#!/bin/bash # # koha-create -- Create a new Koha instance. # Copyright 2010 Catalyst IT, Ltd # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # Read configuration variable file if it is present [ -r /etc/default/koha-common ] && . /etc/default/koha-common set -e # include helper functions if [ -f "/usr/share/koha/bin/koha-functions.sh" ]; then . "/usr/share/koha/bin/koha-functions.sh" else echo "Error: /usr/share/koha/bin/koha-functions.sh not present." 1>&2 exit 1 fi usage() { local scriptname=$0 cat </templates --timezone time/zone Specify a timezone. e.g. America/Argentina --upload-path dir Set a user defined upload_path. It defaults to /var/lib/koha//uploads --tmp-path dir Set a user defined tmp_path. It defaults to /var/lib/koha//tmp --letsencrypt Set up a https-only site with letsencrypt certificates --smtp-host host SMTP host name --smtp-port NN SMTP port --smtp-timeout NN Connection timeout in seconds --smtp-ssl-mode mode SSL mode. Options are 'disabled' (default), 'ssl' and 'starttls'. --smtp-user-name user User name to be used on SMTP auth --smtp-password pass Password to authenticate SMTP --smtp-debug Enable debug mode for SMTP --mb-host host RabbitMQ host name (default: localhost) --mb-port NN RabbitMQ port (default: 61613) --mb-user user RabbitMQ user (default: guest) --mb-pass pass RabbitMQ password (default: guest) --mb-vhost vhost RabbitMQ vhost (default: koha_) --keep-cookie NAME Do not clear this cookie at logout (can be repeated) --help,-h Show this help. Note: the instance name cannot be longer that 11 chars. EOF } # UPPER CASE VARIABLES - from configfile or default value # lower case variables - generated within this script generate_config_file() { touch "$2" chown "root:$username" "$2" # Bug 28364: the z3950 responder needs other permissions [ "$1" = "log4perl-site.conf.in" ] && chown "$username:$username" "$2" # Handle repeated command line options (KEEP_COOKIE) keep_cookie_lines="" for cookie in "${KEEP_COOKIE[@]}" do keep_cookie_lines="${keep_cookie_lines} ${cookie}<\/do_not_remove_cookie>\\n" done chmod 0640 "$2" sed -e "s/__KOHA_CONF_DIR__/\/etc\/koha\/sites\/$name/g" \ -e "s/__KOHASITE__/$name/g" \ -e "s/__OPACPORT__/$OPACPORT/g" \ -e "s/__INTRAPORT__/$INTRAPORT/g" \ -e "s/__OPACSERVER__/$opacdomain/g" \ -e "s/__INTRASERVER__/$intradomain/g" \ -e "s/__ZEBRA_PASS__/$zebrapwd/g" \ -e "s/__ZEBRA_MARC_FORMAT__/$ZEBRA_MARC_FORMAT/g" \ -e "s/__ZEBRA_LANGUAGE__/$ZEBRA_LANGUAGE/g" \ -e "s/__SRU_BIBLIOS_PORT__/$SRU_SERVER_PORT/g" \ -e "s/__START_SRU_PUBLICSERVER__/$START_SRU_PUBLICSERVER/g" \ -e "s/__END_SRU_PUBLICSERVER__/$END_SRU_PUBLICSERVER/g" \ -e "s/__API_SECRET__/$API_SECRET/g" \ -e "s/__DB_NAME__/$mysqldb/g" \ -e "s/__DB_HOST__/$mysqlhost/g" \ -e "s/__DB_USER__/$mysqluser/g" \ -e "s/__DB_PASS__/$mysqlpwd/g" \ -e "s/__ELASTICSEARCH_SERVER__/${ELASTICSEARCH_SERVER}/g" \ -e "s/__UNIXUSER__/$username/g" \ -e "s/__UNIXGROUP__/$username/g" \ -e "s#__TEMPLATE_CACHE_DIR__#$TEMPLATE_CACHE_DIR#g" \ -e "s#__TIMEZONE__#$TIMEZONE#g" \ -e "s#__BCRYPT_SETTINGS__#$BCRYPT_SETTINGS#g" \ -e "s#__UPLOAD_PATH__#$UPLOAD_PATH#g" \ -e "s#__TMP_PATH__#$TMP_PATH#g" \ -e "s/__LOG_DIR__/\/var\/log\/koha\/$name/g" \ -e "s/__PLUGINS_DIR__/\/var\/lib\/koha\/$name\/plugins/g" \ -e "s/__MEMCACHED_NAMESPACE__/$MEMCACHED_NAMESPACE/g" \ -e "s/__MEMCACHED_SERVERS__/$MEMCACHED_SERVERS/g" \ -e "s/__SMTP_HOST__/$SMTP_HOST/g" \ -e "s/__SMTP_PORT__/$SMTP_PORT/g" \ -e "s/__SMTP_TIMEOUT__/$SMTP_TIMEOUT/g" \ -e "s/__SMTP_SSL_MODE__/$SMTP_SSL_MODE/g" \ -e "s/__SMTP_USER_NAME__/$SMTP_USER_NAME/g" \ -e "s/__SMTP_PASSWORD__/$SMTP_PASSWORD/g" \ -e "s/__SMTP_DEBUG__/$SMTP_DEBUG/g" \ -e "s/__MESSAGE_BROKER_HOST__/$MESSAGE_BROKER_HOST/g" \ -e "s/__MESSAGE_BROKER_PORT__/$MESSAGE_BROKER_PORT/g" \ -e "s/__MESSAGE_BROKER_USER__/$MESSAGE_BROKER_USER/g" \ -e "s/__MESSAGE_BROKER_PASS__/$MESSAGE_BROKER_PASS/g" \ -e "s/__MESSAGE_BROKER_VHOST__/$MESSAGE_BROKER_VHOST/g" \ -e "s/ __KEEP_COOKIE__<\/do_not_remove_cookie>/$keep_cookie_lines/" \ "/etc/koha/$1" > "$2" } getmysqlhost() { if [ ! -f /etc/mysql/debian.cnf ] then echo localhost return fi awk ' BEGIN { FS="=" } $1 ~/\[/ { inclient=0 } $1 ~/\[client\]/ { inclient=1; next } inclient==1 && $1 ~/host/ { gsub(/ /, "", $2); print $2 }' \ /etc/mysql/koha-common.cnf } getinstancemysqlpassword() { xmlstarlet sel -t -v 'yazgfs/config/pass' "/etc/koha/sites/$1/koha-conf.xml" } getinstancemysqluser() { xmlstarlet sel -t -v 'yazgfs/config/user' "/etc/koha/sites/$1/koha-conf.xml" } getinstancemysqldatabase() { xmlstarlet sel -t -v 'yazgfs/config/database' "/etc/koha/sites/$1/koha-conf.xml" } check_apache_config() { # Check that mpm_itk is installed and enabled if ! /usr/sbin/apachectl -M | grep -q 'mpm_itk'; then # Check Apache version APACHE_DISABLE_MPM_MSG="" if /usr/sbin/apache2ctl -v | grep -q "Server version: Apache/2.4"; then # mpm_event or mpm_worker need to be disabled first. mpm_itk depends # on mpm_prefork, which is enabled if needed. See # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734865 if /usr/sbin/apachectl -M | grep -q 'mpm_event'; then APACHE_DISABLE_MPM_MSG=" sudo a2dismod mpm_event ;" elif /usr/sbin/apachectl -M | grep -q 'mpm_worker'; then APACHE_DISABLE_MPM_MSG=" sudo a2dismod mpm_worker ;" # else mpm_prefork: a2enmod mpm_itk works fi # else Apache 2.2: a2enmod mpm_itk works fi cat 1>&2 <&2 <&2 << EOM Koha requires mod_cgi to be enabled within Apache in order to run. Typically this can be enabled with: sudo a2enmod cgi EOM die fi # Check that mod_ssl is installed and enabled. if [ "$CLO_LETSENCRYPT" = "yes" ]; then if ! /usr/sbin/apachectl -M | grep -q 'ssl_module'; then cat 1>&2 </dev/null | grep -c "ok installed") -eq 0 ]; then set +e apt-cache show letsencrypt &>/dev/null local aptcacheshow=$? set -e if [ $aptcacheshow -eq 0 ]; then read -r -p "The letsencrypt package is not installed. Do it now? [y/N] " response if [[ $response =~ ^([yY][eE][sS]|[yY])$ ]]; then local debrelease="$(lsb_release -c -s)" if [ $debrelease = "jessie" ]; then apt-get install -y -t jessie-backports letsencrypt else apt-get install -y letsencrypt fi else die "You have to install letsencrypt to use the --letsencrypt parameter." fi else echo "No installation candidate available for package letsencrypt." if [[ -f /usr/bin/letsencrypt ]]; then read -r -p "If you have a symlink from /usr/bin/letsencrypt to letsencrypt-auto, it should work. [y/N] " response if [[ ! $response =~ ^([yY][eE][sS]|[yY])$ ]]; then die "You have to install letsencrypt to use the --letsencrypt parameter." fi else die "You can create a symlink from /usr/bin/letsencrypt to letsencrypt-auto." fi fi fi } letsencrypt_instance() { # Get letsencrypt certificates letsencrypt --agree-tos --renew-by-default --webroot certonly \ -w /usr/share/koha/opac/htdocs/ -d $opacdomain -w /usr/share/koha/intranet/htdocs/ -d $intradomain # enable all ssl settings (apache won't start with these before certs are present) sed -i "s:^\s*#\(\s*SSL.*\)$:\1:" "/etc/apache2/sites-available/$name.conf" # change port from 80 to 443. (apache won't start if it is 443 without certs present) sed -i "s:^\s*\( #https$:\1443>:" "/etc/apache2/sites-available/$name.conf" # enable redirect from http to https on port 80 sed -i "s:^\s*#\(.*\)#nohttps$:\1:" "/etc/apache2/sites-available/$name.conf" # make koha-list --letsencrypt aware of this instance # could be done by checking apache conf instead echo -e "opacdomain=\"$opacdomain\"\nintradomain=\"$intradomain\"" > /var/lib/koha/$name/letsencrypt.enabled # restart apache with working certs service apache2 restart } # Set defaults and read config file, if it exists. DOMAIN="" OPACPORT="80" OPACPREFIX="" OPACSUFFIX="" INTRAPORT="8080" INTRAPREFIX="" INTRASUFFIX="" DEFAULTSQL="" ZEBRA_MARC_FORMAT="marc21" ZEBRA_LANGUAGE="en" ADMINUSER="1" PASSWDFILE="/etc/koha/passwd" # SMTP config SMTP_HOST="localhost" SMTP_PORT="25" SMTP_TIMEOUT="120" SMTP_SSL_MODE="disabled" SMTP_USER_NAME="" SMTP_PASSWORD="" SMTP_DEBUG="0" # Message broker (a.k.a. RabbitMQ) config DEFAULT_MESSAGE_BROKER_PREFIX="koha_" MESSAGE_BROKER_HOST="localhost" MESSAGE_BROKER_PORT="61613" MESSAGE_BROKER_USER="guest" MESSAGE_BROKER_PASS="guest" MESSAGE_BROKER_VHOST="" # memcached variables USE_MEMCACHED="yes" MEMCACHED_SERVERS="" MEMCACHED_PREFIX="" # elasticsearch config ELASTICSEARCH_SERVER="localhost:9200" # hardcoded memcached defaults DEFAULT_MEMCACHED_SERVERS="127.0.0.1:11211" DEFAULT_MEMCACHED_PREFIX="koha_" # hardcoded instance base path INSTANCE_PATH_BASE="/var/lib/koha" UPLOAD_DIR="uploads" UPLOAD_PATH="" # timezone defaults to empty TIMEZONE="" # hardcoded upload_tmp_path TMP_DIR="tmp" TMP_PATH="" # cache base dir CACHE_DIR_BASE="/var/cache/koha" # Generate a randomizaed API secret API_SECRET="$(pwgen -s 64 1)" # SRU server variables ENABLE_SRU="no" SRU_SERVER_PORT="" # hardcoded default SRU server port DEFAULT_SRU_SERVER_PORT="7090" START_SRU_PUBLICSERVER="" APACHE_CONFIGFILE="" declare -a KEEP_COOKIE if [ -e /etc/koha/koha-sites.conf ] then . /etc/koha/koha-sites.conf fi [ $# -ge 1 ] && [ $# -le 16 ] || ( usage ; die "Error: wrong parameters" ) TEMP=`getopt -o chrpm:l:d:f:b:a: -l create-db,request-db,populate-db,use-db,enable-sru,sru-port:,help,marcflavor:,auth-idx:,biblio-idx:,zebralang:,defaultsql:,configfile:,passwdfile:,dbhost:,database:,elasticsearch-server:,adminuser:,memcached-servers:,memcached-prefix:,template-cache-dir:,timezone:,upload-path:,tmp-path:,smtp-host:,smtp-port:,smtp-timeout:,smtp-ssl-mode:,smtp-user-name:,smtp-password:,smtp-debug,mb-host:,mb-port:,mb-user:,mb-pass:,mb-vhost:,letsencrypt,keep-cookie:, \ -n "$0" -- "$@"` # Note the quotes around `$TEMP': they are essential! eval set -- "$TEMP" # Temporary variables for the command line options CLO_ZEBRA_MARC_FORMAT="" CLO_ZEBRA_LANGUAGE="" CLO_DEFAULTSQL="" CLO_ADMINUSER="" CLO_MEMCACHED_SERVERS="" CLO_MEMCACHED_PREFIX="" CLO_ELASTICSEARCH_SERVER="" CLO_UPLOAD_PATH="" CLO_TMP_PATH="" CLO_LETSENCRYPT="" CLO_TEMPLATE_CACHE_DIR="" CLO_TIMEZONE="" CLO_SMTP_HOST="" CLO_SMTP_PORT="" CLO_SMTP_TIMEOUT="" CLO_SMTP_SSL_MODE="" CLO_SMTP_USER_NAME="" CLO_SMTP_PASSWORD="" CLO_SMTP_DEBUG="" CLO_MESSAGE_BROKER_HOST="" CLO_MESSAGE_BROKER_PORT="" CLO_MESSAGE_BROKER_USER="" CLO_MESSAGE_BROKER_PASS="" CLO_MESSAGE_BROKER_VHOST="" while true ; do case "$1" in -c|--create-db) op=create ; shift ;; -r|--request-db) op=request ; shift ;; -p|--populate-db) op=populate ; shift ;; -u|--use-db) op=use ; shift ;; --memcached-servers) CLO_MEMCACHED_SERVERS="$2" ; shift 2 ;; --memcached-prefix) CLO_MEMCACHED_PREFIX="$2" ; shift 2;; --elasticsearch-server) CLO_ELASTICSEARCH_SERVER="$2" ; shift 2 ;; -m|--marcflavor) CLO_ZEBRA_MARC_FORMAT="$2" ; shift 2 ;; -l|--zebralang) CLO_ZEBRA_LANGUAGE="$2" ; shift 2 ;; -d|--defaultsql) CLO_DEFAULTSQL="$2" ; shift 2 ;; -f|--configfile) configfile="$2" ; shift 2 ;; -s|--passwdfile) CLO_PASSWDFILE="$2" ; shift 2 ;; -b|--database) CLO_DATABASE="$2" ; shift 2 ;; --dbhost) CLO_DBHOST="$2" ; shift 2 ;; -a|--adminuser) CLO_ADMINUSER="$2" ; shift 2 ;; --enable-sru) ENABLE_SRU="yes" ; shift ;; --keep-cookie) KEEP_COOKIE+=("$2"); shift 2;; --mb-host) CLO_MESSAGE_BROKER_HOST="$2" ; shift 2 ;; --mb-port) CLO_MESSAGE_BROKER_PORT="$2" ; shift 2 ;; --mb-user) CLO_MESSAGE_BROKER_USER="$2" ; shift 2 ;; --mb-pass) CLO_MESSAGE_BROKER_PASS="$2" ; shift 2 ;; --mb-vhost) CLO_MESSAGE_BROKER_VHOST="$2" ; shift 2 ;; --smtp-debug) CLO_SMTP_DEBUG="1" ; shift ;; --smtp-host) CLO_SMTP_HOST="$2" ; shift 2 ;; --smtp-port) CLO_SMTP_PORT="$2" ; shift 2 ;; --smtp-timeout) CLO_SMTP_TIMEOUT="$2" ; shift 2 ;; --smtp-ssl-mode) CLO_SMTP_SSL_MODE="$2" ; shift 2 ;; --smtp-user-name) CLO_SMTP_USER_NAME="$2" ; shift 2 ;; --smtp-password) CLO_SMTP_PASSWORD="$2" ; shift 2 ;; --sru-port) SRU_SERVER_PORT="$2" ; shift 2 ;; --template-cache-dir) CLO_TEMPLATE_CACHE_DIR="$2" ; shift 2 ;; --timezone) CLO_TIMEZONE="$2" ; shift 2 ;; --upload-path) CLO_UPLOAD_PATH="$2" ; shift 2 ;; --tmp-path) CLO_TMP_PATH="$2" ; shift 2 ;; --letsencrypt) CLO_LETSENCRYPT="yes" ; shift ;; -h|--help) usage ; exit 0 ;; --) shift ; break ;; *) die "Internal error processing command line arguments" ;; esac done # Load the configfile given on the command line if [ "$configfile" != "" ] then if [ -e "$configfile" ] then . "$configfile" else die "$configfile does not exist."; fi fi # Make sure options from the command line get the highest precedence if [ "$CLO_ZEBRA_MARC_FORMAT" != "" ] then ZEBRA_MARC_FORMAT="$CLO_ZEBRA_MARC_FORMAT" fi if [ "$CLO_ZEBRA_LANGUAGE" != "" ] then ZEBRA_LANGUAGE="$CLO_ZEBRA_LANGUAGE" fi if [ "$CLO_DEFAULTSQL" != "" ] then DEFAULTSQL="$CLO_DEFAULTSQL" fi if [ "$CLO_ADMINUSER" != "" ] then ADMINUSER="$CLO_ADMINUSER" fi if [ "$CLO_PASSWDFILE" != "" ] then PASSWDFILE="$CLO_PASSWDFILE" fi if [ "$CLO_TIMEZONE" != "" ]; then TIMEZONE=$CLO_TIMEZONE fi if [ "${CLO_ELASTICSEARCH_SERVER}" != "" ]; then ELASTICSEARCH_SERVER="${CLO_ELASTICSEARCH_SERVER}" fi BCRYPT_SETTINGS=$(htpasswd -bnBC 10 "" password | tr -d ':\n' | sed 's/$2y/$2a/'); if [ "$ENABLE_SRU" != "no" ]; then enable_sru_server fi [ $# -ge 1 ] || ( usage ; die "Missing instance name..." ) name="$1" set_smtp set_upload_path $name set_tmp_path $name if [ "$op" = use ] && [ "$CLO_DATABASE" = "" ] && ( [ ! -f "$PASSWDFILE" ] || [ ! `cat $PASSWDFILE | grep "^$name:"` ] ) then cat < / mysqlpwd=$(pwgen -s -y -r ":'&\\<>/" 16 1) fi else mysqlpwd="$(getinstancemysqlpassword $name)" fi if [ "$op" = create ] || [ "$op" = request ] || [ "$op" = use ] then # Create new user and group. username="$name-koha" if getent passwd "$username" > /dev/null then die "User $username already exists." fi if getent group "$username" > /dev/null then die "Group $username already exists." fi adduser --no-create-home --disabled-password \ --gecos "Koha instance $username" \ --home "/var/lib/koha/$name" \ --quiet "$username" # Create the site-specific directories. koha-create-dirs "$name" # Generate Zebra database password. zebrapwd="$(pwgen -s 16 1)" # Future enhancement: make this configurable for when your db is on # another server. mysql_hostname="localhost" # Set up MySQL database for this instance. if [ "$op" = create ] then if [ ! -e /etc/mysql/debian.cnf ]; then MYSQL_OPTIONS="-u root" echo "WARNING: The koha-common.cnf file is a dead soft link!" else MYSQL_OPTIONS="--defaults-extra-file=/etc/mysql/koha-common.cnf" fi mysql $MYSQL_OPTIONS < "$name-db-request.txt" << eof Please create a MySQL database and user on $mysqlhost as follows: database name: $mysqldb database user: $mysqluser password: $mysqlpwd Thank you. eof echo "See $name-db-request.txt for database creation request." echo "Please forward it to the right person, and then run" echo "$0 --populate-db $name" echo "Thanks." fi fi if [ "$op" = create ] || [ "$op" = populate ] then # Re-fetch the passwords from the config we've generated, allows it # to be different from what we set, in case the user had to change # something. mysqluser=$(getinstancemysqluser $name) mysqldb=$(getinstancemysqldatabase $name) # Use the default database content if that exists. if [ -e "$DEFAULTSQL" ] then # Populate the database with default content. zcat -f "$DEFAULTSQL" | sed "s/__KOHASITE__/koha_$name/g" | mysql --host="$mysqlhost" --user="$mysqluser" --password="$mysqlpwd" "$mysqldb" # Change the default user's password. staffpass="$(pwgen 12 1)" staffdigest=$(echo -n "$staffpass" | perl -e ' use Digest::MD5 qw(md5_base64); while (<>) { print md5_base64($_), "\n"; }') mysql --host="$mysqlhost" --user="$mysqluser" \ --password="$mysqlpwd" < /dev/null 2>&1 || a2ensite "${name}.conf" > /dev/null 2>&1 }; then echo "Warning: problem enabling $name in Apache" >&2 fi service apache2 restart # Start Zebra. koha-zebra --start "$name" # Start worker koha-worker --start "$name" if [ "$USE_INDEXER_DAEMON" = "yes" ]; then # Start Indexer daemon koha-indexer --start "$name" fi if [ "$CLO_LETSENCRYPT" = "yes" ]; then # Get letsencrypt certificates letsencrypt_instance fi chown $username:$username /var/log/koha/$name/*.log fi if [ "$op" = request ] then koha-disable "$name" fi echo <