File: //cpanel_installer/install
#!/usr/bin/perl
# cpanel - installd/install Copyright 2020 cPanel, L.L.C.
# All rights Reserved.
# copyright@cpanel.net http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited
package installd::install;
use strict;
use warnings;
use POSIX;
use Cwd ();
use Getopt::Long ();
use lib '.';
use lib 'installd'; # mainly for use by automated testing that does not enter the install directory
require Common;
my $package_manager;
my $distro;
my $distro_version;
my $distro_arch;
my $yumcheck = 0;
my $force;
my $skip_apache = -e '/root/skipapache' ? 1 : 0;
my $skip_repo_setup = 0;
my $skip_license_check;
my $collect_output = undef;
my $installstart;
my $original_pid = $$;
exit run(@ARGV) unless caller;
sub run {
my (@args) = @_;
my $ret = eval { script(@args) };
if ($@) {
chomp $@;
print STDERR $@;
return 1;
}
return $ret;
}
sub script {
my (@args) = @_;
local $ENV{'CPANEL_BASE_INSTALL'} = 1;
local $ENV{'LANG'} = 'C';
delete $ENV{'LANGUAGE'};
local $| = 1;
umask 022;
if ( open my $fh, '<', $Common::lock_file ) {
print "The system detected an installer lock file: ($Common::lock_file)\n";
print "Make certain that an installer is not already running.\n\n";
print "You can remove this file and re-run the cPanel installation process after you are certain that another installation is not already in progress.\n\n";
my $pid = <$fh>;
if ($pid) {
chomp $pid;
print `ps auxwww |grep $pid`; ## no critic(ProhibitQxAndBackticks)
}
else {
print "Warning: The system could not find pid information in the $Common::lock_file file.\n";
}
return 1;
}
# Create the lock file.
if ( open my $fh, '>', $Common::lock_file ) {
print {$fh} "$$\n";
close $fh;
}
else {
Common::FATAL("Unable to write lock file $Common::lock_file");
return 1;
}
$original_pid = $$;
END {
return if $$ != $original_pid;
# Required for testing.
return if $INC{'Test/More.pm'};
Common::cleanup_lock_file_and_gpg_homedir();
}
# Open the install logs for append.
$installstart = Common::open_logs();
# Determine local distro and version. Fail if unsupported.
( $distro, $distro_version, $distro_arch ) = check_system_support();
my $options = {};
Getopt::Long::GetOptionsFromArray(
\@args,
'force' => \$force,
'skip-cloudlinux' => \$options->{'skip-cloudlinux'},
'skipapache' => \$skip_apache,
'skipreposetup' => \$skip_repo_setup,
'skiplicensecheck' => \$skip_license_check,
);
recommend_version( $distro, $distro_version, $force );
# Validate hostname is FQDN.
Common::check_hostname();
# Ensure network-scripts is installed and configured while networkManager
# is disabled on CentOS 8.
if ( index( $distro_version, 8 ) == 0 ) {
check_network_scripts();
}
else {
# Validate NetworkManager is off and uninstalled.
check_network_manager($distro_version);
}
# Do the clean install check pause right after
# network manager so they see the warning since
# this will pause for 5 seconds
Common::clean_install_check();
# Validate that various files are in place.
Common::check_files();
# Bootstrap checks.
Common::INFO("Running health checks prior to start.");
Common::check_resolv_conf();
check_yum_works();
my $ensure_rpms_installed;
if ( $ensure_rpms_installed = fork() ) {
#parent
}
else {
$collect_output = '';
# Must run before bootstrap to install wget if needed
local $@;
eval { ensure_rpms_installed( $distro, $distro_version ); };
print $collect_output;
undef $collect_output;
die if $@;
exit(0);
}
{
# While the ensure is running in the background
# we show the message warning that they need a clean
# server
local $SIG{'INT'} = sub {
kill( 'TERM', $ensure_rpms_installed );
Common::WARN("Install terminated by user input");
exit(0);
};
Common::warn_clean_server_needed();
local $?;
waitpid( $ensure_rpms_installed, 0 );
if ( $? != 0 ) {
die "ensure_rpms_install failed: $?";
}
}
# Assure minimum setup: wget & co
Common::bootstrap( $distro, $distro_version );
# Remove rpms and stop unneeded services. This must happen before there are parallel executions of yum/rpm
# because rpm from 4.12.0-alpha-90 does not wait for transaction lock when stdin is not a tty
# (it errors and dies instead). My CentOS 8 VM has rpm 4.14.2. We could work around this with fcntl, but
# that syscall is complicated to use in this bootstrap environment.
disable_software();
my $install_version = Common::get_cpanel_version();
# Install base distro required RPMS and setup YUM
my $lts = Common::get_lts_version();
Common::INFO("Installing cPanel & WHM major version ${lts}.");
do_clock_update( $distro, $distro_version );
# Start nscd if its not running since it will improve rpm install time
Common::ssystem("ps -U nscd -h 2>/dev/null || /sbin/service nscd start");
# Copy custom cpanel.config into place if provided
Common::setup_custom_cpanel_config();
create_config_files($options);
# Look for conditions that require tier manipulation or require us to block the install.
check_for_install_version_blockers( $distro, $distro_version, $distro_arch, $force );
# Common::get_cpanel_version must be called before
# bootstrap_cpanel_perl
my $bootstrap_cpanel_perl_pid;
if ( $bootstrap_cpanel_perl_pid = fork() ) {
# parent
}
else {
# bootstrap cPanel Perl if available - legacy version of WHM would not have/need it
# this would allow updatenow to run using cpanel perl instead of system perl
$collect_output = '';
local $@;
eval { Common::bootstrap_cpanel_perl($install_version); };
print $collect_output;
undef $collect_output;
die if $@;
exit(0);
}
# Needs wget, working network connection.
Common::check_if_we_can_get_to_httpupdate();
# Make sure the OS is relatively clean.
Common::check_no_mysql();
# Check that we're in runlevel 3.
check_runlevel($distro_version);
my $installer_dir = Cwd::getcwd();
# Do this after sanity checks so that we fail before creating the touch
# file.
Common::DEBUG("Parsing command line arguments.");
Common::get_install_type(@args); # Set DNSONLY if need be.
Common::check_license_conflict() unless $skip_license_check; # need dnsonly file to be set
# TODO: Get rid of these files and replace them with /var/cpanel/dnsonly
# Disable services by touching files.
if ( Common::is_dnsonly() ) {
my @dnsonlydisable = qw( cpdavd );
foreach my $dis_service (@dnsonlydisable) {
Common::touch( '/etc/' . $dis_service . 'disable' );
}
}
# Set selinux to permissive mode for installation.
if ( -e '/usr/sbin/setenforce' ) {
Common::ssystem( '/usr/sbin/setenforce', '0', { ignore_errors => 1 } );
}
# Start background rpm download only after disable_software
# since it does rpm -e
my $background_rpm_download_pid = background_download_packages_used_during_initial_install($distro_version);
# Now software is installed, call rdate or chronyc in case it couldn't be called earlier in the bootstrap script.
update_system_clock( $distro, $distro_version );
# Enable the 9.6 PGSQL module for Calendar and Contacts Server support for CentOS 8
if ( version_gte( $distro_version, 8 ) ) {
enable_dnf_module( 'postgresql', '9.6' );
}
Common::create_feature_showcase_dir();
Common::create_slash_scripts_symlink();
{
local $?;
waitpid( $bootstrap_cpanel_perl_pid, 0 );
if ( $? != 0 ) {
kill 'TERM', $background_rpm_download_pid if $background_rpm_download_pid;
die "Bootstrapping cPanel Perl failed: $?";
}
}
# Install cpanel files and directories. TERMINATE if failure.
Common::updatenow(
'skipapache' => $skip_apache ? 1 : 0,
'skipreposetup' => $skip_repo_setup ? 1 : 0
);
# We used to wait for yum to finish here but
# that just blocked the installer from downloading
# rpms so we do the waitpid after
chmod( 0700, '/usr/local/cpanel/scripts/cpanel_initial_install' );
system( '/usr/local/cpanel/scripts/cpanel_initial_install', '--skipapache', $skip_apache, '--skipreposetup', $skip_repo_setup, '--installstart', $installstart );
if ( $? >> 8 != 0 ) {
kill 'TERM', $background_rpm_download_pid if $background_rpm_download_pid;
Common::FATAL('The system failed to run the /usr/local/cpanel/scripts/cpanel_initial_install script.');
return 1;
}
# Cleanup before exiting
waitpid( $background_rpm_download_pid, 0 );
return 0;
}
sub recommend_version {
my ( $distro, $version, $force ) = @_;
return unless $version && $version < 7 && $distro ne 'cloud';
my $timer = 5;
my $days_until_eol = days_until_c6_eol();
my $notice =
$force
? qq{ Installation will begin in $timer seconds.}
: qq{ To force the installation on @{[_distro_name($distro)]} version 6, use the --force option.};
my $advice = <<"END";
On November 30, 2020 @{[_distro_name($distro)]} will stop supporting @{[_distro_name($distro)]} 6 on all systems, including this one. To avoid migrating to a new system at that time, we strongly recommend that you use @{[_distro_name($distro)]} version 7+. More information about cPanel, L.L.C. deprecation plan will be forthcoming.
If you do need to use @{[_distro_name($distro)]} 6, anticipate the need to have completed your migration in $days_until_eol days.
$notice
END
return Common::print_warning_notice( $advice, $force );
}
sub days_until_c6_eol {
my $c6_eol_epoch = 1606780799; # 2020-11-30 23:59:59
my $day_in_seconds = 86400;
my $current_day = time();
my $days_until_eol = int( ( $c6_eol_epoch - $current_day ) / $day_in_seconds );
return $days_until_eol;
}
sub create_config_files {
my ($options) = @_;
Common::touch('/var/cpanel/nocloudlinux') if $options->{'skip-cloudlinux'};
return;
}
# Attempt to enable module for dnf to specific version
sub enable_dnf_module {
my ( $module, $version ) = @_;
if ( !$module || !$version ) {
Common::WARN("Invalid call to enable_dnf_module(“$module”,“$version“)");
}
my $result = Common::ssystem( 'dnf', 'module', 'enable', "$module:$version", '-y' );
return;
}
sub yum_nohang_ssystem {
my @cmd = @_;
# some base packages were moved to PowerTools on CentOS 8; e.g. elinks
if ( version_gte( $distro_version, 8 ) ) {
push @cmd, '--enablerepo=' . _get_powertools_repoid();
}
$yumcheck = 1;
my $failcount = 0;
my $result = 1;
while ($result) { # While yum is failing.
$result = Common::ssystem(@cmd);
last if ( !$result ); # yum came back clean. Stop re-trying
$failcount++;
if ( $failcount > 5 ) {
Common::FATAL("yum failed $failcount times. The installation process cannot continue.");
}
}
$yumcheck = 0;
return;
}
sub get_distro_release_rpm {
# /etc/redhat-release or /etc/system-release must be present
my ( $rhel_release, $amazon_release ) = ( '/etc/redhat-release', '/etc/system-release' );
my $distro_release;
if ( -e $rhel_release ) {
$distro_release = $rhel_release;
}
elsif ( -e $amazon_release ) {
$distro_release = $amazon_release;
}
else {
Common::invalid_system("The system could not detect a valid release file for this distribution");
}
chomp( my $release_rpm = `rpm -qf $distro_release` ); ## no critic(ProhibitQxAndBackticks)
return $release_rpm;
}
sub check_system_support {
# Some of these variables are unused *as of now*. However! some of these values may be useful for 'filling in the blanks' when the RPM check we do fails to provide all required info.
# For now, only the $system and $machine variables are used, $machine only when Amazon Linux is detected. See https://metacpan.org/pod/POSIX#uname for more info.
my ( $system, $nodename, $release, $version, $machine ) = POSIX::uname();
if ( $system =~ m/linux/i ) {
my $distro_arch = get_system_arch();
my $release_rpm = get_distro_release_rpm();
$release_rpm or Common::invalid_system("RPMs do not manage release file.");
# We now parse this with our rpm parsing code
# to ensure it is reliable
my $parsed = parse_rpm_arch($release_rpm);
$distro_arch ||= $parsed->{'arch'};
my $distro_version = $parsed->{'version'};
my $distro_type = $parsed->{'name'};
# CentOS uses a hyphen to delimit major/minor.
$distro_version =~ tr{-}{.};
if ( index( $distro_version, '.' ) == -1 ) {
my ($minor_version) = $parsed->{'release'} =~ m{^([0-9]+)\.};
if ($minor_version) {
$distro_version .= qq{.$minor_version};
}
}
Common::DEBUG("Detected distro “$distro_type”, version “$distro_version”, arch “$distro_arch”");
$distro_version or Common::invalid_system("The system found that the unexpected '$release_rpm' RPM manages the release file.");
# This is required for CloudLinux 5 as they do not set an arch for their rpm. So we want to ignore it.
$distro_arch ||= '';
$distro_type =~ m/centos|redhat|enterprise-release|system-release|cloud|almalinux/i or Common::invalid_system("The system found that the unexpected '$distro_type' RPM manages the release file.");
$distro_type =~ s/-release//imsg;
# CentOS 8 does not wait for rpm lock when stdin is not a tty. It is difficult to manage the rpm fcntl lock
# in the bootstrap environment, so we call this here to cache the name of the package manager before any
# concurrent tasks start.
name_of_package_manager();
my $distro;
if ( $distro_type eq 'enterprise' ) {
$distro = 'redhat';
}
elsif ( $distro_type eq 'system' ) {
$distro = 'amazon';
$distro_arch = $machine if $distro_arch eq 'noarch'; # SEE CPANEL-8050
}
else {
$distro = $distro_type;
}
Common::INFO( _distro_name($distro) . " $distro_version (Linux) detected!" );
# Handle redhat/centos/almalinux versioning
if ( $distro ne 'amazon' ) {
# The version number must be 6, 7 or 8.
( int($distro_version) < 9 && $distro_version >= 6 ) or Common::invalid_system( "cPanel, L.L.C. does not support " . _distro_name($distro) . " version $distro_version." );
if ( $distro =~ m/redhat|hat enterprise/i ) {
$distro = 'redhat';
}
elsif ( $distro =~ m/cloud/i ) {
$distro = 'cloud';
}
elsif ( $distro =~ m/almalinux/i ) {
$distro = 'almalinux';
}
else {
$distro = 'centos';
}
}
else {
Common::invalid_system( "cPanel, L.L.C. does not support " . _distro_name($distro) . " for new installations." );
}
Common::INFO("Checking RAM now...");
my $total_memory = Common::get_total_memory();
my $min_memory_rules = {
default => 768, # CentOS 5/6 => in a better world should be 512
7 => 1_024, # CentOS 7
8 => 1_024, # CentOS 8
};
my $minmemory = $min_memory_rules->{$distro_version} || $min_memory_rules->{'default'};
if ( $total_memory < $minmemory ) {
Common::ERROR("cPanel, L.L.C. requires a minimum of $minmemory MB of RAM for your operating system.");
Common::FATAL("Increase the server's total amount of RAM, and then reinstall cPanel & WHM.");
}
return ( $distro, $distro_version, $distro_arch );
}
else {
Common::invalid_system("Could not detect version for operating system");
}
Common::invalid_system("Unknown or unsupported operating system: $system");
return;
}
# Install network-scripts package on CentOS 8 before we do the Network Manager check, so if
# a user changes the hostname and removes NM without installing network-scripts manually, the
# server will be able to come back online.
sub check_network_scripts() {
Common::INFO("Configuring networking now...");
yum_nohang_ssystem( '/usr/bin/yum', '-y', 'install', 'network-scripts' );
Common::ssystem(qw{systemctl enable network.service});
Common::ssystem(qw{systemctl start network.service});
Common::ssystem(qw{systemctl disable NetworkManager});
Common::ssystem(qw{systemctl stop NetworkManager});
return;
}
sub check_network_manager() {
my ($release_version) = @_;
Common::INFO("Checking for NetworkManager now...");
if ( $release_version eq 6 ) {
check_initd_network_manager();
return;
}
check_systemd_network_manager();
return;
}
sub network_manager_report_status {
my ( $uninstalled, $running, $startup ) = @_;
if ($uninstalled) {
Common::INFO("NetworkManager is not installed.");
}
elsif ( $running || $startup ) {
Common::ERROR("********************* ERROR *********************");
Common::ERROR("NetworkManager is installed and running, or ");
Common::ERROR("configured to startup. ");
Common::ERROR("");
Common::ERROR("cPanel does not support NetworkManager enabled ");
Common::ERROR("systems. The installation cannot proceed. ");
Common::ERROR("");
Common::ERROR("See https://go.cpanel.net/disablenm for more ");
Common::ERROR("information on disabling Network Manager. ");
Common::ERROR("********************* ERROR *********************");
($force) ? Common::WARN("Continuing installation due to force flag...") : Common::FATAL("Exiting...");
}
else {
Common::WARN("NetworkManager is installed, but not active. Consider removing it.");
}
return;
}
sub check_initd_network_manager {
my $status = `service NetworkManager status 2>/dev/null`;
my $uninstalled = !$status;
my $running;
my $startup;
if ($status) {
my ( $status_service, $verb, $status_state ) = split( ' ', $status );
$running = $status_state ne 'stopped';
}
my $config = `chkconfig NetworkManager --list 2>/dev/null`;
if ($config) {
my ( $config_service, $config_runlevels ) = split( ' ', $config, 2 );
$startup = $config_runlevels =~ m/:on/;
}
network_manager_report_status( $uninstalled, $running, $startup );
return;
}
sub check_systemd_network_manager {
my $status = `systemctl --all --no-legend --no-pager list-units NetworkManager.service 2>/dev/null`;
my $uninstalled = !$status;
my $running;
my $startup;
if ($status) {
my ( $status_service, $load_state, $active_state, $sub_state, @service_description ) = split( ' ', $status );
$running = $active_state && $sub_state && $active_state ne 'inactive' && $sub_state ne 'dead';
# they uninstalled it, but didn't run systemctl daemon-reload
if ( $load_state eq 'not-found' ) {
$uninstalled = 1;
}
}
my $config = `systemctl --all --no-legend --no-pager list-unit-files NetworkManager.service 2>/dev/null`;
if ($config) {
my ( $config_service, $enabled_state ) = split( ' ', $config );
$startup = $enabled_state && $enabled_state ne 'disabled' && $enabled_state ne 'masked';
}
network_manager_report_status( $uninstalled, $running, $startup );
return;
}
sub check_runlevel {
my ($distro_version) = @_;
if ( $distro_version && $distro_version >= 7 ) {
# simply check for multi-user.target on CentOS 7
# system state and their equivalent runlevel targets
# graphical.target <=> runlevel5.target
# multi-user.target <=> runlevel2.target, runlevel3.target, runlevel4.target
# poweroff.target <=> runlevel0.target
# reboot.target <=> runlevel6.target
# rescue.target <=> runlevel1.target
`systemctl is-active multi-user.target >/dev/null 2>&1`; ## no critic(ProhibitQxAndBackticks)
return if $? == 0;
if ($force) {
Common::WARN('The installation process detected that the multi-user.target is not active (boot is probably not finished).');
Common::WARN('The multi-user.target must be active. Proceeding anyway because --force was specified!');
}
else {
Common::ERROR('The installation process detected that the multi-user.target is not active (boot is probably not finished).');
Common::FATAL('The multi-user.target must be active before the installation can continue.');
}
}
my $runlevel = `runlevel`;
chomp $runlevel;
my ( $prev, $curr ) = split /\s+/, $runlevel;
my $message;
# runlevel can also return unknown
if ( !defined $curr ) { $message = "The installation process could not determine the server's current runlevel."; }
elsif ( $curr != 3 ) { $message = "The installation process detected that the server was in runlevel $curr."; }
else { return; }
# the system claims to be in an unsupported runlevel.
if ($force) {
Common::WARN($message);
Common::WARN('The server must be in runlevel 3. Proceeding anyway because --force was specified!');
return;
}
else {
Common::ERROR("The installation process detected that the server was in runlevel $curr.");
Common::FATAL('The server must be in runlevel 3 before the installation can continue.');
}
Common::FATAL('Runlevel logic failed. This should never happen. The installer cannot continue.');
return;
}
# Install fastest mirror plugin for CentOS
sub install_fastest_mirror {
my ( $distro, $distro_version ) = @_;
return unless $distro =~ m/centos|almalinux/;
return if has_yum_plugin_fastestmirror();
Common::INFO("Installing the fastest mirror plugin...");
Common::ssystem( 'yum', 'clean', 'plugins' );
Common::ssystem( 'yum', '-y', 'install', 'yum-fastestmirror' );
Common::ssystem( 'yum', 'clean', 'plugins' );
# We set the number of threads in bootstrap
#
#
# We used to support 512MB of ram which caused a problem with a high
# maxthreads (FB-51412), however this is no longer an issue
# https://documentation.cpanel.net/display/78Docs/Installation+Guide+-+System+Requirements
#
return;
}
# This is a peared down version of ensure_rpms_installed because we don't yet have cpanel code.
# We also assume centhat 5/6/7 for this code.
sub ensure_rpms_installed {
my ( $distro, $distro_version ) = @_;
# Disable rpmforge repos
if ( glob '/etc/yum.repos.d/*rpmforge*' ) {
Common::WARN('DISABLING rpmforge yum repositories.');
mkdir( '/etc/yum.repos.d.disabled', 0755 );
Common::ssystem('mv -fv -- /etc/yum.repos.d/*rpmforge* /etc/yum.repos.d.disabled/ 2>/dev/null');
}
# No fastest-mirror package available on CentOS 8
if ( is_yum_system() ) {
install_fastest_mirror( $distro, $distro_version );
}
# Minimal packages needed to use yum.
Common::INFO("Installing packages needed to download and run the cPanel initial install.");
# Assure wget/bzip2/gpg are installed for centhat. These packages are needed prior to sysup
# Password strength functionality relies on cracklib-dicts being installed
my @packages_to_install = qw/wget bzip2 gnupg2 xz yum nscd psmisc cracklib-dicts/;
if ( index( $distro_version, 8 ) == 0 ) {
# Install epel-releases manually since the BaseOS repo no longer contains this package
yum_nohang_ssystem( '/usr/bin/yum', '-y', 'install', 'https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm' );
# libssh2 moved to epel. python3 is required for retry_rpm.
push @packages_to_install, 'python3';
}
else {
# rdate and yum-fastestmirror aren't available on 8, but set as default for everything else
push( @packages_to_install, 'rdate', 'yum-fastestmirror' );
}
# Install perl-devel on Redhat installs
if ( $distro_version < 2015 ) {
push @packages_to_install, qw{ crontabs sysstat };
# No need to install perl-CPAN on older versions as install_locallib_loginprofile will
# do it for us later
}
# Remove all excludes from /etc/yum.conf
Common::ssystem( '/usr/local/cpanel/scripts/checkyum', '--nokernel', '--noperl' ) if ( -e '/usr/local/cpanel/scripts/checkyum' );
Common::touch('/etc/checkyumdisable'); # Disable checkyum
# Don't attempt to install kernel-headers on systems with the CentOS Plus kernel headers already installed.
# We do not need kernel-headers for v70+ since we don't link anything against the kernel anymore
# if ( !has_kernel_plus_headers() ) {
# push @packages_to_install, 'kernel-headers'; # Needed because Cpanel::SysPkgs excludes kernel_version
#}
if (@packages_to_install) {
yum_nohang_ssystem( '/usr/bin/yum', '-y', 'install', @packages_to_install );
}
# Make sure all rpms are up to date if we are running
# an older version that CentOS 7 since we only support
# Centos 6.5+.
#
# Additionally we need Centos 7.4+ to ensure they
# have the latest version of openssl per
# CPANEL-25853
if ( version_lt( $distro_version, 6.5 ) || ( version_gte( $distro_version, 7 ) && version_lt( $distro_version, 7.4 ) ) ) {
yum_nohang_ssystem( '/usr/bin/yum', '-y', 'update' );
}
# Reinstate yum exclusions
unlink '/etc/checkyumdisable';
Common::ssystem('/usr/local/cpanel/scripts/checkyum') if ( -e '/usr/local/cpanel/scripts/checkyum' );
return;
}
sub disable_software {
my @remove_rpms = qw(
dovecot
exim
mysql
MySQL
mysql-max
MySQL-Max
mysql-devel
MySQL-devel
mysql-client
MySQL-client
mysql-ndb-storage
MySQL-ndb-storage
mysql-ndb-management
MySQL-ndb-management
mysql-ndb-tools
MySQL-ndb-tools
mysql-ndb-extra
MySQL-ndb-extra
mysql-shared
MySQL-shared
mysql-libs
MySQL-libs
mysql-bench
MySQL-bench
mysql-server
MySQL-server
wu-ftpd
portreserve
postfix
sendmail
smail
spamassassin
apache-conf
mod_perl
mariadb-libs
MariaDB-client
MariaDB-common
MariaDB-server
MariaDB-compat
MariaDB-shared
pure-ftpd
proftpd
bind-chroot
);
Common::INFO('Ensuring that prelink is disabled...');
if ( open( my $fh, '+<', '/etc/sysconfig/prelink' ) ) {
my @lines = map { my $s = $_; $s =~ s/^(PRELINKING=)yes(.*)$/$1no$2/; $s } <$fh>;
seek( $fh, 0, 0 );
print {$fh} @lines;
truncate( $fh, tell($fh) );
}
Common::INFO('Ensuring that conflicting services are not installed...');
my @rpms_to_remove =
map { ( split( m{-}, $_, 2 ) )[1] } # split INSTALLED-NAME and take NAME
grep { rindex( $_, 'INSTALLED-', 0 ) == 0 } # Only output that starts with INSTALLED- is installed
split( m{\n}, `rpm -q --nodigest --nosignature --queryformat 'INSTALLED-%{NAME}\n' @remove_rpms` ); ## no critic(ProhibitQxAndBackticks)
if (@rpms_to_remove) {
Common::DEBUG(" Removing @rpms_to_remove...");
Common::ssystem( 'rpm', '-e', '--nodeps', @rpms_to_remove, { ignore_errors => 1 } );
}
Common::INFO('Removing conflicting service references from the RPM database (but leaving the services installed)...');
my @all_pkgs = `rpm -qa --nodigest --nosignature --queryformat '%{name}\n'`; ## no critic(ProhibitQxAndBackticks)
@all_pkgs = grep { $_ !~ m/^cpanel-/ } @all_pkgs; # Don't worry about cpanel RPMS.
return if ($skip_apache);
# TODO: Why are we doing --justdb??? Fix this after at least 11.30
foreach my $rpm ( grep m/http|php|apache|mod_perl/, @all_pkgs ) {
chomp $rpm;
Common::DEBUG(" Removing $rpm...");
Common::ssystem( 'rpm', '-e', '--justdb', '--nodeps', $rpm, { ignore_errors => 1 } );
}
# CPANEL-30184: Required since the file is not managed by the rpm, and is not removed with it.
if ( -e '/var/lib/dovecot/ssl-parameters.dat' ) {
unlink '/var/lib/dovecot/ssl-parameters.dat';
}
return;
}
# A tiny version of Cpanel::RpmUtils::checkupdatesystem();
sub check_yum_works {
local $ENV{'LC_ALL'} = 'C';
my $out = `yum info glibc 2>&1`; ## no critic(ProhibitQxAndBackticks)
return if ( $out =~ m{ (?: Installed | Available) \s+ Packages }xmsi );
Common::ERROR("Your operating system's RPM update method (yum) could not locate the glibc package. This is an indication of an improper setup. You must correct this error before you proceed. ");
Common::FATAL("\n\n");
return;
}
# Code previously located in the bootstrap script.
sub bootstrap {
my ( $distro, $distro_version ) = @_;
# Confirm perl version.
if ( $] < 5.008 ) {
print "This installer requires Perl 5.8.0 or better.\n";
die "Cannot continue.\n";
}
validate_rhn_registration( $distro, $distro_version );
validate_cloudlinux_registration( $distro, $distro_version );
Common::setup_empty_directories($distro);
# Setup yum/up2date touch files.
setup_update_config( $distro, $distro_version );
Common::fetch_gpg_key_once();
return;
}
sub setup_update_config {
my ( $distro, $distro_version ) = @_;
# legacy files
unlink('/var/cpanel/useup2date');
unlink('/var/cpanel/useyum');
Common::touch('/var/cpanel/yum_rhn') if $distro eq 'redhat';
Common::INFO("The installation process will now ensure that GPG is set up properly before it imports keys.");
system(qw{gpg --list-keys});
Common::INFO("The installation process will now import GPG keys for yum.");
if ( -e '/usr/share/rhn/RPM-GPG-KEY' ) {
system( 'gpg', '--import', '/usr/share/rhn/RPM-GPG-KEY' );
system( 'rpm', '--import', '/usr/share/rhn/RPM-GPG-KEY' );
}
if ( !-e '/etc/yum.conf' && -e '/etc/centos-yum.conf' ) {
Common::INFO("The system will now set up yum from the /etc/centos-yum.conf file.");
system(qw{cp -f /etc/centos-yum.conf /etc/yum.conf});
}
return;
}
sub validate_registration {
my ( $distro, $distro_version, $opts ) = @_;
Common::INFO("Checking the $opts->{'distro_name'} registration for updates...");
local $ENV{'TERM'} = 'dumb';
my $registered = `yum list < /dev/null 2>&1`; ## no critic(ProhibitQxAndBackticks)
if ( $registered =~ m/not register|Please run rhn_register/ms
&& $registered !~ /is receiving updates/ms ) {
Common::ERROR("When you use $opts->{'full_distro_name'}, you must register ");
Common::ERROR("with the $opts->{'distro_name'} Network before you install cPanel & WHM.");
Common::ERROR("Run the following command to register your server: $opts->{'register_command'} ");
Common::FATAL("The installation process will now terminate...");
}
return;
}
sub validate_cloudlinux_registration {
my ( $distro, $distro_version ) = @_;
# Short here if not CloudLinux.
return if ( $distro ne 'cloud' );
validate_registration(
$distro,
$distro_version,
{
distro_name => _distro_name($distro),
full_distro_name => _distro_name( $distro, 1 ),
register_command => '/usr/sbin/clnreg_ks --force',
}
);
return;
}
sub validate_rhn_registration {
my ( $distro, $distro_version ) = @_;
# Short here if not redhat
return if ( $distro ne 'redhat' );
validate_registration(
$distro,
$distro_version,
{
distro_name => _distro_name($distro),
full_distro_name => _distro_name( $distro, 1 ),
register_command => '/usr/sbin/rhn_register',
}
);
my @channels = `/usr/bin/yum repolist enabled`; ## no critic(ProhibitQxAndBackticks)
Common::INFO("Validating that the system subscribed to the optional RHN channel...");
# optional channel validated.
return if grep { m/-optional(?:-\d|-rpms|\/7Server)/ } @channels;
my $optional_channel;
foreach my $channel (@channels) {
chomp $channel;
# On RHEL 6, this line looks like this:
# rhel-6-server-rpms Red Hat Enterprise Linux 6 Server (RPMs)
# On RHEL 7, it looks like this:
# rhel-7-server-rpms/7Server/x86_64 Red Hat Enterprise Linux 7 Server (RPMs) 13,357
next if ( $channel !~ /^[!*]?(rhel-([\dxi_]+)-server-(\d+|rpms))[\s\/]+.*$/i );
$channel = $1;
$optional_channel = $channel;
$optional_channel =~ s/-server-6/-server-optional-6/;
$optional_channel =~ s/-server-rpms/-server-optional-rpms/;
}
if ( !$optional_channel ) {
Common::ERROR("The server is not registered with a known Red Hat base channel.");
Common::ERROR('$> /usr/bin/yum repolist enabled');
Common::ERROR(`/usr/bin/yum repolist enabled`); ## no critic(ProhibitQxAndBackticks)
exit 8; ## no critic(NoExitsFromSubroutines) # has always been like this
}
Common::ERROR("cPanel & WHM requires you to subscribe to the RHEL $distro_version optional channel, to get all of the needed packages.");
Common::ERROR("cPanel & WHM will not function without this channel. Check your subscriptions and then rerun the installer.");
Common::ERROR(" ");
Common::ERROR("Please run the following command: /usr/sbin/spacewalk-channel --add --channel=$optional_channel");
Common::ERROR("Or, for newer versions, run the following command: /usr/sbin/subscription-manager attach --auto");
Common::ERROR(" ");
Common::ERROR("You can register to the optional channel at http://rhn.redhat.com.");
Common::FATAL("Terminating...");
return;
}
# This code is somewhat of a duplication of the code for updatenow that blocks updates based on configuration
# settings. It needs to be here also because of the bootstrap level nature for when this needs to run.
sub check_for_install_version_blockers {
my ( $distro, $distro_version, $distro_arch, $force ) = @_;
my $lts_version = Common::get_lts_version();
my $tier = Common::get_cpanel_tier();
$lts_version or Common::FATAL("The system could not determine the target version from your tier: $tier");
if ( $lts_version < 69 ) {
Common::FATAL("You cannot install versions of cPanel & WHM prior to cPanel & WHM version 70.");
}
# QUESTION: Considering all the "invalid system" checks in code, is this
# even necessary anymore? We're already pretty comprehensively doing distro
# checks there.
if ( $distro =~ m/bsd/i ) {
Common::FATAL("cPanel & WHM does not support BSD.");
}
if ( $distro_version < 6 || $distro_arch ne 'x86_64' ) {
Common::FATAL("Starting with version 57, cPanel & WHM supports 64-bit versions of CentOS 6+, Red Hat Enterprise Linux® 6+, and CloudLinux™ 6+ only.");
}
if ( $distro eq 'almalinux' && $lts_version < 93 ) {
Common::FATAL("cPanel & WHM only supports AlmaLinux 8 on version 94 or greater.");
}
if ( ( $distro eq 'centos' || $distro eq 'redhat' ) && version_lt( $distro_version, 7 ) && $lts_version > 86 ) {
my $centos_support = $lts_version < 91 ? 'CentOS 7' : 'CentOS 7+';
Common::FATAL("As of cPanel & WHM version 88, we only support 64-bit versions of $centos_support, Red Hat® Enterprise Linux® 7, and CloudLinux™ 6+.");
}
if ( version_gte( $distro_version, 8 ) && $lts_version < 91 ) {
Common::FATAL("cPanel & WHM only supports CentOS 8, Red Hat® Enterprise Linux® 8 or CloudLinux™ 8 on version 92 or greater.");
}
my $staging_dir = Common::get_staging_dir();
if ( $staging_dir ne '' && $staging_dir ne '/usr/local/cpanel' ) {
Common::FATAL("STAGING_DIR must be set to /usr/local/cpanel during installs.");
}
# pull in cpanel.config settings or return if the file's not there (defaults will assert)
return if ( !-e '/var/cpanel/cpanel.config' );
my $cpanel_config = Common::read_config('/var/cpanel/cpanel.config');
if ( $cpanel_config->{'mysql-version'} ) {
# The only supported installable versions are:
# 5.7, 8.0, 10.2, 10.3, 10.5
# The following will recommend a specific version in error output:
# 5.5, 5.6, 10.0, 10.1
my $supported_versions = qr{^(?:
5\.[5-7]
| 8(?:\.0)?
| 10(?:\.[0-3,5])?
)$}x;
unless ( $cpanel_config->{'mysql-version'} =~ m/$supported_versions/ ) {
Common::FATAL('The mysql-version value in /var/cpanel/cpanel.config is either invalid or references an unsupported MySQL/MariaDB version.');
}
my %db_id = Common::get_db_identifiers( $cpanel_config->{'mysql-version'} );
if ( $distro eq 'cloud' && version_lt( $distro_version, 7 ) && $cpanel_config->{'mysql-version'} >= 10.5 ) {
Common::FATAL("cPanel & WHM does not support $db_id{'stylized'} $cpanel_config->{'mysql-version'} on CloudLinux™ $distro_version.");
}
my $min_allowed_db_version = get_min_allowed_db_version( $lts_version, $distro_version, $db_id{'plain'} );
unless ( $cpanel_config->{'mysql-version'} >= $min_allowed_db_version ) {
Common::FATAL("You must set $db_id{'stylized'} to version $min_allowed_db_version or higher in the /var/cpanel/cpanel.config file for cPanel & WHM version $lts_version.");
}
}
if ( defined $cpanel_config->{'mailserver'} && $cpanel_config->{'mailserver'} =~ m/^courier$/i ) {
Common::FATAL("You must use 'dovecot' or 'disabled' for the mailserver in the /var/cpanel/cpanel.config file for cPanel & WHM version $lts_version.");
}
return;
}
sub update_system_clock {
my ( $distro, $distro_version ) = @_;
# CentOS 8 doesn't have rdate available, but uses chrony instead.
# Since chronyd is already configured by default, the time should already be in sync, but we'll call makestep anyway just to ensure
# it's set at once rather than trying to slowly skew it
my @time_sync_call;
if ( $distro_version >= 8 ) {
@time_sync_call = -x '/bin/chronyc' ? ( '/bin/chronyc', 'makestep' ) : ();
}
else {
# Cent 6, 7, etc can use rdate (not 8)
@time_sync_call =
-x '/usr/bin/rdate' ? ( '/usr/bin/rdate', '-s', 'rdate.cpanel.net' )
: -x '/usr/local/bin/rdate' ? ( '/usr/local/bin/rdate', '-s', 'rdate.cpanel.net' )
: -x '/usr/local/sbin/rdate' ? ( '/usr/local/sbin/rdate', '-s', 'rdate.cpanel.net' )
: -x '/bin/rdate' ? ( '/bin/rdate', '-s', 'rdate.cpanel.net' )
: ();
}
# Complain if we don't have an rdate binary.
if ( !@time_sync_call ) {
Common::ERROR("The system could not set the system clock because an rdate or chronyc binary is missing.");
return;
}
# Set the clock
my $was = time();
Common::ssystem(@time_sync_call);
my $now = time();
Common::INFO( "The system set the clock to: " . localtime($now) );
my $change = $now - $was;
# Adjust the start time if it shifted more than 10 seconds.
if ( abs($change) > 10 ) {
Common::WARN("The system changed the clock by $change seconds.");
$installstart += $change;
Common::WARN( "The system adjusted the starting time to " . localtime($installstart) . "." );
}
else {
Common::INFO("The system changed the clock by $change seconds.");
}
return 1;
}
sub do_clock_update {
my ( $distro, $distro_version ) = @_;
# Sync the clock.
if ( !update_system_clock( $distro, $distro_version ) ) {
Common::WARN( "The current system time is set to: " . `date` ); ## no critic(ProhibitQxAndBackticks)
Common::WARN("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
Common::WARN("The installation process could not verify the system time. The utility to set time from a remote host, rdate or chrony, is not installed.");
Common::WARN("If your system time is incorrect by more than a few hours, source compilations will subtly fail.");
Common::WARN("This issue may result in an overall installation failure.");
Common::WARN("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
}
return;
}
sub _distro_name {
my ( $distro, $full ) = @_;
for my $names (
[ 'centos', 'CentOS', 'CentOS' ],
[ 'redhat', 'Red Hat', 'Red Hat Enterprise Linux®' ],
[ 'cloud', 'CloudLinux', 'CloudLinux™' ],
[ 'amazon', 'Amazon Linux', 'Amazon Linux' ],
[ 'almalinux', 'AlmaLinux', 'AlmaLinux' ], # based on how it is written at almalinux.org
) {
return $names->[ $full ? 2 : 1 ] if $distro eq $names->[0];
}
return $distro;
}
sub has_kernel_plus_headers {
my $rpm_query = `rpm -q --nodigest --nosignature kernel-plus-headers`; ## no critic(ProhibitQxAndBackticks)
return $rpm_query =~ /not installed/ ? 0 : 1;
}
sub has_yum_plugin_fastestmirror {
my $rpm_query = `rpm -q --nodigest --nosignature yum-plugin-fastestmirror`; ## no critic(ProhibitQxAndBackticks)
return $rpm_query =~ /not installed/ ? 0 : 1;
}
# These packages are needed for MySQL later in the install
# By installing them now we do not have to wait for
# download
sub background_download_packages_used_during_initial_install {
my $distro_version = shift || die "distro_version required";
my @python2_packages = qw{python python-devel python-docs python-setuptools };
my @elinks_deps = qw(js nss_compat_ossl);
my @sysup_packages_to_install = qw{quota expat expat-devel};
my @ea4_packages_to_install = qw{elinks libssh2 libssh2-devel libvpx scl-utils perl-libwww-perl krb5-devel perl-Compress-Raw-Bzip2 perl-Compress-Raw-Zlib autoconf automake};
my @mysql_support_packages_to_install = qw{numactl-libs grep shadow-utils coreutils perl-DBI};
my @packages_to_install = ( @mysql_support_packages_to_install, @sysup_packages_to_install, @ea4_packages_to_install );
if ( is_python2_named_python() ) {
push @packages_to_install, @python2_packages;
}
else {
push @packages_to_install, map { my $pkg = $_; $pkg =~ s/python/python2/; $pkg } @python2_packages;
}
if ( $distro_version < 8 ) {
push @packages_to_install, @elinks_deps;
}
if ( my $pid = fork() ) {
# Parent
return $pid;
}
else {
$collect_output = '';
my @epel;
if ( -e "/etc/yum.repos.d/epel.repo" ) { # for ea4
@epel = ('--enablerepo=epel');
}
local $@;
eval { yum_nohang_ssystem( '/usr/bin/yum', @epel, '--downloadonly', '-y', 'install', @packages_to_install ); };
print $collect_output;
undef $collect_output;
die if $@;
exit(0);
}
die "Failed to fork to create background rpm download: $!";
}
# Copied from Cpanel::RpmUtils::Parse
sub parse_rpm_arch {
my ($filename) = @_;
#
# Example:
#
# cpanel-perl-522-Acme-Bleach-1.150-1.cp1156.x86_64.rpm
# ea-php70-libc-client-2007f-7.7.1.x86_64
# glibc-common-2.12-1.192.el6.x86_64.rpm
#
$filename =~ s{\.rpm$}{};
my @rpm_parts = split( /\./, $filename );
my $arch = pop @rpm_parts; # x86_64 (glibc-common-2.12-1.192.el6)
my $name_with_version = join( '.', @rpm_parts ); # glibc-common-2.12-1.192.el6
my $name_version_parse = parse_rpm($name_with_version);
return {
'arch' => $arch,
%$name_version_parse,
};
}
# Copied from Cpanel::RpmUtils::Parse
sub parse_rpm {
my ($name_with_version) = @_;
my @name_version_parts = split( m{-}, $name_with_version );
my $release = pop @name_version_parts; # 1.192.el6 (glibc-common-2.12)
my $version = pop @name_version_parts; # 2.12 (glibc-common)
my $name = join( '-', @name_version_parts );
$name =~ s/^\d+://; # TODO/YAGNI: include epoch (or lack thereof) in results?
return {
'release' => $release,
'version' => $version,
'name' => $name
};
}
sub get_min_allowed_db_version {
my ( $cpversion, $osver, $type ) = @_;
# If OS Version is 8 or higher, enforce MySQL 8/Maria 10.3 as default.
# Otherwise, use 5.5, 5.6 or 5.7 as is outlined in our version matrix.
$type ||= 'mysql';
my %at_least_req_combos = (
'mariadb' => [
{
'osver' => 8,
'cpver' => 91,
'dbver' => 10.3,
},
{
'osver' => 6,
'cpver' => 48,
'dbver' => 10.2, # MariaDB 10.2 reaches EOL May 23, 2022
},
],
'mysql' => [
{
'osver' => 8,
'cpver' => 91,
'dbver' => 8.0,
},
{
'osver' => 6,
'cpver' => 80,
'dbver' => 5.6,
},
{
'osver' => 6,
'cpver' => 48,
'dbver' => 5.5,
},
],
);
# Choose the possible combo with the cpversion "closest" to passed in.
# Sorting the grep result will enable this rather straightforwardly.
my ($winning_combo) = sort { $b->{'cpver'} <=> $a->{'cpver'} } grep {
my $hr = $_;
$osver >= $hr->{'osver'} && $cpversion >= $hr->{'cpver'}
} @{ $at_least_req_combos{$type} };
return $winning_combo->{'dbver'};
}
sub max {
my ( $a, $b ) = @_;
return $a > $b ? $a : $b;
}
sub version_cmp {
my ( $a, $b ) = @_;
my @parts_a = split /\./, $a;
my @parts_b = split /\./, $b;
my $len = max( scalar @parts_a, scalar @parts_b );
for ( my $i = 0; $i < $len; $i++ ) {
my $part_a = $parts_a[$i];
my $part_b = $parts_b[$i];
return 1 unless defined $part_b;
return -1 unless defined $part_a;
my $result = $part_a <=> $part_b;
return $result unless $result == 0;
}
return 0;
}
sub version_lt {
my ( $a, $b ) = @_;
return version_cmp( $a, $b ) < 0 ? 1 : 0;
}
sub version_gte {
my ( $a, $b ) = @_;
return version_cmp( $a, $b ) > -1 ? 1 : 0;
}
sub name_of_package_manager {
if ( !defined($package_manager) ) {
my $code = Common::ssystem( qw(rpm -q dnf), { 'ignore_errors' => 1 } );
if ( 0 == $code ) {
$package_manager = 'dnf';
}
else {
$package_manager = 'yum';
}
}
return $package_manager;
}
sub is_yum_system {
return 'yum' eq name_of_package_manager();
}
sub is_python2_named_python {
return 0 == Common::ssystem( qw(yum info python), { 'ignore_errors' => 1 } );
}
# see also: Cpanel::SysPkgs::YUM::_get_powertools_repoid
sub _get_powertools_repoid {
my $is_cloudlinux = 'cloud' eq $distro;
my $centos_powertools = version_gte( $distro_version, 8.3 ) ? 'powertools' : 'PowerTools';
return $is_cloudlinux ? 'cloudlinux-PowerTools' : $centos_powertools;
}
sub get_system_arch {
chomp( my $system_arch = `rpm --eval=%_arch` );
return $system_arch;
}
1;