info('Mariadb install...'); $version = $this->argument('version'); exec('apt update 2>&1', $output); // @TODO apt add a Warning for no good, in a later version output will be scanned for helpfull infos $this->line(implode("\n", Install::filterAptMessages($output))); if ($version === '10.4') { $this->info('Mariadb try install 10.04...'); // getting release $release = Install::getDistributionRelease(); if (Install::getDistributionId() === 'Ubuntu' && ($release === '18.04' || $release === '20.04')) { $this->info('Mariadb install for Ubuntu '.$release.'...'); $output = []; exec('apt install -y software-properties-common 2>&1', $output); exec('apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8 2>&1', $output); exec('add-apt-repository -y "deb [arch=amd64,arm64,ppc64el] http://mariadb.mirror.liquidtelecom.com/repo/10.4/ubuntu '.Install::getDistributionCodename().' main" 2>&1', $output); exec('apt update 2>&1', $output); } } exec('apt install -y mariadb-server mariadb-client 2>&1', $output); // @TODO apt add a Warning for no good, in a later version output will be scanned for helpfull infos $this->line(implode("\n", Install::filterAptMessages($output))); if (Install::isReady('mariadb-server') && Install::isReady('mariadb-client')) { $this->info('Mariadb setup...'); // setting password for root, repeat until do { $password = $this->secret('Root Password'); $passwordRepeat = $this->secret('Repeat Root Password'); if ($password !== $passwordRepeat) { $this->error('Password not equal! Try again!'); } if (empty($password)) { $this->error('Password is empty! Try again!'); } } while ($password !== $passwordRepeat || empty($password)); // make sure root can only access from local $this->info('Mariadb make sure root can ony access from local...'); system('sudo mysql -u root -e "DELETE FROM mysql.user WHERE User=\'root\' AND Host NOT IN (\'localhost\', \'127.0.0.1\', \'::1\');"'); // delete anonymous user $this->info('Mariadb delete anonymous user...'); system('sudo mysql -u root -e "DELETE FROM mysql.user WHERE User=\'\';"'); // drop test database and anthing familiar $this->info('Mariadb drop test and anthing familiar...'); system('sudo mysql -u root -e "DROP DATABASE IF EXISTS test;"'); system('sudo mysql -u root -e "DELETE FROM mysql.db WHERE Db=\'test\' OR Db=\'test_%\';"'); // remove plugin for root and set password $this->info('Mariadb add password for root...'); if ($version === '10.4') { system('sudo mysql -u root -e "ALTER USER root@localhost IDENTIFIED VIA mysql_native_password USING PASSWORD(\''.$password.'\'); FLUSH PRIVILEGES;"'); } else { system('sudo mysql -u root -e "UPDATE mysql.user SET Password=PASSWORD(\''.$password.'\') WHERE User=\'root\'; FLUSH PRIVILEGES;"'); system('sudo mysql -u root -e "UPDATE mysql.user SET plugin=\'\' where User=\'root\';"'); } $this->info('Mariadb installing...Success! \o/'); if ($this->option('remote') === true) { $this->remoteAccess(); } } else { $this->error('Failed! Please check log-file!'); } } /** * * */ private function remoteAccess() { $this->info('Mariadb remote...'); system('mkdir -p /etc/mysql/ssl'); system('hostname', $hostname); $this->info('Generating CA'); system('openssl genrsa 4096 > /etc/mysql/ssl/ca-key.pem'); system('openssl req -new -x509 -nodes -days 365000 -key /etc/mysql/ssl/ca-key.pem -out /etc/mysql/ssl/ca-cert.pem -subj "/CN='.$hostname.'-mysql-ca"'); $this->info('Generating Server Certificate'); system('openssl req -newkey rsa:4096 -days 365000 -nodes -keyout /etc/mysql/ssl/server-key.pem -out /etc/mysql/ssl/server-req.pem -subj "/CN='.$hostname.'-mysql-server"'); system('openssl rsa -in /etc/mysql/ssl/server-key.pem -out /etc/mysql/ssl/server-key.pem'); system('openssl x509 -req -in /etc/mysql/ssl/server-req.pem -days 365000 -CA /etc/mysql/ssl/ca-cert.pem -CAkey /etc/mysql/ssl/ca-key.pem -set_serial 01 -out /etc/mysql/ssl/server-cert.pem'); $this->info('Generating Client Certificate'); system('openssl req -newkey rsa:4096 -days 365000 -nodes -keyout /etc/mysql/ssl/client-key.pem -out /etc/mysql/ssl/client-req.pem -subj "/CN='.$hostname.'-mysql-server"'); system('openssl rsa -in /etc/mysql/ssl/client-key.pem -out /etc/mysql/ssl/client-key.pem'); system('openssl x509 -req -in /etc/mysql/ssl/client-req.pem -days 365000 -CA /etc/mysql/ssl/ca-cert.pem -CAkey /etc/mysql/ssl/ca-key.pem -set_serial 01 -out /etc/mysql/ssl/client-cert.pem'); if (!file_exist('/etc/mysql/ssl/ca-cert.pem') || !file_exist('/etc/mysql/ssl/client-cert.pem') || file_exist('/etc/mysql/ssl/client-key.pem')) { $this->error('Failed! Certificates not created!'); exit(); } $this->info('Validate Certificates'); system('openssl verify -CAfile /etc/mysql/ssl/ca-cert.pem /etc/mysql/ssl/server-cert.pem /etc/mysql/ssl/client-cert.pem'); system('cat >> /etc/mysql/my.cnf << EOF [mysqld] bind-address = 0.0.0.0 ssl-ca=/etc/mysql/ssl/ca-cert.pem ssl-cert=/etc/mysql/ssl/server-cert.pem ssl-key=/etc/mysql/ssl/server-key.pem [client] ssl-ca=/etc/mysql/ssl/ca-cert.pem ssl-cert=/etc/mysql/ssl/client-cert.pem ssl-key=/etc/mysql/ssl/client-key.pem'); system('chown -R mysql:mysql /etc/mysql/ssl'); system('chmod 644 /etc/mysql/ssl/*cert*'); system('chmod 644 /etc/mysql/ssl/*key*'); system('service restart mysql'); system('ufw allow mysql'); $this->info('Mariadb remote...Success! \o/'); } }