- 'ssh, http, https')."\n";
+ 'ssh, http, https')."\n";
} elsif ($distro =~ /^(debian|ubuntu)(\d+)/) {
if (($1 eq 'ubuntu') || ($2 > 5)) {
print &mt('Use [_1] to configure the firewall to allow access for [_2].',
@@ -1827,7 +1969,7 @@
}
if ($usesauth) {
@mysql_commands = ("INSERT user (Host, User, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www','','','','')",
- "ALTER USER 'www'\@'localhost' IDENTIFIED WITH mysql_native_password BY 'localhostkey'");
+ "ALTER USER 'www'\@'localhost' IDENTIFIED BY 'localhostkey'");
} elsif ($hasauthcol) {
@mysql_commands = ("INSERT user (Host, User, Password, ssl_cipher, x509_issuer, x509_subject, authentication_string) VALUES('localhost','www',password('localhostkey'),'','','','');");
} else {
@@ -1914,7 +2056,7 @@
sub new_mysql_rootpasswd {
my ($currmysqlpass,$usesauth) = @_;
if ($usesauth) {
- return ("ALTER USER 'root'\@'localhost' IDENTIFIED WITH mysql_native_password BY '$currmysqlpass'",
+ return ("ALTER USER 'root'\@'localhost' IDENTIFIED BY '$currmysqlpass'",
"FLUSH PRIVILEGES;");
} else {
return ("SET PASSWORD FOR 'root'\@'localhost'=PASSWORD('$currmysqlpass')",
@@ -2037,14 +2179,19 @@
###########################################################
sub copy_apache2_suseconf {
- my ($instdir) = @_;
+ my ($instdir,$distro) = @_;
+ my ($name,$version) = ($distro =~ /^(suse|sles)([\d\.]+)$/);
+ my $conf_file = "$instdir/sles-suse/default-server.conf";
+ if (($name eq 'sles') && ($version >= 12)) {
+ $conf_file = "$instdir/sles-suse/apache2.4/default-server.conf";
+ }
print_and_log(&mt('Copying the LON-CAPA [_1] to [_2].',
"'default-server.conf'",
"'/etc/apache2/default-server.conf'")."\n");
if (!-e "/etc/apache2/default-server.conf.original") {
copy "/etc/apache2/default-server.conf","/etc/apache2/default-server.conf.original";
}
- copy "$instdir/sles-suse/default-server.conf","/etc/apache2/default-server.conf";
+ copy $conf_file,"/etc/apache2/default-server.conf";
chmod(0444,"/etc/apache2/default-server.conf");
# Make symlink for conf directory (included in loncapa_apache.conf)
my $can_symlink = (eval { symlink('/etc/apache2','/srv/www/conf'); }, $@ eq '');
@@ -2055,7 +2202,7 @@
&print_and_log(&mt('Symlink creation failed for [_1] to [_2]. You will need to perform this action from the command line.',"'/srv/www/conf'","'/etc/apache2'")."\n");
}
©_apache2_conf_files($instdir);
- ©_sysconfig_apache2_file($instdir);
+ ©_sysconfig_apache2_file($instdir,$name,$version);
print_and_log("\n");
}
@@ -2081,12 +2228,16 @@
##
###############################################
sub copy_sysconfig_apache2_file {
- my ($instdir) = @_;
+ my ($instdir,$name,$version) = @_;
print_and_log(&mt('Copying the LON-CAPA [_1] to [_2].',"'sysconfig/apache2'","'/etc/sysconfig/apache2'")."\n");
if (!-e "/etc/sysconfig/apache2.original") {
copy "/etc/sysconfig/apache2","/etc/sysconfig/apache2.original";
}
- copy "$instdir/sles-suse/sysconfig_apache2","/etc/sysconfig/apache2";
+ my $sysconf_file = "$instdir/sles-suse/sysconfig_apache2";
+ if (($name eq 'sles') && ($version >= 12)) {
+ $sysconf_file = "$instdir/sles-suse/apache2.4/sysconfig_apache2";
+ }
+ copy $sysconf_file,"/etc/sysconfig/apache2";
chmod(0444,"/etc/sysconfig/apache2");
}
More information about the LON-CAPA-cvs
mailing list