diff --git a/jans-linux-setup/jans_setup/app_info.json b/jans-linux-setup/jans_setup/app_info.json index bda10546cf1..3a7e303d110 100644 --- a/jans-linux-setup/jans_setup/app_info.json +++ b/jans-linux-setup/jans_setup/app_info.json @@ -12,6 +12,7 @@ "PROMPT_TOOLKIT": "https://github.com/prompt-toolkit/python-prompt-toolkit/archive/refs/tags/3.0.33.zip", "WCWIDTH": "https://github.com/jquast/wcwidth/archive/refs/tags/0.2.5.zip", "PYGMENTS": "https://github.com/pygments/pygments/archive/refs/tags/2.13.0.zip", + "PYMYSQL": "https://github.com/PyMySQL/PyMySQL/archive/refs/tags/v1.0.3.zip", "REQUESTS_TOOLBELT": "https://github.com/requests/toolbelt/archive/refs/tags/1.0.0.zip", "CRYPTOGRAPHY": "https://files.pythonhosted.org/packages/20/8b/66600f5851ec7893ace9b74445d7eaf3499571b347e339d18c76c876b0f9/cryptography-37.0.4-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", "TWILIO_MAVEN": "https://repo1.maven.org/maven2/com/twilio/sdk/twilio/", diff --git a/jans-linux-setup/jans_setup/setup_app/data/package_list.json b/jans-linux-setup/jans_setup/setup_app/data/package_list.json index 493d1909fd9..4725cf581b6 100644 --- a/jans-linux-setup/jans_setup/setup_app/data/package_list.json +++ b/jans-linux-setup/jans_setup/setup_app/data/package_list.json @@ -2,66 +2,155 @@ "red 7": { "optional": "", "mandatory": "httpd httpd-mod_ssl mod_auth_openidc rsyslog", - "python": {"ldap3":"python3-ldap3", "requests":"python3-requests", "ruamel.yaml":"python3-ruamel-yaml", "certifi":"python3-certifi", "pymysql":"python3-PyMySQL", "Crypto": "python3-cryptography", "psycopg2":"python3-psycopg2"} + "python": { + "ldap3": "python3-ldap3", + "requests": "python3-requests", + "ruamel.yaml": "python3-ruamel-yaml", + "certifi": "python3-certifi", + "Crypto": "python3-cryptography", + "psycopg2": "python3-psycopg2" + } }, "red 8": { "optional": "", "mandatory": "httpd mod_ssl mod_auth_openidc rsyslog", - "python": {"ldap3":"python3-ldap3", "requests":"python3-requests", "ruamel.yaml":"python3-ruamel-yaml", "certifi":"python3-certifi", "pymysql":"python3-PyMySQL", "Crypto": "python3-cryptography", "psycopg2":"python3-psycopg2"} + "python": { + "ldap3": "python3-ldap3", + "requests": "python3-requests", + "ruamel.yaml": "python3-ruamel-yaml", + "certifi": "python3-certifi", + "Crypto": "python3-cryptography", + "psycopg2": "python3-psycopg2" + } }, "red 9": { "optional": "", "mandatory": "httpd mod_ssl mod_auth_openidc rsyslog", - "python": {"ldap3":"python-ldap3", "requests":"python-requests", "ruamel.yaml":"python-ruamel-yaml", "certifi":"python-certifi", "pymysql":"python-PyMySQL", "Crypto": "python-cryptography", "psycopg2":"python-psycopg2"} + "python": { + "ldap3": "python-ldap3", + "requests": "python-requests", + "ruamel.yaml": "python-ruamel-yaml", + "certifi": "python-certifi", + "Crypto": "python-cryptography", + "psycopg2": "python-psycopg2" + } }, "centos 7": { "optional": "", "mandatory": "httpd mod_ssl mod_auth_openidc rsyslog python3-certifi", - "python": {"ldap3":"python3-ldap3", "requests":"python3-requests", "ruamel.yaml":"python3-ruamel-yaml", "pymysql":"python3-PyMySQL", "Crypto": "python3-cryptography", "psycopg2":"python3-psycopg2"} + "python": { + "ldap3": "python3-ldap3", + "requests": "python3-requests", + "ruamel.yaml": "python3-ruamel-yaml", + "Crypto": "python3-cryptography", + "psycopg2": "python3-psycopg2" + } }, "centos 8": { "optional": "", "mandatory": "httpd mod_ssl mod_auth_openidc rsyslog", - "python": {"ldap3":"python3-ldap3", "requests":"python3-requests", "ruamel.yaml":"python3-ruamel-yaml", "certifi":"python3-certifi", "pymysql":"python3-PyMySQL", "Crypto": "python3-cryptography", "psycopg2":"python3-psycopg2"} + "python": { + "ldap3": "python3-ldap3", + "requests": "python3-requests", + "ruamel.yaml": "python3-ruamel-yaml", + "certifi": "python3-certifi", + "Crypto": "python3-cryptography", + "psycopg2": "python3-psycopg2" + } }, "centos 9": { "optional": "", "mandatory": "httpd mod_ssl mod_auth_openidc rsyslog", - "python": {"ldap3":"python-ldap3", "requests":"python-requests", "ruamel.yaml":"python-ruamel-yaml", "certifi":"python-certifi", "pymysql":"python-PyMySQL", "Crypto": "python-cryptography", "psycopg2":"python-psycopg2"} + "python": { + "ldap3": "python-ldap3", + "requests": "python-requests", + "ruamel.yaml": "python-ruamel-yaml", + "certifi": "python-certifi", + "Crypto": "python-cryptography", + "psycopg2": "python-psycopg2" + } }, "suse 15": { "optional": "", "mandatory": "apache2 apache2-mod_auth_openidc rsyslog openssl", - "python": {"ldap3":"python3-ldap3", "requests":"python3-requests", "ruamel.yaml":"python3-ruamel.yaml", "certifi":"python3-certifi", "pymysql":"python3-PyMySQL", "cryptography": "python3-cryptography", "psycopg2":"python3-psycopg2"} + "python": { + "ldap3": "python3-ldap3", + "requests": "python3-requests", + "ruamel.yaml": "python3-ruamel.yaml", + "certifi": "python3-certifi", + "cryptography": "python3-cryptography", + "psycopg2": "python3-psycopg2" + } }, "suse tumbleweed": { "optional": "", "mandatory": "apache2 apache2-mod_auth_openidc rsyslog openssl", - "python": {"ldap3":"python3-ldap3", "requests":"python3-requests", "ruamel.yaml":"python3-ruamel.yaml", "certifi":"python3-certifi", "pymysql":"python3-PyMySQL", "cryptography": "python3-cryptography", "psycopg2":"python3-psycopg2"} + "python": { + "ldap3": "python3-ldap3", + "requests": "python3-requests", + "ruamel.yaml": "python3-ruamel.yaml", + "certifi": "python3-certifi", + "cryptography": "python3-cryptography", + "psycopg2": "python3-psycopg2" + } }, - "debian 11": { + "debian 11": { "optional": "", "mandatory": "apache2 rsyslog", - "python": {"ldap3":"python3-ldap3", "requests":"python3-requests", "ruamel.yaml":"python3-ruamel.yaml", "certifi":"python3-certifi", "pymysql":"python3-pymysql", "cryptography":"python3-cryptography", "psycopg2":"python3-psycopg2"} + "python": { + "ldap3": "python3-ldap3", + "requests": "python3-requests", + "ruamel.yaml": "python3-ruamel.yaml", + "certifi": "python3-certifi", + "cryptography": "python3-cryptography", + "psycopg2": "python3-psycopg2" + } }, "debian 10": { "optional": "", "mandatory": "apache2 rsyslog", - "python": {"ldap3":"python3-ldap3", "requests":"python3-requests", "ruamel.yaml":"python3-ruamel.yaml", "certifi":"python3-certifi", "pymysql":"python3-pymysql", "Crypto": "python3-crypto", "psycopg2":"python3-psycopg2"} + "python": { + "ldap3": "python3-ldap3", + "requests": "python3-requests", + "ruamel.yaml": "python3-ruamel.yaml", + "certifi": "python3-certifi", + "Crypto": "python3-crypto", + "psycopg2": "python3-psycopg2" + } }, "debian 9": { "optional": "", "mandatory": "apache2 rsyslog", - "python": {"ldap3":"python3-ldap3", "requests":"python3-requests", "ruamel.yaml":"python3-ruamel.yaml", "certifi":"python3-certifi", "pymysql":"python3-pymysql", "Crypto": "python3-crypto", "psycopg2":"python3-psycopg2"} + "python": { + "ldap3": "python3-ldap3", + "requests": "python3-requests", + "ruamel.yaml": "python3-ruamel.yaml", + "certifi": "python3-certifi", + "Crypto": "python3-crypto", + "psycopg2": "python3-psycopg2" + } }, "ubuntu 20": { "optional": "", "mandatory": "apache2 rsyslog python3-urllib3 python3-certifi", - "python": {"ldap3":"python3-ldap3", "requests":"python3-requests", "ruamel.yaml":"python3-ruamel.yaml", "pymysql":"python3-pymysql", "Crypto": "python3-crypto", "psycopg2":"python3-psycopg2"} + "python": { + "ldap3": "python3-ldap3", + "requests": "python3-requests", + "ruamel.yaml": "python3-ruamel.yaml", + "Crypto": "python3-crypto", + "psycopg2": "python3-psycopg2" + } }, "ubuntu 22": { "optional": "", "mandatory": "apache2 rsyslog python3-urllib3 python3-certifi", - "python": {"ldap3":"python3-ldap3", "requests":"python3-requests", "ruamel.yaml":"python3-ruamel.yaml", "pymysql":"python3-pymysql", "cryptography":"python3-cryptography", "certifi":"python3-certifi", "psycopg2":"python3-psycopg2"} + "python": { + "ldap3": "python3-ldap3", + "requests": "python3-requests", + "ruamel.yaml": "python3-ruamel.yaml", + "cryptography": "python3-cryptography", + "certifi": "python3-certifi", + "psycopg2": "python3-psycopg2" + } } } diff --git a/jans-linux-setup/jans_setup/setup_app/downloads.py b/jans-linux-setup/jans_setup/setup_app/downloads.py index fe55b734724..cd739f45054 100644 --- a/jans-linux-setup/jans_setup/setup_app/downloads.py +++ b/jans-linux-setup/jans_setup/setup_app/downloads.py @@ -54,6 +54,19 @@ def download_pyjwt(): base.download(base.current_app.app_info['PYJWT'], pyjwt_dir_zip_file, verbose=True) base.extract_subdir(pyjwt_dir_zip_file, 'jwt', pyjwt_dir) + +def download_pymysql(): + pylib_dir = os.path.join(base.pylib_dir, 'pymysql') + + if os.path.exists(pylib_dir) and not base.argsp.force_download: + return + + with tempfile.TemporaryDirectory() as tmp_dir: + pylib_dir_zip_file = os.path.join(tmp_dir, os.path.basename(base.current_app.app_info['PYMYSQL'])) + base.download(base.current_app.app_info['PYMYSQL'], pylib_dir_zip_file, verbose=True) + base.extract_subdir(pylib_dir_zip_file, 'pymysql', pylib_dir) + + def download_all(): download_files = [] modules = glob.glob(os.path.join(base.ces_dir, 'installers/*.py')) @@ -79,3 +92,4 @@ def download_apps(): download_sqlalchemy() download_cryptography() download_pyjwt() + download_pymysql() diff --git a/jans-linux-setup/jans_setup/setup_app/installers/rdbm.py b/jans-linux-setup/jans_setup/setup_app/installers/rdbm.py index 503936f3c85..2d2710f116f 100644 --- a/jans-linux-setup/jans_setup/setup_app/installers/rdbm.py +++ b/jans-linux-setup/jans_setup/setup_app/installers/rdbm.py @@ -6,6 +6,7 @@ import sqlalchemy import shutil import zipfile +import random from string import Template from schema import AttributeType @@ -107,9 +108,14 @@ def fix_unit_file(self, service_name): self.writeFile(unit_fn, '\n'.join(unit_file_content_list)) self.run(['systemctl', 'daemon-reload']) + + def get_rdbm_pw(self): + return str(random.randint(10,99)) + random.choice('*_.<->') + self.getPW() + + def local_install(self): if not Config.rdbm_password: - Config.rdbm_password = self.getPW() + Config.rdbm_password = self.get_rdbm_pw() if not Config.rdbm_user: Config.rdbm_user = 'jans' @@ -119,10 +125,17 @@ def local_install(self): if Config.rdbm_type == 'mysql': if base.os_type == 'suse': - self.restart('mariadb') - self.fix_unit_file('mariadb') - self.enable('mariadb') - Config.backend_service = 'mariadb.service' + self.restart('mysql') + self.fix_unit_file('mysql') + self.enable('mysql') + Config.backend_service = 'mysql.service' + for l in open('/var/log/mysql/mysqld.log'): + if 'A temporary password is generated for' in l: + n = l.find('root@localhost:') + mysql_tmp_root_passwd = l[n+15:].strip() + break + Config.mysql_root_password = self.get_rdbm_pw() + self.run(f'''mysql -u root -p'{mysql_tmp_root_passwd}' -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '{Config.mysql_root_password}'" --connect-expired-password''', shell=True) elif base.clone_type == 'rpm': self.restart('mysqld') @@ -133,14 +146,15 @@ def local_install(self): Config.backend_service = 'mysql.service' result, conn = self.dbUtils.mysqlconnection(log=False) + user_passwd_str = f"-u root -p'{Config.mysql_root_password}' " if base.os_type == 'suse' else '' if not result: sql_cmd_list = [ - "CREATE DATABASE {};\n".format(Config.rdbm_db), - "CREATE USER '{}'@'localhost' IDENTIFIED BY '{}';\n".format(Config.rdbm_user, Config.rdbm_password), - "GRANT ALL PRIVILEGES ON {}.* TO '{}'@'localhost';\n".format(Config.rdbm_db, Config.rdbm_user), + "CREATE DATABASE {}".format(Config.rdbm_db), + "CREATE USER '{}'@'localhost' IDENTIFIED BY '{}'".format(Config.rdbm_user, Config.rdbm_password), + "GRANT ALL PRIVILEGES ON {}.* TO '{}'@'localhost'".format(Config.rdbm_db, Config.rdbm_user), ] for cmd in sql_cmd_list: - self.run("echo \"{}\" | mysql".format(cmd), shell=True) + self.run(f'mysql {user_passwd_str}-e "{cmd}"', shell=True) elif Config.rdbm_type == 'pgsql': if base.clone_type == 'rpm': diff --git a/jans-linux-setup/jans_setup/setup_app/utils/base.py b/jans-linux-setup/jans_setup/setup_app/utils/base.py index 8fdc754fdfb..5a144c972e6 100644 --- a/jans-linux-setup/jans_setup/setup_app/utils/base.py +++ b/jans-linux-setup/jans_setup/setup_app/utils/base.py @@ -48,7 +48,7 @@ os_initdaemon = f.read().split()[1] # Determine os_type and os_version -os_type, os_version = '', '' +os_type, os_version, os_subversion = '', '', '' os_release_fn = '/usr/lib/os-release' if not os.path.exists(os_release_fn): @@ -70,7 +70,10 @@ os_version = 'tumbleweed' break elif row[0] == 'VERSION_ID': - os_version = row[1].split('.')[0] + version_split = row[1].split('.') + os_version = version_split[0] + if len(version_split) > 1: + os_subversion = version_split[1] if not (os_type and os_version): print("Can't determine OS type and OS version") @@ -101,6 +104,8 @@ def get_os_description(): desc_dict = { 'suse': 'SUSE', 'red': 'RHEL', 'ubuntu': 'Ubuntu', 'deb': 'Debian', 'centos': 'CentOS', 'fedora': 'Fedora' } descs = desc_dict.get(os_type, os_type) descs += ' ' + os_version + if os_subversion: + descs += f'.{os_subversion}' fipsl = subprocess.getoutput("sysctl crypto.fips_enabled").strip().split() diff --git a/jans-linux-setup/jans_setup/setup_app/utils/db_utils.py b/jans-linux-setup/jans_setup/setup_app/utils/db_utils.py index 0010c6259b0..ce87deab208 100644 --- a/jans-linux-setup/jans_setup/setup_app/utils/db_utils.py +++ b/jans-linux-setup/jans_setup/setup_app/utils/db_utils.py @@ -43,7 +43,7 @@ class DBUtils: def bind(self, use_ssl=True, force=False): setattr(base.current_app, self.__class__.__name__, self) - + self.mariadb = None base.logIt("Bind to database") logging.basicConfig( diff --git a/jans-linux-setup/jans_setup/setup_app/utils/package_utils.py b/jans-linux-setup/jans_setup/setup_app/utils/package_utils.py index 546234b3acf..8826aedd7ad 100644 --- a/jans-linux-setup/jans_setup/setup_app/utils/package_utils.py +++ b/jans-linux-setup/jans_setup/setup_app/utils/package_utils.py @@ -56,7 +56,13 @@ def check_and_install_packages(self): if not Config.installed_instance: if base.argsp.local_rdbm == 'mysql' or (Config.get('rdbm_install_type') == InstallTypes.LOCAL and Config.rdbm_type == 'mysql'): - package_list[os_type_version]['mandatory'] += ' mysql-server' + if base.os_type == 'suse': + self.run(['rpm', '-i', f'https://dev.mysql.com/get/mysql80-community-release-sl{base.os_version}-{base.os_subversion}.noarch.rpm']) + self.run(['rpm', '--import', '/etc/RPM-GPG-KEY-mysql']) + self.run(['zypper', '--gpg-auto-import-keys', 'refresh']) + package_list[os_type_version]['mandatory'] += ' mysql-community-server' + else: + package_list[os_type_version]['mandatory'] += ' mysql-server' if base.argsp.local_rdbm == 'pgsql' or (Config.get('rdbm_install_type') == InstallTypes.LOCAL and Config.rdbm_type == 'pgsql'): package_list[os_type_version]['mandatory'] += ' postgresql python3-psycopg2 postgresql-contrib' if base.clone_type == 'deb': diff --git a/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py b/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py index 6e56cc7017b..f86200a90e0 100644 --- a/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py +++ b/jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py @@ -740,7 +740,11 @@ def prompt_for_rdbm(self): if result[0]: print(" {}Successfully connected to {} server{}".format(colors.OKGREEN, Config.rdbm_type.upper(), colors.ENDC)) - break + dbUtils.set_mysql_version() + if dbUtils.mariadb: + print(" {}MariaDB is not supported. Please use MySQL Server. {}".format(colors.FAIL, colors.ENDC)) + else: + break else: print(" {}Can't connect to {} server with provided credidentals.{}".format(colors.FAIL, Config.rdbm_type.upper(), colors.ENDC)) print(" ERROR:", result[1]) @@ -881,7 +885,10 @@ def prompt_for_backend(self): try: if Config.rdbm_type == 'mysql': - pymysql.connect(host=Config.rdbm_host, user=Config.rdbm_user, password=Config.rdbm_password, database=Config.rdbm_db, port=Config.rdbm_port) + conn = pymysql.connect(host=Config.rdbm_host, user=Config.rdbm_user, password=Config.rdbm_password, database=Config.rdbm_db, port=Config.rdbm_port) + if 'mariadb' in conn.server_version.lower(): + print(" {}MariaDB is not supported. Please use MySQL Server. {}".format(colors.FAIL, colors.ENDC)) + continue else: psycopg2.connect(dbname=Config.rdbm_db, user=Config.rdbm_user, password=Config.rdbm_password, host=Config.rdbm_host, port=Config.rdbm_port) print(" {}{} connection was successful{}".format(colors.OKGREEN, Config.rdbm_type.upper(), colors.ENDC))