Installation disaster

gd7s9sjddh
Beiträge: 12
Registriert: So 3. Nov 2019, 00:02
Verein/Verband: SVI

Installation disaster

Beitrag von gd7s9sjddh » So 3. Nov 2019, 00:30

We just ordered some equipment and I am installing the software part. I start doubting we made the right choice....
The installation process is catastrophic.

First, let me start with the fact that we have been told that only Suse is supported. OK, I installed a LEAP 15.1.
That is specifically in the list of supported OS so I would expect a smooth install. In order to make things easy, I made a 'simple' installed and did *not* install and firewall, etc...

Now comes the ShootMaster install part.... oh boy....

First the installer is a self packed installer, that will unpack every single run... I guess my machine knows it by heart after running the thing >20 times...
It seems there is an option to that which is to run:

Code: Alles auswählen

./Data.... --keep
NOTE the --keep option at the end

Then you start getting errors because the installer wants to disable the Firewall. That sounds fair, Meyton does not want to bother with a Firewall. This is not ideal for the security but OK, I can understand.
The issue is that if you did not install the Firewall so that the installer can disable it, the installation will fail !!?!?
So you need the Firewall installed to make sure the installer can disable it and ensure you don't use it. That totally makes no sense.
Why not checking whether the Firewall is installed and if it is not just moving on....

Then comes the 32 bits runtimes. The installer was not happy with my default LEAP 15.1.
OK; so I uninstalled to free the way:

Code: Alles auswählen

sudo apt remove libgcc_s1-32bit libstdc++6-32bit libstdc++6-locale
That helps the installer go through and it reinstalled them. However, the installer will install its own 32bit runtime that will themselves get on the way during the next run. Is that a joke?

Now we go to MySQL.
I have seen many people having troubles with that but no one from Meyton making a simple and clear statement.
So ShootMaster requires MySQL.I installed MySQL and as everyone in 2019, I get MariaDB. The install will break again.
You *must* have MySQL (the real thing) for the installer to work. Otherwise, the mysql service (called unit) which is actually an alias to the MariaDB service will will cause a failure during the activation.

Why not simply switching to MariaDB, this *is* the same, it is EASY to install, etc...

Finally, after sorting all those issues, I could run the installer successfully. But hold your horses, I did not say it installed anything...
BOOOM, no error message, no warning, nothing but an info saying that 'something' would have been dumped into nohup.out which exists nowhere as shown below:

Code: Alles auswählen

~> locate nohup
/usr/bin/nohup
/usr/share/man/man1/nohup.1.gz
/usr/share/man/man1p/nohup.1p.gz
So in short, the install does not work and nothing is done to make it easy.
The reason is that the nohup.out file is dumped into the "CurrentBuild" temp folder that is wiped after the install, no matter whether the install failed or not. :?

Why does not Meyton provide a simple script doing the job. You really want the Firewall installed to better disable it, then add:

Code: Alles auswählen

sudo apt install -y SuSEfirewall2; echo "Next commands here"  
and life will go on. If the Firewall was NOT installed, it will be installed, and if it was installed, well nothing will happen. This is simple, easy, and works.

There a page in DE, EN and FR that is supposed to help:
- Arbeiten Sie als Benutzer root?
Yes, I tried sudo as well as really running as root, it does not help

- Ist die Installations-Datei beschädigt?
No, I get confirmation at start that everything is OK

- Ist die Architektur vom Linux richtig?
I am using Suse LEAP 15.1 which is the latest version and seems to be the one mentioned in all docs, so yes

- Sind Sicherheitseinstellungen aktiviert?
Well since the installer wanted to disable the Firewall I did not install to make it easier, I ended up installing it.
I did not install anything additional software. This is vanilla LEAP 15.1

Now I am at the step "contact support" and waiting...

Suggestions to Meyton: Instead of writing forum check lists, why not making a script checking for all the requirements ?

gd7s9sjddh
Beiträge: 12
Registriert: So 3. Nov 2019, 00:02
Verein/Verband: SVI

Re: Installation disaster

Beitrag von gd7s9sjddh » So 3. Nov 2019, 00:41

After investigating, the issue seems to come from the fact that using sudo prevents X to start.
So you'd need to login your X Session (gnome, etc... ) as root directly...
su, sudo, UNLIKE suggested by many messages does NOT work.

gd7s9sjddh
Beiträge: 12
Registriert: So 3. Nov 2019, 00:02
Verein/Verband: SVI

Re: Installation disaster

Beitrag von gd7s9sjddh » So 3. Nov 2019, 01:02

Going from surprise to surprise....

During the INSTALLATION process, the first thing you are asked to do is to UNInstall. Oh well... We start getting the drill.
Was this installer developed during a non sense contest?

The installer will change your root password !?!?!?! Why??? really WHY!?!?!?
It will create new accounts !?!?!?!?!? wtf!!!!
It even creates a new account called Meyton and one called Otto. Who the f*** is Otto and why are those accounts created in my back?

I could eventually understand the creation of a meyton user, of a meyton group, of proposing to add some existing system users to the meyton group or even PROPOSE to create some new account but unless your name is Otto (which I guess is NOT the case for most of you), this installer does non sense.

This is getting ridiculous!

gd7s9sjddh
Beiträge: 12
Registriert: So 3. Nov 2019, 00:02
Verein/Verband: SVI

Re: Installation disaster

Beitrag von gd7s9sjddh » So 3. Nov 2019, 01:59

And the smart installer changes the hostname as well.... like anyone cares...

maximilian
Beiträge: 75
Registriert: Mo 17. Sep 2018, 20:25

Re: Installation disaster

Beitrag von maximilian » So 3. Nov 2019, 11:44

Hello gd7s9sjddh,

I understand your criticism.
The installation script is an imposition to say the least.

Also creating more users, changing the root password, changing the hostname and various other (unnecessary) changes to the system irritated me a lot.

Almost all changes can be fixed afterwards, but this takes time and is unnecessary.

Meyton's reason for these changes is that they want to create standardized installations for the clubs. However, I personally am of the opinion that it is going in the wrong direction.

If you know what you are doing, you can run the Meyton software without any problems with a working firewall.

I had similar problems with my installations too. My solution was to manually start the installation from the terminal. Not the installation script, but the actual installation with additional parameters:

Code: Alles auswählen

sudo /var/NextRPMs/Basic.sh --UnattendedFreshInstallation
Use at your own risk. At my system it had worked only thereby.

I hope I could help you a little.

Many greetings,
Maximilian

gd7s9sjddh
Beiträge: 12
Registriert: So 3. Nov 2019, 00:02
Verein/Verband: SVI

Re: Installation disaster

Beitrag von gd7s9sjddh » So 3. Nov 2019, 17:24

Hey Maximilian,

Many thanks for answer this thread. I was (and still am to have to spend that much time on that topic) rather irritated and totally agree with your statements. It cheers me up to hear I am not the only one thinking the approach is total non sense.

Many thanks for the hint about the unattended install.

As far as being able to change everything afterward, it sounds good indeed. Seeing however the logic behind the installer, I start wondering how good work the updates if I start bringing this system to a more acceptable state.

Changing and forcing the root password with a publicly available password is such non sense and security issue. I wonder how many clubs got screwed already due to that.

In the meantime, the magic install broke my nicely working installation. I no longer can login using gnome but gnome classic works...

Now, the installer fails doing whatever magic with MySQL. The installer changed my root password and is running as root and thus nothing should be on its way to do its magic but it currently fails for me when it tries changing the root@localhost password for MySQL.

gd7s9sjddh
Beiträge: 12
Registriert: So 3. Nov 2019, 00:02
Verein/Verband: SVI

Re: Installation disaster

Beitrag von gd7s9sjddh » So 3. Nov 2019, 18:16

Maximilian,

Do you know by chance what ShootMaster expects as default mysql user/password?
Despite starting mysql in --skip-grant mode and having the installer run as root, my install fails and I get a message similar to "Fehler in Grant All Modul."

My local MYSQL is a real MySQL and I can connect and control it. I can set/reset/ change password and I am trying to figure out what kind of crazy expectation is hardcoded there. Is there some kind stupid default otto story here ?

gd7s9sjddh
Beiträge: 12
Registriert: So 3. Nov 2019, 00:02
Verein/Verband: SVI

Re: Installation disaster

Beitrag von gd7s9sjddh » So 3. Nov 2019, 18:22

Here I am debugging the install script....

The code I was looking for and the data I was missing are exposed below:

Code: Alles auswählen

BasicBuildMysql()
{
        echo "Datenbank aufbauen/Updaten"

        # MySQL stoppen und zur Sicherheit Rechte setzen
        systemctl stop mysql   
        chown -R mysql.mysql /var/lib/mysql 2>/dev/null

        # Dienst aktivieren und starten
        systemctl enable mysql 
        systemctl start mysql  

        # root-Passwort zurücksetzen
        BasicMysqlResetPassword
        if [ $Okay -eq 0 ]
        then
                # Rechte der MySQL-Benutzer setzen 
                Hostname=`hostname`
                echo "Mysql-Hostname = $Hostname!"
                MySQLCmd="use mysql; \
                          grant all on *.* to 'meyton'@'%' identified by 'mc4hct'; \
                                  grant all on *.* to 'meyton'@'${Hostname}' identified by 'mc4hct'; \
                                  grant all on *.* to 'meyton'@'${Hostname}.meyton' identified by 'mc4hct'; \
                                  grant all on *.* to 'meyton'@'localhost' identified by 'mc4hct'; \
                                  grant all on *.* to 'root'@'${Hostname}' identified by 'mc4hct'; \
                                  grant all on *.* to 'root'@'${Hostname}.meyton' identified by 'mc4hct'; \
                                  grant all on *.* to 'root'@'localhost' identified by 'mc4hct';"

                # Kommando ausführen
                mysql -u root -e "$MySQLCmd"
                Okay=$?
                sleep 1

                if [ $Okay -eq 0 ]
                then
                        echo "#sBBM#3#OK#password mysql-root = 'mc4hct'"
                else
                        echo "#sBBM#3#Fehler im Grant All Modul!"
                        exit 10
                fi
        else
                echo "#sBBM#3#Fehler in BasicMysqlResetPassword!"
                exit 11
        fi
}

Code: Alles auswählen

BasicMysqlResetPassword()
{
        # Passwort für MySQL root-Benutzer mit mysqladmin zurücksetzen
        mysqladmin -u root password '' 2> /dev/null
        mysqladmin -u root -h localhost password '' 2> /dev/null
        mysqladmin -u root -pmc4hct password '' 2> /dev/null
        mysqladmin -u root -h localhost -pmc4hct password '' 2> /dev/null

        # prüfen, ob Passwort erfolgreich zurückgesetzt
        mysql -u root -e 'exit' 2> /dev/null
        Okay=$?

        if [ $Okay -eq 0 ]
        then
                echo "#sBBM#2#Reset MySQL root password successfully reset via mysqladmin"
        else
                # Holzhammer-Methode

                # MySQL-Dienst stoppen und mit speziellem Parameter starten
                # Das Starten kann je nach System etwas dauern, deshalb mindestens 15s warten
                systemctl stop mysql 2>/dev/null
                mysqld_safe --skip-grant-tables --skip-networking 2>/dev/null &
                echo "#sBBM#2#Restart MySQL with skip-grant"
                sleep 15

                # Kommando zum Zurücksetzen des Passworts ausführen
                mysql -u root -e "use mysql; update user set password='' where user='root'"
                Okay=$?
                if [ $Okay -eq 0 ]
                then
                        echo "#sBBM#2#Reset MySQL root password successfully reset via skip-grant"
                else
                        echo "#sBBM#2#Can't reset MySQL root password via skip-grant"
                fi

                # MySQL stoppen und mit normalen Settings neustarten
                killall mysqld 
                sleep 10
                systemctl restart mysql
        fi
}

gd7s9sjddh
Beiträge: 12
Registriert: So 3. Nov 2019, 00:02
Verein/Verband: SVI

Re: Installation disaster

Beitrag von gd7s9sjddh » So 3. Nov 2019, 18:31

And the issue is that the script is (oh should I say it again) total crap:

Code: Alles auswählen

mysqladmin -u root password '' 2> /dev/null
Which means: lets change the password in a crappy way and if something goes wrong, let's make sure we don't tell the user and ignore the failure....

The reason is that MySQL seems much smarter and careful about security than Meyton:

Code: Alles auswählen

mysqladmin: unable to change password; error: 'Your password does not satisfy the current policy requirements'
Moreover, there is nothing starting MySQL in --skip-grant mode... so of course MySQL does not start in --skip-grant mode.

Here is how to do it:

Code: Alles auswählen

sudo service mysql stop
sudo systemctl set-environment MYSQLD_OPTS="--skip-grant-tables --user=mysql"
sudo service mysql start
sudo service mysql status               # just to check
mysql -u root              		# no need for ANY password
SET GLOBAL validate_password.policy=LOW;
SET GLOBAL validate_password.length=4;
flush privileges;
ALTER USER 'root'@'localhost' IDENTIFIED BY 'whatever_otto_password_you_want...';
flush privileges;
exit
sudo systemctl set-environment MYSQLD_OPTS=""
sudo service mysql restart
Instead of all that crap, the installer could, like any other software out there simply ask:
- what is the host
- what is the user
- what is the password

And that would be it....

gd7s9sjddh
Beiträge: 12
Registriert: So 3. Nov 2019, 00:02
Verein/Verband: SVI

Re: Installation disaster

Beitrag von gd7s9sjddh » So 3. Nov 2019, 19:14

After digging, I realized what the issue is:
- Meyton is trying to do the job
- but MySQL has changed
- So forcing the password mc4hct is no longer OK according to MySQL (Hey Meyton => Surprise!)

So the 'solution' to set the password to nothing to 'make it easier', does not make it easier at all.

The real solution would be to:
- uninstall mysql if installed
- install it standard
- run `sudo grep 'temporary password' /var/log/mysql/mysqld.log` to fetch the generated password
- store it into an ENV
- use it everywhere

Even nicer, would be to PROPOSE the user to change the password. You may even SUGGEST a password if you want but forcing one (especially empty) is the worst idea ever and makes the installer much more complex than it could be.

Antworten