From 034a4d760bf9388ed7be06201f71654234190880 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 17 Jan 2020 15:49:53 +0100 Subject: [SSUS] Get updater ready for next release --- satellit_upgrader/pack-update.sh | 7 ++ satellit_upgrader/updater.template.sh | 160 ++++++++++++++++++++++++++-------- 2 files changed, 129 insertions(+), 38 deletions(-) diff --git a/satellit_upgrader/pack-update.sh b/satellit_upgrader/pack-update.sh index 21e0e45..fbe23cd 100755 --- a/satellit_upgrader/pack-update.sh +++ b/satellit_upgrader/pack-update.sh @@ -207,6 +207,10 @@ addpayload "IPXE" "iPXE source code" addpayload "LDADP" "ldap/ad proxy source code" addpayload "DNBD3" "dnbd3-server source code" +addinstallfile "taskmanager/config" +addinstallfile "taskmanager/environment" +addinstallfile "taskmanager/taskmanager.service" + if [ -z "$LEAN" ]; then addinstallfile "lighttpd.conf" addinstallfile "lighttpd-auto-ssl.sh" @@ -222,10 +226,13 @@ if [ -z "$LEAN" ]; then addinstallfile "dnbd3/server.conf" addinstallfile "dnbd3/rpc.acl" addinstallfile "dnbd3/alt-servers" + addinstallfile "dnbd3/dnbd3-master-proxy.service" addinstallfile "tftpd/tftpd-hpa.service" addinstallfile "tftpd/tftpd-hpa" addinstallfile "tftpd/tftpd-remap" + addinstallfile "slxadmin-init/gpg-key.asc" + addinstallfile "slxadmin-init/slxadmin-init.php" # TODO: Unify more source ../satellit_installer/includes/10-sudo_config.inc diff --git a/satellit_upgrader/updater.template.sh b/satellit_upgrader/updater.template.sh index 1928cbf..c838330 100644 --- a/satellit_upgrader/updater.template.sh +++ b/satellit_upgrader/updater.template.sh @@ -73,6 +73,10 @@ mysql () { "$(which mysql)" --defaults-extra-file=/etc/mysql/debian.cnf --default-character-set=utf8 "$@" } +generate_password() { + tr -dc _A-Za-z0-9 < /dev/urandom | head -c 16 +} + # ** Restart given systemd service, warn if it fails but do not bail out restart_service () { if ! systemctl restart "$1"; then @@ -185,10 +189,12 @@ if [ -z "$PAYLOAD_OFFSET" ] || [[ "$PAYLOAD_OFFSET" == %*% ]]; then fi # ********************************************************** +declare -A restart +daemon_reload= # Get current webif version if [ -n "$TGZ_SLXADMIN" ]; then - declare -rg CURRENT_WEBIF_VERSION=$(cat "${PATH_SLXADMIN}/version" | tail -n 1) + declare -rg CURRENT_WEBIF_VERSION="$( < "${PATH_SLXADMIN}/version" tail -n 1 )" echo "bwLehrpool Satellite Server Update" echo -n "Currently installed version: " sed -r 's/([0-9]{4})([0-9]{3})([0-9]{2})/\1-\2-\3/' <<<"$CURRENT_WEBIF_VERSION" @@ -206,6 +212,20 @@ if [ -n "$TGZ_SLXADMIN" ]; then fi fi +# ************** Extract payload *************************** +declare -rg TMPDIR=$(mktemp -d) +export TMPDIR +[ -z "$TMPDIR" ] && perror "Could not create temporary directory for installer" +dd "bs=$PAYLOAD_OFFSET" "if=$0" skip=1 | tar -z -x -C "$TMPDIR" +RET=$? +[ "$RET" -ne 0 ] && perror "Extracting installer payload failed with exit code $RET" +declare -rg FILEDIR="$TMPDIR/files" +chmod 0700 "$FILEDIR" # In case we patch passwords into files there + +# ********************************************************** +# ********************************************************** +# ********************************************************** + # **** Start generating dhparam early as it takes a long time ********************** declare -rg DHPARAM="/etc/lighttpd/dhparam.pem" DH_PID= @@ -214,26 +234,67 @@ if ! [ -s "$DHPARAM" ]; then DH_PID=$! fi - # **************** Fix tmpdelete cronjob ******************* if [ -f "/etc/cron.daily/tmpdelete.sh" ]; then [ -f "/etc/cron.daily/tmpdelete" ] || mv "/etc/cron.daily/tmpdelete.sh" "/etc/cron.daily/tmpdelete" rm -f -- "/etc/cron.daily/tmpdelete.sh" fi -# ************** Extract payload *************************** -declare -rg TMPDIR=$(mktemp -d) -export TMPDIR -[ -z "$TMPDIR" ] && perror "Could not create temporary directory for installer" -dd "bs=$PAYLOAD_OFFSET" "if=$0" skip=1 | tar -z -x -C "$TMPDIR" -RET=$? -[ "$RET" -ne 0 ] && perror "Extracting installer payload failed with exit code $RET" -declare -rg FILEDIR="$TMPDIR/files" +# Make sure current java is installed +if [ "$MAJOR" -le 9 ]; then + java="7" + php="-1" +else # 10+ + java="11" + php="2" +fi +for ver in $(seq 6 "$java"); do + dpkg -l "openjdk-${ver}-*" 2> /dev/null | grep -q '^ii' && apt remove -y "openjdk-${ver}-*" +done +aptinst default-jre-headless -# ********************************************************** +# Same for php +dpkg -l 'php5-*' | grep -q '^ii' && apt remove -y "php5-*" +for ver in $(seq 0 "$php"); do + dpkg -l "php7.${ver}-*" 2> /dev/null | grep -q '^ii' && apt remove -y "php7.${ver}-*" +done +aptinst php-cgi +aptinst php-cli +aptinst php-curl +aptinst php-json +aptinst php-mysqlnd +aptinst php-mbstring +aptinst php-xml +aptinst php-soap + +# MySQL... +dpkg -l 'mysql-server*' | grep -q '^ii' && apt remove -y "mysql-server*" +aptinst default-mysql-server # ********************** Taskmanager *********************** # Do this first in case one of the later updates depends on the taskmanager +# Config files +tm_restart= +tm_password= +if [ -s "$PATH_TASKMANAGER/config/config" ]; then + tm_password="$(awk '$0 ~ /^password\s*=/ {gsub(/^password\s*=\s*/, ""); gsub(/\s*$/, ""); print $0; exit}' "$PATH_TASKMANAGER/config/config")" + [ "$tm_password" = "%TM_OPENSLX_PASS%" ] && tm_password= +fi +if [ -z "$tm_password" ] && [ -s "${PATH_SLXADMIN}/config.php" ]; then + tm_password="$(grep -m1 '^define.*CONFIG_TM_PASSWORD.*;' "${PATH_SLXADMIN}/config.php" | awk -F "'" '{print $4}')" + [ "$tm_password" = "%TM_OPENSLX_PASS%" ] && tm_password= +fi +if [ -z "$tm_password" ]; then + tm_password="$(generate_password)" +fi +[ -n "$tm_password" ] && sed -i "s/%TM_OPENSLX_PASS%/${tm_password}/" "$FILEDIR/taskmanager/config" +mkdir -m 0750 -p "$PATH_TASKMANAGER/config" +diffcp "taskmanager/config" "$PATH_TASKMANAGER/config/config" && tm_restart=1 +diffcp "taskmanager/environment" "$PATH_TASKMANAGER/config/environment" && tm_restart=4 +diffcp "taskmanager/taskmanager.service" "/etc/systemd/system/taskmanager.service" && tm_restart=111 +chmod 0640 "$PATH_TASKMANAGER/config/config" +chown -R root:taskmanager "$PATH_TASKMANAGER/config" +# java app if [ -n "$TGZ_TASKMANAGER" ]; then [ -e "$TMPDIR/$TGZ_TASKMANAGER" ] || perror "$TGZ_TASKMANAGER missing from payload" echo "* Task manager" @@ -247,15 +308,18 @@ if [ -n "$TGZ_TASKMANAGER" ]; then # Where we place the downloadable iPXE images mkdir -p -m 0755 "/srv/openslx/www/boot/download" fixperms "/srv/openslx/www/boot/download" taskmanager:www-data - echo "Restarting service" - restart_service taskmanager + tm_restart=1 echo "Taskmanager upgrade complete" fi - -# *****************taskmanager sudo config ***************** +# sudo config if diffcp "tm-sudo-config" "/etc/sudoers.d/taskmanager" "Installing new sudo config for taskmanager"; then chmod 0440 "/etc/sudoers.d/taskmanager" fi +if [ -n "$tm_restart" ]; then + echo "Restarting Taskmanager..." + systemctl daemon-reload + restart_service taskmanager.service # Restart right away for above reason +fi # ************************** IPXE ************************** echo "* iPXE" @@ -320,7 +384,7 @@ if [ -n "$TGZ_SLXADMIN" ]; then # Remove old files - wipe selectively, just in case someone added a new module by hand rm -rf -- "$PATH_SLXADMIN/"{inc,apis,modules,templates,Mustache,script,style,modules-available/serversetup-bwlp} while read -r line || [[ -n "$line" ]]; do - rm -rf -- "$PATH_SLXADMIN/$line" + rm -rf -- "${PATH_SLXADMIN:?}/$line" done < "$INCMODS" tar -x -C "$PATH_SLXADMIN" -f "$TMPDIR/$TGZ_SLXADMIN" || perror "Could not extract $TGZ_SLXADMIN to $PATH_SLXADMIN" rm -f -- "$PATH_SLXADMIN/config.php.example" @@ -336,6 +400,7 @@ if [ -n "$TGZ_SLXADMIN" ]; then else sed "s/%MYSQL_OPENSLX_PASS%/${SQLPASS}/g" "$FILEDIR/slxadmin-config.php" > "${PATH_SLXADMIN}/config.php" fi + sed -i "s/%TM_OPENSLX_PASS%/${tm_password}/g" "${PATH_SLXADMIN}/config.php" # Update version info in footer [ -z "$OLDFOOTER" ] && OLDFOOTER="Unknown base version" FOOTER="$SLXADMIN_FOOTER" @@ -431,6 +496,10 @@ if [ -n "$TGZ_SLXADMIN" ]; then rm -f -- "/srv/openslx/www/slx-admin/modules-available/baseconfig_bwidm/baseconfig/settings.json" ln -s "${PATH_SLXADMINCACHE}/baseconfig-bwidm_settings.json" /srv/openslx/www/slx-admin/modules-available/baseconfig_bwidm/baseconfig/settings.json || \ pwarning "Could not set link ${PATH_SLXADMINCACHE}/baseconfig-bwidm_settings.json to /srv/openslx/www/slx-admin/modules-available/baseconfig_bwidm/baseconfig/settings.json - do so manually if you need bwIDM login on client computers" + # run init script + if [ -s "$FILEDIR/slxadmin-init/slxadmin-init.php" ]; then + php "$FILEDIR/slxadmin-init/slxadmin-init.php" || perror "Error running slx-admin init script" + fi echo "Web interface upgrade complete" fi @@ -451,17 +520,19 @@ if [ -n "$TGZ_DOZMOD" ]; then echo 'db.location-table = openslx.location' >> "$PATH_DOZMOD/config.properties" fi fixperms "$PATH_DOZMOD" root:images - echo "Restarting service" - restart_service dmsd + restart["dmsd.service"]=1 echo "dmsd upgrade complete" fi echo "* Configuring lighttpd" -RESTART_LIGHTY= -diffcp "lighttpd.conf" "/etc/lighttpd/lighttpd.conf" && RESTART_LIGHTY=ja -diffcp "lighttpd-auto-ssl.sh" "/usr/share/lighttpd/auto-ssl.sh" && RESTART_LIGHTY=ja -diffcp "lighttpd-include-conf-d.sh" "/usr/share/lighttpd/include-conf-d.sh" && RESTART_LIGHTY=ja +if [ "$MAJOR" -lt 10 ]; then + # Filename changed on Debian 10, patch back for 9 + sed -i 's/create-mime\.conf\.pl/create-mime.assign.pl/' "$FILEDIR/lighttpd.conf" +fi +diffcp "lighttpd.conf" "/etc/lighttpd/lighttpd.conf" && restart["lighttpd.service"]=ja +diffcp "lighttpd-auto-ssl.sh" "/usr/share/lighttpd/auto-ssl.sh" && restart["lighttpd.service"]=ja +diffcp "lighttpd-include-conf-d.sh" "/usr/share/lighttpd/include-conf-d.sh" && restart["lighttpd.service"]=ja # ********************** lighttpd php_children ************* mkdir -p /usr/local/sbin @@ -479,8 +550,7 @@ if diffcp "patch_lighttpd_phpchildren" "/usr/local/sbin/patch_lighttpd_phpchildr [Service] ExecStartPre=/usr/local/sbin/patch_lighttpd_phpchildren HDOC - systemctl daemon-reload - RESTART_LIGHTY=ja + restart["lighttpd.service"]=ja fi fi fi @@ -496,7 +566,7 @@ fi # ************************** PHP *************************** inicount=0 -for PHPINIFILE in "/etc/php5/cgi/php.ini" "/etc/php/7.0/cgi/php.ini"; do +for PHPINIFILE in /etc/php/7.*/cgi/php.ini; do [ -f "$PHPINIFILE" ] || continue inicount=$(( inicount + 1 )) if ! grep -q -E '^\s*upload_max_filesize = 100M' "$PHPINIFILE"; then @@ -514,7 +584,7 @@ for PHPINIFILE in "/etc/php5/cgi/php.ini" "/etc/php/7.0/cgi/php.ini"; do else echo "post_max_size = 100M" >> "$PHPINIFILE" || pwarning "Could not incease PHP upload limit :( (2.b)" fi - RESTART_LIGHTY=ja + restart["lighttpd.service"]=ja fi done if [ "$inicount" -ne 1 ]; then @@ -559,15 +629,15 @@ diffcp "tftpd/tftpd-hpa.service" "/etc/systemd/system/tftpd-hpa.service" && chg= diffcp "tftpd/tftpd-remap" "/opt/openslx/tftpd-remap" && chg=true if "$chg"; then ln -s -f "../tftpd-hpa.service" "/etc/systemd/system/multi-user.target.wants/" - systemctl daemon-reload - restart_service tftpd-hpa.service + daemon_reload=true + restart["tftpd-hpa.service"]=1 fi # ********************** dmsd.service ********************** if diffcp "dmsd.service" "/etc/systemd/system/dmsd.service"; then ln -s -f "../dmsd.service" "/etc/systemd/system/multi-user.target.wants/" - systemctl daemon-reload - restart_service dmsd + daemon_reload=1 + restart["dmsd.service"]=2 fi # ********************** dnbd3 config ******************* @@ -627,10 +697,19 @@ if [ -n "$TGZ_DNBD3" ]; then fi fi -# ********************** dnbd3.service ******************* +# ******************* dnbd3-server.service *************** if diffcp "dnbd3/dnbd3-server.service" "/etc/systemd/system/dnbd3-server.service"; then - ln -s -f "../dnbd3-server.service" "/etc/systemd/system/multi-user.target.wants/" - systemctl daemon-reload + ln -n -s -f "../dnbd3-server.service" "/etc/systemd/system/multi-user.target.wants/dnbd3-server.service" + daemon_reload=1 + restart["dnbd3-server.service"]=1 +fi + +# *************** dnbd3-master-proxy.service ************* +if diffcp "dnbd3/dnbd3-master-proxy.service" "/etc/systemd/system/dnbd3-master-proxy.service"; then + aptinst socat + ln -n -s -f "../dnbd3-master-proxy.service" "/etc/systemd/system/multi-user.target.wants/dnbd3-master-proxy.service" + daemon_reload=2 + restart["dnbd3-master-proxy.service"]=3 fi # ************************** ldadp ************************* @@ -713,7 +792,8 @@ done sed -i -e '/^assistive_technologies=/s/^/#/' /etc/java-*-openjdk/accessibility.properties &> /dev/null # ************************** LIGHTY ************************ -if [ -n "$RESTART_LIGHTY" ]; then +# XXX +if [ -n "${restart["lighttpd.service"]}" ]; then count=0 if [ -n "$DH_PID" ] && kill -0 "$DH_PID" 2>/dev/null; then echo -n ".waiting up to 5 minutes for dh param generation." @@ -723,12 +803,16 @@ if [ -n "$RESTART_LIGHTY" ]; then count=$(( count + 1 )) [ "$count" -gt 150 ] && break done + echo "." fi - - echo -n ".restarting lighttpd." - restart_service lighttpd fi -echo ". done!" +if [ -n "$daemon_reload" ]; then + systemctl daemon-reload +fi +for service in "${!restart[@]}"; do + echo "Restarting $service..." + restart_service "$service" +done echo "" echo "Update complete. It is recommended to reboot the server." -- cgit v1.2.3-55-g7522