blob: db5997801c336eda4c2906867f59dee375c1b046 [file] [log] [blame]
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
function print_break() {
echo "------------------------------------------------------------------------------------------"
}
function random_string() {
local string_length
if [[ -n $1 ]]; then string_length=$1; else string_length=8; fi
random_string=</dev/urandom tr -dc A-Za-z0-9 | head -c $string_length
echo $random_string
}
function help() {
name=`basename $0`
echo ""
echo "$name [-h|--help] [-d|--database] [-w|--web] [-m|--managementnode]"
echo -e "\t\t[--dbhost <hostname> --dbpass <password>] "
echo -e "\t\t[--mnhost <hostname>] [--webhost <hostname>]"
echo -e "\t\t[-t|--timezone <timezone>]"
echo ""
echo -e "\t-d|--database - install database server components"
echo -e "\t\t--dbpass, --mnhost, --mnip, --webhost, and --adminpass must also be specified"
echo ""
echo -e "\t-w|--web - install web server components"
echo -e "\t\t--dbhost, --dbpass, and -t|--timezone must also be specified"
echo ""
echo -e "\t-m|--managementnode - install management node (vcld) components"
echo -e "\t\t--dbhost, --dbpass, and --adminpass must also be specified"
echo ""
echo -e "\t--dbhost <hostname> - hostname of database server (default=localhost)"
echo ""
echo -e "\t--dbpass <password> - password VCL will use for accessing"
echo -e "\t\tdatabase (default=random)"
echo ""
echo -e "\t--mnhost <hostname> - hostname of management node (default=localhost)"
echo ""
echo -e "\t--webhost <hostname> - hostname of web server (default=localhost)"
echo ""
echo -e "\t--adminpass <password> - password for VCL admin user"
echo ""
echo -e "\t-t|--timezone - timezone for web components"
echo ""
echo "If no arguments supplied, all components will be installed and you"
echo "will be prompted for any required additional information."
echo ""
exit 2
}
args=$(getopt -q -o dwmht: -l database,web,managementnode,help,dbhost:,dbpass:,mnhost:,mnip:,webhost:,adminpass:,timezone:,rc: -n $0 -- "$@")
if [ $? -ne 0 ]; then help; fi
eval set -- "$args"
# ------------------------- variables -------------------------------
VCL_VERSION=2.5.1
DB_USERNAME=vcluser
ADMIN_PASSWORD=
DB_HOST=localhost
DB_PASSWORD=`random_string 15`
MN_HOST=localhost
WEB_HOST=localhost
CRYPTKEY=`random_string 20`
PEMKEY=`random_string 20`
ARCHIVE=apache-VCL-$VCL_VERSION.tar.bz2
ARCHIVEURLPATH="http://vcl.apache.org/downloads/download.cgi?action=download&filename=%2Fvcl%2F$VCL_VERSION%2F"
SIGPATH="https://www.apache.org/dist/vcl/$VCL_VERSION/"
TZDEFAULT="America/New_York"
DODB=0
DOWEB=0
DOMN=0
DOALL=1
dbhostdefault=1
dbpassdefault=1
mnhostdefault=1
mnipdefault=1
adminpassdefault=1
webhostdefault=1
DODHCP=no
dorc=0
TIMEZONE=''
while true; do
case "$1" in
-d|--database)
DODB=1
DOALL=0
shift
;;
-w|--web)
DOWEB=1
DOALL=0
shift
;;
-m|--managementnode)
DOMN=1
DOALL=0
shift
;;
--dbhost)
DB_HOST=$2
dbhostdefault=0
shift 2
;;
--dbpass)
DB_PASSWORD=$2
dbpassdefault=0
shift 2
;;
--mnhost)
MN_HOST=$2
mnhostdefault=0
shift 2
;;
--mnip)
PUBIP=$2
mnipdefault=0
shift 2
;;
--webhost)
WEB_HOST=$2
webhostdefault=0
shift 2
;;
--adminpass)
ADMIN_PASSWORD=$2
adminpassdefault=0
shift 2
;;
-t|--timezone)
TIMEZONE=$2
shift 2
;;
--rc)
RC=$2
dorc=1
shift 2
;;
-h|--help)
help
exit 1
;;
--)
shift
break
;;
*)
echo "unknown option: $1"
exit 1
;;
esac
done
if [[ $dorc -eq 1 ]]; then
if [[ ! $RC =~ ^[0-9]+$ ]]; then
echo ""
echo "Invalid value specified for --rc=, must be a number"
echo ""
exit 1
fi
VCL_VERSION=${VCL_VERSION}-RC$RC
ARCHIVE=apache-VCL-$VCL_VERSION.tar.bz2
ARCHIVEURLPATH="https://people.apache.org/~jfthomps/apache-VCL-${VCL_VERSION}/"
SIGPATH="https://people.apache.org/~jfthomps/apache-VCL-${VCL_VERSION}/"
fi
if [[ $DOALL -eq 1 ]]; then
DODB=1
DOWEB=1
DOMN=1
fi
if [[ $DODB -eq 1 && $DOWEB -eq 1 && $DOMN -eq 1 ]]; then
DOALL=1
fi
if [[ $DODB -eq 1 && ($DOWEB -eq 0 || $DOMN -eq 0) && ($dbpassdefault -eq 1 || $mnhostdefault -eq 1 || $mnipdefault -eq 1 || $webhostdefault -eq 1 || $adminpassdefault -eq 1) ]]; then
echo ""
echo "Error missing arguments:"
echo ""
echo -e "\t-d or --database was specified but one of --dbpass, --mnhost,"
echo -e "\t--mnip, --webhost, or --adminpass was missing"
echo ""
exit 1
fi
if [[ $DOWEB -eq 1 && ($DODB -eq 0 || $DOMN -eq 0) && ($dbhostdefault -eq 1 || $dbpassdefault -eq 1 || $TIMEZONE = '') ]]; then
echo ""
echo "Error missing arguments:"
echo ""
echo -e "\t-w or --web was specified but one of --dbhost, --dbpass, or -t|--timezone was missing"
echo ""
exit 1
fi
if [[ $DOMN -eq 1 && ($DODB -eq 0 || $DOWEB -eq 0) && ($dbhostdefault -eq 1 || $dbpassdefault -eq 1 || $adminpassdefault -eq 1) ]]; then
echo ""
echo "Error missing arguments:"
echo ""
echo -e "\t-m or --managementnode was specified but one of --dbhost,"
echo -e "\t--dbpass, or --adminpass was missing"
echo ""
exit 1
fi
if [[ $adminpassdefault -eq 0 && ($ADMIN_PASSWORD = ^[[:space:]]+$ || $ADMIN_PASSWORD = "") ]]; then
echo ""
echo "Invalid value for admin password. Admin password cannot be empty"
echo "or contain only whitespace."
echo ""
exit 1
fi
if [[ ! $TIMEZONE = '' && ! $TIMEZONE =~ ^[-A-Za-z0-9/\+_]+$ ]]; then
echo ""
echo "Invalid value for timezone. Timezone can only contain these"
echo "characters: A-Z a-z 0-9 / - _ +"
echo ""
exit 1
fi
# ------------------------- check for being root -----------------------------
who=$(whoami)
if [[ $who != "root" ]]; then
echo "You must be root to run this script."
exit 1
fi
WORKPATH=$(pwd)
if [[ -f NOTICE && -f LICENSE && -d managementnode && -d web && -d mysql ]]; then
WORKPATH=$(dirname `pwd`)
fi
# ------------------- checks for existing installation -----------------------
echo ""
echo "This script will exit if any existing parts of VCL are found. If they exist, you"
echo "must manually clean them up before using this script to install VCL. Checking"
echo "for existing VCL components..."
echo ""
# database
if [[ $DODB -eq 1 ]]; then
mysql -e "use vcl;" &> /dev/null
if [ $? -eq 0 ]; then echo "Existing vcl database found, exiting"; exit 1; fi
fi
# web code
if [[ $DOWEB -eq 1 ]]; then
if [ -d /var/www/html/vcl ]; then echo "Existing web code found at /var/www/html/vcl, exiting"; exit 1; fi
fi
# management code
if [[ $DOMN -eq 1 ]]; then
if [ -d /usr/local/vcl ]; then echo "Existing management node code found at /usr/local/vcl, exiting"; exit 1; fi
fi
echo "no existing VCL components found"
# ------------------------------ NOTICES -------------------------------------
if [[ $DOMN -eq 1 ]]; then
print_break
echo ""
echo "NOTICE: Later in this process, you will be prompted to download and install"
echo "Linux packages and Perl modules. At that time, if you agree with the license"
echo "terms, enter YES to install them. Otherwise, enter NO to exit and abort the "
echo "installation."
echo ""
echo "(Press Enter to continue)"
read tmp
fi
# -------------------------- admin password ----------------------------------
if [[ $DOALL -eq 1 ]]; then
print_break
echo ""
echo "Enter the password you would like to use for the VCL admin user. This can be changed"
echo "later by running '/usr/local/vcl/bin/vcld --setup'"
echo -n "Admin Password: "
IFS= read ADMIN_PASSWORD
while [[ $ADMIN_PASSWORD = ^[[:space:]]+$ || $ADMIN_PASSWORD = "" ]]; do
echo "Password cannot be empty or contain only whitespace. Please enter the password."
echo -n "Admin Password: "
IFS= read ADMIN_PASSWORD
done
fi
if [[ $DOALL -eq 1 && $TIMEZONE = '' ]]; then
print_break
echo ""
echo "Enter the timezone to be used by the web components. A list of timezones supported by"
echo "php can be found here: http://php.net/manual/en/timezones.php"
echo "(If that URL is no longer valid, do a web search for \"php timezones\")"
echo -n "Timezone for web components [$TZDEFAULT]: "
IFS= read TIMEZONE
if [[ $TIMEZONE = ^[[:space:]]+$ || $TIMEZONE = "" ]]; then
TIMEZONE=$TZDEFAULT
fi
while [[ ! $TIMEZONE =~ ^[-A-Za-z0-9/\+_]+$ ]]; do
echo "Timezone can only contain the following characters: A-Z a-z 0-9 / - _ +"
echo -n "Timezone: "
IFS= read TIMEZONE
done
fi
# --------------------- public/private address selection ---------------------
if [[ $DOMN -eq 1 ]]; then
print_break;
echo ""
echo "VCL requires two networks to operate (referred to as public and private"
echo "networks). The following network adapters and addresses were found. Please"
echo "enter the number next to the adapter/address you would like to use for the"
echo "specified network."
echo ""
netpubpriv=1
ifcnt=0
while read line; do
((ifcnt++))
addr[$ifcnt]=$(echo $line | awk '{print $2}' | awk -F'/' '{print $1}')
if [[ ${addr[$ifcnt]} = '' ]]; then echo "Error: Failed to parse network address data"; exit 1; fi
if[$ifcnt]=$(echo $line | awk '{print $(NF)}')
if [[ ${if[$ifcnt]} = '' ]]; then echo "Error: Failed to parse network address data"; exit 1; fi
done < <(ip addr list | grep inet | grep -v inet6)
i=0
while [[ $i < $ifcnt ]]; do
((i++))
echo "$i: ${if[$i]} ${addr[$i]}"
done
echo ""
echo -n "Private adapter/address: "
read privnum
while [[ ! $privnum =~ ^[0-9]+$ || $privnum < 1 || $privnum > $ifcnt ]]; do
echo "Invalid selection. Please enter the number next to the adapter/address you would"
echo "like to use for the private network."
echo -n "Private adapter/address: "
read privnum
done
PRIVIP=${addr[$privnum]}
echo ""
i=0
while [[ $i < $ifcnt ]]; do
((i++))
echo "$i: ${if[$i]} ${addr[$i]}"
done
echo ""
echo -n "Public adapter/address: "
read pubnum
while [[ ! $pubnum =~ ^[0-9]+$ || $pubnum < 1 || $pubnum > $ifcnt ]]; do
echo "Invalid selection. Please enter the number next to the adapter/address you would"
echo "like to use for the public network."
echo -n "Public adapter/address: "
read pubnum
done
PUBIP=${addr[$pubnum]}
if [[ $PUBIP = "" || $PRIVIP = "" ]]; then echo "Error: Failed to determine network addresses"; exit 1; fi
echo ""
echo "Private address selected: $PRIVIP"
echo "Public address selected: $PUBIP"
fi
# --------------------- prompt for installing dhcpd ----------------------------
if [[ $DOMN -eq 1 ]]; then
print_break
echo "This script can install and configure dhcpd for you. VCL requires that VMs"
echo "always have the same private IP address assigned to them via dhcp. If you prefer"
echo "to install and configure dhcpd manually, answer NO to the following question."
echo "If you enter NO, you will have to set up dhcpd *manually* for VCL to work."
echo ""
echo -n "Install dhcpd? [yes] "
read DODHCP
DODHCP=$(echo $DODHCP | tr '[:upper:]' '[:lower:]')
if [[ $DODHCP = '' ]]; then DODHCP=yes; fi
while [[ ! $DODHCP =~ ^(yes|no)$ ]]; do
echo -n "Please enter 'yes' or 'no': [yes] "
read DODHCP
DODHCP=$(echo $DODHCP | tr '[:upper:]' '[:lower:]')
if [[ $DODHCP = '' ]]; then DODHCP=yes; fi
done
if [[ $DODHCP = 'yes' ]] && grep -q $PRIVIP /etc/dhcp/dhcpd.conf &> /dev/null; then
echo ""
echo "/etc/dhcp/dhcpd.conf appears to have been configured for VCL already, exiting"
exit 1
fi
if [[ $DODHCP = 'yes' ]] && grep -q ${if[$privnum]} /etc/sysconfig/dhcpd &> /dev/null; then
echo ""
echo "/etc/sysconfig/dhcpd appears to have been configured for VCL already, exiting"
exit 1
fi
fi
# ------------------------- install basic required packages --------------------
print_break
echo "Installing Linux packages..."
if [[ $DOMN -eq 1 ]]; then
yum -q -y install openssh-clients wget perl
if [ $? -ne 0 ]; then "Error: Failed to install required linux packages (openssh-client, wget, and perl)"; exit 1; fi;
else
yum -q -y install openssh-clients wget
if [ $? -ne 0 ]; then "Error: Failed to install required linux packages (openssh-client and wget)"; exit 1; fi;
fi
# ------------------------------------ functions -------------------------------
function set_localauth_password() {
local username=$1
local password=$2
#echo "Setting localauth password..."
#echo "Username: $username"
#echo "Password: $password"
salt=$(random_string 8)
#echo "Password salt: $salt"
passhash=$(echo -n $password$salt | sha1sum | awk '{print $1}')
#echo "Password hash: $passhash"
mysql -e "UPDATE localauth SET passhash = '$passhash', salt = '$salt', lastupdated = NOW() WHERE localauth.userid = (SELECT id FROM user WHERE unityid = '$username');" vcl
if [ $? -ne 0 ]; then
echo "Error: Failed to set $username password to '$password'";
exit 1;
else
echo "Successfully set $username password to '$password'"
echo
fi;
}
function download_archive() {
wget -q "${ARCHIVEURLPATH}${ARCHIVE}" -O $ARCHIVE
if [ $? -ne 0 ]; then generic_error "failed to download $ARCHIVE from $ARCHIVEURLPATH"; exit 1; fi
}
function validate_archive_sha512() {
echo "Downloading sha512 file for $VCL_VERSION..."
/bin/rm -f $ARCHIVE.sha512
wget -q $SIGPATH$ARCHIVE.sha512
echo "validating $ARCHIVE"
sha512sum -c $ARCHIVE.sha512
return $?
}
function validate_archive_gpg() {
echo "Downloading GPG file for $VCL_VERSION..."
/bin/rm -f $ARCHIVE.asc
wget -q $SIGPATH$ARCHIVE.asc
echo "Downloading KEYS file for ASF VCL..."
wget -q https://svn.apache.org/repos/asf/vcl/KEYS
echo "Importing KEYS..."
gpg -q --import KEYS
/bin/rm -f KEYS
echo "validating $ARCHIVE..."
gpg -q --verify $ARCHIVE.asc 2>&1 | grep 'Good signature'
return $?
}
function generic_error() {
if [[ -n $1 ]]; then
echo "$1; correct any errors listed above and try again"
else
echo "installation failed; correct any errors listed above and try again"
fi
}
# ------------------- download/validate arvhice ---------------------
print_break
cd $WORKPATH
if [[ ! -f $ARCHIVE ]]; then
echo "Downloading VCL $VCL_VERSION..."
download_archive
validate_archive_sha512
if [ $? -ne 0 ]; then generic_error "failed to validate $ARCHIVE"; exit 1; fi;
validate_archive_gpg
if [ $? -ne 0 ]; then generic_error "failed to validate $ARCHIVE"; exit 1; fi;
else
dir=`pwd`
echo "archive for $VCL_VERSION found at $dir/$ARCHIVE"
validate_archive_sha512
if [ $? -ne 0 ]; then
echo "failed to validate $ARCHIVE; downloading again..."
/bin/mv -f $ARCHIVE $ARCHIVE.old
download_archive
validate_archive_sha512
if [ $? -ne 0 ]; then generic_error "failed to validate $ARCHIVE"; exit 1; fi;
validate_archive_gpg
if [ $? -ne 0 ]; then generic_error "failed to validate $ARCHIVE"; exit 1; fi;
else
validate_archive_gpg
if [ $? -ne 0 ]; then generic_error "failed to validate $ARCHIVE"; exit 1; fi;
fi;
fi
# ------------------------ extract archive ---------------------------
echo "Extracting $ARCHIVE"
tar -xf $ARCHIVE
if [ $? -ne 0 ]; then generic_error "failed to extract $ARCHIVE"; exit 1; fi;
# ------------------- run install_perl_libs.pl ------------------------
if [[ $DOMN -eq 1 ]]; then
print_break
echo "Installing Linux and PERL system requirements (this takes a while)"
sleep 1
yum -q -y install perl-CPAN
if [ $? -ne 0 ]; then echo "Error: Failed to install perl-CPAN"; exit 1; fi;
perl apache-VCL-$VCL_VERSION/managementnode/bin/install_perl_libs.pl
rc=$?
if [ $rc -eq 2 ]; then
echo "License terms not accepted; aborting installation"
exit 2
elif [ $rc -ne 0 ]; then
generic_error "Failed to install system requirements"
exit 1
fi
fi
# ---------------------- install mysql/mariadb -------------------------
if [[ $DODB -eq 1 ]]; then
print_break
rpm -q mysql-server &> /dev/null
if [ $? -ne 0 ]; then
rpm -q mariadb-server &> /dev/null
if [ $? -ne 0 ]; then
echo "Installing MySQL/MariaDB Server..."
yum -q search mysql-server | grep -q '^mysql-server'
if [ $? -ne 0 ]; then
yum -q search mariadb-server | grep -q '^mariadb-server'
if [ $? -ne 0 ]; then
echo "No mysql-server or mariadb-server packages found by yum"
exit 1
else
yum -q -y install mariadb-server
if [ $? -ne 0 ]; then generic_error "Failed to install mariadb-server"; exit 1; fi;
echo "setting MariaDB to start on boot"
/sbin/chkconfig mariadb on
if [ $? -ne 0 ]; then generic_error "Failed to set mariadb-server to start at boot"; exit 1; fi;
/sbin/service mariadb start
if [ $? -ne 0 ]; then generic_error "Failed to start mariadb-server"; exit 1; fi;
fi
else
yum -q -y install mysql-server
if [ $? -ne 0 ]; then generic_error "Failed to install mysql-server"; exit 1; fi;
echo "setting MySQL to start on boot"
/sbin/chkconfig mysqld on
if [ $? -ne 0 ]; then generic_error "Failed to set mysql-server to start at boot"; exit 1; fi;
/sbin/service mysqld start
if [ $? -ne 0 ]; then generic_error "Failed to start mysql-server"; exit 1; fi;
fi
else
echo "MariaDB server already installed"
echo "setting MariaDB to start on boot"
/sbin/chkconfig mariadb on
if [ $? -ne 0 ]; then generic_error "Failed to set mariadb-server to start at boot"; exit 1; fi;
/sbin/service mariadb start
if [ $? -ne 0 ]; then generic_error "Failed to start mariadb-server"; exit 1; fi;
fi
else
echo "MySQL server already installed"
echo "setting MySQL to start on boot"
/sbin/chkconfig mysqld on
if [ $? -ne 0 ]; then generic_error "Failed to set mysql-server to start at boot"; exit 1; fi;
/sbin/service mysqld start
if [ $? -ne 0 ]; then generic_error "Failed to start mysql-server"; exit 1; fi;
fi
fi
# ---------------------- install httpd and php -------------------------
if [[ $DOWEB -eq 1 ]]; then
print_break
echo "Installing httpd and php components..."
yum -q -y install httpd php mod_ssl php php-gettext php-mysql php-xml php-xmlrpc php-ldap sendmail php-mbstring
if [ $? -ne 0 ]; then generic_error "Failed to install httpd"; exit 1; fi;
echo "setting httpd to start on boot"
/sbin/chkconfig httpd on
if [ $? -ne 0 ]; then generic_error "Failed to set httpd to start at boot"; exit 1; fi;
/sbin/service httpd start
if [ $? -ne 0 ]; then generic_error "Failed to start httpd"; exit 1; fi;
fi
# ------------------------- set up firewall ----------------------------
if [[ $DODB -eq 1 || $DOWEB -eq 1 ]]; then
print_break
webports=0
dbport=0
if [[ $DODB -eq 1 && $DOWEB -eq 1 && $DOMN -eq 0 ]]; then
echo "Opening TCP ports 80, 443, and 3306..."
webports=1
dbport=1
elif [[ $DOWEB -eq 1 ]]; then
echo "Opening TCP ports 80 and 443..."
webports=1
elif [[ $DODB -eq 1 ]]; then
echo "Opening TCP port 3306..."
dbport=1
fi
if [[ $webports -eq 1 || $dbport -eq 1 ]]; then
if [[ -x /bin/firewall-cmd ]] && /bin/firewall-cmd -q --state; then
if [[ $webports -eq 1 ]]; then
/bin/firewall-cmd --zone=public --add-service=http --permanent
if [ $? -ne 0 ]; then echo "Error: Failed to set firewall to allow port 80"; exit 1; fi;
/bin/firewall-cmd --zone=public --add-service=https --permanent
if [ $? -ne 0 ]; then echo "Error: Failed to set firewall to allow port 443"; exit 1; fi;
fi
if [[ $dbport -eq 1 ]]; then
if [[ $DOWEB -eq 0 ]]; then
/bin/firewall-cmd --zone=public --permanent --add-rich-rule="rule family="ipv4" source address="$WEB_HOST" service name="mysql" accept"
if [ $? -ne 0 ]; then echo "Error: Failed to set firewall to allow port 3306 for $WEB_HOST"; exit 1; fi;
fi
if [[ $DOMN -eq 0 ]]; then
/bin/firewall-cmd --zone=public --permanent --add-rich-rule="rule family="ipv4" source address="$MN_HOST" service name="mysql" accept"
if [ $? -ne 0 ]; then echo "Error: Failed to set firewall to allow port 3306 for $MN_HOST"; exit 1; fi;
fi
fi
/bin/firewall-cmd --reload
if [ $? -ne 0 ]; then echo "Error: Failed reload firewall"; exit 1; fi;
elif [[ -x /sbin/iptables ]]; then
if [[ $webports -eq 1 ]]; then
if ! /sbin/iptables -nL | grep 80 | grep ACCEPT; then
/sbin/iptables -I INPUT 1 -m state --state NEW,RELATED,ESTABLISHED -m tcp -p tcp -j ACCEPT --dport 80
if [ $? -ne 0 ]; then echo "Error: Failed to set firewall to allow port 80"; exit 1; fi;
fi
if ! /sbin/iptables -nL | grep 443 | grep ACCEPT; then
/sbin/iptables -I INPUT 1 -m state --state NEW,RELATED,ESTABLISHED -m tcp -p tcp -j ACCEPT --dport 443
if [ $? -ne 0 ]; then echo "Error: Failed to set firewall to allow port 443"; exit 1; fi;
fi
fi
if [[ $dbport -eq 1 ]]; then
if [[ $DOWEB -eq 0 ]] && ! /sbin/iptables -L | grep mysql | grep $WEB_HOST | grep ACCEPT; then
/sbin/iptables -I INPUT 1 -m state --state NEW,RELATED,ESTABLISHED -s $WEB_HOST -m tcp -p tcp -j ACCEPT --dport 3306
if [ $? -ne 0 ]; then echo "Error: Failed to set firewall to allow port 3306 for $WEB_HOST"; exit 1; fi;
fi
if [[ $DOMN -eq 0 ]] && ! /sbin/iptables -L | grep mysql | grep $MN_HOST | grep ACCEPT; then
/sbin/iptables -I INPUT 1 -m state --state NEW,RELATED,ESTABLISHED -s $MN_HOST -m tcp -p tcp -j ACCEPT --dport 3306
if [ $? -ne 0 ]; then echo "Error: Failed to set firewall to allow port 3306 for $MN_HOST"; exit 1; fi;
fi
fi
/sbin/iptables-save > /etc/sysconfig/iptables
if [ $? -ne 0 ]; then echo "Error: Failed to save iptables configuration"; exit 1; fi;
else
echo "Warning: Failed to detect firewall system. You will need to ensure "
if [[ $DODB -eq 1 && $DOWEB -eq 1 ]]; then
echo -n "ports 80, 443, and 3306 are "
elif [[ $DODB -eq 1 ]]; then
echo -n "port 3306 is "
elif [[ $DOWEB -eq 1 ]]; then
echo -n "ports 80 and 443 are "
fi
echo "allowed through your firewall."
echo ""
echo "(Press ENTER to continue)"
read tmp
fi
fi
fi
# ------------------------- check selinux ----------------------------
if [[ $DOWEB -eq 1 && -x /usr/sbin/getenforce ]]; then
if /usr/sbin/getenforce | grep -q -i enforcing; then
print_break
echo "Configuring SELinux to allow httpd to make network connections..."
/usr/sbin/setsebool -P httpd_can_network_connect=1
fi
fi
# ---------------------- create/set up vcl database ------------------------
if [[ $DODB -eq 1 ]]; then
print_break
echo "Creating VCL database..."
mysql -e "DROP DATABASE IF EXISTS vcl;"
mysql -e "CREATE DATABASE vcl;"
if [ $? -ne 0 ]; then generic_error "Failed to create VCL database"; exit 1; fi;
if [[ $DOMN -eq 1 || $DOWEB -eq 1 ]]; then
mysql -e "GRANT SELECT,INSERT,UPDATE,DELETE,CREATE TEMPORARY TABLES ON vcl.* TO '$DB_USERNAME'@'localhost' IDENTIFIED BY '$DB_PASSWORD';"
if [ $? -ne 0 ]; then generic_error "Failed to create VCL database user"; exit 1; fi;
fi
if [[ $MN_HOST != "localhost" ]]; then
mysql -e "GRANT SELECT,INSERT,UPDATE,DELETE,CREATE TEMPORARY TABLES ON vcl.* TO '$DB_USERNAME'@'$MN_HOST' IDENTIFIED BY '$DB_PASSWORD';"
if [ $? -ne 0 ]; then generic_error "Failed to create VCL database user"; exit 1; fi;
fi
if [[ $WEB_HOST != "localhost" ]]; then
mysql -e "GRANT SELECT,INSERT,UPDATE,DELETE,CREATE TEMPORARY TABLES ON vcl.* TO '$DB_USERNAME'@'$WEB_HOST' IDENTIFIED BY '$DB_PASSWORD';"
if [ $? -ne 0 ]; then generic_error "Failed to create VCL database user"; exit 1; fi;
fi
mysql vcl < $WORKPATH/apache-VCL-$VCL_VERSION/mysql/vcl.sql
if [ $? -ne 0 ]; then generic_error "Failed to initialize VCL database"; exit 1; fi;
fi
# ------------------------- copy web code in place -------------------------
if [[ $DOWEB -eq 1 ]]; then
print_break
echo "Installing VCL web code..."
/bin/cp -r $WORKPATH/apache-VCL-$VCL_VERSION/web/ /var/www/html/vcl-$VCL_VERSION
if [ $? -ne 0 ]; then generic_error "Failed to install VCL web code"; exit 1; fi;
ln -s /var/www/html/vcl-$VCL_VERSION /var/www/html/vcl
if [ $? -ne 0 ]; then generic_error "Failed to install VCL web code"; exit 1; fi;
chown apache /var/www/html/vcl/.ht-inc/maintenance
chown apache /var/www/html/vcl/.ht-inc/cryptkey
if [[ -x /usr/sbin/getenforce ]] && /usr/sbin/getenforce | grep -q -i enforcing; then
chcon -t httpd_sys_rw_content_t /var/www/html/vcl/.ht-inc/maintenance
chcon -t httpd_sys_rw_content_t /var/www/html/vcl/.ht-inc/cryptkey
fi
fi
# ---------------------------- configure web code --------------------------
if [[ $DOWEB -eq 1 ]]; then
echo "Configuring secrets.php..."
/bin/cp -f /var/www/html/vcl/.ht-inc/secrets-default.php /var/www/html/vcl/.ht-inc/secrets.php
if [ $? -ne 0 ]; then echo "Error: Failed to create secrets.php"; exit 1; fi;
sed -i -r -e "s/(vclhost\s+=\s+).*;/\1'$DB_HOST';/" /var/www/html/vcl/.ht-inc/secrets.php
if [ $? -ne 0 ]; then echo "Error: Failed to configure secrets.php"; exit 1; fi;
sed -i -r -e "s/(vclusername\s+=\s+).*;/\1'$DB_USERNAME';/" /var/www/html/vcl/.ht-inc/secrets.php
if [ $? -ne 0 ]; then echo "Error: Failed to configure secrets.php"; exit 1; fi;
sed -i -r -e "s/(vclpassword\s+=\s+).*;/\1'$DB_PASSWORD';/" /var/www/html/vcl/.ht-inc/secrets.php
if [ $? -ne 0 ]; then echo "Error: Failed to configure secrets.php"; exit 1; fi;
sed -i -r -e "s/(cryptkey\s+=\s+).*;/\1'$CRYPTKEY';/" /var/www/html/vcl/.ht-inc/secrets.php
if [ $? -ne 0 ]; then echo "Error: Failed to configure secrets.php"; exit 1; fi;
sed -i -r -e "s/(pemkey\s+=\s+).*;/\1'$PEMKEY';/" /var/www/html/vcl/.ht-inc/secrets.php
if [ $? -ne 0 ]; then echo "Error: Failed to configure secrets.php"; exit 1; fi;
echo "Configureing conf.php..."
/bin/cp -f /var/www/html/vcl/.ht-inc/conf-default.php /var/www/html/vcl/.ht-inc/conf.php
if [ $? -ne 0 ]; then echo "Error: Failed to configure conf.php"; exit 1; fi;
sed -i -r -e "s~date_default_timezone_set\('America/New_York'\);~date_default_timezone_set('$TIMEZONE');~" /var/www/html/vcl/.ht-inc/conf.php
if [ $? -ne 0 ]; then echo "Error: Failed to configure conf.php"; exit 1; fi;
echo "Generating keys..."
cd /var/www/html/vcl/.ht-inc
./genkeys.sh &> /dev/null
if [ $? -ne 0 ]; then echo "Error: Failed to generate crypto keys"; exit 1; fi;
fi
# ---------------------------- set passwords ---------------------------
if [[ $DODB -eq 1 ]]; then
print_break
echo "Setting passwords..."
set_localauth_password admin $ADMIN_PASSWORD
set_localauth_password vclsystem $ADMIN_PASSWORD
fi
# ---------------- copy management node code in place ------------------
if [[ $DOMN -eq 1 ]]; then
print_break
echo "Installing management node components..."
/bin/cp -r $WORKPATH/apache-VCL-$VCL_VERSION/managementnode/ /usr/local/vcl-$VCL_VERSION
if [ $? -ne 0 ]; then generic_error "Failed to install VCL management node code"; exit 1; fi;
ln -s /usr/local/vcl-$VCL_VERSION /usr/local/vcl
if [ $? -ne 0 ]; then generic_error "Failed to install VCL management node code"; exit 1; fi;
fi
#--------------------- configure management node code ------------------
if [[ $DOMN -eq 1 ]]; then
echo "Configuring vcld.conf..."
pkill -9 -f vcld
if [[ ! -d /etc/vcl ]]; then
mkdir /etc/vcl
if [ $? -ne 0 ]; then echo "Error: Failed to create /etc/vcl directory"; exit 1; fi;
fi
/bin/cp -f /usr/local/vcl/etc/vcl/vcld.conf /etc/vcl
if [ $? -ne 0 ]; then echo "Error: Failed to copy vcld.conf file to /etc/vcl"; exit 1; fi;
if [[ $DODB -eq 0 && $MN_HOST -eq "localhost" ]]; then
sed -i -r -e "s/(FQDN=).*/\1$PUBIP/" /etc/vcl/vcld.conf
if [ $? -ne 0 ]; then echo "Error: Failed to configure vcld.conf"; exit 1; fi;
else
sed -i -r -e "s/(FQDN=).*/\1$MN_HOST/" /etc/vcl/vcld.conf
if [ $? -ne 0 ]; then echo "Error: Failed to configure vcld.conf"; exit 1; fi;
fi
sed -i -r -e "s/(server=).*/\1$DB_HOST/" /etc/vcl/vcld.conf
if [ $? -ne 0 ]; then echo "Error: Failed to configure vcld.conf"; exit 1; fi;
sed -i -r -e "s/(LockerWrtUser=).*/\1$DB_USERNAME/" /etc/vcl/vcld.conf
if [ $? -ne 0 ]; then echo "Error: Failed to configure vcld.conf"; exit 1; fi;
sed -i -r -e "s/(wrtPass=).*/\1$DB_PASSWORD/" /etc/vcl/vcld.conf
if [ $? -ne 0 ]; then echo "Error: Failed to configure vcld.conf"; exit 1; fi;
sed -i -r -e "s/(xmlrpc_url=).*/\1https:\/\/$WEB_HOST\/vcl\/index.php?mode=xmlrpccall/" /etc/vcl/vcld.conf
if [ $? -ne 0 ]; then echo "Error: Failed to configure vcld.conf"; exit 1; fi;
sed -i -r -e "s/(xmlrpc_pass=).*/\1$ADMIN_PASSWORD/" /etc/vcl/vcld.conf
if [ $? -ne 0 ]; then echo "Error: Failed to configure vcld.conf"; exit 1; fi;
fi
#------------------ configure vcld to start at boot ---------------
if [[ $DOMN -eq 1 ]]; then
echo "Configuring vcld service..."
/bin/cp -f /usr/local/vcl/bin/S99vcld.linux /etc/init.d/vcld
if [ $? -ne 0 ]; then echo "Error: Failed to copy initialization file in place"; exit 1; fi;
/sbin/chkconfig --add vcld
if [ $? -ne 0 ]; then echo "Error: Failed to configure vcld service to start on boot"; exit 1; fi;
/sbin/chkconfig --level 345 vcld on
if [ $? -ne 0 ]; then echo "Error: Failed to configure vcld service to start on boot"; exit 1; fi;
fi
#----------------------- configure management node in vcl --------------------
if [[ $DODB -eq 1 ]]; then
print_break
echo "Adding managment node to database..."
mysql -e "DELETE FROM vcl.managementnode;"
mysql -e "INSERT INTO vcl.managementnode (IPaddress, hostname, stateid) VALUES ('$PUBIP', '$MN_HOST', '2');"
if [ $? -ne 0 ]; then echo "Error: Failed to add management node to database"; exit 1; fi;
mysql -e "DELETE FROM vcl.resource WHERE resourcetypeid = 16;"
mysql -e "INSERT INTO vcl.resource (resourcetypeid, subid) VALUES ('16', (SELECT id FROM vcl.managementnode WHERE hostname = '$MN_HOST'));"
if [ $? -ne 0 ]; then echo "Error: Failed to add management node to database"; exit 1; fi;
mysql -e "INSERT INTO vcl.resourcegroupmembers (resourceid, resourcegroupid) SELECT vcl.resource.id, vcl.resourcegroup.id FROM vcl.resource, vcl.resourcegroup WHERE vcl.resource.resourcetypeid = 16 AND vcl.resourcegroup.resourcetypeid = 16;"
if [ $? -ne 0 ]; then echo "Error: Failed to add management node to database"; exit 1; fi;
fi
# ----------------- install and configure dhcpd ------------------------
if [[ $DODHCP = 'yes' ]]; then
print_break
echo "Installing dhcp..."
yum -q -y install dhcp
if [ $? -ne 0 ]; then echo "Error: Failed to install dhcp"; exit 1; fi;
echo "Configuring dhcp..."
if ifconfig ${if[$privnum]} | grep $PRIVIP | grep -q 'Mask:'; then
privmask=$(ifconfig ${if[$privnum]} | grep $PRIVIP | awk '{print $4}' | awk -F: '{print $2}')
elif ifconfig ${if[$privnum]} | grep $PRIVIP | grep -q 'netmask '; then
privmask=$(ifconfig ${if[$privnum]} | grep $PRIVIP | awk '{print $4}')
fi
if [[ ! $privmask =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
echo "Error: Failed to determine netmask for private address"
exit 1
fi
IFS=. read pr1 pr2 pr3 pr4 <<<"$PRIVIP"
IFS=. read prm1 prm2 prm3 prm4 <<<"$privmask"
privnet="$((pr1 & prm1)).$((pr2 & prm2)).$((pr3 & prm3)).$((pr4 & prm4))"
if [[ ! $privnet =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
echo "Error: Failed to determine network for private address"
exit 1
fi
echo "Private address: $PRIVIP"
echo "Private netmask: $privmask"
echo "Private network: $privnet"
echo "Configuring /etc/dhcp/dhcpd.conf..."
(
cat <<'EOF'
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.sample
# see 'man 5 dhcpd.conf'
#
ddns-update-style none;
shared-network eth0 {
subnet PRIVNET netmask PRIVMASK {
ignore unknown-clients;
}
# ----------- add computers from VCL web site below here ------------
}
EOF
) > /etc/dhcp/dhcpd.conf
sed -i "s/PRIVNET/$privnet/" /etc/dhcp/dhcpd.conf
sed -i "s/PRIVMASK/$privmask/" /etc/dhcp/dhcpd.conf
if ! grep -q $privmask /etc/dhcp/dhcpd.conf; then
echo "Error: Failed to configure /etc/dhcp/dhcpd.conf"
exit 1
fi
if [[ -f /etc/sysconfig/dhcpd ]] && grep -q DHCPDARGS /etc/sysconfig/dhcpd; then
sed -i -r -e "s/(DHCPDARGS=).*/\1${if[$privnum]}/" /etc/sysconfig/dhcpd
else
echo "DHCPDARGS=\"${if[$privnum]}\"" > /etc/sysconfig/dhcpd
fi
if ! grep -q ${if[$privnum]} /etc/sysconfig/dhcpd; then
echo "Error: Failed to configure /etc/sysconfig/dhcpd"
exit 1
fi
/sbin/chkconfig dhcpd on
if [ $? -ne 0 ]; then echo "Error: Failed to configure dhcpd service to start on boot"; exit 1; fi;
echo "Starting dhcpd service..."
/sbin/service dhcpd start
if [ $? -ne 0 ]; then generic_error "Failed to start dhcpd service"; exit 1; fi;
fi
# -------------------- create ssh identity key ---------------------
if [[ $DOMN -eq 1 && ! -r /etc/vcl/vcl.key ]]; then
print_break
echo "Creating SSH identity key file at /etc/vcl/vcl.key"
ssh-keygen -t rsa -f "/etc/vcl/vcl.key" -N '' -b 1024 -C 'VCL root account'
if [ $? -ne 0 ]; then echo "Error: Failed to create ssh identity key for connecting to managed VMs"; exit 1; fi;
echo "IdentityFile /etc/vcl/vcl.key" >> /etc/ssh/ssh_config
if [ $? -ne 0 ]; then echo "Error: Failed to add ssh identity key to /etc/ssh/ssh_config"; exit 1; fi;
fi
# ---------------------------- start vcld ----------------------------
if [[ $DOMN -eq 1 ]]; then
print_break
echo "Starting vcld service..."
/sbin/service vcld stop &> /dev/null
sleep 1
/sbin/service vcld start
if [ $? -ne 0 ]; then echo "Error: Failed to start vcld service"; exit 1; fi;
fi
echo ""
if [[ $DOALL -eq 1 ]]; then
echo "VCL installation complete"
echo ""
echo "Your VCL system now needs to be configured. Follow online instructions to"
elif [[ $DODB -eq 1 && $DOWEB -eq 1 ]]; then
echo "VCL installation of database and web components complete. If you have not"
echo "already done so, install management node components to complete your VCL"
echo "installation. After all components are installed, your VCL system will need"
echo "to be configured. Follow online instructions to"
elif [[ $DODB -eq 1 && $DOMN -eq 1 ]]; then
echo "VCL installation of database and management node components complete. If you"
echo "have not already done so, install web components to complete your VCL"
echo "installation. After all components are installed, your VCL system will need to"
echo "be configured. Follow online instructions to"
elif [[ $DOWEB -eq 1 && $DOMN -eq 1 ]]; then
echo "VCL installation of web and management node components complete. If you have"
echo "not already done so, install database components to complete your VCL"
echo "installation. After all components are installed, your VCL system will need to"
echo "be configured. Follow online instructions to"
elif [[ $DODB -eq 1 ]]; then
echo "VCL installation of database components complete. If you have not already done"
echo "so, install web and management node components to complete your VCL"
echo "installation. After all components are installed, your VCL system will need to"
echo "be configured. Follow online instructions to"
elif [[ $DOWEB -eq 1 ]]; then
echo "VCL installation of web components complete. If you have not already done so,"
echo "install database and management node components to complete your VCL"
echo "installation. After all components are installed, your VCL system will need to"
echo "be configured. Follow online instructions to"
elif [[ $DOMN -eq 1 ]]; then
echo "VCL installation of management node components complete. If you have not already"
echo "done so, install database and web components to complete your VCL installation."
echo "After all components are installed, your VCL system will need to be configured."
echo "Follow online instructions to"
fi
echo ""
echo "1) Set up a VM Host Profile"
echo "2) Add a Virtual Host"
echo "3) Add VMs"
echo "4) export dhcpd data for the VMS and add that to /etc/dhcp/dhcpd.conf"
echo "5) Assign VMs to your VM Host(s)"
echo "6) create base images"
echo ""
if [[ $DOALL -eq 1 ]]; then
echo "Your VCL system can be accessed at https://$PUBIP/vcl"
fi