postinstall scriptlet (using /bin/sh): #!/bin/bash set -e LOGDIR="/var/log/ocie" LOG="${LOGDIR}/install.log" export LOG mkdir -p ${LOGDIR} chmod 1775 ${LOGDIR} touch ${LOG} ROOTINSTALLDIR="/opt/netapp" #define mysql variables used by all functions in %post mysqlbasedir="/usr" mysqldatadir="/opt/netapp/data" mysqlpiddir="/var/run/mysqld" mysqllogdir="/var/log/mysql" udsplugin="SELECT PLUGIN_NAME FROM information_schema.PLUGINS WHERE PLUGIN_TYPE='AUTHENTICATION';" defaultmysqldatadir="/var/lib/mysql" mysqlconfdir="/etc/mysql" mysqldaemon="/etc/init.d/mysql" semode=`getenforce` udsset=0 function log() { tstamp=`date +'%b %d %T'` echo "${tstamp}: $@" &>> ${LOG} } function echo_log() { tstamp=`date +'%b %d %T'` echo "$@" echo "${tstamp}: $@" >> ${LOG} } verresult=0 vercomp () { local IFS=. local i first=($1) second=($2) for ((i=${#first[@]}; i<${#second[@]}; i++)) do first[i]=0 done for ((i=0; i<${#first[@]}; i++)) do if [[ -z ${second[i]} ]] then second[i]=0 fi if ((10#${first[i]} > 10#${second[i]})) then verresult="1" return 0 fi if ((10#${first[i]} < 10#${second[i]})) then verresult="2" return 0 fi done return 0 } log "PostInstalling serverbase" if [[ ! -f $mysqldaemon ]]; then log "mysql daemon not found in $mysqldaemon . Searching for ${mysqldaemon}d" if [[ ! -f ${mysqldaemon}d ]]; then echo_log "Failed to find mysql daemon. Installation failed" exit -1 else mysqldaemon=${mysqldaemon}d log "Changed mysql daemon to ${mysqldaemon}" fi fi configure_mysql() { mkdir -p $mysqlpiddir chown -R mysql:mysql $mysqlpiddir /usr/bin/mysql_install_db chown -R mysql:mysql ${defaultmysqldatadir} } wait_for_mysql() { # wait for startup service_startup_timeout=300 i=0 while test $i -ne $service_startup_timeout ; do # wait for a PID-file to pop into existence test -s "$mysqlpiddir/mysqld.pid" && i='' && break i=`expr $i + 1` sleep 1 done if ! test -e $mysqlpiddir/mysqld.pid then echo_log "MySQL init failed!" exit 1 fi } set_keytool_path() { latestJavaPath=`readlink -f /usr/bin/java` parentPath=`dirname ${latestJavaPath}` if [[ -f ${parentPath}/keytool ]]; then log "${parentPath}/keytool file found" if [[ ! -L "/usr/bin/keytool" ]]; then ln -s ${parentPath}/keytool /usr/bin/keytool log "keytool was not set from /usr/bin. Finished setting keytool from ${parentPath}/keytool" else if [[ ! -e "/usr/bin/keytool" ]]; then log "The keytool link does exist, but its target is not valid" rm -f /usr/bin/keytool ln -s ${parentPath}/keytool /usr/bin/keytool else targetPath=`readlink -f /usr/bin/keytool` if [[ "${parentPath}/keytool" != "${targetPath}" ]]; then log "The keytool link does exist, but its target is different" rm -f /usr/bin/keytool ln -s ${parentPath}/keytool /usr/bin/keytool else log "keytool path already set" fi fi fi else echo_log " FAILURE: ${parentPath}/keytool file not found. Install Java Runtime Environment properly and try again." echo_log " Installer will exit now." exit -1 fi } prepare_for_uds() { log "Preparing for uds" mkdir -p ${defaultmysqldatadir} chown mysql:root ${defaultmysqldatadir} mkdir -p ${mysqlconfdir} if [[ -f /etc/my.cnf ]]; then mv /etc/my.cnf ${mysqlconfdir}/orig.my.cnf log "moved /etc/my.cnf to ${mysqlconfdir}/orig.my.cnf" fi command="UPDATE mysql.user SET Password=PASSWORD('test') WHERE User='root'; FLUSH PRIVILEGES;" mysqlversion=`mysql --version | awk '{print $5}' | tr "," " " | tr -d ' '` log "Installed MySql Version=${mysqlversion}" compare="5.5.200" vercomp "${mysqlversion}" "${compare}" if [[ "${verresult}" == 1 ]]; then log "MySql 5.6" command="UPDATE mysql.user set password_expired='N' where user='root'; UPDATE mysql.user SET Password=PASSWORD('test') WHERE User='root'; FLUSH PRIVILEGES;" elif [[ "${verresult}" == 2 ]]; then log "MySql 5.5" command="UPDATE mysql.user SET Password=PASSWORD('test') WHERE User='root'; FLUSH PRIVILEGES;" fi $mysqldaemon stop &>> ${LOG} $mysqldaemon start &>> ${LOG} pluginlist="null" if echo "${udsplugin}" | eval mysql &> /opt/mysqlplugin ; then log "Able to fetch plugin list" pluginlist=`cat /opt/mysqlplugin` rm -rf /opt/mysqlplugin else log "Failed to fetch plugin list. Will proceed with skip--grant-tables" fi log "pluginlist=$pluginlist" if [[ -z `echo "${pluginlist}" | grep -i auth_socket` ]]; then $mysqldaemon stop &>> ${LOG} mysqld_safe --skip-grant-tables 2>&1 >>${LOG} & sleep 2 if echo "$command" | eval mysql 2>&1 >>${LOG} then log "Prepare for uds finished" else echo_log "Failed preparing UDS!" log "logging memory status before exiting" free -m &>> ${LOG} exit 1 fi $mysqldaemon stop 2>&1 >>${LOG} sleep 2 else log "UDS is already set" udsset="1" $mysqldaemon stop 2>&1 >>${LOG} sleep 2 fi log "mysql processes after UDS check" ps -ef | grep mysql 2>&1 >>${LOG} } setup_uds() { log "setting up uds" $mysqldaemon start &>>${LOG} command="INSTALL PLUGIN auth_socket SONAME 'auth_socket.so'; UPDATE mysql.user SET password=PASSWORD(''), plugin='auth_socket' WHERE user='root'; FLUSH PRIVILEGES;" if [[ $udsset -eq 1 ]]; then log "UDS is already set." else log "UDS is not set. Setting it up" if echo "$command" | eval mysql -uroot -ptest &>>${LOG} then $mysqldaemon restart &>>${LOG} log "Setup UDS successfully" else echo "Failed setting UDS !!!" log "logging memory status before exiting" free -m &>> ${LOG} exit 1 fi fi pluginlist=`mysql -uroot -B -N -e"${udsplugin}"` log "Plugin List = ${pluginlist}" } setup_mysql_folders() { log "setting up mysql folders" $mysqldaemon stop 2>&1 >>${LOG} mkdir -p $mysqlpiddir mkdir -p ${mysqlconfdir}/conf.d chown mysql:mysql $mysqlpiddir 2>&1 >>${LOG} mkdir -p $mysqllogdir chown mysql:mysql $mysqllogdir 2>&1 >>${LOG} chmod 740 $mysqllogdir mkdir -p ${mysqldatadir} chown mysql:root $mysqldatadir mkdir -p ${mysqldatadir}/ocie cp -rp $defaultmysqldatadir/* $mysqldatadir/ if [[ $semode == "Permissive" || $semode == "Enforcing" ]]; then log "semode=$semode" se_type=`ls -Z ${defaultmysqldatadir} | awk '{print $4}' | awk -F: '{print $3}' | head -1` log "se_type for $defaultmysqldatadir=${se_type}" chcon -R --type=${se_type} $mysqldatadir log "Finished chcon with ${se_type} for $defaultmysqldatadir folder" fi log "finished setting mysql folders" } install_certificate() { if [ ! -e ${mysqldatadir}/ocie/server.keystore ]; then # use default certificate ${ROOTINSTALLDIR}/essentials/bin/cert.sh install ${ROOTINSTALLDIR}/essentials/jboss/server/onaro/cert/server.keystore.default >>${LOG} else # re-install the existing certificate ${ROOTINSTALLDIR}/essentials/bin/cert.sh install ${mysqldatadir}/ocie/server.keystore >>${LOG} fi } install_mylogin_cnf() { if [ ! -f /root/.mylogin.cnf ]; then cp ${ROOTINSTALLDIR}/essentials/conf/.mylogin.cnf /root/.mylogin.cnf chmod 0600 /root/.mylogin.cnf echo "Copied .mylogin.cnf" >> ${LOG} fi } change_password_manager_jar_perms() { echo "Changing permission and ownership of jboss password files" 2>&1 >>${LOG} chmod 0400 ${ROOTINSTALLDIR}/essentials/bin/passwordmanager/keystore-manager.jar 2>&1 >>${LOG} chmod 0400 ${ROOTINSTALLDIR}/essentials/bin/passwordmanager/password-manager.jar 2>&1 >>${LOG} chmod 0400 ${ROOTINSTALLDIR}/essentials/jboss/common/lib/keystore-manager.jar 2>&1 >>${LOG} chmod 0400 ${ROOTINSTALLDIR}/essentials/jboss/common/lib/password-manager.jar 2>&1 >>${LOG} chmod 0400 ${ROOTINSTALLDIR}/essentials/jboss/server/onaro/conf/login-config.xml 2>&1 >>${LOG} chmod 0400 ${mysqldatadir}/ocie/platform.keystore chmod 0500 ${ROOTINSTALLDIR}/essentials/bin/password.sh chown -R jboss:jboss ${ROOTINSTALLDIR}/essentials/bin/passwordmanager 2>&1 >>${LOG} chown jboss:jboss ${mysqldatadir}/ocie/platform.keystore chown jboss:jboss ${ROOTINSTALLDIR}/essentials/jboss/common/lib/keystore-manager.jar 2>&1 >>${LOG} chown jboss:jboss ${ROOTINSTALLDIR}/essentials/jboss/common/lib/password-manager.jar 2>&1 >>${LOG} chown jboss:jboss ${ROOTINSTALLDIR}/essentials/jboss/server/onaro/conf/login-config.xml 2>&1 >>${LOG} chown root:root ${ROOTINSTALLDIR}/essentials/bin/password.sh } fetch_jboss_db_passwd() { fetched_passwd=`/usr/bin/java -Xms256m -Xmx512m -cp ${ROOTINSTALLDIR}/essentials/bin/passwordmanager/password-manager.jar:${ROOTINSTALLDIR}/essentials/bin/passwordmanager/keystore-manager.jar com.netapp.platform.passwordmanager.PasswordManager ${mysqldatadir}/ocie retrieveJBossPassword` if [ $? -ne 0 ]; then echo "Could not fetch database password for jboss user" exit 1 fi echo $fetched_passwd } update_login_conf() { passwd=$1; encryptedPassword=`java -Xms256m -Xmx512m -cp /opt/netapp/essentials/jboss/client/jboss-logging.jar:/opt/netapp/essentials/jboss/lib/jbosssx.jar org.jboss.resource.security.SecureIdentityLoginModule $passwd | cut -f 2 -d ':' | sed -e s'/ //'` # Since we ship with hard-coded password, we can assume the first value is hard-coded sed -i -e "s#2564f2a0d2c015fac62e46a90dd361a9#$encryptedPassword#g" ${ROOTINSTALLDIR}/essentials/jboss/server/onaro/conf/login-config.xml } update_jboss_user() { passwd=$1; command="UPDATE mysql.user SET Password=PASSWORD('$passwd') WHERE user='jboss' AND host='localhost'; UPDATE mysql.user SET plugin = 'mysql_native_password' WHERE user='jboss' AND host='localhost'; FLUSH PRIVILEGES;" if echo "$command" | eval $mysqlbasedir/bin/mysql -uroot > /dev/null then echo "Update mysql jboss user" else echo "Failed updating mysql jboss user!" exit 1 fi } restrict_db_user() { passwd=$1; log "restrict_db_user" command="DELETE FROM mysql.user WHERE user='root' AND host NOT IN ('localhost', '127.0.0.1', '::1'); DELETE FROM mysql.user WHERE user=''; GRANT USAGE ON *.* TO 'jboss'@'localhost'; DROP USER 'jboss'@'localhost'; CREATE USER 'jboss'@'localhost' IDENTIFIED by '$passwd';" if echo "$command" | eval $mysqlbasedir/bin/mysql -uroot 2>&1 >>${LOG} then log "Finished restrict_db_user" else echo_log "Failed while restrict_db_user!" exit 1 fi } grant_permission() { log "grant_permission" command="GRANT ALTER, CREATE, CREATE TEMPORARY TABLES, DELETE, DROP, INDEX, INSERT, LOCK TABLES, SELECT, UPDATE ON acquisition.* TO 'jboss'@'localhost'; GRANT ALTER, CREATE, CREATE TEMPORARY TABLES, DELETE, DROP, INDEX, INSERT, LOCK TABLES, SELECT, UPDATE ON management.* TO 'jboss'@'localhost'; GRANT ALTER, CREATE, CREATE TEMPORARY TABLES, CREATE ROUTINE, ALTER ROUTINE, EXECUTE, DELETE, DROP, INDEX, INSERT, LOCK TABLES, SELECT, UPDATE ON netapp_model.* TO 'jboss'@'localhost'; GRANT CREATE, CREATE VIEW, DROP, SELECT ON netapp_model_view.* TO 'jboss'@'localhost'; GRANT ALTER, CREATE, CREATE TEMPORARY TABLES, CREATE ROUTINE, ALTER ROUTINE, EXECUTE, CREATE VIEW, DELETE, DROP, INDEX, INSERT, LOCK TABLES, SELECT, UPDATE ON netapp_performance.* TO 'jboss'@'localhost'; GRANT CREATE, CREATE VIEW, DROP, SELECT ON netapp_performance_view.* TO 'jboss'@'localhost'; GRANT ALTER, CREATE, CREATE TEMPORARY TABLES, DELETE, DROP, INDEX, INSERT, LOCK TABLES, SELECT, UPDATE ON sanscreen.* TO 'jboss'@'localhost'; FLUSH PRIVILEGES;" if echo "$command" | eval $mysqlbasedir/bin/mysql -uroot 2>&1 >>${LOG} then log "Finished grant_permission" else echo_log "Failed while grant_permission!" exit 1 fi } # Runs mysql_upgrade as recommended by MySQL mysql_upgrade_tables() { # re-running mysql_upgrade will echo a message saying its upgraded and but doesn't upgrade unless --force option is passed runupgrade=`$mysqlbasedir/bin/mysql_upgrade --upgrade-system-tables | grep -i "MySQL is already upgraded" | wc -l` if [ $runupgrade -eq 0 ]; then log "MySQL is upgraded and will be restarted" # Restart mysql server now that the system tables are upgraded $mysqldaemon restart &>>${LOG} wait_for_mysql else log "MySQL is already Upgraded" fi } create_base_tables() { log "start create_base_tables" ps -ef | grep mysql 2>&1 >>${LOG} command="DROP DATABASE IF EXISTS test; source ${ROOTINSTALLDIR}/essentials/bin/createDB.sql;" if echo "$command" | eval $mysqlbasedir/bin/mysql -uroot 2>&1 >>${LOG} then log "Finished creating OCIE base tables" else echo_log "Installation of OCIE tables failed!" exit 1 fi } update_base_tables() { log "Start update_base_tables" command="DROP DATABASE IF EXISTS test; DROP DATABASE IF EXISTS netapp_performance_view;" if echo "$command" | eval $mysqlbasedir/bin/mysql -uroot 2>&1 >>${LOG} then log "Finished Update OCIE base tables" else echo_log "Update of OCIE tables failed!" exit 1 fi } setup_jboss_user() { log "Start setup_jboss_user" #setup jboss user groupadd -f jboss 2>&1 >>${LOG} id jboss >> ${LOG} 2>&1 || { useradd -r -g jboss jboss 2>&1 >> ${LOG} } change_password_manager_jar_perms chown -R jboss /var/log/ocie 2>&1 >>${LOG} chown -R jboss ${ROOTINSTALLDIR}/essentials/jboss/server/onaro/data 2>&1 >>${LOG} chown -R jboss ${ROOTINSTALLDIR}/essentials/jboss/server/onaro/tmp 2>&1 >>${LOG} chown -R jboss ${ROOTINSTALLDIR}/essentials/jboss/server/onaro/work 2>&1 >>${LOG} chgrp -R jboss /var/log/ocie 2>&1 >>${LOG} chgrp -R jboss ${ROOTINSTALLDIR}/essentials/jboss/server/onaro/data 2>&1 >>${LOG} chgrp -R jboss ${ROOTINSTALLDIR}/essentials/jboss/server/onaro/tmp 2>&1 >>${LOG} chgrp -R jboss ${ROOTINSTALLDIR}/essentials/jboss/server/onaro/work 2>&1 >>${LOG} mkdir -p /etc/.java/.systemPrefs/com/onaro 2>&1 >>${LOG} chown -R jboss /etc/.java/.systemPrefs/com/onaro 2>&1 >>${LOG} chgrp -R jboss /etc/.java/.systemPrefs/com/onaro 2>&1 >>${LOG} mkdir -p ${ROOTINSTALLDIR}/essentials/jboss/server/onaro/deploy/download.war chown -R jboss ${ROOTINSTALLDIR}/essentials/jboss/server/onaro/deploy/download.war 2>&1 >>${LOG} chgrp -R jboss ${ROOTINSTALLDIR}/essentials/jboss/server/onaro/deploy/download.war 2>&1 >>${LOG} # The folder /etc/${${sudoers.netapp} need to be set with execute permission for group # The files inside /etc/${${sudoers.netapp} should be set with readonly permission # The RedHat OS doesn't recognize sudoers files under /etc/sudoers.d ( folder having '.' ) # We are installing sudoers files related to ocie under /etc/${${sudoers.netapp} folder and adding # includedir directive in /etc/sudoers file. chmod 0440 /etc/sudoers-netapp/ocie_sudoers chmod 750 /etc/sudoers-netapp if cat /etc/sudoers | grep "sudoers-netapp" &>> ${LOG}; then log "/etc/sudoers-netapp is already added in /etc/sudoers" else echo "#includedir /etc/sudoers-netapp" >> /etc/sudoers log "Tag #includedir /etc/sudoers-netapp did not found in /etc/sudoers. Added it" fi log "finished setup_jboss_user" } post_main() { ARG=$1 # mysql needs permission to write to /tmp chmod go+w /tmp install_mylogin_cnf log "logging memory status before starting post installation" free -m &>> ${LOG} set_keytool_path if [ "${ARG}" == "2" ]; then echo_log "Setup mysql from existing configuration" if [ ! -d ${mysqldatadir} ]; then ln -s "/data" ${mysqldatadir} fi ${ROOTINSTALLDIR}/essentials/bin/myconfig.sh install $mysqldaemon start &>>${LOG} wait_for_mysql #upgrade mysql native tables. In cases when mysql is upgraded E.g 5.5 -> 5.6 mysql_upgrade_tables update_base_tables if [ ! -d ${mysqldatadir}/ocie ]; then mkdir ${mysqldatadir}/ocie PASSWD=$(fetch_jboss_db_passwd) restrict_db_user $PASSWD else PASSWD=$(fetch_jboss_db_passwd) update_jboss_user $PASSWD update_login_conf $PASSWD fi grant_permission $mysqldaemon stop 2>&1 >>${LOG} else $mysqldaemon stop &>>${LOG} configure_mysql prepare_for_uds setup_uds setup_mysql_folders $mysqldaemon stop &>>${LOG} ${ROOTINSTALLDIR}/essentials/bin/myconfig.sh install &>> ${LOG} if ! $mysqldaemon start >>${LOG}; then if [[ $semode == "Permissive" || $semode == "Enforcing" ]]; then log "Selinux enabled and MySQL startup failed. Remove symlink from ${mysqlconfdir}/my.cnf and stop mysql and restart again." rm -f ${mysqlconfdir}/my.cnf log "Deleted ${mysqlconfdir}/my.cnf" $mysqldaemon stop &>> ${LOG} ${ROOTINSTALLDIR}/essentials/bin/myconfig.sh install &>> ${LOG} $mysqldaemon start >> ${LOG} else log "MySQL startup failed. SELinux disabled. Display the error and quit installation" exit -1 fi fi create_base_tables PASSWD=$(fetch_jboss_db_passwd) restrict_db_user $PASSWD grant_permission $mysqldaemon stop 2>&1 >>${LOG} rm -f $mysqldatadir/ib_logfile* ${ROOTINSTALLDIR}/essentials/bin/myconfig.sh install &>> ${LOG} fi setup_jboss_user install_certificate rm -rf ${mysqldatadir}/ocie/*.ver cp ${ROOTINSTALLDIR}/essentials/conf/* ${mysqldatadir}/ocie # setup mysql.properties echo "mysql.home=/usr/bin/" > ${ROOTINSTALLDIR}/essentials/bin/mysql.properties echo "mysql.port=3306" >> ${ROOTINSTALLDIR}/essentials/bin/mysql.properties echo "dbname=sanscreen" >> ${ROOTINSTALLDIR}/essentials/bin/mysql.properties #Delete old maria-db jar file for upgrade: if [ -f ${ROOTINSTALLDIR}/essentials/jboss/common/lib/mariadb-java-client-1.1.8.jar ]; then rm ${ROOTINSTALLDIR}/essentials/jboss/common/lib/mariadb-java-client-1.1.8.jar fi # Create ocie-serverbase success file after upgrade or fresh install. touch ${LOGDIR}/ocie-serverbase.SUCCESS log "Created ${LOGDIR}/ocie-serverbase.SUCCESS file" } post_main $@