You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
184 lines
7.0 KiB
184 lines
7.0 KiB
<?php
|
|
|
|
namespace App\Commands;
|
|
|
|
use Illuminate\Console\Scheduling\Schedule;
|
|
use LaravelZero\Framework\Commands\Command;
|
|
use Illuminate\Support\Facades\File;
|
|
|
|
use App\Facades\Install;
|
|
|
|
use Hackzilla\PasswordGenerator\Generator\ComputerPasswordGenerator;
|
|
use Hackzilla\PasswordGenerator\RandomGenerator\Php7RandomGenerator;
|
|
|
|
/**
|
|
* Install Mariadb
|
|
*
|
|
* @author Björn Hase, Tentakelfabrik
|
|
* @license http://opensource.org/licenses/MIT The MIT License
|
|
* @link https://gitea.tentakelfabrik.de/Tentakelfabrik/mcp
|
|
*
|
|
*/
|
|
class MariadbInstallCommand extends Command
|
|
{
|
|
// destination for username and password
|
|
const MCP_LOG_FILE = '/root/mcp.log';
|
|
|
|
// length for password
|
|
const PASSWORD_LENGTH = 40;
|
|
|
|
/**
|
|
* The signature of the command.
|
|
*
|
|
* @var string
|
|
*/
|
|
protected $signature = 'mariadb:install {version=10.4} {--remote}';
|
|
|
|
/**
|
|
* The description of the command.
|
|
*
|
|
* @var string
|
|
*/
|
|
protected $description = 'Install Mariadb and set configuration';
|
|
|
|
/**
|
|
* Execute the console command.
|
|
*
|
|
* @return mixed
|
|
*/
|
|
public function handle()
|
|
{
|
|
$this->info('Mariadb install...');
|
|
$version = $this->argument('version');
|
|
|
|
exec('apt update 2>&1', $output);
|
|
|
|
// @TODO apt add a Warning for no good, in a later version output will be scanned for helpfull infos
|
|
$this->line(implode("\n", Install::filterAptMessages($output)));
|
|
|
|
if ($version === '10.4') {
|
|
|
|
$this->info('Mariadb try install 10.04...');
|
|
|
|
// getting release
|
|
$release = Install::getDistributionRelease();
|
|
|
|
if (Install::getDistributionId() === 'Ubuntu' && ($release === '18.04' || $release === '20.04')) {
|
|
$this->info('Mariadb install for Ubuntu '.$release.'...');
|
|
|
|
$output = [];
|
|
exec('apt install -y software-properties-common 2>&1', $output);
|
|
exec('apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8 2>&1', $output);
|
|
exec('add-apt-repository -y "deb [arch=amd64,arm64,ppc64el] http://mariadb.mirror.liquidtelecom.com/repo/10.4/ubuntu '.Install::getDistributionCodename().' main" 2>&1', $output);
|
|
exec('apt update 2>&1', $output);
|
|
}
|
|
}
|
|
|
|
exec('apt install -y mariadb-server mariadb-client 2>&1', $output);
|
|
|
|
// @TODO apt add a Warning for no good, in a later version output will be scanned for helpfull infos
|
|
$this->line(implode("\n", Install::filterAptMessages($output)));
|
|
|
|
if (Install::isReady('mariadb-server') && Install::isReady('mariadb-client')) {
|
|
|
|
$this->info('Mariadb setup...');
|
|
|
|
// setting password for root, repeat until
|
|
do {
|
|
$password = $this->secret('Root Password');
|
|
$passwordRepeat = $this->secret('Repeat Root Password');
|
|
|
|
if ($password !== $passwordRepeat) {
|
|
$this->error('Password not equal! Try again!');
|
|
}
|
|
|
|
if (empty($password)) {
|
|
$this->error('Password is empty! Try again!');
|
|
}
|
|
|
|
} while ($password !== $passwordRepeat || empty($password));
|
|
|
|
// make sure root can only access from local
|
|
$this->info('Mariadb make sure root can ony access from local...');
|
|
system('sudo mysql -u root -e "DELETE FROM mysql.user WHERE User=\'root\' AND Host NOT IN (\'localhost\', \'127.0.0.1\', \'::1\');"');
|
|
|
|
// delete anonymous user
|
|
$this->info('Mariadb delete anonymous user...');
|
|
system('sudo mysql -u root -e "DELETE FROM mysql.user WHERE User=\'\';"');
|
|
|
|
// drop test database and anthing familiar
|
|
$this->info('Mariadb drop test and anthing familiar...');
|
|
system('sudo mysql -u root -e "DROP DATABASE IF EXISTS test;"');
|
|
system('sudo mysql -u root -e "DELETE FROM mysql.db WHERE Db=\'test\' OR Db=\'test_%\';"');
|
|
|
|
// remove plugin for root and set password
|
|
$this->info('Mariadb add password for root...');
|
|
|
|
if ($version === '10.4') {
|
|
system('sudo mysql -u root -e "ALTER USER root@localhost IDENTIFIED VIA mysql_native_password USING PASSWORD(\''.$password.'\'); FLUSH PRIVILEGES;"');
|
|
} else {
|
|
system('sudo mysql -u root -e "UPDATE mysql.user SET Password=PASSWORD(\''.$password.'\') WHERE User=\'root\'; FLUSH PRIVILEGES;"');
|
|
system('sudo mysql -u root -e "UPDATE mysql.user SET plugin=\'\' where User=\'root\';"');
|
|
}
|
|
|
|
$this->info('Mariadb installing...Success! \o/');
|
|
|
|
if ($this->option('remote') === true) {
|
|
$this->removeAccess();
|
|
}
|
|
|
|
} else {
|
|
$this->error('Failed! Please check log-file!');
|
|
}
|
|
}
|
|
|
|
/**
|
|
*
|
|
*
|
|
*/
|
|
private function remoteAccess()
|
|
{
|
|
$this->info('Mariadb remote...');
|
|
system('mkdir -p /etc/mysql/ssl');
|
|
|
|
$this->info('Generating CA');
|
|
system('openssl genrsa 4096 > /etc/mysql/ssl/ca-key.pem');
|
|
system('openssl req -new -x509 -nodes -days 365000 -key /etc/mysql/ssl/ca-key.pem -out /etc/mysql/ssl/ca-cert.pem -subj "/CN='.$name.'-mysql-ca"');
|
|
|
|
$this->info('Generating Server Certificate');
|
|
system('openssl req -newkey rsa:4096 -days 365000 -nodes -keyout /etc/mysql/ssl/server-key.pem -out /etc/mysql/ssl/server-req.pem -subj "/CN='.$name.'-mysql-server"');
|
|
system('openssl rsa -in /etc/mysql/ssl/server-key.pem -out /etc/mysql/ssl/server-key.pem');
|
|
system('openssl x509 -req -in /etc/mysql/ssl/server-req.pem -days 365000 -CA /etc/mysql/ssl/ca-cert.pem -CAkey /etc/mysql/ssl/ca-key.pem -set_serial 01 -out /etc/mysql/ssl/server-cert.pem');
|
|
|
|
$this->info('Generating Client Certificate');
|
|
system('openssl req -newkey rsa:4096 -days 365000 -nodes -keyout /etc/mysql/ssl/client-key.pem -out /etc/mysql/ssl/client-req.pem -subj "/CN='.$name.'-mysql-server"');
|
|
system('openssl rsa -in /etc/mysql/ssl/client-key.pem -out /etc/mysql/ssl/client-key.pem');
|
|
system('openssl x509 -req -in /etc/mysql/ssl/client-req.pem -days 365000 -CA /etc/mysql/ssl/ca-cert.pem -CAkey /etc/mysql/ssl/ca-key.pem -set_serial 01 -out /etc/mysql/ssl/client-cert.pem');
|
|
|
|
$this->info('Validate Certificates');
|
|
system('openssl verify -CAfile /etc/mysql/ssl/ca-cert.pem /etc/mysql/ssl/server-cert.pem /etc/mysql/ssl/client-cert.pem');
|
|
|
|
system('cat >> /etc/mysql/my.cnf << EOF
|
|
[mysqld]
|
|
bind-address = 0.0.0.0
|
|
|
|
ssl-ca=/etc/mysql/ssl/ca-cert.pem
|
|
ssl-cert=/etc/mysql/ssl/server-cert.pem
|
|
ssl-key=/etc/mysql/ssl/server-key.pem
|
|
|
|
[client]
|
|
ssl-ca=/etc/mysql/ssl/ca-cert.pem
|
|
ssl-cert=/etc/mysql/ssl/client-cert.pem
|
|
ssl-key=/etc/mysql/ssl/client-key.pem
|
|
EOF');
|
|
|
|
system('chown -R mysql:mysql /etc/mysql/ssl');
|
|
system('chmod 644 /etc/mysql/ssl/*cert*');
|
|
system('chmod 644 /etc/mysql/ssl/*key*');
|
|
|
|
system('service restart mariadb');
|
|
system('ufw allow mysql');
|
|
|
|
$this->info('Mariadb remote...Success! \o/');
|
|
}
|
|
}
|