From 6b26c54b49125c990fef27b4f0f213498d10ad43 Mon Sep 17 00:00:00 2001 From: g0tmi1k <535942+g0tmi1k@users.noreply.github.com> Date: Wed, 18 Mar 2020 13:12:01 +0000 Subject: [PATCH] Bug fixes & more verbose (#123) * Bug fixes & more verbose * More error handling * Better bash fu * Fix GUACAMOLE-760 https://issues.apache.org/jira/browse/GUACAMOLE-760 ``` Cause: java.sql.SQLException: The server time zone value 'xyz' is unrecognized or represents more than one time zone. You must configure either the server or JDBC driver (via the serverTimezone configuration property)..... ``` * Address a few formatting issues * Make sure MySQL is up first & remove dead code * Hide some errors --- guac-install.sh | 292 ++++++++++++++++++++++++++++++------------------ 1 file changed, 184 insertions(+), 108 deletions(-) diff --git a/guac-install.sh b/guac-install.sh index 103a272..64b20f8 100755 --- a/guac-install.sh +++ b/guac-install.sh @@ -1,13 +1,24 @@ #!/bin/bash +# Something isn't working? # tail -f /var/log/messages /var/log/syslog /var/log/tomcat*/*.out /var/log/mysql/*.log # Check if user is root or sudo -if ! [ $(id -u) = 0 ]; then echo "Please run this script as sudo or root"; exit 1 ; fi +if ! [ $( id -u ) = 0 ]; then + echo "Please run this script as sudo or root" 1>&2 + exit 1 +fi + +# Check to see if any old files left over +if [ "$( find . -maxdepth 1 \( -name 'guacamole-*' -o -name 'mysql-connector-java-*' \) )" != "" ]; then + echo "Possible temp files detected. Please review 'guacamole-*' & 'mysql-connector-java-*'" 1>&2 + exit 1 +fi # Version number of Guacamole to install +# Homepage ~ https://guacamole.apache.org/releases/ GUACVERSION="1.1.0" -# Latest Version of MySQL Connector/J if manuall install is required -# Manuall install is required if libmysql-java is not available via apt +# Latest Version of MySQL Connector/J if manual install is required (if libmariadb-java/libmysql-java is not available via apt) +# Homepage ~ https://dev.mysql.com/downloads/connector/j/ MCJVER="8.0.19" # Colors to use for output @@ -88,11 +99,11 @@ while [ "$1" != "" ]; do shift done -if [[ -z "$installTOTP" ]] && [[ "$installDuo" != true ]]; then +if [[ -z "${installTOTP}" ]] && [[ "${installDuo}" != true ]]; then # Prompt the user if they would like to install TOTP MFA, default of no echo -e -n "${CYAN}MFA: Would you like to install TOTP? (y/N): ${NC}" read PROMPT - if [[ $PROMPT =~ ^[Yy]$ ]]; then + if [[ ${PROMPT} =~ ^[Yy]$ ]]; then installTOTP=true installDuo=false else @@ -100,11 +111,11 @@ if [[ -z "$installTOTP" ]] && [[ "$installDuo" != true ]]; then fi fi -if [[ -z "$installDuo" ]] && [[ "$installTOTP" != true ]]; then +if [[ -z "${installDuo}" ]] && [[ "${installTOTP}" != true ]]; then # Prompt the user if they would like to install Duo MFA, default of no echo -e -n "${CYAN}MFA: Would you like to install Duo (configuration values must be set after install in /etc/guacamole/guacamole.properties)? (y/N): ${NC}" read PROMPT - if [[ $PROMPT =~ ^[Yy]$ ]]; then + if [[ ${PROMPT} =~ ^[Yy]$ ]]; then installDuo=true installTOTP=false else @@ -113,49 +124,53 @@ if [[ -z "$installDuo" ]] && [[ "$installTOTP" != true ]]; then fi # We can't install TOTP and Duo at the same time... -if [[ "$installTOTP" = true ]] && [ "$installDuo" = true ]; then - echo -e "${RED}MFA: The script does not support installing TOTP and Duo at the same time.${NC}" +if [[ "${installTOTP}" = true ]] && [ "${installDuo}" = true ]; then + echo -e "${RED}MFA: The script does not support installing TOTP and Duo at the same time.${NC}" 1>&2 exit 1 fi echo -if [[ -z $installMySQL ]]; then +if [[ -z ${installMySQL} ]]; then # Prompt the user to see if they would like to install MySQL, default of yes echo "MySQL is required for installation, if you're using a remote MySQL Server select 'n'" echo -e -n "${CYAN}Would you like to install MySQL? (Y/n): ${NC}" read PROMPT - if [[ $PROMPT =~ ^[Nn]$ ]]; then + if [[ ${PROMPT} =~ ^[Nn]$ ]]; then installMySQL=false else installMySQL=true fi fi -if [ "$installMySQL" = false ]; then +if [ "${installMySQL}" = false ]; then # We need to get additional values - read -p "Enter MySQL server hostname or IP: " mysqlHost - read -p "Enter MySQL server port [3306]: " mysqlPort - read -p "Enter Guacamole database name [guacamole_db]: " guacDb - read -p "Enter Guacamole user [guacamole_user]: " guacUser + [ -z "${mysqlHost}" ] \ + && read -p "Enter MySQL server hostname or IP: " mysqlHost + [ -z "${mysqlPort}" ] \ + && read -p "Enter MySQL server port [3306]: " mysqlPort + [ -z "${guacDb}" ] \ + && read -p "Enter Guacamole database name [guacamole_db]: " guacDb + [ -z "${guacUser}" ] \ + && read -p "Enter Guacamole user [guacamole_user]: " guacUser fi # Checking if mysql host given -if [ -z "$mysqlHost" ]; then +if [ -z "${mysqlHost}" ]; then mysqlHost="localhost" fi # Checking if mysql port given -if [ -z "$mysqlPort" ]; then +if [ -z "${mysqlPort}" ]; then mysqlPort="3306" fi # Checking if mysql user given -if [ -z "$guacUser" ]; then +if [ -z "${guacUser}" ]; then guacUser="guacamole_user" fi # Checking if database name given -if [ -z "$guacDb" ]; then +if [ -z "${guacDb}" ]; then guacDb="guacamole_db" fi @@ -167,11 +182,11 @@ if [ -z "${mysqlRootPwd}" ]; then echo read -s -p "Confirm ${mysqlHost}'s MySQL root password: " PROMPT2 echo - [ "$mysqlRootPwd" = "$PROMPT2" ] && break - echo "Passwords don't match. Please try again." + [ "${mysqlRootPwd}" = "${PROMPT2}" ] && break + echo -e "${RED}Passwords don't match. Please try again.${NC}" 1>&2 done else - echo -e "${BLUE}Read MySQL password from command line argument${NC}" + echo -e "${BLUE}Read MySQL root's password from command line argument${NC}" fi echo @@ -182,19 +197,19 @@ if [ -z "${guacPwd}" ]; then echo read -s -p "Confirm ${mysqlHost}'s MySQL guacamole user password: " PROMPT2 echo - [ "$guacPwd" = "$PROMPT2" ] && break - echo "Passwords don't match. Please try again." + [ "${guacPwd}" = "${PROMPT2}" ] && break + echo -e "${RED}Passwords don't match. Please try again.${NC}" 1>&2 echo done else - echo -e "${BLUE}Read MySQL password from command line argument${NC}" + echo -e "${BLUE}Read MySQL ${guacUser}'s password from command line argument${NC}" fi echo -if [ "$installMySQL" = true ]; then +if [ "${installMySQL}" = true ]; then # Seed MySQL install values - debconf-set-selections <<< "mysql-server mysql-server/root_password password $mysqlRootPwd" - debconf-set-selections <<< "mysql-server mysql-server/root_password_again password $mysqlRootPwd" + debconf-set-selections <<< "mysql-server mysql-server/root_password password ${mysqlRootPwd}" + debconf-set-selections <<< "mysql-server mysql-server/root_password_again password ${mysqlRootPwd}" fi # Different version of Ubuntu and Debian have different package names... @@ -210,10 +225,10 @@ if [[ "${NAME}" == "Ubuntu" ]]; then else LIBPNG="libpng-dev" fi - if [ "$installMySQL" = true ]; then + if [ "${installMySQL}" = true ]; then MYSQL="mysql-server mysql-client mysql-common mysql-utilities" # Checking if (any kind of) mysql-client or compatible command installed. This is useful for existing mariadb server - elif [ -x "$(command -v mysql)" ]; then + elif [ -x "$( command -v mysql )" ]; then MYSQL="" else MYSQL="mysql-client" @@ -225,44 +240,59 @@ elif [[ "${NAME}" == *"Debian"* ]] || [[ "${NAME}" == *"Raspbian GNU/Linux"* ]] else LIBPNG="libpng12-dev" fi - if [ "$installMySQL" = true ]; then + if [ "${installMySQL}" = true ]; then MYSQL="default-mysql-server default-mysql-client mysql-common" # Checking if (any kind of) mysql-client or compatible command installed. This is useful for existing mariadb server - elif [ -x "$(command -v mysql)" ]; then + elif [ -x "$( command -v mysql )" ]; then MYSQL="" else MYSQL="default-mysql-client" fi else - echo "Unsupported Distro - Ubuntu, Debian, Kali or Raspbian Only" + echo "Unsupported distribution - Debian, Kali, Raspbian or Ubuntu only" exit 1 fi -# Update apt so we can search apt-cache for newest tomcat version supported & libmysql-java +# Update apt so we can search apt-cache for newest Tomcat version supported & libmariadb-java/libmysql-java echo -e "${BLUE}Updating apt...${NC}" apt-get -qq update -# Check if libmysql-java is available -if [[ $(apt-cache show libmysql-java 2> /dev/null | egrep "Version:" | wc -l) -gt 0 ]]; then +# Check if libmariadb-java/libmysql-java is available +# Debian 10 >= ~ https://packages.debian.org/search?keywords=libmariadb-java +if [[ $( apt-cache show libmariadb-java 2> /dev/null | wc -l ) -gt 0 ]]; then + # When something higher than 1.1.0 is out ~ https://issues.apache.org/jira/browse/GUACAMOLE-852 + #echo -e "${BLUE}Found libmariadb-java package...${NC}" + #LIBJAVA="libmariadb-java" + # For v1.1.0 and lower + echo -e "${YELLOW}Found libmariadb-java package (known issues). Will download libmysql-java ${MCJVER} and install manually${NC}" + LIBJAVA="" +# Debian 9 <= ~ https://packages.debian.org/search?keywords=libmysql-java +elif [[ $( apt-cache show libmysql-java 2> /dev/null | wc -l ) -gt 0 ]]; then + echo -e "${BLUE}Found libmysql-java package...${NC}" LIBJAVA="libmysql-java" else + echo -e "${YELLOW}lib{mariadb,mysql}-java not available. Will download mysql-connector-java-${MCJVER}.tar.gz and install manually${NC}" LIBJAVA="" - echo -e "${YELLOW}libmysql-java not available. Will download ${MCJVER} and install manually${NC}" fi -echo # tomcat9 is the latest version # tomcat8.0 is end of life, but tomcat8.5 is current # fallback is tomcat7 -if [[ $(apt-cache show tomcat9 2> /dev/null | egrep "Version: 9" | wc -l) -gt 0 ]]; then +if [[ $( apt-cache show tomcat9 2> /dev/null | egrep "Version: 9" | wc -l ) -gt 0 ]]; then + echo -e "${BLUE}Found tomcat9 package...${NC}" TOMCAT="tomcat9" -elif [[ $(apt-cache show tomcat8 2> /dev/null | egrep "Version: 8.[5-9]" | wc -l) -gt 0 ]]; then +elif [[ $( apt-cache show tomcat8 2> /dev/null | egrep "Version: 8.[5-9]" | wc -l ) -gt 0 ]]; then + echo -e "${BLUE}Found tomcat8.5+ package...${NC}" TOMCAT="tomcat8" -else +elif [[ $( apt-cache show tomcat7 2> /dev/null | egrep "Version: 7" | wc -l ) -gt 0 ]]; then + echo -e "${BLUE}Found tomcat7 package...${NC}" TOMCAT="tomcat7" +else + echo -e "${RED}Failed. Can't find Tomcat package${NC}" 1>&2 + exit 1 fi -# Uncomment to manually force a tomcat version +# Uncomment to manually force a Tomcat version #TOMCAT="" # Install features @@ -274,17 +304,19 @@ export DEBIAN_FRONTEND=noninteractive # Required packages apt-get -y install build-essential libcairo2-dev ${JPEGTURBO} ${LIBPNG} libossp-uuid-dev libavcodec-dev libavutil-dev \ libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev \ -libvorbis-dev libwebp-dev libwebsockets-dev wget \ +libvorbis-dev libwebp-dev libwebsockets-dev \ freerdp2-x11 libtool-bin ghostscript dpkg-dev \ +wget crudini \ ${MYSQL} ${LIBJAVA} ${TOMCAT} &>> ${LOG} # If apt fails to run completely the rest of this isn't going to work... if [ $? -ne 0 ]; then - echo -e "${RED}Failed. See ${LOG}${NC}" + echo -e "${RED}Failed. See ${LOG}${NC}" 1>&2 exit 1 else echo -e "${GREEN}OK${NC}" fi +echo # Set SERVER to be the preferred download server from the Apache CDN SERVER="http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/${GUACVERSION}" @@ -293,7 +325,7 @@ echo -e "${BLUE}Downloading files...${NC}" # Download Guacamole Server wget -q --show-progress -O guacamole-server-${GUACVERSION}.tar.gz ${SERVER}/source/guacamole-server-${GUACVERSION}.tar.gz if [ $? -ne 0 ]; then - echo -e "${RED}Failed to download guacamole-server-${GUACVERSION}.tar.gz" + echo -e "${RED}Failed to download guacamole-server-${GUACVERSION}.tar.gz" 1>&2 echo -e "${SERVER}/source/guacamole-server-${GUACVERSION}.tar.gz${NC}" exit 1 else @@ -305,7 +337,7 @@ echo -e "${GREEN}Downloaded guacamole-server-${GUACVERSION}.tar.gz${NC}" # Download Guacamole Client wget -q --show-progress -O guacamole-${GUACVERSION}.war ${SERVER}/binary/guacamole-${GUACVERSION}.war if [ $? -ne 0 ]; then - echo -e "${RED}Failed to download guacamole-${GUACVERSION}.war" + echo -e "${RED}Failed to download guacamole-${GUACVERSION}.war" 1>&2 echo -e "${SERVER}/binary/guacamole-${GUACVERSION}.war${NC}" exit 1 fi @@ -314,7 +346,7 @@ echo -e "${GREEN}Downloaded guacamole-${GUACVERSION}.war${NC}" # Download Guacamole authentication extensions (Database) wget -q --show-progress -O guacamole-auth-jdbc-${GUACVERSION}.tar.gz ${SERVER}/binary/guacamole-auth-jdbc-${GUACVERSION}.tar.gz if [ $? -ne 0 ]; then - echo -e "${RED}Failed to download guacamole-auth-jdbc-${GUACVERSION}.tar.gz" + echo -e "${RED}Failed to download guacamole-auth-jdbc-${GUACVERSION}.tar.gz" 1>&2 echo -e "${SERVER}/binary/guacamole-auth-jdbc-${GUACVERSION}.tar.gz" exit 1 else @@ -325,10 +357,10 @@ echo -e "${GREEN}Downloaded guacamole-auth-jdbc-${GUACVERSION}.tar.gz${NC}" # Download Guacamole authentication extensions # TOTP -if [ "$installTOTP" = true ]; then +if [ "${installTOTP}" = true ]; then wget -q --show-progress -O guacamole-auth-totp-${GUACVERSION}.tar.gz ${SERVER}/binary/guacamole-auth-totp-${GUACVERSION}.tar.gz if [ $? -ne 0 ]; then - echo -e "${RED}Failed to download guacamole-auth-totp-${GUACVERSION}.tar.gz" + echo -e "${RED}Failed to download guacamole-auth-totp-${GUACVERSION}.tar.gz" 1>&2 echo -e "${SERVER}/binary/guacamole-auth-totp-${GUACVERSION}.tar.gz" exit 1 else @@ -338,10 +370,10 @@ if [ "$installTOTP" = true ]; then fi # Duo -if [ "$installDuo" = true ]; then +if [ "${installDuo}" = true ]; then wget -q --show-progress -O guacamole-auth-duo-${GUACVERSION}.tar.gz ${SERVER}/binary/guacamole-auth-duo-${GUACVERSION}.tar.gz if [ $? -ne 0 ]; then - echo -e "${RED}Failed to download guacamole-auth-duo-${GUACVERSION}.tar.gz" + echo -e "${RED}Failed to download guacamole-auth-duo-${GUACVERSION}.tar.gz" 1>&2 echo -e "${SERVER}/binary/guacamole-auth-duo-${GUACVERSION}.tar.gz" exit 1 else @@ -350,36 +382,39 @@ if [ "$installDuo" = true ]; then echo -e "${GREEN}Downloaded guacamole-auth-duo-${GUACVERSION}.tar.gz${NC}" fi -# Deal with Missing MySQL Connector/J -if [[ -z $JAVALIB ]]; then +# Deal with missing MySQL Connector/J +if [[ -z $LIBJAVA ]]; then # Download MySQL Connector/J wget -q --show-progress -O mysql-connector-java-${MCJVER}.tar.gz https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-${MCJVER}.tar.gz if [ $? -ne 0 ]; then - echo -e "${RED}Failed to download mysql-connector-java-${MCJVER}.tar.gz" + echo -e "${RED}Failed to download mysql-connector-java-${MCJVER}.tar.gz" 1>&2 echo -e "https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-${MCJVER}.tar.gz${NC}" exit 1 else tar -xzf mysql-connector-java-${MCJVER}.tar.gz fi echo -e "${GREEN}Downloaded mysql-connector-java-${MCJVER}.tar.gz${NC}" +else + echo -e "${YELLOW}Skipping manually installing MySQL Connector/J${NC}" fi echo -e "${GREEN}Downloading complete.${NC}" echo # Make directories -rm -rf /etc/guacamole/extensions -mkdir -p /etc/guacamole/lib -mkdir -p /etc/guacamole/extensions +rm -rf /etc/guacamole/lib/ +rm -rf /etc/guacamole/extensions/ +mkdir -p /etc/guacamole/lib/ +mkdir -p /etc/guacamole/extensions/ # Install guacd (Guacamole-server) -cd guacamole-server-${GUACVERSION} +cd guacamole-server-${GUACVERSION}/ -echo -e "${BLUE}Building Guacamole-Server with GCC $(gcc --version | head -n1 | grep -oP '\)\K.*' | awk '{print $1}') ${NC}" +echo -e "${BLUE}Building Guacamole-Server with GCC $( gcc --version | head -n1 | grep -oP '\)\K.*' | awk '{print $1}' ) ${NC}" echo -e "${BLUE}Configuring Guacamole-Server. This might take a minute...${NC}" ./configure --with-init-dir=/etc/init.d &>> ${LOG} if [ $? -ne 0 ]; then - echo -e "${RED}Failed. See ${LOG}${NC}" + echo -e "${RED}Failed. See ${LOG}${NC}" 1>&2 exit 1 else echo -e "${GREEN}OK${NC}" @@ -388,7 +423,7 @@ fi echo -e "${BLUE}Running Make on Guacamole-Server. This might take a few minutes...${NC}" make &>> ${LOG} if [ $? -ne 0 ]; then - echo -e "${RED}Failed. See ${LOG}${NC}" + echo -e "${RED}Failed. See ${LOG}${NC}" 1>&2 exit 1 else echo -e "${GREEN}OK${NC}" @@ -397,7 +432,7 @@ fi echo -e "${BLUE}Running Make Install on Guacamole-Server...${NC}" make install &>> ${LOG} if [ $? -ne 0 ]; then - echo -e "${RED}Failed. See ${LOG}${NC}" + echo -e "${RED}Failed. See ${LOG}${NC}" 1>&2 exit 1 else echo -e "${GREEN}OK${NC}" @@ -407,27 +442,40 @@ echo # Move files to correct locations (guacamole-client & Guacamole authentication extensions) cd .. -mv guacamole-${GUACVERSION}.war /etc/guacamole/guacamole.war -mv guacamole-auth-jdbc-${GUACVERSION}/mysql/guacamole-auth-jdbc-mysql-${GUACVERSION}.jar /etc/guacamole/extensions/ +mv -f guacamole-${GUACVERSION}.war /etc/guacamole/guacamole.war +mv -f guacamole-auth-jdbc-${GUACVERSION}/mysql/guacamole-auth-jdbc-mysql-${GUACVERSION}.jar /etc/guacamole/extensions/ # Create Symbolic Link for Tomcat ln -sf /etc/guacamole/guacamole.war /var/lib/${TOMCAT}/webapps/ # Deal with MySQL Connector/J -if [[ -z $JAVALIB ]]; then - mv mysql-connector-java-${MCJVER}/mysql-connector-java-${MCJVER}.jar /etc/guacamole/lib/mysql-connector-java.jar +if [[ -z $LIBJAVA ]]; then + echo -e "${BLUE}Moving mysql-connector-java-${MCJVER}.jar (/etc/guacamole/lib/mysql-connector-java.jar)...${NC}" + mv -f mysql-connector-java-${MCJVER}/mysql-connector-java-${MCJVER}.jar /etc/guacamole/lib/mysql-connector-java.jar +elif [ -e /usr/share/java/mariadb-java-client.jar ]; then + echo -e "${BLUE}Linking mariadb-java-client.jar (/etc/guacamole/lib/mariadb-java-client.jar)...${NC}" + ln -sf /usr/share/java/mariadb-java-client.jar /etc/guacamole/lib/mariadb-java-client.jar +elif [ -e /usr/share/java/mysql-connector-java.jar ]; then + echo -e "${BLUE}Linking mysql-connector-java.jar (/etc/guacamole/lib/mysql-connector-java.jar)...${NC}" + ln -sf /usr/share/java/mysql-connector-java.jar /etc/guacamole/lib/mysql-connector-java.jar else - ln -s /usr/share/java/mysql-connector-java.jar /etc/guacamole/lib/ + echo -e "${RED}Can't find *.jar file${NC}" 1>&2 + exit 1 fi +echo # Move TOTP Files -if [ "$installTOTP" = true ]; then - mv guacamole-auth-totp-${GUACVERSION}/guacamole-auth-totp-${GUACVERSION}.jar /etc/guacamole/extensions/ +if [ "${installTOTP}" = true ]; then + echo -e "${BLUE}Moving guacamole-auth-totp-${GUACVERSION}.jar (/etc/guacamole/extensions/)...${NC}" + mv -f guacamole-auth-totp-${GUACVERSION}/guacamole-auth-totp-${GUACVERSION}.jar /etc/guacamole/extensions/ + echo fi # Move Duo Files -if [ "$installDuo" = true ]; then - mv guacamole-auth-duo-${GUACVERSION}/guacamole-auth-duo-${GUACVERSION}.jar /etc/guacamole/extensions/ +if [ "${installDuo}" = true ]; then + echo -e "${BLUE}Moving guacamole-auth-duo-${GUACVERSION}.jar (/etc/guacamole/extensions/)...${NC}" + mv -f guacamole-auth-duo-${GUACVERSION}/guacamole-auth-duo-${GUACVERSION}.jar /etc/guacamole/extensions/ + echo fi # Configure guacamole.properties @@ -440,7 +488,7 @@ echo "mysql-username: ${guacUser}" >> /etc/guacamole/guacamole.properties echo "mysql-password: ${guacPwd}" >> /etc/guacamole/guacamole.properties # Output Duo configuration settings but comment them out for now -if [ "$installDuo" = true ]; then +if [ "${installDuo}" = true ]; then echo "# duo-api-hostname: " >> /etc/guacamole/guacamole.properties echo "# duo-integration-key: " >> /etc/guacamole/guacamole.properties echo "# duo-secret-key: " >> /etc/guacamole/guacamole.properties @@ -448,11 +496,11 @@ if [ "$installDuo" = true ]; then echo -e "${YELLOW}Duo is installed, it will need to be configured via guacamole.properties${NC}" fi -# restart tomcat -echo -e "${BLUE}Restarting tomcat service & enable at boot...${NC}" +# Restart Tomcat +echo -e "${BLUE}Restarting Tomcat service & enable at boot...${NC}" service ${TOMCAT} restart if [ $? -ne 0 ]; then - echo -e "${RED}Failed${NC}" + echo -e "${RED}Failed${NC}" 1>&2 exit 1 else echo -e "${GREEN}OK${NC}" @@ -461,12 +509,12 @@ fi systemctl enable ${TOMCAT} echo -if [ "$installMySQL" = true ]; then - # restart mysql +if [ "${installMySQL}" = true ]; then + # Restart MySQL service echo -e "${BLUE}Restarting MySQL service & enable at boot...${NC}" service mysql restart if [ $? -ne 0 ]; then - echo -e "${RED}Failed${NC}" + echo -e "${RED}Failed${NC}" 1>&2 exit 1 else echo -e "${GREEN}OK${NC}" @@ -474,26 +522,52 @@ if [ "$installMySQL" = true ]; then # Start at boot systemctl enable mysql echo + + # Default locations of MySQL config file + for x in /etc/mysql/mariadb.conf.d/50-server.cnf \ + /etc/mysql/mysql.conf.d/mysqld.cnf \ + /etc/mysql/my.cnf \ + ; do + # Check the path exists + if [ -e "${x}" ]; then + # Does it have the necessary section + if grep -q '^\[mysqld\]$' "${x}"; then + mysqlconfig="${x}" + # no point keep checking! + break + fi + fi + done + + if [ -z "${mysqlconfig}" ]; then + echo -e "${YELLOW}Couldn't detect MySQL config file - you may need to manually enter timezone settings${NC}" + else + # Is there already a value? + if grep -q "^default_time_zone[[:space:]]?=" "${mysqlconfig}"; then + echo -e "${YELLOW}Timezone already defined in ${mysqlconfig}${NC}" + else + timezone="$( cat /etc/timezone )" + if [ -z "${timezone}" ]; then + echo -e "${YELLOW}Couldn't find timezone, using UTC${NC}" + timezone="UTC" + fi + echo -e "${YELLOW}Setting timezone as ${timezone}${NC}" + # Fix for https://issues.apache.org/jira/browse/GUACAMOLE-760 + mysql_tzinfo_to_sql /usr/share/zoneinfo 2>/dev/null | mysql -u root -D mysql -h ${mysqlHost} -P ${mysqlPort} + crudini --set ${mysqlconfig} mysqld default_time_zone "${timezone}" + # Restart to apply + service mysql restart + echo + fi + fi fi - -# restart mysql -echo -e "${BLUE}Restarting mysql...${NC}" - -service mysql restart -if [ $? -ne 0 ]; then - echo -e "${RED}Failed${NC}" - exit 1 -else - echo -e "${GREEN}OK${NC}" -fi - -# Create $guacDb and grant $guacUser permissions to it +# Create ${guacDb} and grant ${guacUser} permissions to it # SQL code guacUserHost="localhost" -if [[ "$mysqlHost" != "localhost" ]]; then +if [[ "${mysqlHost}" != "localhost" ]]; then guacUserHost="%" echo -e "${YELLOW}MySQL Guacamole user is set to accept login from any host, please change this for security reasons if possible.${NC}" fi @@ -501,7 +575,7 @@ fi # Set MySQL password export MYSQL_PWD=${mysqlRootPwd} -# Check for $guacDb already being there +# Check for ${guacDb} already being there echo -e "${BLUE}Checking MySQL for existing database (${guacDb})${NC}" SQLCODE=" SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME='${guacDb}';" @@ -509,43 +583,44 @@ SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME='${guacDb} # Execute SQL code MYSQL_RESULT=$( echo ${SQLCODE} | mysql -u root -D information_schema -h ${mysqlHost} -P ${mysqlPort} ) if [[ $MYSQL_RESULT != "" ]]; then - echo -e "${RED}It appears there is already a MySQL database (${guacDb}) on ${mysqlHost}${NC}" - echo -e "${RED}Try: mysql -e 'drop database ${guacDb}'${NC}" - exit 1 + echo -e "${RED}It appears there is already a MySQL database (${guacDb}) on ${mysqlHost}${NC}" 1>&2 + echo -e "${RED}Try: mysql -e 'DROP DATABASE ${guacDb}'${NC}" 1>&2 + #exit 1 else echo -e "${GREEN}OK${NC}" fi -# Check for $guacUser already being there +# Check for ${guacUser} already being there echo -e "${BLUE}Checking MySQL for existing user (${guacUser})${NC}" SQLCODE=" SELECT COUNT(*) FROM mysql.user WHERE user = '${guacUser}';" # Execute SQL code -MYSQL_RESULT=$( echo ${SQLCODE} | mysql -u root -h ${mysqlHost} -P ${mysqlPort} | grep '0' ) +MYSQL_RESULT=$( echo ${SQLCODE} | mysql -u root -D mysql -h ${mysqlHost} -P ${mysqlPort} | grep '0' ) if [[ $MYSQL_RESULT == "" ]]; then - echo -e "${RED}It appears there is already a MySQL user (${guacUser}) on ${mysqlHost}${NC}" - echo -e "${RED}Try: mysql -e \"DROP USER '${guacUser}'@'${guacUserHost}';\"${NC}" - exit 1 + echo -e "${RED}It appears there is already a MySQL user (${guacUser}) on ${mysqlHost}${NC}" 1>&2 + echo -e "${RED}Try: mysql -e \"DROP USER '${guacUser}'@'${guacUserHost}'; FLUSH PRIVILEGES;\"${NC}" 1>&2 + #exit 1 else echo -e "${GREEN}OK${NC}" fi # Create database & user, then set permissions SQLCODE=" +DROP DATABASE IF EXISTS ${guacDb}; CREATE DATABASE IF NOT EXISTS ${guacDb}; -create user if not exists '${guacUser}'@'${guacUserHost}' identified by \"${guacPwd}\"; +CREATE USER IF NOT EXISTS '${guacUser}'@'${guacUserHost}' IDENTIFIED BY \"${guacPwd}\"; GRANT SELECT,INSERT,UPDATE,DELETE ON ${guacDb}.* TO '${guacUser}'@'${guacUserHost}'; -flush privileges;" +FLUSH PRIVILEGES;" # Execute SQL code -echo ${SQLCODE} | mysql -u root -h ${mysqlHost} -P ${mysqlPort} +echo ${SQLCODE} | mysql -u root -D mysql -h ${mysqlHost} -P ${mysqlPort} # Add Guacamole schema to newly created database echo -e "${BLUE}Adding database tables...${NC}" cat guacamole-auth-jdbc-${GUACVERSION}/mysql/schema/*.sql | mysql -u root -D ${guacDb} -h ${mysqlHost} -P ${mysqlPort} if [ $? -ne 0 ]; then - echo -e "${RED}Failed${NC}" + echo -e "${RED}Failed${NC}" 1>&2 exit 1 else echo -e "${GREEN}OK${NC}" @@ -553,7 +628,8 @@ fi echo # Ensure guacd is started -echo -e "${BLUE}Starting guacamole service & enable at boot...${NC}" +echo -e "${BLUE}Starting guacd service & enable at boot...${NC}" +service guacd stop 2>/dev/null service guacd start systemctl enable guacd echo @@ -568,6 +644,6 @@ echo # Done echo -e "${BLUE}Installation Complete\n- Visit: http://localhost:8080/guacamole/\n- Default login (username/password): guacadmin/guacadmin\n***Be sure to change the password***.${NC}" -if [ "$installDuo" = true ]; then +if [ "${installDuo}" = true ]; then echo -e "${YELLOW}\nDon't forget to configure Duo in guacamole.properties. You will not be able to login otherwise.\nhttps://guacamole.apache.org/doc/${GUACVERSION}/gug/duo-auth.html${NC}" fi