source: alternc/trunk/install/alternc.install @ 3142

#!/bin/sh
#
# AlternC Main install script.
# This script should be launched only once, when installing AlternC
# on a new server. THIS SCRIPT ERASE ALL DATA ON THE AlternC SYSTEM !!
# YOU HAVE BEEN WARNED !

# This script now assumes it has MySQL connectivity through
# /etc/alternc/my.cnf

set -e 

for i in $*; do
    case "$i" in
        -f|--force)
            force=1; shift;;
        -s|--slave)
            slave=1; shift;;
        --)
            break;;
        *)
            echo "unknown option $i"; shift;;
    esac
done

. /usr/lib/alternc/functions.sh

#######################################################################
# Script configuration
#

# Configuration template location
TEMPLATE_DIR="/etc/alternc/templates"

# Find needed configuration files (without the initial '/')
# replace this one unconditionnally
CONFIG_FILES="etc/alternc/bureau.conf"

if [ -e /etc/bind/named.conf ]; then
    CONFIG_FILES="$CONFIG_FILES etc/bind/templates/zone.template
                  etc/bind/templates/named.template etc/bind/named.conf.options"
fi
if [ -d /etc/postfix ]; then
    CONFIG_FILES="$CONFIG_FILES etc/postfix/myalias.cf etc/postfix/myrelay.cf
                  etc/postfix/mydomain.cf etc/postfix/mygid.cf
                  etc/postfix/myvirtual.cf etc/postfix/sasl/smtpd.conf"
fi
if [ -e /etc/proftpd/proftpd.conf ]; then
    CONFIG_FILES="$CONFIG_FILES etc/proftpd/proftpd.conf etc/proftpd/welcome.msg etc/proftpd/modules.conf"
fi
if [ -e /etc/squirrelmail/apache.conf ]; then
    CONFIG_FILES="$CONFIG_FILES etc/squirrelmail/apache.conf"
fi

if [ -e /etc/default/saslauthd ]; then
    CONFIG_FILES="$CONFIG_FILES etc/default/saslauthd"
fi

INSTALLED_CONFIG_TAR="/var/backups/alternc/etc-installed.tar.gz"

#######################################################################
# Look for modified configuration files
#
if [ -f "$INSTALLED_CONFIG_TAR" ]; then
    CHANGED="`env LANG=C tar -zdf "$INSTALLED_CONFIG_TAR" -C / 2> /dev/null | 
              grep -v 'postfix/main.cf' | grep -v 'Uid differs'|grep -v 'Gid differs'  |grep -v 'Mode differs' | 
              sed -e 's/^\([^:]*\).*/    \1/' | sort -u`"
    # " shutup emacs
    if [ ! -z "$CHANGED" ]; then
        echo "The following configuration files has changed since last AlternC"
        echo "installation :"
        echo "$CHANGED"
        echo ""
        if [ "$force" = "1" ]; then
            echo "Replacing them as you requested."
        else
            echo "These configuration files should normally be modified by"
            echo "changing the template in $TEMPLATE_DIR and then calling"
            echo "$0 to perform the update."
            echo ""
            echo "Please examine the situation closely and call '$0 --force'"
            echo "if you still want to actually overwrite these files."
            exit 1
        fi
    fi
fi

#######################################################################
# Prepare template expansions
#

. /etc/alternc/local.sh

# Check ACL
aclcheckfile="$ALTERNC_LOC/test-acl"
touch "$aclcheckfile"
setfacl -m u:root:rwx "$aclcheckfile" 2>/dev/null || ( echo "Error : ACL aren't activated on $ALTERNC_LOC . AlternC can't work without it." ; exit 2)

# XXX: copy-paste from debian/config
if [ -r /etc/alternc/my.cnf ]; then
    # make mysql configuration available as shell variables
    # to convert from .cnf to shell syntax, we:
    # * match only lines with "equal" in them (/=/)
    # * remove whitespace around the = and add a left quote operator ' (;s)
    # * add a right quote operator at the end of line (;s)
    # * convert mysql variables into our MYSQL_ naming convention (;s)
    # * print the result (;p)
    eval `sed -n -e "/=/{s/ *= *\"\?/='/;s/\"\?\$/'/;s/host/MYSQL_HOST/;s/user/MYSQL_USER/;s/password/MYSQL_PASS/;s/database/MYSQL_DATABASE/;p}" /etc/alternc/my.cnf`
    chown root:alterncpanel /etc/alternc/my.cnf
    chmod 640 /etc/alternc/my.cnf
fi

if [ -r /etc/alternc/my_mail.cnf ]; then
    # make mysql configuration available as shell variables
    # to convert from .cnf to shell syntax, we:
    # * match only lines with "equal" in them (/=/)
    # * remove whitespace around the = and add a left quote operator ' (;s)
    # * add a right quote operator at the end of line (;s)
    # * convert mysql variables into our MYSQL_ naming convention (;s)
    # * print the result (;p)
    eval `sed -n -e "/=/{s/ *= *\"\?/='/;s/\"\?\$/'/;s/host/MYSQL_HOST/;s/user/MYSQL_MAIL_USER/;s/password/MYSQL_MAIL_PASS/;s/database/MYSQL_DATABASE/;p}" /etc/alternc/my_mail.cnf`
    chown root:alterncpanel /etc/alternc/my_mail.cnf
    chmod 640 /etc/alternc/my_mail.cnf
fi

WARNING="WARNING: Do not edit this file, edit the one in /etc/alternc/templates and launch alternc.install again."

VERSION="`dpkg -s alternc | sed -n -e 's/^Version: \(.*\)/\1/p'`"

# /var/alternc/dns/d/www.example.com
FQDN_LETTER="`echo $FQDN | sed -e 's/.*\.\([^\.]\)[^\.]*\.[^\.]*$/\1/'`"
if [ "$FQDN_LETTER" = "$FQDN" ] 
then
       FQDN_LETTER="_" 
fi

NS2_IP=`perl -e "\\$h = (gethostbyname(\"$NS2_HOSTNAME\"))[4];
                 @ip = unpack('C4', \\$h);
                 print join (\".\", @ip);"`

if [ -z "$MONITOR_IP" ]; then
    MONITOR_IP="127.0.0.1"
fi

PUBLIC_IP_BEGIN=$(echo $PUBLIC_IP|cut -c 1)

# XXX: I assume this is secure if /tmp is sticky (+t)
# we should have a better way to deal with templating, of course.
SED_SCRIPT=`mktemp`
cat > $SED_SCRIPT <<EOF
s\\%%hosting%%\\$HOSTING\\;
s\\%%fqdn%%\\$FQDN\\;
s\\%%public_ip%%\\$PUBLIC_IP\\;
s\\%%public_ip_begin%%\\$PUBLIC_IP_BEGIN\\;
s\\%%internal_ip%%\\$INTERNAL_IP\\;
s\\%%monitor_ip%%\\$MONITOR_IP\\;
s\\%%ns1%%\\$NS1_HOSTNAME\\;
s\\%%ns2%%\\$NS2_HOSTNAME\\;
s\\%%mx%%\\$DEFAULT_MX\\;
s\\%%dbhost%%\\$MYSQL_HOST\\;
s\\%%dbname%%\\$MYSQL_DATABASE\\;
s\\%%dbuser%%\\$MYSQL_USER\\;
s\\%%dbpwd%%\\$MYSQL_PASS\\;
s\\%%db_mail_user%%\\$MYSQL_MAIL_USER\\;
s\\%%db_mail_pwd%%\\$MYSQL_MAIL_PASS\\;
s\\%%ALTERNC_LOC%%\\$ALTERNC_LOC\\;
s\\%%warning_message%%\\$WARNING\\;
s\\%%fqdn_lettre%%\\$FQDN_LETTER\\;
s\\%%version%%\\$VERSION\\;
s\\%%ns2_ip%%\\$NS2_IP\\;
EOF

#######################################################################
# Backup configuration files
#
BACKUP_FILE="/var/backups/alternc/etc-original-`date +%Y%m%d-%H%M`.tar.gz"

# Only backup what we are really going to replace
BACKUPS=""
for file in $CONFIG_FILES; do
    TEMPLATE="$TEMPLATE_DIR/${file##etc/}"
    if [ -f "$TEMPLATE" ]; then
        BACKUPS="$BACKUPS $file"
    fi
done

# also backup main.cf since we're doing major changes to it
BACKUPS="$BACKUPS etc/postfix/main.cf"
tar -zcf "$BACKUP_FILE" -C / $BACKUPS 2>/dev/null || true

#######################################################################
# Expand templates in the right place
#
echo -n "Expanding variables in configuration files:"
for file in $CONFIG_FILES; do
    TEMPLATE="$TEMPLATE_DIR/${file##etc/}"
    echo -n " $file"
    if [ -f "$TEMPLATE" ]; then
        sed -f "$SED_SCRIPT" < $TEMPLATE > /$file
    fi
done
echo "."
rm -f $SED_SCRIPT

######################################################################## 
# Ad-hoc fixes
#

php="`ls /usr/lib/apache*/*/*php*.so | sed -e 's/^.*libphp\(.\)\.so$/php\1/' | tail -1`"
ln -fs /etc/alternc/alternc.ini /etc/$php/conf.d/alternc.ini || true
if [ -x /usr/sbin/apache2 ]; then
    s=""
    if ! [ -L /etc/apache2/mods-enabled/vhost_alias.load ]
    then
        a2enmod vhost_alias
        s="apache2"
    fi 
    if ! [ -L /etc/apache2/mods-enabled/$php.load ]
    then
            a2enmod $php
    fi
    if ! [ -L /etc/apache2/mods-enabled/rewrite.load ]
    then
            a2enmod rewrite
    fi
    if [ -e /etc/alternc/apache.pem ]; then
        # We enable proftpd tls module
        cat /etc/proftpd/modules.conf | sed -e 's/^#LoadModule mod_tls.c/LoadModule mod_tls.c/' > /etc/proftpd/modules.conf.alternc-new
        mv /etc/proftpd/modules.conf.alternc-new /etc/proftpd/modules.conf 
        cp /etc/proftpd/modules.conf /etc/alternc/templates/proftpd/
        # We enable apache2 SSL : 
        if [ ! -L /etc/apache2/mods-enabled/ssl.load ] ; then
            a2enmod ssl
            s="apache2"
        fi
        if [ ! -h /etc/apache2/conf.d/alternc-ssl.conf ] && [ -e /etc/apache2/conf.d/ ]; then
            ln -sf /etc/alternc/apache2-ssl.conf /etc/apache2/conf.d/alternc-ssl.conf
            s="apache2"
        fi
    else
        # We disable proftpd tls module
        cat /etc/proftpd/modules.conf | sed -e 's/^LoadModule mod_tls.c/#LoadModule mod_tls.c/' > /etc/proftpd/modules.conf.alternc-new
        mv /etc/proftpd/modules.conf.alternc-new /etc/proftpd/modules.conf 
        cp /etc/proftpd/modules.conf /etc/alternc/templates/proftpd/
        echo "SSL not configured"
        echo "create a certificate in /etc/alternc/apache.pem and rerun alternc.install"
    fi
    if [ ! -h /etc/apache2/conf.d/alternc.conf ] && [ -e /etc/apache2/conf.d/ ]; then
        ln -sf /etc/alternc/apache2.conf /etc/apache2/conf.d/alternc.conf
        s="apache2"
    fi
    if [ -e /etc/apache2/sites-enabled/000-default ]; then
        a2dissite default
        s="apache2"
    fi
    SERVICES="$SERVICES $s"
fi

# Copy postfix *_checks if they do not exist
for file in body_checks header_checks; do
    if [ ! -e "/etc/postfix/$file" ]; then
        cp /usr/share/alternc/install/$file /etc/postfix
    fi
done

# Attribute the correct rights to critical postfix files
if [ -e /etc/postfix/myalias.cf -o -e /etc/postfix/mydomain.cf -o -e /etc/postfix/mygid.cf -o -e /etc/postfix/myvirtual.cf -o -e /etc/postfix/myrelay.cf ]; then
    chown root:postfix /etc/postfix/my*
    chmod 640 /etc/postfix/my*
fi

if [ ! -f /etc/postfix/main.cf ]
then
    echo "****************************************"
    echo "POSTFIX is NOT configured properly"
    echo "please launch dpkg-reconfigure -plow postfix" 
    echo "and choose 'Internet Site'"
    echo "then reinstall alternc"
    echo "****************************************"
    exit 1
fi

# configure Postfix appropriatly for our needs
if [ "$slave" = "1" ]; then
    postfix_conf=/etc/alternc/postfix-slave.cf
else
    postfix_conf=/etc/alternc/postfix.cf
fi
while read line ; do
   postconf -e "$line"
done < "$postfix_conf"

# Conviguring delivery used bu Postfix FIXME change script name
echo `/usr/bin/postfix-add-policy2 dovecot pipe DRhu vmail:vmail  '/usr/lib/dovecot/deliver -f ${sender} -d ${recipient} '`

# Bug #1215: configure mydestination when $FQDN is not in
OLDDESTINATION=`postconf mydestination | awk -F '=' '{print $2}'`
echo "$OLDDESTINATION" | grep -q -v "$FQDN" && postconf -e "mydestination = $FQDN, $OLDDESTINATION"
 
if [ -e /etc/proftpd.conf ] ; then
    chmod 640 /etc/proftpd/proftpd.conf
fi

if [ -x /usr/sbin/locale-gen ] ; then
    touch /etc/locale.gen
    LOCALECHANGED=""
    # Add de_DE ISO-8859-1, en_US ISO-8859-1, es_ES ISO-8859-1, fr_FR ISO-8859-1 to the locales : 
    if ! grep -q "^de_DE ISO-8859-1$" /etc/locale.gen ; then
        echo "de_DE ISO-8859-1" >>/etc/locale.gen
        LOCALECHANGED=1
    fi
    if ! grep -q "^en_US ISO-8859-1$" /etc/locale.gen ; then
        echo "en_US ISO-8859-1" >>/etc/locale.gen
        LOCALECHANGED=1
    fi
    if ! grep -q "^es_ES ISO-8859-1$" /etc/locale.gen ; then
        echo "es_ES ISO-8859-1" >>/etc/locale.gen
        LOCALECHANGED=1
    fi
    if ! grep -q "^fr_FR ISO-8859-1$" /etc/locale.gen ; then 
        echo "fr_FR ISO-8859-1" >>/etc/locale.gen
        LOCALECHANGED=1
    fi
    if [ "$LOCALECHANGED" ] ; then
        locale-gen
    fi
fi

#######################################################################
# Save installed files to check them during next install
#
tar -zcf "$INSTALLED_CONFIG_TAR" -C / $CONFIG_FILES

#######################################################################
# Reload services
#
for service in postfix bind9 dovecot cron proftpd; do
    invoke-rc.d $service force-reload || true
done

#######################################################################
# Last touches
#

chown alterncpanel:alterncpanel "$ALTERNC_LOC/html/"*
setfacl -b -k -m d:g:alterncpanel:rw- -m g:alterncpanel:rw- "$ALTERNC_LOC/html/"*

# Creating admin user if needed
HAS_ROOT=`mysql --defaults-file=/etc/alternc/my.cnf -e "SELECT COUNT(*) FROM membres WHERE login = 'admin' OR login = 'root' and su = 1" | tail -1`
if [ "$HAS_ROOT" != "1" ]; then
    echo "Creating admin user..."
    echo ""

    if su - alterncpanel -s /bin/bash -c /usr/share/alternc/install/newone.php
      then
      echo "*******************************************"
      echo "*                                         *"
      echo "*               Admin account             *"
      echo "*               ------------              *"
      echo "*                                         *"
      echo "* user: admin             password: admin *"
      echo "*                                         *"
      echo "* Please change this as soon as possible! *"
      echo "*                                         *"
      echo "*******************************************"
    else
      echo "Il a été impossible de créer un nouveau membre alternc. newone.php a retourné un code d'erreur $?. Vérifiez si la base MySQL, PHP, ainsi que le fichier local.sh sont bien configurés. Vérifiez aussi si des erreurs ne sont pas apparues plus haut dans l'installation."
    fi
fi

#giving vmail user read access on dovecot sql file
chgrp vmail /etc/dovecot/dovecot.conf
chmod g+r /etc/dovecot/dovecot.conf

# Changing owner of web panel's files
chown -R alterncpanel:alterncpanel "$ALTERNC_LOC/bureau"

# We force the re-computing of the DNS zones, since we may have changed the IP address (see #460)
/usr/bin/mysql --defaults-file="/etc/alternc/my.cnf" -B -e "update domaines set dns_action='update';"

# We should restart apaches after all configuration stuff ...
for service in $SERVICES; do
    test -x /etc/init.d/$service && invoke-rc.d $service stop || true
done
for service in $SERVICES; do
    test -x /etc/init.d/$service && invoke-rc.d $service start || true
done