Koha/debian/scripts/koha-create
Tomas Cohen Arazi 242722e99d Bug 17336: Add api_secret_passphrase entry in packages setup
Bug 13799 introduced the api_secret_passphrase on source installs, but missed to do so on packages.

This patch introduces the entry on the template koha-conf-site.xml.in file, and
patches koha-create so it generates a randomized string (64 chars) to put in it.

To test:
- Apply the patch
- Grab the new template file:
  $ sudo cp kohaclone/debian/templates/koha-conf-site.xml.in \
            /etc/koha
- Create a new instance:
  $ kohaclone/debian/scripts/koha-create --create-db blah
=> SUCCESS: The script runs fine, /etc/koha/sites/blah/koha-conf.xml
   contains the api_secret_passphrase entry.
- Sign off :-D

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-25 13:07:23 +00:00

810 lines
25 KiB
Bash
Executable file

#!/bin/bash
#
# koha-create -- Create a new Koha instance.
# Copyright 2010 Catalyst IT, Ltd
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Read configuration variable file if it is present
[ -r /etc/default/koha-common ] && . /etc/default/koha-common
set -e
# include helper functions
if [ -f "/usr/share/koha/bin/koha-functions.sh" ]; then
. "/usr/share/koha/bin/koha-functions.sh"
else
echo "Error: /usr/share/koha/bin/koha-functions.sh not present." 1>&2
exit 1
fi
usage()
{
local scriptname=$0
cat <<EOF
Creates new Koha instances.
Usage:
$scriptname [DB usage mode] [options] instancename
DB usage mode:
--create-db Create a new database on localhost. (default).
--request-db Creates a instancename-db-request.txt file where
you adjust your DB settings and re-run with --populate-db.
--populate-db Finish the installation you started with --request-db after
you adjusted the instancename-db-request.txt file.
--use-db Use this option if you already created and populated your DB.
Options:
--marcflavor flavor Set the MARC flavor. Valid values are marc21 (default),
normarc and unimarc.
--zebralang lang Choose the primary language for Zebra indexing. Valid
values are en (default), es, fr, gr, nb, ru and uk.
--auth-idx idx_mode Set the indexing mode for authority records. Valid
values are dom (default) and grs1.
--biblio-idx idx_mode Set the indexing mode for bibliographic records.
Valid values are dom (default) and grs1.
--use-memcached Set the instance to make use of memcache.
--memcached-servers str Set a comma-separated list of host:port memcached servers.
--memcached-prefix str Set the desired prefix for the instance memcached namespace.
--enable-sru Enable the Z39.50/SRU server (default: disabled).
--sru-port Specifiy a TCP port number for the Z39.50/SRU server
to listen on. (default: 7090).
--defaultsql some.sql Specify a default SQL file to be loaded on the DB.
--configfile cfg_file Specify an alternate config file for reading default values.
--passwdfile passwd Specify an alternate passwd file.
--database dbname Enforce the use of the specified DB name (64 char limit)
--adminuser n Explicit the admin user ID in the DB. Relevant in
conjunction with --defaultsql and --populate-db.
--upload-path dir Set a user defined upload_path. It defaults to
/var/lib/koha/<instance>/uploads
--letsencrypt Set up a https-only site with letsencrypt certificates
--help,-h Show this help.
Note: the instance name cannot be longer that 11 chars.
EOF
}
# UPPER CASE VARIABLES - from configfile or default value
# lower case variables - generated within this script
generate_config_file() {
touch "$2"
chown "root:$username" "$2"
chmod 0640 "$2"
sed -e "s/__KOHA_CONF_DIR__/\/etc\/koha\/sites\/$name/g" \
-e "s/__KOHASITE__/$name/g" \
-e "s/__OPACPORT__/$OPACPORT/g" \
-e "s/__INTRAPORT__/$INTRAPORT/g" \
-e "s/__OPACSERVER__/$opacdomain/g" \
-e "s/__INTRASERVER__/$intradomain/g" \
-e "s/__ZEBRA_PASS__/$zebrapwd/g" \
-e "s/__ZEBRA_MARC_FORMAT__/$ZEBRA_MARC_FORMAT/g" \
-e "s/__ZEBRA_LANGUAGE__/$ZEBRA_LANGUAGE/g" \
-e "s/__SRU_BIBLIOS_PORT__/$SRU_SERVER_PORT/g" \
-e "s/__START_SRU_PUBLICSERVER__/$START_SRU_PUBLICSERVER/g" \
-e "s/__END_SRU_PUBLICSERVER__/$END_SRU_PUBLICSERVER/g" \
-e "s/__BIBLIOS_INDEXING_MODE__/$BIBLIOS_INDEXING_MODE/g" \
-e "s/__AUTHORITIES_INDEXING_MODE__/$AUTHORITIES_INDEXING_MODE/g" \
-e "s/__ZEBRA_BIBLIOS_CFG__/$ZEBRA_BIBLIOS_CFG/g" \
-e "s/__ZEBRA_AUTHORITIES_CFG__/$ZEBRA_AUTHORITIES_CFG/g" \
-e "s/__START_BIBLIOS_RETRIEVAL_INFO__/`echo $START_BIBLIOS_RETRIEVAL_INFO`/g" \
-e "s/__END_BIBLIOS_RETRIEVAL_INFO__/`echo $END_BIBLIOS_RETRIEVAL_INFO`/g" \
-e "s/__START_AUTHORITIES_RETRIEVAL_INFO__/`echo $START_AUTHORITIES_RETRIEVAL_INFO`/g" \
-e "s/__END_AUTHORITIES_RETRIEVAL_INFO__/`echo $END_AUTHORITIES_RETRIEVAL_INFO`/g" \
-e "s/__API_SECRET__/$API_SECRET/g" \
-e "s/__DB_NAME__/$mysqldb/g" \
-e "s/__DB_HOST__/$mysqlhost/g" \
-e "s/__DB_USER__/$mysqluser/g" \
-e "s/__DB_PASS__/$mysqlpwd/g" \
-e "s/__UNIXUSER__/$username/g" \
-e "s/__UNIXGROUP__/$username/g" \
-e "s#__UPLOAD_PATH__#$UPLOAD_PATH#g" \
-e "s/__LOG_DIR__/\/var\/log\/koha\/$name/g" \
-e "s/__PLUGINS_DIR__/\/var\/lib\/koha\/$name\/plugins/g" \
-e "s/__MEMCACHED_NAMESPACE__/$MEMCACHED_NAMESPACE/g" \
-e "s/__MEMCACHED_SERVERS__/$MEMCACHED_SERVERS/g" \
"/etc/koha/$1" > "$2"
}
getmysqlhost() {
awk '
/^\[/ { inclient = 0 }
/^\[client\]/ { inclient = 1 }
inclient && /^ *host *=/ { print $3 }' \
/etc/mysql/koha-common.cnf
}
getinstancemysqlpassword() {
xmlstarlet sel -t -v 'yazgfs/config/pass' "/etc/koha/sites/$1/koha-conf.xml"
}
getinstancemysqluser() {
xmlstarlet sel -t -v 'yazgfs/config/user' "/etc/koha/sites/$1/koha-conf.xml"
}
getinstancemysqldatabase() {
xmlstarlet sel -t -v 'yazgfs/config/database' "/etc/koha/sites/$1/koha-conf.xml"
}
check_apache_config()
{
# Check that mpm_itk is installed and enabled
if ! /usr/sbin/apachectl -M 2> /dev/null | grep -q 'mpm_itk'; then
# Check Apache version
APACHE_DISABLE_MPM_MSG=""
if /usr/sbin/apache2ctl -v | grep -q "Server version: Apache/2.4"; then
# mpm_event or mpm_worker need to be disabled first. mpm_itk depends
# on mpm_prefork, which is enabled if needed. See
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734865
if /usr/sbin/apachectl -M 2> /dev/null | grep -q 'mpm_event'; then
APACHE_DISABLE_MPM_MSG=" sudo a2dismod mpm_event ;"
elif /usr/sbin/apachectl -M 2> /dev/null | grep -q 'mpm_worker'; then
APACHE_DISABLE_MPM_MSG=" sudo a2dismod mpm_worker ;"
# else mpm_prefork: a2enmod mpm_itk works
fi
# else Apache 2.2: a2enmod mpm_itk works
fi
cat 1>&2 <<EOM
Koha requires mpm_itk to be enabled within Apache in order to run.
Typically this can be enabled with:
$APACHE_DISABLE_MPM_MSG sudo a2enmod mpm_itk
EOM
die
fi
# Check that mod_rewrite is installed and enabled.
if ! /usr/sbin/apachectl -M 2> /dev/null | grep -q 'rewrite_module'; then
cat 1>&2 <<EOM
Koha requires mod_rewrite to be enabled within Apache in order to run.
Typically this can be enabled with:
sudo a2enmod rewrite
EOM
die
fi
# Check that the CGI module is installed and enabled
# (Apache 2.4 may not have it by default.)
if ! /usr/sbin/apachectl -M 2> /dev/null | grep -q 'cgi_module'; then
cat 1>&2 << EOM
Koha requires mod_cgi to be enabled within Apache in order to run.
Typically this can be enabled with:
sudo a2enmod cgi
EOM
die
fi
# Check that mod_ssl is installed and enabled.
if [ "$CLO_LETSENCRYPT" = "yes" ]; then
if ! /usr/sbin/apachectl -M 2> /dev/null | grep -q 'ssl_module'; then
cat 1>&2 <<EOM
Koha requires mod_ssl to be enabled within Apache in order to run with --letsencrypt.
Typically this can be enabled with:
sudo a2enmod ssl
EOM
die
fi
fi
}
set_biblios_indexing_mode()
{
local indexing_mode=$1
local marc_format=$2
case $indexing_mode in
"dom")
START_BIBLIOS_RETRIEVAL_INFO=`cat <<EOF
<xi:include href="\/etc\/koha\/$marc_format-retrieval-info-bib-dom.xml"\n
xmlns:xi="http:\/\/www.w3.org\/2001\/XInclude">\n
<xi:fallback>\n
<retrievalinfo>
EOF`
END_BIBLIOS_RETRIEVAL_INFO=`cat <<EOF
<\/retrievalinfo>\n
<\/xi:fallback>\n
<\/xi:include>
EOF`
BIBLIOS_INDEXING_MODE="dom"
ZEBRA_BIBLIOS_CFG="zebra-biblios-dom.cfg"
;;
"grs1")
START_BIBLIOS_RETRIEVAL_INFO=" <retrievalinfo>"
END_BIBLIOS_RETRIEVAL_INFO=" <\/retrievalinfo>"
BIBLIOS_INDEXING_MODE="grs1"
ZEBRA_BIBLIOS_CFG="zebra-biblios.cfg"
;;
*)
die "Error: '$indexing_mode' is not a valid indexing mode for bibliographic records."
;;
esac
}
set_authorities_indexing_mode()
{
local indexing_mode=$1
local marc_format=$2
case $indexing_mode in
"dom")
START_AUTHORITIES_RETRIEVAL_INFO=`cat <<EOF
<xi:include href="\/etc\/koha\/$marc_format-retrieval-info-auth-dom.xml"\n
xmlns:xi="http:\/\/www.w3.org\/2001\/XInclude">\n
<xi:fallback>\n
<retrievalinfo>
EOF`
END_AUTHORITIES_RETRIEVAL_INFO=`cat <<EOF
<\/retrievalinfo>\n
<\/xi:fallback>\n
<\/xi:include>\n
EOF`
AUTHORITIES_INDEXING_MODE="dom"
ZEBRA_AUTHORITIES_CFG="zebra-authorities-dom.cfg"
;;
"grs1")
START_AUTHORITIES_RETRIEVAL_INFO=" <retrievalinfo>"
END_AUTHORITIES_RETRIEVAL_INFO=" <\/retrievalinfo>"
AUTHORITIES_INDEXING_MODE="grs1"
ZEBRA_AUTHORITIES_CFG="zebra-authorities.cfg"
;;
*)
die "Error: '$indexing_mode' is not a valid indexing mode for authority records."
;;
esac
}
set_memcached()
{
local instance="$1"
if [ "$CLO_MEMCACHED_SERVERS" != "" ]; then
MEMCACHED_SERVERS=$CLO_MEMCACHED_SERVERS
else
if [ "$MEMCACHED_SERVERS" = "" ]; then
MEMCACHED_SERVERS=$DEFAULT_MEMCACHED_SERVERS
# else: was set by the koha-sites.conf file
fi
fi
if [ "$CLO_MEMCACHED_PREFIX" != "" ]; then
MEMCACHED_NAMESPACE="$CLO_MEMCACHED_PREFIX$instance"
else
if [ "$MEMCACHED_PREFIX" != "" ]; then
MEMCACHED_NAMESPACE="$MEMCACHED_PREFIX$instance"
else
MEMCACHED_NAMESPACE="$DEFAULT_MEMCACHED_PREFIX$instance"
fi
fi
}
set_upload_path()
{
local instance="$1"
if [ "$CLO_UPLOAD_PATH" != "" ]; then
UPLOAD_PATH=$CLO_UPLOAD_PATH
else
UPLOAD_PATH="$UPLOAD_PATH_BASE/$instance/$UPLOAD_DIR"
fi
}
enable_sru_server()
{
# remove the commenting symbols
START_SRU_PUBLICSERVER=""
END_SRU_PUBLICSERVER=""
if [ "$SRU_SERVER_PORT" = "" ]; then
# --sru-port not passed, use the default
SRU_SERVER_PORT=$DEFAULT_SRU_SERVER_PORT
fi
}
check_letsencrypt()
{
if [ $(dpkg-query -W -f='${Status}' letsencrypt 2>/dev/null | grep -c "ok installed") -eq 0 ]; then
set +e
apt-cache show letsencrypt &>/dev/null
local aptcacheshow=$?
set -e
if [ $aptcacheshow -eq 0 ]; then
read -r -p "The letsencrypt package is not installed. Do it now? [y/N] " response
if [[ $response =~ ^([yY][eE][sS]|[yY])$ ]]; then
local debrelease="$(lsb_release -c -s)"
if [ $debrelease = "jessie" ]; then
apt-get install -y -t jessie-backports letsencrypt
else
apt-get install -y letsencrypt
fi
else
die "You have to install letsencrypt to use the --letsencrypt parameter."
fi
else
echo "No installation candidate available for package letsencrypt."
if [[ -f /usr/bin/letsencrypt ]]; then
read -r -p "If you have a symlink from /usr/bin/letsencrypt to letsencrypt-auto, it should work. [y/N] " response
if [[ ! $response =~ ^([yY][eE][sS]|[yY])$ ]]; then
die "You have to install letsencrypt to use the --letsencrypt parameter."
fi
else
die "You can create a symlink from /usr/bin/letsencrypt to letsencrypt-auto."
fi
fi
fi
}
letsencrypt_instance()
{
# Get letsencrypt certificates
letsencrypt --agree-tos --renew-by-default --webroot certonly \
-w /usr/share/koha/opac/htdocs/ -d $opacdomain -w /usr/share/koha/intranet/htdocs/ -d $intradomain
# enable all ssl settings (apache won't start with these before certs are present)
sed -i "s:^\s*#\(\s*SSL.*\)$:\1:" "/etc/apache2/sites-available/$name.conf"
# change port from 80 to 443. (apache won't start if it is 443 without certs present)
sed -i "s:^\s*\(<VirtualHost \*\:\)80> #https$:\1443>:" "/etc/apache2/sites-available/$name.conf"
# enable redirect from http to https on port 80
sed -i "s:^\s*#\(.*\)#nohttps$:\1:" "/etc/apache2/sites-available/$name.conf"
# make koha-list --letsencrypt aware of this instance # could be done by checking apache conf instead
echo -e "opacdomain=\"$opacdomain\"\nintradomain=\"$intradomain\"" > /var/lib/koha/$name/letsencrypt.enabled
# restart apache with working certs
service apache2 restart
}
# Set defaults and read config file, if it exists.
DOMAIN=""
OPACPORT="80"
OPACPREFIX=""
OPACSUFFIX=""
INTRAPORT="8080"
INTRAPREFIX=""
INTRASUFFIX=""
DEFAULTSQL=""
ZEBRA_MARC_FORMAT="marc21"
ZEBRA_LANGUAGE="en"
ADMINUSER="1"
PASSWDFILE="/etc/koha/passwd"
# memcached variables
USE_MEMCACHED="no"
MEMCACHED_SERVERS=""
MEMCACHED_PREFIX=""
# hardcoded memcached defaults
DEFAULT_MEMCACHED_SERVERS="127.0.0.1:11211"
DEFAULT_MEMCACHED_PREFIX="koha_"
# hardcoded upload_path
UPLOAD_PATH_BASE="/var/lib/koha"
UPLOAD_DIR="uploads"
UPLOAD_PATH=""
# Generate a randomizaed API secret
API_SECRET="$(pwgen -s 64 1)"
# SRU server variables
ENABLE_SRU="no"
SRU_SERVER_PORT=""
# hardcoded default SRU server port
DEFAULT_SRU_SERVER_PORT="7090"
START_SRU_PUBLICSERVER="<!--"
END_SRU_PUBLICSERVER="-->"
# Indexing mode variables (default is DOM)
BIBLIOS_INDEXING_MODE="dom"
AUTHORITIES_INDEXING_MODE="dom"
START_BIBLIOS_RETRIEVAL_INFO=""
END_BIBLIOS_RETRIEVAL_INFO=""
START_AUTHORITIES_RETRIEVAL_INFO=""
END_AUTHORITIES_RETRIEVAL_INFO=""
APACHE_CONFIGFILE=""
if [ -e /etc/koha/koha-sites.conf ]
then
. /etc/koha/koha-sites.conf
fi
[ $# -ge 1 ] && [ $# -le 16 ] || ( usage ; die "Error: wrong parameters" )
TEMP=`getopt -o chrpm:l:d:f:b:a: -l create-db,request-db,populate-db,use-db,use-memcached,enable-sru,sru-port:,help,marcflavor:,auth-idx:,biblio-idx:,zebralang:,defaultsql:,configfile:,passwdfile:,database:,adminuser:,memcached-servers:,memcached-prefix:,upload-path:,letsencrypt, \
-n "$0" -- "$@"`
# Note the quotes around `$TEMP': they are essential!
eval set -- "$TEMP"
# Temporary variables for the command line options
CLO_ZEBRA_MARC_FORMAT=""
CLO_ZEBRA_LANGUAGE=""
CLO_DEFAULTSQL=""
CLO_ADMINUSER=""
CLO_BIBLIOS_INDEXING_MODE=""
CLO_AUTHORITIES_INDEXING_MODE=""
CLO_MEMCACHED_SERVERS=""
CLO_MEMCACHED_PREFIX=""
CLO_UPLOAD_PATH=""
CLO_LETSENCRYPT=""
while true ; do
case "$1" in
-c|--create-db)
op=create ; shift ;;
-r|--request-db)
op=request ; shift ;;
-p|--populate-db)
op=populate ; shift ;;
-u|--use-db)
op=use ; shift ;;
--use-memcached)
USE_MEMCACHED="yes" ; shift ;;
--memcached-servers)
CLO_MEMCACHED_SERVERS="$2" ; shift 2 ;;
--memcached-prefix)
CLO_MEMCACHED_PREFIX="$2" ; shift 2;;
-m|--marcflavor)
CLO_ZEBRA_MARC_FORMAT="$2" ; shift 2 ;;
-l|--zebralang)
CLO_ZEBRA_LANGUAGE="$2" ; shift 2 ;;
--auth-idx)
CLO_AUTHORITIES_INDEXING_MODE="$2" ; shift 2 ;;
--biblio-idx)
CLO_BIBLIOS_INDEXING_MODE="$2" ; shift 2 ;;
-d|--defaultsql)
CLO_DEFAULTSQL="$2" ; shift 2 ;;
-f|--configfile)
configfile="$2" ; shift 2 ;;
-s|--passwdfile)
CLO_PASSWDFILE="$2" ; shift 2 ;;
-b|--database)
CLO_DATABASE="$2" ; shift 2 ;;
-a|--adminuser)
CLO_ADMINUSER="$2" ; shift 2 ;;
--enable-sru)
ENABLE_SRU="yes" ; shift ;;
--sru-port)
SRU_SERVER_PORT="$2" ; shift 2 ;;
--upload-path)
CLO_UPLOAD_PATH="$2" ; shift 2 ;;
--letsencrypt)
CLO_LETSENCRYPT="yes" ; shift ;;
-h|--help)
usage ; exit 0 ;;
--)
shift ; break ;;
*)
die "Internal error processing command line arguments" ;;
esac
done
# Load the configfile given on the command line
if [ "$configfile" != "" ]
then
if [ -e "$configfile" ]
then
. "$configfile"
else
die "$configfile does not exist.";
fi
fi
# Make sure options from the command line get the highest precedence
if [ "$CLO_ZEBRA_MARC_FORMAT" != "" ]
then
ZEBRA_MARC_FORMAT="$CLO_ZEBRA_MARC_FORMAT"
fi
if [ "$CLO_ZEBRA_LANGUAGE" != "" ]
then
ZEBRA_LANGUAGE="$CLO_ZEBRA_LANGUAGE"
fi
if [ "$CLO_DEFAULTSQL" != "" ]
then
DEFAULTSQL="$CLO_DEFAULTSQL"
fi
if [ "$CLO_ADMINUSER" != "" ]
then
ADMINUSER="$CLO_ADMINUSER"
fi
if [ "$CLO_PASSWDFILE" != "" ]
then
PASSWDFILE="$CLO_PASSWDFILE"
fi
if [ "$CLO_BIBLIOS_INDEXING_MODE" != "" ]; then
BIBLIOS_INDEXING_MODE=$CLO_BIBLIOS_INDEXING_MODE
fi
set_biblios_indexing_mode $BIBLIOS_INDEXING_MODE $ZEBRA_MARC_FORMAT
if [ "$ENABLE_SRU" != "no" ]; then
enable_sru_server
fi
if [ "$CLO_AUTHORITIES_INDEXING_MODE" != "" ]; then
AUTHORITIES_INDEXING_MODE=$CLO_AUTHORITIES_INDEXING_MODE
fi
set_authorities_indexing_mode $AUTHORITIES_INDEXING_MODE $ZEBRA_MARC_FORMAT
name="$1"
set_upload_path $name
if [ "$USE_MEMCACHED" = "yes" ]; then
set_memcached $name
elif [ "$CLO_MEMCACHED_SERVERS" != "" ] || \
[ "$CLO_MEMCACHED_PREFIX" != "" ]; then
MSG=`cat <<EOF
Error: you provided memcached configuration switches but memcached is not enabled.
Please set USE_MEMCACHED="yes" on /etc/koha/koha-sites.conf or use the
--use-memcached option switch to enable it.
EOF`
usage ; die $MSG
else
# Unset memcached-related variables
MEMCACHED_SERVERS=""
MEMCACHED_PREFIX=""
fi
# Are we root? If not, the mod_rewrite check will fail and be confusing, so
# we look into this first.
if [[ $UID -ne 0 ]]
then
die "This script must be run with root privileges."
fi
# Check everything is ok with Apache, die otherwise
check_apache_config
opacdomain="$OPACPREFIX$name$OPACSUFFIX$DOMAIN"
intradomain="$INTRAPREFIX$name$INTRASUFFIX$DOMAIN"
# Check everything is ok with letsencrypt, die otherwise
if [ "$CLO_LETSENCRYPT" = "yes" ]; then
check_letsencrypt
fi
if [ -f $PASSWDFILE ] && [ `cat $PASSWDFILE | grep "^$name:"` ]
then
passwdline=`cat $PASSWDFILE | grep "^$name:"`
mysqluser=`echo $passwdline | cut -d ":" -f 2`
mysqlpwd=`echo $passwdline | cut -d ":" -f 3`
mysqldb=`echo $passwdline | cut -d ":" -f 4`
fi
# The order of precedence for MySQL database name is:
# default < passwd file < command line
if [ "$mysqldb" = "" ]
then
mysqldb="koha_$name"
fi
if [ "$CLO_DATABASE" != "" ]
then
mysqldb="$CLO_DATABASE"
fi
if [ "$mysqluser" = "" ]
then
mysqluser="koha_$name"
fi
mysqlhost="$(getmysqlhost)"
if [ "$op" = create ] || [ "$op" = request ] || [ "$op" = use ]
then
if [ "$mysqlpwd" = "" ]
then
mysqlpwd="$(pwgen -s 16 1)"
fi
else
mysqlpwd="$(getinstancemysqlpassword $name)"
fi
if [ "$op" = create ] || [ "$op" = request ] || [ "$op" = use ]
then
# Create new user and group.
username="$name-koha"
if getent passwd "$username" > /dev/null
then
die "User $username already exists."
fi
if getent group "$username" > /dev/null
then
die "Group $username already exists."
fi
adduser --no-create-home --disabled-login \
--gecos "Koha instance $username" \
--home "/var/lib/koha/$name" \
--quiet "$username"
# Create the site-specific directories.
koha-create-dirs "$name"
# Generate Zebra database password.
zebrapwd="$(pwgen -s 16 1)"
# Future enhancement: make this configurable for when your db is on
# another server.
mysql_hostname="localhost"
# Set up MySQL database for this instance.
if [ "$op" = create ]
then
mysql --defaults-extra-file=/etc/mysql/koha-common.cnf <<eof
CREATE DATABASE \`$mysqldb\`;
CREATE USER \`$mysqluser\`@'$mysql_hostname' IDENTIFIED BY '$mysqlpwd';
CREATE USER \`$mysqluser\`@'%' IDENTIFIED BY '$mysqlpwd';
GRANT ALL PRIVILEGES ON \`$mysqldb\`.* TO \`$mysqluser\`;
FLUSH PRIVILEGES;
eof
fi #`
if [ "$op" = use ]
then
mysql --defaults-extra-file=/etc/mysql/koha-common.cnf --force <<eof
CREATE USER \`$mysqluser\`@'$mysql_hostname' IDENTIFIED BY '$mysqlpwd';
CREATE USER \`$mysqluser\`@'%' IDENTIFIED BY '$mysqlpwd';
GRANT ALL PRIVILEGES ON \`$mysqldb\`.* TO \`$mysqluser\`;
FLUSH PRIVILEGES;
eof
fi #`
if [ "$CLO_LETSENCRYPT" = "yes" ]; then
APACHE_CONFIGFILE="apache-site-https.conf.in"
else
APACHE_CONFIGFILE="apache-site.conf.in"
fi
# Generate and install Apache site-available file and log dir.
generate_config_file $APACHE_CONFIGFILE \
"/etc/apache2/sites-available/$name.conf"
mkdir "/var/log/koha/$name"
chown "$username:$username" "/var/log/koha/$name"
# Generate and install main Koha config file.
generate_config_file koha-conf-site.xml.in \
"/etc/koha/sites/$name/koha-conf.xml"
# Generate and install the log4perl config file.
generate_config_file log4perl-site.conf.in \
"/etc/koha/sites/$name/log4perl.conf"
# Generate and install Zebra config files.
generate_config_file zebra-biblios-site.cfg.in \
"/etc/koha/sites/$name/zebra-biblios.cfg"
generate_config_file zebra-biblios-dom-site.cfg.in \
"/etc/koha/sites/$name/zebra-biblios-dom.cfg"
generate_config_file zebra-authorities-site.cfg.in \
"/etc/koha/sites/$name/zebra-authorities.cfg"
generate_config_file zebra-authorities-dom-site.cfg.in \
"/etc/koha/sites/$name/zebra-authorities-dom.cfg"
generate_config_file zebra.passwd.in \
"/etc/koha/sites/$name/zebra.passwd"
# Create a GPG-encrypted file for requesting a DB to be set up.
if [ "$op" = request ]
then
touch "$name-db-request.txt"
chmod 0600 "$name-db-request.txt"
cat > "$name-db-request.txt" << eof
Please create a MySQL database and user on $mysqlhost as follows:
database name: $mysqldb
database user: $mysqluser
password: $mysqlpwd
Thank you.
eof
echo "See $name-db-request.txt for database creation request."
echo "Please forward it to the right person, and then run"
echo "$0 --populate-db $name"
echo "Thanks."
fi
fi
if [ "$op" = create ] || [ "$op" = populate ]
then
# Re-fetch the passwords from the config we've generated, allows it
# to be different from what we set, in case the user had to change
# something.
mysqluser=$(getinstancemysqluser $name)
mysqldb=$(getinstancemysqldatabase $name)
# Use the default database content if that exists.
if [ -e "$DEFAULTSQL" ]
then
# Populate the database with default content.
zcat "$DEFAULTSQL" |
sed "s/__KOHASITE__/$name/g" |
mysql --host="$mysqlhost" --user="$mysqluser" --password="$mysqlpwd" "$mysqldb"
# Change the default user's password.
staffpass="$(pwgen 12 1)"
staffdigest=$(echo -n "$staffpass" |
perl -e '
use Digest::MD5 qw(md5_base64);
while (<>) { print md5_base64($_), "\n"; }')
mysql --host="$mysqlhost" --user="$mysqluser" \
--password="$mysqlpwd" <<eof
USE \`$mysqldb\`;
UPDATE borrowers
SET password = '$staffdigest'
WHERE borrowernumber = $ADMINUSER;
eof
#`
echo "staff user password is '$staffpass' but keep that secret"
# Upgrade the database schema, just in case the dump was from an
# old version.
koha-upgrade-schema "$name"
else
echo "Koha instance is empty, no staff user created."
fi
fi
if [ "$op" = create ] || [ "$op" = populate ] || [ "$op" = use ]
then
# Reconfigure Apache.
if ! {
a2ensite "$name" > /dev/null 2>&1 ||
a2ensite "${name}.conf" > /dev/null 2>&1
}; then
echo "Warning: problem enabling $name in Apache" >&2
fi
service apache2 restart
# Start Zebra.
koha-start-zebra "$name"
if [ "$USE_INDEXER_DAEMON" = "yes" ]; then
# Start Indexer daemon
koha-indexer --start "$name"
fi
if [ "$CLO_LETSENCRYPT" = "yes" ]; then
# Get letsencrypt certificates
letsencrypt_instance
fi
fi
if [ "$op" = request ]
then
koha-disable "$name"
fi
echo <<eoh
Email for this instance is disabled. When you're ready to enable it, use:
koha-email-enable $name
eoh