This is an automated email from the ASF dual-hosted git repository. jfthomps pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/vcl-site.git
commit 58eca739a0f24d3042541c98af2e485f9635641a Author: Josh Thompson <[email protected]> AuthorDate: Thu Mar 20 13:13:13 2025 -0400 docs/UpgradePreviousVersions/UpgradeFrom2.5.1to2.5.2.html docs/VCL252InstallGuide.html patches/patching-CVE-2024.html - initial add --- .../UpgradeFrom2.5.1to2.5.2.html | 245 +++++++ content/docs/VCL252InstallGuide.html | 806 +++++++++++++++++++++ content/patches/patching-CVE-2024.html | 129 ++++ 3 files changed, 1180 insertions(+) diff --git a/content/docs/UpgradePreviousVersions/UpgradeFrom2.5.1to2.5.2.html b/content/docs/UpgradePreviousVersions/UpgradeFrom2.5.1to2.5.2.html new file mode 100644 index 0000000..6a7502d --- /dev/null +++ b/content/docs/UpgradePreviousVersions/UpgradeFrom2.5.1to2.5.2.html @@ -0,0 +1,245 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd";> +<html> +<head> + + + <link href="/css/vcl.css" rel="stylesheet" type="text/css"> + <link href="/css/code.css" rel="stylesheet" type="text/css"> + <title>Apache VCL - Upgrade From 2.5 to 2.5.1</title> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> +</head> + +<body> + <div id="sitetitle"> + <table width="100%" border="0" cellspacing="0" cellpadding="5"> + <tr> + <td><a href="/index.html"><img src="/img/vcl-logo.png" height="100" align="left" alt="Apache VCL logo"></a></td> + <td><a href="http://www.apache.org";><img src="/img/asf-logo.png" align="right" alt="Apache Software Foundation logo"></a></td> + </tr> + </table> + </div> + + <div id="left-column"> + <div id="navigation"> + <ul> +<li><a href="/index.html">Information</a> +<ul> +<li><a href="/info/features.html">Features</a></li> +<li><a href="/info/architecture.html">Architecture</a></li> +<li><a href="/downloads/download.html">Download</a></li> +<li><a href="http://www.apache.org/licenses/";>License</a></li> +<li><a href="http://www.apache.org/security/";>Security</a></li> +</ul> +</li> +<li><a href="/docs/index.html">Documentation</a> +<ul> +<li><a href="https://cwiki.apache.org/confluence/x/yQdG";>Using VCL</a></li> +<li><a href="https://cwiki.apache.org/confluence/x/ywdG";>Administration</a></li> +<li><a href="/docs/installation.html">Installation</a></li> +</ul> +</li> +<li><a href="https://cwiki.apache.org/confluence/display/VCL/Apache+VCL"; target="_blank">Confluence Wiki</a> + <ul> + <li></li> + </ul> +</li> +<li><a href="https://issues.apache.org/jira/browse/VCL"; target="_blank">Jira Issue Tracking</a> + <ul> + <li></li> + </ul> +</li> +<li><a href="/comm/index.html">Community</a> +<ul> +<li><a href="/comm/index.html#getInvolved">Getting Involved</a></li> +<li><a href="/comm/index.html#mail-list">Mailing Lists</a></li> +<li><a href="/dev/index.html">Development</a> +<ul> +<li><a href="/dev/code-documentation.html">Code Documentation</a></li> +<li><a href="/dev/roadmap.html">Roadmap</a></li> +</ul> +</li> +</ul> +</li> +<li><a href="http://www.apache.org";>Apache Software Foundation</a> +<ul> +<li><a href="http://www.apache.org/foundation/thanks.html";>Thanks</a></li> +<li><a href="http://www.apache.org/foundation/sponsorship.html";>Sponsorship</a></li> +</ul> +</li> +</ul> + </div> + <div id="current-event"> + <a href="https://www.apache.org/events/current-event.html";> + <img src="https://www.apache.org/events/current-event-125x125.png"; alt="Apache current event" /> + </a> + </div> + </div> + + <div id="content"> + <h1 class="title">Upgrade From 2.5.1 to 2.5.2</h1> + + <h1 id="scripted-upgrade">Scripted Upgrade</h1> +<p>VCL 2.5.2 includes an upgrade script. All you need to +upgrade VCL is the script. It will download and validate the VCL software and +then upgrade your system. The script can be used to upgrade all three parts of +VCL (database, web portal, and management node) or to upgrade each part +individually. It works for upgrading from any previous version of Apache VCL.</p> +<p><a href="https://www.apache.org/dist/vcl/2.5.2/vcl-upgrade.sh";>Download Upgrade Script (vcl-upgrade.sh)</a></p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">wget https://www.apache.org/dist/vcl/2.5.2/vcl-upgrade.sh.sha512 +sha512sum -c vcl-upgrade.sh.sha512 +wget https://www.apache.org/dist/vcl/KEYS +gpg --import KEYS +wget https://www.apache.org/dist/vcl/2.5.2/vcl-upgrade.sh.asc +gpg --verify vcl-upgrade.sh.asc +</code></pre></div><p>Running the upgrade script with no arguments will step you through upgrading +all three parts of VCL. Alternatively, the following explains optional +arguments. If upgrading the management node part of VCL, it will also prompt +you to agree to the installation of various system level requirements needed +for the code to run.</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">vcl-upgrade.sh <span style="color:#666">[</span>-h|--help<span style="color:#666">]</span> <span style="color:#666">[</span>-d|--database<span style="color:#666">]</span> <span style="color:#666">[</span>-w|--web<span style="color:#666">]</span> <span style="color:#666">[</span>-m|--managementnode<span style="color:#666">]</span> + <span style="color:#666">[</span>--dbhost <hostname><span style="color:#666">]</span> <span style="color:#666">[</span>--dbadminuser <username><span style="color:#666">]</span> + <span style="color:#666">[</span>--dbadminpass <password><span style="color:#666">]</span> + +-d|--database - upgrade database components + --dbhost may optionally be specified <span style="color:#a2f;font-weight:bold">if</span> not localhost + +-w|--web - upgrade web server components + +-m|--managementnode - upgrade management node <span style="color:#666">(</span>vcld<span style="color:#666">)</span> components + +--dbhost <hostname> - hostname of database server <span style="color:#666">(</span><span style="color:#b8860b">default</span><span style="color:#666">=</span>localhost<span style="color:#666">)</span> + +--dbname <name> - name of VCL database on database server <span style="color:#666">(</span><span style="color:#b8860b">default</span><span style="color:#666">=</span>vcl<span style="color:#666">)</span> + +--dbadminuser <username> - admin username <span style="color:#a2f;font-weight:bold">for</span> database; must have access + to modify database schema and dump data <span style="color:#a2f;font-weight:bold">for</span> backup <span style="color:#666">(</span><span style="color:#b8860b">default</span><span style="color:#666">=</span>root<span style="color:#666">)</span> + +--dbadminpass <password> - password <span style="color:#a2f;font-weight:bold">for</span> dbadminuser <span style="color:#666">(</span><span style="color:#b8860b">default</span><span style="color:#666">=</span><span style="color:#666">[</span>no password<span style="color:#666">]</span><span style="color:#666">)</span> +</code></pre></div><hr> +<h1 id="manual-upgrade-instructions">Manual Upgrade Instructions</h1> +<p>These instructions explain how to upgrade from VCL 2.5.1 to VCL 2.5.2. Please note +it only applies for the upgrade from 2.5.1 to 2.5.2, this may or may not work for other +versions.</p> +<p><strong>The basic steps that will be performed</strong></p> +<ul> +<li>Download and Extract 2.5.2 code</li> +<li>Shutdown httpd and vcld services</li> +<li>Create backup of vcl database</li> +<li>(No database changes were made from 2.5.1 to 2.5.2. So, there is no database upgrade.)</li> +<li>Update web code, create a backup, copy in new, make changes</li> +<li>Restart httpd service</li> +<li>Update management node VCL code, create a backup, copy in new, make changes</li> +<li>Restart vcld service</li> +</ul> +<h3 id="upgrade-steps">Upgrade steps</h3> +<ol> +<li> +<p>follow instructions on the <a href="http://vcl.apache.org/downloads/download.html";>VCL download</a> +page to download and verify apache-VCL-2.5.2.tar.bz2 and put in in /root</p> +</li> +<li> +<p><strong>extract VCL 2.5.2 code</strong></p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">tar xf apache-VCL-2.5.2.tar.bz2 +</code></pre></div></li> +<li> +<p><strong>Shutdown</strong> the httpd and vcld services</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">service httpd stop +service vcld stop +</code></pre></div></li> +<li> +<p>create a <strong>backup</strong> of the VCL database. This will provide a restore point if +necessary.</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">mysqldump vcl > ~/vcl-pre2.5.2-upgrade.sql +</code></pre></div></li> +<li> +<p><strong>Possibly move old web code</strong>. If /var/www/html/vcl <strong>is a directory</strong>, rename it to +/var/www/html/vcl-2.5.1. These instructions assume that you installed the +VCL web code at /var/www/html/vcl. If you installed it elsewhere, replace +/var/www/html/vcl with your vcl web root.</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">mv /var/www/html/vcl /var/www/html/vcl-2.5.1 +</code></pre></div></li> +<li> +<p><strong>Disable access</strong> to the old web code</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash"><span style="color:#a2f">echo</span> <span style="color:#b44">"Require all denied"</span> > /var/www/html/vcl-2.5.1/.htaccess +</code></pre></div></li> +<li> +<p><strong>Copy the new code</strong> in place</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">cp -ar /root/apache-VCL-2.5.2/web /var/www/html/vcl-2.5.2 +ln -sfn /var/www/html/vcl-2.5.2 /var/www/html/vcl +</code></pre></div></li> +<li> +<p><strong>Copy your 2.5.1 config files</strong></p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash"><span style="color:#a2f">cd</span> /var/www/html/vcl-2.5.1/.ht-inc +cp conf.php secrets.php pubkey.pem keys.pem /var/www/html/vcl/.ht-inc/ +cp cryptkey/cryptkeyid cryptkey/private.pem /var/www/html/vcl/.ht-inc/cryptkey/ +</code></pre></div></li> +<li> +<p><strong>Set SELinux context</strong> If you are using SELinux, set the correct context:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">chcon -R -t httpd_sys_content_t /var/www/html/vcl-2.5.2 +chcon -t httpd_sys_rw_content_t /var/www/html/vcl-2.5.2/.ht-inc/maintenance +chcon -R -t httpd_sys_rw_content_t /var/www/html/vcl-2.5.2/.ht-inc/cryptkey +</code></pre></div></li> +<li> +<p><strong>Make the maintenance and cryptkey directories writable</strong> by the web server user. Normally this is +the apache user, if using a different user change below command accordingly.</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">chown apache /var/www/html/vcl/.ht-inc/maintenance +chown apache /var/www/html/vcl/.ht-inc/cryptkey +</code></pre></div></li> +<li> +<p><strong>Start httpd service</strong></p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">service httpd start +</code></pre></div></li> +<li> +<p><strong>Check testsetup.php</strong> Check that everything is correct by viewing the testsetup.php +script in your browser. This script is located in the same directory as the index.php script. +I.e.</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">https://your.site.url/vcl/testsetup.php +</code></pre></div></li> +<li> +<p><strong>Copy old management node code</strong> If /usr/local/vcl is a directory, copy it to +/usr/local/vcl-2.5.1, rename /usr/local/vcl to /usr/local/vcl-2.5.2, and create a symlink. +If /usr/local/vcl is a symlink to vcl-2.5.1, copy /usr/local/vcl-2.5.1 to /usr/local/vcl-2.5.2 +and update the symlink.</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash"><span style="color:#080;font-style:italic"># (for directory)</span> +cp -ar /usr/local/vcl /usr/local/vcl-2.5.1 +mv /usr/local/vcl /usr/local/vcl-2.5.2 +ln -s /usr/local/vcl-2.5.2 /usr/local/vcl +</code></pre></div><div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash"><span style="color:#080;font-style:italic"># (for symlink)</span> +cp -ar /usr/local/vcl-2.5.1 /usr/local/vcl-2.5.2 +ln -sfn /usr/local/vcl-2.5.2 /usr/local/vcl +</code></pre></div></li> +<li> +<p><strong>Copy new code in place</strong> Copy the new management node code over the old code:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/bin/cp -ar /root/apache-VCL-2.5.2/managementnode/* /usr/local/vcl-2.5.2 +</code></pre></div></li> +<li> +<p><strong>Run install_perl_libs.pl</strong> to add any new perl library requirements:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/usr/local/vcl/bin/install_perl_libs.pl +</code></pre></div></li> +<li> +<p><strong>Start vcld service</strong></p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">service vcld start +</code></pre></div></li> +<li> +<p>Make some <strong>test reservations</strong> and watch the vcld.log to verify everything is working +correctly.</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">tail -f /var/log/vcld.log +</code></pre></div></li> +</ol> + + + </div> + + <div id="footer"> + <div class="copyright"> + <p> + Copyright © 2025 The Apache Software Foundation, Licensed under + the <a href="http://www.apache.org/licenses/LICENSE-2.0";>Apache License, Version 2.0</a>. + <br /> + Apache and the Apache feather logo are trademarks of The Apache Software Foundation. + </p> + </div> + </div> + +</body> +</html> diff --git a/content/docs/VCL252InstallGuide.html b/content/docs/VCL252InstallGuide.html new file mode 100644 index 0000000..77a7ef4 --- /dev/null +++ b/content/docs/VCL252InstallGuide.html @@ -0,0 +1,806 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd";> +<html> +<head> + + + <link href="/css/vcl.css" rel="stylesheet" type="text/css"> + <link href="/css/code.css" rel="stylesheet" type="text/css"> + <title>Apache VCL - VCL 2.5.2 Installation Guide</title> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> +</head> + +<body> + <div id="sitetitle"> + <table width="100%" border="0" cellspacing="0" cellpadding="5"> + <tr> + <td><a href="/index.html"><img src="/img/vcl-logo.png" height="100" align="left" alt="Apache VCL logo"></a></td> + <td><a href="http://www.apache.org";><img src="/img/asf-logo.png" align="right" alt="Apache Software Foundation logo"></a></td> + </tr> + </table> + </div> + + <div id="left-column"> + <div id="navigation"> + <ul> +<li><a href="/index.html">Information</a> +<ul> +<li><a href="/info/features.html">Features</a></li> +<li><a href="/info/architecture.html">Architecture</a></li> +<li><a href="/downloads/download.html">Download</a></li> +<li><a href="http://www.apache.org/licenses/";>License</a></li> +<li><a href="http://www.apache.org/security/";>Security</a></li> +</ul> +</li> +<li><a href="/docs/index.html">Documentation</a> +<ul> +<li><a href="https://cwiki.apache.org/confluence/x/yQdG";>Using VCL</a></li> +<li><a href="https://cwiki.apache.org/confluence/x/ywdG";>Administration</a></li> +<li><a href="/docs/installation.html">Installation</a></li> +</ul> +</li> +<li><a href="https://cwiki.apache.org/confluence/display/VCL/Apache+VCL"; target="_blank">Confluence Wiki</a> + <ul> + <li></li> + </ul> +</li> +<li><a href="https://issues.apache.org/jira/browse/VCL"; target="_blank">Jira Issue Tracking</a> + <ul> + <li></li> + </ul> +</li> +<li><a href="/comm/index.html">Community</a> +<ul> +<li><a href="/comm/index.html#getInvolved">Getting Involved</a></li> +<li><a href="/comm/index.html#mail-list">Mailing Lists</a></li> +<li><a href="/dev/index.html">Development</a> +<ul> +<li><a href="/dev/code-documentation.html">Code Documentation</a></li> +<li><a href="/dev/roadmap.html">Roadmap</a></li> +</ul> +</li> +</ul> +</li> +<li><a href="http://www.apache.org";>Apache Software Foundation</a> +<ul> +<li><a href="http://www.apache.org/foundation/thanks.html";>Thanks</a></li> +<li><a href="http://www.apache.org/foundation/sponsorship.html";>Sponsorship</a></li> +</ul> +</li> +</ul> + </div> + <div id="current-event"> + <a href="https://www.apache.org/events/current-event.html";> + <img src="https://www.apache.org/events/current-event-125x125.png"; alt="Apache current event" /> + </a> + </div> + </div> + + <div id="content"> + <h1 class="title">VCL 2.5.2 Installation Guide</h1> + + <h1 id="scripted-installation">Scripted Installation</h1> +<p>VCL 2.5.2 can be installed using an installation script. All you need to install +VCL is the script. It will download and validate the VCL software and then install it. +The script can be used to install all three parts of VCL (database, web portal, and +management node) or to install each part individually.</p> +<p><a href="https://www.apache.org/dist/vcl/2.5.2/vcl-install.sh";>Download Install Script (vcl-install.sh)</a></p> +<p>Validate script:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">wget https://www.apache.org/dist/vcl/2.5.2/vcl-install.sh.sha512 +sha512sum -c vcl-install.sh.sha512 +wget https://www.apache.org/dist/vcl/KEYS +gpg --import KEYS +wget https://www.apache.org/dist/vcl/2.5.2/vcl-install.sh.asc +gpg --verify vcl-install.sh.asc +</code></pre></div> +<p>Running the installation script with no arguments will step you through installing all +three parts of VCL. Alternatively, the following explains optional arguments. If +installing the management node part of VCL, it will also prompt you to agree to the +installation of various system level requirements needed for the code to run.</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">vcl-install.sh <span style="color:#666">[</span>-h|--help<span style="color:#666">]</span> <span style="color:#666">[</span>-d|--database<span style="color:#666">]</span> <span style="color:#666">[</span>-w|--web<span style="color:#666">]</span> <span style="color:#666">[</span>-m|--managementnode<span style="color:#666">]</span> + <span style="color:#666">[</span>--dbhost <hostname> --dbpass <password><span style="color:#666">]</span> + <span style="color:#666">[</span>--mnhost <hostname><span style="color:#666">]</span> <span style="color:#666">[</span>--webhost <hostname><span style="color:#666">]</span> + <span style="color:#666">[</span>-t|--timezone <timezone><span style="color:#666">]</span> + +-d|--database - install database server components + --dbpass, --mnhost, --mnip, --webhost, and --adminpass must also be specified + +-w|--web - install web server components + --dbhost, --dbpass, and -t|--timezone must also be specified + +-m|--managementnode - install management node <span style="color:#666">(</span>vcld<span style="color:#666">)</span> components + --dbhost, --dbpass, and --adminpass must also be specified + +--dbhost <hostname> - hostname of database server <span style="color:#666">(</span><span style="color:#b8860b">default</span><span style="color:#666">=</span>localhost<span style="color:#666">)</span> + +--dbpass <password> - password VCL will use <span style="color:#a2f;font-weight:bold">for</span> accessing + database <span style="color:#666">(</span><span style="color:#b8860b">default</span><span style="color:#666">=</span>random<span style="color:#666">)</span> + +--mnhost <hostname> - hostname of management node <span style="color:#666">(</span><span style="color:#b8860b">default</span><span style="color:#666">=</span>localhost<span style="color:#666">)</span> + +--webhost <hostname> - hostname of web server <span style="color:#666">(</span><span style="color:#b8860b">default</span><span style="color:#666">=</span>localhost<span style="color:#666">)</span> + +--adminpass <password> - password <span style="color:#a2f;font-weight:bold">for</span> VCL admin user + +-t|--timezone - timezone <span style="color:#a2f;font-weight:bold">for</span> web components +</code></pre></div><h1 id="manual-installation">Manual Installation</h1> +<p>This section provides a list of commands for installing VCL if you prefer to manually +install it.</p> +<p><a href="#database">Database Installation</a><br> +<a href="#web">Web Portal Installation</a><br> +<a href="#managementnode">Management Node Installation</a></p> +<h2 id="database">Install and Configure Database</h2> +<p>VCL currently supports the use of MySQL or MariaDB as the database.</p> +<ol> +<li> +<p>Download and Extract the Apache VCL Source</p> +<ul> +<li> +<p>If you have not already done so, follow the instructions on the <a href="/downloads/download.html">download</a> +page to download and verify apache-VCL-2.5.2.tar.bz2, and put it in /root</p> +</li> +<li> +<p>Extract the files:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">tar -jxvf apache-VCL-2.5.2.tar.bz2 +</code></pre></div></li> +</ul> +</li> +<li> +<p>Install MySQL Server or MariaDB Server</p> +<ul> +<li> +<p>Install MySQL or MariaDB Server</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">yum install mysql-server -y +</code></pre></div><p>or</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">yum install mariadb-server -y +</code></pre></div></li> +<li> +<p>Configure the database daemon to start automatically:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/sbin/chkconfig --level <span style="color:#666">345</span> mysqld on +</code></pre></div><p>or</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/sbin/chkconfig --level <span style="color:#666">345</span> mariadb on +</code></pre></div></li> +<li> +<p>Start the database daemon:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/sbin/service mysqld start +</code></pre></div><p>or</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/sbin/service mariadb start +</code></pre></div></li> +<li> +<p>If the iptables firewall is being used and the web server and management nodes +will be on different machines, port 3306 should be opened up to each of those nodes. +Add the following to your iptables config and restart iptables service.</p> +<p><strong>Note:</strong> Insert your web server and management node IP address in the right locations.</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">vi /etc/sysconfig/iptables +</code></pre></div><ul> +<li> +<p>Add these rules:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-text" data-lang="text">-A INPUT -m state --state NEW -s <web server IP> -p tcp --dport 3306 -j ACCEPT +-A INPUT -m state --state NEW -s <management node IP> -p tcp --dport 3306 -j ACCEPT +</code></pre></div></li> +<li> +<p>Restart iptables:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">service iptables restart +</code></pre></div></li> +</ul> +</li> +<li> +<p>If the firewalld firewall is being used and the web server and management nodes +will be on different machines, port 3306 should be opened up to each of those nodes. +Add the following rules and reload the rule set.</p> +<p><strong>Note:</strong> Insert your web server and management node IP address in the right locations.</p> +<ul> +<li> +<p>Add these rules:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">firewall-cmd --zone<span style="color:#666">=</span>public --permanent --add-rich-rule<span style="color:#666">=</span><span style="color:#b44">"rule family="</span>ipv4<span style="color:#b44">" source address="</span><web server IP><span style="color:#b44">" service name="</span>mysql<span style="color:#b44"> [...] +firewall-cmd --zone<span style="color:#666">=</span>public --permanent --add-rich-rule<span style="color:#666">=</span><span style="color:#b44">"rule family="</span>ipv4<span style="color:#b44">" source address="</span><management node IP><span style="color:#b44">" service name="</span>mysql<span style="color:#b44">" accept"</span> +</code></pre></div></li> +<li> +<p>Restart iptables:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">firewall-cmd --reload +</code></pre></div></li> +</ul> +</li> +</ul> +</li> +<li> +<p>Create the VCL Database</p> +<ul> +<li> +<p>Run the MySQL command-line client:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">mysql +</code></pre></div></li> +<li> +<p>Create a database:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-sql" data-lang="sql"><span style="color:#a2f;font-weight:bold">CREATE</span> <span style="color:#a2f;font-weight:bold">DATABASE</span> vcl; +</code></pre></div></li> +<li> +<p>Create a user with SELECT, INSERT, UPDATE, DELETE, and CREATE TEMPORARY TABLES +privileges on the database you just created (<strong>NOTE Use your own password</strong>):</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-sql" data-lang="sql"><span style="color:#a2f;font-weight:bold">GRANT</span> <span style="color:#a2f;font-weight:bold">SELECT</span>,<span style="color:#a2f;font-weight:bold">INSERT</span>,<span style="color:#a2f;font-weight:bold">UPDATE</span>,<span style="color:#a2f;font-weight:bold">DELETE</span>,<span style="color:#a2f;font-weight:bold">CREATE</span> <span style= [...] +</code></pre></div></li> +<li> +<p>Exit the MySQL command-line client</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash"><span style="color:#a2f">exit</span> +</code></pre></div></li> +<li> +<p>Import the vcl.sql file into the database. The <strong>vcl.sql</strong> file is included in the +<strong>mysql</strong> directory within the Apache VCL source code</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">mysql vcl < apache-VCL-2.5.2/mysql/vcl.sql +</code></pre></div></li> +</ul> +</li> +</ol> +<hr> +<h2 id="web">Install and Configure the Web Components</h2> +<p><strong>Prerequisites</strong></p> +<ul> +<li>Apache VCL 2.5.2 has been downloaded</li> +<li>VCL database has been installed and configured</li> +</ul> +<p><strong>Web Server:</strong></p> +<ul> +<li>Apache HTTP Server v2.x with SSL enabled</li> +<li>PHP 5.x or 7.x</li> +</ul> +<p><strong>Required Linux Packages:</strong></p> +<ul> +<li>httpd - Apache HTTP Server</li> +<li>mod_ssl - SSL/TLS module for the Apache HTTP server</li> +<li>php - The PHP HTML-embedded scripting language</li> +</ul> +<p><strong>Required PHP Modules:</strong></p> +<ul> +<li>php</li> +<li>php-gettext</li> +<li>php-json (required if your PHP version is 5.2 or later)</li> +<li>php-ldap (if you will be using LDAP authentication)</li> +<li>php-mysql</li> +<li>php-openssl</li> +<li>php-xml</li> +<li>php-xmlrpc</li> +</ul> +<hr> +<ol> +<li> +<p><strong>Install the Required Linux Packages & PHP Modules</strong></p> +<ul> +<li> +<p>If your web server is running a Red Hat-based OS, the required components can be installed with:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">yum install httpd mod_ssl php php-mysql php-xml php-xmlrpc php-ldap -y +</code></pre></div></li> +<li> +<p>Configure the web server daemon (httpd) to start automatically:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/sbin/chkconfig --level <span style="color:#666">345</span> httpd on +</code></pre></div></li> +<li> +<p>Start the web server daemon</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/sbin/service httpd start +</code></pre></div></li> +<li> +<p>If SELinux is enabled, run the following command to allow the web server to connect to the database:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/usr/sbin/setsebool -P <span style="color:#b8860b">httpd_can_network_connect</span><span style="color:#666">=</span><span style="color:#666">1</span> +</code></pre></div></li> +<li> +<p>If the iptables firewall is being used, port 80 and 443 should be opened up in the iptables +config file:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">vi /etc/sysconfig/iptables +</code></pre></div><ul> +<li> +<p>Add these rules:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-text" data-lang="text">-A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT +-A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT +</code></pre></div></li> +<li> +<p>Restart iptables</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">service iptables restart +</code></pre></div></li> +</ul> +</li> +<li> +<p>If the firewalld firewall is being used, port 80 and 443 should be opened up:</p> +<ul> +<li> +<p>Add these rules:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">firewall-cmd --zone<span style="color:#666">=</span>public --add-service<span style="color:#666">=</span>http --permanent +firewall-cmd --zone<span style="color:#666">=</span>public --add-service<span style="color:#666">=</span>https --permanent +</code></pre></div></li> +<li> +<p>Reload firewalld rules</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">firewall-cmd --reload +</code></pre></div></li> +</ul> +</li> +</ul> +</li> +<li> +<p><strong>Install the VCL Frontend Web Code</strong></p> +<ul> +<li> +<p>If you have not already done so, follow the instructions on the <a href="/downloads/download.html">download</a> +page to download and verify apache-VCL-2.5.2.tar.bz2, and put it in /root</p> +</li> +<li> +<p>Extract the files:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">tar -jxvf apache-VCL-2.5.2.tar.bz2 +</code></pre></div></li> +<li> +<p>Copy the <strong>web</strong> directory to a location under the web root of your web server and +navigate to the destination <strong>.ht-inc</strong> subdirectory:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">cp -ar apache-VCL-2.5.2/web/ /var/www/html/vcl-2.5.2 +ln -s /var/www/html/vcl-2.5.2 /var/www/html/vcl +<span style="color:#a2f">cd</span> /var/www/html/vcl/.ht-inc +</code></pre></div></li> +<li> +<p>If SELinux is enabled, run the following command to set the context of the web code to httpd_sys_content_t</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">chcon -R -t httpd_sys_content_t /var/www/html/vcl-2.5.2 +</code></pre></div></li> +<li> +<p>Copy secrets-default.php to secrets.php:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">cp secrets-default.php secrets.php +</code></pre></div></li> +<li> +<p>Edit the secrets.php file:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">vi secrets.php +</code></pre></div><ul> +<li>Set the following variables to match your database configuration: +<ul> +<li>$vclhost</li> +<li>$vcldb</li> +<li>$vclusername</li> +<li>$vclpassword</li> +</ul> +</li> +<li>Create random passwords for the following variables: +<ul> +<li>$cryptkey (generate with “openssl rand 32 | base64”)</li> +<li>$pemkey</li> +</ul> +</li> +<li>Save the secrets.php file</li> +</ul> +</li> +<li> +<p>Run the genkeys.sh</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">./genkeys.sh +</code></pre></div></li> +<li> +<p>Copy conf-default.php to conf.php:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">cp conf-default.php conf.php +</code></pre></div></li> +<li> +<p>Modify conf.php to match your site</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">vi conf.php +</code></pre></div><ul> +<li>Review every entry under “Things in this section must be modified/reviewed”. +Descriptions and pointers for each value are included within conf.php.</li> +</ul> +</li> +<li> +<p>Set the owner of the .ht-inc/maintenance and .ht-inc/cryptkey directories to the web server user (normally ‘apache’):</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">chown apache maintenance +chown apache cryptkey +</code></pre></div></li> +<li> +<p>If SELinux is enabled, run the following command to allow the web server to write to maintenance and cryptkey</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">chcon -t httpd_sys_rw_content_t maintenance +chcon -t httpd_sys_rw_content_t cryptkey +</code></pre></div></li> +<li> +<p>Open the testsetup.php page in a web browser:</p> +<ul> +<li>If you set up your site to be <a href="https://my.server.org/vcl/";>https://my.server.org/vcl/</a> open <a href="https://my.server.org/vcl/testsetup.php";>https://my.server.org/vcl/testsetup.php</a></li> +<li>Debug any issues reported by testsetup.php</li> +</ul> +</li> +</ul> +</li> +<li> +<p><strong>Log In to the VCL Website</strong></p> +<ul> +<li> +<p>Open the index.php page in your browser (<a href="https://my.server.org/vcl/index.php";>https://my.server.org/vcl/index.php</a>)</p> +<ul> +<li>Select Local Account</li> +<li>Username: admin</li> +<li>Password: adminVc1passw0rd</li> +</ul> +</li> +<li> +<p>Set the admin user password (<strong>DO NOT skip this step</strong>):</p> +<ul> +<li>Click User Preferences</li> +<li>Enter the current password: adminVc1passw0rd</li> +<li>Enter a new password</li> +<li>Click Submit Changes</li> +</ul> +</li> +</ul> +</li> +<li> +<p><strong>Add a Management Node to the Database</strong></p> +<ul> +<li>Click the Manage->Management Nodes link +<ul> +<li>Select Edit Management Node Profiles</li> +<li>Click Submit</li> +<li>Click Add New Management Node</li> +<li>Fill in these required fields: +<ul> +<li>Hostname - The name of the management node server. This value doesn’t +necessarily need to be a name registered in DNS nor does it need to be the value +displayed by the Linux hostname command. For example, if you are installing all of the +VCL components on the same machine you can set this value to localhost.</li> +<li>IP address - the public IP address of the management node</li> +<li>SysAdmin Email Address - error emails will be sent to this address</li> +<li>Install Path - this is the parent directory under which image files will be +stored - only required if doing bare metal installs or using VMWare with local disks</li> +<li>End Node SSH Identity Key Files - enter /etc/vcl/vcl.key unless you know +you are using a different SSH identity key file</li> +</ul> +</li> +<li>Optionally, fill in these fields: +<ul> +<li>Address for Shadow Emails - End users are sent various emails about the +status of their reservations. If this field is configured, copies of all of those emails +will be sent to this address.</li> +<li>Public NIC configuration method - this defaults to Dynamic DHCP - if DHCP +is not available for the public interface of your nodes, you can set this to Static. +Then, the IP configuration on the nodes will be manually set using Public Netmask, +Public Gateway, Public DNS Server, and the IP address set for the computer under Manage +Computers</li> +</ul> +</li> +<li>Click Add Management Node</li> +<li>A dialog will pop up informing you to add the management node to a group, +read it and click Close</li> +<li>select the allManagementNodes group on the right</li> +<li>click <-Add</li> +<li>click Close</li> +</ul> +</li> +</ul> +</li> +<li> +<p><strong>Install & Configure phpMyAdmin (Optional):</strong> +<a href="http://www.phpmyadmin.net/";>phpMyAdmin</a> is a free and optional tool which allows <a href="http://www.mysql.com/";>MySQL</a> to be administered +using a web browser. It makes administering the VCL database easier. This tool can be +installed on the VCL web server. +To install phpMyAdmin, follow the instructions on: <a href="installphpmyadmin.html">phpMyAdmin Installation & +Configuration</a></p> +</li> +</ol> +<hr> +<h2 id="managementnode">Install & Configure the Management Node Components</h2> +<p><strong>Prerequisites</strong> +The following management node installation instructions assume the instructions in these +previous sections have been completed:</p> +<ul> +<li>VCL 2.5.2 Database Installation</li> +<li>VCL 2.5.2 Web Code Installation</li> +</ul> +<p><strong>Supported Operating Systems:</strong></p> +<p>The VCL management node daemon (vcld) has been developed to run on an operating system +based on Red Hat Enterprise Linux (RHEL). It has been tested on the following:</p> +<ul> +<li>Red Hat Enterprise Linux 6.x</li> +<li>Red Hat Enterprise Linux 7.x</li> +<li>CentOS 6.x</li> +<li>CentOS 7.x</li> +</ul> +<p><strong>Required Linux Packages:</strong></p> +<p>The VCL management node daemon (vcld) requires the following Linux packages and Perl +modules in order to run (see step 2 below for installation instructions).</p> +<ul> +<li>expat-devel - Libraries and include files to develop XML applications with expat</li> +<li>gcc - Various compilers (C, C++, Objective-C, Java, …)</li> +<li>krb5-devel - Development files needed to compile Kerberos 5 programs</li> +<li>krb5-libs - The shared libraries used by Kerberos 5</li> +<li>libxml2-devel - Libraries, includes, etc. to develop XML and HTML applications</li> +<li>make - GNU make utility to maintain groups of programs</li> +<li>mysql/mariadb - Includes libraries for connecting to mysql/mariadb</li> +<li>nmap - Network exploration tool and security scanner</li> +<li>openssh - The OpenSSH implementation of SSH protocol versions 1 and 2</li> +<li>openssl-devel - Files for development of applications which will use OpenSSL</li> +<li>perl - The Perl programming language</li> +<li>xmlsec1-openssl - OpenSSL crypto plugin for XML Security Library</li> +</ul> +<p><strong>Required Perl Modules:</strong></p> +<p>The VCL management node daemon (vcld) is written in Perl and has been tested on Perl +5.10 and 5.16. The following Perl modules available from CPAN are also required (see step 2 +below for installation instructions):</p> +<ul> +<li>Crypt::CBC - implementation of the cryptographic cipher block chaining mode</li> +<li>Crypt::OpenSSL::RSA - RSA encoding and decoding, using the openSSL libraries</li> +<li>Crypt::Rijndael - Crypt::CBC compliant Rijndael encryption module</li> +<li>DBD::MySQL - MySQL driver for the Perl5 Database Interface (DBI)</li> +<li>DBI - Generic Database Interface</li> +<li>Digest::SHA1 - NIST SHA message digest algorithm</li> +<li>Exception::Class::Base - base class for exception objects</li> +<li>Frontier::Client - issue Frontier XML RPC requests to a server</li> +<li>HTTP::Headers - class encapsulating HTTP Message headers</li> +<li>IO::String - emulate file interface for in-core strings</li> +<li>JSON - JavaScript Object Notation</li> +<li>LWP::UserAgent - class implementing a web user agent</li> +<li>Mail::Mailer - Simple mail agent interface</li> +<li>Net::Jabber - Jabber perl library</li> +<li>Net::Netmask - parse, manipulate and lookup IP network blocks</li> +<li>Net::Ping::External - Cross-platform Perl interface to “ping” utilities</li> +<li>Net::SSH::Expect - a wrapper to the ssh executable that is available in system’s PATH</li> +<li>Object::InsideOut - Comprehensive inside-out object support</li> +<li>RPC::XML::Client - XML-RPC client class</li> +<li>Text::CSV_XS - comma-separated values manipulation routines</li> +<li>XML::Simple - API for simple XML files</li> +<li>YAML - YAML Ain’t Markup Language</li> +</ul> +<hr> +<ol> +<li> +<p><strong>Install the VCL Management Node Code - Perl Daemon</strong></p> +<ul> +<li> +<p>If you have not already done so, follow the instructions on the +<a href="/downloads/download.html">download</a> page to download and verify +apache-VCL-2.5.2.tar.bz2, and put it in /root</p> +</li> +<li> +<p>Extract the files:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">tar -jxvf apache-VCL-2.5.2.tar.bz2 +</code></pre></div></li> +<li> +<p>Copy the managementnode directory to the location where you want it to reside +(typically /usr/local):</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">cp -ar apache-VCL-2.5.2/managementnode /usr/local/vcl-2.5.2 +ln -s /usr/local/vcl-2.5.2 /usr/local/vcl +</code></pre></div></li> +</ul> +</li> +<li> +<p><strong>Install the Required Linux Packages & Perl Modules</strong></p> +<ul> +<li> +<p>Run the install_perl_libs.pl script located in the bin directory:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">perl /usr/local/vcl/bin/install_perl_libs.pl +</code></pre></div></li> +</ul> +<p>The last line of the install_perl_libs.pl script output should be:</p> +<p><em>COMPLETE: installed all components</em></p> +<p>Note: The script will hang or terminate if it encounters a problem. If this occurs, +you will need to troubleshoot the problem by looking at the output.</p> +<p>The install_perl_libs.pl script included in the VCL distribution will attempt to +download and install the required Linux packages and Perl modules. It uses the yum +utility to install the required Linux packages. The required Perl modules are available +from CPAN - The Comprehensive Perl Archive Network. The install_perl_libs.pl script +attempts to download and install the required Perl modules by using the CPAN.pm module +which is included with most Perl distributions.</p> +<p>The yum utility should exist on any modern Red Hat-based Linux distribution (Red +Hat, CentOS, Fedora, etc). If yum isn’t available on your management node OS, you will +need to download and install the required Linux packages manually or by using another +package management utility. After installing the required Linux packages, attempt to +run the install_perl_libs.pl script again.</p> +</li> +<li> +<p><strong>Configure vcld.conf</strong></p> +<ul> +<li> +<p>Create the /etc/vcl directory:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">mkdir /etc/vcl +</code></pre></div></li> +<li> +<p>Copy the stock vcld.conf file to /etc/vcl:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">cp /usr/local/vcl/etc/vcl/vcld.conf /etc/vcl +</code></pre></div></li> +<li> +<p>Edit /etc/vcl/vcld.conf:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">vi /etc/vcl/vcld.conf +</code></pre></div><p>The following lines must be configured in order to start the VCL daemon (vcld) +and allow it to check in to the database:</p> +<ul> +<li>FQDN - the fully qualified name of the management node, this should match the +name that was configured for the management node in the database</li> +<li>server - the IP address or FQDN of the database server</li> +<li>LockerWrtUser - database user account with write privileges</li> +<li>wrtPass - database user password</li> +<li>xmlrpc_pass - password for xmlrpc api from vcld to the web interface(can be +long). This will be used later to sync the database vclsystem user account</li> +<li>xmlrpc_url - URL for xmlrpc api +<a href="https://my.server.org/vcl/index.php?mode=xmlrpccall";>https://my.server.org/vcl/index.php?mode=xmlrpccall</a></li> +</ul> +</li> +<li> +<p>Save the vcld.conf file</p> +</li> +</ul> +</li> +<li> +<p><strong>Configure the SSH Client</strong></p> +<p>The SSH client on the management node should be configured to prevent SSH processes +spawned by the root user to the computers it controls from hanging because of missing or +different entries in the known_hosts file.</p> +<ul> +<li> +<p>Edit the ssh_config file:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">vi /etc/ssh/ssh_config +</code></pre></div></li> +<li> +<p>Set the following parameters:</p> +<ul> +<li>UserKnownHostsFile /dev/null</li> +<li>StrictHostKeyChecking no</li> +</ul> +</li> +</ul> +<p>Note: If you do not want these settings applied universally on the management node +the SSH configuration can also be configured to only apply these settings to certain +hosts or only for the root user. Consult the SSH documentation for more information.</p> +</li> +<li> +<p><strong>Install and Start the VCL Daemon (vcld) Service</strong></p> +<ul> +<li> +<p><strong>Steps for systemd</strong> - use these steps if your system is using systemd</p> +<ul> +<li> +<p>Copy the vcld service script to /usr/lib/systemd/system</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">cp /usr/local/vcl/etc/systemd/system/vcld.service /usr/lib/systemd/system +</code></pre></div></li> +<li> +<p>Create a vcld config file in /etc/sysconfig</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash"><span style="color:#a2f">echo</span> <span style="color:#b44">"OPTIONS='-v -conf=/etc/vcl/vcld.conf'"</span> > /etc/sysconfig/vcld +</code></pre></div></li> +<li> +<p>If using SELinux, set the correct user and context:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">chcon -u system_u -t systemd_unit_file_t /usr/lib/systemd/system/vcld.service +</code></pre></div></li> +<li> +<p>Enable vcld.service</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">systemctl <span style="color:#a2f">enable</span> vcld.service +</code></pre></div></li> +<li> +<p>Start the vcld service:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">systemctl start vcld.service +</code></pre></div></li> +<li> +<p>Check the vcld service by monitoring the vcld.log file:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">tail -f /var/log/vcld.log +</code></pre></div></li> +</ul> +</li> +<li> +<p><strong>Steps for SystemV</strong> - use these steps if your system is using SystemV (scripts located in +/etc/init.d)</p> +<ul> +<li> +<p>Copy the vcld service script to /etc/init.d and name it vcld:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">cp /usr/local/vcl/bin/S99vcld.linux /etc/init.d/vcld +</code></pre></div></li> +<li> +<p>Add the vcld service using chkconfig:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/sbin/chkconfig --add vcld +</code></pre></div></li> +<li> +<p>Configure the vcld service to automatically run at runtime levels 3-5:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/sbin/chkconfig --level <span style="color:#666">345</span> vcld on +</code></pre></div></li> +<li> +<p>Start the vcld service:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/sbin/service vcld start +</code></pre></div></li> +<li> +<p>Check the vcld service by monitoring the vcld.log file:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">tail -f /var/log/vcld.log +</code></pre></div><p>You should see the following being added to the log file every few seconds if the +management node is checking in with the database:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-text" data-lang="text">2019-06-07 13:23:45|25494|vcld:main(167)|lastcheckin time updated for management node 1: 2019-06-07 13:23:45 +</code></pre></div></li> +</ul> +</li> +</ul> +</li> +<li> +<p><strong>Set the vclsystem account password for xmlrpc api</strong></p> +<p>Using the vcld -setup tool, set the vclsystem account. This is needed to properly +use the block allocation features.</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/usr/local/vcl/bin/vcld --setup +</code></pre></div><p>Select the options listed below to set the password. When prompted paste or type the +password from xmlrpc_pass variable in the vcld.conf file and hit enter.</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">Select 5. Set Local VCL User Account Password +Select 2. vclsystem +Enter the password you <span style="color:#a2f">set</span> <span style="color:#a2f;font-weight:bold">for</span> xmlrpc_pass in /etc/vcl/vcld.conf +</code></pre></div><p>After setting the password for the vclsystem user, test that RPC-XML Access works correctly +by selecting</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">2: Test RPC-XML Access +</code></pre></div><p><strong>SUCCESS: RPC-XML access is configured correctly</strong> should be displayed followed by a long list of +available XMLRPC functions</p> +</li> +<li> +<p><strong>Install & Configure the DHCP Service</strong></p> +<p>DHCP service is needed for the private network to provide address to provisioned +machines.</p> +<ul> +<li> +<p>Install dhcp if it is not already installed:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">yum install dhcp -y +</code></pre></div></li> +<li> +<p>Configure the dhcpd service to automatically start at runlevels 3-5:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/sbin/chkconfig dhcpd on +</code></pre></div></li> +<li> +<p>Configure the dhcpd.conf file.</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">vi /etc/dhcpd.conf +<span style="color:#080;font-style:italic"># -or-</span> +vi /etc/dhcp/dhcpd.conf +</code></pre></div><p>Configure your dhcpd.conf file according to your network configuration. +The contents of the dhcpd.conf file will vary based on how your network is +configured. Below is an example of a basic dhcpd.conf file:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-text" data-lang="text">ddns-update-style none; +shared-network eth0 { + subnet 10.100.0.0 netmask 255.255.255.0 { + ignore unknown-clients; + } +} +</code></pre></div><p>You will add host definitions to the dhcpd.conf file after you add computers to VCL +using the website. The website allows you to select a set of computers for which to +generate dhcpd.conf information, which can be copied and pasted into the dhcpd.conf file.</p> +</li> +<li> +<p>Start the dhcpd service:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/sbin/service dhcpd start +</code></pre></div></li> +</ul> +</li> +</ol> +<hr> +<h1 id="initial-administration-steps-after-installing-vcl">Initial Administration Steps After Installing VCL</h1> +<p>After you have installed the VCL components, you need to do some initial administration +of your new VCL install.</p> +<ol> +<li> +<p>Add Computers</p> +<ul> +<li>If using <strong>bare-metal</strong> provisioning, follow the instruction +on the <a href="addcomputers">Adding Computers</a> page, selecting <strong>Bare Metal</strong> +as the computer Type</li> +<li>If using <strong>VM</strong> provisioning: +<ul> +<li>Follow the instruction on the <a href="addcomputers">Adding Computers</a> +page, selecting <strong>Bare Metal</strong> as the computer Type to add at least one +VM Host</li> +<li>Follow the instruction on the <a href="addcomputers">Adding Computers</a> +page, selecting <strong>Virtual Machine</strong> as the computer Type to add some +virtual computers</li> +<li>Finally, <a href="assignvmtohost">Assign the VMs to VM hosts</a></li> +</ul> +</li> +</ul> +</li> +<li> +<p><a href="image-creation">Create Base Images</a></p> +</li> +<li> +<p>Configure Authorization (follow links appropriate to your site)</p> +<ul> +<li><a href="localaccounts">Adding Local Accounts</a></li> +<li><a href="ldapauth">Configuring LDAP Authentication</a></li> +<li><a href="shibauth">Configuring Shibboleth Authentication</a></li> +</ul> +</li> +</ol> +<hr> + + + </div> + + <div id="footer"> + <div class="copyright"> + <p> + Copyright © 2025 The Apache Software Foundation, Licensed under + the <a href="http://www.apache.org/licenses/LICENSE-2.0";>Apache License, Version 2.0</a>. + <br /> + Apache and the Apache feather logo are trademarks of The Apache Software Foundation. + </p> + </div> + </div> + +</body> +</html> diff --git a/content/patches/patching-CVE-2024.html b/content/patches/patching-CVE-2024.html new file mode 100644 index 0000000..082a478 --- /dev/null +++ b/content/patches/patching-CVE-2024.html @@ -0,0 +1,129 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd";> +<html> +<head> + + <link href="/css/vcl.css" rel="stylesheet" type="text/css"> + <link href="/css/code.css" rel="stylesheet" type="text/css"> + <title>Apache VCL - Patching CVE-2024-53678 and CVE-2024-53679</title> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> +</head> + +<body> + <div id="sitetitle"> + <table width="100%" border="0" cellspacing="0" cellpadding="5"> + <tr> + <td><a href="/index.html"><img src="/img/vcl-logo.png" height="100" align="left" alt="Apache VCL logo"></a></td> + <td><a href="http://www.apache.org";><img src="/img/asf-logo.png" align="right" alt="Apache Software Foundation logo"></a></td> + </tr> + </table> + </div> + + <div id="left-column"> + <div id="navigation"> + <ul> +<li><a href="/index.html">Information</a> +<ul> +<li><a href="/info/features.html">Features</a></li> +<li><a href="/info/architecture.html">Architecture</a></li> +<li><a href="/downloads/download.html">Download</a></li> +<li><a href="http://www.apache.org/licenses/";>License</a></li> +<li><a href="http://www.apache.org/security/";>Security</a></li> +</ul> +</li> +<li><a href="/docs/index.html">Documentation</a> +<ul> +<li><a href="https://cwiki.apache.org/confluence/x/yQdG";>Using VCL</a></li> +<li><a href="https://cwiki.apache.org/confluence/x/ywdG";>Administration</a></li> +<li><a href="/docs/installation.html">Installation</a></li> +</ul> +</li> +<li><a href="https://cwiki.apache.org/confluence/display/VCL/Apache+VCL"; target="_blank">Confluence Wiki</a> + <ul> + <li></li> + </ul> +</li> +<li><a href="https://issues.apache.org/jira/browse/VCL"; target="_blank">Jira Issue Tracking</a> + <ul> + <li></li> + </ul> +</li> +<li><a href="/comm/index.html">Community</a> +<ul> +<li><a href="/comm/index.html#getInvolved">Getting Involved</a></li> +<li><a href="/comm/index.html#mail-list">Mailing Lists</a></li> +<li><a href="/dev/index.html">Development</a> +<ul> +<li><a href="/dev/code-documentation.html">Code Documentation</a></li> +<li><a href="/dev/roadmap.html">Roadmap</a></li> +</ul> +</li> +</ul> +</li> +<li><a href="http://www.apache.org";>Apache Software Foundation</a> +<ul> +<li><a href="http://www.apache.org/foundation/thanks.html";>Thanks</a></li> +<li><a href="http://www.apache.org/foundation/sponsorship.html";>Sponsorship</a></li> +</ul> +</li> +</ul> + </div> + <div id="current-event"> + <a href="https://www.apache.org/events/current-event.html";> + <img src="https://www.apache.org/events/current-event-125x125.png"; alt="Apache current event" /> + </a> + </div> + </div> + + <div id="content"> + <h1 class="title">Patching CVE-2024-53678 and CVE-2024-53679</h1> + + <p>Please see the <a href="/security.html">security page</a> for more information about these patches.</p> +<h2 id="downloading">Downloading</h2> +<p>Patches for Apache VCL version 2.5.1 are all available in a single archive for both CVE-2024-53678 and +CVE-2024-53679.</p> +<ul> +<li><a href="https://www.apache.org/dist/vcl/patches/VCL-CVE-2024/VCL-CVE-2024.tar.bz2";>VCL-CVE-2024.tar.bz2</a> +[ <a href="https://www.apache.org/dist/vcl/patches/VCL-CVE-2024/VCL-CVE-2024.tar.bz2.asc";>GPG</a> ] +[ <a href="https://www.apache.org/dist/vcl/patches/VCL-CVE-2024/VCL-CVE-2024.tar.bz2.sha512";>SHA512</a> ] +(published on 2025-03-20)</li> +</ul> +<h2 id="applying-patches">Applying Patches</h2> +<p>The patches are only for the web code and therefore only need to be applied to +that portion of the code. To apply the patches, download the archive to the web +server running your VCL code. Extract it under /tmp. It will generate a +directory named VCL-CVE-2024. Then, cd to where your web code is (probably +something like /var/www/html/vcl). Next, go into the subdirectory .ht-inc. +You should be in the directory containing blockallocations.php, privileges.php, +and lots of other .php files. blockallocations.php and privileges.php will be +patched. So, you’ll probably want to make backup copies of them before +patching:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-text" data-lang="text">cp blockallocations.php /root/blockallocations-preCVE2024.php +cp privileges.php /root/privileges-preCVE2024.php +</code></pre></div><p>While still in the directory containing lots of .php files, +apply the first patch using the following command:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">patch < /tmp/VCL-CVE-2024/CVE-2024-53678.patch +</code></pre></div><p>You should see output similar to</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-text" data-lang="text">patching file blockallocations.php +</code></pre></div> +<p>Apply the second patch using the following command:</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">patch < /tmp/VCL-CVE-2024/CVE-2024-53679.patch +</code></pre></div><p>You should see output similar to</p> +<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-text" data-lang="text">patching file privileges.php +</code></pre></div><p>Patches to php files will take effect immediately - there is no need to +restart httpd.</p> + + </div> + + <div id="footer"> + <div class="copyright"> + <p> + Copyright © 2025 The Apache Software Foundation, Licensed under + the <a href="http://www.apache.org/licenses/LICENSE-2.0";>Apache License, Version 2.0</a>. + <br /> + Apache and the Apache feather logo are trademarks of The Apache Software Foundation. + </p> + </div> + </div> + +</body> +</html>
![https://www.apache.org/events/current-event-125x125.png"](https://www.apache.org/events/current-event-125x125.png"){kind=link}